last executing test programs: 13.37548123s ago: executing program 1 (id=2434): sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) io_uring_setup$auto(0x6, 0x0) socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) close_range$auto(0x0, 0xffffeffe, 0x2) openat$auto_ftrace_system_enable_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/events/vmalloc/enable\x00', 0xa0900, 0x0) openat$auto_msr_fops_msr(0xffffffffffffff9c, &(0x7f0000000000)='/dev/cpu/0/msr\x00', 0xf82, 0x0) pipe$auto(0x0) unshare$auto(0x40000080) setsockopt$auto(0x3, 0x10000000084, 0x7b, 0x0, 0xd) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x4, &(0x7f00000002c0)={0x0, 0xffeb}, 0x1, 0x0, 0x5, 0x7}, 0x8}, 0xffffffff, 0xb00) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) setsockopt$auto(0x3, 0x10000000084, 0x7b, 0x0, 0xd) 9.608692792s ago: executing program 3 (id=2442): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000380)='/sys/devices/msr/events/tsc\x00', 0x129000, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) fanotify_init$auto(0x65, 0x2) pipe$auto(0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket(0xa, 0x3, 0x100) sendmsg$auto_HWSIM_CMD_DEL_RADIO(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x4) r2 = open(0x0, 0x261c2, 0x84) close_range$auto(0x2, 0x8000, 0x0) r3 = socket(0xa, 0x2, 0x88) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) bpf$auto(0x0, &(0x7f00000000c0)=@link_update={r0, @new_map_fd=r1, 0xa, @old_map_fd=r3}, 0x10) bpf$auto(0x2, &(0x7f00000001c0)=@raw_tracepoint={0x5, r2, 0x0, 0x8}, 0xc) bpf$auto(0x2, &(0x7f00000001c0)=@raw_tracepoint={0x5, r4, 0x0, 0x4}, 0x103) 9.175315358s ago: executing program 3 (id=2443): mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x400, 0xdf, 0xeb1, 0x401, 0x8000) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x80102, 0x0) ioctl$auto(0x3, 0x80000541b, 0x38) sendmsg$auto(r0, &(0x7f0000000240)={&(0x7f0000000040)="7219d8d4d37fe5fa69d4d6466db22cfecafb", 0xfffeffff, &(0x7f0000000080)={&(0x7f00000003c0)="a25ad06a1066966fb1eb4b5548c21b0cdd89091241b500e04e2da1b8d3fd58de341ee0aa6430944cad5eb8672e1e35ac8c66437d461de96da79e6130da207a9895c1f22b045663b98094069ffec0d951d42f546cbbd79e0e6bcebb6703d1dcc3a93e7042634167ca6af9b6e8d701d65cc0230f96e2c39a4ccc4f8634d49a98fe9381fa380f3851aede6259e7ac2878730fe776c9604e5356c116ee5bb0bf64d3e479afd97bd107d344f3e0f4b8d442d512dea76e1bfa597fa73ce5f1bcb3e81326ce1e80deef62a99439e2154aba661191e3d91e9cdc478876f4707354"}, 0x8001, &(0x7f00000004c0)="c93db7fe0affcc8a82e50b7404ca53e6a24c55b328004364834b1aee86ac88c431e7a89aa057f9b294ec154ef3c9164fa450a2bb5aa0f2b7c303e96b57a2cd58378c90bb099219f1d3ace157157eb172bb8bcfb3da89a95781c1b1daadea028bd56f5fcb28fcfec8e1c3d7f495de7df3bdd0ab412345198467a820888e46aac0a3f188cf764ec93f7665", 0xffffffffffffffff, 0x653}, 0x3) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/devices/virtual/block/ram3/queue/iostats_passthrough\x00', 0x80202, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) close_range$auto(0x2, 0xa, 0x0) socket(0xa, 0x2, 0x0) r1 = openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f000000c340)='/proc/thread-self/pagemap\x00', 0x8000, 0x0) ioctl$auto_PAGEMAP_SCAN(r1, 0xc0606610, 0x0) r2 = openat$auto_proc_mountinfo_operations_mnt_namespace(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/devices\x00', 0x0, 0x0) preadv$auto(r2, &(0x7f0000009180)={0x0, 0x7}, 0x26, 0x800000000080, 0x5) 8.676700269s ago: executing program 0 (id=2445): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0001, 0x15) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) getgroups$auto(0x7fd, 0x0) sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x3) r0 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000300)='/dev/snd/controlC2\x00', 0x8100, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r0, 0xc0045516, &(0x7f0000000040)=0x5) r1 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000280)='/dev/snd/controlC2\x00', 0x80, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_ADD(r0, 0xc1105517, &(0x7f0000000580)={{@raw=0x7fffffff, 0xf0ee, 0x20009, 0x3, "790eaa00ffff8eac2cdafc1f64010043eeb0b053030001ffff000e00"}, 0x4, 0x966, 0x3, @raw=0x404, @integer={0x800000000000400e, 0x2000000b752, 0x1}, "6cc1294d63a4f1b4285854c5368de438f8cc142ef6df12bf3373a1183bedbd31b642b4051b078fa1c1c61c329794e5311121c760cb9611c78e6947a99807bcc1"}) ioctl$auto_SNDRV_CTL_IOCTL_TLV_COMMAND(r1, 0xc008551c, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x22a02, 0x0) openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000080), 0xc0, 0x0) write$auto(r2, &(0x7f0000000140)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7\xe6\x04\x8c\x83k', 0x1000000007e) mremap$auto(0x200001000000, 0x4, 0x4, 0x3, 0x100000000) 8.10294592s ago: executing program 3 (id=2446): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/platform/vhci_hcd.0/detach\x00', 0x101001, 0x0) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/controlC2\x00', 0x0, 0x0) sendmsg$auto_OVS_DP_CMD_NEW(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="0f0026bd7000fcdbdf9907"], 0x24}, 0x1, 0x0, 0x0, 0x20000800}, 0x4) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) listen$auto(0x3, 0x81) madvise$auto(0x0, 0xa1, 0x15) madvise$auto(0x0, 0x200007, 0x19) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000300)='/proc/self/smaps_rollup\x00', 0x40000, 0x0) remap_file_pages$auto(0x6a27, 0x1000, 0x0, 0xb74, 0x66a) mmap$auto(0x9, 0x400000cc4, 0xfffffffffffffff8, 0x800018, 0x2, 0x5b3) setsockopt$auto(0x3, 0x0, 0xf, 0x0, 0xb) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1e00df45"], 0x1ac}}, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB='V'], 0x1ac}}, 0x40000) r0 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0xfffffffc, &(0x7f0000000100)={0x0, 0xfbe}, 0x8, 0x0, 0x8, 0x1}, 0x3}, 0xc, 0x4008) 7.433712465s ago: executing program 2 (id=2447): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000226bd7000fedbdf25030000000800030004020000060007000080000008000200", @ANYRES32=0x0, @ANYBLOB="0a00050000000000000000000a00010000000000000000000a0001000000000000000000060007000a00000008000200", @ANYRES32=0x0, @ANYBLOB="080140"], 0x68}, 0x1, 0x0, 0x0, 0x18a64d47ddeca1f0}, 0x40090) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="13"], 0x1ac}}, 0x4004) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000540), r0) sendmsg$auto_ETHTOOL_MSG_TSCONFIG_SET(r0, &(0x7f0000001a80)={0x0, 0x0, &(0x7f0000001a40)={0x0}, 0x1, 0x0, 0x0, 0xc084}, 0x4000) syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000140), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000f40)={'batadv0\x00', 0x0}) sendmsg$auto_BATADV_CMD_SET_MESH(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x24}, 0x1, 0x0, 0x0, 0x4000}, 0x140080e4) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'veth0\x00', 0x0}) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000280)={'veth1_virt_wifi\x00', 0x0}) sendmsg$auto_ETHTOOL_MSG_TSCONFIG_GET(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f00000003c0)={&(0x7f0000000300)={0x98, r1, 0x20, 0x70bd2b, 0x25dfdbfe, {}, [@ETHTOOL_A_TSCONFIG_HEADER={0x30, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'tunl0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x80000001}]}, @ETHTOOL_A_TSCONFIG_HEADER={0x54, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_virt_wifi\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_bond\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1000}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x7}]}]}, 0x98}, 0x1, 0x0, 0x0, 0x400c4}, 0x4000010) r6 = socket(0x10, 0x2, 0x0) open(&(0x7f00000000c0)='./cgroup\x00', 0x80400, 0xb5d1af1605322dd2) sendmmsg$auto(r6, &(0x7f0000000080)={{0x0, 0x8002, &(0x7f00000002c0)={0x0, 0xc4}, 0x2, 0x0, 0x0, 0x1}, 0x5}, 0x3, 0x0) 6.042100254s ago: executing program 1 (id=2448): mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) socket(0x10, 0x2, 0x0) socket(0x2c, 0x3, 0x0) socket(0x15, 0x5, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x3, 0x100) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x801, 0x84) socket(0x10, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x801, 0x84) socket(0x2, 0x801, 0x106) socket(0xa, 0x2, 0x0) socket(0xa, 0x2, 0x3a) io_uring_setup$auto(0x6, 0x0) r0 = socket(0xa, 0x2, 0x88) bpf$auto(0x0, &(0x7f0000000000)=@link_update={r0, @new_prog_fd=0x4, 0x8, @old_prog_fd=r0}, 0xa3) 5.834041728s ago: executing program 2 (id=2449): mmap$auto(0x7, 0x400008, 0x1200400000000cd, 0x400049b72, 0xffffffffffffffff, 0x7ff) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x0, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x2) r0 = socket(0x2, 0xa, 0x1) bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_4={0x1f, r0, 0x10000}, 0x10) socket(0xa, 0x1, 0x84) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(0xffffffffffffffff, 0x0, 0x100000abdb) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0xff010000, 0x240007, 0x19) mmap$auto(0x0, 0x40, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) setsockopt$auto(0xffffffffffffffff, 0x6, 0x3, 0x0, 0xa1) syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) unshare$auto(0x40000080) ioctl$auto(0xffffffffffffffff, 0x6f2d, 0xffffffffffffffff) openat$auto_tracing_fops_trace(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/tracing/trace\x00', 0x1a6b75d638828712, 0x0) openat$auto_tracing_free_buffer_fops_trace(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/tracing/free_buffer\x00', 0x4c000, 0xebff) 5.341032089s ago: executing program 1 (id=2450): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/system/memory/memory12/power/control\x00', 0x100, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x8c00, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0x8030ae7c, r0) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) syz_genetlink_get_family_id$auto_smc_pnetid(0x0, 0xffffffffffffffff) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f0000000100)='/proc/self/schedstat\x00', 0x100800, 0x0) r2 = socket(0x10, 0x2, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0x0, 0x1, 0x9, 0x7, 0x38, 0x3ff, 0x1ffde, 0x7, 0x6, 0x2, 0x9, 0x2, 0x6, 0x4, 0xb2, 0x9, 0x0, 0xfffd, 0x80, 0x7, 0x40000, 0x7, 0x2000, 0x200, 0x0, 0x81, 0x0, 0x7, 0x0, 0x0, 0x0, [0x1, 0x6, 0x4, 0x0, 0x0, 0x0, 0x2, 0xfffffffffffffffe, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x4, 0x0, 0x6, 0x0, 0xfffffffffffffffc, 0x0, 0x8000000000000000, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x5]}, 0x202, 0xd) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="10002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) sendmmsg$auto(r2, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x5}, 0x7, 0x0) 4.945981791s ago: executing program 2 (id=2451): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x3fd, 0x8000) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/irq/2/name\x00', 0x800, 0x0) read$auto(r0, 0x0, 0x1) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x9, 0x1f, 0x940, 0x1ffde, 0x3, 0x6, 0x8000003, 0x9, 0x5, 0x0, 0x4, 0xb0, 0x7, 0x200, 0x3, 0x205, 0x7, 0x0, 0x3ffff, 0x0, 0x3, 0x7069, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, [0x0, 0x0, 0x0, 0x8, 0x5, 0x8000004, 0x0, 0x100000000000000, 0xfffffffffffffffb, 0x0, 0x0, 0x0, 0x1, 0x0, 0x3, 0x0, 0x0, 0x0, 0x1, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000, 0x0, 0x100000000, 0x0, 0x8000000000000001, 0x0, 0x1, 0x0, 0x0, 0xfff, 0x4, 0x0, 0x0, 0x2000000000000000]}, 0x203, 0x7d) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) r1 = socket(0x10, 0x2, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_ioam6(&(0x7f0000000000), r2) sendmsg$auto_IOAM6_CMD_ADD_SCHEMA(r2, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000008c0)={&(0x7f0000000480)={0x20, r3, 0x1, 0x70bd2a, 0x25dfdbfb, {0x4, 0x0, 0x900}, [@IOAM6_ATTR_SC_DATA={0x4}, @IOAM6_ATTR_SC_ID={0x8, 0x4, 0x9}]}, 0x20}, 0x1, 0x3000700, 0x0, 0x1}, 0x8010) sendmsg$auto_IOAM6_CMD_DEL_NAMESPACE(r1, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x24, r3, 0x200, 0x70bd27, 0x25dfdbff, {}, [@IOAM6_ATTR_NS_ID={0x6, 0x1, 0xf}, @IOAM6_ATTR_NS_ID={0x6, 0x1, 0x81}]}, 0x24}}, 0x4000000) sendmmsg$auto(r1, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x4008) r4 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ttyS0\x00', 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff) ioctl$auto(r4, 0x542e, r4) 4.803082459s ago: executing program 0 (id=2452): close_range$auto(0x2, 0x8, 