last executing test programs: 7m27.996963004s ago: executing program 32 (id=3007): mmap$auto(0x0, 0x8, 0x62a6, 0x9b72, 0x2, 0x8000) r0 = pidfd_open$auto(0x1, 0x0) setns(r0, 0x60020000) getcwd$auto(0x0, 0xffffffffffffffff) mount_setattr$auto(0x5, 0x0, 0x0, &(0x7f0000000640)={0x1, 0x80, 0x100000}, 0x283) 3m21.037278209s ago: executing program 33 (id=5415): close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) read$auto_proc_reg_file_ops_compat_inode(0xffffffffffffffff, 0x0, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) rt_sigaction$auto(0x1, &(0x7f00000001c0)={&(0x7f0000000080)=0x0, 0x7ffffffffffffffb, 0x0, {0x5}}, 0x0, 0x8) bind$auto(0xffffffffffffffff, &(0x7f0000000080)=@in={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x32}}, 0x6b) r0 = gettid() rt_sigqueueinfo$auto(r0, 0x1, 0x0) 2m46.495231729s ago: executing program 3 (id=5681): close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0xc) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x181100, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r1) ioctl$auto_KVM_GET_MSRS(r0, 0x4008ae89, &(0x7f0000000040)={0x2, 0x0, [{0x49, 0x400, 0x2}]}) 2m46.171137185s ago: executing program 3 (id=5685): mknod$auto(&(0x7f0000000040)='\xfd\x90\x8f2\x14\x92\x00\xbf\xdf\xcf\x9a\xae}\xd9\xf95\xc5gV\x82\f\xe5h\xfe\x83\xe4\xbe\x8c\x1f\xa5\xf1_T\xde\xf7\xd4\x83D\x9eXS\xd6\x90T\xc1v\xad#\xc4q\x8b\xed2\xadW:0\xef\x9c.=\xba\x0fy\x8f\xcd\xd6\xde\xa9i\xec\xe8\xca\x9f\xf3\x82b\xa2y\xa87J\xfc \xc5\xd8\x80\xba\xaaV\x8f{\x1f\x1b\xb0\n\x97\\\xa7\xe3\xdf\xc29-*;#r\xc8\xd1\x14RcF\x87\xe4\x1c\x1fGL\xa5\x19\x90\xd6\x8d*\xe6\b(\x1a\xea\x95\xdc\xa6)5\xae&yAl\x1e\xe3j Lp\x91\r\xed%\xafZ\xf8w\xf2}\xcdGS\xce\xb9\xdck\x86\x00.6\xe6{\xc1\x00\x1bW5\x81\xda!\xcb.O\xa9\xf3\xa7\x88+\xb9\xf3\x9a7\xa4\xe6)<\xa79\xa4\x87\\\xb4\xbf\v\x03\x87\xac\x87r\x02\x05\xdb\xe4\xde,V\xb6G\xba.WR\xe2<~\xdd\xb2\xe53hj_;\xa5qm\x92\xc7P\xc9.\x82w8\x1f\xfcX\xe4\x14\xc72cC\xd3\x00'/263, 0x1, 0x4) close_range$auto(0x2, 0xa, 0x0) socket(0xa, 0x5, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket(0x2, 0x801, 0x100) sendmsg$auto_IOAM6_CMD_NS_SET_SCHEMA(r0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x44010}, 0x20000054) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'bridge_slave_0\x00', 0x0}) bpf$auto(0x0, &(0x7f0000000100)=@bpf_attr_5={@target_ifindex=r1, r0, 0x9c, 0x0, 0x1, @relative_fd, 0x5}, 0x96) 2m45.762563596s ago: executing program 3 (id=5687): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0xa, 0x5, 0x0) madvise$auto(0x0, 0xffffffffffff0001, 0x15) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x48000}, 0x0) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(0x2, 0x0, &(0x7f0000000000), 0x3) madvise$auto(0x0, 0x2003f0, 0x15) 2m45.293670861s ago: executing program 0 (id=5688): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0xa, 0x0) socket(0x18, 0xa, 0x1) socket(0xa, 0x2, 0x0) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "ab06fdffff00fff500"}, 0x55) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) r0 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) write$auto(r0, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) 2m44.277656436s ago: executing program 0 (id=5695): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mtdblock0\x00', 0x14f602, 0x0) mmap$auto(0x0, 0x400008, 0xe3, 0xbb72, 0x2, 0x8000) r1 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x0, 0x4, 0x14000000000df, 0x40eb2, r1, 0x300000000000) fsconfig$auto_FSCONFIG_SET_FLAG(r0, 0x0, 0x0, &(0x7f00000000c0), 0x10201) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = openat$auto_vcs_fops_vc_screen(0xffffffffffffff9c, 0x0, 0x101041, 0x0) write$auto(r2, 0x0, 0x3) write$auto(0x3, 0x0, 0x100082) 2m43.743731967s ago: executing program 0 (id=5696): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) unshare$auto(0x40000080) close_range$auto(0x2, 0x8, 0x0) openat$auto_mousedev_fops_mousedev(0xffffffffffffff9c, &(0x7f0000000080)='/dev/psaux\x00', 0x2, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/net/ipv4/udp_early_demux\x00', 0x28802, 0x0) read$auto(0x3, 0x0, 0x80) r0 = openat$auto_nsim_pp_hold_fops_netdev(0xffffffffffffff9c, &(0x7f0000000600)='/sys/kernel/debug/netdevsim/netdevsim1/ports/0/pp_hold\x00', 0xc0b02, 0x0) write$auto(r0, 0x0, 0xc70) 2m43.743509545s ago: executing program 3 (id=5700): close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0xc) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r1) ioctl$auto_KVM_GET_MSRS(r0, 0xc008ae88, &(0x7f0000000080)={0x2, 0x0, [{0x40000023, 0x400, 0x9}]}) 2m43.621410795s ago: executing program 3 (id=5701): r0 = openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/stat\x00', 0x40440, 0x0) read$auto_proc_single_file_operations_base(r0, &(0x7f0000000040)=""/9, 0x9) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_NFSD_CMD_VERSION_SET(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)={0x20, r3, 0x1, 0x70bd2a, 0x25dfdbfc, {}, [@NFSD_A_SERVER_PROTO_VERSION={0xc, 0x1, 0x0, 0x1, [@NFSD_A_VERSION_MAJOR={0x8, 0x1, 0x1}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x40000) r4 = openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/config/nvmet/discovery_nqn\x00', 0x189002, 0x0) writev$auto(r4, &(0x7f0000000080)={&(0x7f0000000280)='{', 0x107}, 0x4) sendmsg$auto_NFSD_CMD_THREADS_GET(r1, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x14, r3, 0x340, 0x70bd26, 0x25dfdbff, {}, ["", "", "", "", "", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x8080}, 0x20048805) 2m43.427397462s ago: executing program 3 (id=5703): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000002f00), 0xffffffffffffffff) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) io_uring_setup$auto(0x2, 0x0) close_range$auto(0x2, 0x8000, 0x0) socket(0xa, 0x2, 0x88) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NFSD_CMD_LISTENER_SET(r0, &(0x7f0000005380)={0x0, 0x0, &(0x7f0000005340)={&(0x7f0000000000)={0x14, r1, 0x1, 0x870bd2b, 0x25dfdc00}, 0x14}, 0x1, 0x0, 0x0, 0xc000}, 0x20000000) 2m43.037947304s ago: executing program 0 (id=5705): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x143c40, 0x0) mmap$auto(0x0, 0x2020008, 0x3, 0xeb1, 0xfffffffffffffffa, 0x7ffe) syz_clone(0xa08000, 0x0, 0xfffffffffffffd59, 0x0, 0x0, 0x0) openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, 0x0, 0x28082, 0x0) madvise$auto(0x0, 0xfffffffffffefffd, 0x17) madvise$auto(0x0, 0x20499d, 0x9) syz_genetlink_get_family_id$auto_nl802154(0x0, 0xffffffffffffffff) 2m42.458261592s ago: executing program 0 (id=5710): socket(0x15, 0x5, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/block/ram9/diskseq\x00', 0x20000, 0x0) read$auto(r1, 0x0, 0x20) writev$auto(r0, &(0x7f0000000200)={0x0, 0x3}, 0x3) accept$auto(r1, 0x0, 0x0) connect$auto(0x3, 0x0, 0x54) fcntl$auto(0x3, 0x4, 0xa553) 2m42.308554071s ago: executing program 0 (id=5712): r0 = openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/stat\x00', 0x40440, 0x0) read$auto_proc_single_file_operations_base(r0, &(0x7f0000000040)=""/9, 0x9) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_NFSD_CMD_VERSION_SET(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)={0x20, r3, 0x1, 0x70bd2a, 0x25dfdbfc, {}, [@NFSD_A_SERVER_PROTO_VERSION={0xc, 0x1, 0x0, 0x1, [@NFSD_A_VERSION_MAJOR={0x8, 0x1, 0x1}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x40000) r4 = openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/config/nvmet/discovery_nqn\x00', 0x189002, 0x0) writev$auto(r4, &(0x7f0000000080)={&(0x7f0000000280)='{', 0x107}, 0x4) sendmsg$auto_NFSD_CMD_THREADS_GET(r1, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x14, r3, 0x340, 0x70bd26, 0x25dfdbff, {}, ["", "", "", "", "", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x8080}, 0x20048805) 2m27.987121276s ago: executing program 34 (id=5703): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000002f00), 0xffffffffffffffff) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) io_uring_setup$auto(0x2, 0x0) close_range$auto(0x2, 0x8000, 0x0) socket(0xa, 0x2, 0x88) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NFSD_CMD_LISTENER_SET(r0, &(0x7f0000005380)={0x0, 0x0, &(0x7f0000005340)={&(0x7f0000000000)={0x14, r1, 0x1, 0x870bd2b, 0x25dfdc00}, 0x14}, 0x1, 0x0, 0x0, 0xc000}, 0x20000000) 2m27.268713121s ago: executing program 35 (id=5712): r0 = openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/stat\x00', 0x40440, 0x0) read$auto_proc_single_file_operations_base(r0, &(0x7f0000000040)=""/9, 0x9) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_NFSD_CMD_VERSION_SET(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)={0x20, r3, 0x1, 0x70bd2a, 0x25dfdbfc, {}, [@NFSD_A_SERVER_PROTO_VERSION={0xc, 0x1, 0x0, 0x1, [@NFSD_A_VERSION_MAJOR={0x8, 0x1, 0x1}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x40000) r4 = openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/config/nvmet/discovery_nqn\x00', 0x189002, 0x0) writev$auto(r4, &(0x7f0000000080)={&(0x7f0000000280)='{', 0x107}, 0x4) sendmsg$auto_NFSD_CMD_THREADS_GET(r1, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x14, r3, 0x340, 0x70bd26, 0x25dfdbff, {}, ["", "", "", "", "", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x8080}, 0x20048805) 2m4.36652997s ago: executing program 5 (id=5859): syz_genetlink_get_family_id$auto_macsec(0x0, 0xffffffffffffffff) r0 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x0, 0xffffffffffffefff, 0x4000000000002) fanotify_init$auto(0x5, 0x2) open(&(0x7f0000000000)='./file0\x00', 0x7ffd, 0x10c) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r1) mmap$auto(0x0, 0x580f, 0xffb, 0x8000000008011, r0, 0x0) 2m3.820517906s ago: executing program 5 (id=5863): r0 = open(&(0x7f0000000000)='./file0\x00', 0x261c2, 0x84) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0xa, 0x0) r1 = socket(0xa, 0x2, 0x88) socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000280)={'vcan0\x00', 0x0}) bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_5={@target_ifindex=r3, r2, 0x4, 0x1ff, r1, @relative_id=0x13, 0xe600}, 0xf) bpf$auto(0x2, &(0x7f00000001c0)=@raw_tracepoint={0x5, r0, 0x0, 0x3}, 0xc) 2m3.52106332s ago: executing program 5 (id=5864): close_range$auto(0x0, 0xfffffffffffff000, 0x2) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) r0 = openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000040), 0x200, 0x0) r1 = open(&(0x7f0000000480)='./cgroup.cpu/cgroup.procs\x00', 0x80842, 0x20) read$auto(r1, 0x0, 0x1) ioctl$auto_IOCTL_VMCI_VERSION2(r0, 0x7a7, 0x0) ioctl$auto_IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, 0x6) r2 = epoll_create$auto(0x3e) epoll_ctl$auto(r2, 0x1, 0x8000000000000000, 0x0) 2m3.300432451s ago: executing program 5 (id=5867): socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_debugfs_full_proxy_file_operations_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/ieee80211/phy1/netdev:wlan1/txpower\x00', 0x0, 0x0) io_uring_setup$auto(0x6, 0x0) socket(0x11, 0x80003, 0x300) r0 = openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000001c80)='/dev/fb0\x00', 0x20401, 0x0) r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/mtrr\x00', 0xc0000, 0x0) ioctl$auto(r1, 0x2, 0x9) ioctl$auto(r0, 0x4604, r0) 2m3.076259911s ago: executing program 5 (id=5869): prctl$auto(0x4, 0x828, 0x0, 0x9, 0x7056) openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, 0x0, 0x1541, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x10004) socket(0x2, 0x3, 0x100) rseq$auto(&(0x7f0000000300)={0xe, 0x401, 0x0, 0x6, 0xffffffff, 0x2}, 0x8000, 0x0, 0x6) modify_ldt$auto(0x0, 0x0, 0xfffffffffffffffb) mkdir$auto(&(0x7f0000000100)='}[,&*}\x00', 0x8001) mount$auto(0x0, &(0x7f0000000100)='}[,&*}\x00', &(0x7f0000000140)='nfsd\x00', 0x10001, 0x0) 2m2.596927437s ago: executing program 5 (id=5881): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) getrandom$auto(0x0, 0x6000000, 0x3) r0 = socket(0x29, 0x2, 0x0) r1 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200", @ANYBLOB="5de1"], 0x1ac}}, 0x40000) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) recvmmsg$auto(r1, &(0x7f0000000040)={{0x0, 0x5, 0x0, 0x5, 0x0, 0x200002, 0x13}, 0x803}, 0xfffffff9, 0x10, 0x0) ioctl$auto(r0, 0x8913, 0x24) 1m47.449609613s ago: executing program 36 (id=5881): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) getrandom$auto(0x0, 0x6000000, 0x3) r0 = socket(0x29, 0x2, 0x0) r1 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200", @ANYBLOB="5de1"], 0x1ac}}, 0x40000) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) recvmmsg$auto(r1, &(0x7f0000000040)={{0x0, 0x5, 0x0, 0x5, 0x0, 0x200002, 0x13}, 0x803}, 0xfffffff9, 0x10, 0x0) ioctl$auto(r0, 0x8913, 0x24) 1m47.406358646s ago: executing program 7 (id=5906): r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) close_range$auto(0x2, 0x8, 0x0) socket(0x80000000000000a, 0x2, 0x0) socket(0xa, 0x801, 0x84) shutdown$auto(0x200000003, 0x2) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) recvmmsg$auto(0x3, 0x0, 0x10400, 0x3, 0x0) 1m46.198038276s ago: executing program 7 (id=5903): close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0xc) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r1) ioctl$auto_KVM_GET_MSRS(r0, 0xc008ae88, &(0x7f0000000080)={0x2, 0x0, [{0x3b, 0x400, 0x9}]}) 1m45.759437522s ago: executing program 7 (id=5904): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/cgroup.subtree_control\x00', 0x142, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000140)=ANY=[@ANYBLOB='l\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="24051c27c100dedbdf250307cc0008000200", @ANYRES32=0x0, @ANYBLOB="060007000080000006000700050000000a00050000000000000000000a00010000000000000000000a0001000000000000000000060006000d00000006"], 0x6c}}, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x4044040}, 0x24008890) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x100) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="13"], 0x1ac}}, 0x4004) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 1m45.364401586s ago: executing program 7 (id=5908): close_range$auto(0x0, 0x5, 0x0) socket(0x23, 0x80805, 0x0) socket(0x10, 0x2, 0x0) epoll_create$auto(0x3e) mknod$auto(&(0x7f0000000180)=':,\x00', 0xcb, 0xfffffffa) execve$auto(&(0x7f0000000000)=':,\x00', 0x0, 0x0) socket(0x2, 0x1, 0x106) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0xffff, @dev={0xac, 0x14, 0x14, 0xb}}, 0x6a) listen$auto(0x3, 0x81) 1m45.241989941s ago: executing program 7 (id=5909): mmap$auto(0x0, 0x40009, 0xe2, 0x9b72, 0x7, 0x28000) close_range$auto(0x2, 0xa, 0x0) r0 = socket(0x2, 0x3, 0x6) lsm_list_modules$auto(0x0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) open(&(0x7f0000000040)='./file0\x00', 0x8643, 0x15e) ioctl$sock_SIOCGIFINDEX(r0, 0x401c5820, 0x0) rename$auto(&(0x7f0000000480)='./file0\x00', 0x0) 1m45.044410577s ago: executing program 7 (id=5910): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = socket(0xa, 0x1, 0x84) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0xa, 0x100073) r1 = socket(0x2, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) sendmmsg$auto(r1, &(0x7f0000000200)={{&(0x7f0000000040), 0x10, &(0x7f0000000140)={0x0, 0x1a000}, 0x7, 0x0, 0x2, 0xb}, 0xfff}, 0x3, 0x0) io_uring_setup$auto(0x200, 0x0) getsockopt$auto(r0, 0x84, 0x1b, 0x0, 0x0) 1m29.960243807s ago: executing program 37 (id=5910): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = socket(0xa, 0x1, 0x84) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0xa, 0x100073) r1 = socket(0x2, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) sendmmsg$auto(r1, &(0x7f0000000200)={{&(0x7f0000000040), 0x10, &(0x7f0000000140)={0x0, 0x1a000}, 0x7, 0x0, 0x2, 0xb}, 0xfff}, 0x3, 0x0) io_uring_setup$auto(0x200, 0x0) getsockopt$auto(r0, 0x84, 0x1b, 0x0, 0x0) 57.29583386s ago: executing program 8 (id=6142): r0 = socket(0xa, 0x5, 0x84) mmap$auto(0x0, 0x400, 0xdf, 0xeb1, 0x1272, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0x2, 0x1, 0x84) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) setsockopt$auto(0x3, 0x10000000084, 0x81, 0x0, 0x8) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) setsockopt$auto(r0, 0x10000000084, 0x23, 0x0, 0x8) 56.149226806s ago: executing program 8 (id=6145): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0x6, 0x0) close_range$auto(0x2, 0x8, 0x0) memfd_secret$auto(0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) write$auto(0x3, 0x0, 0xfffffdef) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) mmap$auto(0x0, 0x5, 0x2, 0x40eb2, 0xffffffffffffffff, 0x300000000000) io_uring_setup$auto(0x6, 0x0) close_range$auto(0x2, 0xffffffffffffffff, 0x0) 55.273335139s ago: executing program 8 (id=6149): mmap$auto(0x0, 0x40006, 0xdf, 0x9b72, 0x7, 0x28000) r0 = open(&(0x7f0000000100)='.\x00', 0x40000, 0x0) getdents64$auto(r0, 0x0, 0x400) close_range$auto(0x0, 0xfffffffffffff000, 0x2) r1 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x0, 0xfffffffffffff000, 0x2) landlock_create_ruleset$auto(&(0x7f0000000000)={0x6, 0x400, 0x7}, 0x9, 0x0) landlock_add_rule$auto(r1, 0x1, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) 54.764020479s ago: executing program 8 (id=6153): socket(0x10, 0x2, 0x4) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000180)='/proc/fs/cifs/smbd_max_fragmented_recv_size\x00', 0x300, 0x0) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) socketpair$auto(0x1, 0x6, 0x8000000000000000, 0x0) mincore$auto(0x1000, 0x8001, 0x0) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) r0 = socket(0xa, 0x801, 0x84) getsockopt$auto(r0, 0x84, 0xc, 0x0, 0x0) r1 = openat$auto_i2cdev_fops_i2c_dev(0xffffffffffffff9c, &(0x7f0000008040), 0x2, 0x0) ioctl$auto_I2C_SMBUS(r1, 0x720, 0x0) 54.154674934s ago: executing program 8 (id=6155): close_range$auto(0x0, 0xfffffffffffff000, 0x2) r0 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x0, 0xfffffffffffff000, 0x2) r1 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x0, 0xfffffffffffff000, 0x2) landlock_create_ruleset$auto(&(0x7f0000000000)={0x0, 0x401, 0x7}, 0x9, 0x0) landlock_restrict_self$auto(r1, 0x0) landlock_restrict_self$auto(r0, 0x0) mkdir$auto(&(0x7f0000000100)='}[,&*}\x00', 0x8001) mount$auto(0x0, &(0x7f0000000040)='}[,&*}\x00', &(0x7f0000000080)='nfsd\x00', 0x3, 0x0) 53.602678772s ago: executing program 8 (id=6156): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x80000000000000a, 0x2, 0x0) r0 = socket(0xa, 0x801, 0x84) set_mempolicy$auto(0x2, &(0x7f0000000080)=0x7e, 0x4) move_pages$auto(0x0, 0xf54, 0x0, 0x0, 0x0, 0x8000000000000000) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x11}}, 0x54) getsockopt$auto(r0, 0x84, 0x6d, 0x0, &(0x7f0000000280)=0x1000c0) setsockopt$auto(0x3, 0x10000000084, 0x85, 0x0, 0x90) 38.458078825s ago: executing program 38 (id=6156): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x80000000000000a, 0x2, 0x0) r0 = socket(0xa, 0x801, 0x84) set_mempolicy$auto(0x2, &(0x7f0000000080)=0x7e, 0x4) move_pages$auto(0x0, 0xf54, 0x0, 0x0, 0x0, 0x8000000000000000) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x11}}, 0x54) getsockopt$auto(r0, 0x84, 0x6d, 0x0, &(0x7f0000000280)=0x1000c0) setsockopt$auto(0x3, 0x10000000084, 0x85, 0x0, 0x90) 37.424222443s ago: executing program 4 (id=6233): close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0xc) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r1) ioctl$auto_KVM_GET_MSRS(r0, 0xc008ae88, &(0x7f0000000080)={0x2, 0x0, [{0xc1, 0x400, 0x9}]}) 37.203332763s ago: executing program 4 (id=6234): close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0xc) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r1) ioctl$auto_KVM_GET_MSRS(r0, 0x4008ae89, &(0x7f00000000c0)={0xdd, 0x0, [{0x40000000, 0x400, 0x2}]}) 37.092817318s ago: executing program 4 (id=6236): mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0xfffffffe, 0x103, 0x10000007, 0x1f, 0x7181, 0x1ffde, 0xb099, 0x3, 0x9, 0x9, 0x3, 0x884, 0x1, 0xb7, 0x9, 0x8, 0x10003, 0xb2, 0x4, 0x0, 0xb, 0x22004, 0x20000200, 0x1, 0x84, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0xc0, 0x0, 0x7, 0x0, 0xb, 0x8, 0x2, 0x0, 0x0, 0x0, 0xad3, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}, 0x1fe, 0xd) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="1000"], 0x3c}}, 0xf7374674b920089e) socket(0x2, 0x3, 0x100) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB='r'], 0x1ac}}, 0x4004) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x6, &(0x7f00000002c0)={0x0, 0xc6}, 0x1, 0x0, 0x2, 0x9}, 0x7}, 0x3, 0x0) 36.762479564s ago: executing program 4 (id=6237): r0 = socket(0x2b, 0x1, 0x0) close_range$auto(0x2, 0xa, 0x0) socket(0xf, 0x3, 0x2) mmap$auto(0x0, 0x20009, 0x4000000000e2, 0xeb1, 0x401, 0x8000) r1 = socket(0x2, 0x801, 0x106) getsockopt$auto(r1, 0x11c, 0x4, 0x0, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @loopback}, 0x6a) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x3, 0x20000000) shutdown$auto(0x200000003, 0x2) 35.982609953s ago: executing program 4 (id=6241): mmap$auto(0x0, 0x2020009, 0x7, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x0, 0xffffeffe, 0x2) r0 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(r0, 