last executing test programs: 28.459599909s ago: executing program 3 (id=1794): close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @loopback}, 0x54) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) write$auto(0x3, 0x0, 0xfdef) shutdown$auto(0x200000003, 0x2) write$auto(0x3, 0x0, 0xfdef) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ioam6(&(0x7f0000000040), 0xffffffffffffffff) mmap$auto(0x0, 0xe983, 0x6, 0xeb1, 0xffffffffffffffff, 0x8000) r2 = socket(0xa, 0x1, 0x84) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptyw5\x00', 0x80000, 0x0) getsockopt$auto(r2, 0x0, 0x482, 0x0, &(0x7f0000000040)=0x8) r3 = socket(0xa, 0x2, 0x3a) setsockopt$auto(r3, 0x29, 0x19, 0x0, 0x0) sendmsg$auto_GTP_CMD_NEWPDP(r0, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000140)={0x54, 0x0, 0x200, 0x70bd28, 0x25dfdbfe, {}, [@GTPA_FLOW={0x6, 0x6, 0x5}, @GTPA_VERSION={0x8, 0x2, 0x3}, @GTPA_PEER_ADDRESS={0x8, 0x4, @rand_addr=0x64010101}, @GTPA_FLOW={0x6, 0x6, 0xfc00}, @GTPA_LINK={0x8, 0x1, 0x80000007}, @GTPA_LINK={0x8, 0x1, 0x80000001}, @GTPA_I_TEI={0x8, 0x8, 0x5e}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x29}}]}, 0x54}, 0x1, 0x0, 0x0, 0x4040080}, 0x20000040) sendmsg$auto_IOAM6_CMD_DUMP_NAMESPACES(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000080)={0x14, r1, 0x70b, 0x70bd24, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x4040041}, 0xc840) write$auto(r0, &(0x7f0000000200)='+(@!\x00', 0x800) r4 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000300), 0xffffffffffffffff) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NL80211_CMD_ADD_LINK_STA(r5, &(0x7f0000000dc0)={0x0, 0x0, &(0x7f0000000d80)={&(0x7f0000000740)={0x30, r4, 0x1, 0x70bd2c, 0x25dfdbfb, {}, [@NL80211_ATTR_HE_CAPABILITY={0x1a, 0x10d, "e2d1b2c3e0f4246df8a3901298f8aa701033e4ad8868"}]}, 0x30}, 0x1, 0x0, 0x0, 0x4000000}, 0x40004) r6 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net/net_prio.ifpriomap\x00', 0x10b142, 0x0) sendfile$auto(r6, r6, 0x0, 0x5) 25.658314362s ago: executing program 3 (id=1798): unshare$auto(0x40000080) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) socket(0x2c, 0x1, 0x0) listen$auto(0x3, 0x81) socket(0x10, 0x2, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000140), 0x8f00, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) mremap$auto(0x1ff000, 0x100005, 0x843, 0x3, 0x2) mremap$auto(0xfffff000, 0x4, 0x4, 0x7, 0x1001ff000) fsopen$auto(0x0, 0x1) prctl$auto(0x1000000003b, 0x1, 0x4, 0xd73, 0x7) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) shutdown$auto(0x200000003, 0x2) recvfrom$auto(0x4, 0x0, 0x101d0, 0x3ffffd, 0x0, 0x0) madvise$auto(0x0, 0x2003f2, 0x15) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ethtool(0x0, r1) mmap$auto(0x2, 0xffffffbffffffffd, 0x4000000000df, 0x1c, r1, 0x300000000000) socket(0x1d, 0x3, 0x1) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup.cpu/memory.limit_in_bytes\x00', 0x182b02, 0x0) sendfile$auto(r3, r3, 0x0, 0x3) close_range$auto(0x2, 0x8, 0x0) 19.675570995s ago: executing program 3 (id=1804): socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) openat$auto_raw_fops_raw_gadget(0xffffffffffffff9c, 0x0, 0x80a040, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x0, 0x0) socket(0xa, 0x1, 0x84) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) unshare$auto(0x40000080) openat$auto_tracing_fops_trace(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/tracing/trace\x00', 0x1a6b75d638828712, 0x0) openat$auto_tracing_free_buffer_fops_trace(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/tracing/free_buffer\x00', 0x4c000, 0xebff) socket(0x2, 0x1, 0x0) bind$auto(0xffffffffffffffff, &(0x7f0000000040)=@in={0x2, 0x4e25, @multicast2}, 0x6d) r0 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x2, 0x0) read$auto(r0, 0x0, 0x7) write$auto(0xffffffffffffffff, 0x0, 0x2008000000000a9f) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x1e, 0x1, 0x0) socket(0x11, 0x80003, 0x300) sendto$auto(0x3, 0x0, 0xfdef, 0x7, &(0x7f0000000440)=@tipc=@nameseq={0x1e, 0x1, 0x0, {0x1, 0x0, 0x4}}, 0x20) r1 = socket(0x11, 0x80003, 0x300) setsockopt$auto(r1, 0x107, 0x5, 0x0, 0x8004) sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x400c01d}, 0x0) syz_genetlink_get_family_id$auto_macsec(&(0x7f0000000080), 0xffffffffffffffff) 13.790105665s ago: executing program 1 (id=1809): r0 = socket(0xa, 0x1, 0x84) mmap$auto(0x0, 0x20004, 0x1ff, 0xeb1, 0x8000000000000024, 0x8000) bind$auto(0x3, 0x0, 0x6a) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) move_pages$auto(0x1, 0xf54, 0x0, 0x0, 0x0, 0x8000000000000000) r1 = gettid() rt_tgsigqueueinfo$auto(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000100)={@siginfo_0_0={0x6, 0x8, 0x2, @_sigchld={r1, 0x0, 0x401, 0x5, 0x3}}}) r2 = open(&(0x7f0000000140)='./file0\x00', 0x2a4c0, 0x40) execve$auto(&(0x7f0000000180)='./file0\x00', &(0x7f0000000100)=&(0x7f0000000080)='\xac\x00', &(0x7f0000000000)=&(0x7f0000000200)=' ') unshare$auto(0x40000080) r3 = getpid() r4 = syz_genetlink_get_family_id$auto_nfc(&(0x7f00000001c0), r2) sendmsg$auto_NFC_CMD_DEACTIVATE_TARGET(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000840)={0x130, r4, 0x2, 0x70bd2a, 0x25dfdbfd, {}, [@NFC_ATTR_TARGET_INDEX={0x8, 0x4, 0x1}, @NFC_ATTR_LLC_SDP={0x4}, @NFC_ATTR_SE_INDEX={0x8, 0x15, 0x4}, @NFC_ATTR_LLC_PARAM_MIUX={0x6, 0x11, 0x4}, @NFC_ATTR_VENDOR_ID={0x8, 0x1d, 0x8001}, @NFC_ATTR_VENDOR_DATA={0xeb, 0x1f, "10d13f8694b45338b37eb37a6be63b3241b32357da3910617c64e17b0af696a44405959d79adf208b01fc87d6a3f2c643deff46ccc501f3cd06fd7c2788642647d433a2fe91ea771ccf43a3b9e6df4047f9d345177b54cada1635f4e5a508e948b61dea47867c18e3e1094a300b979bb77f0808ca21c763cf581d97ac29972920e10ab18a64e6f16c12f6e3ebeada1909fc1f8191dae6a48e67ea51ca7a8717fc349064e3b7c618b54b3396ebf7a87db72d3cc52c0aea138f1272a80915958c6121d51da7a320340f4482fc397064ce1fe15082bcdf23edc006be8c79fac7115563d9e8ca56b96"}, @NFC_ATTR_LLC_SDP={0x4}, @NFC_ATTR_TM_PROTOCOLS={0x8, 0xe, 0x8000}]}, 0x130}}, 0x4004010) process_vm_readv$auto(r3, &(0x7f0000000000)={0x0, 0xfff}, 0x1, &(0x7f0000000280)={&(0x7f0000000080), 0xffffffff}, 0x6, 0x0) getsockopt$auto(r0, 0x84, 0x7c, 0x0, 0x0) statx$auto(0x2, 0x0, 0x1000, 0x8, 0x0) socket(0x18, 0xa, 0x1) r5 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000100)='/proc/fs/cifs/mount_params\x00', 0x802, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r5, &(0x7f0000000640)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\xff\x7f\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc:\xfa\x01\xd1\xa3\xb5\xc2B\xa5\xac:woR^a\xb9}\xe7\xbd\xe1\xf77.\xa3\xd8\xc2T\x95\x13\x91\xb6p\xf3\xb2w\xe6\xd7\x94DW\x97\x90a\xe6c\xfb\x88x\xd5L\xa9\xe4\x82\x04\xb1\x8b\r\xcaP\\\x1aVP\xc9\xa4`\xfd\v\x94\f\xc1\x0fQ\xc9\xdcL\x03\x9c\xbfk\xa6\xb1\xb0\xa1\xeeJ\xd8\xef\xc8t\x9d\x1e=J\x91W\xc6AuJ\xb9Q\xed\xd1\a\x05\x9d\x85\xb7b#r\xcd\xaf\xb7\x9f\xf7\xd2\xae\x0f\x98\xa9&\xb6~\xd4\xbd\xbbr\xb9\xc3\xacH!\xc1\x90K2\x05K@\xee\xac\xe8\xc7\t\xab\xbf\xa3\xedb\xd7\xb5\xd7\x83&\x95\xb2?\x0e\x85\xaaIGu\xd6$\xeb\xb6\xdd\a\x121\a\xac\x1bx#\x87\xa9\x10\x9b\xf8YD\x04ZL\xca\x99]\x8f[\x90[\xa8\xbf\x98\xa6\xe50(zC\xe84*w\x13\x96\xd5\xd0\x877\x12\xbc\xa1\xd0h@|\xf9\xfa\x9b\x17\x94\xb9\xe7\xf3\x15\x05\x91\xe8\x98p\x7f:\xd7s\xd9wo\x82\xda\xec\x91\xb7\xd9;H\x8a\b\x00\x00\x00\x00\x00\x00\x00\x8aZ\x94\x14$X7\xaeW6=^I\x9fQ\r5c\x81\xca]\x97m\x89o\x8f\xd8}P>I\xd0\xb3\x88C\xd7', 0x100000a3d9) openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000000300), 0x80000, 0x0) socket(0x2, 0x3, 0xa) select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x8fd5, 0x948b, 0x3, 0x15f4da0a, 0x4, 0x3, 0x62, 0x80000002, 0x7, 0x1, 0x9, 0x3, 0xfffffffffefffffe]}, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000340)={[0x1ff, 0x7, 0xd40, 0x1, 0x948f, 0x5, 0x95f4da0a, 0xffffffffffffffff, 0x3, 0x62, 0x80000001, 0x7, 0x6d3f, 0xa, 0x8, 0x6]}, 0x0) 12.127170778s ago: executing program 0 (id=1810): close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/ptyu7\x00', 0x103040, 0x0) ioctl$auto(0x3, 0x540f, 0xffffffffffffffff) mmap$auto(0x0, 0x128009, 0xdf, 0xeb1, r0, 0x8000) mmap$auto(0xffffffffffffff82, 0x20000a00004, 0x400002, 0x15, 0x602, 0x5) io_uring_setup$auto(0x6, 0x0) close_range$auto(0x2, 0xa, 0x0) openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000200), 0x400, 0x3f) openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, 0x0, 0x96141, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0C0F:00/status\x00', 0x80100, 0x0) socket(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000280)={'ip6_vti0\x00'}) read$auto_kernfs_file_fops_kernfs_internal(r1, &(0x7f0000000140)=""/122, 0x7a) write$auto(0xffffffffffffffff, 0x0, 0x80000000) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000640), 0xffffffffffffffff) sendmsg$auto_L2TP_CMD_TUNNEL_CREATE(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)={0x5c, r4, 0x1, 0x70bd2b, 0x25dfdbf9, {}, [@L2TP_ATTR_ENCAP_TYPE={0x6, 0x2, 0x1}, @L2TP_ATTR_PROTO_VERSION={0x5, 0x7, 0x58}, @L2TP_ATTR_CONN_ID={0x8, 0x9, 0x8}, @L2TP_ATTR_PEER_CONN_ID={0x8, 0xa, 0x8}, @L2TP_ATTR_IP6_SADDR={0x14}, @L2TP_ATTR_IP6_DADDR={0x14, 0x20, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0xf}}}]}, 0x5c}, 0x1, 0x0, 0x0, 0x40000}, 0x0) fsetxattr$auto(0x1, 0x0, 0x0, 0x4, 0x6) write$auto(r2, 0x0, 0x100000a3d9) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/platform/vhci_hcd.3/usb15/15-0:1.0/usb15-port2/over_current_count\x00', 0x2000, 0x0) keyctl$auto_KEYCTL_INSTANTIATE_IOV(0x14, 0x0, 0x8, 0x34d, 0x7fffffff) openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sg0\x00', 0x8081, 0x0) close_range$auto(0x2, 0x8, 0x0) 11.747857423s ago: executing program 1 (id=1811): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) write$auto(r1, &(0x7f0000000000)='//\xf2\x00', 0x80000000) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snd/midiC2D1\x00', 0x581402, 0x0) ioctl$auto_posix_clock_file_operations_posix_clock(0xffffffffffffffff, 0xc0403d11, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) waitid$auto_P_ALL(0x0, 0x3b000, &(0x7f0000000280)={@siginfo_0_0={0x200, 0x0, 0x6, @_sigsys={&(0x7f00000000c0), 0x1000, 0x826}}}, 0x3, &(0x7f0000000300)={{0xda0000000000000, 0x969d}, {0x2, 0x6}, 0x8000000000000000, 0xa, 0x8, 0xd11c, 0xb871, 0x6, 0x9ffd, 0x81, 0x4, 0x1000000000f8c5, 0x1000, 0x81, 0xc, 0xd}) madvise$auto(0x0, 0x200007, 0x1d) pwrite64$auto(0xc8, 0x0, 0xfded, 0x6) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r2, &(0x7f00000003c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4G\x0f\xed\xc0D\xd6\xaf%\xa5\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xccT\fZq', 0x100000a3da) close_range$auto(0x0, 0xfffffffffffff001, 0x2) socket(0x11, 0x80003, 0x300) socket(0x29, 0x5, 0x0) open(&(0x7f0000000040)='./cgroup\x00', 0x80, 0xb5d1af1605322de0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda1\x00', 0x0, 0x0) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x48402, 0x0) 11.71991434s ago: executing program 3 (id=1812): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, 0x0, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, 0x0, 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket(0x2, 0x80002, 0x73) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @local}, 0x54) sendmmsg$auto(r0, 0x0, 0x9a6, 0xe000) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) connect$auto(0x3, &(0x7f0000000080)=@xdp={0x2c, 0x4, 0x0, 0xc}, 0x54) r1 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) openat$auto_sco_debugfs_fops_(0xffffffffffffff9c, 0x0, 0x242, 0x0) ioctl$auto_SNDRV_TIMER_IOCTL_TREAD64(0xffffffffffffffff, 0x400454a4, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) pread64$auto(r1, &(0x7f0000000200)='/proc/self/net/ip6_tables_targets\x00', 0x34b, 0x10000) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) unshare$auto(0x40000080) write$auto(0xca, &(0x7f00000000c0)='\x04>\x01\x01\x00J:\xdd\xfc\xb6\xc6\x0f\xaf\xe3\x0f\xd1V\xb1yz\\\xa6\xed\ag+\xa3p(\xe2\x1b\xdc7\x1b\xc4TM}\xce\x90\xfa9\x957\xec\xd8\xe0TC\x86\xad\xe1G\xc7\xd4\x96\x12h\x84;Y\xe2\x03i\xa1)`\n\xc3\xfeR\x06\x03\xf5/@\xf0\'\xb9\xdf\xe1\xef\v\x19B\xc0\xe2\xac\xa5^\x01D\xef\xaf#\xbc\xa5\xf9J\xdc\xc3),=1\b\x05\x9d\x82\xd4\'\xe8\xfe\xfd\x9a\x9f\x00\x00\x00\x00\x00\x00\x00\x00', 0x7f) mmap$auto(0x0, 0xe983, 0xdf, 0x400000000000eb1, 0xffffffffffffffff, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_TIPC_NL_MON_GET(0xffffffffffffffff, &(0x7f00000083c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4801}, 0x8080) openat$auto_fake_panic_fops_(0xffffffffffffff9c, 0x0, 0x8000, 0x0) 11.016038907s ago: executing program 2 (id=1814): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0xa, 0x2, 0x0) r0 = pidfd_open$auto(0x1, 0x0) setns(r0, 0x2000000) ioctl$auto_VHOST_SET_VRING_CALL2(r0, 0x4008af21, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x6, 0x8000) move_pages$auto(0x1, 0x20007, 0x0, 0x0, 0x0, 0x8000000000000000) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_tracing_entries_fops_trace(0xffffffffffffff9c, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/system/node/node1/compact\x00', 0xc2481, 0x0) writev$auto(r2, &(0x7f0000000080)={&(0x7f0000000040), 0x1000}, 0x3) r3 = socket(0x1d, 0x5, 0x0) syz_genetlink_get_family_id$auto_smbd_genl(0x0, 0xffffffffffffffff) sendmsg$auto_KSMBD_EVENT_LOGIN_RESPONSE(r3, 0x0, 0x30004850) msync$auto(0x1ffff000, 0x1800000000000fe, 0x400000004) close_range$auto(0x2, 0x8, 0x0) r4 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) ioctl$auto(r4, 0x4b47, 0x1) mmap$auto(0x0, 0x404008, 0xdf, 0x9b72, 0x2, 0x8000) r5 = open(&(0x7f0000000140)='./cgroup.cpu/cgroup.procs\x00', 0x80400, 0xb5d1af1605322ddc) r6 = open_by_handle_at$auto(r5, &(0x7f0000001280)={0x8, 0x2, "0200000000000000"}, 0x6) sendfile$auto(r6, r5, 0x0, 0x2) io_uring_setup$auto(0xd364, &(0x7f0000000000)={0x3fe, 0x10002, 0x7d, 0x3, 0x5, 0x5, 0xffffffffffffffff, [], {0x0, 0x10, 0x6, 0x6, 0x40, 0x4, 0x7, 0x7, 0x80000000}, {0x7, 0x4, 0x80000001, 0x8, 0x6b, 0x5, 0x0, 0xfffffffa, 0xb0}}) 8.834952332s ago: executing program 0 (id=1815): mmap$auto(0x0, 0x5, 0xf633, 0x40eb2, 0xffffffffffffffff, 0x300000000000) sysfs$auto(0x2, 0x100000000000036, 0x0) fsopen$auto(0x0, 0x1) connect$auto(0xffffffffffffffff, 0x0, 0x2) write$auto_proc_loginuid_operations_base(0xffffffffffffffff, 0x0, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/fs/orangefs/dcache_timeout_msecs\x00', 0x8ea182, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x800, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/i8042/serio0/scroll\x00', 0x2062, 0x0) write$auto(r1, &(0x7f0000000440)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b\v\x82\rd\xd2\xaa\v!\xb1}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb', 0x98c7) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) close_range$auto(0x2, 0x8, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'wlan1\x00'}) r3 = openat$auto_bm_status_operations_binfmt_misc(0xffffffffffffff9c, &(0x7f0000003980), 0x141002, 0x0) write$auto_bm_status_operations_binfmt_misc(r3, 0x0, 0x0) socket(0x2, 0x80002, 0x73) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) sysfs$auto(0x2, 0x23, 0x0) r4 = openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/set_event\x00', 0x20201, 0x0) write$auto(r4, 0x0, 0x4) bind$auto(0x3, &(0x7f0000000100)=@sco={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}}, 0x4) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) write$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000000000)='B', 0x1) syz_genetlink_get_family_id$auto_netdev(&(0x7f0000000000), 0xffffffffffffffff) 7.683399446s ago: executing program 0 (id=1816): openat$auto_console_fops_tty_io(0xffffffffffffff9c, 0x0, 0x4000, 0x0) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) socket(0xa, 0x3, 0x3b) sysfs$auto(0x2, 0x23, 0x0) write$auto(0xffffffffffffffff, 0x0, 0x3) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa}, 0x58) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) mmap$auto(0x1, 0x2020009, 0x3, 0xebe, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/nullb0/queue/virt_boundary_mask\x00', 0x101000, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f00000003c0)=""/251, 0xfb) mmap$auto(0x0, 0x2020007, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x0, 0x5, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000200)='/sys/devices/platform/vivid.0/video4linux/video62/name\x00', 0x100, 0x0) close_range$auto(0x0, 0x5, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/net/sit0/statistics/tx_compressed\x00', 0x80000, 0x0) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x8c00, 0x0) ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$auto(0x3, 0xc048aec8, r2) ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$auto(0x3, 0x4048aec9, r1) 7.265763939s ago: executing program 1 (id=1817): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) write$auto(r1, &(0x7f0000000000)='//\xf2\x00', 0x80000000) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snd/midiC2D1\x00', 0x581402, 0x0) ioctl$auto_posix_clock_file_operations_posix_clock(0xffffffffffffffff, 0xc0403d11, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) waitid$auto_P_ALL(0x0, 0x3b000, &(0x7f0000000280)={@siginfo_0_0={0x200, 0x0, 0x6, @_sigsys={&(0x7f00000000c0)="55eb8df319677f9aebf453b195011dc75b314a6a2de037085459dc03a1ad199752151699faea53575d94e9e2f930abeb4f1cd2fa58eef0e25b15baeca5f900", 0x1000, 0x826}}}, 0x3, &(0x7f0000000300)={{0xda0000000000000, 0x969d}, {0x2, 0x6}, 0x8000000000000000, 0xa, 0x8, 0xd11c, 0xb871, 0x6, 0x9ffd, 0x81, 0x4, 0x1000000000f8c5, 0x1000, 0x81, 0xc, 0xd}) madvise$auto(0x0, 0x200007, 0x1d) pwrite64$auto(0xc8, 0x0, 0xfded, 0x6) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r2, &(0x7f00000003c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4G\x0f\xed\xc0D\xd6\xaf%\xa5\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xccT\fZq', 0x100000a3da) close_range$auto(0x0, 0xfffffffffffff001, 0x2) socket(0x11, 0x80003, 0x300) socket(0x29, 0x5, 0x0) open(&(0x7f0000000040)='./cgroup\x00', 0x80, 0xb5d1af1605322de0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda1\x00', 0x0, 0x0) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x48402, 0x0) 6.498125271s ago: executing program 2 (id=1818): mmap$auto(0x0, 0x2020009, 0x3, 0x800000000000eb1, 0xfffffffffffffffa, 0x8000) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x130) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x40000, 0x31) fallocate$auto(0x8000000000000003, 0x0, 0x9, 0x4cbd5d) mmap$auto(0x0, 0x1, 0xfd5, 0x12, r1, 0x0) mmap$auto(0x9, 0x1ff, 0x4, 0x14, 0x3, 0x0) socket(0xa, 0x3, 0x73) getcwd$auto(&(0x7f00000003c0)=':%,^*#\')\x00', 0x8) mmap$auto(0xfffffffffffffff9, 0x2000a, 0x100000000009f, 0xeb2, 0x401, 0x8000) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000180)='/dev/input/event0\x00', 0x668401, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/midiC2D3\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/block/zram0/reset\x00', 0xa001, 0x0) write$auto(r2, &(0x7f00000000c0)='/dev/audio1\x00', 0x100000a3d9) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000000)={{0x0, 0x2, 0x0, 0x3, 0x0, 0xfffffffffffffffc, 0x2}, 0xed7138c}, 0x2, 0x9) finit_module$auto(r2, &(0x7f0000000140)='7\x00\\\xa0\x01\x00\x01\x00\x00\x00\x00\x00\xc7k', 0x5) r3 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x8800, 0x0) cachestat$auto(r3, &(0x7f0000000640)={0x8, 0x4000000000008}, 0x0, 0x0) read$auto_i2cdev_fops_i2c_dev(r0, &(0x7f00000001c0)=""/214, 0xd6) r4 = socket(0xa, 0x5, 0x84) sendmsg$auto_NFC_CMD_DEP_LINK_UP(r4, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x24, 0x0, 0x10, 0x70bd2a, 0x25dfdbfc, {}, [@NFC_ATTR_DEVICE_INDEX={0x8}, @NFC_ATTR_COMM_MODE={0x5, 0xa, 0x6}]}, 0x24}, 0x1, 0x0, 0x0, 0x40000}, 0x4040010) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000400)='/dev/video41\x00', 0x40, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/module/nfs/parameters/nfs_mountpoint_expiry_timeout\x00', 0xa001, 0x0) sendto$auto(r4, 0x0, 0x401, 0x7f, &(0x7f0000000000)=@generic={0xa, "e2e18340cba8fe80000700"}, 0x1c) 5.629143758s ago: executing program 0 (id=1819): ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'vlan0\x00'}) ioctl$auto_XFS_IOC_ATTRMULTI_BY_HANDLE(0xffffffffffffffff, 0x4048587b, &(0x7f0000000580)={{0xffffffffffffffff, 0x0, 0x3, &(0x7f0000000180), 0x926, 0x0, 0x0}, 0x3, &(0x7f0000000540)={0x87, 0x5, &(0x7f0000000380)="a4c8139ceb36a1e5e934f1c3e234307569f386483f49add8b3ea36f329f2cfbcd37e6a0d386facb9eb7d8393de47064497d2ea14358c16cba232abab7e85deb3940cfc2c476d8defb197b5293c30d51b994ad9073168451f32104c2ecd7fa72af5d5518a36b5aa", &(0x7f0000000480)="4f54a068fdcd141814cf956630cf8bd17d1f28eb6680c32541ee65e2642261db9c5f56ebfc077a5b977e97cc9b01d745e6a1d1db2a8365f0b1f60fbe8d99f0ddde6e11ace3b707aa0e452a1422945377165202c26cf9c7da460d26828faae828df17dbf1117a8224c6ddf172b9d1f6ce0e80ea548005341399bd2c3a32cdeac80a64318af111f88309d27aa31d08f86612f42cb20cc0e52a9e8a611940c2f0b8fe74e20e93b3266de6510279ca60fefe1060fdeb47714540", 0x0, 0x993}}) openat$auto_virtual_ncidev_fops_virtual_ncidev(0xffffffffffffff9c, &(0x7f0000000600), 0xc4041, 0x0) openat$auto_uprobe_events_ops_trace_uprobe(0xffffffffffffff9c, &(0x7f0000000640)='/sys/kernel/tracing/uprobe_events\x00', 0x38001, 0x0) openat$auto_transaction_log_fops_(0xffffffffffffff9c, &(0x7f0000000680)='/sys/kernel/debug/binder/transaction_log\x00', 0x800, 0x0) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sg0\x00', 0x180483, 0x0) openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dri/card0\x00', 0x121d02, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snd/midiC2D0\x00', 0x622340, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x3, 0x100) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) io_uring_setup$auto(0x4, 0x0) socket$nl_generic(0x10, 0x3, 0x10) eventfd$auto(0x3) eventfd$auto(0x3) pipe$auto(0x0) socketpair$auto(0x1e, 0x1, 0x4, 0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptya6\x00', 0x40001, 0x0) ioctl$auto_TIOCSETD2(r0, 0x5423, 0x0) 4.499736647s ago: executing program 0 (id=1820): r0 = socket(0xa, 0x1, 0x84) mmap$auto(0x0, 0x20004, 0x1ff, 0xeb1, 0x8000000000000024, 0x8000) bind$auto(0x3, 0x0, 0x6a) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) move_pages$auto(0x1, 0xf54, 0x0, 0x0, 0x0, 0x8000000000000000) r1 = gettid() rt_tgsigqueueinfo$auto(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000100)={@siginfo_0_0={0x6, 0x8, 0x2, @_sigchld={r1, 0x0, 0x401, 0x5, 0x3}}}) r2 = open(&(0x7f0000000140)='./file0\x00', 0x2a4c0, 0x40) execve$auto(&(0x7f0000000180)='./file0\x00', &(0x7f0000000100)=&(0x7f0000000080)='\xac\x00', &(0x7f0000000000)=&(0x7f0000000200)=' ') unshare$auto(0x40000080) r3 = getpid() r4 = syz_genetlink_get_family_id$auto_nfc(&(0x7f00000001c0), r2) sendmsg$auto_NFC_CMD_DEACTIVATE_TARGET(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000840)={0x130, r4, 0x2, 0x70bd2a, 0x25dfdbfd, {}, [@NFC_ATTR_TARGET_INDEX={0x8, 0x4, 0x1}, @NFC_ATTR_LLC_SDP={0x4}, @NFC_ATTR_SE_INDEX={0x8, 0x15, 0x4}, @NFC_ATTR_LLC_PARAM_MIUX={0x6, 0x11, 0x4}, @NFC_ATTR_VENDOR_ID={0x8, 0x1d, 0x8001}, @NFC_ATTR_VENDOR_DATA={0xeb, 0x1f, "10d13f8694b45338b37eb37a6be63b3241b32357da3910617c64e17b0af696a44405959d79adf208b01fc87d6a3f2c643deff46ccc501f3cd06fd7c2788642647d433a2fe91ea771ccf43a3b9e6df4047f9d345177b54cada1635f4e5a508e948b61dea47867c18e3e1094a300b979bb77f0808ca21c763cf581d97ac29972920e10ab18a64e6f16c12f6e3ebeada1909fc1f8191dae6a48e67ea51ca7a8717fc349064e3b7c618b54b3396ebf7a87db72d3cc52c0aea138f1272a80915958c6121d51da7a320340f4482fc397064ce1fe15082bcdf23edc006be8c79fac7115563d9e8ca56b96"}, @NFC_ATTR_LLC_SDP={0x4}, @NFC_ATTR_TM_PROTOCOLS={0x8, 0xe, 0x8000}]}, 0x130}}, 0x4004010) process_vm_readv$auto(r3, &(0x7f0000000000)={0x0, 0xfff}, 0x1, &(0x7f0000000280)={&(0x7f0000000080), 0xffffffff}, 0x6, 0x0) getsockopt$auto(r0, 0x84, 0x7c, 0x0, 0x0) statx$auto(0x2, 0x0, 0x1000, 0x8, 0x0) socket(0x18, 0xa, 0x1) r5 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000100)='/proc/fs/cifs/mount_params\x00', 0x802, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r5, &(0x7f0000000640)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\xff\x7f\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc:\xfa\x01\xd1\xa3\xb5\xc2B\xa5\xac:woR^a\xb9}\xe7\xbd\xe1\xf77.