last executing test programs: 12m5.863765003s ago: executing program 2 (id=959): close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0xc) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r1) ioctl$auto_KVM_GET_MSRS(r0, 0x4188aea7, &(0x7f00000000c0)={0x2, 0x0, [{0xc0000080, 0x400, 0x9}, {0x6790, 0x9, 0x1}]}) 12m5.515071594s ago: executing program 2 (id=961): openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x450481, 0x0) sendmsg$auto_TCP_METRICS_CMD_GET(0xffffffffffffffff, 0x0, 0x5b020f7d7a84fe6e) unshare$auto(0x40000080) socket(0x2, 0x3, 0x100) capset$auto(0x0, &(0x7f0000000000)={0x1, 0x6, 0x48}) r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/thread-self/net/wireless\x00', 0x80, 0x0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NL80211_CMD_PROBE_CLIENT(0xffffffffffffffff, 0x0, 0x4008040) pread64$auto(r0, 0x0, 0x201, 0xc000) 12m4.821995329s ago: executing program 2 (id=965): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) r0 = openat$auto_sw_sync_debugfs_fops_sync_debug(0xffffffffffffff9c, &(0x7f0000000240), 0x2000, 0x0) io_uring_setup$auto(0x2, 0x0) ioctl$auto_SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, 0x0) dup2$auto(0x0, 0x3) r1 = openat$auto_sync_info_debugfs_fops_(0xffffffffffffff9c, &(0x7f0000000040), 0xc0042, 0x0) read$auto(r1, 0x0, 0x3) 12m4.522617867s ago: executing program 2 (id=966): openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/nullb0\x00', 0x14fa02, 0x0) mmap$auto(0x0, 0x810004, 0x400000000ffb, 0x8000000008011, 0x3, 0x8000) close_range$auto(0x2, 0x8, 0x0) openat$auto_proc_loginuid_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/loginuid\x00', 0x3c8082, 0x0) openat$auto_trace_options_core_fops_trace(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/tracing/options/overwrite\x00', 0x121082, 0x0) openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, 0x0, 0x400040, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/net/bond0/bonding/updelay\x00', 0x8242, 0x0) read$auto(r0, 0x0, 0xa) write$auto(0x3, 0x0, 0xfdef) 12m3.989808597s ago: executing program 2 (id=970): mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0xa, 0x0) r0 = socket(0x2, 0x3, 0x6) lsm_list_modules$auto(0x0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) open(&(0x7f0000000040)='./file0\x00', 0x8643, 0x15e) ioctl$sock_SIOCGIFINDEX(r0, 0x401c5820, 0x0) rename$auto(&(0x7f0000000480)='./file0\x00', 0x0) 12m3.824031399s ago: executing program 2 (id=972): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) move_pages$auto(0x0, 0x1002, 0x0, 0x0, 0x0, 0x2) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/system/memory/memory12/power/control\x00', 0x100, 0x0) close_range$auto(0x2, 0xffffffffffffffff, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xae00, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0x4018aebd, r0) 11m48.591585801s ago: executing program 32 (id=972): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) move_pages$auto(0x0, 0x1002, 0x0, 0x0, 0x0, 0x2) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/system/memory/memory12/power/control\x00', 0x100, 0x0) close_range$auto(0x2, 0xffffffffffffffff, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xae00, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0x4018aebd, r0) 7.548505639s ago: executing program 1 (id=3770): mmap$auto(0x0, 0x402000b, 0xdf, 0xeb1, 0x401, 0x8000) rseq$auto(0x0, 0x8000, 0x0, 0x6) mincore$auto(0x1000, 0x4000000, 0x0) listen$auto(0x3, 0x81) mremap$auto(0x8, 0x8000000000000001, 0x0, 0x3, 0x2) r0 = openat$auto_mon_fops_text_t_mon_text(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/usb/usbmon/9t\x00', 0x0, 0x0) connect$auto(r0, 0x0, 0xd) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x40008000) r1 = getsockopt$auto(0xffffffffffffffff, 0x84, 0xc, 0x0, 0x0) r2 = openat$auto_i2cdev_fops_i2c_dev(0xffffffffffffff9c, 0x0, 0x2, 0x0) r3 = syz_genetlink_get_family_id$auto_ovs_meter(&(0x7f00000000c0), r1) sendmsg$auto_OVS_METER_CMD_SET(r1, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x38, r3, 0x20, 0x70bd2d, 0x25dfdbfc, {}, [@OVS_METER_ATTR_USED={0xc, 0x5, 0x1}, @OVS_METER_ATTR_MAX_METERS={0x8, 0x7, 0x101}, @OVS_METER_ATTR_ID={0x8}, @OVS_METER_ATTR_CLEAR={0x4}, @OVS_METER_ATTR_CLEAR={0x4}]}, 0x38}, 0x1, 0x0, 0x0, 0x855}, 0x10) ioctl$auto_I2C_SMBUS(r2, 0x720, 0x0) pread64$auto(r0, 0x0, 0x101, 0x103) read$auto_mon_fops_text_t_mon_text(r0, 0x0, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/009/001\x00', 0xa101, 0x0) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) 7.113346867s ago: executing program 1 (id=3773): prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) pwrite64$auto(0xffffffffffffffff, 0x0, 0x4e, 0x3) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0x101000, 0x0) ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, 0xffffffffffffffff) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x59, 0x0) mmap$auto(0x0, 0x400008, 0x5, 0x9b72, 0x2, 0x6) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) r0 = openat$auto_snd_pcm_f_ops_pcm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/snd/pcmC0D0p\x00', 0x80000, 0x0) ioctl$auto_SNDRV_PCM_IOCTL_PVERSION(r0, 0x80044100, 0x0) socket(0x6, 0x0, 0x5) r1 = openat$auto_debugfs_full_proxy_file_operations_internal(0xffffffffffffff9c, &(0x7f0000000300)='/sys/kernel/debug/netdevsim/netdevsim0/hwstats/l3/enable_ifindex\x00', 0x2641, 0x0) write$auto(r1, &(0x7f0000000380)='0\x81=\"\xad/\x8d\b\x00\x18\xa4\xb0\xb4\xd9\x82=~\x17\xfb&L\xeb=j\a\xf1y\xb3\"\xeb\a\xdd\xf4\xf4Ry\xee\xd7\x1e\x1c\x86\x0f\xcf\x7f\xbf\xab\x12{\xc2\xc2*\xc1M+6/v8\xea\xe9\x85s4\xfe\xe5\t\x7fc\xfb7^\xb86J_\x1d1s!\x01\xff\xff\xff\xff\xff\xff\xff\x1dF\xe6\xf6\x17\x10+\xc0\xb0\xafc\x99\xd4\x150Y~\x1e\xe2\xd6x4fW\x13\xc4U`\x9e-X\xd7\xe2H^\fLS`\xfc\xbb\r\f\x00\xeaN\xa5\xd2\x82;\x7f\xa0.\x9a\xfb\x8d\xf3l\xf2\xd3\x95\xc1M5\xcb\xa6I\x067\xe36\xea\xe9\xe3\xf44oT_`8\xb3\xef\x04 \x05K\xf9\x87pl\xac\x86\nE\xc7e\xc5Q\x89\xcd@\x1c\x92\x00\x87\x976\x9f>\xa2\xcfm\xec\r\x11\x7f\x00\x00\x00\xb1\xde@\x02\xce\x03\xb7\xb1\xfb\x9fr\v\xb2\xe3\xc7\b\x85\x00 /zm\x7f\x8fg,p\a\xc8\x7f\xa5\x87\x02\x87\xbbR=A\x00\x1f\x8a\xa7/Q\"J\xbb\xb0m\xf2SP\x84\x84S\xf0\xba\x9a\xf6\xb6`WI\xba\xba*8\x9f\xea\xe8K/\x98\xbc7~>\x12\x9buB\xcb\xe4\x8aKf\xba\x8c\x19m\xe6I\x02\xde\x80\x9d\x87}\xf4\xbd9\xaa\xd6\xdb1]\xde\xa0r\x14\xca56^\x94\xd2\xd8\xe6}9\x91\xb6\xf7\xa1=\x96\x11\xf1\\\xa91\x0e\xd1\xe4z\xc1;Pw!\x8b\xf5{\xc7Xd\xf1\xf2}\x96EVf\xc9\xa8\xcd\xe4\xc9\x8d\x1d7\xd5\x94\\\xb5\r\xd2\xaa\xe6H\xfe)\xb3a\x04\x1eRMl\xa3F\xa8W0\x90\xc9Ky#\x03\xf5~\xd2Z\xe9(\x99\b\x00M\xde\x01]\r\xd09k\xc2\x84\xc1\xabN\x96\x8a6\x98@\xd3\xab\xa8m\xdf\x8d\x1d\b\x82\xfcP\x87\x93\x80\x97Q\x86\x8a\x9c\xf8L\x0f\xa8@VE2\x9d\x1e`#\xd8\xd7M\xd4k1\xe6\x13Y\\\x83E\xd0e\x0eM\xa9Q\xac\x0e\x1d]\a\x19H\x81\xd2\xccF\xc6\xd4\xe2R$\xfa\xd6}\xbdsN\x18\xdf\xf5\xffP\xf5\f\xccL\xef\x83\xb3$\xd4\xf4\xb5\xe6\xd0 \xb9\xa7\x8e6\t\x83q\xef\b\xd2\xdb', 0x1) 7.084495926s ago: executing program 0 (id=3774): sendmsg$auto_NLBL_CIPSOV4_C_LIST(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x1c, 0x0, 0x400, 0x70bd27, 0x25dfdbff, {}, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x8000}, 0x4000) close_range$auto(0x2, 0x8000, 0x0) socket(0x1e, 0x805, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) sysfs$auto(0x2, 0x5, 0x0) fsopen$auto(0x0, 0x1) fsopen$auto(0x0, 0x1) socket(0xa, 0x5, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x2, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x60742, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_CGROUPSTATS_CMD_GET(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x14, 0x0, 0x25, 0x70bd25, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x400c9d0}, 0x4080) r1 = socket(0x10, 0x2, 0x14) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000002fc0)={&(0x7f0000000040)=ANY=[@ANYBLOB="140000000a14"], 0x14}, 0x1, 0x0, 0x0, 0x80c3}, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0xffffffffffffff14, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYRES8=r0], 0x1ac}, 0x1, 0x0, 0x0, 0x40}, 0x200440c0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4c084}, 0x51) sendmmsg$auto(r1, &(0x7f0000000080)={{0x0, 0x8001c01, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x1}, 0x7}, 0x3d55, 0x0) 6.94644582s ago: executing program 3 (id=3775): gettid() r0 = socket(0x10, 0x2, 0x0) syz_genetlink_get_family_id$auto_mac80211_hwsim(0x0, 0xffffffffffffffff) sendmsg$auto_HWSIM_CMD_REPORT_PMSR(r0, 0x0, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_tk_debug_sleep_time_fops_(0xffffffffffffff9c, 0x0, 0x0, 0x0) rt_sigqueueinfo$auto(0x0, 0x9, &(0x7f00000000c0)={@_si_pad}) r1 = socket(0xa, 0x2, 0x88) shmget$auto(0x8, 0x10565, 0x7ff) shmat$auto(0x0, &(0x7f0000000580)='(\x00', 0xfffffffa) sync_file_range$auto(r1, 0xfffffffffffffe95, 0x9, 0x9) shmctl$auto(0x0, 0x0, 0xfffffffffffffffd) openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, 0x0, 0x80100, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0005, 0x19) read$auto_proc_reg_file_ops_compat_inode(0xffffffffffffffff, 0x0, 0x0) shmat$auto(0x0, &(0x7f0000000000)='(\x00', 0xfffffffb) mmap$auto(0x200000000000, 0x41d4255, 0x0, 0xeb1, 0xffffffffffffffff, 0x8000) 6.932182868s ago: executing program 1 (id=3776): mmap$auto(0x0, 0x2020009, 0x3, 0x800000000000eb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0xffffffffffffffff, 0x0) socket(0xa, 0x2, 0x0) r0 = socket(0xa, 0x3, 0x3) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) socket(0xa, 0x1, 0x6) socket(0x11, 0x80003, 0x300) socket(0x10, 0x2, 0x0) socket(0x2, 0x3, 0x2) socket(0x2, 0x3, 0x104) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, 0x0, 0x40, 0x0) socketpair$auto(0x3, 0x5, 0x7, 0x0) setsockopt$auto(0x3, 0x0, 0xf, 0x0, 0xb) bind$auto(r0, 0x0, 0x6f) sendmsg$auto_NL802154_CMD_SET_SEC_PARAMS(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000d80)=ANY=[@ANYBLOB="05000000", @ANYRES16=0x0, @ANYBLOB="010025bd7000ffdbdf25150000000500120010000000080027000c000000380b2b80330b248004008080ba89ebda4be9067b59c90d50dab4ba175b1b13d15e19ee0f5bf6c6d2095efcc719c8e137b7ec6062c6c768e512acd0f1208ee2be2b891868abd1934bd95a54945e649a2afd1272f72e8fffb57e3ba1c8fb306ce2ba95180cf54dcca46ab950e626ff31022afd57f1306ee00962cb60c30a9946d642a00256ed0006ec8364307874f7c763c6e9af0222943721fb4fa5b1cecfe3a908b1fd515dad1e0ca0998fa55ca4bbf9412855250567f1b98186d8597ab6fb715cef224b510a7ccc4cae047b6d4ab94775e1158d87be4806455bbd76baaa3a656ed5f316b17a5a27a6ec9904006d80460a8e80b634a4b1ce57b5a586e945eb157cc566d02bed93630b901c93d3fde23606aa3e80e4d0644fef266741cf5f2879924594cd388ed548e2dea74f9d72af19edad4a810af64d79eaa131b2afaca3f428fd83499d9c7a99dfd9a24cbd9bf5b0f0446521fcf1f416f83791795dc86d63c7a05e38c547e208be35b17fb8aa1fa57ea4ac59aac09a5bfb9f08a6d02e58d5040324f4241a9eb63d5a1e48cff0ed3e97c4af9506ca950ce9d115d242277c614a27a77df014ced1df35f069b42113bc6bf5427f9c1ba6924ec8bafc11ba6d9303461e92e3c3e1b4d5b2954d259654ee2bab0385e3b106c4a93525200ce6e3f1e9f6d4b87b61583abced950ff97dade7ebde309c78d4f1ddbff5cb5c3fd141cbb4e56a97183f705019716cf6d6f300c9677b6f14b2b8d708b675b5c4f2357d9c22dd6bba1195ba295a5f713ac28f043cc671fc7b43fb9b40bf17766c79d698dd68d0e385e926971a18a3c3687c3c8202b806432be62b3030a2c9e31da55a6cd98165f7439f9a09508b8c4b9c5ea32aaf1f7c4246ea8700aaccaf476d9cd5e3b2340d17f13ba40c8fdaf4aa4c4b8763fd86d35bda9aab03e3a252d7e4aea01cdad1fad040b29a9e92ee1fd8c010c30b4cc69917cee531e42efa59c735fe8159a292f57fa7a4600e6833032846d87a515d9803770eb4db6712bce7b51fc2f0eff8a292023a8c7c1544c6e53012f9fe13aa8caf795caccfa4ff2321116a86938e2b782e7a57fe5cbff8df11b0bc86d691a7a8df0cc9486c4898e8bafd0b374798ecdba9af994890465f435d5e6408dd9ddd96df1673098864522e964b565d69882198a999ee41c980dafdf3538400c81ad57dc970a72b75d75850913452021a4dfe885342c4e5c33dbcd801b10866908de67b13c5dc4fb51dce74dae4c4c27413c00b50c8e18d1dcfe28974fee5df4cefd05f7e8e21e8881ef7300ca75af8ef7c8cfa0a1cf8771444e3bd449f957fa4500c1f371ccc31a7b196ca809935887d26d3ed24d2dc16c83aa263abd880df1d27d8463e4f29673fbb0a073caaf975314f5660bdf89c285291a46ddb2f8410b02e86bc522808052288fe16dbb7733976605ed2342c69717ba18334138bc68c994ffa20bbad1672a4ee0dc19a0ec177f36995edc671ef8d29211e4b7d0723a18c36c398df2e924a4f55ef95687e6a4aebcf86d36a9791d561c2203fc4a545d30a5173ffc84612c333a73fd0c84f92554294cfbbe86088e79bc6f1c9bc880b4502e4b47af767f47dbccbf4318ec6a33ee42cafc3e6ced6720adf772de614a754c7b0d93208cb0bdd285e8ff9ffe078bb782a57a14204784880a3379af47423967bf134933d350324a845e7aca06245efec7dd272177bbb663bf83c23161cf7d8b32d45502f6bbc6416720652aa197556c3cf5be55e2f8ace74ce95feb288f681d92ed529bb9892472c3633f744bfde252c8b00808d92daa2a3b4771eee9cc83745c326f8ea02119b55a99bddfc498948e53ce2efa0635276810d2211e9e0e63bc850029865d525cbf43cde05009dca149084d9569a1abb0e5f941bd5c67a77685e965b354dc744617960e642512f2cd86236c9a1938f4e799cc0e09beb23791f446e822b86518185d668e7e93daec7b1a9f53034aeabc7c7bf52deefbf5e2a90b085c41c0f528ff2cf81dbc1c28ed95ad75fd65c0e0d793d7111dce84883cbf60cd55e025b824d84e141d54da72111ea2fed1fd8f3c9cf47763ee47a7988d5021ac661641ee95ea9c9d57dd2f8e537f3cb71830a6c1608dadf6beb7339961811f8da34f8fb7b5190f9c146942fda73801812ed6bffa1a60c80e5fd6528e045b40fa78c10f37797d93f827539aa389d59c48254397ff7b72325465d18b04acac619d9d5f80d46b57d28a76fbe83203ecacb91328b145ebbe356178a1eb1c09101fe785c98aab93485ae7b4217412b7ea31fdd965eaaf78d3ab4eec8bc689062b738c002fd94f9cd18bbc5285c57854f9092e85d90ec205f43fcc9d27cd6041fb73ed3164e7f2cb3ea694b89a1879f8cbcdbffdab4b277d0fa3dba5061952d266b2f3821f79cd2b3bf107c6250e711c9ddba407c9ed323d2dfda23d5a4088f8199d1cbb311a1b051da8d792299f471f0ca7fd7925695acaf01e7ad022d96dfb30e66d551fb37522baf2ea71cc5a6416124ee2138c3f2fb5cca4b71eb9d3571deebc898b62406f416caa3fcd732f9661548d8b7ec74bc94d9dcc92b0048abc2b358c0007a905c9513affbd873a368e0b5872a2f4cdc4bb8602ad3ec77cba3e150c8993f5fc88ac7e6b2642f4660486d5823482aae8f90ee7913abdb064398cebe5946c2920d7d99935571f9b1eeb4529373538e699dda91425660a1010a4cf7e9a10713f57fa1d601467ec51ad5153bd94582320ff55380ca7efefacf62f822b948cb3b93f68978f248639c51ac97e3f56bcca9990839ee01df9773b22cf261310d4b3c6b03ef54a9a848c10d1252d0412a8f01ff61bd6978112d6b69e2f71e02a04f43f3a1a8259f7e83c26fc5bc703a8b6d3d325f08b08f9dc10b8f654871386ef94d2493463f7f3d0b20bf93be475b0ed9e870aaedd63b8d08877651bace68300e3a1b0a5d1a3da2b246fef82de3b57eca440ae7a7656ff31ae74cad3a80f1ae615f2747589d4859ec1981a6a5176168db86ab5f6930d4679762956e408d2268cad53aa10727c8b8952114b17c352782dc9afc120535bcb99bcf1161397f19ac4d288677e48f0e6bfdcf5f852a8bc1b432399f0ade5db9585e09e4cc96a63dd7bddecbbaae880678f94111108d76c5d825629a3eee16b2a6362c59ba3cf99a2e2bcfa62d010706bca5c0d009b141f1c3f6a9cc58234f97a5721a3ee31772877ffda5507f8e7053e15cb60df08184dbdd9f2af7a618781fdd39d32404f3e2dc6ac48f35ce31bc70a019235b7776114ef2ae75ebf7b7191e5a61e1c5c82340e12dd98cf9125a3fb1c8062a206ac2aa98e708a190b1b70d1c2450b47394d8e1f21c541b3f4139d2159e9a37acf2ee9ba5e0cf99221a43b46793cad7b7b71784032a0092abb25380fa77646f948ed456d6fa1fb749f736e10491e39569c073308ee782562a59a719e4b8910f737a41ee0644db9905d22f44bae257749b03667b535af492012ad1c50f1d88a46a2c3aeeca86026c6e5ca8289bb153ff85aade4bd00b9bb87017d7816c24a0e71b0d0dcf6dedbc956c81bf445d665da7cb1c009be2f8d7eb286e2e2595166b8df0541ff0b80ab20d9ba30058ef52dc2c1905133bcca7193320811e0bc083798b80bce7e84ea9135d976fbc339b0814cb4f4dd9a71f9a2f1a78da4c60c1671b6ef41798646a702fd9eeb67bd250df336f0c1889c54be82bfc4238d6568ca0e7bf7a3005126d605a867b47f2c96fd6a92a9cf463270a9e2df32c6959c2f272b48a6b76fe7393dc12713c99888e0d03ffdac04f5d3c87e5343bc1a6127484b6d7e18e97a329ae582b8c3dd1be170cff9fdebcadfb339c67a303e15d6f779da6fbd91b401ac8e32fe1a0f16b5aa52ca7801d12aaba5c57945b3d0e768370e031d268b101df06ceaca597ca754d933b08f3b248548d267cbb16430c5110cdaf5b36bc2cf6a7c24f143277f606cbe77ef320505986fa5dc876e87ec74a2c06d0e893ed3da67cd814f209b3720e98d1b2f6afd245bcb682167978b98b9976c2ef41"], 0xb5c}, 0x1, 0x0, 0x0, 0x20000000}, 0x48880) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "abe6de3d6468fe8000"}, 0x55) 6.902689778s ago: executing program 0 (id=3777): mmap$auto(0x0, 0x402000a, 0xffffffffffffffff, 0x400eb1, 0x401, 0x8000) close_range$auto(0x0, 0x5, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000280)='/dev/snd/controlC1\x00', 0x42000, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/ptp/ptp0/max_adjustment\x00', 0x400, 0x0) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptyx2\x00', 0x202041, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000001a80)='/dev/bus/usb/001/001\x00', 0x29202, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x3) socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0xfffc, 0x1, 0x1ff, 0x0) r0 = openat$auto_ucma_fops_ucma(0xffffffffffffff9c, &(0x7f0000000180), 0x101002, 0x0) write$auto(r0, 0x0, 0xc3) 6.765057213s ago: executing program 0 (id=3778): socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) lstat$auto(0x0, &(0x7f0000000180)={0x4, 0x1c, 0x9, 0x6, 0x0, 0x0, 0x0, 0x1001, 0x8, 0x80000008000000a, 0x40000402, 0x9, 0x8, 0xffffffff80000000, 0x800000000000d, 0x6}) r0 = socket(0xa, 0x3, 0x3c) connect$auto(0x3, 0x0, 0x55) write$auto(r0, &(0x7f0000000080)='<&\x00I\xaar\x1c\xbb\xde\ah\x15,\xeb|\x85\xe8\x97Z\xc30\xae}\xa1\x17K(\x80]]\x8d\xb5\xeb-\x9d\xc1\xceU\xbb_\xcf\xe8#U\xd0_|\x15f\x92\xaa\x9f\xa0l}7z#u\xf6\xd1\xe1\x8d\x05=w\xf1\xb9K\xf4\\\a\xdf\x87\xbb\x03d6\xe1\x14\xb1|\x98\x82$\xf3\xb2\xcf\xb7\x7f\xf8f*/\xc2\x82\x8c2\x8d^\x10\xc6\x1cs', 0x263f) mmap$auto(0x0, 0xc, 0x4000000000df, 0x100000044eb2, 0x10006, 0x300000000000) r1 = openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f0000000240)='/dev/usbmon32\x00', 0x80440, 0x0) ioctl$auto_MON_IOCX_GET(r1, 0x40189206, 0x0) ioctl$auto_MON_IOCQ_RING_SIZE(r1, 0x9205, 0x0) io_uring_enter$auto(0x3, 0x80a84, 0x80000001, 0xa, 0x0, 0x21b15ab0) syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000002740), 0xffffffffffffffff) process_vm_readv$auto(0x0, 0x0, 0x1, 0x0, 0x2, 0x6) madvise$auto(0x0, 0x2003f2, 0x15) madvise$auto(0x0, 0x1010001, 0x100000003) madvise$auto(0x1000, 0x400050, 0x9) write$auto(0x1, 0x0, 0x80000000) 4.903527904s ago: executing program 1 (id=3781): socket(0x1e, 0x4, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000140)='/proc/sys/kernel/task_delayacct\x00', 0x82080, 0x0) mmap$auto(0x0, 0x2000d, 0x4000000200df, 0xeb1, 0x404, 0x8000) socket(0x10, 0x2, 0x0) socket(0x10, 0x2, 0x0) sysfs$auto(0x2, 0x40, 0x0) fsopen$auto(0x0, 0x1) r0 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x0) io_uring_setup$auto(0x67bb, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) socket(0xa, 0x2, 0x0) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) socket(0xa, 0x801, 0x84) r1 = io_uring_setup$auto(0x6, 0x0) r2 = socket(0xa, 0x2, 0x88) r3 = bpf$auto(0x0, &(0x7f0000000000)=@link_update={r2, @new_prog_fd=0x4, 0x4, @old_prog_fd=r0}, 0xa3) bpf$auto(0x4, &(0x7f0000000040)=@link_update={r3, @new_prog_fd=r4, 0x1, @old_prog_fd=r1}, 0x7) 4.889797385s ago: executing program 4 (id=3782): socket(0x2, 0x3, 0x100) socket(0x10, 0x2, 0x4) pipe$auto(&(0x7f0000000000)) socket(0x15, 0x5, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x1, 0x0) socket(0x10, 0x2, 0x0) memfd_create$auto(&(0x7f00000000c0)='\xc4--:\xdd:,./-${\x00', 0x4) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x3, 0x100) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket(0xa, 0x2, 0x88) bpf$auto(0x0, &(0x7f0000000000)=@link_update={r0, @new_prog_fd=0x4, 0x4, @old_map_fd}, 0xa3) 4.880065816s ago: executing program 3 (id=3783): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) r0 = open(0x0, 0x261c2, 0x84) close_range$auto(0x2, 0x8000, 0x0) r1 = open(&(0x7f0000000000)='./file0\x00', 0x261c2, 0x84) io_uring_setup$auto(0x9, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8000, 0x0) r3 = socket(0xa, 0x2, 0x88) socket$nl_generic(0x10, 0x3, 0x10) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000280)={'wg0\x00', 0x0}) bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_5={@target_ifindex=r5, r4, 0x4, 0x401, r3, @relative_id=0x13, 0xe600}, 0xf) bpf$auto(0x2, &(0x7f00000001c0)=@raw_tracepoint={0x5, r1, 0x0, 0x3}, 0xc) bpf$auto(0x2, &(0x7f00000001c0)=@raw_tracepoint={0x5, r0, 0x0, 0x3}, 0xc) bpf$auto(0x2, &(0x7f0000000500)=@bpf_attr_11={0x5, 0x8000000000000001, 0x9, 0x5, 0xf870e9c, 0x7, 0x8}, 0x9) bpf$auto(0x3, &(0x7f00000001c0)=@raw_tracepoint={0x5, 0xffff, 0x0, 0x4}, 0xc) 4.644813322s ago: executing program 4 (id=3784): syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_buffer_percent_fops_trace(0xffffffffffffff9c, 0x0, 0x2d8282, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) r0 = io_uring_setup$auto(0x5, 0x0) mknod$auto(&(0x7f0000000580)='u[,&*}\x00\a\x00\x00\x00?\xa4\x1fN\xa1~5Z\xc7\r\f}M4\xa8m\xe6\x19[11\xab\xff-E\xac9(\xb4O\xa0t4h\x9f-gn\x1f\x01\x00\x00\x00\x00\x00\x00\x00\xaeR\x81\r_\x0e\x19\b\x85\bvv(e\xdax)\t\x15\xf6\xc8\xee\x04\x16\xc1\x9a!\x87I7\x8cD&zg\xb0a\xab|E\xde\x14\xee[\xc8\xc0\xa8Nh\x0f\xa3\xdbT\xb3\xb8\xd2F\xa0\xc4]\xaf\xc43&\xe4\x01\x05\xd2\x15\xf8\xf1!