last executing test programs: 1m6.215129811s ago: executing program 0 (id=3897): mmap$auto(0x0, 0x4, 0x4000000000df, 0x78, 0xffffffffffffffff, 0x300000000000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) socket(0x2, 0x1, 0x0) socket(0xa, 0x3, 0x3a) sysfs$auto(0x2, 0x0, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) epoll_ctl$auto(0x5, 0x1, r0, 0x0) 1m6.073264805s ago: executing program 0 (id=3899): socket(0x10, 0x2, 0x0) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'team_slave_1\x00', 0x0}) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)={0x68, 0x0, 0x800, 0x70bd2d, 0x25dfdbfe, {}, [@HSR_A_IF2_AGE={0x8, 0x4, 0xab7}, @HSR_A_IF2_SEQ={0x6, 0x7, 0x8000}, @HSR_A_IFINDEX={0x8, 0x2, r1}, @HSR_A_NODE_ADDR_B={0xa, 0x5, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}}, @HSR_A_NODE_ADDR={0xa, 0x1, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}}, @HSR_A_NODE_ADDR={0xa, 0x1, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x35}}, @HSR_A_IFINDEX={0x8, 0x2, r1}, @HSR_A_IF1_SEQ={0x6, 0x6, 0x5}, @HSR_A_IF2_AGE={0x8, 0x4, 0x4b3d}]}, 0x68}, 0x1, 0x0, 0x0, 0x40080}, 0x40) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="13"], 0x1ac}}, 0x4004) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 1m5.850365811s ago: executing program 0 (id=3901): fsconfig$auto_HIDEPID_NO_ACCESS(0xffffffffffffffff, 0xffff0000, 0x0, &(0x7f0000000080)="f4d02e620c2b2d9732eae09f0cf3bec2b54090f3192944b18e3aaffe1d254e65806fbaf7bdbbd211bebecc728cb04d1c982b6170235296121b4f0d781794e49e5f0dd0abae8d4775176e4917a429f319ca51cc34aa31d23ffa063c78a2604bc2d4c7206f1ee8e60ba41ae62f5c325e14a7d4657e633ff2f6e4ee20c410583edec38a9dbb5b6075763c267c742fe4fe3b3d988edb8a68ed573d67e05ec371993de8d4e6fd42668fb19993b4a5ff602bb2da3467bce57365aef31523fdc0d5d64634ec86a7f7e14a2a73f1130d587af27880679a60b52051d03b8f5f37d50eb8150e597af56787787a22b7c9488f9d7f30406fa69b96ace01eed97fd990a11b1fefad8a5a2c9613ebc9f79c14e71f7354aab789d31c7b877a8a5bd863035699a29f96272c86b2d12ffa8883011807fed67b03a6c5545d9375f9ea16501187449b0dde6b575777b17bfae688c57fd2072e39d0ec327b948ebe76aae5ce3919b6245a07043214027f03152a47654a321619f91ca7169a15d05e5894dfe34f2dfd58225c5ca721faf3ff4f29465232db705af94a32232a7039943288ccff1f7bf7bb7e0940f2c3dd6fe26e4d7359aaa80c17bffab9d4f3f", 0x1) r0 = open(&(0x7f0000000040)='./file0\x00', 0x149443, 0x0) bpf$auto(0x0, &(0x7f00000001c0)=@bpf_attr_0={0x1, 0x538, 0x80, 0x10000, 0x0, r0, 0x1000, "72fea04183dce563f03f2a25077b3383", 0x0, r0, 0x4, 0x6, 0x101, 0x1, r0}, 0x6f3) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) recvmmsg$auto(0xffffffffffffffff, &(0x7f0000000200)={{0x0, 0x8, 0x0, 0x7, 0x0, 0xfffffffffffffffd, 0x200}, 0x5}, 0x3, 0x4, 0x0) mount$auto(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='nfs4\x00', 0x200, &(0x7f00000001c0)) 1m5.413337791s ago: executing program 0 (id=3905): close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2, 0x3, 0x6) lsm_list_modules$auto(0x0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x401c5820, 0x0) mkdir$auto(0x0, 0x353) 1m4.867344482s ago: executing program 0 (id=3908): prctl$auto_PR_SET_MDWE(0x41, 0x3, 0x80000000000000, 0x9, 0x5) prctl$auto_PR_SET_MDWE(0x41, 0x4, 0x1d10, 0xf6d, 0x6) prctl$auto_PR_SET_MDWE(0x41, 0x4, 0x200, 0x4, 0xfffffffffffffffb) prctl$auto_PR_SET_MDWE(0x41, 0x9, 0xfffffffffffffffb, 0xd, 0x3) prctl$auto_PR_SET_MDWE(0x41, 0x100000001, 0x3, 0x3, 0x0) prctl$auto_PR_SET_MDWE(0x41, 0x0, 0x3476, 0x9, 0xe94) r0 = openat$auto_percpu_stats_fops_(0xffffffffffffff9c, &(0x7f0000000000), 0x40080, 0x0) read$auto_percpu_stats_fops_(r0, &(0x7f0000000040)=""/83, 0x53) 1m4.248142674s ago: executing program 0 (id=3910): r0 = socket(0xa, 0x801, 0x84) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000001c0)={0x14, 0x0, 0x4, 0x70bd28, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x4000000}, 0x80) syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000001bc0), r1) r2 = syz_genetlink_get_family_id$auto_net_shaper(&(0x7f0000004a80), r1) sendmsg$auto_NET_SHAPER_CMD_SET(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)={0x20, r2, 0x1, 0x70bd2a, 0x25dfdbfe, {}, [@NET_SHAPER_A_HANDLE={0xc, 0x1, 0x0, 0x1, [@NET_SHAPER_A_HANDLE_SCOPE={0x8, 0x1, 0x946d}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x10}, 0x200000c0) 1m3.606784036s ago: executing program 32 (id=3910): r0 = socket(0xa, 0x801, 0x84) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000001c0)={0x14, 0x0, 0x4, 0x70bd28, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x4000000}, 0x80) syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000001bc0), r1) r2 = syz_genetlink_get_family_id$auto_net_shaper(&(0x7f0000004a80), r1) sendmsg$auto_NET_SHAPER_CMD_SET(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)={0x20, r2, 0x1, 0x70bd2a, 0x25dfdbfe, {}, [@NET_SHAPER_A_HANDLE={0xc, 0x1, 0x0, 0x1, [@NET_SHAPER_A_HANDLE_SCOPE={0x8, 0x1, 0x946d}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x10}, 0x200000c0) 3.8444775s ago: executing program 4 (id=4220): mmap$auto(0x0, 0x9, 0xdf, 0xeb1, 0x401, 0x8000) r0 = socket(0x10, 0x2, 0x0) sendmsg$auto_L2TP_CMD_TUNNEL_CREATE(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x40000}, 0x48080) sendmsg$auto_L2TP_CMD_TUNNEL_DELETE(r0, &(0x7f0000000280)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x20}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x40010}, 0x20000000) sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="140000", @ANYRES16, @ANYBLOB="df350abb827483"], 0x14}, 0x1, 0x0, 0x0, 0x20008000}, 0x10004010) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000"], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) recvmmsg$auto(r0, &(0x7f0000000100)={{0x0, 0x4, 0x0, 0x3, 0x0, 0x80000000, 0x6}, 0x9}, 0x7, 0x6, 0x0) 3.422780394s ago: executing program 4 (id=4222): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptya1\x00', 0x20080, 0x0) socket(0x2, 0x5, 0x0) io_uring_setup$auto(0x1000, 0x0) ioctl$auto(0x3, 0x5420, 0x38) socket(0x29, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) select$auto(0x8, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x0, 0xd, 0x2, 0x948b, 0x3, 0x15f4da0a, 0x1, 0x3, 0x62, 0x80000001, 0x4, 0x6d3f, 0x6, 0x5, 0x5]}, 0x0) ioctl$auto_SNDCTL_TMR_CONTINUE(r0, 0x5404, 0x0) 2.862558644s ago: executing program 3 (id=4226): connect$auto(0x3, 0x0, 0x58) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) ioctl$auto(0x4000000000000c8, 0x400454d9, 0x3) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x2000, 0x0) io_uring_setup$auto(0x6, 0x0) close_range$auto(0x2, 0xa, 0x0) openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000200), 0x400, 0x3f) 2.50126838s ago: executing program 1 (id=4229): close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0xc) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, r0, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r1) ioctl$auto_KVM_GET_MSRS(r0, 0x4008ae89, &(0x7f0000000040)={0x26, 0x0, [{0xe1, 0xa, 0x2}]}) 2.384452976s ago: executing program 3 (id=4231): mmap$auto(0x0, 0x2000009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = socket$nl_generic(0x10, 0x3, 0x10) bpf$auto(0x0, &(0x7f0000000100)=@bpf_attr_5={@target_ifindex, r0, 0x80e4, 0x0, 0x1, @relative_fd=r0, 0x80}, 0x1) close_range$auto(0x2, 0x8, 0x0) openat$auto_proc_loginuid_operations_base(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/loginuid\x00', 0x109000, 0x0) r1 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000400), 0x189002, 0x0) ioctl$auto_PPPIOCSMRU(r1, 0xc004743e, 0x0) ioctl$auto_PPPIOCSPASS(r1, 0x40107447, 0x0) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0x8) 2.208789923s ago: executing program 4 (id=4232): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0xd4, 0x8000) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/tty12\x00', 0x101840, 0x0) r1 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000100)='/dev/tty36\x00', 0x0, 0x0) r3 = getpid() process_vm_readv$auto(r3, &(0x7f0000000000)={0x0, 0xfff}, 0x800000001, &(0x7f0000000280)={&(0x7f0000000100), 0x1ffffffff}, 0x6, 0x0) read$auto(r2, 0x0, 0x80) ioctl$auto_TIOCSTI2(r2, 0x5412, &(0x7f0000000000)='\n') ioctl$auto(r0, 0x541c, r1) 2.128968005s ago: executing program 1 (id=4233): socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/net/nr14/proto_down\x00', 0x82942, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0xa0801, 0x0) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) socket$nl_generic(0x10, 0x3, 0x10) ioctl$auto(0x3, 0xae41, r0) ioctl$auto_KVM_GET_MSRS(r1, 0x8040ae9f, &(0x7f0000000380)={0xdd}) 1.987063567s ago: executing program 3 (id=4235): r0 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) setresuid$auto(0x909b, 0x1, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x2) landlock_create_ruleset$auto(&(0x7f0000000000)={0xdaa0, 0x1, 0x9}, 0x9, 0x0) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) socket(0x2, 0x1, 0x0) setsockopt$auto(0x3, 0x1, 0x3c, 0x0, 0x7) sendmsg$auto_MACSEC_CMD_ADD_TXSA(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={0x0, 0x2a8}, 0x1, 0x0, 0x0, 0x4008000}, 0x4040811) 1.78643624s ago: executing program 3 (id=4236): mmap$auto(0x0, 0x2000c, 0xdf, 0x20eb1, 0x40000000000a5, 0x8000) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) ioctl$auto_BLKRRPART(0xffffffffffffffff, 0x125f, 0x700000000000000) r0 = socket(0x10, 0x2, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0x6, 0x1, 0x9, 0x7, 0x3b, 0x3ff, 0x1ffde, 0x7, 0x6, 0x2, 0x9, 0x3, 0x6, 0x4, 0xb2, 0x9, 0x3, 0xfffc, 0x80, 0x7, 0x40000, 0x7, 0x2000, 0x200, 0x0, 0x81, 0x0, 0x7, 0x0, 0x0, 0x0, [0x1000000001, 0x0, 0x4, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x7]}, 0x202, 0xd) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="10002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x5}, 0x7, 0x0) 1.785708177s ago: executing program 2 (id=4237): mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x155) socket(0x2, 0x80802, 0x0) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) setsockopt$auto(0x3, 0x1, 0x41, 0x0, 0x7) sendmmsg$auto(0x3, 0x0, 0x3, 0x0) recvfrom$auto(0x3, 0x0, 0x800000000e, 0xfffff4a4, 0x0, 0xfffffffffffffffd) 1.763973442s ago: executing program 1 (id=4238): r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) clock_adjtime$auto(0x0, &(0x7f0000000040)={0xfbb, 0x0, 0x7f, 0xfffffffff7fffffe, 0x600, 0x1, 0x7, 0x0, 0x7, 0x8, 0x5, {0x3ff, 0x7}, 0xfffffffffffffffa, 0xa5, 0xa, 0x13c, 0x0, 0xc3, 0x1000, 0x800000000000007, 0x5, 0x90, 0xfffffff5}) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x1d, 0x2, 0x7) r1 = socket(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'vcan0\x00', 0x0}) bind$auto(0x3, &(0x7f0000000040)=@can={0x1d, r2}, 0x6a) write$auto(r0, 0x0, 0x100000a3d9) 1.563172689s ago: executing program 1 (id=4239): close_range$auto(0x2, 0x8, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000200)='/proc/sys/vm/nr_overcommit_hugepages\x00', 0x100, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000080), 0x88000, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r1) ioctl$auto_KVM_GET_MSRS(r0, 0x4080aebf, &(0x7f0000000100)={0x2, 0x179}) 1.551592325s ago: executing program 4 (id=4240): sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x400c000) bpf$auto(0x1, &(0x7f0000000000)=@batch={0xfffffffffffffffb, 0x44, 0x4, 0x9, 0x4, 0xffffffffffffffff, 0x2, 0x8}, 0x100000cf) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200"], 0x1ac}}, 0x40000) recvmmsg$auto(r0, &(0x7f0000000040)={{0x0, 0x5, 0x0, 0x5, 0x0, 0x200002, 0x13}, 0x803}, 0xfffffff9, 0x10, 0x0) r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace$auto(0x10, r1, 0x4, 0x7ff) ptrace$auto_PTRACE_PEEKSIGINFO(0x4209, r1, 0x8, 0x6) 1.545367035s ago: executing program 2 (id=4241): mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) openat$auto_sco_debugfs_fops_(0xffffffffffffff9c, &(0x7f0000000140), 0x290001, 0x0) r0 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/block/ram9/diskseq\x00', 0x20000, 0x0) read$auto(r1, 0x0, 0x100000001) writev$auto(r0, &(0x7f0000000200)={0x0, 0x2}, 0x3) writev$auto(0x3, 0x0, 0x8) getsockopt$auto_SO_BSDCOMPAT(r1, 0xfffffffa, 0xe, 0x0, 0x0) socket(0x2c, 0x3, 0x0) 1.313648152s ago: executing program 2 (id=4242): socket$nl_generic(0x10, 0x3, 0x10) openat$auto_zero_fops_mem(0xffffffffffffff9c, &(0x7f0000000340), 0x82043, 0x0) preadv$auto(0x40000000000003, 0x0, 0x6, 0x2, 0x5) socket(0x10, 0x2, 0x0) mmap$auto(0x0, 0x20004, 0x1ff, 0xeb1, 0x8000000000000024, 0x8000) pidfd_open$auto(0x1, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) r0 = socket(0xa, 0x1, 0x84) getsockopt$auto(r0, 0x0, 0x53, 0x0, &(0x7f0000000040)=0x28) 1.298890723s ago: executing program 3 (id=4243): mmap$auto(0x0, 0x2, 0xffffffffffffffff, 0x44eb1, 0x602, 0x300000000000) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0x4) r0 = socket(0x1d, 0x2, 0x7) r1 = socket(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'vcan0\x00', 0x0}) bind$auto(r0, &(0x7f0000000000)=@can={0x1d, r2}, 0x6a) connect$auto(0x3, &(0x7f00000018c0)=@can={0x1d, r3}, 0x18) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x3f0000f5) 1.192404102s ago: executing program 1 (id=4244): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) io_uring_setup$auto(0x2, 0x0) socket(0x2, 0x1, 0x0) sysfs$auto(0x2, 0x0, 0x0) r0 = epoll_create$auto(0x7) r1 = socket$nl_generic(0x10, 0x3, 0x10) epoll_ctl$auto(0x5, 0x1, r1, 0x0) epoll_wait$auto(r0, 0x0, 0xe007, 0xe8a4e409) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000100), r1) 1.084518687s ago: executing program 2 (id=4245): open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154) fcntl$auto(0x3, 0x400, 0x9ec0000000000000) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) socket(0xa, 0x801, 0x84) socket(0x2, 0x1, 0x0) socket(0x1, 0x2, 0x0) open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x0) fcntl$auto(0x3, 0x400, 0x9ec0000000000000) fcntl$auto(0x3, 0x400, 0x9ec0000000000000) 506.704732ms ago: executing program 1 (id=4246): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0x6, 0x0) close_range$auto(0x2, 0x8, 0x0) ioctl$auto_SW_SYNC_IOC_CREATE_FENCE(0xffffffffffffffff, 0xc0285700, 0x0) move_pages$auto(0x0, 0x1002, 0x0, 0x0, 0x0, 0x2) mmap$auto(0x0, 0x400008, 0x20000000df, 0x9b72, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$auto_mac80211_hwsim(0x0, 0xffffffffffffffff) readv$auto(0x3, 0x0, 0x1) ioctl$auto_TUNGETSNDBUF(0xffffffffffffffff, 0x800454d3, 0x0) 506.621902ms ago: executing program 2 (id=4247): socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) openat$auto_ima_measurements_ops_ima_fs(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r0 = getpid() process_vm_readv$auto(r0, &(0x7f0000000000)={0x0, 0xfff}, 0x800000001, &(0x7f0000000280)={&(0x7f0000000080), 0x1ffffffff}, 0x6, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0x4040ae79, r1) 402.157836ms ago: executing program 4 (id=4248): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) close_range$auto(0x2, 0x8, 0x0) r0 = socketcall$auto(0x8000, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xae60, 0x10000000000402) ioctl$auto(0x3, 0xae41, r0) ioctl$auto(0x3, 0xae41, 0x38) ioctl$auto(0x3, 0x4020aea5, 0x38) 207.981985ms ago: executing program 3 (id=4249): mmap$auto(0x0, 0x402000a, 0xffffffffffffffff, 0x400eb1, 0x401, 0x8000) unshare$auto(0x40000080) sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, 0x0, 0x10004010) close_range$auto(0x2, 0x8, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/platform/vivid.0/video4linux/v4l-touch5/dev_debug\x00', 0x0, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/graphics/fbcon/rotate_all\x00', 0xa001, 0x0) r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv6/conf/hsr_slave_1/accept_ra_rtr_pref\x00', 0x102, 0x0) read$auto(r0, 0x0, 0x1ff) write$auto(0x3, 0x0, 0xfdef) 34.900141ms ago: executing program 2 (id=4250): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) close_range$auto(0x0, 0x5, 0x0) socket$nl_generic(0x10, 0x3, 0x10) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0001, 0x15) r0 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) getsockname$auto(r0, 0x0, 0x0) socket(0x28, 0x800, 0x7) 0s ago: executing program 4 (id=4251): r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000002940)='/dev/fb0\x00', 0x841, 0x0) openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, &(0x7f0000000000), 0x2001, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/tracing/trace_pipe\x00', 0x20c01, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D3\x00', 0x0, 0x0) select$auto(0x9, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0xffffffffffffffff, 0x15f4da07, 0x6, 0x10, 0x64, 0x80000020, 0x1000, 0xb, 0x9, 0x2, 0x8]}, 0x0) kernel console output (not intermixed with test programs): 1a0/0x20c0 [ 431.451869][T12353] ? __pfx_format_decode+0x10/0x10 [ 431.451897][T12353] ? number+0x983/0xc90 [ 431.451936][T12353] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 431.451981][T12353] ? __pfx_tomoyo_init_log+0x10/0x10 [ 431.452023][T12353] tomoyo_write_log2+0x2ed/0xbc0 [ 431.452063][T12353] tomoyo_supervisor+0x15e/0x1340 [ 431.452108][T12353] ? __pfx_tomoyo_supervisor+0x10/0x10 [ 431.452151][T12353] ? tomoyo_realpath_from_path+0x19c/0x690 [ 431.452196][T12353] ? tomoyo_realpath_from_path+0x19c/0x690 [ 431.452231][T12353] ? kfree+0x1f6/0x6b0 [ 431.452259][T12353] ? tomoyo_check_path_number_acl+0x1e6/0x2f0 [ 431.452298][T12353] tomoyo_path_number_perm+0x445/0x580 [ 431.452330][T12353] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 431.452360][T12353] ? futex_wait+0x125/0x380 [ 431.452422][T12353] ? find_held_lock+0x2b/0x80 [ 431.452461][T12353] ? __fget_files+0x215/0x3d0 [ 431.452494][T12353] ? hook_file_ioctl_common+0x146/0x410 [ 431.452530][T12353] ? __fget_files+0x21f/0x3d0 [ 431.452570][T12353] security_file_ioctl+0xd3/0x230 [ 431.452601][T12353] __x64_sys_ioctl+0xb7/0x210 [ 431.452634][T12353] do_syscall_64+0x106/0xf80 [ 431.452666][T12353] ? clear_bhb_loop+0x40/0x90 [ 431.452705][T12353] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 431.452731][T12353] RIP: 0033:0x7fa58779bf79 [ 431.452753][T12353] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 431.452778][T12353] RSP: 002b:00007fa5886eb028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 431.452803][T12353] RAX: ffffffffffffffda RBX: 00007fa587a15fa0 RCX: 00007fa58779bf79 [ 431.452819][T12353] RDX: 