\xa3\xd8\xc2T\x95\x13\x91\xb6p\xf3\xb2w\xe6\xd7\x94DW\x97\x90a\xe6c\xfb\x88x\xd5L\xa9\xe4\x82\x04\xb1\x8b\r\xcaP\\\x1aVP\xc9\xa4`\xfd\v\x94\f\xc1\x0fQ\xc9\xdcL\x03\x9c\xbfk\xa6\xb1\xb0\xa1\xeeJ\xd8\xef\xc8t\x9d\x1e=J\x91W\xc6AuJ\xb9Q\xed\xd1\a\x05\x9d\x85\xb7b#r\xcd\xaf\xb7\x9f\xf7\xd2\xae\x0f\x98\xa9&\xb6~\xd4\xbd\xbbr\xb9\xc3\xacH!\xc1\x90K2\x05K@\xee\xac\xe8\xc7\t\xab\xbf\xa3\xedb\xd7\xb5\xd7\x83&\x95\xb2?\x0e\x85\xaaIGu\xd6$\xeb\xb6\xdd\a\x121\a\xac\x1bx#\x87\xa9\x10\x9b\xf8YD\x04ZL\xca\x99]\x8f[\x90[\xa8\xbf\x98\xa6\xe50(zC\xe84*w\x13\x96\xd5\xd0\x877\x12\xbc\xa1\xd0h@|\xf9\xfa\x9b\x17\x94\xb9\xe7\xf3\x15\x05\x91\xe8\x98p\x7f:\xd7s\xd9wo\x82\xda\xec\x91\xb7\xd9;H\x8a\b\x00\x00\x00\x00\x00\x00\x00\x8aZ\x94\x14$X7\xaeW6=^I\x9fQ\r5c\x81\xca]\x97m\x89o\x8f\xd8}P>I\xd0\xb3\x88C\xd7', 0x100000a3d9) openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000000300), 0x80000, 0x0) socket(0x2, 0x3, 0xa) select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x8fd5, 0x948b, 0x3, 0x15f4da0a, 0x4, 0x3, 0x62, 0x80000002, 0x7, 0x1, 0x9, 0x3, 0xfffffffffefffffe]}, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000340)={[0x1ff, 0x7, 0xd40, 0x1, 0x948f, 0x5, 0x95f4da0a, 0xffffffffffffffff, 0x3, 0x62, 0x80000001, 0x7, 0x6d3f, 0xa, 0x8, 0x6]}, 0x0) 3.992625673s ago: executing program 2 (id=1821): close_range$auto(0xffffffffffffffff, 0x8, 0x0) openat$auto_gpiolib_fops_(0xffffffffffffff9c, 0x0, 0x10000, 0x0) socket(0x18, 0x6, 0x9) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x80001, 0x0) write$auto(r0, 0x0, 0x9) openat$auto_uinput_fops_uinput(0xffffffffffffff9c, 0x0, 0xea880, 0x0) openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000001000), 0x4000, 0x0) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(0xffffffffffffffff, 0x0, 0x4000000) sendmsg$auto_IPVS_CMD_SET_CONFIG(0xffffffffffffffff, 0x0, 0x44) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r1 = mq_open$auto(&(0x7f0000000000)='.\xf1e4\xdf\x16\x95kxE\xd9x\x15\xb0\xf6V\x93\xb4E\x06\xc5}l', 0x400056a, 0x9, 0x0) ftruncate$auto(r1, 0x10000000004) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'vlan0\x00'}) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x8000}, 0x40001) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000180)='/proc/thread-self/oom_adj\x00', 0x49402, 0x0) close_range$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r2 = openat$auto_adf_ctl_ops_adf_ctl_drv(0xffffffffffffff9c, &(0x7f0000000080), 0x20540, 0x0) ioctl$auto(r2, 0x40046103, 0x81) finit_module$auto(0x3, 0xfffffffffffffffe, 0x400000000004) r3 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x48402, 0x0) read$auto(r3, 0x0, 0x4) r4 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r4, &(0x7f0000000240)={0x0, 0x7}, 0x3) openat$auto_ftrace_subsystem_filter_fops_trace_events(0xffffffffffffff9c, &(0x7f0000001a80)='/sys/kernel/tracing/events/vmalloc/filter\x00', 0x2, 0x0) 2.881817439s ago: executing program 1 (id=1822): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) ioctl$auto_tracing_buffers_fops_trace(0xffffffffffffffff, 0x7, &(0x7f0000000040)="023b8829afee0f9e18cde2ff58df8494cbbde0acb819dfe8") socket(0x10, 0x2, 0x4) socket(0x2, 0x3, 0x4) ioperm$auto(0x3, 0xe, 0x2000000000000149) clock_getres$auto(0x8, 0x0) r0 = openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f00000017c0)='/sys/kernel/debug/lru_gen\x00', 0x1, 0x0) read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, &(0x7f0000000540)=""/150, 0x96) write$auto(r0, &(0x7f0000000380)=' U\x15\xa2t\xe0\x1b\xb0\xff\xe8\x91@\x88\n\x92\xf1rL\x9c\rg-\xcc]\x0e\x06\x03\a0k\x85&YS\xb0;\xfd\xd6\x0eH\xb3 \xc2`\xbc\xec\f\xd0\x97\x19\xa6Y\xb0\x15Z/\xe2\xc3\x8e\xc1\xa7v\xe3\xc3\xb0d\x86\x8f\x86\x14S\xdc\xe2G\xb5\x8dN%\x84\xa3\xb4\xb8!\xf9\x01=4T\xb2\xff\xb6\x9dx\x1e\x8dU\xbe*\xa5\xe4q\xd23\xdf\xcce\x17\xc1WX\x0e\xb5\x16\xe6>R\x1b\xf6', 0x6) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/net/sit0/ifindex\x00', 0x80000, 0x0) statmount$auto(0x0, 0x0, 0x6, 0x7fffffff) openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f00000003c0), 0x3d00, 0x0) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x8) connect$auto(0x3, &(0x7f00000018c0)=@l2tp={0x2, 0x0, @multicast1}, 0x55) r1 = socket(0x11, 0x80003, 0x300) name_to_handle_at$auto(0xffffffffffffffff, &(0x7f00000000c0)='/\x00R\xa6\x00\xc8\xda\xdc\xb1\xb4#\xe4\xeb\xe1e/\x1b/\xb9L\xc6P\x82\xba\x90@\xb8\xb5\xb1\xe8\"\x88s\xdf\x15\xaa\x18\xa9\x86\xc7\x87g>8\xae\x99\xd4~\xc6\xa7\\\xcc\xfeV\x83\f\xdc\xdc~\x8e\xd5\x18\x13\x16\xc5\x93E\x10\xcb\x1c\x02\x00\xd2\xa4_\xa3\xdcS\xe2\xe2\xc6\x85p\xfa\xc3/G\x86\xea\x9f\xb0\x9a\xcc6\x1a\x06\x91\x9f\xcfC\xedU\x00f`\x02\x04\xef\xfe\x10\xec\x17\x83%K\x04\xd5s\x86\xe4\x9d\x15\f\x8c\xd9gj\xe5t\x82o7\xc05ul\xacU\xbf\xc0\xfe\xb4\xd7\t\xe0s]\xcd\xac\x87\xa5\xa6.t\xa9\xe8\xa6>\xf2\xd0\xb1\x83\x83\x91\a\xdc\xe9\xaa\x1dx\x06\xa77\xd6\xe1\xe9\x94\xb9Xi\xbbv_\x9a_bv%\xcb\xc7\xdd\xa3\xb4\tpr%\xdf\xc9\x06\xa2\xe7\xe1\xde\x16\xf7\x03x\xf8\v\v\x1a\xfcm\x87r\xc1\b\xca\x97\xb0\xeb\xd6F\x8f^\x94\xdf\x9ax\xf4\x03e[l\xa5', &(0x7f0000000200)={0x0, 0x6}, 0x0, 0x1001) setsockopt$auto(r1, 0x107, 0x12, 0x0, 0x4) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000080), r2) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000dc0)={&(0x7f0000000180)={0x28, r3, 0x1, 0x70bd2a, 0x25dfdbfd, {}, [@HWSIM_ATTR_PMSR_SUPPORT={0x14, 0x1a, 0x0, 0x1, [@NL80211_PMSR_ATTR_TYPE_CAPA={0x10, 0x4, 0x0, 0x1, [@NL80211_PMSR_TYPE_FTM={0xc, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_CAPA_ATTR_BANDWIDTHS={0x8, 0x6, 0x10001}]}]}]}]}, 0x28}, 0x1, 0x0, 0x0, 0x48041}, 0x10) fchdir$auto(r2) write$auto(0x3, 0x0, 0xfdef) 2.858531034s ago: executing program 3 (id=1823): socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NL80211_CMD_SET_SAR_SPECS(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x9000020}, 0xc, &(0x7f0000000080)={0x0, 0x1030}, 0x1, 0x0, 0x0, 0xc044804}, 0x40000) ioctl$auto_SNDRV_RAWMIDI_IOCTL_PARAMS(0xffffffffffffffff, 0xc0305710, 0x0) socket(0xa, 0x3, 0x3b) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) socket(0xa, 0x3, 0x3b) r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000580)='/proc/thread-self/net/raw6\x00', 0x500, 0x0) pread64$auto(r1, 0x0, 0x206, 0x7) madvise$auto(0x400, 0x5, 0x5) close_range$auto(0x0, 0xfffffffffffff000, 0x2) syz_genetlink_get_family_id$auto_tipcv2(0x0, 0xffffffffffffffff) write$auto_proc_reg_file_ops_compat_inode(0xffffffffffffffff, 0x0, 0x0) openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000000100), 0xd0042, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) syz_genetlink_get_family_id$auto_mac80211_hwsim(0x0, 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x80002, 0x73) openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, &(0x7f0000000000), 0x40000, 0x0) syz_clone(0x20011, 0x0, 0x0, 0x0, 0x0, 0x0) read$auto(0x3, 0x0, 0x8080) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) sysfs$auto(0x2, 0x2, 0x0) 2.532583806s ago: executing program 2 (id=1824): socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NL80211_CMD_SET_SAR_SPECS(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x9000020}, 0xc, &(0x7f0000000080)={0x0, 0x1030}, 0x1, 0x0, 0x0, 0xc044804}, 0x40000) ioctl$auto_SNDRV_RAWMIDI_IOCTL_PARAMS(0xffffffffffffffff, 0xc0305710, 0x0) socket(0xa, 0x3, 0x3b) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) socket(0xa, 0x3, 0x3b) r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000580)='/proc/thread-self/net/raw6\x00', 0x500, 0x0) pread64$auto(r1, 0x0, 0x206, 0x7) madvise$auto(0x400, 0x5, 0x5) close_range$auto(0x0, 0xfffffffffffff000, 0x2) syz_genetlink_get_family_id$auto_tipcv2(0x0, 0xffffffffffffffff) write$auto_proc_reg_file_ops_compat_inode(0xffffffffffffffff, 0x0, 0x0) openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000000100), 0xd0042, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, 0x0, 0x2, 0x0) syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000040), 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x80002, 0x73) openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, &(0x7f0000000000), 0x40000, 0x0) syz_clone(0x20011, 0x0, 0x0, 0x0, 0x0, 0x0) read$auto(0x3, 0x0, 0x8080) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) sysfs$auto(0x2, 0x2, 0x0) 2.162628859s ago: executing program 1 (id=1825): sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xad6) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/vtconsole/vtcon1/bind\x00', 0x182b02, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0xe6e43, 0x0) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, 0x0, 0xc0000, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) r2 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sysvipc/sem\x00', 0x0, 0x0) lseek$auto(r2, 0x7fd, 0x1) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/pci0000:00/waiting_for_supplier\x00', 0x80800, 0x0) sendfile$auto(0x1, r3, 0x0, 0x400007ffff000) bpf$auto(0x0, &(0x7f0000000780)=@link_update={0xa, @new_map_fd=0x5, 0x4007, @old_prog_fd=0x13b}, 0xa3) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) getsockopt$auto(r0, 0x4, 0x4, &(0x7f0000000040)='/sys/devices/pci0000:00/waiting_for_supplier\x00', &(0x7f0000000180)=0x9) fsconfig$auto(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) socket(0x2, 0x3, 0xa) close_range$auto(0x0, 0xfffffffffffff000, 0x0) r5 = ioctl$auto_TUNSETNOCSUM(r4, 0x400454c8, &(0x7f00000001c0)=0x8) bpf$auto(0x101, &(0x7f0000000280)=@bpf_attr_0={0xa, 0x200000b8, 0x10, 0x4, 0x4, 0xffffffffffffffff, 0xa, "2a3ce63f0000f8ffffff00", 0x0, 0xffffffffffffffff, 0x5, 0x7, 0x7, 0x6, r5}, 0xf) connect$auto(r7, &(0x7f0000000240)=@can={0x1d, r6}, 0x6) bpf$auto(0x1a, &(0x7f0000000380)=@link_create={@map_fd, @target_ifindex=r6, 0x3, 0x81, @uprobe_multi={0x81, 0x1ff, 0x3d7e, 0x0, 0x1, 0x4}}, 0x92) r8 = socket(0x2, 0x3, 0x1) getsockopt$auto_SO_DEBUG(r8, 0xff, 0x1, 0x0, 0x0) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x9}, 0x8) 1.740238802s ago: executing program 3 (id=1826): mmap$auto(0x0, 0x400008, 0x5f, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x10000, 0x0) openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/fb0\x00', 0x78561, 0x0) mmap$auto(0x0, 0x20009, 0x7, 0x40000000000eb1, 0xffffffffffffffff, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r0, 0x0, 0xe8) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000001240)='/proc/thread-self/fail-nth\x00', 0xa0302, 0x0) writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) newfstatat$auto(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0, 0x5) openat$auto_ecryptfs_dir_fops_ecryptfs_kernel(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/bluetooth/hci4/hci4:201\x00', 0x40, 0x0) capget$auto(0x0, 0xfffffffffffffffe) unshare$auto(0x40000080) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0xb01, 0x0) write$auto(r2, 0x0, 0x1) sendmsg$auto_ETHTOOL_MSG_TSCONFIG_GET(0xffffffffffffffff, &(0x7f0000000740)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x4004000) ioctl$auto_XFS_IOC_ERROR_CLEARALL(0xffffffffffffffff, 0x40085875, 0x0) socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) socket$nl_generic(0x10, 0x3, 0x10) setsockopt$auto(0x3, 0x10000000084, 0x7c, 0x0, 0x8) shmctl$auto_SHM_UNLOCK(0x0, 0xc, 0x0) io_uring_setup$auto(0x1ff, 0x0) 1.447909762s ago: executing program 2 (id=1827): openat$auto_lsm_ops_inode(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) socket(0x2, 0x1, 0x106) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/audio1\x00', 0x80e42, 0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/adsp1\x00', 0x20342, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) select$auto(0x11, 0x0, 0x0, &(0x7f00000002c0)={[0x10000000000001fc, 0x7, 0xd3e, 0x1, 0x9687, 0x100000000000003, 0x95f4da0a, 0x6, 0x3, 0x62, 0x5, 0x5, 0x6d3f, 0x7, 0x6, 0x6]}, 0x0) socket(0xa, 0x801, 0x84) mmap$auto(0x0, 0x20004, 0x1ff, 0xeb1, 0x8000000000000024, 0x8000) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/loop15\x00', 0x6600, 0x0) openat$auto_tomoyo_self_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000000)='/dev/binderfs/binder0\x00', 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nfsd(0x0, 0xffffffffffffffff) socket(0xa, 0x5, 0x84) socket(0x2, 0x2, 0x0) socketpair$auto(0xffffffff, 0x2, 0x63, 0x0) close_range$auto(0x2, 0xffffffffffffffff, 0x0) open(0x0, 0x22240, 0x55) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0xc8e03, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = socket(0xa, 0x801, 0x84) getsockopt$auto(r1, 0x84, 0x82, 0x0, 0x0) ioctl$auto(0x3, 0x40106f52, r0) 1.137092046s ago: executing program 0 (id=1828): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/v4l-subdev0\x00', 0x0, 0x0) select$auto(0x1, 0x0, 0x0, 0x0, 0x0) process_vm_readv$auto(0x0, 0x0, 0x800000001, 0x0, 0x6, 0x0) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) preadv2$auto(r0, 0x0, 0x6, 0x3, 0x4, 0x2e) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x202000a, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0x10, 0x2, 0xc) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/net/lapb3/threaded\x00', 0x8a801, 0x0) socket(0x15, 0x5, 0x0) openat$auto_proc_mountinfo_operations_mnt_namespace(0xffffffffffffff9c, &(0x7f0000000000)='/proc/stat\x00', 0x40002, 0x0) socket(0x2, 0x1, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) pipe$auto(0x0) close_range$auto(0x2, 0xffffffffffffffff, 0x0) open(0x0, 0x22240, 0x55) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x2, 0x0) r2 = socket(0xa, 0x801, 0x84) getsockopt$auto(r2, 0x84, 0x82, 0x0, 0x0) ioctl$auto(0x3, 0x80106f53, r1) 209.713912ms ago: executing program 1 (id=1829): write$auto(0xffffffffffffffff, &(0x7f0000000080)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94&\x81\xe2\x13\x8f\xea#\xf8F\xbbOO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\b\xc1\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xcbA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(', 0xa) unshare$auto(0x40000080) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) listen$auto(0x3, 0x81) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x202000a, 0xffffffff, 0xdc, 0xfffffffffffffffa, 0x8000) keyctl$auto(0x1f, 0x1, 0x6, 0x3, 0x3ff) r1 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f2, 0x15) syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_FEATURES_SET(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, 0x0}, 0x24048084) madvise$auto(0x0, 0x200007, 0x19) openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, 0x0, 0x103003, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x101001, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000001c0), 0x101000, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) r3 = openat$auto_zero_fops_mem(0xffffffffffffff9c, &(0x7f0000000340), 0x80200, 0x0) pread64$auto(r3, &(0x7f0000000240)='\x03W\x96l\x15\x00'/21, 0x100000002, 0x100000001) close_range$auto(0x0, 0xfffffffffffff000, 0x0) mq_notify$auto(0xffffffffffffffff, &(0x7f0000000180)={@sival_ptr=0x0, @inferred, 0x0, @_sigev_thread={0x0, 0x0}}) mq_open$auto(&(0x7f0000000280)='\\*)A\x00', 0x7e, 0x9, 0x0) mq_timedsend$auto(r1, 0x0, 0x2, 0x9, 0x0) 0s ago: executing program 2 (id=1830): mmap$auto(0x0, 0x4020009, 0xdb, 0xeb1, 0x401, 0x8000) r0 = socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) fcntl$auto(0x3, 0x4, 0xa553) swapon$auto(0x0, 0x4) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) ioctl$auto_TIOCSETD2(r0, 0x5423, 0x0) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) adjtimex$auto(&(0x7f0000000000)={0xffff92b5, 0x0, 0x9, 0x3, 0x0, 0x80000000000000, 0x80000000, 0x0, 0x4513, 0x9, 0xffffffffffffffff, {0x7, 0x6}, 0xfffffffc, 0xbfa, 0x9, 0x10, 0x0, 0x2, 0x8, 0xff, 0x10000, 0x100000001, 0x4}) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x24) close_range$auto(0x2, 0x8, 0x0) close_range$auto(r0, 0x8, 0xfffffe02) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) r1 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dsp\x00', 0x20002, 0x0) ioctl$auto_SNDCTL_DSP_SPEED(r1, 0xc0045002, 0x0) ioctl$auto_SNDCTL_DSP_SPEED(r1, 0xc0045002, 0x0) ioctl$auto_SNDCTL_DSP_SETFMT(r1, 0xc0045005, 0x0) socketcall$auto(0x8000, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x60980, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$auto(0x3, 0xae60, 0x10000000000402) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto(0x3, 0xae41, r3) kernel console output (not intermixed with test programs): 9730] ? _raw_spin_unlock+0x28/0x50 [ 464.835625][ T9730] proc_create_reg+0x75/0x170 [ 464.835648][ T9730] proc_create_net_data+0x8e/0x1c0 [ 464.835685][ T9730] ? __pfx_proc_create_net_data+0x10/0x10 [ 464.835727][ T9730] ? __pfx_arp_net_init+0x10/0x10 [ 464.835845][ T9730] arp_net_init+0x53/0x80 [ 464.835877][ T9730] ops_init+0x1e2/0x5f0 [ 464.835908][ T9730] setup_net+0x118/0x3a0 [ 464.835937][ T9730] ? __pfx_setup_net+0x10/0x10 [ 464.835963][ T9730] ? lockdep_init_map_type+0x5c/0x250 [ 464.835992][ T9730] ? mutex_init_lockep+0x110/0x150 [ 464.836026][ T9730] copy_net_ns+0x46f/0x7c0 [ 464.836059][ T9730] create_new_namespaces+0x3ea/0xac0 [ 464.836088][ T9730] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 464.836114][ T9730] ksys_unshare+0x473/0xad0 [ 464.836143][ T9730] ? __pfx_ksys_unshare+0x10/0x10 [ 464.836180][ T9730] __x64_sys_unshare+0x31/0x40 [ 464.836213][ T9730] do_syscall_64+0x106/0xf80 [ 464.836239][ T9730] ? clear_bhb_loop+0x40/0x90 [ 464.836266][ T9730] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 464.836288][ T9730] RIP: 0033:0x7fcfb8d9c799 [ 464.836306][ T9730] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 464.836326][ T9730] RSP: 002b:00007fcfb9ca5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 464.836347][ T9730] RAX: ffffffffffffffda RBX: 00007fcfb9015fa0 RCX: 00007fcfb8d9c799 [ 464.836361][ T9730] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 464.836373][ T9730] RBP: 00007fcfb8e32c99 R08: 0000000000000000 R09: 0000000000000000 [ 464.836386][ T9730] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 464.836399][ T9730] R13: 00007fcfb9016038 R14: 00007fcfb9015fa0 R15: 00007ffc7cdf5ae8 [ 464.836426][ T9730] [ 465.477176][ T9735] bond0: invalid ARP target specified [ 467.356667][ T9757] FAULT_INJECTION: forcing a failure. [ 467.356667][ T9757] name failslab, interval 1, probability 0, space 0, times 0 [ 467.421567][ T9757] CPU: 0 UID: 0 PID: 9757 Comm: syz.2.849 Not tainted syzkaller #0 PREEMPT(full) [ 467.421604][ T9757] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 467.421622][ T9757] Call Trace: [ 467.421631][ T9757] [ 