last executing test programs: 1m12.930637796s ago: executing program 2 (id=4614): mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) socket(0xa, 0x801, 0x84) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r0, 0x0, 0x20) setsockopt$auto(0x3, 0x10000000084, 0x84, 0x0, 0x90) 1m12.724270465s ago: executing program 2 (id=4618): r0 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/security/tomoyo/manager\x00', 0x2, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/module/zswap/parameters/compressor\x00', 0xc0002, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/module/kvm_intel/parameters/vmentry_l1d_flush\x00', 0x82942, 0x0) write$auto_tomoyo_operations_securityfs_if(r0, &(0x7f0000000100)="0a1b9a", 0x3) 1m12.560318059s ago: executing program 2 (id=4621): mmap$auto(0x0, 0x20009, 0xe3, 0x100000eb1, 0x40000000000a1, 0x8000) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) mmap$auto(0x0, 0x20006, 0x4000000000df, 0xeb1, 0x4, 0x8000) connect$auto(0x4, 0x0, 0x10) 1m12.314221138s ago: executing program 2 (id=4625): mmap$auto(0x0, 0x9, 0xdf, 0x1000000eb1, 0x401, 0x8000) r0 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0001, 0x15) mmap$auto(0x0, 0x2, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) timerfd_settime$auto(r0, 0x8000, 0x0, 0x0) 1m11.918098411s ago: executing program 2 (id=4634): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0x1, 0x0) futex$auto(0x0, 0x6, 0x8, 0x0, 0x0, 0xffffffd6) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x402, 0x300000000000) tkill$auto(0x1, 0x7) 1m11.134657803s ago: executing program 2 (id=4646): r0 = socket(0xa, 0x1, 0x84) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) io_uring_setup$auto(0x401, 0x0) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) getsockopt$auto(r0, 0x84, 0x72, 0x0, 0x0) 1m10.776974929s ago: executing program 32 (id=4646): r0 = socket(0xa, 0x1, 0x84) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) io_uring_setup$auto(0x401, 0x0) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) getsockopt$auto(r0, 0x84, 0x72, 0x0, 0x0) 3.353820158s ago: executing program 4 (id=5503): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x1e, 0x5, 0x0) sendto$auto(0x3, 0x0, 0x79, 0x2, &(0x7f0000000440)=@tipc=@name={0x1e, 0x2, 0x3, {{0x1, 0x1}}}, 0x20) recvmmsg$auto(0x3, &(0x7f0000000100)={{0x0, 0x9, &(0x7f0000000080)={0x0, 0x9}, 0x7, 0x0, 0x1, 0x4}, 0x4}, 0x10000, 0x300, 0x0) 3.019836054s ago: executing program 4 (id=5506): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) preadv2$auto(r0, &(0x7f0000000080)={0x0, 0x80000000}, 0x6, 0xffffffffffffffff, 0x0, 0x2e) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0x8c00, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x8800) mprotect$auto(0x0, 0x806121, 0x6) 2.610466786s ago: executing program 3 (id=5507): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0xffffffffffffffff, 0x0) socketpair$auto(0xffffff6c, 0x4, 0x8000000, 0x0) socket(0x11, 0x3, 0x2) socket(0x2, 0x5, 0x0) setsockopt$auto(0x3, 0x10000000084, 0x14, 0x0, 0x8) 2.447662602s ago: executing program 3 (id=5511): r0 = socket(0x2, 0x5, 0x0) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) getcwd$auto(0x0, 0xfffffffffffff4c7) setsockopt$auto(0x3, 0x10000000084, 0x4, 0x0, 0x4) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x10, &(0x7f00000000c0)={0x0, 0x1fff8}, 0x7, 0x0, 0x2, 0xb}, 0xfff}, 0x5, 0x311) 2.146545183s ago: executing program 3 (id=5515): sendmsg$auto_TCP_METRICS_CMD_GET(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x14}, 0x1, 0x0, 0x0, 0x40}, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x100) r0 = socket(0x1d, 0x2, 0x7) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'vcan0\x00', 0x0}) connect$auto(0x3, &(0x7f00000000c0)=@can={0x1d, r1}, 0x18) 2.071447355s ago: executing program 0 (id=5516): mmap$auto(0x0, 0x2000c, 0xdf, 0x20eb1, 0x40000000000a5, 0x8000) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) r0 = getpid() process_vm_readv$auto(r0, &(0x7f0000000000)={0x0, 0xfff}, 0x40000000001, &(0x7f0000000180)={&(0x7f0000000140), 0x40000000001243}, 0xa, 0x0) ioctl$auto(0x3, 0x400454ca, 0x38) write$auto(0x3, 0x0, 0x0) 2.000531711s ago: executing program 3 (id=5517): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) ustat$auto(0x801, 0x0) r0 = socket(0xa, 0x1, 0x84) getsockopt$auto(r0, 0x84, 0x9, 0x0, 0x0) r1 = socket(0xa, 0x2, 0x0) setsockopt$auto(r1, 0x29, 0x30, 0x0, 0x20000) 1.676276114s ago: executing program 0 (id=5518): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x48000}, 0x0) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(0x2, 0x0, &(0x7f0000000000), 0x7) io_uring_register$auto(0x2, 0x1, 0x0, 0x0) 1.410095206s ago: executing program 3 (id=5519): mmap$auto(0x0, 0x2020009, 0x3, 0xf8, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket(0x11, 0x80003, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'geneve0\x00', 0x0}) sendto$auto(0x3, 0x0, 0x11, 0xfffffff9, &(0x7f0000000440)=@xdp={0x2c, 0xa888, r1, 0x10}, 0x22) 1.123414308s ago: executing program 3 (id=5521): socket(0x10, 0x2, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) syz_clone(0x100000, 0x0, 0x0, 0x0, 0x0, 0x0) syz_clone(0x40100100, 0x0, 0x0, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xf8, 0xfffffffffffffffa, 0x8000) 1.078447938s ago: executing program 0 (id=5522): socket(0x10, 0x2, 0x0) mmap$auto(0x0, 0x7f, 0x1, 0xeb1, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_IPVS_CMD_NEW_DAEMON(0xffffffffffffffff, &(0x7f0000003b40)={0x0, 0x0, &(0x7f0000003b00)={&(0x7f0000000040)={0x18, 0x0, 0x1, 0x70bd28, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_DAEMON={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x40080}, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB='Z'], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x8002, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x9}, 0x3, 0x0) 1.076138584s ago: executing program 4 (id=5523): close_range$auto(0x0, 0xfffffffffffff001, 0x2) socket(0x11, 0x80003, 0x300) socket(0x29, 0x5, 0x0) r0 = open(&(0x7f00000000c0)='./cgroup\x00', 0x0, 0xb5d1af1605322cf3) open_by_handle_at$auto(r0, &(0x7f0000000040)={0x8, 0x1, "1700000000000000"}, 0x2) read$auto(0x3, 0x0, 0x5) 942.815527ms ago: executing program 0 (id=5526): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) open(&(0x7f0000000000)='./file0\x00', 0x261c2, 0xb2) mmap$auto(0x0, 0x9, 0x3, 0x8012, 0x3, 0x8000) fallocate$auto(0x8000000000000003, 0x0, 0xd, 0xcbd5d) mlock$auto(0x81, 0xffff) fallocate$auto(0x8000000000000003, 0x3, 0xf, 0x200000004) 701.297579ms ago: executing program 4 (id=5528): mkdir$auto(&(0x7f0000000040)='./file0\x00', 0x2) mkdir$auto(&(0x7f00000000c0)='./file1\x00', 0x9) rename$auto(&(0x7f0000000000)='./file1\x00', &(0x7f0000000040)='./file0/file0\x00') r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000380)='./file0\x00', 0x8000, 0x70) mkdir$auto(&(0x7f0000000000)='./file0/file1\x00', 0x2) renameat2$auto(r0, &(0x7f00000000c0)='./file0\x00', r0, &(0x7f0000000240)='./file1\x00', 0x2) 563.021521ms ago: executing program 1 (id=5529): mmap$auto(0x0, 0x2a, 0xdf, 0x9b72, 0x1000, 0x28000) close_range$auto(0x2, 0x8, 0x0) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vbi15\x00', 0x802, 0x0) r0 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vbi15\x00', 0x42c00, 0x0) ppoll$auto(&(0x7f0000000040)={r0, 0x5, 0xf}, 0x4, 0x0, 0x0, 0x8) ioctl$auto(0x3, 0x40045612, 0x38) 502.650395ms ago: executing program 1 (id=5530): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1e, 0x1, 0xffffffff, 0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/pts/ptmx\x00', 0x0, 0x0) ioctl$auto_TIOCSETD2(r0, 0x5423, 0x0) ioctl$auto_TIOCSTI2(r0, 0x5412, &(0x7f0000000000)='[') close_range$auto(0x2, 0xffffffffffffffff, 0x0) 416.749461ms ago: executing program 1 (id=5531): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x48000}, 0x0) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(0x2, 0x0, &(0x7f0000000000), 0x7) io_uring_register$auto(0x2, 0x1, 0x0, 0x0) 414.349812ms ago: executing program 0 (id=5539): sendmsg$auto_VDPA_CMD_DEV_VSTATS_GET(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x20004045}, 0x48084) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) pipe$auto(&(0x7f0000001480)=0xffffffffffffffff) vmsplice$auto(r0, &(0x7f0000000000)={0x0, 0x7}, 0x5, 0x1) write$auto(0x3, 0x0, 0xffd8) 362.65867ms ago: executing program 4 (id=5532): close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x1d, 0x2, 0x7) socket(0x2, 0x1, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) getsockopt$auto(0x4, 0x6, 0x2b, 0xfffffffffffffffc, 0x0) 204.597468ms ago: executing program 1 (id=5533): r0 = socket(0x10, 0x2, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_SMC_NETLINK_GET_DEV_SMCD(r1, &(0x7f0000004380)={0x0, 0x0, &(0x7f0000004340)={&(0x7f0000004300)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB='\v'], 0x14}, 0x1, 0x0, 0x0, 0x8010}, 0x810) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), r1) r2 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f00000000c0), r1) sendmsg$auto_ETHTOOL_MSG_LINKMODES_GET(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000003c0)={0x3c, r2, 0x1, 0x70bd2d, 0x25dfdbfb, {}, [@ETHTOOL_A_LINKMODES_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @ETHTOOL_A_LINKMODES_HEADER={0x4}, @ETHTOOL_A_LINKMODES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netpci0\x00'}]}]}, 0x3c}, 0x1, 0x0, 0x0, 0x2004d081}, 0x4010) 111.990134ms ago: executing program 1 (id=5534): close_range$auto(0x0, 0xfffffffffffff000, 0x2) mmap$auto(0x0, 0x8, 0x1000000004, 0x9b72, 0x2, 0x8000) r0 = getpid() pidfd_open$auto(r0, 0x0) r1 = epoll_create$auto(0x3e) epoll_ctl$auto(r1, 0x1, 0x8000000000000000, 0x0) 81.968905ms ago: executing program 0 (id=5535): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) ioctl$auto(0xffffffffffffffff, 0x5404, 0x3) fanotify_mark$auto(0xffffffffffffffff, 0x205, 0x199, 0xffffffffffffffff, 0x0) syz_clone3(&(0x7f0000000400)={0x1045100, 0x0, 0x0, 0x0, {0x31}, 0x0, 0x0, 0x0, 0x0}, 0x58) r0 = openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000980)='/proc/self/pagemap\x00', 0x2, 0x0) read$auto(r0, 0x0, 0x39b8) 51.85179ms ago: executing program 1 (id=5536): mmap$auto(0x0, 0x4, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x0) pipe2$auto(0x0, 0x80) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0) write$auto(r0, 0x0, 0xe) 0s ago: executing program 4 (id=5537): r0 = socket(0x2, 0x3, 0xa) open(0x0, 0x149443, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/net/lo/tx_queue_len\x00', 0x100, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/platform/vhci_hcd.0/detach\x00', 0x2501, 0x0) write$auto(r0, &(0x7f0000000380)='0\x81=\"\xad/\x8d\b\x00\x18\xa4\xb0\xb4\xd9\x82=~\x17\xfb&L\xeb=j\a\xf1y\xb3\"\xeb\a\xdd\xf4\xf4Ry\xee\xd7\x1e\x1d\x86\x0f\xcf\x7f\xbf\xab\x12{\xc2\xc2*\xc1M+6/v8\xea\xe9\x85s4\xfe\xe5\t\x7fc\xfb7^\xb86J_\x1d1s!\x01\xff\xfe\xff\xff\xff\xff\xff\x1dF\xe6\xf6\x17\x10+\xc0\xb0\xafc\x99\xd4\x150Y~\x1e\xe2\xd6x4fW\x13\xc4U`\x9e-X\xd7\xe2H^\fLS`\xfc\xbb\r\f\x00\xeaN\xa5\xd2\x82;\x7f\xa0.\x9a\xfb\x8d\xf3l\xf2\xd3\x95\xc1M5\xcb\xa6I\x067\xe36\xea\xe9\xe3\xf44oT_`8\xb3\xef\x04 \x05K\xf9\x87pl\xac\x86\nE\xc7e\xc5Q\x89\xcd@\x1c\x92\x00\x87\x976\x9f>\xa2\xcfm\xec\r\x11\x7f\x00\x00\x00\xb1\xde@\x02\xce\x03\xb7\xb1\xfb\x9fr\v\xb2\xe3\xc7\b\x85K /zm\x7f\x8fg,p\a\xc8\x7f\xa5\x87\x02\x87\xbbR=A\x00\x1f\x8a\xa7/Q\"J\xbb\xb0m\xf2SP\x84\x84S\xf0\xba\x9a\xf6\xb6`WI\xba\xba*8\x9f\xea\xe8K/\x98\xbc7~>\x12\x9buB\xcb\xe4\x8aKf\xba\x8c\x19m\xe6I\x02\xde\x80\x9d\x87}\xf4\xbd9\xaa\xd6\xdb1]\xde\xa0r\x14\xca56^\x94\xd2\xd8\xe6}9\x91\xb6\xf7\xa1=\x96\x11\xf1\\\xa91\x0e\xd1\xe4z\xc1;Pw!