last executing test programs: 22.674125581s ago: executing program 3 (id=3537): mmap$auto(0x0, 0x2020009, 0x5, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_tracing_mark_fops_trace(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/tracing/trace_marker\x00', 0x341, 0x0) mmap$auto(0x401000000000, 0x40000004020009, 0xc, 0x15, 0xffffffffffffffff, 0x7ffe) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x2000c000}, 0x4004) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x1e, 0x4, 0x0) r0 = socket(0x1e, 0x4, 0x0) get_robust_list$auto(0x0, 0x0, 0x0) setsockopt$auto(r0, 0x10f, 0x87, 0x0, 0x14) getuid() setsockopt$auto(0x3, 0x10f, 0x87, 0x0, 0x14) recvmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0x2, &(0x7f0000000140)={0x0, 0x4da}, 0x6, 0x0, 0x8, 0x7ff}, 0x1000}, 0xffffffff, 0x4, 0x0) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x230) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, 0x0) madvise$auto(0x0, 0x2003f0, 0x15) 18.687165444s ago: executing program 0 (id=3544): unshare$auto(0x40000080) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) socket(0x29, 0x3, 0xb) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000180), 0x8fc0, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) r2 = prctl$auto(0x38, 0x1, 0x4, 0xd73, 0x7) madvise$auto(0x0, 0x2003f2, 0x15) syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) mmap$auto(0x7, 0xfffffffffffffffc, 0x5, 0x8011, 0xffffffffffffffff, 0x8) getsockopt$auto(r2, 0x0, 0x2, 0xffffffffffffffff, 0x0) mmap$auto(0x0, 0x402000b, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) fanotify_init$auto(0x5, 0x2000000000002) socket$nl_generic(0x10, 0x3, 0x10) socket(0x26, 0x80805, 0x0) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) ioctl$auto(0x3, 0xff08, 0x0) socket(0x0, 0xa6ce0cdf69bdf3b2, 0x1) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x62142, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x19) 15.461791253s ago: executing program 0 (id=3547): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0x2, 0x2, 0x0) bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x50) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x700, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) mmap$auto(0x0, 0x40009, 0x36, 0x9b72, 0x7, 0x28000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) mlockall$auto(0x7) mmap$auto(0x0, 0x6, 0x2, 0x40eb2, 0xffffffffffffffff, 0x308000000000) r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv6/conf/dummy0/addr_gen_mode\x00', 0x1, 0x0) pwrite64$auto(r0, 0x0, 0x0, 0x2000000000040007) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) move_pages$auto(0x0, 0x1002, 0x0, 0x0, 0x0, 0x2) tgkill$auto(0x0, 0x0, 0x11) readv$auto(0x3, 0x0, 0x7) keyctl$auto(0x1f, 0x1, 0x6, 0x0, 0x3ff) madvise$auto(0x0, 0x2003f2, 0x15) 14.674418989s ago: executing program 3 (id=3549): syz_genetlink_get_family_id$auto_net_shaper(0x0, 0xffffffffffffffff) mmap$auto(0x0, 0x20006, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x15, 0x5, 0x7) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) madvise$auto(0x110c230000, 0x1, 0x9) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0xc0002, 0x0) getrandom$auto(0x0, 0x3, 0x80000001) statmount$auto(0x0, &(0x7f0000000180)={0x9, 0xfffffffe, 0x44f, 0xa, 0x10, 0x1007181, 0x0, 0x62, 0x7, 0x800, 0x0, 0x26, 0x4, 0x200003fffffe, 0xfffffffffffffff5, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x862, 0xf, 0x22002, 0x200, 0x0, 0x62f, 0x6, 0x0, 0x0, 0x0, 0xb626, [0xfffffffffffffffe, 0xffffffffffff04ef, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9e, 0x0, 0xa7, 0xfffffffffffffffd, 0x0, 0xffffffffffffffff, 0x0, 0xfffffffffffffffd, 0x40, 0x81, 0x8a0, 0xb, 0x81, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x1000, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100002, 0x0, 0x3ff, 0x6, 0x0, 0x0, 0x0, 0x0, 0x4000000000000]}, 0x800000000000b, 0xbc) r0 = openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f0000000180), 0x1541, 0x0) ioctl$auto__ctl_fops_dm_ioctl(r0, 0xfffffff7effffd0c, &(0x7f00000001c0)) remap_file_pages$auto(0x6a27, 0x1000, 0x0, 0xb74, 0x66a) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @loopback}, 0x54) setsockopt$auto(0x3, 0x0, 0x4, 0x0, 0x28) madvise$auto(0x0, 0xffffffffffff0001, 0x15) msync$auto(0x110c230000, 0x200001, 0x6) 11.76156703s ago: executing program 0 (id=3552): mmap$auto(0x0, 0x7fffffffffffffff, 0x6, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) prctl$auto(0x1000000003b, 0x3, 0x0, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) symlink$auto(&(0x7f0000000140)='./file0/../file0\x00', &(0x7f0000000100)='./file0\x00') r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0) memfd_create$auto(&(0x7f0000000040)='A^^\x02\x00\xef\x97\x8aY\x00\x00\xd2\x8c\xb05\x03\\\xb2\xbf247{\xde\t8\f\x00\x00\v\x00\x82\xcc\"K\xe1IIT\x00'/54, 0x5) mmap$auto(0x0, 0x9, 0xff7, 0x8000000008011, 0x4, 0x0) openat$auto_tap_fops_tap(0xffffffffffffff9c, 0x0, 0x100, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x9, 0xff7, 0x8000000008012, 0x1000000004, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) socket(0x18, 0xa, 0x1) fchdir$auto(0xffffffffffffffff) unshare$auto(0x8000000) semget$auto(0x0, 0x2e4a, 0x8000) semtimedop$auto(0x0, &(0x7f0000000000)={0x7, 0x9, 0x36ec}, 0x1f4, 0x0) unshare$auto(0x8000400) 8.803213578s ago: executing program 3 (id=3555): mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) r0 = socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) socket(0xa, 0x2, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) r1 = clone$auto(0x6, 0x8000000000000001, &(0x7f0000000080)=0xcf, &(0x7f00000000c0)=0xffff7fff, 0x1000) prctl$auto(0xa134, 0x22, r1, 0x800, 0x5) socket(0x2, 0x1, 0x106) socket(0x2, 0x3, 0xa) r2 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000400), 0x189002, 0x0) ioctl$auto_PPPIOCSMRU(r2, 0xc004743e, 0x0) ioctl$auto_PPPIOCSPASS(0xffffffffffffffff, 0x40107447, &(0x7f0000000040)={0x6, 0x0}) ioctl$auto_PPPIOCSPASS(r2, 0x40107447, &(0x7f00000000c0)={0x9, &(0x7f0000000000)={0x28, 0xf4, 0xb0, @raw=0xfffff03c}}) setsockopt$auto(0x4, 0x0, 0x3, &(0x7f0000000000)='!/*:(*\'\x00', 0x800000e) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sda\x00', 0x8001, 0x0) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, 0x0, 0xc02, 0x0) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, r0, 0x300000000000) statmount$auto(&(0x7f0000000040)={0xffff, @raw=0xb8, 0x7, 0x4, 0xfffffffffffffff8}, &(0x7f0000000340)={0x3ff, 0x1, 0x7fff, 0x8, 0x6, 0x3, 0x0, 0x5, 0x8, 0x8, 0x3, 0x690, 0x1604000000000, 0x2, 0x100, 0xfff, 0x2, 0x9, 0xfffff1a0, 0x8, 0xc, 0xfff, 0x3, 0x9503, 0x0, 0x9, 0xeb, 0x5c1f, 0x1, 0x9, 0x20000000, [0x9, 0x1ff, 0x8, 0x2, 0x0, 0x2, 0x2, 0x7, 0x6, 0x7f, 0x100, 0x2, 0x9, 0x1, 0x4, 0x3, 0x0, 0x10001, 0x9, 0x5148d73f, 0x7, 0xa5, 0xc, 0x1, 0x8000000000000000, 0x100000000, 0x3, 0x80000001, 0x2, 0x2, 0x0, 0x9, 0xe23f, 0x7fff, 0x3, 0x0, 0x9, 0x4, 0x6, 0x0, 0x7, 0xfff, 0xffffffff], "0d4da07757fc0a8e5de18bd363ce4cd41558fdae0643974f4f329960f2cb8c8e546a2541ef8227735f9d60e3cb50f6712c580dab3d8d1876a632fbe3c7bc8983b2033f3e94ce99928fb6f63d6a5d00427e16356cd2bb5ac7332f15102dfa643a2ac8b0a2354713be651e33e04d87dc8db31dee05bda730841ad8c01c925cfb6c19c83be19a876ab65f124cbd4bf03702b919"}, 0x6, 0x7) select$auto(0x11, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x6, 0x8d, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x1000, 0x63, 0x4000008000001f, 0x7, 0x6d3e, 0x20000009, 0x2, 0x6]}, 0x0) 8.738770495s ago: executing program 0 (id=3557): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0xffffffffffffffff, 0x8000) socket(0x2, 0x3, 0x6) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000180)='/dev/bus/usb/036/001\x00', 0x800, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dri/card1\x00', 0x0, 0x0) openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000400)='/dev/mtd0\x00', 0x28082, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) madvise$auto(0x40, 0x6, 0xfffffff9) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/net/bond0/bonding/miimon\x00', 0x143b42, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) prctl$auto(0x23, 0xc, 0x2008, 0x9, 0x0) io_uring_setup$auto(0x2, 0x0) r0 = socketpair$auto(0x5b, 0x1, 0x420000, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ttyS2\x00', 0x101f81, 0x0) ioctl$auto_RNDZAPENTCNT2(r0, 0x5204, 0x0) ioctl$auto_TIOCSETD2(r1, 0x5423, 0x0) ioctl$auto_TIOCVHANGUP2(0xffffffffffffffff, 0x5437, 0x0) 8.019939327s ago: executing program 2 (id=3558): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0xffffffffffffffff, 0x8000) socket(0x2, 0x3, 0x6) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000180)='/dev/bus/usb/036/001\x00', 0x800, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dri/card1\x00', 0x0, 0x0) openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000400)='/dev/mtd0\x00', 0x28082, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) madvise$auto(0x40, 0x6, 0xfffffff9) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/net/bond0/bonding/miimon\x00', 0x143b42, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) prctl$auto(0x23, 0xc, 0x2008, 0x9, 0x0) io_uring_setup$auto(0x2, 0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ttyS2\x00', 0x101f81, 0x0) ioctl$auto_RNDZAPENTCNT2(0xffffffffffffffff, 0x5204, 0x0) ioctl$auto_TIOCSETD2(r1, 0x5423, 0x0) ioctl$auto_TIOCVHANGUP2(r0, 0x5437, 0x0) 7.364038176s ago: executing program 0 (id=3559): r0 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, r0, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x288202, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) syslog$auto(0x3, &(0x7f0000000080)='..\x00k\xac\x8c\x1d\x0e\x98\x80\xd2\xaf\xa1\xf2\x1e\xe1R1\xa2\x8e\xce\xa0\x17\bI3\'\xc5tw\xd7\x1d\xa6\xf4#+\xfa\xd7\x01\xb9j<\v\xf47\n\xa7\xd2\x8b\x11e1\xb3\xfdd\x04\xa9 1q\x97\xc4,\xa9^\xc1\xb6\x84q\x0f\xd1\x013\x87l\xb9\x1e\x05\x90\xa24X@\xadD\xf8\x9d\xf3 \xd2]\xc4\x13G\x1d\x04!\xc1\xeb.e$\xfb\xa3KU\xcf\xc1\x7fFD\x99\xf5v\v\x9dS\xc11P\xa3\xe9\xb0SqL\x85\xea\xb2\x9cY\x83.I\xca\x92\x1c\xc4\x13CV=\x92\x17c\x87iOt\x14On\x15=\v\xf0 \xc5\x8b~\xd6\xd4\xc7\xa3a\x1c\x06\x17\xb3\x88\x8c\xf1L\xba\x89a\xfd\xa5\xc6\x7fU\x00\xe5\x9b', 0x5) statx$auto(0xffffff9c, 0x0, 0x1000, 0x1, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000200)='/proc/kcore\x00', 0x28000, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) capset$auto(0x0, &(0x7f0000000000)={0x1, 0x4007, 0xb}) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/user/max_time_namespaces\x00', 0x202, 0x0) pread64$auto(r1, 0x0, 0x800003, 0x270) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0x2, 0x5, 0x109) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x230) shmget$auto(0x100000000, 0x3, 0x79e56dc9) fsconfig$auto_FSCONFIG_SET_PATH_EMPTY(r0, 0x4, &(0x7f0000000040)='\x00', &(0x7f0000000240)="311d426c6705229aad0d8eac02929ca02f79503079f6a5e963e571ca221dd0db06767b340d81c2add9c77f19713a391f0ad30e704bb67b9312140bf8f881a42be0ba31fdd39773fede310deb9010aaeb4bd27225d36c6860a8130e74ee9b695f42b1793f380ca88d82230eb5cbc28debc313fa837988779023d6133a170aab3769028488ac6addc3dded8da9798c15765137087971ea7104a38dd745cd3028b2bca5252ae76747218b52e2cc74253655a0aba9ee34c98f1bad4712454cae17b5a0f8188e1dfbb03d8ad7ba9dacbe9bdff9dbb2047a36eb51cb3fb3", 0x0) setsockopt$auto(0x3, 0x0, 0xd0, 0xfffffffffffffffc, 0x4) 7.363895589s ago: executing program 2 (id=3561): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) ioctl$auto(0xffffffffffffffff, 0x5609, 0xffffffffffffffff) mmap$auto(0x0, 0x2020009, 0x10, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x101000, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, 0x0, 0x48402, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x400004, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000200)={{0x0, 0x6, 0x0, 0x800000001, 0x0, 0x7, 0xa505}, 0x4}, 0x2, 0x4048) writev$auto(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x5}, 0xa) write$auto(0xffffffffffffffff, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mseal$auto(0x0, 0x7dda, 0x0) 6.715370317s ago: executing program 2 (id=3563): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nl80211(0x0, r0) 6.417213826s ago: executing program 2 (id=3564): socket(0x11, 0x80003, 0x300) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) pipe2$auto(0x0, 0x80) keyctl$auto(0x200000000000020, 0xffffffffffffffff, 0x5, 0x5, 0x8) keyctl$auto(0x200000000000020, 0xffffffffffffffff, 0x5, 0x5, 0x8) socket(0x18, 0x3, 0x2) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) io_uring_setup$auto(0x6, 0x0) io_uring_enter$auto(0xffffffffffffffff, 0x7, 0x2, 0x10, 0x0, 0xf2a7214) mmap$auto(0x0, 0x40009, 0xe2, 0x9b72, 0x7, 0x28000) sendfile$auto(0x1, 0xffffffffffffffff, 0x0, 0x8fb5) close_range$auto(0x2, 0xa, 0x0) socket(0x18, 0xa, 0x1) socket(0xa, 0x2, 0x0) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "ab06fdffff00fff500"}, 0x55) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/kernel/hung_task_check_interval_secs\x00', 0x88542, 0x0) 4.663322873s ago: executing program 3 (id=3565): mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0xffffffffffffffff, 0x8000) r0 = socket(0x2, 0x2, 0x0) bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x50) r1 = io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0xe, 0x2, 0x6, 0x5, 0x8, 0xffffffffffffffff, [], {0xd74c, 0x6, 0x2, 0x29f, 0x100, 0x7f, 0x101, 0x6, 0x2}, {0xff, 0x1, 0x10001, 0x7, 0x1, 0x40, 0x76c5, 0x400005, 0x100000005}}) ioctl$auto_EXT4_IOC_MOVE_EXT(r1, 0xc028660f, &(0x7f0000000040)={0x0, r0, 0x2, 0x2, 0x1, 0x2}) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x700, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, 0x0, 0x801, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0xe8, 0x9, 0x2, 0xfffffffffffffffd, 0x5, 0x4, 0x15f4da0e, 0x8, 0x9, 0x100000000000000c, 0x8, 0x1, 0xfca, 0x9, 0x2, 0x4000000000000d]}, 0x0) pwrite64$auto(0xc8, &(0x7f0000000140)='\vX\xb5n\x91p\xe6\x1eRNM\x99\x86\xdde\x1cJ\x99\x00\x00\x00\x00,\x00\xfd\xfd\xd3\xd3\x1d\xf8\xbe\x01\x00\x00\x00\'\x03\x00\x00\x9f\x1e\xf9\xa4*\x01\x00\x00\x00^B\xb8\xe4j\t,\xe4\x90\xcc\x9d\xc5\x0fo\x84\xf4\x89\v\xea\x1b\x95\xafQ;CL\"\x01@\x00\x00\x00\x00\f\x00\xc0\x13\xc8\xe2\xae\xf5\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2E\xd8?\'\x8d\x81\x81O*&\xab\xaf\x94\x90\xd7\xa6+,\xc3\xc2g\x01JZ\xbb*\xb5\xa1;0\x81\x11\x9a?g`sFh\x00\x00,8\x93\xba\x88\x93\x9d\xb6\x1a\x7f\xc0%\xb0\x83ROJ+\x02\x9b#)\x9b\x17\x82\xd7\xee\xd1\xbf2[\xd6eWj\xdc\xac\x88\xf0\xa0\x99\xb0R\xb4J}\xa8\xa1\x84]F\xe0\x83/\xc0\xd8\x05f_\xfa\x19\a\x00\xf1\x12lwU&[\xde?\xde8\xf7\xc1\xa6\xf2\xc1\"\xact\xee\xc9\x00\x00\xff\xff\x00'/242, 0xfdf0, 0x39) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) getsockopt$auto_SO_RCVMARK(r2, 0x0, 0x4b, 0x0, 0x0) r3 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000140)='/proc/kcore\x00', 0x10b402, 0x0) pread64$auto(r3, 0x0, 0x800007, 0x9) r4 = openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x101001, 0x0) ioctl$auto_UI_DEV_SETUP(r4, 0x405c5503, &(0x7f00000000c0)={{0x9, 0xf2cf, 0x8, 0x80}, "6a034a07c7b82d90b69a39e32576f893fb4a3836d61c9100fefbbabea6ef9368c7996e841f3f1561d4992f726b0a6c36b0b2fd1678e816201cf562367fe6596824588a2e3d84ba165f00", 0xa}) ioctl$auto_UI_DEV_CREATE(r4, 0x5501, 0x0) writev$auto(r4, &(0x7f0000000340)={0x0, 0x500000}, 0x9) clock_settime$auto(0x14, 0x0) 2.841057553s ago: executing program 2 (id=3567): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sg1\x00', 0x180443, 0x0) openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dri/card0\x00', 0x121d02, 0x0) socket(0x10, 0x2, 0x14) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x622340, 0x0) openat$auto_fuse_conn_congestion_threshold_ops_control(0xffffffffffffff9c, &(0x7f00000000c0), 0x20040, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) io_uring_setup$auto(0x9, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) eventfd$auto(0x3) pipe$auto(0x0) socketpair$auto(0x1e, 0x1, 0x4, 0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/pts/ptmx\x00', 0x0, 0x0) ioctl$auto_TIOCSETD2(r0, 0x5423, 0x0) ioctl$auto_TCFLSH2(r0, 0x40384708, 0x0) 2.839279121s ago: executing program 1 (id=3576): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000002080)='/dev/ptyw6\x00', 0x40, 0x0) socket(0xa, 0x1, 0x84) openat$auto_proc_mountinfo_operations_mnt_namespace(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/mountinfo\x00', 0x28c40, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x40800, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptyr0\x00', 0x60540, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) pipe2$auto(0x0, 0x0) io_uring_setup$auto(0x7, 0x0) socketpair$auto(0x1, 0x5, 0x100000, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptye7\x00', 0x200080, 0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptyde\x00', 0xa0102, 0x0) ioctl$auto_TIOCSETD2(r0, 0x5423, 0x0) write$auto(0x3, 0x0, 0xfdef) 2.545238159s ago: executing program 1 (id=3568): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0xffffffffffffffff, 0x8000) socket(0x2, 0x3, 0x6) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000180)='/dev/bus/usb/036/001\x00', 0x800, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dri/card1\x00', 0x0, 0x0) openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000400)='/dev/mtd0\x00', 0x28082, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) madvise$auto(0x40, 0x6, 0xfffffff9) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/net/bond0/bonding/miimon\x00', 0x143b42, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) prctl$auto(0x23, 0xc, 0x2008, 0x9, 0x0) io_uring_setup$auto(0x2, 0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ttyS2\x00', 0x101f81, 0x0) ioctl$auto_RNDZAPENTCNT2(0xffffffffffffffff, 0x5204, 0x0) ioctl$auto_TIOCSETD2(r1, 0x5423, 0x0) ioctl$auto_TIOCVHANGUP2(r0, 0x5437, 0x0) 2.206266651s ago: executing program 1 (id=3569): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0xffffffffffffffff, 0x8000) socket(0x2, 0x3, 0x6) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000180)='/dev/bus/usb/036/001\x00', 0x800, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dri/card1\x00', 0x0, 0x0) openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000400)='/dev/mtd0\x00', 0x28082, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) madvise$auto(0x40, 0x6, 0xfffffff9) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/net/bond0/bonding/miimon\x00', 0x143b42, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) prctl$auto(0x23, 0xc, 0x2008, 0x9, 0x0) io_uring_setup$auto(0x2, 0x0) r0 = socketpair$auto(0x5b, 0x1, 0x420000, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ttyS2\x00', 0x101f81, 0x0) ioctl$auto_RNDZAPENTCNT2(r0, 0x5204, 0x0) ioctl$auto_TIOCSETD2(r1, 0x5423, 0x0) ioctl$auto_TIOCVHANGUP2(0xffffffffffffffff, 0x5437, 0x0) 1.9142192s ago: executing program 2 (id=3570): mmap$auto(0x0, 0x2000c, 0xdf, 0xe31, 0x40000000000a5, 0x8000) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_severities_coverage_fops_severity(0xffffffffffffff9c, 0x0, 0x0, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x17) prctl$auto(0x1000000003b, 0x1, 0x4, 0x1, 0x7) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) ioctl$auto_KVM_GET_MSRS(r0, 0xc008ae88, &(0x7f0000000040)={0x2, 0x0, [{0x8b, 0x400, 0x9}]}) madvise$auto(0x0, 0xffffffffffff0005, 0x19) munlock$auto(0xf, 0x6) socket(0x10, 0x2, 0x0) r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/icmp6\x00', 0x0, 0x0) pread64$auto(r1, 0x0, 0xd, 0x80000000000b) futex_requeue$auto(&(0x7f0000000040)={0xf, 0x6, 0x2}, 0xfffffffd, 0xf, 0x9) fcntl$auto_F_CREATED_QUERY(r0, 0x404, 0x566) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="1b000000", @ANYBLOB="1a00"], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) r2 = openat$auto_vcs_fops_vc_screen(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcsa\x00', 0x2a801, 0x0) poll$auto(&(0x7f0000000240)={r2, 0x20, 0x2}, 0x5, 0x104) write$auto(0x3, 0x0, 0xfffffdef) 1.8956571s ago: executing program 1 (id=3571): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0xd, 