last executing test programs: 9m35.682886009s ago: executing program 1 (id=1631): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0xa, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/mtrr\x00', 0xc0000, 0x0) ioctl$auto(r0, 0x2, 0x9) ioctl$auto(0x3, 0x400c4d05, r0) ioctl$auto(0x3, 0x400c4d09, r0) close_range$auto(0x2, 0x8, 0x0) 9m35.193163358s ago: executing program 1 (id=1634): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) connect$auto(0x3, 0x0, 0x55) madvise$auto(0x0, 0xffffffffffff0001, 0x15) prctl$auto(0x1000000003b, 0x1, 0x4, 0x80000000, 0x7) mmap$auto(0x0, 0x2020009, 0x203, 0xeb1, 0xfffffffffffffffa, 0x8000) unshare$auto(0x40000080) epoll_create1$auto(0x0) 9m34.598128335s ago: executing program 1 (id=1639): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) remap_file_pages$auto(0x6a27, 0x1000, 0x0, 0xb74, 0x66a) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) write$auto(r0, &(0x7f0000000040)='//\xf2\x00', 0x80000000) getrlimit$auto(0x3, 0x0) 9m33.602043794s ago: executing program 1 (id=1642): close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2, 0x3, 0x6) lsm_list_modules$auto(0x0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x401c5820, 0x0) mkdir$auto(0x0, 0x353) 9m33.378114543s ago: executing program 1 (id=1645): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/oom_adj\x00', 0x0, 0x0) read$auto(r0, 0x0, 0x1f40) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r1, &(0x7f00000000c0)={0x0, 0xffffffff}, 0x6) r2 = semctl$auto_GETPID(0x0, 0x2e3, 0xb, 0x10) pwrite64$auto(0xc8, 0x0, 0x13, 0x7) syz_open_procfs$namespace(r2, &(0x7f0000000480)='ns/pid\x00') 9m32.907030215s ago: executing program 1 (id=1652): mmap$auto(0x0, 0x400005, 0xe2, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) socketpair$auto(0xf3, 0x4, 0x8000000000000000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0xa0102, 0x0) ioctl$auto_TIOCSETD2(r0, 0x5423, 0x0) read$auto(r0, 0x0, 0x2) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) 9m32.6770522s ago: executing program 32 (id=1652): mmap$auto(0x0, 0x400005, 0xe2, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) socketpair$auto(0xf3, 0x4, 0x8000000000000000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0xa0102, 0x0) ioctl$auto_TIOCSETD2(r0, 0x5423, 0x0) read$auto(r0, 0x0, 0x2) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) 6m25.439698061s ago: executing program 0 (id=2989): mmap$auto(0x0, 0x5, 0x2, 0x40eb2, 0x401, 0x300000000000) mmap$auto(0x0, 0x2000a, 0xdf, 0xe31, 0x40000000000a5, 0x8000) r0 = openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000140), 0x8040, 0x0) io_uring_setup$auto(0x9, 0x0) ioctl$auto_dvb_demux_fops_dmxdev(r0, 0x403c6f2b, 0x0) read$auto(0x3, 0x0, 0x80) readv$auto(0x3, &(0x7f00000002c0)={0x0, 0x8}, 0x8) readv$auto(0x3, &(0x7f0000000040)={0x0, 0xffff}, 0x1) close_range$auto(0x2, 0x8, 0x0) 6m24.489844434s ago: executing program 0 (id=2994): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000000000000000) r0 = socketcall$auto(0xffe, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) sysfs$auto(0x2, 0xe, 0x0) lsm_list_modules$auto(0x0, 0x0, 0x0) ioctl$auto(0x3, 0xae60, 0x10000000000402) ioctl$auto(0x3, 0x4008ae6a, r0) 6m24.360039511s ago: executing program 0 (id=2997): close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x1e, 0x5, 0x0) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r1) ioctl$auto_KVM_GET_DEVICE_ATTR(r0, 0x4018aee2, &(0x7f0000000280)={0x6, 0x0, 0x7, 0x5}) 6m24.169713348s ago: executing program 0 (id=3000): mmap$auto(0x0, 0x2020009, 0x3, 0x800000000000eb1, 0xfffffffffffffffa, 0x8000) shmdt$auto(0x0) process_vm_readv$auto(0x0, 0x0, 0x0, 0x0, 0x6, 0x4000) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x103e81, 0x0) ioctl$auto_TCSBRKP2(r0, 0x5425, 0x0) io_uring_setup$auto(0x1, 0x0) close_range$auto(0x2, 0xa, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) ioctl$auto_TCFLSH2(r1, 0x5408, 0x0) 6m23.745031234s ago: executing program 0 (id=3003): mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0xa, 0x0) r0 = socket(0x2, 0x3, 0x6) lsm_list_modules$auto(0x0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) open(&(0x7f0000000040)='./file0\x00', 0x8643, 0x15e) ioctl$sock_SIOCGIFINDEX(r0, 0x401c5820, 0x0) rename$auto(&(0x7f0000000480)='./file0\x00', 0x0) 6m23.583732816s ago: executing program 0 (id=3004): io_uring_setup$auto(0x59, &(0x7f0000000100)={0x0, 0x1d, 0x3000, 0x6, 0x7, 0x400a, 0xffffffffffffffff, [], {0x6, 0x6, 0x8c48, 0x29b, 0x3, 0x7f, 0x0, 0x6}, {0x100, 0x1, 0x52, 0x85, 0x2, 0x1a7b870a, 0x76c2, 0x9, 0x100000000}}) mmap$auto(0x0, 0x2020009, 0x3, 0x9000000eb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x48000}, 0x0) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(0x2, 0x0, &(0x7f0000000000), 0x3) mmap$auto(0x0, 0x200004, 0x4000000000e0, 0x40eb2, 0xd, 0x300000000000) io_uring_register$auto(0xffffffffffffffff, 0x11, 0x0, 0x56d) write$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, 0x0, 0x0) 6m8.387875859s ago: executing program 33 (id=3004): io_uring_setup$auto(0x59, &(0x7f0000000100)={0x0, 0x1d, 0x3000, 0x6, 0x7, 0x400a, 0xffffffffffffffff, [], {0x6, 0x6, 0x8c48, 0x29b, 0x3, 0x7f, 0x0, 0x6}, {0x100, 0x1, 0x52, 0x85, 0x2, 0x1a7b870a, 0x76c2, 0x9, 0x100000000}}) mmap$auto(0x0, 0x2020009, 0x3, 0x9000000eb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x48000}, 0x0) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(0x2, 0x0, &(0x7f0000000000), 0x3) mmap$auto(0x0, 0x200004, 0x4000000000e0, 0x40eb2, 0xd, 0x300000000000) io_uring_register$auto(0xffffffffffffffff, 0x11, 0x0, 0x56d) write$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, 0x0, 0x0) 3m18.340981667s ago: executing program 4 (id=4060): syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000040), 0xffffffffffffffff) mq_notify$auto(0xffffffffffffffff, &(0x7f00000000c0)={@sival_ptr=0x0, @inferred, 0x2, @_sigev_thread={0x0, 0x0}}) r0 = openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f0000000000), 0xa00, 0x0) ioctl$auto_RTC_UIE_ON(r0, 0x7003, 0x4) ioctl$auto_RTC_SET_TIME(r0, 0x4024700a, &(0x7f0000000180)={0x19, 0x7, 0x8, 0x4, 0x5, 0xfd, 0x1ff, 0xfffffffc, 0x77d}) read$auto_tracing_stats_fops_trace(0xffffffffffffffff, 0x0, 0x0) sendmsg$auto_NL80211_CMD_PEER_MEASUREMENT_START(0xffffffffffffffff, 0x0, 0x200000c0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0xb01, 0x0) sendmsg$auto_HWSIM_CMD_NEW_RADIO(0xffffffffffffffff, &(0x7f0000004240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000060}, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x6, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x40000) 3m18.154049191s ago: executing program 4 (id=4063): mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) io_uring_setup$auto(0x8, &(0x7f0000000140)={0x0, 0x1, 0x9, 0x210001, 0xc, 0xc05, 0xffffffffffffffff, [0x7fd, 0x1001, 0x3], {0x9, 0x3, 0x6, 0x0, 0x4, 0x895, 0x3fdc, 0x6, 0x5}, {0x2, 0x1d11, 0x54ed, 0x0, 0x101, 0xff, 0x7, 0xa, 0xb}}) sendmsg$auto_NL802154_CMD_SET_CHANNEL(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000280)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16, @ANYBLOB="000329bd7000fedbdf250900000008000c000100008008000300", @ANYRES32, @ANYBLOB="08002c000001000008001d"], 0x3c}, 0x1, 0x0, 0x0, 0x20000828}, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22040, 0x75) socket(0x10, 0x2, 0x0) sendmsg$auto_HWSIM_CMD_DEL_RADIO(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="7f000000", @ANYRES16, @ANYBLOB="01"], 0x14}, 0x1, 0x0, 0x0, 0x20040840}, 0x24004000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1200"], 0x1ac}}, 0x20004884) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x3}, 0x3ef3}, 0x3, 0x0) 3m17.920101244s ago: executing program 4 (id=4064): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_sw_sync_debugfs_fops_sync_debug(0xffffffffffffff9c, &(0x7f0000000080), 0x2000, 0x0) ioctl$auto_SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, 0x0) move_pages$auto(0x0, 0x1002, 0x0, 0x0, 0x0, 0x2) statmount$auto(0x0, &(0x7f0000000400)={0x8, 0x1, 0x9, 0x3, 0xb, 0x940, 0x1ffde, 0x3, 0x6, 0x2, 0x9, 0x5, 0x3, 0x4, 0xb0, 0x7, 0x6, 0x3, 0x5, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc]}, 0x1fe, 0x81) ppoll$auto(&(0x7f0000000140)={0xffffffffffffffff, 0x3ff, 0x4}, 0x7f, 0x0, 0x0, 0x8) close_range$auto(0x2, 0x8000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) 3m17.69032663s ago: executing program 4 (id=4067): openat$auto_regulator_summary_fops_(0xffffffffffffff9c, 0x0, 0x40000, 0x0) lseek$auto(0x3, 0x7fffffffffffffff, 0x1) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_MACSEC_CMD_GET_TXSC(r0, 0x0, 0x40080c4) mmap$auto(0x0, 0xb9f, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) unshare$auto(0x40000080) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dsp1\x00', 0x2, 0x0) mmap$auto(0x0, 0x810004, 0x400000000ffb, 0x8000000008011, 0x3, 0x8000) r1 = openat$auto_ubi_ctrl_cdev_operations_ubi(0xffffffffffffff9c, &(0x7f0000000040), 0x141000, 0x0) ioctl$auto_UBI_IOCATT(r1, 0x40186f40, &(0x7f0000000000)={0x3, 0x1, 0x80000000, 0x70, 0x9, 0x1}) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) 3m15.908033739s ago: executing program 4 (id=4083): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x5, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) socket$nl_generic(0x10, 0x3, 0x10) io_uring_setup$auto(0x1, 0x0) socketpair$auto(0xffffffff, 0x2, 0x7a3f, 0x0) r0 = openat$auto_i2cdev_fops_i2c_dev(0xffffffffffffff9c, &(0x7f0000008040), 0x2, 0x0) ioctl$auto_I2C_SMBUS(r0, 0x720, 0x0) 3m15.723448382s ago: executing program 4 (id=4077): r0 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/controlC1\x00', 0x40000, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, r0, 0x0) socket(0x10, 0x2, 0x4) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0xc) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000002f00), 0xffffffffffffffff) sendmsg$auto_NFSD_CMD_THREADS_SET(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x1c, r3, 0x1, 0x70bd2b, 0x25dfdbff, {}, [@NFSD_A_SERVER_THREADS={0x8, 0x1, 0xffff}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4002000}, 0x40010) sendmsg$auto_NFSD_CMD_THREADS_SET(r1, 0x0, 0x0) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x60008004}, 0x4000050) 3m0.67005447s ago: executing program 34 (id=4077): r0 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/controlC1\x00', 0x40000, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, r0, 0x0) socket(0x10, 0x2, 0x4) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0xc) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000002f00), 0xffffffffffffffff) sendmsg$auto_NFSD_CMD_THREADS_SET(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x1c, r3, 0x1, 0x70bd2b, 0x25dfdbff, {}, [@NFSD_A_SERVER_THREADS={0x8, 0x1, 0xffff}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4002000}, 0x40010) sendmsg$auto_NFSD_CMD_THREADS_SET(r1, 0x0, 0x0) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x60008004}, 0x4000050) 2m11.554510888s ago: executing program 6 (id=4383): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'wlan1\x00', 0x0}) sendmsg$auto_NL80211_CMD_GET_WIPHY(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16, @ANYBLOB="010300000000ffdbdf250100000008000300", @ANYRES32=r1], 0x1c}, 0x1, 0x0, 0x0, 0x20000084}, 0x0) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x1e, 0x5, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r3) ioctl$auto_KVM_GET_MSRS(r2, 0x4008ae89, &(0x7f00000000c0)={0xdd, 0x0, [{0x40000118, 0x402}]}) 2m11.011049175s ago: executing program 6 (id=4387): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) io_uring_setup$auto(0x2, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) socket(0xa, 0x5, 0x0) open(0x0, 0x261c2, 0x84) uname$auto(0x0) r0 = socket(0xa, 0x2, 0x88) socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'vcan0\x00', 0x0}) bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_5={@target_ifindex=r2, r1, 0x4, 0x1ff, r0, @relative_id=0x13, 0xe600}, 0xf) bpf$auto(0x2, &(0x7f00000001c0)=@raw_tracepoint={0x5, 0xffff, 0x0, 0x3}, 0xc) 2m10.696504326s ago: executing program 6 (id=4390): mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) mmap$auto(0x0, 0x810004, 0x2000000efb, 0x8000000008011, 0xffffffffffffffff, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0x11, 0x3, 0x9) syslog$auto(0x9, &(0x7f0000000080)='..\x00k\xac\x8c\x1d\x0e\x98\x80\xd2\xaf\xa1\xf2\x1e\xe1R1\xa2\x8e\xce\xa0\x17\bI3\'\xc5tw\xd7\x1d\xa6\xf4#+\xfa\xd7\x01\xb9j<\v\xf47\n\xa7\xd2\x8b\x11e1\xb3\xfdd\x04\xa9 1q\x97\xc4,\xa9^\xc1\xb6\xa1q\x0f\xd1\x013\x87l\xb9\x1e\x05\x90\xa2', 0x7) r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000080)) getdents64$auto(r0, 0x0, 0x18) r1 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$auto_VHOST_SET_OWNER(r1, 0xaf01, 0x5) ioctl$auto(r1, 0x4008af03, 0x0) ioctl$auto_VHOST_NET_SET_BACKEND(r1, 0x4008af30, 0x0) close_range$auto(0x2, 0xffffffffffffffff, 0x0) 2m10.256241429s ago: executing program 6 (id=4393): mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) landlock_create_ruleset$auto(&(0x7f0000000000)={0x6, 0x400, 0x7}, 0x9, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) lstat$auto(0x0, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x2, 0x4, 0x8000000a041000a, 0x40000402, 0x10000, 0x8, 0xffffffff80000000, 0xe0, 0x6, 0x240000100103}) sendmsg$auto_OVS_DP_CMD_NEW(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="0f"], 0x24}, 0x1, 0x0, 0x0, 0x20000800}, 0x4) r0 = socket(0x10, 0x2, 0x6) sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="13"], 0x1ac}}, 0x4004) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x4004810}, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x0, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 2m9.784181584s ago: executing program 6 (id=4397): socket(0x2000000000000021, 0x2, 0x10000000000002) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) socketpair$auto(0x3ff, 0x0, 0x8000000000000000, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) socket(0xa, 0x5, 0x0) open(0x0, 0x261c2, 0x84) r0 = socket(0xa, 0x2, 0x88) socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'vcan0\x00', 0x0}) bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_5={@target_ifindex=r2, r1, 0x4, 0x1ff, r0, @relative_id=0x13, 0xe600}, 0xf) bpf$auto(0x4, &(0x7f00000001c0)=@raw_tracepoint={0x5, 0xffff, 0x0, 0x3}, 0xc) 2m9.346261703s ago: executing program 6 (id=4401): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) unshare$auto(0x40000080) io_uring_setup$auto(0x6, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000002a40), r0) sendmsg$auto_NFSD_CMD_LISTENER_SET(r0, &(0x7f00000050c0)={0x0, 0x0, &(0x7f0000005080)={&(0x7f0000002a80)={0x14, r1, 0x1, 0x70bd26, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x20000000}, 0x20008050) write$auto(0xffffffffffffffff, &(0x7f0000000040)='/dev/ram14\x00', 0x2) close_range$auto(0x2, 0x8, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000400), r2) sendmsg$auto_NFSD_CMD_VERSION_SET(r2, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000200)={0x24, r3, 0x1, 0x70bd25, 0x25dfdbfb, {}, [@NFSD_A_SERVER_PROTO_VERSION={0x10, 0x1, 0x0, 0x1, [@NFSD_A_VERSION_ENABLED={0x4}, @NFSD_A_VERSION_MAJOR={0x8, 0x1, 0x2}]}]}, 0x24}, 0x1, 0x0, 0x0, 0x24000001}, 0x844) recvmmsg$auto(0x4, 0x0, 0x7, 0xe, 0x0) 1m54.089684813s ago: executing program 35 (id=4401): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) unshare$auto(0x40000080) io_uring_setup$auto(0x6, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000002a40), r0) sendmsg$auto_NFSD_CMD_LISTENER_SET(r0, &(0x7f00000050c0)={0x0, 0x0, &(0x7f0000005080)={&(0x7f0000002a80)={0x14, r1, 0x1, 0x70bd26, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x20000000}, 0x20008050) write$auto(0xffffffffffffffff, &(0x7f0000000040)='/dev/ram14\x00', 0x2) close_range$auto(0x2, 0x8, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000400), r2) sendmsg$auto_NFSD_CMD_VERSION_SET(r2, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000200)={0x24, r3, 0x1, 0x70bd25, 0x25dfdbfb, {}, [@NFSD_A_SERVER_PROTO_VERSION={0x10, 0x1, 0x0, 0x1, [@NFSD_A_VERSION_ENABLED={0x4}, @NFSD_A_VERSION_MAJOR={0x8, 0x1, 0x2}]}]}, 0x24}, 0x1, 0x0, 0x0, 0x24000001}, 0x844) recvmmsg$auto(0x4, 0x0, 0x7, 0xe, 0x0) 8.143019872s ago: executing program 2 (id=4869): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x47, 0x8000) mincore$auto(0x1000, 0x8001, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x0) bpf$auto(0x0, &(0x7f00000001c0)=@bpf_attr_0={0xa, 0xb8, 0x10, 0x4, 0x4, 0xffffffffffffffff, 0xa, "2af051b26b658a20d8dc6b36c83ce63f", 0x0, 0xffffffffffffffff, 0x5, 0x7, 0x7, 0x6}, 0xf) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket(0xa, 0x2, 0x88) socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'ip6gretap0\x00', 0x0}) bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_5={@target_ifindex=r3, r2, 0x4, 0x1, r1, @relative_id=0x13, 0xe600}, 0xf) r4 = socket(0x11, 0x80003, 0x300) setsockopt$auto(r4, 0x107, 0x12, 0x0, 0x4) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), 0xffffffffffffffff) 7.150183043s ago: executing program 7 (id=4872): mmap$auto(0x0, 0x2020009, 0x3, 0x9000000eb1, 0xfffffffffffffffa, 0x8000) write$auto(0xffffffffffffffff, 0x0, 0x2) r0 = io_uring_setup$auto(0x6, 0x0) close_range$auto(0x2, 0xa, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mq_open$auto(0x0, 0x1, 0x7d, &(0x7f0000000040)={0xfffffffffffffffd, 0x6, 0xffffffffffffffc0, 0x800000000000006}) socket(0x2, 0x80805, 0x0) eventfd$auto(0x9) writev$auto(0x4, &(0x7f0000000080)={&(0x7f0000000040), 0x8}, 0x1) read$auto_kernfs_file_fops_kernfs_internal(r0, 0x0, 0x0) getrlimit$auto(0x3, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x60742, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/mm/transparent_hugepage/khugepaged/full_scans\x00', 0x40080, 0x0) 6.505060755s ago: executing program 5 (id=4875): mmap$auto(0x200, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x3) mmap$auto(0x0, 0x10, 0xdf, 0x1a, 0x2, 0x8000) set_mempolicy$auto(0xfbf, 0x0, 0x800001b) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) writev$auto(0xffffffffffffffff, 0x0, 0xa) unshare$auto(0x40000080) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmmsg$auto(0x3, &(0x7f0000000000)={{0x0, 0x2506, &(0x7f00000002c0)={0x0, 0xac}, 0x5, 0x0, 0x1, 0x3a32182}, 0xed7138b}, 0x2, 0x9) sendmsg$auto_CGROUPSTATS_CMD_GET(r0, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2841}, 0x14) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/virtual/block/loop4/queue/wbt_lat_usec\x00', 0x10b142, 0x0) symlink$auto(&(0x7f0000000000)='.\x00', &(0x7f0000000040)='./file0\x00') openat2$dir(0xffffffffffffff9c, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000100)={0x84281, 0x0, 0x8}, 0x18) 5.95628059s ago: executing program 2 (id=4877): openat$auto_proc_mem_operations_base(0xffffffffffffff9c, 0x0, 0x401, 0x0) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) mmap$auto(0x0, 0x40000b, 0xdf, 0x9b72, 0x2, 0x108000) io_uring_setup$auto(0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0xa, 0x2, 0x0) socket(0xa, 0x3, 0xff) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7fffffe) mmap$auto(0x0, 0x400008, 0xb, 0x9b72, 0x2, 0x8000) mbind$auto(0x0, 0x100000004, 0x100000000, 0x0, 0x20000000000006, 0x2) mmap$auto(0x0, 0x400, 0xfffffffffffffffa, 0xeb1, 0x401, 0x8000) 5.858326483s ago: executing program 7 (id=4878): openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sequencer\x00', 0x2000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x3, 0x100) r0 = socket(0x10, 0x2, 0x0) pipe$auto(&(0x7f0000000140)=r0) openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f0000000000)='/dev/usbmon7\x00', 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8, 0x0) r2 = socket(0x10, 0x2, 0x4) close_range$auto(0x2, 0x8, 0x0) r3 = socket(0x10, 0x2, 0xc) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYRES8=r3, @ANYBLOB="18000000", @ANYRES8=r1], 0x18}, 0x1, 0x0, 0x0, 0x60008004}, 0x40000f0) write$auto(r2, &(0x7f0000000000)='\xde\x00', 0xfded) 5.80856784s ago: executing program 3 (id=4879): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) r0 = open(0x0, 0x261c2, 0x84) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'syz_tun\x00', 0x0}) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) fanotify_init$auto(0x5, 0x2000000000002) socket$nl_generic(0x10, 0x3, 0x10) socket(0x26, 0x80805, 0x0) clone$auto(0x20003b4a, 0x8, 0x0, 0x0, 0x2) pidfd_getfd$auto(0x3, 0x1, 0x100000000) bpf$auto(0x0, &(0x7f0000000040)=@bpf_attr_5={@target_ifindex=r2, r1, 0x99, 0x8, 0x1, @relative_id=0x8, 0x5}, 0x92) bpf$auto(0x1, &(0x7f0000000380)=@raw_tracepoint={0x5, r0, 0x0, 0x6}, 0xc) 5.58709005s ago: executing program 3 (id=4880): open(&(0x7f0000000000)='./file0\x00', 0x20400, 0xe1d2b27bdc14aabc) r0 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x1c9b02, 0x0) pread64$auto(r0, &(0x7f00000005c0)='/pr\xa2Cv&P\x11\xf7\x01\xa4\xdcXd\x1dvices\x00F%\xf7\x175)x\xd6\fR\x117\t\x00F\xe6\x8bG$\xdaP\xf1\x1e\xe9Z\xc6K\xe44\xdc\x8f\x94\x86\n\x95\xb3I<\xd2~\xe5\xad\n\x0f\xbf\x97\xcf\xcd\x9b\x8f\x8dh\xb8\xffz_\x84Y\x1bt\xf3\xf19\xc0\x9d\xad\xb3\xd9\x89\x15|\x96\xb6\x7f^\x00\x00\x00\x00\xa5n\'(\xa2\x95*\xda\xfcVCf\xd7\x88h[\xd2\xd9\xba\xc5\xc53\x15\x11^Q\x80\xf8\xa77\xa0\xbd\n*\xe0\xcduw\x96f\x95\xcc\xcbP\xd1\xbe\xe21$=\xb6\xe3lP-\xcbs\xe0\f\xce=\xe9 \xe8\n)\xf2b*\xea\"\x94\x96\xcc\xc8S\xd3]Y\xca\xd3\x13\xe3\xd8\x82\x9c\xa5\x06\x01\xafR\x16r\xa3)9t\xae<(V2\xc7\x98A\xc7<&\x89\x98\x7f\x8a\xb1\x8a\xfc\x05T\x8d\xa3\xc2\xdf\xb0\x0f\xad\x85P\xed\x9ct\xf7M\f-\xd3\xe9\xfe\x15o\xab5\xb23\xd2\xef\x9c\xc2;\x91\x05\xd8^I\x8e\x18p\xfb\x8d\x06\xb8J1\xce\x00', 0x100000001, 0x100) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2c, 0x4, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000002340)='/dev/binderfs/binder1\x00', 0x0, 0x0) openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, 0x0, 0x8500, 0x0) mmap$auto(0x0, 0x40009, 0x5, 0x9b72, 0x7, 0x6) socket(0x10, 0x2, 0x3) acct$auto(&(0x7f0000001580)='/dev/binderfs/binder1\x00') 