\x8b\xf5{\xc7Xd\xf1\xf2}\x96EVf\xc9\xa8\xcd\xe4\xc9\x8d\x1d7\xd5\x94\\\xb5\r\xd2\xaa\xe6H\xfe)\xb3a\x04\x1eRMl\xa3F\xa8W0\x90\xc9Ky#\x03\xf5~\xd2Z\xe9(\x99\b\x00M\xde\x01]\r\xd09k\xc2\x84\xc1\xabN\x96\x8a6\x98@\xd3\xab\xa8m\xdf\x8d\x1d\b\x82\xfcP\x87\x93\x80\x97Q\x86\x8a\x9c\xf8L\x0f\xa8@VE2\x9d\x1e`#\xd8\xd7M\xd4k1\xe6\x13Y\\\x83E\xd0e\x0eM\xa9Q\xac\x0e\x1d]\a\x19H\x81\xd2\xccF\xc6\xd4\xe2R$\xfa\xd6}\xbdsN\x18\xdf\xf5\xffP\xf5\f\xccL\xef\x83\xb3$\xd4\xf4\xb5\xe6\xd0 \xb9\xa7\x8e6\t\x83q\xef\b\xd2\xdb', 0x1) kernel console output (not intermixed with test programs):                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       getty: ttyS0: read error: Resource temporarily unavailable [ 414.052971][T15700] FAULT_INJECTION: forcing a failure. [ 414.052971][T15700] name fail_futex, interval 1, probability 0, space 0, times 0 [ 414.067332][T15700] CPU: 1 UID: 0 PID: 15700 Comm: syz.3.4167 Tainted: G U I syzkaller #0 PREEMPT(full) [ 414.067379][T15700] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 414.067390][T15700] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 414.067406][T15700] Call Trace: [ 414.067414][T15700] [ 414.067423][T15700] dump_stack_lvl+0x16c/0x1f0 [ 414.067462][T15700] should_fail_ex+0x512/0x640 [ 414.067502][T15700] should_fail_futex+0x4c/0x60 [ 414.067533][T15700] __x64_sys_futex+0x25e/0x4c0 [ 414.067568][T15700] ? fdget_pos+0x2b8/0x370 [ 414.067598][T15700] ? __pfx___x64_sys_futex+0x10/0x10 [ 414.067629][T15700] ? xfd_validate_state+0x61/0x180 [ 414.067663][T15700] ? __pfx_ksys_write+0x10/0x10 [ 414.067702][T15700] do_syscall_64+0xcd/0x490 [ 414.067740][T15700] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 414.067766][T15700] RIP: 0033:0x7f364478ebe9 [ 414.067788][T15700] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 414.067814][T15700] RSP: 002b:00007f3645584038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 414.067839][T15700] RAX: ffffffffffffffda RBX: 00007f36449c5fa0 RCX: 00007f364478ebe9 [ 414.067856][T15700] RDX: 0000000000000004 RSI: 000000000000000d RDI: 0000000000000000 [ 414.067872][T15700] RBP: 00007f3644811e19 R08: 0000000000000000 R09: 0000000000000008 [ 414.067887][T15700] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000 [ 414.067903][T15700] R13: 00007f36449c6038 R14: 00007f36449c5fa0 R15: 00007ffee0adaf48 [ 414.067939][T15700] [ 414.189411][ T5869] Bluetooth: hci4: command tx timeout [ 414.279004][T15702] netlink: 342 bytes leftover after parsing attributes in process `syz.3.4168'. [ 414.295924][ T36] team0 (unregistering): Port device team_slave_1 removed [ 414.349148][ T36] team0 (unregistering): Port device team_slave_0 removed [ 414.969501][T15553] chnl_net:caif_netlink_parms(): no params data found [ 415.307666][T15553] bridge0: port 1(bridge_slave_0) entered blocking state [ 415.325674][T15553] bridge0: port 1(bridge_slave_0) entered disabled state [ 415.348198][T15553] bridge_slave_0: entered allmulticast mode [ 415.361754][T15553] bridge_slave_0: entered promiscuous mode [ 415.397837][T15553] bridge0: port 2(bridge_slave_1) entered blocking state [ 415.430415][T15553] bridge0: port 2(bridge_slave_1) entered disabled state [ 415.451468][T15553] bridge_slave_1: entered allmulticast mode [ 415.470942][T15553] bridge_slave_1: entered promiscuous mode [ 415.626815][T15553] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 415.666211][T15553] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 415.761385][T15553] team0: Port device team_slave_0 added [ 415.775203][T15553] team0: Port device team_slave_1 added [ 415.866585][T15553] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 415.876823][T15553] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 415.982675][T15553] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 416.137752][T15553] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 416.180768][T15553] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 416.236032][T15553] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 416.285725][ T5869] Bluetooth: hci4: command tx timeout [ 416.288978][T15750] FAULT_INJECTION: forcing a failure. [ 416.288978][T15750] name failslab, interval 1, probability 0, space 0, times 0 [ 416.318250][T15750] CPU: 1 UID: 0 PID: 15750 Comm: syz.1.4179 Tainted: G U I syzkaller #0 PREEMPT(full) [ 416.318298][T15750] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 416.318308][T15750] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 416.318324][T15750] Call Trace: [ 416.318333][T15750] [ 416.318342][T15750] dump_stack_lvl+0x16c/0x1f0 [ 416.318382][T15750] should_fail_ex+0x512/0x640 [ 416.318417][T15750] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 416.318449][T15750] should_failslab+0xc2/0x120 [ 416.318482][T15750] __kmalloc_cache_noprof+0x6a/0x3e0 [ 416.318508][T15750] ? bpf_lsm_capable+0x9/0x10 [ 416.318533][T15750] ? __do_sys_timerfd_create+0xea/0x3e0 [ 416.318572][T15750] __do_sys_timerfd_create+0xea/0x3e0 [ 416.318604][T15750] ? do_syscall_64+0x91/0x490 [ 416.318638][T15750] do_syscall_64+0xcd/0x490 [ 416.318673][T15750] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 416.318699][T15750] RIP: 0033:0x7f409ad8ebe9 [ 416.318720][T15750] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 416.318744][T15750] RSP: 002b:00007f409bc77038 EFLAGS: 00000246 ORIG_RAX: 000000000000011b [ 416.318768][T15750] RAX: ffffffffffffffda RBX: 00007f409afc5fa0 RCX: 00007f409ad8ebe9 [ 416.318785][T15750] RDX: 0000000000000000 RSI: 0000000000000800 RDI: 0000000000000008 [ 416.318801][T15750] RBP: 00007f409ae11e19 R08: 0000000000000000 R09: 0000000000000000 [ 416.318816][T15750] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 416.318830][T15750] R13: 00007f409afc6038 R14: 00007f409afc5fa0 R15: 00007fff56e57f08 [ 416.318866][T15750] [ 416.587660][T15553] hsr_slave_0: entered promiscuous mode [ 416.604775][T15553] hsr_slave_1: entered promiscuous mode [ 416.632568][T15553] debugfs: 'hsr0' already exists in 'hsr' [ 416.662795][T15553] Cannot create hsr debugfs directory [ 418.009826][T15805] Zero length message leads to an empty skb [ 418.352500][ T5869] Bluetooth: hci4: command tx timeout [ 418.643034][T15553] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 418.680831][T15553] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 418.782233][T15553] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 418.892264][T15553] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 419.401939][T15553] 8021q: adding VLAN 0 to HW filter on device bond0 [ 419.529081][T15553] 8021q: adding VLAN 0 to HW filter on device team0 [ 419.614357][ T68] bridge0: port 1(bridge_slave_0) entered blocking state [ 419.621543][ T68] bridge0: port 1(bridge_slave_0) entered forwarding state [ 419.693972][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 419.701530][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 419.926617][T15553] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 419.982740][T15866] FAULT_INJECTION: forcing a failure. [ 419.982740][T15866] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 419.998651][T15866] CPU: 0 UID: 0 PID: 15866 Comm: syz.1.4214 Tainted: G U I syzkaller #0 PREEMPT(full) [ 419.998702][T15866] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 419.998713][T15866] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 419.998728][T15866] Call Trace: [ 419.998738][T15866] [ 419.998748][T15866] dump_stack_lvl+0x16c/0x1f0 [ 419.998789][T15866] should_fail_ex+0x512/0x640 [ 419.998831][T15866] should_fail_alloc_page+0xe7/0x130 [ 419.998870][T15866] prepare_alloc_pages+0x3c2/0x610 [ 419.998923][T15866] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 419.998958][T15866] ? __lock_acquire+0x62e/0x1ce0 [ 419.999005][T15866] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 419.999041][T15866] ? find_held_lock+0x2b/0x80 [ 419.999076][T15866] ? page_table_check_set+0x631/0x750 [ 419.999111][T15866] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 419.999150][T15866] ? policy_nodemask+0xea/0x4e0 [ 419.999188][T15866] alloc_pages_mpol+0x1fb/0x550 [ 419.999223][T15866] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 419.999260][T15866] ? __lock_acquire+0x62e/0x1ce0 [ 419.999296][T15866] folio_alloc_mpol_noprof+0x36/0x2f0 [ 419.999336][T15866] vma_alloc_folio_noprof+0xed/0x1e0 [ 419.999373][T15866] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 419.999422][T15866] do_pte_missing+0x2230/0x3ba0 [ 419.999451][T15866] ? find_held_lock+0x2b/0x80 [ 419.999486][T15866] __handle_mm_fault+0x152a/0x2a50 [ 419.999524][T15866] ? __pfx___handle_mm_fault+0x10/0x10 [ 419.999557][T15866] ? lock_vma_under_rcu+0x1eb/0x530 [ 419.999595][T15866] ? __pfx_lock_vma_under_rcu+0x10/0x10 [ 419.999631][T15866] handle_mm_fault+0x589/0xd10 [ 419.999659][T15866] ? trace_raw_output_exceptions+0x131/0x150 [ 419.999700][T15866] do_user_addr_fault+0x60c/0x1370 [ 419.999743][T15866] ? rcu_is_watching+0x12/0xc0 [ 419.999773][T15866] exc_page_fault+0x5c/0xb0 [ 419.999807][T15866] asm_exc_page_fault+0x26/0x30 [ 419.999832][T15866] RIP: 0033:0x7f409ac5a5ab [ 419.999854][T15866] Code: 00 00 00 48 8d 3d 3d 3a 19 00 48 89 c1 31 c0 e8 4b 3c ff ff eb d2 66 0f 1f 84 00 00 00 00 00 55 31 c0 53 48 81 ec 68 10 00 00 <48> 89 7c 24 08 48 8d 3d 71 3a 19 00 48 89 34 24 48 8b 14 24 48 8b [ 419.999879][T15866] RSP: 002b:00007f409bc75fb0 EFLAGS: 00010202 [ 419.999907][T15866] RAX: 0000000000000000 RBX: 00007f409afc5fa0 RCX: 0000000000000000 [ 419.999924][T15866] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000200000000100 [ 419.999941][T15866] RBP: 00007f409ae11e19 R08: 0000000000000000 R09: 0000000000000000 [ 419.999957][T15866] R10: 0000200000000100 R11: 0000000000000000 R12: 0000000000000000 [ 419.999971][T15866] R13: 00007f409afc6038 R14: 00007f409afc5fa0 R15: 00007fff56e57f08 [ 420.000007][T15866] [ 420.000212][T15866] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF [ 420.707793][T15553] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 420.936256][T15553] veth0_vlan: entered promiscuous mode [ 420.959208][T15553] veth1_vlan: entered promiscuous mode [ 421.060349][T15553] veth0_macvtap: entered promiscuous mode [ 421.158526][T15553] veth1_macvtap: entered promiscuous mode [ 421.268313][T15553] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 421.347888][T15553] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 421.461828][ T36] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 421.504247][ T36] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 421.567301][ T36] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 421.596191][ T36] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 421.842333][ T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 421.863036][ T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 422.008129][ T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 422.062064][ T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 422.246463][T15553] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 425.666862][T16004] FAULT_INJECTION: forcing a failure. [ 425.666862][T16004] name failslab, interval 1, probability 0, space 0, times 0 [ 425.680131][T16004] CPU: 0 UID: 0 PID: 16004 Comm: syz.1.4247 Tainted: G U I syzkaller #0 PREEMPT(full) [ 425.680177][T16004] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 425.680188][T16004] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 425.680204][T16004] Call Trace: [ 425.680213][T16004] [ 425.680223][T16004] dump_stack_lvl+0x16c/0x1f0 [ 425.680265][T16004] should_fail_ex+0x512/0x640 [ 425.680306][T16004] should_failslab+0xc2/0x120 [ 425.680342][T16004] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 425.680381][T16004] ? do_raw_spin_lock+0x12c/0x2b0 [ 425.680420][T16004] ? inet_bind2_bucket_create+0x36/0x580 [ 425.680451][T16004] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 425.680492][T16004] inet_bind2_bucket_create+0x36/0x580 [ 425.680527][T16004] inet_csk_get_port+0x17c4/0x2890 [ 425.680569][T16004] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 425.680617][T16004] ? __local_bh_enable_ip+0xa4/0x120 [ 425.680653][T16004] __inet_bind+0x580/0xc50 [ 425.680688][T16004] inet_bind+0xdb/0x120 [ 425.680715][T16004] kernel_bind+0xfc/0x180 [ 425.680753][T16004] ? __pfx_kernel_bind+0x10/0x10 [ 425.680808][T16004] ? __local_bh_enable_ip+0xa4/0x120 [ 425.680843][T16004] smc_bind+0x2f8/0x3b0 [ 425.680883][T16004] __sys_bind+0x1a4/0x260 [ 425.680912][T16004] ? __pfx___sys_bind+0x10/0x10 [ 425.680955][T16004] ? __pfx_ksys_write+0x10/0x10 [ 425.680994][T16004] __x64_sys_bind+0x72/0xb0 [ 425.681019][T16004] ? lockdep_hardirqs_on+0x7c/0x110 [ 425.681051][T16004] do_syscall_64+0xcd/0x490 [ 425.681089][T16004] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 425.681114][T16004] RIP: 0033:0x7f409ad8ebe9 [ 425.681136][T16004] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 425.681161][T16004] RSP: 002b:00007f409bc77038 EFLAGS: 00000246 ORIG_RAX: 0000000000000031 [ 425.681186][T16004] RAX: ffffffffffffffda RBX: 00007f409afc5fa0 RCX: 00007f409ad8ebe9 [ 425.681205][T16004] RDX: 000000000000006a RSI: 0000200000000040 RDI: 0000000000000003 [ 425.681222][T16004] RBP: 00007f409ae11e19 R08: 0000000000000000 R09: 0000000000000000 [ 425.681238][T16004] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 425.681253][T16004] R13: 00007f409afc6038 R14: 00007f409afc5fa0 R15: 00007fff56e57f08 [ 425.681290][T16004] [ 426.142640][T16013] FAULT_INJECTION: forcing a failure. [ 426.142640][T16013] name failslab, interval 1, probability 0, space 0, times 0 [ 426.156018][T16013] CPU: 1 UID: 0 PID: 16013 Comm: syz.1.4253 Tainted: G U I syzkaller #0 PREEMPT(full) [ 426.156075][T16013] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 426.156087][T16013] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 426.156103][T16013] Call Trace: [ 426.156112][T16013] [ 426.156122][T16013] dump_stack_lvl+0x16c/0x1f0 [ 426.156163][T16013] should_fail_ex+0x512/0x640 [ 426.156198][T16013] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 426.156230][T16013] should_failslab+0xc2/0x120 [ 426.156263][T16013] __kmalloc_cache_noprof+0x6a/0x3e0 [ 426.156288][T16013] ? find_held_lock+0x2b/0x80 [ 426.156313][T16013] ? yama_ptracer_add+0x48/0x590 [ 426.156354][T16013] yama_ptracer_add+0x48/0x590 [ 426.156392][T16013] yama_task_prctl+0xf4/0x1d0 [ 