0x2, 0x6, 0x2, 0x8, 0xffffffffffffffff, [], {0x6, 0x6, 0xf, 0x29f, 0x100, 0x4000083, 0x101, 0x6, 0x2}, {0x100, 0x1, 0x52, 0x5, 0x1, 0x40, 0x76c5, 0x8, 0x100000002}}) io_uring_register$auto(0x2, 0x11, &(0x7f0000000180), 0x83) socket(0x2, 0x801, 0x100) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) ioctl$auto(0x3, 0x894b, 0x38) r0 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000280)='/dev/snd/controlC2\x00', 0x80, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_INFO(r0, 0xc1105511, &(0x7f0000000080)={{@raw=0x2, 0x7ff, 0xa, 0x7, "26d718b7d3ee69350e4ede7079dcb0c24c8aa1e3c7ee2e00308b8a7d74b0a707f7045e6d035b196ca83379bb", @raw=0x4}, 0xfffffffc, 0x0, 0x2, @raw=0x31c7bc81, @enumerated={0x0, 0x6, "ad75b255b5cdd64a6b7a755de55f0d00002200000000f15a5ca5dc29f056113e9b60cd7bd82081ec9009006c1ae716e8d0930da366e011ae30c0a636577776a6", 0x3, 0xcac}, "18a801006a0900000000000000c4bd5359eeadc8357752b72fa176254d8797cdffd02555ac83a07983eeddcd24b626f54ad9d763dcdc9120af8b7c848ceb55a7"}) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ethtool(&(0x7f00000009c0), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_PAUSE_GET(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB='(\x00', @ANYRES16=r0, @ANYBLOB="c1e6bb756c0b1726bd7000fddbdf251500008008000300"], 0x28}, 0x1, 0x0, 0x0, 0x40840}, 0x4000844) socket(0x1, 0x3, 0xc) openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f0000000300), 0x343441, 0x0) close_range$auto(0x2, 0xffffffffffffffff, 0x0) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r2) r3 = openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, 0x0, 0x343441, 0x0) getsockopt$auto_SO_KEEPALIVE(r3, 0x5, 0x9, 0x0, 0x0) 1.874085189s ago: executing program 3 (id=3572): r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000002940)='/dev/fb0\x00', 0x841, 0x0) openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, &(0x7f0000000000), 0x40000, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS0\x00', 0x942, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000700), r3) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) sendmsg$auto_ETHTOOL_MSG_DEBUG_SET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}, 0x1, 0x0, 0x0, 0x2000000}, 0x4) recvmmsg$auto(0xffffffffffffffff, &(0x7f0000000140)={{0x0, 0xfffffffe, 0x0, 0x5, 0x0, 0x200002, 0x8}, 0x801}, 0xfffffff9, 0x10, 0x0) r5 = socket(0xa, 0x1, 0x84) setsockopt$auto(r5, 0x0, 0x40, 0x0, 0x6f7250c4) openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x20000, 0x0) sendmsg$auto_NL80211_CMD_SET_CHANNEL(r3, &(0x7f00000008c0)={0x0, 0x0, &(0x7f0000000880)={&(0x7f0000000780)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="010027bd7000fddbdf255c7c000008000300", @ANYRES32], 0x1c}, 0x1, 0x0, 0x0, 0x4080}, 0x20000000) sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x60, r4, 0x800, 0x70bd2d, 0x25dfdbfe, {}, [@NL80211_ATTR_EPCS={0x4}, @NL80211_ATTR_PEER_AID={0x6, 0xb5, 0x1}, @NL80211_ATTR_VLAN_ID={0x6, 0x11a, 0x3}, @NL80211_ATTR_PREV_BSSID={0x7, 0x4f, "4a2b13"}, @NL80211_ATTR_PMKR0_NAME={0x2f, 0x102, "fa8187b15d038e27ebbdee9403b42d163f0cf5825404a83da74b14a4b6c40b8ccb4e75f09e092da80167e3"}]}, 0x60}, 0x1, 0x0, 0x0, 0x50040010}, 0x801) r6 = syz_genetlink_get_family_id$auto_ioam6(&(0x7f00000001c0), r2) sendmsg$auto_IOAM6_CMD_DEL_NAMESPACE(r1, &(0x7f0000000280)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x34, r6, 0x1, 0x70bd2b, 0x25dfdbfc, {}, [@IOAM6_ATTR_NS_ID={0x6, 0x1, 0x2}, @IOAM6_ATTR_NS_ID={0x6, 0x1, 0xfff}, @IOAM6_ATTR_NS_ID={0x6}, @IOAM6_ATTR_NS_ID={0x6, 0x1, 0xc0}]}, 0x34}, 0x1, 0x0, 0x0, 0x4c68aba9bfb7025e}, 0x8001) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x8000000000001fd, 0x20000000007, 0x4, 0x800000bc3, 0x800, 0x3, 0x3, 0x10001, 0x400000000003, 0x3, 0xfffffffffffffffc, 0xfffffffffffffffe, 0x6, 0x9, 0xffffdfffffffff81, 0x4]}, 0x0) close_range$auto(0x2, 0x8, 0x0) 707.482888ms ago: executing program 0 (id=3574): mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) r0 = socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) socket(0xa, 0x2, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) r1 = clone$auto(0x6, 0x8000000000000001, &(0x7f0000000080)=0xcf, &(0x7f00000000c0)=0xffff7fff, 0x1000) prctl$auto(0xa134, 0x22, r1, 0x800, 0x5) socket(0x2, 0x1, 0x106) socket(0x2, 0x3, 0xa) r2 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000400), 0x189002, 0x0) ioctl$auto_PPPIOCSMRU(r2, 0xc004743e, 0x0) ioctl$auto_PPPIOCSPASS(0xffffffffffffffff, 0x40107447, &(0x7f0000000040)={0x6, 0x0}) ioctl$auto_PPPIOCSPASS(r2, 0x40107447, &(0x7f00000000c0)={0x9, &(0x7f0000000000)={0x28, 0xf4, 0xb0, @raw=0xfffff03c}}) setsockopt$auto(0x4, 0x0, 0x3, &(0x7f0000000000)='!/*:(*\'\x00', 0x800000e) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sda\x00', 0x8001, 0x0) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, 0x0, 0xc02, 0x0) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, r0, 0x300000000000) statmount$auto(&(0x7f0000000040)={0xffff, @raw=0xb8, 0x7, 0x4, 0xfffffffffffffff8}, &(0x7f0000000340)={0x3ff, 0x1, 0x7fff, 0x8, 0x6, 0x3, 0x0, 0x5, 0x8, 0x8, 0x3, 0x690, 0x1604000000000, 0x2, 0x100, 0xfff, 0x2, 0x9, 0xfffff1a0, 0x8, 0xc, 0xfff, 0x3, 0x9503, 0x0, 0x9, 0xeb, 0x5c1f, 0x1, 0x9, 0x20000000, [0x9, 0x1ff, 0x8, 0x2, 0x0, 0x2, 0x2, 0x7, 0x6, 0x7f, 0x100, 0x2, 0x9, 0x1, 0x4, 0x3, 0x0, 0x10001, 0x9, 0x5148d73f, 0x7, 0xa5, 0xc, 0x1, 0x8000000000000000, 0x100000000, 0x3, 0x80000001, 0x2, 0x2, 0x0, 0x9, 0xe23f, 0x7fff, 0x3, 0x0, 0x9, 0x4, 0x6, 0x0, 0x7, 0xfff, 0xffffffff], "0d4da07757fc0a8e5de18bd363ce4cd41558fdae0643974f4f329960f2cb8c8e546a2541ef8227735f9d60e3cb50f6712c580dab3d8d1876a632fbe3c7bc8983b2033f3e94ce99928fb6f63d6a5d00427e16356cd2bb5ac7332f15102dfa643a2ac8b0a2354713be651e33e04d87dc8db31dee05bda730841ad8c01c925cfb6c19c83be19a876ab65f124cbd4bf03702b919"}, 0x6, 0x7) select$auto(0x11, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x6, 0x8d, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x1000, 0x63, 0x4000008000001f, 0x7, 0x6d3e, 0x20000009, 0x2, 0x6]}, 0x0) 707.294062ms ago: executing program 1 (id=3575): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ram5\x00', 0x1eba02, 0x0) msgctl$auto_MSG_STAT(0x2, 0xb, &(0x7f00000002c0)={{0x4, 0x0, 0x0, 0x9, 0x5, 0xffffff68, 0x4}, &(0x7f00000001c0)=0x9, &(0x7f0000000200)=0x8, 0x10, 0x7, 0x3, 0x46, 0x7, 0x6, 0x9f5, 0x22f3, @raw=0xffff7fff, @raw=0x64}) setresuid$auto(0x0, 0x0, r1) ioctl$auto_BLKALIGNOFF(r0, 0x127a, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r3 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/mtd/mtd0/bitflip_threshold\x00', 0x2062, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$auto_ipvs(&(0x7f0000002680), 0xffffffffffffffff) r6 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/module/block2mtd/parameters/block2mtd\x00', 0x601, 0x0) write$auto(r6, &(0x7f0000000240)=',-\t', 0x2000008008) sendmsg$auto_IPVS_CMD_DEL_DAEMON(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)=ANY=[@ANYBLOB="2400000089457164603a04cbf2e895750702f281aa68e0707917cabce86cb48648a882e0a6fbfced701bb755adefd1639cd04a02e09a56a447303b5c8390d121ac9de8c629391db19d2442ad73ff9ce826ab4cf30101ba2dbeb7ae3c469eb143c3f1cce869c5cf3b9ee470b20f2f1a43d40fd11afdd30ae41ffa9849f129da35cd5b84790d863a7a80764eb96cb3e0ce45c99c642cca27551dc3123c739122cfcca3fbb1912bbe77e91ed2c0f225fbfdbdb06d53ce6a991c", @ANYRES16=r5, @ANYBLOB="01002dbd7000fedbdf250a000000100003800c0001000100000000000000"], 0x24}, 0x1, 0x0, 0x0, 0x40014}, 0x0) getpgid$auto(0x0) r7 = socket(0x2, 0x801, 0x106) setsockopt$auto(r7, 0x6, 0x12, 0x0, 0xa1) sendmsg$auto_IPVS_CMD_SET_SERVICE(r3, &(0x7f0000000ac0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x20}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x28014044}, 0x0) r8 = openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000080), 0x8203, 0x0) ioctl$auto(r8, 0x80046f45, 0x38) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) 526.645155ms ago: executing program 3 (id=3577): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000340)='/sys/devices/platform/dummy_hcd.2/usb3/authorized\x00', 0x601, 0x0) setxattrat$auto(0xffffffffffffffff, 0x0, 0x100, 0x0, 0x0, 0x5d8) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/module/zswap/parameters/compressor\x00', 0xc0002, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) getrlimit$auto(0xfff7fffa, 0x0) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/ram1\x00', 0x6281, 0x0) ioctl$auto_BLKZEROOUT(r1, 0x127f, 0x0) r2 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) ioctl$auto_SNDCTL_DSP_SPEED(r2, 0xc0045002, 0x0) ioctl$auto_BLKFLSBUF(r1, 0x1261, 0x0) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x40009, 0xe2, 0x9b72, 0x7, 0x28000) openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, &(0x7f00000011c0), 0xa2741, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/vtconsole/vtcon1/bind\x00', 0x182b02, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) r3 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda1\x00', 0xe6e43, 0x0) ioctl$auto_BLKFLSBUF(r3, 0x1261, 0x0) lseek$auto(0x3, 0xffffffffff800002, 0x10) ioctl$auto_BLKFLSBUF(r3, 0x1261, 0x0) write$auto(r0, &(0x7f0000000000)='1\x81=\"\xad\xff\x8d\xf9P\x18\xa4\xb0\xb4\xd9\x82=\xe1P\x05\x00\xfb&\xe8\xbf\x901\a2\xa2X`\a\xf1y\xb3\"=', 0xd4d0) 0s ago: executing program 1 (id=3578): mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0xffffffffffffffff, 0x8000) socket(0x2, 0x2, 0x0) bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x50) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x700, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, 0x0, 0x801, 0x0) r0 = socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0xe, 0x9, 0x2, 0xfffffffffffffffd, 0x5, 0x4, 0x15f4da0e, 0x8, 0x9, 0x100000000000000c, 0x8, 0x1, 0xfca, 0x9, 0x2, 0x4000000000000d]}, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) write$auto_cachefiles_daemon_fops_internal(0xffffffffffffffff, 0x0, 0x0) unshare$auto(0x40000080) ioctl$auto_NS_GET_TGID_IN_PIDNS(0xffffffffffffffff, 0x8004b709, &(0x7f0000000040)=0x5) unshare$auto(0x40000080) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_nlbl_cipsov4(&(0x7f00000000c0), r0) sendmsg$auto_NLBL_CIPSOV4_C_ADD(r2, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x1c, r3, 0x400, 0x70bd28, 0x25dfdbff, {}, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x7f}]}, 0x1c}, 0x1, 0x0, 0x0, 0x1602c000}, 0x4000) openat$auto_ns_file_operations_nsfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/ns/cgroup\x00', 0x200000, 0x0) write$auto(r1, 0x0, 0x100000a3d9) close_range$auto(0x2, 0x8, 0x0) kernel console output (not intermixed with test programs): an_kmalloc+0xaa/0xb0 [ 446.705404][T12724] ? __kmalloc_noprof+0x320/0x850 [ 446.705428][T12724] ima_alloc_init_template+0x399/0x6d0 [ 446.705448][T12724] ima_store_measurement+0x1e3/0x5b0 [ 446.705465][T12724] ? __pfx_ima_store_measurement+0x10/0x10 [ 446.705488][T12724] ? __pfx_ima_get_hash_algo+0x10/0x10 [ 446.705517][T12724] process_measurement+0x19cc/0x2350 [ 446.705546][T12724] ? __pfx_process_measurement+0x10/0x10 [ 446.705573][T12724] ? find_held_lock+0x2b/0x80 [ 446.705587][T12724] ? rcu_read_unlock+0x17/0x60 [ 446.705602][T12724] ? rcu_read_unlock+0x17/0x60 [ 446.705617][T12724] ? obj_cgroup_charge_account+0x2c4/0x640 [ 446.705649][T12724] ? seq_open+0x116/0x170 [ 446.705668][T12724] ? inode_to_bdi+0x9e/0x160 [ 446.705684][T12724] ima_file_check+0xcc/0x120 [ 446.705706][T12724] ? __pfx_ima_file_check+0x10/0x10 [ 446.705733][T12724] security_file_post_open+0xc4/0x210 [ 446.705763][T12724] path_openat+0x1418/0x31a0 [ 446.705785][T12724] ? __pfx_path_openat+0x10/0x10 [ 446.705807][T12724] do_file_open+0x20e/0x430 [ 446.705823][T12724] ? __pfx_do_file_open+0x10/0x10 [ 446.705852][T12724] ? alloc_fd+0x476/0x790 [ 446.705869][T12724] ? do_getname+0x191/0x390 [ 446.705889][T12724] do_sys_openat2+0x10d/0x1e0 [ 446.705907][T12724] ? __pfx_do_sys_openat2+0x10/0x10 [ 446.705933][T12724] __x64_sys_openat+0x12d/0x210 [ 446.705952][T12724] ? __pfx___x64_sys_openat+0x10/0x10 [ 446.705978][T12724] do_syscall_64+0x106/0xf80 [ 446.705997][T12724] ? clear_bhb_loop+0x40/0x90 [ 446.706014][T12724] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 446.706030][T12724] RIP: 0033:0x7f627739c799 [ 446.706044][T12724] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 446.706059][T12724] RSP: 002b:00007f62781b5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 446.706074][T12724] RAX: ffffffffffffffda RBX: 00007f6277616090 RCX: 00007f627739c799 [ 446.706084][T12724] RDX: 0000000000008000 RSI: 0000200000000100 RDI: ffffffffffffff9c [ 446.706094][T12724] RBP: 00007f6277432c99 R08: 0000000000000000 R09: 0000000000000000 [ 446.706103][T12724] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 446.706111][T12724] R13: 00007f6277616128 R14: 00007f6277616090 R15: 00007ffd6d74e2d8 [ 446.706131][T12724] [ 446.706294][ T29] audit: type=1804 audit(668983.140:6): pid=12724 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=add_template_measure cause=ENOMEM comm="syz.0.2260" name="/newroot/sys/kernel/tracing/set_event" dev="tracefs" ino=1049 res=0 errno=0 [ 447.074923][T12727] netlink: 25 bytes leftover after parsing attributes in process `syz.2.2262'. [ 448.598476][T12739] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2264'. [ 448.811034][ T5833] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 448.811059][ T5833] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 448.826372][ T5833] Bluetooth: hci2: Unknown advertising packet type: 0x7f [ 448.826441][ T5833] Bluetooth: hci2: adv larger than maximum supported [ 448.836298][ T5833] Bluetooth: hci2: adv larger than maximum supported [ 448.843091][ T5833] Bluetooth: hci2: Malformed LE Event: 0x0d [ 448.919826][T12737] HfR: entered promiscuous mode [ 448.964486][T12739] i: entered promiscuous mode [ 449.857963][ T5145] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 450.678446][T12755] FAULT_INJECTION: forcing a failure. [ 450.678446][T12755] name failslab, interval 1, probability 0, space 0, times 0 [ 450.774781][T12760] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2270'. [ 450.882509][T12755] CPU: 0 UID: 0 PID: 12755 Comm: syz.2.2270 Tainted: G L syzkaller #0 PREEMPT(full) [ 450.882537][T12755] Tainted: [L]=SOFTLOCKUP [ 450.882542][T12755] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 450.882552][T12755] Call Trace: [ 450.882557][T12755] [ 450.882563][T12755] dump_stack_lvl+0x100/0x190 [ 450.882591][T12755] should_fail_ex.cold+0x5/0xa [ 450.882609][T12755] ? usb_hcd_submit_urb+0x601/0x2150 [ 450.882625][T12755] should_failslab+0xc2/0x120 [ 450.882640][T12755] __kmalloc_noprof+0xe0/0x850 [ 450.882662][T12755] ? mark_held_locks+0x40/0x70 [ 450.882684][T12755] usb_hcd_submit_urb+0x601/0x2150 [ 450.882706][T12755] usb_submit_urb+0x8aa/0x1910 [ 450.882726][T12755] ? __init_swait_queue_head+0xca/0x150 [ 450.882750][T12755] usb_start_wait_urb+0x10e/0x580 [ 450.882769][T12755] ? __pfx_usb_start_wait_urb+0x10/0x10 [ 450.882793][T12755] ? __asan_memset+0x23/0x50 [ 450.882817][T12755] usb_control_msg+0x328/0x4b0 [ 450.882835][T12755] ? __pfx_usb_control_msg+0x10/0x10 [ 450.882853][T12755] ? kernfs_find_and_get_ns+0x5f/0x70 [ 450.882879][T12755] usb_hub_set_port_power+0x125/0x180 [ 450.882904][T12755] disable_store+0x2eb/0x450 [ 450.882926][T12755] ? __pfx_disable_store+0x10/0x10 [ 450.882946][T12755] ? find_held_lock+0x2b/0x80 [ 450.882960][T12755] ? sysfs_file_kobj+0xe4/0x290 [ 450.882987][T12755] ? sysfs_file_kobj+0xe4/0x290 [ 450.883006][T12755] ? __pfx_disable_store+0x10/0x10 [ 450.883026][T12755] dev_attr_store+0x58/0x80 [ 450.883043][T12755] ? __pfx_dev_attr_store+0x10/0x10 [ 450.883059][T12755] sysfs_kf_write+0xf2/0x150 [ 450.883078][T12755] kernfs_fop_write_iter+0x3e0/0x5f0 [ 450.883093][T12755] ? __pfx_sysfs_kf_write+0x10/0x10 [ 450.883113][T12755] vfs_write+0x6ac/0x1070 [ 450.883127][T12755] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 450.883145][T12755] ? __pfx_vfs_write+0x10/0x10 [ 450.883184][T12755] ksys_write+0x12a/0x250 [ 450.883198][T12755] ? __pfx_ksys_write+0x10/0x10 [ 450.883217][T12755] do_syscall_64+0x106/0xf80 [ 450.883238][T12755] ? clear_bhb_loop+0x40/0x90 [ 450.883256][T12755] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 450.883272][T12755] RIP: 0033:0x7f7cb059c799 [ 450.883286][T12755] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 450.883300][T12755] RSP: 002b:00007f7cb1418028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 450.883315][T12755] RAX: ffffffffffffffda RBX: 00007f7cb0815fa0 RCX: 00007f7cb059c799 [ 450.883325][T12755] RDX: 00000000000005c8 RSI: 0000000000000000 RDI: 0000000000000003 [ 450.883334][T12755] RBP: 00007f7cb0632c99 R08: 0000000000000000 R09: 0000000000000000 [ 450.883343][T12755] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 450.883353][T12755] R13: 00007f7cb0816038 R14: 00007f7cb0815fa0 R15: 00007ffc9f36de88 [ 450.883374][T12755] [ 451.185655][T12762] netlink: 17 bytes leftover after parsing attributes in process `syz.2.2270'. [ 452.172771][T12780] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2277'. [ 452.269012][T12780] netlink: 'syz.3.2277': attribute type 1 has an invalid length. [ 452.336407][T12780] netlink: 13 bytes leftover after parsing attributes in process `syz.3.2277'. [ 452.783061][T12789] netlink: 504 bytes leftover after parsing attributes in process `syz.3.2281'. [ 452.886315][T12789] netlink: 350 bytes leftover after parsing attributes in process `syz.3.2281'. [ 454.882528][T12823] netlink: 350 bytes leftover after parsing attributes in process `syz.2.2288'. [ 455.270371][ T131] netdevsim netdevsim1335 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 456.301378][T12840] netlink: 'syz.0.2293': attribute type 1 has an invalid length. [ 456.473008][T12840] netlink: 306 bytes leftover after parsing attributes in process `syz.0.2293'. [ 460.035166][T12872] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2302'. [ 460.056243][T12873] netlink: 326 bytes leftover after parsing attributes in process `syz.1.2300'. [ 460.597894][T12876] netlink: 330 bytes leftover after parsing attributes in process `syz.2.2304'. [ 461.825399][T12892] FAULT_INJECTION: forcing a failure. [ 461.825399][T12892] name failslab, interval 1, probability 0, space 0, times 0 [ 461.960574][T12892] CPU: 0 UID: 0 PID: 12892 Comm: syz.3.2309 Tainted: G L syzkaller #0 PREEMPT(full) [ 461.960601][T12892] Tainted: [L]=SOFTLOCKUP [ 461.960607][T12892] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 461.960616][T12892] Call Trace: [ 461.960622][T12892] [ 461.960628][T12892] dump_stack_lvl+0x100/0x190 [ 461.960656][T12892] should_fail_ex.cold+0x5/0xa [ 461.960674][T12892] should_failslab+0xc2/0x120 [ 461.960690][T12892] __kmalloc_cache_noprof+0x7a/0x6f0 [ 461.960709][T12892] ? x509_cert_parse+0xfc/0x910 [ 461.960816][T12892] x509_cert_parse+0xfc/0x910 [ 461.960833][T12892] ? kasan_save_stack+0x3f/0x50 [ 461.960856][T12892] ? kasan_save_stack+0x30/0x50 [ 461.960877][T12892] ? kasan_save_track+0x14/0x30 [ 461.960899][T12892] pkcs7_extract_cert+0xa4/0x380 [ 461.960922][T12892] asn1_ber_decoder+0x12b3/0x2170 [ 461.960951][T12892] ? __pfx_asn1_ber_decoder+0x10/0x10 [ 461.960984][T12892] pkcs7_parse_message+0x289/0x870 [ 461.961007][T12892] verify_pkcs7_signature+0x30/0xa0 [ 461.961044][T12892] valid_regdb+0x211/0x590 [ 461.961068][T12892] ? __pfx___nla_validate_parse+0x10/0x10 [ 461.961128][T12892] ? __pfx_valid_regdb+0x10/0x10 [ 461.961148][T12892] ? rcu_is_watching+0x12/0xc0 [ 461.961180][T12892] reg_reload_regdb+0x11a/0x460 [ 461.961195][T12892] ? __pfx_reg_reload_regdb+0x10/0x10 [ 461.961209][T12892] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 461.961256][T12892] ? nl80211_pre_doit+0x19a/0xae0 [ 461.961276][T12892] genl_family_rcv_msg_doit+0x214/0x300 [ 461.961297][T12892] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 461.961312][T12892] ? genl_get_cmd+0x3ef/0x720 [ 461.961330][T12892] ? bpf_lsm_capable+0x9/0x10 [ 