last executing test programs: 14m28.598789016s ago: executing program 1 (id=495): socket(0x10, 0x2, 0x0) mmap$auto(0x0, 0x2000c, 0xdf, 0x20eb1, 0x40000000000a5, 0x100000000008000) r0 = syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="1b0026bd7000fddbdf2503000000040008001400038010000c800c00038008000600", @ANYRES32=r0], 0x44}, 0x1, 0x0, 0x0, 0x50}, 0xc800) sendmsg$auto_NETDEV_CMD_QUEUE_GET(0xffffffffffffffff, &(0x7f0000003040)={0x0, 0x0, &(0x7f0000003000)={&(0x7f0000000040)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="01002cbd7000fbdbdf250a00000808000300000000000800010000000000080002"], 0x2c}, 0x1, 0x0, 0x0, 0x40000}, 0x20008810) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c51d50e", @ANYRES16=0x0, @ANYBLOB="20002cbd7000fbdbdf250200000008000300800040000800030009"], 0x24}, 0x1, 0x0, 0x0, 0x20008010}, 0x400d0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1a0027"], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x7}, 0xa}, 0x3, 0x0) 14m28.350804394s ago: executing program 1 (id=497): mmap$auto(0x0, 0x5, 0x2, 0x40eb2, 0x401, 0x300000000000) mmap$auto(0x0, 0x2000a, 0xdf, 0xe31, 0x40000000000a5, 0x8000) r0 = openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000140), 0x8040, 0x0) io_uring_setup$auto(0x9, 0x0) ioctl$auto_dvb_demux_fops_dmxdev(r0, 0x403c6f2b, 0x0) read$auto(0x3, 0x0, 0x80) readv$auto(0x3, &(0x7f00000002c0)={0x0, 0x8}, 0x8) readv$auto(0x3, &(0x7f0000000040)={0x0, 0xffff}, 0x1) close_range$auto(0x2, 0x8, 0x0) 14m27.376508347s ago: executing program 1 (id=508): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'wlan1\x00'}) mmap$auto(0x0, 0x2000c, 0xdf, 0x20eb1, 0x40000000000a5, 0x8000) capset$auto(0x0, &(0x7f0000000000)={0x1, 0x6, 0x48}) r1 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000400), 0x189002, 0x0) ioctl$auto_PPPIOCSMRU(r1, 0xc004743e, 0x0) ioctl$auto_PPPIOCSPASS(r1, 0x40107447, &(0x7f0000000040)={0x6, 0x0}) ioctl$auto_PPPIOCSPASS(r1, 0x40107447, &(0x7f00000000c0)={0x9, &(0x7f0000000000)={0x28, 0xf3, 0xb0, @raw=0xfffff010}}) write$auto(r1, 0x0, 0x6) 14m27.119676517s ago: executing program 1 (id=511): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000440)='/sys/devices/platform/dummy_hcd.0/usb1/1-0:1.0/usb1-port1/quirks\x00', 0x103a42, 0x0) socket(0xa, 0x2, 0x0) socket(0x18, 0x5, 0x1) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) connect$auto(0x3, 0x0, 0x1b) sendmmsg$auto(0x3, 0x0, 0x9a5, 0x2) write$auto(0x3, 0x0, 0xffd8) 14m26.937455217s ago: executing program 1 (id=513): mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0xa, 0x0) r0 = socket(0x2, 0x3, 0x6) lsm_list_modules$auto(0x0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) open(&(0x7f0000000040)='./file0\x00', 0x8643, 0x15e) ioctl$sock_SIOCGIFINDEX(r0, 0x401c5820, 0x0) rename$auto(&(0x7f0000000480)='./file0\x00', 0x0) 14m26.779894668s ago: executing program 1 (id=515): close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0xc) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000080), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r1) ioctl$auto_KVM_GET_MSRS(r0, 0x4008ae89, &(0x7f00000000c0)={0x2, 0x0, [{0xc0000100, 0x97, 0xa80}]}) 14m11.605390841s ago: executing program 32 (id=515): close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0xc) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000080), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r1) ioctl$auto_KVM_GET_MSRS(r0, 0x4008ae89, &(0x7f00000000c0)={0x2, 0x0, [{0xc0000100, 0x97, 0xa80}]}) 13.547696601s ago: executing program 2 (id=3685): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) ioctl$auto_SNDCTL_DSP_SPEED(0xffffffffffffffff, 0xc0045002, 0x0) sendmsg$auto_NL80211_CMD_SET_MULTICAST_TO_UNICAST(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={0x0}, 0x1, 0x0, 0x0, 0x24044085}, 0x0) openat$auto_ecryptfs_miscdev_fops_miscdev(0xffffffffffffff9c, &(0x7f000000e680), 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x61, 0x10001, 0xfa31, 0x400, 0x8000) mremap$auto(0x0, 0x1, 0x3fd6, 0x0, 0x28) mremap$auto(0x2, 0x600, 0x6, 0xecc8, 0x3) socket(0x2, 0x2, 0x1) setsockopt$auto(0x3, 0x0, 0x4, 0x0, 0x28) openat$auto_uhid_fops_uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2800, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0xd, 0x3000, 0x6, 0x7, 0x400a, 0xffffffffffffffff, [], {0x6, 0x6, 0x8c48, 0x29b, 0x3, 0x7f, 0x104, 0x6, 0x3}, {0x100, 0x1, 0x52, 0x85, 0x2, 0x1a7b870a, 0x76c5, 0x8, 0x100000000}}) r0 = openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f0000000240)='/dev/usbmon32\x00', 0x80440, 0x0) ioctl$auto_MON_IOCX_GET(r0, 0x40189206, 0x0) ioctl$auto_MON_IOCQ_RING_SIZE(r0, 0x9205, 0x0) close_range$auto(0x2, 0x8, 0x0) 12.302122209s ago: executing program 2 (id=3688): close_range$auto(0x2, 0x8, 0x0) open(&(0x7f00000001c0)='./file0\x00', 0x60142, 0x130) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D1\x00', 0x101101, 0x0) r1 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/swradio0\x00', 0x1600, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000140)='/dev/v4l-subdev0\x00', 0x8002, 0x0) openat$auto_nsim_pp_hold_fops_netdev(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/netdevsim/netdevsim1/ports/3/pp_hold\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/admmidi2\x00', 0x0, 0x0) write$auto(0x3, 0x0, 0x7fffffff) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x80000, 0x0) fcntl$auto(0xffffffffffffffff, 0x400, 0x1) read$auto(r1, 0x0, 0x24) write$auto(0x1, 0x0, 0x80000000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x0, 0x0) select$auto(0x9, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x0, 0x15f4da07, 0x6, 0x10, 0x64, 0x80000020, 0x1000, 0xb, 0x9, 0x2, 0x8]}, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x8000000000001fd, 0x20000000007, 0x1, 0xbc3, 0x4, 0x3, 0x5, 0x10001, 0x400000000003, 0x5, 0x800, 0xfffffffffffffffe, 0x6, 0x9, 0xffffffffffffff81, 0x4]}, 0x0) 10.510521562s ago: executing program 2 (id=3693): mmap$auto(0x0, 0x400005, 0xe2, 0x9b72, 0x2, 0x8000) r0 = openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0) ioctl$auto(r0, 0x80a86f3d, 0x38) mmap$auto(0x0, 0x2020009, 0x1a4, 0xeb1, 0xfffffffffffffffa, 0x8000000000000000) capget$auto(0x0, 0xfffffffffffffffe) r1 = socket(0x1d, 0x3, 0x1) getsockopt$auto(r1, 0x65, 0x8, 0x0, 0x0) keyctl$auto_KEY_REQKEY_DEFL_PROCESS_KEYRING(0xc, 0x2, 0x0, 0x0, 0x1) mmap$auto(0x0, 0x400408, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0x10, 0x2, 0x14) socket(0x1d, 0x2, 0x7) unshare$auto(0x40000080) move_mount$auto(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0xffffffffffffffff, &(0x7f0000000140)='./file0\x00', 0x401) openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x82802, 0x0) vmsplice$auto(0xffffffffffffffff, 0x0, 0x6, 0x1) close_range$auto(0x2, 0x8, 0x0) 8.269909602s ago: executing program 0 (id=3697): r0 = socket(0x2, 0x5, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) r1 = io_uring_setup$auto(0x1, 0x0) setsockopt$auto(0x3, 0x0, 0x2, 0x0, 0x3) read$auto_stats_fops_(r1, &(0x7f0000000840)=""/4096, 0x1000) write$auto_fops_init_pkru_pkeys(r1, &(0x7f0000000280)="e7c2da8ba23469d9b78d2e257333bedaec957355b8c2c4c78f4a98e7180a2dfeddb935038a6350c625940925fc61f1b8b51df8f60e61c078ff39654003ba", 0x3e) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x10, &(0x7f00000000c0)={0x0, 0x10000}, 0x7, 0x0, 0x5, 0xb}, 0xfff}, 0x8, 0x311) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/loop6\x00', 0x18dd01, 0x0) open_by_handle_at$auto(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x9}, 0x3) r2 = socket(0x11, 0x3, 0x9) sendmmsg$auto(r2, &(0x7f0000000400)={{&(0x7f0000000000), 0x5aa, &(0x7f0000000100)={&(0x7f0000000440)="661b0cbd4a", 0x49}, 0x1, &(0x7f0000000200), 0x5, 0x3}, 0x5}, 0x2, 0x100) mmap$auto(0x0, 0x40009, 0x6, 0x9b72, 0x7, 0x28000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) listen$auto(r2, 0xff) 7.433079377s ago: executing program 2 (id=3700): close_range$auto(0x2, 0xa, 0x0) socket(0xa, 0x2, 0x0) r0 = socket(0xa, 0x3, 0x3) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) socket(0xa, 0x1, 0x6) socket(0x11, 0x80003, 0x300) socket(0x10, 0x2, 0x0) socket(0x2, 0x3, 0x104) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, 0x0, 0x40, 0x0) socketpair$auto(0x3, 0x5, 0x7, 0x0) connect$auto(r0, 0x0, 0x55) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) setsockopt$auto(0x3, 0x0, 0x4, 0x0, 0x28) 7.30551919s ago: executing program 0 (id=3701): openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) r0 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/controlC1\x00', 0x40000, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, r0, 0x0) r2 = socket(0x10, 0x2, 0x4) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_SMC_NETLINK_GET_DEV_SMCD(r3, &(0x7f0000004380)={0x0, 0x0, &(0x7f0000004340)={&(0x7f0000004300)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB='\v'], 0x14}, 0x1, 0x0, 0x0, 0x8010}, 0x810) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), r3) read$auto(r3, &(0x7f0000000000)='\x00', 0x91e2) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0xc) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000300)='/sys/fs/ocfs2/cluster_stack\x00', 0x88282, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/disk\x00', 0xda25b84c77eeb07c, 0x0) socket(0xa, 0x5, 0x0) r4 = socket(0x10, 0x2, 0xc) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="18000000", @ANYRES8=r4, @ANYRES8=r1], 0x18}, 0x1, 0x0, 0x0, 0x60008004}, 0x4000050) write$auto(r2, &(0x7f0000000000)='-\x00', 0xfdef) 7.221393821s ago: executing program 4 (id=3702): close_range$auto(0x2, 0x8, 0x0) open(&(0x7f00000001c0)='./file0\x00', 0x60142, 0x130) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D1\x00', 0x101101, 0x0) r1 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/swradio0\x00', 0x1600, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000140)='/dev/v4l-subdev0\x00', 0x8002, 0x0) openat$auto_nsim_pp_hold_fops_netdev(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/netdevsim/netdevsim1/ports/3/pp_hold\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/admmidi2\x00', 0x0, 0x0) write$auto(0x3, 0x0, 0x7fffffff) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x80000, 0x0) fcntl$auto(0xffffffffffffffff, 0x400, 0x1) read$auto(r1, 0x0, 0x24) write$auto(0x1, 0x0, 0x80000000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x0, 0x0) select$auto(0x9, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x0, 0x15f4da07, 0x6, 0x10, 0x64, 0x80000020, 0x1000, 0xb, 0x9, 0x2, 0x8]}, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x8000000000001fd, 0x20000000007, 0x1, 0xbc3, 0x4, 0x3, 0x5, 0x10001, 0x400000000003, 0x5, 0x800, 0xfffffffffffffffe, 0x6, 0x9, 0xffffffffffffff81, 0x4]}, 0x0) 6.746546389s ago: executing program 2 (id=3703): unshare$auto(0x40000080) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/nbd3/queue/iostats\x00', 0x80302, 0x0) sendfile$auto(r0, r0, 0x0, 0x2) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0001, 0x15) r1 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) syz_clone(0x40000000, 0x0, 0x25, 0x0, 0x0, 0x0) kill$auto(0x0, 0x11) madvise$auto(0x0, 0xffffffffffff0005, 0x19) fanotify_mark$auto(r1, 0x4, 0x4, 0xffffffffffffffff, 0x0) close_range$auto(0x2, 0x8, 0x0) syslog$auto_SYSLOG_ACTION_CLEAR(0x9, &(0x7f0000000040)='/dev/input/event2\x00', 0x4) memfd_create$auto(0x0, 0xe) shmctl$auto_IPC_SET(0x8, 0x1, &(0x7f00000000c0)={{0x1ff, 0xee00, 0xee01, 0xe, 0x2, 0x2, 0x3}, 0x4, 0x7, 0x2, 0x6, @raw=0x7, @raw=0x7fff, 0x7, 0x0, &(0x7f0000000180)="126d289da8d3b217a0f1779dd34170dda041017970990579761b076012962b196b874a7cbd589af88c8122b51b13b49f780885337c7ce1ef8723a12cf409fc3ee743a7f0dcfd7d42d8dc03bb488f8de24b1108bd160be8268d97d496d5886c76cb951c5dfae47b43ac806ff37563471c5a69e4903b2b17e57a12a3d56b844000c608a568440d905c9f4d969f4fb37bd99e7ebb1fed3747dc254d2000724a7972ed39b0c091ddc60734183cd3470b58f37e8e4b0bc95935786c84469f94952d9c97d1e80cf1177aef402918ec4bf9f3b0", &(0x7f0000000080)="4fc0a77e5cb9b9ed1319ed152b180a0183a745647de1ebf26ecbc95dc56eda89"}) mmap$auto(0x0, 0x810006, 0xffb, 0x8000000008011, 0x3, 0x0) pkey_free$auto(0xfffffffd) 6.599832681s ago: executing program 0 (id=3705): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r0 = socket(0x1d, 0x2, 0x6) setsockopt$auto(r0, 0x6a, 0x4000002, 0x0, 0x3) close_range$auto(0x2, 0x8, 0x0) openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000200)='/proc/modules\x00', 0x3cb001, 0x0) openat$auto_sg_fops_sg(0xffffffffffffff9c, 0x0, 0x242e40, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) unshare$auto(0x40000080) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ethtool(0x0, r1) sendmsg$auto_ETHTOOL_MSG_CABLE_TEST_TDR_ACT(r1, 0x0, 0x4000800) openat$auto_debugfs_full_proxy_file_operations_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/ieee80211/phy1/statistics/dot11RTSSuccessCount\x00', 0x800, 0x0) link$auto(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)='./file0\x00') prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_dynamic_events_ops_trace_dynevent(0xffffffffffffff9c, 0x0, 0x201, 0x0) r2 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000280)='/proc/thread-self/fail-nth\x00', 0x2, 0x0) write$auto(r2, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) init_module$auto(0x0, 0x100, &(0x7f00000002c0)='/sys/kernel/debug/ieee80211/phy1/statistics/dot11RTSSuccessCount\x00') 5.306884822s ago: executing program 3 (id=3707): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0x10, 0x2, 0x14) socket(0x11, 0x80003, 0x300) socket(0x1d, 0x2, 0x7) socket(0x2, 0x1, 0x0) socket(0x10, 0x2, 0x0) socket(0x1d, 0x2, 0x7) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x1, 0x0) socket(0xa, 0x5, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_ETHTOOL_MSG_RINGS_SET(r0, &(0x7f0000001dc0)={0x0, 0x0, &(0x7f0000001d80)={&(0x7f0000000040)=ANY=[@ANYRES16, @ANYBLOB="010027bd7000ffdbdf25100000000c00018008000100", @ANYRES32, @ANYBLOB="080006"], 0x28}, 0x1, 0x0, 0x0, 0x90}, 0x0) r1 = socket(0x10, 0x2, 0x14) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r1, &(0x7f0000003000)={0x0, 0x0, &(0x7f0000002fc0)={&(0x7f0000000040)=ANY=[@ANYBLOB="140000000a14af"], 0x14}, 0x1, 0x0, 0x0, 0x80c3}, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYRES8=r1], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4c084}, 0x51) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c03, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x2}, 0x3, 0x0) 5.30562661s ago: executing program 4 (id=3708): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) r0 = socket(0xa, 0x2, 0x0) socket(0xa, 0x801, 0x84) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/fs/netfs/cookies\x00', 0xd00, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f0000000140)='/dev/cuse\x00', 0x1c1041, 0x0) io_uring_setup$auto(0x401, 0x0) socket(0x2, 0x80002, 0x73) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8000, 0x0) socket(0x18, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000280), 0x101000, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r0) ioctl$auto_KVM_CREATE_VM(r1, 0x4004ae99, 0x0) 3.076894171s ago: executing program 0 (id=3709): socket(0x11, 0x80003, 0x300) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) pipe2$auto(0x0, 0x80) keyctl$auto(0x200000000000020, 0xffffffffffffffff, 0x5, 0x5, 0x8) keyctl$auto(0x200000000000020, 0xffffffffffffffff, 0x5, 0x5, 0x8) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) io_uring_setup$auto(0x6, 0x0) io_uring_enter$auto(0xffffffffffffffff, 0x7, 0x2, 0x10, 0x0, 0xf2a7214) mmap$auto(0x0, 0x40009, 0xe2, 0x9b72, 0x7, 0x28000) sendfile$auto(0x1, 0xffffffffffffffff, 0x0, 0x8fb5) fcntl$auto(0x0, 0x408, 0x100000) setsockopt$auto_SO_OOBINLINE(0xffffffffffffffff, 0x3, 0xa, &(0x7f0000000080)='nlctrl\x00', 0x2) close_range$auto(0x2, 0xa, 0x0) socket(0x18, 0xa, 0x1) socket(0xa, 0x2, 0x0) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "ab06fdffff00fff500"}, 0x55) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) 3.076731602s ago: executing program 4 (id=3710): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0xffffffffffffffff, 0x40000008000) r0 = io_uring_setup$auto(0x2, 0x0) openat2$dir(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', &(0x7f0000000140)={0x80040, 0x40, 0xc}, 0x18) mmap$auto(0x0, 0x2000c, 0xdf, 0x20eb1, 0x40000000000a5, 0x8000) close_range$auto(0x2, 0x8, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x0, 0x5, 0x0) openat$auto_ep0_operations_inode(0xffffffffffffff9c, &(0x7f0000000040), 0x2a0000, 0x0) epoll_create$auto(0x1) open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) r2 = fcntl$auto(r1, 0x410, 0x0) unlink$auto(&(0x7f0000000000)='./file0\x00') r3 = pipe2$auto(0x0, 0x80) socket$nl_generic(0x10, 0x3, 0x10) write$auto_uhid_fops_uhid(r3, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) listen$auto(r2, 0x200) ftruncate$auto(0xffffffffffffffff, 0x8001) close_range$auto(0x0, r0, 0x0) 3.074196488s ago: executing program 3 (id=3711): mmap$auto(0x0, 0x402000b, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) ioctl$auto(0x3, 0xc02c5341, 0x38) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x34ba42, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) migrate_pages$auto(0x0, 0xa, &(0x7f0000000100)=0x5, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x17) sendmsg$auto_GTP_CMD_NEWPDP(0xffffffffffffffff, 0x0, 0x4000804) prctl$auto(0x23, 0x200000000000009, 0x7fffffffefff, 0x0, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) pipe$auto(0x0) pipe$auto(0x0) tee$auto(0x2000000000000, 0x3, 0x402, 0xd) mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x40eb2, 0xd, 0x300000000000) mkdir$auto(&(0x7f0000000080)='./file0\x00', 0x7ff) r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x10000, 0x6) fcntl$auto_F_OFD_SETLK(r0, 0x25, 0x101) 2.789783278s ago: executing program 4 (id=3712): close_range$auto(0x2, 0xa, 0x0) socket(0xa, 0x2, 0x0) r0 = socket(0xa, 0x3, 0x3) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) socket(0xa, 0x1, 0x6) socket(0x11, 0x80003, 0x300) socket(0x2, 0x3, 0x2) socket(0x2, 0x3, 0x104) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, 0x0, 0x40, 0x0) socketpair$auto(0x3, 0x5, 0x7, 0x0) connect$auto(r0, 0x0, 0x55) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) setsockopt$auto(0x3, 0x0, 0x4, 0x0, 0x28) 2.043502864s ago: executing program 4 (id=3713): process_vm_readv$auto(0x0, 0x0, 0x1, 0x0, 0x6, 0x0) r0 = socket(0xa, 0x1, 0x0) getsockopt$auto(r0, 0x6, 0xa, &(0x7f0000000080)='$\xfe\x88\xc8\x91\x8bo\xc6#\x93\x91^\x01<\xc81\xc0\x80\xd6\xdb>f\x8c\xf7\xb6\xca\xcdi\xa6\x91R\x7f\x00B\x93H9\x19\xb4x\xb1\xb7\xd3\xe4\x00'/60, &(0x7f0000000040)=0xaa) syslog$auto(0x3, &(0x7f0000000080)='..\x00k\xac\x8c\x1d\x0e\x98\x80\xd2\xaf\xa1\xf2\x1e\xe1R1\xa2\x8e\xce\xa0\x17\bI3\'\xc5tw\xd7\x1d\xa6\xf4#+\xfa\xd7\x01\xb9j<\v\xf47\n\xa7\xd2\x8b\x11e1\xb3\xfdd\x04\xa9 1q\x97\xc4,\xa9^\xc1\xb6\x84q\x0f\xd1\x013\x87l\xb9\x1e\x05\x90\xa24X@\xadD\xf8\x9d\xf3 \xd2]\xc4\x13G\x1d\x04!