last executing test programs: 8.9473642s ago: executing program 1 (id=1671): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) (async) socket(0x28, 0x80000, 0x0) (async) ioctl$auto_BLKFLSBUF(r0, 0x1261, 0x0) mbind$auto(0xf000, 0x8000000000000001, 0x100000000, 0x0, 0x6, 0x2) remap_file_pages$auto(0x80000001, 0x5, 0x2e7, 0xf, 0x4) (async) r1 = openat$auto_cpu_latency_qos_fops_qos(0xffffffffffffff9c, &(0x7f0000002640), 0x241, 0x0) pwritev$auto(r1, &(0x7f0000002980)={&(0x7f0000002900)="dcf510a2ee", 0x4}, 0x9, 0x6, 0xfffffffffffffffd) (async) socket(0x2b, 0x1, 0x0) (async) futex$auto(0x0, 0x6, 0x8, 0x0, 0x0, 0x8000fff5) listen$auto(0x3, 0x81) (async) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) cachestat$auto(0xffffffffffffffff, 0x0, 0x0, 0x0) (async) unshare$auto(0x40000080) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x0) r2 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video50\x00', 0x0, 0x0) ioctl$auto(r2, 0xc0945662, r2) 7.811278056s ago: executing program 1 (id=1674): bpf$auto(0x0, &(0x7f0000000100)=@task_fd_query={0xe, 0x4, 0x4, 0x10001, 0x8, 0xc, 0xffffffffffffffff, 0x9, 0x7ff}, 0xee) openat$auto_generic(0xffffffffffffff9c, 0x0, 0x301483, 0x0) close_range$auto(0x2, 0x8, 0x0) unshare$auto(0x40000080) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) socket(0x2b, 0x5, 0xfffffffd) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) fcntl$auto_F_NOTIFY(0xffffffffffffffff, 0x402, 0x9000) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000140), 0x8f00, 0x0) ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0) mremap$auto(0xfffffffffffffe01, 0x40000000100005, 0x843, 0x3, 0x2) r4 = fsopen$auto(0x0, 0x1) prctl$auto(0x38, 0x3, r0, 0x0, 0x3) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) shutdown$auto(0x200000003, 0x2) madvise$auto(0x0, 0x2003f2, 0x15) r5 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ethtool(0x0, r2) setsockopt$auto(r5, 0x100, 0x5, &(0x7f0000000040)='#)@$$:]+)]\x00', 0x8001) r6 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup.cpu/memory.limit_in_bytes\x00', 0x182b02, 0x0) r7 = syz_genetlink_get_family_id$auto_nfc(&(0x7f00000001c0), r5) sendmsg$auto_NFC_CMD_GET_DEVICE(r4, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x1c, r7, 0x400, 0x70bd26, 0x25dfdbfe, {}, [@NFC_ATTR_SE_INDEX={0x8, 0x15, 0x3}]}, 0x1c}, 0x1, 0x0, 0x0, 0x41}, 0x4000000) sendfile$auto(r6, r6, 0x0, 0x3) unshare$auto(0x2000000000000003) 6.446153825s ago: executing program 3 (id=1681): waitid$auto_P_PID(0x1, 0x0, &(0x7f0000000340)={@siginfo_0_0={0xbb, 0x68cf, 0xf8e3, @_sigsys={&(0x7f00000002c0)="8920659ffa3787bb38d89ae630fda9a8de5335cbfc8bfb63ef4e3f3d594071e81e8c4c1eab2ad2b440aa3ff17402237cfb7e65f81334b7254f555c4d2057ba4ff8fbdce0a6e1ba8274a0eadb4429b9e2badf1b4f0eba46f5a4a9d99d00ceaaaa273c91b15aa8b1952bc61b8d853e3fc8bc21931b67", 0x0, 0xd6e}}}, 0xd873, &(0x7f0000000200)={{0xff, 0x1000}, {0x174, 0x4}, 0x3ff, 0x1, 0x80, 0x2, 0x6, 0xa, 0x1, 0xe97, 0x872, 0x1, 0x30c0000000000, 0x2, 0x5, 0x13ffffffffff}) mmap$auto(0x0, 0x400008, 0xdf, 0x100000009b72, 0x2, 0x8000) r0 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000180), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_TIPC_NL_LINK_GET(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000051c0)={&(0x7f0000000f40)=ANY=[@ANYBLOB="14010000", @ANYRES16=r0, @ANYBLOB="010326bd7000fedbdf2508000000"], 0x14}, 0x1, 0x0, 0x0, 0x24000055}, 0x4) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) write$auto(r2, 0x0, 0xfffffdef) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/platform/vivid.0/media4/model\x00', 0xa8000, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r3, &(0x7f0000000040)=""/194, 0xc2) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, 0x0) r5 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/net/ipv4/neigh/vlan1/base_reachable_time\x00', 0x40400, 0x0) read$auto(r5, 0x0, 0x1ff) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0xa140, 0x0) r6 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x8002, 0x0) writev$auto(r6, &(0x7f0000000200)={0x0, 0x7}, 0x3) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup.net/devices.deny\x00', 0x8ea182, 0x0) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x11, 0x3, 0x9) openat$auto_safesetid_gid_file_fops_securityfs(0xffffffffffffff9c, &(0x7f0000000000), 0x8202, 0x0) waitid$auto_P_PGID(0x2, 0x0, 0x0, 0x4, &(0x7f0000000140)={{0x5, 0x6}, {0x0, 0xa}, 0x7607, 0x2, 0x0, 0x6, 0x3, 0x9, 0x3ff, 0x401, 0x24f0, 0x4, 0x6, 0x5, 0x4, 0x1ff}) writev$auto(0x3, &(0x7f0000000100)={&(0x7f0000000340), 0x7111}, 0x8) 4.357538295s ago: executing program 1 (id=1694): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x402, 0x300000000000) keyctl$auto_KEYCTL_DH_COMPUTE(0x17, 0x7, 0x1, 0x401, 0x7cdf) r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv6/conf/virt_wifi0/router_solicitations\x00', 0x101202, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x401bf, 0x7352, 0x34, 0x400000000065f, 0x1ffde, 0x40007, 0x7f, 0x20000005, 0x9, 0x3, 0x6, 0x400000004, 0xb4, 0x4, 0x6, 0x2, 0x4, 0xfff, 0xfffffff7, 0x7, 0x1fff, 0x203, 0x838b, 0x84, 0x2, 0x8, 0x5, 0x0, 0x0, [0x0, 0x0, 0x0, 0x40000000000, 0x1, 0xffffffffffffffff, 0x2, 0x1, 0x400, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x81, 0x9e, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x251, 0x3, 0x0, 0x0, 0x8, 0x0, 0xfffffffffffff7cc, 0x0, 0x400000000000002, 0x1, 0x0, 0x1, 0x0, 0x9, 0x8, 0x2000]}, 0x1fe, 0x8) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) r1 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r1, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x4008) mmap$auto(0x0, 0x20009, 0x4000000002df, 0x15, r0, 0x8000) clone$auto(0x23918fa0, 0x9ec7, 0xfffffffffffffffd, 0xfffffffffffffffc, 0x3e478395) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r2 = syz_genetlink_get_family_id$auto_tcp_metrics(&(0x7f0000000ac0), 0xffffffffffffffff) io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x2, 0x0) recvfrom$auto(0xffffffffffffffff, 0x0, 0xde, 0x8, 0x0, 0x0) sendmsg$auto_TCP_METRICS_CMD_GET(r3, &(0x7f0000000c00)={0x0, 0x0, &(0x7f0000000bc0)={&(0x7f0000000040)={0x14, r2, 0x89c1beb01534ff9b, 0x70bd29, 0x25dfd3f9}, 0x14}, 0x1, 0x0, 0x0, 0x4}, 0x0) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) 4.065531136s ago: executing program 1 (id=1687): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) r0 = socket(0x11, 0x3, 0x9) capset$auto(0x0, &(0x7f0000000000)={0x1, 0x6, 0x48}) sendmmsg$auto(r0, &(0x7f00000006c0)={{&(0x7f0000000000), 0x5ac, &(0x7f00000000c0)={&(0x7f0000000080)="4c0300006bba861b000004000000a324578958970716", 0x49}, 0x2, &(0x7f0000000700), 0x5, 0x1}, 0x5}, 0x2, 0x100) r1 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/rcu_normal\x00', 0x10b142, 0x0) write$auto(0x3, 0x0, 0x5c8) r2 = openat$auto_tracing_entries_fops_trace(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/tracing/per_cpu/cpu1/buffer_size_kb\x00', 0x300, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000980), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_CABLE_TEST_ACT(r3, &(0x7f0000000ac0)={0x0, 0x0, &(0x7f0000000a80)={&(0x7f0000000a40)=ANY=[@ANYBLOB="14898a41", @ANYRES16=r4, @ANYBLOB="01002dbd7000ffdbdf251a000000"], 0x14}}, 0x40000) read$auto_tracing_entries_fops_trace(r2, 0x0, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) unshare$auto(0x40000080) mq_timedreceive$auto(r1, 0x0, 0x10000000000000, 0x0, 0x0) 3.900945436s ago: executing program 2 (id=1689): setresuid$auto(0xee01, 0x0, 0x607) syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), 0xffffffffffffffff) sysfs$auto(0xffffff70, 0x1, 0x0) r0 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x20009, 0x10000000000df, 0xeb2, 0x8000000401, 0x8000) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000300)='/sys/fs/ocfs2/cluster_stack\x00', 0x88282, 0x0) close_range$auto(0x2, 0x8, 0x0) pidfd_send_signal$auto(r0, 0x1, &(0x7f0000000100)={@_si_pad}, 0x6) socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x2, 0x15) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) madvise$auto(0x0, 0xffffffffffff0001, 0x12) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1000"], 0x1ac}, 0x1, 0x0, 0x0, 0x22004840}, 0x4001) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0x5}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x800008000) bpf$auto(0xfffffffe, &(0x7f00000001c0)=@query={@target_fd, 0x8, 0x3, 0x6, 0xff, @count=0xe35c, 0x0, 0x5, 0x6, 0x6, 0xffffffff}, 0x6f2) sendmsg$auto_ETHTOOL_MSG_EEE_SET(0xffffffffffffffff, &(0x7f0000001700)={0x0, 0x0, &(0x7f00000016c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="d4000000", @ANYRES16=0x0, @ANYBLOB="100027bd7000fbdbdf2518000000200001800247eea41fac000014000200766574683100000000000000000000000800070063fbffff0500060001000000840002803d00488013b37090badc49d6dc93876646d25a4d297d01cd3b7da38d12889cc50d505f353dc42d0a3c0a14c7b46428910708003600", @ANYRES32=0x0, @ANYBLOB="0400b3800000003d003b800400a4800c009a00008000000000000004008680c16ab1b1b39dcaa14b6af7dcc011b43cf706e562811c62b28a702b72e0a87126700294f2350000000c000180080003"], 0xd4}, 0x1, 0x0, 0x0, 0x20000010}, 0x20008000) sendmsg$auto_OVS_DP_CMD_DEL(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000540)=ANY=[@ANYBLOB="140000085df7b14b707c66bf730dd070a2fcba493890fa98b310bacf169f1b02ed89be5e2a0588fb296bf72a7badb09e3207e83d4a01214f1b2b0250b110abaae642356a63be37ceceb3e950fb27919850a225178458df3625328bc6894f4008a51f8aa2", @ANYRES32=r2, @ANYRESOCT=r1], 0x14}, 0x1, 0x0, 0x0, 0x8054}, 0x4049090) sysfs$auto(0x2, 0x23, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22040, 0x75) r3 = socket(0x10, 0x2, 0x4) sendmsg$auto_NL80211_CMD_GET_REG(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="12"], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) io_uring_setup$auto(0x1, 0x0) mmap$auto(0x0, 0x672e, 0x10df, 0xeb1, r0, 0x3) futex$auto(0x0, 0x6, 0x8, 0x0, 0x0, 0x80000001) close_range$auto(0x2, 0x8, 0x0) 3.699839479s ago: executing program 3 (id=1690): madvise$auto(0x0, 0xfffffffffffefffd, 0x17) socket(0x2, 0x3, 0xa) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x9, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) r0 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000140)='/dev/snd/controlC2\x00', 0x80, 0x0) ioctl$auto(r0, 0x6, r0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x62, 0x0) mmap$auto(0x0, 0xe983, 0x6, 0xeb1, 0xffffffffffffffff, 0x8000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x3b1c41, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000840)='/dev/ttyS1\x00', 0x20000, 0x0) ioctl$auto_TCSBRK2(r1, 0x5409, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) r3 = ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$auto_KVM_GET_MSRS(r3, 0x4068aea3, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) sendmsg$auto_TIPC_NL_NET_SET(0xffffffffffffffff, &(0x7f00000079c0)={0x0, 0x0, &(0x7f0000007980)={&(0x7f0000000180)=ANY=[@ANYBLOB="1c000000f4631104cf7613538c899adb1c2a4cbae37647a7c7d294d8544a4a21ed5eb9f1509acd8afa3f69584964c76e81713971c54374af351bf4e188a5e7790a0018fc0baed3fec514a1736063ec6b30a5189db72237907f0f4507000000ecb210d4d2dfb96c6b8f7cddde10636c02f71d16275a7781361e2e7f1d4e20b83363ad403d29c490193ee6caa03bf391ff5ffadca7734c5e74a96efc8d2f07b03522f14cedd9f9d79491579cb6dd752e260890d7e28f3e68247c724cc924fb85e00fb939caf1ec1c22c9db80a8aa308930e5e47f23981b482ba02fa8", @ANYRES16=0x0, @ANYBLOB="00e7ffffff0200000000"], 0x1c}, 0x1, 0x0, 0x0, 0x40010}, 0x2) write$auto(0xca, &(0x7f0000000000)='\x04>\x01\x01\x00\x00\x00\x01\x00\xb6', 0x7f) timer_create$auto(0x803, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_tracing_saved_tgids_fops_trace(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/debug/tracing/saved_tgids\x00', 0x109100, 0x0) r4 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttynull\x00', 0x201, 0x0) preadv2$auto(r4, &(0x7f00000000c0)={0x0, 0x80000000009}, 0x6, 0xffffffffffffffff, 0x4, 0x200) move_pages$auto(0x1, 0xf54, 0x0, 0x0, 0x0, 0x8000000000000000) unshare$auto(0xf29) r5 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptyz7\x00', 0x48f41, 0x0) ioctl$auto(0x3, 0x402c542d, r5) write$auto(0x3, 0x0, 0xfffffdef) 3.521998527s ago: executing program 0 (id=1691): r0 = socket(0x11, 0xa, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'vxcan1\x00', 0x0}) r2 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x20005, 0xa, 0x200eb1, 0x401, 0x8000) r3 = pidfd_open$auto(0x1, 0x0) setns(r3, 0x0) ioctl$auto_BINDER_THREAD_EXIT(r3, 0x40046208, &(0x7f00000000c0)) close_range$auto(r3, r3, 0xe) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x163340, 0x16e) socket(0x2, 0x80802, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x11}}, 0x54) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7fffffe) open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154) execve$auto(&(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000100)=&(0x7f0000000300)='#\xdc\xfe\xd8E\xc8\x8bu4\xd9n\xcb\xca\xc7zw \x96\x9ejh\xad\x9eEc\xae\x1e\x89\x92\x9a\xbbP[B\xae\x9cf)\x15\xac\x90)l\x06\xf0\t\x12\x05zz\xa6\xb3\xce=\x00\x00\x00\xf20/\xc4T\x1f\xe5P\xff\xb4\xb7s0\x02\xc5\x81\x93\xc6\xc8\xb6Sp\x1a{8\xfc\xe0,X\xc7BU\xd0\x97\x7f1\x16\x99\x04\xabu/a0\x02\x7f\xbb\xbd\x906\xa8\xce\xee\xcd\xd7\t\x00\xfb\x83\xc8\x8aO\xe9\xbe=\xf7\xf4\x84,\x06\xd3j\x99b\xe6\xf6Y3A\xbb\xa4\xb2\f\x1b\xc3\x8a,g\xc6\xe8[\xdf\x88\x01\x9f7\xb5\x19m\xd8\xc0\f-6\xfe\xa8\xed/u\x81_G\xfeR\xbb\x12|\x97\xabB4J\xed+-\xf8u0/n\xcf\x8b\x95\x9d\xab\xa8\xc47\xa6\x0e\xdeOq\\\xc3\'{\b\xd3m\x94\xc2\xdd{\xeaO\x0e\xe4\xe0\xb9N:\xd60\x17,\x06\xc7B#Y0\x99\xeb\x02\xfe\xd3k\xd5\xdcZ\xdcP\x8e+\xd8\xc7C\xcb\x15\x13c\xbf\xe8\xbd\"\x8f3\"\x14\xf8(\xda\x19\xcd\xec\x03.\xd9^\xc3A\xda\r[\x1a\xda\\#/\xd4\xaf\xd0\xe8\xa2\xdd\xc5{\xfa\xe0\x90\x8f\x99lQ\xec\x84h^\x11+\x93\b\xe0c\xe6\xd22\xf9\xa5\x94\xd0\xf5\xe7\xca\x00\x00\x00\x00\x00\x00\x00\x00\x00') rename$auto(&(0x7f0000000000)='./file0\x00', &(0x7f00000002c0)='./file1\x00') io_uring_register$auto(0x2, 0x0, &(0x7f0000000000), 0x3) io_uring_register$auto(0x2, 0x1e, &(0x7f0000000180), 0x1) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_debug_messages\x00', 0xa0862, 0x0) write$auto(r4, &(0x7f00000001c0)='1\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/platform/dummy_hcd.3/usb4/power/runtime_status\x00', 0x0, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r5, &(0x7f00000008c0)=""/61, 0x3d) sendmsg$auto_NL80211_CMD_CHANNEL_SWITCH(r2, &(0x7f0000000980)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000940)={&(0x7f00000009c0)=ANY=[@ANYBLOB='L\a\x00\x00', @ANYRES16, @ANYBLOB="02002dbd7000fbdbdf2566000000a500cd009d91b121a60e1fa073ac892d09aa1d969c9e9a92cd066dab26a10491c74722749710114680b7a1df959c704568894558e58cf31dc95431a62306f8ef1edc69d32c2318d8d53bae1ecf4e732bf16bd477b7a68e2e1c4c8b04bc6ee659b02ba829fd8d633c47c35a465a02cf77a1da131abb5cd84404e659670ac30571985322e84454339da3d5bf6909e212d159021b65507bff5a7a7c8e77b954609304d9dd4bbd0000009006b200bca6e97ad9fd738b22f59aca4a5d8ebec82959ef292da386ec5dd4b151614772e277ae35e6770f4c582852f27e391e52b2584015513d598837d53d9d1c0417a6ea75e36b6ed6d672fc412e792c1d41490e55a34b6e0c8aef6cd7b982afb5300ec5c1c1c8cc141b0a5ca1ed1b4532d5f76bc6373078d37da9d8b833ae926a94bfffe4c8db5df0b7a5cb1c21e54f8856315c3fbc4991673229e53b4b63ec0d73728f0cbcbf075a85097a26ad830141b79b8fa269069ba6e0903ff4645b7d6330cf63fe2ec70700d1fb795f7924cfc235de3c107f7d267bd738154685a6193d9355d6151b7031c496d4b475e8a0a0689d56a35cd444bf69c2cd96879e2cf0654470eb6baf673a99a0f3ac7a0cb749310092fe1a6e5f0570073eddda7c6df09b8038f5e6003e31297087bf061940b96e348ba212e57478c536a56e0a4f59bc2a2b9c8fbf5d90f894b366aec4d4c6057daaf6cf72e4b2e93438e3e2f3f22553788c5b6388b61222d8ffad9895641f0777cfca3f72c89c94c55853d78ab5a1ac50f430990957bc28fc7ee06b82c5cbfa7b0ef86c4c528bdbc59fbfbb63603afda646aefb25ce91c5702613ab1c18e8e5cab8a3ef75412b502e3d072525d08030f50d3cd1befb239a2c48549220e12b4819cf72b0b83d7c2eda873161eb0e57716890f50f2974680c8ba5f9dc70a1ca7aac56e7076bd4bcc408644efa4ae4b65cce04394c9a98c3f7cc4ebedc4e876da41688c5b094e17a7425b5bb787b6a01dfd1c55f93e2c29d8010b7547aa4775b94cd910f3a198ac29bb61f81534a028bfcfb5799925411b5dbf3a4bd1579d73d6eb4e33f76942a87206e64cad64ba1e5f0ef52616ad5e070ba8ca33f056eb6679cb9ecbdb05dc05ad87dbe3c83e1375485bd78e040c65feb0a6d47b6804ee9b242eda8af13a411b17b297c33dbcaa3a689d91fa9f98284b6b6a820e2cf1222f96e50b8c062b2389b00e9dc8d583ef055049e703c9d4f5f93ea649fc79e56339641f1beda50edc958c487478d8667184df17f4947462d6215346188199cf5aa0d3b3944ede5c6cf40842d71f48132a1fe0a37f5e74e3a94b9f7106c505c6ebc73c3188e0c94d2a412e9a55050ff93ea170f0e1d236c9124216fd980321ea94ace000d99cc6064dd3cfdfa348616b082b46c144bb78b11519f09215c38bee6a0d8a0186b885d2828c62ac4934426b3cf7b9a42f9a2a93961c10ebf9a55301bbc8c51a0578dfb0ac88debc744ed710500b4810b19f22db79b9e3555eaafd7041a2d3b85fba909b14d1ff124ae0124b5da8bc4286121744a4980bbca82395e07663365e66a173eade8337b8a6f255f7a08f16b5203a1f59a951a8ff30f2f06e49a54debab193159dfdf8284f84a63e6d2072090a8d539fa940a0e27a29f3de7a98b257493c7144c50ecd98fa2c8395aaee175a8ec51fb385868ba4e5686e9bc8e19c23d8c9bb57754e40d60ff891752deeec69d0545fcb8ff53e3e32f9e371e1be3330df81cddca90d52fbf60be21d2c00bc369002a8f6d5cde9c8a2f310f6b87afd60c2fb532360ce15a86d6f5782a39dfca7a552b723f5eb209379826f92ad2074912207a9368ab3d6e6c37a13d09b1c9b5e16ffea6fbea8499da21bbe91e9619582121a530bb77a375454d63ef9da8f1628921f8dfd1b66291295e2c47afcf34940a867d8b59fd16aee1f955984ffed5722b848d4ed1e1ea3c01eca749415e1a5aa580fb4feb6f56e984d2f92103e391f11569af15a75880766700605f5281f625fb1b9a1f7b15abbc95eae04be8121218c77f235f4c97bc476b8dcfc95b7a45c68124f27d2eb2086758073c0ad8c1de53b9415670ab70839a575d797e7a9c330dd28aba54d94e8bac685c0804a892eafb37927c7fb3fbf42b48310a7d8c83a3cf67b7de86fc51552173a97754398b6853556aa498db81ac62614bdccc63e16601535b1e689c707d5c5e4c981037cc53082ae46743b5aab22af67f698bd1b691ca8f8e35f4f4cfba643d229326f149dcea9cecaa6655c578358b18c95249ab3302e941b7cb625e191eda6d908784a778d8b394b10111760df298875c574408c3ef77a4543dfb5ab096a040c3b7a95ca62b0c34a3d6c9a542ac483fc07962a6b75a50cffa4a2a7957a2c15712bbad0b4e48bc1d22eeb403115864c980c0c24b48708f68e31e2dcfcf64ee6de3c779da910af6cb444c26706b07984b07aa547e0fb9fec282b0407af30882a1c1604081bcc3a6b7b4b4e8d34ca34ef799efbe23b86f9efeb6b8c090c573de107a652c6e095cabb9a316df550b93880a8333d2435da5efe1101bedbf9f1d51fa633f9b52b803169957d767f064608bfc73a63c2b0f510037c231d48ada619bb4913aa7d9a7e0ab2ed06d6c0cd233eedf05729af269e50f078ea16aebf3acf9f76e34969af732cc0380dcabefb5c441cf3eeaea89477a3fc32ddef312351af7fb44f637a4fbea1b91414b7d07b011de617e93858a5ecf57de15f817f1062860514257ba5362f060f22fa4b1936404dd423f049511737e53344d7c761c4a54c689983733b1444ccd7e35c6daf9e1ea4fde12519e6820efb62e0fb51cc94dfdfff985f5e6eeedcc83c3c6d86ab1c776c1b3d869805e6c10d7418cd9815616b3787e841"], 0x74c}, 0x1, 0x0, 0x0, 0x40000}, 0x804) bpf$auto(0x0, &(0x7f0000000100)=@query={@target_ifindex=r1, 0x0, 0x8, 0x9, 0x20000000000000, @count=0x2, 0x0, 0x3, 0x5a3522aa, 0xffffffff, 0x9}, 0x6f1) 3.079883055s ago: executing program 1 (id=1692): r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x80102, 0x0) ioctl$auto_SNDRV_RAWMIDI_IOCTL_USER_PVERSION(r0, 0x40045702, &(0x7f0000000040)=0x7fffffff) ioctl$auto_SNDRV_RAWMIDI_IOCTL_PARAMS(r0, 0xc0305710, &(0x7f00000000c0)={0x1, 0x90e, 0x5, 0x1, 0x80000001, "00000000000000007c000018"}) 2.71822963s ago: executing program 0 (id=1693): socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) r0 = openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f0000000180), 0x1541, 0x0) fremovexattr$auto(r0, &(0x7f0000000380)='system.posix_acl_access\x00') connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) poll$auto(&(0x7f0000000040)={0x3, 0x1, 0xa}, 0x5, 0x108) 2.66853657s ago: executing program 1 (id=1695): mmap$auto(0x0, 0xe983, 0x1, 0x13, 0xffffffffffffffff, 0x7fff) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) futex$auto(0x0, 0x6, 0x47, 0x0, 0x0, 0x0) clone$auto(0x4, 0x23, 0xfffffffffffffffc, 0xfffffffffffffffd, 0x9) r0 = socket(0x1d, 0x2, 0x7) getsockopt$auto(r0, 0x6b, 0x3, 0xfffffffffffffffe, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000180)='/dev/snd/midiC2D1\x00', 0x2841, 0x0) ioctl$auto_SNDRV_RAWMIDI_IOCTL_PARAMS(r1, 0xc0305710, 0x0) io_uring_setup$auto(0x1d48, 0x0) mmap$auto(0x400000000, 0x10000000, 0xdf, 0x9b74, 0x2, 0x8000) write$auto(0x3, 0x0, 0x7fffffff) prctl$auto_PR_SCHED_CORE_GET(0x9, 0x0, 0x0, 0x800000004000008, 0x6) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/block/loop14/queue/dma_alignment\x00', 0x80000, 0x0) read$auto(r2, 0x0, 0x20) r3 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r3, &(0x7f0000000200)={0x0, 0x7}, 0x3) openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x1000, 0x0) mmap$auto_tracing_buffers_fops_trace(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x110, 0xffffffffffffffff, 0x4040) unshare$auto(0x40000080) mmap$auto(0x0, 0x1d6, 0xdf, 0x9b70, 0xffffffffffffffff, 0x0) write$auto(0x1, 0x0, 0x80000000) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) madvise$auto(0x0, 0x2003f0, 0x15) mmap$auto(0x3, 0x400008, 0xdf, 0x13, 0x2, 0x8000) rename$auto(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00') madvise$auto(0x0, 0x0, 0x15) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) syz_genetlink_get_family_id$auto_macsec(&(0x7f00000001c0), 0xffffffffffffffff) 2.557848158s ago: executing program 2 (id=1696): mmap$auto(0x0, 0x400009, 0xc, 0x9b72, 0x8000000000000003, 0x8000) rseq$auto(0x0, 0x8000, 0x0, 0x6) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) r0 = openat$auto_proc_clear_refs_operations_internal(0xffffffffffffff9c, &(0x7f0000000600)='/proc/thread-self/clear_refs\x00', 0x2, 0x0) r1 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200", @ANYBLOB=']'], 0x1ac}}, 