last executing test programs: 6m42.876254781s ago: executing program 1 (id=444): mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x40eb2, 0xd, 0x300000000000) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) fanotify_init$auto(0x5, 0x2000000000002) socket(0x2, 0x2, 0x1) socket(0x2, 0x801, 0x106) socket(0x26, 0x80805, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x12ba7e, 0x145) fanotify_mark$auto(0x0, 0x1, 0x9, 0x4, 0x0) close_range$auto(0x2, 0xffffffffffffffff, 0x0) readv$auto(0x0, &(0x7f0000000080)={0x0, 0x1e}, 0x3) keyctl$auto(0x2000000000000017, 0x3ff, 0x0, 0x0, 0x3) 6m42.464367739s ago: executing program 1 (id=447): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={0x0}, 0x1, 0x0, 0x0, 0x8800}, 0x4000000) r0 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/fail-nth\x00', 0x140242, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/block/ram9/diskseq\x00', 0x0, 0x0) syz_genetlink_get_family_id$auto_nlctrl(&(0x7f0000000240), 0xffffffffffffffff) read$auto(r1, 0x0, 0x20) writev$auto(r0, &(0x7f0000000200)={0x0, 0x10}, 0x3) openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000000), 0xa000, 0x0) read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, 0x0, 0x0) openat$auto_vcs_fops_vc_screen(0xffffffffffffff9c, 0x0, 0x108002, 0x0) close_range$auto(0x2, 0x8, 0x0) 6m42.036578206s ago: executing program 1 (id=448): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) timerfd_create$auto(0x9, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r1 = openat$auto_sw_sync_debugfs_fops_sync_debug(0xffffffffffffff9c, &(0x7f0000000000), 0xc0040, 0x0) ioctl$auto_SW_SYNC_IOC_CREATE_FENCE(r1, 0xc0285700, 0x0) ioctl$auto_SW_SYNC_IOC_CREATE_FENCE(r1, 0xc0285700, &(0x7f0000000080)={0x1, "36a2662b5b204c8944a3fa4ed15f06c8c6d22b5a8324899900", @inferred=r0}) close_range$auto(0x2, 0x8, 0x0) 6m41.122969338s ago: executing program 1 (id=453): openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/audio\x00', 0x20342, 0x0) mmap$auto(0x0, 0x400007, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, 0x0) read$auto(0x3, 0x0, 0x1f40) r0 = openat$auto_proc_clear_refs_operations_internal(0xffffffffffffff9c, &(0x7f0000000600)='/proc/thread-self/clear_refs\x00', 0x2, 0x0) r1 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200", @ANYBLOB=']'], 0x1ac}}, 0x40000) recvmmsg$auto(r1, &(0x7f0000000140)={{0x0, 0x3, &(0x7f0000000080)={0x0, 0x400}, 0x5, 0x0, 0x2000000200002, 0x8}, 0x803}, 0xfffffff9, 0x10, 0x0) write$auto_proc_clear_refs_operations_internal(r0, 0x0, 0xffffff4b) madvise$auto(0x0, 0xffffffffffff0001, 0x15) 6m39.595134159s ago: executing program 1 (id=461): mmap$auto(0x0, 0x40009, 0xe2, 0x9b72, 0x7, 0x28000) close_range$auto(0x2, 0xa, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket(0x2, 0x3, 0x6) lsm_list_modules$auto(0x0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0xd, 0x11, 0x6, 0x7fff, 0x8, 0xffffffffffffffff, [], {0x6, 0x6, 0xf, 0x2df, 0x500, 0x81, 0x101, 0x6, 0x2}, {0x100, 0x1, 0x52, 0x5, 0x10001, 0x40, 0x76c5, 0x8, 0x7fffffffffffffff}}) open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) open(&(0x7f0000000040)='./file0\x00', 0x8643, 0x15e) ioctl$sock_SIOCGIFINDEX(r0, 0x401c5820, 0x0) rename$auto(&(0x7f0000000480)='./file0\x00', 0x0) 6m39.296381006s ago: executing program 1 (id=467): mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, 0x0, 0x20201, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x28, 0x5, 0x0) socket(0xa, 0x1, 0x84) setsockopt$auto(0x3, 0x10000000084, 0xd, 0x0, 0x8) bind$auto(0x3, 0x0, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) shutdown$auto(0x200000003, 0x2) 6m24.118331226s ago: executing program 32 (id=467): mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, 0x0, 0x20201, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x28, 0x5, 0x0) socket(0xa, 0x1, 0x84) setsockopt$auto(0x3, 0x10000000084, 0xd, 0x0, 0x8) bind$auto(0x3, 0x0, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) shutdown$auto(0x200000003, 0x2) 2m36.417381084s ago: executing program 2 (id=1589): mmap$auto(0x7ffffffd, 0x40000c, 0x11, 0x9b72, 0x2, 0x8000) epoll_create$auto(0x4) r0 = socket(0x1d, 0x1, 0x7fff) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, 0x0, 0x8000) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/system/node/node1/compact\x00', 0xc2481, 0x0) writev$auto(r2, &(0x7f0000000080)={&(0x7f0000000040), 0x1000}, 0x3) socket(0x18, 0x5, 0x1) syz_genetlink_get_family_id$auto_smbd_genl(&(0x7f0000000240), r0) msync$auto(0x1ffff000, 0x1800000000000fe, 0x400000004) 2m35.115074553s ago: executing program 2 (id=1592): close_range$auto(0x0, 0xfffffffffffff000, 0x2) openat$auto_vhci_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r0 = socket(0x11, 0x3, 0x9) openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) openat$auto_debugfs_full_proxy_file_operations_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/ieee80211/phy1/force_tx_status\x00', 0x81300, 0x0) r1 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/sequencer\x00', 0x783b04, 0x0) sendmsg$auto_NL802154_CMD_SET_CCA_MODE(0xffffffffffffffff, &(0x7f0000000dc0)={0x0, 0x0, &(0x7f0000000d80)={&(0x7f0000000000)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="01012bbd7000fddbdf250d0300000c00060001ff"], 0x20}, 0x1, 0x0, 0x0, 0x60040440}, 0x800) close_range$auto(0x2, 0x8, 0x0) r2 = socket(0x10, 0x2, 0x4) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0xc) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYRES32=0x0, @ANYRES8=r0, @ANYRES8=r1], 0x18}, 0x1, 0x0, 0x0, 0x60008004}, 0x2000c082) write$auto(r2, &(0x7f0000000000)='-\x00', 0xfdef) 2m34.57362207s ago: executing program 2 (id=1604): socket(0x10, 0x80002, 0x0) bind$auto(0x3, &(0x7f0000000000)=@generic={0x10, "a500acb75c9cedd1b5e9a0d76293"}, 0x68) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/vgem/driver_override\x00', 0x0, 0x0) r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/net/rpc/auth.unix.ip/flush\x00', 0x40d81, 0x0) write$auto_proc_reg_file_ops_compat_inode(r1, 0x0, 0x0) write$auto_proc_pid_attr_operations_base(r0, &(0x7f0000000ec0)='9', 0x1) r2 = open(0x0, 0x4242, 0x40) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_ovs_vport(&(0x7f0000000900), r3) sendmsg$auto_OVS_VPORT_CMD_SET(r3, &(0x7f0000002680)={0x0, 0x0, &(0x7f0000002640)={&(0x7f0000001240)={0x20, r4, 0x1, 0x70bd2b, 0x25dfdbfd, {}, [@OVS_VPORT_ATTR_UPCALL_STATS={0x4}, @OVS_VPORT_ATTR_PORT_NO={0x8, 0x1, 0xa6fa}]}, 0x20}, 0x1, 0x0, 0x0, 0x4810}, 0x4) flock$auto(r2, 0x1) flock$auto(r2, 0x2) ioctl$auto_BLKRRPART(r2, 0x125f, 0x0) 2m33.871188874s ago: executing program 2 (id=1597): openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mtdblock0\x00', 0x14f602, 0x0) r0 = socket(0x2, 0x5, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r1, 0x0, 0x20) r2 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r2, &(0x7f0000000200)={0x0, 0x7}, 0x3) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x14f602, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) write$auto_proc_mem_operations_base(0xffffffffffffffff, 0x0, 0x0) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0xfff, &(0x7f00000000c0)={0x0, 0x1feff}, 0x7, 0x0, 0x5, 0xb}, 0xfff}, 0x8, 0x311) 2m33.124086892s ago: executing program 2 (id=1599): socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) r0 = gettid() kexec_load$auto(0x5, 0x2, &(0x7f0000000040)={@kbuf=0x0, 0x2aa7, 0x6c0000c000, 0xc000}, 0x4) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) ioperm$auto(0x3, 0x5, 0x149) kill$auto(r0, 0x11) syz_clone3(&(0x7f0000000380)={0x4081080, 0x0, 0x0, 0x0, {0x37}, 0x0, 0x0, 0x0, 0x0}, 0x58) r1 = openat$auto_bm_register_operations_binfmt_misc(0xffffffffffffff9c, &(0x7f0000000640), 0x401, 0x0) write$auto_bm_register_operations_binfmt_misc(r1, &(0x7f0000000100)="b5fcb5114c179410cc977d", 0xb) prctl$auto(0x3e, 0x4000000000001, 0x0, 0x1, 0x0) sysfs$auto(0x2, 0x100000000000036, 0x0) fsopen$auto(0x0, 0x1) close_range$auto(0x2, 0x8, 0x0) 2m31.334428274s ago: executing program 2 (id=1608): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000001a80)='/dev/bus/usb/001/001\x00', 0x29202, 0x0) mmap$auto(0x2000, 0x80009, 0xb, 0x8000000008011, r0, 0x0) mincore$auto(0x1000, 0x8001, 0x0) mmap$auto(0x0, 0x2020009, 0x7, 0xeb2, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) unshare$auto(0x40000080) r1 = pidfd_open$auto(0x1, 0x0) setns(r1, 0x60020000) sched_get_priority_min$auto(0x6) mount$auto(0x0, &(0x7f00000000c0)='.\x00', &(0x7f0000000180)='nfsd\x00', 0x8, 0x0) pivot_root$auto(&(0x7f0000000100)='..\x00', &(0x7f0000000340)='.\x00z\x86E\xb8\xf1\xcbx\xf6cu<\x0e\xd8\xa5\xcd~\xaf\x80\xd3\xf4\xe5\x02\xf9q p\xe2\x8b\xc0\xedf\xba\x16*\x8ar\xa0\'$A\xe5\xc5\x89\xcb\xd5\xac\x98,\xd4Pycv\xdd\xa1\x84\xfb\xe9\r\x82\x15P*IM\xf7.\xf3v\x85Q\xbc:\xef\xd5\x1a\x9e\xbck\x1d\x114^\x1b\x02\xa1\xb0(\xa2\xdb\xbc\x1a\t\x94\x14\xbb\xc8\xfa\x18I\xff\x7f\xab\xf0\x8f\xd3Gr\xfb5\xf1,\x11\x052u&\xde\x9aF\n\xf0\x06\xfc\x1b\x17\x82%\x14\xb3\x19\x13\f\xbe_\xfdi\x17\xfcv\x82*\xbf<\xfa5\xfd\x8b\x1d\x99\a`\xde\xf4\x8a,\tP) \xf4\xdc\r\x17x\xc6\x18Y\xeaaUY\xeb\xd2\x81\xbare\x00\x8e\xfdA\x93\xb9\xac\xf1\x0eq\x85\xd9\x90\x8a%K\x95\x8fm\v\x98y\x9bc-\xa7;\x117\x19)\x04\xb4\nJ\x0e\x1b\x97e\xee\xdb\xc3\xca\xfe\xa7y\x12\xff\xce') 2m15.887353839s ago: executing program 33 (id=1608): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000001a80)='/dev/bus/usb/001/001\x00', 0x29202, 0x0) mmap$auto(0x2000, 0x80009, 0xb, 0x8000000008011, r0, 0x0) mincore$auto(0x1000, 0x8001, 0x0) mmap$auto(0x0, 0x2020009, 0x7, 0xeb2, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) unshare$auto(0x40000080) r1 = pidfd_open$auto(0x1, 0x0) setns(r1, 0x60020000) sched_get_priority_min$auto(0x6) mount$auto(0x0, &(0x7f00000000c0)='.\x00', &(0x7f0000000180)='nfsd\x00', 0x8, 0x0) pivot_root$auto(&(0x7f0000000100)='..\x00', &(0x7f0000000340)='.\x00z\x86E\xb8\xf1\xcbx\xf6cu<\x0e\xd8\xa5\xcd~\xaf\x80\xd3\xf4\xe5\x02\xf9q p\xe2\x8b\xc0\xedf\xba\x16*\x8ar\xa0\'$A\xe5\xc5\x89\xcb\xd5\xac\x98,\xd4Pycv\xdd\xa1\x84\xfb\xe9\r\x82\x15P*IM\xf7.\xf3v\x85Q\xbc:\xef\xd5\x1a\x9e\xbck\x1d\x114^\x1b\x02\xa1\xb0(\xa2\xdb\xbc\x1a\t\x94\x14\xbb\xc8\xfa\x18I\xff\x7f\xab\xf0\x8f\xd3Gr\xfb5\xf1,\x11\x052u&\xde\x9aF\n\xf0\x06\xfc\x1b\x17\x82%\x14\xb3\x19\x13\f\xbe_\xfdi\x17\xfcv\x82*\xbf<\xfa5\xfd\x8b\x1d\x99\a`\xde\xf4\x8a,\tP) \xf4\xdc\r\x17x\xc6\x18Y\xeaaUY\xeb\xd2\x81\xbare\x00\x8e\xfdA\x93\xb9\xac\xf1\x0eq\x85\xd9\x90\x8a%K\x95\x8fm\v\x98y\x9bc-\xa7;\x117\x19)\x04\xb4\nJ\x0e\x1b\x97e\xee\xdb\xc3\xca\xfe\xa7y\x12\xff\xce') 1m42.842714053s ago: executing program 0 (id=1849): mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000) socket(0x10, 0x2, 0x6) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x55) socket(0x2, 0x3, 0xa) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x8) connect$auto(0x3, &(0x7f00000018c0)=@l2tp={0x2, 0x0, @multicast1}, 0x55) sendmmsg$auto(0x3, 0x0, 0x9a6, 0xe000) connect$auto(0x3, &(0x7f00000000c0), 0x55) write$auto(0x3, 0x0, 0x800) 1m42.027603281s ago: executing program 0 (id=1852): socket(0x2, 0x3, 0xa) mmap$auto(0x0, 0xe983, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) mkdir$auto(&(0x7f0000000100)='}[,&*}\x00', 0x8003) socketpair$auto(0x2, 0x7, 0x1, 0x0) close_range$auto(0x2, 0xa, 0x0) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) r1 = ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/net/ip6tnl0/name_assign_type\x00', 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) ioctl$auto(0x3, 0xae60, 0x10000000000402) r2 = socket$nl_generic(0x10, 0x3, 0x10) statfs$auto(&(0x7f0000000180)='}[,&*}\x00', 0x0) ioctl$auto(r1, 0x4008ae6a, r2) 1m41.078618973s ago: executing program 0 (id=1858): open(&(0x7f0000000000)='X))\x00', 0x145042, 0x1d0) r0 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={0x0, 0x1ac}}, 0x40000) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x155) socket(0xa, 0x2, 0x73) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), r1) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000001c0)={'wlan0\x00', 0x0}) sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[@ANYBLOB='H\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="2f212cbd7000fcdbdf253100000008000300", @ANYRES32=r3], 0x48}}, 0x4000000) sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x4008) 1m40.087656708s ago: executing program 0 (id=1863): openat$auto_debugfs_full_proxy_file_operations_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/ieee80211/phy0/aqm\x00', 0x82, 0x0) r0 = getegid() r1 = landlock_create_ruleset$auto(0x0, 0x0, 0x2) write$auto_console_fops_tty_io(r1, &(0x7f0000000280)="40ecea0b5003551f9c8291baaba72e3a9e16", 0x12) socket$nl_generic(0x10, 0x3, 0x10) msgctl$auto(0x8, 0x8, &(0x7f0000000180)={{0x8, 0xffffffffffffffff, r0, 0x7ff, 0x2, 0x4c4, 0x2}, 0x0, &(0x7f0000000140)=0x2, 0x8, 0x8000, 0x96e, 0x5, 0x8, 0x7, 0x6c, 0x3, @raw=0x9, @raw=0x7}) ioctl$auto_BLKTRACESETUP(r1, 0xc0481273, 0x0) shmctl$auto_IPC_STAT(0x5, 0x2, &(0x7f0000000380)={{0x0, r2, r0, 0x8, 0xc0000000, 0x81, 0xc}, 0x80000000, 0x4, 0x3, 0x7, @inferred, @raw=0x4, 0xfd8c, 0x0, &(0x7f00000002c0), 0x0}) mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x4f1, 0x2, 0x8000) move_pages$auto(0x1, 0xf54, 0x0, 0x0, 0x0, 0x8000000000000000) madvise$auto(0x0, 0xffffffffffff0006, 0x17) madvise$auto(0x0, 0xffffffffffff0001, 0x15) write$auto(0x3, 0x0, 0xfdef) 1m38.840846673s ago: executing program 0 (id=1868): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0xa, 0x801, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) ioctl$auto_BLKFLSBUF(0xffffffffffffffff, 0x1261, 0x0) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) uname$auto(0x0) setsockopt$auto(0x3, 0x1, 0x20, 0x0, 0x9) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x7, 0x3e, 0xfffffffffffffffa, 0x87, 0x7, 0x6, 0x4, 0x9, 0x3, 0x6, 0x4, 0xb4, 0x9, 0x2, 0x10000, 0x80, 0x7, 0x0, 0x9, 0x2000, 0x200, 0x0, 0x84, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x1, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3]}, 0x1fe, 0x200d) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0x1}, 0x2, 0x0, 0x0, 0x9}, 0x6}, 0x3, 0x0) write$auto(0x3, 0x0, 0xffd8) 1m37.838292219s ago: executing program 0 (id=1870): mmap$auto(0x0, 0x400008, 0xe2, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0xc) r0 = socket(0x2, 0x1, 0x106) setsockopt$auto(r0, 0x1, 0x21, 0x0, 0x9) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0xffff, @remote}, 0x6d) listen$auto(0x3, 0x81) accept$auto(0x3, 0x0, 0x0) r1 = socket(0x2, 0x1, 0x0) sendmmsg$auto(r1, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x4, 0x0, 0x7fff, 0x4}, 0x80000b}, 0x5, 0x20000000) close_range$auto(0x2, 0x8, 0x0) unshare$auto(0x40000080) fallocate$auto(0x8000000000000003, 0x0, 0x9, 0x4cbd5d) 1m22.311149357s ago: executing program 34 (id=1870): mmap$auto(0x0, 0x400008, 0xe2, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0xc) r0 = socket(0x2, 0x1, 0x106) setsockopt$auto(r0, 0x1, 0x21, 0x0, 0x9) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0xffff, @remote}, 0x6d) listen$auto(0x3, 0x81) accept$auto(0x3, 0x0, 0x0) r1 = socket(0x2, 0x1, 0x0) sendmmsg$auto(r1, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x4, 0x0, 0x7fff, 0x4}, 0x80000b}, 0x5, 0x20000000) close_range$auto(0x2, 0x8, 0x0) unshare$auto(0x40000080) fallocate$auto(0x8000000000000003, 0x0, 0x9, 0x4cbd5d) 54.675282471s ago: executing program 5 (id=2043): r0 = openat$auto_nsim_pp_hold_fops_netdev(0xffffffffffffff9c, 0x0, 0xc0b02, 0x0) syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) poll$auto(0x0, 0x5, 0x108) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) setns(0xffffffffffffffff, 0x0) sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000480)=ANY=[@ANYBLOB="ea12e528ded30ff1309c8b1613007984cb"], 0x14}}, 0x4000080) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0xa3d9) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000340)='/sys/module/hid_cougar/parameters/g6_is_space\x00', 0x129102, 0x0) write$auto(r2, &(0x7f0000000000)='y\x8c', 0x2) get_mempolicy$auto(&(0x7f0000000180)=0x6, &(0x7f0000000280)=0x5, 0xa6, 0xfff, 0x3) write$auto(r0, 0x0, 0xc70) 53.817817101s ago: executing program 5 (id=2045): r0 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) socket(0xa, 0x3, 0x3b) timer_create$auto(0xfffffffa, &(0x7f0000000100)={@sival_int=0x9, @inferred, 0x1, @_sigev_thread={0x0, 0x0}}, &(0x7f0000000140)=0x6) timer_settime$auto(0x0, 0x2, &(0x7f00000000c0)={{0xf, 0x10007}}, 0x0) r1 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0x802, 0x0) ioctl$auto_USBDEVFS_CONTROL(r1, 0xc0185500, 0x0) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/system/cpu/cpu0/cache/index2/coherency_line_size\x00', 0x80880, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r2, &(0x7f0000001100)=""/4105, 0x1009) ioctl$auto_TUNSETVNETBE2(r0, 0x400454de, &(0x7f0000000040)=0x1) write$auto_proc_reg_file_ops_compat_inode(0xffffffffffffffff, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) 53.305629964s ago: executing program 5 (id=2046): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) fcntl$getown(0xffffffffffffffff, 0x9) close_range$auto(0x0, 0x5, 0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/tty12\x00', 0x101840, 0x0) r1 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0xffffffffffffffff, 0x28000) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_nsim_pp_hold_fops_netdev(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/netdevsim/netdevsim1/ports/3/pp_hold\x00', 0x101001, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) r3 = openat$auto_iommufd_fops_main(0xffffffffffffff9c, 0x0, 0x80001, 0x0) openat$auto_dvb_dvr_fops_dmxdev(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) ioctl$auto(r3, 0x3b8e, r2) select$auto(0x8, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0x6, 0x1, 0x948b, 0x3, 0xa, 0x572f14dc, 0x80000000, 0x80000000, 0x0, 0xb, 0x6d3b, 0x100000001, 0x0, 0x104afc6a]}, 0x0) ioctl$auto(r0, 0x541c, r1) 52.668812716s ago: executing program 5 (id=2052): mmap$auto(0x0, 0x2000c, 0xdf, 0x20eb1, 0x40000000000a5, 0x8000) io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x20081, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) socket(0xf, 0x3, 0x2) lstat$auto(0x0, &(0x7f0000000180)={0x4, 0x9, 0x6, 0x63, 0x0, 0x0, 0x0, 0x8, 0x200, 0x2, 0x40000402, 0x9, 0x9, 0x2, 0xd, 0x6, 0x200000100103}) sendmsg$auto_OVS_DP_CMD_NEW(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYRES32=r0, @ANYRES16=0x0, @ANYBLOB="0f"], 0x24}, 0x1, 0x0, 0x0, 0x20000800}, 0x4) r1 = socket(0x10, 0x2, 0x6) sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="13"], 0x1ac}, 0x1, 0x0, 0x0, 0x2000c000}, 0x4004) recvmmsg$auto(0x3, 0x0, 0x4, 0x2, 0x0) 52.473897288s ago: executing program 5 (id=2054): r0 = openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, 0x0, 0x408000, 0x0) ioctl$auto_VHOST_SET_VRING_CALL2(r0, 0x4008af21, &(0x7f00000001c0)={0x5}) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'bridge0\x00'}) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sda\x00', 0x8001, 0x0) io_uring_setup$auto(0x6, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'wlan1\x00'}) epoll_create$auto(0x3e) fanotify_init$auto(0x65, 0x2) pipe$auto(0x0) r1 = socket(0x11, 0x80003, 0x300) setsockopt$auto(r1, 0x107, 0x14, 0x0, 0x4) sendmmsg$auto(r1, &(0x7f0000000400)={{&(0x7f0000000000), 0x205aa, &(0x7f0000000100)={0x0, 0x4b}, 0x1, 0x0, 0x5, 0x1060}, 0x5}, 0x2, 0x100) 52.21270117s ago: executing program 5 (id=2056): ioctl$auto_TCSBRK2(0xffffffffffffffff, 0x5409, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) mbind$auto(0x8000, 0xfa9d, 0x2, 0x0, 0x3, 0x1) r0 = socket(0x2a, 0x2, 0x1) mmap$auto(0x0, 0x200006, 0x5, 0x50, r0, 0x2ffffffffffe) ioctl$auto(0xffffffffffffffff, 0x9210642d, 0xc5) socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$auto_proc_clear_refs_operations_internal(0xffffffffffffff9c, &(0x7f0000000600)='/proc/thread-self/clear_refs\x00', 0x2, 0x0) write$auto_proc_clear_refs_operations_internal(r1, 0x0, 0xffffff4b) unshare$auto(0x40000080) unshare$auto(0x40000080) r2 = socket(0x11, 0x80003, 0x300) setsockopt$auto(r2, 0x107, 0x2, 0x0, 0x28) 36.915704332s ago: executing program 35 (id=2056): ioctl$auto_TCSBRK2(0xffffffffffffffff, 0x5409, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) mbind$auto(0x8000, 0xfa9d, 0x2, 0x0, 0x3, 0x1) r0 = socket(0x2a, 0x2, 0x1) mmap$auto(0x0, 0x200006, 0x5, 0x50, r0, 0x2ffffffffffe) ioctl$auto(0xffffffffffffffff, 0x9210642d, 0xc5) socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$auto_proc_clear_refs_operations_internal(0xffffffffffffff9c, &(0x7f0000000600)='/proc/thread-self/clear_refs\x00', 0x2, 0x0) write$auto_proc_clear_refs_operations_internal(r1, 0x0, 0xffffff4b) unshare$auto(0x40000080) unshare$auto(0x40000080) r2 = socket(0x11, 0x80003, 0x300) setsockopt$auto(r2, 0x107, 0x2, 0x0, 0x28) 25.221858681s ago: executing program 3 (id=2160): socket(0x2, 0x80002, 0x73) r0 = socket(0x15, 0x5, 0x0) bpf$auto(0x0, &(0x7f00000001c0)=@task_fd_query={0x9, r0, 0x7ff, 0x6, 0xa, 0x1000009, 0x5f, 0x0, 0x3}, 0x6f6) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) openat2$dir(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)={0x80040, 0x40, 0xe}, 0x18) socket(0xa, 0x5, 0x0) socket(0x2, 0x1, 0x0) socket(0x10, 0x2, 0x0) memfd_create$auto(&(0x7f00000000c0)='\xc4--:\xdd:,./-${\x00', 0x4) socket(0xa, 0x3, 0x100) sendmmsg$auto(r2, &(0x7f0000000000)={{0x0, 0x8, 0x0, 0x106, 0x0, 0x1, 0xfffffff3}, 0xed7138c}, 0x7, 0x0) r3 = socket(0xa, 0x2, 0x88) bpf$auto(0x0, &(0x7f0000000000)=@link_update={r3, @new_prog_fd=0x4, 0x4, @old_map_fd=r1}, 0xa8) 24.574176736s ago: executing program 3 (id=2163): rseq$auto(&(0x7f0000000340)={0xe, 0x401, 0x0, 0x806, 0xffffffff, 0x2}, 0x8000, 0x0, 0x8000006) socket(0x23, 0x80805, 0x0) listen$auto(0x3, 0x83) listen$auto(0x3, 0x81) r0 = open(&(0x7f0000000000)='./file0\x00', 0x4242, 0xe1d2b27bdc14aab4) modify_ldt$auto(0x8, 0x0, 0xdcc) flock$auto(r0, 0x1) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) r1 = open(&(0x7f0000000040)='./file0\x00', 0x4242, 0x40) flock$auto(r1, 0x2) r2 = socket(0xa, 0x5, 0x0) getsockopt$auto(r2, 0x84, 0x1c, 0x0, 0x0) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) socket(0xa, 0x5, 0x84) 23.43295435s ago: executing program 3 (id=2166): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0xa, 0x8000) socket(0x10, 0x2, 0x0) r0 = socket(0x18, 0x2, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'veth0\x00'}) close_range$auto(0x0, 0xffffffffffffffff, 0x2) socket(0xa, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x801, 0x84) r2 = socket(0x18, 0x5, 0x1) connect$auto(r2, &(0x7f0000000000)=@in={0x2, 0x100}, 0x3a) ioctl$sock_SIOCGIFINDEX(r0, 0x80047437, 0x0) syz_genetlink_get_family_id$auto_nlbl_mgmt(0x0, r2) 22.86335506s ago: executing program 3 (id=2170): connect$auto(0x3, 0x0, 0x58) openat$auto_vcs_fops_vc_screen(0xffffffffffffff9c, 0x0, 0x2a801, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) rseq$auto(&(0x7f00000001c0)={0xe, 0x20401, 0x5fc, 0x10000006, 0xffffffff, 0x6}, 0x8000, 0x0, 0x6) close_range$auto(0x2, 0x8, 0x0) openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f0000000340), 0x189400, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/cgroup.threads\x00', 0x80302, 0x0) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r1) syz_genetlink_get_family_id$auto_nl802154(0x0, 0xffffffffffffffff) ioctl$auto_KVM_CREATE_VM(r0, 0xae80, 0x0) 22.077188849s ago: executing program 3 (id=2173): socket(0x2, 0x80002, 0x73) socket(0x15, 0x5, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x5, 0x0) socket(0x2, 0x1, 0x0) socket(0x10, 0x2, 0x0) memfd_create$auto(&(0x7f00000000c0)='\xc4--:\xdd:,./-${\x00', 0x4) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x3, 0x100) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket(0xa, 0x2, 0x88) bpf$auto(0x0, &(0x7f0000000000)=@link_update={r0, @new_prog_fd=0x4, 0x4, @old_map_fd}, 0xa8) 21.252927242s ago: executing program 3 (id=2176): mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) r0 = openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x40080, 0x0) ioctl$auto_UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000400)={{0xc, 0x23, 0xa6, 0x83}, "66ac010005000000000068d190eb0d4a4cada7272464294b9183349eef4c1f028fdcc8ecc66fdd02316f064ebd893007abb4c0bbc3b822f66eaf240963110d61771552c03de65800", 0x2}) ioctl$auto_UI_DEV_CREATE(r0, 0x5501, 0x0) mmap$auto(0x7f, 0x40004022009, 0x3, 0x6dc4b6fc, 0x401, 0x9) r1 = io_uring_setup$auto(0xa, 0x0) ioctl$auto_KVM_GET_DEVICE_ATTR(r1, 0x4018aee2, &(0x7f00000000c0)={0x6, 0xffffffffffffffff, 0x1, 0x101}) fsconfig$auto(r0, 0x5, &(0x7f0000000040)='%\'[\x00', &(0x7f0000000080)="8a639f77e3f0849e7f1106cc5595d91dd3fd1c4d21660814afc4d23b14425292d2db758ade57", r2) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) connect$auto(r0, &(0x7f0000000000)=@generic={0x3, "0000e100"}, 0x5b) unshare$auto(0x40000080) 7.376833863s ago: executing program 7 (id=2223): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x2501, 0x0) r0 = socket(0x10, 0x2, 0x4) r1 = open(&(0x7f0000000000)='./cgroup.cpu/cgroup.procs\x00', 0x101800, 0x4) read$auto(r1, 0x0, 0x1) write$auto(r0, 0x0, 0xfdef) syz_genetlink_get_family_id$auto_802_15_4_mac(&(0x7f0000000240), 0xffffffffffffffff) sendmsg$auto_IEEE802154_LLSEC_LIST_DEVKEY(r0, 0x0, 0x4044850) openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, 0x0, 0x2c00, 0x0) mmap$auto(0x33, 0x2020009, 0x3, 0x16, 0xfffffffffffffffa, 0x8000) syslog$auto(0x3, &(0x7f0000000080)='..