last executing test programs: 3m41.210964345s ago: executing program 1 (id=12087): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0001, 0x15) read$auto_proc_pid_maps_operations_internal(r0, 0x0, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) io_uring_setup$auto(0x7, 0x0) mq_open$auto(0x0, 0x7e, 0x9, 0x0) mq_getsetattr$auto(0x3, 0x0, 0x0) 3m40.166334111s ago: executing program 1 (id=12100): r0 = socket(0xa, 0x2, 0x0) setsockopt$auto(r0, 0x29, 0x37, 0x0, 0x1) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) madvise$auto(0x110c230000, 0x1, 0x9) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/module/zswap/parameters/compressor\x00', 0xc0002, 0x0) write$auto_ocfs2_control_fops_stack_user(r1, &(0x7f0000003900)='\t', 0x1) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/module/button/parameters/lid_init_state\x00', 0x169882, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendfile$auto(r3, r2, 0x0, 0x8) 3m39.501244087s ago: executing program 1 (id=12097): mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x1, 0x0) r0 = socket(0x2, 0x5, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x3d}}, 0x6a) listen$auto(0x3, 0x81) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x10, &(0x7f00000000c0)={0x0, 0x1fff8}, 0x7, 0x0, 0x2, 0xb}, 0xfff}, 0x5, 0x311) io_uring_setup$auto(0x2, 0x0) setsockopt$auto(0x3, 0x10000000084, 0x11, 0x0, 0x8) 3m38.471290319s ago: executing program 1 (id=12104): mmap$auto(0x0, 0xa, 0xdb, 0x9b72, 0x5, 0x8000) socket(0x10, 0x2, 0x0) getrandom$auto(0x0, 0x6000000, 0x3) socket(0x2, 0x1, 0x0) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) r0 = socket(0xa, 0x801, 0x84) getsockopt$auto(r0, 0x84, 0xc, 0x0, 0x0) r1 = openat$auto_i2cdev_fops_i2c_dev(0xffffffffffffff9c, &(0x7f0000008040), 0x2, 0x0) ioctl$auto_I2C_SMBUS(r1, 0x720, 0x0) 3m38.22670177s ago: executing program 1 (id=12107): mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0xa, 0x0) r0 = socket(0x2, 0x3, 0x6) lsm_list_modules$auto(0x0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) open(&(0x7f0000000040)='./file0\x00', 0x8643, 0x15e) ioctl$sock_SIOCGIFINDEX(r0, 0x401c5820, 0x0) rename$auto(&(0x7f0000000480)='./file0\x00', 0x0) 3m37.937528078s ago: executing program 1 (id=12108): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = openat$auto_debugfs_full_proxy_file_operations_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/ieee80211/phy0/netdev:wlan0/flags\x00', 0x40400, 0x0) read$auto_debugfs_full_proxy_file_operations_internal(r0, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_tracing_fops_trace(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/tracing/trace\x00', 0x1a6b75d638828712, 0x0) r1 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/audio1\x00', 0x80502, 0x0) ioctl$auto_SNDCTL_DSP_SPEED(r1, 0xc0045002, &(0x7f00000000c0)) ioctl$auto_SNDCTL_DSP_CHANNELS(r1, 0xc0045006, &(0x7f00000001c0)) close_range$auto(0x2, 0xa, 0x0) 3m22.846002041s ago: executing program 32 (id=12108): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = openat$auto_debugfs_full_proxy_file_operations_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/ieee80211/phy0/netdev:wlan0/flags\x00', 0x40400, 0x0) read$auto_debugfs_full_proxy_file_operations_internal(r0, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_tracing_fops_trace(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/tracing/trace\x00', 0x1a6b75d638828712, 0x0) r1 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/audio1\x00', 0x80502, 0x0) ioctl$auto_SNDCTL_DSP_SPEED(r1, 0xc0045002, &(0x7f00000000c0)) ioctl$auto_SNDCTL_DSP_CHANNELS(r1, 0xc0045006, &(0x7f00000001c0)) close_range$auto(0x2, 0xa, 0x0) 6.424291913s ago: executing program 0 (id=13148): r0 = openat$auto_mousedev_fops_mousedev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/input/mouse0\x00', 0x181502, 0x0) mmap$auto(0x0, 0x4000b, 0x7, 0x9b72, 0x7, 0x28000) socket(0x1e, 0xa, 0x8000000) select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0xfffffffffffffffd, 0xb, 0xa, 0x40007fff, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x5e, 0x80000001, 0x7, 0x2, 0x93, 0x400000001, 0x2]}, 0x0) writev$auto(0x3, &(0x7f0000000080)={0x0, 0x1}, 0x3) unshare$auto(0x8000000) acct$auto(&(0x7f00000000c0)='/dev/input/mouse0\x00') mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) r1 = fcntl$auto_F_UNLCK(r0, 0x7, 0x2) syz_clone3(&(0x7f0000000100)={0x101045100, 0x0, 0x0, 0x0, {0x11}, 0x0, 0x0, 0x0, 0x0, 0x0, {r1}}, 0x58) 4.951150343s ago: executing program 0 (id=13155): socket(0x1d, 0x2, 0x2) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) connect$auto(0x3, 0x0, 0x55) socket(0x10, 0x3, 0x6) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) write$auto(0x3, 0x0, 0x5c8) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) write$auto(0x3, 0x0, 0x5c8) mmap$auto(0x0, 0xb, 0xffb, 0x8000000008011, 0x3, 0x10000000000) preadv2$auto(0x3, &(0x7f0000001000)={0x0, 0x9}, 0x5, 0xffffffffffffffff, 0x7, 0x2e) 4.947481731s ago: executing program 4 (id=13156): mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0x2, 0x8000) get_robust_list$auto(0x0, 0x0, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = open(0x0, 0x261c2, 0x84) close_range$auto(0x2, 0x8000, 0x0) r2 = socket(0xa, 0x2, 0x88) socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'dummy0\x00', 0x0}) bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_5={@target_ifindex=r4, r3, 0x4, 0x1ff, r2, @relative_fd=r1, 0xe600}, 0xf) bpf$auto(0x2, &(0x7f00000001c0)=@raw_tracepoint={0x5, r1, 0x0, 0x3}, 0xc) 4.414903773s ago: executing program 0 (id=13159): mmap$auto(0x0, 0x20005, 0x4000000000df, 0xeb1, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x2008000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x100) r0 = socket(0x1d, 0x2, 0x7) r1 = socket(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'vcan0\x00', 0x0}) bind$auto(0x3, &(0x7f0000000040)=@can={0x1d, r2}, 0x6a) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'vcan0\x00', 0x0}) connect$auto(0x3, &(0x7f00000018c0)=@can={0x1d, r3}, 0x18) sendmmsg$auto(0x3, 0x0, 0x9a4, 0xffff) 4.147113156s ago: executing program 4 (id=13161): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ram5\x00', 0x5eba82, 0x0) ioctl$auto_BLKALIGNOFF(r0, 0x127a, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000200)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) sendmsg$auto_NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xc000}, 0x2404c800) close_range$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$auto_NL80211_CMD_GET_SURVEY(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000440)={&(0x7f00000023c0)={0x34, 0x0, 0x10, 0x70bd26, 0x25dfdbfc, {}, [@NL80211_ATTR_WIPHY_SELF_MANAGED_REG={0x4}, @NL80211_ATTR_WIPHY_SELF_MANAGED_REG={0x4}, @NL80211_ATTR_SMPS_MODE={0x5, 0xd5, 0x40}, @NL80211_ATTR_PID={0x8}, @NL80211_ATTR_WIPHY_ANTENNA_RX={0x8, 0x6a, 0x8}]}, 0x34}, 0x1, 0x0, 0x0, 0x20040001}, 0x4004) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r2 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/kallsyms\x00', 0x20100, 0x0) pread64$auto(r2, 0x0, 0x80000000008, 0x8000) kexec_load$auto(0x5, 0x2, &(0x7f0000000040)={@kbuf=0x0, 0x800c000, 0x4800c000, 0x800c000}, 0x4) 3.264086654s ago: executing program 3 (id=13165): socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2a, 0xdf, 0x9b72, 0x1000, 0x28000) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x2, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x202, 0x0) socket(0x10, 0x2, 0xc) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000400), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'batadv0\x00', 0x0}) sendmsg$auto_BATADV_CMD_GET_DAT_CACHE(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r1, @ANYBLOB="57e72cbd700003dcdf250700000008000300", @ANYRES32=r2], 0x1c}}, 0x10) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x20000000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x6, 0x9}, 0x7}, 0x3, 0x0) 2.983185793s ago: executing program 2 (id=13166): mmap$auto(0x0, 0x2020009, 0x3, 0x800000000000eb1, 0xfffffffffffffff6, 0x8000) close_range$auto(0x2, 0x8, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x163340, 0x2a) r0 = socket(0x2a, 0x2, 0x1) connect$auto(r0, &(0x7f0000000140)=@qipcrtr={0x2a, 0x1}, 0x57) write$auto(0x3, 0x0, 0x3f00) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x60642, 0x0) mmap$auto(0x0, 0x10000, 0xde, 0x11, r1, 0x28000) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) 2.645487158s ago: executing program 2 (id=13167): mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) r0 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000180)='/proc/thread-self/oom_adj\x00', 0x49402, 0x0) read$auto(r0, 0x0, 0x9a28) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3) fanotify_mark$auto(0xffffffffffffffff, 0x80, 0x5e50ee86, 0xffffffffffffffff, 0x0) mremap$auto(0x200000000ffe, 0x40, 0x3b, 0x3, 0x110c230000) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x14be02, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) 2.626938226s ago: executing program 3 (id=13168): mmap$auto(0x0, 0xa, 0xdb, 0x9b72, 0x5, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) io_uring_setup$auto(0x6, 0x0) open(0x0, 0x22240, 0x155) io_uring_setup$auto(0x6, 0x0) r0 = socket(0x28, 0x805, 0x0) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0xffffffff, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) bind$auto(r0, &(0x7f0000000080)=@in={0x28, 0x0, @rand_addr=0xffffffff}, 0x68) listen$auto(0x3, 0x81) accept$auto(0x3, 0x0, 0x0) 2.354719693s ago: executing program 3 (id=13169): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x3, 0x4) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x4000894}, 0x800) sendmsg$auto_ETHTOOL_MSG_EEE_SET(0xffffffffffffffff, &(0x7f0000001700)={0x0, 0x0, &(0x7f00000016c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="d4000000", @ANYRES16=0x0, @ANYBLOB="100027bd7000fbdbdf2518000000200001800247eea41fac000014000200766574683100000000000000000000000800070063fbffff0500060001000000840002803d00488013b37090badc49d6dc93876646d25a4d297d01cd3b7da38d12889cc50d505f353dc42d0a3c0a14c7b464289107080036", @ANYRES32=0x0, @ANYBLOB="0400b3800000003d003b800400a4800c009a000080"], 0xd4}, 0x1, 0x0, 0x0, 0x20000010}, 0x20008000) open(&(0x7f00000001c0)='./cgroup\x00', 0x0, 0x6f) sendmsg$auto_ETHTOOL_MSG_WOL_SET(0xffffffffffffffff, &(0x7f0000002cc0)={0x0, 0x0, &(0x7f0000002c80)={&(0x7f0000000180)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYBLOB="010027"], 0x2c}, 0x1, 0x0, 0x0, 0x4801}, 0x8040) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="12"], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 2.235860003s ago: executing program 0 (id=13170): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_SMC_NETLINK_GET_DEV_SMCD(r0, &(0x7f0000004380)={0x0, 0x0, &(0x7f0000004340)={&(0x7f0000004300)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB='\v'], 0x14}, 0x1, 0x0, 0x0, 0x8010}, 0x810) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), r0) read$auto(r0, &(0x7f0000000000)='\x00', 0x91e2) sendmsg$auto_GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x14, 0x0, 0x107, 0x70bd25, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x44}, 0x4) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0xc) r1 = socket(0x1d, 0x2, 0x7) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'vcan0\x00', 0x0}) bind$auto(0x3, &(0x7f0000000040)=@can={0x1d, r2}, 0x6a) sendto$auto(r1, 0x0, 0x6fffff9, 0xfffffff8, &(0x7f0000000440)=@can={0x1d, r3, 0x3f}, 0x36) 2.039997414s ago: executing program 4 (id=13171): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = socket(0xa, 0x2, 0x88) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0) bpf$auto(0x0, 0x0, 0xf) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000100)='/dev/video0\x00', 0xa200, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x4, 0x15f4da0a, 0x1, 0x3, 0x0, 0x80000001, 0x7, 0x6d39, 0x5, 0x2, 0x1]}, 0x0) close_range$auto(0x2, 0xa, 0x0) fcntl$auto(0x0, 0x407, 0x1) 1.963855562s ago: executing program 3 (id=13172): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x4000000008000) socket(0x1d, 0x2, 0x2) connect$auto(0x3, 0x0, 0x55) r0 = socket(0x10, 0x3, 0x6) close_range$auto(r0, 0xfffffffffffff000, 0x4000000000002) mmap$auto(0x0, 0x2000d, 0x4000000000df, 0xeb1, 0x404, 0x8000) close_range$auto(0x2, 0x8, 0x0) fanotify_init$auto(0x65, 0x2) socket(0x1d, 0x2, 0x2) connect$auto(0x3, 0x0, 0x55) close_range$auto(0x2, 0x8, 0x0) 1.846101284s ago: executing program 2 (id=13173): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0xffffffffffffffff, 0x0) r0 = socket(0xa, 0x2, 0x88) socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'bond0\x00', 0x0}) bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_5={@target_ifindex=r2, r1, 0x4, 0x1ff, r0, @relative_id=0x13, 0xe600}, 0xf) socketpair$auto(0x1, 0x3, 0x8000000000000000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) bpf$auto(0x2, &(0x7f00000001c0)=@enable_stats={0x5}, 0xc) select$auto(0xc, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x5, 0xd3b, 0x8000000000, 0x948b, 0x3, 0x95f4da0a, 0xffffffffffffffff, 0x3, 0x3, 0x80000001, 0xb36, 0x40800000000000, 0x9, 0x8, 0xfffffffffffffff8]}, 0x0) 1.661752542s ago: executing program 0 (id=13174): mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) connect$auto(0x3, 0x0, 0x58) quotactl$auto(0x9, 0x0, 0x62a0, 0x0) mmap$auto(0x0, 0x2000c, 0xdf, 0xe31, 0x40000000000a5, 0x8000) syz_genetlink_get_family_id$auto_802_15_4_mac(0x0, 0xffffffffffffffff) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ioam6(&(0x7f0000000b80), r0) sendmsg$auto_IOAM6_CMD_DEL_SCHEMA(r0, &(0x7f0000000c40)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000bc0)={0x1c, r1, 0x1, 0x70bd29, 0x25dfdbfb, {}, [@IOAM6_ATTR_SC_ID={0x8, 0x4, 0x3}]}, 0x1c}, 0x1, 0x0, 0x0, 0x80}, 0x40040) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_tcp_metrics(&(0x7f0000000c00), r2) sendmsg$auto_TCP_METRICS_CMD_DEL(r2, &(0x7f0000000cc0)={0x0, 0x0, &(0x7f0000000c80)={&(0x7f0000000280)={0x24, r3, 0x901, 0x70bd27, 0x25dfdbfb, {}, [@TCP_METRICS_ATTR_SADDR_IPV4={0x8, 0xb, @private=0xac14140a}, @TCP_METRICS_ATTR_ADDR_IPV4={0x8, 0x1, @remote}]}, 0x24}, 0x1, 0x0, 0x0, 0x80}, 0x40) 1.465595423s ago: executing program 4 (id=13175): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) io_uring_setup$auto(0x6, 0x0) close_range$auto(0x2, 0x8000, 0x0) open(0x0, 0xa22c0, 0x155) socket(0x11, 0x80003, 0x300) dup3$auto(0x8000000000000001, 0x5, 0x800080000) openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, 0x0, 0x900, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_console_fops_tty_io(0xffffffffffffff9c, 0x0, 0x102, 0x0) openat$auto_proc_loginuid_operations_base(0xffffffffffffff9c, 0x0, 0x109000, 0x0) prctl$auto(0x23, 0xd, 0x8, 0x0, 0x0) 1.207191352s ago: executing program 3 (id=13176): mmap$auto(0x0, 0x5, 0x3, 0x17, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x7ffffffff000, 0x8004, 0xeb1, 0xfffffffffffffffa, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x40000) ioprio_set$auto(0x2, 0x800000000, 0x8) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_OVS_DP_CMD_NEW(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x24, r2, 0x1, 0x2070bd26, 0x25dfdbf8, {}, [@OVS_DP_ATTR_UPCALL_PID={0x8, 0x2, 0x4}, @OVS_DP_ATTR_UPCALL_PID={0x8, 0x2, 0x9}]}, 0x24}, 0x1, 0x0, 0x0, 0x801}, 0x80) r3 = syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000004440), 0xffffffffffffffff) sendmsg$auto_OVS_DP_CMD_NEW(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000004540)={&(0x7f00000000c0)=ANY=[], 0x8d}, 0x1, 0x0, 0x0, 0x10}, 0x2000000) sendmsg$auto_OVS_DP_CMD_NEW(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)={0x2c, r3, 0x1, 0x2070bd26, 0x25dfdbf8, {}, [@OVS_DP_ATTR_UPCALL_PID={0x8, 0x2, 0x4}, @OVS_DP_ATTR_NAME={0x8, 0x1, 'HfR\x00'}, @OVS_DP_ATTR_UPCALL_PID={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x801}, 0x80) 1.18671498s ago: executing program 4 (id=13177): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0xc) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$auto(r1, 0xae41, r0) ioctl$auto_KVM_GET_MSRS(r2, 0x4008ae89, &(0x7f0000000080)={0x2, 0x0, [{0xc0000102, 0x400, 0x9}]}) 817.329737ms ago: executing program 0 (id=13178): syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0) sendmsg$auto_ETHTOOL_MSG_RINGS_SET(0xffffffffffffffff, 0x0, 0x80000) openat$auto_proc_setgroups_operations_base(0xffffffffffffff9c, 0x0, 0x80000, 0x0) read$auto_v4l2_fops_v4l2_dev(0xffffffffffffffff, 0x0, 0x0) ioctl$auto(0xffffffffffffffff, 0x2400000, 0xffffffffffffffff) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x80000000) msgget$auto(0xc, 0x77d9) madvise$auto(0x0, 0x8, 0xe) 810.947691ms ago: executing program 3 (id=13179): gettid() mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) r0 = openat$auto_proc_clear_refs_operations_internal(0xffffffffffffff9c, &(0x7f0000000600)='/proc/thread-self/clear_refs\x00', 0x2, 0x0) r1 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200", @ANYBLOB=']'], 0x1ac}, 0x1, 0x0, 0x0, 0x48080}, 0x4c100) recvmmsg$auto(r1, &(0x7f0000000140)={{0x0, 0x3, &(0x7f0000000080)={0x0, 0x400}, 0x5, 0x0, 0x2000000200002, 0x8}, 0x803}, 0xfffffff9, 0x10, 0x0) write$auto_proc_clear_refs_operations_internal(r0, 0x0, 0xffffff4b) brk$auto(0x7) madvise$auto(0x0, 0xffffffffffff0001, 0x15) read$auto(0xffffffffffffffff, 0x0, 0x4) migrate_pages$auto(0x0, 0x74, &(0x7f0000000780)=0x8000000000000001, &(0x7f00000007c0)=0x1) 791.665401ms ago: executing program 2 (id=13180): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x60742, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x18, 0xa, 0x1) socket(0xa, 0x2, 0x0) fstat$auto(r0, 0x0) close_range$auto(0x0, 0x5, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptytd\x00', 0x800, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/tty12\x00', 0x101c40, 0x0) r2 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) ioctl$auto(r1, 0x541c, r2) 287.186481ms ago: executing program 2 (id=13181): mmap$auto(0x0, 0x20004, 0x1ff, 0xeb1, 0x8000000000000024, 0x8000) close_range$auto(0x2, 0x8, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x40342, 