0xfffffffffffff000, 0x2) landlock_create_ruleset$auto(&(0x7f0000000000)={0xff, 0x400000000000401, 0x9}, 0x9, 0x0) landlock_restrict_self$auto(r0, 0x0) socket(0xa, 0x5, 0x84) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x1, 0x0) bind$auto(0x3, 0x0, 0x6a) 35.677521587s ago: executing program 4 (id=6243): prctl$auto(0x4, 0x828, 0x0, 0x9, 0x7056) openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, 0x0, 0x1541, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x10004) socket(0x2, 0x3, 0x100) rseq$auto(&(0x7f0000000300)={0xe, 0x401, 0x0, 0x6, 0xffffffff, 0x2}, 0x8000, 0x0, 0x6) modify_ldt$auto(0x0, 0x0, 0xfffffffffffffffb) mkdir$auto(&(0x7f0000000100)='}[,&*}\x00', 0x8001) mount$auto(0x0, &(0x7f0000000100)='}[,&*}\x00', &(0x7f0000000140)='nfsd\x00', 0x10001, 0x0) 20.683480779s ago: executing program 39 (id=6243): prctl$auto(0x4, 0x828, 0x0, 0x9, 0x7056) openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, 0x0, 0x1541, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x10004) socket(0x2, 0x3, 0x100) rseq$auto(&(0x7f0000000300)={0xe, 0x401, 0x0, 0x6, 0xffffffff, 0x2}, 0x8000, 0x0, 0x6) modify_ldt$auto(0x0, 0x0, 0xfffffffffffffffb) mkdir$auto(&(0x7f0000000100)='}[,&*}\x00', 0x8001) mount$auto(0x0, &(0x7f0000000100)='}[,&*}\x00', &(0x7f0000000140)='nfsd\x00', 0x10001, 0x0) 10.551109468s ago: executing program 2 (id=6382): close_range$auto(0x0, 0x5, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) socket$nl_generic(0x10, 0x3, 0x10) memfd_secret$auto(0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) write$auto(0x3, 0x0, 0xfffffdef) mmap$auto(0x0, 0x8, 0xfffffffffffffffa, 0x13, 0x3, 0x0) r0 = openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000005280), 0x0, 0x0) ioctl$auto_posix_clock_file_operations_posix_clock(r0, 0x80503d0a, 0x0) 4.596519446s ago: executing program 6 (id=6402): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x848000000015, 0x805, 0x0) socket(0xa, 0x3, 0x100) socketpair$auto(0x8, 0x7, 0x1, 0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/pts/ptmx\x00', 0x0, 0x0) ioctl$auto_TIOCSETD2(r0, 0x5423, 0x0) ioctl$auto_TCFLSH2(r0, 0x8924, 0x0) 4.222158746s ago: executing program 6 (id=6405): mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) r0 = socket(0x23, 0x80805, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) socket$nl_generic(0x10, 0x3, 0x10) fanotify_init$auto(0x5, 0x2000000000002) socket$nl_generic(0x10, 0x3, 0x10) clone$auto(0x20003b46, 0x7, 0x0, 0x0, 0x2) mprotect$auto(0x0, 0xd, 0x1) ioctl$auto(0x3, 0xc060ff0b, r0) 4.035209033s ago: executing program 6 (id=6406): mmap$auto(0x0, 0x2000d, 0x4000000200df, 0xeb1, 0x404, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0xa, 0x801, 0x84) io_uring_setup$auto(0x6, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) setsockopt$auto(0x3, 0x10000000084, 0x75, 0x0, 0x8) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) setsockopt$auto(0x3, 0x10000000084, 0x79, 0x0, 0x8) 3.631928589s ago: executing program 6 (id=6407): mmap$auto(0x0, 0x9, 0x2, 0x40eb2, 0x401, 0x300000000000) r0 = pidfd_open$auto(0x1, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0x2, 0x2, 0x1) socket(0x15, 0x5, 0x0) io_uring_setup$auto(0x6, 0x0) clone$auto(0x1ff00, 0x0, 0x0, 0x0, 0x9) exit$auto(0x7) setns(r0, 0x60020000) 3.629425943s ago: executing program 1 (id=6415): mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x80000000000000a, 0x2, 0x0) socket(0xa, 0x801, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x11}}, 0x54) sysfs$auto(0x2, 0x2, 0x0) lsm_list_modules$auto(0x0, 0x0, 0x0) sendmmsg$auto(0x3, &(0x7f0000000000)={{0x0, 0x2, 0x0, 0x106, 0x0, 0x6c, 0x697c}, 0xed71390}, 0x9a6, 0x0) 3.54487354s ago: executing program 9 (id=6408): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4ea2, @remote}, 0x6a) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0x101}, 0x8}, 0x7, 0x20020000) waitid$auto_P_ALL(0x0, 0x8, 0x0, 0x2, 0x0) io_uring_setup$auto(0x7, 0x0) sendmsg$auto_NL80211_CMD_SET_WIPHY(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, 0x0, 0x8, 0x70bd26, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x40040}, 0x10) setsockopt$auto(0x3, 0x1, 0x2e, 0x0, 0x9) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) 2.972622694s ago: executing program 1 (id=6409): r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000180)='/dev/admmidi2\x00', 0x88042, 0x0) read$auto(r0, 0x0, 0x20) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x8002, 0x0) ioctl$auto_SCSI_IOCTL_SEND_COMMAND2(0xffffffffffffffff, 0x1, 0x0) set_mempolicy$auto(0x3, 0x0, 0xc72) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, 0x0, 0x4000080) close_range$auto(0x0, 0xfffffffffffff000, 0x0) semget$auto(0x6, 0xd86, 0x877) bpf$auto(0x1a, 0x0, 0x92) 2.895257992s ago: executing program 9 (id=6410): close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0xc) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r1) ioctl$auto_KVM_GET_MSRS(r0, 0x41a0ae8d, &(0x7f0000000040)={0x2}) 2.894551496s ago: executing program 6 (id=6411): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x8, 0x8000) ioctl$auto(0x4000000000000c8, 0x1000, 0x3) ioctl$auto_IOCTL_VMCI_VERSION2(0xffffffffffffffff, 0x7a7, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x40200, 0x0) read$auto(r0, 0x0, 0x20) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r1, &(0x7f00000001c0)={0x0, 0x7}, 0x3) syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff) openat$nci(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0) 2.651700766s ago: executing program 1 (id=6412): openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, 0x0, 0x200, 0x0) socket(0xa, 0x802, 0x3a) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) r0 = open(&(0x7f0000000040)='./file0\x00', 0x22240, 0x154) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptywf\x00', 0x40001, 0x0) write$auto(0x3, 0x0, 0xf9ef) ioctl$auto(0x3, 0x541a, r0) 1.798338651s ago: executing program 6 (id=6413): openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f0000000000)='/dev/usbmon7\x00', 0x40080, 0x0) mmap$auto(0x0, 0x4000002, 0xfffffffffffffe01, 0x8051, 0x3, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) sendmsg$auto_PSAMPLE_CMD_GET_GROUP(0xffffffffffffffff, 0x0, 0x801) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) open(0x0, 0x261c2, 0x84) mmap$auto(0x1, 0x1000, 0x40000000000fc, 0x775, 0xffffffffffffffff, 0x6) r0 = openat$auto_ubi_ctrl_cdev_operations_ubi(0xffffffffffffff9c, &(0x7f0000000040), 0x80000, 0x0) ioctl$auto_UBI_IOCATT(r0, 0x40186f40, 0x0) 1.797495123s ago: executing program 1 (id=6422): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x2, 0x15) socket(0xa, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket(0x18, 0x4, 0x1) setsockopt$auto(0x7, 0x111, 0x100006, 0x0, 0x8) 1.788355872s ago: executing program 2 (id=6414): mmap$auto(0x0, 0xf, 0x400000000000006, 0xeb1, 0xffffffffffffffff, 0x10000000008000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000500)='/sys/devices/virtual/block/ram12/queue/read_ahead_kb\x00', 0x80000, 0x0) read$auto(r0, 0x0, 0x20) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3) r2 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) epoll_create$auto(0x8ca0d1a) sendmsg$auto_NL80211_CMD_RELOAD_REGDB(r3, &(0x7f0000000580)={0x0, 0x2120, &(0x7f0000000540)={&(0x7f0000000400)={0x14, r2, 0x1, 0x70bd2d, 0x25dfdbfc}, 0x14}, 0x1, 0x68, 0x0, 0x4000000}, 0x0) 1.630018367s ago: executing program 9 (id=6416): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8000, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_TIPC_NL_PEER_REMOVE(r1, &(0x7f00000110c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f000000e000)={0x18, r2, 0x1, 0x70bd26, 0x25dfdbfe, {}, [@TIPC_NLA_NET={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0xe0be023764f25583}, 0x40) syz_genetlink_get_family_id$auto_nl80211(0x0, r0) 1.542888031s ago: executing program 1 (id=6417): openat$auto_snd_pcm_f_ops_pcm1(0xffffffffffffff9c, &(0x7f0000003b80)='/dev/snd/pcmC0D0c\x00', 0x8100, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = open(&(0x7f0000000000)='./file0\x00', 0x261c2, 0x84) close_range$auto(0x2, 0x8, 0x0) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptyd9\x00', 0x0, 0x0) ioctl$auto_TIOCSETD2(r1, 0x5423, 0x0) read$auto_ptdump_curusr_fops_(r0, 0x0, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r0, 0x0, 0x0) 1.001638464s ago: executing program 2 (id=6418): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) pidfd_open$auto(0x1, 0x0) socket(0xa, 0x2, 0x73) socketpair$auto(0x3, 0x4, 0x8000000000000000, 0x0) open(0x0, 0x22240, 0x55) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$auto(0x3, 0x40106f52, r0) 853.005622ms ago: executing program 2 (id=6419): mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x80000000000000a, 0x2, 0x0) socket(0xa, 0x801, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x11}}, 0x54) sysfs$auto(0x2, 0x2, 0x0) lsm_list_modules$auto(0x0, 0x0, 0x0) sendmmsg$auto(0x3, &(0x7f0000000000)={{0x0, 0x2, 0x0, 0x106, 0x0, 0x6c, 0x697c}, 0xed71390}, 0x9a6, 0x0) 679.255581ms ago: executing program 2 (id=6420): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4ea2, @remote}, 0x6a) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0x101}, 0x8}, 0x7, 0x20020000) waitid$auto_P_ALL(0x0, 0x8, 0x0, 0x2, 0x0) io_uring_setup$auto(0x7, 0x0) sendmsg$auto_NL80211_CMD_SET_WIPHY(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, 0x0, 0x8, 0x70bd26, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x40040}, 0x10) setsockopt$auto(0x3, 0x1, 0x2e, 0x0, 0x9) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) 670.055133ms ago: executing program 9 (id=6429): socket(0x3, 0x5, 0x2000000) socket(0x2, 0x1, 0x106) clock_getres$auto(0x1000, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/bus/pci/resource_alignment\x00', 0x8ea182, 0x0) r0 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), 0xffffffffffffffff) close_range$auto(0x2, 0x8, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/net/bpq3/carrier_up_count\x00', 0x101000, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NL80211_CMD_RELOAD_REGDB(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000400)={0x14, r0, 0x1, 0x70bd2d, 0x25dfdbfc}, 0x14}, 0x1, 0x68, 0x0, 0x4000000}, 0x0) 371.957576ms ago: executing program 2 (id=6421): socket(0x2, 0x1, 0x106) socket(0x2, 0x80002, 0x73) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) mmap$auto(0x0, 0x2020009, 0x1000000000000003, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = socket(0x10, 0x3, 0x6) sendmsg$auto_KSMBD_EVENT_LOGIN_RESPONSE(r0, 0x0, 0x20008080) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) 275.908196ms ago: executing program 9 (id=6423): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) statmount$auto(0x0, &(0x7f0000000180)={0x16, 0x1, 0x9, 0x3, 0x7, 0x6, 0x6, 0x3, 0x2000000000230006, 0x4, 0x3, 0x5, 0x2, 0x7, 0xaf, 0x6, 0x24, 0x3, 0x103, 0xfffffffffffffff7, 0x0, 0x0, 0x8000002, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0xd8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000000000000, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1]}, 0xfe, 0x81) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='l\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="00082cbf7000fedbdf25030000000802e700", @ANYRES32=0x0, @ANYBLOB="060007000080000008000400060000000a000500aaaaaaaaaabb00000a00010000000000000000000a0001000180c200000e0000060006001100000008000400010000880a0001"], 0x6c}, 0x1, 0x0, 0x0, 0x40080}, 0x6004000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x100) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="13"], 0x1ac}}, 0x4004) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 607.098µs ago: executing program 9 (id=6424): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x8, 0x8000) ioctl$auto(0x4000000000000c8, 0x1000, 0x3) ioctl$auto_IOCTL_VMCI_VERSION2(0xffffffffffffffff, 0x7a7, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x40200, 0x0) read$auto(r0, 0x0, 0x20) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r1, &(0x7f00000001c0)={0x0, 0x7}, 0x3) syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff) openat$nci(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0) 0s ago: executing program 1 (id=6425): close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0xc) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r1) ioctl$auto_KVM_GET_MSRS(r0, 0xc008ae88, &(0x7f0000000080)={0x2, 0x0, [{0x179, 0x400, 0x9}]}) 0s ago: executing program 2 (id=6426): close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0xc) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r1) ioctl$auto_KVM_GET_MSRS(r0, 0x41a0ae8d, &(0x7f0000000040)={0x2}) kernel console output (not intermixed with test programs): vise_cold_or_pageout_pte_range+0x152f/0x2120 [ 678.573232][T20841] ? __pfx_madvise_cold_or_pageout_pte_range+0x10/0x10 [ 678.573288][T20841] ? do_raw_spin_lock+0x12c/0x2b0 [ 678.573343][T20841] ? css_rstat_updated+0x1c2/0x510 [ 678.573380][T20841] ? __pfx_madvise_cold_or_pageout_pte_range+0x10/0x10 [ 678.573434][T20841] walk_pgd_range+0xc05/0x1f50 [ 678.573506][T20841] ? __pfx_walk_pgd_range+0x10/0x10 [ 678.573562][T20841] __walk_page_range+0x163/0x820 [ 678.573612][T20841] ? __lock_acquire+0xb97/0x1ce0 [ 678.573677][T20841] walk_page_range_vma+0x2c7/0xa20 [ 678.573725][T20841] ? __pfx_walk_page_range_vma+0x10/0x10 [ 678.573768][T20841] ? find_held_lock+0x2b/0x80 [ 678.573819][T20841] madvise_pageout+0x257/0x540 [ 678.573867][T20841] ? __pfx_madvise_pageout+0x10/0x10 [ 678.573911][T20841] ? finish_task_switch.isra.0+0x21c/0xc10 [ 678.573981][T20841] madvise_vma_behavior+0xb22/0x2d60 [ 678.574036][T20841] ? mas_prev_setup.constprop.0+0xb6/0x9d0 [ 678.574089][T20841] ? __pfx_madvise_vma_behavior+0x10/0x10 [ 678.574142][T20841] ? __pfx_mas_prev+0x10/0x10 [ 678.574204][T20841] ? find_vma_prev+0xda/0x160 [ 678.574250][T20841] ? find_held_lock+0x2b/0x80 [ 678.574282][T20841] ? __pfx_find_vma_prev+0x10/0x10 [ 678.574330][T20841] ? futex_unqueue+0x133/0x2c0 [ 678.574383][T20841] ? __futex_wait+0x24c/0x2f0 [ 678.574440][T20841] madvise_walk_vmas+0x31f/0x9c0 [ 678.574497][T20841] ? __pfx_madvise_walk_vmas+0x10/0x10 [ 678.574561][T20841] madvise_do_behavior+0x1e2/0x530 [ 678.574609][T20841] ? futex_private_hash_put+0x18a/0x300 [ 678.574660][T20841] ? __pfx_madvise_do_behavior+0x10/0x10 [ 678.574712][T20841] ? down_read+0x13d/0x480 [ 678.574792][T20841] do_madvise+0x176/0x240 [ 678.574841][T20841] ? __pfx_do_madvise+0x10/0x10 [ 678.574889][T20841] ? do_futex+0x122/0x350 [ 678.574962][T20841] ? xfd_validate_state+0x61/0x180 [ 678.575010][T20841] ? __pfx_do_writev+0x10/0x10 [ 678.575055][T20841] __x64_sys_madvise+0xa9/0x110 [ 678.575104][T20841] ? lockdep_hardirqs_on+0x7c/0x110 [ 678.575153][T20841] do_syscall_64+0xcd/0x4c0 [ 678.575209][T20841] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 678.575243][T20841] RIP: 0033:0x7fe26e98eba9 [ 678.575270][T20841] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 678.575303][T20841] RSP: 002b:00007fe26f8f8038 EFLAGS: 00000246 ORIG_RAX: 000000000000001c [ 678.575336][T20841] RAX: ffffffffffffffda RBX: 00007fe26ebd5fa0 RCX: 00007fe26e98eba9 [ 678.575359][T20841] RDX: 0000000000000015 RSI: 00000000002003f2 RDI: 0000000000000000 [ 678.575378][T20841] RBP: 00007fe26ea11e19 R08: 0000000000000000 R09: 0000000000000000 [ 678.575398][T20841] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 678.575417][T20841] R13: 00007fe26ebd6038 R14: 00007fe26ebd5fa0 R15: 00007fffa0591cd8 [ 678.575460][T20841] [ 679.244100][T20846] profile_transition: unconfined exec no attachment [ 679.870069][T20851] kvm: user requested TSC rate below hardware speed [ 680.167234][T20856] netlink: 252 bytes leftover after parsing attributes in process `syz.4.5807'. [ 680.181277][T20856] unsupported nla_type 65535 [ 680.522413][T20869] netlink: zone id is out of range [ 680.586449][T20869] netlink: del zone limit has 4 unknown bytes [ 680.604638][T20866] netlink: set zone limit has 8 unknown bytes [ 680.661262][T20872] netlink: 4 bytes leftover after parsing attributes in process `syz.5.5816'. [ 680.705758][T20872] netlink: 13 bytes leftover after parsing attributes in process `syz.5.5816'. [ 681.993023][T20884] FAULT_INJECTION: forcing a failure. [ 681.993023][T20884] name failslab, interval 1, probability 0, space 0, times 0 [ 682.039868][T20884] CPU: 1 UID: 0 PID: 20884 Comm: syz.7.5818 Tainted: G U I syzkaller #0 PREEMPT(full) [ 682.039927][T20884] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 682.039941][T20884] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 682.039960][T20884] Call Trace: [ 682.039971][T20884] [ 682.039983][T20884] dump_stack_lvl+0x16c/0x1f0 [ 682.040064][T20884] should_fail_ex+0x512/0x640 [ 682.040125][T20884] should_failslab+0xc2/0x120 [ 682.040172][T20884] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 682.040215][T20884] ? xas_split_alloc+0x11c/0x490 [ 682.040275][T20884] xas_split_alloc+0x11c/0x490 [ 682.040341][T20884] __folio_split+0xdd0/0x4a80 [ 682.040410][T20884] ? __lock_acquire+0x601/0x1ce0 [ 682.040472][T20884] ? __mem_cgroup_try_charge_swap+0x8c/0x3f0 [ 682.040528][T20884] ? __pfx___folio_split+0x10/0x10 [ 682.040582][T20884] ? find_held_lock+0x2b/0x80 [ 682.040627][T20884] ? folio_alloc_swap+0x93f/0xc70 [ 682.040677][T20884] split_folio_to_list+0x9b/0x180 [ 682.040712][T20884] shmem_writeout+0x42e/0x1140 [ 682.040757][T20884] ? __pfx_shmem_writeout+0x10/0x10 [ 682.040792][T20884] ? __pfx_try_to_unmap+0x10/0x10 [ 682.040829][T20884] ? find_held_lock+0x2b/0x80 [ 682.040864][T20884] ? inode_to_bdi+0x9e/0x160 [ 682.040908][T20884] ? folio_clear_dirty_for_io+0x112/0x810 [ 682.040975][T20884] shrink_folio_list+0x2f4c/0x4880 [ 682.041024][T20884] ? __pfx_shrink_folio_list+0x10/0x10 [ 682.041057][T20884] ? shmem_add_to_page_cache+0x7ae/0xa70 [ 682.041092][T20884] ? shmem_get_folio_gfp+0x869/0x1600 [ 682.041145][T20884] ? find_held_lock+0x2b/0x80 [ 682.041183][T20884] ? lock_acquire+0x179/0x350 [ 682.041228][T20884] ? find_held_lock+0x2b/0x80 [ 682.041297][T20884] ? rcu_is_watching+0x12/0xc0 [ 682.041335][T20884] ? __lock_acquire+0x62e/0x1ce0 [ 682.041383][T20884] reclaim_folio_list+0xda/0x5d0 [ 682.041424][T20884] ? __pfx_css_rstat_updated+0x10/0x10 [ 682.041461][T20884] ? __lock_acquire+0x62e/0x1ce0 [ 682.041506][T20884] ? __pfx_reclaim_folio_list+0x10/0x10 [ 682.041560][T20884] ? lru_gen_update_size+0x543/0xe10 [ 682.041605][T20884] ? lru_gen_del_folio+0x32b/0x540 [ 682.041641][T20884] reclaim_pages+0x47b/0x650 [ 682.041682][T20884] ? __pfx_reclaim_pages+0x10/0x10 [ 682.041720][T20884] ? madvise_cold_or_pageout_pte_range+0x1e81/0x2120 [ 682.041782][T20884] madvise_cold_or_pageout_pte_range+0x152f/0x2120 [ 682.041853][T20884] ? __pfx_madvise_cold_or_pageout_pte_range+0x10/0x10 [ 682.041908][T20884] ? do_raw_spin_lock+0x12c/0x2b0 [ 682.041968][T20884] ? __pfx_madvise_cold_or_pageout_pte_range+0x10/0x10 [ 682.042022][T20884] walk_pgd_range+0xc05/0x1f50 [ 682.042095][T20884] ? __pfx_walk_pgd_range+0x10/0x10 [ 682.042135][T20884] ? __free_frozen_pages+0x8e2/0x10f0 [ 682.042172][T20884] ? do_raw_spin_unlock+0x172/0x230 [ 682.042231][T20884] __walk_page_range+0x163/0x820 [ 682.042277][T20884] ? __lock_acquire+0xb97/0x1ce0 [ 682.042330][T20884] walk_page_range_vma+0x2c7/0xa20 [ 682.042376][T20884] ? __pfx_walk_page_range_vma+0x10/0x10 [ 682.042430][T20884] ? find_held_lock+0x2b/0x80 [ 682.042481][T20884] madvise_pageout+0x257/0x540 [ 682.042530][T20884] ? __pfx_madvise_pageout+0x10/0x10 [ 682.042573][T20884] ? finish_task_switch.isra.0+0x21c/0xc10 [ 682.042639][T20884] madvise_vma_behavior+0xb22/0x2d60 [ 682.042692][T20884] ? mas_prev_setup.constprop.0+0xb6/0x9d0 [ 682.042741][T20884] ? __pfx_madvise_vma_behavior+0x10/0x10 [ 682.042795][T20884] ? __pfx_mas_prev+0x10/0x10 [ 682.042855][T20884] ? find_vma_prev+0xda/0x160 [ 682.042902][T20884] ? find_held_lock+0x2b/0x80 [ 682.042934][T20884] ? __pfx_find_vma_prev+0x10/0x10 [ 682.042983][T20884] ? futex_unqueue+0x133/0x2c0 [ 682.043033][T20884] ? __futex_wait+0x24c/0x2f0 [ 682.043089][T20884] madvise_walk_vmas+0x31f/0x9c0 [ 682.043143][T20884] ? __pfx_madvise_walk_vmas+0x10/0x10 [ 682.043203][T20884] madvise_do_behavior+0x1e2/0x530 [ 682.043250][T20884] ? futex_private_hash_put+0x18a/0x300 [ 682.043294][T20884] ? __pfx_madvise_do_behavior+0x10/0x10 [ 682.043346][T20884] ? down_read+0x13d/0x480 [ 682.043406][T20884] do_madvise+0x176/0x240 [ 682.043455][T20884] ? __pfx_do_madvise+0x10/0x10 [ 682.043500][T20884] ? do_futex+0x122/0x350 [ 682.043573][T20884] ? xfd_validate_state+0x61/0x180 [ 682.043625][T20884] ? __pfx_do_writev+0x10/0x10 [ 682.043674][T20884] __x64_sys_madvise+0xa9/0x110 [ 682.043725][T20884] ? lockdep_hardirqs_on+0x7c/0x110 [ 682.043774][T20884] do_syscall_64+0xcd/0x4c0 [ 682.043830][T20884] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 682.043864][T20884] RIP: 0033:0x7f25f118eba9 [ 682.043891][T20884] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 682.043924][T20884] RSP: 002b:00007f25f200f038 EFLAGS: 00000246 