last executing test programs: 15m41.179050179s ago: executing program 0 (id=1842): mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x0, 0x5, 0x0) bpf$auto(0x21, &(0x7f0000000080)=@query={@target_fd, 0x201000, 0xafef, 0x4, 0x1008, @count=0x7, 0x0, 0x1, 0x290, 0x7, 0xb}, 0xc4a) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/irq/12/hwirq\x00', 0x2000, 0x0) read$auto(r0, 0x0, 0x20) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r1, &(0x7f0000000080)={0x0, 0x66}, 0x3) openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000002c00)='/dev/cec4\x00', 0x101901, 0x0) 15m40.697880506s ago: executing program 0 (id=1853): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/event0\x00', 0x2000, 0x0) ioctl$auto_EVIOCGMASK(r0, 0x80104592, &(0x7f0000000000)={0x2000, 0x800004, 0x105}) ioctl$auto(0x3, 0x80004509, 0x10000000000402) ioctl$auto(0x3, 0x800005411, 0x38) setsockopt$auto(0x400000000000003, 0x29, 0xc8, 0x0, 0x567) 15m39.858940497s ago: executing program 0 (id=1851): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r0 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/oom_adj\x00', 0x0, 0x0) read$auto(r0, 0x0, 0x4) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, 0x0, 0x111442, 0x0) process_madvise$auto_MADV_DOFORK(0xffffffffffffffff, 0x0, 0x0, 0xb, 0x9) unshare$auto(0x6c000000) 15m39.172203536s ago: executing program 0 (id=1855): close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2, 0x3, 0x6) lsm_list_modules$auto(0x0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x401c5820, 0x0) mkdir$auto(0x0, 0x353) 15m38.461416416s ago: executing program 0 (id=1859): r0 = openat$auto_proc_mountinfo_operations_mnt_namespace(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/mountinfo\x00', 0x40002, 0x0) sendfile$auto(r0, r0, 0x0, 0x788b) unshare$auto(0x40000080) mmap$auto(0x0, 0x20009, 0x2000000df, 0xeb1, 0x401, 0x8000) r1 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dsp1\x00', 0x20b42, 0x0) write$auto(r1, 0x0, 0x800000006) ioctl$auto_SNDCTL_DSP_SETFMT(r1, 0xc0045005, &(0x7f0000000180)="dd06d1574c0a1719baadf81f683297e8af14b4dad2728892c747c5e01a1b7165a54b36471475e5b56eef9a6bd918ceb4aef4e8bcdd0f2bd3802806ade24a889ac8e25bd1") write$auto(0xffffffffffffffff, 0x0, 0x100000a3d9) 15m37.744643763s ago: executing program 0 (id=1864): mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) io_uring_setup$auto(0x6, 0x0) close_range$auto(0x2, 0xffffffffffffffff, 0x0) open(0x0, 0x22241, 0xd1) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x143e00, 0x0) io_uring_setup$auto(0x12, 0x0) ioctl$auto(0x3, 0x80106f53, r0) 15m37.388441354s ago: executing program 32 (id=1864): mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) io_uring_setup$auto(0x6, 0x0) close_range$auto(0x2, 0xffffffffffffffff, 0x0) open(0x0, 0x22241, 0xd1) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x143e00, 0x0) io_uring_setup$auto(0x12, 0x0) ioctl$auto(0x3, 0x80106f53, r0) 12.642813923s ago: executing program 4 (id=5778): openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x1cb842, 0x0) socket(0xa, 0x1, 0x84) openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, 0x0, 0x0, 0x0) socket(0x10, 0x2, 0x0) io_uring_setup$auto(0x6, 0x0) select$auto(0xd, 0x0, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0001, 0x15) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) pipe$auto(0x0) 11.210193465s ago: executing program 1 (id=5774): socket(0x2, 0x3, 0xa) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) socket(0x2b, 0x1, 0x1) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000240)='/sys/devices/platform/dummy_hcd.3/usb4/4-0:1.0/bNumEndpoints\x00', 0x0, 0x0) read$auto(r0, 0x0, 0x20) munmap$auto(0x1, 0x9) mmap$auto(0x0, 0xe983, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) r1 = openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f000000c340)='/proc/thread-self/pagemap\x00', 0x8000, 0x0) ioctl$auto_PAGEMAP_SCAN(r1, 0xc0606610, &(0x7f000000c380)={0x60, 0x0, 0x100000, 0x7fffffffefff, 0xfffffffffffffffe, 0x1, 0x6, 0x50b301a, 0x2c, 0x2c, 0x0, 0x2}) prctl$auto(0x16, 0x2, 0x2, 0x4000000d, 0x100) 9.81038335s ago: executing program 1 (id=5779): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) close_range$auto(0x2, 0x8, 0x0) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x17) close_range$auto(0xffffffffffffffff, 0x8, 0x0) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) syz_genetlink_get_family_id$auto_nbd(0x0, 0xffffffffffffffff) madvise$auto(0x0, 0x2003f2, 0x15) madvise$auto(0x0, 0x200007, 0x19) msgrcv$auto(0x0, 0x0, 0x4, 0x9, 0x3) msgctl$auto(0x0, 0x1, 0x0) 7.321874221s ago: executing program 3 (id=5783): mmap$auto(0x0, 0x40000c, 0x45bd, 0x9b72, 0x2, 0x8000) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) sendmsg$auto_BATADV_CMD_TP_METER(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[], 0x24}, 0x1, 0x0, 0x0, 0xc045}, 0x4) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0x2, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x66) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) uname$auto(0x0) setsockopt$auto(0x3, 0x10000000084, 0x1f, 0x0, 0x3ff) 7.320776049s ago: executing program 4 (id=5791): openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0xe, 0x9, 0x5, 0x14, 0x944, 0x1ffe4, 0x3, 0x6, 0x4, 0x9, 0x400005, 0x4000fff, 0x8000007, 0x8001, 0xd, 0x5, 0x3, 0x4, 0x7, 0x20, 0x309, 0x8, 0x2, 0x7fffffff, 0x3, 0x0, 0x0, 0x78, 0x0, 0x0, [0x0, 0x0, 0x0, 0x200, 0x9, 0x0, 0x0, 0x4, 0xffffffffffffffff, 0x2, 0x0, 0x4000000000000, 0x2000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x82, 0x800000000002, 0x9, 0xfffffffffffffffe, 0xbec, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x40000, 0x2, 0x0, 0x10, 0xfffffffffffffffe, 0xffffffffffffd059, 0x0, 0x0, 0x0, 0x2961, 0x0, 0x2]}, 0x2001fb, 0x7f) mq_open$auto(0x0, 0x7e, 0x9, 0x0) sendmsg$auto_NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xc000}, 0x2404c800) kexec_load$auto(0x5, 0x2, &(0x7f0000000040)={@kbuf=0x0, 0x800c000, 0x4800c000, 0x80000000}, 0x4) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, 0x0, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x40000) preadv$auto(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000400)="3c765522a1be72ee4cffa17f9f23ae21357703982367f4b88b107411c49a5175fec4b86c6ba079ac32cd4e1b98cf114a0905f7a66dbcd6e2fa54c072abafd2e157edd64199fdf0ad2188311708fdd2d3a41b1299ad1db55fb031f352336e573aca7f6ef9b752267f7d27fed0d1f0e0df89e94864a74f7b58d980f8cba24cd8ff14285f318cc82e5d83c3b07664c280e1d8b940da", 0x82}, 0x2, 0xffffffffffff8000, 0xfffffffffffffffa) r0 = socket(0x1d, 0x3, 0x1) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000003c0)={'veth0_to_bridge\x00'}) r1 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r1, &(0x7f0000000200)={{0x0, 0x1f00, 0x0, 0x2, 0x0, 0x8, 0xa505}, 0x4}, 0x6, 0x4008) 7.320335597s ago: executing program 1 (id=5784): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0x6, 0x0) r0 = open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154) fcntl$auto(r0, 0x400, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) socket(0xa, 0x801, 0x84) socket(0x2, 0x1, 0x0) socket(0x1, 0x2, 0x0) open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x0) fcntl$auto(0x3, 0x400, 0x9ec0000000000000) open(&(0x7f00000000c0)='./file0\x00', 0x80001, 0x154) close_range$auto(0x0, 0x5, 0x0) acct$auto(&(0x7f0000000200)='/dev/virtual_nci\x00') 5.992292973s ago: executing program 4 (id=5795): openat$auto_tracing_free_buffer_fops_trace(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/tracing/free_buffer\x00', 0x101000, 0x0) mmap$auto(0x0, 0xe983, 0x6, 0xeb1, 0xffffffffffffffff, 0x8000) socket(0x10, 0x2, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000140), 0xffffffffffffffff) r0 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000100)='/dev/input/event0\x00', 0x80042, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000000000000000) sendmsg$auto_HWSIM_CMD_NEW_RADIO(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x20}, 0x1, 0x0, 0x0, 0x4000010}, 0x0) ioctl$auto_EVIOCGMASK(r0, 0x80104592, &(0x7f0000000000)={0x1ffd, 0x800004, 0x9}) umask$auto(0x6) open(&(0x7f0000000080)='./file0\x00', 0x22ac2, 0x5d745cb200ae4d7b) write$auto(r0, 0x0, 0x47ffffdf2) ioctl$auto_EVIOCGEFFECTS(r0, 0x80044584, 0x0) 5.991768246s ago: executing program 1 (id=5796): madvise$auto(0x1, 0x9, 0xa) socket(0x21, 0x2, 0x2) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x40008000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) socketpair$auto(0x9, 0x1, 0x1, 0x0) setsockopt$auto(0x3, 0x1, 0x10, 0x0, 0x9) io_uring_setup$auto(0x1, 0x0) connect$auto(0x3, 0x0, 0x55) sendmmsg$auto(0x3, &(0x7f0000000000)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xac}, 0x5, 0x0, 0x1, 0x697b}, 0xed7138c}, 0x2, 0x9) recvmmsg$auto(0x4, 0x0, 0x7, 0xe, 0x0) shutdown$auto(0x200000003, 0x2) 5.991327009s ago: executing program 3 (id=5797): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/pci0000:00/0000:00:03.0/resource1\x00', 0x0, 0x0) openat$auto_lowpan_enable_fops_(0xffffffffffffff9c, &(0x7f0000000040), 0x42400, 0x0) socket(0xa, 0x1, 0x84) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x402, 0x300000000000) close_range$auto(0x2, 0x8, 0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptyt2\x00', 0x101e81, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/015/001\x00', 0xa901, 0x0) ioctl$auto_TIOCSETD2(r0, 0x5423, 0x0) socket(0xa, 0x3, 0x3b) socketpair$auto(0x5b, 0x2, 0x420000, 0x0) ioctl$auto_TIOCSETD2(r0, 0x5423, 0x0) socket(0x28, 0x1, 0x0) ioctl$auto_TIOCVHANGUP2(r0, 0x5437, 0x0) 5.229676995s ago: executing program 4 (id=5787): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/module/zswap/parameters/compressor\x00', 0xc0002, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0x9000000eb1, 0xfffffffffffffffa, 0x8000) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/ram1\x00', 0x6281, 0x0) ioctl$auto_BLKZEROOUT(r1, 0x127f, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x182b02, 0x0) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda1\x00', 0xe6e43, 0x0) ioctl$auto_BLKFLSBUF(r2, 0x1261, 0x0) lseek$auto(0x3, 0xffffffffff800002, 0x10) ioctl$auto_BLKFLSBUF(r2, 0x1261, 0x0) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0x20201, 0x0) ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0) unshare$auto(0x40000080) write$auto_ocfs2_control_fops_stack_user(r0, &(0x7f0000003900), 0x0) 5.228470091s ago: executing program 1 (id=5799): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/nullb0\x00', 0x14fa02, 0x0) mmap$auto(0x0, 0x810004, 0x400000000ffb, 0x8000000008011, 0x3, 0x8000) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) r1 = socket(0xa, 0x3, 0x3a) close$auto(r1) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(r1, 0x8, 0x0, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) r2 = open(0x0, 0x0, 0x408) getdents$auto(r2, 0x0, 0x400018) sendfile$auto(0x3, 0x3, 0x0, 0x400000000006) preadv2$auto(r0, &(0x7f0000000080)={0x0, 0x80000000}, 0x6, 0xffffffffffffffff, 0x4, 0x2e) 4.837243987s ago: executing program 2 (id=5788): openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vbi22\x00', 0x100, 0x0) r0 = open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154) syz_genetlink_get_family_id$auto_nl802154(0x0, 0xffffffffffffffff) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/audio\x00', 0x20342, 0x0) mmap$auto(0x0, 0x10001, 0xdf, 0x9b71, 0xffffffffffffffff, 0x0) socket(0xa, 0x1, 0x100) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f0000000180)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8\xa6\xb6\xaa\x96/OX\xba\x02\xc5\xc6B\x1d}Y\xbc@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf\xd6f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8', 0x100000a3d6) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x10000000000001ff, 0x9, 0xd3e, 0x20, 0x9687, 0x100000000000003, 0x3c2a19d5, 0x6, 0x3, 0x62, 0x8, 0x7, 0x6d3f, 0x6, 0xa, 0xfffffffffffffffe]}, 0x0) sendmsg$auto_NL80211_CMD_LEAVE_MESH(r0, &(0x7f0000000780)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000740)={0x0}, 0x1, 0x0, 0x0, 0x4048010}, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000380)={[0x1ff, 0x7, 0xfffffffffffffffb, 0x1000001, 0x4, 0x3, 0x3, 0x3, 0xffffffffffffffff, 0x3, 0x80000000003fffff, 0x3, 0x6d3c, 0x3, 0x2, 0x8000000000000006]}, 0x0) close_range$auto(0x2, 0xa, 0x0) 4.835734035s ago: executing program 3 (id=5789): openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vbi22\x00', 0x100, 0x0) r0 = open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154) syz_genetlink_get_family_id$auto_nl802154(0x0, 0xffffffffffffffff) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/audio\x00', 0x20342, 0x0) mmap$auto(0x0, 0x10001, 0xdf, 0x9b71, 0xffffffffffffffff, 0x0) socket(0xa, 0x1, 0x100) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f0000000180)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8\xa6\xb6\xaa\x96/OX\xba\x02\xc5\xc6B\x1d}Y\xbc@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf\xd6f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8', 0x100000a3d6) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x10000000000001ff, 0x9, 0xd3e, 0x20, 0x9687, 0x100000000000003, 0x3c2a19d5, 0x6, 0x3, 0x62, 0x8, 0x7, 0x6d3f, 0x6, 0xa, 0xfffffffffffffffe]}, 0x0) sendmsg$auto_NL80211_CMD_LEAVE_MESH(r0, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)={0x0}, 0x1, 0x0, 0x0, 0x4048010}, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000380)={[0x1ff, 0x7, 0xfffffffffffffffb, 0x1000001, 0x4, 0x3, 0x3, 0x3, 0xffffffffffffffff, 0x3, 0x80000000003fffff, 0x3, 0x6d3c, 0x3, 0x2, 0x8000000000000006]}, 0x0) close_range$auto(0x2, 0xa, 0x0) 3.482119888s ago: executing program 3 (id=5790): bind$auto(0x3, 0x0, 0x6a) sendmmsg$auto(0xffffffffffffffff, 0x0, 0x1, 0x8008) close_range$auto(0x2, 0x8, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x400000000000001, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) madvise$auto(0x0, 0x200007, 0x19) io_setup$auto(0x1, 0x0) r1 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) ioctl$auto_SNDCTL_DSP_SPEED(r1, 0xc0045002, &(0x7f0000000140)) ioctl$auto_SNDCTL_DSP_CHANNELS(r1, 0xc0045006, 0x0) write$auto(0x3, 0x0, 0x7fffffff) 3.480886056s ago: executing program 4 (id=5803): openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vbi22\x00', 0x100, 0x0) r0 = open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154) syz_genetlink_get_family_id$auto_nl802154(0x0, 0xffffffffffffffff) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/audio\x00', 0x20342, 0x0) mmap$auto(0x0, 0x10001, 0xdf, 0x9b71, 0xffffffffffffffff, 0x0) socket(0xa, 0x1, 0x100) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f0000000180)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8\xa6\xb6\xaa\x96/OX\xba\x02\xc5\xc6B\x1d}Y\xbc@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf\xd6f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8', 0x100000a3d6) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x10000000000001ff, 0x9, 0xd3e, 0x20, 0x9687, 0x100000000000003, 0x3c2a19d5, 0x6, 0x3, 0x62, 0x8, 0x7, 0x6d3f, 0x6, 0xa, 0xfffffffffffffffe]}, 0x0) sendmsg$auto_NL80211_CMD_LEAVE_MESH(r0, &(0x7f0000000780)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000740)={0x0}, 0x1, 0x0, 0x0, 0x4048010}, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000380)={[0x1ff, 0x7, 0xfffffffffffffffb, 0x1000001, 0x4, 0x3, 0x3, 0x3, 0xffffffffffffffff, 0x3, 0x80000000003fffff, 0x3, 0x6d3c, 0x3, 0x2, 0x8000000000000006]}, 0x0) close_range$auto(0x2, 0xa, 0x0) 3.480287594s ago: executing program 2 (id=5804): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x2000c000}, 0x0) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x1e, 0x4, 0x0) r0 = socket(0x1e, 0x4, 0x0) get_robust_list$auto(0x0, 0x0, 0x0) setsockopt$auto(r0, 0x10f, 0x87, 0x0, 0x14) setsockopt$auto(0x3, 0x10f, 0x87, 0x0, 0x14) recvmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0x2, &(0x7f0000000140)={0x0, 0x4da}, 0x6, 0x0, 0x8, 0x7ff}, 0x1000}, 0xffffffff, 0x4, 0x0) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x230) 2.215639502s ago: executing program 3 (id=5792): openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vbi22\x00', 0x100, 0x0) r0 = open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154) syz_genetlink_get_family_id$auto_nl802154(0x0, 0xffffffffffffffff) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/audio\x00', 0x20342, 0x0) mmap$auto(0x0, 0x10001, 0xdf, 0x9b71, 0xffffffffffffffff, 0x0) socket(0xa, 0x1, 0x100) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f0000000180)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8\xa6\xb6\xaa\x96/OX\xba\x02\xc5\xc6B\x1d}Y\xbc@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf\xd6f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8', 0x100000a3d6) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x10000000000001ff, 0x9, 0xd3e, 0x780, 0x9687, 0x100000000000003, 0x3c2a19d5, 0x6, 0x3, 0x62, 0x8, 0x7, 0x6d3f, 0x6, 0xa, 0xfffffffffffffffe]}, 0x0) sendmsg$auto_NL80211_CMD_LEAVE_MESH(r0, 0x0, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000380)={[0x1ff, 0x7, 0xfffffffffffffffb, 0x1000001, 0x4, 0x3, 0x3, 0x3, 0xffffffffffffffff, 0x3, 0x80000000003fffff, 0x3, 0x6d3c, 0x3, 0x2, 0x8000000000000006]}, 0x0) close_range$auto(0x2, 0xa, 0x0) 2.214623784s ago: executing program 4 (id=5806): socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/block/loop14/queue/dma_alignment\x00', 0x80000, 0x0) read$auto(r0, 0x0, 0x20) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3) unshare$auto(0x40000080) syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000180), 0xffffffffffffffff) write$auto(0xffffffffffffffff, &(0x7f00000001c0)='-\x00', 0x2fb) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) rename$auto(0x0, 0x0) madvise$auto(0x0, 0xff7fffffffff0001, 0x15) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) 2.214163758s ago: executing program 1 (id=5793): unshare$auto(0x40000080) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008012, 0xffffffffffffffff, 0x8000) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x480302, 0x0) ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r0, 0x0, 0x10001) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r1, &(0x7f0000000240)={0x0, 0x7}, 0x2) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/class/zram-control/hot_add\x00', 0x0, 0x0) unshare$auto(0x40000080) 2.101640269s ago: executing program 2 (id=5794): mmap$auto(0x0, 0x10000, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) unshare$auto(0x40000080) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) r0 = open$auto(&(0x7f0000000080)='./file0\x00', 0x5, 0x7e) fsconfig$auto_SHMEM_HUGE_NEVER(r0, 0x101, &(0x7f00000000c0)='\\\x00', &(0x7f0000000180)="4ca8df5cbd8c0367e15bc31bf91391c10d40529964be81134527ab1e3b54fd0e4ba23cf1d449c180ec53b15002ee040468e0c82384a0563e37f8360b2f8286ea8cb826641ed56f376743", 