last executing test programs: 2m42.857614273s ago: executing program 3 (id=3935): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = socket(0x2, 0x5, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) shutdown$auto(0x200000003, 0x2) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) listen$auto(0x3, 0x81) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x10, &(0x7f00000000c0)={0x0, 0x1fff8}, 0x7, 0x0, 0x2, 0xb}, 0xfff}, 0x5, 0x312) 2m42.65779237s ago: executing program 3 (id=3937): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x0) eventfd$auto(0x8c) socket(0x10, 0x2, 0x4) mprotect$auto(0x200000000000, 0x806121, 0x8) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(0x2, 0x7, &(0x7f0000000180), 0x1) 2m42.499625902s ago: executing program 3 (id=3938): r0 = socket$nl_generic(0x10, 0x3, 0x10) mknod$auto(&(0x7f0000000040)='\xfd\x90\x8f2\x14\x92\x00\xbf\xdf\xcf\x9a\xae}\xd9\xf95\xc5gV\x82\f\xe5h\xfe\x83\xe4\xbe\x8c\x1f\xa5\xf1_T\xde\xf7\xd4\x83D\x9eXS\xd6\x90T\xc1v\xad#\xc4q\x8b\xed2\xadW:0\xef\x9c.=\xba\x0fy\x8f\xcd\xd6\xde\xa9i\xec\xe8\xca\x9f\xf3\x82b\xa2y\xa87J\xfc \xc5\xd8\x80\xba\xaaV\x8f{\x1f\x1b\xb0\n\x97\\\xa7\xe3\xdf\xc29-*;#r\xc8\xd1\x14RcF\x87\xe4\x1c\x1fGL\xa5\x19\x90\xd6\x8d*\xe6\b(\x1a\xea\x95\xdc\xa6)5\xae&yAl\x1e\xe3j Lp\x91\r\xed%\xafZ\xf8w\xf2}\xcdGS\xce\xb9\xdck\x86\x00.6\xe6{\xc1\x00\x1bW5\x81\xda!\xcb.O\xa9\xf3\xa7\x88+\xb9\xf3\x9a7\xa4\xe6)<\xa79\xa4\x87\\\xb4\xbf\v\x03\x87\xac\x87r\x02\x05\xdb\xe4\xde,V\xb6G\xba.WR\xe2<~\xdd\xb2\xe53hj_;\xa5qm\x92\xc7P\xc9.\x82w8\x1f\xfcX\xe4\x14\xc72cC\xd3\x00'/263, 0x4dd8, 0x5) mmap$auto(0x0, 0x20009, 0x809, 0xeb1, 0x401, 0x80000000008000) r1 = syz_genetlink_get_family_id$auto_netdev(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$auto_NETDEV_CMD_BIND_RX(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000100)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010026bd7000fcdbdf250d00000008000300", @ANYRES32, @ANYBLOB="0400028008000100"], 0x28}, 0x1, 0x0, 0x0, 0x4800}, 0x4) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x1}, 0x801) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 2m42.30424141s ago: executing program 3 (id=3940): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) eventfd$auto(0x4) openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, 0x0, 0x1000, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0x0) openat$auto_cachefiles_daemon_fops_internal(0xffffffffffffff9c, &(0x7f0000000000), 0x402, 0x0) write$auto(0x3, 0x0, 0x1) 2m42.068652388s ago: executing program 3 (id=3943): r0 = open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x130) fallocate$auto(0x8000000000000003, 0x0, 0x9, 0x4cbd5d) fallocate$auto(r0, 0x1, 0x820, 0x7fff) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}}, 0x40000) r1 = openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/cuse\x00', 0x1c1041, 0x0) sendfile$auto(r1, 0x3, 0x0, 0x7ffff000) 2m40.875800084s ago: executing program 3 (id=3949): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000002f00), 0xffffffffffffffff) sendmsg$auto_NFSD_CMD_LISTENER_SET(r1, &(0x7f0000005380)={0x0, 0x0, &(0x7f0000005340)={&(0x7f0000000000)={0x14, r2, 0x1, 0x870bd2b, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0xc000}, 0x20000000) sendmsg$auto_NFSD_CMD_THREADS_SET(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000100)={0x1c, r2, 0x1, 0x70bd2c, 0x25dfdc01, {}, [@NFSD_A_SERVER_THREADS={0x8, 0x1, 0x4a}]}, 0x1c}}, 0xc000) sendmsg$auto_OVS_DP_CMD_NEW(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="240000007fe06655b72b53a9b50aa0af594dd35253cab7a8be4ac24bdb3efe91b5e6", @ANYRES8=r2, @ANYBLOB="0f0026bd7000fcdbdf9907"], 0x24}, 0x1, 0x0, 0x0, 0x20000800}, 0x4) 2m33.578548484s ago: executing program 1 (id=3979): mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) madvise$auto(0x0, 0xfffffffffffeffff, 0x15) r0 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x0, 0x2020009, 0x203, 0xeb1, 0xfffffffffffffffa, 0x8000) unshare$auto(0x40000080) move_mount$auto(r0, 0x0, r0, 0x0, 0xc) 2m33.092270013s ago: executing program 1 (id=3981): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) r0 = socketpair$auto(0x1, 0x5, 0x0, 0x0) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda\x00', 0x8001, 0x0) mmap$auto(0x0, 0x7, 0x4000000000df, 0xeb1, 0xffffffffffffffff, 0x4000000008000) capset$auto(&(0x7f0000000180)={0x19980330}, 0x0) lsm_list_modules$auto(0x0, 0x0, 0x0) ioctl$auto(r1, 0x5393, r0) 2m32.649972694s ago: executing program 1 (id=3983): openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x1000, 0x0) epoll_create$auto(0x4) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2200, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snd/midiC2D1\x00', 0x302541, 0x0) mq_open$auto(&(0x7f0000000280)='\\*)A\x00', 0x7e, 0x9, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x9, 0xd3e, 0x1, 0x948b, 0x3, 0x95f4da0a, 0xffffffffffffffff, 0xe07, 0x8000000000000001, 0x80000001, 0x7, 0x6d3f, 0x9, 0x8, 0x4]}, 0x0) 2m32.208335293s ago: executing program 1 (id=3986): close_range$auto(0x2, 0xa, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x1, 0x106) bind$auto(0x3, &(0x7f0000000000)=@in={0x2, 0x3, @broadcast}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) mmap$auto(0x0, 0x400007, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) setsockopt$auto(0x3, 0x8000000000000006, 0x1e, 0x0, 0x7ffffc) 2m31.096762794s ago: executing program 1 (id=3990): openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x4000b, 0x7, 0x9b72, 0x7, 0x28000) socket(0x2, 0x1, 0x106) mount$auto(0x0, &(0x7f0000000100)='.\x00', &(0x7f0000000180)='nfsd\x00', 0x8, 0x0) mkdir$auto(&(0x7f0000000100)='}[,&*}\x00', 0x8003) chdir$auto(&(0x7f0000000000)='}[,&*}\x00') pivot_root$auto(&(0x7f0000000040)='..\x00', &(0x7f0000000080)='.\x00') 2m30.887814598s ago: executing program 1 (id=3992): openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000200)='/dev/input/event0\x00', 0x60000, 0x0) mmap$auto(0x0, 0x2020008, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0x7, 0x0) readv$auto(0x3, &(0x7f0000001100)={0x0, 0xffff}, 0x1) close_range$auto(0x2, 0x8, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000001a80)='/dev/bus/usb/031/001\x00', 0x208000, 0x0) openat$auto_proc_page_owner_operations_page_owner(0xffffffffffffff9c, &(0x7f00000010c0), 0x0, 0x0) 2m25.795202282s ago: executing program 32 (id=3949): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000002f00), 0xffffffffffffffff) sendmsg$auto_NFSD_CMD_LISTENER_SET(r1, &(0x7f0000005380)={0x0, 0x0, &(0x7f0000005340)={&(0x7f0000000000)={0x14, r2, 0x1, 0x870bd2b, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0xc000}, 0x20000000) sendmsg$auto_NFSD_CMD_THREADS_SET(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000100)={0x1c, r2, 0x1, 0x70bd2c, 0x25dfdc01, {}, [@NFSD_A_SERVER_THREADS={0x8, 0x1, 0x4a}]}, 0x1c}}, 0xc000) sendmsg$auto_OVS_DP_CMD_NEW(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="240000007fe06655b72b53a9b50aa0af594dd35253cab7a8be4ac24bdb3efe91b5e6", @ANYRES8=r2, @ANYBLOB="0f0026bd7000fcdbdf9907"], 0x24}, 0x1, 0x0, 0x0, 0x20000800}, 0x4) 2m15.729546105s ago: executing program 33 (id=3992): openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000200)='/dev/input/event0\x00', 0x60000, 0x0) mmap$auto(0x0, 0x2020008, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0x7, 0x0) readv$auto(0x3, &(0x7f0000001100)={0x0, 0xffff}, 0x1) close_range$auto(0x2, 0x8, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000001a80)='/dev/bus/usb/031/001\x00', 0x208000, 0x0) openat$auto_proc_page_owner_operations_page_owner(0xffffffffffffff9c, &(0x7f00000010c0), 0x0, 0x0) 6.877484561s ago: executing program 0 (id=5016): mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) r0 = openat$auto_event_trigger_fops_trace(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/tracing/events/vmalloc/alloc_vmap_area/trigger\x00', 0x0, 0x0) ioctl$auto_XFS_IOC_OPEN_BY_HANDLE(0xffffffffffffffff, 0xc038586b, &(0x7f0000000140)={r0, 0x0, 0x6, 0x0, 0x2, &(0x7f0000001240), 0x0}) r1 = socket(0xa, 0x1, 0x84) r2 = getpid() process_vm_readv$auto(r2, &(0x7f0000000080)={0x0, 0xfff}, 0x40000000001, &(0x7f0000000180)={&(0x7f0000000140), 0x40000000001243}, 0xa, 0x0) setsockopt$auto(r1, 0x0, 0x60, 0x0, 0x6f7250c4) 6.755277292s ago: executing program 5 (id=5018): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/mm/transparent_hugepage/khugepaged/alloc_sleep_millisecs\x00', 0x20681, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0001, 0x15) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) pkey_free$auto(0x0) 6.46585529s ago: executing program 0 (id=5020): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0001, 0x15) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) timer_gettime$auto(0x4, 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) 5.355190232s ago: executing program 5 (id=5023): mmap$auto(0x0, 0x400008, 0x36, 0x1009b72, 0x2, 0x8000) close_range$auto(0x2, 0xa, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/dummy_udc.5/udc/dummy_udc.5/srp\x00', 0x60301, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/nbd7/queue/max_discard_segments\x00', 0x80000, 0x0) read$auto(r0, 0x0, 0x9) write$auto(0x3, 0x0, 0xfdef) 4.771369249s ago: executing program 5 (id=5025): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0001, 0x15) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) shmat$auto(0xe, 0x0, 0x8) timerfd_create$auto_CLOCK_BOOTTIME_ALARM(0x9, 0x53) 3.50745643s ago: executing program 0 (id=5032): syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) set_mempolicy_home_node$auto(0x0, 0x2010001, 0x0, 0x0) io_uring_setup$auto(0x6, 0x0) close_range$auto(0x2, 0x8, 0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ttyS0\x00', 0x0, 0x0) ioctl$auto(r0, 0x545c, 0xffffffffffffffff) 3.3153778s ago: executing program 2 (id=5034): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000400)='/sys/devices/platform/vivid.0/cec28/power/runtime_suspended_time\x00', 0x22040, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) read$auto(r0, 0x0, 0x20) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/mm/ksm/merge_across_nodes\x00', 0x80202, 0x0) write$auto(0x3, 0x0, 0x5c8) 3.312755629s ago: executing program 4 (id=5035): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x10, 0x2, 0x0) sendmsg$auto_ETHTOOL_MSG_DEBUG_SET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}, 0x1, 0x0, 0x0, 0x2000000}, 0x4) sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200", @ANYBLOB="5de1"], 0x1ac}}, 0x40000) recvmmsg$auto(r0, &(0x7f0000000140)={{0x0, 0xfffffffe, 0x0, 0x5, 0x0, 0x200002, 0x8}, 0x801}, 0xfffffff9, 0x10, 0x0) r1 = socket(0xa, 0x1, 0x84) getsockopt$auto(r1, 0x0, 0x53, 0x0, 0x0) 3.17025224s ago: executing program 5 (id=5036): close_range$auto(0x0, 0xfffffffffffff001, 0x2) socket(0x2, 0x1, 0x0) socket(0x1e, 0x1, 0x0) socket(0x10, 0x2, 0x0) memfd_create$auto(&(0x7f0000000000)='\xc4--:\xdd:,./-${\x00', 0x4) mmap$auto(0x0, 0x8, 0x1000000016, 0x13, 0x3, 0x400180000000) ftruncate$auto(0x3, 0x0) 2.968283942s ago: executing program 5 (id=5037): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000080)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x4000000000007, 0xa505}, 0x800}, 0x4, 0x4008) r0 = socket(0x29, 0x2, 0x0) r1 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200", @ANYBLOB="5de1"], 0x1ac}}, 0x40000) recvmmsg$auto(r1, &(0x7f0000000040)={{0x0, 0x5, 0x0, 0x5, 0x0, 0x200002, 0x13}, 0x6}, 0xfffffff9, 0x10, 0x0) ioctl$auto(r0, 0x8913, 0x24) 2.948117777s ago: executing program 0 (id=5038): openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x800, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0001, 0x15) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) chroot$auto(0xfffffffffffffffd) 2.725478991s ago: executing program 2 (id=5039): mmap$auto(0x0, 0x2020006, 0xa, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$nl_generic(0x10, 0x3, 0x10) fcntl$auto(r0, 0x5, 0x8) io_uring_setup$auto(0xf, 0x0) io_uring_register$auto(0x2, 0x13, &(0x7f0000000000), 0x2) 2.547244815s ago: executing program 2 (id=5040): r0 = socket(0x2, 0x1, 0x84) mmap$auto(0x0, 0xa, 0xdb, 0x9b72, 0x5, 0x8000) io_uring_setup$auto(0x1, 0x0) close_range$auto(0x2, 0x8, 0x0) socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0) write$auto(r0, &(0x7f00000001c0)='nl80211\x00', 0x1fff8) shutdown$auto(0x200000003, 0x2) 2.37517637s ago: executing program 2 (id=5041): r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000840)='/dev/ttyS1\x00', 0x22100, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x155) openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f00000000c0), 0x440, 0x0) ioctl$auto_TIOCGDEV2(r0, 0x5452, 0x0) 2.31359961s ago: executing program 4 (id=5042): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/nullb0\x00', 0x14fa02, 0x0) openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, 0x0, 0x40, 0x0) write$auto(0xffffffffffffffff, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) open(0x0, 0x0, 0x408) sendfile$auto(0x3, 0x3, 0x0, 0x400000000006) preadv2$auto(r0, &(0x7f0000000080)={0x0, 0x8000}, 0x6, 0x3, 0x4, 0x2e) 1.931675612s ago: executing program 5 (id=5043): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0001, 0x15) r0 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) pwritev$auto(r0, 0x0, 0x4, 0xcee, 0x18a) unshare$auto(0x40000080) 1.931532373s ago: executing program 2 (id=5044): r0 = pidfd_open$auto(0x1, 0x0) setns(r0, 0x60020000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x7, 0x800008000) ustat$auto(0x801, 0x0) syz_clone3(&(0x7f0000000300)={0x153326100, 0x0, 0x0, 0x0, {0x23}, 0x0, 0x0, 0x0, 0x0, 0x0, {r0}}, 0xa7) r1 = socket(0xa, 0x5, 0x0) getsockopt$auto(r1, 0x84, 0x24, 0x0, 0x0) 1.155899616s ago: executing program 4 (id=5045): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) socketpair$auto(0x1e, 0xa, 0x1, 0x0) r0 = openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000040), 0x8a403, 0x0) ioctl$auto_IOCTL_VMCI_VERSION2(r0, 0x7a7, 0x0) prctl$auto_PR_GET_TSC(0x19, 0xa, 0x0, 0x0, 0xd) ioctl$auto_IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, 0x6) close_range$auto(0x2, 0x8, 0x0) 904.469181ms ago: executing program 0 (id=5046): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x0, 0x5, 0x0) openat$auto_fops_blob_file(0xffffffffffffff9c, &(0x7f0000000140), 0x641, 0x0) io_uring_setup$auto(0x86, 0x0) socket(0xa, 0x1, 0x84) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000001280)='/dev/v4l-subdev0\x00', 0x101000, 0x0) ioctl$auto(0x3, 0xc0285628, 0x8) 882.036226ms ago: executing program 2 (id=5047): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0001, 0x15) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) openat$auto_proc_oom_score_adj_operations_base(0xffffffffffffff9c, 0x0, 0x20202, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x19) munmap$auto(0x200000008000, 0xffffffff) 815.948858ms ago: executing program 4 (id=5048): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0xffffffffffffffff, 0x8000) recvmmsg$auto(0xffffffffffffffff, 0x0, 0x10a, 0x6, 0x0) r0 = openat$auto_snd_pcm_f_ops_pcm1(0xffffffffffffff9c, &(0x7f0000003b80)='/dev/snd/pcmC0D0c\x00', 0x8100, 0x0) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x86a7, 0x11, 0xfffffffe, 0x6, 0x7fff, 0x8, 0xffffffffffffffff, [0x0, 0x40], {0x6, 0x10001, 0x7, 0x2de, 0x8a, 0x1, 0x101, 0x6, 0x8}, {0xfff7ffff, 0x2, 0x52, 0x5, 0x10001, 0x40, 0x76c5, 0x8, 0x8000000000040000}}) r1 = getpid() process_vm_readv$auto(r1, &(0x7f0000000000)={0x0, 0xfff}, 0x800000001, &(0x7f0000000500)={&(0x7f0000000080), 0x1ffffffff}, 0x6, 0x0) ioctl$auto_SNDRV_PCM_IOCTL_HW_REFINE2(r0, 0xc2604110, 0x0) 516.498951ms ago: executing program 4 (id=5049): openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000100)='/dev/input/event1\x00', 0x34d802, 0x0) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000180), 0x109802, 0x0) close_range$auto(0x2, r0, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000080), 0x88000, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r1) ioctl$auto_KVM_GET_MSRS(r0, 0xc008ae88, &(0x7f0000000040)={0x7, 0x0, [{0x40000072, 0x2, 0x6}]}) 150.24716ms ago: executing program 4 (id=5050): mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) r0 = open(&(0x7f00000000c0)='./cgroup\x00', 0x80400, 0xb5d1af1605322dd2) r1 = open_by_handle_at$auto(r0, &(0x7f0000001280)={0x8, 0x2, "0200000000000000"}, 0x6) read$auto(r1, 0x0, 0x401) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) r2 = openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000000000), 0xc0402, 0x0) ioctl$auto_posix_clock_file_operations_posix_clock(r2, 0x40103d0b, 0x0) 0s ago: executing program 0 (id=5051): mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) madvise$auto(0x0, 0xffffffffffff0001, 0x15) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x0, 0x2020009, 0x203, 0xeb1, 0xfffffffffffffffa, 0x8000) unshare$auto(0x40000080) ioprio_get$auto(0x3, 0x0) kernel console output (not intermixed with test programs): ? find_held_lock+0x2b/0x80 [ 319.331819][T12524] path_openat+0xf95/0x31a0 [ 319.331848][T12524] ? __pfx_path_openat+0x10/0x10 [ 319.331878][T12524] do_file_open+0x20e/0x430 [ 319.331901][T12524] ? __pfx_do_file_open+0x10/0x10 [ 319.331941][T12524] ? alloc_fd+0x476/0x790 [ 319.331963][T12524] ? do_getname+0x191/0x390 [ 319.331991][T12524] do_sys_openat2+0x10d/0x1e0 [ 319.332019][T12524] ? __pfx_do_sys_openat2+0x10/0x10 [ 319.332060][T12524] __x64_sys_openat+0x12d/0x210 [ 319.332089][T12524] ? __pfx___x64_sys_openat+0x10/0x10 [ 319.332120][T12524] ? do_user_addr_fault+0x8d6/0x12f0 [ 319.332161][T12524] do_syscall_64+0x106/0xf80 [ 319.332185][T12524] ? clear_bhb_loop+0x40/0x90 [ 319.332212][T12524] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 319.332234][T12524] RIP: 0033:0x7fd62975cfce [ 319.332252][T12524] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 319.332273][T12524] RSP: 002b:00007fd62a5c0ec8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 319.332292][T12524] RAX: ffffffffffffffda RBX: 00007fd62a5c16c0 RCX: 00007fd62975cfce [ 319.332306][T12524] RDX: 0000000000000002 RSI: 00007fd62a5c0f90 RDI: ffffffffffffff9c [ 319.332320][T12524] RBP: 00007fd629832bd9 R08: 0000000000000000 R09: 0000000000000000 [ 319.332333][T12524] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 319.332346][T12524] R13: 00007fd629a16128 R14: 00007fd629a16090 R15: 00007ffe1498a458 [ 319.332373][T12524] [ 319.928902][T12533] netlink: 74 bytes leftover after parsing attributes in process `syz.1.2630'. [ 320.378377][T12548] netlink: zone id is out of range [ 320.384266][ T5834] Bluetooth: hci0: unexpected event 0x03 length: 725 > 11 [ 320.408553][T12548] netlink: zone id is out of range [ 