0x0) socket(0xa, 0x2, 0x0) r0 = socket(0xa, 0x3, 0x3) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) socket(0xa, 0x1, 0x6) socket(0x11, 0x80003, 0x300) socket(0x10, 0x2, 0x0) socket(0x2, 0x3, 0x2) socket(0x2, 0x3, 0x104) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0xa, 0xdb, 0x9b72, 0x5, 0x8000) socket(0x2, 0x1, 0x0) socketpair$auto(0x3, 0x5, 0x7, 0x0) bind$auto(r0, 0x0, 0x6f) connect$auto(r0, 0x0, 0x55) 4.760273549s ago: executing program 3 (id=2453): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) fallocate$auto(0x8000000000000003, 0x0, 0x9, 0x4cbd5d) mmap$auto(0xfffffffffffffff9, 0x2000a, 0x100000000009f, 0xeb2, 0x401, 0x8000) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000180)='/dev/input/event0\x00', 0x668401, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0xa001, 0x0) write$auto(0xffffffffffffffff, &(0x7f00000000c0)='/dev/audio1\x00', 0x100000a3d9) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000000)={{0x0, 0x2, 0x0, 0x3, 0x0, 0xfffffffffffffffc, 0x2}, 0xed7138c}, 0x2, 0x9) cachestat$auto(0xffffffffffffffff, &(0x7f0000000640)={0x8, 0x4000000000008}, 0x0, 0x0) r0 = socket(0xa, 0x5, 0x84) sendto$auto(r0, 0x0, 0x401, 0x7f, &(0x7f0000000000)=@generic={0xa, "e2e18340cba8fe80000700"}, 0x1c) 4.255062974s ago: executing program 0 (id=2454): mmap$auto(0x0, 0x2020009, 0x3, 0xeb2, 0xfffffffffffffffb, 0x8000) set_mempolicy$auto(0x3, &(0x7f0000000000)=0x7, 0x9) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) io_uring_setup$auto(0x6, 0x0) r0 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000180)='/dev/snd/controlC0\x00', 0xa0681, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_LOCK(r0, 0x40405514, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x40000008000) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NBD_CMD_DISCONNECT(r1, 0x0, 0x2404c800) memfd_create$auto(&(0x7f0000000080)='(+\x00', 0x6) kexec_load$auto(0x80000001, 0x2, &(0x7f0000000040)={@kbuf=0x0, 0xeb, 0x4800c000, 0x800c000}, 0x4) mmap$auto(0x4, 0x7, 0x3, 0x1d, 0xffffffffffffffff, 0x7) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptyr5\x00', 0x0, 0x0) ioctl$auto_TIOCSWINSZ2(r2, 0x5414, 0x0) sendmmsg$auto(r2, 0x0, 0x1, 0x0) madvise$auto(0x0, 0x2003f0, 0x15) 3.97620897s ago: executing program 2 (id=2455): socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000040), 0xe0180, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) socket(0x15, 0x5, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket(0x11, 0x2, 0x73) pipe2$auto(0x0, 0x0) openat$auto_raw_fops_raw_gadget(0xffffffffffffff9c, &(0x7f0000000240), 0x101000, 0x0) io_uring_setup$auto(0x6, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0xea241, 0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptyu3\x00', 0x62902, 0x0) ioctl$auto_TIOCSETD2(r0, 0x5423, 0x0) ioctl$auto(0x3, 0xae41, 0xffffffffffffffff) 3.879559806s ago: executing program 1 (id=2456): mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x19) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) mmap$auto(0x0, 0x3, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) unshare$auto(0x40000080) sendmsg$auto_ETHTOOL_MSG_FEATURES_SET(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={0x0, 0x14}}, 0x24048004) futex$auto(0x0, 0x9, 0x3e, 0x0, 0x0, 0x0) r0 = openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x101001, 0x0) ioctl$auto_UI_DEV_SETUP(r0, 0x405c5503, &(0x7f00000000c0)={{0x9, 0xf2cf, 0x8, 0x80}, "6a034a07c7b82d90b69a39e32576f893fb4a3836d61c9100fefbbabea6ef9368c7996e841f3f1561d4992f726b0a6c36b0b2fd1678e816201cf562367fe6596824588a2e3d84ba165f00", 0xa}) ioctl$auto_UI_DEV_CREATE(r0, 0x5501, 0x0) writev$auto(r0, &(0x7f0000000340)={0x0, 0x500000}, 0x9) socket(0xa, 0x1, 0x84) 3.532015818s ago: executing program 3 (id=2457): openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/fail-nth\x00', 0x80d80, 0x0) mmap$auto(0x1, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) io_uring_setup$auto(0x59, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) openat$auto_trace_options_fops_trace(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/tracing/options/test_nop_accept\x00', 0x202041, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, 0x0, 0x20281, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) madvise$auto(0x0, 0xfffffffffffeffff, 0x15) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x0, 0x2020009, 0x203, 0xeb1, 0xfffffffffffffffa, 0x8000) unshare$auto(0x40000080) close_range$auto(0x2, 0x8, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/devices/platform/mac802154_hwsim/ieee802154/phy1/net/wpan1/queues/tx-0/byte_queue_limits/limit\x00', 0x181382, 0x0) write$auto(0x3, 0x0, 0x100082) 2.188283951s ago: executing program 0 (id=2458): write$auto(0xffffffffffffffff, 0x0, 0x3) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = open(&(0x7f0000000000)='./file0\x00', 0x4242, 0xe1d2b27bdc14aabc) r1 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/snd/controlC2\x00', 0xa802, 0x0) setresuid$auto(0xffffffffffffffff, 0x8, 0x8000) setfsuid$auto(0x0) umount2$auto(&(0x7f0000000200)='.\x00', 0xd) ioctl$auto_SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r1, 0xc0045516, &(0x7f0000000080)=0x551) read$auto(r1, 0x0, 0x3) fallocate$auto(r0, 0x0, 0x7, 0x4cbd5d) rename$auto(&(0x7f0000000480)='./file0\x00', &(0x7f0000000100)='./file1\x00') write$auto(r0, &(0x7f0000000040)='\x00', 0x1) mmap$auto(0x0, 0x128009, 0xdf, 0xeb1, 0x401, 0x8000) r2 = openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000140), 0x8000, 0x0) ioctl$auto_dvb_demux_fops_dmxdev(r2, 0x40026f33, 0x0) r3 = open(&(0x7f0000000100)='.\x00', 0x0, 0x0) getdents$auto(r3, 0x0, 0x62d4) 2.187756034s ago: executing program 2 (id=2459): socket(0x2, 0x3, 0xa) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x9, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0xe983, 0x6, 0xeb1, 0xffffffffffffffff, 0x8000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) mmap$auto(0x0, 0x10000000400008, 0xdf, 0x9b72, 0x2, 0x40000008000) socket(0xf, 0x3, 0x2) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x20401, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) sendmmsg$auto(0x3, &(0x7f0000000000)={{0x0, 0x2506, &(0x7f00000002c0)={0x0, 0xac}, 0x5, 0x0, 0x1, 0x3a32182}, 0xed7138b}, 0x2, 0x9) recvmmsg$auto(0x4, 0x0, 0x7, 0xe, 0x0) 1.409694727s ago: executing program 0 (id=2460): mmap$auto(0x0, 0x400, 0xdf, 0xeb1, 0x1272, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x100) r0 = socket(0x1d, 0x2, 0x7) r1 = socket(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'vcan0\x00', 0x0}) bind$auto(0x3, &(0x7f0000000040)=@can={0x1d, r2}, 0x6a) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'vcan0\x00', 0x0}) connect$auto(0x3, &(0x7f00000018c0)=@can={0x1d, r3}, 0x18) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xffcc}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r4 = socket(0x1d, 0x2, 0x7) r5 = socket(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000080)={'vcan0\x00', 0x0}) bind$auto(0x3, &(0x7f0000000040)=@can={0x1d, r6}, 0x6a) sendto$auto(r4, 0x0, 0xc, 0xfffffff8, &(0x7f0000000440)=@can={0x1d, r7}, 0x36) 1.27266199s ago: executing program 1 (id=2461): close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x2, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000001a80)='/dev/bus/usb/001/001\x00', 0x29202, 0x0) sigaltstack$auto(&(0x7f0000000100)={&(0x7f0000000080)="a5b254f5e0a2123cdbc6f4cb5e1785391b648c8408707303caa986a53de211cd82d5d2e7bb1a5b23ac22e31153c334c9757fb208a57f99ac4c40f778a639e2d47bf2b42228a3935a62c455bb963e967727d86c3714696df2e471e720", 0x9, 0x10000}, &(0x7f0000000180)={&(0x7f0000000140)="149c53238833c3fec7ee21b1bd52a86393d5c70b8ca5c7552ab3a6f4eae517e6e739ffa1db30f26b46e4dee5ade28f78bce068fb8ae6f0940035d0", 0x1000, 0x1}) unshare$auto(0x40000080) mmap$auto(0x0, 0x9, 0xffb, 0x8000000008011, 0x3, 0x0) move_pages$auto(0x0, 0x1002, 0x0, 0x0, 0x0, 0x2) getsockopt$auto_SO_PEERPIDFD(r0, 0xfffffff6, 0x4d, &(0x7f0000000000)='/dev/bus/usb/001/001\x00', 0x0) msgget$auto(0xc, 0x9) socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x3, 0x0) mmap$auto(0x0, 0x80, 0x4000000000de, 0xeb2, 0xffffffffffffffff, 0x8000) openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x101001, 0x0) io_uring_setup$auto(0x1, 0x0) openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, 0x0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) 1.087280988s ago: executing program 3 (id=2462): mmap$auto(0x0, 0xe97f, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0x0) socket(0x2, 0x3, 0xa) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) madvise$auto(0x0, 0xffffffffffff0001, 0x15) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) unshare$auto(0x40000080) setns(0xffffffffffffffff, 0x60020000) mount$auto(0x0, &(0x7f00000000c0)='.\x00', &(0x7f0000000180)='nfsd\x00', 0x8, 0x0) futex$auto(&(0x7f0000000040)=0xffffffff, 0xec, 0x8, &(0x7f0000000140)={0x0, 0x4}, &(0x7f00000001c0), 0x7) pivot_root$auto(&(0x7f0000000100)='..\x00', &(0x7f0000000340)='.\x00z\x86E\xb8\xf1\xcbx\xf6cu<\x0e\xd8\xa5\xcd~\xaf\x80\xd3\xf4\xe5\x02\xf9q p\xe2\x8b\xc0\xedf\xba\x16*\x8ar\xa0\'$A\xe5\xc5\x89\xcb\xd5\xac\x98,\xd4Pycv\xdd\xa1\x84\xfb\xe9\r\x82\x15P*IM\xf7.\xf3v\x85Q\xbc:\xef\xd5\x1a\x9e\xbck\x1d\x114^\x1b\x02\xa1\xb0(\xa2\xdb\xbc\x1a\t\x94\x14\xbb\xc8\xfa\x18I\xff\x7f\xab\xf0\x8f\xd3Gr\xfb5\xf1,\x11\x052u&\xde\x9aF\n\xf0\x06\xfc\x1b\x17\x82%\x14\xb3\x19\x13\f\xbe_\xfdi\x17\xfcv\x82*\xbf<\xfa5\xfd\x8b\x1d\x99\a`\xde\xf4\x8a,\tP) \xf4\xdc\r\x17x\xc6\x18Y\xeaaUY\xeb\xd2\x81\xbare\x00\x8e\xfdA\x93\xb9\xac\xf1\x0eq\x85\xd9\x90\x8a%K\x95\x8fm\v\x98y\x9bc-\xa7;\x117\x19)\x04\xb4\nJ\x0e\x1b\x97e\xee\xdb\xc3\xca\xfe\xa7y\x12\xff\xce') connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0xc, @empty}, 0x54) recvfrom$auto(0xffffffffffffffff, 0xfffffffffffffffc, 0x5, 0x99, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) ioctl$auto(0x3, 0x541b, 0x7f) 540.860595ms ago: executing program 2 (id=2463): mmap$auto(0x7, 0x400008, 0x1200400000000cd, 0x400049b72, 0xffffffffffffffff, 0x7ff) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x0, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x2) r0 = socket(0x2, 0xa, 0x1) bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_4={0x1f, r0, 0x10000}, 0x10) socket(0xa, 0x1, 0x84) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(0xffffffffffffffff, 0x0, 0x100000abdb) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0x240007, 0x19) mmap$auto(0x0, 0x40, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) setsockopt$auto(0xffffffffffffffff, 0x6, 0x3, 0x0, 0xa1) syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) unshare$auto(0x40000080) ioctl$auto(0xffffffffffffffff, 0x6f2d, 0xffffffffffffffff) openat$auto_tracing_fops_trace(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/tracing/trace\x00', 0x1a6b75d638828712, 0x0) openat$auto_tracing_free_buffer_fops_trace(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/tracing/free_buffer\x00', 0x4c000, 0xebff) 155.546518ms ago: executing program 0 (id=2464): r0 = socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) r1 = socket$nl_generic(0x10, 0x3, 0x10) poll$auto(&(0x7f0000003640)={r1, 0x7, 0x6}, 0x7, 0x3) r3 = syz_genetlink_get_family_id$auto_netdev(&(0x7f0000003900), r1) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000004c0)={'team_slave_0\x00', 0x0}) sendmsg$auto_NETDEV_CMD_QUEUE_GET(r2, &(0x7f00000039c0)={0x0, 0x0, &(0x7f0000003980)={&(0x7f0000000500)={0x1c, r3, 0x301, 0x70bd2e, 0x25dfdbfd, {}, [@NETDEV_A_QUEUE_IFINDEX={0x8, 0x2, r4}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000000}, 0xc4) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1\x00'}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'batadv0\x00', 0x0}) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'vlan1\x00'}) sendmsg$auto_NETDEV_CMD_DEV_GET(r0, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x24, r3, 0x4, 0x70bd2a, 0x25dfdbfc, {}, [@NETDEV_A_DEV_IFINDEX={0x8}, @NETDEV_A_DEV_IFINDEX={0x8, 0x1, r5}]}, 0x24}, 0x1, 0x0, 0x0, 0x4000008}, 0xc0000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) r6 