last executing test programs: 4m19.858308958s ago: executing program 0 (id=763): pipe$auto(0x0) madvise$auto(0x0, 0xffffffffffff0001, 0x15) mlockall$auto(0x7) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup.cpu/memory.limit_in_bytes\x00', 0x182b02, 0x0) sendfile$auto(r0, r0, 0x0, 0x3) 4m17.662950481s ago: executing program 0 (id=777): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) r0 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x48402, 0x0) read$auto(r0, 0x0, 0x1f40) r1 = openat$auto_proc_coredump_filter_operations_base(0xffffffffffffff9c, &(0x7f0000001d80), 0x101102, 0x0) write$auto(r1, 0x0, 0x4) 4m17.214336906s ago: executing program 0 (id=780): mmap$auto(0x0, 0x2, 0xffffffffffffffff, 0x40eb1, 0x602, 0x300000000000) move_pages$auto(0x0, 0x1002, 0x0, 0x0, 0x0, 0x2) r0 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/event0\x00', 0xc00, 0x0) ioctl$auto_EVIOCSMASK(r0, 0x40104593, 0x0) close_range$auto(0x2, 0x8, 0x0) 4m16.131723818s ago: executing program 0 (id=794): mmap$auto(0x0, 0x853, 0x2000000000000002, 0xeb1, 0xffffffffffffffff, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/mm/ksm/advisor_target_scan_time\x00', 0x201, 0x0) r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/net/ipv4/conf/ip6gretap0/accept_source_route\x00', 0x20140, 0x0) read$auto(r0, 0x0, 0x1ff) write$auto(0x3, 0x0, 0xfdef) 4m15.727393328s ago: executing program 0 (id=793): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0x1, 0x0) futex$auto(0x0, 0x6, 0x8, 0x0, 0x0, 0xffffffd6) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x402, 0x300000000000) tkill$auto(0x1, 0x7) 4m14.150554271s ago: executing program 0 (id=805): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x200000000000404, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/virtual/mac80211_hwsim/hwsim1/ieee80211/phy1/rfkill3/soft\x00', 0x42000, 0x0) read$auto(r0, 0x0, 0x20) r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/fs/cifs/SecurityFlags\x00', 0x48041, 0x0) write$auto(r1, 0x0, 0x4) 4m13.620308573s ago: executing program 32 (id=805): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x200000000000404, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/virtual/mac80211_hwsim/hwsim1/ieee80211/phy1/rfkill3/soft\x00', 0x42000, 0x0) read$auto(r0, 0x0, 0x20) r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/fs/cifs/SecurityFlags\x00', 0x48041, 0x0) write$auto(r1, 0x0, 0x4) 4m0.696732263s ago: executing program 1 (id=891): r0 = openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/sg0\x00', 0x141000, 0x0) bpf$auto(0x40, &(0x7f00000000c0)=@bpf_attr_0={0x0, 0x6, 0x8, 0x4, 0x800, 0xffffffffffffffff, 0x13, "f0f59673e700", 0x0, 0xffffffffffffffff, 0xfffff588, 0x9, 0x2, 0x100000000000200}, 0x7f) ioctl$auto_SCSI_IOCTL_SEND_COMMAND2(r0, 0x1, &(0x7f00000000c0)) r1 = openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x100e42, 0x0) write$auto_sg_fops_sg(r1, &(0x7f00000001c0)="bf5b1a8c24000000dbcbc7a996eea7f3804ca6c7591afff6578d2f5f520f687f316ba7327b581cd8d58309037c0ae2c7", 0x30) 4m0.373217926s ago: executing program 1 (id=894): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r0 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x80080, 0x0) mprotect$auto(0x200000000000, 0x806121, 0x8) ioctl$auto_PPPIOCSMRU(r0, 0xc004743e, 0x0) ioctl$auto_PPPIOCSCOMPRESS(r0, 0x4010744d, &(0x7f0000000040)={0x0, 0xffff8000, 0x84}) 4m0.050071659s ago: executing program 1 (id=899): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/ptp/ptp0/max_vclocks\x00', 0x103841, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) r0 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, 0x0, 0x48802, 0x0) read$auto(r0, 0x0, 0xb4d3) write$auto(0x3, 0x0, 0xfdef) 3m59.766956532s ago: executing program 1 (id=910): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x0) bpf$auto(0x0, &(0x7f00000001c0)=@bpf_attr_0={0x1, 0x3, 0xffff, 0x3, 0x7, 0xffffffffffffffff, 0xa, "2af051b26b658a20d8dc6b366203e219", 0x0, 0xffffffffffffffff, 0x8000005, 0x7, 0x7, 0x8}, 0x10) bpf$auto(0x2, 0x0, 0xb) bpf$auto(0x15, 0x0, 0x0) 3m59.481915461s ago: executing program 1 (id=904): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0x1, 0x0) futex$auto(0x0, 0x6, 0x8, 0x0, 0x0, 0xffffffd6) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x402, 0x300000000000) tkill$auto(0x1, 0x7) 3m58.845964392s ago: executing program 1 (id=908): mmap$auto(0x0, 0x2020009, 0x9, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0x2, 0x1, 0x0) socket(0x23, 0x2, 0x0) ioctl$auto(0x8000000000000001, 0x89ef, 0x9) 3m58.411578795s ago: executing program 33 (id=908): mmap$auto(0x0, 0x2020009, 0x9, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0x2, 0x1, 0x0) socket(0x23, 0x2, 0x0) ioctl$auto(0x8000000000000001, 0x89ef, 0x9) 4.487166822s ago: executing program 2 (id=3265): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) socket(0x2, 0x801, 0x106) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket(0x1d, 0x2, 0x2) connect$auto(0x5, 0x0, 0x9) sendmsg$auto_HSR_C_GET_NODE_STATUS(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000440)=ANY=[@ANYRES32=r0, @ANYRESHEX, @ANYRES16=r0, @ANYRESOCT, @ANYBLOB="fc959fc988"], 0x38}, 0x1, 0x0, 0x0, 0x2c050811}, 0x10) close_range$auto(0x2, 0xa, 0x0) 4.376842486s ago: executing program 2 (id=3267): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x8000000000000000, 0x15) mknod$auto(&(0x7f0000000040)='./file0\x00', 0x1001, 0x4) 3.644572867s ago: executing program 4 (id=3272): clock_adjtime$auto(0x0, &(0x7f0000000040)={0xfbb, 0x0, 0x7f, 0xfffffffff7fffffe, 0x600, 0x1, 0x7, 0x0, 0x7, 0x8, 0x5, {0x3ff, 0x7}, 0xfffffffffffffffa, 0xa5, 0xa, 0x13c, 0x0, 0xc3, 0x1000, 0x800000000000007, 0x5, 0x90, 0xfffffff5}) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x1d, 0x2, 0x7) r0 = socket(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'vcan0\x00', 0x0}) bind$auto(0x3, &(0x7f0000000040)=@can={0x1d, r1}, 0x6a) 3.58464309s ago: executing program 3 (id=3274): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) io_uring_setup$auto(0x6, 0x0) clock_nanosleep$auto(0x7, 0x9, 0x0, 0x0) mmap$auto(0x0, 0x20007, 0x80000000000000df, 0x10004000eb1, 0x5, 0x8000) close_range$auto(0x2, 0x8000, 0x0) 3.503602466s ago: executing program 4 (id=3275): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) socketpair$auto(0x2, 0x2, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x64842, 0x0) socket(0x15, 0x5, 0x0) socket(0x2, 0x1, 0x106) getsockopt$auto(0x4, 0x6, 0x4, 0x0, 0x0) 3.384121517s ago: executing program 4 (id=3277): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000080)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x4000000000007, 0x2505}, 0x7fe}, 0x4, 0x1000) r0 = socket(0x29, 0x2, 0x0) r1 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200", @ANYBLOB="5de1"], 0x1ac}}, 0x40000) recvmmsg$auto(r1, &(0x7f0000000040)={{0x0, 0x5, 0x0, 0x5, 0x0, 0x200002, 0x13}, 0x803}, 0xfffffff9, 0x10, 0x0) ioctl$auto(r0, 0x8bf0, 0x24) 3.205794772s ago: executing program 3 (id=3278): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socketpair$auto(0x1, 0x0, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x163340, 0x6a) socket(0xa, 0x2, 0x88) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) bind$auto(0x3, &(0x7f0000000000)=@generic={0xa, "dfffffffffffffff00"}, 0x6a) 2.969035088s ago: executing program 3 (id=3279): socket(0x1d, 0x3, 0x1) mmap$auto(0x0, 0x2020006, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0001, 0x15) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) pidfd_open$auto(0x1, 0x0) 2.852890428s ago: executing program 2 (id=3280): mmap$auto(0x0, 0x2020005, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0xffffffffffffffff, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x11, 0x80003, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000140)={'tunl0\x00', 0x0}) sendto$auto(0x3, 0x0, 0x13, 0xfffffff8, &(0x7f0000000440)=@xdp={0x2c, 0xdd86, r1, 0x2f}, 0x22) 2.746077948s ago: executing program 2 (id=3281): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) socket(0x15, 0x5, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) setsockopt$auto(0x3, 0x114, 0x6, 0x0, 0xa0) 2.25984443s ago: executing program 4 (id=3286): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000080)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x4000000000007, 0xa505}, 0x800}, 0x4, 0x4008) r0 = socket(0x29, 0x2, 0x0) r1 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200", @ANYBLOB="5de1"], 0x1ac}}, 0x40000) recvmmsg$auto(r1, &(0x7f0000000040)={{0x0, 0x5, 0x0, 0x5, 0x0, 0x200002, 0x13}, 0x803}, 0xfffffff9, 0x10, 0x0) ioctl$auto(r0, 0x8924, 0x24) 2.246544543s ago: executing program 2 (id=3287): mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) connect$auto(0x4, 0x0, 0x10) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) select$auto(0x7, 0x0, &(0x7f0000000080)={[0x209c, 0xe9e, 0x6, 0x15, 0x1000, 0x100000001, 0xc, 0x9, 0x0, 0xfffffffffffffffe, 0xe, 0xd59, 0x101, 0xff, 0x2, 0x80000001]}, 0x0, 0x0) connect$auto(0x3, 0x0, 0x55) 1.203077546s ago: executing program 2 (id=3292): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000200)={{0x0, 0x0, 0x0, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x8) r0 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/block/ram9/diskseq\x00', 0x0, 0x0) read$auto(r1, 0x0, 0x20) writev$auto(r0, &(0x7f0000000200)={0x0, 0x7}, 0x3) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) 1.151941369s ago: executing program 5 (id=3293): mmap$auto(0x0, 0xa00006, 0x400002, 0x40eb1, 0x602, 0x300000000000) r0 = socket(0x2, 0x1, 0x106) bind$auto(r0, &(0x7f0000000040)=@in={0x2, 0x3, @multicast2}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) mmap$auto(0x0, 0x2020009, 0x9, 0xeb1, 0xfffefffffffffffa, 0x8000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd) 1.111195825s ago: executing program 4 (id=3294): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) socket(0x10, 0x2, 0x0) sendmsg$auto_HWSIM_CMD_NEW_RADIO(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="010026bd7000ffdbdf250400000014001a80ffff04800c0001"], 0x28}, 0x1, 0x0, 0x0, 0x894}, 0x4) futex_waitv$auto(&(0x7f0000000000)={0xf, 0x5d94, 0x4002, 0x4}, 0x77, 0xfffffffc, 0x0, 0x62bd) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1c003b", @ANYRES8], 0x1ac}, 0x1, 0x0, 0x0, 0x800}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c03, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 472.113892ms ago: executing program 4 (id=3295): mmap$auto(0x0, 0x20009, 0x7, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) close_range$auto(0x2, 0xffffffffffffffff, 0x0) open(0x0, 0x22240, 0x55) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$auto(0x3, 0x800c6f40, r0) 330.749425ms ago: executing program 3 (id=3296): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x55) socket(0x2, 0x3, 0xa) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x8) sendto$auto(0x3, 0x0, 0xffeb, 0xe, &(0x7f0000000100)=@in={0x2, 0x4e22, @multicast2}, 0x19) 252.516425ms ago: executing program 5 (id=3297): r0 = open(&(0x7f0000000000)='./file0\x00', 0x4242, 0xe1d2b27bdc14aabc) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0xa, 0x801, 0x84) socket$nl_generic(0x10, 0x3, 0x10) epoll_create$auto(0x4) socket(0xa, 0x2, 0x3a) getsockopt$auto_SO_GET_FILTER(r0, 0x0, 0x1a, &(0x7f00000003c0)='/dev/sg0\x00\x0e\xe7\x8eI\xb3m\x83\xb3\v\\\x9f\xb4\x8f\x7f@7\x03\x00\x00\x00\x86w\x02\xa0\x16MZ\x14W`\xc3HjX\xa4\xe7\xd0\xc5D\xe4\xc5 \x9b3r\x11,\xdd9\r\xab~\xf8\xec\x8az;\xfa\xb3\xc8\x04\x16\xedT\x95\x82-\x05\tZR\b\x14\xe6\xe7\xfc\xfds\x8a\xfayT\x9dp\x1a \xba$\x02bz\xc3\x8c\x7fT2\xfe\x93\xf6[\xc3\xb76\xbc\x88\xee}\xbb`,\x11\xe2gP\xda\xbeG\xb1J\xd5\x14\xb1j\xa8\\\x16Y^U\x0e\xfb\xfa\xe8XJ\x94\xa4\xfb\"\x9b\xb4_\v\n\x97\x8c\x88,l\x91\xec\x1ca\xd0~\x00Zi\x98J\x0eG\xac|a\xd6\xc0\x9f~`\x98\x83\x92\x19\x9a*y\xba{hv\xe5\x98LT\xac\xbf\xff\x86!\xb0\xd1D\xe6G\xd1\x9b\x11\x99\x83\xf3\xd6\xc4Oz\n\xc1\x81\xcco\xf6\x9e9\xc6\x8fG\xef\v\xc1Z\xe7\xa7\'\x8d\xcf\xee+\xacc\xacR\x04N\xb8 J\x7fbQ\x88\xeb\x8b>\xd05\xad\x18n\xd6\xf5T\x81H\xdfY4\xd1\x12\x84\xdfVt\xce\xe9\xe2>\x83g\x0fe\xeb\xe5\xd5\xc3\xa1\x97\xd4\x88\xbdD\xf8\x9bP\xc8\xc1$\x00\x14\x1ak\xc3\xafU\xc4P\x14\xbf\xf1\xfd\xda\x90\x1e\xefY\xe9\xed\x7f', &(0x7f00000000c0)=0x4cb) 187.035994ms ago: executing program 3 (id=3298): socket(0x10, 0x2, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="0f0026bd7000fd038004001298"], 0x20}, 0x1, 0x0, 0x0, 0x4004040}, 0xc800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_NETDEV_CMD_QUEUE_GET(0xffffffffffffffff, &(0x7f0000003040)={0x0, 0x0, &(0x7f0000003000)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c000000", @ANYRES16=0x0, @ANYBLOB="010600bd7000fbdbdf250a"], 0x1c}, 0x1, 0x0, 0x0, 0x20040004}, 0x20008810) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="18"], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c03, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 164.998572ms ago: executing program 5 (id=3299): mkdir$auto(&(0x7f0000000100)='}[,&*}\x00', 0x8001) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) mount$auto(0x0, &(0x7f00000000c0)='}[,&*}\x00', &(0x7f0000000140)='nfsd\x00', 0x808, 0x0) chdir$auto(&(0x7f0000000000)='}[,&*}\x00') close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) open(&(0x7f0000000100)='.\x00', 0x0, 0x408) getdents$auto(0x0, 0x0, 0x18) 43.180355ms ago: executing program 5 (id=3300): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x1e, 0x4, 0x0) get_robust_list$auto(0x0, 0x0, 0x0) setsockopt$auto(0x3, 0x10f, 0x87, 0x0, 0x14) bind$auto(0x3, &(0x7f0000000080)=@tipc=@name={0x1e, 0x2, 0x2, {{0x41, 0x3}}}, 0x6a) 43.019714ms ago: executing program 5 (id=3301): mmap$auto(0x0, 0x2000a, 0x10000000000df, 0xeb2, 0x401, 0x8000) openat$auto_userio_fops_userio(0xffffffffffffff9c, &(0x7f0000000340), 0x2000, 0x0) io_uring_setup$auto(0x6, 0x0) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x4242, 0xe1d2b27bdc14aad4) open(0x0, 0x0, 0x40) 42.874474ms ago: executing program 3 (id=3302): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x8000000000000000, 0x15) mknod$auto(&(0x7f0000000040)='./file0\x00', 0x1001, 0x4) 0s ago: executing program 5 (id=3303): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = socket(0x2b, 0x1, 0x1) r1 = socket(0x10, 0x2, 0x0) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x59e, 0x0, 0x2, 0x9}, 0x207}, 0x40, 0x100) sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200", @ANYRES8=r0], 0x1ac}}, 0x40000) recvmmsg$auto(r1, &(0x7f0000000140)={{0x0, 0x4, &(0x7f0000000080)={0x0, 0x5}, 0x5, 0x0, 0x2, 0x200}, 0x7ff}, 0x10a, 0x8, 0x0) setsockopt$auto(r0, 0x29, 0x20, 0x0, 0x23) kernel console output (not intermixed with test programs): 204.468388][ T8966] [ 204.468398][ T8966] dump_stack_lvl+0x16c/0x1f0 [ 204.468444][ T8966] should_fail_ex+0x512/0x640 [ 204.468482][ T8966] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 204.468511][ T8966] should_failslab+0xc2/0x120 [ 204.468548][ T8966] __kmalloc_cache_noprof+0x6a/0x3e0 [ 204.468575][ T8966] ? __do_sys_fanotify_init+0x57a/0xc00 [ 204.468614][ T8966] ? kasan_save_track+0x14/0x30 [ 204.468645][ T8966] __do_sys_fanotify_init+0x57a/0xc00 [ 204.468688][ T8966] do_syscall_64+0xcd/0x4c0 [ 204.468737][ T8966] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 204.468762][ T8966] RIP: 0033:0x7f389738eba9 [ 204.468782][ T8966] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 204.468805][ T8966] RSP: 002b:00007f38982e1038 EFLAGS: 00000246 ORIG_RAX: 000000000000012c [ 204.468830][ T8966] RAX: ffffffffffffffda RBX: 00007f38975d5fa0 RCX: 00007f389738eba9 [ 204.468848][ T8966] RDX: 0000000000000000 RSI: 0002000000000002 RDI: 0000000000000005 [ 204.468863][ T8966] RBP: 00007f3897411e19 R08: 0000000000000000 R09: 0000000000000000 [ 204.468879][ T8966] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 204.468894][ T8966] R13: 00007f38975d6038 R14: 00007f38975d5fa0 R15: 00007ffeb01a17f8 [ 204.468929][ T8966] [ 205.430977][ T9002] netlink: 334 bytes leftover after parsing attributes in process `syz.3.1091'. [ 205.710150][ T9011] FAULT_INJECTION: forcing a failure. [ 205.710150][ T9011] name failslab, interval 1, probability 0, space 0, times 0 [ 205.772882][ T9011] CPU: 0 UID: 0 PID: 9011 Comm: syz.3.1093 Tainted: G U syzkaller #0 PREEMPT(full) [ 205.772924][ T9011] Tainted: [U]=USER [ 205.772932][ T9011] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 205.772947][ T9011] Call Trace: [ 205.772956][ T9011] [ 205.772966][ T9011] dump_stack_lvl+0x16c/0x1f0 [ 205.773010][ T9011] should_fail_ex+0x512/0x640 [ 205.773048][ T9011] ? __kmalloc_noprof+0xbf/0x510 [ 205.773082][ T9011] ? memcg_list_lru_alloc+0x4e9/0x740 [ 205.773111][ T9011] should_failslab+0xc2/0x120 [ 205.773143][ T9011] __kmalloc_noprof+0xd2/0x510 [ 205.773170][ T9011] ? __lock_acquire+0x62e/0x1ce0 [ 205.773210][ T9011] memcg_list_lru_alloc+0x4e9/0x740 [ 205.773251][ T9011] ? __pfx_memcg_list_lru_alloc+0x10/0x10 [ 205.773292][ T9011] ? get_mem_cgroup_from_objcg+0xd3/0x330 [ 205.773324][ T9011] __memcg_slab_post_alloc_hook+0x133/0x960 [ 205.773364][ T9011] ? kasan_save_track+0x14/0x30 [ 205.773397][ T9011] kmem_cache_alloc_lru_noprof+0x30f/0x3b0 [ 205.773428][ T9011] ? __d_alloc+0x32/0xae0 [ 205.773463][ T9011] __d_alloc+0x32/0xae0 [ 205.773498][ T9011] d_alloc_pseudo+0x1c/0xc0 [ 205.773536][ T9011] alloc_file_pseudo+0xcf/0x230 [ 205.773574][ T9011] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 205.773611][ T9011] ? security_inode_init_security_anon+0x79/0x240 [ 205.773651][ T9011] secretmem_file_create.constprop.0+0x89/0x290 [ 205.773687][ T9011] __x64_sys_memfd_secret+0xc1/0x150 [ 205.773720][ T9011] do_syscall_64+0xcd/0x4c0 [ 205.773761][ T9011] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 205.773786][ T9011] RIP: 0033:0x7f9f0cd8eba9 [ 205.773807][ T9011] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 205.773831][ T9011] RSP: 002b:00007f9f0dc75038 EFLAGS: 00000246 ORIG_RAX: 00000000000001bf [ 205.773856][ T9011] RAX: ffffffffffffffda RBX: 00007f9f0cfd5fa0 RCX: 00007f9f0cd8eba9 [ 205.773881][ T9011] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 