\x9d\x92\xbbH\xd3^aD\x87\xd8\xe7\xd2\xf3[r\xc5S&}D[\x97\xf1\xd9\xf8Y\x1c\x03\x84\xb4\xd7\x16\x19\xe5\x17\x10\xd8fcG:\xfbY8\x17w\x98?\x03@\xe5\x02\x05\x93h\xb9\xf7\xef\x84\x8aGlN\a\x1e\x00\x00\x00\x00\x00\x00\x00\xf1p\xeb\xe9(%\x89\xef\x85\xdfr\xce\x00\x00\x00\x00\xff\x00\xa2M\'d\x12\x1c\x12\xca\xa5_\x8d\xdf\xc5\x8d\x19?\xfc~\xb3X\x14\xa7\xa9M\x87\xfcTW\x1bR\xbci\x8d\x8aNEO\xb3~~\xa8\xa6\x894\x80;s\xb7\xa3V\x1b\x14|\x9e\xd4\x05\x85\x0f!\xab-E\'\x97Y\xb7\xe8fMv_\xf8\xa0S\xef\xb7\b\xe7!T.g\x92\x87\t$\x06\xa4\xfb\x83\x8c\x17^\x82\xe7\xd3\xf6q\x1a\xa0\xf82[W\x90\xdd\xe3\xde\xa9\xde\x94`-\x9a\x1e}\xebO*\xb85,v.\xfc5\xba?vlt\xda%\x06a\x15I\x1f\xe3\x05+\x810T2\xf9\x9b\xc7\xd1\t\x03\xf2\x8d\x8a\x90\xb54\bH<9\xf1\x91 D\x85g,\xaa\xca\xcd\xd5\xcb\x9a\xb1j\xf2F\xce\x14\x92\xf9\xd7\xec\xc5\x1e\x8aq2\xce\x881f\xd7\xd4\x9e\xf6\xb6P\x01\xe8T\xb5X\xb9d-I\xd6\x91\xc3\xe2\x88S\x82l=\x02t$p\t\x8cY\x06\r\x83\xb0\x86\xc6\x84\x1c\xce\xb6\xf0\xdfC\x9fj<\xfe\xa4\x1f\x82L\xe4\x13+H\x00\x00\x00\x00\x00\x00\x00\x01M\x16\xa0\xbeB6\xfb\xa2-\x17\x93Q\x9fKusl5\xa2$M\xb4\x18\x1db\xf3\xce\x8c\xe5Rna\xd5\xbbQ\xc7\xa7+\vH\xc1l\x1bIv\xe8_', 0x1081, 0x9) acct$auto(&(0x7f0000000480)='u[,&*}\x00\a\x00\'\x00?\xa4\x1fN\xa1~5Z\xc7\r\f}M4\xa8m\xe6\x19[11\xab\xff-E\xac9(\xb4O\xa0t4h\x9f-gn\x1f\x0f\x18\xc5\x82-s\x83\xe6\xaeR\x81\r_\x0e\x19\x12\x85\bvf(e\xday)\t\x15\xf6\xc8\xee\x04\x16\xc1\x9a!\x87I7\x8cD&zg\xb0a\xab|E\xde\x14\xee[\xc8\xc0\xa8Nh\x0f\xa3\xdbT\xb3\xb8\xd2F\xa0\xc4]\xaf\xc43&\xe4\x01\x05\xd2\x15\xf8\xf1!\x9d\x92\xbbHL9aD\xb4\x80\xed\xba>\"\xb6\x7f\xa3f\x1d\a\xa1\x87\x84uA\xd8\xe7\xd2\xf3[r\xc5S&}D[\x97\xf1\xd9\xf8Y\x03\x84\xb4\xd7\x16\x19\xe5\x17\x10\xd8fcG:\xfbY8\x17w\x98?\x03@\xe5\x02\x05\x93h\xb9\xf7\xef\x84\x8aGlN\a\x1e') open(&(0x7f0000000480)='./cgroup.cpu/cgroup.procs\x00', 0x880c2, 0xb3) close_range$auto(0x2, r0, 0x0) acct$auto(&(0x7f0000000280)='/sys/devices/virtual/mtd/mtd0/size\x00') mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) socket(0x25, 0x1, 0x3) r1 = socket$nl_generic(0x10, 0x3, 0x10) setsockopt$auto(r1, 0x3, 0x4, 0x0, 0x3) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video1\x00', 0xc0400, 0x0) mmap$auto(0xfffffffffffffffc, 0x7, 0x4000000000e0, 0x40eb1, 0x401, 0xb6a) socket(0x2, 0x1, 0x106) unshare$auto(0x40000080) 4.642237742s ago: executing program 3 (id=3785): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sg1\x00', 0x180443, 0x0) openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dri/card0\x00', 0x121d02, 0x0) openat$auto_kernel_debug_fops_orangefs_debugfs(0xffffffffffffff9c, &(0x7f0000000040), 0x242780, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x2, 0x14) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D2\x00', 0x622340, 0x0) openat$auto_fuse_conn_congestion_threshold_ops_control(0xffffffffffffff9c, &(0x7f00000000c0), 0x20040, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x155) socket(0x2, 0x80802, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) connect$auto(0x3, &(0x7f0000000180)=@in={0x2, 0x0, @multicast1}, 0x55) sendmmsg$auto(0x3, 0x0, 0x3, 0x0) 4.580445361s ago: executing program 1 (id=3786): mmap$auto(0x0, 0x6, 0x3, 0xeb1, 0x7, 0x8000) openat$auto_nsim_pp_hold_fops_netdev(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/netdevsim/netdevsim1/ports/3/pp_hold\x00', 0x101001, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/virtual/block/ram9/diskseq\x00', 0x2440, 0x0) read$auto(r0, 0x0, 0x20) writev$auto(0x3, &(0x7f0000000080)={0x0, 0x1}, 0x3) mmap$auto(0x0, 0x2020009, 0x3, 0x9000000eb1, 0xfffffffffffffffa, 0x8000) write$auto(0x1, 0x0, 0x80000000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x4a) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0xffffffffffffffff, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0x10, 0x2, 0xc) r1 = socket(0x2000000000000021, 0x2, 0x10000000000002) pipe2$auto(&(0x7f00000003c0)=r1, 0x80000001) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(0x2, 0x1d, &(0x7f00000003c0), 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000001080)='/proc/sys/kernel/random/boot_id\x00', 0x0, 0x0) sendfile$auto(0x1, 0x3, 0x0, 0xc01) 2.831724625s ago: executing program 0 (id=3787): unshare$auto(0x40000080) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) listen$auto(0x3, 0x81) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) keyctl$auto(0x1f, 0x1, 0x6, 0x0, 0x3ff) syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) syz_genetlink_get_family_id$auto_nfsd(0x0, 0xffffffffffffffff) r1 = openat$auto_proc_uid_map_operations_base(0xffffffffffffff9c, &(0x7f00000013c0)='/proc/self/uid_map\x00', 0x8006, 0x0) socket(0xa, 0x2, 0x3a) write$auto_proc_uid_map_operations_base(r1, 0x0, 0x0) madvise$auto(0x0, 0x200007, 0x19) openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000300)='/proc/thread-self/pagemap\x00', 0x404001, 0x0) mmap$auto(0x0, 0x420009, 0xdf, 0xeb1, 0x401, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) remap_file_pages$auto(0x6a27, 0x1000, 0x0, 0xb74, 0x66a) 2.814221019s ago: executing program 4 (id=3788): openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000002940)='/dev/fb0\x00', 0x841, 0x0) openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, &(0x7f0000000000), 0x40000, 0x0) openat$auto_tracing_iter_fops_trace(0xffffffffffffff9c, 0x0, 0x40000, 0x0) mmap$auto(0x0, 0x2020009, 0x2, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) r0 = open(&(0x7f0000000040)='./file0\x00', 0x2041, 0xfa) write$auto(r0, 0x0, 0xfffffdf1) linkat$auto(r0, 0x0, 0xffffffffffffff9c, &(0x7f0000000080)='&&\x00', 0x1000) fsetxattr$auto(r0, &(0x7f0000000180)=':\xbf+<\x8a}\x00\xeb\xfa\xe6\x8d\x02\\VD\x04\x00\x00\x00*\x80\xa4\xf4vql\xa9\x05o\xf7\x9e\xfd\xf7\x00\x00\x00\x00H_/Z>n\xf5F\xbf\xd3\xefi\x91\x88\x1daIu7\xef!\xd0\x04\xdes\xfe`\xf5e;4\xbek\xf9\xec%\xbc\xd4\xfc`\xb9\n\xb5\xa5V\x98\x14]\x8a\x03\xd9', 0x0, 0x7bd, 0x1) mprotect$auto(0x0, 0x8000000000000001, 0x8) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS0\x00', 0x942, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x8000000000001fd, 0x20000000007, 0x4, 0xbc3, 0x800, 0x3, 0x8, 0x10001, 0x400000000003, 0x3, 0xfffffffffffffffc, 0xfffffffffffffffe, 0x6, 0x9, 0xffffdfffffffff81, 0x4]}, 0x0) r1 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000280)='/proc/sys/kernel/perf_cpu_time_max_percent\x00', 0xa042, 0x0) sendfile$auto(r1, 0xffffffffffffffff, 0x0, 0x48) close_range$auto(0x2, 0x8, 0x0) 2.808746446s ago: executing program 3 (id=3789): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000540)='/dev/sequencer\x00', 0x1c8300, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) socket(0x23, 0x80805, 0x0) socket(0x2, 0x1, 0x106) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) socket(0x2, 0x1, 0x0) openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/workqueue/cpumask\x00', 0x2, 0x0) socketpair$auto(0x1e, 0x5, 0x9, 0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ptys5\x00', 0x2000, 0x0) ioctl$auto_TIOCSETD2(r0, 0x5423, 0x0) ioctl$auto_TIOCSTI2(r0, 0x5412, &(0x7f0000000300)="dd") 1.239737988s ago: executing program 4 (id=3790): syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) close_range$auto(0x2, 0x8, 0x0) r0 = getpid() process_vm_readv$auto(r0, 0x0, 0x1, &(0x7f0000000280)={&(0x7f0000000080), 0xffffffff}, 0x6, 0x0) process_vm_readv$auto(r0, &(0x7f00000000c0)={&(0x7f0000000000)="d25de3ac0547d16477cc8242c58b61a1d0d5805999df1860b0ba21cc4fd3e9a94cc4667d84fb523483d9ad9e38ffc6d5656c4d3c5f8df00462bb2bc090a58eef07831b4e144ce66e907a611b77ae6ea0475031ad4fbe8fe316dad6f0b8e7f2645e7e3772db0e6a5e5d3119a96ab7794d7fd2e29c3f7b40dca1dcc7e535954f653b5a1ec17bcf66226a3d5d0df9e271120865a464771095eb9843b3f4c81f35daec19f0115e88421a8d0e7e", 0x7879}, 0x8, &(0x7f0000000200)={&(0x7f0000000100)="8d436e9e4e8d5c9deb12b50b9fa92f4b93e381969f568f706917c6bd45fa5c8d20effffa579dd6065639c931e59febee65cb9e186a1422fefd83431833f9ac97550fb8efb398eb6d4a0c02ba3863ffe89da5360a3816e97a5d26bd7b71b8bf028822c6ac55f17b0be03e8a863c13abfed214bfb62b25b6d1f1e2062389ddffd9a5f5cfd25b6aa2f1806e4e93235f5c213927a12178477b519dfb12068965f9e84a98470ea01467a602a6515aff9d61dd6d0af25ff6acbf61dcfa0a33091e180c904d82212daadd6ac0c847f6a6"}, 0x10000, 0x6) openat$auto_set_tracer_fops_trace(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/tracing/current_tracer\x00', 0x2, 0x0) fanotify_init$auto(0x65, 0x2) r1 = pipe$auto(0x0) dup2$auto(0x5, 0x4) r2 = socket(0x10, 0x3, 0x6) r3 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_LINKMODES_SET(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000380)=ANY=[@ANYBLOB="f0020000", @ANYRES16=r3, @ANYBLOB="01002dbd7000fedbdf2505000000da0203800800c000e000000204002a000400110008002e00", @ANYRES32, @ANYBLOB="d152e64e22695352dd73864415aa8a78c65e6ab752fb4d469a47a092ae7d5061cdd9690cac4138553ecfbb1b32dd7c33b14cc842bc1e2a5da4203e64ceaa9db5223aa655b6313c011b3e73a75f1aa1f7b2ea43344b15bd494886e355cf6d92c8fe670a42bc677830013e9c4aa4fa30c3e6630bf0ed13206d5a18f6813c6fb03466112aedf5d67bb5b99fe96a6dcd279916b0bce029925b63c48d41ca8a76"], 0x2f0}, 0x1, 0x0, 0x0, 0x40000}, 0x50) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'macvlan1\x00'}) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'batadv0\x00', 0x0}) sendmsg$auto_BATADV_CMD_SET_MESH(0xffffffffffffffff, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000080)={0x1c, 0x0, 0x1, 0x48000, 0x25dfdbfa, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r4}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4004060}, 0x140000e4) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000340)={'veth1_to_batadv\x00'}) splice$auto(0x4, 0x0, 0x2, 0x0, 0x80000001, 0x9) 1.142114625s ago: executing program 1 (id=3791): mmap$auto(0x0, 0x420009, 0xfff, 0xeb1, 0x401, 0x7ffd) r0 = bpf$auto(0x0, &(0x7f00000001c0)=@task_fd_query={0x19, 0x4, 0x4, 0x880b, 0x8, 0xd, 0x66b, 0x4, 0x7ff}, 0x6f4) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ram5\x00', 0x14fa02, 0x0) mmap$auto(0x0, 0x810004, 0x400000000ffb, 0x8000000008011, 0x3, 0x8000) sendmsg$auto_NL80211_CMD_GET_STATION(0xffffffffffffffff, 0x0, 0x8000) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r3 = openat$auto_stats_fops_(0xffffffffffffff9c, &(0x7f0000000000), 0x100, 0x0) r4 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) ioctl$auto_SNDCTL_TMR_CONTINUE(r0, 0x5404, &(0x7f00000000c0)="873302e301e0b01ae9e5d8a7401b66e72e4857fababb0070dec76e27ea1c71b7f8b800abcfb9974f59c538ef") pread64$auto(r3, 0x0, 0x2, 0x3) prctl$auto(0x3e, 0x4a, r1, 0x6, 0x80000001) write$auto(r2, &(0x7f0000000340)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\x97U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) ioctl$auto_FICLONERANGE(r4, 0x4020940d, 0x1) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x181500, 0x0) fanotify_mark$auto(0xffffffffffffffff, 0x9, 0x1000000009, r0, 0x0) open(0x0, 0x0, 0x408) sendfile$auto(0x3, 0x3, 0x0, 0x400000000006) 1.044125983s ago: executing program 3 (id=3792): mmap$auto(0x0, 0x2020009, 0x3, 0x9000000eb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x0) bpf$auto(0x0, &(0x7f0000000100)=@bpf_attr_5={@target_fd=0x5, 0x7f, 0x9c, 0x9, 0x1, @relative_fd=0x2, 0x80}, 0x94) bpf$auto(0x5, &(0x7f0000000100)=@task_fd_query={0x2, 0x2, 0x4, 0x0, 0x85, 0x7, 0x9, 0x6, 0x8001}, 0x101) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) socket(0x2b, 0x1, 0x1) r1 = socket(0x10, 0x2, 0x0) syz_genetlink_get_family_id$auto_net_dm(0x0, r1) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snd/midiC2D0\x00', 0x1, 0x0) socket(0x22, 0xa, 0xf) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x60742, 0x0) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000200)='/proc/bus/pci/devices\x00', 0x10b402, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000100)='/proc/asound/card0/pcm0c/sub3/xrun_injection\x00', 0x800, 0x0) getdents64$auto(r0, 0x0, 0x3) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/tty12\x00', 0x101840, 0x0) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) r2 = openat$auto_ucma_fops_ucma(0xffffffffffffff9c, &(0x7f0000000180), 0x101002, 0x0) write$auto(r2, 0x0, 0xc3) 623.348286ms ago: executing program 4 (id=3793): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x40000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sysfs$auto(0x2, 0x23, 0x0) r0 = openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/set_event\x00', 0x20201, 0x0) write$auto(r0, 0x0, 0x4) openat$auto_proc_page_owner_operations_page_owner(0xffffffffffffff9c, 0x0, 0x2482, 0x0) close_range$auto(0x2, 0x8, 0x0) select$auto(0x79c9, &(0x7f0000000200)={[0x0, 0x8, 0x4, 0x7f, 0x8, 0x7, 0x9, 0x7, 0x10000, 0x0, 0x7, 0x7, 0xdb, 0x8, 0x5ae, 0x6]}, 0x0, &(0x7f0000000440)={[0x4, 0x5ee7, 0x7, 0x80000, 0xffffffffffffff01, 0x1, 0x400, 0xe, 0x2, 0x2, 0x9, 0xbf87, 0x0, 0xfffffffffffffffd, 0x3, 0x81]}, &(0x7f0000000140)={0x401, 0x1}) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/power/pm_trace_dev_match\x00', 0x20080, 0x0) getsockopt$auto_SO_NETNS_COOKIE(0xffffffffffffffff, 0x7, 0x47, &(0x7f0000000380)='-\xc8\xa5\x83\x1c\xe0\x8a\xeb\xcc\xfb\xa8\xe3k\b/*\xa7dev/audio1\x00q>l. <\xb0', &(0x7f00000001c0)=0x9) r2 = socket$nl_generic(0x10, 0x3, 0x10) io_uring_setup$auto(0xd364, &(0x7f0000000000)={0x400, 0x10002, 0x7f, 0x7, 0x6, 0x5, r2, [], {0x2, 0x4, 0x6, 0x2, 0x40, 0x4, 0x7, 0x7, 0x80000000}, {0x7, 0x1ff, 0x80000001, 0x8, 0x6b, 0x9, 0x0, 0xfffffffa, 0xb1}}) sendmsg$auto_IPVS_CMD_SET_DEST(0xffffffffffffffff, &(0x7f0000000a40)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x10}, 0x20040011) read$auto_kernfs_file_fops_kernfs_internal(r1, &(0x7f0000000280)=""/175, 0xaf) 517.434785ms ago: executing program 0 (id=3794): close_range$auto(0x0, 0xfffffffffffff000, 0x2) openat$auto_vhci_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r0 = socket(0x11, 0xa, 0x9) socket(0xa, 0x2, 0x3a) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptyz9\x00', 0x600882, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000400)='/dev/snd/controlC0\x00', 0x880, 0x0) openat$auto_proc_mountinfo_operations_mnt_namespace(0xffffffffffffff9c, &(0x7f0000000000)='/proc/cpuinfo\x00', 0x8800, 0x0) socket(0xa, 0x2, 0x0) r1 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sequencer\x00', 0x787806, 0x0) close_range$auto(0x2, 0x8, 0x0) r2 = socket(0x10, 0x2, 0x4) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0xc) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/bdi/43:480/min_ratio\x00', 0x2062, 0x0) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYRES32=0x0, @ANYRES8=r0, @ANYRES8=r1], 0x18}, 0x1, 0x0, 0x0, 0x60008004}, 0x2000c082) write$auto(r2, &(0x7f0000000000)='-\x00', 0xfdef) 483.388989ms ago: executing program 3 (id=3795): r0 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, 0x0, 0x48180, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x40000) mmap$auto(0x0, 0x2020009, 0x3, 0xf8, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0x6, 0x0) r1 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r1, 0x0, 0x7, 0x4008) r2 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, 0x0, 0x8a240, 0x0) read$auto_v4l2_fops_v4l2_dev(r2, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, 0x0, 0xa2741, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/vtconsole/vtcon1/bind\x00', 0x182b02, 0x0) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x9}, 0x8) write$auto(r0, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x84) 297.003187ms ago: executing program 4 (id=3796): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x80302, 0x0) set_mempolicy$auto(0x3, 0x0, 0x9) mmap$auto(0x0, 0x2000c, 0xdf, 0x20eb1, 0x40000000000a5, 0x8000) mmap$auto(0x6, 0xe983, 0xe2, 0xeb1, 0x401, 0x8) close_range$auto(0x0, 0x5, 0x0) r0 = pipe$auto(0x0) r1 = socket(0x11, 0x80003, 0x300) sendfile$auto(0x1, r1, 0x0, 0x8fb5) vmsplice$auto(r0, &(0x7f00000000c0)={0x0, 0x7ff}, 0x8000000000000001, 0x0) sysfs$auto(0x2, 0x2000000000040, 0x0) r2 = fsopen$auto(0x0, 0x1) poll$auto(0x0, 0x6, 0x0) fsconfig$auto(r2, 0x8, 0x0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) 0s ago: executing program 0 (id=3797): openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000100)='/proc/sys/net/ipv6/route/flush\x00', 0x80401, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0001, 0x15) settimeofday$auto(&(0x7f0000000080)={0x7fffffff, 0x5}, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) write$auto(0x3, 0x0, 0xfdef) r0 = open(&(0x7f0000000040)='./file0\x00', 0x22240, 0x110) fcntl$auto(r0, 0xb, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/pcrypt/pencrypt/parallel_cpumask\x00', 0x80302, 0x0) madvise$auto(0x0, 0xffffffffffff0001, 0x15) arch_prctl$auto_ARCH_MAP_VDSO_32(0x2002, 0x3) madvise$auto(0x0, 0xffffffffffff0005, 0x19) msync$auto(0x100000000, 0x0, 0x3) kernel console output (not intermixed with test programs): jE r҄y*"l-y– [ 540.419993][T12897] zswap: compressor not available [ 541.412329][ T51] Bluetooth: hci0: unexpected event 0x14 length: 16 > 6 [ 542.403612][ T51] Bluetooth: hci4: unexpected event 0x07 length: 435 > 255 [ 542.912628][ T51] Bluetooth: hci4: unexpected event for opcode 0x7c89 [ 543.210307][T12944] netlink: 'syz.4.2331': attribute type 27 has an invalid length. [ 543.218217][T12944] netlink: 'syz.4.2331': attribute type 28 has an invalid length. [ 543.283241][T12944] netlink: 'syz.4.2331': attribute type 29 has an invalid length. [ 543.321822][T12944] netlink: 'syz.4.2331': attribute type 30 has an invalid length. [ 543.352433][T12944] netlink: 'syz.4.2331': attribute type 31 has an invalid length. [ 543.399925][T12944] netlink: 'syz.4.2331': attribute type 32 has an invalid length. [ 543.440640][T12944] netlink: 'syz.4.2331': attribute type 33 has an invalid length. [ 543.480713][T12944] netlink: 'syz.4.2331': attribute type 35 has an invalid length. [ 543.519524][T12944] netlink: 'syz.4.2331': attribute type 37 has an invalid length. [ 543.558757][T12944] netlink: 'syz.4.2331': attribute type 39 has an invalid length. [ 543.589336][T12944] netlink: 14 bytes leftover after parsing attributes in process `syz.4.2331'. [ 545.344854][ T51] Bluetooth: hci4: unexpected event 0x14 length: 16 > 6 [ 547.456797][T13007] vhci_hcd vhci_hcd.2: invalid port number 255 [ 548.841394][T13020] netlink: 186 bytes leftover after parsing attributes in process `syz.3.2357'. [ 548.871782][ T51] Bluetooth: hci1: unexpected event 0x14 length: 16 > 6 [ 549.046405][ T51] Bluetooth: hci4: ACL packet too small [ 549.976928][T13041] FAULT_INJECTION: forcing a failure. [ 549.976928][T13041] name failslab, interval 1, probability 0, space 0, times 0 [ 549.990254][T13041] CPU: 0 UID: 0 PID: 13041 Comm: syz.1.2361 Tainted: G L syzkaller #0 PREEMPT(full) [ 549.990292][T13041] Tainted: [L]=SOFTLOCKUP [ 549.990300][T13041] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 549.990315][T13041] Call Trace: [ 549.990324][T13041] [ 549.990333][T13041] dump_stack_lvl+0x100/0x190 [ 549.990375][T13041] should_fail_ex.cold+0x5/0xa [ 549.990404][T13041] should_failslab+0xc2/0x120 [ 549.990435][T13041] __kmalloc_cache_noprof+0x7a/0x6f0 [ 549.990467][T13041] ? tipc_nametbl_insert_publ+0x5a/0x1570 [ 549.990593][T13041] tipc_nametbl_insert_publ+0x5a/0x1570 [ 549.990627][T13041] ? do_raw_spin_lock+0x128/0x260 [ 549.990664][T13041] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 549.990708][T13041] tipc_nametbl_publish+0x137/0x260 [ 549.990745][T13041] tipc_sk_publish+0x1d8/0x430 [ 549.990800][T13041] ? __pfx_tipc_sk_publish+0x10/0x10 [ 549.990838][T13041] ? __local_bh_enable_ip+0x9e/0x120 [ 549.990867][T13041] tipc_sk_bind+0x16f/0x380 [ 549.990904][T13041] tipc_bind+0x18d/0x280 [ 549.990941][T13041] __sys_bind+0x1a9/0x260 [ 549.990967][T13041] ? __pfx___sys_bind+0x10/0x10 [ 549.991008][T13041] __x64_sys_bind+0x72/0xb0 [ 549.991029][T13041] ? lockdep_hardirqs_on+0x78/0x100 [ 549.991059][T13041] do_syscall_64+0x106/0xf80 [ 549.991087][T13041] ? clear_bhb_loop+0x40/0x90 [ 549.991117][T13041] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 549.991143][T13041] RIP: 0033:0x7ff941f9c799 [ 549.991164][T13041] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 549.991187][T13041] RSP: 002b:00007ff942dea028 EFLAGS: 00000246 ORIG_RAX: 0000000000000031 [ 549.991210][T13041] RAX: ffffffffffffffda RBX: 00007ff942215fa0 RCX: 00007ff941f9c799 [ 549.991226][T13041] RDX: 0000000000000066 RSI: 0000200000000040 RDI: 0000000000000002 [ 549.991240][T13041] RBP: 00007ff942032c99 R08: 0000000000000000 R09: 0000000000000000 [ 549.991255][T13041] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 549.991269][T13041] R13: 00007ff942216038 R14: 00007ff942215fa0 R15: 00007ffcc8df6558 [ 549.991301][T13041] [ 550.468569][T13043] serio: Serial port ttyS0 [ 552.471062][T13029] Bluetooth: hci4: unexpected event 0x3e length: 505 > 260 [ 552.471095][T13029] Bluetooth: hci4: unexpected subevent 0x02 length: 504 > 260 [ 552.487992][T13029] Bluetooth: hci4: Dropping invalid advertising data [ 552.497016][T13029] Bluetooth: hci4: unknown advertising packet type: 0xe9 [ 552.668634][T13068] zswap: compressor not available [ 552.745430][T13071] netlink: 338 bytes leftover after parsing attributes in process `syz.3.2369'. [ 552.762758][T13085] netlink: 330 bytes leftover after parsing attributes in process `syz.0.2372'. [ 552.805517][T13073] debugfs: '!PjE r҄y*"l-y–L̓]' already exists in 'ieee80211' [ 553.023169][T13079] netlink: 338 bytes leftover after parsing attributes in process `syz.3.2369'. [ 553.659663][T13097] netlink: 354 bytes leftover after parsing attributes in process `syz.4.2376'. [ 553.770059][T13099] netlink: 13 bytes leftover after parsing attributes in process `syz.0.2377'. [ 554.404690][T13114] netlink: 25 bytes leftover after parsing attributes in process `syz.0.2380'. [ 554.894712][T13119] validate_nla: 1 callbacks suppressed [ 554.894732][T13119] netlink: 'syz.4.2381': attribute type 16 has an invalid length. [ 554.955572][T13119] netlink: 226 bytes leftover after parsing attributes in process `syz.4.2381'. [ 555.548705][T13130] debugfs: '!PjE r҄y*"l-y–L̓]' already exists in 'ieee80211' [ 556.854513][T13029] Bluetooth: hci1: unexpected event 0x14 length: 16 > 6 [ 557.702533][T13168] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2397'. [ 557.809736][T13172] netlink: 25 bytes leftover after parsing attributes in process `syz.1.2397'. [ 557.818986][T13166] sp0: Synchronizing with TNC [ 559.393301][T13029] Bluetooth: hci0: unexpected event 0x14 length: 16 > 6 [ 560.089329][T13208] netlink: 'syz.1.2408': attribute type 21 has an invalid length. [ 560.199963][T13208] netlink: 334 bytes leftover after parsing attributes in process `syz.1.2408'. [ 560.994938][T13223] netlink: 330 bytes leftover after parsing attributes in process `syz.1.2413'. [ 561.616669][T13029] Bluetooth: hci0: unexpected event 0x14 length: 16 > 6 [ 562.182874][T13245] netlink: 186 bytes leftover after parsing attributes in process `syz.3.2418'. [ 562.304068][T13245] netlink: 186 bytes leftover after parsing attributes in process `syz.3.2418'. [ 563.208420][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 563.214933][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 563.788226][T13269] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input8 [ 564.341820][T13029] Bluetooth: hci1: ACL packet too small [ 565.366572][T13029] Bluetooth: hci1: unexpected event 0x14 length: 16 > 6 [ 566.442218][T13310] sp0: Synchronizing with TNC [ 566.920181][T13321] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2437'. [ 566.982032][T13321] netlink: 'syz.1.2437': attribute type 1 has an invalid length. [ 567.038870][T13321] netlink: 13 bytes leftover after parsing attributes in process `syz.1.2437'. [ 568.676337][T13348] netlink: 'syz.3.2449': attribute type 16 has an invalid length. [ 568.708013][T13348] netlink: 226 bytes leftover after parsing attributes in process `syz.3.2449'. [ 569.680458][T13370] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2454'. [ 569.752309][T13370] netlink: 25 bytes leftover after parsing attributes in process `syz.1.2454'. [ 570.137556][T13376] netlink: 62 bytes leftover after parsing attributes in process `syz.4.2456'. [ 570.867707][T13383] netlink: 'syz.0.2460': attribute type 16 has an invalid length. [ 570.911134][T13383] netlink: 226 bytes leftover after parsing attributes in process `syz.0.2460'. [ 570.963594][T13383] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2460'. [ 572.334641][T13408] futex_wake_op: syz.3.2466 tries to shift op by -2048; fix this program [ 572.397361][T13408] futex_wake_op: syz.3.2466 tries to shift op by -2048; fix this program [ 573.421406][T13427] netlink: 'syz.1.2471': attribute type 16 has an invalid length. [ 573.460411][T13427] netlink: 226 bytes leftover after parsing attributes in process `syz.1.2471'. [ 573.533193][ C0] vcan0: j1939_tp_rxtimer: 0xffff88805c66dc00: rx timeout, send abort [ 574.041555][ C0] vcan0: j1939_tp_rxtimer: 0xffff88805c66dc00: abort rx timeout. Force session deactivation [ 576.110175][T13029] Bluetooth: hci4: Malformed Event: 0x02 [ 577.538171][T13503] zswap: compressor not available [ 578.559792][ C0] vcan0: j1939_tp_rxtimer: 0xffff88807cda7000: rx timeout, send abort [ 579.068052][ C0] vcan0: j1939_tp_rxtimer: 0xffff88807cda7000: abort rx timeout. Force session deactivation [ 580.683783][T13568] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2501'. [ 580.830309][T13571] netlink: 13 bytes leftover after parsing attributes in process `syz.4.2501'. [ 581.630338][T13590] FAULT_INJECTION: forcing a failure. [ 581.630338][T13590] name fail_futex, interval 1, probability 0, space 0, times 0 [ 581.643299][T13590] CPU: 0 UID: 0 PID: 13590 Comm: syz.3.2508 Tainted: G L syzkaller #0 PREEMPT(full) [ 581.643337][T13590] Tainted: [L]=SOFTLOCKUP [ 581.643345][T13590] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 581.643360][T13590] Call Trace: [ 581.643369][T13590] [ 581.643378][T13590] dump_stack_lvl+0x100/0x190 [ 581.643425][T13590] should_fail_ex.cold+0x5/0xa [ 581.643454][T13590] should_fail_futex+0x4c/0x60 [ 581.643484][T13590] futex_lock_pi_atomic+0x12d/0xaf0 [ 581.643527][T13590] futex_lock_pi+0x246/0x7b0 [ 581.643567][T13590] ? __pfx_futex_lock_pi+0x10/0x10 [ 581.643602][T13590] ? preempt_schedule_common+0x42/0xc0 [ 581.643633][T13590] ? preempt_schedule_thunk+0x16/0x30 [ 581.643681][T13590] ? __pfx_try_to_wake_up+0x10/0x10 [ 581.643715][T13590] ? futex_private_hash_put+0x107/0x1c0 [ 581.643749][T13590] ? __pfx_futex_wake_mark+0x10/0x10 [ 581.643793][T13590] ? ksys_write+0x190/0x250 [ 581.643815][T13590] ? ksys_write+0x190/0x250 [ 581.643842][T13590] do_futex+0x18a/0x350 [ 581.643873][T13590] ? __pfx_do_futex+0x10/0x10 [ 581.643912][T13590] __x64_sys_futex+0x34f/0x4d0 [ 581.643948][T13590] ? __pfx___x64_sys_futex+0x10/0x10 [ 581.643991][T13590] do_syscall_64+0x106/0xf80 [ 581.644019][T13590] ? clear_bhb_loop+0x40/0x90 [ 581.644049][T13590] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 581.644074][T13590] RIP: 0033:0x7fbe2b99c799 [ 581.644093][T13590] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 581.644117][T13590] RSP: 002b:00007fbe2c79e028 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 581.644140][T13590] RAX: ffffffffffffffda RBX: 00007fbe2bc15fa0 RCX: 00007fbe2b99c799 [ 581.644157][T13590] RDX: 0000000000000001 RSI: 0000000000000006 RDI: 0000200000000080 [ 581.644172][T13590] RBP: 00007fbe2ba32c99 R08: 0000000000000000 R09: 00000000fffffffa [ 581.644187][T13590] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 581.644201][T13590] R13: 00007fbe2bc16038 R14: 00007fbe2bc15fa0 R15: 00007fff376b00f8 [ 581.644232][T13590] [ 582.532067][T13602] queue_state_write: unsupported operation '' [ 582.538586][T13602] queue_state_write: use 'run', 'start' or 'kick' [ 585.660172][T13649] block nbd0: NBD_DISCONNECT [ 586.675716][T13666] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2525'. [ 586.748158][T13668] netlink: 25 bytes leftover after parsing attributes in process `syz.4.2525'. [ 588.202214][T13683] netlink: 354 bytes leftover after parsing attributes in process `syz.0.2530'. [ 592.814305][T13746] FAULT_INJECTION: forcing a failure. [ 592.814305][T13746] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 592.958650][T13746] CPU: 0 UID: 0 PID: 13746 Comm: syz.0.2549 Tainted: G L syzkaller #0 PREEMPT(full) [ 592.958690][T13746] Tainted: [L]=SOFTLOCKUP [ 592.958698][T13746] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 592.958712][T13746] Call Trace: [ 592.958720][T13746] [ 592.958730][T13746] dump_stack_lvl+0x100/0x190 [ 592.958771][T13746] should_fail_ex.cold+0x5/0xa [ 592.958795][T13746] ? prepare_alloc_pages+0x16d/0x5f0 [ 592.958827][T13746] should_fail_alloc_page+0xeb/0x140 [ 592.958854][T13746] prepare_alloc_pages+0x1f0/0x5f0 [ 592.958882][T13746] ? kernel_text_address+0x8d/0x100 [ 592.958922][T13746] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 592.958960][T13746] ? __lock_acquire+0x4a5/0x2630 [ 592.958993][T13746] ? __lock_acquire+0x4a5/0x2630 [ 592.959029][T13746] ? __lock_acquire+0x4a5/0x2630 [ 592.959061][T13746] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 592.959101][T13746] ? __lock_acquire+0x4a5/0x2630 [ 592.959146][T13746] ? find_held_lock+0x2b/0x80 [ 592.959166][T13746] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 592.959209][T13746] ? policy_nodemask+0xed/0x4f0 [ 592.959236][T13746] alloc_pages_mpol+0x1fb/0x550 [ 592.959262][T13746] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 592.959296][T13746] ? arch_stack_walk+0xa6/0xf0 [ 592.959357][T13746] ? wiphy_new_nm+0x701/0x21a0 [ 592.959432][T13746] ___kmalloc_large_node+0x104/0x150 [ 592.959464][T13746] ? __pfx_ieee80211_emulate_add_chanctx+0x10/0x10 [ 592.959525][T13746] __kmalloc_large_node_noprof+0x1c/0x70 [ 592.959556][T13746] ? __pfx_ieee80211_emulate_remove_chanctx+0x10/0x10 [ 592.959608][T13746] __kmalloc_noprof+0x5be/0x850 [ 592.959649][T13746] ? __pfx_ieee80211_emulate_remove_chanctx+0x10/0x10 [ 592.959688][T13746] ? __pfx_ieee80211_emulate_add_chanctx+0x10/0x10 [ 592.959722][T13746] ? __pfx_mac80211_hwsim_link_info_changed+0x10/0x10 [ 592.959798][T13746] wiphy_new_nm+0x701/0x21a0 [ 592.959830][T13746] ? __pfx_ieee80211_emulate_remove_chanctx+0x10/0x10 [ 592.959866][T13746] ? __pfx_ieee80211_emulate_add_chanctx+0x10/0x10 [ 592.959900][T13746] ? __pfx_mac80211_hwsim_link_info_changed+0x10/0x10 [ 592.959931][T13746] ieee80211_alloc_hw_nm+0x1ac7/0x22a0 [ 592.959965][T13746] ? __local_bh_enable_ip+0x9e/0x120 [ 592.959996][T13746] mac80211_hwsim_new_radio+0x1e1/0x57d0 [ 592.960044][T13746] ? __asan_memset+0x23/0x50 [ 592.960078][T13746] ? __nla_validate_parse+0x1e7/0x28b0 [ 592.960140][T13746] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 592.960185][T13746] hwsim_new_radio_nl+0xc1f/0x1340 [ 592.960223][T13746] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 592.960266][T13746] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1a0/0x280 [ 592.960343][T13746] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1aa/0x280 [ 592.960388][T13746] genl_family_rcv_msg_doit+0x214/0x300 [ 592.960430][T13746] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 592.960467][T13746] ? genl_get_cmd+0x3ef/0x720 [ 592.960509][T13746] ? bpf_lsm_capable+0x9/0x10 [ 592.960534][T13746] ? security_capable+0x80/0x260 [ 592.960591][T13746] ? ns_capable+0xd2/0xf0 [ 592.960617][T13746] genl_rcv_msg+0x560/0x800 [ 592.960658][T13746] ? __pfx_genl_rcv_msg+0x10/0x10 [ 592.960696][T13746] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 592.960741][T13746] netlink_rcv_skb+0x159/0x420 [ 592.960774][T13746] ? __pfx_genl_rcv_msg+0x10/0x10 [ 592.960817][T13746] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 592.960862][T13746] ? netlink_deliver_tap+0x1ae/0xcc0 [ 592.960897][T13746] genl_rcv+0x28/0x40 [ 592.960930][T13746] netlink_unicast+0x5aa/0x870 [ 592.960966][T13746] ? __pfx_netlink_unicast+0x10/0x10 [ 592.961011][T13746] netlink_sendmsg+0x8b0/0xda0 [ 592.961049][T13746] ? __pfx_netlink_sendmsg+0x10/0x10 [ 592.961080][T13746] ? __import_iovec+0x1d2/0x640 [ 592.961135][T13746] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 592.961175][T13746] ____sys_sendmsg+0x9e1/0xb70 [ 592.961211][T13746] ? __pfx_netlink_sendmsg+0x10/0x10 [ 592.961246][T13746] ? __pfx_____sys_sendmsg+0x10/0x10 [ 592.961294][T13746] ? try_to_wake_up+0x644/0x1a80 [ 592.961325][T13746] ___sys_sendmsg+0x190/0x1e0 [ 592.961365][T13746] ? __pfx____sys_sendmsg+0x10/0x10 [ 592.961405][T13746] ? futex_private_hash_put+0x107/0x1c0 [ 592.961468][T13746] __sys_sendmsg+0x170/0x220 [ 592.961498][T13746] ? __pfx___sys_sendmsg+0x10/0x10 [ 592.961527][T13746] ? __x64_sys_futex+0x34f/0x4d0 [ 592.961576][T13746] do_syscall_64+0x106/0xf80 [ 592.961605][T13746] ? clear_bhb_loop+0x40/0x90 [ 592.961636][T13746] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 592.961662][T13746] RIP: 0033:0x7f1fa2b9c799 [ 592.961683][T13746] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 592.961707][T13746] RSP: 002b:00007f1fa3a65028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 592.961731][T13746] RAX: ffffffffffffffda RBX: 00007f1fa2e15fa0 RCX: 00007f1fa2b9c799 [ 592.961747][T13746] RDX: 0000000000008000 RSI: 0000200000000200 RDI: 0000000000000007 [ 592.961762][T13746] RBP: 00007f1fa2c32c99 R08: 0000000000000000 R09: 0000000000000000 [ 592.961777][T13746] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 592.961791][T13746] R13: 00007f1fa2e16038 R14: 00007f1fa2e15fa0 R15: 00007ffe01b09688 [ 592.961822][T13746] [ 594.274587][T13761] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2554'. [ 594.662102][T13767] futex_wake_op: syz.4.2557 tries to shift op by -2048; fix this program [ 594.715673][T13767] futex_wake_op: syz.4.2557 tries to shift op by -2048; fix this program [ 595.615929][T13784] netlink: 25 bytes leftover after parsing attributes in process `syz.3.2560'. [ 598.639936][T13029] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 601.474141][T13805] FAULT_INJECTION: forcing a failure. [ 601.474141][T13805] name failslab, interval 1, probability 0, space 0, times 0 [ 601.630824][T13805] CPU: 0 UID: 0 PID: 13805 Comm: syz.1.2567 Tainted: G L syzkaller #0 PREEMPT(full) [ 601.630863][T13805] Tainted: [L]=SOFTLOCKUP [ 601.630871][T13805] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 601.630886][T13805] Call Trace: [ 601.630894][T13805] [ 601.630903][T13805] dump_stack_lvl+0x100/0x190 [ 601.630944][T13805] should_fail_ex.cold+0x5/0xa [ 601.630973][T13805] should_failslab+0xc2/0x120 [ 601.630999][T13805] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 601.631042][T13805] ? __mpol_dup+0x74/0x370 [ 601.631076][T13805] __mpol_dup+0x74/0x370 [ 601.631108][T13805] ? __pfx___mpol_dup+0x10/0x10 [ 601.631136][T13805] ? kmem_cache_alloc_noprof+0x292/0x6e0 [ 601.631177][T13805] ? sp_alloc+0x27/0x160 [ 601.631212][T13805] sp_alloc+0x4d/0x160 [ 601.631241][T13805] mpol_set_shared_policy+0xa5/0x8a0 [ 601.631278][T13805] ? __pfx_shmem_set_policy+0x10/0x10 [ 601.631304][T13805] mbind_range+0x339/0x550 [ 601.631337][T13805] do_mbind+0x7de/0xfd0 [ 601.631373][T13805] ? __might_fault+0xc5/0x140 [ 601.631407][T13805] ? __pfx_do_mbind+0x10/0x10 [ 601.631442][T13805] ? _copy_from_user+0x59/0xd0 [ 601.631541][T13805] ? __pfx_get_nodes+0x10/0x10 [ 601.631587][T13805] kernel_mbind+0x1b7/0x200 [ 601.631619][T13805] ? __pfx_kernel_mbind+0x10/0x10 [ 601.631658][T13805] do_syscall_64+0x106/0xf80 [ 601.631687][T13805] ? clear_bhb_loop+0x40/0x90 [ 601.631717][T13805] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 601.631742][T13805] RIP: 0033:0x7ff941f9c799 [ 601.631762][T13805] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 601.631786][T13805] RSP: 002b:00007ff942dea028 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed [ 601.631809][T13805] RAX: ffffffffffffffda RBX: 00007ff942215fa0 RCX: 00007ff941f9c799 [ 601.631825][T13805] RDX: 0000000000008003 RSI: 0000000000800605 RDI: 0000000000000000 [ 601.631840][T13805] RBP: 00007ff942032c99 R08: 0000000000000003 R09: 0000000000000003 [ 601.631858][T13805] R10: 0000200000000100 R11: 0000000000000246 R12: 0000000000000000 [ 601.631873][T13805] R13: 00007ff942216038 R14: 00007ff942215fa0 R15: 00007ffcc8df6558 [ 601.631904][T13805] [ 603.503461][T13835] netlink: 54 bytes leftover after parsing attributes in process `syz.3.2576'. [ 604.483974][T13846] FAULT_INJECTION: forcing a failure. [ 604.483974][T13846] name failslab, interval 1, probability 0, space 0, times 0 [ 604.569938][T13846] CPU: 0 UID: 0 PID: 13846 Comm: syz.3.2579 Tainted: G L syzkaller #0 PREEMPT(full) [ 604.569978][T13846] Tainted: [L]=SOFTLOCKUP [ 604.569987][T13846] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 604.570001][T13846] Call Trace: [ 604.570009][T13846] [ 604.570018][T13846] dump_stack_lvl+0x100/0x190 [ 604.570059][T13846] should_fail_ex.cold+0x5/0xa [ 604.570088][T13846] should_failslab+0xc2/0x120 [ 604.570114][T13846] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 604.570150][T13846] ? alloc_empty_file+0x55/0x1c0 [ 604.570180][T13846] ? __pfx_stack_trace_save+0x10/0x10 [ 604.570209][T13846] alloc_empty_file+0x55/0x1c0 [ 604.570239][T13846] path_openat+0xe8/0x31a0 [ 604.570262][T13846] ? kasan_save_stack+0x3f/0x50 [ 604.570298][T13846] ? kasan_save_stack+0x30/0x50 [ 604.570334][T13846] ? kasan_save_track+0x14/0x30 [ 604.570370][T13846] ? __kasan_slab_alloc+0x89/0x90 [ 604.570391][T13846] ? kmem_cache_alloc_noprof+0x241/0x6e0 [ 604.570426][T13846] ? do_getname+0x35/0x390 [ 604.570454][T13846] ? do_sys_openat2+0xc5/0x1e0 [ 604.570485][T13846] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 604.570514][T13846] ? __pfx_path_openat+0x10/0x10 [ 604.570549][T13846] do_file_open+0x20e/0x430 [ 604.570575][T13846] ? __pfx_do_file_open+0x10/0x10 [ 604.570621][T13846] ? alloc_fd+0x476/0x790 [ 604.570647][T13846] ? do_getname+0x191/0x390 [ 604.570679][T13846] do_sys_openat2+0x10d/0x1e0 [ 604.570717][T13846] ? __pfx_do_sys_openat2+0x10/0x10 [ 604.570761][T13846] __x64_sys_openat+0x12d/0x210 [ 604.570795][T13846] ? __pfx___x64_sys_openat+0x10/0x10 [ 604.570843][T13846] do_syscall_64+0x106/0xf80 [ 604.570873][T13846] ? clear_bhb_loop+0x40/0x90 [ 604.570902][T13846] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 604.570928][T13846] RIP: 0033:0x7fbe2b99c799 [ 604.570947][T13846] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 604.570971][T13846] RSP: 002b:00007fbe2c79e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 604.570994][T13846] RAX: ffffffffffffffda RBX: 00007fbe2bc15fa0 RCX: 00007fbe2b99c799 [ 604.571010][T13846] RDX: 0000000000080201 RSI: 0000000000000000 RDI: ffffffffffffff9c [ 604.571025][T13846] RBP: 00007fbe2ba32c99 R08: 0000000000000000 R09: 0000000000000000 [ 604.571040][T13846] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 604.571054][T13846] R13: 00007fbe2bc16038 R14: 00007fbe2bc15fa0 R15: 00007fff376b00f8 [ 604.571085][T13846] [ 606.369309][T13862] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input9 [ 607.176130][T13880] netlink: 186 bytes leftover after parsing attributes in process `syz.3.2590'. [ 608.425813][T13886] netlink: 354 bytes leftover after parsing attributes in process `syz.4.2599'. [ 612.444480][T13932] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2604'. [ 612.518953][T13935] netlink: 354 bytes leftover after parsing attributes in process `syz.3.2604'. [ 613.990912][T13944] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2608'. [ 614.281077][ C0] vcan0: j1939_tp_rxtimer: 0xffff8880341f2400: rx timeout, send abort [ 614.789496][ C0] vcan0: j1939_tp_rxtimer: 0xffff8880341f2400: abort rx timeout. Force session deactivation [ 617.153207][T13979] vcan0: tx drop: invalid sa for name 0x00000000000000fd [ 617.409226][T13985] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2621'. [ 617.462171][T13986] netlink: 354 bytes leftover after parsing attributes in process `syz.4.2621'. [ 619.083264][T13997] zswap: compressor not available [ 619.173936][T14007] netlink: 246 bytes leftover after parsing attributes in process `syz.4.2626'. [ 620.362413][T14015] netlink: 25 bytes leftover after parsing attributes in process `syz.4.2629'. [ 622.655645][T14039] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2635'. [ 622.747831][T14038] HfR: entered promiscuous mode [ 622.802417][T14039] HfR: left promiscuous mode [ 624.573447][T14056] cougar: G6 mapped to space [ 624.645675][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.652217][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 628.240504][T13029] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 628.675312][T14103] netlink: 25 bytes leftover after parsing attributes in process `syz.0.2651'. [ 629.686024][T14107] netlink: 62 bytes leftover after parsing attributes in process `syz.4.2652'. [ 629.772511][T14107] netlink: 62 bytes leftover after parsing attributes in process `syz.4.2652'. [ 629.831424][T14107] netlink: 62 bytes leftover after parsing attributes in process `syz.4.2652'. [ 629.887626][T14107] netlink: 62 bytes leftover after parsing attributes in process `syz.4.2652'. [ 630.047734][T14107] netlink: 62 bytes leftover after parsing attributes in process `syz.4.2652'. [ 630.086152][T14107] netlink: 62 bytes leftover after parsing attributes in process `syz.4.2652'. [ 630.159682][T14107] netlink: 62 bytes leftover after parsing attributes in process `syz.4.2652'. [ 630.208225][T14107] netlink: 62 bytes leftover after parsing attributes in process `syz.4.2652'. [ 630.249376][T14110] netlink: 25 bytes leftover after parsing attributes in process `syz.0.2653'. [ 630.351997][ T49] [drm:drm_crtc_add_crc_entry] *ERROR* Overflow of CRC buffer, userspace reads too slow. [ 631.501408][T14121] sg_write: data in/out 262169/4198358 bytes for SCSI command 0x0-- guessing data in; [ 631.501408][T14121] program syz.3.2658 not setting count and/or reply_len properly [ 