0x149) openat$auto_ftrace_event_filter_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/tracing/events/vmalloc/alloc_vmap_area/filter\x00', 0x2, 0x0) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x4008) r0 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000240)='/sys/devices/virtual/block/ram9/diskseq\x00', 0x0, 0x0) read$auto(r1, 0x0, 0x20) writev$auto(r0, &(0x7f0000000200)={0x0, 0xb}, 0x200000003) write$auto(0x3, 0x0, 0x5c8) 181.444451ms ago: executing program 4 (id=13182): socket(0x10, 0x2, 0x0) openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/set_event\x00', 0x20201, 0x0) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0x10, 0x2, 0x14) socket(0x10, 0x2, 0x0) openat$auto_proc_page_owner_operations_page_owner(0xffffffffffffff9c, &(0x7f0000000000), 0x101002, 0x0) socket(0xa, 0x5, 0x84) r0 = openat$auto_urandom_fops_random(0xffffffffffffff9c, &(0x7f0000000000), 0x101b00, 0x0) unshare$auto(0x40000080) writev$auto(r0, &(0x7f0000000200)={0x0, 0x7}, 0x3) 0s ago: executing program 2 (id=13183): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r0 = socket(0x10, 0x2, 0x0) syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1a00"], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x20000800) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) recvmmsg$auto(r0, &(0x7f0000000100)={{0x0, 0x4, &(0x7f0000000080)={&(0x7f0000000040), 0xcb}, 0x2, 0x0, 0x80000000, 0x6}, 0x9}, 0x7, 0x6, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB=' \x00\''], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x20008841) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="19"], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c03, &(0x7f0000000000)={0x0, 0xfa}, 0x1, 0x0, 0x0, 0x9}, 0x1}, 0x2, 0x0) kernel console output (not intermixed with test programs): ronizing with TNC [ 1337.560035][ T2045] netlink: 318 bytes leftover after parsing attributes in process `syz.3.11673'. [ 1337.775531][ T2037] zswap: compressor not available [ 1341.089918][ T2123] netlink: 4 bytes leftover after parsing attributes in process `syz.3.11699'. [ 1341.118102][ T2123] netlink: 354 bytes leftover after parsing attributes in process `syz.3.11699'. [ 1341.450883][ T2128] usb usb36: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 1341.468312][ T2128] vhci_hcd vhci_hcd.1: default hub control req: c902 v00bf i0000 l0 [ 1342.849755][ T2159] base or size exceeds the MTRR width [ 1343.553132][ T2175] netlink: 342 bytes leftover after parsing attributes in process `syz.1.11718'. [ 1345.225432][ T2207] netlink: 342 bytes leftover after parsing attributes in process `syz.2.11730'. [ 1346.148193][T21810] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1346.159989][T21810] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1346.170553][T21810] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1346.180685][T21810] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1346.190710][T21810] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1346.919900][ T2225] chnl_net:caif_netlink_parms(): no params data found [ 1347.233623][ T2237] FAULT_INJECTION: forcing a failure. [ 1347.233623][ T2237] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1347.247433][ T2237] CPU: 1 UID: 0 PID: 2237 Comm: syz.0.11738 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 1347.247499][ T2237] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 1347.247516][ T2237] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1347.247535][ T2237] Call Trace: [ 1347.247547][ T2237] [ 1347.247559][ T2237] dump_stack_lvl+0x100/0x190 [ 1347.247611][ T2237] should_fail_ex.cold+0x5/0xa [ 1347.247640][ T2237] ? prepare_alloc_pages+0x16d/0x5f0 [ 1347.247681][ T2237] should_fail_alloc_page+0xeb/0x140 [ 1347.247715][ T2237] prepare_alloc_pages+0x1f0/0x5f0 [ 1347.247759][ T2237] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 1347.247809][ T2237] ? try_to_migrate_one+0x142e/0x37f0 [ 1347.247864][ T2237] ? __pfx_try_to_migrate_one+0x10/0x10 [ 1347.247902][ T2237] ? mas_next_node+0x7f8/0xf30 [ 1347.247944][ T2237] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 1347.248012][ T2237] ? __up_read+0x2c5/0x700 [ 1347.248066][ T2237] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1347.248120][ T2237] ? policy_nodemask+0xed/0x4f0 [ 1347.248156][ T2237] alloc_pages_mpol+0x1fb/0x550 [ 1347.248189][ T2237] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 1347.248234][ T2237] folio_alloc_mpol_noprof+0x36/0x340 [ 1347.248277][ T2237] alloc_migration_target_by_mpol+0x2c1/0x650 [ 1347.248323][ T2237] ? __pfx_alloc_migration_target_by_mpol+0x10/0x10 [ 1347.248365][ T2237] ? __pfx___might_resched+0x10/0x10 [ 1347.248410][ T2237] ? arch_stack_walk+0xa6/0xf0 [ 1347.248446][ T2237] migrate_pages_batch+0x4f2/0x4530 [ 1347.248488][ T2237] ? __pfx_alloc_migration_target_by_mpol+0x10/0x10 [ 1347.248547][ T2237] ? __pfx_migrate_pages_batch+0x10/0x10 [ 1347.248582][ T2237] ? kasan_save_stack+0x3f/0x50 [ 1347.248628][ T2237] ? kasan_save_stack+0x30/0x50 [ 1347.248670][ T2237] ? kasan_save_track+0x14/0x30 [ 1347.248710][ T2237] ? __mpol_dup+0x74/0x370 [ 1347.248741][ T2237] ? sp_alloc+0x4d/0x160 [ 1347.248774][ T2237] ? do_mbind+0x7de/0xfd0 [ 1347.248807][ T2237] ? kernel_mbind+0x1b7/0x200 [ 1347.248843][ T2237] ? do_syscall_64+0x106/0xf80 [ 1347.248881][ T2237] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1347.248932][ T2237] migrate_pages_sync+0x12c/0x880 [ 1347.248969][ T2237] ? __pfx_alloc_migration_target_by_mpol+0x10/0x10 [ 1347.249014][ T2237] ? __pfx_migrate_pages_sync+0x10/0x10 [ 1347.249081][ T2237] ? __lock_acquire+0x4a5/0x2630 [ 1347.249128][ T2237] migrate_pages+0x1aae/0x28a0 [ 1347.249174][ T2237] ? __pfx_alloc_migration_target_by_mpol+0x10/0x10 [ 1347.249220][ T2237] ? mpol_set_shared_policy+0x291/0x8a0 [ 1347.249259][ T2237] ? mpol_set_shared_policy+0x291/0x8a0 [ 1347.249299][ T2237] ? __pfx_migrate_pages+0x10/0x10 [ 1347.249341][ T2237] ? find_held_lock+0x2b/0x80 [ 1347.249372][ T2237] ? do_mbind+0x557/0xfd0 [ 1347.249416][ T2237] ? up_write+0x290/0x4f0 [ 1347.249461][ T2237] do_mbind+0x5a6/0xfd0 [ 1347.249512][ T2237] ? __pfx_do_mbind+0x10/0x10 [ 1347.249545][ T2237] ? do_writev+0x214/0x340 [ 1347.249603][ T2237] ? __pfx_get_nodes+0x10/0x10 [ 1347.249658][ T2237] kernel_mbind+0x1b7/0x200 [ 1347.249699][ T2237] ? __pfx_kernel_mbind+0x10/0x10 [ 1347.249752][ T2237] do_syscall_64+0x106/0xf80 [ 1347.249794][ T2237] ? clear_bhb_loop+0x40/0x90 [ 1347.249833][ T2237] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1347.249864][ T2237] RIP: 0033:0x7f249d19c799 [ 1347.249892][ T2237] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1347.249921][ T2237] RSP: 002b:00007f249dfb6028 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed [ 1347.249953][ T2237] RAX: ffffffffffffffda RBX: 00007f249d415fa0 RCX: 00007f249d19c799 [ 1347.249974][ T2237] RDX: 0000000000000004 RSI: 00000000002091d2 RDI: 0000000000000000 [ 1347.249993][ T2237] RBP: 00007f249d232c99 R08: 0000000000000006 R09: 0000000000000002 [ 1347.250013][ T2237] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1347.250029][ T2237] R13: 00007f249d416038 R14: 00007f249d415fa0 R15: 00007ffe0b40fb48 [ 1347.250077][ T2237] [ 1347.689665][ T2225] bridge0: port 1(bridge_slave_0) entered blocking state [ 1347.697585][ T2225] bridge0: port 1(bridge_slave_0) entered disabled state [ 1347.704928][ T2225] bridge_slave_0: entered allmulticast mode [ 1347.713563][ T2225] bridge_slave_0: entered promiscuous mode [ 1347.723712][ T2225] bridge0: port 2(bridge_slave_1) entered blocking state [ 1347.731050][ T2225] bridge0: port 2(bridge_slave_1) entered disabled state [ 1347.738387][ T2225] bridge_slave_1: entered allmulticast mode [ 1347.746808][ T2225] bridge_slave_1: entered promiscuous mode [ 1347.793608][ T2225] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1347.814616][ T2225] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1348.066118][ T2225] team0: Port device team_slave_0 added [ 1348.126342][ T2225] team0: Port device team_slave_1 added [ 1348.247636][ T2225] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1348.254813][ T2225] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1348.264167][T21810] Bluetooth: hci1: command tx timeout [ 1348.280987][ T2225] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1348.317295][ T2225] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1348.328748][ T2225] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1348.355671][ T2225] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1348.432243][ T2225] hsr_slave_0: entered promiscuous mode [ 1348.439881][ T2225] hsr_slave_1: entered promiscuous mode [ 1348.446966][ T2225] debugfs: 'hsr0' already exists in 'hsr' [ 1348.452765][ T2225] Cannot create hsr debugfs directory [ 1349.039609][ T2225] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1349.229783][ T2225] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1349.724814][ T2225] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1349.995694][ T2225] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1350.334241][T21810] Bluetooth: hci1: command tx timeout [ 1350.786694][ T2225] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 1350.858712][ T2225] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 1350.988136][ T2225] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 1351.037692][ T2225] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 1351.431729][ T2225] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1351.798606][ T2225] 8021q: adding VLAN 0 to HW filter on device team0 [ 1351.833097][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 1351.840336][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1351.990382][ T48] bridge0: port 2(bridge_slave_1) entered blocking state [ 1351.997663][ T48] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1352.028996][ T2314] netlink: 354 bytes leftover after parsing attributes in process `syz.3.11763'. [ 1352.414986][T21810] Bluetooth: hci1: command tx timeout [ 1352.627799][ T2225] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1352.745154][ T2225] veth0_vlan: entered promiscuous mode [ 1352.788021][ T2225] veth1_vlan: entered promiscuous mode [ 1352.845818][ C1] vcan0: j1939_tp_rxtimer: 0xffff88805f805400: rx timeout, send abort [ 1352.854756][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88805f805400: 0x0ffff: (3) A timeout occurred and this is the connection abort to close the session. [ 1352.890635][ T2225] veth0_macvtap: entered promiscuous mode [ 1352.931586][ T2225] veth1_macvtap: entered promiscuous mode [ 1353.001326][ T2225] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1353.073632][ T2225] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1353.125320][T26520] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1353.149322][T26520] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1353.195256][T26520] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1353.234861][T26520] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1353.484168][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1353.520467][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1353.612192][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1353.654920][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1354.091289][ T2356] netlink: 322 bytes leftover after parsing attributes in process `syz.1.11776'. [ 1354.498388][T21810] Bluetooth: hci1: command tx timeout [ 1355.129498][ T2363] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1355.144721][ T2363] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1355.156487][ T2363] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1355.162918][ T2363] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1355.171447][ T2363] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 1355.186268][ T2363] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 1355.264924][ T2377] sp0: Synchronizing with TNC [ 1356.494506][T21810] Bluetooth: hci3: command 0x0406 tx timeout [ 1356.730257][ T2418] FAULT_INJECTION: forcing a failure. [ 1356.730257][ T2418] name failslab, interval 1, probability 0, space 0, times 0 [ 1356.768281][ T2418] CPU: 0 UID: 0 PID: 2418 Comm: syz.3.11795 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 1356.768355][ T2418] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 1356.768375][ T2418] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1356.768396][ T2418] Call Trace: [ 1356.768408][ T2418] [ 1356.768421][ T2418] dump_stack_lvl+0x100/0x190 [ 1356.768478][ T2418] should_fail_ex.cold+0x5/0xa [ 1356.768519][ T2418] should_failslab+0xc2/0x120 [ 1356.768565][ T2418] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 1356.768611][ T2418] ? __kernfs_new_node+0xd2/0x960 [ 1356.768655][ T2418] ? kstrdup+0xb3/0xe0 [ 1356.768711][ T2418] __kernfs_new_node+0xd2/0x960 [ 1356.768762][ T2418] ? __pfx___kernfs_new_node+0x10/0x10 [ 1356.768816][ T2418] ? find_held_lock+0x2b/0x80 [ 1356.768847][ T2418] ? kernfs_root+0xee/0x2a0 [ 1356.768890][ T2418] ? kernfs_root+0xee/0x2a0 [ 1356.768945][ T2418] kernfs_new_node+0x11b/0x1a0 [ 1356.769003][ T2418] kernfs_create_link+0xcc/0x240 [ 1356.769045][ T2418] sysfs_do_create_link_sd+0x90/0x140 [ 1356.769094][ T2418] sysfs_create_link+0x61/0xc0 [ 1356.769139][ T2418] __add_disk+0x619/0xe40 [ 1356.769281][ T2418] ? find_held_lock+0x2b/0x80 [ 1356.769317][ T2418] add_disk_fwnode+0x3d4/0x5c0 [ 1356.769355][ T2418] zram_add+0x4d2/0x610 [ 1356.769454][ T2418] ? __pfx_zram_add+0x10/0x10 [ 1356.769525][ T2418] ? find_held_lock+0x2b/0x80 [ 1356.769566][ T2418] ? sysfs_file_kobj+0xe4/0x290 [ 1356.769611][ T2418] ? __pfx_hot_add_show+0x10/0x10 [ 1356.769655][ T2418] hot_add_show+0x21/0x80 [ 1356.769695][ T2418] class_attr_show+0x72/0xa0 [ 1356.769731][ T2418] ? __pfx_class_attr_show+0x10/0x10 [ 1356.769763][ T2418] sysfs_kf_seq_show+0x217/0x3a0 [ 1356.769812][ T2418] seq_read_iter+0x32f/0x1270 [ 1356.769880][ T2418] kernfs_fop_read_iter+0x46c/0x610 [ 1356.769918][ T2418] ? rw_verify_area+0xce/0x6d0 [ 1356.769965][ T2418] ? __pfx_kernfs_fop_read_iter+0x10/0x10 [ 1356.770004][ T2418] vfs_read+0x825/0xb30 [ 1356.770058][ T2418] ? __pfx_vfs_read+0x10/0x10 [ 1356.770138][ T2418] ksys_read+0x12a/0x250 [ 1356.770168][ T2418] ? __pfx_ksys_read+0x10/0x10 [ 1356.770211][ T2418] do_syscall_64+0x106/0xf80 [ 1356.770256][ T2418] ? clear_bhb_loop+0x40/0x90 [ 1356.770297][ T2418] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1356.770330][ T2418] RIP: 0033:0x7f35be99c799 [ 1356.770359][ T2418] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1356.770390][ T2418] RSP: 002b:00007f35bf7e1028 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1356.770422][ T2418] RAX: ffffffffffffffda RBX: 00007f35bec15fa0 RCX: 00007f35be99c799 [ 1356.770445][ T2418] RDX: 0000000000001000 RSI: 0000200000000ec0 RDI: 0000000000000005 [ 1356.770465][ T2418] RBP: 00007f35bea32c99 R08: 0000000000000000 R09: 0000000000000000 [ 1356.770486][ T2418] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1356.770505][ T2418] R13: 00007f35bec16038 R14: 00007f35bec15fa0 R15: 00007fff1b70d438 [ 1356.770561][ T2418] [ 1357.224149][T21810] Bluetooth: hci1: command 0x0c1a tx timeout [ 1357.238186][T21810] Bluetooth: hci0: command 0x0c1a tx timeout [ 1357.245561][T21810] Bluetooth: hci2: command 0x0406 tx timeout [ 1357.556528][ T2429] netlink: 4 bytes leftover after parsing attributes in process `syz.3.11800'. [ 1357.567314][ T2429] netlink: 25 bytes leftover after parsing attributes in process `syz.3.11800'. [ 1358.666806][ T2453] FAULT_INJECTION: forcing a failure. [ 1358.666806][ T2453] name failslab, interval 1, probability 0, space 0, times 0 [ 1358.744249][ T2453] CPU: 1 UID: 0 PID: 2453 Comm: syz.3.11806 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 1358.744319][ T2453] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 1358.744338][ T2453] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1358.744357][ T2453] Call Trace: [ 1358.744378][ T2453] [ 1358.744391][ T2453] dump_stack_lvl+0x100/0x190 [ 1358.744446][ T2453] should_fail_ex.cold+0x5/0xa [ 1358.744484][ T2453] should_failslab+0xc2/0x120 [ 1358.744518][ T2453] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1358.744559][ T2453] ? alloc_tty_struct+0x96/0x8c0 [ 1358.744619][ T2453] alloc_tty_struct+0x96/0x8c0 [ 1358.744672][ T2453] ? __pfx_alloc_tty_struct+0x10/0x10 [ 1358.744735][ T2453] pty_common_install+0x1c7/0xb30 [ 1358.744834][ T2453] ? __pfx_pty_unix98_install+0x10/0x10 [ 1358.744900][ T2453] tty_init_dev.part.0+0x9e/0x470 [ 1358.744951][ T2453] tty_init_dev+0x60/0x80 [ 1358.745000][ T2453] ptmx_open+0x15e/0x3c0 [ 1358.745039][ T2453] ? __pfx_ptmx_open+0x10/0x10 [ 1358.745075][ T2453] chrdev_open+0x234/0x6a0 [ 1358.745108][ T2453] ? __pfx_apparmor_file_open+0x10/0x10 [ 1358.745159][ T2453] ? __pfx_chrdev_open+0x10/0x10 [ 1358.745196][ T2453] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 1358.745238][ T2453] do_dentry_open+0x6d8/0x1660 [ 1358.745268][ T2453] ? __pfx_chrdev_open+0x10/0x10 [ 1358.745310][ T2453] vfs_open+0x82/0x3f0 [ 1358.745354][ T2453] path_openat+0x208c/0x31a0 [ 1358.745410][ T2453] ? __pfx_path_openat+0x10/0x10 [ 1358.745460][ T2453] do_file_open+0x20e/0x430 [ 1358.745497][ T2453] ? __pfx_do_file_open+0x10/0x10 [ 1358.745559][ T2453] ? alloc_fd+0x476/0x790 [ 1358.745596][ T2453] ? do_getname+0x191/0x390 [ 1358.745650][ T2453] do_sys_openat2+0x10d/0x1e0 [ 1358.745689][ T2453] ? __pfx_do_sys_openat2+0x10/0x10 [ 1358.745734][ T2453] ? __fget_files+0x21f/0x3d0 [ 1358.745771][ T2453] __x64_sys_openat+0x12d/0x210 [ 1358.745814][ T2453] ? __pfx___x64_sys_openat+0x10/0x10 [ 1358.745872][ T2453] do_syscall_64+0x106/0xf80 [ 1358.745916][ T2453] ? clear_bhb_loop+0x40/0x90 [ 1358.745957][ T2453] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1358.745989][ T2453] RIP: 0033:0x7f35be99c799 [ 1358.746017][ T2453] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1358.746048][ T2453] RSP: 002b:00007f35bf7e1028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1358.746080][ T2453] RAX: ffffffffffffffda RBX: 00007f35bec15fa0 RCX: 00007f35be99c799 [ 1358.746102][ T2453] RDX: 0000000000000000 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 1358.746123][ T2453] RBP: 00007f35bea32c99 R08: 0000000000000000 R09: 0000000000000000 [ 1358.746142][ T2453] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1358.746160][ T2453] R13: 00007f35bec16038 R14: 00007f35bec15fa0 R15: 00007fff1b70d438 [ 1358.746203][ T2453] [ 1359.298252][ T5146] Bluetooth: hci1: command 0x0c1a tx timeout [ 1359.362716][ T2460] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input14 [ 1359.526914][ T2462] netlink: 354 bytes leftover after parsing attributes in process `syz.3.11809'. [ 1360.454856][ T2471] zswap: compressor not available [ 1361.384137][ T5146] Bluetooth: hci1: command 0x0c1a tx timeout [ 1361.858801][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 1361.865912][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 1363.452379][ T2540] FAULT_INJECTION: forcing a failure. [ 1363.452379][ T2540] name failslab, interval 1, probability 0, space 0, times 0 [ 1363.496699][ T2540] CPU: 0 UID: 0 PID: 2540 Comm: syz.1.11829 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 1363.496768][ T2540] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 1363.496787][ T2540] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1363.496803][ T2540] Call Trace: [ 1363.496815][ T2540] [ 1363.496828][ T2540] dump_stack_lvl+0x100/0x190 [ 1363.496880][ T2540] should_fail_ex.cold+0x5/0xa [ 1363.496919][ T2540] should_failslab+0xc2/0x120 [ 1363.496952][ T2540] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1363.497019][ T2540] ? tipc_sub_subscribe+0x15c/0x730 [ 1363.497119][ T2540] ? find_held_lock+0x2b/0x80 [ 1363.497166][ T2540] tipc_sub_subscribe+0x15c/0x730 [ 1363.497221][ T2540] tipc_conn_rcv_sub+0x21e/0x3d0 [ 1363.497289][ T2540] tipc_topsrv_kern_subscr+0x20b/0x3c0 [ 1363.497343][ T2540] ? __pfx_tipc_topsrv_kern_subscr+0x10/0x10 [ 1363.497386][ T2540] ? net_generic+0xea/0x2a0 [ 1363.497434][ T2540] tipc_group_create+0x4ab/0x660 [ 1363.497481][ T2540] tipc_setsockopt+0x611/0xe30 [ 1363.497533][ T2540] ? __pfx_tipc_setsockopt+0x10/0x10 [ 1363.497601][ T2540] ? __pfx_tipc_setsockopt+0x10/0x10 [ 1363.497653][ T2540] do_sock_setsockopt+0xf3/0x1d0 [ 1363.497720][ T2540] __sys_setsockopt+0x119/0x190 [ 1363.497770][ T2540] __x64_sys_setsockopt+0xbd/0x160 [ 1363.497810][ T2540] ? do_syscall_64+0x95/0xf80 [ 1363.497854][ T2540] ? lockdep_hardirqs_on+0x78/0x100 [ 1363.497897][ T2540] do_syscall_64+0x106/0xf80 [ 1363.497938][ T2540] ? clear_bhb_loop+0x40/0x90 [ 1363.497978][ T2540] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1363.498010][ T2540] RIP: 0033:0x7f0ec219c799 [ 1363.498037][ T2540] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1363.498067][ T2540] RSP: 002b:00007f0ec3051028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 1363.498123][ T2540] RAX: ffffffffffffffda RBX: 00007f0ec2415fa0 RCX: 00007f0ec219c799 [ 1363.498145][ T2540] RDX: 0000000000000087 RSI: 000000000000010f RDI: 0000000000000003 [ 1363.498166][ T2540] RBP: 00007f0ec2232c99 R08: 0000000000000014 R09: 0000000000000000 [ 1363.498185][ T2540] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1363.498204][ T2540] R13: 00007f0ec2416038 R14: 00007f0ec2415fa0 R15: 00007ffe6c004118 [ 1363.498248][ T2540] [ 1363.498261][ T2540] tipc: Subscription rejected, no memory [ 1364.652471][ T2565] FAULT_INJECTION: forcing a failure. [ 1364.652471][ T2565] name failslab, interval 1, probability 0, space 0, times 0 [ 1364.690430][ T2565] CPU: 1 UID: 0 PID: 2565 Comm: syz.0.11837 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 1364.690500][ T2565] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 1364.690519][ T2565] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1364.690539][ T2565] Call Trace: [ 1364.690551][ T2565] [ 1364.690565][ T2565] dump_stack_lvl+0x100/0x190 [ 1364.690619][ T2565] should_fail_ex.cold+0x5/0xa [ 1364.690658][ T2565] should_failslab+0xc2/0x120 [ 1364.690694][ T2565] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 1364.690743][ T2565] ? fcntl_setlk+0xaa/0xe40 [ 1364.690785][ T2565] ? __lock_acquire+0x4a5/0x2630 [ 1364.690834][ T2565] fcntl_setlk+0xaa/0xe40 [ 1364.690874][ T2565] ? __pfx_fcntl_setlk+0x10/0x10 [ 1364.690914][ T2565] ? find_held_lock+0x2b/0x80 [ 1364.690944][ T2565] ? __might_fault+0xc5/0x140 [ 1364.690989][ T2565] ? __might_fault+0xc5/0x140 [ 1364.691059][ T2565] do_fcntl+0xf39/0x1670 [ 1364.691103][ T2565] ? __pfx_do_fcntl+0x10/0x10 [ 1364.691144][ T2565] ? __fget_files+0x215/0x3d0 [ 1364.691189][ T2565] ? tomoyo_file_fcntl+0x6c/0xc0 [ 1364.691247][ T2565] __x64_sys_fcntl+0x163/0x200 [ 1364.691292][ T2565] do_syscall_64+0x106/0xf80 [ 1364.691337][ T2565] ? clear_bhb_loop+0x40/0x90 [ 1364.691377][ T2565] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1364.691419][ T2565] RIP: 0033:0x7f249d19c799 [ 1364.691447][ T2565] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1364.691479][ T2565] RSP: 002b:00007f249dfb6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000048 [ 1364.691512][ T2565] RAX: ffffffffffffffda RBX: 00007f249d415fa0 RCX: 00007f249d19c799 [ 1364.691534][ T2565] RDX: 0000000000000004 RSI: 0000000000000026 RDI: 0000000000000003 [ 1364.691554][ T2565] RBP: 00007f249d232c99 R08: 0000000000000000 R09: 0000000000000000 [ 1364.691574][ T2565] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1364.691594][ T2565] R13: 00007f249d416038 R14: 00007f249d415fa0 R15: 00007ffe0b40fb48 [ 1364.691638][ T2565] [ 1365.322877][ T2579] FAULT_INJECTION: forcing a failure. [ 1365.322877][ T2579] name failslab, interval 1, probability 0, space 0, times 0 [ 1365.337576][ T2579] CPU: 1 UID: 0 PID: 2579 Comm: syz.3.11841 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 1365.337646][ T2579] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 1365.337665][ T2579] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1365.337685][ T2579] Call Trace: [ 1365.337696][ T2579] [ 1365.337709][ T2579] dump_stack_lvl+0x100/0x190 [ 1365.337761][ T2579] should_fail_ex.cold+0x5/0xa [ 1365.337799][ T2579] should_failslab+0xc2/0x120 [ 1365.337832][ T2579] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 1365.337890][ T2579] ? sk_prot_alloc+0x60/0x2a0 [ 1365.337932][ T2579] sk_prot_alloc+0x60/0x2a0 [ 1365.337967][ T2579] sk_alloc+0x36/0xe80 [ 1365.338009][ T2579] kcm_create+0xfc/0x6a0 [ 1365.338135][ T2579] __sock_create+0x339/0x860 [ 1365.338177][ T2579] __sys_socket+0x14d/0x260 [ 1365.338211][ T2579] ? __pfx___sys_socket+0x10/0x10 [ 1365.338257][ T2579] __x64_sys_socket+0x72/0xb0 [ 1365.338291][ T2579] ? lockdep_hardirqs_on+0x78/0x100 [ 1365.338335][ T2579] do_syscall_64+0x106/0xf80 [ 1365.338374][ T2579] ? clear_bhb_loop+0x40/0x90 [ 1365.338413][ T2579] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1365.338445][ T2579] RIP: 0033:0x7f35be99c799 [ 1365.338472][ T2579] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1365.338508][ T2579] RSP: 002b:00007f35bf7e1028 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 1365.338539][ T2579] RAX: ffffffffffffffda RBX: 00007f35bec15fa0 RCX: 00007f35be99c799 [ 1365.338561][ T2579] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000029 [ 1365.338580][ T2579] RBP: 00007f35bea32c99 R08: 0000000000000000 R09: 0000000000000000 [ 1365.338599][ T2579] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1365.338617][ T2579] R13: 00007f35bec16038 R14: 00007f35bec15fa0 R15: 00007fff1b70d438 [ 1365.338659][ T2579] [ 1365.829150][ T2584] netlink: 504 bytes leftover after parsing attributes in process `syz.0.11843'. [ 1365.853802][ T2584] netlink: 504 bytes leftover after parsing attributes in process `syz.0.11843'. [ 1366.550112][ T2603] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 1366.550714][ T2600] netlink: 12 bytes leftover after parsing attributes in process `syz.2.11848'. [ 1366.607613][ T2603] random: crng reseeded on system resumption [ 1366.731706][ T2603] FAULT_INJECTION: forcing a failure. [ 1366.731706][ T2603] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1366.786871][ T2603] CPU: 1 UID: 0 PID: 2603 Comm: syz.1.11849 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 1366.786940][ T2603] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 1366.786957][ T2603] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1366.786975][ T2603] Call Trace: [ 1366.786986][ T2603] [ 1366.786999][ T2603] dump_stack_lvl+0x100/0x190 [ 1366.787051][ T2603] should_fail_ex.cold+0x5/0xa [ 1366.787082][ T2603] ? prepare_alloc_pages+0x16d/0x5f0 [ 1366.787123][ T2603] should_fail_alloc_page+0xeb/0x140 [ 1366.787160][ T2603] prepare_alloc_pages+0x1f0/0x5f0 [ 1366.787204][ T2603] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 1366.787254][ T2603] ? __alloc_frozen_pages_noprof+0x2b1/0x2ba0 [ 1366.787313][ T2603] ? stack_trace_save+0x8e/0xc0 [ 1366.787348][ T2603] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 1366.787395][ T2603] ? stack_depot_save_flags+0x27/0x9d0 [ 1366.787435][ T2603] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 1366.787500][ T2603] ? kasan_save_stack+0x3f/0x50 [ 1366.787547][ T2603] ? kasan_save_stack+0x30/0x50 [ 1366.787590][ T2603] ? kasan_save_track+0x14/0x30 [ 1366.787646][ T2603] ? do_sys_openat2+0x10d/0x1e0 [ 1366.787680][ T2603] ? __x64_sys_openat+0x12d/0x210 [ 1366.787718][ T2603] ? do_syscall_64+0x106/0xf80 [ 1366.787758][ T2603] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1366.787796][ T2603] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1366.787848][ T2603] ? policy_nodemask+0xed/0x4f0 [ 1366.787889][ T2603] alloc_pages_mpol+0x1fb/0x550 [ 1366.787926][ T2603] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 1366.787959][ T2603] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 1366.787997][ T2603] alloc_pages_noprof+0x131/0x390 [ 1366.788034][ T2603] get_zeroed_page_noprof+0x18/0xb0 [ 1366.788069][ T2603] get_image_page+0x18/0x1a0 [ 1366.788120][ T2603] alloc_rtree_node+0x3c/0xb0 [ 1366.788169][ T2603] memory_bm_create+0x65e/0xba0 [ 1366.788235][ T2603] create_basic_memory_bitmaps+0xbd/0x350 [ 1366.788276][ T2603] snapshot_open+0x230/0x2a0 [ 1366.788312][ T2603] ? __pfx_snapshot_open+0x10/0x10 [ 1366.788347][ T2603] misc_open+0x26d/0x450 [ 1366.788382][ T2603] ? __pfx_misc_open+0x10/0x10 [ 1366.788415][ T2603] chrdev_open+0x234/0x6a0 [ 1366.788446][ T2603] ? __pfx_apparmor_file_open+0x10/0x10 [ 1366.788507][ T2603] ? __pfx_chrdev_open+0x10/0x10 [ 1366.788544][ T2603] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 1366.788590][ T2603] do_dentry_open+0x6d8/0x1660 [ 1366.788620][ T2603] ? __pfx_chrdev_open+0x10/0x10 [ 1366.788664][ T2603] vfs_open+0x82/0x3f0 [ 1366.788710][ T2603] path_openat+0x208c/0x31a0 [ 1366.788759][ T2603] ? __pfx_path_openat+0x10/0x10 [ 1366.788804][ T2603] do_file_open+0x20e/0x430 [ 1366.788841][ T2603] ? __pfx_do_file_open+0x10/0x10 [ 1366.788906][ T2603] ? alloc_fd+0x476/0x790 [ 1366.788943][ T2603] ? do_getname+0x191/0x390 [ 1366.788985][ T2603] do_sys_openat2+0x10d/0x1e0 [ 1366.789027][ T2603] ? __pfx_do_sys_openat2+0x10/0x10 [ 1366.789070][ T2603] ? __fget_files+0x21f/0x3d0 [ 1366.789110][ T2603] __x64_sys_openat+0x12d/0x210 [ 1366.789153][ T2603] ? __pfx___x64_sys_openat+0x10/0x10 [ 1366.789210][ T2603] do_syscall_64+0x106/0xf80 [ 1366.789250][ T2603] ? clear_bhb_loop+0x40/0x90 [ 1366.789291][ T2603] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1366.789322][ T2603] RIP: 0033:0x7f0ec219c799 [ 1366.789348][ T2603] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1366.789376][ T2603] RSP: 002b:00007f0ec3051028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1366.789407][ T2603] RAX: ffffffffffffffda RBX: 00007f0ec2415fa0 RCX: 00007f0ec219c799 [ 1366.789428][ T2603] RDX: 0000000000008001 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 1366.789446][ T2603] RBP: 00007f0ec2232c99 R08: 0000000000000000 R09: 0000000000000000 [ 1366.789475][ T2603] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1366.789494][ T2603] R13: 00007f0ec2416038 R14: 00007f0ec2415fa0 R15: 00007ffe6c004118 [ 1366.789540][ T2603] [ 1368.548234][ T2631] FAULT_INJECTION: forcing a failure. [ 1368.548234][ T2631] name failslab, interval 1, probability 0, space 0, times 0 [ 1368.624200][ T2631] CPU: 0 UID: 0 PID: 2631 Comm: syz.0.11863 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 1368.624273][ T2631] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 1368.624293][ T2631] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1368.624313][ T2631] Call Trace: [ 1368.624325][ T2631] [ 1368.624338][ T2631] dump_stack_lvl+0x100/0x190 [ 1368.624393][ T2631] should_fail_ex.cold+0x5/0xa [ 1368.624431][ T2631] ? iter_file_splice_write+0x1d8/0x10a0 [ 1368.624464][ T2631] should_failslab+0xc2/0x120 [ 1368.624505][ T2631] __kmalloc_noprof+0xe0/0x850 [ 1368.624553][ T2631] ? __pfx___might_resched+0x10/0x10 [ 1368.624609][ T2631] iter_file_splice_write+0x1d8/0x10a0 [ 1368.624661][ T2631] ? __pfx_iter_file_splice_write+0x10/0x10 [ 1368.624693][ T2631] ? __lock_acquire+0x4a5/0x2630 [ 1368.624736][ T2631] ? shmem_file_splice_read+0x724/0xdd0 [ 1368.624812][ T2631] ? __pfx_iter_file_splice_write+0x10/0x10 [ 1368.624858][ T2631] direct_splice_actor+0x192/0x6c0 [ 1368.624896][ T2631] splice_direct_to_actor+0x345/0xa30 [ 1368.624933][ T2631] ? __pfx_direct_splice_actor+0x10/0x10 [ 1368.624993][ T2631] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 1368.625039][ T2631] do_splice_direct+0x174/0x240 [ 1368.625074][ T2631] ? __pfx_do_splice_direct+0x10/0x10 [ 1368.625108][ T2631] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 1368.625167][ T2631] ? rw_verify_area+0xce/0x6d0 [ 1368.625218][ T2631] do_sendfile+0xadc/0xe20 [ 1368.625275][ T2631] ? __pfx_do_sendfile+0x10/0x10 [ 1368.625339][ T2631] __x64_sys_sendfile64+0x154/0x220 [ 1368.625375][ T2631] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 1368.625425][ T2631] do_syscall_64+0x106/0xf80 [ 1368.625470][ T2631] ? clear_bhb_loop+0x40/0x90 [ 1368.625511][ T2631] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1368.625544][ T2631] RIP: 0033:0x7f249d19c799 [ 1368.625573][ T2631] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1368.625605][ T2631] RSP: 002b:00007f249dfb6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1368.625636][ T2631] RAX: ffffffffffffffda RBX: 00007f249d415fa0 RCX: 00007f249d19c799 [ 1368.625658][ T2631] RDX: 0000200000000000 RSI: 0000000000000005 RDI: 0000000000000005 [ 1368.625678][ T2631] RBP: 00007f249d232c99 R08: 0000000000000000 R09: 0000000000000000 [ 1368.625699][ T2631] R10: 0000000000000b5d R11: 0000000000000246 R12: 0000000000000000 [ 1368.625719][ T2631] R13: 00007f249d416038 R14: 00007f249d415fa0 R15: 00007ffe0b40fb48 [ 1368.625759][ T2631] [ 1370.065033][ T2658] netlink: 334 bytes leftover after parsing attributes in process `syz.3.11860'. [ 1370.127630][ T2660] netlink: 186 bytes leftover after parsing attributes in process `syz.2.11862'. [ 1370.178381][ T2662] netlink: 4 bytes leftover after parsing attributes in process `syz.0.11864'. [ 1370.209825][ T2662] netlink: 5 bytes leftover after parsing attributes in process `syz.0.11864'. [ 1370.259775][ T2662] netlink: 16 bytes leftover after parsing attributes in process `syz.0.11864'. [ 1370.514231][ T2666] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input15 [ 1371.488706][ T2686] netlink: 'syz.1.11872': attribute type 27 has an invalid length. [ 1371.504205][ T2686] netlink: 334 bytes leftover after parsing attributes in process `syz.1.11872'. [ 1373.238764][ T2722] vivid-007: ================= START STATUS ================= [ 1373.245380][ T2723] netlink: 'syz.2.11883': attribute type 21 has an invalid length. [ 1373.254395][ T2722] vivid-007: Generate PTS: true [ 1373.266814][ T2722] vivid-007: Generate SCR: true [ 1373.274319][ T2723] netlink: 334 bytes leftover after parsing attributes in process `syz.2.11883'. [ 1373.279041][ T2722] tpg source WxH: 320x240 (Y'CbCr) [ 1373.299052][ T2722] tpg field: 1 [ 1373.302475][ T2722] tpg crop: (0,0)/320x240 [ 1373.354567][ T2722] tpg compose: (0,0)/320x240 [ 1373.359245][ T2722] tpg colorspace: 8 [ 1373.363085][ T2722] tpg transfer function: 0/0 [ 1373.458825][ T2722] tpg Y'CbCr encoding: 0/0 [ 1373.473478][ T2722] tpg quantization: 0/0 [ 1373.532755][ T2722] tpg RGB range: 0/2 [ 1373.581948][ T2722] vivid-007: ================== END STATUS ================== [ 1374.518676][ T2743] ref_tracker: memory allocation failure, unreliable refcount tracker. [ 1374.858206][ T2750] netlink: 'syz.1.11890': attribute type 1 has an invalid length. [ 1374.866806][ T2750] netlink: 314 bytes leftover after parsing attributes in process `syz.1.11890'. [ 1375.250076][ T2758] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input16 [ 1375.846475][ T2771] FAULT_INJECTION: forcing a failure. [ 1375.846475][ T2771] name failslab, interval 1, probability 0, space 0, times 0 [ 1375.926185][ T2771] CPU: 1 UID: 0 PID: 2771 Comm: syz.3.11895 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 1375.926254][ T2771] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 1375.926274][ T2771] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1375.926294][ T2771] Call Trace: [ 1375.926305][ T2771] [ 1375.926319][ T2771] dump_stack_lvl+0x100/0x190 [ 1375.926373][ T2771] should_fail_ex.cold+0x5/0xa [ 1375.926409][ T2771] ? tomoyo_encode2+0xfb/0x3c0 [ 1375.926447][ T2771] should_failslab+0xc2/0x120 [ 1375.926483][ T2771] __kmalloc_noprof+0xe0/0x850 [ 1375.926539][ T2771] tomoyo_encode2+0xfb/0x3c0 [ 1375.926586][ T2771] tomoyo_encode+0x29/0x50 [ 1375.926625][ T2771] tomoyo_path_perm+0x3a7/0x460 [ 1375.926664][ T2771] ? __pfx_tomoyo_path_perm+0x10/0x10 [ 1375.926703][ T2771] ? do_raw_spin_lock+0x128/0x260 [ 1375.926770][ T2771] ? do_raw_spin_unlock+0x145/0x1e0 [ 1375.926840][ T2771] ? __pfx_current_check_access_path+0x10/0x10 [ 1375.926883][ T2771] ? simple_lookup+0x105/0x1d0 [ 1375.926930][ T2771] ? lookup_one_qstr_excl+0xb3/0x250 [ 1375.926974][ T2771] tomoyo_path_symlink+0x97/0xe0 [ 1375.927018][ T2771] ? __pfx_tomoyo_path_symlink+0x10/0x10 [ 1375.927074][ T2771] security_path_symlink+0x152/0x2d0 [ 1375.927110][ T2771] filename_symlinkat+0x122/0x560 [ 1375.927153][ T2771] ? __pfx_filename_symlinkat+0x10/0x10 [ 1375.927191][ T2771] ? strncpy_from_user+0x19d/0x2d0 [ 1375.927230][ T2771] ? do_getname+0x191/0x390 [ 1375.927271][ T2771] __x64_sys_symlink+0x79/0xb0 [ 1375.927309][ T2771] do_syscall_64+0x106/0xf80 [ 1375.927352][ T2771] ? clear_bhb_loop+0x40/0x90 [ 1375.927392][ T2771] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1375.927426][ T2771] RIP: 0033:0x7f35be99c799 [ 1375.927455][ T2771] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1375.927486][ T2771] RSP: 002b:00007f35bf7e1028 EFLAGS: 00000246 ORIG_RAX: 0000000000000058 [ 1375.927517][ T2771] RAX: ffffffffffffffda RBX: 00007f35bec15fa0 RCX: 00007f35be99c799 [ 1375.927538][ T2771] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1375.927556][ T2771] RBP: 00007f35bea32c99 R08: 0000000000000000 R09: 0000000000000000 [ 1375.927574][ T2771] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1375.927592][ T2771] R13: 00007f35bec16038 R14: 00007f35bec15fa0 R15: 00007fff1b70d438 [ 1375.927636][ T2771] [ 1380.523325][ T2826] smpboot: CPU 1 is now offline [ 1380.629302][ T2832] netlink: 346 bytes leftover after parsing attributes in process `syz.2.11911'. [ 1381.316154][ T2833] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1381.365929][ T2833] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1381.422698][ T2833] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1381.474836][ T2833] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1383.374842][ T5146] Bluetooth: hci2: command 0x0406 tx timeout [ 1383.380879][ T5146] Bluetooth: hci3: command 0x0406 tx timeout [ 1383.455313][ T5146] Bluetooth: hci0: command 0x0c1a tx timeout [ 1383.534626][ T5146] Bluetooth: hci1: command 0x0c1a tx timeout [ 1384.165561][ T2896] netlink: 342 bytes leftover after parsing attributes in process `syz.3.11930'. [ 1384.230972][ T2896] netlink: 342 bytes leftover after parsing attributes in process `syz.3.11930'. [ 1384.682071][ T2906] netlink: 12 bytes leftover after parsing attributes in process `syz.0.11931'. [ 1385.195296][ T2913] random: crng reseeded on system resumption [ 1388.226092][ T2964] netlink: 4 bytes leftover after parsing attributes in process `syz.1.11957'. [ 1388.366048][ T2967] netlink: 146 bytes leftover after parsing attributes in process `syz.2.11950'. [ 1388.405158][ T2969] netlink: 13 bytes leftover after parsing attributes in process `syz.1.11957'. [ 1391.176871][ T3010] netlink: 21 bytes leftover after parsing attributes in process `syz.2.11958'. [ 1392.624941][ T3024] netlink: 146 bytes leftover after parsing attributes in process `syz.3.11962'. [ 1392.925803][ T3031] FAULT_INJECTION: forcing a failure. [ 1392.925803][ T3031] name failslab, interval 1, probability 0, space 0, times 0 [ 1393.015319][ T3031] CPU: 0 UID: 0 PID: 3031 Comm: syz.3.11966 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 1393.015360][ T3031] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 1393.015371][ T3031] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1393.015382][ T3031] Call Trace: [ 1393.015389][ T3031] [ 1393.015397][ T3031] dump_stack_lvl+0x100/0x190 [ 1393.015430][ T3031] should_fail_ex.cold+0x5/0xa [ 1393.015452][ T3031] should_failslab+0xc2/0x120 [ 1393.015473][ T3031] __kvmalloc_node_noprof+0xfa/0xa00 [ 1393.015502][ T3031] ? proc_sys_call_handler+0x2c7/0x5a0 [ 1393.015537][ T3031] proc_sys_call_handler+0x2c7/0x5a0 [ 1393.015568][ T3031] ? __pfx_proc_sys_call_handler+0x10/0x10 [ 1393.015613][ T3031] vfs_write+0x6ac/0x1070 [ 1393.015630][ T3031] ? __pfx_proc_sys_write+0x10/0x10 [ 1393.015661][ T3031] ? __pfx_vfs_write+0x10/0x10 [ 1393.015704][ T3031] ksys_write+0x12a/0x250 [ 1393.015721][ T3031] ? __pfx_ksys_write+0x10/0x10 [ 1393.015744][ T3031] do_syscall_64+0x106/0xf80 [ 1393.015770][ T3031] ? clear_bhb_loop+0x40/0x90 [ 1393.015792][ T3031] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1393.015812][ T3031] RIP: 0033:0x7f35be99c799 [ 1393.015828][ T3031] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1393.015846][ T3031] RSP: 002b:00007f35bf7e1028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1393.015864][ T3031] RAX: ffffffffffffffda RBX: 00007f35bec15fa0 RCX: 00007f35be99c799 [ 1393.015876][ T3031] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 1393.015886][ T3031] RBP: 00007f35bea32c99 R08: 0000000000000000 R09: 0000000000000000 [ 1393.015897][ T3031] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1393.015908][ T3031] R13: 00007f35bec16038 R14: 00007f35bec15fa0 R15: 00007fff1b70d438 [ 1393.015931][ T3031] [ 1393.543991][ T3036] netlink: 234 bytes leftover after parsing attributes in process `syz.3.11967'. [ 1393.777463][ T3040] FAULT_INJECTION: forcing a failure. [ 1393.777463][ T3040] name failslab, interval 1, probability 0, space 0, times 0 [ 1393.854361][ T3040] CPU: 0 UID: 0 PID: 3040 Comm: syz.3.11971 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 1393.854402][ T3040] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 1393.854414][ T3040] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1393.854425][ T3040] Call Trace: [ 1393.854432][ T3040] [ 1393.854440][ T3040] dump_stack_lvl+0x100/0x190 [ 1393.854473][ T3040] should_fail_ex.cold+0x5/0xa [ 1393.854495][ T3040] ? lsm_blob_alloc+0x68/0x90 [ 1393.854530][ T3040] should_failslab+0xc2/0x120 [ 1393.854550][ T3040] __kmalloc_noprof+0xe0/0x850 [ 1393.854577][ T3040] ? trace_kmem_cache_alloc+0xf3/0x120 [ 1393.854601][ T3040] lsm_blob_alloc+0x68/0x90 [ 1393.854627][ T3040] security_sk_alloc+0x2d/0x290 [ 1393.854646][ T3040] sk_prot_alloc+0x1d1/0x2a0 [ 1393.854667][ T3040] sk_alloc+0x36/0xe80 [ 1393.854691][ T3040] inet6_create+0x385/0x12b0 [ 1393.854720][ T3040] ? inet6_create+0x7f/0x12b0 [ 1393.854749][ T3040] __sock_create+0x339/0x860 [ 1393.854773][ T3040] udp_sock_create6+0xc7/0x6a0 [ 1393.854851][ T3040] ? __pfx_udp_sock_create6+0x10/0x10 [ 1393.854882][ T3040] ? crng_make_state+0x477/0x6c0 [ 1393.854901][ T3040] ? lockdep_hardirqs_on+0x78/0x100 [ 1393.854927][ T3040] ? crng_make_state+0x2b0/0x6c0 [ 1393.854948][ T3040] rxrpc_open_socket+0x206/0x6b0 [ 1393.854968][ T3040] ? __pfx_rxrpc_open_socket+0x10/0x10 [ 1393.854998][ T3040] ? rcu_is_watching+0x12/0xc0 [ 1393.855029][ T3040] rxrpc_lookup_local+0xac7/0x1220 [ 1393.855052][ T3040] ? __pfx_rxrpc_lookup_local+0x10/0x10 [ 1393.855074][ T3040] ? __local_bh_enable_ip+0x9e/0x120 [ 1393.855098][ T3040] rxrpc_sendmsg+0x34a/0x680 [ 1393.855125][ T3040] sock_write_iter+0x524/0x5a0 [ 1393.855143][ T3040] ? __pfx_rxrpc_sendmsg+0x10/0x10 [ 1393.855164][ T3040] ? __pfx_sock_write_iter+0x10/0x10 [ 1393.855191][ T3040] ? bpf_lsm_file_permission+0x9/0x10 [ 1393.855219][ T3040] ? security_file_permission+0x76/0x210 [ 1393.855246][ T3040] ? rw_verify_area+0xce/0x6d0 [ 1393.855275][ T3040] vfs_write+0x6ac/0x1070 [ 1393.855293][ T3040] ? __pfx_sock_write_iter+0x10/0x10 [ 1393.855314][ T3040] ? __pfx_vfs_write+0x10/0x10 [ 1393.855341][ T3040] ? find_held_lock+0x2b/0x80 [ 1393.855374][ T3040] ksys_write+0x1f8/0x250 [ 1393.855391][ T3040] ? __pfx_ksys_write+0x10/0x10 [ 1393.855415][ T3040] do_syscall_64+0x106/0xf80 [ 1393.855439][ T3040] ? clear_bhb_loop+0x40/0x90 [ 1393.855462][ T3040] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1393.855481][ T3040] RIP: 0033:0x7f35be99c799 [ 1393.855498][ T3040] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1393.855516][ T3040] RSP: 002b:00007f35bf7e1028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1393.855543][ T3040] RAX: ffffffffffffffda RBX: 00007f35bec15fa0 RCX: 00007f35be99c799 [ 1393.855555][ T3040] RDX: 0000000000100082 RSI: 0000000000000000 RDI: 0000000000000003 [ 1393.855566][ T3040] RBP: 00007f35bea32c99 R08: 0000000000000000 R09: 0000000000000000 [ 1393.855577][ T3040] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1393.855588][ T3040] R13: 00007f35bec16038 R14: 00007f35bec15fa0 R15: 00007fff1b70d438 [ 1393.855613][ T3040] [ 1400.166756][ T3122] random: crng reseeded on system resumption [ 1401.538310][ T3139] netlink: 'syz.0.12006': attribute type 27 has an invalid length. [ 1401.608071][ T3139] netlink: 334 bytes leftover after parsing attributes in process `syz.0.12006'. [ 1402.449149][ T3150] FAULT_INJECTION: forcing a failure. [ 1402.449149][ T3150] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1402.628769][ T3150] CPU: 0 UID: 0 PID: 3150 Comm: syz.1.12010 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 1402.628812][ T3150] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 1402.628822][ T3150] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1402.628834][ T3150] Call Trace: [ 1402.628841][ T3150] [ 1402.628849][ T3150] dump_stack_lvl+0x100/0x190 [ 1402.628885][ T3150] should_fail_ex.cold+0x5/0xa [ 1402.628905][ T3150] ? prepare_alloc_pages+0x16d/0x5f0 [ 1402.628931][ T3150] should_fail_alloc_page+0xeb/0x140 [ 1402.628953][ T3150] prepare_alloc_pages+0x1f0/0x5f0 [ 1402.628984][ T3150] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 1402.629021][ T3150] ? lock_acquire+0x1cf/0x380 [ 1402.629045][ T3150] ? find_held_lock+0x2b/0x80 [ 1402.629063][ T3150] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 1402.629093][ T3150] ? rcu_is_watching+0x12/0xc0 [ 1402.629122][ T3150] ? finish_task_switch.isra.0+0x205/0xb80 [ 1402.629142][ T3150] ? lockdep_hardirqs_on+0x78/0x100 [ 1402.629171][ T3150] ? finish_task_switch.isra.0+0x205/0xb80 [ 1402.629195][ T3150] ? __schedule+0x1000/0x6120 [ 1402.629216][ T3150] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1402.629250][ T3150] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1402.629289][ T3150] ? policy_nodemask+0xed/0x4f0 [ 1402.629310][ T3150] alloc_pages_mpol+0x1fb/0x550 [ 1402.629330][ T3150] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 1402.629351][ T3150] ? preempt_schedule_irq+0x7b/0x90 [ 1402.629379][ T3150] alloc_pages_noprof+0x131/0x390 [ 1402.629400][ T3150] kimage_alloc_pages+0x72/0x380 [ 1402.629422][ T3150] kimage_alloc_page+0x232/0x910 [ 1402.629446][ T3150] kimage_load_segment+0x507/0xde0 [ 1402.629471][ T3150] do_kexec_load+0x58d/0x810 [ 1402.629494][ T3150] ? __pfx_do_kexec_load+0x10/0x10 [ 1402.629516][ T3150] ? _copy_from_user+0x59/0xd0 [ 1402.629542][ T3150] __x64_sys_kexec_load+0x1bf/0x230 [ 1402.629564][ T3150] do_syscall_64+0x106/0xf80 [ 1402.629588][ T3150] ? clear_bhb_loop+0x40/0x90 [ 1402.629612][ T3150] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1402.629631][ T3150] RIP: 0033:0x7f0ec219c799 [ 1402.629648][ T3150] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1402.629666][ T3150] RSP: 002b:00007f0ec3051028 EFLAGS: 00000246 ORIG_RAX: 00000000000000f6 [ 1402.629685][ T3150] RAX: ffffffffffffffda RBX: 00007f0ec2415fa0 RCX: 00007f0ec219c799 [ 1402.629697][ T3150] RDX: 0000200000000080 RSI: 0000000000000002 RDI: 00000000ffffffff [ 1402.629708][ T3150] RBP: 00007f0ec2232c99 R08: 0000000000000000 R09: 0000000000000000 [ 1402.629724][ T3150] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000000000 [ 1402.629736][ T3150] R13: 00007f0ec2416038 R14: 00007f0ec2415fa0 R15: 00007ffe6c004118 [ 1402.629759][ T3150] [ 1402.921059][ T3159] sp0: Synchronizing with TNC [ 1403.293465][ T3162] netlink: 346 bytes leftover after parsing attributes in process `syz.1.12015'. [ 1403.503607][ T3171] netlink: 338 bytes leftover after parsing attributes in process `syz.2.12019'. [ 1403.546310][ T3173] netlink: 326 bytes leftover after parsing attributes in process `syz.1.12020'. [ 1405.300822][ T3209] zswap: compressor not available [ 1405.310260][ T3213] ACPI: EC: Assuming SCI_EVT clearing on QR_EC writes [ 1407.357164][ T3248] netlink: 25 bytes leftover after parsing attributes in process `syz.0.12043'. [ 1409.598479][ T3274] netlink: 334 bytes leftover after parsing attributes in process `syz.3.12051'. [ 1412.709378][ T3349] netlink: 'syz.1.12072': attribute type 10 has an invalid length. [ 1412.797190][ T3349] netlink: 330 bytes leftover after parsing attributes in process `syz.1.12072'. [ 1413.705686][ T3376] serio: Serial port pty6 [ 1414.694780][ T3406] FAULT_INJECTION: forcing a failure. [ 1414.694780][ T3406] name failslab, interval 1, probability 0, space 0, times 0 [ 1414.793962][ T3406] CPU: 0 UID: 0 PID: 3406 Comm: syz.0.12088 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 1414.794008][ T3406] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 1414.794019][ T3406] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1414.794031][ T3406] Call Trace: [ 1414.794038][ T3406] [ 1414.794046][ T3406] dump_stack_lvl+0x100/0x190 [ 1414.794079][ T3406] should_fail_ex.cold+0x5/0xa [ 1414.794101][ T3406] should_failslab+0xc2/0x120 [ 1414.794121][ T3406] __kmalloc_node_noprof+0xe6/0x850 [ 1414.794148][ T3406] ? blk_mq_alloc_tag_set+0x477/0x1330 [ 1414.794228][ T3406] ? __raw_spin_lock_init+0x3a/0x110 [ 1414.794260][ T3406] blk_mq_alloc_tag_set+0x477/0x1330 [ 1414.794288][ T3406] ? idr_alloc+0xdd/0x130 [ 1414.794314][ T3406] ? __pfx_idr_alloc+0x10/0x10 [ 1414.794345][ T3406] loop_add+0x3b7/0xb60 [ 1414.794391][ T3406] ? __pfx_loop_add+0x10/0x10 [ 1414.794428][ T3406] ? irqentry_exit+0x180/0x670 [ 1414.794454][ T3406] ? lockdep_hardirqs_on+0x78/0x100 [ 1414.794479][ T3406] ? irqentry_exit+0x180/0x670 [ 1414.794509][ T3406] loop_control_ioctl+0xae/0x620 [ 1414.794536][ T3406] ? __pfx_loop_control_ioctl+0x10/0x10 [ 1414.794563][ T3406] ? __x64_sys_ioctl+0xc3/0x210 [ 1414.794589][ T3406] ? __x64_sys_ioctl+0x103/0x210 [ 1414.794615][ T3406] ? __pfx_loop_control_ioctl+0x10/0x10 [ 1414.794644][ T3406] __x64_sys_ioctl+0x18e/0x210 [ 1414.794672][ T3406] do_syscall_64+0x106/0xf80 [ 1414.794704][ T3406] ? clear_bhb_loop+0x40/0x90 [ 1414.794727][ T3406] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1414.794746][ T3406] RIP: 0033:0x7f249d19c799 [ 1414.794763][ T3406] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1414.794781][ T3406] RSP: 002b:00007f249dfb6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1414.794800][ T3406] RAX: ffffffffffffffda RBX: 00007f249d415fa0 RCX: 00007f249d19c799 [ 1414.794813][ T3406] RDX: fffffffffffffffd RSI: 0000000000004c80 RDI: 0000000000000006 [ 1414.794824][ T3406] RBP: 00007f249d232c99 R08: 0000000000000000 R09: 0000000000000000 [ 1414.794835][ T3406] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1414.794846][ T3406] R13: 00007f249d416038 R14: 00007f249d415fa0 R15: 00007ffe0b40fb48 [ 1414.794870][ T3406] [ 1416.010384][ T3419] zswap: compressor not available [ 1416.887520][ T3447] netlink: 252 bytes leftover after parsing attributes in process `syz.3.12102'. [ 1417.021270][ T3447] unsupported nla_type 65535 [ 1417.577033][ T3455] netlink: 346 bytes leftover after parsing attributes in process `syz.3.12105'. [ 1423.299147][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 1423.314125][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 1426.159500][ T3532] netlink: 25 bytes leftover after parsing attributes in process `syz.3.12134'. [ 1426.585353][ T3540] netlink: 'syz.2.12138': attribute type 33 has an invalid length. [ 1427.067893][ T3547] netlink: 146 bytes leftover after parsing attributes in process `syz.3.12142'. [ 1428.346410][ T3567] Loading of unsigned module is rejected [ 1431.991417][ T3624] netlink: 330 bytes leftover after parsing attributes in process `syz.3.12173'. [ 1432.142433][ T3627] netlink: 146 bytes leftover after parsing attributes in process `syz.2.12174'. [ 1433.405172][ T3644] netlink: 4 bytes leftover after parsing attributes in process `syz.0.12181'. [ 1433.484624][ T3645] netlink: 25 bytes leftover after parsing attributes in process `syz.0.12181'. [ 1433.650518][T21810] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 1433.684432][T21810] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 1433.692926][T21810] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 1433.703227][T21810] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 1433.710787][T21810] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 1434.929122][T26870] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1435.221552][T26870] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1435.312382][ T3646] chnl_net:caif_netlink_parms(): no params data found [ 1435.428723][T26870] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1435.717021][T26870] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1435.775066][T21810] Bluetooth: hci4: command tx timeout [ 1436.220339][ T3646] bridge0: port 1(bridge_slave_0) entered blocking state [ 1436.278836][ T3646] bridge0: port 1(bridge_slave_0) entered disabled state [ 1436.322978][ T3646] bridge_slave_0: entered allmulticast mode [ 1436.365503][ T3646] bridge_slave_0: entered promiscuous mode [ 1436.462667][ T3646] bridge0: port 2(bridge_slave_1) entered blocking state [ 1436.631922][ T3646] bridge0: port 2(bridge_slave_1) entered disabled state [ 1437.035495][ T3646] bridge_slave_1: entered allmulticast mode [ 1437.304478][ T3646] bridge_slave_1: entered promiscuous mode [ 1437.499162][ T3646] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1437.577258][T26870] bridge_slave_1: left allmulticast mode [ 1437.583124][T26870] bridge_slave_1: left promiscuous mode [ 1437.638860][ T3696] netlink: 290 bytes leftover after parsing attributes in process `syz.0.12199'. [ 1437.674331][T26870] bridge0: port 2(bridge_slave_1) entered disabled state [ 1437.782412][T26870] bridge_slave_0: left allmulticast mode [ 1437.818405][T26870] bridge_slave_0: left promiscuous mode [ 1437.855329][T21810] Bluetooth: hci4: command tx timeout [ 1437.874871][T26870] bridge0: port 1(bridge_slave_0) entered disabled state [ 1437.965955][ T3702] FAULT_INJECTION: forcing a failure. [ 1437.965955][ T3702] name failslab, interval 1, probability 0, space 0, times 0 [ 1438.062139][ T3702] CPU: 0 UID: 0 PID: 3702 Comm: syz.3.12201 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 1438.062181][ T3702] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 1438.062192][ T3702] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1438.062203][ T3702] Call Trace: [ 1438.062210][ T3702] [ 