0x40000) recvmmsg$auto(r1, &(0x7f0000000140)={{0x0, 0x3, &(0x7f0000000080)={0x0, 0x400}, 0x5, 0x0, 0x2000000200002, 0x8}, 0x803}, 0xfffffff9, 0x10, 0x0) write$auto_proc_clear_refs_operations_internal(r0, 0x0, 0xffffff4b) r2 = openat$auto_proc_mem_operations_base(0xffffffffffffff9c, 0x0, 0x401, 0x0) write$auto_proc_mem_operations_base(r2, 0x0, 0x0) r3 = openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/pagemap\x00', 0x80800, 0x0) read$auto(r3, 0x0, 0x39b8) (fail_nth: 1) 2.412548592s ago: executing program 3 (id=1697): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x402, 0x300000000000) keyctl$auto_KEYCTL_DH_COMPUTE(0x17, 0x7, 0x1, 0x401, 0x7cdf) r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv6/conf/virt_wifi0/router_solicitations\x00', 0x101202, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x401bf, 0x7352, 0x34, 0x400000000065f, 0x1ffde, 0x40007, 0x7f, 0x20000005, 0x9, 0x3, 0x6, 0x400000004, 0xb4, 0x4, 0x6, 0x2, 0x4, 0xfff, 0xfffffff7, 0x7, 0x1fff, 0x203, 0x838b, 0x84, 0x2, 0x8, 0x5, 0x0, 0x0, [0x0, 0x0, 0x0, 0x40000000000, 0x1, 0xffffffffffffffff, 0x2, 0x1, 0x400, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x81, 0x9e, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x251, 0x3, 0x0, 0x0, 0x8, 0x0, 0xfffffffffffff7cc, 0x0, 0x400000000000002, 0x1, 0x0, 0x1, 0x0, 0x9, 0x8, 0x2000]}, 0x1fe, 0x8) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) r1 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r1, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x4008) mmap$auto(0x0, 0x20009, 0x4000000002df, 0x15, r0, 0x8000) clone$auto(0x23918fa0, 0x9ec7, 0xfffffffffffffffd, 0xfffffffffffffffc, 0x3e478395) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r2 = syz_genetlink_get_family_id$auto_tcp_metrics(&(0x7f0000000ac0), 0xffffffffffffffff) io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x2, 0x0) recvfrom$auto(0xffffffffffffffff, 0x0, 0xde, 0x8, 0x0, 0x0) sendmsg$auto_TCP_METRICS_CMD_GET(r3, &(0x7f0000000c00)={0x0, 0x0, &(0x7f0000000bc0)={&(0x7f0000000040)={0x14, r2, 0x89c1beb01534ff9b, 0x70bd29, 0x25dfd3f9}, 0x14}, 0x1, 0x0, 0x0, 0x4}, 0x0) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) 2.27929933s ago: executing program 0 (id=1698): mmap$auto(0x0, 0x400009, 0xc, 0x9b72, 0x8000000000000003, 0x8000) rseq$auto(0x0, 0x8000, 0x0, 0x6) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) r0 = openat$auto_proc_clear_refs_operations_internal(0xffffffffffffff9c, &(0x7f0000000600)='/proc/thread-self/clear_refs\x00', 0x2, 0x0) r1 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200", @ANYBLOB=']'], 0x1ac}}, 0x40000) recvmmsg$auto(r1, &(0x7f0000000140)={{0x0, 0x3, &(0x7f0000000080)={0x0, 0x400}, 0x5, 0x0, 0x2000000200002, 0x8}, 0x803}, 0xfffffff9, 0x10, 0x0) write$auto_proc_clear_refs_operations_internal(r0, 0x0, 0xffffff4b) r2 = openat$auto_proc_mem_operations_base(0xffffffffffffff9c, 0x0, 0x401, 0x0) fsconfig$auto_SHMEM_HUGE_DENY(r0, 0x0, &(0x7f0000000000)='/proc/thread-self/clear_refs\x00', &(0x7f0000000040), 0xffffffffffffffff) write$auto_proc_mem_operations_base(r2, 0x0, 0x0) r3 = openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/pagemap\x00', 0x80800, 0x0) read$auto(r3, 0x0, 0x39b8) 2.112562937s ago: executing program 3 (id=1699): r0 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/bus/usb/039/001\x00', 0xa901, 0x0) ioctl$auto_USBDEVFS_SUBMITURB(r0, 0x8038550a, &(0x7f0000000100)={0x2, 0x80, 0xffff, 0x5, &(0x7f0000000240), 0xc694, 0x3, 0x80005, @stream_id=0x7, 0x2004b, 0xc, 0x0}) r1 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000640)='/dev/snd/controlC0\x00', 0x80, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r2 = socket(0xa, 0x801, 0x106) r3 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/loop6\x00', 0x40203, 0x0) ioctl$auto_SG_GET_RESERVED_SIZE(r3, 0x4c05, 0xfffffffffffffffd) r4 = syz_genetlink_get_family_id$auto_ovs_vport(&(0x7f0000000080), r2) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) socket(0xa, 0x1, 0x84) io_uring_setup$auto(0x6, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) connect$auto(0x3, &(0x7f00000018c0)=@in={0x2, 0x300, @loopback=0xac14140a}, 0x55) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) setsockopt$auto(0x3, 0x1, 0x20, 0x0, 0x9) sendmsg$auto_OVS_VPORT_CMD_SET(r2, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB='l\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="10002dbd7000fddbdf25040000000b0003002b212d292f280000080001003ea275a4383606000900000000000000010000000000000005000000000000000100000000000000e604000000000000ed4a0000000000000100000400000000000000"], 0x6c}, 0x1, 0x0, 0x0, 0xe240af5c317cc3cf}, 0x20040040) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_WRITE(r1, 0xc4c85513, &(0x7f0000000700)={{@raw=0xb, 0x7f, 0x2, 0x406, "26cb83211ffd7f6567850e138dd717bfeb7ab5c5a4909ab7e79491c86f8c5d7d57cdda7ca056a2a31e5dfe27"}, 0x0, @integer64=@value_ptr=&(0x7f0000000000)=0x6815, "1cd4f43065c34bdcb5fa6160f24c5f3eb5328361438ff4cd82ad2e9771421debdad4d39a52fc70b9012aff448a8b4a75e7c5126dc19ba1ad1e6542790700000044b0d756001b66abab0c0fd3b4287befd247e5410bef4c186120b5bed4ab64ffeb4b7c5a69166021a8814332515a65fe9300"}) ioctl$auto_USBDEVFS_CONTROL(r0, 0xc0185500, &(0x7f0000000000)={0x80, 0x0, 0x2, 0x6, 0x2, 0x10001, &(0x7f0000000280)}) 1.503332505s ago: executing program 2 (id=1700): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x402, 0x300000000000) keyctl$auto_KEYCTL_DH_COMPUTE(0x17, 0x7, 0x1, 0x401, 0x7cdf) r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv6/conf/virt_wifi0/router_solicitations\x00', 0x101202, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x401bf, 0x7352, 0x34, 0x400000000065f, 0x1ffde, 0x40007, 0x7f, 0x20000005, 0x9, 0x3, 0x6, 0x400000004, 0xb4, 0x4, 0x6, 0x2, 0x4, 0xfff, 0xfffffff7, 0x7, 0x1fff, 0x203, 0x838b, 0x84, 0x2, 0x8, 0x5, 0x0, 0x0, [0x0, 0x0, 0x0, 0x40000000000, 0x1, 0xffffffffffffffff, 0x2, 0x1, 0x400, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x81, 0x9e, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x251, 0x3, 0x0, 0x0, 0x8, 0x0, 0xfffffffffffff7cc, 0x0, 0x400000000000002, 0x1, 0x0, 0x1, 0x0, 0x9, 0x8, 0x2000]}, 0x1fe, 0x8) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) r1 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r1, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x4008) mmap$auto(0x0, 0x20009, 0x4000000002df, 0x15, r0, 0x8000) clone$auto(0x23918fa0, 0x9ec7, 0xfffffffffffffffd, 0xfffffffffffffffc, 0x3e478395) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) syz_genetlink_get_family_id$auto_tcp_metrics(&(0x7f0000000ac0), 0xffffffffffffffff) io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x2, 0x0) recvfrom$auto(0xffffffffffffffff, 0x0, 0xde, 0x8, 0x0, 0x0) ioctl$auto_SNDCTL_DSP_SPEED(0xffffffffffffffff, 0xc0045002, 0x0) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) 1.49966775s ago: executing program 3 (id=1701): mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) r0 = socket(0x10, 0x2, 0x0) sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB="0700000000000000df250a"], 0x14}, 0x1, 0x0, 0x0, 0x20008000}, 0x10004010) syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1a00"], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x20000800) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) recvmmsg$auto(r0, &(0x7f0000000100)={{0x0, 0x4, &(0x7f0000000080)={&(0x7f0000000040), 0xcb}, 0x3, 0x0, 0x80000000, 0x6}, 0x9}, 0x7, 0x6, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB=' \x00\''], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="19"], 0x1ac}, 0x1, 0x0, 0x0, 0xa00}, 0x40000) 1.311329832s ago: executing program 0 (id=1702): r0 = socket(0x10, 0x2, 0x6) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) set_mempolicy$auto(0x1, 0x0, 0x1) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/platform/vhci_hcd.0/modalias\x00', 0x509480, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x1, 0x0) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000100)='/dev/input/event1\x00', 0x34d802, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000180), 0x109802, 0x0) close_range$auto(0x2, r1, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000080), 0x88000, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r2) ioctl$auto_KVM_GET_MSRS(r1, 0xc008ae88, &(0x7f0000000040)={0x7, 0x0, [{0x40000107, 0x2, 0x6}]}) socket(0x2, 0x5, 0x0) io_uring_setup$auto(0x2, 0x0) setsockopt$auto(0x3, 0x10000000084, 0x11, 0x0, 0x8) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/tty/ptyaf/uevent\x00', 0x19d282, 0x0) lseek$auto(0x3, 0x8, 0x0) r3 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv6/conf/veth1_to_batadv/dad_transmits\x00', 0x0, 0x0) socket(0x10, 0x3, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_ETHTOOL_MSG_STATS_GET(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000844}, 0x4) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYBLOB='-\x00', @ANYBLOB=']'], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) sendfile$auto(r0, r3, 0x0, 0x3) r4 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000540)='/dev/tty45\x00', 0x201, 0x0) ioctl$auto_TIOCSTI2(r4, 0x5412, &(0x7f0000000840)="13") 1.074006338s ago: executing program 2 (id=1703): r0 = socket(0x11, 0xa, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'vxcan1\x00', 0x0}) r2 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x20005, 0xa, 0x200eb1, 0x401, 0x8000) r3 = pidfd_open$auto(0x1, 0x0) setns(r3, 0x0) ioctl$auto_BINDER_THREAD_EXIT(r3, 0x40046208, &(0x7f00000000c0)) close_range$auto(r3, r3, 0xe) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x163340, 0x16e) socket(0x2, 0x80802, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x11}}, 0x54) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7fffffe) open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154) execve$auto(&(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000100)=&(0x7f0000000300)='#\xdc\xfe\xd8E\xc8\x8bu4\xd9n\xcb\xca\xc7zw \x96\x9ejh\xad\x9eEc\xae\x1e\x89\x92\x9a\xbbP[B\xae\x9cf)\x15\xac\x90)l\x06\xf0\t\x12\x05zz\xa6\xb3\xce=\x00\x00\x00\xf20/\xc4T\x1f\xe5P\xff\xb4\xb7s0\x02\xc5\x81\x93\xc6\xc8\xb6Sp\x1a{8\xfc\xe0,X\xc7BU\xd0\x97\x7f1\x16\x99\x04\xabu/a0\x02\x7f\xbb\xbd\x906\xa8\xce\xee\xcd\xd7\t\x00\xfb\x83\xc8\x8aO\xe9\xbe=\xf7\xf4\x84,\x06\xd3j\x99b\xe6\xf6Y3A\xbb\xa4\xb2\f\x1b\xc3\x8a,g\xc6\xe8[\xdf\x88\x01\x9f7\xb5\x19m\xd8\xc0\f-6\xfe\xa8\xed/u\x81_G\xfeR\xbb\x12|\x97\xabB4J\xed+-\xf8u0/n\xcf\x8b\x95\x9d\xab\xa8\xc47\xa6\x0e\xdeOq\\\xc3\'{\b\xd3m\x94\xc2\xdd{\xeaO\x0e\xe4\xe0\xb9N:\xd60\x17,\x06\xc7B#Y0\x99\xeb\x02\xfe\xd3k\xd5\xdcZ\xdcP\x8e+\xd8\xc7C\xcb\x15\x13c\xbf\xe8\xbd\"\x8f3\"\x14\xf8(\xda\x19\xcd\xec\x03.\xd9^\xc3A\xda\r[\x1a\xda\\#/\xd4\xaf\xd0\xe8\xa2\xdd\xc5{\xfa\xe0\x90\x8f\x99lQ\xec\x84h^\x11+\x93\b\xe0c\xe6\xd22\xf9\xa5\x94\xd0\xf5\xe7\xca\x00\x00\x00\x00\x00\x00\x00\x00\x00') rename$auto(&(0x7f0000000000)='./file0\x00', &(0x7f00000002c0)='./file1\x00') io_uring_register$auto(0x2, 0x0, &(0x7f0000000000), 0x3) io_uring_register$auto(0x2, 0x1e, &(0x7f0000000180), 0x1) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_debug_messages\x00', 0xa0862, 0x0) write$auto(r4, &(0x7f00000001c0)='1\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/platform/dummy_hcd.3/usb4/power/runtime_status\x00', 0x0, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r5, &(0x7f00000008c0)=""/61, 0x3d) sendmsg$auto_NL80211_CMD_CHANNEL_SWITCH(r2, &(0x7f0000000980)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000940)={&(0x7f00000009c0)=ANY=[@ANYBLOB='L\a\x00\x00', @ANYRES16, @ANYBLOB="02002dbd7000fbdbdf2566000000a500cd009d91b121a60e1fa073ac892d09aa1d969c9e9a92cd066dab26a10491c74722749710114680b7a1df959c704568894558e58cf31dc95431a62306f8ef1edc69d32c2318d8d53bae1ecf4e732bf16bd477b7a68e2e1c4c8b04bc6ee659b02ba829fd8d633c47c35a465a02cf77a1da131abb5cd84404e659670ac30571985322e84454339da3d5bf6909e212d159021b65507bff5a7a7c8e77b954609304d9dd4bbd0000009006b200bca6e97ad9fd738b22f59aca4a5d8ebec82959ef292da386ec5dd4b151614772e277ae35e6770f4c582852f27e391e52b2584015513d598837d53d9d1c0417a6ea75e36b6ed6d672fc412e792c1d41490e55a34b6e0c8aef6cd7b982afb5300ec5c1c1c8cc141b0a5ca1ed1b4532d5f76bc6373078d37da9d8b833ae926a94bfffe4c8db5df0b7a5cb1c21e54f8856315c3fbc4991673229e53b4b63ec0d73728f0cbcbf075a85097a26ad830141b79b8fa269069ba6e0903ff4645b7d6330cf63fe2ec70700d1fb795f7924cfc235de3c107f7d267bd738154685a6193d9355d6151b7031c496d4b475e8a0a0689d56a35cd444bf69c2cd96879e2cf0654470eb6baf673a99a0f3ac7a0cb749310092fe1a6e5f0570073eddda7c6df09b8038f5e6003e31297087bf061940b96e348ba212e57478c536a56e0a4f59bc2a2b9c8fbf5d90f894b366aec4d4c6057daaf6cf72e4b2e93438e3e2f3f22553788c5b6388b61222d8ffad9895641f0777cfca3f72c89c94c55853d78ab5a1ac50f430990957bc28fc7ee06b82c5cbfa7b0ef86c4c528bdbc59fbfbb63603afda646aefb25ce91c5702613ab1c18e8e5cab8a3ef75412b502e3d072525d08030f50d3cd1befb239a2c48549220e12b4819cf72b0b83d7c2eda873161eb0e57716890f50f2974680c8ba5f9dc70a1ca7aac56e7076bd4bcc408644efa4ae4b65cce04394c9a98c3f7cc4ebedc4e876da41688c5b094e17a7425b5bb787b6a01dfd1c55f93e2c29d8010b7547aa4775b94cd910f3a198ac29bb61f81534a028bfcfb5799925411b5dbf3a4bd1579d73d6eb4e33f76942a87206e64cad64ba1e5f0ef52616ad5e070ba8ca33f056eb6679cb9ecbdb05dc05ad87dbe3c83e1375485bd78e040c65feb0a6d47b6804ee9b242eda8af13a411b17b297c33dbcaa3a689d91fa9f98284b6b6a820e2cf1222f96e50b8c062b2389b00e9dc8d583ef055049e703c9d4f5f93ea649fc79e56339641f1beda50edc958c487478d8667184df17f4947462d6215346188199cf5aa0d3b3944ede5c6cf40842d71f48132a1fe0a37f5e74e3a94b9f7106c505c6ebc73c3188e0c94d2a412e9a55050ff93ea170f0e1d236c9124216fd980321ea94ace000d99cc6064dd3cfdfa348616b082b46c144bb78b11519f09215c38bee6a0d8a0186b885d2828c62ac4934426b3cf7b9a42f9a2a93961c10ebf9a55301bbc8c51a0578dfb0ac88debc744ed710500b4810b19f22db79b9e3555eaafd7041a2d3b85fba909b14d1ff124ae0124b5da8bc4286121744a4980bbca82395e07663365e66a173eade8337b8a6f255f7a08f16b5203a1f59a951a8ff30f2f06e49a54debab193159dfdf8284f84a63e6d2072090a8d539fa940a0e27a29f3de7a98b257493c7144c50ecd98fa2c8395aaee175a8ec51fb385868ba4e5686e9bc8e19c23d8c9bb57754e40d60ff891752deeec69d0545fcb8ff53e3e32f9e371e1be3330df81cddca90d52fbf60be21d2c00bc369002a8f6d5cde9c8a2f310f6b87afd60c2fb532360ce15a86d6f5782a39dfca7a552b723f5eb209379826f92ad2074912207a9368ab3d6e6c37a13d09b1c9b5e16ffea6fbea8499da21bbe91e9619582121a530bb77a375454d63ef9da8f1628921f8dfd1b66291295e2c47afcf34940a867d8b59fd16aee1f955984ffed5722b848d4ed1e1ea3c01eca749415e1a5aa580fb4feb6f56e984d2f92103e391f11569af15a75880766700605f5281f625fb1b9a1f7b15abbc95eae04be8121218c77f235f4c97bc476b8dcfc95b7a45c68124f27d2eb2086758073c0ad8c1de53b9415670ab70839a575d797e7a9c330dd28aba54d94e8bac685c0804a892eafb37927c7fb3fbf42b48310a7d8c83a3cf67b7de86fc51552173a97754398b6853556aa498db81ac62614bdccc63e16601535b1e689c707d5c5e4c981037cc53082ae46743b5aab22af67f698bd1b691ca8f8e35f4f4cfba643d229326f149dcea9cecaa6655c578358b18c95249ab3302e941b7cb625e191eda6d908784a778d8b394b10111760df298875c574408c3ef77a4543dfb5ab096a040c3b7a95ca62b0c34a3d6c9a542ac483fc07962a6b75a50cffa4a2a7957a2c15712bbad0b4e48bc1d22eeb403115864c980c0c24b48708f68e31e2dcfcf64ee6de3c779da910af6cb444c26706b07984b07aa547e0fb9fec282b0407af30882a1c1604081bcc3a6b7b4b4e8d34ca34ef799efbe23b86f9efeb6b8c090c573de107a652c6e095cabb9a316df550b93880a8333d2435da5efe1101bedbf9f1d51fa633f9b52b803169957d767f064608bfc73a63c2b0f510037c231d48ada619bb4913aa7d9a7e0ab2ed06d6c0cd233eedf05729af269e50f078ea16aebf3acf9f76e34969af732cc0380dcabefb5c441cf3eeaea89477a3fc32ddef312351af7fb44f637a4fbea1b91414b7d07b011de617e93858a5ecf57de15f817f1062860514257ba5362f060f22fa4b1936404dd423f049511737e53344d7c761c4a54c689983733b1444ccd7e35c6daf9e1ea4fde12519e6820efb62e0fb51cc94dfdfff985f5e6eeedcc83c3c6d86ab1c776c1b3d869805e6c10d7418cd9815616b3787e841"], 0x74c}, 0x1, 0x0, 0x0, 0x40000}, 0x804) bpf$auto(0x0, &(0x7f0000000100)=@query={@target_ifindex=r1, 0x0, 0x8, 0x9, 0x20000000000000, @count=0x2, 0x0, 0x3, 0x5a3522aa, 0xffffffff, 0x9}, 0x6f1) 1.073720649s ago: executing program 3 (id=1704): mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) socket(0xa, 0x3, 0x3b) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'vxcan1\x00', 0x0}) bpf$auto(0x0, &(0x7f0000000100)=@query={@target_ifindex=r0, 0x0, 0x8, 0x9, 0x0, @prog_cnt, 0x0, 0x3, 0x5a3522aa, 0xffffffff, 0x9}, 0x6f4) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x19) r2 = socket(0x10, 0x2, 0x0) sendmsg$auto_ETHTOOL_MSG_MM_SET(r1, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="1474a7f57e3ccbf8ffffffffffffffbf4e6e0c322546db9807d80a1804d86c832a44f2ad20baea31dbd064b0fde8f554e05e02d4a40100366661415017bc84df18abccfc8b67617ee23e0669b23d89378d046e1bf28df9a5d1837e28237eb740a0168aa693de3ec4ff53cb24106cd69f4e91e6806d5a39ee175dd6a35801f54b71a8267fc9b321f3c5adaef25a3bae2a2305d0272d363bb926f82696c7fa658d5d656d637e29f7ea8f2d5b106f218ffe96eb1c75c1c4fa225f37", @ANYRES16, @ANYBLOB], 0x1c}, 0x1, 0x0, 0x0, 0x4084}, 0x20000000) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) mmap$auto(0x0, 0x3, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) unshare$auto(0x40000080) syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f00000002c0), r2) mprotect$auto(0x1, 0x8, 0x100000001) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, 0x0, 0x40, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000001340), 0xffffffffffffffff) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r3, &(0x7f0000001400)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r4, @ANYBLOB="01002bbd7000fcdbdf2504"], 0x20}, 0x1, 0x0, 0x0, 0x24040000}, 0x18800) syz_genetlink_get_family_id$auto_l2tp(0x0, 0xffffffffffffffff) mmap$auto(0x0, 0x3, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) 1.009661535s ago: executing program 0 (id=1705): setresuid$auto(0xee01, 0x0, 0x607) syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), 0xffffffffffffffff) sysfs$auto(0xffffff70, 0x1, 0x0) r0 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x20009, 0x10000000000df, 0xeb2, 0x8000000401, 0x8000) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000300)='/sys/fs/ocfs2/cluster_stack\x00', 0x88282, 0x0) close_range$auto(0x2, 0x8, 0x0) pidfd_send_signal$auto(r0, 0x1, &(0x7f0000000100)={@_si_pad}, 0x6) socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x2, 0x15) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) madvise$auto(0x0, 0xffffffffffff0001, 0x12) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1000"], 0x1ac}, 0x1, 0x0, 0x0, 0x22004840}, 0x4001) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0x5}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x800008000) bpf$auto(0xfffffffe, &(0x7f00000001c0)=@query={@target_fd, 0x8, 0x3, 0x6, 0xff, @count=0xe35c, 0x0, 0x5, 0x6, 0x6, 0xffffffff}, 0x6f2) sendmsg$auto_ETHTOOL_MSG_EEE_SET(0xffffffffffffffff, &(0x7f0000001700)={0x0, 0x0, &(0x7f00000016c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="d4000000", @ANYRES16=0x0, @ANYBLOB="100027bd7000fbdbdf2518000000200001800247eea41fac000014000200766574683100000000000000000000000800070063fbffff0500060001000000840002803d00488013b37090badc49d6dc93876646d25a4d297d01cd3b7da38d12889cc50d505f353dc42d0a3c0a14c7b46428910708003600", @ANYRES32=0x0, @ANYBLOB="0400b3800000003d003b800400a4800c009a00008000000000000004008680c16ab1b1b39dcaa14b6af7dcc011b43cf706e562811c62b28a702b72e0a87126700294f2350000000c000180080003"], 0xd4}, 0x1, 0x0, 0x0, 0x20000010}, 0x20008000) sendmsg$auto_OVS_DP_CMD_DEL(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000540)=ANY=[@ANYBLOB="140000085df7b14b707c66bf730dd070a2fcba493890fa98b310bacf169f1b02ed89be5e2a0588fb296bf72a7badb09e3207e83d4a01214f1b2b0250b110abaae642356a63be37ceceb3e950fb27919850a225178458df3625328bc6894f4008a51f8aa2", @ANYRES32=r2, @ANYRESOCT=r1], 0x14}, 0x1, 0x0, 0x0, 0x8054}, 0x4049090) sysfs$auto(0x2, 0x23, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22040, 0x75) r3 = socket(0x10, 0x2, 0x4) sendmsg$auto_NL80211_CMD_GET_REG(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="12"], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) io_uring_setup$auto(0x1, 0x0) mmap$auto(0x0, 0x672e, 0x10df, 0xeb1, r0, 0x3) futex$auto(0x0, 0x6, 0x8, 0x0, 0x0, 0x80000001) close_range$auto(0x2, 0x8, 0x0) 426.110609ms ago: executing program 2 (id=1706): r0 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$auto_VHOST_SET_BACKEND_FEATURES(r0, 0x4008af25, &(0x7f0000000080)) r1 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/bus/usb/039/001\x00', 0xa901, 0x0) ioctl$auto_USBDEVFS_SUBMITURB(r1, 0x8038550a, &(0x7f0000000100)={0x2, 0x80, 0xffff, 0x5, &(0x7f0000000240), 0xc694, 0x3, 0x80005, @stream_id=0x7, 0x2004b, 0xc, 0x0}) ioctl$auto_USBDEVFS_CONTROL(r1, 0xc0185500, &(0x7f0000000000)={0x80, 0x0, 0x2, 0x6, 0x2, 0x10001, &(0x7f0000000280)}) 280.76581ms ago: executing program 2 (id=1707): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) timer_create$auto(0x3, 0x0, 0x0) rt_sigprocmask$auto(0x0, &(0x7f0000000000)={0xfffffffffffffe01}, 0x0, 0x8) timer_settime$auto(0x0, 0x3, &(0x7f00000000c0)={{0x0, 0x400}, {0x0, 0x87}}, 0x0) mmap$auto(0xf400000000000000, 0x5, 0xfff, 0x44eb2, 0x10006, 0x300000000000) 0s ago: executing program 0 (id=1708): acct$auto(&(0x7f0000000280)='u[,&\x00\x00\x00\a\x00\'\x00?\xa4\x1fN\xa1~5Z\xc7\r\f}M4\xa8m\xe6\x19[11\xab\xff-E\xac9(j\f\xa0s\x83\xe6\xaeR\x81\r_\x0e\x19\x12\x85\b\vV\x02\xb8\xed\xe9a`!\x81\xd6i\x16\xe9+J\x15\xf6\xc8\xee$\x16\xc1\x9a!\x87I7\x8cD&zg\xb0a\xab|E\xde\x14\xee[\xc8\xc0\x00\x00h\x0f\x9f\xc0\xe6\xb4\x99\x8a\x83\a\xe3\xae\x87\x00\xb0\x85B\xa3\xdbT\xb3\xb8\xd2F\xa0\xc4]\xaf\xc43&\xe4\x01\x05\xd2\x15\xf8\xf1!\x9d\x92\xbbHL9aD\xb4\x80\xed\xba>\"\xb6\x7f\xa3f\x1d\a\xa1\x87\x84uA\xd8\xe7\xd2\xf3[r\xc5S&}D[\x97\xf1\n\xc5\xa1p\xa8\xe2ce\xd9\xf8Y\x03\x84\xb4\xd7\x16\x19\xe5\x17\x10\xd8fcG:\xfbY\x17w\x98?