631.578631][T14124] program syz.3.2658 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 633.122254][T13029] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 634.156246][T14159] __nla_validate_parse: 13 callbacks suppressed [ 634.156267][T14159] netlink: 29 bytes leftover after parsing attributes in process `syz.3.2670'. [ 634.254715][T13029] Bluetooth: hci3: unexpected event 0x02 length: 726 > 260 [ 634.433897][T14167] netlink: 338 bytes leftover after parsing attributes in process `syz.3.2672'. [ 634.522511][T14167] netlink: 338 bytes leftover after parsing attributes in process `syz.3.2672'. [ 634.580167][T14170] netlink: 306 bytes leftover after parsing attributes in process `syz.3.2672'. [ 634.612859][T14167] netlink: 338 bytes leftover after parsing attributes in process `syz.3.2672'. [ 634.675558][T14167] netlink: 338 bytes leftover after parsing attributes in process `syz.3.2672'. [ 634.710811][T14167] netlink: 338 bytes leftover after parsing attributes in process `syz.3.2672'. [ 634.761833][T14167] netlink: 338 bytes leftover after parsing attributes in process `syz.3.2672'. [ 634.807894][T14167] netlink: 338 bytes leftover after parsing attributes in process `syz.3.2672'. [ 634.845851][T14167] netlink: 338 bytes leftover after parsing attributes in process `syz.3.2672'. [ 634.949447][T14172] netlink: 'syz.1.2673': attribute type 10 has an invalid length. [ 639.275571][T14245] netlink: 'syz.4.2693': attribute type 4 has an invalid length. [ 639.352852][T14245] netlink: 'syz.4.2693': attribute type 5 has an invalid length. [ 639.422815][T14245] __nla_validate_parse: 4 callbacks suppressed [ 639.422834][T14245] netlink: 10 bytes leftover after parsing attributes in process `syz.4.2693'. [ 639.986958][T14253] netlink: 338 bytes leftover after parsing attributes in process `syz.0.2702'. [ 640.129019][T14255] netlink: 338 bytes leftover after parsing attributes in process `syz.0.2702'. [ 640.220484][T14253] netlink: 306 bytes leftover after parsing attributes in process `syz.0.2702'. [ 640.285552][T14255] netlink: 338 bytes leftover after parsing attributes in process `syz.0.2702'. [ 640.410864][T14255] netlink: 338 bytes leftover after parsing attributes in process `syz.0.2702'. [ 640.501597][T14255] netlink: 338 bytes leftover after parsing attributes in process `syz.0.2702'. [ 640.578729][T14255] netlink: 338 bytes leftover after parsing attributes in process `syz.0.2702'. [ 640.640345][T14255] netlink: 338 bytes leftover after parsing attributes in process `syz.0.2702'. [ 640.758813][T14255] netlink: 338 bytes leftover after parsing attributes in process `syz.0.2702'. [ 640.894227][T14264] forcing mempool usage for bio_alloc_bioset+0x392/0x850 [ 641.392444][T14267] random: crng reseeded on system resumption [ 641.474772][T13029] Bluetooth: hci0: SCO packet for unknown connection handle 0 [ 641.991310][T14276] FAULT_INJECTION: forcing a failure. [ 641.991310][T14276] name failslab, interval 1, probability 0, space 0, times 0 [ 642.126510][T14276] CPU: 0 UID: 0 PID: 14276 Comm: syz.1.2700 Tainted: G L syzkaller #0 PREEMPT(full) [ 642.126549][T14276] Tainted: [L]=SOFTLOCKUP [ 642.126557][T14276] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 642.126575][T14276] Call Trace: [ 642.126583][T14276] [ 642.126592][T14276] dump_stack_lvl+0x100/0x190 [ 642.126634][T14276] should_fail_ex.cold+0x5/0xa [ 642.126663][T14276] should_failslab+0xc2/0x120 [ 642.126690][T14276] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 642.126727][T14276] ? ptlock_alloc+0x1f/0x70 [ 642.126765][T14276] ptlock_alloc+0x1f/0x70 [ 642.126797][T14276] pte_alloc_one+0x82/0x3d0 [ 642.126824][T14276] do_fault+0x88e/0x1990 [ 642.126851][T14276] ? __pmd_alloc+0x3fb/0x950 [ 642.126891][T14276] __handle_mm_fault+0x180f/0x2b60 [ 642.126929][T14276] ? mt_find+0x45e/0x8e0 [ 642.126965][T14276] ? __pfx___handle_mm_fault+0x10/0x10 [ 642.126997][T14276] ? __pfx_mt_find+0x10/0x10 [ 642.127044][T14276] ? find_vma+0xbf/0x140 [ 642.127067][T14276] ? __pfx_find_vma+0x10/0x10 [ 642.127092][T14276] handle_mm_fault+0x36d/0xa20 [ 642.127132][T14276] do_user_addr_fault+0x74c/0x12f0 [ 642.127181][T14276] exc_page_fault+0x6f/0xd0 [ 642.127211][T14276] asm_exc_page_fault+0x26/0x30 [ 642.127235][T14276] RIP: 0010:rep_movs_alternative+0x30/0x90 [ 642.127274][T14276] Code: 83 f9 08 73 25 85 c9 74 0f 8a 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 e9 fd 93 04 00 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 <48> 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 [ 642.127298][T14276] RSP: 0018:ffffc90004047b78 EFLAGS: 00050212 [ 642.127317][T14276] RAX: 0000000000000001 RBX: 0000000000000000 RCX: 0000000000000022 [ 642.127332][T14276] RDX: 0000000000000001 RSI: 0000000000000000 RDI: ffffc90004047bd8 [ 642.127347][T14276] RBP: 0000000000000022 R08: 0000000000000001 R09: fffff52000808f7f [ 642.127362][T14276] R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000000 [ 642.127376][T14276] R13: ffffc90004047bd8 R14: ffffc90004047ca0 R15: ffffc90004047bd8 [ 642.127407][T14276] _copy_from_user+0x98/0xd0 [ 642.127433][T14276] kstrtouint_from_user+0xd6/0x1d0 [ 642.127495][T14276] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 642.127526][T14276] ? __lock_acquire+0x4a5/0x2630 [ 642.127561][T14276] ? lock_acquire+0x1cf/0x380 [ 642.127598][T14276] proc_fail_nth_write+0x83/0x220 [ 642.127629][T14276] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 642.127667][T14276] vfs_write+0x2aa/0x1070 [ 642.127708][T14276] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 642.127740][T14276] ? __pfx_vfs_write+0x10/0x10 [ 642.127778][T14276] ? __fget_files+0x215/0x3d0 [ 642.127806][T14276] ? __fget_files+0x21f/0x3d0 [ 642.127837][T14276] ksys_write+0x12a/0x250 [ 642.127858][T14276] ? __pfx_ksys_write+0x10/0x10 [ 642.127894][T14276] do_syscall_64+0x106/0xf80 [ 642.127923][T14276] ? clear_bhb_loop+0x40/0x90 [ 642.127952][T14276] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 642.127977][T14276] RIP: 0033:0x7ff941f9c799 [ 642.127997][T14276] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 642.128020][T14276] RSP: 002b:00007ff942dea028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 642.128042][T14276] RAX: ffffffffffffffda RBX: 00007ff942215fa0 RCX: 00007ff941f9c799 [ 642.128058][T14276] RDX: 0000000000100082 RSI: 0000000000000000 RDI: 0000000000000003 [ 642.128072][T14276] RBP: 00007ff942032c99 R08: 0000000000000000 R09: 0000000000000000 [ 642.128087][T14276] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 642.128101][T14276] R13: 00007ff942216038 R14: 00007ff942215fa0 R15: 00007ffcc8df6558 [ 642.128133][T14276] [ 645.838440][T14324] __nla_validate_parse: 2 callbacks suppressed [ 645.838460][T14324] netlink: 86 bytes leftover after parsing attributes in process `syz.4.2713'. [ 645.867097][T14322] FAULT_INJECTION: forcing a failure. [ 645.867097][T14322] name failslab, interval 1, probability 0, space 0, times 0 [ 646.017901][T14322] CPU: 0 UID: 0 PID: 14322 Comm: syz.0.2711 Tainted: G L syzkaller #0 PREEMPT(full) [ 646.017941][T14322] Tainted: [L]=SOFTLOCKUP [ 646.017949][T14322] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 646.017964][T14322] Call Trace: [ 646.017971][T14322] [ 646.017980][T14322] dump_stack_lvl+0x100/0x190 [ 646.018022][T14322] should_fail_ex.cold+0x5/0xa [ 646.018050][T14322] should_failslab+0xc2/0x120 [ 646.018076][T14322] kmem_cache_alloc_node_noprof+0x81/0x6f0 [ 646.018118][T14322] ? blk_alloc_queue+0x31/0x790 [ 646.018221][T14322] blk_alloc_queue+0x31/0x790 [ 646.018251][T14322] blk_mq_alloc_queue+0x174/0x290 [ 646.018286][T14322] ? __pfx_blk_mq_alloc_queue+0x10/0x10 [ 646.018336][T14322] ? blk_mq_alloc_tag_set+0xe2c/0x1330 [ 646.018377][T14322] __blk_mq_alloc_disk+0x29/0x120 [ 646.018412][T14322] loop_add+0x498/0xb60 [ 646.018441][T14322] ? __pfx_loop_add+0x10/0x10 [ 646.018486][T14322] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 646.018531][T14322] loop_control_ioctl+0xae/0x620 [ 646.018561][T14322] ? __pfx_loop_control_ioctl+0x10/0x10 [ 646.018590][T14322] ? xfd_validate_state+0x129/0x190 [ 646.018627][T14322] ? __pfx_loop_control_ioctl+0x10/0x10 [ 646.018659][T14322] __x64_sys_ioctl+0x18e/0x210 [ 646.018697][T14322] do_syscall_64+0x106/0xf80 [ 646.018725][T14322] ? clear_bhb_loop+0x40/0x90 [ 646.018755][T14322] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 646.018780][T14322] RIP: 0033:0x7f1fa2b9c799 [ 646.018800][T14322] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 646.018834][T14322] RSP: 002b:00007f1fa3a65028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 646.018858][T14322] RAX: ffffffffffffffda RBX: 00007f1fa2e15fa0 RCX: 00007f1fa2b9c799 [ 646.018874][T14322] RDX: fffffffffffffffd RSI: 0000000000004c80 RDI: 0000000000000002 [ 646.018890][T14322] RBP: 00007f1fa2c32c99 R08: 0000000000000000 R09: 0000000000000000 [ 646.018904][T14322] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 646.018921][T14322] R13: 00007f1fa2e16038 R14: 00007f1fa2e15fa0 R15: 00007ffe01b09688 [ 646.018953][T14322] [ 648.373875][T14345] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2721'. [ 652.228159][T13029] Bluetooth: hci3: unexpected event 0x3e length: 726 > 260 [ 652.228192][T13029] Bluetooth: hci3: unexpected subevent 0x0d length: 725 > 260 [ 652.245431][T13029] Bluetooth: hci3: Unknown advertising packet type: 0x7f [ 652.245480][T13029] Bluetooth: hci3: adv larger than maximum supported [ 652.255714][T13029] Bluetooth: hci3: adv larger than maximum supported [ 652.262753][T13029] Bluetooth: hci3: Malformed LE Event: 0x0d [ 653.125012][T14397] netlink: 'syz.1.2733': attribute type 4 has an invalid length. [ 653.166048][T14397] netlink: 'syz.1.2733': attribute type 5 has an invalid length. [ 653.201211][T14397] netlink: 10 bytes leftover after parsing attributes in process `syz.1.2733'. [ 656.579350][T14448] netlink: 330 bytes leftover after parsing attributes in process `syz.3.2747'. [ 656.840443][T13029] Bluetooth: hci4: ACL packet for unknown connection handle 0 [ 659.600541][T13029] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 660.502048][T14490] netlink: 252 bytes leftover after parsing attributes in process `syz.1.2754'. [ 660.585879][T14491] netlink: 252 bytes leftover after parsing attributes in process `syz.1.2754'. [ 660.823215][T14493] netlink: 342 bytes leftover after parsing attributes in process `syz.4.2755'. [ 660.921308][T14497] netlink: 330 bytes leftover after parsing attributes in process `syz.1.2757'. [ 661.845944][T14511] netlink: 186 bytes leftover after parsing attributes in process `syz.1.2761'. [ 665.750450][T14561] cougar: G6 mapped to space [ 666.448132][T13029] Bluetooth: hci3: ACL packet for unknown connection handle 0 [ 669.712871][ T55] [drm:drm_crtc_add_crc_entry] *ERROR* Overflow of CRC buffer, userspace reads too slow. [ 670.125554][T14601] netlink: 'syz.3.2786': attribute type 29 has an invalid length. [ 670.170857][T14601] netlink: 'syz.3.2786': attribute type 30 has an invalid length. [ 670.178790][T14601] netlink: 'syz.3.2786': attribute type 31 has an invalid length. [ 670.258268][T14601] netlink: 'syz.3.2786': attribute type 32 has an invalid length. [ 670.306985][T14601] netlink: 'syz.3.2786': attribute type 33 has an invalid length. [ 670.348972][T14601] netlink: 'syz.3.2786': attribute type 35 has an invalid length. [ 670.410011][T14601] netlink: 'syz.3.2786': attribute type 37 has an invalid length. [ 670.442841][T14601] netlink: 18 bytes leftover after parsing attributes in process `syz.3.2786'. [ 672.421036][T14621] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2790'. [ 672.480565][T14621] unsupported nlmsg_type 40 [ 673.526040][T13029] Bluetooth: hci0: ACL packet for unknown connection handle 0 [ 674.489131][T14642] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2796'. [ 674.677882][T14644] netlink: 354 bytes leftover after parsing attributes in process `syz.3.2797'. [ 675.436931][T14656] netlink: 25 bytes leftover after parsing attributes in process `syz.3.2800'. [ 675.752665][T14658] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2801'. [ 675.818426][T14658] netlink: 13 bytes leftover after parsing attributes in process `syz.3.2801'. [ 676.983342][T14676] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2807'. [ 677.160132][T14682] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2808'. [ 677.233322][T14680] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2809'. [ 677.290195][T14687] netlink: 17 bytes leftover after parsing attributes in process `syz.1.2809'. [ 677.679980][T14694] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2812'. [ 677.736972][T14694] netlink: 'syz.1.2812': attribute type 1 has an invalid length. [ 677.801333][T14694] netlink: 'syz.1.2812': attribute type 6 has an invalid length. [ 679.396296][T14729] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2820'. [ 679.470133][T14729] netlink: 25 bytes leftover after parsing attributes in process `syz.1.2820'. [ 682.693479][T14782] netlink: 252 bytes leftover after parsing attributes in process `syz.3.2833'. [ 682.756216][T14783] netlink: 252 bytes leftover after parsing attributes in process `syz.3.2833'. [ 683.009577][T13029] Bluetooth: hci1: ACL packet for unknown connection handle 0 [ 683.355274][T14794] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2836'. [ 685.633793][T14821] FAULT_INJECTION: forcing a failure. [ 685.633793][T14821] name failslab, interval 1, probability 0, space 0, times 0 [ 685.767333][T14821] CPU: 0 UID: 0 PID: 14821 Comm: syz.0.2851 Tainted: G L syzkaller #0 PREEMPT(full) [ 685.767371][T14821] Tainted: [L]=SOFTLOCKUP [ 685.767380][T14821] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 685.767394][T14821] Call Trace: [ 685.767401][T14821] [ 685.767411][T14821] dump_stack_lvl+0x100/0x190 [ 685.767456][T14821] should_fail_ex.cold+0x5/0xa [ 685.767485][T14821] should_failslab+0xc2/0x120 [ 685.767512][T14821] __kvmalloc_node_noprof+0xfa/0xa00 [ 685.767551][T14821] ? bucket_table_alloc.isra.0+0x88/0x460 [ 685.767598][T14821] bucket_table_alloc.isra.0+0x88/0x460 [ 685.767644][T14821] rhashtable_init_noprof+0x43b/0x7d0 [ 685.767680][T14821] ? __init_waitqueue_head+0xca/0x150 [ 685.767722][T14821] rhltable_init_noprof+0x20/0x60 [ 685.767759][T14821] sta_info_init+0x5f/0x160 [ 685.767790][T14821] ieee80211_alloc_hw_nm+0x836/0x22a0 [ 685.767825][T14821] ? __local_bh_enable_ip+0x9e/0x120 [ 685.767855][T14821] mac80211_hwsim_new_radio+0x1e1/0x57d0 [ 685.767905][T14821] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 685.767949][T14821] ? __nla_validate_parse+0x1e7/0x28b0 [ 685.767982][T14821] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 685.768026][T14821] hwsim_new_radio_nl+0xc1f/0x1340 [ 685.768064][T14821] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 685.768107][T14821] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1a0/0x280 [ 685.768148][T14821] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1aa/0x280 [ 685.768193][T14821] genl_family_rcv_msg_doit+0x214/0x300 [ 685.768233][T14821] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 685.768271][T14821] ? genl_get_cmd+0x3ef/0x720 [ 685.768312][T14821] ? bpf_lsm_capable+0x9/0x10 [ 685.768338][T14821] ? security_capable+0x80/0x260 [ 685.768376][T14821] ? ns_capable+0xd2/0xf0 [ 685.768401][T14821] genl_rcv_msg+0x560/0x800 [ 685.768441][T14821] ? __pfx_genl_rcv_msg+0x10/0x10 [ 685.768479][T14821] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 685.768524][T14821] netlink_rcv_skb+0x159/0x420 [ 685.768556][T14821] ? __pfx_genl_rcv_msg+0x10/0x10 [ 685.768594][T14821] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 685.768644][T14821] ? netlink_deliver_tap+0x1ae/0xcc0 [ 685.768679][T14821] genl_rcv+0x28/0x40 [ 685.768712][T14821] netlink_unicast+0x5aa/0x870 [ 685.768749][T14821] ? __pfx_netlink_unicast+0x10/0x10 [ 685.768794][T14821] netlink_sendmsg+0x8b0/0xda0 [ 685.768831][T14821] ? __pfx_netlink_sendmsg+0x10/0x10 [ 685.768863][T14821] ? __import_iovec+0x1d2/0x640 [ 685.768889][T14821] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 685.768929][T14821] ____sys_sendmsg+0x9e1/0xb70 [ 685.768965][T14821] ? __pfx_netlink_sendmsg+0x10/0x10 [ 685.769000][T14821] ? __pfx_____sys_sendmsg+0x10/0x10 [ 685.769043][T14821] ? __pfx_futex_wake_mark+0x10/0x10 [ 685.769086][T14821] ___sys_sendmsg+0x190/0x1e0 [ 685.769126][T14821] ? __pfx____sys_sendmsg+0x10/0x10 [ 685.769201][T14821] __sys_sendmsg+0x170/0x220 [ 685.769231][T14821] ? __pfx___sys_sendmsg+0x10/0x10 [ 685.769260][T14821] ? __x64_sys_futex+0x34f/0x4d0 [ 685.769309][T14821] do_syscall_64+0x106/0xf80 [ 685.769339][T14821] ? clear_bhb_loop+0x40/0x90 [ 685.769370][T14821] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 685.769395][T14821] RIP: 0033:0x7f1fa2b9c799 [ 685.769415][T14821] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 685.769439][T14821] RSP: 002b:00007f1fa3a44028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 685.769461][T14821] RAX: ffffffffffffffda RBX: 00007f1fa2e16090 RCX: 00007f1fa2b9c799 [ 685.769477][T14821] RDX: 0000000000008000 RSI: 0000200000000200 RDI: 0000000000000006 [ 685.769492][T14821] RBP: 00007f1fa2c32c99 R08: 0000000000000000 R09: 0000000000000000 [ 685.769507][T14821] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 685.769521][T14821] R13: 00007f1fa2e16128 R14: 00007f1fa2e16090 R15: 00007ffe01b09688 [ 685.769552][T14821] [ 686.815945][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 686.826003][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 690.072242][T13029] Bluetooth: hci0: ACL packet for unknown connection handle 0 [ 691.016840][T14861] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2855'. [ 691.189385][T14861] i: entered promiscuous mode [ 691.253492][T14864] HfR: entered promiscuous mode [ 691.345416][T14867] netlink: 246 bytes leftover after parsing attributes in process `syz.1.2857'. [ 696.109341][T14925] netlink: 186 bytes leftover after parsing attributes in process `syz.1.2872'. [ 701.917023][T14995] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 702.094900][T14995] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 702.235667][T14995] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 702.398270][T14995] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 702.531551][T14995] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 703.406224][ T30] audit: type=1800 audit(4294967317.320:9): pid=15013 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.2897" name="dbroot" dev="configfs" ino=58335 res=0 errno=0 [ 703.925620][T13029] Bluetooth: hci1: command 0x0c1a tx timeout [ 704.160092][T13029] Bluetooth: hci3: command 0x0c1a tx timeout [ 704.239818][T13029] Bluetooth: hci0: command 0x0c1a tx timeout [ 704.399834][T13029] Bluetooth: hci4: command 0x0406 tx timeout [ 705.778339][T15039] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2908'. [ 705.841868][T15039] netlink: 'syz.4.2908': attribute type 1 has an invalid length. [ 705.849647][T15039] netlink: 'syz.4.2908': attribute type 6 has an invalid length. [ 706.479824][ T5833] Bluetooth: hci4: command 0x0406 tx timeout [ 707.201527][T15056] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2912'. [ 707.590065][T15056] team0 (unregistering): Port device team_slave_0 removed [ 707.791759][T15056] team0 (unregistering): Port device team_slave_1 removed [ 708.321820][T13029] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 708.581444][T15065] netlink: 'syz.1.2914': attribute type 2 has an invalid length. [ 708.682516][T15065] netlink: 'syz.1.2914': attribute type 3 has an invalid length. [ 708.775246][T15065] netlink: 158 bytes leftover after parsing attributes in process `syz.1.2914'. [ 708.876866][T15065] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2914'. [ 709.842902][T15081] netlink: 'syz.0.2921': attribute type 1 has an invalid length. [ 709.902150][T15081] netlink: 9 bytes leftover after parsing attributes in process `syz.0.2921'. [ 710.092783][T15084] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2920'. [ 710.191744][T15091] netlink: 'syz.3.2920': attribute type 1 has an invalid length. [ 710.293204][T15091] netlink: 13 bytes leftover after parsing attributes in process `syz.3.2920'. [ 712.271042][T15111] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2928'. [ 713.617331][T13029] Bluetooth: hci0: unexpected event 0x05 length: 43 > 4 [ 714.925680][ T1101] netdevsim netdevsim1335 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 715.261832][T15139] netlink: 25 bytes leftover after parsing attributes in process `syz.0.2938'. [ 716.886491][T15162] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2947'. [ 716.983750][T15162] veth1_macvtap: left promiscuous mode [ 717.943050][T15174] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2950'. [ 718.070710][T15174] bond0: (slave