5.541324308s ago: executing program 5 (id=4881): mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) r0 = io_uring_setup$auto(0x5, 0x0) close_range$auto(0x2, r0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2b, 0x1, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0xffff, @remote}, 0x6d) listen$auto(0x3, 0x81) accept$auto(0x3, 0x0, 0x0) r1 = socket(0x2, 0x1, 0x0) sendmmsg$auto(r1, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x4, 0x0, 0x7fff, 0x1}, 0x80000b}, 0x5, 0x20000000) close_range$auto(0x2, 0x8, 0x0) close_range$auto(0x2, 0x8, 0x0) 4.888534497s ago: executing program 3 (id=4882): mmap$auto(0x0, 0x420009, 0xdf, 0xeb1, 0x401, 0x8000) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'syz_tun\x00', 0x0}) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) fanotify_init$auto(0x5, 0x2000000000002) socket$nl_generic(0x10, 0x3, 0x10) socket(0x11, 0x80003, 0x300) r2 = socket(0xa, 0x3, 0x6) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) bpf$auto(0x0, &(0x7f0000000040)=@bpf_attr_5={@target_ifindex=r1, 0x7f, 0x99, 0x8, 0x1, @relative_fd=r2, 0xd}, 0x92) bpf$auto(0x2, &(0x7f00000001c0)=@raw_tracepoint={0x5, 0xffffffffffffffff, 0x0, 0x3}, 0xa) r3 = open(0x0, 0x261c2, 0x84) bpf$auto(0x3, &(0x7f00000001c0)=@raw_tracepoint={0x5, r3, 0x0, 0x3}, 0xd) 4.86611971s ago: executing program 5 (id=4883): syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) close_range$auto(0x0, 0xffffffffffffffff, 0x4000000000002) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x103200, 0x0) close_range$auto(0x2, 0xa, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x103a42, 0x0) sendfile$auto(0x3, 0x3, 0x0, 0x400000000006) timer_create$auto(0x0, 0x0, 0x0) r0 = prctl$auto(0x1, 0x4, 0x0, 0x1, 0x100) mmap$auto(0x0, 0x2020006, 0x3, 0xeb1, r0, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f0000000380)='/dev/cuse\x00', 0x0, 0x0) syz_open_procfs$namespace(0x0, &(0x7f0000000080)='ns/uts\x00') ioctl$auto(0x1, 0x890c, 0x8) 4.800386558s ago: executing program 7 (id=4884): mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0x2, 0x8000) get_robust_list$auto(0x0, 0x0, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = open(0x0, 0x261c2, 0x84) close_range$auto(0x2, 0x8, 0x0) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8000, 0x0) r2 = socket(0xa, 0x2, 0x88) socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'dummy0\x00', 0x0}) bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_5={@target_ifindex=r4, r3, 0x4, 0x1ff, r2, @relative_fd=r1, 0xe600}, 0xf) bpf$auto(0x2, &(0x7f00000001c0)=@raw_tracepoint={0x5, r1, 0x0, 0x3}, 0xc) 4.566113305s ago: executing program 3 (id=4885): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0xb60) pwrite64$auto(0xffffffffffffffff, 0x0, 0x400000, 0xc) socket(0xa, 0x5, 0x84) r0 = gettid() prlimit64$auto(r0, 0x6, &(0x7f00000000c0)={0x5, 0x945}, &(0x7f0000000240)={0x4}) mbind$auto(0x2000, 0x100000008, 0x2100000000, 0x0, 0x6, 0x2) accept4$auto(0xffffffffffffffff, 0x0, 0x0, 0xffffffff) mprotect$auto(0x0, 0x806121, 0x8) connect$auto(0xffffffffffffffff, &(0x7f0000000080)=@in={0x2, 0x3, @loopback}, 0x50) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x700, 0x0) 3.946461386s ago: executing program 2 (id=4886): openat$auto_ftrace_subsystem_filter_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/tracing/events/vmalloc/filter\x00', 0x303, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$auto_VHOST_SET_OWNER(r0, 0xaf01, 0x5) close_range$auto(0x2, 0x8, 0x0) socket(0xa, 0x1, 0x0) socket(0x2, 0x1, 0x84) listen$auto(0x3, 0x81) accept$auto(0x3, 0x0, 0x0) listen$auto(0x3, 0x0) shutdown$auto(0x200000003, 0x2) ioctl$auto(r0, 0xc008af12, r0) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x101000, 0x0) 3.526955635s ago: executing program 5 (id=4887): socket(0xa, 0x5, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) connect$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x0, @rand_addr=0xe0}, 0x55) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x3, 0x4) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x4000894}, 0x4000000) bpf$auto(0x0, &(0x7f00000001c0)=@test={0xffffffffffffffff, 0xffff, 0xfffff0b6, 0xffff, 0x84, 0xac1, 0x2, 0x36242398, 0xfffff5b2, 0x3bb, 0x8000007, 0xffff, 0x6, 0x81, 0x68198}, 0x6f3) sendmsg$auto_ETHTOOL_MSG_EEE_SET(0xffffffffffffffff, &(0x7f0000001700)={0x0, 0x0, &(0x7f00000016c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="d4000000", @ANYRES16=0x0, @ANYBLOB="100027bd7000fbdbdf2518000000200001800247eea41fac000014000200766574683100000000000000000000000800070063fbffff0500060001000000840002803d00488013b37090badc49d6dc93876646d25a4d297d01cd3b7da38d12889cc50d505f353dc42d0a3c0a14c7b46428910708003600", @ANYRES32=0x0, @ANYBLOB="0400b3800000003d003b800400a4800c009a00008000000000000004008680c16ab1b1b39dcaa14b6af7dcc011b43cf706e562811c62b28a702b72e0a87126700294f2350000000c000180080003"], 0xd4}, 0x1, 0x0, 0x0, 0x20000010}, 0x20008000) rt_tgsigqueueinfo$auto(0x3, 0x96, 0x3, &(0x7f0000000180)={@siginfo_0_0={0x80000000, 0x7, 0x8000, @_kill={0xffffffffffffffff}}}) sendmsg$auto_ETHTOOL_MSG_WOL_SET(0xffffffffffffffff, &(0x7f0000002cc0)={0x0, 0x0, &(0x7f0000002c80)={&(0x7f0000000180)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYBLOB="010027bd"], 0x2c}, 0x1, 0x0, 0x0, 0x4801}, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="12"], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 2.42656886s ago: executing program 5 (id=4888): statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x7, 0x7352, 0x36, 0x65f, 0x80000001, 0x7, 0x3, 0x2, 0x7, 0x7, 0x4, 0x4, 0xb4, 0x3, 0x9, 0x10003, 0x80, 0x8, 0x0, 0x7, 0x2000, 0x3, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, [0xc, 0x0, 0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x4, 0x0, 0x60, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1]}, 0x1fe, 0x5) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) mmap$auto(0x0, 0x20005, 0x4000000000df, 0xeb1, 0xffffffffffffffff, 0x8000) socket(0x2, 0x801, 0x84) r0 = socket(0x2, 0x3, 0x1) connect$auto(r0, &(0x7f0000000040)=@hci={0x1f, 0x4, 0x4}, 0x2) connect$auto(0x3, &(0x7f0000000140)=@in={0x2, 0x7, @local}, 0x55) capget$auto(0x0, 0xfffffffffffffffe) setsockopt$auto(0x3, 0x10000000084, 0x1e, 0x0, 0x8) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="1100"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) r1 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r1, &(0x7f0000000200)={{0x0, 0x1f, &(0x7f0000000100)={0x0, 0x5}, 0x2, 0x0, 0x7, 0xa505}, 0x2}, 0x7, 0x4008) 2.426454833s ago: executing program 7 (id=4889): r0 = socket(0x2, 0x5, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) write$auto(r0, &(0x7f0000000000)='/dev/loop6\x00', 0x6) write$auto_fops_init_pkru_pkeys(0xffffffffffffffff, &(0x7f0000000280), 0x0) seccomp$auto(0x1, 0x1, 0x0) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x10, &(0x7f00000000c0)={0x0, 0x10000}, 0x7, 0x0, 0x5, 0xb}, 0xfff}, 0x8, 0x311) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/loop6\x00', 0x18dd01, 0x0) get_robust_list$auto(0x0, 0x0, 0x0) bpf$auto(0x0, &(0x7f0000000780)=@link_update={0xa, @new_prog_fd=r1, 0x4007, @old_prog_fd=0x13b}, 0xa3) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x400200, 0x0) 2.42638537s ago: executing program 2 (id=4890): mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) close_range$auto(0x0, 0x5, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x5, 0x0) r0 = socket(0xa, 0x5, 0x84) close_range$auto(0x0, 0x5, 0x0) io_uring_setup$auto(0x1, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/system/memory/memory12/power/control\x00', 0x100, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x8c00, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$auto(r0, 0xc040aed4, r1) close_range$auto(0x2, 0x8, 0x0) 2.199141262s ago: executing program 2 (id=4891): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(r0, r1, 0x2) open_by_handle_at$auto(r1, &(0x7f00000004c0)={0x1, 0x0, "ed"}, 0xffffffff) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) setfsuid$auto(0xee00) statmount$auto(0x0, &(0x7f0000000180)={0x315, 0xfffffffd, 0x401bf, 0x7352, 0x3c, 0x65f, 0x1ffde, 0x6, 0x3, 0x2, 0x9, 0x2, 0x4000006, 0x4, 0xb6, 0x80000000009, 0x6, 0x10003, 0xb, 0x4, 0x0, 0x7, 0x2000, 0x203, 0x0, 0x84}, 0x1fe, 0xd) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='l\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000826bd7000fedbdf25030000000600070008000000060007000080000008000200", @ANYRES32=0x0, @ANYBLOB="0a00050000000000000000000a00010000000000000000000a00"], 0x6c}, 0x1, 0x0, 0x0, 0x40080}, 0x0) r2 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), r0) sendmsg$auto_NL80211_CMD_DEL_PMKSA(r0, &(0x7f0000000380)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xe4022202}, 0xc, &(0x7f0000000100)={&(0x7f0000000500)={0x12a4, r2, 0x4, 0x70bd29, 0x25dfdbfe, {}, [@NL80211_ATTR_KEY_CIPHER={0x8, 0x9, 0x8}, @NL80211_ATTR_EPCS={0x4}, @NL80211_ATTR_WIPHY_FRAG_THRESHOLD={0x8, 0x3f, 0xfffffffe}, @NL80211_ATTR_FILS_DISCOVERY={0x11ac, 0x126, 0x0, 0x1, [@NL80211_FILS_DISCOVERY_ATTR_TMPL={0x40, 0x3, "7afda7249debfe75f5238e07d0a4d3754dc803d7d9a72034175229005212d5a6df6ea18f00d0c61cc42c944ae3f07e3692ff9d7c11aec435339d6d53"}, @NL80211_FILS_DISCOVERY_ATTR_TMPL={0x89, 0x3, "f9ec12ecf39bec7e9719d932489dcf95263d4916ffb248ef4d9171044eaa27836fb6b1bfb74fdaedd9802cf7440f74cefbdecbddf23807716bef3c9697766b532c50b45c82da183065a345a65010c14654676ebf9ac93d194a3a36958a44af62f01a3c4d58c0f31994c260f9ec6ca0b2d16fb26fef589d3dd63730fca6008ee26a750baddd"}, @NL80211_FILS_DISCOVERY_ATTR_TMPL={0x3d, 0x3, "194696702bd41a9ac0e0829244bceaab98c183c629af0065a8a278ebc27bd05e3472daa63d88b6430ca20ef85d85ddc54483e06d8e6d04937f"}, @NL80211_FILS_DISCOVERY_ATTR_TMPL={0x80, 0x3, "a10bdfe0c113fd4f46fda8835312c5642864a4fc6df2f031fcb814f4eed55c5145887229d897774d8618ddb094501ecf4159ca49a36d00e5892443f36ad06e1f38e8adf7fb20c7e80c2b36b1800eb8c1cdd6865fe0adb597b706268e0959c94ca7419bf002ba25fd5ea792e92e5d0f3b91d5cf1cf1f449205629edda"}, @NL80211_FILS_DISCOVERY_ATTR_TMPL={0x1004, 0x3, "1391b52b323eae918db5e2f564e2a89af32d91f74ad2a9ef0db68dbe9b4f84bf41189bd9c6012ee8032c25b30cf5dd81a2fe471fa358e66d6fa1063fec606542b5174e139e8e55df5b052d8da45611157d8f643e7073a4892a015ad24d362c4a9218a9730281bdee4c6cb3a82bbc73b68e857def380eceab48bcdf78c78ee42a196590dd8ad5c8686d425959714799fa2d8e08d912230cccc10a2df6a5b5fa247b6dc3d2e2039de691501aaee18a0d72999549787f9480bdcf4fa0bae33e973395a34ce5dd0946d9cb4252a0d2cf1c4f2428f4a34464d30ba02cd50f168865a14bd328e3848e3ed83b3de0335a1b5e7ce87b5fa44925cd25c45715c2a7f22c0f0c611c8e715acf1a5f20779d440fe709d2ae17ae18442aa22d7a337a0f3e14f038c3c2b73594e9a9a155a6db4f0c54d369689c0b8f78c1e638dd19fe3438ed219116cd43fd6e35d8a67612712e28f7fcb8216a7b6353ebd8ba73359330e9fc61253fd5b9a5df323f52671aa50c84ccb78e427a998d3fce15ae3f85476a8cb560232e374f5eea7dbd04e6f9b5b0f78a8a2ba748fb529683a6c682cd8b49ab60df909ebadcf3ace4ed4e544fe9e0504dbba8429672d348ab3f5e7d12957f40bf804d3fd2d12ec3a023cbc8ac2597a9821a130232b9ea70896bd20f75151d73dafb2fe63bf2f28b627c8ff43e9a743eed099db9c61814814753cc29123d84a0a4d1a5c012d6f2d03daad658a83392e94bf658b0cf1d74fa7e120ec9f0e6bd7cf79500cdcede96256f6153ad88eb3bdd159b501871784eec9b0f37aaaf7027f74defc46c22c108ee1f54cf663b293ac50ebc3e820b1663549822b2d567abbdd38e0a8d6d4c9db912e4798d9c699a75d884f08fb637208b4fce40f6e026b5f491430dd0291b419abc28d241d4f3923c470d575f6a4edba84458ec5e0a25e615153a40a279bae78aa876dfabf40f72e25ac0de6ef5dc2b4f98350eeea9269c200d9bdfd351b599f39036f7ac11253d52f2f64d05cb2e0be0fc6ee9dfab4074b37bd49c80a4dfbd8fb3d9f6ad2b68e65cb66d088a38bf4e16ff572487bceae34f6e626977608ba81bb267d8a3e7d7f4c792133d66ef38926a728d0cf976128c72291ce19aa595ad26bbd44a546069c3b5d9cc1cbdf57013436a30108d28bd9f74a17e606f78fcf6078dc5d64d18dd0a8c8673356a23106ce7d514e4abe529e31b66d41a1e5a117d71326ff7432a73acbaa5dc61b9a41c65e2e4b412f3c11778d98ac8bdb3516e6cb575f870959cbb75c24864ad756c34abb95ca260b05bd227cb29699e6d2cae4b49dd1dfe63717c540e0c11f3610cf51e3a75803053e1873f5cdebce61d44ae820a82d78876094e3221ecc429214eea43d8c2a5e53732598fc907521a7c3c1a8df65db973cfd960f06c3e06ff43c89f3254135a9f787ab7b291bd95fea64415b2fafaeda678d6a5ca349d2a0aab0dd35ef0c7f2c555b67d56348612607c39c067550b9559d5a69caa35f54430e3cc5e801eb026a659ca75873790d4fc02f9e7639ea5e6bf04ccc331dd61ab1b19359110774ee19100605562aa305719f67df9033c2580ea3d5319bbcd675d2dcaed788578ef457dc034113028b23add2e8883b38a514608c07cad5255ee2618d524cabd595084301b450de26d10382819972e3d99d9b072c7eb840dedd9e6a8217943129fe200d0d4ca1c3a279d179f60aeaaae301fee0dcdbc7cfd18e1ce4b9c54653ad2d9c2ce699cbf43c365f995533d8f85000095e7b92ac495d7d75eb184ca18c2d24e4a187ef5bf7606a67ea978feaf29dacbf3069387ed990c529c04f3836f644a3009dc509e72c5d7cf7dfe5b61a7c7ef27be9ed77af4cf492bd4172bab45a063c4f57404151b4f260a91c4d4c38aee34f7a6d3d2c1b0d23da5995f34c147fd62f5ca6d7befaf13a03fcb227ca5deadc3de278579d8541df4be6ebe092f0f6476ca317a6050df8be5ea48f8d2609b9f414c3a9add2af7c709f5cef7d29f9bc71eba62d4317d1b21f4d44e9591d11ad24a1e27d248f94f9968e046a34b2a031513adbe5b57f1cf9f73c2f4040332f6b4450ed944fb4876d7df04fed1447d138c93e432e2cfe4355588e19e829d0bc01aafcb49586a2412818c28126e0188e849e1a26145428c528fbf4176cbde331662a0ef4dae8afb49ce821799e0b56e1dea9f5afb46e81bc74a78c938b949a1067ae722b880e59ed094b19cf99f4c46a47f8a940df5d0300abdd69b45515446383bfe1d37c54e6406878d2c09d48d74f5de028f971e4e89734290d3a33fa4497441f8509c424421bae4b0ca4a76305004cf74b5a47c3bf62f89a4061feaf7c99665700b230621fcfa1580291a2bc531e1ba4f67f2936453b12f57def1d1f0ba02396d047967a0f4aff8839ff068ca22e291212bb027329e5bfacac0fa3c21452d403a9397fbaf70ac9c07d1f0bff27bb86ea48a8c9a780c789f8919e12d59c7309dded9edf25e7c378b44aefa73a768c81a6a34fb649e77077f91c5512b062fc5822292152831c7993f69a5e997452145b644a0bf2178a635716b9ab7fa8e5f1d4d0a8d68c9026419df2b4714d40eaedcd853aaf0221da4e294f9ab324cdcdccca5801f7bc62095c6e295344dca1c6c080a8a4936b6ba0ddb0c2d0cd582d33d9dcfa9f5952ba63b2380942cd797c314aebe71022cece0b7e792b42dc9a5d8d718f3f633537bf72fc678b5791e4b963c6afa296580281c3c4c201f11eeefee4f2015b1f53bc5551526eed4f03e259237b7652f3772f55650074f384ec26d0ea8cfa57048b029ff87bc50b9387e036c30a9a30a6c0ef84b8ffb91864fcac31f8d1af9bade2569c470d382945811b4ccf48f4e5740ad1e6f799e2c5f93438b45c23a12389206445eed117060d8699c560a45d82fe0ed6c1900670d025ea9ecc93bd68ac51de5bb69ee7d14756a6bfb77a1ebb0323c7037ae37baa1c0c9c9b1e0cfc98ba39c035b4630266fbc0b1933d4c525ae47e165be53732585230b002bfd32cea9fad7f7c0b104db5e24c6ec8bf0f0273d2aa53b7e466d869b49cce62138c98e96e12a82118bb14b992eadcc15ec7d57a388032924ac01ed9c14faca7291ce786918612bcf8d23c3da4d28e67b64e42e22a44914894ec957b6c27830e26f0679afb5cb79b7171134b81a82c5f2bd1277445b14c5ec202f106156d82275cd039519af2e732ff545a47cbba17a8ff500476a61ad7289bd759f2b618529016ecf2efc53d1a74e121e7121cb4ffb0eae28545c3ee8b938e3b9e8db305b148ae2834a7f6cc7dc9cdcc69d6edef21d9c6782aa7a1451b75dc7e28e072e5797c4c3a83eca8a1f2eceb4e6c2fe50ba3d7119a8e934bf9f01a1d24eb0b8340d372063994748405c0a9685ecb28f2b0ca2454d42e9124abaf97066e67647f8dbc17aeb0d3e31cb926e3de3604db1e25ea1f5d015a2e141d14c9fb66e45454461f9a9f2b822d7c303ca49b972e382d162c5e7df9ad902b34e18e5dc682ff1e623abbab802b3d7173a74bac5724aece3990ff4f71ec5ebb2e2b85a6efea3e9e5e3279dc9d6066e77ae90bc1ce6a7c5da7523b9b238fdbf7f30568f6c4165c48ea99169df1516f95f9c72c89ee364741ca0abbc3926355e33c6c7fe9e1a6ea9708ebc0ab77ecec4a5ef12b9bf9f0aa113ae5f81ba8b2754eb7abf272bd85823bda8b53d29827b65593abb7ccd9a6522603f0c64b952f7950a383e9d47521222919446833354bb22c6c5e35f8fe4be11909eaa8d2aa87277292dc92497edf9b5edd5f86c8123ccae302f75635fe4fbecb163d7381bd7bd706d3bca1d759d010e7bac1081c499a0457e442c93d0dcdd01515e94cd6e17666ab928c21dbcdef8078ed28dc21aad43d3daaa0ec9eab8c654b8d3ae9baae03fdd7c53b8bb284b0d94b8cabb48bd85b4a61534f3430cb997d296b2f9141a217a8e72a0d33dbe0a83bcc0a5e7b5872ba11521aaffe3b3301cb3ed7524f54d0d38bb427425c192f69a26ec4c821bc2b3d6eb2aad7ede0fd3d2882b35807a1c2fc229d96adb33e8d000617936242c8450a5d7825eaab56cd05513c53838ab3d71ecdd13ccc378f26cc5c6a889417a34e84e4b67b28651bcb874de718da2f4ab87b0f90a80fec61977bfee6ca5288c117427de3e05caa6ea345bd8a70b7160ee2b9de1ffe88c3c46edec294349289be15aa148909c097e03389c52c8b91d292aaecd60e580e5ffe18094120f887ef867b560a7c7c3be470a6f6e24133017da0503c08d8dd31b75af60ffbe30794e9aa8e8110a70eb909c1b75fdf0f25abf8b5d5f67f57862d4a9b151ffdb338f5bebcd3df83d923de98cb0a28d551e858cc74f602d54643990dc4be22102d6982fddf701e44ff5b72feb33dce27ec0fb407a39889e88cde207ecdcb2bcb86c53d34a51239d39d76a27f8199096dbd69defd66481102408d9ee16f6d294e3bc56a217c0546b4c798594625c57e0e26753457ba16a4682122eb1246b2b62e56c2e975972794c55e81d39bd662318d29ccc26e21838c91358fe2cf67f425819815d489be36a90f71bba6459d7ab104c694faee2eed9f0ac80ce3a50d1155b2ee60f3c517ee5d09425c8df74e39f9124b0b915a8a1d92c89d590e7553503245bf90c9c99fed2b2f1bc02377a5aab4db12207b1697266597f453a08063a1d83789d02dc8425fda5e63aa5f5a4868f535039c85dca0334a7b165555ba66ba8a91b27ac48a675933407ff73037a941137d9d68533dabd36de61a2ae72573641709b487c44feffee2fb3bcc12513a67385526a6568ee6bcbb210d9aba7e6029d4c5680be527702069731cf08bca14612858159e04cef24f80faec09f472658f77ecd2eea6e082e7756702f900cc0f83db38e1aeca8b48935a326c0c450228e67849209c1f9aa33be104c7203b399c7d4551d51b908860ccf47a3c3df3357c69d72b8d6abcae2cb3d24575e061ff60946f4ccbc8904e8d92fdedb14238ff9eba28efec9d846271cc8b86b8e9f37d18990dccc666b6d8bc49bb4b1d9483f7d6846d590fa4ba393c413aeea1b4eb90c3fd66f4c31ba2c0632f35d8a661fa4d7251aa163d8b7c0c57f63db6e74249c6515d9cdbd4b3e874eaa3520c1db1ae9b2db94d06752241fdcc3cf414e4d334b8dcd333263f60707a15e67e3a716916bd765a54eb8e2c651352b6408454dc23757888ff26bdc0d85a1d82f5afb6b5fe4078468155b1a89bd44f009480565ef8a7b033b753ec86f64a891cdff2353377ce973b4f620e1ee37fad8266e7b90e7bc6ab224425a2ff8985e2c43e318256119aa6c5cb81174f3d1c9da781cc12957418faea77fd90c1c266b4d11bf37860f2b8b216c2b60fb53e377612584c7f84ee1f61c04752bcbf0bb5e60e6dc116abb96b614e1aa5d2aaf0650f55593d06c3ea2162878933ee0a82e916cb4c02fb8559f8b229a05565c6d0caaeb0387835345948877b73f511cee60619facecb0ff5c79d2693a35c6cae8d885205c27ddc41294435e2845f36f048e91431d4e8689563a85aa51accf66d28b2d9f044d1d4d0b36f166b9f5888040905569d3156e9aa969a30032aa191725b4fa350c37596e6eda7919bb41ece14d637b7bcf6aebb4d747c1bd74d7bdbb0d6e6396c081bce4794b225cf80660864adda2c58a37472637cdbe07ff7ac318816f9a64c375b221e10360bdf1dd11f2c1e3f5c2e926dd60717e9a872c74aec37b2555e3a382efc792d023c9d5fa464da3086cac044c448b4870705da1977eecc49aee"}, @NL80211_FILS_DISCOVERY_ATTR_INT_MIN={0x8, 0x1, 0x1000}, @NL80211_FILS_DISCOVERY_ATTR_INT_MAX={0x8, 0x2, 0xfffff8e9}, @NL80211_FILS_DISCOVERY_ATTR_INT_MIN={0x8, 0x1, 0xb}]}, @NL80211_ATTR_FILS_DISCOVERY={0x14, 0x126, 0x0, 0x1, [@NL80211_FILS_DISCOVERY_ATTR_INT_MIN={0x8, 0x1, 0x6}, @NL80211_FILS_DISCOVERY_ATTR_INT_MAX={0x8}]}, @NL80211_ATTR_MAC_HINT={0x81, 0xc8, "2a57187b50362e036345079c3237749c21d40e0026038ffc8a33b93f3f129852a5f2076ad542627a5b1a9ddd8a92d8be20fd8fb33df1e25b0c071ccd40410510b844418a92370e7f7dcdeff6589e735f3055ce12745821b50dea239410002a274abc1eb81fff6514f5f0d7cdc5c3aecccb7a68974d5050b1c7abb1e926"}, @NL80211_ATTR_FILS_ERP_RRK={0x2f, 0xfc, "0a5e8e564efa6a57d19e2347c9bebfe01106e987c9d34df79ab005d4ff0aef8bccebed82d6fc6b3d1d2723"}, @NL80211_ATTR_MAX_CRIT_PROT_DURATION={0x6, 0xb4, 0x2}]}, 0x12a4}, 0x1, 0x0, 0x0, 0x200000d0}, 0x4000) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x48000}, 0x0) kexec_load$auto(0xff, 0x2, &(0x7f0000000080)={@kbuf=0x0, 0x2, 0x80000000, 0x3000}, 0x4) 1.833110456s ago: executing program 2 (id=4892): r0 = openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000001c80)='/dev/fb0\x00', 0x20401, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x4611, 0x0) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/nullb0\x00', 0x14fa02, 0x0) mmap$auto(0x0, 0x810004, 0x400000000ffb, 0x8000000008011, 0x3, 0x8000) preadv2$auto(r1, 0x0, 0x6, 0xffffffffffffffff, 0x4, 0x2e) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) unshare$auto(0x40000080) openat$auto_mon_fops_text_t_mon_text(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/usb/usbmon/9t\x00', 0xa00, 0x0) openat$auto_mon_fops_text_t_mon_text(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/usb/usbmon/36u\x00', 0x26040, 0x0) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x48000}, 0x0) io_uring_register$auto(0x2, 0x0, &(0x7f0000000000), 0x3) 1.687756994s ago: executing program 3 (id=4893): close_range$auto(0x0, 0xffffffffffffffff, 0x4000000000002) eventfd$auto(0x0) openat$auto_mISDN_fops_timerdev(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mremap$auto(0x0, 0x4, 0x4, 0x7, 0x100000000) io_uring_setup$auto(0x2, &(0x7f0000000080)={0x80000003, 0x9, 0x4002, 0x6, 0x4, 0x8, 0xffffffffffffffff, [], {0x9, 0x6, 0xf, 0x29f, 0x100, 0x7f, 0x101, 0x4000006, 0x2000}, {0x100, 0x1, 0x52, 0x5, 0x1, 0x40, 0x104, 0x8, 0x100000000}}) open(&(0x7f0000000040)='./file0\x00', 0x149443, 0xc8) openat$auto_udmabuf_fops_udmabuf(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0) openat$auto_qrtr_tun_ops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40340, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$auto(r1, 0x4020ae76, r2) 1.336743346s ago: executing program 5 (id=4894): mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r0, 0x0, 0x20) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3) ioctl$auto_SW_SYNC_IOC_CREATE_FENCE(r1, 0xc0285700, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0x6ab82, 0x0) unshare$auto(0x40000080) pread64$auto(0xffffffffffffffff, 0x0, 0x8, 0xffff) readv$auto(0xffffffffffffffff, 0x0, 0x5) bind$auto(0x3, 0x0, 0xb) preadv2$auto(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x80000000}, 0x6, 0xffffffffffffffff, 0x4, 0x2e) connect$auto(0x3, &(0x7f00000000c0)=@vsock={0x28, 0x0, 0x2710, @host}, 0x55) 1.142613362s ago: executing program 7 (id=4895): r0 = socket(0x10, 0x4, 0xfffffffc) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x0) write$auto(0xca, &(0x7f0000000140)='\x04\x0e\x06\xd5\x89|d\v\x00\x00@\x00\x81\x00\x00\x00\xf6\xf5\x00\xdf\xff\x00', 0x10) mmap$auto(0x0, 0x402000d, 0xa, 0xeb1, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000340)=ANY=[@ANYRES16=0x0, @ANYBLOB="06000000e83c3dc3327809dc81ef9f55e170", @ANYRES16=r0], 0x14}, 0x1, 0x0, 