\x03@\xe5\x02\x05\x93h\xb9\xf7\xef\x84\x8aG\xb4~A\x89\xdf\x17)~p\xea\x01^\xb8\xef\x98q\xf8Dw\xfd\xabE\a\x00c\v_\x01\x98BT@\r\xfe\xdbU{N4+Z\x99Y\a\xe9\x97\x02)\x9b\xee\x8a\xa2W~i\xf5xC\x1a)\xbd\xcd\x9clZ\'\x9c\x03\xb7\xf9\xf3\xe9\x15k\xce2\x1a\xd8\xf6\xc3\xd8\xc5\xf8\xa0\xbfnnA\x1e\x9ciR\x83\xcf\\\x05\xcd=\x84\xf02\x83\xef9\xabIg!\xac\x98') r0 = openat$auto_zero_fops_mem(0xffffffffffffff9c, 0x0, 0x1c002, 0x0) readv$auto(0xffffffffffffffff, 0x0, 0x15) r1 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) write$auto_console_fops_tty_io(r1, &(0x7f0000000000)="c80d1b5d399b39", 0xfdef) r2 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) ioctl$auto_TIOCVHANGUP(r2, 0x5437, 0x0) ioctl$auto_TIOCVHANGUP(r2, 0x5437, 0x0) ioctl$auto_TIOCVHANGUP(r2, 0x5437, &(0x7f00000000c0)="86dedb449549be9117f745478774faf1a958bd66998232d76891d07fdad26ab82f4727a6ec3cc84724b751192cd1830817b9fb27353fbe6b93d09da01e0340b19e8f43e7c331539e0e77f4d76e3b2a2343cb858e6d3f297a50f7b8d2aac1e1d00aa181354021b02c60ed40cc17947aa74fe8e53d143cef70b8c9d9e766efeda7cdade639") syz_genetlink_get_family_id$auto_ioam6(&(0x7f0000000600), 0xffffffffffffffff) mmap$auto(0x6c40, 0x2020009, 0x3, 0x800000000000eb1, 0xfffffffffffffffa, 0x2) sysfs$auto(0x2, 0x41, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x0, 0xffffffffffffffff, 0x2) socket(0xa, 0x2, 0x0) connect$auto(r2, &(0x7f0000000040)=@qipcrtr={0x2a, 0x2, 0x4001}, 0x0) connect$auto(r3, &(0x7f0000000000)=@xdp={0x2c, 0x4, 0x0, 0x17}, 0x3) socketpair$auto(0x9a4d, 0x8, 0x100, &(0x7f0000000080)=0x4) fsopen$auto(0x0, 0x1) close_range$auto(0x2, 0x8, 0x0) syz_clone3(&(0x7f0000000380)={0x100800000, 0x0, 0x0, 0x0, {0x8f}, 0x0, 0x0, 0x0, &(0x7f0000000340)}, 0x8000000000000001) mmap$auto(0x0, 0xfffc, 0xe1, 0xeb1, r0, 0x8000) r4 = openat$auto_fops_u16_(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim2/psample/out_tc\x00', 0x486042, 0x0) write$auto(r4, 0x0, 0x4) mmap$auto(0xbf72, 0x4020008, 0xcb, 0x40000eb0, 0x401, 0x3) close_range$auto(0x2, 0x8, 0x17a) socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x2, 0x0) close_range$auto(0x2, 0xffffffffffffffff, 0x4) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) kernel console output (not intermixed with test programs): 1: set [1, 0] type 2 family 0 port 6081 - 0 [ 339.999480][ T9900] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 340.025501][ T9900] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 340.127356][T10348] usb usb4: usbfs: process 10348 (syz.0.1091) did not claim interface 0 before use [ 340.268790][ T142] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 340.292589][ T142] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 340.413558][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 340.430215][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 341.107589][ T5829] Bluetooth: hci3: command tx timeout [ 341.167810][T10367] netlink: 'syz.2.1098': attribute type 1 has an invalid length. [ 341.591015][T10378] netlink: 504 bytes leftover after parsing attributes in process `syz.2.1101'. [ 342.138986][T10388] netlink: 504 bytes leftover after parsing attributes in process `syz.3.1104'. [ 342.181741][T10388] netlink: 504 bytes leftover after parsing attributes in process `syz.3.1104'. [ 342.358862][T10396] usb usb4: usbfs: process 10396 (syz.1.1105) did not claim interface 0 before use [ 342.435318][T10395] usb usb4: usbfs: process 10395 (syz.3.1106) did not claim interface 0 before use [ 342.811665][T10401] netlink: 25 bytes leftover after parsing attributes in process `syz.3.1107'. [ 343.369364][T10406] netlink: 'syz.3.1110': attribute type 1 has an invalid length. [ 343.663252][T10408] FAULT_INJECTION: forcing a failure. [ 343.663252][T10408] name failslab, interval 1, probability 0, space 0, times 0 [ 343.681281][T10408] CPU: 1 UID: 0 PID: 10408 Comm: syz.0.1108 Tainted: G L syzkaller #0 PREEMPT(full) [ 343.681331][T10408] Tainted: [L]=SOFTLOCKUP [ 343.681342][T10408] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 343.681358][T10408] Call Trace: [ 343.681368][T10408] [ 343.681380][T10408] dump_stack_lvl+0x100/0x190 [ 343.681436][T10408] should_fail_ex.cold+0x5/0xa [ 343.681477][T10408] should_failslab+0xc2/0x120 [ 343.681515][T10408] __kmalloc_cache_noprof+0x7a/0x6f0 [ 343.681558][T10408] ? drm_atomic_state_alloc+0xb8/0x120 [ 343.681613][T10408] drm_atomic_state_alloc+0xb8/0x120 [ 343.681661][T10408] drm_client_modeset_commit_atomic+0xcc/0x7e0 [ 343.681723][T10408] ? trace_contention_end+0x140/0x180 [ 343.681784][T10408] ? __mutex_lock+0x26a/0x1b90 [ 343.681821][T10408] ? __mutex_lock+0x26a/0x1b90 [ 343.681854][T10408] ? __pfx_drm_client_modeset_commit_atomic+0x10/0x10 [ 343.681904][T10408] ? drm_master_internal_acquire+0x21/0x80 [ 343.681987][T10408] drm_client_modeset_commit_locked+0x14d/0x580 [ 343.682036][T10408] drm_client_modeset_commit+0x4f/0x80 [ 343.682082][T10408] __drm_fb_helper_restore_fbdev_mode_unlocked.part.0+0x137/0x160 [ 343.682136][T10408] drm_fb_helper_restore_fbdev_mode_unlocked+0x93/0xc0 [ 343.682184][T10408] drm_fbdev_client_restore+0x1b/0x30 [ 343.682221][T10408] ? __pfx_drm_fbdev_client_restore+0x10/0x10 [ 343.682257][T10408] drm_client_dev_restore+0x205/0x2a0 [ 343.682310][T10408] drm_release+0x2c6/0x360 [ 343.682356][T10408] ? __pfx_drm_release+0x10/0x10 [ 343.682400][T10408] __fput+0x3ff/0xb40 [ 343.682441][T10408] task_work_run+0x150/0x240 [ 343.682486][T10408] ? __pfx_task_work_run+0x10/0x10 [ 343.682544][T10408] exit_to_user_mode_loop+0x100/0x4a0 [ 343.682590][T10408] do_syscall_64+0x668/0xf80 [ 343.682619][T10408] ? clear_bhb_loop+0x40/0x90 [ 343.682655][T10408] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 343.682698][T10408] RIP: 0033:0x7fa4c799c819 [ 343.682725][T10408] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 343.682755][T10408] RSP: 002b:00007fa4c88e5028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 343.682787][T10408] RAX: 0000000000000000 RBX: 00007fa4c7c15fa0 RCX: 00007fa4c799c819 [ 343.682807][T10408] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 343.682825][T10408] RBP: 00007fa4c7a32c91 R08: 0000000000000000 R09: 0000000000000000 [ 343.682842][T10408] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 343.682860][T10408] R13: 00007fa4c7c16038 R14: 00007fa4c7c15fa0 R15: 00007ffe270f20f8 [ 343.682905][T10408] [ 344.316112][T10423] netlink: 504 bytes leftover after parsing attributes in process `syz.2.1112'. [ 344.360123][T10416] netlink: 73 bytes leftover after parsing attributes in process `syz.1.1111'. [ 344.369898][T10423] netlink: 504 bytes leftover after parsing attributes in process `syz.2.1112'. [ 346.101653][T10457] FAULT_INJECTION: forcing a failure. [ 346.101653][T10457] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 346.134811][T10457] CPU: 0 UID: 0 PID: 10457 Comm: syz.2.1121 Tainted: G L syzkaller #0 PREEMPT(full) [ 346.134858][T10457] Tainted: [L]=SOFTLOCKUP [ 346.134869][T10457] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 346.134884][T10457] Call Trace: [ 346.134893][T10457] [ 346.134904][T10457] dump_stack_lvl+0x100/0x190 [ 346.134968][T10457] should_fail_ex.cold+0x5/0xa [ 346.134997][T10457] ? prepare_alloc_pages+0x16d/0x5f0 [ 346.135036][T10457] should_fail_alloc_page+0xeb/0x140 [ 346.135071][T10457] prepare_alloc_pages+0x1f0/0x5f0 [ 346.135112][T10457] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 346.135161][T10457] ? stack_trace_save+0x8e/0xc0 [ 346.135196][T10457] ? __pfx_stack_trace_save+0x10/0x10 [ 346.135227][T10457] ? stack_depot_save_flags+0x27/0x9d0 [ 346.135272][T10457] ? kasan_save_stack+0x3f/0x50 [ 346.135297][T10457] ? kasan_save_stack+0x30/0x50 [ 346.135320][T10457] ? kasan_save_track+0x14/0x30 [ 346.135346][T10457] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 346.135389][T10457] ? __handle_mm_fault+0xa9e/0x2b60 [ 346.135428][T10457] ? handle_mm_fault+0x36d/0xa20 [ 346.135465][T10457] ? do_user_addr_fault+0x74c/0x12f0 [ 346.135493][T10457] ? asm_exc_page_fault+0x26/0x30 [ 346.135522][T10457] ? _copy_from_user+0x98/0xd0 [ 346.135555][T10457] ? __x64_sys_rt_tgsigqueueinfo+0x11d/0x210 [ 346.135594][T10457] ? do_syscall_64+0x106/0xf80 [ 346.135621][T10457] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 346.135671][T10457] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 346.135704][T10457] ? policy_nodemask+0xed/0x4f0 [ 346.135739][T10457] alloc_pages_mpol+0x1fb/0x550 [ 346.135774][T10457] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 346.135818][T10457] alloc_pages_noprof+0x136/0x390 [ 346.135853][T10457] pte_alloc_one+0x1c/0x3d0 [ 346.135887][T10457] do_fault+0x88e/0x18e0 [ 346.135921][T10457] ? __pmd_alloc+0x3fb/0x950 [ 346.135968][T10457] __handle_mm_fault+0x1815/0x2b60 [ 346.136015][T10457] ? mt_find+0x45e/0x8e0 [ 346.136049][T10457] ? __pfx___handle_mm_fault+0x10/0x10 [ 346.136086][T10457] ? __pfx_mt_find+0x10/0x10 [ 346.136139][T10457] ? find_vma+0xbf/0x140 [ 346.136168][T10457] ? __pfx_find_vma+0x10/0x10 [ 346.136201][T10457] handle_mm_fault+0x36d/0xa20 [ 346.136249][T10457] do_user_addr_fault+0x74c/0x12f0 [ 346.136288][T10457] exc_page_fault+0x6f/0xd0 [ 346.136317][T10457] asm_exc_page_fault+0x26/0x30 [ 346.136344][T10457] RIP: 0010:rep_movs_alternative+0x30/0x90 [ 346.136383][T10457] Code: 83 f9 08 73 25 85 c9 74 0f 8a 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 e9 fd 93 04 00 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 <48> 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 [ 346.136410][T10457] RSP: 0018:ffffc90004f3fdf0 EFLAGS: 00050216 [ 346.136433][T10457] RAX: 0000000000000001 RBX: 0000000000000000 RCX: 0000000000000030 [ 346.136450][T10457] RDX: 0000000000000001 RSI: 0000000000000000 RDI: ffffc90004f3fe60 [ 346.136466][T10457] RBP: 0000000000000030 R08: 0000000000000001 R09: fffff520009e7fd1 [ 346.136484][T10457] R10: ffffc90004f3fe8f R11: 0000000000000000 R12: 0000000000000000 [ 346.136500][T10457] R13: ffffc90004f3fe60 R14: 0000000000000021 R15: 0000000000000000 [ 346.136538][T10457] _copy_from_user+0x98/0xd0 [ 346.136580][T10457] __x64_sys_rt_tgsigqueueinfo+0x11d/0x210 [ 346.136622][T10457] ? __pfx___x64_sys_rt_tgsigqueueinfo+0x10/0x10 [ 346.136659][T10457] ? fput+0x79/0x100 [ 346.136710][T10457] do_syscall_64+0x106/0xf80 [ 346.136739][T10457] ? clear_bhb_loop+0x40/0x90 [ 346.136774][T10457] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 346.136803][T10457] RIP: 0033:0x7f34c619c819 [ 346.136827][T10457] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 346.136853][T10457] RSP: 002b:00007f34c712a028 EFLAGS: 00000246 ORIG_RAX: 0000000000000129 [ 346.136877][T10457] RAX: ffffffffffffffda RBX: 00007f34c6415fa0 RCX: 00007f34c619c819 [ 346.136894][T10457] RDX: 0000000000000021 RSI: 000000000000049f RDI: 000000000000049e [ 346.136911][T10457] RBP: 00007f34c712a090 R08: 0000000000000000 R09: 0000000000000000 [ 346.136928][T10457] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 346.136944][T10457] R13: 00007f34c6416038 R14: 00007f34c6415fa0 R15: 00007ffcd90e2848 [ 346.136993][T10457] [ 349.857930][T10519] FAULT_INJECTION: forcing a failure. [ 349.857930][T10519] name failslab, interval 1, probability 0, space 0, times 0 [ 349.935351][T10519] CPU: 0 UID: 0 PID: 10519 Comm: syz.3.1136 Tainted: G L syzkaller #0 PREEMPT(full) [ 349.935402][T10519] Tainted: [L]=SOFTLOCKUP [ 349.935413][T10519] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 349.935431][T10519] Call Trace: [ 349.935441][T10519] [ 349.935453][T10519] dump_stack_lvl+0x100/0x190 [ 349.935503][T10519] should_fail_ex.cold+0x5/0xa [ 349.935539][T10519] should_failslab+0xc2/0x120 [ 349.935572][T10519] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 349.935616][T10519] ? skb_clone+0x190/0x400 [ 349.935652][T10519] skb_clone+0x190/0x400 [ 349.935682][T10519] netlink_deliver_tap+0xaed/0xcc0 [ 349.935741][T10519] netlink_unicast+0x650/0x870 [ 349.935778][T10519] ? __pfx_netlink_unicast+0x10/0x10 [ 349.935832][T10519] netlink_sendmsg+0x8b0/0xda0 [ 349.935871][T10519] ? __pfx_netlink_sendmsg+0x10/0x10 [ 349.935901][T10519] ? __import_iovec+0x1d2/0x640 [ 349.935964][T10519] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 349.936003][T10519] ____sys_sendmsg+0x9e1/0xb70 [ 349.936038][T10519] ? __pfx_netlink_sendmsg+0x10/0x10 [ 349.936080][T10519] ? __pfx_____sys_sendmsg+0x10/0x10 [ 349.936136][T10519] ___sys_sendmsg+0x190/0x1e0 [ 349.936176][T10519] ? __pfx____sys_sendmsg+0x10/0x10 [ 349.936271][T10519] __sys_sendmsg+0x170/0x220 [ 349.936321][T10519] ? __pfx___sys_sendmsg+0x10/0x10 [ 349.936396][T10519] do_syscall_64+0x106/0xf80 [ 349.936425][T10519] ? clear_bhb_loop+0x40/0x90 [ 349.936463][T10519] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 349.936494][T10519] RIP: 0033:0x7f5ec499c819 [ 349.936521][T10519] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 349.936549][T10519] RSP: 002b:00007f5ec5912028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 349.936578][T10519] RAX: ffffffffffffffda RBX: 00007f5ec4c15fa0 RCX: 00007f5ec499c819 [ 349.936597][T10519] RDX: 0000000000000808 RSI: 0000200000000040 RDI: 0000000000000003 [ 349.936616][T10519] RBP: 00007f5ec5912090 R08: 0000000000000000 R09: 0000000000000000 [ 349.936634][T10519] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 349.936652][T10519] R13: 00007f5ec4c16038 R14: 00007f5ec4c15fa0 R15: 00007ffc0323aa68 [ 349.936693][T10519] [ 350.186111][T10508] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 350.192411][T10508] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 350.198552][T10508] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 350.204743][T10508] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 350.210922][T10508] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 350.656778][ T30] audit: type=1800 audit(1775054545.535:7): pid=10528 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.1139" name="dbroot" dev="configfs" ino=33965 res=0 errno=0 [ 350.769735][T10508] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 351.665296][ T51] Bluetooth: hci0: command 0x0c1a tx timeout [ 351.861936][T10546] netlink: 330 bytes leftover after parsing attributes in process `syz.2.1142'. [ 352.465510][ T51] Bluetooth: hci3: command 0x0c1a tx timeout [ 352.468125][ T5829] Bluetooth: hci1: command 0x0c1a tx timeout [ 352.473198][ T51] Bluetooth: hci2: command 0x0c1a tx timeout [ 352.658372][T10563] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1149'. [ 353.188790][T10571] mmap: syz.3.1151 (10571): VmData 46010368 exceed data ulimit 0. Update limits or use boot option ignore_rlimit_data. [ 354.551486][ T51] Bluetooth: hci3: command 0x0c1a tx timeout [ 354.811974][T10595] netlink: 138 bytes leftover after parsing attributes in process `syz.1.1156'. [ 355.664839][T10615] Unable to find swap-space signature [ 356.635519][ T51] Bluetooth: hci3: command 0x0c1a tx timeout [ 357.095128][T10643] usb usb4: usbfs: process 10643 (syz.3.1166) did not claim interface 0 before use [ 358.569833][T10657] FAULT_INJECTION: forcing a failure. [ 358.569833][T10657] name failslab, interval 1, probability 0, space 0, times 0 [ 358.658948][T10657] CPU: 1 UID: 0 PID: 10657 Comm: syz.3.1169 Tainted: G L syzkaller #0 PREEMPT(full) [ 358.659003][T10657] Tainted: [L]=SOFTLOCKUP [ 358.659014][T10657] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 358.659033][T10657] Call Trace: [ 358.659046][T10657] [ 358.659058][T10657] dump_stack_lvl+0x100/0x190 [ 358.659112][T10657] should_fail_ex.cold+0x5/0xa [ 358.659149][T10657] should_failslab+0xc2/0x120 [ 358.659185][T10657] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 358.659232][T10657] ? __proc_create+0x2cb/0x8c0 [ 358.659271][T10657] __proc_create+0x2cb/0x8c0 [ 358.659305][T10657] ? __pfx___proc_create+0x10/0x10 [ 358.659337][T10657] ? _raw_write_unlock+0x28/0x50 [ 358.659398][T10657] proc_create_reg+0x75/0x170 [ 358.659431][T10657] ? __pfx_kcm_stats_seq_show+0x10/0x10 [ 358.659481][T10657] proc_create_net_single+0x86/0x180 [ 358.659528][T10657] ? __pfx_proc_create_net_single+0x10/0x10 [ 358.659572][T10657] ? __pfx_kcm_proc_init_net+0x10/0x10 [ 358.659619][T10657] kcm_proc_init_net+0x52/0x120 [ 358.659665][T10657] ops_init+0x1e2/0x5f0 [ 358.659702][T10657] setup_net+0x118/0x3a0 [ 358.659735][T10657] ? __pfx_setup_net+0x10/0x10 [ 358.659760][T10657] ? lockdep_init_map_type+0x5c/0x250 [ 358.659803][T10657] ? mutex_init_lockep+0x110/0x150 [ 358.659854][T10657] copy_net_ns+0x46f/0x7c0 [ 358.659894][T10657] create_new_namespaces+0x3ea/0xac0 [ 358.659938][T10657] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 358.659977][T10657] ksys_unshare+0x473/0xad0 [ 358.660020][T10657] ? __pfx_ksys_unshare+0x10/0x10 [ 358.660076][T10657] __x64_sys_unshare+0x31/0x40 [ 358.660115][T10657] do_syscall_64+0x106/0xf80 [ 358.660144][T10657] ? clear_bhb_loop+0x40/0x90 [ 358.660182][T10657] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 358.660215][T10657] RIP: 0033:0x7f5ec499c819 [ 358.660243][T10657] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 358.660271][T10657] RSP: 002b:00007f5ec5912028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 358.660302][T10657] RAX: ffffffffffffffda RBX: 00007f5ec4c15fa0 RCX: 00007f5ec499c819 [ 358.660322][T10657] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 358.660340][T10657] RBP: 00007f5ec4a32c91 R08: 0000000000000000 R09: 0000000000000000 [ 358.660359][T10657] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 358.660377][T10657] R13: 00007f5ec4c16038 R14: 00007f5ec4c15fa0 R15: 00007ffc0323aa68 [ 358.660418][T10657] [ 359.710322][T10661] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 359.717982][T10661] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 359.724209][T10661] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 359.730483][T10661] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 359.797922][T10677] netlink: 29 bytes leftover after parsing attributes in process `syz.1.1173'. [ 360.357915][T10684] netlink: 146 bytes leftover after parsing attributes in process `syz.3.1174'. [ 360.443848][T10689] usb usb4: usbfs: process 10689 (syz.2.1177) did not claim interface 0 before use [ 360.465339][ T51] Bluetooth: hci0: command 0x0c1a tx timeout [ 361.746062][ T51] Bluetooth: hci3: command 0x0c1a tx timeout [ 361.752296][ T5829] Bluetooth: hci1: command 0x0c1a tx timeout [ 361.759880][ T5830] Bluetooth: hci2: command 0x0c1a tx timeout [ 361.815617][T10712] FAULT_INJECTION: forcing a failure. [ 361.815617][T10712] name failslab, interval 1, probability 0, space 0, times 0 [ 361.908320][T10712] CPU: 1 UID: 0 PID: 10712 Comm: syz.2.1180 Tainted: G L syzkaller #0 PREEMPT(full) [ 361.908361][T10712] Tainted: [L]=SOFTLOCKUP [ 361.908371][T10712] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 361.908388][T10712] Call Trace: [ 361.908397][T10712] [ 361.908408][T10712] dump_stack_lvl+0x100/0x190 [ 361.908457][T10712] should_fail_ex.cold+0x5/0xa [ 361.908494][T10712] should_failslab+0xc2/0x120 [ 361.908527][T10712] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 361.908573][T10712] ? mas_alloc_nodes+0x280/0x390 [ 361.908627][T10712] mas_alloc_nodes+0x280/0x390 [ 361.908677][T10712] mas_preallocate+0x39c/0xf10 [ 361.908720][T10712] ? __pfx_mas_preallocate+0x10/0x10 [ 361.908760][T10712] ? find_held_lock+0x2b/0x80 [ 361.908807][T10712] ? __pfx___might_resched+0x10/0x10 [ 361.908861][T10712] vma_link+0x12c/0x710 [ 361.908909][T10712] ? __pfx_vma_link+0x10/0x10 [ 361.908977][T10712] copy_vma+0x7e6/0xac0 [ 361.909033][T10712] ? __pfx_copy_vma+0x10/0x10 [ 361.909080][T10712] ? __pfx_css_rstat_updated+0x10/0x10 [ 361.909129][T10712] ? __lock_acquire+0x4a5/0x2630 [ 361.909196][T10712] ? finish_task_switch.isra.0+0x200/0xb80 [ 361.909236][T10712] copy_vma_and_data+0x1cf/0x7c0 [ 361.909286][T10712] ? __pfx_copy_vma_and_data+0x10/0x10 [ 361.909343][T10712] ? __vma_start_write+0x17f/0x280 [ 361.909383][T10712] ? __pfx___vma_start_write+0x10/0x10 [ 361.909437][T10712] move_vma+0x51b/0x1890 [ 361.909490][T10712] ? __pfx_move_vma+0x10/0x10 [ 361.909539][T10712] ? mm_get_unmapped_area_vmflags+0xd7/0x130 [ 361.909578][T10712] ? cap_mmap_addr+0x4b/0x120 [ 361.909609][T10712] ? bpf_lsm_mmap_addr+0x9/0x30 [ 361.909639][T10712] ? security_mmap_addr+0x71/0x1e0 [ 361.909680][T10712] ? __get_unmapped_area+0x255/0x3e0 [ 361.909722][T10712] ? vrm_set_new_addr+0x204/0x290 [ 361.909780][T10712] mremap_to+0x1b7/0x450 [ 361.909829][T10712] do_mremap+0xb76/0x2130 [ 361.909893][T10712] ? __pfx_do_mremap+0x10/0x10 [ 361.909949][T10712] ? ksys_write+0x190/0x250 [ 361.909989][T10712] __do_sys_mremap+0x126/0x170 [ 361.910036][T10712] ? __pfx___do_sys_mremap+0x10/0x10 [ 361.910122][T10712] do_syscall_64+0x106/0xf80 [ 361.910152][T10712] ? clear_bhb_loop+0x40/0x90 [ 361.910191][T10712] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 361.910223][T10712] RIP: 0033:0x7f34c619c819 [ 361.910250][T10712] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 361.910279][T10712] RSP: 002b:00007f34c70c7028 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 361.910308][T10712] RAX: ffffffffffffffda RBX: 00007f34c6416270 RCX: 00007f34c619c819 [ 361.910328][T10712] RDX: 0000000000000004 RSI: 0000000000000004 RDI: 0000200000000000 [ 361.910346][T10712] RBP: 00007f34c6232c91 R08: 0000000100000000 R09: 0000000000000000 [ 361.910364][T10712] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000000 [ 361.910382][T10712] R13: 00007f34c6416308 R14: 00007f34c6416270 R15: 00007ffcd90e2848 [ 361.910421][T10712] [ 364.153955][T10728] usb usb15: usbfs: process 10728 (syz.0.1186) did not claim interface 0 before use [ 365.351713][T10747] usb usb4: usbfs: process 10747 (syz.1.1189) did not claim interface 0 before use [ 365.414776][ T30] audit: type=1107 audit(1775054560.285:8): pid=10748 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 365.463974][ T30] audit: type=1107 audit(1775054560.315:9): pid=10748 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 365.506018][ T30] audit: type=1107 audit(1775054560.315:10): pid=10748 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 365.564167][ T30] audit: type=1107 audit(1775054560.315:11): pid=10748 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 365.600546][ T30] audit: type=1107 audit(1775054560.315:12): pid=10748 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 365.639761][ T30] audit: type=1107 audit(1775054560.315:13): pid=10748 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 365.677099][ T30] audit: type=1107 audit(1775054560.315:14): pid=10748 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 365.709001][ T30] audit: type=1107 audit(1775054560.315:15): pid=10748 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 365.748963][ T30] audit: type=1107 audit(1775054560.315:16): pid=10748 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 366.101196][ T30] audit: type=1107 audit(1775054560.315:17): pid=10748 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 368.486147][T10799] usb usb4: usbfs: process 10799 (syz.0.1200) did not claim interface 0 before use [ 370.466444][T10818] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1204'. [ 370.495771][ T51] Bluetooth: hci2: unexpected event for opcode 0x7c89 [ 370.942801][T10824] netlink: 504 bytes leftover after parsing attributes in process `syz.3.1205'. [ 370.964555][T10824] netlink: 504 bytes leftover after parsing attributes in process `syz.3.1205'. [ 372.631108][ T51] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 374.680612][T10866] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1218'. [ 374.690241][T10866] nbd: must specify a size in bytes for the device [ 375.318374][T10880] FAULT_INJECTION: forcing a failure. [ 375.318374][T10880] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 375.387696][T10880] CPU: 1 UID: 0 PID: 10880 Comm: syz.2.1220 Tainted: G L syzkaller #0 PREEMPT(full) [ 375.387743][T10880] Tainted: [L]=SOFTLOCKUP [ 375.387752][T10880] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 375.387767][T10880] Call Trace: [ 375.387776][T10880] [ 375.387786][T10880] dump_stack_lvl+0x100/0x190 [ 375.387835][T10880] should_fail_ex.cold+0x5/0xa [ 375.387868][T10880] _copy_from_iter+0x1f4/0x1690 [ 375.387910][T10880] ? __asan_memset+0x23/0x50 [ 375.387950][T10880] ? __pfx__copy_from_iter+0x10/0x10 [ 375.387985][T10880] ? __pfx___alloc_skb+0x10/0x10 [ 375.388043][T10880] netlink_sendmsg+0x808/0xda0 [ 375.388078][T10880] ? __pfx_netlink_sendmsg+0x10/0x10 [ 375.388104][T10880] ? __import_iovec+0x1d2/0x640 [ 375.388143][T10880] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 375.388178][T10880] ____sys_sendmsg+0x9e1/0xb70 [ 375.388210][T10880] ? __pfx_netlink_sendmsg+0x10/0x10 [ 375.388242][T10880] ? __pfx_____sys_sendmsg+0x10/0x10 [ 375.388292][T10880] ___sys_sendmsg+0x190/0x1e0 [ 375.388329][T10880] ? __pfx____sys_sendmsg+0x10/0x10 [ 375.388408][T10880] __sys_sendmsg+0x170/0x220 [ 375.388452][T10880] ? __pfx___sys_sendmsg+0x10/0x10 [ 375.388519][T10880] do_syscall_64+0x106/0xf80 [ 375.388545][T10880] ? clear_bhb_loop+0x40/0x90 [ 375.388579][T10880] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 375.388607][T10880] RIP: 0033:0x7f34c619c819 [ 375.388636][T10880] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 375.388662][T10880] RSP: 002b:00007f34c712a028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 375.388688][T10880] RAX: ffffffffffffffda RBX: 00007f34c6415fa0 RCX: 00007f34c619c819 [ 375.388705][T10880] RDX: 0000000004048090 RSI: 0000200000000180 RDI: 0000000000000003 [ 375.388728][T10880] RBP: 00007f34c712a090 R08: 0000000000000000 R09: 0000000000000000 [ 375.388744][T10880] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 375.388759][T10880] R13: 00007f34c6416038 R14: 00007f34c6415fa0 R15: 00007ffcd90e2848 [ 375.388795][T10880] [ 376.359255][T10887] netlink: 29 bytes leftover after parsing attributes in process `syz.2.1223'. [ 377.453101][T10903] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1226'. [ 378.322904][T10905] FAULT_INJECTION: forcing a failure. [ 378.322904][T10905] name failslab, interval 1, probability 0, space 0, times 0 [ 378.389406][T10905] CPU: 1 UID: 0 PID: 10905 Comm: syz.0.1227 Tainted: G L syzkaller #0 PREEMPT(full) [ 378.389457][T10905] Tainted: [L]=SOFTLOCKUP [ 378.389467][T10905] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 378.389482][T10905] Call Trace: [ 378.389492][T10905] [ 378.389503][T10905] dump_stack_lvl+0x100/0x190 [ 378.389556][T10905] should_fail_ex.cold+0x5/0xa [ 378.389593][T10905] should_failslab+0xc2/0x120 [ 378.389628][T10905] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 378.389677][T10905] ? __d_alloc+0x34/0xa80 [ 378.389722][T10905] __d_alloc+0x34/0xa80 [ 378.389763][T10905] d_alloc_pseudo+0x1c/0xc0 [ 378.389810][T10905] alloc_file_pseudo+0xcf/0x230 [ 378.389854][T10905] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 378.389907][T10905] __shmem_file_setup+0x221/0x490 [ 378.389954][T10905] ? __pfx___shmem_file_setup+0x10/0x10 [ 378.390007][T10905] ? vm_area_alloc+0x1f/0x160 [ 378.390056][T10905] shmem_zero_setup+0x96/0x1b0 [ 378.390090][T10905] __mmap_region+0x2198/0x29e0 [ 378.390145][T10905] ? __pfx___mmap_region+0x10/0x10 [ 378.390187][T10905] ? process_measurement+0x1f4/0x2350 [ 378.390244][T10905] ? __lock_acquire+0x4a5/0x2630 [ 378.390304][T10905] ? find_held_lock+0x2b/0x80 [ 378.390341][T10905] ? finish_task_switch.isra.0+0x200/0xb80 [ 378.390385][T10905] ? finish_task_switch.isra.0+0x200/0xb80 [ 378.390438][T10905] ? trace_sched_exit_tp+0x13a/0x180 [ 378.390477][T10905] ? __schedule+0x1000/0x6120 [ 378.390579][T10905] ? rcu_is_watching+0x12/0xc0 [ 378.390625][T10905] ? cap_capable+0x107/0x460 [ 378.390665][T10905] mmap_region+0x180/0x3e0 [ 378.390719][T10905] do_mmap+0xc63/0x12f0 [ 378.390763][T10905] ? __pfx_do_mmap+0x10/0x10 [ 378.390800][T10905] ? __pfx_down_write_killable+0x10/0x10 [ 378.390848][T10905] vm_mmap_pgoff+0x29e/0x470 [ 378.390892][T10905] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 378.390933][T10905] ? do_futex+0x192/0x350 [ 378.390976][T10905] ? __pfx_do_futex+0x10/0x10 [ 378.391025][T10905] ksys_mmap_pgoff+0xe1/0x650 [ 378.391065][T10905] ? __pfx_ksys_mmap_pgoff+0x10/0x10 [ 378.391101][T10905] ? xfd_validate_state+0x129/0x190 [ 378.391153][T10905] __x64_sys_mmap+0x125/0x190 [ 378.391205][T10905] do_syscall_64+0x106/0xf80 [ 378.391235][T10905] ? clear_bhb_loop+0x40/0x90 [ 378.391274][T10905] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 378.391305][T10905] RIP: 0033:0x7fa4c799c819 [ 378.391333][T10905] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 378.391362][T10905] RSP: 002b:00007fa4c88e5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 378.391400][T10905] RAX: ffffffffffffffda RBX: 00007fa4c7c15fa0 RCX: 00007fa4c799c819 [ 378.391421][T10905] RDX: 0000000000000003 RSI: 0000000002020009 RDI: 0000000000000000 [ 378.391440][T10905] RBP: 00007fa4c7a32c91 R08: fffffffffffffffa R09: 0000000000008000 [ 378.391459][T10905] R10: 0000000000000eb1 R11: 0000000000000246 R12: 0000000000000000 [ 378.391477][T10905] R13: 00007fa4c7c16038 R14: 00007fa4c7c15fa0 R15: 00007ffe270f20f8 [ 378.391519][T10905] [ 378.923961][T10912] FAULT_INJECTION: forcing a failure. [ 378.923961][T10912] name failslab, interval 1, probability 0, space 0, times 0 [ 378.975941][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.982322][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 379.076115][T10912] CPU: 0 UID: 0 PID: 10912 Comm: syz.3.1229 Tainted: G L syzkaller #0 PREEMPT(full) [ 379.076163][T10912] Tainted: [L]=SOFTLOCKUP [ 379.076173][T10912] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 379.076189][T10912] Call Trace: [ 379.076199][T10912] [ 379.076210][T10912] dump_stack_lvl+0x100/0x190 [ 379.076262][T10912] should_fail_ex.cold+0x5/0xa [ 379.076296][T10912] should_failslab+0xc2/0x120 [ 379.076331][T10912] kmem_cache_alloc_node_noprof+0x81/0x6f0 [ 379.076377][T10912] ? __alloc_skb+0x140/0x710 [ 379.076427][T10912] __alloc_skb+0x140/0x710 [ 379.076470][T10912] ? __pfx___alloc_skb+0x10/0x10 [ 379.076511][T10912] ? kasan_save_track+0x14/0x30 [ 379.076547][T10912] ? __pfx_aa_label_sk_perm+0x10/0x10 [ 379.076581][T10912] ? ____sys_sendmsg+0x569/0xb70 [ 379.076613][T10912] ? ___sys_sendmsg+0x190/0x1e0 [ 379.076647][T10912] ? __sys_sendmmsg+0x205/0x430 [ 379.076682][T10912] tcp_stream_alloc_skb+0x34/0x660 [ 379.076722][T10912] tcp_sendmsg_locked+0x1396/0x45e0 [ 379.076785][T10912] ? __pfx_tcp_sendmsg_locked+0x10/0x10 [ 379.076825][T10912] ? do_raw_spin_lock+0x128/0x260 [ 379.076870][T10912] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 379.076922][T10912] ? __local_bh_enable_ip+0x9e/0x120 [ 379.076961][T10912] tcp_sendmsg+0x2e/0x50 [ 379.076994][T10912] ? __pfx_tcp_sendmsg+0x10/0x10 [ 379.077029][T10912] inet_sendmsg+0xb9/0x140 [ 379.077067][T10912] ____sys_sendmsg+0x98d/0xb70 [ 379.077099][T10912] ? __pfx_inet_sendmsg+0x10/0x10 [ 379.077145][T10912] ? __pfx_____sys_sendmsg+0x10/0x10 [ 379.077187][T10912] ? __pfx__kstrtoull+0x10/0x10 [ 379.077240][T10912] ___sys_sendmsg+0x190/0x1e0 [ 379.077280][T10912] ? __pfx____sys_sendmsg+0x10/0x10 [ 379.077335][T10912] ? find_held_lock+0x2b/0x80 [ 379.077390][T10912] __sys_sendmmsg+0x205/0x430 [ 379.077424][T10912] ? __pfx___sys_sendmmsg+0x10/0x10 [ 379.077464][T10912] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 379.077513][T10912] ? fput+0x79/0x100 [ 379.077557][T10912] ? ksys_write+0x1ac/0x250 [ 379.077586][T10912] ? __pfx_ksys_write+0x10/0x10 [ 379.077624][T10912] __x64_sys_sendmmsg+0x9c/0x100 [ 379.077652][T10912] ? lockdep_hardirqs_on+0x78/0x100 [ 379.077682][T10912] do_syscall_64+0x106/0xf80 [ 379.077709][T10912] ? clear_bhb_loop+0x40/0x90 [ 379.077745][T10912] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 379.077775][T10912] RIP: 0033:0x7f5ec499c819 [ 379.077800][T10912] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 379.077826][T10912] RSP: 002b:00007f5ec5912028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 379.077855][T10912] RAX: ffffffffffffffda RBX: 00007f5ec4c15fa0 RCX: 00007f5ec499c819 [ 379.077874][T10912] RDX: 00000000000009a6 RSI: 0000200000000000 RDI: 0000000000000003 [ 379.077892][T10912] RBP: 00007f5ec5912090 R08: 0000000000000000 R09: 0000000000000000 [ 379.077909][T10912] R10: 0000000007000000 R11: 0000000000000246 R12: 0000000000000001 [ 379.077926][T10912] R13: 00007f5ec4c16038 R14: 00007f5ec4c15fa0 R15: 00007ffc0323aa68 [ 379.077966][T10912] [ 380.094611][T10926] FAULT_INJECTION: forcing a failure. [ 380.094611][T10926] name failslab, interval 1, probability 0, space 0, times 0 [ 380.115573][T10926] CPU: 0 UID: 0 PID: 10926 Comm: syz.3.1232 Tainted: G L syzkaller #0 PREEMPT(full) [ 380.115626][T10926] Tainted: [L]=SOFTLOCKUP [ 380.115637][T10926] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 380.115655][T10926] Call Trace: [ 380.115666][T10926] [ 380.115678][T10926] dump_stack_lvl+0x100/0x190 [ 380.115744][T10926] should_fail_ex.cold+0x5/0xa [ 380.115783][T10926] should_failslab+0xc2/0x120 [ 380.115820][T10926] __kmalloc_cache_noprof+0x7a/0x6f0 [ 380.115863][T10926] ? sched_core_share_pid+0x3bc/0x9d0 [ 380.115900][T10926] ? do_raw_spin_unlock+0x145/0x1e0 [ 380.115953][T10926] sched_core_share_pid+0x3bc/0x9d0 [ 380.115988][T10926] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 380.116023][T10926] ? cap_task_prctl+0x104/0xa50 [ 380.116056][T10926] ? __pfx_sched_core_share_pid+0x10/0x10 [ 380.116093][T10926] ? static_key_count+0x5a/0x70 [ 380.116129][T10926] ? security_task_prctl+0x11c/0x160 [ 380.116184][T10926] __do_sys_prctl+0x182b/0x2330 [ 380.116234][T10926] ? __pfx___do_sys_prctl+0x10/0x10 [ 380.116310][T10926] do_syscall_64+0x106/0xf80 [ 380.116343][T10926] ? clear_bhb_loop+0x40/0x90 [ 380.116382][T10926] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 380.116416][T10926] RIP: 0033:0x7f5ec499c819 [ 380.116443][T10926] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 380.116473][T10926] RSP: 002b:00007f5ec5912028 EFLAGS: 00000246 ORIG_RAX: 000000000000009d [ 380.116505][T10926] RAX: ffffffffffffffda RBX: 00007f5ec4c15fa0 RCX: 00007f5ec499c819 [ 380.116524][T10926] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 000000000000003e [ 380.116542][T10926] RBP: 00007f5ec4a32c91 R08: 0000000000000000 R09: 0000000000000000 [ 380.116561][T10926] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 380.116579][T10926] R13: 00007f5ec4c16038 R14: 00007f5ec4c15fa0 R15: 00007ffc0323aa68 [ 380.116621][T10926] [ 382.612354][T10961] netlink: 138 bytes leftover after parsing attributes in process `syz.3.1240'. [ 383.198016][T10970] sg_write: data in/out 131052/209 bytes for SCSI command 0x67-- guessing data in; [ 383.198016][T10970] program syz.2.1244 not setting count and/or reply_len properly [ 384.001398][T10981] netlink: 330 bytes leftover after parsing attributes in process `syz.1.1243'. [ 384.242080][T10991] netlink: 'syz.2.1248': attribute type 4 has an invalid length. [ 384.265606][T10991] netlink: 'syz.2.1248': attribute type 1 has an invalid length. [ 386.099628][T11025] netlink: 29 bytes leftover after parsing attributes in process `syz.3.1254'. [ 386.841603][T11037] usb usb39: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 386.956222][T11037] vhci_hcd vhci_hcd.3: default hub control req: 0000 v0000 i0000 l0 [ 386.977570][T11037] vhci_hcd vhci_hcd.3: default hub control req: 8001 v0002 i0006 l2 [ 387.204295][T11047] FAULT_INJECTION: forcing a failure. [ 387.204295][T11047] name failslab, interval 1, probability 0, space 0, times 0 [ 387.245646][T11047] CPU: 0 UID: 0 PID: 11047 Comm: syz.3.1260 Tainted: G L syzkaller #0 PREEMPT(full) [ 387.245694][T11047] Tainted: [L]=SOFTLOCKUP [ 387.245703][T11047] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 387.245719][T11047] Call Trace: [ 387.245727][T11047] [ 387.245737][T11047] dump_stack_lvl+0x100/0x190 [ 387.245782][T11047] should_fail_ex.cold+0x5/0xa [ 387.245813][T11047] should_failslab+0xc2/0x120 [ 387.245844][T11047] __kmalloc_cache_noprof+0x7a/0x6f0 [ 387.245881][T11047] ? do_eventfd+0x67/0x2b0 [ 387.245926][T11047] do_eventfd+0x67/0x2b0 [ 387.245965][T11047] __x64_sys_eventfd+0x32/0x50 [ 387.246004][T11047] do_syscall_64+0x106/0xf80 [ 387.246032][T11047] ? clear_bhb_loop+0x40/0x90 [ 387.246065][T11047] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 387.246096][T11047] RIP: 0033:0x7f5ec499c819 [ 387.246121][T11047] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 387.246148][T11047] RSP: 002b:00007f5ec5912028 EFLAGS: 00000246 ORIG_RAX: 000000000000011c [ 387.246178][T11047] RAX: ffffffffffffffda RBX: 00007f5ec4c15fa0 RCX: 00007f5ec499c819 [ 387.246197][T11047] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 387.246213][T11047] RBP: 00007f5ec4a32c91 R08: 0000000000000000 R09: 0000000000000000 [ 387.246231][T11047] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 387.246247][T11047] R13: 00007f5ec4c16038 R14: 00007f5ec4c15fa0 R15: 00007ffc0323aa68 [ 387.246292][T11047] [ 387.635356][T11042] netlink: 330 bytes leftover after parsing attributes in process `syz.0.1259'. [ 388.349464][T11039] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 389.535613][T11087] FAULT_INJECTION: forcing a failure. [ 389.535613][T11087] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 389.598705][T11082] zswap: compressor not available [ 389.625351][T11087] CPU: 1 UID: 0 PID: 11087 Comm: syz.3.1270 Tainted: G L syzkaller #0 PREEMPT(full) [ 389.625400][T11087] Tainted: [L]=SOFTLOCKUP [ 389.625410][T11087] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 389.625425][T11087] Call Trace: [ 389.625435][T11087] [ 389.625446][T11087] dump_stack_lvl+0x100/0x190 [ 389.625495][T11087] should_fail_ex.cold+0x5/0xa [ 389.625530][T11087] _copy_to_user+0x32/0xd0 [ 389.625571][T11087] simple_read_from_buffer+0xcb/0x170 [ 389.625623][T11087] proc_fail_nth_read+0x1af/0x230 [ 389.625664][T11087] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 389.625712][T11087] ? rw_verify_area+0xce/0x6d0 [ 389.625757][T11087] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 389.625795][T11087] vfs_read+0x1e4/0xb30 [ 389.625831][T11087] ? __pfx_vfs_read+0x10/0x10 [ 389.625860][T11087] ? __fget_files+0x215/0x3d0 [ 389.625900][T11087] ? __fget_files+0x21f/0x3d0 [ 389.625942][T11087] ksys_read+0x12a/0x250 [ 389.625972][T11087] ? __pfx_ksys_read+0x10/0x10 [ 389.626013][T11087] do_syscall_64+0x106/0xf80 [ 389.626045][T11087] ? clear_bhb_loop+0x40/0x90 [ 389.626081][T11087] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 389.626112][T11087] RIP: 0033:0x7f5ec495d04e [ 389.626137][T11087] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 389.626176][T11087] RSP: 002b:00007f5ec5911fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 389.626205][T11087] RAX: ffffffffffffffda RBX: 00007f5ec59126c0 RCX: 00007f5ec495d04e [ 389.626225][T11087] RDX: 000000000000000f RSI: 00007f5ec59120a0 RDI: 0000000000000004 [ 389.626242][T11087] RBP: 00007f5ec5912090 R08: 0000000000000000 R09: 0000000000000000 [ 389.626260][T11087] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 389.626277][T11087] R13: 00007f5ec4c16038 R14: 00007f5ec4c15fa0 R15: 00007ffc0323aa68 [ 389.626317][T11087] [ 392.153326][T11115] netlink: 326 bytes leftover after parsing attributes in process `syz.2.1277'. [ 392.165723][T11115] bridge0: port 2(bridge_slave_1) entered disabled state [ 392.173448][T11115] bridge0: port 1(bridge_slave_0) entered disabled state [ 392.553209][T11129] mkiss: ax0: crc mode is auto. [ 393.369838][T11133] usb usb4: usbfs: process 11133 (syz.0.1281) did not claim interface 0 before use [ 394.043101][T11140] [U] ^R [ 394.622027][T11143] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 394.660866][T11143] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 394.725628][T11143] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 394.731872][T11143] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 395.149817][T11150] &#$@\]\-: entered promiscuous mode [ 396.094153][T11166] netlink: 504 bytes leftover after parsing attributes in process `syz.1.1290'. [ 396.105253][T11167] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1289'. [ 396.130666][T11111] kexec: Could not allocate control_code_buffer [ 396.140828][T11167] netlink: 25 bytes leftover after parsing attributes in process `syz.2.1289'. [ 396.150075][ T51] Bluetooth: hci0: command 0x0c1a tx timeout [ 396.419972][T11174] usb usb4: usbfs: process 11174 (syz.1.1292) did not claim interface 0 before use [ 396.708930][ T51] Bluetooth: hci2: command 0x0c1a tx timeout [ 396.785817][ T51] Bluetooth: hci3: command 0x0c1a tx timeout [ 396.785881][ T51] Bluetooth: hci1: command 0x0c1a tx timeout [ 396.812188][T11185] syz.3.1295(11185): Attempt to set a LOCK_MAND lock via flock(2). This support has been removed and the request ignored. [ 398.016674][T11200] FAULT_INJECTION: forcing a failure. [ 398.016674][T11200] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 398.016725][T11200] CPU: 0 UID: 0 PID: 11200 Comm: syz.0.1298 Tainted: G L syzkaller #0 PREEMPT(full) [ 398.016766][T11200] Tainted: [L]=SOFTLOCKUP [ 398.016776][T11200] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 398.016792][T11200] Call Trace: [ 398.016801][T11200] [ 398.016813][T11200] dump_stack_lvl+0x100/0x190 [ 398.016858][T11200] should_fail_ex.cold+0x5/0xa [ 398.016887][T11200] ? prepare_alloc_pages+0x16d/0x5f0 [ 398.016925][T11200] should_fail_alloc_page+0xeb/0x140 [ 398.016960][T11200] prepare_alloc_pages+0x1f0/0x5f0 [ 398.017003][T11200] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 398.017060][T11200] ? __lock_acquire+0x4a5/0x2630 [ 398.017101][T11200] ? __lock_acquire+0x4a5/0x2630 [ 398.017238][T11200] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 398.017287][T11200] ? __lock_acquire+0x4a5/0x2630 [ 398.017348][T11200] ? find_held_lock+0x2b/0x80 [ 398.017375][T11200] ? is_bpf_text_address+0x8a/0x1a0 [ 398.017419][T11200] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 398.017452][T11200] ? policy_nodemask+0xed/0x4f0 [ 398.017489][T11200] alloc_pages_mpol+0x1fb/0x550 [ 398.017523][T11200] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 398.017555][T11200] ? arch_stack_walk+0xa6/0xf0 [ 398.017595][T11200] folio_alloc_mpol_noprof+0x36/0x340 [ 398.017635][T11200] shmem_alloc_folio+0x135/0x160 [ 398.017677][T11200] shmem_alloc_and_add_folio+0x371/0xd40 [ 398.017731][T11200] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 398.017780][T11200] ? shmem_allowable_huge_orders+0x2bd/0x400 [ 398.017836][T11200] shmem_get_folio_gfp+0x6ab/0x1900 [ 398.017889][T11200] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 398.017937][T11200] ? filemap_map_pages+0xe69/0x2020 [ 398.017988][T11200] shmem_fault+0x1f9/0xa20 [ 398.018030][T11200] ? __lock_acquire+0x4a5/0x2630 [ 398.018067][T11200] ? __pfx_shmem_fault+0x10/0x10 [ 398.018124][T11200] ? rcu_is_watching+0x12/0xc0 [ 398.018171][T11200] ? __pfx_filemap_map_pages+0x10/0x10 [ 398.018229][T11200] __do_fault+0x10d/0x550 [ 398.018265][T11200] do_fault+0xabb/0x18e0 [ 398.018299][T11200] ? __pmd_alloc+0x3fb/0x950 [ 398.018338][T11200] __handle_mm_fault+0x1815/0x2b60 [ 398.018383][T11200] ? mt_find+0x45e/0x8e0 [ 398.018418][T11200] ? __pfx___handle_mm_fault+0x10/0x10 [ 