320.486066][T12549] netlink: zone id is out of range [ 320.505505][T12548] netlink: zone id is out of range [ 320.527163][T12549] netlink: zone id is out of range [ 320.532793][T12549] netlink: zone id is out of range [ 320.566573][T12548] netlink: zone id is out of range [ 320.586873][T12549] netlink: zone id is out of range [ 320.614826][T12548] netlink: set zone limit has 8 unknown bytes [ 320.669309][T12549] netlink: set zone limit has 8 unknown bytes [ 323.030456][T12598] netlink: 350 bytes leftover after parsing attributes in process `syz.3.2651'. [ 324.609185][T12620] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input9 [ 325.099070][T12626] zswap: compressor not available [ 325.589169][T12645] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2669'. [ 328.611268][T12710] netlink: 334 bytes leftover after parsing attributes in process `syz.3.2680'. [ 336.357824][T12840] netlink: 342 bytes leftover after parsing attributes in process `syz.0.2726'. [ 337.208732][T12860] ubi0: attaching mtd1 [ 337.260301][T12860] ubi0 error: ubi_attach_mtd_dev: bad VID header (63) or data offsets (127) [ 338.459283][T12885] netlink: 342 bytes leftover after parsing attributes in process `syz.1.2744'. [ 339.848979][T12918] device-mapper: ioctl: Invalid ioctl structure: name , dev 3ff [ 342.622244][T12964] netlink: 'syz.1.2771': attribute type 15 has an invalid length. [ 342.665781][T12964] netlink: 186 bytes leftover after parsing attributes in process `syz.1.2771'. [ 343.314378][T12979] netlink: 350 bytes leftover after parsing attributes in process `syz.1.2779'. [ 343.563068][T12986] FAULT_INJECTION: forcing a failure. [ 343.563068][T12986] name failslab, interval 1, probability 0, space 0, times 0 [ 343.618997][T12986] CPU: 0 UID: 0 PID: 12986 Comm: syz.1.2782 Tainted: G L syzkaller #0 PREEMPT(full) [ 343.619037][T12986] Tainted: [L]=SOFTLOCKUP [ 343.619046][T12986] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 343.619061][T12986] Call Trace: [ 343.619083][T12986] [ 343.619092][T12986] dump_stack_lvl+0x100/0x190 [ 343.619134][T12986] should_fail_ex.cold+0x5/0xa [ 343.619168][T12986] should_failslab+0xc2/0x120 [ 343.619193][T12986] kmem_cache_alloc_node_noprof+0x81/0x6f0 [ 343.619233][T12986] ? alloc_io_context+0x21/0x2f0 [ 343.619255][T12986] ? set_task_ioprio+0x48f/0x670 [ 343.619284][T12986] alloc_io_context+0x21/0x2f0 [ 343.619309][T12986] set_task_ioprio+0x49e/0x670 [ 343.619336][T12986] __do_sys_ioprio_set+0x55c/0xb40 [ 343.619373][T12986] ? __do_sys_ioprio_set+0x3de/0xb40 [ 343.619417][T12986] do_syscall_64+0x106/0xf80 [ 343.619446][T12986] ? clear_bhb_loop+0x40/0x90 [ 343.619475][T12986] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 343.619500][T12986] RIP: 0033:0x7f3476d9c799 [ 343.619519][T12986] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 343.619544][T12986] RSP: 002b:00007f3477ca8028 EFLAGS: 00000246 ORIG_RAX: 00000000000000fb [ 343.619565][T12986] RAX: ffffffffffffffda RBX: 00007f3477015fa0 RCX: 00007f3476d9c799 [ 343.619582][T12986] RDX: 0000000000004b34 RSI: 0000000000000000 RDI: 0000000000000003 [ 343.619596][T12986] RBP: 00007f3476e32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 343.619610][T12986] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 343.619625][T12986] R13: 00007f3477016038 R14: 00007f3477015fa0 R15: 00007ffd8c251d98 [ 343.619659][T12986] [ 346.023265][T13030] zswap: compressor not available [ 348.807305][T13096] FAULT_INJECTION: forcing a failure. [ 348.807305][T13096] name failslab, interval 1, probability 0, space 0, times 0 [ 348.866863][T13096] CPU: 0 UID: 0 PID: 13096 Comm: syz.3.2819 Tainted: G L syzkaller #0 PREEMPT(full) [ 348.866902][T13096] Tainted: [L]=SOFTLOCKUP [ 348.866910][T13096] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 348.866925][T13096] Call Trace: [ 348.866932][T13096] [ 348.866940][T13096] dump_stack_lvl+0x100/0x190 [ 348.866982][T13096] should_fail_ex.cold+0x5/0xa [ 348.867010][T13096] ? process_vm_rw_core.constprop.0+0x1d7/0x950 [ 348.867050][T13096] should_failslab+0xc2/0x120 [ 348.867076][T13096] __kmalloc_noprof+0xe0/0x850 [ 348.867112][T13096] ? find_held_lock+0x2b/0x80 [ 348.867139][T13096] process_vm_rw_core.constprop.0+0x1d7/0x950 [ 348.867181][T13096] ? futex_unqueue+0x13d/0x2c0 [ 348.867218][T13096] ? __pfx_process_vm_rw_core.constprop.0+0x10/0x10 [ 348.867260][T13096] ? import_ubuf+0x1b6/0x220 [ 348.867309][T13096] ? iovec_from_user+0xda/0x140 [ 348.867336][T13096] process_vm_rw+0x226/0x2d0 [ 348.867376][T13096] ? __pfx_process_vm_rw+0x10/0x10 [ 348.867421][T13096] ? ksys_write+0x190/0x250 [ 348.867466][T13096] ? xfd_validate_state+0x129/0x190 [ 348.867517][T13096] __x64_sys_process_vm_readv+0xe2/0x1c0 [ 348.867573][T13096] ? do_syscall_64+0x95/0xf80 [ 348.867601][T13096] ? lockdep_hardirqs_on+0x78/0x100 [ 348.867630][T13096] do_syscall_64+0x106/0xf80 [ 348.867658][T13096] ? clear_bhb_loop+0x40/0x90 [ 348.867695][T13096] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 348.867720][T13096] RIP: 0033:0x7f7dfed9c799 [ 348.867740][T13096] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 348.867763][T13096] RSP: 002b:00007f7dffc3d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000136 [ 348.867786][T13096] RAX: ffffffffffffffda RBX: 00007f7dff015fa0 RCX: 00007f7dfed9c799 [ 348.867802][T13096] RDX: 0000040000000001 RSI: 0000200000000000 RDI: 0000000000000000 [ 348.867830][T13096] RBP: 00007f7dfee32bd9 R08: 0000000000000004 R09: 0000000000000000 [ 348.867844][T13096] R10: 0000200000000180 R11: 0000000000000246 R12: 0000000000000000 [ 348.867858][T13096] R13: 00007f7dff016038 R14: 00007f7dff015fa0 R15: 00007ffcb0480838 [ 348.867885][T13096] [ 349.340979][T13103] FAULT_INJECTION: forcing a failure. [ 349.340979][T13103] name fail_futex, interval 1, probability 0, space 0, times 0 [ 349.371998][T13103] CPU: 0 UID: 0 PID: 13103 Comm: syz.2.2824 Tainted: G L syzkaller #0 PREEMPT(full) [ 349.372032][T13103] Tainted: [L]=SOFTLOCKUP [ 349.372039][T13103] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 349.372052][T13103] Call Trace: [ 349.372058][T13103] [ 349.372066][T13103] dump_stack_lvl+0x100/0x190 [ 349.372102][T13103] should_fail_ex.cold+0x5/0xa [ 349.372127][T13103] get_futex_key+0x107c/0x1620 [ 349.372157][T13103] ? __pfx_get_futex_key+0x10/0x10 [ 349.372181][T13103] ? lock_acquire+0x1cf/0x380 [ 349.372217][T13103] futex_wake+0xea/0x530 [ 349.372251][T13103] ? __pfx_futex_wake+0x10/0x10 [ 349.372284][T13103] ? exit_mm_release+0x19/0x30 [ 349.372317][T13103] do_futex+0x32b/0x350 [ 349.372345][T13103] ? __pfx_do_futex+0x10/0x10 [ 349.372371][T13103] ? __might_fault+0xc5/0x140 [ 349.372408][T13103] mm_release+0x24a/0x2f0 [ 349.372430][T13103] do_exit+0x704/0x2b60 [ 349.372461][T13103] ? __pfx_do_exit+0x10/0x10 [ 349.372489][T13103] ? do_raw_spin_lock+0x128/0x260 [ 349.372521][T13103] ? find_held_lock+0x2b/0x80 [ 349.372539][T13103] ? get_signal+0x7e0/0x21e0 [ 349.372564][T13103] do_group_exit+0xd5/0x2a0 [ 349.372595][T13103] get_signal+0x1ec7/0x21e0 [ 349.372626][T13103] ? __pfx_get_signal+0x10/0x10 [ 349.372655][T13103] ? do_futex+0x192/0x350 [ 349.372685][T13103] arch_do_signal_or_restart+0x91/0x770 [ 349.372713][T13103] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 349.372747][T13103] ? __pfx___x64_sys_futex+0x10/0x10 [ 349.372781][T13103] exit_to_user_mode_loop+0x86/0x4a0 [ 349.372812][T13103] do_syscall_64+0x668/0xf80 [ 349.372838][T13103] ? clear_bhb_loop+0x40/0x90 [ 349.372864][T13103] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 349.372886][T13103] RIP: 0033:0x7fbce079c799 [ 349.372903][T13103] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 349.372923][T13103] RSP: 002b:00007fbce167b0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 349.372944][T13103] RAX: fffffffffffffe00 RBX: 00007fbce0a15fa8 RCX: 00007fbce079c799 [ 349.372957][T13103] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fbce0a15fa8 [ 349.372970][T13103] RBP: 00007fbce0a15fa0 R08: 0000000000000000 R09: 0000000000000000 [ 349.372983][T13103] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 349.372995][T13103] R13: 00007fbce0a16038 R14: 00007ffec5fa3d10 R15: 00007ffec5fa3df8 [ 349.373022][T13103] [ 350.156362][T13118] FAULT_INJECTION: forcing a failure. [ 350.156362][T13118] name failslab, interval 1, probability 0, space 0, times 0 [ 350.200394][T13118] CPU: 0 UID: 0 PID: 13118 Comm: syz.1.2829 Tainted: G L syzkaller #0 PREEMPT(full) [ 350.200434][T13118] Tainted: [L]=SOFTLOCKUP [ 350.200443][T13118] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 350.200458][T13118] Call Trace: [ 350.200465][T13118] [ 350.200475][T13118] dump_stack_lvl+0x100/0x190 [ 350.200517][T13118] should_fail_ex.cold+0x5/0xa [ 350.200545][T13118] should_failslab+0xc2/0x120 [ 350.200572][T13118] __kmalloc_cache_noprof+0x7a/0x6f0 [ 350.200605][T13118] ? vhost_net_open+0x73/0x8b0 [ 350.200645][T13118] ? __pfx_vhost_net_open+0x10/0x10 [ 350.200678][T13118] vhost_net_open+0x73/0x8b0 [ 350.200707][T13118] ? __pfx_vhost_net_open+0x10/0x10 [ 350.200741][T13118] misc_open+0x26d/0x450 [ 350.200765][T13118] ? __pfx_misc_open+0x10/0x10 [ 350.200787][T13118] chrdev_open+0x234/0x6a0 [ 350.200812][T13118] ? __pfx_apparmor_file_open+0x10/0x10 [ 350.200853][T13118] ? __pfx_chrdev_open+0x10/0x10 [ 350.200879][T13118] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 350.200914][T13118] do_dentry_open+0x6d8/0x1660 [ 350.200938][T13118] ? __pfx_chrdev_open+0x10/0x10 [ 350.200970][T13118] vfs_open+0x82/0x3f0 [ 350.201006][T13118] path_openat+0x208c/0x31a0 [ 350.201042][T13118] ? __pfx_path_openat+0x10/0x10 [ 350.201079][T13118] do_file_open+0x20e/0x430 [ 350.201108][T13118] ? __pfx_do_file_open+0x10/0x10 [ 350.201157][T13118] ? alloc_fd+0x476/0x790 [ 350.201184][T13118] ? do_getname+0x191/0x390 [ 350.201218][T13118] do_sys_openat2+0x10d/0x1e0 [ 350.201251][T13118] ? __pfx_do_sys_openat2+0x10/0x10 [ 350.201286][T13118] ? __fget_files+0x21f/0x3d0 [ 350.201315][T13118] __x64_sys_openat+0x12d/0x210 [ 350.201349][T13118] ? __pfx___x64_sys_openat+0x10/0x10 [ 350.201394][T13118] do_syscall_64+0x106/0xf80 [ 350.201426][T13118] ? clear_bhb_loop+0x40/0x90 [ 350.201457][T13118] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 350.201484][T13118] RIP: 0033:0x7f3476d9c799 [ 350.201504][T13118] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 350.201528][T13118] RSP: 002b:00007f3477ca8028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 350.201551][T13118] RAX: ffffffffffffffda RBX: 00007f3477015fa0 RCX: 00007f3476d9c799 [ 350.201568][T13118] RDX: 0000000000000000 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 350.201584][T13118] RBP: 00007f3476e32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 350.201599][T13118] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 350.201614][T13118] R13: 00007f3477016038 R14: 00007f3477015fa0 R15: 00007ffd8c251d98 [ 350.201651][T13118] [ 352.544935][T13167] x_tables: duplicate underflow at hook 4 [ 353.904089][T13203] netlink: 326 bytes leftover after parsing attributes in process `syz.1.2861'. [ 354.314337][T13215] netlink: 342 bytes leftover after parsing attributes in process `syz.2.2866'. [ 354.376373][T13215] netlink: 342 bytes leftover after parsing attributes in process `syz.2.2866'. [ 354.688702][T13224] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2870'. [ 354.737657][T13224] netlink: 354 bytes leftover after parsing attributes in process `syz.3.2870'. [ 355.213815][T13233] netlink: 326 bytes leftover after parsing attributes in process `syz.1.2873'. [ 356.668900][T13269] random: crng reseeded on system resumption [ 356.676327][T13268] netlink: 330 bytes leftover after parsing attributes in process `syz.2.2884'. [ 357.009763][T13275] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2886'. [ 357.057548][T13275] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 357.100004][T13275] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 357.166870][T13275] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 357.206059][T13275] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 357.253062][T13277] nbd: must specify at least one socket [ 357.570222][T13283] netlink: 342 bytes leftover after parsing attributes in process `syz.0.2889'. [ 359.229070][T13321] netlink: 326 bytes leftover after parsing attributes in process `syz.1.2903'. [ 359.663201][T13333] netlink: 326 bytes leftover after parsing attributes in process `syz.0.2909'. [ 361.924719][T13374] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2926'. [ 361.978314][T13376] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2926'. [ 362.044619][T13377] netlink: 342 bytes leftover after parsing attributes in process `syz.2.2927'. [ 362.924451][T13401] random: crng reseeded on system resumption [ 363.053113][T13405] Unrecognized hibernate image header format! [ 363.110430][T13405] PM: hibernation: Image mismatch: architecture specific data [ 364.236372][ T30] audit: type=1804 audit(1772839951.018:17): pid=13427 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.2947" name="/newroot/771/file0" dev="tmpfs" ino=3932 res=1 errno=0 [ 364.355150][ T30] audit: type=1804 audit(1772839951.048:18): pid=13436 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.2947" name="/newroot/771/file0" dev="tmpfs" ino=3932 res=1 errno=0 [ 364.844276][T13444] zswap: compressor not available [ 364.905651][T13448] netlink: 'syz.0.2952': attribute type 19 has an invalid length. [ 364.945436][T13448] netlink: 334 bytes leftover after parsing attributes in process `syz.0.2952'. [ 367.172673][T13501] netlink: 330 bytes leftover after parsing attributes in process `syz.3.2972'. [ 367.295774][T13506] netlink: 326 bytes leftover after parsing attributes in process `syz.0.2973'. [ 369.011838][T13549] netlink: 342 bytes leftover after parsing attributes in process `syz.3.2985'. [ 371.506173][T13600] FAULT_INJECTION: forcing a failure. [ 371.506173][T13600] name fail_futex, interval 1, probability 0, space 0, times 0 [ 371.519193][T13600] CPU: 0 UID: 0 PID: 13600 Comm: syz.1.2999 Tainted: G L syzkaller #0 PREEMPT(full) [ 371.519228][T13600] Tainted: [L]=SOFTLOCKUP [ 371.519235][T13600] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 371.519255][T13600] Call Trace: [ 371.519286][T13600] [ 371.519295][T13600] dump_stack_lvl+0x100/0x190 [ 371.519377][T13600] should_fail_ex.cold+0x5/0xa [ 371.519416][T13600] should_fail_futex+0x4c/0x60 [ 371.519461][T13600] futex_lock_pi_atomic+0xe7/0xaf0 [ 371.519500][T13600] futex_lock_pi+0x246/0x7b0 [ 371.519538][T13600] ? __pfx_futex_lock_pi+0x10/0x10 [ 371.519574][T13600] ? __pfx___futex_wait+0x10/0x10 [ 371.519608][T13600] ? lockdep_hardirqs_on+0x78/0x100 [ 371.519710][T13600] ? __pfx_futex_wake_mark+0x10/0x10 [ 371.519772][T13600] ? ksys_write+0x190/0x250 [ 371.519808][T13600] ? ksys_write+0x190/0x250 [ 371.519835][T13600] do_futex+0x18a/0x350 [ 371.519876][T13600] ? __pfx_do_futex+0x10/0x10 [ 371.519916][T13600] __x64_sys_futex+0x34f/0x4d0 [ 371.519953][T13600] ? __pfx___x64_sys_futex+0x10/0x10 [ 371.519998][T13600] do_syscall_64+0x106/0xf80 [ 371.520048][T13600] ? clear_bhb_loop+0x40/0x90 [ 371.520089][T13600] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 371.520115][T13600] RIP: 0033:0x7f3476d9c799 [ 371.520135][T13600] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 371.520160][T13600] RSP: 002b:00007f3477c87028 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 371.520207][T13600] RAX: ffffffffffffffda RBX: 00007f3477016090 RCX: 00007f3476d9c799 [ 371.520224][T13600] RDX: 000000000000001f RSI: 0000000000000006 RDI: 0000000000000000 [ 371.520239][T13600] RBP: 00007f3476e32bd9 R08: 0000000000000000 R09: 000000008000fff5 [ 371.520255][T13600] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 371.520270][T13600] R13: 00007f3477016128 R14: 00007f3477016090 R15: 00007ffd8c251d98 [ 371.520302][T13600] [ 373.841019][T13626] ERROR: Out of memory at tomoyo_memory_ok. [ 373.864160][T13626] ERROR: Domain ' /sbin/init /etc/init.d/rcS /etc/init.d/S50sshd /sbin/start-stop-daemon /usr/sbin/sshd /usr/libexec/sshd-session /bin/sh /root/syz-executor /root/syz-executor /newroot/235/file0' not defined. [ 373.957572][T13618] ERROR: Out of memory at tomoyo_memory_ok. [ 374.567115][T13645] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3018'. [ 374.895643][T13654] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3021'. [ 375.467133][ T5834] Bluetooth: hci2: command 0x0406 tx timeout [ 376.442029][T13686] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3034'. [ 376.561539][T13689] Format for adding new port is "id [perm_addr]" (uint MAC). [ 377.116374][T13700] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 377.141518][T13700] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 377.193211][T13700] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 377.229911][T13700] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 377.273589][T13700] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 378.077341][T13722] FAULT_INJECTION: forcing a failure. [ 378.077341][T13722] name failslab, interval 1, probability 0, space 0, times 0 [ 378.141470][T13722] CPU: 0 UID: 0 PID: 13722 Comm: syz.1.3045 Tainted: G L syzkaller #0 PREEMPT(full) [ 378.141508][T13722] Tainted: [L]=SOFTLOCKUP [ 378.141517][T13722] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 378.141532][T13722] Call Trace: [ 378.141540][T13722] [ 378.141548][T13722] dump_stack_lvl+0x100/0x190 [ 378.141590][T13722] should_fail_ex.cold+0x5/0xa [ 378.141619][T13722] should_failslab+0xc2/0x120 [ 378.141668][T13722] __kmalloc_cache_noprof+0x7a/0x6f0 [ 378.141712][T13722] ? __v4l2_subdev_state_alloc+0x53/0x410 [ 378.141855][T13722] __v4l2_subdev_state_alloc+0x53/0x410 [ 378.141899][T13722] subdev_open+0xa6/0x510 [ 378.141940][T13722] v4l2_open+0x1d2/0x490 [ 378.141974][T13722] ? __pfx_v4l2_open+0x10/0x10 [ 378.142006][T13722] chrdev_open+0x234/0x6a0 [ 378.142030][T13722] ? __pfx_apparmor_file_open+0x10/0x10 [ 378.142108][T13722] ? __pfx_chrdev_open+0x10/0x10 [ 378.142134][T13722] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 378.142175][T13722] do_dentry_open+0x6d8/0x1660 [ 378.142199][T13722] ? __pfx_chrdev_open+0x10/0x10 [ 378.142230][T13722] vfs_open+0x82/0x3f0 [ 378.142263][T13722] path_openat+0x208c/0x31a0 [ 378.142293][T13722] ? futex_unqueue+0x13d/0x2c0 [ 378.142330][T13722] ? stack_depot_save_flags+0x27/0x9d0 [ 378.142387][T13722] ? __pfx_path_openat+0x10/0x10 [ 378.142414][T13722] ? kasan_save_stack+0x3f/0x50 [ 378.142452][T13722] ? kasan_save_stack+0x30/0x50 [ 378.142488][T13722] ? kasan_save_track+0x14/0x30 [ 378.142524][T13722] ? __kasan_slab_alloc+0x89/0x90 [ 378.142545][T13722] ? kmem_cache_alloc_noprof+0x241/0x6e0 [ 378.142581][T13722] ? do_getname+0x35/0x390 [ 378.142614][T13722] do_file_open+0x20e/0x430 [ 378.142640][T13722] ? __pfx_do_file_open+0x10/0x10 [ 378.142688][T13722] ? find_held_lock+0x2b/0x80 [ 378.142721][T13722] ? __might_fault+0xc5/0x140 [ 378.142755][T13722] ? __might_fault+0xc5/0x140 [ 378.142792][T13722] file_open_name+0x198/0x3b0 [ 378.142824][T13722] ? __pfx_file_open_name+0x10/0x10 [ 378.142862][T13722] ? do_getname+0x191/0x390 [ 378.142894][T13722] acct_on+0xa4/0x9e0 [ 378.142937][T13722] ? __pfx_acct_on+0x10/0x10 [ 378.142992][T13722] ? bpf_lsm_capable+0x9/0x10 [ 378.143032][T13722] ? security_capable+0x80/0x260 [ 378.143107][T13722] __x64_sys_acct+0x81/0x1e0 [ 378.143143][T13722] ? lockdep_hardirqs_on+0x78/0x100 [ 378.143174][T13722] do_syscall_64+0x106/0xf80 [ 378.143203][T13722] ? clear_bhb_loop+0x40/0x90 [ 378.143234][T13722] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 378.143260][T13722] RIP: 0033:0x7f3476d9c799 [ 378.143280][T13722] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 378.143305][T13722] RSP: 002b:00007f3477ca8028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a3 [ 378.143336][T13722] RAX: ffffffffffffffda RBX: 00007f3477015fa0 RCX: 00007f3476d9c799 [ 378.143352][T13722] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000100 [ 378.143367][T13722] RBP: 00007f3476e32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 378.143383][T13722] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 378.143398][T13722] R13: 00007f3477016038 R14: 00007f3477015fa0 R15: 00007ffd8c251d98 [ 378.143430][T13722] [ 378.696491][T13729] netlink: 334 bytes leftover after parsing attributes in process `syz.1.3048'. [ 378.830514][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.848055][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 379.164413][ T5824] Bluetooth: hci0: command 0x0c1a tx timeout [ 379.225500][ T5824] Bluetooth: hci3: command 0x0c1a tx timeout [ 379.233142][ T5824] Bluetooth: hci1: command 0x0c1a tx timeout [ 379.316164][ T5834] Bluetooth: hci2: command 0x0406 tx timeout [ 381.375933][ T5834] Bluetooth: hci2: command 0x0406 tx timeout [ 381.688705][T13799] CIFS: VFS: Invalid SecurityFlags: [ 381.704696][T13801] netlink: 3 bytes leftover after parsing attributes in process `syz.0.3075'. [ 382.556053][T13821] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3083'. [ 382.797247][T13826] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3083'. [ 384.719094][T13864] FAULT_INJECTION: forcing a failure. [ 384.719094][T13864] name failslab, interval 1, probability 0, space 0, times 0 [ 384.775203][T13864] CPU: 0 UID: 0 PID: 13864 Comm: syz.0.3100 Tainted: G L syzkaller #0 PREEMPT(full) [ 384.775239][T13864] Tainted: [L]=SOFTLOCKUP [ 384.775247][T13864] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 384.775261][T13864] Call Trace: [ 384.775269][T13864] [ 384.775277][T13864] dump_stack_lvl+0x100/0x190 [ 384.775335][T13864] should_fail_ex.cold+0x5/0xa [ 384.775363][T13864] should_failslab+0xc2/0x120 [ 384.775388][T13864] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 384.775426][T13864] ? __d_alloc+0x34/0xa80 [ 384.775457][T13864] __d_alloc+0x34/0xa80 [ 384.775481][T13864] ? security_inode_alloc+0xcf/0x2c0 [ 384.775522][T13864] d_alloc_pseudo+0x1c/0xc0 [ 384.775591][T13864] alloc_file_pseudo+0xcf/0x230 [ 384.775621][T13864] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 384.775651][T13864] ? security_inode_init_security_anon+0x7b/0x230 [ 384.775693][T13864] __do_sys_memfd_secret+0x11d/0x3d0 [ 384.775718][T13864] do_syscall_64+0x106/0xf80 [ 384.775746][T13864] ? clear_bhb_loop+0x40/0x90 [ 384.775773][T13864] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 384.775797][T13864] RIP: 0033:0x7fd62979c799 [ 384.775814][T13864] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 384.775836][T13864] RSP: 002b:00007fd62a5e2028 EFLAGS: 00000246 ORIG_RAX: 00000000000001bf [ 384.775857][T13864] RAX: ffffffffffffffda RBX: 00007fd629a15fa0 RCX: 00007fd62979c799 [ 384.775872][T13864] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 384.775893][T13864] RBP: 00007fd629832bd9 R08: 0000000000000000 R09: 0000000000000000 [ 384.775907][T13864] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 384.775920][T13864] R13: 00007fd629a16038 R14: 00007fd629a15fa0 R15: 00007ffe1498a458 [ 384.775948][T13864] [ 386.994433][T13901] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3115'. [ 387.371407][T13908] netlink: 334 bytes leftover after parsing attributes in process `syz.1.3118'. [ 390.226503][T13961] random: crng reseeded on system resumption [ 390.350735][T13964] Unrecognized hibernate image header format! [ 390.445574][T13964] PM: hibernation: Image mismatch: architecture specific data [ 391.781104][T13996] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3152'. [ 392.514892][T14013] FAULT_INJECTION: forcing a failure. [ 392.514892][T14013] name failslab, interval 1, probability 0, space 0, times 0 [ 392.563964][T14015] smpboot: Booting Node 0 Processor 1 APIC 0x1 [ 392.573077][T14013] CPU: 0 UID: 0 PID: 14013 Comm: syz.1.3159 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 392.573125][T14013] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 392.573138][T14013] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 392.573157][T14013] Call Trace: [ 392.573165][T14013] [ 392.573173][T14013] dump_stack_lvl+0x100/0x190 [ 392.573212][T14013] should_fail_ex.cold+0x5/0xa [ 392.573238][T14013] should_failslab+0xc2/0x120 [ 392.573261][T14013] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 392.573295][T14013] ? dup_fd+0x4d/0xd10 [ 392.573316][T14013] ? do_futex+0x192/0x350 [ 392.573349][T14013] dup_fd+0x4d/0xd10 [ 392.573368][T14013] ? bpf_lsm_capable+0x9/0x10 [ 392.573391][T14013] ? security_capable+0x80/0x260 [ 392.573428][T14013] __x64_sys_close_range+0x405/0x5d0 [ 392.573455][T14013] ? __pfx___x64_sys_close_range+0x10/0x10 [ 392.573488][T14013] do_syscall_64+0x106/0xf80 [ 392.573515][T14013] ? clear_bhb_loop+0x40/0x90 [ 392.573542][T14013] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 392.573565][T14013] RIP: 0033:0x7f3476d9c799 [ 392.573583][T14013] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 392.573606][T14013] RSP: 002b:00007f3477ca8028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 392.573627][T14013] RAX: ffffffffffffffda RBX: 00007f3477015fa0 RCX: 00007f3476d9c799 [ 392.573641][T14013] RDX: 0000000000000002 RSI: fffffffffffff001 RDI: 0000000000000000 [ 392.573655][T14013] RBP: 00007f3476e32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 392.573669][T14013] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 392.573682][T14013] R13: 00007f3477016038 R14: 00007f3477015fa0 R15: 00007ffd8c251d98 [ 392.573710][T14013] [ 393.445943][T14026] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3165'. [ 393.915647][T14034] netlink: 338 bytes leftover after parsing attributes in process `syz.1.3168'. [ 394.606798][T14051] netlink: 350 bytes leftover after parsing attributes in process `syz.1.3174'. [ 396.849999][T14105] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3205'. [ 397.089695][T14112] netlink: 'syz.2.3198': attribute type 1 has an invalid length. [ 397.509929][T14124] futex_wake_op: syz.1.3203 tries to shift op by -2048; fix this program [ 397.601080][T14128] size and base must be multiples of 4 kiB [ 397.608989][T14128] CPU: 1 UID: 0 PID: 14128 Comm: syz.1.3203 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 397.609052][T14128] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 397.609070][T14128] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 397.609088][T14128] Call Trace: [ 397.609098][T14128] [ 397.609109][T14128] dump_stack_lvl+0x100/0x190 [ 397.609161][T14128] mtrr_add.cold+0x74/0x87 [ 397.609197][T14128] mtrr_ioctl+0x25a/0xcf0 [ 397.609267][T14128] ? __pfx_mtrr_ioctl+0x10/0x10 [ 397.609317][T14128] ? find_held_lock+0x2b/0x80 [ 397.609357][T14128] ? __fget_files+0x21f/0x3d0 [ 397.609388][T14128] ? __pfx_mtrr_ioctl+0x10/0x10 [ 397.609431][T14128] proc_reg_unlocked_ioctl+0x229/0x320 [ 397.609510][T14128] ? __pfx_proc_reg_unlocked_ioctl+0x10/0x10 [ 397.609561][T14128] __x64_sys_ioctl+0x18e/0x210 [ 397.609608][T14128] do_syscall_64+0x106/0xf80 [ 397.609646][T14128] ? clear_bhb_loop+0x40/0x90 [ 397.609684][T14128] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 397.609715][T14128] RIP: 0033:0x7f3476d9c799 [ 397.609772][T14128] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 397.609806][T14128] RSP: 002b:00007f3477c87028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 397.609839][T14128] RAX: ffffffffffffffda RBX: 00007f3477016090 RCX: 00007f3476d9c799 [ 397.609862][T14128] RDX: 0000000000000000 RSI: 0000000040104d01 RDI: 0000000000000000 [ 397.609883][T14128] RBP: 00007f3476e32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 397.609905][T14128] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 397.609925][T14128] R13: 00007f3477016128 R14: 00007f3477016090 R15: 00007ffd8c251d98 [ 397.609968][T14128] [ 398.036591][T14135] FAULT_INJECTION: forcing a failure. [ 398.036591][T14135] name failslab, interval 1, probability 0, space 0, times 0 [ 398.077340][T14135] CPU: 0 UID: 0 PID: 14135 Comm: syz.3.3210 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 398.077413][T14135] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 398.077433][T14135] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 398.077454][T14135] Call Trace: [ 398.077464][T14135] [ 398.077477][T14135] dump_stack_lvl+0x100/0x190 [ 398.077542][T14135] should_fail_ex.cold+0x5/0xa [ 398.077600][T14135] ? __register_sysctl_table+0xac/0x1650 [ 398.077658][T14135] should_failslab+0xc2/0x120 [ 398.077694][T14135] __kmalloc_noprof+0xe0/0x850 [ 398.077787][T14135] __register_sysctl_table+0xac/0x1650 [ 398.077844][T14135] ? rcu_is_watching+0x12/0xc0 [ 398.077924][T14135] ? trace_kmalloc+0x101/0x130 [ 398.077966][T14135] ? __pfx___register_sysctl_table+0x10/0x10 [ 398.078021][T14135] ? rcu_is_cpu_rrupt_from_idle+0x231/0x270 [ 398.078081][T14135] ? __asan_memcpy+0x3c/0x60 [ 398.078134][T14135] register_pidns_sysctls+0x11d/0x1c0 [ 398.078197][T14135] ? __ns_common_init+0x299/0x4b0 [ 398.078241][T14135] copy_pid_ns+0x680/0x10a0 [ 398.078296][T14135] ? __pfx_copy_pid_ns+0x10/0x10 [ 398.078338][T14135] ? rcu_is_watching+0x12/0xc0 [ 398.078394][T14135] ? copy_mnt_ns+0x106/0xc30 [ 398.078434][T14135] ? create_new_namespaces+0x30/0xac0 [ 398.078479][T14135] create_new_namespaces+0x2aa/0xac0 [ 398.078525][T14135] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 398.078566][T14135] ksys_unshare+0x473/0xad0 [ 398.078621][T14135] ? __pfx_ksys_unshare+0x10/0x10 [ 398.078679][T14135] __x64_sys_unshare+0x31/0x40 [ 398.078722][T14135] do_syscall_64+0x106/0xf80 [ 398.078782][T14135] ? clear_bhb_loop+0x40/0x90 [ 398.078835][T14135] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 398.078867][T14135] RIP: 0033:0x7f7dfed9c799 [ 398.078893][T14135] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 398.078925][T14135] RSP: 002b:00007f7dffc3d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 398.078956][T14135] RAX: ffffffffffffffda RBX: 00007f7dff015fa0 RCX: 00007f7dfed9c799 [ 398.078977][T14135] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000080 [ 398.078996][T14135] RBP: 00007f7dfee32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 398.079016][T14135] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 398.079034][T14135] R13: 00007f7dff016038 R14: 00007f7dff015fa0 R15: 00007ffcb0480838 [ 398.079074][T14135] [ 398.539930][T14148] netlink: 342 bytes leftover after parsing attributes in process `syz.2.3213'. [ 398.574815][T14148] netlink: 342 bytes leftover after parsing attributes in process `syz.2.3213'. [ 399.580523][T14169] netlink: 326 bytes leftover after parsing attributes in process `syz.0.3220'. [ 400.929279][T14195] net_ratelimit: 10 callbacks suppressed [ 400.929306][T14195] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 400.942001][T14195] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 401.789483][T14215] pim6reg: entered allmulticast mode [ 401.809652][T14219] netlink: 'syz.3.3236': attribute type 1 has an invalid length. [ 403.467225][T14252] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3249'. [ 403.731108][T14258] nvme_fcloop: unknown parameter or missing value '7=";&L=j"Yq'R"' [ 404.413836][T14281] netlink: 334 bytes leftover after parsing attributes in process `syz.0.3260'. [ 404.701287][T14288] futex_wake_op: syz.1.3263 tries to shift op by -2048; fix this program [ 404.728147][T14288] 0x000000000001-0x000000000012 : "" [ 404.752925][T14288] ftl_cs: FTL header corrupt! [ 404.970262][T14290] ERROR: Out of memory at tomoyo_memory_ok. [ 405.843331][T14329] random: crng reseeded on system resumption [ 405.882725][T14329] hub 1-0:1.0: USB hub found [ 405.898471][T14329] hub 1-0:1.0: 1 port detected [ 406.431261][T14342] FAULT_INJECTION: forcing a failure. [ 406.431261][T14342] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 406.445328][T14342] CPU: 0 UID: 0 PID: 14342 Comm: syz.0.3284 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 406.445399][T14342] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 406.445418][T14342] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 406.445438][T14342] Call Trace: [ 406.445448][T14342] [ 406.445461][T14342] dump_stack_lvl+0x100/0x190 [ 406.445519][T14342] should_fail_ex.cold+0x5/0xa [ 406.445552][T14342] ? prepare_alloc_pages+0x16d/0x5f0 [ 406.445595][T14342] should_fail_alloc_page+0xeb/0x140 [ 406.445632][T14342] prepare_alloc_pages+0x1f0/0x5f0 [ 406.445672][T14342] ? arch_stack_walk+0xa6/0xf0 [ 406.445710][T14342] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 406.445773][T14342] ? stack_trace_save+0x8e/0xc0 [ 406.445806][T14342] ? __pfx_stack_trace_save+0x10/0x10 [ 406.445840][T14342] ? stack_depot_save_flags+0x27/0x9d0 [ 406.445884][T14342] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 406.445937][T14342] ? kasan_save_stack+0x3f/0x50 [ 406.445987][T14342] ? kasan_save_stack+0x30/0x50 [ 406.446037][T14342] ? __kasan_slab_alloc+0x89/0x90 [ 406.446068][T14342] ? __pmd_alloc+0xbf/0x9c0 [ 406.446105][T14342] ? move_page_tables+0x3224/0x4500 [ 406.446151][T14342] ? copy_vma_and_data+0x25c/0x7c0 [ 406.446207][T14342] ? move_vma+0x51b/0x1890 [ 406.446251][T14342] ? mremap_to+0x1b7/0x450 [ 406.446296][T14342] ? do_mremap+0xb76/0x2130 [ 406.446342][T14342] ? __do_sys_mremap+0x126/0x170 [ 406.446389][T14342] ? do_syscall_64+0x106/0xf80 [ 406.446439][T14342] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 406.446488][T14342] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 406.446542][T14342] ? policy_nodemask+0xed/0x4f0 [ 406.446579][T14342] alloc_pages_mpol+0x1fb/0x550 [ 406.446613][T14342] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 406.446658][T14342] alloc_pages_noprof+0x131/0x390 [ 406.446714][T14342] pte_alloc_one+0x1e/0x3e0 [ 406.446754][T14342] __pte_alloc+0x6d/0x3f0 [ 406.446787][T14342] ? __pfx___pte_alloc+0x10/0x10 [ 406.446833][T14342] ? _raw_spin_unlock+0x28/0x50 [ 406.446955][T14342] ? __pmd_alloc+0x6aa/0x9c0 [ 406.446998][T14342] move_page_tables+0x257e/0x4500 [ 406.447051][T14342] ? __pfx_copy_vma+0x10/0x10 [ 406.447117][T14342] ? __pfx_move_page_tables+0x10/0x10 [ 406.447196][T14342] ? finish_task_switch.isra.0+0x200/0xb80 [ 406.447239][T14342] copy_vma_and_data+0x25c/0x7c0 [ 406.447293][T14342] ? __pfx_copy_vma_and_data+0x10/0x10 [ 406.447360][T14342] ? __vma_start_write+0x17f/0x280 [ 406.447404][T14342] ? __pfx___vma_start_write+0x10/0x10 [ 406.447459][T14342] move_vma+0x51b/0x1890 [ 406.447514][T14342] ? __pfx_move_vma+0x10/0x10 [ 406.447567][T14342] ? mm_get_unmapped_area_vmflags+0xd7/0x130 [ 406.447608][T14342] ? cap_mmap_addr+0x4b/0x120 [ 406.447719][T14342] ? bpf_lsm_mmap_addr+0x9/0x30 [ 406.447773][T14342] ? security_mmap_addr+0x71/0x1e0 [ 406.447808][T14342] ? __get_unmapped_area+0x255/0x3e0 [ 406.447851][T14342] ? vrm_set_new_addr+0x204/0x290 [ 406.447903][T14342] mremap_to+0x1b7/0x450 [ 406.447953][T14342] do_mremap+0xb76/0x2130 [ 406.448021][T14342] ? __pfx_do_mremap+0x10/0x10 [ 406.448079][T14342] ? ksys_write+0x190/0x250 [ 406.448121][T14342] __do_sys_mremap+0x126/0x170 [ 406.448172][T14342] ? __pfx___do_sys_mremap+0x10/0x10 [ 406.448241][T14342] ? __x64_sys_futex+0x34f/0x4d0 [ 406.448313][T14342] do_syscall_64+0x106/0xf80 [ 406.448354][T14342] ? clear_bhb_loop+0x40/0x90 [ 406.448398][T14342] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 406.448432][T14342] RIP: 0033:0x7fd62979c799 [ 406.448460][T14342] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 406.448492][T14342] RSP: 002b:00007fd62a5e2028 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 406.448524][T14342] RAX: ffffffffffffffda RBX: 00007fd629a15fa0 RCX: 00007fd62979c799 [ 406.448546][T14342] RDX: 0000000000000004 RSI: 0000000000000004 RDI: 0000200000000000 [ 406.448566][T14342] RBP: 00007fd629832bd9 R08: 0000000100000000 R09: 0000000000000000 [ 406.448588][T14342] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000000 [ 406.448607][T14342] R13: 00007fd629a16038 R14: 00007fd629a15fa0 R15: 00007ffe1498a458 [ 406.448651][T14342] [ 408.832211][T14388] FAULT_INJECTION: forcing a failure. [ 408.832211][T14388] name failslab, interval 1, probability 0, space 0, times 0 [ 408.858288][T14388] CPU: 1 UID: 0 PID: 14388 Comm: syz.0.3297 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 408.858363][T14388] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 408.858382][T14388] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 408.858402][T14388] Call Trace: [ 408.858413][T14388] [ 408.858425][T14388] dump_stack_lvl+0x100/0x190 [ 408.858481][T14388] should_fail_ex.cold+0x5/0xa [ 408.858520][T14388] should_failslab+0xc2/0x120 [ 408.858554][T14388] __kmalloc_cache_noprof+0x7a/0x6f0 [ 408.858598][T14388] ? alloc_fdtable+0xbd/0x2d0 [ 408.858646][T14388] ? find_held_lock+0x2b/0x80 [ 408.858677][T14388] ? dup_fd+0x924/0xd10 [ 408.858712][T14388] alloc_fdtable+0xbd/0x2d0 [ 408.858765][T14388] dup_fd+0x995/0xd10 [ 408.858802][T14388] ? apparmor_task_alloc+0x2c1/0x3b0 [ 408.858862][T14388] copy_process+0x2631/0x7a10 [ 408.858921][T14388] ? __pfx_copy_process+0x10/0x10 [ 408.858979][T14388] kernel_clone+0xfc/0x9a0 [ 408.859014][T14388] ? __pfx_futex_wait+0x10/0x10 [ 408.859068][T14388] ? __pfx_kernel_clone+0x10/0x10 [ 408.859128][T14388] __do_sys_clone+0xd9/0x120 [ 408.859168][T14388] ? __pfx___do_sys_clone+0x10/0x10 [ 408.859206][T14388] ? __fget_files+0x21f/0x3d0 [ 408.859267][T14388] do_syscall_64+0x106/0xf80 [ 408.859307][T14388] ? clear_bhb_loop+0x40/0x90 [ 408.859348][T14388] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 408.859382][T14388] RIP: 0033:0x7fd62979c799 [ 408.859408][T14388] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 408.859441][T14388] RSP: 002b:00007fd62a5e2028 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 408.859472][T14388] RAX: ffffffffffffffda RBX: 00007fd629a15fa0 RCX: 00007fd62979c799 [ 408.859494][T14388] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000001000 [ 408.859513][T14388] RBP: 00007fd629832bd9 R08: 0000000000000003 R09: 0000000000000000 [ 408.859532][T14388] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 408.859551][T14388] R13: 00007fd629a16038 R14: 00007fd629a15fa0 R15: 00007ffe1498a458 [ 408.859593][T14388] [ 409.332519][T14398] zswap: compressor not available [ 410.171338][T14442] phram: not enough arguments [ 410.357184][T14448] FAULT_INJECTION: forcing a failure. [ 410.357184][T14448] name failslab, interval 1, probability 0, space 0, times 0 [ 410.405239][T14448] CPU: 1 UID: 0 PID: 14448 Comm: syz.1.3314 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 410.405306][T14448] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 410.405324][T14448] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 410.405343][T14448] Call Trace: [ 410.405354][T14448] [ 410.405365][T14448] dump_stack_lvl+0x100/0x190 [ 410.405418][T14448] should_fail_ex.cold+0x5/0xa [ 410.405455][T14448] ? __register_sysctl_table+0xbe4/0x1650 [ 410.405506][T14448] should_failslab+0xc2/0x120 [ 410.405537][T14448] __kmalloc_noprof+0xe0/0x850 [ 410.405593][T14448] __register_sysctl_table+0xbe4/0x1650 [ 410.405653][T14448] ? __pfx___register_sysctl_table+0x10/0x10 [ 410.405702][T14448] ? rcu_is_cpu_rrupt_from_idle+0x231/0x270 [ 410.405756][T14448] ? __asan_memcpy+0x3c/0x60 [ 410.405804][T14448] register_pidns_sysctls+0x11d/0x1c0 [ 410.405849][T14448] ? __ns_common_init+0x299/0x4b0 [ 410.405888][T14448] copy_pid_ns+0x680/0x10a0 [ 410.405926][T14448] ? __pfx_copy_pid_ns+0x10/0x10 [ 410.405964][T14448] ? rcu_is_watching+0x12/0xc0 [ 410.406012][T14448] ? copy_mnt_ns+0x106/0xc30 [ 410.406050][T14448] ? create_new_namespaces+0x30/0xac0 [ 410.406088][T14448] create_new_namespaces+0x2aa/0xac0 [ 410.406128][T14448] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 410.406172][T14448] ksys_unshare+0x473/0xad0 [ 410.406223][T14448] ? __pfx_ksys_unshare+0x10/0x10 [ 410.406278][T14448] __x64_sys_unshare+0x31/0x40 [ 410.406316][T14448] do_syscall_64+0x106/0xf80 [ 410.406353][T14448] ? clear_bhb_loop+0x40/0x90 [ 410.406391][T14448] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 410.406424][T14448] RIP: 0033:0x7f3476d9c799 [ 410.406450][T14448] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 410.406482][T14448] RSP: 002b:00007f3477ca8028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 410.406512][T14448] RAX: ffffffffffffffda RBX: 00007f3477015fa0 RCX: 00007f3476d9c799 [ 410.406533][T14448] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000080 [ 410.406551][T14448] RBP: 00007f3476e32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 410.406570][T14448] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 410.406590][T14448] R13: 00007f3477016038 R14: 00007f3477015fa0 R15: 00007ffd8c251d98 [ 410.406630][T14448] [ 410.409166][T14448] sysctl could not get directory: /kernel -12 [ 411.260706][T14480] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 411.840533][T14494] GUP no longer grows the stack in syz.0.3329 (14494): 5000-401000 (4000) [ 411.855179][T14494] CPU: 0 UID: 0 PID: 14494 Comm: syz.0.3329 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 411.855249][T14494] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 411.855267][T14494] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 411.855286][T14494] Call Trace: [ 411.855297][T14494] [ 411.855309][T14494] dump_stack_lvl+0x100/0x190 [ 411.855365][T14494] gup_vma_lookup.cold+0x83/0x96 [ 411.855416][T14494] __get_user_pages+0x241/0x34d0 [ 411.855467][T14494] ? down_read_killable+0x30e/0x4c0 [ 411.855582][T14494] ? __lock_acquire+0x4a5/0x2630 [ 411.855627][T14494] ? __pfx___get_user_pages+0x10/0x10 [ 411.855701][T14494] __gup_longterm_locked+0x87d/0x16f0 [ 411.855754][T14494] ? __pfx___gup_longterm_locked+0x10/0x10 [ 411.855799][T14494] ? try_get_folio+0x262/0x750 [ 411.855832][T14494] ? find_held_lock+0x2b/0x80 [ 411.855865][T14494] ? sanity_check_pinned_pages+0x5f6/0x1250 [ 411.855912][T14494] gup_fast_fallback+0x18c6/0x2460 [ 411.855985][T14494] ? __pfx_gup_fast_fallback+0x10/0x10 [ 411.856026][T14494] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 411.856064][T14494] ? is_bpf_text_address+0x94/0x1a0 [ 411.856139][T14494] ? __kernel_text_address+0xd/0x30 [ 411.856189][T14494] ? unwind_get_return_address+0x59/0xa0 [ 411.856233][T14494] pin_user_pages_fast+0xa7/0xf0 [ 411.856272][T14494] ? __pfx_pin_user_pages_fast+0x10/0x10 [ 411.856316][T14494] iov_iter_extract_pages+0xa0d/0x1ef0 [ 411.856416][T14494] ? trace_pelt_se_tp+0x159/0x1b0 [ 411.856461][T14494] ? __blkdev_direct_IO_simple+0x112/0x890 [ 411.856553][T14494] ? kasan_save_stack+0x3f/0x50 [ 411.856600][T14494] ? kasan_save_stack+0x30/0x50 [ 411.856645][T14494] ? kasan_save_track+0x14/0x30 [ 411.856696][T14494] ? __pfx_iov_iter_extract_pages+0x10/0x10 [ 411.856730][T14494] ? blkdev_direct_IO+0xc76/0x1fb0 [ 411.856770][T14494] ? blkdev_write_iter+0x703/0xd70 [ 411.856803][T14494] ? vfs_write+0x6ac/0x1070 [ 411.856852][T14494] ? __lock_acquire+0x4a5/0x2630 [ 411.856907][T14494] iov_iter_extract_bvecs+0x10e/0xf40 [ 411.856943][T14494] ? find_held_lock+0x2b/0x80 [ 411.856967][T14494] ? bio_associate_blkg_from_css+0x394/0x13f0 [ 411.857043][T14494] ? __pfx_iov_iter_extract_bvecs+0x10/0x10 [ 411.857075][T14494] ? bio_associate_blkg_from_css+0x550/0x13f0 [ 411.857118][T14494] bio_iov_iter_get_pages+0x26a/0x970 [ 411.857206][T14494] __blkdev_direct_IO_simple+0x3a7/0x890 [ 411.857249][T14494] ? __pfx___blkdev_direct_IO_simple+0x10/0x10 [ 411.857323][T14494] ? ktime_get_coarse_real_ts64_mg+0x249/0x300 [ 411.857366][T14494] ? ktime_get_coarse_real_ts64_mg+0x1e0/0x300 [ 411.857420][T14494] blkdev_direct_IO+0xc76/0x1fb0 [ 411.857484][T14494] ? __pfx_blkdev_direct_IO+0x10/0x10 [ 411.857525][T14494] ? rcu_is_watching+0x12/0xc0 [ 411.857575][T14494] ? __mark_inode_dirty+0x55c/0x1790 [ 411.857625][T14494] ? filemap_check_errors+0xa9/0x150 [ 411.857674][T14494] blkdev_write_iter+0x703/0xd70 [ 411.857726][T14494] vfs_write+0x6ac/0x1070 [ 411.857780][T14494] ? __pfx_blkdev_write_iter+0x10/0x10 [ 411.857827][T14494] ? __pfx_vfs_write+0x10/0x10 [ 411.857878][T14494] ? find_held_lock+0x2b/0x80 [ 411.857937][T14494] ksys_write+0x12a/0x250 [ 411.857967][T14494] ? __pfx_ksys_write+0x10/0x10 [ 411.858011][T14494] do_syscall_64+0x106/0xf80 [ 411.858050][T14494] ? clear_bhb_loop+0x40/0x90 [ 411.858093][T14494] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 411.858137][T14494] RIP: 0033:0x7fd62979c799 [ 411.858164][T14494] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 411.858196][T14494] RSP: 002b:00007fd62a5e2028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 411.858227][T14494] RAX: ffffffffffffffda RBX: 00007fd629a15fa0 RCX: 00007fd62979c799 [ 411.858248][T14494] RDX: 000000000010007c RSI: 0000000000000000 RDI: 0000000000000003 [ 411.858268][T14494] RBP: 00007fd629832bd9 R08: 0000000000000000 R09: 0000000000000000 [ 411.858287][T14494] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 411.858306][T14494] R13: 00007fd629a16038 R14: 00007fd629a15fa0 R15: 00007ffe1498a458 [ 411.858349][T14494] [ 412.921852][T14513] netlink: 'syz.2.3335': attribute type 64 has an invalid length. [ 412.939117][T14513] netlink: 74 bytes leftover after parsing attributes in process `syz.2.3335'. [ 412.951880][T14514] openvswitch: netlink: Tunnel attr 0 has unexpected len 0 expected 8 [ 412.966627][T14514] openvswitch: netlink: Tunnel attr 0 has unexpected len 0 expected 8 [ 413.120404][T14520] netlink: 'syz.1.3337': attribute type 32 has an invalid length. [ 413.271637][T14526] netlink: 330 bytes leftover after parsing attributes in process `syz.0.3342'. [ 415.581101][ T30] audit: type=1326 audit(1772840002.358:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14569 comm="syz.0.3358" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fd62979c799 code=0x0 [ 418.678761][T14635] sctp: [Deprecated]: syz.0.3388 (pid 14635) Use of struct sctp_assoc_value in delayed_ack socket option. [ 418.678761][T14635] Use struct sctp_sack_info instead [ 419.525434][ T5834] block nbd0: Receive control failed (result -32) [ 420.155512][T14675] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 420.188591][T14675] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 420.235288][T14675] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 420.260397][T14675] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 422.176211][ T5834] Bluetooth: hci0: command 0x0c1a tx timeout [ 422.256122][ T5834] Bluetooth: hci3: command 0x0c1a tx timeout [ 422.262270][ T5834] Bluetooth: hci1: command 0x0c1a tx timeout [ 422.345103][T14757] Bluetooth: hci2: command 0x0406 tx timeout [ 422.826113][T14773] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3423'. [ 423.441906][T14789] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 423.806518][T14801] netlink: 326 bytes leftover after parsing attributes in process `syz.3.3437'. [ 424.331319][T14812] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3440'. [ 424.371527][T14812] mac80211_hwsim hwsim9 wlan1: entered promiscuous mode [ 424.400240][T14812] mac80211_hwsim hwsim9 wlan1: entered allmulticast mode [ 427.279494][T14913] netlink: 342 bytes leftover after parsing attributes in process `syz.3.3472'. [ 427.331317][T14916] netlink: 342 bytes leftover after parsing attributes in process `syz.3.3472'. [ 427.489451][T14922] netlink: 342 bytes leftover after parsing attributes in process `syz.3.3474'. [ 430.002676][T14992] netlink: 334 bytes leftover after parsing attributes in process `syz.3.3501'. [ 430.221210][T14997] netlink: 334 bytes leftover after parsing attributes in process `syz.2.3503'. [ 432.570866][T15070] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3523'. [ 433.218425][T15070] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3523'. [ 435.654097][T15144] netlink: 302 bytes leftover after parsing attributes in process `syz.3.3541'. [ 436.722164][T15177] block nbd1: Unsupported socket: should be TCP or UNIX. [ 436.948709][T15184] FAULT_INJECTION: forcing a failure. [ 436.948709][T15184] name failslab, interval 1, probability 0, space 0, times 0 [ 436.975381][T15184] CPU: 1 UID: 0 PID: 15184 Comm: syz.1.3557 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 436.975442][T15184] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 436.975476][T15184] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 436.975494][T15184] Call Trace: [ 436.975503][T15184] [ 436.975514][T15184] dump_stack_lvl+0x100/0x190 [ 436.975567][T15184] should_fail_ex.cold+0x5/0xa [ 436.975612][T15184] should_failslab+0xc2/0x120 [ 436.975645][T15184] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 436.975691][T15184] ? security_inode_alloc+0x3b/0x2c0 [ 436.975739][T15184] ? lockdep_init_map_type+0x5c/0x250 [ 436.975786][T15184] security_inode_alloc+0x3b/0x2c0 [ 436.975834][T15184] inode_init_always_gfp+0xced/0x1040 [ 436.975870][T15184] alloc_inode+0x8e/0x250 [ 436.975912][T15184] create_pipe_files+0x4c/0x970 [ 436.975948][T15184] do_pipe2+0xbd/0x1e0 [ 436.975980][T15184] ? __pfx_do_pipe2+0x10/0x10 [ 436.976011][T15184] ? xfd_validate_state+0x129/0x190 [ 436.976099][T15184] __x64_sys_pipe2+0x54/0x80 [ 436.976132][T15184] do_syscall_64+0x106/0xf80 [ 436.976170][T15184] ? clear_bhb_loop+0x40/0x90 [ 436.976209][T15184] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 436.976242][T15184] RIP: 0033:0x7f3476d9c799 [ 436.976265][T15184] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 436.976296][T15184] RSP: 002b:00007f3477ca8028 EFLAGS: 00000246 ORIG_RAX: 0000000000000125 [ 436.976325][T15184] RAX: ffffffffffffffda RBX: 00007f3477015fa0 RCX: 00007f3476d9c799 [ 436.976346][T15184] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 0000000000000000 [ 436.976364][T15184] RBP: 00007f3476e32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 436.976383][T15184] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 436.976401][T15184] R13: 00007f3477016038 R14: 00007f3477015fa0 R15: 00007ffd8c251d98 [ 436.976452][T15184] [ 437.323511][T15191] netlink: 342 bytes leftover after parsing attributes in process `syz.2.3558'. [ 437.516288][T15194] netlink: 222 bytes leftover after parsing attributes in process `syz.1.3559'. [ 438.139159][T15206] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3562'. [ 438.934528][T15225] futex_wake_op: syz.2.3569 tries to shift op by -2048; fix this program [ 438.946253][T15225] futex_wake_op: syz.2.3569 tries to shift op by -2048; fix this program [ 438.957542][T15225] 0x000000000001-0x000000020000 : "" [ 439.001932][T15225] ftl_cs: FTL header corrupt! [ 439.173060][T15227] ERROR: Out of memory at tomoyo_memory_ok. [ 439.739296][T15247] netlink: 302 bytes leftover after parsing attributes in process `syz.1.3577'. [ 439.942597][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 439.949037][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 440.406307][T15261] futex_wake_op: syz.0.3581 tries to shift op by -2048; fix this program [ 440.435210][T15261] futex_wake_op: syz.0.3581 tries to shift op by -2048; fix this program [ 440.454820][T15261] 0x001c00000000-0x100002c00000200 : "" [ 440.462142][T15261] mtd: partition "" is out of reach -- disabled [ 440.512497][T15261] ftl_cs: FTL header not found. [ 440.699484][T15266] ERROR: Out of memory at tomoyo_memory_ok. [ 441.078688][T15279] netlink: 218 bytes leftover after parsing attributes in process `syz.0.3588'. [ 441.460163][T15292] netlink: 346 bytes leftover after parsing attributes in process `syz.2.3592'. [ 443.626075][T15326] netlink: 342 bytes leftover after parsing attributes in process `syz.1.3604'. [ 443.665495][T15326] netlink: 342 bytes leftover after parsing attributes in process `syz.1.3604'. [ 444.457776][T15348] sctp: [Deprecated]: syz.2.3611 (pid 15348) Use of struct sctp_assoc_value in delayed_ack socket option. [ 444.457776][T15348] Use struct sctp_sack_info instead [ 445.521783][T15376] netlink: 'syz.1.3620': attribute type 4 has an invalid length. [ 445.529938][T15376] netlink: 314 bytes leftover after parsing attributes in process `syz.1.3620'. [ 446.429250][T15389] FAULT_INJECTION: forcing a failure. [ 446.429250][T15389] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 446.445120][T15389] CPU: 0 UID: 0 PID: 15389 Comm: syz.1.3626 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 446.445186][T15389] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 446.445205][T15389] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 446.445225][T15389] Call Trace: [ 446.445235][T15389] [ 446.445247][T15389] dump_stack_lvl+0x100/0x190 [ 446.445302][T15389] should_fail_ex.cold+0x5/0xa [ 446.445341][T15389] _copy_from_iter+0x1f4/0x1690 [ 446.445382][T15389] ? __pfx__copy_from_iter+0x10/0x10 [ 446.445432][T15389] copy_page_from_iter+0xde/0x180 [ 446.445469][T15389] anon_pipe_write+0xae4/0x1d40 [ 446.445514][T15389] ? __pfx_anon_pipe_write+0x10/0x10 [ 446.445547][T15389] ? __pfx_autoremove_wake_function+0x10/0x10 [ 446.445588][T15389] ? bpf_lsm_file_permission+0x9/0x10 [ 446.445635][T15389] ? security_file_permission+0x76/0x210 [ 446.445674][T15389] ? rw_verify_area+0xce/0x6d0 [ 446.445723][T15389] vfs_write+0x6ac/0x1070 [ 446.445771][T15389] ? __pfx_anon_pipe_write+0x10/0x10 [ 446.445806][T15389] ? __pfx_vfs_write+0x10/0x10 [ 446.445880][T15389] ? find_held_lock+0x2b/0x80 [ 446.445939][T15389] ksys_write+0x1f8/0x250 [ 446.445969][T15389] ? __pfx_ksys_write+0x10/0x10 [ 446.446010][T15389] do_syscall_64+0x106/0xf80 [ 446.446050][T15389] ? clear_bhb_loop+0x40/0x90 [ 446.446093][T15389] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 446.446128][T15389] RIP: 0033:0x7f3476d9c799 [ 446.446155][T15389] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 446.446207][T15389] RSP: 002b:00007f3477ca8028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 446.446240][T15389] RAX: ffffffffffffffda RBX: 00007f3477015fa0 RCX: 00007f3476d9c799 [ 446.446264][T15389] RDX: 0000000080000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 446.446284][T15389] RBP: 00007f3476e32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 446.446305][T15389] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 446.446325][T15389] R13: 00007f3477016038 R14: 00007f3477015fa0 R15: 00007ffd8c251d98 [ 446.446371][T15389] [ 446.896994][T15402] block nbd8: shutting down sockets [ 448.007777][T15421] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3638'. [ 448.059842][T15421] bond0: (slave bond_slave_0): Releasing backup interface [ 448.068380][T15425] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3640'. [ 448.224285][T15433] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3642'. [ 448.668298][T15449] ptp ptp0: new virtual clock ptp1 [ 448.678689][T15449] ptp ptp0: guarantee physical clock free running [ 448.692951][T15452] ptp ptp0: delete virtual clock ptp1 [ 448.721840][T15452] ptp ptp0: only physical clock in use now [ 449.853434][T15470] vhci_hcd vhci_hcd.0: default hub control req: 0000 v0000 i0000 l0 [ 450.052699][T15477] netlink: 'syz.2.3658': attribute type 1 has an invalid length. [ 450.060622][T15477] netlink: 322 bytes leftover after parsing attributes in process `syz.2.3658'. [ 450.072395][T15477] netlink: 'syz.2.3658': attribute type 1 has an invalid length. [ 450.082251][T15477] netlink: 322 bytes leftover after parsing attributes in process `syz.2.3658'. [ 450.629710][T15500] openvswitch: : Dropping previously announced user features [ 451.186024][T15505] netlink: 74 bytes leftover after parsing attributes in process `syz.0.3668'. [ 454.321000][ C0] sd 0:0:1:0: [sda] tag#4291 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s [ 454.331520][ C0] sd 0:0:1:0: [sda] tag#4291 CDB: Read(6) 08 00 00 00 10 00 00 00 00 00 00 00 [ 455.750810][T15593] dyndbg: expected <4096 bytes into control [ 456.408110][T15605] : entered promiscuous mode [ 456.908106][T15610] netlink: 354 bytes leftover after parsing attributes in process `syz.1.3705'. [ 457.256624][T15614] FAULT_INJECTION: forcing a failure. [ 457.256624][T15614] name failslab, interval 1, probability 0, space 0, times 0 [ 457.289236][T15614] CPU: 1 UID: 0 PID: 15614 Comm: syz.1.3706 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 