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) write$auto_console_fops_tty_io(r6, &(0x7f0000001000)="5142651f911c17e9dd66bf94ea32689283bb895dbc0a97721ed6e250c974356905898b7d48acecddf280cf6dd4ba18c1aa3928071c6585025ceab0e2f34f37ddec138ea587fc4def825608b0ab2a6ecac42062bd3c58ba606307b7471b20a40ffa168b91dde6727571c4ec94bfbde1df90ccb265ffda374c98ffb1ee22069af38a3f200532dbbe5e98f4455170e9a137517b9b7b8840359940ab00f37125c2bec0ac36606b6c69edb35967d723fb81a15faea2bd280d1581ad1ef597bb4dc09f6a5d53aaff1877b77c4e425761dc09d34498c1fce72c0ba1041a99b8748a37597b9567cda1de2cbf6962798e5ee11bf7cb2c70a9502f33c43b8e5dc54de743a2e24cb94c22d669b434888a7ce4cb16cd77b324258e07af32adc0cb38f8c622085783f6804edc3913fb9e98c55713fa0bf8101ad0f6f43407ce4be0001d1bb201bec283ade79ab23484c1076e703864629ac9a6031533dc956f705f89f0e0ef7d3109e46859d1f2ad1b8cb3cfcedf868a3be101e8b9acd75e39e6a27a541aa9fe86ad3119b7049c3fad2a901222eb948cabb4b5c3e5ba6ffc02a15bf7d550b00ab0f3dd3002924f7bd0701269ae293c4cb231b9127d1f6b38dd6fbb3429905384eed7eed9330a9c5e732bdd510169d9ca3e420ea2102be3770a0ab598c037b8f01e8910cf8b0942aafb156ac90724cf552df158a7f59c26e62f3fcf32d860c2259cb1b3118a773ff3cfbaf9c5b068dade5cd7778f1ea98700629b62534735fef3071c30afa6ea26f7e651ec140936c07d9e90f1c9faef3e05376b1e121af6a6691616c10e19fd4f16b1858b44d99e597908cda0e8fa8c21d8b700987d7723a4b5a4ff3c371f2d1cb9fb2f054abc58727239ba67a173f1431083fedc7c4304488c13c75e4995a58ac9de085377356ddc5338aeb44e7f3d06f82a5e0c846159c881a0395a3dbf32a9f2530a520721431a752b13b01a89bdf2b38387b72e8a533936623ec396f6ef94ddfcca047bf20a6fe450a03dedb36a57355e2519ff579b5c63095f48407ece8a7c6c4f5b2582616f0a6bba059810c0a28355fb12dceec9e290026452c3135f8ad93f9617f22e590122d43f6fdc1ea0f9ec12c551b5127108443bb081f7a89660034ea4f3c4305108428cc91918dbba8c2a117f09609e40903b13055e92a727afa767b1f97df335ee729686c0113e4cc18aa50f4ad82b1d403cc6c11ac3bf63415560417d7d488df01b69c925ca3fce60ca7ac767fd11df61caf62f3ab67dad043faf1cc334903e0f419c2e97553ecaad5814bf097192e76e9a16bc5c9be932718aba32cd7dbcc6bc634a463c6f709cc81963b39442e710c14c7e107b0aeb7b6a0e3f3757860d10dd741863277c43ce4dcec49f4558959b08f59182baf4f250aa045fee383ceaec280817bf222dfbeeca8c1ec8473176326c1ffd49ea072b5f3c73f36865b6052a1595c1bb76cfe37f976848fbcb408381ddeff9c318a2e6bbfe6c18ef16531fec3c47874a5391238c0d6b0e033db3fce94127cc9c98a4211e5d873f7b4810846d96be2d6cac532fce0ddee737e4d1ddb65b8b2449984a897e4090449ed4fb4006fb9d133e51396d4664a3f0c395c5b24781f8389979ccb565c6461b66db7134d15cff5ae8f935a5bcb23caace2edd2b37a726575e3cb0528de05edd9f03e30feb617767b6a557280a0a288b52af44a1607b6063867e5c9d8d56c44968fd509b3983fa06e6b1eefb2f8cee0c1cb49b8b569cf13b77adbc22ce972cd718167ac571ee6d6088b541a446d13931f849d5636c729996b36ec84171fde260a4e01e9770cf687591a79833ae6473c51e12c0faab96ef093e6178d485526dbf775c94324c76bd4af2652e9036b1cc0d3df05c9232ee6eef7c4f46a6cf8ad160ad087aba6928bf156bf3ade1d135a965c4a2b283485737da67fe99227f2fbfb3baa74d75fe29122adfd82fcb9325b7ea826a52559654e76d494a374d9535facfcd4ab248e388c516bb8a0dc151b1557e418fd7c625c67ab1c50d6f05b97ba15c55631aeea44b21131aa93ead176f7bfd1418856e38782f004f272738827a64bb695f6b6a08cff8d1917be52a8851bd2bfd57d08bb0660e2ffc23792a419c2e9b006e3b0ad05044d99b97391fd2cceb86cf26acebe089a861340b04fd01e1baa70583032a30ea2e605217b80f7ee16d7e28be43d12bb2b67937dd26a8aeb84fef2f2d52f75232a400e7b279dcfc01953b0c46203477a50b5853e8f7b14b2ba31db742504bca6ed95b18846706c9fd85bf2a3a2642029b9ff2828bf0f7cbd96109a237961be8fe5c62f0fcc04c994f123f4a22f048403eac9308cfd2f2e4350c72e9ef83416ce973d3aa90d281a0275886dd3858b5869784ae58e257aa5af6d373dcc9cf520e364be748833adbb10daa6f6a334b51d27529d86ea5ce874562f9f93da45d244224b936fced3b658abbe7aa1f0d502fffce823f528ab47ea3540722f144733666229ae08cfc7e61247742ea4e3c180938ae7c7b81c1ee975c831f79672e044cefc49894c2ab73bba2580ac476cc0e56b6748b8edbb37a3f8dda7ffad4ec07abce7c4d10fc32e40d5a9db37f7b1e3a6eabedbefa9dd8eef189b92363d3391d384af26b7d47958d3d82845c9b668da5bcbd64058dc9e1c6d903ab5d2aa049d197116a11309a1abe9e5b3f9e7f1c623242b1d8089bc369d145a7070e8a9bdf543dbffe899ff9366009a3b0424a634681b530dad9ef23f136a10c7287068e57f3c2de45adf0a105c328e0035b97168f4c17aa4610b2e6e1a6ba0b71c06417b7a9497be4a009b19d7162adfd4d7b6490faf3782a920281333ad09b848ab5f4d15534b8c4e43dc9604b0630f8d349b2c80a98fde04693c31cbed7d460edfc0138dcc5d3974e682bbd555ac19625bf6e0607d8803391ec9c2dc41fc4e8bceae4f53507137324dd02914a067d52a577b812ddac4a34765c26a98839b3edb6290abff0c75991d6f8c1bd7540f38a7f25fec2f3539f894c938e1f3cf0ff1e6994d6a6ecc457a482f045ba712a85e8e31afd49c8e3480dc1c36d56ab2eceac6e5a847455d8ef4e3d45cd463c421bd1bce2ca57dd88f0e7ab3446cdfa8cb3914c240936f1738af7009e9131b240b59af55d7e38307b91fc8f00410cfdcfacaa341607a801afa63640091eb00b860700ea882878a8d9838f5597b970366be7d167ddebfe3c9253b5dbf7f30a67ee4d87dccb3c723c20200aa5fc036caf12811b19ce49c81ce328d7b24587353ecb99bafd327e33303cf447b36800d1bed8ee10df527d55c0d5f7506fb11cb1338074113579e665c6f3cffde5a8ee7fa7bf3f8157986cf7c1c5dbdedaacbe3946b3d8809dec7387f006c062b93b6b481a806e5544ddeea7218fcc15c25a88164bfd0735e6290167cb2dbf4b4a317ba00b1fc27d203a6cff71ef8fe97a97d8e07af2ce1d0a0a2aa9ede7dd0572325075c83c2ecf866aa01654eff55ebe4e489e72152e6a3090e2348732704eb02997ffd23a63faabfbbbd1", 0x9cb) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x8002, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x9}, 0x3, 0x0) 0s ago: executing program 1 (id=2465): mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0xffffffffffffffff, 0x8000) socket(0x2, 0x2, 0x0) bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x50) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x700, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) r0 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x801, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0xe8, 0x9, 0x2, 0x1, 0x5, 0x4, 0x15f4da0e, 0x8, 0x9, 0x100000000000000c, 0x8, 0x1, 0xfca, 0x9, 0x2, 0x4000000000000d]}, 0x0) pwrite64$auto(0xc8, &(0x7f0000000140)='\vX\xb5n\x91p\xe6\x1eRNM\x99\x86\xdde\x1cJ\x99\x00\x00\x00\x00,\x00\xfd\xfd\xd3\xd3\x1d\xf8\xbe\x01\x00\x00\x00\'\x03\x00\x00\x9f\x1e\xf9\xa4*\x01\x00\x00\x00^B\xb8\xe4j\t,\xe4\x90\xcc\x9d\xc5\x0fo\x84\xf4\x89\v\xea\x1b\x95\xafQ;CL\"\x01@\x00\x00\x00\x00\f\x00\xc0\x13\xc8\xe2\xae\xf5\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2E\xd8?\'\x8d\x81\x81O*&\xab\xaf\x94\x90\xd7\xa6+,\xc3\xc2g\x01JZ\xbb*\xb5\xa1;0\x81\x11\x9a?g`sFh\x00\x00,8\x93\xba\x88\x93\x9d\xb6\x1a\x7f\xc0%\xb0\x83ROJ+\x02\x9b#)\x9b\x17\x82\xd7\xee\xd1\xbf2[\xd6eWj\xdc\xac\x88\xf0\xa0\x99\xb0R\xb4J}\xa8\xa1\x84]F\xe0\x83/\xc0\xd8\x05f_\xfa\x19\a\x00\xf1\x12lwU&[\xde?\xde8\xf7\xc1\xa6\xf2\xc1\"\xact\xee\xc9\x00\x00\xff\xff\x00'/242, 0xfdf0, 0x39) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) getsockopt$auto_SO_RCVMARK(r0, 0x0, 0x4b, &(0x7f0000000000)='}\'.^\x00', &(0x7f00000000c0)=0x7) mmap$auto(0x0, 0x40009, 0x36, 0x9b72, 0x7, 0x28000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x6, 0x0) shutdown$auto(0x200000003, 0x2) mlockall$auto(0x7) kernel console output (not intermixed with test programs): ect_new_asoc+0x1c9/0x770 [ 324.464575][ T9651] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 324.464613][ T9651] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 324.464655][ T9651] sctp_sendmsg+0x171a/0x22b0 [ 324.464694][ T9651] ? __pfx_sctp_sendmsg+0x10/0x10 [ 324.464722][ T9651] ? do_user_addr_fault+0x8d6/0x12f0 [ 324.464767][ T9651] ? aa_sk_perm+0x2de/0xb40 [ 324.464813][ T9651] ? __pfx_aa_sk_perm+0x10/0x10 [ 324.464863][ T9651] ? __pfx_sctp_sendmsg+0x10/0x10 [ 324.464895][ T9651] inet_sendmsg+0x11c/0x140 [ 324.464928][ T9651] ____sys_sendmsg+0x9ad/0xc30 [ 324.464960][ T9651] ? __pfx_____sys_sendmsg+0x10/0x10 [ 324.465015][ T9651] ___sys_sendmsg+0x190/0x1e0 [ 324.465049][ T9651] ? __pfx____sys_sendmsg+0x10/0x10 [ 324.465098][ T9651] ? find_held_lock+0x2b/0x80 [ 324.465162][ T9651] __sys_sendmmsg+0x205/0x430 [ 324.465208][ T9651] ? __pfx___sys_sendmmsg+0x10/0x10 [ 324.465259][ T9651] ? find_held_lock+0x2b/0x80 [ 324.465296][ T9651] ? count_memcg_events_mm.constprop.0+0xfa/0x2a0 [ 324.465348][ T9651] ? exc_page_fault+0x6f/0xd0 [ 324.465398][ T9651] __x64_sys_sendmmsg+0x9c/0x100 [ 324.465437][ T9651] ? lockdep_hardirqs_on+0x78/0x100 [ 324.465479][ T9651] do_syscall_64+0x106/0xf80 [ 324.465517][ T9651] ? clear_bhb_loop+0x40/0x90 [ 324.465553][ T9651] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 324.465581][ T9651] RIP: 0033:0x7fd9d599bf79 [ 324.465605][ T9651] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 324.465633][ T9651] RSP: 002b:00007fd9d677d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 324.465668][ T9651] RAX: ffffffffffffffda RBX: 00007fd9d5c15fa0 RCX: 00007fd9d599bf79 [ 324.465688][ T9651] RDX: 0000000000000008 RSI: 0000200000000140 RDI: 0000000000000004 [ 324.465706][ T9651] RBP: 00007fd9d5a327e0 R08: 0000000000000000 R09: 0000000000000000 [ 324.465723][ T9651] R10: 0000000000000311 R11: 0000000000000246 R12: 0000000000000000 [ 324.465740][ T9651] R13: 00007fd9d5c16038 R14: 00007fd9d5c15fa0 R15: 00007ffe98cfcd48 [ 324.465779][ T9651] [ 325.353200][ T9659] Process accounting resumed [ 326.119767][ T9682] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1175'. [ 326.330819][ T9686] netlink: 338 bytes leftover after parsing attributes in process `syz.1.1176'. [ 326.426242][ T9686] netlink: 338 bytes leftover after parsing attributes in process `syz.1.1176'. [ 326.466528][ T9686] netlink: 290 bytes leftover after parsing attributes in process `syz.1.1176'. [ 327.825542][ T9712] FAULT_INJECTION: forcing a failure. [ 327.825542][ T9712] name failslab, interval 1, probability 0, space 0, times 0 [ 327.825588][ T9712] CPU: 0 UID: 0 PID: 9712 Comm: syz.2.1183 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 327.825642][ T9712] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 327.825667][ T9712] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 327.825685][ T9712] Call Trace: [ 327.825694][ T9712] [ 327.825705][ T9712] dump_stack_lvl+0x100/0x190 [ 327.825750][ T9712] should_fail_ex.cold+0x5/0xa [ 327.825779][ T9712] should_failslab+0xc2/0x120 [ 327.825816][ T9712] __kmalloc_cache_noprof+0x7a/0x6f0 [ 327.825843][ T9712] ? copy_ipcs+0x10d/0x7e0 [ 327.825888][ T9712] copy_ipcs+0x10d/0x7e0 [ 327.825929][ T9712] create_new_namespaces+0x20a/0xac0 [ 327.825971][ T9712] ? security_capable+0x80/0x260 [ 327.826008][ T9712] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 327.826054][ T9712] ksys_unshare+0x455/0xab0 [ 327.826089][ T9712] ? __pfx_ksys_unshare+0x10/0x10 [ 327.826115][ T9712] ? xfd_validate_state+0x129/0x190 [ 327.826155][ T9712] __x64_sys_unshare+0x31/0x40 [ 327.826184][ T9712] do_syscall_64+0x106/0xf80 [ 327.826224][ T9712] ? clear_bhb_loop+0x40/0x90 [ 327.826255][ T9712] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 327.826283][ T9712] RIP: 0033:0x7fd9d599bf79 [ 327.826306][ T9712] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 327.826333][ T9712] RSP: 002b:00007fd9d3bf6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 327.826359][ T9712] RAX: ffffffffffffffda RBX: 00007fd9d5c16090 RCX: 00007fd9d599bf79 [ 327.826379][ T9712] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000006c000000 [ 327.826396][ T9712] RBP: 00007fd9d5a327e0 R08: 0000000000000000 R09: 0000000000000000 [ 327.826412][ T9712] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 327.826428][ T9712] R13: 00007fd9d5c16128 R14: 00007fd9d5c16090 R15: 00007ffe98cfcd48 [ 327.826466][ T9712] [ 328.736123][ T9716] netlink: 330 bytes leftover after parsing attributes in process `syz.3.1185'. [ 331.452185][ T9773] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1203'. [ 331.587802][ T9773] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 331.595395][ T9773] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 331.634126][ T9773] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 331.716296][ T9773] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 331.870694][ T9780] FAULT_INJECTION: forcing a failure. [ 331.870694][ T9780] name failslab, interval 1, probability 0, space 0, times 0 [ 331.910921][ T9780] CPU: 0 UID: 0 PID: 9780 Comm: syz.3.1206 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 331.910983][ T9780] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 331.910999][ T9780] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 331.911016][ T9780] Call Trace: [ 331.911025][ T9780] [ 331.911035][ T9780] dump_stack_lvl+0x100/0x190 [ 331.911080][ T9780] should_fail_ex.cold+0x5/0xa [ 331.911110][ T9780] ? ima_alloc_init_template+0xb6/0x6d0 [ 331.911148][ T9780] should_failslab+0xc2/0x120 [ 331.911195][ T9780] __kmalloc_noprof+0xe0/0x850 [ 331.911224][ T9780] ? find_held_lock+0x2b/0x80 [ 331.911263][ T9780] ? take_dentry_name_snapshot+0x30b/0x7c0 [ 331.911313][ T9780] ima_alloc_init_template+0xb6/0x6d0 [ 331.911356][ T9780] ? take_dentry_name_snapshot+0x310/0x7c0 [ 331.911406][ T9780] ima_store_measurement+0x1e3/0x5b0 [ 331.911446][ T9780] ? __pfx_ima_store_measurement+0x10/0x10 [ 331.911499][ T9780] ? __pfx_ima_get_hash_algo+0x10/0x10 [ 331.911537][ T9780] process_measurement+0x19cc/0x2350 [ 331.911585][ T9780] ? __pfx_process_measurement+0x10/0x10 [ 331.911618][ T9780] ? kasan_save_stack+0x3f/0x50 [ 331.911649][ T9780] ? kasan_save_track+0x14/0x30 [ 331.911690][ T9780] ? find_held_lock+0x2b/0x80 [ 331.911730][ T9780] ? aa_file_perm+0x268/0x1530 [ 331.911799][ T9780] ima_file_mmap+0x1c4/0x1f0 [ 331.911834][ T9780] ? __pfx_ima_file_mmap+0x10/0x10 [ 331.911878][ T9780] security_mmap_file+0x278/0x9b0 [ 331.911922][ T9780] vm_mmap_pgoff+0xec/0x470 [ 331.911966][ T9780] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 331.912000][ T9780] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 331.912045][ T9780] ? hugetlbfs_get_inode+0x36e/0x6f0 [ 331.912088][ T9780] ksys_mmap_pgoff+0x1c4/0x5b0 [ 331.912134][ T9780] __x64_sys_mmap+0x125/0x190 [ 331.912184][ T9780] do_syscall_64+0x106/0xf80 [ 331.912224][ T9780] ? clear_bhb_loop+0x40/0x90 [ 331.912260][ T9780] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 331.912289][ T9780] RIP: 0033:0x7f567cf9bf79 [ 331.912312][ T9780] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 331.912340][ T9780] RSP: 002b:00007f567dde1028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 331.912366][ T9780] RAX: ffffffffffffffda RBX: 00007f567d216090 RCX: 00007f567cf9bf79 [ 331.912386][ T9780] RDX: 00004000000000df RSI: 0000000000000004 RDI: 0000000000000000 [ 331.912403][ T9780] RBP: 00007f567d0327e0 R08: 0000000000000401 R09: 0000300000000000 [ 331.912421][ T9780] R10: 0000000000040eb1 R11: 0000000000000246 R12: 0000000000000000 [ 331.912437][ T9780] R13: 00007f567d216128 R14: 00007f567d216090 R15: 00007ffe563c8278 [ 331.912476][ T9780] [ 332.237012][ T29] audit: type=1804 audit(4294967348.219:6): pid=9780 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=add_template_measure cause=ENOMEM comm="syz.3.1206" name="anon_hugepage" dev="hugetlbfs" ino=181697 res=0 errno=0 [ 332.860282][ T29] audit: type=1107 audit(4294967348.802:7): pid=9782 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 332.956224][ T29] audit: type=1107 audit(4294967348.812:8): pid=9782 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 333.758329][ T51] Bluetooth: hci2: command 0x0406 tx timeout [ 334.579338][ T9813] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1215'. [ 334.611512][ T9813] netlink: 'syz.1.1215': attribute type 1 has an invalid length. [ 334.627545][ T9813] netlink: 13 bytes leftover after parsing attributes in process `syz.1.1215'. [ 335.106202][ T5828] Bluetooth: hci1: unexpected subevent 0x03 length: 253 > 9 [ 337.030341][ T9847] netlink: 62 bytes leftover after parsing attributes in process `syz.1.1233'. [ 338.024477][ T5828] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 338.559785][ T9870] netlink: 306 bytes leftover after parsing attributes in process `syz.2.1232'. [ 338.704534][ T9874] random: crng reseeded on system resumption [ 338.883267][ T9874] hub 1-0:1.0: USB hub found [ 338.911018][ T9874] hub 1-0:1.0: 1 port detected [ 339.593404][ T5828] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 339.601263][ T5828] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection [ 340.315150][ T51] Bluetooth: hci3: unexpected subevent 0x03 length: 253 > 9 [ 340.704920][ T9909] sp0: Synchronizing with TNC [ 341.213097][ T9919] netlink: 'syz.1.1246': attribute type 16 has an invalid length. [ 341.232525][ T9919] netlink: 226 bytes leftover after parsing attributes in process `syz.1.1246'. [ 341.265242][ T9919] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1246'. [ 341.849635][ T9933] netlink: 'syz.0.1251': attribute type 1 has an invalid length. [ 341.870029][ T9933] netlink: 13 bytes leftover after parsing attributes in process `syz.0.1251'. [ 343.196619][ T51] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 343.602389][ T9957] netlink: 326 bytes leftover after parsing attributes in process `syz.0.1259'. [ 344.738428][ T51] Bluetooth: hci0: unexpected subevent 0x03 length: 253 > 9 [ 350.020587][T10068] random: crng reseeded on system resumption [ 350.283583][T10068] hub 1-0:1.0: USB hub found [ 350.315680][T10068] hub 1-0:1.0: 1 port detected [ 350.919855][T10089] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1290'. [ 351.007609][T10089] netlink: 13 bytes leftover after parsing attributes in process `syz.1.1290'. [ 352.882117][T10116] Process accounting paused [ 354.987683][T10162] netlink: 13 bytes leftover after parsing attributes in process `syz.1.1314'. [ 355.709907][T10174] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1316'. [ 355.760636][T10151] Process accounting paused [ 356.645246][T10186] random: crng reseeded on system resumption [ 357.169074][T10186] hub 1-0:1.0: USB hub found [ 357.300444][T10186] hub 1-0:1.0: 1 port detected [ 359.048661][T10223] FAULT_INJECTION: forcing a failure. [ 359.048661][T10223] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 359.193167][T10223] CPU: 1 UID: 0 PID: 10223 Comm: syz.2.1330 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 359.193228][T10223] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 359.193243][T10223] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 359.193259][T10223] Call Trace: [ 359.193267][T10223] [ 359.193278][T10223] dump_stack_lvl+0x100/0x190 [ 359.193323][T10223] should_fail_ex.cold+0x5/0xa [ 359.193350][T10223] ? prepare_alloc_pages+0x16d/0x5f0 [ 359.193395][T10223] should_fail_alloc_page+0xeb/0x140 [ 359.193434][T10223] prepare_alloc_pages+0x1f0/0x5f0 [ 359.193473][T10223] ? rcu_is_watching+0x12/0xc0 [ 359.193511][T10223] __alloc_frozen_pages_noprof+0x19a/0x2ae0 [ 359.193542][T10223] ? __alloc_frozen_pages_noprof+0x2b3/0x2ae0 [ 359.193573][T10223] ? __pfx_css_rstat_updated+0x10/0x10 [ 359.193627][T10223] ? find_held_lock+0x2b/0x80 [ 359.193662][T10223] ? rcu_read_unlock+0x17/0x60 [ 359.193700][T10223] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 359.193741][T10223] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 359.193773][T10223] ? page_counter_charge+0x1d2/0x240 [ 359.193818][T10223] ? rcu_is_watching+0x12/0xc0 [ 359.193850][T10223] ? trace_mm_page_alloc+0x10e/0x160 [ 359.193902][T10223] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 359.193941][T10223] ? policy_nodemask+0xed/0x4f0 [ 359.193980][T10223] alloc_pages_mpol+0x1fb/0x550 [ 359.194020][T10223] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 359.194056][T10223] ? do_raw_spin_lock+0x128/0x260 [ 359.194090][T10223] ? find_held_lock+0x2b/0x80 [ 359.194127][T10223] ? __pud_alloc+0x575/0x760 [ 359.194170][T10223] alloc_pages_noprof+0x131/0x390 [ 359.194210][T10223] __pmd_alloc+0x3b/0x9c0 [ 359.194247][T10223] ? __pud_alloc+0x57a/0x760 [ 359.194288][T10223] walk_to_pmd+0x3a3/0x4c0 [ 359.194331][T10223] get_locked_pte+0x25/0xc0 [ 359.194375][T10223] map_ldt_struct+0x3c1/0xa70 [ 359.194422][T10223] ? __pfx_map_ldt_struct+0x10/0x10 [ 359.194462][T10223] ? alloc_pages_noprof+0x233/0x390 [ 359.194507][T10223] write_ldt+0x6d3/0xd40 [ 359.194550][T10223] ? __pfx_write_ldt+0x10/0x10 [ 359.194588][T10223] ? fput+0x79/0x100 [ 359.194627][T10223] ? xfd_validate_state+0x129/0x190 [ 359.194671][T10223] __x64_sys_modify_ldt+0xb1/0x170 [ 359.194722][T10223] do_syscall_64+0x106/0xf80 [ 359.194763][T10223] ? clear_bhb_loop+0x40/0x90 [ 359.194797][T10223] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 359.194825][T10223] RIP: 0033:0x7fd9d599bf79 [ 359.194849][T10223] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 359.194876][T10223] RSP: 002b:00007fd9d677d028 EFLAGS: 00000246 ORIG_RAX: 000000000000009a [ 359.194900][T10223] RAX: ffffffffffffffda RBX: 00007fd9d5c15fa0 RCX: 00007fd9d599bf79 [ 359.194916][T10223] RDX: 0000000000000010 RSI: 00002000000001c0 RDI: 0000000000000001 [ 359.194932][T10223] RBP: 00007fd9d5a327e0 R08: 0000000000000000 R09: 0000000000000000 [ 359.194948][T10223] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 359.194963][T10223] R13: 00007fd9d5c16038 R14: 00007fd9d5c15fa0 R15: 00007ffe98cfcd48 [ 359.194999][T10223] [ 359.591338][ T29] audit: type=1800 audit(4294967375.661:9): pid=10228 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.1330" name="trace_marker" dev="tracefs" ino=1169 res=0 errno=0 [ 362.595080][T10286] netlink: 330 bytes leftover after parsing attributes in process `syz.0.1346'. [ 365.567181][ T51] Bluetooth: hci0: unexpected subevent 0x01 length: 3 < 18 [ 366.802569][T10368] netlink: 'syz.3.1366': attribute type 27 has an invalid length. [ 366.849217][T10368] netlink: 'syz.3.1366': attribute type 28 has an invalid length. [ 366.888407][T10368] netlink: 'syz.3.1366': attribute type 29 has an invalid length. [ 366.912945][T10368] netlink: 'syz.3.1366': attribute type 30 has an invalid length. [ 366.962869][T10368] netlink: 'syz.3.1366': attribute type 31 has an invalid length. [ 366.970731][T10368] netlink: 'syz.3.1366': attribute type 32 has an invalid length. [ 367.012554][T10368] netlink: 'syz.3.1366': attribute type 33 has an invalid length. [ 367.061896][T10368] netlink: 'syz.3.1366': attribute type 35 has an invalid length. [ 367.092040][T10368] netlink: 'syz.3.1366': attribute type 37 has an invalid length. [ 367.113011][T10372] netlink: 354 bytes leftover after parsing attributes in process `syz.1.1368'. [ 367.131292][T10368] netlink: 'syz.3.1366': attribute type 39 has an invalid length. [ 367.143506][T10368] netlink: 14 bytes leftover after parsing attributes in process `syz.3.1366'. [ 368.754090][ T51] Bluetooth: hci3: Malformed Event: 0x02 [ 369.222762][T10415] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1382'. [ 369.297669][T10415] netlink: 25 bytes leftover after parsing attributes in process `syz.1.1382'. [ 369.499147][T10428] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input10 [ 370.820230][T10451] sp0: Synchronizing with TNC [ 371.265299][T10467] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 371.623163][T10472] netlink: 44 bytes leftover after parsing attributes in process `syz.3.1399'. [ 371.712846][T10480] netlink: 44 bytes leftover after parsing attributes in process `syz.3.1399'. [ 372.166105][T10483] netlink: 186 bytes leftover after parsing attributes in process `syz.0.1411'. [ 375.099550][T10524] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1415'. [ 375.109921][T10524] netlink: 25 bytes leftover after parsing attributes in process `syz.2.1415'. [ 376.014365][T10535] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1416'. [ 376.077786][T10535] netlink: 13 bytes leftover after parsing attributes in process `syz.2.1416'. [ 376.821623][T10540] netlink: 25 bytes leftover after parsing attributes in process `syz.0.1419'. [ 376.861442][T10541] validate_nla: 1 callbacks suppressed [ 376.861464][T10541] netlink: 'syz.2.1418': attribute type 5 has an invalid length. [ 376.983007][T10541] netlink: 'syz.2.1418': attribute type 1 has an invalid length. [ 376.991226][T10542] netlink: 'syz.2.1418': attribute type 5 has an invalid length. [ 377.011839][T10542] netlink: 'syz.2.1418': attribute type 1 has an invalid length. [ 377.019664][T10542] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1418'. [ 377.050464][T10541] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1418'. [ 377.382661][T10546] netlink: 354 bytes leftover after parsing attributes in process `syz.3.1420'. [ 378.435297][T10572] syz.2.1429 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 380.749269][ T51] Bluetooth: hci1: unexpected event for opcode 0x7c89 [ 382.599096][ T1295] ieee802154 phy0 wpan0: encryption failed: -22 [ 382.605583][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 382.836305][T10616] Process accounting resumed [ 386.655882][T10623] Process accounting resumed [ 388.188257][T10667] netlink: 186 bytes leftover after parsing attributes in process `syz.1.1456'. [ 388.266497][T10664] netlink: 186 bytes leftover after parsing attributes in process `syz.1.1456'. [ 388.344221][T10669] netlink: 226 bytes leftover after parsing attributes in process `syz.0.1458'. [ 389.195664][T10681] netlink: 13 bytes leftover after parsing attributes in process `syz.0.1463'. [ 391.039529][T10685] kexec: Could not allocate