last executing test programs: 20m23.059287998s ago: executing program 0 (id=4877): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x15, 0x5, 0x0) get_robust_list$auto(0x1, 0x0, 0x0) r0 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000040), 0x8006, 0x0) ioctl$auto_PPPIOCSMRU(r0, 0xc004743e, 0x0) ioctl$auto_PPPIOCSFLAGS(r0, 0x40047459, 0x0) write$auto(0x3, 0x0, 0xfdef) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xeffd}, 0x1) 20m22.173874499s ago: executing program 0 (id=4881): mmap$auto(0x0, 0xe983, 0x6, 0xeb1, 0xffffffffffffffff, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) r0 = openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000040), 0x200, 0x0) ioctl$auto_IOCTL_VMCI_VERSION2(r0, 0x7a7, 0x0) ioctl$auto_IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, 0x6) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) capset$auto(&(0x7f0000000180)={0x19980330}, 0x0) mremap$auto(0x4000, 0xfee0, 0x3fd6, 0x3, 0x0) ioctl$auto_IOCTL_VMCI_QUEUEPAIR_ALLOC(r0, 0x7a8, 0x0) 20m21.661647343s ago: executing program 0 (id=4883): r0 = socket$nl_generic(0x10, 0x3, 0x10) write$auto_seq_oss_f_ops_seq_oss(0xffffffffffffffff, 0x0, 0x0) r1 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r0, 0x0, 0x40001) sendmmsg$auto(r1, &(0x7f0000000200)={{0x0, 0x60, &(0x7f0000000000)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f0000000080), 0x7, 0xa505}, 0x800}, 0x7, 0x4008) r2 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/swradio12\x00', 0x0, 0x0) r3 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000280)='/proc/thread-self/fail-nth\x00', 0x2, 0x0) write$auto(r3, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) poll$auto(&(0x7f0000000480)={r2, 0xffff, 0x29}, 0x3, 0x8) 20m20.703794485s ago: executing program 0 (id=4888): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) capset$auto(&(0x7f0000000180)={0x19980330}, 0x0) sendmsg$auto_TIPC_NL_BEARER_ENABLE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="00010000", @ANYRES16=0x0, @ANYBLOB="000326bd7000fcdbdf2503000000790008805b4f2525b2dc3a73ec37e7122e6f0d55382854d419b883b7ed64bd3c7b9fb15273e787030718751e0a22cc6cabcae114aa6448d0356183e1ca7c01536c5c6f37915b26a3e75515ab02807fe932b8a415a581dcdc7800f91e231c001d800400d3800c002000f3000000002b3c0c7e9b"], 0x100}, 0x1, 0x0, 0x0, 0x8000}, 0x42) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x2, 0x15) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1000"], 0x1ac}, 0x1, 0x0, 0x0, 0x22004840}, 0x4001) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 20m20.175321553s ago: executing program 0 (id=4893): mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0xa, 0x0) r0 = socket(0x2, 0x3, 0x6) lsm_list_modules$auto(0x0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) open(&(0x7f0000000040)='./file0\x00', 0x8643, 0x15e) ioctl$sock_SIOCGIFINDEX(r0, 0x401c5820, 0x0) rename$auto(&(0x7f0000000480)='./file0\x00', 0x0) 20m19.756948036s ago: executing program 0 (id=4894): syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x103e81, 0x0) epoll_create$auto(0x3e) mmap$auto(0x0, 0x20009, 0x2, 0x1010, 0x401, 0x8000) syz_open_procfs$namespace(0x0, &(0x7f0000000080)) read$auto(0xffffffffffffffff, 0x0, 0x0) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000140)={{0x0, 0x12, 0x0, 0x6, 0x0, 0x2, 0xb}, 0x800008}, 0x1ff, 0x1ffffff8) semget$auto(0x0, 0x13c, 0x1ff) semctl$auto(0x0, 0x9, 0x0, 0x2) 20m4.488440535s ago: executing program 32 (id=4894): syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x103e81, 0x0) epoll_create$auto(0x3e) mmap$auto(0x0, 0x20009, 0x2, 0x1010, 0x401, 0x8000) syz_open_procfs$namespace(0x0, &(0x7f0000000080)) read$auto(0xffffffffffffffff, 0x0, 0x0) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000140)={{0x0, 0x12, 0x0, 0x6, 0x0, 0x2, 0xb}, 0x800008}, 0x1ff, 0x1ffffff8) semget$auto(0x0, 0x13c, 0x1ff) semctl$auto(0x0, 0x9, 0x0, 0x2) 18.046601111s ago: executing program 4 (id=9229): socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x3, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0x2, 0x80802, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_smc_gen_netlink(0x0, 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/v4l-subdev6\x00', 0x103280, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/pci/00/01.3\x00', 0x40d01, 0x0) openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000140), 0x8040, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000001bc0)='/dev/sequencer2\x00', 0x1, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/012/001\x00', 0x360240, 0x0) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/controlC2\x00', 0x2000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x28b42, 0x0) clone$auto(0x20003b46, 0x7, 0x0, 0x0, 0x4) open(0x0, 0x261c2, 0x84) socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) r0 = openat$auto_ucma_fops_ucma(0xffffffffffffff9c, &(0x7f0000000180), 0x101002, 0x0) write$auto(r0, 0x0, 0xc3) 17.772363317s ago: executing program 4 (id=9230): socket(0x28, 0x5, 0x0) socket(0x1d, 0x2, 0x2) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @multicast2}, 0x54) socket(0x10, 0x2, 0x4) mmap$auto(0x0, 0x202000a, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) socketpair$auto(0x1e, 0x5, 0x3, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x155) socket(0x2, 0x2, 0x0) r0 = socket(0x2, 0x1, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x155) socket(0x2, 0x1, 0x106) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0xffff, @remote}, 0x6a) socket(0x2, 0x1, 0x106) listen$auto(0x3, 0x81) accept$auto(0x3, 0xffffffffffffffff, 0xfffffffffffffffd) ustat$auto(0x801, 0x0) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x5, 0x20000000) 17.134235445s ago: executing program 4 (id=9234): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0x2a, 0x80002, 0x73) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video1\x00', 0xc0400, 0x0) open(&(0x7f0000000100)='.\x00', 0x0, 0x408) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) open(0x0, 0x64842, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x0, 0x0) socket(0x11, 0x2, 0x6) openat$auto_nvram_misc_fops_nvram(0xffffffffffffff9c, 0x0, 0x2, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, 0x0, 0x222680, 0x0) signalfd4$auto(0xffffffffffffffff, 0x0, 0x8, 0x800) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x101e81, 0x0) socketpair$auto(0x4004, 0x8, 0x7, 0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) ioctl$auto_TIOCSETD2(r0, 0x5423, 0x0) close_range$auto(0x2, 0x8000, 0x0) 16.49256671s ago: executing program 4 (id=9236): socket$nl_generic(0x10, 0x3, 0x10) openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000000), 0x80001, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, 0x0, 0x1c2, 0x0) madvise$auto_MADV_GUARD_INSTALL(0x0, 0x100000000, 0x66) madvise$auto(0x1000, 0x400050, 0x9) 16.008396323s ago: executing program 4 (id=9249): socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, 0x0, 0x1c2, 0x0) madvise$auto_MADV_GUARD_INSTALL(0x0, 0x100000000, 0x66) madvise$auto(0x1000, 0x400050, 0x9) 15.66815105s ago: executing program 4 (id=9242): unshare$auto(0x40000080) write$auto(0xffffffffffffffff, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/audio\x00', 0x5e1041, 0x0) ioctl$auto_SNDCTL_DSP_GETBLKSIZE(r0, 0xc0045004, &(0x7f0000000000)) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) r1 = io_uring_setup$auto(0x5, 0x0) close_range$auto(0x2, r1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2b, 0x1, 0x0) mmap$auto(0x0, 0x400008, 0x805, 0x9b72, 0x2, 0x8000) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0xffff, @remote}, 0x6d) socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$auto(0x3, 0xae64, 0xffffffffffffffff) close_range$auto(0x2, 0x8, 0x0) syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000040), 0xffffffffffffffff) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8004) close_range$auto(0x2, 0xffffffffffffffff, 0x48) openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, &(0x7f0000000000), 0x40000, 0x0) ioctl$auto(0x3, 0xc08c5336, 0x38) 12.40999373s ago: executing program 2 (id=9252): unshare$auto(0x40000080) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) socket(0x29, 0xa, 0xb) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000140), 0x8f80, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) mremap$auto(0xfffff000, 0x4, 0x4, 0x6, 0x1001ff000) r3 = prctl$auto(0x38, 0x1, 0x4, 0xd73, 0x7) madvise$auto(0x0, 0x2003f2, 0x15) syz_genetlink_get_family_id$auto_ethtool(0x0, r1) fgetxattr$auto(r3, &(0x7f0000000280)='\\@--*\x86\\#]:+]\xc5\x00', 0x0, 0x68) getsockopt$auto(r3, 0x0, 0x2, 0xffffffffffffffff, 0x0) connect$auto(0x3, 0x0, 0x54) r4 = socket(0x2b, 0x1, 0x1) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/block/nbd13/trace/pid\x00', 0x62142, 0x0) setsockopt$auto_SO_BSDCOMPAT(r4, 0x6, 0xe, 0x0, 0x80001) madvise$auto(0x0, 0xffffffffffff0005, 0x19) sendmsg$auto_CTRL_CMD_GETPOLICY(r1, 0x0, 0x10) openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, 0x0, 0x40000, 0x0) madvise$auto(0x0, 0xffffffffffff0001, 0x15) 12.006669593s ago: executing program 3 (id=9254): mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) r0 = openat$auto_minstrel_ht_stat_csv_fops_rc80211_minstrel_ht_debugfs(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/debug/ieee80211/phy12/netdev:wlan0/stations/08:02:11:00:00:01/rc_stats_csv\x00', 0x21880, 0x0) getsockopt$auto_SO_MEMINFO(r0, 0x8, 0x37, &(0x7f0000000040)='\x00', &(0x7f00000001c0)=0x1) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x19) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) mmap$auto(0x0, 0x2000007, 0x3, 0xeb4, r0, 0x8000) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto_KVM_GET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f0000000080)={0x9, 0x0, [{0x48, 0x400, 0x1f}]}) sendmsg$auto_ETHTOOL_MSG_FEATURES_SET(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={0x0, 0x14}}, 0x24048004) futex$auto(0x0, 0x9, 0x3e, 0x0, 0x0, 0x0) r2 = openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x101001, 0x0) ioctl$auto_UI_DEV_SETUP(r2, 0x405c5503, &(0x7f00000000c0)={{0x9, 0xf2cf, 0x8, 0x80}, "6a034a07c7b82d90b69a39e32576f893fb4a3836d61c9100fefbbabea6ef9368c7996e841f3f1561d4992f726b0a6c36b0b2fd1678e816201cf562367fe6596824588a2e3d84ba165f00", 0xa}) ioctl$auto_UI_DEV_CREATE(r2, 0x5501, 0x0) writev$auto(r2, &(0x7f0000000340)={0x0, 0x500000}, 0x9) 10.236414648s ago: executing program 3 (id=9255): setresuid$auto(0x8, 0x8, 0x0) r0 = setfsuid$auto(0xee00) setreuid$auto(r0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'netdevsim0\x00'}) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000140)='/proc/self/net/rt_acct\x00', 0x840, 0x0) fsconfig$auto(r1, 0x2, &(0x7f0000000180)='\x00', &(0x7f0000000580)="10ab6b39a25e5d9c4947936e05c1ebf9895356b0a5fc915241b26bebe1bf3648ecb6260c4d40bcaaf9620450e0f236d9cf2e9bfa15663032904f14a0bfebeb6f41d8f77bd0bca982", 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) syz_genetlink_get_family_id$auto_tipcv2(&(0x7f000000c180), 0xffffffffffffffff) pipe2$auto(&(0x7f0000000140)=0x2, 0x800) read$auto(0x4, 0x0, 0x80) syz_genetlink_get_family_id$auto_macsec(&(0x7f0000000080), r1) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) fsconfig$auto(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, 0x0, 0x802, 0x0) mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x40eb2, 0xd, 0x300000000000) close_range$auto(0x0, 0xfffffffffffff000, 0x0) bpf$auto(0x0, &(0x7f00000001c0)=@bpf_attr_0={0xa, 0xb8, 0x10, 0x4, 0x4, 0xffffffffffffffff, 0xa, "2af051b26b658a20d8dc6b36c83ce63f", 0x0, 0xffffffffffffffff, 0x5, 0x7, 0x7, 0x6}, 0xf) bpf$auto(0x1a, &(0x7f0000000380)=@link_create={@prog_fd, @target_ifindex=r3, 0x3, 0x81, @uprobe_multi={0x3, 0x1ff, 0x3d7e, 0x0, 0x1, 0x4}}, 0x96) 9.302175918s ago: executing program 2 (id=9257): mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0xffffffffffffffff, 0x8000) socket(0x2, 0x2, 0x0) bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x50) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) setsockopt$auto(0x3, 0x1, 0x2a, 0x0, 0x9) recvmmsg$auto(0x3, 0x0, 0x10000, 0x6, 0x0) socket(0xa, 0x2, 0x73) fanotify_init$auto(0x1f53, 0x2000000000002) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x2, 0x0) socket(0x29, 0x2, 0x0) select$auto(0x8, 0x0, 0x0, 0x0, 0x0) connect$auto(0x3, 0x0, 0x55) sendmmsg$auto(0xffffffffffffffff, 0x0, 0x1a000, 0x100) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, 0x0, 0x0) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(0x2, 0x0, 0x0, 0x3) mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x40eb2, 0xd, 0x300000000000) semctl$auto_SEM_INFO(0x0, 0xfffffffd, 0x13, 0x1) 8.823944227s ago: executing program 3 (id=9258): mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) r0 = socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) socket(0x2, 0x2, 0x0) sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xfffffffffffffffb) ioctl$auto_SOUND_PCM_READ_CHANNELS(r0, 0x80045006, &(0x7f0000000240)) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x787b, 0x7000000) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0x4) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000000180)=""/93, 0x5d) r1 = openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x60042, 0x0) mprotect$auto(0xa0000000000, 0x2, 0x9) r2 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, 0x0, 0x200, 0x0) sendto$auto(r1, &(0x7f0000000200)="3f7ba63f71d98e6a0dfb329b208c4afb269963b846c9f1dbadbd61274d6ef432f63d61281e67e9ab171ddb1c55af6f7832d446878e6988878f96c94b9cf6f80e30a366088670fd7133daa6c2c8f541d4b9d5a89f0e625112ac603bd24b006eee43968ba6efa7b7118994cc8989da077040e384ff7b17f40c759c9c77c57077b6d95b96fa5be13471644bb53c056bca0db4c79d0c69a22a24d31186da1a16bd9b24561c1af20f0a", 0x5, 0x1ff, &(0x7f00000002c0)=@nl=@kern={0x10, 0x0, 0x0, 0x20000}, 0x7) write$auto(r2, 0x0, 0xb) write$auto(0x3, 0x0, 0x100082) 8.62841341s ago: executing program 1 (id=9259): prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) connect$auto(0x3, 0x0, 0x54) r0 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/key-users\x00', 0x18b800, 0x0) openat$auto_cachefiles_daemon_fops_internal(0xffffffffffffff9c, &(0x7f0000000000), 0x402, 0x0) pread64$auto(r0, 0x0, 0x8100000041, 0x413e) r1 = socket(0x15, 0x5, 0x0) mmap$auto(0x6, 0x400004, 0x100, 0x1a, r1, 0x800008004) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dri/card1\x00', 0x100, 0x0) socket(0x2, 0x1, 0x0) fsopen$auto(0x0, 0x1) openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000400)='/dev/mtd0\x00', 0x28082, 0x0) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = socketcall$auto(0xffe, 0x0) close_range$auto(0x2, 0xa, 0x0) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000000c0), 0xe0300, 0x0) ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$auto(0x3, 0xae60, 0x10000000000402) ioctl$auto(0x3, 0x4008ae61, r2) 8.285771399s ago: executing program 2 (id=9260): ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) close_range$auto(0x2, 0x8, 0xffffffff) connect$auto(0xffffffffffffffff, &(0x7f00000000c0)=@qipcrtr={0x2a, 0x1, 0xfffffffe}, 0x55) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) write$auto(r1, &(0x7f0000000000)='//\xf2\x00', 0x80000000) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x581402, 0x0) r2 = openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000000080), 0xc0402, 0x0) ioctl$auto_posix_clock_file_operations_posix_clock(r2, 0xc0403d11, 0x0) madvise$auto(0x0, 0x2003f2, 0x15) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r3, &(0x7f00000003c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4G\x0f\xed\xc0D\xd6\xaf%\xa5\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xccT\fZq', 0x100000a3da) close_range$auto(0x0, 0xfffffffffffff001, 0x2) socket(0x11, 0x80003, 0x300) socket(0x29, 0x5, 0x0) open(&(0x7f0000000040)='./cgroup\x00', 0x80, 0xb5d1af1605322de0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda1\x00', 0x0, 0x0) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) 8.232042755s ago: executing program 3 (id=9261): mmap$auto(0x0, 0x2020009, 0x3, 0x9000000eb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) write$auto(r0, &(0x7f0000000040)='//\xf2\x00', 0x80000000) write$auto(r0, 0x0, 0x2) getrlimit$auto(0x3, 0x0) fdatasync$auto(r0) ioctl$auto_BLKZEROOUT(0xffffffffffffffff, 0x127f, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(0xffffffffffffffff, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xc8d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\xc6\x00\x89\te\x8d\a\xfb\\n\x89C:\x84D\x10u\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k', 0x100000a3d9) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x8ea182, 0x0) sendfile$auto(0x3, 0x3, 0x0, 0x400000000006) openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x1000, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) init_module$auto(0x0, 0xffff9, 0x0) r1 = pidfd_open$auto(0x1, 0x0) setns(r1, 0x2000000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x8000000000000000, 0x15) madvise$auto(0x0, 0x2000000080000001, 0x3) close_range$auto(0x2, 0xffffffffffffffff, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) 8.230708781s ago: executing program 1 (id=9269): r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r1 = socket(0xa, 0x801, 0x84) bind$auto(r0, 0x0, 0x81) r2 = openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f0000000140)='/dev/cuse\x00', 0x1c1041, 0x0) write$auto_fuse_dev_operations_fuse_i(r2, &(0x7f0000000440), 0x0) r3 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) syz_genetlink_get_family_id$auto_nl802154(0x0, r3) sendmsg$auto_NL802154_CMD_SEND_BEACONS(r1, 0x0, 0x24000014) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x2242, 0x0) openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, 0x0, 0x40000, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/tracing/trace_pipe\x00', 0x20c01, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D3\x00', 0x1, 0x0) select$auto(0x9, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x0, 0x15f4da07, 0x6, 0x10, 0x64, 0x80000020, 0x1000, 0xb, 0x9, 0x2, 0x8]}, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x8000000000001fd, 0x20000000007, 0x1, 0xbc3, 0x0, 0x3, 0x5, 0x10001, 0x400000000003, 0x5, 0xffffffffffffffff, 0xfffffffffffffffe, 0x6, 0x9, 0xffffffffffffff81, 0x4]}, 0x0) 7.792337469s ago: executing program 1 (id=9262): socket(0x2a, 0x80000, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x0, @remote}, 0x6a) write$auto_proc_loginuid_operations_base(0xffffffffffffffff, &(0x7f0000000040)="9dc4e29815c3dd855a4340428a12ae12c859250e55d63ef492651f515f9a76158c045ff86707a23e18496d5d7129a8e340b7ebcd1806c7b26420ea05ca", 0x3d) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/fs/orangefs/dcache_timeout_msecs\x00', 0x8ea182, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x800, 0x0) write$auto(0xffffffffffffffff, &(0x7f00000001c0)='1\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), 0xffffffffffffffff) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) close_range$auto(0x2, 0x8, 0x0) r1 = socket(0x2, 0x80002, 0x73) socket(0xa, 0x1, 0x84) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) sysfs$auto(0x2, 0x23, 0x0) openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/set_event\x00', 0x20201, 0x0) bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) write$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000000000)="42bf", 0x2) syz_genetlink_get_family_id$auto_netdev(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$auto_NETDEV_CMD_PAGE_POOL_GET(r1, 0x0, 0x0) getsockopt$auto(0xffffffffffffffff, 0x2, 0x0, 0x0, &(0x7f00000001c0)=0x8) 7.161840639s ago: executing program 2 (id=9263): socket(0xa, 0x5, 0x0) mmap$auto(0x0, 0x2020006, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) r0 = socket(0x2c, 0x3, 0x0) getsockopt$auto(r0, 0x11b, 0x8, 0x0, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x17) r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/raw\x00', 