457.289309][T15614] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 457.289328][T15614] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 457.289348][T15614] Call Trace: [ 457.289358][T15614] [ 457.289370][T15614] dump_stack_lvl+0x100/0x190 [ 457.289427][T15614] should_fail_ex.cold+0x5/0xa [ 457.289464][T15614] ? lsm_blob_alloc+0x68/0x90 [ 457.289510][T15614] should_failslab+0xc2/0x120 [ 457.289545][T15614] __kmalloc_noprof+0xe0/0x850 [ 457.289594][T15614] ? trace_kmem_cache_alloc+0xf3/0x120 [ 457.289637][T15614] lsm_blob_alloc+0x68/0x90 [ 457.289676][T15614] security_prepare_creds+0x2d/0x290 [ 457.289717][T15614] prepare_creds+0x5d6/0x950 [ 457.289791][T15614] __do_sys_capset+0x270/0x460 [ 457.289823][T15614] ? __pfx___do_sys_capset+0x10/0x10 [ 457.289860][T15614] ? __x64_sys_futex+0x358/0x4d0 [ 457.289905][T15614] ? __pfx_ksys_mmap_pgoff+0x10/0x10 [ 457.289943][T15614] ? xfd_validate_state+0x129/0x190 [ 457.290006][T15614] do_syscall_64+0x106/0xf80 [ 457.290048][T15614] ? clear_bhb_loop+0x40/0x90 [ 457.290090][T15614] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 457.290124][T15614] RIP: 0033:0x7f3476d9c799 [ 457.290152][T15614] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 457.290185][T15614] RSP: 002b:00007f3477ca8028 EFLAGS: 00000246 ORIG_RAX: 000000000000007e [ 457.290220][T15614] RAX: ffffffffffffffda RBX: 00007f3477015fa0 RCX: 00007f3476d9c799 [ 457.290242][T15614] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000200 [ 457.290263][T15614] RBP: 00007f3476e32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 457.290283][T15614] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 457.290303][T15614] R13: 00007f3477016038 R14: 00007f3477015fa0 R15: 00007ffd8c251d98 [ 457.290347][T15614] [ 459.128105][T15640] Loading of unsigned module is rejected [ 459.540144][T15648] netlink: 326 bytes leftover after parsing attributes in process `syz.3.3720'. [ 459.865586][T15658] random: crng reseeded on system resumption [ 462.446402][T15702] netlink: 342 bytes leftover after parsing attributes in process `syz.1.3738'. [ 463.775911][T15717] netlink: 342 bytes leftover after parsing attributes in process `syz.1.3744'. [ 468.127795][T15789] vivid-007: ================= START STATUS ================= [ 468.187812][T15789] vivid-007: Generate PTS: true [ 468.192824][T15789] vivid-007: Generate SCR: true [ 468.229891][T15789] tpg source WxH: 320x240 (Y'CbCr) [ 468.291648][T15789] tpg field: 1 [ 468.315306][T15789] tpg crop: (0,0)/320x240 [ 468.319709][T15789] tpg compose: (0,0)/320x240 [ 468.324334][T15789] tpg colorspace: 8 [ 468.368153][T15789] tpg transfer function: 0/0 [ 468.372822][T15789] tpg Y'CbCr encoding: 0/0 [ 468.378910][T15786] netlink: 186 bytes leftover after parsing attributes in process `syz.0.3770'. [ 468.406805][T15786] netlink: 186 bytes leftover after parsing attributes in process `syz.0.3770'. [ 468.418801][T15789] tpg quantization: 0/0 [ 468.423026][T15789] tpg RGB range: 0/2 [ 468.435198][T15789] vivid-007: ================== END STATUS ================== [ 473.899615][T15899] netlink: 330 bytes leftover after parsing attributes in process `syz.1.3811'. [ 474.112707][T15906] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3813'. [ 474.232715][T15906] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 474.279527][T15906] bond0 (unregistering): Released all slaves [ 474.829402][T15921] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3820'. [ 474.876443][T15921] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3820'. [ 475.007968][T15923] netlink: 342 bytes leftover after parsing attributes in process `syz.2.3821'. [ 476.028839][T15942] ACPI: button: Initial lid state set to 'ignore' [ 476.298682][T15948] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3832'. [ 476.565795][T15953] random: crng reseeded on system resumption [ 478.025875][T15972] zswap: compressor not available [ 478.456603][T15981] netlink: 330 bytes leftover after parsing attributes in process `syz.1.3842'. [ 479.737778][T16002] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3850'. [ 480.555689][T14757] Bluetooth: hci0: unexpected event 0x1d length: 6 > 5 [ 481.256084][T16030] netlink: 342 bytes leftover after parsing attributes in process `syz.2.3862'. [ 484.181389][T16079] NFSD: Failed to start, no listeners configured. [ 485.396578][T16099] binder: 16098:16099 unknown command 49 [ 485.402380][T16099] binder: 16098:16099 ioctl c0306201 0 returned -22 [ 485.968614][T16116] random: crng reseeded on system resumption [ 487.856635][T16149] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3904'. [ 489.965532][T16184] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3918'. [ 491.625184][T16207] netlink: 342 bytes leftover after parsing attributes in process `syz.3.3927'. [ 491.646985][T16207] netlink: 342 bytes leftover after parsing attributes in process `syz.3.3927'. [ 497.405459][T16284] zswap: compressor  not available [ 499.735881][T16323] netlink: 86 bytes leftover after parsing attributes in process `syz.2.3967'. [ 500.041392][T16332] netlink: 334 bytes leftover after parsing attributes in process `syz.2.3970'. [ 501.346300][T16344] netlink: 334 bytes leftover after parsing attributes in process `syz.2.3974'. [ 501.388238][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.394620][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 501.611169][T16349] netlink: 338 bytes leftover after parsing attributes in process `syz.0.3976'. [ 509.928967][T16439] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 509.952278][T16439] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 509.962391][T16439] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 509.979072][T16439] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 510.367377][T16451] kvm: kvm [16450]: vcpu2, guest rIP: 0xfff0 Unhandled WRMSR(0x11e) = 0x1 [ 510.419703][ T5824] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 510.432729][ T5824] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 510.441684][ T5824] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 510.452252][ T5824] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 510.462739][ T5824] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 510.754251][T16455] chnl_net:caif_netlink_parms(): no params data found [ 510.885193][T16455] bridge0: port 1(bridge_slave_0) entered blocking state [ 510.893592][T16455] bridge0: port 1(bridge_slave_0) entered disabled state [ 510.901459][T16455] bridge_slave_0: entered allmulticast mode [ 510.911943][T16455] bridge_slave_0: entered promiscuous mode [ 510.923082][T16455] bridge0: port 2(bridge_slave_1) entered blocking state [ 510.931056][T16455] bridge0: port 2(bridge_slave_1) entered disabled state [ 510.945528][T16455] bridge_slave_1: entered allmulticast mode [ 510.953648][T16455] bridge_slave_1: entered promiscuous mode [ 511.029379][T16455] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 511.054452][T16455] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 511.229413][T16455] team0: Port device team_slave_0 added [ 511.252128][T16455] team0: Port device team_slave_1 added [ 511.296607][ T5824] Bluetooth: hci0: command 0x0c1a tx timeout [ 511.336820][T16455] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 511.343836][T16455] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 511.370196][T16455] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 511.398666][T16455] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 511.406119][T16455] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 511.452561][T16455] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 511.533892][T16455] hsr_slave_0: entered promiscuous mode [ 511.541024][T16455] hsr_slave_1: entered promiscuous mode [ 511.550791][T16455] debugfs: 'hsr0' already exists in 'hsr' [ 511.575165][T16455] Cannot create hsr debugfs directory [ 512.015536][ T5824] Bluetooth: hci2: command 0x0406 tx timeout [ 512.022471][T14757] Bluetooth: hci3: command 0x0c1a tx timeout [ 512.029003][T14757] Bluetooth: hci1: command 0x0c1a tx timeout [ 512.458731][T16455] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 512.483724][T16455] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 512.510322][T16455] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 512.548543][T16455] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 512.576405][T16480] Bluetooth: hci4: command tx timeout [ 512.628043][T16486] netlink: 146 bytes leftover after parsing attributes in process `syz.2.4020'. [ 512.851705][T16455] 8021q: adding VLAN 0 to HW filter on device bond0 [ 512.930895][T16455] 8021q: adding VLAN 0 to HW filter on device team0 [ 512.990963][T16081] bridge0: port 1(bridge_slave_0) entered blocking state [ 512.998235][T16081] bridge0: port 1(bridge_slave_0) entered forwarding state [ 513.050943][ T78] bridge0: port 2(bridge_slave_1) entered blocking state [ 513.058200][ T78] bridge0: port 2(bridge_slave_1) entered forwarding state [ 513.784269][T16455] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 514.570667][T16455] veth0_vlan: entered promiscuous mode [ 514.627898][T16455] veth1_vlan: entered promiscuous mode [ 514.655521][T16480] Bluetooth: hci4: command tx timeout [ 514.722550][T16455] veth0_macvtap: entered promiscuous mode [ 514.747744][T16455] veth1_macvtap: entered promiscuous mode [ 514.831888][T16455] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 514.848024][T16536] netlink: 334 bytes leftover after parsing attributes in process `syz.2.4034'. [ 514.877782][T16455] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 514.940473][T16081] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 514.981086][T16081] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 515.018439][T16081] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 515.097386][T16081] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 515.340667][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 515.376914][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 515.452726][T16081] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 515.487316][T16081] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 516.735490][T16480] Bluetooth: hci4: command tx timeout [ 516.928533][T16553] netlink: 334 bytes leftover after parsing attributes in process `syz.2.4039'. [ 516.957590][T16555] netlink: 'syz.0.4040': attribute type 4 has an invalid length. [ 517.414734][T16562] netlink: 'syz.0.4043': attribute type 27 has an invalid length. [ 517.425098][T16562] netlink: 334 bytes leftover after parsing attributes in process `syz.0.4043'. [ 517.523697][T16564] netlink: 322 bytes leftover after parsing attributes in process `syz.4.4044'. [ 518.825164][T16480] Bluetooth: hci4: command tx timeout [ 519.104670][T16592] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4056'. [ 519.142447][T16592] netlink: 25 bytes leftover after parsing attributes in process `syz.0.4056'. [ 520.435671][ T5834] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 520.447550][ T5834] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 520.458459][ T5834] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 520.469182][ T5834] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 520.478891][ T5834] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 521.551840][T16610] chnl_net:caif_netlink_parms(): no params data found [ 522.063430][T16610] bridge0: port 1(bridge_slave_0) entered blocking state [ 522.105614][T16610] bridge0: port 1(bridge_slave_0) entered disabled state [ 522.112945][T16610] bridge_slave_0: entered allmulticast mode [ 522.169803][T16610] bridge_slave_0: entered promiscuous mode [ 522.177516][T16638] netlink: 'syz.2.4071': attribute type 14 has an invalid length. [ 522.198779][T16610] bridge0: port 2(bridge_slave_1) entered blocking state [ 522.216518][T16610] bridge0: port 2(bridge_slave_1) entered disabled state [ 522.225704][T16638] netlink: 330 bytes leftover after parsing attributes in process `syz.2.4071'. [ 522.234480][T16610] bridge_slave_1: entered allmulticast mode [ 522.268152][T16610] bridge_slave_1: entered promiscuous mode [ 522.412452][T16610] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 522.462232][T16610] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 522.576560][T16480] Bluetooth: hci5: command tx timeout [ 522.649277][T16610] team0: Port device team_slave_0 added [ 522.688242][T16610] team0: Port device team_slave_1 added [ 522.824002][T16610] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 522.861937][T16610] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 522.957177][T16610] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 523.005244][T16610] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 523.012333][T16610] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 523.111226][T16610] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 523.576800][T16610] hsr_slave_0: entered promiscuous mode [ 523.583824][T16610] hsr_slave_1: entered promiscuous mode [ 523.626320][T16610] debugfs: 'hsr0' already exists in 'hsr' [ 523.632141][T16610] Cannot create hsr debugfs directory [ 524.657184][T16480] Bluetooth: hci5: command tx timeout [ 524.926055][T16667] netlink: 330 bytes leftover after parsing attributes in process `syz.0.4082'. [ 525.018919][T16610] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 525.069850][T16610] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 525.144495][T16610] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 525.315427][T16610] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 525.708916][T16610] 8021q: adding VLAN 0 to HW filter on device bond0 [ 525.778699][T16610] 8021q: adding VLAN 0 to HW filter on device team0 [ 525.808374][ T149] bridge0: port 1(bridge_slave_0) entered blocking state [ 525.815632][ T149] bridge0: port 1(bridge_slave_0) entered forwarding state [ 525.855646][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 525.862917][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 526.033799][T16688] netlink: 342 bytes leftover after parsing attributes in process `syz.0.4085'. [ 526.735113][T16480] Bluetooth: hci5: command tx timeout [ 526.841280][T16610] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 527.479553][T16610] veth0_vlan: entered promiscuous mode [ 527.494313][T16610] veth1_vlan: entered promiscuous mode [ 527.571748][T16610] veth0_macvtap: entered promiscuous mode [ 527.603283][T16610] veth1_macvtap: entered promiscuous mode [ 527.673361][T16610] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 527.694355][T16610] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 527.719287][ T12] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 527.741132][ T12] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 527.750077][ T12] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 527.764028][ T12] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 527.913779][T16081] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 527.942523][T16081] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 527.996188][ T149] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 528.010458][ T149] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 528.820900][T16480] Bluetooth: hci5: command tx timeout [ 530.195547][T16744] netlink: 338 bytes leftover after parsing attributes in process `syz.4.4101'. [ 530.459644][T16748] FAULT_INJECTION: forcing a failure. [ 530.459644][T16748] name failslab, interval 1, probability 0, space 0, times 0 [ 530.487664][T16748] CPU: 0 UID: 0 PID: 16748 Comm: syz.4.4102 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 530.487735][T16748] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 530.487753][T16748] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 530.487772][T16748] Call Trace: [ 530.487782][T16748] [ 530.487795][T16748] dump_stack_lvl+0x100/0x190 [ 530.487852][T16748] should_fail_ex.cold+0x5/0xa [ 530.487892][T16748] should_failslab+0xc2/0x120 [ 530.487929][T16748] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 530.487982][T16748] ? alloc_inode+0x183/0x250 [ 530.488035][T16748] alloc_inode+0x183/0x250 [ 530.488090][T16748] alloc_anon_inode+0x2a/0x3e0 [ 530.488148][T16748] anon_inode_make_secure_inode+0x2f/0x140 [ 530.488196][T16748] __anon_inode_getfile+0x1cf/0x280 [ 530.488236][T16748] ? _copy_to_user+0xaf/0xd0 [ 530.488344][T16748] io_uring_setup.cold+0x19e3/0x1d09 [ 530.488405][T16748] ? __pfx_io_uring_setup+0x10/0x10 [ 530.488482][T16748] ? __pfx_do_futex+0x10/0x10 [ 530.488549][T16748] ? xfd_validate_state+0x129/0x190 [ 530.488615][T16748] __x64_sys_io_uring_setup+0xc2/0x170 [ 530.488661][T16748] do_syscall_64+0x106/0xf80 [ 530.488705][T16748] ? clear_bhb_loop+0x40/0x90 [ 530.488750][T16748] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 530.488788][T16748] RIP: 0033:0x7f9a36b9c799 [ 530.488818][T16748] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 530.488853][T16748] RSP: 002b:00007f9a3798e028 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 530.488888][T16748] RAX: ffffffffffffffda RBX: 00007f9a36e15fa0 RCX: 00007f9a36b9c799 [ 530.488910][T16748] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005 [ 530.488930][T16748] RBP: 00007f9a36c32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 530.488950][T16748] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 530.488970][T16748] R13: 00007f9a36e16038 R14: 00007f9a36e15fa0 R15: 00007fff9846d998 [ 530.489014][T16748] [ 531.190291][T16758] netlink: 330 bytes leftover after parsing attributes in process `syz.2.4106'. [ 531.225432][T16757] FAULT_INJECTION: forcing a failure. [ 531.225432][T16757] name failslab, interval 1, probability 0, space 0, times 0 [ 531.267406][T16757] CPU: 1 UID: 0 PID: 16757 Comm: syz.5.4105 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 531.267484][T16757] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 531.267509][T16757] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 531.267528][T16757] Call Trace: [ 531.267537][T16757] [ 531.267556][T16757] dump_stack_lvl+0x100/0x190 [ 531.267608][T16757] should_fail_ex.cold+0x5/0xa [ 531.267642][T16757] should_failslab+0xc2/0x120 [ 531.267673][T16757] __kmalloc_cache_noprof+0x7a/0x6f0 [ 531.267712][T16757] ? ring_buffer_read_start+0x149/0x460 [ 531.267764][T16757] ring_buffer_read_start+0x149/0x460 [ 531.267818][T16757] ? __pfx_ring_buffer_read_start+0x10/0x10 [ 531.267884][T16757] ? lockdep_init_map_type+0x5c/0x250 [ 531.267926][T16757] ? ring_buffer_overruns+0x14e/0x1a0 [ 531.267965][T16757] tracing_open+0x9cd/0xef0 [ 531.268058][T16757] do_dentry_open+0x6d8/0x1660 [ 531.268086][T16757] ? __pfx_tracing_open+0x10/0x10 [ 531.268129][T16757] vfs_open+0x82/0x3f0 [ 531.268169][T16757] path_openat+0x208c/0x31a0 [ 531.268210][T16757] ? __pfx_path_openat+0x10/0x10 [ 531.268253][T16757] do_file_open+0x20e/0x430 [ 531.268285][T16757] ? __pfx_do_file_open+0x10/0x10 [ 531.268344][T16757] ? alloc_fd+0x476/0x790 [ 531.268376][T16757] ? do_getname+0x191/0x390 [ 531.268416][T16757] do_sys_openat2+0x10d/0x1e0 [ 531.268454][T16757] ? __pfx_do_sys_openat2+0x10/0x10 [ 531.268495][T16757] ? __fget_files+0x21f/0x3d0 [ 531.268530][T16757] __x64_sys_openat+0x12d/0x210 [ 531.268568][T16757] ? __pfx___x64_sys_openat+0x10/0x10 [ 531.268620][T16757] do_syscall_64+0x106/0xf80 [ 531.268655][T16757] ? clear_bhb_loop+0x40/0x90 [ 531.268690][T16757] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 531.268720][T16757] RIP: 0033:0x7f6ae699c799 [ 531.268744][T16757] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 531.268772][T16757] RSP: 002b:00007f6ae7887028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 531.268800][T16757] RAX: ffffffffffffffda RBX: 00007f6ae6c15fa0 RCX: 00007f6ae699c799 [ 531.268819][T16757] RDX: 1a6b75d638929210 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 531.268838][T16757] RBP: 00007f6ae6a32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 531.268856][T16757] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 531.268873][T16757] R13: 00007f6ae6c16038 R14: 00007f6ae6c15fa0 R15: 00007fff813035e8 [ 531.268911][T16757] [ 532.067732][T16772] FAULT_INJECTION: forcing a failure. [ 532.067732][T16772] name failslab, interval 1, probability 0, space 0, times 0 [ 532.112457][T16772] CPU: 1 UID: 0 PID: 16772 Comm: syz.4.4112 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 532.112533][T16772] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 532.112552][T16772] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 532.112572][T16772] Call Trace: [ 532.112583][T16772] [ 532.112596][T16772] dump_stack_lvl+0x100/0x190 [ 532.112654][T16772] should_fail_ex.cold+0x5/0xa [ 532.112694][T16772] should_failslab+0xc2/0x120 [ 532.112731][T16772] __kmalloc_cache_noprof+0x7a/0x6f0 [ 532.112775][T16772] ? __kthread_create_on_node+0xce/0x3f0 [ 532.112816][T16772] ? lockdep_init_map_type+0x5c/0x250 [ 532.112870][T16772] ? __pfx_tomoyo_gc_thread+0x10/0x10 [ 532.113030][T16772] __kthread_create_on_node+0xce/0x3f0 [ 532.113075][T16772] ? __pfx___kthread_create_on_node+0x10/0x10 [ 532.113138][T16772] ? __pfx_tomoyo_gc_thread+0x10/0x10 [ 532.113196][T16772] kthread_create_on_node+0xc7/0x100 [ 532.113237][T16772] ? __pfx_kthread_create_on_node+0x10/0x10 [ 532.113281][T16772] ? lockdep_hardirqs_on+0x78/0x100 [ 532.113325][T16772] ? find_held_lock+0x2b/0x80 [ 532.113357][T16772] ? tomoyo_notify_gc+0xc6/0x480 [ 532.113425][T16772] tomoyo_notify_gc+0x102/0x480 [ 532.113480][T16772] ? ima_iint_find+0xe9/0x130 [ 532.113562][T16772] ? __pfx_tomoyo_release+0x10/0x10 [ 532.113605][T16772] tomoyo_release+0x31/0x40 [ 532.113645][T16772] __fput+0x3ff/0xb40 [ 532.113696][T16772] task_work_run+0x150/0x240 [ 532.113748][T16772] ? __pfx_task_work_run+0x10/0x10 [ 532.113811][T16772] exit_to_user_mode_loop+0x100/0x4a0 [ 532.113861][T16772] do_syscall_64+0x668/0xf80 [ 532.113902][T16772] ? clear_bhb_loop+0x40/0x90 [ 532.113946][T16772] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 532.113982][T16772] RIP: 0033:0x7f9a36b9c799 [ 532.114010][T16772] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 532.114052][T16772] RSP: 002b:00007f9a3798e028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 532.114085][T16772] RAX: 0000000000000000 RBX: 00007f9a36e15fa0 RCX: 00007f9a36b9c799 [ 532.114107][T16772] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 532.114127][T16772] RBP: 00007f9a36c32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 532.114147][T16772] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 532.114168][T16772] R13: 00007f9a36e16038 R14: 00007f9a36e15fa0 R15: 00007fff9846d998 [ 532.114213][T16772] [ 533.918733][T16793] netlink: 330 bytes leftover after parsing attributes in process `syz.4.4118'. [ 534.080053][T16797] netlink: 'syz.5.4117': attribute type 4 has an invalid length. [ 534.926482][T16816] netlink: 146 bytes leftover after parsing attributes in process `syz.5.4123'. [ 539.227964][T16889] zswap: compressor not available [ 539.435557][T16901] netlink: 146 bytes leftover after parsing attributes in process `syz.4.4147'. [ 539.744885][T16909] netlink: 342 bytes leftover after parsing attributes in process `syz.0.4151'. [ 546.826611][T17042] netlink: 302 bytes leftover after parsing attributes in process `syz.0.4194'. [ 547.846989][T17059] Process accounting resumed [ 549.103930][T17081] ACPI: Enabling force_remove is not supported anymore. Please report to linux-acpi@vger.kernel.org if you depend on this functionality [ 549.296122][T17083] netlink: 'syz.2.4203': attribute type 16 has an invalid length. [ 549.395321][T17083] netlink: 306 bytes leftover after parsing attributes in process `syz.2.4203'. [ 551.800029][T17119] netlink: 28 bytes leftover after parsing attributes in process `syz.5.4217'. [ 552.689701][ T30] audit: type=1800 audit(1772840139.458:20): pid=17130 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.4222" name="dbroot" dev="configfs" ino=114012 res=0 errno=0 [ 552.717056][T17130] db_root: cannot open: 0 [ 552.850006][T17136] netlink: 342 bytes leftover after parsing attributes in process `syz.2.4224'. [ 555.367149][T17176] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 555.644517][T17187] netlink: 146 bytes leftover after parsing attributes in process `syz.5.4243'. [ 558.554509][T17034] syz.2.4185 (17034) used greatest stack depth: 20008 bytes left [ 560.125316][T17280] netlink: 'syz.4.4277': attribute type 4 has an invalid length. [ 561.279168][T17312] random: crng reseeded on system resumption [ 561.943270][T17327] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4296'. [ 562.830121][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 562.837537][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 563.685385][T17369] zswap: compressor not available [ 564.493959][T17401] FAULT_INJECTION: forcing a failure. [ 564.493959][T17401] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 564.555268][T17401] CPU: 0 UID: 0 PID: 17401 Comm: syz.4.4321 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 564.555348][T17401] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 564.555366][T17401] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 564.555385][T17401] Call Trace: [ 564.555395][T17401] [ 564.555405][T17401] dump_stack_lvl+0x100/0x190 [ 564.555456][T17401] should_fail_ex.cold+0x5/0xa [ 564.555483][T17401] ? page_copy_sane+0x17c/0x2d0 [ 564.555611][T17401] copy_folio_from_iter_atomic+0x427/0x1e70 [ 564.555647][T17401] ? rcu_is_watching+0x12/0xc0 [ 564.555701][T17401] ? __pfx_copy_folio_from_iter_atomic+0x10/0x10 [ 564.555732][T17401] ? shmem_write_begin+0x1ba/0x420 [ 564.555797][T17401] ? __pfx_shmem_write_begin+0x10/0x10 [ 564.555846][T17401] ? balance_dirty_pages_ratelimited_flags+0x91/0x1170 [ 564.555886][T17401] generic_perform_write+0x4cb/0xa40 [ 564.555941][T17401] ? __pfx_generic_perform_write+0x10/0x10 [ 564.555987][T17401] ? file_update_time_flags+0x373/0x500 [ 564.556028][T17401] shmem_file_write_iter+0x10e/0x140 [ 564.556064][T17401] vfs_write+0x6ac/0x1070 [ 564.556112][T17401] ? __pfx_shmem_file_write_iter+0x10/0x10 [ 564.556147][T17401] ? __pfx_vfs_write+0x10/0x10 [ 564.556214][T17401] ksys_write+0x12a/0x250 [ 564.556239][T17401] ? __pfx_ksys_write+0x10/0x10 [ 564.556276][T17401] do_syscall_64+0x106/0xf80 [ 564.556310][T17401] ? clear_bhb_loop+0x40/0x90 [ 564.556357][T17401] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 564.556386][T17401] RIP: 0033:0x7f9a36b9c799 [ 564.556411][T17401] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 564.556441][T17401] RSP: 002b:00007f9a34df6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 564.556468][T17401] RAX: ffffffffffffffda RBX: 00007f9a36e16090 RCX: 00007f9a36b9c799 [ 564.556488][T17401] RDX: 0000000000100082 RSI: 0000000000000000 RDI: 0000000000000003 [ 564.556505][T17401] RBP: 00007f9a36c32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 564.556523][T17401] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 564.556539][T17401] R13: 00007f9a36e16128 R14: 00007f9a36e16090 R15: 00007fff9846d998 [ 564.556578][T17401] [ 565.303563][T17418] netlink: 326 bytes leftover after parsing attributes in process `syz.0.4338'. [ 566.554051][T17443] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4346'. [ 570.320279][T17529] netlink: 334 bytes leftover after parsing attributes in process `syz.5.4373'. [ 570.655515][T17532] zswap: compressor not available [ 572.090518][T17575] kvm: kvm [17574]: vcpu2, guest rIP: 0xfff0 Unhandled RDMSR(0x40000004) [ 572.329484][T17580] netlink: 342 bytes leftover after parsing attributes in process `syz.0.4391'. [ 572.796380][T17594] netlink: 334 bytes leftover after parsing attributes in process `syz.5.4398'. [ 574.403715][T17617] zswap: compressor not available [ 575.609683][T17640] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4412'. [ 576.854024][T17674] netlink: 28 bytes leftover after parsing attributes in process `syz.5.4424'. [ 577.233859][T17687] i2c i2c-0: Frontend requested software zigzag, but didn't set the frequency step size [ 578.394177][T17701] Process accounting paused [ 579.743181][T17741] zswap: compressor not available [ 580.636905][T17768] netlink: 'syz.0.4459': attribute type 33 has an invalid length. [ 580.658585][T17768] netlink: 322 bytes leftover after parsing attributes in process `syz.0.4459'. [ 580.845976][T17778] netlink: 'syz.2.4463': attribute type 19 has an invalid length. [ 580.865101][T17778] netlink: 334 bytes leftover after parsing attributes in process `syz.2.4463'. [ 580.986016][T17785] netlink: 25 bytes leftover after parsing attributes in process `syz.0.4466'. [ 582.731300][T16480] Bluetooth: hci3: unexpected event 0x3e length: 726 > 260 [ 582.731346][T16480] Bluetooth: hci3: unexpected subevent 0x0e length: 725 > 15 [ 582.748267][T16480] Bluetooth: hci3: Unable to find connection for dst 00:a2:f2:94:be:c8 sid 0x4f [ 583.558972][T16480] Bluetooth: hci4: unexpected event 0x3e length: 726 > 260 [ 583.559022][T16480] Bluetooth: hci4: unexpected subevent 0x0e length: 725 > 15 [ 583.573876][T16480] Bluetooth: hci4: Unable to find connection for dst 00:a2:f2:94:be:c8 sid 0x4f [ 583.766398][T17852] netlink: 342 bytes leftover after parsing attributes in process `syz.5.4489'. [ 584.076826][T17859] netlink: 334 bytes leftover after parsing attributes in process `syz.4.4492'. [ 584.328929][T17866] FAULT_INJECTION: forcing a failure. [ 584.328929][T17866] name failslab, interval 1, probability 0, space 0, times 0 [ 584.366789][T17866] CPU: 1 UID: 0 PID: 17866 Comm: syz.5.4496 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 584.366860][T17866] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 584.366879][T17866] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 584.366897][T17866] Call Trace: [ 584.366907][T17866] [ 584.366919][T17866] dump_stack_lvl+0x100/0x190 [ 584.366973][T17866] should_fail_ex.cold+0x5/0xa [ 584.367012][T17866] ? drm_atomic_state_init+0xf4/0x490 [ 584.367166][T17866] should_failslab+0xc2/0x120 [ 584.367203][T17866] __kmalloc_noprof+0xe0/0x850 [ 584.367263][T17866] drm_atomic_state_init+0xf4/0x490 [ 584.367297][T17866] ? kasan_save_track+0x14/0x30 [ 584.367355][T17866] drm_atomic_state_alloc+0xd3/0x120 [ 584.367391][T17866] drm_client_modeset_commit_atomic+0xcc/0x7e0 [ 584.367489][T17866] ? trace_contention_end+0x140/0x180 [ 584.367540][T17866] ? __mutex_lock+0x26a/0x1b90 [ 584.367586][T17866] ? __mutex_lock+0x26a/0x1b90 [ 584.367629][T17866] ? __pfx_drm_client_modeset_commit_atomic+0x10/0x10 [ 584.367675][T17866] ? drm_master_internal_acquire+0x21/0x80 [ 584.367792][T17866] drm_client_modeset_commit_locked+0x14d/0x580 [ 584.367838][T17866] drm_client_modeset_commit+0x4f/0x80 [ 584.367876][T17866] __drm_fb_helper_restore_fbdev_mode_unlocked.part.0+0x137/0x160 [ 584.367955][T17866] drm_fb_helper_restore_fbdev_mode_unlocked+0x93/0xc0 [ 584.367996][T17866] drm_fbdev_client_restore+0x1b/0x30 [ 584.368071][T17866] ? __pfx_drm_fbdev_client_restore+0x10/0x10 [ 584.368126][T17866] drm_client_dev_restore+0x205/0x2a0 [ 584.368178][T17866] drm_release+0x2c6/0x360 [ 584.368260][T17866] ? __pfx_drm_release+0x10/0x10 [ 584.368299][T17866] __fput+0x3ff/0xb40 [ 584.368352][T17866] task_work_run+0x150/0x240 [ 584.368403][T17866] ? __pfx_task_work_run+0x10/0x10 [ 584.368468][T17866] exit_to_user_mode_loop+0x100/0x4a0 [ 584.368521][T17866] do_syscall_64+0x668/0xf80 [ 584.368562][T17866] ? clear_bhb_loop+0x40/0x90 [ 584.368607][T17866] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 584.368643][T17866] RIP: 0033:0x7f6ae699c799 [ 584.368670][T17866] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 584.368704][T17866] RSP: 002b:00007f6ae7887028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 584.368737][T17866] RAX: 0000000000000000 RBX: 00007f6ae6c15fa0 RCX: 00007f6ae699c799 [ 584.368766][T17866] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 584.368784][T17866] RBP: 00007f6ae6a32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 584.368803][T17866] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 584.368820][T17866] R13: 00007f6ae6c16038 R14: 00007f6ae6c15fa0 R15: 00007fff813035e8 [ 584.368862][T17866] [ 584.373856][T16480] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 584.667194][T16480] Bluetooth: hci0: unexpected subevent 0x0e length: 725 > 15 [ 584.682484][T16480] Bluetooth: hci0: Unable to find connection for dst 00:a2:f2:94:be:c8 sid 0x4f [ 584.802899][T16480] Bluetooth: hci5: Malformed LE Event: 0x0b [ 585.114249][T17885] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 587.039631][T16480] Bluetooth: hci5: unexpected event 0x3e length: 726 > 260 [ 587.039677][T16480] Bluetooth: hci5: unexpected subevent 0x0e length: 725 > 15 [ 587.054848][T16480] Bluetooth: hci5: Unable to find connection for dst 00:a2:f2:94:be:c8 sid 0x4f [ 587.184007][T17913] netlink: 342 bytes leftover after parsing attributes in process `syz.2.4511'. [ 589.520874][T17961] netlink: 334 bytes leftover after parsing attributes in process `syz.5.4529'. [ 590.278141][T17979] vcan0: tx drop: invalid da for name 0x000000000000003f [ 591.334420][T18010] netlink: 334 bytes leftover after parsing attributes in process `syz.4.4551'. [ 591.416674][T18010] netlink: 334 bytes leftover after parsing attributes in process `syz.4.4551'. [ 591.429329][T18014] netlink: 330 bytes leftover after parsing attributes in process `syz.0.4552'. [ 591.863053][T18033] random: crng reseeded on system resumption [ 593.204157][T18057] netlink: 334 bytes leftover after parsing attributes in process `syz.2.4566'. [ 594.139936][T18070] netlink: 334 bytes leftover after parsing attributes in process `syz.0.4580'. [ 594.153209][T18070] netlink: 334 bytes leftover after parsing attributes in process `syz.0.4580'. [ 595.253816][T18089] sg_write: data in/out 65500/90 bytes for SCSI command 0x0-- guessing data in; [ 595.253816][T18089] program syz.2.4579 not setting count and/or reply_len properly [ 596.414246][T18119] FAULT_INJECTION: forcing a failure. [ 596.414246][T18119] name fail_futex, interval 1, probability 0, space 0, times 0 [ 596.432154][T18119] CPU: 0 UID: 0 PID: 18119 Comm: syz.4.4592 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 596.432232][T18119] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 596.432261][T18119] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 596.432282][T18119] Call Trace: [ 596.432293][T18119] [ 596.432306][T18119] dump_stack_lvl+0x100/0x190 [ 596.432370][T18119] should_fail_ex.cold+0x5/0xa [ 596.432412][T18119] get_futex_key+0x1d2/0x1620 [ 596.432461][T18119] ? __pfx_get_futex_key+0x10/0x10 [ 596.432500][T18119] ? rcu_is_watching+0x12/0xc0 [ 596.432552][T18119] ? vfs_writev+0x1d5/0xe10 [ 596.432604][T18119] ? kfree+0x2ec/0x6b0 [ 596.432649][T18119] ? rw_verify_area+0xce/0x6d0 [ 596.432707][T18119] futex_wake+0xea/0x530 [ 596.432761][T18119] ? __pfx_futex_wake+0x10/0x10 [ 596.432833][T18119] do_futex+0x32b/0x350 [ 596.432882][T18119] ? __pfx_do_futex+0x10/0x10 [ 596.432930][T18119] ? __fget_files+0x21f/0x3d0 [ 596.432967][T18119] __x64_sys_futex+0x34f/0x4d0 [ 596.433019][T18119] ? __pfx___x64_sys_futex+0x10/0x10 [ 596.433065][T18119] ? __pfx_do_writev+0x10/0x10 [ 596.433130][T18119] do_syscall_64+0x106/0xf80 [ 596.433174][T18119] ? clear_bhb_loop+0x40/0x90 [ 596.433217][T18119] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 596.433261][T18119] RIP: 0033:0x7f9a36b9c799 [ 596.433291][T18119] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 596.433327][T18119] RSP: 002b:00007f9a3798e0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 596.433360][T18119] RAX: ffffffffffffffda RBX: 00007f9a36e15fa8 RCX: 00007f9a36b9c799 [ 596.433383][T18119] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f9a36e15fac [ 596.433404][T18119] RBP: 00007f9a36e15fa0 R08: 0000000000000000 R09: 0000000000000000 [ 596.433425][T18119] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000 [ 596.433452][T18119] R13: 00007f9a36e16038 R14: 00007fff9846d8b0 R15: 00007fff9846d998 [ 596.433495][T18119] [ 597.682322][T18143] sg_write: data in/out 1886744398/84 bytes for SCSI command 0x72-- guessing data in; [ 597.682322][T18143] program syz.4.4601 not setting count and/or reply_len properly [ 597.909477][T18149] netlink: 302 bytes leftover after parsing attributes in process `syz.2.4604'. [ 598.137803][T18158] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 598.488197][T18168] netlink: 342 bytes leftover after parsing attributes in process `syz.4.4612'. [ 599.407489][T18185] mkiss: ax0: crc mode is auto. [ 599.445840][T18188] netlink: 334 bytes leftover after parsing attributes in process `syz.0.4620'. [ 599.840954][T18196] mkiss: ax0: crc mode is auto. [ 600.251499][T18210] netlink: 342 bytes leftover after parsing attributes in process `syz.0.4627'. [ 600.282494][T18210] IPv6: NLM_F_CREATE should be specified when creating new route [ 600.312857][T18210] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 600.321281][T18210] IPv6: NLM_F_CREATE should be set when creating new route [ 600.328616][T18210] IPv6: NLM_F_CREATE should be set when creating new route [ 600.336705][T18211] netlink: 342 bytes leftover after parsing attributes in process `syz.0.4627'. [ 600.356381][T18211] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 601.098689][T18231] FAULT_INJECTION: forcing a