0x0, 0x20008000}, 0x8a0) socket(0x10, 0x2, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/ram10/queue/max_sectors_kb\x00', 0xe3102, 0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000300)='/dev/audio1\x00', 0x6102, 0x0) mount_setattr$auto(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000640)={0x8, 0x100009}, 0x283) ioctl$auto(0xffffffffffffffff, 0x5419, 0x38) openat$auto_snd_pcm_f_ops_pcm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snd/pcmC1D0p\x00', 0x4000, 0x0) 120.165971ms ago: executing program 3 (id=4896): r0 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, 0x0, 0x48180, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x40000) mmap$auto(0x0, 0x2020009, 0x3, 0xf8, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0x6, 0x0) r1 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r1, 0x0, 0x7, 0x4008) r2 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, 0x0, 0x8a240, 0x0) read$auto_v4l2_fops_v4l2_dev(r2, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, 0x0, 0xa2741, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/vtconsole/vtcon1/bind\x00', 0x182b02, 0x0) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x9}, 0x8) write$auto(r0, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x84) 0s ago: executing program 7 (id=4897): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/mm/transparent_hugepage/hugepages-8kB/shmem_enabled\x00', 0x1a1842, 0x0) sendfile$auto(r0, r0, 0x0, 0x6) r1 = socket(0x28, 0x0, 0xe3) getsockopt$auto_SO_PASSPIDFD(r1, 0x1000, 0x4c, &(0x7f00000000c0)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', &(0x7f00000001c0)=0x5f) fstat$auto(0xffffffffffffffff, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) r2 = io_uring_setup$auto(0x1, 0x0) sendmmsg$auto(0xffffffffffffffff, &(0x7f00000001c0)={{&(0x7f0000000000), 0x5ac, &(0x7f0000000100)={&(0x7f0000000440)="b4cfbaa27e5d", 0x12}, 0x5, &(0x7f0000000180), 0x5, 0xe}, 0x5}, 0x2, 0x100) write$auto(0xffffffffffffffff, 0x0, 0x9) r3 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) write$auto(r3, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) bpf$auto(0x0, &(0x7f0000000100)=@task_fd_query={0x5, 0xffffffffffffffff, 0x7f8, 0x5, 0x5, 0x809, 0xffffffffffffffff, 0x10000, 0x5}, 0x14) fcntl$auto_F_OFD_SETLKW(r2, 0x26, 0x4) kernel console output (not intermixed with test programs): fed09015fa0 RCX: 00007fed08d9c799 [ 582.359021][T16197] RDX: 0000000000008080 RSI: 0000000000000007 RDI: 0000000000000002 [ 582.359030][T16197] RBP: 00007fed08e32c99 R08: 0000000000000000 R09: 0000000000000000 [ 582.359039][T16197] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 582.359048][T16197] R13: 00007fed09016038 R14: 00007fed09015fa0 R15: 00007ffdbd766408 [ 582.359068][T16197] [ 583.958081][T16222] FAULT_INJECTION: forcing a failure. [ 583.958081][T16222] name failslab, interval 1, probability 0, space 0, times 0 [ 584.049616][T16222] CPU: 0 UID: 0 PID: 16222 Comm: syz.5.3538 Tainted: G U L syzkaller #0 PREEMPT(full) [ 584.049653][T16222] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 584.049660][T16222] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 584.049669][T16222] Call Trace: [ 584.049675][T16222] [ 584.049682][T16222] dump_stack_lvl+0x100/0x190 [ 584.049711][T16222] should_fail_ex.cold+0x5/0xa [ 584.049730][T16222] ? ima_alloc_init_template+0x19d/0x6d0 [ 584.049754][T16222] should_failslab+0xc2/0x120 [ 584.049771][T16222] __kmalloc_noprof+0xe0/0x850 [ 584.049794][T16222] ? take_dentry_name_snapshot+0x30b/0x7c0 [ 584.049817][T16222] ima_alloc_init_template+0x19d/0x6d0 [ 584.049841][T16222] ? take_dentry_name_snapshot+0x310/0x7c0 [ 584.049863][T16222] ima_store_measurement+0x1e3/0x5b0 [ 584.049887][T16222] ? __pfx_ima_store_measurement+0x10/0x10 [ 584.049917][T16222] ? __pfx_ima_get_hash_algo+0x10/0x10 [ 584.049940][T16222] process_measurement+0x19cc/0x2350 [ 584.049967][T16222] ? stack_trace_save+0x8e/0xc0 [ 584.049983][T16222] ? __pfx_process_measurement+0x10/0x10 [ 584.050003][T16222] ? __lock_acquire+0x4a5/0x2630 [ 584.050022][T16222] ? __kasan_slab_alloc+0x89/0x90 [ 584.050036][T16222] ? kmem_cache_alloc_noprof+0x241/0x6e0 [ 584.050058][T16222] ? init_file+0x95/0x480 [ 584.050074][T16222] ? alloc_empty_file+0x73/0x1c0 [ 584.050091][T16222] ? alloc_file_pseudo+0x13a/0x230 [ 584.050108][T16222] ? ksys_mmap_pgoff+0x232/0x650 [ 584.050123][T16222] ? __x64_sys_mmap+0x125/0x190 [ 584.050145][T16222] ? do_syscall_64+0x106/0xf80 [ 584.050184][T16222] ? __pfx_aa_file_perm+0x10/0x10 [ 584.050208][T16222] ima_file_mmap+0x1c4/0x1f0 [ 584.050229][T16222] ? __pfx_ima_file_mmap+0x10/0x10 [ 584.050255][T16222] security_mmap_file+0x278/0x9b0 [ 584.050274][T16222] vm_mmap_pgoff+0xec/0x470 [ 584.050293][T16222] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 584.050309][T16222] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 584.050332][T16222] ? hugetlbfs_get_inode+0x36e/0x750 [ 584.050358][T16222] ksys_mmap_pgoff+0x273/0x650 [ 584.050374][T16222] ? __x64_sys_futex+0x358/0x4d0 [ 584.050394][T16222] ? __pfx_ksys_mmap_pgoff+0x10/0x10 [ 584.050410][T16222] ? xfd_validate_state+0x129/0x190 [ 584.050434][T16222] __x64_sys_mmap+0x125/0x190 [ 584.050457][T16222] do_syscall_64+0x106/0xf80 [ 584.050474][T16222] ? clear_bhb_loop+0x40/0x90 [ 584.050494][T16222] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 584.050515][T16222] RIP: 0033:0x7fdd6b59c799 [ 584.050533][T16222] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 584.050549][T16222] RSP: 002b:00007fdd6c458028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 584.050565][T16222] RAX: ffffffffffffffda RBX: 00007fdd6b816180 RCX: 00007fdd6b59c799 [ 584.050576][T16222] RDX: 0000000000009c0f RSI: 000000000000000c RDI: 0000000000000000 [ 584.050585][T16222] RBP: 00007fdd6b632c99 R08: ffffffffffffffff R09: 0000300000020000 [ 584.050597][T16222] R10: 0000000000044eb2 R11: 0000000000000246 R12: 0000000000000000 [ 584.050606][T16222] R13: 00007fdd6b816218 R14: 00007fdd6b816180 R15: 00007ffc1dc9a348 [ 584.050631][T16222] [ 584.433336][ T29] audit: type=1804 audit(1773281160.029:18): pid=16222 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=add_template_measure cause=ENOMEM comm="syz.5.3538" name="anon_hugepage" dev="hugetlbfs" ino=70129 res=0 errno=0 [ 584.591935][T16238] netlink: 342 bytes leftover after parsing attributes in process `syz.5.3546'. [ 584.602369][T16238] netlink: 302 bytes leftover after parsing attributes in process `syz.5.3546'. [ 587.014239][T16299] netlink: 334 bytes leftover after parsing attributes in process `syz.4.3568'. [ 588.399950][T16329] netlink: 342 bytes leftover after parsing attributes in process `syz.2.3578'. [ 588.560740][T16329] netlink: 302 bytes leftover after parsing attributes in process `syz.2.3578'. [ 589.249848][T16338] FAULT_INJECTION: forcing a failure. [ 589.249848][T16338] name failslab, interval 1, probability 0, space 0, times 0 [ 589.298435][T16340] netlink: 25 bytes leftover after parsing attributes in process `syz.3.3582'. [ 589.330583][T16338] CPU: 0 UID: 0 PID: 16338 Comm: syz.5.3580 Tainted: G U L syzkaller #0 PREEMPT(full) [ 589.330613][T16338] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 589.330619][T16338] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 589.330629][T16338] Call Trace: [ 589.330635][T16338] [ 589.330641][T16338] dump_stack_lvl+0x100/0x190 [ 589.330670][T16338] should_fail_ex.cold+0x5/0xa [ 589.330689][T16338] ? lsm_blob_alloc+0x68/0x90 [ 589.330706][T16338] should_failslab+0xc2/0x120 [ 589.330723][T16338] __kmalloc_noprof+0xe0/0x850 [ 589.330746][T16338] ? trace_kmem_cache_alloc+0xf3/0x120 [ 589.330765][T16338] lsm_blob_alloc+0x68/0x90 [ 589.330784][T16338] security_sk_alloc+0x2d/0x290 [ 589.330806][T16338] sk_prot_alloc+0x1d1/0x2a0 [ 589.330830][T16338] sk_alloc+0x36/0xe80 [ 589.330847][T16338] rds_create+0x9e/0x5f0 [ 589.330871][T16338] __sock_create+0x339/0x860 [ 589.330898][T16338] __sys_socket+0x14d/0x260 [ 589.330912][T16338] ? __pfx___sys_socket+0x10/0x10 [ 589.330933][T16338] __x64_sys_socket+0x72/0xb0 [ 589.330946][T16338] ? lockdep_hardirqs_on+0x78/0x100 [ 589.330965][T16338] do_syscall_64+0x106/0xf80 [ 589.330982][T16338] ? clear_bhb_loop+0x40/0x90 [ 589.331001][T16338] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 589.331018][T16338] RIP: 0033:0x7fdd6b59c799 [ 589.331032][T16338] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 589.331048][T16338] RSP: 002b:00007fdd6c49a028 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 589.331063][T16338] RAX: ffffffffffffffda RBX: 00007fdd6b815fa0 RCX: 00007fdd6b59c799 [ 589.331073][T16338] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000015 [ 589.331082][T16338] RBP: 00007fdd6b632c99 R08: 0000000000000000 R09: 0000000000000000 [ 589.331092][T16338] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 589.331100][T16338] R13: 00007fdd6b816038 R14: 00007fdd6b815fa0 R15: 00007ffc1dc9a348 [ 589.331120][T16338] [ 589.987935][T13497] Bluetooth: hci0: unexpected event 0x05 length: 43 > 4 [ 591.113192][T16368] syz.5.3583 (16368): /proc/16343/oom_adj is deprecated, please use /proc/16343/oom_score_adj instead. [ 591.158976][T16371] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3591'. [ 591.665887][T16384] netlink: 342 bytes leftover after parsing attributes in process `syz.3.3596'. [ 593.412006][T16403] netlink: 202 bytes leftover after parsing attributes in process `syz.5.3603'. [ 594.335758][T16420] netlink: 186 bytes leftover after parsing attributes in process `syz.4.3608'. [ 594.394788][T16420] netlink: 186 bytes leftover after parsing attributes in process `syz.4.3608'. [ 595.777838][T16444] netlink: 330 bytes leftover after parsing attributes in process `syz.5.3615'. [ 595.839317][T16444] gretap0: refused to change device tx_queue_len [ 597.901344][T16498] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 598.776217][T16513] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3638'. [ 598.829251][T16513] netlink: 354 bytes leftover after parsing attributes in process `syz.5.3638'. [ 599.648341][T16530] random: crng reseeded on system resumption [ 600.617016][T16552] netlink: 244 bytes leftover after parsing attributes in process `syz.2.3650'. [ 601.269958][T16563] zswap: compressor not available [ 603.579009][T16612] zswap: compressor not available [ 606.074774][T16664] netlink: 334 bytes leftover after parsing attributes in process `syz.4.3686'. [ 606.383150][T16679] random: crng reseeded on system resumption [ 606.442328][T16679] Restarting kernel threads ... [ 606.472375][T16679] Done restarting kernel threads. [ 606.647169][T16679] sp0: Synchronizing with TNC [ 607.786658][T16707] zswap: compressor not available [ 608.196394][T16720] netlink: 54 bytes leftover after parsing attributes in process `syz.3.3703'. [ 611.101195][T16763] netlink: 'syz.5.3719': attribute type 33 has an invalid length. [ 611.165322][T16765] netlink: 'syz.5.3719': attribute type 33 has an invalid length. [ 612.246119][T16781] netlink: 'syz.5.3722': attribute type 1 has an invalid length. [ 612.316365][T16781] netlink: 'syz.5.3722': attribute type 6 has an invalid length. [ 615.871163][T16828] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3738'. [ 615.923954][T16828] netlink: 13 bytes leftover after parsing attributes in process `syz.4.3738'. [ 618.461220][T16864] netlink: 342 bytes leftover after parsing attributes in process `syz.4.3750'. [ 621.072491][T16918] netlink: 330 bytes leftover after parsing attributes in process `syz.3.3768'. [ 622.382682][T16940] FAULT_INJECTION: forcing a failure. [ 622.382682][T16940] name failslab, interval 1, probability 0, space 0, times 0 [ 622.506535][T16940] CPU: 0 UID: 0 PID: 16940 Comm: syz.3.3773 Tainted: G U L syzkaller #0 PREEMPT(full) [ 622.506564][T16940] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 622.506570][T16940] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 622.506581][T16940] Call Trace: [ 622.506587][T16940] [ 622.506593][T16940] dump_stack_lvl+0x100/0x190 [ 622.506624][T16940] should_fail_ex.cold+0x5/0xa [ 622.506644][T16940] should_failslab+0xc2/0x120 [ 622.506662][T16940] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 622.506685][T16940] ? __kernfs_new_node+0xd2/0x960 [ 622.506712][T16940] __kernfs_new_node+0xd2/0x960 [ 622.506735][T16940] ? __pfx___kernfs_new_node+0x10/0x10 [ 622.506761][T16940] ? find_held_lock+0x2b/0x80 [ 622.506775][T16940] ? kernfs_root+0xee/0x2a0 [ 622.506794][T16940] ? kernfs_root+0xee/0x2a0 [ 622.506819][T16940] kernfs_new_node+0x11b/0x1a0 [ 622.506845][T16940] __kernfs_create_file+0x53/0x350 [ 622.506864][T16940] sysfs_add_file_mode_ns+0x207/0x3c0 [ 622.506888][T16940] internal_create_group+0x593/0xf40 [ 622.506915][T16940] ? __pfx_internal_create_group+0x10/0x10 [ 622.506939][T16940] ? kernfs_create_link+0x1bd/0x240 [ 622.506959][T16940] internal_create_groups+0x9d/0x150 [ 622.506982][T16940] device_add+0x71a/0x1950 [ 622.507000][T16940] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 622.507025][T16940] ? __pfx_device_add+0x10/0x10 [ 622.507040][T16940] ? lockdep_init_map_type+0x5c/0x250 [ 622.507060][T16940] ? __init_waitqueue_head+0xca/0x150 [ 622.507088][T16940] netdev_register_kobject+0x1a9/0x3d0 [ 622.507123][T16940] register_netdevice+0x12e0/0x2210 [ 622.507149][T16940] ? __pfx_register_netdevice+0x10/0x10 [ 622.507175][T16940] ? __pfx_loopback_net_init+0x10/0x10 [ 622.507295][T16940] register_netdev+0x34/0x50 [ 622.507315][T16940] loopback_net_init+0x7a/0x170 [ 622.507338][T16940] ? __pfx_loopback_net_init+0x10/0x10 [ 622.507359][T16940] ops_init+0x1e2/0x5f0 [ 622.507408][T16940] setup_net+0x118/0x3a0 [ 622.507428][T16940] ? __pfx_setup_net+0x10/0x10 [ 622.507446][T16940] ? lockdep_init_map_type+0x5c/0x250 [ 622.507467][T16940] ? mutex_init_lockep+0x110/0x150 [ 622.507492][T16940] copy_net_ns+0x46f/0x7c0 [ 622.507514][T16940] create_new_namespaces+0x3ea/0xac0 [ 622.507535][T16940] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 622.507553][T16940] ksys_unshare+0x473/0xad0 [ 622.507577][T16940] ? __pfx_ksys_unshare+0x10/0x10 [ 622.507603][T16940] __x64_sys_unshare+0x31/0x40 [ 622.507621][T16940] do_syscall_64+0x106/0xf80 [ 622.507641][T16940] ? clear_bhb_loop+0x40/0x90 [ 622.507660][T16940] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 622.507677][T16940] RIP: 0033:0x7fed08d9c799 [ 622.507691][T16940] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 622.507705][T16940] RSP: 002b:00007fed09c41028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 622.507721][T16940] RAX: ffffffffffffffda RBX: 00007fed09015fa0 RCX: 00007fed08d9c799 [ 622.507731][T16940] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 622.507741][T16940] RBP: 00007fed08e32c99 R08: 0000000000000000 R09: 0000000000000000 [ 622.507751][T16940] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 622.507761][T16940] R13: 00007fed09016038 R14: 00007fed09015fa0 R15: 00007ffdbd766408 [ 622.507781][T16940] [ 623.331471][T16946] netlink: 330 bytes leftover after parsing attributes in process `syz.4.3776'. [ 623.572843][T16952] netlink: 'syz.4.3777': attribute type 33 has an invalid length. [ 623.596320][T16952] netlink: 322 bytes leftover after parsing attributes in process `syz.4.3777'. [ 624.129305][T16954] zswap: compressor not available [ 624.281916][T16972] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3784'. [ 624.720888][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.727816][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 625.190864][T16984] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78000 [ 625.237933][T16984] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 625.279540][T16984] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 625.323700][T16984] page_type: f5(slab) [ 625.332225][T16984] raw: 00fff00000000040 ffff88801ce8e8c0 dead000000000100 dead000000000122 [ 625.381938][T16984] raw: 0000000000000000 0000000800190019 00000000f5000000 0000000000000000 [ 625.423788][T16984] head: 00fff00000000040 ffff88801ce8e8c0 dead000000000100 dead000000000122 [ 625.460041][T16984] head: 0000000000000000 0000000800190019 00000000f5000000 0000000000000000 [ 625.507226][T16984] head: 00fff00000000003 ffffea0001e00001 00000000ffffffff 00000000ffffffff [ 625.548313][T16984] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 625.588801][T16984] page dumped because: unmovable page [ 625.617684][T16984] page_owner tracks the page as allocated [ 625.650405][T16984] page last allocated via order 3, migratetype Reclaimable, gfp_mask 0xd20d0(__GFP_RECLAIMABLE|__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5207, tgid 5207 (udevadm), ts 32680423028, free_ts 26657226254 [ 625.751869][T16984] post_alloc_hook+0x153/0x170 [ 625.785323][T16984] get_page_from_freelist+0x111d/0x3140 [ 625.791034][T16984] __alloc_frozen_pages_noprof+0x27c/0x2ba0 [ 625.832491][T16984] new_slab+0xa6/0x6c0 [ 625.849377][T16984] refill_objects+0x26b/0x400 [ 625.871490][T16984] __pcs_replace_empty_main+0x1ab/0x600 [ 625.898171][T16984] kmem_cache_alloc_lru_noprof+0x485/0x6e0 [ 625.918974][T16984] alloc_inode+0x183/0x250 [ 625.939380][T16984] iget_locked+0x1d9/0x6d0 [ 625.962542][T16984] kernfs_get_inode+0x46/0x470 [ 625.989099][T16984] kernfs_iop_lookup+0x1a7/0x2d0 [ 626.005881][T16984] __lookup_slow+0x251/0x460 [ 626.032217][T16984] lookup_slow+0x50/0x70 [ 626.052592][T16984] path_lookupat+0x5e8/0xc40 [ 626.078292][T16984] filename_lookup+0x202/0x590 [ 626.095897][T16984] vfs_statx+0xff/0x3f0 [ 626.100106][T16984] page last free pid 1 tgid 1 stack trace: [ 626.143465][T16984] __free_frozen_pages+0x7e1/0x10d0 [ 626.148835][T16984] free_contig_range+0xde/0x1d0 [ 626.187076][T16984] destroy_args+0xa8/0x7a0 [ 626.208782][T16984] debug_vm_pgtable+0x1b66/0x34c0 [ 626.226139][T17003] netlink: 342 bytes leftover after parsing attributes in process `syz.2.3795'. [ 626.242879][T16984] do_one_initcall+0x11d/0x760 [ 626.262741][T16984] kernel_init_freeable+0x6e5/0x7a0 [ 626.268056][T16984] kernel_init+0x1f/0x1e0 [ 626.304251][T16984] ret_from_fork+0x754/0xd80 [ 626.322752][T16984] ret_from_fork_asm+0x1a/0x30 [ 626.331047][T17003] netlink: 274 bytes leftover after parsing attributes in process `syz.2.3795'. [ 626.784649][T13497] Bluetooth: hci4: unexpected event 0x09 length: 435 > 3 [ 631.274216][T17073] FAULT_INJECTION: forcing a failure. [ 631.274216][T17073] name failslab, interval 1, probability 0, space 0, times 0 [ 631.361941][T17073] CPU: 0 UID: 0 PID: 17073 Comm: syz.3.3818 Tainted: G U L syzkaller #0 PREEMPT(full) [ 631.361974][T17073] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 631.361983][T17073] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 631.361994][T17073] Call Trace: [ 631.362000][T17073] [ 631.362007][T17073] dump_stack_lvl+0x100/0x190 [ 631.362035][T17073] should_fail_ex.cold+0x5/0xa [ 631.362056][T17073] should_failslab+0xc2/0x120 [ 631.362072][T17073] kmem_cache_alloc_node_noprof+0x81/0x6f0 [ 631.362094][T17073] ? __alloc_skb+0x140/0x710 [ 631.362127][T17073] __alloc_skb+0x140/0x710 [ 631.362143][T17073] ? __alloc_skb+0x5b7/0x710 [ 631.362159][T17073] ? __pfx___alloc_skb+0x10/0x10 [ 631.362176][T17073] ? genl_rcv_msg+0x4be/0x800 [ 631.362284][T17073] netlink_ack+0x117/0xb80 [ 631.362311][T17073] netlink_rcv_skb+0x333/0x420 [ 631.362332][T17073] ? __pfx_genl_rcv_msg+0x10/0x10 [ 631.362355][T17073] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 631.362387][T17073] ? netlink_deliver_tap+0x1ae/0xcc0 [ 631.362409][T17073] genl_rcv+0x28/0x40 [ 631.362429][T17073] netlink_unicast+0x5aa/0x870 [ 631.362451][T17073] ? __pfx_netlink_unicast+0x10/0x10 [ 631.362494][T17073] netlink_sendmsg+0x8b0/0xda0 [ 631.362519][T17073] ? __pfx_netlink_sendmsg+0x10/0x10 [ 631.362544][T17073] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 631.362571][T17073] __sys_sendto+0x468/0x4b0 [ 631.362587][T17073] ? __pfx_netlink_sendmsg+0x10/0x10 [ 631.362607][T17073] ? __pfx___sys_sendto+0x10/0x10 [ 631.362629][T17073] ? count_memcg_events_mm.constprop.0+0xfa/0x2a0 [ 631.362653][T17073] ? count_memcg_events_mm.constprop.0+0xfa/0x2a0 [ 631.362691][T17073] __x64_sys_sendto+0xe0/0x1c0 [ 631.362707][T17073] ? do_syscall_64+0x95/0xf80 [ 631.362726][T17073] ? lockdep_hardirqs_on+0x78/0x100 [ 631.362743][T17073] do_syscall_64+0x106/0xf80 [ 631.362760][T17073] ? clear_bhb_loop+0x40/0x90 [ 631.362779][T17073] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 631.362795][T17073] RIP: 0033:0x7fed08d5cfce [ 631.362809][T17073] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 631.362825][T17073] RSP: 002b:00007fed09c3fe88 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 631.362841][T17073] RAX: ffffffffffffffda RBX: 00007fed09c416c0 RCX: 00007fed08d5cfce [ 631.362852][T17073] RDX: 000000000000001c RSI: 00007fed09c40000 RDI: 0000000000000006 [ 631.362861][T17073] RBP: 0000000000000000 R08: 00007fed09c3ff04 R09: 000000000000000c [ 631.362871][T17073] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006 [ 631.362886][T17073] R13: 00007fed09c3ff58 R14: 00007fed09c40000 R15: 0000000000000000 [ 631.362906][T17073] [ 632.046342][ T5143] Bluetooth: hci4: command 0x0406 tx timeout [ 632.868847][T17098] bond0: no command found in slaves file - use +ifname or -ifname [ 633.621642][T17108] netlink: 'syz.2.3825': attribute type 1 has an invalid length. [ 633.666497][T17108] netlink: 330 bytes leftover after parsing attributes in process `syz.2.3825'. [ 635.081756][T17147] netlink: 50 bytes leftover after parsing attributes in process `syz.3.3839'. [ 636.270474][T17158] zswap: compressor not available [ 637.617171][T17192] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3853'. [ 637.661114][T17192] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 637.745761][T17192] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 638.662614][T13497] Bluetooth: hci0: ISO packet for unknown connection handle 0 [ 639.168106][T17218] netlink: 'syz.5.3859': attribute type 33 has an invalid length. [ 639.251891][T17218] netlink: 