467.421641][ T9757] dump_stack_lvl+0x100/0x190 [ 467.421690][ T9757] should_fail_ex.cold+0x5/0xa [ 467.421724][ T9757] should_failslab+0xc2/0x120 [ 467.421756][ T9757] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 467.421788][ T9757] ? __d_alloc+0x34/0xa80 [ 467.421816][ T9757] __d_alloc+0x34/0xa80 [ 467.421841][ T9757] d_alloc_pseudo+0x1c/0xc0 [ 467.421870][ T9757] alloc_file_pseudo+0xcf/0x230 [ 467.421897][ T9757] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 467.421929][ T9757] __shmem_file_setup+0x221/0x490 [ 467.421958][ T9757] ? __pfx___shmem_file_setup+0x10/0x10 [ 467.421996][ T9757] ? vm_area_alloc+0x1f/0x160 [ 467.422027][ T9757] shmem_zero_setup+0x96/0x1b0 [ 467.422060][ T9757] __mmap_region+0x2198/0x29e0 [ 467.422096][ T9757] ? __pfx___mmap_region+0x10/0x10 [ 467.422123][ T9757] ? process_measurement+0x1f4/0x2350 [ 467.422153][ T9757] ? css_rstat_updated+0x1ce/0x5a0 [ 467.422176][ T9757] ? __pfx_css_rstat_updated+0x10/0x10 [ 467.422197][ T9757] ? tomoyo_check_open_permission+0x1db/0x3c0 [ 467.422239][ T9757] ? __lock_acquire+0x4a5/0x2630 [ 467.422265][ T9757] ? trace_pelt_se_tp+0x159/0x1b0 [ 467.422300][ T9757] ? find_held_lock+0x2b/0x80 [ 467.422318][ T9757] ? finish_task_switch.isra.0+0x200/0xb80 [ 467.422339][ T9757] ? finish_task_switch.isra.0+0x200/0xb80 [ 467.422370][ T9757] ? trace_sched_exit_tp+0x13a/0x180 [ 467.422394][ T9757] ? __schedule+0x1000/0x6120 [ 467.422464][ T9757] ? rcu_is_watching+0x12/0xc0 [ 467.422499][ T9757] ? cap_capable+0x107/0x460 [ 467.422535][ T9757] mmap_region+0x180/0x3e0 [ 467.422572][ T9757] do_mmap+0xc63/0x12f0 [ 467.422600][ T9757] ? __pfx_do_mmap+0x10/0x10 [ 467.422624][ T9757] ? __pfx_down_write_killable+0x10/0x10 [ 467.422660][ T9757] vm_mmap_pgoff+0x29e/0x470 [ 467.422688][ T9757] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 467.422714][ T9757] ? do_futex+0x192/0x350 [ 467.422742][ T9757] ? __pfx_do_futex+0x10/0x10 [ 467.422777][ T9757] ksys_mmap_pgoff+0xe1/0x650 [ 467.422800][ T9757] ? __x64_sys_futex+0x34f/0x4d0 [ 467.422826][ T9757] ? __x64_sys_futex+0x358/0x4d0 [ 467.422855][ T9757] ? __pfx_ksys_mmap_pgoff+0x10/0x10 [ 467.422878][ T9757] ? xfd_validate_state+0x129/0x190 [ 467.422917][ T9757] __x64_sys_mmap+0x125/0x190 [ 467.422953][ T9757] do_syscall_64+0x106/0xf80 [ 467.422984][ T9757] ? clear_bhb_loop+0x40/0x90 [ 467.423011][ T9757] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 467.423033][ T9757] RIP: 0033:0x7fb5f5b9c799 [ 467.423051][ T9757] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 467.423071][ T9757] RSP: 002b:00007fb5f6b43028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 467.423091][ T9757] RAX: ffffffffffffffda RBX: 00007fb5f5e15fa0 RCX: 00007fb5f5b9c799 [ 467.423105][ T9757] RDX: 0000000000000003 RSI: 0000000002020009 RDI: 0000000000000000 [ 467.423118][ T9757] RBP: 00007fb5f5c32c99 R08: fffffffffffffffa R09: 0000000000008000 [ 467.423131][ T9757] R10: 0000000000000eb1 R11: 0000000000000246 R12: 0000000000000000 [ 467.423144][ T9757] R13: 00007fb5f5e16038 R14: 00007fb5f5e15fa0 R15: 00007fff40d96958 [ 467.423172][ T9757] [ 469.373338][ T9763] openvswitch: netlink: Key type 261 is out of range max 32 [ 469.745876][ T9767] can: request_module (can-proto-0) failed. [ 471.822264][ T9793] can: request_module (can-proto-0) failed. [ 473.927524][ T7197] Bluetooth: hci4: command 0x1003 tx timeout [ 473.936293][ T7196] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 474.160542][ T9813] FAULT_INJECTION: forcing a failure. [ 474.160542][ T9813] name failslab, interval 1, probability 0, space 0, times 0 [ 474.217538][ T9813] CPU: 1 UID: 0 PID: 9813 Comm: syz.1.863 Not tainted syzkaller #0 PREEMPT(full) [ 474.217577][ T9813] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 474.217596][ T9813] Call Trace: [ 474.217606][ T9813] [ 474.217617][ T9813] dump_stack_lvl+0x100/0x190 [ 474.217669][ T9813] should_fail_ex.cold+0x5/0xa [ 474.217706][ T9813] should_failslab+0xc2/0x120 [ 474.217739][ T9813] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 474.217788][ T9813] ? __d_alloc+0x34/0xa80 [ 474.217830][ T9813] __d_alloc+0x34/0xa80 [ 474.217869][ T9813] d_alloc_pseudo+0x1c/0xc0 [ 474.217911][ T9813] alloc_file_pseudo+0xcf/0x230 [ 474.217952][ T9813] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 474.218002][ T9813] __shmem_file_setup+0x221/0x490 [ 474.218046][ T9813] ? __pfx___shmem_file_setup+0x10/0x10 [ 474.218094][ T9813] ? vm_area_alloc+0x1f/0x160 [ 474.218140][ T9813] shmem_zero_setup+0x96/0x1b0 [ 474.218191][ T9813] __mmap_region+0x2198/0x29e0 [ 474.218243][ T9813] ? __pfx___mmap_region+0x10/0x10 [ 474.218284][ T9813] ? process_measurement+0x1f4/0x2350 [ 474.218328][ T9813] ? css_rstat_updated+0x1ce/0x5a0 [ 474.218364][ T9813] ? __pfx_css_rstat_updated+0x10/0x10 [ 474.218414][ T9813] ? __lock_acquire+0x4a5/0x2630 [ 474.218480][ T9813] ? find_held_lock+0x2b/0x80 [ 474.218508][ T9813] ? finish_task_switch.isra.0+0x200/0xb80 [ 474.218541][ T9813] ? finish_task_switch.isra.0+0x200/0xb80 [ 474.218589][ T9813] ? trace_sched_exit_tp+0x13a/0x180 [ 474.218637][ T9813] ? __schedule+0x1000/0x6120 [ 474.218714][ T9813] ? rcu_is_watching+0x12/0xc0 [ 474.218760][ T9813] ? cap_capable+0x107/0x460 [ 474.218806][ T9813] mmap_region+0x180/0x3e0 [ 474.218857][ T9813] do_mmap+0xc63/0x12f0 [ 474.218895][ T9813] ? __pfx_do_mmap+0x10/0x10 [ 474.218927][ T9813] ? __pfx_down_write_killable+0x10/0x10 [ 474.218976][ T9813] vm_mmap_pgoff+0x29e/0x470 [ 474.219015][ T9813] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 474.219050][ T9813] ? do_futex+0x192/0x350 [ 474.219087][ T9813] ? __pfx_do_futex+0x10/0x10 [ 474.219130][ T9813] ksys_mmap_pgoff+0xe1/0x650 [ 474.219161][ T9813] ? __x64_sys_futex+0x34f/0x4d0 [ 474.219196][ T9813] ? __x64_sys_futex+0x358/0x4d0 [ 474.219233][ T9813] ? __pfx_ksys_mmap_pgoff+0x10/0x10 [ 474.219264][ T9813] ? xfd_validate_state+0x129/0x190 [ 474.219312][ T9813] __x64_sys_mmap+0x125/0x190 [ 474.219359][ T9813] do_syscall_64+0x106/0xf80 [ 474.219392][ T9813] ? clear_bhb_loop+0x40/0x90 [ 474.219437][ T9813] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 474.219467][ T9813] RIP: 0033:0x7fcfb8d9c799 [ 474.219491][ T9813] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 474.219518][ T9813] RSP: 002b:00007fcfb9ca5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 474.219545][ T9813] RAX: ffffffffffffffda RBX: 00007fcfb9015fa0 RCX: 00007fcfb8d9c799 [ 474.219564][ T9813] RDX: 0000000000000003 RSI: 0000000002020009 RDI: 0000000000000000 [ 474.219580][ T9813] RBP: 00007fcfb8e32c99 R08: fffffffffffffffa R09: 0000000000008000 [ 474.219598][ T9813] R10: 0000000000000eb1 R11: 0000000000000246 R12: 0000000000000000 [ 474.219614][ T9813] R13: 00007fcfb9016038 R14: 00007fcfb9015fa0 R15: 00007ffc7cdf5ae8 [ 474.219652][ T9813] [ 474.935263][ T9813] openvswitch: netlink: Key type 261 is out of range max 32 [ 480.497314][ T9858] FAULT_INJECTION: forcing a failure. [ 480.497314][ T9858] name failslab, interval 1, probability 0, space 0, times 0 [ 480.697252][ T9859] can: request_module (can-proto-0) failed. [ 480.706483][ T9858] CPU: 1 UID: 0 PID: 9858 Comm: syz.2.871 Not tainted syzkaller #0 PREEMPT(full) [ 480.706526][ T9858] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 480.706546][ T9858] Call Trace: [ 480.706557][ T9858] [ 480.706569][ T9858] dump_stack_lvl+0x100/0x190 [ 480.706625][ T9858] should_fail_ex.cold+0x5/0xa [ 480.706667][ T9858] should_failslab+0xc2/0x120 [ 480.706702][ T9858] __kmalloc_cache_noprof+0x7a/0x6f0 [ 480.706747][ T9858] ? vidtv_psi_network_name_desc_init+0x68/0x310 [ 480.706884][ T9858] vidtv_psi_network_name_desc_init+0x68/0x310 [ 480.706926][ T9858] vidtv_psi_nit_table_init+0x291/0x5f0 [ 480.706996][ T9858] ? kasan_save_track+0x14/0x30 [ 480.707050][ T9858] vidtv_channel_si_init+0xcd0/0x18d0 [ 480.707105][ T9858] vidtv_mux_init+0x526/0xbf0 [ 480.707153][ T9858] vidtv_start_feed+0x33e/0x4c0 [ 480.707240][ T9858] ? __pfx_vidtv_start_feed+0x10/0x10 [ 480.707300][ T9858] ? __pfx_vidtv_bridge_on_new_pkts_avail+0x10/0x10 [ 480.707360][ T9858] ? mark_held_locks+0x40/0x70 [ 480.707406][ T9858] ? __pfx_vidtv_start_feed+0x10/0x10 [ 480.707455][ T9858] dmx_ts_feed_start_filtering+0xf6/0x220 [ 480.707520][ T9858] dvb_dmxdev_start_feed+0x273/0x3f0 [ 480.707592][ T9858] dvb_dmxdev_filter_start+0x1b6/0xdd0 [ 480.707644][ T9858] ? dvb_dmxdev_add_pid+0x2a1/0x380 [ 480.707695][ T9858] dvb_demux_do_ioctl+0xe64/0x1200 [ 480.707756][ T9858] dvb_usercopy+0x167/0x340 [ 480.707797][ T9858] ? __pfx_dvb_demux_do_ioctl+0x10/0x10 [ 480.707847][ T9858] ? __pfx_dvb_usercopy+0x10/0x10 [ 480.707905][ T9858] ? __fget_files+0x21f/0x3d0 [ 480.707941][ T9858] dvb_demux_ioctl+0x29/0x40 [ 480.707983][ T9858] ? __pfx_dvb_demux_ioctl+0x10/0x10 [ 480.708025][ T9858] __x64_sys_ioctl+0x18e/0x210 [ 480.708072][ T9858] do_syscall_64+0x106/0xf80 [ 480.708109][ T9858] ? clear_bhb_loop+0x40/0x90 [ 480.708147][ T9858] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 480.708178][ T9858] RIP: 0033:0x7fb5f5b9c799 [ 480.708204][ T9858] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 480.708233][ T9858] RSP: 002b:00007fb5f6b43028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 480.708263][ T9858] RAX: ffffffffffffffda RBX: 00007fb5f5e15fa0 RCX: 00007fb5f5b9c799 [ 480.708292][ T9858] RDX: 0000000000000000 RSI: 0000000040146f2c RDI: 0000000000000002 [ 480.708311][ T9858] RBP: 00007fb5f5c32c99 R08: 0000000000000000 R09: 0000000000000000 [ 480.708329][ T9858] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 480.708347][ T9858] R13: 00007fb5f5e16038 R14: 00007fb5f5e15fa0 R15: 00007fff40d96958 [ 480.708389][ T9858] [ 483.001429][ T9885] can: request_module (can-proto-0) failed. [ 484.874883][ T9909] zram0: detected capacity change from 16 to 0 [ 485.233588][ T7196] Bluetooth: hci2: unexpected event 0x1c length: 725 > 5 [ 485.327806][ T9917] openvswitch: netlink: Multiple metadata blocks provided [ 487.114150][ T9938] futex_wake_op: syz.3.887 tries to shift op by -2048; fix this program [ 487.537362][ T9938] futex_wake_op: syz.3.887 tries to shift op by -2048; fix this program [ 487.594400][ T9938] 0x000000000001-0x000000020000 : "" [ 487.674424][ T9938] ftl_cs: FTL header corrupt! [ 490.302454][ T9972] can: request_module (can-proto-0) failed. [ 491.039758][ T9981] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 491.488863][ T9985] zswap: compressor not available [ 491.810914][T10002] ptrace attach of "./syz-executor exec"[5825] was attempted by "./syz-executor exec"[10002] [ 495.405972][T10029] netlink: 28 bytes leftover after parsing attributes in process `syz.3.905'. [ 497.326457][ T7196] Bluetooth: hci2: unexpected subevent 0x18 length: 123 > 19 [ 497.335984][ T7196] Bluetooth: hci2: Unable to find connection for dst f9:56:cc:cc:70:a9 sid 0x00 [ 497.974112][T10062] FAULT_INJECTION: forcing a failure. [ 497.974112][T10062] name failslab, interval 1, probability 0, space 0, times 0 [ 498.251493][T10062] CPU: 1 UID: 0 PID: 10062 Comm: syz.0.913 Not tainted syzkaller #0 PREEMPT(full) [ 498.251530][T10062] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 498.251547][T10062] Call Trace: [ 498.251556][T10062] [ 498.251567][T10062] dump_stack_lvl+0x100/0x190 [ 498.251615][T10062] should_fail_ex.cold+0x5/0xa [ 498.251647][T10062] ? __alloc_workqueue+0x148/0x1880 [ 498.251679][T10062] should_failslab+0xc2/0x120 [ 498.251710][T10062] __kmalloc_noprof+0xe0/0x850 [ 498.251769][T10062] __alloc_workqueue+0x148/0x1880 [ 498.251803][T10062] ? __pfx_vsnprintf+0x10/0x10 [ 498.251908][T10062] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 498.251940][T10062] ? lockdep_hardirqs_on+0x78/0x100 [ 498.251975][T10062] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 498.252011][T10062] alloc_workqueue_noprof+0xd2/0x200 [ 498.252046][T10062] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 498.252090][T10062] ? __pfx___debug_object_init+0x10/0x10 [ 498.252195][T10062] nci_register_device+0x511/0xb80 [ 498.252285][T10062] ? __pfx_nci_register_device+0x10/0x10 [ 498.252335][T10062] ? lockdep_init_map_type+0x5c/0x250 [ 498.252380][T10062] virtual_ncidev_open+0x141/0x220 [ 498.252440][T10062] ? __pfx_virtual_ncidev_open+0x10/0x10 [ 498.252472][T10062] misc_open+0x26d/0x450 [ 498.252529][T10062] ? __pfx_misc_open+0x10/0x10 [ 498.252555][T10062] chrdev_open+0x234/0x6a0 [ 498.252583][T10062] ? __pfx_apparmor_file_open+0x10/0x10 [ 498.252627][T10062] ? __pfx_chrdev_open+0x10/0x10 [ 498.252657][T10062] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 498.252695][T10062] do_dentry_open+0x6d8/0x1660 [ 498.252722][T10062] ? __pfx_chrdev_open+0x10/0x10 [ 498.252768][T10062] vfs_open+0x82/0x3f0 [ 498.252811][T10062] path_openat+0x208c/0x31a0 [ 498.252852][T10062] ? __pfx_path_openat+0x10/0x10 [ 498.252894][T10062] do_file_open+0x20e/0x430 [ 498.252926][T10062] ? __pfx_do_file_open+0x10/0x10 [ 498.252981][T10062] ? alloc_fd+0x476/0x790 [ 498.253013][T10062] ? do_getname+0x191/0x390 [ 498.253052][T10062] do_sys_openat2+0x10d/0x1e0 [ 498.253089][T10062] ? __pfx_do_sys_openat2+0x10/0x10 [ 498.253140][T10062] __x64_sys_openat+0x12d/0x210 [ 498.253179][T10062] ? __pfx___x64_sys_openat+0x10/0x10 [ 498.253232][T10062] do_syscall_64+0x106/0xf80 [ 498.253265][T10062] ? clear_bhb_loop+0x40/0x90 [ 498.253303][T10062] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 498.253333][T10062] RIP: 0033:0x7efdcd59c799 [ 498.253355][T10062] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 498.253382][T10062] RSP: 002b:00007efdce513028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 498.253408][T10062] RAX: ffffffffffffffda RBX: 00007efdcd815fa0 RCX: 00007efdcd59c799 [ 498.253426][T10062] RDX: 0000000000000002 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 498.253442][T10062] RBP: 00007efdcd632c99 R08: 0000000000000000 R09: 0000000000000000 [ 498.253459][T10062] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 498.253475][T10062] R13: 00007efdcd816038 R14: 00007efdcd815fa0 R15: 00007ffc6ccfb908 [ 498.253512][T10062] [ 501.610627][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.617157][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 503.239971][T10112] FAULT_INJECTION: forcing a failure. [ 503.239971][T10112] name failslab, interval 1, probability 0, space 0, times 0 [ 503.338614][T10112] CPU: 1 UID: 0 PID: 10112 Comm: syz.3.920 Not tainted syzkaller #0 PREEMPT(full) [ 503.338658][T10112] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 503.338677][T10112] Call Trace: [ 503.338687][T10112] [ 503.338700][T10112] dump_stack_lvl+0x100/0x190 [ 503.338753][T10112] should_fail_ex.cold+0x5/0xa [ 503.338800][T10112] should_failslab+0xc2/0x120 [ 503.338834][T10112] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 503.338894][T10112] ? security_inode_alloc+0x3b/0x2c0 [ 503.338941][T10112] ? lockdep_init_map_type+0x5c/0x250 [ 503.338987][T10112] security_inode_alloc+0x3b/0x2c0 [ 503.339034][T10112] inode_init_always_gfp+0xced/0x1040 [ 503.339071][T10112] alloc_inode+0x8e/0x250 [ 503.339111][T10112] new_inode+0x22/0x1c0 [ 503.339153][T10112] hugetlbfs_get_inode+0x313/0x750 [ 503.339192][T10112] hugetlb_file_setup+0x3cc/0x5b0 [ 503.339261][T10112] newseg+0xabb/0xed0 [ 503.339376][T10112] ? __pfx_newseg+0x10/0x10 [ 503.339408][T10112] ? down_write+0x146/0x1f0 [ 503.339460][T10112] ? ksys_write+0x190/0x250 [ 503.339483][T10112] ? ksys_write+0x190/0x250 [ 503.339513][T10112] ipcget+0xee/0xf50 [ 503.339566][T10112] ? do_futex+0x192/0x350 [ 503.339603][T10112] ? __pfx_do_futex+0x10/0x10 [ 503.339645][T10112] ? __pfx_ipcget+0x10/0x10 [ 503.339693][T10112] ? __x64_sys_futex+0x34f/0x4d0 [ 503.339727][T10112] ? __x64_sys_futex+0x358/0x4d0 [ 503.339769][T10112] __x64_sys_shmget+0x13b/0x1b0 [ 503.339811][T10112] ? __pfx___x64_sys_shmget+0x10/0x10 [ 503.339854][T10112] do_syscall_64+0x106/0xf80 [ 503.339901][T10112] ? clear_bhb_loop+0x40/0x90 [ 503.339936][T10112] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 503.339965][T10112] RIP: 0033:0x7fb516f9c799 [ 503.339988][T10112] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 503.340015][T10112] RSP: 002b:00007fb517df2028 EFLAGS: 00000246 ORIG_RAX: 000000000000001d [ 503.340042][T10112] RAX: ffffffffffffffda RBX: 00007fb517216270 RCX: 00007fb516f9c799 [ 503.340078][T10112] RDX: 0000000079e56dc9 RSI: 0000000000000003 RDI: 0000000100000000 [ 503.340095][T10112] RBP: 00007fb517032c99 R08: 0000000000000000 R09: 0000000000000000 [ 503.340113][T10112] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 503.340129][T10112] R13: 00007fb517216308 R14: 00007fb517216270 R15: 00007ffebd199118 [ 503.340167][T10112] [ 504.649119][ T5910] Process accounting resumed [ 505.279275][T10138] input: f as /devices/virtual/input/input16 [ 507.655619][T10160] can: request_module (can-proto-0) failed. [ 509.556201][T10185] FAULT_INJECTION: forcing a failure. [ 509.556201][T10185] name failslab, interval 1, probability 0, space 0, times 0 [ 509.634129][T10186] can: request_module (can-proto-0) failed. [ 509.649045][T10185] CPU: 1 UID: 0 PID: 10185 Comm: syz.0.930 Not tainted syzkaller #0 PREEMPT(full) [ 509.649084][T10185] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 509.649102][T10185] Call Trace: [ 509.649111][T10185] [ 509.649122][T10185] dump_stack_lvl+0x100/0x190 [ 509.649172][T10185] should_fail_ex.cold+0x5/0xa [ 509.649219][T10185] should_failslab+0xc2/0x120 [ 509.649249][T10185] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 509.649294][T10185] ? __d_alloc+0x34/0xa80 [ 509.649332][T10185] __d_alloc+0x34/0xa80 [ 509.649367][T10185] d_alloc+0x4a/0x1e0 [ 509.649400][T10185] lookup_one_qstr_excl+0x175/0x250 [ 509.649440][T10185] start_dirop+0x59/0xb0 [ 509.649485][T10185] simple_start_creating+0xf9/0x110 [ 509.649531][T10185] ? __pfx_simple_start_creating+0x10/0x10 [ 509.649577][T10185] ? mntput+0x70/0xa0 [ 509.649620][T10185] ? simple_pin_fs+0xa3/0x190 [ 509.649662][T10185] debugfs_start_creating.part.0+0x82/0x170 [ 509.649709][T10185] __debugfs_create_file+0xb3/0x4f0 [ 509.649768][T10185] debugfs_create_file_full+0x41/0x60 [ 509.649819][T10185] ref_tracker_dir_debugfs+0x19e/0x2e0 [ 509.649854][T10185] ? __pfx_ref_tracker_dir_debugfs+0x10/0x10 [ 509.649885][T10185] ? find_held_lock+0x2b/0x80 [ 509.649943][T10185] ? lockdep_init_map_type+0x5c/0x250 [ 509.649989][T10185] preinit_net.part.0+0x437/0x8f0 [ 509.650030][T10185] copy_net_ns+0x339/0x7c0 [ 509.650078][T10185] create_new_namespaces+0x3ea/0xac0 [ 509.650116][T10185] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 509.650151][T10185] ksys_unshare+0x473/0xad0 [ 509.650189][T10185] ? __pfx_ksys_unshare+0x10/0x10 [ 509.650238][T10185] __x64_sys_unshare+0x31/0x40 [ 509.650273][T10185] do_syscall_64+0x106/0xf80 [ 509.650308][T10185] ? clear_bhb_loop+0x40/0x90 [ 509.650344][T10185] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 509.650373][T10185] RIP: 0033:0x7efdcd59c799 [ 509.650398][T10185] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 509.650442][T10185] RSP: 002b:00007efdce513028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 509.650472][T10185] RAX: ffffffffffffffda RBX: 00007efdcd815fa0 RCX: 00007efdcd59c799 [ 509.650492][T10185] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 509.650508][T10185] RBP: 00007efdcd632c99 R08: 0000000000000000 R09: 0000000000000000 [ 509.650526][T10185] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 509.650544][T10185] R13: 00007efdcd816038 R14: 00007efdcd815fa0 R15: 00007ffc6ccfb908 [ 509.650584][T10185] [ 510.774444][T10203] FAULT_INJECTION: forcing a failure. [ 510.774444][T10203] name failslab, interval 1, probability 0, space 0, times 0 [ 510.866334][T10203] CPU: 1 UID: 0 PID: 10203 Comm: syz.2.935 Not tainted syzkaller #0 PREEMPT(full) [ 510.866375][T10203] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 510.866392][T10203] Call Trace: [ 510.866402][T10203] [ 510.866413][T10203] dump_stack_lvl+0x100/0x190 [ 510.866465][T10203] should_fail_ex.cold+0x5/0xa [ 510.866521][T10203] should_failslab+0xc2/0x120 [ 510.866555][T10203] __kmalloc_cache_noprof+0x7a/0x6f0 [ 510.866598][T10203] ? ip6addrlbl_add+0xe0/0xdb0 [ 510.866751][T10203] ip6addrlbl_add+0xe0/0xdb0 [ 510.866802][T10203] ? lockdep_init_map_type+0x5c/0x250 [ 510.866861][T10203] ip6addrlbl_net_init+0x10a/0x330 [ 510.866913][T10203] ? __pfx_ip6addrlbl_net_init+0x10/0x10 [ 510.866961][T10203] ops_init+0x1e2/0x5f0 [ 510.867005][T10203] setup_net+0x118/0x3a0 [ 510.867046][T10203] ? __pfx_setup_net+0x10/0x10 [ 510.867100][T10203] ? lockdep_init_map_type+0x5c/0x250 [ 510.867154][T10203] ? mutex_init_lockep+0x110/0x150 [ 510.867205][T10203] copy_net_ns+0x46f/0x7c0 [ 510.867253][T10203] create_new_namespaces+0x3ea/0xac0 [ 510.867296][T10203] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 510.867337][T10203] ksys_unshare+0x473/0xad0 [ 510.867379][T10203] ? __pfx_ksys_unshare+0x10/0x10 [ 510.867447][T10203] __x64_sys_unshare+0x31/0x40 [ 510.867484][T10203] do_syscall_64+0x106/0xf80 [ 510.867519][T10203] ? clear_bhb_loop+0x40/0x90 [ 510.867556][T10203] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 510.867586][T10203] RIP: 0033:0x7fb5f5b9c799 [ 510.867611][T10203] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 510.867640][T10203] RSP: 002b:00007fb5f6b43028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 510.867669][T10203] RAX: ffffffffffffffda