426.156429][T16013] security_task_prctl+0xbf/0x160 [ 426.156473][T16013] __do_sys_prctl+0xaa/0x20e0 [ 426.156515][T16013] ? __pfx___do_sys_prctl+0x10/0x10 [ 426.156564][T16013] do_syscall_64+0xcd/0x490 [ 426.156601][T16013] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 426.156627][T16013] RIP: 0033:0x7f409ad8ebe9 [ 426.156647][T16013] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 426.156672][T16013] RSP: 002b:00007f409bc77038 EFLAGS: 00000246 ORIG_RAX: 000000000000009d [ 426.156696][T16013] RAX: ffffffffffffffda RBX: 00007f409afc5fa0 RCX: 00007f409ad8ebe9 [ 426.156714][T16013] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000059616d61 [ 426.156729][T16013] RBP: 00007f409ae11e19 R08: 0000000000000000 R09: 0000000000000000 [ 426.156746][T16013] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 426.156761][T16013] R13: 00007f409afc6038 R14: 00007f409afc5fa0 R15: 00007fff56e57f08 [ 426.156797][T16013] [ 427.241856][T16026] syz.2.4257 (16026): /proc/16024/oom_adj is deprecated, please use /proc/16024/oom_score_adj instead. [ 427.241945][T16038] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 427.994501][T16057] netlink: 342 bytes leftover after parsing attributes in process `syz.0.4269'. [ 429.148001][T16093] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 429.522716][ T5869] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 431.605294][T16173] syz.3.4312 uses obsolete (PF_INET,SOCK_PACKET) [ 432.228629][T16199] netlink: 19 bytes leftover after parsing attributes in process `syz.3.4321'. [ 432.430635][ T5866] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 433.025000][T16232] FAULT_INJECTION: forcing a failure. [ 433.025000][T16232] name fail_futex, interval 1, probability 0, space 0, times 0 [ 433.038913][T16232] CPU: 1 UID: 0 PID: 16232 Comm: syz.3.4331 Tainted: G U I syzkaller #0 PREEMPT(full) [ 433.038957][T16232] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 433.038967][T16232] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 433.038980][T16232] Call Trace: [ 433.038989][T16232] [ 433.038998][T16232] dump_stack_lvl+0x16c/0x1f0 [ 433.039037][T16232] should_fail_ex+0x512/0x640 [ 433.039079][T16232] should_fail_futex+0x4c/0x60 [ 433.039108][T16232] futex_lock_pi_atomic+0x101/0xd50 [ 433.039152][T16232] futex_lock_pi+0x23f/0x7c0 [ 433.039195][T16232] ? __pfx_futex_lock_pi+0x10/0x10 [ 433.039230][T16232] ? __futex_wait+0x24c/0x2f0 [ 433.039274][T16232] ? lockdep_hardirqs_on+0x7c/0x110 [ 433.039327][T16232] ? futex_private_hash_put+0x18a/0x300 [ 433.039363][T16232] ? __pfx_futex_wake_mark+0x10/0x10 [ 433.039412][T16232] ? ksys_write+0x190/0x250 [ 433.039448][T16232] do_futex+0x11a/0x350 [ 433.039480][T16232] ? __pfx_do_futex+0x10/0x10 [ 433.039522][T16232] __x64_sys_futex+0x1e0/0x4c0 [ 433.039555][T16232] ? fput+0x9b/0xd0 [ 433.039588][T16232] ? __pfx___x64_sys_futex+0x10/0x10 [ 433.039620][T16232] ? xfd_validate_state+0x61/0x180 [ 433.039655][T16232] ? __pfx_ksys_write+0x10/0x10 [ 433.039701][T16232] do_syscall_64+0xcd/0x490 [ 433.039739][T16232] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 433.039766][T16232] RIP: 0033:0x7f364478ebe9 [ 433.039787][T16232] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 433.039812][T16232] RSP: 002b:00007f3645584038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 433.039837][T16232] RAX: ffffffffffffffda RBX: 00007f36449c5fa0 RCX: 00007f364478ebe9 [ 433.039853][T16232] RDX: 0000000000000008 RSI: 0000000000000006 RDI: 0000000000000000 [ 433.039868][T16232] RBP: 00007f3644811e19 R08: 0000000000000000 R09: 000000008000fff2 [ 433.039885][T16232] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 433.039900][T16232] R13: 00007f36449c6038 R14: 00007f36449c5fa0 R15: 00007ffee0adaf48 [ 433.039938][T16232] [ 433.858920][ T30] audit: type=1800 audit(1756914410.260:28): pid=16249 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.4341" name="dynamic_events" dev="tracefs" ino=1055 res=0 errno=0 [ 434.514963][T16275] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 435.802770][ T5869] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18 [ 437.105929][T16377] netlink: 'syz.0.4395': attribute type 4 has an invalid length. [ 437.115862][T16377] netlink: 314 bytes leftover after parsing attributes in process `syz.0.4395'. [ 439.269251][T16408] kexec: Could not allocate control_code_buffer [ 439.401292][ T5866] Bluetooth: hci4: unexpected subevent 0x01 length: 123 > 18 [ 439.529561][T16456] FAULT_INJECTION: forcing a failure. [ 439.529561][T16456] name failslab, interval 1, probability 0, space 0, times 0 [ 439.545317][T16456] CPU: 0 UID: 0 PID: 16456 Comm: syz.1.4430 Tainted: G U I syzkaller #0 PREEMPT(full) [ 439.545373][T16456] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 439.545384][T16456] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 439.545399][T16456] Call Trace: [ 439.545408][T16456] [ 439.545419][T16456] dump_stack_lvl+0x16c/0x1f0 [ 439.545460][T16456] should_fail_ex+0x512/0x640 [ 439.545495][T16456] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 439.545527][T16456] should_failslab+0xc2/0x120 [ 439.545562][T16456] __kmalloc_cache_noprof+0x6a/0x3e0 [ 439.545589][T16456] ? snd_pcm_oss_change_params_locked+0x247/0x3a30 [ 439.545617][T16456] ? kasan_save_track+0x14/0x30 [ 439.545650][T16456] snd_pcm_oss_change_params_locked+0x247/0x3a30 [ 439.545687][T16456] ? __mutex_lock+0x1c5/0x1060 [ 439.545729][T16456] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 439.545759][T16456] ? __pfx___mutex_lock+0x10/0x10 [ 439.545800][T16456] ? __fsnotify_parent+0x24b/0xc40 [ 439.545838][T16456] snd_pcm_oss_make_ready+0xe6/0x1b0 [ 439.545863][T16456] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 439.545884][T16456] snd_pcm_oss_sync+0x1de/0x840 [ 439.545910][T16456] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 439.545932][T16456] snd_pcm_oss_release+0x28b/0x310 [ 439.545956][T16456] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 439.545978][T16456] __fput+0x3ff/0xb70 [ 439.546014][T16456] task_work_run+0x14d/0x240 [ 439.546064][T16456] ? __pfx_task_work_run+0x10/0x10 [ 439.546100][T16456] ? __pfx___do_sys_close_range+0x10/0x10 [ 439.546134][T16456] exit_to_user_mode_loop+0xeb/0x110 [ 439.546169][T16456] do_syscall_64+0x3f6/0x490 [ 439.546205][T16456] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 439.546230][T16456] RIP: 0033:0x7f409ad8ebe9 [ 439.546250][T16456] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 439.546274][T16456] RSP: 002b:00007f409bc77038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 439.546298][T16456] RAX: 0000000000000000 RBX: 00007f409afc5fa0 RCX: 00007f409ad8ebe9 [ 439.546315][T16456] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000000 [ 439.546330][T16456] RBP: 00007f409ae11e19 R08: 0000000000000000 R09: 0000000000000000 [ 439.546346][T16456] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 439.546361][T16456] R13: 00007f409afc6038 R14: 00007f409afc5fa0 R15: 00007fff56e57f08 [ 439.546396][T16456] [ 440.111291][T16468] process 'syz.2.4434' launched '/dev/fd/4' with NULL argv: empty string added [ 441.404170][T16525] nbd: socks must be embedded in a SOCK_ITEM attr [ 441.411570][T16525] block nbd0: shutting down sockets [ 442.035809][T16560] audit: audit_lost=1 audit_rate_limit=0 audit_backlog_limit=64 [ 442.067646][T16560] audit: out of memory in audit_log_start [ 442.944004][ T30] audit: type=1804 audit(1756914419.345:29): pid=16595 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.4482" name="/newroot/1072/file0" dev="tmpfs" ino=5457 res=1 errno=0 [ 442.975749][T16587] zswap: compressor 000 not available [ 443.020303][ T30] audit: type=1804 audit(1756914419.375:30): pid=16596 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.4482" name="/newroot/1072/file0" dev="tmpfs" ino=5457 res=1 errno=0 [ 443.076944][ T30] audit: type=1800 audit(1756914419.385:31): pid=16595 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.4482" name="file0" dev="tmpfs" ino=5457 res=0 errno=0 [ 443.616969][ T5869] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 443.625537][ T5869] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection [ 444.282172][T16642] netlink: 346 bytes leftover after parsing attributes in process `syz.2.4501'. [ 444.496467][T16654] FAULT_INJECTION: forcing a failure. [ 444.496467][T16654] name failslab, interval 1, probability 0, space 0, times 0 [ 444.544062][T16654] CPU: 0 UID: 0 PID: 16654 Comm: syz.2.4508 Tainted: G U I syzkaller #0 PREEMPT(full) [ 444.544110][T16654] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 444.544122][T16654] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 444.544137][T16654] Call Trace: [ 444.544147][T16654] [ 444.544158][T16654] dump_stack_lvl+0x16c/0x1f0 [ 444.544200][T16654] should_fail_ex+0x512/0x640 [ 444.544234][T16654] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 444.544265][T16654] should_failslab+0xc2/0x120 [ 444.544305][T16654] __kmalloc_cache_noprof+0x6a/0x3e0 [ 444.544334][T16654] ? snd_pcm_oss_change_params_locked+0x247/0x3a30 [ 444.544363][T16654] ? kasan_save_track+0x14/0x30 [ 444.544397][T16654] snd_pcm_oss_change_params_locked+0x247/0x3a30 [ 444.544430][T16654] ? __mutex_lock+0x1c5/0x1060 [ 444.544466][T16654] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 444.544493][T16654] ? __pfx___mutex_lock+0x10/0x10 [ 444.544528][T16654] ? __fsnotify_parent+0x24b/0xc40 [ 444.544566][T16654] snd_pcm_oss_make_ready+0xe6/0x1b0 [ 444.544591][T16654] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 444.544614][T16654] snd_pcm_oss_sync+0x1de/0x840 [ 444.544644][T16654] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 444.544669][T16654] snd_pcm_oss_release+0x28b/0x310 [ 444.544697][T16654] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 444.544722][T16654] __fput+0x3ff/0xb70 [ 444.544767][T16654] task_work_run+0x14d/0x240 [ 444.544806][T16654] ? __pfx_task_work_run+0x10/0x10 [ 444.544845][T16654] ? __pfx___do_sys_close_range+0x10/0x10 [ 444.544883][T16654] exit_to_user_mode_loop+0xeb/0x110 [ 444.544921][T16654] do_syscall_64+0x3f6/0x490 [ 444.544958][T16654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 444.544983][T16654] RIP: 0033:0x7fb01fb8ebe9 [ 444.545005][T16654] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 444.545029][T16654] RSP: 002b:00007fb0209f3038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 444.545053][T16654] RAX: 0000000000000000 RBX: 00007fb01fdc5fa0 RCX: 00007fb01fb8ebe9 [ 444.545070][T16654] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000000 [ 444.545084][T16654] RBP: 00007fb01fc11e19 R08: 0000000000000000 R09: 0000000000000000 [ 444.545100][T16654] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 444.545115][T16654] R13: 00007fb01fdc6038 R14: 00007fb01fdc5fa0 R15: 00007ffe699bff58 [ 444.545152][T16654] [ 444.932536][ T5866] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 444.942349][ T5866] Bluetooth: hci1: Ignoring HCI_Connection_Complete for existing connection [ 445.012423][T16662] ima: policy update failed [ 445.060082][ T30] audit: type=1802 audit(1756914421.424:32): pid=16662 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.2.4512" res=0 errno=0 [ 445.411094][ T1305] ieee802154 phy0 wpan0: encryption failed: -22 [ 445.417683][ T1305] ieee802154 phy1 wpan1: encryption failed: -22 [ 445.610415][ T4611] netdevsim netdevsim15 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 447.041916][T16755] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4541'. [ 447.874932][T16776] zswap: compressor 000 not available [ 448.636021][ T30] audit: type=1804 audit(1756914425.003:33): pid=16823 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.4564" name="/newroot/1275/file0" dev="tmpfs" ino=6497 res=1 errno=0 [ 448.742058][ T30] audit: type=1804 audit(1756914425.133:34): pid=16819 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.4564" name="/newroot/1275/file0" dev="tmpfs" ino=6497 res=1 errno=0 [ 449.496082][T16846] netlink: 139 bytes leftover after parsing attributes in process `syz.0.4575'. [ 450.729601][T16884] FAULT_INJECTION: forcing a failure. [ 450.729601][T16884] name failslab, interval 1, probability 0, space 0, times 0 [ 450.775842][T16884] CPU: 0 UID: 0 PID: 16884 Comm: syz.2.4590 Tainted: G U I syzkaller #0 PREEMPT(full) [ 450.775890][T16884] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 450.775900][T16884] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 450.775913][T16884] Call Trace: [ 450.775922][T16884] [ 450.775931][T16884] dump_stack_lvl+0x16c/0x1f0 [ 450.775980][T16884] should_fail_ex+0x512/0x640 [ 450.776013][T16884] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 450.776045][T16884] should_failslab+0xc2/0x120 [ 450.776077][T16884] __kmalloc_cache_noprof+0x6a/0x3e0 [ 450.776103][T16884] ? debug_mutex_init+0x37/0x70 [ 450.776126][T16884] ? do_inotify_init+0xa2/0x5f0 [ 450.776166][T16884] do_inotify_init+0xa2/0x5f0 [ 450.776197][T16884] ? rcu_is_watching+0x12/0xc0 [ 450.776227][T16884] __x64_sys_inotify_init1+0x30/0x40 [ 450.776262][T16884] do_syscall_64+0xcd/0x490 [ 450.776298][T16884] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 450.776324][T16884] RIP: 0033:0x7fb01fb8ebe9 [ 450.776345][T16884] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 450.776370][T16884] RSP: 002b:00007fb0209f3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000126 [ 450.776394][T16884] RAX: ffffffffffffffda RBX: 00007fb01fdc5fa0 RCX: 00007fb01fb8ebe9 [ 450.776412][T16884] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0003000000000000 [ 450.776428][T16884] RBP: 00007fb01fc11e19 R08: 0000000000000000 R09: 0000000000000000 [ 450.776443][T16884] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 450.776458][T16884] R13: 00007fb01fdc6038 R14: 00007fb01fdc5fa0 R15: 00007ffe699bff58 [ 450.776494][T16884] [ 451.491885][T16915] FAULT_INJECTION: forcing a failure. [ 451.491885][T16915] name fail_futex, interval 1, probability 0, space 0, times 0 [ 451.558887][T16915] CPU: 1 UID: 0 PID: 16915 Comm: syz.2.4601 Tainted: G U I syzkaller #0 PREEMPT(full) [ 451.558932][T16915] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 451.558942][T16915] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 451.558957][T16915] Call Trace: [ 451.558966][T16915] [ 451.558976][T16915] dump_stack_lvl+0x16c/0x1f0 [ 451.559015][T16915] should_fail_ex+0x512/0x640 [ 451.559050][T16915] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 451.559080][T16915] get_futex_key+0x1d0/0x1560 [ 451.559115][T16915] ? __pfx_get_futex_key+0x10/0x10 [ 451.559157][T16915] futex_wake+0xea/0x530 [ 451.559196][T16915] ? __pfx_futex_wake+0x10/0x10 [ 451.559236][T16915] ? __pfx___might_resched+0x10/0x10 [ 451.559261][T16915] ? rcu_is_watching+0x12/0xc0 [ 451.559286][T16915] ? lockdep_init_map_type+0x5c/0x280 [ 451.559323][T16915] do_futex+0x1e3/0x350 [ 451.559355][T16915] ? __pfx_do_futex+0x10/0x10 [ 451.559386][T16915] ? file_init_path+0x4fe/0x760 [ 451.559425][T16915] __x64_sys_futex+0x1e0/0x4c0 [ 451.559461][T16915] ? __pfx___x64_sys_futex+0x10/0x10 [ 451.559506][T16915] do_syscall_64+0xcd/0x490 [ 451.559541][T16915] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 451.559565][T16915] RIP: 0033:0x7fb01fb8ebe9 [ 451.559592][T16915] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 451.559618][T16915] RSP: 002b:00007fb0209f30e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 451.559642][T16915] RAX: ffffffffffffffda RBX: 00007fb01fdc5fa8 RCX: 00007fb01fb8ebe9 [ 451.559660][T16915] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fb01fdc5fac [ 451.559676][T16915] RBP: 00007fb01fdc5fa0 R08: 00007fb0209f4000 R09: 0000000000000000 [ 451.559692][T16915] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000000000 [ 451.559707][T16915] R13: 00007fb01fdc6038 R14: 00007ffe699bfe70 R15: 00007ffe699bff58 [ 451.559742][T16915] [ 453.450183][T16990] netlink: 'syz.1.4633': attribute type 1 has an invalid length. [ 454.042438][ T30] audit: type=1804 audit(1756914430.433:35): pid=17015 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.4641" name="/newroot/88/file0" dev="tmpfs" ino=464 res=1 errno=0 [ 454.112409][ T30] audit: type=1804 audit(1756914430.463:36): pid=17016 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.4641" name="/newroot/88/file0" dev="tmpfs" ino=464 res=1 errno=0 [ 454.197321][ T30] audit: type=1800 audit(1756914430.483:37): pid=17015 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.4641" name="file0" dev="tmpfs" ino=464 res=0 errno=0 [ 454.341870][ T49] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 454.504798][ T49] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 454.590613][ T49] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 454.650286][T17028] FAULT_INJECTION: forcing a failure. [ 454.650286][T17028] name failslab, interval 1, probability 0, space 0, times 0 [ 454.665434][T17028] CPU: 1 UID: 0 PID: 17028 Comm: syz.3.4650 Tainted: G U I syzkaller #0 PREEMPT(full) [ 454.665482][T17028] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 454.665492][T17028] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 454.665508][T17028] Call Trace: [ 454.665517][T17028] [ 454.665528][T17028] dump_stack_lvl+0x16c/0x1f0 [ 454.665569][T17028] should_fail_ex+0x512/0x640 [ 454.665605][T17028] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 454.665636][T17028] should_failslab+0xc2/0x120 [ 454.665669][T17028] __kmalloc_cache_noprof+0x6a/0x3e0 [ 454.665698][T17028] ? __do_sys_memfd_create+0x17b/0x8a0 [ 454.665738][T17028] __do_sys_memfd_create+0x17b/0x8a0 [ 454.665777][T17028] do_syscall_64+0xcd/0x490 [ 454.665813][T17028] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 454.665839][T17028] RIP: 0033:0x7f364478ebe9 [ 454.665859][T17028] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 454.665883][T17028] RSP: 002b:00007f3645584038 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 454.665904][T17028] RAX: ffffffffffffffda RBX: 00007f36449c5fa0 RCX: 00007f364478ebe9 [ 454.665918][T17028] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000000 [ 454.665932][T17028] RBP: 00007f3644811e19 R08: 0000000000000000 R09: 0000000000000000 [ 454.665948][T17028] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 454.665963][T17028] R13: 00007f36449c6038 R14: 00007f36449c5fa0 R15: 00007ffee0adaf48 [ 454.665997][T17028] [ 454.849450][ T49] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 455.060033][T17034] bridge0: port 3(bond0) entered blocking state [ 455.086028][T17034] bridge0: port 3(bond0) entered disabled state [ 455.092511][T17034] bond0: entered allmulticast mode [ 455.136436][T17034] bond_slave_0: entered allmulticast mode [ 455.142992][T17034] bond_slave_1: entered allmulticast mode [ 455.161961][T17040] netlink: 130 bytes leftover after parsing attributes in process `syz.1.4654'. [ 455.179586][ T5866] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 455.191479][ T5866] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 455.202949][ T5866] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 455.213028][ T5866] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 455.223830][ T5866] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 455.234739][T17034] bond0: entered promiscuous mode [ 455.241020][T17034] bond_slave_0: entered promiscuous mode [ 455.247467][T17034] bond_slave_1: entered promiscuous mode [ 455.254934][T17034] bridge0: port 3(bond0) entered blocking state [ 455.261466][T17034] bridge0: port 3(bond0) entered forwarding state [ 455.269976][ T49] gretap0: left allmulticast mode [ 455.275218][ T49] gretap0: left promiscuous mode [ 455.281422][ T49] bridge0: port 4(gretap0) entered disabled state [ 455.306362][ T49] team0: left allmulticast mode [ 455.311363][ T49] team_slave_0: left allmulticast mode [ 455.326526][ T49] team_slave_1: left allmulticast mode [ 455.332230][ T49] team0: left promiscuous mode [ 455.337613][ T49] team_slave_0: left promiscuous mode [ 455.343478][ T49] team_slave_1: left promiscuous mode [ 455.353832][ T49] bridge0: port 3(team0) entered disabled state [ 455.393758][ T49] bridge_slave_1: left allmulticast mode [ 455.405869][ T49] bridge_slave_1: left promiscuous mode [ 455.411703][ T49] bridge0: port 2(bridge_slave_1) entered disabled state [ 455.423047][ T49] bridge_slave_0: left allmulticast mode [ 455.429975][ T49] bridge_slave_0: left promiscuous mode [ 455.436355][ T49] bridge0: port 1(bridge_slave_0) entered disabled state [ 455.961033][ T49] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 455.972346][ T49] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 455.984012][ T49] bond0 (unregistering): Released all slaves [ 456.444303][T17037] chnl_net:caif_netlink_parms(): no params data found [ 456.560809][ T49] hsr_slave_0: left promiscuous mode [ 456.570882][ T49] hsr_slave_1: left promiscuous mode [ 456.579143][ T49] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 456.590846][ T49] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 456.604863][ T49] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 456.620836][ T49] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 456.649070][ T49] veth1_macvtap: left promiscuous mode [ 456.654753][ T49] veth0_macvtap: left promiscuous mode [ 456.665469][ T49] veth1_vlan: left promiscuous mode [ 456.671246][ T49] veth0_vlan: left promiscuous mode [ 457.120754][ T49] team0 (unregistering): Port device team_slave_1 removed [ 457.163926][ T49] team0 (unregistering): Port device team_slave_0 removed [ 457.329901][ T5869] Bluetooth: hci3: command tx timeout [ 457.617565][T17037] bridge0: port 1(bridge_slave_0) entered blocking state [ 457.625016][T17037] bridge0: port 1(bridge_slave_0) entered disabled state [ 457.633008][T17037] bridge_slave_0: entered allmulticast mode [ 457.642078][T17037] bridge_slave_0: entered promiscuous mode [ 457.650640][T17037] bridge0: port 2(bridge_slave_1) entered blocking state [ 457.658051][T17037] bridge0: port 2(bridge_slave_1) entered disabled state [ 457.665327][T17037] bridge_slave_1: entered allmulticast mode [ 457.672629][T17037] bridge_slave_1: entered promiscuous mode [ 457.730089][T17037] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 457.751038][T17037] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 457.831677][T17037] team0: Port device team_slave_0 added [ 457.856895][T17037] team0: Port device team_slave_1 added [ 457.915906][T17037] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 457.924542][T17037] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 457.952397][T17037] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 457.974325][T17037] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 457.981609][T17037] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 458.007812][T17037] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 458.096874][T17037] hsr_slave_0: entered promiscuous mode [ 458.103690][T17037] hsr_slave_1: entered promiscuous mode [ 458.400830][T17037] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 458.419389][T17037] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 458.431498][T17037] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 458.442872][T17037] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 458.479295][T17037] bridge0: port 2(bridge_slave_1) entered blocking state [ 458.486529][T17037] bridge0: port 2(bridge_slave_1) entered forwarding state [ 458.494084][T17037] bridge0: port 1(bridge_slave_0) entered blocking state [ 458.501306][T17037] bridge0: port 1(bridge_slave_0) entered forwarding state [ 458.589578][T17037] 8021q: adding VLAN 0 to HW filter on device bond0 [ 458.607765][ T68] bridge0: port 1(bridge_slave_0) entered disabled state [ 458.622937][ T68] bridge0: port 2(bridge_slave_1) entered disabled state [ 458.660604][T17037] 8021q: adding VLAN 0 to HW filter on device team0 [ 458.678113][ T68] bridge0: port 1(bridge_slave_0) entered blocking state [ 458.685282][ T68] bridge0: port 1(bridge_slave_0) entered forwarding state [ 458.708651][ T68] bridge0: port 2(bridge_slave_1) entered blocking state [ 458.715875][ T68] bridge0: port 2(bridge_slave_1) entered forwarding state [ 459.090815][T17037] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 459.406031][ T5869] Bluetooth: hci3: command tx timeout [ 459.467244][T17037] veth0_vlan: entered promiscuous mode [ 459.481372][T17037] veth1_vlan: entered promiscuous mode [ 459.523986][T17037] veth0_macvtap: entered promiscuous mode [ 459.544930][T17037] veth1_macvtap: entered promiscuous mode [ 459.581496][T17037] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 459.603329][T17037] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 459.630063][ T49] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 459.644444][ T49] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 459.663016][ T49] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 459.694268][ T49] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 459.813118][ T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 459.826979][ T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 459.871375][ T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 459.879894][ T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 461.035967][ T30] audit: type=1804 audit(1756914437.423:38): pid=17155 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.4657" name="/newroot/1/file0" dev="tmpfs" ino=23 res=1 errno=0 [ 461.066560][T17159] nbd: socks must be embedded in a SOCK_ITEM attr [ 461.080986][T17159] block nbd0: shutting down sockets [ 461.090869][ T30] audit: type=1804 audit(1756914437.433:39): pid=17160 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.4.4657" name="/newroot/1/file0" dev="tmpfs" ino=23 res=1 errno=0 [ 461.121345][ T30] audit: type=1800 audit(1756914437.433:40): pid=17155 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.4657" name="file0" dev="tmpfs" ino=23 res=0 errno=0 [ 461.486031][ T5869] Bluetooth: hci3: command tx timeout [ 462.052096][T17190] capability: warning: `syz.3.4676' uses 32-bit capabilities (legacy support in use) [ 462.306480][T17195] IPVS: length: 7562853 != 24 [ 462.514536][ T30] audit: type=1804 audit(1756914438.903:41): pid=17200 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.4679" name="/newroot/1112/file0" dev="tmpfs" ino=5659 res=1 errno=0 [ 462.569481][ T30] audit: type=1804 audit(1756914438.903:42): pid=17205 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.4679" name="/newroot/1112/file0" dev="tmpfs" ino=5659 res=1 errno=0 [ 462.595806][ T30] audit: type=1800 audit(1756914438.943:43): pid=17200 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.4679" name="file0" dev="tmpfs" ino=5659 res=0 errno=0 [ 463.242058][T17223] program syz.1.4689 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 463.565701][ T5869] Bluetooth: hci3: command tx timeout [ 463.612326][ T5869] Bluetooth: hci4: SCO packet too small [ 464.462505][T17273] bridge0: port 3(bond0) entered blocking state [ 464.469242][T17273] bridge0: port 3(bond0) entered disabled state [ 464.477436][T17273] bond0: entered allmulticast mode [ 464.482819][T17273] bond_slave_0: entered allmulticast mode [ 464.492363][T17273] bond_slave_1: entered allmulticast mode [ 464.529765][T17273] bond0: entered promiscuous mode [ 464.566984][T17273] bond_slave_0: entered promiscuous mode [ 464.610098][T17273] bond_slave_1: entered promiscuous mode [ 464.640038][T17273] bridge0: port 3(bond0) entered blocking state [ 464.646616][T17273] bridge0: port 3(bond0) entered forwarding state [ 465.016850][T17288] __vm_enough_memory: pid: 17288, comm: syz.1.4719, bytes: 4398046511104 not enough memory for the allocation [ 465.551161][T17300] netlink: 350 bytes leftover after parsing attributes in process `syz.3.4722'. [ 469.262114][T17454] FAULT_INJECTION: forcing a failure. [ 469.262114][T17454] name failslab, interval 1, probability 0, space 0, times 0 [ 469.279479][T17454] CPU: 0 UID: 0 PID: 17454 Comm: syz.0.4785 Tainted: G U I syzkaller #0 PREEMPT(full) [ 469.279522][T17454] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 469.279535][T17454] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 469.279551][T17454] Call Trace: [ 469.279560][T17454] [ 469.279569][T17454] dump_stack_lvl+0x16c/0x1f0 [ 469.279607][T17454] should_fail_ex+0x512/0x640 [ 469.279639][T17454] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 469.279673][T17454] should_failslab+0xc2/0x120 [ 469.279708][T17454] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 469.279741][T17454] ? __pfx_map_id_range_down+0x10/0x10 [ 469.279800][T17454] ? fput+0x9b/0xd0 [ 469.279841][T17454] ? prepare_creds+0x2c/0x7d0 [ 469.279893][T17454] prepare_creds+0x2c/0x7d0 [ 469.279938][T17454] __sys_setuid+0x9a/0x440 [ 469.279974][T17454] do_syscall_64+0xcd/0x490 [ 469.280014][T17454] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 469.280040][T17454] RIP: 0033:0x7f3ece38ebe9 [ 469.280061][T17454] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 469.280087][T17454] RSP: 002b:00007f3ecf1b4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000069 [ 469.280110][T17454] RAX: ffffffffffffffda RBX: 00007f3ece5c5fa0 RCX: 00007f3ece38ebe9 [ 469.280127][T17454] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000e [ 469.280142][T17454] RBP: 00007f3ece411e19 R08: 0000000000000000 R09: 0000000000000000 [ 469.280158][T17454] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 469.280175][T17454] R13: 00007f3ece5c6038 R14: 00007f3ece5c5fa0 R15: 00007ffe7cb02eb8 [ 469.280210][T17454] [ 470.372117][T17492] kAFS: bad VL server IP address [ 471.448458][T17528] __vm_enough_memory: pid: 17528, comm: syz.3.4808, bytes: 4398046511104 not enough memory for the allocation [ 472.630927][T17555] ACPI: Enabling force_remove is not supported anymore. Please report to linux-acpi@vger.kernel.org if you depend on this functionality [ 473.290742][T17580] netlink: 19 bytes leftover after parsing attributes in process `syz.1.4829'. [ 474.021548][T17612] netlink: 'syz.4.4837': attribute type 1 has an invalid length. [ 474.207438][T17617] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4839'. [ 477.070525][T17728] FAULT_INJECTION: forcing a failure. [ 477.070525][T17728] name failslab, interval 1, probability 0, space 0, times 0 [ 477.112852][T17728] CPU: 1 UID: 0 PID: 17728 Comm: syz.4.4875 Tainted: G U I syzkaller #0 PREEMPT(full) [ 477.112901][T17728] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 477.112911][T17728] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 477.112925][T17728] Call Trace: [ 477.112932][T17728] [ 477.112943][T17728] dump_stack_lvl+0x16c/0x1f0 [ 477.112985][T17728] should_fail_ex+0x512/0x640 [ 477.113021][T17728] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 477.113058][T17728] should_failslab+0xc2/0x120 [ 477.113090][T17728] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 477.113117][T17728] ? __pfx_do_futex+0x10/0x10 [ 477.113146][T17728] ? copy_fs_struct+0x49/0x340 [ 477.113187][T17728] copy_fs_struct+0x49/0x340 [ 477.113225][T17728] ksys_unshare+0x356/0xa40 [ 477.113256][T17728] ? __pfx_ksys_unshare+0x10/0x10 [ 477.113301][T17728] ? __put_user_nocheck_8+0x10/0x10 [ 477.113340][T17728] __x64_sys_unshare+0x31/0x40 [ 477.113372][T17728] do_syscall_64+0xcd/0x490 [ 477.113406][T17728] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 477.113433][T17728] RIP: 0033:0x7f9580f8ebe9 [ 477.113455][T17728] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 477.113480][T17728] RSP: 002b:00007f9581d80038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 477.113505][T17728] RAX: ffffffffffffffda RBX: 00007f95811c5fa0 RCX: 00007f9580f8ebe9 [ 477.113523][T17728] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000020000 [ 477.113538][T17728] RBP: 00007f9581011e19 R08: 0000000000000000 R09: 0000000000000000 [ 477.113553][T17728] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 477.113568][T17728] R13: 00007f95811c6038 R14: 00007f95811c5fa0 R15: 00007ffd2c56f638 [ 477.113604][T17728] [ 477.293898][ C1] vkms_vblank_simulate: vblank timer overrun [ 478.804656][T17780] netlink: 'syz.1.4899': attribute type 1 has an invalid length. [ 478.831758][ T30] audit: type=1804 audit(1756916503.274:44): pid=17776 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.4895" name="/newroot/56/file0" dev="tmpfs" ino=304 res=1 errno=0 [ 478.916665][ T30] audit: type=1804 audit(1756916503.274:45): pid=17779 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.4.4895" name="/newroot/56/file0" dev="tmpfs" ino=304 res=1 errno=0 [ 479.087760][T17781] zswap: compressor not available [ 479.318091][T17800] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input26 [ 479.872661][T17813] __vm_enough_memory: pid: 17813, comm: syz.3.4910, bytes: 4398046511104 not enough memory for the allocation [ 482.841959][T17922] FAULT_INJECTION: forcing a failure. [ 482.841959][T17922] name failslab, interval 1, probability 0, space 0, times 0 [ 482.872819][ T30] audit: type=1804 audit(1756916507.315:46): pid=17919 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.4955" name="/newroot/1177/file0" dev="tmpfs" ino=5990 res=1 errno=0 [ 482.937879][T17922] CPU: 0 UID: 0 PID: 17922 Comm: syz.4.4957 Tainted: G U I syzkaller #0 PREEMPT(full) [ 482.937925][T17922] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 482.937936][T17922] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 482.937950][T17922] Call Trace: [ 482.937959][T17922] [ 482.937969][T17922] dump_stack_lvl+0x16c/0x1f0 [ 482.938009][T17922] should_fail_ex+0x512/0x640 [ 482.938044][T17922] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 482.938076][T17922] should_failslab+0xc2/0x120 [ 482.938109][T17922] __kmalloc_cache_noprof+0x6a/0x3e0 [ 482.938137][T17922] ? copy_ipcs+0x19f/0x610 [ 482.938172][T17922] copy_ipcs+0x19f/0x610 [ 482.938204][T17922] ? copy_utsname+0xab/0x470 [ 482.938243][T17922] create_new_namespaces+0x20a/0xa90 [ 482.938274][T17922] ? security_capable+0x7e/0x260 [ 482.938305][T17922] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 482.938338][T17922] ksys_unshare+0x45b/0xa40 [ 482.938372][T17922] ? __pfx_ksys_unshare+0x10/0x10 [ 482.938408][T17922] ? xfd_validate_state+0x61/0x180 [ 482.938454][T17922] __x64_sys_unshare+0x31/0x40 [ 482.938487][T17922] do_syscall_64+0xcd/0x490 [ 482.938523][T17922] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 482.938550][T17922] RIP: 0033:0x7f9580f8ebe9 [ 482.938570][T17922] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 482.938594][T17922] RSP: 002b:00007f9581d80038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 482.938619][T17922] RAX: ffffffffffffffda RBX: 00007f95811c5fa0 RCX: 00007f9580f8ebe9 [ 482.938636][T17922] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000008000400 [ 482.938652][T17922] RBP: 00007f9581011e19 R08: 0000000000000000 R09: 0000000000000000 [ 482.938668][T17922] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 482.938684][T17922] R13: 00007f95811c6038 R14: 00007f95811c5fa0 R15: 00007ffd2c56f638 [ 482.938719][T17922] [ 483.151807][ T30] audit: type=1804 audit(1756916507.315:47): pid=17920 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.4955" name="/newroot/1177/file0" dev="tmpfs" ino=5990 res=1 errno=0 [ 483.291255][ T30] audit: type=1800 audit(1756916507.737:48): pid=17919 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.4955" name="file0" dev="tmpfs" ino=5990 res=0 errno=0 [ 483.776169][T17950] netlink: 'syz.0.4969': attribute type 9 has an invalid length. [ 483.787518][T17950] netlink: 330 bytes leftover after parsing attributes in process `syz.0.4969'. [ 484.004053][ T30] audit: type=1804 audit(1756916508.491:49): pid=17958 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.4972" name="/newroot/1416/file0" dev="tmpfs" ino=7211 res=1 errno=0 [ 484.121562][ T30] audit: type=1804 audit(1756916508.592:50): pid=17955 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.4972" name="/newroot/1416/file0" dev="tmpfs" ino=7211 res=1 errno=0 [ 485.101675][ T30] audit: type=1804 audit(1756916509.587:51): pid=17988 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.4985" name="/newroot/72/file0" dev="tmpfs" ino=385 res=1 errno=0 [ 485.137736][ T30] audit: type=1804 audit(1756916509.617:52): pid=17991 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.4.4985" name="/newroot/72/file0" dev="tmpfs" ino=385 res=1 errno=0 [ 485.164056][ T30] audit: type=1800 audit(1756916509.617:53): pid=17988 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.4985" name="file0" dev="tmpfs" ino=385 res=0 errno=0 [ 485.281984][T17987] Device name cannot be null; rc = [-22] [ 485.386759][T17997] FAULT_INJECTION: forcing a failure. [ 485.386759][T17997] name failslab, interval 1, probability 0, space 0, times 0 [ 485.408466][T17997] CPU: 0 UID: 0 PID: 17997 Comm: syz.1.4989 Tainted: G U I syzkaller #0 PREEMPT(full) [ 485.408511][T17997] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 485.408523][T17997] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 485.408538][T17997] Call Trace: [ 485.408547][T17997] [ 485.408557][T17997] dump_stack_lvl+0x16c/0x1f0 [ 485.408595][T17997] should_fail_ex+0x512/0x640 [ 485.408630][T17997] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 485.408663][T17997] should_failslab+0xc2/0x120 [ 485.408696][T17997] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 485.408723][T17997] ? __pfx___might_resched+0x10/0x10 [ 485.408748][T17997] ? __anon_vma_prepare+0xae/0x5e0 [ 485.408777][T17997] __anon_vma_prepare+0xae/0x5e0 [ 485.408801][T17997] ? __filemap_get_folio+0x32b/0xc30 [ 485.408834][T17997] __vmf_anon_prepare+0x11c/0x240 [ 485.408869][T17997] hugetlb_fault+0x1ba4/0x2f40 [ 485.408899][T17997] ? __pfx_hugetlb_fault+0x10/0x10 [ 485.408938][T17997] ? find_vma+0xbf/0x140 [ 485.408969][T17997] ? __pfx_find_vma+0x10/0x10 [ 485.409005][T17997] handle_mm_fault+0xbfa/0xd10 [ 485.409032][T17997] ? trace_raw_output_exceptions+0x131/0x150 [ 485.409072][T17997] do_user_addr_fault+0x7a6/0x1370 [ 485.409113][T17997] ? rcu_is_watching+0x12/0xc0 [ 485.409144][T17997] exc_page_fault+0x5c/0xb0 [ 485.409177][T17997] asm_exc_page_fault+0x26/0x30 [ 485.409201][T17997] RIP: 0010:rep_movs_alternative+0x11/0x90 [ 485.409227][T17997] Code: e9 54 1f 04 00 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 48 83 f9 40 73 44 83 f9 08 73 25 85 c9 74 0f 8a 06 <88> 07 48 ff c7 48 ff c6 48 ff c9 75 f1 c3 cc cc cc cc 66 66 2e 0f [ 485.409252][T17997] RSP: 0018:ffffc90003997db0 EFLAGS: 00050206 [ 485.409282][T17997] RAX: 000000000000002f RBX: 0000000000000006 RCX: 0000000000000006 [ 485.409297][T17997] RDX: ffffed100adc6640 RSI: ffff888056e331fa RDI: 0000000000000000 [ 485.409314][T17997] RBP: 0000000000000000 R08: 0000000000000000 R09: ffffed100adc663f [ 485.409329][T17997] R10: ffff888056e331ff R11: 0000000000000000 R12: ffff888056e331fa [ 485.409345][T17997] R13: 0000000000000006 R14: 00007ffffffff000 R15: 0000000000000000 [ 485.409378][T17997] _copy_to_user+0xbb/0xd0 [ 