\x00k\xac\x8c\x1d\x0e\x98\x80\xd2\xaf\xa1\xf2\x1e\xe1R1\xa2\x8e\xce\xa0\x17\bI3\'\xc5tw\xd7\x1d\xa6\xf4#+\xfa\xd7\x01\xb9j<\v\xf47\n\xa7\xd2\x8b\x11e1\xb3\xfdd\x04\xa9 1q\x97\xc4,\xa9^\xc1\xb6\x84q\x0f\xd1\x013\x87l\xb9\x1e\x05\x90\xa24X@\xadD\xf8\x9d\xf3 \xd2]\xc4\x13G\x1d\x04!\xc1\xeb.e$\xfb\xa3KU\xcf\xc1\x7fFD\x99\xf5v\v\x9dS\xc11P\xa3\xe9\xb0SqL\x85\xea\xb2\x9cY\x83.I\xca\x92\x1c\xc4\x13CV=\x92\x17c\x87iOt\x14On\x15=\v\xf0 \xc5\x8b~\xd6\xd4\xc7\xa3a\x1c\x06\x17\xb3\x88\x8c\xf1L\xba\x89a\xfd\xa5\xc6\x7fU\x00\xe5\x9b', 0x5) r2 = syz_open_procfs$namespace(0x0, &(0x7f0000000080)) fchdir$auto(r2) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0x0, 0x0) 6.783739197s ago: executing program 7 (id=2226): mmap$auto(0x0, 0x4005, 0x2, 0x40eb2, 0x401, 0x300000000000) close_range$auto(0x0, 0xfffff004, 0x2) socket(0xa, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket(0xa, 0x2, 0x88) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'bond0\x00', 0x0}) bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_5={@target_ifindex=r3, r2, 0x8, 0xff, r0, @relative_fd, 0xe600}, 0xf) bpf$auto(0x2, &(0x7f00000001c0)=@raw_tracepoint={0x5, 0xffffffffffffffff, 0x0, 0x1}, 0x4) socket(0x2, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) select$auto(0x57b, 0x0, 0x0, &(0x7f0000000440)={[0x1ff, 0x7, 0xd, 0x8000000000001, 0x948b, 0x3, 0x15f4da07, 0x3, 0x7, 0x65, 0x8000001f, 0x1000, 0x6d3e, 0x1009, 0x2, 0x8]}, 0x0) 6.199059333s ago: executing program 36 (id=2176): mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) r0 = openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x40080, 0x0) ioctl$auto_UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000400)={{0xc, 0x23, 0xa6, 0x83}, "66ac010005000000000068d190eb0d4a4cada7272464294b9183349eef4c1f028fdcc8ecc66fdd02316f064ebd893007abb4c0bbc3b822f66eaf240963110d61771552c03de65800", 0x2}) ioctl$auto_UI_DEV_CREATE(r0, 0x5501, 0x0) mmap$auto(0x7f, 0x40004022009, 0x3, 0x6dc4b6fc, 0x401, 0x9) r1 = io_uring_setup$auto(0xa, 0x0) ioctl$auto_KVM_GET_DEVICE_ATTR(r1, 0x4018aee2, &(0x7f00000000c0)={0x6, 0xffffffffffffffff, 0x1, 0x101}) fsconfig$auto(r0, 0x5, &(0x7f0000000040)='%\'[\x00', &(0x7f0000000080)="8a639f77e3f0849e7f1106cc5595d91dd3fd1c4d21660814afc4d23b14425292d2db758ade57", r2) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) connect$auto(r0, &(0x7f0000000000)=@generic={0x3, "0000e100"}, 0x5b) unshare$auto(0x40000080) 5.820496628s ago: executing program 7 (id=2230): memfd_secret$auto(0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) r0 = open(0x0, 0x261c2, 0x84) close_range$auto(0x2, 0x8000, 0x0) r1 = open(&(0x7f0000000000)='./file0\x00', 0x261c2, 0x84) io_uring_setup$auto(0x9, 0x0) close_range$auto(0x2, 0x8000, 0x0) r2 = socket(0xa, 0x2, 0x88) socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_5={@target_fd=r0, r3, 0x4, 0x401, r2, @relative_id=0x14, 0xe600}, 0xd) bpf$auto(0x2, &(0x7f00000001c0)=@raw_tracepoint={0x5, r1, 0x0, 0x3}, 0xc) 4.83909263s ago: executing program 7 (id=2233): mmap$auto(0x0, 0x400408, 0xdf, 0x20000000009b72, 0x2, 0x8000) r0 = socket(0x2, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x39}}, 0x6c) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x2, 0xb}, 0x3}, 0x20009, 0x20000000) capget$auto(0x0, 0xfffffffffffffffe) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) close_range$auto(0x2, 0x8, 0x0) r1 = getpgrp(0xffffffffffffffff) kill$auto_SIGCONT(r1, 0x12) close_range$auto(0x2, 0x8, 0x0) sysfs$auto(0x2, 0x2, 0x9) bpf$auto_BPF_PROG_TEST_RUN(0xa, 0x0, 0x3) close_range$auto(0x2, 0x8000, 0x0) io_uring_setup$auto(0x59, 0x0) 4.000834111s ago: executing program 7 (id=2236): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000080)='/dev/v4l-subdev1\x00', 0x169000, 0x0) ioctl$auto(r0, 0xc0845658, r0) mmap$auto(0x0, 0x3, 0xb, 0x3132, 0x4008df3, 0x0) sched_setaffinity$auto(0x0, 0x9899, &(0x7f00000000c0)=0xf19d) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) madvise$auto_MADV_GUARD_INSTALL(0x0, 0x2021000, 0x66) mremap$auto(0x1ff000, 0xff, 0x843, 0x3, 0xfffff000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mremap$auto(0xfffff000, 0x4, 0x4, 0x7, 0x1ff000) openat$auto_virtual_ncidev_fops_virtual_ncidev(0xffffffffffffff9c, &(0x7f0000000000), 0x4000, 0x0) r1 = openat$auto_qrtr_tun_ops_tun(0xffffffffffffff9c, &(0x7f0000000040), 0x481, 0x0) pwrite64$auto(r1, 0x0, 0x400000, 0xc) clone$auto(0x20003b46, 0x80000001, 0x0, 0x0, 0x2) 3.811762468s ago: executing program 6 (id=2237): rseq$auto(&(0x7f0000000340)={0xe, 0x401, 0x0, 0x806, 0xffffffff, 0x2}, 0x8000, 0x0, 0x8000006) socket(0x23, 0x80805, 0x0) listen$auto(0x3, 0x83) listen$auto(0x3, 0x81) r0 = open(&(0x7f0000000000)='./file0\x00', 0x4242, 0xe1d2b27bdc14aab4) modify_ldt$auto(0x8, 0x0, 0xdcc) flock$auto(r0, 0x1) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) r1 = open(&(0x7f0000000040)='./file0\x00', 0x4242, 0x40) flock$auto(r1, 0x2) r2 = socket(0xa, 0x5, 0x0) getsockopt$auto(r2, 0x84, 0x1c, 0x0, 0x0) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) socket(0xa, 0x5, 0x84) 3.414165634s ago: executing program 4 (id=2239): openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ram5\x00', 0x14fa02, 0x0) openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x82000, 0x0) openat$auto_snd_pcm_f_ops_pcm1(0xffffffffffffff9c, 0x0, 0x0, 0x0) setresuid$auto(0x0, 0x0, 0x0) sendmsg$auto_NL80211_CMD_GET_STATION(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000440)={&(0x7f00000004c0)=ANY=[@ANYRES16=0x0, @ANYRES32, @ANYBLOB="0c00598008002000b104c89e41f8bab562a5dfc76afcc28d39d0cdb7d6680bcbf0414da57d11e6a8732587fc35e790a5ee2d1a7da946f1a691c0f81eeda7d5ea1bdb2a", @ANYRES32=0x0], 0x558}, 0x1, 0x0, 0x0, 0x88844}, 0x200088c0) openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, 0x0, 0x121900, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto_PR_SET_MM_START_STACK(0x80000000, 0x5, 0x0, 0x2, 0x1) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) r1 = openat$auto_iommufd_fops_main(0xffffffffffffff9c, &(0x7f0000000400), 0x80001, 0x0) ioctl$auto(r1, 0x3b82, 0x38) write$auto(r0, 0x0, 0x100000a3d9) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) sendfile$auto(0x3, 0x3, 0x0, 0x400000000006) 3.038728914s ago: executing program 7 (id=2240): r0 = socket(0x2, 0x1, 0x106) bind$auto(r0, &(0x7f0000000040)=@in={0x2, 0x3, @multicast2}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D2\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) write$auto(0x3, 0x0, 0xfffffdef) socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) msync$auto(0x0, 0x2000000005, 0x6) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) 2.810617832s ago: executing program 6 (id=2241): mmap$auto(0x0, 0x200006, 0x2, 0x40eb1, 0x602, 0x300000000000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x44814}, 0x2004c0c4) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) socket(0x29, 0x5, 0x0) socket(0xa, 0x3, 0x3a) socket(0x2, 0xa, 0x1) r0 = socket(0x10, 0x2, 0x0) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x9, 0xd, 0x2, 0x6, 0x7, 0x8, 0xffffffffffffffff, [], {0x6, 0x6, 0xf, 0x29f, 0x100, 0x7f, 0x101, 0x6, 0x2}, {0x100, 0x1, 0x52, 0x5, 0x1, 0x40, 0x40, 0x8, 0x100000000}}) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x4040, 0x75) socket(0xa, 0x2, 0x3a) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "ab06fdffff00fff500"}, 0x55) sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x8) 2.72575793s ago: executing program 6 (id=2242): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) openat$auto_debugfs_full_proxy_file_operations_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/ieee80211/phy0/netdev:wlan0/rc_rateidx_mcs_mask_5ghz\x00', 0x88000, 0x0) r1 = openat$auto_fops_blob_file(0xffffffffffffff9c, &(0x7f0000011500), 0x40002, 0x0) write$auto(r1, 0x0, 0x0) ioctl$auto_SNDCTL_DSP_SPEED(r0, 0xc0045002, &(0x7f0000000140)="3318cb") r2 = pipe2$auto(0x0, 0x80) read$auto(0xffffffffffffffff, 0x0, 0x20) ioctl$auto_SNDCTL_DSP_CHANNELS(r0, 0xc0045006, 0x0) recvfrom$auto(r2, 0x0, 0x8000000000000001, 0x2, &(0x7f0000000180)=@vsock={0x28, 0x0, 0x2711, @host}, &(0x7f00000001c0)=0x2) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x2c40, 0x0) write$auto(0x3, 0x0, 0x7fffffff) read$auto(0x3, 0x0, 0x80) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) 2.600080662s ago: executing program 4 (id=2243): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x7f, 0x8000) getcwd$auto(0x0, 0xffffffffffffffff) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_transaction_log_fops_(0xffffffffffffff9c, 0x0, 0x100, 0x0) mknod$auto(&(0x7f0000000040)='./file0\x00', 0x1001, 0x4) open(&(0x7f0000000000)='./file0\x00', 0x101800, 0x181) r0 = creat$auto(&(0x7f0000000040)='./file0\x00', 0x81) r1 = socket$nl_generic(0x10, 0x3, 0x10) fcntl$auto(0x4, 0x4, 0xa553) sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="14000000", @ANYBLOB="010b2d"], 0x14}, 0x1, 0x0, 0x0, 0x4}, 0x4000) splice$auto(r1, 0x0, r0, 0x0, 0xb, 0xf) 2.298596815s ago: executing program 4 (id=2244): mmap$auto(0x0, 0x1, 0x37eb, 0x40eb2, 0x4, 0x300000000000) r0 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) write$auto(0xca, &(0x7f0000000080)='\x04 \xa1M\x11=.!\xd3\'\x8a\x00\x00\x00\x00\x00\xbd\x90q\xd0\xff\xea\xe9\x04B\x1c\x9a\x02y(\x83\xdf-g\xd7.\x83\xb2\xe4x\xdb\xfb\x18#&\x83\x17\x18\x05\x12|\x83$\xd0\x9a?\xf2W\xdd\xd3Z*\xa5\x81V\x98+q\xef(]\x81\x1c\x98B]\x9c\xd7\x05\x11\xcc\x1d\xc5\t\xe1A\fA\x8b\xd8\x8b\xb5\xa0\x9c\xab\xb6:\x18\xeaz\xc2!x0\f\xaa\xbd\xbeGh\x0f\v2\x83\x12>\xe7\x9e\xdb\xb5yO\xa3*\xb8\x9fH\xc0K0\x87\xc3N~2\xb1\xc4\xc7y9u\xa6\x89\xa9@\xf1\x92M(\x9e\xf9\x8e\xbf\x86\xfav7t\x14\xde\xd9Wd1G\x97\x13\x84\xff\x99\xdf\xd2\xa2\xf5l\xd6\xcf\x04\f^@r\xe9!\xb1X\xf19$\xf0h\v\r\xd0\xd9\xefm[l\xa4\xc7\x0e+H\xed\xf8\x82Wh%\x1f\x99\xaa\xf2\xb3\xb3Nr\xb0\x9a\xd2\xb67\xca\xdar\xa6\xe07\x061\xb7\xa6\xa9\x1b?>\x03\xad^\xd7\xbb-\'}\xc7\x82\xaa\n\xac\xa3\x15\x82\xc0\x02\x18\x1f\xb1cX\xc9\xcaGf((p<\x17|\x03\x00\x00\x00Qop^Y\xf4\xeccl\xa0$\xe0\'\xf8\x83\x8c\x7fW!p^=\x12\xbf$\xae7\xa2,\xce\xd1\xb0\xbd\x01\xf0z\x97\x0f\x94\xb5\x10&@\xaeF\xb8\x92\xd5\x15E\xf8\\ =SMH6\xd6\xd2\xa2~\x0e\x87\f\x0e\xe2\xd7\xfc\xed9\xaa\x81Qdw\xa0\xe7;D\xfa\xd3+\x93<\xce\xf16%\xc1s\b\xb0\xfe\xcd\xaf\x1a\xed\xf9\xd3HD\x82\xb5d\x9e\x91\xa1\x04\xe0\x86\xd94\x06O2\xc4O\xffm\xc3O\xe89\xbe\x03B\x0f6\xbe\xaf\xaa=[7\xd9\xca\xd2\xa0&\xc4(=%\xda\rM(&\xe4\x12S\nm\xd8\xb4\x8a\x1f\x00', 0x7e) mmap$auto(0x0, 0x400004, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) getdents64$auto(0x2, 0xfffffffffffffffe, 0x1) close_range$auto(0x2, r0, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r1) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) r3 = openat$auto_stat_fops_per_vm_kvm_main(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/kvm/halt_poll_fail_hist\x00', 0xa2500, 0x0) read$auto_stat_fops_per_vm_kvm_main(r3, 0x0, 0x0) 1.932074704s ago: executing program 6 (id=2245): bind$auto(0x3, 0x0, 0x6a) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x700, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mq_timedsend$auto(0xffffffffffffffff, 0x0, 0x7d, 0x9, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) prctl$auto(0x400, 0x7fff, 0x0, 0x10000, 0x100000000000007) mmap$auto(0x0, 0x2020007, 0xffffffffffffffff, 0xeb1, 0xffffffffffffffff, 0x8000) close_range$auto(0x2, 0x8, 0x0) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) r1 = ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$auto(0x3, 0xae60, 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$auto(r1, 0x4020ae76, r2) 1.354897308s ago: executing program 4 (id=2246): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) r0 = epoll_create$auto(0x107fb9) socket(0x10, 0x2, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x101202, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x101242, 0x0) open(0x0, 0x206000, 0x195) pread64$auto(0xffffffffffffffff, &(0x7f0000000040)='/proc/scsi/sg/devices\x00', 0x10001, 0x3) socket(0x18, 0xa, 0x1) socket(0xa, 0x2, 0x0) write$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, 0x0, 0x0) r1 = openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f00000000c0), 0x440, 0x0) ioctl$auto_RTC_UIE_ON(r1, 0x7003, 0x0) ioctl$auto_IOCTL_VMCI_QUEUEPAIR_ALLOC(r0, 0x7a8, 0x0) ioctl$auto_RTC_SET_TIME(r1, 0x4024700a, &(0x7f0000000040)={0x1f, 0x7, 0x5, 0x2, 0x2, 0x80000, 0xcb, 0x6c36, 0x6}) 1.097068039s ago: executing program 4 (id=2247): set_mempolicy$auto(0x6, &(0x7f0000000000)=0x7fffffffffffffff, 0x4) write$auto(0xffffffffffffffff, 0x0, 0x100000a3d9) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) mmap$auto(0x61, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0xa, 0x0) socket(0xa, 0x2, 0x0) r0 = socket(0xa, 0x3, 0xff) connect$auto(r0, &(0x7f00000018c0)=@generic={0xa}, 0x55) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7fffffe) 1.096302614s ago: executing program 6 (id=2254): r0 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000300)='/dev/snd/controlC2\x00', 0x8100, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r0, 0xc0045516, &(0x7f0000000040)=0x5) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) read$auto(r0, 0x0, 0x800) openat$auto_transaction_log_fops_(0xffffffffffffff9c, 0x0, 0x100, 0x0) r1 = openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, 0x0, 0x202041, 0x0) r2 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x101202, 0x0) r3 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x101242, 0x0) sendfile$auto(r3, r2, 0x0, 0x48) close_range$auto(r1, 0xffffffffffffffff, 0x800) r4 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000280)='/dev/snd/controlC2\x00', 0x80, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_ADD(r4, 0xc1105517, &(0x7f0000000580)={{@raw=0x7fffffff, 0xf0ee, 0x20009, 0x3, "790eaa00ffff8eac2cdafc1f64010043eeb0b053030001ffff000e00", @raw=0x1}, 0x4, 0x966, 0x3, @raw=0x404, @integer={0x800000000000400e, 0x2000000b752, 0x1}, "6cc1294d63a4f1b4285854c5368de438f8cc142ef6df12bf3373a1183bedbd31b642b4051b078fa1c1c61c329794e5311121c760cb9611c78e6947a99807bcc1"}) r5 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/v4l-subdev3\x00', 0x169000, 0x0) ioctl$auto(r5, 0xc0285629, r5) 164.084376ms ago: executing program 6 (id=2248): r0 = openat$auto_dynamic_events_ops_trace_dynevent(0xffffffffffffff9c, &(0x7f0000000280)='/sys/kernel/tracing/dynamic_events\x00', 0x201, 0x0) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) write$auto(r1, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) chdir$auto(0x0) pipe$auto(0x0) r2 = openat$auto_loop_ctl_fops_loop(0xffffffffffffff9c, &(0x7f0000000040), 0x40, 0x0) r3 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) close_range$auto(r2, r0, 0xb6da) write$auto(r3, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) ioctl$auto_LOOP_CTL_ADD(r2, 0x4c80, 0xfffffffffffffffd) write$auto_dynamic_events_ops_trace_dynevent(0xffffffffffffffff, &(0x7f0000000080)="65507307076687a725ca87720ef9769f20592e77a8977acfd064c712782b89f145862d9956b07a53d8eef31e4c4cd45ac0a7f9b7d5cf7cf6b7b354a69aaecc3922f2e2dff4f1cd4d01273dd7e6e3c25f55a98d1f8136ec6e811c938f585215ad065b3cfd983bbe8feb1b973a5474b66bd559360efb43a07749f1a3af3f9d0617f601eb7d2cfda308f62cc318c431cf1ea743f3005f26dbfe560d5b49594fb93a861d448d4b401305bcd781d6debc1b9769d97c10cc2218c78acd948099ebbcdf8bbf706c29dadda9af4f488127bd92a7bee51fca116f0ec22879a7d1e8a3e055368284860bdbff94d33633960c2cb76d072b47", 0xf3) r4 = open(&(0x7f0000000000)='./file0\x00', 0x4242, 0xe1d2b27bdc14aabc) fallocate$auto(r4, 0x0, 0x7, 0x4cbd5d) sendmsg$auto_NL802154_CMD_NEW_SEC_KEY(r4, &(0x7f0000000200)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x100504}, 0xc, &(0x7f00000001c0)={&(0x7f00000002c0)={0xfc, 0x0, 0x20, 0x70bd26, 0x25dfdbfb, {}, [@NL802154_ATTR_WPAN_PHY_CAPS={0xdf, 0x18, 0x0, 0x1, [@generic="ec50d915f21ff58b7158f61ee40eea863b4bc3e509d9be0e350740b31df586a6031d6beb259b32720c853d70f2f35e2052c0f63120ecd3d4e1f2be608a6957fad956ccfc36de8c5369dd324988f000c2bd71efde839b8311cebf7f94dc0577c5119d9fda4128276e05760a96891f33cce4f339b4ba7c174022b5eed14b67a4fb9bdeb1f3d2eb0aa7020b3c78aef4245417868bfa", @generic="56f3a25b08a7425f84f47e4da9a7967c90dc61512399cb1e8e578694425f6702f130e19482e592a53b2ba5959836889f7c2ac6cab1008ee1b5e63bebed112e1f0f56b8370bf95f"]}, @NL802154_ATTR_PAGE={0x5, 0x7, 0x9}]}, 0xfc}, 0x1, 0x0, 0x0, 0x4000000}, 0x20000000) 0s ago: executing program 4 (id=2249): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0xa, 0x1, 0x84) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000180)='/dev/loop11\x00', 0x20000, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) r0 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) close_range$auto(0x2, 0x8, 0x0) open(&(0x7f0000000000)='./file0\x00', 0x4242, 0xe1d2b27bdc14aabc) open(&(0x7f0000000000)='./file0\x00', 0x40440, 0x40) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/v4l-subdev2\x00', 0x2000, 0x0) openat$auto_buffer_subbuf_size_fops_trace(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/tracing/buffer_subbuf_size_kb\x00', 0x2, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/net/bond0/bonding/lp_interval\x00', 0x1e2142, 0x0) r1 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x48402, 0x0) read$auto(r1, 0x0, 0x1f40) writev$auto(r0, &(0x7f0000000200)={0x0, 0x7}, 0x3) kernel console output (not intermixed with test programs): a00016e3200 dead000000000002 [ 438.316698][T11262] raw: 0000000000000000 0000000000130013 00000000f5000000 0000000000000000 [ 438.316749][T11262] head: 00fff00000000040 ffff88801e6feb40 ffffea00016e3200 dead000000000002 [ 438.316782][T11262] head: 0000000000000000 0000000000130013 00000000f5000000 0000000000000000 [ 438.316815][T11262] head: 00fff00000000002 ffffea0001e00001 00000000ffffffff 00000000ffffffff [ 438.316853][T11262] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 438.316875][T11262] page dumped because: unmovable page [ 438.316893][T11262] page_owner tracks the page as allocated [ 438.316920][T11262] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xf2820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_MEMALLOC|__GFP_COMP|__GFP_NOMEMALLOC), pid 7229, tgid 7227 (syz.1.424), ts 182301851108, free_ts 116601239317 [ 438.335673][T11266] CPU: 1 UID: 0 PID: 11266 Comm: syz.3.1609 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 438.335756][T11266] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 438.335777][T11266] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 438.335799][T11266] Call Trace: [ 438.335812][T11266] [ 438.335825][T11266] dump_stack_lvl+0x16c/0x1f0 [ 438.335875][T11266] should_fail_ex+0x512/0x640 [ 438.335931][T11266] ? __kmalloc_cache_noprof+0x5f/0x780 [ 438.335974][T11266] should_failslab+0xc2/0x120 [ 438.336025][T11266] __kmalloc_cache_noprof+0x72/0x780 [ 438.336063][T11266] ? rfkill_fop_open+0x1b6/0x750 [ 438.336108][T11266] ? rfkill_fop_open+0x1b6/0x750 [ 438.336151][T11266] rfkill_fop_open+0x1b6/0x750 [ 438.336194][T11266] ? __pfx_rfkill_fop_open+0x10/0x10 [ 438.336235][T11266] misc_open+0x26d/0x450 [ 438.336292][T11266] ? __pfx_misc_open+0x10/0x10 [ 438.336348][T11266] chrdev_open+0x234/0x6a0 [ 438.336392][T11266] ? __pfx_apparmor_file_open+0x10/0x10 [ 438.336448][T11266] ? __pfx_chrdev_open+0x10/0x10 [ 438.336497][T11266] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 