ORIG_RAX: 000000000000001c [ 682.043957][T20884] RAX: ffffffffffffffda RBX: 00007f25f13d5fa0 RCX: 00007f25f118eba9 [ 682.043979][T20884] RDX: 0000000000000015 RSI: 00000000002003f2 RDI: 0000000000000000 [ 682.043998][T20884] RBP: 00007f25f1211e19 R08: 0000000000000000 R09: 0000000000000000 [ 682.044017][T20884] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 682.044036][T20884] R13: 00007f25f13d6038 R14: 00007f25f13d5fa0 R15: 00007ffeb7e96698 [ 682.044079][T20884] [ 684.816667][T20927] netlink: 338 bytes leftover after parsing attributes in process `syz.5.5836'. [ 684.850999][T20927] bridge0: port 2(bridge_slave_1) entered disabled state [ 684.860965][T20927] bridge0: port 1(bridge_slave_0) entered disabled state [ 684.872667][T20929] netlink: 28 bytes leftover after parsing attributes in process `syz.6.5837'. [ 685.091146][T20933] netlink: 25 bytes leftover after parsing attributes in process `syz.5.5839'. [ 685.810603][T20956] profile_transition: unconfined exec no attachment [ 686.068418][T20958] profile_transition: unconfined exec no attachment [ 686.694586][T20965] netlink: 338 bytes leftover after parsing attributes in process `syz.6.5848'. [ 686.737691][T20965] bridge0: port 2(bridge_slave_1) entered disabled state [ 686.745650][T20965] bridge0: port 1(bridge_slave_0) entered disabled state [ 687.064855][T20978] netlink: 302 bytes leftover after parsing attributes in process `syz.5.5854'. [ 687.174891][T20973] FAULT_INJECTION: forcing a failure. [ 687.174891][T20973] name failslab, interval 1, probability 0, space 0, times 0 [ 687.213767][T20981] profile_transition: unconfined exec no attachment [ 687.233178][T20973] CPU: 1 UID: 0 PID: 20973 Comm: syz.7.5851 Tainted: G U I syzkaller #0 PREEMPT(full) [ 687.233236][T20973] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 687.233250][T20973] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 687.233269][T20973] Call Trace: [ 687.233280][T20973] [ 687.233292][T20973] dump_stack_lvl+0x16c/0x1f0 [ 687.233356][T20973] should_fail_ex+0x512/0x640 [ 687.233410][T20973] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 687.233455][T20973] should_failslab+0xc2/0x120 [ 687.233497][T20973] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 687.233536][T20973] ? __x64_sys_futex+0x1e0/0x4c0 [ 687.233577][T20973] ? __x64_sys_futex+0x1e9/0x4c0 [ 687.233618][T20973] ? prepare_creds+0x2c/0x7d0 [ 687.233672][T20973] prepare_creds+0x2c/0x7d0 [ 687.233738][T20973] keyctl_set_reqkey_keyring+0x8e/0x1c0 [ 687.233783][T20973] __do_sys_keyctl+0x6d/0x590 [ 687.233825][T20973] do_syscall_64+0xcd/0x4c0 [ 687.233883][T20973] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 687.233915][T20973] RIP: 0033:0x7f25f118eba9 [ 687.233939][T20973] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 687.233974][T20973] RSP: 002b:00007f25f200f038 EFLAGS: 00000246 ORIG_RAX: 00000000000000fa [ 687.234006][T20973] RAX: ffffffffffffffda RBX: 00007f25f13d5fa0 RCX: 00007f25f118eba9 [ 687.234027][T20973] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 000000000000000e [ 687.234045][T20973] RBP: 00007f25f1211e19 R08: 0000000000000008 R09: 0000000000000000 [ 687.234063][T20973] R10: 0000000000005eaf R11: 0000000000000246 R12: 0000000000000000 [ 687.234082][T20973] R13: 00007f25f13d6038 R14: 00007f25f13d5fa0 R15: 00007ffeb7e96698 [ 687.234123][T20973] [ 687.362694][T20984] profile_transition: unconfined exec no attachment [ 687.608579][T20989] profile_transition: unconfined exec no attachment [ 687.828240][T20994] netlink: 25 bytes leftover after parsing attributes in process `syz.7.5860'. [ 688.330798][T21001] netlink: 326 bytes leftover after parsing attributes in process `syz.7.5862'. [ 688.668944][T21009] netlink: 302 bytes leftover after parsing attributes in process `syz.4.5866'. [ 689.855395][T21038] profile_transition: unconfined exec no attachment [ 690.379113][T21051] netlink: 17 bytes leftover after parsing attributes in process `syz.6.5879'. [ 690.442288][T21051] netlink: 4 bytes leftover after parsing attributes in process `syz.6.5879'. [ 690.474196][T21054] profile_transition: unconfined exec no attachment [ 691.110248][T21068] netlink: 28 bytes leftover after parsing attributes in process `syz.4.5887'. [ 691.615150][T21074] netlink: 338 bytes leftover after parsing attributes in process `syz.4.5889'. [ 691.651347][T21074] bridge0: port 3(netdevsim2) entered disabled state [ 691.658381][T21074] bridge0: port 2(bridge_slave_1) entered disabled state [ 691.665912][T21074] bridge0: port 1(bridge_slave_0) entered disabled state [ 691.870187][T21076] FAULT_INJECTION: forcing a failure. [ 691.870187][T21076] name failslab, interval 1, probability 0, space 0, times 0 [ 691.928161][T21076] CPU: 1 UID: 0 PID: 21076 Comm: syz.6.5890 Tainted: G U I syzkaller #0 PREEMPT(full) [ 691.928211][T21076] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 691.928222][T21076] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 691.928238][T21076] Call Trace: [ 691.928247][T21076] [ 691.928257][T21076] dump_stack_lvl+0x16c/0x1f0 [ 691.928303][T21076] should_fail_ex+0x512/0x640 [ 691.928346][T21076] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 691.928384][T21076] should_failslab+0xc2/0x120 [ 691.928422][T21076] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 691.928455][T21076] ? do_raw_spin_unlock+0x172/0x230 [ 691.928496][T21076] ? prepare_kernel_cred+0x35/0x750 [ 691.928536][T21076] ? _raw_spin_unlock+0x28/0x50 [ 691.928575][T21076] prepare_kernel_cred+0x35/0x750 [ 691.928619][T21076] _request_firmware+0x3ae/0x1470 [ 691.928664][T21076] ? assign_fw+0x1cb/0x640 [ 691.928697][T21076] ? _request_firmware+0x957/0x1470 [ 691.928734][T21076] ? __pfx__request_firmware+0x10/0x10 [ 691.928784][T21076] request_firmware+0x35/0x50 [ 691.928822][T21076] valid_regdb+0x184/0x590 [ 691.928872][T21076] ? __pfx___mutex_lock+0x10/0x10 [ 691.928930][T21076] ? __pfx_valid_regdb+0x10/0x10 [ 691.928997][T21076] reg_reload_regdb+0x11a/0x460 [ 691.929033][T21076] ? __pfx_reg_reload_regdb+0x10/0x10 [ 691.929071][T21076] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 691.929117][T21076] ? nl80211_pre_doit+0x1b0/0xb10 [ 691.929185][T21076] genl_family_rcv_msg_doit+0x209/0x2f0 [ 691.929231][T21076] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 691.929272][T21076] ? rcu_is_watching+0x12/0xc0 [ 691.929326][T21076] ? bpf_lsm_capable+0x9/0x10 [ 691.929360][T21076] ? security_capable+0x7e/0x260 [ 691.929407][T21076] genl_rcv_msg+0x55c/0x800 [ 691.929451][T21076] ? __pfx_genl_rcv_msg+0x10/0x10 [ 691.929492][T21076] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 691.929537][T21076] ? __pfx_nl80211_reload_regdb+0x10/0x10 [ 691.929605][T21076] ? __pfx_nl80211_post_doit+0x10/0x10 [ 691.929655][T21076] netlink_rcv_skb+0x158/0x420 [ 691.929715][T21076] ? __pfx_genl_rcv_msg+0x10/0x10 [ 691.929757][T21076] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 691.929836][T21076] ? netlink_deliver_tap+0x1ae/0xd30 [ 691.929898][T21076] genl_rcv+0x28/0x40 [ 691.929932][T21076] netlink_unicast+0x5a7/0x870 [ 691.929998][T21076] ? __pfx_netlink_unicast+0x10/0x10 [ 691.930057][T21076] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 691.930116][T21076] ? __lock_acquire+0xb97/0x1ce0 [ 691.930192][T21076] netlink_sendmsg+0x8d1/0xdd0 [ 691.930262][T21076] ? __pfx_netlink_sendmsg+0x10/0x10 [ 691.930328][T21076] ? aa_sock_msg_perm.constprop.0+0x100/0x1d0 [ 691.930381][T21076] ____sys_sendmsg+0xa98/0xc70 [ 691.930427][T21076] ? copy_msghdr_from_user+0x10a/0x160 [ 691.930484][T21076] ? __pfx_____sys_sendmsg+0x10/0x10 [ 691.930562][T21076] ? __pfx_futex_wake_mark+0x10/0x10 [ 691.930629][T21076] ___sys_sendmsg+0x134/0x1d0 [ 691.930693][T21076] ? __pfx____sys_sendmsg+0x10/0x10 [ 691.930814][T21076] __sys_sendmsg+0x16d/0x220 [ 691.930875][T21076] ? __pfx___sys_sendmsg+0x10/0x10 [ 691.930932][T21076] ? __x64_sys_futex+0x1e0/0x4c0 [ 691.931016][T21076] do_syscall_64+0xcd/0x4c0 [ 691.931079][T21076] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 691.931119][T21076] RIP: 0033:0x7f0fb3d8eba9 [ 691.931157][T21076] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 691.931195][T21076] RSP: 002b:00007f0fb4cc9038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 691.931231][T21076] RAX: ffffffffffffffda RBX: 00007f0fb3fd5fa0 RCX: 00007f0fb3d8eba9 [ 691.931257][T21076] RDX: 0000000000000000 RSI: 0000200000000580 RDI: 0000000000000005 [ 691.931281][T21076] RBP: 00007f0fb3e11e19 R08: 0000000000000000 R09: 0000000000000000 [ 691.931305][T21076] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 691.931327][T21076] R13: 00007f0fb3fd6038 R14: 00007f0fb3fd5fa0 R15: 00007ffc31352a38 [ 691.931377][T21076] [ 694.515650][ T1306] ieee802154 phy0 wpan0: encryption failed: -22 [ 694.522553][ T1306] ieee802154 phy1 wpan1: encryption failed: -22 [ 701.527588][T21094] profile_transition: unconfined exec no attachment [ 704.479867][T21095] profile_transition: unconfined exec no attachment [ 705.149378][T21106] profile_transition: unconfined exec no attachment [ 705.673249][T19576] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 705.697122][T19576] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 705.710085][T19576] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 705.729025][T19576] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 705.740336][T19576] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 706.158052][T21119] profile_transition: unconfined exec no attachment [ 706.248498][T21108] chnl_net:caif_netlink_parms(): no params data found [ 706.327847][T21123] netlink: 338 bytes leftover after parsing attributes in process `syz.7.5904'. [ 706.429606][T21123] bridge0: port 2(bridge_slave_1) entered disabled state [ 706.438738][T21123] bridge0: port 1(bridge_slave_0) entered disabled state [ 706.544600][T21108] bridge0: port 1(bridge_slave_0) entered blocking state [ 706.556402][T21108] bridge0: port 1(bridge_slave_0) entered disabled state [ 706.582702][T21108] bridge_slave_0: entered allmulticast mode [ 706.611204][T21131] profile_transition: unconfined exec no attachment [ 706.614287][T21108] bridge_slave_0: entered promiscuous mode [ 706.660718][T21108] bridge0: port 2(bridge_slave_1) entered blocking state [ 706.668722][T21108] bridge0: port 2(bridge_slave_1) entered disabled state [ 706.696746][T21108] bridge_slave_1: entered allmulticast mode [ 706.725926][T21108] bridge_slave_1: entered promiscuous mode [ 706.840449][T21108] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 706.865865][T21108] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 706.966316][T21108] team0: Port device team_slave_0 added [ 706.982113][T21108] team0: Port device team_slave_1 added [ 707.072657][T21108] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 707.090531][T21108] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 707.150392][T21108] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 707.206350][T21108] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 707.217951][T21108] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 707.278858][T21108] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 707.416009][T21136] netlink: 25 bytes leftover after parsing attributes in process `syz.6.5911'. [ 707.559205][T21108] hsr_slave_0: entered promiscuous mode [ 707.588132][T21108] hsr_slave_1: entered promiscuous mode [ 707.594575][T21108] debugfs: 'hsr0' already exists in 'hsr' [ 707.618094][T21108] Cannot create hsr debugfs directory [ 707.806515][T19576] Bluetooth: hci5: command tx timeout [ 708.349761][T21108] netdevsim netdevsim8 netdevsim0: renamed from eth0 [ 708.368660][T21108] netdevsim netdevsim8 netdevsim1: renamed from eth1 [ 708.392878][T21108] netdevsim netdevsim8 netdevsim2: renamed from eth2 [ 708.415791][T21108] netdevsim netdevsim8 netdevsim3: renamed from eth3 [ 708.677363][T21108] 8021q: adding VLAN 0 to HW filter on device bond0 [ 708.725900][T21108] 8021q: adding VLAN 0 to HW filter on device team0 [ 708.750629][ T1168] bridge0: port 1(bridge_slave_0) entered blocking state [ 708.757907][ T1168] bridge0: port 1(bridge_slave_0) entered forwarding state [ 708.798343][ T1168] bridge0: port 2(bridge_slave_1) entered blocking state [ 708.805582][ T1168] bridge0: port 2(bridge_slave_1) entered forwarding state [ 708.942171][T21150] profile_transition: unconfined exec no attachment [ 709.101129][T21151] profile_transition: unconfined exec no attachment [ 709.276661][T21156] profile_transition: unconfined exec no attachment [ 709.432524][T21158] profile_transition: unconfined exec no attachment [ 709.643733][T21108] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 709.692502][T21161] profile_transition: unconfined exec no attachment [ 709.829616][T21162] profile_transition: unconfined exec no attachment [ 709.877262][T19576] Bluetooth: hci5: command tx timeout [ 709.999852][T21166] profile_transition: unconfined exec no attachment [ 710.146108][T21168] profile_transition: unconfined exec no attachment [ 710.287704][T21171] profile_transition: unconfined exec no attachment [ 710.733691][T21108] veth0_vlan: entered promiscuous mode [ 710.820181][T21108] veth1_vlan: entered promiscuous mode [ 710.943660][T21108] veth0_macvtap: entered promiscuous mode [ 710.957985][T21108] veth1_macvtap: entered promiscuous mode [ 711.025235][T21108] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 711.077508][T21108] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 711.144710][T19758] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 711.184207][T19758] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 711.277220][T21184] mkiss: ax0: crc mode is auto. [ 711.290378][T19758] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 711.324145][ T12] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 711.648747][T21189] FAULT_INJECTION: forcing a failure. [ 711.648747][T21189] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 711.657405][T21182] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 711.678338][T21189] CPU: 0 UID: 0 PID: 21189 Comm: syz.6.5926 Tainted: G U I syzkaller #0 PREEMPT(full) [ 711.678407][T21189] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 711.678421][T21189] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 711.678440][T21189] Call Trace: [ 711.678452][T21189] [ 711.678464][T21189] dump_stack_lvl+0x16c/0x1f0 [ 711.678523][T21189] should_fail_ex+0x512/0x640 [ 711.678582][T21189] _copy_to_iter+0x29f/0x1710 [ 711.678625][T21189] ? chacha_block_generic+0x211/0x330 [ 711.678664][T21189] ? __pfx__copy_to_iter+0x10/0x10 [ 711.678709][T21189] ? __pfx___might_resched+0x10/0x10 [ 711.678742][T21189] ? crng_make_state+0x48e/0x6d0 [ 711.678784][T21189] get_random_bytes_user+0x17f/0x3c0 [ 711.678825][T21189] ? __pfx_get_random_bytes_user+0x10/0x10 [ 711.678861][T21189] ? do_writev+0x218/0x340 [ 711.678906][T21189] ? do_futex+0x122/0x350 [ 711.678960][T21189] ? import_ubuf+0x1b6/0x220 [ 711.678997][T21189] __x64_sys_getrandom+0x183/0x290 [ 711.679037][T21189] ? __pfx___x64_sys_getrandom+0x10/0x10 [ 711.679099][T21189] do_syscall_64+0xcd/0x4c0 [ 711.679153][T21189] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 711.679187][T21189] RIP: 0033:0x7f0fb3d8eba9 [ 711.679213][T21189] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 711.679247][T21189] RSP: 002b:00007f0fb4cc9038 EFLAGS: 00000246 ORIG_RAX: 000000000000013e [ 711.679280][T21189] RAX: ffffffffffffffda RBX: 00007f0fb3fd5fa0 RCX: 00007f0fb3d8eba9 [ 711.679302][T21189] RDX: 0000000000000003 RSI: 0000000006000000 RDI: 0000000000000000 [ 711.679321][T21189] RBP: 00007f0fb3e11e19 R08: 0000000000000000 R09: 0000000000000000 [ 711.679340][T21189] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 711.679358][T21189] R13: 00007f0fb3fd6038 R14: 00007f0fb3fd5fa0 R15: 00007ffc31352a38 [ 711.679408][T21189] [ 711.983223][T21182] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 712.113886][T19576] Bluetooth: hci5: command tx timeout [ 712.122201][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 712.148834][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 712.317611][T21196] netlink: 28 bytes leftover after parsing attributes in process `syz.8.5898'. [ 712.530777][T21199] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 712.556071][T21201] profile_transition: 1 callbacks suppressed [ 712.556093][T21201] profile_transition: unconfined exec no attachment [ 713.130623][T21211] netlink: 17 bytes leftover after parsing attributes in process `syz.8.5933'. [ 713.168531][T21211] netlink: 4 bytes leftover after parsing attributes in process `syz.8.5933'. [ 713.492736][T21220] netlink: 25 bytes leftover after parsing attributes in process `syz.8.5937'. [ 713.784790][T21222] FAULT_INJECTION: forcing a failure. [ 713.784790][T21222] name failslab, interval 1, probability 0, space 0, times 0 [ 713.797851][T21222] CPU: 1 UID: 0 PID: 21222 Comm: syz.8.5938 Tainted: G U I syzkaller #0 PREEMPT(full) [ 713.797907][T21222] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 713.797922][T21222] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 713.797944][T21222] Call Trace: [ 713.797955][T21222] [ 713.797967][T21222] dump_stack_lvl+0x16c/0x1f0 [ 713.798026][T21222] should_fail_ex+0x512/0x640 [ 713.798087][T21222] should_failslab+0xc2/0x120 [ 713.798138][T21222] __kmalloc_cache_noprof+0x6a/0x3e0 [ 713.798170][T21222] ? __lock_acquire+0x62e/0x1ce0 [ 713.798214][T21222] ? tipc_nametbl_insert_publ+0x5a/0x1720 [ 713.798271][T21222] tipc_nametbl_insert_publ+0x5a/0x1720 [ 713.798324][T21222] ? do_raw_spin_lock+0x12c/0x2b0 [ 713.798374][T21222] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 713.798423][T21222] ? net_generic+0xea/0x2a0 [ 713.798494][T21222] tipc_nametbl_publish+0x137/0x280 [ 713.798554][T21222] tipc_sk_publish+0x1d8/0x430 [ 713.798589][T21222] ? __pfx_tipc_sk_publish+0x10/0x10 [ 713.798625][T21222] ? __local_bh_enable_ip+0xa4/0x120 [ 713.798672][T21222] tipc_sk_bind+0x16f/0x380 [ 713.798707][T21222] tipc_bind+0x190/0x2a0 [ 713.798742][T21222] __sys_bind+0x1a4/0x260 [ 713.798786][T21222] ? __pfx___sys_bind+0x10/0x10 [ 713.798844][T21222] ? xfd_validate_state+0x61/0x180 [ 713.798891][T21222] ? __pfx_do_writev+0x10/0x10 [ 713.798938][T21222] __x64_sys_bind+0x72/0xb0 [ 713.798977][T21222] ? lockdep_hardirqs_on+0x7c/0x110 [ 713.799027][T21222] do_syscall_64+0xcd/0x4c0 [ 713.799084][T21222] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 713.799117][T21222] RIP: 0033:0x7f7cfdd8eba9 [ 713.799144][T21222] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 713.799178][T21222] RSP: 002b:00007f7cfec5b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000031 [ 713.799210][T21222] RAX: ffffffffffffffda RBX: 00007f7cfdfd5fa0 RCX: 00007f7cfdd8eba9 [ 713.799233][T21222] RDX: 0000000000000066 RSI: 0000200000000040 RDI: 0000000000000006 [ 713.799254][T21222] RBP: 00007f7cfde11e19 R08: 0000000000000000 R09: 0000000000000000 [ 713.799274][T21222] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 713.799293][T21222] R13: 00007f7cfdfd6038 R14: 00007f7cfdfd5fa0 R15: 00007ffe3461fd58 [ 713.799337][T21222] [ 714.044452][ C0] vcan0: j1939_tp_rxtimer: 0xffff8880319b9800: rx timeout, send abort [ 714.055217][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff8880319b9800: 0x40000: (3) A timeout occurred and this is the connection abort to close the session. [ 714.177057][T19576] Bluetooth: hci5: command tx timeout [ 715.165975][T21241] FAULT_INJECTION: forcing a failure. [ 715.165975][T21241] name failslab, interval 1, probability 0, space 0, times 0 [ 715.181769][T21241] CPU: 1 UID: 0 PID: 21241 Comm: syz.8.5945 Tainted: G U I syzkaller #0 PREEMPT(full) [ 715.181824][T21241] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 715.181838][T21241] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 715.181857][T21241] Call Trace: [ 715.181868][T21241] [ 715.181880][T21241] dump_stack_lvl+0x16c/0x1f0 [ 715.181936][T21241] should_fail_ex+0x512/0x640 [ 715.181987][T21241] ? __kmalloc_noprof+0xbf/0x510 [ 715.182030][T21241] ? lsm_blob_alloc+0x68/0x90 [ 715.182057][T21241] should_failslab+0xc2/0x120 [ 715.182102][T21241] __kmalloc_noprof+0xd2/0x510 [ 715.182161][T21241] lsm_blob_alloc+0x68/0x90 [ 715.182192][T21241] security_sk_alloc+0x30/0x270 [ 715.182234][T21241] sk_prot_alloc+0xfb/0x2a0 [ 715.182273][T21241] sk_alloc+0x36/0xc20 [ 715.182321][T21241] rxrpc_create+0x116/0x8d0 [ 715.182366][T21241] __sock_create+0x338/0x8d0 [ 715.182414][T21241] __sys_socket+0x14d/0x260 [ 715.182454][T21241] ? __pfx___sys_socket+0x10/0x10 [ 715.182495][T21241] ? xfd_validate_state+0x61/0x180 [ 715.182544][T21241] ? __sys_setsockopt+0x140/0x1a0 [ 715.182597][T21241] __x64_sys_socket+0x72/0xb0 [ 715.182637][T21241] ? lockdep_hardirqs_on+0x7c/0x110 [ 715.182687][T21241] do_syscall_64+0xcd/0x4c0 [ 715.182744][T21241] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 715.182783][T21241] RIP: 0033:0x7f7cfdd8eba9 [ 715.182808][T21241] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 715.182840][T21241] RSP: 