\xc1\xeb.e$\xfb\xa3KU\xcf\xc1\x7fFD\x99\xf5v\v\x9dS\xc11P\xa3\xe9\xb0SqL\x85\xea\xb2\x9cY\x83.I\xca\x92\x1c\xc4\x13CV=\x92\x17c\x87iOt\x14On\x15=\v\xf0 \xc5\x8b~\xd6\xd4\xc7\xa3a\x1c\x06\x17\xb3\x88\x8c\xf1L\xba\x89a\xfd\xa5\xc6\x7fU\x00\xe5\x9b', 0x5) fchdir$auto(0xffffffffffffffff) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x403, 0x8000) statx$auto(0xffffff9c, 0x0, 0x1000, 0x1, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r1 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000200)='/proc/kcore\x00', 0x28000, 0x0) pread64$auto(r1, 0x0, 0x800003, 0x270) mlockall$auto(0x7) msgctl$auto_IPC_RMID(0x1, 0x0, 0x0) socket(0x2, 0x1, 0x106) r2 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000540)='/dev/sequencer2\x00', 0x80011, 0x0) write$auto_seq_oss_f_ops_seq_oss(r2, 0x0, 0x0) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x230) write$auto(0xffffffffffffffff, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) shmget$auto(0x100000000, 0x3, 0x79e56dc9) 1.559810573s ago: executing program 0 (id=3714): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8, 0x0) ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$auto_KVM_GET_MSRS(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000080)={0xdc}) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) pread64$auto(0xffffffffffffffff, 0x0, 0x3, 0x5ef6) ioctl$auto_SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, &(0x7f0000000040)=0x8) r0 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000300)='/dev/snd/controlC2\x00', 0x8100, 0x0) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000280)='/dev/snd/controlC2\x00', 0x80, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_LIST(r0, 0xc0505510, &(0x7f00000001c0)={0x0, 0xd, 0x5, @raw=0x80, 0x0, "5059d005d689f01a18c00f29b5fa494a0200f0fced42bcfab54dc63a1562e39e060000007c7fd574bccc61a93bf6de84233c"}) r1 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000280)='/proc/self/oom_adj\x00', 0x980, 0x0) read$auto(r1, 0x0, 0x4) r2 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) socket$nl_generic(0x10, 0x3, 0x10) writev$auto(r2, &(0x7f0000000200)={0x0, 0x3}, 0x3) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, 0x0, 0x111442, 0x0) mmap$auto(0x0, 0x200006, 0x2, 0x40eb1, 0x602, 0x300000000000) 1.36306069s ago: executing program 3 (id=3715): remap_file_pages$auto(0x6a27, 0x1000, 0x0, 0xb74, 0x66a) 1.07328636s ago: executing program 3 (id=3716): close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) open(&(0x7f0000000800)='./file0\x00', 0x62240, 0x154) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_GTP_CMD_NEWPDP(r0, &(0x7f0000003080)={0x0, 0x0, &(0x7f0000003040)={&(0x7f0000000000)={0x24, 0x0, 0x5, 0x70bd2b, 0x25dfdbfd, {}, [@GTPA_LINK={0x8, 0x1, 0x5}, @GTPA_VERSION={0x8, 0x2, 0x1}]}, 0x24}, 0x1, 0x0, 0x0, 0x4c000}, 0x80) socket(0x10, 0x2, 0x0) userfaultfd$auto(0x1) socket(0xa, 0x801, 0x84) openat$auto_ucma_fops_ucma(0xffffffffffffff9c, &(0x7f00000000c0), 0x200000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x1, 0x1, 0x1) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x801, 0x84) socket(0x2, 0x801, 0x106) socket(0xa, 0x2, 0x0) socket(0xa, 0x2, 0x3a) r1 = socket(0xa, 0x2, 0x88) bpf$auto(0x0, &(0x7f0000000000)=@link_update={r1, @new_prog_fd=0x4, 0x4, @old_prog_fd=r1}, 0xa3) 1.070589967s ago: executing program 2 (id=3717): mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) r0 = socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, 0x0, 0x0) setsockopt$auto_SO_CNX_ADVICE(r0, 0xfff, 0x35, &(0x7f0000001500)='\x00', 0x9) mmap$auto(0x0, 0x400, 0xdf, 0xeb1, 0x401, 0x8000) sysfs$auto(0x2, 0x100000000000025, 0x0) fsopen$auto(0x0, 0x1) syz_genetlink_get_family_id$auto_ipvs(0x0, r1) sendmsg$auto_NL80211_CMD_CHANNEL_SWITCH(r0, &(0x7f00000014c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000005}, 0x40011) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) close_range$auto(0x0, 0xfffffffffffff001, 0x2) process_vm_readv$auto(0x0, 0x0, 0x4, 0x0, 0xfffffffffffffffd, 0x2) execveat$auto(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x80) statx$auto(0xffffffffffffff9c, 0x0, 0x0, 0x9000000, &(0x7f0000001280)={0x4, 0xac, 0xfffffffffffffffb, 0x1, 0xee00, 0x0, 0x7, 0x100, 0xa, 0x8001, 0x2, 0x0, {0x4, 0x7}, {0x3, 0x3274925}, {0x1, 0x4}, {0x180000000000000, 0x400}, 0x10001, 0x3, 0x8, 0x727, 0x33, 0x8, 0xfffffffd, 0xfffffffffffffffd, 0xfffffffe, 0x401, 0x3, 0xc58, [0x5, 0xa71d, 0x7df5, 0x6, 0x9, 0x0, 0x8000, 0x6, 0x81]}) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vbi0\x00', 0x80382, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x2) 1.043540484s ago: executing program 0 (id=3718): openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x2, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/module/zswap/parameters/compressor\x00', 0x149182, 0x0) mmap$auto(0x0, 0x400009, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/module/workqueue/parameters/default_affinity_scope\x00', 0x1a9242, 0x0) openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, &(0x7f00000011c0), 0xa2741, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) r0 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/controlC1\x00', 0x40000, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, r0, 0x0) r2 = socket(0x10, 0x2, 0x4) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0xc) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x80, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000000140), 0x600000, 0x0) r3 = socket(0x10, 0x2, 0xc) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="18000000", @ANYRES8=r3, @ANYRES8=r1], 0x18}, 0x1, 0x0, 0x0, 0x60008004}, 0x4000050) write$auto(r2, &(0x7f0000000000)='-\x00', 0xfdef) 676.219077ms ago: executing program 3 (id=3719): close_range$auto(0x2, 0x8, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) socket(0x2, 0x801, 0x106) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) r0 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/controlC1\x00', 0x40000, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, r0, 0x0) r2 = socket(0x10, 0x2, 0x4) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_SMC_NETLINK_GET_DEV_SMCD(r3, &(0x7f0000004380)={0x0, 0x0, &(0x7f0000004340)={&(0x7f0000004300)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB='\v'], 0x14}, 0x1, 0x0, 0x0, 0x8010}, 0x810) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), r3) read$auto(r3, &(0x7f0000000000)='\x00', 0x91e2) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0xc) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000300)='/sys/fs/ocfs2/cluster_stack\x00', 0x88282, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/disk\x00', 0x100, 0x0) r4 = socket(0x10, 0x2, 0xc) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="18000000", @ANYRES8=r4, @ANYRES8=r1], 0x18}, 0x1, 0x0, 0x0, 0x60008004}, 0x4000050) write$auto(r2, &(0x7f0000000000)='-\xd3', 0xfdef) 347.482993ms ago: executing program 4 (id=3720): socket(0x6, 0x3, 0x37) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) r0 = socket(0x26, 0x5, 0x8c68) futex_waitv$auto(0x0, 0x7ff, 0x8, &(0x7f00000000c0)={0x1000000004, 0x10}, 0x4) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x74c40, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r1, 0x0, 0x20) r2 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x140082, 0x0) writev$auto(r2, &(0x7f0000000200)={0x0, 0x7}, 0x3) close_range$auto(0x2, 0x8, 0x0) close_range$auto(0x2, 0x8, 0x0) lsm_list_modules$auto(0x0, 0x0, 0x0) r3 = openat$auto_event_inject_fops_trace(0xffffffffffffff9c, 0x0, 0x2, 0x0) pwrite64$auto(r3, &(0x7f0000000340)='\v\f_U\xe0w\xbf\xe3\xb8\x92\xac.X_|\xc8R\x99!\xd2\xfb\xfe\xa7\xe4&#sn\x91p\xe6\x1eRN8\x99C\x05s\x1cJ\x99\x1d[s\x15z\x87\xe1\xb6\xba#7*/\x13\x00:\x00!\rW6\x00\x00\x00\x00\xb4\x1avP\x00\xc5\xc7\xf1\xf1`\x9f\x1e\xf9\xa4\xf8\x15\x02\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x0e\xa4\xdf\xdav\x1cC\x8a\xeeq\xf0\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2\xa7\xd1\xdd\x85\as*l\x9c\xa1\xf7\x8c\xa1\xfb\xb5\b\x00\x00\x00\x00\x00\x00\x00\xb4\xfb\x99\x00\xed\v\xfa\xaa[\f\xa2\xea40\r\xcd\x86\x9d\xac\xde\xec\x85\x93\x93\xd3G\x8c\x9b\x9d\a\xbf\x1f\x95n\x94\xbc[\xb5\xfa\xe0t\\\xbc\x11\x94\x0fF\xf9\xac\vv\xb5\xc3\xd9j\x05\boe\xa5\xc2l\x05\xbcTu\x18\xda\xf2#\x80\xd5\xb4\xf54\x04M\xc8G\x0e/\xae\xab\x9b\x14\x8f\xeb\x19\xc80Dq\x9f\f\x106\x1b\xa7\xe6jU\x00X\x8e\xe4\v\xbb\x91\a\x14\x8c\xc9z\'a\xdd\x89<\xf5\xeeC\xb4\xa7\x976\xfcO\x17\x1a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00<\xbc\xd7\xa7T^\x9fs\xec_Nl/+\x9a\xbb\xb3[\xcb\xf8\x87\x18\xe6,\xad_\xfe~M\x80X\x1ak7g\xff\xc8', 0x52, 0x5231) ioctl$auto_TUNATTACHFILTER(r0, 0x401054d5, 0x0) r4 = openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000280), 0x141182, 0x0) ioctl$auto_dvb_demux_fops_dmxdev(r4, 0x40146f2c, 0x0) openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, 0x0, 0x50ba82, 0x0) unshare$auto(0x40000080) 0s ago: executing program 3 (id=3721): r0 = openat$auto_proc_uid_map_operations_base(0xffffffffffffff9c, &(0x7f00000013c0)='/proc/self/uid_map\x00', 0x8006, 0x0) write$auto_proc_uid_map_operations_base(r0, 0x0, 0x0) kernel console output (not intermixed with test programs): ex_init_lockep+0x110/0x150 [ 554.809357][T13663] copy_net_ns+0x46f/0x7c0 [ 554.809378][T13663] create_new_namespaces+0x3ea/0xac0 [ 554.809399][T13663] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 554.809417][T13663] ksys_unshare+0x473/0xad0 [ 554.809438][T13663] ? __pfx_ksys_unshare+0x10/0x10 [ 554.809463][T13663] __x64_sys_unshare+0x31/0x40 [ 554.809480][T13663] do_syscall_64+0x106/0xf80 [ 554.809498][T13663] ? clear_bhb_loop+0x40/0x90 [ 554.809517][T13663] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 554.809532][T13663] RIP: 0033:0x7fd7d2d9c799 [ 554.809549][T13663] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 554.809566][T13663] RSP: 002b:00007fd7d3bc5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 554.809581][T13663] RAX: ffffffffffffffda RBX: 00007fd7d3015fa0 RCX: 00007fd7d2d9c799 [ 554.809592][T13663] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 554.809601][T13663] RBP: 00007fd7d2e32c99 R08: 0000000000000000 R09: 0000000000000000 [ 554.809611][T13663] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 554.809620][T13663] R13: 00007fd7d3016038 R14: 00007fd7d3015fa0 R15: 00007ffe823d9748 [ 554.809640][T13663] [ 556.495710][T13687] overlayfs: missing 'lowerdir' [ 556.902981][T13689] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2498'. [ 556.992586][T13692] netlink: 354 bytes leftover after parsing attributes in process `syz.4.2498'. [ 557.617286][T13701] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2505'. [ 558.002524][T13707] netlink: 330 bytes leftover after parsing attributes in process `syz.2.2507'. [ 558.350742][T13697] FAULT_INJECTION: forcing a failure. [ 558.350742][T13697] name failslab, interval 1, probability 0, space 0, times 0 [ 558.652609][T13697] CPU: 0 UID: 0 PID: 13697 Comm: syz.3.2503 Tainted: G L syzkaller #0 PREEMPT(full) [ 558.652637][T13697] Tainted: [L]=SOFTLOCKUP [ 558.652643][T13697] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 558.652652][T13697] Call Trace: [ 558.652658][T13697] [ 558.652664][T13697] dump_stack_lvl+0x100/0x190 [ 558.652691][T13697] should_fail_ex.cold+0x5/0xa [ 558.652711][T13697] should_failslab+0xc2/0x120 [ 558.652727][T13697] __kmalloc_node_track_caller_noprof+0xe3/0x850 [ 558.652750][T13697] ? kasprintf+0xc7/0x100 [ 558.652766][T13697] ? __lock_acquire+0x4a5/0x2630 [ 558.652788][T13697] kvasprintf+0xbc/0x150 [ 558.652803][T13697] ? __pfx_kvasprintf+0x10/0x10 [ 558.652827][T13697] kasprintf+0xc7/0x100 [ 558.652841][T13697] ? __pfx_kasprintf+0x10/0x10 [ 558.652858][T13697] ? __is_module_percpu_address+0x1c2/0x430 [ 558.652882][T13697] alloc_workqueue_noprof+0x114/0x200 [ 558.652900][T13697] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 558.652920][T13697] ? kobject_init+0x159/0x1b0 [ 558.653009][T13697] ? __alloc_disk_node+0x4d8/0x6b0 [ 558.653080][T13697] nbd_dev_add+0x51a/0xb10 [ 558.653156][T13697] ? find_held_lock+0x2b/0x80 [ 558.653171][T13697] ? __pfx_nbd_dev_add+0x10/0x10 [ 558.653191][T13697] ? nbd_genl_connect+0x131a/0x1a40 [ 558.653224][T13697] ? bpf_lsm_capable+0x9/0x10 [ 558.653242][T13697] ? __radix_tree_lookup+0x217/0x2b0 [ 558.653335][T13697] nbd_genl_connect+0xb8d/0x1a40 [ 558.653357][T13697] ? rcu_is_watching+0x12/0xc0 [ 558.653382][T13697] ? __pfx_nbd_genl_connect+0x10/0x10 [ 558.653404][T13697] ? __nla_parse+0x40/0x60 [ 558.653425][T13697] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1a0/0x280 [ 558.653449][T13697] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1aa/0x280 [ 558.653476][T13697] genl_family_rcv_msg_doit+0x214/0x300 [ 558.653500][T13697] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 558.653522][T13697] ? genl_get_cmd+0x3ef/0x720 [ 558.653547][T13697] ? __dev_queue_xmit+0x5af/0x4800 [ 558.653602][T13697] ? __radix_tree_lookup+0x217/0x2b0 [ 558.653621][T13697] genl_rcv_msg+0x560/0x800 [ 558.653649][T13697] ? __pfx_genl_rcv_msg+0x10/0x10 [ 558.653672][T13697] ? __pfx_nbd_genl_connect+0x10/0x10 [ 558.653701][T13697] netlink_rcv_skb+0x159/0x420 [ 558.653720][T13697] ? __pfx_genl_rcv_msg+0x10/0x10 [ 558.653742][T13697] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 558.653770][T13697] ? netlink_deliver_tap+0x1ae/0xcc0 [ 558.653792][T13697] genl_rcv+0x28/0x40 [ 558.653811][T13697] netlink_unicast+0x5aa/0x870 [ 558.653833][T13697] ? __pfx_netlink_unicast+0x10/0x10 [ 558.653859][T13697] netlink_sendmsg+0x8b0/0xda0 [ 558.653882][T13697] ? __pfx_netlink_sendmsg+0x10/0x10 [ 558.653900][T13697] ? __import_iovec+0x1d2/0x640 [ 558.653917][T13697] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 558.653941][T13697] ____sys_sendmsg+0x9e1/0xb70 [ 558.653962][T13697] ? __pfx_netlink_sendmsg+0x10/0x10 [ 558.653983][T13697] ? __pfx_____sys_sendmsg+0x10/0x10 [ 558.654009][T13697] ? __pfx_futex_wake_mark+0x10/0x10 [ 558.654033][T13697] ___sys_sendmsg+0x190/0x1e0 [ 558.654057][T13697] ? __pfx____sys_sendmsg+0x10/0x10 [ 558.654103][T13697] __sys_sendmsg+0x170/0x220 [ 558.654122][T13697] ? __pfx___sys_sendmsg+0x10/0x10 [ 558.654139][T13697] ? __x64_sys_futex+0x34f/0x4d0 [ 558.654169][T13697] do_syscall_64+0x106/0xf80 [ 558.654187][T13697] ? clear_bhb_loop+0x40/0x90 [ 558.654205][T13697] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 558.654221][T13697] RIP: 0033:0x7fd7d2d9c799 [ 558.654236][T13697] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 558.654250][T13697] RSP: 002b:00007fd7d3bc5028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 558.654265][T13697] RAX: ffffffffffffffda RBX: 00007fd7d3015fa0 RCX: 00007fd7d2d9c799 [ 558.654283][T13697] RDX: 0000000020040000 RSI: 0000200000000500 RDI: 0000000000000006 [ 558.654292][T13697] RBP: 00007fd7d2e32c99 R08: 0000000000000000 R09: 0000000000000000 [ 558.654302][T13697] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 558.654311][T13697] R13: 00007fd7d3016038 R14: 00007fd7d3015fa0 R15: 00007ffe823d9748 [ 558.654332][T13697] [ 560.015937][T13722] netlink: 29 bytes leftover after parsing attributes in process `syz.4.2511'. [ 560.322506][T12523] Bluetooth: hci4: unexpected event 0x02 length: 726 > 260 [ 563.130309][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 563.154307][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 563.905020][T13749] netlink: 25 bytes leftover after parsing attributes in process `syz.2.2519'. [ 564.584802][T13697] "mq-deadline" elevator initialization, failed -12, falling back to "none" [ 565.975149][T13762] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2525'. [ 566.026905][T13762] unsupported nlmsg_type 40 [ 567.446279][T13782] [U] ^\ [ 568.549881][T13808] netlink: 'syz.3.2537': attribute type 10 has an invalid length. [ 568.663674][T13808] netlink: 330 bytes leftover after parsing attributes in process `syz.3.2537'. [ 568.849214][T12523] Bluetooth: hci4: ACL packet for unknown connection handle 0 [ 569.231311][T13811] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2534'. [ 569.339009][T13817] netlink: 306 bytes leftover after parsing attributes in process `syz.3.2538'. [ 571.034643][T13836] netlink: 342 bytes leftover after parsing attributes in process `syz.4.2544'. [ 571.752199][T13844] netlink: 25 bytes leftover after parsing attributes in process `syz.4.2547'. [ 573.805339][T13849] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2549'. [ 574.275982][T13372] [drm:drm_crtc_add_crc_entry] *ERROR* Overflow of CRC buffer, userspace reads too slow. [ 576.182577][T12523] Bluetooth: hci3: SCO packet for unknown connection handle 0 [ 578.911801][T13895] zswap: compressor not available [ 579.602639][ C0] vcan0: j1939_tp_rxtimer: 0xffff888029e10400: rx timeout, send abort [ 579.862533][T13911] FAULT_INJECTION: forcing a failure. [ 579.862533][T13911] name failslab, interval 1, probability 0, space 0, times 0 [ 579.977952][T13911] CPU: 0 UID: 0 PID: 13911 Comm: syz.3.2567 Tainted: G L syzkaller #0 PREEMPT(full) [ 579.977979][T13911] Tainted: [L]=SOFTLOCKUP [ 579.977985][T13911] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 579.977994][T13911] Call Trace: [ 579.978001][T13911] [ 579.978007][T13911] dump_stack_lvl+0x100/0x190 [ 579.978036][T13911] should_fail_ex.cold+0x5/0xa [ 579.978055][T13911] should_failslab+0xc2/0x120 [ 579.978072][T13911] __kmalloc_cache_node_noprof+0x7d/0x770 [ 579.978095][T13911] ? __alloc_workqueue+0x711/0x1880 [ 579.978112][T13911] ? lockdep_init_map_type+0x5c/0x250 [ 579.978135][T13911] __alloc_workqueue+0x711/0x1880 [ 579.978155][T13911] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 579.978174][T13911] alloc_workqueue_noprof+0xd2/0x200 [ 579.978191][T13911] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 579.978214][T13911] ? __pfx___debug_object_init+0x10/0x10 [ 579.978351][T13911] nci_register_device+0x394/0xb80 [ 579.978426][T13911] ? __pfx_nci_register_device+0x10/0x10 [ 579.978453][T13911] ? lockdep_init_map_type+0x5c/0x250 [ 579.978477][T13911] virtual_ncidev_open+0x141/0x220 [ 579.978526][T13911] ? __pfx_virtual_ncidev_open+0x10/0x10 [ 579.978545][T13911] misc_open+0x26d/0x450 [ 579.978600][T13911] ? __pfx_misc_open+0x10/0x10 [ 579.978614][T13911] chrdev_open+0x234/0x6a0 [ 579.978630][T13911] ? __pfx_apparmor_file_open+0x10/0x10 [ 579.978652][T13911] ? __pfx_chrdev_open+0x10/0x10 [ 579.978668][T13911] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 579.978701][T13911] do_dentry_open+0x6d8/0x1660 [ 579.978718][T13911] ? __pfx_chrdev_open+0x10/0x10 [ 579.978788][T13911] vfs_open+0x82/0x3f0 [ 579.978812][T13911] path_openat+0x208c/0x31a0 [ 579.978836][T13911] ? __pfx_path_openat+0x10/0x10 [ 579.978860][T13911] do_file_open+0x20e/0x430 [ 579.978877][T13911] ? __pfx_do_file_open+0x10/0x10 [ 579.978907][T13911] ? alloc_fd+0x476/0x790 [ 579.978924][T13911] ? do_getname+0x191/0x390 [ 579.978944][T13911] do_sys_openat2+0x10d/0x1e0 [ 579.978963][T13911] ? __pfx_do_sys_openat2+0x10/0x10 [ 579.978986][T13911] ? __fget_files+0x21f/0x3d0 [ 579.979003][T13911] __x64_sys_openat+0x12d/0x210 [ 579.979023][T13911] ? __pfx___x64_sys_openat+0x10/0x10 [ 579.979049][T13911] do_syscall_64+0x106/0xf80 [ 