438.336550][T11266] do_dentry_open+0x982/0x1530 [ 438.336596][T11266] ? __pfx_chrdev_open+0x10/0x10 [ 438.336657][T11266] vfs_open+0x82/0x3f0 [ 438.336723][T11266] path_openat+0x1de4/0x2cb0 [ 438.336780][T11266] ? __pfx_path_openat+0x10/0x10 [ 438.336825][T11266] ? __lock_acquire+0xb8a/0x1c90 [ 438.336882][T11266] do_filp_open+0x20b/0x470 [ 438.336926][T11266] ? __pfx_do_filp_open+0x10/0x10 [ 438.337004][T11266] ? alloc_fd+0x471/0x7d0 [ 438.337056][T11266] do_sys_openat2+0x11b/0x1d0 [ 438.337112][T11266] ? __pfx_do_sys_openat2+0x10/0x10 [ 438.337195][T11266] __x64_sys_openat+0x174/0x210 [ 438.337251][T11266] ? __pfx___x64_sys_openat+0x10/0x10 [ 438.337327][T11266] do_syscall_64+0xcd/0xfa0 [ 438.337378][T11266] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 438.337414][T11266] RIP: 0033:0x7fdf80b8f6c9 [ 438.337443][T11266] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 438.337478][T11266] RSP: 002b:00007fdf819ca038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 438.337512][T11266] RAX: ffffffffffffffda RBX: 00007fdf80de5fa0 RCX: 00007fdf80b8f6c9 [ 438.337536][T11266] RDX: 0000000000000000 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 438.337559][T11266] RBP: 00007fdf80c11f91 R08: 0000000000000000 R09: 0000000000000000 [ 438.337582][T11266] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 438.337603][T11266] R13: 00007fdf80de6038 R14: 00007fdf80de5fa0 R15: 00007fff8c9f4608 [ 438.337655][T11266] [ 438.770885][T11262] post_alloc_hook+0x1c0/0x230 [ 438.792371][T11262] get_page_from_freelist+0x10a3/0x3a30 [ 438.798017][T11262] __alloc_frozen_pages_noprof+0x25f/0x2470 [ 438.842004][T11262] alloc_pages_mpol+0x1fb/0x550 [ 438.846973][T11262] new_slab+0x24a/0x360 [ 438.855956][T11262] ___slab_alloc+0xd79/0x1a50 [ 438.860794][T11262] __slab_alloc.constprop.0+0x63/0x110 [ 438.866455][T11262] kmem_cache_alloc_node_noprof+0x43c/0x770 [ 438.872495][T11262] kmalloc_reserve+0x18b/0x2c0 [ 438.877337][T11262] __alloc_skb+0x166/0x380 [ 438.881853][T11262] __netdev_alloc_skb+0x213/0x920 [ 438.887049][T11262] __ieee80211_beacon_get+0xab1/0x1e40 [ 438.892896][T11262] ieee80211_beacon_get_tim+0xa6/0x280 [ 438.898441][T11262] mac80211_hwsim_beacon_tx+0x4dc/0xa40 [ 438.904985][T11262] __iterate_interfaces+0x2e5/0x650 [ 438.910271][T11262] ieee80211_iterate_active_interfaces_atomic+0x71/0x1b0 [ 438.998822][T11262] page last free pid 6013 tgid 6002 stack trace: [ 439.012872][T11262] __free_frozen_pages+0x7df/0x1160 [ 439.026526][T11262] kimage_free_page_list+0x130/0x230 [ 439.040324][T11262] kimage_alloc_control_pages+0x3d3/0xa00 [ 439.055568][T11262] do_kexec_load+0x478/0x8a0 [ 439.066956][T11262] __x64_sys_kexec_load+0x1bf/0x230 [ 439.084381][T11262] do_syscall_64+0xcd/0xfa0 [ 439.098353][T11262] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 439.139574][T11268] netlink: 338 bytes leftover after parsing attributes in process `syz.3.1611'. [ 439.173238][T11270] netlink: 342 bytes leftover after parsing attributes in process `syz.3.1611'. [ 439.213638][T11269] netlink: 338 bytes leftover after parsing attributes in process `syz.3.1611'. [ 440.071613][T11297] FAULT_INJECTION: forcing a failure. [ 440.071613][T11297] name failslab, interval 1, probability 393216, space 0, times 0 [ 440.085002][T11297] CPU: 0 UID: 0 PID: 11297 Comm: syz.0.1619 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 440.085084][T11297] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 440.085102][T11297] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 440.085122][T11297] Call Trace: [ 440.085132][T11297] [ 440.085144][T11297] dump_stack_lvl+0x16c/0x1f0 [ 440.085189][T11297] should_fail_ex+0x512/0x640 [ 440.085245][T11297] ? kmem_cache_alloc_noprof+0x62/0x6e0 [ 440.085287][T11297] should_failslab+0xc2/0x120 [ 440.085332][T11297] kmem_cache_alloc_noprof+0x75/0x6e0 [ 440.085367][T11297] ? ptlock_alloc+0x1f/0x70 [ 440.085425][T11297] ? ptlock_alloc+0x1f/0x70 [ 440.085473][T11297] ptlock_alloc+0x1f/0x70 [ 440.085522][T11297] pte_alloc_one+0x84/0x350 [ 440.085561][T11297] __pte_alloc+0x6d/0x380 [ 440.085600][T11297] ? __pfx___pte_alloc+0x10/0x10 [ 440.085641][T11297] ? __pfx___might_resched+0x10/0x10 [ 440.085674][T11297] ? move_page_tables+0x546/0x4230 [ 440.085707][T11297] ? alloc_new_pud+0x217/0x320 [ 440.085740][T11297] move_page_tables+0x2372/0x4230 [ 440.085800][T11297] ? __pfx_copy_vma+0x10/0x10 [ 440.085842][T11297] ? __pfx_move_page_tables+0x10/0x10 [ 440.085875][T11297] ? register_lock_class+0x41/0x4c0 [ 440.085946][T11297] ? finish_task_switch.isra.0+0x21c/0xc10 [ 440.085988][T11297] copy_vma_and_data+0x24e/0x790 [ 440.086026][T11297] ? __pfx_copy_vma_and_data+0x10/0x10 [ 440.086071][T11297] ? __vma_enter_locked+0x163/0x3f0 [ 440.086124][T11297] ? find_held_lock+0x2b/0x80 [ 440.086159][T11297] ? move_vma+0x52e/0x1770 [ 440.086201][T11297] move_vma+0x540/0x1770 [ 440.086247][T11297] ? __pfx_move_vma+0x10/0x10 [ 440.086287][T11297] ? shmem_get_unmapped_area+0x170/0xa00 [ 440.086341][T11297] ? cap_mmap_addr+0x4b/0x120 [ 440.086388][T11297] ? bpf_lsm_mmap_addr+0x9/0x10 [ 440.086424][T11297] ? security_mmap_addr+0x6c/0x1e0 [ 440.086460][T11297] ? __get_unmapped_area+0x267/0x440 [ 440.086515][T11297] ? vrm_set_new_addr+0x208/0x290 [ 440.086553][T11297] mremap_to+0x1b7/0x450 [ 440.086588][T11297] do_mremap+0xd89/0x2020 [ 440.086623][T11297] ? futex_private_hash_put+0xd5/0x190 [ 440.086667][T11297] ? futex_hash_put+0x3e/0x50 [ 440.086705][T11297] ? futex_wake+0x1ad/0x530 [ 440.086761][T11297] ? __pfx_do_mremap+0x10/0x10 [ 440.086790][T11297] ? __pfx_futex_wake+0x10/0x10 [ 440.086850][T11297] ? do_user_addr_fault+0x829/0x1370 [ 440.086893][T11297] __do_sys_mremap+0x119/0x170 [ 440.086926][T11297] ? __pfx___do_sys_mremap+0x10/0x10 [ 440.086965][T11297] ? rcu_is_watching+0x12/0xc0 [ 440.087007][T11297] ? __x64_sys_futex+0x1e0/0x4c0 [ 440.087080][T11297] do_syscall_64+0xcd/0xfa0 [ 440.087122][T11297] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 440.087155][T11297] RIP: 0033:0x7f9a0cd8f6c9 [ 440.087181][T11297] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 440.087221][T11297] RSP: 002b:00007f9a0dc19038 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 440.087261][T11297] RAX: ffffffffffffffda RBX: 00007f9a0cfe5fa0 RCX: 00007f9a0cd8f6c9 [ 440.087283][T11297] RDX: 0000000000003fd6 RSI: 0000000000000007 RDI: 0000000000000000 [ 440.087303][T11297] RBP: 00007f9a0ce11f91 R08: 0000000020000000 R09: 0000000000000000 [ 440.087324][T11297] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000000 [ 440.087345][T11297] R13: 00007f9a0cfe6038 R14: 00007f9a0cfe5fa0 R15: 00007ffcfbdcaa68 [ 440.087389][T11297] [ 441.128545][T11308] FAULT_INJECTION: forcing a failure. [ 441.128545][T11308] name fail_futex, interval 1, probability 0, space 0, times 0 [ 441.141928][T11308] CPU: 1 UID: 0 PID: 11308 Comm: syz.3.1621 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 441.141995][T11308] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 441.142014][T11308] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 441.142032][T11308] Call Trace: [ 441.142042][T11308] [ 441.142054][T11308] dump_stack_lvl+0x16c/0x1f0 [ 441.142098][T11308] should_fail_ex+0x512/0x640 [ 441.142153][T11308] get_futex_key+0x1d0/0x1560 [ 441.142201][T11308] ? __pfx_get_futex_key+0x10/0x10 [ 441.142247][T11308] ? __pfx___might_resched+0x10/0x10 [ 441.142280][T11308] ? trace_kmem_cache_alloc+0x28/0xc0 [ 441.142326][T11308] ? lockdep_init_map_type+0x5c/0x280 [ 441.142378][T11308] futex_wake+0xea/0x530 [ 441.142424][T11308] ? lockdep_init_map_type+0x5c/0x280 [ 441.142474][T11308] ? __pfx_futex_wake+0x10/0x10 [ 441.142523][T11308] ? __lock_acquire+0x622/0x1c90 [ 441.142573][T11308] ? alloc_file_pseudo+0x1b3/0x230 [ 441.142628][T11308] do_futex+0x1e3/0x350 [ 441.142673][T11308] ? __pfx_do_futex+0x10/0x10 [ 441.142728][T11308] __x64_sys_futex+0x1e0/0x4c0 [ 441.142778][T11308] ? __pfx___x64_sys_futex+0x10/0x10 [ 441.142821][T11308] ? __x64_sys_signalfd+0x128/0x1a0 [ 441.142862][T11308] ? __pfx___x64_sys_signalfd+0x10/0x10 [ 441.142928][T11308] do_syscall_64+0xcd/0xfa0 [ 441.142971][T11308] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 441.143004][T11308] RIP: 0033:0x7fdf80b8f6c9 [ 441.143031][T11308] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 441.143063][T11308] RSP: 002b:00007fdf819ca0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 441.143095][T11308] RAX: ffffffffffffffda RBX: 00007fdf80de5fa8 RCX: 00007fdf80b8f6c9 [ 441.143116][T11308] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fdf80de5fac [ 441.143138][T11308] RBP: 00007fdf80de5fa0 R08: 00007fdf819cb000 R09: 0000000000000000 [ 441.143158][T11308] R10: 0000000000000005 R11: 0000000000000246 R12: 0000000000000000 [ 441.143183][T11308] R13: 00007fdf80de6038 R14: 00007fff8c9f4520 R15: 00007fff8c9f4608 [ 441.143228][T11308] [ 441.691565][T11312] FAULT_INJECTION: forcing a failure. [ 441.691565][T11312] name failslab, interval 1, probability 393216, space 0, times 0 [ 441.707263][T11312] CPU: 0 UID: 0 PID: 11312 Comm: syz.0.1623 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 441.707338][T11312] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 441.707358][T11312] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 441.707377][T11312] Call Trace: [ 441.707388][T11312] [ 441.707400][T11312] dump_stack_lvl+0x16c/0x1f0 [ 441.707447][T11312] should_fail_ex+0x512/0x640 [ 441.707495][T11312] ? kmem_cache_alloc_node_noprof+0x65/0x770 [ 441.707536][T11312] should_failslab+0xc2/0x120 [ 441.707581][T11312] kmem_cache_alloc_node_noprof+0x78/0x770 [ 441.707616][T11312] ? __alloc_skb+0x2b2/0x380 [ 441.707674][T11312] ? __alloc_skb+0x2b2/0x380 [ 441.707719][T11312] __alloc_skb+0x2b2/0x380 [ 441.707778][T11312] ? __pfx___alloc_skb+0x10/0x10 [ 441.707829][T11312] ? ip_frag_init+0x270/0x350 [ 441.707865][T11312] ? ima_match_policy+0x7f9/0x22e0 [ 441.707908][T11312] __ip6_append_data+0x2b74/0x4740 [ 441.707965][T11312] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 441.708020][T11312] ? __pfx___ip6_append_data+0x10/0x10 [ 441.708068][T11312] ? __pfx_ip6_mtu+0x10/0x10 [ 441.708104][T11312] ? ip6_setup_cork+0xc51/0x1530 [ 441.708153][T11312] ip6_make_skb+0x2c8/0x3f0 [ 441.708204][T11312] ? ip6_dst_check+0x343/0x950 [ 441.708251][T11312] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 441.708291][T11312] ? __pfx_ip6_make_skb+0x10/0x10 [ 441.708342][T11312] ? find_held_lock+0x2b/0x80 [ 441.708401][T11312] ? sk_dst_check+0x1da/0x540 [ 441.708458][T11312] ? udpv6_sendmsg+0x2365/0x2d30 [ 441.708508][T11312] udpv6_sendmsg+0x2365/0x2d30 [ 441.708543][T11312] ? aa_label_sk_perm+0x195/0x600 [ 441.708576][T11312] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 441.708626][T11312] ? __pfx_udpv6_sendmsg+0x10/0x10 [ 441.708669][T11312] ? __lock_acquire+0x622/0x1c90 [ 441.708729][T11312] ? __pfx___might_resched+0x10/0x10 [ 441.708802][T11312] ? __pfx_udpv6_sendmsg+0x10/0x10 [ 441.708842][T11312] ? inet6_sendmsg+0x105/0x140 [ 441.708877][T11312] inet6_sendmsg+0x105/0x140 [ 441.708915][T11312] sock_write_iter+0x437/0x610 [ 441.708959][T11312] ? __pfx_sock_write_iter+0x10/0x10 [ 441.709015][T11312] ? bpf_lsm_file_permission+0x9/0x10 [ 441.709053][T11312] ? security_file_permission+0x71/0x210 [ 441.709091][T11312] ? rw_verify_area+0xcf/0x6c0 [ 441.709126][T11312] vfs_write+0x7d3/0x11d0 [ 441.709162][T11312] ? __pfx_sock_write_iter+0x10/0x10 [ 441.709206][T11312] ? __pfx_vfs_write+0x10/0x10 [ 441.709238][T11312] ? find_held_lock+0x2b/0x80 [ 441.709298][T11312] ksys_write+0x1f8/0x250 [ 441.709333][T11312] ? __pfx_ksys_write+0x10/0x10 [ 441.709381][T11312] do_syscall_64+0xcd/0xfa0 [ 441.709423][T11312] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 441.709455][T11312] RIP: 0033:0x7f9a0cd8f6c9 [ 441.709483][T11312] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 441.709517][T11312] RSP: 002b:00007f9a0dc19038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 441.709549][T11312] RAX: ffffffffffffffda RBX: 00007f9a0cfe5fa0 RCX: 00007f9a0cd8f6c9 [ 441.709571][T11312] RDX: 00000000000005c8 RSI: 0000000000000000 RDI: 0000000000000003 [ 441.709591][T11312] RBP: 00007f9a0ce11f91 R08: 0000000000000000 R09: 0000000000000000 [ 441.709612][T11312] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 441.709632][T11312] R13: 00007f9a0cfe6038 R14: 00007f9a0cfe5fa0 R15: 00007ffcfbdcaa68 [ 441.709677][T11312] [ 442.556241][T11326] netlink: 'syz.3.1628': attribute type 10 has an invalid length. [ 442.567523][T11326] netlink: 'syz.3.1628': attribute type 13 has an invalid length. [ 442.644851][T11329] netlink: 25 bytes leftover after parsing attributes in process `syz.0.1629'. [ 442.927154][T11339] bond0: invalid ARP target specified [ 444.169976][T11361] FAULT_INJECTION: forcing a failure. [ 444.169976][T11361] name failslab, interval 1, probability 393216, space 0, times 0 [ 444.183882][T11361] CPU: 1 UID: 0 PID: 11361 Comm: syz.4.1640 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 444.183954][T11361] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 444.183973][T11361] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 444.183992][T11361] Call Trace: [ 444.184003][T11361] [ 444.184015][T11361] dump_stack_lvl+0x16c/0x1f0 [ 444.184061][T11361] should_fail_ex+0x512/0x640 [ 444.184111][T11361] ? kmem_cache_alloc_noprof+0x62/0x6e0 [ 444.184150][T11361] should_failslab+0xc2/0x120 [ 444.184195][T11361] kmem_cache_alloc_noprof+0x75/0x6e0 [ 444.184229][T11361] ? __anon_vma_prepare+0x344/0x5e0 [ 444.184291][T11361] ? __anon_vma_prepare+0x344/0x5e0 [ 444.184339][T11361] __anon_vma_prepare+0x344/0x5e0 [ 444.184399][T11361] __vmf_anon_prepare+0x11c/0x240 [ 444.184448][T11361] do_wp_page+0x10fc/0x52b0 [ 444.184503][T11361] ? __pfx_do_wp_page+0x10/0x10 [ 444.184552][T11361] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 444.184608][T11361] ? ___pte_offset_map+0x2ad/0x4f0 [ 444.184656][T11361] __handle_mm_fault+0x1ae3/0x2aa0 [ 444.184722][T11361] ? __pfx___handle_mm_fault+0x10/0x10 [ 444.184777][T11361] ? __pte_offset_map_lock+0x174/0x310 [ 444.184829][T11361] ? find_held_lock+0x2b/0x80 [ 444.184878][T11361] ? follow_page_pte+0x5cf/0x1390 [ 444.184931][T11361] handle_mm_fault+0x589/0xd10 [ 444.184992][T11361] __get_user_pages+0x54e/0x3530 [ 444.185051][T11361] ? find_held_lock+0x2b/0x80 [ 444.185086][T11361] ? __pfx___get_user_pages+0x10/0x10 [ 444.185145][T11361] get_user_pages_remote+0x243/0xab0 [ 444.185199][T11361] ? __pfx_get_user_pages_remote+0x10/0x10 [ 444.185246][T11361] ? __pfx___might_resched+0x10/0x10 [ 444.185281][T11361] ? noop_dirty_folio+0x96/0xb0 [ 444.185326][T11361] __access_remote_vm+0x250/0xaa0 [ 444.185379][T11361] ? __pfx___access_remote_vm+0x10/0x10 [ 444.185452][T11361] mem_rw+0x20e/0x640 [ 444.185488][T11361] ? __pfx_mem_write+0x10/0x10 [ 444.185516][T11361] vfs_write+0x2a0/0x11d0 [ 444.185559][T11361] ? __pfx___mutex_lock+0x10/0x10 [ 444.185600][T11361] ? __pfx_vfs_write+0x10/0x10 [ 444.185644][T11361] ? __fget_files+0x20e/0x3c0 [ 444.185689][T11361] ksys_write+0x12a/0x250 [ 444.185724][T11361] ? __pfx_ksys_write+0x10/0x10 [ 444.185774][T11361] do_syscall_64+0xcd/0xfa0 [ 444.185822][T11361] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 444.185855][T11361] RIP: 0033:0x7eff7458f6c9 [ 444.185881][T11361] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 444.185914][T11361] RSP: 002b:00007eff75374038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 444.185945][T11361] RAX: ffffffffffffffda RBX: 00007eff747e5fa0 RCX: 00007eff7458f6c9 [ 444.185966][T11361] RDX: 0000000000100082 RSI: 0000000000000000 RDI: 0000000000000003 [ 444.185984][T11361] RBP: 00007eff74611f91 R08: 0000000000000000 R09: 0000000000000000 [ 444.186003][T11361] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 444.186023][T11361] R13: 00007eff747e6038 R14: 00007eff747e5fa0 R15: 00007ffd7d0d6cf8 [ 444.186062][T11361] [ 446.033444][T11384] zswap: compressor 000 not available [ 447.600551][T11406] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1658'. [ 450.436615][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 450.443105][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 453.672539][T11287] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 454.142774][T11433] Invalid ELF header magic: != ELF [ 454.216937][T11440] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 454.226588][T11440] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 454.236949][T11440] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 454.245847][T11440] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 454.255514][T11440] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 454.591554][T11438] chnl_net:caif_netlink_parms(): no params data found [ 455.032987][T11438] bridge0: port 1(bridge_slave_0) entered blocking state [ 455.057980][T11438] bridge0: port 1(bridge_slave_0) entered disabled state [ 455.078690][T11438] bridge_slave_0: entered allmulticast mode [ 455.128394][T11438] bridge_slave_0: entered promiscuous mode [ 455.154191][T11438] bridge0: port 2(bridge_slave_1) entered blocking state [ 455.172937][T11438] bridge0: port 2(bridge_slave_1) entered disabled state [ 455.189033][T11438] bridge_slave_1: entered allmulticast mode [ 455.217852][T11438] bridge_slave_1: entered promiscuous mode [ 455.526584][T11438] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 455.584942][T11438] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 455.712403][T11287] Bluetooth: hci3: command 0x0406 tx timeout [ 455.725245][T11438] team0: Port device team_slave_0 added [ 455.745906][T11438] team0: Port device team_slave_1 added [ 455.782744][T11438] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 455.789741][T11438] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 455.818831][T11438] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 455.833164][T11438] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 455.840161][T11438] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 455.866970][T11438] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 455.937683][T11438] hsr_slave_0: entered promiscuous mode [ 455.944441][T11438] hsr_slave_1: entered promiscuous mode [ 455.950803][T11438] debugfs: 'hsr0' already exists in 'hsr' [ 455.956632][T11438] Cannot create hsr debugfs directory [ 456.146043][T11438] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 456.157317][T11438] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 456.170072][T11438] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 456.180831][T11438] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 456.270872][T11438] 8021q: adding VLAN 0 to HW filter on device bond0 [ 456.301342][T11438] 8021q: adding VLAN 0 to HW filter on device team0 [ 456.317971][T11371] bridge0: port 1(bridge_slave_0) entered blocking state [ 456.325222][T11371] bridge0: port 1(bridge_slave_0) entered forwarding state [ 456.346785][T11340] bridge0: port 2(bridge_slave_1) entered blocking state [ 456.353956][T11340] bridge0: port 2(bridge_slave_1) entered forwarding state [ 456.361618][T11287] Bluetooth: hci4: command tx timeout [ 456.663236][T11438] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 456.930939][T11438] veth0_vlan: entered promiscuous mode [ 456.945242][T11438] veth1_vlan: entered promiscuous mode [ 456.978174][T11438] veth0_macvtap: entered promiscuous mode [ 456.987866][T11438] veth1_macvtap: entered promiscuous mode [ 457.012042][T11438] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 457.028294][T11438] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 457.045850][T11276] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 457.056324][T11276] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 457.067100][T11276] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 457.078979][T11276] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 457.160919][T11277] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 457.169224][T11277] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 457.201103][T11277] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 457.209133][T11277] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 457.340420][T11487] netlink: 342 bytes leftover after parsing attributes in process `syz.4.1674'. [ 457.390784][T11487] netlink: 274 bytes leftover after parsing attributes in process `syz.4.1674'. [ 457.718525][T11496] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1678'. [ 457.743839][T11496] netlink: 13 bytes leftover after parsing attributes in process `syz.3.1678'. [ 458.433401][T11287] Bluetooth: hci4: command tx timeout [ 458.768120][T11523] netlink: 186 bytes leftover after parsing attributes in process `syz.3.1672'. [ 458.928501][T11526] netlink: 25 bytes leftover after parsing attributes in process `syz.3.1681'. [ 459.108852][T11531] Dead loop on virtual device ip6_vti0, fix it urgently! [ 459.133097][T11531] Dead loop on virtual device ip6_vti0, fix it urgently! [ 459.146284][T11531] Dead loop on virtual device ip6_vti0, fix it urgently! [ 459.158365][T11531] Dead loop on virtual device ip6_vti0, fix it urgently! [ 459.172528][T11531] Dead loop on virtual device ip6_vti0, fix it urgently! [ 459.180321][T11531] Dead loop on virtual device ip6_vti0, fix it urgently! [ 460.118275][T11555] netlink: 330 bytes leftover after parsing attributes in process `syz.3.1690'. [ 460.308244][T11563] netlink: 252 bytes leftover after parsing attributes in process `syz.3.1693'. [ 460.337620][T11563] netlink: 252 bytes leftover after parsing attributes in process `syz.3.1693'. [ 460.512706][T11287] Bluetooth: hci4: command tx timeout [ 462.595040][T11287] Bluetooth: hci4: command tx timeout [ 462.637540][T11608] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input16 [ 463.396957][T11628] netlink: 62 bytes leftover after parsing attributes in process `syz.4.1711'. [ 463.420790][T11609] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 463.433935][T11609] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 463.449338][T11609] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 463.464421][T11609] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 463.485921][T11609] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 463.505063][T11609] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 