RBX: 00007fb5f5e15fa0 RCX: 00007fb5f5b9c799 [ 510.867688][T10203] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 510.867706][T10203] RBP: 00007fb5f5c32c99 R08: 0000000000000000 R09: 0000000000000000 [ 510.867724][T10203] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 510.867741][T10203] R13: 00007fb5f5e16038 R14: 00007fb5f5e15fa0 R15: 00007fff40d96958 [ 510.867781][T10203] [ 511.115996][T10196] can: request_module (can-proto-0) failed. [ 512.334713][T10218] Invalid ELF header magic: != ELF [ 514.074382][T10236] netlink: 4 bytes leftover after parsing attributes in process `syz.1.941'. [ 518.309709][T10269] FAULT_INJECTION: forcing a failure. [ 518.309709][T10269] name failslab, interval 1, probability 0, space 0, times 0 [ 518.421450][T10269] CPU: 1 UID: 0 PID: 10269 Comm: syz.3.949 Not tainted syzkaller #0 PREEMPT(full) [ 518.421494][T10269] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 518.421513][T10269] Call Trace: [ 518.421523][T10269] [ 518.421536][T10269] dump_stack_lvl+0x100/0x190 [ 518.421592][T10269] should_fail_ex.cold+0x5/0xa [ 518.421631][T10269] should_failslab+0xc2/0x120 [ 518.421665][T10269] __kmalloc_node_track_caller_noprof+0xe3/0x850 [ 518.421720][T10269] ? neigh_parms_alloc+0x85/0x5e0 [ 518.421872][T10269] kmemdup_noprof+0x29/0x60 [ 518.421924][T10269] neigh_parms_alloc+0x85/0x5e0 [ 518.421972][T10269] ipv6_add_dev+0x3f7/0x1520 [ 518.422023][T10269] addrconf_notify+0x563/0x19c0 [ 518.422083][T10269] ? ip6mr_device_event+0x1bc/0x230 [ 518.422173][T10269] notifier_call_chain+0x99/0x420 [ 518.422223][T10269] call_netdevice_notifiers_info+0xbe/0x110 [ 518.422299][T10269] register_netdevice+0x16e6/0x2210 [ 518.422350][T10269] ? __pfx_register_netdevice+0x10/0x10 [ 518.422403][T10269] ? __pfx_loopback_net_init+0x10/0x10 [ 518.422505][T10269] register_netdev+0x34/0x50 [ 518.422547][T10269] loopback_net_init+0x7a/0x170 [ 518.422595][T10269] ? __pfx_loopback_net_init+0x10/0x10 [ 518.422642][T10269] ops_init+0x1e2/0x5f0 [ 518.422703][T10269] setup_net+0x118/0x3a0 [ 518.422747][T10269] ? __pfx_setup_net+0x10/0x10 [ 518.422786][T10269] ? lockdep_init_map_type+0x5c/0x250 [ 518.422831][T10269] ? mutex_init_lockep+0x110/0x150 [ 518.422881][T10269] copy_net_ns+0x46f/0x7c0 [ 518.422931][T10269] create_new_namespaces+0x3ea/0xac0 [ 518.422974][T10269] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 518.423014][T10269] ksys_unshare+0x473/0xad0 [ 518.423066][T10269] ? __pfx_ksys_unshare+0x10/0x10 [ 518.423123][T10269] __x64_sys_unshare+0x31/0x40 [ 518.423163][T10269] do_syscall_64+0x106/0xf80 [ 518.423202][T10269] ? clear_bhb_loop+0x40/0x90 [ 518.423242][T10269] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 518.423275][T10269] RIP: 0033:0x7fb516f9c799 [ 518.423302][T10269] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 518.423331][T10269] RSP: 002b:00007fb517e55028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 518.423362][T10269] RAX: ffffffffffffffda RBX: 00007fb517215fa0 RCX: 00007fb516f9c799 [ 518.423384][T10269] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 518.423403][T10269] RBP: 00007fb517032c99 R08: 0000000000000000 R09: 0000000000000000 [ 518.423422][T10269] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 518.423440][T10269] R13: 00007fb517216038 R14: 00007fb517215fa0 R15: 00007ffebd199118 [ 518.423483][T10269] [ 520.306036][T10285] can: request_module (can-proto-0) failed. [ 523.500312][T10315] ptrace attach of "./syz-executor exec"[5826] was attempted by "./syz-executor exec"[10315] [ 525.575677][T10341] can: request_module (can-proto-0) failed. [ 526.471298][T10337] NFSD: Failed to start, no listeners configured. [ 531.827288][T10387] zswap: compressor not available [ 535.837183][T10427] can: request_module (can-proto-0) failed. [ 536.383434][T10437] netlink: 4 bytes leftover after parsing attributes in process `syz.1.985'. [ 536.959754][ T7196] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 539.052926][ T7196] Bluetooth: hci1: command 0x0406 tx timeout [ 541.127244][ T7197] Bluetooth: hci1: command 0x0406 tx timeout [ 542.955114][T10486] netlink: 25 bytes leftover after parsing attributes in process `syz.0.996'. [ 548.446086][T10520] Invalid ELF header magic: != ELF [ 550.733531][T10531] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1014'. [ 552.355531][T10549] can: request_module (can-proto-0) failed. [ 553.647564][T10562] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1011'. [ 554.848352][T10567] can: request_module (can-proto-0) failed. [ 558.206793][T10602] FAULT_INJECTION: forcing a failure. [ 558.206793][T10602] name failslab, interval 1, probability 0, space 0, times 0 [ 558.357765][T10602] CPU: 0 UID: 0 PID: 10602 Comm: syz.0.1019 Not tainted syzkaller #0 PREEMPT(full) [ 558.357808][T10602] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 558.357827][T10602] Call Trace: [ 558.357837][T10602] [ 558.357850][T10602] dump_stack_lvl+0x100/0x190 [ 558.357906][T10602] should_fail_ex.cold+0x5/0xa [ 558.357946][T10602] should_failslab+0xc2/0x120 [ 558.357980][T10602] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 558.358039][T10602] ? security_inode_alloc+0x3b/0x2c0 [ 558.358100][T10602] ? lockdep_init_map_type+0x5c/0x250 [ 558.358146][T10602] security_inode_alloc+0x3b/0x2c0 [ 558.358193][T10602] inode_init_always_gfp+0xced/0x1040 [ 558.358230][T10602] alloc_inode+0x8e/0x250 [ 558.358270][T10602] sock_alloc+0x44/0x280 [ 558.358309][T10602] ? security_socket_create+0x7f/0x250 [ 558.358356][T10602] __sock_create+0xc2/0x860 [ 558.358403][T10602] ? __pfx_inet_ctl_sock_create+0x10/0x10 [ 558.358452][T10602] inet_ctl_sock_create+0x94/0x230 [ 558.358498][T10602] ? __pfx_inet_ctl_sock_create+0x10/0x10 [ 558.358545][T10602] ? ndisc_net_init+0x1b1/0x230 [ 558.358697][T10602] ? __pfx_ndisc_net_init+0x10/0x10 [ 558.358744][T10602] ? __pfx_igmp6_net_init+0x10/0x10 [ 558.358815][T10602] igmp6_net_init+0x35/0x430 [ 558.358861][T10602] ? __pfx_igmp6_net_init+0x10/0x10 [ 558.358907][T10602] ops_init+0x1e2/0x5f0 [ 558.358951][T10602] setup_net+0x118/0x3a0 [ 558.358991][T10602] ? __pfx_setup_net+0x10/0x10 [ 558.359035][T10602] ? lockdep_init_map_type+0x5c/0x250 [ 558.359079][T10602] ? mutex_init_lockep+0x110/0x150 [ 558.359127][T10602] copy_net_ns+0x46f/0x7c0 [ 558.359190][T10602] create_new_namespaces+0x3ea/0xac0 [ 558.359231][T10602] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 558.359267][T10602] ksys_unshare+0x473/0xad0 [ 558.359307][T10602] ? __pfx_ksys_unshare+0x10/0x10 [ 558.359360][T10602] __x64_sys_unshare+0x31/0x40 [ 558.359396][T10602] do_syscall_64+0x106/0xf80 [ 558.359433][T10602] ? clear_bhb_loop+0x40/0x90 [ 558.359471][T10602] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 558.359502][T10602] RIP: 0033:0x7efdcd59c799 [ 558.359527][T10602] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 558.359556][T10602] RSP: 002b:00007efdce513028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 558.359585][T10602] RAX: ffffffffffffffda RBX: 00007efdcd815fa0 RCX: 00007efdcd59c799 [ 558.359622][T10602] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 558.359641][T10602] RBP: 00007efdcd632c99 R08: 0000000000000000 R09: 0000000000000000 [ 558.359660][T10602] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 558.359678][T10602] R13: 00007efdcd816038 R14: 00007efdcd815fa0 R15: 00007ffc6ccfb908 [ 558.359721][T10602] [ 558.361251][T10602] socket: no more sockets [ 558.707164][T10602] Failed to initialize the IGMP6 control socket (err -23) [ 563.049959][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 563.083122][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 566.679065][T10663] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1034'. [ 567.463723][T10673] netlink: 25 bytes leftover after parsing attributes in process `syz.2.1036'. [ 570.561074][T10690] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1039'. [ 570.607431][T10690] netlink: 25 bytes leftover after parsing attributes in process `syz.1.1039'. [ 574.479244][ T7196] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 575.194558][T10710] FAULT_INJECTION: forcing a failure. [ 575.194558][T10710] name failslab, interval 1, probability 0, space 0, times 0 [ 575.448740][T10710] CPU: 0 UID: 0 PID: 10710 Comm: syz.0.1044 Not tainted syzkaller #0 PREEMPT(full) [ 575.448774][T10710] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 575.448786][T10710] Call Trace: [ 575.448792][T10710] [ 575.448800][T10710] dump_stack_lvl+0x100/0x190 [ 575.448839][T10710] should_fail_ex.cold+0x5/0xa [ 575.448863][T10710] ? tomoyo_realpath_from_path+0xb6/0x690 [ 575.448887][T10710] should_failslab+0xc2/0x120 [ 575.448914][T10710] __kmalloc_noprof+0xe0/0x850 [ 575.448950][T10710] tomoyo_realpath_from_path+0xb6/0x690 [ 575.448980][T10710] tomoyo_check_open_permission+0x2af/0x3c0 [ 575.449016][T10710] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 575.449074][T10710] ? do_raw_spin_lock+0x128/0x260 [ 575.449106][T10710] ? path_get+0x61/0x80 [ 575.449131][T10710] tomoyo_file_open+0x6b/0x90 [ 575.449159][T10710] security_file_open+0xb5/0x1e0 [ 575.449182][T10710] do_dentry_open+0x5aa/0x1660 [ 575.449205][T10710] ? security_inode_permission+0xbf/0x250 [ 575.449242][T10710] vfs_open+0x82/0x3f0 [ 575.449274][T10710] path_openat+0x208c/0x31a0 [ 575.449304][T10710] ? __pfx_path_openat+0x10/0x10 [ 575.449334][T10710] do_file_open+0x20e/0x430 [ 575.449357][T10710] ? __pfx_do_file_open+0x10/0x10 [ 575.449396][T10710] ? alloc_fd+0x476/0x790 [ 575.449418][T10710] ? do_getname+0x191/0x390 [ 575.449445][T10710] do_sys_openat2+0x10d/0x1e0 [ 575.449472][T10710] ? __pfx_do_sys_openat2+0x10/0x10 [ 575.449508][T10710] __x64_sys_openat+0x12d/0x210 [ 575.449535][T10710] ? __pfx___x64_sys_openat+0x10/0x10 [ 575.449573][T10710] do_syscall_64+0x106/0xf80 [ 575.449597][T10710] ? clear_bhb_loop+0x40/0x90 [ 575.449622][T10710] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 575.449643][T10710] RIP: 0033:0x7efdcd59c799 [ 575.449660][T10710] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 575.449680][T10710] RSP: 002b:00007efdce513028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 575.449700][T10710] RAX: ffffffffffffffda RBX: 00007efdcd815fa0 RCX: 00007efdcd59c799 [ 575.449713][T10710] RDX: 00000000000a0102 RSI: 0000200000000400 RDI: ffffffffffffff9c [ 575.449726][T10710] RBP: 00007efdcd632c99 R08: 0000000000000000 R09: 0000000000000000 [ 575.449739][T10710] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 575.449752][T10710] R13: 00007efdcd816038 R14: 00007efdcd815fa0 R15: 00007ffc6ccfb908 [ 575.449778][T10710] [ 575.449807][T10710] ERROR: Out of memory at tomoyo_realpath_from_path. [ 576.305552][T10735] futex_wake_op: syz.3.1049 tries to shift op by -2048; fix this program [ 576.571797][ T7197] Bluetooth: hci0: command 0x0406 tx timeout [ 578.648775][ T7197] Bluetooth: hci0: command 0x0406 tx timeout [ 579.478549][T10761] random: crng reseeded on system resumption [ 581.129750][T10775] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1056'. [ 586.173766][ T7196] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 586.294509][T10810] futex_wake_op: syz.0.1061 tries to shift op by -2048; fix this program [ 586.370715][T10810] futex_wake_op: syz.0.1061 tries to shift op by -2048; fix this program [ 586.459636][T10810] 0x000000000001-0x000000020000 : "" [ 586.489901][T10810] ftl_cs: FTL header corrupt! [ 588.247100][ T7197] Bluetooth: hci3: command 0x0406 tx timeout [ 589.667605][T10835] FAULT_INJECTION: forcing a failure. [ 589.667605][T10835] name failslab, interval 1, probability 0, space 0, times 0 [ 589.737104][T10835] CPU: 1 UID: 0 PID: 10835 Comm: syz.1.1067 Not tainted syzkaller #0 PREEMPT(full) [ 589.737150][T10835] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 589.737170][T10835] Call Trace: [ 589.737181][T10835] [ 589.737193][T10835] dump_stack_lvl+0x100/0x190 [ 589.737248][T10835] should_fail_ex.cold+0x5/0xa [ 589.737289][T10835] should_failslab+0xc2/0x120 [ 589.737325][T10835] __kmalloc_cache_noprof+0x7a/0x6f0 [ 589.737371][T10835] ? sc_common_open+0x46/0x200 [ 589.737491][T10835] ? __pfx_stats_fop_open+0x10/0x10 [ 589.737527][T10835] sc_common_open+0x46/0x200 [ 589.737565][T10835] full_proxy_open_regular+0x1b6/0x370 [ 589.737617][T10835] do_dentry_open+0x6d8/0x1660 [ 589.737649][T10835] ? __pfx_full_proxy_open_regular+0x10/0x10 [ 589.737708][T10835] vfs_open+0x82/0x3f0 [ 589.737763][T10835] path_openat+0x208c/0x31a0 [ 589.737813][T10835] ? __pfx_path_openat+0x10/0x10 [ 589.737865][T10835] do_file_open+0x20e/0x430 [ 589.737902][T10835] ? __pfx_do_file_open+0x10/0x10 [ 589.737968][T10835] ? alloc_fd+0x476/0x790 [ 589.738005][T10835] ? do_getname+0x191/0x390 [ 589.738051][T10835] do_sys_openat2+0x10d/0x1e0 [ 589.738096][T10835] ? __pfx_do_sys_openat2+0x10/0x10 [ 589.738148][T10835] ? __fget_files+0x21f/0x3d0 [ 589.738190][T10835] __x64_sys_openat+0x12d/0x210 [ 589.738249][T10835] ? __pfx___x64_sys_openat+0x10/0x10 [ 589.738321][T10835] do_syscall_64+0x106/0xf80 [ 589.738358][T10835] ? clear_bhb_loop+0x40/0x90 [ 589.738395][T10835] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 589.738427][T10835] RIP: 0033:0x7fcfb8d9c799 [ 589.738454][T10835] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 589.738483][T10835] RSP: 002b:00007fcfb9c84028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 589.738514][T10835] RAX: ffffffffffffffda RBX: 00007fcfb9016090 RCX: 00007fcfb8d9c799 [ 589.738534][T10835] RDX: 0000000000008382 RSI: 0000200000000640 RDI: ffffffffffffff9c [ 589.738553][T10835] RBP: 00007fcfb8e32c99 R08: 0000000000000000 R09: 0000000000000000 [ 589.738571][T10835] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 589.738589][T10835] R13: 00007fcfb9016128 R14: 00007fcfb9016090 R15: 00007ffc7cdf5ae8 [ 589.738630][T10835] [ 590.335168][ T7197] Bluetooth: hci3: command 0x0406 tx timeout [ 591.732162][ T7196] block nbd0: Receive control failed (result -32) [ 598.224054][T10914] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 600.117399][T10928] can: request_module (can-proto-0) failed. [ 601.691996][T10958] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1093'. [ 603.193325][T10970] Invalid ELF header magic: != ELF [ 604.547725][T10998] bridge0: port 3(team0) entered blocking state [ 604.554182][T10998] bridge0: port 3(team0) entered disabled state [ 604.797320][T10998] team0: entered allmulticast mode [ 604.802611][T10998] team_slave_0: entered allmulticast mode [ 605.109191][T10998] team_slave_1: entered allmulticast mode [ 605.172880][T11000] FAULT_INJECTION: forcing a failure. [ 605.172880][T11000] name failslab, interval 1, probability 0, space 0, times 0 [ 605.217208][T11000] CPU: 1 UID: 0 PID: 11000 Comm: syz.3.1098 Not tainted syzkaller #0 PREEMPT(full) [ 605.217251][T11000] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 605.217277][T11000] Call Trace: [ 605.217287][T11000] [ 605.217298][T11000] dump_stack_lvl+0x100/0x190 [ 605.217346][T11000] should_fail_ex.cold+0x5/0xa [ 605.217378][T11000] ? __seq_open_private+0x22/0xd0 [ 605.217418][T11000] should_failslab+0xc2/0x120 [ 605.217446][T11000] __kmalloc_noprof+0xe0/0x850 [ 605.217496][T11000] ? __pfx_stats_fop_open+0x10/0x10 [ 605.217525][T11000] __seq_open_private+0x22/0xd0 [ 605.217566][T11000] sc_common_open+0x6b/0x200 [ 605.217596][T11000] full_proxy_open_regular+0x1b6/0x370 [ 605.217638][T11000] do_dentry_open+0x6d8/0x1660 [ 605.217665][T11000] ? __pfx_full_proxy_open_regular+0x10/0x10 [ 605.217711][T11000] vfs_open+0x82/0x3f0 [ 605.217750][T11000] path_openat+0x208c/0x31a0 [ 605.217790][T11000] ? __pfx_path_openat+0x10/0x10 [ 605.217830][T11000] do_file_open+0x20e/0x430 [ 605.217860][T11000] ? __pfx_do_file_open+0x10/0x10 [ 605.217912][T11000] ? alloc_fd+0x476/0x790 [ 605.217941][T11000] ? do_getname+0x191/0x390 [ 605.217977][T11000] do_sys_openat2+0x10d/0x1e0 [ 605.218014][T11000] ? __pfx_do_sys_openat2+0x10/0x10 [ 605.218051][T11000] ? __fget_files+0x21f/0x3d0 [ 605.218083][T11000] __x64_sys_openat+0x12d/0x210 [ 605.218120][T11000] ? __pfx___x64_sys_openat+0x10/0x10 [ 605.218170][T11000] do_syscall_64+0x106/0xf80 [ 605.218203][T11000] ? clear_bhb_loop+0x40/0x90 [ 605.218237][T11000] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 605.218271][T11000] RIP: 0033:0x7fb516f9c799 [ 605.218295][T11000] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 605.218323][T11000] RSP: 002b:00007fb517e34028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 605.218349][T11000] RAX: ffffffffffffffda RBX: 00007fb517216090 RCX: 00007fb516f9c799 [ 605.218368][T11000] RDX: 0000000000008382 RSI: 0000200000000640 RDI: ffffffffffffff9c [ 605.218386][T11000] RBP: 00007fb517032c99 R08: 0000000000000000 R09: 0000000000000000 [ 605.218403][T11000] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 605.218419][T11000] R13: 00007fb517216128 R14: 00007fb517216090 R15: 00007ffebd199118 [ 605.218455][T11000] [ 605.467771][T10998] team0: entered promiscuous mode [ 605.472867][T10998] team_slave_0: entered promiscuous mode [ 605.478934][T10998] team_slave_1: entered promiscuous mode [ 605.487411][T10998] bridge0: port 3(team0) entered blocking state [ 605.494173][T10998] bridge0: port 3(team0) entered forwarding state [ 607.484781][T11025] can: request_module (can-proto-0) failed. [ 608.438734][T11049] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1103'. [ 610.325564][T11070] can: request_module (can-proto-0) failed. [ 611.969706][T11085] bridge0: port 3(team0) entered blocking state [ 612.032871][T11085] bridge0: port 3(team0) entered disabled state [ 612.147661][T11085] team0: entered allmulticast mode [ 612.200879][T11085] team_slave_0: entered allmulticast mode [ 612.206779][T11085] team_slave_1: entered allmulticast mode [ 612.450043][T11085] team0: entered promiscuous mode [ 612.455242][T11085] team_slave_0: entered promiscuous mode [ 612.557455][T11085] team_slave_1: entered promiscuous mode [ 612.837736][T11085] bridge0: port 3(team0) entered blocking state [ 612.844187][T11085] bridge0: port 3(team0) entered forwarding state [ 615.367369][T11107] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1114'. [ 615.597002][T11124] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(3) [ 617.477344][ T7196] block nbd1: Receive control failed (result -32) [ 618.204393][T11160] misc userio: Invalid payload size [ 622.761457][T11189] can: request_module (can-proto-0) failed. [ 624.493402][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.504386][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 625.142318][T11211] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1137'. [ 625.261146][T11211] netlink: 354 bytes leftover after parsing attributes in process `syz.2.1137'. [ 627.062301][ T7196] block nbd2: Receive control failed (result -32) [ 639.676283][T11351] can: request_module (can-proto-0) failed. [ 643.527734][T11379] netlink: 342 bytes leftover after parsing attributes in process `syz.0.1167'. [ 646.296597][T11408] Invalid ELF header magic: != ELF [ 653.557892][T11455] program syz.0.1181 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 654.352105][T11460] program syz.3.1190 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 655.214538][T11483] misc userio: Invalid payload size [ 660.494115][T11528] netlink: 342 bytes leftover after parsing attributes in process `syz.2.1194'. [ 663.969882][T11561] Invalid ELF header magic: != ELF [ 666.605361][T11593] bond0: option ad_actor_sys_prio: mode dependency failed, not supported in mode balance-rr(0) [ 666.827501][T11599] warning: `syz.0.1205' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 667.382972][T11607] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(3) [ 668.152042][T11595] kexec: Could not allocate control_code_buffer [ 669.176511][ T7196] Bluetooth: hci0: unexpected event 0x16 length: 440 > 6 [ 672.096691][T11662] netlink: 342 bytes leftover after parsing attributes in process `syz.1.1219'. [ 672.958456][T11674] misc userio: Invalid payload size [ 675.020725][T11693] Invalid ELF header magic: != ELF [ 676.944153][T11706] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(3) [ 680.598643][T11751] FAULT_INJECTION: forcing a failure. [ 680.598643][T11751] name failslab, interval 1, probability 0, space 0, times 0 [ 680.667429][T11751] CPU: 0 UID: 0 PID: 11751 Comm: syz.1.1238 Not tainted syzkaller #0 PREEMPT(full) [ 680.667462][T11751] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 680.667476][T11751] Call Trace: [ 680.667484][T11751] [ 680.667493][T11751] dump_stack_lvl+0x100/0x190 [ 680.667533][T11751] should_fail_ex.cold+0x5/0xa [ 680.667561][T11751] should_failslab+0xc2/0x120 [ 680.667592][T11751] __kmalloc_cache_noprof+0x7a/0x6f0 [ 680.667624][T11751] ? snd_seq_pool_new+0x44/0x230 [ 680.667652][T11751] ? __pfx_snd_seq_open+0x10/0x10 [ 680.667708][T11751] snd_seq_pool_new+0x44/0x230 [ 680.667740][T11751] seq_create_client1+0x66/0x640 [ 680.667791][T11751] ? __pfx_snd_seq_open+0x10/0x10 [ 680.667835][T11751] snd_seq_open+0x59/0x590 [ 680.667867][T11751] ? __pfx_snd_seq_open+0x10/0x10 [ 680.667898][T11751] snd_open+0x22d/0x4c0 [ 680.667935][T11751] ? __pfx_snd_open+0x10/0x10 [ 680.667969][T11751] chrdev_open+0x234/0x6a0 [ 680.667991][T11751] ? __pfx_apparmor_file_open+0x10/0x10 [ 680.668027][T11751] ? __pfx_chrdev_open+0x10/0x10 [ 