205.773897][ T9011] RBP: 00007f9f0ce11e19 R08: 0000000000000000 R09: 0000000000000000 [ 205.773913][ T9011] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 205.773928][ T9011] R13: 00007f9f0cfd6038 R14: 00007f9f0cfd5fa0 R15: 00007fff2ad171d8 [ 205.773964][ T9011] [ 206.281458][ T9019] device-mapper: ioctl: Invalid new mapped device name or uuid string supplied. syzkaller syzkaller login: [ 206.774306][ T9042] Console: switching to colour VGA+ 80x25 [ 206.859590][ T9042] Console: switching to colour frame buffer device 4x6 [ 206.909677][ T9049] nbd: socks must be embedded in a SOCK_ITEM attr [ 206.910354][ T9049] block nbd1: shutting down sockets [ 208.398365][ T9109] netlink: 346 bytes leftover after parsing attributes in process `syz.2.1125'. [ 208.474238][ T9113] sctp: [Deprecated]: syz.3.1127 (pid 9113) Use of int in maxseg socket option. [ 208.474238][ T9113] Use struct sctp_assoc_value instead [ 209.256151][ T9143] FAULT_INJECTION: forcing a failure. [ 209.256151][ T9143] name failslab, interval 1, probability 0, space 0, times 0 [ 209.303604][ T9143] CPU: 1 UID: 0 PID: 9143 Comm: syz.4.1136 Tainted: G U syzkaller #0 PREEMPT(full) [ 209.303646][ T9143] Tainted: [U]=USER [ 209.303653][ T9143] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 209.303666][ T9143] Call Trace: [ 209.303675][ T9143] [ 209.303684][ T9143] dump_stack_lvl+0x16c/0x1f0 [ 209.303737][ T9143] should_fail_ex+0x512/0x640 [ 209.303774][ T9143] ? fs_reclaim_acquire+0xae/0x150 [ 209.303812][ T9143] should_failslab+0xc2/0x120 [ 209.303843][ T9143] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 209.303872][ T9143] ? security_inode_alloc+0x3b/0x2b0 [ 209.303904][ T9143] security_inode_alloc+0x3b/0x2b0 [ 209.303931][ T9143] inode_init_always_gfp+0xce4/0x1030 [ 209.303961][ T9143] alloc_inode+0x86/0x240 [ 209.303995][ T9143] path_from_stashed+0x25b/0x750 [ 209.304023][ T9143] ? alloc_fd+0x471/0x7d0 [ 209.304052][ T9143] pidfs_alloc_file+0xf8/0x290 [ 209.304077][ T9143] ? __pfx_pidfs_alloc_file+0x10/0x10 [ 209.304105][ T9143] ? _raw_spin_unlock_irq+0x23/0x50 [ 209.304141][ T9143] pidfd_prepare+0x129/0x200 [ 209.304177][ T9143] __x64_sys_pidfd_open+0x105/0x1a0 [ 209.304214][ T9143] ? __pfx___x64_sys_pidfd_open+0x10/0x10 [ 209.304256][ T9143] ? rcu_is_watching+0x12/0xc0 [ 209.304285][ T9143] do_syscall_64+0xcd/0x4c0 [ 209.304326][ T9143] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 209.304351][ T9143] RIP: 0033:0x7f532ff8eba9 [ 209.304372][ T9143] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 209.304396][ T9143] RSP: 002b:00007f532e1f6038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b2 [ 209.304421][ T9143] RAX: ffffffffffffffda RBX: 00007f53301d5fa0 RCX: 00007f532ff8eba9 [ 209.304438][ T9143] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 209.304453][ T9143] RBP: 00007f5330011e19 R08: 0000000000000000 R09: 0000000000000000 [ 209.304468][ T9143] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 209.304482][ T9143] R13: 00007f53301d6038 R14: 00007f53301d5fa0 R15: 00007ffd8d1609c8 [ 209.304515][ T9143] [ 209.518964][ C1] vkms_vblank_simulate: vblank timer overrun [ 210.775107][ T5880] Bluetooth: hci3: unexpected event 0x3e length: 508 > 260 [ 210.775144][ T5880] Bluetooth: hci3: unexpected subevent 0x02 length: 507 > 260 [ 210.790751][ T5880] Bluetooth: hci3: Dropping invalid advertising data [ 210.798157][ T5880] Bluetooth: hci3: Dropping invalid advertising data [ 210.805076][ T5880] Bluetooth: hci3: Dropping invalid advertising data [ 210.813091][ T5880] Bluetooth: hci3: Malformed LE Event: 0x02 [ 210.893011][ T9192] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1158'. [ 211.536512][ T9187] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 211.543398][ T9187] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 211.551139][ T9187] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 211.557509][ T9187] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 211.566886][ T9187] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 211.575523][ T9187] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 211.584824][ T9187] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 211.590951][ T9187] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 211.600651][ T9187] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 212.096639][ T9228] netlink: 342 bytes leftover after parsing attributes in process `syz.2.1173'. [ 212.379772][ T9238] FAULT_INJECTION: forcing a failure. [ 212.379772][ T9238] name fail_futex, interval 1, probability 0, space 0, times 0 [ 212.394075][ T9238] CPU: 1 UID: 0 PID: 9238 Comm: syz.2.1179 Tainted: G U syzkaller #0 PREEMPT(full) [ 212.394116][ T9238] Tainted: [U]=USER [ 212.394125][ T9238] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 212.394140][ T9238] Call Trace: [ 212.394148][ T9238] [ 212.394157][ T9238] dump_stack_lvl+0x16c/0x1f0 [ 212.394199][ T9238] should_fail_ex+0x512/0x640 [ 212.394242][ T9238] should_fail_futex+0x4c/0x60 [ 212.394273][ T9238] __x64_sys_futex+0x25e/0x4c0 [ 212.394305][ T9238] ? fdget_pos+0x2b8/0x370 [ 212.394335][ T9238] ? __pfx___x64_sys_futex+0x10/0x10 [ 212.394367][ T9238] ? xfd_validate_state+0x61/0x180 [ 212.394403][ T9238] ? __pfx_ksys_write+0x10/0x10 [ 212.394441][ T9238] do_syscall_64+0xcd/0x4c0 [ 212.394478][ T9238] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 212.394503][ T9238] RIP: 0033:0x7fdf3a98eba9 [ 212.394524][ T9238] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 212.394547][ T9238] RSP: 002b:00007fdf3b8e0038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 212.394577][ T9238] RAX: ffffffffffffffda RBX: 00007fdf3abd5fa0 RCX: 00007fdf3a98eba9 [ 212.394593][ T9238] RDX: 0000000000000004 RSI: 000000000000000d RDI: 0000000000000000 [ 212.394608][ T9238] RBP: 00007fdf3aa11e19 R08: 0000000000000000 R09: 0000000000000008 [ 212.394623][ T9238] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000 [ 212.394638][ T9238] R13: 00007fdf3abd6038 R14: 00007fdf3abd5fa0 R15: 00007ffc24915c58 [ 212.394671][ T9238] [ 212.818077][ T5880] Bluetooth: hci1: command 0x0c1a tx timeout [ 212.918348][ T9252] Console: switching to colour VGA+ 80x25 [ 213.014826][ T9252] Console: switching to colour frame buffer device 4x6 [ 213.270801][ T9266] FAULT_INJECTION: forcing a failure. [ 213.270801][ T9266] name failslab, interval 1, probability 0, space 0, times 0 [ 213.283858][ T9266] CPU: 1 UID: 0 PID: 9266 Comm: syz.2.1191 Tainted: G U syzkaller #0 PREEMPT(full) [ 213.283892][ T9266] Tainted: [U]=USER [ 213.283898][ T9266] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 213.283911][ T9266] Call Trace: [ 213.283919][ T9266] [ 213.283927][ T9266] dump_stack_lvl+0x116/0x1f0 [ 213.283964][ T9266] should_fail_ex+0x512/0x640 [ 213.283999][ T9266] should_failslab+0xc2/0x120 [ 213.284028][ T9266] __kmalloc_node_track_caller_noprof+0xd6/0x510 [ 213.284055][ T9266] ? netlink_realloc_groups+0x1aa/0x2d0 [ 213.284090][ T9266] krealloc_noprof+0x1ff/0x3a0 [ 213.284116][ T9266] netlink_realloc_groups+0x1aa/0x2d0 [ 213.284144][ T9266] ? tomoyo_socket_bind_permission+0x14f/0x350 [ 213.284177][ T9266] netlink_bind+0x7a8/0x9d0 [ 213.284209][ T9266] ? __pfx_netlink_bind+0x10/0x10 [ 213.284238][ T9266] ? apparmor_socket_bind+0x105/0x200 [ 213.284262][ T9266] __sys_bind+0x1a7/0x260 [ 213.284287][ T9266] ? __pfx___sys_bind+0x10/0x10 [ 213.284320][ T9266] ? xfd_validate_state+0x61/0x180 [ 213.284347][ T9266] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 213.284379][ T9266] __x64_sys_bind+0x72/0xb0 [ 213.284411][ T9266] ? lockdep_hardirqs_on+0x7c/0x110 [ 213.284441][ T9266] do_syscall_64+0xcd/0x4c0 [ 213.284475][ T9266] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 213.284495][ T9266] RIP: 0033:0x7fdf3a98eba9 [ 213.284511][ T9266] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 213.284529][ T9266] RSP: 002b:00007fdf3b8e0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000031 [ 213.284548][ T9266] RAX: ffffffffffffffda RBX: 00007fdf3abd5fa0 RCX: 00007fdf3a98eba9 [ 213.284561][ T9266] RDX: 0000000000000068 RSI: 0000200000000000 RDI: 0000000000000003 [ 213.284573][ T9266] RBP: 00007fdf3aa11e19 R08: 0000000000000000 R09: 0000000000000000 [ 213.284585][ T9266] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 213.284598][ T9266] R13: 00007fdf3abd6038 R14: 00007fdf3abd5fa0 R15: 00007ffc24915c58 [ 213.284624][ T9266] [ 213.623091][ T5880] Bluetooth: hci4: command 0x0c1a tx timeout [ 213.624791][ T5868] Bluetooth: hci3: command 0x0c1a tx timeout [ 213.629125][ T51] Bluetooth: hci2: command 0x0c1a tx timeout [ 214.099192][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 214.345015][ T0] NOHZ tick-stop error: local softirq work is pending, handler #208!!! [ 215.682020][ T51] Bluetooth: hci4: command 0x0c1a tx timeout [ 215.688159][ T5880] Bluetooth: hci3: command 0x0c1a tx timeout [ 216.339240][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 216.386707][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 217.734433][ T9390] bonding: no command found in bonding_masters - use +ifname or -ifname [ 217.749334][ T51] Bluetooth: hci4: command 0x0c1a tx timeout [ 217.755393][ T5880] Bluetooth: hci3: command 0x0c1a tx timeout [ 218.033012][ T9371] kexec: Could not allocate control_code_buffer [ 219.637970][ T9460] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 219.818434][ T51] Bluetooth: hci3: command 0x0c1a tx timeout [ 223.158849][ T9573] nbd: socks must be embedded in a SOCK_ITEM attr [ 223.179098][ T9573] block nbd1: shutting down sockets [ 223.308602][ T9572] zswap: compressor not available [ 223.733151][ T9596] Console: switching to colour VGA+ 80x25 [ 223.795948][ T9596] Console: switching to colour frame buffer device 4x6 [ 226.817777][ T9670] Console: switching to colour VGA+ 80x25 [ 226.879361][ T9670] Console: switching to colour frame buffer device 4x6 [ 228.376474][ T30] audit: type=1804 audit(1758162871.195:8): pid=9702 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.1337" name="/newroot/343/file0" dev="tmpfs" ino=1750 res=1 errno=0 [ 228.454935][ T30] audit: type=1804 audit(1758162871.266:9): pid=9706 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.1337" name="/newroot/343/file0" dev="tmpfs" ino=1750 res=1 errno=0 [ 228.501691][ T30] audit: type=1800 audit(1758162871.316:10): pid=9702 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.1337" name="file0" dev="tmpfs" ino=1750 res=0 errno=0 [ 228.521372][ C0] vkms_vblank_simulate: vblank timer overrun [ 230.299306][ T51] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18 [ 231.601863][ T9806] netlink: 122 bytes leftover after parsing attributes in process `syz.2.1376'. [ 235.039623][ T9921] netlink: 'syz.4.1432': attribute type 1 has an invalid length. [ 236.091670][ T5880] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 236.517657][ T9959] ptrace attach of "./syz-executor exec"[8474] was attempted by ""[9959] [ 239.771922][ T5880] Bluetooth: hci4: unexpected subevent 0x01 length: 123 > 18 [ 239.873744][T10058] netlink: 19 bytes leftover after parsing attributes in process `syz.2.1484'. [ 241.473242][T10095] netlink: 350 bytes leftover after parsing attributes in process `syz.2.1498'. [ 243.244364][T10163] FAULT_INJECTION: forcing a failure. [ 243.244364][T10163] name failslab, interval 1, probability 0, space 0, times 0 [ 243.396062][T10163] CPU: 1 UID: 0 PID: 10163 Comm: syz.4.1519 Tainted: G U syzkaller #0 PREEMPT(full) [ 243.396107][T10163] Tainted: [U]=USER [ 243.396116][T10163] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 243.396143][T10163] Call Trace: [ 243.396156][T10163] [ 243.396166][T10163] dump_stack_lvl+0x16c/0x1f0 [ 243.396211][T10163] should_fail_ex+0x512/0x640 [ 243.396282][T10163] ? __kmalloc_noprof+0xbf/0x510 [ 243.396315][T10163] ? constrain_params_by_rules+0x175/0xca0 [ 243.396346][T10163] should_failslab+0xc2/0x120 [ 243.396380][T10163] __kmalloc_noprof+0xd2/0x510 [ 243.396408][T10163] ? unwind_get_return_address+0x59/0xa0 [ 243.396444][T10163] constrain_params_by_rules+0x175/0xca0 [ 243.396490][T10163] ? stack_trace_save+0x8e/0xc0 [ 243.396526][T10163] ? __pfx_constrain_params_by_rules+0x10/0x10 [ 243.396566][T10163] ? __kasan_kmalloc+0xaa/0xb0 [ 243.396594][T10163] ? snd_pcm_oss_change_params_locked+0x247/0x3a30 [ 243.396625][T10163] ? snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 243.396654][T10163] ? snd_pcm_oss_sync+0x32e/0x840 [ 243.396693][T10163] ? rcu_is_watching+0x12/0xc0 [ 243.396719][T10163] ? snd_interval_refine+0x2fa/0x580 [ 243.396759][T10163] snd_pcm_hw_refine+0x7de/0xad0 [ 243.396796][T10163] ? __pfx_snd_pcm_hw_refine+0x10/0x10 [ 243.396839][T10163] ? __asan_memset+0x23/0x50 [ 243.396867][T10163] ? _snd_pcm_hw_param_min+0x259/0x630 [ 243.396902][T10163] snd_pcm_oss_change_params_locked+0x65e/0x3a30 [ 243.396947][T10163] ? __mutex_lock+0x1c5/0x1060 [ 243.396986][T10163] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 243.397049][T10163] snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 243.397084][T10163] snd_pcm_oss_sync+0x32e/0x840 [ 243.397118][T10163] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 243.397148][T10163] snd_pcm_oss_release+0x28b/0x310 [ 243.397180][T10163] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 243.397208][T10163] __fput+0x402/0xb70 [ 243.397251][T10163] task_work_run+0x14d/0x240 [ 243.397277][T10163] ? __pfx_task_work_run+0x10/0x10 [ 243.397316][T10163] ? __pfx___do_sys_close_range+0x10/0x10 [ 243.397351][T10163] exit_to_user_mode_loop+0xeb/0x110 [ 243.397386][T10163] do_syscall_64+0x41c/0x4c0 [ 243.397426][T10163] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 243.397452][T10163] RIP: 0033:0x7f532ff8eba9 [ 243.397480][T10163] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 243.397506][T10163] RSP: 002b:00007f532e1f6038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 243.397532][T10163] RAX: 0000000000000000 RBX: 00007f53301d5fa0 RCX: 00007f532ff8eba9 [ 243.397549][T10163] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000000 [ 243.397563][T10163] RBP: 00007f5330011e19 R08: 0000000000000000 R09: 0000000000000000 [ 243.397579][T10163] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 243.397593][T10163] R13: 00007f53301d6038 R14: 00007f53301d5fa0 R15: 00007ffd8d1609c8 [ 243.397629][T10163] [ 245.999148][T10234] bridge0: port 3(bond0) entered blocking state [ 246.015766][T10234] bridge0: port 3(bond0) entered disabled state [ 246.025924][T10234] bond0: entered allmulticast mode [ 246.031081][T10234] bond_slave_0: entered allmulticast mode [ 246.052268][T10234] bond_slave_1: entered allmulticast mode [ 246.060810][T10234] bond0: entered promiscuous mode [ 246.072041][T10234] bond_slave_0: entered promiscuous mode [ 246.088955][T10234] bond_slave_1: entered promiscuous mode [ 246.095925][T10234] bridge0: port 3(bond0) entered blocking state [ 246.102357][T10234] bridge0: port 3(bond0) entered forwarding state [ 247.498805][ T5880] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 syzkaller syzkaller login: [ 251.699883][T10398] netlink: 'syz.4.1606': attribute type 1 has an invalid length. [ 251.874078][T10403] ACPI: Enabling force_remove is not supported anymore. Please report to linux-acpi@vger.kernel.org if you depend on this functionality syzkaller syzkaller login: [ 254.655351][T10501] FAULT_INJECTION: forcing a failure. [ 254.655351][T10501] name failslab, interval 1, probability 0, space 0, times 0 [ 254.671002][T10501] CPU: 1 UID: 0 PID: 10501 Comm: syz.5.1654 Tainted: G U syzkaller #0 PREEMPT(full) [ 254.671043][T10501] Tainted: [U]=USER [ 254.671052][T10501] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 254.671067][T10501] Call Trace: [ 254.671078][T10501] [ 254.671088][T10501] dump_stack_lvl+0x116/0x1f0 [ 254.671133][T10501] should_fail_ex+0x512/0x640 [ 254.671178][T10501] should_failslab+0xc2/0x120 [ 254.671212][T10501] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 254.671245][T10501] ? __send_signal_locked+0x159/0x12c0 [ 254.671270][T10501] ? sig_get_ucounts+0x1c0/0x5b0 [ 254.671309][T10501] __send_signal_locked+0x159/0x12c0 [ 254.671343][T10501] group_send_sig_info+0x2a4/0x300 [ 254.671376][T10501] ? __pfx_group_send_sig_info+0x10/0x10 [ 254.671420][T10501] ? kill_pid_info_type+0x1a/0x2a0 [ 254.671449][T10501] kill_pid_info_type+0x92/0x2a0 [ 254.671485][T10501] kill_proc_info+0x6f/0x1b0 [ 254.671517][T10501] kill_something_info+0x2a2/0x310 [ 254.671546][T10501] ? __task_pid_nr_ns+0x186/0x500 [ 254.671583][T10501] __x64_sys_kill+0xd7/0x140 [ 254.671611][T10501] ? __pfx___x64_sys_kill+0x10/0x10 [ 254.671639][T10501] ? __pfx___x64_sys_futex+0x10/0x10 [ 254.671685][T10501] ? rcu_is_watching+0x12/0xc0 [ 254.671711][T10501] do_syscall_64+0xcd/0x4c0 [ 254.671747][T10501] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 254.671770][T10501] RIP: 0033:0x7f389738eba9 [ 254.671790][T10501] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 254.671813][T10501] RSP: 002b:00007f38982e1038 EFLAGS: 00000246 ORIG_RAX: 000000000000003e [ 254.671837][T10501] RAX: ffffffffffffffda RBX: 00007f38975d5fa0 RCX: 00007f389738eba9 [ 254.671865][T10501] RDX: 0000000000000000 RSI: 0000000000000011 RDI: 00000000000001ba [ 254.671880][T10501] RBP: 00007f3897411e19 R08: 0000000000000000 R09: 0000000000000000 [ 254.671896][T10501] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 254.671911][T10501] R13: 00007f38975d6038 R14: 00007f38975d5fa0 R15: 00007ffeb01a17f8 [ 254.671948][T10501] [ 255.158082][ T1304] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.194524][ T1304] ieee802154 phy1 wpan1: encryption failed: -22 [ 255.739763][T10536] FAULT_INJECTION: forcing a failure. [ 255.739763][T10536] name failslab, interval 1, probability 0, space 0, times 0 [ 255.771458][T10536] CPU: 0 UID: 0 PID: 10536 Comm: syz.2.1670 Tainted: G U syzkaller #0 PREEMPT(full) [ 255.771502][T10536] Tainted: [U]=USER [ 255.771510][T10536] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 255.771526][T10536] Call Trace: [ 255.771534][T10536] [ 255.771544][T10536] dump_stack_lvl+0x16c/0x1f0 [ 255.771590][T10536] should_fail_ex+0x512/0x640 [ 255.771628][T10536] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 255.771661][T10536] should_failslab+0xc2/0x120 [ 255.771692][T10536] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 255.771718][T10536] ? __pfx_map_id_range_down+0x10/0x10 [ 255.771751][T10536] ? __x64_sys_futex+0x1e0/0x4c0 [ 255.771778][T10536] ? __x64_sys_futex+0x1e9/0x4c0 [ 255.771803][T10536] ? prepare_creds+0x2c/0x7d0 [ 255.771838][T10536] prepare_creds+0x2c/0x7d0 [ 255.771880][T10536] __sys_setreuid+0x101/0xaf0 [ 255.771909][T10536] ? rcu_is_watching+0x12/0xc0 [ 255.771941][T10536] do_syscall_64+0xcd/0x4c0 [ 255.771983][T10536] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 255.772009][T10536] RIP: 0033:0x7fdf3a98eba9 [ 255.772031][T10536] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 255.772056][T10536] RSP: 002b:00007fdf3b8e0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000071 [ 255.772082][T10536] RAX: ffffffffffffffda RBX: 00007fdf3abd5fa0 RCX: 00007fdf3a98eba9 [ 255.772100][T10536] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000000 [ 255.772116][T10536] RBP: 00007fdf3aa11e19 R08: 0000000000000000 R09: 0000000000000000 [ 255.772132][T10536] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 255.772148][T10536] R13: 00007fdf3abd6038 R14: 00007fdf3abd5fa0 R15: 00007ffc24915c58 [ 255.772184][T10536] [ 256.221992][ T30] audit: type=1804 audit(1758162899.180:11): pid=10541 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.1672" name="/newroot/228/file0" dev="tmpfs" ino=1168 res=1 errno=0 [ 256.291038][ T30] audit: type=1804 audit(1758162899.241:12): pid=10547 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.4.1672" name="/newroot/228/file0" dev="tmpfs" ino=1168 res=1 errno=0 [ 256.336235][ T30] audit: type=1800 audit(1758162899.251:13): pid=10541 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.1672" name="file0" dev="tmpfs" ino=1168 res=0 errno=0 [ 258.145092][T10612] FAULT_INJECTION: forcing a failure. [ 258.145092][T10612] name failslab, interval 1, probability 0, space 0, times 0 [ 258.206550][T10612] CPU: 0 UID: 0 PID: 10612 Comm: syz.4.1695 Tainted: G U syzkaller #0 PREEMPT(full) [ 258.206593][T10612] Tainted: [U]=USER [ 258.206602][T10612] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 258.206617][T10612] Call Trace: [ 258.206627][T10612] [ 258.206637][T10612] dump_stack_lvl+0x16c/0x1f0 [ 258.206682][T10612] should_fail_ex+0x512/0x640 [ 258.206720][T10612] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 258.206755][T10612] should_failslab+0xc2/0x120 [ 258.206789][T10612] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 258.206817][T10612] ? __pfx_map_id_range_down+0x10/0x10 [ 258.206852][T10612] ? __x64_sys_futex+0x1e0/0x4c0 [ 258.206888][T10612] ? __x64_sys_futex+0x1e9/0x4c0 [ 258.206919][T10612] ? prepare_creds+0x2c/0x7d0 [ 258.206961][T10612] prepare_creds+0x2c/0x7d0 [ 258.207000][T10612] __sys_setreuid+0x101/0xaf0 [ 258.207028][T10612] ? rcu_is_watching+0x12/0xc0 [ 258.207059][T10612] do_syscall_64+0xcd/0x4c0 [ 258.207098][T10612] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 258.207124][T10612] RIP: 0033:0x7f532ff8eba9 [ 258.207144][T10612] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 258.207168][T10612] RSP: 002b:00007f532e1f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000071 [ 258.207193][T10612] RAX: ffffffffffffffda RBX: 00007f53301d5fa0 RCX: 00007f532ff8eba9 [ 258.207211][T10612] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000000 [ 258.207226][T10612] RBP: 00007f5330011e19 R08: 0000000000000000 R09: 0000000000000000 [ 258.207243][T10612] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 258.207259][T10612] R13: 00007f53301d6038 R14: 00007f53301d5fa0 R15: 00007ffd8d1609c8 [ 258.207294][T10612] [ 259.838583][T10654] FAULT_INJECTION: forcing a failure. [ 259.838583][T10654] name failslab, interval 1, probability 0, space 0, times 0 [ 259.855231][T10654] CPU: 0 UID: 0 PID: 10654 Comm: syz.5.1707 Tainted: G U syzkaller #0 PREEMPT(full) [ 259.855278][T10654] Tainted: [U]=USER [ 259.855287][T10654] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 259.855303][T10654] Call Trace: [ 259.855313][T10654] [ 259.855324][T10654] dump_stack_lvl+0x16c/0x1f0 [ 259.855370][T10654] should_fail_ex+0x512/0x640 [ 259.855407][T10654] ? fs_reclaim_acquire+0xae/0x150 [ 259.855449][T10654] should_failslab+0xc2/0x120 [ 259.855482][T10654] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 259.855514][T10654] ? __lock_acquire+0xb97/0x1ce0 [ 259.855545][T10654] ? ext4_init_io_end+0x24/0x170 [ 259.855584][T10654] ext4_init_io_end+0x24/0x170 [ 259.855611][T10654] ext4_do_writepages+0x9e7/0x3cf0 [ 259.855652][T10654] ? lock_acquire+0x179/0x350 [ 259.855707][T10654] ? __pfx_ext4_do_writepages+0x10/0x10 [ 259.855762][T10654] ? ext4_writepages+0x37a/0x7d0 [ 259.855794][T10654] ext4_writepages+0x37a/0x7d0 [ 259.855829][T10654] ? __pfx_ext4_writepages+0x10/0x10 [ 259.855878][T10654] ? do_writepages+0x4b7/0x600 [ 259.855905][T10654] ? __pfx_ext4_writepages+0x10/0x10 [ 259.855942][T10654] do_writepages+0x277/0x600 [ 259.855972][T10654] ? __pfx_do_writepages+0x10/0x10 [ 259.855994][T10654] ? do_raw_spin_unlock+0x172/0x230 [ 259.856033][T10654] ? _raw_spin_unlock+0x28/0x50 [ 259.856071][T10654] filemap_fdatawrite_wbc+0x104/0x160 [ 259.856099][T10654] __filemap_fdatawrite_range+0xb9/0x100 [ 259.856133][T10654] ? __pfx___filemap_fdatawrite_range+0x10/0x10 [ 259.856224][T10654] file_write_and_wait_range+0xca/0x140 [ 259.856261][T10654] ext4_sync_file+0x310/0xf10 [ 259.856294][T10654] ? __pfx___up_read+0x10/0x10 [ 259.856331][T10654] ? __pfx_ext4_sync_file+0x10/0x10 [ 259.856360][T10654] vfs_fsync_range+0x139/0x220 [ 259.856395][T10654] __do_sys_msync+0x3cb/0x5c0 [ 259.856442][T10654] do_syscall_64+0xcd/0x4c0 [ 259.856484][T10654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 259.856511][T10654] RIP: 0033:0x7f389738eba9 [ 259.856532][T10654] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 259.856566][T10654] RSP: 002b:00007f38982e1038 EFLAGS: 00000246 ORIG_RAX: 000000000000001a [ 259.856593][T10654] RAX: ffffffffffffffda RBX: 00007f38975d5fa0 RCX: 00007f389738eba9 [ 259.856612][T10654] RDX: 0000000400000004 RSI: 0180000000000000 RDI: 000000001ffff000 [ 259.856629][T10654] RBP: 00007f3897411e19 R08: 0000000000000000 R09: 0000000000000000 [ 259.856646][T10654] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 259.856663][T10654] R13: 00007f38975d6038 R14: 00007f38975d5fa0 R15: 00007ffeb01a17f8 [ 259.856700][T10654] [ 260.885493][T10679] PM: Enabling pm_trace changes system date and time during resume. [ 260.885493][T10679] PM: Correct system time has to be restored manually after resume. [ 261.284735][T10692] FAULT_INJECTION: forcing a failure. [ 261.284735][T10692] name failslab, interval 1, probability 0, space 0, times 0 [ 261.301100][T10692] CPU: 1 UID: 0 PID: 10692 Comm: syz.5.1731 Tainted: G U syzkaller #0 PREEMPT(full) [ 261.301142][T10692] Tainted: [U]=USER [ 261.301151][T10692] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 261.301167][T10692] Call Trace: [ 261.301176][T10692] [ 261.301186][T10692] dump_stack_lvl+0x16c/0x1f0 [ 261.301230][T10692] should_fail_ex+0x512/0x640 [ 261.301268][T10692] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 261.301304][T10692] should_failslab+0xc2/0x120 [ 261.301338][T10692] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 261.301368][T10692] ? lockdep_init_map_type+0x5c/0x280 [ 261.301403][T10692] ? fcntl_setlease+0x389/0x5a0 [ 261.301432][T10692] fcntl_setlease+0x389/0x5a0 [ 261.301457][T10692] ? __pfx_fcntl_setlease+0x10/0x10 [ 261.301500][T10692] do_fcntl+0x751/0x15a0 [ 261.301546][T10692] ? __pfx_do_fcntl+0x10/0x10 [ 261.301598][T10692] ? tomoyo_file_fcntl+0x6c/0xc0 [ 261.301630][T10692] __x64_sys_fcntl+0x163/0x200 [ 261.301671][T10692] do_syscall_64+0xcd/0x4c0 [ 261.301713][T10692] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 261.301739][T10692] RIP: 0033:0x7f389738eba9 [ 261.301759][T10692] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 261.301783][T10692] RSP: 002b:00007f38982e1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000048 [ 261.301807][T10692] RAX: ffffffffffffffda RBX: 00007f38975d5fa0 RCX: 00007f389738eba9 [ 261.301825][T10692] RDX: 0000000000000001 RSI: 0000000000000400 RDI: 0000000000000003 [ 261.301840][T10692] RBP: 00007f3897411e19 R08: 0000000000000000 R09: 0000000000000000 [ 261.301855][T10692] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 261.301870][T10692] R13: 00007f38975d6038 R14: 00007f38975d5fa0 R15: 00007ffeb01a17f8 [ 261.301904][T10692] [ 261.640037][T10701] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 262.134810][T10715] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1732'. [ 262.241171][T10715] caif0: entered promiscuous mode [ 263.485926][T10753] FAULT_INJECTION: forcing a failure. [ 263.485926][T10753] name failslab, interval 1, probability 0, space 0, times 0 [ 263.508772][T10753] CPU: 1 UID: 0 PID: 10753 Comm: syz.4.1748 Tainted: G U syzkaller #0 PREEMPT(full) [ 263.508818][T10753] Tainted: [U]=USER [ 263.508827][T10753] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 263.508842][T10753] Call Trace: [ 263.508852][T10753] [ 263.508862][T10753] dump_stack_lvl+0x16c/0x1f0 [ 263.508909][T10753] should_fail_ex+0x512/0x640 [ 263.508948][T10753] ? fs_reclaim_acquire+0xae/0x150 [ 263.508993][T10753] should_failslab+0xc2/0x120 [ 263.509027][T10753] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 263.509073][T10753] ? __lock_acquire+0xb97/0x1ce0 [ 263.509108][T10753] ? ext4_init_io_end+0x24/0x170 [ 263.509142][T10753] ext4_init_io_end+0x24/0x170 [ 263.509168][T10753] ext4_do_writepages+0x9e7/0x3cf0 [ 263.509209][T10753] ? lock_acquire+0x179/0x350 [ 263.509264][T10753] ? __pfx_ext4_do_writepages+0x10/0x10 [ 263.509318][T10753] ? ext4_writepages+0x37a/0x7d0 [ 263.509351][T10753] ext4_writepages+0x37a/0x7d0 [ 263.509386][T10753] ? __pfx_ext4_writepages+0x10/0x10 [ 263.509436][T10753] ? do_writepages+0x4b7/0x600 [ 263.509465][T10753] ? __pfx_ext4_writepages+0x10/0x10 [ 263.509503][T10753] do_writepages+0x277/0x600 [ 263.509533][T10753] ? __pfx_do_writepages+0x10/0x10 [ 263.509557][T10753] ? do_raw_spin_unlock+0x172/0x230 [ 263.509597][T10753] ? _raw_spin_unlock+0x28/0x50 [ 263.509634][T10753] filemap_fdatawrite_wbc+0x104/0x160 [ 263.509664][T10753] __filemap_fdatawrite_range+0xb9/0x100 [ 263.509698][T10753] ? __pfx___filemap_fdatawrite_range+0x10/0x10 [ 263.509791][T10753] file_write_and_wait_range+0xca/0x140 [ 263.509829][T10753] ext4_sync_file+0x310/0xf10 [ 263.509862][T10753] ? __pfx___up_read+0x10/0x10 [ 263.509901][T10753] ? __pfx_ext4_sync_file+0x10/0x10 [ 263.509931][T10753] vfs_fsync_range+0x139/0x220 [ 263.509968][T10753] __do_sys_msync+0x3cb/0x5c0 [ 263.510008][T10753] do_syscall_64+0xcd/0x4c0 [ 263.510056][T10753] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 263.510084][T10753] RIP: 0033:0x7f532ff8eba9 [ 263.510106][T10753] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 263.510134][T10753] RSP: 002b:00007f532e1f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000001a [ 263.510161][T10753] RAX: ffffffffffffffda RBX: 00007f53301d5fa0 RCX: 00007f532ff8eba9 [ 263.510179][T10753] RDX: 0000000400000004 RSI: 0180000000000000 RDI: 000000001ffff000 [ 263.510198][T10753] RBP: 00007f5330011e19 R08: 0000000000000000 R09: 0000000000000000 [ 263.510215][T10753] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 263.510232][T10753] R13: 00007f53301d6038 R14: 00007f53301d5fa0 R15: 00007ffd8d1609c8 [ 263.510269][T10753] [ 264.506536][T10764] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1754'. [ 265.631577][T10785] kAFS: bad VL server IP address [ 268.001198][T10851] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input9 [ 268.509973][T10866] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1798'. [ 268.554617][T10866] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1798'. [ 268.565467][T10866] Zero length message leads to an empty skb [ 270.604805][T10943] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 271.102085][T10956] netlink: 346 bytes leftover after parsing attributes in process `syz.3.1839'. [ 272.414664][ T5919] smpboot: CPU 0 is now offline [ 273.472216][T11036] FAULT_INJECTION: forcing a failure. [ 273.472216][T11036] name failslab, interval 1, probability 0, space 0, times 0 [ 273.509339][T11036] CPU: 1 UID: 0 PID: 11036 Comm: syz.5.1874 Tainted: G U syzkaller #0 PREEMPT(full) [ 273.509366][T11036] Tainted: [U]=USER [ 273.509371][T11036] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 273.509380][T11036] Call Trace: [ 273.509386][T11036] [ 273.509392][T11036] dump_stack_lvl+0x16c/0x1f0 [ 273.509418][T11036] should_fail_ex+0x512/0x640 [ 273.509441][T11036] ? fs_reclaim_acquire+0xae/0x150 [ 273.509464][T11036] should_failslab+0xc2/0x120 [ 273.509483][T11036] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 273.509501][T11036] ? __lock_acquire+0xb97/0x1ce0 [ 273.509519][T11036] ? ext4_init_io_end+0x24/0x170 [ 273.509535][T11036] ext4_init_io_end+0x24/0x170 [ 273.509549][T11036] ext4_do_writepages+0x9e7/0x3cf0 [ 273.509570][T11036] ? lock_acquire+0x179/0x350 [ 273.509598][T11036] ? __pfx_ext4_do_writepages+0x10/0x10 [ 273.509626][T11036] ? ext4_writepages+0x37a/0x7d0 [ 273.509643][T11036] ext4_writepages+0x37a/0x7d0 [ 273.509661][T11036] ? __pfx_ext4_writepages+0x10/0x10 [ 273.509694][T11036] ? do_writepages+0x4b7/0x600 [ 273.509710][T11036] ? __pfx_ext4_writepages+0x10/0x10 [ 273.509730][T11036] do_writepages+0x277/0x600 [ 273.509746][T11036] ? __pfx_do_writepages+0x10/0x10 [ 273.509759][T11036] ? do_raw_spin_unlock+0x172/0x230 [ 273.509781][T11036] ? _raw_spin_unlock+0x28/0x50 [ 273.509801][T11036] filemap_fdatawrite_wbc+0x104/0x160 [ 273.509817][T11036] __filemap_fdatawrite_range+0xb9/0x100 [ 273.509835][T11036] ? __pfx___filemap_fdatawrite_range+0x10/0x10 [ 273.509881][T11036] file_write_and_wait_range+0xca/0x140 [ 273.509900][T11036] ext4_sync_file+0x310/0xf10 [ 273.509918][T11036] ? __pfx___up_read+0x10/0x10 [ 273.509938][T11036] ? __pfx_ext4_sync_file+0x10/0x10 [ 273.509954][T11036] vfs_fsync_range+0x139/0x220 [ 273.509973][T11036] __do_sys_msync+0x3cb/0x5c0 [ 273.509993][T11036] do_syscall_64+0xcd/0x4c0 [ 273.510016][T11036] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 273.510030][T11036] RIP: 0033:0x7f389738eba9 [ 273.510043][T11036] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 273.510056][T11036] RSP: 002b:00007f38982e1038 EFLAGS: 00000246 ORIG_RAX: 000000000000001a [ 273.510071][T11036] RAX: ffffffffffffffda RBX: 00007f38975d5fa0 RCX: 00007f389738eba9 [ 273.510080][T11036] RDX: 0000000400000004 RSI: 0180000000000000 RDI: 000000001ffff000 [ 273.510088][T11036] RBP: 00007f3897411e19 R08: 0000000000000000 R09: 0000000000000000 [ 273.510097][T11036] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 273.510105][T11036] R13: 00007f38975d6038 R14: 00007f38975d5fa0 R15: 00007ffeb01a17f8 [ 273.510123][T11036] [ 274.691666][T11059] ptrace attach of "./syz-executor exec"[8474] was attempted by ""[11059] [ 275.644523][T11086] capability: warning: `syz.5.1897' uses 32-bit capabilities (legacy support in use) [ 280.357466][T11234] FAULT_INJECTION: forcing a failure. [ 280.357466][T11234] name failslab, interval 1, probability 0, space 0, times 0 [ 280.447960][T11234] CPU: 1 UID: 0 PID: 11234 Comm: syz.2.1963 Tainted: G U syzkaller #0 PREEMPT(full) [ 280.448010][T11234] Tainted: [U]=USER [ 280.448020][T11234] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 280.448039][T11234] Call Trace: [ 280.448049][T11234] [ 280.448055][T11234] dump_stack_lvl+0x16c/0x1f0 [ 280.448082][T11234] should_fail_ex+0x512/0x640 [ 280.448104][T11234] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 280.448124][T11234] should_failslab+0xc2/0x120 [ 280.448143][T11234] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 280.448158][T11234] ? __pfx___might_resched+0x10/0x10 [ 280.448174][T11234] ? __anon_vma_prepare+0xae/0x5e0 [ 280.448192][T11234] __anon_vma_prepare+0xae/0x5e0 [ 280.448206][T11234] ? __filemap_get_folio+0x32b/0xc30 [ 280.448227][T11234] __vmf_anon_prepare+0x11c/0x240 [ 280.448255][T11234] hugetlb_fault+0x1ba4/0x2f40 [ 280.448274][T11234] ? __pfx_hugetlb_fault+0x10/0x10 [ 280.448297][T11234] ? find_vma+0xbf/0x140 [ 280.448314][T11234] ? __pfx_find_vma+0x10/0x10 [ 280.448334][T11234] handle_mm_fault+0xbfa/0xd10 [ 280.448350][T11234] ? trace_raw_output_exceptions+0x131/0x150 [ 280.448373][T11234] do_user_addr_fault+0x7a6/0x1370 [ 280.448396][T11234] ? rcu_is_watching+0x12/0xc0 [ 280.448413][T11234] exc_page_fault+0x5c/0xb0 [ 280.448433][T11234] asm_exc_page_fault+0x26/0x30 [ 280.448447][T11234] RIP: 0010:rep_movs_alternative+0x11/0x90 [ 280.448465][T11234] Code: e9 d4 1e 04 00 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 48 83 f9 40 73 44 83 f9 08 73 25 85 c9 74 0f 8a 06 <88> 07 48 ff c7 48 ff c6 48 ff c9 75 f1 c3 cc cc cc cc 66 66 2e 0f [ 280.448479][T11234] RSP: 0018:ffffc9000b1d7db0 EFLAGS: 00050206 [ 280.448491][T11234] RAX: 000000000000002f RBX: 0000000000000005 RCX: 0000000000000005 [ 280.448500][T11234] RDX: ffffed100973bec0 RSI: ffff88804b9df5fb RDI: 0000000000000000 [ 280.448508][T11234] RBP: 0000000000000000 R08: 0000000000000000 R09: ffffed100973bebf [ 280.448516][T11234] R10: ffff88804b9df5ff R11: 0000000000000000 R12: ffff88804b9df5fb [ 280.448525][T11234] R13: 0000000000000005 R14: 00007ffffffff000 R15: 0000000000000000 [ 280.448543][T11234] _copy_to_user+0xbb/0xd0 [ 280.448560][T11234] __do_sys_getcwd+0x483/0x930 [ 280.448585][T11234] ? __pfx___do_sys_getcwd+0x10/0x10 [ 280.448606][T11234] ? xfd_validate_state+0x61/0x180 [ 280.448625][T11234] ? __pfx_ksys_write+0x10/0x10 [ 280.448647][T11234] do_syscall_64+0xcd/0x4c0 [ 280.448669][T11234] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 280.448683][T11234] RIP: 0033:0x7fdf3a98eba9 [ 280.448694][T11234] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 