0010000000000402 RSI: 000000000000ae60 RDI: 0000000000000003 [ 431.452835][T12353] RBP: 00007fa5878327e0 R08: 0000000000000000 R09: 0000000000000000 [ 431.452850][T12353] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 431.452865][T12353] R13: 00007fa587a16038 R14: 00007fa587a15fa0 R15: 00007ffeae7391f8 [ 431.452897][T12353] [ 432.737888][T12363] netlink: 'syz.1.2406': attribute type 4 has an invalid length. [ 434.749157][T12400] netlink: 334 bytes leftover after parsing attributes in process `syz.1.2416'. [ 434.896554][T12390] ERROR: Out of memory at tomoyo_memory_ok. [ 434.974170][T12402] netlink: 342 bytes leftover after parsing attributes in process `syz.2.2417'. [ 435.275636][T12408] netlink: 'syz.2.2419': attribute type 21 has an invalid length. [ 435.317217][T12408] netlink: 334 bytes leftover after parsing attributes in process `syz.2.2419'. [ 438.215344][T12466] netlink: 334 bytes leftover after parsing attributes in process `syz.2.2440'. [ 438.520591][T12470] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2442'. [ 438.892559][T12476] netlink: set zone limit has 8 unknown bytes [ 439.001568][T12481] netlink: set zone limit has 8 unknown bytes [ 439.201634][T12480] netlink: 146 bytes leftover after parsing attributes in process `syz.2.2447'. [ 439.589835][T12496] netlink: 334 bytes leftover after parsing attributes in process `syz.1.2451'. [ 439.777479][T12488] ERROR: Out of memory at tomoyo_memory_ok. [ 440.143603][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.150661][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 441.068664][T12525] netlink: 342 bytes leftover after parsing attributes in process `syz.1.2463'. [ 442.139646][T12544] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2470'. [ 442.877297][T12563] netlink: 342 bytes leftover after parsing attributes in process `syz.3.2476'. [ 442.922594][T12563] netlink: 342 bytes leftover after parsing attributes in process `syz.3.2476'. [ 443.683883][T12578] netlink: 'syz.3.2481': attribute type 14 has an invalid length. [ 443.704017][T12574] kvm: kvm [12573]: vcpu2, guest rIP: 0xfff0 Unhandled WRMSR(0x11e) = 0x1 [ 443.747305][T12578] netlink: 330 bytes leftover after parsing attributes in process `syz.3.2481'. [ 444.090102][T12580] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2482'. [ 444.441330][T12587] netlink: 334 bytes leftover after parsing attributes in process `syz.3.2485'. [ 444.832927][T12590] zswap: compressor not available [ 444.838613][T12592] ACPI: EC: Assuming SCI_EVT clearing on QR_EC writes [ 446.837916][T12631] hub 3-0:1.0: USB hub found [ 446.893345][T12631] hub 3-0:1.0: 1 port detected [ 447.057972][T12631] usb usb3: authorized to connect [ 449.141333][T12666] netlink: 342 bytes leftover after parsing attributes in process `syz.0.2508'. [ 449.254802][T12654] Process accounting resumed [ 449.622024][T12674] ovs_: entered promiscuous mode [ 451.206128][T12708] netlink: 74 bytes leftover after parsing attributes in process `syz.2.2525'. [ 451.469620][T12721] ubi0: attaching mtd0 [ 451.482722][T12721] ubi0: scanning is finished [ 451.497241][T12721] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 451.598299][T12721] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 452.364752][T12747] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 453.513141][T12766] phram: parameter too long [ 454.741674][T12802] hub 3-0:1.0: USB hub found [ 454.775760][T12802] hub 3-0:1.0: 1 port detected [ 454.834248][T12802] usb usb3: authorized to connect [ 454.880696][T12806] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2568'. [ 454.925843][T12806] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2568'. [ 457.902182][T12853] netlink: 338 bytes leftover after parsing attributes in process `syz.1.2579'. [ 458.934021][T12875] mkiss: ax0: crc mode is auto. [ 459.489650][T12884] syz.1.2591 (12884) used greatest stack depth: 19376 bytes left [ 459.680469][T12889] netlink: 'syz.2.2593': attribute type 33 has an invalid length. [ 459.727396][T12889] netlink: 322 bytes leftover after parsing attributes in process `syz.2.2593'. [ 460.710748][T12913] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2602'. [ 460.738198][T12913] netlink: 'syz.1.2602': attribute type 7 has an invalid length. [ 463.665321][T12963] netlink: 342 bytes leftover after parsing attributes in process `syz.0.2622'. [ 466.605574][T13014] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2643'. [ 467.848681][T13034] ptrace attach of "./syz-executor exec"[5824] was attempted by ""[13034] [ 468.568426][T13045] mkiss: ax0: crc mode is auto. [ 470.974440][T13094] netlink: 334 bytes leftover after parsing attributes in process `syz.3.2672'. [ 473.073192][T13127] netlink: 'syz.1.2686': attribute type 22 has an invalid length. [ 473.118685][T13127] netlink: 330 bytes leftover after parsing attributes in process `syz.1.2686'. [ 474.531803][T13145] netlink: 334 bytes leftover after parsing attributes in process `syz.0.2694'. [ 476.900506][T13170] vivid-007: ================= START STATUS ================= [ 476.948019][T13170] vivid-007: Generate PTS: true [ 476.970166][T13170] vivid-007: Generate SCR: true [ 476.975109][T13170] tpg source WxH: 320x240 (Y'CbCr) [ 477.015971][T13170] tpg field: 1 [ 477.032956][T13170] tpg crop: (0,0)/320x240 [ 477.057166][T13170] tpg compose: (0,0)/320x240 [ 477.076285][T13170] tpg colorspace: 8 [ 477.089120][T13173] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x2c0 pfn:0x7fe0a [ 477.105974][T13170] tpg transfer function: 0/0 [ 477.116280][T13170] tpg Y'CbCr encoding: 0/0 [ 477.145328][T13170] tpg quantization: 0/0 [ 477.151011][T13173] memcg:ffff88802e3a8b82 [ 477.157182][T13170] tpg RGB range: 0/2 [ 477.168754][T13173] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 477.176034][T13173] page_type: f2(table) [ 477.198501][T13170] vivid-007: ================== END STATUS ================== [ 477.240450][T13173] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000 [ 477.291445][T13173] raw: 00000000000002c0 ffff88807cfd6b40 00000001f2000000 ffff88802e3a8b82 [ 477.334276][T13173] page dumped because: unmovable page [ 477.387451][T13173] page_owner tracks the page as allocated [ 477.409675][T13173] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x440dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO|__GFP_COMP), pid 5824, tgid 5824 (syz-executor), ts 476982731457, free_ts 476759767522 [ 477.517210][T13173] post_alloc_hook+0x153/0x170 [ 477.533555][T13173] get_page_from_freelist+0x111d/0x3140 [ 477.566608][T13173] __alloc_frozen_pages_noprof+0x27c/0x2ba0 [ 477.606043][T13173] alloc_pages_mpol+0x1fb/0x550 [ 477.617508][T13173] alloc_pages_noprof+0x131/0x390 [ 477.635725][T13173] pte_alloc_one+0x1e/0x3e0 [ 477.654757][T13173] __pte_alloc+0x6d/0x3f0 [ 477.675249][T13173] copy_page_range+0x3e51/0x6570 [ 477.688091][T13173] dup_mmap+0xc00/0x1db0 [ 477.702699][T13173] copy_process+0x73d1/0x7a10 [ 477.717157][T13173] kernel_clone+0xfc/0x9a0 [ 477.732087][T13173] __do_sys_clone+0xd9/0x120 [ 477.752520][T13173] do_syscall_64+0x106/0xf80 [ 477.771734][T13173] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 477.785769][T13173] page last free pid 1014 tgid 1014 stack trace: [ 477.807185][T13173] __free_frozen_pages+0x7ca/0x10a0 [ 477.826543][T13173] __folio_put+0x3b4/0x540 [ 477.869544][T13173] gup_put_folio+0x1cb/0x270 [ 477.887538][T13173] io_release_ubuf+0x10e/0x260 [ 477.909984][T13173] io_free_rsrc_node+0x254/0x700 [ 477.935522][T13173] io_rsrc_data_free+0x1e7/0x25d [ 477.945863][T13173] io_sqe_buffers_unregister.cold+0x12/0x17 [ 477.966140][T13173] io_ring_exit_work+0x70b/0xcdb [ 477.987268][T13173] process_one_work+0x9d7/0x1920 [ 477.992291][T13173] worker_thread+0x5da/0xe40 [ 478.017838][T13173] kthread+0x370/0x450 [ 478.030750][T13173] ret_from_fork+0x754/0xd80 [ 478.045678][T13173] ret_from_fork_asm+0x1a/0x30 [ 478.916882][T13197] netlink: 342 bytes leftover after parsing attributes in process `syz.3.2711'. [ 479.718370][T13211] Process accounting paused [ 481.225027][T13230] netlink: 334 bytes leftover after parsing attributes in process `syz.2.2723'. [ 481.755371][T13237] netlink: 334 bytes leftover after parsing attributes in process `syz.1.2726'. [ 483.881673][T13259] netlink: 146 bytes leftover after parsing attributes in process `syz.1.2735'. [ 484.640133][T13255] kexec: Could not allocate control_code_buffer [ 487.610907][T13314] netlink: 342 bytes leftover after parsing attributes in process `syz.3.2753'. [ 488.060146][T13320] FAULT_INJECTION: forcing a failure. [ 488.060146][T13320] name failslab, interval 1, probability 0, space 0, times 0 [ 488.151732][T13320] CPU: 0 UID: 0 PID: 13320 Comm: syz.3.2756 Tainted: G U L syzkaller #0 PREEMPT(full) [ 488.151777][T13320] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 488.151787][T13320] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 488.151803][T13320] Call Trace: [ 488.151811][T13320] [ 488.151821][T13320] dump_stack_lvl+0x100/0x190 [ 488.151890][T13320] should_fail_ex.cold+0x5/0xa [ 488.151920][T13320] should_failslab+0xc2/0x120 [ 488.151962][T13320] __kmalloc_cache_noprof+0x7a/0x6f0 [ 488.151990][T13320] ? copy_time_ns+0xf6/0x800 [ 488.152036][T13320] copy_time_ns+0xf6/0x800 [ 488.152076][T13320] ? copy_cgroup_ns+0x71/0x970 [ 488.152105][T13320] create_new_namespaces+0x48a/0xac0 [ 488.152156][T13320] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 488.152184][T13320] ksys_unshare+0x455/0xab0 [ 488.152218][T13320] ? __pfx_ksys_unshare+0x10/0x10 [ 488.152261][T13320] __x64_sys_unshare+0x31/0x40 [ 488.152291][T13320] do_syscall_64+0x106/0xf80 [ 488.152325][T13320] ? clear_bhb_loop+0x40/0x90 [ 488.152357][T13320] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 488.152383][T13320] RIP: 0033:0x7fa58779bf79 [ 488.152404][T13320] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 488.152430][T13320] RSP: 002b:00007fa5886eb028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 488.152455][T13320] RAX: ffffffffffffffda RBX: 00007fa587a15fa0 RCX: 00007fa58779bf79 [ 488.152472][T13320] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000080 [ 488.152488][T13320] RBP: 00007fa5878327e0 R08: 0000000000000000 R09: 0000000000000000 [ 488.152503][T13320] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 488.152518][T13320] R13: 00007fa587a16038 R14: 00007fa587a15fa0 R15: 00007ffeae7391f8 [ 488.152551][T13320] [ 488.837729][T13329] netlink: 334 bytes leftover after parsing attributes in process `syz.1.2759'. [ 489.966552][T13344] netlink: 342 bytes leftover after parsing attributes in process `syz.3.2764'. [ 491.215911][T13359] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2769'. [ 491.397571][T13359] bond0: (slave bond_slave_1): Releasing backup interface [ 492.483521][T13377] zswap: compressor not available [ 493.120790][T13389] netlink: 'syz.0.2779': attribute type 64 has an invalid length. [ 493.167322][T13389] netlink: 74 bytes leftover after parsing attributes in process `syz.0.2779'. [ 495.284704][T13422] [U] [ 495.287785][T13422] [U] [ 495.290596][T13422] [U] [ 495.293309][T13422] [U] [ 495.329500][T13422] [U] [ 495.332306][T13422] [U] [ 495.335025][T13422] [U] [ 495.337758][T13422] [U] [ 495.374147][T13422] [U] [ 495.376998][T13422] [U] [ 495.379713][T13422] [U] [ 495.382426][T13422] [U] [ 495.416322][T13422] [U] [ 495.419095][T13422] [U] [ 495.421840][T13422] [U] [ 495.424557][T13422] [U] [ 495.456666][T13422] [U] [ 495.459429][T13422] [U] [ 495.462155][T13422] [U] [ 495.464865][T13422] [U] [ 495.499625][T13422] [U] [ 495.502393][T13422] [U] [ 495.505107][T13422] [U] [ 495.507848][T13422] [U] [ 495.535351][T13422] [U] [ 495.538124][T13422] [U] [ 495.540841][T13422] [U] [ 495.543556][T13422] [U] [ 495.573141][T13422] [U] [ 495.575925][T13422] [U] [ 495.578641][T13422] [U] [ 495.581359][T13422] [U] [ 495.615337][T13422] [U] [ 495.618103][T13422] [U] [ 495.620822][T13422] [U] [ 495.623532][T13422] [U] [ 495.654117][T13422] [U] [ 495.656880][T13422] [U] [ 495.659594][T13422] [U] [ 495.662313][T13422] [U] [ 495.701262][T13422] [U] [ 495.704035][T13422] [U] [ 495.706779][T13422] [U] [ 495.709500][T13422] [U] [ 495.738286][T13422] [U] [ 495.741057][T13422] [U] [ 495.743776][T13422] [U] [ 495.746491][T13422] [U] [ 495.796741][T13422] [U] [ 495.799508][T13422] [U] [ 495.802348][T13422] [U] [ 495.805065][T13422] [U] [ 495.850949][T13422] [U] [ 495.853719][T13422] [U] [ 495.856442][T13422] [U] [ 495.859198][T13422] [U] [ 495.903752][T13422] [U] [ 495.906509][T13422] [U] [ 495.909224][T13422] [U] [ 495.911937][T13422] [U] [ 495.949620][T13422] [U] [ 495.952388][T13422] [U] [ 495.955121][T13422] [U] [ 495.957831][T13422] [U] [ 496.012890][T13422] [U] [ 496.015646][T13422] [U] [ 496.018395][T13422] [U] [ 496.021120][T13422] [U] [ 496.122539][T13422] [U] [ 496.125314][T13422] [U] [ 496.128030][T13422] [U] [ 496.130746][T13422] [U] [ 496.214042][T13422] [U] [ 496.216850][T13422] [U] [ 496.219565][T13422] [U] [ 496.222276][T13422] [U] [ 496.288222][T13422] [U] [ 496.557253][T13443] [U] [ 496.785436][T13448] netlink: 'syz.0.2803': attribute type 19 has an invalid length. [ 496.822910][T13448] netlink: 334 bytes leftover after parsing attributes in process `syz.0.2803'. [ 496.837379][T13450] netlink: 342 bytes leftover after parsing attributes in process `syz.2.2804'. [ 497.187159][ T30] audit: type=1800 audit(1771252578.675:11): pid=13457 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.2807" name="dbroot" dev="configfs" ino=38730 res=0 errno=0 [ 497.421244][T13461] mkiss: ax0: crc mode is auto. [ 497.683405][T13469] netlink: 342 bytes leftover after parsing attributes in process `syz.3.2810'. [ 497.731743][T13470] netlink: 334 bytes leftover after parsing attributes in process `syz.0.2811'. [ 498.177293][ T30] audit: type=1800 audit(1771252579.665:12): pid=13473 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.2812" name="file0" dev="tmpfs" ino=3699 res=0 errno=0 [ 501.583935][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.601577][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 501.627782][T13549] FAULT_INJECTION: forcing a failure. [ 501.627782][T13549] name failslab, interval 1, probability 0, space 0, times 0 [ 501.681908][T13549] CPU: 0 UID: 0 PID: 13549 Comm: syz.1.2842 Tainted: G U L syzkaller #0 PREEMPT(full) [ 501.681952][T13549] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 501.681962][T13549] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 501.681977][T13549] Call Trace: [ 501.681985][T13549] [ 501.681994][T13549] dump_stack_lvl+0x100/0x190 [ 501.682037][T13549] should_fail_ex.cold+0x5/0xa [ 501.682065][T13549] should_failslab+0xc2/0x120 [ 501.682104][T13549] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 501.682137][T13549] ? __d_alloc+0x34/0xa80 [ 501.682182][T13549] __d_alloc+0x34/0xa80 [ 501.682224][T13549] d_alloc_pseudo+0x1c/0xc0 [ 501.682254][T13549] alloc_file_pseudo+0xcf/0x230 [ 501.682282][T13549] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 501.682316][T13549] sock_alloc_file+0x50/0x210 [ 501.682353][T13549] __sys_socketpair+0x353/0x5b0 [ 501.682381][T13549] ? __pfx___sys_socketpair+0x10/0x10 [ 501.682407][T13549] ? xfd_validate_state+0x129/0x190 [ 501.682450][T13549] __x64_sys_socketpair+0x96/0x100 [ 501.682476][T13549] ? lockdep_hardirqs_on+0x78/0x100 [ 501.682515][T13549] do_syscall_64+0x106/0xf80 [ 501.682548][T13549] ? clear_bhb_loop+0x40/0x90 [ 501.682578][T13549] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 501.682603][T13549] RIP: 0033:0x7fc32a79bf79 [ 501.682624][T13549] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 501.682649][T13549] RSP: 002b:00007fc32b6ed028 EFLAGS: 00000246 ORIG_RAX: 0000000000000035 [ 501.682672][T13549] RAX: ffffffffffffffda RBX: 00007fc32aa15fa0 RCX: 00007fc32a79bf79 [ 501.682689][T13549] RDX: 8000000000000000 RSI: 0000000000000002 RDI: 0000000000000001 [ 501.682704][T13549] RBP: 00007fc32a8327e0 R08: 0000000000000000 R09: 0000000000000000 [ 501.682719][T13549] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 501.682734][T13549] R13: 00007fc32aa16038 R14: 00007fc32aa15fa0 R15: 00007ffe86197ea8 [ 501.682765][T13549] [ 504.291546][T13598] netlink: 330 bytes leftover after parsing attributes in process `syz.3.2860'. [ 504.423860][T13602] netlink: 142 bytes leftover after parsing attributes in process `syz.1.2862'. [ 504.598506][T13605] mkiss: ax0: crc mode is auto. [ 505.959548][T13630] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2874'. [ 506.092300][T13630] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 506.117234][T13630] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 506.142962][T13630] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 506.160835][T13630] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 508.269253][T13669] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2887'. [ 508.370304][ T30] audit: type=1800 audit(1771252589.865:13): pid=13664 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.2885" name="file0" dev="tmpfs" ino=3567 res=0 errno=0 [ 509.081854][T13685] FAULT_INJECTION: forcing a failure. [ 509.081854][T13685] name failslab, interval 1, probability 0, space 0, times 0 [ 509.144136][T13685] CPU: 0 UID: 0 PID: 13685 Comm: syz.3.2894 Tainted: G U L syzkaller #0 PREEMPT(full) [ 509.144179][T13685] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 509.144188][T13685] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 509.144204][T13685] Call Trace: [ 509.144212][T13685] [ 509.144221][T13685] dump_stack_lvl+0x100/0x190 [ 509.144263][T13685] should_fail_ex.cold+0x5/0xa [ 509.144292][T13685] should_failslab+0xc2/0x120 [ 509.144332][T13685] __kmalloc_cache_noprof+0x7a/0x6f0 [ 509.144359][T13685] ? fuse_dev_alloc+0x48/0x280 [ 509.144385][T13685] ? lockdep_init_map_type+0x5c/0x250 [ 509.144421][T13685] fuse_dev_alloc+0x48/0x280 [ 509.144450][T13685] fuse_dev_alloc_install+0x13/0x40 [ 509.144478][T13685] cuse_channel_open+0x100/0x7f0 [ 509.144503][T13685] ? __pfx_cuse_channel_open+0x10/0x10 [ 509.144529][T13685] misc_open+0x26d/0x450 [ 509.144559][T13685] ? __pfx_misc_open+0x10/0x10 [ 509.144588][T13685] chrdev_open+0x234/0x6a0 [ 509.144625][T13685] ? __pfx_apparmor_file_open+0x10/0x10 [ 509.144651][T13685] ? __pfx_chrdev_open+0x10/0x10 [ 