461.961346][T12892] ? security_capable+0x80/0x260 [ 461.961371][T12892] genl_rcv_msg+0x560/0x800 [ 461.961388][T12892] ? __pfx_genl_rcv_msg+0x10/0x10 [ 461.961403][T12892] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 461.961419][T12892] ? __pfx_nl80211_reload_regdb+0x10/0x10 [ 461.961460][T12892] ? __pfx_nl80211_post_doit+0x10/0x10 [ 461.961507][T12892] netlink_rcv_skb+0x159/0x420 [ 461.961529][T12892] ? __pfx_genl_rcv_msg+0x10/0x10 [ 461.961546][T12892] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 461.961576][T12892] ? netlink_deliver_tap+0x1ae/0xcc0 [ 461.961603][T12892] genl_rcv+0x28/0x40 [ 461.961616][T12892] netlink_unicast+0x5aa/0x870 [ 461.961640][T12892] ? __pfx_netlink_unicast+0x10/0x10 [ 461.961661][T12892] ? __pfx_netlink_broadcast_filtered+0x10/0x10 [ 461.961688][T12892] netlink_sendmsg+0x8b0/0xda0 [ 461.961713][T12892] ? __pfx_netlink_sendmsg+0x10/0x10 [ 461.961733][T12892] ? __import_iovec+0x1d2/0x640 [ 461.961752][T12892] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 461.961777][T12892] ____sys_sendmsg+0x9e1/0xb70 [ 461.961792][T12892] ? __pfx_netlink_sendmsg+0x10/0x10 [ 461.961815][T12892] ? __pfx_____sys_sendmsg+0x10/0x10 [ 461.961834][T12892] ? __pfx_futex_wake_mark+0x10/0x10 [ 461.961859][T12892] ___sys_sendmsg+0x190/0x1e0 [ 461.961876][T12892] ? __pfx____sys_sendmsg+0x10/0x10 [ 461.961915][T12892] __sys_sendmsg+0x170/0x220 [ 461.961936][T12892] ? __pfx___sys_sendmsg+0x10/0x10 [ 461.961955][T12892] ? __x64_sys_futex+0x34f/0x4d0 [ 461.961984][T12892] do_syscall_64+0x106/0xf80 [ 461.962004][T12892] ? clear_bhb_loop+0x40/0x90 [ 461.962022][T12892] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 461.962038][T12892] RIP: 0033:0x7fd050d9c799 [ 461.962051][T12892] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 461.962066][T12892] RSP: 002b:00007fd051be7028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 461.962081][T12892] RAX: ffffffffffffffda RBX: 00007fd051015fa0 RCX: 00007fd050d9c799 [ 461.962099][T12892] RDX: 0000000000008000 RSI: 0000200000000200 RDI: 0000000000000005 [ 461.962109][T12892] RBP: 00007fd050e32c99 R08: 0000000000000000 R09: 0000000000000000 [ 461.962118][T12892] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 461.962126][T12892] R13: 00007fd051016038 R14: 00007fd051015fa0 R15: 00007ffeb761a928 [ 461.962147][T12892] [ 462.748326][T12897] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2310'. [ 462.768672][T12897] netlink: 'syz.2.2310': attribute type 1 has an invalid length. [ 462.783682][T12897] netlink: 13 bytes leftover after parsing attributes in process `syz.2.2310'. [ 463.502292][ T5145] Bluetooth: hci1: ACL packet for unknown connection handle 0 [ 463.794456][T12913] netlink: 354 bytes leftover after parsing attributes in process `syz.1.2315'. [ 464.125745][T12917] netlink: 'syz.0.2316': attribute type 1 has an invalid length. [ 464.213808][T12917] netlink: 9 bytes leftover after parsing attributes in process `syz.0.2316'. [ 464.444718][T12925] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(1) [ 465.088999][T12932] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2320'. [ 465.226408][T12934] netlink: 25 bytes leftover after parsing attributes in process `syz.0.2320'. [ 468.215728][T12964] netlink: 'syz.2.2328': attribute type 4 has an invalid length. [ 468.223534][T12964] netlink: 'syz.2.2328': attribute type 5 has an invalid length. [ 468.353894][T12964] netlink: 10 bytes leftover after parsing attributes in process `syz.2.2328'. [ 470.125457][T12989] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(12) [ 471.099675][T13000] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2339'. [ 473.411484][T13025] futex_wake_op: syz.3.2345 tries to shift op by -2048; fix this program [ 475.855645][T13058] blktrace: Concurrent blktraces are not allowed on loop2 [ 477.757737][T13070] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2355'. [ 477.835233][T13070] netlink: 354 bytes leftover after parsing attributes in process `syz.1.2355'. [ 479.024281][T13079] FAULT_INJECTION: forcing a failure. [ 479.024281][T13079] name failslab, interval 1, probability 0, space 0, times 0 [ 479.160373][T13079] CPU: 0 UID: 0 PID: 13079 Comm: syz.2.2357 Tainted: G L syzkaller #0 PREEMPT(full) [ 479.160400][T13079] Tainted: [L]=SOFTLOCKUP [ 479.160406][T13079] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 479.160415][T13079] Call Trace: [ 479.160422][T13079] [ 479.160428][T13079] dump_stack_lvl+0x100/0x190 [ 479.160457][T13079] should_fail_ex.cold+0x5/0xa [ 479.160476][T13079] should_failslab+0xc2/0x120 [ 479.160493][T13079] __kmalloc_node_track_caller_noprof+0xe3/0x850 [ 479.160516][T13079] ? parse_pred+0x2d4/0x3070 [ 479.160542][T13079] kmemdup_nul+0x49/0xd0 [ 479.160565][T13079] parse_pred+0x2d4/0x3070 [ 479.160590][T13079] ? __pfx_parse_pred+0x10/0x10 [ 479.160617][T13079] ? rcu_is_watching+0x12/0xc0 [ 479.160638][T13079] ? trace_kmalloc+0x101/0x130 [ 479.160655][T13079] ? __kmalloc_noprof+0x320/0x850 [ 479.160689][T13079] process_preds+0x6a6/0x1d90 [ 479.160716][T13079] ? create_filter_start.constprop.0+0x134/0x310 [ 479.160741][T13079] create_filter+0x140/0x210 [ 479.160763][T13079] ? __pfx_create_filter+0x10/0x10 [ 479.160787][T13079] ? find_held_lock+0x2b/0x80 [ 479.160804][T13079] apply_event_filter+0x220/0x500 [ 479.160826][T13079] ? __pfx_apply_event_filter+0x10/0x10 [ 479.160853][T13079] event_filter_write+0x16d/0x290 [ 479.160872][T13079] vfs_write+0x2aa/0x1070 [ 479.160886][T13079] ? __pfx_event_filter_write+0x10/0x10 [ 479.160904][T13079] ? __pfx_vfs_write+0x10/0x10 [ 479.160925][T13079] ? __fget_files+0x215/0x3d0 [ 479.160944][T13079] ? __fget_files+0x21f/0x3d0 [ 479.160963][T13079] ksys_write+0x12a/0x250 [ 479.160976][T13079] ? __pfx_ksys_write+0x10/0x10 [ 479.160996][T13079] do_syscall_64+0x106/0xf80 [ 479.161015][T13079] ? clear_bhb_loop+0x40/0x90 [ 479.161034][T13079] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 479.161052][T13079] RIP: 0033:0x7f7cb059c799 [ 479.161067][T13079] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 479.161081][T13079] RSP: 002b:00007f7cb1418028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 479.161096][T13079] RAX: ffffffffffffffda RBX: 00007f7cb0815fa0 RCX: 00007f7cb059c799 [ 479.161106][T13079] RDX: 00000000000005c8 RSI: 0000000000000000 RDI: 0000000000000003 [ 479.161115][T13079] RBP: 00007f7cb0632c99 R08: 0000000000000000 R09: 0000000000000000 [ 479.161124][T13079] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 479.161133][T13079] R13: 00007f7cb0816038 R14: 00007f7cb0815fa0 R15: 00007ffc9f36de88 [ 479.161153][T13079] [ 482.356157][ T5145] Bluetooth: hci3: ACL packet for unknown connection handle 0 [ 484.405153][T13116] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2367'. [ 484.700800][T13116] bond0: (slave ): Releasing backup interface [ 488.382631][ T29] audit: type=1800 audit(669024.810:7): pid=13160 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.2377" name="dbroot" dev="configfs" ino=148473 res=0 errno=0 [ 497.668226][T13230] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input9 [ 500.794059][T13269] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=4294967104 (549755789312 ns) > initial count (26496 ns). Using initial count to start timer. [ 501.442995][T13278] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 501.460570][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.469519][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 508.054027][T13342] netlink: 25 bytes leftover after parsing attributes in process `syz.1.2424'. [ 515.027081][ T5145] Bluetooth: hci2: ACL packet for unknown connection handle 0 [ 516.864015][T13405] FAULT_INJECTION: forcing a failure. [ 516.864015][T13405] name fail_futex, interval 1, probability 0, space 0, times 0 [ 517.126078][T13405] CPU: 0 UID: 0 PID: 13405 Comm: syz.2.2439 Tainted: G L syzkaller #0 PREEMPT(full) [ 517.126105][T13405] Tainted: [L]=SOFTLOCKUP [ 517.126111][T13405] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 517.126120][T13405] Call Trace: [ 517.126125][T13405] [ 517.126131][T13405] dump_stack_lvl+0x100/0x190 [ 517.126162][T13405] should_fail_ex.cold+0x5/0xa [ 517.126179][T13405] get_futex_key+0x1d2/0x1620 [ 517.126201][T13405] ? __pfx_get_futex_key+0x10/0x10 [ 517.126225][T13405] futex_wake+0xea/0x530 [ 517.126247][T13405] ? __pfx_futex_wake+0x10/0x10 [ 517.126268][T13405] ? __call_rcu_common.constprop.0+0x3f0/0x9b0 [ 517.126294][T13405] do_futex+0x32b/0x350 [ 517.126313][T13405] ? __pfx_do_futex+0x10/0x10 [ 517.126331][T13405] ? __pfx___might_resched+0x10/0x10 [ 517.126352][T13405] ? blkcg_maybe_throttle_current+0x5df/0xeb0 [ 517.126454][T13405] __x64_sys_futex+0x34f/0x4d0 [ 517.126475][T13405] ? __pfx_task_work_run+0x10/0x10 [ 517.126496][T13405] ? __pfx___x64_sys_futex+0x10/0x10 [ 517.126515][T13405] ? exit_to_user_mode_loop+0xdd/0x4a0 [ 517.126539][T13405] do_syscall_64+0x106/0xf80 [ 517.126559][T13405] ? clear_bhb_loop+0x40/0x90 [ 517.126576][T13405] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 517.126591][T13405] RIP: 0033:0x7f7cb059c799 [ 517.126605][T13405] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 517.126620][T13405] RSP: 002b:00007f7cb13f70e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 517.126635][T13405] RAX: ffffffffffffffda RBX: 00007f7cb0816098 RCX: 00007f7cb059c799 [ 517.126645][T13405] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f7cb081609c [ 517.126655][T13405] RBP: 00007f7cb0816090 R08: 0000000000000000 R09: 0000000000000000 [ 517.126664][T13405] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 517.126673][T13405] R13: 00007f7cb0816128 R14: 00007ffc9f36dda0 R15: 00007ffc9f36de88 [ 517.126693][T13405] [ 518.134704][T13417] netlink: 306 bytes leftover after parsing attributes in process `syz.2.2442'. [ 518.445028][T13425] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2444'. [ 518.539529][T13427] netlink: 'syz.0.2444': attribute type 1 has an invalid length. [ 518.604771][T13427] netlink: 13 bytes leftover after parsing attributes in process `syz.0.2444'. [ 521.455591][T13453] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2453'. [ 521.539554][T13453] netlink: 'syz.0.2453': attribute type 1 has an invalid length. [ 521.599505][T13453] netlink: 13 bytes leftover after parsing attributes in process `syz.0.2453'. [ 521.677489][T13453] netlink: 'syz.0.2453': attribute type 1 has an invalid length. [ 521.811687][T13451] zswap: compressor not available [ 525.311108][T13493] zswap: compressor not available [ 526.767649][T13523] netlink: Unknown conntrack attr (type=257, max=9) [ 526.996542][ T29] audit: type=1326 audit(676863.425:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13517 comm="syz.3.2469" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fd050d9c799 code=0x0 [ 528.110996][T13535] zswap: compressor not available [ 529.392778][T13552] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2477'. [ 529.506667][T13552] veth1_macvtap: left promiscuous mode [ 530.978189][T13573] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2481'. [ 531.075103][T13573] netlink: 28905 bytes leftover after parsing attributes in process `syz.2.2481'. [ 535.177678][T13641] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2493'. [ 536.107400][T13641] bond0: (slave bond_slave_1): Releasing backup interface [ 540.219202][T13699] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2511'. [ 540.364595][T13701] netlink: 354 bytes leftover after parsing attributes in process `syz.3.2511'. [ 542.821176][ T29] audit: type=1804 audit(676879.225:9): pid=13711 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.2515" name="/newroot/616/file0" dev="tmpfs" ino=3218 res=1 errno=0 [ 543.023678][ T29] audit: type=1804 audit(676879.295:10): pid=13720 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.2515" name="/newroot/616/file0" dev="tmpfs" ino=3218 res=1 errno=0 [ 545.080728][T13739] netlink: zone id is out of range [ 545.090012][T13739] netlink: zone id is out of range [ 545.169636][T13739] netlink: zone id is out of range [ 545.264349][T13739] netlink: zone id is out of range [ 545.270608][T13739] netlink: zone id is out of range [ 545.454154][T13735] netlink: zone id is out of range [ 545.459322][T13735] netlink: zone id is out of range [ 545.598395][T13735] netlink: zone id is out of range [ 545.654331][T13739] netlink: set zone limit has 8 unknown bytes [ 545.707622][T13735] netlink: zone id is out of range [ 548.166333][T13770] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=538976288 (1077952576 ns) > initial count (3830 ns). Using initial count to start timer. [ 553.865157][T13815] FAULT_INJECTION: forcing a failure. [ 553.865157][T13815] name failslab, interval 1, probability 0, space 0, times 0 [ 553.931770][T13819] net_ratelimit: 2 callbacks suppressed [ 553.931785][T13819] netlink: zone id is out of range [ 553.983770][T13815] CPU: 0 UID: 0 PID: 13815 Comm: syz.2.2539 Tainted: G L syzkaller #0 PREEMPT(full) [ 553.983797][T13815] Tainted: [L]=SOFTLOCKUP [ 553.983802][T13815] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 553.983812][T13815] Call Trace: [ 553.983817][T13815] [ 553.983824][T13815] dump_stack_lvl+0x100/0x190 [ 553.983855][T13815] should_fail_ex.cold+0x5/0xa [ 553.983873][T13815] should_failslab+0xc2/0x120 [ 553.983890][T13815] __kvmalloc_node_noprof+0xfa/0xa00 [ 553.983913][T13815] ? io_alloc_cache_init+0x38/0x170 [ 553.984031][T13815] ? lockdep_init_map_type+0x5c/0x250 [ 553.984056][T13815] io_alloc_cache_init+0x38/0x170 [ 553.984080][T13815] io_uring_setup.cold+0x3cd/0x1d79 [ 553.984109][T13815] ? ksys_write+0x190/0x250 [ 553.984129][T13815] ? __pfx_io_uring_setup+0x10/0x10 [ 553.984178][T13815] ? do_futex+0x192/0x350 [ 553.984201][T13815] ? __pfx_do_futex+0x10/0x10 [ 553.984229][T13815] ? xfd_validate_state+0x129/0x190 [ 553.984255][T13815] __x64_sys_io_uring_setup+0xc2/0x170 [ 553.984275][T13815] do_syscall_64+0x106/0xf80 [ 553.984297][T13815] ? clear_bhb_loop+0x40/0x90 [ 553.984316][T13815] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 553.984332][T13815] RIP: 0033:0x7f7cb059c799 [ 553.984345][T13815] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 553.984360][T13815] RSP: 002b:00007f7cb1418028 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 553.984376][T13815] RAX: ffffffffffffffda RBX: 00007f7cb0815fa0 RCX: 00007f7cb059c799 [ 553.984385][T13815] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000001d48 [ 553.984394][T13815] RBP: 00007f7cb0632c99 R08: 0000000000000000 R09: 0000000000000000 [ 553.984403][T13815] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 553.984412][T13815] R13: 00007f7cb0816038 R14: 00007f7cb0815fa0 R15: 00007ffc9f36de88 [ 553.984431][T13815] [ 554.575600][T13819] netlink: zone id is out of range [ 554.622286][T13819] netlink: zone id is out of range [ 554.717444][T13819] netlink: zone id is out of range [ 554.795010][T13817] netlink: zone id is out of range [ 554.800138][T13817] netlink: zone id is out of range [ 554.864183][T13824] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 554.874985][T13819] netlink: zone id is out of range [ 555.050845][T13819] netlink: set zone limit has 8 unknown bytes [ 555.178105][T13817] netlink: zone id is out of range [ 556.988425][T13850] FAULT_INJECTION: forcing a failure. [ 556.988425][T13850] name failslab, interval 1, probability 0, space 0, times 0 [ 557.302759][T13850] CPU: 0 UID: 0 PID: 13850 Comm: syz.0.2546 Tainted: G L syzkaller #0 PREEMPT(full) [ 557.302787][T13850] Tainted: [L]=SOFTLOCKUP [ 557.302792][T13850] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 557.302801][T13850] Call Trace: [ 557.302807][T13850] [ 557.302813][T13850] dump_stack_lvl+0x100/0x190 [ 557.302840][T13850] should_fail_ex.cold+0x5/0xa [ 557.302859][T13850] should_failslab+0xc2/0x120 [ 557.302876][T13850] __kmalloc_cache_noprof+0x7a/0x6f0 [ 557.302895][T13850] ? refill_pi_state_cache+0x91/0x260 [ 557.302920][T13850] refill_pi_state_cache+0x91/0x260 [ 557.302941][T13850] futex_lock_pi+0x177/0x7b0 [ 557.302964][T13850] ? __pfx_futex_lock_pi+0x10/0x10 [ 557.302986][T13850] ? __pfx___futex_wait+0x10/0x10 [ 557.303023][T13850] ? __pfx_futex_wake_mark+0x10/0x10 [ 557.303048][T13850] ? __get_user_nocheck_8+0x20/0x20 [ 557.303067][T13850] ? do_vfs_ioctl+0x226/0x13e0 [ 557.303089][T13850] do_futex+0x18a/0x350 [ 557.303108][T13850] ? __pfx_do_futex+0x10/0x10 [ 557.303127][T13850] ? find_held_lock+0x2b/0x80 [ 557.303144][T13850] __x64_sys_futex+0x34f/0x4d0 [ 557.303165][T13850] ? __pfx___x64_sys_futex+0x10/0x10 [ 557.303190][T13850] do_syscall_64+0x106/0xf80 [ 557.303209][T13850] ? clear_bhb_loop+0x40/0x90 [ 557.303226][T13850] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 557.303241][T13850] RIP: 0033:0x7f627739c799 [ 557.303254][T13850] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 557.303269][T13850] RSP: 002b:00007f62781b5028 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 557.303283][T13850] RAX: ffffffffffffffda RBX: 00007f6277616090 RCX: 00007f627739c799 [ 557.303293][T13850] RDX: 0000000000000008 RSI: 0000000000000006 RDI: 0000000000000000 [ 557.303301][T13850] RBP: 00007f6277432c99 R08: 0000000000000000 R09: 000000008000fff5 [ 557.303310][T13850] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 557.303318][T13850] R13: 00007f6277616128 R14: 00007f6277616090 R15: 00007ffd6d74e2d8 [ 557.303337][T13850] [ 558.337627][T13864] netlink: 25 bytes leftover after parsing attributes in process `syz.2.2549'. [ 558.362188][ T5145] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 559.146507][T13868] netlink: 186 bytes leftover after parsing attributes in process `syz.2.2550'. [ 560.634681][T13887] netlink: 13 bytes leftover after parsing attributes in process `syz.0.2555'. [ 562.902291][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 562.909199][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 563.823080][T13931] netlink: 'syz.0.2565': attribute type 3 has an invalid length. [ 563.897971][T13931] netlink: 306 bytes leftover after parsing attributes in process `syz.0.2565'. [ 564.481741][T13939] FAULT_INJECTION: forcing a failure. [ 564.481741][T13939] name failslab, interval 1, probability 0, space 0, times 0 [ 564.609192][T13939] CPU: 0 UID: 0 PID: 13939 Comm: syz.0.2569 Tainted: G L syzkaller #0 PREEMPT(full) [ 564.609221][T13939] Tainted: [L]=SOFTLOCKUP [ 564.609226][T13939] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 564.609236][T13939] Call Trace: [ 564.609242][T13939] [ 564.609250][T13939] dump_stack_lvl+0x100/0x190 [ 564.609279][T13939] should_fail_ex.cold+0x5/0xa [ 564.609297][T13939] should_failslab+0xc2/0x120 [ 564.609322][T13939] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 564.609344][T13939] ? __kernfs_new_node+0xd2/0x960 [ 564.609369][T13939] __kernfs_new_node+0xd2/0x960 [ 564.609391][T13939] ? __pfx___kernfs_new_node+0x10/0x10 [ 564.609416][T13939] ? find_held_lock+0x2b/0x80 [ 564.609429][T13939] ? kernfs_root+0xee/0x2a0 [ 564.609447][T13939] ? kernfs_root+0xee/0x2a0 [ 564.609470][T13939] kernfs_new_node+0x11b/0x1a0 [ 564.609495][T13939] __kernfs_create_file+0x53/0x350 [ 564.609514][T13939] sysfs_add_file_mode_ns+0x207/0x3c0 [ 564.609538][T13939] internal_create_group+0x593/0xf40 [ 564.609563][T13939] ? __pfx_internal_create_group+0x10/0x10 [ 564.609587][T13939] ? kernfs_create_link+0x1bd/0x240 [ 564.609606][T13939] internal_create_groups+0x9d/0x150 [ 564.609628][T13939] device_add+0x71a/0x1950 [ 564.609649][T13939] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 564.609672][T13939] ? __pfx_device_add+0x10/0x10 [ 564.609689][T13939] ? lockdep_init_map_type+0x5c/0x250 [ 564.609708][T13939] ? __init_waitqueue_head+0xca/0x150 [ 564.609734][T13939] netdev_register_kobject+0x1a9/0x3d0 [ 564.609858][T13939] register_netdevice+0x12e0/0x2210 [ 564.609886][T13939] ? __pfx_register_netdevice+0x10/0x10 [ 564.609921][T13939] ? __pfx_loopback_net_init+0x10/0x10 [ 564.609977][T13939] register_netdev+0x34/0x50 [ 