322 bytes leftover after parsing attributes in process `syz.5.3859'. [ 640.291735][T17232] FAULT_INJECTION: forcing a failure. [ 640.291735][T17232] name failslab, interval 1, probability 0, space 0, times 0 [ 640.362587][T17232] CPU: 0 UID: 0 PID: 17232 Comm: syz.3.3866 Tainted: G U L syzkaller #0 PREEMPT(full) [ 640.362617][T17232] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 640.362624][T17232] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 640.362635][T17232] Call Trace: [ 640.362641][T17232] [ 640.362648][T17232] dump_stack_lvl+0x100/0x190 [ 640.362683][T17232] should_fail_ex.cold+0x5/0xa [ 640.362702][T17232] should_failslab+0xc2/0x120 [ 640.362719][T17232] __kmalloc_cache_noprof+0x7a/0x6f0 [ 640.362740][T17232] ? alloc_fs_context+0x57/0xf40 [ 640.362757][T17232] ? lockdep_hardirqs_on+0x78/0x100 [ 640.362782][T17232] alloc_fs_context+0x57/0xf40 [ 640.362803][T17232] __x64_sys_fsopen+0xed/0x220 [ 640.362823][T17232] do_syscall_64+0x106/0xf80 [ 640.362841][T17232] ? clear_bhb_loop+0x40/0x90 [ 640.362860][T17232] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 640.362876][T17232] RIP: 0033:0x7fed08d9c799 [ 640.362889][T17232] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 640.362905][T17232] RSP: 002b:00007fed09c41028 EFLAGS: 00000246 ORIG_RAX: 00000000000001ae [ 640.362921][T17232] RAX: ffffffffffffffda RBX: 00007fed09015fa0 RCX: 00007fed08d9c799 [ 640.362931][T17232] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 640.362940][T17232] RBP: 00007fed08e32c99 R08: 0000000000000000 R09: 0000000000000000 [ 640.362949][T17232] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 640.362958][T17232] R13: 00007fed09016038 R14: 00007fed09015fa0 R15: 00007ffdbd766408 [ 640.362978][T17232] [ 644.087567][T17284] input: f¬ as /devices/virtual/input/input12 [ 644.182381][T17286] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3883'. [ 646.390659][T17333] netlink: 330 bytes leftover after parsing attributes in process `syz.3.3900'. [ 647.952836][T17369] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78000 [ 648.015808][T17369] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 648.065824][T17369] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 648.135483][T17369] page_type: f5(slab) [ 648.167436][T17369] raw: 00fff00000000040 ffff88801ce8e8c0 dead000000000100 dead000000000122 [ 648.230611][T17369] raw: 0000000000000000 0000000800190019 00000000f5000000 0000000000000000 [ 648.276072][T17369] head: 00fff00000000040 ffff88801ce8e8c0 dead000000000100 dead000000000122 [ 648.342735][T17369] head: 0000000000000000 0000000800190019 00000000f5000000 0000000000000000 [ 648.386081][T17369] head: 00fff00000000003 ffffea0001e00001 00000000ffffffff 00000000ffffffff [ 648.444992][T17369] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 648.515095][T17369] page dumped because: unmovable page [ 648.557596][T17369] page_owner tracks the page as allocated [ 648.595467][T17369] page last allocated via order 3, migratetype Reclaimable, gfp_mask 0xd20d0(__GFP_RECLAIMABLE|__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5207, tgid 5207 (udevadm), ts 32680423028, free_ts 26657226254 [ 648.786175][T17369] post_alloc_hook+0x153/0x170 [ 648.809460][T17369] get_page_from_freelist+0x111d/0x3140 [ 648.861587][T17369] __alloc_frozen_pages_noprof+0x27c/0x2ba0 [ 648.906732][T17378] random: crng reseeded on system resumption [ 648.912965][T17369] new_slab+0xa6/0x6c0 [ 648.950554][T17369] refill_objects+0x26b/0x400 [ 648.987875][T17369] __pcs_replace_empty_main+0x1ab/0x600 [ 648.993488][T17369] kmem_cache_alloc_lru_noprof+0x485/0x6e0 [ 649.054340][T17369] alloc_inode+0x183/0x250 [ 649.090413][T17369] iget_locked+0x1d9/0x6d0 [ 649.114196][T17369] kernfs_get_inode+0x46/0x470 [ 649.119173][T17369] kernfs_iop_lookup+0x1a7/0x2d0 [ 649.174144][T17369] __lookup_slow+0x251/0x460 [ 649.215135][T17369] lookup_slow+0x50/0x70 [ 649.239822][T17369] path_lookupat+0x5e8/0xc40 [ 649.264531][T17369] filename_lookup+0x202/0x590 [ 649.269442][T17369] vfs_statx+0xff/0x3f0 [ 649.316712][T17369] page last free pid 1 tgid 1 stack trace: [ 649.364276][T17369] __free_frozen_pages+0x7e1/0x10d0 [ 649.387602][T17369] free_contig_range+0xde/0x1d0 [ 649.417947][T17369] destroy_args+0xa8/0x7a0 [ 649.422817][T17369] debug_vm_pgtable+0x1b66/0x34c0 [ 649.474527][T17369] do_one_initcall+0x11d/0x760 [ 649.514408][T17369] kernel_init_freeable+0x6e5/0x7a0 [ 649.539682][T17369] kernel_init+0x1f/0x1e0 [ 649.559959][T17369] ret_from_fork+0x754/0xd80 [ 649.594376][T17369] ret_from_fork_asm+0x1a/0x30 [ 649.836365][T17387] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3916'. [ 649.906921][T17387] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 649.957704][T17391] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3917'. [ 649.988170][T17387] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 650.135997][T17391] team0 (unregistering): Port device team_slave_0 removed [ 650.171072][T13497] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 650.314820][T17391] team0 (unregistering): Port device team_slave_1 removed [ 652.261235][T17445] netlink: 'syz.3.3935': attribute type 27 has an invalid length. [ 652.297921][T17445] netlink: 146 bytes leftover after parsing attributes in process `syz.3.3935'. [ 652.361196][T17447] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3936'. [ 652.700712][T17455] FAULT_INJECTION: forcing a failure. [ 652.700712][T17455] name failslab, interval 1, probability 0, space 0, times 0 [ 652.762824][T17455] CPU: 0 UID: 0 PID: 17455 Comm: syz.4.3940 Tainted: G U L syzkaller #0 PREEMPT(full) [ 652.762854][T17455] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 652.762860][T17455] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 652.762871][T17455] Call Trace: [ 652.762876][T17455] [ 652.762883][T17455] dump_stack_lvl+0x100/0x190 [ 652.762911][T17455] should_fail_ex.cold+0x5/0xa [ 652.762931][T17455] should_failslab+0xc2/0x120 [ 652.762947][T17455] __kmalloc_node_noprof+0xe6/0x850 [ 652.762969][T17455] ? blk_mq_alloc_tag_set+0x477/0x1330 [ 652.762991][T17455] ? __raw_spin_lock_init+0x3a/0x110 [ 652.763016][T17455] blk_mq_alloc_tag_set+0x477/0x1330 [ 652.763035][T17455] ? idr_alloc+0xdd/0x130 [ 652.763054][T17455] ? __pfx_idr_alloc+0x10/0x10 [ 652.763076][T17455] loop_add+0x3b7/0xb60 [ 652.763096][T17455] ? __pfx_loop_add+0x10/0x10 [ 652.763124][T17455] ? find_held_lock+0x2b/0x80 [ 652.763137][T17455] ? __fget_files+0x215/0x3d0 [ 652.763154][T17455] loop_control_ioctl+0xae/0x620 [ 652.763172][T17455] ? __pfx_loop_control_ioctl+0x10/0x10 [ 652.763199][T17455] ? __pfx_loop_control_ioctl+0x10/0x10 [ 652.763219][T17455] __x64_sys_ioctl+0x18e/0x210 [ 652.763242][T17455] do_syscall_64+0x106/0xf80 [ 652.763260][T17455] ? clear_bhb_loop+0x40/0x90 [ 652.763279][T17455] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 652.763295][T17455] RIP: 0033:0x7fd51f79c799 [ 652.763309][T17455] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 652.763324][T17455] RSP: 002b:00007fd5206a2028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 652.763339][T17455] RAX: ffffffffffffffda RBX: 00007fd51fa15fa0 RCX: 00007fd51f79c799 [ 652.763349][T17455] RDX: fffffffffffffffd RSI: 0000000000004c80 RDI: 0000000000000007 [ 652.763359][T17455] RBP: 00007fd51f832c99 R08: 0000000000000000 R09: 0000000000000000 [ 652.763368][T17455] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 652.763377][T17455] R13: 00007fd51fa16038 R14: 00007fd51fa15fa0 R15: 00007fff5097ae68 [ 652.763398][T17455] [ 653.626811][T13497] Bluetooth: hci5: Opcode 0x0c03 failed: -110 [ 655.464634][T17504] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3953'. [ 655.515420][T17504] netlink: 354 bytes leftover after parsing attributes in process `syz.4.3953'. [ 656.996839][T17521] netlink: 17 bytes leftover after parsing attributes in process `syz.3.3957'. [ 657.551666][ C0] vcan0: j1939_tp_rxtimer: 0xffff88801e7eb400: rx timeout, send abort [ 658.060608][ C0] vcan0: j1939_tp_rxtimer: 0xffff88801e7eb400: abort rx timeout. Force session deactivation [ 659.283868][T17558] netlink: 338 bytes leftover after parsing attributes in process `syz.3.3973'. [ 659.330181][T17558] team_slave_0: entered allmulticast mode [ 661.790992][T17606] [U]  [ 661.793834][T17606] [U] [ 661.796518][T17606] [U] [ 661.799195][T17606] [U] [ 661.835322][T17606] [U] [ 661.838051][T17606] [U] [ 661.840726][T17606] [U] [ 661.843415][T17606] [U] [ 661.881602][T17611] FAULT_INJECTION: forcing a failure. [ 661.881602][T17611] name failslab, interval 1, probability 0, space 0, times 0 [ 661.909175][T17606] [U] [ 661.911900][T17606] [U] [ 661.914595][T17606] [U] [ 661.917302][T17606] [U] [ 661.960927][T17606] [U] [ 661.963669][T17606] [U] [ 661.966436][T17606] [U] [ 661.969110][T17606] [U] [ 662.003538][T17606] [U] [ 662.006254][T17606] [U] [ 662.008938][T17606] [U] [ 662.011721][T17606] [U] [ 662.071468][T17611] CPU: 0 UID: 0 PID: 17611 Comm: syz.5.3990 Tainted: G U L syzkaller #0 PREEMPT(full) [ 662.071498][T17611] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 662.071505][T17611] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 662.071514][T17611] Call Trace: [ 662.071520][T17611] [ 662.071529][T17611] dump_stack_lvl+0x100/0x190 [ 662.071557][T17611] should_fail_ex.cold+0x5/0xa [ 662.071582][T17611] should_failslab+0xc2/0x120 [ 662.071601][T17611] __kmalloc_node_noprof+0xe6/0x850 [ 662.071624][T17611] ? blk_mq_alloc_tag_set+0x477/0x1330 [ 662.071646][T17611] ? __raw_spin_lock_init+0x3a/0x110 [ 662.071670][T17611] blk_mq_alloc_tag_set+0x477/0x1330 [ 662.071690][T17611] ? idr_alloc+0xdd/0x130 [ 662.071708][T17611] ? __pfx_idr_alloc+0x10/0x10 [ 662.071730][T17611] loop_add+0x3b7/0xb60 [ 662.071750][T17611] ? __pfx_loop_add+0x10/0x10 [ 662.071778][T17611] ? find_held_lock+0x2b/0x80 [ 662.071792][T17611] ? __fget_files+0x215/0x3d0 [ 662.071809][T17611] loop_control_ioctl+0xae/0x620 [ 662.071828][T17611] ? __pfx_loop_control_ioctl+0x10/0x10 [ 662.071849][T17611] ? __pfx_loop_control_ioctl+0x10/0x10 [ 662.071868][T17611] __x64_sys_ioctl+0x18e/0x210 [ 662.071890][T17611] do_syscall_64+0x106/0xf80 [ 662.071908][T17611] ? clear_bhb_loop+0x40/0x90 [ 662.071931][T17611] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 662.071947][T17611] RIP: 0033:0x7fdd6b59c799 [ 662.071961][T17611] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 662.071977][T17611] RSP: 002b:00007fdd6c49a028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 662.071992][T17611] RAX: ffffffffffffffda RBX: 00007fdd6b815fa0 RCX: 00007fdd6b59c799 [ 662.072002][T17611] RDX: fffffffffffffffd RSI: 0000000000004c80 RDI: 0000000000000007 [ 662.072012][T17611] RBP: 00007fdd6b632c99 R08: 0000000000000000 R09: 0000000000000000 [ 662.072023][T17611] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 662.072032][T17611] R13: 00007fdd6b816038 R14: 00007fdd6b815fa0 R15: 00007ffc1dc9a348 [ 662.072053][T17611] [ 662.290564][T17606] [U] [ 662.293291][T17606] [U] [ 662.295992][T17606] [U] [ 662.298669][T17606] [U] [ 662.303357][T17606] [U] [ 662.306078][T17606] [U] [ 662.308771][T17606] [U] [ 662.311554][T17606] [U] [ 662.315287][T17606] [U] [ 662.317984][T17606] [U] [ 662.320675][T17606] [U] [ 662.323353][T17606] [U] [ 662.326730][T17606] [U] [ 662.329451][T17606] [U] [ 662.332135][T17606] [U] [ 662.334827][T17606] [U] [ 662.338012][T17606] [U] [ 662.340739][T17606] [U] [ 662.343413][T17606] [U] [ 662.346163][T17606] [U] [ 662.349680][T17606] [U] [ 662.352470][T17606] [U] [ 662.355377][T17606] [U] [ 662.358074][T17606] [U] [ 662.361204][T17606] [U] [ 662.363914][T17606] [U] [ 662.366715][T17606] [U] [ 662.369401][T17606] [U] [ 662.372654][T17606] [U] [ 662.375484][T17606] [U] [ 662.378165][T17606] [U] [ 662.380861][T17606] [U] [ 662.384364][T17606] [U] [ 662.387246][T17606] [U] [ 662.389941][T17606] [U] [ 662.392886][T17606] [U] [ 662.397154][T17606] [U] [ 662.399861][T17606] [U] [ 662.402648][T17606] [U] [ 662.405344][T17606] [U] [ 662.409159][T17606] [U] [ 662.411867][T17606] [U] [ 662.414542][T17606] [U] [ 662.417217][T17606] [U] [ 662.420569][T17606] [U] [ 662.423253][T17606] [U] [ 662.425929][T17606] [U] [ 662.428691][T17606] [U] [ 662.432036][T17606] [U] [ 662.434744][T17606] [U] [ 662.437468][T17606] [U] [ 662.440143][T17606] [U] [ 662.443310][T17606] [U] [ 662.446139][T17606] [U] [ 662.448821][T17606] [U] [ 662.454123][T17606] [U] [ 662.457083][T17606] [U] [ 662.459765][T17606] [U] [ 662.462480][T17606] [U] [ 662.465244][T17606] [U] [ 662.468327][T17606] [U] [ 662.471032][T17606] [U] [ 662.473728][T17606] [U] [ 662.476405][T17606] [U] [ 662.479375][T17606] [U] [ 662.482099][T17606] [U] [ 662.484773][T17606] [U] [ 662.487451][T17606] [U] [ 662.491307][T17606] [U] [ 662.494003][T17606] [U] [ 662.496691][T17606] [U] [ 662.499365][T17606] [U] [ 662.502977][T17606] [U] [ 662.505765][T17606] [U] [ 662.508444][T17606] [U] [ 662.511122][T17606] [U] [ 662.527826][T17606] [U] [ 662.530549][T17606] [U] [ 662.533314][T17606] [U] [ 662.535989][T17606] [U] [ 662.560951][T17606] [U] [ 662.563766][T17606] [U] [ 662.566638][T17606] [U] [ 662.569448][T17606] [U] [ 662.616154][T17606] [U] [ 662.618968][T17606] [U] [ 662.621652][T17606] [U] [ 662.624333][T17606] [U] [ 662.657835][T17606] [U] [ 662.660594][T17606] [U] [ 662.663278][T17606] [U] [ 662.665957][T17606] [U] [ 662.715213][T17606] [U] [ 662.718053][T17606] [U] [ 662.720852][T17606] [U] [ 662.723547][T17606] [U] [ 662.751105][T17606] [U] [ 662.753938][T17606] [U] [ 662.756708][T17606] [U] [ 662.759402][T17606] [U] [ 662.801172][T17606] [U] [ 662.803919][T17606] [U] [ 662.806615][T17606] [U] [ 662.809295][T17606] [U] [ 662.839392][T17606] [U] [ 662.842307][T17606] [U] [ 662.845259][T17606] [U] [ 662.848176][T17606] [U] [ 662.850865][T17606] [U] [ 662.871217][T17606] [U] [ 662.874234][T17606] [U] [ 662.876990][T17606] [U] [ 662.879691][T17606] [U] [ 662.901643][T17606] [U] [ 662.904488][T17606] [U] [ 662.907173][T17606] [U] [ 662.909848][T17606] [U] [ 662.921493][T17606] [U] [ 663.026459][T17619] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3994'. [ 663.396712][T17619] team0 (unregistering): Port device team_slave_0 removed [ 663.427218][T17619] team0 (unregistering): Port device team_slave_1 removed [ 663.799289][T17630] base or size exceeds the MTRR width [ 664.065855][T17634] [U]  [ 664.068849][T17634] [U] [ 664.071885][T17634] [U] [ 664.074587][T17634] [U] [ 664.131229][T17634] [U] [ 664.133988][T17634] [U] [ 664.136684][T17634] [U] [ 664.139384][T17634] [U] [ 664.183676][T17634] [U] [ 664.186763][T17634] [U] [ 664.189452][T17634] [U] [ 664.192133][T17634] [U] [ 664.226010][T17634] [U] [ 664.228851][T17634] [U] [ 664.231583][T17634] [U] [ 664.234277][T17634] [U] [ 664.284144][T17634] [U] [ 664.286881][T17634] [U] [ 664.289568][T17634] [U] [ 664.292247][T17634] [U] [ 664.325247][T17634] [U] [ 664.328013][T17634] [U] [ 664.330737][T17634] [U] [ 664.333432][T17634] [U] [ 664.365092][T17634] [U] [ 664.367842][T17634] [U] [ 664.370544][T17634] [U] [ 664.373229][T17634] [U] [ 664.406783][T17634] [U] [ 664.409512][T17634] [U] [ 664.412297][T17634] [U] [ 664.414984][T17634] [U] [ 664.444484][T17634] [U] [ 664.447300][T17634] [U] [ 664.449984][T17634] [U] [ 664.452679][T17634] [U] [ 664.485145][T17634] [U] [ 664.487875][T17634] [U] [ 664.490551][T17634] [U] [ 664.493269][T17634] [U] [ 664.523169][T17634] [U] [ 664.526029][T17634] [U] [ 664.528848][T17634] [U] [ 664.531707][T17634] [U] [ 664.562797][T17634] [U] [ 664.565550][T17634] [U] [ 664.568260][T17634] [U] [ 664.571060][T17634] [U] [ 664.603014][T17634] [U] [ 664.605790][T17634] [U] [ 664.608497][T17634] [U] [ 664.611203][T17634] [U] [ 664.638517][T17634] [U] [ 664.641278][T17634] [U] [ 664.644051][T17634] [U] [ 664.646739][T17634] [U] [ 664.676223][T17634] [U] [ 664.678949][T17634] [U] [ 664.681677][T17634] [U] [ 664.684362][T17634] [U] [ 664.716548][T17634] [U] [ 664.719284][T17634] [U] [ 664.722229][T17634] [U] [ 664.724906][T17634] [U] [ 664.754756][T17634] [U] [ 664.757598][T17634] [U] [ 664.760280][T17634] [U] [ 664.763045][T17634] [U] [ 664.822158][T17634] [U] [ 664.825066][T17634] [U] [ 664.827751][T17634] [U] [ 664.830495][T17634] [U] [ 664.896802][T17634] [U] [ 664.899567][T17634] [U] [ 664.902446][T17634] [U] [ 664.905162][T17634] [U] [ 664.950478][T17634] [U] [ 664.953430][T17634] [U] [ 664.956309][T17634] [U] [ 664.959006][T17634] [U] [ 665.002499][T17634] [U] [ 665.005488][T17634] [U] [ 665.008171][T17634] [U] [ 665.010852][T17634] [U] [ 665.042409][T17634] [U] [ 665.641380][T17648] netlink: 318 bytes leftover after parsing attributes in process `syz.3.4002'. [ 665.856347][T17659] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4005'. [ 665.982907][T17659] team0 (unregistering): Port device team_slave_0 removed [ 666.029643][T17659] team0 (unregistering): Port device team_slave_1 removed [ 666.087340][T17661] FAULT_INJECTION: forcing a failure. [ 666.087340][T17661] name failslab, interval 1, probability 0, space 0, times 0 [ 666.135800][T17661] CPU: 0 UID: 0 PID: 17661 Comm: syz.3.4006 Tainted: G U L syzkaller #0 PREEMPT(full) [ 666.135829][T17661] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 666.135836][T17661] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 666.135845][T17661] Call Trace: [ 666.135851][T17661] [ 666.135858][T17661] dump_stack_lvl+0x100/0x190 [ 666.135888][T17661] should_fail_ex.cold+0x5/0xa [ 666.135907][T17661] should_failslab+0xc2/0x120 [ 666.135923][T17661] __kmalloc_node_track_caller_noprof+0xe3/0x850 [ 666.135947][T17661] ? sysctl_core_net_init+0x42/0x290 [ 666.136044][T17661] kmemdup_noprof+0x29/0x60 [ 666.136068][T17661] sysctl_core_net_init+0x42/0x290 [ 666.136099][T17661] ? __pfx_sysctl_core_net_init+0x10/0x10 [ 666.136124][T17661] ops_init+0x1e2/0x5f0 [ 666.136146][T17661] setup_net+0x118/0x3a0 [ 666.136166][T17661] ? __pfx_setup_net+0x10/0x10 [ 666.136183][T17661] ? lockdep_init_map_type+0x5c/0x250 [ 666.136204][T17661] ? mutex_init_lockep+0x110/0x150 [ 666.136226][T17661] copy_net_ns+0x46f/0x7c0 [ 666.136249][T17661] create_new_namespaces+0x3ea/0xac0 [ 666.136270][T17661] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 666.136288][T17661] ksys_unshare+0x473/0xad0 [ 666.136308][T17661] ? __pfx_ksys_unshare+0x10/0x10 [ 666.136333][T17661] __x64_sys_unshare+0x31/0x40 [ 666.136351][T17661] do_syscall_64+0x106/0xf80 [ 666.136370][T17661] ? clear_bhb_loop+0x40/0x90 [ 666.136388][T17661] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 666.136404][T17661] RIP: 0033:0x7fed08d9c799 [ 666.136418][T17661] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 666.136433][T17661] RSP: 002b:00007fed09c41028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 666.136449][T17661] RAX: ffffffffffffffda RBX: 00007fed09015fa0 RCX: 00007fed08d9c799 [ 666.136460][T17661] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 666.136469][T17661] RBP: 00007fed08e32c99 R08: 0000000000000000 R09: 0000000000000000 [ 666.136478][T17661] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 666.136487][T17661] R13: 00007fed09016038 R14: 00007fed09015fa0 R15: 00007ffdbd766408 [ 666.136508][T17661] [ 670.454486][T17688] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 673.354657][T17761] FAULT_INJECTION: forcing a failure. [ 673.354657][T17761] name failslab, interval 1, probability 0, space 0, times 0 [ 673.437233][T17761] CPU: 0 UID: 0 PID: 17761 Comm: syz.4.4039 Tainted: G U L syzkaller #0 PREEMPT(full) [ 673.437264][T17761] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 673.437270][T17761] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 673.437280][T17761] Call Trace: [ 673.437286][T17761] [ 673.437293][T17761] dump_stack_lvl+0x100/0x190 [ 673.437321][T17761] should_fail_ex.cold+0x5/0xa [ 673.437348][T17761] should_failslab+0xc2/0x120 [ 673.437366][T17761] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 673.437389][T17761] ? alloc_empty_file+0x55/0x1c0 [ 673.437412][T17761] alloc_empty_file+0x55/0x1c0 [ 673.437451][T17761] alloc_file_pseudo+0x13a/0x230 [ 673.437476][T17761] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 673.437501][T17761] dma_buf_export+0x326/0xcb0 [ 673.437624][T17761] ? sg_alloc_table+0x4c/0x1c0 [ 673.437676][T17761] system_heap_allocate+0xb5e/0x1170 [ 673.437727][T17761] ? __pfx_system_heap_allocate+0x10/0x10 [ 673.437756][T17761] ? rep_movs_alternative+0x4a/0x90 [ 673.437783][T17761] dma_heap_ioctl+0x37f/0x5e0 [ 673.437804][T17761] ? __pfx_dma_heap_ioctl+0x10/0x10 [ 673.437822][T17761] ? find_held_lock+0x2b/0x80 [ 673.437846][T17761] ? __pfx_dma_heap_ioctl+0x10/0x10 [ 673.437866][T17761] __x64_sys_ioctl+0x18e/0x210 [ 673.437888][T17761] do_syscall_64+0x106/0xf80 [ 673.437905][T17761] ? clear_bhb_loop+0x40/0x90 [ 673.437924][T17761] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 673.437939][T17761] RIP: 0033:0x7fd51f79c799 [ 673.437955][T17761] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 673.437970][T17761] RSP: 002b:00007fd5206a2028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 673.437986][T17761] RAX: ffffffffffffffda RBX: 00007fd51fa15fa0 RCX: 00007fd51f79c799 [ 673.437997][T17761] RDX: 0000200000000140 RSI: ffffffffffdffe00 RDI: 0000000000000006 [ 673.438007][T17761] RBP: 00007fd51f832c99 R08: 0000000000000000 R09: 0000000000000000 [ 673.438017][T17761] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 673.438027][T17761] R13: 00007fd51fa16038 R14: 00007fd51fa15fa0 R15: 00007fff5097ae68 [ 673.438047][T17761] [ 674.925705][T17782] FAULT_INJECTION: forcing a failure. [ 674.925705][T17782] name failslab, interval 1, probability 0, space 0, times 0 [ 674.992108][T17782] CPU: 0 UID: 0 PID: 17782 Comm: syz.4.4047 Tainted: G U L syzkaller #0 PREEMPT(full) [ 674.992140][T17782] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 674.992146][T17782] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 674.992156][T17782] Call Trace: [ 674.992162][T17782] [ 674.992168][T17782] dump_stack_lvl+0x100/0x190 [ 