509.144690][T13685] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 509.144742][T13685] do_dentry_open+0x6d8/0x1660 [ 509.144779][T13685] ? __pfx_chrdev_open+0x10/0x10 [ 509.144824][T13685] vfs_open+0x82/0x3f0 [ 509.144853][T13685] path_openat+0x208c/0x31a0 [ 509.144901][T13685] ? __pfx_path_openat+0x10/0x10 [ 509.144949][T13685] do_file_open+0x20e/0x430 [ 509.144988][T13685] ? __pfx_do_file_open+0x10/0x10 [ 509.145047][T13685] ? alloc_fd+0x476/0x790 [ 509.145085][T13685] ? do_getname+0x191/0x390 [ 509.145114][T13685] do_sys_openat2+0x10d/0x1e0 [ 509.145141][T13685] ? __pfx_do_sys_openat2+0x10/0x10 [ 509.145170][T13685] ? __fget_files+0x21f/0x3d0 [ 509.145211][T13685] __x64_sys_openat+0x12d/0x210 [ 509.145240][T13685] ? __pfx___x64_sys_openat+0x10/0x10 [ 509.145279][T13685] do_syscall_64+0x106/0xf80 [ 509.145312][T13685] ? clear_bhb_loop+0x40/0x90 [ 509.145343][T13685] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 509.145370][T13685] RIP: 0033:0x7fa58779bf79 [ 509.145391][T13685] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 509.145415][T13685] RSP: 002b:00007fa5886eb028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 509.145439][T13685] RAX: ffffffffffffffda RBX: 00007fa587a15fa0 RCX: 00007fa58779bf79 [ 509.145456][T13685] RDX: 0000000000000000 RSI: 0000200000000380 RDI: ffffffffffffff9c [ 509.145472][T13685] RBP: 00007fa5878327e0 R08: 0000000000000000 R09: 0000000000000000 [ 509.145487][T13685] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 509.145503][T13685] R13: 00007fa587a16038 R14: 00007fa587a15fa0 R15: 00007ffeae7391f8 [ 509.145535][T13685] [ 509.756643][T13685] Process accounting resumed [ 511.260303][T13712] netlink: 25 bytes leftover after parsing attributes in process `syz.2.2902'. [ 511.661646][T13714] syz.1.2903 uses obsolete (PF_INET,SOCK_PACKET) [ 512.938933][T13736] netlink: 330 bytes leftover after parsing attributes in process `syz.1.2911'. [ 513.201113][T13745] netlink: 330 bytes leftover after parsing attributes in process `syz.1.2915'. [ 513.521807][T13750] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input5 [ 513.548320][T13749] FAULT_INJECTION: forcing a failure. [ 513.548320][T13749] name failslab, interval 1, probability 0, space 0, times 0 [ 513.593774][ T5178] ERROR: Out of memory at tomoyo_memory_ok. [ 513.614740][T13749] CPU: 0 UID: 0 PID: 13749 Comm: syz.3.2917 Tainted: G U L syzkaller #0 PREEMPT(full) [ 513.614783][T13749] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 513.614793][T13749] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 513.614808][T13749] Call Trace: [ 513.614816][T13749] [ 513.614833][T13749] dump_stack_lvl+0x100/0x190 [ 513.614879][T13749] should_fail_ex.cold+0x5/0xa [ 513.614907][T13749] should_failslab+0xc2/0x120 [ 513.614947][T13749] kmem_cache_alloc_node_noprof+0x81/0x6f0 [ 513.614984][T13749] ? __alloc_skb+0x140/0x710 [ 513.615019][T13749] __alloc_skb+0x140/0x710 [ 513.615047][T13749] ? __alloc_skb+0x5b7/0x710 [ 513.615076][T13749] ? __pfx___alloc_skb+0x10/0x10 [ 513.615115][T13749] inet6_netconf_notify_devconf+0x9d/0x170 [ 513.615155][T13749] addrconf_sysctl_unregister+0x134/0x1c0 [ 513.615194][T13749] addrconf_ifdown.isra.0+0x1522/0x1b70 [ 513.615257][T13749] ? __pfx_addrconf_ifdown.isra.0+0x10/0x10 [ 513.615304][T13749] ? tls_dev_event+0x2c9/0x10f0 [ 513.615336][T13749] ? net_generic+0xea/0x2a0 [ 513.615376][T13749] addrconf_notify+0x458/0x19c0 [ 513.615401][T13749] ? ip6mr_device_event+0x1bc/0x230 [ 513.615433][T13749] notifier_call_chain+0x99/0x420 [ 513.615472][T13749] call_netdevice_notifiers_info+0xbe/0x110 [ 513.615516][T13749] unregister_netdevice_many_notify+0x1208/0x2580 [ 513.615568][T13749] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 513.615608][T13749] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 513.615660][T13749] unregister_netdevice_queue+0x30b/0x3c0 [ 513.615699][T13749] ? __pfx_unregister_netdevice_queue+0x10/0x10 [ 513.615738][T13749] ? __pfx_locks_remove_file+0x10/0x10 [ 513.615788][T13749] ppp_release+0x211/0x230 [ 513.615823][T13749] ? __pfx_ppp_release+0x10/0x10 [ 513.615854][T13749] __fput+0x3ff/0xb40 [ 513.615886][T13749] task_work_run+0x150/0x240 [ 513.615923][T13749] ? __pfx_task_work_run+0x10/0x10 [ 513.615968][T13749] exit_to_user_mode_loop+0x100/0x4a0 [ 513.616004][T13749] do_syscall_64+0x668/0xf80 [ 513.616037][T13749] ? clear_bhb_loop+0x40/0x90 [ 513.616069][T13749] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 513.616096][T13749] RIP: 0033:0x7fa58779bf79 [ 513.616117][T13749] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 513.616143][T13749] RSP: 002b:00007fa5886eb028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 513.616168][T13749] RAX: 0000000000000000 RBX: 00007fa587a15fa0 RCX: 00007fa58779bf79 [ 513.616186][T13749] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 513.616201][T13749] RBP: 00007fa5878327e0 R08: 0000000000000000 R09: 0000000000000000 [ 513.616217][T13749] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 513.616232][T13749] R13: 00007fa587a16038 R14: 00007fa587a15fa0 R15: 00007ffeae7391f8 [ 513.616265][T13749] [ 516.018380][T13779] netlink: 'syz.2.2930': attribute type 4 has an invalid length. [ 516.081426][T13779] netlink: 314 bytes leftover after parsing attributes in process `syz.2.2930'. [ 516.590369][T13793] i2c i2c-0: Frontend requested software zigzag, but didn't set the frequency step size [ 518.719725][T13825] process 'syz.2.2948' launched '/dev/fd/5' with NULL argv: empty string added [ 518.794959][T13825] ERROR: Out of memory at tomoyo_memory_ok. [ 520.311954][T13858] netlink: 334 bytes leftover after parsing attributes in process `syz.1.2959'. [ 520.748469][T13863] netlink: 146 bytes leftover after parsing attributes in process `syz.1.2961'. [ 521.135324][T13870] ptp ptp0: new virtual clock ptp1 [ 521.171396][T13870] ptp ptp0: guarantee physical clock free running [ 521.216107][T13873] ptp ptp0: delete virtual clock ptp1 [ 521.365523][T13873] ptp ptp0: only physical clock in use now [ 521.472682][ T5829] Bluetooth: hci3: Malformed LE Event: 0x0b [ 528.311578][T13981] ptp ptp0: new virtual clock ptp1 [ 528.352001][T13981] ptp ptp0: guarantee physical clock free running [ 528.401510][T13985] ptp ptp0: delete virtual clock ptp1 [ 528.472731][T13985] ptp ptp0: only physical clock in use now [ 528.884869][T13990] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3006'. [ 529.010142][T13990] hsr_slave_0: left promiscuous mode [ 529.072872][T13990] hsr_slave_1: left promiscuous mode [ 529.191439][T13995] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 529.217266][T13995] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 529.281217][T13995] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 529.310083][T13995] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 529.388554][T13995] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 529.420865][T13999] futex_wake_op: syz.2.3011 tries to shift op by -2048; fix this program [ 529.429733][T13995] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 529.444265][T13999] futex_wake_op: syz.2.3011 tries to shift op by -2048; fix this program [ 529.483255][T13999] 0x000000000001-0x000000020000 : "" [ 529.518435][T13999] ftl_cs: FTL header corrupt! [ 529.525187][T13995] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 529.565004][T13995] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 529.729867][T14004] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3020'. [ 529.798103][T14000] ERROR: Out of memory at tomoyo_memory_ok. [ 529.850866][T14007] netlink: 17 bytes leftover after parsing attributes in process `syz.1.3020'. [ 531.142383][T14026] netlink: 'syz.2.3017': attribute type 27 has an invalid length. [ 531.171531][T14026] netlink: 334 bytes leftover after parsing attributes in process `syz.2.3017'. [ 531.260058][ T5829] Bluetooth: hci1: command 0x0406 tx timeout [ 531.286645][T14028] netlink: 334 bytes leftover after parsing attributes in process `syz.0.3018'. [ 531.337361][ T5829] Bluetooth: hci0: command 0x0406 tx timeout [ 531.419127][ T5829] Bluetooth: hci2: command 0x0406 tx timeout [ 531.577131][ T5829] Bluetooth: hci3: command 0x0406 tx timeout [ 533.271173][T14047] : renamed from team0 (while UP) [ 533.337137][ T5829] Bluetooth: hci1: command 0x0406 tx timeout [ 533.417167][ T5829] Bluetooth: hci0: command 0x0406 tx timeout [ 533.498272][ T5829] Bluetooth: hci2: command 0x0406 tx timeout [ 533.657164][ T5829] Bluetooth: hci3: command 0x0406 tx timeout [ 534.990549][T14068] input: jJǸ-9%vJ86 as /devices/virtual/input/input6 [ 535.049500][ T5178] ERROR: Out of memory at tomoyo_memory_ok. [ 536.191564][T14085] netlink: 302 bytes leftover after parsing attributes in process `syz.1.3043'. [ 537.468693][ T30] audit: type=1800 audit(1771252618.945:14): pid=14107 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.3050" name="dbroot" dev="configfs" ino=41805 res=0 errno=0 [ 538.340052][T14116] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3054'. [ 539.822736][T14133] Process accounting paused [ 540.604908][T14148] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 540.636771][T14148] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 540.667293][T14148] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 540.689932][T14148] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 541.573213][T14171] netlink: 334 bytes leftover after parsing attributes in process `syz.3.3074'. [ 542.622097][ T5829] Bluetooth: hci1: command 0x0406 tx timeout [ 542.702015][ T5829] Bluetooth: hci3: command 0x0406 tx timeout [ 542.708441][ T5829] Bluetooth: hci2: command 0x0406 tx timeout [ 542.714472][ T5829] Bluetooth: hci0: command 0x0406 tx timeout [ 544.898641][T14239] netlink: 'syz.2.3090': attribute type 29 has an invalid length. [ 544.906634][T14239] netlink: 334 bytes leftover after parsing attributes in process `syz.2.3090'. [ 550.961685][T14361] netlink: 146 bytes leftover after parsing attributes in process `syz.1.3138'. [ 551.381735][T14368] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3141'. [ 551.426106][T14368] netlink: 5 bytes leftover after parsing attributes in process `syz.3.3141'. [ 551.456582][T14368] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3141'. [ 553.283093][T14407] netlink: 146 bytes leftover after parsing attributes in process `syz.0.3152'. [ 554.525903][T14434] netlink: 322 bytes leftover after parsing attributes in process `syz.0.3157'. [ 554.836617][T14432] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3158'. [ 554.991172][ T106] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 555.044233][ T106] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 555.097456][ T106] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 555.167165][ T106] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 555.227545][ T106] netdevsim netdevsim100 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 555.376392][T14452] input: jJǸ-J86 as /devices/virtual/input/input7 [ 555.984253][T14467] netlink: 342 bytes leftover after parsing attributes in process `syz.2.3167'. [ 556.765130][T14482] netlink: 'syz.3.3174': attribute type 28 has an invalid length. [ 556.807159][T14482] netlink: 334 bytes leftover after parsing attributes in process `syz.3.3174'. [ 556.976543][T14485] sctp: [Deprecated]: syz.1.3173 (pid 14485) Use of struct sctp_assoc_value in delayed_ack socket option. [ 556.976543][T14485] Use struct sctp_sack_info instead [ 557.172573][T14489] netlink: 330 bytes leftover after parsing attributes in process `syz.2.3176'. [ 557.683993][T14497] block nbd7: not configured, cannot reconfigure [ 558.132600][T14507] random: crng reseeded on system resumption [ 558.154614][T14505] bond0: option slaves: interface - does not exist! [ 558.179018][T14507] FAULT_INJECTION: forcing a failure. [ 558.179018][T14507] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 558.239876][T14507] CPU: 0 UID: 0 PID: 14507 Comm: syz.3.3184 Tainted: G U L syzkaller #0 PREEMPT(full) [ 558.239920][T14507] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 558.239930][T14507] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 558.239945][T14507] Call Trace: [ 558.239953][T14507] [ 558.239962][T14507] dump_stack_lvl+0x100/0x190 [ 558.240011][T14507] should_fail_ex.cold+0x5/0xa [ 558.240036][T14507] ? prepare_alloc_pages+0x16d/0x5f0 [ 558.240079][T14507] should_fail_alloc_page+0xeb/0x140 [ 558.240121][T14507] prepare_alloc_pages+0x1f0/0x5f0 [ 558.240169][T14507] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 558.240205][T14507] ? __alloc_frozen_pages_noprof+0x2b1/0x2ba0 [ 558.240249][T14507] ? stack_trace_save+0x8e/0xc0 [ 558.240290][T14507] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 558.240323][T14507] ? stack_depot_save_flags+0x27/0x9d0 [ 558.240357][T14507] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 558.240394][T14507] ? kasan_save_stack+0x3f/0x50 [ 558.240427][T14507] ? kasan_save_stack+0x30/0x50 [ 558.240459][T14507] ? kasan_save_track+0x14/0x30 [ 558.240498][T14507] ? do_sys_openat2+0x10d/0x1e0 [ 558.240524][T14507] ? __x64_sys_openat+0x12d/0x210 [ 558.240550][T14507] ? do_syscall_64+0x106/0xf80 [ 558.240582][T14507] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 558.240610][T14507] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 558.240652][T14507] ? policy_nodemask+0xed/0x4f0 [ 558.240693][T14507] alloc_pages_mpol+0x1fb/0x550 [ 558.240733][T14507] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 558.240772][T14507] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 558.240816][T14507] alloc_pages_noprof+0x131/0x390 [ 558.240856][T14507] get_zeroed_page_noprof+0x18/0xb0 [ 558.240902][T14507] get_image_page+0x18/0x1a0 [ 558.240940][T14507] alloc_rtree_node+0x3c/0xb0 [ 558.240979][T14507] memory_bm_create+0x65e/0xba0 [ 558.241036][T14507] create_basic_memory_bitmaps+0xbd/0x350 [ 558.241084][T14507] snapshot_open+0x230/0x2a0 [ 558.241110][T14507] ? __pfx_snapshot_open+0x10/0x10 [ 558.241138][T14507] misc_open+0x26d/0x450 [ 558.241167][T14507] ? __pfx_misc_open+0x10/0x10 [ 558.241196][T14507] chrdev_open+0x234/0x6a0 [ 558.241232][T14507] ? __pfx_apparmor_file_open+0x10/0x10 [ 558.241258][T14507] ? __pfx_chrdev_open+0x10/0x10 [ 558.241297][T14507] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 558.241342][T14507] do_dentry_open+0x6d8/0x1660 [ 558.241378][T14507] ? __pfx_chrdev_open+0x10/0x10 [ 558.241424][T14507] vfs_open+0x82/0x3f0 [ 558.241453][T14507] path_openat+0x208c/0x31a0 [ 558.241501][T14507] ? __pfx_path_openat+0x10/0x10 [ 558.241549][T14507] do_file_open+0x20e/0x430 [ 558.241589][T14507] ? __pfx_do_file_open+0x10/0x10 [ 558.241649][T14507] ? alloc_fd+0x476/0x790 [ 558.241687][T14507] ? do_getname+0x191/0x390 [ 558.241715][T14507] do_sys_openat2+0x10d/0x1e0 [ 558.241743][T14507] ? __pfx_do_sys_openat2+0x10/0x10 [ 558.241771][T14507] ? find_held_lock+0x2b/0x80 [ 558.241818][T14507] __x64_sys_openat+0x12d/0x210 [ 558.241847][T14507] ? __pfx___x64_sys_openat+0x10/0x10 [ 558.241887][T14507] do_syscall_64+0x106/0xf80 [ 558.241920][T14507] ? clear_bhb_loop+0x40/0x90 [ 558.241950][T14507] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 558.241976][T14507] RIP: 0033:0x7fa58779bf79 [ 558.242005][T14507] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 558.242030][T14507] RSP: 002b:00007fa5886eb028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 558.242055][T14507] RAX: ffffffffffffffda RBX: 00007fa587a15fa0 RCX: 00007fa58779bf79 [ 558.242072][T14507] RDX: 0000000000008001 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 558.242088][T14507] RBP: 00007fa5878327e0 R08: 0000000000000000 R09: 0000000000000000 [ 558.242103][T14507] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 558.242117][T14507] R13: 00007fa587a16038 R14: 00007fa587a15fa0 R15: 00007ffeae7391f8 [ 558.242149][T14507] [ 560.589201][T14535] netlink: 'syz.1.3196': attribute type 27 has an invalid length. [ 560.663731][T14535] netlink: 334 bytes leftover after parsing attributes in process `syz.1.3196'. [ 562.740441][T14574] netlink: 330 bytes leftover after parsing attributes in process `syz.0.3210'. [ 563.022457][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 563.028905][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 564.964549][T14616] netlink: 342 bytes leftover after parsing attributes in process `syz.0.3224'. [ 565.390992][T14630] netlink: 350 bytes leftover after parsing attributes in process `syz.1.3229'. [ 566.573214][T14656] netlink: 338 bytes leftover after parsing attributes in process `syz.2.3239'. [ 569.067858][T14702] bridge0: port 3(bond0) entered blocking state [ 569.134618][T14702] bridge0: port 3(bond0) entered disabled state [ 569.216612][T14702] bond0: entered allmulticast mode [ 569.237345][T14702] bond_slave_0: entered allmulticast mode [ 569.309571][T14702] bond_slave_1: entered allmulticast mode [ 569.357451][T14702] bond0: entered promiscuous mode [ 569.411378][T14702] bond_slave_0: entered promiscuous mode [ 569.460251][T14702] bond_slave_1: entered promiscuous mode [ 569.523085][T14702] bridge0: port 3(bond0) entered blocking state [ 569.529794][T14702] bridge0: port 3(bond0) entered forwarding state [ 570.048872][T14718] Process accounting resumed [ 570.130266][T14724] netlink: 21 bytes leftover after parsing attributes in process `syz.1.3265'. [ 571.225033][T14742] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 571.426122][T14745] netlink: 'syz.2.3273': attribute type 4 has an invalid length. [ 571.889683][T14754] netlink: 'syz.1.3277': attribute type 33 has an invalid length. [ 571.947172][T14754] netlink: 322 bytes leftover after parsing attributes in process `syz.1.3277'. [ 571.987480][T14754] netlink: 'syz.1.3277': attribute type 33 has an invalid length. [ 571.995343][T14754] netlink: 322 bytes leftover after parsing attributes in process `syz.1.3277'. [ 572.190662][T14759] FAULT_INJECTION: forcing a failure. [ 572.190662][T14759] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 572.314616][T14759] CPU: 0 UID: 0 PID: 14759 Comm: syz.3.3279 Tainted: G U L syzkaller #0 PREEMPT(full) [ 572.314661][T14759] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 572.314670][T14759] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 572.314685][T14759] Call