control_code_buffer [ 391.884174][T10713] netlink: 'syz.3.1473': attribute type 4 has an invalid length. [ 391.891955][T10713] netlink: 'syz.3.1473': attribute type 32 has an invalid length. [ 391.935099][T10713] netlink: 46 bytes leftover after parsing attributes in process `syz.3.1473'. [ 392.345602][T10723] FAULT_INJECTION: forcing a failure. [ 392.345602][T10723] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 392.375896][T10723] CPU: 0 UID: 0 PID: 10723 Comm: syz.0.1476 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 392.375958][T10723] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 392.375973][T10723] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 392.375990][T10723] Call Trace: [ 392.375999][T10723] [ 392.376010][T10723] dump_stack_lvl+0x100/0x190 [ 392.376067][T10723] should_fail_ex.cold+0x5/0xa [ 392.376100][T10723] _copy_from_iter+0x43a/0x1690 [ 392.376152][T10723] ? __pfx__copy_from_iter+0x10/0x10 [ 392.376197][T10723] ? __alloc_skb+0x4e9/0x710 [ 392.376238][T10723] ? __pfx___alloc_skb+0x10/0x10 [ 392.376278][T10723] ? __asan_memset+0x23/0x50 [ 392.376306][T10723] ? skb_put+0x138/0x180 [ 392.376334][T10723] tipc_msg_build+0xa1e/0x1100 [ 392.376386][T10723] ? __pfx_tipc_msg_build+0x10/0x10 [ 392.376440][T10723] tipc_send_group_bcast+0x736/0xa20 [ 392.376497][T10723] ? __pfx_tipc_send_group_bcast+0x10/0x10 [ 392.376539][T10723] ? update_cfs_rq_load_avg+0x51/0x550 [ 392.376586][T10723] ? __pfx_woken_wake_function+0x10/0x10 [ 392.376624][T10723] ? __lock_acquire+0x4a5/0x2630 [ 392.376653][T10723] ? aa_label_sk_perm+0x194/0x5f0 [ 392.376706][T10723] ? __lock_acquire+0x4a5/0x2630 [ 392.376748][T10723] __tipc_sendmsg+0x4a3/0x1a80 [ 392.376790][T10723] ? __pfx___tipc_sendmsg+0x10/0x10 [ 392.376821][T10723] ? __lock_acquire+0x4a5/0x2630 [ 392.376848][T10723] ? __lock_acquire+0x4a5/0x2630 [ 392.376911][T10723] ? __local_bh_enable_ip+0x9e/0x120 [ 392.376956][T10723] tipc_sendmsg+0x4f/0x70 [ 392.376988][T10723] sock_write_iter+0x566/0x610 [ 392.377018][T10723] ? __pfx_sock_write_iter+0x10/0x10 [ 392.377044][T10723] ? futex_unqueue+0x133/0x2c0 [ 392.377068][T10723] ? futex_unqueue+0x133/0x2c0 [ 392.377104][T10723] ? __futex_wait+0x256/0x300 [ 392.377145][T10723] do_iter_readv_writev+0x6ee/0x920 [ 392.377188][T10723] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 392.377218][T10723] ? common_file_perm+0x1ab/0x4f0 [ 392.377266][T10723] ? bpf_lsm_file_permission+0x9/0x10 [ 392.377300][T10723] ? security_file_permission+0x76/0x210 [ 392.377344][T10723] ? rw_verify_area+0xce/0x6d0 [ 392.377376][T10723] vfs_writev+0x360/0xe10 [ 392.377416][T10723] ? __pfx_vfs_writev+0x10/0x10 [ 392.377477][T10723] ? __fget_files+0x21f/0x3d0 [ 392.377523][T10723] ? do_writev+0x28a/0x340 [ 392.377553][T10723] do_writev+0x28a/0x340 [ 392.377587][T10723] ? __pfx_do_writev+0x10/0x10 [ 392.377627][T10723] do_syscall_64+0x106/0xf80 [ 392.377667][T10723] ? clear_bhb_loop+0x40/0x90 [ 392.377699][T10723] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 392.377728][T10723] RIP: 0033:0x7f1f4d79bf79 [ 392.377752][T10723] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 392.377778][T10723] RSP: 002b:00007f1f4e65d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 392.377805][T10723] RAX: ffffffffffffffda RBX: 00007f1f4da15fa0 RCX: 00007f1f4d79bf79 [ 392.377822][T10723] RDX: 0000000000000008 RSI: 0000200000000100 RDI: 0000000000000003 [ 392.377838][T10723] RBP: 00007f1f4d8327e0 R08: 0000000000000000 R09: 0000000000000000 [ 392.377853][T10723] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 392.377869][T10723] R13: 00007f1f4da16038 R14: 00007f1f4da15fa0 R15: 00007ffdc76dbce8 [ 392.377907][T10723] [ 393.340346][T10734] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1487'. [ 393.933727][T10738] netlink: 330 bytes leftover after parsing attributes in process `syz.0.1480'. [ 395.269908][T10760] FAULT_INJECTION: forcing a failure. [ 395.269908][T10760] name fail_futex, interval 1, probability 0, space 0, times 1 [ 395.375313][T10760] CPU: 1 UID: 0 PID: 10760 Comm: syz.3.1486 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 395.375376][T10760] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 395.375391][T10760] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 395.375407][T10760] Call Trace: [ 395.375416][T10760] [ 395.375426][T10760] dump_stack_lvl+0x100/0x190 [ 395.375473][T10760] should_fail_ex.cold+0x5/0xa [ 395.375515][T10760] get_futex_key+0x1d2/0x1620 [ 395.375567][T10760] ? __pfx_get_futex_key+0x10/0x10 [ 395.375622][T10760] futex_wake+0xea/0x530 [ 395.375659][T10760] ? __pfx_futex_wake+0x10/0x10 [ 395.375691][T10760] ? __call_rcu_common.constprop.0+0x3f0/0x9b0 [ 395.375736][T10760] do_futex+0x32b/0x350 [ 395.375764][T10760] ? __pfx_do_futex+0x10/0x10 [ 395.375795][T10760] ? __pfx___might_resched+0x10/0x10 [ 395.375830][T10760] ? blkcg_maybe_throttle_current+0x5df/0xeb0 [ 395.375867][T10760] __x64_sys_futex+0x34f/0x4d0 [ 395.375899][T10760] ? __pfx_task_work_run+0x10/0x10 [ 395.375933][T10760] ? __pfx___x64_sys_futex+0x10/0x10 [ 395.375975][T10760] do_syscall_64+0x106/0xf80 [ 395.376013][T10760] ? clear_bhb_loop+0x40/0x90 [ 395.376047][T10760] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 395.376076][T10760] RIP: 0033:0x7f567cf9bf79 [ 395.376098][T10760] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 395.376126][T10760] RSP: 002b:00007f567dd9f0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 395.376153][T10760] RAX: ffffffffffffffda RBX: 00007f567d216278 RCX: 00007f567cf9bf79 [ 395.376173][T10760] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f567d21627c [ 395.376191][T10760] RBP: 00007f567d216270 R08: 0000000000000000 R09: 0000000000000000 [ 395.376207][T10760] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 395.376222][T10760] R13: 00007f567d216308 R14: 00007ffe563c8190 R15: 00007ffe563c8278 [ 395.376257][T10760] [ 397.542107][T10779] netlink: 13 bytes leftover after parsing attributes in process `syz.2.1493'. [ 397.736875][T10782] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1494'. [ 398.361956][T10794] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 398.999783][T10791] Page cache invalidation failure on direct I/O. Possible data corruption due to collision with buffered I/O! [ 399.115379][T10791] File: /dev/nullb0 PID: 10791 Comm: syz.0.1500 [ 400.768769][ T51] Bluetooth: hci3: unexpected event 0x3e length: 726 > 260 [ 400.768811][ T51] Bluetooth: hci3: unexpected subevent 0x0d length: 725 > 260 [ 400.784673][ T51] Bluetooth: hci3: Unknown advertising packet type: 0x7f [ 400.784738][ T51] Bluetooth: hci3: adv larger than maximum supported [ 400.793444][ T51] Bluetooth: hci3: adv larger than maximum supported [ 400.800226][ T51] Bluetooth: hci3: Malformed LE Event: 0x0d [ 400.963667][T10830] netlink: 246 bytes leftover after parsing attributes in process `syz.0.1511'. [ 401.483542][T10842] netlink: 186 bytes leftover after parsing attributes in process `syz.2.1514'. [ 402.804698][T10861] FAULT_INJECTION: forcing a failure. [ 402.804698][T10861] name failslab, interval 1, probability 0, space 0, times 0 [ 402.891155][T10861] CPU: 0 UID: 0 PID: 10861 Comm: syz.0.1520 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 402.891215][T10861] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 402.891231][T10861] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 402.891247][T10861] Call Trace: [ 402.891256][T10861] [ 402.891267][T10861] dump_stack_lvl+0x100/0x190 [ 402.891311][T10861] should_fail_ex.cold+0x5/0xa [ 402.891343][T10861] should_failslab+0xc2/0x120 [ 402.891382][T10861] __kmalloc_cache_noprof+0x7a/0x6f0 [ 402.891408][T10861] ? drm_atomic_helper_connector_duplicate_state+0x72/0xd0 [ 402.891449][T10861] drm_atomic_helper_connector_duplicate_state+0x72/0xd0 [ 402.891485][T10861] drm_atomic_get_connector_state+0x401/0x8f0 [ 402.891534][T10861] drm_atomic_add_affected_connectors+0x2e0/0x3f0 [ 402.891580][T10861] ? __pfx_drm_atomic_add_affected_connectors+0x10/0x10 [ 402.891626][T10861] ? modeset_lock+0x114/0x6d0 [ 402.891678][T10861] __drm_atomic_helper_set_config+0x5f6/0xee0 [ 402.891728][T10861] ? __pfx___drm_atomic_helper_set_config+0x10/0x10 [ 402.891774][T10861] ? drm_client_rotation+0x451/0x6a0 [ 402.891824][T10861] drm_client_modeset_commit_atomic+0x53d/0x7e0 [ 402.891878][T10861] ? __mutex_lock+0x26a/0x1b90 [ 402.891917][T10861] ? __pfx_drm_client_modeset_commit_atomic+0x10/0x10 [ 402.891961][T10861] ? trace_contention_end+0xd6/0x110 [ 402.891993][T10861] ? drm_master_internal_acquire+0x21/0x80 [ 402.892076][T10861] drm_client_modeset_commit_locked+0x14d/0x580 [ 402.892131][T10861] drm_client_modeset_commit+0x4f/0x80 [ 402.892164][T10861] __drm_fb_helper_restore_fbdev_mode_unlocked.part.0+0x137/0x160 [ 402.892215][T10861] drm_fb_helper_restore_fbdev_mode_unlocked+0x93/0xc0 [ 402.892264][T10861] drm_fbdev_client_restore+0x1b/0x30 [ 402.892299][T10861] ? __pfx_drm_fbdev_client_restore+0x10/0x10 [ 402.892334][T10861] drm_client_dev_restore+0x205/0x2a0 [ 402.892386][T10861] drm_release+0x2c6/0x360 [ 402.892426][T10861] ? __pfx_drm_release+0x10/0x10 [ 402.892466][T10861] __fput+0x3ff/0xb40 [ 402.892516][T10861] task_work_run+0x150/0x240 [ 402.892552][T10861] ? __pfx_task_work_run+0x10/0x10 [ 402.892598][T10861] exit_to_user_mode_loop+0x100/0x4a0 [ 402.892628][T10861] ? rcu_is_watching+0x12/0xc0 [ 402.892675][T10861] do_syscall_64+0x668/0xf80 [ 402.892714][T10861] ? clear_bhb_loop+0x40/0x90 [ 402.892749][T10861] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 402.892777][T10861] RIP: 0033:0x7f1f4d79bf79 [ 402.892801][T10861] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 402.892827][T10861] RSP: 002b:00007f1f4e65d028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 402.892853][T10861] RAX: 0000000000000000 RBX: 00007f1f4da15fa0 RCX: 00007f1f4d79bf79 [ 402.892871][T10861] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 402.892887][T10861] RBP: 00007f1f4d8327e0 R08: 0000000000000000 R09: 0000000000000000 [ 402.892903][T10861] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 402.892919][T10861] R13: 00007f1f4da16038 R14: 00007f1f4da15fa0 R15: 00007ffdc76dbce8 [ 402.892959][T10861] [ 405.425400][T10886] netlink: 'syz.0.1528': attribute type 10 has an invalid length. [ 405.472761][T10886] netlink: 330 bytes leftover after parsing attributes in process `syz.0.1528'. [ 406.855747][T10905] [U] [ 406.858876][T10905] [U] [ 406.861588][T10905] [U] [ 406.864287][T10905] [U] [ 406.925350][T10905] [U] [ 406.928107][T10905] [U] [ 406.930815][T10905] [U] [ 406.933514][T10905] [U] [ 406.956586][T10905] [U] [ 406.959337][T10905] [U] [ 406.962048][T10905] [U] [ 406.964751][T10905] [U] [ 406.974999][T10905] [U] [ 406.977742][T10905] [U] [ 406.980455][T10905] [U] [ 406.983178][T10905] [U] [ 407.014561][T10905] [U] [ 407.613259][T10923] FAULT_INJECTION: forcing a failure. [ 407.613259][T10923] name failslab, interval 1, probability 0, space 0, times 0 [ 407.741804][T10923] CPU: 1 UID: 0 PID: 10923 Comm: syz.0.1539 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 407.741867][T10923] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 407.741883][T10923] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 407.741900][T10923] Call Trace: [ 407.741909][T10923] [ 407.741919][T10923] dump_stack_lvl+0x100/0x190 [ 407.741965][T10923] should_fail_ex.cold+0x5/0xa [ 407.741997][T10923] should_failslab+0xc2/0x120 [ 407.742035][T10923] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 407.742067][T10923] ? __kernfs_new_node+0xd2/0x960 [ 407.742127][T10923] __kernfs_new_node+0xd2/0x960 [ 407.742172][T10923] ? kernfs_add_one+0x214/0x850 [ 407.742201][T10923] ? __pfx___kernfs_new_node+0x10/0x10 [ 407.742254][T10923] ? find_held_lock+0x2b/0x80 [ 407.742292][T10923] ? kernfs_root+0xee/0x2a0 [ 407.742332][T10923] ? kernfs_root+0xee/0x2a0 [ 407.742382][T10923] kernfs_new_node+0x11b/0x1a0 [ 407.742417][T10923] kernfs_create_link+0xcc/0x240 [ 407.742456][T10923] sysfs_do_create_link_sd+0x90/0x140 [ 407.742501][T10923] sysfs_create_link+0x61/0xc0 [ 407.742543][T10923] device_add+0x553/0x1950 [ 407.742585][T10923] ? __pfx_device_add+0x10/0x10 [ 407.742622][T10923] ? kfree+0x2a0/0x670 [ 407.742660][T10923] device_create_groups_vargs+0x1f8/0x270 [ 407.742707][T10923] device_create+0xed/0x130 [ 407.742748][T10923] ? __pfx_device_create+0x10/0x10 [ 407.742793][T10923] ? timer_init_key+0x14c/0x2c0 [ 407.742840][T10923] ? ieee80211_roc_setup+0x136/0x270 [ 407.742878][T10923] ? ieee80211_alloc_hw_nm+0x19c3/0x22a0 [ 407.742929][T10923] mac80211_hwsim_new_radio+0x37f/0x57d0 [ 407.742980][T10923] ? __asan_memset+0x23/0x50 [ 407.743009][T10923] ? __nla_validate_parse+0x1e7/0x28b0 [ 407.743042][T10923] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 407.743087][T10923] hwsim_new_radio_nl+0xc1f/0x1340 [ 407.743129][T10923] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 407.743175][T10923] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1aa/0x290 [ 407.743208][T10923] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1b4/0x290 [ 407.743247][T10923] genl_family_rcv_msg_doit+0x214/0x300 [ 407.743280][T10923] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 407.743309][T10923] ? genl_get_cmd+0x3ef/0x720 [ 407.743363][T10923] ? bpf_lsm_capable+0x9/0x10 [ 407.743401][T10923] ? security_capable+0x80/0x260 [ 407.743436][T10923] ? ns_capable+0xd2/0xf0 [ 407.743479][T10923] genl_rcv_msg+0x560/0x800 [ 407.743511][T10923] ? __pfx_genl_rcv_msg+0x10/0x10 [ 407.743541][T10923] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 407.743588][T10923] netlink_rcv_skb+0x159/0x420 [ 407.743630][T10923] ? __pfx_genl_rcv_msg+0x10/0x10 [ 407.743660][T10923] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 407.743718][T10923] ? netlink_deliver_tap+0x1ae/0xcc0 [ 407.743763][T10923] genl_rcv+0x28/0x40 [ 407.743787][T10923] netlink_unicast+0x5aa/0x870 [ 407.743834][T10923] ? __pfx_netlink_unicast+0x10/0x10 [ 407.743891][T10923] netlink_sendmsg+0x8b0/0xda0 [ 407.743940][T10923] ? __pfx_netlink_sendmsg+0x10/0x10 [ 407.743979][T10923] ? __import_iovec+0x1d2/0x640 [ 407.744025][T10923] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 407.744067][T10923] ____sys_sendmsg+0xa54/0xc30 [ 407.744100][T10923] ? __pfx_____sys_sendmsg+0x10/0x10 [ 407.744143][T10923] ? try_to_wake_up+0x644/0x1a80 [ 407.744192][T10923] ___sys_sendmsg+0x190/0x1e0 [ 407.744226][T10923] ? __pfx____sys_sendmsg+0x10/0x10 [ 407.744257][T10923] ? futex_private_hash_put+0x107/0x1c0 [ 407.744345][T10923] __sys_sendmsg+0x170/0x220 [ 407.744385][T10923] ? __pfx___sys_sendmsg+0x10/0x10 [ 407.744423][T10923] ? __x64_sys_futex+0x34f/0x4d0 [ 407.744475][T10923] do_syscall_64+0x106/0xf80 [ 407.744514][T10923] ? clear_bhb_loop+0x40/0x90 [ 407.744550][T10923] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 407.744576][T10923] RIP: 0033:0x7f1f4d79bf79 [ 407.744599][T10923] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 407.744626][T10923] RSP: 002b:00007f1f4e65d028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 407.744653][T10923] RAX: ffffffffffffffda RBX: 00007f1f4da15fa0 RCX: 00007f1f4d79bf79 [ 407.744671][T10923] RDX: 0000000000008000 RSI: 0000200000000200 RDI: 0000000000000006 [ 407.744689][T10923] RBP: 00007f1f4d8327e0 R08: 0000000000000000 R09: 0000000000000000 [ 407.744706][T10923] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 407.744722][T10923] R13: 00007f1f4da16038 R14: 00007f1f4da15fa0 R15: 00007ffdc76dbce8 [ 407.744761][T10923] [ 410.241194][T10940] netlink: 342 bytes leftover after parsing attributes in process `syz.1.1543'. [ 412.862789][T10976] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1555'. [ 412.942484][T10976] netlink: 25 bytes leftover after parsing attributes in process `syz.3.1555'. [ 413.475132][T10972] Process accounting paused [ 413.602277][T10980] zswap: compressor not available [ 414.649335][T10999] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1561'. [ 415.519846][T11010] FAULT_INJECTION: forcing a failure. [ 415.519846][T11010] name failslab, interval 1, probability 0, space 0, times 0 [ 415.532694][T11010] CPU: 1 UID: 0 PID: 11010 Comm: syz.2.1564 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 415.532823][T11010] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 415.532861][T11010] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 415.532897][T11010] Call Trace: [ 415.532915][T11010] [ 415.532937][T11010] dump_stack_lvl+0x100/0x190 [ 415.532986][T11010] should_fail_ex.cold+0x5/0xa [ 415.533019][T11010] should_failslab+0xc2/0x120 [ 415.533058][T11010] __kmalloc_cache_noprof+0x7a/0x6f0 [ 415.533085][T11010] ? alloc_super+0x52/0xd20 [ 415.533124][T11010] alloc_super+0x52/0xd20 [ 415.533159][T11010] ? __pfx_mqueue_fill_super+0x10/0x10 [ 415.533192][T11010] sget_fc+0x117/0xc70 [ 415.533224][T11010] ? __pfx_set_anon_super_fc+0x10/0x10 [ 415.533255][T11010] ? __pfx_mqueue_fill_super+0x10/0x10 [ 415.533287][T11010] get_tree_nodev+0x28/0x190 [ 415.533323][T11010] mqueue_get_tree+0xf1/0x130 [ 415.533355][T11010] vfs_get_tree+0x92/0x320 [ 415.533384][T11010] fc_mount_longterm+0x1a/0x270 [ 415.533416][T11010] mq_init_ns+0x482/0x820 [ 415.533462][T11010] copy_ipcs+0x3dd/0x7e0 [ 415.533502][T11010] create_new_namespaces+0x20a/0xac0 [ 415.533544][T11010] ? security_capable+0x80/0x260 [ 415.533583][T11010] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 415.533629][T11010] ksys_unshare+0x455/0xab0 [ 415.533663][T11010] ? __pfx_ksys_unshare+0x10/0x10 [ 415.533694][T11010] ? xfd_validate_state+0x129/0x190 [ 415.533740][T11010] __x64_sys_unshare+0x31/0x40 [ 415.533769][T11010] do_syscall_64+0x106/0xf80 [ 415.533808][T11010] ? clear_bhb_loop+0x40/0x90 [ 415.533843][T11010] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 415.533871][T11010] RIP: 0033:0x7fd9d599bf79 [ 415.533895][T11010] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 415.533923][T11010] RSP: 002b:00007fd9d677d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 415.533950][T11010] RAX: ffffffffffffffda RBX: 00007fd9d5c15fa0 RCX: 00007fd9d599bf79 [ 415.533969][T11010] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000006c000000 [ 415.533986][T11010] RBP: 00007fd9d5a327e0 R08: 0000000000000000 R09: 0000000000000000 [ 415.534004][T11010] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 415.534021][T11010] R13: 00007fd9d5c16038 R14: 00007fd9d5c15fa0 R15: 00007ffe98cfcd48 [ 415.534059][T11010] [ 415.929796][T11004] random: crng reseeded on system resumption [ 416.090460][ T51] Bluetooth: hci3: SCO packet for unknown connection handle 0 [ 416.724050][T11004] Process accounting paused [ 417.220611][T11020] netlink: 'syz.3.1566': attribute type 1 has an invalid length. [ 417.744215][T11027] netlink: 266 bytes leftover after parsing attributes in process `syz.2.1568'. [ 419.067679][T11045] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1575'. [ 419.078381][T11045] netlink: 354 bytes leftover after parsing attributes in process `syz.3.1575'. [ 419.391390][T11047] vcan0: tx drop: invalid sa for name 0x00000000000000fd [ 421.179508][T11073] netlink: 354 bytes leftover after parsing attributes in process `syz.2.1585'. [ 421.599930][T11082] netlink: 25 bytes leftover after parsing attributes in process `syz.2.1587'. [ 422.049194][T11088] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1590'. [ 422.507382][ T51] Bluetooth: hci1: unexpected event 0x20 length: 123 > 7 [ 423.890580][T11117] smc: net device dummy0 applied user defined pnetid DUMMY0 [ 424.912084][T11123] netlink: 'syz.0.1599': attribute type 3 has an invalid length. [ 425.528516][T11128] netlink: 246 bytes leftover after parsing attributes in process `syz.1.1600'. [ 425.912442][T11132] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input11 [ 427.029785][T11133] base or size exceeds the MTRR width [ 428.018966][T11152] cougar: G6 mapped to space [ 430.811801][T11188] futex_wake_op: syz.3.1618 tries to shift op by -2048; fix this program [ 430.820458][T11188] futex_wake_op: syz.3.1618 tries to shift op by -2048; fix this program [ 431.254232][T11190] netlink: 86 bytes leftover after parsing attributes in process `syz.3.1619'. [ 431.403110][T11192] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1620'. [ 431.477721][T11192] netlink: 'syz.0.1620': attribute type 1 has an invalid length. [ 431.485538][T11192] netlink: 'syz.0.1620': attribute type 6 has an invalid length. [ 431.688782][T11194] sg_write: data in/out 262169/4198358 bytes for SCSI command 0x0-- guessing data in; [ 431.688782][T11194] program syz.3.1621 not setting count and/or reply_len properly [ 431.787979][T11194] program syz.3.1621 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 432.105667][ T51] Bluetooth: hci3: unexpected subevent 0x01 length: 3 < 18 [ 435.862022][T11234] base or size exceeds the MTRR width [ 436.325701][T11252] netlink: 'syz.0.1634': attribute type 1 has an invalid length. [ 436.381841][T11252] netlink: 306 bytes leftover after parsing attributes in process `syz.0.1634'. [ 437.419452][T11273] sg_write: data in/out 262169/4198358 bytes for SCSI command 0x0-- guessing data in; [ 437.419452][T11273] program syz.0.1642 not setting count and/or reply_len properly [ 437.493876][T11275] program syz.0.1642 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 439.650993][T11292] base or size exceeds the MTRR width [ 440.364873][T11301] netlink: 86 bytes leftover after parsing attributes in process `syz.2.1648'. [ 440.622350][ T51] Bluetooth: hci3: unexpected event 0x20 length: 123 > 7 [ 443.538546][T11332] Process accounting resumed [ 443.730049][ T1295] ieee802154 phy0 wpan0: encryption failed: -22 [ 443.736692][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 443.737314][T11343] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1661'. [ 444.241956][T11353] FAULT_INJECTION: forcing a failure. [ 444.241956][T11353] name failslab, interval 1, probability 0, space 0, times 0 [ 444.260778][T11353] CPU: 1 UID: 0 PID: 11353 Comm: syz.0.1664 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 444.260827][T11353] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 444.260843][T11353] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 444.260852][T11353] Call Trace: [ 444.260858][T11353] [ 444.260865][T11353] dump_stack_lvl+0x100/0x190 [ 444.260891][T11353] should_fail_ex.cold+0x5/0xa [ 444.260909][T11353] should_failslab+0xc2/0x120 [ 444.260930][T11353] __kmalloc_cache_noprof+0x7a/0x6f0 [ 444.260945][T11353] ? acpi_ds_call_control_method+0x300/0xab0 [ 444.260968][T11353] acpi_ds_call_control_method+0x300/0xab0 [ 444.260990][T11353] acpi_ps_parse_aml+0xacd/0x1120 [ 444.261016][T11353] acpi_ps_execute_method+0x5c4/0xe90 [ 444.261043][T11353] acpi_ns_evaluate+0x640/0x1670 [ 444.261063][T11353] acpi_evaluate_object+0x420/0xe00 [ 444.261081][T11353] ? kasan_save_stack+0x30/0x50 [ 444.261097][T11353] ? kasan_save_track+0x14/0x30 [ 444.261117][T11353] ? __pfx_acpi_evaluate_object+0x10/0x10 [ 444.261139][T11353] ? __pfx___might_resched+0x10/0x10 [ 444.261160][T11353] acpi_evaluate_integer+0xdf/0x220 [ 444.261177][T11353] ? __pfx_acpi_evaluate_integer+0x10/0x10 [ 444.261202][T11353] ? __pfx_status_show+0x10/0x10 [ 444.261221][T11353] status_show+0xa0/0x120 [ 444.261239][T11353] ? __pfx_status_show+0x10/0x10 [ 444.261263][T11353] dev_attr_show+0x52/0xa0 [ 444.261284][T11353] ? __pfx_dev_attr_show+0x10/0x10 [ 444.261303][T11353] sysfs_kf_seq_show+0x217/0x3a0 [ 444.261327][T11353] seq_read_iter+0x32f/0x1270 [ 444.261353][T11353] kernfs_fop_read_iter+0x46c/0x610 [ 444.261372][T11353] ? rw_verify_area+0xce/0x6d0 [ 444.261387][T11353] ? __pfx_kernfs_fop_read_iter+0x10/0x10 [ 444.261407][T11353] vfs_read+0x825/0xb30 [ 444.261426][T11353] ? __pfx_vfs_read+0x10/0x10 [ 444.261457][T11353] ksys_read+0x12a/0x250 [ 444.261474][T11353] ? __pfx_ksys_read+0x10/0x10 [ 444.261497][T11353] do_syscall_64+0x106/0xf80 [ 444.261517][T11353] ? clear_bhb_loop+0x40/0x90 [ 444.261535][T11353] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 444.261552][T11353] RIP: 0033:0x7f1f4d79bf79 [ 444.261573][T11353] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 444.261588][T11353] RSP: 002b:00007f1f4e65d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 444.261603][T11353] RAX: ffffffffffffffda RBX: 00007f1f4da15fa0 RCX: 00007f1f4d79bf79 [ 444.261613][T11353] RDX: 000000000000007a RSI: 0000200000000140 RDI: 0000000000000005 [ 444.261622][T11353] RBP: 00007f1f4d8327e0 R08: 0000000000000000 R09: 0000000000000000 [ 444.261631][T11353] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 444.261640][T11353] R13: 00007f1f4da16038 R14: 00007f1f4da15fa0 R15: 00007ffdc76dbce8 [ 444.261661][T11353] [ 444.261788][T11353] ACPI Error: Aborting method \_SB.LNKA._STA due to previous error (AE_NO_MEMORY) (20251212/psparse-529) [ 