398.018455][T11200] ? __pfx_mt_find+0x10/0x10 [ 398.018510][T11200] ? find_vma+0xbf/0x140 [ 398.018539][T11200] ? __pfx_find_vma+0x10/0x10 [ 398.018573][T11200] handle_mm_fault+0x36d/0xa20 [ 398.018622][T11200] do_user_addr_fault+0x74c/0x12f0 [ 398.018664][T11200] exc_page_fault+0x6f/0xd0 [ 398.018693][T11200] asm_exc_page_fault+0x26/0x30 [ 398.018720][T11200] RIP: 0010:rep_movs_alternative+0x30/0x90 [ 398.018758][T11200] Code: 83 f9 08 73 25 85 c9 74 0f 8a 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 e9 fd 93 04 00 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 <48> 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 [ 398.018784][T11200] RSP: 0018:ffffc900040f7df0 EFLAGS: 00050216 [ 398.018808][T11200] RAX: 0000000000000001 RBX: 0000000000000000 RCX: 0000000000000030 [ 398.018825][T11200] RDX: 0000000000000001 RSI: 0000000000000000 RDI: ffffc900040f7e60 [ 398.018842][T11200] RBP: 0000000000000030 R08: 0000000000000001 R09: fffff5200081efd1 [ 398.018858][T11200] R10: ffffc900040f7e8f R11: 0000000000000000 R12: 0000000000000000 [ 398.018875][T11200] R13: ffffc900040f7e60 R14: 0000000000000021 R15: 0000000000000000 [ 398.018913][T11200] _copy_from_user+0x98/0xd0 [ 398.018953][T11200] __x64_sys_rt_tgsigqueueinfo+0x11d/0x210 [ 398.018999][T11200] ? __pfx___x64_sys_rt_tgsigqueueinfo+0x10/0x10 [ 398.019039][T11200] ? fput+0x79/0x100 [ 398.019093][T11200] do_syscall_64+0x106/0xf80 [ 398.019128][T11200] ? clear_bhb_loop+0x40/0x90 [ 398.019165][T11200] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 398.019194][T11200] RIP: 0033:0x7fa4c799c819 [ 398.019217][T11200] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 398.019243][T11200] RSP: 002b:00007fa4c88e5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000129 [ 398.019268][T11200] RAX: ffffffffffffffda RBX: 00007fa4c7c15fa0 RCX: 00007fa4c799c819 [ 398.019287][T11200] RDX: 0000000000000021 RSI: 0000000000000357 RDI: 0000000000000356 [ 398.019304][T11200] RBP: 00007fa4c88e5090 R08: 0000000000000000 R09: 0000000000000000 [ 398.019320][T11200] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 398.019337][T11200] R13: 00007fa4c7c16038 R14: 00007fa4c7c15fa0 R15: 00007ffe270f20f8 [ 398.019376][T11200] [ 398.467301][T11211] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 398.597025][T11214] random: crng reseeded on system resumption [ 399.081497][T11218] usb usb4: usbfs: process 11218 (syz.1.1303) did not claim interface 0 before use [ 400.151846][ T5829] Bluetooth: hci0: ACL packet for unknown connection handle 0 [ 400.337246][T11244] FAULT_INJECTION: forcing a failure. [ 400.337246][T11244] name failslab, interval 1, probability 0, space 0, times 0 [ 400.435413][T11244] CPU: 0 UID: 0 PID: 11244 Comm: syz.3.1308 Tainted: G L syzkaller #0 PREEMPT(full) [ 400.435461][T11244] Tainted: [L]=SOFTLOCKUP [ 400.435471][T11244] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 400.435488][T11244] Call Trace: [ 400.435498][T11244] [ 400.435509][T11244] dump_stack_lvl+0x100/0x190 [ 400.435560][T11244] should_fail_ex.cold+0x5/0xa [ 400.435596][T11244] should_failslab+0xc2/0x120 [ 400.435630][T11244] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 400.435675][T11244] ? skb_clone+0x190/0x400 [ 400.435712][T11244] skb_clone+0x190/0x400 [ 400.435742][T11244] netlink_deliver_tap+0xaed/0xcc0 [ 400.435800][T11244] netlink_unicast+0x650/0x870 [ 400.435838][T11244] ? __pfx_netlink_unicast+0x10/0x10 [ 400.435885][T11244] netlink_sendmsg+0x8b0/0xda0 [ 400.435924][T11244] ? __pfx_netlink_sendmsg+0x10/0x10 [ 400.435953][T11244] ? __import_iovec+0x1d2/0x640 [ 400.435996][T11244] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 400.436044][T11244] ____sys_sendmsg+0x9e1/0xb70 [ 400.436079][T11244] ? __pfx_netlink_sendmsg+0x10/0x10 [ 400.436114][T11244] ? __pfx_____sys_sendmsg+0x10/0x10 [ 400.436168][T11244] ___sys_sendmsg+0x190/0x1e0 [ 400.436210][T11244] ? __pfx____sys_sendmsg+0x10/0x10 [ 400.436296][T11244] __sys_sendmsg+0x170/0x220 [ 400.436344][T11244] ? __pfx___sys_sendmsg+0x10/0x10 [ 400.436418][T11244] do_syscall_64+0x106/0xf80 [ 400.436454][T11244] ? clear_bhb_loop+0x40/0x90 [ 400.436491][T11244] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 400.436522][T11244] RIP: 0033:0x7f5ec499c819 [ 400.436548][T11244] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 400.436575][T11244] RSP: 002b:00007f5ec5912028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 400.436604][T11244] RAX: ffffffffffffffda RBX: 00007f5ec4c15fa0 RCX: 00007f5ec499c819 [ 400.436623][T11244] RDX: 0000000004048090 RSI: 0000200000000180 RDI: 0000000000000003 [ 400.436642][T11244] RBP: 00007f5ec5912090 R08: 0000000000000000 R09: 0000000000000000 [ 400.436660][T11244] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 400.436677][T11244] R13: 00007f5ec4c16038 R14: 00007f5ec4c15fa0 R15: 00007ffc0323aa68 [ 400.436717][T11244] [ 402.050556][T11269] FAULT_INJECTION: forcing a failure. [ 402.050556][T11269] name failslab, interval 1, probability 0, space 0, times 0 [ 402.084403][T11269] CPU: 0 UID: 0 PID: 11269 Comm: syz.3.1315 Tainted: G L syzkaller #0 PREEMPT(full) [ 402.084449][T11269] Tainted: [L]=SOFTLOCKUP [ 402.084459][T11269] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 402.084475][T11269] Call Trace: [ 402.084485][T11269] [ 402.084495][T11269] dump_stack_lvl+0x100/0x190 [ 402.084545][T11269] should_fail_ex.cold+0x5/0xa [ 402.084582][T11269] should_failslab+0xc2/0x120 [ 402.084616][T11269] kmem_cache_alloc_node_noprof+0x81/0x6f0 [ 402.084663][T11269] ? __alloc_skb+0x140/0x710 [ 402.084714][T11269] __alloc_skb+0x140/0x710 [ 402.084756][T11269] ? __alloc_skb+0x5b7/0x710 [ 402.084798][T11269] ? __pfx___alloc_skb+0x10/0x10 [ 402.084837][T11269] ? genl_rcv_msg+0x4be/0x800 [ 402.084885][T11269] netlink_ack+0x117/0xb80 [ 402.084929][T11269] netlink_rcv_skb+0x333/0x420 [ 402.084961][T11269] ? __pfx_genl_rcv_msg+0x10/0x10 [ 402.084999][T11269] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 402.085048][T11269] ? netlink_deliver_tap+0x1ae/0xcc0 [ 402.085101][T11269] genl_rcv+0x28/0x40 [ 402.085133][T11269] netlink_unicast+0x5aa/0x870 [ 402.085175][T11269] ? __pfx_netlink_unicast+0x10/0x10 [ 402.085219][T11269] netlink_sendmsg+0x8b0/0xda0 [ 402.085255][T11269] ? __pfx_netlink_sendmsg+0x10/0x10 [ 402.085283][T11269] ? __import_iovec+0x1d2/0x640 [ 402.085326][T11269] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 402.085405][T11269] ____sys_sendmsg+0x9e1/0xb70 [ 402.085438][T11269] ? __pfx_netlink_sendmsg+0x10/0x10 [ 402.085471][T11269] ? __pfx_____sys_sendmsg+0x10/0x10 [ 402.085525][T11269] ___sys_sendmsg+0x190/0x1e0 [ 402.085566][T11269] ? __pfx____sys_sendmsg+0x10/0x10 [ 402.085652][T11269] __sys_sendmsg+0x170/0x220 [ 402.085700][T11269] ? __pfx___sys_sendmsg+0x10/0x10 [ 402.085773][T11269] do_syscall_64+0x106/0xf80 [ 402.085801][T11269] ? clear_bhb_loop+0x40/0x90 [ 402.085838][T11269] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 402.085868][T11269] RIP: 0033:0x7f5ec499c819 [ 402.085892][T11269] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 402.085919][T11269] RSP: 002b:00007f5ec5912028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 402.085947][T11269] RAX: ffffffffffffffda RBX: 00007f5ec4c15fa0 RCX: 00007f5ec499c819 [ 402.085965][T11269] RDX: 0000000000000808 RSI: 0000200000000040 RDI: 0000000000000003 [ 402.085982][T11269] RBP: 00007f5ec5912090 R08: 0000000000000000 R09: 0000000000000000 [ 402.085999][T11269] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 402.086015][T11269] R13: 00007f5ec4c16038 R14: 00007f5ec4c15fa0 R15: 00007ffc0323aa68 [ 402.086054][T11269] [ 402.166035][T11266] usb usb4: usbfs: process 11266 (syz.0.1314) did not claim interface 0 before use [ 402.690122][ T30] kauditd_printk_skb: 24 callbacks suppressed [ 402.690141][ T30] audit: type=1804 audit(1775054597.565:42): pid=11273 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.1316" name="/newroot/sys/kernel/debug/tracing/per_cpu/cpu0/trace_pipe_raw" dev="tracefs" ino=3447 res=1 errno=0 [ 405.306702][ T142] bridge_slave_1: left allmulticast mode [ 405.313482][ T142] bridge_slave_1: left promiscuous mode [ 405.325543][ T142] bridge0: port 2(bridge_slave_1) entered disabled state [ 405.576748][ T142] bridge_slave_0: left allmulticast mode [ 405.582499][ T142] bridge_slave_0: left promiscuous mode [ 405.618033][ T142] bridge0: port 1(bridge_slave_0) entered disabled state [ 405.835893][T11302] FAULT_INJECTION: forcing a failure. [ 405.835893][T11302] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 405.906554][T11302] CPU: 1 UID: 0 PID: 11302 Comm: syz.1.1323 Tainted: G L syzkaller #0 PREEMPT(full) [ 405.906605][T11302] Tainted: [L]=SOFTLOCKUP [ 405.906617][T11302] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 405.906635][T11302] Call Trace: [ 405.906645][T11302] [ 405.906656][T11302] dump_stack_lvl+0x100/0x190 [ 405.906709][T11302] should_fail_ex.cold+0x5/0xa [ 405.906746][T11302] core_sys_select+0x9b9/0xbb0 [ 405.906786][T11302] ? __pfx_core_sys_select+0x10/0x10 [ 405.906858][T11302] ? ktime_get_ts64+0x2d2/0x3f0 [ 405.906899][T11302] ? read_tsc+0x9/0x20 [ 405.906933][T11302] ? ktime_get_ts64+0x256/0x3f0 [ 405.906971][T11302] kern_select+0x20c/0x270 [ 405.907004][T11302] ? __pfx_kern_select+0x10/0x10 [ 405.907049][T11302] __x64_sys_select+0xbd/0x160 [ 405.907078][T11302] ? do_syscall_64+0x95/0xf80 [ 405.907109][T11302] ? lockdep_hardirqs_on+0x78/0x100 [ 405.907139][T11302] do_syscall_64+0x106/0xf80 [ 405.907168][T11302] ? clear_bhb_loop+0x40/0x90 [ 405.907205][T11302] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 405.907246][T11302] RIP: 0033:0x7fb8b579c819 [ 405.907273][T11302] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 405.907303][T11302] RSP: 002b:00007fb8b66db028 EFLAGS: 00000246 ORIG_RAX: 0000000000000017 [ 405.907332][T11302] RAX: ffffffffffffffda RBX: 00007fb8b5a15fa0 RCX: 00007fb8b579c819 [ 405.907353][T11302] RDX: 00002000000000c0 RSI: 0000200000000040 RDI: 0000000000000001 [ 405.907372][T11302] RBP: 00007fb8b5832c91 R08: 00002000000001c0 R09: 0000000000000000 [ 405.907391][T11302] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 405.907409][T11302] R13: 00007fb8b5a16038 R14: 00007fb8b5a15fa0 R15: 00007ffccae18fc8 [ 405.907451][T11302] [ 406.631857][T11316] usb usb4: usbfs: process 11316 (syz.1.1326) did not claim interface 0 before use [ 407.119641][ T142] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 407.226446][ T142] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 407.287542][ T142] bond0 (unregistering): Released all slaves [ 408.302199][T11342] netlink: 138 bytes leftover after parsing attributes in process `syz.0.1333'. [ 409.330998][T11350] netlink: 330 bytes leftover after parsing attributes in process `syz.0.1336'. [ 409.846577][T11362] usb usb4: usbfs: process 11362 (syz.0.1339) did not claim interface 0 before use [ 410.725937][T11367] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 410.733049][T11367] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 410.743975][T11367] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 410.764319][T11367] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 410.912059][ T142] hsr_slave_0: left promiscuous mode [ 411.012589][ T142] hsr_slave_1: left promiscuous mode [ 411.035495][ T142] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 411.042978][ T142] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 411.291913][ T142] veth1_macvtap: left promiscuous mode [ 411.315389][ T142] veth0_macvtap: left promiscuous mode [ 411.349145][ T142] veth1_vlan: left promiscuous mode [ 411.383808][ T142] veth0_vlan: left promiscuous mode [ 412.632988][ T5829] Bluetooth: hci0: command 0x0c1a tx timeout [ 412.795577][ T5829] Bluetooth: hci3: command 0x0c1a tx timeout [ 412.796159][ T51] Bluetooth: hci1: command 0x0c1a tx timeout [ 412.801680][ T5829] Bluetooth: hci2: command 0x0c1a tx timeout [ 413.006336][ T142] team0 (unregistering): Port device team_slave_1 removed [ 413.096508][ T142] team0 (unregistering): Port device team_slave_0 removed [ 414.062412][T11376] FAULT_INJECTION: forcing a failure. [ 414.062412][T11376] name failslab, interval 1, probability 0, space 0, times 0 [ 414.115374][T11376] CPU: 1 UID: 0 PID: 11376 Comm: syz.3.1343 Tainted: G L syzkaller #0 PREEMPT(full) [ 414.115423][T11376] Tainted: [L]=SOFTLOCKUP [ 414.115434][T11376] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 414.115448][T11376] Call Trace: [ 414.115457][T11376] [ 414.115466][T11376] dump_stack_lvl+0x100/0x190 [ 414.115507][T11376] should_fail_ex.cold+0x5/0xa [ 414.115536][T11376] should_failslab+0xc2/0x120 [ 414.115564][T11376] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 414.115604][T11376] ? sock_alloc_inode+0x25/0x1c0 [ 414.115631][T11376] ? mark_held_locks+0x40/0x70 [ 414.115663][T11376] ? __pfx_sock_alloc_inode+0x10/0x10 [ 414.115691][T11376] sock_alloc_inode+0x25/0x1c0 [ 414.115725][T11376] alloc_inode+0x68/0x250 [ 414.115764][T11376] sock_alloc+0x44/0x280 [ 414.115793][T11376] ? security_socket_create+0x7f/0x250 [ 414.115826][T11376] __sock_create+0xc2/0x860 [ 414.115872][T11376] inet_ctl_sock_create+0x94/0x230 [ 414.115908][T11376] ? __pfx_inet_ctl_sock_create+0x10/0x10 [ 414.115944][T11376] ? timer_init_key+0x150/0x340 [ 414.115995][T11376] ? __pfx_sctp_ctrlsock_init+0x10/0x10 [ 414.116043][T11376] sctp_ctrlsock_init+0x40/0xd0 [ 414.116090][T11376] ops_init+0x1e2/0x5f0 [ 414.116124][T11376] setup_net+0x118/0x3a0 [ 414.116154][T11376] ? __pfx_setup_net+0x10/0x10 [ 414.116182][T11376] ? lockdep_init_map_type+0x5c/0x250 [ 414.116223][T11376] ? mutex_init_lockep+0x110/0x150 [ 414.116268][T11376] copy_net_ns+0x46f/0x7c0 [ 414.116298][T11376] create_new_namespaces+0x3ea/0xac0 [ 414.116331][T11376] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 414.116360][T11376] ksys_unshare+0x473/0xad0 [ 414.116392][T11376] ? __pfx_ksys_unshare+0x10/0x10 [ 414.116434][T11376] __x64_sys_unshare+0x31/0x40 [ 414.116463][T11376] do_syscall_64+0x106/0xf80 [ 414.116486][T11376] ? clear_bhb_loop+0x40/0x90 [ 414.116515][T11376] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 414.116539][T11376] RIP: 0033:0x7f5ec499c819 [ 414.116560][T11376] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 414.116583][T11376] RSP: 002b:00007f5ec5912028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 414.116607][T11376] RAX: ffffffffffffffda RBX: 00007f5ec4c15fa0 RCX: 00007f5ec499c819 [ 414.116625][T11376] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 414.116639][T11376] RBP: 00007f5ec4a32c91 R08: 0000000000000000 R09: 0000000000000000 [ 414.116655][T11376] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 414.116670][T11376] R13: 00007f5ec4c16038 R14: 00007f5ec4c15fa0 R15: 00007ffc0323aa68 [ 414.116701][T11376] [ 414.117408][T11376] socket: no more sockets [ 417.116280][T11409] usb usb4: usbfs: process 11409 (syz.2.1349) did not claim interface 0 before use [ 419.695829][T11459] netlink: 504 bytes leftover after parsing attributes in process `syz.3.1361'. [ 419.739447][T11459] netlink: 504 bytes leftover after parsing attributes in process `syz.3.1361'. [ 421.697200][T11481] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1366'. [ 423.376969][T11494] FAULT_INJECTION: forcing a failure. [ 423.376969][T11494] name failslab, interval 1, probability 0, space 0, times 0 [ 423.390211][T11494] CPU: 0 UID: 0 PID: 11494 Comm: syz.1.1369 Tainted: G L syzkaller #0 PREEMPT(full) [ 423.390258][T11494] Tainted: [L]=SOFTLOCKUP [ 423.390269][T11494] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 423.390285][T11494] Call Trace: [ 423.390295][T11494] [ 423.390306][T11494] dump_stack_lvl+0x100/0x190 [ 423.390357][T11494] should_fail_ex.cold+0x5/0xa [ 423.390394][T11494] should_failslab+0xc2/0x120 [ 423.390429][T11494] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 423.390474][T11494] ? __send_signal_locked+0x155/0x12d0 [ 423.390528][T11494] __send_signal_locked+0x155/0x12d0 [ 423.390573][T11494] ? send_signal_locked+0x479/0x850 [ 423.390602][T11494] ? lock_task_sighand+0x146/0x340 [ 423.390650][T11494] do_send_specific+0x1e8/0x360 [ 423.390687][T11494] ? __pfx_do_send_specific+0x10/0x10 [ 423.390735][T11494] do_rt_tgsigqueueinfo+0xa9/0x100 [ 423.390775][T11494] __x64_sys_rt_tgsigqueueinfo+0x17a/0x210 [ 423.390829][T11494] ? __pfx___x64_sys_rt_tgsigqueueinfo+0x10/0x10 [ 423.390869][T11494] ? fput+0x79/0x100 [ 423.390921][T11494] do_syscall_64+0x106/0xf80 [ 423.390949][T11494] ? clear_bhb_loop+0x40/0x90 [ 423.390984][T11494] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 423.391014][T11494] RIP: 0033:0x7fb8b579c819 [ 423.391039][T11494] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 423.391064][T11494] RSP: 002b:00007fb8b66db028 EFLAGS: 00000246 ORIG_RAX: 0000000000000129 [ 423.391092][T11494] RAX: ffffffffffffffda RBX: 00007fb8b5a15fa0 RCX: 00007fb8b579c819 [ 423.391110][T11494] RDX: 0000000000000021 RSI: 00000000000000ec RDI: 00000000000000eb [ 423.391127][T11494] RBP: 00007fb8b66db090 R08: 0000000000000000 R09: 0000000000000000 [ 423.391144][T11494] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 423.391162][T11494] R13: 00007fb8b5a16038 R14: 00007fb8b5a15fa0 R15: 00007ffccae18fc8 [ 423.391202][T11494] [ 428.895943][T11531] FAULT_INJECTION: forcing a failure. [ 428.895943][T11531] name failslab, interval 1, probability 0, space 0, times 0 [ 428.912390][T11531] CPU: 0 UID: 0 PID: 11531 Comm: syz.2.1377 Tainted: G L syzkaller #0 PREEMPT(full) [ 428.912431][T11531] Tainted: [L]=SOFTLOCKUP [ 428.912437][T11531] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 428.912449][T11531] Call Trace: [ 428.912455][T11531] [ 428.912462][T11531] dump_stack_lvl+0x100/0x190 [ 428.912495][T11531] should_fail_ex.cold+0x5/0xa [ 428.912517][T11531] should_failslab+0xc2/0x120 [ 428.912538][T11531] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 428.912567][T11531] ? security_inode_alloc+0x3b/0x2c0 [ 428.912588][T11531] ? lockdep_init_map_type+0x5c/0x250 [ 428.912617][T11531] security_inode_alloc+0x3b/0x2c0 [ 428.912638][T11531] inode_init_always_gfp+0xced/0x1040 [ 428.912662][T11531] alloc_inode+0x8e/0x250 [ 428.912688][T11531] new_inode+0x22/0x1c0 [ 428.912715][T11531] shmem_get_inode+0x212/0x1040 [ 428.912743][T11531] ? __pfx_shmem_get_inode+0x10/0x10 [ 428.912767][T11531] ? rcu_is_watching+0x12/0xc0 [ 428.912794][T11531] ? percpu_counter_add_batch+0xb9/0x230 [ 428.912834][T11531] __shmem_file_setup+0x3ac/0x490 [ 428.912861][T11531] ? __pfx___shmem_file_setup+0x10/0x10 [ 428.912891][T11531] ? vm_area_alloc+0x1f/0x160 [ 428.912919][T11531] shmem_zero_setup+0x96/0x1b0 [ 428.912938][T11531] __mmap_region+0x2198/0x29e0 [ 428.912971][T11531] ? __pfx___mmap_region+0x10/0x10 [ 428.912996][T11531] ? process_measurement+0x1f4/0x2350 [ 428.913028][T11531] ? __lock_acquire+0x4a5/0x2630 [ 428.913051][T11531] ? update_cfs_rq_load_avg+0x51/0x550 [ 428.913084][T11531] ? find_held_lock+0x2b/0x80 [ 428.913101][T11531] ? finish_task_switch.isra.0+0x200/0xb80 [ 428.913121][T11531] ? finish_task_switch.isra.0+0x200/0xb80 [ 428.913150][T11531] ? trace_sched_exit_tp+0x13a/0x180 [ 428.913174][T11531] ? __schedule+0x1000/0x6120 [ 428.913230][T11531] ? rcu_is_watching+0x12/0xc0 [ 428.913257][T11531] ? cap_capable+0x107/0x460 [ 428.913279][T11531] mmap_region+0x180/0x3e0 [ 428.913311][T11531] do_mmap+0xc63/0x12f0 [ 428.913336][T11531] ? __pfx_do_mmap+0x10/0x10 [ 428.913358][T11531] ? __pfx_down_write_killable+0x10/0x10 [ 428.913384][T11531] vm_mmap_pgoff+0x29e/0x470 [ 428.913409][T11531] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 428.913433][T11531] ? do_futex+0x192/0x350 [ 428.913457][T11531] ? __pfx_do_futex+0x10/0x10 [ 428.913486][T11531] ksys_mmap_pgoff+0xe1/0x650 [ 428.913509][T11531] ? __pfx_ksys_mmap_pgoff+0x10/0x10 [ 428.913530][T11531] ? xfd_validate_state+0x129/0x190 [ 428.913561][T11531] __x64_sys_mmap+0x125/0x190 [ 428.913591][T11531] do_syscall_64+0x106/0xf80 [ 428.913608][T11531] ? clear_bhb_loop+0x40/0x90 [ 428.913630][T11531] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 428.913649][T11531] RIP: 0033:0x7f34c619c819 [ 428.913665][T11531] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 428.913683][T11531] RSP: 002b:00007f34c70e8028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 428.913700][T11531] RAX: ffffffffffffffda RBX: 00007f34c6416180 RCX: 00007f34c619c819 [ 428.913712][T11531] RDX: 0000000000000003 RSI: 0000000002020009 RDI: 0000000000000000 [ 428.913722][T11531] RBP: 00007f34c6232c91 R08: fffffffffffffffa R09: 0000000000008000 [ 428.913733][T11531] R10: 0000000000000eb1 R11: 0000000000000246 R12: 0000000000000000 [ 428.913743][T11531] R13: 00007f34c6416218 R14: 00007f34c6416180 R15: 00007ffcd90e2848 [ 428.913766][T11531] [ 430.274364][T11554] FAULT_INJECTION: forcing a failure. [ 430.274364][T11554] name failslab, interval 1, probability 0, space 0, times 0 [ 430.313475][T11557] netlink: 330 bytes leftover after parsing attributes in process `syz.0.1386'. [ 430.474167][T11554] CPU: 1 UID: 0 PID: 11554 Comm: syz.2.1383 Tainted: G L syzkaller #0 PREEMPT(full) [ 430.474216][T11554] Tainted: [L]=SOFTLOCKUP [ 430.474226][T11554] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 430.474242][T11554] Call Trace: [ 430.474252][T11554] [ 430.474262][T11554] dump_stack_lvl+0x100/0x190 [ 430.474313][T11554] should_fail_ex.cold+0x5/0xa [ 430.474350][T11554] should_failslab+0xc2/0x120 [ 430.474384][T11554] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 430.474428][T11554] ? skb_clone+0x190/0x400 [ 430.474463][T11554] skb_clone+0x190/0x400 [ 430.474492][T11554] netlink_deliver_tap+0xaed/0xcc0 [ 