0x0, 0x0) read$auto(r1, 0x0, 0x5) 6.686805115s ago: executing program 1 (id=9264): close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0xa, 0x801, 0x100) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0x2, 0x1, 0x106) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0xffffffffffffffff, 0x8000) socket(0x2, 0x2, 0x0) bind$auto(0x3, 0x0, 0x6a) connect$auto(0x3, 0x0, 0x50) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x700, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) pwrite64$auto(0xc8, 0x0, 0xfdf0, 0x39) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) getsockopt$auto_SO_RCVMARK(0xffffffffffffffff, 0x0, 0x4b, 0x0, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x6, 0x0) shutdown$auto(0x200000003, 0x400002) madvise$auto(0x0, 0xfffffffffffeffff, 0x15) prctl$auto(0x43, 0xe, 0x0, 0x0, 0x0) prctl$auto(0x43, 0x0, 0x0, 0x0, 0x0) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) 5.781700546s ago: executing program 2 (id=9265): r0 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0x800000000000eb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) syz_genetlink_get_family_id$auto_batadv(0x0, 0xffffffffffffffff) r1 = socket(0x11, 0x3, 0x0) mmap$auto(0x200000000, 0x5, 0x8, 0x40009b72, 0x2, 0x8000) r2 = io_uring_setup$auto(0x89, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r3 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), r2) sendmsg$auto_NL80211_CMD_START_P2P_DEVICE(r0, &(0x7f0000000340)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000300)={&(0x7f00000001c0)={0x11c, r3, 0x2, 0x70bd29, 0x25dfdbfe, {}, [@NL80211_ATTR_AP_SETTINGS_FLAGS={0x8}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x9}, @NL80211_ATTR_SUPPORTED_SELECTORS={0x71, 0x14e, "a75ee966bb4e07e64012e5c11e03d05f852c67d8e238c861023c06a39deeff4c1298de726063c7671f306af2bf11901ff71a2cf2ab13136fddbf22df1a418303dd8deaf09b5fe37cbab0c73636adfb6a0ff4e3f693ba3a018850ce1dac063865a5368d15450e4c7da5b9ac28ba"}, @NL80211_ATTR_PBSS={0x4}, @NL80211_ATTR_SAE_PASSWORD={0x42, 0x115, "84862451deafea6f76a8053574615face8d827b86d00e33737fa83129736592ac0dbc7bc08fd4271ec97b09e7568e64ab863e9ff94e41a8397a917762c48"}, @NL80211_ATTR_MU_MIMO_GROUP_DATA={0x1c, 0xe7, "a683deda8da05395c7785d540971eb30c83838cdb45d036b"}, @NL80211_ATTR_FILS_ERP_USERNAME={0x11, 0xf9, "cc47c79bf532aa6b4b04b8f10c"}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x5}]}, 0x11c}, 0x1, 0x0, 0x0, 0x20000090}, 0x4891) close_range$auto(0x2, 0xa, 0x0) setsockopt$auto_SO_RCVTIMEO_NEW(r1, 0x1ff, 0x42, &(0x7f0000000040)=']J\x00', 0xc5dc) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/platform/vhci_hcd.0/usbip_debug\x00', 0x8002, 0x0) openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/domain_policy\x00', 0x40602, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ipvs(&(0x7f0000000dc0), r4) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) getsockopt$auto(0xffffffffffffffff, 0x114, 0x2714, 0xfffffffffffffffc, 0x0) preadv$auto(0x40000000000003, &(0x7f0000000080)={0x0, 0xf15a}, 0x6, 0x8, 0x5) read$auto(0x3, 0x0, 0x8080) 5.642451283s ago: executing program 3 (id=9266): semget$auto(0x0, 0x2e4a, 0x8000) semtimedop$auto(0x0, 0x0, 0x1f4, 0x0) mkdir$auto(0x0, 0x8cd) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x103042, 0x0) bpf$auto_BPF_OBJ_GET_INFO_BY_FD(0xf, &(0x7f00000002c0)=@test={0xffffffffffffffff, 0x0, 0x856, 0x189, 0x8, 0x7fff, 0x7fff, 0x10000, 0xc91a, 0x7, 0x5, 0x3, 0x3, 0x3, 0x6}, 0x1) unshare$auto(0x40000080) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x24}, 0x1, 0x0, 0x0, 0x20000010}, 0xc0) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x6) r0 = socket(0x2, 0x1, 0x0) bind$auto(r0, &(0x7f0000000040)=@in={0x2, 0x4e24, @remote}, 0x6a) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800008}, 0x5, 0x20000000) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x3}, 0x7}, 0x3, 0xcad7) mmap$auto(0x0, 0x40000a, 0xde, 0x9b72, 0x2, 0x8000) sendmsg$auto_NLBL_UNLABEL_C_ACCEPT(r0, 0x0, 0x8004) sendmmsg$auto(0x3, 0x0, 0x3, 0x0) openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, 0x0, 0x840, 0x0) 485.498795ms ago: executing program 33 (id=9242): unshare$auto(0x40000080) write$auto(0xffffffffffffffff, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/audio\x00', 0x5e1041, 0x0) ioctl$auto_SNDCTL_DSP_GETBLKSIZE(r0, 0xc0045004, &(0x7f0000000000)) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) r1 = io_uring_setup$auto(0x5, 0x0) close_range$auto(0x2, r1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2b, 0x1, 0x0) mmap$auto(0x0, 0x400008, 0x805, 0x9b72, 0x2, 0x8000) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0xffff, @remote}, 0x6d) socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$auto(0x3, 0xae64, 0xffffffffffffffff) close_range$auto(0x2, 0x8, 0x0) syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000040), 0xffffffffffffffff) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8004) close_range$auto(0x2, 0xffffffffffffffff, 0x48) openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, &(0x7f0000000000), 0x40000, 0x0) ioctl$auto(0x3, 0xc08c5336, 0x38) 480.538291ms ago: executing program 1 (id=9268): r0 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000400), 0x189002, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'macsec0\x00'}) ioctl$auto_PPPIOCSMRU(r0, 0xc004743e, 0x0) r2 = socket(0xa, 0x1, 0x84) syz_genetlink_get_family_id$auto_netdev(&(0x7f0000000300), r2) openat$auto_ptdump_fops_(0xffffffffffffff9c, &(0x7f0000000340), 0x140081, 0x0) mmap$auto(0x0, 0x10, 0xdf, 0x9b72, 0x2, 0x8000) r3 = openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f00000001c0), 0x40100, 0x0) futex$auto(0x0, 0x85, 0x38, 0x0, 0x0, 0x80800005) ioctl$auto_SNDRV_TIMER_IOCTL_SELECT(r3, 0x40345410, 0x0) ioctl$auto_SNDRV_TIMER_IOCTL_PARAMS(r3, 0x40505412, 0x0) getsockopt$auto(r2, 0x84, 0x80, 0x0, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x100) lstat$auto(0x0, 0x0) sendmsg$auto_OVS_DP_CMD_NEW(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="0f"], 0x24}, 0x1, 0x0, 0x0, 0x20000800}, 0x4) socket(0x10, 0x2, 0x6) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x4008810}, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1d"], 0x1ac}, 0x1, 0x0, 0x0, 0x8000}, 0x804) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x89}, 0x7}, 0x3, 0x0) 479.864802ms ago: executing program 2 (id=9270): mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) r0 = socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) socket(0x2, 0x2, 0x0) sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xfffffffffffffffb) ioctl$auto_SOUND_PCM_READ_CHANNELS(r0, 0x80045006, &(0x7f0000000240)) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x787b, 0x7000000) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0x4) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000000180)=""/93, 0x5d) r1 = openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x60042, 0x0) mprotect$auto(0xa0000000000, 0x2, 0x9) r2 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, 0x0, 0x200, 0x0) sendto$auto(r1, &(0x7f0000000200)="3f7ba63f71d98e6a0dfb329b208c4afb269963b846c9f1dbadbd61274d6ef432f63d61281e67e9ab171ddb1c55af6f7832d446878e6988878f96c94b9cf6f80e30a366088670fd7133daa6c2c8f541d4b9d5a89f0e625112ac603bd24b006eee43968ba6efa7b7118994cc8989da077040e384ff7b17f40c759c9c77c57077b6d95b96fa5be13471644bb53c056bca0db4c79d0c69a22a24d31186da1a16bd9b24561c1af20f0a", 0x5, 0x1ff, &(0x7f00000002c0)=@nl=@kern={0x10, 0x0, 0x0, 0x20000}, 0x7) write$auto(r2, 0x0, 0xb) write$auto(0x3, 0x0, 0x100082) 457.223402ms ago: executing program 3 (id=9277): mmap$auto(0x0, 0x20009, 0xe2, 0x13, 0x405, 0x8000) futex$auto(&(0x7f00000000c0)=0x81, 0x16bc, 0x4008, &(0x7f0000000140)={0x3c, 0x2}, &(0x7f0000000540)=0x6, 0x6) r0 = openat$auto_snd_mixer_oss_f_ops_mixer_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/mixer\x00', 0x902, 0x0) ioctl$auto(0x3, 0x80004508, 0x10000000000402) socket(0x2b, 0x1, 0x1) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) bpf$auto_BPF_MAP_CREATE(0x0, &(0x7f0000000400)=@raw_tracepoint={0x9d, r0, 0x0, 0x5}, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000600)='/sys/kernel/mm/lru_gen/enabled\x00', 0x2062, 0x0) write$auto(r1, &(0x7f00000001c0)='n\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) socket(0x2, 0x2, 0x0) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) sendmmsg$auto(0x3, 0x0, 0x9a5, 0x47ffff7a) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x5, 0x14, 0x944, 0x1ffe4, 0x3, 0x6, 0x4, 0x9, 0x400005, 0x4000fff, 0x8000007, 0x8001, 0x81, 0x5, 0x3, 0x4, 0x7, 0x20, 0x309, 0x8, 0xfffffffc, 0x7fffffff, 0x3, 0x2, 0x0, 0x1, 0x0, 0x0, [0x0, 0x0, 0x0, 0x4, 0x100000009, 0xa, 0x0, 0x4, 0xffffffffffffffff, 0x0, 0x0, 0x4000000000000, 0x2000000000000000, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x8000, 0x800000000002, 0x9, 0x0, 0xbec, 0x0, 0x0, 0xe, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x6, 0x0, 0x10, 0xfffffffffffffffe, 0xffffffffffffd059, 0x0, 0x0, 0x0, 0x2961, 0x45e0]}, 0x1fb, 0x81) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) syz_genetlink_get_family_id$auto_ovs_vport(0xfffffffffffffffe, 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) close_range$auto(0x2, 0x8, 0x0) openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, 0x0, 0x8006, 0x0) openat$auto_tracing_entries_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/tracing/per_cpu/cpu0/buffer_size_kb\x00', 0x10bb41, 0x0) write$auto(0x3, 0x0, 0xfdef) r2 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r2, &(0x7f0000000200)={{0x0, 0x1f00, &(0x7f0000000100)={0x0, 0xfdeb}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x4008) 0s ago: executing program 1 (id=9271): mmap$auto(0x800000, 0x202000b, 0x4, 0x15, 0xfffffffffffffffa, 0x0) mmap$auto(0x0, 0xffffffffd, 0x4000000000df, 0x10, 0x401, 0x300000000000) r0 = socket(0xa, 0x2, 0x3b) mmap$auto(0x0, 0x400007, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/midiC2D2\x00', 0x142, 0x0) sysfs$auto(0x2, 0x23, 0x0) r2 = openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/set_event\x00', 0x20201, 0x0) write$auto(r2, 0x0, 0x3) connect$auto(0x3, &(0x7f0000000000)=@generic={0x36}, 0x58) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x2, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) recvmmsg$auto(r0, 0x0, 0x10003, 0x82000000, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) mmap$auto(0x8, 0x9d90, 0xdf, 0x1000eb1, 0x401, 0x5) sendmsg$auto_NL802154_CMD_GET_WPAN_PHY(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000480)=ANY=[@ANYRES16=r3, @ANYBLOB="676f726deb727b253994b43d4e0afbcb8e943880fb57419388b8656174fdd1201680f0a0b6e4ff8cd5a06389e47f9ae39cdec4fd813c44d55774a49812c26cb9b36d3d9101b39523b79ae39733c596c69c8307818bfc838d35a103419b28a497cbda2955ea40f3e92a105a5dd0a4b2c0222ffc033f3f9f6d6604c3ccf3c847d708015e434394b2e893c9555fb3a22494b0c53140d182d78e9b7a98dbc3945d1216c970c00d430e957c78fae55f498193f7", @ANYRES32=r3, @ANYRESHEX=r2, @ANYRESOCT, @ANYRES8=r1, @ANYRESDEC=r0, @ANYRES8=r1, @ANYRES32=r2, @ANYRES8], 0x24}, 0x1, 0x0, 0x0, 0x51}, 0x0) socket(0xf, 0x4, 0x84) process_vm_readv$auto(0x0, &(0x7f0000000380)={0x0, 0xfff}, 0x40000000002, &(0x7f0000000180)={&(0x7f00000000c0), 0x40000000001243}, 0xa, 0x0) shmctl$auto_IPC_SET(0xc, 0x1, &(0x7f0000000300)={{0xffffffff, 0xffffffffffffffff, 0xee01, 0x1000, 0xae, 0x9, 0x6}, 0x1, 0x7, 0x2, 0x280, @raw, @raw=0x5, 0x3, 0x0, &(0x7f0000000140), 0x0}) r4 = openat$auto_ftrace_set_event_pid_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/tracing/set_event_pid\x00', 0x840, 0x0) lseek$auto(r4, 0x48f, 0x0) kernel console output (not intermixed with test programs): r parsing attributes in process `syz.1.7522'. [ 1356.058547][T27693] netlink: 25 bytes leftover after parsing attributes in process `syz.1.7522'. [ 1356.075320][T27690] CPU: 0 UID: 0 PID: 27690 Comm: syz.4.7520 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1356.075375][T27690] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1356.075389][T27690] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1356.075410][T27690] Call Trace: [ 1356.075422][T27690] [ 1356.075434][T27690] dump_stack_lvl+0x100/0x190 [ 1356.075515][T27690] should_fail_ex.cold+0x5/0xa [ 1356.075548][T27690] ? prepare_alloc_pages+0x16d/0x5f0 [ 1356.075588][T27690] should_fail_alloc_page+0xeb/0x140 [ 1356.075624][T27690] prepare_alloc_pages+0x1f0/0x5f0 [ 1356.075661][T27690] ? rcu_is_watching+0x12/0xc0 [ 1356.075718][T27690] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 1356.075768][T27690] ? __alloc_frozen_pages_noprof+0x2b1/0x2ba0 [ 1356.075819][T27690] ? __pfx_css_rstat_updated+0x10/0x10 [ 1356.075891][T27690] ? find_held_lock+0x2b/0x80 [ 1356.075922][T27690] ? rcu_read_unlock+0x17/0x60 [ 1356.075957][T27690] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 1356.076019][T27690] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 1356.076068][T27690] ? page_counter_charge+0x1d2/0x240 [ 1356.076113][T27690] ? rcu_is_watching+0x12/0xc0 [ 1356.076164][T27690] ? trace_mm_page_alloc+0x17a/0x1d0 [ 1356.076219][T27690] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1356.076280][T27690] ? policy_nodemask+0xed/0x4f0 [ 1356.076319][T27690] alloc_pages_mpol+0x1fb/0x550 [ 1356.076354][T27690] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 1356.076389][T27690] ? do_raw_spin_lock+0x128/0x260 [ 1356.076440][T27690] ? find_held_lock+0x2b/0x80 [ 1356.076472][T27690] ? __pud_alloc+0x575/0x760 [ 1356.076514][T27690] alloc_pages_noprof+0x131/0x390 [ 1356.076551][T27690] __pmd_alloc+0x3b/0x9c0 [ 1356.076586][T27690] ? __pud_alloc+0x57a/0x760 [ 1356.076627][T27690] walk_to_pmd+0x3a3/0x4c0 [ 1356.076670][T27690] get_locked_pte+0x25/0xc0 [ 1356.076712][T27690] map_ldt_struct+0x3c1/0xa70 [ 1356.076758][T27690] ? __pfx_map_ldt_struct+0x10/0x10 [ 1356.076792][T27690] ? alloc_pages_noprof+0x233/0x390 [ 1356.076836][T27690] write_ldt+0x6d3/0xd40 [ 1356.076877][T27690] ? __pfx_write_ldt+0x10/0x10 [ 1356.076916][T27690] ? xfd_validate_state+0x129/0x190 [ 1356.076976][T27690] __x64_sys_modify_ldt+0xb1/0x170 [ 1356.077035][T27690] do_syscall_64+0x106/0xf80 [ 1356.077072][T27690] ? clear_bhb_loop+0x40/0x90 [ 1356.077115][T27690] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1356.077149][T27690] RIP: 0033:0x7f1cfb79c799 [ 1356.077190][T27690] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1356.077229][T27690] RSP: 002b:00007f1cfc6b3028 EFLAGS: 00000246 ORIG_RAX: 000000000000009a [ 1356.077269][T27690] RAX: ffffffffffffffda RBX: 00007f1cfba15fa0 RCX: 00007f1cfb79c799 [ 1356.077293][T27690] RDX: 0000000000000010 RSI: 00002000000001c0 RDI: 0000000000000001 [ 1356.077315][T27690] RBP: 00007f1cfb832bd9 R08: 0000000000000000 R09: 0000000000000000 [ 1356.077337][T27690] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1356.077358][T27690] R13: 00007f1cfba16038 R14: 00007f1cfba15fa0 R15: 00007ffcd6b03688 [ 1356.077404][T27690] [ 1356.634717][T27692] Process accounting resumed [ 1356.745858][T27704] netlink: 186 bytes leftover after parsing attributes in process `syz.3.7525'. [ 1356.917822][ T30] audit: type=1800 audit(2147483752.200:35): pid=27690 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.7520" name="trace_marker" dev="tracefs" ino=4152 res=0 errno=0 [ 1356.975226][T27706] sp0: Synchronizing with TNC [ 1357.051582][T27708] netlink: 'syz.1.7527': attribute type 16 has an invalid length. [ 1357.062891][T27708] netlink: 226 bytes leftover after parsing attributes in process `syz.1.7527'. [ 1357.086257][T27708] netlink: 4 bytes leftover after parsing attributes in process `syz.1.7527'. [ 1357.291584][T27713] block nbd0: NBD_DISCONNECT [ 1357.305612][T27713] block nbd0: Send disconnect failed -32 [ 1357.521283][T27719] futex_wake_op: syz.1.7530 tries to shift op by -2048; fix this program [ 1357.589686][T27719] futex_wake_op: syz.1.7530 tries to shift op by -2048; fix this program [ 1359.357116][T27751] netlink: 28 bytes leftover after parsing attributes in process `syz.1.7541'. [ 1359.498571][ C1] vcan0: j1939_tp_rxtimer: 0xffff88807a1a6c00: rx timeout, send abort [ 1359.532371][T27751] hsr_slave_0 (unregistering): left promiscuous mode [ 1359.939942][T27756] netlink: 28 bytes leftover after parsing attributes in process `syz.1.7542'. [ 1360.012124][ C1] vcan0: j1939_tp_rxtimer: 0xffff88807a1a6c00: abort rx timeout. Force session deactivation [ 1360.231354][T27738] kexec: Could not allocate control_code_buffer [ 1360.278291][T27758] netlink: 28 bytes leftover after parsing attributes in process `syz.1.7543'. [ 1361.742338][T27792] netlink: 'syz.3.7556': attribute type 21 has an invalid length. [ 1361.768226][T27792] netlink: 334 bytes leftover after parsing attributes in process `syz.3.7556'. [ 1361.788493][T27794] netlink: 'syz.2.7557': attribute type 5 has an invalid length. [ 1361.811954][T27794] netlink: 'syz.2.7557': attribute type 1 has an invalid length. [ 1361.834618][T27794] netlink: 12 bytes leftover after parsing attributes in process `syz.2.7557'. [ 1361.886589][T27796] netlink: 'syz.2.7557': attribute type 5 has an invalid length. [ 1361.917431][T27796] netlink: 'syz.2.7557': attribute type 1 has an invalid length. [ 1361.982114][T27796] netlink: 12 bytes leftover after parsing attributes in process `syz.2.7557'. [ 1362.081188][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 1362.088612][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 1362.484725][T27806] FAULT_INJECTION: forcing a failure. [ 1362.484725][T27806] name failslab, interval 1, probability 0, space 0, times 0 [ 1362.553453][T27806] CPU: 1 UID: 0 PID: 27806 Comm: syz.2.7561 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1362.553513][T27806] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1362.553527][T27806] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1362.553556][T27806] Call Trace: [ 1362.553568][T27806] [ 1362.553582][T27806] dump_stack_lvl+0x100/0x190 [ 1362.553637][T27806] should_fail_ex.cold+0x5/0xa [ 1362.553677][T27806] should_failslab+0xc2/0x120 [ 1362.553710][T27806] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 1362.553760][T27806] ? __d_alloc+0x34/0xa80 [ 1362.553804][T27806] __d_alloc+0x34/0xa80 [ 1362.553843][T27806] d_alloc_parallel+0x111/0x14e0 [ 1362.553903][T27806] ? find_held_lock+0x2b/0x80 [ 1362.553934][T27806] ? __d_lookup+0x25c/0x4a0 [ 1362.553978][T27806] ? __pfx_d_alloc_parallel+0x10/0x10 [ 1362.554029][T27806] ? __d_lookup+0x266/0x4a0 [ 1362.554085][T27806] lookup_open.isra.0+0x57c/0x11b0 [ 1362.554142][T27806] ? __pfx_lookup_open.isra.0+0x10/0x10 [ 1362.554213][T27806] ? mnt_get_write_access+0x1e9/0x2f0 [ 1362.554262][T27806] path_openat+0xa98/0x31a0 [ 1362.554309][T27806] ? __pfx_path_openat+0x10/0x10 [ 1362.554356][T27806] do_file_open+0x20e/0x430 [ 1362.554392][T27806] ? __pfx_do_file_open+0x10/0x10 [ 1362.554439][T27806] ? __pfx_kfree_link+0x10/0x10 [ 1362.554494][T27806] ? alloc_fd+0x476/0x790 [ 1362.554564][T27806] ? do_getname+0x191/0x390 [ 1362.554606][T27806] do_sys_openat2+0x10d/0x1e0 [ 1362.554649][T27806] ? __pfx_do_sys_openat2+0x10/0x10 [ 1362.554693][T27806] ? ksys_semctl.constprop.0+0x14e/0x2e0 [ 1362.554752][T27806] __x64_sys_openat+0x12d/0x210 [ 1362.554795][T27806] ? __pfx___x64_sys_openat+0x10/0x10 [ 1362.554853][T27806] do_syscall_64+0x106/0xf80 [ 1362.554897][T27806] ? clear_bhb_loop+0x40/0x90 [ 1362.554937][T27806] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1362.554972][T27806] RIP: 0033:0x7f2cebf5cfce [ 1362.555000][T27806] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 1362.555039][T27806] RSP: 002b:00007f2cecec5ec8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1362.555072][T27806] RAX: ffffffffffffffda RBX: 00007f2cecec66c0 RCX: 00007f2cebf5cfce [ 1362.555095][T27806] RDX: 0000000000000002 RSI: 00007f2cecec5f90 RDI: ffffffffffffff9c [ 1362.555117][T27806] RBP: 00007f2cec032bd9 R08: 0000000000000000 R09: 0000000000000000 [ 1362.555137][T27806] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1362.555158][T27806] R13: 