680.668052][T11751] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 680.668086][T11751] do_dentry_open+0x6d8/0x1660 [ 680.668108][T11751] ? __pfx_chrdev_open+0x10/0x10 [ 680.668138][T11751] vfs_open+0x82/0x3f0 [ 680.668171][T11751] path_openat+0x208c/0x31a0 [ 680.668204][T11751] ? __pfx_path_openat+0x10/0x10 [ 680.668238][T11751] do_file_open+0x20e/0x430 [ 680.668264][T11751] ? __pfx_do_file_open+0x10/0x10 [ 680.668321][T11751] ? alloc_fd+0x476/0x790 [ 680.668347][T11751] ? do_getname+0x191/0x390 [ 680.668378][T11751] do_sys_openat2+0x10d/0x1e0 [ 680.668409][T11751] ? __pfx_do_sys_openat2+0x10/0x10 [ 680.668442][T11751] ? __fget_files+0x21f/0x3d0 [ 680.668469][T11751] __x64_sys_openat+0x12d/0x210 [ 680.668501][T11751] ? __pfx___x64_sys_openat+0x10/0x10 [ 680.668544][T11751] do_syscall_64+0x106/0xf80 [ 680.668577][T11751] ? clear_bhb_loop+0x40/0x90 [ 680.668606][T11751] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 680.668631][T11751] RIP: 0033:0x7fcfb8d9c799 [ 680.668650][T11751] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 680.668673][T11751] RSP: 002b:00007fcfb9ca5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 680.668695][T11751] RAX: ffffffffffffffda RBX: 00007fcfb9015fa0 RCX: 00007fcfb8d9c799 [ 680.668710][T11751] RDX: 00000000000a2741 RSI: 00002000000011c0 RDI: ffffffffffffff9c [ 680.668725][T11751] RBP: 00007fcfb8e32c99 R08: 0000000000000000 R09: 0000000000000000 [ 680.668739][T11751] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 680.668753][T11751] R13: 00007fcfb9016038 R14: 00007fcfb9015fa0 R15: 00007ffc7cdf5ae8 [ 680.668783][T11751] [ 681.765447][T11756] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1240'. [ 681.796237][T11756] netlink: 'syz.1.1240': attribute type 1 has an invalid length. [ 681.835205][T11756] netlink: 5 bytes leftover after parsing attributes in process `syz.1.1240'. [ 685.637373][T11791] misc userio: Invalid payload size [ 685.938268][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 685.944742][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 691.397282][T11809] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1253'. [ 691.432724][T11809] netlink: 354 bytes leftover after parsing attributes in process `syz.1.1253'. [ 691.930282][T11818] snd_virmidi snd_virmidi.0: control 1:-5:4194312:1Յ:0 is already present [ 698.354639][T11900] misc userio: Invalid payload size [ 706.878655][T11971] Invalid ELF header magic: != ELF [ 712.922066][T12034] netlink: 17 bytes leftover after parsing attributes in process `syz.1.1294'. [ 714.440162][T12045] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1296'. [ 721.020976][T12093] NFSD: Failed to start, no listeners configured. [ 724.967060][T12134] can: request_module (can-proto-0) failed. [ 725.701208][T12141] FAULT_INJECTION: forcing a failure. [ 725.701208][T12141] name failslab, interval 1, probability 0, space 0, times 0 [ 725.726416][T12141] CPU: 1 UID: 0 PID: 12141 Comm: syz.3.1317 Tainted: G L syzkaller #0 PREEMPT(full) [ 725.726463][T12141] Tainted: [L]=SOFTLOCKUP [ 725.726474][T12141] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 725.726492][T12141] Call Trace: [ 725.726502][T12141] [ 725.726515][T12141] dump_stack_lvl+0x100/0x190 [ 725.726601][T12141] should_fail_ex.cold+0x5/0xa [ 725.726638][T12141] ? memcg_list_lru_alloc+0x4ec/0x740 [ 725.726688][T12141] should_failslab+0xc2/0x120 [ 725.726722][T12141] __kmalloc_noprof+0xe0/0x850 [ 725.726776][T12141] ? path_openat+0xf95/0x31a0 [ 725.726815][T12141] memcg_list_lru_alloc+0x4ec/0x740 [ 725.726874][T12141] ? __pfx_memcg_list_lru_alloc+0x10/0x10 [ 725.726921][T12141] ? rcu_read_unlock+0x17/0x60 [ 725.726966][T12141] ? get_mem_cgroup_from_objcg+0xd3/0x330 [ 725.727016][T12141] __memcg_slab_post_alloc_hook+0x130/0x990 [ 725.727060][T12141] ? kasan_save_track+0x14/0x30 [ 725.727125][T12141] kmem_cache_alloc_lru_noprof+0x592/0x6e0 [ 725.727171][T12141] ? alloc_inode+0x183/0x250 [ 725.727219][T12141] alloc_inode+0x183/0x250 [ 725.727259][T12141] path_from_stashed+0x25b/0x750 [ 725.727289][T12141] ? do_raw_spin_unlock+0x145/0x1e0 [ 725.727343][T12141] ns_get_path+0x60/0x80 [ 725.727373][T12141] proc_ns_get_link+0x121/0x230 [ 725.727414][T12141] ? __pfx_proc_ns_get_link+0x10/0x10 [ 725.727461][T12141] ? atime_needs_update+0x8b/0x6b0 [ 725.727506][T12141] pick_link+0xd17/0x13c0 [ 725.727549][T12141] ? __pfx_proc_ns_get_link+0x10/0x10 [ 725.727604][T12141] step_into_slowpath+0x9ba/0xf90 [ 725.727657][T12141] ? __pfx_step_into_slowpath+0x10/0x10 [ 725.727702][T12141] ? find_held_lock+0x2b/0x80 [ 725.727742][T12141] path_openat+0xf95/0x31a0 [ 725.727786][T12141] ? __pfx_path_openat+0x10/0x10 [ 725.727830][T12141] do_file_open+0x20e/0x430 [ 725.727864][T12141] ? __pfx_do_file_open+0x10/0x10 [ 725.727920][T12141] ? alloc_fd+0x476/0x790 [ 725.727952][T12141] ? do_getname+0x191/0x390 [ 725.727994][T12141] do_sys_openat2+0x10d/0x1e0 [ 725.728035][T12141] ? __pfx_do_sys_openat2+0x10/0x10 [ 725.728078][T12141] ? __fget_files+0x21f/0x3d0 [ 725.728114][T12141] __x64_sys_openat+0x12d/0x210 [ 725.728155][T12141] ? __pfx___x64_sys_openat+0x10/0x10 [ 725.728211][T12141] do_syscall_64+0x106/0xf80 [ 725.728247][T12141] ? clear_bhb_loop+0x40/0x90 [ 725.728286][T12141] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 725.728318][T12141] RIP: 0033:0x7fb516f5cfce [ 725.728343][T12141] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 725.728373][T12141] RSP: 002b:00007fb517e54ec8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 725.728402][T12141] RAX: ffffffffffffffda RBX: 00007fb517e556c0 RCX: 00007fb516f5cfce [ 725.728422][T12141] RDX: 0000000000000002 RSI: 00007fb517e54f90 RDI: ffffffffffffff9c [ 725.728440][T12141] RBP: 00007fb517032c99 R08: 0000000000000000 R09: 0000000000000000 [ 725.728458][T12141] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 725.728476][T12141] R13: 00007fb517216038 R14: 00007fb517215fa0 R15: 00007ffebd199118 [ 725.728516][T12141] [ 727.874673][T12156] Invalid ELF header magic: != ELF [ 733.402985][T12207] zswap: compressor not available [ 734.057520][T12207] FAULT_INJECTION: forcing a failure. [ 734.057520][T12207] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 734.168882][T12207] CPU: 1 UID: 0 PID: 12207 Comm: syz.2.1328 Tainted: G L syzkaller #0 PREEMPT(full) [ 734.168939][T12207] Tainted: [L]=SOFTLOCKUP [ 734.168951][T12207] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 734.168971][T12207] Call Trace: [ 734.168982][T12207] [ 734.168995][T12207] dump_stack_lvl+0x100/0x190 [ 734.169054][T12207] should_fail_ex.cold+0x5/0xa [ 734.169087][T12207] ? prepare_alloc_pages+0x16d/0x5f0 [ 734.169129][T12207] should_fail_alloc_page+0xeb/0x140 [ 734.169167][T12207] prepare_alloc_pages+0x1f0/0x5f0 [ 734.169212][T12207] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 734.169272][T12207] ? rcu_is_watching+0x12/0xc0 [ 734.169329][T12207] ? __lock_acquire+0x4a5/0x2630 [ 734.169394][T12207] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 734.169449][T12207] ? do_raw_spin_lock+0x128/0x260 [ 734.169500][T12207] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 734.169556][T12207] ? find_held_lock+0x2b/0x80 [ 734.169610][T12207] ? __lock_acquire+0x4a5/0x2630 [ 734.169654][T12207] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 734.169715][T12207] ? policy_nodemask+0xed/0x4f0 [ 734.169754][T12207] alloc_pages_mpol+0x1fb/0x550 [ 734.169793][T12207] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 734.169830][T12207] ? __folio_batch_add_and_move+0x5e5/0xc60 [ 734.169883][T12207] ? __folio_batch_add_and_move+0x5e5/0xc60 [ 734.169945][T12207] folio_alloc_mpol_noprof+0x36/0x340 [ 734.169991][T12207] shmem_alloc_folio+0x135/0x160 [ 734.170035][T12207] shmem_alloc_and_add_folio+0x371/0xd40 [ 734.170098][T12207] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 734.170153][T12207] ? shmem_allowable_huge_orders+0x2bd/0x400 [ 734.170215][T12207] shmem_get_folio_gfp+0x6ab/0x1900 [ 734.170272][T12207] ? find_held_lock+0x2b/0x80 [ 734.170304][T12207] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 734.170374][T12207] ? ktime_get_coarse_real_ts64_mg+0x235/0x300 [ 734.170418][T12207] ? lockdep_hardirqs_on+0x78/0x100 [ 734.170464][T12207] shmem_fault+0x1f9/0xa20 [ 734.170515][T12207] ? __lock_acquire+0x4a5/0x2630 [ 734.170557][T12207] ? __pfx_shmem_fault+0x10/0x10 [ 734.170616][T12207] ? __up_read+0x2c5/0x700 [ 734.170681][T12207] ? __pfx_filemap_map_pages+0x10/0x10 [ 734.170731][T12207] __do_fault+0x10d/0x550 [ 734.170767][T12207] ? __pfx_filemap_map_pages+0x10/0x10 [ 734.170816][T12207] do_fault+0x2db/0x1990 [ 734.170861][T12207] __handle_mm_fault+0x180f/0x2b60 [ 734.170920][T12207] ? __pfx___handle_mm_fault+0x10/0x10 [ 734.170969][T12207] ? pte_offset_map_lock+0x174/0x320 [ 734.171004][T12207] ? find_held_lock+0x2b/0x80 [ 734.171049][T12207] ? follow_page_pte+0x5b3/0x1400 [ 734.171096][T12207] handle_mm_fault+0x36d/0xa20 [ 734.171153][T12207] __get_user_pages+0xf9c/0x34d0 [ 734.171201][T12207] ? down_read_killable+0x30e/0x4c0 [ 734.171253][T12207] ? __pfx___get_user_pages+0x10/0x10 [ 734.171305][T12207] faultin_page_range+0x1f1/0x9e0 [ 734.171364][T12207] madvise_do_behavior+0x354/0x510 [ 734.171411][T12207] ? __pfx_madvise_do_behavior+0x10/0x10 [ 734.171477][T12207] do_madvise+0x195/0x240 [ 734.171515][T12207] ? __pfx_do_madvise+0x10/0x10 [ 734.171555][T12207] ? do_futex+0x192/0x350 [ 734.171605][T12207] ? __fget_files+0x21f/0x3d0 [ 734.171665][T12207] __x64_sys_madvise+0xa9/0x110 [ 734.171704][T12207] ? lockdep_hardirqs_on+0x78/0x100 [ 734.171745][T12207] do_syscall_64+0x106/0xf80 [ 734.171785][T12207] ? clear_bhb_loop+0x40/0x90 [ 734.171827][T12207] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 734.171862][T12207] RIP: 0033:0x7fb5f5b9c799 [ 734.171891][T12207] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 734.171924][T12207] RSP: 002b:00007fb5f6b43028 EFLAGS: 00000246 ORIG_RAX: 000000000000001c [ 734.171957][T12207] RAX: ffffffffffffffda RBX: 00007fb5f5e15fa0 RCX: 00007fb5f5b9c799 [ 734.171979][T12207] RDX: 0000000000000017 RSI: 000000000000ca3d RDI: 0000000000000000 [ 734.171998][T12207] RBP: 00007fb5f5c32c99 R08: 0000000000000000 R09: 0000000000000000 [ 734.172018][T12207] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 734.172038][T12207] R13: 00007fb5f5e16038 R14: 00007fb5f5e15fa0 R15: 00007fff40d96958 [ 734.172084][T12207] [ 735.535142][T12233] FAULT_INJECTION: forcing a failure. [ 735.535142][T12233] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 735.548825][T12233] CPU: 1 UID: 0 PID: 12233 Comm: syz.1.1339 Tainted: G L syzkaller #0 PREEMPT(full) [ 735.548870][T12233] Tainted: [L]=SOFTLOCKUP [ 735.548878][T12233] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 735.548893][T12233] Call Trace: [ 735.548902][T12233] [ 735.548911][T12233] dump_stack_lvl+0x100/0x190 [ 735.548954][T12233] should_fail_ex.cold+0x5/0xa [ 735.548980][T12233] ? prepare_alloc_pages+0x16d/0x5f0 [ 735.549029][T12233] should_fail_alloc_page+0xeb/0x140 [ 735.549058][T12233] prepare_alloc_pages+0x1f0/0x5f0 [ 735.549093][T12233] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 735.549148][T12233] ? stack_trace_save+0x8e/0xc0 [ 735.549174][T12233] ? __pfx_stack_trace_save+0x10/0x10 [ 735.549198][T12233] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 735.549248][T12233] ? stack_depot_save_flags+0x27/0x9d0 [ 735.549300][T12233] ? kasan_save_stack+0x3f/0x50 [ 735.549341][T12233] ? kasan_save_stack+0x30/0x50 [ 735.549383][T12233] ? kasan_save_track+0x14/0x30 [ 735.549423][T12233] ? __kasan_kmalloc+0xaa/0xb0 [ 735.549467][T12233] ? do_file_open+0x20e/0x430 [ 735.549495][T12233] ? do_sys_openat2+0x10d/0x1e0 [ 735.549529][T12233] ? __x64_sys_openat+0x12d/0x210 [ 735.549563][T12233] ? do_syscall_64+0x106/0xf80 [ 735.549595][T12233] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 735.549629][T12233] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 735.549677][T12233] ? policy_nodemask+0xed/0x4f0 [ 735.549710][T12233] alloc_pages_mpol+0x1fb/0x550 [ 735.549741][T12233] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 735.549779][T12233] alloc_pages_noprof+0x131/0x390 [ 735.549810][T12233] get_zeroed_page_noprof+0x18/0xb0 [ 735.549840][T12233] mon_alloc_buff+0xce/0x1b0 [ 735.549971][T12233] ? kasan_save_track+0x14/0x30 [ 735.550019][T12233] mon_bin_open+0x207/0x470 [ 735.550062][T12233] ? __pfx_mon_bin_open+0x10/0x10 [ 735.550107][T12233] chrdev_open+0x234/0x6a0 [ 735.550136][T12233] ? __pfx_chrdev_open+0x10/0x10 [ 735.550166][T12233] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 735.550202][T12233] do_dentry_open+0x6d8/0x1660 [ 735.550234][T12233] ? __pfx_chrdev_open+0x10/0x10 [ 735.550269][T12233] vfs_open+0x82/0x3f0 [ 735.550316][T12233] path_openat+0x208c/0x31a0 [ 735.550374][T12233] ? __pfx_path_openat+0x10/0x10 [ 735.550415][T12233] do_file_open+0x20e/0x430 [ 735.550446][T12233] ? __pfx_do_file_open+0x10/0x10 [ 735.550498][T12233] ? alloc_fd+0x476/0x790 [ 735.550527][T12233] ? do_getname+0x191/0x390 [ 735.550564][T12233] do_sys_openat2+0x10d/0x1e0 [ 735.550610][T12233] ? __pfx_do_sys_openat2+0x10/0x10 [ 735.550646][T12233] ? __fget_files+0x21f/0x3d0 [ 735.550676][T12233] __x64_sys_openat+0x12d/0x210 [ 735.550712][T12233] ? __pfx___x64_sys_openat+0x10/0x10 [ 735.550758][T12233] do_syscall_64+0x106/0xf80 [ 735.550788][T12233] ? clear_bhb_loop+0x40/0x90 [ 735.550820][T12233] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 735.550846][T12233] RIP: 0033:0x7fcfb8d9c799 [ 735.550867][T12233] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 735.550893][T12233] RSP: 002b:00007fcfb9c63028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 735.550918][T12233] RAX: ffffffffffffffda RBX: 00007fcfb9016180 RCX: 00007fcfb8d9c799 [ 735.550953][T12233] RDX: 0000000000002040 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 735.550971][T12233] RBP: 00007fcfb8e32c99 R08: 0000000000000000 R09: 0000000000000000 [ 735.550988][T12233] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 735.551004][T12233] R13: 00007fcfb9016218 R14: 00007fcfb9016180 R15: 00007ffc7cdf5ae8 [ 735.551040][T12233] [ 737.203833][T12243] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 737.210499][T12243] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 737.564419][T12243] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 737.591390][T12243] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 737.632966][T12243] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 737.673088][T12243] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 737.785298][T12243] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 737.800966][T12243] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 739.053031][ T7196] Bluetooth: hci1: command 0x0406 tx timeout [ 739.308193][T12257] FAULT_INJECTION: forcing a failure. [ 739.308193][T12257] name failslab, interval 1, probability 0, space 0, times 0 [ 739.341524][T12257] CPU: 1 UID: 0 PID: 12257 Comm: syz.0.1344 Tainted: G L syzkaller #0 PREEMPT(full) [ 739.341572][T12257] Tainted: [L]=SOFTLOCKUP [ 739.341583][T12257] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 739.341601][T12257] Call Trace: [ 739.341611][T12257] [ 739.341655][T12257] dump_stack_lvl+0x100/0x190 [ 739.341787][T12257] should_fail_ex.cold+0x5/0xa [ 739.341833][T12257] ? __register_sysctl_table+0xac/0x1650 [ 739.341935][T12257] should_failslab+0xc2/0x120 [ 739.342025][T12257] __kmalloc_noprof+0xe0/0x850 [ 739.342095][T12257] __register_sysctl_table+0xac/0x1650 [ 739.342153][T12257] ? is_module_address+0x5f/0xf0 [ 739.342205][T12257] ? __pfx___register_sysctl_table+0x10/0x10 [ 739.342261][T12257] ? is_module_address+0x69/0xf0 [ 739.342302][T12257] ? register_net_sysctl_sz+0x222/0x430 [ 739.342458][T12257] mpls_dev_sysctl_register+0x185/0x2a0 [ 739.342523][T12257] ? pcpu_alloc_noprof+0xe36/0x1c50 [ 739.342576][T12257] ? __pfx_mpls_dev_sysctl_register+0x10/0x10 [ 739.342635][T12257] mpls_dev_notify+0x365/0x920 [ 739.342681][T12257] notifier_call_chain+0x99/0x420 [ 739.342736][T12257] call_netdevice_notifiers_info+0xbe/0x110 [ 739.342792][T12257] register_netdevice+0x16e6/0x2210 [ 739.342846][T12257] ? __pfx_register_netdevice+0x10/0x10 [ 739.342904][T12257] __ip_tunnel_create+0x52b/0x670 [ 739.343014][T12257] ? __pfx___ip_tunnel_create+0x10/0x10 [ 739.343065][T12257] ? net_generic+0xea/0x2a0 [ 739.343137][T12257] ip_tunnel_init_net+0x230/0x780 [ 739.343189][T12257] ? __pfx_ip_tunnel_init_net+0x10/0x10 [ 739.343259][T12257] ? __kmalloc_noprof+0x320/0x850 [ 739.343334][T12257] ? __pfx_ipip_init_net+0x10/0x10 [ 739.343415][T12257] ops_init+0x1e2/0x5f0 [ 739.343466][T12257] setup_net+0x118/0x3a0 [ 739.343512][T12257] ? __pfx_setup_net+0x10/0x10 [ 739.343552][T12257] ? lockdep_init_map_type+0x5c/0x250 [ 739.343598][T12257] ? mutex_init_lockep+0x110/0x150 [ 739.343650][T12257] copy_net_ns+0x46f/0x7c0 [ 739.343702][T12257] create_new_namespaces+0x3ea/0xac0 [ 739.343747][T12257] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 739.343788][T12257] ksys_unshare+0x473/0xad0 [ 739.343833][T12257] ? __pfx_ksys_unshare+0x10/0x10 [ 739.343892][T12257] __x64_sys_unshare+0x31/0x40 [ 739.343945][T12257] do_syscall_64+0x106/0xf80 [ 739.343985][T12257] ? clear_bhb_loop+0x40/0x90 [ 739.344028][T12257] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 739.344066][T12257] RIP: 0033:0x7efdcd59c799 [ 739.344094][T12257] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 739.344129][T12257] RSP: 002b:00007efdce513028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 739.344163][T12257] RAX: ffffffffffffffda RBX: 00007efdcd815fa0 RCX: 00007efdcd59c799 [ 739.344186][T12257] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 739.344206][T12257] RBP: 00007efdcd632c99 R08: 0000000000000000 R09: 0000000000000000 [ 739.344237][T12257] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 739.344258][T12257] R13: 00007efdcd816038 R14: 00007efdcd815fa0 R15: 00007ffc6ccfb908 [ 739.344305][T12257] [ 739.729329][ T7196] Bluetooth: hci0: command 0x0406 tx timeout [ 739.736712][ T7196] Bluetooth: hci2: command 0x0406 tx timeout [ 739.852072][T11219] Bluetooth: hci3: command 0x0406 tx timeout [ 740.563500][T12275] Invalid ELF header magic: != ELF [ 741.130799][T11219] Bluetooth: hci1: command 0x0406 tx timeout [ 741.769036][ T7196] Bluetooth: hci0: command 0x0406 tx timeout [ 741.775215][T11219] Bluetooth: hci2: command 0x0406 tx timeout [ 741.901855][T12291] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1342'. [ 741.928757][T11219] Bluetooth: hci3: command 0x0406 tx timeout [ 742.015607][T12291] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 742.057105][T12291] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 742.121318][T12291] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 742.156709][T12291] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 742.412931][T12299] binder: 12298:12299 ioctl 4018620d 9 returned -22 [ 745.936319][T12324] NFSD: Failed to start, no listeners configured. [ 747.378954][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 747.385376][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 749.920331][T12372] Invalid ELF header magic: != ELF [ 764.461563][ T30] audit: type=1800 audit(1773289267.637:14): pid=12491 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.1385" name="file0" dev="tmpfs" ino=1842 res=0 errno=0 [ 764.552087][T12498] FAULT_INJECTION: forcing a failure. [ 764.552087][T12498] name failslab, interval 1, probability 0, space 0, times 0 [ 764.565333][T12498] CPU: 1 UID: 0 PID: 12498 Comm: syz.0.1387 Tainted: G L syzkaller #0 PREEMPT(full) [ 764.565379][T12498] Tainted: [L]=SOFTLOCKUP [ 764.565389][T12498] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 764.565406][T12498] Call Trace: [ 764.565416][T12498] [ 764.565426][T12498] dump_stack_lvl+0x100/0x190 [ 764.565474][T12498] should_fail_ex.cold+0x5/0xa [ 764.565509][T12498] should_failslab+0xc2/0x120 [ 764.565539][T12498] __kmalloc_cache_noprof+0x7a/0x6f0 [ 764.565576][T12498] ? snd_ctl_notify.part.0+0x337/0x650 [ 764.565724][T12498] snd_ctl_notify.part.0+0x337/0x650 [ 764.565776][T12498] snd_ctl_notify_one+0x2a4/0x300 [ 764.565817][T12498] ? __pfx_snd_ctl_notify_one+0x10/0x10 [ 764.565866][T12498] ? mark_held_locks+0x40/0x70 [ 764.565911][T12498] __snd_ctl_add_replace+0x60b/0x840 [ 764.565962][T12498] ? __pfx___snd_ctl_add_replace+0x10/0x10 [ 764.566012][T12498] ? __kmalloc_noprof+0x320/0x850 [ 764.566056][T12498] ? snd_ctl_new+0x13c/0x1a0 [ 764.566100][T12498] snd_ctl_elem_add+0x832/0x1370 [ 764.566150][T12498] ? __might_fault+0xc5/0x140 [ 764.566192][T12498] ? __might_fault+0xc5/0x140 [ 764.566236][T12498] ? __pfx_snd_ctl_elem_add+0x10/0x10 [ 764.566289][T12498] snd_ctl_elem_add_user+0xc5/0x170 [ 764.566332][T12498] ? __pfx_snd_ctl_elem_add_user+0x10/0x10 [ 764.566375][T12498] ? find_held_lock+0x2b/0x80 [ 764.566433][T12498] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 764.566486][T12498] ? do_vfs_ioctl+0x226/0x13e0 [ 764.566533][T12498] snd_ctl_ioctl+0xbdf/0x1330 [ 764.566575][T12498] ? __pfx_snd_ctl_ioctl+0x10/0x10 [ 764.566622][T12498] ? find_held_lock+0x2b/0x80 [ 764.566656][T12498] ? __fget_files+0x215/0x3d0 [ 764.566682][T12498] ? hook_file_ioctl_common+0x146/0x410 [ 764.566778][T12498] ? __fget_files+0x21f/0x3d0 [ 764.566811][T12498] ? __pfx_snd_ctl_ioctl+0x10/0x10 [ 764.566854][T12498] __x64_sys_ioctl+0x18e/0x210 [ 764.566899][T12498] do_syscall_64+0x106/0xf80 [ 764.566934][T12498] ? clear_bhb_loop+0x40/0x90 [ 764.566973][T12498] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 764.567002][T12498] RIP: 0033:0x7efdcd59c799 [ 764.567026][T12498] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 764.567055][T12498] RSP: 002b:00007efdce4f2028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 764.567083][T12498] RAX: ffffffffffffffda RBX: 00007efdcd816090 RCX: 00007efdcd59c799 [ 764.567103][T12498] RDX: 0000200000000580 RSI: 00000000c1105517 RDI: 0000000000000008 [ 764.567120][T12498] RBP: 00007efdcd632c99 R08: 0000000000000000 R09: 0000000000000000 [ 764.567139][T12498] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 764.567155][T12498] R13: 00007efdcd816128 R14: 00007efdcd816090 R15: 00007ffc6ccfb908 [ 764.567194][T12498] [ 764.567212][T12498] snd_virmidi snd_virmidi.0: No memory available to allocate event [ 764.928033][T12504] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1388'. [ 765.278635][T12504] netlink: 354 bytes leftover after parsing attributes in process `syz.2.1388'. [ 765.655033][T12508] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1390'. [ 765.664936][T12508] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1390'. [ 766.251676][T12516] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input17 [ 766.666183][T12519] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input18 [ 768.100773][T12525] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1393'. [ 768.245849][T12526] FAULT_INJECTION: forcing a failure. [ 768.245849][T12526] name failslab, interval 1, probability 0, space 0, times 0 [ 768.323680][T12526] CPU: 1 UID: 0 PID: 12526 Comm: syz.1.1393 Tainted: G L syzkaller #0 PREEMPT(full) [ 768.323747][T12526] Tainted: [L]=SOFTLOCKUP [ 768.323758][T12526] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 768.323777][T12526] Call Trace: [ 768.323787][T12526] [ 768.323799][T12526] dump_stack_lvl+0x100/0x190 [ 768.323854][T12526] should_fail_ex.cold+0x5/0xa [ 768.323892][T12526] should_failslab+0xc2/0x120 [ 768.323927][T12526] __kmalloc_cache_noprof+0x7a/0x6f0 [ 768.323970][T12526] ? bpf_prog_alloc_no_stats+0x15f/0x640 [ 768.324027][T12526] bpf_prog_alloc_no_stats+0x15f/0x640 [ 768.324081][T12526] bpf_prog_alloc+0x3b/0x200 [ 768.324130][T12526] bpf_prog_create_from_user+0xb4/0x2f0 [ 768.324290][T12526] ? __pfx_seccomp_check_filter+0x10/0x10 [ 768.324343][T12526] do_seccomp+0x7f7/0x2740 [ 768.324398][T12526] ? __pfx_do_seccomp+0x10/0x10 [ 768.324439][T12526] ? __x64_sys_openat+0x12d/0x210 [ 768.324484][T12526] ? __pfx___x64_sys_futex+0x10/0x10 [ 768.324542][T12526] do_syscall_64+0x106/0xf80 [ 768.324581][T12526] ? clear_bhb_loop+0x40/0x90 [ 768.324622][T12526] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 768.324657][T12526] RIP: 0033:0x7fcfb8d9c799 [ 768.324687][T12526] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 768.324725][T12526] RSP: 002b:00007fcfb9c63028 EFLAGS: 00000246 ORIG_RAX: 000000000000013d [ 768.324757][T12526] RAX: ffffffffffffffda RBX: 00007fcfb9016180 RCX: 00007fcfb8d9c799 [ 768.324779][T12526] RDX: 0000200000000100 RSI: 0000000000000000 RDI: 0000000000000001 [ 768.324800][T12526] RBP: 00007fcfb8e32c99 R08: 0000000000000000 R09: 0000000000000000 [ 768.324821][T12526] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 768.324840][T12526] R13: 00007fcfb9016218 R14: 00007fcfb9016180 R15: 00007ffc7cdf5ae8 [ 768.324883][T12526] [ 768.979123][T12524] bond0: invalid ARP target specified [ 768.986459][T12525] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 768.998151][T12525] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 769.006372][T12525] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 769.015200][T12525] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 770.162748][T12540] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input19 [ 773.475280][T12582] Invalid ELF header magic: != ELF [ 773.967385][T12570] netlink: 342 bytes leftover after parsing attributes in process `syz.2.1402'. [ 775.548611][T12590] netlink: 330 bytes leftover after parsing attributes in process `syz.1.1405'. [ 775.637561][T12590] mac80211_hwsim hwsim4 : renamed from wlan0 (while UP) [ 779.148022][T12621] Invalid ELF header magic: != ELF [ 779.633909][T12632] netlink: 25 bytes leftover after parsing attributes in process `syz.0.1413'. [ 780.124341][T12640] FAULT_INJECTION: forcing a failure. [ 780.124341][T12640] name failslab, interval 1, probability 0, space 0, times 0 [ 780.164940][T12640] CPU: 1 UID: 0 PID: 12640 Comm: syz.0.1415 Tainted: G L syzkaller #0 PREEMPT(full) [ 780.164991][T12640] Tainted: [L]=SOFTLOCKUP [ 780.165001][T12640] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 780.165021][T12640] Call Trace: [ 780.165031][T12640] [ 780.165043][T12640] dump_stack_lvl+0x100/0x190 [ 780.165112][T12640] should_fail_ex.cold+0x5/0xa [ 780.165149][T12640] should_failslab+0xc2/0x120 [ 780.165197][T12640] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 780.165246][T12640] ? __kernfs_new_node+0xd2/0x960 [ 780.165301][T12640] __kernfs_new_node+0xd2/0x960 [ 780.165360][T12640] ? __pfx___kernfs_new_node+0x10/0x10 [ 780.165415][T12640] ? find_held_lock+0x2b/0x80 [ 780.165444][T12640] ? kernfs_root+0xee/0x2a0 [ 780.165485][T12640] ? kernfs_root+0xee/0x2a0 [ 780.165537][T12640] kernfs_new_node+0x11b/0x1a0 [ 780.165593][T12640] __kernfs_create_file+0x53/0x350 [ 780.165633][T12640] sysfs_add_file_mode_ns+0x207/0x3c0 [ 780.165684][T12640] internal_create_group+0x593/0xf40 [ 780.165739][T12640] ? __pfx_internal_create_group+0x10/0x10 [ 780.165790][T12640] ? kernfs_create_link+0x1bd/0x240 [ 780.165831][T12640] internal_create_groups+0x9d/0x150 [ 780.165880][T12640] device_add+0x7c8/0x1950 [ 780.165982][T12640] ? __pfx_device_add+0x10/0x10 [ 780.166011][T12640] ? lockdep_init_map_type+0x5c/0x250 [ 780.166053][T12640] ? __init_waitqueue_head+0xca/0x150 [ 780.166109][T12640] netdev_register_kobject+0x1a9/0x3d0 [ 780.166192][T12640] register_netdevice+0x12e0/0x2210 [ 780.166239][T12640] ? idr_alloc+0xdd/0x130 [ 780.166338][T12640] ? __pfx_register_netdevice+0x10/0x10 [ 780.166377][T12640] ? net_generic+0xea/0x2a0 [ 780.166442][T12640] ppp_dev_configure+0x986/0xcb0 [ 780.166485][T12640] ppp_ioctl+0x985/0x2800 [ 780.166523][T12640] ? find_held_lock+0x2b/0x80 [ 780.166551][T12640] ? __pfx_ppp_ioctl+0x10/0x10 [ 780.166591][T12640] ? __fget_files+0x21f/0x3d0 [ 780.166625][T12640] ? __pfx_ppp_ioctl+0x10/0x10 [ 780.166663][T12640] __x64_sys_ioctl+0x18e/0x210 [ 780.166731][T12640] do_syscall_64+0x106/0xf80 [ 780.166797][T12640] ? clear_bhb_loop+0x40/0x90 [ 780.166836][T12640] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 780.166867][T12640] RIP: 0033:0x7efdcd59c799 [ 780.166890][T12640] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 780.166920][T12640] RSP: 002b:00007efdce513028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 780.166950][T12640] RAX: ffffffffffffffda RBX: 00007efdcd815fa0 RCX: 00007efdcd59c799 [ 780.166971][T12640] RDX: 0000000000000000 RSI: 00000000c004743e RDI: 0000000000000008 [ 780.166990][T12640] RBP: 00007efdcd632c99 R08: 0000000000000000 R09: 0000000000000000 [ 780.167009][T12640] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 780.167027][T12640] R13: 00007efdcd816038 R14: 00007efdcd815fa0 R15: 00007ffc6ccfb908 [ 780.167068][T12640] [ 781.849515][T12655] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1420'. [ 783.840538][T12674] netlink: 330 bytes leftover after parsing attributes in process `syz.2.1431'. [ 784.604042][T12687] netlink: 25 bytes leftover after parsing attributes in process `syz.2.1425'. [ 785.792303][T12701] input: f as /devices/virtual/input/input20 [ 788.076121][T12728] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input21 [ 789.939237][T12740] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 790.063451][T12740] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 790.089468][T12740] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 790.151994][T12740] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 791.256619][T12754] netlink: 342 bytes leftover after parsing attributes in process `syz.0.1439'. [ 791.746557][T12768] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1443'. [ 792.007151][T11219] Bluetooth: hci1: command 0x0406 tx timeout [ 792.086941][T11219] Bluetooth: hci0: command 0x0406 tx timeout [ 792.166860][T11219] Bluetooth: hci3: command 0x0406 tx timeout [ 792.172957][ T7196] Bluetooth: hci2: command 0x0406 tx timeout [ 792.463516][T12770] FAULT_INJECTION: forcing a failure. [ 792.463516][T12770] name failslab, interval 1, probability 0, space 0, times 0 [ 792.528607][T12770] CPU: 1 UID: 0 PID: 12770 Comm: syz.3.1445 Tainted: G L syzkaller #0 PREEMPT(full) [ 792.528669][T12770] Tainted: [L]=SOFTLOCKUP [ 792.528681][T12770] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 792.528699][T12770] Call Trace: [ 792.528709][T12770] [ 792.528720][T12770] dump_stack_lvl+0x100/0x190 [ 792.528772][T12770] should_fail_ex.cold+0x5/0xa [ 792.528808][T12770] should_failslab+0xc2/0x120 [ 792.528840][T12770] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 792.528887][T12770] ? __kernfs_new_node+0xd2/0x960 [ 792.528932][T12770] ? kstrdup+0xb3/0xe0 [ 792.528984][T12770] __kernfs_new_node+0xd2/0x960 [ 792.529033][T12770] ? __pfx___kernfs_new_node+0x10/0x10 [ 792.529086][T12770] ? find_held_lock+0x2b/0x80 [ 792.529115][T12770] ? kernfs_root+0xee/0x2a0 [ 792.529155][T12770] ? kernfs_root+0xee/0x2a0 [ 792.529205][T12770] kernfs_new_node+0x11b/0x1a0 [ 792.529260][T12770] __kernfs_create_file+0x53/0x350 [ 792.529300][T12770] cgroup_addrm_files+0x4d8/0xb90 [ 792.529365][T12770] ? __pfx_cgroup_addrm_files+0x10/0x10 [ 792.529429][T12770] ? idr_replace+0xfa/0x170 [ 792.529464][T12770] ? __pfx_idr_replace+0x10/0x10 [ 792.529504][T12770] css_populate_dir+0x161/0x590 [ 792.529545][T12770] cgroup_apply_control_enable+0x40a/0xbd0 [ 792.529609][T12770] cgroup_mkdir+0x57f/0x1330 [ 792.529669][T12770] ? __pfx_cgroup_mkdir+0x10/0x10 [ 792.529720][T12770] kernfs_iop_mkdir+0x111/0x190 [ 792.529766][T12770] ? bpf_lsm_inode_mkdir+0x9/0x10 [ 792.529812][T12770] vfs_mkdir+0x361/0x850 [ 792.529860][T12770] filename_mkdirat+0x48b/0x5e0 [ 792.529898][T12770] ? __pfx_filename_mkdirat+0x10/0x10 [ 792.529932][T12770] ? strncpy_from_user+0x19d/0x2d0 [ 792.529986][T12770] ? do_getname+0x191/0x390 [ 792.530027][T12770] __x64_sys_mkdir+0x6b/0x90 [ 792.530061][T12770] do_syscall_64+0x106/0xf80 [ 792.530096][T12770] ? clear_bhb_loop+0x40/0x90 [ 792.530134][T12770] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 792.530167][T12770] RIP: 0033:0x7fb516f9c799 [ 792.530192][T12770] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 792.530223][T12770] RSP: 002b:00007fb517e55028 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 792.530253][T12770] RAX: ffffffffffffffda RBX: 00007fb517215fa0 RCX: 00007fb516f9c799 [ 792.530274][T12770] RDX: 0000000000000000 RSI: 00000000000008cd RDI: 0000200000000000 [ 792.530293][T12770] RBP: 00007fb517032c99 R08: 0000000000000000 R09: 0000000000000000 [ 792.530311][T12770] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 792.530329][T12770] R13: 00007fb517216038 R14: 00007fb517215fa0 R15: 00007ffebd199118 [ 792.530369][T12770] [ 792.530403][T12770] cgroup: cgroup_addrm_files: failed to add stat, err=-12 [ 801.578594][T12861] hub 1-0:1.0: USB hub found [ 802.027170][T12861] hub 1-0:1.0: 1 port detected [ 805.561012][T12894] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1475'. [ 806.338208][T12911] futex_wake_op: syz.3.1470 tries to shift op by -2048; fix this program [ 806.686756][T12899] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1466'. [ 806.696302][T12911] futex_wake_op: syz.3.1470 tries to shift op by -2048; fix this program [ 808.813403][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 808.820650][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 811.438296][T12945] hub 1-0:1.0: USB hub found [ 811.612489][T12945] hub 1-0:1.0: 1 port detected [ 813.357096][T12975] HfR: entered promiscuous mode [ 813.359991][ C1] process 5824 (syz-executor) no longer affine to cpu1 [ 813.385531][ C1] process 12976 (syz.3.1483) no longer affine to cpu1 [ 813.411422][ T21] process 12978 (syz.3.1483) no longer affine to cpu1 [ 813.432876][T12978] smpboot: CPU 1 is now offline [ 813.524058][T12979] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1482'. [ 813.690490][ T6350] process 12977 (syz.3.1483) no longer affine to cpu1 [ 813.690973][T12979] HfR: left promiscuous mode [ 818.377912][T13018] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 818.395963][T13018] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 818.451300][T13018] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 818.517517][T13018] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 818.655642][T13024] bond0: no command found in slaves file - use +ifname or -ifname [ 820.427691][T11219] Bluetooth: hci0: command 0x0406 tx timeout [ 820.435083][ T7196] Bluetooth: hci1: command 0x0406 tx timeout [ 820.526339][ T7196] Bluetooth: hci2: command 0x0406 tx timeout [ 820.577618][ T7196] Bluetooth: hci3: command 0x0406 tx timeout [ 822.779372][T13032] hub 1-0:1.0: USB hub found [ 822.838655][T13032] hub 1-0:1.0: 1 port detected [ 828.346809][T13075] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(8.16.0), cmd(12) [ 828.884319][T13079] netlink: 330 bytes leftover after parsing attributes in process `syz.0.1501'. [ 829.023131][T13079] mac80211_hwsim hwsim7 : renamed from wlan0 (while UP) [ 829.862455][T13091] bridge0: port 3(team0) entered blocking state [ 829.868816][T13091] bridge0: port 3(team0) entered disabled state [ 830.314463][T13091] team0: entered allmulticast mode [ 830.319627][T13091] team_slave_0: entered allmulticast mode [ 830.613376][T13091] team_slave_1: entered allmulticast mode [ 830.793313][T13103] netlink: 330 bytes leftover after parsing attributes in process `syz.3.1505'. [ 830.892364][T13091] team0: entered promiscuous mode [ 830.897533][T13091] team_slave_0: entered promiscuous mode [ 831.149121][T13091] team_slave_1: entered promiscuous mode [ 831.260706][T13091] bridge0: port 3(team0) entered blocking state [ 831.267117][T13091] bridge0: port 3(team0) entered forwarding state [ 831.575184][ T30] audit: type=1800 audit(1773292403.747:15): pid=13106 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.1502" name="SYSV00000008" dev="hugetlbfs" ino=0 res=0 errno=0 [ 831.800988][T13103] mac80211_hwsim hwsim12 : renamed from wlan0 [ 834.300645][T13122] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1508'. [ 834.421167][T13122] netlink: 354 bytes leftover after parsing attributes in process `syz.1.1508'. [ 835.023222][T13129] FAULT_INJECTION: forcing a failure. [ 835.023222][T13129] name failslab, interval 1, probability 0, space 0, times 0 [ 835.186315][T13129] CPU: 0 UID: 0 PID: 13129 Comm: syz.1.1510 Tainted: G L syzkaller #0 PREEMPT(full) [ 835.186352][T13129] Tainted: [L]=SOFTLOCKUP [ 835.186359][T13129] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 835.186372][T13129] Call Trace: [ 835.186379][T13129] [ 835.186387][T13129] dump_stack_lvl+0x100/0x190 [ 835.186426][T13129] should_fail_ex.cold+0x5/0xa [ 835.186451][T13129] should_failslab+0xc2/0x120 [ 835.186474][T13129] __kmalloc_cache_noprof+0x7a/0x6f0 [ 835.186503][T13129] ? assoc_array_delete+0x101/0xd10 [ 835.186532][T13129] ? __lock_acquire+0x4a5/0x2630 [ 835.186565][T13129] assoc_array_delete+0x101/0xd10 [ 835.186600][T13129] ? __pfx_assoc_array_delete+0x10/0x10 [ 835.186640][T13129] ? __pfx_down_write+0x10/0x10 [ 835.186669][T13129] ? __sys_bind+0x1c7/0x260 [ 835.186695][T13129] key_unlink+0xbc/0x310 [ 835.186722][T13129] ? __pfx_key_unlink+0x10/0x10 [ 835.186749][T13129] ? xfd_validate_state+0x129/0x190 [ 835.186784][T13129] keyctl_keyring_unlink+0xdc/0x1b0 [ 835.186816][T13129] __do_sys_keyctl+0x3dd/0x5a0 [ 835.186850][T13129] do_syscall_64+0x106/0xf80 [ 835.186876][T13129] ? clear_bhb_loop+0x40/0x90 [ 835.186903][T13129] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 835.186926][T13129] RIP: 0033:0x7fcfb8d9c799 [ 835.186944][T13129] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 835.186965][T13129] RSP: 002b:00007fcfb9ca5028 EFLAGS: 00000246 ORIG_RAX: 00000000000000fa [ 835.187015][T13129] RAX: ffffffffffffffda RBX: 00007fcfb9015fa0 RCX: 00007fcfb8d9c799 [ 835.187030][T13129] RDX: 7ffffffffffffffb RSI: fffffffffffffffd RDI: 0000000000000009 [ 835.187045][T13129] RBP: 00007fcfb8e32c99 R08: 8000000000000000 R09: 0000000000000000 [ 835.187059][T13129] R10: 080000000000000b R11: 0000000000000246 R12: 0000000000000000 [ 835.187074][T13129] R13: 00007fcfb9016038 R14: 00007fcfb9015fa0 R15: 00007ffc7cdf5ae8 [ 835.187116][T13129] [ 836.215368][T13134] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 836.247459][T13134] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 836.272919][T13134] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 836.313067][T13134] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 837.068395][T13152] netlink: 'syz.0.1517': attribute type 4 has an invalid length. [ 838.272736][ T7196] Bluetooth: hci1: command 0x0406 tx timeout [ 838.345768][ T7196] Bluetooth: hci3: command 0x0406 tx timeout [ 838.351960][T11219] Bluetooth: hci2: command 0x0406 tx timeout [ 838.358078][T11219] Bluetooth: hci0: command 0x0406 tx timeout [ 839.196353][T13169] Bluetooth: hci2: Received unexpected HCI Event 0x00 [ 839.601366][T13187] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input22 [ 841.816758][T13196] netlink: 'syz.2.1522': attribute type 1 has an invalid length. [ 841.907677][T13196] netlink: 9 bytes leftover after parsing attributes in process `syz.2.1522'. [ 844.682192][T13225] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1528'. [ 844.860594][T13230] netlink: 'syz.2.1528': attribute type 1 has an invalid length. [ 844.995182][T13230] netlink: 51505 bytes leftover after parsing attributes in process `syz.2.1528'. [ 849.037171][T13262] FAULT_INJECTION: forcing a failure. [ 849.037171][T13262] name failslab, interval 1, probability 0, space 0, times 0 [ 849.049807][T13262] CPU: 0 UID: 0 PID: 13262 Comm: syz.3.1537 Tainted: G L syzkaller #0 PREEMPT(full) [ 849.049841][T13262] Tainted: [L]=SOFTLOCKUP [ 849.049849][T13262] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 849.049862][T13262] Call Trace: [ 849.049870][T13262] [ 849.049878][T13262] dump_stack_lvl+0x100/0x190 [ 849.049916][T13262] should_fail_ex.cold+0x5/0xa [ 849.049941][T13262] should_failslab+0xc2/0x120 [ 849.049963][T13262] __kmalloc_cache_noprof+0x7a/0x6f0 [ 849.049991][T13262] ? snd_ctl_notify.part.0+0x337/0x650 [ 849.050025][T13262] snd_ctl_notify.part.0+0x337/0x650 [ 849.050061][T13262] snd_ctl_notify_one+0x2a4/0x300 [ 849.050088][T13262] ? __pfx_snd_ctl_notify_one+0x10/0x10 [ 849.050122][T13262] ? mark_held_locks+0x40/0x70 [ 849.050153][T13262] __snd_ctl_add_replace+0x60b/0x840 [ 849.050187][T13262] ? __pfx___snd_ctl_add_replace+0x10/0x10 [ 849.050222][T13262] ? __kmalloc_noprof+0x320/0x850 [ 849.050253][T13262] ? snd_ctl_new+0x13c/0x1a0 [ 849.050282][T13262] snd_ctl_elem_add+0x832/0x1370 [ 849.050317][T13262] ? __might_fault+0xc5/0x140 [ 849.050346][T13262] ? __might_fault+0xc5/0x140 [ 849.050377][T13262] ? __pfx_snd_ctl_elem_add+0x10/0x10 [ 849.050414][T13262] snd_ctl_elem_add_user+0xc5/0x170 [ 849.050445][T13262] ? __pfx_snd_ctl_elem_add_user+0x10/0x10 [ 849.050474][T13262] ? find_held_lock+0x2b/0x80 [ 849.050515][T13262] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 849.050552][T13262] ? do_vfs_ioctl+0x226/0x13e0 [ 849.050585][T13262] snd_ctl_ioctl+0xbdf/0x1330 [ 849.050615][T13262] ? __pfx_snd_ctl_ioctl+0x10/0x10 [ 849.050649][T13262] ? find_held_lock+0x2b/0x80 [ 849.050667][T13262] ? __fget_files+0x215/0x3d0 [ 849.050702][T13262] ? hook_file_ioctl_common+0x146/0x410 [ 849.050740][T13262] ? __fget_files+0x21f/0x3d0 [ 849.050762][T13262] ? __pfx_snd_ctl_ioctl+0x10/0x10 [ 849.050791][T13262] __x64_sys_ioctl+0x18e/0x210 [ 849.050821][T13262] do_syscall_64+0x106/0xf80 [ 849.050845][T13262] ? clear_bhb_loop+0x40/0x90 [ 849.050870][T13262] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 849.050890][T13262] RIP: 0033:0x7fb516f9c799 [ 849.050908][T13262] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 849.050928][T13262] RSP: 002b:00007fb517e34028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 849.050947][T13262] RAX: ffffffffffffffda RBX: 00007fb517216090 RCX: 00007fb516f9c799 [ 849.050961][T13262] RDX: 0000200000000580 RSI: 00000000c1105517 RDI: 0000000000000009 [ 849.050974][T13262] RBP: 00007fb517032c99 R08: 0000000000000000 R09: 0000000000000000 [ 849.050986][T13262] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 849.050998][T13262] R13: 00007fb517216128 R14: 00007fb517216090 R15: 00007ffebd199118 [ 849.051024][T13262] [ 849.051037][T13262] snd_virmidi snd_virmidi.0: No memory available to allocate event [ 849.369409][T13253] Invalid ELF header magic: != ELF [ 851.962556][T13268] can: request_module (can-proto-3) failed. [ 855.183075][T13300] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(8.16.0), cmd(12) Ijn9_U[ 864.559571][T13169] Bluetooth: hci2: unexpected event 0x17 length: 440 > 6 [ 866.895128][T13169] Bluetooth: hci1: Received unexpected HCI Event 0x00 [ 867.600655][T13403] netlink: 'syz.1.1564': attribute type 1 has an invalid length. [ 870.287876][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 870.295503][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 871.613042][T13419] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(12) [ 872.149939][T13418] Invalid ELF header magic: != ELF [ 873.043582][T13428] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1567'. [ 876.618590][T13442] vivid-007: ================= START STATUS ================= [ 876.788604][T13442] vivid-007: Generate PTS: true [ 876.886922][T13442] vivid-007: Generate SCR: true [ 876.891901][T13442] tpg source WxH: 320x240 (Y'CbCr) [ 877.195489][T13442] tpg field: 1 [ 877.198931][T13442] tpg crop: (0,0)/320x240 [ 877.203286][T13442] tpg compose: (0,0)/320x240 [ 877.606248][T13442] tpg colorspace: 8 [ 877.610112][T13442] tpg transfer function: 0/0 [ 877.874485][T13442] tpg Y'CbCr encoding: 0/0 [ 877.924456][T13442] tpg quantization: 0/0 [ 878.036228][T13442] tpg RGB range: 0/2 [ 878.040196][T13442] vivid-007: ================== END STATUS ================== [ 880.658928][T13467] bridge0: port 4(gretap0) entered blocking state [ 880.737815][T13467] bridge0: port 4(gretap0) entered disabled state [ 880.847493][T13467] gretap0: entered allmulticast mode [ 880.903544][T13467] FAULT_INJECTION: forcing a failure. [ 880.903544][T13467] name failslab, interval 1, probability 0, space 0, times 0 [ 881.066528][T13467] CPU: 0 UID: 0 PID: 13467 Comm: syz.0.1575 Tainted: G L syzkaller #0 PREEMPT(full) [ 881.066564][T13467] Tainted: [L]=SOFTLOCKUP [ 881.066572][T13467] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 881.066585][T13467] Call Trace: [ 881.066592][T13467] [ 881.066600][T13467] dump_stack_lvl+0x100/0x190 [ 881.066638][T13467] should_fail_ex.cold+0x5/0xa [ 881.066664][T13467] should_failslab+0xc2/0x120 [ 881.066687][T13467] __kmalloc_cache_noprof+0x7a/0x6f0 [ 881.066715][T13467] ? __netdev_adjacent_dev_insert+0x22b/0xbf0 [ 881.066740][T13467] ? sysfs_do_create_link_sd+0xbb/0x140 [ 881.066776][T13467] __netdev_adjacent_dev_insert+0x22b/0xbf0 [ 881.066805][T13467] ? __pfx___netdev_adjacent_dev_insert+0x10/0x10 [ 881.066846][T13467] __netdev_upper_dev_link+0x413/0x7e0 [ 881.066884][T13467] ? __pfx___netdev_upper_dev_link+0x10/0x10 [ 881.066917][T13467] ? kernfs_root+0xf8/0x2a0 [ 881.066952][T13467] ? kernfs_add_one+0x214/0x850 [ 881.066994][T13467] netdev_master_upper_dev_link+0x9f/0xd0 [ 881.067029][T13467] ? __pfx_netdev_master_upper_dev_link+0x10/0x10 [ 881.067065][T13467] ? lockdep_rtnl_is_held+0x26/0x40 [ 881.067100][T13467] ? netdev_is_rx_handler_busy+0x83/0x140 [ 881.067200][T13467] br_add_if+0x9fd/0x1b40 [ 881.067249][T13467] ? security_capable+0x80/0x260 [ 881.067283][T13467] add_del_if+0x114/0x160 [ 881.067325][T13467] br_dev_siocdevprivate+0x8ac/0x1650 [ 881.067351][T13467] ? __lock_acquire+0x4a5/0x2630 [ 881.067380][T13467] ? __pfx_br_dev_siocdevprivate+0x10/0x10 [ 881.067415][T13467] ? do_raw_spin_lock+0x128/0x260 [ 881.067452][T13467] ? mark_held_locks+0x40/0x70 [ 881.067483][T13467] ? netdev_name_node_lookup+0x107/0x150 [ 881.067504][T13467] ? __mutex_lock+0x26a/0x1b90 [ 881.067535][T13467] dev_ifsioc+0xc1e/0x1e90 [ 881.067577][T13467] ? __pfx_dev_ifsioc+0x10/0x10 [ 881.067599][T13467] ? __pfx___mutex_lock+0x10/0x10 [ 881.067636][T13467] ? dev_load+0x8e/0x240 [ 881.067656][T13467] ? dev_load+0x8e/0x240 [ 881.067684][T13467] dev_ioctl+0x70e/0x1070 [ 881.067710][T13467] sock_ioctl+0x494/0x6b0 [ 881.067747][T13467] ? __pfx_sock_ioctl+0x10/0x10 [ 881.067780][T13467] ? hook_file_ioctl_common+0x146/0x410 [ 881.067828][T13467] ? __fget_files+0x21f/0x3d0 [ 881.067852][T13467] ? __pfx_sock_ioctl+0x10/0x10 [ 881.067889][T13467] __x64_sys_ioctl+0x18e/0x210 [ 881.067922][T13467] do_syscall_64+0x106/0xf80 [ 881.067948][T13467] ? clear_bhb_loop+0x40/0x90 [ 881.067975][T13467] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 881.067998][T13467] RIP: 0033:0x7efdcd59c799 [ 881.068016][T13467] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 881.068037][T13467] RSP: 002b:00007efdce4f2028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 881.068058][T13467] RAX: ffffffffffffffda RBX: 00007efdcd816090 RCX: 00007efdcd59c799 [ 881.068072][T13467] RDX: 0000200000000040 RSI: 00000000000089fc RDI: 000000000000000a [ 881.068086][T13467] RBP: 00007efdcd632c99 R08: 0000000000000000 R09: 0000000000000000 [ 881.068100][T13467] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 881.068113][T13467] R13: 00007efdcd816128 R14: 00007efdcd816090 R15: 00007ffc6ccfb908 [ 881.068140][T13467] [ 883.631083][T13467] gretap0: left allmulticast mode [ 884.169020][T13493] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1582'. [ 884.239682][T13497] netlink: 'syz.0.1582': attribute type 1 has an invalid length. [ 884.332237][T13497] netlink: 5 bytes leftover after parsing attributes in process `syz.0.1582'. [ 886.602901][T13494] can: request_module (can-proto-3) failed. [ 889.341607][T13528] netlink: 'syz.0.1587': attribute type 1 has an invalid length. [ 893.333512][T13169] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 893.853982][T13169] Bluetooth: hci3: unexpected event 0x23 length: 127 > 13 [ 894.256049][T13558] Invalid ELF header magic: != ELF [ 895.742510][T13169] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 905.849174][T13657] random: crng reseeded on system resumption [ 917.726339][T13753] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1634'. [ 922.714574][T13774] netlink: 'syz.3.1637': attribute type 23 has an invalid length. [ 923.933890][T13789] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1638'. [ 924.396895][T13782] zswap: compressor not available [ 927.295736][T13829] kvm: kvm [13826]: vcpu2, guest rIP: 0xfff0 Unhandled WRMSR(0xc1) = 0x2 [ 928.532290][T13843] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 931.057658][T13864] bond0: option slaves: interface - does not exist! [ 931.209245][T13169] Bluetooth: hci3: unexpected event 0x18 length: 440 > 23 [ 931.765754][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 931.772073][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 933.500915][T13896] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1661'. [ 933.582126][T13897] netlink: 354 bytes leftover after parsing attributes in process `syz.3.1661'. [ 935.803549][T13879] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 939.820936][T13939] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 943.669369][T13967] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input23 [ 944.245042][T13972] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1676'. Ijn9_UVQ8j@:Un M%Ux[ 949.702009][T14017] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 949.920787][T14020] usb usb13: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 956.909936][T14074] zswap: compressor not available [ 958.306099][T14082] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 958.312238][T14082] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 958.716262][T14082] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 958.722376][T14082] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 959.143780][T14082] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 960.337474][T13169] Bluetooth: hci0: command 0x0406 tx timeout [ 960.343698][ T7197] Bluetooth: hci1: command 0x0406 tx timeout [ 960.807764][T13169] Bluetooth: hci3: command 0x0406 tx timeout [ 960.813812][ T7197] Bluetooth: hci2: command 0x0406 tx timeout [ 962.889125][T13169] Bluetooth: hci3: command 0x0406 tx timeout [ 964.369153][T14131] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1705'. [ 970.463608][T14191] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1714'. [ 970.537858][T14191] netlink: 354 bytes leftover after parsing attributes in process `syz.3.1714'. [ 970.715162][T14194] FAULT_INJECTION: forcing a failure. [ 970.715162][T14194] name failslab, interval 1, probability 0, space 0, times 0 [ 970.860520][T14194] CPU: 0 UID: 0 PID: 14194 Comm: syz.1.1716 Tainted: G L syzkaller #0 PREEMPT(full) [ 970.860556][T14194] Tainted: [L]=SOFTLOCKUP [ 970.860563][T14194] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 970.860577][T14194] Call Trace: [ 970.860584][T14194] [ 970.860592][T14194] dump_stack_lvl+0x100/0x190 [ 970.860630][T14194] should_fail_ex.cold+0x5/0xa [ 970.860656][T14194] should_failslab+0xc2/0x120 [ 970.860679][T14194] __kmalloc_cache_noprof+0x7a/0x6f0 [ 970.860708][T14194] ? acpi_ds_call_control_method+0x300/0xab0 [ 970.860825][T14194] acpi_ds_call_control_method+0x300/0xab0 [ 970.860861][T14194] acpi_ps_parse_aml+0xacd/0x1120 [ 970.860904][T14194] acpi_ps_execute_method+0x5c4/0xe90 [ 970.860934][T14194] acpi_ns_evaluate+0x640/0x1670 [ 970.860985][T14194] acpi_evaluate_object+0x420/0xe00 [ 970.861018][T14194] ? kasan_save_stack+0x30/0x50 [ 970.861051][T14194] ? kasan_save_track+0x14/0x30 [ 970.861090][T14194] ? __pfx_acpi_evaluate_object+0x10/0x10 [ 970.861131][T14194] acpi_evaluate_integer+0xdf/0x220 [ 970.861189][T14194] ? __pfx_acpi_evaluate_integer+0x10/0x10 [ 970.861229][T14194] ? __pfx_status_show+0x10/0x10 [ 970.861261][T14194] status_show+0xa0/0x120 [ 970.861293][T14194] ? __pfx_status_show+0x10/0x10 [ 970.861332][T14194] dev_attr_show+0x52/0xa0 [ 970.861379][T14194] ? __pfx_dev_attr_show+0x10/0x10 [ 970.861400][T14194] sysfs_kf_seq_show+0x217/0x3a0 [ 970.861433][T14194] seq_read_iter+0x32f/0x1270 [ 970.861480][T14194] kernfs_fop_read_iter+0x46c/0x610 [ 970.861505][T14194] ? rw_verify_area+0xce/0x6d0 [ 970.861536][T14194] ? __pfx_kernfs_fop_read_iter+0x10/0x10 [ 970.861563][T14194] vfs_read+0x825/0xb30 [ 970.861600][T14194] ? __pfx_vfs_read+0x10/0x10 [ 970.861652][T14194] ksys_read+0x12a/0x250 [ 970.861685][T14194] ? __pfx_ksys_read+0x10/0x10 [ 970.861728][T14194] do_syscall_64+0x106/0xf80 [ 970.861754][T14194] ? clear_bhb_loop+0x40/0x90 [ 970.861782][T14194] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 970.861805][T14194] RIP: 0033:0x7fcfb8d9c799 [ 970.861826][T14194] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 970.861848][T14194] RSP: 002b:00007fcfb9ca5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 970.861869][T14194] RAX: ffffffffffffffda RBX: 00007fcfb9015fa0 RCX: 00007fcfb8d9c799 [ 970.861884][T14194] RDX: 000000000000007a RSI: 0000200000000140 RDI: 0000000000000008 [ 970.861897][T14194] RBP: 00007fcfb8e32c99 R08: 0000000000000000 R09: 0000000000000000 [ 970.861911][T14194] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 970.861924][T14194] R13: 00007fcfb9016038 R14: 00007fcfb9015fa0 R15: 00007ffc7cdf5ae8 [ 970.861958][T14194] [ 971.522906][T14174] futex_wake_op: syz.0.1711 tries to shift op by -2048; fix this program [ 973.245175][T14219] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1721'. [ 973.358004][T14219] veth1_macvtap: left promiscuous mode [ 973.372110][T14194] ACPI Error: Aborting method \_SB.LNKA._STA due to previous error (AE_NO_MEMORY) (20251212/psparse-529) [ 979.847876][T14274] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1732'. [ 979.979775][T14274] veth1_macvtap: left promiscuous mode [ 982.068509][T13169] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 984.105367][ T7197] Bluetooth: hci3: command 0x0406 tx timeout [ 985.451713][ T7197] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 985.461829][ T7197] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:0' [ 985.472317][ T7197] CPU: 0 UID: 0 PID: 7197 Comm: kworker/u11:3 Tainted: G L syzkaller #0 PREEMPT(full) [ 985.472352][ T7197] Tainted: [L]=SOFTLOCKUP [ 985.472360][ T7197] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 985.472394][ T7197] Workqueue: hci3 hci_rx_work [ 985.472457][ T7197] Call Trace: [ 985.472464][ T7197] [ 985.472472][ T7197] dump_stack_lvl+0x100/0x190 [ 985.472509][ T7197] sysfs_warn_dup.cold+0x1c/0x28 [ 985.472541][ T7197] sysfs_create_dir_ns+0x24b/0x2b0 [ 985.472580][ T7197] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 985.472609][ T7197] ? find_held_lock+0x2b/0x80 [ 985.472629][ T7197] ? kobject_add_internal+0x25f/0x930 [ 985.472661][ T7197] ? kobject_add_internal+0x25f/0x930 [ 985.472695][ T7197] ? do_raw_spin_unlock+0x145/0x1e0 [ 985.472730][ T7197] kobject_add_internal+0x2c8/0x930 [ 985.472766][ T7197] kobject_add+0x16a/0x1e0 [ 985.472798][ T7197] ? __pfx_kobject_add+0x10/0x10 [ 985.472828][ T7197] ? class_to_subsys+0x10f/0x150 [ 985.472877][ T7197] ? kobject_put+0xb9/0x640 [ 985.472916][ T7197] ? _raw_spin_unlock+0x28/0x50 [ 985.472945][ T7197] device_add+0x294/0x1950 [ 985.472965][ T7197] ? __pfx_dev_set_name+0x10/0x10 [ 985.472990][ T7197] ? __pfx_device_add+0x10/0x10 [ 985.473009][ T7197] ? mgmt_send_event_skb+0x2fb/0x460 [ 985.473052][ T7197] hci_conn_add_sysfs+0x1a3/0x260 [ 985.473091][ T7197] le_conn_complete_evt+0x11cb/0x1f40 [ 985.473132][ T7197] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 985.473152][ T7197] ? __pfx_bt_warn+0x10/0x10 [ 985.473181][ T7197] hci_le_conn_complete_evt+0x23c/0x3a0 [ 985.473203][ T7197] ? skb_pull_data+0x15f/0x1e0 [ 985.473239][ T7197] hci_le_meta_evt+0x34a/0x5f0 [ 985.473276][ T7197] ? __pfx_hci_le_conn_complete_evt+0x10/0x10 [ 985.473319][ T7197] hci_event_packet+0x682/0x11c0 [ 985.473342][ T7197] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 985.473367][ T7197] ? __pfx_hci_event_packet+0x10/0x10 [ 985.473393][ T7197] ? kcov_remote_start+0x374/0x660 [ 985.473413][ T7197] ? lockdep_hardirqs_on+0x78/0x100 [ 985.473446][ T7197] hci_rx_work+0x451/0xfc0 [ 985.473471][ T7197] process_one_work+0x9d7/0x1920 [ 985.473514][ T7197] ? __pfx_process_one_work+0x10/0x10 [ 985.473560][ T7197] ? __pfx_hci_rx_work+0x10/0x10 [ 985.473584][ T7197] worker_thread+0x5da/0xe40 [ 985.473626][ T7197] ? kthread+0x13a/0x450 [ 985.473653][ T7197] ? __pfx_worker_thread+0x10/0x10 [ 985.473684][ T7197] kthread+0x370/0x450 [ 985.473712][ T7197] ? __pfx_kthread+0x10/0x10 [ 985.473742][ T7197] ret_from_fork+0x754/0xd80 [ 985.473780][ T7197] ? __pfx_ret_from_fork+0x10/0x10 [ 985.473814][ T7197] ? __switch_to+0x7b4/0x1120 [ 985.473855][ T7197] ? __pfx_kthread+0x10/0x10 [ 985.473902][ T7197] ret_from_fork_asm+0x1a/0x30 [ 985.473942][ T7197] [ 985.473968][ T7197] kobject: kobject_add_internal failed for hci3:0 with -EEXIST, don't try to register things with the same name in the same directory. [ 985.778392][ T7197] Bluetooth: hci3: failed to register connection device [ 986.187685][ T7197] Bluetooth: hci3: command 0x0406 tx timeout [ 988.503926][ T7197] Bluetooth: hci3: command 0x0406 tx timeout [ 989.990120][T14364] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1749'. [ 990.073560][T14364] netlink: 354 bytes leftover after parsing attributes in process `syz.2.1749'. [ 990.581808][ T7197] Bluetooth: hci3: command 0x0406 tx timeout [ 990.924818][ T30] audit: type=1800 audit(1773294609.009:16): pid=14371 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.1751" name="dbroot" dev="configfs" ino=621372 res=0 errno=0 [ 991.488932][T14375] futex_wake_op: syz.3.1752 tries to shift op by -2048; fix this program [ 991.616603][T14375] futex_wake_op: syz.3.1752 tries to shift op by -2048; fix this program [ 993.228541][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 993.234970][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 994.377444][T14389] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 994.418842][T14389] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 994.484060][T14389] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 994.490113][T14389] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 995.949878][ T7197] Bluetooth: hci1: command 0x0406 tx timeout [ 996.119428][T14408] FAULT_INJECTION: forcing a failure. [ 996.119428][T14408] name failslab, interval 1, probability 0, space 0, times 0 [ 996.243762][T14408] CPU: 0 UID: 0 PID: 14408 Comm: syz.3.1763 Tainted: G L syzkaller #0 PREEMPT(full) [ 996.243800][T14408] Tainted: [L]=SOFTLOCKUP [ 996.243807][T14408] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 996.243838][T14408] Call Trace: [ 996.243845][T14408] [ 996.243854][T14408] dump_stack_lvl+0x100/0x190 [ 996.243914][T14408] should_fail_ex.cold+0x5/0xa [ 996.243942][T14408] should_failslab+0xc2/0x120 [ 996.243968][T14408] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 996.244004][T14408] ? mem_cgroup_css_alloc+0x5a/0x1e00 [ 996.244031][T14408] ? idr_replace+0xfa/0x170 [ 996.244062][T14408] mem_cgroup_css_alloc+0x5a/0x1e00 [ 996.244095][T14408] cgroup_apply_control_enable+0x4c3/0xbd0 [ 996.244144][T14408] cgroup_mkdir+0x57f/0x1330 [ 996.244188][T14408] ? __pfx_cgroup_mkdir+0x10/0x10 [ 996.244228][T14408] kernfs_iop_mkdir+0x111/0x190 [ 996.244265][T14408] ? bpf_lsm_inode_mkdir+0x9/0x10 [ 996.244302][T14408] vfs_mkdir+0x361/0x850 [ 996.244339][T14408] filename_mkdirat+0x48b/0x5e0 [ 996.244369][T14408] ? __pfx_filename_mkdirat+0x10/0x10 [ 996.244396][T14408] ? strncpy_from_user+0x19d/0x2d0 [ 996.244438][T14408] ? do_getname+0x191/0x390 [ 996.244471][T14408] __x64_sys_mkdir+0x6b/0x90 [ 996.244497][T14408] do_syscall_64+0x106/0xf80 [ 996.244529][T14408] ? clear_bhb_loop+0x40/0x90 [ 996.244558][T14408] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 996.244583][T14408] RIP: 0033:0x7fb516f9c799 [ 996.244608][T14408] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 996.244632][T14408] RSP: 002b:00007fb517e55028 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 996.244654][T14408] RAX: ffffffffffffffda RBX: 00007fb517215fa0 RCX: 00007fb516f9c799 [ 996.244670][T14408] RDX: 0000000000000000 RSI: 00000000000008cd RDI: 0000200000000000 [ 996.244685][T14408] RBP: 00007fb517032c99 R08: 0000000000000000 R09: 0000000000000000 [ 996.244700][T14408] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 996.244714][T14408] R13: 00007fb517216038 R14: 00007fb517215fa0 R15: 00007ffebd199118 [ 996.244746][T14408] [ 996.876270][ T7197] Bluetooth: hci0: command 0x0406 tx timeout [ 996.882314][ T7197] Bluetooth: hci3: command 0x0406 tx timeout [ 996.890456][ T7197] Bluetooth: hci2: command 0x0406 tx timeout [ 1001.458344][T14455] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1772'. [ 1001.562572][T14458] netlink: 354 bytes leftover after parsing attributes in process `syz.2.1772'. [ 1001.791449][T14463] netlink: 'syz.3.1773': attribute type 64 has an invalid length. [ 1001.870148][T14463] netlink: 74 bytes leftover after parsing attributes in process `syz.3.1773'. [ 1009.370019][T14546] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1783'. [ 1009.471931][T14547] netlink: 354 bytes leftover after parsing attributes in process `syz.3.1783'. [ 1010.426496][T14554] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1784'. [ 1010.510377][T14556] netlink: 'syz.3.1784': attribute type 1 has an invalid length. [ 1010.673276][T14556] netlink: 51505 bytes leftover after parsing attributes in process `syz.3.1784'. [ 1012.933118][T14568] binder: 14565:14568 ioctl c018620c 0 returned -1 [ 1017.376247][T14605] FAULT_INJECTION: forcing a failure. [ 1017.376247][T14605] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 1017.766288][T14605] CPU: 0 UID: 0 PID: 14605 Comm: syz.2.1796 Tainted: G L syzkaller #0 PREEMPT(full) [ 1017.766324][T14605] Tainted: [L]=SOFTLOCKUP [ 1017.766331][T14605] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 1017.766343][T14605] Call Trace: [ 1017.766349][T14605] [ 1017.766357][T14605] dump_stack_lvl+0x100/0x190 [ 1017.766393][T14605] should_fail_ex.cold+0x5/0xa [ 1017.766418][T14605] _copy_from_user+0x2e/0xd0 [ 1017.766497][T14605] snd_pcm_oss_write2+0x1c2/0x400 [ 1017.766557][T14605] ? __pfx_snd_pcm_oss_write2+0x10/0x10 [ 1017.766599][T14605] snd_pcm_oss_write+0x729/0xa30 [ 1017.766620][T14605] ? security_file_permission+0x76/0x210 [ 1017.766648][T14605] vfs_write+0x2aa/0x1070 [ 1017.766682][T14605] ? __pfx_snd_pcm_oss_write+0x10/0x10 [ 1017.766711][T14605] ? __pfx_vfs_write+0x10/0x10 [ 1017.766746][T14605] ? find_held_lock+0x2b/0x80 [ 1017.766764][T14605] ? __fget_files+0x215/0x3d0 [ 1017.766783][T14605] ? __fget_files+0x215/0x3d0 [ 1017.766806][T14605] ? __fget_files+0x21f/0x3d0 [ 1017.766832][T14605] ksys_write+0x12a/0x250 [ 1017.766850][T14605] ? __pfx_ksys_write+0x10/0x10 [ 1017.766875][T14605] do_syscall_64+0x106/0xf80 [ 1017.766900][T14605] ? clear_bhb_loop+0x40/0x90 [ 1017.766925][T14605] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1017.766947][T14605] RIP: 0033:0x7fb5f5b9c799 [ 1017.766964][T14605] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1017.766984][T14605] RSP: 002b:00007fb5f6ae0028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1017.767003][T14605] RAX: ffffffffffffffda RBX: 00007fb5f5e16270 RCX: 00007fb5f5b9c799 [ 1017.767017][T14605] RDX: 0000000000100082 RSI: 0000000000000000 RDI: 0000000000000003 [ 1017.767029][T14605] RBP: 00007fb5f5c32c99 R08: 0000000000000000 R09: 0000000000000000 [ 1017.767042][T14605] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1017.767054][T14605] R13: 00007fb5f5e16308 R14: 00007fb5f5e16270 R15: 00007fff40d96958 [ 1017.767080][T14605] [ 1018.761346][T13169] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18 [ 1020.002119][T14625] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78010 [ 