430.474549][T11554] netlink_unicast+0x70c/0x870 [ 430.474586][T11554] ? __pfx_netlink_unicast+0x10/0x10 [ 430.474615][T11554] ? __alloc_skb+0x5b7/0x710 [ 430.474658][T11554] ? genl_rcv_msg+0x4be/0x800 [ 430.474704][T11554] netlink_ack+0x655/0xb80 [ 430.474764][T11554] netlink_rcv_skb+0x333/0x420 [ 430.474794][T11554] ? __pfx_genl_rcv_msg+0x10/0x10 [ 430.474831][T11554] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 430.474876][T11554] ? netlink_deliver_tap+0x1ae/0xcc0 [ 430.474929][T11554] genl_rcv+0x28/0x40 [ 430.474958][T11554] netlink_unicast+0x5aa/0x870 [ 430.474992][T11554] ? __pfx_netlink_unicast+0x10/0x10 [ 430.475039][T11554] netlink_sendmsg+0x8b0/0xda0 [ 430.475077][T11554] ? __pfx_netlink_sendmsg+0x10/0x10 [ 430.475105][T11554] ? __import_iovec+0x1d2/0x640 [ 430.475145][T11554] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 430.475185][T11554] ____sys_sendmsg+0x9e1/0xb70 [ 430.475217][T11554] ? __pfx_netlink_sendmsg+0x10/0x10 [ 430.475249][T11554] ? __pfx_____sys_sendmsg+0x10/0x10 [ 430.475302][T11554] ___sys_sendmsg+0x190/0x1e0 [ 430.475338][T11554] ? __pfx____sys_sendmsg+0x10/0x10 [ 430.475423][T11554] __sys_sendmsg+0x170/0x220 [ 430.475470][T11554] ? __pfx___sys_sendmsg+0x10/0x10 [ 430.475540][T11554] do_syscall_64+0x106/0xf80 [ 430.475568][T11554] ? clear_bhb_loop+0x40/0x90 [ 430.475605][T11554] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 430.475635][T11554] RIP: 0033:0x7f34c619c819 [ 430.475661][T11554] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 430.475687][T11554] RSP: 002b:00007f34c712a028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 430.475716][T11554] RAX: ffffffffffffffda RBX: 00007f34c6415fa0 RCX: 00007f34c619c819 [ 430.475734][T11554] RDX: 0000000000000808 RSI: 0000200000000040 RDI: 0000000000000003 [ 430.475760][T11554] RBP: 00007f34c712a090 R08: 0000000000000000 R09: 0000000000000000 [ 430.475777][T11554] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 430.475793][T11554] R13: 00007f34c6416038 R14: 00007f34c6415fa0 R15: 00007ffcd90e2848 [ 430.475833][T11554] [ 431.625588][T11222] syz.1.1303 (11222) used greatest stack depth: 17576 bytes left [ 432.676627][T11580] program syz.2.1389 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 432.889474][T11575] FAULT_INJECTION: forcing a failure. [ 432.889474][T11575] name failslab, interval 1, probability 0, space 0, times 0 [ 433.275314][T11575] CPU: 1 UID: 0 PID: 11575 Comm: syz.1.1390 Tainted: G L syzkaller #0 PREEMPT(full) [ 433.275348][T11575] Tainted: [L]=SOFTLOCKUP [ 433.275354][T11575] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 433.275365][T11575] Call Trace: [ 433.275372][T11575] [ 433.275379][T11575] dump_stack_lvl+0x100/0x190 [ 433.275412][T11575] should_fail_ex.cold+0x5/0xa [ 433.275434][T11575] ? tomoyo_encode2+0xfb/0x3c0 [ 433.275459][T11575] should_failslab+0xc2/0x120 [ 433.275492][T11575] __kmalloc_noprof+0xe0/0x850 [ 433.275527][T11575] tomoyo_encode2+0xfb/0x3c0 [ 433.275557][T11575] tomoyo_encode+0x29/0x50 [ 433.275582][T11575] tomoyo_realpath_from_path+0x18c/0x690 [ 433.275615][T11575] tomoyo_path_number_perm+0x23c/0x580 [ 433.275638][T11575] ? tomoyo_path_number_perm+0x22e/0x580 [ 433.275663][T11575] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 433.275684][T11575] ? futex_wait+0x125/0x380 [ 433.275741][T11575] ? find_held_lock+0x2b/0x80 [ 433.275759][T11575] ? __fget_files+0x215/0x3d0 [ 433.275777][T11575] ? hook_file_ioctl_common+0x146/0x410 [ 433.275804][T11575] ? __fget_files+0x21f/0x3d0 [ 433.275827][T11575] security_file_ioctl+0xd3/0x230 [ 433.275851][T11575] __x64_sys_ioctl+0xb7/0x210 [ 433.275881][T11575] do_syscall_64+0x106/0xf80 [ 433.275899][T11575] ? clear_bhb_loop+0x40/0x90 [ 433.275922][T11575] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 433.275941][T11575] RIP: 0033:0x7fb8b579c819 [ 433.275963][T11575] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 433.275983][T11575] RSP: 002b:00007fb8b66db028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 433.276002][T11575] RAX: ffffffffffffffda RBX: 00007fb8b5a15fa0 RCX: 00007fb8b579c819 [ 433.276014][T11575] RDX: 0000000000000000 RSI: 000000004018aee2 RDI: 0000000000000000 [ 433.276025][T11575] RBP: 00007fb8b5832c91 R08: 0000000000000000 R09: 0000000000000000 [ 433.276037][T11575] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 433.276047][T11575] R13: 00007fb8b5a16038 R14: 00007fb8b5a15fa0 R15: 00007ffccae18fc8 [ 433.276070][T11575] [ 433.276090][T11575] ERROR: Out of memory at tomoyo_realpath_from_path. [ 434.728929][T11592] zswap: compressor not available [ 435.901830][T11611] netlink: 330 bytes leftover after parsing attributes in process `syz.3.1397'. [ 437.735320][T11661] sd 0:0:1:0: PR command failed: 1026 [ 437.745324][T11661] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 437.835473][T11661] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 440.393382][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.405781][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 441.459838][T11712] FAULT_INJECTION: forcing a failure. [ 441.459838][T11712] name failslab, interval 1, probability 0, space 0, times 0 [ 441.495727][T11712] CPU: 0 UID: 0 PID: 11712 Comm: syz.0.1421 Tainted: G L syzkaller #0 PREEMPT(full) [ 441.495778][T11712] Tainted: [L]=SOFTLOCKUP [ 441.495789][T11712] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 441.495807][T11712] Call Trace: [ 441.495816][T11712] [ 441.495827][T11712] dump_stack_lvl+0x100/0x190 [ 441.495887][T11712] should_fail_ex.cold+0x5/0xa [ 441.495923][T11712] should_failslab+0xc2/0x120 [ 441.495957][T11712] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 441.496001][T11712] ? __proc_create+0x2cb/0x8c0 [ 441.496036][T11712] __proc_create+0x2cb/0x8c0 [ 441.496055][T11712] ? __pfx___proc_create+0x10/0x10 [ 441.496083][T11712] proc_mkdir+0x81/0x170 [ 441.496102][T11712] ? __pfx_proc_mkdir+0x10/0x10 [ 441.496120][T11712] ? cache_register_net+0x137/0x5e0 [ 441.496141][T11712] ? cache_register_net+0x137/0x5e0 [ 441.496165][T11712] cache_register_net+0x18f/0x5e0 [ 441.496187][T11712] gss_svc_init_net+0x14e/0x640 [ 441.496214][T11712] ? __pfx_canbcm_pernet_init+0x10/0x10 [ 441.496235][T11712] ? __pfx_rpcsec_gss_init_net+0x10/0x10 [ 441.496264][T11712] ops_init+0x1e2/0x5f0 [ 441.496286][T11712] setup_net+0x118/0x3a0 [ 441.496304][T11712] ? __pfx_setup_net+0x10/0x10 [ 441.496321][T11712] ? lockdep_init_map_type+0x5c/0x250 [ 441.496347][T11712] ? mutex_init_lockep+0x110/0x150 [ 441.496376][T11712] copy_net_ns+0x46f/0x7c0 [ 441.496399][T11712] create_new_namespaces+0x3ea/0xac0 [ 441.496424][T11712] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 441.496447][T11712] ksys_unshare+0x473/0xad0 [ 441.496474][T11712] ? __pfx_ksys_unshare+0x10/0x10 [ 441.496506][T11712] __x64_sys_unshare+0x31/0x40 [ 441.496530][T11712] do_syscall_64+0x106/0xf80 [ 441.496548][T11712] ? clear_bhb_loop+0x40/0x90 [ 441.496570][T11712] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 441.496589][T11712] RIP: 0033:0x7fa4c799c819 [ 441.496606][T11712] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 441.496629][T11712] RSP: 002b:00007fa4c88e5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 441.496654][T11712] RAX: ffffffffffffffda RBX: 00007fa4c7c15fa0 RCX: 00007fa4c799c819 [ 441.496671][T11712] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 441.496681][T11712] RBP: 00007fa4c7a32c91 R08: 0000000000000000 R09: 0000000000000000 [ 441.496692][T11712] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 441.496703][T11712] R13: 00007fa4c7c16038 R14: 00007fa4c7c15fa0 R15: 00007ffe270f20f8 [ 441.496726][T11712] [ 443.692737][T11731] usb usb4: usbfs: process 11731 (syz.0.1425) did not claim interface 0 before use [ 443.766066][T11736] usb usb4: usbfs: process 11736 (syz.1.1426) did not claim interface 0 before use [ 444.673515][T11746] netlink: 504 bytes leftover after parsing attributes in process `syz.0.1430'. [ 444.904139][T11750] netlink: 504 bytes leftover after parsing attributes in process `syz.0.1431'. [ 444.914729][T11750] netlink: 504 bytes leftover after parsing attributes in process `syz.0.1431'. [ 446.650006][T11768] netlink: 504 bytes leftover after parsing attributes in process `syz.0.1436'. [ 446.933738][T11773] usb usb39: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 447.054822][T11773] vhci_hcd vhci_hcd.3: default hub control req: 0000 v0000 i0000 l0 [ 447.468350][T11783] FAULT_INJECTION: forcing a failure. [ 447.468350][T11783] name failslab, interval 1, probability 0, space 0, times 0 [ 447.481561][T11783] CPU: 0 UID: 0 PID: 11783 Comm: syz.3.1441 Tainted: G L syzkaller #0 PREEMPT(full) [ 447.481600][T11783] Tainted: [L]=SOFTLOCKUP [ 447.481608][T11783] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 447.481622][T11783] Call Trace: [ 447.481630][T11783] [ 447.481638][T11783] dump_stack_lvl+0x100/0x190 [ 447.481681][T11783] should_fail_ex.cold+0x5/0xa [ 447.481709][T11783] should_failslab+0xc2/0x120 [ 447.481736][T11783] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 447.481772][T11783] ? __send_signal_locked+0x155/0x12d0 [ 447.481815][T11783] __send_signal_locked+0x155/0x12d0 [ 447.481857][T11783] force_sig_info_to_task+0x450/0x660 [ 447.481895][T11783] signal_setup_done+0x128/0x5c0 [ 447.481923][T11783] ? __pfx_signal_setup_done+0x10/0x10 [ 447.481959][T11783] ? __pfx_do_send_specific+0x10/0x10 [ 447.481992][T11783] arch_do_signal_or_restart+0x47b/0x770 [ 447.482023][T11783] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 447.482071][T11783] exit_to_user_mode_loop+0x86/0x4a0 [ 447.482106][T11783] do_syscall_64+0x668/0xf80 [ 447.482130][T11783] ? clear_bhb_loop+0x40/0x90 [ 447.482159][T11783] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 447.482183][T11783] RIP: 0033:0x7f5ec499c819 [ 447.482204][T11783] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 447.482226][T11783] RSP: 002b:00007f5ec5912028 EFLAGS: 00000246 ORIG_RAX: 0000000000000129 [ 447.482249][T11783] RAX: 0000000000000000 RBX: 00007f5ec4c15fa0 RCX: 00007f5ec499c819 [ 447.482264][T11783] RDX: 0000000000000021 RSI: 00000000000004f4 RDI: 00000000000004f3 [ 447.482278][T11783] RBP: 00007f5ec5912090 R08: 0000000000000000 R09: 0000000000000000 [ 447.482291][T11783] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 447.482305][T11783] R13: 00007f5ec4c16038 R14: 00007f5ec4c15fa0 R15: 00007ffc0323aa68 [ 447.482336][T11783] [ 453.783929][T11842] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1458'. [ 454.580176][T11860] usb usb4: usbfs: process 11860 (syz.2.1462) did not claim interface 0 before use [ 454.711568][T11866] capability: warning: `syz.3.1464' uses 32-bit capabilities (legacy support in use) [ 456.058228][T11888] netlink: 138 bytes leftover after parsing attributes in process `syz.2.1469'. [ 456.942797][T11913] usb usb39: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 456.972114][T11902] netlink: 330 bytes leftover after parsing attributes in process `syz.0.1473'. [ 457.001528][T11913] vhci_hcd vhci_hcd.3: default hub control req: 0000 v0000 i0000 l0 [ 457.740553][T11921] netlink: 330 bytes leftover after parsing attributes in process `syz.1.1478'. [ 458.580592][T11948] usb usb35: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 458.615250][T11948] vhci_hcd vhci_hcd.1: default hub control req: 0000 v0000 i0000 l0 [ 458.654353][T11950] netlink: 146 bytes leftover after parsing attributes in process `syz.3.1486'. [ 458.819018][T11959] netlink: 146 bytes leftover after parsing attributes in process `syz.3.1486'. [ 460.157728][T11978] FAULT_INJECTION: forcing a failure. [ 460.157728][T11978] name failslab, interval 1, probability 0, space 0, times 0 [ 460.187339][T11978] CPU: 0 UID: 0 PID: 11978 Comm: syz.1.1492 Tainted: G L syzkaller #0 PREEMPT(full) [ 460.187395][T11978] Tainted: [L]=SOFTLOCKUP [ 460.187406][T11978] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 460.187424][T11978] Call Trace: [ 460.187435][T11978] [ 460.187447][T11978] dump_stack_lvl+0x100/0x190 [ 460.187511][T11978] should_fail_ex.cold+0x5/0xa [ 460.187551][T11978] should_failslab+0xc2/0x120 [ 460.187587][T11978] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 460.187636][T11978] ? __proc_create+0x2cb/0x8c0 [ 460.187677][T11978] __proc_create+0x2cb/0x8c0 [ 460.187710][T11978] ? __pfx___proc_create+0x10/0x10 [ 460.187756][T11978] proc_create_reg+0x75/0x170 [ 460.187795][T11978] proc_create_net_data+0x8e/0x1c0 [ 460.187831][T11978] ? __pfx_proc_create_net_data+0x10/0x10 [ 460.187862][T11978] ? net_generic+0xea/0x2a0 [ 460.187902][T11978] ? __pfx_phonet_init_net+0x10/0x10 [ 460.187935][T11978] phonet_init_net+0x66/0x120 [ 460.187968][T11978] ops_init+0x1e2/0x5f0 [ 460.188005][T11978] setup_net+0x118/0x3a0 [ 460.188038][T11978] ? __pfx_setup_net+0x10/0x10 [ 460.188067][T11978] ? lockdep_init_map_type+0x5c/0x250 [ 460.188111][T11978] ? mutex_init_lockep+0x110/0x150 [ 460.188163][T11978] copy_net_ns+0x46f/0x7c0 [ 460.188203][T11978] create_new_namespaces+0x3ea/0xac0 [ 460.188248][T11978] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 460.188286][T11978] ksys_unshare+0x473/0xad0 [ 460.188331][T11978] ? __pfx_ksys_unshare+0x10/0x10 [ 460.188388][T11978] __x64_sys_unshare+0x31/0x40 [ 460.188424][T11978] do_syscall_64+0x106/0xf80 [ 460.188452][T11978] ? clear_bhb_loop+0x40/0x90 [ 460.188491][T11978] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 460.188533][T11978] RIP: 0033:0x7fb8b579c819 [ 460.188563][T11978] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 460.188593][T11978] RSP: 002b:00007fb8b66db028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 460.188624][T11978] RAX: ffffffffffffffda RBX: 00007fb8b5a15fa0 RCX: 00007fb8b579c819 [ 460.188645][T11978] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 460.188663][T11978] RBP: 00007fb8b5832c91 R08: 0000000000000000 R09: 0000000000000000 [ 460.188679][T11978] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 460.188696][T11978] R13: 00007fb8b5a16038 R14: 00007fb8b5a15fa0 R15: 00007ffccae18fc8 [ 460.188732][T11978] [ 460.591426][T11992] usb usb4: usbfs: process 11992 (syz.0.1497) did not claim interface 0 before use [ 460.719093][T11995] FAULT_INJECTION: forcing a failure. [ 460.719093][T11995] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 460.805500][T11996] usb usb4: usbfs: process 11996 (syz.3.1496) did not claim interface 0 before use [ 460.808468][T11995] CPU: 1 UID: 0 PID: 11995 Comm: syz.0.1497 Tainted: G L syzkaller #0 PREEMPT(full) [ 460.808508][T11995] Tainted: [L]=SOFTLOCKUP [ 460.808517][T11995] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 460.808532][T11995] Call Trace: [ 460.808540][T11995] [ 460.808550][T11995] dump_stack_lvl+0x100/0x190 [ 460.808594][T11995] should_fail_ex.cold+0x5/0xa [ 460.808627][T11995] _copy_to_user+0x32/0xd0 [ 460.808662][T11995] simple_read_from_buffer+0xcb/0x170 [ 460.808707][T11995] proc_fail_nth_read+0x1af/0x230 [ 460.808743][T11995] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 460.808778][T11995] ? rw_verify_area+0xce/0x6d0 [ 460.808814][T11995] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 460.808847][T11995] vfs_read+0x1e4/0xb30 [ 460.808877][T11995] ? __pfx_vfs_read+0x10/0x10 [ 460.808901][T11995] ? __fget_files+0x215/0x3d0 [ 460.808935][T11995] ? __fget_files+0x21f/0x3d0 [ 460.808971][T11995] ksys_read+0x12a/0x250 [ 460.808996][T11995] ? __pfx_ksys_read+0x10/0x10 [ 460.809031][T11995] do_syscall_64+0x106/0xf80 [ 460.809057][T11995] ? clear_bhb_loop+0x40/0x90 [ 460.809088][T11995] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 460.809116][T11995] RIP: 0033:0x7fa4c795d04e [ 460.809138][T11995] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 460.809162][T11995] RSP: 002b:00007fa4c88a2fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 460.809187][T11995] RAX: ffffffffffffffda RBX: 00007fa4c88a36c0 RCX: 00007fa4c795d04e [ 460.809204][T11995] RDX: 000000000000000f RSI: 00007fa4c88a30a0 RDI: 0000000000000004 [ 460.809220][T11995] RBP: 00007fa4c88a3090 R08: 0000000000000000 R09: 0000000000000000 [ 460.809235][T11995] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 460.809250][T11995] R13: 00007fa4c7c16218 R14: 00007fa4c7c16180 R15: 00007ffe270f20f8 [ 460.809285][T11995] [ 462.917323][T12028] netlink: 504 bytes leftover after parsing attributes in process `syz.0.1504'. [ 462.966362][T12022] mkiss: ax0: crc mode is auto. [ 463.306097][T12035] device-mapper: ioctl: Unable to rename non-existent device, to uuid [ 465.017801][T12061] FAULT_INJECTION: forcing a failure. [ 465.017801][T12061] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 465.157493][T12061] CPU: 0 UID: 0 PID: 12061 Comm: syz.3.1515 Tainted: G L syzkaller #0 PREEMPT(full) [ 465.157526][T12061] Tainted: [L]=SOFTLOCKUP [ 465.157532][T12061] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 465.157543][T12061] Call Trace: [ 465.157549][T12061] [ 465.157556][T12061] dump_stack_lvl+0x100/0x190 [ 465.157589][T12061] should_fail_ex.cold+0x5/0xa [ 465.157612][T12061] _copy_to_user+0x32/0xd0 [ 465.157644][T12061] copy_siginfo_to_user+0x27/0xc0 [ 465.157669][T12061] x64_setup_rt_frame+0xa03/0xce0 [ 465.157697][T12061] ? __pfx_x64_setup_rt_frame+0x10/0x10 [ 465.157720][T12061] ? do_send_specific+0x15c/0x360 [ 465.157742][T12061] ? __pfx_do_send_specific+0x10/0x10 [ 465.157769][T12061] arch_do_signal_or_restart+0x587/0x770 [ 465.157794][T12061] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 465.157830][T12061] exit_to_user_mode_loop+0x86/0x4a0 [ 465.157859][T12061] do_syscall_64+0x668/0xf80 [ 465.157877][T12061] ? clear_bhb_loop+0x40/0x90 [ 465.157900][T12061] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 465.157919][T12061] RIP: 0033:0x7f5ec499c819 [ 465.157936][T12061] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 465.157953][T12061] RSP: 002b:00007f5ec5912028 EFLAGS: 00000246 ORIG_RAX: 0000000000000129 [ 465.157972][T12061] RAX: 0000000000000000 RBX: 00007f5ec4c15fa0 RCX: 00007f5ec499c819 [ 465.157983][T12061] RDX: 0000000000000021 RSI: 0000000000000540 RDI: 000000000000053f [ 465.157994][T12061] RBP: 00007f5ec5912090 R08: 0000000000000000 R09: 0000000000000000 [ 465.158004][T12061] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 465.158015][T12061] R13: 00007f5ec4c16038 R14: 00007f5ec4c15fa0 R15: 00007ffc0323aa68 [ 465.158037][T12061] [ 465.761251][T12071] netlink: 'syz.1.1516': attribute type 1 has an invalid length. [ 466.167215][T12071] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 466.187643][T12071] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 466.220252][T12071] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 466.253076][T12071] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 466.826151][T12085] vivid-007: ================= START STATUS ================= [ 466.847244][T12085] vivid-007: Generate PTS: true [ 466.852505][T12085] vivid-007: Generate SCR: true [ 466.905343][T12085] tpg source WxH: 320x240 (Y'CbCr) [ 466.910624][T12085] tpg field: 1 [ 466.920062][T12085] tpg crop: (0,0)/320x240 [ 466.995389][T12085] tpg compose: (0,0)/320x240 [ 467.015481][T12085] tpg colorspace: 8 [ 467.019343][T12085] tpg transfer function: 0/0 [ 467.024057][T12085] tpg Y'CbCr encoding: 0/0 [ 467.045424][T12085] tpg quantization: 0/0 [ 467.049662][T12085] tpg RGB range: 0/2 [ 467.053613][T12085] vivid-007: ================== END STATUS ================== [ 467.872486][T12103] crash hp: kexec_trylock() failed, kdump image may be inaccurate [ 468.228264][T11401] Bluetooth: hci1: command 0x0c1a tx timeout [ 468.234373][T11401] Bluetooth: hci2: command 0x0c1a tx timeout [ 468.240924][ T5830] Bluetooth: hci0: command 0x0c1a tx timeout [ 468.305327][T11401] Bluetooth: hci3: command 0x0c1a tx timeout [ 469.649566][T12102] kexec: Could not allocate control_code_buffer [ 470.025232][T12122] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 470.176101][T12126] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1532'. [ 472.851501][T12188] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1542'. [ 473.156036][T12193] usb usb4: usbfs: process 12193 (syz.0.1541) did not claim interface 0 before use [ 473.229210][T12188] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1542'. [ 474.191394][T12211] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1544'. [ 474.502984][T12215] netlink: 138 bytes leftover after parsing attributes in process `syz.2.1546'. [ 474.763780][T12221] netlink: 'syz.1.1550': attribute type 33 has an invalid length. [ 474.804035][T12221] netlink: 322 bytes leftover after parsing attributes in process `syz.1.1550'. [ 474.850379][T12221] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1550'. [ 474.905835][T12221] veth0_macvtap: left promiscuous mode [ 474.966684][T12221] macvtap0: entered promiscuous mode [ 474.973136][T12221] macvtap0: entered allmulticast mode [ 475.395434][T12219] FAULT_INJECTION: forcing a failure. [ 475.395434][T12219] name failslab, interval 1, probability 0, space 0, times 0 [ 475.408944][T12219] CPU: 1 UID: 0 PID: 12219 Comm: syz.2.1548 Tainted: G L syzkaller #0 PREEMPT(full) [ 475.408990][T12219] Tainted: [L]=SOFTLOCKUP [ 475.409000][T12219] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 475.409017][T12219] Call Trace: [ 475.409027][T12219] [ 475.409038][T12219] dump_stack_lvl+0x100/0x190 [ 475.409088][T12219] should_fail_ex.cold+0x5/0xa [ 475.409125][T12219] should_failslab+0xc2/0x120 [ 475.409160][T12219] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 475.409205][T12219] ? __send_signal_locked+0x155/0x12d0 [ 475.409260][T12219] __send_signal_locked+0x155/0x12d0 [ 