564.609998][T13939] loopback_net_init+0x7a/0x170 [ 564.610014][T13939] ? __pfx_loopback_net_init+0x10/0x10 [ 564.610028][T13939] ops_init+0x1e2/0x5f0 [ 564.610094][T13939] setup_net+0x118/0x3a0 [ 564.610115][T13939] ? __pfx_setup_net+0x10/0x10 [ 564.610136][T13939] ? lockdep_init_map_type+0x5c/0x250 [ 564.610156][T13939] ? mutex_init_lockep+0x110/0x150 [ 564.610178][T13939] copy_net_ns+0x46f/0x7c0 [ 564.610196][T13939] create_new_namespaces+0x3ea/0xac0 [ 564.610216][T13939] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 564.610233][T13939] ksys_unshare+0x473/0xad0 [ 564.610253][T13939] ? __pfx_ksys_unshare+0x10/0x10 [ 564.610279][T13939] __x64_sys_unshare+0x31/0x40 [ 564.610297][T13939] do_syscall_64+0x106/0xf80 [ 564.610326][T13939] ? clear_bhb_loop+0x40/0x90 [ 564.610345][T13939] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 564.610361][T13939] RIP: 0033:0x7f627739c799 [ 564.610376][T13939] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 564.610390][T13939] RSP: 002b:00007f62781d6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 564.610406][T13939] RAX: ffffffffffffffda RBX: 00007f6277615fa0 RCX: 00007f627739c799 [ 564.610417][T13939] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 564.610426][T13939] RBP: 00007f6277432c99 R08: 0000000000000000 R09: 0000000000000000 [ 564.610436][T13939] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 564.610444][T13939] R13: 00007f6277616038 R14: 00007f6277615fa0 R15: 00007ffd6d74e2d8 [ 564.610464][T13939] [ 566.035325][T13950] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2570'. [ 566.144592][T13954] netlink: 'syz.2.2570': attribute type 1 has an invalid length. [ 566.152634][T13954] netlink: 5 bytes leftover after parsing attributes in process `syz.2.2570'. [ 567.041404][T13966] netlink: 'syz.3.2576': attribute type 2 has an invalid length. [ 567.266272][T13966] netlink: 'syz.3.2576': attribute type 3 has an invalid length. [ 567.350063][T13971] [U] [ 567.352785][T13971] [U] [ 567.355456][T13971] [U] [ 567.358123][T13971] [U] [ 567.430746][T13966] netlink: 'syz.3.2576': attribute type 2 has an invalid length. [ 567.476261][T13971] [U] [ 567.479004][T13971] [U] [ 567.481691][T13971] [U] [ 567.484363][T13971] [U] [ 567.567430][T13966] netlink: 'syz.3.2576': attribute type 3 has an invalid length. [ 567.685952][T13966] netlink: 30 bytes leftover after parsing attributes in process `syz.3.2576'. [ 568.319008][T13968] [U] [ 569.272037][T13998] syz.0.2585 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 572.002840][ T5145] block nbd0: Receive control failed (result -32) [ 574.044462][T14053] net_ratelimit: 3 callbacks suppressed [ 574.044478][T14053] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 580.433725][ T29] audit: type=1800 audit(676916.845:11): pid=14108 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.2609" name="SYSV00000008" dev="tmpfs" ino=0 res=0 errno=0 [ 580.817832][T14116] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2610'. [ 581.819597][T14116] veth1_macvtap: left promiscuous mode [ 582.401632][T14124] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 585.084283][T14144] [U] [ 585.086992][T14144] [U] [ 585.089662][T14144] [U] [ 585.092330][T14144] [U] [ 585.694108][T14144] [U] [ 585.696829][T14144] [U] [ 585.699500][T14144] [U] [ 585.702173][T14144] [U] [ 586.403705][T14158] [U] [ 588.144244][T14173] ecryptfs_miscdev_write: Acceptable packet size range is [6-531], but amount of data written is [1]. [ 590.564485][T14184] kexec: Could not allocate control_code_buffer [ 591.265939][T14195] netlink: 93 bytes leftover after parsing attributes in process `syz.0.2629'. [ 595.990344][T14230] FAULT_INJECTION: forcing a failure. [ 595.990344][T14230] name failslab, interval 1, probability 0, space 0, times 0 [ 596.125930][T14230] CPU: 0 UID: 0 PID: 14230 Comm: syz.3.2635 Tainted: G L syzkaller #0 PREEMPT(full) [ 596.125980][T14230] Tainted: [L]=SOFTLOCKUP [ 596.125985][T14230] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 596.125995][T14230] Call Trace: [ 596.126001][T14230] [ 596.126008][T14230] dump_stack_lvl+0x100/0x190 [ 596.126036][T14230] should_fail_ex.cold+0x5/0xa [ 596.126055][T14230] should_failslab+0xc2/0x120 [ 596.126071][T14230] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 596.126092][T14230] ? __kernfs_new_node+0xd2/0x960 [ 596.126116][T14230] __kernfs_new_node+0xd2/0x960 [ 596.126138][T14230] ? __pfx___kernfs_new_node+0x10/0x10 [ 596.126163][T14230] ? find_held_lock+0x2b/0x80 [ 596.126176][T14230] ? kernfs_root+0xee/0x2a0 [ 596.126194][T14230] ? kernfs_root+0xee/0x2a0 [ 596.126218][T14230] kernfs_new_node+0x11b/0x1a0 [ 596.126243][T14230] __kernfs_create_file+0x53/0x350 [ 596.126261][T14230] sysfs_add_file_mode_ns+0x207/0x3c0 [ 596.126285][T14230] internal_create_group+0x593/0xf40 [ 596.126310][T14230] ? __pfx_internal_create_group+0x10/0x10 [ 596.126334][T14230] ? kernfs_create_link+0x1bd/0x240 [ 596.126353][T14230] internal_create_groups+0x9d/0x150 [ 596.126375][T14230] device_add+0x71a/0x1950 [ 596.126393][T14230] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 596.126417][T14230] ? __pfx_device_add+0x10/0x10 [ 596.126433][T14230] ? lockdep_init_map_type+0x5c/0x250 [ 596.126452][T14230] ? __init_waitqueue_head+0xca/0x150 [ 596.126477][T14230] netdev_register_kobject+0x1a9/0x3d0 [ 596.126503][T14230] register_netdevice+0x12e0/0x2210 [ 596.126529][T14230] ? __pfx_register_netdevice+0x10/0x10 [ 596.126554][T14230] ? __pfx_loopback_net_init+0x10/0x10 [ 596.126570][T14230] register_netdev+0x34/0x50 [ 596.126590][T14230] loopback_net_init+0x7a/0x170 [ 596.126605][T14230] ? __pfx_loopback_net_init+0x10/0x10 [ 596.126619][T14230] ops_init+0x1e2/0x5f0 [ 596.126642][T14230] setup_net+0x118/0x3a0 [ 596.126663][T14230] ? __pfx_setup_net+0x10/0x10 [ 596.126682][T14230] ? lockdep_init_map_type+0x5c/0x250 [ 596.126702][T14230] ? mutex_init_lockep+0x110/0x150 [ 596.126724][T14230] copy_net_ns+0x46f/0x7c0 [ 596.126740][T14230] create_new_namespaces+0x3ea/0xac0 [ 596.126760][T14230] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 596.126777][T14230] ksys_unshare+0x473/0xad0 [ 596.126797][T14230] ? __pfx_ksys_unshare+0x10/0x10 [ 596.126822][T14230] __x64_sys_unshare+0x31/0x40 [ 596.126839][T14230] do_syscall_64+0x106/0xf80 [ 596.126859][T14230] ? clear_bhb_loop+0x40/0x90 [ 596.126876][T14230] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 596.126892][T14230] RIP: 0033:0x7fd050d9c799 [ 596.126906][T14230] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 596.126921][T14230] RSP: 002b:00007fd051be7028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 596.126935][T14230] RAX: ffffffffffffffda RBX: 00007fd051015fa0 RCX: 00007fd050d9c799 [ 596.126955][T14230] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 596.126964][T14230] RBP: 00007fd050e32c99 R08: 0000000000000000 R09: 0000000000000000 [ 596.126973][T14230] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 596.126982][T14230] R13: 00007fd051016038 R14: 00007fd051015fa0 R15: 00007ffeb761a928 [ 596.127003][T14230] [ 605.174361][T14306] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input11 [ 607.111895][T14322] random: crng reseeded on system resumption [ 608.934487][T14338] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 609.054395][T14333] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 610.287787][T14349] vmstat_refresh: nr_hugetlb -1536 [ 610.415094][T14349] vmstat_refresh: nr_hugetlb -1024 [ 610.425184][T14351] capability: warning: `syz.0.2668' uses 32-bit capabilities (legacy support in use) [ 613.913514][T14379] sd 0:0:1:0: PR command failed: 1026 [ 613.956845][T14379] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 614.042448][T14379] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 615.855419][T14386] delete_channel: no stack [ 616.645193][T14403] HSR: entered promiscuous mode [ 620.867217][ T5145] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 623.455008][T14482] [U] [ 623.874077][ T29] audit: type=1806 audit(676960.295:12): xattr="." res=0 [ 624.338699][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.345197][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 624.926468][T14510] input: f as /devices/virtual/input/input12 [ 624.932941][T14510] FAULT_INJECTION: forcing a failure. [ 624.932941][T14510] name failslab, interval 1, probability 0, space 0, times 0 [ 625.105796][T14510] CPU: 0 UID: 0 PID: 14510 Comm: syz.0.2710 Tainted: G L syzkaller #0 PREEMPT(full) [ 625.105823][T14510] Tainted: [L]=SOFTLOCKUP [ 625.105829][T14510] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 625.105838][T14510] Call Trace: [ 625.105844][T14510] [ 625.105850][T14510] dump_stack_lvl+0x100/0x190 [ 625.105877][T14510] should_fail_ex.cold+0x5/0xa [ 625.105896][T14510] should_failslab+0xc2/0x120 [ 625.105912][T14510] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 625.105934][T14510] ? __kernfs_new_node+0xd2/0x960 [ 625.105959][T14510] __kernfs_new_node+0xd2/0x960 [ 625.105981][T14510] ? __pfx___kernfs_new_node+0x10/0x10 [ 625.106005][T14510] ? find_held_lock+0x2b/0x80 [ 625.106019][T14510] ? kernfs_root+0xee/0x2a0 [ 625.106037][T14510] ? kernfs_root+0xee/0x2a0 [ 625.106061][T14510] kernfs_new_node+0x11b/0x1a0 [ 625.106086][T14510] __kernfs_create_file+0x53/0x350 [ 625.106105][T14510] sysfs_add_file_mode_ns+0x207/0x3c0 [ 625.106129][T14510] sysfs_create_file_ns+0x145/0x1e0 [ 625.106147][T14510] ? __pfx_sysfs_create_file_ns+0x10/0x10 [ 625.106169][T14510] ? mark_held_locks+0x40/0x70 [ 625.106189][T14510] device_create_file+0xf2/0x1d0 [ 625.106211][T14510] device_add+0xa74/0x1950 [ 625.106229][T14510] ? __pfx_device_add+0x10/0x10 [ 625.106250][T14510] ? kobject_get+0xbb/0x150 [ 625.106343][T14510] cdev_device_add+0x12b/0x270 [ 625.106361][T14510] evdev_connect+0x3a8/0x4b0 [ 625.106452][T14510] input_attach_handler.isra.0+0x177/0x1e0 [ 625.106526][T14510] input_register_device.cold+0x139/0x375 [ 625.106559][T14510] uinput_ioctl_handler.isra.0+0x8d8/0x1d10 [ 625.106602][T14510] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 625.106623][T14510] ? __pfx_uinput_ioctl_handler.isra.0+0x10/0x10 [ 625.106647][T14510] ? find_held_lock+0x2b/0x80 [ 625.106661][T14510] ? __fget_files+0x215/0x3d0 [ 625.106684][T14510] ? __pfx_uinput_ioctl+0x10/0x10 [ 625.106701][T14510] __x64_sys_ioctl+0x18e/0x210 [ 625.106723][T14510] do_syscall_64+0x106/0xf80 [ 625.106742][T14510] ? clear_bhb_loop+0x40/0x90 [ 625.106767][T14510] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 625.106783][T14510] RIP: 0033:0x7f627739c799 [ 625.106797][T14510] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 625.106811][T14510] RSP: 002b:00007f62781d6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 625.106827][T14510] RAX: ffffffffffffffda RBX: 00007f6277615fa0 RCX: 00007f627739c799 [ 625.106837][T14510] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000006 [ 625.106846][T14510] RBP: 00007f6277432c99 R08: 0000000000000000 R09: 0000000000000000 [ 625.106856][T14510] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 625.106864][T14510] R13: 00007f6277616038 R14: 00007f6277615fa0 R15: 00007ffd6d74e2d8 [ 625.106885][T14510] [ 626.992071][T14510] input: failed to attach handler evdev to device input12, error: -12 [ 631.223224][T14571] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2728'. [ 631.285006][T14571] netlink: 25 bytes leftover after parsing attributes in process `syz.3.2728'. [ 639.892830][T14621] ubi0: attaching mtd0 [ 639.962805][T14621] ubi0: scanning is finished [ 640.036472][T14621] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 640.700610][T14621] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 641.400992][T14647] can0: slcan on ttyS2. [ 641.876535][T14644] can0 (unregistered): slcan off ttyS2. [ 643.837568][T14684] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78000 [ 644.009302][T14684] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 644.151130][T14684] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 644.340473][T14684] page_type: f5(slab) [ 644.455842][T14684] raw: 00fff00000000040 ffff88813fe3d140 dead000000000122 0000000000000000 [ 644.612508][T14684] raw: 0000000000000000 0000000800040004 00000000f5000000 0000000000000000 [ 644.753794][T14684] head: 00fff00000000040 ffff88813fe3d140 dead000000000122 0000000000000000 [ 644.894957][T14684] head: 0000000000000000 0000000800040004 00000000f5000000 0000000000000000 [ 644.967808][T14684] head: 00fff00000000003 ffffea0001e00001 00000000ffffffff 00000000ffffffff [ 645.025194][T14684] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 645.113728][T14684] page dumped because: unmovable page [ 645.201691][T14684] page_owner tracks the page as allocated [ 645.273688][T14684] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 12022, tgid 12022 (kworker/u8:7), ts 644443510605, free_ts 644434430739 [ 645.511566][T14684] post_alloc_hook+0x153/0x170 [ 645.556386][T14684] get_page_from_freelist+0x111d/0x3140 [ 645.561971][T14684] __alloc_frozen_pages_noprof+0x27c/0x2ba0 [ 645.695211][T14684] new_slab+0xa6/0x6b0 [ 645.699334][T14684] refill_objects+0x26b/0x400 [ 645.749746][T14684] __pcs_replace_empty_main+0x1ab/0x660 [ 645.793834][T14684] kmem_cache_alloc_noprof+0x480/0x6e0 [ 645.799351][T14684] sk_prot_alloc+0x60/0x2a0 [ 645.846165][T14713] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2760'. [ 645.880001][T14700] serio: Serial port pty6 [ 645.925397][T14684] sk_clone+0x7d/0x1670 [ 645.929587][T14684] inet_csk_clone_lock+0x2f/0x760 [ 646.017233][T14684] tcp_create_openreq_child+0x34/0x2820 [ 646.023121][T14684] tcp_v4_syn_recv_sock+0x122/0x12c0 [ 646.118660][T14684] tcp_v6_syn_recv_sock+0x17e5/0x1f40 [ 646.199769][T14684] tcp_check_req+0xab6/0x2be0 [ 646.227724][T14684] tcp_v4_rcv+0x1337/0x4680 [ 646.276143][T14684] ip_protocol_deliver_rcu+0xba/0x4d0 [ 646.327399][T14684] page last free pid 141 tgid 141 stack trace: [ 646.383629][T14684] __free_frozen_pages+0x7e1/0x10d0 [ 646.421495][T14684] qlist_free_all+0x47/0xe0 [ 646.456250][T14684] kasan_quarantine_reduce+0x1a0/0x1f0 [ 646.505797][T14684] __kasan_slab_alloc+0x69/0x90 [ 646.554431][T14684] kmem_cache_alloc_node_noprof+0x25a/0x6f0 [ 646.611256][T14684] __alloc_skb+0x140/0x710 [ 646.653729][T14684] tcp_stream_alloc_skb+0x34/0x660 [ 646.703273][T14684] tcp_connect+0xe8c/0x5630 [ 646.724064][T14684] tcp_v4_connect+0x1603/0x1b40 [ 646.755896][T14684] __inet_stream_connect+0x208/0xfa0 [ 646.813837][T14684] inet_stream_connect+0x57/0xa0 [ 646.839879][T14684] kernel_connect+0x107/0x160 [ 646.850371][T14724] netlink: 17 bytes leftover after parsing attributes in process `syz.2.2761'. [ 646.895911][T14684] rds_tcp_conn_path_connect+0x72b/0xaa0 [ 646.933677][T14684] rds_connect_worker+0x1b4/0x2d0 [ 646.953842][T14684] process_one_work+0xa23/0x19a0 [ 646.989849][T14684] worker_thread+0x5ef/0xe50 [ 648.074692][T14733] FAULT_INJECTION: forcing a failure. [ 648.074692][T14733] name failslab, interval 1, probability 0, space 0, times 0 [ 648.934008][T14733] CPU: 0 UID: 0 PID: 14733 Comm: syz.2.2764 Tainted: G L syzkaller #0 PREEMPT(full) [ 648.934037][T14733] Tainted: [L]=SOFTLOCKUP [ 648.934043][T14733] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 648.934053][T14733] Call Trace: [ 648.934059][T14733] [ 648.934065][T14733] dump_stack_lvl+0x100/0x190 [ 648.934093][T14733] should_fail_ex.cold+0x5/0xa [ 648.934111][T14733] should_failslab+0xc2/0x120 [ 648.934127][T14733] __kmalloc_cache_noprof+0x7a/0x6f0 [ 648.934146][T14733] ? snd_seq_port_connect+0x61/0x560 [ 648.934245][T14733] ? snd_seq_port_use_ptr+0x14d/0x1b0 [ 648.934306][T14733] ? snd_seq_port_use_ptr+0x14d/0x1b0 [ 648.934332][T14733] snd_seq_port_connect+0x61/0x560 [ 648.934346][T14733] ? _raw_read_unlock+0x28/0x50 [ 648.934410][T14733] ? check_subscription_permission.isra.0+0x146/0x240 [ 648.934490][T14733] snd_seq_ioctl_subscribe_port+0x219/0x490 [ 648.934509][T14733] ? __pfx_snd_seq_ioctl_subscribe_port+0x10/0x10 [ 648.934534][T14733] call_seq_client_ctl+0xa3/0x130 [ 648.934559][T14733] snd_seq_kernel_client_ctl+0x77/0xd0 [ 648.934583][T14733] snd_seq_oss_midi_open+0x48b/0x6b0 [ 648.934602][T14733] ? __pfx_snd_seq_oss_midi_open+0x10/0x10 [ 648.934621][T14733] ? find_held_lock+0x2b/0x80 [ 648.934639][T14733] ? lockdep_hardirqs_on+0x78/0x100 [ 648.934658][T14733] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 648.934677][T14733] ? get_mididev+0x115/0x160 [ 648.934695][T14733] snd_seq_oss_synth_setup_midi+0x131/0x590 [ 648.934719][T14733] snd_seq_oss_open+0x82e/0xa10 [ 648.934737][T14733] odev_open+0x79/0xc0 [ 648.934749][T14733] ? __pfx_odev_open+0x10/0x10 [ 648.934762][T14733] soundcore_open+0x2e3/0x5a0 [ 648.934808][T14733] ? __pfx_soundcore_open+0x10/0x10 [ 648.934823][T14733] chrdev_open+0x234/0x6a0 [ 648.934838][T14733] ? __pfx_apparmor_file_open+0x10/0x10 [ 648.934863][T14733] ? __pfx_chrdev_open+0x10/0x10 [ 648.934879][T14733] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 648.934899][T14733] do_dentry_open+0x6d8/0x1660 [ 648.934915][T14733] ? __pfx_chrdev_open+0x10/0x10 [ 648.934934][T14733] vfs_open+0x82/0x3f0 [ 648.934962][T14733] path_openat+0x208c/0x31a0 [ 648.934985][T14733] ? __pfx_path_openat+0x10/0x10 [ 648.935007][T14733] do_file_open+0x20e/0x430 [ 648.935024][T14733] ? __pfx_do_file_open+0x10/0x10 [ 648.935054][T14733] ? alloc_fd+0x476/0x790 [ 648.935071][T14733] ? do_getname+0x191/0x390 [ 648.935090][T14733] do_sys_openat2+0x10d/0x1e0 [ 648.935109][T14733] ? __pfx_do_sys_openat2+0x10/0x10 [ 648.935135][T14733] __x64_sys_openat+0x12d/0x210 [ 648.935155][T14733] ? __pfx___x64_sys_openat+0x10/0x10 [ 648.935181][T14733] do_syscall_64+0x106/0xf80 [ 648.935200][T14733] ? clear_bhb_loop+0x40/0x90 [ 648.935218][T14733] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 648.935233][T14733] RIP: 0033:0x7f7cb059c799 [ 648.935247][T14733] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 648.935262][T14733] RSP: 002b:00007f7cb1418028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 648.935277][T14733] RAX: ffffffffffffffda RBX: 00007f7cb0815fa0 RCX: 00007f7cb059c799 [ 648.935287][T14733] RDX: 0000000000000002 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 648.935297][T14733] RBP: 00007f7cb0632c99 R08: 0000000000000000 R09: 0000000000000000 [ 648.935306][T14733] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 648.935315][T14733] R13: 00007f7cb0816038 R14: 00007f7cb0815fa0 R15: 00007ffc9f36de88 [ 648.935335][T14733] [ 652.268561][T14747] can: request_module (can-proto-3) failed. [ 652.287468][T14759] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2772'. [ 652.455253][T14763] netlink: 25 bytes leftover after parsing attributes in process `syz.3.2773'. [ 652.615290][T14759] bridge0: port 2(bridge_slave_1) entered disabled state [ 652.798826][T14759] bridge_slave_1 (unregistering): left allmulticast mode [ 652.934042][T14759] bridge_slave_1 (unregistering): left promiscuous mode [ 652.941099][T14759] bridge0: port 2(bridge_slave_1) entered disabled state [ 653.400831][T14767] netlink: 334 bytes leftover after parsing attributes in process `syz.3.2775'. [ 654.325208][T14785] FAULT_INJECTION: forcing a failure. [ 654.325208][T14785] name failslab, interval 1, probability 0, space 0, times 0 [ 654.427219][T14785] CPU: 0 UID: 0 PID: 14785 Comm: syz.3.2778 Tainted: G L syzkaller #0 PREEMPT(full) [ 654.427246][T14785] Tainted: [L]=SOFTLOCKUP [ 654.427251][T14785] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 654.427261][T14785] Call Trace: [ 654.427267][T14785] [ 654.427273][T14785] dump_stack_lvl+0x100/0x190 [ 654.427300][T14785] should_fail_ex.cold+0x5/0xa [ 654.427318][T14785] should_failslab+0xc2/0x120 [ 654.427334][T14785] __kmalloc_cache_noprof+0x7a/0x6f0 [ 654.427353][T14785] ? refill_pi_state_cache+0x91/0x260 [ 654.427378][T14785] refill_pi_state_cache+0x91/0x260 [ 654.427398][T14785] futex_lock_pi+0x177/0x7b0 [ 654.427421][T14785] ? __pfx_futex_lock_pi+0x10/0x10 [ 654.427443][T14785] ? __pfx___futex_wait+0x10/0x10 [ 654.427481][T14785] ? __pfx_futex_wake_mark+0x10/0x10 [ 654.427506][T14785] ? __get_user_nocheck_8+0x20/0x20 [ 654.427524][T14785] ? do_vfs_ioctl+0x226/0x13e0 [ 654.427546][T14785] do_futex+0x18a/0x350 [ 654.427565][T14785] ? __pfx_do_futex+0x10/0x10 [ 654.427585][T14785] ? find_held_lock+0x2b/0x80 [ 654.427601][T14785] __x64_sys_futex+0x34f/0x4d0 [ 654.427622][T14785] ? __pfx___x64_sys_futex+0x10/0x10 [ 654.427648][T14785] do_syscall_64+0x106/0xf80 [ 654.427675][T14785] ? clear_bhb_loop+0x40/0x90 [ 654.427694][T14785] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 654.427710][T14785] RIP: 0033:0x7fd050d9c799 [ 654.427722][T14785] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 654.427737][T14785] RSP: 002b:00007fd051bc6028 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 654.427753][T14785] RAX: ffffffffffffffda RBX: 00007fd051016090 RCX: 00007fd050d9c799 [ 654.427763][T14785] RDX: 0000000000000008 RSI: 0000000000000006 RDI: 0000000000000000 [ 654.427772][T14785] RBP: 00007fd050e32c99 R08: 0000000000000000 R09: 000000008000fff5 [ 654.427781][T14785] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 654.427790][T14785] R13: 00007fd051016128 R14: 00007fd051016090 R15: 00007ffeb761a928 [ 654.427809][T14785] [ 654.985576][T14791] netlink: 326 bytes leftover after parsing attributes in process `syz.0.2779'. [ 655.076634][T14784] input: f as /devices/virtual/input/input13 [ 655.672312][T14796] random: crng reseeded on system resumption [ 655.803201][T14798] netlink: 25 bytes leftover after parsing attributes in process `syz.1.2782'. [ 660.490439][T14847] nbd: must specify at least one socket [ 662.006738][T14857] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2800'. [ 662.184506][T14862] FAULT_INJECTION: forcing a failure. [ 662.184506][T14862] name fail_futex, interval 1, probability 0, space 0, times 0 [ 662.453639][T14862] CPU: 0 UID: 0 PID: 14862 Comm: syz.3.2799 Tainted: G L syzkaller #0 PREEMPT(full) [ 662.453667][T14862] Tainted: [L]=SOFTLOCKUP [ 662.453672][T14862] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 662.453682][T14862] Call Trace: [ 662.453687][T14862] [ 662.453693][T14862] dump_stack_lvl+0x100/0x190 [ 662.453721][T14862] should_fail_ex.cold+0x5/0xa [ 662.453738][T14862] get_futex_key+0x1d2/0x1620 [ 662.453759][T14862] ? __pfx_get_futex_key+0x10/0x10 [ 662.453782][T14862] futex_wait_setup+0x83/0x510 [ 662.453808][T14862] __futex_wait+0x19f/0x300 [ 662.453832][T14862] ? __pfx___futex_wait+0x10/0x10 [ 662.453853][T14862] ? __might_fault+0xc5/0x140 [ 662.453875][T14862] ? __pfx_futex_wake_mark+0x10/0x10 [ 662.453898][T14862] ? futex_hash+0x2c5/0x380 [ 662.453920][T14862] futex_wait+0xed/0x380 [ 662.453941][T14862] ? __pfx_futex_wait+0x10/0x10 [ 662.453967][T14862] ? vhost_net_ioctl+0x23f/0x1910 [ 662.454097][T14862] do_futex+0x1ef/0x350 [ 662.454116][T14862] ? __pfx_do_futex+0x10/0x10 [ 662.454134][T14862] ? bpf_lsm_capable+0x9/0x10 [ 662.454152][T14862] ? capable+0xd3/0xf0 [ 662.454168][T14862] __x64_sys_futex+0x34f/0x4d0 [ 662.454188][T14862] ? __x64_sys_settimeofday+0x1df/0x2b0 [ 662.454206][T14862] ? __pfx___x64_sys_futex+0x10/0x10 [ 662.454231][T14862] do_syscall_64+0x106/0xf80 [ 662.454251][T14862] ? clear_bhb_loop+0x40/0x90 [ 662.454269][T14862] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 662.454285][T14862] RIP: 0033:0x7fd050d9c799 [ 662.454298][T14862] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 662.454314][T14862] RSP: 002b:00007fd051bc60e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 662.454328][T14862] RAX: ffffffffffffffda RBX: 00007fd051016098 RCX: 00007fd050d9c799 [ 662.454339][T14862] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fd051016098 [ 662.454348][T14862] RBP: 00007fd051016090 R08: 0000000000000000 R09: 0000000000000000 [ 662.454357][T14862] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 662.454366][T14862] R13: 00007fd051016128 R14: 00007ffeb761a840 R15: 00007ffeb761a928 [ 662.454385][T14862] [ 668.566057][ T5145] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 668.574078][ T5145] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci1/hci1:0' [ 668.587590][ T5145] CPU: 0 UID: 0 PID: 5145 Comm: kworker/u9:1 Tainted: G L syzkaller #0 PREEMPT(full) [ 668.587615][ T5145] Tainted: [L]=SOFTLOCKUP [ 668.587621][ T5145] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 668.587656][ T5145] Workqueue: hci1 hci_rx_work [ 668.587738][ T5145] Call Trace: [ 668.587743][ T5145] [ 668.587749][ T5145] dump_stack_lvl+0x100/0x190 [ 668.587775][ T5145] sysfs_warn_dup.cold+0x1c/0x28 [ 668.587796][ T5145] sysfs_create_dir_ns+0x24b/0x2b0 [ 668.587817][ T5145] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 668.587836][ T5145] ? find_held_lock+0x2b/0x80 [ 668.587849][ T5145] ? kobject_add_internal+0x25f/0x930 [ 668.587873][ T5145] ? kobject_add_internal+0x25f/0x930 [ 668.587896][ T5145] ? do_raw_spin_unlock+0x145/0x1e0 [ 668.587919][ T5145] kobject_add_internal+0x2c8/0x930 [ 668.587946][ T5145] kobject_add+0x16a/0x1e0 [ 668.587960][ T5145] ? __pfx_kobject_add+0x10/0x10 [ 668.587973][ T5145] ? class_to_subsys+0x10f/0x150 [ 668.588026][ T5145] ? kobject_put+0xb9/0x640 [ 668.588046][ T5145] ? _raw_spin_unlock+0x28/0x50 [ 668.588069][ T5145] device_add+0x294/0x1950 [ 668.588088][ T5145] ? __pfx_dev_set_name+0x10/0x10 [ 668.588108][ T5145] ? __pfx_device_add+0x10/0x10 [ 668.588124][ T5145] ? mgmt_send_event_skb+0x2fb/0x460 [ 668.588174][ T5145] hci_conn_add_sysfs+0x1a3/0x260 [ 668.588238][ T5145] le_conn_complete_evt+0x11cb/0x1f40 [ 668.588282][ T5145] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 668.588299][ T5145] ? __pfx_bt_warn+0x10/0x10 [ 668.588334][ T5145] hci_le_conn_complete_evt+0x23c/0x3a0 [ 668.588353][ T5145] ? skb_pull_data+0x15f/0x1e0 [ 668.588372][ T5145] hci_le_meta_evt+0x34a/0x5f0 [ 668.588411][ T5145] ? __pfx_hci_le_conn_complete_evt+0x10/0x10 [ 668.588432][ T5145] hci_event_packet+0x682/0x11c0 [ 668.588450][ T5145] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 668.588471][ T5145] ? __pfx_hci_event_packet+0x10/0x10 [ 668.588490][ T5145] ? kcov_remote_start+0x374/0x660 [ 668.588504][ T5145] ? lockdep_hardirqs_on+0x78/0x100 [ 668.588537][ T5145] hci_rx_work+0x451/0xfc0 [ 668.588560][ T5145] process_one_work+0xa23/0x19a0 [ 668.588590][ T5145] ? __pfx_process_one_work+0x10/0x10 [ 668.588616][ T5145] ? __pfx_hci_rx_work+0x10/0x10 [ 668.588634][ T5145] worker_thread+0x5ef/0xe50 [ 668.588659][ T5145] ? __pfx_worker_thread+0x10/0x10 [ 668.588680][ T5145] ? kthread+0x13a/0x450 [ 668.588697][ T5145] ? __pfx_worker_thread+0x10/0x10 [ 668.588715][ T5145] kthread+0x370/0x450 [ 668.588733][ T5145] ? __pfx_kthread+0x10/0x10 [ 668.588752][ T5145] ret_from_fork+0x754/0xd80 [ 668.588774][ T5145] ? __pfx_ret_from_fork+0x10/0x10 [ 668.588796][ T5145] ? __switch_to+0x7b4/0x1120 [ 668.588812][ T5145] ? __pfx_kthread+0x10/0x10 [ 668.588831][ T5145] ret_from_fork_asm+0x1a/0x30 [ 668.588856][ T5145] [ 668.588878][ T5145] kobject: kobject_add_internal failed for hci1:0 with -EEXIST, don't try to register things with the same name in the same directory. [ 668.943791][ T5145] Bluetooth: hci1: failed to register connection device [ 669.724243][T14921] kAFS: Invalid Command on /proc/fs/afs/cells file [ 670.975290][ T5145] Bluetooth: hci1: command 0x0406 tx timeout [ 673.053850][ T5145] Bluetooth: hci1: command 0x0406 tx timeout [ 677.918529][T15008] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 678.216814][T15011] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2834'. [ 678.608578][T15016] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2836'. [ 678.744051][T15016] bridge0: port 2(bridge_slave_1) entered disabled state [ 678.932252][T15016] bridge_slave_1 (unregistering): left allmulticast mode [ 678.992769][T15016] bridge_slave_1 (unregistering): left promiscuous mode [ 679.030111][T15016] bridge0: port 2(bridge_slave_1) entered disabled state [ 679.224369][T15024] FAULT_INJECTION: forcing a failure. [ 679.224369][T15024] name failslab, interval 1, probability 0, space 0, times 0 [ 679.614771][T15024] CPU: 0 UID: 0 PID: 15024 Comm: syz.2.2837 Tainted: G L syzkaller #0 PREEMPT(full) [ 679.614797][T15024] Tainted: [L]=SOFTLOCKUP [ 679.614802][T15024] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 679.614812][T15024] Call Trace: [ 679.614817][T15024] [ 679.614823][T15024] dump_stack_lvl+0x100/0x190 [ 679.614854][T15024] should_fail_ex.cold+0x5/0xa [ 679.614874][T15024] should_failslab+0xc2/0x120 [ 679.614891][T15024] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 679.614914][T15024] ? shmem_alloc_inode+0x25/0x50 [ 679.614932][T15024] ? __pfx_shmem_alloc_inode+0x10/0x10 [ 679.614949][T15024] shmem_alloc_inode+0x25/0x50 [ 679.614965][T15024] alloc_inode+0x68/0x250 [ 679.614984][T15024] new_inode+0x22/0x1c0 [ 679.615004][T15024] shmem_get_inode+0x212/0x1040 [ 679.615025][T15024] ? __pfx_shmem_get_inode+0x10/0x10 [ 679.615043][T15024] ? d_add+0x443/0x850 [ 679.615061][T15024] ? do_raw_spin_unlock+0x145/0x1e0 [ 679.615087][T15024] shmem_mknod+0x20c/0x470 [ 679.615107][T15024] ? __pfx_shmem_mknod+0x10/0x10 [ 679.615124][T15024] ? bpf_lsm_inode_create+0x9/0x10 [ 679.615147][T15024] ? __pfx_shmem_create+0x10/0x10 [ 679.615166][T15024] lookup_open.isra.0+0xc47/0x11b0 [ 679.615192][T15024] ? __pfx_lookup_open.isra.0+0x10/0x10 [ 679.615216][T15024] ? __pfx___might_resched+0x10/0x10 [ 679.615236][T15024] ? mnt_get_write_access+0x52/0x2f0 [ 679.615259][T15024] ? __pfx_down_write+0x10/0x10 [ 679.615282][T15024] ? mnt_get_write_access+0x1e9/0x2f0 [ 679.615304][T15024] path_openat+0x2291/0x31a0 [ 679.615326][T15024] ? __pfx_path_openat+0x10/0x10 [ 679.615351][T15024] do_file_open+0x20e/0x430 [ 679.615368][T15024] ? __pfx_do_file_open+0x10/0x10 [ 679.615396][T15024] ? alloc_fd+0x476/0x790 [ 679.615412][T15024] ? do_getname+0x191/0x390 [ 679.615431][T15024] do_sys_openat2+0x10d/0x1e0 [ 679.615452][T15024] ? __pfx_do_sys_openat2+0x10/0x10 [ 679.615472][T15024] ? __fget_files+0x21f/0x3d0 [ 679.615490][T15024] __x64_sys_openat+0x12d/0x210 [ 679.615509][T15024] ? __pfx___x64_sys_openat+0x10/0x10 [ 679.615536][T15024] do_syscall_64+0x106/0xf80 [ 679.615555][T15024] ? clear_bhb_loop+0x40/0x90 [ 679.615573][T15024] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 679.615588][T15024] RIP: 0033:0x7f7cb059c799 [ 679.615602][T15024] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 679.615617][T15024] RSP: 002b:00007f7cb1418028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 679.615632][T15024] RAX: ffffffffffffffda RBX: 00007f7cb0815fa0 RCX: 00007f7cb059c799 [ 679.615650][T15024] RDX: 00000000000861c2 RSI: 0000000000000000 RDI: ffffffffffffff9c [ 679.615659][T15024] RBP: 00007f7cb0632c99 R08: 0000000000000000 R09: 0000000000000000 [ 679.615668][T15024] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 679.615677][T15024] R13: 00007f7cb0816038 R14: 00007f7cb0815fa0 R15: 00007ffc9f36de88 [ 679.615698][T15024] [ 681.691159][T15046] device-mapper: ioctl: Unable to rename non-existent device, to uuid [ 682.708758][ C0] vcan0: j1939_tp_rxtimer: 0xffff88805c720c00: rx timeout, send abort [ 683.124299][ T29] audit: type=1807 audit(677019.545:13): UNKNOWN=0"]$|1j0B|dӉO+/xWӦ^gq%ḦrO res=0 [ 683.217024][ C0] vcan0: j1939_tp_rxtimer: 0xffff88805c720c00: abort rx timeout. Force session deactivation [ 683.253173][ T29] audit: type=1802 audit(677019.575:14): pid=15063 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=update_policy cause=invalid-policy comm="syz.0.2846" res=0 errno=0 [ 683.741325][T15058] ima: policy update failed [ 683.793985][ T29] audit: type=1802 audit(677020.215:15): pid=15058 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.0.2846" res=0 errno=0 [ 685.777857][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 685.784309][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 694.364583][T15144] netlink: 504 bytes leftover after parsing attributes in process `syz.0.2860'. [ 694.652984][T15143] netlink: 350 bytes leftover after parsing attributes in process `syz.0.2860'. [ 695.847973][T15155] FAULT_INJECTION: forcing a failure. [ 695.847973][T15155] name failslab, interval 1, probability 0, space 0, times 0 [ 695.848016][T15155] CPU: 0 UID: 0 PID: 15155 Comm: syz.0.2863 Tainted: G L syzkaller #0 PREEMPT(full) [ 695.848042][T15155] Tainted: [L]=SOFTLOCKUP [ 695.848047][T15155] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 695.848056][T15155] Call Trace: [ 695.848062][T15155] [ 695.848067][T15155] dump_stack_lvl+0x100/0x190 [ 695.848094][T15155] should_fail_ex.cold+0x5/0xa [ 695.848113][T15155] should_failslab+0xc2/0x120 [ 695.848129][T15155] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 695.848150][T15155] ? __kernfs_new_node+0xd2/0x960 [ 695.848176][T15155] __kernfs_new_node+0xd2/0x960 [ 695.848198][T15155] ? __pfx___kernfs_new_node+0x10/0x10 [ 695.848223][T15155] ? find_held_lock+0x2b/0x80 [ 695.848236][T15155] ? kernfs_root+0xee/0x2a0 [ 695.848255][T15155] ? kernfs_root+0xee/0x2a0 [ 695.848278][T15155] kernfs_new_node+0x11b/0x1a0 [ 695.848303][T15155] __kernfs_create_file+0x53/0x350 [ 695.848322][T15155] sysfs_add_file_mode_ns+0x207/0x3c0 [ 695.848346][T15155] sysfs_create_file_ns+0x145/0x1e0 [ 695.848365][T15155] ? __pfx_sysfs_create_file_ns+0x10/0x10 [ 695.848386][T15155] ? mark_held_locks+0x40/0x70 [ 695.848407][T15155] device_create_file+0xf2/0x1d0 [ 695.848430][T15155] device_add+0xa74/0x1950 [ 695.848448][T15155] ? __pfx_device_add+0x10/0x10 [ 695.848463][T15155] ? kfree_const+0x5a/0x70 [ 695.848483][T15155] ? kfree+0x2ec/0x6b0 [ 695.848507][T15155] device_create_groups_vargs+0x1f8/0x270 [ 695.848527][T15155] device_create+0xed/0x130 [ 695.848552][T15155] ? __pfx_device_create+0x10/0x10 [ 695.848571][T15155] ? is_console_locked+0x9/0x20 [ 695.848588][T15155] ? con_is_visible+0x65/0x150 [ 695.848689][T15155] ? csi_J+0x57e/0xad0 [ 695.848711][T15155] vcs_make_sysfs+0x55/0x80 [ 695.848757][T15155] vc_allocate+0x539/0x880 [ 695.848778][T15155] ? __pfx_vc_allocate+0x10/0x10 [ 695.848804][T15155] con_install+0xa1/0x620 [ 695.848825][T15155] ? __pfx_con_install+0x10/0x10 [ 695.848848][T15155] ? __pfx_con_install+0x10/0x10 [ 695.848867][T15155] tty_init_dev.part.0+0x9e/0x470 [ 695.848914][T15155] tty_open+0xa63/0xfa0 [ 695.848939][T15155] ? __pfx_tty_open+0x10/0x10 [ 695.848959][T15155] ? chrdev_open+0x589/0x6a0 [ 695.848973][T15155] ? chrdev_open+0x589/0x6a0 [ 695.848990][T15155] ? __pfx_tty_open+0x10/0x10 [ 695.849011][T15155] chrdev_open+0x234/0x6a0 [ 695.849026][T15155] ? __pfx_chrdev_open+0x10/0x10 [ 695.849042][T15155] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 695.849062][T15155] do_dentry_open+0x6d8/0x1660 [ 695.849076][T15155] ? __pfx_chrdev_open+0x10/0x10 [ 695.849095][T15155] vfs_open+0x82/0x3f0 [ 695.849115][T15155] path_openat+0x208c/0x31a0 [ 695.849137][T15155] ? __pfx_path_openat+0x10/0x10 [ 695.849159][T15155] do_file_open+0x20e/0x430 [ 695.849175][T15155] ? __pfx_do_file_open+0x10/0x10 [ 695.849204][T15155] ? alloc_fd+0x476/0x790 [ 695.849221][T15155] ? do_getname+0x191/0x390 [ 695.849240][T15155] do_sys_openat2+0x10d/0x1e0 [ 695.849259][T15155] ? __pfx_do_sys_openat2+0x10/0x10 [ 695.849279][T15155] ? fd_install+0x24f/0x580 [ 695.849296][T15155] __x64_sys_openat+0x12d/0x210 [ 695.849315][T15155] ? __pfx___x64_sys_openat+0x10/0x10 [ 695.849342][T15155] do_syscall_64+0x106/0xf80 [ 695.849362][T15155] ? clear_bhb_loop+0x40/0x90 [ 695.849379][T15155] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 695.849395][T15155] RIP: 0033:0x7f627739c799 [ 695.849409][T15155] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 695.849423][T15155] RSP: 002b:00007f62781d6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 695.849438][T15155] RAX: ffffffffffffffda RBX: 00007f6277615fa0 RCX: 00007f627739c799 [ 695.849449][T15155] RDX: 0000000000000000 RSI: 0000200000000100 RDI: ffffffffffffff9c [ 695.849458][T15155] RBP: 00007f6277432c99 R08: 0000000000000000 R09: 0000000000000000 [ 695.849467][T15155] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 695.849476][T15155] R13: 00007f6277616038 R14: 00007f6277615fa0 R15: 00007ffd6d74e2d8 [ 695.849496][T15155] [ 697.721661][T15149] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 697.721935][T15149] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 697.773917][T13844] Bluetooth: hci0: command 0x0406 tx timeout [ 697.797696][T15149] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 697.797744][T15149] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 697.963751][T15149] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 698.011096][T15149] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 698.041027][T15149] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 698.041075][T15149] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 698.083515][T15149] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 698.086913][T15149] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 698.114389][T15149] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 698.427388][T15164] FAULT_INJECTION: forcing a failure. [ 698.427388][T15164] name failslab, interval 1, probability 0, space 0, times 0 [ 698.427453][T15164] CPU: 0 UID: 0 PID: 15164 Comm: syz.3.2864 Tainted: G L syzkaller #0 PREEMPT(full) [ 698.427476][T15164] Tainted: [L]=SOFTLOCKUP [ 698.427481][T15164] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 698.427491][T15164] Call Trace: [ 698.427496][T15164] [ 698.427502][T15164] dump_stack_lvl+0x100/0x190 [ 698.427528][T15164] should_fail_ex.cold+0x5/0xa [ 698.427548][T15164] should_failslab+0xc2/0x120 [ 698.427563][T15164] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 698.427585][T15164] ? shmem_alloc_inode+0x25/0x50 [ 698.427604][T15164] ? __pfx_shmem_alloc_inode+0x10/0x10 [ 698.427622][T15164] shmem_alloc_inode+0x25/0x50 [ 698.427638][T15164] alloc_inode+0x68/0x250 [ 698.427657][T15164] new_inode+0x22/0x1c0 [ 698.427677][T15164] shmem_get_inode+0x212/0x1040 [ 698.427699][T15164] ? __pfx_shmem_get_inode+0x10/0x10 [ 698.427716][T15164] ? d_add+0x443/0x850 [ 698.427734][T15164] ? do_raw_spin_unlock+0x145/0x1e0 [ 698.427759][T15164] shmem_mknod+0x20c/0x470 [ 698.427779][T15164] ? __pfx_shmem_mknod+0x10/0x10 [ 698.427795][T15164] ? bpf_lsm_inode_create+0x9/0x10 [ 698.427819][T15164] ? __pfx_shmem_create+0x10/0x10 [ 698.427837][T15164] lookup_open.isra.0+0xc47/0x11b0 [ 698.427863][T15164] ? __pfx_lookup_open.isra.0+0x10/0x10 [ 698.427887][T15164] ? __pfx___might_resched+0x10/0x10 [ 698.427907][T15164] ? mnt_get_write_access+0x52/0x2f0 [ 698.427930][T15164] ? __pfx_down_write+0x10/0x10 [ 698.427951][T15164] ? mnt_get_write_access+0x1e9/0x2f0 [ 698.427974][T15164] path_openat+0x2291/0x31a0 [ 698.427995][T15164] ? __pfx_path_openat+0x10/0x10 [ 698.428017][T15164] do_file_open+0x20e/0x430 [ 698.428034][T15164] ? __pfx_do_file_open+0x10/0x10 [ 698.428064][T15164] ? alloc_fd+0x476/0x790 [ 698.428080][T15164] ? do_getname+0x191/0x390 [ 698.428099][T15164] do_sys_openat2+0x10d/0x1e0 [ 698.428118][T15164] ? __pfx_do_sys_openat2+0x10/0x10 [ 698.428138][T15164] ? __fget_files+0x21f/0x3d0 [ 698.428156][T15164] __x64_sys_openat+0x12d/0x210 [ 698.428175][T15164] ? __pfx___x64_sys_openat+0x10/0x10 [ 698.428202][T15164] do_syscall_64+0x106/0xf80 [ 698.428221][T15164] ? clear_bhb_loop+0x40/0x90 [ 698.428238][T15164] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 698.428253][T15164] RIP: 0033:0x7fd050d9c799 [ 698.428266][T15164] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 698.428280][T15164] RSP: 002b:00007fd051be7028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 698.428295][T15164] RAX: ffffffffffffffda RBX: 00007fd051015fa0 RCX: 00007fd050d9c799 [ 698.428304][T15164] RDX: 00000000000861c2 RSI: 0000000000000000 RDI: ffffffffffffff9c [ 698.428314][T15164] RBP: 00007fd050e32c99 R08: 0000000000000000 R09: 0000000000000000 [ 698.428323][T15164] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 698.428332][T15164] R13: 00007fd051016038 R14: 