bond_slave_1): Releasing backup interface [ 718.890906][ T5833] Bluetooth: hci3: ACL packet for unknown connection handle 0 [ 719.360935][T13029] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 721.184152][T15209] netlink: 2468 bytes leftover after parsing attributes in process `syz.1.2959'. [ 722.272872][T15234] FAULT_INJECTION: forcing a failure. [ 722.272872][T15234] name failslab, interval 1, probability 0, space 0, times 0 [ 722.335578][T15234] CPU: 0 UID: 0 PID: 15234 Comm: syz.1.2969 Tainted: G L syzkaller #0 PREEMPT(full) [ 722.335625][T15234] Tainted: [L]=SOFTLOCKUP [ 722.335633][T15234] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 722.335648][T15234] Call Trace: [ 722.335656][T15234] [ 722.335665][T15234] dump_stack_lvl+0x100/0x190 [ 722.335707][T15234] should_fail_ex.cold+0x5/0xa [ 722.335735][T15234] ? argv_split+0x173/0x420 [ 722.335829][T15234] should_failslab+0xc2/0x120 [ 722.335854][T15234] __kmalloc_noprof+0xe0/0x850 [ 722.335892][T15234] ? __asan_memcpy+0x3c/0x60 [ 722.335930][T15234] argv_split+0x173/0x420 [ 722.335956][T15234] ? __pfx___trace_uprobe_create+0x10/0x10 [ 722.335983][T15234] trace_probe_create+0x7d/0x100 [ 722.336021][T15234] ? __pfx_trace_probe_create+0x10/0x10 [ 722.336066][T15234] create_dyn_event+0xee/0x1d0 [ 722.336097][T15234] trace_parse_run_command+0x1ab/0x3b0 [ 722.336134][T15234] ? __pfx_create_dyn_event+0x10/0x10 [ 722.336169][T15234] vfs_write+0x2aa/0x1070 [ 722.336210][T15234] ? __pfx_dyn_event_write+0x10/0x10 [ 722.336242][T15234] ? __pfx_vfs_write+0x10/0x10 [ 722.336279][T15234] ? __fget_files+0x215/0x3d0 [ 722.336308][T15234] ? __fget_files+0x21f/0x3d0 [ 722.336338][T15234] ksys_write+0x12a/0x250 [ 722.336360][T15234] ? __pfx_ksys_write+0x10/0x10 [ 722.336390][T15234] do_syscall_64+0x106/0xf80 [ 722.336419][T15234] ? clear_bhb_loop+0x40/0x90 [ 722.336449][T15234] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 722.336474][T15234] RIP: 0033:0x7ff941f9c799 [ 722.336501][T15234] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 722.336525][T15234] RSP: 002b:00007ff942dea028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 722.336549][T15234] RAX: ffffffffffffffda RBX: 00007ff942215fa0 RCX: 00007ff941f9c799 [ 722.336565][T15234] RDX: 0000000000000001 RSI: 0000200000000000 RDI: 0000000000000007 [ 722.336579][T15234] RBP: 00007ff942032c99 R08: 0000000000000000 R09: 0000000000000000 [ 722.336598][T15234] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 722.336612][T15234] R13: 00007ff942216038 R14: 00007ff942215fa0 R15: 00007ffcc8df6558 [ 722.336644][T15234] [ 723.307455][T13029] Bluetooth: hci4: ACL packet for unknown connection handle 0 [ 723.538397][T15244] netlink: 25 bytes leftover after parsing attributes in process `syz.0.2970'. [ 724.511024][T15263] netlink: Unknown conntrack attr (type=257, max=9) [ 724.571843][ T30] audit: type=1326 audit(4294967338.490:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15259 comm="syz.4.2976" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f739099c799 code=0x0 [ 725.827924][T15279] FAULT_INJECTION: forcing a failure. [ 725.827924][T15279] name failslab, interval 1, probability 0, space 0, times 0 [ 725.961461][T15279] CPU: 0 UID: 0 PID: 15279 Comm: syz.3.2981 Tainted: G L syzkaller #0 PREEMPT(full) [ 725.961500][T15279] Tainted: [L]=SOFTLOCKUP [ 725.961508][T15279] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 725.961523][T15279] Call Trace: [ 725.961530][T15279] [ 725.961540][T15279] dump_stack_lvl+0x100/0x190 [ 725.961581][T15279] should_fail_ex.cold+0x5/0xa [ 725.961609][T15279] ? memcg_list_lru_alloc+0x4ec/0x740 [ 725.961647][T15279] should_failslab+0xc2/0x120 [ 725.961672][T15279] __kmalloc_noprof+0xe0/0x850 [ 725.961709][T15279] ? ipcget+0xee/0xf50 [ 725.961741][T15279] memcg_list_lru_alloc+0x4ec/0x740 [ 725.961785][T15279] ? __pfx_memcg_list_lru_alloc+0x10/0x10 [ 725.961821][T15279] ? rcu_read_unlock+0x17/0x60 [ 725.961855][T15279] ? get_mem_cgroup_from_objcg+0xd3/0x330 [ 725.961895][T15279] __memcg_slab_post_alloc_hook+0x130/0x990 [ 725.961929][T15279] ? kasan_save_track+0x14/0x30 [ 725.961970][T15279] kmem_cache_alloc_lru_noprof+0x592/0x6e0 [ 725.962007][T15279] ? hugetlbfs_alloc_inode+0x8c/0x1d0 [ 725.962077][T15279] hugetlbfs_alloc_inode+0x8c/0x1d0 [ 725.962101][T15279] ? __pfx_hugetlbfs_alloc_inode+0x10/0x10 [ 725.962126][T15279] alloc_inode+0x68/0x250 [ 725.962158][T15279] new_inode+0x22/0x1c0 [ 725.962192][T15279] hugetlbfs_get_inode+0x313/0x750 [ 725.962221][T15279] hugetlb_file_setup+0x3cc/0x5b0 [ 725.962251][T15279] newseg+0xabb/0xed0 [ 725.962282][T15279] ? __pfx_newseg+0x10/0x10 [ 725.962307][T15279] ? down_write+0x146/0x1f0 [ 725.962341][T15279] ? ksys_write+0x190/0x250 [ 725.962362][T15279] ? ksys_write+0x190/0x250 [ 725.962387][T15279] ipcget+0xee/0xf50 [ 725.962413][T15279] ? do_futex+0x192/0x350 [ 725.962444][T15279] ? __pfx_do_futex+0x10/0x10 [ 725.962483][T15279] ? __pfx_ipcget+0x10/0x10 [ 725.962510][T15279] ? __x64_sys_futex+0x34f/0x4d0 [ 725.962541][T15279] ? __x64_sys_futex+0x358/0x4d0 [ 725.962576][T15279] __x64_sys_shmget+0x13b/0x1b0 [ 725.962604][T15279] ? __pfx___x64_sys_shmget+0x10/0x10 [ 725.962640][T15279] do_syscall_64+0x106/0xf80 [ 725.962669][T15279] ? clear_bhb_loop+0x40/0x90 [ 725.962699][T15279] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 725.962724][T15279] RIP: 0033:0x7fbe2b99c799 [ 725.962744][T15279] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 725.962768][T15279] RSP: 002b:00007fbe2c77d028 EFLAGS: 00000246 ORIG_RAX: 000000000000001d [ 725.962791][T15279] RAX: ffffffffffffffda RBX: 00007fbe2bc16090 RCX: 00007fbe2b99c799 [ 725.962807][T15279] RDX: 0000000079e56dc9 RSI: 0000000000000003 RDI: 0000000100000000 [ 725.962822][T15279] RBP: 00007fbe2ba32c99 R08: 0000000000000000 R09: 0000000000000000 [ 725.962836][T15279] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 725.962850][T15279] R13: 00007fbe2bc16128 R14: 00007fbe2bc16090 R15: 00007fff376b00f8 [ 725.962882][T15279] [ 726.702669][T13029] Bluetooth: hci3: ACL packet for unknown connection handle 0 [ 727.504566][T15308] netlink: 9 bytes leftover after parsing attributes in process `syz.0.2989'. [ 728.214338][T15316] netlink: 354 bytes leftover after parsing attributes in process `syz.4.2993'. [ 728.579330][T15327] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(12) [ 728.641732][T15329] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2997'. [ 728.842836][T15329] bond0: (slave bond_slave_0): Releasing backup interface [ 730.393040][ T5833] Bluetooth: hci3: ACL packet for unknown connection handle 0 [ 730.410170][T15362] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3007'. [ 730.484996][T15362] netlink: 354 bytes leftover after parsing attributes in process `syz.4.3007'. [ 731.504511][T15377] netlink: 350 bytes leftover after parsing attributes in process `syz.1.3009'. [ 732.240011][T13029] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 732.902178][T15392] netlink: 330 bytes leftover after parsing attributes in process `syz.0.3013'. [ 733.768661][T15414] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3019'. [ 733.819154][T15414] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 733.838419][T15414] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 733.888915][T15414] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 733.908954][T15414] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 733.948687][T15414] bridge0: port 3(batadv0) entered disabled state [ 733.981975][T15414] batadv0 (unregistering): left allmulticast mode [ 734.010118][T15414] batadv0 (unregistering): left promiscuous mode [ 734.036622][T15414] bridge0: port 3(batadv0) entered disabled state [ 734.698718][T13029] Bluetooth: hci0: ACL packet for unknown connection handle 0 [ 735.594589][T15442] Dead loop on virtual device ip6_vti0, fix it urgently! [ 735.644487][T15442] Dead loop on virtual device ip6_vti0, fix it urgently! [ 735.690277][T15442] Dead loop on virtual device ip6_vti0, fix it urgently! [ 735.729023][T15442] Dead loop on virtual device ip6_vti0, fix it urgently! [ 735.781352][T15442] Dead loop on virtual device ip6_vti0, fix it urgently! [ 735.836450][T15442] Dead loop on virtual device ip6_vti0, fix it urgently! [ 735.881176][T15442] Dead loop on virtual device ip6_vti0, fix it urgently! [ 735.911344][T15442] Dead loop on virtual device ip6_vti0, fix it urgently! [ 735.950334][T15442] Dead loop on virtual device ip6_vti0, fix it urgently! [ 735.996746][T15442] Dead loop on virtual device ip6_vti0, fix it urgently! [ 738.008047][T15472] netlink: 504 bytes leftover after parsing attributes in process `syz.4.3033'. [ 738.137719][T15477] netlink: 350 bytes leftover after parsing attributes in process `syz.4.3033'. [ 738.299490][T15479] futex_wake_op: syz.1.3036 tries to shift op by -2048; fix this program [ 738.367705][T15479] futex_wake_op: syz.1.3036 tries to shift op by -2048; fix this program [ 739.291090][T13029] Bluetooth: hci3: ACL packet for unknown connection handle 0 [ 741.150418][T15507] netlink: 342 bytes leftover after parsing attributes in process `syz.4.3043'. [ 741.481917][T15513] FAULT_INJECTION: forcing a failure. [ 741.481917][T15513] name failslab, interval 1, probability 0, space 0, times 0 [ 741.557155][T15513] CPU: 0 UID: 0 PID: 15513 Comm: syz.3.3045 Tainted: G L syzkaller #0 PREEMPT(full) [ 741.557195][T15513] Tainted: [L]=SOFTLOCKUP [ 741.557203][T15513] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 741.557218][T15513] Call Trace: [ 741.557226][T15513] [ 741.557235][T15513] dump_stack_lvl+0x100/0x190 [ 741.557277][T15513] should_fail_ex.cold+0x5/0xa [ 741.557307][T15513] should_failslab+0xc2/0x120 [ 741.557332][T15513] __kmalloc_node_track_caller_noprof+0xe3/0x850 [ 741.557374][T15513] ? parse_pred+0x2d4/0x3070 [ 741.557416][T15513] kmemdup_nul+0x49/0xd0 [ 741.557456][T15513] parse_pred+0x2d4/0x3070 [ 741.557500][T15513] ? __pfx_parse_pred+0x10/0x10 [ 741.557546][T15513] ? rcu_is_watching+0x12/0xc0 [ 741.557584][T15513] ? trace_kmalloc+0x101/0x130 [ 741.557611][T15513] ? __kmalloc_noprof+0x320/0x850 [ 741.557653][T15513] process_preds+0x6a6/0x1d90 [ 741.557696][T15513] ? create_filter_start.constprop.0+0x134/0x310 [ 741.557740][T15513] create_filter+0x140/0x210 [ 741.557778][T15513] ? __pfx_create_filter+0x10/0x10 [ 741.557826][T15513] ? find_held_lock+0x2b/0x80 [ 741.557853][T15513] apply_event_filter+0x220/0x500 [ 741.557893][T15513] ? __pfx_apply_event_filter+0x10/0x10 [ 741.557941][T15513] event_filter_write+0x16d/0x290 [ 741.557972][T15513] vfs_write+0x2aa/0x1070 [ 741.558012][T15513] ? __pfx_event_filter_write+0x10/0x10 [ 741.558043][T15513] ? __pfx_vfs_write+0x10/0x10 [ 741.558082][T15513] ? __fget_files+0x215/0x3d0 [ 741.558111][T15513] ? __fget_files+0x21f/0x3d0 [ 741.558141][T15513] ksys_write+0x12a/0x250 [ 741.558163][T15513] ? __pfx_ksys_write+0x10/0x10 [ 741.558194][T15513] do_syscall_64+0x106/0xf80 [ 741.558224][T15513] ? clear_bhb_loop+0x40/0x90 [ 741.558254][T15513] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 741.558279][T15513] RIP: 0033:0x7fbe2b99c799 [ 741.558299][T15513] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 741.558323][T15513] RSP: 002b:00007fbe2c79e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 741.558346][T15513] RAX: ffffffffffffffda RBX: 00007fbe2bc15fa0 RCX: 00007fbe2b99c799 [ 741.558362][T15513] RDX: 00000000000005c8 RSI: 0000000000000000 RDI: 0000000000000003 [ 741.558376][T15513] RBP: 00007fbe2ba32c99 R08: 0000000000000000 R09: 0000000000000000 [ 741.558391][T15513] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 741.558405][T15513] R13: 00007fbe2bc16038 R14: 00007fbe2bc15fa0 R15: 00007fff376b00f8 [ 741.558437][T15513] [ 747.542945][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 747.551345][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 750.173452][T15619] FAULT_INJECTION: forcing a failure. [ 750.173452][T15619] name failslab, interval 1, probability 0, space 0, times 0 [ 750.218524][T15621] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3072'. [ 750.242487][T15619] CPU: 0 UID: 0 PID: 15619 Comm: syz.1.3073 Tainted: G L syzkaller #0 PREEMPT(full) [ 750.242527][T15619] Tainted: [L]=SOFTLOCKUP [ 750.242535][T15619] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 750.242549][T15619] Call Trace: [ 750.242557][T15619] [ 750.242566][T15619] dump_stack_lvl+0x100/0x190 [ 750.242607][T15619] should_fail_ex.cold+0x5/0xa [ 750.242636][T15619] should_failslab+0xc2/0x120 [ 750.242662][T15619] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 750.242699][T15619] ? security_file_alloc+0x34/0x2c0 [ 750.242725][T15619] ? trace_kmem_cache_alloc+0xf3/0x120 [ 750.242755][T15619] security_file_alloc+0x34/0x2c0 [ 750.242781][T15619] init_file+0x95/0x480 [ 750.242810][T15619] alloc_empty_file+0x73/0x1c0 [ 750.242841][T15619] alloc_file_pseudo+0x13a/0x230 [ 750.242873][T15619] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 750.242906][T15619] ? _raw_spin_unlock+0x28/0x50 [ 750.243003][T15619] ? alloc_fd+0x476/0x790 [ 750.243030][T15619] __anon_inode_getfile+0xe8/0x280 [ 750.243070][T15619] __anon_inode_getfd+0x5c/0xe0 [ 750.243102][T15619] do_inotify_init+0x483/0x5e0 [ 750.243137][T15619] __x64_sys_inotify_init1+0x30/0x40 [ 750.243171][T15619] do_syscall_64+0x106/0xf80 [ 750.243200][T15619] ? clear_bhb_loop+0x40/0x90 [ 750.243229][T15619] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 750.243254][T15619] RIP: 0033:0x7ff941f9c799 [ 750.243274][T15619] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 750.243298][T15619] RSP: 002b:00007ff942dea028 EFLAGS: 00000246 ORIG_RAX: 0000000000000126 [ 750.243321][T15619] RAX: ffffffffffffffda RBX: 00007ff942215fa0 RCX: 00007ff941f9c799 [ 750.243338][T15619] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0003000000000000 [ 750.243352][T15619] RBP: 00007ff942032c99 R08: 0000000000000000 R09: 0000000000000000 [ 750.243367][T15619] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 750.243382][T15619] R13: 00007ff942216038 R14: 00007ff942215fa0 R15: 00007ffcc8df6558 [ 750.243412][T15619] [ 750.710182][T15621] vlan1: entered promiscuous mode [ 750.745595][T15621] vlan1: entered allmulticast mode [ 751.725724][T15638] FAULT_INJECTION: forcing a failure. [ 751.725724][T15638] name failslab, interval 1, probability 0, space 0, times 0 [ 751.817634][T15638] CPU: 0 UID: 0 PID: 15638 Comm: syz.1.3078 Tainted: G L syzkaller #0 PREEMPT(full) [ 751.817674][T15638] Tainted: [L]=SOFTLOCKUP [ 751.817682][T15638] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 751.817696][T15638] Call Trace: [ 751.817704][T15638] [ 751.817713][T15638] dump_stack_lvl+0x100/0x190 [ 751.817756][T15638] should_fail_ex.cold+0x5/0xa [ 751.817784][T15638] should_failslab+0xc2/0x120 [ 751.817809][T15638] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 751.817856][T15638] ? __kernfs_new_node+0xd2/0x960 [ 751.817891][T15638] ? kstrdup+0xb3/0xe0 [ 751.817932][T15638] __kernfs_new_node+0xd2/0x960 [ 751.817970][T15638] ? __pfx___kernfs_new_node+0x10/0x10 [ 751.818011][T15638] ? find_held_lock+0x2b/0x80 [ 751.818033][T15638] ? kernfs_root+0xee/0x2a0 [ 751.818065][T15638] ? kernfs_root+0xee/0x2a0 [ 751.818105][T15638] kernfs_new_node+0x11b/0x1a0 [ 751.818148][T15638] kernfs_create_link+0xcc/0x240 [ 751.818178][T15638] sysfs_do_create_link_sd+0x90/0x140 [ 751.818214][T15638] sysfs_create_link+0x61/0xc0 [ 751.818247][T15638] device_add+0xb5d/0x1950 [ 751.818276][T15638] ? __pfx_device_add+0x10/0x10 [ 751.818297][T15638] ? __pfx___might_resched+0x10/0x10 [ 751.818332][T15638] ? lockdep_hardirqs_on+0x78/0x100 [ 751.818372][T15638] __add_disk+0x518/0xe40 [ 751.818477][T15638] add_disk_fwnode+0x118/0x5c0 [ 751.818518][T15638] loop_add+0x90b/0xb60 [ 751.818546][T15638] ? __pfx_loop_add+0x10/0x10 [ 751.818592][T15638] ? find_held_lock+0x2b/0x80 [ 751.818613][T15638] ? __fget_files+0x215/0x3d0 [ 751.818641][T15638] loop_control_ioctl+0xae/0x620 [ 751.818672][T15638] ? __pfx_loop_control_ioctl+0x10/0x10 [ 751.818705][T15638] ? __pfx_loop_control_ioctl+0x10/0x10 [ 751.818736][T15638] __x64_sys_ioctl+0x18e/0x210 [ 751.818773][T15638] do_syscall_64+0x106/0xf80 [ 751.818801][T15638] ? clear_bhb_loop+0x40/0x90 [ 751.818837][T15638] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 751.818862][T15638] RIP: 0033:0x7ff941f9c799 [ 751.818883][T15638] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 751.818907][T15638] RSP: 002b:00007ff942dea028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 751.818930][T15638] RAX: ffffffffffffffda RBX: 00007ff942215fa0 RCX: 00007ff941f9c799 [ 751.818946][T15638] RDX: fffffffffffffffd RSI: 0000000000004c80 RDI: 0000000000000007 [ 751.818961][T15638] RBP: 00007ff942032c99 R08: 0000000000000000 R09: 0000000000000000 [ 751.818976][T15638] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 751.818990][T15638] R13: 00007ff942216038 R14: 00007ff942215fa0 R15: 00007ffcc8df6558 [ 751.819022][T15638] [ 754.570359][T15677] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=4294967104 (549755789312 ns) > initial count (26496 ns). Using initial count to start timer. [ 755.028047][T15686] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3088'. [ 755.087177][T15686] netlink: 25 bytes leftover after parsing attributes in process `syz.1.3088'. [ 755.539219][T15693] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input10 [ 757.953584][T15723] HSR: entered promiscuous mode [ 759.771577][T13029] block nbd0: Receive control failed (result -32) [ 760.000532][ T30] audit: type=1804 audit(4294967373.910:11): pid=15755 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.3108" name="/newroot/754/file0" dev="tmpfs" ino=3938 res=1 errno=0 [ 760.150887][ T30] audit: type=1804 audit(4294967373.910:12): pid=15757 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.3108" name="/newroot/754/file0" dev="tmpfs" ino=3938 res=1 errno=0 [ 765.791554][T15833] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 766.070142][T15839] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input12 [ 768.912234][T13029] Bluetooth: hci1: unexpected event 0x3e length: 726 > 260 [ 768.912280][T13029] Bluetooth: hci1: unexpected subevent 0x0d length: 725 > 260 [ 768.928607][T13029] Bluetooth: hci1: Unknown advertising packet type: 0x7f [ 768.928660][T13029] Bluetooth: hci1: adv larger than maximum supported [ 768.937626][T13029] Bluetooth: hci1: adv larger than maximum supported [ 768.944888][T13029] Bluetooth: hci1: Malformed LE Event: 0x0d [ 770.880336][T15896] blktrace: Concurrent blktraces are not allowed on loop2 [ 777.193580][T15969] HSR: entered promiscuous mode [ 778.406073][T15979] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3169'. [ 781.639269][ T30] audit: type=1804 audit(4294967395.550:13): pid=16011 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.3170" name="/newroot/793/file0" dev="tmpfs" ino=4127 res=1 errno=0 [ 781.759371][ T30] audit: type=1804 audit(4294967395.610:14): pid=16012 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.3170" name="/newroot/793/file0" dev="tmpfs" ino=4127 res=1 errno=0 [ 781.965046][T16021] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3176'. [ 787.039283][T16059] delete_channel: no stack [ 787.458821][T13029] Bluetooth: hci4: unexpected event 0x3e length: 726 > 260 [ 787.458856][T13029] Bluetooth: hci4: unexpected subevent 0x0d length: 725 > 260 [ 787.474751][T13029] Bluetooth: hci4: Unknown advertising packet type: 0x7f [ 787.474778][T13029] Bluetooth: hci4: adv larger than maximum supported [ 787.484075][T13029] Bluetooth: hci4: adv larger than maximum supported [ 787.491187][T13029] Bluetooth: hci4: Malformed LE Event: 0x0d [ 788.910142][T16102] FAULT_INJECTION: forcing a failure. [ 788.910142][T16102] name failslab, interval 1, probability 0, space 0, times 0 [ 788.979291][T16102] CPU: 0 UID: 8 PID: 16102 Comm: syz.1.3199 Tainted: G L syzkaller #0 PREEMPT(full) [ 788.979331][T16102] Tainted: [L]=SOFTLOCKUP [ 788.979340][T16102] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 788.979355][T16102] Call Trace: [ 788.979362][T16102] [ 788.979371][T16102] dump_stack_lvl+0x100/0x190 [ 788.979413][T16102] should_fail_ex.cold+0x5/0xa [ 788.979442][T16102] should_failslab+0xc2/0x120 [ 788.979468][T16102] __kmalloc_cache_noprof+0x7a/0x6f0 [ 788.979502][T16102] ? key_user_lookup+0x1a3/0x5a0 [ 788.979533][T16102] key_user_lookup+0x1a3/0x5a0 [ 788.979558][T16102] ? __pfx_key_user_lookup+0x10/0x10 [ 788.979584][T16102] ? security_key_permission+0x7b/0x230 [ 788.979631][T16102] key_alloc+0x18b/0x1310 [ 788.979665][T16102] ? __pfx_keyring_search+0x10/0x10 [ 788.979697][T16102] ? __pfx_key_alloc+0x10/0x10 [ 788.979721][T16102] ? __pfx_key_default_cmp+0x10/0x10 [ 788.979751][T16102] ? __pfx_keyring_search_iterator+0x10/0x10 [ 788.979784][T16102] keyring_alloc+0x44/0xc0 [ 