0x0) getpriority$auto_PRIO_USER(0x2, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$auto_TIPC_NL_BEARER_DISABLE(r1, &(0x7f0000002740)={0x0, 0x0, &(0x7f0000002700)={&(0x7f0000003a80)=ANY=[@ANYBLOB="03040000", @ANYRES16=r2, @ANYBLOB="010429bd7000fddbdf2502000000"], 0x14}, 0x1, 0x0, 0x0, 0x2400c001}, 0x8000) pipe2$auto(0x0, 0x80) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x109981, 0x0) write$auto(r3, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) 1.249951594s ago: executing program 2 (id=5798): mmap$auto(0x2, 0x2020009, 0x3, 0x20000000000eb1, 0xfffffffffffffffa, 0x8000) r0 = socket(0x2, 0x2, 0x0) connect$auto(r0, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x52) sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000440), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x4008) open(0x0, 0x161342, 0x100) setdomainname$auto(0x0, 0x7) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) mremap$auto(0x200000000000, 0x40000000004, 0xdc98, 0x3, 0x100000000) close_range$auto(0x2, 0x8, 0x0) memfd_create$auto(0x0, 0xe) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) write$auto(r1, &(0x7f0000000180)='\x05\x00\x00\x00', 0x80000005) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) 1.123365247s ago: executing program 2 (id=5800): socket$nl_generic(0x10, 0x3, 0x10) unshare$auto(0x40000080) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r0, 0x0, 0x100000a3d9) listen$auto(0x3, 0x81) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f2, 0x15) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_ETHTOOL_MSG_FEATURES_SET(r1, 0x0, 0x24048004) madvise$auto(0x0, 0x200007, 0x19) open_by_handle_at$auto(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x1b}, 0x403) 1.002634981s ago: executing program 3 (id=5801): mmap$auto(0x0, 0x400009, 0xdf, 0x9b72, 0x8000000000000003, 0x8000) socket(0x2, 0x1, 0x106) bind$auto(0x3, 0x0, 0x8) recvmmsg$auto(0x3, 0x0, 0x10000, 0x700, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) pwrite64$auto(0xc8, 0x0, 0xfdf0, 0x39) madvise$auto(0x0, 0xfffffffffffeffff, 0x15) mlockall$auto(0x7) prctl$auto(0x23, 0x2, 0x7fffffffefff, 0x0, 0x0) read$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffffff, 0x0, 0x0) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) socket(0x10, 0x2, 0x0) semctl$auto(0x1ff, 0x2, 0x13, 0x1) 0s ago: executing program 2 (id=5802): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000200)={{0x0, 0x0, 0x0, 0x2, 0x0, 0x7, 0xa507}, 0x800}, 0x7, 0x8) read$auto(r0, 0x0, 0x20) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x22, 0x2, 0x4) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda1\x00', 0xe6e43, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x100, 0x0) io_uring_setup$auto(0x6, 0x0) kernel console output (not intermixed with test programs): 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 921.633294][T18910] RSP: 002b:00007f6f51801028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 921.633319][T18910] RAX: ffffffffffffffda RBX: 00007f6f50c16090 RCX: 00007f6f5099c819 [ 921.633336][T18910] RDX: 0000000000000000 RSI: 0000200000000140 RDI: ffffffffffffff9c [ 921.633353][T18910] RBP: 00007f6f50a32c91 R08: 0000000000000000 R09: 0000000000000000 [ 921.633369][T18910] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 921.633385][T18910] R13: 00007f6f50c16128 R14: 00007f6f50c16090 R15: 00007ffcd078a2a8 [ 921.633417][T18910] [ 925.860691][ T5837] Bluetooth: hci2: unexpected subevent 0x18 length: 123 > 19 [ 925.868505][ T5837] Bluetooth: hci2: Unable to find connection for dst f9:56:cc:cc:70:a9 sid 0x00 [ 925.901310][T18985] binder: 18983:18985 ioctl c0306201 200000000000 returned -11 [ 926.881514][T19006] netlink: 306 bytes leftover after parsing attributes in process `syz.1.4375'. [ 927.978790][T19022] openvswitch: netlink: Unknown VXLAN extension attribute 0 [ 930.627878][T19059] netlink: 'syz.4.4390': attribute type 10 has an invalid length. [ 930.648066][T19059] netlink: 230 bytes leftover after parsing attributes in process `syz.4.4390'. [ 930.744660][T19063] netlink: 54 bytes leftover after parsing attributes in process `syz.3.4392'. [ 931.107210][T19067] netlink: 186 bytes leftover after parsing attributes in process `syz.2.4393'. [ 931.118445][ C0] sd 0:0:1:0: [sda] tag#213 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s [ 931.128816][ C0] sd 0:0:1:0: [sda] tag#213 CDB: Read(6) 08 00 00 00 09 00 00 00 00 00 00 00 [ 931.272483][T19075] netlink: 186 bytes leftover after parsing attributes in process `syz.2.4393'. [ 931.443703][T19080] FAULT_INJECTION: forcing a failure. [ 931.443703][T19080] name failslab, interval 1, probability 0, space 0, times 0 [ 931.583504][T19080] CPU: 0 UID: 0 PID: 19080 Comm: syz.4.4397 Tainted: G L syzkaller #0 PREEMPT(full) [ 931.583546][T19080] Tainted: [L]=SOFTLOCKUP [ 931.583561][T19080] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 931.583578][T19080] Call Trace: [ 931.583586][T19080] [ 931.583597][T19080] dump_stack_lvl+0x100/0x190 [ 931.583645][T19080] should_fail_ex.cold+0x5/0xa [ 931.583678][T19080] should_failslab+0xc2/0x120 [ 931.583705][T19080] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 931.583743][T19080] ? security_inode_alloc+0x3b/0x2c0 [ 931.583775][T19080] ? lockdep_init_map_type+0x5c/0x250 [ 931.583824][T19080] security_inode_alloc+0x3b/0x2c0 [ 931.583855][T19080] inode_init_always_gfp+0xcc0/0x1000 [ 931.583888][T19080] alloc_inode+0x8e/0x250 [ 931.583922][T19080] alloc_anon_inode+0x2a/0x3e0 [ 931.583952][T19080] ioctx_alloc+0x4dc/0x21a0 [ 931.583992][T19080] ? find_held_lock+0x2b/0x80 [ 931.584024][T19080] ? __pfx_ioctx_alloc+0x10/0x10 [ 931.584062][T19080] __x64_sys_io_setup+0xc9/0x220 [ 931.584096][T19080] do_syscall_64+0x10b/0xf80 [ 931.584134][T19080] ? clear_bhb_loop+0x40/0x90 [ 931.584165][T19080] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 931.584208][T19080] RIP: 0033:0x7f6f5099c819 [ 931.584229][T19080] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 931.584255][T19080] RSP: 002b:00007f6f51822028 EFLAGS: 00000246 ORIG_RAX: 00000000000000ce [ 931.584280][T19080] RAX: ffffffffffffffda RBX: 00007f6f50c15fa0 RCX: 00007f6f5099c819 [ 931.584298][T19080] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000007ffe [ 931.584320][T19080] RBP: 00007f6f50a32c91 R08: 0000000000000000 R09: 0000000000000000 [ 931.584336][T19080] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 931.584352][T19080] R13: 00007f6f50c16038 R14: 00007f6f50c15fa0 R15: 00007ffcd078a2a8 [ 931.584383][T19080] [ 932.079231][ T1306] ieee802154 phy0 wpan0: encryption failed: -22 [ 932.085956][ T1306] ieee802154 phy1 wpan1: encryption failed: -22 [ 932.272853][T19089] vivid-007: ================= START STATUS ================= [ 932.366596][T19089] vivid-007: Generate PTS: true [ 932.385645][T19089] vivid-007: Generate SCR: true [ 932.447458][T19089] tpg source WxH: 320x240 (Y'CbCr) [ 932.484845][T19089] tpg field: 1 [ 932.506812][T19089] tpg crop: (0,0)/320x240 [ 932.536445][T19089] tpg compose: (0,0)/320x240 [ 932.561468][T19089] tpg colorspace: 8 [ 932.579248][T19089] tpg transfer function: 0/0 [ 932.592251][T19089] tpg Y'CbCr encoding: 0/0 [ 932.613114][T19089] tpg quantization: 0/0 [ 932.628336][T19089] tpg RGB range: 0/2 [ 932.675047][T19089] vivid-007: ================== END STATUS ================== [ 933.018320][T19101] vcan0: tx drop: invalid sa for name 0x00000000000000fd [ 936.236769][T19144] sp0: Synchronizing with TNC [ 936.609674][T19137] Process accounting paused [ 936.926375][T19149] netlink: 25 bytes leftover after parsing attributes in process `syz.1.4420'. [ 937.149837][T19155] netlink: 330 bytes leftover after parsing attributes in process `syz.4.4421'. [ 937.523498][T19157] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4422'. [ 938.135166][T19168] dmxdev: DVB (dvb_dmxdev_filter_start): could not set feed [ 938.203039][T19168] dvb_demux: dvb_demux_feed_del: feed not in list (type=1 state=0 pid=ffff) [ 938.860527][T19184] netlink: 334 bytes leftover after parsing attributes in process `syz.2.4430'. [ 940.128803][T19201] netlink: 504 bytes leftover after parsing attributes in process `syz.1.4436'. [ 941.149361][T19214] sd 0:0:1:0: device reset [ 941.331526][T19176] Process accounting paused [ 941.594862][T19224] syz.3.4444 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 941.671216][T19224] FAULT_INJECTION: forcing a failure. [ 941.671216][T19224] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 941.757903][T19224] CPU: 0 UID: 0 PID: 19224 Comm: syz.3.4444 Tainted: G L syzkaller #0 PREEMPT(full) [ 941.757945][T19224] Tainted: [L]=SOFTLOCKUP [ 941.757955][T19224] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 941.757971][T19224] Call Trace: [ 941.757980][T19224] [ 941.757990][T19224] dump_stack_lvl+0x100/0x190 [ 941.758038][T19224] should_fail_ex.cold+0x5/0xa [ 941.758066][T19224] ? prepare_alloc_pages+0x16d/0x5f0 [ 941.758102][T19224] should_fail_alloc_page+0xeb/0x140 [ 941.758131][T19224] prepare_alloc_pages+0x1f0/0x5f0 [ 941.758161][T19224] ? __pfx_stack_trace_save+0x10/0x10 [ 941.758198][T19224] __alloc_frozen_pages_noprof+0x19a/0x2bc0 [ 941.758249][T19224] ? __lock_acquire+0x4a5/0x2630 [ 941.758293][T19224] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 941.758334][T19224] ? __lock_acquire+0x4a5/0x2630 [ 941.758388][T19224] ? find_held_lock+0x2b/0x80 [ 941.758419][T19224] ? is_bpf_text_address+0x8a/0x1a0 [ 941.758452][T19224] ? is_bpf_text_address+0x8a/0x1a0 [ 941.758485][T19224] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 941.758522][T19224] ? policy_nodemask+0xed/0x4f0 [ 941.758551][T19224] alloc_pages_mpol+0x1fb/0x540 [ 941.758586][T19224] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 941.758612][T19224] ? arch_stack_walk+0xa6/0xf0 [ 941.758651][T19224] folio_alloc_mpol_noprof+0x36/0x260 [ 941.758686][T19224] shmem_alloc_folio+0x135/0x160 [ 941.758721][T19224] shmem_alloc_and_add_folio+0x371/0xd40 [ 941.758768][T19224] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 941.758811][T19224] ? shmem_allowable_huge_orders+0x2bd/0x400 [ 941.758859][T19224] shmem_get_folio_gfp+0x6ab/0x1900 [ 941.758905][T19224] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 941.758946][T19224] ? filemap_map_pages+0x9c1/0x2140 [ 941.758992][T19224] ? __lock_acquire+0x4a5/0x2630 [ 941.759035][T19224] shmem_fault+0x1f9/0xa20 [ 941.759077][T19224] ? __pfx_shmem_fault+0x10/0x10 [ 941.759121][T19224] ? __pfx_filemap_map_pages+0x10/0x10 [ 941.759164][T19224] ? find_held_lock+0x2b/0x80 [ 941.759199][T19224] __do_fault+0x10b/0x440 [ 941.759225][T19224] do_fault+0xa99/0x1750 [ 941.759254][T19224] ? __pmd_alloc+0x3fb/0x950 [ 941.759285][T19224] __handle_mm_fault+0x187d/0x2a00 [ 941.759326][T19224] ? mt_find+0x45e/0x8e0 [ 941.759350][T19224] ? __pfx___handle_mm_fault+0x10/0x10 [ 941.759384][T19224] ? __pfx_mt_find+0x10/0x10 [ 941.759422][T19224] ? find_vma+0xbf/0x140 [ 941.759447][T19224] ? __pfx_find_vma+0x10/0x10 [ 941.759474][T19224] handle_mm_fault+0x36d/0xa20 [ 941.759516][T19224] do_user_addr_fault+0x74c/0x12f0 [ 941.759549][T19224] ? trace_page_fault_kernel+0x7a/0x200 [ 941.759590][T19224] exc_page_fault+0x6f/0xd0 [ 941.759629][T19224] asm_exc_page_fault+0x26/0x30 [ 941.759654][T19224] RIP: 0010:rep_movs_alternative+0x4a/0x90 [ 941.759685][T19224] Code: cc cc cc 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 73 e8 eb c5 a4 c3 cc cc cc cc 48 8b 06 48 89 07 48 8d 47 08 48 83 e0 f8 48 [ 941.759710][T19224] RSP: 0018:ffffc90004197cc8 EFLAGS: 00050202 [ 941.759731][T19224] RAX: 0000000000000001 RBX: 0000000000000000 RCX: 0000000000000078 [ 941.759747][T19224] RDX: 0000000000000001 RSI: 0000000000000000 RDI: ffffc90004197db0 [ 941.759763][T19224] RBP: 0000000000000078 R08: 0000000000000001 R09: fffff52000832fc4 [ 941.759779][T19224] R10: ffffc90004197e27 R11: 0000000000000000 R12: 0000000000000000 [ 941.759795][T19224] R13: ffffc90004197db0 R14: 0000000000000000 R15: dffffc0000000000 [ 941.759827][T19224] _copy_from_user+0x98/0xd0 [ 941.759859][T19224] io_uring_setup+0xc0/0x160 [ 941.759895][T19224] ? ksys_write+0x190/0x250 [ 941.759922][T19224] ? __pfx_io_uring_setup+0x10/0x10 [ 941.759960][T19224] ? do_futex+0x192/0x350 [ 941.759987][T19224] ? __pfx_do_futex+0x10/0x10 [ 941.760025][T19224] ? xfd_validate_state+0x129/0x190 [ 941.760050][T19224] ? ksys_write+0x1ac/0x250 [ 941.760080][T19224] __x64_sys_io_uring_setup+0xc2/0x170 [ 941.760118][T19224] do_syscall_64+0x10b/0xf80 [ 941.760156][T19224] ? clear_bhb_loop+0x40/0x90 [ 941.760187][T19224] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 941.760213][T19224] RIP: 0033:0x7f5af159c819 [ 941.760234][T19224] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 941.760259][T19224] RSP: 002b:00007f5af2431028 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 941.760282][T19224] RAX: ffffffffffffffda RBX: 00007f5af1815fa0 RCX: 00007f5af159c819 [ 941.760299][T19224] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 [ 941.760314][T19224] RBP: 00007f5af1632c91 R08: 0000000000000000 R09: 0000000000000000 [ 941.760330][T19224] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 941.760346][T19224] R13: 00007f5af1816038 R14: 00007f5af1815fa0 R15: 00007fffdab688b8 [ 941.760377][T19224] [ 943.627479][T19257] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4452'. [ 943.709309][T19259] vcan0: tx drop: invalid sa for name 0x00000000000000fd [ 943.807283][T19261] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4454'. [ 943.873404][T19262] netlink: 25 bytes leftover after parsing attributes in process `syz.3.4454'. [ 945.091721][T19286] input: jJǸ-9%vJ86 as /devices/virtual/input/input8 [ 948.185432][T19316] sp0: Synchronizing with TNC [ 948.475403][T19326] netlink: 'syz.4.4472': attribute type 15 has an invalid length. [ 948.534317][T19326] netlink: 'syz.4.4472': attribute type 16 has an invalid length. [ 948.593730][T19326] netlink: 194 bytes leftover after parsing attributes in process `syz.4.4472'. [ 949.740285][ T30] audit: type=1800 audit(1776545357.812:13): pid=19349 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.4478" name="dummy_udc" dev="gadgetfs" ino=7259 res=0 errno=0 [ 953.210348][T19422] random: crng reseeded on system resumption [ 953.725693][T19428] netlink: 13 bytes leftover after parsing attributes in process `syz.2.4494'. [ 954.731083][T19446] warning: `syz.1.4500' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 955.307719][T19457] netlink: 202 bytes leftover after parsing attributes in process `syz.3.4504'. [ 955.327989][T19449] sp0: Synchronizing with TNC [ 956.773969][T19475] netlink: 342 bytes leftover after parsing attributes in process `syz.3.4511'. [ 957.539248][T19489] random: crng reseeded on system resumption [ 958.065237][ T5837] Bluetooth: hci2: unexpected subevent 0x01 length: 3 < 18 [ 958.507180][T19497] input: jJǸ-9%vJ86 as /devices/virtual/input/input9 [ 958.888485][T19507] sp0: Synchronizing with TNC [ 962.560573][T19578] input: jJǸ-9%vJ86 as /devices/virtual/input/input10 [ 967.947289][T19638] Process accounting resumed [ 968.143714][T19656] random: crng reseeded on system resumption [ 968.677983][T19664] random: crng reseeded on system resumption [ 968.915864][T19673] netlink: 330 bytes leftover after parsing attributes in process `syz.3.4577'. [ 971.148523][T19722] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4580'. [ 971.211306][T19722] netlink: 'syz.4.4580': attribute type 1 has an invalid length. [ 971.265643][T19722] netlink: 13 bytes leftover after parsing attributes in process `syz.4.4580'. [ 971.977478][T19736] netlink: 54 bytes leftover after parsing attributes in process `syz.2.4581'. [ 972.344581][T19716] Process accounting resumed [ 972.584465][T19748] random: crng reseeded on system resumption [ 973.326473][T19758] netlink: 342 bytes leftover after parsing attributes in process `syz.4.4589'. [ 977.059794][T19822] netlink: 266 bytes leftover after parsing attributes in process `syz.3.4610'. [ 977.812508][T19838] netlink: 342 bytes leftover after parsing attributes in process `syz.3.4614'. [ 979.145926][T19855] netlink: 'syz.2.4620': attribute type 11 has an invalid length. [ 980.961194][T19879] netlink: 440 bytes leftover after parsing attributes in process `syz.3.4626'. [ 981.015551][T19879] netlink: 350 bytes leftover after parsing attributes in process `syz.3.4626'. [ 981.319897][T19886] random: crng reseeded on system resumption [ 983.641278][T19915] random: crng reseeded on system resumption [ 988.218090][T19961] FAULT_INJECTION: forcing a failure. [ 988.218090][T19961] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 988.317885][T19961] CPU: 0 UID: 0 PID: 19961 Comm: syz.4.4648 Tainted: G L syzkaller #0 PREEMPT(full) [ 988.317924][T19961] Tainted: [L]=SOFTLOCKUP [ 988.317934][T19961] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 988.317949][T19961] Call Trace: [ 988.317958][T19961] [ 988.317967][T19961] dump_stack_lvl+0x100/0x190 [ 988.318021][T19961] should_fail_ex.cold+0x5/0xa [ 988.318053][T19961] _copy_from_user+0x2e/0xd0 [ 988.318083][T19961] memdup_user+0x6b/0xe0 [ 988.318107][T19961] strndup_user+0x78/0xe0 [ 988.318132][T19961] __x64_sys_fsopen+0x9e/0x220 [ 988.318168][T19961] do_syscall_64+0x10b/0xf80 [ 988.318212][T19961] ? clear_bhb_loop+0x40/0x90 [ 988.318243][T19961] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 988.318268][T19961] RIP: 0033:0x7f6f5099c819 [ 988.318288][T19961] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 988.318314][T19961] RSP: 002b:00007f6f51801028 EFLAGS: 00000246 ORIG_RAX: 00000000000001ae [ 988.318337][T19961] RAX: ffffffffffffffda RBX: 00007f6f50c16090 RCX: 00007f6f5099c819 [ 988.318354][T19961] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 988.318369][T19961] RBP: 00007f6f50a32c91 R08: 0000000000000000 R09: 0000000000000000 [ 988.318384][T19961] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 988.318399][T19961] R13: 00007f6f50c16128 R14: 00007f6f50c16090 R15: 00007ffcd078a2a8 [ 988.318430][T19961] [ 989.724180][T19974] random: crng reseeded on system resumption [ 993.046586][ T1306] ieee802154 phy0 wpan0: encryption failed: -22 [ 993.053031][ T1306] ieee802154 phy1 wpan1: encryption failed: -22 [ 994.456957][T20025] FAULT_INJECTION: forcing a failure. [ 994.456957][T20025] name failslab, interval 1, probability 0, space 0, times 0 [ 994.589180][T20025] CPU: 0 UID: 0 PID: 20025 Comm: syz.3.4664 Tainted: G L syzkaller #0 PREEMPT(full) [ 994.589223][T20025] Tainted: [L]=SOFTLOCKUP [ 994.589233][T20025] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 994.589261][T20025] Call Trace: [ 994.589269][T20025] [ 994.589279][T20025] dump_stack_lvl+0x100/0x190 [ 994.589327][T20025] should_fail_ex.cold+0x5/0xa [ 994.589358][T20025] should_failslab+0xc2/0x120 [ 994.589385][T20025] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 994.589422][T20025] ? __proc_create+0x2cb/0x8c0 [ 994.589454][T20025] __proc_create+0x2cb/0x8c0 [ 994.589499][T20025] ? __pfx___proc_create+0x10/0x10 [ 994.589531][T20025] ? _raw_write_unlock+0x28/0x50 [ 994.589572][T20025] proc_create_reg+0x75/0x170 [ 994.589603][T20025] proc_create_data+0x86/0x110 [ 994.589632][T20025] ? __pfx_proc_create_data+0x10/0x10 [ 994.589661][T20025] ? cache_register_net+0x137/0x5e0 [ 994.589691][T20025] ? cache_register_net+0x137/0x5e0 [ 994.589726][T20025] cache_register_net+0x1e0/0x5e0 [ 994.589758][T20025] nfsd_idmap_init+0xb6/0x250 [ 994.589805][T20025] ? __pfx_nfsd_net_init+0x10/0x10 [ 994.589837][T20025] nfsd_net_init+0x69/0x3d0 [ 994.589870][T20025] ? __pfx_nfsd_net_init+0x10/0x10 [ 994.589901][T20025] ops_init+0x1e2/0x5f0 [ 994.589932][T20025] setup_net+0x118/0x3a0 [ 994.589960][T20025] ? __pfx_setup_net+0x10/0x10 [ 994.589988][T20025] ? mutex_init_lockdep+0xf1/0x120 [ 994.590018][T20025] copy_net_ns+0x46f/0x7c0 [ 994.590051][T20025] create_new_namespaces+0x3ea/0xac0 [ 994.590090][T20025] unshare_nsproxy_namespaces+0xf2/0x220 [ 994.590125][T20025] ksys_unshare+0x438/0xab0 [ 994.590163][T20025] ? __pfx_ksys_unshare+0x10/0x10 [ 994.590201][T20025] ? xfd_validate_state+0x129/0x190 [ 994.590235][T20025] __x64_sys_unshare+0x31/0x40 [ 994.590272][T20025] do_syscall_64+0x10b/0xf80 [ 994.590310][T20025] ? clear_bhb_loop+0x40/0x90 [ 994.590341][T20025] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 994.590367][T20025] RIP: 0033:0x7f5af159c819 [ 994.590388][T20025] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 994.590414][T20025] RSP: 002b:00007f5af2431028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 994.590438][T20025] RAX: ffffffffffffffda RBX: 00007f5af1815fa0 RCX: 00007f5af159c819 [ 994.590455][T20025] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 994.590471][T20025] RBP: 00007f5af1632c91 R08: 0000000000000000 R09: 0000000000000000 [ 994.590488][T20025] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 994.590503][T20025] R13: 00007f5af1816038 R14: 00007f5af1815fa0 R15: 00007fffdab688b8 [ 994.590535][T20025] [ 996.381806][T20040] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4669'. [ 996.900817][T20050] random: crng reseeded on system resumption [ 999.859983][T20062] Process accounting paused [ 1002.007915][T20103] netlink: 25 bytes leftover after parsing attributes in process `syz.1.4688'. [ 1003.207036][T20117] FAULT_INJECTION: forcing a failure. [ 1003.207036][T20117] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1003.331586][T20117] CPU: 0 UID: 0 PID: 20117 Comm: syz.2.4693 Tainted: G L syzkaller #0 PREEMPT(full) [ 1003.331626][T20117] Tainted: [L]=SOFTLOCKUP [ 1003.331635][T20117] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1003.331650][T20117] Call Trace: [ 1003.331658][T20117] [ 1003.331668][T20117] dump_stack_lvl+0x100/0x190 [ 1003.331715][T20117] should_fail_ex.cold+0x5/0xa [ 1003.331742][T20117] ? prepare_alloc_pages+0x16d/0x5f0 [ 1003.331774][T20117] should_fail_alloc_page+0xeb/0x140 [ 1003.331821][T20117] prepare_alloc_pages+0x1f0/0x5f0 [ 1003.331850][T20117] ? kasan_save_stack+0x30/0x50 [ 1003.331889][T20117] ? kasan_save_track+0x14/0x30 [ 1003.331931][T20117] __alloc_frozen_pages_noprof+0x19a/0x2bc0 [ 1003.331971][T20117] ? shmem_get_folio_gfp+0x56c/0x1900 [ 1003.332011][T20117] ? __do_fault+0x10b/0x440 [ 1003.332032][T20117] ? do_fault+0xa99/0x1750 [ 1003.332061][T20117] ? __handle_mm_fault+0x187d/0x2a00 [ 1003.332101][T20117] ? handle_mm_fault+0x36d/0xa20 [ 1003.332135][T20117] ? do_user_addr_fault+0x74c/0x12f0 [ 1003.332165][T20117] ? exc_page_fault+0x6f/0xd0 [ 1003.332200][T20117] ? asm_exc_page_fault+0x26/0x30 [ 1003.332225][T20117] ? strnlen_user+0x55/0x190 [ 1003.332254][T20117] ? strndup_user+0x27/0xe0 [ 1003.332277][T20117] ? __x64_sys_fsopen+0x9e/0x220 [ 1003.332311][T20117] ? do_syscall_64+0x10b/0xf80 [ 1003.332348][T20117] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1003.332382][T20117] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 1003.332429][T20117] ? __lock_acquire+0x4a5/0x2630 [ 1003.332469][T20117] ? __lock_acquire+0x4a5/0x2630 [ 1003.332510][T20117] ? zswap_entry_free+0x355/0x5e0 [ 1003.332548][T20117] ? lock_acquire+0x1b1/0x370 [ 1003.332585][T20117] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1003.332623][T20117] ? policy_nodemask+0xed/0x4f0 [ 1003.332652][T20117] alloc_pages_mpol+0x1fb/0x540 [ 1003.332680][T20117] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 1003.332707][T20117] ? swap_entry_swapped+0x20c/0x2a0 [ 1003.332734][T20117] ? __pfx_swap_entry_swapped+0x10/0x10 [ 1003.332765][T20117] folio_alloc_mpol_noprof+0x36/0x260 [ 1003.332799][T20117] swap_cache_alloc_folio+0x1a8/0x300 [ 1003.332840][T20117] ? __pfx_swap_cache_alloc_folio+0x10/0x10 [ 1003.332887][T20117] swap_cluster_readahead+0x411/0x770 [ 1003.332933][T20117] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 1003.332978][T20117] ? swap_table_get+0x10d/0x2c0 [ 1003.333021][T20117] ? do_raw_spin_lock+0x128/0x260 [ 1003.333052][T20117] shmem_swapin_folio+0x2194/0x2b20 [ 1003.333100][T20117] ? filemap_get_entry+0x22d/0x450 [ 1003.333147][T20117] ? filemap_get_entry+0x237/0x450 [ 1003.333188][T20117] ? __pfx_shmem_swapin_folio+0x10/0x10 [ 1003.333235][T20117] ? __pfx_filemap_get_entry+0x10/0x10 [ 1003.333276][T20117] ? xas_start+0x153/0x790 [ 1003.333321][T20117] ? xas_find+0x32c/0x8e0 [ 1003.333364][T20117] shmem_get_folio_gfp+0x56c/0x1900 [ 1003.333412][T20117] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 1003.333452][T20117] ? filemap_map_pages+0x9c1/0x2140 [ 1003.333496][T20117] shmem_fault+0x1f9/0xa20 [ 1003.333537][T20117] ? __pfx_shmem_fault+0x10/0x10 [ 1003.333574][T20117] ? __lock_acquire+0x4a5/0x2630 [ 1003.333618][T20117] ? __pfx_filemap_map_pages+0x10/0x10 [ 1003.333660][T20117] ? find_held_lock+0x2b/0x80 [ 1003.333695][T20117] __do_fault+0x10b/0x440 [ 1003.333720][T20117] do_fault+0xa99/0x1750 [ 1003.333754][T20117] __handle_mm_fault+0x187d/0x2a00 [ 1003.333794][T20117] ? mt_find+0x45e/0x8e0 [ 1003.333819][T20117] ? __pfx___handle_mm_fault+0x10/0x10 [ 1003.333853][T20117] ? __pfx_mt_find+0x10/0x10 [ 1003.333891][T20117] ? find_vma+0xbf/0x140 [ 1003.333915][T20117] ? __pfx_find_vma+0x10/0x10 [ 1003.333943][T20117] handle_mm_fault+0x36d/0xa20 [ 1003.333985][T20117] do_user_addr_fault+0x74c/0x12f0 [ 1003.334019][T20117] ? trace_page_fault_kernel+0x7a/0x200 [ 1003.334050][T20117] exc_page_fault+0x6f/0xd0 [ 1003.334093][T20117] asm_exc_page_fault+0x26/0x30 [ 1003.334119][T20117] RIP: 0010:strnlen_user+0x55/0x190 [ 1003.334151][T20117] Code: fc 4d 85 ff 0f 8e 49 01 00 00 e8 d6 04 de fc 48 b8 00 f0 ff ff ff 7f 00 00 48 39 c3 48 0f 47 d8 0f 01 cb 49 89 dd 49 83 e5 f8 <4d> 8b 75 00 e8 b2 04 de fc 48 8b 4c 24 10 83 e3 07 b8 01 00 00 00 [ 1003.334176][T20117] RSP: 0018:ffffc900036a7e60 EFLAGS: 00050246 [ 1003.334198][T20117] RAX: 00007ffffffff000 RBX: 0000000000000000 RCX: ffffc900075da000 [ 1003.334215][T20117] RDX: 0000000000080000 RSI: ffffffff852ac08a RDI: ffff888020f69ec0 [ 1003.334232][T20117] RBP: 0000000000001000 R08: 0000000000000007 R09: 0000000000000000 [ 1003.334248][T20117] R10: 0000000000001000 R11: 0000000000000000 R12: fffffffffffffff2 [ 1003.334265][T20117] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000001000 [ 1003.334289][T20117] ? strnlen_user+0x3a/0x190 [ 1003.334329][T20117] strndup_user+0x27/0xe0 [ 1003.334355][T20117] __x64_sys_fsopen+0x9e/0x220 [ 1003.334392][T20117] do_syscall_64+0x10b/0xf80 [ 1003.334430][T20117] ? clear_bhb_loop+0x40/0x90 [ 1003.334461][T20117] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1003.334487][T20117] RIP: 0033:0x7f4f29f9c819 [ 1003.334507][T20117] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1003.334531][T20117] RSP: 002b:00007f4f2ae14028 EFLAGS: 00000246 ORIG_RAX: 00000000000001ae [ 1003.334553][T20117] RAX: ffffffffffffffda RBX: 00007f4f2a216090 RCX: 00007f4f29f9c819 [ 1003.334570][T20117] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 1003.334585][T20117] RBP: 00007f4f2a032c91 R08: 0000000000000000 R09: 0000000000000000 [ 1003.334601][T20117] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1003.334616][T20117] R13: 00007f4f2a216128 R14: 00007f4f2a216090 R15: 00007ffe27d13e88 [ 1003.334647][T20117] [ 1004.315159][T20106] Process accounting paused [ 1006.374708][T20139] FAULT_INJECTION: forcing a failure. [ 1006.374708][T20139] name failslab, interval 1, probability 0, space 0, times 0 [ 1006.432215][T20139] CPU: 0 UID: 14 PID: 20139 Comm: syz.3.4705 Tainted: G L syzkaller #0 PREEMPT(full) [ 1006.432255][T20139] Tainted: [L]=SOFTLOCKUP [ 1006.432264][T20139] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1006.432279][T20139] Call Trace: [ 1006.432286][T20139] [ 1006.432295][T20139] dump_stack_lvl+0x100/0x190 [ 1006.432341][T20139] should_fail_ex.cold+0x5/0xa [ 1006.432372][T20139] should_failslab+0xc2/0x120 [ 1006.432398][T20139] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 1006.432433][T20139] ? taskstats_exit+0x67b/0xc10 [ 1006.432466][T20139] ? rcu_is_watching+0x12/0xc0 [ 1006.432498][T20139] taskstats_exit+0x67b/0xc10 [ 1006.432528][T20139] ? __pfx_acct_update_integrals+0x10/0x10 [ 1006.432566][T20139] ? __pfx_taskstats_exit+0x10/0x10 [ 1006.432599][T20139] ? rcu_read_lock_any_held+0x6a/0xa0 [ 1006.432630][T20139] ? exit_signals+0x395/0xaf0 [ 1006.432662][T20139] do_exit+0x65c/0x2a60 [ 1006.432701][T20139] ? __pfx_do_exit+0x10/0x10 [ 1006.432736][T20139] ? do_raw_spin_lock+0x128/0x260 [ 1006.432762][T20139] ? find_held_lock+0x2b/0x80 [ 1006.432791][T20139] ? get_signal+0x7e0/0x21e0 [ 1006.432822][T20139] do_group_exit+0xd5/0x2a0 [ 1006.432860][T20139] get_signal+0x1ec7/0x21e0 [ 1006.432902][T20139] ? __pfx_get_signal+0x10/0x10 [ 1006.432940][T20139] ? do_futex+0x192/0x350 [ 1006.432968][T20139] arch_do_signal_or_restart+0x91/0x770 [ 1006.433003][T20139] ? rcu_is_watching+0x12/0xc0 [ 1006.433030][T20139] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 1006.433072][T20139] ? __pfx___x64_sys_futex+0x10/0x10 [ 1006.433098][T20139] ? rcu_is_watching+0x12/0xc0 [ 1006.433128][T20139] exit_to_user_mode_loop+0x86/0x4a0 [ 1006.433166][T20139] ? do_syscall_64+0x519/0xf80 [ 1006.433207][T20139] do_syscall_64+0x6f2/0xf80 [ 1006.433241][T20139] ? clear_bhb_loop+0x40/0x90 [ 1006.433271][T20139] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1006.433296][T20139] RIP: 0033:0x7f5af159c819 [ 1006.433316][T20139] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1006.433340][T20139] RSP: 002b:00007f5af24310e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1006.433363][T20139] RAX: fffffffffffffe00 RBX: 00007f5af1815fa8 RCX: 00007f5af159c819 [ 1006.433380][T20139] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f5af1815fa8 [ 1006.433395][T20139] RBP: 00007f5af1815fa0 R08: 0000000000000000 R09: 0000000000000000 [ 1006.433410][T20139] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1006.433424][T20139] R13: 00007f5af1816038 R14: 00007fffdab687d0 R15: 00007fffdab688b8 [ 1006.433454][T20139] [ 1008.656432][T20168] FAULT_INJECTION: forcing a failure. [ 1008.656432][T20168] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1008.760745][T20168] CPU: 0 UID: 0 PID: 20168 Comm: syz.3.4711 Tainted: G L syzkaller #0 PREEMPT(full) [ 1008.760787][T20168] Tainted: [L]=SOFTLOCKUP [ 1008.760797][T20168] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1008.760812][T20168] Call Trace: [ 1008.760820][T20168] [ 1008.760831][T20168] dump_stack_lvl+0x100/0x190 [ 1008.760880][T20168] should_fail_ex.cold+0x5/0xa [ 1008.760911][T20168] _copy_from_user+0x2e/0xd0 [ 1008.760944][T20168] memdup_user+0x6b/0xe0 [ 1008.760968][T20168] strndup_user+0x78/0xe0 [ 1008.760994][T20168] __x64_sys_fsopen+0x9e/0x220 [ 1008.761031][T20168] do_syscall_64+0x10b/0xf80 [ 1008.761069][T20168] ? clear_bhb_loop+0x40/0x90 [ 1008.761100][T20168] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1008.761126][T20168] RIP: 0033:0x7f5af159c819 [ 1008.761146][T20168] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1008.761173][T20168] RSP: 002b:00007f5af2410028 EFLAGS: 00000246 ORIG_RAX: 00000000000001ae [ 1008.761197][T20168] RAX: ffffffffffffffda RBX: 00007f5af1816090 RCX: 00007f5af159c819 [ 1008.761215][T20168] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 1008.761230][T20168] RBP: 00007f5af1632c91 R08: 0000000000000000 R09: 0000000000000000 [ 1008.761246][T20168] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1008.761262][T20168] R13: 00007f5af1816128 R14: 00007f5af1816090 R15: 00007fffdab688b8 [ 1008.761294][T20168] [ 1009.456994][T20176] netlink: 206 bytes leftover after parsing attributes in process `syz.1.4722'. [ 1010.413589][T20193] FAULT_INJECTION: forcing a failure. [ 1010.413589][T20193] name failslab, interval 1, probability 0, space 0, times 0 [ 1010.494947][T20193] CPU: 0 UID: 14 PID: 20193 Comm: syz.4.4719 Tainted: G L syzkaller #0 PREEMPT(full) [ 1010.494988][T20193] Tainted: [L]=SOFTLOCKUP [ 1010.494997][T20193] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1010.495013][T20193] Call Trace: [ 1010.495021][T20193] [ 1010.495031][T20193] dump_stack_lvl+0x100/0x190 [ 1010.495080][T20193] should_fail_ex.cold+0x5/0xa [ 1010.495113][T20193] should_failslab+0xc2/0x120 [ 1010.495141][T20193] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1010.495175][T20193] ? assoc_array_insert+0x10b/0x32c0 [ 1010.495207][T20193] assoc_array_insert+0x10b/0x32c0 [ 1010.495234][T20193] ? __mutex_lock+0x26d/0x1b10 [ 1010.495279][T20193] ? key_link+0x2bb/0x390 [ 1010.495311][T20193] ? __pfx_assoc_array_insert+0x10/0x10 [ 1010.495335][T20193] ? __pfx___might_resched+0x10/0x10 [ 1010.495369][T20193] ? down_write+0x146/0x1f0 [ 1010.495399][T20193] __key_link_begin+0xf5/0x260 [ 1010.495424][T20193] key_link+0x103/0x390 [ 1010.495447][T20193] ? __pfx_keyring_search_iterator+0x10/0x10 [ 1010.495488][T20193] ? __pfx_key_link+0x10/0x10 [ 1010.495513][T20193] ? keyring_alloc+0x8e/0xc0 [ 1010.495554][T20193] look_up_user_keyrings+0x55e/0x790 [ 1010.495590][T20193] ? __pfx_look_up_user_keyrings+0x10/0x10 [ 1010.495627][T20193] ? futex_wait+0x11e/0x370 [ 1010.495660][T20193] ? __pfx_futex_wait+0x10/0x10 [ 1010.495699][T20193] lookup_user_key+0xbb1/0x1300 [ 1010.495734][T20193] ? __pfx_lookup_user_key+0x10/0x10 [ 1010.495775][T20193] ? __pfx_lookup_user_key_possessed+0x10/0x10 [ 1010.495813][T20193] ? __x64_sys_futex+0x34f/0x4d0 [ 1010.495839][T20193] ? __x64_sys_futex+0x358/0x4d0 [ 1010.495872][T20193] keyctl_session_to_parent+0x28/0xae0 [ 1010.495908][T20193] __do_sys_keyctl+0x2b1/0x5a0 [ 1010.495940][T20193] do_syscall_64+0x10b/0xf80 [ 1010.495978][T20193] ? clear_bhb_loop+0x40/0x90 [ 1010.496009][T20193] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1010.496036][T20193] RIP: 0033:0x7f6f5099c819 [ 1010.496056][T20193] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1010.496082][T20193] RSP: 002b:00007f6f51822028 EFLAGS: 00000246 ORIG_RAX: 00000000000000fa [ 1010.496107][T20193] RAX: ffffffffffffffda RBX: 00007f6f50c15fa0 RCX: 00007f6f5099c819 [ 1010.496125][T20193] RDX: fffffffffffffffd RSI: fffffffffffffffc RDI: 0000000000000012 [ 1010.496142][T20193] RBP: 00007f6f50a32c91 R08: 0000000000000001 R09: 0000000000000000 [ 1010.496158][T20193] R10: fffffffffffffffd R11: 0000000000000246 R12: 0000000000000000 [ 1010.496174][T20193] R13: 00007f6f50c16038 R14: 00007f6f50c15fa0 R15: 00007ffcd078a2a8 [ 1010.496207][T20193] [ 1011.865631][T20210] netlink: 'syz.2.4725': attribute type 8 has an invalid length. [ 1013.008084][T20226] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4733'. [ 1013.753545][T20240] netlink: 62 bytes leftover after parsing attributes in process `syz.2.4738'. [ 1014.353982][T20249] netlink: 16 bytes leftover after parsing attributes in process `syz.3.4740'. [ 1014.697011][T20258] netlink: 'syz.3.4745': attribute type 1 has an invalid length. [ 1014.735203][T20258] netlink: 330 bytes leftover after parsing attributes in process `syz.3.4745'. [ 1016.141821][T20272] netlink: 330 bytes leftover after parsing attributes in process `syz.2.4759'. [ 1016.175678][T20274] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4750'. [ 1018.753921][T20321] netlink: 25 bytes leftover after parsing attributes in process `syz.1.4768'. [ 1019.420854][T20333] netlink: 'syz.2.4773': attribute type 28 has an invalid length. [ 1019.496239][T20333] netlink: 'syz.2.4773': attribute type 3 has an invalid length. [ 1019.559783][T20333] netlink: 306 bytes leftover after parsing attributes in process `syz.2.4773'. [ 1020.119510][T20352] ubi0: attaching mtd0 [ 1020.153357][T20352] ubi0 error: ubi_add_to_av: two LEBs with same sequence number 2 [ 1020.196026][T20352] eraseblock attaching information dump: [ 1020.221034][T20352] ec 1 [ 1020.235145][T20352] pnum 1 [ 1020.248710][T20352] lnum 1 [ 1020.260991][T20352] scrub 0 [ 1020.274220][T20352] sqnum 2 [ 1020.286667][T20358] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4780'. [ 1020.304710][T20352] Volume identifier header dump: [ 1020.330109][T20352] magic 55424921 [ 1020.363149][T20352] version 1 [ 1020.379798][T20352] vol_type 1 [ 1020.395327][T20352] copy_flag 0 [ 1020.438433][T20352] compat 5 [ 1020.486066][T20352] vol_id 2147479551 [ 1020.544207][T20352] lnum 1 [ 1020.584273][T20352] data_size 0 [ 1020.615329][T20352] used_ebs 0 [ 1020.642053][T20352] data_pad 0 [ 1020.669225][T20352] sqnum 2 [ 1020.690613][T20352] hdr_crc 7beff9af [ 1020.711244][T20352] Volume identifier header hexdump: [ 1020.762418][T20365] sp0: Synchronizing with TNC [ 1020.900619][T20363] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1020.919125][T20352] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 1021.453558][T20363] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1021.660661][T20363] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1021.857803][T20363] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1022.470595][T20393] FAULT_INJECTION: forcing a failure. [ 1022.470595][T20393] name failslab, interval 1, probability 0, space 0, times 0 [ 1022.544545][T20393] CPU: 0 UID: 0 PID: 20393 Comm: syz.3.4793 Tainted: G L syzkaller #0 PREEMPT(full) [ 1022.544586][T20393] Tainted: [L]=SOFTLOCKUP [ 1022.544596][T20393] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1022.544612][T20393] Call Trace: [ 1022.544620][T20393] [ 1022.544630][T20393] dump_stack_lvl+0x100/0x190 [ 1022.544678][T20393] should_fail_ex.cold+0x5/0xa [ 1022.544711][T20393] should_failslab+0xc2/0x120 [ 1022.544746][T20393] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 1022.544786][T20393] ? __d_alloc+0x34/0xa80 [ 1022.544815][T20393] ? __pfx_find_ucounts+0x10/0x10 [ 1022.544857][T20393] __d_alloc+0x34/0xa80 [ 