00007fd051015fa0 R15: 00007ffeb761a928 [ 698.428352][T15164] [ 698.475566][T15164] usb usb13: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 699.856315][T13844] Bluetooth: hci1: command 0x0406 tx timeout [ 699.856364][T13844] Bluetooth: hci0: command 0x0406 tx timeout [ 700.093699][ T5145] Bluetooth: hci3: command 0x0406 tx timeout [ 700.093739][ T5145] Bluetooth: hci2: command 0x0406 tx timeout [ 701.938436][T13844] Bluetooth: hci1: command 0x0406 tx timeout [ 702.177136][T13844] Bluetooth: hci2: command 0x0406 tx timeout [ 702.177166][T13844] Bluetooth: hci3: command 0x0406 tx timeout [ 704.022138][ T5145] Bluetooth: hci1: command 0x0406 tx timeout [ 704.257866][ T5145] Bluetooth: hci3: command 0x0406 tx timeout [ 706.093807][ T5145] Bluetooth: hci1: command 0x0406 tx timeout [ 707.344092][T15232] ======================================================= [ 707.344092][T15232] WARNING: The mand mount option has been deprecated and [ 707.344092][T15232] and is ignored by this kernel. Remove the mand [ 707.344092][T15232] option from the mount to silence this warning. [ 707.344092][T15232] ======================================================= [ 707.564138][T15243] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2886'. [ 707.798468][T15243] bridge_slave_1 (unregistering): left allmulticast mode [ 707.864738][T15243] bridge_slave_1 (unregistering): left promiscuous mode [ 707.927761][T15243] bridge0: port 2(bridge_slave_1) entered disabled state [ 708.706773][T15255] netlink: 'syz.3.2890': attribute type 2 has an invalid length. [ 709.144618][T15263] ptrace attach of "./syz-executor exec"[5828] was attempted by "(?2tP#smg\x1bXUKj\x22ٛVUBif\x0cuz\x07ݡ}r\x0a7s)\x07$WM껗:;\x0bцH6eBCh\x0aPVQ\x0a:8)=mKah; +JP2D{N0|\x0bRr,\x0bi}2|vR 5 [ 714.822736][T15333] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2910'. [ 716.028892][T15344] FAULT_INJECTION: forcing a failure. [ 716.028892][T15344] name failslab, interval 1, probability 0, space 0, times 0 [ 716.274672][T15344] CPU: 0 UID: 0 PID: 15344 Comm: syz.0.2912 Tainted: G L syzkaller #0 PREEMPT(full) [ 716.274700][T15344] Tainted: [L]=SOFTLOCKUP [ 716.274706][T15344] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 716.274715][T15344] Call Trace: [ 716.274721][T15344] [ 716.274728][T15344] dump_stack_lvl+0x100/0x190 [ 716.274756][T15344] should_fail_ex.cold+0x5/0xa [ 716.274773][T15344] ? security_inode_init_security+0x113/0x370 [ 716.274796][T15344] should_failslab+0xc2/0x120 [ 716.274812][T15344] __kmalloc_noprof+0xe0/0x850 [ 716.274837][T15344] security_inode_init_security+0x113/0x370 [ 716.274858][T15344] ? __pfx_shmem_initxattrs+0x10/0x10 [ 716.274876][T15344] ? __pfx_security_inode_init_security+0x10/0x10 [ 716.274898][T15344] ? make_vfsgid+0xf1/0x140 [ 716.274919][T15344] shmem_mknod+0x2bf/0x470 [ 716.274940][T15344] ? __pfx_shmem_mknod+0x10/0x10 [ 716.274973][T15344] vfs_create+0x301/0x6c0 [ 716.274997][T15344] filename_mknodat+0x2de/0x7f0 [ 716.275017][T15344] ? __pfx_filename_mknodat+0x10/0x10 [ 716.275033][T15344] ? strncpy_from_user+0x19d/0x2d0 [ 716.275053][T15344] ? do_getname+0x191/0x390 [ 716.275072][T15344] __x64_sys_mknod+0x8f/0xc0 [ 716.275089][T15344] do_syscall_64+0x106/0xf80 [ 716.275109][T15344] ? clear_bhb_loop+0x40/0x90 [ 716.275126][T15344] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 716.275142][T15344] RIP: 0033:0x7f627739c799 [ 716.275156][T15344] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 716.275170][T15344] RSP: 002b:00007f62781b5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000085 [ 716.275185][T15344] RAX: ffffffffffffffda RBX: 00007f6277616090 RCX: 00007f627739c799 [ 716.275195][T15344] RDX: 0000000000000009 RSI: 0000000000000002 RDI: 0000000000000000 [ 716.275205][T15344] RBP: 00007f6277432c99 R08: 0000000000000000 R09: 0000000000000000 [ 716.275214][T15344] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 716.275222][T15344] R13: 00007f6277616128 R14: 00007f6277616090 R15: 00007ffd6d74e2d8 [ 716.275243][T15344] [ 717.228242][T15354] FAULT_INJECTION: forcing a failure. [ 717.228242][T15354] name failslab, interval 1, probability 0, space 0, times 0 [ 717.228304][T15354] CPU: 0 UID: 0 PID: 15354 Comm: syz.0.2914 Tainted: G L syzkaller #0 PREEMPT(full) [ 717.228331][T15354] Tainted: [L]=SOFTLOCKUP [ 717.228337][T15354] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 717.228350][T15354] Call Trace: [ 717.228360][T15354] [ 717.228366][T15354] dump_stack_lvl+0x100/0x190 [ 717.228392][T15354] should_fail_ex.cold+0x5/0xa [ 717.228410][T15354] should_failslab+0xc2/0x120 [ 717.228426][T15354] __kmalloc_node_track_caller_noprof+0xe3/0x850 [ 717.228449][T15354] ? sysctl_core_net_init+0x42/0x290 [ 717.228472][T15354] kmemdup_noprof+0x29/0x60 [ 717.228494][T15354] sysctl_core_net_init+0x42/0x290 [ 717.228510][T15354] ? __pfx_sysctl_core_net_init+0x10/0x10 [ 717.228527][T15354] ops_init+0x1e2/0x5f0 [ 717.228549][T15354] setup_net+0x118/0x3a0 [ 717.228569][T15354] ? __pfx_setup_net+0x10/0x10 [ 717.228589][T15354] ? lockdep_init_map_type+0x5c/0x250 [ 717.228608][T15354] ? mutex_init_lockep+0x110/0x150 [ 717.228630][T15354] copy_net_ns+0x46f/0x7c0 [ 717.228646][T15354] create_new_namespaces+0x3ea/0xac0 [ 717.228665][T15354] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 717.228683][T15354] ksys_unshare+0x473/0xad0 [ 717.228702][T15354] ? __pfx_ksys_unshare+0x10/0x10 [ 717.228727][T15354] __x64_sys_unshare+0x31/0x40 [ 717.228744][T15354] do_syscall_64+0x106/0xf80 [ 717.228763][T15354] ? clear_bhb_loop+0x40/0x90 [ 717.228781][T15354] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 717.228796][T15354] RIP: 0033:0x7f627739c799 [ 717.228809][T15354] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 717.228823][T15354] RSP: 002b:00007f62781d6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 717.228838][T15354] RAX: ffffffffffffffda RBX: 00007f6277615fa0 RCX: 00007f627739c799 [ 717.228854][T15354] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 717.228863][T15354] RBP: 00007f6277432c99 R08: 0000000000000000 R09: 0000000000000000 [ 717.228872][T15354] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 717.228881][T15354] R13: 00007f6277616038 R14: 00007f6277615fa0 R15: 00007ffd6d74e2d8 [ 717.228901][T15354] [ 727.373770][ T5145] Bluetooth: hci0: command 0x0406 tx timeout [ 727.413666][T15402] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 727.617794][T15402] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 727.670391][T15402] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 727.739610][T15402] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 727.777609][T15402] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 729.457132][ T5145] Bluetooth: hci1: command 0x0406 tx timeout [ 729.696432][ T5145] Bluetooth: hci2: command 0x0406 tx timeout [ 729.791810][ T5145] Bluetooth: hci3: command 0x0406 tx timeout [ 730.243026][T15458] base or size exceeds the MTRR width [ 731.558003][T15477] vhci_hcd vhci_hcd.2: default hub control req: 0000 v0000 i0000 l0 [ 731.854073][T13844] Bluetooth: hci3: command 0x0406 tx timeout [ 732.934439][T15488] __vm_enough_memory: pid: 15488, comm: syz.1.2950, bytes: 4398046511104 not enough memory for the allocation [ 733.566083][T15505] netlink: 25 bytes leftover after parsing attributes in process `syz.1.2954'. [ 737.203040][ T29] audit: type=1800 audit(677073.625:16): pid=15544 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.2963" name="SYSV00000008" dev="tmpfs" ino=0 res=0 errno=0 [ 738.335919][T15558] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2966'. [ 738.425410][T15558] netlink: 354 bytes leftover after parsing attributes in process `syz.1.2966'. [ 746.726517][T15632] Process accounting resumed [ 747.221375][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 747.230339][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 750.404842][T15685] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2995'. [ 756.273607][T15749] netlink: 5 bytes leftover after parsing attributes in process `syz.2.3008'. [ 761.681470][T15790] netlink: 5 bytes leftover after parsing attributes in process `syz.3.3019'. [ 766.655207][ T29] audit: type=1800 audit(677103.075:17): pid=15832 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.3028" name="SYSV00000008" dev="tmpfs" ino=0 res=0 errno=0 [ 768.225891][T15841] FAULT_INJECTION: forcing a failure. [ 768.225891][T15841] name fail_futex, interval 1, probability 0, space 0, times 0 [ 768.238783][T15841] CPU: 0 UID: 0 PID: 15841 Comm: syz.0.3032 Tainted: G L syzkaller #0 PREEMPT(full) [ 768.238808][T15841] Tainted: [L]=SOFTLOCKUP [ 768.238814][T15841] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 768.238824][T15841] Call Trace: [ 768.238829][T15841] [ 768.238835][T15841] dump_stack_lvl+0x100/0x190 [ 768.238862][T15841] should_fail_ex.cold+0x5/0xa [ 768.238880][T15841] should_fail_futex+0x4c/0x60 [ 768.238898][T15841] futex_lock_pi_atomic+0xe7/0xaf0 [ 768.238923][T15841] futex_lock_pi+0x246/0x7b0 [ 768.238946][T15841] ? __pfx_futex_lock_pi+0x10/0x10 [ 768.238968][T15841] ? __pfx___futex_wait+0x10/0x10 [ 768.238989][T15841] ? lockdep_hardirqs_on+0x78/0x100 [ 768.239026][T15841] ? __pfx_futex_wake_mark+0x10/0x10 [ 768.239051][T15841] ? ksys_write+0x190/0x250 [ 768.239064][T15841] ? ksys_write+0x190/0x250 [ 768.239081][T15841] do_futex+0x18a/0x350 [ 768.239100][T15841] ? __pfx_do_futex+0x10/0x10 [ 768.239122][T15841] __x64_sys_futex+0x34f/0x4d0 [ 768.239143][T15841] ? __pfx___x64_sys_futex+0x10/0x10 [ 768.239168][T15841] do_syscall_64+0x106/0xf80 [ 768.239187][T15841] ? clear_bhb_loop+0x40/0x90 [ 768.239204][T15841] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 768.239219][T15841] RIP: 0033:0x7f627739c799 [ 768.239232][T15841] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 768.239246][T15841] RSP: 002b:00007f62781b5028 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 768.239261][T15841] RAX: ffffffffffffffda RBX: 00007f6277616090 RCX: 00007f627739c799 [ 768.239271][T15841] RDX: 0000000000000001 RSI: 0000000000000006 RDI: 0000000000000000 [ 768.239279][T15841] RBP: 00007f6277432c99 R08: 0000000000000000 R09: 00000000fffffffa [ 768.239288][T15841] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 768.239297][T15841] R13: 00007f6277616128 R14: 00007f6277616090 R15: 00007ffd6d74e2d8 [ 768.239317][T15841] [ 770.144086][T15867] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 770.270488][T15867] input: f as /devices/virtual/input/input14 [ 770.364591][T15867] FAULT_INJECTION: forcing a failure. [ 770.364591][T15867] name failslab, interval 1, probability 0, space 0, times 0 [ 770.517471][T15867] CPU: 0 UID: 0 PID: 15867 Comm: syz.3.3040 Tainted: G L syzkaller #0 PREEMPT(full) [ 770.517498][T15867] Tainted: [L]=SOFTLOCKUP [ 770.517504][T15867] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 770.517514][T15867] Call Trace: [ 770.517520][T15867] [ 770.517526][T15867] dump_stack_lvl+0x100/0x190 [ 770.517554][T15867] should_fail_ex.cold+0x5/0xa [ 770.517571][T15867] ? kobject_get_path+0xcf/0x2c0 [ 770.517593][T15867] should_failslab+0xc2/0x120 [ 770.517610][T15867] __kmalloc_noprof+0xe0/0x850 [ 770.517635][T15867] kobject_get_path+0xcf/0x2c0 [ 770.517660][T15867] kobject_uevent_env+0x287/0x18b0 [ 770.517679][T15867] ? kernfs_put+0x3f/0x60 [ 770.517699][T15867] ? sysfs_do_create_link_sd+0xbb/0x140 [ 770.517718][T15867] ? bus_to_subsys+0x114/0x150 [ 770.517739][T15867] device_add+0x116e/0x1950 [ 770.517758][T15867] ? __pfx_device_add+0x10/0x10 [ 770.517778][T15867] ? kobject_get+0xbb/0x150 [ 770.517800][T15867] cdev_device_add+0x12b/0x270 [ 770.517817][T15867] evdev_connect+0x3a8/0x4b0 [ 770.517844][T15867] input_attach_handler.isra.0+0x177/0x1e0 [ 770.517868][T15867] input_register_device.cold+0x139/0x375 [ 770.517900][T15867] uinput_ioctl_handler.isra.0+0x8d8/0x1d10 [ 770.517920][T15867] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 770.517941][T15867] ? __pfx_uinput_ioctl_handler.isra.0+0x10/0x10 [ 770.517964][T15867] ? find_held_lock+0x2b/0x80 [ 770.517978][T15867] ? __fget_files+0x215/0x3d0 [ 770.518001][T15867] ? __pfx_uinput_ioctl+0x10/0x10 [ 770.518018][T15867] __x64_sys_ioctl+0x18e/0x210 [ 770.518040][T15867] do_syscall_64+0x106/0xf80 [ 770.518059][T15867] ? clear_bhb_loop+0x40/0x90 [ 770.518077][T15867] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 770.518092][T15867] RIP: 0033:0x7fd050d9c799 [ 770.518105][T15867] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 770.518120][T15867] RSP: 002b:00007fd051be7028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 770.518135][T15867] RAX: ffffffffffffffda RBX: 00007fd051015fa0 RCX: 00007fd050d9c799 [ 770.518145][T15867] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000008 [ 770.518154][T15867] RBP: 00007fd050e32c99 R08: 0000000000000000 R09: 0000000000000000 [ 770.518163][T15867] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 770.518171][T15867] R13: 00007fd051016038 R14: 00007fd051015fa0 R15: 00007ffeb761a928 [ 770.518191][T15867] [ 772.388164][T15884] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 772.424776][T15884] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 772.554248][T15884] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 772.608148][T15884] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 772.663984][T15884] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 774.413711][T13844] Bluetooth: hci0: command 0x0406 tx timeout [ 774.496659][T13844] Bluetooth: hci1: command 0x0406 tx timeout [ 774.573894][T13844] Bluetooth: hci2: command 0x0406 tx timeout [ 774.675865][T13844] Bluetooth: hci3: command 0x0406 tx timeout [ 774.687378][T15906] can0: slcan on ttyS2. [ 774.780533][T15910] random: crng reseeded on system resumption [ 774.878245][T15905] can0 (unregistered): slcan off ttyS2. [ 775.305433][T15918] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3052'. [ 775.390986][T15919] can0: slcan on ttyS2. [ 775.405490][T15918] bridge_slave_0: left allmulticast mode [ 775.411156][T15918] bridge_slave_0: left promiscuous mode [ 775.525233][T15918] bridge0: port 1(bridge_slave_0) entered disabled state [ 775.914555][T15926] can0 (unregistered): slcan off ttyS2. [ 776.733603][T13844] Bluetooth: hci3: command 0x0406 tx timeout [ 777.676425][T15939] Process accounting paused [ 779.685846][T15982] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3062'. [ 779.783407][T15987] netlink: 'syz.3.3062': attribute type 1 has an invalid length. [ 779.868499][T15987] netlink: 51505 bytes leftover after parsing attributes in process `syz.3.3062'. [ 784.608267][T16037] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3074'. [ 784.696310][T16037] netlink: 354 bytes leftover after parsing attributes in process `syz.1.3074'. [ 786.747685][T16054] can: request_module (can-proto-5) failed. [ 791.210371][T16082] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 792.673134][T16102] can: request_module (can-proto-5) failed. [ 794.671779][T16126] Process accounting resumed [ 801.804809][T16200] netlink: 326 bytes leftover after parsing attributes in process `syz.0.3114'. [ 801.900790][T16205] FAULT_INJECTION: forcing a failure. [ 801.900790][T16205] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 801.935117][T16204] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3115'. [ 801.991399][T16204] netlink: 'syz.3.3115': attribute type 1 has an invalid length. [ 802.056473][T16204] netlink: 'syz.3.3115': attribute type 6 has an invalid length. [ 802.065110][T16200] FAULT_INJECTION: forcing a failure. [ 802.065110][T16200] name failslab, interval 1, probability 0, space 0, times 0 [ 802.277124][T16205] CPU: 0 UID: 0 PID: 16205 Comm: syz.0.3114 Tainted: G L syzkaller #0 PREEMPT(full) [ 802.277151][T16205] Tainted: [L]=SOFTLOCKUP [ 802.277157][T16205] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 802.277167][T16205] Call Trace: [ 802.277172][T16205] [ 802.277178][T16205] dump_stack_lvl+0x100/0x190 [ 802.277208][T16205] should_fail_ex.cold+0x5/0xa [ 802.277228][T16205] core_sys_select+0x9b9/0xbb0 [ 802.277256][T16205] ? __pfx_core_sys_select+0x10/0x10 [ 802.277298][T16205] ? ktime_get_ts64+0x2d2/0x3f0 [ 802.277316][T16205] ? read_tsc+0x9/0x20 [ 802.277332][T16205] ? ktime_get_ts64+0x256/0x3f0 [ 802.277349][T16205] kern_select+0x20c/0x270 [ 802.277372][T16205] ? __pfx_kern_select+0x10/0x10 [ 802.277401][T16205] __x64_sys_select+0xbd/0x160 [ 802.277414][T16205] ? do_syscall_64+0x95/0xf80 [ 802.277436][T16205] ? lockdep_hardirqs_on+0x78/0x100 [ 802.277456][T16205] do_syscall_64+0x106/0xf80 [ 802.277474][T16205] ? clear_bhb_loop+0x40/0x90 [ 802.277493][T16205] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 802.277508][T16205] RIP: 0033:0x7f627739c799 [ 802.277528][T16205] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 802.277544][T16205] RSP: 002b:00007f62781b5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000017 [ 802.277559][T16205] RAX: ffffffffffffffda RBX: 00007f6277616090 RCX: 00007f627739c799 [ 802.277570][T16205] RDX: 00002000000000c0 RSI: 0000200000000040 RDI: 0000000000000001 [ 802.277579][T16205] RBP: 00007f6277432c99 R08: 00002000000001c0 R09: 0000000000000000 [ 802.277588][T16205] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 802.277597][T16205] R13: 00007f6277616128 R14: 00007f6277616090 R15: 00007ffd6d74e2d8 [ 802.277617][T16205] [ 802.663730][T16200] CPU: 0 UID: 0 PID: 16200 Comm: syz.0.3114 Tainted: G L syzkaller #0 PREEMPT(full) [ 802.663758][T16200] Tainted: [L]=SOFTLOCKUP [ 802.663764][T16200] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 802.663773][T16200] Call Trace: [ 802.663779][T16200] [ 802.663785][T16200] dump_stack_lvl+0x100/0x190 [ 802.663813][T16200] should_fail_ex.cold+0x5/0xa [ 802.663831][T16200] should_failslab+0xc2/0x120 [ 802.663847][T16200] __kmalloc_cache_noprof+0x7a/0x6f0 [ 802.663868][T16200] ? call_usermodehelper_setup+0xaf/0x360 [ 802.663893][T16200] ? __pfx_free_modprobe_argv+0x10/0x10 [ 802.663914][T16200] call_usermodehelper_setup+0xaf/0x360 [ 802.663940][T16200] __request_module+0x3c7/0x6c0 [ 802.663960][T16200] ? __pfx___request_module+0x10/0x10 [ 802.663984][T16200] ? __get_fs_type+0x12c/0x170 [ 802.664001][T16200] ? __get_fs_type+0x12c/0x170 [ 802.664024][T16200] get_fs_type+0xd7/0x190 [ 802.664041][T16200] __x64_sys_fsopen+0xca/0x220 [ 802.664060][T16200] do_syscall_64+0x106/0xf80 [ 802.664080][T16200] ? clear_bhb_loop+0x40/0x90 [ 802.664098][T16200] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 802.664114][T16200] RIP: 0033:0x7f627739c799 [ 802.664127][T16200] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 802.664141][T16200] RSP: 002b:00007f62781d6028 EFLAGS: 00000246 ORIG_RAX: 00000000000001ae [ 802.664155][T16200] RAX: ffffffffffffffda RBX: 00007f6277615fa0 RCX: 00007f627739c799 [ 802.664165][T16200] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 802.664173][T16200] RBP: 00007f6277432c99 R08: 0000000000000000 R09: 0000000000000000 [ 802.664182][T16200] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 802.664190][T16200] R13: 00007f6277616038 R14: 00007f6277615fa0 R15: 00007ffd6d74e2d8 [ 802.664209][T16200] [ 803.708229][T16213] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 803.813044][T16213] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 803.926839][T16213] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 804.076176][T16213] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 804.177799][T16213] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 805.773684][T13844] Bluetooth: hci0: command 0x0406 tx timeout [ 805.853681][T13844] Bluetooth: hci1: command 0x0406 tx timeout [ 805.933664][T13844] Bluetooth: hci2: command 0x0406 tx timeout [ 806.099311][T13844] Bluetooth: hci3: command 0x0406 tx timeout [ 807.302998][T16254] input: jJǸ-9%vJ86 as /devices/virtual/input/input15 [ 808.177023][T13844] Bluetooth: hci3: command 0x0406 tx timeout [ 808.655956][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 