788.979816][T16102] look_up_user_keyrings+0x465/0x790 [ 788.979860][T16102] ? __pfx_look_up_user_keyrings+0x10/0x10 [ 788.979898][T16102] ? futex_wait+0x125/0x380 [ 788.979936][T16102] ? __pfx_futex_wait+0x10/0x10 [ 788.979980][T16102] lookup_user_key+0xbb1/0x1300 [ 788.980035][T16102] ? __pfx_lookup_user_key+0x10/0x10 [ 788.980104][T16102] ? __pfx_lookup_user_key_possessed+0x10/0x10 [ 788.980164][T16102] ? __x64_sys_futex+0x34f/0x4d0 [ 788.980194][T16102] ? __x64_sys_futex+0x358/0x4d0 [ 788.980232][T16102] keyctl_session_to_parent+0x28/0xae0 [ 788.980275][T16102] __do_sys_keyctl+0x2b1/0x5a0 [ 788.980313][T16102] do_syscall_64+0x106/0xf80 [ 788.980342][T16102] ? clear_bhb_loop+0x40/0x90 [ 788.980372][T16102] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 788.980397][T16102] RIP: 0033:0x7ff941f9c799 [ 788.980417][T16102] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 788.980441][T16102] RSP: 002b:00007ff942dea028 EFLAGS: 00000246 ORIG_RAX: 00000000000000fa [ 788.980464][T16102] RAX: ffffffffffffffda RBX: 00007ff942215fa0 RCX: 00007ff941f9c799 [ 788.980480][T16102] RDX: fffffffffffffffd RSI: fffffffffffffffc RDI: 0000000000000012 [ 788.980495][T16102] RBP: 00007ff942032c99 R08: 0000000000000001 R09: 0000000000000000 [ 788.980510][T16102] R10: fffffffffffffffd R11: 0000000000000246 R12: 0000000000000000 [ 788.980524][T16102] R13: 00007ff942216038 R14: 00007ff942215fa0 R15: 00007ffcc8df6558 [ 788.980556][T16102] [ 794.307002][T16157] FAULT_INJECTION: forcing a failure. [ 794.307002][T16157] name failslab, interval 1, probability 0, space 0, times 0 [ 794.438826][T16157] CPU: 0 UID: 8 PID: 16157 Comm: syz.0.3212 Tainted: G L syzkaller #0 PREEMPT(full) [ 794.438865][T16157] Tainted: [L]=SOFTLOCKUP [ 794.438873][T16157] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 794.438889][T16157] Call Trace: [ 794.438898][T16157] [ 794.438908][T16157] dump_stack_lvl+0x100/0x190 [ 794.438949][T16157] should_fail_ex.cold+0x5/0xa [ 794.438977][T16157] should_failslab+0xc2/0x120 [ 794.439002][T16157] __kmalloc_cache_noprof+0x7a/0x6f0 [ 794.439035][T16157] ? key_user_lookup+0x1a3/0x5a0 [ 794.439067][T16157] key_user_lookup+0x1a3/0x5a0 [ 794.439092][T16157] ? __pfx_key_user_lookup+0x10/0x10 [ 794.439118][T16157] ? security_key_permission+0x7b/0x230 [ 794.439172][T16157] key_alloc+0x18b/0x1310 [ 794.439204][T16157] ? __pfx_keyring_search+0x10/0x10 [ 794.439236][T16157] ? __pfx_key_alloc+0x10/0x10 [ 794.439260][T16157] ? __pfx_key_default_cmp+0x10/0x10 [ 794.439289][T16157] ? __pfx_keyring_search_iterator+0x10/0x10 [ 794.439322][T16157] keyring_alloc+0x44/0xc0 [ 794.439353][T16157] look_up_user_keyrings+0x465/0x790 [ 794.439397][T16157] ? __pfx_look_up_user_keyrings+0x10/0x10 [ 794.439435][T16157] ? futex_wait+0x125/0x380 [ 794.439473][T16157] ? __pfx_futex_wait+0x10/0x10 [ 794.439516][T16157] lookup_user_key+0xbb1/0x1300 [ 794.439558][T16157] ? __pfx_lookup_user_key+0x10/0x10 [ 794.439605][T16157] ? __pfx_lookup_user_key_possessed+0x10/0x10 [ 794.439652][T16157] ? __x64_sys_futex+0x34f/0x4d0 [ 794.439682][T16157] ? __x64_sys_futex+0x358/0x4d0 [ 794.439719][T16157] keyctl_session_to_parent+0x28/0xae0 [ 794.439761][T16157] __do_sys_keyctl+0x2b1/0x5a0 [ 794.439799][T16157] do_syscall_64+0x106/0xf80 [ 794.439829][T16157] ? clear_bhb_loop+0x40/0x90 [ 794.439859][T16157] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 794.439884][T16157] RIP: 0033:0x7f1fa2b9c799 [ 794.439903][T16157] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 794.439927][T16157] RSP: 002b:00007f1fa3a65028 EFLAGS: 00000246 ORIG_RAX: 00000000000000fa [ 794.439949][T16157] RAX: ffffffffffffffda RBX: 00007f1fa2e15fa0 RCX: 00007f1fa2b9c799 [ 794.439965][T16157] RDX: fffffffffffffffd RSI: fffffffffffffffc RDI: 0000000000000012 [ 794.439980][T16157] RBP: 00007f1fa2c32c99 R08: 0000000000000001 R09: 0000000000000000 [ 794.439995][T16157] R10: fffffffffffffffd R11: 0000000000000246 R12: 0000000000000000 [ 794.440009][T16157] R13: 00007f1fa2e16038 R14: 00007f1fa2e15fa0 R15: 00007ffe01b09688 [ 794.440040][T16157] [ 797.480788][T16182] FAULT_INJECTION: forcing a failure. [ 797.480788][T16182] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 797.559882][T16182] CPU: 0 UID: 0 PID: 16182 Comm: syz.1.3227 Tainted: G L syzkaller #0 PREEMPT(full) [ 797.559921][T16182] Tainted: [L]=SOFTLOCKUP [ 797.559929][T16182] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 797.559944][T16182] Call Trace: [ 797.559952][T16182] [ 797.559960][T16182] dump_stack_lvl+0x100/0x190 [ 797.560003][T16182] should_fail_ex.cold+0x5/0xa [ 797.560026][T16182] ? prepare_alloc_pages+0x16d/0x5f0 [ 797.560057][T16182] should_fail_alloc_page+0xeb/0x140 [ 797.560085][T16182] prepare_alloc_pages+0x1f0/0x5f0 [ 797.560117][T16182] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 797.560163][T16182] ? __lock_acquire+0x4a5/0x2630 [ 797.560201][T16182] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 797.560241][T16182] ? __lock_acquire+0x4a5/0x2630 [ 797.560271][T16182] ? __lock_acquire+0x4a5/0x2630 [ 797.560315][T16182] ? __lock_acquire+0x4a5/0x2630 [ 797.560347][T16182] ? __lock_acquire+0x4a5/0x2630 [ 797.560379][T16182] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 797.560421][T16182] ? policy_nodemask+0xed/0x4f0 [ 797.560449][T16182] alloc_pages_mpol+0x1fb/0x550 [ 797.560475][T16182] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 797.560508][T16182] folio_alloc_mpol_noprof+0x36/0x340 [ 797.560540][T16182] vma_alloc_folio_noprof+0xed/0x1d0 [ 797.560569][T16182] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 797.560599][T16182] ? rcu_read_unlock+0x2d/0xb0 [ 797.560632][T16182] ? rcu_read_unlock+0x2d/0xb0 [ 797.560666][T16182] ? __lock_acquire+0x4a5/0x2630 [ 797.560700][T16182] do_wp_page+0xf28/0x4f00 [ 797.560735][T16182] ? __pfx_do_wp_page+0x10/0x10 [ 797.560765][T16182] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 797.560809][T16182] __handle_mm_fault+0x1ac8/0x2b60 [ 797.560847][T16182] ? mt_find+0x45e/0x8e0 [ 797.560880][T16182] ? __pfx___handle_mm_fault+0x10/0x10 [ 797.560921][T16182] ? __pfx_mt_find+0x10/0x10 [ 797.560968][T16182] ? find_vma+0xbf/0x140 [ 797.560990][T16182] ? __pfx_find_vma+0x10/0x10 [ 797.561015][T16182] handle_mm_fault+0x36d/0xa20 [ 797.561073][T16182] do_user_addr_fault+0x74c/0x12f0 [ 797.561121][T16182] exc_page_fault+0x6f/0xd0 [ 797.561150][T16182] asm_exc_page_fault+0x26/0x30 [ 797.561174][T16182] RIP: 0010:rep_movs_alternative+0x4a/0x90 [ 797.561242][T16182] Code: 93 04 00 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 73 e8 eb c5 a4 e9 cf 93 04 00 48 8b 06 48 89 07 48 8d 47 08 48 83 e0 f8 48 [ 797.561265][T16182] RSP: 0018:ffffc90003c87d50 EFLAGS: 00050206 [ 797.561286][T16182] RAX: 0000000000000001 RBX: 0000000000003fdf RCX: 000000000000211f [ 797.561307][T16182] RDX: 0000000000000001 RSI: ffff888044201ec0 RDI: 0000200000002000 [ 797.561323][T16182] RBP: 0000200000000140 R08: 0000000000000000 R09: ffffed10088407fb [ 797.561338][T16182] R10: 0000000000000006 R11: 0000000000000000 R12: ffff888044200000 [ 797.561352][T16182] R13: 000020000000411f R14: 00007ffffffff000 R15: 0000000000000000 [ 797.561391][T16182] _copy_to_user+0xa4/0xd0 [ 797.561453][T16182] dma_heap_ioctl+0x413/0x5e0 [ 797.561604][T16182] ? __pfx_dma_heap_ioctl+0x10/0x10 [ 797.561644][T16182] ? find_held_lock+0x2b/0x80 [ 797.561702][T16182] ? __pfx_dma_heap_ioctl+0x10/0x10 [ 797.561737][T16182] __x64_sys_ioctl+0x18e/0x210 [ 797.561780][T16182] do_syscall_64+0x106/0xf80 [ 797.561809][T16182] ? clear_bhb_loop+0x40/0x90 [ 797.561847][T16182] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 797.561880][T16182] RIP: 0033:0x7ff941f9c799 [ 797.561899][T16182] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 797.561929][T16182] RSP: 002b:00007ff942dea028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 797.561951][T16182] RAX: ffffffffffffffda RBX: 00007ff942215fa0 RCX: 00007ff941f9c799 [ 797.561966][T16182] RDX: 0000200000000140 RSI: ffffffffffdffe00 RDI: 0000000000000007 [ 797.562001][T16182] RBP: 00007ff942032c99 R08: 0000000000000000 R09: 0000000000000000 [ 797.562016][T16182] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 797.562030][T16182] R13: 00007ff942216038 R14: 00007ff942215fa0 R15: 00007ffcc8df6558 [ 797.562068][T16182] [ 798.802910][ T30] audit: type=1804 audit(4294967412.590:15): pid=16188 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.3219" name="/newroot/743/file0" dev="tmpfs" ino=3871 res=1 errno=0 [ 798.868390][ T30] audit: type=1804 audit(4294967412.600:16): pid=16199 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.3219" name="/newroot/743/file0" dev="tmpfs" ino=3871 res=1 errno=0 [ 808.973317][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 808.973404][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 810.411871][T16334] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3249'. [ 810.507596][T16334] i: entered promiscuous mode [ 810.579322][T16340] HfR: entered promiscuous mode [ 812.704112][T13029] block nbd1: Receive control failed (result -32) [ 815.368219][T16396] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3265'. [ 815.419230][T16396] vlan1: entered promiscuous mode [ 815.419428][T16396] vlan1: entered allmulticast mode [ 815.419445][T16396] veth0_vlan: entered allmulticast mode [ 820.047601][T16443] FAULT_INJECTION: forcing a failure. [ 820.047601][T16443] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 820.108940][T16443] CPU: 0 UID: 0 PID: 16443 Comm: syz.0.3275 Tainted: G L syzkaller #0 PREEMPT(full) [ 820.108979][T16443] Tainted: [L]=SOFTLOCKUP [ 820.108987][T16443] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 820.109002][T16443] Call Trace: [ 820.109010][T16443] [ 820.109019][T16443] dump_stack_lvl+0x100/0x190 [ 820.109065][T16443] should_fail_ex.cold+0x5/0xa [ 820.109090][T16443] ? prepare_alloc_pages+0x16d/0x5f0 [ 820.109122][T16443] should_fail_alloc_page+0xeb/0x140 [ 820.109151][T16443] prepare_alloc_pages+0x1f0/0x5f0 [ 820.109184][T16443] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 820.109241][T16443] ? mas_next_slot+0x1003/0x18b0 [ 820.109285][T16443] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 820.109321][T16443] ? validate_mm+0x261/0x4e0 [ 820.109358][T16443] ? mas_prev_slot+0x67b/0x1c10 [ 820.109402][T16443] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 820.109454][T16443] ? policy_nodemask+0xed/0x4f0 [ 820.109481][T16443] alloc_pages_mpol+0x1fb/0x550 [ 820.109507][T16443] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 820.109541][T16443] alloc_pages_noprof+0x131/0x390 [ 820.109568][T16443] __pmd_alloc+0x3b/0x950 [ 820.109599][T16443] __handle_mm_fault+0xa99/0x2b60 [ 820.109641][T16443] ? mt_find+0x45e/0x8e0 [ 820.109673][T16443] ? __pfx___handle_mm_fault+0x10/0x10 [ 820.109705][T16443] ? __pfx_mt_find+0x10/0x10 [ 820.109759][T16443] handle_mm_fault+0x36d/0xa20 [ 820.109797][T16443] __get_user_pages+0xf9c/0x34d0 [ 820.109835][T16443] ? __pfx___get_user_pages+0x10/0x10 [ 820.109871][T16443] populate_vma_page_range+0x267/0x3f0 [ 820.109903][T16443] ? __pfx_populate_vma_page_range+0x10/0x10 [ 820.109934][T16443] ? __pfx_find_vma_intersection+0x10/0x10 [ 820.109962][T16443] ? __pfx_apply_vma_lock_flags+0x10/0x10 [ 820.110002][T16443] __mm_populate+0x107/0x3a0 [ 820.110031][T16443] ? __pfx___mm_populate+0x10/0x10 [ 820.110062][T16443] ? up_write+0x290/0x4f0 [ 820.110100][T16443] do_mlock+0x3f0/0x7f0 [ 820.110139][T16443] ? __pfx_do_mlock+0x10/0x10 [ 820.110172][T16443] ? __x64_sys_futex+0x34f/0x4d0 [ 820.110202][T16443] ? __x64_sys_futex+0x358/0x4d0 [ 820.110237][T16443] ? xfd_validate_state+0x129/0x190 [ 820.110281][T16443] __x64_sys_mlock+0x59/0x80 [ 820.110317][T16443] do_syscall_64+0x106/0xf80 [ 820.110346][T16443] ? clear_bhb_loop+0x40/0x90 [ 820.110377][T16443] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 820.110401][T16443] RIP: 0033:0x7f1fa2b9c799 [ 820.110427][T16443] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 820.110451][T16443] RSP: 002b:00007f1fa3a65028 EFLAGS: 00000246 ORIG_RAX: 0000000000000095 [ 820.110475][T16443] RAX: ffffffffffffffda RBX: 00007f1fa2e15fa0 RCX: 00007f1fa2b9c799 [ 820.110490][T16443] RDX: 0000000000000000 RSI: 0000000000080006 RDI: 0000000000000112 [ 820.110506][T16443] RBP: 00007f1fa2c32c99 R08: 0000000000000000 R09: 0000000000000000 [ 820.110520][T16443] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 820.110535][T16443] R13: 00007f1fa2e16038 R14: 00007f1fa2e15fa0 R15: 00007ffe01b09688 [ 820.110566][T16443] [ 822.648905][T16483] netlink: 504 bytes leftover after parsing attributes in process `syz.0.3291'. [ 822.707080][T16483] netlink: 350 bytes leftover after parsing attributes in process `syz.0.3291'. [ 823.079126][ T30] audit: type=1804 audit(4294967436.990:17): pid=16486 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.3282" name="file0" dev="tmpfs" ino=3405 res=1 errno=0 [ 823.083862][ T30] audit: type=1804 audit(4294967437.000:18): pid=16489 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.4.3282" name="file0" dev="tmpfs" ino=3405 res=1 errno=0 [ 826.104356][T16520] netlink: 25 bytes leftover after parsing attributes in process `syz.4.3298'. [ 827.156812][T16531] futex_wake_op: syz.4.3301 tries to shift op by -2048; fix this program [ 827.192485][T16531] futex_wake_op: syz.4.3301 tries to shift op by -2048; fix this program [ 828.367224][T16550] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3304'. [ 828.389172][T16547] netlink: 'syz.0.3294': attribute type 2 has an invalid length. [ 828.419582][T16550] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 828.427240][T16547] netlink: 'syz.0.3294': attribute type 3 has an invalid length. [ 828.451271][T16550] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 828.461390][T16547] netlink: 158 bytes leftover after parsing attributes in process `syz.0.3294'. [ 828.492187][T16550] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 828.501904][T16547] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3294'. [ 828.529829][T16550] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 828.826133][ T30] audit: type=1804 audit(4294967442.740:19): pid=16555 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.3306" name="file0" dev="tmpfs" ino=3426 res=1 errno=0 [ 828.887870][ T30] audit: type=1804 audit(4294967442.780:20): pid=16556 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.4.3306" name="file0" dev="tmpfs" ino=3426 res=1 errno=0 [ 828.956675][T16559] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3296'. [ 829.048037][T16559] veth1_macvtap: left promiscuous mode [ 830.270478][T16573] netlink: 158 bytes leftover after parsing attributes in process `syz.4.3310'. [ 833.245161][T16616] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3309'. [ 833.288959][T16616] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 833.324004][T16616] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 833.343040][T16616] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 833.362807][T16616] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 834.169217][T16629] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3316'. [ 834.240324][T16629] vlan1: entered promiscuous mode [ 834.246585][T16629] vlan1: entered allmulticast mode [ 841.691295][T16727] netlink: 9 bytes leftover after parsing attributes in process `syz.1.3343'. [ 842.954394][T16751] ecryptfs_miscdev_write: Acceptable packet size range is [6-531], but amount of data written is [1]. [ 849.981087][T16834] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3362'. [ 850.031150][T16834] netlink: 28905 bytes leftover after parsing attributes in process `syz.1.3362'. [ 853.224864][T16867] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 853.325527][T16867] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 853.451484][T16867] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 853.605018][T16867] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 853.714926][T16867] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 854.972375][T16881] kexec: Could not allocate control_code_buffer [ 855.283606][T13029] Bluetooth: hci1: command 0x0c1a tx timeout [ 855.364497][T13029] Bluetooth: hci3: command 0x0c1a tx timeout [ 855.681490][T13029] Bluetooth: hci0: command 0x0c1a tx timeout [ 855.760574][T13029] Bluetooth: hci4: command 0x0406 tx timeout [ 857.440614][T13029] Bluetooth: hci3: command 0x0c1a tx timeout [ 857.730651][T16906] FAULT_INJECTION: forcing a failure. [ 857.730651][T16906] name failslab, interval 1, probability 0, space 0, times 0 [ 857.868181][T16906] CPU: 0 UID: 0 PID: 16906 Comm: syz.1.3380 Tainted: G L syzkaller #0 PREEMPT(full) [ 857.868220][T16906] Tainted: [L]=SOFTLOCKUP [ 857.868229][T16906] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 857.868244][T16906] Call Trace: [ 857.868252][T16906] [ 857.868261][T16906] dump_stack_lvl+0x100/0x190 [ 857.868302][T16906] should_fail_ex.cold+0x5/0xa [ 857.868330][T16906] ? tomoyo_realpath_from_path+0xb6/0x690 [ 857.868361][T16906] should_failslab+0xc2/0x120 [ 857.868386][T16906] __kmalloc_noprof+0xe0/0x850 [ 857.868430][T16906] tomoyo_realpath_from_path+0xb6/0x690 [ 857.868465][T16906] tomoyo_check_open_permission+0x2af/0x3c0 [ 857.868507][T16906] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 857.868576][T16906] ? lock_acquire+0x1cf/0x380 [ 857.868606][T16906] ? find_held_lock+0x2b/0x80 [ 857.868635][T16906] tomoyo_file_open+0x6b/0x90 [ 857.868669][T16906] security_file_open+0xb5/0x1e0 [ 857.868696][T16906] do_dentry_open+0x5aa/0x1660 [ 857.868736][T16906] vfs_open+0x82/0x3f0 [ 857.868770][T16906] path_openat+0x208c/0x31a0 [ 857.868806][T16906] ? __pfx_path_openat+0x10/0x10 [ 857.868842][T16906] do_file_open+0x20e/0x430 [ 857.868870][T16906] ? __pfx_do_file_open+0x10/0x10 [ 857.868916][T16906] ? alloc_fd+0x476/0x790 [ 857.868942][T16906] ? do_getname+0x191/0x390 [ 857.868975][T16906] do_sys_openat2+0x10d/0x1e0 [ 857.869007][T16906] ? __pfx_do_sys_openat2+0x10/0x10 [ 857.869050][T16906] __x64_sys_openat+0x12d/0x210 [ 857.869083][T16906] ? __pfx___x64_sys_openat+0x10/0x10 [ 857.869127][T16906] do_syscall_64+0x106/0xf80 [ 857.869156][T16906] ? clear_bhb_loop+0x40/0x90 [ 857.869186][T16906] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 857.869215][T16906] RIP: 0033:0x7ff941f9c799 [ 857.869235][T16906] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 857.869266][T16906] RSP: 002b:00007ff942dea028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 857.869289][T16906] RAX: ffffffffffffffda RBX: 00007ff942215fa0 RCX: 00007ff941f9c799 [ 857.869305][T16906] RDX: 000000000000a001 RSI: 00002000000000c0 RDI: ffffffffffffff9c [ 857.869320][T16906] RBP: 00007ff942032c99 R08: 0000000000000000 R09: 0000000000000000 [ 857.869335][T16906] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 857.869349][T16906] R13: 00007ff942216038 R14: 00007ff942215fa0 R15: 00007ffcc8df6558 [ 857.869380][T16906] [ 858.146296][T16913] netlink: 5 bytes leftover after parsing attributes in process `syz.4.3382'. [ 858.379737][T16906] ERROR: Out of memory at tomoyo_realpath_from_path. [ 859.012481][T16918] netlink: 186 bytes leftover after parsing attributes in process `syz.3.3385'. [ 861.237178][T16948] capability: warning: `syz.3.3389' uses 32-bit capabilities (legacy support in use) [ 865.423720][T16969] FAULT_INJECTION: forcing a failure. [ 865.423720][T16969] name failslab, interval 1, probability 0, space 0, times 0 [ 865.616336][T16969] CPU: 0 UID: 0 PID: 16969 Comm: syz.0.3394 Tainted: G L syzkaller #0 PREEMPT(full) [ 865.616374][T16969] Tainted: [L]=SOFTLOCKUP [ 865.616383][T16969] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 865.616398][T16969] Call Trace: [ 865.616405][T16969] [ 865.616415][T16969] dump_stack_lvl+0x100/0x190 [ 865.616464][T16969] should_fail_ex.cold+0x5/0xa [ 865.616492][T16969] ? tomoyo_realpath_from_path+0xb6/0x690 [ 865.616521][T16969] should_failslab+0xc2/0x120 [ 865.616547][T16969] __kmalloc_noprof+0xe0/0x850 [ 865.616589][T16969] tomoyo_realpath_from_path+0xb6/0x690 [ 865.616625][T16969] tomoyo_check_open_permission+0x2af/0x3c0 [ 865.616667][T16969] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 865.616735][T16969] ? lock_acquire+0x1cf/0x380 [ 865.616765][T16969] ? find_held_lock+0x2b/0x80 [ 865.616795][T16969] tomoyo_file_open+0x6b/0x90 [ 865.616829][T16969] security_file_open+0xb5/0x1e0 [ 865.616855][T16969] do_dentry_open+0x5aa/0x1660 [ 865.616888][T16969] vfs_open+0x82/0x3f0 [ 865.616922][T16969] path_openat+0x208c/0x31a0 [ 865.616956][T16969] ? __pfx_path_openat+0x10/0x10 [ 865.616991][T16969] do_file_open+0x20e/0x430 [ 865.617018][T16969] ? __pfx_do_file_open+0x10/0x10 [ 865.617064][T16969] ? alloc_fd+0x476/0x790 [ 865.617090][T16969] ? do_getname+0x191/0x390 [ 865.617123][T16969] do_sys_openat2+0x10d/0x1e0 [ 865.617155][T16969] ? __pfx_do_sys_openat2+0x10/0x10 [ 865.617198][T16969] __x64_sys_openat+0x12d/0x210 [ 865.617231][T16969] ? __pfx___x64_sys_openat+0x10/0x10 [ 865.617275][T16969] do_syscall_64+0x106/0xf80 [ 865.617305][T16969] ? clear_bhb_loop+0x40/0x90 [ 865.617335][T16969] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 865.617365][T16969] RIP: 0033:0x7f1fa2b9c799 [ 865.617385][T16969] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 865.617408][T16969] RSP: 002b:00007f1fa3a65028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 865.617436][T16969] RAX: ffffffffffffffda RBX: 00007f1fa2e15fa0 RCX: 00007f1fa2b9c799 [ 865.617452][T16969] RDX: 000000000000a001 RSI: 00002000000000c0 RDI: ffffffffffffff9c [ 865.617467][T16969] RBP: 00007f1fa2c32c99 R08: 0000000000000000 R09: 0000000000000000 [ 865.617482][T16969] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 865.617496][T16969] R13: 00007f1fa2e16038 R14: 00007f1fa2e15fa0 R15: 00007ffe01b09688 [ 865.617527][T16969] [ 866.118534][T16969] ERROR: Out of memory at tomoyo_realpath_from_path. [ 870.412359][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 870.418749][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 871.894786][T17004] FAULT_INJECTION: forcing a failure. [ 871.894786][T17004] name failslab, interval 1, probability 0, space 0, times 0 [ 872.048833][T17004] CPU: 0 UID: 0 PID: 17004 Comm: syz.1.3404 Tainted: G L syzkaller #0 PREEMPT(full) [ 872.048872][T17004] Tainted: [L]=SOFTLOCKUP [ 872.048881][T17004] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 872.048896][T17004] Call Trace: [ 872.048905][T17004] [ 872.048914][T17004] dump_stack_lvl+0x100/0x190 [ 872.048956][T17004] should_fail_ex.cold+0x5/0xa [ 872.048985][T17004] should_failslab+0xc2/0x120 [ 872.049011][T17004] __kmalloc_cache_noprof+0x7a/0x6f0 [ 872.049043][T17004] ? refill_pi_state_cache+0x91/0x260 [ 872.049085][T17004] refill_pi_state_cache+0x91/0x260 [ 872.049122][T17004] futex_lock_pi+0x177/0x7b0 [ 872.049162][T17004] ? __pfx_futex_lock_pi+0x10/0x10 [ 872.049200][T17004] ? __pfx___futex_wait+0x10/0x10 [ 872.049237][T17004] ? lockdep_hardirqs_on+0x78/0x100 [ 872.049299][T17004] ? __pfx_futex_wake_mark+0x10/0x10 [ 872.049343][T17004] ? __get_user_nocheck_8+0x20/0x20 [ 872.049367][T17004] ? do_vfs_ioctl+0x226/0x13e0 [ 872.049407][T17004] do_futex+0x18a/0x350 [ 872.049438][T17004] ? __pfx_do_futex+0x10/0x10 [ 872.049471][T17004] ? find_held_lock+0x2b/0x80 [ 872.049498][T17004] __x64_sys_futex+0x34f/0x4d0 [ 872.049534][T17004] ? __pfx___x64_sys_futex+0x10/0x10 [ 872.049577][T17004] do_syscall_64+0x106/0xf80 [ 872.049605][T17004] ? clear_bhb_loop+0x40/0x90 [ 872.049638][T17004] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 872.049663][T17004] RIP: 0033:0x7ff941f9c799 [ 872.049683][T17004] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 872.049707][T17004] RSP: 002b:00007ff942dc9028 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 872.049731][T17004] RAX: ffffffffffffffda RBX: 00007ff942216090 RCX: 00007ff941f9c799 [ 872.049747][T17004] RDX: 0000000000000008 RSI: 0000000000000006 RDI: 0000000000000000 [ 872.049762][T17004] RBP: 00007ff942032c99 R08: 0000000000000000 R09: 000000008000fff5 [ 872.049776][T17004] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 872.049790][T17004] R13: 00007ff942216128 R14: 00007ff942216090 R15: 00007ffcc8df6558 [ 872.049821][T17004] [ 874.932173][T17026] FAULT_INJECTION: forcing a failure. [ 874.932173][T17026] name failslab, interval 1, probability 0, space 0, times 0 [ 875.121194][T17026] CPU: 0 UID: 0 PID: 17026 Comm: syz.0.3407 Tainted: G L syzkaller #0 PREEMPT(full) [ 875.121232][T17026] Tainted: [L]=SOFTLOCKUP [ 875.121241][T17026] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 875.121255][T17026] Call Trace: [ 875.121262][T17026] [ 875.121272][T17026] dump_stack_lvl+0x100/0x190 [ 875.121314][T17026] should_fail_ex.cold+0x5/0xa [ 875.121341][T17026] ? process_preds+0x4c2/0x1d90 [ 875.121377][T17026] should_failslab+0xc2/0x120 [ 875.121403][T17026] __kmalloc_noprof+0xe0/0x850 [ 875.121446][T17026] process_preds+0x4c2/0x1d90 [ 875.121489][T17026] ? create_filter_start.constprop.0+0x134/0x310 [ 875.121531][T17026] create_filter+0x140/0x210 [ 875.121569][T17026] ? __pfx_create_filter+0x10/0x10 [ 875.121609][T17026] ? find_held_lock+0x2b/0x80 [ 875.121635][T17026] apply_event_filter+0x220/0x500 [ 875.121674][T17026] ? __pfx_apply_event_filter+0x10/0x10 [ 875.121720][T17026] event_filter_write+0x16d/0x290 [ 875.121766][T17026] vfs_write+0x2aa/0x1070 [ 875.121807][T17026] ? __pfx_event_filter_write+0x10/0x10 [ 875.121838][T17026] ? __pfx_vfs_write+0x10/0x10 [ 875.121876][T17026] ? __fget_files+0x215/0x3d0 [ 875.121904][T17026] ? __fget_files+0x21f/0x3d0 [ 875.121935][T17026] ksys_write+0x12a/0x250 [ 875.121956][T17026] ? __pfx_ksys_write+0x10/0x10 [ 875.121986][T17026] do_syscall_64+0x106/0xf80 [ 875.122016][T17026] ? clear_bhb_loop+0x40/0x90 [ 875.122046][T17026] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 875.122071][T17026] RIP: 0033:0x7f1fa2b9c799 [ 875.122091][T17026] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 875.122115][T17026] RSP: 002b:00007f1fa3a65028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 875.122144][T17026] RAX: ffffffffffffffda RBX: 00007f1fa2e15fa0 RCX: 00007f1fa2b9c799 [ 875.122161][T17026] RDX: 00000000000005c8 RSI: 0000000000000000 RDI: 0000000000000003 [ 875.122176][T17026] RBP: 00007f1fa2c32c99 R08: 0000000000000000 R09: 0000000000000000 [ 875.122191][T17026] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 875.122206][T17026] R13: 00007f1fa2e16038 R14: 00007f1fa2e15fa0 R15: 00007ffe01b09688 [ 875.122238][T17026] [ 877.460424][T17055] [U] [ 877.463282][T17055] [U] [ 877.466073][T17055] [U] [ 877.468816][T17055] [U] [ 877.678425][T17055] [U] [ 877.681193][T17055] [U] [ 877.683948][T17055] [U] [ 877.686994][T17055] [U] [ 878.358140][T17052] [U] [ 878.730518][ T30] audit: type=1800 audit(4294967492.640:21): pid=17078 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.3421" name="dbroot" dev="configfs" ino=69835 res=0 errno=0 [ 878.771375][T17078] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3421'. [ 878.872493][T17070] netlink: 186 bytes leftover after parsing attributes in process `syz.4.3419'. [ 879.054273][T17078] team0: Port device team_slave_1 removed [ 880.481889][T17093] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3425'. [ 880.567274][T17093] team0 (unregistering): Port device team_slave_0 removed [ 880.895325][T17097] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3426'. [ 880.951276][T17097] netlink: 354 bytes leftover after parsing attributes in process `syz.1.3426'. [ 881.276554][T17100] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3435'. [ 881.375805][T17100] team0 (unregistering): Port device team_slave_0 removed [ 881.446312][T17100] team0 (unregistering): Port device team_slave_1 removed [ 882.048780][T17115] netlink: 30 bytes leftover after parsing attributes in process `syz.4.3430'. [ 887.439763][T13029] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 888.276047][T17188] netlink: 13 bytes leftover after parsing attributes in process `syz.1.3448'. [ 889.229353][ T30] audit: type=1800 audit(4294967503.140:22): pid=17202 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.3453" name="SYSV00000008" dev="tmpfs" ino=0 res=0 errno=0 [ 896.073684][T17317] netlink: 210 bytes leftover after parsing attributes in process `syz.1.3482'. [ 899.420377][T17372] FAULT_INJECTION: forcing a failure. [ 899.420377][T17372] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 899.552526][T17372] CPU: 0 UID: 0 PID: 17372 Comm: syz.0.3492 Tainted: G L syzkaller #0 PREEMPT(full) [ 899.552565][T17372] Tainted: [L]=SOFTLOCKUP [ 899.552573][T17372] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 899.552588][T17372] Call Trace: [ 899.552595][T17372] [ 899.552604][T17372] dump_stack_lvl+0x100/0x190 [ 899.552645][T17372] should_fail_ex.cold+0x5/0xa [ 899.552674][T17372] _copy_from_user+0x2e/0xd0 [ 899.552700][T17372] snd_pcm_oss_write2+0x1c2/0x400 [ 899.552846][T17372] ? __pfx_snd_pcm_oss_write2+0x10/0x10 [ 899.552895][T17372] snd_pcm_oss_write+0x729/0xa30 [ 899.552922][T17372] ? security_file_permission+0x76/0x210 [ 899.552954][T17372] vfs_write+0x2aa/0x1070 [ 899.552994][T17372] ? __pfx_snd_pcm_oss_write+0x10/0x10 [ 899.553021][T17372] ? __pfx_vfs_write+0x10/0x10 [ 899.553066][T17372] ? find_held_lock+0x2b/0x80 [ 899.553089][T17372] ? __fget_files+0x215/0x3d0 [ 899.553110][T17372] ? __fget_files+0x215/0x3d0 [ 899.553137][T17372] ? __fget_files+0x21f/0x3d0 [ 899.553168][T17372] ksys_write+0x12a/0x250 [ 899.553190][T17372] ? __pfx_ksys_write+0x10/0x10 [ 899.553221][T17372] do_syscall_64+0x106/0xf80 [ 899.553250][T17372] ? clear_bhb_loop+0x40/0x90 [ 899.553280][T17372] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 899.553305][T17372] RIP: 0033:0x7f1fa2b9c799 [ 899.553328][T17372] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 899.553359][T17372] RSP: 002b:00007f1fa3a44028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 899.553383][T17372] RAX: ffffffffffffffda RBX: 00007f1fa2e16090 RCX: 00007f1fa2b9c799 [ 899.553400][T17372] RDX: 0000000000100082 RSI: 0000000000000000 RDI: 0000000000000003 [ 899.553416][T17372] RBP: 00007f1fa2c32c99 R08: 0000000000000000 R09: 0000000000000000 [ 899.553431][T17372] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 899.553445][T17372] R13: 00007f1fa2e16128 R14: 00007f1fa2e16090 R15: 00007ffe01b09688 [ 899.553477][T17372] [ 900.060605][ T5833] Bluetooth: hci2: command 0x1003 tx timeout [ 900.068581][T13029] Bluetooth: hci2: Opcode 0x1003 failed: -110 [ 902.232930][T17409] syz.3.3503 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 902.583352][T17416] netlink: 62 bytes leftover after parsing attributes in process `syz.0.3504'. [ 903.573406][T17429] netlink: 'syz.0.3508': attribute type 3 has an invalid length. [ 903.605788][T17429] netlink: 306 bytes leftover after parsing attributes in process `syz.0.3508'. [ 903.896480][T17438] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3512'. [ 903.931512][T17438] netlink: 354 bytes leftover after parsing attributes in process `syz.0.3512'. [ 904.201849][T17446] random: crng reseeded on system resumption [ 905.603692][T17462] netlink: 93 bytes leftover after parsing attributes in process `syz.3.3520'. [ 905.713665][T17459] netlink: 93 bytes leftover after parsing attributes in process `syz.3.3520'. [ 905.801022][T17464] netlink: 25 bytes leftover after parsing attributes in process `syz.0.3521'. [ 909.827774][T17520] Process accounting resumed [ 910.191627][T17529] FAULT_INJECTION: forcing a failure. [ 910.191627][T17529] name failslab, interval 1, probability 0, space 0, times 0 [ 910.312238][T17529] CPU: 0 UID: 0 PID: 17529 Comm: syz.0.3540 Tainted: G L syzkaller #0 PREEMPT(full) [ 910.312278][T17529] Tainted: [L]=SOFTLOCKUP [ 910.312287][T17529] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 910.312301][T17529] Call Trace: [ 910.312309][T17529] [ 910.312318][T17529] dump_stack_lvl+0x100/0x190 [ 910.312359][T17529] should_fail_ex.cold+0x5/0xa [ 910.312388][T17529] should_failslab+0xc2/0x120 [ 910.312413][T17529] __kvmalloc_node_noprof+0xfa/0xa00 [ 910.312452][T17529] ? io_alloc_cache_init+0x38/0x170 [ 910.312553][T17529] ? lockdep_init_map_type+0x5c/0x250 [ 910.312591][T17529] io_alloc_cache_init+0x38/0x170 [ 910.312628][T17529] io_uring_setup.cold+0x3cd/0x1d09 [ 910.312668][T17529] ? __pfx_io_uring_setup+0x10/0x10 [ 910.312725][T17529] ? do_futex+0x192/0x350 [ 910.312758][T17529] ? __pfx_do_futex+0x10/0x10 [ 910.312803][T17529] ? xfd_validate_state+0x129/0x190 [ 910.312846][T17529] __x64_sys_io_uring_setup+0xc2/0x170 [ 910.312877][T17529] do_syscall_64+0x106/0xf80 [ 910.312906][T17529] ? clear_bhb_loop+0x40/0x90 [ 910.312944][T17529] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 910.312969][T17529] RIP: 0033:0x7f1fa2b9c799 [ 910.312990][T17529] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 910.313015][T17529] RSP: 002b:00007f1fa3a65028 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 910.313038][T17529] RAX: ffffffffffffffda RBX: 00007f1fa2e15fa0 RCX: 00007f1fa2b9c799 [ 910.313054][T17529] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000001d48 [ 910.313069][T17529] RBP: 00007f1fa2c32c99 R08: 0000000000000000 R09: 0000000000000000 [ 910.313083][T17529] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 910.313098][T17529] R13: 00007f1fa2e16038 R14: 00007f1fa2e15fa0 R15: 00007ffe01b09688 [ 910.313129][T17529] [ 912.713142][T17556] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3545'. [ 915.916002][T17594] binder: 17593:17594 ioctl c018620c 200000000040 returned -22 [ 916.847456][T17613] FAULT_INJECTION: forcing a failure. [ 916.847456][T17613] name fail_futex, interval 1, probability 0, space 0, times 0 [ 916.901742][T17613] CPU: 0 UID: 0 PID: 17613 Comm: syz.3.3560 Tainted: G L syzkaller #0 PREEMPT(full) [ 916.901779][T17613] Tainted: [L]=SOFTLOCKUP [ 916.901787][T17613] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 916.901801][T17613] Call Trace: [ 916.901808][T17613] [ 916.901817][T17613] dump_stack_lvl+0x100/0x190 [ 916.901857][T17613] should_fail_ex.cold+0x5/0xa [ 916.901883][T17613] get_futex_key+0x107c/0x1620 [ 916.901915][T17613] ? __pfx_get_futex_key+0x10/0x10 [ 916.901941][T17613] ? lock_acquire+0x1cf/0x380 [ 916.901980][T17613] futex_wake+0xea/0x530 [ 916.902016][T17613] ? __pfx_futex_wake+0x10/0x10 [ 916.902051][T17613] ? exit_mm_release+0x19/0x30 [ 916.902087][T17613] do_futex+0x32b/0x350 [ 916.902117][T17613] ? __pfx_do_futex+0x10/0x10 [ 916.902145][T17613] ? __might_fault+0xc5/0x140 [ 916.902185][T17613] mm_release+0x24a/0x2f0 [ 916.902208][T17613] do_exit+0x704/0x2b60 [ 916.902242][T17613] ? __pfx_do_exit+0x10/0x10 [ 916.902272][T17613] ? do_raw_spin_lock+0x128/0x260 [ 916.902305][T17613] ? find_held_lock+0x2b/0x80 [ 916.902326][T17613] ? get_signal+0x7e0/0x21e0 [ 916.902352][T17613] do_group_exit+0xd5/0x2a0 [ 916.902385][T17613] get_signal+0x1ec7/0x21e0 [ 916.902419][T17613] ? __pfx_get_signal+0x10/0x10 [ 916.902444][T17613] ? do_futex+0x192/0x350 [ 916.902485][T17613] arch_do_signal_or_restart+0x91/0x770 [ 916.902516][T17613] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 916.902553][T17613] ? __pfx___x64_sys_futex+0x10/0x10 [ 916.902589][T17613] exit_to_user_mode_loop+0x86/0x4a0 [ 916.902623][T17613] do_syscall_64+0x668/0xf80 [ 916.902653][T17613] ? clear_bhb_loop+0x40/0x90 [ 916.902682][T17613] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 916.902706][T17613] RIP: 0033:0x7fbe2b99c799 [ 916.902725][T17613] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 916.902748][T17613] RSP: 002b:00007fbe2c79e0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 916.902771][T17613] RAX: fffffffffffffe00 RBX: 00007fbe2bc15fa8 RCX: 00007fbe2b99c799 [ 916.902787][T17613] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fbe2bc15fa8 [ 916.902801][T17613] RBP: 00007fbe2bc15fa0 R08: 0000000000000000 R09: 0000000000000000 [ 916.902816][T17613] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 916.902829][T17613] R13: 00007fbe2bc16038 R14: 00007fff376b0010 R15: 00007fff376b00f8 [ 916.902859][T17613] [ 918.212427][T17627] netlink: 17 bytes leftover after parsing attributes in process `syz.1.3564'. [ 919.321844][T17629] serio: Serial port pty6 [ 919.512403][T17652] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3570'. [ 920.840436][T17675] binder: 17674:17675 ioctl c018620c 2000000000c0 returned -22 [ 924.186681][T17718] kAFS: Invalid Command on /proc/fs/afs/cells file [ 925.865736][T17742] nbd: must specify at least one socket [ 927.858607][T17757] netlink: 25 bytes leftover after parsing attributes in process `syz.4.3594'. [ 930.764651][ T30] audit: type=1807 audit(4294967544.670:23): UNKNOWN=0"]$|1j0B|dӉO+/xWӦ^gq%ḦrO res=0 [ 930.819723][ T30] audit: type=1802 audit(4294967544.720:24): pid=17795 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=update_policy cause=invalid-policy comm="syz.0.3606" res=0 errno=0 [ 931.263763][T17794] ima: policy update failed [ 931.291948][ T30] audit: type=1802 audit(4294967545.210:25): pid=17794 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.0.3606" res=0 errno=0 [ 931.842428][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 931.850295][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 934.503099][T17852] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3617'. [ 934.652597][T17852] bridge0: port 2(bridge_slave_1) entered disabled state [ 934.801222][T17852] bridge_slave_1 (unregistering): left allmulticast mode [ 934.864324][T17852] bridge_slave_1 (unregistering): left promiscuous mode [ 934.935171][T17852] bridge0: port 2(bridge_slave_1) entered disabled state [ 936.483366][T17873] FAULT_INJECTION: forcing a failure. [ 936.483366][T17873] name failslab, interval 1, probability 0, space 0, times 0 [ 936.631322][T17873] CPU: 0 UID: 0 PID: 17873 Comm: syz.0.3624 Tainted: G L syzkaller #0 PREEMPT(full) [ 936.631361][T17873] Tainted: [L]=SOFTLOCKUP [ 936.631370][T17873] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 936.631384][T17873] Call Trace: [ 936.631392][T17873] [ 936.631401][T17873] dump_stack_lvl+0x100/0x190 [ 936.631445][T17873] should_fail_ex.cold+0x5/0xa [ 936.631476][T17873] should_failslab+0xc2/0x120 [ 936.631503][T17873] __kmalloc_cache_noprof+0x7a/0x6f0 [ 936.631535][T17873] ? refill_pi_state_cache+0x91/0x260 [ 936.631579][T17873] refill_pi_state_cache+0x91/0x260 [ 936.631617][T17873] futex_lock_pi+0x177/0x7b0 [ 936.631665][T17873] ? __pfx_futex_lock_pi+0x10/0x10 [ 936.631703][T17873] ? __pfx___futex_wait+0x10/0x10 [ 936.631740][T17873] ? lockdep_hardirqs_on+0x78/0x100 [ 936.631796][T17873] ? __pfx_futex_wake_mark+0x10/0x10 [ 936.631839][T17873] ? __get_user_nocheck_8+0x20/0x20 [ 936.631863][T17873] ? do_vfs_ioctl+0x226/0x13e0 [ 936.631902][T17873] do_futex+0x18a/0x350 [ 936.631933][T17873] ? __pfx_do_futex+0x10/0x10 [ 936.631966][T17873] ? find_held_lock+0x2b/0x80 [ 936.631992][T17873] __x64_sys_futex+0x34f/0x4d0 [ 936.632028][T17873] ? __pfx___x64_sys_futex+0x10/0x10 [ 936.632070][T17873] do_syscall_64+0x106/0xf80 [ 936.632099][T17873] ? clear_bhb_loop+0x40/0x90 [ 936.632129][T17873] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 936.632154][T17873] RIP: 0033:0x7f1fa2b9c799 [ 936.632174][T17873] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 936.632197][T17873] RSP: 002b:00007f1fa3a44028 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 936.632220][T17873] RAX: ffffffffffffffda RBX: 00007f1fa2e16090 RCX: 00007f1fa2b9c799 [ 936.632236][T17873] RDX: 0000000000000008 RSI: 0000000000000006 RDI: 0000000000000000 [ 936.632250][T17873] RBP: 00007f1fa2c32c99 R08: 0000000000000000 R09: 000000008000fff5 [ 936.632265][T17873] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 936.632279][T17873] R13: 00007f1fa2e16128 R14: 00007f1fa2e16090 R15: 00007ffe01b09688 [ 936.632310][T17873] [ 939.615823][T17896] can: request_module (can-proto-3) failed. [ 940.337685][T17888] Process accounting paused [ 941.380522][T17919] [U] [ 941.955611][ T30] audit: type=1800 audit(4294967555.870:26): pid=17932 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.3637" name="SYSV00000008" dev="tmpfs" ino=0 res=0 errno=0 [ 942.950464][T13029] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 943.060218][T17952] FAULT_INJECTION: forcing a failure. [ 943.060218][T17952] name failslab, interval 1, probability 0, space 0, times 0 [ 943.182486][T17958] usb usb13: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 943.254200][T17952] CPU: 0 UID: 0 PID: 17952 Comm: syz.1.3641 Tainted: G L syzkaller #0 PREEMPT(full) [ 943.254240][T17952] Tainted: [L]=SOFTLOCKUP [ 943.254249][T17952] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 943.254264][T17952] Call Trace: [ 943.254272][T17952] [ 943.254280][T17952] dump_stack_lvl+0x100/0x190 [ 943.254322][T17952] should_fail_ex.cold+0x5/0xa [ 943.254351][T17952] should_failslab+0xc2/0x120 [ 943.254377][T17952] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 943.254414][T17952] ? shmem_alloc_inode+0x25/0x50 [ 943.254445][T17952] ? __pfx_shmem_alloc_inode+0x10/0x10 [ 943.254473][T17952] shmem_alloc_inode+0x25/0x50 [ 943.254499][T17952] alloc_inode+0x68/0x250 [ 943.254531][T17952] new_inode+0x22/0x1c0 [ 943.254565][T17952] shmem_get_inode+0x212/0x1040 [ 943.254601][T17952] ? __pfx_shmem_get_inode+0x10/0x10 [ 943.254631][T17952] ? d_add+0x443/0x850 [ 943.254662][T17952] ? do_raw_spin_unlock+0x145/0x1e0 [ 943.254703][T17952] shmem_mknod+0x20c/0x470 [ 943.254750][T17952] ? __pfx_shmem_mknod+0x10/0x10 [ 943.254780][T17952] ? bpf_lsm_inode_create+0x9/0x10 [ 943.254820][T17952] ? __pfx_shmem_create+0x10/0x10 [ 943.254851][T17952] lookup_open.isra.0+0xc47/0x11b0 [ 943.254894][T17952] ? __pfx_lookup_open.isra.0+0x10/0x10 [ 943.254936][T17952] ? __pfx___might_resched+0x10/0x10 [ 943.254971][T17952] ? mnt_get_write_access+0x52/0x2f0 [ 943.255009][T17952] ? __pfx_down_write+0x10/0x10 [ 943.255042][T17952] ? mnt_get_write_access+0x1e9/0x2f0 [ 943.255078][T17952] path_openat+0x2291/0x31a0 [ 943.255113][T17952] ? __pfx_path_openat+0x10/0x10 [ 943.255148][T17952] do_file_open+0x20e/0x430 [ 943.255175][T17952] ? __pfx_do_file_open+0x10/0x10 [ 943.255221][T17952] ? alloc_fd+0x476/0x790 [ 943.255247][T17952] ? do_getname+0x191/0x390 [ 943.255279][T17952] do_sys_openat2+0x10d/0x1e0 [ 943.255311][T17952] ? __pfx_do_sys_openat2+0x10/0x10 [ 943.255346][T17952] ? __fget_files+0x21f/0x3d0 [ 943.255374][T17952] __x64_sys_openat+0x12d/0x210 [ 943.255407][T17952] ? __pfx___x64_sys_openat+0x10/0x10 [ 943.255451][T17952] do_syscall_64+0x106/0xf80 [ 943.255480][T17952] ? clear_bhb_loop+0x40/0x90 [ 943.255510][T17952] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 943.255535][T17952] RIP: 0033:0x7ff941f9c799 [ 943.255555][T17952] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 943.255579][T17952] RSP: 002b:00007ff942dea028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 943.255602][T17952] RAX: ffffffffffffffda RBX: 00007ff942215fa0 RCX: 00007ff941f9c799 [ 943.255618][T17952] RDX: 00000000000861c2 RSI: 0000000000000000 RDI: ffffffffffffff9c [ 943.255634][T17952] RBP: 00007ff942032c99 R08: 0000000000000000 R09: 0000000000000000 [ 943.255648][T17952] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 943.255662][T17952] R13: 00007ff942216038 R14: 00007ff942215fa0 R15: 00007ffcc8df6558 [ 943.255693][T17952] [ 947.920850][T18004] ubi0: attaching mtd0 [ 947.947623][T18004] ubi0: scanning is finished [ 947.970618][T18012] netlink: 334 bytes leftover after parsing attributes in process `syz.1.3653'. [ 947.989966][T18004] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 948.051412][T18013] netlink: 25 bytes leftover after parsing attributes in process `syz.4.3656'. [ 948.363092][T18004] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 949.000145][T18020] zswap: compressor not available [ 950.920460][T18050] netlink: 354 bytes leftover after parsing attributes in process `syz.1.3664'. [ 952.740658][ C0] vcan0: j1939_tp_rxtimer: 0xffff888025f2a400: rx timeout, send abort [ 952.749249][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff888025f2a400: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 954.406393][ C0] vcan0: j1939_tp_rxtimer: 0xffff888025f29800: rx timeout, send abort [ 954.414877][ C0] vcan0: j1939_tp_rxtimer: 0xffff888025f2a800: rx timeout, send abort [ 954.423420][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff888025f29800: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 954.437987][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff888025f2a800: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 955.426179][T18092] netlink: 9 bytes leftover after parsing attributes in process `syz.1.3678'. [ 957.135488][T18120] FAULT_INJECTION: forcing a failure. [ 957.135488][T18120] name failslab, interval 1, probability 0, space 0, times 0 [ 957.248265][T18120] CPU: 0 UID: 0 PID: 18120 Comm: syz.0.3686 Tainted: G L syzkaller #0 PREEMPT(full) [ 957.248304][T18120] Tainted: [L]=SOFTLOCKUP [ 957.248313][T18120] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 957.248327][T18120] Call Trace: [ 957.248335][T18120] [ 957.248344][T18120] dump_stack_lvl+0x100/0x190 [ 957.248385][T18120] should_fail_ex.cold+0x5/0xa [ 957.248414][T18120] ? lsm_blob_alloc+0x68/0x90 [ 957.248444][T18120] should_failslab+0xc2/0x120 [ 957.248469][T18120] __kmalloc_noprof+0xe0/0x850 [ 957.248506][T18120] ? audit_alloc+0xa2/0x7b0 [ 957.248538][T18120] lsm_blob_alloc+0x68/0x90 [ 957.248568][T18120] security_task_alloc+0x2a/0x260 [ 957.248596][T18120] copy_process+0x2531/0x7a10 [ 957.248640][T18120] ? __pfx_copy_process+0x10/0x10 [ 957.248678][T18120] ? lockdep_init_map_type+0x5c/0x250 [ 957.248712][T18120] ? lockdep_init_map_type+0x5c/0x250 [ 957.248745][T18120] ? __pfx_vhost_run_work_list+0x10/0x10 [ 957.248863][T18120] ? __pfx_vhost_worker_killed+0x10/0x10 [ 957.248890][T18120] vhost_task_create+0x1db/0x370 [ 957.248928][T18120] ? __pfx_vhost_task_create+0x10/0x10 [ 957.248974][T18120] ? __pfx_vhost_task_fn+0x10/0x10 [ 957.249017][T18120] ? snprintf+0xc7/0x100 [ 957.249047][T18120] vhost_task_worker_create+0x8d/0x260 [ 957.249079][T18120] ? __pfx_vhost_task_worker_create+0x10/0x10 [ 957.249110][T18120] ? lockdep_init_map_type+0x5c/0x250 [ 957.249143][T18120] ? lockdep_init_map_type+0x5c/0x250 [ 957.249180][T18120] vhost_worker_create+0x243/0x310 [ 957.249210][T18120] ? __pfx_vhost_worker_create+0x10/0x10 [ 957.249246][T18120] vhost_dev_set_owner+0x719/0xa30 [ 957.249287][T18120] vhost_net_ioctl+0xfa3/0x1910 [ 957.249336][T18120] ? do_vfs_ioctl+0x226/0x13e0 [ 957.249372][T18120] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 957.249407][T18120] ? __pfx_vhost_net_ioctl+0x10/0x10 [ 957.249444][T18120] ? find_held_lock+0x2b/0x80 [ 957.249466][T18120] ? __fget_files+0x215/0x3d0 [ 957.249486][T18120] ? hook_file_ioctl_common+0x146/0x410 [ 957.249534][T18120] ? __fget_files+0x21f/0x3d0 [ 957.249560][T18120] ? __pfx_vhost_net_ioctl+0x10/0x10 [ 957.249596][T18120] __x64_sys_ioctl+0x18e/0x210 [ 957.249632][T18120] do_syscall_64+0x106/0xf80 [ 957.249661][T18120] ? clear_bhb_loop+0x40/0x90 [ 957.249690][T18120] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 957.249716][T18120] RIP: 0033:0x7f1fa2b9c799 [ 957.249735][T18120] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 957.249759][T18120] RSP: 002b:00007f1fa3a44028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 957.249782][T18120] RAX: ffffffffffffffda RBX: 00007f1fa2e16090 RCX: 00007f1fa2b9c799 [ 957.249798][T18120] RDX: 0000000000000005 RSI: 000000000000af01 RDI: 0000000000000007 [ 957.249813][T18120] RBP: 00007f1fa2c32c99 R08: 0000000000000000 R09: 0000000000000000 [ 957.249827][T18120] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 957.249846][T18120] R13: 00007f1fa2e16128 R14: 00007f1fa2e16090 R15: 00007ffe01b09688 [ 957.249877][T18120] [ 960.622745][T13029] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 961.266504][T18159] vivid-007: ================= START STATUS ================= [ 961.368395][T18159] vivid-007: Generate PTS: true [ 961.473926][T18159] vivid-007: Generate SCR: true [ 961.478919][T18159] tpg source WxH: 320x240 (Y'CbCr) [ 961.626046][T18159] tpg field: 1 [ 961.690831][T18159] tpg crop: (0,0)/320x240 [ 961.752147][T18159] tpg compose: (0,0)/320x240 [ 961.828939][T18159] tpg colorspace: 8 [ 961.906464][T18159] tpg transfer function: 0/0 [ 961.999738][T18159] tpg Y'CbCr encoding: 0/0 [ 962.038699][T18159] tpg quantization: 0/0 [ 962.102189][T18159] tpg RGB range: 0/2 [ 962.151569][T18159] vivid-007: ================== END STATUS ================== [ 962.640044][ T5833] Bluetooth: hci0: command 0x0c1a tx timeout [ 964.722498][ T5833] Bluetooth: hci0: command 0x0c1a tx timeout [ 967.026738][T18242] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3717'. [ 967.064962][T18242] netlink: 'syz.3.3717': attribute type 1 has an invalid length. [ 967.093240][T18242] netlink: 5 bytes leftover after parsing attributes in process `syz.3.3717'. [ 967.123166][T18242] netlink: 'syz.3.3717': attribute type 1 has an invalid length. [ 968.882788][T18268] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3725'. [ 969.121806][T18270] ptrace attach of "./syz-executor exec"[5822] was attempted by "y6CLVe4럼X`uC9Rv:tG}ᦣ\x0acRDL21qGU3sj¸dkֵ9-JЌE\x0b&Y5@'+ [ 975.796916][T18358] dump_stack_lvl+0x100/0x190 [ 975.796958][T18358] should_fail_ex.cold+0x5/0xa [ 975.796986][T18358] should_failslab+0xc2/0x120 [ 975.797012][T18358] __kmalloc_cache_noprof+0x7a/0x6f0 [ 975.797044][T18358] ? nexthop_net_init+0x73/0x140 [ 975.797146][T18358] ? lockdep_init_map_type+0x5c/0x250 [ 975.797181][T18358] ? __pfx_nexthop_net_init+0x10/0x10 [ 975.797206][T18358] nexthop_net_init+0x73/0x140 [ 975.797229][T18358] ? tcf_net_init+0x55/0x150 [ 975.797282][T18358] ops_init+0x1e2/0x5f0 [ 975.797325][T18358] setup_net+0x118/0x3a0 [ 975.797357][T18358] ? __pfx_setup_net+0x10/0x10 [ 975.797387][T18358] ? lockdep_init_map_type+0x5c/0x250 [ 975.797420][T18358] ? mutex_init_lockep+0x110/0x150 [ 975.797457][T18358] copy_net_ns+0x46f/0x7c0 [ 975.797494][T18358] create_new_namespaces+0x3ea/0xac0 [ 975.797527][T18358] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 975.797556][T18358] ksys_unshare+0x473/0xad0 [ 975.797588][T18358] ? __pfx_ksys_unshare+0x10/0x10 [ 975.797629][T18358] __x64_sys_unshare+0x31/0x40 [ 975.797659][T18358] do_syscall_64+0x106/0xf80 [ 975.797688][T18358] ? clear_bhb_loop+0x40/0x90 [ 975.797718][T18358] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 975.797743][T18358] RIP: 0033:0x7ff941f9c799 [ 975.797763][T18358] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 975.797787][T18358] RSP: 002b:00007ff942dea028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 975.797810][T18358] RAX: ffffffffffffffda RBX: 00007ff942215fa0 RCX: 00007ff941f9c799 [ 975.797826][T18358] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 975.797840][T18358] RBP: 00007ff942032c99 R08: 0000000000000000 R09: 0000000000000000 [ 975.797855][T18358] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 975.797872][T18358] R13: 00007ff942216038 R14: 00007ff942215fa0 R15: 00007ffcc8df6558 [ 975.797904][T18358] [ 980.703964][T18434] netlink: 25 bytes leftover after parsing attributes in process `syz.3.3772'. [ 980.909805][ T30] audit: type=1800 audit(4294967594.830:29): pid=18440 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.3775" name="SYSV00000008" dev="tmpfs" ino=0 res=0 errno=0 [ 986.853164][T18497] netlink: 504 bytes leftover after parsing attributes in process `syz.4.3790'. [ 987.505011][T18510] netlink: 25 bytes leftover after parsing attributes in process `syz.0.3794'. [ 987.661260][T18511] Console: switching to colour VGA+ 80x25 [ 987.907786][T18515] ================================================================== [ 987.907811][T18515] BUG: KASAN: slab-out-of-bounds in fbcon_prepare_logo+0x94e/0xc60 [ 987.907884][T18515] Read of size 26 at addr ffff8880370a11ea by task syz.3.3795/18515 [ 987.907904][T18515] [ 987.907918][T18515] CPU: 0 UID: 0 PID: 18515 Comm: syz.3.3795 Tainted: G L syzkaller #0 PREEMPT(full) [ 987.907952][T18515] Tainted: [L]=SOFTLOCKUP [ 987.907960][T18515] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 987.907976][T18515] Call Trace: [ 987.907983][T18515] [ 987.907992][T18515] dump_stack_lvl+0x100/0x190 [ 987.908029][T18515] print_report+0x156/0x4c9 [ 987.908064][T18515] ? __virt_addr_valid+0x81/0x620 [ 987.908095][T18515] ? __phys_addr+0xe8/0x180 [ 987.908125][T18515] ? fbcon_prepare_logo+0x94e/0xc60 [ 987.908161][T18515] kasan_report+0xdf/0x1e0 [ 987.908186][T18515] ? fbcon_prepare_logo+0x94e/0xc60 [ 987.908235][T18515] kasan_check_range+0x10f/0x1e0 [ 987.908265][T18515] __asan_memcpy+0x23/0x60 [ 987.908299][T18515] fbcon_prepare_logo+0x94e/0xc60 [ 987.908343][T18515] fbcon_init+0x10a0/0x1820 [ 987.908385][T18515] visual_init+0x320/0x620 [ 987.908437][T18515] do_bind_con_driver.isra.0+0x636/0x9c0 [ 987.908470][T18515] store_bind+0x609/0x730 [ 987.908501][T18515] ? __pfx_store_bind+0x10/0x10 [ 987.908528][T18515] dev_attr_store+0x58/0x80 [ 987.908570][T18515] ? __pfx_dev_attr_store+0x10/0x10 [ 987.908609][T18515] sysfs_kf_write+0xf2/0x150 [ 987.908640][T18515] kernfs_fop_write_iter+0x3e0/0x5f0 [ 987.908664][T18515] ? __pfx_sysfs_kf_write+0x10/0x10 [ 987.908693][T18515] vfs_write+0x6ac/0x1070 [ 987.908731][T18515] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 987.908758][T18515] ? __pfx_vfs_write+0x10/0x10 [ 987.908805][T18515] ksys_write+0x12a/0x250 [ 987.908825][T18515] ? __pfx_ksys_write+0x10/0x10 [ 987.908846][T18515] ? kcov_ioctl+0x16a/0x720 [ 987.908887][T18515] do_syscall_64+0x106/0xf80 [ 987.908916][T18515] ? clear_bhb_loop+0x40/0x90 [ 987.908944][T18515] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 987.908968][T18515] RIP: 0033:0x7fbe2b99c799 [ 987.908987][T18515] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 987.909011][T18515] RSP: 002b:00007fbe2c77d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 987.909034][T18515] RAX: ffffffffffffffda RBX: 00007fbe2bc16090 RCX: 00007fbe2b99c799 [ 987.909050][T18515] RDX: 0000000000000084 RSI: 0000200000000040 RDI: 0000000000000003 [ 987.909066][T18515] RBP: 00007fbe2ba32c99 R08: 0000000000000000 R09: 0000000000000000 [ 987.909083][T18515] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 987.909098][T18515] R13: 00007fbe2bc16128 R14: 00007fbe2bc16090 R15: 00007fff376b00f8 [ 987.909122][T18515] [ 987.909131][T18515] [ 987.909137][T18515] Allocated by task 18031: [ 987.909148][T18515] kasan_save_stack+0x30/0x50 [ 987.909184][T18515] kasan_save_track+0x14/0x30 [ 987.909226][T18515] __kasan_kmalloc+0xaa/0xb0 [ 987.909260][T18515] __kmalloc_noprof+0x301/0x850 [ 987.909294][T18515] __register_sysctl_table+0xbe4/0x1650 [ 987.909331][T18515] __devinet_sysctl_register+0x1b9/0x360 [ 987.909403][T18515] devinet_init_net+0x303/0x8d0 [ 987.909434][T18515] ops_init+0x1e2/0x5f0 [ 987.909461][T18515] setup_net+0x118/0x3a0 [ 987.909489][T18515] copy_net_ns+0x46f/0x7c0 [ 987.909519][T18515] create_new_namespaces+0x3ea/0xac0 [ 987.909542][T18515] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 987.909566][T18515] ksys_unshare+0x473/0xad0 [ 987.909593][T18515] __x64_sys_unshare+0x31/0x40 [ 987.909620][T18515] do_syscall_64+0x106/0xf80 [ 987.909647][T18515] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 987.909670][T18515] [ 987.909676][T18515] Freed by task 1101: [ 987.909686][T18515] kasan_save_stack+0x30/0x50 [ 987.909721][T18515] kasan_save_track+0x14/0x30 [ 987.909756][T18515] kasan_save_free_info+0x3b/0x70 [ 987.909785][T18515] __kasan_slab_free+0x5f/0x80 [ 987.909805][T18515] __rcu_free_sheaf_prepare+0x5d/0x2f0 [ 987.909832][T18515] rcu_free_sheaf+0x1a/0xd0 [ 987.909863][T18515] rcu_core+0x5a2/0x10d0 [ 987.909894][T18515] handle_softirqs+0x1eb/0x9e0 [ 987.909916][T18515] do_softirq+0xac/0xe0 [ 987.909936][T18515] __local_bh_enable_ip+0xf8/0x120 [ 987.909959][T18515] ieee80211_ibss_work+0x382/0x1050 [ 987.910034][T18515] ieee80211_iface_work+0xc13/0x13d0 [ 987.910055][T18515] cfg80211_wiphy_work+0x446/0x5c0 [ 987.910085][T18515] process_one_work+0x9d7/0x1920 [ 987.910117][T18515] worker_thread+0x5da/0xe40 [ 987.910149][T18515] kthread+0x370/0x450 [ 987.910178][T18515] ret_from_fork+0x754/0xd80 [ 987.910212][T18515] ret_from_fork_asm+0x1a/0x30 [ 987.910242][T18515] [ 987.910247][T18515] The buggy address belongs to the object at ffff8880370a1100 [ 987.910247][T18515] which belongs to the cache kmalloc-192 of size 192 [ 987.910267][T18515] The buggy address is located 42 bytes to the right of [ 987.910267][T18515] allocated 192-byte region [ffff8880370a1100, ffff8880370a11c0) [ 987.910293][T18515] [ 987.910299][T18515] The buggy address belongs to the physical page: [ 987.910310][T18515] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x370a1 [ 987.910332][T18515] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 987.910350][T18515] page_type: f5(slab) [ 987.910370][T18515] raw: 00fff00000000000 ffff88813fe3c3c0 dead000000000100 dead000000000122 [ 987.910393][T18515] raw: 0000000000000000 0000000800100010 00000000f5000000 0000000000000000 [ 987.910407][T18515] page dumped because: kasan: bad access detected [ 987.910419][T18515] page_owner tracks the page as allocated [ 987.910427][T18515] page last allocated via order 0, migratetype Unmovable, gfp_mask 0xd2cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 28087093473, free_ts 28085285026 [ 987.910469][T18515] post_alloc_hook+0x153/0x170 [ 987.910499][T18515] get_page_from_freelist+0x111d/0x3140 [ 987.910533][T18515] __alloc_frozen_pages_noprof+0x27c/0x2ba0 [ 987.910567][T18515] new_slab+0xa6/0x6c0 [ 987.910594][T18515] refill_objects+0x26b/0x400 [ 987.910624][T18515] __pcs_replace_empty_main+0x1ab/0x600 [ 987.910658][T18515] __kmalloc_cache_noprof+0x493/0x6f0 [ 987.910688][T18515] call_usermodehelper_setup+0xaf/0x360 [ 987.910723][T18515] kobject_uevent_env+0x17c1/0x18b0 [ 987.910761][T18515] param_sysfs_builtin_init+0x37b/0x3f0 [ 987.910865][T18515] do_one_initcall+0x11d/0x760 [ 987.910889][T18515] kernel_init_freeable+0x6e5/0x7a0 [ 987.910942][T18515] kernel_init+0x1f/0x1e0 [ 987.910977][T18515] ret_from_fork+0x754/0xd80 [ 987.911014][T18515] ret_from_fork_asm+0x1a/0x30 [ 987.911038][T18515] page last free pid 55 tgid 55 stack trace: [ 987.911050][T18515] __free_frozen_pages+0x7e1/0x10d0 [ 987.911078][T18515] __kasan_populate_vmalloc+0x1ea/0x210 [ 987.911112][T18515] alloc_vmap_area+0x95d/0x2bd0 [ 987.911134][T18515] __get_vm_area_node+0x1ca/0x330 [ 987.911158][T18515] __vmalloc_node_range_noprof+0x213/0x1530 [ 987.911187][T18515] __vmalloc_node_noprof+0xad/0xf0 [ 987.911213][T18515] copy_process+0x5ec/0x7a10 [ 987.911243][T18515] kernel_clone+0xfc/0x9a0 [ 987.911268][T18515] user_mode_thread+0xcc/0x110 [ 987.911293][T18515] call_usermodehelper_exec_work+0xcb/0x180 [ 987.911331][T18515] process_one_work+0x9d7/0x1920 [ 987.911363][T18515] worker_thread+0x5da/0xe40 [ 987.911394][T18515] kthread+0x370/0x450 [ 987.911422][T18515] ret_from_fork+0x754/0xd80 [ 987.911454][T18515] ret_from_fork_asm+0x1a/0x30 [ 987.911479][T18515] [ 987.911484][T18515] Memory state around the buggy address: [ 987.911496][T18515] ffff8880370a1080: 00 00 00 04 fc fc fc fc fc fc fc fc fc fc fc fc [ 987.911513][T18515] ffff8880370a1100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 987.911530][T18515] >ffff8880370a1180: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 987.911544][T18515] ^ [ 987.911557][T18515] ffff8880370a1200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 987.911574][T18515] ffff8880370a1280: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 987.911587][T18515] ================================================================== [ 987.953245][T18515] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 987.953269][T18515] CPU: 0 UID: 0 PID: 18515 Comm: syz.3.3795 Tainted: G L syzkaller #0 PREEMPT(full) [ 987.953305][T18515] Tainted: [L]=SOFTLOCKUP [ 987.953314][T18515] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 987.953330][T18515] Call Trace: [ 987.953337][T18515] [ 987.953347][T18515] dump_stack_lvl+0x100/0x190 [ 987.953388][T18515] vpanic+0x552/0x970 [ 987.953411][T18515] ? __pfx_vpanic+0x10/0x10 [ 987.953438][T18515] ? fbcon_prepare_logo+0x94e/0xc60 [ 987.953477][T18515] panic+0xd1/0xe0 [ 987.953498][T18515] ? __pfx_panic+0x10/0x10 [ 987.953522][T18515] ? fbcon_prepare_logo+0x94e/0xc60 [ 987.953559][T18515] ? preempt_schedule_common+0x42/0xc0 [ 987.953592][T18515] check_panic_on_warn.cold+0x19/0x34 [ 987.953619][T18515] end_report.part.0+0x3a/0x90 [ 987.953653][T18515] kasan_report.cold+0xe/0x18 [ 987.953688][T18515] ? fbcon_prepare_logo+0x94e/0xc60 [ 987.953734][T18515] kasan_check_range+0x10f/0x1e0 [ 987.953764][T18515] __asan_memcpy+0x23/0x60 [ 987.953798][T18515] fbcon_prepare_logo+0x94e/0xc60 [ 987.953842][T18515] fbcon_init+0x10a0/0x1820 [ 987.953884][T18515] visual_init+0x320/0x620 [ 987.953908][T18515] do_bind_con_driver.isra.0+0x636/0x9c0 [ 987.953942][T18515] store_bind+0x609/0x730 [ 987.953973][T18515] ? __pfx_store_bind+0x10/0x10 [ 987.953999][T18515] dev_attr_store+0x58/0x80 [ 987.954039][T18515] ? __pfx_dev_attr_store+0x10/0x10 [ 987.954078][T18515] sysfs_kf_write+0xf2/0x150 [ 987.954109][T18515] kernfs_fop_write_iter+0x3e0/0x5f0 [ 987.954133][T18515] ? __pfx_sysfs_kf_write+0x10/0x10 [ 987.954164][T18515] vfs_write+0x6ac/0x1070 [ 987.954202][T18515] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 987.954236][T18515] ? __pfx_vfs_write+0x10/0x10 [ 987.954284][T18515] ksys_write+0x12a/0x250 [ 987.954305][T18515] ? __pfx_ksys_write+0x10/0x10 [ 987.954326][T18515] ? kcov_ioctl+0x16a/0x720 [ 987.954369][T18515] do_syscall_64+0x106/0xf80 [ 987.954397][T18515] ? clear_bhb_loop+0x40/0x90 [ 987.954425][T18515] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 987.954450][T18515] RIP: 0033:0x7fbe2b99c799 [ 987.954469][T18515] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 987.954493][T18515] RSP: 002b:00007fbe2c77d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 987.954517][T18515] RAX: ffffffffffffffda RBX: 00007fbe2bc16090 RCX: 00007fbe2b99c799 [ 987.954533][T18515] RDX: 0000000000000084 RSI: 0000200000000040 RDI: 0000000000000003 [ 987.954549][T18515] RBP: 00007fbe2ba32c99 R08: 0000000000000000 R09: 0000000000000000 [ 987.954564][T18515] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 987.954579][T18515] R13: 00007fbe2bc16128 R14: 00007fbe2bc16090 R15: 00007fff376b00f8 [ 987.954604][T18515] [ 987.954682][T18515] Kernel Offset: disabled