463.538190][T11609] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 463.548458][T11609] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 463.566774][T11609] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 463.629594][T11609] Process accounting resumed [ 464.212527][T11647] FAULT_INJECTION: forcing a failure. [ 464.212527][T11647] name failslab, interval 1, probability 393216, space 0, times 0 [ 464.226151][T11647] CPU: 0 UID: 0 PID: 11647 Comm: syz.4.1719 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 464.226223][T11647] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 464.226244][T11647] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 464.226263][T11647] Call Trace: [ 464.226274][T11647] [ 464.226286][T11647] dump_stack_lvl+0x16c/0x1f0 [ 464.226332][T11647] should_fail_ex+0x512/0x640 [ 464.226382][T11647] ? __kmalloc_noprof+0xca/0x880 [ 464.226439][T11647] should_failslab+0xc2/0x120 [ 464.226485][T11647] __kmalloc_noprof+0xdd/0x880 [ 464.226539][T11647] ? kvm_set_irq_routing+0xf3/0x970 [ 464.226596][T11647] ? kvm_set_irq_routing+0xf3/0x970 [ 464.226646][T11647] kvm_set_irq_routing+0xf3/0x970 [ 464.226702][T11647] ? kvm_ioapic_init+0x445/0x590 [ 464.226743][T11647] kvm_arch_vm_ioctl+0x934/0x18b0 [ 464.226796][T11647] ? register_lock_class+0x41/0x4c0 [ 464.226840][T11647] ? find_held_lock+0x2b/0x80 [ 464.226874][T11647] ? __pfx_kvm_arch_vm_ioctl+0x10/0x10 [ 464.226912][T11647] ? ima_match_policy+0x7f9/0x22e0 [ 464.226952][T11647] ? __lock_acquire+0x622/0x1c90 [ 464.227004][T11647] ? __lock_acquire+0x622/0x1c90 [ 464.227062][T11647] ? __lock_acquire+0x622/0x1c90 [ 464.227115][T11647] ? __lock_acquire+0x622/0x1c90 [ 464.227199][T11647] ? bpf_ksym_find+0x124/0x1c0 [ 464.227236][T11647] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 464.227277][T11647] ? is_bpf_text_address+0x94/0x1a0 [ 464.227323][T11647] ? kernel_text_address+0x8d/0x100 [ 464.227350][T11647] ? widen_string+0xdc/0x2d0 [ 464.227397][T11647] ? __kernel_text_address+0xd/0x40 [ 464.227426][T11647] ? unwind_get_return_address+0x59/0xa0 [ 464.227480][T11647] ? arch_stack_walk+0xa6/0x100 [ 464.227531][T11647] ? stack_trace_save+0x8e/0xc0 [ 464.227568][T11647] ? __pfx_stack_trace_save+0x10/0x10 [ 464.227608][T11647] ? stack_depot_save_flags+0x29/0x9c0 [ 464.227663][T11647] ? __lock_acquire+0xb8a/0x1c90 [ 464.227710][T11647] ? kasan_save_stack+0x42/0x60 [ 464.227748][T11647] ? kasan_save_stack+0x33/0x60 [ 464.227795][T11647] ? kasan_save_track+0x14/0x30 [ 464.227831][T11647] ? __kasan_save_free_info+0x3b/0x60 [ 464.227861][T11647] ? __kasan_slab_free+0x5f/0x80 [ 464.227900][T11647] ? kfree+0x2b8/0x6d0 [ 464.227926][T11647] ? tomoyo_path_number_perm+0x470/0x580 [ 464.227985][T11647] kvm_vm_ioctl+0x1a91/0x3fd0 [ 464.228039][T11647] ? __pfx_kvm_vm_ioctl+0x10/0x10 [ 464.228103][T11647] ? kasan_quarantine_put+0x10a/0x240 [ 464.228141][T11647] ? lockdep_hardirqs_on+0x7c/0x110 [ 464.228183][T11647] ? find_held_lock+0x2b/0x80 [ 464.228216][T11647] ? tomoyo_path_number_perm+0x295/0x580 [ 464.228275][T11647] ? tomoyo_path_number_perm+0x18d/0x580 [ 464.228334][T11647] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 464.228386][T11647] ? futex_wake+0x1ad/0x530 [ 464.228450][T11647] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 464.228508][T11647] ? do_vfs_ioctl+0x128/0x14f0 [ 464.228570][T11647] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 464.228630][T11647] ? find_held_lock+0x2b/0x80 [ 464.228663][T11647] ? hook_file_ioctl_common+0x145/0x410 [ 464.228705][T11647] ? __fget_files+0x20e/0x3c0 [ 464.228744][T11647] ? __pfx_kvm_vm_ioctl+0x10/0x10 [ 464.228791][T11647] __x64_sys_ioctl+0x18e/0x210 [ 464.228843][T11647] do_syscall_64+0xcd/0xfa0 [ 464.228886][T11647] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 464.228919][T11647] RIP: 0033:0x7eff7458f6c9 [ 464.228945][T11647] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 464.228976][T11647] RSP: 002b:00007eff75374038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 464.229008][T11647] RAX: ffffffffffffffda RBX: 00007eff747e5fa0 RCX: 00007eff7458f6c9 [ 464.229029][T11647] RDX: 0010000000000402 RSI: 000000000000ae60 RDI: 0000000000000003 [ 464.229049][T11647] RBP: 00007eff74611f91 R08: 0000000000000000 R09: 0000000000000000 [ 464.229068][T11647] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 464.229086][T11647] R13: 00007eff747e6038 R14: 00007eff747e5fa0 R15: 00007ffd7d0d6cf8 [ 464.229128][T11647] [ 464.815059][T11660] netlink: 'syz.3.1721': attribute type 5 has an invalid length. [ 464.858766][T11660] netlink: 'syz.3.1721': attribute type 1 has an invalid length. [ 464.900164][T11660] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1721'. [ 464.909383][T11287] Bluetooth: hci2: command 0x0406 tx timeout [ 464.917714][T11665] netlink: 'syz.3.1721': attribute type 5 has an invalid length. [ 464.980776][T11665] netlink: 'syz.3.1721': attribute type 1 has an invalid length. [ 465.020701][T11665] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1721'. [ 465.472668][T11287] Bluetooth: hci3: command 0x0406 tx timeout [ 465.478759][T11287] Bluetooth: hci1: command 0x0406 tx timeout [ 465.486630][T11680] netlink: 98 bytes leftover after parsing attributes in process `syz.0.1727'. [ 465.552126][T11287] Bluetooth: hci4: command 0x0c1a tx timeout [ 465.558234][T11440] Bluetooth: hci0: command 0x0c1a tx timeout [ 466.378712][T11699] lo: entered allmulticast mode [ 466.386362][T11699] lo: left allmulticast mode [ 466.397613][T11687] Invalid ELF header magic: != ELF [ 467.408972][T11721] netlink: 25 bytes leftover after parsing attributes in process `syz.5.1739'. [ 467.553791][T11287] Bluetooth: hci3: command 0x0406 tx timeout [ 467.634438][T11287] Bluetooth: hci4: command 0x0c1a tx timeout [ 467.640612][T11440] Bluetooth: hci0: command 0x0c1a tx timeout [ 468.470449][T11745] Invalid ELF header magic: != ELF [ 469.364111][T11747] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 469.372427][T11747] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 469.380577][T11747] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 469.403784][T11747] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 469.410093][T11747] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 470.592119][T11287] Bluetooth: hci2: command 0x0406 tx timeout [ 470.772812][T11780] netlink: 25 bytes leftover after parsing attributes in process `syz.3.1756'. [ 471.392222][T11287] Bluetooth: hci3: command 0x0406 tx timeout [ 471.398667][T11440] Bluetooth: hci1: command 0x0406 tx timeout [ 471.472719][T11287] Bluetooth: hci4: command 0x0c1a tx timeout [ 471.480072][T11440] Bluetooth: hci0: command 0x0c1a tx timeout [ 471.814462][T11799] ubi0: attaching mtd0 [ 471.828661][T11799] ubi0 error: ubi_attach_mtd_dev: bad VID header (2) or data offsets (66) [ 473.017741][T11827] netlink: 13 bytes leftover after parsing attributes in process `syz.3.1772'. [ 473.061765][T11828] netlink: 25 bytes leftover after parsing attributes in process `syz.4.1770'. [ 474.072883][T11840] serio: Serial port ttyS2 [ 474.624841][T11843] netlink: 338 bytes leftover after parsing attributes in process `syz.0.1784'. [ 474.675955][T11847] netlink: 334 bytes leftover after parsing attributes in process `syz.4.1778'. [ 474.880871][T11853] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 475.642717][T11870] netlink: 25 bytes leftover after parsing attributes in process `syz.0.1783'. [ 477.439956][T11902] warning: `syz.0.1794' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 477.912837][T11912] netlink: 25 bytes leftover after parsing attributes in process `syz.4.1798'. [ 478.661217][T11922] Dead loop on virtual device ip6_vti0, fix it urgently! [ 478.664416][T11923] netlink: 338 bytes leftover after parsing attributes in process `syz.5.1800'. [ 478.690656][T11922] Dead loop on virtual device ip6_vti0, fix it urgently! [ 478.718428][T11923] netlink: 314 bytes leftover after parsing attributes in process `syz.5.1800'. [ 478.722612][T11922] Dead loop on virtual device ip6_vti0, fix it urgently! [ 478.742554][T11922] Dead loop on virtual device ip6_vti0, fix it urgently! [ 478.762785][T11922] Dead loop on virtual device ip6_vti0, fix it urgently! [ 478.773039][T11922] Dead loop on virtual device ip6_vti0, fix it urgently! [ 480.452409][T11956] netlink: 25 bytes leftover after parsing attributes in process `syz.4.1811'. [ 481.534285][ T30] audit: type=1800 audit(4294985784.683:8): pid=11979 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.1818" name="lu_gp_id" dev="configfs" ino=84863 res=0 errno=0 [ 482.105886][T11990] sp0: Synchronizing with TNC [ 482.683247][T12012] netlink: 'syz.5.1827': attribute type 3 has an invalid length. [ 482.704730][T12012] netlink: 306 bytes leftover after parsing attributes in process `syz.5.1827'. [ 483.509909][T12031] netlink: 'syz.4.1834': attribute type 10 has an invalid length. [ 483.518068][T12031] netlink: 230 bytes leftover after parsing attributes in process `syz.4.1834'. [ 483.559999][T12031] A link change request failed with some changes committed already. Interface erspan0 may have been left with an inconsistent configuration, please check. [ 483.643661][T12033] FAULT_INJECTION: forcing a failure. [ 483.643661][T12033] name failslab, interval 1, probability 393216, space 0, times 0 [ 483.732098][T12033] CPU: 0 UID: 0 PID: 12033 Comm: syz.5.1835 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 483.732170][T12033] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 483.732189][T12033] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 483.732207][T12033] Call Trace: [ 483.732217][T12033] [ 483.732229][T12033] dump_stack_lvl+0x16c/0x1f0 [ 483.732274][T12033] should_fail_ex+0x512/0x640 [ 483.732333][T12033] ? fs_reclaim_acquire+0xae/0x150 [ 483.732384][T12033] should_failslab+0xc2/0x120 [ 483.732429][T12033] __kmalloc_node_track_caller_noprof+0xde/0x8a0 [ 483.732472][T12033] ? kstrdup_const+0x63/0x80 [ 483.732515][T12033] ? kstrdup+0x53/0x100 [ 483.732545][T12033] kstrdup+0x53/0x100 [ 483.732582][T12033] kstrdup_const+0x63/0x80 [ 483.732616][T12033] __kernfs_new_node+0x9b/0x8e0 [ 483.732664][T12033] ? __pfx___kernfs_new_node+0x10/0x10 [ 483.732718][T12033] ? find_held_lock+0x2b/0x80 [ 483.732767][T12033] ? kernfs_root+0xee/0x2a0 [ 483.732812][T12033] kernfs_new_node+0x13c/0x1e0 [ 483.732866][T12033] kernfs_create_dir_ns+0x4c/0x1a0 [ 483.732919][T12033] sysfs_create_dir_ns+0x13a/0x2b0 [ 483.732960][T12033] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 483.732997][T12033] ? find_held_lock+0x2b/0x80 [ 483.733036][T12033] ? class_dir_child_ns_type+0xd/0x60 [ 483.733091][T12033] kobject_add_internal+0x2c4/0x9b0 [ 483.733141][T12033] kobject_add+0x16e/0x240 [ 483.733188][T12033] ? __pfx_kobject_add+0x10/0x10 [ 483.733233][T12033] ? get_device_parent+0x1c5/0x4e0 [ 483.733312][T12033] ? kobject_put+0xab/0x5a0 [ 483.733366][T12033] device_add+0x288/0x1aa0 [ 483.733416][T12033] ? __pfx_dev_set_name+0x10/0x10 [ 483.733449][T12033] ? __pfx_device_add+0x10/0x10 [ 483.733496][T12033] ? __pfx___might_resched+0x10/0x10 [ 483.733528][T12033] ? lockdep_hardirqs_on+0x7c/0x110 [ 483.733582][T12033] __add_disk+0x457/0xf00 [ 483.733633][T12033] add_disk_fwnode+0x13f/0x5d0 [ 483.733683][T12033] loop_add+0x903/0xb70 [ 483.733718][T12033] ? __pfx_loop_add+0x10/0x10 [ 483.733783][T12033] ? find_held_lock+0x2b/0x80 [ 483.733822][T12033] loop_control_ioctl+0x13e/0x630 [ 483.733860][T12033] ? __pfx_loop_control_ioctl+0x10/0x10 [ 483.733901][T12033] ? __pfx_loop_control_ioctl+0x10/0x10 [ 483.733939][T12033] __x64_sys_ioctl+0x18e/0x210 [ 483.733991][T12033] do_syscall_64+0xcd/0xfa0 [ 483.734033][T12033] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 483.734066][T12033] RIP: 0033:0x7f42c518f6c9 [ 483.734093][T12033] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 483.734126][T12033] RSP: 002b:00007f42c5f9c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 483.734158][T12033] RAX: ffffffffffffffda RBX: 00007f42c53e5fa0 RCX: 00007f42c518f6c9 [ 483.734181][T12033] RDX: fffffffffffffffd RSI: 0000000000004c80 RDI: 0000000000000007 [ 483.734202][T12033] RBP: 00007f42c5211f91 R08: 0000000000000000 R09: 0000000000000000 [ 483.734222][T12033] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 483.734242][T12033] R13: 00007f42c53e6038 R14: 00007f42c53e5fa0 R15: 00007ffc73587598 [ 483.734296][T12033] [ 483.734314][T12033] kobject: kobject_add_internal failed for loop0 (error: -12 parent: block) [ 484.093893][T11287] Bluetooth: hci1: Malformed Event: 0x02 [ 485.275187][T12063] FAULT_INJECTION: forcing a failure. [ 485.275187][T12063] name failslab, interval 1, probability 393216, space 0, times 0 [ 485.300880][T12063] CPU: 0 UID: 0 PID: 12063 Comm: syz.0.1844 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 485.300953][T12063] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 485.300973][T12063] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 485.300992][T12063] Call Trace: [ 485.301003][T12063] [ 485.301017][T12063] dump_stack_lvl+0x16c/0x1f0 [ 485.301063][T12063] should_fail_ex+0x512/0x640 [ 485.301113][T12063] ? fs_reclaim_acquire+0xae/0x150 [ 485.301164][T12063] should_failslab+0xc2/0x120 [ 485.301209][T12063] kmem_cache_alloc_noprof+0x75/0x6e0 [ 485.301241][T12063] ? __pfx_map_id_range_down+0x10/0x10 [ 485.301270][T12063] ? security_inode_alloc+0x3b/0x2b0 [ 485.301329][T12063] ? security_inode_alloc+0x3b/0x2b0 [ 485.301373][T12063] security_inode_alloc+0x3b/0x2b0 [ 485.301424][T12063] inode_init_always_gfp+0xce4/0x1030 [ 485.301464][T12063] alloc_inode+0x86/0x240 [ 485.301507][T12063] new_inode+0x22/0x1c0 [ 485.301553][T12063] proc_pid_make_inode+0x22/0x160 [ 485.301596][T12063] proc_pident_instantiate+0x85/0x310 [ 485.301644][T12063] proc_fill_cache+0x361/0x470 [ 485.301686][T12063] ? __pfx_proc_pident_instantiate+0x10/0x10 [ 485.301751][T12063] ? __pfx_proc_fill_cache+0x10/0x10 [ 485.301836][T12063] proc_pident_readdir+0x1bc/0x530 [ 485.301905][T12063] iterate_dir+0x296/0xaf0 [ 485.301963][T12063] __x64_sys_getdents64+0x13c/0x2c0 [ 485.302014][T12063] ? __x64_sys_futex+0x1e9/0x4c0 [ 485.302061][T12063] ? __pfx___x64_sys_getdents64+0x10/0x10 [ 485.302111][T12063] ? __x64_sys_openat+0x174/0x210 [ 485.302163][T12063] ? __pfx_filldir64+0x10/0x10 [ 485.302227][T12063] do_syscall_64+0xcd/0xfa0 [ 485.302272][T12063] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 485.302305][T12063] RIP: 0033:0x7f9a0cd8f6c9 [ 485.302332][T12063] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 485.302365][T12063] RSP: 002b:00007f9a0dc19038 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9 [ 485.302396][T12063] RAX: ffffffffffffffda RBX: 00007f9a0cfe5fa0 RCX: 00007f9a0cd8f6c9 [ 485.302417][T12063] RDX: 0000000000000803 RSI: 0000000000000000 RDI: 0000000000000005 [ 485.302437][T12063] RBP: 00007f9a0ce11f91 R08: 0000000000000000 R09: 0000000000000000 [ 485.302457][T12063] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 485.302477][T12063] R13: 00007f9a0cfe6038 R14: 00007f9a0cfe5fa0 R15: 00007ffcfbdcaa68 [ 485.302523][T12063] [ 486.190209][T12074] FAULT_INJECTION: forcing a failure. [ 486.190209][T12074] name failslab, interval 1, probability 393216, space 0, times 0 [ 486.241163][T12074] CPU: 0 UID: 0 PID: 12074 Comm: syz.5.1847 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 486.241237][T12074] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 486.241256][T12074] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 486.241275][T12074] Call Trace: [ 486.241285][T12074] [ 486.241296][T12074] dump_stack_lvl+0x16c/0x1f0 [ 486.241341][T12074] should_fail_ex+0x512/0x640 [ 486.241390][T12074] ? kmem_cache_alloc_noprof+0x62/0x6e0 [ 486.241427][T12074] should_failslab+0xc2/0x120 [ 486.241472][T12074] kmem_cache_alloc_noprof+0x75/0x6e0 [ 486.241504][T12074] ? getname_flags.part.0+0x4c/0x550 [ 486.241557][T12074] ? getname_flags.part.0+0x4c/0x550 [ 486.241601][T12074] getname_flags.part.0+0x4c/0x550 [ 486.241677][T12074] getname_flags+0x93/0xf0 [ 486.241711][T12074] do_sys_openat2+0xb8/0x1d0 [ 486.241759][T12074] ? __pfx_do_sys_openat2+0x10/0x10 [ 486.241824][T12074] __x64_sys_openat+0x174/0x210 [ 486.241872][T12074] ? __pfx___x64_sys_openat+0x10/0x10 [ 486.241942][T12074] do_syscall_64+0xcd/0xfa0 [ 486.241985][T12074] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 486.242017][T12074] RIP: 0033:0x7f42c518df10 [ 486.242053][T12074] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 69 95 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 bc 95 02 00 8b 44 [ 486.242086][T12074] RSP: 002b:00007f42c5f9bf10 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 486.242116][T12074] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f42c518df10 [ 486.242137][T12074] RDX: 0000000000000002 RSI: 00007f42c5f9bfa0 RDI: 00000000ffffff9c [ 486.242157][T12074] RBP: 00007f42c5f9bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 486.242175][T12074] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 486.242195][T12074] R13: 00007f42c53e6038 R14: 00007f42c53e5fa0 R15: 00007ffc73587598 [ 486.242239][T12074] [ 487.548234][T12095] netlink: zone id is out of range [ 487.582210][T12095] netlink: del zone limit has 4 unknown bytes [ 487.704973][T12094] netlink: set zone limit has 8 unknown bytes [ 488.688079][T12118] netlink: 44 bytes leftover after parsing attributes in process `syz.0.1858'. [ 488.777513][T12118] netlink: 44 bytes leftover after parsing attributes in process `syz.0.1858'. [ 492.626717][T12164] Invalid ELF header magic: != ELF [ 493.309717][T12178] FAULT_INJECTION: forcing a failure. [ 493.309717][T12178] name failslab, interval 1, probability 393216, space 0, times 0 [ 493.362387][T12178] CPU: 1 UID: 0 PID: 12178 Comm: syz.3.1873 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 493.362465][T12178] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 493.362484][T12178] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 493.362503][T12178] Call Trace: [ 493.362514][T12178] [ 493.362525][T12178] dump_stack_lvl+0x16c/0x1f0 [ 493.362570][T12178] should_fail_ex+0x512/0x640 [ 493.362619][T12178] ? fs_reclaim_acquire+0xae/0x150 [ 493.362667][T12178] should_failslab+0xc2/0x120 [ 493.362711][T12178] __kmalloc_node_track_caller_noprof+0xde/0x8a0 [ 493.362754][T12178] ? kstrdup_const+0x63/0x80 [ 493.362797][T12178] ? kstrdup+0x53/0x100 [ 493.362826][T12178] kstrdup+0x53/0x100 [ 493.362863][T12178] kstrdup_const+0x63/0x80 [ 493.362898][T12178] __kernfs_new_node+0x9b/0x8e0 [ 493.362946][T12178] ? __pfx___kernfs_new_node+0x10/0x10 [ 493.363008][T12178] ? find_held_lock+0x2b/0x80 [ 493.363044][T12178] ? kernfs_root+0xee/0x2a0 [ 493.363104][T12178] kernfs_new_node+0x13c/0x1e0 [ 493.363162][T12178] kernfs_create_dir_ns+0x4c/0x1a0 [ 493.363216][T12178] sysfs_create_dir_ns+0x13a/0x2b0 [ 493.363260][T12178] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 493.363299][T12178] ? find_held_lock+0x2b/0x80 [ 493.363339][T12178] ? class_dir_child_ns_type+0xd/0x60 [ 493.363394][T12178] kobject_add_internal+0x2c4/0x9b0 [ 493.363447][T12178] kobject_add+0x16e/0x240 [ 493.363499][T12178] ? __pfx_kobject_add+0x10/0x10 [ 493.363573][T12178] ? get_device_parent+0x1c5/0x4e0 [ 493.363621][T12178] ? kobject_put+0xab/0x5a0 [ 493.363674][T12178] device_add+0x288/0x1aa0 [ 493.363724][T12178] ? __pfx_dev_set_name+0x10/0x10 [ 493.363758][T12178] ? __pfx_device_add+0x10/0x10 [ 493.363813][T12178] ? __pfx___might_resched+0x10/0x10 [ 493.363845][T12178] ? lockdep_hardirqs_on+0x7c/0x110 [ 493.363909][T12178] __add_disk+0x457/0xf00 [ 493.363961][T12178] add_disk_fwnode+0x13f/0x5d0 [ 493.364015][T12178] loop_add+0x903/0xb70 [ 493.364053][T12178] ? __pfx_loop_add+0x10/0x10 [ 493.364116][T12178] ? find_held_lock+0x2b/0x80 [ 493.364156][T12178] loop_control_ioctl+0x13e/0x630 [ 493.364192][T12178] ? __pfx_loop_control_ioctl+0x10/0x10 [ 493.364240][T12178] ? __pfx_loop_control_ioctl+0x10/0x10 [ 493.364279][T12178] __x64_sys_ioctl+0x18e/0x210 [ 493.364332][T12178] do_syscall_64+0xcd/0xfa0 [ 493.364374][T12178] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 493.364413][T12178] RIP: 0033:0x7fdf80b8f6c9 [ 493.364440][T12178] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 493.364478][T12178] RSP: 002b:00007fdf819ca038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 493.364510][T12178] RAX: ffffffffffffffda RBX: 00007fdf80de5fa0 RCX: 00007fdf80b8f6c9 [ 493.364532][T12178] RDX: fffffffffffffffd RSI: 0000000000004c80 RDI: 0000000000000007 [ 493.364553][T12178] RBP: 00007fdf80c11f91 R08: 0000000000000000 R09: 0000000000000000 [ 493.364575][T12178] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 493.364594][T12178] R13: 00007fdf80de6038 R14: 00007fdf80de5fa0 R15: 00007fff8c9f4608 [ 493.364640][T12178] [ 493.364656][T12178] kobject: kobject_add_internal failed for loop0 (error: -12 parent: block) [ 494.134975][T12178] Process accounting paused [ 494.943919][T12198] vhci_hcd: invalid port number 9 [ 495.164751][T12209] netlink: 13 bytes leftover after parsing attributes in process `syz.5.1882'. [ 497.859671][T12261] netlink: 330 bytes leftover after parsing attributes in process `syz.4.1899'. [ 497.884243][T12261] net veth1_virt_wifi ›: renamed from virt_wifi0 [ 507.259123][T12268] FAULT_INJECTION: forcing a failure. [ 507.259123][T12268] name fail_futex, interval 1, probability 0, space 0, times 0 [ 507.292714][T12268] CPU: 1 UID: 0 PID: 12268 Comm: syz.3.1903 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 507.292790][T12268] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 507.292810][T12268] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 507.292830][T12268] Call Trace: [ 507.292841][T12268] [ 507.292853][T12268] dump_stack_lvl+0x16c/0x1f0 [ 507.292900][T12268] should_fail_ex+0x512/0x640 [ 507.292955][T12268] get_futex_key+0x1d0/0x1560 [ 507.293011][T12268] ? ktime_get_coarse_real_ts64_mg+0x240/0x300 [ 507.293061][T12268] ? __pfx_get_futex_key+0x10/0x10 [ 507.293100][T12268] ? rcu_is_watching+0x12/0xc0 [ 507.293135][T12268] ? set_normalized_timespec64+0x69/0xc0 [ 507.293178][T12268] ? inode_set_ctime_current+0x2a1/0x8f0 [ 507.293230][T12268] futex_wake+0xea/0x530 [ 507.293283][T12268] ? find_held_lock+0x2b/0x80 [ 507.293317][T12268] ? __pfx_futex_wake+0x10/0x10 [ 507.293372][T12268] ? fput+0x9b/0xd0 [ 507.293416][T12268] ? do_mq_timedsend+0x7a1/0xc40 [ 507.293469][T12268] do_futex+0x1e3/0x350 [ 507.293514][T12268] ? __pfx_do_futex+0x10/0x10 [ 507.293570][T12268] __x64_sys_futex+0x1e0/0x4c0 [ 507.293621][T12268] ? __pfx___x64_sys_futex+0x10/0x10 [ 507.293667][T12268] ? __pfx___x64_sys_mq_timedsend+0x10/0x10 [ 507.293732][T12268] do_syscall_64+0xcd/0xfa0 [ 507.293774][T12268] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 507.293807][T12268] RIP: 0033:0x7fdf80b8f6c9 [ 507.293832][T12268] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 507.293866][T12268] RSP: 002b:00007fdf819ca0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 507.293898][T12268] RAX: ffffffffffffffda RBX: 00007fdf80de5fa8 RCX: 00007fdf80b8f6c9 [ 507.293920][T12268] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fdf80de5fac [ 507.293940][T12268] RBP: 00007fdf80de5fa0 R08: 00007fdf819cb000 R09: 0000000000000000 [ 507.293960][T12268] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 507.293979][T12268] R13: 00007fdf80de6038 R14: 00007fff8c9f4520 R15: 00007fff8c9f4608 [ 507.294031][T12268] [ 507.653425][T12272] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1905'. [ 507.752076][T11287] Bluetooth: hci0: Malformed Event: 0x02 [ 507.829400][T11440] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 507.846391][T11440] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 507.856252][T11440] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 507.864773][T11440] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 507.872917][T11440] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 508.483288][T12276] chnl_net:caif_netlink_parms(): no params data found [ 508.723507][T12276] bridge0: port 1(bridge_slave_0) entered blocking state [ 508.743448][T12276] bridge0: port 1(bridge_slave_0) entered disabled state [ 508.750795][T12276] bridge_slave_0: entered allmulticast mode [ 508.794361][T12276] bridge_slave_0: entered promiscuous mode [ 508.820860][T12276] bridge0: port 2(bridge_slave_1) entered blocking state [ 508.839096][T12276] bridge0: port 2(bridge_slave_1) entered disabled state [ 508.847482][T12276] bridge_slave_1: entered allmulticast mode [ 508.859325][T12276] bridge_slave_1: entered promiscuous mode [ 508.950491][T12276] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 508.987337][T12276] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 509.079394][T12276] team0: Port device team_slave_0 added [ 509.088818][T12276] team0: Port device team_slave_1 added [ 509.160845][T12276] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 509.178811][T12276] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 509.207305][T12276] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 509.225990][T12276] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 509.239790][T12276] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 509.267911][T12276] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 509.499788][T12276] hsr_slave_0: entered promiscuous mode [ 509.517073][T12276] hsr_slave_1: entered promiscuous mode [ 509.526524][T12276] debugfs: 'hsr0' already exists in 'hsr' [ 509.537089][T11440] Bluetooth: hci4: Malformed Event: 0x02 [ 509.546142][T12276] Cannot create hsr debugfs directory [ 509.952434][T11440] Bluetooth: hci5: command tx timeout [ 510.074278][T12276] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 510.143402][T12276] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 510.173521][T12276] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 510.207611][T12276] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 510.322272][T12331] usb usb36: usbfs: process 12331 (syz.4.1921) did not claim interface 0 before use [ 510.461406][T12341] Invalid ELF header magic: != ELF [ 510.707030][T12276] 8021q: adding VLAN 0 to HW filter on device bond0 [ 510.763316][T12276] 8021q: adding VLAN 0 to HW filter on device team0 [ 510.800861][T11278] bridge0: port 1(bridge_slave_0) entered blocking state [ 510.808117][T11278] bridge0: port 1(bridge_slave_0) entered forwarding state [ 510.878221][T11278] bridge0: port 2(bridge_slave_1) entered blocking state [ 510.885491][T11278] bridge0: port 2(bridge_slave_1) entered forwarding state [ 511.138522][T12353] netlink: 354 bytes leftover after parsing attributes in process `syz.4.1925'. [ 511.395735][T12276] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 511.889653][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 511.902349][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 512.035039][T11440] Bluetooth: hci5: command tx timeout [ 512.088208][T12376] netlink: 'syz.5.1929': attribute type 1 has an invalid length. [ 512.111720][T12276] veth0_vlan: entered promiscuous mode [ 512.116904][T12376] netlink: 13 bytes leftover after parsing attributes in process `syz.5.1929'. [ 512.139338][T12276] veth1_vlan: entered promiscuous mode [ 512.216707][T12276] veth0_macvtap: entered promiscuous mode [ 512.235593][T12276] veth1_macvtap: entered promiscuous mode [ 512.265115][T12276] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 512.277699][T12276] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 512.325318][T11278] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 512.377243][T11278] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 512.393932][T11278] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 512.458223][T11278] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 512.522126][T12383] netlink: 'syz.3.1933': attribute type 27 has an invalid length. [ 512.530269][T12383] netlink: 'syz.3.1933': attribute type 28 has an invalid length. [ 512.556886][T12383] netlink: 'syz.3.1933': attribute type 29 has an invalid length. [ 512.568944][T12383] netlink: 'syz.3.1933': attribute type 30 has an invalid length. [ 512.579590][T12383] netlink: 'syz.3.1933': attribute type 31 has an invalid length. [ 512.595661][T12383] netlink: 'syz.3.1933': attribute type 32 has an invalid length. [ 512.604733][T12383] netlink: 'syz.3.1933': attribute type 33 has an invalid length. [ 512.613134][T12383] netlink: 'syz.3.1933': attribute type 35 has an invalid length. [ 512.639424][T12387] FAULT_INJECTION: forcing a failure. [ 512.639424][T12387] name failslab, interval 1, probability 393216, space 0, times 0 [ 512.654291][T12387] CPU: 1 UID: 0 PID: 12387 Comm: syz.4.1934 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 512.654362][T12387] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 512.654381][T12387] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 512.654400][T12387] Call Trace: [ 512.654411][T12387] [ 512.654423][T12387] dump_stack_lvl+0x16c/0x1f0 [ 512.654479][T12387] should_fail_ex+0x512/0x640 [ 512.654527][T12387] ? kmem_cache_alloc_noprof+0x62/0x6e0 [ 512.654564][T12387] should_failslab+0xc2/0x120 [ 512.654606][T12387] kmem_cache_alloc_noprof+0x75/0x6e0 [ 512.654639][T12387] ? __anon_vma_prepare+0xae/0x5e0 [ 512.654731][T12387] ? __anon_vma_prepare+0xae/0x5e0 [ 512.654782][T12387] __anon_vma_prepare+0xae/0x5e0 [ 512.654831][T12387] ? __pfx___pte_alloc+0x10/0x10 [ 512.654879][T12387] __vmf_anon_prepare+0x11c/0x240 [ 512.654926][T12387] do_pte_missing+0x10b7/0x3ba0 [ 512.654978][T12387] ? mtree_range_walk+0x718/0xc00 [ 512.655015][T12387] ? find_held_lock+0x2b/0x80 [ 512.655051][T12387] __handle_mm_fault+0x1556/0x2aa0 [ 512.655112][T12387] ? __pfx___handle_mm_fault+0x10/0x10 [ 512.655200][T12387] handle_mm_fault+0x589/0xd10 [ 512.655262][T12387] __get_user_pages+0x54e/0x3530 [ 512.655322][T12387] ? __pfx___get_user_pages+0x10/0x10 [ 512.655370][T12387] populate_vma_page_range+0x267/0x3f0 [ 512.655412][T12387] ? __pfx_populate_vma_page_range+0x10/0x10 [ 512.655453][T12387] ? __pfx_find_vma_intersection+0x10/0x10 [ 512.655490][T12387] ? do_mmap+0x69c/0x1210 [ 512.655528][T12387] __mm_populate+0x1d8/0x380 [ 512.655568][T12387] ? __pfx___mm_populate+0x10/0x10 [ 512.655610][T12387] ? up_write+0x1b2/0x520 [ 512.655653][T12387] vm_mmap_pgoff+0x37f/0x470 [ 512.655698][T12387] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 512.655742][T12387] ? __x64_sys_futex+0x1e0/0x4c0 [ 512.655778][T12387] ? __x64_sys_futex+0x1e9/0x4c0 [ 512.655840][T12387] ksys_mmap_pgoff+0x7d/0x5c0 [ 512.655874][T12387] ? xfd_validate_state+0x61/0x180 [ 512.655913][T12387] ? __pfx_do_writev+0x10/0x10 [ 512.655945][T12387] __x64_sys_mmap+0x125/0x190 [ 512.655990][T12387] do_syscall_64+0xcd/0xfa0 [ 512.656026][T12387] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 512.656054][T12387] RIP: 0033:0x7eff7458f6c9 [ 512.656077][T12387] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 512.656105][T12387] RSP: 002b:00007eff75374038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 512.656132][T12387] RAX: ffffffffffffffda RBX: 00007eff747e5fa0 RCX: 00007eff7458f6c9 [ 512.656151][T12387] RDX: 00000000000000df RSI: 0000000000400008 RDI: 0000000000000000 [ 512.656167][T12387] RBP: 00007eff74611f91 R08: 0000000000000002 R09: 0000000000008000 [ 512.656183][T12387] R10: 0000000000009b72 R11: 0000000000000246 R12: 0000000000000000 [ 512.656200][T12387] R13: 00007eff747e6038 R14: 00007eff747e5fa0 R15: 00007ffd7d0d6cf8 [ 512.656237][T12387] [ 512.657510][T12383] netlink: 'syz.3.1933': attribute type 37 has an invalid length. [ 512.965947][T12383] netlink: 14 bytes leftover after parsing attributes in process `syz.3.1933'. [ 513.079828][T11278] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 513.121550][T11278] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 513.210167][T11276] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 513.221604][T11276] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 513.254882][T12395] netlink: 330 bytes leftover after parsing attributes in process `syz.3.1936'. [ 513.282636][T12395] net veth1_virt_wifi ›: renamed from virt_wifi0 (while UP) [ 514.113339][T11440] Bluetooth: hci5: command tx timeout [ 514.858148][T12434] netlink: 226 bytes leftover after parsing attributes in process `syz.6.1948'. [ 514.894590][T12434] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1948'. [ 514.911661][T12417] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 514.920575][T12417] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 514.934892][T12417] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 514.948385][T12417] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 514.976886][T12417] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 515.019213][T12417] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 515.092869][T12417] Bluetooth: hci5: Opcode 0x0406 failed: -4 [ 515.180749][T12417] Bluetooth: hci5: Opcode 0x0406 failed: -4 [ 516.193679][T11440] Bluetooth: hci2: command 0x0406 tx timeout [ 516.757457][T12456] FAULT_INJECTION: forcing a failure. [ 516.757457][T12456] name failslab, interval 1, probability 393216, space 0, times 0 [ 516.831998][T12456] CPU: 1 UID: 0 PID: 12456 Comm: syz.5.1954 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 516.832069][T12456] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 516.832088][T12456] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 516.832107][T12456] Call Trace: [ 516.832117][T12456] [ 516.832129][T12456] dump_stack_lvl+0x16c/0x1f0 [ 516.832175][T12456] should_fail_ex+0x512/0x640 [ 516.832223][T12456] ? fs_reclaim_acquire+0xae/0x150 [ 516.832277][T12456] should_failslab+0xc2/0x120 [ 516.832323][T12456] kmem_cache_alloc_noprof+0x75/0x6e0 [ 516.832353][T12456] ? __pfx_map_id_range_down+0x10/0x10 [ 516.832384][T12456] ? security_inode_alloc+0x3b/0x2b0 [ 516.832453][T12456] ? security_inode_alloc+0x3b/0x2b0 [ 516.832501][T12456] security_inode_alloc+0x3b/0x2b0 [ 516.832554][T12456] inode_init_always_gfp+0xce4/0x1030 [ 516.832596][T12456] alloc_inode+0x86/0x240 [ 516.832640][T12456] new_inode+0x22/0x1c0 [ 516.832687][T12456] debugfs_create_symlink+0xd3/0x320 [ 516.832726][T12456] drm_debugfs_clients_add+0x195/0x200 [ 516.832774][T12456] drm_file_alloc+0x5c6/0xb40 [ 516.832835][T12456] drm_open_helper+0x204/0x550 [ 516.832889][T12456] drm_open+0x1a0/0x3e0 [ 516.832935][T12456] ? __pfx_drm_open+0x10/0x10 [ 516.832979][T12456] drm_stub_open+0x20f/0x380 [ 516.833034][T12456] ? __pfx_drm_stub_open+0x10/0x10 [ 516.833080][T12456] chrdev_open+0x234/0x6a0 [ 516.833120][T12456] ? __pfx_apparmor_file_open+0x10/0x10 [ 516.833177][T12456] ? __pfx_chrdev_open+0x10/0x10 [ 516.833227][T12456] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 516.833282][T12456] do_dentry_open+0x982/0x1530 [ 516.833324][T12456] ? __pfx_chrdev_open+0x10/0x10 [ 516.833381][T12456] vfs_open+0x82/0x3f0 [ 516.833433][T12456] path_openat+0x1de4/0x2cb0 [ 516.833484][T12456] ? __pfx_path_openat+0x10/0x10 [ 516.833522][T12456] ? __lock_acquire+0xb8a/0x1c90 [ 516.833570][T12456] do_filp_open+0x20b/0x470 [ 516.833607][T12456] ? __pfx_do_filp_open+0x10/0x10 [ 516.833673][T12456] ? alloc_fd+0x471/0x7d0 [ 516.833718][T12456] do_sys_openat2+0x11b/0x1d0 [ 516.833768][T12456] ? __pfx_do_sys_openat2+0x10/0x10 [ 516.833835][T12456] __x64_sys_openat+0x174/0x210 [ 516.833886][T12456] ? __pfx___x64_sys_openat+0x10/0x10 [ 516.833955][T12456] do_syscall_64+0xcd/0xfa0 [ 516.833999][T12456] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 516.834034][T12456] RIP: 0033:0x7f42c518f6c9 [ 516.834061][T12456] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 516.834095][T12456] RSP: 002b:00007f42c5f9c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 516.834126][T12456] RAX: ffffffffffffffda RBX: 00007f42c53e5fa0 RCX: 00007f42c518f6c9 [ 516.834148][T12456] RDX: 0000000000000500 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 516.834169][T12456] RBP: 00007f42c5211f91 R08: 0000000000000000 R09: 0000000000000000 [ 516.834190][T12456] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 516.834209][T12456] R13: 00007f42c53e6038 R14: 00007f42c53e5fa0 R15: 00007ffc73587598 [ 516.834255][T12456] [ 516.834312][T12456] debugfs: out of free dentries, can not create symlink 'device' [ 517.008529][T11440] Bluetooth: hci4: command 0x0c1a tx timeout [ 517.164722][T11287] Bluetooth: hci0: command 0x0c1a tx timeout [ 517.170743][T11287] Bluetooth: hci3: command 0x0406 tx timeout [ 517.177293][T11287] Bluetooth: hci1: command 0x0406 tx timeout [ 517.183385][T11287] Bluetooth: hci5: command 0x0c1a tx timeout [ 518.727558][T12486] netlink: 46 bytes leftover after parsing attributes in process `syz.6.1963'. [ 519.109785][T11278] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 519.258587][T11440] Bluetooth: hci5: command 0x0c1a tx timeout [ 519.906174][T12509] random: crng reseeded on system resumption [ 519.952548][T12510] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1968'. [ 519.983756][T12510] netlink: 25 bytes leftover after parsing attributes in process `syz.5.1968'. [ 521.312821][T11440] Bluetooth: hci5: command 0x0c1a tx timeout [ 522.382530][T12545] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1981'. [ 523.006939][T12551] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 524.488171][T12577] netlink: 50 bytes leftover after parsing attributes in process `syz.5.1989'. [ 525.208079][T12560] Process accounting resumed [ 525.218775][T12587] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1995'. [ 525.285839][T12585] netlink: 186 bytes leftover after parsing attributes in process `syz.6.1993'. [ 525.325545][T12585] netlink: 186 bytes leftover after parsing attributes in process `syz.6.1993'. [ 525.922434][T12607] Invalid ELF header magic: != ELF [ 527.084874][T12624] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 527.145922][T12627] FAULT_INJECTION: forcing a failure. [ 527.145922][T12627] name failslab, interval 1, probability 393216, space 0, times 0 [ 527.180070][T12627] CPU: 1 UID: 0 PID: 12627 Comm: syz.5.2005 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 527.180141][T12627] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 527.180161][T12627] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 527.180180][T12627] Call Trace: [ 527.180190][T12627] [ 527.180202][T12627] dump_stack_lvl+0x16c/0x1f0 [ 527.180246][T12627] should_fail_ex+0x512/0x640 [ 527.180294][T12627] ? __kvmalloc_node_noprof+0x12e/0x9c0 [ 527.180344][T12627] should_failslab+0xc2/0x120 [ 527.180387][T12627] __kvmalloc_node_noprof+0x141/0x9c0 [ 527.180431][T12627] ? io_uring_setup+0x3ad/0x20e0 [ 527.180476][T12627] ? io_uring_setup+0x3ad/0x20e0 [ 527.180512][T12627] io_uring_setup+0x3ad/0x20e0 [ 527.180554][T12627] ? __pfx_io_uring_setup+0x10/0x10 [ 527.180590][T12627] ? do_futex+0x122/0x350 [ 527.180633][T12627] ? __pfx_do_futex+0x10/0x10 [ 527.180674][T12627] ? __fput+0x68d/0xb70 [ 527.180714][T12627] ? __pfx___might_resched+0x10/0x10 [ 527.180758][T12627] ? xfd_validate_state+0x61/0x180 [ 527.180800][T12627] ? __pfx___do_sys_close_range+0x10/0x10 [ 527.180842][T12627] __x64_sys_io_uring_setup+0xc2/0x170 [ 527.180881][T12627] do_syscall_64+0xcd/0xfa0 [ 527.180921][T12627] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 527.180950][T12627] RIP: 0033:0x7f42c518f6c9 [ 527.180972][T12627] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 527.180999][T12627] RSP: 002b:00007f42c5f7b038 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 527.181026][T12627] RAX: ffffffffffffffda RBX: 00007f42c53e6090 RCX: 00007f42c518f6c9 [ 527.181045][T12627] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006 [ 527.181062][T12627] RBP: 00007f42c5211f91 R08: 0000000000000000 R09: 0000000000000000 [ 527.181091][T12627] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 527.181109][T12627] R13: 00007f42c53e6128 R14: 00007f42c53e6090 R15: 00007ffc73587598 [ 527.181149][T12627] [ 527.603526][T12634] netlink: 25 bytes leftover after parsing attributes in process `syz.6.2007'. [ 527.633859][T12637] netlink: 338 bytes leftover after parsing attributes in process `syz.5.2008'. [ 527.682382][T12637] ipvlan1: entered allmulticast mode [ 527.687764][T12637] veth0_vlan: entered allmulticast mode [ 527.941693][T12641] nvme_fcloop: unknown parameter or missing value '0' [ 528.171675][T12641] hub 1-0:1.0: USB hub found [ 528.211659][T12641] hub 1-0:1.0: 1 port detected [ 528.272931][T12641] FAULT_INJECTION: forcing a failure. [ 528.272931][T12641] name failslab, interval 1, probability 393216, space 0, times 0 [ 528.346008][T12641] CPU: 1 UID: 0 PID: 12641 Comm: syz.6.2010 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 528.346065][T12641] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 528.346078][T12641] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 528.346092][T12641] Call Trace: [ 528.346100][T12641] [ 528.346109][T12641] dump_stack_lvl+0x16c/0x1f0 [ 528.346142][T12641] should_fail_ex+0x512/0x640 [ 528.346180][T12641] ? __kmalloc_node_track_caller_noprof+0xcb/0x8a0 [ 528.346214][T12641] should_failslab+0xc2/0x120 [ 528.346248][T12641] __kmalloc_node_track_caller_noprof+0xde/0x8a0 [ 528.346285][T12641] ? kstrdup_const+0x63/0x80 [ 528.346317][T12641] ? kstrdup+0x53/0x100 [ 528.346340][T12641] kstrdup+0x53/0x100 [ 528.346366][T12641] kstrdup_const+0x63/0x80 [ 528.346392][T12641] __kernfs_new_node+0x9b/0x8e0 [ 528.346428][T12641] ? __pfx___kernfs_new_node+0x10/0x10 [ 528.346466][T12641] ? find_held_lock+0x2b/0x80 [ 528.346492][T12641] ? kernfs_root+0xee/0x2a0 [ 528.346529][T12641] kernfs_new_node+0x13c/0x1e0 [ 528.346569][T12641] kernfs_create_dir_ns+0x4c/0x1a0 [ 528.346610][T12641] sysfs_create_dir_ns+0x13a/0x2b0 [ 528.346641][T12641] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 528.346669][T12641] ? find_held_lock+0x2b/0x80 [ 528.346698][T12641] ? do_raw_spin_unlock+0x172/0x230 [ 528.346722][T12641] kobject_add_internal+0x2c4/0x9b0 [ 528.346760][T12641] kobject_add+0x16e/0x240 [ 528.346792][T12641] ? __pfx_kobject_add+0x10/0x10 [ 528.346829][T12641] ? lockdep_init_map_type+0x5c/0x280 [ 528.346861][T12641] ? class_to_subsys+0x131/0x160 [ 528.346891][T12641] device_add+0x288/0x1aa0 [ 528.346929][T12641] ? lockdep_init_map_type+0x5c/0x280 [ 528.346963][T12641] ? __pfx_device_add+0x10/0x10 [ 528.346998][T12641] ? lockdep_init_map_type+0x5c/0x280 [ 528.347041][T12641] ? __init_waitqueue_head+0xca/0x150 [ 528.347070][T12641] usb_create_ep_devs+0x160/0x2b0 [ 528.347101][T12641] create_intf_ep_devs.isra.0+0x161/0x200 [ 528.347158][T12641] usb_set_configuration+0x11a7/0x1e20 [ 528.347198][T12641] bConfigurationValue_store+0x100/0x180 [ 528.347223][T12641] ? __pfx_bConfigurationValue_store+0x10/0x10 [ 528.347247][T12641] ? find_held_lock+0x2b/0x80 [ 528.347274][T12641] ? sysfs_file_kobj+0xe4/0x290 [ 528.347300][T12641] ? __pfx_bConfigurationValue_store+0x10/0x10 [ 528.347323][T12641] dev_attr_store+0x58/0x80 [ 528.347356][T12641] ? __pfx_dev_attr_store+0x10/0x10 [ 528.347389][T12641] sysfs_kf_write+0xf2/0x150 [ 528.347417][T12641] kernfs_fop_write_iter+0x3af/0x570 [ 528.347437][T12641] ? __pfx_sysfs_kf_write+0x10/0x10 [ 528.347465][T12641] iter_file_splice_write+0xa24/0x12e0 [ 528.347507][T12641] ? __pfx_iter_file_splice_write+0x10/0x10 [ 528.347555][T12641] ? __pfx_copy_splice_read+0x10/0x10 [ 528.347594][T12641] ? __pfx_iter_file_splice_write+0x10/0x10 [ 528.347622][T12641] direct_splice_actor+0x192/0x6c0 [ 528.347650][T12641] splice_direct_to_actor+0x345/0xa30 [ 528.347676][T12641] ? __pfx_direct_splice_actor+0x10/0x10 [ 528.347706][T12641] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 528.347738][T12641] do_splice_direct+0x174/0x240 [ 528.347762][T12641] ? __pfx_do_splice_direct+0x10/0x10 [ 528.347786][T12641] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 528.347831][T12641] ? rw_verify_area+0xcf/0x6c0 [ 528.347856][T12641] do_sendfile+0xb06/0xe50 [ 528.347886][T12641] ? __pfx_do_sendfile+0x10/0x10 [ 528.347916][T12641] ? __x64_sys_futex+0x1e0/0x4c0 [ 528.347948][T12641] ? __x64_sys_futex+0x1e9/0x4c0 [ 528.347983][T12641] __x64_sys_sendfile64+0x1d8/0x220 [ 528.348022][T12641] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 528.348063][T12641] do_syscall_64+0xcd/0xfa0 [ 528.348096][T12641] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 528.348121][T12641] RIP: 0033:0x7f35ed18f6c9 [ 528.348139][T12641] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 528.348163][T12641] RSP: 002b:00007f35edfe2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 528.348186][T12641] RAX: ffffffffffffffda RBX: 00007f35ed3e5fa0 RCX: 