1022.544889][T20393] d_alloc_pseudo+0x1c/0xc0 [ 1022.544926][T20393] alloc_file_pseudo+0xcf/0x230 [ 1022.544961][T20393] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 1022.544997][T20393] ? _raw_spin_unlock+0x28/0x50 [ 1022.545030][T20393] ? alloc_fd+0x476/0x790 [ 1022.545058][T20393] __anon_inode_getfile+0xe8/0x280 [ 1022.545094][T20393] __anon_inode_getfd+0x5c/0xe0 [ 1022.545130][T20393] do_inotify_init+0x483/0x5e0 [ 1022.545172][T20393] __x64_sys_inotify_init1+0x30/0x40 [ 1022.545210][T20393] do_syscall_64+0x10b/0xf80 [ 1022.545247][T20393] ? clear_bhb_loop+0x40/0x90 [ 1022.545278][T20393] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1022.545304][T20393] RIP: 0033:0x7f5af159c819 [ 1022.545324][T20393] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1022.545349][T20393] RSP: 002b:00007f5af2431028 EFLAGS: 00000246 ORIG_RAX: 0000000000000126 [ 1022.545373][T20393] RAX: ffffffffffffffda RBX: 00007f5af1815fa0 RCX: 00007f5af159c819 [ 1022.545390][T20393] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0003000000000000 [ 1022.545406][T20393] RBP: 00007f5af1632c91 R08: 0000000000000000 R09: 0000000000000000 [ 1022.545422][T20393] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1022.545438][T20393] R13: 00007f5af1816038 R14: 00007f5af1815fa0 R15: 00007fffdab688b8 [ 1022.545469][T20393] [ 1022.950316][T20404] netlink: 186 bytes leftover after parsing attributes in process `syz.1.4796'. [ 1023.260263][T20412] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4798'. [ 1023.580162][T20412] bond0: left allmulticast mode [ 1023.585675][T20412] bond_slave_0: left allmulticast mode [ 1023.591282][T20412] bond0: left promiscuous mode [ 1023.628735][T20412] bond_slave_0: left promiscuous mode [ 1023.658744][T20412] bridge0: port 3(bond0) entered disabled state [ 1023.700622][T20412] bridge_slave_1: left allmulticast mode [ 1023.730422][T20412] bridge_slave_1: left promiscuous mode [ 1023.766836][T20412] bridge0: port 2(bridge_slave_1) entered disabled state [ 1023.792189][T20417] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4799'. [ 1023.816963][T20412] bridge_slave_0: left allmulticast mode [ 1023.828250][T20412] bridge_slave_0: left promiscuous mode [ 1023.850835][T20412] bridge0: port 1(bridge_slave_0) entered disabled state [ 1024.091772][T20422] netlink: 334 bytes leftover after parsing attributes in process `syz.3.4800'. [ 1025.098947][T20442] ubi3: attaching mtd1 [ 1025.877433][T20450] netlink: 'syz.4.4808': attribute type 10 has an invalid length. [ 1025.948187][T20450] netlink: 'syz.4.4808': attribute type 13 has an invalid length. [ 1027.030493][T20473] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4815'. [ 1027.102402][T20473] netlink: 25 bytes leftover after parsing attributes in process `syz.4.4815'. [ 1028.982051][T20503] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4825'. [ 1029.040554][T20503] netlink: 354 bytes leftover after parsing attributes in process `syz.1.4825'. [ 1029.411168][T20504] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4822'. [ 1029.706430][T20504] hsr_slave_1 (unregistering): left promiscuous mode [ 1030.059089][T20509] Process accounting resumed [ 1030.301332][T20526] FAULT_INJECTION: forcing a failure. [ 1030.301332][T20526] name failslab, interval 1, probability 0, space 0, times 0 [ 1030.389541][T20526] CPU: 0 UID: 0 PID: 20526 Comm: syz.2.4832 Tainted: G L syzkaller #0 PREEMPT(full) [ 1030.389582][T20526] Tainted: [L]=SOFTLOCKUP [ 1030.389591][T20526] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1030.389608][T20526] Call Trace: [ 1030.389616][T20526] [ 1030.389625][T20526] dump_stack_lvl+0x100/0x190 [ 1030.389674][T20526] should_fail_ex.cold+0x5/0xa [ 1030.389705][T20526] should_failslab+0xc2/0x120 [ 1030.389732][T20526] __kmalloc_node_track_caller_noprof+0xe3/0x850 [ 1030.389775][T20526] ? kasprintf+0xc7/0x100 [ 1030.389805][T20526] ? do_dentry_open+0x6d8/0x1660 [ 1030.389829][T20526] ? vfs_open+0x82/0x3f0 [ 1030.389859][T20526] ? path_openat+0x208c/0x31a0 [ 1030.389889][T20526] kvasprintf+0xbc/0x150 [ 1030.389921][T20526] ? __pfx_kvasprintf+0x10/0x10 [ 1030.389964][T20526] kasprintf+0xc7/0x100 [ 1030.389995][T20526] ? __pfx_kasprintf+0x10/0x10 [ 1030.390029][T20526] ? rcu_is_watching+0x12/0xc0 [ 1030.390059][T20526] ? lockdep_init_map_type+0x5c/0x250 [ 1030.390107][T20526] drm_debugfs_clients_add+0x48/0x210 [ 1030.390162][T20526] drm_file_alloc+0x5c6/0xb40 [ 1030.390193][T20526] drm_open_helper+0x1fc/0x540 [ 1030.390224][T20526] drm_open+0x1a0/0x3e0 [ 1030.390251][T20526] ? __pfx_drm_open+0x10/0x10 [ 1030.390279][T20526] drm_stub_open+0x20f/0x380 [ 1030.390306][T20526] ? __pfx_drm_stub_open+0x10/0x10 [ 1030.390333][T20526] chrdev_open+0x234/0x6a0 [ 1030.390359][T20526] ? __pfx_apparmor_file_open+0x10/0x10 [ 1030.390390][T20526] ? __pfx_chrdev_open+0x10/0x10 [ 1030.390418][T20526] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 1030.390453][T20526] do_dentry_open+0x6d8/0x1660 [ 1030.390478][T20526] ? __pfx_chrdev_open+0x10/0x10 [ 1030.390512][T20526] vfs_open+0x82/0x3f0 [ 1030.390547][T20526] path_openat+0x208c/0x31a0 [ 1030.390584][T20526] ? __pfx_path_openat+0x10/0x10 [ 1030.390621][T20526] do_file_open+0x20e/0x430 [ 1030.390651][T20526] ? __pfx_do_file_open+0x10/0x10 [ 1030.390698][T20526] ? alloc_fd+0x476/0x790 [ 1030.390726][T20526] ? do_getname+0x191/0x390 [ 1030.390761][T20526] do_sys_openat2+0x10d/0x1e0 [ 1030.390795][T20526] ? __pfx_do_sys_openat2+0x10/0x10 [ 1030.390832][T20526] ? __fget_files+0x21f/0x3d0 [ 1030.390862][T20526] __x64_sys_openat+0x12d/0x210 [ 1030.390897][T20526] ? __pfx___x64_sys_openat+0x10/0x10 [ 1030.390937][T20526] ? rcu_is_watching+0x12/0xc0 [ 1030.390969][T20526] do_syscall_64+0x10b/0xf80 [ 1030.391008][T20526] ? clear_bhb_loop+0x40/0x90 [ 1030.391039][T20526] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1030.391065][T20526] RIP: 0033:0x7f4f29f9c819 [ 1030.391086][T20526] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1030.391112][T20526] RSP: 002b:00007f4f2ae14028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1030.391143][T20526] RAX: ffffffffffffffda RBX: 00007f4f2a216090 RCX: 00007f4f29f9c819 [ 1030.391160][T20526] RDX: 0000000000000000 RSI: 0000200000000140 RDI: ffffffffffffff9c [ 1030.391176][T20526] RBP: 00007f4f2a032c91 R08: 0000000000000000 R09: 0000000000000000 [ 1030.391192][T20526] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1030.391208][T20526] R13: 00007f4f2a216128 R14: 00007f4f2a216090 R15: 00007ffe27d13e88 [ 1030.391239][T20526] [ 1034.181704][ T5837] Bluetooth: hci4: unexpected subevent 0x18 length: 123 > 19 [ 1034.189475][ T5837] Bluetooth: hci4: Unable to find connection for dst f9:56:cc:cc:70:a9 sid 0x00 [ 1034.211457][T20571] binder: 20570:20571 ioctl c0306201 200000000000 returned -11 [ 1035.009904][T20572] Process accounting resumed [ 1038.557315][T20624] netlink: 'syz.3.4862': attribute type 10 has an invalid length. [ 1038.595795][T20624] netlink: 230 bytes leftover after parsing attributes in process `syz.3.4862'. [ 1038.887867][ C0] sd 0:0:1:0: [sda] tag#212 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s [ 1038.898419][ C0] sd 0:0:1:0: [sda] tag#212 CDB: Read(6) 08 00 00 00 09 00 00 00 00 00 00 00 [ 1051.302545][T20770] netlink: 'syz.2.4906': attribute type 15 has an invalid length. [ 1051.352567][T20770] netlink: 'syz.2.4906': attribute type 16 has an invalid length. [ 1051.390556][T20770] netlink: 194 bytes leftover after parsing attributes in process `syz.2.4906'. [ 1052.853078][T20793] netlink: 334 bytes leftover after parsing attributes in process `syz.1.4914'. [ 1054.486140][ T1306] ieee802154 phy0 wpan0: encryption failed: -22 [ 1054.492692][ T1306] ieee802154 phy1 wpan1: encryption failed: -22 [ 1055.057537][ T5837] Bluetooth: hci0: unexpected event for opcode 0x7c89 [ 1059.025533][ T5837] Bluetooth: hci4: unexpected event for opcode 0x7c89 [ 1059.970027][T20877] FAULT_INJECTION: forcing a failure. [ 1059.970027][T20877] name failslab, interval 1, probability 0, space 0, times 0 [ 1060.014577][T20877] CPU: 0 UID: 0 PID: 20877 Comm: syz.1.4942 Tainted: G L syzkaller #0 PREEMPT(full) [ 1060.014618][T20877] Tainted: [L]=SOFTLOCKUP [ 1060.014628][T20877] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1060.014643][T20877] Call Trace: [ 1060.014652][T20877] [ 1060.014662][T20877] dump_stack_lvl+0x100/0x190 [ 1060.014711][T20877] should_fail_ex.cold+0x5/0xa [ 1060.014742][T20877] should_failslab+0xc2/0x120 [ 1060.014769][T20877] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 1060.014808][T20877] ? alloc_inode+0x68/0x250 [ 1060.014859][T20877] ? simple_start_creating+0xb0/0x110 [ 1060.014885][T20877] ? __pfx_debugfs_alloc_inode+0x10/0x10 [ 1060.014923][T20877] alloc_inode+0x68/0x250 [ 1060.014957][T20877] new_inode+0x22/0x1c0 [ 1060.014999][T20877] debugfs_create_symlink+0xd1/0x220 [ 1060.015034][T20877] drm_debugfs_clients_add+0x199/0x210 [ 1060.015079][T20877] drm_file_alloc+0x5c6/0xb40 [ 1060.015111][T20877] drm_open_helper+0x1fc/0x540 [ 1060.015145][T20877] drm_open+0x1a0/0x3e0 [ 1060.015172][T20877] ? __pfx_drm_open+0x10/0x10 [ 1060.015198][T20877] drm_stub_open+0x20f/0x380 [ 1060.015225][T20877] ? __pfx_drm_stub_open+0x10/0x10 [ 1060.015252][T20877] chrdev_open+0x234/0x6a0 [ 1060.015279][T20877] ? __pfx_apparmor_file_open+0x10/0x10 [ 1060.015309][T20877] ? __pfx_chrdev_open+0x10/0x10 [ 1060.015338][T20877] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 1060.015373][T20877] do_dentry_open+0x6d8/0x1660 [ 1060.015398][T20877] ? __pfx_chrdev_open+0x10/0x10 [ 1060.015432][T20877] vfs_open+0x82/0x3f0 [ 1060.015468][T20877] path_openat+0x208c/0x31a0 [ 1060.015505][T20877] ? __pfx_path_openat+0x10/0x10 [ 1060.015542][T20877] do_file_open+0x20e/0x430 [ 1060.015572][T20877] ? __pfx_do_file_open+0x10/0x10 [ 1060.015619][T20877] ? alloc_fd+0x476/0x790 [ 1060.015648][T20877] ? do_getname+0x191/0x390 [ 1060.015683][T20877] do_sys_openat2+0x10d/0x1e0 [ 1060.015717][T20877] ? __pfx_do_sys_openat2+0x10/0x10 [ 1060.015754][T20877] ? __fget_files+0x21f/0x3d0 [ 1060.015785][T20877] __x64_sys_openat+0x12d/0x210 [ 1060.015820][T20877] ? __pfx___x64_sys_openat+0x10/0x10 [ 1060.015868][T20877] ? rcu_is_watching+0x12/0xc0 [ 1060.015905][T20877] do_syscall_64+0x10b/0xf80 [ 1060.015953][T20877] ? clear_bhb_loop+0x40/0x90 [ 1060.015990][T20877] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1060.016017][T20877] RIP: 0033:0x7f67a599c819 [ 1060.016038][T20877] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1060.016063][T20877] RSP: 002b:00007f67a6892028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1060.016087][T20877] RAX: ffffffffffffffda RBX: 00007f67a5c15fa0 RCX: 00007f67a599c819 [ 1060.016104][T20877] RDX: 0000000000028900 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 1060.016121][T20877] RBP: 00007f67a5a32c91 R08: 0000000000000000 R09: 0000000000000000 [ 1060.016137][T20877] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1060.016153][T20877] R13: 00007f67a5c16038 R14: 00007f67a5c15fa0 R15: 00007ffe02470e98 [ 1060.016185][T20877] [ 1060.017761][T20877] debugfs: out of free dentries, can not create symlink 'device' [ 1060.824525][T20882] Process accounting paused [ 1062.125446][T20908] FAULT_INJECTION: forcing a failure. [ 1062.125446][T20908] name failslab, interval 1, probability 0, space 0, times 0 [ 1062.219833][T20908] CPU: 0 UID: 0 PID: 20908 Comm: syz.3.4951 Tainted: G L syzkaller #0 PREEMPT(full) [ 1062.219873][T20908] Tainted: [L]=SOFTLOCKUP [ 1062.219882][T20908] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1062.219898][T20908] Call Trace: [ 1062.219907][T20908] [ 1062.219917][T20908] dump_stack_lvl+0x100/0x190 [ 1062.219966][T20908] should_fail_ex.cold+0x5/0xa [ 1062.219998][T20908] should_failslab+0xc2/0x120 [ 1062.220025][T20908] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1062.220063][T20908] ? refill_pi_state_cache+0x91/0x260 [ 1062.220100][T20908] refill_pi_state_cache+0x91/0x260 [ 1062.220132][T20908] futex_lock_pi+0x16d/0x7a0 [ 1062.220166][T20908] ? __pfx_futex_lock_pi+0x10/0x10 [ 1062.220232][T20908] ? __pfx_futex_wake_mark+0x10/0x10 [ 1062.220270][T20908] ? __get_user_nocheck_8+0x20/0x20 [ 1062.220304][T20908] ? do_vfs_ioctl+0x226/0x13e0 [ 1062.220345][T20908] do_futex+0x18a/0x350 [ 1062.220372][T20908] ? __pfx_do_futex+0x10/0x10 [ 1062.220400][T20908] ? find_held_lock+0x2b/0x80 [ 1062.220435][T20908] __x64_sys_futex+0x34f/0x4d0 [ 1062.220465][T20908] ? __pfx___x64_sys_futex+0x10/0x10 [ 1062.220497][T20908] ? rcu_is_watching+0x12/0xc0 [ 1062.220530][T20908] do_syscall_64+0x10b/0xf80 [ 1062.220570][T20908] ? clear_bhb_loop+0x40/0x90 [ 1062.220600][T20908] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1062.220626][T20908] RIP: 0033:0x7f5af159c819 [ 1062.220647][T20908] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1062.220672][T20908] RSP: 002b:00007f5af2410028 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1062.220696][T20908] RAX: ffffffffffffffda RBX: 00007f5af1816090 RCX: 00007f5af159c819 [ 1062.220714][T20908] RDX: 0000000000000008 RSI: 0000000000000006 RDI: 0000000000000000 [ 1062.220729][T20908] RBP: 00007f5af1632c91 R08: 0000000000000000 R09: 000000008000fff5 [ 1062.220746][T20908] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1062.220762][T20908] R13: 00007f5af1816128 R14: 00007f5af1816090 R15: 00007fffdab688b8 [ 1062.220797][T20908] [ 1065.230290][T20932] Process accounting paused [ 1065.499924][T20940] ubi0: attaching mtd0 [ 1065.536960][T20940] ubi0 error: ubi_add_to_av: two LEBs with same sequence number 2 [ 1065.583459][T20940] eraseblock attaching information dump: [ 1065.612358][T20940] ec 1 [ 1065.637458][T20940] pnum 1 [ 1065.651025][T20940] lnum 1 [ 1065.668915][T20940] scrub 0 [ 1065.705410][T20940] sqnum 2 [ 1065.738378][T20940] Volume identifier header dump: [ 1065.769660][T20940] magic 55424921 [ 1065.819130][T20940] version 1 [ 1065.857643][T20940] vol_type 1 [ 1065.921088][T20940] copy_flag 0 [ 1065.937354][T20940] compat 5 [ 1065.981149][T20940] vol_id 2147479551 [ 1066.034744][T20940] lnum 1 [ 1066.072274][T20940] data_size 0 [ 1066.113194][T20940] used_ebs 0 [ 1066.149516][T20940] data_pad 0 [ 1066.203089][T20940] sqnum 2 [ 1066.227069][T20940] hdr_crc 7beff9af [ 1066.257494][T20940] Volume identifier header hexdump: [ 1066.538898][T20940] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 1067.076167][T20968] FAULT_INJECTION: forcing a failure. [ 1067.076167][T20968] name failslab, interval 1, probability 0, space 0, times 0 [ 1067.200863][T20968] CPU: 0 UID: 0 PID: 20968 Comm: syz.2.4968 Tainted: G L syzkaller #0 PREEMPT(full) [ 1067.200905][T20968] Tainted: [L]=SOFTLOCKUP [ 1067.200914][T20968] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1067.200930][T20968] Call Trace: [ 1067.200938][T20968] [ 1067.200948][T20968] dump_stack_lvl+0x100/0x190 [ 1067.200997][T20968] should_fail_ex.cold+0x5/0xa [ 1067.201028][T20968] should_failslab+0xc2/0x120 [ 1067.201059][T20968] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1067.201093][T20968] ? refill_pi_state_cache+0x91/0x260 [ 1067.201130][T20968] refill_pi_state_cache+0x91/0x260 [ 1067.201162][T20968] futex_lock_pi+0x16d/0x7a0 [ 1067.201196][T20968] ? __pfx_futex_lock_pi+0x10/0x10 [ 1067.201231][T20968] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 1067.201292][T20968] ? __pfx_futex_wake_mark+0x10/0x10 [ 1067.201330][T20968] ? __get_user_nocheck_8+0x20/0x20 [ 1067.201363][T20968] ? do_vfs_ioctl+0x226/0x13e0 [ 1067.201405][T20968] do_futex+0x18a/0x350 [ 1067.201431][T20968] ? __pfx_do_futex+0x10/0x10 [ 1067.201464][T20968] ? find_held_lock+0x2b/0x80 [ 1067.201499][T20968] __x64_sys_futex+0x34f/0x4d0 [ 1067.201530][T20968] ? __pfx___x64_sys_futex+0x10/0x10 [ 1067.201563][T20968] ? rcu_is_watching+0x12/0xc0 [ 1067.201596][T20968] do_syscall_64+0x10b/0xf80 [ 1067.201634][T20968] ? clear_bhb_loop+0x40/0x90 [ 1067.201665][T20968] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1067.201691][T20968] RIP: 0033:0x7f4f29f9c819 [ 1067.201712][T20968] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1067.201737][T20968] RSP: 002b:00007f4f2ae14028 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1067.201761][T20968] RAX: ffffffffffffffda RBX: 00007f4f2a216090 RCX: 00007f4f29f9c819 [ 1067.201778][T20968] RDX: 0000000000000008 RSI: 0000000000000006 RDI: 0000000000000000 [ 1067.201794][T20968] RBP: 00007f4f2a032c91 R08: 0000000000000000 R09: 000000008000fff5 [ 1067.201810][T20968] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1067.201825][T20968] R13: 00007f4f2a216128 R14: 00007f4f2a216090 R15: 00007ffe27d13e88 [ 1067.201857][T20968] [ 1072.328553][T21014] netlink: 'syz.3.4975': attribute type 10 has an invalid length. [ 1072.359348][T21014] netlink: 'syz.3.4975': attribute type 13 has an invalid length. [ 1074.926634][ T5837] Bluetooth: hci1: unexpected event for opcode 0x7c89 [ 1077.738648][T21087] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4990'. [ 1079.009760][ T5837] Bluetooth: hci1: unexpected event for opcode 0x7c89 [ 1080.516544][T21113] FAULT_INJECTION: forcing a failure. [ 1080.516544][T21113] name failslab, interval 1, probability 0, space 0, times 0 [ 1080.590817][T21113] CPU: 0 UID: 0 PID: 21113 Comm: syz.1.5000 Tainted: G L syzkaller #0 PREEMPT(full) [ 1080.590860][T21113] Tainted: [L]=SOFTLOCKUP [ 1080.590869][T21113] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1080.590885][T21113] Call Trace: [ 1080.590893][T21113] [ 1080.590903][T21113] dump_stack_lvl+0x100/0x190 [ 1080.590987][T21113] should_fail_ex.cold+0x5/0xa [ 1080.591020][T21113] should_failslab+0xc2/0x120 [ 1080.591048][T21113] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 1080.591086][T21113] ? security_inode_alloc+0x3b/0x2c0 [ 1080.591118][T21113] ? lockdep_init_map_type+0x5c/0x250 [ 1080.591164][T21113] security_inode_alloc+0x3b/0x2c0 [ 1080.591195][T21113] inode_init_always_gfp+0xcc0/0x1000 [ 1080.591227][T21113] alloc_inode+0x8e/0x250 [ 1080.591261][T21113] alloc_anon_inode+0x2a/0x3e0 [ 1080.591291][T21113] ioctx_alloc+0x4dc/0x21a0 [ 1080.591331][T21113] ? find_held_lock+0x2b/0x80 [ 1080.591363][T21113] ? __pfx_ioctx_alloc+0x10/0x10 [ 1080.591401][T21113] __x64_sys_io_setup+0xc9/0x220 [ 1080.591435][T21113] do_syscall_64+0x10b/0xf80 [ 1080.591473][T21113] ? clear_bhb_loop+0x40/0x90 [ 1080.591511][T21113] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1080.591537][T21113] RIP: 0033:0x7f67a599c819 [ 1080.591559][T21113] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1080.591584][T21113] RSP: 002b:00007f67a6892028 EFLAGS: 00000246 ORIG_RAX: 00000000000000ce [ 1080.591607][T21113] RAX: ffffffffffffffda RBX: 00007f67a5c15fa0 RCX: 00007f67a599c819 [ 1080.591625][T21113] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000007ffe [ 1080.591641][T21113] RBP: 