00007f2cec216128 R14: 00007f2cec216090 R15: 00007ffd940bb848 [ 1362.555202][T27806] [ 1362.940256][T27809] zram: Added device: zram1 [ 1364.454499][T27828] netlink: 354 bytes leftover after parsing attributes in process `syz.3.7567'. [ 1364.929910][T17380] Bluetooth: hci3: unexpected event for opcode 0x7c89 [ 1365.370520][T27838] netlink: 25 bytes leftover after parsing attributes in process `syz.2.7571'. [ 1365.900558][ T30] audit: type=1326 audit(2147483761.190:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27835 comm="syz.4.7570" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f1cfb79c799 code=0x0 [ 1367.673599][T27882] tipc: Withdrawal distribution failure [ 1370.385152][T27916] FAULT_INJECTION: forcing a failure. [ 1370.385152][T27916] name failslab, interval 1, probability 0, space 0, times 0 [ 1370.645045][T27916] CPU: 0 UID: 0 PID: 27916 Comm: syz.4.7593 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1370.645106][T27916] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1370.645122][T27916] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1370.645145][T27916] Call Trace: [ 1370.645157][T27916] [ 1370.645179][T27916] dump_stack_lvl+0x100/0x190 [ 1370.645236][T27916] should_fail_ex.cold+0x5/0xa [ 1370.645276][T27916] should_failslab+0xc2/0x120 [ 1370.645309][T27916] __kmalloc_cache_node_noprof+0x7d/0x770 [ 1370.645361][T27916] ? __alloc_workqueue+0x711/0x1880 [ 1370.645399][T27916] ? lockdep_init_map_type+0x5c/0x250 [ 1370.645450][T27916] __alloc_workqueue+0x711/0x1880 [ 1370.645496][T27916] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 1370.645535][T27916] alloc_workqueue_noprof+0xd2/0x200 [ 1370.645576][T27916] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 1370.645627][T27916] ? __pfx___debug_object_init+0x10/0x10 [ 1370.645683][T27916] nci_register_device+0x511/0xb80 [ 1370.645737][T27916] ? __pfx_nci_register_device+0x10/0x10 [ 1370.645793][T27916] ? lockdep_init_map_type+0x5c/0x250 [ 1370.645844][T27916] virtual_ncidev_open+0x141/0x220 [ 1370.645900][T27916] ? __pfx_virtual_ncidev_open+0x10/0x10 [ 1370.645936][T27916] misc_open+0x26d/0x450 [ 1370.645988][T27916] ? __pfx_misc_open+0x10/0x10 [ 1370.646040][T27916] chrdev_open+0x234/0x6a0 [ 1370.646072][T27916] ? __pfx_apparmor_file_open+0x10/0x10 [ 1370.646120][T27916] ? __pfx_chrdev_open+0x10/0x10 [ 1370.646155][T27916] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 1370.646230][T27916] do_dentry_open+0x6d8/0x1660 [ 1370.646285][T27916] ? __pfx_chrdev_open+0x10/0x10 [ 1370.646328][T27916] vfs_open+0x82/0x3f0 [ 1370.646379][T27916] path_openat+0x208c/0x31a0 [ 1370.646427][T27916] ? __pfx_path_openat+0x10/0x10 [ 1370.646479][T27916] do_file_open+0x20e/0x430 [ 1370.646517][T27916] ? __pfx_do_file_open+0x10/0x10 [ 1370.646582][T27916] ? alloc_fd+0x476/0x790 [ 1370.646641][T27916] ? do_getname+0x191/0x390 [ 1370.646685][T27916] do_sys_openat2+0x10d/0x1e0 [ 1370.646729][T27916] ? __pfx_do_sys_openat2+0x10/0x10 [ 1370.646788][T27916] __x64_sys_openat+0x12d/0x210 [ 1370.646833][T27916] ? __pfx___x64_sys_openat+0x10/0x10 [ 1370.646893][T27916] do_syscall_64+0x106/0xf80 [ 1370.646932][T27916] ? clear_bhb_loop+0x40/0x90 [ 1370.646986][T27916] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1370.647022][T27916] RIP: 0033:0x7f1cfb79c799 [ 1370.647050][T27916] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1370.647085][T27916] RSP: 002b:00007f1cfc6b3028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1370.647118][T27916] RAX: ffffffffffffffda RBX: 00007f1cfba15fa0 RCX: 00007f1cfb79c799 [ 1370.647140][T27916] RDX: 0000000000000002 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 1370.647162][T27916] RBP: 00007f1cfb832bd9 R08: 0000000000000000 R09: 0000000000000000 [ 1370.647188][T27916] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1370.647208][T27916] R13: 00007f1cfba16038 R14: 00007f1cfba15fa0 R15: 00007ffcd6b03688 [ 1370.647252][T27916] [ 1371.976224][T27935] netlink: 'syz.3.7601': attribute type 4 has an invalid length. [ 1372.000642][T27935] netlink: 'syz.3.7601': attribute type 32 has an invalid length. [ 1372.023626][T27935] netlink: 46 bytes leftover after parsing attributes in process `syz.3.7601'. [ 1372.523282][T27940] random: crng reseeded on system resumption [ 1372.541228][T17380] Bluetooth: hci3: SCO packet for unknown connection handle 0 [ 1375.112292][T27983] program syz.2.7611 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1375.865141][T27998] netlink: 86 bytes leftover after parsing attributes in process `syz.1.7617'. [ 1376.015222][T27991] zswap: compressor not available [ 1377.281081][T28020] netlink: 4 bytes leftover after parsing attributes in process `syz.1.7624'. [ 1377.313803][T28020] netlink: 354 bytes leftover after parsing attributes in process `syz.1.7624'. [ 1379.467358][T28046] netlink: 25 bytes leftover after parsing attributes in process `syz.2.7631'. [ 1380.302195][T28060] netlink: 4 bytes leftover after parsing attributes in process `syz.2.7637'. [ 1380.350680][T28060] netlink: 13 bytes leftover after parsing attributes in process `syz.2.7637'. [ 1380.852426][T28064] netlink: 4 bytes leftover after parsing attributes in process `syz.3.7639'. [ 1380.888735][T28064] netlink: 25 bytes leftover after parsing attributes in process `syz.3.7639'. [ 1381.064521][T28067] netlink: 330 bytes leftover after parsing attributes in process `syz.1.7641'. [ 1381.170726][T28070] netlink: 252 bytes leftover after parsing attributes in process `syz.3.7643'. [ 1381.223068][T28070] netlink: 252 bytes leftover after parsing attributes in process `syz.3.7643'. [ 1381.338670][T28075] netlink: 'syz.1.7644': attribute type 10 has an invalid length. [ 1382.854212][T28108] __nla_validate_parse: 2 callbacks suppressed [ 1382.854238][T28108] netlink: 4 bytes leftover after parsing attributes in process `syz.3.7654'. [ 1382.941405][T28108] netlink: 354 bytes leftover after parsing attributes in process `syz.3.7654'. [ 1383.490293][T28113] netlink: 25 bytes leftover after parsing attributes in process `syz.4.7656'. [ 1384.137820][T28125] netlink: 4 bytes leftover after parsing attributes in process `syz.4.7660'. [ 1384.182725][T28125] netlink: 'syz.4.7660': attribute type 1 has an invalid length. [ 1384.215211][T28125] netlink: 'syz.4.7660': attribute type 6 has an invalid length. [ 1385.317649][T28134] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=4294967104 (549755789312 ns) > initial count (26496 ns). Using initial count to start timer. [ 1387.622120][T28156] cougar: G6 mapped to space [ 1388.062431][T28172] netlink: 25 bytes leftover after parsing attributes in process `syz.4.7674'. [ 1388.217596][T28150] Process accounting paused [ 1389.625609][T28203] netlink: 4 bytes leftover after parsing attributes in process `syz.3.7685'. [ 1389.684011][T28203] netlink: 25 bytes leftover after parsing attributes in process `syz.3.7685'. [ 1389.847350][T28208] futex_wake_op: syz.4.7687 tries to shift op by -2048; fix this program [ 1389.856213][T28208] futex_wake_op: syz.4.7687 tries to shift op by -2048; fix this program [ 1389.980255][T28208] 0x000000000001-0x000000020000 : "" [ 1390.136388][T28208] ftl_cs: FTL header corrupt! [ 1391.138094][T28223] netlink: 186 bytes leftover after parsing attributes in process `syz.4.7690'. [ 1391.407392][T28225] FAULT_INJECTION: forcing a failure. [ 1391.407392][T28225] name failslab, interval 1, probability 0, space 0, times 0 [ 1391.541463][T28225] CPU: 0 UID: 0 PID: 28225 Comm: syz.2.7691 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1391.541524][T28225] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1391.541540][T28225] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1391.541562][T28225] Call Trace: [ 1391.541574][T28225] [ 1391.541588][T28225] dump_stack_lvl+0x100/0x190 [ 1391.541647][T28225] should_fail_ex.cold+0x5/0xa [ 1391.541688][T28225] should_failslab+0xc2/0x120 [ 1391.541722][T28225] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1391.541765][T28225] ? kernfs_fop_open+0x9f4/0xd50 [ 1391.541809][T28225] kernfs_fop_open+0x9f4/0xd50 [ 1391.541853][T28225] do_dentry_open+0x6d8/0x1660 [ 1391.541907][T28225] ? __pfx_kernfs_fop_open+0x10/0x10 [ 1391.541952][T28225] vfs_open+0x82/0x3f0 [ 1391.541997][T28225] path_openat+0x208c/0x31a0 [ 1391.542044][T28225] ? __pfx_path_openat+0x10/0x10 [ 1391.542094][T28225] do_file_open+0x20e/0x430 [ 1391.542130][T28225] ? __pfx_do_file_open+0x10/0x10 [ 1391.542194][T28225] ? alloc_fd+0x476/0x790 [ 1391.542254][T28225] ? do_getname+0x191/0x390 [ 1391.542299][T28225] do_sys_openat2+0x10d/0x1e0 [ 1391.542341][T28225] ? __pfx_do_sys_openat2+0x10/0x10 [ 1391.542410][T28225] __x64_sys_openat+0x12d/0x210 [ 1391.542456][T28225] ? __pfx___x64_sys_openat+0x10/0x10 [ 1391.542518][T28225] do_syscall_64+0x106/0xf80 [ 1391.542556][T28225] ? clear_bhb_loop+0x40/0x90 [ 1391.542600][T28225] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1391.542635][T28225] RIP: 0033:0x7f2cebf9c799 [ 1391.542664][T28225] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1391.542698][T28225] RSP: 002b:00007f2cecee7028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1391.542731][T28225] RAX: ffffffffffffffda RBX: 00007f2cec215fa0 RCX: 00007f2cebf9c799 [ 1391.542754][T28225] RDX: 0000000000183841 RSI: 0000200000000280 RDI: ffffffffffffff9c [ 1391.542778][T28225] RBP: 00007f2cec032bd9 R08: 0000000000000000 R09: 0000000000000000 [ 1391.542799][T28225] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1391.542820][T28225] R13: 00007f2cec216038 R14: 00007f2cec215fa0 R15: 00007ffd940bb848 [ 1391.542865][T28225] [ 1392.456498][T28235] netlink: 4 bytes leftover after parsing attributes in process `syz.2.7694'. [ 1392.516415][T28235] netlink: 25 bytes leftover after parsing attributes in process `syz.2.7694'. [ 1393.275507][T28252] netlink: 'syz.2.7699': attribute type 4 has an invalid length. [ 1393.326964][T28252] netlink: 'syz.2.7699': attribute type 32 has an invalid length. [ 1393.597434][T28252] netlink: 46 bytes leftover after parsing attributes in process `syz.2.7699'. [ 1394.127792][T28262] netlink: 306 bytes leftover after parsing attributes in process `syz.2.7704'. [ 1394.679775][T28271] can: request_module (can-proto-4) failed. [ 1394.753743][T28275] FAULT_INJECTION: forcing a failure. [ 1394.753743][T28275] name failslab, interval 1, probability 0, space 0, times 0 [ 1394.817575][T28275] CPU: 0 UID: 0 PID: 28275 Comm: syz.2.7707 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1394.817631][T28275] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1394.817643][T28275] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1394.817665][T28275] Call Trace: [ 1394.817675][T28275] [ 1394.817686][T28275] dump_stack_lvl+0x100/0x190 [ 1394.817754][T28275] should_fail_ex.cold+0x5/0xa [ 1394.817787][T28275] should_failslab+0xc2/0x120 [ 1394.817815][T28275] __kmalloc_node_noprof+0xe6/0x850 [ 1394.817856][T28275] ? mempool_init_node+0x11b/0x6e0 [ 1394.817884][T28275] ? lockdep_init_map_type+0x5c/0x250 [ 1394.817924][T28275] ? __pfx_mempool_free_slab+0x10/0x10 [ 1394.817970][T28275] ? __pfx_mempool_alloc_slab+0x10/0x10 [ 1394.817998][T28275] mempool_init_node+0x11b/0x6e0 [ 1394.818025][T28275] ? __pfx_xa_load+0x10/0x10 [ 1394.818067][T28275] ? __pfx_mempool_alloc_slab+0x10/0x10 [ 1394.818093][T28275] ? __pfx_mempool_free_slab+0x10/0x10 [ 1394.818140][T28275] mempool_init_noprof+0x3a/0x50 [ 1394.818172][T28275] bioset_init+0x37e/0x8a0 [ 1394.818224][T28275] ? __pfx_bioset_init+0x10/0x10 [ 1394.818282][T28275] __alloc_disk_node+0x83/0x6b0 [ 1394.818329][T28275] __blk_mq_alloc_disk+0x89/0x120 [ 1394.818369][T28275] loop_add+0x498/0xb60 [ 1394.818398][T28275] ? __pfx_loop_add+0x10/0x10 [ 1394.818459][T28275] loop_control_ioctl+0xae/0x620 [ 1394.818492][T28275] ? __pfx_loop_control_ioctl+0x10/0x10 [ 1394.818523][T28275] ? xfd_validate_state+0x129/0x190 [ 1394.818567][T28275] ? __pfx_loop_control_ioctl+0x10/0x10 [ 1394.818606][T28275] __x64_sys_ioctl+0x18e/0x210 [ 1394.818648][T28275] do_syscall_64+0x106/0xf80 [ 1394.818680][T28275] ? clear_bhb_loop+0x40/0x90 [ 1394.818715][T28275] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1394.818745][T28275] RIP: 0033:0x7f2cebf9c799 [ 1394.818768][T28275] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1394.818796][T28275] RSP: 002b:00007f2cecee7028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1394.818824][T28275] RAX: ffffffffffffffda RBX: 00007f2cec215fa0 RCX: 00007f2cebf9c799 [ 1394.818844][T28275] RDX: fffffffffffffffd RSI: 0000000000004c80 RDI: 0000000000000002 [ 1394.818864][T28275] RBP: 00007f2cec032bd9 R08: 0000000000000000 R09: 0000000000000000 [ 1394.818882][T28275] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1394.818900][T28275] R13: 00007f2cec216038 R14: 00007f2cec215fa0 R15: 00007ffd940bb848 [ 1394.818950][T28275] [ 1396.328142][T28284] vhci_hcd vhci_hcd.2: invalid port number 255 [ 1398.662730][T28322] vhci_hcd vhci_hcd.2: invalid port number 255 [ 1399.143739][T28332] FAULT_INJECTION: forcing a failure. [ 1399.143739][T28332] name failslab, interval 1, probability 0, space 0, times 0 [ 1399.246966][T28336] netlink: 4 bytes leftover after parsing attributes in process `syz.4.7727'. [ 1399.309287][T28338] netlink: 17 bytes leftover after parsing attributes in process `syz.4.7727'. [ 1399.340515][T28332] CPU: 0 UID: 0 PID: 28332 Comm: syz.4.7727 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1399.340572][T28332] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1399.340590][T28332] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1399.340612][T28332] Call Trace: [ 1399.340624][T28332] [ 1399.340637][T28332] dump_stack_lvl+0x100/0x190 [ 1399.340695][T28332] should_fail_ex.cold+0x5/0xa [ 1399.340734][T28332] ? usb_hcd_submit_urb+0x601/0x2150 [ 1399.340783][T28332] should_failslab+0xc2/0x120 [ 1399.340816][T28332] __kmalloc_noprof+0xe0/0x850 [ 1399.340865][T28332] ? mark_held_locks+0x40/0x70 [ 1399.340914][T28332] usb_hcd_submit_urb+0x601/0x2150 [ 1399.340978][T28332] usb_submit_urb+0x8aa/0x1910 [ 1399.341040][T28332] ? __init_swait_queue_head+0xca/0x150 [ 1399.341096][T28332] usb_start_wait_urb+0x106/0x4c0 [ 1399.341162][T28332] ? __pfx_usb_start_wait_urb+0x10/0x10 [ 1399.341232][T28332] ? __asan_memset+0x23/0x50 [ 1399.341284][T28332] usb_control_msg+0x326/0x4a0 [ 1399.341342][T28332] ? __pfx_usb_control_msg+0x10/0x10 [ 1399.341396][T28332] ? kernfs_find_and_get_ns+0x5f/0x70 [ 1399.341454][T28332] usb_hub_set_port_power+0x125/0x180 [ 1399.341501][T28332] disable_store+0x2eb/0x450 [ 1399.341542][T28332] ? __pfx_disable_store+0x10/0x10 [ 1399.341581][T28332] ? find_held_lock+0x2b/0x80 [ 1399.341611][T28332] ? sysfs_file_kobj+0xe4/0x290 [ 1399.341647][T28332] ? sysfs_file_kobj+0xe4/0x290 [ 1399.341688][T28332] ? __pfx_disable_store+0x10/0x10 [ 1399.341724][T28332] dev_attr_store+0x58/0x80 [ 1399.341775][T28332] ? __pfx_dev_attr_store+0x10/0x10 [ 1399.341826][T28332] sysfs_kf_write+0xf2/0x150 [ 1399.341867][T28332] kernfs_fop_write_iter+0x3e0/0x5f0 [ 1399.341900][T28332] ? __pfx_sysfs_kf_write+0x10/0x10 [ 1399.341943][T28332] vfs_write+0x6ac/0x1070 [ 1399.342007][T28332] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 1399.342043][T28332] ? __pfx_vfs_write+0x10/0x10 [ 1399.342116][T28332] ksys_write+0x12a/0x250 [ 1399.342172][T28332] ? __pfx_ksys_write+0x10/0x10 [ 1399.342232][T28332] do_syscall_64+0x106/0xf80 [ 1399.342267][T28332] ? clear_bhb_loop+0x40/0x90 [ 1399.342306][T28332] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1399.342339][T28332] RIP: 0033:0x7f1cfb79c799 [ 1399.342366][T28332] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1399.342397][T28332] RSP: 002b:00007f1cfc6b3028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1399.342428][T28332] RAX: ffffffffffffffda RBX: 00007f1cfba15fa0 RCX: 00007f1cfb79c799 [ 1399.342449][T28332] RDX: 00000000000005c8 RSI: 0000000000000000 RDI: 0000000000000003 [ 1399.342485][T28332] RBP: 00007f1cfb832bd9 R08: 0000000000000000 R09: 0000000000000000 [ 1399.342506][T28332] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1399.342525][T28332] R13: 00007f1cfba16038 R14: 00007f1cfba15fa0 R15: 00007ffcd6b03688 [ 1399.342570][T28332] [ 1399.996803][T28340] cougar: G6 mapped to space [ 1406.221267][T28416] netlink: 252 bytes leftover after parsing attributes in process `syz.4.7750'. [ 1406.304185][T28419] netlink: 252 bytes leftover after parsing attributes in process `syz.4.7750'. [ 1406.949444][T28429] FAULT_INJECTION: forcing a failure. [ 1406.949444][T28429] name failslab, interval 1, probability 0, space 0, times 0 [ 1407.005837][T28429] CPU: 0 UID: 0 PID: 28429 Comm: syz.4.7753 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1407.005896][T28429] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1407.005910][T28429] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1407.005931][T28429] Call Trace: [ 1407.005943][T28429] [ 1407.005957][T28429] dump_stack_lvl+0x100/0x190 [ 1407.006015][T28429] should_fail_ex.cold+0x5/0xa [ 1407.006056][T28429] should_failslab+0xc2/0x120 [ 1407.006090][T28429] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1407.006133][T28429] ? trace_pid_list_alloc+0x232/0x480 [ 1407.006196][T28429] trace_pid_list_alloc+0x232/0x480 [ 1407.006254][T28429] trace_pid_write+0x110/0x460 [ 1407.006308][T28429] ? __pfx_trace_pid_write+0x10/0x10 [ 1407.006388][T28429] event_pid_write.isra.0+0x1e4/0x800 [ 1407.006447][T28429] ? __pfx_event_pid_write.isra.0+0x10/0x10 [ 1407.006513][T28429] vfs_write+0x2aa/0x1070 [ 1407.006575][T28429] ? __pfx_ftrace_event_npid_write+0x10/0x10 [ 1407.006634][T28429] ? __pfx_vfs_write+0x10/0x10 [ 1407.006684][T28429] ? __fget_files+0x215/0x3d0 [ 1407.006745][T28429] ? __fget_files+0x21f/0x3d0 [ 1407.006811][T28429] ksys_write+0x12a/0x250 [ 1407.006863][T28429] ? __pfx_ksys_write+0x10/0x10 [ 1407.006929][T28429] do_syscall_64+0x106/0xf80 [ 1407.006969][T28429] ? clear_bhb_loop+0x40/0x90 [ 1407.007013][T28429] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1407.007050][T28429] RIP: 0033:0x7f1cfb79c799 [ 1407.007078][T28429] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1407.007113][T28429] RSP: 002b:00007f1cfc6b3028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1407.007146][T28429] RAX: ffffffffffffffda RBX: 00007f1cfba15fa0 RCX: 00007f1cfb79c799 [ 1407.007169][T28429] RDX: 00000000fffffdef RSI: 0000000000000000 RDI: 0000000000000003 [ 1407.007190][T28429] RBP: 00007f1cfb832bd9 R08: 0000000000000000 R09: 0000000000000000 [ 1407.007212][T28429] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1407.007232][T28429] R13: 00007f1cfba16038 R14: 00007f1cfba15fa0 R15: 00007ffcd6b03688 [ 1407.007278][T28429] [ 1407.225472][T28427] netlink: 'syz.3.7752': attribute type 10 has an invalid length. [ 1407.233366][T28427] netlink: 330 bytes leftover after parsing attributes in process `syz.3.7752'. [ 1408.006213][T28438] ubi31: attaching mtd0 [ 1408.012602][T28438] ubi31: scanning is finished [ 1408.146587][T28438] ubi31 error: ubi_read_volume_table: the layout volume was not found [ 1408.731370][T28438] ubi31 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 1414.128560][T17380] Bluetooth: hci2: unexpected subevent 0x03 length: 253 > 9 [ 1417.205414][T17380] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 1417.627182][T28553] cougar: G6 mapped to space [ 1418.130816][T28558] netlink: 330 bytes leftover after parsing attributes in process `syz.4.7796'. [ 1418.519027][T28547] Process accounting resumed [ 1419.519354][T28576] can: request_module (can-proto-4) failed. [ 1419.793688][T28579] netlink: 330 bytes leftover after parsing attributes in process `syz.1.7803'. [ 1423.520854][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 1423.534292][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 1426.276200][T17380] Bluetooth: hci0: unexpected subevent 0x03 length: 253 > 9 [ 