444.970556][T11358] netlink: 342 bytes leftover after parsing attributes in process `syz.0.1665'. [ 446.533887][T11378] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1672'. [ 447.315111][T11392] cougar: G6 mapped to space [ 448.091773][T11395] netlink: 'syz.1.1676': attribute type 29 has an invalid length. [ 448.288999][T11395] netlink: 'syz.1.1676': attribute type 30 has an invalid length. [ 448.338994][T11395] netlink: 'syz.1.1676': attribute type 31 has an invalid length. [ 448.374830][T11395] netlink: 'syz.1.1676': attribute type 32 has an invalid length. [ 448.414569][T11395] netlink: 'syz.1.1676': attribute type 33 has an invalid length. [ 448.448975][T11395] netlink: 'syz.1.1676': attribute type 35 has an invalid length. [ 448.507980][T11395] netlink: 'syz.1.1676': attribute type 37 has an invalid length. [ 448.527080][T11395] netlink: 18 bytes leftover after parsing attributes in process `syz.1.1676'. [ 448.619192][T11396] Process accounting resumed [ 449.869477][T11415] netlink: 252 bytes leftover after parsing attributes in process `syz.1.1683'. [ 449.926063][T11415] netlink: 252 bytes leftover after parsing attributes in process `syz.1.1683'. [ 450.424948][T11421] netlink: 29 bytes leftover after parsing attributes in process `syz.2.1685'. [ 450.450750][ T51] Bluetooth: hci2: unexpected event 0x02 length: 726 > 260 [ 453.276791][T11466] FAULT_INJECTION: forcing a failure. [ 453.276791][T11466] name failslab, interval 1, probability 0, space 0, times 0 [ 453.329360][T11466] CPU: 1 UID: 0 PID: 11466 Comm: syz.0.1693 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 453.329416][T11466] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 453.329429][T11466] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 453.329443][T11466] Call Trace: [ 453.329451][T11466] [ 453.329460][T11466] dump_stack_lvl+0x100/0x190 [ 453.329501][T11466] should_fail_ex.cold+0x5/0xa [ 453.329527][T11466] ? rfkill_alloc+0xac/0x300 [ 453.329551][T11466] should_failslab+0xc2/0x120 [ 453.329584][T11466] __kmalloc_noprof+0xe0/0x850 [ 453.329617][T11466] rfkill_alloc+0xac/0x300 [ 453.329645][T11466] wiphy_new_nm+0x136a/0x21a0 [ 453.329685][T11466] ? __pfx_ieee80211_emulate_remove_chanctx+0x10/0x10 [ 453.329725][T11466] ? __pfx_ieee80211_emulate_add_chanctx+0x10/0x10 [ 453.329760][T11466] ? __pfx_mac80211_hwsim_link_info_changed+0x10/0x10 [ 453.329800][T11466] ieee80211_alloc_hw_nm+0x1ac7/0x22a0 [ 453.329834][T11466] ? __local_bh_enable_ip+0x9e/0x120 [ 453.329875][T11466] mac80211_hwsim_new_radio+0x1e1/0x57d0 [ 453.329917][T11466] ? __asan_memset+0x23/0x50 [ 453.329943][T11466] ? __nla_validate_parse+0x1e7/0x28b0 [ 453.329974][T11466] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 453.330026][T11466] hwsim_new_radio_nl+0xc1f/0x1340 [ 453.330066][T11466] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 453.330106][T11466] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1aa/0x290 [ 453.330133][T11466] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1b4/0x290 [ 453.330165][T11466] genl_family_rcv_msg_doit+0x214/0x300 [ 453.330194][T11466] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 453.330220][T11466] ? genl_get_cmd+0x3ef/0x720 [ 453.330264][T11466] ? bpf_lsm_capable+0x9/0x10 [ 453.330305][T11466] ? security_capable+0x80/0x260 [ 453.330344][T11466] ? ns_capable+0xd2/0xf0 [ 453.330392][T11466] genl_rcv_msg+0x560/0x800 [ 453.330428][T11466] ? __pfx_genl_rcv_msg+0x10/0x10 [ 453.330460][T11466] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 453.330508][T11466] netlink_rcv_skb+0x159/0x420 [ 453.330552][T11466] ? __pfx_genl_rcv_msg+0x10/0x10 [ 453.330582][T11466] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 453.330636][T11466] ? netlink_deliver_tap+0x1ae/0xcc0 [ 453.330677][T11466] genl_rcv+0x28/0x40 [ 453.330697][T11466] netlink_unicast+0x5aa/0x870 [ 453.330739][T11466] ? __pfx_netlink_unicast+0x10/0x10 [ 453.330796][T11466] netlink_sendmsg+0x8b0/0xda0 [ 453.330838][T11466] ? __pfx_netlink_sendmsg+0x10/0x10 [ 453.330874][T11466] ? __import_iovec+0x1d2/0x640 [ 453.330915][T11466] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 453.330953][T11466] ____sys_sendmsg+0xa54/0xc30 [ 453.330983][T11466] ? __pfx_____sys_sendmsg+0x10/0x10 [ 453.331021][T11466] ? try_to_wake_up+0x644/0x1a80 [ 453.331067][T11466] ___sys_sendmsg+0x190/0x1e0 [ 453.331098][T11466] ? __pfx____sys_sendmsg+0x10/0x10 [ 453.331125][T11466] ? futex_private_hash_put+0x107/0x1c0 [ 453.331203][T11466] __sys_sendmsg+0x170/0x220 [ 453.331238][T11466] ? __pfx___sys_sendmsg+0x10/0x10 [ 453.331273][T11466] ? __x64_sys_futex+0x34f/0x4d0 [ 453.331321][T11466] do_syscall_64+0x106/0xf80 [ 453.331357][T11466] ? clear_bhb_loop+0x40/0x90 [ 453.331392][T11466] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 453.331421][T11466] RIP: 0033:0x7f1f4d79bf79 [ 453.331444][T11466] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 453.331470][T11466] RSP: 002b:00007f1f4e65d028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 453.331494][T11466] RAX: ffffffffffffffda RBX: 00007f1f4da15fa0 RCX: 00007f1f4d79bf79 [ 453.331512][T11466] RDX: 0000000000008000 RSI: 0000200000000200 RDI: 0000000000000007 [ 453.331529][T11466] RBP: 00007f1f4d8327e0 R08: 0000000000000000 R09: 0000000000000000 [ 453.331545][T11466] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 453.331560][T11466] R13: 00007f1f4da16038 R14: 00007f1f4da15fa0 R15: 00007ffdc76dbce8 [ 453.331594][T11466] [ 454.301662][T11475] netlink: 29 bytes leftover after parsing attributes in process `syz.0.1696'. [ 454.375944][ T51] Bluetooth: hci1: unexpected event 0x02 length: 726 > 260 [ 455.274858][T11482] FAULT_INJECTION: forcing a failure. [ 455.274858][T11482] name fail_futex, interval 1, probability 0, space 0, times 0 [ 455.314222][T11482] CPU: 1 UID: 0 PID: 11482 Comm: syz.3.1699 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 455.314280][T11482] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 455.314293][T11482] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 455.314308][T11482] Call Trace: [ 455.314316][T11482] [ 455.314325][T11482] dump_stack_lvl+0x100/0x190 [ 455.314367][T11482] should_fail_ex.cold+0x5/0xa [ 455.314397][T11482] get_futex_key+0x1d2/0x1620 [ 455.314443][T11482] ? __pfx_get_futex_key+0x10/0x10 [ 455.314480][T11482] ? lock_acquire+0x17c/0x330 [ 455.314519][T11482] futex_wake+0xea/0x530 [ 455.314554][T11482] ? __pfx_futex_wake+0x10/0x10 [ 455.314584][T11482] ? exit_mm_release+0x19/0x30 [ 455.314622][T11482] do_futex+0x32b/0x350 [ 455.314650][T11482] ? __pfx_do_futex+0x10/0x10 [ 455.314674][T11482] ? __might_fault+0xc5/0x140 [ 455.314712][T11482] mm_release+0x24a/0x2f0 [ 455.314751][T11482] do_exit+0x675/0x2a30 [ 455.314792][T11482] ? __pfx_do_exit+0x10/0x10 [ 455.314821][T11482] ? do_raw_spin_lock+0x128/0x260 [ 455.314853][T11482] ? find_held_lock+0x2b/0x80 [ 455.314887][T11482] ? get_signal+0x7e0/0x21e0 [ 455.314928][T11482] do_group_exit+0xd5/0x2a0 [ 455.314960][T11482] get_signal+0x1ec7/0x21e0 [ 455.315003][T11482] ? __lock_acquire+0x4a5/0x2630 [ 455.315034][T11482] ? __pfx_get_signal+0x10/0x10 [ 455.315073][T11482] ? do_futex+0x192/0x350 [ 455.315103][T11482] arch_do_signal_or_restart+0x91/0x770 [ 455.315130][T11482] ? find_held_lock+0x2b/0x80 [ 455.315164][T11482] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 455.315202][T11482] ? __pfx___x64_sys_futex+0x10/0x10 [ 455.315228][T11482] ? xfd_validate_state+0x129/0x190 [ 455.315267][T11482] exit_to_user_mode_loop+0x86/0x4a0 [ 455.315294][T11482] ? rcu_is_watching+0x12/0xc0 [ 455.315330][T11482] do_syscall_64+0x668/0xf80 [ 455.315365][T11482] ? clear_bhb_loop+0x40/0x90 [ 455.315397][T11482] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 455.315423][T11482] RIP: 0033:0x7f567cf9bf79 [ 455.315443][T11482] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 455.315468][T11482] RSP: 002b:00007f567dde10e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 455.315492][T11482] RAX: fffffffffffffe00 RBX: 00007f567d216098 RCX: 00007f567cf9bf79 [ 455.315508][T11482] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f567d216098 [ 455.315524][T11482] RBP: 00007f567d216090 R08: 0000000000000000 R09: 0000000000000000 [ 455.315539][T11482] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 455.315553][T11482] R13: 00007f567d216128 R14: 00007ffe563c8190 R15: 00007ffe563c8278 [ 455.315589][T11482] [ 455.663532][T11485] ubi31: attaching mtd0 [ 455.666215][T11485] ubi31: scanning is finished [ 455.666246][T11485] ubi31: empty MTD device detected [ 456.050703][T11485] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB) [ 456.063674][T11485] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3518 bytes [ 456.089259][T11485] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 456.096444][T11485] ubi31: VID header offset: 514 (aligned 514), data offset: 578 [ 456.158893][T11485] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 456.165795][T11485] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 20 [ 456.252090][T11485] ubi31: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 3077585304 [ 456.307030][T11485] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 456.320105][T11496] ubi31: background thread "ubi_bgt31d" started, PID 11496 [ 456.716449][T11508] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1715'. [ 458.534093][T11520] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1708'. [ 458.591885][T11520] netlink: 354 bytes leftover after parsing attributes in process `syz.3.1708'. [ 464.659901][T11595] FAULT_INJECTION: forcing a failure. [ 464.659901][T11595] name failslab, interval 1, probability 0, space 0, times 0 [ 464.708479][T11595] CPU: 1 UID: 0 PID: 11595 Comm: syz.2.1729 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 464.708544][T11595] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 464.708560][T11595] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 464.708576][T11595] Call Trace: [ 464.708585][T11595] [ 464.708597][T11595] dump_stack_lvl+0x100/0x190 [ 464.708645][T11595] should_fail_ex.cold+0x5/0xa [ 464.708680][T11595] should_failslab+0xc2/0x120 [ 464.708717][T11595] __kmalloc_cache_noprof+0x7a/0x6f0 [ 464.708751][T11595] ? register_netdevice+0x50c/0x2210 [ 464.708791][T11595] ? lockdep_init_map_type+0x5c/0x250 [ 464.708829][T11595] register_netdevice+0x50c/0x2210 [ 464.708875][T11595] ? __pfx_register_netdevice+0x10/0x10 [ 464.708916][T11595] ? alloc_netdev_mqs+0x1163/0x14f0 [ 464.708963][T11595] internal_dev_create+0x2d3/0x520 [ 464.709007][T11595] ovs_vport_add+0x147/0x4d0 [ 464.709046][T11595] new_vport+0x16/0x1d0 [ 464.709078][T11595] ovs_dp_cmd_new+0x65d/0xdf0 [ 464.709121][T11595] ? __pfx_ovs_dp_cmd_new+0x10/0x10 [ 464.709159][T11595] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1aa/0x290 [ 464.709190][T11595] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1b4/0x290 [ 464.709229][T11595] genl_family_rcv_msg_doit+0x214/0x300 [ 464.709260][T11595] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 464.709288][T11595] ? genl_get_cmd+0x3ef/0x720 [ 464.709341][T11595] ? bpf_lsm_capable+0x9/0x10 [ 464.709378][T11595] ? security_capable+0x80/0x260 [ 464.709413][T11595] ? ns_capable+0xd2/0xf0 [ 464.709453][T11595] genl_rcv_msg+0x560/0x800 [ 464.709485][T11595] ? __pfx_genl_rcv_msg+0x10/0x10 [ 464.709511][T11595] ? __pfx_ovs_dp_cmd_new+0x10/0x10 [ 464.709561][T11595] netlink_rcv_skb+0x159/0x420 [ 464.709603][T11595] ? __pfx_genl_rcv_msg+0x10/0x10 [ 464.709634][T11595] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 464.709690][T11595] ? netlink_deliver_tap+0x1ae/0xcc0 [ 464.709743][T11595] genl_rcv+0x28/0x40 [ 464.709768][T11595] netlink_unicast+0x5aa/0x870 [ 464.709813][T11595] ? __pfx_netlink_unicast+0x10/0x10 [ 464.709868][T11595] netlink_sendmsg+0x8b0/0xda0 [ 464.709913][T11595] ? __pfx_netlink_sendmsg+0x10/0x10 [ 464.709950][T11595] ? __import_iovec+0x1d2/0x640 [ 464.709994][T11595] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 464.710034][T11595] ____sys_sendmsg+0xa54/0xc30 [ 464.710063][T11595] ? __pfx_____sys_sendmsg+0x10/0x10 [ 464.710095][T11595] ? try_to_wake_up+0x644/0x1a80 [ 464.710141][T11595] ___sys_sendmsg+0x190/0x1e0 [ 464.710176][T11595] ? __pfx____sys_sendmsg+0x10/0x10 [ 464.710204][T11595] ? futex_private_hash_put+0x107/0x1c0 [ 464.710284][T11595] __sys_sendmsg+0x170/0x220 [ 464.710321][T11595] ? __pfx___sys_sendmsg+0x10/0x10 [ 