280.448707][T11234] RSP: 002b:00007fdf3b8e0038 EFLAGS: 00000246 ORIG_RAX: 000000000000004f [ 280.448719][T11234] RAX: ffffffffffffffda RBX: 00007fdf3abd5fa0 RCX: 00007fdf3a98eba9 [ 280.448728][T11234] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000000 [ 280.448736][T11234] RBP: 00007fdf3aa11e19 R08: 0000000000000000 R09: 0000000000000000 [ 280.448744][T11234] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 280.448752][T11234] R13: 00007fdf3abd6038 R14: 00007fdf3abd5fa0 R15: 00007ffc24915c58 [ 280.448771][T11234] [ 280.826021][ C1] vkms_vblank_simulate: vblank timer overrun [ 282.535133][T11295] ptrace attach of "./syz-executor exec"[5869] was attempted by ""[11295] [ 282.970809][ T56] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 283.069029][ T56] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 283.160275][ T56] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 283.349821][ T56] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 283.852065][ T56] bridge_slave_1: left allmulticast mode [ 283.897202][ T56] bridge_slave_1: left promiscuous mode [ 283.904067][ T56] bridge0: port 2(bridge_slave_1) entered disabled state [ 284.007555][T11321] Format for adding new port is "id [perm_addr]" (uint MAC). [ 284.092983][T11325] netlink: 338 bytes leftover after parsing attributes in process `syz.3.2003'. [ 284.146809][ T56] bridge_slave_0: left allmulticast mode [ 284.153586][ T56] bridge_slave_0: left promiscuous mode [ 284.242902][ T56] bridge0: port 1(bridge_slave_0) entered disabled state [ 284.322441][ T5880] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 284.334166][ T5880] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 284.344251][ T5880] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 284.357429][ T5880] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 284.367318][ T5880] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 284.986343][T11330] ptrace attach of "./syz-executor exec"[8156] was attempted by ""[11330] [ 285.840054][ T56] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 285.887253][ T56] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 285.948332][ T56] bond0 (unregistering): Released all slaves [ 286.429439][T11381] FAULT_INJECTION: forcing a failure. [ 286.429439][T11381] name failslab, interval 1, probability 0, space 0, times 0 [ 286.447713][ T5880] Bluetooth: hci4: command tx timeout [ 286.555260][T11381] CPU: 1 UID: 0 PID: 11381 Comm: syz.4.2020 Tainted: G U syzkaller #0 PREEMPT(full) [ 286.555286][T11381] Tainted: [U]=USER [ 286.555292][T11381] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 286.555301][T11381] Call Trace: [ 286.555307][T11381] [ 286.555312][T11381] dump_stack_lvl+0x16c/0x1f0 [ 286.555338][T11381] should_fail_ex+0x512/0x640 [ 286.555361][T11381] ? __kmalloc_noprof+0xbf/0x510 [ 286.555380][T11381] ? constrain_params_by_rules+0x175/0xca0 [ 286.555396][T11381] should_failslab+0xc2/0x120 [ 286.555415][T11381] __kmalloc_noprof+0xd2/0x510 [ 286.555431][T11381] ? unwind_get_return_address+0x59/0xa0 [ 286.555451][T11381] constrain_params_by_rules+0x175/0xca0 [ 286.555471][T11381] ? stack_trace_save+0x8e/0xc0 [ 286.555489][T11381] ? __pfx_constrain_params_by_rules+0x10/0x10 [ 286.555519][T11381] ? __kasan_kmalloc+0xaa/0xb0 [ 286.555534][T11381] ? snd_pcm_oss_change_params_locked+0x247/0x3a30 [ 286.555553][T11381] ? snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 286.555569][T11381] ? snd_pcm_oss_sync+0x32e/0x840 [ 286.555591][T11381] ? rcu_is_watching+0x12/0xc0 [ 286.555606][T11381] ? snd_interval_refine+0x2fa/0x580 [ 286.555628][T11381] snd_pcm_hw_refine+0x7de/0xad0 [ 286.555647][T11381] ? __pfx_snd_pcm_hw_refine+0x10/0x10 [ 286.555670][T11381] ? __asan_memset+0x23/0x50 [ 286.555684][T11381] ? _snd_pcm_hw_param_min+0x259/0x630 [ 286.555702][T11381] snd_pcm_oss_change_params_locked+0x65e/0x3a30 [ 286.555726][T11381] ? __mutex_lock+0x1c5/0x1060 [ 286.555747][T11381] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 286.555779][T11381] snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 286.555797][T11381] snd_pcm_oss_sync+0x32e/0x840 [ 286.555815][T11381] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 286.555831][T11381] snd_pcm_oss_release+0x28b/0x310 [ 286.555848][T11381] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 286.555863][T11381] __fput+0x402/0xb70 [ 286.555887][T11381] task_work_run+0x14d/0x240 [ 286.555900][T11381] ? __pfx_task_work_run+0x10/0x10 [ 286.555922][T11381] ? __pfx___do_sys_close_range+0x10/0x10 [ 286.555943][T11381] exit_to_user_mode_loop+0xeb/0x110 [ 286.555964][T11381] do_syscall_64+0x41c/0x4c0 [ 286.555987][T11381] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 286.556001][T11381] RIP: 0033:0x7f532ff8eba9 [ 286.556013][T11381] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 286.556027][T11381] RSP: 002b:00007f532e1f6038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 286.556042][T11381] RAX: 0000000000000000 RBX: 00007f53301d5fa0 RCX: 00007f532ff8eba9 [ 286.556051][T11381] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000000 [ 286.556059][T11381] RBP: 00007f5330011e19 R08: 0000000000000000 R09: 0000000000000000 [ 286.556068][T11381] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 286.556077][T11381] R13: 00007f53301d6038 R14: 00007f53301d5fa0 R15: 00007ffd8d1609c8 [ 286.556096][T11381] [ 287.169125][T11396] netlink: 'syz.4.2024': attribute type 1 has an invalid length. [ 287.398105][T11332] chnl_net:caif_netlink_parms(): no params data found [ 287.634887][ T56] hsr_slave_0: left promiscuous mode [ 287.709080][ T56] hsr_slave_1: left promiscuous mode [ 287.733832][ T56] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 287.786982][ T56] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 287.861265][ T56] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 287.918472][ T56] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 288.080403][ T56] veth1_macvtap: left promiscuous mode [ 288.154597][ T56] veth0_macvtap: left promiscuous mode [ 288.200459][ T56] veth1_vlan: left promiscuous mode [ 288.234947][ T56] veth0_vlan: left promiscuous mode [ 288.507536][ T5880] Bluetooth: hci4: command tx timeout [ 290.019094][T11470] netlink: 334 bytes leftover after parsing attributes in process `syz.2.2052'. [ 290.076473][ T56] team0 (unregistering): Port device team_slave_1 removed [ 290.165643][ T56] team0 (unregistering): Port device team_slave_0 removed [ 290.572804][ T5880] Bluetooth: hci4: command tx timeout [ 291.227802][T11332] bridge0: port 1(bridge_slave_0) entered blocking state [ 291.253449][T11332] bridge0: port 1(bridge_slave_0) entered disabled state [ 291.294137][T11332] bridge_slave_0: entered allmulticast mode [ 291.334232][T11332] bridge_slave_0: entered promiscuous mode [ 291.384049][T11332] bridge0: port 2(bridge_slave_1) entered blocking state [ 291.485690][T11332] bridge0: port 2(bridge_slave_1) entered disabled state [ 291.494295][T11332] bridge_slave_1: entered allmulticast mode [ 291.582649][T11332] bridge_slave_1: entered promiscuous mode [ 291.841750][T11332] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 291.965169][T11332] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 292.267966][T11332] team0: Port device team_slave_0 added [ 292.337912][T11332] team0: Port device team_slave_1 added [ 292.391133][T11518] netlink: 35120 bytes leftover after parsing attributes in process `syz.4.2071'. [ 292.549673][T11332] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 292.612278][T11332] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 292.657894][ T5880] Bluetooth: hci4: command tx timeout [ 292.780491][T11332] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 292.854557][T11332] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 292.900353][T11332] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 293.045821][T11332] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 293.262027][T11332] hsr_slave_0: entered promiscuous mode [ 293.287806][T11332] hsr_slave_1: entered promiscuous mode [ 293.313694][T11332] debugfs: 'hsr0' already exists in 'hsr' [ 293.341183][T11332] Cannot create hsr debugfs directory [ 293.851028][T11561] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2084'. [ 293.937239][T11561] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2084'. [ 294.264346][T11572] syz.2.2088 uses obsolete (PF_INET,SOCK_PACKET) [ 295.629962][T11332] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 295.720826][T11332] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 295.821377][T11332] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 295.961472][T11332] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 296.403604][T11332] 8021q: adding VLAN 0 to HW filter on device bond0 [ 296.525896][T11332] 8021q: adding VLAN 0 to HW filter on device team0 [ 296.663726][ T1152] bridge0: port 1(bridge_slave_0) entered blocking state [ 296.672264][ T1152] bridge0: port 1(bridge_slave_0) entered forwarding state [ 296.769823][ T1152] bridge0: port 2(bridge_slave_1) entered blocking state [ 296.778402][ T1152] bridge0: port 2(bridge_slave_1) entered forwarding state [ 296.994168][T11650] netlink: 130 bytes leftover after parsing attributes in process `syz.2.2111'. [ 297.035002][T11651] netlink: 330 bytes leftover after parsing attributes in process `syz.4.2110'. [ 297.897171][T11332] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 299.113594][T11332] veth0_vlan: entered promiscuous mode [ 299.202855][T11332] veth1_vlan: entered promiscuous mode [ 299.344969][T11332] veth0_macvtap: entered promiscuous mode [ 299.430068][T11332] veth1_macvtap: entered promiscuous mode [ 299.501219][T11720] netlink: 326 bytes leftover after parsing attributes in process `syz.2.2126'. [ 299.528752][T11332] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 299.607352][T11332] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 299.876900][ T1152] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 299.939038][ T1152] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 300.075010][ T1152] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 300.169969][ T1152] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 300.465713][ T5097] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 300.523969][ T5097] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 300.670071][ T5097] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 300.737109][ T5097] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 300.915599][T11332] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 302.416274][T11794] openvswitch: netlink: IP tunnel dst address not specified [ 302.702387][T11805] openvswitch: netlink: IP tunnel dst address not specified [ 302.877015][T11808] netlink: 342 bytes leftover after parsing attributes in process `syz.2.2157'. [ 302.999783][T11808] netlink: 342 bytes leftover after parsing attributes in process `syz.2.2157'. [ 303.131501][T11814] netlink: 326 bytes leftover after parsing attributes in process `syz.5.2160'. [ 303.616285][T11830] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2168'. [ 303.634247][T11830] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 303.649558][T11830] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 303.770329][T11832] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2169'. [ 303.799801][T11830] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 303.810101][T11830] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 303.876147][T11832] netlink: 354 bytes leftover after parsing attributes in process `syz.2.2169'. [ 304.767590][T11851] sd 0:0:1:0: PR command failed: 1026 [ 304.774504][T11851] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 305.127394][T11851] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 305.543964][T11871] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2185'. [ 305.753585][T11874] netlink: 330 bytes leftover after parsing attributes in process `syz.4.2186'. [ 305.788153][T11876] openvswitch: netlink: Unknown nsh attribute 0 [ 305.994291][T11880] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2190'. [ 306.425001][T11878] zswap: compressor 000 not available [ 306.752079][ T30] audit: type=1800 audit(1758162949.973:14): pid=11899 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.2196" name="members" dev="configfs" ino=31749 res=0 errno=0 [ 307.175009][T11910] netlink: 20 bytes leftover after parsing attributes in process `syz.5.2202'. [ 307.576580][T11919] Process accounting resumed [ 308.407880][ T30] audit: type=1800 audit(1758162951.632:15): pid=11941 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.2214" name="version" dev="configfs" ino=31899 res=0 errno=0 [ 308.959700][T11946] netlink: 342 bytes leftover after parsing attributes in process `syz.3.2217'. [ 309.186183][T11952] netlink: 342 bytes leftover after parsing attributes in process `syz.3.2217'. [ 310.132919][T11975] netlink: 342 bytes leftover after parsing attributes in process `syz.5.2230'. [ 310.161103][T11972] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 311.260382][T12004] netlink: 186 bytes leftover after parsing attributes in process `syz.2.2237'. [ 311.492247][T12011] netlink: 342 bytes leftover after parsing attributes in process `syz.5.2246'. [ 311.513245][T12011] netlink: 342 bytes leftover after parsing attributes in process `syz.5.2246'. [ 311.750161][T11993] netlink: 186 bytes leftover after parsing attributes in process `syz.2.2237'. [ 311.901172][T12022] netlink: 334 bytes leftover after parsing attributes in process `syz.5.2250'. [ 314.305255][T12083] netlink: 'syz.5.2277': attribute type 4 has an invalid length. [ 314.326373][T12083] netlink: 314 bytes leftover after parsing attributes in process `syz.5.2277'. [ 316.281694][ T1304] ieee802154 phy0 wpan0: encryption failed: -22 [ 316.289776][ T1304] ieee802154 phy1 wpan1: encryption failed: -22 [ 318.410838][ T5880] Bluetooth: hci2: Malformed LE Event: 0x1b [ 318.680233][T12166] FAULT_INJECTION: forcing a failure. [ 318.680233][T12166] name failslab, interval 1, probability 0, space 0, times 0 [ 318.735237][T12166] CPU: 1 UID: 0 PID: 12166 Comm: syz.2.2313 Tainted: G U syzkaller #0 PREEMPT(full) [ 318.735264][T12166] Tainted: [U]=USER [ 318.735269][T12166] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 318.735278][T12166] Call Trace: [ 318.735283][T12166] [ 318.735289][T12166] dump_stack_lvl+0x16c/0x1f0 [ 318.735316][T12166] should_fail_ex+0x512/0x640 [ 318.735338][T12166] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 318.735355][T12166] should_failslab+0xc2/0x120 [ 318.735440][T12166] __kmalloc_cache_noprof+0x6a/0x3e0 [ 318.735458][T12166] ? kernfs_fop_open+0xa3a/0xda0 [ 318.735477][T12166] kernfs_fop_open+0xa3a/0xda0 [ 318.735495][T12166] do_dentry_open+0x982/0x1530 [ 318.735514][T12166] ? __pfx_kernfs_fop_open+0x10/0x10 [ 318.735533][T12166] vfs_open+0x82/0x3f0 [ 318.735556][T12166] path_openat+0x1de4/0x2cb0 [ 318.735579][T12166] ? __pfx_path_openat+0x10/0x10 [ 318.735606][T12166] do_filp_open+0x20b/0x470 [ 318.735623][T12166] ? __pfx_do_filp_open+0x10/0x10 [ 318.735653][T12166] ? alloc_fd+0x471/0x7d0 [ 318.735674][T12166] do_sys_openat2+0x11b/0x1d0 [ 318.735694][T12166] ? __pfx_do_sys_openat2+0x10/0x10 [ 318.735722][T12166] __x64_sys_openat+0x174/0x210 [ 318.735735][T12166] ? __pfx___x64_sys_openat+0x10/0x10 [ 318.735760][T12166] do_syscall_64+0xcd/0x4c0 [ 318.735793][T12166] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 318.735808][T12166] RIP: 0033:0x7fdf3a98eba9 [ 318.735822][T12166] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 318.735836][T12166] RSP: 002b:00007fdf3b8e0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 318.735851][T12166] RAX: ffffffffffffffda RBX: 00007fdf3abd5fa0 RCX: 00007fdf3a98eba9 [ 318.735860][T12166] RDX: 0000000000000000 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 318.735869][T12166] RBP: 00007fdf3aa11e19 R08: 0000000000000000 R09: 0000000000000000 [ 318.735878][T12166] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 318.735886][T12166] R13: 00007fdf3abd6038 R14: 00007fdf3abd5fa0 R15: 00007ffc24915c58 [ 318.735906][T12166] [ 319.578733][T12183] netlink: 'syz.5.2318': attribute type 1 has an invalid length. [ 319.866794][T12190] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2322'. [ 320.254753][T12200] netlink: 330 bytes leftover after parsing attributes in process `syz.5.2328'. [ 320.455594][T12209] netlink: 'syz.2.2329': attribute type 15 has an invalid length. [ 320.501064][T12211] FAULT_INJECTION: forcing a failure. [ 320.501064][T12211] name failslab, interval 1, probability 0, space 0, times 0 [ 320.523597][T12211] CPU: 1 UID: 0 PID: 12211 Comm: syz.5.2332 Tainted: G U syzkaller #0 PREEMPT(full) [ 320.523623][T12211] Tainted: [U]=USER [ 320.523627][T12211] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 320.523636][T12211] Call Trace: [ 320.523642][T12211] [ 320.523648][T12211] dump_stack_lvl+0x16c/0x1f0 [ 320.523674][T12211] should_fail_ex+0x512/0x640 [ 320.523696][T12211] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 320.523713][T12211] ? __pfx_sc_fop_open+0x10/0x10 [ 320.523732][T12211] should_failslab+0xc2/0x120 [ 320.523750][T12211] __kmalloc_cache_noprof+0x6a/0x3e0 [ 320.523764][T12211] ? __pfx___debugfs_file_get+0x10/0x10 [ 320.523784][T12211] ? sc_common_open+0x46/0x200 [ 320.523803][T12211] ? __pfx_apparmor_file_open+0x10/0x10 [ 320.523819][T12211] ? __pfx_sc_fop_open+0x10/0x10 [ 320.523838][T12211] sc_common_open+0x46/0x200 [ 320.523858][T12211] full_proxy_open_regular+0x1b9/0x360 [ 320.523874][T12211] do_dentry_open+0x982/0x1530 [ 320.523891][T12211] ? __pfx_full_proxy_open_regular+0x10/0x10 [ 320.523909][T12211] vfs_open+0x82/0x3f0 [ 320.523931][T12211] path_openat+0x1de4/0x2cb0 [ 320.523953][T12211] ? __pfx_path_openat+0x10/0x10 [ 320.523975][T12211] do_filp_open+0x20b/0x470 [ 320.523991][T12211] ? __pfx_do_filp_open+0x10/0x10 [ 320.524020][T12211] ? alloc_fd+0x471/0x7d0 [ 320.524040][T12211] do_sys_openat2+0x11b/0x1d0 [ 