failure. [ 601.098689][T18231] name failslab, interval 1, probability 0, space 0, times 0 [ 601.135480][T18231] CPU: 0 UID: 0 PID: 18231 Comm: syz.4.4636 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 601.135552][T18231] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 601.135572][T18231] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 601.135592][T18231] Call Trace: [ 601.135604][T18231] [ 601.135616][T18231] dump_stack_lvl+0x100/0x190 [ 601.135674][T18231] should_fail_ex.cold+0x5/0xa [ 601.135714][T18231] should_failslab+0xc2/0x120 [ 601.135751][T18231] __kmalloc_cache_noprof+0x7a/0x6f0 [ 601.135795][T18231] ? mon_text_open+0x1d9/0x510 [ 601.135981][T18231] ? lockdep_init_map_type+0x5c/0x250 [ 601.136034][T18231] ? __pfx_mon_text_open+0x10/0x10 [ 601.136081][T18231] mon_text_open+0x1d9/0x510 [ 601.136130][T18231] ? __pfx_mon_text_open+0x10/0x10 [ 601.136178][T18231] ? __debugfs_file_get+0x1fc/0x860 [ 601.136270][T18231] ? __pfx___debugfs_file_get+0x10/0x10 [ 601.136313][T18231] ? __pfx_apparmor_file_open+0x10/0x10 [ 601.136364][T18231] ? lockdown_is_locked_down+0x3d/0x140 [ 601.136482][T18231] ? bpf_lsm_locked_down+0x9/0x10 [ 601.136528][T18231] ? __pfx_mon_text_open+0x10/0x10 [ 601.136576][T18231] full_proxy_open_regular+0x1b6/0x370 [ 601.136630][T18231] do_dentry_open+0x6d8/0x1660 [ 601.136664][T18231] ? __pfx_full_proxy_open_regular+0x10/0x10 [ 601.136724][T18231] vfs_open+0x82/0x3f0 [ 601.136774][T18231] path_openat+0x208c/0x31a0 [ 601.136826][T18231] ? __pfx_path_openat+0x10/0x10 [ 601.136876][T18231] do_file_open+0x20e/0x430 [ 601.136917][T18231] ? __pfx_do_file_open+0x10/0x10 [ 601.136985][T18231] ? alloc_fd+0x476/0x790 [ 601.137024][T18231] ? do_getname+0x191/0x390 [ 601.137071][T18231] do_sys_openat2+0x10d/0x1e0 [ 601.137116][T18231] ? __pfx_do_sys_openat2+0x10/0x10 [ 601.137167][T18231] ? __fget_files+0x21f/0x3d0 [ 601.137208][T18231] __x64_sys_openat+0x12d/0x210 [ 601.137258][T18231] ? __pfx___x64_sys_openat+0x10/0x10 [ 601.137323][T18231] do_syscall_64+0x106/0xf80 [ 601.137365][T18231] ? clear_bhb_loop+0x40/0x90 [ 601.137423][T18231] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 601.137459][T18231] RIP: 0033:0x7f9a36b9c799 [ 601.137486][T18231] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 601.137519][T18231] RSP: 002b:00007f9a3798e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 601.137553][T18231] RAX: ffffffffffffffda RBX: 00007f9a36e15fa0 RCX: 00007f9a36b9c799 [ 601.137575][T18231] RDX: 0000000000080080 RSI: 0000200000000280 RDI: ffffffffffffff9c [ 601.137598][T18231] RBP: 00007f9a36c32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 601.137631][T18231] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 601.137651][T18231] R13: 00007f9a36e16038 R14: 00007f9a36e15fa0 R15: 00007fff9846d998 [ 601.137695][T18231] [ 603.240800][T18268] ERROR: Out of memory at tomoyo_memory_ok. [ 604.422445][T18292] netlink: 'syz.0.4658': attribute type 4 has an invalid length. [ 605.411407][T18313] netlink: 130 bytes leftover after parsing attributes in process `syz.5.4667'. [ 605.676163][T18311] netlink: 146 bytes leftover after parsing attributes in process `syz.2.4666'. [ 606.165399][T18327] netlink: 'syz.2.4672': attribute type 4 has an invalid length. [ 606.187921][T18327] netlink: 'syz.2.4672': attribute type 4 has an invalid length. [ 606.210683][T18329] netlink: 25 bytes leftover after parsing attributes in process `syz.4.4673'. [ 607.416913][T18347] netlink: 146 bytes leftover after parsing attributes in process `syz.0.4678'. [ 607.536716][T18349] mkiss: ax0: crc mode is auto. [ 607.968297][T18366] netlink: 'syz.2.4684': attribute type 28 has an invalid length. [ 608.025053][T18366] netlink: 334 bytes leftover after parsing attributes in process `syz.2.4684'. [ 608.402923][T18367] Process accounting resumed [ 609.235962][T18396] netlink: 338 bytes leftover after parsing attributes in process `syz.0.4697'. [ 610.184846][T18416] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 610.966370][T18440] : renamed from bond0 (while UP) [ 611.088683][T18444] zswap: compressor not available [ 611.201169][T18451] netlink: 334 bytes leftover after parsing attributes in process `syz.2.4715'. [ 611.905499][T18475] ERROR: Out of memory at tomoyo_memory_ok. [ 612.052928][T18481] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4728'. [ 613.422741][T18507] netlink: 74 bytes leftover after parsing attributes in process `syz.0.4738'. [ 613.620685][T18512] zswap: compressor not available [ 613.827489][T18524] netlink: 'syz.4.4743': attribute type 29 has an invalid length. [ 613.844829][T18520] netlink: 146 bytes leftover after parsing attributes in process `syz.0.4741'. [ 613.855160][T18524] netlink: 334 bytes leftover after parsing attributes in process `syz.4.4743'. [ 614.117285][T18532] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4747'. [ 616.746646][T18610] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4774'. [ 618.569130][T18658] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4790'. [ 619.766894][T18679] mkiss: ax0: crc mode is auto. [ 620.431773][T18703] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4806'. [ 620.461158][T18705] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 622.794782][T18775] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4832'. [ 622.830451][T18775] netlink: 17 bytes leftover after parsing attributes in process `syz.4.4832'. [ 623.383926][T18798] netlink: 342 bytes leftover after parsing attributes in process `syz.2.4845'. [ 623.591970][T18803] netlink: 334 bytes leftover after parsing attributes in process `syz.5.4848'. [ 623.644879][T18805] FAULT_INJECTION: forcing a failure. [ 623.644879][T18805] name failslab, interval 1, probability 0, space 0, times 0 [ 623.685095][T18805] CPU: 0 UID: 0 PID: 18805 Comm: syz.4.4847 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 623.685166][T18805] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 623.685186][T18805] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 623.685205][T18805] Call Trace: [ 623.685216][T18805] [ 623.685228][T18805] dump_stack_lvl+0x100/0x190 [ 623.685287][T18805] should_fail_ex.cold+0x5/0xa [ 623.685323][T18805] ? lsm_blob_alloc+0x68/0x90 [ 623.685360][T18805] should_failslab+0xc2/0x120 [ 623.685390][T18805] __kmalloc_noprof+0xe0/0x850 [ 623.685435][T18805] ? trace_kmem_cache_alloc+0xf3/0x120 [ 623.685475][T18805] lsm_blob_alloc+0x68/0x90 [ 623.685509][T18805] security_sk_alloc+0x2d/0x290 [ 623.685565][T18805] sk_prot_alloc+0x1d1/0x2a0 [ 623.685758][T18805] sk_alloc+0x36/0xe80 [ 623.685932][T18805] inet_create+0x3a0/0x1060 [ 623.686140][T18805] ? inet_create+0x94/0x1060 [ 623.686303][T18805] __sock_create+0x339/0x860 [ 623.686490][T18805] udp_sock_create4+0xa6/0x450 [ 623.686689][T18805] ? __pfx_udp_sock_create4+0x10/0x10 [ 623.686814][T18805] ? lockdep_hardirqs_on+0x78/0x100 [ 623.686919][T18805] ? crng_make_state+0x2b0/0x6c0 [ 623.687154][T18805] rxrpc_open_socket+0x4ef/0x6b0 [ 623.687456][T18805] ? __pfx_rxrpc_open_socket+0x10/0x10 [ 623.687645][T18805] ? rcu_is_watching+0x12/0xc0 [ 623.687795][T18805] rxrpc_lookup_local+0xac7/0x1220 [ 623.687951][T18805] ? __pfx_rxrpc_lookup_local+0x10/0x10 [ 623.688111][T18805] ? __local_bh_enable_ip+0x9e/0x120 [ 623.688240][T18805] rxrpc_sendmsg+0x34a/0x680 [ 623.688409][T18805] sock_write_iter+0x524/0x5a0 [ 623.688538][T18805] ? __pfx_rxrpc_sendmsg+0x10/0x10 [ 623.688656][T18805] ? __pfx_sock_write_iter+0x10/0x10 [ 623.688859][T18805] ? bpf_lsm_file_permission+0x9/0x10 [ 623.688996][T18805] ? security_file_permission+0x76/0x210 [ 623.689085][T18805] ? rw_verify_area+0xce/0x6d0 [ 623.689220][T18805] vfs_write+0x6ac/0x1070 [ 623.689364][T18805] ? __pfx_sock_write_iter+0x10/0x10 [ 623.689508][T18805] ? __pfx_vfs_write+0x10/0x10 [ 623.689655][T18805] ? find_held_lock+0x2b/0x80 [ 623.689801][T18805] ksys_write+0x1f8/0x250 [ 623.689881][T18805] ? __pfx_ksys_write+0x10/0x10 [ 623.689985][T18805] do_syscall_64+0x106/0xf80 [ 623.690088][T18805] ? clear_bhb_loop+0x40/0x90 [ 623.690223][T18805] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 623.690323][T18805] RIP: 0033:0x7f9a36b9c799 [ 623.690397][T18805] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 623.690488][T18805] RSP: 002b:00007f9a3798e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 623.690580][T18805] RAX: ffffffffffffffda RBX: 00007f9a36e15fa0 RCX: 00007f9a36b9c799 [ 623.690642][T18805] RDX: 00000000fffffdef RSI: 0000000000000000 RDI: 0000000000000003 [ 623.690695][T18805] RBP: 00007f9a36c32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 623.690749][T18805] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 623.690809][T18805] R13: 00007f9a36e16038 R14: 00007f9a36e15fa0 R15: 00007fff9846d998 [ 623.690922][T18805] [ 623.839807][T18809] netlink: 334 bytes leftover after parsing attributes in process `syz.2.4850'. [ 624.268277][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.268403][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 625.210355][T18845] FAULT_INJECTION: forcing a failure. [ 625.210355][T18845] name failslab, interval 1, probability 0, space 0, times 0 [ 625.288014][T18845] CPU: 0 UID: 0 PID: 18845 Comm: syz.4.4864 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 625.288089][T18845] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 625.288110][T18845] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 625.288131][T18845] Call Trace: [ 625.288142][T18845] [ 625.288156][T18845] dump_stack_lvl+0x100/0x190 [ 625.288236][T18845] should_fail_ex.cold+0x5/0xa [ 625.288278][T18845] should_failslab+0xc2/0x120 [ 625.288315][T18845] __kvmalloc_node_noprof+0xfa/0xa00 [ 625.288372][T18845] ? v4l2_ctrl_new+0x4a6/0x23a0 [ 625.288502][T18845] ? register_lock_class+0x40/0x560 [ 625.288560][T18845] v4l2_ctrl_new+0x4a6/0x23a0 [ 625.288634][T18845] ? __pfx_v4l2_ctrl_new+0x10/0x10 [ 625.288681][T18845] ? lock_acquire+0x1cf/0x380 [ 625.288732][T18845] ? rcu_is_watching+0x12/0xc0 [ 625.288789][T18845] v4l2_ctrl_new_std+0x1bb/0x290 [ 625.288850][T18845] ? __pfx_v4l2_ctrl_new_std+0x10/0x10 [ 625.288907][T18845] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 625.288967][T18845] ? __asan_memset+0x23/0x50 [ 625.289017][T18845] ? __asan_memcpy+0x3c/0x60 [ 625.289065][T18845] ? find_ref+0x209/0x420 [ 625.289113][T18845] handler_new_ref+0x82f/0xc60 [ 625.289172][T18845] v4l2_ctrl_new+0xe67/0x23a0 [ 625.289234][T18845] ? __pfx_v4l2_ctrl_new+0x10/0x10 [ 625.289301][T18845] v4l2_ctrl_new_std+0x1bb/0x290 [ 625.289362][T18845] ? __pfx_v4l2_ctrl_new_std+0x10/0x10 [ 625.289413][T18845] ? trace_kmalloc+0x101/0x130 [ 625.289459][T18845] ? __kasan_kmalloc+0xaa/0xb0 [ 625.289505][T18845] ? v4l2_ctrl_handler_init_class+0x201/0x350 [ 625.289544][T18845] ? lockdep_set_lock_cmp_fn+0x60/0xe0 [ 625.289585][T18845] ? media_request_object_init+0x105/0x180 [ 625.289657][T18845] vim2m_open+0x140/0x830 [ 625.289744][T18845] v4l2_open+0x1d2/0x490 [ 625.289785][T18845] ? __pfx_v4l2_open+0x10/0x10 [ 625.289824][T18845] chrdev_open+0x234/0x6a0 [ 625.289852][T18845] ? __pfx_apparmor_file_open+0x10/0x10 [ 625.289895][T18845] ? __pfx_chrdev_open+0x10/0x10 [ 625.289932][T18845] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 625.289969][T18845] do_dentry_open+0x6d8/0x1660 [ 625.289996][T18845] ? __pfx_chrdev_open+0x10/0x10 [ 625.290035][T18845] vfs_open+0x82/0x3f0 [ 625.290074][T18845] path_openat+0x208c/0x31a0 [ 625.290115][T18845] ? __pfx_path_openat+0x10/0x10 [ 625.290157][T18845] do_file_open+0x20e/0x430 [ 625.290189][T18845] ? __pfx_do_file_open+0x10/0x10 [ 625.290242][T18845] ? alloc_fd+0x476/0x790 [ 625.290272][T18845] ? do_getname+0x191/0x390 [ 625.290311][T18845] do_sys_openat2+0x10d/0x1e0 [ 625.290349][T18845] ? __pfx_do_sys_openat2+0x10/0x10 [ 625.290399][T18845] __x64_sys_openat+0x12d/0x210 [ 625.290439][T18845] ? __pfx___x64_sys_openat+0x10/0x10 [ 625.290491][T18845] do_syscall_64+0x106/0xf80 [ 625.290524][T18845] ? clear_bhb_loop+0x40/0x90 [ 625.290560][T18845] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 625.290589][T18845] RIP: 0033:0x7f9a36b9c799 [ 625.290614][T18845] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 625.290641][T18845] RSP: 002b:00007f9a3798e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 625.290669][T18845] RAX: ffffffffffffffda RBX: 00007f9a36e15fa0 RCX: 00007f9a36b9c799 [ 625.290688][T18845] RDX: 000000000002aa01 RSI: 0000200000000180 RDI: ffffffffffffff9c [ 625.290706][T18845] RBP: 00007f9a36c32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 625.290723][T18845] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 625.290741][T18845] R13: 00007f9a36e16038 R14: 00007f9a36e15fa0 R15: 00007fff9846d998 [ 625.290778][T18845] [ 626.047550][T18852] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4866'. [ 629.205520][T18934] FAULT_INJECTION: forcing a failure. [ 629.205520][T18934] name failslab, interval 1, probability 0, space 0, times 0 [ 629.265044][T18934] CPU: 0 UID: 0 PID: 18934 Comm: syz.5.4896 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 629.265118][T18934] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 629.265138][T18934] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 629.265158][T18934] Call Trace: [ 629.265168][T18934] [ 629.265181][T18934] dump_stack_lvl+0x100/0x190 [ 629.265238][T18934] should_fail_ex.cold+0x5/0xa [ 629.265281][T18934] should_failslab+0xc2/0x120 [ 629.265318][T18934] __kmalloc_cache_noprof+0x7a/0x6f0 [ 629.265361][T18934] ? __do_sys_timerfd_create+0x1c9/0x3f0 [ 629.265415][T18934] __do_sys_timerfd_create+0x1c9/0x3f0 [ 629.265458][T18934] ? do_syscall_64+0x95/0xf80 [ 629.265501][T18934] do_syscall_64+0x106/0xf80 [ 629.265562][T18934] ? clear_bhb_loop+0x40/0x90 [ 629.265606][T18934] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 629.265641][T18934] RIP: 0033:0x7f6ae699c799 [ 629.265667][T18934] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 629.265710][T18934] RSP: 002b:00007f6ae7887028 EFLAGS: 00000246 ORIG_RAX: 000000000000011b [ 629.265744][T18934] RAX: ffffffffffffffda RBX: 00007f6ae6c15fa0 RCX: 00007f6ae699c799 [ 629.265766][T18934] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000007 [ 629.265786][T18934] RBP: 00007f6ae6a32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 629.265807][T18934] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 629.265827][T18934] R13: 00007f6ae6c16038 R14: 00007f6ae6c15fa0 R15: 00007fff813035e8 [ 629.265872][T18934] [ 629.797454][T18941] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 630.089548][T18966] netlink: 'syz.4.4902': attribute type 19 has an invalid length. [ 630.101800][T18966] netlink: 334 bytes leftover after parsing attributes in process `syz.4.4902'. [ 630.610226][T18976] ERROR: Out of memory at tomoyo_memory_ok. [ 630.681063][T18981] netlink: 334 bytes leftover after parsing attributes in process `syz.2.4909'. [ 631.718928][T19009] FAULT_INJECTION: forcing a failure. [ 631.718928][T19009] name failslab, interval 1, probability 0, space 0, times 0 [ 631.785173][T19009] CPU: 1 UID: 0 PID: 19009 Comm: syz.5.4915 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 631.785249][T19009] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 631.785269][T19009] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 631.785290][T19009] Call Trace: [ 631.785302][T19009] [ 631.785314][T19009] dump_stack_lvl+0x100/0x190 [ 631.785375][T19009] should_fail_ex.cold+0x5/0xa [ 631.785417][T19009] should_failslab+0xc2/0x120 [ 631.785454][T19009] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 631.785507][T19009] ? security_inode_alloc+0x3b/0x2c0 [ 631.785561][T19009] ? lockdep_init_map_type+0x5c/0x250 [ 631.785615][T19009] security_inode_alloc+0x3b/0x2c0 [ 631.785671][T19009] inode_init_always_gfp+0xced/0x1040 [ 631.785714][T19009] alloc_inode+0x8e/0x250 [ 631.785759][T19009] new_inode+0x22/0x1c0 [ 631.785809][T19009] proc_pid_make_inode+0x22/0x160 [ 631.785874][T19009] proc_ns_dir_lookup+0x25b/0x390 [ 631.785940][T19009] lookup_open.isra.0+0x631/0x11b0 [ 631.785999][T19009] ? __pfx_lookup_open.isra.0+0x10/0x10 [ 631.786070][T19009] ? mnt_get_write_access+0x1e9/0x2f0 [ 631.786124][T19009] path_openat+0xa98/0x31a0 [ 631.786173][T19009] ? __pfx_path_openat+0x10/0x10 [ 631.786222][T19009] do_file_open+0x20e/0x430 [ 631.786258][T19009] ? __pfx_do_file_open+0x10/0x10 [ 631.786308][T19009] ? __pfx_kfree_link+0x10/0x10 [ 631.786365][T19009] ? alloc_fd+0x476/0x790 [ 631.786401][T19009] ? do_getname+0x191/0x390 [ 631.786445][T19009] do_sys_openat2+0x10d/0x1e0 [ 631.786490][T19009] ? __pfx_do_sys_openat2+0x10/0x10 [ 631.786569][T19009] __x64_sys_openat+0x12d/0x210 [ 631.786616][T19009] ? __pfx___x64_sys_openat+0x10/0x10 [ 631.786666][T19009] ? do_user_addr_fault+0x8d6/0x12f0 [ 631.786730][T19009] do_syscall_64+0x106/0xf80 [ 631.786771][T19009] ? clear_bhb_loop+0x40/0x90 [ 631.786817][T19009] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 631.786854][T19009] RIP: 0033:0x7f6ae695cfce [ 631.786891][T19009] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 631.786921][T19009] RSP: 002b:00007f6ae7886ec8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 631.786951][T19009] RAX: ffffffffffffffda RBX: 00007f6ae78876c0 RCX: 00007f6ae695cfce [ 631.786970][T19009] RDX: 0000000000000002 RSI: 00007f6ae7886f90 RDI: ffffffffffffff9c [ 631.786989][T19009] RBP: 00007f6ae6a32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 631.787007][T19009] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 631.787025][T19009] R13: 00007f6ae6c16038 R14: 00007f6ae6c15fa0 R15: 00007fff813035e8 [ 631.787064][T19009] [ 632.309847][T19014] netlink: 'syz.0.4917': attribute type 1 has an invalid length. [ 632.335195][T19014] netlink: 318 bytes leftover after parsing attributes in process `syz.0.4917'. [ 634.532984][T19048] netlink: 322 bytes leftover after parsing attributes in process `syz.0.4937'. [ 635.599847][T19075] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4939'. [ 635.620676][T19075] netlink: 'syz.0.4939': attribute type 7 has an invalid length. [ 635.947997][T19079] netlink: 'syz.0.4940': attribute type 27 has an invalid length. [ 635.965707][T19079] netlink: 334 bytes leftover after parsing attributes in process `syz.0.4940'. [ 636.575062][ T5834] Bluetooth: hci4: command 0x0406 tx timeout [ 636.737746][T19093] netlink: 342 bytes leftover after parsing attributes in process `syz.4.4946'. [ 637.174632][T19099] netlink: 'syz.0.4948': attribute type 64 has an invalid length. [ 637.215548][T19099] netlink: 74 bytes leftover after parsing attributes in process `syz.0.4948'. [ 637.937006][T19117] netlink: 322 bytes leftover after parsing attributes in process `syz.4.4955'. [ 