00007f35ed18f6c9 [ 528.348202][T12641] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000007 [ 528.348216][T12641] RBP: 00007f35ed211f91 R08: 0000000000000000 R09: 0000000000000000 [ 528.348230][T12641] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000000 [ 528.348244][T12641] R13: 00007f35ed3e6038 R14: 00007f35ed3e5fa0 R15: 00007ffc877b27a8 [ 528.348275][T12641] [ 528.810795][T12641] kobject: kobject_add_internal failed for ep_81 (error: -12 parent: 1-0:1.0) [ 529.647310][T12660] FAULT_INJECTION: forcing a failure. [ 529.647310][T12660] name failslab, interval 1, probability 393216, space 0, times 0 [ 529.695851][T12660] CPU: 0 UID: 0 PID: 12660 Comm: syz.6.2014 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 529.695926][T12660] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 529.695946][T12660] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 529.695973][T12660] Call Trace: [ 529.695985][T12660] [ 529.695998][T12660] dump_stack_lvl+0x16c/0x1f0 [ 529.696043][T12660] should_fail_ex+0x512/0x640 [ 529.696092][T12660] ? kmem_cache_alloc_noprof+0x62/0x6e0 [ 529.696131][T12660] should_failslab+0xc2/0x120 [ 529.696180][T12660] kmem_cache_alloc_noprof+0x75/0x6e0 [ 529.696214][T12660] ? vm_area_dup+0x27/0x8d0 [ 529.696252][T12660] ? vm_area_dup+0x27/0x8d0 [ 529.696279][T12660] vm_area_dup+0x27/0x8d0 [ 529.696312][T12660] __split_vma+0x18e/0x1070 [ 529.696341][T12660] ? __lock_acquire+0x622/0x1c90 [ 529.696390][T12660] ? __pfx___split_vma+0x10/0x10 [ 529.696441][T12660] vma_modify+0xee1/0x2030 [ 529.696475][T12660] ? is_bpf_text_address+0x8a/0x1a0 [ 529.696521][T12660] ? bpf_ksym_find+0x124/0x1c0 [ 529.696558][T12660] ? __pfx_vma_modify+0x10/0x10 [ 529.696587][T12660] ? is_bpf_text_address+0x94/0x1a0 [ 529.696634][T12660] ? kernel_text_address+0x8d/0x100 [ 529.696671][T12660] vma_modify_name+0x20d/0x2c0 [ 529.696703][T12660] ? __pfx_vma_modify_name+0x10/0x10 [ 529.696763][T12660] madvise_vma_behavior+0xe69/0x2d50 [ 529.696817][T12660] ? mas_prev_setup.constprop.0+0xb6/0x9d0 [ 529.696858][T12660] ? __pfx_madvise_vma_behavior+0x10/0x10 [ 529.696909][T12660] ? mas_prev+0x9b/0xf0 [ 529.696956][T12660] ? __pfx_mas_prev+0x10/0x10 [ 529.697011][T12660] ? find_vma_prev+0xd3/0x150 [ 529.697054][T12660] ? __pfx_find_vma_prev+0x10/0x10 [ 529.697123][T12660] madvise_walk_vmas+0x31f/0x9c0 [ 529.697178][T12660] ? __pfx_madvise_walk_vmas+0x10/0x10 [ 529.697224][T12660] ? kfree+0x2b8/0x6d0 [ 529.697253][T12660] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 529.697314][T12660] set_anon_vma_name+0x32b/0x4b0 [ 529.697365][T12660] ? __pfx_set_anon_vma_name+0x10/0x10 [ 529.697427][T12660] ? static_key_count+0x5a/0x70 [ 529.697471][T12660] ? security_task_prctl+0x11c/0x160 [ 529.697519][T12660] __do_sys_prctl+0xab0/0x2250 [ 529.697576][T12660] ? __pfx___do_sys_prctl+0x10/0x10 [ 529.697640][T12660] do_syscall_64+0xcd/0xfa0 [ 529.697682][T12660] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 529.697714][T12660] RIP: 0033:0x7f35ed18f6c9 [ 529.697757][T12660] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 529.697791][T12660] RSP: 002b:00007f35edfc1038 EFLAGS: 00000246 ORIG_RAX: 000000000000009d [ 529.697822][T12660] RAX: ffffffffffffffda RBX: 00007f35ed3e6090 RCX: 00007f35ed18f6c9 [ 529.697843][T12660] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000053564d41 [ 529.697863][T12660] RBP: 00007f35ed211f91 R08: 0000000000000002 R09: 0000000000000000 [ 529.697882][T12660] R10: 0000000000008002 R11: 0000000000000246 R12: 0000000000000000 [ 529.697901][T12660] R13: 00007f35ed3e6128 R14: 00007f35ed3e6090 R15: 00007ffc877b27a8 [ 529.697944][T12660] [ 532.689850][T12716] validate_nla: 3 callbacks suppressed [ 532.689885][T12716] netlink: 'syz.3.2030': attribute type 4 has an invalid length. [ 532.703591][T12716] netlink: 'syz.3.2030': attribute type 5 has an invalid length. [ 532.711361][T12716] netlink: 10 bytes leftover after parsing attributes in process `syz.3.2030'. [ 533.009200][T12725] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2032'. [ 533.020865][T12725] netlink: 13 bytes leftover after parsing attributes in process `syz.6.2032'. [ 533.280636][T12730] netlink: 246 bytes leftover after parsing attributes in process `syz.3.2034'. [ 534.419646][T12746] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2038'. [ 535.052993][T12758] cougar: G6 mapped to space [ 536.586796][T12781] netlink: 'syz.6.2050': attribute type 10 has an invalid length. [ 536.596759][T12781] netlink: 330 bytes leftover after parsing attributes in process `syz.6.2050'. [ 536.814766][T12785] netlink: 186 bytes leftover after parsing attributes in process `syz.5.2052'. [ 536.943499][T12791] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2051'. [ 538.615463][T12819] netlink: 25 bytes leftover after parsing attributes in process `syz.6.2060'. [ 539.503028][T12829] netlink: 338 bytes leftover after parsing attributes in process `syz.4.2065'. [ 543.178023][T12861] FAULT_INJECTION: forcing a failure. [ 543.178023][T12861] name failslab, interval 1, probability 393216, space 0, times 0 [ 543.191717][T12861] CPU: 1 UID: 0 PID: 12861 Comm: syz.6.2075 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 543.191787][T12861] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 543.191805][T12861] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 543.191825][T12861] Call Trace: [ 543.191835][T12861] [ 543.191847][T12861] dump_stack_lvl+0x16c/0x1f0 [ 543.191897][T12861] should_fail_ex+0x512/0x640 [ 543.191946][T12861] ? fs_reclaim_acquire+0xae/0x150 [ 543.191992][T12861] should_failslab+0xc2/0x120 [ 543.192034][T12861] __kmalloc_noprof+0xdd/0x880 [ 543.192088][T12861] ? security_inode_init_security+0x13f/0x390 [ 543.192140][T12861] ? security_inode_init_security+0x13f/0x390 [ 543.192180][T12861] security_inode_init_security+0x13f/0x390 [ 543.192225][T12861] ? __pfx_shmem_initxattrs+0x10/0x10 [ 543.192269][T12861] ? __pfx_security_inode_init_security+0x10/0x10 [ 543.192316][T12861] ? shmem_get_inode+0x73a/0xfb0 [ 543.192370][T12861] shmem_symlink+0x135/0x9f0 [ 543.192410][T12861] ? __pfx_shmem_symlink+0x10/0x10 [ 543.192445][T12861] ? bpf_lsm_inode_permission+0x9/0x10 [ 543.192479][T12861] ? security_inode_permission+0xbf/0x260 [ 543.192515][T12861] ? inode_permission+0x156/0x630 [ 543.192567][T12861] vfs_symlink+0x403/0x680 [ 543.192621][T12861] do_symlinkat+0x261/0x310 [ 543.192663][T12861] ? __pfx_do_symlinkat+0x10/0x10 [ 543.192715][T12861] ? getname_flags.part.0+0x1c5/0x550 [ 543.192774][T12861] __x64_sys_symlink+0x75/0x90 [ 543.192818][T12861] do_syscall_64+0xcd/0xfa0 [ 543.192861][T12861] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 543.192895][T12861] RIP: 0033:0x7f35ed18f6c9 [ 543.192922][T12861] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 543.192956][T12861] RSP: 002b:00007f35edfe2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000058 [ 543.192987][T12861] RAX: ffffffffffffffda RBX: 00007f35ed3e5fa0 RCX: 00007f35ed18f6c9 [ 543.193009][T12861] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000180 [ 543.193030][T12861] RBP: 00007f35ed211f91 R08: 0000000000000000 R09: 0000000000000000 [ 543.193051][T12861] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 543.193071][T12861] R13: 00007f35ed3e6038 R14: 00007f35ed3e5fa0 R15: 00007ffc877b27a8 [ 543.193117][T12861] [ 544.375818][T12866] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2077'. [ 544.595969][T12866] netlink: 13 bytes leftover after parsing attributes in process `syz.4.2077'. [ 547.144502][T12904] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2090'. [ 547.158021][T12904] netlink: 13 bytes leftover after parsing attributes in process `syz.3.2090'. [ 547.333928][T12909] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2091'. [ 547.343522][T12909] geneve1: entered promiscuous mode [ 547.349459][T12909] geneve1: entered allmulticast mode [ 548.324801][T12926] FAULT_INJECTION: forcing a failure. [ 548.324801][T12926] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 548.372043][T12926] CPU: 0 UID: 0 PID: 12926 Comm: syz.3.2100 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 548.372109][T12926] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 548.372127][T12926] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 548.372144][T12926] Call Trace: [ 548.372156][T12926] [ 548.372167][T12926] dump_stack_lvl+0x16c/0x1f0 [ 548.372211][T12926] should_fail_ex+0x512/0x640 [ 548.372263][T12926] should_fail_alloc_page+0xe7/0x130 [ 548.372306][T12926] prepare_alloc_pages+0x3c2/0x610 [ 548.372345][T12926] ? arch_stack_walk+0xa6/0x100 [ 548.372382][T12926] __alloc_frozen_pages_noprof+0x18b/0x2470 [ 548.372415][T12926] ? __lock_acquire+0x622/0x1c90 [ 548.372478][T12926] ? __lock_acquire+0x622/0x1c90 [ 548.372525][T12926] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 548.372585][T12926] ? find_held_lock+0x2b/0x80 [ 548.372612][T12926] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 548.372663][T12926] ? policy_nodemask+0xea/0x4e0 [ 548.372704][T12926] alloc_pages_mpol+0x1fb/0x550 [ 548.372749][T12926] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 548.372792][T12926] ? arch_stack_walk+0xa6/0x100 [ 548.372829][T12926] ? __pfx_ieee80211_emulate_remove_chanctx+0x10/0x10 [ 548.372878][T12926] ___kmalloc_large_node+0xed/0x160 [ 548.372930][T12926] ? __pfx_ieee80211_emulate_remove_chanctx+0x10/0x10 [ 548.372979][T12926] __kmalloc_large_node_noprof+0x1c/0x70 [ 548.373029][T12926] __kmalloc_noprof.cold+0xc/0x62 [ 548.373082][T12926] ? stack_depot_save_flags+0x29/0x9c0 [ 548.373130][T12926] ? __pfx_stack_trace_save+0x10/0x10 [ 548.373166][T12926] ? wiphy_new_nm+0x701/0x2190 [ 548.373209][T12926] ? __pfx_ieee80211_emulate_add_chanctx+0x10/0x10 [ 548.373263][T12926] ? __pfx_ieee80211_emulate_remove_chanctx+0x10/0x10 [ 548.373308][T12926] ? wiphy_new_nm+0x701/0x2190 [ 548.373342][T12926] ? do_raw_spin_lock+0x12c/0x2b0 [ 548.373389][T12926] wiphy_new_nm+0x701/0x2190 [ 548.373430][T12926] ? __pfx_ieee80211_emulate_add_chanctx+0x10/0x10 [ 548.373484][T12926] ? __pfx_ieee80211_emulate_remove_chanctx+0x10/0x10 [ 548.373530][T12926] ieee80211_alloc_hw_nm+0x1bb5/0x22b0 [ 548.373572][T12926] ? __local_bh_enable_ip+0xa4/0x120 [ 548.373617][T12926] mac80211_hwsim_new_radio+0x1d3/0x50b0 [ 548.373671][T12926] ? __asan_memset+0x23/0x50 [ 548.373707][T12926] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 548.373754][T12926] hwsim_new_radio_nl+0xba2/0x1330 [ 548.373791][T12926] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 548.373837][T12926] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 548.373879][T12926] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 548.373932][T12926] genl_family_rcv_msg_doit+0x209/0x2f0 [ 548.373976][T12926] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 548.374032][T12926] ? bpf_lsm_capable+0x9/0x10 [ 548.374076][T12926] ? security_capable+0x7e/0x260 [ 548.374121][T12926] ? ns_capable+0xd7/0x110 [ 548.374159][T12926] genl_rcv_msg+0x55c/0x800 [ 548.374205][T12926] ? __pfx_genl_rcv_msg+0x10/0x10 [ 548.374247][T12926] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 548.374298][T12926] netlink_rcv_skb+0x158/0x420 [ 548.374333][T12926] ? __pfx_genl_rcv_msg+0x10/0x10 [ 548.374375][T12926] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 548.374427][T12926] ? netlink_deliver_tap+0x1ae/0xd30 [ 548.374476][T12926] genl_rcv+0x28/0x40 [ 548.374513][T12926] netlink_unicast+0x5aa/0x870 [ 548.374553][T12926] ? __pfx_netlink_unicast+0x10/0x10 [ 548.374602][T12926] netlink_sendmsg+0x8c8/0xdd0 [ 548.374643][T12926] ? __pfx_netlink_sendmsg+0x10/0x10 [ 548.374683][T12926] ? aa_sock_msg_perm.constprop.0+0x100/0x1d0 [ 548.374736][T12926] ____sys_sendmsg+0xa98/0xc70 [ 548.374779][T12926] ? copy_msghdr_from_user+0x10a/0x160 [ 548.374812][T12926] ? __pfx_____sys_sendmsg+0x10/0x10 [ 548.374864][T12926] ? __pfx_futex_wake_mark+0x10/0x10 [ 548.374923][T12926] ___sys_sendmsg+0x134/0x1d0 [ 548.374950][T12926] ? find_held_lock+0x2b/0x80 [ 548.374986][T12926] ? __pfx____sys_sendmsg+0x10/0x10 [ 548.375014][T12926] ? __lock_acquire+0x622/0x1c90 [ 548.375112][T12926] __sys_sendmsg+0x16d/0x220 [ 548.375145][T12926] ? __pfx___sys_sendmsg+0x10/0x10 [ 548.375175][T12926] ? __x64_sys_futex+0x1e0/0x4c0 [ 548.375247][T12926] do_syscall_64+0xcd/0xfa0 [ 548.375290][T12926] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 548.375324][T12926] RIP: 0033:0x7fdf80b8f6c9 [ 548.375350][T12926] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 548.375383][T12926] RSP: 002b:00007fdf819ca038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 548.375415][T12926] RAX: ffffffffffffffda RBX: 00007fdf80de5fa0 RCX: 00007fdf80b8f6c9 [ 548.375437][T12926] RDX: 0000000000008000 RSI: 0000200000000200 RDI: 0000000000000007 [ 548.375468][T12926] RBP: 00007fdf80c11f91 R08: 0000000000000000 R09: 0000000000000000 [ 548.375489][T12926] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 548.375509][T12926] R13: 00007fdf80de6038 R14: 00007fdf80de5fa0 R15: 00007fff8c9f4608 [ 548.375555][T12926] [ 549.199142][T12935] FAULT_INJECTION: forcing a failure. [ 549.199142][T12935] name failslab, interval 1, probability 393216, space 0, times 0 [ 549.220598][T12935] CPU: 0 UID: 0 PID: 12935 Comm: syz.6.2102 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 549.220671][T12935] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 549.220690][T12935] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 549.220709][T12935] Call Trace: [ 549.220720][T12935] [ 549.220733][T12935] dump_stack_lvl+0x16c/0x1f0 [ 549.220777][T12935] should_fail_ex+0x512/0x640 [ 549.220831][T12935] ? __kmalloc_cache_noprof+0x5f/0x780 [ 549.220867][T12935] should_failslab+0xc2/0x120 [ 549.220911][T12935] __kmalloc_cache_noprof+0x72/0x780 [ 549.220943][T12935] ? resv_map_alloc+0x7e/0x400 [ 549.220994][T12935] ? resv_map_alloc+0x7e/0x400 [ 549.221035][T12935] resv_map_alloc+0x7e/0x400 [ 549.221083][T12935] hugetlb_reserve_pages+0x53c/0xf40 [ 549.221135][T12935] ? __vma_enter_locked+0x163/0x3f0 [ 549.221188][T12935] ? __pfx_hugetlb_reserve_pages+0x10/0x10 [ 549.221244][T12935] ? atime_needs_update+0x8b/0x710 [ 549.221302][T12935] hugetlbfs_file_mmap+0x4a1/0x730 [ 549.221345][T12935] __mmap_region+0x1309/0x27a0 [ 549.221384][T12935] ? __pfx___mmap_region+0x10/0x10 [ 549.221415][T12935] ? find_held_lock+0x2b/0x80 [ 549.221449][T12935] ? is_bpf_text_address+0x8a/0x1a0 [ 549.221504][T12935] ? bpf_ksym_find+0x124/0x1c0 [ 549.221542][T12935] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 549.221595][T12935] ? is_bpf_text_address+0x94/0x1a0 [ 549.221670][T12935] ? __pfx_stack_trace_save+0x10/0x10 [ 549.221756][T12935] ? trace_cap_capable+0x18d/0x200 [ 549.221813][T12935] mmap_region+0x1ab/0x3f0 [ 549.221844][T12935] ? __get_unmapped_area+0x267/0x440 [ 549.221891][T12935] do_mmap+0xa3e/0x1210 [ 549.221936][T12935] ? __pfx_do_mmap+0x10/0x10 [ 549.221978][T12935] ? __pfx_down_write_killable+0x10/0x10 [ 549.222028][T12935] vm_mmap_pgoff+0x29e/0x470 [ 549.222074][T12935] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 549.222111][T12935] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 549.222158][T12935] ? hugetlbfs_get_inode+0x31f/0x730 [ 549.222207][T12935] ksys_mmap_pgoff+0x1c8/0x5c0 [ 549.222255][T12935] __x64_sys_mmap+0x125/0x190 [ 549.222307][T12935] do_syscall_64+0xcd/0xfa0 [ 549.222348][T12935] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 549.222378][T12935] RIP: 0033:0x7f35ed18f6c9 [ 549.222404][T12935] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 549.222436][T12935] RSP: 002b:00007f35edfe2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 549.222474][T12935] RAX: ffffffffffffffda RBX: 00007f35ed3e5fa0 RCX: 00007f35ed18f6c9 [ 549.222495][T12935] RDX: 00004000000000e3 RSI: 0000000000200004 RDI: 0000000000000000 [ 549.222514][T12935] RBP: 00007f35ed211f91 R08: 000000000000000d R09: 0000300000000000 [ 549.222533][T12935] R10: 0000000000040eb2 R11: 0000000000000246 R12: 0000000000000000 [ 549.222552][T12935] R13: 00007f35ed3e6038 R14: 00007f35ed3e5fa0 R15: 00007ffc877b27a8 [ 549.222592][T12935] [ 550.064970][T12944] netlink: 252 bytes leftover after parsing attributes in process `syz.6.2114'. [ 550.129646][T12944] netlink: 252 bytes leftover after parsing attributes in process `syz.6.2114'. [ 551.001457][T12962] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2121'. [ 551.026234][T12962] mac80211_hwsim hwsim13 wlan1: entered allmulticast mode [ 551.614187][T12972] FAULT_INJECTION: forcing a failure. [ 551.614187][T12972] name fail_futex, interval 1, probability 0, space 0, times 0 [ 551.928856][T12972] CPU: 0 UID: 0 PID: 12972 Comm: syz.6.2113 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 551.928931][T12972] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 551.928951][T12972] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 551.928972][T12972] Call Trace: [ 551.928983][T12972] [ 551.928996][T12972] dump_stack_lvl+0x16c/0x1f0 [ 551.929043][T12972] should_fail_ex+0x512/0x640 [ 551.929101][T12972] get_futex_key+0x1d0/0x1560 [ 551.929162][T12972] ? __pfx_get_futex_key+0x10/0x10 [ 551.929222][T12972] futex_wake+0xea/0x530 [ 551.929275][T12972] ? rcu_is_watching+0x12/0xc0 [ 551.929313][T12972] ? __pfx_futex_wake+0x10/0x10 [ 551.929371][T12972] ? kmem_cache_free+0x2d4/0x6c0 [ 551.929407][T12972] ? putname+0x154/0x1a0 [ 551.929458][T12972] do_futex+0x1e3/0x350 [ 551.929504][T12972] ? __pfx_do_futex+0x10/0x10 [ 551.929562][T12972] __x64_sys_futex+0x1e0/0x4c0 [ 551.929611][T12972] ? __x64_sys_openat+0x174/0x210 [ 551.929662][T12972] ? __pfx___x64_sys_futex+0x10/0x10 [ 551.929737][T12972] do_syscall_64+0xcd/0xfa0 [ 551.929780][T12972] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 551.929813][T12972] RIP: 0033:0x7f35ed18f6c9 [ 551.929838][T12972] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 551.929869][T12972] RSP: 002b:00007f35edfc10e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 551.929901][T12972] RAX: ffffffffffffffda RBX: 00007f35ed3e6098 RCX: 00007f35ed18f6c9 [ 551.929922][T12972] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f35ed3e609c [ 551.929943][T12972] RBP: 00007f35ed3e6090 R08: 00007f35edfe3000 R09: 0000000000000000 [ 551.929963][T12972] R10: 0000000000000007 R11: 0000000000000246 R12: 0000000000000000 [ 551.929982][T12972] R13: 00007f35ed3e6128 R14: 00007ffc877b26c0 R15: 00007ffc877b27a8 [ 551.930025][T12972] [ 554.323609][T12992] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2120'. [ 554.370392][T12992] netlink: 354 bytes leftover after parsing attributes in process `syz.4.2120'. [ 554.712993][T11275] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 554.729323][T11275] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 554.741584][T11275] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 554.764163][T11275] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 554.777265][T11275] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 555.632193][T13001] Process accounting paused [ 555.964806][T13017] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 555.971048][T13017] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 555.988336][T13017] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 556.004016][T13017] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 556.014983][T13017] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 556.026109][T13017] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 556.035174][T13017] Bluetooth: hci6: Opcode 0x0c1a failed: -4 [ 556.041651][T13017] Bluetooth: hci6: Opcode 0x0406 failed: -4 [ 556.055075][T13017] Bluetooth: hci6: Opcode 0x0406 failed: -4 [ 556.691152][T13005] chnl_net:caif_netlink_parms(): no params data found [ 556.721572][T13045] FAULT_INJECTION: forcing a failure. [ 556.721572][T13045] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 556.795029][T13045] CPU: 1 UID: 0 PID: 13045 Comm: syz.4.2129 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 556.795100][T13045] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 556.795121][T13045] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 556.795140][T13045] Call Trace: [ 556.795150][T13045] [ 556.795163][T13045] dump_stack_lvl+0x16c/0x1f0 [ 556.795208][T13045] should_fail_ex+0x512/0x640 [ 556.795266][T13045] should_fail_alloc_page+0xe7/0x130 [ 556.795338][T13045] prepare_alloc_pages+0x3c2/0x610 [ 556.795382][T13045] ? arch_stack_walk+0xa6/0x100 [ 556.795419][T13045] __alloc_frozen_pages_noprof+0x18b/0x2470 [ 556.795454][T13045] ? __lock_acquire+0x622/0x1c90 [ 556.795508][T13045] ? __lock_acquire+0x622/0x1c90 [ 556.795557][T13045] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 556.795619][T13045] ? find_held_lock+0x2b/0x80 [ 556.795647][T13045] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 556.795713][T13045] ? policy_nodemask+0xea/0x4e0 [ 556.795761][T13045] alloc_pages_mpol+0x1fb/0x550 [ 556.795808][T13045] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 556.795854][T13045] ? arch_stack_walk+0xa6/0x100 [ 556.795895][T13045] ? __pfx_ieee80211_emulate_remove_chanctx+0x10/0x10 [ 556.795941][T13045] ___kmalloc_large_node+0xed/0x160 [ 556.795993][T13045] ? __pfx_ieee80211_emulate_remove_chanctx+0x10/0x10 [ 556.796039][T13045] __kmalloc_large_node_noprof+0x1c/0x70 [ 556.796090][T13045] __kmalloc_noprof.cold+0xc/0x62 [ 556.796136][T13045] ? stack_depot_save_flags+0x29/0x9c0 [ 556.796185][T13045] ? __pfx_stack_trace_save+0x10/0x10 [ 556.796221][T13045] ? wiphy_new_nm+0x701/0x2190 [ 556.796265][T13045] ? __pfx_ieee80211_emulate_add_chanctx+0x10/0x10 [ 556.796311][T13045] ? __pfx_ieee80211_emulate_remove_chanctx+0x10/0x10 [ 556.796360][T13045] ? wiphy_new_nm+0x701/0x2190 [ 556.796396][T13045] ? do_raw_spin_lock+0x12c/0x2b0 [ 556.796444][T13045] wiphy_new_nm+0x701/0x2190 [ 556.796487][T13045] ? __pfx_ieee80211_emulate_add_chanctx+0x10/0x10 [ 556.796534][T13045] ? __pfx_ieee80211_emulate_remove_chanctx+0x10/0x10 [ 556.796582][T13045] ieee80211_alloc_hw_nm+0x1bb5/0x22b0 [ 556.796625][T13045] ? __local_bh_enable_ip+0xa4/0x120 [ 556.796669][T13045] mac80211_hwsim_new_radio+0x1d3/0x50b0 [ 556.796734][T13045] ? __asan_memset+0x23/0x50 [ 556.796771][T13045] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 556.796822][T13045] hwsim_new_radio_nl+0xba2/0x1330 [ 