320.524060][T12211] ? __pfx_do_sys_openat2+0x10/0x10 [ 320.524088][T12211] __x64_sys_openat+0x174/0x210 [ 320.524101][T12211] ? __pfx___x64_sys_openat+0x10/0x10 [ 320.524121][T12211] do_syscall_64+0xcd/0x4c0 [ 320.524147][T12211] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 320.524162][T12211] RIP: 0033:0x7f614938eba9 [ 320.524175][T12211] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 320.524189][T12211] RSP: 002b:00007f614a1e0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 320.524204][T12211] RAX: ffffffffffffffda RBX: 00007f61495d5fa0 RCX: 00007f614938eba9 [ 320.524213][T12211] RDX: 0000000000088080 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 320.524222][T12211] RBP: 00007f6149411e19 R08: 0000000000000000 R09: 0000000000000000 [ 320.524230][T12211] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 320.524238][T12211] R13: 00007f61495d6038 R14: 00007f61495d5fa0 R15: 00007ffcde828cd8 [ 320.524256][T12211] [ 321.162495][T12219] netlink: 'syz.2.2337': attribute type 2 has an invalid length. [ 321.224141][T12219] netlink: 'syz.2.2337': attribute type 2 has an invalid length. [ 321.251113][T12221] FAULT_INJECTION: forcing a failure. [ 321.251113][T12221] name failslab, interval 1, probability 0, space 0, times 0 [ 321.457459][T12221] CPU: 1 UID: 0 PID: 12221 Comm: syz.4.2336 Tainted: G U syzkaller #0 PREEMPT(full) [ 321.457485][T12221] Tainted: [U]=USER [ 321.457490][T12221] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 321.457499][T12221] Call Trace: [ 321.457504][T12221] [ 321.457510][T12221] dump_stack_lvl+0x16c/0x1f0 [ 321.457535][T12221] should_fail_ex+0x512/0x640 [ 321.457557][T12221] ? __kmalloc_noprof+0xbf/0x510 [ 321.457575][T12221] ? lsm_blob_alloc+0x68/0x90 [ 321.457587][T12221] should_failslab+0xc2/0x120 [ 321.457606][T12221] __kmalloc_noprof+0xd2/0x510 [ 321.457627][T12221] lsm_blob_alloc+0x68/0x90 [ 321.457640][T12221] security_sk_alloc+0x30/0x270 [ 321.457657][T12221] sk_prot_alloc+0xfb/0x2a0 [ 321.457674][T12221] sk_alloc+0x36/0xc20 [ 321.457694][T12221] inet_create+0x3a1/0x1040 [ 321.457711][T12221] ? inet_create+0x93/0x1040 [ 321.457731][T12221] __sock_create+0x335/0x8d0 [ 321.457750][T12221] smc_create_clcsk+0x37/0xd0 [ 321.457767][T12221] ? __pfx_smc_inet_init_sock+0x10/0x10 [ 321.457789][T12221] inet_create+0x936/0x1040 [ 321.457806][T12221] ? inet_create+0x93/0x1040 [ 321.457825][T12221] __sock_create+0x335/0x8d0 [ 321.457844][T12221] __sys_socket+0x14d/0x260 [ 321.457860][T12221] ? __pfx___sys_socket+0x10/0x10 [ 321.457876][T12221] ? xfd_validate_state+0x61/0x180 [ 321.457896][T12221] ? __pfx_do_writev+0x10/0x10 [ 321.457914][T12221] __x64_sys_socket+0x72/0xb0 [ 321.457930][T12221] ? lockdep_hardirqs_on+0x7c/0x110 [ 321.457950][T12221] do_syscall_64+0xcd/0x4c0 [ 321.457972][T12221] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 321.457986][T12221] RIP: 0033:0x7f532ff8eba9 [ 321.457998][T12221] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 321.458012][T12221] RSP: 002b:00007f532e1f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 321.458026][T12221] RAX: ffffffffffffffda RBX: 00007f53301d5fa0 RCX: 00007f532ff8eba9 [ 321.458035][T12221] RDX: 0000000000000100 RSI: 0000000000000801 RDI: 0000000000000002 [ 321.458043][T12221] RBP: 00007f5330011e19 R08: 0000000000000000 R09: 0000000000000000 [ 321.458051][T12221] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 321.458060][T12221] R13: 00007f53301d6038 R14: 00007f53301d5fa0 R15: 00007ffd8d1609c8 [ 321.458077][T12221] [ 322.061366][T12237] netlink: 342 bytes leftover after parsing attributes in process `syz.5.2344'. [ 322.344113][T12247] netlink: 342 bytes leftover after parsing attributes in process `syz.3.2349'. [ 323.455580][T12271] netlink: 130 bytes leftover after parsing attributes in process `syz.3.2355'. [ 323.898272][T12289] sctp: [Deprecated]: syz.3.2361 (pid 12289) Use of int in max_burst socket option deprecated. [ 323.898272][T12289] Use struct sctp_assoc_value instead [ 324.483293][T12306] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2365'. [ 325.916379][ T5880] Bluetooth: hci4: ISO packet for unknown connection handle 0 [ 327.026751][T12381] netlink: 342 bytes leftover after parsing attributes in process `syz.2.2394'. [ 327.312013][T12385] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2395'. [ 328.938855][T12428] FAULT_INJECTION: forcing a failure. [ 328.938855][T12428] name failslab, interval 1, probability 0, space 0, times 0 [ 329.143732][T12428] CPU: 1 UID: 0 PID: 12428 Comm: syz.4.2412 Tainted: G U syzkaller #0 PREEMPT(full) [ 329.143758][T12428] Tainted: [U]=USER [ 329.143763][T12428] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 329.143772][T12428] Call Trace: [ 329.143777][T12428] [ 329.143784][T12428] dump_stack_lvl+0x16c/0x1f0 [ 329.143809][T12428] should_fail_ex+0x512/0x640 [ 329.143832][T12428] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 329.143851][T12428] should_failslab+0xc2/0x120 [ 329.143870][T12428] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 329.143886][T12428] ? __pfx_map_id_range_down+0x10/0x10 [ 329.143907][T12428] ? prepare_creds+0x2c/0x7d0 [ 329.143930][T12428] prepare_creds+0x2c/0x7d0 [ 329.143950][T12428] __sys_setfsgid+0xe3/0x380 [ 329.143968][T12428] ? rcu_is_watching+0x12/0xc0 [ 329.143983][T12428] do_syscall_64+0xcd/0x4c0 [ 329.144006][T12428] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 329.144021][T12428] RIP: 0033:0x7f532ff8eba9 [ 329.144033][T12428] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 329.144046][T12428] RSP: 002b:00007f532e1f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000007b [ 329.144060][T12428] RAX: ffffffffffffffda RBX: 00007f53301d5fa0 RCX: 00007f532ff8eba9 [ 329.144069][T12428] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 329.144077][T12428] RBP: 00007f5330011e19 R08: 0000000000000000 R09: 0000000000000000 [ 329.144085][T12428] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 329.144093][T12428] R13: 00007f53301d6038 R14: 00007f53301d5fa0 R15: 00007ffd8d1609c8 [ 329.144111][T12428] [ 330.166657][T12450] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2424'. [ 330.206937][T12450] team_slave_0: entered allmulticast mode [ 330.476218][T12457] random: crng reseeded on system resumption [ 330.652414][T12461] netlink: 334 bytes leftover after parsing attributes in process `syz.4.2429'. [ 331.150349][T12467] FAULT_INJECTION: forcing a failure. [ 331.150349][T12467] name failslab, interval 1, probability 0, space 0, times 0 [ 331.215724][T12469] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2432'. [ 331.332681][T12467] CPU: 1 UID: 0 PID: 12467 Comm: syz.4.2430 Tainted: G U syzkaller #0 PREEMPT(full) [ 331.332709][T12467] Tainted: [U]=USER [ 331.332713][T12467] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 331.332723][T12467] Call Trace: [ 331.332728][T12467] [ 331.332734][T12467] dump_stack_lvl+0x16c/0x1f0 [ 331.332759][T12467] should_fail_ex+0x512/0x640 [ 331.332781][T12467] ? __kmalloc_noprof+0xbf/0x510 [ 331.332799][T12467] ? __seq_open_private+0x22/0xd0 [ 331.332821][T12467] should_failslab+0xc2/0x120 [ 331.332839][T12467] __kmalloc_noprof+0xd2/0x510 [ 331.332854][T12467] ? __pfx_apparmor_file_open+0x10/0x10 [ 331.332873][T12467] __seq_open_private+0x22/0xd0 [ 331.332895][T12467] proc_timers_open+0x27/0x150 [ 331.332915][T12467] do_dentry_open+0x982/0x1530 [ 331.332933][T12467] ? __pfx_proc_timers_open+0x10/0x10 [ 331.332957][T12467] vfs_open+0x82/0x3f0 [ 331.332980][T12467] path_openat+0x1de4/0x2cb0 [ 331.333002][T12467] ? __pfx_path_openat+0x10/0x10 [ 331.333023][T12467] do_filp_open+0x20b/0x470 [ 331.333039][T12467] ? __pfx_do_filp_open+0x10/0x10 [ 331.333062][T12467] ? __pfx_kfree_link+0x10/0x10 [ 331.333088][T12467] ? alloc_fd+0x471/0x7d0 [ 331.333108][T12467] do_sys_openat2+0x11b/0x1d0 [ 331.333128][T12467] ? __pfx_do_sys_openat2+0x10/0x10 [ 331.333155][T12467] __x64_sys_openat+0x174/0x210 [ 331.333168][T12467] ? __pfx___x64_sys_openat+0x10/0x10 [ 331.333188][T12467] do_syscall_64+0xcd/0x4c0 [ 331.333210][T12467] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 331.333225][T12467] RIP: 0033:0x7f532ff8eba9 [ 331.333236][T12467] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 331.333250][T12467] RSP: 002b:00007f532e1f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 331.333264][T12467] RAX: ffffffffffffffda RBX: 00007f53301d5fa0 RCX: 00007f532ff8eba9 [ 331.333273][T12467] RDX: 00000000001a3540 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 331.333282][T12467] RBP: 00007f5330011e19 R08: 0000000000000000 R09: 0000000000000000 [ 331.333291][T12467] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 331.333299][T12467] R13: 00007f53301d6038 R14: 00007f53301d5fa0 R15: 00007ffd8d1609c8 [ 331.333316][T12467] [ 332.006925][T12477] netlink: 342 bytes leftover after parsing attributes in process `syz.3.2435'. [ 332.429603][ T5880] Bluetooth: hci4: ISO packet too small [ 333.587913][T12522] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2455'. [ 333.753322][T12530] netlink: 346 bytes leftover after parsing attributes in process `syz.5.2460'. [ 334.097772][T12522] team0: Port device team_slave_1 removed [ 334.165230][T12534] netlink: 'syz.2.2461': attribute type 15 has an invalid length. [ 334.181738][T12534] netlink: 186 bytes leftover after parsing attributes in process `syz.2.2461'. [ 334.517948][T12548] random: crng reseeded on system resumption [ 334.955052][T12563] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2474'. [ 334.977043][T12563] netlink: 354 bytes leftover after parsing attributes in process `syz.5.2474'. [ 335.078368][T12567] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2475'. [ 335.872843][T12581] zswap: compressor not available [ 336.518406][T12596] netlink: 342 bytes leftover after parsing attributes in process `syz.3.2487'. [ 336.572848][T12599] netlink: 330 bytes leftover after parsing attributes in process `syz.2.2488'. [ 337.672122][T12632] random: crng reseeded on system resumption [ 337.744899][T12610] Process accounting paused [ 338.118639][T12640] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2505'. [ 339.333140][T12669] netlink: 342 bytes leftover after parsing attributes in process `syz.5.2518'. [ 339.420104][T12671] mmap: syz.5.2519 (12671) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 339.696609][T12677] netlink: 330 bytes leftover after parsing attributes in process `syz.5.2523'. [ 339.994797][T12687] netlink: 334 bytes leftover after parsing attributes in process `syz.5.2527'. [ 342.013373][T12734] netlink: 334 bytes leftover after parsing attributes in process `syz.5.2547'. [ 342.042888][T12734] netlink: 334 bytes leftover after parsing attributes in process `syz.5.2547'. [ 342.297361][T12736] netlink: 'syz.2.2546': attribute type 64 has an invalid length. [ 342.441753][T12736] netlink: 74 bytes leftover after parsing attributes in process `syz.2.2546'. [ 342.638749][T12754] netlink: 330 bytes leftover after parsing attributes in process `syz.5.2555'. [ 343.245696][T12770] FAULT_INJECTION: forcing a failure. [ 343.245696][T12770] name failslab, interval 1, probability 0, space 0, times 0 [ 343.276238][T12770] CPU: 1 UID: 0 PID: 12770 Comm: syz.5.2562 Tainted: G U syzkaller #0 PREEMPT(full) [ 343.276264][T12770] Tainted: [U]=USER [ 343.276269][T12770] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 343.276278][T12770] Call Trace: [ 343.276284][T12770] [ 343.276290][T12770] dump_stack_lvl+0x16c/0x1f0 [ 343.276317][T12770] should_fail_ex+0x512/0x640 [ 343.276338][T12770] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 343.276359][T12770] should_failslab+0xc2/0x120 [ 343.276378][T12770] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 343.276394][T12770] ? __kernfs_new_node+0xd2/0x8e0 [ 343.276415][T12770] __kernfs_new_node+0xd2/0x8e0 [ 343.276435][T12770] ? __pfx___kernfs_new_node+0x10/0x10 [ 343.276457][T12770] ? find_held_lock+0x2b/0x80 [ 343.276472][T12770] ? kernfs_root+0xee/0x2a0 [ 343.276493][T12770] kernfs_new_node+0x13c/0x1e0 [ 343.276515][T12770] __kernfs_create_file+0x53/0x350 [ 343.276532][T12770] sysfs_add_file_mode_ns+0x207/0x3c0 [ 343.276553][T12770] internal_create_group+0x578/0xf30 [ 343.276576][T12770] ? __pfx_internal_create_group+0x10/0x10 [ 343.276597][T12770] ? kernfs_create_link+0x1bd/0x240 [ 343.276614][T12770] internal_create_groups+0x9d/0x150 [ 343.276634][T12770] device_add+0xf30/0x1aa0 [ 343.276651][T12770] ? __pfx_device_add+0x10/0x10 [ 343.276666][T12770] ? lockdep_init_map_type+0x5c/0x280 [ 343.276685][T12770] ? __init_waitqueue_head+0xca/0x150 [ 343.276711][T12770] netdev_register_kobject+0x1a9/0x3d0 [ 343.276729][T12770] register_netdevice+0x13dc/0x2270 [ 343.276747][T12770] ? __pfx_register_netdevice+0x10/0x10 [ 343.276771][T12770] ? __pfx_loopback_net_init+0x10/0x10 [ 343.276791][T12770] register_netdev+0x34/0x50 [ 343.276804][T12770] loopback_net_init+0x7a/0x170 [ 343.276823][T12770] ? __pfx_loopback_net_init+0x10/0x10 [ 343.276840][T12770] ops_init+0x1df/0x5f0 [ 343.276856][T12770] setup_net+0x10f/0x380 [ 343.276867][T12770] ? lockdep_init_map_type+0x5c/0x280 [ 343.276886][T12770] ? __pfx_setup_net+0x10/0x10 [ 343.276899][T12770] ? debug_mutex_init+0x37/0x70 [ 343.276915][T12770] copy_net_ns+0x2a6/0x5f0 [ 343.276931][T12770] create_new_namespaces+0x3ea/0xa90 [ 343.276952][T12770] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 343.276970][T12770] ksys_unshare+0x45b/0xa40 [ 343.276989][T12770] ? __pfx_ksys_unshare+0x10/0x10 [ 343.277008][T12770] ? xfd_validate_state+0x61/0x180 [ 343.277034][T12770] __x64_sys_unshare+0x31/0x40 [ 343.277052][T12770] do_syscall_64+0xcd/0x4c0 [ 343.277075][T12770] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 343.277090][T12770] RIP: 0033:0x7f614938eba9 [ 343.277103][T12770] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 343.277117][T12770] RSP: 002b:00007f614a1e0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 343.277131][T12770] RAX: ffffffffffffffda RBX: 00007f61495d5fa0 RCX: 00007f614938eba9 [ 343.277141][T12770] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 343.277150][T12770] RBP: 00007f6149411e19 R08: 0000000000000000 R09: 0000000000000000 [ 343.277159][T12770] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 343.277168][T12770] R13: 00007f61495d6038 R14: 00007f61495d5fa0 R15: 00007ffcde828cd8 [ 343.277187][T12770] [ 345.270250][T12794] netlink: 326 bytes leftover after parsing attributes in process `syz.5.2573'. [ 346.437316][T12823] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2585'. [ 346.581733][T12823] team0: Port device team_slave_1 removed [ 347.320165][T12847] netlink: 342 bytes leftover after parsing attributes in process `syz.3.2595'. [ 347.344748][T12849] syz.5.2597 (12849): /proc/12848/oom_adj is deprecated, please use /proc/12848/oom_score_adj instead. [ 347.602043][T12856] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2600'. [ 348.058691][T12856] team0: Port device team_slave_1 removed [ 348.713344][T12873] netlink: 334 bytes leftover after parsing attributes in process `syz.5.2607'. [ 350.026017][T12892] sock: sock_timestamping_bind_phc: sock not bind to device [ 350.136165][T12898] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2613'. [ 350.223702][T12900] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 350.653066][T12898] team0: Port device team_slave_1 removed [ 350.685785][T12913] netlink: 338 bytes leftover after parsing attributes in process `syz.3.2624'. [ 350.974862][T12921] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input10 [ 351.034849][T12923] FAULT_INJECTION: forcing a failure. [ 351.034849][T12923] name failslab, interval 1, probability 0, space 0, times 0 [ 351.114344][T12923] CPU: 1 UID: 0 PID: 12923 Comm: syz.3.2629 Tainted: G U syzkaller #0 PREEMPT(full) [ 351.114371][T12923] Tainted: [U]=USER [ 351.114376][T12923] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 351.114384][T12923] Call Trace: [ 351.114390][T12923] [ 351.114396][T12923] dump_stack_lvl+0x16c/0x1f0 [ 351.114423][T12923] should_fail_ex+0x512/0x640 [ 351.114445][T12923] ? fs_reclaim_acquire+0xae/0x150 [ 351.114467][T12923] ? mempool_init_node+0x302/0x6e0 [ 351.114487][T12923] should_failslab+0xc2/0x120 [ 351.114506][T12923] __kmalloc_noprof+0xd2/0x510 [ 351.114526][T12923] ? __pfx_mempool_kmalloc+0x10/0x10 [ 351.114545][T12923] mempool_init_node+0x302/0x6e0 [ 351.114569][T12923] ? __pfx_mempool_kmalloc+0x10/0x10 [ 351.114587][T12923] ? __pfx_mempool_kfree+0x10/0x10 [ 351.114606][T12923] mempool_init_noprof+0x3a/0x50 [ 351.114628][T12923] do_fanotify_mark+0x2db2/0x3600 [ 351.114658][T12923] ? __pfx_do_fanotify_mark+0x10/0x10 [ 351.114680][T12923] ? __x64_sys_futex+0x1e9/0x4c0 [ 351.114702][T12923] ? xfd_validate_state+0x61/0x180 [ 351.114721][T12923] ? __pfx_ksys_write+0x10/0x10 [ 351.114740][T12923] __x64_sys_fanotify_mark+0xbd/0x160 [ 351.114753][T12923] ? do_syscall_64+0x91/0x4c0 [ 351.114773][T12923] ? lockdep_hardirqs_on+0x7c/0x110 [ 351.114792][T12923] do_syscall_64+0xcd/0x4c0 [ 351.114814][T12923] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 351.114828][T12923] RIP: 0033:0x7f9f0cd8eba9 [ 351.114843][T12923] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 351.114857][T12923] RSP: 002b:00007f9f0dc75038 EFLAGS: 00000246 ORIG_RAX: 000000000000012d [ 351.114872][T12923] RAX: ffffffffffffffda RBX: 00007f9f0cfd5fa0 RCX: 00007f9f0cd8eba9 [ 351.114881][T12923] RDX: 0000000000008009 RSI: 0000000000000105 RDI: 0000000000000000 [ 351.114891][T12923] RBP: 00007f9f0ce11e19 R08: 0000000000000000 R09: 0000000000000000 [ 351.114899][T12923] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 351.114908][T12923] R13: 00007f9f0cfd6038 R14: 00007f9f0cfd5fa0 R15: 00007fff2ad171d8 [ 351.114928][T12923] [ 351.869644][T12936] zswap: compressor not available [ 352.374184][T12953] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2637'. [ 352.594528][T12955] sctp: [Deprecated]: syz.5.2639 (pid 12955) Use of int in max_burst socket option deprecated. [ 352.594528][T12955] Use struct sctp_assoc_value