00007f67a5a32c91 R08: 0000000000000000 R09: 0000000000000000 [ 1080.591657][T21113] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1080.591671][T21113] R13: 00007f67a5c16038 R14: 00007f67a5c15fa0 R15: 00007ffe02470e98 [ 1080.591703][T21113] [ 1085.706042][ T5837] Bluetooth: hci4: unexpected event for opcode 0x7c89 [ 1087.307532][T21200] FAULT_INJECTION: forcing a failure. [ 1087.307532][T21200] name failslab, interval 1, probability 0, space 0, times 0 [ 1087.450206][T21200] CPU: 0 UID: 0 PID: 21200 Comm: syz.3.5016 Tainted: G L syzkaller #0 PREEMPT(full) [ 1087.450248][T21200] Tainted: [L]=SOFTLOCKUP [ 1087.450258][T21200] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1087.450274][T21200] Call Trace: [ 1087.450282][T21200] [ 1087.450292][T21200] dump_stack_lvl+0x100/0x190 [ 1087.450341][T21200] should_fail_ex.cold+0x5/0xa [ 1087.450377][T21200] should_failslab+0xc2/0x120 [ 1087.450405][T21200] __kmalloc_node_track_caller_noprof+0xe3/0x850 [ 1087.450447][T21200] ? kasprintf+0xc7/0x100 [ 1087.450477][T21200] ? do_dentry_open+0x6d8/0x1660 [ 1087.450502][T21200] ? vfs_open+0x82/0x3f0 [ 1087.450531][T21200] ? path_openat+0x208c/0x31a0 [ 1087.450562][T21200] kvasprintf+0xbc/0x150 [ 1087.450593][T21200] ? __pfx_kvasprintf+0x10/0x10 [ 1087.450636][T21200] kasprintf+0xc7/0x100 [ 1087.450667][T21200] ? __pfx_kasprintf+0x10/0x10 [ 1087.450701][T21200] ? rcu_is_watching+0x12/0xc0 [ 1087.450731][T21200] ? lockdep_init_map_type+0x5c/0x250 [ 1087.450779][T21200] drm_debugfs_clients_add+0x48/0x210 [ 1087.450823][T21200] drm_file_alloc+0x5c6/0xb40 [ 1087.450854][T21200] drm_open_helper+0x1fc/0x540 [ 1087.450885][T21200] drm_open+0x1a0/0x3e0 [ 1087.450911][T21200] ? __pfx_drm_open+0x10/0x10 [ 1087.450937][T21200] drm_stub_open+0x20f/0x380 [ 1087.450973][T21200] ? __pfx_drm_stub_open+0x10/0x10 [ 1087.451000][T21200] chrdev_open+0x234/0x6a0 [ 1087.451026][T21200] ? __pfx_apparmor_file_open+0x10/0x10 [ 1087.451057][T21200] ? __pfx_chrdev_open+0x10/0x10 [ 1087.451086][T21200] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 1087.451121][T21200] do_dentry_open+0x6d8/0x1660 [ 1087.451145][T21200] ? __pfx_chrdev_open+0x10/0x10 [ 1087.451179][T21200] vfs_open+0x82/0x3f0 [ 1087.451214][T21200] path_openat+0x208c/0x31a0 [ 1087.451250][T21200] ? __pfx_path_openat+0x10/0x10 [ 1087.451288][T21200] do_file_open+0x20e/0x430 [ 1087.451317][T21200] ? __pfx_do_file_open+0x10/0x10 [ 1087.451364][T21200] ? alloc_fd+0x476/0x790 [ 1087.451391][T21200] ? do_getname+0x191/0x390 [ 1087.451426][T21200] do_sys_openat2+0x10d/0x1e0 [ 1087.451461][T21200] ? __pfx_do_sys_openat2+0x10/0x10 [ 1087.451497][T21200] ? __fget_files+0x21f/0x3d0 [ 1087.451527][T21200] __x64_sys_openat+0x12d/0x210 [ 1087.451562][T21200] ? __pfx___x64_sys_openat+0x10/0x10 [ 1087.451603][T21200] ? rcu_is_watching+0x12/0xc0 [ 1087.451635][T21200] do_syscall_64+0x10b/0xf80 [ 1087.451673][T21200] ? clear_bhb_loop+0x40/0x90 [ 1087.451704][T21200] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1087.451730][T21200] RIP: 0033:0x7f5af159c819 [ 1087.451751][T21200] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1087.451776][T21200] RSP: 002b:00007f5af2410028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1087.451801][T21200] RAX: ffffffffffffffda RBX: 00007f5af1816090 RCX: 00007f5af159c819 [ 1087.451818][T21200] RDX: 0000000000000000 RSI: 0000200000000140 RDI: ffffffffffffff9c [ 1087.451834][T21200] RBP: 00007f5af1632c91 R08: 0000000000000000 R09: 0000000000000000 [ 1087.451851][T21200] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1087.451866][T21200] R13: 00007f5af1816128 R14: 00007f5af1816090 R15: 00007fffdab688b8 [ 1087.451898][T21200] [ 1091.595928][T21257] FAULT_INJECTION: forcing a failure. [ 1091.595928][T21257] name failslab, interval 1, probability 0, space 0, times 0 [ 1091.732277][T21257] CPU: 0 UID: 0 PID: 21257 Comm: syz.1.5034 Tainted: G L syzkaller #0 PREEMPT(full) [ 1091.732317][T21257] Tainted: [L]=SOFTLOCKUP [ 1091.732327][T21257] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1091.732342][T21257] Call Trace: [ 1091.732351][T21257] [ 1091.732361][T21257] dump_stack_lvl+0x100/0x190 [ 1091.732409][T21257] should_fail_ex.cold+0x5/0xa [ 1091.732442][T21257] should_failslab+0xc2/0x120 [ 1091.732468][T21257] __kmalloc_node_track_caller_noprof+0xe3/0x850 [ 1091.732527][T21257] ? kasprintf+0xc7/0x100 [ 1091.732558][T21257] ? do_dentry_open+0x6d8/0x1660 [ 1091.732583][T21257] ? vfs_open+0x82/0x3f0 [ 1091.732612][T21257] ? path_openat+0x208c/0x31a0 [ 1091.732643][T21257] kvasprintf+0xbc/0x150 [ 1091.732675][T21257] ? __pfx_kvasprintf+0x10/0x10 [ 1091.732718][T21257] kasprintf+0xc7/0x100 [ 1091.732754][T21257] ? __pfx_kasprintf+0x10/0x10 [ 1091.732788][T21257] ? rcu_is_watching+0x12/0xc0 [ 1091.732819][T21257] ? lockdep_init_map_type+0x5c/0x250 [ 1091.732870][T21257] drm_debugfs_clients_add+0x48/0x210 [ 1091.732914][T21257] drm_file_alloc+0x5c6/0xb40 [ 1091.732945][T21257] drm_open_helper+0x1fc/0x540 [ 1091.732976][T21257] drm_open+0x1a0/0x3e0 [ 1091.733002][T21257] ? __pfx_drm_open+0x10/0x10 [ 1091.733029][T21257] drm_stub_open+0x20f/0x380 [ 1091.733056][T21257] ? __pfx_drm_stub_open+0x10/0x10 [ 1091.733083][T21257] chrdev_open+0x234/0x6a0 [ 1091.733109][T21257] ? __pfx_apparmor_file_open+0x10/0x10 [ 1091.733139][T21257] ? __pfx_chrdev_open+0x10/0x10 [ 1091.733168][T21257] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 1091.733203][T21257] do_dentry_open+0x6d8/0x1660 [ 1091.733228][T21257] ? __pfx_chrdev_open+0x10/0x10 [ 1091.733262][T21257] vfs_open+0x82/0x3f0 [ 1091.733297][T21257] path_openat+0x208c/0x31a0 [ 1091.733333][T21257] ? __pfx_path_openat+0x10/0x10 [ 1091.733371][T21257] do_file_open+0x20e/0x430 [ 1091.733400][T21257] ? __pfx_do_file_open+0x10/0x10 [ 1091.733447][T21257] ? alloc_fd+0x476/0x790 [ 1091.733475][T21257] ? do_getname+0x191/0x390 [ 1091.733510][T21257] do_sys_openat2+0x10d/0x1e0 [ 1091.733544][T21257] ? __pfx_do_sys_openat2+0x10/0x10 [ 1091.733581][T21257] ? __fget_files+0x21f/0x3d0 [ 1091.733612][T21257] __x64_sys_openat+0x12d/0x210 [ 1091.733647][T21257] ? __pfx___x64_sys_openat+0x10/0x10 [ 1091.733687][T21257] ? rcu_is_watching+0x12/0xc0 [ 1091.733719][T21257] do_syscall_64+0x10b/0xf80 [ 1091.733764][T21257] ? clear_bhb_loop+0x40/0x90 [ 1091.733795][T21257] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1091.733822][T21257] RIP: 0033:0x7f67a599c819 [ 1091.733842][T21257] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1091.733868][T21257] RSP: 002b:00007f67a6871028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1091.733892][T21257] RAX: ffffffffffffffda RBX: 00007f67a5c16090 RCX: 00007f67a599c819 [ 1091.733910][T21257] RDX: 0000000000000000 RSI: 0000200000000140 RDI: ffffffffffffff9c [ 1091.733926][T21257] RBP: 00007f67a5a32c91 R08: 0000000000000000 R09: 0000000000000000 [ 1091.733942][T21257] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1091.733958][T21257] R13: 00007f67a5c16128 R14: 00007f67a5c16090 R15: 00007ffe02470e98 [ 1091.733989][T21257] [ 1092.497917][T21247] Process accounting resumed [ 1094.207756][T21288] FAULT_INJECTION: forcing a failure. [ 1094.207756][T21288] name failslab, interval 1, probability 0, space 0, times 0 [ 1094.266407][T21288] CPU: 0 UID: 0 PID: 21288 Comm: syz.2.5051 Tainted: G L syzkaller #0 PREEMPT(full) [ 1094.266449][T21288] Tainted: [L]=SOFTLOCKUP [ 1094.266458][T21288] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1094.266490][T21288] Call Trace: [ 1094.266499][T21288] [ 1094.266508][T21288] dump_stack_lvl+0x100/0x190 [ 1094.266557][T21288] should_fail_ex.cold+0x5/0xa [ 1094.266590][T21288] should_failslab+0xc2/0x120 [ 1094.266621][T21288] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 1094.266661][T21288] ? __d_alloc+0x34/0xa80 [ 1094.266696][T21288] __d_alloc+0x34/0xa80 [ 1094.266728][T21288] d_alloc+0x4a/0x1e0 [ 1094.266758][T21288] lookup_one_qstr_excl+0x171/0x250 [ 1094.266795][T21288] start_dirop+0x59/0xb0 [ 1094.266820][T21288] simple_start_creating+0xf9/0x110 [ 1094.266845][T21288] ? __pfx_simple_start_creating+0x10/0x10 [ 1094.266872][T21288] ? mntput+0x70/0xa0 [ 1094.266910][T21288] ? simple_pin_fs+0xa3/0x190 [ 1094.266951][T21288] debugfs_start_creating.part.0+0x82/0x170 [ 1094.266984][T21288] debugfs_create_dir+0x72/0x440 [ 1094.267017][T21288] drm_debugfs_clients_add+0x6f/0x210 [ 1094.267062][T21288] drm_file_alloc+0x5c6/0xb40 [ 1094.267093][T21288] drm_open_helper+0x1fc/0x540 [ 1094.267124][T21288] drm_open+0x1a0/0x3e0 [ 1094.267151][T21288] ? __pfx_drm_open+0x10/0x10 [ 1094.267177][T21288] drm_stub_open+0x20f/0x380 [ 1094.267205][T21288] ? __pfx_drm_stub_open+0x10/0x10 [ 1094.267232][T21288] chrdev_open+0x234/0x6a0 [ 1094.267258][T21288] ? __pfx_apparmor_file_open+0x10/0x10 [ 1094.267294][T21288] ? __pfx_chrdev_open+0x10/0x10 [ 1094.267323][T21288] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 1094.267359][T21288] do_dentry_open+0x6d8/0x1660 [ 1094.267384][T21288] ? __pfx_chrdev_open+0x10/0x10 [ 1094.267419][T21288] vfs_open+0x82/0x3f0 [ 1094.267455][T21288] path_openat+0x208c/0x31a0 [ 1094.267496][T21288] ? __pfx_path_openat+0x10/0x10 [ 1094.267534][T21288] do_file_open+0x20e/0x430 [ 1094.267564][T21288] ? __pfx_do_file_open+0x10/0x10 [ 1094.267612][T21288] ? alloc_fd+0x476/0x790 [ 1094.267640][T21288] ? do_getname+0x191/0x390 [ 1094.267676][T21288] do_sys_openat2+0x10d/0x1e0 [ 1094.267711][T21288] ? __pfx_do_sys_openat2+0x10/0x10 [ 1094.267747][T21288] ? __fget_files+0x21f/0x3d0 [ 1094.267778][T21288] __x64_sys_openat+0x12d/0x210 [ 1094.267813][T21288] ? __pfx___x64_sys_openat+0x10/0x10 [ 1094.267854][T21288] ? rcu_is_watching+0x12/0xc0 [ 1094.267887][T21288] do_syscall_64+0x10b/0xf80 [ 1094.267925][T21288] ? clear_bhb_loop+0x40/0x90 [ 1094.267956][T21288] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1094.267982][T21288] RIP: 0033:0x7f4f29f9c819 [ 1094.268003][T21288] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1094.268028][T21288] RSP: 002b:00007f4f2ae14028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1094.268052][T21288] RAX: ffffffffffffffda RBX: 00007f4f2a216090 RCX: 00007f4f29f9c819 [ 1094.268070][T21288] RDX: 0000000000000000 RSI: 0000200000000140 RDI: ffffffffffffff9c [ 1094.268087][T21288] RBP: 00007f4f2a032c91 R08: 0000000000000000 R09: 0000000000000000 [ 1094.268103][T21288] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1094.268118][T21288] R13: 00007f4f2a216128 R14: 00007f4f2a216090 R15: 00007ffe27d13e88 [ 1094.268150][T21288] [ 1095.659512][T21303] Process accounting resumed [ 1095.900782][T21308] netlink: 306 bytes leftover after parsing attributes in process `syz.3.5044'. [ 1104.384750][T21407] netlink: 54 bytes leftover after parsing attributes in process `syz.4.5072'. [ 1109.533109][T21465] netlink: 54 bytes leftover after parsing attributes in process `syz.2.5096'. [ 1110.909007][T21495] vcan0: tx drop: invalid sa for name 0x00000000000000fd [ 1113.856967][T21536] vcan0: tx drop: invalid sa for name 0x00000000000000fd [ 1114.182192][ T5837] Bluetooth: hci1: unexpected subevent 0x01 length: 3 < 18 [ 1115.925849][ T1306] ieee802154 phy0 wpan0: encryption failed: -22 [ 1115.935598][ T1306] ieee802154 phy1 wpan1: encryption failed: -22 [ 1117.355580][T21576] netlink: 342 bytes leftover after parsing attributes in process `syz.1.5129'. [ 1118.359575][ T5837] Bluetooth: hci4: unexpected subevent 0x01 length: 3 < 18 [ 1123.572692][T21651] Process accounting paused [ 1126.257971][T21692] FAULT_INJECTION: forcing a failure. [ 1126.257971][T21692] name failslab, interval 1, probability 0, space 0, times 0 [ 1126.371794][T21692] CPU: 0 UID: 0 PID: 21692 Comm: syz.4.5158 Tainted: G L syzkaller #0 PREEMPT(full) [ 1126.371836][T21692] Tainted: [L]=SOFTLOCKUP [ 1126.371846][T21692] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1126.371862][T21692] Call Trace: [ 1126.371871][T21692] [ 1126.371881][T21692] dump_stack_lvl+0x100/0x190 [ 1126.371930][T21692] should_fail_ex.cold+0x5/0xa [ 1126.371965][T21692] ? quirks_param_set+0x209/0x770 [ 1126.371994][T21692] should_failslab+0xc2/0x120 [ 1126.372021][T21692] __kmalloc_noprof+0xe0/0x850 [ 1126.372059][T21692] ? kfree+0x223/0x6c0 [ 1126.372096][T21692] quirks_param_set+0x209/0x770 [ 1126.372127][T21692] ? __pfx_quirks_param_set+0x10/0x10 [ 1126.372176][T21692] param_attr_store+0x199/0x300 [ 1126.372210][T21692] ? __pfx_param_attr_store+0x10/0x10 [ 1126.372240][T21692] module_attr_store+0x58/0x80 [ 1126.372266][T21692] ? __pfx_module_attr_store+0x10/0x10 [ 1126.372292][T21692] sysfs_kf_write+0xf2/0x150 [ 1126.372331][T21692] kernfs_fop_write_iter+0x3e0/0x5f0 [ 1126.372361][T21692] ? __pfx_sysfs_kf_write+0x10/0x10 [ 1126.372400][T21692] vfs_write+0x6ac/0x1070 [ 1126.372425][T21692] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 1126.372460][T21692] ? __pfx_vfs_write+0x10/0x10 [ 1126.372502][T21692] ksys_write+0x12a/0x250 [ 1126.372525][T21692] ? __pfx_ksys_write+0x10/0x10 [ 1126.372552][T21692] ? rcu_is_watching+0x12/0xc0 [ 1126.372585][T21692] do_syscall_64+0x10b/0xf80 [ 1126.372623][T21692] ? clear_bhb_loop+0x40/0x90 [ 1126.372654][T21692] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1126.372680][T21692] RIP: 0033:0x7f6f5099c819 [ 1126.372702][T21692] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1126.372734][T21692] RSP: 002b:00007f6f51801028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1126.372758][T21692] RAX: ffffffffffffffda RBX: 00007f6f50c16090 RCX: 00007f6f5099c819 [ 1126.372776][T21692] RDX: 0000000000000007 RSI: 0000200000000040 RDI: 0000000000000007 [ 1126.372793][T21692] RBP: 00007f6f50a32c91 R08: 0000000000000000 R09: 0000000000000000 [ 1126.372808][T21692] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1126.372823][T21692] R13: 00007f6f50c16128 R14: 00007f6f50c16090 R15: 00007ffcd078a2a8 [ 1126.372856][T21692] [ 1126.924851][ T5837] Bluetooth: hci0: unexpected subevent 0x01 length: 3 < 18 [ 1128.358406][T21680] Process accounting paused [ 1133.658339][T21760] netlink: 28 bytes leftover after parsing attributes in process `syz.1.5175'. [ 1133.719894][T21760] bridge_slave_1: left allmulticast mode [ 1133.727632][T21758] netlink: 138 bytes leftover after parsing attributes in process `syz.2.5168'. [ 1133.742981][T21760] bridge_slave_1: left promiscuous mode [ 1133.756757][T21760] bridge0: port 2(bridge_slave_1) entered disabled state [ 1133.788553][T21760] bridge_slave_0: left allmulticast mode [ 1133.804247][T21760] bridge_slave_0: left promiscuous mode [ 1133.814488][T21760] bridge0: port 1(bridge_slave_0) entered disabled state [ 1138.280311][T21800] netlink: 138 bytes leftover after parsing attributes in process `syz.3.5180'. [ 1138.895574][T21810] netlink: 28 bytes leftover after parsing attributes in process `syz.3.5184'. [ 1138.936554][T21810] veth0_to_bridge: left allmulticast mode [ 1138.962752][T21810] veth0_to_bridge: left promiscuous mode [ 1138.986299][T21810] bridge0: port 2(veth0_to_bridge) entered disabled state [ 1139.019661][T21810] bridge_slave_0: left allmulticast mode [ 1139.038982][T21810] bridge_slave_0: left promiscuous mode [ 1139.056188][T21810] bridge0: port 1(bridge_slave_0) entered disabled state [ 1140.128258][T21827] netlink: 334 bytes leftover after parsing attributes in process `syz.4.5186'. [ 1144.259885][T21859] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5196'. [ 1150.766343][T21929] ubi3: attaching mtd1 [ 1154.039460][T21969] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78000 [ 1154.100496][T21969] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 1154.149872][T21969] memcg:ffff888078007ea9 [ 1154.200453][T21969] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 1154.228524][T21969] page_type: f5(slab) [ 1154.250083][T21969] raw: 00fff00000000040 ffff88801daf8000 dead000000000100 dead000000000122 [ 1154.294283][T21969] raw: 0000000000000000 0000000800150015 00000000f5000000 ffff888078007ea9 [ 1154.310329][T21962] Process accounting resumed [ 1154.348645][T21969] head: 00fff00000000040 ffff88801daf8000 dead000000000100 dead000000000122 [ 1154.410888][T21969] head: 0000000000000000 0000000800150015 00000000f5000000 ffff888078007ea9 [ 1154.451218][T21969] head: 00fff00000000003 fffffffffffffe01 00000000ffffffff 00000000ffffffff [ 1154.501451][T21969] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 1154.521832][T21977] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5226'. [ 1154.535977][T21969] page dumped because: unmovable page [ 1154.547749][T21969] page_owner tracks the page as allocated [ 1154.573420][T21969] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5842, tgid 5842 (udevd), ts 109519091273, free_ts 109397213270 [ 1154.640853][T21969] post_alloc_hook+0x153/0x170 [ 1154.661827][T21969] get_page_from_freelist+0x11a6/0x33b0 [ 1154.680857][T21969] __alloc_frozen_pages_noprof+0x27c/0x2bc0 [ 1154.694836][T21969] new_slab+0xa6/0x6c0 [ 1154.711906][T21969] refill_objects+0x277/0x420 [ 1154.725093][T21969] __pcs_replace_empty_main+0x375/0x650 [ 1154.739095][T21969] kmem_cache_alloc_lru_noprof+0x485/0x6e0 [ 1154.749214][T21969] shmem_alloc_inode+0x25/0x50 [ 1154.761763][T21969] alloc_inode+0x68/0x250 [ 1154.773147][T21969] new_inode+0x22/0x1c0 [ 1154.781308][T21969] shmem_get_inode+0x1e3/0xfb0 [ 1154.791649][T21969] shmem_symlink+0x11f/0xa00 [ 1154.801758][T21969] vfs_symlink+0x178/0x4d0 [ 1154.811021][T21969] filename_symlinkat+0x2a6/0x560 [ 1154.822214][T21969] __x64_sys_symlink+0x79/0xb0 [ 1154.834363][T21969] do_syscall_64+0x10b/0xf80 [ 1154.843318][T21969] page last free pid 5835 tgid 5835 stack trace: [ 1154.859587][T21969] __free_frozen_pages+0x747/0x1040 [ 1154.872180][T21969] qlist_free_all+0x47/0xf0 [ 1154.886162][T21969] kasan_quarantine_reduce+0x1a0/0x1f0 [ 1154.898218][T21969] __kasan_slab_alloc+0x69/0x90 [ 1154.908053][T21969] __kmalloc_noprof+0x2b9/0x850 [ 1154.917810][T21969] tomoyo_realpath_from_path+0xb6/0x690 [ 1154.930325][T21969] tomoyo_path_perm+0x276/0x460 [ 1154.942955][T21969] security_inode_getattr+0x116/0x280 [ 1154.954887][T21969] vfs_statx+0x11f/0x3f0 [ 1154.965006][T21969] vfs_fstatat+0x77/0xe0 [ 1154.977279][T21969] __do_sys_newfstatat+0x9d/0x120 [ 1154.988881][T21969] do_syscall_64+0x10b/0xf80 [ 1154.997617][T21969] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1155.372171][T21983] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5235'. [ 1155.946622][T21995] netlink: 252 bytes leftover after parsing attributes in process `syz.2.5231'. [ 1155.991934][T21995] netlink: 252 bytes leftover after parsing attributes in process `syz.2.5231'. [ 1158.756977][T22018] Process accounting resumed [ 1159.656116][T22040] ubi3: attaching mtd1 [ 1159.938616][T22037] FAULT_INJECTION: forcing a failure. [ 1159.938616][T22037] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1160.006779][T22037] CPU: 