002b:00007f7cfec5b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 715.182870][T21241] RAX: ffffffffffffffda RBX: 00007f7cfdfd5fa0 RCX: 00007f7cfdd8eba9 [ 715.182892][T21241] RDX: 0000000000000002 RSI: 0000000000000002 RDI: 0000000000000021 [ 715.182911][T21241] RBP: 00007f7cfde11e19 R08: 0000000000000000 R09: 0000000000000000 [ 715.182931][T21241] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 715.182950][T21241] R13: 00007f7cfdfd6038 R14: 00007f7cfdfd5fa0 R15: 00007ffe3461fd58 [ 715.182991][T21241] [ 715.722563][T21246] netlink: 354 bytes leftover after parsing attributes in process `syz.8.5947'. [ 716.076259][T21258] netlink: 326 bytes leftover after parsing attributes in process `syz.6.5952'. [ 716.543184][T21263] mkiss: ax0: crc mode is auto. [ 717.096357][T21270] FAULT_INJECTION: forcing a failure. [ 717.096357][T21270] name failslab, interval 1, probability 0, space 0, times 0 [ 717.125100][T21270] CPU: 0 UID: 0 PID: 21270 Comm: syz.6.5958 Tainted: G U I syzkaller #0 PREEMPT(full) [ 717.125167][T21270] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 717.125182][T21270] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 717.125201][T21270] Call Trace: [ 717.125212][T21270] [ 717.125226][T21270] dump_stack_lvl+0x16c/0x1f0 [ 717.125283][T21270] should_fail_ex+0x512/0x640 [ 717.125337][T21270] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 717.125382][T21270] should_failslab+0xc2/0x120 [ 717.125428][T21270] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 717.125470][T21270] ? fasync_helper+0x3d/0xd0 [ 717.125526][T21270] fasync_helper+0x3d/0xd0 [ 717.125576][T21270] sock_fasync+0x92/0x140 [ 717.125614][T21270] ? __pfx_sock_fasync+0x10/0x10 [ 717.125649][T21270] do_fcntl+0xa3a/0x15a0 [ 717.125699][T21270] ? __pfx_do_fcntl+0x10/0x10 [ 717.125759][T21270] ? tomoyo_file_fcntl+0xa5/0xc0 [ 717.125798][T21270] __x64_sys_fcntl+0x163/0x200 [ 717.125852][T21270] do_syscall_64+0xcd/0x4c0 [ 717.125909][T21270] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 717.125944][T21270] RIP: 0033:0x7f0fb3d8eba9 [ 717.125969][T21270] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 717.126004][T21270] RSP: 002b:00007f0fb4cc9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000048 [ 717.126036][T21270] RAX: ffffffffffffffda RBX: 00007f0fb3fd5fa0 RCX: 00007f0fb3d8eba9 [ 717.126057][T21270] RDX: 000000000000a553 RSI: 0000000000000004 RDI: 0000000000000003 [ 717.126076][T21270] RBP: 00007f0fb3e11e19 R08: 0000000000000000 R09: 0000000000000000 [ 717.126095][T21270] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 717.126114][T21270] R13: 00007f0fb3fd6038 R14: 00007f0fb3fd5fa0 R15: 00007ffc31352a38 [ 717.126169][T21270] [ 717.736861][T21283] sd 0:0:1:0: PR command failed: 1026 [ 717.750069][T21283] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 717.779036][T21283] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 718.062363][T21289] profile_transition: unconfined exec no attachment [ 718.747416][T21298] raw_sendmsg: syz.8.5969 forgot to set AF_INET. Fix it! [ 720.088822][T21324] netlink: 4 bytes leftover after parsing attributes in process `syz.8.5979'. [ 720.105452][T21324] netlink: 25 bytes leftover after parsing attributes in process `syz.8.5979'. [ 720.373475][T21326] KVM: debugfs: duplicate directory 21326-4 [ 721.105713][T21342] FAULT_INJECTION: forcing a failure. [ 721.105713][T21342] name failslab, interval 1, probability 0, space 0, times 0 [ 721.172417][T21342] CPU: 1 UID: 0 PID: 21342 Comm: syz.8.5986 Tainted: G U I syzkaller #0 PREEMPT(full) [ 721.172469][T21342] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 721.172482][T21342] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 721.172499][T21342] Call Trace: [ 721.172510][T21342] [ 721.172520][T21342] dump_stack_lvl+0x16c/0x1f0 [ 721.172570][T21342] should_fail_ex+0x512/0x640 [ 721.172625][T21342] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 721.172666][T21342] should_failslab+0xc2/0x120 [ 721.172704][T21342] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 721.172739][T21342] ? skb_clone+0x190/0x3f0 [ 721.172786][T21342] skb_clone+0x190/0x3f0 [ 721.172830][T21342] netlink_broadcast_filtered+0xb76/0xf90 [ 721.172891][T21342] ? __pfx_netlink_broadcast_filtered+0x10/0x10 [ 721.172934][T21342] ? sprintf+0xcc/0x100 [ 721.172986][T21342] ? netlink_has_listeners+0x20f/0x430 [ 721.173032][T21342] netlink_broadcast+0x39/0x50 [ 721.173075][T21342] kobject_uevent_env+0xc6a/0x1870 [ 721.173114][T21342] ? bus_to_subsys+0x131/0x160 [ 721.173152][T21342] device_add+0x10dd/0x1aa0 [ 721.173185][T21342] ? __pfx_device_add+0x10/0x10 [ 721.173229][T21342] nfc_register_device+0x41/0x3c0 [ 721.173275][T21342] nci_register_device+0x7f1/0xb80 [ 721.173314][T21342] ? __pfx_nci_register_device+0x10/0x10 [ 721.173356][T21342] ? lockdep_init_map_type+0x5c/0x280 [ 721.173403][T21342] virtual_ncidev_open+0x141/0x220 [ 721.173443][T21342] ? __pfx_virtual_ncidev_open+0x10/0x10 [ 721.173480][T21342] misc_open+0x35a/0x420 [ 721.173521][T21342] ? __pfx_misc_open+0x10/0x10 [ 721.173560][T21342] chrdev_open+0x234/0x6a0 [ 721.173612][T21342] ? __pfx_apparmor_file_open+0x10/0x10 [ 721.173650][T21342] ? __pfx_chrdev_open+0x10/0x10 [ 721.173691][T21342] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 721.173732][T21342] do_dentry_open+0x982/0x1530 [ 721.173767][T21342] ? __pfx_chrdev_open+0x10/0x10 [ 721.173811][T21342] vfs_open+0x82/0x3f0 [ 721.173859][T21342] path_openat+0x1de4/0x2cb0 [ 721.173905][T21342] ? __pfx_path_openat+0x10/0x10 [ 721.173948][T21342] do_filp_open+0x20b/0x470 [ 721.173982][T21342] ? __pfx_do_filp_open+0x10/0x10 [ 721.174051][T21342] ? alloc_fd+0x471/0x7d0 [ 721.174092][T21342] do_sys_openat2+0x11b/0x1d0 [ 721.174134][T21342] ? __pfx_do_sys_openat2+0x10/0x10 [ 721.174191][T21342] __x64_sys_openat+0x174/0x210 [ 721.174217][T21342] ? __pfx___x64_sys_openat+0x10/0x10 [ 721.174257][T21342] do_syscall_64+0xcd/0x4c0 [ 721.174304][T21342] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 721.174332][T21342] RIP: 0033:0x7f7cfdd8eba9 [ 721.174355][T21342] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 721.174383][T21342] RSP: 002b:00007f7cfec5b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 721.174409][T21342] RAX: ffffffffffffffda RBX: 00007f7cfdfd5fa0 RCX: 00007f7cfdd8eba9 [ 721.174429][T21342] RDX: 0000000000000002 RSI: 0000200000000400 RDI: ffffffffffffff9c [ 721.174447][T21342] RBP: 00007f7cfde11e19 R08: 0000000000000000 R09: 0000000000000000 [ 721.174464][T21342] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 721.174481][T21342] R13: 00007f7cfdfd6038 R14: 00007f7cfdfd5fa0 R15: 00007ffe3461fd58 [ 721.174519][T21342] [ 721.972247][T21351] profile_transition: unconfined exec no attachment [ 722.191841][T21355] netlink: 25 bytes leftover after parsing attributes in process `syz.6.5990'. [ 722.763897][T21364] ubi0: attaching mtd0 [ 722.771096][T21364] ubi0: scanning is finished [ 722.775913][T21364] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 723.000741][T21367] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 723.021383][ T5186] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 723.033008][ T5186] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 723.049617][ T5186] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 723.073901][ T5186] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 723.107363][ T5186] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 723.169171][T21364] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 723.623762][ T12] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 723.676446][T21378] profile_transition: unconfined exec no attachment [ 723.942324][ T12] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 724.424712][ T12] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 724.812992][T21397] FAULT_INJECTION: forcing a failure. [ 724.812992][T21397] name failslab, interval 1, probability 0, space 0, times 0 [ 724.854686][T21397] CPU: 0 UID: 0 PID: 21397 Comm: syz.8.6003 Tainted: G U I syzkaller #0 PREEMPT(full) [ 724.854743][T21397] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 724.854756][T21397] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 724.854776][T21397] Call Trace: [ 724.854786][T21397] [ 724.854799][T21397] dump_stack_lvl+0x16c/0x1f0 [ 724.854854][T21397] should_fail_ex+0x512/0x640 [ 724.854904][T21397] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 724.854944][T21397] should_failslab+0xc2/0x120 [ 724.854990][T21397] __kmalloc_cache_noprof+0x6a/0x3e0 [ 724.855024][T21397] ? rcu_is_watching+0x12/0xc0 [ 724.855058][T21397] ? resv_map_alloc+0x46/0x400 [ 724.855109][T21397] resv_map_alloc+0x46/0x400 [ 724.855156][T21397] hugetlbfs_get_inode+0x33f/0x730 [ 724.855202][T21397] ? security_capable+0x7e/0x260 [ 724.855243][T21397] hugetlb_file_setup+0x38d/0x620 [ 724.855284][T21397] newseg+0xa74/0xe60 [ 724.855338][T21397] ? __pfx_newseg+0x10/0x10 [ 724.855381][T21397] ? find_held_lock+0x2b/0x80 [ 724.855414][T21397] ? ipcget+0x500/0xda0 [ 724.855457][T21397] ? ipcget+0x500/0xda0 [ 724.855504][T21397] ? ipcget+0x500/0xda0 [ 724.855552][T21397] ipcget+0x880/0xda0 [ 724.855612][T21397] ? __pfx___might_resched+0x10/0x10 [ 724.855646][T21397] ? __pfx_ipcget+0x10/0x10 [ 724.855697][T21397] ? __x64_sys_futex+0x1e0/0x4c0 [ 724.855738][T21397] ? __x64_sys_futex+0x1e9/0x4c0 [ 724.855790][T21397] __x64_sys_shmget+0x13b/0x1b0 [ 724.855839][T21397] ? __pfx___x64_sys_shmget+0x10/0x10 [ 724.855894][T21397] ? rcu_is_watching+0x12/0xc0 [ 724.855933][T21397] do_syscall_64+0xcd/0x4c0 [ 724.855986][T21397] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 724.856019][T21397] RIP: 0033:0x7f7cfdd8eba9 [ 724.856043][T21397] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 724.856074][T21397] RSP: 002b:00007f7cfec3a038 EFLAGS: 00000246 ORIG_RAX: 000000000000001d [ 724.856105][T21397] RAX: ffffffffffffffda RBX: 00007f7cfdfd6090 RCX: 00007f7cfdd8eba9 [ 724.856126][T21397] RDX: 000000000000ffff RSI: 0000000000000006 RDI: 0000000000000004 [ 724.856179][T21397] RBP: 00007f7cfde11e19 R08: 0000000000000000 R09: 0000000000000000 [ 724.856199][T21397] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 724.856218][T21397] R13: 00007f7cfdfd6128 R14: 00007f7cfdfd6090 R15: 00007ffe3461fd58 [ 724.856261][T21397] [ 725.184541][ T12] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 725.389016][T19576] Bluetooth: hci6: command tx timeout [ 725.676162][T21404] profile_transition: unconfined exec no attachment [ 725.920546][T21365] chnl_net:caif_netlink_parms(): no params data found [ 726.219484][T21408] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 726.555463][ T12] bridge_slave_1: left allmulticast mode [ 726.598086][ T12] bridge_slave_1: left promiscuous mode [ 726.631945][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 726.686960][ T12] bridge_slave_0: left allmulticast mode [ 726.713343][ T12] bridge_slave_0: left promiscuous mode [ 726.746207][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 727.248617][T21417] profile_transition: unconfined exec no attachment [ 727.495575][T19576] Bluetooth: hci6: command tx timeout [ 727.848668][T19576] Bluetooth: hci2: unexpected event 0x03 length: 17 > 11 [ 728.858550][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 728.912670][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 728.966069][ T12] bond0 (unregistering): Released all slaves [ 729.339333][T21365] bridge0: port 1(bridge_slave_0) entered blocking state [ 729.361103][T21365] bridge0: port 1(bridge_slave_0) entered disabled state [ 729.368394][ C0] vcan0: j1939_tp_rxtimer: 0xffff888059f49000: rx timeout, send abort [ 729.377213][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff888059f49000: 0x0ffff: (3) A timeout occurred and this is the connection abort to close the session. [ 729.425119][T21365] bridge_slave_0: entered allmulticast mode [ 729.453105][T21365] bridge_slave_0: entered promiscuous mode [ 729.553448][T19576] Bluetooth: hci6: command tx timeout [ 729.684065][T21365] bridge0: port 2(bridge_slave_1) entered blocking state [ 729.693669][T21365] bridge0: port 2(bridge_slave_1) entered disabled state [ 729.704398][T21365] bridge_slave_1: entered allmulticast mode [ 729.718148][T21365] bridge_slave_1: entered promiscuous mode [ 729.906104][T21365] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 729.949417][T21365] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 730.665743][T21365] team0: Port device team_slave_0 added [ 730.739519][ T12] hsr_slave_0: left promiscuous mode [ 730.746532][ T12] hsr_slave_1: left promiscuous mode [ 730.760015][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 730.919268][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 730.960401][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 730.994581][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 731.174721][ T12] veth1_macvtap: left promiscuous mode [ 731.206654][ T12] veth0_macvtap: left promiscuous mode [ 731.212933][ T12] veth1_vlan: left promiscuous mode [ 731.244319][ T12] veth0_vlan: left promiscuous mode [ 731.614727][T19576] Bluetooth: hci6: command tx timeout [ 732.707691][T21454] netlink: 12 bytes leftover after parsing attributes in process `syz.8.6023'. [ 732.744778][T21454] unsupported nlmsg_type 40 [ 733.557513][T21464] profile_transition: unconfined exec no attachment [ 733.691702][T21467] profile_transition: unconfined exec no attachment [ 733.706948][ T12] team0 (unregistering): Port device team_slave_1 removed [ 733.932119][ T12] team0 (unregistering): Port device team_slave_0 removed [ 734.779897][T21477] profile_transition: unconfined exec no attachment [ 735.373757][T21365] team0: Port device team_slave_1 added [ 735.410230][T21482] profile_transition: unconfined exec no attachment [ 735.532489][T21365] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 735.552222][T21483] profile_transition: unconfined exec no attachment [ 735.567624][T21365] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 735.652088][T21365] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 735.698424][T21365] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 735.718488][T21365] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 735.775396][T21365] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 736.076335][T21365] hsr_slave_0: entered promiscuous mode [ 736.095235][T21365] hsr_slave_1: entered promiscuous mode [ 736.135405][T21365] debugfs: 'hsr0' already exists in 'hsr' [ 736.141226][T21365] Cannot create hsr debugfs directory [ 736.269567][T21490] mkiss: ax0: crc mode is auto. [ 736.701183][T21495] aa_policy_admin_capable: cap_mac_admin? 1 [ 736.707203][T21495] aa_policy_admin_capable: policy locked? 0 [ 737.120712][T21500] Falling back ldisc for ttyS2. [ 737.170222][T21365] netdevsim netdevsim9 netdevsim0: renamed from eth0 [ 737.212620][T21365] netdevsim netdevsim9 netdevsim1: renamed from eth1 [ 737.316218][T21365] netdevsim netdevsim9 netdevsim2: renamed from eth2 [ 737.367558][T19576] Bluetooth: hci3: command 0x0406 tx timeout [ 737.439683][T21365] netdevsim netdevsim9 netdevsim3: renamed from eth3 [ 737.921775][T21365] 8021q: adding VLAN 0 to HW filter on device bond0 [ 738.039523][T21365] 8021q: adding VLAN 0 to HW filter on device team0 [ 738.097799][T21525] netlink: 12 bytes leftover after parsing attributes in process `syz.4.6047'. [ 738.113558][ T49] bridge0: port 1(bridge_slave_0) entered blocking state [ 738.120768][ T49] bridge0: port 1(bridge_slave_0) entered forwarding state [ 738.180530][ T1167] bridge0: port 2(bridge_slave_1) entered blocking state [ 738.187782][ T1167] bridge0: port 2(bridge_slave_1) entered forwarding state [ 738.237153][T21528] profile_transition: unconfined exec no attachment [ 738.290325][T21530] profile_transition: unconfined exec no attachment [ 738.444900][T21535] profile_transition: unconfined exec no attachment [ 738.517647][T21538] profile_transition: unconfined exec no attachment [ 738.963887][T21537] profile_transition: unconfined exec no attachment [ 739.104581][T21544] profile_transition: unconfined exec no attachment [ 739.289155][T21548] profile_transition: unconfined exec no attachment [ 739.446663][T21552] profile_transition: unconfined exec no attachment [ 739.473802][T21553] profile_transition: unconfined exec no attachment [ 739.591630][T21555] profile_transition: unconfined exec no attachment [ 739.786740][T21365] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 739.871358][T21562] profile_transition: unconfined exec no attachment [ 739.952779][T21566] profile_transition: unconfined exec no attachment [ 740.045908][T21567] profile_transition: unconfined exec no attachment [ 740.303490][T21574] profile_transition: unconfined exec no attachment [ 740.399143][T21573] netlink: 4 bytes leftover after parsing attributes in process `syz.8.6057'. [ 740.642718][T21580] netlink: 25 bytes leftover after parsing attributes in process `syz.8.6057'. [ 741.378166][T21365] veth0_vlan: entered promiscuous mode [ 741.441252][T21365] veth1_vlan: entered promiscuous mode [ 741.792756][T21365] veth0_macvtap: entered promiscuous mode [ 741.869505][T21365] veth1_macvtap: entered promiscuous mode [ 741.964167][T21365] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 742.010829][T21365] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 742.092731][ T59] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 742.151955][ T59] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 742.180745][ T59] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 742.207784][ T59] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 742.514717][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 742.522598][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 742.708394][ T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 742.728286][ T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 744.097155][T21645] netlink: 20 bytes leftover after parsing attributes in process `syz.9.6079'. [ 744.502783][T21645] hsr_slave_0 (unregistering): left promiscuous mode [ 745.742831][T21675] netlink: 338 bytes leftover after parsing attributes in process `syz.8.6092'. [ 745.851275][T21675] netlink: 338 bytes leftover after parsing attributes in process `syz.8.6092'. [ 745.876911][T21676] profile_transition: 8 callbacks suppressed [ 745.876935][T21676] profile_transition: unconfined exec no attachment [ 745.998368][T21679] netlink: 134 bytes leftover after parsing attributes in process `syz.8.6092'. [ 748.420751][T21711] loop6: detected capacity change from 0 to 8 [ 748.985686][T21724] FAULT_INJECTION: forcing a failure. [ 748.985686][T21724] name failslab, interval 1, probability 0, space 0, times 0 [ 749.047552][T21724] CPU: 0 UID: 0 PID: 21724 Comm: syz.9.6111 Tainted: G U I syzkaller #0 PREEMPT(full) [ 749.047609][T21724] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 749.047621][T21724] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 749.047641][T21724] Call Trace: [ 749.047651][T21724] [ 749.047663][T21724] dump_stack_lvl+0x16c/0x1f0 [ 749.047718][T21724] should_fail_ex+0x512/0x640 [ 749.047770][T21724] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 749.047814][T21724] should_failslab+0xc2/0x120 [ 749.047860][T21724] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 749.047898][T21724] ? rcu_read_unlock+0x17/0x60 [ 749.047940][T21724] ? copy_pid_ns+0x2bf/0xce0 [ 749.047978][T21724] copy_pid_ns+0x2bf/0xce0 [ 749.048015][T21724] ? __pfx_copy_pid_ns+0x10/0x10 [ 749.048053][T21724] ? copy_mnt_ns+0xac/0xac0 [ 749.048093][T21724] ? trace_kmem_cache_alloc+0x28/0xc0 [ 749.048147][T21724] ? copy_ipcs+0xb6/0x610 [ 749.048198][T21724] create_new_namespaces+0x2aa/0xa90 [ 749.048249][T21724] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 749.048292][T21724] ksys_unshare+0x45b/0xa40 [ 749.048337][T21724] ? __pfx_ksys_unshare+0x10/0x10 [ 749.048388][T21724] ? xfd_validate_state+0x61/0x180 [ 749.048450][T21724] __x64_sys_unshare+0x31/0x40 [ 749.048495][T21724] do_syscall_64+0xcd/0x4c0 [ 749.048551][T21724] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 749.048583][T21724] RIP: 0033:0x7fac5d58eba9 [ 749.048608][T21724] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 749.048641][T21724] RSP: 002b:00007fac5e366038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 749.048673][T21724] RAX: ffffffffffffffda RBX: 00007fac5d7d5fa0 RCX: 00007fac5d58eba9 [ 749.048695][T21724] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000080 [ 749.048713][T21724] RBP: 00007fac5d611e19 R08: 0000000000000000 R09: 0000000000000000 [ 749.048730][T21724] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 749.048749][T21724] R13: 00007fac5d7d6038 R14: 00007fac5d7d5fa0 R15: 00007ffc82bcbe48 [ 749.048789][T21724] [ 750.107647][T21738] FAULT_INJECTION: forcing a failure. [ 750.107647][T21738] name failslab, interval 1, probability 0, space 0, times 0 [ 750.153070][T21738] CPU: 0 UID: 0 PID: 21738 Comm: syz.9.6117 Tainted: G U I syzkaller #0 PREEMPT(full) [ 750.153130][T21738] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 750.153145][T21738] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 750.153165][T21738] Call Trace: [ 750.153176][T21738] [ 750.153189][T21738] dump_stack_lvl+0x16c/0x1f0 [ 750.153248][T21738] should_fail_ex+0x512/0x640 [ 750.153302][T21738] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 750.153350][T21738] should_failslab+0xc2/0x120 [ 750.153395][T21738] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 750.153434][T21738] ? __local_bh_enable_ip+0xa4/0x120 [ 750.153475][T21738] ? __alloc_skb+0x2b2/0x380 [ 750.153531][T21738] __alloc_skb+0x2b2/0x380 [ 750.153579][T21738] ? __pfx___alloc_skb+0x10/0x10 [ 750.153625][T21738] ? __pfx_tcp_set_state+0x10/0x10 [ 750.153669][T21738] ? stack_depot_put+0x130/0x160 [ 750.153736][T21738] tcp_send_active_reset+0x8b/0x830 [ 750.153795][T21738] tcp_disconnect+0x15c9/0x1ef0 [ 750.153859][T21738] ? __local_bh_enable_ip+0xa4/0x120 [ 750.153914][T21738] __mptcp_close_ssk+0xe29/0x14d0 [ 750.153960][T21738] ? __lock_acquire+0xb97/0x1ce0 [ 750.154011][T21738] ? __pfx___mptcp_close_ssk+0x10/0x10 [ 750.154056][T21738] ? trace_inet_sock_set_state+0x194/0x220 [ 750.154097][T21738] mptcp_do_fastclose+0x16c/0x270 [ 750.154146][T21738] __mptcp_close+0x1e8/0xbe0 [ 750.154192][T21738] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 750.154253][T21738] ? __pfx___mptcp_close+0x10/0x10 [ 750.154302][T21738] ? __local_bh_enable_ip+0xa4/0x120 [ 750.154348][T21738] mptcp_close+0x28/0xe0 [ 750.154395][T21738] inet_release+0xea/0x200 [ 750.154439][T21738] __sock_release+0xb3/0x270 [ 750.154472][T21738] ? __pfx_sock_close+0x10/0x10 [ 750.154500][T21738] sock_close+0x1c/0x30 [ 750.154530][T21738] __fput+0x402/0xb70 [ 750.154590][T21738] task_work_run+0x14d/0x240 [ 750.154623][T21738] ? __pfx_task_work_run+0x10/0x10 [ 750.154679][T21738] ? __pfx___do_sys_close_range+0x10/0x10 [ 750.154733][T21738] exit_to_user_mode_loop+0xeb/0x110 [ 750.154788][T21738] do_syscall_64+0x41c/0x4c0 [ 750.154845][T21738] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 750.154880][T21738] RIP: 0033:0x7fac5d58eba9 [ 750.154976][T21738] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 750.155015][T21738] RSP: 002b:00007fac5e366038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 750.155048][T21738] RAX: 0000000000000000 RBX: 00007fac5d7d5fa0 RCX: 00007fac5d58eba9 [ 750.155070][T21738] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 750.155096][T21738] RBP: 00007fac5d611e19 R08: 0000000000000000 R09: 0000000000000000 [ 750.155119][T21738] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 750.155142][T21738] R13: 00007fac5d7d6038 R14: 00007fac5d7d5fa0 R15: 00007ffc82bcbe48 [ 750.155188][T21738] [ 750.783467][T21743] FAULT_INJECTION: forcing a failure. [ 750.783467][T21743] name failslab, interval 1, probability 0, space 0, times 0 [ 750.826211][T21743] CPU: 0 UID: 0 PID: 21743 Comm: syz.8.6119 Tainted: G U I syzkaller #0 PREEMPT(full) [ 750.826271][T21743] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 750.826286][T21743] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 750.826307][T21743] Call Trace: [ 750.826317][T21743] [ 750.826329][T21743] dump_stack_lvl+0x16c/0x1f0 [ 750.826388][T21743] should_fail_ex+0x512/0x640 [ 750.826438][T21743] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 750.826479][T21743] should_failslab+0xc2/0x120 [ 750.826521][T21743] __kmalloc_cache_noprof+0x6a/0x3e0 [ 750.826557][T21743] ? do_eventfd+0x67/0x2c0 [ 750.826610][T21743] do_eventfd+0x67/0x2c0 [ 750.826656][T21743] ? rcu_is_watching+0x12/0xc0 [ 750.826692][T21743] __x64_sys_eventfd+0x32/0x50 [ 750.826742][T21743] do_syscall_64+0xcd/0x4c0 [ 750.826799][T21743] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 750.826834][T21743] RIP: 0033:0x7f7cfdd8eba9 [ 750.826861][T21743] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 750.826895][T21743] RSP: 002b:00007f7cfec5b038 EFLAGS: 00000246 ORIG_RAX: 000000000000011c [ 750.826926][T21743] RAX: ffffffffffffffda RBX: 00007f7cfdfd5fa0 RCX: 00007f7cfdd8eba9 [ 750.826948][T21743] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006 [ 750.826967][T21743] RBP: 00007f7cfde11e19 R08: 0000000000000000 R09: 0000000000000000 [ 750.826986][T21743] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 750.827005][T21743] R13: 00007f7cfdfd6038 R14: 00007f7cfdfd5fa0 R15: 00007ffe3461fd58 [ 750.827055][T21743] [ 751.967508][T21755] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 752.049343][T21755] FAULT_INJECTION: forcing a failure. [ 752.049343][T21755] name failslab, interval 1, probability 0, space 0, times 0 [ 752.148235][T21755] CPU: 1 UID: 0 PID: 21755 Comm: syz.9.6124 Tainted: G U I syzkaller #0 PREEMPT(full) [ 752.148291][T21755] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 752.148304][T21755] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 752.148323][T21755] Call Trace: [ 752.148333][T21755] [ 752.148344][T21755] dump_stack_lvl+0x16c/0x1f0 [ 752.148400][T21755] should_fail_ex+0x512/0x640 [ 752.148452][T21755] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 752.148492][T21755] should_failslab+0xc2/0x120 [ 752.148537][T21755] __kmalloc_cache_noprof+0x6a/0x3e0 [ 752.148571][T21755] ? __lock_acquire+0xb97/0x1ce0 [ 752.148616][T21755] ? get_mountpoint+0x166/0x4d0 [ 752.148672][T21755] get_mountpoint+0x166/0x4d0 [ 752.148723][T21755] attach_recursive_mnt+0x21c/0x1aa0 [ 752.148778][T21755] ? __pfx_attach_recursive_mnt+0x10/0x10 [ 752.148846][T21755] ? graft_tree+0x187/0x210 [ 752.148884][T21755] ? get_mountpoint+0xa0/0x4d0 [ 752.148942][T21755] graft_tree+0x187/0x210 [ 752.148988][T21755] do_add_mount+0x1ca/0x320 [ 752.149031][T21755] ? _raw_spin_unlock+0x28/0x50 [ 752.149077][T21755] finish_automount+0x3ae/0x4a0 [ 752.149111][T21755] ? kasan_quarantine_put+0x10a/0x240 [ 752.149146][T21755] ? __pfx_finish_automount+0x10/0x10 [ 752.149184][T21755] ? kfree+0x2b4/0x4d0 [ 752.149209][T21755] ? trace_automount+0xa7/0xd0 [ 752.149245][T21755] __traverse_mounts+0x1a0/0x790 [ 752.149297][T21755] step_into+0x5aa/0x2270 [ 752.149332][T21755] ? __pfx_step_into+0x10/0x10 [ 752.149359][T21755] ? __d_lookup+0x266/0x4a0 [ 752.149409][T21755] ? lookup_fast+0x156/0x610 [ 752.149445][T21755] walk_component+0xfc/0x5b0 [ 752.149479][T21755] link_path_walk+0x627/0xe20 [ 752.149534][T21755] path_openat+0x1b0/0x2cb0 [ 752.149572][T21755] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 752.149620][T21755] ? __pfx_path_openat+0x10/0x10 [ 752.149672][T21755] do_filp_open+0x20b/0x470 [ 752.149712][T21755] ? __pfx_do_filp_open+0x10/0x10 [ 752.149783][T21755] ? alloc_fd+0x471/0x7d0 [ 752.149831][T21755] do_sys_openat2+0x11b/0x1d0 [ 752.149883][T21755] ? __pfx_do_sys_openat2+0x10/0x10 [ 752.149965][T21755] __x64_sys_openat+0x174/0x210 [ 752.149996][T21755] ? __pfx___x64_sys_openat+0x10/0x10 [ 752.150045][T21755] do_syscall_64+0xcd/0x4c0 [ 752.150102][T21755] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 752.150136][T21755] RIP: 0033:0x7fac5d58eba9 [ 752.150160][T21755] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 752.150192][T21755] RSP: 002b:00007fac5e366038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 752.150222][T21755] RAX: ffffffffffffffda RBX: 00007fac5d7d5fa0 RCX: 00007fac5d58eba9 [ 752.150243][T21755] RDX: 0000000000020c00 RSI: 0000200000000140 RDI: ffffffffffffff9c [ 752.150263][T21755] RBP: 00007fac5d611e19 R08: 0000000000000000 R09: 0000000000000000 [ 752.150282][T21755] R10: 000000000000ffeb R11: 0000000000000246 R12: 0000000000000000 [ 752.150302][T21755] R13: 00007fac5d7d6038 R14: 00007fac5d7d5fa0 R15: 00007ffc82bcbe48 [ 752.150346][T21755] [ 752.154178][T21760] netlink: 138 bytes leftover after parsing attributes in process `syz.8.6126'. [ 752.959097][T21770] FAULT_INJECTION: forcing a failure. [ 752.959097][T21770] name failslab, interval 1, probability 0, space 0, times 0 [ 752.972546][T21770] CPU: 0 UID: 0 PID: 21770 Comm: syz.6.6130 Tainted: G U I syzkaller #0 PREEMPT(full) [ 752.972600][T21770] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 752.972614][T21770] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 752.972644][T21770] Call Trace: [ 752.972655][T21770] [ 752.972668][T21770] dump_stack_lvl+0x16c/0x1f0 [ 752.972726][T21770] should_fail_ex+0x512/0x640 [ 752.972778][T21770] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 752.972819][T21770] should_failslab+0xc2/0x120 [ 752.972866][T21770] __kmalloc_cache_noprof+0x6a/0x3e0 [ 752.972903][T21770] ? do_raw_spin_unlock+0x172/0x230 [ 752.972951][T21770] ? sched_core_share_pid+0x3c1/0x9d0 [ 752.972995][T21770] sched_core_share_pid+0x3c1/0x9d0 [ 752.973037][T21770] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 752.973094][T21770] ? __pfx_sched_core_share_pid+0x10/0x10 [ 752.973133][T21770] ? static_key_count+0x5a/0x70 [ 752.973164][T21770] ? security_task_prctl+0x11c/0x160 [ 752.973225][T21770] __do_sys_prctl+0x317/0x20e0 [ 752.973259][T21770] ? __pfx___do_sys_prctl+0x10/0x10 [ 752.973325][T21770] do_syscall_64+0xcd/0x4c0 [ 752.973381][T21770] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 752.973415][T21770] RIP: 0033:0x7f0fb3d8eba9 [ 752.973442][T21770] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 752.973476][T21770] RSP: 002b:00007f0fb4ca8038 EFLAGS: 00000246 ORIG_RAX: 000000000000009d [ 752.973506][T21770] RAX: ffffffffffffffda RBX: 00007f0fb3fd6090 RCX: 00007f0fb3d8eba9 [ 752.973528][T21770] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 000000000000003e [ 752.973548][T21770] RBP: 00007f0fb3e11e19 R08: 0000000000000000 R09: 0000000000000000 [ 752.973567][T21770] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 752.973608][T21770] R13: 00007f0fb3fd6128 R14: 00007f0fb3fd6090 R15: 00007ffc31352a38 [ 752.973660][T21770] [ 755.295254][T21795] sp0: Synchronizing with TNC [ 755.677680][ T1306] ieee802154 phy0 wpan0: encryption failed: -22 [ 755.691735][ T1306] ieee802154 phy1 wpan1: encryption failed: -22 [ 756.137594][T21808] FAULT_INJECTION: forcing a failure. [ 756.137594][T21808] name failslab, interval 1, probability 0, space 0, times 0 [ 756.179200][T21808] CPU: 0 UID: 0 PID: 21808 Comm: syz.9.6146 Tainted: G U I syzkaller #0 PREEMPT(full) [ 756.179258][T21808] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 756.179272][T21808] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 756.179292][T21808] Call Trace: [ 756.179303][T21808] [ 756.179315][T21808] dump_stack_lvl+0x16c/0x1f0 [ 756.179372][T21808] should_fail_ex+0x512/0x640 [ 756.179423][T21808] ? __kvmalloc_node_noprof+0x124/0x620 [ 756.179468][T21808] should_failslab+0xc2/0x120 [ 756.179514][T21808] __kvmalloc_node_noprof+0x137/0x620 [ 756.179555][T21808] ? io_uring_setup+0x377/0x2080 [ 756.179612][T21808] ? io_uring_setup+0x377/0x2080 [ 756.179663][T21808] io_uring_setup+0x377/0x2080 [ 756.179715][T21808] ? __pfx_io_uring_setup+0x10/0x10 [ 756.179762][T21808] ? do_futex+0x122/0x350 [ 756.179807][T21808] ? __pfx_do_futex+0x10/0x10 [ 756.179852][T21808] ? find_held_lock+0x2b/0x80 [ 756.179902][T21808] ? xfd_validate_state+0x61/0x180 [ 756.179961][T21808] __x64_sys_io_uring_setup+0xc2/0x170 [ 756.180011][T21808] do_syscall_64+0xcd/0x4c0 [ 756.180065][T21808] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 756.180097][T21808] RIP: 0033:0x7fac5d58eba9 [ 756.180123][T21808] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 756.180156][T21808] RSP: 002b:00007fac5e366038 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 756.180187][T21808] RAX: ffffffffffffffda RBX: 00007fac5d7d5fa0 RCX: 00007fac5d58eba9 [ 756.180208][T21808] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000002 [ 756.180226][T21808] RBP: 00007fac5d611e19 R08: 0000000000000000 R09: 0000000000000000 [ 756.180245][T21808] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 756.180264][T21808] R13: 00007fac5d7d6038 R14: 00007fac5d7d5fa0 R15: 00007ffc82bcbe48 [ 756.180304][T21808] [ 756.807366][ C0] vcan0: j1939_tp_rxtimer: 0xffff88807f9f0800: rx timeout, send abort [ 756.815746][ C0] vcan0: j1939_tp_rxtimer: 0xffff88807f9f1c00: rx timeout, send abort [ 756.824699][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff88807f9f0800: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 756.839246][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff88807f9f1c00: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 757.103651][T21822] profile_transition: unconfined exec no attachment [ 757.266851][T21828] profile_transition: unconfined exec no attachment [ 757.374791][T21832] profile_transition: unconfined exec no attachment [ 757.690321][T21837] profile_transition: unconfined exec no attachment [ 757.916673][T21842] profile_transition: unconfined exec no attachment [ 757.928533][T21821] FAULT_INJECTION: forcing a failure. [ 757.928533][T21821] name failslab, interval 1, probability 0, space 0, times 0 [ 758.068232][T21821] CPU: 0 UID: 0 PID: 21821 Comm: syz.9.6150 Tainted: G U I syzkaller #0 PREEMPT(full) [ 758.068292][T21821] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 758.068306][T21821] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 758.068325][T21821] Call Trace: [ 758.068336][T21821] [ 758.068348][T21821] dump_stack_lvl+0x16c/0x1f0 [ 758.068403][T21821] should_fail_ex+0x512/0x640 [ 758.068464][T21821] ? __kmalloc_noprof+0xbf/0x510 [ 758.068506][T21821] ? __register_sysctl_table+0xea2/0x1900 [ 758.068557][T21821] should_failslab+0xc2/0x120 [ 758.068602][T21821] __kmalloc_noprof+0xd2/0x510 [ 758.068641][T21821] ? __register_sysctl_table+0xe8e/0x1900 [ 758.068701][T21821] __register_sysctl_table+0xea2/0x1900 [ 758.068757][T21821] ? __pfx___register_sysctl_table+0x10/0x10 [ 758.068810][T21821] ? __asan_memcpy+0x3c/0x60 [ 758.068841][T21821] register_pidns_sysctls+0x119/0x1b0 [ 758.068889][T21821] copy_pid_ns+0x564/0xce0 [ 758.068925][T21821] ? __pfx_copy_pid_ns+0x10/0x10 [ 758.068957][T21821] ? copy_mnt_ns+0xac/0xac0 [ 758.068991][T21821] ? trace_kmem_cache_alloc+0x28/0xc0 [ 758.069036][T21821] ? copy_ipcs+0xb6/0x610 [ 758.069071][T21821] create_new_namespaces+0x2aa/0xa90 [ 758.069112][T21821] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 758.069147][T21821] ksys_unshare+0x45b/0xa40 [ 758.069185][T21821] ? __pfx_ksys_unshare+0x10/0x10 [ 758.069225][T21821] ? xfd_validate_state+0x61/0x180 [ 758.069275][T21821] __x64_sys_unshare+0x31/0x40 [ 758.069312][T21821] do_syscall_64+0xcd/0x4c0 [ 758.069357][T21821] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 758.069384][T21821] RIP: 0033:0x7fac5d58eba9 [ 758.069405][T21821] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 758.069439][T21821] RSP: 002b:00007fac5e366038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 758.069466][T21821] RAX: ffffffffffffffda RBX: 00007fac5d7d5fa0 RCX: 00007fac5d58eba9 [ 758.069486][T21821] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000080 [ 758.069504][T21821] RBP: 00007fac5d611e19 R08: 0000000000000000 R09: 0000000000000000 [ 758.069521][T21821] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 758.069538][T21821] R13: 00007fac5d7d6038 R14: 00007fac5d7d5fa0 R15: 00007ffc82bcbe48 [ 758.069573][T21821] [ 758.069586][T21821] sysctl could not get directory: /kernel -12 [ 758.657190][T21853] profile_transition: unconfined exec no attachment [ 758.843667][T21857] profile_transition: unconfined exec no attachment [ 760.278014][T21879] netlink: 346 bytes leftover after parsing attributes in process `syz.4.6168'. [ 761.338434][T21898] profile_transition: unconfined exec no attachment [ 761.581396][T21901] profile_transition: unconfined exec no attachment [ 761.621436][T21904] profile_transition: unconfined exec no attachment [ 762.246539][T21910] netlink: 'syz.9.6178': attribute type 1 has an invalid length. [ 762.269311][T21912] netlink: 18 bytes leftover after parsing attributes in process `syz.4.6179'. [ 762.331334][T21910] netlink: 'syz.9.6178': attribute type 6 has an invalid length. [ 763.037278][T21916] netlink: 8 bytes leftover after parsing attributes in process `syz.9.6181'. [ 764.501574][T21899] kexec: Could not allocate control_code_buffer [ 765.017837][T21939] profile_transition: 1 callbacks suppressed [ 765.017861][T21939] profile_transition: unconfined exec no attachment [ 765.155479][ T30] audit: type=1800 audit(4294970630.982:26): pid=21941 uid=0 auid=4294967295 ses=4294967295 subj=_unconfined op=collect_data cause=failed comm="syz.9.6193" name="lu_gp_id" dev="configfs" ino=69163 res=0 errno=0 [ 765.183071][T21941] ALUA lu_gp_id: 393216 exceeds maximum: 0x0000ffff [ 765.323668][T21945] netlink: 28 bytes leftover after parsing attributes in process `syz.6.6195'. [ 765.405296][T21945] bridge_slave_1: left allmulticast mode [ 765.434898][T21945] bridge_slave_1: left promiscuous mode [ 765.458829][T21945] bridge0: port 2(bridge_slave_1) entered disabled state [ 765.612913][T21945] bridge_slave_0: left allmulticast mode [ 765.677469][T21945] bridge_slave_0: left promiscuous mode [ 765.734079][T21945] bridge0: port 1(bridge_slave_0) entered disabled state [ 766.679802][T21954] FAULT_INJECTION: forcing a failure. [ 766.679802][T21954] name failslab, interval 1, probability 0, space 0, times 0 [ 766.739493][T21954] CPU: 0 UID: 0 PID: 21954 Comm: syz.9.6198 Tainted: G U I syzkaller #0 PREEMPT(full) [ 766.739549][T21954] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 766.739563][T21954] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 766.739582][T21954] Call Trace: [ 766.739599][T21954] [ 766.739612][T21954] dump_stack_lvl+0x16c/0x1f0 [ 766.739667][T21954] should_fail_ex+0x512/0x640 [ 766.739721][T21954] ? fs_reclaim_acquire+0xae/0x150 [ 766.739775][T21954] should_failslab+0xc2/0x120 [ 766.739819][T21954] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 766.739862][T21954] ? security_inode_alloc+0x3b/0x2b0 [ 766.739906][T21954] security_inode_alloc+0x3b/0x2b0 [ 766.739945][T21954] inode_init_always_gfp+0xce4/0x1030 [ 766.739990][T21954] alloc_inode+0x86/0x240 [ 766.740040][T21954] iget_locked+0x2e4/0x830 [ 766.740088][T21954] ? stack_trace_save+0x8e/0xc0 [ 766.740129][T21954] ? __pfx_iget_locked+0x10/0x10 [ 766.740185][T21954] ? find_held_lock+0x2b/0x80 [ 766.740220][T21954] ? kernfs_find_and_get_node_by_id+0x1c3/0x3f0 [ 766.740280][T21954] kernfs_get_inode+0x48/0x460 [ 766.740323][T21954] kernfs_fh_to_dentry+0xf3/0x250 [ 766.740363][T21954] exportfs_decode_fh_raw+0x167/0x7d0 [ 766.740393][T21954] ? __pfx_vfs_dentry_acceptable+0x10/0x10 [ 766.740442][T21954] ? __pfx_kernfs_fh_to_dentry+0x10/0x10 [ 766.740480][T21954] ? __pfx_exportfs_decode_fh_raw+0x10/0x10 [ 766.740571][T21954] do_handle_open+0x6e3/0xc50 [ 766.740609][T21954] ? __pfx_do_handle_open+0x10/0x10 [ 766.740641][T21954] ? __x64_sys_futex+0x1e0/0x4c0 [ 766.740695][T21954] ? xfd_validate_state+0x61/0x180 [ 766.740760][T21954] ? do_syscall_64+0xcd/0x4c0 [ 766.740811][T21954] do_syscall_64+0xcd/0x4c0 [ 766.740863][T21954] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 766.740896][T21954] RIP: 0033:0x7fac5d58eba9 [ 766.740923][T21954] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 766.740958][T21954] RSP: 002b:00007fac5e366038 EFLAGS: 00000246 ORIG_RAX: 0000000000000130 [ 766.740996][T21954] RAX: ffffffffffffffda RBX: 00007fac5d7d5fa0 RCX: 00007fac5d58eba9 [ 766.741018][T21954] RDX: 0000000000000002 RSI: 0000200000000000 RDI: 0000000000000005 [ 766.741037][T21954] RBP: 00007fac5d611e19 R08: 0000000000000000 R09: 0000000000000000 [ 766.741057][T21954] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 766.741076][T21954] R13: 00007fac5d7d6038 R14: 00007fac5d7d5fa0 R15: 00007ffc82bcbe48 [ 766.741118][T21954] [ 768.340494][T21975] profile_transition: unconfined exec no attachment [ 768.951728][T21983] FAULT_INJECTION: forcing a failure. [ 768.951728][T21983] name fail_futex, interval 1, probability 0, space 0, times 1 [ 768.979002][T21983] CPU: 1 UID: 0 PID: 21983 Comm: syz.9.6209 Tainted: G U I syzkaller #0 PREEMPT(full) [ 768.979060][T21983] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 768.979074][T21983] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 768.979094][T21983] Call Trace: [ 768.979104][T21983] [ 768.979116][T21983] dump_stack_lvl+0x16c/0x1f0 [ 768.979171][T21983] should_fail_ex+0x512/0x640 [ 768.979229][T21983] get_futex_key+0x1d0/0x1560 [ 768.979276][T21983] ? __pfx_get_futex_key+0x10/0x10 [ 768.979332][T21983] futex_wake+0xea/0x530 [ 768.979385][T21983] ? __pfx_futex_wake+0x10/0x10 [ 768.979460][T21983] do_futex+0x1e3/0x350 [ 768.979505][T21983] ? __pfx_do_futex+0x10/0x10 [ 768.979551][T21983] ? __fget_files+0x20e/0x3c0 [ 768.979593][T21983] __x64_sys_futex+0x1e0/0x4c0 [ 768.979643][T21983] ? __pfx___x64_sys_futex+0x10/0x10 [ 768.979687][T21983] ? __pfx_do_pwritev+0x10/0x10 [ 768.979736][T21983] do_syscall_64+0xcd/0x4c0 [ 768.979792][T21983] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 768.979826][T21983] RIP: 0033:0x7fac5d58eba9 [ 768.979852][T21983] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 