Trace: [ 572.314693][T14759] [ 572.314702][T14759] dump_stack_lvl+0x100/0x190 [ 572.314744][T14759] should_fail_ex.cold+0x5/0xa [ 572.314768][T14759] ? prepare_alloc_pages+0x16d/0x5f0 [ 572.314811][T14759] should_fail_alloc_page+0xeb/0x140 [ 572.314852][T14759] prepare_alloc_pages+0x1f0/0x5f0 [ 572.314898][T14759] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 572.314933][T14759] ? mas_next_slot+0x1003/0x18b0 [ 572.314975][T14759] ? __pfx___up_read+0x10/0x10 [ 572.315013][T14759] ? validate_mm+0x261/0x4e0 [ 572.315040][T14759] ? validate_mm+0x261/0x4e0 [ 572.315071][T14759] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 572.315107][T14759] ? validate_mm+0x392/0x4e0 [ 572.315139][T14759] ? __pfx_validate_mm+0x10/0x10 [ 572.315174][T14759] ? __pfx___vma_start_write+0x10/0x10 [ 572.315205][T14759] ? vma_iter_store_overwrite+0x392/0x650 [ 572.315233][T14759] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 572.315274][T14759] ? policy_nodemask+0xed/0x4f0 [ 572.315320][T14759] alloc_pages_mpol+0x1fb/0x550 [ 572.315360][T14759] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 572.315407][T14759] alloc_pages_noprof+0x131/0x390 [ 572.315448][T14759] __pmd_alloc+0x3b/0x9c0 [ 572.315474][T14759] move_page_tables+0x3224/0x4500 [ 572.315508][T14759] ? __pfx_copy_vma+0x10/0x10 [ 572.315550][T14759] ? __pfx_move_page_tables+0x10/0x10 [ 572.315598][T14759] ? finish_task_switch.isra.0+0x200/0xb80 [ 572.315627][T14759] copy_vma_and_data+0x25c/0x7c0 [ 572.315667][T14759] ? __pfx_copy_vma_and_data+0x10/0x10 [ 572.315712][T14759] ? __vma_start_write+0x17f/0x280 [ 572.315739][T14759] ? __pfx___vma_start_write+0x10/0x10 [ 572.315774][T14759] move_vma+0x51b/0x1890 [ 572.315810][T14759] ? __pfx_move_vma+0x10/0x10 [ 572.315844][T14759] ? mm_get_unmapped_area_vmflags+0xd7/0x130 [ 572.315887][T14759] ? cap_mmap_addr+0x4b/0x120 [ 572.315909][T14759] ? bpf_lsm_mmap_addr+0x9/0x30 [ 572.315944][T14759] ? security_mmap_addr+0x71/0x1e0 [ 572.315977][T14759] ? __get_unmapped_area+0x255/0x3e0 [ 572.316020][T14759] ? vrm_set_new_addr+0x204/0x290 [ 572.316054][T14759] mremap_to+0x1b7/0x450 [ 572.316086][T14759] do_mremap+0xb76/0x2130 [ 572.316130][T14759] ? __pfx_do_mremap+0x10/0x10 [ 572.316167][T14759] ? ksys_write+0x190/0x250 [ 572.316209][T14759] __do_sys_mremap+0x126/0x170 [ 572.316240][T14759] ? __pfx___do_sys_mremap+0x10/0x10 [ 572.316272][T14759] ? rcu_is_watching+0x12/0xc0 [ 572.316314][T14759] ? kfree+0x2ec/0x6b0 [ 572.316344][T14759] ? __x64_sys_futex+0x34f/0x4d0 [ 572.316392][T14759] do_syscall_64+0x106/0xf80 [ 572.316425][T14759] ? clear_bhb_loop+0x40/0x90 [ 572.316456][T14759] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 572.316483][T14759] RIP: 0033:0x7fa58779bf79 [ 572.316503][T14759] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 572.316528][T14759] RSP: 002b:00007fa5886eb028 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 572.316552][T14759] RAX: ffffffffffffffda RBX: 00007fa587a15fa0 RCX: 00007fa58779bf79 [ 572.316569][T14759] RDX: 0000000000000004 RSI: 0000000000000004 RDI: 0000200000000000 [ 572.316584][T14759] RBP: 00007fa5878327e0 R08: 0000000100000000 R09: 0000000000000000 [ 572.316600][T14759] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000000 [ 572.316615][T14759] R13: 00007fa587a16038 R14: 00007fa587a15fa0 R15: 00007ffeae7391f8 [ 572.316647][T14759] [ 573.525509][T14773] vhci_hcd vhci_hcd.1: invalid port number 255 [ 573.537188][T14773] vhci_hcd vhci_hcd.1: default hub control req: 600d v002b i00ff l1 [ 573.818589][T14779] FAULT_INJECTION: forcing a failure. [ 573.818589][T14779] name failslab, interval 1, probability 0, space 0, times 0 [ 573.861371][T14779] CPU: 0 UID: 0 PID: 14779 Comm: syz.1.3286 Tainted: G U L syzkaller #0 PREEMPT(full) [ 573.861415][T14779] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 573.861425][T14779] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 573.861441][T14779] Call Trace: [ 573.861449][T14779] [ 573.861458][T14779] dump_stack_lvl+0x100/0x190 [ 573.861500][T14779] should_fail_ex.cold+0x5/0xa [ 573.861528][T14779] should_failslab+0xc2/0x120 [ 573.861567][T14779] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 573.861599][T14779] ? __kernfs_new_node+0xd2/0x960 [ 573.861630][T14779] __kernfs_new_node+0xd2/0x960 [ 573.861659][T14779] ? __pfx___kernfs_new_node+0x10/0x10 [ 573.861692][T14779] ? find_held_lock+0x2b/0x80 [ 573.861732][T14779] ? kernfs_root+0xee/0x2a0 [ 573.861756][T14779] ? kernfs_root+0xee/0x2a0 [ 573.861787][T14779] kernfs_new_node+0x11b/0x1a0 [ 573.861821][T14779] __kernfs_create_file+0x53/0x350 [ 573.861861][T14779] sysfs_add_file_mode_ns+0x207/0x3c0 [ 573.861909][T14779] internal_create_group+0x593/0xf40 [ 573.861943][T14779] ? __pfx_internal_create_group+0x10/0x10 [ 573.861975][T14779] ? kernfs_create_link+0x1bd/0x240 [ 573.862016][T14779] internal_create_groups+0x9d/0x150 [ 573.862045][T14779] device_add+0x77a/0x1950 [ 573.862082][T14779] ? __pfx_device_add+0x10/0x10 [ 573.862110][T14779] ? __pfx___might_resched+0x10/0x10 [ 573.862144][T14779] ? lockdep_hardirqs_on+0x78/0x100 [ 573.862187][T14779] __add_disk+0x518/0xe40 [ 573.862226][T14779] add_disk_fwnode+0x118/0x5c0 [ 573.862256][T14779] loop_add+0x90b/0xb60 [ 573.862290][T14779] ? __pfx_loop_add+0x10/0x10 [ 573.862343][T14779] ? find_held_lock+0x2b/0x80 [ 573.862381][T14779] ? __fget_files+0x215/0x3d0 [ 573.862419][T14779] loop_control_ioctl+0xae/0x620 [ 573.862457][T14779] ? __pfx_loop_control_ioctl+0x10/0x10 [ 573.862497][T14779] ? __pfx_loop_control_ioctl+0x10/0x10 [ 573.862535][T14779] __x64_sys_ioctl+0x18e/0x210 [ 573.862568][T14779] do_syscall_64+0x106/0xf80 [ 573.862600][T14779] ? clear_bhb_loop+0x40/0x90 [ 573.862631][T14779] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 573.862657][T14779] RIP: 0033:0x7fc32a79bf79 [ 573.862677][T14779] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 573.862702][T14779] RSP: 002b:00007fc32b6ed028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 573.862726][T14779] RAX: ffffffffffffffda RBX: 00007fc32aa15fa0 RCX: 00007fc32a79bf79 [ 573.862742][T14779] RDX: fffffffffffffffd RSI: 0000000000004c80 RDI: 0000000000000005 [ 573.862758][T14779] RBP: 00007fc32a8327e0 R08: 0000000000000000 R09: 0000000000000000 [ 573.862773][T14779] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 573.862788][T14779] R13: 00007fc32aa16038 R14: 00007fc32aa15fa0 R15: 00007ffe86197ea8 [ 573.862819][T14779] [ 574.972919][T14790] netlink: 346 bytes leftover after parsing attributes in process `syz.1.3289'. [ 575.268133][T14776] netlink: 146 bytes leftover after parsing attributes in process `syz.2.3285'. [ 575.404496][T14796] netlink: 130 bytes leftover after parsing attributes in process `syz.3.3292'. [ 575.676306][T14801] MTRR 2 not used [ 575.773009][T14805] vivid-009: ================= START STATUS ================= [ 575.859655][T14805] vivid-009: Radio HW Seek Mode: Bounded [ 575.912224][T14805] vivid-009: Radio Programmable HW Seek: false [ 575.968368][T14805] vivid-009: RDS Rx I/O Mode: Block I/O [ 576.024549][T14805] vivid-009: Generate RBDS Instead of RDS: false [ 576.061264][T14805] vivid-009: RDS Reception: true [ 576.103169][T14805] vivid-009: RDS Program Type: 0 inactive [ 576.146288][T14805] vivid-009: RDS PS Name: inactive [ 576.173521][T14805] vivid-009: RDS Radio Text: inactive [ 576.199319][T14805] vivid-009: RDS Traffic Announcement: false inactive [ 576.248346][T14805] vivid-009: RDS Traffic Program: false inactive [ 576.292165][T14805] vivid-009: RDS Music: false inactive [ 576.331496][T14805] vivid-009: ================== END STATUS ================== [ 579.224926][T14875] sg_write: data in/out 1886744398/84 bytes for SCSI command 0x72-- guessing data in; [ 579.224926][T14875] program syz.1.3320 not setting count and/or reply_len properly [ 580.189184][T14893] netlink: 342 bytes leftover after parsing attributes in process `syz.2.3326'. [ 580.485940][T14901] vivid-009: ================= START STATUS ================= [ 580.520635][T14901] vivid-009: Radio HW Seek Mode: Bounded [ 580.545269][T14901] vivid-009: Radio Programmable HW Seek: false [ 580.581126][T14901] vivid-009: RDS Rx I/O Mode: Block I/O [ 580.606085][T14901] vivid-009: Generate RBDS Instead of RDS: false [ 580.650237][T14901] vivid-009: RDS Reception: true [ 580.675582][T14901] vivid-009: RDS Program Type: 0 inactive [ 580.702349][T14901] vivid-009: RDS PS Name: inactive [ 580.730323][T14901] vivid-009: RDS Radio Text: inactive [ 580.773930][T14901] vivid-009: RDS Traffic Announcement: false inactive [ 580.819625][T14901] vivid-009: RDS Traffic Program: false inactive [ 580.858860][T14901] vivid-009: RDS Music: false inactive [ 580.916393][T14901] vivid-009: ================== END STATUS ================== [ 581.682705][T14925] netlink: 334 bytes leftover after parsing attributes in process `syz.2.3334'. [ 582.310580][T14940] netlink: 'syz.3.3338': attribute type 16 has an invalid length. [ 582.348870][T14940] netlink: 306 bytes leftover after parsing attributes in process `syz.3.3338'. [ 584.573545][T14973] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 585.502643][T14990] netlink: 'syz.2.3354': attribute type 4 has an invalid length. [ 586.055717][T15006] netlink: 25 bytes leftover after parsing attributes in process `syz.0.3360'. [ 588.236025][T15017] kexec: Could not allocate control_code_buffer [ 588.512926][T15042] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3375'. [ 588.689802][T15047] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3376'. [ 589.026936][T15052] vcan0: tx drop: invalid da for name 0x000000000000003f [ 589.189251][T15044] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 589.794250][T15072] netlink: 342 bytes leftover after parsing attributes in process `syz.1.3386'. [ 589.841763][T15072] netlink: 342 bytes leftover after parsing attributes in process `syz.1.3386'. [ 590.277871][T15079] vcan0: tx drop: invalid da for name 0x000000000000003f [ 590.926709][T15092] random: crng reseeded on system resumption [ 591.542384][T15108] netlink: 326 bytes leftover after parsing attributes in process `syz.3.3402'. [ 592.867196][T15128] netlink: 334 bytes leftover after parsing attributes in process `syz.1.3409'. [ 593.182858][T15130] FAULT_INJECTION: forcing a failure. [ 593.182858][T15130] name failslab, interval 1, probability 0, space 0, times 0 [ 593.251989][T15130] CPU: 0 UID: 0 PID: 15130 Comm: syz.1.3411 Tainted: G U L syzkaller #0 PREEMPT(full) [ 593.252033][T15130] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 593.252043][T15130] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 593.252058][T15130] Call Trace: [ 593.252066][T15130] [ 593.252075][T15130] dump_stack_lvl+0x100/0x190 [ 593.252118][T15130] should_fail_ex.cold+0x5/0xa [ 593.252147][T15130] should_failslab+0xc2/0x120 [ 593.252186][T15130] __kmalloc_cache_noprof+0x7a/0x6f0 [ 593.252233][T15130] ? __io_uring_add_tctx_node+0x16f/0x3b0 [ 593.252282][T15130] ? alloc_file_pseudo+0x1a5/0x230 [ 593.252313][T15130] __io_uring_add_tctx_node+0x16f/0x3b0 [ 593.252342][T15130] ? __pfx___io_uring_add_tctx_node+0x10/0x10 [ 593.252373][T15130] ? __anon_inode_getfile+0x17c/0x280 [ 593.252418][T15130] io_uring_setup.cold+0x1a25/0x1d09 [ 593.252459][T15130] ? __pfx_io_uring_setup+0x10/0x10 [ 593.252500][T15130] ? __pfx_do_futex+0x10/0x10 [ 593.252543][T15130] ? xfd_validate_state+0x129/0x190 [ 593.252586][T15130] __x64_sys_io_uring_setup+0xc2/0x170 [ 593.252623][T15130] do_syscall_64+0x106/0xf80 [ 593.252657][T15130] ? clear_bhb_loop+0x40/0x90 [ 593.252687][T15130] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 593.252713][T15130] RIP: 0033:0x7fc32a79bf79 [ 593.252733][T15130] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 593.252758][T15130] RSP: 002b:00007fc32b6ed028 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 593.252782][T15130] RAX: ffffffffffffffda RBX: 00007fc32aa15fa0 RCX: 00007fc32a79bf79 [ 593.252798][T15130] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006 [ 593.252813][T15130] RBP: 00007fc32a8327e0 R08: 0000000000000000 R09: 0000000000000000 [ 593.252828][T15130] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 593.252843][T15130] R13: 00007fc32aa16038 R14: 00007fc32aa15fa0 R15: 00007ffe86197ea8 [ 593.252874][T15130] [ 593.668436][T15132] bridge0: port 4(netdevsim1) entered blocking state [ 593.676330][T15132] bridge0: port 4(netdevsim1) entered disabled state [ 593.765613][T15132] netdevsim netdevsim0 netdevsim1: entered allmulticast mode [ 593.795929][T15132] netdevsim netdevsim0 netdevsim1: entered promiscuous mode [ 593.859876][T15132] bridge0: port 4(netdevsim1) entered blocking state [ 593.866735][T15132] bridge0: port 4(netdevsim1) entered forwarding state [ 594.743266][T15155] device-mapper: ioctl: name not supplied when creating device [ 595.556107][T15170] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3427'. [ 595.598882][T15170] netlink: 17 bytes leftover after parsing attributes in process `syz.2.3427'. [ 597.411697][T15197] netlink: 334 bytes leftover after parsing attributes in process `syz.1.3439'. [ 598.246862][T15210] FAULT_INJECTION: forcing a failure. [ 598.246862][T15210] name failslab, interval 1, probability 0, space 0, times 0 [ 598.344165][T15210] CPU: 0 UID: 0 PID: 15210 Comm: syz.1.3443 Tainted: G U L syzkaller #0 PREEMPT(full) [ 598.344208][T15210] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 598.344218][T15210] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 598.344233][T15210] Call Trace: [ 598.344241][T15210] [ 598.344251][T15210] dump_stack_lvl+0x100/0x190 [ 598.344293][T15210] should_fail_ex.cold+0x5/0xa [ 598.344321][T15210] should_failslab+0xc2/0x120 [ 598.344361][T15210] __kmalloc_cache_noprof+0x7a/0x6f0 [ 598.344389][T15210] ? tomoyo_init_log+0x1a0/0x20c0 [ 598.344428][T15210] tomoyo_init_log+0x1a0/0x20c0 [ 598.344463][T15210] ? __pfx_format_decode+0x10/0x10 [ 598.344490][T15210] ? number+0x983/0xc90 [ 598.344528][T15210] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 598.344574][T15210] ? __pfx_tomoyo_init_log+0x10/0x10 [ 598.344616][T15210] tomoyo_write_log2+0x2ed/0xbc0 [ 598.344655][T15210] tomoyo_supervisor+0x15e/0x1340 [ 598.344700][T15210] ? __pfx_tomoyo_supervisor+0x10/0x10 [ 598.344750][T15210] ? tomoyo_realpath_from_path+0x19c/0x690 [ 598.344796][T15210] ? tomoyo_realpath_from_path+0x19c/0x690 [ 598.344831][T15210] ? kfree+0x1f6/0x6b0 [ 598.344859][T15210] ? tomoyo_check_path_number_acl+0x1e6/0x2f0 [ 598.344899][T15210] tomoyo_path_number_perm+0x445/0x580 [ 598.344930][T15210] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 598.344959][T15210] ? futex_wait+0x125/0x380 [ 598.345023][T15210] ? find_held_lock+0x2b/0x80 [ 598.345063][T15210] ? __fget_files+0x215/0x3d0 [ 598.345096][T15210] ? hook_file_ioctl_common+0x146/0x410 [ 598.345132][T15210] ? __fget_files+0x21f/0x3d0 [ 598.345178][T15210] security_file_ioctl+0xd3/0x230 [ 598.345209][T15210] __x64_sys_ioctl+0xb7/0x210 [ 598.345241][T15210] do_syscall_64+0x106/0xf80 [ 598.345273][T15210] ? clear_bhb_loop+0x40/0x90 [ 598.345304][T15210] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 598.345330][T15210] RIP: 0033:0x7fc32a79bf79 [ 598.345350][T15210] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 598.345375][T15210] RSP: 002b:00007fc32b6cc028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 598.345399][T15210] RAX: ffffffffffffffda RBX: 00007fc32aa16090 RCX: 00007fc32a79bf79 [ 598.345416][T15210] RDX: 0000000000000000 RSI: 0000000000001261 RDI: 0000000000000003 [ 598.345430][T15210] RBP: 00007fc32a8327e0 R08: 0000000000000000 R09: 0000000000000000 [ 598.345446][T15210] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 598.345460][T15210] R13: 00007fc32aa16128 R14: 00007fc32aa16090 R15: 00007ffe86197ea8 [ 598.345492][T15210] [ 599.615445][T15225] netlink: 'syz.1.3448': attribute type 4 has an invalid length. [ 599.667362][T15225] netlink: 314 bytes leftover after parsing attributes in process `syz.1.3448'. [ 600.261986][T15238] netlink: 342 bytes leftover after parsing attributes in process `syz.0.3452'. [ 600.525701][T15124] Process accounting paused [ 600.862490][T15249] netlink: 146 bytes leftover after parsing attributes in process `syz.1.3457'. [ 601.201470][T15253] netlink: 334 bytes leftover after parsing attributes in process `syz.0.3458'. [ 602.444672][T15267] phram: not enough arguments [ 602.953068][T15271] netlink: 'syz.1.3467': attribute type 4 has an invalid length. [ 603.278611][T15280] netlink: 342 bytes leftover after parsing attributes in process `syz.1.3471'. [ 603.289017][T15279] netlink: 334 bytes leftover after parsing attributes in process `syz.2.3470'. [ 604.387061][T15306] netlink: 342 bytes leftover after parsing attributes in process `syz.3.3480'. [ 604.559630][T15306] netlink: 342 bytes leftover after parsing attributes in process `syz.3.3480'. [ 604.802382][T15318] netlink: 330 bytes leftover after parsing attributes in process `syz.2.3486'. [ 605.060533][T15326] netlink: 342 bytes leftover after parsing attributes in process `syz.0.3489'. [ 605.463930][T15338] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3494'. [ 605.500300][T15338] netlink: 25 bytes leftover after parsing attributes in process `syz.0.3494'. [ 605.875639][T15347] __nla_validate_parse: 2 callbacks suppressed [ 605.875662][T15347] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3498'. [ 605.930419][T15347] netlink: 13 bytes leftover after parsing attributes in process `syz.0.3498'. [ 605.960942][T15347] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3498'. [ 607.543147][T15372] base or size exceeds the MTRR width [ 608.484374][T15388] zswap: compressor  not available [ 608.541286][T15393] Kernel: The 'panic_print' parameter is now deprecated. Please use 'panic_sys_info' and 'panic_console_replay' instead. [ 608.980340][T15403] netlink: 302 bytes leftover after parsing attributes in process `syz.2.3519'. [ 617.481572][T15531] netlink: 346 bytes leftover after parsing attributes in process `syz.3.3563'. [ 618.759067][T15550] FAULT_INJECTION: forcing a failure. [ 618.759067][T15550] name failslab, interval 1, probability 0, space 0, times 0 [ 618.821076][T15550] CPU: 0 UID: 0 PID: 15550 Comm: syz.3.3571 Tainted: G U L syzkaller #0 PREEMPT(full) [ 