808.662331][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 809.228417][T16256] Process accounting resumed [ 812.095934][T13844] Bluetooth: hci1: ISO packet for unknown connection handle 0 [ 812.503081][T16303] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3140'. [ 812.984773][T16310] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3142'. [ 813.042028][T16311] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input16 [ 813.100964][T16312] netlink: 354 bytes leftover after parsing attributes in process `syz.1.3142'. [ 815.016401][T16319] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input17 [ 816.370372][T16342] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 816.407770][T16342] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 816.476474][T16342] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 816.534358][T16342] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 816.593882][T16342] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 818.423782][T13844] Bluetooth: hci1: command 0x0406 tx timeout [ 818.429855][ T5145] Bluetooth: hci0: command 0x0406 tx timeout [ 818.494312][T13844] Bluetooth: hci2: command 0x0406 tx timeout [ 818.591912][T13844] Bluetooth: hci3: command 0x0406 tx timeout [ 818.992878][T16372] random: crng reseeded on system resumption [ 819.493759][T16372] hub 1-0:1.0: USB hub found [ 819.563741][T16372] hub 1-0:1.0: 1 port detected [ 820.653922][T13844] Bluetooth: hci3: command 0x0406 tx timeout [ 822.758591][T16412] Console: switching to colour VGA+ 80x25 [ 823.521702][T16413] Console: switching to colour frame buffer device 128x48 [ 826.514264][T16443] random: crng reseeded on system resumption [ 826.554072][T16440] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3170'. [ 826.622200][T16440] netlink: 'syz.1.3170': attribute type 1 has an invalid length. [ 826.732705][T16440] netlink: 13 bytes leftover after parsing attributes in process `syz.1.3170'. [ 829.480494][T13844] Bluetooth: hci2: Received unexpected HCI Event 0x00 [ 829.727312][T16427] Process accounting paused [ 830.346152][T16469] random: crng reseeded on system resumption [ 830.453897][T16469] Restarting kernel threads ... [ 830.519431][T16469] Done restarting kernel threads. [ 835.494127][T16516] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3191'. [ 835.599995][T16526] netlink: 'syz.0.3191': attribute type 1 has an invalid length. [ 835.827145][T16526] netlink: 51505 bytes leftover after parsing attributes in process `syz.0.3191'. [ 839.548678][T16527] Process accounting paused [ 841.766885][T16569] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 844.619362][T16592] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3207'. [ 844.813688][T16594] can: request_module (can-proto-4) failed. [ 861.127255][T16510] Process accounting resumed [ 864.214276][T16724] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 867.833739][T16752] can: request_module (can-proto-4) failed. [ 869.765827][T16747] Process accounting resumed [ 870.103023][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 870.116945][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 872.686076][T16802] Console: switching to colour VGA+ 80x25 [ 872.740744][T16794] FAULT_INJECTION: forcing a failure. [ 872.740744][T16794] name failslab, interval 1, probability 0, space 0, times 0 [ 872.936541][T16794] CPU: 0 UID: 0 PID: 16794 Comm: syz.0.3255 Tainted: G L syzkaller #0 PREEMPT(full) [ 872.936568][T16794] Tainted: [L]=SOFTLOCKUP [ 872.936574][T16794] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 872.936583][T16794] Call Trace: [ 872.936588][T16794] [ 872.936595][T16794] dump_stack_lvl+0x100/0x190 [ 872.936623][T16794] should_fail_ex.cold+0x5/0xa [ 872.936640][T16794] ? __register_sysctl_table+0xac/0x1650 [ 872.936665][T16794] should_failslab+0xc2/0x120 [ 872.936681][T16794] __kmalloc_noprof+0xe0/0x850 [ 872.936708][T16794] __register_sysctl_table+0xac/0x1650 [ 872.936730][T16794] ? is_module_address+0x5f/0xf0 [ 872.936752][T16794] ? __pfx___register_sysctl_table+0x10/0x10 [ 872.936774][T16794] ? is_module_address+0x69/0xf0 [ 872.936791][T16794] ? register_net_sysctl_sz+0x222/0x430 [ 872.936914][T16794] ? __asan_memcpy+0x3c/0x60 [ 872.936936][T16794] sctp_sysctl_net_register+0x15e/0x200 [ 872.936982][T16794] ? __pfx_sctp_defaults_init+0x10/0x10 [ 872.937053][T16794] sctp_defaults_init+0x6d2/0xd90 [ 872.937075][T16794] ? __pfx_sctp_defaults_init+0x10/0x10 [ 872.937096][T16794] ops_init+0x1e2/0x5f0 [ 872.937122][T16794] setup_net+0x118/0x3a0 [ 872.937150][T16794] ? __pfx_setup_net+0x10/0x10 [ 872.937171][T16794] ? lockdep_init_map_type+0x5c/0x250 [ 872.937193][T16794] ? mutex_init_lockep+0x110/0x150 [ 872.937216][T16794] copy_net_ns+0x46f/0x7c0 [ 872.937234][T16794] create_new_namespaces+0x3ea/0xac0 [ 872.937254][T16794] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 872.937273][T16794] ksys_unshare+0x473/0xad0 [ 872.937292][T16794] ? __pfx_ksys_unshare+0x10/0x10 [ 872.937320][T16794] __x64_sys_unshare+0x31/0x40 [ 872.937338][T16794] do_syscall_64+0x106/0xf80 [ 872.937358][T16794] ? clear_bhb_loop+0x40/0x90 [ 872.937376][T16794] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 872.937392][T16794] RIP: 0033:0x7f627739c799 [ 872.937406][T16794] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 872.937422][T16794] RSP: 002b:00007f62781d6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 872.937437][T16794] RAX: ffffffffffffffda RBX: 00007f6277615fa0 RCX: 00007f627739c799 [ 872.937448][T16794] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 872.937457][T16794] RBP: 00007f6277432c99 R08: 0000000000000000 R09: 0000000000000000 [ 872.937467][T16794] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 872.937477][T16794] R13: 00007f6277616038 R14: 00007f6277615fa0 R15: 00007ffd6d74e2d8 [ 872.937498][T16794] [ 873.857017][T16810] FAULT_INJECTION: forcing a failure. [ 873.857017][T16810] name failslab, interval 1, probability 0, space 0, times 0 [ 873.941490][T16810] CPU: 0 UID: 0 PID: 16810 Comm: syz.3.3259 Tainted: G L syzkaller #0 PREEMPT(full) [ 873.941517][T16810] Tainted: [L]=SOFTLOCKUP [ 873.941523][T16810] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 873.941532][T16810] Call Trace: [ 873.941539][T16810] [ 873.941545][T16810] dump_stack_lvl+0x100/0x190 [ 873.941574][T16810] should_fail_ex.cold+0x5/0xa [ 873.941593][T16810] ? memcg_list_lru_alloc+0x4ec/0x740 [ 873.941619][T16810] should_failslab+0xc2/0x120 [ 873.941636][T16810] __kmalloc_noprof+0xe0/0x850 [ 873.941658][T16810] ? zram_add+0x1bf/0x610 [ 873.941758][T16810] memcg_list_lru_alloc+0x4ec/0x740 [ 873.941786][T16810] ? __pfx_memcg_list_lru_alloc+0x10/0x10 [ 873.941808][T16810] ? rcu_read_unlock+0x17/0x60 [ 873.941830][T16810] ? get_mem_cgroup_from_objcg+0xd3/0x330 [ 873.941856][T16810] __memcg_slab_post_alloc_hook+0x130/0x990 [ 873.941877][T16810] ? kasan_save_track+0x14/0x30 [ 873.941901][T16810] kmem_cache_alloc_lru_noprof+0x592/0x6e0 [ 873.941923][T16810] ? bdev_alloc_inode+0x26/0x90 [ 873.941974][T16810] ? __pfx_bdev_alloc_inode+0x10/0x10 [ 873.941993][T16810] bdev_alloc_inode+0x26/0x90 [ 873.942010][T16810] ? __pfx_bdev_alloc_inode+0x10/0x10 [ 873.942026][T16810] alloc_inode+0x68/0x250 [ 873.942047][T16810] new_inode+0x22/0x1c0 [ 873.942068][T16810] bdev_alloc+0x2b/0x420 [ 873.942084][T16810] ? bdi_init+0x3f4/0x5b0 [ 873.942098][T16810] ? bdi_init+0x49f/0x5b0 [ 873.942122][T16810] __alloc_disk_node+0x116/0x6b0 [ 873.942165][T16810] __blk_alloc_disk+0xd2/0x170 [ 873.942181][T16810] ? __pfx___blk_alloc_disk+0x10/0x10 [ 873.942208][T16810] ? __pfx_idr_alloc+0x10/0x10 [ 873.942229][T16810] ? lockdep_init_map_type+0x5c/0x250 [ 873.942250][T16810] ? __raw_spin_lock_init+0x3a/0x110 [ 873.942273][T16810] ? __pfx_hot_add_show+0x10/0x10 [ 873.942294][T16810] zram_add+0x1bf/0x610 [ 873.942313][T16810] ? __pfx_zram_add+0x10/0x10 [ 873.942345][T16810] ? find_held_lock+0x2b/0x80 [ 873.942358][T16810] ? sysfs_file_kobj+0xe4/0x290 [ 873.942379][T16810] ? __pfx_hot_add_show+0x10/0x10 [ 873.942398][T16810] hot_add_show+0x21/0x80 [ 873.942416][T16810] class_attr_show+0x72/0xa0 [ 873.942434][T16810] ? __pfx_class_attr_show+0x10/0x10 [ 873.942450][T16810] sysfs_kf_seq_show+0x217/0x3a0 [ 873.942472][T16810] seq_read_iter+0x32f/0x1270 [ 873.942503][T16810] kernfs_fop_read_iter+0x46c/0x610 [ 873.942520][T16810] ? rw_verify_area+0xce/0x6d0 [ 873.942541][T16810] ? __pfx_kernfs_fop_read_iter+0x10/0x10 [ 873.942559][T16810] vfs_read+0x825/0xb30 [ 873.942584][T16810] ? __pfx_vfs_read+0x10/0x10 [ 873.942619][T16810] ksys_read+0x12a/0x250 [ 873.942632][T16810] ? __pfx_ksys_read+0x10/0x10 [ 873.942652][T16810] do_syscall_64+0x106/0xf80 [ 873.942672][T16810] ? clear_bhb_loop+0x40/0x90 [ 873.942690][T16810] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 873.942706][T16810] RIP: 0033:0x7fd050d9c799 [ 873.942720][T16810] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 873.942736][T16810] RSP: 002b:00007fd051be7028 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 873.942751][T16810] RAX: ffffffffffffffda RBX: 00007fd051015fa0 RCX: 00007fd050d9c799 [ 873.942761][T16810] RDX: 0000000000001000 RSI: 0000200000000ec0 RDI: 0000000000000007 [ 873.942771][T16810] RBP: 00007fd050e32c99 R08: 0000000000000000 R09: 0000000000000000 [ 873.942780][T16810] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 873.942790][T16810] R13: 00007fd051016038 R14: 00007fd051015fa0 R15: 00007ffeb761a928 [ 873.942812][T16810] [ 875.763376][T16810] zram: Error allocating disk structure for device 1 [ 875.906647][T13844] Bluetooth: hci2: unexpected event 0x32 length: 727 > 9 [ 876.161296][T16818] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 876.235706][T16818] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 876.314643][T16818] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 876.354009][T16818] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 876.398955][T16818] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 877.182554][T16821] hugetlbfs: syz.3.3263 (16821): Using mlock ulimits for SHM_HUGETLB is obsolete [ 878.253741][T13844] Bluetooth: hci0: command 0x0406 tx timeout [ 878.333664][T13844] Bluetooth: hci1: command 0x0406 tx timeout [ 878.436332][T13844] Bluetooth: hci3: command 0x0406 tx timeout [ 878.442353][T13844] Bluetooth: hci2: command 0x0406 tx timeout [ 879.578274][T16857] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 879.586977][T16857] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 879.655902][T16857] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 879.706584][T16857] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 879.756646][T16857] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 880.233686][T16863] netlink: zone id is out of range [ 880.238816][T16863] netlink: zone id is out of range [ 880.374605][T16863] netlink: zone id is out of range [ 880.379908][T16863] netlink: zone id is out of range [ 880.613967][T16865] netlink: zone id is out of range [ 880.619098][T16865] netlink: zone id is out of range [ 880.729105][T16863] netlink: zone id is out of range [ 880.814612][T16863] netlink: zone id is out of range [ 880.885897][T16865] netlink: zone id is out of range [ 880.926600][T16863] netlink: zone id is out of range [ 881.615144][T16851] Bluetooth: hci1: command 0x0406 tx timeout [ 881.621180][ T5145] Bluetooth: hci0: command 0x0406 tx timeout [ 881.693700][T16851] Bluetooth: hci2: command 0x0406 tx timeout [ 881.783709][T16851] Bluetooth: hci3: command 0x0406 tx timeout [ 882.555966][T16885] vcan0: tx drop: invalid sa for name 0x00000000000000fd [ 883.853709][T16851] Bluetooth: hci3: command 0x0406 tx timeout [ 885.831737][T16908] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 885.903776][T16908] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 885.969204][T16908] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 886.025105][T16908] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 886.153947][T16908] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 887.855170][T16851] Bluetooth: hci0: command 0x0406 tx timeout [ 887.943594][T16851] Bluetooth: hci1: command 0x0406 tx timeout [ 888.014560][T16851] Bluetooth: hci2: command 0x0406 tx timeout [ 888.100591][T16851] Bluetooth: hci3: command 0x0406 tx timeout [ 889.055975][T16939] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3293'. [ 889.142798][T16941] netlink: 354 bytes leftover after parsing attributes in process `syz.2.3293'. [ 889.232307][T16943] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 889.623461][T16946] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 890.173705][T16851] Bluetooth: hci3: command 0x0406 tx timeout [ 891.249596][T16940] Process accounting paused [ 891.555664][T16963] can: request_module (can-proto-5) failed. [ 891.784515][T16963] netlink: 186 bytes leftover after parsing attributes in process `syz.2.3297'. [ 895.974645][T17008] tipc: Started in network mode [ 896.101313][T17008] tipc: Node identity ffffffff, cluster identity 4711 [ 896.189967][T17008] tipc: Node number set to 4294967295 [ 903.123180][T17034] Process accounting paused [ 903.396674][T17047] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3317'. [ 903.507934][T17051] netlink: 'syz.3.3317': attribute type 1 has an invalid length. [ 903.604903][T17051] netlink: 342 bytes leftover after parsing attributes in process `syz.3.3317'. [ 903.855571][T17053] FAULT_INJECTION: forcing a failure. [ 903.855571][T17053] name failslab, interval 1, probability 0, space 0, times 0 [ 904.179598][T17053] CPU: 0 UID: 0 PID: 17053 Comm: syz.0.3316 Tainted: G L syzkaller #0 PREEMPT(full) [ 904.179626][T17053] Tainted: [L]=SOFTLOCKUP [ 904.179632][T17053] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 904.179642][T17053] Call Trace: [ 904.179647][T17053] [ 904.179654][T17053] dump_stack_lvl+0x100/0x190 [ 904.179681][T17053] should_fail_ex.cold+0x5/0xa [ 904.179700][T17053] should_failslab+0xc2/0x120 [ 904.179716][T17053] __kmalloc_node_track_caller_noprof+0xe3/0x850 [ 904.179741][T17053] ? cache_create_net+0x2b/0x1f0 [ 904.179857][T17053] ? __pfx_nfsd_net_init+0x10/0x10 [ 904.179886][T17053] kmemdup_noprof+0x29/0x60 [ 904.179917][T17053] cache_create_net+0x2b/0x1f0 [ 904.179939][T17053] ? __pfx_nfsd_net_init+0x10/0x10 [ 904.179955][T17053] nfsd_idmap_init+0x62/0x250 [ 904.179978][T17053] ? __pfx_nfsd_net_init+0x10/0x10 [ 904.179993][T17053] nfsd_net_init+0x69/0x3d0 [ 904.180008][T17053] ? __pfx_nfsd_net_init+0x10/0x10 [ 904.180023][T17053] ops_init+0x1e2/0x5f0 [ 904.180047][T17053] setup_net+0x118/0x3a0 [ 904.180069][T17053] ? __pfx_setup_net+0x10/0x10 [ 904.180088][T17053] ? lockdep_init_map_type+0x5c/0x250 [ 904.180108][T17053] ? mutex_init_lockep+0x110/0x150 [ 904.180131][T17053] copy_net_ns+0x46f/0x7c0 [ 904.180147][T17053] create_new_namespaces+0x3ea/0xac0 [ 904.180167][T17053] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 904.180185][T17053] ksys_unshare+0x473/0xad0 [ 904.180205][T17053] ? __pfx_ksys_unshare+0x10/0x10 [ 904.180230][T17053] __x64_sys_unshare+0x31/0x40 [ 904.180248][T17053] do_syscall_64+0x106/0xf80 [ 904.180268][T17053] ? clear_bhb_loop+0x40/0x90 [ 904.180287][T17053] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 904.180302][T17053] RIP: 0033:0x7f627739c799 [ 904.180316][T17053] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 904.180331][T17053] RSP: 002b:00007f6278194028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 904.180347][T17053] RAX: ffffffffffffffda RBX: 00007f6277616180 RCX: 00007f627739c799 [ 904.180358][T17053] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 904.180367][T17053] RBP: 00007f6277432c99 R08: 0000000000000000 R09: 0000000000000000 [ 904.180377][T17053] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 904.180387][T17053] R13: 00007f6277616218 R14: 00007f6277616180 R15: 00007ffd6d74e2d8 [ 904.180408][T17053] [ 904.553152][T17065] random: crng reseeded on system resumption [ 904.953351][T17071] bond0: invalid ARP target specified [ 905.184641][T17076] FAULT_INJECTION: forcing a failure. [ 905.184641][T17076] name failslab, interval 1, probability 0, space 0, times 0 [ 905.243708][T17076] CPU: 0 UID: 0 PID: 17076 Comm: syz.3.3324 Tainted: G L syzkaller #0 PREEMPT(full) [ 905.243737][T17076] Tainted: [L]=SOFTLOCKUP [ 905.243743][T17076] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 905.243753][T17076] Call Trace: [ 905.243759][T17076] [ 905.243766][T17076] dump_stack_lvl+0x100/0x190 [ 905.243801][T17076] should_fail_ex.cold+0x5/0xa [ 905.243819][T17076] should_failslab+0xc2/0x120 [ 905.243836][T17076] __kmalloc_cache_noprof+0x7a/0x6f0 [ 905.243855][T17076] ? snd_seq_fifo_new+0x42/0x270 [ 905.243877][T17076] ? _raw_spin_unlock_irq+0x2e/0x50 [ 905.243898][T17076] ? __pfx_snd_seq_open+0x10/0x10 [ 905.243921][T17076] snd_seq_fifo_new+0x42/0x270 [ 905.243940][T17076] snd_seq_open+0x3fe/0x590 [ 905.243963][T17076] ? __pfx_snd_seq_open+0x10/0x10 [ 905.243984][T17076] snd_open+0x22d/0x4c0 [ 905.244001][T17076] ? __pfx_snd_open+0x10/0x10 [ 905.244015][T17076] chrdev_open+0x234/0x6a0 [ 905.244031][T17076] ? __pfx_apparmor_file_open+0x10/0x10 [ 905.244055][T17076] ? __pfx_chrdev_open+0x10/0x10 [ 905.244071][T17076] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 905.244091][T17076] do_dentry_open+0x6d8/0x1660 [ 905.244106][T17076] ? __pfx_chrdev_open+0x10/0x10 [ 905.244126][T17076] vfs_open+0x82/0x3f0 [ 905.244147][T17076] path_openat+0x208c/0x31a0 [ 905.244169][T17076] ? __pfx_path_openat+0x10/0x10 [ 905.244191][T17076] do_file_open+0x20e/0x430 [ 905.244208][T17076] ? __pfx_do_file_open+0x10/0x10 [ 905.244237][T17076] ? alloc_fd+0x476/0x790 [ 905.244253][T17076] ? do_getname+0x191/0x390 [ 905.244273][T17076] do_sys_openat2+0x10d/0x1e0 [ 905.244292][T17076] ? __pfx_do_sys_openat2+0x10/0x10 [ 905.244318][T17076] __x64_sys_openat+0x12d/0x210 [ 905.244337][T17076] ? __pfx___x64_sys_openat+0x10/0x10 [ 905.244364][T17076] do_syscall_64+0x106/0xf80 [ 905.244384][T17076] ? clear_bhb_loop+0x40/0x90 [ 905.244402][T17076] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 905.244418][T17076] RIP: 0033:0x7fd050d9c799 [ 905.244431][T17076] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 905.244446][T17076] RSP: 002b:00007fd051be7028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 905.244461][T17076] RAX: ffffffffffffffda RBX: 00007fd051015fa0 RCX: 00007fd050d9c799 [ 905.244471][T17076] RDX: 00000000001e3800 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 905.244481][T17076] RBP: 00007fd050e32c99 R08: 0000000000000000 R09: 0000000000000000 [ 905.244490][T17076] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 905.244498][T17076] R13: 00007fd051016038 R14: 00007fd051015fa0 R15: 00007ffeb761a928 [ 905.244519][T17076] [ 905.994975][T17076] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_tx_wq": -EINTR [ 908.557304][T17108] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3331'. [ 909.001236][T17113] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3333'. [ 910.440316][T17124] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 910.514714][T17124] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 910.520732][T17124] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 910.636428][T17124] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 910.667322][T17124] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 911.773670][ T5145] Bluetooth: hci0: command 0x0406 tx timeout [ 912.575661][ T5145] Bluetooth: hci2: command 0x0406 tx timeout [ 912.581686][ T5145] Bluetooth: hci1: command 0x0406 tx timeout [ 912.653659][ T5145] Bluetooth: hci3: command 0x0406 tx timeout [ 913.737195][ T5145] Bluetooth: hci0: unexpected event 0x12 length: 440 > 8 [ 914.736762][ T5145] Bluetooth: hci3: command 0x0406 tx timeout [ 917.877910][T17205] hub 1-0:1.0: USB hub found [ 918.093688][T17205] hub 1-0:1.0: 1 port detected [ 920.564457][T17233] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3359'. [ 