1020.221972][T14625] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 1020.318548][T14625] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 1020.406674][T14625] page_type: f5(slab) [ 1020.479516][T14625] raw: 00fff00000000040 ffff88813fe3d140 dead000000000100 dead000000000122 [ 1020.564942][T14625] raw: 0000000000000000 0000000800040004 00000000f5000000 0000000000000000 [ 1020.666813][T14625] head: 00fff00000000040 ffff88813fe3d140 dead000000000100 dead000000000122 [ 1020.675577][T14625] head: 0000000000000000 0000000800040004 00000000f5000000 0000000000000000 [ 1020.816977][T14625] head: 00fff00000000003 ffffea0001e00401 00000000ffffffff 00000000ffffffff [ 1020.825769][T14625] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 1020.852345][T13169] Bluetooth: hci2: command 0x0406 tx timeout [ 1021.006083][T14625] page dumped because: unmovable page [ 1021.057528][T14625] page_owner tracks the page as allocated [ 1021.191706][T14625] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 6300, tgid 6300 (kworker/u10:6), ts 304167955705, free_ts 292081659192 [ 1021.398846][T14625] post_alloc_hook+0x153/0x170 [ 1021.403675][T14625] get_page_from_freelist+0x111d/0x3140 [ 1021.501559][T14625] __alloc_frozen_pages_noprof+0x27c/0x2ba0 [ 1021.540249][T14625] new_slab+0xa6/0x6c0 [ 1021.589179][T14625] refill_objects+0x26b/0x400 [ 1021.593972][T14625] __pcs_replace_empty_main+0x1ab/0x600 [ 1021.688738][T14625] __kmalloc_node_track_caller_noprof+0x694/0x850 [ 1021.695273][T14625] kmalloc_reserve+0xe8/0x350 [ 1021.770988][T14625] __alloc_skb+0x185/0x710 [ 1021.776358][T14625] nsim_dev_trap_report_work+0x2af/0xd10 [ 1021.852876][T14625] process_one_work+0x9d7/0x1920 [ 1021.881621][T14625] worker_thread+0x5da/0xe40 [ 1021.929197][T14625] kthread+0x370/0x450 [ 1021.933333][T14625] ret_from_fork+0x754/0xd80 [ 1022.001097][T14625] ret_from_fork_asm+0x1a/0x30 [ 1022.005915][T14625] page last free pid 23 tgid 23 stack trace: [ 1022.098714][T14625] __free_frozen_pages+0x7e1/0x10d0 [ 1022.103983][T14625] tlb_remove_table_rcu+0x2cf/0x380 [ 1022.197630][T14625] rcu_core+0x5a2/0x10d0 [ 1022.202002][T14625] handle_softirqs+0x1eb/0x9e0 [ 1022.206804][T14625] run_ksoftirqd+0x38/0x60 [ 1022.298937][T14625] smpboot_thread_fn+0x3d3/0xaa0 [ 1022.337765][T14625] kthread+0x370/0x450 [ 1022.361208][T14625] ret_from_fork+0x754/0xd80 [ 1022.413869][T14625] ret_from_fork_asm+0x1a/0x30 [ 1022.940093][ T7197] Bluetooth: hci2: command 0x0406 tx timeout [ 1024.045481][T14648] FAULT_INJECTION: forcing a failure. [ 1024.045481][T14648] name failslab, interval 1, probability 0, space 0, times 0 [ 1024.182842][T14648] CPU: 0 UID: 0 PID: 14648 Comm: syz.2.1803 Tainted: G L syzkaller #0 PREEMPT(full) [ 1024.182881][T14648] Tainted: [L]=SOFTLOCKUP [ 1024.182889][T14648] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 1024.182904][T14648] Call Trace: [ 1024.182911][T14648] [ 1024.182921][T14648] dump_stack_lvl+0x100/0x190 [ 1024.182962][T14648] should_fail_ex.cold+0x5/0xa [ 1024.182991][T14648] should_failslab+0xc2/0x120 [ 1024.183017][T14648] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 1024.183053][T14648] ? __proc_create+0x2cb/0x8c0 [ 1024.183097][T14648] __proc_create+0x2cb/0x8c0 [ 1024.183136][T14648] ? __pfx___proc_create+0x10/0x10 [ 1024.183174][T14648] ? proc_register+0x554/0x8a0 [ 1024.183200][T14648] ? _raw_write_unlock+0x28/0x50 [ 1024.183231][T14648] proc_create_reg+0x75/0x170 [ 1024.183257][T14648] proc_create_net_data+0x8e/0x1c0 [ 1024.183298][T14648] ? __pfx_proc_create_net_data+0x10/0x10 [ 1024.183338][T14648] ? __pfx_proc_create_net_data+0x10/0x10 [ 1024.183378][T14648] ? __pfx_uevent_net_rcv+0x10/0x10 [ 1024.183419][T14648] ? __pfx_dev_proc_net_init+0x10/0x10 [ 1024.183519][T14648] dev_proc_net_init+0x5e/0x230 [ 1024.183546][T14648] ops_init+0x1e2/0x5f0 [ 1024.183580][T14648] setup_net+0x118/0x3a0 [ 1024.183612][T14648] ? __pfx_setup_net+0x10/0x10 [ 1024.183642][T14648] ? lockdep_init_map_type+0x5c/0x250 [ 1024.183683][T14648] ? mutex_init_lockep+0x110/0x150 [ 1024.183734][T14648] copy_net_ns+0x46f/0x7c0 [ 1024.183770][T14648] create_new_namespaces+0x3ea/0xac0 [ 1024.183804][T14648] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 1024.183851][T14648] ksys_unshare+0x473/0xad0 [ 1024.183883][T14648] ? __pfx_ksys_unshare+0x10/0x10 [ 1024.183924][T14648] __x64_sys_unshare+0x31/0x40 [ 1024.183955][T14648] do_syscall_64+0x106/0xf80 [ 1024.183983][T14648] ? clear_bhb_loop+0x40/0x90 [ 1024.184025][T14648] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1024.184049][T14648] RIP: 0033:0x7fb5f5b9c799 [ 1024.184068][T14648] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1024.184091][T14648] RSP: 002b:00007fb5f6b43028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 1024.184112][T14648] RAX: ffffffffffffffda RBX: 00007fb5f5e15fa0 RCX: 00007fb5f5b9c799 [ 1024.184128][T14648] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 1024.184142][T14648] RBP: 00007fb5f5c32c99 R08: 0000000000000000 R09: 0000000000000000 [ 1024.184156][T14648] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1024.184171][T14648] R13: 00007fb5f5e16038 R14: 00007fb5f5e15fa0 R15: 00007fff40d96958 [ 1024.184200][T14648] [ 1032.134538][T13169] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 1034.307661][T14711] can: request_module (can-proto-0) failed. [ 1034.484469][ T7197] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 1034.492841][ T7197] Bluetooth: hci0: Invalid handle: 0x3a4a > 0x0eff [ 1034.845626][ T7197] Bluetooth: hci1: command 0x0406 tx timeout [ 1035.230016][T14690] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1035.240450][T14690] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1035.409247][T14690] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1035.436310][T14690] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1037.245460][ T7197] Bluetooth: hci0: command 0x0406 tx timeout [ 1037.252592][T13169] Bluetooth: hci1: command 0x0406 tx timeout [ 1037.502873][ T7197] Bluetooth: hci3: command 0x0406 tx timeout [ 1037.508971][T13169] Bluetooth: hci2: command 0x0406 tx timeout [ 1039.097033][ T30] audit: type=1804 audit(1773294657.175:17): pid=14735 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.1818" name="/newroot/464/file0" dev="tmpfs" ino=2440 res=1 errno=0 [ 1039.291830][ T30] audit: type=1804 audit(1773294657.215:18): pid=14736 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.1818" name="/newroot/464/file0" dev="tmpfs" ino=2440 res=1 errno=0 [ 1040.995341][T14752] FAULT_INJECTION: forcing a failure. [ 1040.995341][T14752] name fail_futex, interval 1, probability 0, space 0, times 0 [ 1041.088595][T14752] CPU: 0 UID: 0 PID: 14752 Comm: syz.2.1821 Tainted: G L syzkaller #0 PREEMPT(full) [ 1041.088629][T14752] Tainted: [L]=SOFTLOCKUP [ 1041.088636][T14752] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 1041.088648][T14752] Call Trace: [ 1041.088662][T14752] [ 1041.088670][T14752] dump_stack_lvl+0x100/0x190 [ 1041.088709][T14752] should_fail_ex.cold+0x5/0xa [ 1041.088734][T14752] get_futex_key+0x1d2/0x1620 [ 1041.088762][T14752] ? __pfx_get_futex_key+0x10/0x10 [ 1041.088795][T14752] futex_wake+0xea/0x530 [ 1041.088828][T14752] ? __pfx_futex_wake+0x10/0x10 [ 1041.088862][T14752] ? putname+0xb1/0x110 [ 1041.088882][T14752] ? kmem_cache_free+0x124/0x6a0 [ 1041.088915][T14752] do_futex+0x32b/0x350 [ 1041.088941][T14752] ? __pfx_do_futex+0x10/0x10 [ 1041.088966][T14752] ? __pfx_do_sys_openat2+0x10/0x10 [ 1041.088994][T14752] ? __pfx_idempotent_init_module+0x10/0x10 [ 1041.089023][T14752] __x64_sys_futex+0x34f/0x4d0 [ 1041.089051][T14752] ? __x64_sys_openat+0x12d/0x210 [ 1041.089079][T14752] ? __pfx___x64_sys_futex+0x10/0x10 [ 1041.089115][T14752] do_syscall_64+0x106/0xf80 [ 1041.089140][T14752] ? clear_bhb_loop+0x40/0x90 [ 1041.089165][T14752] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1041.089186][T14752] RIP: 0033:0x7fb5f5b9c799 [ 1041.089204][T14752] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1041.089224][T14752] RSP: 002b:00007fb5f6b220e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1041.089243][T14752] RAX: ffffffffffffffda RBX: 00007fb5f5e16098 RCX: 00007fb5f5b9c799 [ 1041.089257][T14752] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fb5f5e1609c [ 1041.089270][T14752] RBP: 00007fb5f5e16090 R08: 0000000000000000 R09: 0000000000000000 [ 1041.089282][T14752] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000000 [ 1041.089294][T14752] R13: 00007fb5f5e16128 R14: 00007fff40d96870 R15: 00007fff40d96958 [ 1041.089320][T14752] [ 1041.675721][T14751] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1041.708261][T14751] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1041.714329][T14751] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1041.790464][T14751] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1043.534921][T14771] FAULT_INJECTION: forcing a failure. [ 1043.534921][T14771] name failslab, interval 1, probability 0, space 0, times 0 [ 1043.638569][T14771] CPU: 0 UID: 0 PID: 14771 Comm: syz.3.1826 Tainted: G L syzkaller #0 PREEMPT(full) [ 1043.638606][T14771] Tainted: [L]=SOFTLOCKUP [ 1043.638614][T14771] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 1043.638628][T14771] Call Trace: [ 1043.638635][T14771] [ 1043.638644][T14771] dump_stack_lvl+0x100/0x190 [ 1043.638684][T14771] should_fail_ex.cold+0x5/0xa [ 1043.638711][T14771] should_failslab+0xc2/0x120 [ 1043.638736][T14771] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 1043.638771][T14771] ? __proc_create+0x2cb/0x8c0 [ 1043.638814][T14771] __proc_create+0x2cb/0x8c0 [ 1043.638852][T14771] ? __pfx___proc_create+0x10/0x10 [ 1043.638889][T14771] ? proc_register+0x554/0x8a0 [ 1043.638914][T14771] ? _raw_write_unlock+0x28/0x50 [ 1043.638945][T14771] proc_create_reg+0x75/0x170 [ 1043.638969][T14771] proc_create_net_data+0x8e/0x1c0 [ 1043.639009][T14771] ? __pfx_proc_create_net_data+0x10/0x10 [ 1043.639048][T14771] ? __pfx_proc_create_net_data+0x10/0x10 [ 1043.639086][T14771] ? __pfx_uevent_net_rcv+0x10/0x10 [ 1043.639125][T14771] ? __pfx_dev_proc_net_init+0x10/0x10 [ 1043.639151][T14771] dev_proc_net_init+0x5e/0x230 [ 1043.639176][T14771] ops_init+0x1e2/0x5f0 [ 1043.639209][T14771] setup_net+0x118/0x3a0 [ 1043.639240][T14771] ? __pfx_setup_net+0x10/0x10 [ 1043.639269][T14771] ? lockdep_init_map_type+0x5c/0x250 [ 1043.639301][T14771] ? mutex_init_lockep+0x110/0x150 [ 1043.639349][T14771] copy_net_ns+0x46f/0x7c0 [ 1043.639382][T14771] create_new_namespaces+0x3ea/0xac0 [ 1043.639411][T14771] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 1043.639437][T14771] ksys_unshare+0x473/0xad0 [ 1043.639466][T14771] ? __pfx_ksys_unshare+0x10/0x10 [ 1043.639517][T14771] __x64_sys_unshare+0x31/0x40 [ 1043.639544][T14771] do_syscall_64+0x106/0xf80 [ 1043.639573][T14771] ? clear_bhb_loop+0x40/0x90 [ 1043.639601][T14771] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1043.639623][T14771] RIP: 0033:0x7fb516f9c799 [ 1043.639642][T14771] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1043.639663][T14771] RSP: 002b:00007fb517e55028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 1043.639684][T14771] RAX: ffffffffffffffda RBX: 00007fb517215fa0 RCX: 00007fb516f9c799 [ 1043.639698][T14771] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 1043.639711][T14771] RBP: 00007fb517032c99 R08: 0000000000000000 R09: 0000000000000000 [ 1043.639724][T14771] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1043.639737][T14771] R13: 00007fb517216038 R14: 00007fb517215fa0 R15: 00007ffebd199118 [ 1043.639765][T14771] [ 1044.003018][T14774] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1044.012661][T14774] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1044.260751][T14779] i2c i2c-0: dvb_frontend_start: failed to start kthread (-4) [ 1044.286936][T13169] Bluetooth: hci2: command 0x0406 tx timeout [ 1044.293770][T13169] Bluetooth: hci0: command 0x0406 tx timeout [ 1044.300781][T13169] Bluetooth: hci1: command 0x0406 tx timeout [ 1044.309249][T13169] Bluetooth: hci3: command 0x0406 tx timeout [ 1044.809433][T14775] ================================================================== [ 1044.817587][T14775] BUG: KASAN: slab-use-after-free in dvb_frontend_release+0x4f3/0x5d0 [ 1044.825891][T14775] Read of size 4 at addr ffff88802ceeac3c by task syz.0.1828/14775 [ 1044.833783][T14775] [ 1044.836120][T14775] CPU: 0 UID: 0 PID: 14775 Comm: syz.0.1828 Tainted: G L syzkaller #0 PREEMPT(full) [ 1044.836152][T14775] Tainted: [L]=SOFTLOCKUP [ 1044.836160][T14775] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 1044.836173][T14775] Call Trace: [ 1044.836181][T14775] [ 1044.836189][T14775] dump_stack_lvl+0x100/0x190 [ 1044.836223][T14775] print_report+0x156/0x4c9 [ 1044.836255][T14775] ? __virt_addr_valid+0x81/0x620 [ 1044.836300][T14775] ? __phys_addr+0xe8/0x180 [ 1044.836328][T14775] ? dvb_frontend_release+0x4f3/0x5d0 [ 1044.836356][T14775] kasan_report+0xdf/0x1e0 [ 1044.836379][T14775] ? dvb_frontend_release+0x4f3/0x5d0 [ 1044.836411][T14775] dvb_frontend_release+0x4f3/0x5d0 [ 1044.836439][T14775] ? __pfx_dvb_frontend_release+0x10/0x10 [ 1044.836469][T14775] __fput+0x3ff/0xb40 [ 1044.836497][T14775] task_work_run+0x150/0x240 [ 1044.836530][T14775] ? __pfx_task_work_run+0x10/0x10 [ 1044.836566][T14775] exit_to_user_mode_loop+0x100/0x4a0 [ 1044.836596][T14775] do_syscall_64+0x668/0xf80 [ 1044.836624][T14775] ? clear_bhb_loop+0x40/0x90 [ 1044.836649][T14775] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1044.836673][T14775] RIP: 0033:0x7efdcd59c799 [ 1044.836691][T14775] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1044.836713][T14775] RSP: 002b:00007ffc6ccfba68 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 1044.836734][T14775] RAX: 0000000000000000 RBX: 00007efdcd817da0 RCX: 00007efdcd59c799 [ 1044.836749][T14775] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 1044.836763][T14775] RBP: 00007efdcd817da0 R08: 0000000000000006 R09: 0000000000000000 [ 1044.836777][T14775] R10: 00007efdcd817cb0 R11: 0000000000000246 R12: 00000000000ff05f [ 1044.836791][T14775] R13: 00007efdcd81609c R14: 00000000000feddf R15: 00007efdcd816090 [ 1044.836813][T14775] [ 1044.836821][T14775] [ 1045.024661][T14775] Allocated by task 1: [ 1045.028729][T14775] kasan_save_stack+0x30/0x50 [ 1045.033444][T14775] kasan_save_track+0x14/0x30 [ 1045.038133][T14775] __kasan_kmalloc+0xaa/0xb0 [ 1045.042749][T14775] dvb_register_device+0x1d6/0x1e20 [ 1045.047955][T14775] dvb_register_frontend+0x5a8/0x8a0 [ 1045.053240][T14775] vidtv_bridge_probe+0x44b/0xa30 [ 1045.058278][T14775] platform_probe+0x106/0x1d0 [ 1045.062961][T14775] really_probe+0x241/0xa60 [ 1045.067491][T14775] __driver_probe_device+0x1de/0x400 [ 1045.072801][T14775] driver_probe_device+0x4c/0x1b0 [ 1045.077835][T14775] __driver_attach+0x217/0x5c0 [ 1045.082616][T14775] bus_for_each_dev+0x13e/0x1d0 [ 1045.087491][T14775] bus_add_driver+0x305/0x5b0 [ 1045.092179][T14775] driver_register+0x1e2/0x360 [ 1045.096965][T14775] vidtv_bridge_init+0x38/0x70 [ 1045.101836][T14775] do_one_initcall+0x11d/0x760 [ 1045.106624][T14775] kernel_init_freeable+0x6e5/0x7a0 [ 1045.111873][T14775] kernel_init+0x1f/0x1e0 [ 1045.116231][T14775] ret_from_fork+0x754/0xd80 [ 1045.120836][T14775] ret_from_fork_asm+0x1a/0x30 [ 1045.125601][T14775] [ 1045.127918][T14775] Freed by task 14775: [ 1045.131975][T14775] kasan_save_stack+0x30/0x50 [ 1045.136664][T14775] kasan_save_track+0x14/0x30 [ 1045.141366][T14775] kasan_save_free_info+0x3b/0x70 [ 1045.146447][T14775] __kasan_slab_free+0x5f/0x80 [ 1045.151214][T14775] kfree+0x1f6/0x6b0 [ 1045.155122][T14775] dvb_device_put.part.0+0x57/0x90 [ 1045.160243][T14775] dvb_generic_release+0xe2/0x160 [ 1045.165282][T14775] dvb_frontend_release+0x13d/0x5d0 [ 1045.170519][T14775] __fput+0x3ff/0xb40 [ 1045.174502][T14775] task_work_run+0x150/0x240 [ 1045.179108][T14775] exit_to_user_mode_loop+0x100/0x4a0 [ 1045.184506][T14775] do_syscall_64+0x668/0xf80 [ 1045.189113][T14775] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1045.195030][T14775] [ 1045.197364][T14775] The buggy address belongs to the object at ffff88802ceeac00 [ 1045.197364][T14775] which belongs to the cache kmalloc-256 of size 256 [ 1045.211421][T14775] The buggy address is located 60 bytes inside of [ 1045.211421][T14775] freed 256-byte region [ffff88802ceeac00, ffff88802ceead00) [ 1045.225164][T14775] [ 1045.227487][T14775] The buggy address belongs to the physical page: [ 1045.233895][T14775] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2ceea [ 1045.242658][T14775] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 1045.251163][T14775] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 1045.258710][T14775] page_type: f5(slab) [ 1045.262717][T14775] raw: 00fff00000000040 ffff88813fe3cb40 dead000000000122 0000000000000000 [ 1045.271307][T14775] raw: 0000000000000000 0000000800100010 00000000f5000000 0000000000000000 [ 1045.279894][T14775] head: 00fff00000000040 ffff88813fe3cb40 dead000000000122 0000000000000000 [ 1045.288584][T14775] head: 0000000000000000 0000000800100010 00000000f5000000 0000000000000000 [ 1045.297278][T14775] head: 00fff00000000001 ffffea0000b3ba81 00000000ffffffff 00000000ffffffff [ 1045.305953][T14775] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 1045.314620][T14775] page dumped because: kasan: bad access detected [ 1045.321039][T14775] page_owner tracks the page as allocated [ 1045.326751][T14775] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 18106136965, free_ts 0 [ 1045.346467][T14775] post_alloc_hook+0x153/0x170 [ 1045.351259][T14775] get_page_from_freelist+0x111d/0x3140 [ 1045.356817][T14775] __alloc_frozen_pages_noprof+0x27c/0x2ba0 [ 1045.362730][T14775] new_slab+0xa6/0x6c0 [ 1045.366820][T14775] refill_objects+0x26b/0x400 [ 1045.371504][T14775] __pcs_replace_empty_main+0x1ab/0x600 [ 1045.377077][T14775] __kmalloc_cache_noprof+0x493/0x6f0 [ 1045.382479][T14775] bus_add_driver+0x92/0x5b0 [ 1045.387081][T14775] driver_register+0x1e2/0x360 [ 1045.391879][T14775] usb_register_driver+0x21c/0x3e0 [ 1045.397091][T14775] do_one_initcall+0x11d/0x760 [ 1045.401866][T14775] kernel_init_freeable+0x6e5/0x7a0 [ 1045.407079][T14775] kernel_init+0x1f/0x1e0 [ 1045.411416][T14775] ret_from_fork+0x754/0xd80 [ 1045.416015][T14775] ret_from_fork_asm+0x1a/0x30 [ 1045.420801][T14775] page_owner free stack trace missing [ 1045.426179][T14775] [ 1045.428500][T14775] Memory state around the buggy address: [ 1045.434128][T14775] ffff88802ceeab00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1045.442214][T14775] ffff88802ceeab80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1045.450298][T14775] >ffff88802ceeac00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1045.458349][T14775] ^ [ 1045.464254][T14775] ffff88802ceeac80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1045.472335][T14775] ffff88802ceead00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1045.480390][T14775] ================================================================== [ 1047.675673][T14775] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 1047.682922][T14775] CPU: 0 UID: 0 PID: 14775 Comm: syz.0.1828 Tainted: G L syzkaller #0 PREEMPT(full) [ 1047.693899][T14775] Tainted: [L]=SOFTLOCKUP [ 1047.698237][T14775] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 1047.708290][T14775] Call Trace: [ 1047.711569][T14775] [ 1047.714503][T14775] dump_stack_lvl+0x100/0x190 [ 1047.719201][T14775] vpanic+0x552/0x970 [ 1047.723193][T14775] ? __pfx_vpanic+0x10/0x10 [ 1047.727702][T14775] ? dvb_frontend_release+0x4f3/0x5d0 [ 1047.733083][T14775] panic+0xd1/0xe0 [ 1047.736815][T14775] ? __pfx_panic+0x10/0x10 [ 1047.741232][T14775] ? dvb_frontend_release+0x4f3/0x5d0 [ 1047.746616][T14775] ? preempt_schedule_common+0x42/0xc0 [ 1047.752092][T14775] ? check_panic_on_warn+0x1f/0x90 [ 1047.757226][T14775] check_panic_on_warn.cold+0x19/0x34 [ 1047.762606][T14775] end_report.part.0+0x3a/0x90 [ 1047.767381][T14775] kasan_report.cold+0xe/0x18 [ 1047.772074][T14775] ? dvb_frontend_release+0x4f3/0x5d0 [ 1047.777497][T14775] dvb_frontend_release+0x4f3/0x5d0 [ 1047.782706][T14775] ? __pfx_dvb_frontend_release+0x10/0x10 [ 1047.788435][T14775] __fput+0x3ff/0xb40 [ 1047.792432][T14775] task_work_run+0x150/0x240 [ 1047.797042][T14775] ? __pfx_task_work_run+0x10/0x10 [ 1047.802183][T14775] exit_to_user_mode_loop+0x100/0x4a0 [ 1047.807585][T14775] do_syscall_64+0x668/0xf80 [ 1047.812187][T14775] ? clear_bhb_loop+0x40/0x90 [ 1047.816872][T14775] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1047.822796][T14775] RIP: 0033:0x7efdcd59c799 [ 1047.827228][T14775] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1047.846858][T14775] RSP: 002b:00007ffc6ccfba68 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 1047.855292][T14775] RAX: 0000000000000000 RBX: 00007efdcd817da0 RCX: 00007efdcd59c799 [ 1047.863281][T14775] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 1047.871269][T14775] RBP: 00007efdcd817da0 R08: 0000000000000006 R09: 0000000000000000 [ 1047.879242][T14775] R10: 00007efdcd817cb0 R11: 0000000000000246 R12: 00000000000ff05f [ 1047.887216][T14775] R13: 00007efdcd81609c R14: 00000000000feddf R15: 00007efdcd816090 [ 1047.895197][T14775] [ 1047.898318][T14775] Kernel Offset: disabled [ 1047.902649][T14775] Rebooting in 86400 seconds..