618.821120][T15550] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 618.821129][T15550] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 618.821145][T15550] Call Trace: [ 618.821153][T15550] [ 618.821163][T15550] dump_stack_lvl+0x100/0x190 [ 618.821206][T15550] should_fail_ex.cold+0x5/0xa [ 618.821235][T15550] should_failslab+0xc2/0x120 [ 618.821274][T15550] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 618.821307][T15550] ? __kernfs_new_node+0xd2/0x960 [ 618.821339][T15550] __kernfs_new_node+0xd2/0x960 [ 618.821368][T15550] ? __pfx___kernfs_new_node+0x10/0x10 [ 618.821401][T15550] ? find_held_lock+0x2b/0x80 [ 618.821440][T15550] ? kernfs_root+0xee/0x2a0 [ 618.821464][T15550] ? kernfs_root+0xee/0x2a0 [ 618.821496][T15550] kernfs_new_node+0x11b/0x1a0 [ 618.821530][T15550] __kernfs_create_file+0x53/0x350 [ 618.821577][T15550] sysfs_add_file_mode_ns+0x207/0x3c0 [ 618.821625][T15550] internal_create_group+0x593/0xf40 [ 618.821661][T15550] ? __pfx_internal_create_group+0x10/0x10 [ 618.821693][T15550] ? kernfs_create_link+0x1bd/0x240 [ 618.821734][T15550] internal_create_groups+0x9d/0x150 [ 618.821764][T15550] device_add+0x7c8/0x1950 [ 618.821798][T15550] ? __pfx_device_add+0x10/0x10 [ 618.821838][T15550] __add_disk+0x518/0xe40 [ 618.821865][T15550] ? find_held_lock+0x2b/0x80 [ 618.821906][T15550] add_disk_fwnode+0x3d4/0x5c0 [ 618.821936][T15550] zram_add+0x4d2/0x610 [ 618.821969][T15550] ? __pfx_zram_add+0x10/0x10 [ 618.822021][T15550] ? find_held_lock+0x2b/0x80 [ 618.822059][T15550] ? sysfs_file_kobj+0xe4/0x290 [ 618.822107][T15550] ? __pfx_hot_add_show+0x10/0x10 [ 618.822141][T15550] hot_add_show+0x21/0x80 [ 618.822174][T15550] class_attr_show+0x72/0xa0 [ 618.822203][T15550] ? __pfx_class_attr_show+0x10/0x10 [ 618.822231][T15550] sysfs_kf_seq_show+0x217/0x3a0 [ 618.822276][T15550] seq_read_iter+0x32f/0x1270 [ 618.822322][T15550] kernfs_fop_read_iter+0x46c/0x610 [ 618.822359][T15550] ? rw_verify_area+0xce/0x6d0 [ 618.822389][T15550] ? __pfx_kernfs_fop_read_iter+0x10/0x10 [ 618.822427][T15550] vfs_read+0x825/0xb30 [ 618.822465][T15550] ? __pfx_vfs_read+0x10/0x10 [ 618.822539][T15550] ksys_read+0x12a/0x250 [ 618.822583][T15550] ? __pfx_ksys_read+0x10/0x10 [ 618.822626][T15550] do_syscall_64+0x106/0xf80 [ 618.822659][T15550] ? clear_bhb_loop+0x40/0x90 [ 618.822690][T15550] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 618.822717][T15550] RIP: 0033:0x7fa58779bf79 [ 618.822738][T15550] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 618.822763][T15550] RSP: 002b:00007fa5886eb028 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 618.822787][T15550] RAX: ffffffffffffffda RBX: 00007fa587a15fa0 RCX: 00007fa58779bf79 [ 618.822803][T15550] RDX: 0000000000001000 RSI: 0000200000000ec0 RDI: 0000000000000005 [ 618.822819][T15550] RBP: 00007fa5878327e0 R08: 0000000000000000 R09: 0000000000000000 [ 618.822834][T15550] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 618.822850][T15550] R13: 00007fa587a16038 R14: 00007fa587a15fa0 R15: 00007ffeae7391f8 [ 618.822882][T15550] [ 620.716226][T15571] random: crng reseeded on system resumption [ 621.414910][T15585] netlink: 326 bytes leftover after parsing attributes in process `syz.0.3582'. [ 621.491144][T15573] [U] [ 621.493919][T15573] [U] [ 621.496632][T15573] [U] [ 621.499344][T15573] [U] [ 621.601422][T15573] [U] [ 621.604241][T15573] [U] [ 621.606972][T15573] [U] [ 621.609696][T15573] [U] [ 621.762279][T15573] [U] [ 624.280161][ T30] audit: type=1800 audit(1771252705.775:15): pid=15631 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.3596" name="members" dev="configfs" ino=49380 res=0 errno=0 [ 624.303262][T15629] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3595'. [ 624.370473][T15629] netlink: 354 bytes leftover after parsing attributes in process `syz.2.3595'. [ 624.465578][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.472107][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 625.383986][T15646] netlink: 'syz.2.3602': attribute type 27 has an invalid length. [ 625.477165][T15646] netlink: 334 bytes leftover after parsing attributes in process `syz.2.3602'. [ 626.474815][ T30] audit: type=1800 audit(1771252707.965:16): pid=15671 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.3614" name="members" dev="configfs" ino=49655 res=0 errno=0 [ 626.843704][T15678] zram: Added device: zram1 [ 629.156520][T15722] netlink: 'syz.2.3629': attribute type 4 has an invalid length. [ 630.488760][T15752] sp0: Synchronizing with TNC [ 630.908893][T15748] Process accounting resumed [ 631.117325][T15763] type: 65536 invalid [ 634.786874][T15844] netlink: 338 bytes leftover after parsing attributes in process `syz.0.3669'. [ 634.900149][T15845] netlink: 338 bytes leftover after parsing attributes in process `syz.0.3669'. [ 634.972633][T15844] netlink: 210 bytes leftover after parsing attributes in process `syz.0.3669'. [ 636.398607][T15876] netlink: 330 bytes leftover after parsing attributes in process `syz.1.3681'. [ 637.623656][T15906] netlink: 342 bytes leftover after parsing attributes in process `syz.2.3691'. [ 637.674829][T15907] netlink: 342 bytes leftover after parsing attributes in process `syz.2.3691'. [ 637.716813][T15906] IPv6: NLM_F_CREATE should be specified when creating new route [ 637.760276][T15906] IPv6: Can't replace route, no match found [ 637.781422][T15907] IPv6: Can't replace route, no match found [ 637.860194][T15910] netlink: 'syz.1.3692': attribute type 4 has an invalid length. [ 637.906621][T15910] netlink: 314 bytes leftover after parsing attributes in process `syz.1.3692'. [ 638.329173][T15922] FAULT_INJECTION: forcing a failure. [ 638.329173][T15922] name failslab, interval 1, probability 0, space 0, times 0 [ 638.397385][T15922] CPU: 0 UID: 0 PID: 15922 Comm: syz.1.3696 Tainted: G U L syzkaller #0 PREEMPT(full) [ 638.397428][T15922] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 638.397438][T15922] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 638.397453][T15922] Call Trace: [ 638.397460][T15922] [ 638.397470][T15922] dump_stack_lvl+0x100/0x190 [ 638.397511][T15922] should_fail_ex.cold+0x5/0xa [ 638.397541][T15922] should_failslab+0xc2/0x120 [ 638.397579][T15922] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 638.397619][T15922] ? proc_alloc_inode+0x25/0x200 [ 638.397648][T15922] ? __pfx_proc_alloc_inode+0x10/0x10 [ 638.397676][T15922] proc_alloc_inode+0x25/0x200 [ 638.397701][T15922] alloc_inode+0x68/0x250 [ 638.397728][T15922] new_inode+0x22/0x1c0 [ 638.397758][T15922] proc_pid_make_inode+0x22/0x160 [ 638.397786][T15922] proc_pident_instantiate+0x85/0x310 [ 638.397815][T15922] proc_pident_lookup+0x1e3/0x270 [ 638.397848][T15922] __lookup_slow+0x251/0x460 [ 638.397876][T15922] ? __pfx___lookup_slow+0x10/0x10 [ 638.397927][T15922] lookup_slow+0x50/0x70 [ 638.397954][T15922] link_path_walk+0x1377/0x1cc0 [ 638.397996][T15922] path_openat+0x1be/0x31a0 [ 638.398032][T15922] ? kasan_save_stack+0x3f/0x50 [ 638.398065][T15922] ? kasan_save_stack+0x30/0x50 [ 638.398097][T15922] ? kasan_save_track+0x14/0x30 [ 638.398130][T15922] ? kmem_cache_alloc_noprof+0x241/0x6e0 [ 638.398169][T15922] ? __pfx_path_openat+0x10/0x10 [ 638.398218][T15922] do_file_open+0x20e/0x430 [ 638.398258][T15922] ? __pfx_do_file_open+0x10/0x10 [ 638.398306][T15922] ? __pfx_kfree_link+0x10/0x10 [ 638.398343][T15922] ? alloc_fd+0x476/0x790 [ 638.398382][T15922] ? do_getname+0x191/0x390 [ 638.398410][T15922] do_sys_openat2+0x10d/0x1e0 [ 638.398438][T15922] ? __pfx_do_sys_openat2+0x10/0x10 [ 638.398476][T15922] __x64_sys_openat+0x12d/0x210 [ 638.398504][T15922] ? __pfx___x64_sys_openat+0x10/0x10 [ 638.398544][T15922] do_syscall_64+0x106/0xf80 [ 638.398577][T15922] ? clear_bhb_loop+0x40/0x90 [ 638.398613][T15922] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 638.398643][T15922] RIP: 0033:0x7fc32a75c84e [ 638.398664][T15922] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 638.398689][T15922] RSP: 002b:00007fc32b6ecec8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 638.398713][T15922] RAX: ffffffffffffffda RBX: 00007fc32b6ed6c0 RCX: 00007fc32a75c84e [ 638.398730][T15922] RDX: 0000000000000002 RSI: 00007fc32b6ecf90 RDI: ffffffffffffff9c [ 638.398745][T15922] RBP: 00007fc32a8327e0 R08: 0000000000000000 R09: 0000000000000000 [ 638.398760][T15922] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 638.398775][T15922] R13: 00007fc32aa16038 R14: 00007fc32aa15fa0 R15: 00007ffe86197ea8 [ 638.398807][T15922] [ 639.694025][T15933] FAULT_INJECTION: forcing a failure. [ 639.694025][T15933] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 639.734112][T15933] CPU: 0 UID: 0 PID: 15933 Comm: syz.3.3698 Tainted: G U L syzkaller #0 PREEMPT(full) [ 639.734157][T15933] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 639.734166][T15933] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 639.734183][T15933] Call Trace: [ 639.734192][T15933] [ 639.734201][T15933] dump_stack_lvl+0x100/0x190 [ 639.734245][T15933] should_fail_ex.cold+0x5/0xa [ 639.734271][T15933] ? prepare_alloc_pages+0x16d/0x5f0 [ 639.734316][T15933] should_fail_alloc_page+0xeb/0x140 [ 639.734359][T15933] prepare_alloc_pages+0x1f0/0x5f0 [ 639.734406][T15933] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 639.734447][T15933] ? __lock_acquire+0x4a5/0x2630 [ 639.734498][T15933] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 639.734537][T15933] ? do_raw_spin_lock+0x128/0x260 [ 639.734574][T15933] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 639.734611][T15933] ? find_held_lock+0x2b/0x80 [ 639.734661][T15933] ? __lock_acquire+0x4a5/0x2630 [ 639.734691][T15933] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 639.734734][T15933] ? policy_nodemask+0xed/0x4f0 [ 639.734777][T15933] alloc_pages_mpol+0x1fb/0x550 [ 639.734818][T15933] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 639.734858][T15933] ? __folio_batch_add_and_move+0x5e5/0xc60 [ 639.734895][T15933] ? __folio_batch_add_and_move+0x5e5/0xc60 [ 639.734937][T15933] folio_alloc_mpol_noprof+0x36/0x340 [ 639.734965][T15933] shmem_alloc_folio+0x135/0x160 [ 639.734995][T15933] shmem_alloc_and_add_folio+0x371/0xd40 [ 639.735039][T15933] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 639.735078][T15933] ? shmem_allowable_huge_orders+0x2bd/0x400 [ 639.735112][T15933] ? __bpf_trace_sched_util_est_se_tp+0xb0/0xc0 [ 639.735157][T15933] shmem_get_folio_gfp+0x6ab/0x1900 [ 639.735198][T15933] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 639.735235][T15933] ? __pfx___might_resched+0x10/0x10 [ 639.735271][T15933] ? noop_dirty_folio+0xfd/0x160 [ 639.735314][T15933] shmem_fallocate+0x6d7/0x1060 [ 639.735362][T15933] ? __pfx_shmem_fallocate+0x10/0x10 [ 639.735407][T15933] ? __lock_acquire+0x4a5/0x2630 [ 639.735441][T15933] ? __lock_acquire+0x4a5/0x2630 [ 639.735494][T15933] ? __pfx_shmem_fallocate+0x10/0x10 [ 639.735531][T15933] vfs_fallocate+0x576/0x10d0 [ 639.735573][T15933] ? __pfx_vfs_fallocate+0x10/0x10 [ 639.735619][T15933] __x64_sys_fallocate+0xd5/0x140 [ 639.735662][T15933] do_syscall_64+0x106/0xf80 [ 639.735697][T15933] ? clear_bhb_loop+0x40/0x90 [ 639.735742][T15933] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 639.735768][T15933] RIP: 0033:0x7fa58779bf79 [ 639.735788][T15933] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 639.735813][T15933] RSP: 002b:00007fa5886eb028 EFLAGS: 00000246 ORIG_RAX: 000000000000011d [ 639.735837][T15933] RAX: ffffffffffffffda RBX: 00007fa587a15fa0 RCX: 00007fa58779bf79 [ 639.735853][T15933] RDX: 0000000000000007 RSI: 0000000000000000 RDI: 0000000000000005 [ 639.735868][T15933] RBP: 00007fa5878327e0 R08: 0000000000000000 R09: 0000000000000000 [ 639.735883][T15933] R10: 00000000004cbd5d R11: 0000000000000246 R12: 0000000000000000 [ 639.735899][T15933] R13: 00007fa587a16038 R14: 00007fa587a15fa0 R15: 00007ffeae7391f8 [ 639.735931][T15933] [ 640.127095][T15939] netlink: 234 bytes leftover after parsing attributes in process `syz.3.3700'. [ 641.903536][T15965] ERROR: Out of memory at tomoyo_memory_ok. [ 642.520755][T15975] FAULT_INJECTION: forcing a failure. [ 642.520755][T15975] name failslab, interval 1, probability 0, space 0, times 0 [ 642.577006][T15975] CPU: 0 UID: 0 PID: 15975 Comm: syz.3.3711 Tainted: G U L syzkaller #0 PREEMPT(full) [ 642.577050][T15975] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 642.577059][T15975] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 642.577075][T15975] Call Trace: [ 642.577082][T15975] [ 642.577092][T15975] dump_stack_lvl+0x100/0x190 [ 642.577135][T15975] should_fail_ex.cold+0x5/0xa [ 642.577170][T15975] should_failslab+0xc2/0x120 [ 642.577208][T15975] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 642.577242][T15975] ? __d_alloc+0x34/0xa80 [ 642.577287][T15975] __d_alloc+0x34/0xa80 [ 642.577324][T15975] ? __pfx_stack_trace_save+0x10/0x10 [ 642.577368][T15975] d_alloc_parallel+0x111/0x14e0 [ 642.577401][T15975] ? kasan_save_stack+0x3f/0x50 [ 642.577434][T15975] ? kasan_save_stack+0x30/0x50 [ 642.577466][T15975] ? kasan_save_track+0x14/0x30 [ 642.577499][T15975] ? __kasan_slab_free+0x5f/0x80 [ 642.577534][T15975] ? path_openat+0x1be/0x31a0 [ 642.577574][T15975] ? __pfx_d_alloc_parallel+0x10/0x10 [ 642.577608][T15975] ? lockdep_init_map_type+0x5c/0x250 [ 642.577641][T15975] ? lockdep_init_map_type+0x5c/0x250 [ 642.577677][T15975] __lookup_slow+0x193/0x460 [ 642.577723][T15975] ? __pfx___lookup_slow+0x10/0x10 [ 642.577774][T15975] lookup_slow+0x50/0x70 [ 642.577800][T15975] link_path_walk+0x1377/0x1cc0 [ 642.577842][T15975] path_openat+0x1be/0x31a0 [ 642.577877][T15975] ? kasan_save_stack+0x3f/0x50 [ 642.577909][T15975] ? kasan_save_stack+0x30/0x50 [ 642.577941][T15975] ? kasan_save_track+0x14/0x30 [ 642.577974][T15975] ? kmem_cache_alloc_noprof+0x241/0x6e0 [ 642.578014][T15975] ? __pfx_path_openat+0x10/0x10 [ 642.578062][T15975] do_file_open+0x20e/0x430 [ 642.578102][T15975] ? __pfx_do_file_open+0x10/0x10 [ 642.578153][T15975] ? __pfx_kfree_link+0x10/0x10 [ 642.578192][T15975] ? alloc_fd+0x476/0x790 [ 642.578230][T15975] ? do_getname+0x191/0x390 [ 642.578258][T15975] do_sys_openat2+0x10d/0x1e0 [ 642.578285][T15975] ? __pfx_do_sys_openat2+0x10/0x10 [ 642.578323][T15975] __x64_sys_openat+0x12d/0x210 [ 642.578352][T15975] ? __pfx___x64_sys_openat+0x10/0x10 [ 642.578392][T15975] do_syscall_64+0x106/0xf80 [ 642.578424][T15975] ? clear_bhb_loop+0x40/0x90 [ 642.578455][T15975] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 642.578482][T15975] RIP: 0033:0x7fa58775c84e [ 642.578502][T15975] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 642.578527][T15975] RSP: 002b:00007fa5886eaec8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 642.578551][T15975] RAX: ffffffffffffffda RBX: 00007fa5886eb6c0 RCX: 00007fa58775c84e [ 642.578567][T15975] RDX: 0000000000000002 RSI: 00007fa5886eaf90 RDI: ffffffffffffff9c [ 642.578583][T15975] RBP: 00007fa5878327e0 R08: 0000000000000000 R09: 0000000000000000 [ 642.578598][T15975] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 642.578612][T15975] R13: 00007fa587a16038 R14: 00007fa587a15fa0 R15: 00007ffeae7391f8 [ 642.578644][T15975] [ 648.072311][T16063] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3739'. [ 648.154224][T16063] bridge0: port 2(bridge_slave_1) entered disabled state [ 648.276701][T16063] bridge_slave_1 (unregistering): left allmulticast mode [ 648.340676][T16063] bridge_slave_1 (unregistering): left promiscuous mode [ 648.403401][T16063] bridge0: port 2(bridge_slave_1) entered disabled state [ 652.834735][T16152] input: f as /devices/virtual/input/input8 [ 652.848115][ T5178] ERROR: Out of memory at tomoyo_memory_ok. [ 653.577062][T16151] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 653.612611][T16151] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 653.643231][T16151] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 653.675363][T16151] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 654.283772][T16173] netlink: 'syz.1.3769': attribute type 16 has an invalid length. [ 654.358149][T16176] netlink: 'syz.1.3769': attribute type 16 has an invalid length. [ 654.396624][T16173] netlink: 50 bytes leftover after parsing attributes in process `syz.1.3769'. [ 654.489262][T16176] netlink: 50 bytes leftover after parsing attributes in process `syz.1.3769'. [ 654.865589][ T5825] Bluetooth: hci1: command 0x0406 tx timeout [ 655.308195][T16190] netlink: 326 bytes leftover after parsing attributes in process `syz.0.3776'. [ 655.666020][ T5825] Bluetooth: hci2: command 0x0406 tx timeout [ 655.672119][T14196] Bluetooth: hci0: command 0x0406 tx timeout [ 655.747452][T14196] Bluetooth: hci3: command 0x0406 tx timeout [ 656.538262][T16216] ERROR: Out of memory at tomoyo_memory_ok. [ 656.738444][T16214] ERROR: Out of memory at tomoyo_memory_ok. [ 656.956116][T16219] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3783'. [ 658.490275][T16234] ERROR: Out of memory at tomoyo_memory_ok. [ 659.908197][T16268] syz.3.3802 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 661.309747][T16284] Process accounting paused [ 663.490231][T16322] FAULT_INJECTION: forcing a failure. [ 663.490231][T16322] name failslab, interval 1, probability 0, space 0, times 0 [ 663.613838][T16322] CPU: 0 UID: 0 PID: 16322 Comm: syz.1.3820 Tainted: G U L syzkaller #0 PREEMPT(full) [ 663.613882][T16322] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 663.613892][T16322] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 663.613907][T16322] Call Trace: [ 663.613915][T16322] [ 663.613924][T16322] dump_stack_lvl+0x100/0x190 [ 663.613988][T16322] should_fail_ex.cold+0x5/0xa [ 663.614016][T16322] ? lsm_blob_alloc+0x68/0x90 [ 663.614058][T16322] should_failslab+0xc2/0x120 [ 663.614097][T16322] __kmalloc_noprof+0xe0/0x850 [ 663.614130][T16322] ? trace_kmem_cache_alloc+0xf3/0x120 [ 663.614174][T16322] lsm_blob_alloc+0x68/0x90 [ 663.614211][T16322] security_sk_alloc+0x2d/0x290 [ 663.614238][T16322] sk_prot_alloc+0x1d1/0x2a0 [ 663.614280][T16322] sk_alloc+0x36/0xe80 [ 663.614310][T16322] inet6_create+0x385/0x12b0 [ 663.614346][T16322] ? inet6_create+0x7f/0x12b0 [ 663.614383][T16322] __sock_create+0x339/0x860 [ 663.614438][T16322] udp_sock_create6+0xc7/0x6a0 [ 663.614475][T16322] ? __pfx_udp_sock_create6+0x10/0x10 [ 