638.088147][T19121] netlink: 334 bytes leftover after parsing attributes in process `syz.4.4956'. [ 638.888383][T19129] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4965'. [ 639.962680][T19125] Process accounting paused [ 641.496290][T19162] netlink: 146 bytes leftover after parsing attributes in process `syz.2.4970'. [ 643.196290][T19211] netlink: set zone limit has 8 unknown bytes [ 643.282392][T19211] netlink: set zone limit has 8 unknown bytes [ 643.592654][T19216] FAULT_INJECTION: forcing a failure. [ 643.592654][T19216] name failslab, interval 1, probability 0, space 0, times 0 [ 643.618617][T19216] CPU: 1 UID: 0 PID: 19216 Comm: syz.5.4988 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 643.618691][T19216] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 643.618711][T19216] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 643.618731][T19216] Call Trace: [ 643.618741][T19216] [ 643.618755][T19216] dump_stack_lvl+0x100/0x190 [ 643.618813][T19216] should_fail_ex.cold+0x5/0xa [ 643.618852][T19216] should_failslab+0xc2/0x120 [ 643.618888][T19216] __kmalloc_cache_noprof+0x7a/0x6f0 [ 643.618933][T19216] ? __io_uring_add_tctx_node+0x16f/0x3b0 [ 643.619067][T19216] ? alloc_file_pseudo+0x1a5/0x230 [ 643.619117][T19216] __io_uring_add_tctx_node+0x16f/0x3b0 [ 643.619189][T19216] ? __pfx___io_uring_add_tctx_node+0x10/0x10 [ 643.619249][T19216] ? __anon_inode_getfile+0x17c/0x280 [ 643.619295][T19216] io_uring_setup.cold+0x1a25/0x1d09 [ 643.619355][T19216] ? __pfx_io_uring_setup+0x10/0x10 [ 643.619404][T19216] ? __pfx_do_futex+0x10/0x10 [ 643.619471][T19216] ? xfd_validate_state+0x129/0x190 [ 643.619543][T19216] __x64_sys_io_uring_setup+0xc2/0x170 [ 643.619587][T19216] do_syscall_64+0x106/0xf80 [ 643.619630][T19216] ? clear_bhb_loop+0x40/0x90 [ 643.619674][T19216] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 643.619711][T19216] RIP: 0033:0x7f6ae699c799 [ 643.619741][T19216] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 643.619774][T19216] RSP: 002b:00007f6ae7887028 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 643.619807][T19216] RAX: ffffffffffffffda RBX: 00007f6ae6c15fa0 RCX: 00007f6ae699c799 [ 643.619829][T19216] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006 [ 643.619849][T19216] RBP: 00007f6ae6a32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 643.619869][T19216] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 643.619888][T19216] R13: 00007f6ae6c16038 R14: 00007f6ae6c15fa0 R15: 00007fff813035e8 [ 643.619932][T19216] [ 645.119234][T19245] netlink: 334 bytes leftover after parsing attributes in process `syz.2.4999'. [ 645.641813][T19251] FAULT_INJECTION: forcing a failure. [ 645.641813][T19251] name failslab, interval 1, probability 0, space 0, times 0 [ 645.700866][T19251] CPU: 1 UID: 0 PID: 19251 Comm: syz.4.5000 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 645.700941][T19251] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 645.700962][T19251] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 645.700982][T19251] Call Trace: [ 645.700994][T19251] [ 645.701007][T19251] dump_stack_lvl+0x100/0x190 [ 645.701086][T19251] should_fail_ex.cold+0x5/0xa [ 645.701125][T19251] should_failslab+0xc2/0x120 [ 645.701161][T19251] __kmalloc_cache_noprof+0x7a/0x6f0 [ 645.701205][T19251] ? __io_uring_add_tctx_node+0x16f/0x3b0 [ 645.701264][T19251] ? alloc_file_pseudo+0x1a5/0x230 [ 645.701313][T19251] __io_uring_add_tctx_node+0x16f/0x3b0 [ 645.701368][T19251] ? __pfx___io_uring_add_tctx_node+0x10/0x10 [ 645.701424][T19251] ? __anon_inode_getfile+0x17c/0x280 [ 645.701468][T19251] io_uring_setup.cold+0x1a25/0x1d09 [ 645.701525][T19251] ? __pfx_io_uring_setup+0x10/0x10 [ 645.701572][T19251] ? __pfx_do_futex+0x10/0x10 [ 645.701635][T19251] ? xfd_validate_state+0x129/0x190 [ 645.701695][T19251] __x64_sys_io_uring_setup+0xc2/0x170 [ 645.701737][T19251] do_syscall_64+0x106/0xf80 [ 645.701778][T19251] ? clear_bhb_loop+0x40/0x90 [ 645.701819][T19251] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 645.701854][T19251] RIP: 0033:0x7f9a36b9c799 [ 645.701882][T19251] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 645.701914][T19251] RSP: 002b:00007f9a3798e028 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 645.701945][T19251] RAX: ffffffffffffffda RBX: 00007f9a36e15fa0 RCX: 00007f9a36b9c799 [ 645.701967][T19251] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006 [ 645.701987][T19251] RBP: 00007f9a36c32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 645.702007][T19251] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 645.702026][T19251] R13: 00007f9a36e16038 R14: 00007f9a36e15fa0 R15: 00007fff9846d998 [ 645.702067][T19251] [ 646.100077][T19249] ERROR: Out of memory at tomoyo_memory_ok. [ 646.819411][T16480] Bluetooth: hci5: command 0x0406 tx timeout [ 648.357141][T19295] netlink: 342 bytes leftover after parsing attributes in process `syz.0.5012'. [ 655.619151][ T31] INFO: task syz-executor:10889 blocked for more than 143 seconds. [ 655.638926][ T31] Tainted: G U W L XTNJ syzkaller #0 [ 655.658839][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 655.703822][ T31] task:syz-executor state:D stack:23032 pid:10889 tgid:10889 ppid:1 task_flags:0x400140 flags:0x00080002 [ 655.771272][ T31] Call Trace: [ 655.774643][ T31] [ 655.778005][ T31] __schedule+0xfee/0x6120 [ 655.782518][ T31] ? __lock_acquire+0x4a5/0x2630 [ 655.815318][ T31] ? __pfx___schedule+0x10/0x10 [ 655.835041][ T31] ? find_held_lock+0x2b/0x80 [ 655.845002][ T31] ? schedule+0x2bf/0x390 [ 655.849879][ T31] schedule+0xdd/0x390 [ 655.854104][ T31] schedule_preempt_disabled+0x13/0x30 [ 655.870867][ T31] __mutex_lock+0xc9a/0x1b90 [ 655.885046][ T31] ? nfsd_shutdown_threads+0x5b/0xf0 [ 655.890899][ T31] ? __lock_acquire+0x4a5/0x2630 [ 655.900830][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 655.917411][ T31] ? net_generic+0xea/0x2a0 [ 655.932272][ T31] ? net_generic+0xea/0x2a0 [ 655.941645][ T31] ? nfsd_shutdown_threads+0x5b/0xf0 [ 655.958397][ T31] nfsd_shutdown_threads+0x5b/0xf0 [ 655.963626][ T31] nfsd_umount+0x3b/0x60 [ 655.983438][ T31] deactivate_locked_super+0xc1/0x1b0 [ 656.005188][ T31] deactivate_super+0xe7/0x110 [ 656.020710][ T31] cleanup_mnt+0x21f/0x450 [ 656.030859][ T31] task_work_run+0x150/0x240 [ 656.045568][ T31] ? __pfx_task_work_run+0x10/0x10 [ 656.050807][ T31] exit_to_user_mode_loop+0x100/0x4a0 [ 656.072719][ T31] do_syscall_64+0x668/0xf80 [ 656.077566][ T31] ? clear_bhb_loop+0x40/0x90 [ 656.088160][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 656.110002][ T31] RIP: 0033:0x7f3476d9d9d7 [ 656.119840][ T31] RSP: 002b:00007ffd8c251008 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 656.136285][ T31] RAX: 0000000000000000 RBX: 00007f3476e31f90 RCX: 00007f3476d9d9d7 [ 656.144503][ T31] RDX: 0000000000000004 RSI: 0000000000000009 RDI: 00007ffd8c252150 [ 656.165128][ T31] RBP: 00007ffd8c25213c R08: 0000000000000000 R09: 0000000000000000 [ 656.194971][ T31] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd8c252150 [ 656.203081][ T31] R13: 00007f3476e31f90 R14: 000000000007b38c R15: 00007ffd8c252190 [ 656.222069][ T31] [ 656.225275][ T31] INFO: task syz.3.3949:16272 blocked for more than 143 seconds. [ 656.233057][ T31] Tainted: G U W L XTNJ syzkaller #0 [ 656.266585][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 656.324979][ T31] task:syz.3.3949 state:D stack:28144 pid:16272 tgid:16267 ppid:5822 task_flags:0x400140 flags:0x00080002 [ 656.375094][ T31] Call Trace: [ 656.378466][ T31] [ 656.381446][ T31] __schedule+0xfee/0x6120 [ 656.425126][ T31] ? __lock_acquire+0x4a5/0x2630 [ 656.445040][ T31] ? kasan_save_stack+0x30/0x50 [ 656.450025][ T31] ? __pfx___schedule+0x10/0x10 [ 656.482830][ T31] ? find_held_lock+0x2b/0x80 [ 656.497428][ T31] ? schedule+0x2bf/0x390 [ 656.501864][ T31] schedule+0xdd/0x390 [ 656.517105][ T31] schedule_preempt_disabled+0x13/0x30 [ 656.523555][ T31] __mutex_lock+0xc9a/0x1b90 [ 656.545006][ T31] ? nfsd_nl_threads_set_doit+0x6c1/0xc00 [ 656.550839][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 656.575008][ T31] ? net_generic+0xea/0x2a0 [ 656.579630][ T31] ? net_generic+0xea/0x2a0 [ 656.584220][ T31] ? nfsd_nl_threads_set_doit+0x6c1/0xc00 [ 656.606764][ T31] nfsd_nl_threads_set_doit+0x6c1/0xc00 [ 656.612427][ T31] genl_family_rcv_msg_doit+0x214/0x300 [ 656.655025][ T31] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 656.661235][ T31] ? genl_get_cmd+0x3ef/0x720 [ 656.676039][ T31] ? bpf_lsm_capable+0x9/0x10 [ 656.680807][ T31] ? security_capable+0x80/0x260 [ 656.705048][ T31] genl_rcv_msg+0x560/0x800 [ 656.709682][ T31] ? __pfx_genl_rcv_msg+0x10/0x10 [ 656.714804][ T31] ? __pfx_nfsd_nl_threads_set_doit+0x10/0x10 [ 656.755124][ T31] netlink_rcv_skb+0x159/0x420 [ 656.760004][ T31] ? __pfx_genl_rcv_msg+0x10/0x10 [ 656.794985][ T31] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 656.800408][ T31] ? netlink_deliver_tap+0x1ae/0xcc0 [ 656.815274][ T31] genl_rcv+0x28/0x40 [ 656.819372][ T31] netlink_unicast+0x5aa/0x870 [ 656.845198][ T31] ? __pfx_netlink_unicast+0x10/0x10 [ 656.850610][ T31] netlink_sendmsg+0x8b0/0xda0 [ 656.875552][ T31] ? __pfx_netlink_sendmsg+0x10/0x10 [ 656.880943][ T31] ? __import_iovec+0x1d2/0x640 [ 656.886224][ T31] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 656.891938][ T31] ____sys_sendmsg+0x9e1/0xb70 [ 656.912011][ T31] ? __pfx_netlink_sendmsg+0x10/0x10 [ 656.921102][ T31] ? __pfx_____sys_sendmsg+0x10/0x10 [ 656.936669][ T31] ? kasan_quarantine_put+0x104/0x240 [ 656.942158][ T31] ? lockdep_hardirqs_on+0x78/0x100 [ 656.954462][ T31] ___sys_sendmsg+0x190/0x1e0 [ 656.975109][ T31] ? __pfx____sys_sendmsg+0x10/0x10 [ 656.980423][ T31] ? tomoyo_path_number_perm+0x188/0x580 [ 656.988598][ T31] __sys_sendmsg+0x170/0x220 [ 656.993278][ T31] ? __pfx___sys_sendmsg+0x10/0x10 [ 656.998750][ T31] ? rcu_is_watching+0x12/0xc0 [ 657.003597][ T31] ? kcov_ioctl+0x16a/0x720 [ 657.008540][ T31] do_syscall_64+0x106/0xf80 [ 657.013266][ T31] ? clear_bhb_loop+0x40/0x90 [ 657.018309][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 657.024267][ T31] RIP: 0033:0x7f7dfed9c799 [ 657.035201][ T31] RSP: 002b:00007f7dffc1c028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 657.043694][ T31] RAX: ffffffffffffffda RBX: 00007f7dff016090 RCX: 00007f7dfed9c799 [ 657.053724][ T31] RDX: 000000000000c000 RSI: 0000200000000480 RDI: 0000000000000003 [ 657.062006][ T31] RBP: 00007f7dfee32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 657.070282][ T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 657.080654][ T31] R13: 00007f7dff016128 R14: 00007f7dff016090 R15: 00007ffcb0480838 [ 657.089079][ T31] [ 657.092284][ T31] [ 657.092284][ T31] Showing all locks held in the system: [ 657.100407][ T31] 2 locks held by ksoftirqd/0/15: [ 657.115227][ T31] 1 lock held by khungtaskd/31: [ 657.120161][ T31] #0: ffffffff8e7e9220 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x3d/0x184 [ 657.195140][ T31] 4 locks held by kworker/u8:2/33: [ 657.200403][ T31] 2 locks held by getty/5579: [ 657.215212][ T31] #0: ffff888038bf40a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80 [ 657.227661][ T31] #1: ffffc9000332b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x419/0x1500 [ 657.238797][ T31] 3 locks held by kworker/1:3/5820: [ 657.244080][ T31] #0: ffff88813fe63148 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x1287/0x1920 [ 657.254795][ T31] #1: ffffc90003e27d08 ((fqdir_free_work).work){+.+.}-{0:0}, at: process_one_work+0x93c/0x1920 [ 657.265546][ T31] #2: ffffffff8e7f4d00 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x48/0x6d0 [ 657.275677][ T31] 2 locks held by syz-executor/10889: [ 657.281096][ T31] #0: ffff88803735a0e0 (&type->s_umount_key#58){++++}-{4:4}, at: deactivate_super+0xdf/0x110 [ 657.291556][ T31] #1: ffffffff8ec59608 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_shutdown_threads+0x5b/0xf0 [ 657.302410][ T31] 4 locks held by kworker/u8:3/16081: [ 657.307992][ T31] #0: ffff8880b843b2e0 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2c/0x140 [ 657.318115][ T31] #1: ffff88807a0d8008 (&____s->seqcount#17){.-.-}-{0:0}, at: trace_ignore_this_task+0x56/0x100 [ 657.328796][ T31] #2: ffff8880b8426358 (&base->lock){-.-.}-{2:2}, at: lock_timer_base+0x124/0x1d0 [ 657.338827][ T31] #3: ffffffff9b36b6b8 (&obj_hash[i].lock){-.-.}-{2:2}, at: debug_object_activate+0x144/0x490 [ 657.349503][ T31] 2 locks held by syz.3.3949/16268: [ 657.354736][ T31] #0: ffffffff906c1490 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 [ 657.363105][ T31] #1: ffffffff8ec59608 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_nl_listener_set_doit+0xd5/0x1a80 [ 657.373555][ T31] 2 locks held by syz.3.3949/16272: [ 657.379049][ T31] #0: ffffffff906c1490 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 [ 657.387712][ T31] #1: ffffffff8ec59608 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_nl_threads_set_doit+0x6c1/0xc00 [ 657.397900][ T31] 4 locks held by syz-executor/16455: [ 657.403303][ T31] #0: ffff8880497ecec0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_dev_do_close+0x26/0xb0 [ 657.413170][ T31] #1: ffff8880497ec0c0 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x35c/0x1240 [ 657.423191][ T31] #2: ffffffff908ad388 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_hash_flush+0xbb/0x280 [ 657.433488][ T31] #3: ffff88802b37f2f8 (&conn->lock#2){+.+.}-{4:4}, at: l2cap_conn_del+0x80/0x770 [ 657.443642][ T31] 1 lock held by syz-executor/16610: [ 657.449053][ T31] #0: ffffffff8e7f4e38 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x19e/0x3c0 [ 657.459297][ T31] [ 657.487420][ T31] ============================================= [ 657.487420][ T31] [ 657.495988][ T31] NMI backtrace for cpu 1 [ 657.496017][ T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 657.496075][ T31] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 657.496089][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 657.496106][ T31] Call Trace: [ 657.496115][ T31] [ 657.496126][ T31] dump_stack_lvl+0x100/0x190 [ 657.496176][ T31] nmi_cpu_backtrace.cold+0x12d/0x151 [ 657.496224][ T31] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 657.496270][ T31] nmi_trigger_cpumask_backtrace+0x1d7/0x230 [ 657.496432][ T31] sys_info+0x141/0x190 [ 657.496473][ T31] watchdog+0xd25/0x1050 [ 657.496513][ T31] ? __pfx_watchdog+0x10/0x10 [ 657.496545][ T31] ? __kthread_parkme+0x18c/0x230 [ 657.496584][ T31] ? kthread+0x13a/0x450 [ 657.496620][ T31] ? __pfx_watchdog+0x10/0x10 [ 657.496647][ T31] kthread+0x370/0x450 [ 657.496686][ T31] ? __pfx_kthread+0x10/0x10 [ 657.496726][ T31] ret_from_fork+0x754/0xd80 [ 657.496772][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 657.496820][ T31] ? __switch_to+0x7b4/0x1120 [ 657.496854][ T31] ? __pfx_kthread+0x10/0x10 [ 657.496898][ T31] ret_from_fork_asm+0x1a/0x30 [ 657.496952][ T31] [ 657.496966][ T31] Sending NMI from CPU 1 to CPUs 0: [ 657.630308][ C0] NMI backtrace for cpu 0 [ 657.630334][ C0] CPU: 0 UID: 0 PID: 3 Comm: pool_workqueue_ Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 657.630387][ C0] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 657.630403][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 657.630419][ C0] RIP: 0010:zap_class+0x134/0x330 [ 657.630453][ C0] Code: 74 5a 0f b6 2b 8b 03 40 c0 ed 02 c1 e8 08 40 0f b6 ed 8d 4c 05 00 39 c1 7e 39 89 c2 41 89 c0 4c 8d 8c 12 20 0c 2d 96 49 63 f0 <48> 81 fe 00 00 50 00 0f 83 d3 00 00 00 41 0f b7 11 81 e2 ff 1f 00 [ 657.630479][ C0] RSP: 0018:ffffc90000087ce8 EFLAGS: 00000002 [ 657.630500][ C0] RAX: 00000000000012b7 RBX: ffffffff9414dc40 RCX: 00000000000012bb [ 657.630517][ C0] RDX: 00000000000001b4 RSI: 00000000000012ba RDI: 000000000003dc6e [ 657.630533][ C0] RBP: 0000000000000004 R08: 00000000000012ba R09: ffffffff962d3194 [ 657.630550][ C0] R10: 0000000000000200 R11: 0000000000000000 R12: ffffffff97677b08 [ 657.630566][ C0] R13: 0000000000000d33 R14: ffffffff97920c78 R15: dead000000000122 [ 657.630583][ C0] FS: 0000000000000000(0000) GS:ffff88812434d000(0000) knlGS:0000000000000000 [ 657.630608][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 657.630625][ C0] CR2: 00007fbce1547e20 CR3: 0000000038c92000 CR4: 00000000003526f0 [ 657.630642][ C0] Call Trace: [ 657.630650][ C0] [ 657.630660][ C0] ? __is_module_percpu_address+0x1c2/0x430 [ 657.630694][ C0] __lockdep_free_key_range+0x34/0x80 [ 657.630724][ C0] lockdep_unregister_key+0xfe/0x1d0 [ 657.630755][ C0] pwq_release_workfn+0x618/0xaa0 [ 657.630781][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 657.630818][ C0] kthread_worker_fn+0x300/0xc40 [ 657.630852][ C0] ? __pfx_pwq_release_workfn+0x10/0x10 [ 657.630898][ C0] ? kthread+0x13a/0x450 [ 657.630929][ C0] ? __pfx_kthread_worker_fn+0x10/0x10 [ 657.630961][ C0] kthread+0x370/0x450 [ 657.630993][ C0] ? __pfx_kthread+0x10/0x10 [ 657.631028][ C0] ret_from_fork+0x754/0xd80 [ 657.631068][ C0] ? __pfx_ret_from_fork+0x10/0x10 [ 657.631108][ C0] ? __switch_to+0x7b4/0x1120 [ 657.631136][ C0] ? __pfx_kthread+0x10/0x10 [ 657.631170][ C0] ret_from_fork_asm+0x1a/0x30 [ 657.631207][ C0] [ 657.854375][ T31] Kernel panic - not syncing: hung_task: blocked tasks [ 657.861292][ T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 657.872039][ T31] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 657.882128][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 657.892219][ T31] Call Trace: [ 657.895527][ T31] [ 657.898495][ T31] dump_stack_lvl+0x100/0x190 [ 657.903220][ T31] vpanic+0x552/0x970 [ 657.907237][ T31] ? __pfx_vpanic+0x10/0x10 [ 657.911779][ T31] ? nmi_trigger_cpumask_backtrace+0x182/0x230 [ 657.918005][ T31] panic+0xd1/0xe0 [ 657.921781][ T31] ? __pfx_panic+0x10/0x10 [ 657.926248][ T31] ? nmi_trigger_cpumask_backtrace+0x1b5/0x230 [ 657.932452][ T31] ? nmi_trigger_cpumask_backtrace+0x1f6/0x230 [ 657.938659][ T31] ? nmi_trigger_cpumask_backtrace+0x200/0x230 [ 657.944870][ T31] ? watchdog.cold+0x198/0x1ca [ 657.949676][ T31] ? watchdog+0xd35/0x1050 [ 657.954140][ T31] watchdog.cold+0x1a9/0x1ca [ 657.958806][ T31] ? __pfx_watchdog+0x10/0x10 [ 657.963526][ T31] ? __kthread_parkme+0x18c/0x230 [ 657.968597][ T31] ? kthread+0x13a/0x450 [ 657.972885][ T31] ? __pfx_watchdog+0x10/0x10 [ 657.977591][ T31] kthread+0x370/0x450 [ 657.981704][ T31] ? __pfx_kthread+0x10/0x10 [ 657.986352][ T31] ret_from_fork+0x754/0xd80 [ 657.990996][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 657.996163][ T31] ? __switch_to+0x7b4/0x1120 [ 658.000969][ T31] ? __pfx_kthread+0x10/0x10 [ 658.005612][ T31] ret_from_fork_asm+0x1a/0x30 [ 658.010436][ T31] [ 658.014077][ T31] Kernel Offset: disabled [ 658.018447][ T31] Rebooting in 86400 seconds..