1438.062218][ T3702] dump_stack_lvl+0x100/0x190 [ 1438.062251][ T3702] should_fail_ex.cold+0x5/0xa [ 1438.062272][ T3702] should_failslab+0xc2/0x120 [ 1438.062293][ T3702] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1438.062318][ T3702] ? alloc_tty_struct+0x96/0x8c0 [ 1438.062351][ T3702] alloc_tty_struct+0x96/0x8c0 [ 1438.062381][ T3702] ? __pfx_alloc_tty_struct+0x10/0x10 [ 1438.062416][ T3702] tty_init_dev.part.0+0x20/0x470 [ 1438.062447][ T3702] tty_open+0xa63/0xfa0 [ 1438.062478][ T3702] ? __pfx_tty_open+0x10/0x10 [ 1438.062504][ T3702] ? chrdev_open+0x10b/0x6a0 [ 1438.062523][ T3702] ? chrdev_open+0x10b/0x6a0 [ 1438.062544][ T3702] ? __pfx_tty_open+0x10/0x10 [ 1438.062572][ T3702] chrdev_open+0x234/0x6a0 [ 1438.062590][ T3702] ? __pfx_apparmor_file_open+0x10/0x10 [ 1438.062621][ T3702] ? __pfx_chrdev_open+0x10/0x10 [ 1438.062641][ T3702] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 1438.062666][ T3702] do_dentry_open+0x6d8/0x1660 [ 1438.062684][ T3702] ? __pfx_chrdev_open+0x10/0x10 [ 1438.062708][ T3702] vfs_open+0x82/0x3f0 [ 1438.062734][ T3702] path_openat+0x208c/0x31a0 [ 1438.062760][ T3702] ? __pfx_path_openat+0x10/0x10 [ 1438.062787][ T3702] do_file_open+0x20e/0x430 [ 1438.062808][ T3702] ? __pfx_do_file_open+0x10/0x10 [ 1438.062844][ T3702] ? alloc_fd+0x476/0x790 [ 1438.062865][ T3702] ? do_getname+0x191/0x390 [ 1438.062900][ T3702] do_sys_openat2+0x10d/0x1e0 [ 1438.062924][ T3702] ? __pfx_do_sys_openat2+0x10/0x10 [ 1438.062957][ T3702] __x64_sys_openat+0x12d/0x210 [ 1438.062982][ T3702] ? __pfx___x64_sys_openat+0x10/0x10 [ 1438.063017][ T3702] do_syscall_64+0x106/0xf80 [ 1438.063043][ T3702] ? clear_bhb_loop+0x40/0x90 [ 1438.063066][ T3702] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1438.063085][ T3702] RIP: 0033:0x7f35be99c799 [ 1438.063101][ T3702] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1438.063120][ T3702] RSP: 002b:00007f35bf7e1028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1438.063139][ T3702] RAX: ffffffffffffffda RBX: 00007f35bec15fa0 RCX: 00007f35be99c799 [ 1438.063151][ T3702] RDX: 0000000000020080 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 1438.063162][ T3702] RBP: 00007f35bea32c99 R08: 0000000000000000 R09: 0000000000000000 [ 1438.063173][ T3702] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1438.063184][ T3702] R13: 00007f35bec16038 R14: 00007f35bec15fa0 R15: 00007fff1b70d438 [ 1438.063208][ T3702] [ 1438.899699][ T3706] Loading of unsigned module is rejected [ 1439.910206][T26870] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1439.954225][T21810] Bluetooth: hci4: command tx timeout [ 1439.993332][T26870] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1440.070091][T26870] bond0 (unregistering): Released all slaves [ 1440.168425][ T3646] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1440.615827][ T3646] team0: Port device team_slave_0 added [ 1440.671228][ T3646] team0: Port device team_slave_1 added [ 1441.071303][ T3646] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1441.125981][ T3646] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1441.319039][ T3646] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1441.394644][ T3646] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1441.401703][ T3646] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1441.528294][ T3745] netlink: 4 bytes leftover after parsing attributes in process `syz.0.12215'. [ 1441.588451][ T3745] netlink: 25 bytes leftover after parsing attributes in process `syz.0.12215'. [ 1441.606681][ T3646] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1441.749669][T26870] hsr_slave_0: left promiscuous mode [ 1441.815142][T26870] hsr_slave_1: left promiscuous mode [ 1441.857692][T26870] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1441.887890][T26870] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1441.977187][T26870] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1442.009672][T26870] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1442.017449][T21810] Bluetooth: hci4: command tx timeout [ 1442.168283][T26870] veth1_macvtap: left promiscuous mode [ 1442.173793][T26870] veth0_macvtap: left promiscuous mode [ 1442.240528][T26870] veth1_vlan: left promiscuous mode [ 1442.280214][T26870] veth0_vlan: left promiscuous mode [ 1443.437588][T26870] team0 (unregistering): Port device team_slave_1 removed [ 1443.547756][T26870] team0 (unregistering): Port device team_slave_0 removed [ 1444.397691][ T3646] hsr_slave_0: entered promiscuous mode [ 1444.477704][ T3646] hsr_slave_1: entered promiscuous mode [ 1444.535398][ T3646] debugfs: 'hsr0' already exists in 'hsr' [ 1444.541362][ T3646] Cannot create hsr debugfs directory [ 1446.320812][ T3646] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 1446.400511][ T3646] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 1446.492078][ T3646] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 1446.547746][ T3646] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 1446.995613][ T3646] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1447.126922][ T3646] 8021q: adding VLAN 0 to HW filter on device team0 [ 1447.135280][ T3820] warning: `syz.3.12233' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 1447.223101][ T1319] bridge0: port 1(bridge_slave_0) entered blocking state [ 1447.230254][ T1319] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1447.313326][ T1319] bridge0: port 2(bridge_slave_1) entered blocking state [ 1447.320498][ T1319] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1447.540886][ T3646] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 1447.656263][ T3646] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1448.335298][ T3842] FAULT_INJECTION: forcing a failure. [ 1448.335298][ T3842] name failslab, interval 1, probability 0, space 0, times 0 [ 1448.451454][ T3842] CPU: 0 UID: 0 PID: 3842 Comm: syz.0.12238 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 1448.451495][ T3842] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 1448.451506][ T3842] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1448.451517][ T3842] Call Trace: [ 1448.451524][ T3842] [ 1448.451532][ T3842] dump_stack_lvl+0x100/0x190 [ 1448.451564][ T3842] should_fail_ex.cold+0x5/0xa [ 1448.451585][ T3842] should_failslab+0xc2/0x120 [ 1448.451605][ T3842] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1448.451634][ T3842] ? pty_common_install+0xdf/0xb30 [ 1448.451662][ T3842] pty_common_install+0xdf/0xb30 [ 1448.451687][ T3842] ? __pfx_pty_install+0x10/0x10 [ 1448.451719][ T3842] tty_init_dev.part.0+0x9e/0x470 [ 1448.451755][ T3842] tty_open+0xa63/0xfa0 [ 1448.451787][ T3842] ? __pfx_tty_open+0x10/0x10 [ 1448.451814][ T3842] ? chrdev_open+0x10b/0x6a0 [ 1448.451833][ T3842] ? chrdev_open+0x10b/0x6a0 [ 1448.451855][ T3842] ? __pfx_tty_open+0x10/0x10 [ 1448.451883][ T3842] chrdev_open+0x234/0x6a0 [ 1448.451902][ T3842] ? __pfx_apparmor_file_open+0x10/0x10 [ 1448.451933][ T3842] ? __pfx_chrdev_open+0x10/0x10 [ 1448.451953][ T3842] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 1448.451978][ T3842] do_dentry_open+0x6d8/0x1660 [ 1448.451996][ T3842] ? __pfx_chrdev_open+0x10/0x10 [ 1448.452021][ T3842] vfs_open+0x82/0x3f0 [ 1448.452047][ T3842] path_openat+0x208c/0x31a0 [ 1448.452074][ T3842] ? __pfx_path_openat+0x10/0x10 [ 1448.452103][ T3842] do_file_open+0x20e/0x430 [ 1448.452125][ T3842] ? __pfx_do_file_open+0x10/0x10 [ 1448.452162][ T3842] ? alloc_fd+0x476/0x790 [ 1448.452183][ T3842] ? do_getname+0x191/0x390 [ 1448.452208][ T3842] do_sys_openat2+0x10d/0x1e0 [ 1448.452240][ T3842] ? __pfx_do_sys_openat2+0x10/0x10 [ 1448.452273][ T3842] __x64_sys_openat+0x12d/0x210 [ 1448.452299][ T3842] ? __pfx___x64_sys_openat+0x10/0x10 [ 1448.452333][ T3842] do_syscall_64+0x106/0xf80 [ 1448.452359][ T3842] ? clear_bhb_loop+0x40/0x90 [ 1448.452383][ T3842] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1448.452403][ T3842] RIP: 0033:0x7f249d19c799 [ 1448.452420][ T3842] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1448.452438][ T3842] RSP: 002b:00007f249dfb6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1448.452457][ T3842] RAX: ffffffffffffffda RBX: 00007f249d415fa0 RCX: 00007f249d19c799 [ 1448.452470][ T3842] RDX: 0000000000020080 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 1448.452482][ T3842] RBP: 00007f249d232c99 R08: 0000000000000000 R09: 0000000000000000 [ 1448.452494][ T3842] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1448.452506][ T3842] R13: 00007f249d416038 R14: 00007f249d415fa0 R15: 00007ffe0b40fb48 [ 1448.452531][ T3842] [ 1449.273746][ T3646] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1449.311333][ T3853] RDS: rds_bind could not find a transport for fe80::736d:2f73:7461:626c, load rds_tcp or rds_rdma? [ 1450.776434][ T3646] veth0_vlan: entered promiscuous mode [ 1450.885067][ T3646] veth1_vlan: entered promiscuous mode [ 1451.100078][ T3646] veth0_macvtap: entered promiscuous mode [ 1451.168710][ T3646] veth1_macvtap: entered promiscuous mode [ 1451.311345][ T3646] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1451.391208][ T3646] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1451.527765][ T48] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1451.544301][ T3885] sock: sock_timestamping_bind_phc: sock not bind to device [ 1451.591173][ T48] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1451.721533][ T48] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1451.771990][ T48] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1452.130360][ T48] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1452.203431][ T48] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1452.375206][ T3901] netlink: 330 bytes leftover after parsing attributes in process `syz.3.12252'. [ 1452.411949][T26520] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1452.461475][T26520] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1452.654999][ T3905] random: crng reseeded on system resumption [ 1452.762999][ T3908] netlink: 146 bytes leftover after parsing attributes in process `syz.3.12254'. [ 1452.782147][ T3909] RDS: rds_bind could not find a transport for fe80::736d:2f73:7461:626c, load rds_tcp or rds_rdma? [ 1453.077126][ T3915] netlink: 'syz.4.12180': attribute type 1 has an invalid length. [ 1453.170376][ T3915] netlink: 306 bytes leftover after parsing attributes in process `syz.4.12180'. [ 1453.247761][ T3915] netlink: 'syz.4.12180': attribute type 1 has an invalid length. [ 1453.325314][ T3915] netlink: 306 bytes leftover after parsing attributes in process `syz.4.12180'. [ 1454.145788][ T3939] [U] H [ 1454.148778][ T3939] [U] >Hp>F_ѓ]-8 5g oJ`d ]]݊A$Mg܈і?3c $`6k{ tjjN)$2&Hc}3b-&ǵ@t@G:];6oHHo+"k/4'2GuP#$v%6(}oqOt1EQ**xD:ll`*p^$xIh<UwCz#LҲ-pO [ 1454.175687][ T3939] [U] *´]jPݔN2ڌ jMQ3a6u [ 1454.181834][ T3939] [U] ,^)c-eIsA{ޝ|X=7_l 3<'_3-Tr~o )RٖtٛR@RGV (Ddɀ}1UF9׾ [ 1454.194235][ T3939] [U] ؂V(߆;1Dpi=(Dy}׍/p': $f濬H.8zfN%U7Eb$\yzFBY%3r’%jP&!ǎ85[ld:nV #Ѩ;(~*YK߮ [ 1454.245222][ T3939] [U] Օ_f!{p ,oM U,~;S[qzuʹblգPIl}PW#'6SFg` [ 1454.254230][ T3939] [U] 1dŘExH [ 1454.258740][ T3939] [U] p4|LGMEnʕC|^O!nQo{,|Dq$^Ēfd5>:nrvo" [ 1454.267504][ T3939] [U] 5V k֣%s>DȰኆ34Ս mcУlKqKضu𔎝RL.xfw:q kS(>d ܜc#=EY,gduLBiAnLIbzQbݚ%6i [ 1454.283581][ T3939] [U] b D7tspdۻ*R@޸ԕ1V{)Dg\}R_5S޹dOfy5w'|rN z(YJE09hYxM4ЧN82JBNL.˼jnھ?_FG'tiNfu&IM}E\ 9{/ `z0ďEdU+=6$&~+C8'ILK3Vղo[fxO"%lV&˧fh4yF,ɶT-]ݫ/pHm|zgC"N -}-[K~3 [ 1454.319021][ T3939] [U] -D ,S2'pTw)lY94PJϯ+y7ѠTm9x _ [ 1455.354499][ T3939] [U] {2wBpwų:?C}[DNÆR:FO,lrFF`;+R4ܸ [ 1455.363312][ T3939] [U] 4Ƭ$TWE&Z{& '[ԞI,yM()Xec J(D~HdЇhjU!v\48WCWy FiuP]|f|Գ@ T脀OOT:Wh3SLd\bϼ^>ީXHO[ES~ox3첋 :!, ;$# ++ Kp)zGU֦X Uc"JHPL.E;af4MkdU_AB^& p [ 1455.392925][ T3939] [U] f\;0-1^RiuOmh@SS&l(D7<[B^Z]~pԜ V/ղQhY. [ 1455.402486][ T3939] [U] s&bB'ҧB'8$+slC9wN՚LӲH{sNWig4sd)-5Dqקs<پ?wP>SêXE(+4Ѵke#V[d(c<kA6,<^%[#0HrVXaz1lOޔf[t25:xnGd&=w!"4-Ц`[fq\%y?ն/FOajkdؘ|*ԭ~91D[N٨P#Me åLgYc=got|cqQCSG\VJFETKoMۛ7{$ q4-4p˵"S֥d [ 1455.444447][ T3939] [U] poPh7N:uJӱ6`!Z^&nyፂTL 3v2=E"e(.~] [ 1455.453812][ T3939] [U] tXI!ZlhuK [ 1455.458568][ T3939] [U] ޓwˮ'j -LeD&D [ 1455.464363][ T3939] [U] m%`eI0܏+eg![>)g^d(F [ 1455.469822][ T3939] [U] j*9]ׁ{HAb$ [ 1455.473882][ T3939] [U] i0r+i7}6H77a~vP̚4yԙ|^mjd[]` wHWfbuLHg~rxAmo ]<Jg2DzHrV\ [ 1455.505860][ T3939] [U] C{ܑ2ҋעJL<݁(ӫuI߯i/`8ԁ?`XnV [ 1455.514446][ T3939] [U] q;ۼ+xN3C'~|6PR ɥ1 [ 1455.521117][ T3939] [U] ԩɻA\mP yPbwS[ r=ti6~QQ?{Λ^SCakX$ͦ%’@P [ 1456.421311][ T3939] [U] ̔8p5zLR^cu"A{?~1^2AqCc c}bIqZ}>\2F<ܺ2Qr÷/IT4W)f|Md{X3hx4RUp7z= DNq*S85S$ZSE f #PǥTuyЕi2Эlׯr \>+i"1m [ 1456.512163][ T3939] [U] )'Ï- P*J*KـU$y+t )hef ` f>-+?9z;DބNvbB=g?ކmVd \}w,XY亷>RYa'h]6)D?񀿝uh8M,JeG3XQomHgg֚IyMD=l6njp ($MY6@Plw/Sͫ i/ƽKg$ua)th\nP۱-ܱ]w#8iUGz=?+A޵'"9ޠ3y;ſ [ 1456.545511][ T3939] [U] LB;^(6^r>^5" ZKmF䀺WaGsݙǾIHYgY|cfvȲe$ʰA}1T$Ǔr(Jc(zDf+nŽD좆Fz&ľ˾|J;CnCAU޼{d@8Y+Ϗ*YFGOzR"{xw} [ 1456.574155][ T3939] [U] nW뺜‘45TJn5NKQ:{Xt%25Ewݛ_4KM$d2~5}tH"YU2& 9m+@o0s?DIB9< [ 1457.470089][ T3939] [U] Q\o(G>خTO>HcHN}~jk<>/=N26VެB^C.EFh匶Y./ػu)sJXٿum˖pȥ7FMvs GbS eSv~|e֦ۚ [ 1459.865932][ T4024] netlink: 54 bytes leftover after parsing attributes in process `syz.4.12294'. [ 1462.154372][ T4054] netlink: 338 bytes leftover after parsing attributes in process `syz.3.12305'. [ 1462.403768][ T4059] netlink: 342 bytes leftover after parsing attributes in process `syz.3.12305'. [ 1462.530484][ T4057] netlink: 338 bytes leftover after parsing attributes in process `syz.3.12305'. [ 1463.396078][ T4066] netlink: 330 bytes leftover after parsing attributes in process `syz.3.12308'. [ 1463.609378][ T4066] \: renamed from lo [ 1466.844996][ T4143] netlink: 342 bytes leftover after parsing attributes in process `syz.0.12329'. [ 1466.966455][ T4146] netlink: 342 bytes leftover after parsing attributes in process `syz.0.12329'. [ 1467.322648][ T4151] netlink: 4 bytes leftover after parsing attributes in process `syz.0.12332'. [ 1468.328084][ T4171] netlink: 354 bytes leftover after parsing attributes in process `syz.0.12335'. [ 1470.735131][ T4205] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 1470.859182][ T4205] netlink: 12 bytes leftover after parsing attributes in process `syz.4.12342'. [ 1472.825281][ T4247] netlink: 17 bytes leftover after parsing attributes in process `syz.0.12354'. [ 1474.737817][ T4276] KVM: debugfs: duplicate directory 4276-3 [ 1475.182884][ T4279] zram: Added device: zram1 [ 1476.906334][ T4314] netlink: 342 bytes leftover after parsing attributes in process `syz.0.12377'. [ 1477.608929][ T4321] mkiss: ax0: crc mode is auto. [ 1478.974329][ T4338] mkiss: ax0: crc mode is auto. [ 1483.116224][ T4413] netlink: 'syz.0.12415': attribute type 5 has an invalid length. [ 1483.163756][ T4413] netlink: 314 bytes leftover after parsing attributes in process `syz.0.12415'. [ 1483.744895][ T4423] netlink: 25 bytes leftover after parsing attributes in process `syz.3.12418'. [ 1484.739811][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 1484.746336][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 1487.268716][ T4477] netlink: 28 bytes leftover after parsing attributes in process `syz.3.12438'. [ 1487.329630][ T4477] ipvlan0: entered promiscuous mode [ 1487.394852][ T4477] ipvlan0: entered allmulticast mode [ 1487.453337][ T4477] veth0_vlan: entered allmulticast mode [ 1488.409951][ T4495] netlink: 28 bytes leftover after parsing attributes in process `syz.2.12447'. [ 1489.020887][ T4506] netlink: 186 bytes leftover after parsing attributes in process `syz.2.12451'. [ 1491.093031][ T4537] netlink: 28 bytes leftover after parsing attributes in process `syz.2.12465'. [ 1491.960854][ T4550] netlink: 'syz.3.12470': attribute type 1 has an invalid length. [ 1492.007891][ T4550] netlink: 314 bytes leftover after parsing attributes in process `syz.3.12470'. [ 1493.576835][ T4580] netlink: 25 bytes leftover after parsing attributes in process `syz.4.12482'. [ 1496.166232][ T4628] netlink: 504 bytes leftover after parsing attributes in process `syz.2.12500'. [ 1496.233033][ T4628] netlink: 504 bytes leftover after parsing attributes in process `syz.2.12500'. [ 1496.267787][ T4630] FAULT_INJECTION: forcing a failure. [ 1496.267787][ T4630] name failslab, interval 1, probability 0, space 0, times 0 [ 1496.345265][ T4632] FAULT_INJECTION: forcing a failure. [ 1496.345265][ T4632] name failslab, interval 1, probability 0, space 0, times 0 [ 1496.371477][ T4630] CPU: 0 UID: 0 PID: 4630 Comm: syz.3.12501 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 1496.371519][ T4630] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 1496.371530][ T4630] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1496.371542][ T4630] Call Trace: [ 1496.371549][ T4630] [ 1496.371558][ T4630] dump_stack_lvl+0x100/0x190 [ 1496.371591][ T4630] should_fail_ex.cold+0x5/0xa [ 1496.371616][ T4630] should_failslab+0xc2/0x120 [ 1496.371636][ T4630] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1496.371661][ T4630] ? tipc_conn_alloc+0x48/0x590 [ 1496.371684][ T4630] ? net_generic+0xea/0x2a0 [ 1496.371704][ T4630] ? net_generic+0xea/0x2a0 [ 1496.371728][ T4630] tipc_conn_alloc+0x48/0x590 [ 1496.371751][ T4630] tipc_topsrv_kern_subscr+0x11c/0x3c0 [ 1496.371784][ T4630] ? __pfx_tipc_topsrv_kern_subscr+0x10/0x10 [ 1496.371811][ T4630] ? net_generic+0xea/0x2a0 [ 1496.371839][ T4630] tipc_group_create+0x4ab/0x660 [ 1496.371867][ T4630] tipc_setsockopt+0x611/0xe30 [ 1496.371898][ T4630] ? __pfx_tipc_setsockopt+0x10/0x10 [ 1496.371937][ T4630] ? __pfx_tipc_setsockopt+0x10/0x10 [ 1496.371968][ T4630] do_sock_setsockopt+0xf3/0x1d0 [ 1496.372005][ T4630] __sys_setsockopt+0x119/0x190 [ 1496.372035][ T4630] __x64_sys_setsockopt+0xbd/0x160 [ 1496.372060][ T4630] ? do_syscall_64+0x95/0xf80 [ 1496.372085][ T4630] ? lockdep_hardirqs_on+0x78/0x100 [ 1496.372119][ T4630] do_syscall_64+0x106/0xf80 [ 1496.372143][ T4630] ? clear_bhb_loop+0x40/0x90 [ 1496.372166][ T4630] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1496.372187][ T4630] RIP: 0033:0x7f35be99c799 [ 1496.372204][ T4630] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1496.372222][ T4630] RSP: 