556.796864][T13045] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 556.796913][T13045] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 556.796958][T13045] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 556.797011][T13045] genl_family_rcv_msg_doit+0x209/0x2f0 [ 556.797057][T13045] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 556.797113][T13045] ? bpf_lsm_capable+0x9/0x10 [ 556.797156][T13045] ? security_capable+0x7e/0x260 [ 556.797205][T13045] ? ns_capable+0xd7/0x110 [ 556.797242][T13045] genl_rcv_msg+0x55c/0x800 [ 556.797287][T13045] ? __pfx_genl_rcv_msg+0x10/0x10 [ 556.797329][T13045] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 556.797380][T13045] netlink_rcv_skb+0x158/0x420 [ 556.797415][T13045] ? __pfx_genl_rcv_msg+0x10/0x10 [ 556.797458][T13045] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 556.797513][T13045] ? netlink_deliver_tap+0x1ae/0xd30 [ 556.797553][T13045] genl_rcv+0x28/0x40 [ 556.797587][T13045] netlink_unicast+0x5aa/0x870 [ 556.797629][T13045] ? __pfx_netlink_unicast+0x10/0x10 [ 556.797682][T13045] netlink_sendmsg+0x8c8/0xdd0 [ 556.797732][T13045] ? __pfx_netlink_sendmsg+0x10/0x10 [ 556.797775][T13045] ? aa_sock_msg_perm.constprop.0+0x100/0x1d0 [ 556.797830][T13045] ____sys_sendmsg+0xa98/0xc70 [ 556.797875][T13045] ? copy_msghdr_from_user+0x10a/0x160 [ 556.797908][T13045] ? __pfx_____sys_sendmsg+0x10/0x10 [ 556.797961][T13045] ? __pfx_futex_wake_mark+0x10/0x10 [ 556.798020][T13045] ___sys_sendmsg+0x134/0x1d0 [ 556.798050][T13045] ? find_held_lock+0x2b/0x80 [ 556.798086][T13045] ? __pfx____sys_sendmsg+0x10/0x10 [ 556.798117][T13045] ? __lock_acquire+0x622/0x1c90 [ 556.798226][T13045] __sys_sendmsg+0x16d/0x220 [ 556.798258][T13045] ? __pfx___sys_sendmsg+0x10/0x10 [ 556.798289][T13045] ? __x64_sys_futex+0x1e0/0x4c0 [ 556.798358][T13045] do_syscall_64+0xcd/0xfa0 [ 556.798399][T13045] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 556.798430][T13045] RIP: 0033:0x7eff7458f6c9 [ 556.798454][T13045] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 556.798486][T13045] RSP: 002b:00007eff75374038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 556.798516][T13045] RAX: ffffffffffffffda RBX: 00007eff747e5fa0 RCX: 00007eff7458f6c9 [ 556.798538][T13045] RDX: 0000000000008000 RSI: 0000200000000200 RDI: 0000000000000007 [ 556.798559][T13045] RBP: 00007eff74611f91 R08: 0000000000000000 R09: 0000000000000000 [ 556.798578][T13045] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 556.798597][T13045] R13: 00007eff747e6038 R14: 00007eff747e5fa0 R15: 00007ffd7d0d6cf8 [ 556.798641][T13045] [ 557.353662][T11440] Bluetooth: hci2: command 0x0406 tx timeout [ 558.032516][T11275] Bluetooth: hci5: command 0x0c1a tx timeout [ 558.038637][T11440] Bluetooth: hci4: command 0x0c1a tx timeout [ 558.044882][T11440] Bluetooth: hci0: command 0x0c1a tx timeout [ 558.050937][T11440] Bluetooth: hci3: command 0x0406 tx timeout [ 558.054769][T13073] netlink: 86 bytes leftover after parsing attributes in process `syz.6.2135'. [ 558.057864][T11287] Bluetooth: hci1: command 0x0406 tx timeout [ 558.113202][T13075] Bluetooth: hci6: command 0x041b tx timeout [ 558.186353][T13005] bridge0: port 1(bridge_slave_0) entered blocking state [ 558.202213][T13005] bridge0: port 1(bridge_slave_0) entered disabled state [ 558.235094][T13005] bridge_slave_0: entered allmulticast mode [ 558.247029][T13005] bridge_slave_0: entered promiscuous mode [ 558.295791][T13005] bridge0: port 2(bridge_slave_1) entered blocking state [ 558.314988][T13005] bridge0: port 2(bridge_slave_1) entered disabled state [ 558.345393][T13005] bridge_slave_1: entered allmulticast mode [ 558.389787][T13005] bridge_slave_1: entered promiscuous mode [ 558.397626][T13085] netlink: 13 bytes leftover after parsing attributes in process `syz.6.2138'. [ 558.489187][T13081] netlink: 'syz.4.2137': attribute type 1 has an invalid length. [ 558.584731][T13005] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 558.637880][T13005] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 558.807797][T13005] team0: Port device team_slave_0 added [ 558.954333][T13005] team0: Port device team_slave_1 added [ 559.211036][T13005] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 559.222005][T13005] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 559.312786][T13005] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 559.387371][T13005] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 559.410043][T13005] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 559.468302][T13005] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 559.683637][T13005] hsr_slave_0: entered promiscuous mode [ 559.701108][T13005] hsr_slave_1: entered promiscuous mode [ 559.714065][T13005] debugfs: 'hsr0' already exists in 'hsr' [ 559.730311][T13005] Cannot create hsr debugfs directory [ 560.195206][T11287] Bluetooth: hci6: command 0x041b tx timeout [ 561.169614][T13140] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2147'. [ 561.213185][T13140] netlink: 13 bytes leftover after parsing attributes in process `syz.6.2147'. [ 561.300535][T13005] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 561.416043][T13005] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 561.457007][T13005] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 561.566633][T13005] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 561.689644][T13153] netlink: 330 bytes leftover after parsing attributes in process `syz.4.2149'. [ 562.009199][T13005] 8021q: adding VLAN 0 to HW filter on device bond0 [ 562.107678][T13005] 8021q: adding VLAN 0 to HW filter on device team0 [ 562.183387][T11278] bridge0: port 1(bridge_slave_0) entered blocking state [ 562.190689][T11278] bridge0: port 1(bridge_slave_0) entered forwarding state [ 562.272060][T11287] Bluetooth: hci6: command 0x041b tx timeout [ 562.281652][T11276] bridge0: port 2(bridge_slave_1) entered blocking state [ 562.288901][T11276] bridge0: port 2(bridge_slave_1) entered forwarding state [ 562.431579][T13005] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 562.472336][T13165] FAULT_INJECTION: forcing a failure. [ 562.472336][T13165] name failslab, interval 1, probability 393216, space 0, times 0 [ 562.491812][T13165] CPU: 0 UID: 0 PID: 13165 Comm: syz.4.2152 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 562.491888][T13165] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 562.491906][T13165] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 562.491932][T13165] Call Trace: [ 562.491942][T13165] [ 562.491953][T13165] dump_stack_lvl+0x16c/0x1f0 [ 562.491997][T13165] should_fail_ex+0x512/0x640 [ 562.492043][T13165] ? __kvmalloc_node_noprof+0x12e/0x9c0 [ 562.492085][T13165] should_failslab+0xc2/0x120 [ 562.492125][T13165] __kvmalloc_node_noprof+0x141/0x9c0 [ 562.492165][T13165] ? bucket_table_alloc.isra.0+0x88/0x460 [ 562.492217][T13165] ? bucket_table_alloc.isra.0+0x88/0x460 [ 562.492261][T13165] bucket_table_alloc.isra.0+0x88/0x460 [ 562.492311][T13165] rhashtable_init_noprof+0x41a/0x7e0 [ 562.492355][T13165] ? __init_waitqueue_head+0xca/0x150 [ 562.492390][T13165] rhltable_init_noprof+0x20/0x60 [ 562.492437][T13165] sta_info_init+0x5f/0x160 [ 562.492474][T13165] ieee80211_alloc_hw_nm+0x87b/0x22b0 [ 562.492516][T13165] ? __local_bh_enable_ip+0xa4/0x120 [ 562.492558][T13165] mac80211_hwsim_new_radio+0x1d3/0x50b0 [ 562.492610][T13165] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 562.492668][T13165] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 562.492717][T13165] hwsim_new_radio_nl+0xba2/0x1330 [ 562.492756][T13165] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 562.492805][T13165] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 562.492850][T13165] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 562.492902][T13165] genl_family_rcv_msg_doit+0x209/0x2f0 [ 562.492956][T13165] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 562.493012][T13165] ? bpf_lsm_capable+0x9/0x10 [ 562.493056][T13165] ? security_capable+0x7e/0x260 [ 562.493103][T13165] ? ns_capable+0xd7/0x110 [ 562.493140][T13165] genl_rcv_msg+0x55c/0x800 [ 562.493185][T13165] ? __pfx_genl_rcv_msg+0x10/0x10 [ 562.493226][T13165] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 562.493299][T13165] netlink_rcv_skb+0x158/0x420 [ 562.493337][T13165] ? __pfx_genl_rcv_msg+0x10/0x10 [ 562.493381][T13165] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 562.493434][T13165] ? netlink_deliver_tap+0x1ae/0xd30 [ 562.493474][T13165] genl_rcv+0x28/0x40 [ 562.493509][T13165] netlink_unicast+0x5aa/0x870 [ 562.493551][T13165] ? __pfx_netlink_unicast+0x10/0x10 [ 562.493591][T13165] ? __alloc_skb+0x200/0x380 [ 562.493640][T13165] ? netlink_alloc_large_skb+0x69/0x140 [ 562.493682][T13165] netlink_sendmsg+0x8c8/0xdd0 [ 562.493726][T13165] ? __pfx_netlink_sendmsg+0x10/0x10 [ 562.493768][T13165] ? aa_sock_msg_perm.constprop.0+0x100/0x1d0 [ 562.493824][T13165] ____sys_sendmsg+0xa98/0xc70 [ 562.493868][T13165] ? copy_msghdr_from_user+0x10a/0x160 [ 562.493901][T13165] ? __pfx_____sys_sendmsg+0x10/0x10 [ 562.493963][T13165] ? __pfx_futex_wake_mark+0x10/0x10 [ 562.494023][T13165] ___sys_sendmsg+0x134/0x1d0 [ 562.494060][T13165] ? __pfx____sys_sendmsg+0x10/0x10 [ 562.494089][T13165] ? __lock_acquire+0x622/0x1c90 [ 562.494187][T13165] __sys_sendmsg+0x16d/0x220 [ 562.494222][T13165] ? __pfx___sys_sendmsg+0x10/0x10 [ 562.494254][T13165] ? __x64_sys_futex+0x1e0/0x4c0 [ 562.494325][T13165] do_syscall_64+0xcd/0xfa0 [ 562.494370][T13165] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 562.494404][T13165] RIP: 0033:0x7eff7458f6c9 [ 562.494431][T13165] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 562.494464][T13165] RSP: 002b:00007eff75374038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 562.494496][T13165] RAX: ffffffffffffffda RBX: 00007eff747e5fa0 RCX: 00007eff7458f6c9 [ 562.494529][T13165] RDX: 0000000000008000 RSI: 0000200000000200 RDI: 0000000000000006 [ 562.494549][T13165] RBP: 00007eff74611f91 R08: 0000000000000000 R09: 0000000000000000 [ 562.494568][T13165] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 562.494586][T13165] R13: 00007eff747e6038 R14: 00007eff747e5fa0 R15: 00007ffd7d0d6cf8 [ 562.494630][T13165] [ 564.190184][T13005] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 564.363227][T11287] Bluetooth: hci6: command 0x041b tx timeout [ 564.895949][T13211] mkiss: ax0: crc mode is auto. [ 565.032667][T13005] veth0_vlan: entered promiscuous mode [ 565.068476][T13005] veth1_vlan: entered promiscuous mode [ 565.149567][T13005] veth0_macvtap: entered promiscuous mode [ 565.176195][T13005] veth1_macvtap: entered promiscuous mode [ 565.229060][T13005] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 565.263581][T13005] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 565.290436][T11274] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 565.319939][T11274] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 565.340907][T11274] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 565.353536][T11274] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 565.558756][T11277] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 565.574654][T11277] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 565.701114][T11276] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 565.701163][T11276] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 565.748425][T13223] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 566.041406][T13225] netlink: 25 bytes leftover after parsing attributes in process `syz.4.2165'. [ 566.432767][T11287] Bluetooth: hci6: command 0x041b tx timeout [ 566.601767][T13238] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2169'. [ 566.669016][T13238] netlink: 25 bytes leftover after parsing attributes in process `syz.4.2169'. [ 568.342381][T13257] dyndbg: expected <4096 bytes into control [ 568.350390][T13257] dyndbg: bad flag-op /, at start of /%*^[ [ 568.367329][T13257] dyndbg: flags parse failed [ 568.368720][T13261] input: f¬ as /devices/virtual/input/input18 [ 568.515067][T11287] Bluetooth: hci6: command 0x041b tx timeout [ 570.019766][T13273] program syz.4.2186 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 570.547695][T13278] netlink: 25 bytes leftover after parsing attributes in process `syz.7.2180'. [ 573.065604][ C1] vcan0: j1939_xtp_rx_dpo: no connection found [ 573.321221][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 573.327711][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 573.821954][ C1] vcan0: j1939_tp_rxtimer: 0xffff88808696e000: rx timeout, send abort [ 574.330275][ C1] vcan0: j1939_tp_rxtimer: 0xffff88808696e000: abort rx timeout. Force session deactivation [ 574.954287][T13311] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 575.869547][T13202] delete_channel: no stack [ 577.687595][T13337] netlink: 'syz.7.2196': attribute type 1 has an invalid length. [ 577.753666][T13339] FAULT_INJECTION: forcing a failure. [ 577.753666][T13339] name failslab, interval 1, probability 393216, space 0, times 0 [ 577.788984][T13339] CPU: 1 UID: 0 PID: 13339 Comm: syz.6.2197 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 577.789056][T13339] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 577.789074][T13339] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 577.789094][T13339] Call Trace: [ 577.789105][T13339] [ 577.789117][T13339] dump_stack_lvl+0x16c/0x1f0 [ 577.789163][T13339] should_fail_ex+0x512/0x640 [ 577.789213][T13339] ? __kmalloc_node_track_caller_noprof+0xcb/0x8a0 [ 577.789261][T13339] should_failslab+0xc2/0x120 [ 577.789306][T13339] __kmalloc_node_track_caller_noprof+0xde/0x8a0 [ 577.789348][T13339] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 577.789387][T13339] ? fib_notifier_ops_register+0x32/0x270 [ 577.789422][T13339] ? lockdep_hardirqs_on+0x7c/0x110 [ 577.789470][T13339] ? kmemdup_noprof+0x29/0x60 [ 577.789505][T13339] kmemdup_noprof+0x29/0x60 [ 577.789541][T13339] fib_notifier_ops_register+0x32/0x270 [ 577.789599][T13339] fib4_notifier_init+0x4f/0xd0 [ 577.789638][T13339] fib_net_init+0xbf/0x3f0 [ 577.789675][T13339] ? __pfx___register_sysctl_table+0x10/0x10 [ 577.789726][T13339] ? __pfx_fib_net_init+0x10/0x10 [ 577.789764][T13339] ? lockdep_init_map_type+0x5c/0x280 [ 577.789811][T13339] ? do_init_timer+0xc9/0x110 [ 577.789851][T13339] ? devinet_init_net+0x5c2/0x910 [ 577.789899][T13339] ? __pfx_fib_net_init+0x10/0x10 [ 577.789935][T13339] ops_init+0x1e2/0x5f0 [ 577.789973][T13339] setup_net+0x100/0x390 [ 577.790008][T13339] ? __pfx_setup_net+0x10/0x10 [ 577.790044][T13339] ? debug_mutex_init+0x37/0x70 [ 577.790083][T13339] copy_net_ns+0x2f8/0x690 [ 577.790125][T13339] create_new_namespaces+0x3ea/0xa90 [ 577.790173][T13339] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 577.790214][T13339] ksys_unshare+0x45b/0xa40 [ 577.790258][T13339] ? __pfx_ksys_unshare+0x10/0x10 [ 577.790302][T13339] ? xfd_validate_state+0x61/0x180 [ 577.790362][T13339] __x64_sys_unshare+0x31/0x40 [ 577.790404][T13339] do_syscall_64+0xcd/0xfa0 [ 577.790447][T13339] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 577.790480][T13339] RIP: 0033:0x7f35ed18f6c9 [ 577.790508][T13339] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 577.790542][T13339] RSP: 002b:00007f35edfe2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 577.790582][T13339] RAX: ffffffffffffffda RBX: 00007f35ed3e5fa0 RCX: 00007f35ed18f6c9 [ 577.790604][T13339] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 577.790625][T13339] RBP: 00007f35ed211f91 R08: 0000000000000000 R09: 0000000000000000 [ 577.790645][T13339] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 577.790665][T13339] R13: 00007f35ed3e6038 R14: 00007f35ed3e5fa0 R15: 00007ffc877b27a8 [ 577.790711][T13339] [ 578.631546][T13353] netlink: 25 bytes leftover after parsing attributes in process `syz.4.2200'. [ 579.212350][T13365] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 579.220260][T13368] FAULT_INJECTION: forcing a failure. [ 579.220260][T13368] name failslab, interval 1, probability 393216, space 0, times 0 [ 579.238912][T13365] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 579.248922][T13365] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 579.259314][T13368] CPU: 1 UID: 0 PID: 13368 Comm: syz.7.2206 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 579.259364][T13368] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 579.259377][T13368] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 579.259391][T13368] Call Trace: [ 579.259399][T13368] [ 579.259407][T13368] dump_stack_lvl+0x16c/0x1f0 [ 579.259440][T13368] should_fail_ex+0x512/0x640 [ 579.259477][T13368] ? __kmalloc_cache_noprof+0x5f/0x780 [ 579.259503][T13368] should_failslab+0xc2/0x120 [ 579.259559][T13368] __kmalloc_cache_noprof+0x72/0x780 [ 579.259587][T13368] ? open_substream+0xec/0x990 [ 579.259629][T13368] ? open_substream+0xec/0x990 [ 579.259671][T13368] open_substream+0xec/0x990 [ 579.259717][T13368] rawmidi_open_priv+0x543/0x6e0 [ 579.259759][T13368] snd_rawmidi_open+0x4cb/0xbf0 [ 579.259802][T13368] ? __pfx_snd_rawmidi_open+0x10/0x10 [ 579.259843][T13368] ? __pfx_default_wake_function+0x10/0x10 [ 579.259871][T13368] ? kobject_get_unless_zero+0x156/0x1e0 [ 579.259907][T13368] ? __pfx_snd_rawmidi_open+0x10/0x10 [ 579.259944][T13368] snd_open+0x22d/0x4c0 [ 579.259974][T13368] ? __pfx_snd_open+0x10/0x10 [ 579.260003][T13368] chrdev_open+0x234/0x6a0 [ 579.260031][T13368] ? __pfx_apparmor_file_open+0x10/0x10 [ 579.260068][T13368] ? __pfx_chrdev_open+0x10/0x10 [ 579.260099][T13368] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 579.260132][T13368] do_dentry_open+0x982/0x1530 [ 579.260160][T13368] ? __pfx_chrdev_open+0x10/0x10 [ 579.260195][T13368] vfs_open+0x82/0x3f0 [ 579.260238][T13368] path_openat+0x1de4/0x2cb0 [ 579.260275][T13368] ? __pfx_path_openat+0x10/0x10 [ 579.260303][T13368] ? __lock_acquire+0xb8a/0x1c90 [ 579.260339][T13368] do_filp_open+0x20b/0x470 [ 579.260367][T13368] ? __pfx_do_filp_open+0x10/0x10 [ 579.260414][T13368] ? alloc_fd+0x471/0x7d0 [ 579.260446][T13368] do_sys_openat2+0x11b/0x1d0 [ 579.260481][T13368] ? __pfx_do_sys_openat2+0x10/0x10 [ 579.260515][T13368] ? ktime_get+0x1a7/0x310 [ 579.260555][T13368] __x64_sys_openat+0x174/0x210 [ 579.260591][T13368] ? __pfx___x64_sys_openat+0x10/0x10 [ 579.260639][T13368] do_syscall_64+0xcd/0xfa0 [ 579.260677][T13368] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 579.260700][T13368] RIP: 0033:0x7f7d2978f6c9 [ 579.260719][T13368] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 579.260742][T13368] RSP: 002b:00007f7d2a563038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 579.260765][T13368] RAX: ffffffffffffffda RBX: 00007f7d299e5fa0 RCX: 00007f7d2978f6c9 [ 579.260780][T13368] RDX: 0000000000080002 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 579.260795][T13368] RBP: 00007f7d29811f91 R08: 0000000000000000 R09: 0000000000000000 [ 579.260809][T13368] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 579.260823][T13368] R13: 00007f7d299e6038 R14: 00007f7d299e5fa0 R15: 00007ffcd86a6088 [ 579.260854][T13368] [ 579.305184][T13365] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 579.606538][T13365] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 579.606781][T13365] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 579.607080][T13365] Bluetooth: hci6: Opcode 0x0c1a failed: -4 [ 579.844917][ C1] sd 0:0:1:0: [sda] tag#7462 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s [ 579.855437][ C1] sd 0:0:1:0: [sda] tag#7462 CDB: Write(6) 0a 00 00 00 0b 00 00 00 00 00 00 00 [ 579.933294][T13378] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(7) [ 579.964511][T13378] device-mapper: ioctl: Invalid ioctl structure: name , dev 8000010007 [ 580.965411][T13387] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2214'. [ 581.034017][T13395] netlink: 4 bytes leftover after parsing attributes in process `syz.7.2216'. [ 581.037252][T13387] mac80211_hwsim hwsim13 wlan1: entered promiscuous mode [ 581.065889][T13395] netlink: 13 bytes leftover after parsing attributes in process `syz.7.2216'. [ 581.232548][T11287] Bluetooth: hci2: command 0x0406 tx timeout [ 581.313152][T13076] Bluetooth: hci3: command 0x0406 tx timeout [ 581.320005][T13076] Bluetooth: hci1: command 0x0406 tx timeout [ 581.326650][T11287] Bluetooth: hci0: command 0x0c1a tx timeout [ 581.633914][T13075] Bluetooth: hci5: command 0x0c1a tx timeout [ 581.640031][T11440] Bluetooth: hci4: command 0x0c1a tx timeout [ 581.646432][T13076] Bluetooth: hci6: command 0x041b tx timeout [ 581.723774][T13412] FAULT_INJECTION: forcing a failure. [ 581.723774][T13412] name failslab, interval 1, probability 393216, space 0, times 0 [ 581.737325][T13412] CPU: 1 UID: 0 PID: 13412 Comm: syz.7.2222 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 581.737375][T13412] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 581.737388][T13412] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 581.737401][T13412] Call Trace: [ 581.737409][T13412] [ 581.737417][T13412] dump_stack_lvl+0x16c/0x1f0 [ 581.737449][T13412] should_fail_ex+0x512/0x640 [ 581.737484][T13412] ? kmem_cache_alloc_noprof+0x62/0x6e0 [ 581.737511][T13412] should_failslab+0xc2/0x120 [ 581.737544][T13412] kmem_cache_alloc_noprof+0x75/0x6e0 [ 581.737568][T13412] ? security_file_alloc+0x34/0x2b0 [ 581.737598][T13412] ? security_file_alloc+0x34/0x2b0 [ 581.737622][T13412] security_file_alloc+0x34/0x2b0 [ 581.737647][T13412] init_file+0x93/0x4c0 [ 581.737678][T13412] alloc_empty_file+0x73/0x1e0 [ 581.737719][T13412] alloc_file_pseudo+0x13a/0x230 [ 581.737754][T13412] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 581.737789][T13412] ? security_inode_init_security_anon+0x79/0x240 [ 581.737833][T13412] __anon_inode_getfile+0xe8/0x280 [ 581.737861][T13412] ? _copy_to_user+0x48/0xd0 [ 581.737899][T13412] io_uring_setup+0x153f/0x20e0 [ 581.737930][T13412] ? __pfx_io_uring_setup+0x10/0x10 [ 581.737978][T13412] ? xfd_validate_state+0x61/0x180 [ 581.738010][T13412] ? __pfx_do_writev+0x10/0x10 [ 581.738038][T13412] __x64_sys_io_uring_setup+0xc2/0x170 [ 581.738067][T13412] do_syscall_64+0xcd/0xfa0 [ 581.738097][T13412] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 581.738120][T13412] RIP: 0033:0x7f7d2978f6c9 [ 