instead [ 353.811860][T12989] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2654'. [ 354.852363][T13001] process 'syz.3.2658' launched './file0' with NULL argv: empty string added [ 358.474186][T13100] netlink: 'syz.5.2699': attribute type 11 has an invalid length. [ 358.665042][T13108] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2701'. [ 358.887614][T13111] netlink: 74 bytes leftover after parsing attributes in process `syz.5.2705'. [ 358.923332][T13115] netlink: 330 bytes leftover after parsing attributes in process `syz.3.2703'. [ 359.017077][T13118] netlink: 342 bytes leftover after parsing attributes in process `syz.5.2707'. [ 359.267774][T13124] openvswitch: netlink: Tunnel attr 0 has unexpected len 0 expected 8 [ 359.291550][T13124] openvswitch: netlink: Tunnel attr 0 has unexpected len 0 expected 8 [ 359.530314][T13134] netlink: 'syz.5.2713': attribute type 28 has an invalid length. [ 359.539914][T13134] netlink: 334 bytes leftover after parsing attributes in process `syz.5.2713'. [ 359.673249][T13138] FAULT_INJECTION: forcing a failure. [ 359.673249][T13138] name failslab, interval 1, probability 0, space 0, times 0 [ 359.700333][T13138] CPU: 1 UID: 0 PID: 13138 Comm: syz.5.2714 Tainted: G U syzkaller #0 PREEMPT(full) [ 359.700360][T13138] Tainted: [U]=USER [ 359.700365][T13138] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 359.700374][T13138] Call Trace: [ 359.700380][T13138] [ 359.700386][T13138] dump_stack_lvl+0x16c/0x1f0 [ 359.700412][T13138] should_fail_ex+0x512/0x640 [ 359.700434][T13138] ? __kvmalloc_node_noprof+0x124/0x620 [ 359.700454][T13138] should_failslab+0xc2/0x120 [ 359.700473][T13138] __kvmalloc_node_noprof+0x137/0x620 [ 359.700488][T13138] ? stack_depot_save_flags+0x29/0x9c0 [ 359.700510][T13138] ? v4l2_ctrl_new+0x97d/0x2180 [ 359.700527][T13138] ? v4l2_ctrl_new+0x97d/0x2180 [ 359.700539][T13138] v4l2_ctrl_new+0x97d/0x2180 [ 359.700554][T13138] ? vfs_open+0x70/0x3f0 [ 359.700579][T13138] ? __pfx_v4l2_ctrl_new+0x10/0x10 [ 359.700598][T13138] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 359.700621][T13138] v4l2_ctrl_new_std+0x1be/0x290 [ 359.700696][T13138] ? __pfx_v4l2_ctrl_new_std+0x10/0x10 [ 359.700712][T13138] ? rcu_is_watching+0x12/0xc0 [ 359.700727][T13138] ? trace_kmalloc+0x2b/0xd0 [ 359.700745][T13138] ? __kvmalloc_node_noprof+0x298/0x620 [ 359.700762][T13138] ? v4l2_ctrl_handler_init_class+0x1fc/0x340 [ 359.700786][T13138] ? media_request_object_init+0x100/0x180 [ 359.700806][T13138] vicodec_open+0x1d0/0xf90 [ 359.700828][T13138] v4l2_open+0x222/0x490 [ 359.700847][T13138] ? __pfx_v4l2_open+0x10/0x10 [ 359.700866][T13138] chrdev_open+0x234/0x6a0 [ 359.700883][T13138] ? __pfx_apparmor_file_open+0x10/0x10 [ 359.700899][T13138] ? __pfx_chrdev_open+0x10/0x10 [ 359.700918][T13138] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 359.700937][T13138] do_dentry_open+0x982/0x1530 [ 359.700954][T13138] ? __pfx_chrdev_open+0x10/0x10 [ 359.700976][T13138] vfs_open+0x82/0x3f0 [ 359.700998][T13138] path_openat+0x1de4/0x2cb0 [ 359.701021][T13138] ? __pfx_path_openat+0x10/0x10 [ 359.701042][T13138] do_filp_open+0x20b/0x470 [ 359.701059][T13138] ? __pfx_do_filp_open+0x10/0x10 [ 359.701089][T13138] ? alloc_fd+0x471/0x7d0 [ 359.701109][T13138] do_sys_openat2+0x11b/0x1d0 [ 359.701130][T13138] ? __pfx_do_sys_openat2+0x10/0x10 [ 359.701158][T13138] __x64_sys_openat+0x174/0x210 [ 359.701170][T13138] ? __pfx___x64_sys_openat+0x10/0x10 [ 359.701191][T13138] do_syscall_64+0xcd/0x4c0 [ 359.701214][T13138] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 359.701228][T13138] RIP: 0033:0x7f614938eba9 [ 359.701241][T13138] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 359.701255][T13138] RSP: 002b:00007f614a1e0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 359.701269][T13138] RAX: ffffffffffffffda RBX: 00007f61495d5fa0 RCX: 00007f614938eba9 [ 359.701279][T13138] RDX: 0000000000080002 RSI: 00002000000000c0 RDI: ffffffffffffff9c [ 359.701288][T13138] RBP: 00007f6149411e19 R08: 0000000000000000 R09: 0000000000000000 [ 359.701296][T13138] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 359.701304][T13138] R13: 00007f61495d6038 R14: 00007f61495d5fa0 R15: 00007ffcde828cd8 [ 359.701323][T13138] [ 361.589506][T13167] netlink: 330 bytes leftover after parsing attributes in process `syz.3.2726'. [ 361.658018][T13167] : renamed from bond0 (while UP) [ 361.681799][T13169] FAULT_INJECTION: forcing a failure. [ 361.681799][T13169] name failslab, interval 1, probability 0, space 0, times 0 [ 361.727746][T13167] bridge0: port 3() entered disabled state [ 361.741457][T13169] CPU: 1 UID: 0 PID: 13169 Comm: syz.2.2728 Tainted: G U syzkaller #0 PREEMPT(full) [ 361.741481][T13169] Tainted: [U]=USER [ 361.741486][T13169] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 361.741495][T13169] Call Trace: [ 361.741501][T13169] [ 361.741507][T13169] dump_stack_lvl+0x16c/0x1f0 [ 361.741540][T13169] should_fail_ex+0x512/0x640 [ 361.741562][T13169] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 361.741580][T13169] should_failslab+0xc2/0x120 [ 361.741600][T13169] __kmalloc_cache_noprof+0x6a/0x3e0 [ 361.741615][T13169] ? mark_held_locks+0x49/0x80 [ 361.741632][T13169] ? rfkill_fop_open+0x1b6/0x750 [ 361.741651][T13169] rfkill_fop_open+0x1b6/0x750 [ 361.741670][T13169] ? __pfx_rfkill_fop_open+0x10/0x10 [ 361.741686][T13169] misc_open+0x35a/0x420 [ 361.741704][T13169] ? __pfx_misc_open+0x10/0x10 [ 361.741720][T13169] chrdev_open+0x234/0x6a0 [ 361.741737][T13169] ? __pfx_apparmor_file_open+0x10/0x10 [ 361.741753][T13169] ? __pfx_chrdev_open+0x10/0x10 [ 361.741772][T13169] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 361.741791][T13169] do_dentry_open+0x982/0x1530 [ 361.741809][T13169] ? __pfx_chrdev_open+0x10/0x10 [ 361.741830][T13169] vfs_open+0x82/0x3f0 [ 361.741853][T13169] path_openat+0x1de4/0x2cb0 [ 361.741876][T13169] ? __pfx_path_openat+0x10/0x10 [ 361.741897][T13169] do_filp_open+0x20b/0x470 [ 361.741914][T13169] ? __pfx_do_filp_open+0x10/0x10 [ 361.741944][T13169] ? alloc_fd+0x471/0x7d0 [ 361.741965][T13169] do_sys_openat2+0x11b/0x1d0 [ 361.741986][T13169] ? __pfx_do_sys_openat2+0x10/0x10 [ 361.742013][T13169] __x64_sys_openat+0x174/0x210 [ 361.742026][T13169] ? __pfx___x64_sys_openat+0x10/0x10 [ 361.742047][T13169] do_syscall_64+0xcd/0x4c0 [ 361.742069][T13169] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 361.742084][T13169] RIP: 0033:0x7fdf3a98eba9 [ 361.742096][T13169] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 361.742109][T13169] RSP: 002b:00007fdf3b8e0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 361.742123][T13169] RAX: ffffffffffffffda RBX: 00007fdf3abd5fa0 RCX: 00007fdf3a98eba9 [ 361.742132][T13169] RDX: 0000000000000080 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 361.742141][T13169] RBP: 00007fdf3aa11e19 R08: 0000000000000000 R09: 0000000000000000 [ 361.742150][T13169] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 361.742159][T13169] R13: 00007fdf3abd6038 R14: 00007fdf3abd5fa0 R15: 00007ffc24915c58 [ 361.742179][T13169] [ 362.610923][T13179] netlink: 342 bytes leftover after parsing attributes in process `syz.5.2733'. [ 362.635482][T13179] netlink: 342 bytes leftover after parsing attributes in process `syz.5.2733'. [ 362.921864][T13187] netlink: 330 bytes leftover after parsing attributes in process `syz.5.2736'. [ 362.998580][T13189] netlink: 342 bytes leftover after parsing attributes in process `syz.5.2737'. [ 363.126074][T13125] kexec: Could not allocate control_code_buffer [ 364.517298][T13221] FAULT_INJECTION: forcing a failure. [ 364.517298][T13221] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 364.545635][T13221] CPU: 1 UID: 0 PID: 13221 Comm: syz.5.2750 Tainted: G U syzkaller #0 PREEMPT(full) [ 364.545661][T13221] Tainted: [U]=USER [ 364.545666][T13221] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 364.545675][T13221] Call Trace: [ 364.545681][T13221] [ 364.545686][T13221] dump_stack_lvl+0x16c/0x1f0 [ 364.545714][T13221] should_fail_ex+0x512/0x640 [ 364.545738][T13221] should_fail_alloc_page+0xe7/0x130 [ 364.545759][T13221] prepare_alloc_pages+0x3c2/0x610 [ 364.545780][T13221] ? rcu_is_watching+0x12/0xc0 [ 364.545797][T13221] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 364.545820][T13221] ? stack_trace_save+0x8e/0xc0 [ 364.545836][T13221] ? __pfx_stack_trace_save+0x10/0x10 [ 364.545852][T13221] ? stack_depot_save_flags+0x29/0x9c0 [ 364.545873][T13221] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 364.545892][T13221] ? kasan_save_stack+0x42/0x60 [ 364.545907][T13221] ? kasan_save_stack+0x33/0x60 [ 364.545921][T13221] ? kasan_save_track+0x14/0x30 [ 364.545936][T13221] ? __kasan_kmalloc+0xaa/0xb0 [ 364.545950][T13221] ? mon_bin_open+0x1a8/0x4a0 [ 364.545970][T13221] ? do_sys_openat2+0x11b/0x1d0 [ 364.545990][T13221] ? __x64_sys_openat+0x174/0x210 [ 364.546002][T13221] ? do_syscall_64+0xcd/0x4c0 [ 364.546021][T13221] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 364.546039][T13221] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 364.546062][T13221] ? policy_nodemask+0xea/0x4e0 [ 364.546081][T13221] alloc_pages_mpol+0x1fb/0x550 [ 364.546100][T13221] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 364.546124][T13221] alloc_pages_noprof+0x131/0x390 [ 364.546142][T13221] get_zeroed_page_noprof+0x18/0xb0 [ 364.546162][T13221] mon_alloc_buff+0xce/0x1b0 [ 364.546181][T13221] ? kasan_save_track+0x14/0x30 [ 364.546198][T13221] mon_bin_open+0x207/0x4a0 [ 364.546217][T13221] ? __pfx_mon_bin_open+0x10/0x10 [ 364.546235][T13221] chrdev_open+0x234/0x6a0 [ 364.546254][T13221] ? __pfx_chrdev_open+0x10/0x10 [ 364.546273][T13221] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 364.546293][T13221] do_dentry_open+0x982/0x1530 [ 364.546318][T13221] ? __pfx_chrdev_open+0x10/0x10 [ 364.546340][T13221] vfs_open+0x82/0x3f0 [ 364.546364][T13221] path_openat+0x1de4/0x2cb0 [ 364.546389][T13221] ? __pfx_path_openat+0x10/0x10 [ 364.546411][T13221] do_filp_open+0x20b/0x470 [ 364.546428][T13221] ? __pfx_do_filp_open+0x10/0x10 [ 364.546458][T13221] ? alloc_fd+0x471/0x7d0 [ 364.546478][T13221] do_sys_openat2+0x11b/0x1d0 [ 364.546499][T13221] ? __pfx_do_sys_openat2+0x10/0x10 [ 364.546527][T13221] __x64_sys_openat+0x174/0x210 [ 364.546540][T13221] ? __pfx___x64_sys_openat+0x10/0x10 [ 364.546560][T13221] do_syscall_64+0xcd/0x4c0 [ 364.546583][T13221] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 364.546597][T13221] RIP: 0033:0x7f614938eba9 [ 364.546609][T13221] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 364.546623][T13221] RSP: 002b:00007f614a1e0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 364.546637][T13221] RAX: ffffffffffffffda RBX: 00007f61495d5fa0 RCX: 00007f614938eba9 [ 364.546647][T13221] RDX: 0000000000000400 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 364.546656][T13221] RBP: 00007f6149411e19 R08: 0000000000000000 R09: 0000000000000000 [ 364.546665][T13221] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 364.546674][T13221] R13: 00007f61495d6038 R14: 00007f61495d5fa0 R15: 00007ffcde828cd8 [ 364.546693][T13221] [ 365.847814][T13234] netlink: 326 bytes leftover after parsing attributes in process `syz.3.2756'. [ 366.314866][T13238] i2c i2c-0: dvb_frontend_start: failed to start kthread (-4) [ 367.223909][T13256] block nbd7: not configured, cannot reconfigure [ 367.645183][T13274] Process accounting resumed [ 368.085135][T13289] netlink: 280 bytes leftover after parsing attributes in process `syz.5.2778'. [ 368.677756][T13309] netlink: 342 bytes leftover after parsing attributes in process `syz.5.2786'. [ 368.973420][T13315] netlink: 'syz.4.2788': attribute type 1 has an invalid length. [ 369.073784][T13315] netlink: 322 bytes leftover after parsing attributes in process `syz.4.2788'. [ 369.153770][T13322] netlink: 'syz.4.2788': attribute type 1 has an invalid length. [ 369.198242][T13322] netlink: 322 bytes leftover after parsing attributes in process `syz.4.2788'. [ 370.316196][T13357] FAULT_INJECTION: forcing a failure. [ 370.316196][T13357] name failslab, interval 1, probability 0, space 0, times 0 [ 370.374570][T13357] CPU: 1 UID: 0 PID: 13357 Comm: syz.5.2806 Tainted: G U syzkaller #0 PREEMPT(full) [ 370.374597][T13357] Tainted: [U]=USER [ 370.374603][T13357] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 370.374612][T13357] Call Trace: [ 370.374617][T13357] [ 370.374623][T13357] dump_stack_lvl+0x16c/0x1f0 [ 370.374648][T13357] should_fail_ex+0x512/0x640 [ 370.374670][T13357] ? __kmalloc_noprof+0xbf/0x510 [ 370.374689][T13357] ? sk_prot_alloc+0x1a8/0x2a0 [ 370.374708][T13357] should_failslab+0xc2/0x120 [ 370.374726][T13357] __kmalloc_noprof+0xd2/0x510 [ 370.374747][T13357] sk_prot_alloc+0x1a8/0x2a0 [ 370.374764][T13357] sk_alloc+0x36/0xc20 [ 370.374784][T13357] pppol2tp_create+0x32/0x250 [ 370.374799][T13357] pppox_create+0x159/0x2c0 [ 370.374818][T13357] __sock_create+0x335/0x8d0 [ 370.374840][T13357] __sys_socket+0x14d/0x260 [ 370.374857][T13357] ? __pfx___sys_socket+0x10/0x10 [ 370.374874][T13357] ? xfd_validate_state+0x61/0x180 [ 370.374893][T13357] ? __pfx_do_pwritev+0x10/0x10 [ 370.374919][T13357] __x64_sys_socket+0x72/0xb0 [ 370.374934][T13357] ? lockdep_hardirqs_on+0x7c/0x110 [ 370.374955][T13357] do_syscall_64+0xcd/0x4c0 [ 370.374978][T13357] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 370.374992][T13357] RIP: 0033:0x7f614938eba9 [ 370.375004][T13357] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 370.375018][T13357] RSP: 002b:00007f614a1e0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 370.375032][T13357] RAX: ffffffffffffffda RBX: 00007f61495d5fa0 RCX: 00007f614938eba9 [ 370.375041][T13357] RDX: 0000000000000001 RSI: 0000000000000005 RDI: 0000000000000018 [ 370.375049][T13357] RBP: 00007f6149411e19 R08: 0000000000000000 R09: 0000000000000000 [ 370.375057][T13357] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 370.375066][T13357] R13: 00007f61495d6038 R14: 00007f61495d5fa0 R15: 00007ffcde828cd8 [ 370.375083][T13357] [ 370.846771][T13369] mkiss: ax0: crc mode is auto. [ 370.861370][T13370] netlink: zone id is out of range [ 370.870178][T13370] netlink: zone id is out of range [ 370.894663][T13370] netlink: zone id is out of range [ 370.920200][T13370] netlink: zone id is out of range [ 370.968334][T13370] netlink: zone id is out of range [ 371.067795][T13370] netlink: zone id is out of range [ 371.159546][T13370] netlink: zone id is out of range [ 371.260409][T13370] netlink: zone id is out of range [ 371.334065][T13370] netlink: zone id is out of range [ 371.396461][T13370] netlink: zone id is out of range [ 371.589063][T13379] netlink: 'syz.5.2815': attribute type 3 has an invalid length. [ 374.003823][T13432] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2829'. [ 374.313326][T13442] netlink: 342 bytes leftover after parsing attributes in process `syz.5.2835'. [ 374.356589][T13432] hsr0: entered allmulticast mode [ 374.457701][T13432] hsr_slave_0: entered allmulticast mode [ 374.625728][T13432] hsr_slave_1: entered allmulticast mode [ 375.668018][T13461] HfR: entered promiscuous mode [ 375.715071][T13461] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2841'. [ 375.784544][T13461] HfR: left promiscuous mode [ 377.371715][T13498] netlink: 334 bytes leftover after parsing attributes in process `syz.5.2853'. [ 377.402936][ T1304] ieee802154 phy0 wpan0: encryption failed: -22 [ 377.411366][ T1304] ieee802154 phy1 wpan1: encryption failed: -22 [ 377.822854][T13507] netlink: 26 bytes leftover after parsing attributes in process `syz.2.2856'. [ 377.889740][T13507] net_ratelimit: 344 callbacks suppressed [ 377.889754][T13507] openvswitch: netlink: IP tunnel dst address not specified [ 378.117763][T13513] netlink: 342 bytes leftover after parsing attributes in process `syz.4.2858'. [ 378.259216][T13517] netlink: zone id is out of range [ 378.359354][T13517] netlink: zone id is out of range [ 378.391583][T13517] netlink: zone id is out of range [ 378.495520][T13517] netlink: zone id is out of range [ 378.565919][T13517] netlink: zone id is out of range [ 378.636913][T13517] netlink: zone id is out of range [ 378.714071][T13517] netlink: zone id is out of range [ 378.814591][T13517] netlink: zone id is out of range [ 378.900027][T13517] netlink: zone id is out of range [ 379.350435][T13542] netlink: 130 bytes leftover after parsing attributes in process `syz.4.2869'. [ 379.861054][T13562] netlink: 'syz.4.2877': attribute type 1 has an invalid length. [ 379.872261][T13555] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2873'. [ 379.987794][T13568] netlink: 342 bytes leftover after parsing attributes in process `syz.5.2880'. [ 380.114474][T13555] bridge0: port 2(bridge_slave_1) entered disabled state [ 380.759411][T13581] netlink: 326 bytes leftover after parsing attributes in process `syz.2.2886'. [ 380.896503][T13555] bridge_slave_1 (unregistering): left allmulticast mode [ 381.035901][T13555] bridge_slave_1 (unregistering): left promiscuous mode [ 381.205142][T13555] bridge0: port 2(bridge_slave_1) entered disabled state [ 381.293720][T13586] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2889'. [ 382.499036][T13625] netlink: 334 bytes leftover after parsing attributes in process `syz.3.2895'. [ 382.512153][T13627] netlink: 342 bytes leftover after parsing attributes in process `syz.5.2906'. [ 382.537223][T13627] netlink: 342 bytes leftover after parsing attributes in process `syz.5.2906'. [ 382.980320][T13635] netlink: 334 bytes leftover after parsing attributes in process `syz.5.2910'. [ 383.001968][T13635] netlink: 334 bytes leftover after parsing attributes in process `syz.5.2910'. [ 383.869494][T13652] FAULT_INJECTION: forcing a failure. [ 383.869494][T13652] name failslab, interval 1, probability 0, space 0, times 0 [ 383.943473][T13652] CPU: 1 UID: 0 PID: 13652 Comm: syz.3.2916 Tainted: G U syzkaller #0 PREEMPT(full) [ 383.943499][T13652] Tainted: [U]=USER [ 383.943504][T13652] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 