579.979067][T13911] ? clear_bhb_loop+0x40/0x90 [ 579.979085][T13911] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 579.979100][T13911] RIP: 0033:0x7fd7d2d9c799 [ 579.979115][T13911] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 579.979130][T13911] RSP: 002b:00007fd7d3bc5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 579.979146][T13911] RAX: ffffffffffffffda RBX: 00007fd7d3015fa0 RCX: 00007fd7d2d9c799 [ 579.979161][T13911] RDX: 0000000000000002 RSI: 0000200000000440 RDI: ffffffffffffff9c [ 579.979170][T13911] RBP: 00007fd7d2e32c99 R08: 0000000000000000 R09: 0000000000000000 [ 579.979179][T13911] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 579.979187][T13911] R13: 00007fd7d3016038 R14: 00007fd7d3015fa0 R15: 00007ffe823d9748 [ 579.979207][T13911] [ 580.300967][ C0] vcan0: j1939_tp_rxtimer: 0xffff888029e10400: abort rx timeout. Force session deactivation [ 583.108976][T13943] zswap: compressor not available [ 583.825846][T13950] Setting dangerous option i915.mitigations - tainting kernel [ 584.316923][T13962] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2580'. [ 584.493512][T13964] netlink: 13 bytes leftover after parsing attributes in process `syz.2.2580'. [ 586.498920][T13981] netlink: 246 bytes leftover after parsing attributes in process `syz.3.2585'. [ 589.022099][T14001] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2592'. [ 589.947632][T14013] audit: audit_lost=1 audit_rate_limit=0 audit_backlog_limit=64 [ 590.221710][T14013] audit: out of memory in audit_log_start [ 593.411876][T14038] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2602'. [ 593.506356][T14038] netlink: 'syz.2.2602': attribute type 1 has an invalid length. [ 593.580722][T14041] netlink: 86 bytes leftover after parsing attributes in process `syz.0.2603'. [ 593.590061][T14038] netlink: 'syz.2.2602': attribute type 6 has an invalid length. [ 594.954729][T14060] FAULT_INJECTION: forcing a failure. [ 594.954729][T14060] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 595.081109][T14060] CPU: 0 UID: 0 PID: 14060 Comm: syz.4.2610 Tainted: G U L syzkaller #0 PREEMPT(full) [ 595.081140][T14060] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 595.081145][T14060] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 595.081155][T14060] Call Trace: [ 595.081163][T14060] [ 595.081170][T14060] dump_stack_lvl+0x100/0x190 [ 595.081200][T14060] should_fail_ex.cold+0x5/0xa [ 595.081216][T14060] ? prepare_alloc_pages+0x16d/0x5f0 [ 595.081235][T14060] should_fail_alloc_page+0xeb/0x140 [ 595.081253][T14060] prepare_alloc_pages+0x1f0/0x5f0 [ 595.081269][T14060] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 595.081288][T14060] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 595.081309][T14060] ? __kernel_text_address+0xd/0x30 [ 595.081330][T14060] ? unwind_get_return_address+0x59/0xa0 [ 595.081376][T14060] ? arch_stack_walk+0xa6/0xf0 [ 595.081397][T14060] ? __lock_acquire+0x4a5/0x2630 [ 595.081417][T14060] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 595.081439][T14060] ? __pfx_stack_trace_save+0x10/0x10 [ 595.081455][T14060] ? stack_depot_save_flags+0x27/0x9d0 [ 595.081479][T14060] ? __lock_acquire+0x4a5/0x2630 [ 595.081500][T14060] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 595.081525][T14060] ? policy_nodemask+0xed/0x4f0 [ 595.081542][T14060] alloc_pages_mpol+0x1fb/0x550 [ 595.081558][T14060] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 595.081579][T14060] alloc_pages_noprof+0x131/0x390 [ 595.081596][T14060] __pmd_alloc+0x3b/0x950 [ 595.081614][T14060] __handle_mm_fault+0xa99/0x2b60 [ 595.081637][T14060] ? mt_find+0x45e/0x8e0 [ 595.081665][T14060] ? __pfx___handle_mm_fault+0x10/0x10 [ 595.081684][T14060] ? __pfx_mt_find+0x10/0x10 [ 595.081714][T14060] ? find_vma+0xbf/0x140 [ 595.081728][T14060] ? __pfx_find_vma+0x10/0x10 [ 595.081745][T14060] handle_mm_fault+0x36d/0xa20 [ 595.081769][T14060] do_user_addr_fault+0x74c/0x12f0 [ 595.081798][T14060] exc_page_fault+0x6f/0xd0 [ 595.081817][T14060] asm_exc_page_fault+0x26/0x30 [ 595.081832][T14060] RIP: 0010:rep_movs_alternative+0xf/0x90 [ 595.081855][T14060] Code: c4 10 c3 cc cc cc cc 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 48 83 f9 40 73 44 83 f9 08 73 25 85 c9 74 0f <8a> 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 e9 fd 93 04 00 66 66 [ 595.081869][T14060] RSP: 0018:ffffc900039c7938 EFLAGS: 00050202 [ 595.081881][T14060] RAX: 0000000000000001 RBX: ffff888068240028 RCX: 0000000000000007 [ 595.081890][T14060] RDX: 0000000000000001 RSI: 0000000000000000 RDI: ffff888068240028 [ 595.081899][T14060] RBP: 0000000000000000 R08: 0000000000000001 R09: ffffed100d048005 [ 595.081907][T14060] R10: ffff88806824002e R11: 0000000000000000 R12: ffffc900039c7c40 [ 595.081917][T14060] R13: 0000000000000000 R14: 0000000000000007 R15: 0000000000000000 [ 595.081935][T14060] _copy_from_iter+0x355/0x1690 [ 595.081953][T14060] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 595.081970][T14060] ? __pfx__copy_from_iter+0x10/0x10 [ 595.081984][T14060] ? __sk_mem_raise_allocated+0x789/0x15a0 [ 595.082066][T14060] mptcp_sendmsg+0x100d/0x1e40 [ 595.082122][T14060] ? __pfx_mptcp_sendmsg+0x10/0x10 [ 595.082143][T14060] ? __pfx_mptcp_sendmsg+0x10/0x10 [ 595.082164][T14060] inet_sendmsg+0x11c/0x140 [ 595.082217][T14060] sock_write_iter+0x4ea/0x5a0 [ 595.082239][T14060] ? __pfx_inet_sendmsg+0x10/0x10 [ 595.082262][T14060] ? __pfx_sock_write_iter+0x10/0x10 [ 595.082290][T14060] ? bpf_lsm_file_permission+0x9/0x10 [ 595.082312][T14060] ? security_file_permission+0x76/0x210 [ 595.082329][T14060] ? rw_verify_area+0xce/0x6d0 [ 595.082352][T14060] vfs_write+0x6ac/0x1070 [ 595.082375][T14060] ? __pfx_sock_write_iter+0x10/0x10 [ 595.082398][T14060] ? __pfx_vfs_write+0x10/0x10 [ 595.082418][T14060] ? find_held_lock+0x2b/0x80 [ 595.082445][T14060] ksys_write+0x1f8/0x250 [ 595.082459][T14060] ? __pfx_ksys_write+0x10/0x10 [ 595.082478][T14060] do_syscall_64+0x106/0xf80 [ 595.082495][T14060] ? clear_bhb_loop+0x40/0x90 [ 595.082513][T14060] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 595.082529][T14060] RIP: 0033:0x7f04c379c799 [ 595.082542][T14060] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 595.082557][T14060] RSP: 002b:00007f04c4657028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 595.082571][T14060] RAX: ffffffffffffffda RBX: 00007f04c3a15fa0 RCX: 00007f04c379c799 [ 595.082581][T14060] RDX: 0000000000000007 RSI: 0000000000000000 RDI: 0000000000000003 [ 595.082590][T14060] RBP: 00007f04c3832c99 R08: 0000000000000000 R09: 0000000000000000 [ 595.082599][T14060] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 595.082609][T14060] R13: 00007f04c3a16038 R14: 00007f04c3a15fa0 R15: 00007fff526d3798 [ 595.082630][T14060] [ 597.276109][T14076] netlink: 186 bytes leftover after parsing attributes in process `syz.2.2615'. [ 598.294642][T14079] bridge0: port 3(team0) entered blocking state [ 598.301006][T14079] bridge0: port 3(team0) entered disabled state [ 598.585767][T14079] team0: entered allmulticast mode [ 598.591018][T14079] team_slave_0: entered allmulticast mode [ 598.844018][T14079] team_slave_1: entered allmulticast mode [ 598.969236][T14079] team0: entered promiscuous mode [ 598.988976][T14079] team_slave_0: entered promiscuous mode [ 599.040035][T14079] team_slave_1: entered promiscuous mode [ 599.090796][T14079] bridge0: port 3(team0) entered blocking state [ 599.097267][T14079] bridge0: port 3(team0) entered forwarding state [ 601.114857][T14117] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2628'. [ 601.203786][T14117] netlink: 25 bytes leftover after parsing attributes in process `syz.0.2628'. [ 601.947744][T14130] FAULT_INJECTION: forcing a failure. [ 601.947744][T14130] name failslab, interval 1, probability 0, space 0, times 0 [ 602.132485][T14130] CPU: 0 UID: 0 PID: 14130 Comm: syz.2.2632 Tainted: G U L syzkaller #0 PREEMPT(full) [ 602.132515][T14130] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 602.132521][T14130] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 602.132531][T14130] Call Trace: [ 602.132537][T14130] [ 602.132544][T14130] dump_stack_lvl+0x100/0x190 [ 602.132574][T14130] should_fail_ex.cold+0x5/0xa [ 602.132595][T14130] should_failslab+0xc2/0x120 [ 602.132612][T14130] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 602.132646][T14130] ? alloc_empty_file+0x55/0x1c0 [ 602.132673][T14130] ? __pfx_stack_trace_save+0x10/0x10 [ 602.132691][T14130] alloc_empty_file+0x55/0x1c0 [ 602.132710][T14130] path_openat+0xe8/0x31a0 [ 602.132724][T14130] ? kasan_save_stack+0x3f/0x50 [ 602.132747][T14130] ? kasan_save_stack+0x30/0x50 [ 602.132771][T14130] ? kasan_save_track+0x14/0x30 [ 602.132793][T14130] ? __kasan_slab_alloc+0x89/0x90 [ 602.132806][T14130] ? kmem_cache_alloc_noprof+0x241/0x6e0 [ 602.132828][T14130] ? do_getname+0x35/0x390 [ 602.132853][T14130] ? do_sys_openat2+0xc5/0x1e0 [ 602.132875][T14130] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 602.132896][T14130] ? __pfx_path_openat+0x10/0x10 [ 602.132918][T14130] do_file_open+0x20e/0x430 [ 602.132936][T14130] ? __pfx_do_file_open+0x10/0x10 [ 602.132966][T14130] ? alloc_fd+0x476/0x790 [ 602.132983][T14130] ? do_getname+0x191/0x390 [ 602.133002][T14130] do_sys_openat2+0x10d/0x1e0 [ 602.133022][T14130] ? __pfx_do_sys_openat2+0x10/0x10 [ 602.133048][T14130] __x64_sys_openat+0x12d/0x210 [ 602.133068][T14130] ? __pfx___x64_sys_openat+0x10/0x10 [ 602.133094][T14130] do_syscall_64+0x106/0xf80 [ 602.133113][T14130] ? clear_bhb_loop+0x40/0x90 [ 602.133131][T14130] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 602.133147][T14130] RIP: 0033:0x7f1399d9c799 [ 602.133284][T14130] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 602.133301][T14130] RSP: 002b:00007f139ace8028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 602.133316][T14130] RAX: ffffffffffffffda RBX: 00007f139a015fa0 RCX: 00007f1399d9c799 [ 602.133327][T14130] RDX: 0000000000080201 RSI: 0000000000000000 RDI: ffffffffffffff9c [ 602.133337][T14130] RBP: 00007f1399e32c99 R08: 0000000000000000 R09: 0000000000000000 [ 602.133347][T14130] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 602.133356][T14130] R13: 00007f139a016038 R14: 00007f139a015fa0 R15: 00007ffd6c9a18f8 [ 602.133377][T14130] [ 604.790308][T14142] netlink: 13 bytes leftover after parsing attributes in process `syz.0.2635'. [ 605.226961][T14149] netlink: 25 bytes leftover after parsing attributes in process `syz.0.2638'. [ 605.648037][T14154] netlink: 62 bytes leftover after parsing attributes in process `syz.0.2640'. [ 605.741968][T14157] netlink: 62 bytes leftover after parsing attributes in process `syz.0.2640'. [ 605.863279][T14157] netlink: 62 bytes leftover after parsing attributes in process `syz.0.2640'. [ 605.929876][T14157] netlink: 62 bytes leftover after parsing attributes in process `syz.0.2640'. [ 605.995281][T14157] netlink: 62 bytes leftover after parsing attributes in process `syz.0.2640'. [ 606.086571][T14157] netlink: 62 bytes leftover after parsing attributes in process `syz.0.2640'. [ 606.160458][T14157] netlink: 62 bytes leftover after parsing attributes in process `syz.0.2640'. [ 606.250306][T14157] netlink: 62 bytes leftover after parsing attributes in process `syz.0.2640'. [ 606.512960][T14157] netlink: 62 bytes leftover after parsing attributes in process `syz.0.2640'. [ 606.549916][T14157] netlink: 62 bytes leftover after parsing attributes in process `syz.0.2640'. [ 606.632556][T14157] netlink: 62 bytes leftover after parsing attributes in process `syz.0.2640'. [ 606.737091][T14157] netlink: 62 bytes leftover after parsing attributes in process `syz.0.2640'. [ 606.837254][T14163] FAULT_INJECTION: forcing a failure. [ 606.837254][T14163] name failslab, interval 1, probability 0, space 0, times 0 [ 606.916476][T14157] netlink: 62 bytes leftover after parsing attributes in process `syz.0.2640'. [ 606.955565][T14163] CPU: 0 UID: 0 PID: 14163 Comm: syz.2.2643 Tainted: G U L syzkaller #0 PREEMPT(full) [ 606.955594][T14163] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 606.955600][T14163] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 606.955609][T14163] Call Trace: [ 606.955616][T14163] [ 606.955621][T14163] dump_stack_lvl+0x100/0x190 [ 606.955650][T14163] should_fail_ex.cold+0x5/0xa [ 606.955669][T14163] should_failslab+0xc2/0x120 [ 606.955685][T14163] kmem_cache_alloc_node_noprof+0x81/0x6f0 [ 606.955709][T14163] ? __alloc_skb+0x140/0x710 [ 606.955730][T14163] __alloc_skb+0x140/0x710 [ 606.955745][T14163] ? __alloc_skb+0x5b7/0x710 [ 606.955761][T14163] ? __pfx___alloc_skb+0x10/0x10 [ 606.955779][T14163] ? sk_page_frag_refill+0x6c/0x340 [ 606.955805][T14163] kcm_sendmsg+0x1154/0x32e0 [ 606.955917][T14163] ? __pfx_kcm_sendmsg+0x10/0x10 [ 606.955936][T14163] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 606.955961][T14163] sock_sendmsg+0x35b/0x3d0 [ 606.955983][T14163] ? __pfx_kcm_sendmsg+0x10/0x10 [ 606.955998][T14163] ? __pfx_sock_sendmsg+0x10/0x10 [ 606.956036][T14163] splice_to_socket+0xb4c/0x11b0 [ 606.956051][T14163] ? touch_atime+0xa5/0x7a0 [ 606.956078][T14163] ? __pfx_splice_to_socket+0x10/0x10 [ 606.956116][T14163] ? trace_kmalloc+0x101/0x130 [ 606.956131][T14163] ? lockdep_init_map_type+0x5c/0x250 [ 606.956151][T14163] ? __pfx_pipe_lock_cmp_fn+0x10/0x10 [ 606.956175][T14163] ? __pfx_splice_to_socket+0x10/0x10 [ 606.956191][T14163] direct_splice_actor+0x192/0x6c0 [ 606.956216][T14163] splice_direct_to_actor+0x345/0xa30 [ 606.956233][T14163] ? __pfx_direct_splice_actor+0x10/0x10 [ 606.956259][T14163] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 606.956280][T14163] do_splice_direct+0x174/0x240 [ 606.956295][T14163] ? __pfx_do_splice_direct+0x10/0x10 [ 606.956310][T14163] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 606.956334][T14163] ? bpf_lsm_file_permission+0x9/0x10 [ 606.956363][T14163] ? security_file_permission+0x76/0x210 [ 606.956381][T14163] ? rw_verify_area+0xce/0x6d0 [ 606.956404][T14163] do_sendfile+0xadc/0xe20 [ 606.956430][T14163] ? __pfx_do_sendfile+0x10/0x10 [ 606.956456][T14163] ? __x64_sys_futex+0x34f/0x4d0 [ 606.956474][T14163] ? __x64_sys_futex+0x358/0x4d0 [ 606.956494][T14163] __x64_sys_sendfile64+0x1d8/0x220 [ 606.956512][T14163] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 606.956534][T14163] do_syscall_64+0x106/0xf80 [ 606.956553][T14163] ? clear_bhb_loop+0x40/0x90 [ 606.956571][T14163] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 606.956586][T14163] RIP: 0033:0x7f1399d9c799 [ 606.956601][T14163] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 606.956615][T14163] RSP: 002b:00007f139ace8028 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 606.956631][T14163] RAX: ffffffffffffffda RBX: 00007f139a015fa0 RCX: 00007f1399d9c799 [ 606.956641][T14163] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000001 [ 606.956650][T14163] RBP: 00007f1399e32c99 R08: 0000000000000000 R09: 0000000000000000 [ 606.956659][T14163] R10: 000000007ffff011 R11: 0000000000000246 R12: 0000000000000000 [ 606.956669][T14163] R13: 00007f139a016038 R14: 00007f139a015fa0 R15: 00007ffd6c9a18f8 [ 606.956690][T14163] [ 607.287058][T14157] netlink: 62 bytes leftover after parsing attributes in process `syz.0.2640'. [ 607.296472][T14157] netlink: 62 bytes leftover after parsing attributes in process `syz.0.2640'. [ 607.305813][T14157] netlink: 62 bytes leftover after parsing attributes in process `syz.0.2640'. [ 608.486926][T14170] vcan0: tx drop: invalid sa for name 0x00000000000000fd [ 609.118759][T14182] FAULT_INJECTION: forcing a failure. [ 609.118759][T14182] name failslab, interval 1, probability 0, space 0, times 0 [ 609.225021][T14182] CPU: 0 UID: 0 PID: 14182 Comm: syz.4.2650 Tainted: G U L syzkaller #0 PREEMPT(full) [ 609.225051][T14182] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 609.225057][T14182] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 609.225067][T14182] Call Trace: [ 609.225073][T14182] [ 609.225080][T14182] dump_stack_lvl+0x100/0x190 [ 609.225108][T14182] should_fail_ex.cold+0x5/0xa [ 609.225127][T14182] should_failslab+0xc2/0x120 [ 609.225143][T14182] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 609.225166][T14182] ? alloc_inode+0x183/0x250 [ 609.225185][T14182] ? find_inode_fast+0x1fa/0x910 [ 609.225207][T14182] alloc_inode+0x183/0x250 [ 609.225226][T14182] iget_locked+0x1d9/0x6d0 [ 609.225246][T14182] ? __pfx_iget_locked+0x10/0x10 [ 609.225264][T14182] ? kernfs_root+0xee/0x2a0 [ 609.225283][T14182] ? kernfs_root+0xee/0x2a0 [ 609.225307][T14182] kernfs_get_inode+0x46/0x470 [ 609.225328][T14182] kernfs_iop_lookup+0x1a7/0x2d0 [ 609.225350][T14182] __lookup_slow+0x251/0x460 [ 609.225370][T14182] ? __pfx___lookup_slow+0x10/0x10 [ 609.225399][T14182] ? __d_lookup+0x266/0x4a0 [ 609.225423][T14182] lookup_slow+0x50/0x70 [ 609.225442][T14182] link_path_walk+0x1377/0x1cc0 [ 609.225470][T14182] path_openat+0x1be/0x31a0 [ 609.225484][T14182] ? kasan_save_stack+0x3f/0x50 [ 609.225505][T14182] ? kasan_save_stack+0x30/0x50 [ 609.225525][T14182] ? kasan_save_track+0x14/0x30 [ 609.225546][T14182] ? kmem_cache_alloc_noprof+0x241/0x6e0 [ 609.225572][T14182] ? __pfx_path_openat+0x10/0x10 [ 609.225606][T14182] do_file_open+0x20e/0x430 [ 609.225623][T14182] ? __pfx_do_file_open+0x10/0x10 [ 609.225653][T14182] ? alloc_fd+0x476/0x790 [ 609.225671][T14182] ? do_getname+0x191/0x390 [ 609.225691][T14182] do_sys_openat2+0x10d/0x1e0 [ 609.225711][T14182] ? __pfx_do_sys_openat2+0x10/0x10 [ 609.225737][T14182] __x64_sys_openat+0x12d/0x210 [ 609.225757][T14182] ? __pfx___x64_sys_openat+0x10/0x10 [ 609.225784][T14182] do_syscall_64+0x106/0xf80 [ 609.225802][T14182] ? clear_bhb_loop+0x40/0x90 [ 609.225820][T14182] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 609.225836][T14182] RIP: 0033:0x7f04c379c799 [ 609.225850][T14182] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 609.225865][T14182] RSP: 002b:00007f04c4657028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 609.225880][T14182] RAX: ffffffffffffffda RBX: 00007f04c3a15fa0 RCX: 00007f04c379c799 [ 609.225890][T14182] RDX: 0000000000183841 RSI: 0000200000000280 RDI: ffffffffffffff9c [ 609.225900][T14182] RBP: 00007f04c3832c99 R08: 0000000000000000 R09: 0000000000000000 [ 609.225909][T14182] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 609.225917][T14182] R13: 00007f04c3a16038 R14: 00007f04c3a15fa0 R15: 00007fff526d3798 [ 609.225937][T14182] [ 611.226136][T14198] __nla_validate_parse: 30 callbacks suppressed [ 611.226153][T14198] netlink: 246 bytes leftover after parsing attributes in process `syz.2.2658'. [ 612.238118][T14214] FAULT_INJECTION: forcing a failure. [ 612.238118][T14214] name failslab, interval 1, probability 0, space 0, times 0 [ 612.375381][T14214] CPU: 0 UID: 0 PID: 14214 Comm: syz.2.2664 Tainted: G U L syzkaller #0 PREEMPT(full) [ 612.375411][T14214] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 612.375417][T14214] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 612.375427][T14214] Call Trace: [ 612.375432][T14214] [ 612.375439][T14214] dump_stack_lvl+0x100/0x190 [ 612.375467][T14214] should_fail_ex.cold+0x5/0xa [ 612.375487][T14214] should_failslab+0xc2/0x120 [ 612.375515][T14214] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 612.375539][T14214] ? ptlock_alloc+0x1f/0x70 [ 612.375563][T14214] ptlock_alloc+0x1f/0x70 [ 612.375582][T14214] pte_alloc_one+0x82/0x3d0 [ 612.375602][T14214] do_fault+0x88e/0x1990 [ 612.375618][T14214] ? __pmd_alloc+0x3fb/0x950 [ 612.375637][T14214] __handle_mm_fault+0x180f/0x2b60 [ 612.375660][T14214] ? mt_find+0x45e/0x8e0 [ 612.375681][T14214] ? __pfx___handle_mm_fault+0x10/0x10 [ 612.375699][T14214] ? __pfx_mt_find+0x10/0x10 [ 612.375728][T14214] ? find_vma+0xbf/0x140 [ 612.375742][T14214] ? __pfx_find_vma+0x10/0x10 [ 612.375758][T14214] handle_mm_fault+0x36d/0xa20 [ 612.375781][T14214] do_user_addr_fault+0x74c/0x12f0 [ 612.375809][T14214] exc_page_fault+0x6f/0xd0 [ 612.375827][T14214] asm_exc_page_fault+0x26/0x30 [ 612.375843][T14214] RIP: 0010:rep_movs_alternative+0x30/0x90 [ 612.375866][T14214] Code: 83 f9 08 73 25 85 c9 74 0f 8a 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 e9 fd 93 04 00 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 <48> 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 [ 612.375881][T14214] RSP: 0018:ffffc90004977b78 EFLAGS: 00050212 [ 612.375893][T14214] RAX: 0000000000000001 RBX: 0000000000000000 RCX: 0000000000000022 [ 612.375902][T14214] RDX: 0000000000000001 RSI: 0000000000000000 RDI: ffffc90004977bd8 [ 612.375911][T14214] RBP: 0000000000000022 R08: 0000000000000001 R09: fffff5200092ef7f [ 612.375920][T14214] R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000000 [ 612.375928][T14214] R13: ffffc90004977bd8 R14: ffffc90004977ca0 R15: ffffc90004977bd8 [ 612.375948][T14214] _copy_from_user+0x98/0xd0 [ 612.375965][T14214] kstrtouint_from_user+0xd6/0x1d0 [ 612.375984][T14214] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 612.376005][T14214] ? __lock_acquire+0x4a5/0x2630 [ 612.376026][T14214] ? lock_acquire+0x1cf/0x380 [ 612.376048][T14214] proc_fail_nth_write+0x83/0x220 [ 612.376066][T14214] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 612.376090][T14214] vfs_write+0x2aa/0x1070 [ 612.376113][T14214] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 612.376133][T14214] ? __pfx_vfs_write+0x10/0x10 [ 612.376154][T14214] ? __fget_files+0x215/0x3d0 [ 612.376172][T14214] ? __fget_files+0x21f/0x3d0 [ 612.376191][T14214] ksys_write+0x12a/0x250 [ 612.376205][T14214] ? __pfx_ksys_write+0x10/0x10 [ 612.376224][T14214] do_syscall_64+0x106/0xf80 [ 612.376241][T14214] ? clear_bhb_loop+0x40/0x90 [ 612.376259][T14214] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 612.376274][T14214] RIP: 0033:0x7f1399d9c799 [ 612.376286][T14214] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 612.376300][T14214] RSP: 002b:00007f139ace8028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 612.376314][T14214] RAX: ffffffffffffffda RBX: 00007f139a015fa0 RCX: 00007f1399d9c799 [ 612.376323][T14214] RDX: 0000000000100082 RSI: 0000000000000000 RDI: 0000000000000003 [ 612.376332][T14214] RBP: 00007f1399e32c99 R08: 0000000000000000 R09: 0000000000000000 [ 612.376342][T14214] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 612.376351][T14214] R13: 00007f139a016038 R14: 00007f139a015fa0 R15: 00007ffd6c9a18f8 [ 612.376371][T14214] [ 616.154859][T14244] netlink: 186 bytes leftover after parsing attributes in process `syz.2.2671'. [ 616.355080][T14247] netlink: 330 bytes leftover after parsing attributes in process `syz.4.2672'. [ 617.476363][T12523] Bluetooth: hci1: unexpected event 0x3e length: 726 > 260 [ 617.476394][T12523] Bluetooth: hci1: unexpected subevent 0x0d length: 725 > 260 [ 617.491676][T12523] Bluetooth: hci1: Unknown advertising packet type: 0x7f [ 617.491733][T12523] Bluetooth: hci1: adv larger than maximum supported [ 617.501966][T12523] Bluetooth: hci1: adv larger than maximum supported [ 617.509778][T12523] Bluetooth: hci1: Malformed LE Event: 0x0d [ 618.477343][T14267] FAULT_INJECTION: forcing a failure. [ 618.477343][T14267] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 618.805084][T14267] CPU: 0 UID: 0 PID: 14267 Comm: syz.3.2677 Tainted: G U L syzkaller #0 PREEMPT(full) [ 618.805113][T14267] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 618.805119][T14267] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 618.805129][T14267] Call Trace: [ 618.805134][T14267] [ 618.805141][T14267] dump_stack_lvl+0x100/0x190 [ 618.805170][T14267] should_fail_ex.cold+0x5/0xa [ 618.805186][T14267] ? prepare_alloc_pages+0x16d/0x5f0 [ 618.805205][T14267] should_fail_alloc_page+0xeb/0x140 [ 618.805222][T14267] prepare_alloc_pages+0x1f0/0x5f0 [ 618.805243][T14267] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 618.805266][T14267] ? rcu_is_watching+0x12/0xc0 [ 618.805287][T14267] ? trace_mm_page_alloc+0x17a/0x1d0 [ 618.805304][T14267] ? __alloc_frozen_pages_noprof+0x2b1/0x2ba0 [ 618.805326][T14267] ? vhost_dev_set_owner+0x190/0xa30 [ 618.805437][T14267] ? stack_trace_save+0x8e/0xc0 [ 618.805452][T14267] ? __pfx_stack_trace_save+0x10/0x10 [ 618.805467][T14267] ? stack_depot_save_flags+0x27/0x9d0 [ 618.805484][T14267] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 618.805508][T14267] ? vhost_dev_set_owner+0x190/0xa30 [ 618.805524][T14267] ? kasan_save_stack+0x3f/0x50 [ 618.805546][T14267] ? kasan_save_stack+0x30/0x50 [ 618.805567][T14267] ? kasan_save_track+0x14/0x30 [ 618.805589][T14267] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 618.805622][T14267] ? __lock_acquire+0x4a5/0x2630 [ 618.805651][T14267] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 618.805677][T14267] ? policy_nodemask+0xed/0x4f0 [ 618.805695][T14267] alloc_pages_mpol+0x1fb/0x550 [ 618.805712][T14267] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 618.805732][T14267] ? vhost_dev_set_owner+0x3b2/0xa30 [ 618.805750][T14267] ___kmalloc_large_node+0x104/0x150 [ 618.805768][T14267] __kmalloc_large_node_noprof+0x1c/0x70 [ 618.805788][T14267] __kmalloc_noprof+0x5be/0x850 [ 618.805813][T14267] vhost_dev_set_owner+0x3b2/0xa30 [ 618.805837][T14267] vhost_net_ioctl+0xfa3/0x1910 [ 618.805885][T14267] ? do_vfs_ioctl+0x226/0x13e0 [ 618.805908][T14267] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 618.805928][T14267] ? __pfx_vhost_net_ioctl+0x10/0x10 [ 618.805952][T14267] ? find_held_lock+0x2b/0x80 [ 618.805965][T14267] ? __fget_files+0x215/0x3d0 [ 618.805978][T14267] ? hook_file_ioctl_common+0x146/0x410 [ 618.806015][T14267] ? __fget_files+0x21f/0x3d0 [ 618.806032][T14267] ? __pfx_vhost_net_ioctl+0x10/0x10 [ 618.806052][T14267] __x64_sys_ioctl+0x18e/0x210 [ 618.806076][T14267] do_syscall_64+0x106/0xf80 [ 618.806094][T14267] ? clear_bhb_loop+0x40/0x90 [ 618.806113][T14267] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 618.806129][T14267] RIP: 0033:0x7fd7d2d9c799 [ 618.806144][T14267] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 618.806158][T14267] RSP: 002b:00007fd7d3ba4028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 618.806174][T14267] RAX: ffffffffffffffda RBX: 00007fd7d3016090 RCX: 00007fd7d2d9c799 [ 618.806184][T14267] RDX: 0000000000000005 RSI: 000000000000af01 RDI: 0000000000000008 [ 618.806194][T14267] RBP: 00007fd7d2e32c99 R08: 0000000000000000 R09: 0000000000000000 [ 618.806203][T14267] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 618.806212][T14267] R13: 00007fd7d3016128 R14: 00007fd7d3016090 R15: 00007ffe823d9748 [ 618.806233][T14267] [ 622.002386][T14295] program syz.2.2685 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 622.871053][T14303] HfR: entered promiscuous mode [ 623.017508][T14303] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2688'. [ 623.064511][T14306] netlink: 'syz.3.2689': attribute type 4 has an invalid length. [ 623.131761][T14303] HfR: left promiscuous mode [ 623.140725][T14306] netlink: 'syz.3.2689': attribute type 5 has an invalid length. [ 623.219905][T14306] netlink: 10 bytes leftover after parsing attributes in process `syz.3.2689'. [ 623.634513][T14317] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2692'. [ 624.514643][T14330] FAULT_INJECTION: forcing a failure. [ 624.514643][T14330] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 624.584369][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.604973][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 624.635853][T14330] CPU: 0 UID: 0 PID: 14330 Comm: syz.3.2697 Tainted: G U L syzkaller #0 PREEMPT(full) [ 624.635880][T14330] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 624.635887][T14330] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 624.635897][T14330] Call Trace: [ 624.635902][T14330] [ 624.635909][T14330] dump_stack_lvl+0x100/0x190 [ 624.635937][T14330] should_fail_ex.cold+0x5/0xa [ 624.635956][T14330] _copy_to_user+0x32/0xd0 [ 624.635973][T14330] io_uring_setup.cold+0x152d/0x1d09 [ 624.635997][T14330] ? __pfx_io_uring_setup+0x10/0x10 [ 624.636099][T14330] ? __pfx_do_futex+0x10/0x10 [ 624.636118][T14330] ? __pfx_do_sys_openat2+0x10/0x10 [ 624.636147][T14330] ? xfd_validate_state+0x129/0x190 [ 624.636173][T14330] __x64_sys_io_uring_setup+0xc2/0x170 [ 624.636192][T14330] do_syscall_64+0x106/0xf80 [ 624.636210][T14330] ? clear_bhb_loop+0x40/0x90 [ 624.636228][T14330] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 624.636244][T14330] RIP: 0033:0x7fd7d2d9c799 [ 624.636258][T14330] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 624.636272][T14330] RSP: 002b:00007fd7d3bc5028 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 624.636287][T14330] RAX: ffffffffffffffda RBX: 00007fd7d3015fa0 RCX: 00007fd7d2d9c799 [ 624.636296][T14330] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005 [ 624.636305][T14330] RBP: 00007fd7d2e32c99 R08: 0000000000000000 R09: 0000000000000000 [ 624.636314][T14330] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 624.636323][T14330] R13: 00007fd7d3016038 R14: 00007fd7d3015fa0 R15: 00007ffe823d9748 [ 624.636342][T14330] [ 625.194544][T14328] netlink: 354 bytes leftover after parsing attributes in process `syz.0.2696'. [ 629.337985][T14374] netlink: 25 bytes leftover after parsing attributes in process `syz.3.2709'. [ 629.559533][T14372] FAULT_INJECTION: forcing a failure. [ 629.559533][T14372] name failslab, interval 1, probability 0, space 0, times 0 [ 629.883289][T14372] CPU: 0 UID: 0 PID: 14372 Comm: syz.2.2708 Tainted: G U L syzkaller #0 PREEMPT(full) [ 629.883319][T14372] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 629.883325][T14372] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 629.883335][T14372] Call Trace: [ 629.883340][T14372] [ 629.883347][T14372] dump_stack_lvl+0x100/0x190 [ 629.883375][T14372] should_fail_ex.cold+0x5/0xa [ 629.883395][T14372] ? process_preds+0x4c2/0x1d90 [ 629.883444][T14372] should_failslab+0xc2/0x120 [ 629.883461][T14372] __kmalloc_noprof+0xe0/0x850 [ 629.883487][T14372] process_preds+0x4c2/0x1d90 [ 629.883513][T14372] ? create_filter_start.constprop.0+0x134/0x310 [ 629.883538][T14372] create_filter+0x140/0x210 [ 629.883560][T14372] ? __pfx_create_filter+0x10/0x10 [ 629.883583][T14372] ? find_held_lock+0x2b/0x80 [ 629.883600][T14372] apply_event_filter+0x220/0x500 [ 629.883623][T14372] ? __pfx_apply_event_filter+0x10/0x10 [ 629.883651][T14372] event_filter_write+0x16d/0x290 [ 629.883669][T14372] vfs_write+0x2aa/0x1070 [ 629.883693][T14372] ? __pfx_event_filter_write+0x10/0x10 [ 629.883712][T14372] ? __pfx_vfs_write+0x10/0x10 [ 629.883733][T14372] ? __fget_files+0x215/0x3d0 [ 629.883752][T14372] ? __fget_files+0x21f/0x3d0 [ 629.883771][T14372] ksys_write+0x12a/0x250 [ 629.883784][T14372] ? __pfx_ksys_write+0x10/0x10 [ 629.883803][T14372] do_syscall_64+0x106/0xf80 [ 629.883824][T14372] ? clear_bhb_loop+0x40/0x90 [ 629.883843][T14372] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 629.883859][T14372] RIP: 0033:0x7f1399d9c799 [ 629.883874][T14372] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 629.883888][T14372] RSP: 002b:00007f139ace8028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 629.883903][T14372] RAX: ffffffffffffffda RBX: 00007f139a015fa0 RCX: 00007f1399d9c799 [ 629.883913][T14372] RDX: 00000000000005c8 RSI: 0000000000000000 RDI: 0000000000000003 [ 629.883922][T14372] RBP: 00007f1399e32c99 R08: 0000000000000000 R09: 0000000000000000 [ 629.883931][T14372] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 629.883940][T14372] R13: 00007f139a016038 R14: 00007f139a015fa0 R15: 00007ffd6c9a18f8 [ 629.883960][T14372] [ 632.280986][T14399] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2716'. [ 632.527021][T14399] i: entered promiscuous mode [ 632.680604][T14403] HfR: entered promiscuous mode [ 633.383410][T14416] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2719'. [ 633.709534][T14416] vlan1: entered promiscuous mode [ 633.716984][T14416] vlan1: entered allmulticast mode [ 633.775546][T14416] veth0_vlan: entered allmulticast mode [ 636.175053][T14435] FAULT_INJECTION: forcing a failure. [ 636.175053][T14435] name failslab, interval 1, probability 0, space 0, times 0 [ 636.188957][T14437] netlink: 330 bytes leftover after parsing attributes in process `syz.3.2727'. [ 636.375961][T14435] CPU: 0 UID: 0 PID: 14435 Comm: syz.2.2726 Tainted: G U L syzkaller #0 PREEMPT(full) [ 636.375988][T14435] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 636.375994][T14435] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 636.376004][T14435] Call Trace: [ 636.376009][T14435] [ 636.376015][T14435] dump_stack_lvl+0x100/0x190 [ 636.376044][T14435] should_fail_ex.cold+0x5/0xa [ 636.376063][T14435] should_failslab+0xc2/0x120 [ 636.376079][T14435] __kmalloc_node_noprof+0xe6/0x850 [ 636.376100][T14435] ? __blk_mq_realloc_hw_ctxs+0x579/0x820 [ 636.376185][T14435] __blk_mq_realloc_hw_ctxs+0x579/0x820 [ 636.376204][T14435] ? lockdep_init_map_type+0x5c/0x250 [ 636.376227][T14435] blk_mq_init_allocated_queue+0x308/0x1440 [ 636.376251][T14435] ? blk_alloc_queue+0x627/0x790 [ 636.376292][T14435] ? blk_alloc_queue+0x1a3/0x790 [ 636.376311][T14435] blk_mq_alloc_queue+0x1bd/0x290 [ 636.376332][T14435] ? __pfx_blk_mq_alloc_queue+0x10/0x10 [ 636.376362][T14435] ? blk_mq_alloc_tag_set+0xe2c/0x1330 [ 636.376388][T14435] __blk_mq_alloc_disk+0x29/0x120 [ 636.376409][T14435] loop_add+0x498/0xb60 [ 636.376427][T14435] ? __pfx_loop_add+0x10/0x10 [ 636.376455][T14435] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 636.376482][T14435] loop_control_ioctl+0xae/0x620 [ 636.376501][T14435] ? __pfx_loop_control_ioctl+0x10/0x10 [ 636.376518][T14435] ? xfd_validate_state+0x129/0x190 [ 636.376540][T14435] ? __pfx_loop_control_ioctl+0x10/0x10 [ 636.376559][T14435] __x64_sys_ioctl+0x18e/0x210 [ 636.376582][T14435] do_syscall_64+0x106/0xf80 [ 636.376599][T14435] ? clear_bhb_loop+0x40/0x90 [ 636.376617][T14435] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 636.376632][T14435] RIP: 0033:0x7f1399d9c799 [ 636.376646][T14435] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 636.376661][T14435] RSP: 002b:00007f139ace8028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 636.376676][T14435] RAX: ffffffffffffffda RBX: 00007f139a015fa0 RCX: 00007f1399d9c799 [ 636.376686][T14435] RDX: fffffffffffffffd RSI: 0000000000004c80 RDI: 0000000000000002 [ 636.376697][T14435] RBP: 00007f1399e32c99 R08: 0000000000000000 R09: 0000000000000000 [ 636.376706][T14435] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 636.376716][T14435] R13: 00007f139a016038 R14: 00007f139a015fa0 R15: 00007ffd6c9a18f8 [ 636.376744][T14435] [ 637.537197][T14449] netlink: 326 bytes leftover after parsing attributes in process `syz.0.2731'. [ 637.840007][T14458] netlink: 330 bytes leftover after parsing attributes in process `syz.4.2733'. [ 638.072807][T14458] : renamed from bond_slave_0 (while UP) [ 638.135873][T14458] netlink: 330 bytes leftover after parsing attributes in process `syz.4.2733'. [ 638.735643][T14473] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2738'. [ 639.055748][T14473] veth1_macvtap: left promiscuous mode [ 639.572741][T14479] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2739'. [ 639.733002][T14479] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 639.786077][T14479] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 639.889753][T14479] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 639.935673][T14479] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 640.614834][T14487] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2742'. [ 640.964263][T14487] bond0: (slave bond_slave_0): Releasing backup interface [ 642.108816][T14503] netlink: 504 bytes leftover after parsing attributes in process `syz.2.2747'. [ 642.193348][T14506] netlink: 350 bytes leftover after parsing attributes in process `syz.2.2747'. [ 642.762397][T14508] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 642.862250][T14508] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 642.973091][T14508] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 643.114588][T14508] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 643.244924][T14508] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 643.332538][T14508] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 643.810552][T14525] netlink: 9 bytes leftover after parsing attributes in process `syz.3.2753'. [ 643.825240][T14527] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2752'. [ 644.206605][T14529] netlink: 2468 bytes leftover after parsing attributes in process `syz.3.2754'. [ 644.350762][T14533] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2756'. [ 644.424378][T14533] netlink: 25 bytes leftover after parsing attributes in process `syz.4.2756'. [ 644.804776][T12523] Bluetooth: hci1: command 0x0c1a tx timeout [ 644.885643][T12523] Bluetooth: hci3: command 0x0c1a tx timeout [ 645.045792][T12523] Bluetooth: hci4: command 0x0406 tx timeout [ 645.287672][T12523] Bluetooth: hci0: command 0x0406 tx timeout [ 645.964682][T14554] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2761'. [ 646.050662][T14554] team0: left allmulticast mode [ 646.104029][T14554] team_slave_0: left allmulticast mode [ 646.145472][T14554] team_slave_1: left allmulticast mode [ 646.185327][T14554] team0: left promiscuous mode [ 646.226798][T14554] team_slave_0: left promiscuous mode [ 646.284564][T14554] team_slave_1: left promiscuous mode [ 646.334285][T14554] bridge0: port 3(team0) entered disabled state [ 646.469864][T14554] bridge_slave_1: left allmulticast mode [ 646.525309][T14554] bridge_slave_1: left promiscuous mode [ 646.552503][T14554] bridge0: port 2(bridge_slave_1) entered disabled state [ 646.620648][T14554] bridge_slave_0: left allmulticast mode [ 646.698148][T14554] bridge_slave_0: left promiscuous mode [ 646.769635][T14554] bridge0: port 1(bridge_slave_0) entered disabled state [ 647.125128][T12523] Bluetooth: hci4: command 0x0406 tx timeout [ 647.373212][T12523] Bluetooth: hci0: command 0x0406 tx timeout [ 650.491068][T14600] netlink: 186 bytes leftover after parsing attributes in process `syz.2.2776'. [ 660.556462][T14699] FAULT_INJECTION: forcing a failure. [ 660.556462][T14699] name failslab, interval 1, probability 0, space 0, times 0 [ 660.686845][T14699] CPU: 0 UID: 0 PID: 14699 Comm: syz.4.2802 Tainted: G U L syzkaller #0 PREEMPT(full) [ 660.686876][T14699] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 660.686882][T14699] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 660.686892][T14699] Call Trace: [ 660.686897][T14699] [ 660.686903][T14699] dump_stack_lvl+0x100/0x190 [ 660.686935][T14699] should_fail_ex.cold+0x5/0xa [ 660.686956][T14699] should_failslab+0xc2/0x120 [ 660.686974][T14699] __kmalloc_cache_noprof+0x7a/0x6f0 [ 660.686994][T14699] ? kvm_set_irq_routing+0x24f/0x960 [ 660.687053][T14699] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 660.687082][T14699] kvm_set_irq_routing+0x24f/0x960 [ 660.687110][T14699] kvm_arch_vm_ioctl+0xf08/0x18d0 [ 660.687139][T14699] ? __pfx_kvm_arch_vm_ioctl+0x10/0x10 [ 660.687162][T14699] ? __lock_acquire+0x4a5/0x2630 [ 660.687186][T14699] ? __lock_acquire+0x4a5/0x2630 [ 660.687208][T14699] ? __lock_acquire+0x4a5/0x2630 [ 660.687230][T14699] ? __lock_acquire+0x4a5/0x2630 [ 660.687260][T14699] ? is_bpf_text_address+0x8a/0x1a0 [ 660.687283][T14699] ? bpf_ksym_find+0x124/0x1c0 [ 660.687300][T14699] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 660.687317][T14699] ? is_bpf_text_address+0x94/0x1a0 [ 660.687338][T14699] ? kernel_text_address+0x8d/0x100 [ 660.687359][T14699] ? __kernel_text_address+0xd/0x30 [ 660.687380][T14699] ? unwind_get_return_address+0x59/0xa0 [ 660.687396][T14699] ? arch_stack_walk+0xa6/0xf0 [ 660.687417][T14699] ? tomoyo_path_number_perm+0x46d/0x580 [ 660.687520][T14699] ? stack_trace_save+0x8e/0xc0 [ 660.687535][T14699] ? __pfx_stack_trace_save+0x10/0x10 [ 660.687550][T14699] ? stack_depot_save_flags+0x27/0x9d0 [ 660.687569][T14699] ? __lock_acquire+0x4a5/0x2630 [ 660.687588][T14699] ? tomoyo_path_number_perm+0x46d/0x580 [ 660.687610][T14699] ? kasan_save_stack+0x3f/0x50 [ 660.687631][T14699] ? kasan_save_stack+0x30/0x50 [ 660.687659][T14699] ? kasan_save_track+0x14/0x30 [ 660.687680][T14699] ? kasan_save_free_info+0x3b/0x70 [ 660.687699][T14699] ? __kasan_slab_free+0x5f/0x80 [ 660.687716][T14699] kvm_vm_ioctl+0x1564/0x4080 [ 660.687743][T14699] ? __pfx_kvm_vm_ioctl+0x10/0x10 [ 660.687769][T14699] ? tomoyo_path_number_perm+0x46d/0x580 [ 660.687793][T14699] ? kasan_quarantine_put+0x104/0x240 [ 660.687815][T14699] ? lockdep_hardirqs_on+0x78/0x100 [ 660.687841][T14699] ? find_held_lock+0x2b/0x80 [ 660.687854][T14699] ? tomoyo_path_number_perm+0x28f/0x580 [ 660.687886][T14699] ? tomoyo_path_number_perm+0x28f/0x580 [ 660.687912][T14699] ? tomoyo_path_number_perm+0x188/0x580 [ 660.687937][T14699] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 660.687959][T14699] ? futex_wait+0x125/0x380 [ 660.687986][T14699] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 660.688018][T14699] ? do_vfs_ioctl+0x226/0x13e0 [ 660.688040][T14699] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 660.688067][T14699] ? find_held_lock+0x2b/0x80 [ 660.688081][T14699] ? __fget_files+0x215/0x3d0 [ 660.688095][T14699] ? hook_file_ioctl_common+0x146/0x410 [ 660.688123][T14699] ? __fget_files+0x21f/0x3d0 [ 660.688139][T14699] ? __pfx_kvm_vm_ioctl+0x10/0x10 [ 660.688156][T14699] __x64_sys_ioctl+0x18e/0x210 [ 660.688179][T14699] do_syscall_64+0x106/0xf80 [ 660.688196][T14699] ? clear_bhb_loop+0x40/0x90 [ 660.688215][T14699] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 660.688230][T14699] RIP: 0033:0x7f04c379c799 [ 660.688246][T14699] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 660.688262][T14699] RSP: 002b:00007f04c4636028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 660.688279][T14699] RAX: ffffffffffffffda RBX: 00007f04c3a16090 RCX: 00007f04c379c799 [ 660.688289][T14699] RDX: 0010000000000402 RSI: 000000000000ae60 RDI: 0000000000000003 [ 660.688299][T14699] RBP: 00007f04c3832c99 R08: 0000000000000000 R09: 0000000000000000 [ 660.688309][T14699] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 660.688322][T14699] R13: 00007f04c3a16128 R14: 00007f04c3a16090 R15: 00007fff526d3798 [ 660.688342][T14699] [ 662.323100][T14691] MTRR 2 not used [ 664.237813][T14722] netlink: 330 bytes leftover after parsing attributes in process `syz.3.2811'. [ 665.884499][T14741] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2825'. [ 665.975722][T14738] FAULT_INJECTION: forcing a failure. [ 665.975722][T14738] name failslab, interval 1, probability 0, space 0, times 0 [ 666.204085][T14738] CPU: 0 UID: 0 PID: 14738 Comm: syz.2.2817 Tainted: G U L syzkaller #0 PREEMPT(full) [ 666.204114][T14738] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 666.204120][T14738] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 666.204129][T14738] Call Trace: [ 666.204135][T14738] [ 666.204140][T14738] dump_stack_lvl+0x100/0x190 [ 666.204169][T14738] should_fail_ex.cold+0x5/0xa [ 666.204188][T14738] should_failslab+0xc2/0x120 [ 666.204204][T14738] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 666.204225][T14738] ? fcntl_setlk+0xaa/0xe40 [ 666.204241][T14738] ? __lock_acquire+0x4a5/0x2630 [ 666.204262][T14738] fcntl_setlk+0xaa/0xe40 [ 666.204282][T14738] ? __pfx_fcntl_setlk+0x10/0x10 [ 666.204300][T14738] ? find_held_lock+0x2b/0x80 [ 666.204313][T14738] ? __might_fault+0xc5/0x140 [ 666.204333][T14738] ? __might_fault+0xc5/0x140 [ 666.204360][T14738] do_fcntl+0xf39/0x1670 [ 666.204380][T14738] ? __pfx_do_fcntl+0x10/0x10 [ 666.204396][T14738] ? __fget_files+0x215/0x3d0 [ 666.204416][T14738] ? tomoyo_file_fcntl+0x6c/0xc0 [ 666.204439][T14738] __x64_sys_fcntl+0x163/0x200 [ 666.204460][T14738] do_syscall_64+0x106/0xf80 [ 666.204482][T14738] ? clear_bhb_loop+0x40/0x90 [ 666.204500][T14738] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 666.204516][T14738] RIP: 0033:0x7f1399d9c799 [ 666.204530][T14738] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 666.204546][T14738] RSP: 002b:00007f139ace8028 EFLAGS: 00000246 ORIG_RAX: 0000000000000048 [ 666.204561][T14738] RAX: ffffffffffffffda RBX: 00007f139a015fa0 RCX: 00007f1399d9c799 [ 666.204571][T14738] RDX: 0000000000000004 RSI: 0000000000000026 RDI: 0000000000000004 [ 666.204580][T14738] RBP: 00007f1399e32c99 R08: 0000000000000000 R09: 0000000000000000 [ 666.204589][T14738] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 666.204597][T14738] R13: 00007f139a016038 R14: 00007f139a015fa0 R15: 00007ffd6c9a18f8 [ 666.204624][T14738] [ 667.034001][T14741] vlan1: entered promiscuous mode [ 667.104950][T14741] vlan1: entered allmulticast mode [ 667.480534][T14757] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2823'. [ 667.608414][T14758] netlink: 29 bytes leftover after parsing attributes in process `syz.0.2822'. [ 667.796211][T12523] Bluetooth: hci3: unexpected event 0x02 length: 726 > 260 [ 668.274521][T14764] HfR: entered promiscuous mode [ 668.475234][T14771] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2824'. [ 668.774014][T14771] HfR: left promiscuous mode [ 669.638423][T14782] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2830'. [ 669.719895][T14782] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 669.784090][T14782] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 669.858642][T14782] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 669.896956][T14782] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 670.529135][T14787] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2832'. [ 670.657215][T14791] netlink: 25 bytes leftover after parsing attributes in process `syz.3.2832'. [ 674.032345][T14828] openvswitch: HfR: Dropping previously announced user features [ 674.197975][T14830] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2843'. [ 674.395620][T14830] HfR: left promiscuous mode [ 674.756453][T14836] netlink: 25 bytes leftover after parsing attributes in process `syz.2.2844'. [ 677.318371][ T35] [drm:drm_crtc_add_crc_entry] *ERROR* Overflow of CRC buffer, userspace reads too slow. [ 679.625601][T14866] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2853'. [ 679.713113][T14866] netlink: 25 bytes leftover after parsing attributes in process `syz.4.2853'. [ 680.310543][T14872] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2856'. [ 680.411714][T14872] netlink: 13 bytes leftover after parsing attributes in process `syz.3.2856'. [ 681.217553][T14880] FAULT_INJECTION: forcing a failure. [ 681.217553][T14880] name failslab, interval 1, probability 0, space 0, times 0 [ 681.309668][T14880] CPU: 0 UID: 0 PID: 14880 Comm: syz.3.2858 Tainted: G U L syzkaller #0 PREEMPT(full) [ 681.309698][T14880] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 681.309704][T14880] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 681.309713][T14880] Call Trace: [ 681.309720][T14880] [ 681.309726][T14880] dump_stack_lvl+0x100/0x190 [ 681.309754][T14880] should_fail_ex.cold+0x5/0xa [ 681.309773][T14880] should_failslab+0xc2/0x120 [ 681.309790][T14880] __kmalloc_node_track_caller_noprof+0xe3/0x850 [ 681.309814][T14880] ? kasprintf+0xc7/0x100 [ 681.309834][T14880] kvasprintf+0xbc/0x150 [ 681.309849][T14880] ? __pfx_kvasprintf+0x10/0x10 [ 681.309865][T14880] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 681.309883][T14880] ? lockdep_hardirqs_on+0x78/0x100 [ 681.309900][T14880] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 681.309920][T14880] kasprintf+0xc7/0x100 [ 681.309934][T14880] ? __pfx_kasprintf+0x10/0x10 [ 681.309965][T14880] ieee80211_alloc_led_names+0x86/0x420 [ 681.310094][T14880] ieee80211_alloc_hw_nm+0x1934/0x22a0 [ 681.310152][T14880] mac80211_hwsim_new_radio+0x1e1/0x57d0 [ 681.310283][T14880] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 681.310310][T14880] ? __nla_validate_parse+0x1e7/0x28b0 [ 681.310330][T14880] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 681.310357][T14880] hwsim_new_radio_nl+0xc1f/0x1340 [ 681.310379][T14880] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 681.310405][T14880] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1a0/0x280 [ 681.310430][T14880] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1aa/0x280 [ 681.310456][T14880] genl_family_rcv_msg_doit+0x214/0x300 [ 681.310480][T14880] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 681.310502][T14880] ? genl_get_cmd+0x3ef/0x720 [ 681.310530][T14880] ? bpf_lsm_capable+0x9/0x10 [ 681.310548][T14880] ? security_capable+0x80/0x260 [ 681.310570][T14880] ? ns_capable+0xd2/0xf0 [ 681.310586][T14880] genl_rcv_msg+0x560/0x800 [ 681.310611][T14880] ? __pfx_genl_rcv_msg+0x10/0x10 [ 681.310632][T14880] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 681.310659][T14880] netlink_rcv_skb+0x159/0x420 [ 681.310678][T14880] ? __pfx_genl_rcv_msg+0x10/0x10 [ 681.310700][T14880] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 681.310727][T14880] ? netlink_deliver_tap+0x1ae/0xcc0 [ 681.310749][T14880] genl_rcv+0x28/0x40 [ 681.310767][T14880] netlink_unicast+0x5aa/0x870 [ 681.310789][T14880] ? __pfx_netlink_unicast+0x10/0x10 [ 681.310816][T14880] netlink_sendmsg+0x8b0/0xda0 [ 681.310838][T14880] ? __pfx_netlink_sendmsg+0x10/0x10 [ 681.310856][T14880] ? __import_iovec+0x1d2/0x640 [ 681.310881][T14880] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 681.310910][T14880] ____sys_sendmsg+0x9e1/0xb70 [ 681.310932][T14880] ? __pfx_netlink_sendmsg+0x10/0x10 [ 681.310954][T14880] ? __pfx_____sys_sendmsg+0x10/0x10 [ 681.310981][T14880] ? __pfx_futex_wake_mark+0x10/0x10 [ 681.311005][T14880] ___sys_sendmsg+0x190/0x1e0 [ 681.311037][T14880] ? __pfx____sys_sendmsg+0x10/0x10 [ 681.311085][T14880] __sys_sendmsg+0x170/0x220 [ 681.311104][T14880] ? __pfx___sys_sendmsg+0x10/0x10 [ 681.311122][T14880] ? __x64_sys_futex+0x34f/0x4d0 [ 681.311153][T14880] do_syscall_64+0x106/0xf80 [ 681.311172][T14880] ? clear_bhb_loop+0x40/0x90 [ 681.311191][T14880] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 681.311207][T14880] RIP: 0033:0x7fd7d2d9c799 [ 681.311222][T14880] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 681.311237][T14880] RSP: 002b:00007fd7d3bc5028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 681.311252][T14880] RAX: ffffffffffffffda RBX: 00007fd7d3015fa0 RCX: 00007fd7d2d9c799 [ 681.311263][T14880] RDX: 0000000000008000 RSI: 0000200000000200 RDI: 0000000000000006 [ 681.311272][T14880] RBP: 00007fd7d2e32c99 R08: 0000000000000000 R09: 0000000000000000 [ 681.311282][T14880] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 681.311291][T14880] R13: 00007fd7d3016038 R14: 00007fd7d3015fa0 R15: 00007ffe823d9748 [ 681.311312][T14880] [ 684.774807][T14899] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2866'. [ 684.852960][T14903] netlink: 25 bytes leftover after parsing attributes in process `syz.3.2866'. [ 686.007921][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 686.016198][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 688.909188][ T29] audit: type=1326 audit(4294967311.850:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14939 comm="syz.3.2877" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fd7d2d9c799 code=0x0 [ 692.269042][T14976] netlink: 186 bytes leftover after parsing attributes in process `syz.3.2886'. [ 692.506611][T14981] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2888'. [ 692.563959][T12523] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 694.158214][T14987] netlink: 'syz.4.2898': attribute type 4 has an invalid length. [ 694.236042][T14987] netlink: 'syz.4.2898': attribute type 5 has an invalid length. [ 694.243801][T14987] netlink: 10 bytes leftover after parsing attributes in process `syz.4.2898'. [ 696.084969][T15013] audit: audit_lost=2 audit_rate_limit=0 audit_backlog_limit=64 [ 696.402488][T15013] audit: out of memory in audit_log_start [ 699.470722][T15034] netlink: 9 bytes leftover after parsing attributes in process `syz.2.2900'. [ 703.930327][ T29] audit: type=1326 audit(4294967326.870:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15075 comm="syz.0.2910" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f325279c799 code=0x0 [ 709.045615][T15126] zswap: compressor not available [ 709.092229][T15138] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input10 [ 709.105524][T15139] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2926'. [ 709.449736][T15139] team0 (unregistering): Port device team_slave_0 removed [ 709.548375][T15139] team0 (unregistering): Port device team_slave_1 removed [ 715.636734][T15192] netlink: 354 bytes leftover after parsing attributes in process `syz.4.2939'. [ 716.356004][T15205] FAULT_INJECTION: forcing a failure. [ 716.356004][T15205] name failslab, interval 1, probability 0, space 0, times 0 [ 716.466591][T15205] CPU: 0 UID: 0 PID: 15205 Comm: syz.4.2952 Tainted: G U L syzkaller #0 PREEMPT(full) [ 716.466621][T15205] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 716.466626][T15205] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 716.466644][T15205] Call Trace: [ 716.466649][T15205] [ 716.466656][T15205] dump_stack_lvl+0x100/0x190 [ 716.466683][T15205] should_fail_ex.cold+0x5/0xa [ 716.466703][T15205] should_failslab+0xc2/0x120 [ 716.466720][T15205] __kmalloc_cache_noprof+0x7a/0x6f0 [ 716.466739][T15205] ? pkcs7_parse_message+0xfc/0x870 [ 716.466827][T15205] pkcs7_parse_message+0xfc/0x870 [ 716.466845][T15205] ? _request_firmware+0x274/0x13c0 [ 716.466903][T15205] verify_pkcs7_signature+0x30/0xa0 [ 716.466930][T15205] valid_regdb+0x211/0x590 [ 716.466975][T15205] ? __pfx___nla_validate_parse+0x10/0x10 [ 716.466997][T15205] ? __pfx_valid_regdb+0x10/0x10 [ 716.467014][T15205] ? rcu_is_watching+0x12/0xc0 [ 716.467041][T15205] reg_reload_regdb+0x11a/0x460 [ 716.467093][T15205] ? __pfx_reg_reload_regdb+0x10/0x10 [ 716.467116][T15205] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 716.467158][T15205] ? nl80211_pre_doit+0x19a/0xae0 [ 716.467176][T15205] genl_family_rcv_msg_doit+0x214/0x300 [ 716.467202][T15205] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 716.467224][T15205] ? genl_get_cmd+0x3ef/0x720 [ 716.467248][T15205] ? bpf_lsm_capable+0x9/0x10 [ 716.467263][T15205] ? security_capable+0x80/0x260 [ 716.467287][T15205] genl_rcv_msg+0x560/0x800 [ 716.467311][T15205] ? __pfx_genl_rcv_msg+0x10/0x10 [ 716.467332][T15205] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 716.467346][T15205] ? __pfx_nl80211_reload_regdb+0x10/0x10 [ 716.467388][T15205] ? __pfx_nl80211_post_doit+0x10/0x10 [ 716.467414][T15205] netlink_rcv_skb+0x159/0x420 [ 716.467434][T15205] ? __pfx_genl_rcv_msg+0x10/0x10 [ 716.467456][T15205] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 716.467482][T15205] ? netlink_deliver_tap+0x1ae/0xcc0 [ 716.467503][T15205] genl_rcv+0x28/0x40 [ 716.467522][T15205] netlink_unicast+0x5aa/0x870 [ 716.467544][T15205] ? __pfx_netlink_unicast+0x10/0x10 [ 716.467563][T15205] ? __pfx_netlink_broadcast_filtered+0x10/0x10 [ 716.467591][T15205] netlink_sendmsg+0x8b0/0xda0 [ 716.467613][T15205] ? __pfx_netlink_sendmsg+0x10/0x10 [ 716.467631][T15205] ? __import_iovec+0x1d2/0x640 [ 716.467648][T15205] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 716.467672][T15205] ____sys_sendmsg+0x9e1/0xb70 [ 716.467692][T15205] ? __pfx_netlink_sendmsg+0x10/0x10 [ 716.467713][T15205] ? __pfx_____sys_sendmsg+0x10/0x10 [ 716.467738][T15205] ? __pfx_futex_wake_mark+0x10/0x10 [ 716.467763][T15205] ___sys_sendmsg+0x190/0x1e0 [ 716.467787][T15205] ? __pfx____sys_sendmsg+0x10/0x10 [ 716.467832][T15205] __sys_sendmsg+0x170/0x220 [ 716.467851][T15205] ? __pfx___sys_sendmsg+0x10/0x10 [ 716.467868][T15205] ? __x64_sys_futex+0x34f/0x4d0 [ 716.467904][T15205] do_syscall_64+0x106/0xf80 [ 716.467922][T15205] ? clear_bhb_loop+0x40/0x90 [ 716.467942][T15205] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 716.467959][T15205] RIP: 0033:0x7f04c379c799 [ 716.467973][T15205] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 716.467988][T15205] RSP: 002b:00007f04c4657028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 716.468004][T15205] RAX: ffffffffffffffda RBX: 00007f04c3a15fa0 RCX: 00007f04c379c799 [ 716.468015][T15205] RDX: 0000000000008000 RSI: 0000200000000200 RDI: 0000000000000005 [ 716.468024][T15205] RBP: 00007f04c3832c99 R08: 0000000000000000 R09: 0000000000000000 [ 716.468033][T15205] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 716.468042][T15205] R13: 00007f04c3a16038 R14: 00007f04c3a15fa0 R15: 00007fff526d3798 [ 716.468063][T15205] [ 721.090163][T15235] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2958'. [ 725.103054][T15265] netlink: 306 bytes leftover after parsing attributes in process `syz.2.2957'. [ 736.352654][T15371] netlink: 350 bytes leftover after parsing attributes in process `syz.0.2987'. [ 738.271612][T15381] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2989'. [ 738.333660][T15382] netlink: 354 bytes leftover after parsing attributes in process `syz.0.2989'. [ 738.782437][T15386] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2990'. [ 739.221819][T15386] bond0: (slave bond_slave_1): Releasing backup interface [ 739.800306][T15395] Dead