581.738137][T13412] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 581.738165][T13412] RSP: 002b:00007f7d2a563038 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 581.738187][T13412] RAX: ffffffffffffffda RBX: 00007f7d299e5fa0 RCX: 00007f7d2978f6c9 [ 581.738202][T13412] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000a [ 581.738224][T13412] RBP: 00007f7d29811f91 R08: 0000000000000000 R09: 0000000000000000 [ 581.738238][T13412] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 581.738251][T13412] R13: 00007f7d299e6038 R14: 00007f7d299e5fa0 R15: 00007ffcd86a6088 [ 581.738281][T13412] [ 582.498210][T13421] mkiss: ax0: crc mode is auto. [ 584.443118][T11287] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 584.454328][T11287] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 584.465819][T11287] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 584.475263][T11287] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 584.485021][T11287] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 585.049136][T13456] netlink: 25 bytes leftover after parsing attributes in process `syz.4.2234'. [ 585.124896][T13444] chnl_net:caif_netlink_parms(): no params data found [ 585.235999][T11287] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 585.482153][T13444] bridge0: port 1(bridge_slave_0) entered blocking state [ 585.503172][T13444] bridge0: port 1(bridge_slave_0) entered disabled state [ 585.532241][T13444] bridge_slave_0: entered allmulticast mode [ 585.540537][T13444] bridge_slave_0: entered promiscuous mode [ 585.561397][T13444] bridge0: port 2(bridge_slave_1) entered blocking state [ 585.568743][T13444] bridge0: port 2(bridge_slave_1) entered disabled state [ 585.576756][T13444] bridge_slave_1: entered allmulticast mode [ 585.585376][T13444] bridge_slave_1: entered promiscuous mode [ 585.770630][T13444] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 585.798461][T13444] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 585.896706][T13444] team0: Port device team_slave_0 added [ 585.916352][T13444] team0: Port device team_slave_1 added [ 586.048207][T13444] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 586.071090][T13444] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 586.118663][T13444] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 586.163556][T13444] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 586.243610][T13444] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 586.311994][T13444] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 586.478068][T13444] hsr_slave_0: entered promiscuous mode [ 586.495094][T13444] hsr_slave_1: entered promiscuous mode [ 586.508708][T13444] debugfs: 'hsr0' already exists in 'hsr' [ 586.521958][T13444] Cannot create hsr debugfs directory [ 586.522682][T11287] Bluetooth: hci7: command tx timeout [ 587.238122][T11287] Bluetooth: hci0: unexpected event 0x20 length: 123 > 7 [ 587.325121][T11287] Bluetooth: hci0: command 0x0c1a tx timeout [ 587.614247][T13444] netdevsim netdevsim8 netdevsim0: renamed from eth0 [ 587.709561][T13444] netdevsim netdevsim8 netdevsim1: renamed from eth1 [ 587.797710][T13444] netdevsim netdevsim8 netdevsim2: renamed from eth2 [ 587.859056][T13444] netdevsim netdevsim8 netdevsim3: renamed from eth3 [ 588.250228][T13444] 8021q: adding VLAN 0 to HW filter on device bond0 [ 588.413650][T13444] 8021q: adding VLAN 0 to HW filter on device team0 [ 588.475940][T11276] bridge0: port 1(bridge_slave_0) entered blocking state [ 588.483196][T11276] bridge0: port 1(bridge_slave_0) entered forwarding state [ 588.539867][T11276] bridge0: port 2(bridge_slave_1) entered blocking state [ 588.547093][T11276] bridge0: port 2(bridge_slave_1) entered forwarding state [ 588.594019][T11287] Bluetooth: hci7: command tx timeout [ 589.607773][T13516] FAULT_INJECTION: forcing a failure. [ 589.607773][T13516] name failslab, interval 1, probability 393216, space 0, times 0 [ 589.661326][T13516] CPU: 1 UID: 0 PID: 13516 Comm: syz.6.2248 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 589.661399][T13516] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 589.661419][T13516] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 589.661438][T13516] Call Trace: [ 589.661449][T13516] [ 589.661461][T13516] dump_stack_lvl+0x16c/0x1f0 [ 589.661507][T13516] should_fail_ex+0x512/0x640 [ 589.661557][T13516] ? kmem_cache_alloc_lru_noprof+0x66/0x6e0 [ 589.661598][T13516] should_failslab+0xc2/0x120 [ 589.661644][T13516] kmem_cache_alloc_lru_noprof+0x79/0x6e0 [ 589.661679][T13516] ? do_futex+0x122/0x350 [ 589.661721][T13516] ? alloc_inode+0xc3/0x240 [ 589.661784][T13516] ? alloc_inode+0xc3/0x240 [ 589.661827][T13516] alloc_inode+0xc3/0x240 [ 589.661876][T13516] create_pipe_files+0x4c/0x9a0 [ 589.661921][T13516] do_pipe2+0xaf/0x1c0 [ 589.661958][T13516] ? __pfx_do_pipe2+0x10/0x10 [ 589.662015][T13516] ? xfd_validate_state+0x61/0x180 [ 589.662061][T13516] ? __pfx___x64_sys_chdir+0x10/0x10 [ 589.662110][T13516] __x64_sys_pipe+0x33/0x50 [ 589.662144][T13516] do_syscall_64+0xcd/0xfa0 [ 589.662181][T13516] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 589.662208][T13516] RIP: 0033:0x7f35ed18f6c9 [ 589.662230][T13516] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 589.662258][T13516] RSP: 002b:00007f35edfe2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000016 [ 589.662284][T13516] RAX: ffffffffffffffda RBX: 00007f35ed3e5fa0 RCX: 00007f35ed18f6c9 [ 589.662302][T13516] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 589.662318][T13516] RBP: 00007f35ed211f91 R08: 0000000000000000 R09: 0000000000000000 [ 589.662335][T13516] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 589.662351][T13516] R13: 00007f35ed3e6038 R14: 00007f35ed3e5fa0 R15: 00007ffc877b27a8 [ 589.662387][T13516] [ 589.989870][T13444] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 589.997636][ T31] INFO: task kworker/u8:5:200 blocked for more than 143 seconds. [ 590.005462][ T31] Tainted: G U W L XTNJ syzkaller #0 [ 590.012014][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 590.020718][ T31] task:kworker/u8:5 state:D stack:23544 pid:200 tgid:200 ppid:2 task_flags:0x4208060 flags:0x00080000 [ 590.033111][ T31] Workqueue: netns cleanup_net SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 590.037928][ T31] Call Trace: [ 590.041336][ T31] [ 590.044548][ T31] __schedule+0x1190/0x5de0 [ 590.049106][ T31] ? __lock_acquire+0x622/0x1c90 [ 590.054123][ T31] ? __pfx___schedule+0x10/0x10 [ 590.059618][ T31] ? find_held_lock+0x2b/0x80 [ 590.081975][ T31] ? schedule+0x2d7/0x3a0 [ 590.086446][ T31] schedule+0xe7/0x3a0 [ 590.119557][ T31] schedule_timeout+0x257/0x290 [ 590.141917][ T31] ? __pfx_schedule_timeout+0x10/0x10 [ 590.189899][ T31] ? mark_held_locks+0x49/0x80 [ 590.207986][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 590.247653][ T31] __wait_for_common+0x2fc/0x4e0 [ 590.266192][ T31] ? __pfx_schedule_timeout+0x10/0x10 [ 590.271671][ T31] ? __pfx___wait_for_common+0x10/0x10 [ 590.300732][T13520] FAULT_INJECTION: forcing a failure. [ 590.300732][T13520] name failslab, interval 1, probability 393216, space 0, times 0 [ 590.311913][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 590.341915][ T31] ? flush_workqueue_prep_pwqs+0x2e9/0x510 [ 590.347824][ T31] __flush_workqueue+0x3e2/0x1230 [ 590.391937][ T31] ? __pfx___flush_workqueue+0x10/0x10 [ 590.393857][T13520] CPU: 0 UID: 0 PID: 13520 Comm: syz.6.2248 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 590.393948][T13520] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 590.393969][T13520] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 590.393990][T13520] Call Trace: [ 590.394003][T13520] [ 590.394016][T13520] dump_stack_lvl+0x16c/0x1f0 [ 590.394066][T13520] should_fail_ex+0x512/0x640 [ 590.394122][T13520] ? __kmalloc_noprof+0xca/0x880 [ 590.394187][T13520] should_failslab+0xc2/0x120 [ 590.394239][T13520] __kmalloc_noprof+0xdd/0x880 [ 590.394298][T13520] ? group_cpus_evenly+0xeb/0x650 [ 590.394352][T13520] ? group_cpus_evenly+0xeb/0x650 [ 590.394395][T13520] group_cpus_evenly+0xeb/0x650 [ 590.394458][T13520] ? __pfx_group_cpus_evenly+0x10/0x10 [ 590.394519][T13520] blk_mq_map_queues+0xa5/0x4d0 [ 590.394556][T13520] ? __pfx_blk_mq_map_queues+0x10/0x10 [ 590.394596][T13520] ? rcu_is_watching+0x12/0xc0 [ 590.394641][T13520] blk_mq_update_queue_map+0x34a/0x3e0 [ 590.394700][T13520] blk_mq_alloc_tag_set+0x662/0x12e0 [ 590.394746][T13520] ? idr_alloc_u32+0x263/0x2f0 [ 590.394804][T13520] loop_add+0x3b2/0xb70 [ 590.394847][T13520] ? __pfx_loop_add+0x10/0x10 [ 590.394919][T13520] ? find_held_lock+0x2b/0x80 [ 590.394965][T13520] loop_control_ioctl+0x13e/0x630 [ 590.395006][T13520] ? __pfx_loop_control_ioctl+0x10/0x10 [ 590.395051][T13520] ? __pfx_loop_control_ioctl+0x10/0x10 [ 590.395092][T13520] __x64_sys_ioctl+0x18e/0x210 [ 590.395149][T13520] do_syscall_64+0xcd/0xfa0 [ 590.395197][T13520] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 590.395233][T13520] RIP: 0033:0x7f35ed18f6c9 [ 590.395260][T13520] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 590.395296][T13520] RSP: 002b:00007f35edfc1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 590.395328][T13520] RAX: ffffffffffffffda RBX: 00007f35ed3e6090 RCX: 00007f35ed18f6c9 [ 590.395352][T13520] RDX: fffffffffffffffd RSI: 0000000000004c80 RDI: 0000000000000005 [ 590.395376][T13520] RBP: 00007f35ed211f91 R08: 0000000000000000 R09: 0000000000000000 [ 590.395397][T13520] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 590.395418][T13520] R13: 00007f35ed3e6128 R14: 00007f35ed3e6090 R15: 00007ffc877b27a8 [ 590.395465][T13520] [ 590.672164][T11287] Bluetooth: hci7: command tx timeout [ 591.101912][ T31] ? reacquire_held_locks+0xcd/0x1f0 [ 591.107418][ T31] ? __pfx_sock_def_readable+0x10/0x10 [ 591.116430][ T31] ? __pfx_sock_def_readable+0x10/0x10 [ 591.122062][ T31] rds_tcp_listen_stop+0x104/0x150 [ 591.127224][ T31] ? __pfx_rds_tcp_exit_net+0x10/0x10 [ 591.132772][ T31] rds_tcp_exit_net+0xcb/0x810 [ 591.137849][ T31] ? __pfx_rds_tcp_exit_net+0x10/0x10 [ 591.152313][ T31] ? __pfx___might_resched+0x10/0x10 [ 591.157852][ T31] ? __pfx_rds_tcp_exit_net+0x10/0x10 [ 591.171930][ T31] ops_undo_list+0x2ee/0xab0 [ 591.176610][ T31] ? __pfx_ops_undo_list+0x10/0x10 [ 591.181772][ T31] ? cleanup_net+0x347/0x8b0 [ 591.187793][ T31] ? idr_destroy+0x62/0x2e0 [ 591.201944][ T31] cleanup_net+0x41b/0x8b0 [ 591.206450][ T31] ? __pfx_cleanup_net+0x10/0x10 [ 591.211449][ T31] ? rcu_is_watching+0x12/0xc0 [ 591.216892][ T31] process_one_work+0x9cf/0x1b70 [ 591.231927][ T31] ? __pfx_cleanup_net+0x10/0x10 [ 591.237458][ T31] ? __pfx_process_one_work+0x10/0x10 [ 591.243314][ T31] ? assign_work+0x1a0/0x250 [ 591.247983][ T31] worker_thread+0x6c8/0xf10 [ 591.261940][ T31] ? __pfx_worker_thread+0x10/0x10 [ 591.267114][ T31] kthread+0x3c5/0x780 [ 591.271241][ T31] ? __pfx_kthread+0x10/0x10 [ 591.291913][ T31] ? rcu_is_watching+0x12/0xc0 [ 591.296761][ T31] ? __pfx_kthread+0x10/0x10 [ 591.301421][ T31] ret_from_fork+0x675/0x7d0 [ 591.321921][ T31] ? __pfx_kthread+0x10/0x10 [ 591.326623][ T31] ret_from_fork_asm+0x1a/0x30 [ 591.331467][ T31] [ 591.352037][ T31] INFO: task syz.2.1608:11264 blocked for more than 144 seconds. [ 591.359827][ T31] Tainted: G U W L XTNJ syzkaller #0 [ 591.392048][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 591.400784][ T31] task:syz.2.1608 state:D stack:24968 pid:11264 tgid:11263 ppid:5832 task_flags:0x400140 flags:0x00080003 [ 591.450201][ T31] Call Trace: [ 591.457755][ T31] [ 591.460783][ T31] __schedule+0x1190/0x5de0 [ 591.483699][ T31] ? __lock_acquire+0x622/0x1c90 [ 591.488746][ T31] ? __pfx___schedule+0x10/0x10 [ 591.501996][ T31] ? find_held_lock+0x2b/0x80 [ 591.506752][ T31] ? schedule+0x2d7/0x3a0 [ 591.511150][ T31] schedule+0xe7/0x3a0 [ 591.537977][ T31] schedule_timeout+0x257/0x290 [ 591.556928][ T31] ? __pfx_schedule_timeout+0x10/0x10 [ 591.569233][ T31] ? mark_held_locks+0x49/0x80 [ 591.581977][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 591.587254][ T31] __wait_for_common+0x2fc/0x4e0 [ 591.612129][ T31] ? __pfx_schedule_timeout+0x10/0x10 [ 591.617612][ T31] ? __pfx___wait_for_common+0x10/0x10 [ 591.647587][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 591.657633][ T31] ? flush_workqueue_prep_pwqs+0x2e9/0x510 [ 591.672072][ T31] __flush_workqueue+0x3e2/0x1230 [ 591.677222][ T31] ? __pfx___flush_workqueue+0x10/0x10 [ 591.691936][ T31] ? reacquire_held_locks+0xcd/0x1f0 [ 591.711973][ T31] ? release_sock+0x21/0x220 [ 591.716767][ T31] ? __pfx_sock_def_readable+0x10/0x10 [ 591.732374][ T31] ? __local_bh_enable_ip+0xa4/0x120 [ 591.737736][ T31] ? __pfx_sock_def_readable+0x10/0x10 [ 591.757417][ T31] rds_tcp_listen_stop+0x104/0x150 [ 591.771975][ T31] ? __pfx_rds_tcp_exit_net+0x10/0x10 [ 591.777424][ T31] rds_tcp_exit_net+0xcb/0x810 [ 591.795378][ T31] ? __pfx_rds_tcp_exit_net+0x10/0x10 [ 591.813646][ T31] ? __pfx___might_resched+0x10/0x10 [ 591.819105][ T31] ? __pfx_rds_tcp_exit_net+0x10/0x10 [ 591.842275][ T31] ops_undo_list+0x2ee/0xab0 [ 591.846969][ T31] ? __pfx_ops_undo_list+0x10/0x10 [ 591.867722][ T31] ? ops_init+0x2f0/0x5f0 [ 591.877072][ T31] ? ops_init+0x2fa/0x5f0 [ 591.881510][ T31] setup_net+0x1e2/0x390 [ 591.899805][ T31] ? __pfx_setup_net+0x10/0x10 [ 591.910955][ T31] ? debug_mutex_init+0x37/0x70 [ 591.923614][ T31] copy_net_ns+0x2f8/0x690 [ 591.941943][ T31] create_new_namespaces+0x3ea/0xa90 [ 591.947399][ T31] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 591.961935][ T31] ksys_unshare+0x45b/0xa40 [ 591.977701][ T31] ? __pfx_ksys_unshare+0x10/0x10 [ 591.992014][ T31] __x64_sys_unshare+0x31/0x40 [ 591.996878][ T31] do_syscall_64+0xcd/0xfa0 [ 592.001435][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 592.021979][ T31] RIP: 0033:0x7f110cd8f6c9 [ 592.026465][ T31] RSP: 002b:00007f110aff6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 592.042884][ T31] RAX: ffffffffffffffda RBX: 00007f110cfe5fa0 RCX: 00007f110cd8f6c9 [ 592.050919][ T31] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 592.059047][ T31] RBP: 00007f110ce11f91 R08: 0000000000000000 R09: 0000000000000000 [ 592.067392][ T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 592.075526][ T31] R13: 00007f110cfe6038 R14: 00007f110cfe5fa0 R15: 00007fff7c685a88 [ 592.083632][ T31] [ 592.142086][ T31] [ 592.142086][ T31] Showing all locks held in the system: [ 592.149957][ T31] 1 lock held by khungtaskd/31: [ 592.185094][ T31] #0: ffffffff8e3c45a0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x36/0x1c0 [ 592.241982][ T31] 3 locks held by kworker/u8:5/200: [ 592.247245][ T31] #0: ffff88801ba9f148 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70 [ 592.258266][ T31] #1: ffffc90003017d00 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70 [ 592.268642][ T31] #2: ffffffff900d4690 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xad/0x8b0 [ 592.279175][ T31] 2 locks held by kworker/1:4/5917: [ 592.284798][ T31] #0: ffff88813ff15948 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70 [ 592.295679][ T31] #1: ffffc900044efd00 (free_ipc_work){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70 [ 592.305775][ T31] 2 locks held by getty/10851: [ 592.310574][ T31] #0: ffff88814e2a20a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80 [ 592.321649][ T31] #1: ffffc9000bc3b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x41b/0x14f0 [ 592.352196][ T31] 1 lock held by syz.2.1608/11264: [ 592.357381][ T31] #0: ffffffff900d4690 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x2d6/0x690 [ 592.381963][ T31] 3 locks held by kworker/u10:5/11371: [ 592.387499][ T31] #0: ffff88814d399948 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70 [ 592.411956][ T31] #1: ffffc90004a67d00 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70 [ 592.451987][ T31] #2: ffffffff900eaac8 (rtnl_mutex){+.+.}-{4:4}, at: addrconf_dad_work+0x120/0x14e0 [ 592.461627][ T31] 1 lock held by syz.0.1870/12162: [ 592.494276][ T31] #0: ffffffff900d4690 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x2d6/0x690 [ 592.503987][ T31] 2 locks held by syz-executor/12276: [ 592.509401][ T31] #0: ffffffff900eaac8 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x38/0x230 [ 592.528661][ T31] #1: ffffffff8e3cfb38 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x1a3/0x3c0 [ 592.546358][ T31] 1 lock held by syz.5.2056/12801: [ 592.551522][ T31] #0: ffffffff900d4690 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x2d6/0x690 [ 592.561161][ T31] 3 locks held by syz.4.2089/12900: [ 592.566636][ T31] #0: ffff88801f354dc8 (&hdev->req_lock){+.+.}-{4:4}, at: hci_dev_do_close+0x26/0x90 [ 592.580575][ T31] #1: ffff88801f3540b8 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x3ae/0x11d0 [ 592.590439][ T31] #2: ffffffff9035e948 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_hash_flush+0xbb/0x260 [ 592.605670][ T31] 1 lock held by syz.3.2176/13261: [ 592.610912][ T31] #0: ffffffff900d4690 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x2d6/0x690 [ 592.621161][ T31] 4 locks held by syz-executor/13444: [ 592.626729][ T31] #0: ffff88808b334dc8 (&hdev->req_lock){+.+.}-{4:4}, at: hci_dev_do_close+0x26/0x90 [ 592.636922][ T31] #1: ffff88808b3340b8 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x3ae/0x11d0 [ 592.648075][ T31] #2: ffffffff9035e948 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_hash_flush+0xbb/0x260 [ 592.658458][ T31] #3: ffff8880294f6b38 (&conn->lock#2){+.+.}-{4:4}, at: l2cap_conn_del+0x80/0x730 [ 592.667987][ T31] 1 lock held by syz.7.2236/13477: [ 592.673194][ T31] #0: ffffffff900eaac8 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x38/0x230 [ 592.682339][ T31] 1 lock held by syz.6.2241/13484: [ 592.687479][ T31] #0: ffffffff8e3cfb38 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x1a3/0x3c0 [ 592.698268][ T31] [ 592.700635][ T31] ============================================= [ 592.700635][ T31] [ 592.726626][ T31] NMI backtrace for cpu 1 [ 592.726656][ T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 592.726714][ T31] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 592.726730][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 592.726746][ T31] Call Trace: [ 592.726756][ T31] [ 592.726767][ T31] dump_stack_lvl+0x116/0x1f0 [ 592.726809][ T31] nmi_cpu_backtrace+0x27b/0x390 [ 592.726855][ T31] ? _raw_spin_unlock_irqrestore+0x61/0x80 [ 592.726892][ T31] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 592.726941][ T31] nmi_trigger_cpumask_backtrace+0x29c/0x300 [ 592.726992][ T31] watchdog+0xf3f/0x1170 [ 592.727030][ T31] ? rcu_is_watching+0x12/0xc0 [ 592.727082][ T31] ? __pfx_watchdog+0x10/0x10 [ 592.727112][ T31] ? lockdep_hardirqs_on+0x7c/0x110 [ 592.727156][ T31] ? __kthread_parkme+0x19e/0x250 [ 592.727200][ T31] ? __pfx_watchdog+0x10/0x10 [ 592.727232][ T31] kthread+0x3c5/0x780 [ 592.727291][ T31] ? __pfx_kthread+0x10/0x10 [ 592.727338][ T31] ? rcu_is_watching+0x12/0xc0 [ 592.727372][ T31] ? __pfx_kthread+0x10/0x10 [ 592.727418][ T31] ret_from_fork+0x675/0x7d0 [ 592.727463][ T31] ? __pfx_kthread+0x10/0x10 [ 592.727518][ T31] ret_from_fork_asm+0x1a/0x30 [ 592.727580][ T31] [ 592.727592][ T31] Sending NMI from CPU 1 to CPUs 0: [ 592.752136][T11287] Bluetooth: hci7: command tx timeout [ 592.754050][ C0] NMI backtrace for cpu 0 [ 592.754072][ C0] CPU: 0 UID: 0 PID: 11287 Comm: kworker/u11:1 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 592.754125][ C0] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 592.754141][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 592.754158][ C0] Workqueue: hci7 hci_cmd_timeout [ 592.754189][ C0] RIP: 0010:io_serial_in+0x87/0xb0 [ 592.754217][ C0] Code: c9 95 fc 48 8d 7d 40 44 89 e1 48 b8 00 00 00 00 00 fc ff df 48 89 fa d3 e3 48 c1 ea 03 80 3c 02 00 75 1a 66 03 5d 40 89 da ec <5b> 0f b6 c0 5d 41 5c e9 3d d8 39 06 e8 38 72 fd fc eb a2 e8 c1 72 [ 592.754249][ C0] RSP: 0018:ffffc9000b817648 EFLAGS: 00000002 [ 592.754270][ C0] RAX: dffffc0000000000 RBX: 00000000000003fd RCX: 0000000000000000 [ 592.754287][ C0] RDX: 00000000000003fd RSI: ffffffff85268f30 RDI: ffffffff9adc5de0 [ 592.754305][ C0] RBP: ffffffff9adc5da0 R08: 0000000000000001 R09: 000000000000001f [ 592.754322][ C0] R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000000 [ 592.754338][ C0] R13: 0000000000000020 R14: fffffbfff35b8c0e R15: dffffc0000000000 [ 592.754356][ C0] FS: 0000000000000000(0000) GS:ffff888124a0d000(0000) knlGS:0000000000000000 [ 592.754380][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 592.754397][ C0] CR2: 00007fd631109e9c CR3: 000000007f932000 CR4: 00000000003526f0 [ 592.754415][ C0] Call Trace: [ 592.754423][ C0] [ 592.754435][ C0] wait_for_lsr+0x13a/0x210 [ 592.754481][ C0] ? __pfx_io_serial_out+0x10/0x10 [ 592.754506][ C0] serial8250_console_write+0xf81/0x1890 [ 592.754548][ C0] ? __pfx_serial8250_console_write+0x10/0x10 [ 592.754585][ C0] ? lock_acquire+0x179/0x350 [ 592.754628][ C0] console_flush_all+0x801/0xc60 [ 592.754658][ C0] ? __pfx_console_flush_all+0x10/0x10 [ 592.754684][ C0] ? __lock_acquire+0x622/0x1c90 [ 592.754721][ C0] ? is_printk_cpu_sync_owner+0x32/0x40 [ 592.754753][ C0] console_unlock+0xd8/0x210 [ 592.754777][ C0] ? __pfx_console_unlock+0x10/0x10 [ 592.754808][ C0] vprintk_emit+0x3d7/0x680 [ 592.754835][ C0] ? __pfx_vprintk_emit+0x10/0x10 [ 592.754862][ C0] ? __lock_acquire+0xb8a/0x1c90 [ 592.754898][ C0] _printk+0xc7/0x100 [ 592.754932][ C0] ? __pfx__printk+0x10/0x10 [ 592.754967][ C0] ? register_lock_class+0x41/0x4c0 [ 592.755001][ C0] ? do_raw_spin_lock+0x12c/0x2b0 [ 592.755046][ C0] bt_err+0xe4/0x120 [ 592.755068][ C0] ? __pfx_bt_err+0x10/0x10 [ 592.755097][ C0] ? process_one_work+0x13d6/0x1b70 [ 592.755138][ C0] hci_cmd_timeout+0x1ff/0x260 [ 592.755165][ C0] process_one_work+0x9cf/0x1b70 [ 592.755210][ C0] ? __pfx_process_one_work+0x10/0x10 [ 592.755262][ C0] ? assign_work+0x1a0/0x250 [ 592.755299][ C0] worker_thread+0x6c8/0xf10 [ 592.755329][ C0] ? __pfx_worker_thread+0x10/0x10 [ 592.755351][ C0] kthread+0x3c5/0x780 [ 592.755387][ C0] ? __pfx_kthread+0x10/0x10 [ 592.755425][ C0] ? rcu_is_watching+0x12/0xc0 [ 592.755463][ C0] ? __pfx_kthread+0x10/0x10 [ 592.755498][ C0] ret_from_fork+0x675/0x7d0 [ 592.755533][ C0] ? __pfx_kthread+0x10/0x10 [ 592.755566][ C0] ret_from_fork_asm+0x1a/0x30 [ 592.755608][ C0]