663.614515][T16322] ? crng_make_state+0x477/0x6c0 [ 663.614540][T16322] ? lockdep_hardirqs_on+0x78/0x100 [ 663.614574][T16322] ? crng_make_state+0x2b0/0x6c0 [ 663.614603][T16322] rxrpc_open_socket+0x206/0x6b0 [ 663.614646][T16322] ? __pfx_rxrpc_open_socket+0x10/0x10 [ 663.614703][T16322] ? rcu_is_watching+0x12/0xc0 [ 663.614744][T16322] rxrpc_lookup_local+0xac7/0x1220 [ 663.614773][T16322] ? __pfx_rxrpc_lookup_local+0x10/0x10 [ 663.614801][T16322] ? __local_bh_enable_ip+0x9e/0x120 [ 663.614831][T16322] rxrpc_sendmsg+0x34a/0x680 [ 663.614862][T16322] sock_write_iter+0x566/0x610 [ 663.614904][T16322] ? __pfx_sock_write_iter+0x10/0x10 [ 663.614955][T16322] ? bpf_lsm_file_permission+0x9/0x10 [ 663.614990][T16322] ? security_file_permission+0x76/0x210 [ 663.615023][T16322] ? rw_verify_area+0xce/0x6d0 [ 663.615065][T16322] vfs_write+0x6ac/0x1070 [ 663.615101][T16322] ? __pfx_sock_write_iter+0x10/0x10 [ 663.615145][T16322] ? __pfx_vfs_write+0x10/0x10 [ 663.615177][T16322] ? find_held_lock+0x2b/0x80 [ 663.615235][T16322] ksys_write+0x1f8/0x250 [ 663.615269][T16322] ? __pfx_ksys_write+0x10/0x10 [ 663.615313][T16322] do_syscall_64+0x106/0xf80 [ 663.615345][T16322] ? clear_bhb_loop+0x40/0x90 [ 663.615376][T16322] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 663.615402][T16322] RIP: 0033:0x7fc32a79bf79 [ 663.615423][T16322] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 663.615448][T16322] RSP: 002b:00007fc32b6ed028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 663.615472][T16322] RAX: ffffffffffffffda RBX: 00007fc32aa15fa0 RCX: 00007fc32a79bf79 [ 663.615489][T16322] RDX: 0000000000100082 RSI: 0000000000000000 RDI: 0000000000000003 [ 663.615504][T16322] RBP: 00007fc32a8327e0 R08: 0000000000000000 R09: 0000000000000000 [ 663.615519][T16322] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 663.615534][T16322] R13: 00007fc32aa16038 R14: 00007fc32aa15fa0 R15: 00007ffe86197ea8 [ 663.615566][T16322] [ 666.610255][T16368] netlink: 'syz.2.3834': attribute type 1 has an invalid length. [ 666.652980][T16368] netlink: 314 bytes leftover after parsing attributes in process `syz.2.3834'. [ 667.373275][T16378] netlink: 146 bytes leftover after parsing attributes in process `syz.1.3838'. [ 667.437073][T16381] netlink: 346 bytes leftover after parsing attributes in process `syz.2.3839'. [ 670.625806][T16433] ERROR: Out of memory at tomoyo_memory_ok. [ 670.973310][T16438] netlink: 342 bytes leftover after parsing attributes in process `syz.1.3861'. [ 671.026588][T16438] IPv6: NLM_F_CREATE should be specified when creating new route [ 671.065266][T16438] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 671.072608][T16438] IPv6: NLM_F_CREATE should be set when creating new route [ 671.079915][T16438] IPv6: NLM_F_CREATE should be set when creating new route [ 674.949855][T16504] FAULT_INJECTION: forcing a failure. [ 674.949855][T16504] name failslab, interval 1, probability 0, space 0, times 0 [ 675.030122][T16504] CPU: 0 UID: 0 PID: 16504 Comm: syz.1.3885 Tainted: G U L syzkaller #0 PREEMPT(full) [ 675.030165][T16504] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 675.030175][T16504] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 675.030190][T16504] Call Trace: [ 675.030198][T16504] [ 675.030207][T16504] dump_stack_lvl+0x100/0x190 [ 675.030248][T16504] should_fail_ex.cold+0x5/0xa [ 675.030276][T16504] ? tomoyo_init_log+0x1224/0x20c0 [ 675.030309][T16504] should_failslab+0xc2/0x120 [ 675.030348][T16504] __kmalloc_noprof+0xe0/0x850 [ 675.030386][T16504] tomoyo_init_log+0x1224/0x20c0 [ 675.030427][T16504] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 675.030471][T16504] ? __pfx_tomoyo_init_log+0x10/0x10 [ 675.030513][T16504] tomoyo_write_log2+0x2ed/0xbc0 [ 675.030552][T16504] tomoyo_supervisor+0x15e/0x1340 [ 675.030596][T16504] ? __pfx_tomoyo_supervisor+0x10/0x10 [ 675.030650][T16504] ? kasan_quarantine_put+0x104/0x240 [ 675.030686][T16504] ? tomoyo_check_path_acl+0x141/0x210 [ 675.030715][T16504] ? tomoyo_check_acl+0x1f7/0x410 [ 675.030744][T16504] tomoyo_path_permission+0x270/0x3b0 [ 675.030776][T16504] tomoyo_check_open_permission+0x37f/0x3c0 [ 675.030807][T16504] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 675.030873][T16504] ? do_raw_spin_lock+0x128/0x260 [ 675.030910][T16504] ? path_get+0x61/0x80 [ 675.030953][T16504] tomoyo_file_open+0x6b/0x90 [ 675.030994][T16504] security_file_open+0xb5/0x1e0 [ 675.031027][T16504] do_dentry_open+0x5aa/0x1660 [ 675.031066][T16504] ? security_inode_permission+0xbf/0x250 [ 675.031100][T16504] vfs_open+0x82/0x3f0 [ 675.031130][T16504] path_openat+0x208c/0x31a0 [ 675.031177][T16504] ? __pfx_path_openat+0x10/0x10 [ 675.031225][T16504] do_file_open+0x20e/0x430 [ 675.031265][T16504] ? __pfx_do_file_open+0x10/0x10 [ 675.031323][T16504] ? alloc_fd+0x476/0x790 [ 675.031362][T16504] ? do_getname+0x191/0x390 [ 675.031389][T16504] do_sys_openat2+0x10d/0x1e0 [ 675.031417][T16504] ? __pfx_do_sys_openat2+0x10/0x10 [ 675.031461][T16504] __x64_sys_openat+0x12d/0x210 [ 675.031489][T16504] ? __pfx___x64_sys_openat+0x10/0x10 [ 675.031529][T16504] do_syscall_64+0x106/0xf80 [ 675.031561][T16504] ? clear_bhb_loop+0x40/0x90 [ 675.031592][T16504] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 675.031618][T16504] RIP: 0033:0x7fc32a79bf79 [ 675.031639][T16504] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 675.031664][T16504] RSP: 002b:00007fc32b6ed028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 675.031689][T16504] RAX: ffffffffffffffda RBX: 00007fc32aa15fa0 RCX: 00007fc32a79bf79 [ 675.031706][T16504] RDX: 00000000001e3800 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 675.031722][T16504] RBP: 00007fc32a8327e0 R08: 0000000000000000 R09: 0000000000000000 [ 675.031737][T16504] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 675.031752][T16504] R13: 00007fc32aa16038 R14: 00007fc32aa15fa0 R15: 00007ffe86197ea8 [ 675.031784][T16504] [ 676.087741][T16514] netlink: 146 bytes leftover after parsing attributes in process `syz.1.3888'. [ 676.516012][T16523] netlink: 504 bytes leftover after parsing attributes in process `syz.1.3892'. [ 676.550000][T16523] netlink: 504 bytes leftover after parsing attributes in process `syz.1.3892'. [ 676.724004][T16526] FAULT_INJECTION: forcing a failure. [ 676.724004][T16526] name failslab, interval 1, probability 0, space 0, times 0 [ 676.771200][T16526] CPU: 0 UID: 0 PID: 16526 Comm: syz.1.3893 Tainted: G U L syzkaller #0 PREEMPT(full) [ 676.771245][T16526] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 676.771254][T16526] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 676.771270][T16526] Call Trace: [ 676.771277][T16526] [ 676.771287][T16526] dump_stack_lvl+0x100/0x190 [ 676.771329][T16526] should_fail_ex.cold+0x5/0xa [ 676.771358][T16526] should_failslab+0xc2/0x120 [ 676.771397][T16526] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 676.771430][T16526] ? do_epoll_ctl+0xc6c/0x36a0 [ 676.771466][T16526] ? do_epoll_ctl+0x4e4/0x36a0 [ 676.771502][T16526] ? percpu_counter_add_batch+0xb9/0x230 [ 676.771536][T16526] do_epoll_ctl+0xc6c/0x36a0 [ 676.771573][T16526] ? io_uring_setup+0xd7/0x160 [ 676.771608][T16526] ? ksys_write+0x190/0x250 [ 676.771656][T16526] ? __pfx_do_epoll_ctl+0x10/0x10 [ 676.771701][T16526] ? find_held_lock+0x2b/0x80 [ 676.771740][T16526] ? __might_fault+0xc5/0x140 [ 676.771770][T16526] ? __might_fault+0xc5/0x140 [ 676.771811][T16526] ? __x64_sys_epoll_ctl+0x15c/0x1e0 [ 676.771848][T16526] __x64_sys_epoll_ctl+0x15c/0x1e0 [ 676.771888][T16526] ? __pfx___x64_sys_epoll_ctl+0x10/0x10 [ 676.771937][T16526] do_syscall_64+0x106/0xf80 [ 676.771969][T16526] ? clear_bhb_loop+0x40/0x90 [ 676.772001][T16526] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 676.772027][T16526] RIP: 0033:0x7fc32a79bf79 [ 676.772047][T16526] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 676.772072][T16526] RSP: 002b:00007fc32b6ed028 EFLAGS: 00000246 ORIG_RAX: 00000000000000e9 [ 676.772095][T16526] RAX: ffffffffffffffda RBX: 00007fc32aa15fa0 RCX: 00007fc32a79bf79 [ 676.772112][T16526] RDX: 0000000000000003 RSI: 0000000000000001 RDI: 0000000000000004 [ 676.772127][T16526] RBP: 00007fc32a8327e0 R08: 0000000000000000 R09: 0000000000000000 [ 676.772142][T16526] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 676.772157][T16526] R13: 00007fc32aa16038 R14: 00007fc32aa15fa0 R15: 00007ffe86197ea8 [ 676.772189][T16526] [ 677.682674][T16540] netlink: 330 bytes leftover after parsing attributes in process `syz.0.3899'. [ 677.827098][T16538] serio: Serial port ttyS2 [ 677.939181][T16546] netlink: 146 bytes leftover after parsing attributes in process `syz.3.3900'. [ 678.654468][T16561] ref_tracker: memory allocation failure, unreliable refcount tracker. [ 679.614259][ T49] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 679.893746][ T49] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 680.011410][ T49] bridge0: port 4(netdevsim1) entered disabled state [ 680.050010][ T49] netdevsim netdevsim0 netdevsim1 (unregistering): left allmulticast mode [ 680.089596][ T49] netdevsim netdevsim0 netdevsim1 (unregistering): left promiscuous mode [ 680.130137][ T49] bridge0: port 4(netdevsim1) entered disabled state [ 680.212044][ T49] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 680.472167][ T49] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 680.946509][ T5825] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 680.957794][ T5825] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 680.968419][ T5825] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 680.987789][ T5825] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 680.997565][ T5825] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 681.076378][ T49] bond0: left allmulticast mode [ 681.107347][ T49] bond_slave_0: left allmulticast mode [ 681.148809][ T49] bond_slave_1: left allmulticast mode [ 681.154393][ T49] bond0: left promiscuous mode [ 681.194737][ T49] bond_slave_0: left promiscuous mode [ 681.216787][ T49] bond_slave_1: left promiscuous mode [ 681.249657][ T49] bridge0: port 3(bond0) entered disabled state [ 681.351726][ T49] bridge_slave_1: left allmulticast mode [ 681.357424][ T49] bridge_slave_1: left promiscuous mode [ 681.407795][ T49] bridge0: port 2(bridge_slave_1) entered disabled state [ 681.499829][ T49] bridge_slave_0: left allmulticast mode [ 681.505541][ T49] bridge_slave_0: left promiscuous mode [ 681.559557][ T49] bridge0: port 1(bridge_slave_0) entered disabled state [ 682.415800][ T49] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 682.554326][ T49] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 682.630936][ T49] bond0 (unregistering): Released all slaves [ 682.645223][T16632] random: crng reseeded on system resumption [ 682.686457][T16632] FAULT_INJECTION: forcing a failure. [ 682.686457][T16632] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 682.788153][T16632] CPU: 0 UID: 0 PID: 16632 Comm: syz.3.3923 Tainted: G U L syzkaller #0 PREEMPT(full) [ 682.788197][T16632] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 682.788206][T16632] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 682.788221][T16632] Call Trace: [ 682.788229][T16632] [ 682.788238][T16632] dump_stack_lvl+0x100/0x190 [ 682.788280][T16632] should_fail_ex.cold+0x5/0xa [ 682.788304][T16632] ? prepare_alloc_pages+0x16d/0x5f0 [ 682.788347][T16632] should_fail_alloc_page+0xeb/0x140 [ 682.788388][T16632] prepare_alloc_pages+0x1f0/0x5f0 [ 682.788434][T16632] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 682.788470][T16632] ? __alloc_frozen_pages_noprof+0x2b1/0x2ba0 [ 682.788514][T16632] ? stack_trace_save+0x8e/0xc0 [ 682.788555][T16632] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 682.788588][T16632] ? stack_depot_save_flags+0x27/0x9d0 [ 682.788621][T16632] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 682.788658][T16632] ? kasan_save_stack+0x3f/0x50 [ 682.788691][T16632] ? kasan_save_stack+0x30/0x50 [ 682.788723][T16632] ? kasan_save_track+0x14/0x30 [ 682.788761][T16632] ? do_sys_openat2+0x10d/0x1e0 [ 682.788787][T16632] ? __x64_sys_openat+0x12d/0x210 [ 682.788813][T16632] ? do_syscall_64+0x106/0xf80 [ 682.788845][T16632] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 682.788874][T16632] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 682.788914][T16632] ? policy_nodemask+0xed/0x4f0 [ 682.788956][T16632] alloc_pages_mpol+0x1fb/0x550 [ 682.788996][T16632] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 682.789035][T16632] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 682.789088][T16632] alloc_pages_noprof+0x131/0x390 [ 682.789129][T16632] get_zeroed_page_noprof+0x18/0xb0 [ 682.789170][T16632] get_image_page+0x18/0x1a0 [ 682.789213][T16632] alloc_rtree_node+0x3c/0xb0 [ 682.789252][T16632] memory_bm_create+0x65e/0xba0 [ 682.789304][T16632] create_basic_memory_bitmaps+0xbd/0x350 [ 682.789350][T16632] snapshot_open+0x230/0x2a0 [ 682.789376][T16632] ? __pfx_snapshot_open+0x10/0x10 [ 682.789421][T16632] misc_open+0x26d/0x450 [ 682.789452][T16632] ? __pfx_misc_open+0x10/0x10 [ 682.789480][T16632] chrdev_open+0x234/0x6a0 [ 682.789517][T16632] ? __pfx_apparmor_file_open+0x10/0x10 [ 682.789543][T16632] ? __pfx_chrdev_open+0x10/0x10 [ 682.789582][T16632] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 682.789627][T16632] do_dentry_open+0x6d8/0x1660 [ 682.789663][T16632] ? __pfx_chrdev_open+0x10/0x10 [ 682.789708][T16632] vfs_open+0x82/0x3f0 [ 682.789737][T16632] path_openat+0x208c/0x31a0 [ 682.789784][T16632] ? __pfx_path_openat+0x10/0x10 [ 682.789833][T16632] do_file_open+0x20e/0x430 [ 682.789872][T16632] ? __pfx_do_file_open+0x10/0x10 [ 682.789931][T16632] ? alloc_fd+0x476/0x790 [ 682.789970][T16632] ? do_getname+0x191/0x390 [ 682.789998][T16632] do_sys_openat2+0x10d/0x1e0 [ 682.790026][T16632] ? __pfx_do_sys_openat2+0x10/0x10 [ 682.790055][T16632] ? find_held_lock+0x2b/0x80 [ 682.790107][T16632] __x64_sys_openat+0x12d/0x210 [ 682.790136][T16632] ? __pfx___x64_sys_openat+0x10/0x10 [ 682.790175][T16632] do_syscall_64+0x106/0xf80 [ 682.790207][T16632] ? clear_bhb_loop+0x40/0x90 [ 682.790239][T16632] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 682.790264][T16632] RIP: 0033:0x7fa58779bf79 [ 682.790285][T16632] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 682.790310][T16632] RSP: 002b:00007fa5886eb028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 682.790334][T16632] RAX: ffffffffffffffda RBX: 00007fa587a15fa0 RCX: 00007fa58779bf79 [ 682.790351][T16632] RDX: 0000000000008001 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 682.790367][T16632] RBP: 00007fa5878327e0 R08: 0000000000000000 R09: 0000000000000000 [ 682.790382][T16632] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 682.790397][T16632] R13: 00007fa587a16038 R14: 00007fa587a15fa0 R15: 00007ffeae7391f8 [ 682.790429][T16632] [ 683.741878][ T5825] Bluetooth: hci4: command tx timeout [ 685.552321][ T49] hsr_slave_0: left promiscuous mode [ 685.571582][ T49] hsr_slave_1: left promiscuous mode [ 685.641239][ T49] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 685.648720][ T49] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 685.726892][ T49] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 685.755646][ T49] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 685.764553][ T5825] Bluetooth: hci4: command tx timeout [ 685.838908][ T49] veth1_vlan: left promiscuous mode [ 685.868498][ T49] veth0_vlan: left promiscuous mode [ 685.928080][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 685.934601][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 686.535130][ T49] team0 (unregistering): Port device team_slave_1 removed [ 686.567407][ T49] team0 (unregistering): Port device team_slave_0 removed [ 686.834570][T16593] chnl_net:caif_netlink_parms(): no params data found [ 687.322358][T16593] bridge0: port 1(bridge_slave_0) entered blocking state [ 687.361937][T16593] bridge0: port 1(bridge_slave_0) entered disabled state [ 687.396094][T16593] bridge_slave_0: entered allmulticast mode [ 687.433092][T16593] bridge_slave_0: entered promiscuous mode [ 687.474596][T16593] bridge0: port 2(bridge_slave_1) entered blocking state [ 687.513493][T16593] bridge0: port 2(bridge_slave_1) entered disabled state [ 687.540267][T16593] bridge_slave_1: entered allmulticast mode [ 687.574968][T16593] bridge_slave_1: entered promiscuous mode [ 687.739441][T16593] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 687.786915][T16593] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 687.843421][ T5825] Bluetooth: hci4: command tx timeout [ 688.463498][T16703] netlink: 146 bytes leftover after parsing attributes in process `syz.3.3935'. [ 688.765433][T16711] futex_wake_op: syz.3.3937 tries to shift op by -2048; fix this program [ 688.797075][T16593] team0: Port device team_slave_0 added [ 688.838818][T16593] team0: Port device team_slave_1 added [ 688.862940][T16711] futex_wake_op: syz.3.3937 tries to shift op by -2048; fix this program [ 689.461743][T16593] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 689.486279][T16593] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 689.591537][T16593] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 689.654847][T16593] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 689.682221][T16593] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 689.765425][T16593] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 689.923146][ T5825] Bluetooth: hci4: command tx timeout [ 690.154413][T16593] hsr_slave_0: entered promiscuous mode [ 690.189747][T16593] hsr_slave_1: entered promiscuous mode [ 690.227645][T16593] debugfs: 'hsr0' already exists in 'hsr' [ 690.243321][T16593] Cannot create hsr debugfs directory [ 691.311792][T16593] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 691.384953][T16742] netlink: 342 bytes leftover after parsing attributes in process `syz.3.3944'. [ 691.447751][T16742] netlink: 342 bytes leftover after parsing attributes in process `syz.3.3944'. [ 691.460886][T16593] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 691.531775][T16593] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 691.573240][T16741] Process accounting resumed [ 691.602640][T16593] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 692.183705][T16593] 