383.943513][T13652] Call Trace: [ 383.943519][T13652] [ 383.943525][T13652] dump_stack_lvl+0x16c/0x1f0 [ 383.943552][T13652] should_fail_ex+0x512/0x640 [ 383.943574][T13652] ? __kmalloc_noprof+0xbf/0x510 [ 383.943593][T13652] ? realloc_user_queue+0x288/0x320 [ 383.943609][T13652] should_failslab+0xc2/0x120 [ 383.943628][T13652] __kmalloc_noprof+0xd2/0x510 [ 383.943648][T13652] realloc_user_queue+0x288/0x320 [ 383.943665][T13652] ? __pfx_snd_timer_user_open+0x10/0x10 [ 383.943681][T13652] snd_timer_user_open+0xfc/0x180 [ 383.943697][T13652] snd_open+0x22a/0x4c0 [ 383.943711][T13652] ? __pfx_snd_open+0x10/0x10 [ 383.943724][T13652] chrdev_open+0x234/0x6a0 [ 383.943741][T13652] ? __pfx_apparmor_file_open+0x10/0x10 [ 383.943757][T13652] ? __pfx_chrdev_open+0x10/0x10 [ 383.943775][T13652] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 383.943795][T13652] do_dentry_open+0x982/0x1530 [ 383.943812][T13652] ? __pfx_chrdev_open+0x10/0x10 [ 383.943834][T13652] vfs_open+0x82/0x3f0 [ 383.943857][T13652] path_openat+0x1de4/0x2cb0 [ 383.943879][T13652] ? __pfx_path_openat+0x10/0x10 [ 383.943901][T13652] do_filp_open+0x20b/0x470 [ 383.943917][T13652] ? __pfx_do_filp_open+0x10/0x10 [ 383.943946][T13652] ? alloc_fd+0x471/0x7d0 [ 383.943966][T13652] do_sys_openat2+0x11b/0x1d0 [ 383.943986][T13652] ? __pfx_do_sys_openat2+0x10/0x10 [ 383.944013][T13652] __x64_sys_openat+0x174/0x210 [ 383.944025][T13652] ? __pfx___x64_sys_openat+0x10/0x10 [ 383.944045][T13652] do_syscall_64+0xcd/0x4c0 [ 383.944077][T13652] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 383.944097][T13652] RIP: 0033:0x7f9f0cd8eba9 [ 383.944113][T13652] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 383.944127][T13652] RSP: 002b:00007f9f0dc75038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 383.944142][T13652] RAX: ffffffffffffffda RBX: 00007f9f0cfd5fa0 RCX: 00007f9f0cd8eba9 [ 383.944151][T13652] RDX: 0000000000101440 RSI: 0000200000001cc0 RDI: ffffffffffffff9c [ 383.944160][T13652] RBP: 00007f9f0ce11e19 R08: 0000000000000000 R09: 0000000000000000 [ 383.944169][T13652] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 383.944177][T13652] R13: 00007f9f0cfd6038 R14: 00007f9f0cfd5fa0 R15: 00007fff2ad171d8 [ 383.944196][T13652] [ 384.869134][T13660] netlink: 342 bytes leftover after parsing attributes in process `syz.4.2919'. [ 385.323343][T13672] FAULT_INJECTION: forcing a failure. [ 385.323343][T13672] name failslab, interval 1, probability 0, space 0, times 0 [ 385.405095][T13672] CPU: 1 UID: 0 PID: 13672 Comm: syz.4.2923 Tainted: G U syzkaller #0 PREEMPT(full) [ 385.405123][T13672] Tainted: [U]=USER [ 385.405128][T13672] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 385.405137][T13672] Call Trace: [ 385.405142][T13672] [ 385.405148][T13672] dump_stack_lvl+0x16c/0x1f0 [ 385.405175][T13672] should_fail_ex+0x512/0x640 [ 385.405197][T13672] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 385.405217][T13672] should_failslab+0xc2/0x120 [ 385.405237][T13672] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 385.405255][T13672] ? __alloc_skb+0x2b2/0x380 [ 385.405277][T13672] __alloc_skb+0x2b2/0x380 [ 385.405295][T13672] ? __pfx___alloc_skb+0x10/0x10 [ 385.405317][T13672] ? if_nlmsg_size+0x475/0xaf0 [ 385.405341][T13672] rtmsg_ifinfo_build_skb+0x81/0x280 [ 385.405360][T13672] rtmsg_ifinfo+0x9f/0x1a0 [ 385.405377][T13672] netif_state_change+0x17f/0x3b0 [ 385.405393][T13672] ? __pfx_netif_state_change+0x10/0x10 [ 385.405410][T13672] ? tun_get+0x191/0x370 [ 385.405428][T13672] netdev_state_change+0xaa/0x240 [ 385.405443][T13672] __tun_chr_ioctl+0x2443/0x48b0 [ 385.405458][T13672] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 385.405483][T13672] ? __pfx___tun_chr_ioctl+0x10/0x10 [ 385.405500][T13672] ? hook_file_ioctl_common+0x145/0x410 [ 385.405523][T13672] ? __fget_files+0x20e/0x3c0 [ 385.405541][T13672] ? __pfx_tun_chr_ioctl+0x10/0x10 [ 385.405558][T13672] __x64_sys_ioctl+0x18e/0x210 [ 385.405580][T13672] do_syscall_64+0xcd/0x4c0 [ 385.405602][T13672] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 385.405617][T13672] RIP: 0033:0x7f532ff8eba9 [ 385.405629][T13672] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 385.405642][T13672] RSP: 002b:00007f532e1d5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 385.405656][T13672] RAX: ffffffffffffffda RBX: 00007f53301d6090 RCX: 00007f532ff8eba9 [ 385.405665][T13672] RDX: 000000000000006f RSI: 00000000400454cc RDI: 04000000000000c8 [ 385.405674][T13672] RBP: 00007f5330011e19 R08: 0000000000000000 R09: 0000000000000000 [ 385.405682][T13672] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 385.405690][T13672] R13: 00007f53301d6128 R14: 00007f53301d6090 R15: 00007ffd8d1609c8 [ 385.405708][T13672] [ 386.688093][T13691] netlink: 334 bytes leftover after parsing attributes in process `syz.3.2933'. [ 387.258859][T13699] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 387.559376][T13712] netlink: 120 bytes leftover after parsing attributes in process `syz.2.2942'. [ 387.772758][T13722] netlink: 'syz.4.2946': attribute type 27 has an invalid length. [ 387.806082][T13722] netlink: 334 bytes leftover after parsing attributes in process `syz.4.2946'. [ 388.842343][T13751] netlink: 350 bytes leftover after parsing attributes in process `syz.5.2959'. [ 389.508355][T13762] syz.4.2961 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 390.469847][T13801] netlink: 342 bytes leftover after parsing attributes in process `syz.4.2976'. [ 392.627417][T13864] netlink: 334 bytes leftover after parsing attributes in process `syz.4.2998'. [ 394.446978][T13888] netlink: 342 bytes leftover after parsing attributes in process `syz.5.3004'. [ 395.491466][T13899] netlink: 342 bytes leftover after parsing attributes in process `syz.4.3008'. [ 396.127334][T13904] netlink: 302 bytes leftover after parsing attributes in process `syz.5.3010'. [ 396.193324][T13906] netlink: 334 bytes leftover after parsing attributes in process `syz.5.3011'. [ 396.492758][T13917] netlink: 342 bytes leftover after parsing attributes in process `syz.5.3016'. [ 400.606783][T14019] netlink: 334 bytes leftover after parsing attributes in process `syz.4.3060'. [ 401.062117][T14027] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3063'. [ 403.637238][T14078] netlink: 146 bytes leftover after parsing attributes in process `syz.5.3082'. [ 403.823898][T14083] FAULT_INJECTION: forcing a failure. [ 403.823898][T14083] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 403.875775][T14083] CPU: 1 UID: 0 PID: 14083 Comm: syz.4.3084 Tainted: G U syzkaller #0 PREEMPT(full) [ 403.875815][T14083] Tainted: [U]=USER [ 403.875820][T14083] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 403.875829][T14083] Call Trace: [ 403.875835][T14083] [ 403.875841][T14083] dump_stack_lvl+0x16c/0x1f0 [ 403.875868][T14083] should_fail_ex+0x512/0x640 [ 403.875892][T14083] _copy_from_user+0x2e/0xd0 [ 403.875908][T14083] kvm_dev_ioctl_get_cpuid+0x43f/0x700 [ 403.875933][T14083] ? __might_fault+0xe3/0x190 [ 403.875949][T14083] ? __pfx_kvm_dev_ioctl_get_cpuid+0x10/0x10 [ 403.875978][T14083] kvm_arch_dev_ioctl+0x3f8/0x760 [ 403.875994][T14083] ? __pfx_kvm_arch_dev_ioctl+0x10/0x10 [ 403.876015][T14083] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 403.876039][T14083] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 403.876059][T14083] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 403.876080][T14083] kvm_dev_ioctl+0x721/0x1af0 [ 403.876097][T14083] ? find_held_lock+0x2b/0x80 [ 403.876111][T14083] ? hook_file_ioctl_common+0x145/0x410 [ 403.876131][T14083] ? __pfx_kvm_dev_ioctl+0x10/0x10 [ 403.876147][T14083] ? __fget_files+0x20e/0x3c0 [ 403.876165][T14083] ? __pfx_kvm_dev_ioctl+0x10/0x10 [ 403.876181][T14083] __x64_sys_ioctl+0x18e/0x210 [ 403.876204][T14083] do_syscall_64+0xcd/0x4c0 [ 403.876227][T14083] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 403.876241][T14083] RIP: 0033:0x7f532ff8eba9 [ 403.876253][T14083] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 403.876267][T14083] RSP: 002b:00007f532e1f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 403.876281][T14083] RAX: ffffffffffffffda RBX: 00007f53301d5fa0 RCX: 00007f532ff8eba9 [ 403.876290][T14083] RDX: 0000000000000000 RSI: 00000000c008ae09 RDI: 0000000000000005 [ 403.876299][T14083] RBP: 00007f5330011e19 R08: 0000000000000000 R09: 0000000000000000 [ 403.876307][T14083] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 403.876315][T14083] R13: 00007f53301d6038 R14: 00007f53301d5fa0 R15: 00007ffd8d1609c8 [ 403.876333][T14083] [ 404.493842][T14086] netlink: 146 bytes leftover after parsing attributes in process `syz.4.3085'. [ 404.632060][T14090] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3088'. [ 404.653849][T14090] netlink: 25 bytes leftover after parsing attributes in process `syz.5.3088'. [ 405.410982][T14121] netlink: 'syz.5.3100': attribute type 4 has an invalid length. [ 405.460162][T14120] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3098'. [ 406.110493][T14136] netlink: 338 bytes leftover after parsing attributes in process `syz.5.3105'. [ 408.425271][T14185] netlink: 342 bytes leftover after parsing attributes in process `syz.5.3127'. [ 408.574687][T14187] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3126'. [ 408.666632][T14195] netlink: 330 bytes leftover after parsing attributes in process `syz.2.3129'. [ 408.710877][T14187] veth1_macvtap: left promiscuous mode [ 409.241360][T14214] netlink: 334 bytes leftover after parsing attributes in process `syz.3.3139'. [ 409.280976][T14214] netlink: 334 bytes leftover after parsing attributes in process `syz.3.3139'. [ 409.625305][T14222] netlink: 346 bytes leftover after parsing attributes in process `syz.5.3143'. [ 410.037978][ T51] Bluetooth: hci4: command 0x0406 tx timeout [ 410.161523][T14234] netlink: 342 bytes leftover after parsing attributes in process `syz.4.3146'. [ 410.684933][T14250] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3151'. [ 410.886487][T14262] FAULT_INJECTION: forcing a failure. [ 410.886487][T14262] name failslab, interval 1, probability 0, space 0, times 0 [ 410.968621][T14262] CPU: 1 UID: 0 PID: 14262 Comm: syz.3.3157 Tainted: G U syzkaller #0 PREEMPT(full) [ 410.968647][T14262] Tainted: [U]=USER [ 410.968653][T14262] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 410.968661][T14262] Call Trace: [ 410.968667][T14262] [ 410.968673][T14262] dump_stack_lvl+0x16c/0x1f0 [ 410.968699][T14262] should_fail_ex+0x512/0x640 [ 410.968722][T14262] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 410.968739][T14262] should_failslab+0xc2/0x120 [ 410.968759][T14262] __kmalloc_cache_noprof+0x6a/0x3e0 [ 410.968774][T14262] ? madvise_collapse+0x1a6/0xaa0 [ 410.968797][T14262] madvise_collapse+0x1a6/0xaa0 [ 410.968816][T14262] ? rcu_is_watching+0x12/0xc0 [ 410.968830][T14262] ? finish_task_switch.isra.0+0x221/0xc10 [ 410.968845][T14262] ? lockdep_hardirqs_on+0x7c/0x110 [ 410.968864][T14262] ? finish_task_switch.isra.0+0x221/0xc10 [ 410.968879][T14262] ? __pfx_madvise_collapse+0x10/0x10 [ 410.968898][T14262] ? rcu_is_watching+0x12/0xc0 [ 410.968915][T14262] ? trace_sched_exit_tp+0xd1/0x120 [ 410.968941][T14262] madvise_vma_behavior+0x10a4/0x2d60 [ 410.968963][T14262] ? mas_prev_setup.constprop.0+0xb6/0x9d0 [ 410.968984][T14262] ? __pfx_madvise_vma_behavior+0x10/0x10 [ 410.969005][T14262] ? __pfx_mas_prev+0x10/0x10 [ 410.969029][T14262] ? find_vma_prev+0xda/0x160 [ 410.969048][T14262] ? find_held_lock+0x2b/0x80 [ 410.969061][T14262] ? __pfx_find_vma_prev+0x10/0x10 [ 410.969080][T14262] ? futex_unqueue+0x133/0x2c0 [ 410.969102][T14262] ? __futex_wait+0x24c/0x2f0 [ 410.969124][T14262] madvise_walk_vmas+0x31f/0x9c0 [ 410.969147][T14262] ? __pfx_madvise_walk_vmas+0x10/0x10 [ 410.969172][T14262] madvise_do_behavior+0x1e2/0x530 [ 410.969191][T14262] ? futex_private_hash_put+0x18a/0x300 [ 410.969207][T14262] ? __pfx_madvise_do_behavior+0x10/0x10 [ 410.969228][T14262] ? down_read+0x13d/0x480 [ 410.969250][T14262] do_madvise+0x176/0x240 [ 410.969269][T14262] ? __pfx_do_madvise+0x10/0x10 [ 410.969287][T14262] ? do_futex+0x122/0x350 [ 410.969317][T14262] ? xfd_validate_state+0x61/0x180 [ 410.969341][T14262] __x64_sys_madvise+0xa9/0x110 [ 410.969360][T14262] ? lockdep_hardirqs_on+0x7c/0x110 [ 410.969379][T14262] do_syscall_64+0xcd/0x4c0 [ 410.969401][T14262] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 410.969416][T14262] RIP: 0033:0x7f9f0cd8eba9 [ 410.969428][T14262] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 410.969442][T14262] RSP: 002b:00007f9f0dc75038 EFLAGS: 00000246 ORIG_RAX: 000000000000001c [ 410.969457][T14262] RAX: ffffffffffffffda RBX: 00007f9f0cfd5fa0 RCX: 00007f9f0cd8eba9 [ 410.969467][T14262] RDX: 0000000000000019 RSI: 0000000000200007 RDI: 0000000000000000 [ 410.969476][T14262] RBP: 00007f9f0ce11e19 R08: 0000000000000000 R09: 0000000000000000 [ 410.969485][T14262] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 410.969493][T14262] R13: 00007f9f0cfd6038 R14: 00007f9f0cfd5fa0 R15: 00007fff2ad171d8 [ 410.969519][T14262] [ 411.416900][T14269] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3162'. [ 411.456078][T14269] veth1_macvtap: left promiscuous mode [ 411.870485][T14283] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3168'. [ 412.139453][T14290] netlink: 'syz.5.3170': attribute type 16 has an invalid length. [ 412.158834][T14290] netlink: 306 bytes leftover after parsing attributes in process `syz.5.3170'. [ 412.280490][T14292] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3171'. [ 412.302429][T14292] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3171'. [ 412.401830][T14295] netlink: 28 bytes leftover after parsing attributes in process `syz.5.3173'. [ 412.420241][T14295] veth1_macvtap: left promiscuous mode [ 412.491625][T14298] netlink: 322 bytes leftover after parsing attributes in process `syz.4.3181'. [ 412.964622][T14312] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3178'. [ 413.077728][T14319] netlink: 334 bytes leftover after parsing attributes in process `syz.5.3182'. [ 415.175828][T14355] netlink: 322 bytes leftover after parsing attributes in process `syz.5.3196'. [ 415.970993][T14377] netlink: 'syz.3.3204': attribute type 4 has an invalid length. [ 417.289524][T14381] kexec: Could not allocate control_code_buffer [ 417.746191][T14425] __nla_validate_parse: 2 callbacks suppressed [ 417.746205][T14425] netlink: 28 bytes leftover after parsing attributes in process `syz.5.3222'. [ 418.389202][T14438] netlink: 342 bytes leftover after parsing attributes in process `syz.5.3228'. [ 418.759451][T14447] netlink: 334 bytes leftover after parsing attributes in process `syz.5.3233'. [ 418.841295][T14448] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 418.855427][T14451] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3235'. [ 419.068953][T14456] FAULT_INJECTION: forcing a failure. [ 419.068953][T14456] name failslab, interval 1, probability 0, space 0, times 0 [ 419.122903][T14456] CPU: 1 UID: 0 PID: 14456 Comm: syz.2.3237 Tainted: G U syzkaller #0 PREEMPT(full) [ 419.122933][T14456] Tainted: [U]=USER [ 419.122938][T14456] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 419.122948][T14456] Call Trace: [ 419.122953][T14456] [ 419.122960][T14456] dump_stack_lvl+0x16c/0x1f0 [ 419.122986][T14456] should_fail_ex+0x512/0x640 [ 419.123008][T14456] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 419.123025][T14456] should_failslab+0xc2/0x120 [ 419.123044][T14456] __kmalloc_cache_noprof+0x6a/0x3e0 [ 419.123059][T14456] ? madvise_collapse+0x1a6/0xaa0 [ 419.123081][T14456] madvise_collapse+0x1a6/0xaa0 [ 419.123100][T14456] ? rcu_is_watching+0x12/0xc0 [ 419.123114][T14456] ? finish_task_switch.isra.0+0x221/0xc10 [ 419.123129][T14456] ? lockdep_hardirqs_on+0x7c/0x110 [ 419.123151][T14456] ? finish_task_switch.isra.0+0x221/0xc10 [ 419.123166][T14456] ? __pfx_madvise_collapse+0x10/0x10 [ 419.123185][T14456] ? rcu_is_watching+0x12/0xc0 [ 419.123199][T14456] ? trace_sched_exit_tp+0xd1/0x120 [ 419.123225][T14456] madvise_vma_behavior+0x10a4/0x2d60 [ 419.123248][T14456] ? mas_prev_setup.constprop.0+0xb6/0x9d0 [ 419.123268][T14456] ? __pfx_madvise_vma_behavior+0x10/0x10 [ 419.123289][T14456] ? __pfx_mas_prev+0x10/0x10 [ 419.123314][T14456] ? find_vma_prev+0xda/0x160 [ 419.123332][T14456] ? find_held_lock+0x2b/0x80 [ 419.123345][T14456] ? __pfx_find_vma_prev+0x10/0x10 [ 419.123365][T14456] ? futex_unqueue+0x133/0x2c0 [ 419.123388][T14456] ? __futex_wait+0x24c/0x2f0 [ 419.123410][T14456] madvise_walk_vmas+0x31f/0x9c0 [ 419.123437][T14456] ? __pfx_madvise_walk_vmas+0x10/0x10 [ 419.123466][T14456] madvise_do_behavior+0x1e2/0x530 [ 419.123485][T14456] ? futex_private_hash_put+0x18a/0x300 [ 419.123503][T14456] ? __pfx_madvise_do_behavior+0x10/0x10 [ 419.123524][T14456] ? down_read+0x13d/0x480 [ 419.123547][T14456] do_madvise+0x176/0x240 [ 419.123567][T14456] ? __pfx_do_madvise+0x10/0x10 [ 419.123586][T14456] ? do_futex+0x122/0x350 [ 419.123615][T14456] ? xfd_validate_state+0x61/0x180 [ 419.123639][T14456] __x64_sys_madvise+0xa9/0x110 [ 419.123658][T14456] ? lockdep_hardirqs_on+0x7c/0x110 [ 419.123677][T14456] do_syscall_64+0xcd/0x4c0 [ 419.123700][T14456] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 419.123715][T14456] RIP: 0033:0x7fdf3a98eba9 [ 419.123734][T14456] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 419.123757][T14456] RSP: 002b:00007fdf3b8e0038 EFLAGS: 00000246 ORIG_RAX: 000000000000001c [ 419.123772][T14456] RAX: ffffffffffffffda RBX: 00007fdf3abd5fa0 RCX: 00007fdf3a98eba9 [ 419.123782][T14456] RDX: 0000000000000019 RSI: 0000000000200007 RDI: 0000000000000000 [ 419.123791][T14456] RBP: 00007fdf3aa11e19 R08: 0000000000000000 R09: 0000000000000000 [ 419.123800][T14456] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 419.123808][T14456] R13: 00007fdf3abd6038 R14: 00007fdf3abd5fa0 R15: 00007ffc24915c58 [ 419.123828][T14456] [ 419.473979][ C1] vkms_vblank_simulate: vblank timer overrun [ 420.020413][T14462] netlink: 342 bytes leftover after