002b:00007f35bf7e1028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 1496.372242][ T4630] RAX: ffffffffffffffda RBX: 00007f35bec15fa0 RCX: 00007f35be99c799 [ 1496.372261][ T4630] RDX: 0000000000000087 RSI: 000000000000010f RDI: 0000000000000003 [ 1496.372271][ T4630] RBP: 00007f35bea32c99 R08: 0000000000000014 R09: 0000000000000000 [ 1496.372282][ T4630] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1496.372293][ T4630] R13: 00007f35bec16038 R14: 00007f35bec15fa0 R15: 00007fff1b70d438 [ 1496.372316][ T4630] [ 1496.848960][ T4632] CPU: 0 UID: 0 PID: 4632 Comm: syz.0.12502 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 1496.849003][ T4632] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 1496.849014][ T4632] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1496.849025][ T4632] Call Trace: [ 1496.849032][ T4632] [ 1496.849040][ T4632] dump_stack_lvl+0x100/0x190 [ 1496.849072][ T4632] should_fail_ex.cold+0x5/0xa [ 1496.849094][ T4632] should_failslab+0xc2/0x120 [ 1496.849114][ T4632] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 1496.849142][ T4632] ? proc_alloc_inode+0x25/0x200 [ 1496.849174][ T4632] ? __pfx_proc_alloc_inode+0x10/0x10 [ 1496.849202][ T4632] proc_alloc_inode+0x25/0x200 [ 1496.849236][ T4632] alloc_inode+0x68/0x250 [ 1496.849260][ T4632] new_inode+0x22/0x1c0 [ 1496.849287][ T4632] proc_pid_make_inode+0x22/0x160 [ 1496.849315][ T4632] proc_pident_instantiate+0x85/0x310 [ 1496.849344][ T4632] proc_pident_lookup+0x1e3/0x270 [ 1496.849375][ T4632] __lookup_slow+0x251/0x460 [ 1496.849401][ T4632] ? __pfx___lookup_slow+0x10/0x10 [ 1496.849444][ T4632] lookup_slow+0x50/0x70 [ 1496.849468][ T4632] link_path_walk+0x1377/0x1cc0 [ 1496.849503][ T4632] path_openat+0x1be/0x31a0 [ 1496.849521][ T4632] ? kasan_save_stack+0x3f/0x50 [ 1496.849547][ T4632] ? kasan_save_stack+0x30/0x50 [ 1496.849574][ T4632] ? kasan_save_track+0x14/0x30 [ 1496.849602][ T4632] ? kmem_cache_alloc_noprof+0x241/0x6e0 [ 1496.849634][ T4632] ? __pfx_path_openat+0x10/0x10 [ 1496.849661][ T4632] do_file_open+0x20e/0x430 [ 1496.849682][ T4632] ? __pfx_do_file_open+0x10/0x10 [ 1496.849709][ T4632] ? __pfx_kfree_link+0x10/0x10 [ 1496.849740][ T4632] ? alloc_fd+0x476/0x790 [ 1496.849760][ T4632] ? do_getname+0x191/0x390 [ 1496.849784][ T4632] do_sys_openat2+0x10d/0x1e0 [ 1496.849808][ T4632] ? __pfx_do_sys_openat2+0x10/0x10 [ 1496.849840][ T4632] __x64_sys_openat+0x12d/0x210 [ 1496.849866][ T4632] ? __pfx___x64_sys_openat+0x10/0x10 [ 1496.849898][ T4632] do_syscall_64+0x106/0xf80 [ 1496.849924][ T4632] ? clear_bhb_loop+0x40/0x90 [ 1496.849947][ T4632] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1496.849966][ T4632] RIP: 0033:0x7f249d15cfce [ 1496.849982][ T4632] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 1496.850000][ T4632] RSP: 002b:00007f249dfb5ec8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1496.850018][ T4632] RAX: ffffffffffffffda RBX: 00007f249dfb66c0 RCX: 00007f249d15cfce [ 1496.850030][ T4632] RDX: 0000000000000002 RSI: 00007f249dfb5f90 RDI: ffffffffffffff9c [ 1496.850042][ T4632] RBP: 00007f249d232c99 R08: 0000000000000000 R09: 0000000000000000 [ 1496.850053][ T4632] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1496.850065][ T4632] R13: 00007f249d416038 R14: 00007f249d415fa0 R15: 00007ffe0b40fb48 [ 1496.850088][ T4632] [ 1501.195154][T21810] Bluetooth: hci0: ISO packet for unknown connection handle 0 [ 1501.499804][ T4686] FAULT_INJECTION: forcing a failure. [ 1501.499804][ T4686] name failslab, interval 1, probability 0, space 0, times 0 [ 1501.586168][ T4686] CPU: 0 UID: 0 PID: 4686 Comm: syz.3.12523 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 1501.586211][ T4686] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 1501.586222][ T4686] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1501.586234][ T4686] Call Trace: [ 1501.586241][ T4686] [ 1501.586249][ T4686] dump_stack_lvl+0x100/0x190 [ 1501.586281][ T4686] should_fail_ex.cold+0x5/0xa [ 1501.586304][ T4686] should_failslab+0xc2/0x120 [ 1501.586326][ T4686] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1501.586350][ T4686] ? p9_client_create+0xaf/0xd40 [ 1501.586382][ T4686] p9_client_create+0xaf/0xd40 [ 1501.586410][ T4686] ? __pfx_p9_client_create+0x10/0x10 [ 1501.586444][ T4686] ? lockdep_init_map_type+0x5c/0x250 [ 1501.586469][ T4686] ? __raw_spin_lock_init+0x3a/0x110 [ 1501.586499][ T4686] v9fs_session_init+0x40/0xce0 [ 1501.586594][ T4686] ? kasan_save_track+0x14/0x30 [ 1501.586625][ T4686] v9fs_get_tree+0xb8/0xb50 [ 1501.586667][ T4686] ? rcu_is_watching+0x12/0xc0 [ 1501.586695][ T4686] ? __pfx_v9fs_get_tree+0x10/0x10 [ 1501.586725][ T4686] ? bpf_lsm_capable+0x9/0x10 [ 1501.586744][ T4686] ? security_capable+0x80/0x260 [ 1501.586774][ T4686] vfs_get_tree+0x92/0x320 [ 1501.586801][ T4686] vfs_cmd_create+0xd7/0x2a0 [ 1501.586826][ T4686] __do_sys_fsconfig+0x55a/0xcb0 [ 1501.586851][ T4686] ? __pfx___do_sys_fsconfig+0x10/0x10 [ 1501.586886][ T4686] do_syscall_64+0x106/0xf80 [ 1501.586911][ T4686] ? clear_bhb_loop+0x40/0x90 [ 1501.586933][ T4686] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1501.586952][ T4686] RIP: 0033:0x7f35be99c799 [ 1501.586968][ T4686] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1501.586986][ T4686] RSP: 002b:00007f35bf7e1028 EFLAGS: 00000246 ORIG_RAX: 00000000000001af [ 1501.587004][ T4686] RAX: ffffffffffffffda RBX: 00007f35bec15fa0 RCX: 00007f35be99c799 [ 1501.587016][ T4686] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000003 [ 1501.587026][ T4686] RBP: 00007f35bea32c99 R08: 0000000000000000 R09: 0000000000000000 [ 1501.587037][ T4686] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1501.587048][ T4686] R13: 00007f35bec16038 R14: 00007f35bec15fa0 R15: 00007fff1b70d438 [ 1501.587071][ T4686] [ 1502.714348][ T4699] netlink: 338 bytes leftover after parsing attributes in process `syz.2.12527'. [ 1503.918192][ T4720] random: crng reseeded on system resumption [ 1504.381637][ T4725] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 1505.165056][ T4739] netlink: 354 bytes leftover after parsing attributes in process `syz.0.12542'. [ 1505.476686][ T4745] vivid-007: ================= START STATUS ================= [ 1505.544130][ T4745] vivid-007: Generate PTS: true [ 1505.560967][ T4745] vivid-007: Generate SCR: true [ 1505.594418][ T4745] tpg source WxH: 320x240 (Y'CbCr) [ 1505.645306][ T4745] tpg field: 1 [ 1505.658970][ T4745] tpg crop: (0,0)/320x240 [ 1505.663335][ T4745] tpg compose: (0,0)/320x240 [ 1505.725738][ T4745] tpg colorspace: 8 [ 1505.729587][ T4745] tpg transfer function: 0/0 [ 1505.821960][ T4745] tpg Y'CbCr encoding: 0/0 [ 1505.856349][ T4745] tpg quantization: 0/0 [ 1505.885770][ T4745] tpg RGB range: 0/2 [ 1505.919216][ T4745] vivid-007: ================== END STATUS ================== [ 1506.277738][ T4762] netlink: 25 bytes leftover after parsing attributes in process `syz.0.12551'. [ 1507.305436][ T4781] mkiss: ax0: crc mode is auto. [ 1507.329592][ T4785] netlink: 326 bytes leftover after parsing attributes in process `syz.3.12561'. [ 1507.442950][ T4785] bridge0: port 2(bridge_slave_1) entered disabled state [ 1507.450289][ T4785] bridge0: port 1(bridge_slave_0) entered disabled state [ 1510.061343][ T4841] netlink: 326 bytes leftover after parsing attributes in process `syz.0.12582'. [ 1510.160425][ T4845] netlink: 28 bytes leftover after parsing attributes in process `syz.4.12581'. [ 1510.609343][ T4855] netlink: 314 bytes leftover after parsing attributes in process `syz.3.12586'. [ 1514.082855][ T4904] netlink: 28 bytes leftover after parsing attributes in process `syz.4.12602'. [ 1514.522744][ T4908] mkiss: ax0: crc mode is auto. [ 1515.066707][ T4913] mkiss: ax0: crc mode is auto. [ 1515.415224][ T4925] netlink: 'syz.0.12612': attribute type 33 has an invalid length. [ 1515.423173][ T4925] netlink: 322 bytes leftover after parsing attributes in process `syz.0.12612'. [ 1516.782817][ T4951] zswap: compressor  not available [ 1516.818725][ T4958] netlink: 326 bytes leftover after parsing attributes in process `syz.4.12623'. [ 1516.927342][ T4958] bridge0: port 2(bridge_slave_1) entered disabled state [ 1516.935015][ T4958] bridge0: port 1(bridge_slave_0) entered disabled state [ 1518.786335][ T4987] netlink: 146 bytes leftover after parsing attributes in process `syz.3.12631'. [ 1519.102957][ T4991] netlink: 21 bytes leftover after parsing attributes in process `syz.3.12633'. [ 1519.465013][ T4998] ima: policy update failed [ 1519.475278][ T30] audit: type=1802 audit(4294988807.190:27): pid=4998 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.3.12637" res=0 errno=0 [ 1521.559797][ T5036] netlink: 'syz.3.12652': attribute type 4 has an invalid length. [ 1521.622402][ T5036] netlink: 314 bytes leftover after parsing attributes in process `syz.3.12652'. [ 1523.817439][ T5063] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78000 [ 1523.904013][ T5063] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 1523.946603][ T5063] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000 [ 1524.008523][ T5063] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 1524.060945][ T5063] page dumped because: unmovable page [ 1524.113789][ T5063] page_owner tracks the page as allocated [ 1524.154109][ T5063] page last allocated via order 0, migratetype Unmovable, gfp_mask 0xcc0(GFP_KERNEL), pid 5823, tgid 5823 (syz-executor), ts 83884606377, free_ts 80608074598 [ 1524.244657][ T5063] post_alloc_hook+0x153/0x170 [ 1524.287607][ T5063] get_page_from_freelist+0x111d/0x3140 [ 1524.326054][ T5063] __alloc_frozen_pages_noprof+0x27c/0x2ba0 [ 1524.361269][ T5063] alloc_pages_bulk_noprof+0x782/0x1490 [ 1524.391627][ T5063] __kasan_populate_vmalloc+0xf0/0x210 [ 1524.418802][ T5063] alloc_vmap_area+0x95d/0x2bd0 [ 1524.445097][ T5072] netlink: 18 bytes leftover after parsing attributes in process `syz.4.12665'. [ 1524.474191][ T5063] __get_vm_area_node+0x1ca/0x330 [ 1524.494415][ T5063] __vmalloc_node_range_noprof+0x213/0x1530 [ 1524.514111][ T5063] vmalloc_user_noprof+0x9e/0xe0 [ 1524.545990][ T5063] kcov_ioctl+0x4c/0x720 [ 1524.564294][ T5063] __x64_sys_ioctl+0x18e/0x210 [ 1524.664779][ T5063] do_syscall_64+0x106/0xf80 [ 1524.700988][ T5063] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1524.727440][ T5063] page last free pid 5813 tgid 5813 stack trace: [ 1524.766446][ T5063] __free_frozen_pages+0x7e1/0x10d0 [ 1524.787667][ T5063] vfree.part.0+0x12b/0x9d0 [ 1524.792339][ T5063] vfree+0x55/0x80 [ 1524.817325][ T5063] kcov_close+0x34/0x60 [ 1524.847339][ T5063] __fput+0x3ff/0xb40 [ 1524.851376][ T5063] fput_close_sync+0x118/0x250 [ 1524.904655][ T5063] __x64_sys_close+0x8b/0x120 [ 1524.909423][ T5063] do_syscall_64+0x106/0xf80 [ 1524.954129][ T5063] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1526.553851][ T5099] netlink: 266 bytes leftover after parsing attributes in process `syz.4.12674'. [ 1526.614334][ T5099] IPv6: NLM_F_CREATE should be specified when creating new route [ 1527.585308][ T5108] netlink: 504 bytes leftover after parsing attributes in process `syz.0.12677'. [ 1528.582345][ T5129] binder: 5127:5129 ioctl c0306201 2000000000c0 returned -14 [ 1530.462850][ T5161] zswap: compressor not available [ 1532.176344][ T5212] netlink: 4 bytes leftover after parsing attributes in process `syz.0.12700'. [ 1532.270427][ T5212] netlink: 25 bytes leftover after parsing attributes in process `syz.0.12700'. [ 1532.852300][ T5220] netlink: 28 bytes leftover after parsing attributes in process `syz.3.12702'. [ 1533.502932][ T5230] FAULT_INJECTION: forcing a failure. [ 1533.502932][ T5230] name failslab, interval 1, probability 0, space 0, times 0 [ 1533.679194][ T5230] CPU: 0 UID: 0 PID: 5230 Comm: syz.3.12708 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 1533.679238][ T5230] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 1533.679249][ T5230] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1533.679261][ T5230] Call Trace: [ 1533.679268][ T5230] [ 1533.679276][ T5230] dump_stack_lvl+0x100/0x190 [ 1533.679311][ T5230] should_fail_ex.cold+0x5/0xa [ 1533.679334][ T5230] should_failslab+0xc2/0x120 [ 1533.679356][ T5230] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1533.679382][ T5230] ? single_open+0x4d/0x1d0 [ 1533.679408][ T5230] ? __pfx___debugfs_file_get+0x10/0x10 [ 1533.679439][ T5230] ? __pfx_transactions_show+0x10/0x10 [ 1533.679474][ T5230] ? __pfx_transactions_open+0x10/0x10 [ 1533.679553][ T5230] single_open+0x4d/0x1d0 [ 1533.679581][ T5230] full_proxy_open_regular+0x1b6/0x370 [ 1533.679622][ T5230] do_dentry_open+0x6d8/0x1660 [ 1533.679642][ T5230] ? __pfx_full_proxy_open_regular+0x10/0x10 [ 1533.679678][ T5230] vfs_open+0x82/0x3f0 [ 1533.679705][ T5230] path_openat+0x208c/0x31a0 [ 1533.679733][ T5230] ? __pfx_path_openat+0x10/0x10 [ 1533.679763][ T5230] do_file_open+0x20e/0x430 [ 1533.679786][ T5230] ? __pfx_do_file_open+0x10/0x10 [ 1533.679823][ T5230] ? alloc_fd+0x476/0x790 [ 1533.679845][ T5230] ? do_getname+0x191/0x390 [ 1533.679871][ T5230] do_sys_openat2+0x10d/0x1e0 [ 1533.679898][ T5230] ? __pfx_do_sys_openat2+0x10/0x10 [ 1533.679932][ T5230] __x64_sys_openat+0x12d/0x210 [ 1533.679959][ T5230] ? __pfx___x64_sys_openat+0x10/0x10 [ 1533.679993][ T5230] do_syscall_64+0x106/0xf80 [ 1533.680020][ T5230] ? clear_bhb_loop+0x40/0x90 [ 1533.680043][ T5230] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1533.680064][ T5230] RIP: 0033:0x7f35be99c799 [ 1533.680082][ T5230] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1533.680102][ T5230] RSP: 002b:00007f35bf7e1028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1533.680122][ T5230] RAX: ffffffffffffffda RBX: 00007f35bec15fa0 RCX: 00007f35be99c799 [ 1533.680135][ T5230] RDX: 0000000000000040 RSI: 0000200000001100 RDI: ffffffffffffff9c [ 1533.680147][ T5230] RBP: 00007f35bea32c99 R08: 0000000000000000 R09: 0000000000000000 [ 1533.680159][ T5230] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1533.680171][ T5230] R13: 00007f35bec16038 R14: 00007f35bec15fa0 R15: 00007fff1b70d438 [ 1533.680194][ T5230] [ 1536.766830][ T5268] netlink: 17 bytes leftover after parsing attributes in process `syz.4.12721'. [ 1536.894284][ T5262] zswap: compressor not available [ 1538.305325][ T5289] netlink: 'syz.4.12727': attribute type 1 has an invalid length. [ 1538.354078][ T5289] netlink: 306 bytes leftover after parsing attributes in process `syz.4.12727'. [ 1541.338282][ T5332] netlink: 28 bytes leftover after parsing attributes in process `syz.0.12746'. [ 1541.414069][ T5332] veth0_vlan: entered allmulticast mode [ 1546.177662][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 1546.185352][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 1547.574704][ T5411] openvswitch: HfR: Dropping previously announced user features [ 1548.266875][ T5426] netlink: 186 bytes leftover after parsing attributes in process `syz.0.12783'. [ 1548.985363][ T5434] netlink: 266 bytes leftover after parsing attributes in process `syz.0.12786'. [ 1549.082358][ T5434] IPv6: NLM_F_CREATE should be specified when creating new route [ 1549.153209][ T5438] netlink: 25 bytes leftover after parsing attributes in process `syz.3.12787'. [ 1549.669777][T21810] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 1550.065228][T21810] Bluetooth: hci2: unexpected event 0x20 length: 123 > 7 [ 1550.780421][ T5470] FAULT_INJECTION: forcing a failure. [ 1550.780421][ T5470] name failslab, interval 1, probability 0, space 0, times 0 [ 1551.097572][ T5470] CPU: 0 UID: 0 PID: 5470 Comm: syz.4.12798 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 1551.097616][ T5470] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 1551.097627][ T5470] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1551.097639][ T5470] Call Trace: [ 1551.097646][ T5470] [ 1551.097654][ T5470] dump_stack_lvl+0x100/0x190 [ 1551.097688][ T5470] should_fail_ex.cold+0x5/0xa [ 1551.097710][ T5470] should_failslab+0xc2/0x120 [ 1551.097731][ T5470] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 1551.097758][ T5470] ? prepare_creds+0x2c/0x950 [ 1551.097792][ T5470] prepare_creds+0x2c/0x950 [ 1551.097821][ T5470] __sys_setregid+0x109/0x910 [ 1551.097854][ T5470] do_syscall_64+0x106/0xf80 [ 1551.097880][ T5470] ? clear_bhb_loop+0x40/0x90 [ 1551.097902][ T5470] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1551.097921][ T5470] RIP: 0033:0x7f459819c799 [ 1551.097938][ T5470] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1551.097955][ T5470] RSP: 002b:00007f4599072028 EFLAGS: 00000246 ORIG_RAX: 0000000000000072 [ 1551.097973][ T5470] RAX: ffffffffffffffda RBX: 00007f4598416090 RCX: 00007f459819c799 [ 1551.097984][ T5470] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1551.097995][ T5470] RBP: 00007f4598232c99 R08: 0000000000000000 R09: 0000000000000000 [ 1551.098006][ T5470] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1551.098017][ T5470] R13: 00007f4598416128 R14: 00007f4598416090 R15: 00007ffdf444d158 [ 1551.098040][ T5470] [ 1552.095582][ T5483] netlink: 338 bytes leftover after parsing attributes in process `syz.0.12801'. [ 1553.689026][ T5518] netlink: 186 bytes leftover after parsing attributes in process `syz.0.12814'. [ 1553.753614][ T5518] netlink: 186 bytes leftover after parsing attributes in process `syz.0.12814'. [ 1554.275277][ T5524] mkiss: ax0: crc mode is auto. [ 1554.576039][ T5526] netlink: 266 bytes leftover after parsing attributes in process `syz.0.12816'. [ 1555.983095][ T5561] Loading of unsigned module is rejected [ 1556.109211][ T5563] netlink: 330 bytes leftover after parsing attributes in process `syz.0.12825'. [ 1556.468049][ T5563] gretap0: refused to change device tx_queue_len [ 1557.854888][T21810] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 1558.497105][T21810] Bluetooth: hci4: command 0x0406 tx timeout [ 1560.522126][ T5625] netlink: 334 bytes leftover after parsing attributes in process `syz.3.12841'. [ 1563.475071][ T5668] netlink: 326 bytes leftover after parsing attributes in process `syz.0.12857'. [ 1565.242193][ T5692] zswap: compressor 000 not available [ 1567.108300][ T5731] netlink: 