768.979885][T21983] RSP: 002b:00007fac5e3660e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 768.979917][T21983] RAX: ffffffffffffffda RBX: 00007fac5d7d5fa8 RCX: 00007fac5d58eba9 [ 768.979940][T21983] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fac5d7d5fac [ 768.979960][T21983] RBP: 00007fac5d7d5fa0 R08: 00007fac5e367000 R09: 0000000000000000 [ 768.979979][T21983] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000000 [ 768.979998][T21983] R13: 00007fac5d7d6038 R14: 00007ffc82bcbd60 R15: 00007ffc82bcbe48 [ 768.980040][T21983] [ 769.492138][T21987] netlink: 4 bytes leftover after parsing attributes in process `syz.9.6212'. [ 769.704480][T21990] netlink: 25 bytes leftover after parsing attributes in process `syz.9.6212'. [ 770.819920][T22006] netlink: 'syz.4.6219': attribute type 4 has an invalid length. [ 770.838905][T22006] netlink: 314 bytes leftover after parsing attributes in process `syz.4.6219'. [ 770.869481][T22006] IPv6: NLM_F_CREATE should be specified when creating new route [ 770.891618][T22006] IPv6: Can't replace route, no match found [ 771.527577][T22013] profile_transition: unconfined exec no attachment [ 771.702582][T22016] profile_transition: unconfined exec no attachment [ 773.465185][T22037] profile_transition: unconfined exec no attachment [ 773.842608][T22039] netlink: 326 bytes leftover after parsing attributes in process `syz.6.6229'. [ 774.578787][T19576] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 774.602777][T19576] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 774.633622][T19576] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 774.652452][T19576] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 774.663726][T19576] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 774.890943][T22051] profile_transition: unconfined exec no attachment [ 774.962078][T22056] netlink: 28 bytes leftover after parsing attributes in process `syz.9.6235'. [ 775.004599][T22054] netlink: 346 bytes leftover after parsing attributes in process `syz.4.6236'. [ 775.538634][T22062] profile_transition: unconfined exec no attachment [ 775.686199][T22044] chnl_net:caif_netlink_parms(): no params data found [ 775.825660][T22065] netlink: 25 bytes leftover after parsing attributes in process `syz.6.6238'. [ 776.595668][T22044] bridge0: port 1(bridge_slave_0) entered blocking state [ 776.617273][T22044] bridge0: port 1(bridge_slave_0) entered disabled state [ 776.691374][T22044] bridge_slave_0: entered allmulticast mode [ 776.700541][T22044] bridge_slave_0: entered promiscuous mode [ 776.721063][T22044] bridge0: port 2(bridge_slave_1) entered blocking state [ 776.731921][T22044] bridge0: port 2(bridge_slave_1) entered disabled state [ 776.745543][T22044] bridge_slave_1: entered allmulticast mode [ 776.762728][ T5186] Bluetooth: hci4: command tx timeout [ 776.789408][T22044] bridge_slave_1: entered promiscuous mode [ 777.071260][T22044] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 777.120423][T22044] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 777.344579][T22044] team0: Port device team_slave_0 added [ 777.373187][T22044] team0: Port device team_slave_1 added [ 777.513401][T22044] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 777.528944][T22044] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 777.606649][T22044] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 777.640999][T22044] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 777.648000][T22044] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 777.719448][T22044] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 777.952837][T22044] hsr_slave_0: entered promiscuous mode [ 777.972784][T22044] hsr_slave_1: entered promiscuous mode [ 777.987402][T22044] debugfs: 'hsr0' already exists in 'hsr' [ 777.993271][T22044] Cannot create hsr debugfs directory [ 778.560301][T22044] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 778.843888][ T5186] Bluetooth: hci4: command tx timeout [ 778.883983][T22044] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 779.063868][T22044] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 779.143704][T22103] fanotify: failed to encode fid (type=0, len=0, err=-2) [ 779.209344][T22044] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 779.453243][T22109] profile_transition: unconfined exec no attachment [ 780.115663][T22044] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 780.251756][T22044] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 780.311323][T22044] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 780.376469][T22044] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 780.908482][ T5186] Bluetooth: hci4: command tx timeout [ 781.437010][T22044] 8021q: adding VLAN 0 to HW filter on device bond0 [ 781.536863][T22044] 8021q: adding VLAN 0 to HW filter on device team0 [ 781.597185][ T59] bridge0: port 1(bridge_slave_0) entered blocking state [ 781.604458][ T59] bridge0: port 1(bridge_slave_0) entered forwarding state [ 781.635018][ T59] bridge0: port 2(bridge_slave_1) entered blocking state [ 781.642257][ T59] bridge0: port 2(bridge_slave_1) entered forwarding state [ 781.845669][T22135] profile_transition: unconfined exec no attachment [ 781.956386][T22136] profile_transition: unconfined exec no attachment [ 782.013722][T22138] FAULT_INJECTION: forcing a failure. [ 782.013722][T22138] name failslab, interval 1, probability 0, space 0, times 0 [ 782.054190][T22138] CPU: 0 UID: 0 PID: 22138 Comm: syz.9.6262 Tainted: G U I syzkaller #0 PREEMPT(full) [ 782.054250][T22138] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 782.054264][T22138] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 782.054283][T22138] Call Trace: [ 782.054295][T22138] [ 782.054307][T22138] dump_stack_lvl+0x16c/0x1f0 [ 782.054366][T22138] should_fail_ex+0x512/0x640 [ 782.054419][T22138] ? __kmalloc_noprof+0xbf/0x510 [ 782.054464][T22138] ? net_alloc_generic+0x1e/0x70 [ 782.054493][T22138] should_failslab+0xc2/0x120 [ 782.054539][T22138] __kmalloc_noprof+0xd2/0x510 [ 782.054640][T22138] net_alloc_generic+0x1e/0x70 [ 782.054672][T22138] copy_net_ns+0xc6/0x5f0 [ 782.054702][T22138] ? copy_cgroup_ns+0x71/0x700 [ 782.054741][T22138] create_new_namespaces+0x3ea/0xa90 [ 782.054790][T22138] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 782.054834][T22138] ksys_unshare+0x45b/0xa40 [ 782.054883][T22138] ? __pfx_ksys_unshare+0x10/0x10 [ 782.054932][T22138] ? xfd_validate_state+0x61/0x180 [ 782.055005][T22138] __x64_sys_unshare+0x31/0x40 [ 782.055052][T22138] do_syscall_64+0xcd/0x4c0 [ 782.055106][T22138] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 782.055139][T22138] RIP: 0033:0x7fac5d58eba9 [ 782.055166][T22138] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 782.055200][T22138] RSP: 002b:00007fac5e366038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 782.055232][T22138] RAX: ffffffffffffffda RBX: 00007fac5d7d5fa0 RCX: 00007fac5d58eba9 [ 782.055254][T22138] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 782.055273][T22138] RBP: 00007fac5d611e19 R08: 0000000000000000 R09: 0000000000000000 [ 782.055292][T22138] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 782.055312][T22138] R13: 00007fac5d7d6038 R14: 00007fac5d7d5fa0 R15: 00007ffc82bcbe48 [ 782.055353][T22138] [ 782.334045][T22139] profile_transition: unconfined exec no attachment [ 782.513046][T22141] profile_transition: unconfined exec no attachment [ 782.749118][T22044] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 782.853153][T22146] netlink: 'syz.9.6265': attribute type 32 has an invalid length. [ 782.873859][T22146] netlink: 'syz.9.6265': attribute type 33 has an invalid length. [ 782.881745][T22146] netlink: 'syz.9.6265': attribute type 35 has an invalid length. [ 782.901179][T22146] netlink: 'syz.9.6265': attribute type 37 has an invalid length. [ 782.911752][T22146] netlink: 'syz.9.6265': attribute type 39 has an invalid length. [ 782.920131][T22146] netlink: 'syz.9.6265': attribute type 40 has an invalid length. [ 782.928178][T22146] netlink: 'syz.9.6265': attribute type 41 has an invalid length. [ 782.939621][T22146] netlink: 'syz.9.6265': attribute type 44 has an invalid length. [ 782.948274][T22146] netlink: 'syz.9.6265': attribute type 46 has an invalid length. [ 782.973202][ T5186] Bluetooth: hci4: command tx timeout [ 782.973551][T22146] netlink: 'syz.9.6265': attribute type 47 has an invalid length. [ 782.999705][T22146] netlink: 2 bytes leftover after parsing attributes in process `syz.9.6265'. [ 783.083784][T22044] veth0_vlan: entered promiscuous mode [ 783.155466][T22044] veth1_vlan: entered promiscuous mode [ 783.258720][T22044] veth0_macvtap: entered promiscuous mode [ 783.319380][T22044] veth1_macvtap: entered promiscuous mode [ 783.375259][T22044] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 783.425987][T22044] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 783.478336][ T764] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 783.538395][ T764] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 783.571724][ T764] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 783.659637][ T49] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 783.812525][ T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 783.848520][ T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 783.928274][ T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 783.959237][ T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 784.047460][T22159] sp0: Synchronizing with TNC [ 784.387857][T22169] profile_transition: unconfined exec no attachment [ 784.722437][T22172] FAULT_INJECTION: forcing a failure. [ 784.722437][T22172] name failslab, interval 1, probability 0, space 0, times 0 [ 784.754824][T22172] CPU: 0 UID: 0 PID: 22172 Comm: syz.9.6275 Tainted: G U I syzkaller #0 PREEMPT(full) [ 784.754881][T22172] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 784.754896][T22172] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 784.754915][T22172] Call Trace: [ 784.754925][T22172] [ 784.754937][T22172] dump_stack_lvl+0x16c/0x1f0 [ 784.754996][T22172] should_fail_ex+0x512/0x640 [ 784.755062][T22172] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 784.755112][T22172] should_failslab+0xc2/0x120 [ 784.755154][T22172] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 784.755193][T22172] ? can_rx_register+0x582/0x6f0 [ 784.755244][T22172] can_rx_register+0x582/0x6f0 [ 784.755286][T22172] ? __pfx_raw_rcv+0x10/0x10 [ 784.755340][T22172] ? __pfx_can_rx_register+0x10/0x10 [ 784.755403][T22172] raw_enable_filters+0xe0/0x210 [ 784.755462][T22172] raw_enable_allfilters+0x8b/0x2b0 [ 784.755513][T22172] ? __local_bh_enable_ip+0xa4/0x120 [ 784.755560][T22172] raw_bind+0x48a/0xe50 [ 784.755608][T22172] ? apparmor_socket_bind+0x105/0x200 [ 784.755648][T22172] __sys_bind+0x1a4/0x260 [ 784.755703][T22172] ? __pfx___sys_bind+0x10/0x10 [ 784.755762][T22172] ? xfd_validate_state+0x61/0x180 [ 784.755810][T22172] ? __sys_setsockopt+0x140/0x1a0 [ 784.755865][T22172] __x64_sys_bind+0x72/0xb0 [ 784.755903][T22172] ? lockdep_hardirqs_on+0x7c/0x110 [ 784.755953][T22172] do_syscall_64+0xcd/0x4c0 [ 784.756009][T22172] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 784.756043][T22172] RIP: 0033:0x7fac5d58eba9 [ 784.756069][T22172] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 784.756101][T22172] RSP: 002b:00007fac5e366038 EFLAGS: 00000246 ORIG_RAX: 0000000000000031 [ 784.756132][T22172] RAX: ffffffffffffffda RBX: 00007fac5d7d5fa0 RCX: 00007fac5d58eba9 [ 784.756154][T22172] RDX: 000000000000006a RSI: 0000200000000040 RDI: 0000000000000003 [ 784.756173][T22172] RBP: 00007fac5d611e19 R08: 0000000000000000 R09: 0000000000000000 [ 784.756193][T22172] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 784.756211][T22172] R13: 00007fac5d7d6038 R14: 00007fac5d7d5fa0 R15: 00007ffc82bcbe48 [ 784.756254][T22172] [ 785.849007][T22194] netlink: 338 bytes leftover after parsing attributes in process `syz.9.6282'. [ 785.868996][T22194] netlink: 338 bytes leftover after parsing attributes in process `syz.9.6282'. [ 785.897586][T22194] netlink: 134 bytes leftover after parsing attributes in process `syz.9.6282'. [ 786.352405][T22207] profile_transition: unconfined exec no attachment [ 786.364086][T22206] FAULT_INJECTION: forcing a failure. [ 786.364086][T22206] name failslab, interval 1, probability 0, space 0, times 0 [ 786.395679][T22206] CPU: 0 UID: 0 PID: 22206 Comm: syz.2.6288 Tainted: G U I syzkaller #0 PREEMPT(full) [ 786.395739][T22206] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 786.395753][T22206] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 786.395773][T22206] Call Trace: [ 786.395784][T22206] [ 786.395795][T22206] dump_stack_lvl+0x16c/0x1f0 [ 786.395852][T22206] should_fail_ex+0x512/0x640 [ 786.395906][T22206] ? __kmalloc_noprof+0xbf/0x510 [ 786.395950][T22206] ? cache_create_net+0x9d/0x220 [ 786.395992][T22206] should_failslab+0xc2/0x120 [ 786.396038][T22206] __kmalloc_noprof+0xd2/0x510 [ 786.396089][T22206] cache_create_net+0x9d/0x220 [ 786.396136][T22206] ? __pfx_nfsd_net_init+0x10/0x10 [ 786.396175][T22206] nfsd_idmap_init+0x62/0x250 [ 786.396225][T22206] ? __pfx_nfsd_net_init+0x10/0x10 [ 786.396264][T22206] nfsd_net_init+0x69/0x3d0 [ 786.396304][T22206] ? __pfx_nfsd_net_init+0x10/0x10 [ 786.396343][T22206] ops_init+0x1e2/0x5f0 [ 786.396378][T22206] setup_net+0x10f/0x380 [ 786.396404][T22206] ? lockdep_init_map_type+0x5c/0x280 [ 786.396454][T22206] ? __pfx_setup_net+0x10/0x10 [ 786.396487][T22206] ? debug_mutex_init+0x37/0x70 [ 786.396526][T22206] copy_net_ns+0x2a6/0x5f0 [ 786.396565][T22206] create_new_namespaces+0x3ea/0xa90 [ 786.396631][T22206] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 786.396676][T22206] ksys_unshare+0x45b/0xa40 [ 786.396725][T22206] ? __pfx_ksys_unshare+0x10/0x10 [ 786.396775][T22206] ? xfd_validate_state+0x61/0x180 [ 786.396836][T22206] __x64_sys_unshare+0x31/0x40 [ 786.396886][T22206] do_syscall_64+0xcd/0x4c0 [ 786.396942][T22206] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 786.396974][T22206] RIP: 0033:0x7fd1f0d8eba9 [ 786.396999][T22206] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 786.397032][T22206] RSP: 002b:00007fd1f1cde038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 786.397066][T22206] RAX: ffffffffffffffda RBX: 00007fd1f0fd5fa0 RCX: 00007fd1f0d8eba9 [ 786.397087][T22206] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 786.397106][T22206] RBP: 00007fd1f0e11e19 R08: 0000000000000000 R09: 0000000000000000 [ 786.397127][T22206] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 786.397146][T22206] R13: 00007fd1f0fd6038 R14: 00007fd1f0fd5fa0 R15: 00007ffe3322b588 [ 786.397188][T22206] [ 788.311781][T19576] Bluetooth: hci1: command 0x0406 tx timeout [ 788.621281][T22244] netlink: 4 bytes leftover after parsing attributes in process `syz.9.6301'. [ 788.648753][T22244] netlink: 13 bytes leftover after parsing attributes in process `syz.9.6301'. [ 788.678928][ T30] audit: type=1804 audit(4294971677.615:27): pid=22243 uid=0 auid=4294967295 ses=4294967295 subj=_unconfined op=invalid_pcr cause=open_writers comm="syz.6.6299" name="/newroot/142/file0" dev="tmpfs" ino=745 res=1 errno=0 [ 788.718234][T22242] FAULT_INJECTION: forcing a failure. [ 788.718234][T22242] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 788.745182][T22242] CPU: 0 UID: 0 PID: 22242 Comm: syz.2.6302 Tainted: G U I syzkaller #0 PREEMPT(full) [ 788.745242][T22242] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 788.745257][T22242] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 788.745277][T22242] Call Trace: [ 788.745288][T22242] [ 788.745301][T22242] dump_stack_lvl+0x16c/0x1f0 [ 788.745356][T22242] should_fail_ex+0x512/0x640 [ 788.745416][T22242] should_fail_alloc_page+0xe7/0x130 [ 788.745466][T22242] prepare_alloc_pages+0x3c2/0x610 [ 788.745517][T22242] ? rcu_is_watching+0x12/0xc0 [ 788.745555][T22242] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 788.745607][T22242] ? kmem_cache_alloc_lru_noprof+0x223/0x3b0 [ 788.745650][T22242] ? find_held_lock+0x2b/0x80 [ 788.745682][T22242] ? xas_alloc+0x34f/0x460 [ 788.745745][T22242] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 788.745788][T22242] ? __lock_acquire+0x62e/0x1ce0 [ 788.745852][T22242] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 788.745907][T22242] ? policy_nodemask+0xea/0x4e0 [ 788.745955][T22242] alloc_pages_mpol+0x1fb/0x550 [ 788.746001][T22242] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 788.746047][T22242] ? find_held_lock+0x2b/0x80 [ 788.746087][T22242] alloc_pages_noprof+0x131/0x390 [ 788.746132][T22242] ? brd_submit_bio+0x92c/0x1180 [ 788.746167][T22242] brd_submit_bio+0x942/0x1180 [ 788.746223][T22242] __submit_bio+0x301/0x690 [ 788.746267][T22242] ? __pfx___submit_bio+0x10/0x10 [ 788.746331][T22242] ? submit_bio_noacct_nocheck+0x852/0xd30 [ 788.746373][T22242] submit_bio_noacct_nocheck+0x852/0xd30 [ 788.746423][T22242] ? __pfx_submit_bio_noacct_nocheck+0x10/0x10 [ 788.746473][T22242] ? __pfx___might_resched+0x10/0x10 [ 788.746517][T22242] submit_bio_noacct+0xc20/0x1ed0 [ 788.746570][T22242] blkdev_direct_IO+0x14d2/0x2030 [ 788.746644][T22242] ? __pfx_blkdev_direct_IO+0x10/0x10 [ 788.746698][T22242] ? filemap_check_errors+0xa9/0x160 [ 788.746766][T22242] blkdev_write_iter+0x703/0xe00 [ 788.746816][T22242] vfs_write+0x7d0/0x11d0 [ 788.746849][T22242] ? __pfx_blkdev_write_iter+0x10/0x10 [ 788.746892][T22242] ? __pfx_vfs_write+0x10/0x10 [ 788.746921][T22242] ? find_held_lock+0x2b/0x80 [ 788.746968][T22242] ksys_write+0x12a/0x250 [ 788.747000][T22242] ? __pfx_ksys_write+0x10/0x10 [ 788.747041][T22242] do_syscall_64+0xcd/0x4c0 [ 788.747088][T22242] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 788.747115][T22242] RIP: 0033:0x7fd1f0d8eba9 [ 788.747137][T22242] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 788.747165][T22242] RSP: 002b:00007fd1f1cde038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 788.747191][T22242] RAX: ffffffffffffffda RBX: 00007fd1f0fd5fa0 RCX: 00007fd1f0d8eba9 [ 788.747209][T22242] RDX: 00000000fffffdef RSI: 0000000000000000 RDI: 0000000000000003 [ 788.747225][T22242] RBP: 00007fd1f0e11e19 R08: 0000000000000000 R09: 0000000000000000 [ 788.747242][T22242] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 788.747258][T22242] R13: 00007fd1f0fd6038 R14: 00007fd1f0fd5fa0 R15: 00007ffe3322b588 [ 788.747292][T22242] [ 789.434145][T22250] netlink: 'syz.6.6304': attribute type 16 has an invalid length. [ 789.442030][T22250] netlink: 'syz.6.6304': attribute type 17 has an invalid length. [ 789.488485][T22250] netlink: 'syz.6.6304': attribute type 19 has an invalid length. [ 789.512376][T22250] netlink: 'syz.6.6304': attribute type 27 has an invalid length. [ 789.530663][T22250] netlink: 'syz.6.6304': attribute type 28 has an invalid length. [ 789.551045][T22250] netlink: 'syz.6.6304': attribute type 29 has an invalid length. [ 789.592933][T22250] netlink: 'syz.6.6304': attribute type 30 has an invalid length. [ 789.628078][T22259] profile_transition: unconfined exec no attachment [ 789.641753][T22250] netlink: 'syz.6.6304': attribute type 31 has an invalid length. [ 789.747851][T22250] netlink: 2 bytes leftover after parsing attributes in process `syz.6.6304'. [ 789.772820][T22263] profile_transition: unconfined exec no attachment [ 790.585938][T22280] profile_transition: unconfined exec no attachment [ 790.712542][T22284] netlink: 17 bytes leftover after parsing attributes in process `syz.9.6315'. [ 790.783079][T22284] netlink: 4 bytes leftover after parsing attributes in process `syz.9.6315'. [ 791.111608][T22293] mkiss: ax0: crc mode is auto. [ 791.269566][T22295] profile_transition: unconfined exec no attachment [ 792.131929][T19576] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 792.155713][T19576] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 792.166607][T19576] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 792.175485][T19576] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 792.184673][T19576] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 792.429865][T22318] FAULT_INJECTION: forcing a failure. [ 792.429865][T22318] name failslab, interval 1, probability 0, space 0, times 0 [ 792.444523][T22319] profile_transition: unconfined exec no attachment [ 792.477229][T22318] CPU: 0 UID: 0 PID: 22318 Comm: syz.6.6329 Tainted: G U I syzkaller #0 PREEMPT(full) [ 792.477291][T22318] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 792.477306][T22318] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 792.477325][T22318] Call Trace: [ 792.477337][T22318] [ 792.477349][T22318] dump_stack_lvl+0x16c/0x1f0 [ 792.477413][T22318] should_fail_ex+0x512/0x640 [ 792.477467][T22318] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 792.477510][T22318] should_failslab+0xc2/0x120 [ 792.477553][T22318] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 792.477592][T22318] ? __alloc_skb+0x2b2/0x380 [ 792.477645][T22318] __alloc_skb+0x2b2/0x380 [ 792.477694][T22318] ? __pfx___alloc_skb+0x10/0x10 [ 792.477758][T22318] tipc_buf_acquire+0x26/0xe0 [ 792.477800][T22318] tipc_msg_build+0x112/0x1150 [ 792.477850][T22318] ? __pfx_tipc_msg_build+0x10/0x10 [ 792.477898][T22318] ? __pfx_aa_label_sk_perm+0x10/0x10 [ 792.477965][T22318] __tipc_sendmsg+0xa30/0x19a0 [ 792.478019][T22318] ? __pfx___tipc_sendmsg+0x10/0x10 [ 792.478055][T22318] ? __lock_acquire+0xb97/0x1ce0 [ 792.478112][T22318] ? __pfx_woken_wake_function+0x10/0x10 [ 792.478194][T22318] ? __local_bh_enable_ip+0xa4/0x120 [ 792.478241][T22318] tipc_sendmsg+0x4f/0x70 [ 792.478278][T22318] sock_write_iter+0x4fc/0x5b0 [ 792.478318][T22318] ? __pfx_sock_write_iter+0x10/0x10 [ 792.478378][T22318] ? __futex_wait+0x24c/0x2f0 [ 792.478430][T22318] ? copy_iovec_from_user+0x131/0x170 [ 792.478470][T22318] do_iter_readv_writev+0x65f/0x9e0 [ 792.478518][T22318] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 792.478562][T22318] ? bpf_lsm_file_permission+0x9/0x10 [ 792.478611][T22318] ? security_file_permission+0x71/0x210 [ 792.478660][T22318] ? rw_verify_area+0xcf/0x6c0 [ 792.478698][T22318] vfs_writev+0x35f/0xde0 [ 792.478738][T22318] ? __lock_acquire+0x62e/0x1ce0 [ 792.478786][T22318] ? __pfx_vfs_writev+0x10/0x10 [ 792.478855][T22318] ? __fget_files+0x20e/0x3c0 [ 792.478904][T22318] ? do_writev+0x28c/0x340 [ 792.478937][T22318] do_writev+0x28c/0x340 [ 792.478993][T22318] ? __pfx_do_writev+0x10/0x10 [ 792.479044][T22318] do_syscall_64+0xcd/0x4c0 [ 792.479101][T22318] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 792.479137][T22318] RIP: 0033:0x7f0fb3d8eba9 [ 792.479162][T22318] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 792.479197][T22318] RSP: 002b:00007f0fb4cc9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 792.479231][T22318] RAX: ffffffffffffffda RBX: 00007f0fb3fd5fa0 RCX: 00007f0fb3d8eba9 [ 792.479253][T22318] RDX: 0000000000000008 RSI: 0000200000000100 RDI: 0000000000000003 [ 792.479273][T22318] RBP: 00007f0fb3e11e19 R08: 0000000000000000 R09: 0000000000000000 [ 792.479294][T22318] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 792.479314][T22318] R13: 00007f0fb3fd6038 R14: 00007f0fb3fd5fa0 R15: 00007ffc31352a38 [ 792.479356][T22318] [ 792.569670][T22311] chnl_net:caif_netlink_parms(): no params data found [ 792.777705][ C0] vcan0: j1939_tp_rxtimer: 0xffff8880651db400: rx timeout, send abort [ 792.801092][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff8880651db400: 0x40000: (3) A timeout occurred and this is the connection abort to close the session. [ 792.863781][T22321] netlink: 354 bytes leftover after parsing attributes in process `syz.6.6330'. [ 792.924020][T22323] netlink: 326 bytes leftover after parsing attributes in process `syz.2.6331'. [ 793.543543][T22311] bridge0: port 1(bridge_slave_0) entered blocking state [ 793.563085][T22311] bridge0: port 1(bridge_slave_0) entered disabled state [ 793.647956][T22311] bridge_slave_0: entered allmulticast mode [ 793.659726][T22311] bridge_slave_0: entered promiscuous mode [ 793.693610][T22311] bridge0: port 2(bridge_slave_1) entered blocking state [ 793.709015][T22311] bridge0: port 2(bridge_slave_1) entered disabled state [ 793.766882][T22311] bridge_slave_1: entered allmulticast mode [ 793.791086][T22311] bridge_slave_1: entered promiscuous mode [ 794.014915][T22311] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 794.200644][T19576] Bluetooth: hci7: command tx timeout [ 794.232334][T22311] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 794.871257][T22311] team0: Port device team_slave_0 added [ 794.896844][T22311] team0: Port device team_slave_1 added [ 795.287212][T22311] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 795.294308][T22311] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 795.351776][T22311] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 795.370416][T22311] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 795.377967][T22311] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 795.407738][T22311] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 795.642827][T22311] hsr_slave_0: entered promiscuous mode [ 795.669772][T22311] hsr_slave_1: entered promiscuous mode [ 795.705471][T22311] debugfs: 'hsr0' already exists in 'hsr' [ 795.728806][T22365] profile_transition: unconfined exec no attachment [ 795.734649][T22311] Cannot create hsr debugfs directory [ 796.278412][T19576] Bluetooth: hci7: command tx timeout [ 797.222872][T22400] profile_transition: unconfined exec no attachment [ 797.705510][T22408] profile_transition: unconfined exec no attachment [ 798.380773][T19576] Bluetooth: hci7: command tx timeout [ 798.434048][T22417] profile_transition: unconfined exec no attachment [ 798.668985][T19576] Bluetooth: hci6: unexpected subevent 0x05 length: 123 > 12 [ 799.096182][T22432] profile_transition: unconfined exec no attachment [ 799.270479][T22311] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 799.332010][T22311] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 799.554389][T22437] profile_transition: unconfined exec no attachment [ 799.587245][T22311] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 799.674421][T22311] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 799.776484][T22440] profile_transition: unconfined exec no attachment [ 799.913664][T22442] profile_transition: unconfined exec no attachment [ 800.277533][T22455] netlink: 146 bytes leftover after parsing attributes in process `syz.2.6373'. [ 800.410203][T22458] profile_transition: unconfined exec no attachment [ 800.412025][T19576] Bluetooth: hci7: command tx timeout [ 800.428005][T22457] netlink: 146 bytes leftover after parsing attributes in process `syz.2.6374'. [ 800.456755][T22459] profile_transition: unconfined exec no attachment [ 800.569836][T22311] 8021q: adding VLAN 0 to HW filter on device bond0 [ 800.687070][T22462] profile_transition: unconfined exec no attachment [ 800.695648][T22311] 8021q: adding VLAN 0 to HW filter on device team0 [ 800.739981][T19576] Bluetooth: hci6: command tx timeout [ 800.815307][T22466] profile_transition: unconfined exec no attachment [ 800.863802][ T59] bridge0: port 1(bridge_slave_0) entered blocking state [ 800.877836][ T59] bridge0: port 1(bridge_slave_0) entered forwarding state [ 801.178279][T22478] netlink: 334 bytes leftover after parsing attributes in process `syz.2.6380'. [ 801.321785][ T59] bridge0: port 2(bridge_slave_1) entered blocking state [ 801.329102][ T59] bridge0: port 2(bridge_slave_1) entered forwarding state [ 801.441915][T22480] FAULT_INJECTION: forcing a failure. [ 801.441915][T22480] name failslab, interval 1, probability 0, space 0, times 0 [ 801.471292][T22480] CPU: 0 UID: 0 PID: 22480 Comm: syz.9.6379 Tainted: G U I syzkaller #0 PREEMPT(full) [ 801.471352][T22480] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 801.471366][T22480] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 801.471385][T22480] Call Trace: [ 801.471396][T22480] [ 801.471408][T22480] dump_stack_lvl+0x16c/0x1f0 [ 801.471472][T22480] should_fail_ex+0x512/0x640 [ 801.471525][T22480] ? __kmalloc_noprof+0xbf/0x510 [ 801.471567][T22480] ? fib_default_rule_add+0x4f/0x420 [ 801.471619][T22480] should_failslab+0xc2/0x120 [ 801.471664][T22480] __kmalloc_noprof+0xd2/0x510 [ 801.471711][T22480] fib_default_rule_add+0x4f/0x420 [ 801.471767][T22480] fib4_rules_init+0x7c/0x1c0 [ 801.471812][T22480] fib_net_init+0x1dc/0x3f0 [ 801.471841][T22480] ? __pfx___register_sysctl_table+0x10/0x10 [ 801.471892][T22480] ? __pfx_fib_net_init+0x10/0x10 [ 801.471922][T22480] ? lockdep_init_map_type+0x5c/0x280 [ 801.471970][T22480] ? do_init_timer+0xc9/0x110 [ 801.472010][T22480] ? devinet_init_net+0x5c2/0x910 [ 801.472049][T22480] ? __pfx_fib_net_init+0x10/0x10 [ 801.472078][T22480] ops_init+0x1e2/0x5f0 [ 801.472112][T22480] setup_net+0x10f/0x380 [ 801.472138][T22480] ? lockdep_init_map_type+0x5c/0x280 [ 801.472185][T22480] ? __pfx_setup_net+0x10/0x10 [ 801.472218][T22480] ? debug_mutex_init+0x37/0x70 [ 801.472256][T22480] copy_net_ns+0x2a6/0x5f0 [ 801.472294][T22480] create_new_namespaces+0x3ea/0xa90 [ 801.472344][T22480] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 801.472387][T22480] ksys_unshare+0x45b/0xa40 [ 801.472434][T22480] ? __pfx_ksys_unshare+0x10/0x10 [ 801.472513][T22480] ? xfd_validate_state+0x61/0x180 [ 801.472576][T22480] __x64_sys_unshare+0x31/0x40 [ 801.472623][T22480] do_syscall_64+0xcd/0x4c0 [ 801.472679][T22480] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 801.472713][T22480] RIP: 0033:0x7fac5d58eba9 [ 801.472740][T22480] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 801.472774][T22480] RSP: 002b:00007fac5e366038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 801.472807][T22480] RAX: ffffffffffffffda RBX: 00007fac5d7d5fa0 RCX: 00007fac5d58eba9 [ 801.472830][T22480] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 801.472850][T22480] RBP: 00007fac5d611e19 R08: 0000000000000000 R09: 0000000000000000 [ 801.472870][T22480] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 801.472889][T22480] R13: 00007fac5d7d6038 R14: 00007fac5d7d5fa0 R15: 00007ffc82bcbe48 [ 801.472932][T22480] [ 802.636387][T22311] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 802.770740][T22506] profile_transition: 9 callbacks suppressed [ 802.770762][T22506] profile_transition: unconfined exec no attachment [ 802.963957][T22311] veth0_vlan: entered promiscuous mode [ 803.064355][T22507] profile_transition: unconfined exec no attachment [ 803.089164][T22311] veth1_vlan: entered promiscuous mode [ 803.235646][T22311] veth0_macvtap: entered promiscuous mode [ 803.330859][T22311] veth1_macvtap: entered promiscuous mode [ 803.406976][T22512] profile_transition: unconfined exec no attachment [ 803.421873][T22311] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 803.463855][T22311] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 803.521521][ T1167] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 803.553428][ T1167] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 803.613400][ T1167] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 803.641761][ T1167] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 803.672068][T22517] profile_transition: unconfined exec no attachment [ 803.955591][T21182] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 803.985464][T22524] profile_transition: unconfined exec no attachment [ 804.000976][T21182] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 804.049869][T22521] netlink: 342 bytes leftover after parsing attributes in process `syz.9.6389'. [ 804.128556][ T764] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 804.173513][ T764] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 804.225109][T22526] profile_transition: unconfined exec no attachment [ 804.436915][T22531] profile_transition: unconfined exec no attachment [ 804.464836][T22530] netlink: 25 bytes leftover after parsing attributes in process `syz.1.6321'. [ 804.645223][T22533] profile_transition: unconfined exec no attachment [ 805.071993][T22538] profile_transition: unconfined exec no attachment [ 805.410109][T22545] profile_transition: unconfined exec no attachment [ 805.980355][T22559] FAULT_INJECTION: forcing a failure. [ 805.980355][T22559] name failslab, interval 1, probability 0, space 0, times 0 [ 806.070717][T22559] CPU: 1 UID: 0 PID: 22559 Comm: syz.1.6398 Tainted: G U I syzkaller #0 PREEMPT(full) [ 806.070775][T22559] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 806.070788][T22559] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 806.070807][T22559] Call Trace: [ 806.070818][T22559] [ 806.070830][T22559] dump_stack_lvl+0x16c/0x1f0 [ 806.070887][T22559] should_fail_ex+0x512/0x640 [ 806.070940][T22559] ? __kmalloc_noprof+0xbf/0x510 [ 806.070984][T22559] ? nfc_llcp_build_tlv+0xfd/0x230 [ 806.071041][T22559] should_failslab+0xc2/0x120 [ 806.071086][T22559] __kmalloc_noprof+0xd2/0x510 [ 806.071144][T22559] nfc_llcp_build_tlv+0xfd/0x230 [ 806.071202][T22559] nfc_llcp_build_gb.isra.0+0xed/0x400 [ 806.071253][T22559] ? __pfx_nfc_llcp_build_gb.isra.0+0x10/0x10 [ 806.071314][T22559] ? se_io_cb+0x80/0x390 [ 806.071349][T22559] ? lockdep_init_map_type+0x5c/0x280 [ 806.071404][T22559] nfc_llcp_register_device+0x600/0xa60 [ 806.071462][T22559] nfc_register_device+0x6d/0x3c0 [ 806.071517][T22559] nci_register_device+0x7f1/0xb80 [ 806.071564][T22559] ? __pfx_nci_register_device+0x10/0x10 [ 806.071615][T22559] ? lockdep_init_map_type+0x5c/0x280 [ 806.071672][T22559] virtual_ncidev_open+0x141/0x220 [ 806.071716][T22559] ? __pfx_virtual_ncidev_open+0x10/0x10 [ 806.071765][T22559] misc_open+0x35a/0x420 [ 806.071806][T22559] ? __pfx_misc_open+0x10/0x10 [ 806.071848][T22559] chrdev_open+0x234/0x6a0 [ 806.071891][T22559] ? __pfx_apparmor_file_open+0x10/0x10 [ 806.071931][T22559] ? __pfx_chrdev_open+0x10/0x10 [ 806.071977][T22559] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 806.072024][T22559] do_dentry_open+0x982/0x1530 [ 806.072066][T22559] ? __pfx_chrdev_open+0x10/0x10 [ 806.072126][T22559] vfs_open+0x82/0x3f0 [ 806.072184][T22559] path_openat+0x1de4/0x2cb0 [ 806.072241][T22559] ? __pfx_path_openat+0x10/0x10 [ 806.072294][T22559] do_filp_open+0x20b/0x470 [ 806.072334][T22559] ? __pfx_do_filp_open+0x10/0x10 [ 806.072407][T22559] ? alloc_fd+0x471/0x7d0 [ 806.072456][T22559] do_sys_openat2+0x11b/0x1d0 [ 806.072509][T22559] ? __pfx_do_sys_openat2+0x10/0x10 [ 806.072578][T22559] __x64_sys_openat+0x174/0x210 [ 806.072609][T22559] ? __pfx___x64_sys_openat+0x10/0x10 [ 806.072659][T22559] do_syscall_64+0xcd/0x4c0 [ 806.072715][T22559] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 806.072750][T22559] RIP: 0033:0x7f814c58eba9 [ 806.072777][T22559] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 806.072811][T22559] RSP: 002b:00007f814d42e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 806.072841][T22559] RAX: ffffffffffffffda RBX: 00007f814c7d5fa0 RCX: 00007f814c58eba9 [ 806.072863][T22559] RDX: 0000000000000002 RSI: 0000200000000400 RDI: ffffffffffffff9c [ 806.072883][T22559] RBP: 00007f814c611e19 R08: 0000000000000000 R09: 0000000000000000 [ 806.072904][T22559] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 806.072922][T22559] R13: 00007f814c7d6038 R14: 00007f814c7d5fa0 R15: 00007ffd164eecc8 [ 806.072965][T22559] [ 807.010767][T22576] ubi0: attaching mtd0 [ 807.017079][T22576] ubi0: scanning is finished [ 807.050021][T22576] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 807.309686][T22580] aa_policy_admin_capable: cap_mac_admin? 1 [ 807.337448][T22576] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 807.360048][T22580] aa_policy_admin_capable: policy locked? 0 [ 807.470845][T22585] mkiss: ax0: crc mode is auto. [ 807.696690][T22591] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 807.895147][T22599] profile_transition: 8 callbacks suppressed [ 807.895169][T22599] profile_transition: unconfined exec no attachment [ 808.182845][T22604] profile_transition: unconfined exec no attachment [ 808.259774][T22605] profile_transition: unconfined exec no attachment [ 808.541473][T22612] profile_transition: unconfined exec no attachment [ 808.766351][T22616] profile_transition: unconfined exec no attachment [ 809.092171][T22621] profile_transition: unconfined exec no attachment [ 809.288769][T22628] profile_transition: unconfined exec no attachment [ 809.347187][T22626] FAULT_INJECTION: forcing a failure. [ 809.347187][T22626] name failslab, interval 1, probability 0, space 0, times 0 [ 809.367818][T22626] CPU: 1 UID: 0 PID: 22626 Comm: syz.6.6411 Tainted: G U I syzkaller #0 PREEMPT(full) [ 809.367878][T22626] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 809.367893][T22626] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 809.367912][T22626] Call Trace: [ 809.367924][T22626] [ 809.367936][T22626] dump_stack_lvl+0x16c/0x1f0 [ 809.367993][T22626] should_fail_ex+0x512/0x640 [ 809.368046][T22626] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 809.368092][T22626] should_failslab+0xc2/0x120 [ 809.368138][T22626] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 809.368180][T22626] ? skb_clone+0x190/0x3f0 [ 809.368238][T22626] skb_clone+0x190/0x3f0 [ 809.368290][T22626] netlink_broadcast_filtered+0xb76/0xf90 [ 809.368358][T22626] ? __pfx_netlink_broadcast_filtered+0x10/0x10 [ 809.368408][T22626] ? sprintf+0xcc/0x100 [ 809.368499][T22626] ? netlink_has_listeners+0x20f/0x430 [ 809.368557][T22626] netlink_broadcast+0x39/0x50 [ 809.368609][T22626] kobject_uevent_env+0xc6a/0x1870 [ 809.368655][T22626] ? bus_to_subsys+0x131/0x160 [ 809.368702][T22626] device_add+0x10dd/0x1aa0 [ 809.368743][T22626] ? __pfx_device_add+0x10/0x10 [ 809.368796][T22626] nfc_register_device+0x41/0x3c0 [ 809.368860][T22626] nci_register_device+0x7f1/0xb80 [ 809.368907][T22626] ? __pfx_nci_register_device+0x10/0x10 [ 809.368957][T22626] ? lockdep_init_map_type+0x5c/0x280 [ 809.369010][T22626] virtual_ncidev_open+0x141/0x220 [ 809.369053][T22626] ? __pfx_virtual_ncidev_open+0x10/0x10 [ 809.369094][T22626] misc_open+0x35a/0x420 [ 809.369136][T22626] ? __pfx_misc_open+0x10/0x10 [ 809.369176][T22626] chrdev_open+0x234/0x6a0 [ 809.369219][T22626] ? __pfx_apparmor_file_open+0x10/0x10 [ 809.369256][T22626] ? __pfx_chrdev_open+0x10/0x10 [ 809.369303][T22626] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 809.369351][T22626] do_dentry_open+0x982/0x1530 [ 809.369395][T22626] ? __pfx_chrdev_open+0x10/0x10 [ 809.369449][T22626] vfs_open+0x82/0x3f0 [ 809.369520][T22626] path_openat+0x1de4/0x2cb0 [ 809.369575][T22626] ? __pfx_path_openat+0x10/0x10 [ 809.369628][T22626] do_filp_open+0x20b/0x470 [ 809.369669][T22626] ? __pfx_do_filp_open+0x10/0x10 [ 809.369743][T22626] ? alloc_fd+0x471/0x7d0 [ 809.369792][T22626] do_sys_openat2+0x11b/0x1d0 [ 809.369842][T22626] ? __pfx_do_sys_openat2+0x10/0x10 [ 809.369913][T22626] __x64_sys_openat+0x174/0x210 [ 809.369945][T22626] ? __pfx___x64_sys_openat+0x10/0x10 [ 809.369994][T22626] do_syscall_64+0xcd/0x4c0 [ 809.370052][T22626] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 809.370086][T22626] RIP: 0033:0x7f0fb3d8eba9 [ 809.370112][T22626] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 809.370145][T22626] RSP: 002b:00007f0fb4cc9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 809.370178][T22626] RAX: ffffffffffffffda RBX: 00007f0fb3fd5fa0 RCX: 00007f0fb3d8eba9 [ 809.370200][T22626] RDX: 0000000000000002 RSI: 0000200000000400 RDI: ffffffffffffff9c [ 809.370221][T22626] RBP: 00007f0fb3e11e19 R08: 0000000000000000 R09: 0000000000000000 [ 809.370240][T22626] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 809.370258][T22626] R13: 00007f0fb3fd6038 R14: 00007f0fb3fd5fa0 R15: 00007ffc31352a38 [ 809.370301][T22626] [ 810.179305][T22638] profile_transition: unconfined exec no attachment [ 810.253030][T22639] FAULT_INJECTION: forcing a failure. [ 810.253030][T22639] name failslab, interval 1, probability 0, space 0, times 0 [ 810.301413][T22639] CPU: 0 UID: 0 PID: 22639 Comm: syz.2.6414 Tainted: G U I syzkaller #0 PREEMPT(full) [ 810.301474][T22639] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 810.301489][T22639] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 810.301509][T22639] Call Trace: [ 810.301519][T22639] [ 810.301532][T22639] dump_stack_lvl+0x16c/0x1f0 [ 810.301589][T22639] should_fail_ex+0x512/0x640 [ 810.301643][T22639] ? __kmalloc_noprof+0xbf/0x510 [ 810.301686][T22639] ? public_key_verify_signature+0x25b/0x970 [ 810.301725][T22639] should_failslab+0xc2/0x120 [ 810.301771][T22639] __kmalloc_noprof+0xd2/0x510 [ 810.301821][T22639] public_key_verify_signature+0x25b/0x970 [ 810.301868][T22639] ? __pfx_public_key_verify_signature+0x10/0x10 [ 810.301944][T22639] x509_check_for_self_signed+0x31a/0x500 [ 810.301995][T22639] x509_cert_parse+0x5f8/0x900 [ 810.302032][T22639] ? kasan_save_stack+0x42/0x60 [ 810.302068][T22639] ? kasan_save_stack+0x33/0x60 [ 810.302104][T22639] ? kasan_save_track+0x14/0x30 [ 810.302146][T22639] pkcs7_extract_cert+0xa4/0x320 [ 810.302198][T22639] asn1_ber_decoder+0xc5f/0x1df0 [ 810.302251][T22639] ? __pfx_asn1_ber_decoder+0x10/0x10 [ 810.302320][T22639] pkcs7_parse_message+0x288/0x720 [ 810.302373][T22639] verify_pkcs7_signature+0x30/0xa0 [ 810.302435][T22639] valid_regdb+0x211/0x590 [ 810.302486][T22639] ? __pfx___mutex_lock+0x10/0x10 [ 810.302541][T22639] ? __pfx_valid_regdb+0x10/0x10 [ 810.302602][T22639] reg_reload_regdb+0x11a/0x460 [ 810.302635][T22639] ? __pfx_reg_reload_regdb+0x10/0x10 [ 810.302670][T22639] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 810.302711][T22639] ? nl80211_pre_doit+0x1b0/0xb10 [ 810.302759][T22639] genl_family_rcv_msg_doit+0x209/0x2f0 [ 810.302801][T22639] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 810.302835][T22639] ? rcu_is_watching+0x12/0xc0 [ 810.302890][T22639] ? bpf_lsm_capable+0x9/0x10 [ 810.302920][T22639] ? security_capable+0x7e/0x260 [ 810.302964][T22639] genl_rcv_msg+0x55c/0x800 [ 810.303004][T22639] ? __pfx_genl_rcv_msg+0x10/0x10 [ 810.303040][T22639] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 810.303080][T22639] ? __pfx_nl80211_reload_regdb+0x10/0x10 [ 810.303129][T22639] ? __pfx_nl80211_post_doit+0x10/0x10 [ 810.303175][T22639] netlink_rcv_skb+0x158/0x420 [ 810.303228][T22639] ? __pfx_genl_rcv_msg+0x10/0x10 [ 810.303270][T22639] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 810.303340][T22639] ? netlink_deliver_tap+0x1ae/0xd30 [ 810.303411][T22639] genl_rcv+0x28/0x40 [ 810.303442][T22639] netlink_unicast+0x5a7/0x870 [ 810.303502][T22639] ? __pfx_netlink_unicast+0x10/0x10 [ 810.303556][T22639] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 810.303606][T22639] ? __lock_acquire+0xb97/0x1ce0 [ 810.303662][T22639] netlink_sendmsg+0x8d1/0xdd0 [ 810.303723][T22639] ? __pfx_netlink_sendmsg+0x10/0x10 [ 810.303782][T22639] ? aa_sock_msg_perm.constprop.0+0x100/0x1d0 [ 810.303826][T22639] ____sys_sendmsg+0xa98/0xc70 [ 810.303864][T22639] ? copy_msghdr_from_user+0x10a/0x160 [ 810.303915][T22639] ? __pfx_____sys_sendmsg+0x10/0x10 [ 810.303964][T22639] ? __pfx_futex_wake_mark+0x10/0x10 [ 810.304020][T22639] ___sys_sendmsg+0x134/0x1d0 [ 810.304074][T22639] ? __pfx____sys_sendmsg+0x10/0x10 [ 810.304178][T22639] __sys_sendmsg+0x16d/0x220 [ 810.304229][T22639] ? __pfx___sys_sendmsg+0x10/0x10 [ 810.304279][T22639] ? __x64_sys_futex+0x1e0/0x4c0 [ 810.304348][T22639] do_syscall_64+0xcd/0x4c0 [ 810.304412][T22639] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 810.304446][T22639] RIP: 0033:0x7fd1f0d8eba9 [ 810.304472][T22639] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 810.304505][T22639] RSP: 002b:00007fd1f1cde038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 810.304536][T22639] RAX: ffffffffffffffda RBX: 00007fd1f0fd5fa0 RCX: 00007fd1f0d8eba9 [ 810.304557][T22639] RDX: 0000000000000000 RSI: 0000200000000580 RDI: 0000000000000005 [ 810.304576][T22639] RBP: 00007fd1f0e11e19 R08: 0000000000000000 R09: 0000000000000000 [ 810.304594][T22639] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 810.304613][T22639] R13: 00007fd1f0fd6038 R14: 00007fd1f0fd5fa0 R15: 00007ffe3322b588 [ 810.304655][T22639] [ 810.855133][T22645] profile_transition: unconfined exec no attachment [ 810.994355][T22651] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 811.043176][T22654] profile_transition: unconfined exec no attachment [ 811.043459][T22653] ubi0: attaching mtd0 [ 811.197494][T22649] serio: Serial port pty233 [ 811.232572][T22653] ubi0: scanning is finished [ 811.238078][T22653] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 811.709237][T22653] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 811.763339][T22669] netlink: 326 bytes leftover after parsing attributes in process `syz.9.6423'. [ 812.058575][T22674] FAULT_INJECTION: forcing a failure. [ 812.058575][T22674] name failslab, interval 1, probability 0, space 0, times 0 [ 812.112291][T22674] CPU: 0 UID: 0 PID: 22674 Comm: syz.9.6424 Tainted: G U I syzkaller #0 PREEMPT(full) [ 812.112349][T22674] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 812.112363][T22674] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 812.112382][T22674] Call Trace: [ 812.112392][T22674] [ 812.112404][T22674] dump_stack_lvl+0x16c/0x1f0 [ 812.112470][T22674] should_fail_ex+0x512/0x640 [ 812.112521][T22674] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 812.112562][T22674] should_failslab+0xc2/0x120 [ 812.112607][T22674] __kmalloc_cache_noprof+0x6a/0x3e0 [ 812.112643][T22674] ? nfc_llcp_register_device+0x4b/0xa60 [ 812.112703][T22674] nfc_llcp_register_device+0x4b/0xa60 [ 812.112761][T22674] nfc_register_device+0x6d/0x3c0 [ 812.112819][T22674] nci_register_device+0x7f1/0xb80 [ 812.112866][T22674] ? __pfx_nci_register_device+0x10/0x10 [ 812.112915][T22674] ? lockdep_init_map_type+0x5c/0x280 [ 812.112969][T22674] virtual_ncidev_open+0x141/0x220 [ 812.113012][T22674] ? __pfx_virtual_ncidev_open+0x10/0x10 [ 812.113052][T22674] misc_open+0x35a/0x420 [ 812.113093][T22674] ? __pfx_misc_open+0x10/0x10 [ 812.113132][T22674] chrdev_open+0x234/0x6a0 [ 812.113175][T22674] ? __pfx_apparmor_file_open+0x10/0x10 [ 812.113212][T22674] ? __pfx_chrdev_open+0x10/0x10 [ 812.113257][T22674] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 812.113306][T22674] do_dentry_open+0x982/0x1530 [ 812.113350][T22674] ? __pfx_chrdev_open+0x10/0x10 [ 812.113402][T22674] vfs_open+0x82/0x3f0 [ 812.113456][T22674] path_openat+0x1de4/0x2cb0 [ 812.113518][T22674] ? __pfx_path_openat+0x10/0x10 [ 812.113569][T22674] do_filp_open+0x20b/0x470 [ 812.113608][T22674] ? __pfx_do_filp_open+0x10/0x10 [ 812.113680][T22674] ? alloc_fd+0x471/0x7d0 [ 812.113727][T22674] do_sys_openat2+0x11b/0x1d0 [ 812.113779][T22674] ? __pfx_do_sys_openat2+0x10/0x10 [ 812.113847][T22674] __x64_sys_openat+0x174/0x210 [ 812.113876][T22674] ? __pfx___x64_sys_openat+0x10/0x10 [ 812.113921][T22674] do_syscall_64+0xcd/0x4c0 [ 812.113977][T22674] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 812.114009][T22674] RIP: 0033:0x7fac5d58eba9 [ 812.114035][T22674] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 812.114067][T22674] RSP: 002b:00007fac5e366038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 812.114097][T22674] RAX: ffffffffffffffda RBX: 00007fac5d7d5fa0 RCX: 00007fac5d58eba9 [ 812.114118][T22674] RDX: 0000000000000002 RSI: 0000200000000400 RDI: ffffffffffffff9c [ 812.114137][T22674] RBP: 00007fac5d611e19 R08: 0000000000000000 R09: 0000000000000000 [ 812.114155][T22674] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 812.114173][T22674] R13: 00007fac5d7d6038 R14: 00007fac5d7d5fa0 R15: 00007ffc82bcbe48 [ 812.114214][T22674] [ 812.151334][T22674] nfc: nfc_register_device: Could not register llcp device [ 812.365339][ T31] INFO: task syz.0.5712:20514 blocked for more than 143 seconds. [ 812.421289][ T31] Tainted: G U I syzkaller #0 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 812.466932][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 812.477488][ T31] task:syz.0.5712 state:D stack:27272 pid:20514 tgid:20513 ppid:5867 task_flags:0x400140 flags:0x00004004 [ 812.490071][ T31] Call Trace: [ 812.493383][ T31] [ 812.496784][ T31] __schedule+0x1190/0x5de0 [ 812.503242][ T31] ? __lock_acquire+0x62e/0x1ce0 [ 812.643676][T22671] llcp: nfc_llcp_remove_local: Shutting down device not found [ 812.666193][ T31] ? __pfx___schedule+0x10/0x10 [ 812.671283][ T31] ? find_held_lock+0x2b/0x80 [ 812.693346][ T31] ? schedule+0x2d7/0x3a0 [ 812.697777][ T31] ? nfsd_nl_version_set_doit+0xc4/0x7a0 [ 812.713725][ T31] schedule+0xe7/0x3a0 [ 812.717890][ T31] schedule_preempt_disabled+0x13/0x30 [ 812.761358][ T31] __mutex_lock+0x81b/0x1060 [ 812.783327][ T31] ? nfsd_nl_version_set_doit+0xc4/0x7a0 [ 812.789062][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 812.812803][ T31] ? __nla_validate_parse+0x600/0x2880 [ 812.818360][ T31] ? __pfx___nla_validate_parse+0x10/0x10 [ 812.854252][ T31] ? nfsd_nl_version_set_doit+0xc4/0x7a0 [ 812.859991][ T31] nfsd_nl_version_set_doit+0xc4/0x7a0 [ 812.895762][ T31] ? __pfx_nfsd_nl_version_set_doit+0x10/0x10 [ 812.901941][ T31] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 812.952377][ T31] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 812.960212][ T31] genl_family_rcv_msg_doit+0x209/0x2f0 [ 813.011941][ T31] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 813.018106][ T31] ? rcu_is_watching+0x12/0xc0 [ 813.081526][ T31] ? bpf_lsm_capable+0x9/0x10 [ 813.086294][ T31] ? security_capable+0x7e/0x260 [ 813.091285][ T31] genl_rcv_msg+0x55c/0x800 [ 813.182146][ T31] ? __pfx_genl_rcv_msg+0x10/0x10 [ 813.187360][ T31] ? __pfx_nfsd_nl_version_set_doit+0x10/0x10 [ 813.204761][T22691] profile_transition: 7 callbacks suppressed [ 813.204785][T22691] profile_transition: unconfined exec no attachment [ 813.259643][ T31] netlink_rcv_skb+0x158/0x420 [ 813.319912][ T31] ? __pfx_genl_rcv_msg+0x10/0x10 [ 813.325902][ T31] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 813.357994][ T31] ? netlink_deliver_tap+0x1ae/0xd30 [ 813.380499][ T31] genl_rcv+0x28/0x40 [ 813.384852][ T31] netlink_unicast+0x5a7/0x870 [ 813.389724][ T31] ? __pfx_netlink_unicast+0x10/0x10 [ 813.415118][ T31] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 813.450963][T22692] profile_transition: unconfined exec no attachment [ 813.450954][ T31] ? __lock_acquire+0xb97/0x1ce0 [ 813.451020][ T31] netlink_sendmsg+0x8d1/0xdd0 [ 813.517236][ T31] ? __pfx_netlink_sendmsg+0x10/0x10 [ 813.547685][ T31] ? aa_sock_msg_perm.constprop.0+0x100/0x1d0 [ 813.576791][ T31] ____sys_sendmsg+0xa98/0xc70 [ 813.585060][ T31] ? copy_msghdr_from_user+0x10a/0x160 [ 813.599075][ T31] ? __pfx_____sys_sendmsg+0x10/0x10 [ 813.604528][ T31] ? __pfx_futex_wake_mark+0x10/0x10 [ 813.618967][ T31] ___sys_sendmsg+0x134/0x1d0 [ 813.624673][ T31] ? __pfx____sys_sendmsg+0x10/0x10 [ 813.658903][ T31] __sys_sendmsg+0x16d/0x220 [ 813.663773][ T31] ? __pfx___sys_sendmsg+0x10/0x10 [ 813.698632][ T31] ? __x64_sys_futex+0x1e0/0x4c0 [ 813.703689][ T31] do_syscall_64+0xcd/0x4c0 [ 813.708261][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 813.716887][T22693] profile_transition: unconfined exec no attachment [ 813.750285][ T31] RIP: 0033:0x7f1a5f98eba9 [ 813.790066][ T31] RSP: 002b:00007f1a6088d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 813.818074][ T31] RAX: ffffffffffffffda RBX: 00007f1a5fbd5fa0 RCX: 00007f1a5f98eba9 [ 813.847931][ T31] RDX: 0000000000040000 RSI: 0000200000000280 RDI: 0000000000000004 [ 813.856240][ T31] RBP: 00007f1a5fa11e19 R08: 0000000000000000 R09: 0000000000000000 [ 813.917615][ T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 813.926157][ T31] R13: 00007f1a5fbd6038 R14: 00007f1a5fbd5fa0 R15: 00007ffc195939f8 [ 813.932640][T22694] profile_transition: unconfined exec no attachment [ 813.957534][ T31] [ 813.992820][ T31] [ 813.992820][ T31] Showing all locks held in the system: [ 814.027089][ T31] 1 lock held by ksoftirqd/1/23: [ 814.032691][ T31] 1 lock held by khungtaskd/31: [ 814.130958][ T31] #0: ffffffff8e5c1420 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x36/0x1c0 [ 814.216258][ T31] 2 locks held by udevd/5236: [ 814.221011][ T31] 2 locks held by kworker/u9:3/5875: [ 814.268763][ T31] #0: ffff888026863148 ((wq_completion)nbd2-recv){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70 [ 814.293488][ T31] #1: ffffc900040cfd10 ((work_completion)(&args->work)){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70 [ 814.325677][ T31] 2 locks held by kworker/u9:4/5877: [ 814.342872][ T31] #0: ffff88802631e148 ((wq_completion)nbd1-recv){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70 [ 814.385559][ T31] #1: ffffc900040dfd10 ((work_completion)(&args->work)){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70 [ 814.409030][T22697] profile_transition: unconfined exec no attachment [ 814.425962][ T31] 2 locks held by kworker/u9:8/5883: [ 814.473183][ T31] #0: ffff888026319148 ((wq_completion)nbd0-recv){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70 [ 814.505873][ T31] #1: ffffc9000413fd10 ((work_completion)(&args->work)){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70 [ 814.544675][ T31] 2 locks held by syz-executor/19574: [ 814.550175][ T31] #0: ffff88806152e0e0 (&type->s_umount_key#53){++++}-{4:4}, at: deactivate_super+0xd6/0x100 [ 814.602947][ T31] #1: ffffffff8e9d9c88 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_shutdown_threads+0x5b/0xf0 [ 814.630877][ T31] 3 locks held by kworker/0:1/19833: [ 814.654171][ T31] 2 locks held by syz.3.5703/20488: [ 814.659446][ T31] #0: ffffffff9042be10 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 [ 814.685878][T22699] profile_transition: unconfined exec no attachment [ 814.704354][ T31] #1: ffffffff8e9d9c88 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_nl_listener_set_doit+0xd5/0x1b10 [ 814.763921][ T31] 2 locks held by syz.0.5712/20514: [ 814.769551][ T31] #0: ffffffff9042be10 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 [ 814.813432][ T31] #1: ffffffff8e9d9c88 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_nl_version_set_doit+0xc4/0x7a0 [ 814.853292][ T31] 2 locks held by syz-executor/20593: [ 814.858736][ T31] #0: ffff88806a858dc0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_dev_do_close+0x26/0x90 [ 814.893099][ T31] #1: ffff88806a8580b8 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x3ae/0x11d0 [ 814.922948][ T31] 2 locks held by syz-executor/21108: [ 814.933026][ T31] #0: ffff88807b57c0e0 (&type->s_umount_key#53){++++}-{4:4}, at: deactivate_super+0xd6/0x100 [ 814.956129][ T31] #1: ffffffff8e9d9c88 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_shutdown_threads+0x5b/0xf0 [ 814.968293][T22702] profile_transition: unconfined exec no attachment [ 814.992556][ T31] 3 locks held by syz-executor/21365: [ 815.032430][ T31] #0: ffff88807adb4dc0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_dev_do_close+0x26/0x90 [ 815.042149][ T31] #1: ffff88807adb40b8 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x3ae/0x11d0 [ 815.092146][ T31] #2: ffffffff905f1068 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_hash_flush+0xbb/0x260 [ 815.131620][ T31] 2 locks held by syz.4.6243/22079: [ 815.137341][ T31] #0: ffff888057bea0e0 (&type->s_umount_key#53){++++}-{4:4}, at: deactivate_super+0xd6/0x100 [ 815.165988][ T31] #1: ffffffff8e9d9c88 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_shutdown_threads+0x5b/0xf0 [ 815.201842][ T31] 5 locks held by syz-executor/22311: [ 815.207283][ T31] #0: ffff88807f6e4dc0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_dev_do_close+0x26/0x90 [ 815.211851][T22704] profile_transition: unconfined exec no attachment [ 815.258869][ T31] #1: ffff88807f6e40b8 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x3ae/0x11d0 [ 815.307435][ T31] #2: ffffffff905f1068 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_hash_flush+0xbb/0x260 [ 815.320960][ T31] #3: ffff88806111c338 (&conn->lock#2){+.+.}-{4:4}, at: l2cap_conn_del+0x80/0x730 [ 815.330512][ T31] #4: ffffffff8e5cc9b8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x1a3/0x3c0 [ 815.370806][ T31] 2 locks held by syz.6.6405/22597: [ 815.376392][ T31] 1 lock held by cmp/22704: [ 815.393178][ T31] #0: ffff8880b853a458 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x29/0x130 [ 815.408935][T22705] profile_transition: unconfined exec no attachment [ 815.410753][ T31] [ 815.419717][ T31] ============================================= [ 815.419717][ T31] [ 815.507951][ T31] NMI backtrace for cpu 0 [ 815.507979][ T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Tainted: G U I syzkaller #0 PREEMPT(full) [ 815.508024][ T31] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 815.508036][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 815.508053][ T31] Call Trace: [ 815.508063][ T31] [ 815.508075][ T31] dump_stack_lvl+0x116/0x1f0 [ 815.508129][ T31] nmi_cpu_backtrace+0x27b/0x390 [ 815.508165][ T31] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 815.508219][ T31] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 815.508268][ T31] nmi_trigger_cpumask_backtrace+0x29c/0x300 [ 815.508312][ T31] watchdog+0xf0e/0x1260 [ 815.508368][ T31] ? __pfx_watchdog+0x10/0x10 [ 815.508413][ T31] ? lockdep_hardirqs_on+0x7c/0x110 [ 815.508464][ T31] ? __kthread_parkme+0x19e/0x250 [ 815.508506][ T31] ? __pfx_watchdog+0x10/0x10 [ 815.508553][ T31] kthread+0x3c5/0x780 [ 815.508601][ T31] ? __pfx_kthread+0x10/0x10 [ 815.508651][ T31] ? rcu_is_watching+0x12/0xc0 [ 815.508684][ T31] ? __pfx_kthread+0x10/0x10 [ 815.508732][ T31] ret_from_fork+0x56d/0x730 [ 815.508782][ T31] ? __pfx_kthread+0x10/0x10 [ 815.508829][ T31] ret_from_fork_asm+0x1a/0x30 [ 815.508885][ T31] [ 815.508897][ T31] Sending NMI from CPU 0 to CPUs 1: [ 815.664485][ C1] NMI backtrace for cpu 1 [ 815.664509][ C1] CPU: 1 UID: 0 PID: 22684 Comm: syz.2.6426 Tainted: G U I syzkaller #0 PREEMPT(full) [ 815.664549][ C1] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 815.664559][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 815.664575][ C1] RIP: 0010:rcu_is_watching+0x12/0xc0 [ 815.664608][ C1] Code: 84 00 00 00 00 00 66 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 55 53 65 ff 05 c3 13 36 12 e8 2e 57 f1 09 <48> c7 c3 a8 92 d7 93 89 c5 83 f8 07 0f 87 82 00 00 00 48 8d 3c ed [ 815.664634][ C1] RSP: 0018:ffffc9000bf6f868 EFLAGS: 00000286 [ 815.664655][ C1] RAX: 0000000000000001 RBX: ffffffff8e5c1420 RCX: 0000000000000002 [ 815.664671][ C1] RDX: 0000000000000000 RSI: ffffffff8c163680 RDI: ffffffff8c1636c0 [ 815.664688][ C1] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000 [ 815.664703][ C1] R10: 00000000070804b6 R11: 0000000000000000 R12: 0000000000000000 [ 815.664718][ C1] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 815.664734][ C1] FS: 0000000000000000(0000) GS:ffff8881247ba000(0000) knlGS:0000000000000000 [ 815.664758][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 815.664775][ C1] CR2: 00007fa4fbfe8100 CR3: 000000007f32c000 CR4: 00000000003526f0 [ 815.664792][ C1] Call Trace: [ 815.664799][ C1] [ 815.664808][ C1] lock_acquire+0x2cd/0x350 [ 815.664845][ C1] ? __fput+0x402/0xb70 [ 815.664880][ C1] ? task_work_run+0x14d/0x240 [ 815.664901][ C1] ? do_exit+0x86f/0x2bf0 [ 815.664936][ C1] ? do_group_exit+0xd3/0x2a0 [ 815.664972][ C1] ? get_signal+0x2673/0x26d0 [ 815.665002][ C1] ? arch_do_signal_or_restart+0x8f/0x790 [ 815.665039][ C1] __update_page_owner_free_handle.constprop.0+0x4d/0x4a0 [ 815.665073][ C1] ? __update_page_owner_free_handle.constprop.0+0x3c/0x4a0 [ 815.665112][ C1] __reset_page_owner+0x93/0x1a0 [ 815.665142][ C1] __free_frozen_pages+0x7d5/0x10f0 [ 815.665174][ C1] vfree+0x1fd/0xb50 [ 815.665194][ C1] ? find_held_lock+0x2b/0x80 [ 815.665222][ C1] ? rcu_is_watching+0x12/0xc0 [ 815.665253][ C1] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 815.665294][ C1] ? __pfx_kcov_close+0x10/0x10 [ 815.665331][ C1] kcov_close+0x34/0x60 [ 815.665366][ C1] __fput+0x402/0xb70 [ 815.665404][ C1] ? cleanup_mnt+0x26b/0x450 [ 815.665431][ C1] task_work_run+0x14d/0x240 [ 815.665454][ C1] ? __pfx_task_work_run+0x10/0x10 [ 815.665502][ C1] do_exit+0x86f/0x2bf0 [ 815.665541][ C1] ? __pfx_do_exit+0x10/0x10 [ 815.665578][ C1] ? do_raw_spin_lock+0x12c/0x2b0 [ 815.665618][ C1] ? find_held_lock+0x2b/0x80 [ 815.665646][ C1] do_group_exit+0xd3/0x2a0 [ 815.665684][ C1] get_signal+0x2673/0x26d0 [ 815.665715][ C1] ? find_held_lock+0x2b/0x80 [ 815.665744][ C1] ? __pfx_get_signal+0x10/0x10 [ 815.665780][ C1] arch_do_signal_or_restart+0x8f/0x790 [ 815.665814][ C1] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 815.665855][ C1] ? __pfx___do_sys_close_range+0x10/0x10 [ 815.665891][ C1] exit_to_user_mode_loop+0x84/0x110 [ 815.665932][ C1] do_syscall_64+0x41c/0x4c0 [ 815.665975][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 815.666003][ C1] RIP: 0033:0x7fd1f0d8eba9 [ 815.666022][ C1] Code: Unable to access opcode bytes at 0x7fd1f0d8eb7f. [ 815.666033][ C1] RSP: 002b:00007ffe3322b6e8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 815.666056][ C1] RAX: 0000000000000000 RBX: 00000000000c6eae RCX: 00007fd1f0d8eba9 [ 815.666072][ C1] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 815.666088][ C1] RBP: 00007fd1f0fd7da0 R08: 0000000000000001 R09: 000000093322b9df [ 815.666104][ C1] R10: 0000001b2d520000 R11: 0000000000000246 R12: 00007fd1f0fd5fac [ 815.666121][ C1] R13: 00007fd1f0fd5fa0 R14: ffffffffffffffff R15: 00007ffe3322b800 [ 815.666148][ C1] [ 816.142601][ T31] Kernel panic - not syncing: hung_task: blocked tasks [ 816.149521][ T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Tainted: G U I syzkaller #0 PREEMPT(full) [ 816.160239][ T31] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 816.166226][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 816.176301][ T31] Call Trace: [ 816.179603][ T31] [ 816.182564][ T31] dump_stack_lvl+0x3d/0x1f0 [ 816.187202][ T31] vpanic+0x6e8/0x7a0 [ 816.191239][ T31] ? __pfx_vpanic+0x10/0x10 [ 816.195784][ T31] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 816.201809][ T31] panic+0xca/0xd0 [ 816.205660][ T31] ? __pfx_panic+0x10/0x10 [ 816.210114][ T31] ? preempt_schedule_thunk+0x16/0x30 [ 816.215529][ T31] ? nmi_trigger_cpumask_backtrace+0x1b1/0x300 [ 816.221818][ T31] ? watchdog+0xd78/0x1260 [ 816.226368][ T31] ? watchdog+0xd6b/0x1260 [ 816.230848][ T31] watchdog+0xd89/0x1260 [ 816.235399][ T31] ? __pfx_watchdog+0x10/0x10 [ 816.240120][ T31] ? lockdep_hardirqs_on+0x7c/0x110 [ 816.245537][ T31] ? __kthread_parkme+0x19e/0x250 [ 816.250701][ T31] ? __pfx_watchdog+0x10/0x10 [ 816.255428][ T31] kthread+0x3c5/0x780 [ 816.259531][ T31] ? __pfx_kthread+0x10/0x10 [ 816.264162][ T31] ? rcu_is_watching+0x12/0xc0 [ 816.268954][ T31] ? __pfx_kthread+0x10/0x10 [ 816.273584][ T31] ret_from_fork+0x56d/0x730 [ 816.278209][ T31] ? __pfx_kthread+0x10/0x10 [ 816.282835][ T31] ret_from_fork_asm+0x1a/0x30 [ 816.287652][ T31] [ 816.291013][ T31] Kernel Offset: disabled [ 816.295349][ T31] Rebooting in 86400 seconds..