8021q: adding VLAN 0 to HW filter on device bond0 [ 692.296319][T16593] 8021q: adding VLAN 0 to HW filter on device team0 [ 692.629030][T16669] bridge0: port 1(bridge_slave_0) entered blocking state [ 692.636267][T16669] bridge0: port 1(bridge_slave_0) entered forwarding state [ 692.730842][ T106] bridge0: port 2(bridge_slave_1) entered blocking state [ 692.738105][ T106] bridge0: port 2(bridge_slave_1) entered forwarding state [ 692.948507][T16593] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 692.991111][T16593] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 693.215186][T16782] netlink: 334 bytes leftover after parsing attributes in process `syz.1.3952'. [ 693.700871][T16593] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 694.053689][T16792] zswap: compressor not available [ 694.788984][T16593] veth0_vlan: entered promiscuous mode [ 694.843446][T16593] veth1_vlan: entered promiscuous mode [ 694.955382][T16593] veth0_macvtap: entered promiscuous mode [ 694.998307][T16593] veth1_macvtap: entered promiscuous mode [ 695.086501][T16593] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 695.134430][T16593] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 695.193268][ T58] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 695.249690][ T58] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 695.295985][ T58] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 695.353652][ T58] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 695.521690][T16817] zswap: compressor not available [ 695.645933][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 695.679519][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 695.791097][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 695.833793][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 695.921361][T16834] raw_sendmsg: syz.1.3967 forgot to set AF_INET. Fix it! [ 695.995964][T16593] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 697.436196][T16858] FAULT_INJECTION: forcing a failure. [ 697.436196][T16858] name failslab, interval 1, probability 0, space 0, times 0 [ 697.500235][T16858] CPU: 0 UID: 0 PID: 16858 Comm: syz.1.3974 Tainted: G U L syzkaller #0 PREEMPT(full) [ 697.500279][T16858] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 697.500289][T16858] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 697.500304][T16858] Call Trace: [ 697.500313][T16858] [ 697.500321][T16858] dump_stack_lvl+0x100/0x190 [ 697.500363][T16858] should_fail_ex.cold+0x5/0xa [ 697.500392][T16858] should_failslab+0xc2/0x120 [ 697.500431][T16858] __kmalloc_cache_noprof+0x7a/0x6f0 [ 697.500459][T16858] ? tomoyo_init_log+0x1a0/0x20c0 [ 697.500499][T16858] tomoyo_init_log+0x1a0/0x20c0 [ 697.500534][T16858] ? __pfx_format_decode+0x10/0x10 [ 697.500564][T16858] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 697.500641][T16858] ? __pfx_tomoyo_init_log+0x10/0x10 [ 697.500683][T16858] tomoyo_write_log2+0x2ed/0xbc0 [ 697.500722][T16858] tomoyo_supervisor+0x15e/0x1340 [ 697.500767][T16858] ? __pfx_tomoyo_supervisor+0x10/0x10 [ 697.500821][T16858] ? kasan_quarantine_put+0x104/0x240 [ 697.500858][T16858] ? tomoyo_check_path_acl+0x141/0x210 [ 697.500887][T16858] ? tomoyo_check_acl+0x1f7/0x410 [ 697.500916][T16858] tomoyo_path_permission+0x270/0x3b0 [ 697.500948][T16858] tomoyo_check_open_permission+0x37f/0x3c0 [ 697.500980][T16858] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 697.501039][T16858] ? do_raw_spin_lock+0x128/0x260 [ 697.501076][T16858] ? path_get+0x61/0x80 [ 697.501118][T16858] tomoyo_file_open+0x6b/0x90 [ 697.501159][T16858] security_file_open+0xb5/0x1e0 [ 697.501192][T16858] do_dentry_open+0x5aa/0x1660 [ 697.501232][T16858] ? security_inode_permission+0xbf/0x250 [ 697.501266][T16858] vfs_open+0x82/0x3f0 [ 697.501295][T16858] path_openat+0x208c/0x31a0 [ 697.501343][T16858] ? __pfx_path_openat+0x10/0x10 [ 697.501391][T16858] do_file_open+0x20e/0x430 [ 697.501430][T16858] ? __pfx_do_file_open+0x10/0x10 [ 697.501490][T16858] ? alloc_fd+0x476/0x790 [ 697.501528][T16858] ? do_getname+0x191/0x390 [ 697.501556][T16858] do_sys_openat2+0x10d/0x1e0 [ 697.501588][T16858] ? __pfx_do_sys_openat2+0x10/0x10 [ 697.501618][T16858] ? __fget_files+0x21f/0x3d0 [ 697.501659][T16858] __x64_sys_openat+0x12d/0x210 [ 697.501687][T16858] ? __pfx___x64_sys_openat+0x10/0x10 [ 697.501727][T16858] do_syscall_64+0x106/0xf80 [ 697.501759][T16858] ? clear_bhb_loop+0x40/0x90 [ 697.501790][T16858] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 697.501816][T16858] RIP: 0033:0x7fc32a79bf79 [ 697.501836][T16858] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 697.501861][T16858] RSP: 002b:00007fc32b6ed028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 697.501885][T16858] RAX: ffffffffffffffda RBX: 00007fc32aa15fa0 RCX: 00007fc32a79bf79 [ 697.501903][T16858] RDX: 0000000000000000 RSI: 0000200000000100 RDI: ffffffffffffff9c [ 697.501919][T16858] RBP: 00007fc32a8327e0 R08: 0000000000000000 R09: 0000000000000000 [ 697.501935][T16858] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 697.501950][T16858] R13: 00007fc32aa16038 R14: 00007fc32aa15fa0 R15: 00007ffe86197ea8 [ 697.501981][T16858] [ 698.241887][T16862] FAULT_INJECTION: forcing a failure. [ 698.241887][T16862] name failslab, interval 1, probability 0, space 0, times 0 [ 698.296146][T16862] CPU: 0 UID: 0 PID: 16862 Comm: syz.1.3976 Tainted: G U L syzkaller #0 PREEMPT(full) [ 698.296188][T16862] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 698.296197][T16862] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 698.296213][T16862] Call Trace: [ 698.296220][T16862] [ 698.296230][T16862] dump_stack_lvl+0x100/0x190 [ 698.296271][T16862] should_fail_ex.cold+0x5/0xa [ 698.296300][T16862] ? __register_sysctl_table+0xbe4/0x1650 [ 698.296339][T16862] should_failslab+0xc2/0x120 [ 698.296378][T16862] __kmalloc_noprof+0xe0/0x850 [ 698.296417][T16862] __register_sysctl_table+0xbe4/0x1650 [ 698.296464][T16862] ? __pfx___register_sysctl_table+0x10/0x10 [ 698.296496][T16862] ? is_module_address+0x69/0xf0 [ 698.296526][T16862] ? register_net_sysctl_sz+0x222/0x430 [ 698.296572][T16862] __devinet_sysctl_register+0x1b9/0x360 [ 698.296614][T16862] ? trace_kmalloc+0x101/0x130 [ 698.296652][T16862] ? __pfx___devinet_sysctl_register+0x10/0x10 [ 698.296698][T16862] ? __asan_memcpy+0x3c/0x60 [ 698.296730][T16862] devinet_init_net+0x303/0x8d0 [ 698.296771][T16862] ? __pfx_devinet_init_net+0x10/0x10 [ 698.296809][T16862] ops_init+0x1e2/0x5f0 [ 698.296846][T16862] setup_net+0x118/0x3a0 [ 698.296882][T16862] ? __pfx_setup_net+0x10/0x10 [ 698.296914][T16862] ? lockdep_init_map_type+0x5c/0x250 [ 698.296947][T16862] ? mutex_init_lockep+0x110/0x150 [ 698.296983][T16862] copy_net_ns+0x46f/0x7c0 [ 698.297024][T16862] create_new_namespaces+0x3ea/0xac0 [ 698.297073][T16862] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 698.297100][T16862] ksys_unshare+0x455/0xab0 [ 698.297133][T16862] ? __pfx_ksys_unshare+0x10/0x10 [ 698.297178][T16862] __x64_sys_unshare+0x31/0x40 [ 698.297208][T16862] do_syscall_64+0x106/0xf80 [ 698.297240][T16862] ? clear_bhb_loop+0x40/0x90 [ 698.297271][T16862] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 698.297297][T16862] RIP: 0033:0x7fc32a79bf79 [ 698.297317][T16862] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 698.297343][T16862] RSP: 002b:00007fc32b6ed028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 698.297368][T16862] RAX: ffffffffffffffda RBX: 00007fc32aa15fa0 RCX: 00007fc32a79bf79 [ 698.297385][T16862] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 698.297399][T16862] RBP: 00007fc32a8327e0 R08: 0000000000000000 R09: 0000000000000000 [ 698.297415][T16862] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 698.297430][T16862] R13: 00007fc32aa16038 R14: 00007fc32aa15fa0 R15: 00007ffe86197ea8 [ 698.297468][T16862] [ 699.531906][T16862] sysctl could not get directory: /net/ipv4/conf -12 [ 699.677029][T16883] netlink: 146 bytes leftover after parsing attributes in process `syz.2.3982'. [ 699.793165][T16885] FAULT_INJECTION: forcing a failure. [ 699.793165][T16885] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 699.868162][T16885] CPU: 0 UID: 0 PID: 16885 Comm: syz.3.3981 Tainted: G U L syzkaller #0 PREEMPT(full) [ 699.868207][T16885] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 699.868217][T16885] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 699.868232][T16885] Call Trace: [ 699.868240][T16885] [ 699.868249][T16885] dump_stack_lvl+0x100/0x190 [ 699.868290][T16885] should_fail_ex.cold+0x5/0xa [ 699.868322][T16885] ? prepare_alloc_pages+0x16d/0x5f0 [ 699.868366][T16885] should_fail_alloc_page+0xeb/0x140 [ 699.868408][T16885] prepare_alloc_pages+0x1f0/0x5f0 [ 699.868454][T16885] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 699.868495][T16885] ? __lock_acquire+0x4a5/0x2630 [ 699.868533][T16885] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 699.868569][T16885] ? lock_acquire+0x1cf/0x380 [ 699.868597][T16885] ? find_held_lock+0x2b/0x80 [ 699.868646][T16885] ? __lock_acquire+0x4a5/0x2630 [ 699.868679][T16885] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 699.868720][T16885] ? policy_nodemask+0xed/0x4f0 [ 699.868761][T16885] alloc_pages_mpol+0x1fb/0x550 [ 699.868801][T16885] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 699.868848][T16885] alloc_pages_noprof+0x131/0x390 [ 699.868888][T16885] pte_alloc_one+0x1e/0x3e0 [ 699.868916][T16885] __pte_alloc+0x6d/0x3f0 [ 699.868953][T16885] ? __pfx___pte_alloc+0x10/0x10 [ 699.868989][T16885] ? __pfx___might_resched+0x10/0x10 [ 699.869024][T16885] ? copy_page_range+0x1e9d/0x6570 [ 699.869057][T16885] copy_page_range+0x3e51/0x6570 [ 699.869117][T16885] ? __pfx_copy_page_range+0x10/0x10 [ 699.869156][T16885] ? __pfx___might_resched+0x10/0x10 [ 699.869202][T16885] ? up_write+0x290/0x4f0 [ 699.869239][T16885] dup_mmap+0xc00/0x1db0 [ 699.869274][T16885] ? __pfx_dup_mmap+0x10/0x10 [ 699.869302][T16885] ? rcu_is_watching+0x12/0xc0 [ 699.869358][T16885] copy_process+0x73d1/0x7a10 [ 699.869401][T16885] ? __pfx_copy_process+0x10/0x10 [ 699.869430][T16885] ? find_held_lock+0x2b/0x80 [ 699.869481][T16885] kernel_clone+0xfc/0x9a0 [ 699.869507][T16885] ? __pfx_futex_wait+0x10/0x10 [ 699.869545][T16885] ? __pfx_kernel_clone+0x10/0x10 [ 699.869590][T16885] __do_sys_clone+0xd9/0x120 [ 699.869618][T16885] ? __pfx___do_sys_clone+0x10/0x10 [ 699.869671][T16885] do_syscall_64+0x106/0xf80 [ 699.869705][T16885] ? clear_bhb_loop+0x40/0x90 [ 699.869736][T16885] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 699.869761][T16885] RIP: 0033:0x7fa58779bf79 [ 699.869781][T16885] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 699.869807][T16885] RSP: 002b:00007fa5886eafd8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 699.869831][T16885] RAX: ffffffffffffffda RBX: 00007fa587a15fa0 RCX: 00007fa58779bf79 [ 699.869848][T16885] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000004001000 [ 699.869863][T16885] RBP: 00007fa5878327e0 R08: 0000000000000000 R09: 0000000000000000 [ 699.869879][T16885] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 699.869894][T16885] R13: 00007fa587a16038 R14: 00007fa587a15fa0 R15: 00007ffeae7391f8 [ 699.869927][T16885] [ 700.837321][T16897] i2c i2c-0: dvb_frontend_start: failed to start kthread (-4) [ 702.108442][T16923] netlink: 334 bytes leftover after parsing attributes in process `syz.2.3994'. [ 702.685490][T16928] netlink: 334 bytes leftover after parsing attributes in process `syz.2.3996'. [ 703.771331][T16945] netlink: 318 bytes leftover after parsing attributes in process `syz.4.3999'. [ 704.535201][T16959] FAULT_INJECTION: forcing a failure. [ 704.535201][T16959] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 704.628104][T16959] CPU: 0 UID: 0 PID: 16959 Comm: syz.1.4003 Tainted: G U L syzkaller #0 PREEMPT(full) [ 704.628149][T16959] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 704.628159][T16959] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 704.628174][T16959] Call Trace: [ 704.628181][T16959] [ 704.628191][T16959] dump_stack_lvl+0x100/0x190 [ 704.628233][T16959] should_fail_ex.cold+0x5/0xa [ 704.628257][T16959] ? prepare_alloc_pages+0x16d/0x5f0 [ 704.628302][T16959] should_fail_alloc_page+0xeb/0x140 [ 704.628343][T16959] prepare_alloc_pages+0x1f0/0x5f0 [ 704.628390][T16959] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 704.628431][T16959] ? kasan_save_stack+0x3f/0x50 [ 704.628464][T16959] ? kasan_save_stack+0x30/0x50 [ 704.628495][T16959] ? kasan_save_track+0x14/0x30 [ 704.628528][T16959] ? __kasan_slab_alloc+0x89/0x90 [ 704.628562][T16959] ? kmem_cache_alloc_noprof+0x241/0x6e0 [ 704.628594][T16959] ? ptlock_alloc+0x1f/0x70 [ 704.628619][T16959] ? pte_alloc_one+0x84/0x3e0 [ 704.628644][T16959] ? __pte_alloc+0x6d/0x3f0 [ 704.628679][T16959] ? copy_page_range+0x3e51/0x6570 [ 704.628705][T16959] ? dup_mmap+0xc00/0x1db0 [ 704.628727][T16959] ? copy_process+0x73d1/0x7a10 [ 704.628753][T16959] ? kernel_clone+0xfc/0x9a0 [ 704.628788][T16959] ? __do_sys_clone+0xd9/0x120 [ 704.628816][T16959] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 704.628859][T16959] ? look_up_lock_class+0x55/0x120 [ 704.628897][T16959] ? look_up_lock_class+0x55/0x120 [ 704.628931][T16959] ? register_lock_class+0x40/0x560 [ 704.628963][T16959] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 704.629005][T16959] ? policy_nodemask+0xed/0x4f0 [ 704.629046][T16959] alloc_pages_mpol+0x1fb/0x550 [ 704.629086][T16959] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 704.629133][T16959] alloc_pages_noprof+0x131/0x390 [ 704.629174][T16959] pte_alloc_one+0x1e/0x3e0 [ 704.629201][T16959] __pte_alloc+0x6d/0x3f0 [ 704.629238][T16959] ? __pfx___pte_alloc+0x10/0x10 [ 704.629275][T16959] ? __pfx___might_resched+0x10/0x10 [ 704.629309][T16959] ? copy_page_range+0x1e9d/0x6570 [ 704.629342][T16959] copy_page_range+0x3e51/0x6570 [ 704.629403][T16959] ? __pfx_copy_page_range+0x10/0x10 [ 704.629443][T16959] ? __pfx___might_resched+0x10/0x10 [ 704.629488][T16959] ? up_write+0x290/0x4f0 [ 704.629525][T16959] dup_mmap+0xc00/0x1db0 [ 704.629560][T16959] ? __pfx_dup_mmap+0x10/0x10 [ 704.629583][T16959] ? rcu_is_watching+0x12/0xc0 [ 704.629638][T16959] copy_process+0x73d1/0x7a10 [ 704.629681][T16959] ? __pfx_copy_process+0x10/0x10 [ 704.629709][T16959] ? find_held_lock+0x2b/0x80 [ 704.629752][T16959] ? futex_private_hash_put+0x107/0x1c0 [ 704.629811][T16959] kernel_clone+0xfc/0x9a0 [ 704.629842][T16959] ? __pfx_kernel_clone+0x10/0x10 [ 704.629887][T16959] __do_sys_clone+0xd9/0x120 [ 704.629916][T16959] ? __pfx___do_sys_clone+0x10/0x10 [ 704.629970][T16959] do_syscall_64+0x106/0xf80 [ 704.630003][T16959] ? clear_bhb_loop+0x40/0x90 [ 704.630034][T16959] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 704.630060][T16959] RIP: 0033:0x7fc32a79bf79 [ 704.630082][T16959] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 704.630106][T16959] RSP: 002b:00007fc32b6ecfd8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 704.630131][T16959] RAX: ffffffffffffffda RBX: 00007fc32aa15fa0 RCX: 00007fc32a79bf79 [ 704.630148][T16959] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000004001000 [ 704.630163][T16959] RBP: 00007fc32a8327e0 R08: 0000000000000000 R09: 0000000000000000 [ 704.630178][T16959] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 704.630194][T16959] R13: 00007fc32aa16038 R14: 00007fc32aa15fa0 R15: 00007ffe86197ea8 [ 704.630225][T16959] [ 710.784213][T17057] netlink: 338 bytes leftover after parsing attributes in process `syz.1.4022'. [ 710.834299][T17057] bridge0: port 1(bridge_slave_0) entered disabled state [ 711.522054][T17075] netlink: 342 bytes leftover after parsing attributes in process `syz.3.4028'. [ 712.054823][T17084] netlink: 21 bytes leftover after parsing attributes in process `syz.3.4038'. [ 715.042146][T17131] ERROR: Out of memory at tomoyo_memory_ok. [ 716.176617][T17142] sd 0:0:1:0: device reset [ 717.511376][T17175] netlink: 338 bytes leftover after parsing attributes in process `syz.3.4059'. [ 718.026336][T17179] netlink: 'syz.1.4061': attribute type 33 has an invalid length. [ 719.449143][T17203] netlink: 326 bytes leftover after parsing attributes in process `syz.1.4069'. [ 719.762452][T17210] binder: 17209:17210 ioctl c0306201 2000000000c0 returned -14 [ 720.087006][T17221] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4077'. [ 720.141412][T17221] netlink: 13 bytes leftover after parsing attributes in process `syz.3.4077'. [ 721.707637][T17256] Process accounting paused [ 722.013258][T17265] netlink: 354 bytes leftover after parsing attributes in process `syz.4.4088'. [ 722.778568][T17289] netlink: 326 bytes leftover after parsing attributes in process `syz.2.4095'. [ 722.859969][T17289] bridge0: port 2(bridge_slave_1) entered disabled state [ 722.867310][T17289] bridge0: port 1(bridge_slave_0) entered disabled state [ 724.865397][T17334] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 724.907395][T17334] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4112'. [ 725.474465][T17345] kvm: kvm [17344]: vcpu2, guest rIP: 0xfff0 Unhandled RDMSR(0x40000012) [ 726.439284][T17358] ERROR: Out of memory at tomoyo_memory_ok. [ 726.887812][T17370] FAULT_INJECTION: forcing a failure. [ 726.887812][T17370] name failslab, interval 1, probability 0, space 0, times 0 [ 726.967595][T17370] CPU: 0 UID: 0 PID: 17370 Comm: syz.1.4128 Tainted: G U L syzkaller #0 PREEMPT(full) [ 726.967639][T17370] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 726.967649][T17370] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 726.967664][T17370] Call Trace: [ 726.967673][T17370] [ 726.967683][T17370] dump_stack_lvl+0x100/0x190 [ 726.967724][T17370] should_fail_ex.cold+0x5/0xa [ 726.967754][T17370] should_failslab+0xc2/0x120 [ 726.967792][T17370] __kmalloc_node_track_caller_noprof+0xe3/0x850 [ 726.967829][T17370] ? append_filter_err+0x3d6/0x620 [ 726.967869][T17370] kmemdup_nul+0x49/0xd0 [ 726.967905][T17370] append_filter_err+0x3d6/0x620 [ 726.967945][T17370] create_filter+0x1a6/0x210 [ 726.967980][T17370] ? __pfx_create_filter+0x10/0x10 [ 726.968018][T17370] ? find_held_lock+0x2b/0x80 [ 726.968061][T17370] apply_event_filter+0x220/0x500 [ 726.968098][T17370] ? __pfx_apply_event_filter+0x10/0x10 [ 