0 UID: 0 PID: 22037 Comm: syz.1.5243 Tainted: G L syzkaller #0 PREEMPT(full) [ 1160.006822][T22037] Tainted: [L]=SOFTLOCKUP [ 1160.006832][T22037] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1160.006848][T22037] Call Trace: [ 1160.006857][T22037] [ 1160.006866][T22037] dump_stack_lvl+0x100/0x190 [ 1160.006915][T22037] should_fail_ex.cold+0x5/0xa [ 1160.006942][T22037] ? prepare_alloc_pages+0x16d/0x5f0 [ 1160.006975][T22037] should_fail_alloc_page+0xeb/0x140 [ 1160.007004][T22037] prepare_alloc_pages+0x1f0/0x5f0 [ 1160.007039][T22037] __alloc_frozen_pages_noprof+0x19a/0x2bc0 [ 1160.007085][T22037] ? rcu_is_watching+0x12/0xc0 [ 1160.007114][T22037] ? trace_mm_page_alloc+0x163/0x1d0 [ 1160.007144][T22037] ? __alloc_frozen_pages_noprof+0x2b1/0x2bc0 [ 1160.007186][T22037] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 1160.007232][T22037] ? find_held_lock+0x2b/0x80 [ 1160.007262][T22037] ? is_bpf_text_address+0x8a/0x1a0 [ 1160.007296][T22037] ? is_bpf_text_address+0x8a/0x1a0 [ 1160.007331][T22037] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 1160.007371][T22037] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 1160.007407][T22037] ? is_bpf_text_address+0x94/0x1a0 [ 1160.007440][T22037] ? kernel_text_address+0x8d/0x100 [ 1160.007466][T22037] ? __kernel_text_address+0xd/0x30 [ 1160.007490][T22037] ? unwind_get_return_address+0x59/0xa0 [ 1160.007531][T22037] alloc_pages_bulk_noprof+0x657/0x1390 [ 1160.007598][T22037] ? policy_nodemask+0xed/0x4f0 [ 1160.007627][T22037] ? __pfx_alloc_pages_bulk_noprof+0x10/0x10 [ 1160.007671][T22037] ? kasan_save_stack+0x30/0x50 [ 1160.007728][T22037] __kasan_populate_vmalloc+0xf0/0x210 [ 1160.007774][T22037] alloc_vmap_area+0x95d/0x2b70 [ 1160.007813][T22037] ? __pfx_alloc_vmap_area+0x10/0x10 [ 1160.007847][T22037] __get_vm_area_node+0x1ca/0x330 [ 1160.007907][T22037] ? ringbuf_map_alloc+0x3a1/0x8b0 [ 1160.007949][T22037] get_vm_area_caller+0x71/0xa0 [ 1160.007977][T22037] ? ringbuf_map_alloc+0x3a1/0x8b0 [ 1160.008032][T22037] vmap+0x131/0x2f0 [ 1160.008069][T22037] ? __pfx_vmap+0x10/0x10 [ 1160.008104][T22037] ringbuf_map_alloc+0x3a1/0x8b0 [ 1160.008151][T22037] ? __pfx_ringbuf_map_mem_usage+0x10/0x10 [ 1160.008192][T22037] map_create+0x84e/0x2ba0 [ 1160.008227][T22037] ? futex_unqueue+0x13d/0x2c0 [ 1160.008252][T22037] ? __futex_wait+0x256/0x300 [ 1160.008290][T22037] ? __pfx_map_create+0x10/0x10 [ 1160.008325][T22037] ? __might_fault+0xc5/0x140 [ 1160.008361][T22037] ? __might_fault+0xc5/0x140 [ 1160.008409][T22037] __sys_bpf+0x2091/0x4b90 [ 1160.008436][T22037] ? __pfx___sys_bpf+0x10/0x10 [ 1160.008459][T22037] ? __pfx_futex_wait+0x10/0x10 [ 1160.008498][T22037] ? errseq_sample+0x51/0x70 [ 1160.008528][T22037] ? file_init_path+0x48e/0x670 [ 1160.008563][T22037] ? do_futex+0x192/0x350 [ 1160.008604][T22037] ? xfd_validate_state+0x129/0x190 [ 1160.008637][T22037] __x64_sys_bpf+0x7b/0xc0 [ 1160.008660][T22037] ? lockdep_hardirqs_on+0x78/0x100 [ 1160.008700][T22037] do_syscall_64+0x10b/0xf80 [ 1160.008744][T22037] ? clear_bhb_loop+0x40/0x90 [ 1160.008775][T22037] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1160.008802][T22037] RIP: 0033:0x7f67a599c819 [ 1160.008824][T22037] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1160.008850][T22037] RSP: 002b:00007f67a6892028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 1160.008874][T22037] RAX: ffffffffffffffda RBX: 00007f67a5c15fa0 RCX: 00007f67a599c819 [ 1160.008892][T22037] RDX: 0000000000000010 RSI: 00002000000000c0 RDI: 0000000000000000 [ 1160.008908][T22037] RBP: 00007f67a5a32c91 R08: 0000000000000000 R09: 0000000000000000 [ 1160.008924][T22037] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1160.008939][T22037] R13: 00007f67a5c16038 R14: 00007f67a5c15fa0 R15: 00007ffe02470e98 [ 1160.008971][T22037] [ 1160.839515][T22046] Page cache invalidation failure on direct I/O. Possible data corruption due to collision with buffered I/O! [ 1160.891248][T22046] File: /dev/nullb0 PID: 22046 Comm: syz.3.5246 [ 1162.281118][T22062] netlink: 346 bytes leftover after parsing attributes in process `syz.4.5251'. [ 1163.564079][T22083] FAULT_INJECTION: forcing a failure. [ 1163.564079][T22083] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1163.613650][T22083] CPU: 0 UID: 0 PID: 22083 Comm: syz.2.5257 Tainted: G L syzkaller #0 PREEMPT(full) [ 1163.613691][T22083] Tainted: [L]=SOFTLOCKUP [ 1163.613700][T22083] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1163.613715][T22083] Call Trace: [ 1163.613724][T22083] [ 1163.613734][T22083] dump_stack_lvl+0x100/0x190 [ 1163.613784][T22083] should_fail_ex.cold+0x5/0xa [ 1163.613812][T22083] ? prepare_alloc_pages+0x16d/0x5f0 [ 1163.613844][T22083] should_fail_alloc_page+0xeb/0x140 [ 1163.613873][T22083] prepare_alloc_pages+0x1f0/0x5f0 [ 1163.613908][T22083] __alloc_frozen_pages_noprof+0x19a/0x2bc0 [ 1163.613955][T22083] ? rcu_is_watching+0x12/0xc0 [ 1163.613984][T22083] ? trace_mm_page_alloc+0x163/0x1d0 [ 1163.614014][T22083] ? __alloc_frozen_pages_noprof+0x2b1/0x2bc0 [ 1163.614056][T22083] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 1163.614100][T22083] ? __pfx_stack_trace_save+0x10/0x10 [ 1163.614135][T22083] ? stack_depot_save_flags+0x27/0x9d0 [ 1163.614171][T22083] ? is_bpf_text_address+0x8a/0x1a0 [ 1163.614209][T22083] ? is_bpf_text_address+0x8a/0x1a0 [ 1163.614244][T22083] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 1163.614284][T22083] ? kasan_save_stack+0x3f/0x50 [ 1163.614323][T22083] ? kasan_save_stack+0x30/0x50 [ 1163.614361][T22083] ? kasan_save_track+0x14/0x30 [ 1163.614401][T22083] ? kmem_cache_alloc_node_noprof+0x25a/0x6f0 [ 1163.614447][T22083] ? __get_vm_area_node+0x1ca/0x330 [ 1163.614475][T22083] ? get_vm_area_caller+0x71/0xa0 [ 1163.614502][T22083] ? vmap+0x131/0x2f0 [ 1163.614527][T22083] ? ringbuf_map_alloc+0x3a1/0x8b0 [ 1163.614567][T22083] ? map_create+0x84e/0x2ba0 [ 1163.614601][T22083] ? __sys_bpf+0x2091/0x4b90 [ 1163.614622][T22083] ? __x64_sys_bpf+0x7b/0xc0 [ 1163.614644][T22083] ? do_syscall_64+0x10b/0xf80 [ 1163.614683][T22083] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1163.614715][T22083] alloc_pages_bulk_noprof+0x657/0x1390 [ 1163.614762][T22083] ? policy_nodemask+0xed/0x4f0 [ 1163.614791][T22083] ? __pfx_alloc_pages_bulk_noprof+0x10/0x10 [ 1163.614847][T22083] __kasan_populate_vmalloc+0xf0/0x210 [ 1163.614893][T22083] alloc_vmap_area+0x95d/0x2b70 [ 1163.614943][T22083] ? __pfx_alloc_vmap_area+0x10/0x10 [ 1163.614976][T22083] __get_vm_area_node+0x1ca/0x330 [ 1163.615007][T22083] ? ringbuf_map_alloc+0x3a1/0x8b0 [ 1163.615047][T22083] get_vm_area_caller+0x71/0xa0 [ 1163.615075][T22083] ? ringbuf_map_alloc+0x3a1/0x8b0 [ 1163.615115][T22083] vmap+0x131/0x2f0 [ 1163.615141][T22083] ? __pfx_vmap+0x10/0x10 [ 1163.615176][T22083] ringbuf_map_alloc+0x3a1/0x8b0 [ 1163.615221][T22083] ? __pfx_ringbuf_map_mem_usage+0x10/0x10 [ 1163.615260][T22083] map_create+0x84e/0x2ba0 [ 1163.615313][T22083] ? futex_unqueue+0x13d/0x2c0 [ 1163.615338][T22083] ? __futex_wait+0x256/0x300 [ 1163.615376][T22083] ? __pfx_map_create+0x10/0x10 [ 1163.615411][T22083] ? __might_fault+0xc5/0x140 [ 1163.615454][T22083] ? __might_fault+0xc5/0x140 [ 1163.615502][T22083] __sys_bpf+0x2091/0x4b90 [ 1163.615529][T22083] ? __pfx___sys_bpf+0x10/0x10 [ 1163.615553][T22083] ? __pfx_futex_wait+0x10/0x10 [ 1163.615591][T22083] ? errseq_sample+0x51/0x70 [ 1163.615621][T22083] ? file_init_path+0x48e/0x670 [ 1163.615656][T22083] ? do_futex+0x192/0x350 [ 1163.615697][T22083] ? xfd_validate_state+0x129/0x190 [ 1163.615730][T22083] __x64_sys_bpf+0x7b/0xc0 [ 1163.615753][T22083] ? lockdep_hardirqs_on+0x78/0x100 [ 1163.615792][T22083] do_syscall_64+0x10b/0xf80 [ 1163.615829][T22083] ? clear_bhb_loop+0x40/0x90 [ 1163.615860][T22083] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1163.615887][T22083] RIP: 0033:0x7f4f29f9c819 [ 1163.615908][T22083] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1163.615933][T22083] RSP: 002b:00007f4f2ae35028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 1163.615957][T22083] RAX: ffffffffffffffda RBX: 00007f4f2a215fa0 RCX: 00007f4f29f9c819 [ 1163.615974][T22083] RDX: 0000000000000010 RSI: 00002000000000c0 RDI: 0000000000000000 [ 1163.615990][T22083] RBP: 00007f4f2a032c91 R08: 0000000000000000 R09: 0000000000000000 [ 1163.616007][T22083] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1163.616022][T22083] R13: 00007f4f2a216038 R14: 00007f4f2a215fa0 R15: 00007ffe27d13e88 [ 1163.616054][T22083] [ 1166.271357][T22102] ubi3: attaching mtd1 [ 1166.388949][T22100] sp0: Synchronizing with TNC [ 1168.561365][T22134] sp0: Synchronizing with TNC [ 1173.673926][ T5837] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 1173.673959][ T5837] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 1173.690860][ T5837] Bluetooth: hci2: Unknown advertising packet type: 0x7f [ 1173.690895][ T5837] Bluetooth: hci2: adv larger than maximum supported [ 1173.698143][ T5837] Bluetooth: hci2: adv larger than maximum supported [ 1173.704992][ T5837] Bluetooth: hci2: Malformed LE Event: 0x0d [ 1177.367715][ T1306] ieee802154 phy0 wpan0: encryption failed: -22 [ 1177.379280][ T1306] ieee802154 phy1 wpan1: encryption failed: -22 [ 1180.417022][T22298] netlink: 346 bytes leftover after parsing attributes in process `syz.1.5321'. [ 1180.886629][ T5837] Bluetooth: hci4: unexpected event 0x3e length: 726 > 260 [ 1180.886668][ T5837] Bluetooth: hci4: unexpected subevent 0x0d length: 725 > 260 [ 1180.901714][ T5837] Bluetooth: hci4: Unknown advertising packet type: 0x7f [ 1180.901743][ T5837] Bluetooth: hci4: adv larger than maximum supported [ 1180.908874][ T5837] Bluetooth: hci4: adv larger than maximum supported [ 1180.915856][ T5837] Bluetooth: hci4: Malformed LE Event: 0x0d [ 1181.541271][T22316] netlink: 'syz.3.5326': attribute type 19 has an invalid length. [ 1181.587136][T22316] netlink: 226 bytes leftover after parsing attributes in process `syz.3.5326'. [ 1184.594942][T22354] ubi3: attaching mtd1 [ 1185.854460][T22362] zswap: compressor not available [ 1186.247636][T22220] Process accounting paused [ 1186.308203][ T5837] Bluetooth: hci0: Malformed Event: 0x02 [ 1187.857866][T22399] netlink: 346 bytes leftover after parsing attributes in process `syz.3.5346'. [ 1188.252613][T22403] ubi3: attaching mtd1 [ 1188.971098][T22407] zswap: compressor 000 not available [ 1189.019653][T22415] program syz.2.5349 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1190.520926][T22406] Process accounting paused [ 1190.539032][T22424] zswap: compressor not available [ 1191.211587][T22430] netlink: 62 bytes leftover after parsing attributes in process `syz.3.5357'. [ 1200.865187][T22508] netlink: 28 bytes leftover after parsing attributes in process `syz.2.5379'. [ 1200.909484][T22508] veth0_macvtap: left promiscuous mode [ 1200.934628][T22508] macvtap0: entered promiscuous mode [ 1200.955909][T22508] macvtap0: entered allmulticast mode [ 1204.936702][T22548] ubi3: attaching mtd1 [ 1207.321885][T22582] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5398'. [ 1207.368063][T22582] netlink: 25 bytes leftover after parsing attributes in process `syz.2.5398'. [ 1207.407235][ T5837] Bluetooth: hci4: Malformed Event: 0x02 [ 1208.146294][T22591] mkiss: ax0: crc mode is auto. [ 1208.181391][T22596] ubi3: attaching mtd1 [ 1209.470520][T22607] netlink: 28 bytes leftover after parsing attributes in process `syz.4.5406'. [ 1209.557454][T22607] veth0_macvtap: left promiscuous mode [ 1209.609220][T22607] macvtap0: entered promiscuous mode [ 1209.643045][T22607] macvtap0: entered allmulticast mode [ 1210.981166][T22622] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5409'. [ 1211.060930][T22623] netlink: 25 bytes leftover after parsing attributes in process `syz.1.5409'. [ 1211.999277][T22627] netlink: 246 bytes leftover after parsing attributes in process `syz.1.5411'. [ 1216.474931][T22691] netlink: 504 bytes leftover after parsing attributes in process `syz.1.5428'. [ 1216.659051][T22694] netlink: 28 bytes leftover after parsing attributes in process `syz.3.5429'. [ 1217.482769][T22705] mkiss: ax0: crc mode is auto. [ 1220.607924][T22750] netlink: 330 bytes leftover after parsing attributes in process `syz.3.5453'. [ 1221.554840][T22762] zswap: compressor 000 not available [ 1224.305415][T22800] netlink: 28 bytes leftover after parsing attributes in process `syz.2.5457'. [ 1225.252245][T22811] netlink: 62 bytes leftover after parsing attributes in process `syz.4.5463'. [ 1226.031588][T22821] netlink: 504 bytes leftover after parsing attributes in process `syz.3.5465'. [ 1226.346927][T22829] netlink: 28 bytes leftover after parsing attributes in process `syz.4.5469'. [ 1227.070705][T22842] netlink: 246 bytes leftover after parsing attributes in process `syz.3.5471'. [ 1232.339852][T22881] zswap: compressor not available [ 1233.547865][T22902] netlink: 28 bytes leftover after parsing attributes in process `syz.1.5486'. [ 1233.666822][T22896] zswap: compressor not available [ 1235.124047][T22914] kmem.tcp.limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 1235.158759][T22920] netlink: 246 bytes leftover after parsing attributes in process `syz.2.5490'. [ 1236.537507][T22940] random: crng reseeded on system resumption [ 1237.307490][T22942] zswap: compressor not available [ 1238.806937][ T1306] ieee802154 phy0 wpan0: encryption failed: -22 [ 1238.815408][ T1306] ieee802154 phy1 wpan1: encryption failed: -22 [ 1239.158495][T22971] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5507'. [ 1239.217820][T22971] netlink: 'syz.4.5507': attribute type 1 has an invalid length. [ 1239.254524][T22971] netlink: 13 bytes leftover after parsing attributes in process `syz.4.5507'. [ 1241.370013][T22998] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3315741749 (212207471936 ns) > initial count (94764848960 ns). Using initial count to start timer. [ 1243.913636][T23038] device-mapper: ioctl: Unable to rename non-existent device, to uuid [ 1249.648004][T23097] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3315741749 (212207471936 ns) > initial count (94764848960 ns). Using initial count to start timer. [ 1250.583296][T23122] device-mapper: ioctl: Unable to rename non-existent device, to uuid [ 1250.801499][T23116] zswap: compressor not available [ 1251.219302][T23134] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5554'. [ 1251.270720][T23134] netlink: 25 bytes leftover after parsing attributes in process `syz.4.5554'. [ 1251.561436][T23140] netlink: 28 bytes leftover after parsing attributes in process `syz.4.5555'. [ 1253.623011][T23150] netlink: 186 bytes leftover after parsing attributes in process `syz.1.5559'. [ 1253.678360][T23150] netlink: 186 bytes leftover after parsing attributes in process `syz.1.5559'. [ 1254.598980][ T5837] Bluetooth: hci4: unexpected event 0x1c length: 725 > 5 [ 1254.636134][T23177] device-mapper: ioctl: Unable to rename non-existent device, to uuid [ 1256.821959][T23182] random: crng reseeded on system resumption [ 1257.153599][T23206] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3315741749 (212207471936 ns) > initial count (94764848960 ns). Using initial count to start timer. [ 1257.711811][T23211] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5576'. [ 1257.788372][T23213] netlink: 13 bytes leftover after parsing attributes in process `syz.2.5576'. [ 1258.889801][T23230] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5580'. [ 1258.951162][T23230] netlink: 25 bytes leftover after parsing attributes in process `syz.1.5580'. [ 1260.792113][T23246] netlink: 'syz.1.5585': attribute type 1 has an invalid length. [ 1260.827577][T23246] netlink: 'syz.1.5585': attribute type 1 has an invalid length. [ 1261.033764][T23242] FAULT_INJECTION: forcing a failure. [ 1261.033764][T23242] name failslab, interval 1, probability 0, space 0, times 0 [ 1261.233036][T23242] CPU: 0 UID: 0 PID: 23242 Comm: syz.2.5584 Tainted: G L syzkaller #0 PREEMPT(full) [ 1261.233078][T23242] Tainted: [L]=SOFTLOCKUP [ 1261.233087][T23242] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1261.233102][T23242] Call Trace: [ 1261.233111][T23242] [ 1261.233121][T23242] dump_stack_lvl+0x100/0x190 [ 1261.233179][T23242] should_fail_ex.cold+0x5/0xa [ 1261.233223][T23242] should_failslab+0xc2/0x120 [ 1261.233249][T23242] __kmalloc_node_track_caller_noprof+0xe3/0x850 [ 1261.233290][T23242] ? sctp_sysctl_net_register+0x30/0x200 [ 1261.233322][T23242] ? __pfx_sctp_defaults_init+0x10/0x10 [ 1261.233349][T23242] kmemdup_noprof+0x29/0x60 [ 1261.233380][T23242] sctp_sysctl_net_register+0x30/0x200 [ 1261.233409][T23242] ? __pfx_sctp_defaults_init+0x10/0x10 [ 1261.233435][T23242] sctp_defaults_init+0x6d2/0xd90 [ 1261.233463][T23242] ? __pfx_sctp_defaults_init+0x10/0x10 [ 1261.233490][T23242] ops_init+0x1e2/0x5f0 [ 1261.233520][T23242] setup_net+0x118/0x3a0 [ 1261.233547][T23242] ? __pfx_setup_net+0x10/0x10 [ 1261.233574][T23242] ? mutex_init_lockdep+0xf1/0x120 [ 1261.233604][T23242] copy_net_ns+0x46f/0x7c0 [ 1261.233636][T23242] create_new_namespaces+0x3ea/0xac0 [ 1261.233673][T23242] unshare_nsproxy_namespaces+0xf2/0x220 [ 1261.233706][T23242] ksys_unshare+0x438/0xab0 [ 1261.233743][T23242] ? __pfx_ksys_unshare+0x10/0x10 [ 1261.233778][T23242] ? xfd_validate_state+0x129/0x190 [ 1261.233810][T23242] __x64_sys_unshare+0x31/0x40 [ 1261.233846][T23242] do_syscall_64+0x10b/0xf80 [ 1261.233883][T23242] ? clear_bhb_loop+0x40/0x90 [ 1261.233916][T23242] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1261.233941][T23242] RIP: 0033:0x7f4f29f9c819 [ 1261.233965][T23242] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1261.234009][T23242] RSP: 002b:00007f4f2ae35028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 1261.234038][T23242] RAX: ffffffffffffffda RBX: 00007f4f2a215fa0 RCX: 00007f4f29f9c819 [ 1261.234055][T23242] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 1261.234071][T23242] RBP: 00007f4f2a032c91 R08: 0000000000000000 R09: 0000000000000000 [ 1261.234087][T23242] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1261.234103][T23242] R13: 00007f4f2a216038 R14: 00007f4f2a215fa0 R15: 00007ffe27d13e88 [ 1261.234135][T23242] [ 1261.875766][T23251] netlink: 226 bytes leftover after parsing attributes in process `syz.4.5587'. [ 1264.195064][T23273] netlink: 342 bytes leftover after parsing attributes in process `syz.4.5600'. [ 1264.241341][T23273] netlink: 294 bytes leftover after parsing attributes in process `syz.4.5600'. [ 1264.716471][T23281] netlink: 354 bytes leftover after parsing attributes in process `syz.4.5594'. [ 1266.953225][T23309] netlink: 'syz.4.5601': attribute type 1 has an invalid length. [ 1266.985231][T23309] netlink: 'syz.4.5601': attribute type 1 has an invalid length. [ 1270.824000][T23355] FAULT_INJECTION: forcing a failure. [ 1270.824000][T23355] name failslab, interval 1, probability 0, space 0, times 0 [ 1270.879265][T23355] CPU: 0 UID: 0 PID: 23355 Comm: syz.4.5615 Tainted: G L syzkaller #0 PREEMPT(full) [ 1270.879306][T23355] Tainted: [L]=SOFTLOCKUP [ 1270.879318][T23355] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1270.879334][T23355] Call Trace: [ 1270.879342][T23355] [ 1270.879352][T23355] dump_stack_lvl+0x100/0x190 [ 1270.879400][T23355] should_fail_ex.cold+0x5/0xa [ 1270.879433][T23355] should_failslab+0xc2/0x120 [ 1270.879476][T23355] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 1270.879516][T23355] ? do_getname+0x35/0x390 [ 1270.879554][T23355] do_getname+0x35/0x390 [ 1270.879589][T23355] do_sys_openat2+0xc5/0x1e0 [ 1270.879623][T23355] ? __pfx_do_sys_openat2+0x10/0x10 [ 1270.879675][T23355] __x64_sys_openat+0x12d/0x210 [ 1270.879710][T23355] ? __pfx___x64_sys_openat+0x10/0x10 [ 1270.879751][T23355] ? rcu_is_watching+0x12/0xc0 [ 1270.879785][T23355] do_syscall_64+0x10b/0xf80 [ 1270.879823][T23355] ? clear_bhb_loop+0x40/0x90 [ 1270.879855][T23355] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1270.879881][T23355] RIP: 0033:0x7f6f5099c819 [ 1270.879902][T23355] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1270.879928][T23355] RSP: 002b:00007f6f51822028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1270.879952][T23355] RAX: ffffffffffffffda RBX: 00007f6f50c15fa0 RCX: 00007f6f5099c819 [ 1270.879970][T23355] RDX: 0000000000002841 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 1270.879986][T23355] RBP: 00007f6f50a32c91 R08: 0000000000000000 R09: 0000000000000000 [ 1270.880002][T23355] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1270.880018][T23355] R13: 00007f6f50c16038 R14: 00007f6f50c15fa0 R15: 00007ffcd078a2a8 [ 1270.880049][T23355] [ 1275.677534][T23416] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1275.839400][T23416] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1278.069227][T23452] netlink: 13 bytes leftover after parsing attributes in process `syz.3.5643'. [ 1278.271785][T23450] netlink: 354 bytes leftover after parsing attributes in process `syz.1.5641'. [ 1278.301441][T23458] netlink: 252 bytes leftover after parsing attributes in process `syz.3.5644'. [ 1278.337692][T23458] netlink: 252 bytes leftover after parsing attributes in process `syz.3.5644'. [ 1278.598311][T23464] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5647'. [ 1278.648674][T23464] netlink: 25 bytes leftover after parsing attributes in process `syz.3.5647'. [ 1279.004625][T23471] random: crng reseeded on system resumption [ 1279.345649][T23471] FAULT_INJECTION: forcing a failure. [ 1279.345649][T23471] name failslab, interval 1, probability 0, space 0, times 0 [ 1279.395955][T23471] CPU: 0 UID: 0 PID: 23471 Comm: syz.4.5649 Tainted: G L syzkaller #0 PREEMPT(full) [ 1279.395997][T23471] Tainted: [L]=SOFTLOCKUP [ 1279.396006][T23471] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1279.396022][T23471] Call Trace: [ 1279.396037][T23471] [ 1279.396048][T23471] dump_stack_lvl+0x100/0x190 [ 1279.396098][T23471] should_fail_ex.cold+0x5/0xa [ 1279.396130][T23471] should_failslab+0xc2/0x120 [ 1279.396157][T23471] __kmalloc_node_track_caller_noprof+0xe3/0x850 [ 1279.396206][T23471] ? __request_module+0x2e1/0x6c0 [ 1279.396242][T23471] kstrdup+0x51/0xe0 [ 1279.396269][T23471] __request_module+0x2e1/0x6c0 [ 1279.396295][T23471] ? __pfx___request_module+0x10/0x10 [ 1279.396325][T23471] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 1279.396377][T23471] ? ilookup+0x189/0x210 [ 1279.396418][T23471] blk_request_module+0x5c/0xc0 [ 1279.396445][T23471] blkdev_get_no_open+0x9b/0xf0 [ 1279.396482][T23471] bdev_file_open_by_dev+0x70/0x210 [ 1279.396518][T23471] swsusp_check+0x72/0x470 [ 1279.396556][T23471] software_resume+0x6f/0x330 [ 1279.396586][T23471] resume_store+0x248/0x460 [ 1279.396614][T23471] ? __pfx_resume_store+0x10/0x10 [ 1279.396651][T23471] ? find_held_lock+0x2b/0x80 [ 1279.396681][T23471] ? sysfs_file_kobj+0xe4/0x290 [ 1279.396722][T23471] ? sysfs_file_kobj+0xe4/0x290 [ 1279.396759][T23471] ? __pfx_resume_store+0x10/0x10 [ 1279.396786][T23471] kobj_attr_store+0x58/0x80 [ 1279.396811][T23471] ? __pfx_kobj_attr_store+0x10/0x10 [ 1279.396835][T23471] sysfs_kf_write+0xf2/0x150 [ 1279.396876][T23471] kernfs_fop_write_iter+0x3e0/0x5f0 [ 1279.396906][T23471] ? __pfx_sysfs_kf_write+0x10/0x10 [ 1279.396945][T23471] vfs_write+0x6ac/0x1070 [ 1279.396969][T23471] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 1279.397004][T23471] ? __pfx_vfs_write+0x10/0x10 [ 1279.397051][T23471] ksys_write+0x12a/0x250 [ 1279.397075][T23471] ? __pfx_ksys_write+0x10/0x10 [ 1279.397102][T23471] ? rcu_is_watching+0x12/0xc0 [ 1279.397135][T23471] do_syscall_64+0x10b/0xf80 [ 1279.397173][T23471] ? clear_bhb_loop+0x40/0x90 [ 1279.397204][T23471] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1279.397231][T23471] RIP: 0033:0x7f6f5099c819 [ 1279.397252][T23471] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1279.397278][T23471] RSP: 002b:00007f6f51822028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1279.397302][T23471] RAX: ffffffffffffffda RBX: 00007f6f50c15fa0 RCX: 00007f6f5099c819 [ 1279.397319][T23471] RDX: 0000000000100082 RSI: 0000000000000000 RDI: 0000000000000003 [ 1279.397335][T23471] RBP: 00007f6f50a32c91 R08: 0000000000000000 R09: 0000000000000000 [ 1279.397351][T23471] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1279.397367][T23471] R13: 00007f6f50c16038 R14: 00007f6f50c15fa0 R15: 00007ffcd078a2a8 [ 1279.397399][T23471] [ 1279.941031][T23478] FAULT_INJECTION: forcing a failure. [ 1279.941031][T23478] name failslab, interval 1, probability 0, space 0, times 0 [ 1280.009795][T23478] CPU: 0 UID: 0 PID: 23478 Comm: syz.1.5650 Tainted: G L syzkaller #0 PREEMPT(full) [ 1280.009836][T23478] Tainted: [L]=SOFTLOCKUP [ 1280.009846][T23478] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1280.009862][T23478] Call Trace: [ 1280.009871][T23478] [ 1280.009881][T23478] dump_stack_lvl+0x100/0x190 [ 1280.009930][T23478] should_fail_ex.cold+0x5/0xa [ 1280.009962][T23478] should_failslab+0xc2/0x120 [ 1280.009997][T23478] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 1280.010037][T23478] ? alloc_inode+0x183/0x250 [ 1280.010072][T23478] ? find_inode_fast+0x1fa/0x910 [ 1280.010111][T23478] alloc_inode+0x183/0x250 [ 1280.010146][T23478] iget_locked+0x1d9/0x6d0 [ 1280.010182][T23478] ? __pfx_iget_locked+0x10/0x10 [ 1280.010216][T23478] ? kernfs_root+0xee/0x2a0 [ 1280.010254][T23478] ? kernfs_root+0xee/0x2a0 [ 1280.010299][T23478] kernfs_get_inode+0x46/0x470 [ 1280.010340][T23478] kernfs_iop_lookup+0x1a7/0x2d0 [ 1280.010367][T23478] lookup_open.isra.0+0x631/0x11b0 [ 1280.010415][T23478] ? __pfx_lookup_open.isra.0+0x10/0x10 [ 1280.010472][T23478] ? lookup_fast+0x2da/0x600 [ 1280.010514][T23478] path_openat+0xa98/0x31a0 [ 1280.010550][T23478] ? __pfx_path_openat+0x10/0x10 [ 1280.010588][T23478] do_file_open+0x20e/0x430 [ 1280.010617][T23478] ? __pfx_do_file_open+0x10/0x10 [ 1280.010665][T23478] ? alloc_fd+0x476/0x790 [ 1280.010693][T23478] ? do_getname+0x191/0x390 [ 1280.010729][T23478] do_sys_openat2+0x10d/0x1e0 [ 1280.010763][T23478] ? __pfx_do_sys_openat2+0x10/0x10 [ 1280.010808][T23478] __x64_sys_openat+0x12d/0x210 [ 1280.010844][T23478] ? __pfx___x64_sys_openat+0x10/0x10 [ 1280.010877][T23478] ? ksys_write+0x1ac/0x250 [ 1280.010905][T23478] ? rcu_is_watching+0x12/0xc0 [ 1280.010938][T23478] do_syscall_64+0x10b/0xf80 [ 1280.010976][T23478] ? clear_bhb_loop+0x40/0x90 [ 1280.011012][T23478] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1280.011038][T23478] RIP: 0033:0x7f67a599c819 [ 1280.011059][T23478] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1280.011084][T23478] RSP: 002b:00007f67a6871028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1280.011108][T23478] RAX: ffffffffffffffda RBX: 00007f67a5c16090 RCX: 00007f67a599c819 [ 1280.011125][T23478] RDX: 0000000000002400 RSI: 0000200000000140 RDI: ffffffffffffff9c [ 1280.011143][T23478] RBP: 00007f67a5a32c91 R08: 0000000000000000 R09: 0000000000000000 [ 1280.011158][T23478] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1280.011174][T23478] R13: 00007f67a5c16128 R14: 00007f67a5c16090 R15: 00007ffe02470e98 [ 1280.011206][T23478] [ 1281.348175][T23490] sp0: Synchronizing with TNC [ 1285.787686][T23543] netlink: 'syz.4.5665': attribute type 21 has an invalid length. [ 1285.859437][T23543] netlink: 334 bytes leftover after parsing attributes in process `syz.4.5665'. [ 1286.567329][T23550] sctp: [Deprecated]: syz.1.5668 (pid 23550) Use of struct sctp_assoc_value in delayed_ack socket option. [ 1286.567329][T23550] Use struct sctp_sack_info instead [ 1286.607874][T23552] netlink: 354 bytes leftover after parsing attributes in process `syz.4.5667'. [ 1287.504764][T23566] netlink: 25 bytes leftover after parsing attributes in process `syz.1.5671'. [ 1288.075324][T23570] netlink: 'syz.4.5673': attribute type 5 has an invalid length. [ 1288.116059][T23570] netlink: 'syz.4.5673': attribute type 1 has an invalid length. [ 1288.150345][T23570] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5673'. [ 1288.210529][T23573] netlink: 'syz.4.5673': attribute type 5 has an invalid length. [ 1288.248675][T23573] netlink: 'syz.4.5673': attribute type 1 has an invalid length. [ 1288.298057][T23573] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5673'. [ 1289.663702][T23595] futex_wake_op: syz.2.5680 tries to shift op by -2048; fix this program [ 1291.270994][T23611] netlink: 'syz.3.5684': attribute type 5 has an invalid length. [ 1291.310308][T23611] netlink: 'syz.3.5684': attribute type 1 has an invalid length. [ 1291.345651][T23616] netlink: 'syz.3.5684': attribute type 5 has an invalid length. [ 1291.385942][T23611] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5684'. [ 1291.427749][T23616] netlink: 'syz.3.5684': attribute type 1 has an invalid length. [ 1291.473709][T23616] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5684'. [ 1293.579218][T23638] FAULT_INJECTION: forcing a failure. [ 1293.579218][T23638] name failslab, interval 1, probability 0, space 0, times 0 [ 1293.630044][T23640] sp0: Synchronizing with TNC [ 1293.657833][T23638] CPU: 0 UID: 0 PID: 23638 Comm: syz.4.5701 Tainted: G L syzkaller #0 PREEMPT(full) [ 1293.657874][T23638] Tainted: [L]=SOFTLOCKUP [ 1293.657883][T23638] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1293.657899][T23638] Call Trace: [ 1293.657907][T23638] [ 1293.657918][T23638] dump_stack_lvl+0x100/0x190 [ 1293.657972][T23638] should_fail_ex.cold+0x5/0xa [ 1293.658005][T23638] should_failslab+0xc2/0x120 [ 1293.658032][T23638] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 1293.658070][T23638] ? security_inode_alloc+0x3b/0x2c0 [ 1293.658101][T23638] ? lockdep_init_map_type+0x5c/0x250 [ 1293.658147][T23638] security_inode_alloc+0x3b/0x2c0 [ 1293.658179][T23638] inode_init_always_gfp+0xcc0/0x1000 [ 1293.658210][T23638] alloc_inode+0x8e/0x250 [ 1293.658245][T23638] sock_alloc+0x44/0x280 [ 1293.658271][T23638] ? security_socket_create+0x7f/0x250 [ 1293.658301][T23638] sock_create_lite+0x82/0x120 [ 1293.658332][T23638] __netlink_kernel_create+0xbd/0x750 [ 1293.658367][T23638] ? __pfx___netlink_kernel_create+0x10/0x10 [ 1293.658409][T23638] fib_net_init+0x26d/0x3f0 [ 1293.658437][T23638] ? is_module_address+0x69/0xf0 [ 1293.658461][T23638] ? __pfx_fib_net_init+0x10/0x10 [ 1293.658490][T23638] ? timer_init_key+0x155/0x330 [ 1293.658526][T23638] ? __pfx_nl_fib_input+0x10/0x10 [ 1293.658563][T23638] ? devinet_init_net+0x56c/0x8d0 [ 1293.658598][T23638] ? __pfx_fib_net_init+0x10/0x10 [ 1293.658626][T23638] ops_init+0x1e2/0x5f0 [ 1293.658656][T23638] setup_net+0x118/0x3a0 [ 1293.658684][T23638] ? __pfx_setup_net+0x10/0x10 [ 1293.658713][T23638] ? mutex_init_lockdep+0xf1/0x120 [ 1293.658743][T23638] copy_net_ns+0x46f/0x7c0 [ 1293.658777][T23638] create_new_namespaces+0x3ea/0xac0 [ 1293.658815][T23638] unshare_nsproxy_namespaces+0xf2/0x220 [ 1293.658850][T23638] ksys_unshare+0x438/0xab0 [ 1293.658889][T23638] ? __pfx_ksys_unshare+0x10/0x10 [ 1293.658925][T23638] ? xfd_validate_state+0x129/0x190 [ 1293.658959][T23638] __x64_sys_unshare+0x31/0x40 [ 1293.659014][T23638] do_syscall_64+0x10b/0xf80 [ 1293.659051][T23638] ? clear_bhb_loop+0x40/0x90 [ 1293.659081][T23638] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1293.659107][T23638] RIP: 0033:0x7f6f5099c819 [ 1293.659128][T23638] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1293.659153][T23638] RSP: 002b:00007f6f51822028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 1293.659177][T23638] RAX: ffffffffffffffda RBX: 00007f6f50c15fa0 RCX: 00007f6f5099c819 [ 1293.659194][T23638] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 1293.659210][T23638] RBP: 00007f6f50a32c91 R08: 0000000000000000 R09: 0000000000000000 [ 1293.659225][T23638] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1293.659240][T23638] R13: 00007f6f50c16038 R14: 00007f6f50c15fa0 R15: 00007ffcd078a2a8 [ 1293.659271][T23638] [ 1295.270541][T23656] netlink: 'syz.1.5695': attribute type 5 has an invalid length. [ 1295.307979][T23656] netlink: 'syz.1.5695': attribute type 1 has an invalid length. [ 1295.338675][T23656] netlink: 12 bytes leftover after parsing attributes in process `syz.1.5695'. [ 1295.373699][T23659] netlink: 'syz.1.5695': attribute type 5 has an invalid length. [ 1295.394189][T23659] netlink: 'syz.1.5695': attribute type 1 has an invalid length. [ 1295.415700][T23659] netlink: 12 bytes leftover after parsing attributes in process `syz.1.5695'. [ 1296.807102][T23675] sctp: [Deprecated]: syz.2.5702 (pid 23675) Use of struct sctp_assoc_value in delayed_ack socket option. [ 1296.807102][T23675] Use struct sctp_sack_info instead [ 1297.267464][T23682] kvm: vcpu 4: requested lapic timer restore with starting count register 0x390=4294967104 (137438947328 ns) > initial count (6624 ns). Using initial count to start timer. [ 1297.386736][T23684] sp0: Synchronizing with TNC [ 1299.779361][ T5837] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 1299.818414][T23723] futex_wake_op: syz.2.5715 tries to shift op by -2048; fix this program [ 1299.891541][T23723] futex_wake_op: syz.2.5715 tries to shift op by -2048; fix this program [ 1300.247609][ T1306] ieee802154 phy0 wpan0: encryption failed: -22 [ 1300.256758][ T1306] ieee802154 phy1 wpan1: encryption failed: -22 [ 1300.290986][T23731] capability: warning: `syz.3.5716' uses deprecated v2 capabilities in a way that may be insecure [ 1304.541817][T23724] Bluetooth: Frame is too long (len 122, expected len 4) [ 1310.156400][T23846] FAULT_INJECTION: forcing a failure. [ 1310.156400][T23846] name failslab, interval 1, probability 0, space 0, times 0 [ 1310.226198][T23846] CPU: 0 UID: 0 PID: 23846 Comm: syz.1.5743 Tainted: G L syzkaller #0 PREEMPT(full) [ 1310.226240][T23846] Tainted: [L]=SOFTLOCKUP [ 1310.226249][T23846] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1310.226264][T23846] Call Trace: [ 1310.226273][T23846] [ 1310.226283][T23846] dump_stack_lvl+0x100/0x190 [ 1310.226332][T23846] should_fail_ex.cold+0x5/0xa [ 1310.226365][T23846] should_failslab+0xc2/0x120 [ 1310.226391][T23846] __kvmalloc_node_noprof+0xfa/0xa00 [ 1310.226431][T23846] ? fib4_semantics_init+0x2a/0x100 [ 1310.226478][T23846] fib4_semantics_init+0x2a/0x100 [ 1310.226517][T23846] fib_net_init+0x1fc/0x3f0 [ 1310.226545][T23846] ? is_module_address+0x69/0xf0 [ 1310.226569][T23846] ? __pfx_fib_net_init+0x10/0x10 [ 1310.226598][T23846] ? timer_init_key+0x155/0x330 [ 1310.226639][T23846] ? devinet_init_net+0x56c/0x8d0 [ 1310.226674][T23846] ? __pfx_fib_net_init+0x10/0x10 [ 1310.226702][T23846] ops_init+0x1e2/0x5f0 [ 1310.226745][T23846] setup_net+0x118/0x3a0 [ 1310.226774][T23846] ? __pfx_setup_net+0x10/0x10 [ 1310.226802][T23846] ? mutex_init_lockdep+0xf1/0x120 [ 1310.226832][T23846] copy_net_ns+0x46f/0x7c0 [ 1310.226866][T23846] create_new_namespaces+0x3ea/0xac0 [ 1310.226905][T23846] unshare_nsproxy_namespaces+0xf2/0x220 [ 1310.226940][T23846] ksys_unshare+0x438/0xab0 [ 1310.226979][T23846] ? __pfx_ksys_unshare+0x10/0x10 [ 1310.227014][T23846] ? xfd_validate_state+0x129/0x190 [ 1310.227048][T23846] __x64_sys_unshare+0x31/0x40 [ 1310.227085][T23846] do_syscall_64+0x10b/0xf80 [ 1310.227124][T23846] ? clear_bhb_loop+0x40/0x90 [ 1310.227155][T23846] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1310.227181][T23846] RIP: 0033:0x7f67a599c819 [ 1310.227202][T23846] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1310.227228][T23846] RSP: 002b:00007f67a6892028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 1310.227252][T23846] RAX: ffffffffffffffda RBX: 00007f67a5c15fa0 RCX: 00007f67a599c819 [ 1310.227277][T23846] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 1310.227295][T23846] RBP: 00007f67a5a32c91 R08: 0000000000000000 R09: 0000000000000000 [ 1310.227311][T23846] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1310.227327][T23846] R13: 00007f67a5c16038 R14: 00007f67a5c15fa0 R15: 00007ffe02470e98 [ 1310.227359][T23846] [ 1319.554590][T23965] futex_wake_op: syz.1.5768 tries to shift op by -2048; fix this program [ 1320.685066][T23969] FAULT_INJECTION: forcing a failure. [ 1320.685066][T23969] name failslab, interval 1, probability 0, space 0, times 0 [ 1320.732406][T23969] CPU: 0 UID: 0 PID: 23969 Comm: syz.3.5772 Tainted: G L syzkaller #0 PREEMPT(full) [ 1320.732448][T23969] Tainted: [L]=SOFTLOCKUP [ 1320.732457][T23969] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1320.732474][T23969] Call Trace: [ 1320.732482][T23969] [ 1320.732492][T23969] dump_stack_lvl+0x100/0x190 [ 1320.732541][T23969] should_fail_ex.cold+0x5/0xa [ 1320.732573][T23969] ? sk_prot_alloc+0x10b/0x2a0 [ 1320.732604][T23969] should_failslab+0xc2/0x120 [ 1320.732631][T23969] __kmalloc_noprof+0xe0/0x850 [ 1320.732668][T23969] ? security_inode_alloc+0xcf/0x2c0 [ 1320.732704][T23969] sk_prot_alloc+0x10b/0x2a0 [ 1320.732739][T23969] sk_alloc+0x36/0xe80 [ 1320.732768][T23969] __netlink_create+0x5e/0x2c0 [ 1320.732797][T23969] __netlink_kernel_create+0xed/0x750 [ 1320.732831][T23969] ? __pfx___netlink_kernel_create+0x10/0x10 [ 1320.732873][T23969] fib_net_init+0x26d/0x3f0 [ 1320.732901][T23969] ? is_module_address+0x69/0xf0 [ 1320.732925][T23969] ? __pfx_fib_net_init+0x10/0x10 [ 1320.732954][T23969] ? timer_init_key+0x155/0x330 [ 1320.732990][T23969] ? __pfx_nl_fib_input+0x10/0x10 [ 1320.733031][T23969] ? devinet_init_net+0x56c/0x8d0 [ 1320.733066][T23969] ? __pfx_fib_net_init+0x10/0x10 [ 1320.733095][T23969] ops_init+0x1e2/0x5f0 [ 1320.733125][T23969] setup_net+0x118/0x3a0 [ 1320.733153][T23969] ? __pfx_setup_net+0x10/0x10 [ 1320.733181][T23969] ? mutex_init_lockdep+0xf1/0x120 [ 