1427.959707][T28700] netlink: 186 bytes leftover after parsing attributes in process `syz.1.7826'. [ 1428.692384][T28707] Process accounting resumed [ 1429.195701][T17380] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 1429.265233][T28721] can: request_module (can-proto-4) failed. [ 1433.299985][T28750] Process accounting resumed [ 1441.704541][T17380] Bluetooth: hci1: unexpected event 0x3e length: 726 > 260 [ 1441.704591][T17380] Bluetooth: hci1: unexpected subevent 0x0d length: 725 > 260 [ 1441.719769][T17380] Bluetooth: hci1: Unknown advertising packet type: 0x7f [ 1441.719811][T17380] Bluetooth: hci1: adv larger than maximum supported [ 1441.727471][T17380] Bluetooth: hci1: adv larger than maximum supported [ 1441.734212][T17380] Bluetooth: hci1: Malformed LE Event: 0x0d [ 1443.369433][T28840] random: crng reseeded on system resumption [ 1443.433455][T28840] FAULT_INJECTION: forcing a failure. [ 1443.433455][T28840] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1443.478932][T28840] CPU: 0 UID: 0 PID: 28840 Comm: syz.2.7860 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1443.478987][T28840] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1443.479000][T28840] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1443.479020][T28840] Call Trace: [ 1443.479031][T28840] [ 1443.479044][T28840] dump_stack_lvl+0x100/0x190 [ 1443.479098][T28840] should_fail_ex.cold+0x5/0xa [ 1443.479128][T28840] ? prepare_alloc_pages+0x16d/0x5f0 [ 1443.479163][T28840] should_fail_alloc_page+0xeb/0x140 [ 1443.479194][T28840] prepare_alloc_pages+0x1f0/0x5f0 [ 1443.479232][T28840] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 1443.479290][T28840] ? stack_trace_save+0x8e/0xc0 [ 1443.479318][T28840] ? __pfx_stack_trace_save+0x10/0x10 [ 1443.479349][T28840] ? arch_stack_walk+0xa6/0xf0 [ 1443.479380][T28840] ? stack_depot_save_flags+0x27/0x9d0 [ 1443.479435][T28840] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 1443.479490][T28840] ? kasan_save_stack+0x3f/0x50 [ 1443.479539][T28840] ? kasan_save_stack+0x30/0x50 [ 1443.479579][T28840] ? kasan_save_track+0x14/0x30 [ 1443.479630][T28840] ? __kasan_kmalloc+0xaa/0xb0 [ 1443.479676][T28840] ? memory_bm_create+0x14d/0xba0 [ 1443.479727][T28840] ? create_basic_memory_bitmaps+0xbd/0x350 [ 1443.479759][T28840] ? snapshot_open+0x230/0x2a0 [ 1443.479798][T28840] ? misc_open+0x26d/0x450 [ 1443.479853][T28840] ? do_sys_openat2+0x10d/0x1e0 [ 1443.479893][T28840] ? __x64_sys_openat+0x12d/0x210 [ 1443.479934][T28840] ? do_syscall_64+0x106/0xf80 [ 1443.479977][T28840] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1443.480020][T28840] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1443.480078][T28840] ? policy_nodemask+0xed/0x4f0 [ 1443.480115][T28840] alloc_pages_mpol+0x1fb/0x550 [ 1443.480152][T28840] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 1443.480197][T28840] alloc_pages_noprof+0x131/0x390 [ 1443.480234][T28840] get_zeroed_page_noprof+0x18/0xb0 [ 1443.480270][T28840] get_image_page+0x18/0x1a0 [ 1443.480324][T28840] memory_bm_create+0x9bd/0xba0 [ 1443.480396][T28840] create_basic_memory_bitmaps+0xbd/0x350 [ 1443.480451][T28840] snapshot_open+0x230/0x2a0 [ 1443.480506][T28840] ? __pfx_snapshot_open+0x10/0x10 [ 1443.480560][T28840] misc_open+0x26d/0x450 [ 1443.480619][T28840] ? __pfx_misc_open+0x10/0x10 [ 1443.480669][T28840] chrdev_open+0x234/0x6a0 [ 1443.480699][T28840] ? __pfx_apparmor_file_open+0x10/0x10 [ 1443.480745][T28840] ? __pfx_chrdev_open+0x10/0x10 [ 1443.480779][T28840] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 1443.480844][T28840] do_dentry_open+0x6d8/0x1660 [ 1443.480896][T28840] ? __pfx_chrdev_open+0x10/0x10 [ 1443.480936][T28840] vfs_open+0x82/0x3f0 [ 1443.480980][T28840] path_openat+0x208c/0x31a0 [ 1443.481027][T28840] ? __pfx_path_openat+0x10/0x10 [ 1443.481073][T28840] do_file_open+0x20e/0x430 [ 1443.481108][T28840] ? __pfx_do_file_open+0x10/0x10 [ 1443.481169][T28840] ? alloc_fd+0x476/0x790 [ 1443.481224][T28840] ? do_getname+0x191/0x390 [ 1443.481267][T28840] do_sys_openat2+0x10d/0x1e0 [ 1443.481307][T28840] ? __pfx_do_sys_openat2+0x10/0x10 [ 1443.481351][T28840] ? __fget_files+0x21f/0x3d0 [ 1443.481410][T28840] __x64_sys_openat+0x12d/0x210 [ 1443.481453][T28840] ? __pfx___x64_sys_openat+0x10/0x10 [ 1443.481512][T28840] do_syscall_64+0x106/0xf80 [ 1443.481549][T28840] ? clear_bhb_loop+0x40/0x90 [ 1443.481590][T28840] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1443.481635][T28840] RIP: 0033:0x7f2cebf9c799 [ 1443.481662][T28840] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1443.481695][T28840] RSP: 002b:00007f2cecee7028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1443.481727][T28840] RAX: ffffffffffffffda RBX: 00007f2cec215fa0 RCX: 00007f2cebf9c799 [ 1443.481751][T28840] RDX: 0000000000008001 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 1443.481772][T28840] RBP: 00007f2cec032bd9 R08: 0000000000000000 R09: 0000000000000000 [ 1443.481792][T28840] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1443.481812][T28840] R13: 00007f2cec216038 R14: 00007f2cec215fa0 R15: 00007ffd940bb848 [ 1443.481856][T28840] [ 1446.002260][T28864] FAULT_INJECTION: forcing a failure. [ 1446.002260][T28864] name failslab, interval 1, probability 0, space 0, times 0 [ 1446.095201][T28864] CPU: 1 UID: 0 PID: 28864 Comm: syz.2.7867 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1446.095243][T28864] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1446.095253][T28864] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1446.095268][T28864] Call Trace: [ 1446.095276][T28864] [ 1446.095286][T28864] dump_stack_lvl+0x100/0x190 [ 1446.095326][T28864] should_fail_ex.cold+0x5/0xa [ 1446.095354][T28864] should_failslab+0xc2/0x120 [ 1446.095377][T28864] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1446.095407][T28864] ? percpu_ref_init+0xec/0x3f0 [ 1446.095442][T28864] ? __pfx_blk_queue_usage_counter_release+0x10/0x10 [ 1446.095481][T28864] percpu_ref_init+0xec/0x3f0 [ 1446.095513][T28864] blk_alloc_queue+0x574/0x790 [ 1446.095539][T28864] ? __kmalloc_node_noprof+0x324/0x850 [ 1446.095576][T28864] blk_mq_alloc_queue+0x174/0x290 [ 1446.095608][T28864] ? __pfx_blk_mq_alloc_queue+0x10/0x10 [ 1446.095656][T28864] ? blk_mq_alloc_tag_set+0xdc0/0x1260 [ 1446.095711][T28864] __blk_mq_alloc_disk+0x29/0x120 [ 1446.095744][T28864] loop_add+0x498/0xb60 [ 1446.095768][T28864] ? __pfx_loop_add+0x10/0x10 [ 1446.095810][T28864] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1446.095856][T28864] loop_control_ioctl+0xae/0x620 [ 1446.095900][T28864] ? __pfx_loop_control_ioctl+0x10/0x10 [ 1446.095928][T28864] ? xfd_validate_state+0x129/0x190 [ 1446.095965][T28864] ? __pfx_loop_control_ioctl+0x10/0x10 [ 1446.095994][T28864] __x64_sys_ioctl+0x18e/0x210 [ 1446.096030][T28864] do_syscall_64+0x106/0xf80 [ 1446.096057][T28864] ? clear_bhb_loop+0x40/0x90 [ 1446.096088][T28864] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1446.096114][T28864] RIP: 0033:0x7f2cebf9c799 [ 1446.096134][T28864] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1446.096159][T28864] RSP: 002b:00007f2cecee7028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1446.096183][T28864] RAX: ffffffffffffffda RBX: 00007f2cec215fa0 RCX: 00007f2cebf9c799 [ 1446.096199][T28864] RDX: fffffffffffffffd RSI: 0000000000004c80 RDI: 0000000000000002 [ 1446.096214][T28864] RBP: 00007f2cec032bd9 R08: 0000000000000000 R09: 0000000000000000 [ 1446.096229][T28864] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1446.096244][T28864] R13: 00007f2cec216038 R14: 00007f2cec215fa0 R15: 00007ffd940bb848 [ 1446.096275][T28864] [ 1448.452913][T28888] netlink: 28 bytes leftover after parsing attributes in process `syz.3.7876'. [ 1448.481819][T28888] netdevsim netdevsim3 netdevsim1: left allmulticast mode [ 1448.490439][T28888] netdevsim netdevsim3 netdevsim1: left promiscuous mode [ 1448.515376][T28888] bridge0: port 4(netdevsim1) entered disabled state [ 1448.557616][T28888] bridge_slave_1: left allmulticast mode [ 1448.563600][T28888] bridge0: port 2(bridge_slave_1) entered disabled state [ 1448.589785][T28888] bridge_slave_0: left allmulticast mode [ 1448.589824][T28888] bridge_slave_0: left promiscuous mode [ 1448.590056][T28888] bridge0: port 1(bridge_slave_0) entered disabled state [ 1448.870975][T28894] can: request_module (can-proto-4) failed. [ 1448.883359][T28888] Process accounting paused [ 1449.067432][T28897] netlink: 28 bytes leftover after parsing attributes in process `syz.3.7877'. [ 1451.501777][T28911] kexec: Could not allocate control_code_buffer [ 1452.761793][T28936] random: crng reseeded on system resumption [ 1452.798948][T28936] FAULT_INJECTION: forcing a failure. [ 1452.798948][T28936] name failslab, interval 1, probability 0, space 0, times 0 [ 1452.845045][T28936] CPU: 1 UID: 0 PID: 28936 Comm: syz.4.7885 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1452.845102][T28936] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1452.845116][T28936] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1452.845137][T28936] Call Trace: [ 1452.845149][T28936] [ 1452.845161][T28936] dump_stack_lvl+0x100/0x190 [ 1452.845225][T28936] should_fail_ex.cold+0x5/0xa [ 1452.845266][T28936] should_failslab+0xc2/0x120 [ 1452.845300][T28936] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1452.845342][T28936] ? memory_bm_create+0x14d/0xba0 [ 1452.845403][T28936] memory_bm_create+0x14d/0xba0 [ 1452.845476][T28936] create_basic_memory_bitmaps+0xbd/0x350 [ 1452.845521][T28936] snapshot_open+0x230/0x2a0 [ 1452.845556][T28936] ? __pfx_snapshot_open+0x10/0x10 [ 1452.845595][T28936] misc_open+0x26d/0x450 [ 1452.845646][T28936] ? __pfx_misc_open+0x10/0x10 [ 1452.845696][T28936] chrdev_open+0x234/0x6a0 [ 1452.845726][T28936] ? __pfx_apparmor_file_open+0x10/0x10 [ 1452.845772][T28936] ? __pfx_chrdev_open+0x10/0x10 [ 1452.845807][T28936] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 1452.845873][T28936] do_dentry_open+0x6d8/0x1660 [ 1452.845945][T28936] ? __pfx_chrdev_open+0x10/0x10 [ 1452.845990][T28936] vfs_open+0x82/0x3f0 [ 1452.846036][T28936] path_openat+0x208c/0x31a0 [ 1452.846084][T28936] ? __pfx_path_openat+0x10/0x10 [ 1452.846135][T28936] do_file_open+0x20e/0x430 [ 1452.846172][T28936] ? __pfx_do_file_open+0x10/0x10 [ 1452.846243][T28936] ? alloc_fd+0x476/0x790 [ 1452.846303][T28936] ? do_getname+0x191/0x390 [ 1452.846347][T28936] do_sys_openat2+0x10d/0x1e0 [ 1452.846391][T28936] ? __pfx_do_sys_openat2+0x10/0x10 [ 1452.846437][T28936] ? __fget_files+0x21f/0x3d0 [ 1452.846498][T28936] __x64_sys_openat+0x12d/0x210 [ 1452.846542][T28936] ? __pfx___x64_sys_openat+0x10/0x10 [ 1452.846601][T28936] do_syscall_64+0x106/0xf80 [ 1452.846639][T28936] ? clear_bhb_loop+0x40/0x90 [ 1452.846682][T28936] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1452.846718][T28936] RIP: 0033:0x7f1cfb79c799 [ 1452.846747][T28936] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1452.846781][T28936] RSP: 002b:00007f1cfc6b3028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1452.846815][T28936] RAX: ffffffffffffffda RBX: 00007f1cfba15fa0 RCX: 00007f1cfb79c799 [ 1452.846839][T28936] RDX: 0000000000008001 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 1452.846863][T28936] RBP: 00007f1cfb832bd9 R08: 0000000000000000 R09: 0000000000000000 [ 1452.846885][T28936] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1452.846907][T28936] R13: 00007f1cfba16038 R14: 00007f1cfba15fa0 R15: 00007ffcd6b03688 [ 1452.846954][T28936] [ 1455.375876][T28945] FAULT_INJECTION: forcing a failure. [ 1455.375876][T28945] name failslab, interval 1, probability 0, space 0, times 0 [ 1455.395816][T28945] CPU: 0 UID: 0 PID: 28945 Comm: syz.4.7897 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1455.395881][T28945] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1455.395895][T28945] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1455.395916][T28945] Call Trace: [ 1455.395928][T28945] [ 1455.395941][T28945] dump_stack_lvl+0x100/0x190 [ 1455.395998][T28945] should_fail_ex.cold+0x5/0xa [ 1455.396040][T28945] should_failslab+0xc2/0x120 [ 1455.396073][T28945] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 1455.396122][T28945] ? fcntl_setlk+0xaa/0xe40 [ 1455.396152][T28945] ? __lock_acquire+0x4a5/0x2630 [ 1455.396202][T28945] fcntl_setlk+0xaa/0xe40 [ 1455.396240][T28945] ? __pfx_fcntl_setlk+0x10/0x10 [ 1455.396278][T28945] ? find_held_lock+0x2b/0x80 [ 1455.396308][T28945] ? __might_fault+0xc5/0x140 [ 1455.396352][T28945] ? __might_fault+0xc5/0x140 [ 1455.396415][T28945] do_fcntl+0xf39/0x1670 [ 1455.396457][T28945] ? __pfx_do_fcntl+0x10/0x10 [ 1455.396495][T28945] ? __fget_files+0x215/0x3d0 [ 1455.396558][T28945] ? tomoyo_file_fcntl+0x6c/0xc0 [ 1455.396606][T28945] __x64_sys_fcntl+0x163/0x200 [ 1455.396653][T28945] do_syscall_64+0x106/0xf80 [ 1455.396691][T28945] ? clear_bhb_loop+0x40/0x90 [ 1455.396733][T28945] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1455.396776][T28945] RIP: 0033:0x7f1cfb79c799 [ 1455.396805][T28945] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1455.396839][T28945] RSP: 002b:00007f1cfc6b3028 EFLAGS: 00000246 ORIG_RAX: 0000000000000048 [ 1455.396872][T28945] RAX: ffffffffffffffda RBX: 00007f1cfba15fa0 RCX: 00007f1cfb79c799 [ 1455.396896][T28945] RDX: 0000000000000004 RSI: 0000000000000026 RDI: 0000000000000004 [ 1455.396916][T28945] RBP: 00007f1cfb832bd9 R08: 0000000000000000 R09: 0000000000000000 [ 1455.396937][T28945] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1455.396956][T28945] R13: 00007f1cfba16038 R14: 00007f1cfba15fa0 R15: 00007ffcd6b03688 [ 1455.397010][T28945] [ 1456.321322][T28956] can: request_module (can-proto-4) failed. [ 1458.439639][T28985] netlink: 334 bytes leftover after parsing attributes in process `syz.2.7901'. [ 1458.488087][T28983] [U] ^\ [ 1460.050664][T28995] Process accounting paused [ 1460.562001][T29002] zswap: compressor not available [ 1460.998004][T17380] Bluetooth: hci0: unexpected subevent 0x01 length: 3 < 18 [ 1463.803347][T17380] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 1463.803397][T17380] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 1463.819174][T17380] Bluetooth: hci2: Unknown advertising packet type: 0x7f [ 1463.819213][T17380] Bluetooth: hci2: adv larger than maximum supported [ 1463.826550][T17380] Bluetooth: hci2: adv larger than maximum supported [ 1463.833371][T17380] Bluetooth: hci2: Malformed LE Event: 0x0d [ 1464.287520][T29052] Process accounting paused [ 1466.360204][T17380] Bluetooth: hci2: unexpected subevent 0x01 length: 3 < 18 [ 1470.103105][T17380] Bluetooth: hci3: unexpected event 0x3e length: 726 > 260 [ 1470.103153][T17380] Bluetooth: hci3: unexpected subevent 0x0d length: 725 > 260 [ 1470.118807][T17380] Bluetooth: hci3: Unknown advertising packet type: 0x7f [ 1470.118845][T17380] Bluetooth: hci3: adv larger than maximum supported [ 1470.126475][T17380] Bluetooth: hci3: adv larger than maximum supported [ 1470.133211][T17380] Bluetooth: hci3: Malformed LE Event: 0x0d [ 1473.687395][T17380] Bluetooth: hci3: unexpected subevent 0x01 length: 3 < 18 [ 1475.172064][T17380] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 1475.172107][T17380] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 1475.188140][T17380] Bluetooth: hci0: Unknown advertising packet type: 0x7f [ 1475.188214][T17380] Bluetooth: hci0: adv larger than maximum supported [ 1475.195918][T17380] Bluetooth: hci0: adv larger than maximum supported [ 1475.202685][T17380] Bluetooth: hci0: Malformed LE Event: 0x0d [ 1475.298972][T29199] can: request_module (can-proto-4) failed. [ 1477.627971][T29230] [U] ^\ [ 1477.661500][T29233] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input24 [ 1477.699990][T29227] netlink: 8 bytes leftover after parsing attributes in process `syz.1.7952'. [ 1477.759529][T29227] netlink: 8 bytes leftover after parsing attributes in process `syz.1.7952'. [ 1478.640858][T29240] netlink: 354 bytes leftover after parsing attributes in process `syz.4.7955'. [ 1481.246171][T29253] Process accounting resumed [ 1484.975399][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 1484.981789][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 1489.925244][T29357] can: request_module (can-proto-4) failed. [ 1490.474571][T29357] Process accounting resumed [ 1494.808742][T29398] Process accounting resumed [ 1495.216303][T29414] FAULT_INJECTION: forcing a failure. [ 1495.216303][T29414] name fail_futex, interval 1, probability 0, space 0, times 0 [ 1495.229359][T29414] CPU: 1 UID: 0 PID: 29414 Comm: syz.4.7998 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1495.229417][T29414] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1495.229430][T29414] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1495.229451][T29414] Call Trace: [ 1495.229462][T29414] [ 1495.229475][T29414] dump_stack_lvl+0x100/0x190 [ 1495.229528][T29414] should_fail_ex.cold+0x5/0xa [ 1495.229566][T29414] get_futex_key+0x1d2/0x1620 [ 1495.229610][T29414] ? __pfx_get_futex_key+0x10/0x10 [ 1495.229647][T29414] ? rcu_is_watching+0x12/0xc0 [ 1495.229694][T29414] ? vfs_writev+0x1d5/0xe10 [ 1495.229738][T29414] ? kfree+0x2ec/0x6b0 [ 1495.229786][T29414] futex_wake+0xea/0x530 [ 1495.229839][T29414] ? __pfx_futex_wake+0x10/0x10 [ 1495.229891][T29414] ? do_writev+0x214/0x340 [ 1495.229948][T29414] do_futex+0x32b/0x350 [ 1495.229992][T29414] ? __pfx_do_futex+0x10/0x10 [ 1495.230038][T29414] ? __fget_files+0x21f/0x3d0 [ 1495.230103][T29414] __x64_sys_futex+0x34f/0x4d0 [ 1495.230152][T29414] ? __pfx___x64_sys_futex+0x10/0x10 [ 1495.230195][T29414] ? __pfx_do_writev+0x10/0x10 [ 1495.230251][T29414] do_syscall_64+0x106/0xf80 [ 1495.230290][T29414] ? clear_bhb_loop+0x40/0x90 [ 1495.230330][T29414] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1495.230365][T29414] RIP: 0033:0x7f1cfb79c799 [ 1495.230395][T29414] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1495.230428][T29414] RSP: 002b:00007f1cfc6920e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1495.230460][T29414] RAX: ffffffffffffffda RBX: 00007f1cfba16098 RCX: 00007f1cfb79c799 [ 1495.230483][T29414] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f1cfba1609c [ 1495.230504][T29414] RBP: 00007f1cfba16090 R08: 0000000000000000 R09: 0000000000000000 [ 1495.230524][T29414] R10: 0000000000000006 R11: 0000000000000246 R12: 0000000000000000 [ 1495.230544][T29414] R13: 00007f1cfba16128 R14: 00007ffcd6b035a0 R15: 00007ffcd6b03688 [ 1495.230586][T29414] [ 1502.051102][T29477] netlink: 4 bytes leftover after parsing attributes in process `syz.4.8018'. [ 1502.104328][T29481] netlink: 'syz.4.8018': attribute type 1 has an invalid length. [ 1502.163954][T29481] netlink: 13 bytes leftover after parsing attributes in process `syz.4.8018'. [ 1502.740072][T29490] netlink: 'syz.4.8022': attribute type 1 has an invalid length. [ 1502.805217][T29490] netlink: 306 bytes leftover after parsing attributes in process `syz.4.8022'. [ 1504.027454][T17380] Bluetooth: hci2: unexpected event 0x1c length: 725 > 5 [ 1507.092110][ T30] audit: type=1326 audit(2147483701.590:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29530 comm="syz.3.8033" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f16d1f9c799 code=0x0 [ 1509.136060][T29559] netlink: 266 bytes leftover after parsing attributes in process `syz.3.8040'. [ 1511.065727][T29583] netlink: 'syz.1.8045': attribute type 5 has an invalid length. [ 1511.073536][T29583] netlink: 306 bytes leftover after parsing attributes in process `syz.1.8045'. [ 1511.162535][T29585] netlink: 9 bytes leftover after parsing attributes in process `syz.3.8046'. [ 1511.280985][T29585] Process accounting paused [ 1512.416581][T29602] netlink: 246 bytes leftover after parsing attributes in process `syz.1.8052'. [ 1515.590621][T29640] netlink: 16 bytes leftover after parsing attributes in process `syz.1.8062'. [ 1515.693339][T29640] bridge0: entered