485.409406][T17997] __do_sys_getcwd+0x483/0x930 [ 485.409451][T17997] ? __pfx___do_sys_getcwd+0x10/0x10 [ 485.409486][T17997] ? __pfx_mem_cgroup_handle_over_high+0x10/0x10 [ 485.409518][T17997] ? __pfx_ksys_write+0x10/0x10 [ 485.409555][T17997] do_syscall_64+0xcd/0x490 [ 485.409589][T17997] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 485.409616][T17997] RIP: 0033:0x7f409ad8ebe9 [ 485.409637][T17997] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 485.409659][T17997] RSP: 002b:00007f409bc77038 EFLAGS: 00000246 ORIG_RAX: 000000000000004f [ 485.409683][T17997] RAX: ffffffffffffffda RBX: 00007f409afc5fa0 RCX: 00007f409ad8ebe9 [ 485.409700][T17997] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000000 [ 485.409715][T17997] RBP: 00007f409ae11e19 R08: 0000000000000000 R09: 0000000000000000 [ 485.409730][T17997] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 485.409745][T17997] R13: 00007f409afc6038 R14: 00007f409afc5fa0 R15: 00007fff56e57f08 [ 485.409781][T17997] [ 486.529997][ T30] audit: type=1804 audit(1756916511.014:54): pid=18037 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.5001" name="/newroot/1427/file0" dev="tmpfs" ino=7267 res=1 errno=0 [ 486.719087][ T30] audit: type=1804 audit(1756916511.085:55): pid=18037 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.5001" name="/newroot/1427/file0" dev="tmpfs" ino=7267 res=1 errno=0 [ 486.777944][T18045] FAULT_INJECTION: forcing a failure. [ 486.777944][T18045] name failslab, interval 1, probability 0, space 0, times 0 [ 486.805721][T18045] CPU: 1 UID: 0 PID: 18045 Comm: syz.1.5004 Tainted: G U I syzkaller #0 PREEMPT(full) [ 486.805765][T18045] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 486.805775][T18045] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 486.805789][T18045] Call Trace: [ 486.805798][T18045] [ 486.805808][T18045] dump_stack_lvl+0x16c/0x1f0 [ 486.805848][T18045] should_fail_ex+0x512/0x640 [ 486.805882][T18045] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 486.805917][T18045] should_failslab+0xc2/0x120 [ 486.805948][T18045] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 486.805978][T18045] ? getname_flags.part.0+0x376/0x550 [ 486.806015][T18045] ? getname_flags.part.0+0x4c/0x550 [ 486.806068][T18045] getname_flags.part.0+0x4c/0x550 [ 486.806112][T18045] getname_flags+0x93/0xf0 [ 486.806140][T18045] __x64_sys_renameat2+0xd4/0x130 [ 486.806178][T18045] do_syscall_64+0xcd/0x490 [ 486.806216][T18045] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 486.806241][T18045] RIP: 0033:0x7f409ad8ebe9 [ 486.806262][T18045] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 486.806286][T18045] RSP: 002b:00007f409bc77038 EFLAGS: 00000246 ORIG_RAX: 000000000000013c [ 486.806311][T18045] RAX: ffffffffffffffda RBX: 00007f409afc5fa0 RCX: 00007f409ad8ebe9 [ 486.806329][T18045] RDX: ffffffffffffff9c RSI: 0000000000000000 RDI: ffffffffffffffff [ 486.806345][T18045] RBP: 00007f409ae11e19 R08: 0000000000000004 R09: 0000000000000000 [ 486.806360][T18045] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 486.806376][T18045] R13: 00007f409afc6038 R14: 00007f409afc5fa0 R15: 00007fff56e57f08 [ 486.806412][T18045] [ 489.135004][T18131] usb usb36: usbfs: process 18131 (syz.3.5032) did not claim interface 0 before use [ 491.297219][T18202] FAULT_INJECTION: forcing a failure. [ 491.297219][T18202] name failslab, interval 1, probability 0, space 0, times 0 [ 491.378423][T18202] CPU: 0 UID: 0 PID: 18202 Comm: syz.4.5064 Tainted: G U I syzkaller #0 PREEMPT(full) [ 491.378472][T18202] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 491.378484][T18202] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 491.378500][T18202] Call Trace: [ 491.378509][T18202] [ 491.378520][T18202] dump_stack_lvl+0x16c/0x1f0 [ 491.378561][T18202] should_fail_ex+0x512/0x640 [ 491.378595][T18202] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 491.378630][T18202] should_failslab+0xc2/0x120 [ 491.378662][T18202] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 491.378694][T18202] ? alloc_inode+0xc3/0x240 [ 491.378735][T18202] alloc_inode+0xc3/0x240 [ 491.378770][T18202] path_from_stashed+0x25b/0x750 [ 491.378808][T18202] ns_ioctl+0xb8c/0xe50 [ 491.378836][T18202] ? __pfx_ns_ioctl+0x10/0x10 [ 491.378863][T18202] ? __fget_files+0x20e/0x3c0 [ 491.378901][T18202] ? __pfx_ns_ioctl+0x10/0x10 [ 491.378930][T18202] __x64_sys_ioctl+0x18b/0x210 [ 491.378973][T18202] do_syscall_64+0xcd/0x490 [ 491.379008][T18202] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 491.379034][T18202] RIP: 0033:0x7f9580f8ebe9 [ 491.379055][T18202] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 491.379080][T18202] RSP: 002b:00007f9581d80038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 491.379105][T18202] RAX: ffffffffffffffda RBX: 00007f95811c5fa0 RCX: 00007f9580f8ebe9 [ 491.379123][T18202] RDX: 0000000000000003 RSI: 000000004020940c RDI: 0000000000000003 [ 491.379138][T18202] RBP: 00007f9581011e19 R08: 0000000000000000 R09: 0000000000000000 [ 491.379154][T18202] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 491.379169][T18202] R13: 00007f95811c6038 R14: 00007f95811c5fa0 R15: 00007ffd2c56f638 [ 491.379205][T18202] [ 491.761916][T18170] kexec: Could not allocate control_code_buffer [ 492.240301][T18221] Device name cannot be null; rc = [-22] [ 492.862282][T18257] bridge0: port 6(dummy0) entered blocking state [ 492.869592][T18257] bridge0: port 6(dummy0) entered disabled state [ 492.876326][T18257] dummy0: entered allmulticast mode [ 492.883914][T18257] dummy0: entered promiscuous mode [ 492.889774][T18257] bridge0: port 6(dummy0) entered blocking state [ 492.896300][T18257] bridge0: port 6(dummy0) entered forwarding state [ 493.012064][T18262] CIFS: VFS: Unsupported security flags: 0x20 [ 494.221189][T18310] netlink: 342 bytes leftover after parsing attributes in process `syz.4.5109'. [ 496.148994][T18378] netlink: 206 bytes leftover after parsing attributes in process `syz.3.5142'. [ 497.509968][T18435] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5163'. [ 500.520649][ T13] EXT4-fs error (device sda1): ext4_validate_block_bitmap:423: comm kworker/u8:1: bg 1: bad block bitmap checksum [ 500.571693][ T13] EXT4-fs (sda1): Delayed block allocation failed for inode 2031 at logical offset 1462 with max blocks 14 with error 74 [ 500.608307][ T13] EXT4-fs (sda1): This should not happen!! Data will be lost [ 500.608307][ T13] [ 501.073169][T18578] binder: 18577:18578 ioctl c00c6211 0 returned -14 [ 502.184310][T18618] FAULT_INJECTION: forcing a failure. [ 502.184310][T18618] name failslab, interval 1, probability 0, space 0, times 0 [ 502.197295][T18618] CPU: 1 UID: 0 PID: 18618 Comm: syz.1.5232 Tainted: G U I syzkaller #0 PREEMPT(full) [ 502.197342][T18618] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 502.197354][T18618] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 502.197370][T18618] Call Trace: [ 502.197380][T18618] [ 502.197390][T18618] dump_stack_lvl+0x16c/0x1f0 [ 502.197432][T18618] should_fail_ex+0x512/0x640 [ 502.197465][T18618] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 502.197500][T18618] should_failslab+0xc2/0x120 [ 502.197532][T18618] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 502.197573][T18618] ? lockdep_init_map_type+0x5c/0x280 [ 502.197608][T18618] ? fcntl_setlease+0x389/0x5a0 [ 502.197639][T18618] fcntl_setlease+0x389/0x5a0 [ 502.197663][T18618] ? __pfx_fcntl_setlease+0x10/0x10 [ 502.197706][T18618] do_fcntl+0x751/0x15a0 [ 502.197742][T18618] ? __pfx_do_fcntl+0x10/0x10 [ 502.197786][T18618] ? tomoyo_file_fcntl+0x6c/0xc0 [ 502.197815][T18618] __x64_sys_fcntl+0x163/0x200 [ 502.197854][T18618] do_syscall_64+0xcd/0x490 [ 502.197891][T18618] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 502.197917][T18618] RIP: 0033:0x7f409ad8ebe9 [ 502.197937][T18618] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 502.197961][T18618] RSP: 002b:00007f409bc77038 EFLAGS: 00000246 ORIG_RAX: 0000000000000048 [ 502.197987][T18618] RAX: ffffffffffffffda RBX: 00007f409afc5fa0 RCX: 00007f409ad8ebe9 [ 502.198004][T18618] RDX: 0000000000000001 RSI: 0000000000000400 RDI: 0000000000000003 [ 502.198018][T18618] RBP: 00007f409ae11e19 R08: 0000000000000000 R09: 0000000000000000 [ 502.198031][T18618] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 502.198044][T18618] R13: 00007f409afc6038 R14: 00007f409afc5fa0 R15: 00007fff56e57f08 [ 502.198076][T18618] [ 503.145305][T18643] netlink: 342 bytes leftover after parsing attributes in process `syz.1.5244'. [ 503.649316][T18659] FAULT_INJECTION: forcing a failure. [ 503.649316][T18659] name failslab, interval 1, probability 0, space 0, times 0 [ 503.742178][T18659] CPU: 0 UID: 0 PID: 18659 Comm: syz.4.5250 Tainted: G U I syzkaller #0 PREEMPT(full) [ 503.742213][T18659] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 503.742220][T18659] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 503.742229][T18659] Call Trace: [ 503.742235][T18659] [ 503.742241][T18659] dump_stack_lvl+0x16c/0x1f0 [ 503.742265][T18659] should_fail_ex+0x512/0x640 [ 503.742287][T18659] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 503.742307][T18659] should_failslab+0xc2/0x120 [ 503.742326][T18659] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 503.742342][T18659] ? __pfx_map_id_range_down+0x10/0x10 [ 503.742364][T18659] ? __x64_sys_futex+0x1e0/0x4c0 [ 503.742383][T18659] ? __x64_sys_futex+0x1e9/0x4c0 [ 503.742399][T18659] ? prepare_creds+0x2c/0x7d0 [ 503.742422][T18659] prepare_creds+0x2c/0x7d0 [ 503.742443][T18659] __sys_setreuid+0x101/0xaf0 [ 503.742459][T18659] ? rcu_is_watching+0x12/0xc0 [ 503.742476][T18659] do_syscall_64+0xcd/0x490 [ 503.742496][T18659] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 503.742510][T18659] RIP: 0033:0x7f9580f8ebe9 [ 503.742522][T18659] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 503.742536][T18659] RSP: 002b:00007f9581d80038 EFLAGS: 00000246 ORIG_RAX: 0000000000000071 [ 503.742550][T18659] RAX: ffffffffffffffda RBX: 00007f95811c5fa0 RCX: 00007f9580f8ebe9 [ 503.742559][T18659] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000000 [ 503.742567][T18659] RBP: 00007f9581011e19 R08: 0000000000000000 R09: 0000000000000000 [ 503.742575][T18659] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 503.742583][T18659] R13: 00007f95811c6038 R14: 00007f95811c5fa0 R15: 00007ffd2c56f638 [ 503.742601][T18659] [ 503.928567][ C0] vkms_vblank_simulate: vblank timer overrun [ 504.412771][T18677] binder: 18676:18677 ioctl 400454c9 0 returned -22 [ 504.444851][T18677] binder: 18676:18677 ioctl c0306201 200000000300 returned -11 [ 505.349511][T18716] i2c i2c-0: DVB: adapter 0 frontend 0 frequency 0 out of range (51000000..2150000000) [ 506.199442][T18751] FAULT_INJECTION: forcing a failure. [ 506.199442][T18751] name failslab, interval 1, probability 0, space 0, times 0 [ 506.220003][T18751] CPU: 1 UID: 0 PID: 18751 Comm: syz.1.5289 Tainted: G U I syzkaller #0 PREEMPT(full) [ 506.220052][T18751] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 506.220063][T18751] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 506.220079][T18751] Call Trace: [ 506.220089][T18751] [ 506.220099][T18751] dump_stack_lvl+0x16c/0x1f0 [ 506.220152][T18751] should_fail_ex+0x512/0x640 [ 506.220189][T18751] ? fs_reclaim_acquire+0xae/0x150 [ 506.220229][T18751] should_failslab+0xc2/0x120 [ 506.220261][T18751] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 506.220292][T18751] ? security_inode_alloc+0x3b/0x2b0 [ 506.220335][T18751] security_inode_alloc+0x3b/0x2b0 [ 506.220366][T18751] inode_init_always_gfp+0xce4/0x1030 [ 506.220401][T18751] alloc_inode+0x86/0x240 [ 506.220436][T18751] alloc_anon_inode+0x28/0x3e0 [ 506.220467][T18751] ioctx_alloc+0x4ad/0x2120 [ 506.220511][T18751] ? find_held_lock+0x2b/0x80 [ 506.220536][T18751] ? __pfx_ioctx_alloc+0x10/0x10 [ 506.220561][T18751] ? __might_fault+0x13b/0x190 [ 506.220600][T18751] __x64_sys_io_setup+0xc9/0x210 [ 506.220632][T18751] do_syscall_64+0xcd/0x490 [ 506.220666][T18751] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 506.220690][T18751] RIP: 0033:0x7f409ad8ebe9 [ 506.220711][T18751] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 506.220735][T18751] RSP: 002b:00007f409bc77038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ce [ 506.220759][T18751] RAX: ffffffffffffffda RBX: 00007f409afc5fa0 RCX: 00007f409ad8ebe9 [ 506.220776][T18751] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000008afc [ 506.220790][T18751] RBP: 00007f409ae11e19 R08: 0000000000000000 R09: 0000000000000000 [ 506.220806][T18751] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 506.220821][T18751] R13: 00007f409afc6038 R14: 00007f409afc5fa0 R15: 00007fff56e57f08 [ 506.220857][T18751] [ 506.482094][T18749] program syz.4.5287 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 506.648708][ T1305] ieee802154 phy0 wpan0: encryption failed: -22 [ 506.655209][ T1305] ieee802154 phy1 wpan1: encryption failed: -22 [ 506.662955][ T5866] Bluetooth: hci2: unexpected event 0x3e length: 508 > 260 [ 506.662990][ T5866] Bluetooth: hci2: unexpected subevent 0x02 length: 507 > 260 [ 506.679535][ T5866] Bluetooth: hci2: Dropping invalid advertising data [ 506.686779][ T5866] Bluetooth: hci2: Dropping invalid advertising data [ 506.694152][ T5866] Bluetooth: hci2: Malformed LE Event: 0x02 [ 506.980466][T18768] dyndbg: bad flag-op , at start of  [ 506.986061][T18768] dyndbg: flags parse failed [ 507.206678][ T5866] Bluetooth: hci2: unexpected event 0x3e length: 508 > 260 [ 507.206717][ T5866] Bluetooth: hci2: unexpected subevent 0x02 length: 507 > 260 [ 507.222742][ T5866] Bluetooth: hci2: Dropping invalid advertising data [ 507.229609][ T5866] Bluetooth: hci2: Dropping invalid advertising data [ 507.236303][ T5866] Bluetooth: hci2: Dropping invalid advertising data [ 507.243364][ T5866] Bluetooth: hci2: Malformed LE Event: 0x02 [ 507.968135][T18774] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 507.975906][T18774] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 507.995981][T18774] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 508.012137][T18774] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 508.019291][T18774] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 508.032393][T18774] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 508.042401][T18774] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 508.050012][T18774] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 508.077826][T18774] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 508.120202][T18774] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 508.133388][T18774] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 508.140970][T18774] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 508.202628][T18774] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 508.351635][T18808] FAULT_INJECTION: forcing a failure. [ 508.351635][T18808] name failslab, interval 1, probability 0, space 0, times 0 [ 508.365739][T18808] CPU: 1 UID: 0 PID: 18808 Comm: syz.1.5312 Tainted: G U I syzkaller #0 PREEMPT(full) [ 508.365785][T18808] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 508.365796][T18808] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 508.365811][T18808] Call Trace: [ 508.365820][T18808] [ 508.365829][T18808] dump_stack_lvl+0x16c/0x1f0 [ 508.365870][T18808] should_fail_ex+0x512/0x640 [ 508.365911][T18808] should_failslab+0xc2/0x120 [ 508.365943][T18808] __kmalloc_cache_noprof+0x6a/0x3e0 [ 508.365979][T18808] ? report_access+0x100/0x550 [ 508.366020][T18808] report_access+0x100/0x550 [ 508.366060][T18808] yama_ptrace_access_check+0x589/0xd10 [ 508.366104][T18808] security_ptrace_access_check+0xb2/0x210 [ 508.366133][T18808] __ptrace_may_access+0x498/0x950 [ 508.366169][T18808] ptrace_attach+0x24a/0x6a0 [ 508.366202][T18808] __x64_sys_ptrace+0x25c/0x2a0 [ 508.366237][T18808] do_syscall_64+0xcd/0x490 [ 508.366274][T18808] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 508.366299][T18808] RIP: 0033:0x7f409ad8ebe9 [ 508.366321][T18808] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 508.366345][T18808] RSP: 002b:00007f409bc77038 EFLAGS: 00000246 ORIG_RAX: 0000000000000065 [ 508.366370][T18808] RAX: ffffffffffffffda RBX: 00007f409afc5fa0 RCX: 00007f409ad8ebe9 [ 508.366387][T18808] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000004206 [ 508.366402][T18808] RBP: 00007f409ae11e19 R08: 0000000000000000 R09: 0000000000000000 [ 508.366418][T18808] R10: 0000000000200005 R11: 0000000000000246 R12: 0000000000000000 [ 508.366433][T18808] R13: 00007f409afc6038 R14: 00007f409afc5fa0 R15: 00007fff56e57f08 [ 508.366469][T18808] [ 508.823361][T18822] FAULT_INJECTION: forcing a failure. [ 508.823361][T18822] name failslab, interval 1, probability 0, space 0, times 0 [ 508.838609][T18822] CPU: 0 UID: 0 PID: 18822 Comm: syz.1.5315 Tainted: G U I syzkaller #0 PREEMPT(full) [ 508.838658][T18822] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 508.838669][T18822] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 508.838684][T18822] Call Trace: [ 508.838694][T18822] [ 508.838704][T18822] dump_stack_lvl+0x16c/0x1f0 [ 508.838745][T18822] should_fail_ex+0x512/0x640 [ 508.838780][T18822] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 508.838812][T18822] should_failslab+0xc2/0x120 [ 508.838844][T18822] __kmalloc_cache_noprof+0x6a/0x3e0 [ 508.838872][T18822] ? mqueue_init_fs_context+0x4b/0x480 [ 508.838905][T18822] ? __pfx_mqueue_init_fs_context+0x10/0x10 [ 508.838930][T18822] mqueue_init_fs_context+0x4b/0x480 [ 508.838956][T18822] ? __pfx_mqueue_init_fs_context+0x10/0x10 [ 508.838984][T18822] alloc_fs_context+0x54a/0x9c0 [ 508.839023][T18822] mq_init_ns+0x172/0x620 [ 508.839054][T18822] copy_ipcs+0x383/0x610 [ 508.839080][T18822] ? copy_utsname+0xab/0x470 [ 508.839125][T18822] create_new_namespaces+0x20a/0xa90 [ 508.839154][T18822] ? security_capable+0x7e/0x260 [ 508.839182][T18822] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 508.839211][T18822] ksys_unshare+0x45b/0xa40 [ 508.839243][T18822] ? __pfx_ksys_unshare+0x10/0x10 [ 508.839273][T18822] ? ksys_write+0x1ac/0x250 [ 508.839310][T18822] __x64_sys_unshare+0x31/0x40 [ 508.839344][T18822] do_syscall_64+0xcd/0x490 [ 508.839377][T18822] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 508.839401][T18822] RIP: 0033:0x7f409ad8ebe9 [ 508.839421][T18822] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 508.839444][T18822] RSP: 002b:00007f409bc77038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 508.839467][T18822] RAX: ffffffffffffffda RBX: 00007f409afc5fa0 RCX: 00007f409ad8ebe9 [ 508.839483][T18822] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000008000400 [ 508.839497][T18822] RBP: 00007f409ae11e19 R08: 0000000000000000 R09: 0000000000000000 [ 508.839512][T18822] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 508.839528][T18822] R13: 00007f409afc6038 R14: 00007f409afc5fa0 R15: 00007fff56e57f08 [ 508.839561][T18822] [ 509.199276][ T5866] Bluetooth: hci1: command 0x0406 tx timeout [ 510.064736][ T5866] Bluetooth: hci4: command 0x0c1a tx timeout [ 510.072079][ T5876] Bluetooth: hci2: command 0x0406 tx timeout [ 510.144184][ T5876] Bluetooth: hci3: command 0x0c1a tx timeout [ 510.779147][T18904] bridge0: port 7(syz_tun) entered blocking state [ 510.788434][T18904] bridge0: port 7(syz_tun) entered disabled state [ 510.801961][T18904] syz_tun: entered allmulticast mode [ 510.818422][T18904] syz_tun: entered promiscuous mode [ 510.824845][T18904] bridge0: port 7(syz_tun) entered blocking state [ 510.831471][T18904] bridge0: port 7(syz_tun) entered forwarding state [ 510.897148][T18907] FAULT_INJECTION: forcing a failure. [ 510.897148][T18907] name failslab, interval 1, probability 0, space 0, times 0 [ 510.915156][T18907] CPU: 1 UID: 0 PID: 18907 Comm: syz.3.5355 Tainted: G U I syzkaller #0 PREEMPT(full) [ 510.915202][T18907] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 510.915213][T18907] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 510.915227][T18907] Call Trace: [ 510.915236][T18907] [ 510.915245][T18907] dump_stack_lvl+0x16c/0x1f0 [ 510.915313][T18907] should_fail_ex+0x512/0x640 [ 510.915348][T18907] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 510.915382][T18907] should_failslab+0xc2/0x120 [ 510.915414][T18907] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 510.915446][T18907] ? key_alloc+0x3e0/0x1330 [ 510.915484][T18907] key_alloc+0x3e0/0x1330 [ 510.915526][T18907] ? rcu_is_watching+0x12/0xc0 [ 510.915553][T18907] ? __pfx_key_alloc+0x10/0x10 [ 510.915582][T18907] ? __kmalloc_noprof+0x242/0x510 [ 510.915622][T18907] keyring_alloc+0x44/0xc0 [ 510.915663][T18907] install_thread_keyring_to_cred+0xc1/0x140 [ 510.915695][T18907] keyctl_set_reqkey_keyring+0xcf/0x1c0 [ 510.915726][T18907] __do_sys_keyctl+0x6d/0x590 [ 510.915756][T18907] do_syscall_64+0xcd/0x490 [ 510.915794][T18907] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 510.915820][T18907] RIP: 0033:0x7f364478ebe9 [ 510.915840][T18907] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 510.915864][T18907] RSP: 002b:00007f3645584038 EFLAGS: 00000246 ORIG_RAX: 00000000000000fa [ 510.915889][T18907] RAX: ffffffffffffffda RBX: 00007f36449c5fa0 RCX: 00007f364478ebe9 [ 510.915907][T18907] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 000000000000000e [ 510.915921][T18907] RBP: 00007f3644811e19 R08: 0000000000000008 R09: 0000000000000000 [ 510.915942][T18907] R10: 0000000000005eaf R11: 0000000000000246 R12: 0000000000000000 [ 510.915958][T18907] R13: 00007f36449c6038 R14: 00007f36449c5fa0 R15: 00007ffee0adaf48 [ 510.915993][T18907] [ 511.266059][ T5876] Bluetooth: hci1: command 0x0406 tx timeout [ 511.529974][ T30] audit: type=1806 audit(1756934879.157:56): xattr="0x00060000" res=-22 [ 511.764832][T18935] program syz.0.5367 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 512.133869][ T5876] Bluetooth: hci2: command 0x0406 tx timeout [ 512.139938][ T5876] Bluetooth: hci4: command 0x0c1a tx timeout [ 512.213405][ T5876] Bluetooth: hci3: command 0x0c1a tx timeout [ 513.186849][T19006] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5399'. [ 513.210778][T19006] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5399'. [ 513.327933][ T5866] Bluetooth: hci1: command 0x0406 tx timeout [ 513.452725][T19016] netlink: 342 bytes leftover after parsing attributes in process `syz.3.5403'. [ 514.203128][ T5866] Bluetooth: hci4: command 0x0c1a tx timeout [ 514.203135][ T5874] Bluetooth: hci2: command 0x0406 tx timeout [ 514.287550][ T5866] Bluetooth: hci3: command 0x0c1a tx timeout [ 515.100029][T19075] ======================================================= [ 515.100029][T19075] WARNING: The mand mount option has been deprecated and [ 515.100029][T19075] and is ignored by this kernel. Remove the mand [ 515.100029][T19075] option from the mount to silence this warning. [ 515.100029][T19075] ======================================================= [ 515.349769][T19088] netlink: 28 bytes leftover after parsing attributes in process `syz.3.5432'. [ 515.405518][T19088] caif0: entered promiscuous mode [ 515.416113][T19092] netlink: 'syz.0.5434': attribute type 2 has an invalid length. [ 515.455803][T19092] netlink: 'syz.0.5434': attribute type 2 has an invalid length. [ 515.820777][T19103] sd 0:0:1:0: PR command failed: 1026 [ 515.844728][T19103] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 515.854912][T19103] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 516.272356][ T5866] Bluetooth: hci4: command 0x0c1a tx timeout [ 517.553210][T19166] sock: sock_timestamping_bind_phc: sock not bind to device [ 517.633963][T19172] netlink: 342 bytes leftover after parsing attributes in process `syz.1.5469'. [ 517.647839][T19172] netlink: 342 bytes leftover after parsing attributes in process `syz.1.5469'. [ 517.875935][T19181] netlink: 342 bytes leftover after parsing attributes in process `syz.1.5473'. [ 520.337066][T19232] FAULT_INJECTION: forcing a failure. [ 520.337066][T19232] name failslab, interval 1, probability 0, space 0, times 0 [ 520.370964][T19232] CPU: 0 UID: 0 PID: 19232 Comm: syz.1.5501 Tainted: G U I syzkaller #0 PREEMPT(full) [ 520.371015][T19232] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 520.371026][T19232] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 520.371042][T19232] Call Trace: [ 520.371059][T19232] [ 520.371070][T19232] dump_stack_lvl+0x16c/0x1f0 [ 520.371110][T19232] should_fail_ex+0x512/0x640 [ 520.371144][T19232] ? fs_reclaim_acquire+0xae/0x150 [ 520.371186][T19232] should_failslab+0xc2/0x120 [ 520.371219][T19232] __kmalloc_cache_noprof+0x6a/0x3e0 [ 520.371247][T19232] ? __lock_acquire+0x62e/0x1ce0 [ 520.371278][T19232] ? usb_control_msg+0xbc/0x4a0 [ 520.371319][T19232] usb_control_msg+0xbc/0x4a0 [ 520.371354][T19232] ? __pfx_usb_control_msg+0x10/0x10 [ 520.371400][T19232] hub_ext_port_status+0x14e/0x670 [ 520.371446][T19232] hub_activate+0x6e5/0x1d60 [ 520.371491][T19232] ? __pfx_hub_activate+0x10/0x10 [ 520.371523][T19232] ? find_held_lock+0x2b/0x80 [ 520.371550][T19232] ? proc_do_submiturb+0x16e0/0x3b10 [ 520.371592][T19232] hub_resume+0xa8/0x3f0 [ 520.371626][T19232] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 520.371663][T19232] ? __pfx_hub_resume+0x10/0x10 [ 520.371697][T19232] ? __pfx_hcd_bus_resume+0x10/0x10 [ 520.371734][T19232] usb_resume_interface.constprop.0.isra.0+0x2c2/0x3e0 [ 520.371767][T19232] usb_resume_both+0x273/0x800 [ 520.371796][T19232] ? __pfx_usb_resume_both+0x10/0x10 [ 520.371821][T19232] ? __pfx_usb_runtime_resume+0x10/0x10 [ 520.371853][T19232] ? __pfx_usb_runtime_resume+0x10/0x10 [ 520.371883][T19232] __rpm_callback+0xc8/0x610 [ 520.371921][T19232] ? __pfx_usb_runtime_resume+0x10/0x10 [ 520.371951][T19232] rpm_callback+0x1b7/0x200 [ 520.371984][T19232] ? __pfx_usb_runtime_resume+0x10/0x10 [ 520.372013][T19232] rpm_resume+0xd0a/0x1310 [ 520.372064][T19232] ? __pfx_rpm_resume+0x10/0x10 [ 520.372097][T19232] ? do_raw_spin_lock+0x12c/0x2b0 [ 520.372137][T19232] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 520.372195][T19232] __pm_runtime_resume+0xb6/0x170 [ 520.372232][T19232] usb_autoresume_device+0x23/0xe0 [ 520.372264][T19232] usbdev_open+0x228/0x8b0 [ 520.372295][T19232] ? do_raw_spin_lock+0x12c/0x2b0 [ 520.372332][T19232] ? __pfx_usbdev_open+0x10/0x10 [ 520.372362][T19232] ? chrdev_open+0x58c/0x6a0 [ 520.372400][T19232] ? __pfx_usbdev_open+0x10/0x10 [ 520.372427][T19232] chrdev_open+0x231/0x6a0 [ 520.372461][T19232] ? __pfx_chrdev_open+0x10/0x10 [ 520.372496][T19232] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 520.372532][T19232] do_dentry_open+0x97f/0x1530 [ 520.372565][T19232] ? __pfx_chrdev_open+0x10/0x10 [ 520.372605][T19232] vfs_open+0x82/0x3f0 [ 520.372646][T19232] path_openat+0x1de4/0x2cb0 [ 520.372691][T19232] ? __pfx_path_openat+0x10/0x10 [ 520.372731][T19232] do_filp_open+0x20b/0x470 [ 520.372763][T19232] ? __pfx_do_filp_open+0x10/0x10 [ 520.372820][T19232] ? alloc_fd+0x471/0x7d0 [ 520.372859][T19232] do_sys_openat2+0x11b/0x1d0 [ 520.372896][T19232] ? __pfx_do_sys_openat2+0x10/0x10 [ 520.372949][T19232] __x64_sys_openat+0x174/0x210 [ 520.372987][T19232] ? __pfx___x64_sys_openat+0x10/0x10 [ 520.373041][T19232] do_syscall_64+0xcd/0x490 [ 520.373090][T19232] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 520.373117][T19232] RIP: 0033:0x7f409ad8ebe9 [ 520.373139][T19232] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 520.373164][T19232] RSP: 002b:00007f409bc77038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 520.373189][T19232] RAX: ffffffffffffffda RBX: 00007f409afc5fa0 RCX: 00007f409ad8ebe9 [ 520.373207][T19232] RDX: 0000000000040101 RSI: 0000200000000240 RDI: ffffffffffffff9c [ 520.373225][T19232] RBP: 00007f409ae11e19 R08: 0000000000000000 R09: 0000000000000000 [ 520.373242][T19232] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 520.373258][T19232] R13: 00007f409afc6038 R14: 00007f409afc5fa0 R15: 00007fff56e57f08 [ 520.373295][T19232] [ 520.373851][T19232] hub 2-0:1.0: hub_ext_port_status failed (err = -12) [ 521.049615][T19242] i2c i2c-0: Frontend requested software zigzag, but didn't set the frequency step size [ 521.759413][T19253] netlink: 'syz.3.5500': attribute type 2 has an invalid length. [ 521.798821][T19253] netlink: 'syz.3.5500': attribute type 2 has an invalid length. [ 524.367465][T19321] netlink: 'syz.0.5522': attribute type 3 has an invalid length. [ 525.410162][T19364] ================================================================== [ 525.418353][T19364] BUG: KASAN: slab-use-after-free in force_devcd_write+0x312/0x340 [ 525.426287][T19364] Read of size 8 at addr ffff88801c6fc800 by task syz.1.5536/19364 [ 525.434286][T19364] [ 525.436746][T19364] CPU: 1 UID: 0 PID: 19364 Comm: syz.1.5536 Tainted: G U I syzkaller #0 PREEMPT(full) [ 525.436791][T19364] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 525.436801][T19364] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 525.436816][T19364] Call Trace: [ 525.436824][T19364] [ 525.436834][T19364] dump_stack_lvl+0x116/0x1f0 [ 525.436869][T19364] print_report+0xcd/0x630 [ 525.436897][T19364] ? __virt_addr_valid+0x81/0x610 [ 525.436923][T19364] ? __phys_addr+0xe8/0x180 [ 525.436952][T19364] ? force_devcd_write+0x312/0x340 [ 525.436986][T19364] kasan_report+0xe0/0x110 [ 525.437020][T19364] ? force_devcd_write+0x312/0x340 [ 525.437057][T19364] force_devcd_write+0x312/0x340 [ 525.437090][T19364] ? __pfx_force_devcd_write+0x10/0x10 [ 525.437125][T19364] ? __debugfs_file_get+0x1fe/0x840 [ 525.437161][T19364] ? __pfx___debugfs_file_get+0x10/0x10 [ 525.437201][T19364] full_proxy_write+0x12e/0x1a0 [ 525.437234][T19364] ? __pfx_full_proxy_write+0x10/0x10 [ 525.437271][T19364] vfs_write+0x29d/0x11d0 [ 525.437300][T19364] ? __pfx___mutex_lock+0x10/0x10 [ 525.437334][T19364] ? __pfx_vfs_write+0x10/0x10 [ 525.437367][T19364] ? __fget_files+0x20e/0x3c0 [ 525.437398][T19364] ksys_write+0x12a/0x250 [ 525.437426][T19364] ? __pfx_ksys_write+0x10/0x10 [ 525.437459][T19364] do_syscall_64+0xcd/0x490 [ 525.437493][T19364] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 525.437519][T19364] RIP: 0033:0x7f409ad8ebe9 [ 525.437550][T19364] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 525.437575][T19364] RSP: 002b:00007f409bc77038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 525.437601][T19364] RAX: ffffffffffffffda RBX: 00007f409afc5fa0 RCX: 00007f409ad8ebe9 [ 525.437619][T19364] RDX: 000000000000000e RSI: 0000000000000000 RDI: 0000000000000004 [ 525.437634][T19364] RBP: 00007f409ae11e19 R08: 0000000000000000 R09: 0000000000000000 [ 525.437649][T19364] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 525.437664][T19364] R13: 00007f409afc6038 R14: 00007f409afc5fa0 R15: 00007fff56e57f08 [ 525.437691][T19364] [ 525.437700][T19364] [ 525.654882][T19364] Allocated by task 19235: [ 525.659375][T19364] kasan_save_stack+0x33/0x60 [ 525.664238][T19364] kasan_save_track+0x14/0x30 [ 525.668910][T19364] __kasan_kmalloc+0xaa/0xb0 [ 525.673580][T19364] sctp_transport_new+0xa8/0x7b0 [ 525.678627][T19364] sctp_assoc_add_peer+0x2e3/0x1550 [ 525.683873][T19364] sctp_process_init+0x2724/0x2d50 [ 525.689072][T19364] sctp_sf_do_unexpected_init.isra.0+0x967/0x16f0 [ 525.695577][T19364] sctp_do_sm+0x181/0x5c80 [ 525.700021][T19364] sctp_assoc_bh_rcv+0x392/0x6f0 [ 525.705222][T19364] sctp_inq_push+0x1db/0x270 [ 525.709899][T19364] sctp_backlog_rcv+0x169/0x590 [ 525.714743][T19364] __release_sock+0x35f/0x400 [ 525.719429][T19364] release_sock+0x5a/0x220 [ 525.723856][T19364] sctp_inet_connect+0x16e/0x200 [ 525.728795][T19364] __sys_connect_file+0x13e/0x1a0 [ 525.733887][T19364] __sys_connect+0x13b/0x160 [ 525.738559][T19364] __x64_sys_connect+0x72/0xb0 [ 525.743427][T19364] do_syscall_64+0xcd/0x490 [ 525.748200][T19364] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 525.754268][T19364] [ 525.756581][T19364] Freed by task 15: [ 525.760374][T19364] kasan_save_stack+0x33/0x60 [ 525.765047][T19364] kasan_save_track+0x14/0x30 [ 525.769807][T19364] kasan_save_free_info+0x3b/0x60 [ 525.774861][T19364] __kasan_slab_free+0x60/0x70 [ 525.779796][T19364] kfree+0x2b4/0x4d0 [ 525.783858][T19364] rcu_core+0x79c/0x1530 [ 525.788145][T19364] handle_softirqs+0x216/0x8e0 [ 525.792913][T19364] run_ksoftirqd+0x3a/0x60 [ 525.797331][T19364] smpboot_thread_fn+0x3f7/0xae0 [ 525.802351][T19364] kthread+0x3c5/0x780 [ 525.806602][T19364] ret_from_fork+0x5d7/0x6f0 [ 525.811210][T19364] ret_from_fork_asm+0x1a/0x30 [ 525.816084][T19364] [ 525.818407][T19364] Last potentially related work creation: [ 525.824314][T19364] kasan_save_stack+0x33/0x60 [ 525.829005][T19364] kasan_record_aux_stack+0xa7/0xc0 [ 525.834403][T19364] __call_rcu_common.constprop.0+0xa5/0xa10 [ 525.840491][T19364] sctp_transport_put+0x10f/0x170 [ 525.845613][T19364] sctp_association_free+0x4d3/0x7e0 [ 525.850994][T19364] sctp_do_sm+0x22dc/0x5c80 [ 525.855598][T19364] sctp_assoc_bh_rcv+0x392/0x6f0 [ 525.861147][T19364] sctp_inq_push+0x1db/0x270 [ 525.865829][T19364] sctp_backlog_rcv+0x169/0x590 [ 525.870686][T19364] __release_sock+0x35f/0x400 [ 525.875544][T19364] release_sock+0x5a/0x220 [ 525.880058][T19364] sctp_inet_connect+0x16e/0x200 [ 525.885015][T19364] __sys_connect_file+0x13e/0x1a0 [ 525.890055][T19364] __sys_connect+0x13b/0x160 [ 525.894649][T19364] __x64_sys_connect+0x72/0xb0 [ 525.899522][T19364] do_syscall_64+0xcd/0x490 [ 525.904139][T19364] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 525.910050][T19364] [ 525.912368][T19364] The buggy address belongs to the object at ffff88801c6fc800 [ 525.912368][T19364] which belongs to the cache kmalloc-1k of size 1024 [ 525.926514][T19364] The buggy address is located 0 bytes inside of [ 525.926514][T19364] freed 1024-byte region [ffff88801c6fc800, ffff88801c6fcc00) [ 525.940571][T19364] [ 525.943011][T19364] The buggy address belongs to the physical page: [ 525.949526][T19364] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1c6f8 [ 525.958730][T19364] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 525.967227][T19364] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 525.975317][T19364] page_type: f5(slab) [ 525.979298][T19364] raw: 00fff00000000040 ffff88801b841dc0 0000000000000000 dead000000000001 [ 525.988161][T19364] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 525.996914][T19364] head: 00fff00000000040 ffff88801b841dc0 0000000000000000 dead000000000001 [ 526.005598][T19364] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 526.014439][T19364] head: 00fff00000000003 ffffea000071be01 00000000ffffffff 00000000ffffffff [ 526.023145][T19364] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 526.031824][T19364] page dumped because: kasan: bad access detected [ 526.038325][T19364] page_owner tracks the page as allocated [ 526.044033][T19364] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x252000(__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_THISNODE), pid 0, tgid 0 (swapper/0), ts 1880738303, free_ts 0 [ 526.062014][T19364] post_alloc_hook+0x1c0/0x230 [ 526.066836][T19364] get_page_from_freelist+0x132b/0x38e0 [ 526.072643][T19364] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 526.078622][T19364] new_slab+0x94/0x330 [ 526.082686][T19364] ___slab_alloc+0xcf2/0x1740 [ 526.087359][T19364] __slab_alloc.constprop.0+0x56/0xb0 [ 526.092728][T19364] __kmalloc_cache_node_noprof+0x100/0x420 [ 526.098618][T19364] alloc_desc+0x5d/0x930 [ 526.103057][T19364] early_irq_init+0x205/0x350 [ 526.107853][T19364] start_kernel+0x20b/0x4d0 [ 526.112527][T19364] x86_64_start_reservations+0x18/0x30 [ 526.118077][T19364] x86_64_start_kernel+0x130/0x190 [ 526.123238][T19364] common_startup_64+0x13e/0x148 [ 526.128178][T19364] page_owner free stack trace missing [ 526.133557][T19364] [ 526.136040][T19364] Memory state around the buggy address: [ 526.141666][T19364] ffff88801c6fc700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 526.149812][T19364] ffff88801c6fc780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 526.158052][T19364] >ffff88801c6fc800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 526.166190][T19364] ^ [ 526.170250][T19364] ffff88801c6fc880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 526.178315][T19364] ffff88801c6fc900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 526.186458][T19364] ================================================================== [ 526.230556][T19364] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 526.237976][T19364] CPU: 1 UID: 0 PID: 19364 Comm: syz.1.5536 Tainted: G U I syzkaller #0 PREEMPT(full) [ 526.248977][T19364] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 526.254970][T19364] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 526.265194][T19364] Call Trace: [ 526.268489][T19364] [ 526.271425][T19364] dump_stack_lvl+0x3d/0x1f0 [ 526.276051][T19364] vpanic+0x6e8/0x7a0 [ 526.280049][T19364] ? __pfx_vpanic+0x10/0x10 [ 526.284580][T19364] ? __pfx_vprintk_emit+0x10/0x10 [ 526.289713][T19364] ? force_devcd_write+0x312/0x340 [ 526.294855][T19364] panic+0xca/0xd0 [ 526.298779][T19364] ? __pfx_panic+0x10/0x10 [ 526.303302][T19364] ? force_devcd_write+0x312/0x340 [ 526.308482][T19364] ? preempt_schedule_common+0x44/0xc0 [ 526.314064][T19364] ? preempt_schedule_thunk+0x16/0x30 [ 526.319605][T19364] check_panic_on_warn+0xab/0xb0 [ 526.324667][T19364] end_report+0x107/0x170 [ 526.329026][T19364] kasan_report+0xee/0x110 [ 526.333468][T19364] ? force_devcd_write+0x312/0x340 [ 526.338690][T19364] force_devcd_write+0x312/0x340 [ 526.343630][T19364] ? __pfx_force_devcd_write+0x10/0x10 [ 526.349824][T19364] ? __debugfs_file_get+0x1fe/0x840 [ 526.355290][T19364] ? __pfx___debugfs_file_get+0x10/0x10 [ 526.360944][T19364] full_proxy_write+0x12e/0x1a0 [ 526.365822][T19364] ? __pfx_full_proxy_write+0x10/0x10 [ 526.371680][T19364] vfs_write+0x29d/0x11d0 [ 526.376110][T19364] ? __pfx___mutex_lock+0x10/0x10 [ 526.381156][T19364] ? __pfx_vfs_write+0x10/0x10 [ 526.386116][T19364] ? __fget_files+0x20e/0x3c0 [ 526.390803][T19364] ksys_write+0x12a/0x250 [ 526.395150][T19364] ? __pfx_ksys_write+0x10/0x10 [ 526.400096][T19364] do_syscall_64+0xcd/0x490 [ 526.404607][T19364] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 526.410612][T19364] RIP: 0033:0x7f409ad8ebe9 [ 526.415200][T19364] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 526.435073][T19364] RSP: 002b:00007f409bc77038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 526.443586][T19364] RAX: ffffffffffffffda RBX: 00007f409afc5fa0 RCX: 00007f409ad8ebe9 [ 526.451562][T19364] RDX: 000000000000000e RSI: 0000000000000000 RDI: 0000000000000004 [ 526.459541][T19364] RBP: 00007f409ae11e19 R08: 0000000000000000 R09: 0000000000000000 [ 526.467610][T19364] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 526.475762][T19364] R13: 00007f409afc6038 R14: 00007f409afc5fa0 R15: 00007fff56e57f08 [ 526.483764][T19364] [ 526.487002][T19364] Kernel Offset: disabled [ 526.491317][T19364] Rebooting in 86400 seconds..