28 bytes leftover after parsing attributes in process `syz.3.12877'. [ 1567.784900][ T5745] net_ratelimit: 5 callbacks suppressed [ 1567.784919][ T5745] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 1571.341595][ T5790] netlink: 334 bytes leftover after parsing attributes in process `syz.2.12901'. [ 1574.215157][ T5835] netlink: 'syz.0.12914': attribute type 21 has an invalid length. [ 1574.274073][ T5835] netlink: 326 bytes leftover after parsing attributes in process `syz.0.12914'. [ 1574.324151][ T5835] IPv6: NLM_F_CREATE should be specified when creating new route [ 1576.893772][ T5895] netlink: 334 bytes leftover after parsing attributes in process `syz.0.12929'. [ 1579.572886][ T5929] netdevsim netdevsim2 netdevsim0: entered allmulticast mode [ 1579.798867][ T5935] FAULT_INJECTION: forcing a failure. [ 1579.798867][ T5935] name failslab, interval 1, probability 0, space 0, times 0 [ 1579.898550][ T5935] CPU: 0 UID: 0 PID: 5935 Comm: syz.4.12940 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 1579.898592][ T5935] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 1579.898603][ T5935] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1579.898613][ T5935] Call Trace: [ 1579.898621][ T5935] [ 1579.898629][ T5935] dump_stack_lvl+0x100/0x190 [ 1579.898661][ T5935] should_fail_ex.cold+0x5/0xa [ 1579.898683][ T5935] ? acpi_ns_get_normalized_pathname+0x95/0x250 [ 1579.898776][ T5935] should_failslab+0xc2/0x120 [ 1579.898797][ T5935] __kmalloc_noprof+0xe0/0x850 [ 1579.898826][ T5935] ? acpi_ut_trace_ptr+0x1d2/0x2a0 [ 1579.898867][ T5935] acpi_ns_get_normalized_pathname+0x95/0x250 [ 1579.898896][ T5935] acpi_ex_start_trace_method+0x30/0x4f0 [ 1579.898950][ T5935] acpi_ds_begin_method_execution+0x60/0xc20 [ 1579.898994][ T5935] ? down_timeout+0x6b/0x90 [ 1579.899021][ T5935] ? acpi_tb_check_dsdt_header+0x324/0x3f0 [ 1579.899077][ T5935] acpi_ps_execute_method+0xb1/0xe90 [ 1579.899101][ T5935] ? acpi_ut_acquire_mutex+0x2d7/0x500 [ 1579.899134][ T5935] acpi_ns_evaluate+0x640/0x1670 [ 1579.899165][ T5935] acpi_evaluate_object+0x420/0xe00 [ 1579.899182][ T5935] ? kasan_save_stack+0x30/0x50 [ 1579.899210][ T5935] ? kasan_save_track+0x14/0x30 [ 1579.899243][ T5935] ? __pfx_acpi_evaluate_object+0x10/0x10 [ 1579.899269][ T5935] acpi_evaluate_integer+0xdf/0x220 [ 1579.899317][ T5935] ? __pfx_acpi_evaluate_integer+0x10/0x10 [ 1579.899353][ T5935] ? __pfx_status_show+0x10/0x10 [ 1579.899385][ T5935] status_show+0xa0/0x120 [ 1579.899403][ T5935] ? __pfx_status_show+0x10/0x10 [ 1579.899427][ T5935] dev_attr_show+0x52/0xa0 [ 1579.899451][ T5935] ? __pfx_dev_attr_show+0x10/0x10 [ 1579.899472][ T5935] sysfs_kf_seq_show+0x217/0x3a0 [ 1579.899503][ T5935] seq_read_iter+0x32f/0x1270 [ 1579.899541][ T5935] kernfs_fop_read_iter+0x46c/0x610 [ 1579.899562][ T5935] ? rw_verify_area+0xce/0x6d0 [ 1579.899589][ T5935] ? __pfx_kernfs_fop_read_iter+0x10/0x10 [ 1579.899611][ T5935] vfs_read+0x825/0xb30 [ 1579.899644][ T5935] ? __pfx_vfs_read+0x10/0x10 [ 1579.899688][ T5935] ksys_read+0x12a/0x250 [ 1579.899705][ T5935] ? __pfx_ksys_read+0x10/0x10 [ 1579.899728][ T5935] do_syscall_64+0x106/0xf80 [ 1579.899753][ T5935] ? clear_bhb_loop+0x40/0x90 [ 1579.899776][ T5935] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1579.899795][ T5935] RIP: 0033:0x7f459819c799 [ 1579.899812][ T5935] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1579.899830][ T5935] RSP: 002b:00007f4599093028 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1579.899848][ T5935] RAX: ffffffffffffffda RBX: 00007f4598415fa0 RCX: 00007f459819c799 [ 1579.899860][ T5935] RDX: 000000000000007a RSI: 0000200000000240 RDI: 0000000000000004 [ 1579.899872][ T5935] RBP: 00007f4598232c99 R08: 0000000000000000 R09: 0000000000000000 [ 1579.899883][ T5935] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1579.899893][ T5935] R13: 00007f4598416038 R14: 00007f4598415fa0 R15: 00007ffdf444d158 [ 1579.899917][ T5935] [ 1579.899947][ T5935] ACPI Error: [ 1580.905737][ T5954] netlink: 266 bytes leftover after parsing attributes in process `syz.2.12947'. [ 1581.391626][ T5935] Could not allocate 15 bytes (20251212/nsnames-308) [ 1583.130864][ T5990] netlink: 'syz.2.12959': attribute type 27 has an invalid length. [ 1583.197023][ T5990] netlink: 'syz.2.12959': attribute type 28 has an invalid length. [ 1583.237394][ T5990] netlink: 'syz.2.12959': attribute type 29 has an invalid length. [ 1583.299030][ T5990] netlink: 'syz.2.12959': attribute type 30 has an invalid length. [ 1583.342976][ T5990] netlink: 'syz.2.12959': attribute type 31 has an invalid length. [ 1583.379155][ T5990] netlink: 'syz.2.12959': attribute type 32 has an invalid length. [ 1583.415947][ T5990] netlink: 'syz.2.12959': attribute type 33 has an invalid length. [ 1583.476499][ T5990] netlink: 'syz.2.12959': attribute type 35 has an invalid length. [ 1583.515162][ T5990] netlink: 'syz.2.12959': attribute type 37 has an invalid length. [ 1583.544119][ T5990] netlink: 18 bytes leftover after parsing attributes in process `syz.2.12959'. [ 1584.607324][ T6011] netlink: 25 bytes leftover after parsing attributes in process `syz.2.12965'. [ 1586.373527][ T6040] openvswitch: netlink: IP tunnel dst address not specified [ 1586.698357][ T6044] netlink: 'syz.4.12975': attribute type 33 has an invalid length. [ 1586.760609][ T6044] netlink: 322 bytes leftover after parsing attributes in process `syz.4.12975'. [ 1587.102298][ T6052] netlink: 338 bytes leftover after parsing attributes in process `syz.4.12979'. [ 1587.171397][ T6052] netlink: 338 bytes leftover after parsing attributes in process `syz.4.12979'. [ 1587.251888][ T6056] netlink: 170 bytes leftover after parsing attributes in process `syz.4.12979'. [ 1588.640483][ T6087] FAULT_INJECTION: forcing a failure. [ 1588.640483][ T6087] name failslab, interval 1, probability 0, space 0, times 0 [ 1588.736375][ T6087] CPU: 0 UID: 0 PID: 6087 Comm: syz.3.12990 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 1588.736417][ T6087] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 1588.736428][ T6087] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1588.736439][ T6087] Call Trace: [ 1588.736446][ T6087] [ 1588.736454][ T6087] dump_stack_lvl+0x100/0x190 [ 1588.736487][ T6087] should_fail_ex.cold+0x5/0xa [ 1588.736508][ T6087] ? lsm_blob_alloc+0x68/0x90 [ 1588.736534][ T6087] should_failslab+0xc2/0x120 [ 1588.736554][ T6087] __kmalloc_noprof+0xe0/0x850 [ 1588.736582][ T6087] ? trace_kmem_cache_alloc+0xf3/0x120 [ 1588.736605][ T6087] lsm_blob_alloc+0x68/0x90 [ 1588.736631][ T6087] security_prepare_creds+0x2d/0x290 [ 1588.736657][ T6087] prepare_creds+0x5d6/0x950 [ 1588.736687][ T6087] __sys_setresgid+0x4a7/0x12f0 [ 1588.736710][ T6087] do_syscall_64+0x106/0xf80 [ 1588.736735][ T6087] ? clear_bhb_loop+0x40/0x90 [ 1588.736758][ T6087] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1588.736776][ T6087] RIP: 0033:0x7f35be99c799 [ 1588.736792][ T6087] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1588.736809][ T6087] RSP: 002b:00007f35bf7e1028 EFLAGS: 00000246 ORIG_RAX: 0000000000000077 [ 1588.736827][ T6087] RAX: ffffffffffffffda RBX: 00007f35bec15fa0 RCX: 00007f35be99c799 [ 1588.736839][ T6087] RDX: 0000000000000008 RSI: 00000000800000a0 RDI: 0000000000000081 [ 1588.736851][ T6087] RBP: 00007f35bea32c99 R08: 0000000000000000 R09: 0000000000000000 [ 1588.736862][ T6087] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1588.736873][ T6087] R13: 00007f35bec16038 R14: 00007f35bec15fa0 R15: 00007fff1b70d438 [ 1588.736896][ T6087] [ 1589.338586][ T6094] FAULT_INJECTION: forcing a failure. [ 1589.338586][ T6094] name failslab, interval 1, probability 0, space 0, times 0 [ 1589.434266][ T6094] CPU: 0 UID: 0 PID: 6094 Comm: syz.3.12994 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 1589.434308][ T6094] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 1589.434318][ T6094] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1589.434329][ T6094] Call Trace: [ 1589.434337][ T6094] [ 1589.434345][ T6094] dump_stack_lvl+0x100/0x190 [ 1589.434378][ T6094] should_fail_ex.cold+0x5/0xa [ 1589.434399][ T6094] should_failslab+0xc2/0x120 [ 1589.434420][ T6094] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1589.434445][ T6094] ? alloc_fs_context+0x57/0xf40 [ 1589.434470][ T6094] alloc_fs_context+0x57/0xf40 [ 1589.434496][ T6094] mq_init_ns+0x16e/0x820 [ 1589.434519][ T6094] copy_ipcs+0x3dd/0x7e0 [ 1589.434539][ T6094] create_new_namespaces+0x20a/0xac0 [ 1589.434559][ T6094] ? security_capable+0x80/0x260 [ 1589.434590][ T6094] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 1589.434611][ T6094] ksys_unshare+0x473/0xad0 [ 1589.434637][ T6094] ? __pfx_ksys_unshare+0x10/0x10 [ 1589.434669][ T6094] __x64_sys_unshare+0x31/0x40 [ 1589.434692][ T6094] do_syscall_64+0x106/0xf80 [ 1589.434718][ T6094] ? clear_bhb_loop+0x40/0x90 [ 1589.434741][ T6094] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1589.434760][ T6094] RIP: 0033:0x7f35be99c799 [ 1589.434776][ T6094] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1589.434794][ T6094] RSP: 002b:00007f35bf7e1028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 1589.434813][ T6094] RAX: ffffffffffffffda RBX: 00007f35bec15fa0 RCX: 00007f35be99c799 [ 1589.434825][ T6094] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000006c000000 [ 1589.434836][ T6094] RBP: 00007f35bea32c99 R08: 0000000000000000 R09: 0000000000000000 [ 1589.434847][ T6094] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1589.434857][ T6094] R13: 00007f35bec16038 R14: 00007f35bec15fa0 R15: 00007fff1b70d438 [ 1589.434880][ T6094] [ 1590.886716][ T6113] netlink: 342 bytes leftover after parsing attributes in process `syz.0.12995'. [ 1591.013427][ T6113] netlink: 302 bytes leftover after parsing attributes in process `syz.0.12995'. [ 1593.160602][ T6153] netlink: 'syz.3.13014': attribute type 21 has an invalid length. [ 1593.208122][ T6153] netlink: 326 bytes leftover after parsing attributes in process `syz.3.13014'. [ 1595.899772][ T6189] zswap: compressor not available [ 1603.242964][ T6267] netlink: 8 bytes leftover after parsing attributes in process `syz.2.13047'. [ 1603.755977][ T6276] netlink: 338 bytes leftover after parsing attributes in process `syz.3.13053'. [ 1605.894357][ T6294] netlink: 342 bytes leftover after parsing attributes in process `syz.4.13058'. [ 1606.260092][ T6288] FAULT_INJECTION: forcing a failure. [ 1606.260092][ T6288] name fail_futex, interval 1, probability 0, space 0, times 0 [ 1606.321816][ T6298] FAULT_INJECTION: forcing a failure. [ 1606.321816][ T6298] name failslab, interval 1, probability 0, space 0, times 0 [ 1606.376543][ T6288] CPU: 0 UID: 0 PID: 6288 Comm: syz.3.13057 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 1606.376583][ T6288] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 1606.376594][ T6288] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1606.376605][ T6288] Call Trace: [ 1606.376611][ T6288] [ 1606.376619][ T6288] dump_stack_lvl+0x100/0x190 [ 1606.376651][ T6288] should_fail_ex.cold+0x5/0xa [ 1606.376669][ T6288] ? rcu_is_watching+0x12/0xc0 [ 1606.376699][ T6288] get_futex_key+0x107c/0x1620 [ 1606.376723][ T6288] ? __pfx_get_futex_key+0x10/0x10 [ 1606.376743][ T6288] ? lock_acquire+0x1cf/0x380 [ 1606.376773][ T6288] futex_wake+0xea/0x530 [ 1606.376802][ T6288] ? __pfx_futex_wake+0x10/0x10 [ 1606.376830][ T6288] ? exit_mm_release+0x19/0x30 [ 1606.376865][ T6288] do_futex+0x32b/0x350 [ 1606.376889][ T6288] ? __pfx_do_futex+0x10/0x10 [ 1606.376911][ T6288] ? __might_fault+0xc5/0x140 [ 1606.376941][ T6288] mm_release+0x24a/0x2f0 [ 1606.376960][ T6288] do_exit+0x704/0x2b60 [ 1606.376987][ T6288] ? __pfx_do_exit+0x10/0x10 [ 1606.377011][ T6288] ? do_raw_spin_lock+0x128/0x260 [ 1606.377037][ T6288] ? find_held_lock+0x2b/0x80 [ 1606.377053][ T6288] ? get_signal+0x7e0/0x21e0 [ 1606.377074][ T6288] do_group_exit+0xd5/0x2a0 [ 1606.377100][ T6288] get_signal+0x1ec7/0x21e0 [ 1606.377126][ T6288] ? __pfx_get_signal+0x10/0x10 [ 1606.377146][ T6288] ? do_futex+0x192/0x350 [ 1606.377171][ T6288] arch_do_signal_or_restart+0x91/0x770 [ 1606.377196][ T6288] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 1606.377224][ T6288] ? __pfx___x64_sys_futex+0x10/0x10 [ 1606.377247][ T6288] ? ksys_write+0x1ac/0x250 [ 1606.377267][ T6288] exit_to_user_mode_loop+0x86/0x4a0 [ 1606.377293][ T6288] do_syscall_64+0x668/0xf80 [ 1606.377319][ T6288] ? clear_bhb_loop+0x40/0x90 [ 1606.377341][ T6288] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1606.377360][ T6288] RIP: 0033:0x7f35be99c799 [ 1606.377376][ T6288] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1606.377392][ T6288] RSP: 002b:00007f35bf7e10e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1606.377410][ T6288] RAX: fffffffffffffe00 RBX: 00007f35bec15fa8 RCX: 00007f35be99c799 [ 1606.377422][ T6288] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f35bec15fa8 [ 1606.377433][ T6288] RBP: 00007f35bec15fa0 R08: 0000000000000000 R09: 0000000000000000 [ 1606.377444][ T6288] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1606.377454][ T6288] R13: 00007f35bec16038 R14: 00007fff1b70d350 R15: 00007fff1b70d438 [ 1606.377476][ T6288] [ 1606.944102][ T6298] CPU: 0 UID: 0 PID: 6298 Comm: syz.4.13060 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 1606.944145][ T6298] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 1606.944155][ T6298] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1606.944166][ T6298] Call Trace: [ 1606.944173][ T6298] [ 1606.944181][ T6298] dump_stack_lvl+0x100/0x190 [ 1606.944212][ T6298] should_fail_ex.cold+0x5/0xa [ 1606.944233][ T6298] ? process_preds+0x452/0x1d90 [ 1606.944260][ T6298] should_failslab+0xc2/0x120 [ 1606.944281][ T6298] __kmalloc_noprof+0xe0/0x850 [ 1606.944313][ T6298] process_preds+0x452/0x1d90 [ 1606.944346][ T6298] ? create_filter_start.constprop.0+0x134/0x310 [ 1606.944379][ T6298] create_filter+0x140/0x210 [ 1606.944409][ T6298] ? __pfx_create_filter+0x10/0x10 [ 1606.944439][ T6298] ? find_held_lock+0x2b/0x80 [ 1606.944459][ T6298] apply_event_filter+0x220/0x500 [ 1606.944489][ T6298] ? __pfx_apply_event_filter+0x10/0x10 [ 1606.944524][ T6298] event_filter_write+0x16d/0x290 [ 1606.944547][ T6298] vfs_write+0x2aa/0x1070 [ 1606.944566][ T6298] ? __pfx_event_filter_write+0x10/0x10 [ 1606.944590][ T6298] ? __pfx_vfs_write+0x10/0x10 [ 1606.944618][ T6298] ? __fget_files+0x215/0x3d0 [ 1606.944641][ T6298] ? __fget_files+0x21f/0x3d0 [ 1606.944664][ T6298] ksys_write+0x12a/0x250 [ 1606.944681][ T6298] ? __pfx_ksys_write+0x10/0x10 [ 1606.944704][ T6298] do_syscall_64+0x106/0xf80 [ 1606.944730][ T6298] ? clear_bhb_loop+0x40/0x90 [ 1606.944752][ T6298] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1606.944773][ T6298] RIP: 0033:0x7f459819c799 [ 1606.944788][ T6298] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1606.944806][ T6298] RSP: 002b:00007f4599093028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1606.944825][ T6298] RAX: ffffffffffffffda RBX: 00007f4598415fa0 RCX: 00007f459819c799 [ 1606.944837][ T6298] RDX: 00000000000005c8 RSI: 0000000000000000 RDI: 0000000000000003 [ 1606.944848][ T6298] RBP: 00007f4598232c99 R08: 0000000000000000 R09: 0000000000000000 [ 1606.944858][ T6298] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1606.944868][ T6298] R13: 00007f4598416038 R14: 00007f4598415fa0 R15: 00007ffdf444d158 [ 1606.944900][ T6298] [ 1607.744214][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 1607.753676][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 1610.179624][ T6317] FAULT_INJECTION: forcing a failure. [ 1610.179624][ T6317] name failslab, interval 1, probability 0, space 0, times 0 [ 1610.269707][ T6317] CPU: 0 UID: 0 PID: 6317 Comm: syz.4.13067 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 1610.269749][ T6317] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 1610.269760][ T6317] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1610.269772][ T6317] Call Trace: [ 1610.269778][ T6317] [ 1610.269787][ T6317] dump_stack_lvl+0x100/0x190 [ 1610.269819][ T6317] should_fail_ex.cold+0x5/0xa [ 1610.269840][ T6317] should_failslab+0xc2/0x120 [ 1610.269861][ T6317] kmem_cache_alloc_node_noprof+0x81/0x6f0 [ 1610.269890][ T6317] ? __alloc_skb+0x140/0x710 [ 1610.269919][ T6317] __alloc_skb+0x140/0x710 [ 1610.269942][ T6317] ? __alloc_skb+0x5b7/0x710 [ 1610.269966][ T6317] ? __pfx___alloc_skb+0x10/0x10 [ 1610.269990][ T6317] ? kmem_cache_alloc_noprof+0x292/0x6e0 [ 1610.270017][ T6317] ? audit_log_start+0x29d/0x930 [ 1610.270043][ T6317] ? lockdep_init_map_type+0x5c/0x250 [ 1610.270071][ T6317] audit_log_start+0x350/0x930 [ 1610.270099][ T6317] ? __pfx_audit_log_start+0x10/0x10 [ 1610.270126][ T6317] ? arch_do_signal_or_restart+0x1f9/0x770 [ 1610.270150][ T6317] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 1610.270177][ T6317] audit_seccomp+0x60/0x190 [ 1610.270209][ T6317] ? exc_general_protection+0x12e/0x250 [ 1610.270231][ T6317] __secure_computing+0x26d/0x2c0 [ 1610.270258][ T6317] do_syscall_64+0x568/0xf80 [ 1610.270283][ T6317] ? clear_bhb_loop+0x40/0x90 [ 1610.270306][ T6317] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1610.270327][ T6317] RIP: 0033:0x7f459819c799 [ 1610.270344][ T6317] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1610.270363][ T6317] RSP: 002b:00007f4599071a38 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 1610.270382][ T6317] RAX: ffffffffffffffda RBX: 000000000000000b RCX: 00007f459819c799 [ 1610.270394][ T6317] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 000000000000000b [ 1610.270404][ T6317] RBP: 00007f4599072030 R08: 0000000000000000 R09: 000000000000000b [ 1610.270416][ T6317] R10: 0000000000000009 R11: 0000000000000246 R12: 000000000004caaa [ 1610.270427][ T6317] R13: 00007f4598416128 R14: 00007f4598416090 R15: 00007ffdf444d158 [ 1610.270449][ T6317] [ 1610.270469][ T6317] audit: audit_lost=1 audit_rate_limit=0 audit_backlog_limit=64 [ 1611.725243][ T6317] audit: out of memory in audit_log_start [ 1612.938794][ T6350] netlink: 4 bytes leftover after parsing attributes in process `syz.4.13079'. [ 1613.007684][ T6350] netlink: 13 bytes leftover after parsing attributes in process `syz.4.13079'. [ 1616.486123][ C0] vcan0: j1939_tp_rxtimer: 0xffff8880603c4400: rx timeout, send abort [ 1616.494509][ C0] vcan0: j1939_tp_rxtimer: 0xffff8880603c6800: rx timeout, send abort [ 1616.503041][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff8880603c4400: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 1616.517480][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff8880603c6800: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 1617.472723][ T6398] FAULT_INJECTION: forcing a failure. [ 1617.472723][ T6398] name failslab, interval 1, probability 0, space 0, times 0 [ 1617.569215][ T6398] CPU: 0 UID: 0 PID: 6398 Comm: syz.3.13098 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 1617.569275][ T6398] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 1617.569286][ T6398] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1617.569297][ T6398] Call Trace: [ 1617.569305][ T6398] [ 1617.569313][ T6398] dump_stack_lvl+0x100/0x190 [ 1617.569345][ T6398] should_fail_ex.cold+0x5/0xa [ 1617.569366][ T6398] ? sk_prot_alloc+0x10b/0x2a0 [ 1617.569384][ T6398] should_failslab+0xc2/0x120 [ 1617.569405][ T6398] __kmalloc_noprof+0xe0/0x850 [ 1617.569432][ T6398] ? lockdep_init_map_type+0x5c/0x250 [ 1617.569460][ T6398] sk_prot_alloc+0x10b/0x2a0 [ 1617.569480][ T6398] sk_alloc+0x36/0xe80 [ 1617.569505][ T6398] pppoe_create+0x32/0x360 [ 1617.569529][ T6398] pppox_create+0x15c/0x2c0 [ 1617.569551][ T6398] __sock_create+0x339/0x860 [ 1617.569574][ T6398] __sys_socket+0x14d/0x260 [ 1617.569595][ T6398] ? __pfx___sys_socket+0x10/0x10 [ 1617.569621][ T6398] __x64_sys_socket+0x72/0xb0 [ 1617.569641][ T6398] ? lockdep_hardirqs_on+0x78/0x100 [ 1617.569667][ T6398] do_syscall_64+0x106/0xf80 [ 1617.569691][ T6398] ? clear_bhb_loop+0x40/0x90 [ 1617.569714][ T6398] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1617.569733][ T6398] RIP: 0033:0x7f35be99c799 [ 1617.569757][ T6398] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1617.569774][ T6398] RSP: 002b:00007f35bf7e1028 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 1617.569792][ T6398] RAX: ffffffffffffffda RBX: 00007f35bec15fa0 RCX: 00007f35be99c799 [ 1617.569804][ T6398] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000018 [ 1617.569815][ T6398] RBP: 00007f35bea32c99 R08: 0000000000000000 R09: 0000000000000000 [ 1617.569825][ T6398] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1617.569836][ T6398] R13: 00007f35bec16038 R14: 00007f35bec15fa0 R15: 00007fff1b70d438 [ 1617.569859][ T6398] [ 1618.782173][ T6408] FAULT_INJECTION: forcing a failure. [ 1618.782173][ T6408] name failslab, interval 1, probability 0, space 0, times 0 [ 1618.844720][ T6408] CPU: 0 UID: 0 PID: 6408 Comm: syz.4.13103 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 1618.844764][ T6408] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 1618.844775][ T6408] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1618.844786][ T6408] Call Trace: [ 1618.844793][ T6408] [ 1618.844800][ T6408] dump_stack_lvl+0x100/0x190 [ 1618.844832][ T6408] should_fail_ex.cold+0x5/0xa [ 1618.844854][ T6408] should_failslab+0xc2/0x120 [ 1618.844875][ T6408] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1618.844901][ T6408] ? snd_timer_instance_new+0x47/0x2e0 [ 1618.844926][ T6408] snd_timer_instance_new+0x47/0x2e0 [ 1618.844948][ T6408] snd_seq_timer_open+0x1d4/0x600 [ 1618.844978][ T6408] ? __pfx_snd_seq_timer_open+0x10/0x10 [ 1618.845011][ T6408] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 1618.845037][ T6408] ? lockdep_hardirqs_on+0x78/0x100 [ 1618.845062][ T6408] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 1618.845089][ T6408] queue_use+0xdc/0x1f0 [ 1618.845112][ T6408] snd_seq_queue_alloc+0x2e5/0x590 [ 1618.845138][ T6408] snd_seq_ioctl_create_queue+0xa9/0x370 [ 1618.845169][ T6408] call_seq_client_ctl+0xa3/0x130 [ 1618.845200][ T6408] snd_seq_kernel_client_ctl+0x77/0xd0 [ 1618.845231][ T6408] alloc_seq_queue+0xdb/0x180 [ 1618.845250][ T6408] ? __pfx_alloc_seq_queue+0x10/0x10 [ 1618.845281][ T6408] ? mark_held_locks+0x40/0x70 [ 1618.845304][ T6408] ? _raw_spin_unlock_irq+0x23/0x50 [ 1618.845326][ T6408] ? lockdep_hardirqs_on+0x78/0x100 [ 1618.845354][ T6408] snd_seq_oss_open+0x2b2/0xa10 [ 1618.845378][ T6408] odev_open+0x79/0xc0 [ 1618.845393][ T6408] ? __pfx_odev_open+0x10/0x10 [ 1618.845409][ T6408] soundcore_open+0x2e3/0x5a0 [ 1618.845430][ T6408] ? __pfx_soundcore_open+0x10/0x10 [ 1618.845447][ T6408] chrdev_open+0x234/0x6a0 [ 1618.845466][ T6408] ? __pfx_apparmor_file_open+0x10/0x10 [ 1618.845496][ T6408] ? __pfx_chrdev_open+0x10/0x10 [ 1618.845516][ T6408] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 1618.845541][ T6408] do_dentry_open+0x6d8/0x1660 [ 1618.845559][ T6408] ? __pfx_chrdev_open+0x10/0x10 [ 1618.845584][ T6408] vfs_open+0x82/0x3f0 [ 1618.845609][ T6408] path_openat+0x208c/0x31a0 [ 1618.845636][ T6408] ? __pfx_path_openat+0x10/0x10 [ 1618.845663][ T6408] do_file_open+0x20e/0x430 [ 1618.845684][ T6408] ? __pfx_do_file_open+0x10/0x10 [ 1618.845726][ T6408] ? alloc_fd+0x476/0x790 [ 1618.845748][ T6408] ? do_getname+0x191/0x390 [ 1618.845774][ T6408] do_sys_openat2+0x10d/0x1e0 [ 1618.845798][ T6408] ? __pfx_do_sys_openat2+0x10/0x10 [ 1618.845825][ T6408] ? __fget_files+0x21f/0x3d0 [ 1618.845848][ T6408] __x64_sys_openat+0x12d/0x210 [ 1618.845873][ T6408] ? __pfx___x64_sys_openat+0x10/0x10 [ 1618.845907][ T6408] do_syscall_64+0x106/0xf80 [ 1618.845932][ T6408] ? clear_bhb_loop+0x40/0x90 [ 1618.845955][ T6408] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1618.845974][ T6408] RIP: 0033:0x7f459819c799 [ 1618.845990][ T6408] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1618.846007][ T6408] RSP: 002b:00007f4599093028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1618.846026][ T6408] RAX: ffffffffffffffda RBX: 00007f4598415fa0 RCX: 00007f459819c799 [ 1618.846038][ T6408] RDX: 0000000000000001 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 1618.846049][ T6408] RBP: 00007f4598232c99 R08: 0000000000000000 R09: 0000000000000000 [ 1618.846060][ T6408] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1618.846071][ T6408] R13: 00007f4598416038 R14: 00007f4598415fa0 R15: 00007ffdf444d158 [ 1618.846094][ T6408] [ 1621.577328][ T6432] netlink: 138 bytes leftover after parsing attributes in process `syz.4.13111'. [ 1624.250817][ T6443] netlink: 244 bytes leftover after parsing attributes in process `syz.3.13114'. [ 1626.385823][ T6483] FAULT_INJECTION: forcing a failure. [ 1626.385823][ T6483] name failslab, interval 1, probability 0, space 0, times 0 [ 1626.479847][ T6483] CPU: 0 UID: 0 PID: 6483 Comm: syz.4.13130 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 1626.479889][ T6483] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 1626.479900][ T6483] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1626.479911][ T6483] Call Trace: [ 1626.479919][ T6483] [ 1626.479927][ T6483] dump_stack_lvl+0x100/0x190 [ 1626.479960][ T6483] should_fail_ex.cold+0x5/0xa [ 1626.479983][ T6483] should_failslab+0xc2/0x120 [ 1626.480006][ T6483] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1626.480030][ T6483] ? acpi_ds_call_control_method+0x300/0xab0 [ 1626.480066][ T6483] acpi_ds_call_control_method+0x300/0xab0 [ 1626.480100][ T6483] acpi_ps_parse_aml+0xacd/0x1120 [ 1626.480127][ T6483] acpi_ps_execute_method+0x5c4/0xe90 [ 1626.480155][ T6483] acpi_ns_evaluate+0x640/0x1670 [ 1626.480185][ T6483] acpi_evaluate_object+0x420/0xe00 [ 1626.480202][ T6483] ? kasan_save_stack+0x30/0x50 [ 1626.480229][ T6483] ? kasan_save_track+0x14/0x30 [ 1626.480262][ T6483] ? __pfx_acpi_evaluate_object+0x10/0x10 [ 1626.480287][ T6483] acpi_evaluate_integer+0xdf/0x220 [ 1626.480315][ T6483] ? __pfx_acpi_evaluate_integer+0x10/0x10 [ 1626.480352][ T6483] ? __pfx_status_show+0x10/0x10 [ 1626.480368][ T6483] status_show+0xa0/0x120 [ 1626.480386][ T6483] ? __pfx_status_show+0x10/0x10 [ 1626.480409][ T6483] dev_attr_show+0x52/0xa0 [ 1626.480431][ T6483] ? __pfx_dev_attr_show+0x10/0x10 [ 1626.480452][ T6483] sysfs_kf_seq_show+0x217/0x3a0 [ 1626.480537][ T6483] seq_read_iter+0x32f/0x1270 [ 1626.480590][ T6483] kernfs_fop_read_iter+0x46c/0x610 [ 1626.480614][ T6483] ? rw_verify_area+0xce/0x6d0 [ 1626.480641][ T6483] ? __pfx_kernfs_fop_read_iter+0x10/0x10 [ 1626.480664][ T6483] vfs_read+0x825/0xb30 [ 1626.480695][ T6483] ? __pfx_vfs_read+0x10/0x10 [ 1626.480739][ T6483] ksys_read+0x12a/0x250 [ 1626.480756][ T6483] ? __pfx_ksys_read+0x10/0x10 [ 1626.480780][ T6483] do_syscall_64+0x106/0xf80 [ 1626.480805][ T6483] ? clear_bhb_loop+0x40/0x90 [ 1626.480828][ T6483] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1626.480853][ T6483] RIP: 0033:0x7f459819c799 [ 1626.480871][ T6483] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1626.480888][ T6483] RSP: 002b:00007f4599093028 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1626.480907][ T6483] RAX: ffffffffffffffda RBX: 00007f4598415fa0 RCX: 00007f459819c799 [ 1626.480920][ T6483] RDX: 000000000000007a RSI: 0000200000000140 RDI: 0000000000000005 [ 1626.480931][ T6483] RBP: 00007f4598232c99 R08: 0000000000000000 R09: 0000000000000000 [ 1626.480942][ T6483] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1626.480952][ T6483] R13: 00007f4598416038 R14: 00007f4598415fa0 R15: 00007ffdf444d158 [ 1626.480981][ T6483] [ 1626.481110][ T6483] ACPI Error: [ 1627.188168][ T6490] netlink: 306 bytes leftover after parsing attributes in process `syz.2.13134'. [ 1628.076434][ T6506] mkiss: ax0: crc mode is auto. [ 1628.136709][ T6483] Aborting method \_SB.LNKA._STA due to previous error (AE_NO_MEMORY) (20251212/psparse-529) [ 1628.946349][ T6522] netlink: 28 bytes leftover after parsing attributes in process `syz.4.13146'. [ 1629.000564][ T6522] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1629.042649][ T6522] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1629.090436][ T6522] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1629.122156][ T6522] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1630.304755][ T6540] netlink: 330 bytes leftover after parsing attributes in process `syz.3.13152'. [ 1630.724746][ T6548] netlink: 28 bytes leftover after parsing attributes in process `syz.3.13154'. [ 1630.961557][ T6548] veth1_vlan: entered allmulticast mode [ 1634.692623][ T6610] HfR: entered promiscuous mode [ 1635.665120][ T6626] ------------[ cut here ]------------ [ 1635.671510][ T6626] IS_ERR(old) [ 1635.671523][ T6626] WARNING: kernel/tracepoint.c:367 at tracepoint_probe_unregister+0x837/0xd10, CPU#0: syz.4.13182/6626 [ 1635.686285][ T6626] Modules linked in: [ 1635.690621][ T6626] CPU: 0 UID: 0 PID: 6626 Comm: syz.4.13182 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 1635.701878][ T6626] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 1635.711978][ T6626] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1635.722635][ T6626] RIP: 0010:tracepoint_probe_unregister+0x837/0xd10 [ 1635.729602][ T6626] Code: cc e8 6d 2b fe ff 48 8d 73 f0 48 c7 c2 20 dc 09 82 48 c7 c7 40 31 87 8e e8 e6 79 e2 ff eb ba bb fe ff ff ff e8 4a 2b fe ff 90 <0f> 0b 90 eb ac e8 3f 2b fe ff 49 89 dd 45 31 ff 49 be 00 00 00 00 [ 1635.749514][ T6626] RSP: 0018:ffffc9000446f8a8 EFLAGS: 00010287 [ 1635.755627][ T6626] RAX: 00000000000073d4 RBX: 00000000fffffffe RCX: ffffc9001966b000 [ 1635.764024][ T6626] RDX: 0000000000080000 RSI: ffffffff8209ed16 RDI: ffff888027e68000 [ 1635.772739][ T6626] RBP: 0000000000000000 R08: 0000000000000005 R09: 0000000000000000 [ 1635.781390][ T6626] R10: 0000000000000001 R11: 0000000000000000 R12: ffffffff821007e0 [ 1635.789509][ T6626] R13: 0000000000000302 R14: 0000000000000002 R15: ffffffff8f786aa0 [ 1635.798095][ T6626] FS: 00007f45990936c0(0000) GS:ffff88812434a000(0000) knlGS:0000000000000000 [ 1635.807160][ T6626] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1635.813989][ T6626] CR2: 00007f21c1fed85c CR3: 0000000068252000 CR4: 00000000003526f0 [ 1635.822167][ T6626] Call Trace: [ 1635.825531][ T6626] [ 1635.828771][ T6626] tracing_stop_cmdline_record+0x66/0xa0 [ 1635.834486][ T6626] __ftrace_event_enable_disable+0x5c4/0x6f0 [ 1635.840486][ T6626] ftrace_event_set_open+0x224/0x380 [ 1635.845865][ T6626] do_dentry_open+0x6d8/0x1660 [ 1635.850632][ T6626] ? __pfx_ftrace_event_set_open+0x10/0x10 [ 1635.856517][ T6626] vfs_open+0x82/0x3f0 [ 1635.860605][ T6626] path_openat+0x208c/0x31a0 [ 1635.866394][ T6626] ? __pfx_path_openat+0x10/0x10 [ 1635.871617][ T6626] do_file_open+0x20e/0x430 [ 1635.876579][ T6626] ? __pfx_do_file_open+0x10/0x10 [ 1635.881649][ T6626] ? alloc_fd+0x476/0x790 [ 1635.886341][ T6626] ? do_getname+0x191/0x390 [ 1635.890883][ T6626] do_sys_openat2+0x10d/0x1e0 [ 1635.895620][ T6626] ? __pfx_do_sys_openat2+0x10/0x10 [ 1635.900836][ T6626] __x64_sys_openat+0x12d/0x210 [ 1635.905769][ T6626] ? __pfx___x64_sys_openat+0x10/0x10 [ 1635.911162][ T6626] do_syscall_64+0x106/0xf80 [ 1635.915808][ T6626] ? clear_bhb_loop+0x40/0x90 [ 1635.920509][ T6626] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1635.926444][ T6626] RIP: 0033:0x7f459819c799 [ 1635.931338][ T6626] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1635.951125][ T6626] RSP: 002b:00007f4599093028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1635.959584][ T6626] RAX: ffffffffffffffda RBX: 00007f4598415fa0 RCX: 00007f459819c799 [ 1635.968016][ T6626] RDX: 0000000000020201 RSI: 0000200000000100 RDI: ffffffffffffff9c [ 1635.976728][ T6626] RBP: 00007f4598232c99 R08: 0000000000000000 R09: 0000000000000000 [ 1635.985037][ T6626] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1635.993031][ T6626] R13: 00007f4598416038 R14: 00007f4598415fa0 R15: 00007ffdf444d158 [ 1636.001084][ T6626] [ 1636.004151][ T6626] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 1636.011431][ T6626] CPU: 0 UID: 0 PID: 6626 Comm: syz.4.13182 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 1636.022413][ T6626] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 1636.032464][ T6626] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1636.042515][ T6626] Call Trace: [ 1636.045807][ T6626] [ 1636.048751][ T6626] dump_stack_lvl+0x100/0x190 [ 1636.053443][ T6626] vpanic+0x552/0x970 [ 1636.057438][ T6626] ? __pfx_vpanic+0x10/0x10 [ 1636.061946][ T6626] panic+0xd1/0xe0 [ 1636.065665][ T6626] ? __pfx_panic+0x10/0x10 [ 1636.070089][ T6626] check_panic_on_warn.cold+0x19/0x34 [ 1636.075459][ T6626] ? tracepoint_probe_unregister+0x837/0xd10 [ 1636.081435][ T6626] __warn.cold+0x191/0x348 [ 1636.085851][ T6626] __report_bug+0x296/0x3d0 [ 1636.090409][ T6626] ? tracepoint_probe_unregister+0x837/0xd10 [ 1636.096412][ T6626] ? __pfx___report_bug+0x10/0x10 [ 1636.101441][ T6626] ? rcu_is_watching+0x12/0xc0 [ 1636.106227][ T6626] ? trace_contention_end+0x140/0x180 [ 1636.111605][ T6626] ? __mutex_lock+0x26a/0x1b90 [ 1636.116402][ T6626] ? tracepoint_probe_unregister+0x31/0xd10 [ 1636.122297][ T6626] ? tracepoint_probe_unregister+0x837/0xd10 [ 1636.128277][ T6626] report_bug+0xb2/0x220 [ 1636.132523][ T6626] ? tracepoint_probe_unregister+0x837/0xd10 [ 1636.138507][ T6626] handle_bug+0x16a/0x2a0 [ 1636.142932][ T6626] exc_invalid_op+0x17/0x50 [ 1636.147448][ T6626] asm_exc_invalid_op+0x1a/0x20 [ 1636.152298][ T6626] RIP: 0010:tracepoint_probe_unregister+0x837/0xd10 [ 1636.158885][ T6626] Code: cc e8 6d 2b fe ff 48 8d 73 f0 48 c7 c2 20 dc 09 82 48 c7 c7 40 31 87 8e e8 e6 79 e2 ff eb ba bb fe ff ff ff e8 4a 2b fe ff 90 <0f> 0b 90 eb ac e8 3f 2b fe ff 49 89 dd 45 31 ff 49 be 00 00 00 00 [ 1636.178579][ T6626] RSP: 0018:ffffc9000446f8a8 EFLAGS: 00010287 [ 1636.184645][ T6626] RAX: 00000000000073d4 RBX: 00000000fffffffe RCX: ffffc9001966b000 [ 1636.192613][ T6626] RDX: 0000000000080000 RSI: ffffffff8209ed16 RDI: ffff888027e68000 [ 1636.200582][ T6626] RBP: 0000000000000000 R08: 0000000000000005 R09: 0000000000000000 [ 1636.208633][ T6626] R10: 0000000000000001 R11: 0000000000000000 R12: ffffffff821007e0 [ 1636.216599][ T6626] R13: 0000000000000302 R14: 0000000000000002 R15: ffffffff8f786aa0 [ 1636.224566][ T6626] ? __pfx_probe_sched_switch+0x10/0x10 [ 1636.230116][ T6626] ? tracepoint_probe_unregister+0x836/0xd10 [ 1636.236096][ T6626] ? tracepoint_probe_unregister+0x836/0xd10 [ 1636.242079][ T6626] tracing_stop_cmdline_record+0x66/0xa0 [ 1636.247734][ T6626] __ftrace_event_enable_disable+0x5c4/0x6f0 [ 1636.253724][ T6626] ftrace_event_set_open+0x224/0x380 [ 1636.259015][ T6626] do_dentry_open+0x6d8/0x1660 [ 1636.263794][ T6626] ? __pfx_ftrace_event_set_open+0x10/0x10 [ 1636.269609][ T6626] vfs_open+0x82/0x3f0 [ 1636.273725][ T6626] path_openat+0x208c/0x31a0 [ 1636.278360][ T6626] ? __pfx_path_openat+0x10/0x10 [ 1636.283319][ T6626] do_file_open+0x20e/0x430 [ 1636.287850][ T6626] ? __pfx_do_file_open+0x10/0x10 [ 1636.292896][ T6626] ? alloc_fd+0x476/0x790 [ 1636.297227][ T6626] ? do_getname+0x191/0x390 [ 1636.301744][ T6626] do_sys_openat2+0x10d/0x1e0 [ 1636.306457][ T6626] ? __pfx_do_sys_openat2+0x10/0x10 [ 1636.311678][ T6626] __x64_sys_openat+0x12d/0x210 [ 1636.316557][ T6626] ? __pfx___x64_sys_openat+0x10/0x10 [ 1636.321966][ T6626] do_syscall_64+0x106/0xf80 [ 1636.326584][ T6626] ? clear_bhb_loop+0x40/0x90 [ 1636.331267][ T6626] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1636.337163][ T6626] RIP: 0033:0x7f459819c799 [ 1636.341579][ T6626] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1636.361200][ T6626] RSP: 002b:00007f4599093028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1636.369653][ T6626] RAX: ffffffffffffffda RBX: 00007f4598415fa0 RCX: 00007f459819c799 [ 1636.377805][ T6626] RDX: 0000000000020201 RSI: 0000200000000100 RDI: ffffffffffffff9c [ 1636.385778][ T6626] RBP: 00007f4598232c99 R08: 0000000000000000 R09: 0000000000000000 [ 1636.393832][ T6626] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1636.401897][ T6626] R13: 00007f4598416038 R14: 00007f4598415fa0 R15: 00007ffdf444d158 [ 1636.409981][ T6626] [ 1636.413065][ T6626] Kernel Offset: disabled [ 1636.417388][ T6626] Rebooting in 86400 seconds..