475.409314][T12219] do_notify_parent_cldstop+0x5f5/0xb50 [ 475.409350][T12219] ? __pfx_do_notify_parent_cldstop+0x10/0x10 [ 475.409391][T12219] ? lock_acquire+0x1cf/0x380 [ 475.409445][T12219] ? do_signal_stop+0x434/0x6d0 [ 475.409474][T12219] do_signal_stop+0x592/0x6d0 [ 475.409507][T12219] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 475.409559][T12219] ? __pfx_do_signal_stop+0x10/0x10 [ 475.409588][T12219] ? _raw_spin_lock_irq+0x45/0x50 [ 475.409639][T12219] get_signal+0xcc5/0x21e0 [ 475.409680][T12219] ? __pfx_do_recvmmsg+0x10/0x10 [ 475.409716][T12219] ? ksys_write+0x190/0x250 [ 475.409750][T12219] ? __pfx_get_signal+0x10/0x10 [ 475.409783][T12219] ? __mutex_unlock_slowpath+0x15c/0x790 [ 475.409822][T12219] arch_do_signal_or_restart+0x91/0x770 [ 475.409862][T12219] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 475.409910][T12219] ? __x64_sys_recvmmsg+0x1d9/0x280 [ 475.409951][T12219] exit_to_user_mode_loop+0x86/0x4a0 [ 475.409997][T12219] do_syscall_64+0x668/0xf80 [ 475.410026][T12219] ? clear_bhb_loop+0x40/0x90 [ 475.410062][T12219] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 475.410094][T12219] RIP: 0033:0x7f34c619c819 [ 475.410120][T12219] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 475.410145][T12219] RSP: 002b:00007f34c712a028 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 475.410173][T12219] RAX: 0000000000000001 RBX: 00007f34c6415fa0 RCX: 00007f34c619c819 [ 475.410191][T12219] RDX: 00000000fffffff9 RSI: 0000200000000140 RDI: 0000000000000004 [ 475.410209][T12219] RBP: 00007f34c712a090 R08: 0000000000000000 R09: 0000000000000000 [ 475.410226][T12219] R10: 0000000000000010 R11: 0000000000000246 R12: 0000000000000001 [ 475.410243][T12219] R13: 00007f34c6416038 R14: 00007f34c6415fa0 R15: 00007ffcd90e2848 [ 475.410281][T12219] [ 476.859481][T12259] netlink: 330 bytes leftover after parsing attributes in process `syz.1.1557'. [ 477.937604][T12290] usb usb35: usbfs: process 12290 (syz.1.1565) did not claim interface 0 before use [ 478.660195][T12300] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1566'. [ 479.869349][T12290] vhci_hcd vhci_hcd.1: invalid port number 14 [ 479.875820][T12290] vhci_hcd vhci_hcd.1: Wrong hub descriptor type for USB 3.0 roothub. [ 480.338859][T12333] usb usb4: usbfs: process 12333 (syz.3.1576) did not claim interface 0 before use [ 481.341235][T12337] FAULT_INJECTION: forcing a failure. [ 481.341235][T12337] name failslab, interval 1, probability 0, space 0, times 0 [ 481.425363][T12337] CPU: 0 UID: 0 PID: 12337 Comm: syz.1.1578 Tainted: G L syzkaller #0 PREEMPT(full) [ 481.425414][T12337] Tainted: [L]=SOFTLOCKUP [ 481.425426][T12337] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 481.425443][T12337] Call Trace: [ 481.425454][T12337] [ 481.425466][T12337] dump_stack_lvl+0x100/0x190 [ 481.425518][T12337] should_fail_ex.cold+0x5/0xa [ 481.425554][T12337] ? ops_init+0x77/0x5f0 [ 481.425581][T12337] should_failslab+0xc2/0x120 [ 481.425616][T12337] __kmalloc_noprof+0xe0/0x850 [ 481.425672][T12337] ops_init+0x77/0x5f0 [ 481.425707][T12337] setup_net+0x118/0x3a0 [ 481.425735][T12337] ? __pfx_setup_net+0x10/0x10 [ 481.425761][T12337] ? lockdep_init_map_type+0x5c/0x250 [ 481.425802][T12337] ? mutex_init_lockep+0x110/0x150 [ 481.425849][T12337] copy_net_ns+0x46f/0x7c0 [ 481.425888][T12337] create_new_namespaces+0x3ea/0xac0 [ 481.425933][T12337] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 481.425971][T12337] ksys_unshare+0x473/0xad0 [ 481.426016][T12337] ? __pfx_ksys_unshare+0x10/0x10 [ 481.426072][T12337] __x64_sys_unshare+0x31/0x40 [ 481.426112][T12337] do_syscall_64+0x106/0xf80 [ 481.426143][T12337] ? clear_bhb_loop+0x40/0x90 [ 481.426182][T12337] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 481.426217][T12337] RIP: 0033:0x7fb8b579c819 [ 481.426243][T12337] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 481.426321][T12337] RSP: 002b:00007fb8b66ba028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 481.426354][T12337] RAX: ffffffffffffffda RBX: 00007fb8b5a16090 RCX: 00007fb8b579c819 [ 481.426374][T12337] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 481.426393][T12337] RBP: 00007fb8b5832c91 R08: 0000000000000000 R09: 0000000000000000 [ 481.426413][T12337] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 481.426431][T12337] R13: 00007fb8b5a16128 R14: 00007fb8b5a16090 R15: 00007ffccae18fc8 [ 481.426472][T12337] [ 482.859914][ T9908] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 483.527824][ T9908] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 483.722195][ T5830] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 483.733685][ T5830] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 483.743136][ T5830] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 483.751340][ T5830] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 483.759027][ T5830] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 483.859306][ T9908] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 484.422575][ T9908] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 484.796236][ T9908] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 485.448190][T12361] chnl_net:caif_netlink_parms(): no params data found [ 485.502124][T12384] FAULT_INJECTION: forcing a failure. [ 485.502124][T12384] name failslab, interval 1, probability 0, space 0, times 0 [ 485.522307][ T9908] bridge_slave_1: left allmulticast mode [ 485.569001][ T9908] bridge_slave_1: left promiscuous mode [ 485.591478][ T9908] bridge0: port 2(bridge_slave_1) entered disabled state [ 485.669740][ T9908] bridge_slave_0: left allmulticast mode [ 485.858640][ T5830] Bluetooth: hci0: command tx timeout [ 485.911256][T12384] CPU: 1 UID: 0 PID: 12384 Comm: syz.1.1586 Tainted: G L syzkaller #0 PREEMPT(full) [ 485.911304][T12384] Tainted: [L]=SOFTLOCKUP [ 485.911314][T12384] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 485.911331][T12384] Call Trace: [ 485.911341][T12384] [ 485.911361][T12384] dump_stack_lvl+0x100/0x190 [ 485.911413][T12384] should_fail_ex.cold+0x5/0xa [ 485.911450][T12384] should_failslab+0xc2/0x120 [ 485.911484][T12384] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 485.911531][T12384] ? __d_alloc+0x34/0xa80 [ 485.911590][T12384] __d_alloc+0x34/0xa80 [ 485.911629][T12384] d_alloc+0x4a/0x1e0 [ 485.911681][T12384] lookup_one_qstr_excl+0x175/0x250 [ 485.911724][T12384] start_dirop+0x59/0xb0 [ 485.911755][T12384] simple_start_creating+0xf9/0x110 [ 485.911784][T12384] ? __pfx_simple_start_creating+0x10/0x10 [ 485.911814][T12384] ? mntput+0x70/0xa0 [ 485.911841][T12384] ? simple_pin_fs+0xa3/0x190 [ 485.911886][T12384] debugfs_start_creating.part.0+0x82/0x170 [ 485.911923][T12384] __debugfs_create_file+0xb3/0x4f0 [ 485.911963][T12384] debugfs_create_file_full+0x41/0x60 [ 485.912002][T12384] ref_tracker_dir_debugfs+0x19e/0x2e0 [ 485.912045][T12384] ? __pfx_ref_tracker_dir_debugfs+0x10/0x10 [ 485.912084][T12384] ? rcu_is_watching+0x12/0xc0 [ 485.912162][T12384] ? lockdep_init_map_type+0x5c/0x250 [ 485.912210][T12384] preinit_net.part.0+0x24e/0x8f0 [ 485.912244][T12384] copy_net_ns+0x339/0x7c0 [ 485.912287][T12384] create_new_namespaces+0x3ea/0xac0 [ 485.912330][T12384] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 485.912376][T12384] ksys_unshare+0x473/0xad0 [ 485.912411][T12384] ? do_user_addr_fault+0x7de/0x12f0 [ 485.912440][T12384] ? do_user_addr_fault+0x7de/0x12f0 [ 485.912469][T12384] ? __pfx_ksys_unshare+0x10/0x10 [ 485.912505][T12384] ? xfd_validate_state+0x129/0x190 [ 485.912561][T12384] __x64_sys_unshare+0x31/0x40 [ 485.912598][T12384] do_syscall_64+0x106/0xf80 [ 485.912627][T12384] ? clear_bhb_loop+0x40/0x90 [ 485.912663][T12384] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 485.912693][T12384] RIP: 0033:0x7fb8b579c819 [ 485.912719][T12384] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 485.912745][T12384] RSP: 002b:00007fb8b6678028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 485.912774][T12384] RAX: ffffffffffffffda RBX: 00007fb8b5a16270 RCX: 00007fb8b579c819 [ 485.912793][T12384] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 485.912811][T12384] RBP: 00007fb8b5832c91 R08: 0000000000000000 R09: 0000000000000000 [ 485.912828][T12384] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 485.912845][T12384] R13: 00007fb8b5a16308 R14: 00007fb8b5a16270 R15: 00007ffccae18fc8 [ 485.912885][T12384] [ 486.115205][ T9908] bridge_slave_0: left promiscuous mode [ 486.245464][ T9908] bridge0: port 1(bridge_slave_0) entered disabled state [ 486.413105][T12389] netlink: 226 bytes leftover after parsing attributes in process `syz.3.1587'. [ 486.865924][ T9908] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 486.887288][ T9908] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 486.913648][ T9908] bond0 (unregistering): Released all slaves [ 487.318748][T12400] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1588'. [ 487.350039][T12361] bridge0: port 1(bridge_slave_0) entered blocking state [ 487.357618][T12361] bridge0: port 1(bridge_slave_0) entered disabled state [ 487.368482][T12361] bridge_slave_0: entered allmulticast mode [ 487.396492][T12361] bridge_slave_0: entered promiscuous mode [ 487.431204][ T9908] &#$@\]\-: left promiscuous mode [ 487.604320][T12361] bridge0: port 2(bridge_slave_1) entered blocking state [ 487.612462][T12361] bridge0: port 2(bridge_slave_1) entered disabled state [ 487.826923][T12361] bridge_slave_1: entered allmulticast mode [ 487.844992][T12361] bridge_slave_1: entered promiscuous mode [ 487.905393][ T5830] Bluetooth: hci0: command tx timeout [ 488.026991][T12361] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 488.098187][T12361] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 488.166772][T12394] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1588'. [ 488.484012][T12361] team0: Port device team_slave_0 added [ 488.723411][T12361] team0: Port device team_slave_1 added [ 488.997377][T12361] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 489.029489][T12361] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 489.083735][T12361] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 489.121596][T12361] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 489.145231][T12361] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 489.215211][T12361] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 489.827580][T12361] hsr_slave_0: entered promiscuous mode [ 489.836166][T12361] hsr_slave_1: entered promiscuous mode [ 489.842593][T12361] debugfs: 'hsr0' already exists in 'hsr' [ 489.862519][T12361] Cannot create hsr debugfs directory [ 489.985443][ T5830] Bluetooth: hci0: command tx timeout [ 491.372363][T12454] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1596'. [ 492.075936][ T5830] Bluetooth: hci0: command tx timeout [ 492.455195][ T9908] hsr_slave_0: left promiscuous mode [ 492.565287][ T9908] hsr_slave_1: left promiscuous mode [ 492.581815][ T9908] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 492.636465][ T9908] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 492.696020][ T9908] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 492.703556][ T9908] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 493.032084][ T9908] veth1_macvtap: left promiscuous mode [ 493.065384][ T9908] veth0_macvtap: left promiscuous mode [ 493.072021][ T9908] veth1_vlan: left promiscuous mode [ 493.095323][ T9908] veth0_vlan: left promiscuous mode [ 493.586514][ T9908] team0 (unregistering): Port device team_slave_1 removed [ 493.631696][ T9908] team0 (unregistering): Port device team_slave_0 removed [ 494.507932][T12361] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 494.618062][T12361] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 494.704084][T12361] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 494.737663][ T5830] Bluetooth: hci3: unexpected event 0x3c length: 254 > 7 [ 494.843861][T12361] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 495.234029][T12361] 8021q: adding VLAN 0 to HW filter on device bond0 [ 495.316202][T12361] 8021q: adding VLAN 0 to HW filter on device team0 [ 495.357046][ T142] bridge0: port 1(bridge_slave_0) entered blocking state [ 495.364266][ T142] bridge0: port 1(bridge_slave_0) entered forwarding state [ 495.391639][ T142] bridge0: port 2(bridge_slave_1) entered blocking state [ 495.398931][ T142] bridge0: port 2(bridge_slave_1) entered forwarding state [ 495.458387][T12532] netlink: 330 bytes leftover after parsing attributes in process `syz.0.1605'. [ 495.731429][T12539] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1607'. [ 496.243815][T12361] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 496.503520][T12361] veth0_vlan: entered promiscuous mode [ 496.670106][T12361] veth1_vlan: entered promiscuous mode [ 497.198463][T12361] veth0_macvtap: entered promiscuous mode [ 497.278316][T12361] veth1_macvtap: entered promiscuous mode [ 497.310905][T12361] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 497.496731][T12572] openvswitch: netlink: VXLAN extension 0 has unexpected len 4 expected 0 [ 497.564033][T12361] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 497.621521][ T1317] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 497.653852][ T1317] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 497.686600][ T1317] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 497.716395][ T1317] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 498.125263][ T1317] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 498.133149][ T1317] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 498.235271][ T1317] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 498.243157][ T1317] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 498.876242][T12604] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1617'. [ 499.375417][T12618] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 499.412978][T12620] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input13 [ 499.458952][T12614] FAULT_INJECTION: forcing a failure. [ 499.458952][T12614] name failslab, interval 1, probability 0, space 0, times 0 [ 499.492321][T12614] CPU: 0 UID: 0 PID: 12614 Comm: syz.2.1581 Tainted: G L syzkaller #0 PREEMPT(full) [ 499.492374][T12614] Tainted: [L]=SOFTLOCKUP [ 499.492384][T12614] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 499.492403][T12614] Call Trace: [ 499.492419][T12614] [ 499.492430][T12614] dump_stack_lvl+0x100/0x190 [ 499.492479][T12614] should_fail_ex.cold+0x5/0xa [ 499.492514][T12614] should_failslab+0xc2/0x120 [ 499.492552][T12614] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 499.492601][T12614] ? anon_vma_fork+0x19a/0x6b0 [ 499.492686][T12614] anon_vma_fork+0x19a/0x6b0 [ 499.492739][T12614] dup_mmap+0x141f/0x2180 [ 499.492798][T12614] ? __pfx_dup_mmap+0x10/0x10 [ 499.492834][T12614] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 499.492894][T12614] ? __lock_acquire+0x4a5/0x2630 [ 499.492954][T12614] ? find_held_lock+0x2b/0x80 [ 499.492983][T12614] ? __percpu_counter_init_many+0x2bc/0x3b0 [ 499.493051][T12614] copy_process+0x7523/0x7a40 [ 499.493087][T12614] ? __lock_acquire+0x4a5/0x2630 [ 499.493143][T12614] ? __pfx_copy_process+0x10/0x10 [ 499.493198][T12614] kernel_clone+0xfc/0x9a0 [ 499.493234][T12614] ? restore_sigcontext+0x4d3/0x6a0 [ 499.493282][T12614] ? __pfx_kernel_clone+0x10/0x10 [ 499.493317][T12614] ? __pfx_restore_sigcontext+0x10/0x10 [ 499.493380][T12614] __do_sys_clone+0xd9/0x120 [ 499.493419][T12614] ? __pfx___do_sys_clone+0x10/0x10 [ 499.493457][T12614] ? __pfx_restore_altstack+0x10/0x10 [ 499.493515][T12614] ? __do_sys_rt_sigreturn+0x1da/0x2c0 [ 499.493556][T12614] ? __pfx___do_sys_rt_sigreturn+0x10/0x10 [ 499.493610][T12614] do_syscall_64+0x106/0xf80 [ 499.493640][T12614] ? clear_bhb_loop+0x40/0x90 [ 499.493679][T12614] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 499.493710][T12614] RIP: 0033:0x7f368639c819 [ 499.493737][T12614] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 499.493766][T12614] RSP: 002b:00007f368720bfd8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 499.493797][T12614] RAX: ffffffffffffffda RBX: 00007f3686616180 RCX: 00007f368639c819 [ 499.493816][T12614] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000011 [ 499.493835][T12614] RBP: 00007f3686432c91 R08: 0000000000000000 R09: 0000000000000000 [ 499.493853][T12614] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 499.493871][T12614] R13: 00007f3686616218 R14: 00007f3686616180 R15: 00007ffecbc006d8 [ 499.493913][T12614] [ 500.235291][ T5830] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 500.437123][T12627] netlink: 138 bytes leftover after parsing attributes in process `syz.3.1620'. [ 501.026059][T12646] usb usb39: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 501.034017][T12646] vhci_hcd vhci_hcd.3: invalid port number 152 [ 501.065336][T12646] vhci_hcd vhci_hcd.3: default hub control req: 05e6 vc576 i0098 l40 [ 501.837910][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.844442][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 501.993402][T12668] FAULT_INJECTION: forcing a failure. [ 501.993402][T12668] name failslab, interval 1, probability 0, space 0, times 0 [ 502.009731][T12668] CPU: 0 UID: 0 PID: 12668 Comm: syz.3.1629 Tainted: G L syzkaller #0 PREEMPT(full) [ 502.009783][T12668] Tainted: [L]=SOFTLOCKUP [ 502.009794][T12668] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 502.009812][T12668] Call Trace: [ 502.009823][T12668] [ 502.009837][T12668] dump_stack_lvl+0x100/0x190 [ 502.009892][T12668] should_fail_ex.cold+0x5/0xa [ 502.009933][T12668] should_failslab+0xc2/0x120 [ 502.009971][T12668] __kmalloc_cache_noprof+0x7a/0x6f0 [ 502.010014][T12668] ? drm_atomic_state_alloc+0xb8/0x120 [ 502.010067][T12668] drm_atomic_state_alloc+0xb8/0x120 [ 502.010109][T12668] drm_client_modeset_commit_atomic+0xcc/0x7e0 [ 502.010157][T12668] ? trace_contention_end+0x140/0x180 [ 502.010205][T12668] ? __mutex_lock+0x26a/0x1b90 [ 502.010240][T12668] ? __mutex_lock+0x26a/0x1b90 [ 502.010273][T12668] ? __pfx_drm_client_modeset_commit_atomic+0x10/0x10 [ 502.010334][T12668] ? drm_master_internal_acquire+0x21/0x80 [ 502.010423][T12668] drm_client_modeset_commit_locked+0x14d/0x580 [ 502.010482][T12668] drm_client_modeset_commit+0x4f/0x80 [ 502.010530][T12668] __drm_fb_helper_restore_fbdev_mode_unlocked.part.0+0x137/0x160 [ 502.010584][T12668] drm_fb_helper_restore_fbdev_mode_unlocked+0x93/0xc0 [ 502.010637][T12668] drm_fbdev_client_restore+0x1b/0x30 [ 502.010677][T12668] ? __pfx_drm_fbdev_client_restore+0x10/0x10 [ 502.010716][T12668] drm_client_dev_restore+0x205/0x2a0 [ 502.010773][T12668] drm_release+0x2c6/0x360 [ 502.010821][T12668] ? __pfx_drm_release+0x10/0x10 [ 502.010865][T12668] __fput+0x3ff/0xb40 [ 502.010917][T12668] task_work_run+0x150/0x240 [ 502.010965][T12668] ? __pfx_task_work_run+0x10/0x10 [ 502.011025][T12668] exit_to_user_mode_loop+0x100/0x4a0 [ 502.011071][T12668] do_syscall_64+0x668/0xf80 [ 502.011103][T12668] ? clear_bhb_loop+0x40/0x90 [ 502.011143][T12668] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 502.011176][T12668] RIP: 0033:0x7f5ec499c819 [ 502.011201][T12668] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 502.011230][T12668] RSP: 002b:00007f5ec58f1028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 502.011260][T12668] RAX: 0000000000000000 RBX: 00007f5ec4c16090 RCX: 00007f5ec499c819 [ 502.011280][T12668] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 502.011307][T12668] RBP: 00007f5ec4a32c91 R08: 0000000000000000 R09: 0000000000000000 [ 502.011326][T12668] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 502.011343][T12668] R13: 00007f5ec4c16128 R14: 00007f5ec4c16090 R15: 00007ffc0323aa68 [ 502.011388][T12668] [ 502.824713][T12674] netlink: 330 bytes leftover after parsing attributes in process `syz.2.1630'. [ 504.194085][T12712] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1642'. [ 504.230181][T12712] netlink: 'syz.0.1642': attribute type 1 has an invalid length. [ 504.255523][T12712] netlink: 13 bytes leftover after parsing attributes in process `syz.0.1642'. [ 504.739090][T12730] netlink: 'syz.1.1647': attribute type 4 has an invalid length. [ 504.815300][T12730] netlink: 314 bytes leftover after parsing attributes in process `syz.1.1647'. [ 506.058832][T12757] netlink: 504 bytes leftover after parsing attributes in process `syz.1.1654'. [ 506.176043][T12762] kstrtoul() returned -22 for lu_gp_id [ 506.629552][T12750] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 506.641423][T12750] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 506.648416][T12750] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 506.658928][T12750] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 506.665033][T12750] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 506.671746][T12750] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 506.680404][T12750] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 507.354023][T11401] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 507.905218][ T5830] Bluetooth: hci2: command 0x0c1a tx timeout [ 507.975351][T12785] netlink: 504 bytes leftover after parsing attributes in process `syz.2.1661'. [ 508.011819][T12785] netlink: 504 bytes leftover after parsing attributes in process `syz.2.1661'. [ 508.218471][T12795] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.2.1664: iget: checksum invalid [ 508.245486][T12795] faux_driver regulatory: loading /lib/firmware/updates/syzkaller/regulatory.db failed with error -74 [ 508.275575][T12795] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.2.1664: iget: checksum invalid [ 508.295602][T12795] faux_driver regulatory: loading /lib/firmware/updates/regulatory.db failed with error -74 [ 508.320734][T12795] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.2.1664: iget: checksum invalid [ 508.325927][T12797] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1664'. [ 508.371548][T12795] faux_driver regulatory: loading /lib/firmware/syzkaller/regulatory.db failed with error -74 [ 508.438654][T12795] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.2.1664: iget: checksum invalid [ 508.537307][T12801] sysfs_service_op_store: Client not running :-5: [ 508.575951][T12795] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -74 [ 508.587486][T12795] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -74 [ 508.626007][T12795] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 508.726699][ T5830] Bluetooth: hci0: command 0x0c1a tx timeout [ 508.726719][T11401] Bluetooth: hci3: command 0x0c1a tx timeout [ 508.726762][T11401] Bluetooth: hci1: command 0x0c1a tx timeout [ 509.061397][T12790] FAULT_INJECTION: forcing a failure. [ 509.061397][T12790] name failslab, interval 1, probability 0, space 0, times 0 [ 509.109008][T12790] CPU: 1 UID: 0 PID: 12790 Comm: syz.0.1660 Tainted: G L syzkaller #0 PREEMPT(full) [ 509.109062][T12790] Tainted: [L]=SOFTLOCKUP [ 509.109073][T12790] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 509.109092][T12790] Call Trace: [ 509.109103][T12790] [ 509.109123][T12790] dump_stack_lvl+0x100/0x190 [ 509.109180][T12790] should_fail_ex.cold+0x5/0xa [ 509.109221][T12790] should_failslab+0xc2/0x120 [ 509.109257][T12790] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 509.109306][T12790] ? ptlock_alloc+0x1f/0x70 [ 509.109357][T12790] ptlock_alloc+0x1f/0x70 [ 509.109400][T12790] pte_alloc_one+0x82/0x3d0 [ 509.109438][T12790] __pte_alloc+0x6d/0x3e0 [ 509.109472][T12790] ? __pfx___pte_alloc+0x10/0x10 [ 509.109505][T12790] ? __pfx___might_resched+0x10/0x10 [ 509.109549][T12790] ? copy_page_range+0x1ef8/0x6600 [ 509.109599][T12790] copy_page_range+0x3ec9/0x6600 [ 509.109688][T12790] ? __pfx_copy_page_range+0x10/0x10 [ 509.109742][T12790] ? mas_store+0x666/0xac0 [ 509.109795][T12790] ? __pfx___vma_start_write+0x10/0x10 [ 509.109850][T12790] dup_mmap+0xd25/0x2180 [ 509.109901][T12790] ? __pfx_dup_mmap+0x10/0x10 [ 509.109938][T12790] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 509.109997][T12790] ? __lock_acquire+0x4a5/0x2630 [ 509.110056][T12790] ? find_held_lock+0x2b/0x80 [ 509.110086][T12790] ? __percpu_counter_init_many+0x2bc/0x3b0 [ 509.110168][T12790] copy_process+0x7523/0x7a40 [ 509.110228][T12790] ? __pfx_copy_process+0x10/0x10 [ 509.110264][T12790] ? find_held_lock+0x2b/0x80 [ 509.110310][T12790] kernel_clone+0xfc/0x9a0 [ 509.110341][T12790] ? __pfx_futex_wait+0x10/0x10 [ 509.110387][T12790] ? __pfx_kernel_clone+0x10/0x10 [ 509.110448][T12790] __do_sys_clone+0xd9/0x120 [ 509.110488][T12790] ? __pfx___do_sys_clone+0x10/0x10 [ 509.110527][T12790] ? __fget_files+0x21f/0x3d0 [ 509.110593][T12790] do_syscall_64+0x106/0xf80 [ 509.110624][T12790] ? clear_bhb_loop+0x40/0x90 [ 509.110663][T12790] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 509.110696][T12790] RIP: 0033:0x7fa4c799c819 [ 509.110722][T12790] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 509.110752][T12790] RSP: 002b:00007fa4c88c3fd8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 509.110783][T12790] RAX: ffffffffffffffda RBX: 00007fa4c7c16090 RCX: 00007fa4c799c819 [ 509.110804][T12790] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000011 [ 509.110822][T12790] RBP: 00007fa4c7a32c91 R08: 0000000000000000 R09: 0000000000000000 [ 509.110841][T12790] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 509.110858][T12790] R13: 00007fa4c7c16128 R14: 00007fa4c7c16090 R15: 00007ffe270f20f8 [ 509.110899][T12790] [ 510.227336][T12809] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 510.235548][T12809] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 510.245425][T12809] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 510.270350][T12809] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 510.322672][T12809] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 511.763596][T11401] Bluetooth: hci2: command 0x0c1a tx timeout [ 512.099967][T11401] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 512.120421][T12855] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 512.305267][ T5829] Bluetooth: hci1: command 0x0c1a tx timeout [ 512.311462][T11401] Bluetooth: hci3: command 0x0c1a tx timeout [ 512.385251][T11401] Bluetooth: hci0: command 0x0c1a tx timeout [ 512.570025][T12862] netlink: 330 bytes leftover after parsing attributes in process `syz.3.1680'. [ 513.474297][T12870] FAULT_INJECTION: forcing a failure. [ 513.474297][T12870] name failslab, interval 1, probability 0, space 0, times 0 [ 513.488559][T12870] CPU: 1 UID: 0 PID: 12870 Comm: syz.2.1683 Tainted: G L syzkaller #0 PREEMPT(full) [ 513.488609][T12870] Tainted: [L]=SOFTLOCKUP [ 513.488619][T12870] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 513.488637][T12870] Call Trace: [ 513.488647][T12870] [ 513.488658][T12870] dump_stack_lvl+0x100/0x190 [ 513.488708][T12870] should_fail_ex.cold+0x5/0xa [ 513.488746][T12870] should_failslab+0xc2/0x120 [ 513.488782][T12870] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 513.488823][T12870] ? __proc_create+0x2cb/0x8c0 [ 513.488872][T12870] __proc_create+0x2cb/0x8c0 [ 513.488903][T12870] ? __pfx___proc_create+0x10/0x10 [ 513.488939][T12870] ? _raw_write_unlock+0x28/0x50 [ 513.488987][T12870] ? proc_register+0x559/0x8a0 [ 513.489025][T12870] proc_create_reg+0x75/0x170 [ 513.489063][T12870] proc_create_data+0x86/0x110 [ 513.489095][T12870] ? __pfx_proc_create_data+0x10/0x10 [ 513.489123][T12870] ? cache_register_net+0x137/0x5e0 [ 513.489154][T12870] ? cache_register_net+0x137/0x5e0 [ 513.489194][T12870] cache_register_net+0x25a/0x5e0 [ 513.489230][T12870] gss_svc_init_net+0x98/0x640 [ 513.489272][T12870] ? __pfx_canbcm_pernet_init+0x10/0x10 [ 513.489302][T12870] ? __pfx_rpcsec_gss_init_net+0x10/0x10 [ 513.489343][T12870] ops_init+0x1e2/0x5f0 [ 513.489378][T12870] setup_net+0x118/0x3a0 [ 513.489408][T12870] ? __pfx_setup_net+0x10/0x10 [ 513.489435][T12870] ? lockdep_init_map_type+0x5c/0x250 [ 513.489477][T12870] ? mutex_init_lockep+0x110/0x150 [ 513.489528][T12870] copy_net_ns+0x46f/0x7c0 [ 513.489564][T12870] create_new_namespaces+0x3ea/0xac0 [ 513.489608][T12870] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 513.489643][T12870] ksys_unshare+0x473/0xad0 [ 513.489684][T12870] ? __pfx_ksys_unshare+0x10/0x10 [ 513.489735][T12870] __x64_sys_unshare+0x31/0x40 [ 513.489773][T12870] do_syscall_64+0x106/0xf80 [ 513.489800][T12870] ? clear_bhb_loop+0x40/0x90 [ 513.489852][T12870] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 513.489884][T12870] RIP: 0033:0x7f368639c819 [ 513.489909][T12870] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 513.489938][T12870] RSP: 002b:00007f368724e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 513.489967][T12870] RAX: ffffffffffffffda RBX: 00007f3686615fa0 RCX: 00007f368639c819 [ 513.489988][T12870] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 513.490005][T12870] RBP: 00007f3686432c91 R08: 0000000000000000 R09: 0000000000000000 [ 513.490023][T12870] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 513.490039][T12870] R13: 00007f3686616038 R14: 00007f3686615fa0 R15: 00007ffecbc006d8 [ 513.490067][T12870] [ 514.348745][T12874] FAULT_INJECTION: forcing a failure. [ 514.348745][T12874] name failslab, interval 1, probability 0, space 0, times 0 [ 514.365716][T12874] CPU: 0 UID: 0 PID: 12874 Comm: syz.3.1681 Tainted: G L syzkaller #0 PREEMPT(full) [ 514.365768][T12874] Tainted: [L]=SOFTLOCKUP [ 514.365778][T12874] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 514.365796][T12874] Call Trace: [ 514.365806][T12874] [ 514.365818][T12874] dump_stack_lvl+0x100/0x190 [ 514.365886][T12874] should_fail_ex.cold+0x5/0xa [ 514.365925][T12874] should_failslab+0xc2/0x120 [ 514.365960][T12874] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 514.366007][T12874] ? ptlock_alloc+0x1f/0x70 [ 514.366055][T12874] ptlock_alloc+0x1f/0x70 [ 514.366094][T12874] pte_alloc_one+0x82/0x3d0 [ 514.366131][T12874] __pte_alloc+0x6d/0x3e0 [ 514.366161][T12874] ? __pfx___pte_alloc+0x10/0x10 [ 514.366191][T12874] ? __pfx___might_resched+0x10/0x10 [ 514.366235][T12874] ? copy_page_range+0x1ef8/0x6600 [ 514.366282][T12874] copy_page_range+0x3ec9/0x6600 [ 514.366370][T12874] ? __pfx_copy_page_range+0x10/0x10 [ 514.366420][T12874] ? mas_store+0x666/0xac0 [ 514.366473][T12874] ? __pfx___vma_start_write+0x10/0x10 [ 514.366527][T12874] dup_mmap+0xd25/0x2180 [ 514.366582][T12874] ? __pfx_dup_mmap+0x10/0x10 [ 514.366617][T12874] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 514.366674][T12874] ? __lock_acquire+0x4a5/0x2630 [ 514.366716][T12874] ? find_held_lock+0x2b/0x80 [ 514.366742][T12874] ? __percpu_counter_init_many+0x2bc/0x3b0 [ 514.366810][T12874] copy_process+0x7523/0x7a40 [ 514.366876][T12874] ? __pfx_copy_process+0x10/0x10 [ 514.366934][T12874] kernel_clone+0xfc/0x9a0 [ 514.366968][T12874] ? __pfx_futex_wait+0x10/0x10 [ 514.367014][T12874] ? __pfx_kernel_clone+0x10/0x10 [ 514.367073][T12874] __do_sys_clone+0xd9/0x120 [ 514.367110][T12874] ? __pfx___do_sys_clone+0x10/0x10 [ 514.367147][T12874] ? __fget_files+0x21f/0x3d0 [ 514.367210][T12874] do_syscall_64+0x106/0xf80 [ 514.367240][T12874] ? clear_bhb_loop+0x40/0x90 [ 514.367279][T12874] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 514.367311][T12874] RIP: 0033:0x7f5ec499c819 [ 514.367338][T12874] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 514.367374][T12874] RSP: 002b:00007f5ec58f0fd8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 514.367405][T12874] RAX: ffffffffffffffda RBX: 00007f5ec4c16090 RCX: 00007f5ec499c819 [ 514.367425][T12874] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000011 [ 514.367444][T12874] RBP: 00007f5ec4a32c91 R08: 0000000000000000 R09: 0000000000000000 [ 514.367462][T12874] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 514.367480][T12874] R13: 00007f5ec4c16128 R14: 00007f5ec4c16090 R15: 00007ffc0323aa68 [ 514.367523][T12874] [ 514.643181][T11401] Bluetooth: hci3: command 0x0c1a tx timeout [ 514.649336][T11401] Bluetooth: hci0: command 0x0c1a tx timeout [ 515.006715][T12893] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1694'. [ 515.019455][T12895] usb usb39: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 515.045312][T12895] vhci_hcd vhci_hcd.3: default hub control req: 0000 v0000 i0000 l0 [ 515.526910][T12903] netlink: 146 bytes leftover after parsing attributes in process `syz.2.1689'. [ 516.008681][ T5829] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18 [ 516.940116][T12930] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1697'. [ 517.028854][T12935] FAULT_INJECTION: forcing a failure. [ 517.028854][T12935] name failslab, interval 1, probability 0, space 0, times 0 [ 517.092516][T12935] CPU: 0 UID: 0 PID: 12935 Comm: syz.2.1696 Tainted: G L syzkaller #0 PREEMPT(full) [ 517.092562][T12935] Tainted: [L]=SOFTLOCKUP [ 517.092572][T12935] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 517.092588][T12935] Call Trace: [ 517.092597][T12935] [ 517.092607][T12935] dump_stack_lvl+0x100/0x190 [ 517.092655][T12935] should_fail_ex.cold+0x5/0xa [ 517.092689][T12935] should_failslab+0xc2/0x120 [ 517.092720][T12935] __kmalloc_cache_noprof+0x7a/0x6f0 [ 517.092759][T12935] ? pagemap_read+0x225/0x830 [ 517.092792][T12935] ? bpf_lsm_capable+0x9/0x10 [ 517.092822][T12935] ? security_capable+0x80/0x260 [ 517.092855][T12935] pagemap_read+0x225/0x830 [ 517.092896][T12935] ? __pfx_pagemap_read+0x10/0x10 [ 517.092940][T12935] ? rw_verify_area+0xce/0x6d0 [ 517.092980][T12935] ? __pfx_pagemap_read+0x10/0x10 [ 517.093017][T12935] vfs_read+0x1e4/0xb30 [ 517.093049][T12935] ? __pfx_vfs_read+0x10/0x10 [ 517.093073][T12935] ? __fget_files+0x215/0x3d0 [ 517.093109][T12935] ? __fget_files+0x21f/0x3d0 [ 517.093155][T12935] ksys_read+0x12a/0x250 [ 517.093180][T12935] ? __pfx_ksys_read+0x10/0x10 [ 517.093218][T12935] do_syscall_64+0x106/0xf80 [ 517.093244][T12935] ? clear_bhb_loop+0x40/0x90 [ 517.093278][T12935] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 517.093305][T12935] RIP: 0033:0x7f368639c819 [ 517.093328][T12935] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 517.093353][T12935] RSP: 002b:00007f368722d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 517.093379][T12935] RAX: ffffffffffffffda RBX: 00007f3686616090 RCX: 00007f368639c819 [ 517.093397][T12935] RDX: 00000000000039b8 RSI: 0000000000000000 RDI: 0000000000000005 [ 517.093413][T12935] RBP: 00007f368722d090 R08: 0000000000000000 R09: 0000000000000000 [ 517.093429][T12935] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 517.093444][T12935] R13: 00007f3686616128 R14: 00007f3686616090 R15: 00007ffecbc006d8 [ 517.093482][T12935] [ 517.543311][T12940] usb usb39: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 517.560879][T12940] vhci_hcd vhci_hcd.3: default hub control req: 0000 v0000 i0000 l0 [ 517.750837][T12943] netlink: 138 bytes leftover after parsing attributes in process `syz.3.1701'. [ 517.857532][T12946] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1700'. [ 518.412731][T12956] netlink: 146 bytes leftover after parsing attributes in process `syz.0.1705'. [ 518.442790][T12958] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1704'. [ 518.772720][T12958] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1704'. [ 518.788776][T12968] usb usb39: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 518.798512][T12968] vhci_hcd vhci_hcd.3: default hub control req: 0000 v0000 i0000 l0 [ 519.231951][T12975] ================================================================== [ 519.231975][T12975] BUG: KASAN: vmalloc-out-of-bounds in sys_imageblit+0x19fb/0x1d60 [ 519.232033][T12975] Write of size 8 at addr ffffc90003db97c0 by task syz.0.1708/12975 [ 519.232069][T12975] [ 519.232088][T12975] CPU: 0 UID: 0 PID: 12975 Comm: syz.0.1708 Tainted: G L syzkaller #0 PREEMPT(full) [ 519.232133][T12975] Tainted: [L]=SOFTLOCKUP [ 519.232145][T12975] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 519.232164][T12975] Call Trace: [ 519.232174][T12975] [ 519.232186][T12975] dump_stack_lvl+0x100/0x190 [ 519.232233][T12975] print_report+0x156/0x4c9 [ 519.232276][T12975] ? _raw_spin_lock_irqsave+0x52/0x60 [ 519.232323][T12975] ? __virt_addr_valid+0x81/0x620 [ 519.232367][T12975] ? sys_imageblit+0x19fb/0x1d60 [ 519.232413][T12975] kasan_report+0xdf/0x1e0 [ 519.232447][T12975] ? sys_imageblit+0x19fb/0x1d60 [ 519.232498][T12975] sys_imageblit+0x19fb/0x1d60 [ 519.232550][T12975] ? __pfx_sys_imageblit+0x10/0x10 [ 519.232602][T12975] drm_fbdev_shmem_defio_imageblit+0x20/0x130 [ 519.232640][T12975] soft_cursor+0x524/0xa10 [ 519.232685][T12975] bit_cursor+0xe58/0x16f0 [ 519.232728][T12975] ? __pfx_bit_cursor+0x10/0x10 [ 519.232773][T12975] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 519.232807][T12975] ? get_color+0x1da/0x450 [ 519.232838][T12975] ? __pfx_bit_cursor+0x10/0x10 [ 519.232875][T12975] fbcon_cursor+0x43c/0x5e0 [ 519.232913][T12975] hide_cursor+0x87/0x230 [ 519.232955][T12975] do_con_write+0x23fe/0x8540 [ 519.232983][T12975] ? trace_contention_end+0x140/0x180 [ 519.233026][T12975] ? __mutex_lock+0x26a/0x1b90 [ 519.233071][T12975] ? __pfx___mutex_lock+0x10/0x10 [ 519.233103][T12975] ? do_raw_spin_lock+0x128/0x260 [ 519.233149][T12975] ? __pfx_do_con_write+0x10/0x10 [ 519.233184][T12975] con_write+0x23/0xb0 [ 519.233212][T12975] n_tty_write+0x44f/0x12d0 [ 519.233253][T12975] ? __pfx_n_tty_write+0x10/0x10 [ 519.233285][T12975] ? trace_kmalloc+0x101/0x130 [ 519.233317][T12975] ? __pfx_woken_wake_function+0x10/0x10 [ 519.233362][T12975] ? rcu_is_watching+0x12/0xc0 [ 519.233405][T12975] ? file_tty_write.isra.0+0x694/0x890 [ 519.233450][T12975] ? kfree+0x2ec/0x6b0 [ 519.233486][T12975] ? __pfx_n_tty_write+0x10/0x10 [ 519.233519][T12975] file_tty_write.isra.0+0x4d2/0x890 [ 519.233570][T12975] redirected_tty_write+0xd4/0x120 [ 519.233619][T12975] vfs_write+0x6ac/0x1070 [ 519.233649][T12975] ? __pfx_redirected_tty_write+0x10/0x10 [ 519.233697][T12975] ? __pfx_vfs_write+0x10/0x10 [ 519.233725][T12975] ? find_held_lock+0x2b/0x80 [ 519.233765][T12975] ksys_write+0x12a/0x250 [ 519.233794][T12975] ? __pfx_ksys_write+0x10/0x10 [ 519.233828][T12975] do_syscall_64+0x106/0xf80 [ 519.233857][T12975] ? clear_bhb_loop+0x40/0x90 [ 519.233892][T12975] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 519.233924][T12975] RIP: 0033:0x7fa4c799c819 [ 519.233948][T12975] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 519.233979][T12975] RSP: 002b:00007fa4c88e5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 519.234010][T12975] RAX: ffffffffffffffda RBX: 00007fa4c7c15fa0 RCX: 00007fa4c799c819 [ 519.234031][T12975] RDX: 000000000000fdef RSI: 0000200000000000 RDI: 0000000000000003 [ 519.234051][T12975] RBP: 00007fa4c7a32c91 R08: 0000000000000000 R09: 0000000000000000 [ 519.234078][T12975] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 519.234097][T12975] R13: 00007fa4c7c16038 R14: 00007fa4c7c15fa0 R15: 00007ffe270f20f8 [ 519.234125][T12975] [ 519.234136][T12975] [ 519.234144][T12975] The buggy address belongs to a vmalloc virtual mapping [ 519.234166][T12975] Memory state around the buggy address: [ 519.234182][T12975] ffffc90003db9680: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 519.234205][T12975] ffffc90003db9700: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 519.234227][T12975] >ffffc90003db9780: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 519.234244][T12975] ^ [ 519.234262][T12975] ffffc90003db9800: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 519.234283][T12975] ffffc90003db9880: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 519.234301][T12975] ================================================================== [ 519.234318][T12975] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 519.234341][T12975] CPU: 0 UID: 0 PID: 12975 Comm: syz.0.1708 Tainted: G L syzkaller #0 PREEMPT(full) [ 519.234383][T12975] Tainted: [L]=SOFTLOCKUP [ 519.234394][T12975] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 519.234413][T12975] Call Trace: [ 519.234422][T12975] [ 519.234434][T12975] dump_stack_lvl+0x100/0x190 [ 519.234479][T12975] vpanic+0x552/0x970 [ 519.234508][T12975] ? __pfx_vpanic+0x10/0x10 [ 519.234536][T12975] ? __pfx_vprintk_emit+0x10/0x10 [ 519.234569][T12975] ? sys_imageblit+0x19fb/0x1d60 [ 519.234613][T12975] panic+0xd1/0xe0 [ 519.234640][T12975] ? __pfx_panic+0x10/0x10 [ 519.234673][T12975] ? sys_imageblit+0x19fb/0x1d60 [ 519.234720][T12975] check_panic_on_warn.cold+0x19/0x34 [ 519.234751][T12975] end_report.part.0+0x3a/0x90 [ 519.234788][T12975] kasan_report.cold+0xe/0x18 [ 519.234824][T12975] ? sys_imageblit+0x19fb/0x1d60 [ 519.234873][T12975] sys_imageblit+0x19fb/0x1d60 [ 519.234929][T12975] ? __pfx_sys_imageblit+0x10/0x10 [ 519.234979][T12975] drm_fbdev_shmem_defio_imageblit+0x20/0x130 [ 519.235015][T12975] soft_cursor+0x524/0xa10 [ 519.235067][T12975] bit_cursor+0xe58/0x16f0 [ 519.235115][T12975] ? __pfx_bit_cursor+0x10/0x10 [ 519.235154][T12975] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 519.235186][T12975] ? get_color+0x1da/0x450 [ 519.235216][T12975] ? __pfx_bit_cursor+0x10/0x10 [ 519.235250][T12975] fbcon_cursor+0x43c/0x5e0 [ 519.235286][T12975] hide_cursor+0x87/0x230 [ 519.235327][T12975] do_con_write+0x23fe/0x8540 [ 519.235354][T12975] ? trace_contention_end+0x140/0x180 [ 519.235398][T12975] ? __mutex_lock+0x26a/0x1b90 [ 519.235436][T12975] ? __pfx___mutex_lock+0x10/0x10 [ 519.235468][T12975] ? do_raw_spin_lock+0x128/0x260 [ 519.235514][T12975] ? __pfx_do_con_write+0x10/0x10 [ 519.235551][T12975] con_write+0x23/0xb0 [ 519.235578][T12975] n_tty_write+0x44f/0x12d0 [ 519.235622][T12975] ? __pfx_n_tty_write+0x10/0x10 [ 519.235656][T12975] ? trace_kmalloc+0x101/0x130 [ 519.235689][T12975] ? __pfx_woken_wake_function+0x10/0x10 [ 519.235737][T12975] ? rcu_is_watching+0x12/0xc0 [ 519.235782][T12975] ? file_tty_write.isra.0+0x694/0x890 [ 519.235826][T12975] ? kfree+0x2ec/0x6b0 [ 519.235866][T12975] ? __pfx_n_tty_write+0x10/0x10 [ 519.235902][T12975] file_tty_write.isra.0+0x4d2/0x890 [ 519.235953][T12975] redirected_tty_write+0xd4/0x120 [ 519.236001][T12975] vfs_write+0x6ac/0x1070 [ 519.236031][T12975] ? __pfx_redirected_tty_write+0x10/0x10 [ 519.236090][T12975] ? __pfx_vfs_write+0x10/0x10 [ 519.236118][T12975] ? find_held_lock+0x2b/0x80 [ 519.236158][T12975] ksys_write+0x12a/0x250 [ 519.236187][T12975] ? __pfx_ksys_write+0x10/0x10 [ 519.236221][T12975] do_syscall_64+0x106/0xf80 [ 519.236250][T12975] ? clear_bhb_loop+0x40/0x90 [ 519.236285][T12975] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 519.236317][T12975] RIP: 0033:0x7fa4c799c819 [ 519.236340][T12975] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 519.236369][T12975] RSP: 002b:00007fa4c88e5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 519.236399][T12975] RAX: ffffffffffffffda RBX: 00007fa4c7c15fa0 RCX: 00007fa4c799c819 [ 519.236420][T12975] RDX: 000000000000fdef RSI: 0000200000000000 RDI: 0000000000000003 [ 519.236440][T12975] RBP: 00007fa4c7a32c91 R08: 0000000000000000 R09: 0000000000000000 [ 519.236459][T12975] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 519.236477][T12975] R13: 00007fa4c7c16038 R14: 00007fa4c7c15fa0 R15: 00007ffe270f20f8 [ 519.236503][T12975] [ 519.237069][T12975] Kernel Offset: disabled