parsing attributes in process `syz.3.3240'. [ 420.304250][T14466] sock: sock_timestamping_bind_phc: sock not bind to device [ 420.545125][T14484] netlink: 330 bytes leftover after parsing attributes in process `syz.5.3251'. [ 420.616531][T14486] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3250'. [ 420.631733][T14489] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3252'. [ 420.733943][T14486] hsr_slave_0: left promiscuous mode [ 420.750659][T14486] hsr_slave_1: left promiscuous mode [ 420.796245][T14495] netlink: 'syz.5.3255': attribute type 28 has an invalid length. [ 420.807004][T14495] netlink: 334 bytes leftover after parsing attributes in process `syz.5.3255'. [ 421.103403][T14505] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3262'. [ 421.610936][T14520] FAULT_INJECTION: forcing a failure. [ 421.610936][T14520] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 421.739865][T14520] CPU: 1 UID: 0 PID: 14520 Comm: syz.4.3266 Tainted: G U syzkaller #0 PREEMPT(full) [ 421.739892][T14520] Tainted: [U]=USER [ 421.739897][T14520] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 421.739906][T14520] Call Trace: [ 421.739912][T14520] [ 421.739918][T14520] dump_stack_lvl+0x16c/0x1f0 [ 421.739945][T14520] should_fail_ex+0x512/0x640 [ 421.739970][T14520] _copy_to_iter+0x463/0x1710 [ 421.739991][T14520] ? __pfx__copy_to_iter+0x10/0x10 [ 421.740008][T14520] ? const_folio_flags+0x5b/0x100 [ 421.740025][T14520] ? folio_mark_accessed+0xc1/0xc00 [ 421.740043][T14520] ? __pfx_folio_mark_accessed+0x10/0x10 [ 421.740065][T14520] copy_page_to_iter+0x12a/0x1e0 [ 421.740083][T14520] filemap_read+0x6b1/0xe40 [ 421.740111][T14520] ? __pfx_filemap_read+0x10/0x10 [ 421.740142][T14520] ? __pfx_down_read+0x10/0x10 [ 421.740158][T14520] ? __pfx_aa_file_perm+0x10/0x10 [ 421.740181][T14520] blkdev_read_iter+0x1ac/0x500 [ 421.740204][T14520] do_iter_readv_writev+0x743/0x9e0 [ 421.740221][T14520] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 421.740239][T14520] ? bpf_lsm_file_permission+0x9/0x10 [ 421.740259][T14520] ? security_file_permission+0x71/0x210 [ 421.740279][T14520] ? rw_verify_area+0xcf/0x6c0 [ 421.740295][T14520] vfs_readv+0x4cb/0x8b0 [ 421.740314][T14520] ? __pfx_vfs_readv+0x10/0x10 [ 421.740342][T14520] ? __fget_files+0x20e/0x3c0 [ 421.740365][T14520] ? do_readv+0x132/0x340 [ 421.740378][T14520] do_readv+0x132/0x340 [ 421.740393][T14520] ? __pfx_do_readv+0x10/0x10 [ 421.740409][T14520] ? xfd_validate_state+0x61/0x180 [ 421.740429][T14520] ? __pfx_do_writev+0x10/0x10 [ 421.740447][T14520] __x64_sys_preadv2+0x11f/0x160 [ 421.740467][T14520] do_syscall_64+0xcd/0x4c0 [ 421.740489][T14520] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 421.740511][T14520] RIP: 0033:0x7f532ff8eba9 [ 421.740524][T14520] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 421.740538][T14520] RSP: 002b:00007f532e1d5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000147 [ 421.740556][T14520] RAX: ffffffffffffffda RBX: 00007f53301d6090 RCX: 00007f532ff8eba9 [ 421.740565][T14520] RDX: 0000000000000006 RSI: 0000200000000080 RDI: 0000000000000003 [ 421.740574][T14520] RBP: 00007f5330011e19 R08: 0000000000000004 R09: 000000000000002e [ 421.740582][T14520] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000 [ 421.740590][T14520] R13: 00007f53301d6128 R14: 00007f53301d6090 R15: 00007ffd8d1609c8 [ 421.740609][T14520] [ 422.045676][ C1] vkms_vblank_simulate: vblank timer overrun [ 422.152019][T14525] netlink: 'syz.3.3269': attribute type 14 has an invalid length. [ 424.629435][T14581] netlink: 'syz.5.3290': attribute type 4 has an invalid length. [ 424.641637][T14581] netlink: 'syz.5.3290': attribute type 4 has an invalid length. [ 424.867922][T14587] FAULT_INJECTION: forcing a failure. [ 424.867922][T14587] name failslab, interval 1, probability 0, space 0, times 0 [ 424.905178][T14590] __nla_validate_parse: 1 callbacks suppressed [ 424.905193][T14590] netlink: 330 bytes leftover after parsing attributes in process `syz.4.3294'. [ 424.936193][T14587] CPU: 1 UID: 0 PID: 14587 Comm: syz.2.3292 Tainted: G U syzkaller #0 PREEMPT(full) [ 424.936220][T14587] Tainted: [U]=USER [ 424.936225][T14587] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 424.936234][T14587] Call Trace: [ 424.936241][T14587] [ 424.936247][T14587] dump_stack_lvl+0x16c/0x1f0 [ 424.936281][T14587] should_fail_ex+0x512/0x640 [ 424.936303][T14587] ? __kmalloc_node_track_caller_noprof+0xc3/0x510 [ 424.936325][T14587] should_failslab+0xc2/0x120 [ 424.936344][T14587] __kmalloc_node_track_caller_noprof+0xd6/0x510 [ 424.936363][T14587] ? __kthread_create_on_node+0x186/0x3f0 [ 424.936385][T14587] kvasprintf+0xbc/0x160 [ 424.936400][T14587] ? __pfx_kvasprintf+0x10/0x10 [ 424.936423][T14587] ? __pfx_dvb_frontend_thread+0x10/0x10 [ 424.936444][T14587] __kthread_create_on_node+0x186/0x3f0 [ 424.936463][T14587] ? __pfx___kthread_create_on_node+0x10/0x10 [ 424.936488][T14587] ? __lock_acquire+0xb97/0x1ce0 [ 424.936508][T14587] ? __pfx_dvb_frontend_thread+0x10/0x10 [ 424.936530][T14587] kthread_create_on_node+0xc7/0x100 [ 424.936548][T14587] ? __pfx_kthread_create_on_node+0x10/0x10 [ 424.936569][T14587] ? mark_held_locks+0x49/0x80 [ 424.936586][T14587] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 424.936605][T14587] ? lockdep_hardirqs_on+0x7c/0x110 [ 424.936628][T14587] dvb_frontend_open+0xf47/0x1730 [ 424.936655][T14587] ? __pfx_dvb_frontend_open+0x10/0x10 [ 424.936677][T14587] dvb_device_open+0x26d/0x3b0 [ 424.936697][T14587] ? __pfx_dvb_device_open+0x10/0x10 [ 424.936710][T14587] chrdev_open+0x234/0x6a0 [ 424.936728][T14587] ? __pfx_apparmor_file_open+0x10/0x10 [ 424.936745][T14587] ? __pfx_chrdev_open+0x10/0x10 [ 424.936765][T14587] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 424.936785][T14587] do_dentry_open+0x982/0x1530 [ 424.936803][T14587] ? __pfx_chrdev_open+0x10/0x10 [ 424.936825][T14587] vfs_open+0x82/0x3f0 [ 424.936848][T14587] path_openat+0x1de4/0x2cb0 [ 424.936871][T14587] ? __pfx_path_openat+0x10/0x10 [ 424.936892][T14587] do_filp_open+0x20b/0x470 [ 424.936909][T14587] ? __pfx_do_filp_open+0x10/0x10 [ 424.936939][T14587] ? alloc_fd+0x471/0x7d0 [ 424.936960][T14587] do_sys_openat2+0x11b/0x1d0 [ 424.936981][T14587] ? __pfx_do_sys_openat2+0x10/0x10 [ 424.937009][T14587] __x64_sys_openat+0x174/0x210 [ 424.937022][T14587] ? __pfx___x64_sys_openat+0x10/0x10 [ 424.937042][T14587] do_syscall_64+0xcd/0x4c0 [ 424.937065][T14587] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 424.937080][T14587] RIP: 0033:0x7fdf3a98eba9 [ 424.937093][T14587] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 424.937106][T14587] RSP: 002b:00007fdf3b8e0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 424.937121][T14587] RAX: ffffffffffffffda RBX: 00007fdf3abd5fa0 RCX: 00007fdf3a98eba9 [ 424.937131][T14587] RDX: 0000000000000001 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 424.937140][T14587] RBP: 00007fdf3aa11e19 R08: 0000000000000000 R09: 0000000000000000 [ 424.937149][T14587] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 424.937157][T14587] R13: 00007fdf3abd6038 R14: 00007fdf3abd5fa0 R15: 00007ffc24915c58 [ 424.937177][T14587] [ 424.937203][T14587] i2c i2c-0: dvb_frontend_start: failed to start kthread (-12) [ 425.752275][T14600] netlink: 342 bytes leftover after parsing attributes in process `syz.3.3298'. [ 426.004863][T14587] ================================================================== [ 426.014550][T14587] BUG: KASAN: slab-use-after-free in dvb_device_put.part.0+0x22/0x90 [ 426.024213][T14587] Write of size 4 at addr ffff88802aae1610 by task syz.2.3292/14587 [ 426.033750][T14587] [ 426.036516][T14587] CPU: 1 UID: 0 PID: 14587 Comm: syz.2.3292 Tainted: G U syzkaller #0 PREEMPT(full) [ 426.036536][T14587] Tainted: [U]=USER [ 426.036541][T14587] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 426.036550][T14587] Call Trace: [ 426.036557][T14587] [ 426.036563][T14587] dump_stack_lvl+0x116/0x1f0 [ 426.036587][T14587] print_report+0xcd/0x630 [ 426.036605][T14587] ? __virt_addr_valid+0x81/0x610 [ 426.036622][T14587] ? __phys_addr+0xe8/0x180 [ 426.036638][T14587] ? dvb_device_put.part.0+0x22/0x90 [ 426.036658][T14587] kasan_report+0xe0/0x110 [ 426.036675][T14587] ? dvb_device_put.part.0+0x22/0x90 [ 426.036697][T14587] kasan_check_range+0x100/0x1b0 [ 426.036717][T14587] dvb_device_put.part.0+0x22/0x90 [ 426.036738][T14587] dvb_device_open+0x2a4/0x3b0 [ 426.036751][T14587] ? __pfx_dvb_device_open+0x10/0x10 [ 426.036763][T14587] chrdev_open+0x234/0x6a0 [ 426.036781][T14587] ? __pfx_apparmor_file_open+0x10/0x10 [ 426.036798][T14587] ? __pfx_chrdev_open+0x10/0x10 [ 426.036815][T14587] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 426.036832][T14587] do_dentry_open+0x982/0x1530 [ 426.036850][T14587] ? __pfx_chrdev_open+0x10/0x10 [ 426.036868][T14587] vfs_open+0x82/0x3f0 [ 426.036888][T14587] path_openat+0x1de4/0x2cb0 [ 426.036907][T14587] ? __pfx_path_openat+0x10/0x10 [ 426.036924][T14587] do_filp_open+0x20b/0x470 [ 426.036940][T14587] ? __pfx_do_filp_open+0x10/0x10 [ 426.036961][T14587] ? alloc_fd+0x471/0x7d0 [ 426.036977][T14587] do_sys_openat2+0x11b/0x1d0 [ 426.036997][T14587] ? __pfx_do_sys_openat2+0x10/0x10 [ 426.037020][T14587] __x64_sys_openat+0x174/0x210 [ 426.037032][T14587] ? __pfx___x64_sys_openat+0x10/0x10 [ 426.037047][T14587] do_syscall_64+0xcd/0x4c0 [ 426.037069][T14587] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 426.037083][T14587] RIP: 0033:0x7fdf3a98eba9 [ 426.037096][T14587] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 426.037109][T14587] RSP: 002b:00007fdf3b8e0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 426.037123][T14587] RAX: ffffffffffffffda RBX: 00007fdf3abd5fa0 RCX: 00007fdf3a98eba9 [ 426.037132][T14587] RDX: 0000000000000001 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 426.037141][T14587] RBP: 00007fdf3aa11e19 R08: 0000000000000000 R09: 0000000000000000 [ 426.037149][T14587] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 426.037157][T14587] R13: 00007fdf3abd6038 R14: 00007fdf3abd5fa0 R15: 00007ffc24915c58 [ 426.037170][T14587] [ 426.037175][T14587] [ 426.336454][T14587] Allocated by task 1: [ 426.341308][T14587] kasan_save_stack+0x33/0x60 [ 426.346891][T14587] kasan_save_track+0x14/0x30 [ 426.352463][T14587] __kasan_kmalloc+0xaa/0xb0 [ 426.357937][T14587] dvb_register_device+0x1e4/0x2370 [ 426.364138][T14587] dvb_register_frontend+0x5a6/0x880 [ 426.370453][T14587] vidtv_bridge_probe+0x459/0xa90 [ 426.376459][T14587] platform_probe+0x103/0x1d0 [ 426.382040][T14587] really_probe+0x241/0xa90 [ 426.387409][T14587] __driver_probe_device+0x1de/0x440 [ 426.393716][T14587] driver_probe_device+0x4c/0x1b0 [ 426.399712][T14587] __driver_attach+0x283/0x580 [ 426.405402][T14587] bus_for_each_dev+0x13e/0x1d0 [ 426.411187][T14587] bus_add_driver+0x2e9/0x690 [ 426.416765][T14587] driver_register+0x15c/0x4b0 [ 426.422445][T14587] vidtv_bridge_init+0x45/0x80 [ 426.428141][T14587] do_one_initcall+0x120/0x6e0 [ 426.433823][T14587] kernel_init_freeable+0x5c2/0x910 [ 426.440027][T14587] kernel_init+0x1c/0x2b0 [ 426.445190][T14587] ret_from_fork+0x56d/0x730 [ 426.450685][T14587] ret_from_fork_asm+0x1a/0x30 [ 426.456383][T14587] [ 426.459140][T14587] Freed by task 14593: [ 426.463979][T14587] kasan_save_stack+0x33/0x60 [ 426.469564][T14587] kasan_save_track+0x14/0x30 [ 426.475560][T14587] kasan_save_free_info+0x3b/0x60 [ 426.481548][T14587] __kasan_slab_free+0x60/0x70 [ 426.487252][T14587] kfree+0x2b4/0x4d0 [ 426.491887][T14587] dvb_device_put.part.0+0x60/0x90 [ 426.497990][T14587] dvb_device_open+0x2a4/0x3b0 [ 426.503665][T14587] chrdev_open+0x234/0x6a0 [ 426.508935][T14587] do_dentry_open+0x982/0x1530 [ 426.514622][T14587] vfs_open+0x82/0x3f0 [ 426.519470][T14587] path_openat+0x1de4/0x2cb0 [ 426.524949][T14587] do_filp_open+0x20b/0x470 [ 426.530317][T14587] do_sys_openat2+0x11b/0x1d0 [ 426.535922][T14587] __x64_sys_openat+0x174/0x210 [ 426.541702][T14587] do_syscall_64+0xcd/0x4c0 [ 426.547075][T14587] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 426.554108][T14587] [ 426.556858][T14587] The buggy address belongs to the object at ffff88802aae1600 [ 426.556858][T14587] which belongs to the cache kmalloc-256 of size 256 [ 426.573679][T14587] The buggy address is located 16 bytes inside of [ 426.573679][T14587] freed 256-byte region [ffff88802aae1600, ffff88802aae1700) [ 426.590096][T14587] [ 426.592850][T14587] The buggy address belongs to the physical page: [ 426.600512][T14587] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2aae0 [ 426.611000][T14587] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 426.621157][T14587] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 426.630170][T14587] page_type: f5(slab) [ 426.634920][T14587] raw: 00fff00000000040 ffff88801b841b40 dead000000000122 0000000000000000 [ 426.645183][T14587] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 426.655442][T14587] head: 00fff00000000040 ffff88801b841b40 dead000000000122 0000000000000000 [ 426.665824][T14587] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 426.676190][T14587] head: 00fff00000000001 ffffea0000aab801 00000000ffffffff 00000000ffffffff [ 426.686570][T14587] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 426.696931][T14587] page dumped because: kasan: bad access detected [ 426.704600][T14587] page_owner tracks the page as allocated [ 426.711416][T14587] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 19212219133, free_ts 0 [ 426.735022][T14587] post_alloc_hook+0x1c0/0x230 [ 426.740721][T14587] get_page_from_freelist+0x132b/0x38e0 [ 426.747339][T14587] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 426.754405][T14587] alloc_pages_mpol+0x1fb/0x550 [ 426.760212][T14587] new_slab+0x247/0x330 [ 426.765163][T14587] ___slab_alloc+0xcf2/0x1750 [ 426.770733][T14587] __slab_alloc.constprop.0+0x56/0xb0 [ 426.777153][T14587] __kmalloc_cache_noprof+0xfb/0x3e0 [ 426.783456][T14587] bus_add_driver+0x92/0x690 [ 426.789244][T14587] driver_register+0x15c/0x4b0 [ 426.794919][T14587] usb_register_driver+0x216/0x4d0 [ 426.801014][T14587] do_one_initcall+0x120/0x6e0 [ 426.806694][T14587] kernel_init_freeable+0x5c2/0x910 [ 426.812894][T14587] kernel_init+0x1c/0x2b0 [ 426.818052][T14587] ret_from_fork+0x56d/0x730 [ 426.823528][T14587] ret_from_fork_asm+0x1a/0x30 [ 426.829211][T14587] page_owner free stack trace missing [ 426.835611][T14587] [ 426.838361][T14587] Memory state around the buggy address: [ 426.845073][T14587] ffff88802aae1500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 426.854703][T14587] ffff88802aae1580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 426.864334][T14587] >ffff88802aae1600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 426.873966][T14587] ^ [ 426.879429][T14587] ffff88802aae1680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 426.889072][T14587] ffff88802aae1700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 426.898826][T14587] ================================================================== SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 428.154251][T14587] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 428.162890][T14587] CPU: 1 UID: 0 PID: 14587 Comm: syz.2.3292 Tainted: G U syzkaller #0 PREEMPT(full) [ 428.175972][T14587] Tainted: [U]=USER [ 428.180495][T14587] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 428.192527][T14587] Call Trace: [ 428.196427][T14587] [ 428.199908][T14587] dump_stack_lvl+0x3d/0x1f0 [ 428.205392][T14587] vpanic+0x6e8/0x7a0 [ 428.210142][T14587] ? __pfx_vpanic+0x10/0x10 [ 428.215526][T14587] ? __pfx_vprintk_emit+0x10/0x10 [ 428.221521][T14587] ? dvb_device_put.part.0+0x22/0x90 [ 428.227833][T14587] panic+0xca/0xd0 [ 428.232273][T14587] ? __pfx_panic+0x10/0x10 [ 428.237538][T14587] ? dvb_device_put.part.0+0x22/0x90 [ 428.243847][T14587] ? preempt_schedule_common+0x44/0xc0 [ 428.250387][T14587] ? preempt_schedule_thunk+0x16/0x30 [ 428.256806][T14587] check_panic_on_warn+0xab/0xb0 [ 428.262704][T14587] end_report+0x107/0x170 [ 428.267877][T14587] kasan_report+0xee/0x110 [ 428.273144][T14587] ? dvb_device_put.part.0+0x22/0x90 [ 428.279461][T14587] kasan_check_range+0x100/0x1b0 [ 428.285352][T14587] dvb_device_put.part.0+0x22/0x90 [ 428.291455][T14587] dvb_device_open+0x2a4/0x3b0 [ 428.297142][T14587] ? __pfx_dvb_device_open+0x10/0x10 [ 428.303460][T14587] chrdev_open+0x234/0x6a0 [ 428.308725][T14587] ? __pfx_apparmor_file_open+0x10/0x10 [ 428.315344][T14587] ? __pfx_chrdev_open+0x10/0x10 [ 428.321340][T14587] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 428.328897][T14587] do_dentry_open+0x982/0x1530 [ 428.334598][T14587] ? __pfx_chrdev_open+0x10/0x10 [ 428.340489][T14587] vfs_open+0x82/0x3f0 [ 428.345340][T14587] path_openat+0x1de4/0x2cb0 [ 428.350814][T14587] ? __pfx_path_openat+0x10/0x10 [ 428.356722][T14587] do_filp_open+0x20b/0x470 [ 428.362098][T14587] ? __pfx_do_filp_open+0x10/0x10 [ 428.368104][T14587] ? alloc_fd+0x471/0x7d0 [ 428.373371][T14587] do_sys_openat2+0x11b/0x1d0 [ 428.378951][T14587] ? __pfx_do_sys_openat2+0x10/0x10 [ 428.385166][T14587] __x64_sys_openat+0x174/0x210 [ 428.390951][T14587] ? __pfx___x64_sys_openat+0x10/0x10 [ 428.397362][T14587] do_syscall_64+0xcd/0x4c0 [ 428.402736][T14587] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 428.409771][T14587] RIP: 0033:0x7fdf3a98eba9 [ 428.415031][T14587] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 428.438547][T14587] RSP: 002b:00007fdf3b8e0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 428.448609][T14587] RAX: ffffffffffffffda RBX: 00007fdf3abd5fa0 RCX: 00007fdf3a98eba9 [ 428.458138][T14587] RDX: 0000000000000001 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 428.467675][T14587] RBP: 00007fdf3aa11e19 R08: 0000000000000000 R09: 0000000000000000 [ 428.477208][T14587] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 428.486735][T14587] R13: 00007fdf3abd6038 R14: 00007fdf3abd5fa0 R15: 00007ffc24915c58 [ 428.496278][T14587] [ 428.499936][T14587] Kernel Offset: disabled [ 428.505098][T14587] Rebooting in 86400 seconds..