promiscuous mode [ 1515.746963][T29640] bridge0: entered allmulticast mode [ 1515.958997][T29645] netlink: 12 bytes leftover after parsing attributes in process `syz.4.8064'. [ 1516.231004][T29649] FAULT_INJECTION: forcing a failure. [ 1516.231004][T29649] name failslab, interval 1, probability 0, space 0, times 0 [ 1516.275031][T29649] CPU: 1 UID: 0 PID: 29649 Comm: syz.4.8067 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1516.275090][T29649] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1516.275103][T29649] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1516.275124][T29649] Call Trace: [ 1516.275136][T29649] [ 1516.275150][T29649] dump_stack_lvl+0x100/0x190 [ 1516.275208][T29649] should_fail_ex.cold+0x5/0xa [ 1516.275257][T29649] should_failslab+0xc2/0x120 [ 1516.275293][T29649] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 1516.275341][T29649] ? can_rx_register+0x582/0x6f0 [ 1516.275384][T29649] can_rx_register+0x582/0x6f0 [ 1516.275416][T29649] ? __pfx_raw_rcv+0x10/0x10 [ 1516.275456][T29649] ? __pfx_can_rx_register+0x10/0x10 [ 1516.275506][T29649] raw_enable_filters+0xe0/0x210 [ 1516.275554][T29649] raw_enable_allfilters+0x8b/0x2b0 [ 1516.275592][T29649] ? __local_bh_enable_ip+0x9e/0x120 [ 1516.275634][T29649] raw_bind+0x1bd/0xdf0 [ 1516.275669][T29649] ? apparmor_socket_bind+0x105/0x1e0 [ 1516.275721][T29649] __sys_bind+0x1a9/0x260 [ 1516.275775][T29649] ? __pfx___sys_bind+0x10/0x10 [ 1516.275855][T29649] __x64_sys_bind+0x72/0xb0 [ 1516.275904][T29649] ? lockdep_hardirqs_on+0x78/0x100 [ 1516.275961][T29649] do_syscall_64+0x106/0xf80 [ 1516.275999][T29649] ? clear_bhb_loop+0x40/0x90 [ 1516.276040][T29649] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1516.276076][T29649] RIP: 0033:0x7f1cfb79c799 [ 1516.276105][T29649] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1516.276139][T29649] RSP: 002b:00007f1cfc6b3028 EFLAGS: 00000246 ORIG_RAX: 0000000000000031 [ 1516.276173][T29649] RAX: ffffffffffffffda RBX: 00007f1cfba15fa0 RCX: 00007f1cfb79c799 [ 1516.276196][T29649] RDX: 000000000000006a RSI: 0000200000000040 RDI: 0000000000000003 [ 1516.276217][T29649] RBP: 00007f1cfb832bd9 R08: 0000000000000000 R09: 0000000000000000 [ 1516.276237][T29649] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1516.276269][T29649] R13: 00007f1cfba16038 R14: 00007f1cfba15fa0 R15: 00007ffcd6b03688 [ 1516.276316][T29649] [ 1516.319619][T17380] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 1516.596138][T29652] netlink: 4 bytes leftover after parsing attributes in process `syz.1.8066'. [ 1517.566116][T29668] netlink: 28 bytes leftover after parsing attributes in process `syz.1.8073'. [ 1518.010362][T29677] FAULT_INJECTION: forcing a failure. [ 1518.010362][T29677] name failslab, interval 1, probability 0, space 0, times 0 [ 1518.093572][T29677] CPU: 0 UID: 0 PID: 29677 Comm: syz.4.8076 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1518.093625][T29677] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1518.093646][T29677] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1518.093664][T29677] Call Trace: [ 1518.093675][T29677] [ 1518.093688][T29677] dump_stack_lvl+0x100/0x190 [ 1518.093741][T29677] should_fail_ex.cold+0x5/0xa [ 1518.093777][T29677] ? aa_label_asxprint+0x75/0x130 [ 1518.093820][T29677] should_failslab+0xc2/0x120 [ 1518.093857][T29677] __kmalloc_noprof+0xe0/0x850 [ 1518.093902][T29677] ? __pfx_vsnprintf+0x10/0x10 [ 1518.093938][T29677] aa_label_asxprint+0x75/0x130 [ 1518.093984][T29677] apparmor_lsmprop_to_secctx+0xb2/0x1a0 [ 1518.094020][T29677] security_lsmprop_to_secctx+0x146/0x1a0 [ 1518.094062][T29677] audit_log_subj_ctx+0x34f/0x460 [ 1518.094108][T29677] ? map_id_range_up+0x2ce/0x3b0 [ 1518.094175][T29677] ? __pfx_audit_log_subj_ctx+0x10/0x10 [ 1518.094225][T29677] ? audit_log_format+0xe8/0x130 [ 1518.094268][T29677] ? apparmor_current_getlsmprop_subj+0x107/0x3c0 [ 1518.094323][T29677] audit_log_task_context+0x88/0xb0 [ 1518.094369][T29677] ? __pfx_audit_log_task_context+0x10/0x10 [ 1518.094422][T29677] audit_log_task+0x1b7/0x3a0 [ 1518.094494][T29677] ? __pfx_audit_log_task+0x10/0x10 [ 1518.094527][T29677] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 1518.094573][T29677] audit_seccomp+0x79/0x190 [ 1518.094607][T29677] ? exc_general_protection+0x12e/0x250 [ 1518.094653][T29677] __secure_computing+0x26d/0x2c0 [ 1518.094697][T29677] do_syscall_64+0x568/0xf80 [ 1518.094729][T29677] ? clear_bhb_loop+0x40/0x90 [ 1518.094765][T29677] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1518.094796][T29677] RIP: 0033:0x7f1cfb79c799 [ 1518.094822][T29677] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1518.094876][T29677] RSP: 002b:00007f1cfc670a38 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 1518.094908][T29677] RAX: ffffffffffffffda RBX: 000000000000000b RCX: 00007f1cfb79c799 [ 1518.094929][T29677] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 000000000000000b [ 1518.094947][T29677] RBP: 00007f1cfc671030 R08: 0000000000000000 R09: 000000000000000b [ 1518.094965][T29677] R10: 0000000000000009 R11: 0000000000000246 R12: 0000000000047fcc [ 1518.094984][T29677] R13: 00007f1cfba16218 R14: 00007f1cfba16180 R15: 00007ffcd6b03688 [ 1518.095025][T29677] [ 1518.742848][T29677] audit: error in audit_log_subj_ctx [ 1518.760900][ T30] audit: type=1326 audit(2147483712.510:38): auid=4294967295 uid=0 gid=0 ses=4294967295 pid=29673 comm="syz.4.8076" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f1cfb79c799 code=0x0 [ 1521.424073][T29708] Process accounting paused [ 1522.029306][T29729] vcan0: tx drop: invalid sa for name 0x00000000000000fd [ 1523.194977][T17380] Bluetooth: hci0: unexpected event 0x1c length: 725 > 5 [ 1524.849429][T29762] netlink: 342 bytes leftover after parsing attributes in process `syz.2.8099'. [ 1525.380358][T29766] Process accounting paused [ 1526.852484][T29792] netlink: 186 bytes leftover after parsing attributes in process `syz.2.8107'. [ 1527.710689][T29815] netlink: 338 bytes leftover after parsing attributes in process `syz.3.8114'. [ 1527.810841][T29815] netlink: 314 bytes leftover after parsing attributes in process `syz.3.8114'. [ 1527.834635][T29817] netlink: 338 bytes leftover after parsing attributes in process `syz.3.8114'. [ 1527.927528][T29817] netlink: 338 bytes leftover after parsing attributes in process `syz.3.8114'. [ 1528.087796][T29817] netlink: 338 bytes leftover after parsing attributes in process `syz.3.8114'. [ 1528.186121][T29817] netlink: 338 bytes leftover after parsing attributes in process `syz.3.8114'. [ 1528.307570][T29817] netlink: 338 bytes leftover after parsing attributes in process `syz.3.8114'. [ 1528.363276][T29817] netlink: 338 bytes leftover after parsing attributes in process `syz.3.8114'. [ 1529.919713][T29842] __nla_validate_parse: 3 callbacks suppressed [ 1529.919759][T29842] netlink: 4 bytes leftover after parsing attributes in process `syz.1.8122'. [ 1532.803782][T29889] netlink: 342 bytes leftover after parsing attributes in process `syz.1.8135'. [ 1536.435909][T29927] netlink: 29 bytes leftover after parsing attributes in process `syz.1.8154'. [ 1536.518251][T17380] Bluetooth: hci1: unexpected event 0x02 length: 726 > 260 [ 1537.512643][T29934] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8144'. [ 1539.305685][T29951] netlink: 62 bytes leftover after parsing attributes in process `syz.3.8151'. [ 1539.365355][T29951] netlink: 62 bytes leftover after parsing attributes in process `syz.3.8151'. [ 1539.374745][T29951] netlink: 62 bytes leftover after parsing attributes in process `syz.3.8151'. [ 1539.457148][T29951] netlink: 62 bytes leftover after parsing attributes in process `syz.3.8151'. [ 1539.493530][T29951] netlink: 62 bytes leftover after parsing attributes in process `syz.3.8151'. [ 1539.535185][T29951] netlink: 62 bytes leftover after parsing attributes in process `syz.3.8151'. [ 1539.544521][T29951] netlink: 62 bytes leftover after parsing attributes in process `syz.3.8151'. [ 1539.622468][T29951] netlink: 62 bytes leftover after parsing attributes in process `syz.3.8151'. [ 1541.808304][T29976] Process accounting resumed [ 1545.547682][T30016] __nla_validate_parse: 9 callbacks suppressed [ 1545.547702][T30016] netlink: 342 bytes leftover after parsing attributes in process `syz.4.8169'. [ 1545.936487][T30029] netlink: 'syz.4.8172': attribute type 29 has an invalid length. [ 1545.975921][T30029] netlink: 'syz.4.8172': attribute type 30 has an invalid length. [ 1546.016915][T30029] netlink: 'syz.4.8172': attribute type 31 has an invalid length. [ 1546.067294][T30029] netlink: 'syz.4.8172': attribute type 32 has an invalid length. [ 1546.092499][T30029] netlink: 'syz.4.8172': attribute type 33 has an invalid length. [ 1546.125166][T30029] netlink: 'syz.4.8172': attribute type 35 has an invalid length. [ 1546.188942][T30029] netlink: 'syz.4.8172': attribute type 37 has an invalid length. [ 1546.218030][T30029] netlink: 18 bytes leftover after parsing attributes in process `syz.4.8172'. [ 1546.239200][T29946] delete_channel: no stack [ 1546.402502][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 1546.408980][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 1546.627531][T30039] netlink: 25 bytes leftover after parsing attributes in process `syz.4.8176'. [ 1547.048875][T30042] netlink: 28 bytes leftover after parsing attributes in process `syz.4.8185'. [ 1547.081734][T30042] bridge_slave_1: left allmulticast mode [ 1547.091609][T30042] bridge_slave_1: left promiscuous mode [ 1547.117463][T30042] bridge0: port 2(bridge_slave_1) entered disabled state [ 1547.210340][T30042] bridge_slave_0: left allmulticast mode [ 1547.225075][T30042] bridge_slave_0: left promiscuous mode [ 1547.258967][T30042] bridge0: port 1(bridge_slave_0) entered disabled state [ 1547.269250][T30049] netlink: 13 bytes leftover after parsing attributes in process `syz.2.8179'. [ 1549.275965][T30069] netlink: 62 bytes leftover after parsing attributes in process `syz.4.8184'. [ 1549.316057][T30069] netlink: 62 bytes leftover after parsing attributes in process `syz.4.8184'. [ 1549.328078][T30069] netlink: 62 bytes leftover after parsing attributes in process `syz.4.8184'. [ 1549.339430][T30069] netlink: 62 bytes leftover after parsing attributes in process `syz.4.8184'. [ 1549.353189][T30069] netlink: 62 bytes leftover after parsing attributes in process `syz.4.8184'. [ 1551.851874][T30101] Process accounting resumed [ 1552.030159][T30113] __nla_validate_parse: 14 callbacks suppressed [ 1552.030186][T30113] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8195'. [ 1552.087237][T30113] netlink: 'syz.2.8195': attribute type 1 has an invalid length. [ 1552.116195][T30113] netlink: 13 bytes leftover after parsing attributes in process `syz.2.8195'. [ 1552.140111][T30113] netlink: 'syz.2.8195': attribute type 1 has an invalid length. [ 1555.435035][T17380] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 1555.547459][T30156] Process accounting resumed [ 1557.190970][T30187] netlink: 2468 bytes leftover after parsing attributes in process `syz.3.8214'. [ 1559.395125][ T30] audit: type=1326 audit(2147483753.870:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30213 comm="syz.1.8223" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7efcd159c799 code=0x0 [ 1568.715029][T17380] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 1568.805001][T28532] Bluetooth: hci5: Opcode 0x0c03 failed: -110 [ 1571.116877][T30358] FAULT_INJECTION: forcing a failure. [ 1571.116877][T30358] name failslab, interval 1, probability 0, space 0, times 0 [ 1571.161160][T30358] CPU: 0 UID: 0 PID: 30358 Comm: syz.4.8255 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1571.161216][T30358] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1571.161230][T30358] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1571.161251][T30358] Call Trace: [ 1571.161263][T30358] [ 1571.161276][T30358] dump_stack_lvl+0x100/0x190 [ 1571.161331][T30358] should_fail_ex.cold+0x5/0xa [ 1571.161367][T30358] should_failslab+0xc2/0x120 [ 1571.161400][T30358] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1571.161451][T30358] ? shrinker_alloc+0xf5/0xbc0 [ 1571.161512][T30358] shrinker_alloc+0xf5/0xbc0 [ 1571.161558][T30358] ? mark_held_locks+0x40/0x70 [ 1571.161596][T30358] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 1571.161630][T30358] ? rcu_is_watching+0x12/0xc0 [ 1571.161683][T30358] ? __pfx_shrinker_alloc+0x10/0x10 [ 1571.161735][T30358] ? lockdep_init_map_type+0x5c/0x250 [ 1571.161776][T30358] ? lockdep_init_map_type+0x5c/0x250 [ 1571.161817][T30358] ? __raw_spin_lock_init+0x3a/0x110 [ 1571.161861][T30358] ? __init_rwsem+0x12d/0x1b0 [ 1571.161908][T30358] alloc_super+0x7c7/0xd20 [ 1571.161956][T30358] ? __pfx_mqueue_fill_super+0x10/0x10 [ 1571.161997][T30358] sget_fc+0x117/0xc70 [ 1571.162041][T30358] ? __pfx_set_anon_super_fc+0x10/0x10 [ 1571.162086][T30358] ? __pfx_mqueue_fill_super+0x10/0x10 [ 1571.162124][T30358] get_tree_nodev+0x28/0x190 [ 1571.162169][T30358] mqueue_get_tree+0xf1/0x130 [ 1571.162208][T30358] vfs_get_tree+0x92/0x320 [ 1571.162251][T30358] fc_mount_longterm+0x1a/0x270 [ 1571.162297][T30358] mq_init_ns+0x482/0x820 [ 1571.162344][T30358] copy_ipcs+0x3dd/0x7e0 [ 1571.162390][T30358] create_new_namespaces+0x20a/0xac0 [ 1571.162423][T30358] ? security_capable+0x80/0x260 [ 1571.162487][T30358] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 1571.162542][T30358] ksys_unshare+0x473/0xad0 [ 1571.162587][T30358] ? __pfx_ksys_unshare+0x10/0x10 [ 1571.162645][T30358] __x64_sys_unshare+0x31/0x40 [ 1571.162687][T30358] do_syscall_64+0x106/0xf80 [ 1571.162723][T30358] ? clear_bhb_loop+0x40/0x90 [ 1571.162765][T30358] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1571.162799][T30358] RIP: 0033:0x7f1cfb79c799 [ 1571.162827][T30358] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1571.162860][T30358] RSP: 002b:00007f1cfc692028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 1571.162893][T30358] RAX: ffffffffffffffda RBX: 00007f1cfba16090 RCX: 00007f1cfb79c799 [ 1571.162915][T30358] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000006c000000 [ 1571.162936][T30358] RBP: 00007f1cfb832bd9 R08: 0000000000000000 R09: 0000000000000000 [ 1571.162956][T30358] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1571.162976][T30358] R13: 00007f1cfba16128 R14: 00007f1cfba16090 R15: 00007ffcd6b03688 [ 1571.163021][T30358] [ 1572.693163][T30350] Process accounting paused [ 1574.354260][T30384] mkiss: ax0: crc mode is auto. [ 1576.927738][T30418] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8270'. [ 1576.961561][T30418] netlink: 354 bytes leftover after parsing attributes in process `syz.3.8270'. [ 1578.209579][T30428] nfsd: Unknown parameter 'V' [ 1580.115825][T30447] Line length is too long: Should be less than 4094 [ 1581.057221][T30460] FAULT_INJECTION: forcing a failure. [ 1581.057221][T30460] name failslab, interval 1, probability 0, space 0, times 0 [ 1581.145633][T30460] CPU: 1 UID: 0 PID: 30460 Comm: syz.2.8281 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1581.145689][T30460] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1581.145704][T30460] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1581.145724][T30460] Call Trace: [ 1581.145736][T30460] [ 1581.145750][T30460] dump_stack_lvl+0x100/0x190 [ 1581.145807][T30460] should_fail_ex.cold+0x5/0xa [ 1581.145849][T30460] should_failslab+0xc2/0x120 [ 1581.145882][T30460] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1581.145929][T30460] ? apply_subsystem_event_filter+0xb85/0x17d0 [ 1581.145991][T30460] apply_subsystem_event_filter+0xb85/0x17d0 [ 1581.146058][T30460] ? __pfx_apply_subsystem_event_filter+0x10/0x10 [ 1581.146122][T30460] ? _copy_from_user+0x59/0xd0 [ 1581.146178][T30460] ? __pfx_subsystem_filter_write+0x10/0x10 [ 1581.146226][T30460] subsystem_filter_write+0x95/0x120 [ 1581.146281][T30460] vfs_writev+0x5ea/0xe10 [ 1581.146329][T30460] ? rcu_is_watching+0x12/0xc0 [ 1581.146387][T30460] ? __pfx_vfs_writev+0x10/0x10 [ 1581.146434][T30460] ? fdget_pos+0x2aa/0x380 [ 1581.146498][T30460] ? __fget_files+0x21f/0x3d0 [ 1581.146608][T30460] ? do_writev+0x13e/0x340 [ 1581.146658][T30460] do_writev+0x13e/0x340 [ 1581.146707][T30460] ? __pfx_do_writev+0x10/0x10 [ 1581.146766][T30460] do_syscall_64+0x106/0xf80 [ 1581.146803][T30460] ? clear_bhb_loop+0x40/0x90 [ 1581.146845][T30460] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1581.146881][T30460] RIP: 0033:0x7f2cebf9c799 [ 1581.146910][T30460] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1581.146944][T30460] RSP: 002b:00007f2cecec6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1581.146976][T30460] RAX: ffffffffffffffda RBX: 00007f2cec216090 RCX: 00007f2cebf9c799 [ 1581.146998][T30460] RDX: 0000000000000005 RSI: 0000200000000140 RDI: 0000000000000006 [ 1581.147019][T30460] RBP: 00007f2cec032bd9 R08: 0000000000000000 R09: 0000000000000000 [ 1581.147040][T30460] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1581.147060][T30460] R13: 00007f2cec216128 R14: 00007f2cec216090 R15: 00007ffd940bb848 [ 1581.147106][T30460] [ 1581.894531][T30471] netlink: 4 bytes leftover after parsing attributes in process `syz.1.8284'. [ 1581.935654][T30471] netlink: 25 bytes leftover after parsing attributes in process `syz.1.8284'. [ 1581.960138][T30458] Process accounting paused [ 1582.196694][T30466] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78000 [ 1582.285007][T30466] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 1582.293596][T30466] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 1582.544329][T30466] page_type: f5(slab) [ 1582.548850][T30466] raw: 00fff00000000040 ffff88813fe3cdc0 dead000000000100 dead000000000122 [ 1582.611333][T30466] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 1582.668717][T30466] head: 00fff00000000040 ffff88813fe3cdc0 dead000000000100 dead000000000122 [ 1582.741785][T30466] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 1582.794139][T30466] head: 00fff00000000003 ffffea0001e00001 00000000ffffffff 00000000ffffffff [ 1582.833122][T30466] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 1582.843315][T30466] page dumped because: unmovable page [ 1582.848907][T30466] page_owner tracks the page as allocated [ 1582.854885][T30466] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5832, tgid 5832 (syz-executor), ts 96485765175, free_ts 78213140900 [ 1582.881258][T30466] post_alloc_hook+0x153/0x170 [ 1582.887742][T30466] get_page_from_freelist+0x111d/0x3140 [ 1582.893606][T30466] __alloc_frozen_pages_noprof+0x27c/0x2ba0 [ 1582.899737][T30466] new_slab+0xa6/0x6d0 [ 1582.904085][T30466] refill_objects+0x26b/0x400 [ 1582.908982][T30466] __pcs_replace_empty_main+0x19f/0x600 [ 1582.914839][T30466] __kmalloc_noprof+0x688/0x850 [ 1582.919853][T30466] __alloc_workqueue+0x148/0x1880 [ 1582.925143][T30466] alloc_workqueue_noprof+0xd2/0x200 [ 1582.930607][T30466] wg_newlink+0x24d/0x7a0 [ 1582.935629][T30466] rtnl_newlink+0x1494/0x2380 [ 1582.940829][T30466] rtnetlink_rcv_msg+0x95e/0xe90 [ 1582.946437][T30466] netlink_rcv_skb+0x159/0x420 [ 1582.951366][T30466] netlink_unicast+0x5aa/0x870 [ 1582.984539][T30466] netlink_sendmsg+0x8b0/0xda0 [ 1583.014876][T30466] __sys_sendto+0x4aa/0x520 [ 1583.050044][T30466] page last free pid 5730 tgid 5730 stack trace: [ 1583.101174][T30466] __free_frozen_pages+0x7e1/0x10d0 [ 1583.153070][T30466] qlist_free_all+0x47/0xe0 [ 1583.191859][T30466] kasan_quarantine_reduce+0x1a0/0x1f0 [ 1583.227080][T30486] netlink: 20 bytes leftover after parsing attributes in process `syz.3.8289'. [ 1583.257468][T30466] __kasan_slab_alloc+0x69/0x90 [ 1583.282943][T30466] kmem_cache_alloc_noprof+0x241/0x6e0 [ 1583.320230][T30466] do_getname+0x35/0x390 [ 1583.324606][T30466] vfs_fstatat+0xd0/0xe0 [ 1583.386947][T30466] __do_sys_newfstatat+0x9d/0x120 [ 1583.395210][T30466] do_syscall_64+0x106/0xf80 [ 