920.674717][T17233] netlink: 'syz.0.3359': attribute type 1 has an invalid length. [ 920.766658][T17233] netlink: 'syz.0.3359': attribute type 6 has an invalid length. [ 923.404193][T17257] net_ratelimit: 16 callbacks suppressed [ 923.404209][T17257] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 924.788291][T17249] Process accounting resumed [ 926.264442][T17283] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3372'. [ 926.603614][ T29] audit: type=1804 audit(677263.025:18): pid=17284 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.3371" name="/newroot/822/file0" dev="tmpfs" ino=4315 res=1 errno=0 [ 926.827768][ T29] audit: type=1804 audit(677263.135:19): pid=17287 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.3371" name="/newroot/822/file0" dev="tmpfs" ino=4315 res=1 errno=0 [ 926.912862][T17286] can0: slcan on ttyS2. [ 927.089689][T17289] can0 (unregistered): slcan off ttyS2. [ 928.359008][T17310] vivid-007: ================= START STATUS ================= [ 928.475020][T17310] vivid-007: Generate PTS: true [ 928.479958][T17310] vivid-007: Generate SCR: true [ 928.594400][T17310] tpg source WxH: 320x240 (Y'CbCr) [ 928.647071][T17310] tpg field: 1 [ 928.727202][T17310] tpg crop: (0,0)/320x240 [ 928.954926][T17310] tpg compose: (0,0)/320x240 [ 928.959564][T17310] tpg colorspace: 8 [ 928.963355][T17310] tpg transfer function: 0/0 [ 929.154189][T17310] tpg Y'CbCr encoding: 0/0 [ 929.199465][T17310] tpg quantization: 0/0 [ 929.213663][T17310] tpg RGB range: 0/2 [ 929.253123][T17310] vivid-007: ================== END STATUS ================== [ 931.540880][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 931.573894][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 934.811391][T17336] Process accounting resumed [ 936.313834][T17384] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3392'. [ 937.755650][T17406] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 937.763716][T17406] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 937.825535][T17406] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 937.897727][T17406] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 937.949492][T17406] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 939.773856][ T5145] Bluetooth: hci1: command 0x0406 tx timeout [ 939.779890][T16851] Bluetooth: hci0: command 0x0406 tx timeout [ 939.854029][ T5145] Bluetooth: hci2: command 0x0406 tx timeout [ 939.933673][ T5145] Bluetooth: hci3: command 0x0406 tx timeout [ 942.022610][ T5145] Bluetooth: hci3: command 0x0406 tx timeout [ 944.196207][T17445] zram0: detected capacity change from 0 to 16 [ 951.167107][T17504] Invalid ELF header magic: != ELF [ 952.564310][T17518] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3420'. [ 952.784578][T17521] netlink: 25 bytes leftover after parsing attributes in process `syz.3.3420'. [ 954.963010][T17533] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 959.306728][T17502] Process accounting paused [ 963.787088][T17587] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3436'. [ 963.964934][T17588] netlink: 25 bytes leftover after parsing attributes in process `syz.0.3436'. [ 968.245178][T17440] Process accounting paused [ 975.456188][T17631] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 978.868047][ T29] audit: type=1804 audit(677315.265:20): pid=17666 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.3453" name="/newroot/825/file0" dev="tmpfs" ino=4316 res=1 errno=0 [ 979.389786][T17666] mkiss: ax0: crc mode is auto. [ 980.581221][T17676] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3456'. [ 991.151025][T17783] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 991.213872][T17783] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 991.275156][T17783] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 991.345125][T17783] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 991.403711][T17783] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 992.295226][T17750] Process accounting resumed [ 992.976424][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 992.982717][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 993.213755][ T5145] Bluetooth: hci0: command 0x0406 tx timeout [ 993.312320][ T5145] Bluetooth: hci2: command 0x0406 tx timeout [ 993.318504][T16851] Bluetooth: hci1: command 0x0406 tx timeout [ 993.377733][ T5145] Bluetooth: hci3: command 0x0406 tx timeout [ 994.515089][ T29] audit: type=1326 audit(677330.945:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17801 comm="syz.2.3487" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f7cb059c799 code=0x0 [ 995.041135][T17811] can0: slcan on ttyS2. [ 995.274920][T17813] can0 (unregistered): slcan off ttyS2. [ 995.466291][ T5145] Bluetooth: hci3: command 0x0406 tx timeout [ 995.505566][T17817] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3490'. [ 995.633403][T17817] netlink: 'syz.1.3490': attribute type 1 has an invalid length. [ 995.799848][T17824] FAULT_INJECTION: forcing a failure. [ 995.799848][T17824] name failslab, interval 1, probability 0, space 0, times 0 [ 995.980328][T17824] CPU: 0 UID: 0 PID: 17824 Comm: syz.0.3492 Tainted: G L syzkaller #0 PREEMPT(full) [ 995.980355][T17824] Tainted: [L]=SOFTLOCKUP [ 995.980362][T17824] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 995.980372][T17824] Call Trace: [ 995.980378][T17824] [ 995.980385][T17824] dump_stack_lvl+0x100/0x190 [ 995.980415][T17824] should_fail_ex.cold+0x5/0xa [ 995.980436][T17824] should_failslab+0xc2/0x120 [ 995.980454][T17824] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 995.980477][T17824] ? security_inode_alloc+0x3b/0x2c0 [ 995.980563][T17824] ? lockdep_init_map_type+0x5c/0x250 [ 995.980589][T17824] security_inode_alloc+0x3b/0x2c0 [ 995.980613][T17824] inode_init_always_gfp+0xced/0x1040 [ 995.980633][T17824] alloc_inode+0x8e/0x250 [ 995.980655][T17824] new_inode+0x22/0x1c0 [ 995.980672][T17824] ? dput.part.0+0xdd/0x570 [ 995.980692][T17824] rpc_new_dir+0x96/0x420 [ 995.980713][T17824] rpc_fill_super+0x344/0x4f0 [ 995.980731][T17824] ? __pfx_rpc_fill_super+0x10/0x10 [ 995.980748][T17824] get_tree_keyed+0x10e/0x1d0 [ 995.980772][T17824] vfs_get_tree+0x92/0x320 [ 995.980792][T17824] vfs_cmd_create+0xd7/0x2a0 [ 995.980812][T17824] __do_sys_fsconfig+0x55a/0xcb0 [ 995.980832][T17824] ? __pfx___do_sys_fsconfig+0x10/0x10 [ 995.980860][T17824] do_syscall_64+0x106/0xf80 [ 995.980881][T17824] ? clear_bhb_loop+0x40/0x90 [ 995.980900][T17824] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 995.980915][T17824] RIP: 0033:0x7f627739c799 [ 995.980930][T17824] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 995.980945][T17824] RSP: 002b:00007f62781d6028 EFLAGS: 00000246 ORIG_RAX: 00000000000001af [ 995.980960][T17824] RAX: ffffffffffffffda RBX: 00007f6277615fa0 RCX: 00007f627739c799 [ 995.980970][T17824] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000003 [ 995.980979][T17824] RBP: 00007f6277432c99 R08: 0000000000000000 R09: 0000000000000000 [ 995.980988][T17824] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 995.980997][T17824] R13: 00007f6277616038 R14: 00007f6277615fa0 R15: 00007ffd6d74e2d8 [ 995.981017][T17824] [ 1000.333073][T17829] Process accounting resumed [ 1000.727730][T17879] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3505'. [ 1002.926521][ T29] audit: type=1804 audit(677339.355:22): pid=17907 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.3503" name="file0" dev="tmpfs" ino=5215 res=1 errno=0 [ 1003.276206][ T29] audit: type=1800 audit(677339.695:23): pid=17907 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.3503" name="file0" dev="tmpfs" ino=5215 res=0 errno=0 [ 1003.997987][T17915] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3507'. [ 1004.132481][T17915] netlink: 'syz.0.3507': attribute type 1 has an invalid length. [ 1005.379961][T17932] Invalid ELF header magic: != ELF [ 1006.377387][T17941] FAULT_INJECTION: forcing a failure. [ 1006.377387][T17941] name failslab, interval 1, probability 0, space 0, times 0 [ 1006.663757][T17941] CPU: 0 UID: 0 PID: 17941 Comm: syz.0.3514 Tainted: G L syzkaller #0 PREEMPT(full) [ 1006.663784][T17941] Tainted: [L]=SOFTLOCKUP [ 1006.663790][T17941] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1006.663800][T17941] Call Trace: [ 1006.663806][T17941] [ 1006.663813][T17941] dump_stack_lvl+0x100/0x190 [ 1006.663841][T17941] should_fail_ex.cold+0x5/0xa [ 1006.663860][T17941] should_failslab+0xc2/0x120 [ 1006.663877][T17941] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1006.663896][T17941] ? __do_sys_fanotify_init+0x5cf/0xe50 [ 1006.663918][T17941] ? get_mem_cgroup_from_mm+0x88/0x600 [ 1006.663939][T17941] ? get_mem_cgroup_from_mm+0x132/0x600 [ 1006.663961][T17941] __do_sys_fanotify_init+0x5cf/0xe50 [ 1006.663986][T17941] do_syscall_64+0x106/0xf80 [ 1006.664006][T17941] ? clear_bhb_loop+0x40/0x90 [ 1006.664024][T17941] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1006.664040][T17941] RIP: 0033:0x7f627739c799 [ 1006.664054][T17941] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1006.664069][T17941] RSP: 002b:00007f62781b5028 EFLAGS: 00000246 ORIG_RAX: 000000000000012c [ 1006.664085][T17941] RAX: ffffffffffffffda RBX: 00007f6277616090 RCX: 00007f627739c799 [ 1006.664095][T17941] RDX: 0000000000000000 RSI: 0002000000000002 RDI: 0000000000000005 [ 1006.664104][T17941] RBP: 00007f6277432c99 R08: 0000000000000000 R09: 0000000000000000 [ 1006.664113][T17941] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1006.664122][T17941] R13: 00007f6277616128 R14: 00007f6277616090 R15: 00007ffd6d74e2d8 [ 1006.664142][T17941] [ 1008.683082][T17954] lo: entered allmulticast mode [ 1008.880493][T17954] lo: left allmulticast mode [ 1010.419834][T17986] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3520'. [ 1010.664311][T17991] netlink: 'syz.3.3520': attribute type 1 has an invalid length. [ 1019.373788][T18046] can: request_module (can-proto-4) failed. [ 1021.571925][T18067] futex_wake_op: syz.1.3540 tries to shift op by -2048; fix this program [ 1021.685267][T18067] futex_wake_op: syz.1.3540 tries to shift op by -2048; fix this program [ 1023.367336][T18071] Process accounting paused [ 1027.978676][T18112] can: request_module (can-proto-5) failed. [ 1028.806468][T18112] netlink: 186 bytes leftover after parsing attributes in process `syz.1.3550'. [ 1033.246687][T18116] Process accounting paused [ 1038.645535][T18187] input: jJǸ-9%vJ86 as /devices/virtual/input/input19 [ 1042.301298][T18221] ================================================================== [ 1042.301390][T18221] BUG: KASAN: slab-out-of-bounds in fbcon_prepare_logo+0x94e/0xc60 [ 1042.301452][T18221] Read of size 26 at addr ffff88807a587fea by task syz.3.3577/18221 [ 1042.301466][T18221] [ 1042.301479][T18221] CPU: 0 UID: 0 PID: 18221 Comm: syz.3.3577 Tainted: G L syzkaller #0 PREEMPT(full) [ 1042.301509][T18221] Tainted: [L]=SOFTLOCKUP [ 1042.301515][T18221] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1042.301525][T18221] Call Trace: [ 1042.301531][T18221] [ 1042.301538][T18221] dump_stack_lvl+0x100/0x190 [ 1042.301560][T18221] print_report+0x156/0x4c9 [ 1042.301587][T18221] ? __virt_addr_valid+0x81/0x620 [ 1042.301610][T18221] ? __phys_addr+0xe8/0x180 [ 1042.301628][T18221] ? fbcon_prepare_logo+0x94e/0xc60 [ 1042.301644][T18221] kasan_report+0xdf/0x1e0 [ 1042.301661][T18221] ? fbcon_prepare_logo+0x94e/0xc60 [ 1042.301678][T18221] kasan_check_range+0x10f/0x1e0 [ 1042.301696][T18221] __asan_memcpy+0x23/0x60 [ 1042.301714][T18221] fbcon_prepare_logo+0x94e/0xc60 [ 1042.301733][T18221] fbcon_init+0x10a0/0x1820 [ 1042.301750][T18221] visual_init+0x320/0x620 [ 1042.301768][T18221] do_bind_con_driver.isra.0+0x636/0x9c0 [ 1042.301790][T18221] store_bind+0x609/0x730 [ 1042.301810][T18221] ? __pfx_store_bind+0x10/0x10 [ 1042.301827][T18221] dev_attr_store+0x58/0x80 [ 1042.301845][T18221] ? __pfx_dev_attr_store+0x10/0x10 [ 1042.301860][T18221] sysfs_kf_write+0xf2/0x150 [ 1042.301880][T18221] kernfs_fop_write_iter+0x3e0/0x5f0 [ 1042.301894][T18221] ? __pfx_sysfs_kf_write+0x10/0x10 [ 1042.301912][T18221] vfs_write+0x6ac/0x1070 [ 1042.301926][T18221] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 1042.301942][T18221] ? __pfx_vfs_write+0x10/0x10 [ 1042.301969][T18221] ksys_write+0x12a/0x250 [ 1042.301982][T18221] ? __pfx_ksys_write+0x10/0x10 [ 1042.301998][T18221] ? kcov_ioctl+0x16a/0x720 [ 1042.302014][T18221] do_syscall_64+0x106/0xf80 [ 1042.302036][T18221] ? clear_bhb_loop+0x40/0x90 [ 1042.302052][T18221] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1042.302068][T18221] RIP: 0033:0x7fd050d9c799 [ 1042.302082][T18221] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1042.302097][T18221] RSP: 002b:00007fd051ba5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1042.302113][T18221] RAX: ffffffffffffffda RBX: 00007fd051016180 RCX: 00007fd050d9c799 [ 1042.302123][T18221] RDX: 000000000000d4d0 RSI: 0000200000000000 RDI: 0000000000000003 [ 1042.302134][T18221] RBP: 00007fd050e32c99 R08: 0000000000000000 R09: 0000000000000000 [ 1042.302144][T18221] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1042.302153][T18221] R13: 00007fd051016218 R14: 00007fd051016180 R15: 00007ffeb761a928 [ 1042.302168][T18221] [ 1042.302173][T18221] [ 1042.302178][T18221] Allocated by task 18222: [ 1042.302186][T18221] kasan_save_stack+0x30/0x50 [ 1042.302207][T18221] kasan_save_track+0x14/0x30 [ 1042.302227][T18221] __kasan_kmalloc+0xaa/0xb0 [ 1042.302246][T18221] hugetlb_vma_lock_alloc+0xc3/0x1e0 [ 1042.302266][T18221] hugetlb_vm_op_open+0x273/0x560 [ 1042.302287][T18221] dup_mmap+0xb03/0x2180 [ 1042.302304][T18221] copy_process+0x7523/0x7a40 [ 1042.302319][T18221] kernel_clone+0xfc/0x9a0 [ 1042.302333][T18221] __do_sys_clone+0xd9/0x120 [ 1042.302348][T18221] do_syscall_64+0x106/0xf80 [ 1042.302366][T18221] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1042.302380][T18221] [ 1042.302384][T18221] The buggy address belongs to the object at ffff88807a587f00 [ 1042.302384][T18221] which belongs to the cache kmalloc-192 of size 192 [ 1042.302395][T18221] The buggy address is located 66 bytes to the right of [ 1042.302395][T18221] allocated 168-byte region [ffff88807a587f00, ffff88807a587fa8) [ 1042.302410][T18221] [ 1042.302414][T18221] The buggy address belongs to the physical page: [ 1042.302421][T18221] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7a587 [ 1042.302435][T18221] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 1042.302447][T18221] page_type: f5(slab) [ 1042.302460][T18221] raw: 00fff00000000000 ffff88813fe3c3c0 dead000000000100 dead000000000122 [ 1042.302475][T18221] raw: 0000000000000000 0000000800100010 00000000f5000000 0000000000000000 [ 1042.302484][T18221] page dumped because: kasan: bad access detected [ 1042.302500][T18221] page_owner tracks the page as allocated [ 1042.302505][T18221] page last allocated via order 0, migratetype Unmovable, gfp_mask 0xd2cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 10608, tgid 10607 (syz.2.1642), ts 303001075916, free_ts 302996025569 [ 1042.302533][T18221] post_alloc_hook+0x153/0x170 [ 1042.302552][T18221] get_page_from_freelist+0x111d/0x3140 [ 1042.302572][T18221] __alloc_frozen_pages_noprof+0x27c/0x2ba0 [ 1042.302592][T18221] new_slab+0xa6/0x6b0 [ 1042.302608][T18221] refill_objects+0x26b/0x400 [ 1042.302625][T18221] __pcs_replace_empty_main+0x1ab/0x660 [ 1042.302644][T18221] __kmalloc_noprof+0x688/0x850 [ 1042.302663][T18221] __register_sysctl_table+0xbe4/0x1650 [ 1042.302685][T18221] __devinet_sysctl_register+0x1b9/0x360 [ 1042.302748][T18221] devinet_sysctl_register+0x17b/0x210 [ 1042.302769][T18221] inetdev_init+0x2b8/0x570 [ 1042.302789][T18221] inetdev_event+0x7fa/0x17f0 [ 1042.302809][T18221] notifier_call_chain+0x99/0x420 [ 1042.302828][T18221] call_netdevice_notifiers_info+0xbe/0x110 [ 1042.302877][T18221] register_netdevice+0x16e6/0x2210 [ 1042.302898][T18221] cfg80211_register_netdevice+0x149/0x310 [ 1042.302915][T18221] page last free pid 15 tgid 15 stack trace: [ 1042.302924][T18221] __free_frozen_pages+0x7e1/0x10d0 [ 1042.302940][T18221] tlb_remove_table_rcu+0x2cf/0x380 [ 1042.302957][T18221] rcu_core+0x5a2/0x10d0 [ 1042.302974][T18221] handle_softirqs+0x1eb/0x9e0 [ 1042.302988][T18221] run_ksoftirqd+0x38/0x60 [ 1042.303001][T18221] smpboot_thread_fn+0x3d3/0xaa0 [ 1042.303016][T18221] kthread+0x370/0x450 [ 1042.303033][T18221] ret_from_fork+0x754/0xd80 [ 1042.303052][T18221] ret_from_fork_asm+0x1a/0x30 [ 1042.303067][T18221] [ 1042.303071][T18221] Memory state around the buggy address: [ 1042.303079][T18221] ffff88807a587e80: 00 00 00 04 fc fc fc fc fc fc fc fc fc fc fc fc [ 1042.303089][T18221] ffff88807a587f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1042.303100][T18221] >ffff88807a587f80: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc [ 1042.303108][T18221] ^ [ 1042.303117][T18221] ffff88807a588000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1042.303127][T18221] ffff88807a588080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1042.303135][T18221] ================================================================== [ 1042.303155][T18221] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 1042.303168][T18221] CPU: 0 UID: 0 PID: 18221 Comm: syz.3.3577 Tainted: G L syzkaller #0 PREEMPT(full) [ 1042.303190][T18221] Tainted: [L]=SOFTLOCKUP [ 1042.303197][T18221] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1042.303207][T18221] Call Trace: [ 1042.303213][T18221] [ 1042.303219][T18221] dump_stack_lvl+0x100/0x190 [ 1042.303240][T18221] vpanic+0x552/0x970 [ 1042.303256][T18221] ? __pfx_vpanic+0x10/0x10 [ 1042.303271][T18221] ? __pfx_vprintk_emit+0x10/0x10 [ 1042.303287][T18221] ? fbcon_prepare_logo+0x94e/0xc60 [ 1042.303302][T18221] panic+0xd1/0xe0 [ 1042.303315][T18221] ? __pfx_panic+0x10/0x10 [ 1042.303331][T18221] ? fbcon_prepare_logo+0x94e/0xc60 [ 1042.303347][T18221] check_panic_on_warn.cold+0x19/0x34 [ 1042.303363][T18221] end_report.part.0+0x3a/0x90 [ 1042.303383][T18221] kasan_report.cold+0xe/0x18 [ 1042.303403][T18221] ? fbcon_prepare_logo+0x94e/0xc60 [ 1042.303420][T18221] kasan_check_range+0x10f/0x1e0 [ 1042.303438][T18221] __asan_memcpy+0x23/0x60 [ 1042.303457][T18221] fbcon_prepare_logo+0x94e/0xc60 [ 1042.303476][T18221] fbcon_init+0x10a0/0x1820 [ 1042.303500][T18221] visual_init+0x320/0x620 [ 1042.303521][T18221] do_bind_con_driver.isra.0+0x636/0x9c0 [ 1042.303545][T18221] store_bind+0x609/0x730 [ 1042.303565][T18221] ? __pfx_store_bind+0x10/0x10 [ 1042.303584][T18221] dev_attr_store+0x58/0x80 [ 1042.303600][T18221] ? __pfx_dev_attr_store+0x10/0x10 [ 1042.303616][T18221] sysfs_kf_write+0xf2/0x150 [ 1042.303634][T18221] kernfs_fop_write_iter+0x3e0/0x5f0 [ 1042.303649][T18221] ? __pfx_sysfs_kf_write+0x10/0x10 [ 1042.303667][T18221] vfs_write+0x6ac/0x1070 [ 1042.303681][T18221] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 1042.303697][T18221] ? __pfx_vfs_write+0x10/0x10 [ 1042.303724][T18221] ksys_write+0x12a/0x250 [ 1042.303737][T18221] ? __pfx_ksys_write+0x10/0x10 [ 1042.303750][T18221] ? kcov_ioctl+0x16a/0x720 [ 1042.303765][T18221] do_syscall_64+0x106/0xf80 [ 1042.303785][T18221] ? clear_bhb_loop+0x40/0x90 [ 1042.303802][T18221] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1042.303817][T18221] RIP: 0033:0x7fd050d9c799 [ 1042.303829][T18221] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1042.303844][T18221] RSP: 002b:00007fd051ba5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1042.303859][T18221] RAX: ffffffffffffffda RBX: 00007fd051016180 RCX: 00007fd050d9c799 [ 1042.303870][T18221] RDX: 000000000000d4d0 RSI: 0000200000000000 RDI: 0000000000000003 [ 1042.303880][T18221] RBP: 00007fd050e32c99 R08: 0000000000000000 R09: 0000000000000000 [ 1042.303890][T18221] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1042.303900][T18221] R13: 00007fd051016218 R14: 00007fd051016180 R15: 00007ffeb761a928 [ 1042.303915][T18221] [ 1042.303978][T18221] Kernel Offset: disabled