1320.733211][T23969] copy_net_ns+0x46f/0x7c0 [ 1320.733243][T23969] create_new_namespaces+0x3ea/0xac0 [ 1320.733282][T23969] unshare_nsproxy_namespaces+0xf2/0x220 [ 1320.733317][T23969] ksys_unshare+0x438/0xab0 [ 1320.733355][T23969] ? __pfx_ksys_unshare+0x10/0x10 [ 1320.733390][T23969] ? xfd_validate_state+0x129/0x190 [ 1320.733425][T23969] __x64_sys_unshare+0x31/0x40 [ 1320.733462][T23969] do_syscall_64+0x10b/0xf80 [ 1320.733500][T23969] ? clear_bhb_loop+0x40/0x90 [ 1320.733532][T23969] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1320.733559][T23969] RIP: 0033:0x7f5af159c819 [ 1320.733580][T23969] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1320.733605][T23969] RSP: 002b:00007f5af2431028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 1320.733629][T23969] RAX: ffffffffffffffda RBX: 00007f5af1815fa0 RCX: 00007f5af159c819 [ 1320.733646][T23969] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 1320.733662][T23969] RBP: 00007f5af1632c91 R08: 0000000000000000 R09: 0000000000000000 [ 1320.733678][T23969] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1320.733694][T23969] R13: 00007f5af1816038 R14: 00007f5af1815fa0 R15: 00007fffdab688b8 [ 1320.733726][T23969] [ 1321.766265][T23985] random: crng reseeded on system resumption [ 1324.321271][T24014] zswap: compressor not available [ 1327.395987][T24054] FAULT_INJECTION: forcing a failure. [ 1327.395987][T24054] name failslab, interval 1, probability 0, space 0, times 0 [ 1327.427740][T24052] mkiss: ax0: crc mode is auto. [ 1327.475038][T24054] CPU: 0 UID: 0 PID: 24054 Comm: syz.2.5786 Tainted: G L syzkaller #0 PREEMPT(full) [ 1327.475080][T24054] Tainted: [L]=SOFTLOCKUP [ 1327.475089][T24054] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1327.475106][T24054] Call Trace: [ 1327.475114][T24054] [ 1327.475132][T24054] dump_stack_lvl+0x100/0x190 [ 1327.475181][T24054] should_fail_ex.cold+0x5/0xa [ 1327.475213][T24054] should_failslab+0xc2/0x120 [ 1327.475241][T24054] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 1327.475279][T24054] ? security_inode_alloc+0x3b/0x2c0 [ 1327.475310][T24054] ? lockdep_init_map_type+0x5c/0x250 [ 1327.475380][T24054] security_inode_alloc+0x3b/0x2c0 [ 1327.475411][T24054] inode_init_always_gfp+0xcc0/0x1000 [ 1327.475443][T24054] alloc_inode+0x8e/0x250 [ 1327.475485][T24054] sock_alloc+0x44/0x280 [ 1327.475519][T24054] ? security_socket_create+0x7f/0x250 [ 1327.475550][T24054] sock_create_lite+0x82/0x120 [ 1327.475582][T24054] __netlink_kernel_create+0xbd/0x750 [ 1327.475617][T24054] ? __pfx___netlink_kernel_create+0x10/0x10 [ 1327.475659][T24054] fib_net_init+0x26d/0x3f0 [ 1327.475687][T24054] ? is_module_address+0x69/0xf0 [ 1327.475711][T24054] ? __pfx_fib_net_init+0x10/0x10 [ 1327.475741][T24054] ? timer_init_key+0x155/0x330 [ 1327.475777][T24054] ? __pfx_nl_fib_input+0x10/0x10 [ 1327.475810][T24054] ? devinet_init_net+0x56c/0x8d0 [ 1327.475849][T24054] ? __pfx_fib_net_init+0x10/0x10 [ 1327.475877][T24054] ops_init+0x1e2/0x5f0 [ 1327.475907][T24054] setup_net+0x118/0x3a0 [ 1327.475936][T24054] ? __pfx_setup_net+0x10/0x10 [ 1327.475964][T24054] ? mutex_init_lockdep+0xf1/0x120 [ 1327.475994][T24054] copy_net_ns+0x46f/0x7c0 [ 1327.476027][T24054] create_new_namespaces+0x3ea/0xac0 [ 1327.476066][T24054] unshare_nsproxy_namespaces+0xf2/0x220 [ 1327.476101][T24054] ksys_unshare+0x438/0xab0 [ 1327.476139][T24054] ? __pfx_ksys_unshare+0x10/0x10 [ 1327.476175][T24054] ? xfd_validate_state+0x129/0x190 [ 1327.476209][T24054] __x64_sys_unshare+0x31/0x40 [ 1327.476246][T24054] do_syscall_64+0x10b/0xf80 [ 1327.476284][T24054] ? clear_bhb_loop+0x40/0x90 [ 1327.476315][T24054] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1327.476341][T24054] RIP: 0033:0x7f4f29f9c819 [ 1327.476362][T24054] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1327.476387][T24054] RSP: 002b:00007f4f2ae35028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 1327.476411][T24054] RAX: ffffffffffffffda RBX: 00007f4f2a215fa0 RCX: 00007f4f29f9c819 [ 1327.476428][T24054] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 1327.476444][T24054] RBP: 00007f4f2a032c91 R08: 0000000000000000 R09: 0000000000000000 [ 1327.476460][T24054] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1327.476484][T24054] R13: 00007f4f2a216038 R14: 00007f4f2a215fa0 R15: 00007ffe27d13e88 [ 1327.476516][T24054] [ 1328.289708][T24064] Page cache invalidation failure on direct I/O. Possible data corruption due to collision with buffered I/O! [ 1328.486877][T24064] File: /dev/nullb0 PID: 24064 Comm: syz.1.5799 [ 1331.273865][T24098] FAULT_INJECTION: forcing a failure. [ 1331.273865][T24098] name failslab, interval 1, probability 0, space 0, times 0 [ 1331.342385][T24098] CPU: 0 UID: 0 PID: 24098 Comm: syz.1.5793 Tainted: G L syzkaller #0 PREEMPT(full) [ 1331.342426][T24098] Tainted: [L]=SOFTLOCKUP [ 1331.342436][T24098] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1331.342451][T24098] Call Trace: [ 1331.342460][T24098] [ 1331.342469][T24098] dump_stack_lvl+0x100/0x190 [ 1331.342518][T24098] should_fail_ex.cold+0x5/0xa [ 1331.342550][T24098] should_failslab+0xc2/0x120 [ 1331.342577][T24098] __kmalloc_node_track_caller_noprof+0xe3/0x850 [ 1331.342620][T24098] ? fib_notifier_ops_register+0x32/0x270 [ 1331.342653][T24098] ? __debug_object_init+0x2de/0x3d0 [ 1331.342686][T24098] kmemdup_noprof+0x29/0x60 [ 1331.342710][T24098] fib_notifier_ops_register+0x32/0x270 [ 1331.342744][T24098] fib4_notifier_init+0x4f/0xd0 [ 1331.342775][T24098] fib_net_init+0xbf/0x3f0 [ 1331.342802][T24098] ? is_module_address+0x69/0xf0 [ 1331.342826][T24098] ? __pfx_fib_net_init+0x10/0x10 [ 1331.342856][T24098] ? timer_init_key+0x155/0x330 [ 1331.342897][T24098] ? devinet_init_net+0x56c/0x8d0 [ 1331.342932][T24098] ? __pfx_fib_net_init+0x10/0x10 [ 1331.342963][T24098] ops_init+0x1e2/0x5f0 [ 1331.342996][T24098] setup_net+0x118/0x3a0 [ 1331.343024][T24098] ? __pfx_setup_net+0x10/0x10 [ 1331.343053][T24098] ? mutex_init_lockdep+0xf1/0x120 [ 1331.343083][T24098] copy_net_ns+0x46f/0x7c0 [ 1331.343116][T24098] create_new_namespaces+0x3ea/0xac0 [ 1331.343154][T24098] unshare_nsproxy_namespaces+0xf2/0x220 [ 1331.343189][T24098] ksys_unshare+0x438/0xab0 [ 1331.343228][T24098] ? __pfx_ksys_unshare+0x10/0x10 [ 1331.343263][T24098] ? xfd_validate_state+0x129/0x190 [ 1331.343308][T24098] __x64_sys_unshare+0x31/0x40 [ 1331.343344][T24098] do_syscall_64+0x10b/0xf80 [ 1331.343384][T24098] ? clear_bhb_loop+0x40/0x90 [ 1331.343415][T24098] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1331.343441][T24098] RIP: 0033:0x7f67a599c819 [ 1331.343462][T24098] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1331.343487][T24098] RSP: 002b:00007f67a6871028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 1331.343512][T24098] RAX: ffffffffffffffda RBX: 00007f67a5c16090 RCX: 00007f67a599c819 [ 1331.343529][T24098] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 1331.343545][T24098] RBP: 00007f67a5a32c91 R08: 0000000000000000 R09: 0000000000000000 [ 1331.343561][T24098] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1331.343576][T24098] R13: 00007f67a5c16128 R14: 00007f67a5c16090 R15: 00007ffe02470e98 [ 1331.343608][T24098] [ 1331.670401][T24095] FAULT_INJECTION: forcing a failure. [ 1331.670401][T24095] name failslab, interval 1, probability 0, space 0, times 0 [ 1331.683270][T24095] CPU: 0 UID: 0 PID: 24095 Comm: syz.4.5806 Tainted: G L syzkaller #0 PREEMPT(full) [ 1331.683308][T24095] Tainted: [L]=SOFTLOCKUP [ 1331.683317][T24095] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1331.683332][T24095] Call Trace: [ 1331.683340][T24095] [ 1331.683349][T24095] dump_stack_lvl+0x100/0x190 [ 1331.683396][T24095] should_fail_ex.cold+0x5/0xa [ 1331.683427][T24095] ? ops_init+0x77/0x5f0 [ 1331.683451][T24095] should_failslab+0xc2/0x120 [ 1331.683477][T24095] __kmalloc_noprof+0xe0/0x850 [ 1331.683520][T24095] ops_init+0x77/0x5f0 [ 1331.683549][T24095] setup_net+0x118/0x3a0 [ 1331.683576][T24095] ? __pfx_setup_net+0x10/0x10 [ 1331.683603][T24095] ? mutex_init_lockdep+0xf1/0x120 [ 1331.683632][T24095] copy_net_ns+0x46f/0x7c0 [ 1331.683666][T24095] create_new_namespaces+0x3ea/0xac0 [ 1331.683703][T24095] unshare_nsproxy_namespaces+0xf2/0x220 [ 1331.683757][T24095] ksys_unshare+0x438/0xab0 [ 1331.683795][T24095] ? __pfx_ksys_unshare+0x10/0x10 [ 1331.683831][T24095] ? xfd_validate_state+0x129/0x190 [ 1331.683865][T24095] __x64_sys_unshare+0x31/0x40 [ 1331.683901][T24095] do_syscall_64+0x10b/0xf80 [ 1331.683939][T24095] ? clear_bhb_loop+0x40/0x90 [ 1331.683970][T24095] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1331.683996][T24095] RIP: 0033:0x7f6f5099c819 [ 1331.684016][T24095] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1331.684043][T24095] RSP: 002b:00007f6f51822028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 1331.684067][T24095] RAX: ffffffffffffffda RBX: 00007f6f50c15fa0 RCX: 00007f6f5099c819 [ 1331.684084][T24095] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 1331.684100][T24095] RBP: 00007f6f50a32c91 R08: 0000000000000000 R09: 0000000000000000 [ 1331.684116][T24095] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1331.684132][T24095] R13: 00007f6f50c16038 R14: 00007f6f50c15fa0 R15: 00007ffcd078a2a8 [ 1331.684163][T24095] [ 1331.991436][T24109] __vm_enough_memory: pid: 24109, comm: syz.2.5798, bytes: 4398046457856 not enough memory for the allocation [ 1333.391185][T24122] FAULT_INJECTION: forcing a failure. [ 1333.391185][T24122] name failslab, interval 1, probability 0, space 0, times 0 [ 1333.472558][T24122] CPU: 0 UID: 0 PID: 24122 Comm: syz.2.5802 Tainted: G L syzkaller #0 PREEMPT(full) [ 1333.472601][T24122] Tainted: [L]=SOFTLOCKUP [ 1333.472611][T24122] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1333.472627][T24122] Call Trace: [ 1333.472635][T24122] [ 1333.472645][T24122] dump_stack_lvl+0x100/0x190 [ 1333.472694][T24122] should_fail_ex.cold+0x5/0xa [ 1333.472727][T24122] should_failslab+0xc2/0x120 [ 1333.472757][T24122] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1333.472792][T24122] ? __io_uring_add_tctx_node+0x1ac/0x4c0 [ 1333.472821][T24122] ? alloc_file_pseudo+0x1a5/0x230 [ 1333.472857][T24122] __io_uring_add_tctx_node+0x1ac/0x4c0 [ 1333.472887][T24122] ? __pfx___io_uring_add_tctx_node+0x10/0x10 [ 1333.472918][T24122] ? __anon_inode_getfile+0x17c/0x280 [ 1333.472953][T24122] io_uring_setup.cold+0x1993/0x1c6e [ 1333.472999][T24122] ? __pfx_io_uring_setup+0x10/0x10 [ 1333.473040][T24122] ? __pfx_do_futex+0x10/0x10 [ 1333.473071][T24122] ? __pfx_do_sys_openat2+0x10/0x10 [ 1333.473118][T24122] ? xfd_validate_state+0x129/0x190 [ 1333.473151][T24122] __x64_sys_io_uring_setup+0xc2/0x170 [ 1333.473190][T24122] do_syscall_64+0x10b/0xf80 [ 1333.473228][T24122] ? clear_bhb_loop+0x40/0x90 [ 1333.473259][T24122] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1333.473285][T24122] RIP: 0033:0x7f4f29f9c819 [ 1333.473306][T24122] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1333.473331][T24122] RSP: 002b:00007f4f2ae35028 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 1333.473355][T24122] RAX: ffffffffffffffda RBX: 00007f4f2a215fa0 RCX: 00007f4f29f9c819 [ 1333.473372][T24122] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006 [ 1333.473388][T24122] RBP: 00007f4f2a032c91 R08: 0000000000000000 R09: 0000000000000000 [ 1333.473403][T24122] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1333.473419][T24122] R13: 00007f4f2a216038 R14: 00007f4f2a215fa0 R15: 00007ffe27d13e88 [ 1333.473451][T24122] [ 1334.212628][T24122] ------------[ cut here ]------------ [ 1334.218574][T24122] !test_bit(IO_WQ_BIT_EXIT, &wq->state) [ 1334.218592][T24122] WARNING: io_uring/io-wq.c:1396 at io_wq_put_and_exit+0x8a7/0x9d0, CPU#0: syz.2.5802/24122 [ 1334.234721][T24122] Modules linked in: [ 1334.238652][T24122] CPU: 0 UID: 0 PID: 24122 Comm: syz.2.5802 Tainted: G L syzkaller #0 PREEMPT(full) [ 1334.249788][T24122] Tainted: [L]=SOFTLOCKUP [ 1334.254726][T24122] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1334.265302][T24122] RIP: 0010:io_wq_put_and_exit+0x8a7/0x9d0 [ 1334.271163][T24122] Code: ff e8 fd f4 17 fd 44 0f b6 74 24 78 31 ff 44 89 f6 e8 3d ef 17 fd 45 84 f6 0f 85 1a fd ff ff e9 67 fd ff ff e8 da f4 17 fd 90 <0f> 0b 90 e9 00 f8 ff ff e8 2c d5 83 fd e9 72 f8 ff ff 48 8b 3c 24 [ 1334.292631][T24122] RSP: 0018:ffffc9000203fb50 EFLAGS: 00010287 [ 1334.299470][T24122] RAX: 0000000000012eac RBX: ffff88802d67e000 RCX: ffffc90005ea1000 [ 1334.307569][T24122] RDX: 0000000000080000 RSI: ffffffff84f0d086 RDI: ffff888031a40000 [ 1334.315621][T24122] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000 [ 1334.323764][T24122] R10: 0000000000000000 R11: ffffffffffff81d8 R12: 1ffff92000407f8c [ 1334.331772][T24122] R13: 0000000000000000 R14: ffff888031a40968 R15: ffff88805df99c18 [ 1334.340083][T24122] FS: 00007f4f2ae356c0(0000) GS:ffff8881242f6000(0000) knlGS:0000000000000000 [ 1334.349113][T24122] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1334.356295][T24122] CR2: 00007f4f29fe9f00 CR3: 000000005270e000 CR4: 00000000003526f0 [ 1334.364708][T24122] Call Trace: [ 1334.368046][T24122] [ 1334.370987][T24122] ? dump_stack_lvl+0x17c/0x190 [ 1334.375930][T24122] ? __pfx_io_wq_put_and_exit+0x10/0x10 [ 1334.382282][T24122] ? rcu_is_watching+0x12/0xc0 [ 1334.387662][T24122] ? trace_kmalloc+0xe3/0x110 [ 1334.392370][T24122] ? __kmalloc_cache_noprof+0x298/0x6f0 [ 1334.398005][T24122] ? __io_uring_add_tctx_node+0x1ac/0x4c0 [ 1334.403950][T24122] __io_uring_add_tctx_node+0x3e8/0x4c0 [ 1334.409649][T24122] ? __pfx___io_uring_add_tctx_node+0x10/0x10 [ 1334.415798][T24122] ? __anon_inode_getfile+0x17c/0x280 [ 1334.421205][T24122] io_uring_setup.cold+0x1993/0x1c6e [ 1334.426594][T24122] ? __pfx_io_uring_setup+0x10/0x10 [ 1334.431831][T24122] ? __pfx_do_futex+0x10/0x10 [ 1334.436622][T24122] ? __pfx_do_sys_openat2+0x10/0x10 [ 1334.441903][T24122] ? xfd_validate_state+0x129/0x190 [ 1334.447187][T24122] __x64_sys_io_uring_setup+0xc2/0x170 [ 1334.452683][T24122] do_syscall_64+0x10b/0xf80 [ 1334.457359][T24122] ? clear_bhb_loop+0x40/0x90 [ 1334.462628][T24122] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1334.468997][T24122] RIP: 0033:0x7f4f29f9c819 [ 1334.473517][T24122] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1334.494035][T24122] RSP: 002b:00007f4f2ae35028 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 1334.502477][T24122] RAX: ffffffffffffffda RBX: 00007f4f2a215fa0 RCX: 00007f4f29f9c819 [ 1334.511058][T24122] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006 [ 1334.519206][T24122] RBP: 00007f4f2a032c91 R08: 0000000000000000 R09: 0000000000000000 [ 1334.527228][T24122] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1334.535255][T24122] R13: 00007f4f2a216038 R14: 00007f4f2a215fa0 R15: 00007ffe27d13e88 [ 1334.543312][T24122] [ 1334.546370][T24122] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 1334.553670][T24122] CPU: 0 UID: 0 PID: 24122 Comm: syz.2.5802 Tainted: G L syzkaller #0 PREEMPT(full) [ 1334.564805][T24122] Tainted: [L]=SOFTLOCKUP [ 1334.569137][T24122] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1334.579211][T24122] Call Trace: [ 1334.582510][T24122] [ 1334.585450][T24122] dump_stack_lvl+0x100/0x190 [ 1334.590159][T24122] vpanic+0x552/0x970 [ 1334.594164][T24122] ? __pfx_vpanic+0x10/0x10 [ 1334.598714][T24122] panic+0xd1/0xe0 [ 1334.602451][T24122] ? __pfx_panic+0x10/0x10 [ 1334.606911][T24122] check_panic_on_warn.cold+0x19/0x34 [ 1334.612300][T24122] ? io_wq_put_and_exit+0x8a7/0x9d0 [ 1334.617526][T24122] __warn.cold+0x191/0x328 [ 1334.621964][T24122] __report_bug+0x296/0x3d0 [ 1334.626611][T24122] ? io_wq_put_and_exit+0x8a7/0x9d0 [ 1334.631840][T24122] ? __pfx___report_bug+0x10/0x10 [ 1334.636917][T24122] ? _printk+0xcf/0x110 [ 1334.641104][T24122] ? __pfx___schedule+0x10/0x10 [ 1334.645981][T24122] ? is_bpf_text_address+0x8a/0x1a0 [ 1334.651207][T24122] ? io_wq_put_and_exit+0x8a7/0x9d0 [ 1334.656441][T24122] report_bug+0xb2/0x220 [ 1334.660737][T24122] ? io_wq_put_and_exit+0x8a7/0x9d0 [ 1334.665957][T24122] handle_bug+0x16a/0x2a0 [ 1334.670309][T24122] exc_invalid_op+0x17/0x50 [ 1334.674837][T24122] asm_exc_invalid_op+0x1a/0x20 [ 1334.679707][T24122] RIP: 0010:io_wq_put_and_exit+0x8a7/0x9d0 [ 1334.685537][T24122] Code: ff e8 fd f4 17 fd 44 0f b6 74 24 78 31 ff 44 89 f6 e8 3d ef 17 fd 45 84 f6 0f 85 1a fd ff ff e9 67 fd ff ff e8 da f4 17 fd 90 <0f> 0b 90 e9 00 f8 ff ff e8 2c d5 83 fd e9 72 f8 ff ff 48 8b 3c 24 [ 1334.705176][T24122] RSP: 0018:ffffc9000203fb50 EFLAGS: 00010287 [ 1334.711265][T24122] RAX: 0000000000012eac RBX: ffff88802d67e000 RCX: ffffc90005ea1000 [ 1334.719277][T24122] RDX: 0000000000080000 RSI: ffffffff84f0d086 RDI: ffff888031a40000 [ 1334.727262][T24122] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000 [ 1334.735250][T24122] R10: 0000000000000000 R11: ffffffffffff81d8 R12: 1ffff92000407f8c [ 1334.743265][T24122] R13: 0000000000000000 R14: ffff888031a40968 R15: ffff88805df99c18 [ 1334.751364][T24122] ? io_wq_put_and_exit+0x8a6/0x9d0 [ 1334.756589][T24122] ? dump_stack_lvl+0x17c/0x190 [ 1334.761490][T24122] ? __pfx_io_wq_put_and_exit+0x10/0x10 [ 1334.767059][T24122] ? rcu_is_watching+0x12/0xc0 [ 1334.771841][T24122] ? trace_kmalloc+0xe3/0x110 [ 1334.776534][T24122] ? __kmalloc_cache_noprof+0x298/0x6f0 [ 1334.782190][T24122] ? __io_uring_add_tctx_node+0x1ac/0x4c0 [ 1334.787931][T24122] __io_uring_add_tctx_node+0x3e8/0x4c0 [ 1334.793497][T24122] ? __pfx___io_uring_add_tctx_node+0x10/0x10 [ 1334.799586][T24122] ? __anon_inode_getfile+0x17c/0x280 [ 1334.804980][T24122] io_uring_setup.cold+0x1993/0x1c6e [ 1334.810334][T24122] ? __pfx_io_uring_setup+0x10/0x10 [ 1334.815560][T24122] ? __pfx_do_futex+0x10/0x10 [ 1334.820330][T24122] ? __pfx_do_sys_openat2+0x10/0x10 [ 1334.825571][T24122] ? xfd_validate_state+0x129/0x190 [ 1334.830795][T24122] __x64_sys_io_uring_setup+0xc2/0x170 [ 1334.836303][T24122] do_syscall_64+0x10b/0xf80 [ 1334.840925][T24122] ? clear_bhb_loop+0x40/0x90 [ 1334.845628][T24122] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1334.851549][T24122] RIP: 0033:0x7f4f29f9c819 [ 1334.855998][T24122] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1334.875722][T24122] RSP: 002b:00007f4f2ae35028 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 1334.884172][T24122] RAX: ffffffffffffffda RBX: 00007f4f2a215fa0 RCX: 00007f4f29f9c819 [ 1334.892169][T24122] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006 [ 1334.900145][T24122] RBP: 00007f4f2a032c91 R08: 0000000000000000 R09: 0000000000000000 [ 1334.908121][T24122] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1334.916101][T24122] R13: 00007f4f2a216038 R14: 00007f4f2a215fa0 R15: 00007ffe27d13e88 [ 1334.924103][T24122] [ 1334.927198][T24122] Kernel Offset: disabled [ 1334.931540][T24122] Rebooting in 86400 seconds..