loop on virtual device ip6_vti0, fix it urgently! [ 739.874438][T15395] Dead loop on virtual device ip6_vti0, fix it urgently! [ 739.881951][T15395] Dead loop on virtual device ip6_vti0, fix it urgently! [ 739.997399][T15395] Dead loop on virtual device ip6_vti0, fix it urgently! [ 740.068257][T15395] Dead loop on virtual device ip6_vti0, fix it urgently! [ 740.126284][T15395] Dead loop on virtual device ip6_vti0, fix it urgently! [ 740.154836][T15398] FAULT_INJECTION: forcing a failure. [ 740.154836][T15398] name fail_futex, interval 1, probability 0, space 0, times 0 [ 740.214608][T15395] Dead loop on virtual device ip6_vti0, fix it urgently! [ 740.264487][T15395] Dead loop on virtual device ip6_vti0, fix it urgently! [ 740.272315][T15398] CPU: 0 UID: 0 PID: 15398 Comm: syz.4.2995 Tainted: G U L syzkaller #0 PREEMPT(full) [ 740.272344][T15398] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 740.272350][T15398] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 740.272360][T15398] Call Trace: [ 740.272366][T15398] [ 740.272372][T15398] dump_stack_lvl+0x100/0x190 [ 740.272401][T15398] should_fail_ex.cold+0x5/0xa [ 740.272421][T15398] get_futex_key+0x1d2/0x1620 [ 740.272441][T15398] ? __pfx_get_futex_key+0x10/0x10 [ 740.272465][T15398] futex_wake+0xea/0x530 [ 740.272488][T15398] ? __pfx_futex_wake+0x10/0x10 [ 740.272510][T15398] ? __call_rcu_common.constprop.0+0x3f0/0x9b0 [ 740.272537][T15398] do_futex+0x32b/0x350 [ 740.272556][T15398] ? __pfx_do_futex+0x10/0x10 [ 740.272574][T15398] ? __pfx___might_resched+0x10/0x10 [ 740.272595][T15398] ? blkcg_maybe_throttle_current+0x5df/0xeb0 [ 740.272710][T15398] __x64_sys_futex+0x34f/0x4d0 [ 740.272732][T15398] ? __pfx_task_work_run+0x10/0x10 [ 740.272754][T15398] ? __pfx___x64_sys_futex+0x10/0x10 [ 740.272773][T15398] ? exit_to_user_mode_loop+0xdd/0x4a0 [ 740.272797][T15398] do_syscall_64+0x106/0xf80 [ 740.272815][T15398] ? clear_bhb_loop+0x40/0x90 [ 740.272834][T15398] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 740.272851][T15398] RIP: 0033:0x7f04c379c799 [ 740.272865][T15398] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 740.272887][T15398] RSP: 002b:00007f04c46360e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 740.272903][T15398] RAX: ffffffffffffffda RBX: 00007f04c3a16098 RCX: 00007f04c379c799 [ 740.272914][T15398] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f04c3a1609c [ 740.272923][T15398] RBP: 00007f04c3a16090 R08: 0000000000000000 R09: 0000000000000000 [ 740.272933][T15398] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 740.272942][T15398] R13: 00007f04c3a16128 R14: 00007fff526d36b0 R15: 00007fff526d3798 [ 740.272962][T15398] [ 740.724517][T15395] Dead loop on virtual device ip6_vti0, fix it urgently! [ 740.764201][T15395] Dead loop on virtual device ip6_vti0, fix it urgently! [ 743.844265][T15429] futex_wake_op: syz.0.3005 tries to shift op by -2048; fix this program [ 743.950732][T15429] futex_wake_op: syz.0.3005 tries to shift op by -2048; fix this program [ 747.074538][T15456] net_ratelimit: 5 callbacks suppressed [ 747.074555][T15456] netlink: Unknown conntrack attr (type=257, max=9) [ 747.249194][ T29] audit: type=1326 audit(4294975170.144:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15452 comm="syz.4.3011" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f04c379c799 code=0x0 [ 747.454944][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 747.455015][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 748.350035][T15468] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3015'. [ 748.612734][T15471] netlink: 'syz.2.3015': attribute type 1 has an invalid length. [ 748.773146][T15471] netlink: 'syz.2.3015': attribute type 6 has an invalid length. [ 751.118269][T15483] netlink: 306 bytes leftover after parsing attributes in process `syz.0.3019'. [ 751.450313][ T3023] netdevsim netdevsim1335 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 754.044607][T15511] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3027'. [ 754.788592][T12523] Bluetooth: hci1: unexpected event 0x05 length: 43 > 4 [ 755.464146][ T29] audit: type=1800 audit(4294975178.404:10): pid=15526 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.3030" name="dbroot" dev="configfs" ino=323536 res=0 errno=0 [ 755.504551][T15511] bond0: (slave bond_slave_1): Releasing backup interface [ 756.697763][T15530] FAULT_INJECTION: forcing a failure. [ 756.697763][T15530] name failslab, interval 1, probability 0, space 0, times 0 [ 756.815413][T15530] CPU: 0 UID: 0 PID: 15530 Comm: syz.2.3032 Tainted: G U L syzkaller #0 PREEMPT(full) [ 756.815442][T15530] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 756.815448][T15530] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 756.815457][T15530] Call Trace: [ 756.815463][T15530] [ 756.815469][T15530] dump_stack_lvl+0x100/0x190 [ 756.815497][T15530] should_fail_ex.cold+0x5/0xa [ 756.815516][T15530] should_failslab+0xc2/0x120 [ 756.815532][T15530] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 756.815561][T15530] ? __kernfs_new_node+0xd2/0x960 [ 756.815584][T15530] ? kstrdup+0xb3/0xe0 [ 756.815610][T15530] __kernfs_new_node+0xd2/0x960 [ 756.815632][T15530] ? __pfx___kernfs_new_node+0x10/0x10 [ 756.815657][T15530] ? find_held_lock+0x2b/0x80 [ 756.815671][T15530] ? kernfs_root+0xee/0x2a0 [ 756.815690][T15530] ? kernfs_root+0xee/0x2a0 [ 756.815714][T15530] kernfs_new_node+0x11b/0x1a0 [ 756.815739][T15530] kernfs_create_link+0xcc/0x240 [ 756.815758][T15530] sysfs_do_create_link_sd+0x90/0x140 [ 756.815779][T15530] sysfs_create_link+0x61/0xc0 [ 756.815799][T15530] device_add+0x675/0x1950 [ 756.815816][T15530] ? alloc_workqueue_noprof+0x198/0x200 [ 756.815834][T15530] ? __pfx_device_add+0x10/0x10 [ 756.815855][T15530] nfc_register_device+0x41/0x3e0 [ 756.815955][T15530] nci_register_device+0x7f1/0xb80 [ 756.815982][T15530] ? __pfx_nci_register_device+0x10/0x10 [ 756.816008][T15530] ? lockdep_init_map_type+0x5c/0x250 [ 756.816033][T15530] virtual_ncidev_open+0x141/0x220 [ 756.816052][T15530] ? __pfx_virtual_ncidev_open+0x10/0x10 [ 756.816068][T15530] misc_open+0x26d/0x450 [ 756.816085][T15530] ? __pfx_misc_open+0x10/0x10 [ 756.816098][T15530] chrdev_open+0x234/0x6a0 [ 756.816113][T15530] ? __pfx_apparmor_file_open+0x10/0x10 [ 756.816135][T15530] ? __pfx_chrdev_open+0x10/0x10 [ 756.816151][T15530] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 756.816171][T15530] do_dentry_open+0x6d8/0x1660 [ 756.816185][T15530] ? __pfx_chrdev_open+0x10/0x10 [ 756.816204][T15530] vfs_open+0x82/0x3f0 [ 756.816225][T15530] path_openat+0x208c/0x31a0 [ 756.816247][T15530] ? __pfx_path_openat+0x10/0x10 [ 756.816269][T15530] do_file_open+0x20e/0x430 [ 756.816285][T15530] ? __pfx_do_file_open+0x10/0x10 [ 756.816314][T15530] ? alloc_fd+0x476/0x790 [ 756.816330][T15530] ? do_getname+0x191/0x390 [ 756.816350][T15530] do_sys_openat2+0x10d/0x1e0 [ 756.816368][T15530] ? __pfx_do_sys_openat2+0x10/0x10 [ 756.816395][T15530] __x64_sys_openat+0x12d/0x210 [ 756.816414][T15530] ? __pfx___x64_sys_openat+0x10/0x10 [ 756.816443][T15530] do_syscall_64+0x106/0xf80 [ 756.816460][T15530] ? clear_bhb_loop+0x40/0x90 [ 756.816478][T15530] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 756.816494][T15530] RIP: 0033:0x7f1399d9c799 [ 756.816507][T15530] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 756.816522][T15530] RSP: 002b:00007f139ace8028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 756.816537][T15530] RAX: ffffffffffffffda RBX: 00007f139a015fa0 RCX: 00007f1399d9c799 [ 756.816555][T15530] RDX: 0000000000000002 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 756.816564][T15530] RBP: 00007f1399e32c99 R08: 0000000000000000 R09: 0000000000000000 [ 756.816573][T15530] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 756.816582][T15530] R13: 00007f139a016038 R14: 00007f139a015fa0 R15: 00007ffd6c9a18f8 [ 756.816602][T15530] [ 758.352786][T15535] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_rx_wq": -EINTR [ 763.883713][T15615] syz.0.3054 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 772.276023][T15698] netlink: 'syz.3.3075': attribute type 3 has an invalid length. [ 772.425827][T15698] netlink: 306 bytes leftover after parsing attributes in process `syz.3.3075'. [ 776.497341][T12523] block nbd0: Receive control failed (result -32) [ 776.765631][ T29] audit: type=1800 audit(4294975199.704:11): pid=15722 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.3083" name="SYSV00000008" dev="tmpfs" ino=0 res=0 errno=0 [ 779.298251][T15752] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 782.734535][T12523] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 783.620956][T15795] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3104'. [ 791.067982][T15885] delete_channel: no stack [ 792.524338][T15904] netlink: 186 bytes leftover after parsing attributes in process `syz.3.3135'. [ 793.544371][T15926] netlink: 13 bytes leftover after parsing attributes in process `syz.2.3140'. [ 794.116268][T15933] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3144'. [ 794.196347][T15936] netlink: 354 bytes leftover after parsing attributes in process `syz.3.3144'. [ 795.514444][T15932] delete_channel: no stack [ 797.524172][T15770] Bluetooth: hci2: command 0x1003 tx timeout [ 797.531863][T12523] Bluetooth: hci2: Opcode 0x1003 failed: -110 [ 800.033196][T15986] FAULT_INJECTION: forcing a failure. [ 800.033196][T15986] name failslab, interval 1, probability 0, space 0, times 0 [ 800.418337][T15986] CPU: 0 UID: 8 PID: 15986 Comm: syz.2.3156 Tainted: G U L syzkaller #0 PREEMPT(full) [ 800.418369][T15986] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 800.418374][T15986] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 800.418385][T15986] Call Trace: [ 800.418391][T15986] [ 800.418397][T15986] dump_stack_lvl+0x100/0x190 [ 800.418429][T15986] should_fail_ex.cold+0x5/0xa [ 800.418449][T15986] should_failslab+0xc2/0x120 [ 800.418467][T15986] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 800.418490][T15986] ? cred_alloc_blank+0x1c/0xa0 [ 800.418513][T15986] ? __x64_sys_futex+0x34f/0x4d0 [ 800.418532][T15986] ? __x64_sys_futex+0x358/0x4d0 [ 800.418556][T15986] cred_alloc_blank+0x1c/0xa0 [ 800.418580][T15986] keyctl_session_to_parent+0x55/0xae0 [ 800.418713][T15986] __do_sys_keyctl+0x2b1/0x5a0 [ 800.418736][T15986] do_syscall_64+0x106/0xf80 [ 800.418756][T15986] ? clear_bhb_loop+0x40/0x90 [ 800.418775][T15986] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 800.418790][T15986] RIP: 0033:0x7f1399d9c799 [ 800.418805][T15986] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 800.418820][T15986] RSP: 002b:00007f139ace8028 EFLAGS: 00000246 ORIG_RAX: 00000000000000fa [ 800.418835][T15986] RAX: ffffffffffffffda RBX: 00007f139a015fa0 RCX: 00007f1399d9c799 [ 800.418845][T15986] RDX: fffffffffffffffd RSI: fffffffffffffffc RDI: 0000000000000012 [ 800.418855][T15986] RBP: 00007f1399e32c99 R08: 0000000000000001 R09: 0000000000000000 [ 800.418865][T15986] R10: fffffffffffffffd R11: 0000000000000246 R12: 0000000000000000 [ 800.418874][T15986] R13: 00007f139a016038 R14: 00007f139a015fa0 R15: 00007ffd6c9a18f8 [ 800.418894][T15986] [ 803.016644][T16012] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3163'. [ 804.015690][ T29] audit: type=1800 audit(4294975226.954:12): pid=16022 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.3166" name="dbroot" dev="configfs" ino=365101 res=0 errno=0 [ 804.062925][T16022] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3166'. [ 804.481469][T16022] team0: Port device team_slave_1 removed [ 805.266206][T16027] NFSD: Failed to start, no listeners configured. [ 806.133424][T16036] FAULT_INJECTION: forcing a failure. [ 806.133424][T16036] name failslab, interval 1, probability 0, space 0, times 0 [ 806.227056][T16036] CPU: 0 UID: 0 PID: 16036 Comm: syz.4.3171 Tainted: G U L syzkaller #0 PREEMPT(full) [ 806.227086][T16036] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 806.227092][T16036] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 806.227101][T16036] Call Trace: [ 806.227107][T16036] [ 806.227113][T16036] dump_stack_lvl+0x100/0x190 [ 806.227141][T16036] should_fail_ex.cold+0x5/0xa [ 806.227163][T16036] ? sk_prot_alloc+0x10b/0x2a0 [ 806.227185][T16036] should_failslab+0xc2/0x120 [ 806.227201][T16036] __kmalloc_noprof+0xe0/0x850 [ 806.227222][T16036] ? security_inode_alloc+0xcf/0x2c0 [ 806.227249][T16036] sk_prot_alloc+0x10b/0x2a0 [ 806.227272][T16036] sk_alloc+0x36/0xe80 [ 806.227289][T16036] __netlink_create+0x5e/0x2c0 [ 806.227308][T16036] __netlink_kernel_create+0xed/0x750 [ 806.227329][T16036] ? __pfx___netlink_kernel_create+0x10/0x10 [ 806.227354][T16036] fib_net_init+0x26d/0x3f0 [ 806.227374][T16036] ? is_module_address+0x69/0xf0 [ 806.227394][T16036] ? __pfx_fib_net_init+0x10/0x10 [ 806.227412][T16036] ? timer_init_key+0x150/0x340 [ 806.227428][T16036] ? __pfx_nl_fib_input+0x10/0x10 [ 806.227448][T16036] ? devinet_init_net+0x56c/0x8d0 [ 806.227472][T16036] ? __pfx_fib_net_init+0x10/0x10 [ 806.227490][T16036] ops_init+0x1e2/0x5f0 [ 806.227512][T16036] setup_net+0x118/0x3a0 [ 806.227530][T16036] ? __pfx_setup_net+0x10/0x10 [ 806.227547][T16036] ? lockdep_init_map_type+0x5c/0x250 [ 806.227567][T16036] ? mutex_init_lockep+0x110/0x150 [ 806.227589][T16036] copy_net_ns+0x46f/0x7c0 [ 806.227611][T16036] create_new_namespaces+0x3ea/0xac0 [ 806.227639][T16036] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 806.227657][T16036] ksys_unshare+0x473/0xad0 [ 806.227678][T16036] ? __pfx_ksys_unshare+0x10/0x10 [ 806.227704][T16036] __x64_sys_unshare+0x31/0x40 [ 806.227722][T16036] do_syscall_64+0x106/0xf80 [ 806.227740][T16036] ? clear_bhb_loop+0x40/0x90 [ 806.227758][T16036] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 806.227774][T16036] RIP: 0033:0x7f04c379c799 [ 806.227787][T16036] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 806.227802][T16036] RSP: 002b:00007f04c4657028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 806.227817][T16036] RAX: ffffffffffffffda RBX: 00007f04c3a15fa0 RCX: 00007f04c379c799 [ 806.227827][T16036] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 806.227837][T16036] RBP: 00007f04c3832c99 R08: 0000000000000000 R09: 0000000000000000 [ 806.227847][T16036] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 806.227856][T16036] R13: 00007f04c3a16038 R14: 00007f04c3a15fa0 R15: 00007fff526d3798 [ 806.227876][T16036] [ 808.886355][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 808.893341][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 813.380658][T16062] netlink: 5 bytes leftover after parsing attributes in process `syz.4.3178'. [ 813.448257][T16062] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3178'. [ 813.864728][T16067] FAULT_INJECTION: forcing a failure. [ 813.864728][T16067] name failslab, interval 1, probability 0, space 0, times 0 [ 814.023810][T16067] CPU: 0 UID: 0 PID: 16067 Comm: syz.4.3180 Tainted: G U L syzkaller #0 PREEMPT(full) [ 814.023840][T16067] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 814.023846][T16067] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 814.023855][T16067] Call Trace: [ 814.023860][T16067] [ 814.023868][T16067] dump_stack_lvl+0x100/0x190 [ 814.023897][T16067] should_fail_ex.cold+0x5/0xa [ 814.023916][T16067] should_failslab+0xc2/0x120 [ 814.023932][T16067] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 814.023955][T16067] ? __pmd_alloc+0xbf/0x950 [ 814.023976][T16067] __pmd_alloc+0xbf/0x950 [ 814.023992][T16067] ? __pud_alloc+0x52e/0x6e0 [ 814.024010][T16067] huge_pte_alloc+0x5ee/0x730 [ 814.024031][T16067] copy_hugetlb_page_range+0x4e9/0x3180 [ 814.024067][T16067] ? stack_trace_save+0x8e/0xc0 [ 814.024085][T16067] ? __pfx_copy_hugetlb_page_range+0x10/0x10 [ 814.024104][T16067] ? stack_depot_save_flags+0x27/0x9d0 [ 814.024129][T16067] ? __lock_acquire+0x4a5/0x2630 [ 814.024150][T16067] copy_page_range+0x3484/0x6570 [ 814.024174][T16067] ? __lock_acquire+0x4a5/0x2630 [ 814.024203][T16067] ? __lock_acquire+0x4a5/0x2630 [ 814.024221][T16067] ? mas_wr_store_entry+0x6d2/0x2390 [ 814.024244][T16067] ? __pfx_copy_page_range+0x10/0x10 [ 814.024270][T16067] ? __pfx___might_resched+0x10/0x10 [ 814.024299][T16067] ? up_write+0x290/0x4f0 [ 814.024324][T16067] dup_mmap+0xd25/0x2180 [ 814.024350][T16067] ? __pfx_dup_mmap+0x10/0x10 [ 814.024366][T16067] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 814.024387][T16067] ? __lock_acquire+0x4a5/0x2630 [ 814.024406][T16067] ? find_held_lock+0x2b/0x80 [ 814.024419][T16067] ? __percpu_counter_init_many+0x2bc/0x3b0 [ 814.024537][T16067] copy_process+0x73d7/0x7a10 [ 814.024565][T16067] ? __pfx_copy_process+0x10/0x10 [ 814.024592][T16067] kernel_clone+0xfc/0x9a0 [ 814.024608][T16067] ? __pfx_futex_wait+0x10/0x10 [ 814.024628][T16067] ? rep_movs_alternative+0x33/0x90 [ 814.024652][T16067] ? __pfx_kernel_clone+0x10/0x10 [ 814.024680][T16067] __do_sys_clone+0xd9/0x120 [ 814.024698][T16067] ? __pfx___do_sys_clone+0x10/0x10 [ 814.024715][T16067] ? ksys_semctl.constprop.0+0x14e/0x2e0 [ 814.024788][T16067] do_syscall_64+0x106/0xf80 [ 814.024806][T16067] ? clear_bhb_loop+0x40/0x90 [ 814.024825][T16067] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 814.024841][T16067] RIP: 0033:0x7f04c379c799 [ 814.024855][T16067] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 814.024869][T16067] RSP: 002b:00007f04c4656fd8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 814.024885][T16067] RAX: ffffffffffffffda RBX: 00007f04c3a15fa0 RCX: 00007f04c379c799 [ 814.024895][T16067] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000011 [ 814.024904][T16067] RBP: 00007f04c3832c99 R08: 0000000000000000 R09: 0000000000000000 [ 814.024913][T16067] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 814.024922][T16067] R13: 00007f04c3a16038 R14: 00007f04c3a15fa0 R15: 00007fff526d3798 [ 814.024944][T16067] [ 816.429587][T16080] netlink: 93 bytes leftover after parsing attributes in process `syz.0.3184'. [ 816.608041][T16077] netlink: 93 bytes leftover after parsing attributes in process `syz.0.3184'. [ 817.121397][T16078] [U] ^F [ 821.420922][T16139] FAULT_INJECTION: forcing a failure. [ 821.420922][T16139] name failslab, interval 1, probability 0, space 0, times 0 [ 821.532314][T16139] CPU: 0 UID: 0 PID: 16139 Comm: syz.2.3198 Tainted: G U L syzkaller #0 PREEMPT(full) [ 821.532345][T16139] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 821.532350][T16139] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 821.532360][T16139] Call Trace: [ 821.532365][T16139] [ 821.532372][T16139] dump_stack_lvl+0x100/0x190 [ 821.532413][T16139] should_fail_ex.cold+0x5/0xa [ 821.532447][T16139] should_failslab+0xc2/0x120 [ 821.532492][T16139] __kvmalloc_node_noprof+0xfa/0xa00 [ 821.532531][T16139] ? io_alloc_cache_init+0x38/0x170 [ 821.532620][T16139] ? lockdep_init_map_type+0x5c/0x250 [ 821.532644][T16139] io_alloc_cache_init+0x38/0x170 [ 821.532667][T16139] io_uring_setup.cold+0x3cd/0x1d09 [ 821.532692][T16139] ? __pfx_io_uring_setup+0x10/0x10 [ 821.532711][T16139] ? do_futex+0x192/0x350 [ 821.532731][T16139] ? __pfx_do_futex+0x10/0x10 [ 821.532758][T16139] ? xfd_validate_state+0x129/0x190 [ 821.532784][T16139] __x64_sys_io_uring_setup+0xc2/0x170 [ 821.532803][T16139] do_syscall_64+0x106/0xf80 [ 821.532820][T16139] ? clear_bhb_loop+0x40/0x90 [ 821.532840][T16139] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 821.532856][T16139] RIP: 0033:0x7f1399d9c799 [ 821.532870][T16139] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 821.532885][T16139] RSP: 002b:00007f139ace8028 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 821.532900][T16139] RAX: ffffffffffffffda RBX: 00007f139a015fa0 RCX: 00007f1399d9c799 [ 821.532910][T16139] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000001d48 [ 821.532919][T16139] RBP: 00007f1399e32c99 R08: 0000000000000000 R09: 0000000000000000 [ 821.532929][T16139] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 821.532948][T16139] R13: 00007f139a016038 R14: 00007f139a015fa0 R15: 00007ffd6c9a18f8 [ 821.532969][T16139] [ 822.207513][T16145] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3200'. [ 822.898385][T16145] bridge_slave_1 (unregistering): left allmulticast mode [ 822.912842][T16145] bridge_slave_1 (unregistering): left promiscuous mode [ 822.968541][T16145] bridge0: port 2(bridge_slave_1) entered disabled state [ 823.811464][T16167] netlink: 334 bytes leftover after parsing attributes in process `syz.0.3208'. [ 824.184120][T16175] FAULT_INJECTION: forcing a failure. [ 824.184120][T16175] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 824.367437][T16175] CPU: 0 UID: 0 PID: 16175 Comm: syz.2.3209 Tainted: G U L syzkaller #0 PREEMPT(full) [ 824.367465][T16175] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 824.367471][T16175] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 824.367481][T16175] Call Trace: [ 824.367487][T16175] [ 824.367494][T16175] dump_stack_lvl+0x100/0x190 [ 824.367522][T16175] should_fail_ex.cold+0x5/0xa [ 824.367540][T16175] _copy_from_user+0x2e/0xd0 [ 824.367557][T16175] snd_pcm_oss_write2+0x1c2/0x400 [ 824.367692][T16175] ? __pfx_snd_pcm_oss_write2+0x10/0x10 [ 824.367722][T16175] snd_pcm_oss_write+0x729/0xa30 [ 824.367739][T16175] ? security_file_permission+0x76/0x210 [ 824.367760][T16175] vfs_write+0x2aa/0x1070 [ 824.367783][T16175] ? __pfx_snd_pcm_oss_write+0x10/0x10 [ 824.367800][T16175] ? __pfx_vfs_write+0x10/0x10 [ 824.367820][T16175] ? find_held_lock+0x2b/0x80 [ 824.367834][T16175] ? __fget_files+0x215/0x3d0 [ 824.367848][T16175] ? __fget_files+0x215/0x3d0 [ 824.367865][T16175] ? __fget_files+0x21f/0x3d0 [ 824.367884][T16175] ksys_write+0x12a/0x250 [ 824.367897][T16175] ? __pfx_ksys_write+0x10/0x10 [ 824.367916][T16175] do_syscall_64+0x106/0xf80 [ 824.367939][T16175] ? clear_bhb_loop+0x40/0x90 [ 824.367960][T16175] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 824.367976][T16175] RIP: 0033:0x7f1399d9c799 [ 824.367991][T16175] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 824.368006][T16175] RSP: 002b:00007f139aca6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 824.368021][T16175] RAX: ffffffffffffffda RBX: 00007f139a016180 RCX: 00007f1399d9c799 [ 824.368031][T16175] RDX: 0000000000100082 RSI: 0000000000000000 RDI: 0000000000000003 [ 824.368040][T16175] RBP: 00007f1399e32c99 R08: 0000000000000000 R09: 0000000000000000 [ 824.368049][T16175] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 824.368058][T16175] R13: 00007f139a016218 R14: 00007f139a016180 R15: 00007ffd6c9a18f8 [ 824.368078][T16175] [ 827.402581][T16198] binder: 16197:16198 ioctl c018620c 200000000040 returned -22 [ 830.076865][T16226] netlink: 17 bytes leftover after parsing attributes in process `syz.2.3223'. [ 830.507542][T16235] FAULT_INJECTION: forcing a failure. [ 830.507542][T16235] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 830.618554][T16235] CPU: 0 UID: 0 PID: 16235 Comm: syz.2.3226 Tainted: G U L syzkaller #0 PREEMPT(full) [ 830.618583][T16235] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 830.618590][T16235] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 830.618599][T16235] Call Trace: [ 830.618605][T16235] [ 830.618612][T16235] dump_stack_lvl+0x100/0x190 [ 830.618640][T16235] should_fail_ex.cold+0x5/0xa [ 830.618658][T16235] _copy_to_user+0x32/0xd0 [ 830.618675][T16235] copy_siginfo_to_user+0x27/0xc0 [ 830.618694][T16235] x64_setup_rt_frame+0xa03/0xce0 [ 830.618716][T16235] ? __pfx_x64_setup_rt_frame+0x10/0x10 [ 830.618736][T16235] ? do_send_specific+0x15c/0x360 [ 830.618755][T16235] arch_do_signal_or_restart+0x587/0x770 [ 830.618776][T16235] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 830.618805][T16235] exit_to_user_mode_loop+0x86/0x4a0 [ 830.618826][T16235] do_syscall_64+0x668/0xf80 [ 830.618844][T16235] ? clear_bhb_loop+0x40/0x90 [ 830.618862][T16235] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 830.618878][T16235] RIP: 0033:0x7f1399d9c799 [ 830.618892][T16235] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 830.618916][T16235] RSP: 002b:00007f139ace8028 EFLAGS: 00000246 ORIG_RAX: 00000000000000c8 [ 830.618932][T16235] RAX: 0000000000000000 RBX: 00007f139a015fa0 RCX: 00007f1399d9c799 [ 830.618942][T16235] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000908 [ 830.618951][T16235] RBP: 00007f1399e32c99 R08: 0000000000000000 R09: 0000000000000000 [ 830.618960][T16235] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 830.618968][T16235] R13: 00007f139a016038 R14: 00007f139a015fa0 R15: 00007ffd6c9a18f8 [ 830.618989][T16235] [ 833.294519][T16257] netlink: 354 bytes leftover after parsing attributes in process `syz.0.3233'. [ 833.915607][T12523] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 834.846647][ T29] audit: type=1807 audit(4294975257.789:13): UNKNOWN=0"]$|1j0B|dӉO+/xWӦ^gq%ḦrO res=0 [ 834.957471][ T29] audit: type=1802 audit(4294975257.809:14): pid=16272 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=update_policy cause=invalid-policy comm="syz.2.3237" res=0 errno=0 [ 835.139401][T16276] netlink: 25 bytes leftover after parsing attributes in process `syz.3.3238'. [ 835.207339][T16271] ima: policy update failed [ 835.212054][ T29] audit: type=1802 audit(4294975258.149:15): pid=16271 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.2.3237" res=0 errno=0 [ 835.844098][T15770] Bluetooth: hci1: command 0x0c1a tx timeout [ 835.856648][T16261] Bluetooth: hci1: Opcode 0x0c1a failed: -110 [ 836.284291][T16261] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 836.675325][T16261] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 836.696227][T16261] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 836.785606][T16261] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 837.711504][T16312] vivid-007: ================= START STATUS ================= [ 837.795725][T16312] vivid-007: Generate PTS: true [ 837.801050][T16312] vivid-007: Generate SCR: true [ 837.907501][T16312] tpg source WxH: 320x240 (Y'CbCr) [ 837.912993][T16312] tpg field: 1 [ 837.974148][T16312] tpg crop: (0,0)/320x240 [ 838.012018][T16312] tpg compose: (0,0)/320x240 [ 838.114098][T16312] tpg colorspace: 8 [ 838.146111][T16312] tpg transfer function: 0/0 [ 838.176155][T12523] Bluetooth: hci1: command 0x0c1a tx timeout [ 838.236512][T16312] tpg Y'CbCr encoding: 0/0 [ 838.284563][T16312] tpg quantization: 0/0 [ 838.313957][T16312] tpg RGB range: 0/2 [ 838.342697][T16312] vivid-007: ================== END STATUS ================== [ 838.733940][T12523] Bluetooth: hci4: command 0x0406 tx timeout [ 838.740000][T12523] Bluetooth: hci3: command 0x0c1a tx timeout [ 838.804445][T12523] Bluetooth: hci0: command 0x0406 tx timeout [ 839.211545][T16344] netlink: 25 bytes leftover after parsing attributes in process `syz.4.3254'. [ 842.879666][T16384] netlink: 9 bytes leftover after parsing attributes in process `syz.3.3266'. [ 844.899399][T16405] FAULT_INJECTION: forcing a failure. [ 844.899399][T16405] name failslab, interval 1, probability 0, space 0, times 0 [ 845.188116][T16405] CPU: 0 UID: 0 PID: 16405 Comm: syz.2.3272 Tainted: G U L syzkaller #0 PREEMPT(full) [ 845.188145][T16405] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 845.188152][T16405] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 845.188161][T16405] Call Trace: [ 845.188167][T16405] [ 845.188173][T16405] dump_stack_lvl+0x100/0x190 [ 845.188201][T16405] should_fail_ex.cold+0x5/0xa [ 845.188220][T16405] should_failslab+0xc2/0x120 [ 845.188236][T16405] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 845.188258][T16405] ? vm_area_alloc+0x1f/0x160 [ 845.188278][T16405] ? vma_merge_new_range+0x38b/0xa30 [ 845.188298][T16405] ? __pfx___sanitizer_cov_trace_const_cmp2+0x10/0x10 [ 845.188325][T16405] vm_area_alloc+0x1f/0x160 [ 845.188354][T16405] __mmap_region+0x10cc/0x29e0 [ 845.188379][T16405] ? __pfx___mmap_region+0x10/0x10 [ 845.188405][T16405] ? set_next_entity+0x11e/0x9c0 [ 845.188430][T16405] ? __lock_acquire+0x4a5/0x2630 [ 845.188448][T16405] ? update_cfs_rq_load_avg+0x51/0x550 [ 845.188473][T16405] ? find_held_lock+0x2b/0x80 [ 845.188486][T16405] ? finish_task_switch.isra.0+0x200/0xb80 [ 845.188502][T16405] ? finish_task_switch.isra.0+0x200/0xb80 [ 845.188525][T16405] ? trace_sched_exit_tp+0x13a/0x180 [ 845.188543][T16405] ? __schedule+0x1000/0x6120 [ 845.188585][T16405] ? rcu_is_watching+0x12/0xc0 [ 845.188607][T16405] ? cap_capable+0x107/0x460 [ 845.188632][T16405] mmap_region+0x180/0x3e0 [ 845.188657][T16405] do_mmap+0xc63/0x12f0 [ 845.188678][T16405] ? __pfx_do_mmap+0x10/0x10 [ 845.188695][T16405] ? __pfx_down_write_killable+0x10/0x10 [ 845.188720][T16405] vm_mmap_pgoff+0x29e/0x470 [ 845.188741][T16405] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 845.188759][T16405] ? do_futex+0x192/0x350 [ 845.188778][T16405] ? __pfx_do_futex+0x10/0x10 [ 845.188800][T16405] ksys_mmap_pgoff+0xe1/0x650 [ 845.188817][T16405] ? __x64_sys_futex+0x34f/0x4d0 [ 845.188834][T16405] ? __x64_sys_futex+0x358/0x4d0 [ 845.188853][T16405] ? __pfx_ksys_mmap_pgoff+0x10/0x10 [ 845.188870][T16405] ? xfd_validate_state+0x129/0x190 [ 845.188895][T16405] __x64_sys_mmap+0x125/0x190 [ 845.188919][T16405] do_syscall_64+0x106/0xf80 [ 845.188936][T16405] ? clear_bhb_loop+0x40/0x90 [ 845.188955][T16405] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 845.188971][T16405] RIP: 0033:0x7f1399d9c799 [ 845.188986][T16405] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 845.189002][T16405] RSP: 002b:00007f139acc7028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 845.189019][T16405] RAX: ffffffffffffffda RBX: 00007f139a016090 RCX: 00007f1399d9c799 [ 845.189030][T16405] RDX: 0000000000000003 RSI: 0000000002020009 RDI: 0000000000000000 [ 845.189039][T16405] RBP: 00007f1399e32c99 R08: fffffffffffffffa R09: 0000000000008000 [ 845.189050][T16405] R10: 0000000000000eb1 R11: 0000000000000246 R12: 0000000000000000 [ 845.189059][T16405] R13: 00007f139a016128 R14: 00007f139a016090 R15: 00007ffd6c9a18f8 [ 845.189080][T16405] [ 846.284901][T16410] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_tx_wq": -EINTR [ 846.332078][T16418] [U] [ 847.720295][T16436] FAULT_INJECTION: forcing a failure. [ 847.720295][T16436] name failslab, interval 1, probability 0, space 0, times 0 [ 847.875957][T16436] CPU: 0 UID: 0 PID: 16436 Comm: syz.4.3279 Tainted: G U L syzkaller #0 PREEMPT(full) [ 847.875988][T16436] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 847.875995][T16436] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 847.876006][T16436] Call Trace: [ 847.876012][T16436] [ 847.876019][T16436] dump_stack_lvl+0x100/0x190 [ 847.876048][T16436] should_fail_ex.cold+0x5/0xa [ 847.876068][T16436] should_failslab+0xc2/0x120 [ 847.876086][T16436] __kmalloc_cache_node_noprof+0x7d/0x770 [ 847.876110][T16436] ? do_kmem_cache_create+0x16d/0x540 [ 847.876126][T16436] ? __raw_spin_lock_init+0x3a/0x110 [ 847.876161][T16436] do_kmem_cache_create+0x16d/0x540 [ 847.876181][T16436] __kmem_cache_create_args+0x386/0x420 [ 847.876206][T16436] mon_text_open+0x333/0x510 [ 847.876230][T16436] ? __pfx_mon_text_open+0x10/0x10 [ 847.876269][T16436] ? __pfx_mon_text_ctor+0x10/0x10 [ 847.876289][T16436] ? find_held_lock+0x2b/0x80 [ 847.876303][T16436] ? __pfx_apparmor_file_open+0x10/0x10 [ 847.876325][T16436] ? lockdown_is_locked_down+0x3d/0x140 [ 847.876345][T16436] ? bpf_lsm_locked_down+0x9/0x10 [ 847.876365][T16436] ? __pfx_mon_text_open+0x10/0x10 [ 847.876383][T16436] full_proxy_open_regular+0x1b6/0x370 [ 847.876407][T16436] do_dentry_open+0x6d8/0x1660 [ 847.876423][T16436] ? __pfx_full_proxy_open_regular+0x10/0x10 [ 847.876449][T16436] vfs_open+0x82/0x3f0 [ 847.876470][T16436] path_openat+0x208c/0x31a0 [ 847.876493][T16436] ? __pfx_path_openat+0x10/0x10 [ 847.876516][T16436] do_file_open+0x20e/0x430 [ 847.876533][T16436] ? __pfx_do_file_open+0x10/0x10 [ 847.876563][T16436] ? alloc_fd+0x476/0x790 [ 847.876580][T16436] ? do_getname+0x191/0x390 [ 847.876600][T16436] do_sys_openat2+0x10d/0x1e0 [ 847.876619][T16436] ? __pfx_do_sys_openat2+0x10/0x10 [ 847.876639][T16436] ? __sys_sendmsg+0x18f/0x220 [ 847.876662][T16436] __x64_sys_openat+0x12d/0x210 [ 847.876682][T16436] ? __pfx___x64_sys_openat+0x10/0x10 [ 847.876708][T16436] do_syscall_64+0x106/0xf80 [ 847.876727][T16436] ? clear_bhb_loop+0x40/0x90 [ 847.876747][T16436] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 847.876764][T16436] RIP: 0033:0x7f04c379c799 [ 847.876779][T16436] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 847.876812][T16436] RSP: 002b:00007f04c4657028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 847.876829][T16436] RAX: ffffffffffffffda RBX: 00007f04c3a15fa0 RCX: 00007f04c379c799 [ 847.876840][T16436] RDX: 0000000000022202 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 847.876851][T16436] RBP: 00007f04c3832c99 R08: 0000000000000000 R09: 0000000000000000 [ 847.876860][T16436] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 847.876870][T16436] R13: 00007f04c3a16038 R14: 00007f04c3a15fa0 R15: 00007fff526d3798 [ 847.876891][T16436] [ 847.877017][T16436] __kmem_cache_create_args(mon_text_ffff88805a1b7400) failed with error -22 [ 850.306009][T16436] CPU: 0 UID: 0 PID: 16436 Comm: syz.4.3279 Tainted: G U L syzkaller #0 PREEMPT(full) [ 850.306037][T16436] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 850.306044][T16436] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 850.306053][T16436] Call Trace: [ 850.306060][T16436] [ 850.306066][T16436] dump_stack_lvl+0x100/0x190 [ 850.306094][T16436] __kmem_cache_create_args.cold+0x33/0x6e [ 850.306118][T16436] mon_text_open+0x333/0x510 [ 850.306142][T16436] ? __pfx_mon_text_open+0x10/0x10 [ 850.306164][T16436] ? __pfx_mon_text_ctor+0x10/0x10 [ 850.306184][T16436] ? find_held_lock+0x2b/0x80 [ 850.306199][T16436] ? __pfx_apparmor_file_open+0x10/0x10 [ 850.306221][T16436] ? lockdown_is_locked_down+0x3d/0x140 [ 850.306241][T16436] ? bpf_lsm_locked_down+0x9/0x10 [ 850.306261][T16436] ? __pfx_mon_text_open+0x10/0x10 [ 850.306280][T16436] full_proxy_open_regular+0x1b6/0x370 [ 850.306304][T16436] do_dentry_open+0x6d8/0x1660 [ 850.306320][T16436] ? __pfx_full_proxy_open_regular+0x10/0x10 [ 850.306345][T16436] vfs_open+0x82/0x3f0 [ 850.306367][T16436] path_openat+0x208c/0x31a0 [ 850.306389][T16436] ? __pfx_path_openat+0x10/0x10 [ 850.306412][T16436] do_file_open+0x20e/0x430 [ 850.306429][T16436] ? __pfx_do_file_open+0x10/0x10 [ 850.306459][T16436] ? alloc_fd+0x476/0x790 [ 850.306476][T16436] ? do_getname+0x191/0x390 [ 850.306502][T16436] do_sys_openat2+0x10d/0x1e0 [ 850.306522][T16436] ? __pfx_do_sys_openat2+0x10/0x10 [ 850.306544][T16436] ? __sys_sendmsg+0x18f/0x220 [ 850.306567][T16436] __x64_sys_openat+0x12d/0x210 [ 850.306587][T16436] ? __pfx___x64_sys_openat+0x10/0x10 [ 850.306615][T16436] do_syscall_64+0x106/0xf80 [ 850.306633][T16436] ? clear_bhb_loop+0x40/0x90 [ 850.306652][T16436] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 850.306668][T16436] RIP: 0033:0x7f04c379c799 [ 850.306682][T16436] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 850.306697][T16436] RSP: 002b:00007f04c4657028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 850.306713][T16436] RAX: ffffffffffffffda RBX: 00007f04c3a15fa0 RCX: 00007f04c379c799 [ 850.306724][T16436] RDX: 0000000000022202 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 850.306735][T16436] RBP: 00007f04c3832c99 R08: 0000000000000000 R09: 0000000000000000 [ 850.306744][T16436] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 850.306753][T16436] R13: 00007f04c3a16038 R14: 00007f04c3a15fa0 R15: 00007fff526d3798 [ 850.306774][T16436] [ 852.228426][T16466] Process accounting resumed [ 853.911534][T16461] can: request_module (can-proto-3) failed. [ 855.639291][ T29] audit: type=1804 audit(4294975278.579:16): pid=16485 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.3287" name="/newroot/381/file0" dev="tmpfs" ino=2029 res=1 errno=0 [ 855.808674][ T29] audit: type=1804 audit(4294975278.619:17): pid=16495 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.3287" name="/newroot/381/file0" dev="tmpfs" ino=2029 res=1 errno=0 [ 855.974201][T16492] ubi0: attaching mtd0 [ 856.125082][T16492] ubi0: scanning is finished [ 856.129767][T16492] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 856.323692][T16501] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3293'. [ 856.728682][T16492] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 858.095268][T16511] zswap: compressor not available [ 859.458184][T16534] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3300'. [ 859.605496][T16538] netlink: 354 bytes leftover after parsing attributes in process `syz.2.3300'. [ 868.444541][T16606] netlink: 'syz.2.3319': attribute type 3 has an invalid length. [ 868.524019][T16606] netlink: 306 bytes leftover after parsing attributes in process `syz.2.3319'. [ 870.336076][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 870.342481][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 871.481576][T16635] HSR: entered promiscuous mode [ 872.463451][T16652] netlink: Unknown conntrack attr (type=257, max=9) [ 872.554880][ T29] audit: type=1326 audit(4294975295.499:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16649 comm="syz.3.3329" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fd7d2d9c799 code=0x0 [ 873.284427][T12523] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 874.243965][T15770] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 876.024424][T16672] dmxdev: DVB (dvb_dmxdev_filter_start): could not set feed [ 876.096747][T16672] dvb_demux: dvb_demux_feed_del: feed not in list (type=1 state=0 pid=ffff) [ 876.188517][T16674] netlink: 5 bytes leftover after parsing attributes in process `syz.0.3336'. [ 876.994927][T16681] HSR: entered promiscuous mode [ 877.209878][T16687] netlink: 186 bytes leftover after parsing attributes in process `syz.4.3338'. [ 878.102856][T16684] delete_channel: no stack [ 881.804250][T16744] netlink: 186 bytes leftover after parsing attributes in process `syz.0.3353'. [ 