1583.399927][T30466] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1584.884898][ T30] audit: type=1800 audit(2147483779.380:40): pid=30512 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.8297" name="dbroot" dev="configfs" ino=894815 res=0 errno=0 [ 1586.117150][T30528] netlink: 28 bytes leftover after parsing attributes in process `syz.4.8307'. [ 1586.394324][T30528] bond0: (slave bond_slave_1): Releasing backup interface [ 1586.710694][T30531] Process accounting paused [ 1587.271568][T30542] Line length is too long: Should be less than 4094 [ 1588.376546][T30546] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78000 [ 1588.434917][T30546] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 1588.443528][T30546] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 1588.556731][T30546] page_type: f5(slab) [ 1588.560811][T30546] raw: 00fff00000000040 ffff88813fe3cdc0 dead000000000100 dead000000000122 [ 1588.644472][T30546] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 1588.697387][T30546] head: 00fff00000000040 ffff88813fe3cdc0 dead000000000100 dead000000000122 [ 1588.726774][T30546] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 1588.765652][T30546] head: 00fff00000000003 ffffea0001e00001 00000000ffffffff 00000000ffffffff [ 1588.792149][T30546] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 1588.822959][T30546] page dumped because: unmovable page [ 1588.868188][T30546] page_owner tracks the page as allocated [ 1588.885361][T30546] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5832, tgid 5832 (syz-executor), ts 96485765175, free_ts 78213140900 [ 1588.948522][T30552] Loading of unsigned module is rejected [ 1588.998519][T30546] post_alloc_hook+0x153/0x170 [ 1589.003392][T30546] get_page_from_freelist+0x111d/0x3140 [ 1589.027093][T30546] __alloc_frozen_pages_noprof+0x27c/0x2ba0 [ 1589.033107][T30546] new_slab+0xa6/0x6d0 [ 1589.045500][T30546] refill_objects+0x26b/0x400 [ 1589.050281][T30546] __pcs_replace_empty_main+0x19f/0x600 [ 1589.084478][T30546] __kmalloc_noprof+0x688/0x850 [ 1589.125796][T30546] __alloc_workqueue+0x148/0x1880 [ 1589.131026][T30546] alloc_workqueue_noprof+0xd2/0x200 [ 1589.176233][T30546] wg_newlink+0x24d/0x7a0 [ 1589.191776][T30546] rtnl_newlink+0x1494/0x2380 [ 1589.210175][T30546] rtnetlink_rcv_msg+0x95e/0xe90 [ 1589.244666][T30546] netlink_rcv_skb+0x159/0x420 [ 1589.276507][T30546] netlink_unicast+0x5aa/0x870 [ 1589.281341][T30546] netlink_sendmsg+0x8b0/0xda0 [ 1589.296234][T30546] __sys_sendto+0x4aa/0x520 [ 1589.311065][T30546] page last free pid 5730 tgid 5730 stack trace: [ 1589.333577][T30546] __free_frozen_pages+0x7e1/0x10d0 [ 1589.364225][T30546] qlist_free_all+0x47/0xe0 [ 1589.374960][T30546] kasan_quarantine_reduce+0x1a0/0x1f0 [ 1589.380617][T30546] __kasan_slab_alloc+0x69/0x90 [ 1589.395092][T30546] kmem_cache_alloc_noprof+0x241/0x6e0 [ 1589.425135][T30546] do_getname+0x35/0x390 [ 1589.429487][T30546] vfs_fstatat+0xd0/0xe0 [ 1589.444467][T30546] __do_sys_newfstatat+0x9d/0x120 [ 1589.464618][T30546] do_syscall_64+0x106/0xf80 [ 1589.482984][T30546] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1592.389394][T30578] netlink: 350 bytes leftover after parsing attributes in process `syz.4.8313'. [ 1592.756863][T30585] netlink: 'syz.4.8315': attribute type 1 has an invalid length. [ 1592.802717][T30585] netlink: 9 bytes leftover after parsing attributes in process `syz.4.8315'. [ 1593.061479][T30590] netlink: 504 bytes leftover after parsing attributes in process `syz.2.8317'. [ 1593.103281][T30590] netlink: 350 bytes leftover after parsing attributes in process `syz.2.8317'. [ 1593.205734][T30595] Dead loop on virtual device ip6_vti0, fix it urgently! [ 1593.245537][T30595] Dead loop on virtual device ip6_vti0, fix it urgently! [ 1593.253892][T30595] Dead loop on virtual device ip6_vti0, fix it urgently! [ 1593.272031][T30595] Dead loop on virtual device ip6_vti0, fix it urgently! [ 1593.291437][T30595] Dead loop on virtual device ip6_vti0, fix it urgently! [ 1593.311508][T30595] Dead loop on virtual device ip6_vti0, fix it urgently! [ 1593.343277][T30595] Dead loop on virtual device ip6_vti0, fix it urgently! [ 1595.423159][T30635] Dead loop on virtual device ip6_vti0, fix it urgently! [ 1595.436141][T30635] Dead loop on virtual device ip6_vti0, fix it urgently! [ 1595.484924][T30635] Dead loop on virtual device ip6_vti0, fix it urgently! [ 1596.208013][T30636] Loading of unsigned module is rejected [ 1597.135269][T30649] netlink: 28 bytes leftover after parsing attributes in process `syz.1.8334'. [ 1597.355362][T30649] bond0: (slave bond_slave_1): Releasing backup interface [ 1598.141665][T30660] random: crng reseeded on system resumption [ 1601.240325][T30710] netlink: 28 bytes leftover after parsing attributes in process `syz.3.8350'. [ 1601.267870][T30710] veth1_macvtap: left promiscuous mode [ 1601.723108][T30715] FAULT_INJECTION: forcing a failure. [ 1601.723108][T30715] name failslab, interval 1, probability 0, space 0, times 0 [ 1601.736323][T30715] CPU: 0 UID: 0 PID: 30715 Comm: syz.4.8359 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1601.736380][T30715] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1601.736393][T30715] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1601.736413][T30715] Call Trace: [ 1601.736424][T30715] [ 1601.736437][T30715] dump_stack_lvl+0x100/0x190 [ 1601.736494][T30715] should_fail_ex.cold+0x5/0xa [ 1601.736532][T30715] should_failslab+0xc2/0x120 [ 1601.736564][T30715] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 1601.736614][T30715] ? __kernfs_new_node+0xd2/0x960 [ 1601.736665][T30715] __kernfs_new_node+0xd2/0x960 [ 1601.736714][T30715] ? __pfx___kernfs_new_node+0x10/0x10 [ 1601.736769][T30715] ? find_held_lock+0x2b/0x80 [ 1601.736799][T30715] ? kernfs_root+0xee/0x2a0 [ 1601.736839][T30715] ? kernfs_root+0xee/0x2a0 [ 1601.736892][T30715] kernfs_new_node+0x11b/0x1a0 [ 1601.736957][T30715] __kernfs_create_file+0x53/0x350 [ 1601.736998][T30715] sysfs_add_file_mode_ns+0x207/0x3c0 [ 1601.737049][T30715] internal_create_group+0x593/0xf40 [ 1601.737124][T30715] ? __pfx_internal_create_group+0x10/0x10 [ 1601.737189][T30715] ? kernfs_create_link+0x1bd/0x240 [ 1601.737228][T30715] internal_create_groups+0x9d/0x150 [ 1601.737273][T30715] device_add+0xf5b/0x1950 [ 1601.737324][T30715] ? __pfx_device_add+0x10/0x10 [ 1601.737372][T30715] ? lockdep_init_map_type+0x5c/0x250 [ 1601.737413][T30715] ? __init_waitqueue_head+0xca/0x150 [ 1601.737466][T30715] wakeup_source_device_create+0x243/0x2e0 [ 1601.737514][T30715] wakeup_source_sysfs_add+0x1c/0x90 [ 1601.737561][T30715] wakeup_source_register+0x154/0x3e0 [ 1601.737602][T30715] device_wakeup_enable+0xce/0x2e0 [ 1601.737646][T30715] device_set_wakeup_enable+0xfb/0x120 [ 1601.737688][T30715] usb_hcd_submit_urb+0x770/0x2150 [ 1601.737745][T30715] usb_submit_urb+0x8aa/0x1910 [ 1601.737800][T30715] ? __init_swait_queue_head+0xca/0x150 [ 1601.737849][T30715] usbfs_start_wait_urb+0x127/0x3d0 [ 1601.737894][T30715] ? __pfx_usbfs_start_wait_urb+0x10/0x10 [ 1601.737958][T30715] do_proc_control+0x7e1/0xe50 [ 1601.738010][T30715] ? __pfx_do_proc_control+0x10/0x10 [ 1601.738065][T30715] usbdev_ioctl+0x1a28/0x3aa0 [ 1601.738129][T30715] ? __pfx_usbdev_ioctl+0x10/0x10 [ 1601.738205][T30715] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1601.738263][T30715] ? do_vfs_ioctl+0x226/0x13e0 [ 1601.738321][T30715] ? find_held_lock+0x2b/0x80 [ 1601.738350][T30715] ? __fget_files+0x215/0x3d0 [ 1601.738397][T30715] ? hook_file_ioctl_common+0x146/0x410 [ 1601.738466][T30715] ? __fget_files+0x21f/0x3d0 [ 1601.738518][T30715] ? __pfx_usbdev_ioctl+0x10/0x10 [ 1601.738566][T30715] __x64_sys_ioctl+0x18e/0x210 [ 1601.738630][T30715] do_syscall_64+0x106/0xf80 [ 1601.738666][T30715] ? clear_bhb_loop+0x40/0x90 [ 1601.738708][T30715] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1601.738743][T30715] RIP: 0033:0x7f1cfb79c799 [ 1601.738771][T30715] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1601.738805][T30715] RSP: 002b:00007f1cfc6b3028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1601.738837][T30715] RAX: ffffffffffffffda RBX: 00007f1cfba15fa0 RCX: 00007f1cfb79c799 [ 1601.738860][T30715] RDX: 0000200000000000 RSI: 00000000c0185500 RDI: 0000000000000008 [ 1601.738882][T30715] RBP: 00007f1cfb832bd9 R08: 0000000000000000 R09: 0000000000000000 [ 1601.738902][T30715] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1601.738921][T30715] R13: 00007f1cfba16038 R14: 00007f1cfba15fa0 R15: 00007ffcd6b03688 [ 1601.738964][T30715] [ 1605.260286][T19566] netdevsim netdevsim1335 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1605.457001][T30731] Process accounting resumed [ 1606.978664][T30762] netlink: 28 bytes leftover after parsing attributes in process `syz.3.8361'. [ 1607.875415][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 1607.881842][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 1608.680310][T30774] netlink: 12 bytes leftover after parsing attributes in process `syz.3.8363'. [ 1608.873190][T30774]  (unregistering): (slave bond_slave_1): Releasing backup interface [ 1608.888076][T30774]  (unregistering): Released all slaves [ 1609.559286][T30781] netlink: 12 bytes leftover after parsing attributes in process `syz.1.8365'. [ 1609.690079][T30781] i: entered promiscuous mode [ 1609.712301][T30785] HfR: entered promiscuous mode [ 1611.730439][T30813] netlink: 12 bytes leftover after parsing attributes in process `syz.4.8376'. [ 1611.975676][T30813] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1612.014106][T30813] bond0 (unregistering): Released all slaves [ 1612.417377][T30818] netlink: 'syz.4.8378': attribute type 2 has an invalid length. [ 1612.437877][T30818] netlink: 'syz.4.8378': attribute type 3 has an invalid length. [ 1612.454144][T30819] Loading of unsigned module is rejected [ 1612.464439][T30818] netlink: 158 bytes leftover after parsing attributes in process `syz.4.8378'. [ 1612.507245][T30818] netlink: 4 bytes leftover after parsing attributes in process `syz.4.8378'. [ 1613.648609][T30753] Process accounting resumed [ 1614.531285][T30844] FAULT_INJECTION: forcing a failure. [ 1614.531285][T30844] name failslab, interval 1, probability 0, space 0, times 0 [ 1614.575341][T30844] CPU: 0 UID: 0 PID: 30844 Comm: syz.4.8385 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1614.575399][T30844] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1614.575413][T30844] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1614.575435][T30844] Call Trace: [ 1614.575446][T30844] [ 1614.575460][T30844] dump_stack_lvl+0x100/0x190 [ 1614.575517][T30844] should_fail_ex.cold+0x5/0xa [ 1614.575557][T30844] should_failslab+0xc2/0x120 [ 1614.575591][T30844] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 1614.575638][T30844] ? vm_area_dup+0x27/0x8e0 [ 1614.575690][T30844] vm_area_dup+0x27/0x8e0 [ 1614.575746][T30844] __split_vma+0x18c/0xd90 [ 1614.575797][T30844] ? __pfx___split_vma+0x10/0x10 [ 1614.575841][T30844] ? finish_task_switch.isra.0+0x200/0xb80 [ 1614.575901][T30844] vma_modify+0x1121/0x2250 [ 1614.575966][T30844] ? __pfx_vma_modify+0x10/0x10 [ 1614.576024][T30844] vma_modify_flags+0x257/0x3d0 [ 1614.576074][T30844] ? __pfx_vma_modify_flags+0x10/0x10 [ 1614.576137][T30844] ? mtree_range_walk+0x6ce/0xcd0 [ 1614.576208][T30844] mlock_fixup+0x302/0xf00 [ 1614.576266][T30844] ? __pfx_mlock_fixup+0x10/0x10 [ 1614.576324][T30844] apply_vma_lock_flags+0x256/0x370 [ 1614.576395][T30844] ? __pfx_apply_vma_lock_flags+0x10/0x10 [ 1614.576468][T30844] ? __pfx___might_resched+0x10/0x10 [ 1614.576561][T30844] ? __pfx_down_write_killable+0x10/0x10 [ 1614.576613][T30844] ? do_futex+0x192/0x350 [ 1614.576663][T30844] do_mlock+0x261/0x7f0 [ 1614.576716][T30844] ? __pfx_do_mlock+0x10/0x10 [ 1614.576759][T30844] ? __x64_sys_futex+0x34f/0x4d0 [ 1614.576807][T30844] ? __x64_sys_futex+0x358/0x4d0 [ 1614.576853][T30844] ? __pfx_ksys_mmap_pgoff+0x10/0x10 [ 1614.576886][T30844] ? xfd_validate_state+0x129/0x190 [ 1614.576956][T30844] __x64_sys_mlock+0x59/0x80 [ 1614.577005][T30844] do_syscall_64+0x106/0xf80 [ 1614.577044][T30844] ? clear_bhb_loop+0x40/0x90 [ 1614.577099][T30844] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1614.577135][T30844] RIP: 0033:0x7f1cfb79c799 [ 1614.577163][T30844] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1614.577197][T30844] RSP: 002b:00007f1cfc6b3028 EFLAGS: 00000246 ORIG_RAX: 0000000000000095 [ 1614.577230][T30844] RAX: ffffffffffffffda RBX: 00007f1cfba15fa0 RCX: 00007f1cfb79c799 [ 1614.577260][T30844] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 000000000000fbe8 [ 1614.577281][T30844] RBP: 00007f1cfb832bd9 R08: 0000000000000000 R09: 0000000000000000 [ 1614.577301][T30844] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1614.577321][T30844] R13: 00007f1cfba16038 R14: 00007f1cfba15fa0 R15: 00007ffcd6b03688 [ 1614.577406][T30844] [ 1615.681334][T30848] netlink: 4 bytes leftover after parsing attributes in process `syz.1.8386'. [ 1615.714079][T30848] netlink: 4 bytes leftover after parsing attributes in process `syz.1.8386'. [ 1616.939575][T30874] Process accounting resumed [ 1618.535293][T30894] netlink: 326 bytes leftover after parsing attributes in process `syz.3.8398'. [ 1619.892501][T30920] netlink: 186 bytes leftover after parsing attributes in process `syz.3.8404'. [ 1619.943926][T30922] netlink: 28 bytes leftover after parsing attributes in process `syz.4.8405'. [ 1619.953295][T30918] can: request_module (can-proto-5) failed. [ 1620.291037][T30922] veth1_macvtap: left promiscuous mode [ 1622.494058][T30949] FAULT_INJECTION: forcing a failure. [ 1622.494058][T30949] name failslab, interval 1, probability 0, space 0, times 0 [ 1622.665247][T30949] CPU: 1 UID: 0 PID: 30949 Comm: syz.4.8410 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1622.665305][T30949] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1622.665318][T30949] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1622.665338][T30949] Call Trace: [ 1622.665350][T30949] [ 1622.665364][T30949] dump_stack_lvl+0x100/0x190 [ 1622.665421][T30949] should_fail_ex.cold+0x5/0xa [ 1622.665461][T30949] should_failslab+0xc2/0x120 [ 1622.665494][T30949] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1622.665547][T30949] ? single_open+0x4d/0x1d0 [ 1622.665595][T30949] ? __pfx_snd_info_seq_show+0x10/0x10 [ 1622.665647][T30949] single_open+0x4d/0x1d0 [ 1622.665691][T30949] snd_info_text_entry_open+0x284/0x2f0 [ 1622.665741][T30949] ? trace_kmem_cache_alloc+0xf3/0x120 [ 1622.665773][T30949] ? __pfx_snd_info_text_entry_open+0x10/0x10 [ 1622.665825][T30949] ? kmem_cache_alloc_noprof+0x292/0x6e0 [ 1622.665872][T30949] ? proc_reg_open+0x23f/0x5f0 [ 1622.665923][T30949] ? __pfx_snd_info_text_entry_open+0x10/0x10 [ 1622.665995][T30949] proc_reg_open+0x2ab/0x5f0 [ 1622.666048][T30949] do_dentry_open+0x6d8/0x1660 [ 1622.666101][T30949] ? __pfx_proc_reg_open+0x10/0x10 [ 1622.666162][T30949] vfs_open+0x82/0x3f0 [ 1622.666207][T30949] path_openat+0x208c/0x31a0 [ 1622.666256][T30949] ? __pfx_path_openat+0x10/0x10 [ 1622.666306][T30949] do_file_open+0x20e/0x430 [ 1622.666342][T30949] ? __pfx_do_file_open+0x10/0x10 [ 1622.666408][T30949] ? alloc_fd+0x476/0x790 [ 1622.666468][T30949] ? do_getname+0x191/0x390 [ 1622.666521][T30949] do_sys_openat2+0x10d/0x1e0 [ 1622.666565][T30949] ? __pfx_do_sys_openat2+0x10/0x10 [ 1622.666612][T30949] ? __fget_files+0x21f/0x3d0 [ 1622.666674][T30949] __x64_sys_openat+0x12d/0x210 [ 1622.666718][T30949] ? __pfx___x64_sys_openat+0x10/0x10 [ 1622.666778][T30949] do_syscall_64+0x106/0xf80 [ 1622.666818][T30949] ? clear_bhb_loop+0x40/0x90 [ 1622.666861][T30949] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1622.666898][T30949] RIP: 0033:0x7f1cfb79c799 [ 1622.666928][T30949] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1622.666965][T30949] RSP: 002b:00007f1cfc6b3028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1622.667000][T30949] RAX: ffffffffffffffda RBX: 00007f1cfba15fa0 RCX: 00007f1cfb79c799 [ 1622.667024][T30949] RDX: 0000000000000000 RSI: 0000200000000100 RDI: ffffffffffffff9c [ 1622.667047][T30949] RBP: 00007f1cfb832bd9 R08: 0000000000000000 R09: 0000000000000000 [ 1622.667069][T30949] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1622.667090][T30949] R13: 00007f1cfba16038 R14: 00007f1cfba15fa0 R15: 00007ffcd6b03688 [ 1622.667137][T30949] [ 1623.445264][T30954] netlink: 354 bytes leftover after parsing attributes in process `syz.3.8413'. [ 1623.530480][T30956] can: request_module (can-proto-5) failed. [ 1623.540178][T30959] netlink: 186 bytes leftover after parsing attributes in process `syz.1.8415'. [ 1625.022318][T30974] netlink: 12 bytes leftover after parsing attributes in process `syz.1.8417'. [ 1625.336805][T30980] netlink: 28 bytes leftover after parsing attributes in process `syz.2.8418'. [ 1625.545549][T30974] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1625.648783][T30974] bond0 (unregistering): Released all slaves [ 1626.633998][T30987] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1626.714382][T30987] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 1626.971117][T30987] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1627.037250][T30987] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1627.043441][T30987] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1627.104482][T30987] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 1627.854344][T30999] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8423'. [ 1627.925721][T30999] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8423'. [ 1628.715208][T28532] Bluetooth: hci2: command 0x0406 tx timeout [ 1629.035297][T28532] Bluetooth: hci3: command 0x0c1a tx timeout [ 1629.115824][T28532] Bluetooth: hci0: command 0x0406 tx timeout [ 1629.122241][T28532] Bluetooth: hci1: command 0x0406 tx timeout [ 1629.838559][T31014] can: request_module (can-proto-5) failed. [ 1629.865305][T31014] netlink: 186 bytes leftover after parsing attributes in process `syz.4.8427'. [ 1630.795060][T28532] Bluetooth: hci2: command 0x0406 tx timeout [ 1631.195551][T28532] Bluetooth: hci0: command 0x0406 tx timeout [ 1632.250674][T31043] netlink: 28 bytes leftover after parsing attributes in process `syz.1.8433'. [ 1632.782352][T31045] netlink: 'syz.1.8434': attribute type 4 has an invalid length. [ 1632.829388][T31045] netlink: 'syz.1.8434': attribute type 5 has an invalid length. [ 1632.874319][T31045] netlink: 10 bytes leftover after parsing attributes in process `syz.1.8434'. [ 1634.084332][T31052] netlink: 326 bytes leftover after parsing attributes in process `syz.1.8435'. [ 1634.372801][T31063] futex_wake_op: syz.3.8437 tries to shift op by -2048; fix this program [ 1634.435207][T31063] futex_wake_op: syz.3.8437 tries to shift op by -2048; fix this program [ 1636.277654][T31078] Process accounting paused [ 1637.964454][T31093] WARNING! power/level is deprecated; use power/control instead [ 1639.435150][T31111] smpboot: CPU 1 is now offline [ 1643.547063][T31159] netlink: 326 bytes leftover after parsing attributes in process `syz.3.8462'. [ 1643.876228][T31165] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8463'. [ 1643.978098][T31166] netlink: 'syz.2.8463': attribute type 1 has an invalid length. [ 1644.036727][T31166] netlink: 'syz.2.8463': attribute type 6 has an invalid length. [ 1644.160342][T31149] FAULT_INJECTION: forcing a failure. [ 1644.160342][T31149] name failslab, interval 1, probability 0, space 0, times 0 [ 1644.499146][T31164] Process accounting paused [ 1644.552692][T31149] CPU: 0 UID: 0 PID: 31149 Comm: syz.4.8458 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1644.552732][T31149] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1644.552741][T31149] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1644.552755][T31149] Call Trace: [ 1644.552762][T31149] [ 1644.552772][T31149] dump_stack_lvl+0x100/0x190 [ 1644.552809][T31149] should_fail_ex.cold+0x5/0xa [ 1644.552835][T31149] should_failslab+0xc2/0x120 [ 1644.552856][T31149] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1644.552891][T31149] ? sctp_auth_shkey_create+0x9e/0x210 [ 1644.552924][T31149] sctp_auth_shkey_create+0x9e/0x210 [ 1644.552952][T31149] sctp_endpoint_new+0x589/0xb20 [ 1644.552981][T31149] ? __pfx_sctp_endpoint_new+0x10/0x10 [ 1644.553012][T31149] ? lockdep_init_map_type+0x5c/0x250 [ 1644.553046][T31149] sctp_init_sock+0xe2b/0x1300 [ 1644.553070][T31149] ? __pfx_sctp_v6_init_sock+0x10/0x10 [ 1644.553097][T31149] sctp_v6_init_sock+0x16/0x70 [ 1644.553120][T31149] ? __pfx_sctp_v6_init_sock+0x10/0x10 [ 1644.553145][T31149] inet6_create+0xb21/0x12b0 [ 1644.553172][T31149] ? inet6_create+0x7f/0x12b0 [ 1644.553200][T31149] __sock_create+0x339/0x860 [ 1644.553238][T31149] inet_ctl_sock_create+0x94/0x230 [ 1644.553270][T31149] ? __pfx_inet_ctl_sock_create+0x10/0x10 [ 1644.553301][T31149] ? timer_init_key+0x150/0x340 [ 1644.553329][T31149] ? __pfx_sctp_ctrlsock_init+0x10/0x10 [ 1644.553352][T31149] sctp_ctrlsock_init+0x40/0xd0 [ 1644.553375][T31149] ops_init+0x1e2/0x5f0 [ 1644.553404][T31149] setup_net+0x118/0x3a0 [ 1644.553431][T31149] ? __pfx_setup_net+0x10/0x10 [ 1644.553456][T31149] ? lockdep_init_map_type+0x5c/0x250 [ 1644.553485][T31149] ? mutex_init_lockep+0x110/0x150 [ 1644.553519][T31149] copy_net_ns+0x46f/0x7c0 [ 1644.553550][T31149] create_new_namespaces+0x3ea/0xac0 [ 1644.553579][T31149] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 1644.553605][T31149] ksys_unshare+0x473/0xad0 [ 1644.553633][T31149] ? __pfx_ksys_unshare+0x10/0x10 [ 1644.553670][T31149] __x64_sys_unshare+0x31/0x40 [ 1644.553697][T31149] do_syscall_64+0x106/0xf80 [ 1644.553721][T31149] ? clear_bhb_loop+0x40/0x90 [ 1644.553753][T31149] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1644.553776][T31149] RIP: 0033:0x7f1cfb79c799 [ 1644.553795][T31149] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1644.553816][T31149] RSP: 002b:00007f1cfc6b3028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 1644.553839][T31149] RAX: ffffffffffffffda RBX: 00007f1cfba15fa0 RCX: 00007f1cfb79c799 [ 1644.553854][T31149] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 1644.553872][T31149] RBP: 00007f1cfb832bd9 R08: 0000000000000000 R09: 0000000000000000 [ 1644.553887][T31149] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1644.553900][T31149] R13: 00007f1cfba16038 R14: 00007f1cfba15fa0 R15: 00007ffcd6b03688 [ 1644.553928][T31149] [ 1644.843543][ C0] sd 0:0:1:0: [sda] tag#9684 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s [ 1644.853999][ C0] sd 0:0:1:0: [sda] tag#9684 CDB: Write(6) 0a 00 00 00 0b 00 00 00 00 00 00 00 [ 1645.927786][T31179] netlink: 'syz.3.8467': attribute type 3 has an invalid length. [ 1645.968329][T31179] netlink: 306 bytes leftover after parsing attributes in process `syz.3.8467'. [ 1647.797652][T31192] ======================================================= [ 1647.797652][T31192] WARNING: The mand mount option has been deprecated and [ 1647.797652][T31192] and is ignored by this kernel. Remove the mand [ 1647.797652][T31192] option from the mount to silence this warning. [ 1647.797652][T31192] ======================================================= [ 1649.706334][T31213] netlink: 330 bytes leftover after parsing attributes in process `syz.2.8475'. [ 1649.747792][T31074] Process accounting paused [ 1650.090034][T31196] delete_channel: no stack [ 1653.675425][T28532] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 1656.321863][T28532] Bluetooth: hci0: ACL packet too small [ 1657.093596][T31275] can0: slcan on ttyS2. [ 1657.194439][T31267] HSR: entered promiscuous mode [ 1658.015387][T31269] can0 (unregistered): slcan off ttyS2. [ 1665.602478][T31354] netlink: 354 bytes leftover after parsing attributes in process `syz.2.8502'. [ 1666.512948][T31360] netlink: 25 bytes leftover after parsing attributes in process `syz.2.8503'. [ 1666.917483][T31361] Process accounting resumed [ 1668.435799][T31384] netlink: 266 bytes leftover after parsing attributes in process `syz.3.8510'. [ 1668.963425][T31389] zswap: compressor not available [ 1669.300697][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 1669.314038][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 1670.342004][T31415] netlink: 13 bytes leftover after parsing attributes in process `syz.1.8519'. [ 1670.487695][T31417] netlink: 28 bytes leftover after parsing attributes in process `syz.2.8518'. [ 1674.295727][T31463] netlink: 186 bytes leftover after parsing attributes in process `syz.1.8534'. [ 1676.365760][T31458] Process accounting resumed [ 1676.738144][T31493] netlink: 'syz.2.8541': attribute type 4 has an invalid length. [ 1676.817437][T31493] netlink: 314 bytes leftover after parsing attributes in process `syz.2.8541'. [ 1676.914535][T31479] kexec: Could not allocate control_code_buffer [ 1677.775215][T31505] netlink: 28 bytes leftover after parsing attributes in process `syz.2.8544'. [ 1679.924450][T31524] Process accounting resumed [ 1681.671954][T31538] netlink: 186 bytes leftover after parsing attributes in process `syz.3.8550'. [ 1684.394938][T17380] Bluetooth: hci4: command 0x1003 tx timeout [ 1684.403050][T28532] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 1691.686503][T31619] kAFS: unparsable volume name [ 1692.057590][T31621] i2c i2c-0: new_device: Can't parse I2C address [ 1692.135738][T31622] ptrace attach of "./syz-executor exec"[5842] was attempted by ""[31622] [ 1693.318516][T31628] netlink: 5 bytes leftover after parsing attributes in process `syz.1.8570'. [ 1693.835822][T28532] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 1694.087457][T31630] zswap: compressor not available [ 1695.985773][T31666] netlink: 4 bytes leftover after parsing attributes in process `syz.1.8582'. [ 1696.040692][T31666] netlink: 354 bytes leftover after parsing attributes in process `syz.1.8582'. [ 1697.298676][T31680] syz.1.8584(31680): Attempt to set a LOCK_MAND lock via flock(2). This support has been removed and the request ignored. [ 1697.460478][T31649] Process accounting paused [ 1698.365147][T31692] random: crng reseeded on system resumption [ 1699.135487][T31689] netlink: 28 bytes leftover after parsing attributes in process `syz.3.8586'. [ 1699.275071][T28532] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 1703.891408][T31740] netlink: 28 bytes leftover after parsing attributes in process `syz.1.8600'. [ 1705.767494][T31753] random: crng reseeded on system resumption [ 1707.120236][T31770] Process accounting paused [ 1710.532549][T31789] Process accounting paused [ 1713.852440][T31843] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input31 [ 1714.850291][T31854] netlink: 9 bytes leftover after parsing attributes in process `syz.2.8627'. [ 1715.229494][T31862] device-mapper: ioctl: Unable to rename non-existent device, to uuid [ 1715.480189][T31863] netlink: 8 bytes leftover after parsing attributes in process `syz.4.8629'. [ 1716.793476][T31878] netlink: 330 bytes leftover after parsing attributes in process `syz.3.8633'. [ 1716.850889][T31878] syz_tun: refused to change device tx_queue_len [ 1721.073495][T31931] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8645'. [ 1721.139941][T31931] netlink: 354 bytes leftover after parsing attributes in process `syz.3.8645'. [ 1721.576374][T31933] FAULT_INJECTION: forcing a failure. [ 1721.576374][T31933] name failslab, interval 1, probability 0, space 0, times 0 [ 1721.660583][T31933] CPU: 0 UID: 0 PID: 31933 Comm: syz.4.8655 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1721.660624][T31933] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1721.660633][T31933] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1721.660648][T31933] Call Trace: [ 1721.660656][T31933] [ 1721.660667][T31933] dump_stack_lvl+0x100/0x190 [ 1721.660707][T31933] should_fail_ex.cold+0x5/0xa [ 1721.660734][T31933] should_failslab+0xc2/0x120 [ 1721.660757][T31933] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1721.660787][T31933] ? watch_queue_init+0x45/0x170 [ 1721.660821][T31933] ? __pfx_pipe_lock_cmp_fn+0x10/0x10 [ 1721.660862][T31933] watch_queue_init+0x45/0x170 [ 1721.660898][T31933] create_pipe_files+0x672/0x970 [ 1721.660924][T31933] do_pipe2+0xbd/0x1e0 [ 1721.660945][T31933] ? __pfx_do_pipe2+0x10/0x10 [ 1721.660967][T31933] ? xfd_validate_state+0x129/0x190 [ 1721.661009][T31933] __x64_sys_pipe2+0x54/0x80 [ 1721.661032][T31933] do_syscall_64+0x106/0xf80 [ 1721.661058][T31933] ? clear_bhb_loop+0x40/0x90 [ 1721.661086][T31933] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1721.661111][T31933] RIP: 0033:0x7f1cfb79c799 [ 1721.661131][T31933] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1721.661154][T31933] RSP: 002b:00007f1cfc6b3028 EFLAGS: 00000246 ORIG_RAX: 0000000000000125 [ 1721.661176][T31933] RAX: ffffffffffffffda RBX: 00007f1cfba15fa0 RCX: 00007f1cfb79c799 [ 1721.661192][T31933] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 0000000000000000 [ 1721.661207][T31933] RBP: 00007f1cfb832bd9 R08: 0000000000000000 R09: 0000000000000000 [ 1721.661221][T31933] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1721.661236][T31933] R13: 00007f1cfba16038 R14: 00007f1cfba15fa0 R15: 00007ffcd6b03688 [ 1721.661274][T31933] [ 1722.299140][T31946] netlink: 17 bytes leftover after parsing attributes in process `syz.4.8647'. [ 1723.160211][T31959] netlink: 334 bytes leftover after parsing attributes in process `syz.2.8651'. [ 1724.546815][T31971] netlink: 25 bytes leftover after parsing attributes in process `syz.1.8656'. [ 1726.961562][T31996] netlink: 306 bytes leftover after parsing attributes in process `syz.4.8663'. [ 1726.975102][T32000] netlink: 98 bytes leftover after parsing attributes in process `syz.2.8664'. [ 1727.683974][T32008] netlink: 8 bytes leftover after parsing attributes in process `syz.3.8665'. [ 1729.214457][T32008] Process accounting resumed [ 1730.722250][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 1730.728713][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 1730.866731][T32048] netlink: 28 bytes leftover after parsing attributes in process `syz.1.8674'. [ 1735.287037][T32089] netlink: 'syz.4.8686': attribute type 2 has an invalid length. [ 1735.343786][T32089] netlink: 5 bytes leftover after parsing attributes in process `syz.4.8686'. [ 1737.921650][T32121] Process accounting resumed [ 1738.506737][T32128] can0: slcan on ttyS2. [ 1739.015918][T32125] can0 (unregistered): slcan off ttyS2. [ 1742.671913][ C0] vcan0: j1939_tp_rxtimer: 0xffff88801eed7000: rx timeout, send abort [ 1743.180184][ C0] vcan0: j1939_tp_rxtimer: 0xffff88801eed7000: abort rx timeout. Force session deactivation [ 1746.371946][T32119] Process accounting resumed [ 1750.316610][T28532] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 1754.370321][T32251] netlink: 28 bytes leftover after parsing attributes in process `syz.2.8715'. [ 1757.563450][ T30] audit: type=1800 audit(4294967330.810:41): pid=32290 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.8726" name="SYSV00000000" dev="tmpfs" ino=0 res=0 errno=0 [ 1758.563634][T32281] kexec: Could not allocate control_code_buffer [ 1758.685892][T32297] netlink: 28 bytes leftover after parsing attributes in process `syz.4.8728'. [ 1758.835092][T32297] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1759.129119][T32297] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1762.544960][T28532] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18 [ 1764.165149][T32308] Process accounting paused [ 1767.892786][T32376] hub 1-0:1.0: USB hub found [ 1768.072378][T32376] hub 1-0:1.0: 1 port detected [ 1768.601019][T32374] Process accounting paused [ 1769.150612][ T30] audit: type=1800 audit(4294967342.400:42): pid=32401 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.8755" name="dbroot" dev="configfs" ino=1007529 res=0 errno=0 [ 1769.176483][T32401] netlink: 28 bytes leftover after parsing attributes in process `syz.4.8755'. [ 1769.321423][T32401] team0: Port device team_slave_1 removed [ 1774.287007][T32450] zswap: compressor not available [ 1774.951097][T32472] netlink: 28 bytes leftover after parsing attributes in process `syz.1.8775'. [ 1775.130851][T32472] team0 (unregistering): Port device team_slave_0 removed [ 1775.207268][T32472] team0 (unregistering): Port device team_slave_1 removed [ 1776.779021][T32464] Process accounting paused [ 1777.794961][T32501] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888078000000 pfn:0x78000 [ 1777.894271][T32501] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 1778.019224][T32501] flags: 0xfff00000000240(workingset|head|node=0|zone=1|lastcpupid=0x7ff) [ 1778.195617][T32501] page_type: f5(slab) [ 1778.236682][T32501] raw: 00fff00000000240 ffff88813fe3cdc0 ffffea0001761410 ffffea0000cfae10 [ 1778.385386][T32501] raw: ffff888078000000 000000000010000a 00000000f5000000 0000000000000000 [ 1778.479089][T32501] head: 00fff00000000240 ffff88813fe3cdc0 ffffea0001761410 ffffea0000cfae10 [ 1778.585284][T32501] head: ffff888078000000 000000000010000a 00000000f5000000 0000000000000000 [ 1778.594032][T32501] head: 00fff00000000003 ffffea0001e00001 00000000ffffffff 00000000ffffffff [ 1778.736957][T32501] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 1778.841221][T32501] page dumped because: unmovable page [ 1778.907415][T32501] page_owner tracks the page as allocated [ 1778.913266][T32501] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5832, tgid 5832 (syz-executor), ts 96485765175, free_ts 78213140900 [ 1779.115590][T32501] post_alloc_hook+0x153/0x170 [ 1779.150203][T32501] get_page_from_freelist+0x111d/0x3140 [ 1779.196093][T32501] __alloc_frozen_pages_noprof+0x27c/0x2ba0 [ 1779.244885][T32501] new_slab+0xa6/0x6d0 [ 1779.259570][T32501] refill_objects+0x26b/0x400 [ 1779.264314][T32501] __pcs_replace_empty_main+0x19f/0x600 [ 1779.345243][T32501] __kmalloc_noprof+0x688/0x850 [ 1779.381667][T32501] __alloc_workqueue+0x148/0x1880 [ 1779.414904][T32501] alloc_workqueue_noprof+0xd2/0x200 [ 1779.459850][T32501] wg_newlink+0x24d/0x7a0 [ 1779.464242][T32501] rtnl_newlink+0x1494/0x2380 [ 1779.514886][T32501] rtnetlink_rcv_msg+0x95e/0xe90 [ 1779.520230][T32501] netlink_rcv_skb+0x159/0x420 [ 1779.587657][T32501] netlink_unicast+0x5aa/0x870 [ 1779.592509][T32501] netlink_sendmsg+0x8b0/0xda0 [ 1779.628317][T32501] __sys_sendto+0x4aa/0x520 [ 1779.665640][T32501] page last free pid 5730 tgid 5730 stack trace: [ 1779.697850][T32501] __free_frozen_pages+0x7e1/0x10d0 [ 1779.703193][T32501] qlist_free_all+0x47/0xe0 [ 1779.767302][T32501] kasan_quarantine_reduce+0x1a0/0x1f0 [ 1779.772850][T32501] __kasan_slab_alloc+0x69/0x90 [ 1779.844890][T32501] kmem_cache_alloc_noprof+0x241/0x6e0 [ 1779.874894][T32501] do_getname+0x35/0x390 [ 1779.890128][T32501] vfs_fstatat+0xd0/0xe0 [ 1779.915525][T32501] __do_sys_newfstatat+0x9d/0x120 [ 1779.946365][T32501] do_syscall_64+0x106/0xf80 [ 1779.971316][T32501] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1780.543909][T32526] netlink: 8 bytes leftover after parsing attributes in process `syz.3.8786'. [ 1781.136375][T28532] Bluetooth: hci1: ISO packet for unknown connection handle 0 [ 1781.280795][T32529] Loading of unsigned module is rejected [ 1781.467415][T32539] netlink: 25 bytes leftover after parsing attributes in process `syz.2.8789'. [ 1781.888164][T32544] ptrace attach of "./syz-executor exec"[5841] was attempted by "x0^HNā搟쇉\x0cL,gJ#\x1b*`cUCt:bg,sܚ@NjTm:\x0bj5NCu?á\x1bWXxkFy;XdޖD=UևcTR/\x226o\x07x]\x0bat\x0d?Vl[NMlʴpf\x1b\x5cFM2tu%\x22v\x0cE[ЗiDVOehi[Z`<hoPCvEH\x1b\x0c \x22\x0d}V q6֔;7Ux@݂Gο+b6eTH\x09CYdr\x1b9=|ؽr!`'0@{O\x09;]|+H{+Im VM2@qAߪ=i! ùx-+`C (O[Ed{ E\x1btƒ4*Rb.ܗ7\x0b [ 1825.440390][ T462] dump_stack_lvl+0x100/0x190 [ 1825.440431][ T462] should_fail_ex.cold+0x5/0xa [ 1825.440459][ T462] _copy_from_iter+0x1f4/0x1690 [ 1825.440504][ T462] ? __pfx__copy_from_iter+0x10/0x10 [ 1825.440546][ T462] ? __pfx___might_resched+0x10/0x10 [ 1825.440588][ T462] file_tty_write.isra.0+0x45b/0x890 [ 1825.440633][ T462] redirected_tty_write+0xd4/0x120 [ 1825.440662][ T462] vfs_write+0x6ac/0x1070 [ 1825.440701][ T462] ? __pfx_redirected_tty_write+0x10/0x10 [ 1825.440737][ T462] ? __pfx_vfs_write+0x10/0x10 [ 1825.440771][ T462] ? find_held_lock+0x2b/0x80 [ 1825.440810][ T462] ksys_write+0x12a/0x250 [ 1825.440846][ T462] ? __pfx_ksys_write+0x10/0x10 [ 1825.440891][ T462] do_syscall_64+0x106/0xf80 [ 1825.440917][ T462] ? clear_bhb_loop+0x40/0x90 [ 1825.440946][ T462] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1825.440970][ T462] RIP: 0033:0x7f1cfb79c799 [ 1825.440990][ T462] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1825.441014][ T462] RSP: 002b:00007f1cfc6b3028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1825.441037][ T462] RAX: ffffffffffffffda RBX: 00007f1cfba15fa0 RCX: 00007f1cfb79c799 [ 1825.441053][ T462] RDX: 000000000000fdef RSI: 0000200000000000 RDI: 0000000000000008 [ 1825.441068][ T462] RBP: 00007f1cfb832bd9 R08: 0000000000000000 R09: 0000000000000000 [ 1825.441082][ T462] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1825.441097][ T462] R13: 00007f1cfba16038 R14: 00007f1cfba15fa0 R15: 00007ffcd6b03688 [ 1825.441127][ T462] [ 1825.700261][ T456] Process accounting paused [ 1827.868718][ T487] random: crng reseeded on system resumption [ 1828.982134][ T1137] Bluetooth: hci4: Frame reassembly failed (-84) [ 1831.049157][T28532] Bluetooth: hci4: Entering manufacturer mode failed (-110) [ 1831.057645][T17380] Bluetooth: hci5: Opcode 0x0c03 failed: -110 [ 1831.064247][T17380] Bluetooth: hci4: command 0xfc11 tx timeout [ 1831.855062][ T515] Loading of unsigned module is rejected [ 1832.488748][ T485] Process accounting paused [ 1836.894558][ T547] Console: switching to colour VGA+ 80x25 [ 1842.673441][ T558] Process accounting paused [ 1843.015669][T28532] Bluetooth: hci1: ACL packet too small [ 1853.601633][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 1853.608056][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 1854.910002][ T693] netlink: 28 bytes leftover after parsing attributes in process `syz.4.8929'. [ 1856.364426][ T698] Loading of unsigned module is rejected [ 1857.197166][ T696] Process accounting resumed [ 1857.631424][ T30] audit: type=1800 audit(2147483661.140:43): pid=704 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.8932" name="lu_gp_id" dev="configfs" ino=1067385 res=0 errno=0 [ 1857.663581][ T704] kstrtoul() returned -22 for lu_gp_id [ 1859.044216][ T728] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8937'. [ 1859.120362][ T728] netlink: 'syz.3.8937': attribute type 1 has an invalid length. [ 1859.199462][ T728] netlink: 'syz.3.8937': attribute type 6 has an invalid length. [ 1863.447968][ T766] netlink: 'syz.4.8944': attribute type 2 has an invalid length. [ 1867.513484][ T752] Process accounting resumed [ 1867.977605][ T818] input: jJǸ-9%vJ86 as /devices/virtual/input/input32 [ 1868.161502][ T817] netlink: 326 bytes leftover after parsing attributes in process `syz.1.8955'. [ 1869.095706][ T834] netlink: 4 bytes leftover after parsing attributes in process `syz.1.8957'. [ 1872.265537][ T881] netlink: 25 bytes leftover after parsing attributes in process `syz.2.8965'. [ 1873.065183][ T887] Falling back ldisc for pty155. [ 1873.518469][ T876] Process accounting resumed [ 1873.583775][ T897] netlink: 182 bytes leftover after parsing attributes in process `syz.3.8970'. [ 1877.026271][ T939] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8978'. [ 1877.698105][ T952] netlink: 182 bytes leftover after parsing attributes in process `syz.1.8988'. [ 1882.005869][ T990] netlink: 28 bytes leftover after parsing attributes in process `syz.1.8987'. [ 1882.548648][ T998] netlink: 12 bytes leftover after parsing attributes in process `syz.3.8989'. [ 1886.340179][ T1036] netlink: 