726.968142][T17370] event_filter_write+0x16d/0x290 [ 726.968170][T17370] vfs_write+0x2aa/0x1070 [ 726.968206][T17370] ? __pfx_event_filter_write+0x10/0x10 [ 726.968234][T17370] ? __pfx_vfs_write+0x10/0x10 [ 726.968268][T17370] ? __fget_files+0x215/0x3d0 [ 726.968310][T17370] ? __fget_files+0x21f/0x3d0 [ 726.968353][T17370] ksys_write+0x12a/0x250 [ 726.968387][T17370] ? __pfx_ksys_write+0x10/0x10 [ 726.968431][T17370] do_syscall_64+0x106/0xf80 [ 726.968464][T17370] ? clear_bhb_loop+0x40/0x90 [ 726.968502][T17370] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 726.968529][T17370] RIP: 0033:0x7fc32a79bf79 [ 726.968548][T17370] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 726.968574][T17370] RSP: 002b:00007fc32b6ed028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 726.968598][T17370] RAX: ffffffffffffffda RBX: 00007fc32aa15fa0 RCX: 00007fc32a79bf79 [ 726.968614][T17370] RDX: 00000000000005c8 RSI: 0000000000000000 RDI: 0000000000000003 [ 726.968629][T17370] RBP: 00007fc32a8327e0 R08: 0000000000000000 R09: 0000000000000000 [ 726.968645][T17370] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 726.968659][T17370] R13: 00007fc32aa16038 R14: 00007fc32aa15fa0 R15: 00007ffe86197ea8 [ 726.968691][T17370] [ 727.296083][T17374] netlink: 354 bytes leftover after parsing attributes in process `syz.1.4131'. [ 727.654195][T17384] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4129'. [ 727.707342][T17384] ipvlan0: entered promiscuous mode [ 727.732202][T17384] ipvlan0: entered allmulticast mode [ 727.790821][T17384] veth0_vlan: entered allmulticast mode [ 728.043830][T17390] [U] [ 728.046699][T17390] [U] [ 728.049421][T17390] [U] [ 728.052136][T17390] [U] [ 728.098630][T17390] [U] [ 728.101401][T17390] [U] [ 728.104119][T17390] [U] [ 728.106835][T17390] [U] [ 728.148029][T17389] [U] [ 729.222959][T17412] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 729.420449][T17417] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4146'. [ 729.456756][T17417] netlink: 25 bytes leftover after parsing attributes in process `syz.2.4146'. [ 729.698091][ T30] audit: type=1800 audit(1771262657.137:17): pid=17421 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.4156" name="dbroot" dev="configfs" ino=59805 res=0 errno=0 [ 730.784383][T17447] FAULT_INJECTION: forcing a failure. [ 730.784383][T17447] name failslab, interval 1, probability 0, space 0, times 0 [ 730.857760][T17447] CPU: 0 UID: 0 PID: 17447 Comm: syz.4.4159 Tainted: G U L syzkaller #0 PREEMPT(full) [ 730.857804][T17447] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 730.857814][T17447] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 730.857829][T17447] Call Trace: [ 730.857837][T17447] [ 730.857846][T17447] dump_stack_lvl+0x100/0x190 [ 730.857888][T17447] should_fail_ex.cold+0x5/0xa [ 730.857918][T17447] should_failslab+0xc2/0x120 [ 730.857957][T17447] __kmalloc_node_track_caller_noprof+0xe3/0x850 [ 730.857993][T17447] ? append_filter_err+0x3d6/0x620 [ 730.858033][T17447] kmemdup_nul+0x49/0xd0 [ 730.858069][T17447] append_filter_err+0x3d6/0x620 [ 730.858108][T17447] create_filter+0x1a6/0x210 [ 730.858144][T17447] ? __pfx_create_filter+0x10/0x10 [ 730.858182][T17447] ? find_held_lock+0x2b/0x80 [ 730.858225][T17447] apply_event_filter+0x220/0x500 [ 730.858262][T17447] ? __pfx_apply_event_filter+0x10/0x10 [ 730.858307][T17447] event_filter_write+0x16d/0x290 [ 730.858334][T17447] vfs_write+0x2aa/0x1070 [ 730.858370][T17447] ? __pfx_event_filter_write+0x10/0x10 [ 730.858405][T17447] ? __pfx_vfs_write+0x10/0x10 [ 730.858440][T17447] ? __fget_files+0x215/0x3d0 [ 730.858481][T17447] ? __fget_files+0x21f/0x3d0 [ 730.858525][T17447] ksys_write+0x12a/0x250 [ 730.858560][T17447] ? __pfx_ksys_write+0x10/0x10 [ 730.858603][T17447] do_syscall_64+0x106/0xf80 [ 730.858635][T17447] ? clear_bhb_loop+0x40/0x90 [ 730.858667][T17447] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 730.858692][T17447] RIP: 0033:0x7f40f019bf79 [ 730.858712][T17447] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 730.858737][T17447] RSP: 002b:00007f40f0f86028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 730.858774][T17447] RAX: ffffffffffffffda RBX: 00007f40f0415fa0 RCX: 00007f40f019bf79 [ 730.858790][T17447] RDX: 00000000000005c8 RSI: 0000000000000000 RDI: 0000000000000003 [ 730.858806][T17447] RBP: 00007f40f02327e0 R08: 0000000000000000 R09: 0000000000000000 [ 730.858821][T17447] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 730.858836][T17447] R13: 00007f40f0416038 R14: 00007f40f0415fa0 R15: 00007ffcb2f761e8 [ 730.858869][T17447] [ 731.903765][T17461] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4165'. [ 731.941697][T17461] unsupported nlmsg_type 40 [ 732.201498][T17464] netlink: 146 bytes leftover after parsing attributes in process `syz.3.4166'. [ 734.080146][T17503] ERROR: Out of memory at tomoyo_memory_ok. [ 735.030555][T17518] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4184'. [ 735.173778][T17518] ipvlan0: entered promiscuous mode [ 735.236012][T17522] binder: 17521:17522 ioctl 40046210 0 returned -14 [ 735.255775][T17518] ipvlan0: entered allmulticast mode [ 735.279579][T17518] veth0_vlan: entered allmulticast mode [ 736.051644][T17539] netlink: 'syz.4.4196': attribute type 5 has an invalid length. [ 736.116667][T17539] netlink: 314 bytes leftover after parsing attributes in process `syz.4.4196'. [ 737.588007][T17562] FAULT_INJECTION: forcing a failure. [ 737.588007][T17562] name failslab, interval 1, probability 0, space 0, times 0 [ 737.692002][T17562] CPU: 0 UID: 0 PID: 17562 Comm: syz.4.4204 Tainted: G U L syzkaller #0 PREEMPT(full) [ 737.692050][T17562] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 737.692059][T17562] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 737.692073][T17562] Call Trace: [ 737.692081][T17562] [ 737.692090][T17562] dump_stack_lvl+0x100/0x190 [ 737.692132][T17562] should_fail_ex.cold+0x5/0xa [ 737.692161][T17562] should_failslab+0xc2/0x120 [ 737.692200][T17562] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 737.692239][T17562] ? __d_alloc+0x34/0xa80 [ 737.692277][T17562] ? make_vfsgid+0xf1/0x140 [ 737.692310][T17562] __d_alloc+0x34/0xa80 [ 737.692354][T17562] ? bpf_lsm_inode_permission+0x9/0x10 [ 737.692390][T17562] d_alloc+0x4a/0x1e0 [ 737.692431][T17562] vfs_tmpfile+0x148/0x9a0 [ 737.692479][T17562] path_openat+0x164e/0x31a0 [ 737.692522][T17562] ? kasan_save_stack+0x3f/0x50 [ 737.692555][T17562] ? kasan_save_stack+0x30/0x50 [ 737.692587][T17562] ? __kasan_slab_alloc+0x89/0x90 [ 737.692621][T17562] ? kmem_cache_alloc_noprof+0x241/0x6e0 [ 737.692653][T17562] ? do_getname+0x35/0x390 [ 737.692679][T17562] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 737.692709][T17562] ? __pfx_path_openat+0x10/0x10 [ 737.692758][T17562] do_file_open+0x20e/0x430 [ 737.692797][T17562] ? __pfx_do_file_open+0x10/0x10 [ 737.692855][T17562] ? _raw_spin_unlock+0x28/0x50 [ 737.692883][T17562] ? alloc_fd+0x476/0x790 [ 737.692927][T17562] do_sys_openat2+0x10d/0x1e0 [ 737.692955][T17562] ? __pfx_do_sys_openat2+0x10/0x10 [ 737.692984][T17562] ? __fget_files+0x21f/0x3d0 [ 737.693025][T17562] __x64_sys_open+0xfe/0x1d0 [ 737.693052][T17562] ? __pfx___x64_sys_open+0x10/0x10 [ 737.693091][T17562] do_syscall_64+0x106/0xf80 [ 737.693123][T17562] ? clear_bhb_loop+0x40/0x90 [ 737.693153][T17562] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 737.693179][T17562] RIP: 0033:0x7f40f019bf79 [ 737.693198][T17562] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 737.693223][T17562] RSP: 002b:00007f40f0f86028 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 737.693246][T17562] RAX: ffffffffffffffda RBX: 00007f40f0415fa0 RCX: 00007f40f019bf79 [ 737.693263][T17562] RDX: 0000000000000408 RSI: 0000000000591002 RDI: 0000200000000100 [ 737.693279][T17562] RBP: 00007f40f02327e0 R08: 0000000000000000 R09: 0000000000000000 [ 737.693294][T17562] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 737.693309][T17562] R13: 00007f40f0416038 R14: 00007f40f0415fa0 R15: 00007ffcb2f761e8 [ 737.693341][T17562] [ 738.442906][T17570] syz.4.4208 (17570): /proc/17570/oom_adj is deprecated, please use /proc/17570/oom_score_adj instead. [ 738.670356][T17576] netlink: 'syz.2.4211': attribute type 1 has an invalid length. [ 738.690342][T17576] netlink: 306 bytes leftover after parsing attributes in process `syz.2.4211'. [ 739.630471][T17595] netlink: 346 bytes leftover after parsing attributes in process `syz.1.4217'. [ 740.519069][T17615] netlink: 25 bytes leftover after parsing attributes in process `syz.2.4224'. [ 740.539384][T17616] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4223'. [ 740.551459][T17608] sp0: Synchronizing with TNC [ 740.632734][T17616] ipvlan0: entered promiscuous mode [ 740.679714][T17616] ipvlan0: entered allmulticast mode [ 740.688811][T17616] veth0_vlan: entered allmulticast mode [ 740.973040][T17621] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 740.983732][T17621] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 741.014948][T17621] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 741.022502][T17625] netlink: 330 bytes leftover after parsing attributes in process `syz.2.4228'. [ 741.040278][T17621] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 741.046663][T17624] netlink: 54 bytes leftover after parsing attributes in process `syz.1.4227'. [ 741.066810][T17625] \: renamed from lo (while UP) [ 741.073660][T17621] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 741.123729][T17621] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 742.062324][T17647] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4236'. [ 742.130217][T17647] ipvlan0: entered promiscuous mode [ 742.135489][T17647] ipvlan0: entered allmulticast mode [ 742.172262][T17647] veth0_vlan: entered allmulticast mode [ 742.990408][T14196] Bluetooth: hci1: command 0x0406 tx timeout [ 742.996633][ T5825] Bluetooth: hci2: command 0x0406 tx timeout [ 743.070749][T14196] Bluetooth: hci3: command 0x0406 tx timeout [ 743.077110][ T5825] Bluetooth: hci4: command 0x0c1a tx timeout [ 743.686086][T17674] ================================================================== [ 743.686110][T17674] BUG: KASAN: vmalloc-out-of-bounds in sys_imageblit+0x19fb/0x1d60 [ 743.686155][T17674] Write of size 8 at addr ffffc90004729400 by task syz.3.4249/17674 [ 743.686176][T17674] [ 743.686191][T17674] CPU: 0 UID: 0 PID: 17674 Comm: syz.3.4249 Tainted: G U L syzkaller #0 PREEMPT(full) [ 743.686229][T17674] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 743.686239][T17674] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 743.686254][T17674] Call Trace: [ 743.686262][T17674] [ 743.686271][T17674] dump_stack_lvl+0x100/0x190 [ 743.686307][T17674] print_report+0x156/0x4c9 [ 743.686343][T17674] ? _raw_spin_lock_irqsave+0x52/0x60 [ 743.686372][T17674] ? __virt_addr_valid+0x81/0x620 [ 743.686406][T17674] ? sys_imageblit+0x19fb/0x1d60 [ 743.686441][T17674] kasan_report+0xdf/0x1e0 [ 743.686480][T17674] ? sys_imageblit+0x19fb/0x1d60 [ 743.686520][T17674] sys_imageblit+0x19fb/0x1d60 [ 743.686558][T17674] ? find_held_lock+0x2b/0x80 [ 743.686598][T17674] ? __pfx___page_table_check_ptes_set+0x10/0x10 [ 743.686636][T17674] ? __pfx_sys_imageblit+0x10/0x10 [ 743.686676][T17674] ? vmap_small_pages_range_noflush+0xc20/0xd50 [ 743.686717][T17674] drm_fbdev_shmem_defio_imageblit+0x20/0x130 [ 743.686762][T17674] cw_putcs+0x918/0xbb0 [ 743.686803][T17674] ? __pfx_cw_putcs+0x10/0x10 [ 743.686839][T17674] ? fb_get_color_depth+0x120/0x250 [ 743.686873][T17674] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 743.686915][T17674] fbcon_putcs+0x3b2/0x480 [ 743.686940][T17674] ? __pfx_cw_putcs+0x10/0x10 [ 743.686974][T17674] do_update_region+0x2cf/0x3f0 [ 743.687003][T17674] invert_screen+0x27c/0x590 [ 743.687039][T17674] ? __pfx_invert_screen+0x10/0x10 [ 743.687073][T17674] ? __pfx_complement_pos+0x10/0x10 [ 743.687110][T17674] ? vc_do_resize+0x246/0x10f0 [ 743.687141][T17674] ? __vmalloc_node_noprof+0xad/0xf0 [ 743.687168][T17674] clear_selection+0x59/0x70 [ 743.687199][T17674] vc_do_resize+0xda3/0x10f0 [ 743.687237][T17674] ? __pfx_fb_match_mode+0x10/0x10 [ 743.687270][T17674] ? __pfx_vc_do_resize+0x10/0x10 [ 743.687309][T17674] fbcon_modechanged+0x342/0x700 [ 743.687338][T17674] fbcon_set_all_vcs+0x1d6/0x460 [ 743.687366][T17674] rotate_all_store+0x315/0x400 [ 743.687393][T17674] ? __pfx_rotate_all_store+0x10/0x10 [ 743.687419][T17674] dev_attr_store+0x58/0x80 [ 743.687447][T17674] ? __pfx_dev_attr_store+0x10/0x10 [ 743.687475][T17674] sysfs_kf_write+0xf2/0x150 [ 743.687514][T17674] kernfs_fop_write_iter+0x3e0/0x5f0 [ 743.687547][T17674] ? __pfx_sysfs_kf_write+0x10/0x10 [ 743.687586][T17674] vfs_write+0x6ac/0x1070 [ 743.687620][T17674] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 743.687656][T17674] ? __pfx_vfs_write+0x10/0x10 [ 743.687699][T17674] ksys_write+0x12a/0x250 [ 743.687733][T17674] ? __pfx_ksys_write+0x10/0x10 [ 743.687772][T17674] do_syscall_64+0x106/0xf80 [ 743.687805][T17674] ? clear_bhb_loop+0x40/0x90 [ 743.687833][T17674] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 743.687865][T17674] RIP: 0033:0x7fa58779bf79 [ 743.687886][T17674] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 743.687911][T17674] RSP: 002b:00007fa5886ca028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 743.687935][T17674] RAX: ffffffffffffffda RBX: 00007fa587a16090 RCX: 00007fa58779bf79 [ 743.687952][T17674] RDX: 000000000000fdef RSI: 0000000000000000 RDI: 0000000000000003 [ 743.687967][T17674] RBP: 00007fa5878327e0 R08: 0000000000000000 R09: 0000000000000000 [ 743.687983][T17674] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 743.687998][T17674] R13: 00007fa587a16128 R14: 00007fa587a16090 R15: 00007ffeae7391f8 [ 743.688023][T17674] [ 743.688031][T17674] [ 743.688038][T17674] The buggy address belongs to a vmalloc virtual mapping [ 743.688055][T17674] Memory state around the buggy address: [ 743.688068][T17674] ffffc90004729300: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 743.688086][T17674] ffffc90004729380: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 743.688105][T17674] >ffffc90004729400: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 743.688148][T17674] ^ [ 743.688161][T17674] ffffc90004729480: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 743.688178][T17674] ffffc90004729500: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 743.688193][T17674] ================================================================== [ 743.688208][T17674] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 743.688227][T17674] CPU: 0 UID: 0 PID: 17674 Comm: syz.3.4249 Tainted: G U L syzkaller #0 PREEMPT(full) [ 743.688265][T17674] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 743.688275][T17674] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 743.688290][T17674] Call Trace: [ 743.688298][T17674] [ 743.688307][T17674] dump_stack_lvl+0x100/0x190 [ 743.688343][T17674] vpanic+0x552/0x970 [ 743.688365][T17674] ? __pfx_vpanic+0x10/0x10 [ 743.688389][T17674] ? __pfx_vprintk_emit+0x10/0x10 [ 743.688431][T17674] ? sys_imageblit+0x19fb/0x1d60 [ 743.688467][T17674] panic+0xd1/0xe0 [ 743.688490][T17674] ? __pfx_panic+0x10/0x10 [ 743.688517][T17674] ? sys_imageblit+0x19fb/0x1d60 [ 743.688556][T17674] check_panic_on_warn.cold+0x19/0x34 [ 743.688583][T17674] end_report.part.0+0x3a/0x90 [ 743.688618][T17674] kasan_report.cold+0xe/0x18 [ 743.688653][T17674] ? sys_imageblit+0x19fb/0x1d60 [ 743.688694][T17674] sys_imageblit+0x19fb/0x1d60 [ 743.688751][T17674] ? find_held_lock+0x2b/0x80 [ 743.688790][T17674] ? __pfx___page_table_check_ptes_set+0x10/0x10 [ 743.688829][T17674] ? __pfx_sys_imageblit+0x10/0x10 [ 743.688874][T17674] ? vmap_small_pages_range_noflush+0xc20/0xd50 [ 743.688915][T17674] drm_fbdev_shmem_defio_imageblit+0x20/0x130 [ 743.688961][T17674] cw_putcs+0x918/0xbb0 [ 743.689001][T17674] ? __pfx_cw_putcs+0x10/0x10 [ 743.689036][T17674] ? fb_get_color_depth+0x120/0x250 [ 743.689063][T17674] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 743.689105][T17674] fbcon_putcs+0x3b2/0x480 [ 743.689130][T17674] ? __pfx_cw_putcs+0x10/0x10 [ 743.689163][T17674] do_update_region+0x2cf/0x3f0 [ 743.689192][T17674] invert_screen+0x27c/0x590 [ 743.689228][T17674] ? __pfx_invert_screen+0x10/0x10 [ 743.689263][T17674] ? __pfx_complement_pos+0x10/0x10 [ 743.689299][T17674] ? vc_do_resize+0x246/0x10f0 [ 743.689332][T17674] ? __vmalloc_node_noprof+0xad/0xf0 [ 743.689359][T17674] clear_selection+0x59/0x70 [ 743.689390][T17674] vc_do_resize+0xda3/0x10f0 [ 743.689429][T17674] ? __pfx_fb_match_mode+0x10/0x10 [ 743.689462][T17674] ? __pfx_vc_do_resize+0x10/0x10 [ 743.689501][T17674] fbcon_modechanged+0x342/0x700 [ 743.689530][T17674] fbcon_set_all_vcs+0x1d6/0x460 [ 743.689558][T17674] rotate_all_store+0x315/0x400 [ 743.689585][T17674] ? __pfx_rotate_all_store+0x10/0x10 [ 743.689611][T17674] dev_attr_store+0x58/0x80 [ 743.689639][T17674] ? __pfx_dev_attr_store+0x10/0x10 [ 743.689668][T17674] sysfs_kf_write+0xf2/0x150 [ 743.689706][T17674] kernfs_fop_write_iter+0x3e0/0x5f0 [ 743.689739][T17674] ? __pfx_sysfs_kf_write+0x10/0x10 [ 743.689779][T17674] vfs_write+0x6ac/0x1070 [ 743.689813][T17674] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 743.689859][T17674] ? __pfx_vfs_write+0x10/0x10 [ 743.689902][T17674] ksys_write+0x12a/0x250 [ 743.689936][T17674] ? __pfx_ksys_write+0x10/0x10 [ 743.689976][T17674] do_syscall_64+0x106/0xf80 [ 743.690008][T17674] ? clear_bhb_loop+0x40/0x90 [ 743.690037][T17674] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 743.690063][T17674] RIP: 0033:0x7fa58779bf79 [ 743.690081][T17674] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 743.690107][T17674] RSP: 002b:00007fa5886ca028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 743.690131][T17674] RAX: ffffffffffffffda RBX: 00007fa587a16090 RCX: 00007fa58779bf79 [ 743.690148][T17674] RDX: 000000000000fdef RSI: 0000000000000000 RDI: 0000000000000003 [ 743.690163][T17674] RBP: 00007fa5878327e0 R08: 0000000000000000 R09: 0000000000000000 [ 743.690180][T17674] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 743.690195][T17674] R13: 00007fa587a16128 R14: 00007fa587a16090 R15: 00007ffeae7391f8 [ 743.690221][T17674] [ 743.690298][T17674] Kernel Offset: disabled