882.468415][T16745] Process accounting paused [ 884.993455][T16798] dmxdev: DVB (dvb_dmxdev_filter_start): could not set feed [ 885.071599][T16798] dvb_demux: dvb_demux_feed_del: feed not in list (type=1 state=0 pid=ffff) [ 887.786988][T16822] delete_channel: no stack [ 888.555351][T16840] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input12 [ 891.083868][ T29] audit: type=1804 audit(4294975314.019:19): pid=16858 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.3386" name="file0" dev="tmpfs" ino=5291 res=1 errno=0 [ 891.263944][ T29] audit: type=1804 audit(4294975314.069:20): pid=16869 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.3386" name="file0" dev="tmpfs" ino=5291 res=1 errno=0 [ 894.867773][T16905] ecryptfs_miscdev_write: Acceptable packet size range is [6-531], but amount of data written is [1]. [ 906.662548][T12523] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 912.934152][T17028] nbd: must specify at least one socket [ 913.678819][T17020] Process accounting resumed [ 915.514476][T17034] can: request_module (can-proto-3) failed. [ 919.506742][T17091] netlink: 334 bytes leftover after parsing attributes in process `syz.4.3436'. [ 920.011498][T17090] serio: Serial port pty6 [ 924.054640][T17137] FAULT_INJECTION: forcing a failure. [ 924.054640][T17137] name failslab, interval 1, probability 0, space 0, times 0 [ 924.245881][T17137] CPU: 0 UID: 0 PID: 17137 Comm: syz.2.3449 Tainted: G U L syzkaller #0 PREEMPT(full) [ 924.245911][T17137] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 924.245918][T17137] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 924.245928][T17137] Call Trace: [ 924.245933][T17137] [ 924.245941][T17137] dump_stack_lvl+0x100/0x190 [ 924.245972][T17137] should_fail_ex.cold+0x5/0xa [ 924.245992][T17137] should_failslab+0xc2/0x120 [ 924.246010][T17137] __kmalloc_cache_noprof+0x7a/0x6f0 [ 924.246030][T17137] ? refill_pi_state_cache+0x91/0x260 [ 924.246058][T17137] refill_pi_state_cache+0x91/0x260 [ 924.246080][T17137] futex_lock_pi+0x177/0x7b0 [ 924.246103][T17137] ? __pfx_futex_lock_pi+0x10/0x10 [ 924.246134][T17137] ? __pfx___futex_wait+0x10/0x10 [ 924.246156][T17137] ? lockdep_hardirqs_on+0x78/0x100 [ 924.246192][T17137] ? __pfx_futex_wake_mark+0x10/0x10 [ 924.246218][T17137] ? __get_user_nocheck_8+0x20/0x20 [ 924.246234][T17137] ? do_vfs_ioctl+0x226/0x13e0 [ 924.246258][T17137] do_futex+0x18a/0x350 [ 924.246279][T17137] ? __pfx_do_futex+0x10/0x10 [ 924.246298][T17137] ? find_held_lock+0x2b/0x80 [ 924.246316][T17137] __x64_sys_futex+0x34f/0x4d0 [ 924.246337][T17137] ? __pfx___x64_sys_futex+0x10/0x10 [ 924.246363][T17137] do_syscall_64+0x106/0xf80 [ 924.246381][T17137] ? clear_bhb_loop+0x40/0x90 [ 924.246400][T17137] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 924.246416][T17137] RIP: 0033:0x7f1399d9c799 [ 924.246431][T17137] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 924.246446][T17137] RSP: 002b:00007f139acc7028 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 924.246462][T17137] RAX: ffffffffffffffda RBX: 00007f139a016090 RCX: 00007f1399d9c799 [ 924.246473][T17137] RDX: 0000000000000008 RSI: 0000000000000006 RDI: 0000000000000000 [ 924.246481][T17137] RBP: 00007f1399e32c99 R08: 0000000000000000 R09: 000000008000fff5 [ 924.246491][T17137] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 924.246500][T17137] R13: 00007f139a016128 R14: 00007f139a016090 R15: 00007ffd6c9a18f8 [ 924.246520][T17137] [ 926.432256][T17159] netlink: 93 bytes leftover after parsing attributes in process `syz.4.3461'. [ 926.592354][T17155] netlink: 93 bytes leftover after parsing attributes in process `syz.4.3461'. [ 928.847038][T17176] nbd: must specify at least one socket [ 931.779516][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 931.796109][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 934.720821][T17234] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3472'. [ 934.824360][T17234] netlink: 25 bytes leftover after parsing attributes in process `syz.3.3472'. [ 938.214686][T17257] serio: Serial port pty6 [ 942.303451][T17304] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 942.825944][ T29] audit: type=1806 audit(4294975365.765:21): xattr="." res=0 [ 945.865848][T17318] Process accounting paused [ 949.544034][T17358] binder: 17357:17358 ioctl c018620c 2000000000c0 returned -22 [ 951.154397][T17378] sd 0:0:1:0: PR command failed: 1026 [ 951.204014][T17378] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 951.255012][T17378] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 952.894547][T12523] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 954.280518][T17413] device-mapper: ioctl: Unable to rename non-existent device, to uuid [ 954.963929][T15770] Bluetooth: hci3: command 0x0c1a tx timeout [ 957.051961][T15770] Bluetooth: hci3: command 0x0c1a tx timeout [ 957.335236][T17446] netlink: 9 bytes leftover after parsing attributes in process `syz.2.3533'. [ 962.446001][T17496] netlink: 'syz.0.3548': attribute type 2 has an invalid length. [ 962.517560][T17496] netlink: 5 bytes leftover after parsing attributes in process `syz.0.3548'. [ 962.711224][T17498] netlink: 25 bytes leftover after parsing attributes in process `syz.4.3549'. [ 963.427819][T17503] binder: 17502:17503 ioctl c018620c 2000000000c0 returned -22 [ 964.669990][T17493] Process accounting resumed [ 970.612250][T17565] binder: 17564:17565 ioctl c018620c 2000000000c0 returned -22 [ 973.821969][ T29] audit: type=1800 audit(4294975396.755:22): pid=17588 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.3575" name="SYSV00000008" dev="tmpfs" ino=0 res=0 errno=0 [ 974.936861][T12523] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 974.994737][T17596] ======================================================= [ 974.994737][T17596] WARNING: The mand mount option has been deprecated and [ 974.994737][T17596] and is ignored by this kernel. Remove the mand [ 974.994737][T17596] option from the mount to silence this warning. [ 974.994737][T17596] ======================================================= [ 976.966106][T15770] Bluetooth: hci1: command 0x0c1a tx timeout [ 977.472661][T17621] netlink: 25 bytes leftover after parsing attributes in process `syz.4.3586'. [ 978.384509][T17629] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3590'. [ 979.055335][T15770] Bluetooth: hci1: command 0x0c1a tx timeout [ 982.548610][T17681] vhci_hcd vhci_hcd.2: invalid port number 16 [ 982.603454][T17681] vhci_hcd vhci_hcd.2: invalid port number 16 [ 985.257859][T17710] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3612'. [ 985.355902][T17710] netlink: 354 bytes leftover after parsing attributes in process `syz.3.3612'. [ 985.993295][T17720] netlink: 25 bytes leftover after parsing attributes in process `syz.3.3614'. [ 987.052954][T17728] ptrace attach of "./syz-executor exec"[5824] was attempted by "a8dտmJ|>ư\x0cmn1TZ\x0d{VO\x0c\x0cnGpl\x0a8DMrQn\x5c\x09Ϻ̙5TuIU\x0a1pgG[\x07mIGmʇǠr^dNzjXg?Hӯ$~}} [ 1001.836854][T17893] dump_stack_lvl+0x100/0x190 [ 1001.836884][T17893] should_fail_ex.cold+0x5/0xa [ 1001.836904][T17893] should_failslab+0xc2/0x120 [ 1001.836921][T17893] kmem_cache_alloc_node_noprof+0x81/0x6f0 [ 1001.836947][T17893] ? __alloc_skb+0x140/0x710 [ 1001.836971][T17893] __alloc_skb+0x140/0x710 [ 1001.836986][T17893] ? __alloc_skb+0x5b7/0x710 [ 1001.837003][T17893] ? __pfx___alloc_skb+0x10/0x10 [ 1001.837022][T17893] ? sk_page_frag_refill+0x6c/0x340 [ 1001.837049][T17893] kcm_sendmsg+0x1154/0x32e0 [ 1001.837081][T17893] ? __pfx_kcm_sendmsg+0x10/0x10 [ 1001.837099][T17893] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 1001.837127][T17893] sock_sendmsg+0x35b/0x3d0 [ 1001.837149][T17893] ? __pfx_kcm_sendmsg+0x10/0x10 [ 1001.837165][T17893] ? __pfx_sock_sendmsg+0x10/0x10 [ 1001.837200][T17893] splice_to_socket+0xb4c/0x11b0 [ 1001.837217][T17893] ? touch_atime+0xa5/0x7a0 [ 1001.837245][T17893] ? __pfx_splice_to_socket+0x10/0x10 [ 1001.837284][T17893] ? trace_kmalloc+0x101/0x130 [ 1001.837299][T17893] ? lockdep_init_map_type+0x5c/0x250 [ 1001.837320][T17893] ? __pfx_pipe_lock_cmp_fn+0x10/0x10 [ 1001.837344][T17893] ? __pfx_splice_to_socket+0x10/0x10 [ 1001.837361][T17893] direct_splice_actor+0x192/0x6c0 [ 1001.837387][T17893] splice_direct_to_actor+0x345/0xa30 [ 1001.837404][T17893] ? __pfx_direct_splice_actor+0x10/0x10 [ 1001.837436][T17893] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 1001.837457][T17893] do_splice_direct+0x174/0x240 [ 1001.837473][T17893] ? __pfx_do_splice_direct+0x10/0x10 [ 1001.837489][T17893] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 1001.837513][T17893] ? bpf_lsm_file_permission+0x9/0x10 [ 1001.837536][T17893] ? security_file_permission+0x76/0x210 [ 1001.837554][T17893] ? rw_verify_area+0xce/0x6d0 [ 1001.837576][T17893] do_sendfile+0xadc/0xe20 [ 1001.837602][T17893] ? __pfx_do_sendfile+0x10/0x10 [ 1001.837627][T17893] ? __x64_sys_futex+0x34f/0x4d0 [ 1001.837645][T17893] ? __x64_sys_futex+0x358/0x4d0 [ 1001.837666][T17893] __x64_sys_sendfile64+0x1d8/0x220 [ 1001.837684][T17893] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 1001.837707][T17893] do_syscall_64+0x106/0xf80 [ 1001.837725][T17893] ? clear_bhb_loop+0x40/0x90 [ 1001.837744][T17893] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1001.837767][T17893] RIP: 0033:0x7fd7d2d9c799 [ 1001.837783][T17893] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1001.837799][T17893] RSP: 002b:00007fd7d3bc5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1001.837816][T17893] RAX: ffffffffffffffda RBX: 00007fd7d3015fa0 RCX: 00007fd7d2d9c799 [ 1001.837827][T17893] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000001 [ 1001.837836][T17893] RBP: 00007fd7d2e32c99 R08: 0000000000000000 R09: 0000000000000000 [ 1001.837847][T17893] R10: 000000007ffff011 R11: 0000000000000246 R12: 0000000000000000 [ 1001.837857][T17893] R13: 00007fd7d3016038 R14: 00007fd7d3015fa0 R15: 00007ffe823d9748 [ 1001.837878][T17893] [ 1003.443996][ T29] audit: type=1800 audit(4294975426.295:23): pid=17905 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.3671" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0 [ 1009.453141][T17957] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3683'. [ 1015.430663][T18018] Invalid ELF header magic: != ELF [ 1018.147100][T18053] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3707'. [ 1018.242001][T18053] netlink: 'syz.3.3707': attribute type 1 has an invalid length. [ 1018.277239][T18043] Invalid ELF header magic: != ELF [ 1018.321483][T18053] netlink: 'syz.3.3707': attribute type 6 has an invalid length. [ 1022.778338][T18087] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3719'. [ 1022.878006][T18090] netlink: 'syz.3.3719': attribute type 1 has an invalid length. [ 1022.892036][T18082] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3718'. [ 1022.964627][T18090] netlink: 51505 bytes leftover after parsing attributes in process `syz.3.3719'. [ 1022.994232][T18085] netlink: 25 bytes leftover after parsing attributes in process `syz.0.3718'. [ 1023.144851][T18092] FAULT_INJECTION: forcing a failure. [ 1023.144851][T18092] name failslab, interval 1, probability 0, space 0, times 0 [ 1023.291175][T18092] CPU: 0 UID: 0 PID: 18092 Comm: syz.4.3720 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1023.291206][T18092] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1023.291212][T18092] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 1023.291223][T18092] Call Trace: [ 1023.291229][T18092] [ 1023.291236][T18092] dump_stack_lvl+0x100/0x190 [ 1023.291269][T18092] should_fail_ex.cold+0x5/0xa [ 1023.291291][T18092] should_failslab+0xc2/0x120 [ 1023.291310][T18092] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1023.291330][T18092] ? vidtv_psi_pmt_stream_init+0x4e/0x3e0 [ 1023.291442][T18092] ? vidtv_psi_pmt_table_init+0x363/0x430 [ 1023.291463][T18092] vidtv_psi_pmt_stream_init+0x4e/0x3e0 [ 1023.291483][T18092] vidtv_channel_si_init+0x1289/0x18d0 [ 1023.291532][T18092] vidtv_mux_init+0x526/0xbf0 [ 1023.291554][T18092] vidtv_start_feed+0x33e/0x4c0 [ 1023.291602][T18092] ? __pfx_vidtv_start_feed+0x10/0x10 [ 1023.291631][T18092] ? __pfx_vidtv_bridge_on_new_pkts_avail+0x10/0x10 [ 1023.291660][T18092] ? mark_held_locks+0x40/0x70 [ 1023.291684][T18092] ? __pfx_vidtv_start_feed+0x10/0x10 [ 1023.291708][T18092] dmx_ts_feed_start_filtering+0xf6/0x220 [ 1023.291778][T18092] dvb_dmxdev_start_feed+0x273/0x3f0 [ 1023.291824][T18092] dvb_dmxdev_filter_start+0x1b6/0xdd0 [ 1023.291851][T18092] ? dvb_dmxdev_add_pid+0x2a1/0x380 [ 1023.291876][T18092] dvb_demux_do_ioctl+0xe64/0x1200 [ 1023.291905][T18092] dvb_usercopy+0x167/0x340 [ 1023.291925][T18092] ? __pfx_dvb_demux_do_ioctl+0x10/0x10 [ 1023.291949][T18092] ? __pfx_dvb_usercopy+0x10/0x10 [ 1023.291976][T18092] ? __fget_files+0x21f/0x3d0 [ 1023.291996][T18092] dvb_demux_ioctl+0x29/0x40 [ 1023.292016][T18092] ? __pfx_dvb_demux_ioctl+0x10/0x10 [ 1023.292036][T18092] __x64_sys_ioctl+0x18e/0x210 [ 1023.292070][T18092] do_syscall_64+0x106/0xf80 [ 1023.292091][T18092] ? clear_bhb_loop+0x40/0x90 [ 1023.292112][T18092] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1023.292128][T18092] RIP: 0033:0x7f04c379c799 [ 1023.292144][T18092] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1023.292159][T18092] RSP: 002b:00007f04c4657028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1023.292175][T18092] RAX: ffffffffffffffda RBX: 00007f04c3a15fa0 RCX: 00007f04c379c799 [ 1023.292185][T18092] RDX: 0000000000000000 RSI: 0000000040146f2c RDI: 0000000000000002 [ 1023.292196][T18092] RBP: 00007f04c3832c99 R08: 0000000000000000 R09: 0000000000000000 [ 1023.292206][T18092] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1023.292215][T18092] R13: 00007f04c3a16038 R14: 00007f04c3a15fa0 R15: 00007fff526d3798 [ 1023.292247][T18092] [ 1023.292307][T18092] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] SMP KASAN PTI [ 1023.566666][T18092] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] [ 1023.575900][T18092] CPU: 0 UID: 0 PID: 18092 Comm: syz.4.3720 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1023.587313][T18092] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1023.592668][T18092] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 1023.603650][T18092] RIP: 0010:vidtv_psi_desc_assign+0x24/0x90 [ 1023.610297][T18092] Code: 90 90 90 90 90 90 0f 1f 40 d6 41 54 55 48 89 f5 53 48 89 fb e8 6d 07 dc f9 48 89 da 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <80> 3c 02 00 75 4c 4c 8b 23 49 39 ec 74 36 e8 49 07 dc f9 4d 85 e4 [ 1023.630034][T18092] RSP: 0018:ffffc90003687a10 EFLAGS: 00010247 [ 1023.636128][T18092] RAX: dffffc0000000000 RBX: 0000000000000005 RCX: ffffc9001949e000 [ 1023.644205][T18092] RDX: 0000000000000000 RSI: ffffffff882c0e13 RDI: 0000000000000005 [ 1023.652195][T18092] RBP: ffff88807b106d20 R08: 0000000000000000 R09: 4453534204050000 [ 1023.660185][T18092] R10: 0000000000000005 R11: 0000000000000000 R12: 0000000000000000 [ 1023.668171][T18092] R13: ffff88807d1581c0 R14: ffff888026c824c0 R15: ffff88803dec06c0 [ 1023.676152][T18092] FS: 00007f04c46576c0(0000) GS:ffff88812434d000(0000) knlGS:0000000000000000 [ 1023.685362][T18092] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1023.692036][T18092] CR2: 00007f04c4635ff8 CR3: 0000000026fa6000 CR4: 00000000003526f0 [ 1023.700194][T18092] Call Trace: [ 1023.703748][T18092] [ 1023.706760][T18092] vidtv_channel_si_init+0x12fc/0x18d0 [ 1023.712275][T18092] vidtv_mux_init+0x526/0xbf0 [ 1023.717059][T18092] vidtv_start_feed+0x33e/0x4c0 [ 1023.721933][T18092] ? __pfx_vidtv_start_feed+0x10/0x10 [ 1023.727426][T18092] ? __pfx_vidtv_bridge_on_new_pkts_avail+0x10/0x10 [ 1023.734378][T18092] ? mark_held_locks+0x40/0x70 [ 1023.739150][T18092] ? __pfx_vidtv_start_feed+0x10/0x10 [ 1023.744585][T18092] dmx_ts_feed_start_filtering+0xf6/0x220 [ 1023.750333][T18092] dvb_dmxdev_start_feed+0x273/0x3f0 [ 1023.755650][T18092] dvb_dmxdev_filter_start+0x1b6/0xdd0 [ 1023.761410][T18092] ? dvb_dmxdev_add_pid+0x2a1/0x380 [ 1023.766642][T18092] dvb_demux_do_ioctl+0xe64/0x1200 [ 1023.771761][T18092] dvb_usercopy+0x167/0x340 [ 1023.776285][T18092] ? __pfx_dvb_demux_do_ioctl+0x10/0x10 [ 1023.782102][T18092] ? __pfx_dvb_usercopy+0x10/0x10 [ 1023.787187][T18092] ? __fget_files+0x21f/0x3d0 [ 1023.791896][T18092] dvb_demux_ioctl+0x29/0x40 [ 1023.796507][T18092] ? __pfx_dvb_demux_ioctl+0x10/0x10 [ 1023.801907][T18092] __x64_sys_ioctl+0x18e/0x210 [ 1023.806970][T18092] do_syscall_64+0x106/0xf80 [ 1023.811585][T18092] ? clear_bhb_loop+0x40/0x90 [ 1023.816334][T18092] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1023.822425][T18092] RIP: 0033:0x7f04c379c799 [ 1023.827036][T18092] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1023.846696][T18092] RSP: 002b:00007f04c4657028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1023.855372][T18092] RAX: ffffffffffffffda RBX: 00007f04c3a15fa0 RCX: 00007f04c379c799 [ 1023.863865][T18092] RDX: 0000000000000000 RSI: 0000000040146f2c RDI: 0000000000000002 [ 1023.871916][T18092] RBP: 00007f04c3832c99 R08: 0000000000000000 R09: 0000000000000000 [ 1023.879982][T18092] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1023.887973][T18092] R13: 00007f04c3a16038 R14: 00007f04c3a15fa0 R15: 00007fff526d3798 [ 1023.896336][T18092] [ 1023.899349][T18092] Modules linked in: [ 1023.904649][T18092] ---[ end trace 0000000000000000 ]--- SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 1026.192236][T18092] RIP: 0010:vidtv_psi_desc_assign+0x24/0x90 [ 1026.224075][T13372] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1026.246676][T18092] Code: 90 90 90 90 90 90 0f 1f 40 d6 41 54 55 48 89 f5 53 48 89 fb e8 6d 07 dc f9 48 89 da 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <80> 3c 02 00 75 4c 4c 8b 23 49 39 ec 74 36 e8 49 07 dc f9 4d 85 e4 [ 1026.354915][T13372] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1026.368991][T18092] RSP: 0018:ffffc90003687a10 EFLAGS: 00010247 [ 1026.401518][T18092] RAX: dffffc0000000000 RBX: 0000000000000005 RCX: ffffc9001949e000 [ 1026.417215][T13372] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1026.464201][T18092] RDX: 0000000000000000 RSI: ffffffff882c0e13 RDI: 0000000000000005 [ 1026.472328][T18092] RBP: ffff88807b106d20 R08: 0000000000000000 R09: 4453534204050000 [ 1026.504813][T13372] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1026.546694][T18092] R10: 0000000000000005 R11: 0000000000000000 R12: 0000000000000000 [ 1026.593915][T18092] R13: ffff88807d1581c0 R14: ffff888026c824c0 R15: ffff88803dec06c0 [ 1026.602735][T18092] FS: 00007f04c46576c0(0000) GS:ffff88812434d000(0000) knlGS:0000000000000000 [ 1026.737792][T18092] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1026.766396][T13372] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1026.794307][T18092] CR2: 00007ffdd3b84fc0 CR3: 0000000026fa6000 CR4: 00000000003526f0 [ 1026.836878][T18092] Kernel panic - not syncing: Fatal exception [ 1026.843981][T18092] Kernel Offset: disabled [ 1026.848560][T18092] Rebooting in 86400 seconds..