'syz.3.8998': attribute type 2 has an invalid length. [ 1887.488179][ T1037] Process accounting paused [ 1890.506177][ T1063] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1890.556619][ T1063] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 1890.636704][ T1063] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1890.685280][ T1063] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1890.691362][ T1063] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1891.754551][ T1076] netlink: 4 bytes leftover after parsing attributes in process `syz.2.9003'. [ 1891.889367][ T1078] netlink: 354 bytes leftover after parsing attributes in process `syz.2.9003'. [ 1892.075068][T28532] Bluetooth: hci2: command 0x0406 tx timeout [ 1892.714805][T28532] Bluetooth: hci0: command 0x0406 tx timeout [ 1892.720981][T17380] Bluetooth: hci1: command 0x0406 tx timeout [ 1892.729083][ T504] Bluetooth: hci3: command 0x0c1a tx timeout [ 1894.166896][T28532] Bluetooth: hci2: command 0x0406 tx timeout [ 1898.759693][ T1120] Process accounting paused [ 1902.615300][ T1169] netlink: 4 bytes leftover after parsing attributes in process `syz.3.9023'. [ 1902.698330][ T1169] netlink: 'syz.3.9023': attribute type 1 has an invalid length. [ 1902.804915][ T1169] netlink: 5 bytes leftover after parsing attributes in process `syz.3.9023'. [ 1902.877486][ T1169] netlink: 'syz.3.9023': attribute type 1 has an invalid length. [ 1903.015550][ T1163] netlink: 'syz.1.9021': attribute type 4 has an invalid length. [ 1903.677408][ T1186] netlink: 4 bytes leftover after parsing attributes in process `syz.2.9028'. [ 1903.775919][ T1186] netlink: 354 bytes leftover after parsing attributes in process `syz.2.9028'. [ 1904.538197][ T1189] Process accounting paused [ 1905.000131][ T1188] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input33 [ 1907.686439][ T1214] futex_wake_op: syz.4.9034 tries to shift op by -2048; fix this program [ 1907.878019][ T1214] futex_wake_op: syz.4.9034 tries to shift op by -2048; fix this program [ 1907.965181][ T1216] 0x000000000001-0x000000020000 : "" [ 1908.150289][ T1216] ftl_cs: FTL header corrupt! [ 1908.310047][ T1218] netlink: 4 bytes leftover after parsing attributes in process `syz.3.9035'. [ 1908.396811][ T1218] netlink: 51505 bytes leftover after parsing attributes in process `syz.3.9035'. [ 1909.545115][ T1230] can0: slcan on ttyS2. [ 1909.868568][ T1235] can0 (unregistered): slcan off ttyS2. [ 1914.462107][ T1299] futex_wake_op: syz.2.9047 tries to shift op by -2048; fix this program [ 1914.664920][ T1299] futex_wake_op: syz.2.9047 tries to shift op by -2048; fix this program [ 1914.774083][ T1304] 0x000000000001-0x000000020000 : "" [ 1915.045779][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 1915.052117][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 1915.069236][ T1304] ftl_cs: FTL header corrupt! [ 1918.995639][ T1348] netlink: 4 bytes leftover after parsing attributes in process `syz.2.9054'. [ 1920.420445][ T1331] Process accounting resumed [ 1924.655184][ T30] audit: type=1326 audit(2147483728.162:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=1414 comm="syz.3.9068" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f16d1f9c799 code=0x0 [ 1928.362381][ T1439] netlink: 4 bytes leftover after parsing attributes in process `syz.2.9072'. [ 1928.446117][ T1439] netlink: 51505 bytes leftover after parsing attributes in process `syz.2.9072'. [ 1929.674583][ T1443] Process accounting resumed [ 1931.656668][ T1465] netlink: 504 bytes leftover after parsing attributes in process `syz.3.9079'. [ 1932.284483][ T1472] netlink: 202 bytes leftover after parsing attributes in process `syz.1.9080'. [ 1933.545597][ T1485] netlink: 'syz.1.9084': attribute type 11 has an invalid length. [ 1933.553470][ T1485] netlink: 'syz.1.9084': attribute type 11 has an invalid length. [ 1933.854789][ T1485] netlink: 'syz.1.9084': attribute type 11 has an invalid length. [ 1934.148284][ T1485] netlink: 'syz.1.9084': attribute type 11 has an invalid length. [ 1935.112234][ T1346] Process accounting resumed [ 1936.686830][T28532] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 1940.021780][ T1528] netlink: 4 bytes leftover after parsing attributes in process `syz.2.9093'. [ 1940.106590][ T1528] netlink: 'syz.2.9093': attribute type 1 has an invalid length. [ 1940.114497][ T1528] netlink: 342 bytes leftover after parsing attributes in process `syz.2.9093'. [ 1943.323614][ T1563] netlink: 202 bytes leftover after parsing attributes in process `syz.1.9107'. [ 1943.681939][ T30] audit: type=1800 audit(2147483747.182:45): pid=1574 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.9102" name="SYSV00000008" dev="tmpfs" ino=0 res=0 errno=0 [ 1944.752045][ T1589] netlink: 'syz.3.9099': attribute type 4 has an invalid length. [ 1947.181878][ T1623] Console: switching to colour frame buffer device 14x6 [ 1948.655196][ T1646] tipc: Started in network mode [ 1948.676385][ T1646] tipc: Node identity ee00, cluster identity 4711 [ 1948.734600][ T1646] tipc: Node number set to 60928 [ 1950.752797][ T1670] Process accounting paused [ 1952.061027][ T1716] netlink: 'syz.4.9131': attribute type 11 has an invalid length. [ 1952.102205][ T1716] netlink: 'syz.4.9131': attribute type 11 has an invalid length. [ 1952.267354][ T1723] vivid-007: ================= START STATUS ================= [ 1952.285478][ T1716] netlink: 'syz.4.9131': attribute type 11 has an invalid length. [ 1952.295192][ T1723] vivid-007: Generate PTS: true [ 1952.315235][ T1723] vivid-007: Generate SCR: true [ 1952.320186][ T1723] tpg source WxH: 320x240 (Y'CbCr) [ 1952.377882][ T1723] tpg field: 1 [ 1952.381300][ T1723] tpg crop: (0,0)/320x240 [ 1952.397938][ T1723] tpg compose: (0,0)/320x240 [ 1952.402577][ T1723] tpg colorspace: 8 [ 1952.437219][ T1723] tpg transfer function: 0/0 [ 1952.444619][ T1716] netlink: 'syz.4.9131': attribute type 11 has an invalid length. [ 1952.473584][ T1723] tpg Y'CbCr encoding: 0/0 [ 1952.481307][ T1723] tpg quantization: 0/0 [ 1952.546439][ T1723] tpg RGB range: 0/2 [ 1952.550385][ T1723] vivid-007: ================== END STATUS ================== [ 1955.231820][ T1772] binder: 1771:1772 ioctl c018620c 2000000000c0 returned -22 [ 1958.095082][ T1798] vhci_hcd vhci_hcd.2: default hub control req: 0000 v0000 i0000 l0 [ 1960.983783][ T1804] Process accounting paused [ 1962.745666][ T1840] netlink: 'syz.2.9160': attribute type 4 has an invalid length. [ 1963.837721][ T1858] Loading of unsigned module is rejected [ 1964.983902][ T1875] binder: 1872:1875 ioctl c018620c 2000000000c0 returned -22 [ 1965.867702][ T1888] input: jJǸ-9%vJ86 as /devices/virtual/input/input34 [ 1967.238954][ T1907] netlink: 12 bytes leftover after parsing attributes in process `syz.3.9176'. [ 1968.079942][ T1889] Process accounting paused [ 1968.624067][ T1923] zswap: compressor not available [ 1968.900196][ T1930] netlink: 4 bytes leftover after parsing attributes in process `syz.4.9182'. [ 1968.943056][ T1930] netlink: 'syz.4.9182': attribute type 1 has an invalid length. [ 1968.983872][ T1930] netlink: 'syz.4.9182': attribute type 6 has an invalid length. [ 1974.011652][ T2004] input: jJǸ-9%vJ86 as /devices/virtual/input/input35 [ 1976.525200][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 1976.533756][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 1977.032765][ T2035] netlink: 294 bytes leftover after parsing attributes in process `syz.4.9211'. [ 1977.856507][ T2043] Loading of unsigned module is rejected [ 1980.381600][ T2087] netlink: 4 bytes leftover after parsing attributes in process `syz.1.9216'. [ 1981.803164][ T2058] Process accounting resumed [ 1982.422202][ T2123] netlink: 4 bytes leftover after parsing attributes in process `syz.3.9222'. [ 1982.454255][ T2123] netlink: 13 bytes leftover after parsing attributes in process `syz.3.9222'. [ 1985.843390][ T2196] input: jJǸ-9%vJ86 as /devices/virtual/input/input37 [ 1987.470977][ T2215] tipc: Started in network mode [ 1987.513917][ T2215] tipc: Node identity ee00, cluster identity 4711 [ 1987.585550][ T2215] tipc: Node number set to 60928 [ 1989.991126][ T2256] input: jJǸ-9%vJ86 as /devices/virtual/input/input38 [ 1992.303436][ T2244] Process accounting resumed [ 1992.498671][ T2269] bridge0: port 4(gretap0) entered blocking state [ 1992.582221][ T2269] bridge0: port 4(gretap0) entered disabled state [ 1992.647116][ T2269] gretap0: entered allmulticast mode [ 1992.700999][ T2269] gretap0: entered promiscuous mode [ 1993.785802][ T2293] Loading of unsigned module is rejected [ 2001.169850][T24354] Process accounting resumed [ 2001.311999][ T2327] futex_wake_op: syz.1.9268 tries to shift op by -2048; fix this program [ 2001.373061][ T2327] netlink: 354 bytes leftover after parsing attributes in process `syz.1.9268'. [ 2001.386060][ T2329] netlink: 28 bytes leftover after parsing attributes in process `syz.3.9277'. [ 2001.480944][ T2329] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 2001.542861][ T2329] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 2001.675615][ T1543] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 2001.695109][ T1543] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 2001.703299][ T1543] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 2001.711013][ T1543] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 2001.718972][ T1543] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 2002.517015][ T2333] chnl_net:caif_netlink_parms(): no params data found [ 2002.761714][ T2358] Loading of unsigned module is rejected [ 2002.790210][ T2333] bridge0: port 1(bridge_slave_0) entered blocking state [ 2002.813977][ T2333] bridge0: port 1(bridge_slave_0) entered disabled state [ 2002.849062][ T2333] bridge_slave_0: entered allmulticast mode [ 2002.876025][ T2333] bridge_slave_0: entered promiscuous mode [ 2002.903541][ T2333] bridge0: port 2(bridge_slave_1) entered blocking state [ 2002.927879][ T2333] bridge0: port 2(bridge_slave_1) entered disabled state [ 2002.952394][ T2333] bridge_slave_1: entered allmulticast mode [ 2002.983688][ T2333] bridge_slave_1: entered promiscuous mode [ 2003.103805][ T2333] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2003.141760][ T2333] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2003.295435][ T2333] team0: Port device team_slave_0 added [ 2003.342557][ T2333] team0: Port device team_slave_1 added [ 2003.557758][ T2333] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 2003.571473][ T2333] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 2003.662941][ T2333] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 2003.692693][ T2333] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 2003.714649][ T2333] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 2003.768710][ T1543] Bluetooth: hci4: command tx timeout [ 2003.789708][ T2333] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 2003.966315][ T2333] hsr_slave_0: entered promiscuous mode [ 2003.984790][ T2333] hsr_slave_1: entered promiscuous mode [ 2003.998070][ T2333] debugfs: 'hsr0' already exists in 'hsr' [ 2004.015165][ T2333] Cannot create hsr debugfs directory [ 2004.480708][ T2333] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 2004.496118][ T2333] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 2004.507166][ T2333] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 2004.519672][ T2333] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 2004.612584][ T2333] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2004.638108][ T2333] 8021q: adding VLAN 0 to HW filter on device team0 [ 2004.652009][ T1607] bridge0: port 1(bridge_slave_0) entered blocking state [ 2004.659239][ T1607] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2004.691206][ T1607] bridge0: port 2(bridge_slave_1) entered blocking state [ 2004.698393][ T1607] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2004.934194][ T2333] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2005.201478][ T2333] veth0_vlan: entered promiscuous mode [ 2005.217002][ T2333] veth1_vlan: entered promiscuous mode [ 2005.250539][ T2333] veth0_macvtap: entered promiscuous mode [ 2005.262437][ T2333] veth1_macvtap: entered promiscuous mode [ 2005.290777][ T2333] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 2005.309953][ T2333] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 2005.328488][ T1545] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 2005.354713][ T1545] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 2005.418391][ T1545] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 2005.450765][ T1545] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 2005.480873][ T1590] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2005.497504][ T1590] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2005.546875][ T1545] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2005.556822][ T1545] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2005.843924][ T1543] Bluetooth: hci4: command tx timeout [ 2006.625333][ T2404] Loading of unsigned module is rejected [ 2007.925412][ T1543] Bluetooth: hci4: command tx timeout [ 2010.006373][ T1543] Bluetooth: hci4: command tx timeout [ 2037.943962][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 2037.950511][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 2098.770401][ T31] INFO: task kworker/u10:0:1541 blocked for more than 143 seconds. [ 2098.779359][ T31] Tainted: G U L syzkaller #0 [ 2098.786472][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 2098.795474][ T31] task:kworker/u10:0 state:D stack:27168 pid:1541 tgid:1541 ppid:2 task_flags:0x4208060 flags:0x00080000 [ 2098.807900][ T31] Workqueue: netns cleanup_net [ 2098.814103][ T31] Call Trace: [ 2098.817482][ T31] [ 2098.820828][ T31] __schedule+0xfee/0x60e0 [ 2098.825350][ T31] ? __lock_acquire+0x4a5/0x2630 [ 2098.831638][ T31] ? __pfx___schedule+0x10/0x10 [ 2098.836629][ T31] ? find_held_lock+0x2b/0x80 [ 2098.841765][ T31] ? schedule+0x2bf/0x390 [ 2098.846218][ T31] schedule+0xdd/0x390 [ 2098.850867][ T31] schedule_timeout+0x1b2/0x280 [ 2098.856073][ T31] ? __pfx_schedule_timeout+0x10/0x10 [ 2098.865319][ T31] ? mark_held_locks+0x40/0x70 [ 2098.871132][ T31] __wait_for_common+0x2e7/0x4c0 [ 2098.876193][ T31] ? __pfx_schedule_timeout+0x10/0x10 [ 2098.881977][ T31] ? __pfx___wait_for_common+0x10/0x10 [ 2098.887639][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 2098.893311][ T31] ? flush_workqueue_prep_pwqs+0x2e9/0x510 [ 2098.899227][ T31] __flush_workqueue+0x3f7/0x1200 [ 2098.904767][ T31] ? __lock_acquire+0x4a5/0x2630 [ 2098.910089][ T31] ? __lock_acquire+0x4a5/0x2630 [ 2098.915809][ T31] ? __pfx___flush_workqueue+0x10/0x10 [ 2098.921666][ T31] ? reacquire_held_locks+0xce/0x1e0 [ 2098.927058][ T31] ? __pfx_sock_def_readable+0x10/0x10 [ 2098.938201][ T31] ? __pfx_sock_def_readable+0x10/0x10 [ 2098.945203][ T31] rds_tcp_listen_stop+0x104/0x160 [ 2098.950642][ T31] rds_tcp_exit_net+0xe0/0x870 [ 2098.955521][ T31] ? __pfx_rds_tcp_exit_net+0x10/0x10 [ 2098.961562][ T31] ? __pfx___might_resched+0x10/0x10 [ 2098.966991][ T31] ? __pfx_rds_tcp_exit_net+0x10/0x10 [ 2098.976083][ T31] ops_undo_list+0x2ee/0xab0 [ 2098.981670][ T31] ? __pfx_ops_undo_list+0x10/0x10 [ 2098.987037][ T31] ? cleanup_net+0x332/0x920 [ 2098.992033][ T31] ? idr_destroy+0x62/0x2e0 [ 2098.996706][ T31] cleanup_net+0x499/0x920 [ 2099.001553][ T31] ? __pfx_cleanup_net+0x10/0x10 [ 2099.006727][ T31] ? rcu_is_watching+0x12/0xc0 [ 2099.012084][ T31] process_one_work+0x9d7/0x1920 [ 2099.018002][ T31] ? __pfx_process_one_work+0x10/0x10 [ 2099.023869][ T31] ? __pfx_cleanup_net+0x10/0x10 [ 2099.028923][ T31] worker_thread+0x5da/0xe40 [ 2099.034432][ T31] ? kthread+0x13a/0x450 [ 2099.038814][ T31] ? __pfx_worker_thread+0x10/0x10 [ 2099.044370][ T31] kthread+0x370/0x450 [ 2099.048529][ T31] ? __pfx_kthread+0x10/0x10 [ 2099.054280][ T31] ret_from_fork+0x754/0xd80 [ 2099.058978][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 2099.064779][ T31] ? __switch_to+0x7b4/0x1120 [ 2099.069569][ T31] ? __pfx_kthread+0x10/0x10 [ 2099.074647][ T31] ret_from_fork_asm+0x1a/0x30 [ 2099.079512][ T31] [ 2099.086798][ T31] [ 2099.086798][ T31] Showing all locks held in the system: [ 2099.095992][ T31] 1 lock held by khungtaskd/31: [ 2099.101145][ T31] #0: ffffffff8e7e9220 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x3d/0x184 [ 2099.111327][ T31] 3 locks held by kworker/u10:0/1541: [ 2099.117471][ T31] #0: ffff88801c6ae948 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x1287/0x1920 [ 2099.128364][ T31] #1: ffffc90005fefd08 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x93c/0x1920 [ 2099.138675][ T31] #2: ffffffff905f9b10 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xb8/0x920 [ 2099.148337][ T31] 1 lock held by syz.4.9242/2198: [ 2099.153629][ T31] #0: ffffffff905f9b10 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x451/0x7c0 [ 2099.164380][ T31] [ 2099.166785][ T31] ============================================= [ 2099.166785][ T31] [ 2099.176026][ T31] NMI backtrace for cpu 0 [ 2099.176047][ T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Tainted: G U L syzkaller #0 PREEMPT(full) [ 2099.176081][ T31] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 2099.176090][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 2099.176105][ T31] Call Trace: [ 2099.176113][ T31] [ 2099.176122][ T31] dump_stack_lvl+0x100/0x190 [ 2099.176160][ T31] nmi_cpu_backtrace.cold+0x12d/0x151 [ 2099.176199][ T31] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 2099.176235][ T31] nmi_trigger_cpumask_backtrace+0x1d7/0x230 [ 2099.176274][ T31] sys_info+0x141/0x190 [ 2099.176304][ T31] watchdog+0xd25/0x1050 [ 2099.176334][ T31] ? __pfx_watchdog+0x10/0x10 [ 2099.176357][ T31] ? __kthread_parkme+0x18c/0x230 [ 2099.176386][ T31] ? kthread+0x13a/0x450 [ 2099.176415][ T31] ? __pfx_watchdog+0x10/0x10 [ 2099.176435][ T31] kthread+0x370/0x450 [ 2099.176464][ T31] ? __pfx_kthread+0x10/0x10 [ 2099.176496][ T31] ret_from_fork+0x754/0xd80 [ 2099.176533][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 2099.176570][ T31] ? __switch_to+0x7b4/0x1120 [ 2099.176604][ T31] ? __pfx_kthread+0x10/0x10 [ 2099.176636][ T31] ret_from_fork_asm+0x1a/0x30 [ 2099.176675][ T31] [ 2099.308964][ T31] Kernel panic - not syncing: hung_task: blocked tasks [ 2099.315857][ T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Tainted: G U L syzkaller #0 PREEMPT(full) [ 2099.326554][ T31] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 2099.331766][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 2099.341841][ T31] Call Trace: [ 2099.345170][ T31] [ 2099.348118][ T31] dump_stack_lvl+0x100/0x190 [ 2099.352833][ T31] vpanic+0x552/0x970 [ 2099.356850][ T31] ? __pfx_vpanic+0x10/0x10 [ 2099.361381][ T31] ? nmi_trigger_cpumask_backtrace+0x182/0x230 [ 2099.367576][ T31] panic+0xd1/0xe0 [ 2099.371328][ T31] ? __pfx_panic+0x10/0x10 [ 2099.375781][ T31] ? nmi_trigger_cpumask_backtrace+0x1b5/0x230 [ 2099.381978][ T31] ? nmi_trigger_cpumask_backtrace+0x1f6/0x230 [ 2099.388185][ T31] ? nmi_trigger_cpumask_backtrace+0x200/0x230 [ 2099.394377][ T31] ? watchdog.cold+0x198/0x1ca [ 2099.399178][ T31] ? watchdog+0xd35/0x1050 [ 2099.403646][ T31] watchdog.cold+0x1a9/0x1ca [ 2099.408282][ T31] ? __pfx_watchdog+0x10/0x10 [ 2099.413009][ T31] ? __kthread_parkme+0x18c/0x230 [ 2099.418074][ T31] ? kthread+0x13a/0x450 [ 2099.422358][ T31] ? __pfx_watchdog+0x10/0x10 [ 2099.427057][ T31] kthread+0x370/0x450 [ 2099.431161][ T31] ? __pfx_kthread+0x10/0x10 [ 2099.435786][ T31] ret_from_fork+0x754/0xd80 [ 2099.440417][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 2099.445563][ T31] ? __switch_to+0x7b4/0x1120 [ 2099.450271][ T31] ? __pfx_kthread+0x10/0x10 [ 2099.454902][ T31] ret_from_fork_asm+0x1a/0x30 [ 2099.459728][ T31] [ 2099.462832][ T31] Kernel Offset: disabled [ 2099.467176][ T31] Rebooting in 86400 seconds..