674.992197][T17782] should_fail_ex.cold+0x5/0xa [ 674.992217][T17782] should_failslab+0xc2/0x120 [ 674.992233][T17782] __kmalloc_cache_noprof+0x7a/0x6f0 [ 674.992253][T17782] ? single_open+0x4d/0x1d0 [ 674.992274][T17782] ? __pfx_show_smaps_rollup+0x10/0x10 [ 674.992294][T17782] single_open+0x4d/0x1d0 [ 674.992314][T17782] smaps_rollup_open+0x6f/0x170 [ 674.992333][T17782] do_dentry_open+0x6d8/0x1660 [ 674.992348][T17782] ? __pfx_smaps_rollup_open+0x10/0x10 [ 674.992371][T17782] vfs_open+0x82/0x3f0 [ 674.992391][T17782] path_openat+0x208c/0x31a0 [ 674.992414][T17782] ? __pfx_path_openat+0x10/0x10 [ 674.992436][T17782] do_file_open+0x20e/0x430 [ 674.992453][T17782] ? __pfx_do_file_open+0x10/0x10 [ 674.992490][T17782] ? __pfx_kfree_link+0x10/0x10 [ 674.992517][T17782] ? alloc_fd+0x476/0x790 [ 674.992534][T17782] ? do_getname+0x191/0x390 [ 674.992558][T17782] do_sys_openat2+0x10d/0x1e0 [ 674.992578][T17782] ? __pfx_do_sys_openat2+0x10/0x10 [ 674.992598][T17782] ? __fget_files+0x21f/0x3d0 [ 674.992616][T17782] __x64_sys_openat+0x12d/0x210 [ 674.992637][T17782] ? __pfx___x64_sys_openat+0x10/0x10 [ 674.992663][T17782] do_syscall_64+0x106/0xf80 [ 674.992682][T17782] ? clear_bhb_loop+0x40/0x90 [ 674.992701][T17782] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 674.992717][T17782] RIP: 0033:0x7fd51f79c799 [ 674.992731][T17782] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 674.992746][T17782] RSP: 002b:00007fd5206a2028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 674.992761][T17782] RAX: ffffffffffffffda RBX: 00007fd51fa15fa0 RCX: 00007fd51f79c799 [ 674.992771][T17782] RDX: 0000000000000840 RSI: 0000200000000180 RDI: ffffffffffffff9c [ 674.992781][T17782] RBP: 00007fd51f832c99 R08: 0000000000000000 R09: 0000000000000000 [ 674.992791][T17782] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 674.992800][T17782] R13: 00007fd51fa16038 R14: 00007fd51fa15fa0 R15: 00007fff5097ae68 [ 674.992820][T17782] [ 675.783971][T17783] netlink: 252 bytes leftover after parsing attributes in process `syz.5.4040'. [ 675.861496][T17788] netlink: 252 bytes leftover after parsing attributes in process `syz.5.4040'. [ 676.454998][T17798] FAULT_INJECTION: forcing a failure. [ 676.454998][T17798] name failslab, interval 1, probability 0, space 0, times 0 [ 676.560485][T17798] CPU: 0 UID: 0 PID: 17798 Comm: syz.5.4052 Tainted: G U L syzkaller #0 PREEMPT(full) [ 676.560515][T17798] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 676.560521][T17798] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 676.560531][T17798] Call Trace: [ 676.560537][T17798] [ 676.560544][T17798] dump_stack_lvl+0x100/0x190 [ 676.560572][T17798] should_fail_ex.cold+0x5/0xa [ 676.560591][T17798] should_failslab+0xc2/0x120 [ 676.560607][T17798] __kmalloc_cache_noprof+0x7a/0x6f0 [ 676.560629][T17798] ? landlock_init_hierarchy_log+0xa9/0x820 [ 676.560652][T17798] landlock_init_hierarchy_log+0xa9/0x820 [ 676.560669][T17798] ? inherit_tree+0x197/0x2d0 [ 676.560695][T17798] landlock_merge_ruleset+0x67b/0x830 [ 676.560722][T17798] __do_sys_landlock_restrict_self+0x2a6/0x9e0 [ 676.560747][T17798] do_syscall_64+0x106/0xf80 [ 676.560773][T17798] ? clear_bhb_loop+0x40/0x90 [ 676.560793][T17798] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 676.560809][T17798] RIP: 0033:0x7fdd6b59c799 [ 676.560824][T17798] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 676.560840][T17798] RSP: 002b:00007fdd6c49a028 EFLAGS: 00000246 ORIG_RAX: 00000000000001be [ 676.560855][T17798] RAX: ffffffffffffffda RBX: 00007fdd6b815fa0 RCX: 00007fdd6b59c799 [ 676.560866][T17798] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000005 [ 676.560875][T17798] RBP: 00007fdd6b632c99 R08: 0000000000000000 R09: 0000000000000000 [ 676.560910][T17798] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 676.560919][T17798] R13: 00007fdd6b816038 R14: 00007fdd6b815fa0 R15: 00007ffc1dc9a348 [ 676.560958][T17798] [ 678.159544][T17817] netlink: 330 bytes leftover after parsing attributes in process `syz.4.4057'. [ 678.589383][T17828] netlink: 62 bytes leftover after parsing attributes in process `syz.4.4063'. [ 679.010251][T17836] netlink: 334 bytes leftover after parsing attributes in process `syz.2.4065'. [ 679.066538][T17837] FAULT_INJECTION: forcing a failure. [ 679.066538][T17837] name fail_futex, interval 1, probability 0, space 0, times 0 [ 679.251736][T17837] CPU: 0 UID: 0 PID: 17837 Comm: syz.3.4066 Tainted: G U L syzkaller #0 PREEMPT(full) [ 679.251766][T17837] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 679.251773][T17837] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 679.251782][T17837] Call Trace: [ 679.251788][T17837] [ 679.251796][T17837] dump_stack_lvl+0x100/0x190 [ 679.251825][T17837] should_fail_ex.cold+0x5/0xa [ 679.251844][T17837] get_futex_key+0x1d2/0x1620 [ 679.251866][T17837] ? __pfx_get_futex_key+0x10/0x10 [ 679.251890][T17837] futex_wake+0xea/0x530 [ 679.251913][T17837] ? __pfx_futex_wake+0x10/0x10 [ 679.251938][T17837] ? putname+0xb1/0x110 [ 679.251953][T17837] ? kmem_cache_free+0x124/0x6a0 [ 679.251976][T17837] do_futex+0x32b/0x350 [ 679.251996][T17837] ? __pfx_do_futex+0x10/0x10 [ 679.252013][T17837] ? __pfx_do_sys_openat2+0x10/0x10 [ 679.252034][T17837] ? __fget_files+0x21f/0x3d0 [ 679.252051][T17837] __x64_sys_futex+0x34f/0x4d0 [ 679.252071][T17837] ? __x64_sys_openat+0x12d/0x210 [ 679.252090][T17837] ? __pfx___x64_sys_futex+0x10/0x10 [ 679.252116][T17837] do_syscall_64+0x106/0xf80 [ 679.252135][T17837] ? clear_bhb_loop+0x40/0x90 [ 679.252154][T17837] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 679.252171][T17837] RIP: 0033:0x7fed08d9c799 [ 679.252194][T17837] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 679.252210][T17837] RSP: 002b:00007fed09c410e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 679.252226][T17837] RAX: ffffffffffffffda RBX: 00007fed09015fa8 RCX: 00007fed08d9c799 [ 679.252237][T17837] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fed09015fac [ 679.252248][T17837] RBP: 00007fed09015fa0 R08: 0000000000000000 R09: 0000000000000000 [ 679.252258][T17837] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000000 [ 679.252267][T17837] R13: 00007fed09016038 R14: 00007ffdbd766320 R15: 00007ffdbd766408 [ 679.252288][T17837] [ 679.929317][T17844] netlink: 504 bytes leftover after parsing attributes in process `syz.3.4069'. [ 680.190162][T17849] netlink: 338 bytes leftover after parsing attributes in process `syz.5.4070'. [ 680.569177][T17858] netlink: 62 bytes leftover after parsing attributes in process `syz.5.4073'. [ 681.722167][T17873] netlink: 54 bytes leftover after parsing attributes in process `syz.3.4078'. [ 682.970532][T13497] Bluetooth: hci1: unexpected subevent 0x01 length: 3 < 18 [ 683.436109][T17899] netlink: 'syz.5.4096': attribute type 28 has an invalid length. [ 683.461906][T17899] netlink: 'syz.5.4096': attribute type 3 has an invalid length. [ 683.490168][T17899] netlink: 306 bytes leftover after parsing attributes in process `syz.5.4096'. [ 685.254130][T17924] netlink: 342 bytes leftover after parsing attributes in process `syz.3.4095'. [ 685.986463][T17933] FAULT_INJECTION: forcing a failure. [ 685.986463][T17933] name failslab, interval 1, probability 0, space 0, times 0 [ 686.030402][T17933] CPU: 0 UID: 0 PID: 17933 Comm: syz.5.4099 Tainted: G U L syzkaller #0 PREEMPT(full) [ 686.030432][T17933] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 686.030438][T17933] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 686.030448][T17933] Call Trace: [ 686.030454][T17933] [ 686.030462][T17933] dump_stack_lvl+0x100/0x190 [ 686.030489][T17933] should_fail_ex.cold+0x5/0xa [ 686.030509][T17933] ? memcg_list_lru_alloc+0x4ec/0x740 [ 686.030532][T17933] should_failslab+0xc2/0x120 [ 686.030548][T17933] __kmalloc_noprof+0xe0/0x850 [ 686.030570][T17933] ? __x64_sys_ioctl+0x18e/0x210 [ 686.030593][T17933] memcg_list_lru_alloc+0x4ec/0x740 [ 686.030620][T17933] ? __pfx_memcg_list_lru_alloc+0x10/0x10 [ 686.030641][T17933] ? rcu_read_unlock+0x17/0x60 [ 686.030667][T17933] ? get_mem_cgroup_from_objcg+0xd3/0x330 [ 686.030690][T17933] __memcg_slab_post_alloc_hook+0x130/0x990 [ 686.030712][T17933] ? kasan_save_track+0x14/0x30 [ 686.030742][T17933] kmem_cache_alloc_lru_noprof+0x592/0x6e0 [ 686.030765][T17933] ? __d_alloc+0x34/0xa80 [ 686.030785][T17933] __d_alloc+0x34/0xa80 [ 686.030800][T17933] ? inode_set_ctime_current+0x283/0x8a0 [ 686.030820][T17933] d_alloc_pseudo+0x1c/0xc0 [ 686.030842][T17933] alloc_file_pseudo+0xcf/0x230 [ 686.030862][T17933] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 686.030886][T17933] dma_buf_export+0x326/0xcb0 [ 686.030907][T17933] ? sg_alloc_table+0x4c/0x1c0 [ 686.030930][T17933] system_heap_allocate+0xb5e/0x1170 [ 686.030957][T17933] ? __pfx_system_heap_allocate+0x10/0x10 [ 686.030986][T17933] ? rep_movs_alternative+0x4a/0x90 [ 686.031012][T17933] dma_heap_ioctl+0x37f/0x5e0 [ 686.031033][T17933] ? __pfx_dma_heap_ioctl+0x10/0x10 [ 686.031051][T17933] ? find_held_lock+0x2b/0x80 [ 686.031075][T17933] ? __pfx_dma_heap_ioctl+0x10/0x10 [ 686.031095][T17933] __x64_sys_ioctl+0x18e/0x210 [ 686.031117][T17933] do_syscall_64+0x106/0xf80 [ 686.031134][T17933] ? clear_bhb_loop+0x40/0x90 [ 686.031153][T17933] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 686.031169][T17933] RIP: 0033:0x7fdd6b59c799 [ 686.031183][T17933] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 686.031198][T17933] RSP: 002b:00007fdd6c49a028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 686.031214][T17933] RAX: ffffffffffffffda RBX: 00007fdd6b815fa0 RCX: 00007fdd6b59c799 [ 686.031225][T17933] RDX: 0000200000000140 RSI: ffffffffffdffe00 RDI: 0000000000000006 [ 686.031235][T17933] RBP: 00007fdd6b632c99 R08: 0000000000000000 R09: 0000000000000000 [ 686.031244][T17933] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 686.031253][T17933] R13: 00007fdd6b816038 R14: 00007fdd6b815fa0 R15: 00007ffc1dc9a348 [ 686.031274][T17933] [ 686.380491][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 686.389594][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 686.424721][T17940] netlink: 'syz.3.4102': attribute type 10 has an invalid length. [ 686.432844][T17940] netlink: 230 bytes leftover after parsing attributes in process `syz.3.4102'. [ 686.810611][T17944] bond0: option all_slaves_active: invalid value () [ 687.995541][T17988] netlink: 'syz.2.4119': attribute type 28 has an invalid length. [ 688.013786][T17988] netlink: 'syz.2.4119': attribute type 3 has an invalid length. [ 688.034674][T17988] netlink: 306 bytes leftover after parsing attributes in process `syz.2.4119'. [ 689.269365][T18013] Dead loop on virtual device ip6_vti0, fix it urgently! [ 689.290554][T18013] Dead loop on virtual device ip6_vti0, fix it urgently! [ 689.307653][T18013] Dead loop on virtual device ip6_vti0, fix it urgently! [ 696.292813][ T5835] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 696.304694][ T5835] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 696.314942][ T5835] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 696.323501][ T5835] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 696.331949][ T5835] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 696.642245][T18052] chnl_net:caif_netlink_parms(): no params data found [ 696.716354][T18052] bridge0: port 1(bridge_slave_0) entered blocking state [ 696.725740][T18052] bridge0: port 1(bridge_slave_0) entered disabled state [ 696.734634][T18052] bridge_slave_0: entered allmulticast mode [ 696.742404][T18052] bridge_slave_0: entered promiscuous mode [ 696.752486][T18052] bridge0: port 2(bridge_slave_1) entered blocking state [ 696.760399][T18052] bridge0: port 2(bridge_slave_1) entered disabled state [ 696.768858][T18052] bridge_slave_1: entered allmulticast mode [ 696.776440][T18052] bridge_slave_1: entered promiscuous mode [ 696.808828][T18052] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 696.823697][T18052] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 696.855657][T18052] team0: Port device team_slave_0 added [ 696.878426][T18052] team0: Port device team_slave_1 added [ 696.953430][T18052] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 696.997204][T18052] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 697.099671][T18052] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 697.136181][T18063] netlink: 'syz.5.4151': attribute type 10 has an invalid length. [ 697.156722][T18063] netlink: 'syz.5.4151': attribute type 13 has an invalid length. [ 697.186283][T18052] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 697.195304][T13497] Bluetooth: hci0: unexpected subevent 0x01 length: 3 < 18 [ 697.242487][T18052] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 697.318526][T13497] Bluetooth: hci1: Malformed LE Event: 0x1b [ 697.385175][T18052] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 697.463758][T18078] [U] ^@ [ 697.597652][T18052] hsr_slave_0: entered promiscuous mode [ 697.620012][T18052] hsr_slave_1: entered promiscuous mode [ 697.644180][T18052] debugfs: 'hsr0' already exists in 'hsr' [ 697.665195][T18052] Cannot create hsr debugfs directory [ 697.944645][T18081] zswap: compressor not available [ 698.429971][T13497] Bluetooth: hci5: command tx timeout [ 698.807661][T18052] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 698.847340][T18052] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 698.937598][T18052] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 698.964868][T18052] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 699.393593][T18052] 8021q: adding VLAN 0 to HW filter on device bond0 [ 699.472593][T18117] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4160'. [ 699.491016][T18052] 8021q: adding VLAN 0 to HW filter on device team0 [ 699.536197][T18117] netlink: 25 bytes leftover after parsing attributes in process `syz.5.4160'. [ 699.568807][T17513] bridge0: port 1(bridge_slave_0) entered blocking state [ 699.576023][T17513] bridge0: port 1(bridge_slave_0) entered forwarding state [ 699.628985][T13497] Bluetooth: hci1: unexpected subevent 0x18 length: 123 > 19 [ 699.638486][T13497] Bluetooth: hci1: Unable to find connection for dst f9:56:cc:cc:70:a9 sid 0x00 [ 699.684301][T17513] bridge0: port 2(bridge_slave_1) entered blocking state [ 699.691837][T17513] bridge0: port 2(bridge_slave_1) entered forwarding state [ 699.827188][T18052] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 700.001352][T18131] netlink: 326 bytes leftover after parsing attributes in process `syz.2.4166'. [ 700.358512][T18052] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 700.511857][T13497] Bluetooth: hci5: command tx timeout [ 700.646144][T18052] veth0_vlan: entered promiscuous mode [ 700.660739][T18052] veth1_vlan: entered promiscuous mode [ 700.692520][T18052] veth0_macvtap: entered promiscuous mode [ 700.709331][T18052] veth1_macvtap: entered promiscuous mode [ 700.824108][T18052] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 700.888094][T18052] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 700.939863][ T128] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 700.967204][ T128] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 701.019227][ T128] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 701.075196][ T128] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 701.238307][T18159] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4171'. [ 701.258675][T18161] netlink: 326 bytes leftover after parsing attributes in process `syz.5.4172'. [ 701.286613][T18159] netlink: 25 bytes leftover after parsing attributes in process `syz.2.4171'. [ 701.321939][T18161] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 701.329913][T18161] IPv6: NLM_F_CREATE should be set when creating new route [ 701.337320][T18161] IPv6: NLM_F_CREATE should be set when creating new route [ 701.388379][ T1163] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 701.427528][ T1163] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 701.540193][T17514] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 701.586082][T17514] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 701.648025][T18166] FAULT_INJECTION: forcing a failure. [ 701.648025][T18166] name failslab, interval 1, probability 0, space 0, times 0 [ 701.739705][T18166] CPU: 0 UID: 0 PID: 18166 Comm: syz.5.4173 Tainted: G U L syzkaller #0 PREEMPT(full) [ 701.739742][T18166] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 701.739748][T18166] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 701.739757][T18166] Call Trace: [ 701.739763][T18166] [ 701.739770][T18166] dump_stack_lvl+0x100/0x190 [ 701.739798][T18166] should_fail_ex.cold+0x5/0xa [ 701.739817][T18166] ? lsm_blob_alloc+0x68/0x90 [ 701.739835][T18166] should_failslab+0xc2/0x120 [ 701.739851][T18166] __kmalloc_noprof+0xe0/0x850 [ 701.739873][T18166] ? trace_kmem_cache_alloc+0xf3/0x120 [ 701.739893][T18166] lsm_blob_alloc+0x68/0x90 [ 701.739911][T18166] security_prepare_creds+0x2d/0x290 [ 701.739930][T18166] prepare_creds+0x5d6/0x950 [ 701.739955][T18166] lookup_user_key+0xfb2/0x1300 [ 701.739982][T18166] ? __pfx_lookup_user_key+0x10/0x10 [ 701.740008][T18166] ? do_raw_spin_lock+0x128/0x260 [ 701.740031][T18166] ? __pfx_lookup_user_key_possessed+0x10/0x10 [ 701.740058][T18166] ? _raw_spin_unlock_irq+0x2e/0x50 [ 701.740075][T18166] ? do_sigaltstack.constprop.0+0x4c0/0x670 [ 701.740100][T18166] keyctl_restrict_keyring+0x99/0x250 [ 701.740122][T18166] ? __pfx_keyctl_restrict_keyring+0x10/0x10 [ 701.740151][T18166] __do_sys_keyctl+0x2e8/0x5a0 [ 701.740173][T18166] do_syscall_64+0x106/0xf80 [ 701.740191][T18166] ? clear_bhb_loop+0x40/0x90 [ 701.740211][T18166] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 701.740235][T18166] RIP: 0033:0x7fdd6b59c799 [ 701.740258][T18166] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 701.740274][T18166] RSP: 002b:00007fdd6c49a028 EFLAGS: 00000246 ORIG_RAX: 00000000000000fa [ 701.740290][T18166] RAX: ffffffffffffffda RBX: 00007fdd6b815fa0 RCX: 00007fdd6b59c799 [ 701.740302][T18166] RDX: 0000000000000002 RSI: fffffffffffffffd RDI: 000000000000001d [ 701.740315][T18166] RBP: 00007fdd6b632c99 R08: fffffffffffffffd R09: 0000000000000000 [ 701.740324][T18166] R10: 0000000000000628 R11: 0000000000000246 R12: 0000000000000000 [ 701.740333][T18166] R13: 00007fdd6b816038 R14: 00007fdd6b815fa0 R15: 00007ffc1dc9a348 [ 701.740353][T18166] [ 702.347757][T18174] netlink: 'syz.2.4177': attribute type 15 has an invalid length. [ 702.367259][T18174] netlink: 'syz.2.4177': attribute type 16 has an invalid length. [ 702.397880][T18174] netlink: 194 bytes leftover after parsing attributes in process `syz.2.4177'. [ 702.641936][T13497] Bluetooth: hci5: command tx timeout [ 703.496267][T18202] binder: 18201:18202 ioctl c0306201 0 returned -14 [ 704.673211][T13497] Bluetooth: hci5: command tx timeout [ 704.807510][T18224] vcan0: tx drop: invalid sa for name 0x00000000000000fd [ 705.731078][T18244] zswap: compressor not available [ 706.213180][T18258] netlink: 330 bytes leftover after parsing attributes in process `syz.5.4202'. [ 706.419520][T18261] netlink: 13 bytes leftover after parsing attributes in process `syz.5.4204'. [ 706.475863][T18263] binder: 18262:18263 ioctl c0306201 0 returned -14 [ 708.768547][T18284] netlink: 252 bytes leftover after parsing attributes in process `syz.3.4210'. [ 708.824250][T18287] netlink: 252 bytes leftover after parsing attributes in process `syz.3.4210'. [ 709.270206][T18302] netlink: 246 bytes leftover after parsing attributes in process `syz.5.4216'. [ 709.355415][T18299] netlink: 4 bytes leftover after parsing attributes in process `syz.6.4215'. [ 709.431476][T18305] netlink: 25 bytes leftover after parsing attributes in process `syz.6.4215'. [ 710.668761][T18325] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4224'. [ 710.907204][T18331] netlink: 504 bytes leftover after parsing attributes in process `syz.2.4226'. [ 711.267989][T18336] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4228'. [ 711.315761][T18336] netlink: 25 bytes leftover after parsing attributes in process `syz.5.4228'. [ 712.261286][T18352] sp0: Synchronizing with TNC [ 714.587912][T18383] zswap: compressor not available [ 715.376670][T18400] netlink: 504 bytes leftover after parsing attributes in process `syz.6.4247'. [ 720.120758][T18464] netlink: 28 bytes leftover after parsing attributes in process `syz.6.4264'. [ 720.723959][T18463] bond0: option all_slaves_active: invalid value () [ 721.593142][T18479] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78000 [ 721.693947][T18479] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 721.795208][T18477] kmem.tcp.limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 721.844100][T18479] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 721.946750][T18479] page_type: f5(slab) [ 722.070749][T18479] raw: 00fff00000000040 ffff88801ce8e8c0 dead000000000100 dead000000000122 [ 722.249348][T18479] raw: 0000000000000000 0000000800190019 00000000f5000000 0000000000000000 [ 722.346870][T18479] head: 00fff00000000040 ffff88801ce8e8c0 dead000000000100 dead000000000122 [ 722.489548][T18479] head: 0000000000000000 0000000800190019 00000000f5000000 0000000000000000 [ 722.592356][T18479] head: 00fff00000000003 ffffea0001e00001 00000000ffffffff 00000000ffffffff [ 722.740968][T18479] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 722.892108][T18479] page dumped because: unmovable page [ 722.975278][T18479] page_owner tracks the page as allocated [ 723.077020][T18479] page last allocated via order 3, migratetype Reclaimable, gfp_mask 0xd20d0(__GFP_RECLAIMABLE|__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5207, tgid 5207 (udevadm), ts 32680423028, free_ts 26657226254 [ 723.368496][T18479] post_alloc_hook+0x153/0x170 [ 723.484139][T18479] get_page_from_freelist+0x111d/0x3140 [ 723.540091][T18479] __alloc_frozen_pages_noprof+0x27c/0x2ba0 [ 723.611341][T18479] new_slab+0xa6/0x6c0 [ 723.677103][T18479] refill_objects+0x26b/0x400 [ 723.734336][T18479] __pcs_replace_empty_main+0x1ab/0x600 [ 723.823756][T18479] kmem_cache_alloc_lru_noprof+0x485/0x6e0 [ 723.903844][T18479] alloc_inode+0x183/0x250 [ 723.982108][T18479] iget_locked+0x1d9/0x6d0 [ 723.986702][T18479] kernfs_get_inode+0x46/0x470 [ 724.114452][T18479] kernfs_iop_lookup+0x1a7/0x2d0 [ 724.119545][T18479] __lookup_slow+0x251/0x460 [ 724.246005][T18479] lookup_slow+0x50/0x70 [ 724.581993][T18479] path_lookupat+0x5e8/0xc40 [ 724.654487][T18479] filename_lookup+0x202/0x590 [ 724.731340][T18479] vfs_statx+0xff/0x3f0 [ 724.798170][T18479] page last free pid 1 tgid 1 stack trace: [ 724.897738][T18479] __free_frozen_pages+0x7e1/0x10d0 [ 724.972090][T18479] free_contig_range+0xde/0x1d0 [ 725.043158][T18479] destroy_args+0xa8/0x7a0 [ 725.121377][T18479] debug_vm_pgtable+0x1b66/0x34c0 [ 725.256125][T18479] do_one_initcall+0x11d/0x760 [ 725.322340][T18479] kernel_init_freeable+0x6e5/0x7a0 [ 725.402507][T18479] kernel_init+0x1f/0x1e0 [ 725.407198][T18479] ret_from_fork+0x754/0xd80 [ 725.412114][T18479] ret_from_fork_asm+0x1a/0x30 [ 726.093857][T18512] netlink: 146 bytes leftover after parsing attributes in process `syz.3.4281'. [ 727.153694][T18524] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4287'. [ 727.270873][T18524] netlink: 'syz.5.4287': attribute type 1 has an invalid length. [ 727.352544][T18524] netlink: 13 bytes leftover after parsing attributes in process `syz.5.4287'. [ 728.672921][T18544] zswap: compressor not available [ 729.343763][T18564] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4301'. [ 732.338793][T18616] zswap: compressor not available [ 733.193343][T18632] netlink: 'syz.2.4321': attribute type 10 has an invalid length. [ 733.254417][T18632] netlink: 230 bytes leftover after parsing attributes in process `syz.2.4321'. [ 733.447509][T18632] A link change request failed with some changes committed already. Interface erspan0 may have been left with an inconsistent configuration, please check. [ 737.559657][T18694] netlink: 354 bytes leftover after parsing attributes in process `syz.2.4341'. [ 737.758132][T18697] sysfs_service_op_store: Client not running :-5: [ 739.919694][T18723] Invalid ELF header magic: != ELF [ 743.387781][T18782] netlink: 'syz.2.4373': attribute type 19 has an invalid length. [ 743.431409][T18782] netlink: 226 bytes leftover after parsing attributes in process `syz.2.4373'. [ 744.314560][T18796] netlink: 12 bytes leftover after parsing attributes in process `syz.6.4378'. [ 744.409901][T18800] netlink: 8 bytes leftover after parsing attributes in process `syz.6.4378'. [ 746.583741][T18838] netlink: 186 bytes leftover after parsing attributes in process `syz.6.4393'. [ 747.105105][T18852] netlink: 342 bytes leftover after parsing attributes in process `syz.2.4399'. [ 747.565834][T18854] dmxdev: DVB (dvb_dmxdev_filter_start): could not set feed [ 747.602956][T18854] dvb_demux: dvb_demux_feed_del: feed not in list (type=1 state=0 pid=ffff) [ 747.662144][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 747.669078][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 747.695271][T18867] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4404'. [ 748.788382][T18893] vivid-007: ================= START STATUS ================= [ 748.815194][T18893] vivid-007: Generate PTS: true [ 748.833364][T18893] vivid-007: Generate SCR: true [ 748.850401][T18893] tpg source WxH: 320x240 (Y'CbCr) [ 748.904161][T18893] tpg field: 1 [ 748.925039][T18893] tpg crop: (0,0)/320x240 [ 748.953350][T18893] tpg compose: (0,0)/320x240 [ 748.976242][T18893] tpg colorspace: 8 [ 748.999284][T18893] tpg transfer function: 0/0 [ 749.026613][T18893] tpg Y'CbCr encoding: 0/0 [ 749.051201][T18893] tpg quantization: 0/0 [ 749.072761][T18893] tpg RGB range: 0/2 [ 749.091749][T18893] vivid-007: ================== END STATUS ================== [ 752.860882][T18952] netlink: 330 bytes leftover after parsing attributes in process `syz.3.4427'. [ 762.680771][T19047] netlink: 186 bytes leftover after parsing attributes in process `syz.3.4455'. [ 762.915684][ T5835] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 762.926209][ T5835] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 762.940338][ T5835] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 762.962225][ T5835] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 762.970941][ T5835] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 763.358921][T19054] chnl_net:caif_netlink_parms(): no params data found [ 763.503237][T19054] bridge0: port 1(bridge_slave_0) entered blocking state [ 763.511237][T19054] bridge0: port 1(bridge_slave_0) entered disabled state [ 763.521576][T19054] bridge_slave_0: entered allmulticast mode [ 763.529086][T19054] bridge_slave_0: entered promiscuous mode [ 763.537797][T19054] bridge0: port 2(bridge_slave_1) entered blocking state [ 763.545878][T19054] bridge0: port 2(bridge_slave_1) entered disabled state [ 763.553934][T19054] bridge_slave_1: entered allmulticast mode [ 763.562423][T19054] bridge_slave_1: entered promiscuous mode [ 763.603554][T19054] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 763.615816][T19054] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 763.648943][T19054] team0: Port device team_slave_0 added [ 763.659785][T19054] team0: Port device team_slave_1 added [ 763.686710][T19054] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 763.694657][T19054] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 763.724634][T19054] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 763.744095][T19054] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 763.751254][T19054] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 763.779297][T19054] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 763.824424][T19054] hsr_slave_0: entered promiscuous mode [ 763.831593][T19054] hsr_slave_1: entered promiscuous mode [ 763.839335][T19054] debugfs: 'hsr0' already exists in 'hsr' [ 763.847360][T19054] Cannot create hsr debugfs directory [ 764.006124][T19054] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 764.020630][T19054] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 764.031395][T19054] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 764.041898][T19054] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 764.075333][T19054] bridge0: port 2(bridge_slave_1) entered blocking state [ 764.082739][T19054] bridge0: port 2(bridge_slave_1) entered forwarding state [ 764.091113][T19054] bridge0: port 1(bridge_slave_0) entered blocking state [ 764.098326][T19054] bridge0: port 1(bridge_slave_0) entered forwarding state [ 764.159051][T19054] 8021q: adding VLAN 0 to HW filter on device bond0 [ 764.178483][T17513] bridge0: port 1(bridge_slave_0) entered disabled state [ 764.187379][T17513] bridge0: port 2(bridge_slave_1) entered disabled state [ 764.200633][T19054] 8021q: adding VLAN 0 to HW filter on device team0 [ 764.217961][ T1163] bridge0: port 1(bridge_slave_0) entered blocking state [ 764.225444][ T1163] bridge0: port 1(bridge_slave_0) entered forwarding state [ 764.249601][ T1163] bridge0: port 2(bridge_slave_1) entered blocking state [ 764.256776][ T1163] bridge0: port 2(bridge_slave_1) entered forwarding state [ 764.438984][T19054] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 764.650890][T19054] veth0_vlan: entered promiscuous mode [ 764.666211][T19054] veth1_vlan: entered promiscuous mode [ 764.697586][T19054] veth0_macvtap: entered promiscuous mode [ 764.707442][T19054] veth1_macvtap: entered promiscuous mode [ 764.734348][T19054] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 764.749763][T19054] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 764.764743][T17514] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 764.789943][T17514] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 764.838514][T17514] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 764.867241][T17514] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 764.895713][T17514] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 764.915901][T17514] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 764.951262][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 764.963980][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 765.016510][ T5835] Bluetooth: hci6: command tx timeout [ 765.134376][T19090] netlink: 306 bytes leftover after parsing attributes in process `syz.5.4471'. [ 765.190530][T19094] futex_wake_op: syz.3.4473 tries to shift op by -2048; fix this program [ 765.234351][T19094] futex_wake_op: syz.3.4473 tries to shift op by -2048; fix this program [ 765.849625][T19105] [U] [ 765.852436][T19105] [U] [ 765.855134][T19105] [U] [ 765.857836][T19105] [U] [ 765.960508][T19105] [U] [ 765.963374][T19105] [U] [ 765.966085][T19105] [U] [ 765.968768][T19105] [U] [ 766.060508][T19105] [U] [ 766.063330][T19105] [U] [ 766.066026][T19105] [U] [ 766.068791][T19105] [U] [ 766.151438][T19105] [U] [ 766.154174][T19105] [U] [ 766.156956][T19105] [U] [ 766.159646][T19105] [U] [ 766.227216][T19105] [U] [ 766.230034][T19105] [U] [ 766.232754][T19105] [U] [ 766.235635][T19105] [U] [ 766.307379][T19105] [U] [ 766.310105][T19105] [U] [ 766.312818][T19105] [U] [ 766.315516][T19105] [U] [ 766.380961][T19105] [U] [ 766.383721][T19105] [U] [ 766.386414][T19105] [U] [ 766.389112][T19105] [U] [ 766.464194][T19105] [U] [ 766.467014][T19105] [U] [ 766.469694][T19105] [U] [ 766.472379][T19105] [U] [ 766.584845][T19105] [U] [ 766.587684][T19105] [U] [ 766.590380][T19105] [U] [ 766.593086][T19105] [U] [ 766.650149][T19105] [U] [ 766.652976][T19105] [U] [ 766.655669][T19105] [U] [ 766.658368][T19105] [U] [ 766.737069][T19105] [U] [ 766.739893][T19105] [U] [ 766.742750][T19105] [U] [ 766.745452][T19105] [U] [ 766.800419][T19105] [U] [ 766.803293][T19105] [U] [ 766.806082][T19105] [U] [ 766.808787][T19105] [U] [ 766.876678][T19105] [U] [ 767.094873][ T5835] Bluetooth: hci6: command tx timeout [ 767.251747][T19133] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 767.362781][T19137] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4478'. [ 767.937464][T19154] netlink: 226 bytes leftover after parsing attributes in process `syz.2.4484'. [ 768.013434][T19154] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4484'. [ 768.063228][T19154] A link change request failed with some changes committed already. Interface wg1 may have been left with an inconsistent configuration, please check. [ 768.726540][T19165] netlink: 'syz.2.4487': attribute type 27 has an invalid length. [ 768.768975][T19165] netlink: 'syz.2.4487': attribute type 28 has an invalid length. [ 768.809057][T19165] netlink: 'syz.2.4487': attribute type 29 has an invalid length. [ 768.849866][T19165] netlink: 'syz.2.4487': attribute type 30 has an invalid length. [ 768.896272][T19165] netlink: 'syz.2.4487': attribute type 31 has an invalid length. [ 768.950899][T19165] netlink: 'syz.2.4487': attribute type 32 has an invalid length. [ 769.014429][T19165] netlink: 'syz.2.4487': attribute type 33 has an invalid length. [ 769.051193][T19165] netlink: 'syz.2.4487': attribute type 35 has an invalid length. [ 769.102477][T19165] netlink: 'syz.2.4487': attribute type 37 has an invalid length. [ 769.136077][T19165] netlink: 'syz.2.4487': attribute type 39 has an invalid length. [ 769.159266][T19165] netlink: 14 bytes leftover after parsing attributes in process `syz.2.4487'. [ 769.172686][ T5835] Bluetooth: hci6: command tx timeout [ 770.987009][T19205] netlink: 354 bytes leftover after parsing attributes in process `syz.2.4500'. [ 771.253468][ T5835] Bluetooth: hci6: command tx timeout [ 772.912732][T19234] FAULT_INJECTION: forcing a failure. [ 772.912732][T19234] name failslab, interval 1, probability 0, space 0, times 0 [ 772.986846][T19234] CPU: 0 UID: 0 PID: 19234 Comm: syz.3.4508 Tainted: G U L syzkaller #0 PREEMPT(full) [ 772.986877][T19234] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 772.986883][T19234] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 772.986893][T19234] Call Trace: [ 772.986900][T19234] [ 772.986907][T19234] dump_stack_lvl+0x100/0x190 [ 772.986936][T19234] should_fail_ex.cold+0x5/0xa [ 772.986958][T19234] should_failslab+0xc2/0x120 [ 772.986975][T19234] __kmalloc_node_track_caller_noprof+0xe3/0x850 [ 772.986999][T19234] ? kasprintf+0xc7/0x100 [ 772.987021][T19234] kvasprintf+0xbc/0x150 [ 772.987037][T19234] ? __pfx_kvasprintf+0x10/0x10 [ 772.987053][T19234] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 772.987074][T19234] ? lockdep_hardirqs_on+0x78/0x100 [ 772.987092][T19234] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 772.987111][T19234] kasprintf+0xc7/0x100 [ 772.987126][T19234] ? __pfx_kasprintf+0x10/0x10 [ 772.987150][T19234] ieee80211_alloc_led_names+0x1b0/0x420 [ 772.987288][T19234] ieee80211_alloc_hw_nm+0x1934/0x22a0 [ 772.987355][T19234] mac80211_hwsim_new_radio+0x1e1/0x57d0 [ 772.987451][T19234] ? __asan_memset+0x23/0x50 [ 772.987473][T19234] ? __nla_validate_parse+0x1e7/0x28b0 [ 772.987493][T19234] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 772.987521][T19234] hwsim_new_radio_nl+0xc1f/0x1340 [ 772.987545][T19234] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 772.987571][T19234] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1a0/0x280 [ 772.987596][T19234] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1aa/0x280 [ 772.987623][T19234] genl_family_rcv_msg_doit+0x214/0x300 [ 772.987648][T19234] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 772.987670][T19234] ? genl_get_cmd+0x3ef/0x720 [ 772.987695][T19234] ? bpf_lsm_capable+0x9/0x10 [ 772.987711][T19234] ? security_capable+0x80/0x260 [ 772.987735][T19234] ? ns_capable+0xd2/0xf0 [ 772.987753][T19234] genl_rcv_msg+0x560/0x800 [ 772.987777][T19234] ? __pfx_genl_rcv_msg+0x10/0x10 [ 772.987799][T19234] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 772.987827][T19234] netlink_rcv_skb+0x159/0x420 [ 772.987847][T19234] ? __pfx_genl_rcv_msg+0x10/0x10 [ 772.987869][T19234] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 772.987897][T19234] ? netlink_deliver_tap+0x1ae/0xcc0 [ 772.987918][T19234] genl_rcv+0x28/0x40 [ 772.987937][T19234] netlink_unicast+0x5aa/0x870 [ 772.987960][T19234] ? __pfx_netlink_unicast+0x10/0x10 [ 772.987987][T19234] netlink_sendmsg+0x8b0/0xda0 [ 772.988010][T19234] ? __pfx_netlink_sendmsg+0x10/0x10 [ 772.988028][T19234] ? __import_iovec+0x1d2/0x640 [ 772.988046][T19234] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 772.988070][T19234] ____sys_sendmsg+0x9e1/0xb70 [ 772.988091][T19234] ? __pfx_netlink_sendmsg+0x10/0x10 [ 772.988112][T19234] ? __pfx_____sys_sendmsg+0x10/0x10 [ 772.988138][T19234] ? __pfx_futex_wake_mark+0x10/0x10 [ 772.988164][T19234] ___sys_sendmsg+0x190/0x1e0 [ 772.988188][T19234] ? __pfx____sys_sendmsg+0x10/0x10 [ 772.988234][T19234] __sys_sendmsg+0x170/0x220 [ 772.988253][T19234] ? __pfx___sys_sendmsg+0x10/0x10 [ 772.988271][T19234] ? __x64_sys_futex+0x34f/0x4d0 [ 772.988301][T19234] do_syscall_64+0x106/0xf80 [ 772.988330][T19234] ? clear_bhb_loop+0x40/0x90 [ 772.988351][T19234] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 772.988367][T19234] RIP: 0033:0x7fed08d9c799 [ 772.988383][T19234] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 772.988398][T19234] RSP: 002b:00007fed09c41028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 772.988413][T19234] RAX: ffffffffffffffda RBX: 00007fed09015fa0 RCX: 00007fed08d9c799 [ 772.988424][T19234] RDX: 0000000000008000 RSI: 0000200000000200 RDI: 0000000000000007 [ 772.988433][T19234] RBP: 00007fed08e32c99 R08: 0000000000000000 R09: 0000000000000000 [ 772.988443][T19234] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 772.988452][T19234] R13: 00007fed09016038 R14: 00007fed09015fa0 R15: 00007ffdbd766408 [ 772.988473][T19234] [ 774.431215][T19254] netlink: 330 bytes leftover after parsing attributes in process `syz.2.4514'. [ 774.712889][T19258] netlink: 226 bytes leftover after parsing attributes in process `syz.2.4515'. [ 777.002929][T19292] netlink: 54 bytes leftover after parsing attributes in process `syz.5.4528'. [ 777.925698][T19309] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4533'. [ 777.995072][T19309] netlink: 13 bytes leftover after parsing attributes in process `syz.5.4533'. [ 778.361441][ C0] vcan0: j1939_tp_rxtimer: 0xffff888079924000: rx timeout, send abort [ 778.546319][T19319] futex_wake_op: syz.5.4543 tries to shift op by -2048; fix this program [ 778.623310][T19319] futex_wake_op: syz.5.4543 tries to shift op by -2048; fix this program [ 778.869827][ C0] vcan0: j1939_tp_rxtimer: 0xffff888079924000: abort rx timeout. Force session deactivation [ 779.680114][T19335] sp0: Synchronizing with TNC [ 781.473033][T19365] [U] [ 781.475866][T19365] [U] [ 781.478556][T19365] [U] [ 781.481236][T19365] [U] [ 781.604694][T19365] [U] [ 781.607656][T19365] [U] [ 781.610334][T19365] [U] [ 781.613119][T19365] [U] [ 781.753177][T19365] [U] [ 781.755909][T19365] [U] [ 781.758802][T19365] [U] [ 781.761495][T19365] [U] [ 781.822350][T19365] [U] [ 781.825113][T19365] [U] [ 781.827810][T19365] [U] [ 781.830489][T19365] [U] [ 781.902452][T19365] [U] [ 781.905184][T19365] [U] [ 781.907878][T19365] [U] [ 781.910562][T19365] [U] [ 781.923153][T19374] validate_nla: 1 callbacks suppressed [ 781.923170][T19374] netlink: 'syz.3.4549': attribute type 16 has an invalid length. [ 781.982377][T19365] [U] [ 781.985265][T19365] [U] [ 781.987952][T19365] [U] [ 781.990624][T19365] [U] [ 782.032461][T19374] netlink: 226 bytes leftover after parsing attributes in process `syz.3.4549'. [ 782.071050][T19365] [U] [ 782.073783][T19365] [U] [ 782.076478][T19365] [U] [ 782.079155][T19365] [U] [ 782.111347][T19374] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4549'. [ 782.145370][T19365] [U] [ 782.148199][T19365] [U] [ 782.150879][T19365] [U] [ 782.153573][T19365] [U] [ 782.319337][T19365] [U] [ 782.322165][T19365] [U] [ 782.324853][T19365] [U] [ 782.327655][T19365] [U] [ 782.430194][T19365] [U] [ 782.433200][T19365] [U] [ 782.436270][T19365] [U] [ 782.439120][T19365] [U] [ 782.526656][T19365] [U] [ 782.529387][T19365] [U] [ 782.532264][T19365] [U] [ 782.534948][T19365] [U] [ 782.632557][T19365] [U] [ 782.635304][T19365] [U] [ 782.638041][T19365] [U] [ 782.640733][T19365] [U] [ 782.694905][T19365] [U] [ 782.697639][T19365] [U] [ 782.700418][T19365] [U] [ 782.703219][T19365] [U] [ 782.786910][T19365] [U] [ 782.832948][ T5835] Bluetooth: hci4: unexpected subevent 0x03 length: 253 > 9 [ 783.972072][T19361] kexec: Could not allocate control_code_buffer [ 785.088266][ C0] vcan0: j1939_tp_rxtimer: 0xffff888036349c00: rx timeout, send abort [ 785.596777][ C0] vcan0: j1939_tp_rxtimer: 0xffff888036349c00: abort rx timeout. Force session deactivation [ 785.732235][ T5835] Bluetooth: hci7: Opcode 0x0c03 failed: -110 [ 786.094702][ T5835] Bluetooth: hci4: Malformed Event: 0x02 [ 786.780221][T19429] sp0: Synchronizing with TNC [ 787.266510][T19438] netlink: 'syz.5.4567': attribute type 5 has an invalid length. [ 787.342308][T19438] netlink: 'syz.5.4567': attribute type 1 has an invalid length. [ 787.351588][T19438] netlink: 12 bytes leftover after parsing attributes in process `syz.5.4567'. [ 787.453409][T19441] netlink: 'syz.5.4567': attribute type 5 has an invalid length. [ 787.515380][T19441] netlink: 'syz.5.4567': attribute type 1 has an invalid length. [ 787.597740][T19441] netlink: 12 bytes leftover after parsing attributes in process `syz.5.4567'. [ 787.757943][T19444] netlink: 13 bytes leftover after parsing attributes in process `syz.3.4569'. [ 788.189340][T19450] netlink: 28 bytes leftover after parsing attributes in process `syz.7.4572'. [ 788.398403][T19450] hsr_slave_0 (unregistering): left promiscuous mode [ 788.931876][T19464] sp0: Synchronizing with TNC [ 789.050493][T19459] FAULT_INJECTION: forcing a failure. [ 789.050493][T19459] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 789.140980][T19459] CPU: 0 UID: 0 PID: 19459 Comm: syz.5.4574 Tainted: G U L syzkaller #0 PREEMPT(full) [ 789.141010][T19459] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 789.141016][T19459] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 789.141027][T19459] Call Trace: [ 789.141033][T19459] [ 789.141040][T19459] dump_stack_lvl+0x100/0x190 [ 789.141070][T19459] should_fail_ex.cold+0x5/0xa [ 789.141087][T19459] ? prepare_alloc_pages+0x16d/0x5f0 [ 789.141106][T19459] should_fail_alloc_page+0xeb/0x140 [ 789.141124][T19459] prepare_alloc_pages+0x1f0/0x5f0 [ 789.141142][T19459] ? kernel_text_address+0x8d/0x100 [ 789.141166][T19459] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 789.141189][T19459] ? __lock_acquire+0x4a5/0x2630 [ 789.141209][T19459] ? __lock_acquire+0x4a5/0x2630 [ 789.141249][T19459] ? __lock_acquire+0x4a5/0x2630 [ 789.141269][T19459] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 789.141294][T19459] ? __lock_acquire+0x4a5/0x2630 [ 789.141324][T19459] ? find_held_lock+0x2b/0x80 [ 789.141338][T19459] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 789.141364][T19459] ? policy_nodemask+0xed/0x4f0 [ 789.141382][T19459] alloc_pages_mpol+0x1fb/0x550 [ 789.141399][T19459] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 789.141415][T19459] ? arch_stack_walk+0xa6/0xf0 [ 789.141459][T19459] ? wiphy_new_nm+0x701/0x21a0 [ 789.141532][T19459] ___kmalloc_large_node+0x104/0x150 [ 789.141553][T19459] ? __pfx_ieee80211_emulate_add_chanctx+0x10/0x10 [ 789.141575][T19459] __kmalloc_large_node_noprof+0x1c/0x70 [ 789.141594][T19459] ? __pfx_ieee80211_emulate_remove_chanctx+0x10/0x10 [ 789.141643][T19459] __kmalloc_noprof+0x5be/0x850 [ 789.141668][T19459] ? __pfx_ieee80211_emulate_remove_chanctx+0x10/0x10 [ 789.141690][T19459] ? __pfx_ieee80211_emulate_add_chanctx+0x10/0x10 [ 789.141712][T19459] ? __pfx_mac80211_hwsim_link_info_changed+0x10/0x10 [ 789.141732][T19459] wiphy_new_nm+0x701/0x21a0 [ 789.141752][T19459] ? __pfx_ieee80211_emulate_remove_chanctx+0x10/0x10 [ 789.141773][T19459] ? __pfx_ieee80211_emulate_add_chanctx+0x10/0x10 [ 789.141793][T19459] ? __pfx_mac80211_hwsim_link_info_changed+0x10/0x10 [ 789.141821][T19459] ieee80211_alloc_hw_nm+0x1ac7/0x22a0 [ 789.141846][T19459] ? __local_bh_enable_ip+0x9e/0x120 [ 789.141865][T19459] mac80211_hwsim_new_radio+0x1e1/0x57d0 [ 789.141897][T19459] ? __asan_memset+0x23/0x50 [ 789.141917][T19459] ? __nla_validate_parse+0x1e7/0x28b0 [ 789.141938][T19459] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 789.141965][T19459] hwsim_new_radio_nl+0xc1f/0x1340 [ 789.141988][T19459] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 789.142014][T19459] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1a0/0x280 [ 789.142039][T19459] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1aa/0x280 [ 789.142066][T19459] genl_family_rcv_msg_doit+0x214/0x300 [ 789.142091][T19459] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 789.142116][T19459] ? genl_get_cmd+0x3ef/0x720 [ 789.142142][T19459] ? bpf_lsm_capable+0x9/0x10 [ 789.142159][T19459] ? security_capable+0x80/0x260 [ 789.142182][T19459] ? ns_capable+0xd2/0xf0 [ 789.142198][T19459] genl_rcv_msg+0x560/0x800 [ 789.142223][T19459] ? __pfx_genl_rcv_msg+0x10/0x10 [ 789.142245][T19459] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 789.142272][T19459] netlink_rcv_skb+0x159/0x420 [ 789.142292][T19459] ? __pfx_genl_rcv_msg+0x10/0x10 [ 789.142314][T19459] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 789.142342][T19459] ? netlink_deliver_tap+0x1ae/0xcc0 [ 789.142363][T19459] genl_rcv+0x28/0x40 [ 789.142383][T19459] netlink_unicast+0x5aa/0x870 [ 789.142405][T19459] ? __pfx_netlink_unicast+0x10/0x10 [ 789.142432][T19459] netlink_sendmsg+0x8b0/0xda0 [ 789.142455][T19459] ? __pfx_netlink_sendmsg+0x10/0x10 [ 789.142482][T19459] ? __import_iovec+0x1d2/0x640 [ 789.142500][T19459] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 789.142526][T19459] ____sys_sendmsg+0x9e1/0xb70 [ 789.142548][T19459] ? __pfx_netlink_sendmsg+0x10/0x10 [ 789.142569][T19459] ? __pfx_____sys_sendmsg+0x10/0x10 [ 789.142595][T19459] ? __pfx_futex_wake_mark+0x10/0x10 [ 789.142621][T19459] ___sys_sendmsg+0x190/0x1e0 [ 789.142645][T19459] ? __pfx____sys_sendmsg+0x10/0x10 [ 789.142691][T19459] __sys_sendmsg+0x170/0x220 [ 789.142710][T19459] ? __pfx___sys_sendmsg+0x10/0x10 [ 789.142728][T19459] ? __x64_sys_futex+0x34f/0x4d0 [ 789.142758][T19459] do_syscall_64+0x106/0xf80 [ 789.142776][T19459] ? clear_bhb_loop+0x40/0x90 [ 789.142795][T19459] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 789.142811][T19459] RIP: 0033:0x7fdd6b59c799 [ 789.142826][T19459] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 789.142842][T19459] RSP: 002b:00007fdd6c49a028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 789.142859][T19459] RAX: ffffffffffffffda RBX: 00007fdd6b815fa0 RCX: 00007fdd6b59c799 [ 789.142870][T19459] RDX: 0000000000008000 RSI: 0000200000000200 RDI: 0000000000000007 [ 789.142879][T19459] RBP: 00007fdd6b632c99 R08: 0000000000000000 R09: 0000000000000000 [ 789.142889][T19459] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 789.142898][T19459] R13: 00007fdd6b816038 R14: 00007fdd6b815fa0 R15: 00007ffc1dc9a348 [ 789.142919][T19459] [ 792.286697][T19491] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4586'. [ 792.329936][T19491] bridge_slave_1: left allmulticast mode [ 792.362542][T19491] bridge_slave_1: left promiscuous mode [ 792.383760][T19491] bridge0: port 2(bridge_slave_1) entered disabled state [ 792.490652][T19491] bridge_slave_0: left allmulticast mode [ 792.503759][T19491] bridge_slave_0: left promiscuous mode [ 792.535147][T19491] bridge0: port 1(bridge_slave_0) entered disabled state [ 793.762747][T19509] netlink: 28 bytes leftover after parsing attributes in process `syz.5.4593'. [ 793.913002][T19511] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input13 [ 794.017973][T19512] netlink: 'syz.7.4594': attribute type 16 has an invalid length. [ 794.135587][T19512] netlink: 294 bytes leftover after parsing attributes in process `syz.7.4594'. [ 796.870465][T19549] zswap: compressor not available [ 798.074993][T19565] tipc: Withdrawal distribution failure [ 798.778145][ T5835] Bluetooth: hci1: ACL packet too small [ 799.420709][T19586] usb usb37: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 799.500259][T19586] vhci_hcd vhci_hcd.2: default hub control req: 0000 v0000 i0000 l0 [ 799.595981][T19588] FAULT_INJECTION: forcing a failure. [ 799.595981][T19588] name failslab, interval 1, probability 0, space 0, times 0 [ 799.690202][T19588] CPU: 0 UID: 0 PID: 19588 Comm: syz.3.4614 Tainted: G U L syzkaller #0 PREEMPT(full) [ 799.690233][T19588] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 799.690239][T19588] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 799.690249][T19588] Call Trace: [ 799.690255][T19588] [ 799.690262][T19588] dump_stack_lvl+0x100/0x190 [ 799.690291][T19588] should_fail_ex.cold+0x5/0xa [ 799.690311][T19588] should_failslab+0xc2/0x120 [ 799.690327][T19588] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 799.690350][T19588] ? __kernfs_new_node+0xd2/0x960 [ 799.690377][T19588] __kernfs_new_node+0xd2/0x960 [ 799.690400][T19588] ? __pfx___kernfs_new_node+0x10/0x10 [ 799.690426][T19588] ? find_held_lock+0x2b/0x80 [ 799.690441][T19588] ? kernfs_root+0xee/0x2a0 [ 799.690460][T19588] ? kernfs_root+0xee/0x2a0 [ 799.690484][T19588] kernfs_new_node+0x11b/0x1a0 [ 799.690510][T19588] __kernfs_create_file+0x53/0x350 [ 799.690529][T19588] sysfs_add_file_mode_ns+0x207/0x3c0 [ 799.690554][T19588] internal_create_group+0x593/0xf40 [ 799.690580][T19588] ? __pfx_internal_create_group+0x10/0x10 [ 799.690604][T19588] ? kernfs_create_link+0x1bd/0x240 [ 799.690634][T19588] internal_create_groups+0x9d/0x150 [ 799.690657][T19588] device_add+0x71a/0x1950 [ 799.690674][T19588] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 799.690699][T19588] ? __pfx_device_add+0x10/0x10 [ 799.690713][T19588] ? lockdep_init_map_type+0x5c/0x250 [ 799.690733][T19588] ? __init_waitqueue_head+0xca/0x150 [ 799.690760][T19588] netdev_register_kobject+0x1a9/0x3d0 [ 799.690787][T19588] register_netdevice+0x12e0/0x2210 [ 799.690811][T19588] ? __pfx_register_netdevice+0x10/0x10 [ 799.690837][T19588] internal_dev_create+0x2d3/0x520 [ 799.690934][T19588] ovs_vport_add+0x147/0x4d0 [ 799.690964][T19588] new_vport+0x16/0x1d0 [ 799.691029][T19588] ovs_dp_cmd_new+0x65d/0xdf0 [ 799.691051][T19588] ? __pfx_ovs_dp_cmd_new+0x10/0x10 [ 799.691071][T19588] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1a0/0x280 [ 799.691094][T19588] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1aa/0x280 [ 799.691122][T19588] genl_family_rcv_msg_doit+0x214/0x300 [ 799.691146][T19588] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 799.691169][T19588] ? genl_get_cmd+0x3ef/0x720 [ 799.691194][T19588] ? bpf_lsm_capable+0x9/0x10 [ 799.691210][T19588] ? security_capable+0x80/0x260 [ 799.691234][T19588] ? ns_capable+0xd2/0xf0 [ 799.691252][T19588] genl_rcv_msg+0x560/0x800 [ 799.691278][T19588] ? __pfx_genl_rcv_msg+0x10/0x10 [ 799.691301][T19588] ? __pfx_ovs_dp_cmd_new+0x10/0x10 [ 799.691323][T19588] netlink_rcv_skb+0x159/0x420 [ 799.691343][T19588] ? __pfx_genl_rcv_msg+0x10/0x10 [ 799.691367][T19588] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 799.691399][T19588] ? netlink_deliver_tap+0x1ae/0xcc0 [ 799.691421][T19588] genl_rcv+0x28/0x40 [ 799.691445][T19588] netlink_unicast+0x5aa/0x870 [ 799.691471][T19588] ? __pfx_netlink_unicast+0x10/0x10 [ 799.691499][T19588] netlink_sendmsg+0x8b0/0xda0 [ 799.691527][T19588] ? __pfx_netlink_sendmsg+0x10/0x10 [ 799.691548][T19588] ? __import_iovec+0x1d2/0x640 [ 799.691566][T19588] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 799.691591][T19588] ____sys_sendmsg+0x9e1/0xb70 [ 799.691613][T19588] ? __pfx_netlink_sendmsg+0x10/0x10 [ 799.691634][T19588] ? __pfx_____sys_sendmsg+0x10/0x10 [ 799.691660][T19588] ? __pfx_futex_wake_mark+0x10/0x10 [ 799.691686][T19588] ___sys_sendmsg+0x190/0x1e0 [ 799.691711][T19588] ? __pfx____sys_sendmsg+0x10/0x10 [ 799.691759][T19588] __sys_sendmsg+0x170/0x220 [ 799.691783][T19588] ? __pfx___sys_sendmsg+0x10/0x10 [ 799.691800][T19588] ? __x64_sys_futex+0x34f/0x4d0 [ 799.691831][T19588] do_syscall_64+0x106/0xf80 [ 799.691849][T19588] ? clear_bhb_loop+0x40/0x90 [ 799.691867][T19588] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 799.691884][T19588] RIP: 0033:0x7fed08d9c799 [ 799.691900][T19588] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 799.691916][T19588] RSP: 002b:00007fed09c20028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 799.691932][T19588] RAX: ffffffffffffffda RBX: 00007fed09016090 RCX: 00007fed08d9c799 [ 799.691950][T19588] RDX: 0000000000000080 RSI: 0000200000000140 RDI: 0000000000000007 [ 799.691960][T19588] RBP: 00007fed08e32c99 R08: 0000000000000000 R09: 0000000000000000 [ 799.691969][T19588] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 799.691979][T19588] R13: 00007fed09016128 R14: 00007fed09016090 R15: 00007ffdbd766408 [ 799.692000][T19588] [ 800.259213][T19592] FAULT_INJECTION: forcing a failure. [ 800.259213][T19592] name failslab, interval 1, probability 0, space 0, times 0 [ 800.272645][T19592] CPU: 0 UID: 0 PID: 19592 Comm: syz.7.4616 Tainted: G U L syzkaller #0 PREEMPT(full) [ 800.272674][T19592] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 800.272681][T19592] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 800.272691][T19592] Call Trace: [ 800.272699][T19592] [ 800.272707][T19592] dump_stack_lvl+0x100/0x190 [ 800.272735][T19592] should_fail_ex.cold+0x5/0xa [ 800.272755][T19592] should_failslab+0xc2/0x120 [ 800.272771][T19592] __kmalloc_cache_noprof+0x7a/0x6f0 [ 800.272793][T19592] ? tipc_nametbl_insert_publ+0x5a/0x1570 [ 800.272974][T19592] tipc_nametbl_insert_publ+0x5a/0x1570 [ 800.272996][T19592] ? do_raw_spin_lock+0x128/0x260 [ 800.273018][T19592] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 800.273045][T19592] tipc_nametbl_publish+0x137/0x260 [ 800.273070][T19592] tipc_sk_publish+0x1d8/0x430 [ 800.273093][T19592] ? __pfx_tipc_sk_publish+0x10/0x10 [ 800.273116][T19592] ? __local_bh_enable_ip+0x9e/0x120 [ 800.273135][T19592] tipc_sk_bind+0x16f/0x380 [ 800.273157][T19592] tipc_bind+0x18d/0x280 [ 800.273179][T19592] __sys_bind+0x1a9/0x260 [ 800.273196][T19592] ? __pfx___sys_bind+0x10/0x10 [ 800.273222][T19592] __x64_sys_bind+0x72/0xb0 [ 800.273236][T19592] ? lockdep_hardirqs_on+0x78/0x100 [ 800.273255][T19592] do_syscall_64+0x106/0xf80 [ 800.273273][T19592] ? clear_bhb_loop+0x40/0x90 [ 800.273292][T19592] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 800.273309][T19592] RIP: 0033:0x7f03b779c799 [ 800.273324][T19592] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 800.273344][T19592] RSP: 002b:00007f03b85c4028 EFLAGS: 00000246 ORIG_RAX: 0000000000000031 [ 800.273361][T19592] RAX: ffffffffffffffda RBX: 00007f03b7a15fa0 RCX: 00007f03b779c799 [ 800.273374][T19592] RDX: 0000000000000066 RSI: 0000200000000040 RDI: 0000000000000002 [ 800.273387][T19592] RBP: 00007f03b7832c99 R08: 0000000000000000 R09: 0000000000000000 [ 800.273397][T19592] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 800.273406][T19592] R13: 00007f03b7a16038 R14: 00007f03b7a15fa0 R15: 00007ffebad8d8f8 [ 800.273426][T19592] [ 801.271048][T19611] netlink: 354 bytes leftover after parsing attributes in process `syz.5.4623'. [ 803.033016][T19637] sg_read: process 1056 (syz.5.4629) changed security contexts after opening file descriptor, this is not allowed. [ 807.132888][ T5835] Bluetooth: hci0: unexpected event 0x09 length: 435 > 3 [ 807.142460][T19703] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4648'. [ 807.329545][T19703] netlink: 'syz.5.4648': attribute type 1 has an invalid length. [ 807.393879][T19703] netlink: 13 bytes leftover after parsing attributes in process `syz.5.4648'. [ 807.666946][T19714] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4658'. [ 807.745102][T19718] netlink: 25 bytes leftover after parsing attributes in process `syz.2.4658'. [ 807.923959][T19717] FAULT_INJECTION: forcing a failure. [ 807.923959][T19717] name failslab, interval 1, probability 0, space 0, times 0 [ 808.084214][T19717] CPU: 0 UID: 0 PID: 19717 Comm: syz.3.4650 Tainted: G U L syzkaller #0 PREEMPT(full) [ 808.084242][T19717] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 808.084248][T19717] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 808.084257][T19717] Call Trace: [ 808.084263][T19717] [ 808.084270][T19717] dump_stack_lvl+0x100/0x190 [ 808.084297][T19717] should_fail_ex.cold+0x5/0xa [ 808.084315][T19717] should_failslab+0xc2/0x120 [ 808.084332][T19717] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 808.084354][T19717] ? taskstats_exit+0x650/0xbd0 [ 808.084381][T19717] taskstats_exit+0x650/0xbd0 [ 808.084403][T19717] ? __pfx_acct_update_integrals+0x10/0x10 [ 808.084428][T19717] ? __pfx_taskstats_exit+0x10/0x10 [ 808.084451][T19717] ? rcu_read_lock_any_held+0x6a/0xa0 [ 808.084467][T19717] ? exit_signals+0x395/0xaf0 [ 808.084484][T19717] do_exit+0x659/0x2b60 [ 808.084506][T19717] ? __pfx_do_exit+0x10/0x10 [ 808.084525][T19717] ? do_raw_spin_lock+0x128/0x260 [ 808.084546][T19717] ? find_held_lock+0x2b/0x80 [ 808.084559][T19717] ? get_signal+0x7e0/0x21e0 [ 808.084576][T19717] do_group_exit+0xd5/0x2a0 [ 808.084597][T19717] get_signal+0x1ec7/0x21e0 [ 808.084619][T19717] ? __pfx_get_signal+0x10/0x10 [ 808.084635][T19717] ? do_futex+0x192/0x350 [ 808.084657][T19717] arch_do_signal_or_restart+0x91/0x770 [ 808.084677][T19717] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 808.084701][T19717] ? __pfx___x64_sys_futex+0x10/0x10 [ 808.084724][T19717] exit_to_user_mode_loop+0x86/0x4a0 [ 808.084746][T19717] do_syscall_64+0x668/0xf80 [ 808.084765][T19717] ? clear_bhb_loop+0x40/0x90 [ 808.084783][T19717] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 808.084799][T19717] RIP: 0033:0x7fed08d9c799 [ 808.084814][T19717] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 808.084828][T19717] RSP: 002b:00007fed09c410e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 808.084843][T19717] RAX: fffffffffffffe00 RBX: 00007fed09015fa8 RCX: 00007fed08d9c799 [ 808.084853][T19717] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fed09015fa8 [ 808.084863][T19717] RBP: 00007fed09015fa0 R08: 0000000000000000 R09: 0000000000000000 [ 808.084872][T19717] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 808.084881][T19717] R13: 00007fed09016038 R14: 00007ffdbd766320 R15: 00007ffdbd766408 [ 808.084900][T19717] [ 809.202809][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 809.210641][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 811.403175][T19759] netlink: 338 bytes leftover after parsing attributes in process `syz.5.4659'. [ 811.723293][T19760] netlink: 338 bytes leftover after parsing attributes in process `syz.5.4659'. [ 811.779711][T19759] netlink: 290 bytes leftover after parsing attributes in process `syz.5.4659'. [ 812.382825][T19766] netlink: 28 bytes leftover after parsing attributes in process `syz.7.4663'. [ 815.280145][T19802] FAULT_INJECTION: forcing a failure. [ 815.280145][T19802] name failslab, interval 1, probability 0, space 0, times 0 [ 815.393459][T19802] CPU: 0 UID: 0 PID: 19802 Comm: syz.5.4676 Tainted: G U L syzkaller #0 PREEMPT(full) [ 815.393490][T19802] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 815.393496][T19802] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 815.393506][T19802] Call Trace: [ 815.393512][T19802] [ 815.393518][T19802] dump_stack_lvl+0x100/0x190 [ 815.393547][T19802] should_fail_ex.cold+0x5/0xa [ 815.393567][T19802] should_failslab+0xc2/0x120 [ 815.393583][T19802] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 815.393606][T19802] ? vm_area_dup+0x27/0x8e0 [ 815.393629][T19802] vm_area_dup+0x27/0x8e0 [ 815.393649][T19802] __split_vma+0x18c/0xd90 [ 815.393672][T19802] ? __pfx___split_vma+0x10/0x10 [ 815.393697][T19802] ? __mpol_equal+0xaf/0x340 [ 815.393718][T19802] vma_modify+0x1121/0x2250 [ 815.393744][T19802] ? __pfx_vma_modify+0x10/0x10 [ 815.393769][T19802] vma_modify_policy+0x238/0x300 [ 815.393791][T19802] ? __pfx_vma_modify_policy+0x10/0x10 [ 815.393828][T19802] mbind_range+0x175/0x550 [ 815.393848][T19802] do_mbind+0x7de/0xfd0 [ 815.393877][T19802] ? __might_fault+0xc5/0x140 [ 815.393898][T19802] ? __pfx_do_mbind+0x10/0x10 [ 815.393922][T19802] ? _copy_from_user+0x59/0xd0 [ 815.393944][T19802] ? __pfx_get_nodes+0x10/0x10 [ 815.393971][T19802] kernel_mbind+0x1b7/0x200 [ 815.393992][T19802] ? __pfx_kernel_mbind+0x10/0x10 [ 815.394017][T19802] do_syscall_64+0x106/0xf80 [ 815.394035][T19802] ? clear_bhb_loop+0x40/0x90 [ 815.394053][T19802] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 815.394070][T19802] RIP: 0033:0x7fdd6b59c799 [ 815.394084][T19802] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 815.394099][T19802] RSP: 002b:00007fdd6c49a028 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed [ 815.394114][T19802] RAX: ffffffffffffffda RBX: 00007fdd6b815fa0 RCX: 00007fdd6b59c799 [ 815.394125][T19802] RDX: 0000000000008003 RSI: 0000000000800605 RDI: 0000000000000000 [ 815.394135][T19802] RBP: 00007fdd6b632c99 R08: 0000000000000003 R09: 0000000000000003 [ 815.394145][T19802] R10: 0000200000000100 R11: 0000000000000246 R12: 0000000000000000 [ 815.394155][T19802] R13: 00007fdd6b816038 R14: 00007fdd6b815fa0 R15: 00007ffc1dc9a348 [ 815.394176][T19802] [ 816.055890][T19814] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4680'. [ 816.089905][T19814] netlink: 25 bytes leftover after parsing attributes in process `syz.5.4680'. [ 816.314357][T19818] netlink: 13 bytes leftover after parsing attributes in process `syz.2.4681'. [ 818.698510][T19850] Invalid ELF header magic: != ELF [ 821.288763][T19879] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4708'. [ 821.382502][T19879] netlink: 25 bytes leftover after parsing attributes in process `syz.5.4708'. [ 821.417412][ T5835] Bluetooth: hci5: command 0x0406 tx timeout [ 822.493166][T19890] zswap: compressor not available [ 822.919884][T19901] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4703'. [ 823.469470][T19902] mkiss: ax0: crc mode is auto. [ 827.186796][T19937] netlink: 28 bytes leftover after parsing attributes in process `syz.5.4715'. [ 830.676503][T19972] netlink: 338 bytes leftover after parsing attributes in process `syz.2.4727'. [ 830.733046][T19974] netlink: 342 bytes leftover after parsing attributes in process `syz.2.4727'. [ 834.381587][T20017] vhci_hcd vhci_hcd.2: invalid port number 255 [ 834.611549][T20019] netlink: 62 bytes leftover after parsing attributes in process `syz.2.4740'. [ 838.221404][T13497] Bluetooth: hci0: unexpected event 0x14 length: 16 > 6 [ 838.231882][T20067] netlink: 186 bytes leftover after parsing attributes in process `syz.2.4754'. [ 838.420688][T20048] FAULT_INJECTION: forcing a failure. [ 838.420688][T20048] name failslab, interval 1, probability 0, space 0, times 0 [ 838.583761][T20048] CPU: 0 UID: 0 PID: 20048 Comm: syz.7.4748 Tainted: G U L syzkaller #0 PREEMPT(full) [ 838.583792][T20048] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 838.583799][T20048] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 838.583810][T20048] Call Trace: [ 838.583816][T20048] [ 838.583823][T20048] dump_stack_lvl+0x100/0x190 [ 838.583851][T20048] should_fail_ex.cold+0x5/0xa [ 838.583871][T20048] should_failslab+0xc2/0x120 [ 838.583888][T20048] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 838.583912][T20048] ? __mpol_dup+0x74/0x370 [ 838.583933][T20048] __mpol_dup+0x74/0x370 [ 838.583949][T20048] ? __pfx___mpol_dup+0x10/0x10 [ 838.583966][T20048] ? kmem_cache_alloc_noprof+0x292/0x6e0 [ 838.583987][T20048] ? sp_alloc+0x27/0x160 [ 838.584007][T20048] sp_alloc+0x4d/0x160 [ 838.584025][T20048] mpol_set_shared_policy+0xa5/0x8a0 [ 838.584047][T20048] ? __pfx_shmem_set_policy+0x10/0x10 [ 838.584072][T20048] mbind_range+0x339/0x550 [ 838.584093][T20048] do_mbind+0x7de/0xfd0 [ 838.584116][T20048] ? __might_fault+0xc5/0x140 [ 838.584138][T20048] ? __pfx_do_mbind+0x10/0x10 [ 838.584161][T20048] ? _copy_from_user+0x59/0xd0 [ 838.584181][T20048] ? __pfx_get_nodes+0x10/0x10 [ 838.584208][T20048] kernel_mbind+0x1b7/0x200 [ 838.584228][T20048] ? __pfx_kernel_mbind+0x10/0x10 [ 838.584252][T20048] do_syscall_64+0x106/0xf80 [ 838.584270][T20048] ? clear_bhb_loop+0x40/0x90 [ 838.584289][T20048] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 838.584304][T20048] RIP: 0033:0x7f03b779c799 [ 838.584319][T20048] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 838.584334][T20048] RSP: 002b:00007f03b85c4028 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed [ 838.584349][T20048] RAX: ffffffffffffffda RBX: 00007f03b7a15fa0 RCX: 00007f03b779c799 [ 838.584360][T20048] RDX: 0000000000008003 RSI: 0000000000800605 RDI: 0000000000000000 [ 838.584369][T20048] RBP: 00007f03b7832c99 R08: 0000000000000003 R09: 0000000000000003 [ 838.584379][T20048] R10: 0000200000000100 R11: 0000000000000246 R12: 0000000000000000 [ 838.584389][T20048] R13: 00007f03b7a16038 R14: 00007f03b7a15fa0 R15: 00007ffebad8d8f8 [ 838.584418][T20048] [ 842.533435][T20107] zswap: compressor not available [ 842.635442][T20111] workqueue: name exceeds WQ_NAME_LEN. Truncating to: !PjE ùrõ£Ò„yù*›"¤l-ý¤ôy–ú„ [ 844.672278][T20138] binder: BINDER_SET_CONTEXT_MGR already set [ 844.678767][T20138] binder: 20132:20138 ioctl 4018620d 2000000027c0 returned -16 [ 845.805251][T20161] FAULT_INJECTION: forcing a failure. [ 845.805251][T20161] name failslab, interval 1, probability 0, space 0, times 0 [ 845.895846][T20161] CPU: 0 UID: 0 PID: 20161 Comm: syz.7.4781 Tainted: G U L syzkaller #0 PREEMPT(full) [ 845.895876][T20161] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 845.895882][T20161] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 845.895892][T20161] Call Trace: [ 845.895898][T20161] [ 845.895905][T20161] dump_stack_lvl+0x100/0x190 [ 845.895933][T20161] should_fail_ex.cold+0x5/0xa [ 845.895952][T20161] ? __register_sysctl_table+0xac/0x1650 [ 845.895976][T20161] should_failslab+0xc2/0x120 [ 845.895993][T20161] __kmalloc_noprof+0xe0/0x850 [ 845.896019][T20161] __register_sysctl_table+0xac/0x1650 [ 845.896043][T20161] ? is_module_address+0x5f/0xf0 [ 845.896066][T20161] ? __pfx___register_sysctl_table+0x10/0x10 [ 845.896088][T20161] ? is_module_address+0x69/0xf0 [ 845.896107][T20161] ? register_net_sysctl_sz+0x222/0x430 [ 845.896245][T20161] ? __asan_memcpy+0x3c/0x60 [ 845.896268][T20161] devinet_init_net+0x369/0x8d0 [ 845.896333][T20161] ? __pfx_devinet_init_net+0x10/0x10 [ 845.896355][T20161] ops_init+0x1e2/0x5f0 [ 845.896377][T20161] setup_net+0x118/0x3a0 [ 845.896397][T20161] ? __pfx_setup_net+0x10/0x10 [ 845.896416][T20161] ? lockdep_init_map_type+0x5c/0x250 [ 845.896436][T20161] ? mutex_init_lockep+0x110/0x150 [ 845.896461][T20161] copy_net_ns+0x46f/0x7c0 [ 845.896485][T20161] create_new_namespaces+0x3ea/0xac0 [ 845.896509][T20161] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 845.896530][T20161] ksys_unshare+0x473/0xad0 [ 845.896553][T20161] ? __pfx_ksys_unshare+0x10/0x10 [ 845.896579][T20161] __x64_sys_unshare+0x31/0x40 [ 845.896597][T20161] do_syscall_64+0x106/0xf80 [ 845.896615][T20161] ? clear_bhb_loop+0x40/0x90 [ 845.896634][T20161] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 845.896651][T20161] RIP: 0033:0x7f03b779c799 [ 845.896678][T20161] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 845.896694][T20161] RSP: 002b:00007f03b85c4028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 845.896711][T20161] RAX: ffffffffffffffda RBX: 00007f03b7a15fa0 RCX: 00007f03b779c799 [ 845.896722][T20161] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 845.896731][T20161] RBP: 00007f03b7832c99 R08: 0000000000000000 R09: 0000000000000000 [ 845.896741][T20161] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 845.896750][T20161] R13: 00007f03b7a16038 R14: 00007f03b7a15fa0 R15: 00007ffebad8d8f8 [ 845.896771][T20161] [ 848.077056][T20166] netlink: 4 bytes leftover after parsing attributes in process `syz.7.4782'. [ 848.144836][T20167] netlink: 'syz.7.4782': attribute type 1 has an invalid length. [ 848.214296][T20167] netlink: 13 bytes leftover after parsing attributes in process `syz.7.4782'. [ 849.700477][T20184] block nbd0: NBD_DISCONNECT [ 849.764252][T20184] block nbd0: Send disconnect failed -32 [ 850.560623][T20199] netlink: 186 bytes leftover after parsing attributes in process `syz.3.4791'. [ 850.936679][T20191] netlink: 186 bytes leftover after parsing attributes in process `syz.3.4791'. [ 850.997466][T20206] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4794'. [ 851.136029][T20208] netlink: 25 bytes leftover after parsing attributes in process `syz.2.4794'. [ 851.645924][T20214] netlink: 28 bytes leftover after parsing attributes in process `syz.7.4797'. [ 852.401769][T20223] block nbd0: NBD_DISCONNECT [ 852.430118][T20223] block nbd0: Send disconnect failed -32 [ 852.964604][T13497] Bluetooth: hci1: unexpected event 0x14 length: 16 > 6 [ 854.753761][T20262] netlink: 'syz.5.4810': attribute type 21 has an invalid length. [ 854.869951][T20262] netlink: 334 bytes leftover after parsing attributes in process `syz.5.4810'. [ 855.467202][T20273] FAULT_INJECTION: forcing a failure. [ 855.467202][T20273] name failslab, interval 1, probability 0, space 0, times 0 [ 855.592664][T20273] CPU: 0 UID: 0 PID: 20273 Comm: syz.7.4812 Tainted: G U L syzkaller #0 PREEMPT(full) [ 855.592694][T20273] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 855.592700][T20273] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 855.592710][T20273] Call Trace: [ 855.592716][T20273] [ 855.592723][T20273] dump_stack_lvl+0x100/0x190 [ 855.592754][T20273] should_fail_ex.cold+0x5/0xa [ 855.592775][T20273] should_failslab+0xc2/0x120 [ 855.592793][T20273] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 855.592817][T20273] ? __d_alloc+0x34/0xa80 [ 855.592839][T20273] __d_alloc+0x34/0xa80 [ 855.592858][T20273] d_alloc_parallel+0x111/0x14e0 [ 855.592885][T20273] ? find_held_lock+0x2b/0x80 [ 855.592900][T20273] ? __d_lookup+0x25c/0x4a0 [ 855.592920][T20273] ? __pfx_d_alloc_parallel+0x10/0x10 [ 855.592955][T20273] ? __d_lookup+0x266/0x4a0 [ 855.592980][T20273] lookup_open.isra.0+0x57c/0x11b0 [ 855.593007][T20273] ? __pfx_lookup_open.isra.0+0x10/0x10 [ 855.593041][T20273] ? mnt_get_write_access+0x1e9/0x2f0 [ 855.593065][T20273] path_openat+0xa98/0x31a0 [ 855.593087][T20273] ? __pfx_path_openat+0x10/0x10 [ 855.593110][T20273] do_file_open+0x20e/0x430 [ 855.593127][T20273] ? __pfx_do_file_open+0x10/0x10 [ 855.593150][T20273] ? __pfx_kfree_link+0x10/0x10 [ 855.593179][T20273] ? alloc_fd+0x476/0x790 [ 855.593195][T20273] ? do_getname+0x191/0x390 [ 855.593215][T20273] do_sys_openat2+0x10d/0x1e0 [ 855.593235][T20273] ? __pfx_do_sys_openat2+0x10/0x10 [ 855.593256][T20273] ? ksys_semctl.constprop.0+0x14e/0x2e0 [ 855.593359][T20273] __x64_sys_openat+0x12d/0x210 [ 855.593380][T20273] ? __pfx___x64_sys_openat+0x10/0x10 [ 855.593408][T20273] do_syscall_64+0x106/0xf80 [ 855.593428][T20273] ? clear_bhb_loop+0x40/0x90 [ 855.593448][T20273] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 855.593464][T20273] RIP: 0033:0x7f03b775cfce [ 855.593478][T20273] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 855.593494][T20273] RSP: 002b:00007f03b85a2ec8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 855.593509][T20273] RAX: ffffffffffffffda RBX: 00007f03b85a36c0 RCX: 00007f03b775cfce [ 855.593520][T20273] RDX: 0000000000000002 RSI: 00007f03b85a2f90 RDI: ffffffffffffff9c [ 855.593530][T20273] RBP: 00007f03b7832c99 R08: 0000000000000000 R09: 0000000000000000 [ 855.593540][T20273] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 855.593549][T20273] R13: 00007f03b7a16128 R14: 00007f03b7a16090 R15: 00007ffebad8d8f8 [ 855.593570][T20273] [ 859.551089][T20326] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4827'. [ 859.632658][T20327] netlink: 'syz.5.4827': attribute type 1 has an invalid length. [ 859.693782][T20327] netlink: 13 bytes leftover after parsing attributes in process `syz.5.4827'. [ 860.087212][T13497] Bluetooth: hci0: unexpected event 0x3e length: 505 > 260 [ 860.087242][T13497] Bluetooth: hci0: unexpected subevent 0x02 length: 504 > 260 [ 860.105235][T13497] Bluetooth: hci0: Dropping invalid advertising data [ 860.114084][T13497] Bluetooth: hci0: unknown advertising packet type: 0xe9 [ 861.218381][T20354] netlink: 202 bytes leftover after parsing attributes in process `syz.2.4836'. [ 861.323341][T20357] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4837'. [ 861.405968][T20359] netlink: 25 bytes leftover after parsing attributes in process `syz.5.4837'. [ 863.068555][T20387] zswap: compressor  not available [ 863.365636][T20395] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4847'. [ 863.459175][T20395] netlink: 25 bytes leftover after parsing attributes in process `syz.5.4847'. [ 864.617310][T20410] zswap: compressor not available [ 865.425645][T20435] netlink: 'syz.2.4858': attribute type 4 has an invalid length. [ 865.452074][T17868] NFSD: Failed to start, no listeners configured. [ 865.493220][T20435] netlink: 'syz.2.4858': attribute type 32 has an invalid length. [ 865.555579][T20435] netlink: 46 bytes leftover after parsing attributes in process `syz.2.4858'. [ 867.445509][T20450] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4864'. [ 868.405520][T20459] netlink: 202 bytes leftover after parsing attributes in process `syz.3.4868'. [ 868.810652][T20466] FAULT_INJECTION: forcing a failure. [ 868.810652][T20466] name failslab, interval 1, probability 0, space 0, times 0 [ 868.903412][T20466] CPU: 0 UID: 0 PID: 20466 Comm: syz.3.4871 Tainted: G U L syzkaller #0 PREEMPT(full) [ 868.903442][T20466] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 868.903449][T20466] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 868.903459][T20466] Call Trace: [ 868.903466][T20466] [ 868.903473][T20466] dump_stack_lvl+0x100/0x190 [ 868.903502][T20466] should_fail_ex.cold+0x5/0xa [ 868.903522][T20466] should_failslab+0xc2/0x120 [ 868.903553][T20466] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 868.903577][T20466] ? can_rx_register+0x582/0x6f0 [ 868.903696][T20466] can_rx_register+0x582/0x6f0 [ 868.903713][T20466] ? __pfx_raw_rcv+0x10/0x10 [ 868.903734][T20466] ? __pfx_can_rx_register+0x10/0x10 [ 868.903758][T20466] raw_enable_filters+0xe0/0x210 [ 868.903782][T20466] raw_enable_allfilters+0x8b/0x2b0 [ 868.903799][T20466] ? __local_bh_enable_ip+0x9e/0x120 [ 868.903820][T20466] raw_bind+0x1bd/0xdf0 [ 868.903837][T20466] ? apparmor_socket_bind+0x105/0x1e0 [ 868.903862][T20466] __sys_bind+0x1a9/0x260 [ 868.903881][T20466] ? __pfx___sys_bind+0x10/0x10 [ 868.903909][T20466] __x64_sys_bind+0x72/0xb0 [ 868.903923][T20466] ? lockdep_hardirqs_on+0x78/0x100 [ 868.903942][T20466] do_syscall_64+0x106/0xf80 [ 868.903960][T20466] ? clear_bhb_loop+0x40/0x90 [ 868.903979][T20466] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 868.903995][T20466] RIP: 0033:0x7fed08d9c799 [ 868.904009][T20466] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 868.904024][T20466] RSP: 002b:00007fed09c41028 EFLAGS: 00000246 ORIG_RAX: 0000000000000031 [ 868.904040][T20466] RAX: ffffffffffffffda RBX: 00007fed09015fa0 RCX: 00007fed08d9c799 [ 868.904051][T20466] RDX: 000000000000006a RSI: 0000200000000040 RDI: 0000000000000003 [ 868.904061][T20466] RBP: 00007fed08e32c99 R08: 0000000000000000 R09: 0000000000000000 [ 868.904070][T20466] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 868.904079][T20466] R13: 00007fed09016038 R14: 00007fed09015fa0 R15: 00007ffdbd766408 [ 868.904101][T20466] [ 869.433205][T20468] binder: BINDER_SET_CONTEXT_MGR already set [ 869.439738][T20468] binder: 20467:20468 ioctl 4018620d 2000000027c0 returned -16 [ 869.593764][T20472] netlink: 330 bytes leftover after parsing attributes in process `syz.3.4873'. [ 870.205541][T20480] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4876'. [ 870.536417][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 870.543195][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 871.310489][T20492] netlink: 202 bytes leftover after parsing attributes in process `syz.7.4878'. [ 874.383813][T20524] netlink: 28 bytes leftover after parsing attributes in process `syz.5.4888'. [ 875.710671][T20539] FAULT_INJECTION: forcing a failure. [ 875.710671][T20539] name failslab, interval 1, probability 0, space 0, times 0 [ 875.795209][T20539] CPU: 0 UID: 0 PID: 20539 Comm: syz.5.4894 Tainted: G U L syzkaller #0 PREEMPT(full) [ 875.795240][T20539] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 875.795265][T20539] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 875.795275][T20539] Call Trace: [ 875.795281][T20539] [ 875.795288][T20539] dump_stack_lvl+0x100/0x190 [ 875.795316][T20539] should_fail_ex.cold+0x5/0xa [ 875.795335][T20539] ? __register_sysctl_table+0xac/0x1650 [ 875.795360][T20539] should_failslab+0xc2/0x120 [ 875.795376][T20539] __kmalloc_noprof+0xe0/0x850 [ 875.795403][T20539] __register_sysctl_table+0xac/0x1650 [ 875.795426][T20539] ? is_module_address+0x5f/0xf0 [ 875.795449][T20539] ? __pfx___register_sysctl_table+0x10/0x10 [ 875.795471][T20539] ? is_module_address+0x69/0xf0 [ 875.795489][T20539] ? register_net_sysctl_sz+0x222/0x430 [ 875.795517][T20539] __devinet_sysctl_register+0x1b9/0x360 [ 875.795542][T20539] ? trace_kmalloc+0x101/0x130 [ 875.795558][T20539] ? __pfx___devinet_sysctl_register+0x10/0x10 [ 875.795582][T20539] ? __asan_memcpy+0x3c/0x60 [ 875.795611][T20539] devinet_init_net+0x303/0x8d0 [ 875.795634][T20539] ? __pfx_devinet_init_net+0x10/0x10 [ 875.795658][T20539] ops_init+0x1e2/0x5f0 [ 875.795681][T20539] setup_net+0x118/0x3a0 [ 875.795700][T20539] ? __pfx_setup_net+0x10/0x10 [ 875.795717][T20539] ? lockdep_init_map_type+0x5c/0x250 [ 875.795737][T20539] ? mutex_init_lockep+0x110/0x150 [ 875.795760][T20539] copy_net_ns+0x46f/0x7c0 [ 875.795783][T20539] create_new_namespaces+0x3ea/0xac0 [ 875.795805][T20539] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 875.795823][T20539] ksys_unshare+0x473/0xad0 [ 875.795843][T20539] ? __pfx_ksys_unshare+0x10/0x10 [ 875.795869][T20539] __x64_sys_unshare+0x31/0x40 [ 875.795887][T20539] do_syscall_64+0x106/0xf80 [ 875.795905][T20539] ? clear_bhb_loop+0x40/0x90 [ 875.795924][T20539] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 875.795940][T20539] RIP: 0033:0x7fdd6b59c799 [ 875.795954][T20539] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 875.795969][T20539] RSP: 002b:00007fdd6c49a028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 875.795985][T20539] RAX: ffffffffffffffda RBX: 00007fdd6b815fa0 RCX: 00007fdd6b59c799 [ 875.795996][T20539] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 875.796005][T20539] RBP: 00007fdd6b632c99 R08: 0000000000000000 R09: 0000000000000000 [ 875.796015][T20539] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 875.796025][T20539] R13: 00007fdd6b816038 R14: 00007fdd6b815fa0 R15: 00007ffc1dc9a348 [ 875.796046][T20539] [ 876.555540][T20545] Console: switching to colour VGA+ 80x25 [ 876.632570][T20545] ================================================================== [ 876.632588][T20545] BUG: KASAN: slab-out-of-bounds in fbcon_prepare_logo+0x94e/0xc60 [ 876.632754][T20545] Read of size 26 at addr ffff888022ee1eea by task syz.3.4896/20545 [ 876.632769][T20545] [ 876.632787][T20545] CPU: 0 UID: 0 PID: 20545 Comm: syz.3.4896 Tainted: G U L syzkaller #0 PREEMPT(full) [ 876.632813][T20545] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 876.632819][T20545] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 876.632830][T20545] Call Trace: [ 876.632837][T20545] [ 876.632844][T20545] dump_stack_lvl+0x100/0x190 [ 876.632867][T20545] print_report+0x156/0x4c9 [ 876.632894][T20545] ? __virt_addr_valid+0x81/0x620 [ 876.632917][T20545] ? __phys_addr+0xe8/0x180 [ 876.632938][T20545] ? fbcon_prepare_logo+0x94e/0xc60 [ 876.632960][T20545] kasan_report+0xdf/0x1e0 [ 876.632976][T20545] ? fbcon_prepare_logo+0x94e/0xc60 [ 876.633000][T20545] kasan_check_range+0x10f/0x1e0 [ 876.633018][T20545] __asan_memcpy+0x23/0x60 [ 876.633038][T20545] fbcon_prepare_logo+0x94e/0xc60 [ 876.633064][T20545] fbcon_init+0x10a0/0x1820 [ 876.633088][T20545] visual_init+0x320/0x620 [ 876.633173][T20545] do_bind_con_driver.isra.0+0x636/0x9c0 [ 876.633195][T20545] store_bind+0x609/0x730 [ 876.633215][T20545] ? __pfx_store_bind+0x10/0x10 [ 876.633238][T20545] dev_attr_store+0x58/0x80 [ 876.633309][T20545] ? __pfx_dev_attr_store+0x10/0x10 [ 876.633333][T20545] sysfs_kf_write+0xf2/0x150 [ 876.633353][T20545] kernfs_fop_write_iter+0x3e0/0x5f0 [ 876.633369][T20545] ? __pfx_sysfs_kf_write+0x10/0x10 [ 876.633387][T20545] vfs_write+0x6ac/0x1070 [ 876.633411][T20545] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 876.633427][T20545] ? __pfx_vfs_write+0x10/0x10 [ 876.633455][T20545] ksys_write+0x12a/0x250 [ 876.633468][T20545] ? __pfx_ksys_write+0x10/0x10 [ 876.633485][T20545] do_syscall_64+0x106/0xf80 [ 876.633504][T20545] ? clear_bhb_loop+0x40/0x90 [ 876.633522][T20545] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 876.633548][T20545] RIP: 0033:0x7fed08d9c799 [ 876.633564][T20545] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 876.633582][T20545] RSP: 002b:00007fed09c41028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 876.633599][T20545] RAX: ffffffffffffffda RBX: 00007fed09015fa0 RCX: 00007fed08d9c799 [ 876.633619][T20545] RDX: 0000000000000084 RSI: 0000200000000040 RDI: 0000000000000003 [ 876.633629][T20545] RBP: 00007fed08e32c99 R08: 0000000000000000 R09: 0000000000000000 [ 876.633795][T20545] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 876.633806][T20545] R13: 00007fed09016038 R14: 00007fed09015fa0 R15: 00007ffdbd766408 [ 876.633824][T20545] [ 876.633831][T20545] [ 876.633836][T20545] Allocated by task 1: [ 876.633845][T20545] kasan_save_stack+0x30/0x50 [ 876.633870][T20545] kasan_save_track+0x14/0x30 [ 876.633892][T20545] __kasan_kmalloc+0xaa/0xb0 [ 876.633914][T20545] led_trigger_register_simple+0x4a/0x110 [ 876.633996][T20545] usb_common_init+0x23/0x30 [ 876.634055][T20545] do_one_initcall+0x11d/0x760 [ 876.634071][T20545] kernel_init_freeable+0x6e5/0x7a0 [ 876.634091][T20545] kernel_init+0x1f/0x1e0 [ 876.634111][T20545] ret_from_fork+0x754/0xd80 [ 876.634132][T20545] ret_from_fork_asm+0x1a/0x30 [ 876.634146][T20545] [ 876.634150][T20545] The buggy address belongs to the object at ffff888022ee1e00 [ 876.634150][T20545] which belongs to the cache kmalloc-192 of size 192 [ 876.634164][T20545] The buggy address is located 90 bytes to the right of [ 876.634164][T20545] allocated 144-byte region [ffff888022ee1e00, ffff888022ee1e90) [ 876.634180][T20545] [ 876.634184][T20545] The buggy address belongs to the physical page: [ 876.634191][T20545] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x22ee1 [ 876.634207][T20545] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 876.634220][T20545] page_type: f5(slab) [ 876.634273][T20545] raw: 00fff00000000000 ffff88813fe3c3c0 dead000000000100 dead000000000122 [ 876.634290][T20545] raw: 0000000000000000 0000000800100010 00000000f5000000 0000000000000000 [ 876.634300][T20545] page dumped because: kasan: bad access detected [ 876.634309][T20545] page_owner tracks the page as allocated [ 876.634314][T20545] page last allocated via order 0, migratetype Unmovable, gfp_mask 0xd2cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 3827948845, free_ts 0 [ 876.634341][T20545] post_alloc_hook+0x153/0x170 [ 876.634361][T20545] get_page_from_freelist+0x111d/0x3140 [ 876.634382][T20545] __alloc_frozen_pages_noprof+0x27c/0x2ba0 [ 876.634403][T20545] new_slab+0xa6/0x6c0 [ 876.634420][T20545] refill_objects+0x26b/0x400 [ 876.634439][T20545] __pcs_replace_empty_main+0x1ab/0x600 [ 876.634460][T20545] __kmalloc_cache_noprof+0x493/0x6f0 [ 876.634494][T20545] call_usermodehelper_setup+0xaf/0x360 [ 876.634517][T20545] kobject_uevent_env+0x17c1/0x18b0 [ 876.634540][T20545] acpi_add_single_object+0xad3/0x1ab0 [ 876.634593][T20545] acpi_bus_add_fixed_device_object+0x6d/0xb7 [ 876.634616][T20545] acpi_scan_init+0x4c0/0x520 [ 876.634653][T20545] acpi_init+0x78f/0x840 [ 876.634712][T20545] do_one_initcall+0x11d/0x760 [ 876.634727][T20545] kernel_init_freeable+0x6e5/0x7a0 [ 876.634753][T20545] kernel_init+0x1f/0x1e0 [ 876.634773][T20545] page_owner free stack trace missing [ 876.634779][T20545] [ 876.634782][T20545] Memory state around the buggy address: [ 876.634790][T20545] ffff888022ee1d80: 00 00 00 04 fc fc fc fc fc fc fc fc fc fc fc fc [ 876.634802][T20545] ffff888022ee1e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 876.634812][T20545] >ffff888022ee1e80: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 876.634821][T20545] ^ [ 876.634830][T20545] ffff888022ee1f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 876.634840][T20545] ffff888022ee1f80: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 876.634849][T20545] ================================================================== [ 876.634868][T20545] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 876.634883][T20545] CPU: 0 UID: 0 PID: 20545 Comm: syz.3.4896 Tainted: G U L syzkaller #0 PREEMPT(full) [ 876.634908][T20545] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 876.634915][T20545] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 876.634929][T20545] Call Trace: [ 876.634936][T20545] [ 876.634943][T20545] dump_stack_lvl+0x100/0x190 [ 876.634967][T20545] vpanic+0x552/0x970 [ 876.634984][T20545] ? __pfx_vpanic+0x10/0x10 [ 876.634999][T20545] ? __pfx_vprintk_emit+0x10/0x10 [ 876.635015][T20545] ? fbcon_prepare_logo+0x94e/0xc60 [ 876.635037][T20545] panic+0xd1/0xe0 [ 876.635051][T20545] ? __pfx_panic+0x10/0x10 [ 876.635068][T20545] ? fbcon_prepare_logo+0x94e/0xc60 [ 876.635091][T20545] check_panic_on_warn.cold+0x19/0x34 [ 876.635107][T20545] end_report.part.0+0x3a/0x90 [ 876.635127][T20545] kasan_report.cold+0xe/0x18 [ 876.635148][T20545] ? fbcon_prepare_logo+0x94e/0xc60 [ 876.635173][T20545] kasan_check_range+0x10f/0x1e0 [ 876.635206][T20545] __asan_memcpy+0x23/0x60 [ 876.635227][T20545] fbcon_prepare_logo+0x94e/0xc60 [ 876.635254][T20545] fbcon_init+0x10a0/0x1820 [ 876.635279][T20545] visual_init+0x320/0x620 [ 876.635295][T20545] do_bind_con_driver.isra.0+0x636/0x9c0 [ 876.635314][T20545] store_bind+0x609/0x730 [ 876.635333][T20545] ? __pfx_store_bind+0x10/0x10 [ 876.635349][T20545] dev_attr_store+0x58/0x80 [ 876.635372][T20545] ? __pfx_dev_attr_store+0x10/0x10 [ 876.635395][T20545] sysfs_kf_write+0xf2/0x150 [ 876.635414][T20545] kernfs_fop_write_iter+0x3e0/0x5f0 [ 876.635429][T20545] ? __pfx_sysfs_kf_write+0x10/0x10 [ 876.635447][T20545] vfs_write+0x6ac/0x1070 [ 876.635478][T20545] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 876.635497][T20545] ? __pfx_vfs_write+0x10/0x10 [ 876.635526][T20545] ksys_write+0x12a/0x250 [ 876.635541][T20545] ? __pfx_ksys_write+0x10/0x10 [ 876.635557][T20545] do_syscall_64+0x106/0xf80 [ 876.635575][T20545] ? clear_bhb_loop+0x40/0x90 [ 876.635592][T20545] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 876.635616][T20545] RIP: 0033:0x7fed08d9c799 [ 876.635630][T20545] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 876.635650][T20545] RSP: 002b:00007fed09c41028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 876.635667][T20545] RAX: ffffffffffffffda RBX: 00007fed09015fa0 RCX: 00007fed08d9c799 [ 876.635678][T20545] RDX: 0000000000000084 RSI: 0000200000000040 RDI: 0000000000000003 [ 876.635688][T20545] RBP: 00007fed08e32c99 R08: 0000000000000000 R09: 0000000000000000 [ 876.635698][T20545] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 876.635713][T20545] R13: 00007fed09016038 R14: 00007fed09015fa0 R15: 00007ffdbd766408 [ 876.635728][T20545] [ 876.635789][T20545] Kernel Offset: disabled