464.710366][T11595] ? __x64_sys_futex+0x34f/0x4d0 [ 464.710412][T11595] do_syscall_64+0x106/0xf80 [ 464.710447][T11595] ? clear_bhb_loop+0x40/0x90 [ 464.710482][T11595] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 464.710508][T11595] RIP: 0033:0x7fd9d599bf79 [ 464.710530][T11595] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 464.710556][T11595] RSP: 002b:00007fd9d3bf6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 464.710580][T11595] RAX: ffffffffffffffda RBX: 00007fd9d5c16090 RCX: 00007fd9d599bf79 [ 464.710597][T11595] RDX: 0000000000000080 RSI: 0000200000000140 RDI: 0000000000000007 [ 464.710613][T11595] RBP: 00007fd9d5a327e0 R08: 0000000000000000 R09: 0000000000000000 [ 464.710629][T11595] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 464.710643][T11595] R13: 00007fd9d5c16128 R14: 00007fd9d5c16090 R15: 00007ffe98cfcd48 [ 464.710678][T11595] [ 468.082875][T11570] delete_channel: no stack [ 470.700994][T11651] netlink: 330 bytes leftover after parsing attributes in process `syz.2.1745'. [ 470.743163][T11651] : renamed from bond_slave_0 (while UP) [ 470.801692][T11651] netlink: 330 bytes leftover after parsing attributes in process `syz.2.1745'. [ 471.990061][T11664] cougar: G6 mapped to space [ 472.219762][T11673] FAULT_INJECTION: forcing a failure. [ 472.219762][T11673] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 472.388625][T11673] CPU: 1 UID: 0 PID: 11673 Comm: syz.2.1754 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 472.388689][T11673] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 472.388706][T11673] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 472.388722][T11673] Call Trace: [ 472.388731][T11673] [ 472.388741][T11673] dump_stack_lvl+0x100/0x190 [ 472.388785][T11673] should_fail_ex.cold+0x5/0xa [ 472.388811][T11673] ? prepare_alloc_pages+0x16d/0x5f0 [ 472.388855][T11673] should_fail_alloc_page+0xeb/0x140 [ 472.388892][T11673] prepare_alloc_pages+0x1f0/0x5f0 [ 472.388937][T11673] __alloc_frozen_pages_noprof+0x19a/0x2ae0 [ 472.388976][T11673] ? rcu_is_watching+0x12/0xc0 [ 472.389010][T11673] ? trace_mm_page_alloc+0x10e/0x160 [ 472.389049][T11673] ? __alloc_frozen_pages_noprof+0x2b3/0x2ae0 [ 472.389088][T11673] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 472.389121][T11673] ? stack_trace_save+0x8e/0xc0 [ 472.389160][T11673] ? stack_depot_save_flags+0x27/0x9d0 [ 472.389201][T11673] ? is_bpf_text_address+0x8a/0x1a0 [ 472.389235][T11673] ? is_bpf_text_address+0x8a/0x1a0 [ 472.389272][T11673] ? kasan_save_stack+0x3f/0x50 [ 472.389303][T11673] ? kasan_save_track+0x14/0x30 [ 472.389335][T11673] ? kmem_cache_alloc_node_noprof+0x25a/0x6f0 [ 472.389363][T11673] ? alloc_vmap_area+0x64d/0x2b80 [ 472.389397][T11673] ? __get_vm_area_node+0x1ca/0x330 [ 472.389434][T11673] ? __vmalloc_node_range_noprof+0x213/0x1530 [ 472.389474][T11673] ? __vmalloc_node_noprof+0xad/0xf0 [ 472.389512][T11673] ? copy_process+0x5ec/0x79b0 [ 472.389536][T11673] ? kernel_clone+0xfc/0x930 [ 472.389560][T11673] ? __do_sys_clone3+0x214/0x290 [ 472.389585][T11673] ? do_syscall_64+0x106/0xf80 [ 472.389646][T11673] alloc_pages_bulk_noprof+0x782/0x1490 [ 472.389693][T11673] ? __pfx_alloc_pages_bulk_noprof+0x10/0x10 [ 472.389740][T11673] ? alloc_pages_noprof+0x233/0x390 [ 472.389779][T11673] __kasan_populate_vmalloc+0xf0/0x210 [ 472.389820][T11673] alloc_vmap_area+0x986/0x2b80 [ 472.389871][T11673] ? __pfx_alloc_vmap_area+0x10/0x10 [ 472.389917][T11673] __get_vm_area_node+0x1ca/0x330 [ 472.389961][T11673] __vmalloc_node_range_noprof+0x213/0x1530 [ 472.390005][T11673] ? kernel_clone+0xfc/0x930 [ 472.390031][T11673] ? local_lock_release+0x99/0x130 [ 472.390079][T11673] ? kernel_clone+0xfc/0x930 [ 472.390107][T11673] ? find_held_lock+0x2b/0x80 [ 472.390143][T11673] ? rcu_read_unlock+0x17/0x60 [ 472.390181][T11673] ? rcu_read_unlock+0x17/0x60 [ 472.390220][T11673] ? obj_cgroup_charge_account+0x46d/0x640 [ 472.390260][T11673] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 472.390305][T11673] ? __memcg_slab_post_alloc_hook+0x51e/0x9a0 [ 472.390364][T11673] ? kernel_clone+0xfc/0x930 [ 472.390391][T11673] __vmalloc_node_noprof+0xad/0xf0 [ 472.390433][T11673] ? kernel_clone+0xfc/0x930 [ 472.390463][T11673] copy_process+0x5ec/0x79b0 [ 472.390490][T11673] ? __pfx___schedule+0x10/0x10 [ 472.390561][T11673] ? __pfx_copy_process+0x10/0x10 [ 472.390600][T11673] ? _copy_from_user+0x59/0xd0 [ 472.390654][T11673] kernel_clone+0xfc/0x930 [ 472.390685][T11673] ? __pfx_kernel_clone+0x10/0x10 [ 472.390711][T11673] ? futex_private_hash_put+0x107/0x1c0 [ 472.390765][T11673] ? __pfx_futex_wake+0x10/0x10 [ 472.390797][T11673] ? find_held_lock+0x2b/0x80 [ 472.390839][T11673] __do_sys_clone3+0x214/0x290 [ 472.390867][T11673] ? __pfx___do_sys_clone3+0x10/0x10 [ 472.390892][T11673] ? trace_sched_exit_tp+0xcd/0x100 [ 472.390931][T11673] ? lockdep_hardirqs_on+0x78/0x100 [ 472.390999][T11673] do_syscall_64+0x106/0xf80 [ 472.391038][T11673] ? clear_bhb_loop+0x40/0x90 [ 472.391071][T11673] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 472.391099][T11673] RIP: 0033:0x7fd9d599bf79 [ 472.391122][T11673] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 472.391150][T11673] RSP: 002b:00007fd9d677cef8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3 [ 472.391175][T11673] RAX: ffffffffffffffda RBX: 0000000000000058 RCX: 00007fd9d599bf79 [ 472.391191][T11673] RDX: 00007fd9d677cf10 RSI: 0000000000000058 RDI: 00007fd9d677cf10 [ 472.391209][T11673] RBP: 00007fd9d5a327e0 R08: 0000000000000000 R09: 0000000000000058 [ 472.391226][T11673] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 472.391243][T11673] R13: 00007fd9d5c16038 R14: 00007fd9d5c15fa0 R15: 00007ffe98cfcd48 [ 472.391281][T11673] [ 472.391599][T11673] syz.2.1754: vmalloc error: size 32768, vm_struct allocation failed, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 473.041353][T11673] CPU: 0 UID: 0 PID: 11673 Comm: syz.2.1754 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 473.041412][T11673] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 473.041427][T11673] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 473.041443][T11673] Call Trace: [ 473.041452][T11673] [ 473.041462][T11673] dump_stack_lvl+0x100/0x190 [ 473.041507][T11673] warn_alloc.cold+0x95/0x1c1 [ 473.041552][T11673] ? __pfx_warn_alloc+0x10/0x10 [ 473.041583][T11673] ? lockdep_hardirqs_on+0x78/0x100 [ 473.041626][T11673] ? __get_vm_area_node+0x2c5/0x330 [ 473.041673][T11673] ? __get_vm_area_node+0x208/0x330 [ 473.041726][T11673] __vmalloc_node_range_noprof+0xbf4/0x1530 [ 473.041769][T11673] ? local_lock_release+0x99/0x130 [ 473.041817][T11673] ? kernel_clone+0xfc/0x930 [ 473.041846][T11673] ? find_held_lock+0x2b/0x80 [ 473.041884][T11673] ? rcu_read_unlock+0x17/0x60 [ 473.041921][T11673] ? rcu_read_unlock+0x17/0x60 [ 473.041957][T11673] ? obj_cgroup_charge_account+0x46d/0x640 [ 473.041996][T11673] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 473.042042][T11673] ? __memcg_slab_post_alloc_hook+0x51e/0x9a0 [ 473.042094][T11673] ? kernel_clone+0xfc/0x930 [ 473.042119][T11673] __vmalloc_node_noprof+0xad/0xf0 [ 473.042161][T11673] ? kernel_clone+0xfc/0x930 [ 473.042190][T11673] copy_process+0x5ec/0x79b0 [ 473.042217][T11673] ? __pfx___schedule+0x10/0x10 [ 473.042267][T11673] ? __pfx_copy_process+0x10/0x10 [ 473.042304][T11673] ? _copy_from_user+0x59/0xd0 [ 473.042350][T11673] kernel_clone+0xfc/0x930 [ 473.042380][T11673] ? __pfx_kernel_clone+0x10/0x10 [ 473.042407][T11673] ? futex_private_hash_put+0x107/0x1c0 [ 473.042462][T11673] ? __pfx_futex_wake+0x10/0x10 [ 473.042492][T11673] ? find_held_lock+0x2b/0x80 [ 473.042536][T11673] __do_sys_clone3+0x214/0x290 [ 473.042564][T11673] ? __pfx___do_sys_clone3+0x10/0x10 [ 473.042589][T11673] ? trace_sched_exit_tp+0xcd/0x100 [ 473.042631][T11673] ? lockdep_hardirqs_on+0x78/0x100 [ 473.042697][T11673] do_syscall_64+0x106/0xf80 [ 473.042742][T11673] ? clear_bhb_loop+0x40/0x90 [ 473.042775][T11673] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 473.042803][T11673] RIP: 0033:0x7fd9d599bf79 [ 473.042827][T11673] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 473.042854][T11673] RSP: 002b:00007fd9d677cef8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3 [ 473.042877][T11673] RAX: ffffffffffffffda RBX: 0000000000000058 RCX: 00007fd9d599bf79 [ 473.042895][T11673] RDX: 00007fd9d677cf10 RSI: 0000000000000058 RDI: 00007fd9d677cf10 [ 473.042913][T11673] RBP: 00007fd9d5a327e0 R08: 0000000000000000 R09: 0000000000000058 [ 473.042930][T11673] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 473.042946][T11673] R13: 00007fd9d5c16038 R14: 00007fd9d5c15fa0 R15: 00007ffe98cfcd48 [ 473.042985][T11673] [ 473.575484][T11673] Mem-Info: [ 473.588190][T11673] active_anon:25091 inactive_anon:0 isolated_anon:0 [ 473.588190][T11673] active_file:19458 inactive_file:54106 isolated_file:0 [ 473.588190][T11673] unevictable:768 dirty:425 writeback:0 [ 473.588190][T11673] slab_reclaimable:15370 slab_unreclaimable:89746 [ 473.588190][T11673] mapped:31039 shmem:15893 pagetables:1282 [ 473.588190][T11673] sec_pagetables:0 bounce:0 [ 473.588190][T11673] kernel_misc_reclaimable:0 [ 473.588190][T11673] free:1282647 free_pcp:18098 free_cma:0 [ 473.817689][T11673] Node 0 active_anon:107564kB inactive_anon:0kB active_file:77832kB inactive_file:216224kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:141448kB dirty:1716kB writeback:0kB shmem:69060kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:11428kB pagetables:5020kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 474.074309][T11673] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:32kB pagetables:192kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 474.074391][T11673] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 474.074472][T11673] lowmem_reserve[]: 0 2479 2480 2480 2480 [ 474.074525][T11673] Node 0 DMA32 free:1186136kB boost:0kB min:34316kB low:42892kB high:51468kB reserved_highatomic:0KB free_highatomic:0KB active_anon:110792kB inactive_anon:0kB active_file:77832kB inactive_file:216224kB unevictable:1536kB writepending:1716kB zspages:0kB present:3129332kB managed:2538564kB mlocked:0kB bounce:0kB free_pcp:39524kB local_pcp:17780kB free_cma:0kB [ 474.074610][T11673] lowmem_reserve[]: 0 0 1 1 1 [ 474.074668][T11673] Node 0 Normal free:0kB boost:0kB min:12kB low:12kB high:12kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:1096kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 474.074749][T11673] lowmem_reserve[]: 0 0 0 0 0 [ 474.074801][T11673] Node 1 Normal free:3924584kB boost:0kB min:55572kB low:69464kB high:83356kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:4kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:26284kB local_pcp:16336kB free_cma:0kB [ 474.074884][T11673] lowmem_reserve[]: 0 0 0 0 0 [ 474.074941][T11673] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 474.075111][T11673] Node 0 DMA32: 1277*4kB (UE) 1686*8kB (UE) 446*16kB (UE) 485*32kB (UME) 520*64kB (UME) 376*128kB (UME) 218*256kB (UM) 63*512kB (UM) 36*1024kB (UME) 22*2048kB (UM) 218*4096kB (M) = 1185572kB [ 474.075349][T11673] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 474.075493][T11673] Node 1 Normal: 10*4kB (UM) 10*8kB (U) 13*16kB (UME) 15*32kB (U) 13*64kB (UME) 10*128kB (UE) 7*256kB (UME) 8*512kB (UE) 4*1024kB (UM) 4*2048kB (UE) 953*4096kB (UM) = 3924584kB [ 474.596781][T11673] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 474.616937][T11673] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 474.682867][T11673] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 474.758015][T11679] Process accounting paused [ 474.839230][T11673] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 475.001002][T11673] 95109 total pagecache pages [ 475.005727][T11673] 0 pages in swap cache [ 475.009894][T11673] Free swap = 124996kB [ 475.053837][T11673] Total swap = 124996kB [ 475.058056][T11673] 2097051 pages RAM [ 475.108474][T11673] 0 pages HighMem/MovableOnly [ 475.130309][T11673] 430521 pages reserved [ 475.130329][T11673] 0 pages cma reserved [ 476.405093][T11700] netlink: 'syz.1.1762': attribute type 10 has an invalid length. [ 476.453451][T11700] netlink: 330 bytes leftover after parsing attributes in process `syz.1.1762'. [ 480.014709][T11722] Process accounting paused [ 480.864619][T11748] zswap: compressor not available [ 484.616288][ T51] Bluetooth: hci1: ACL packet for unknown connection handle 0 [ 484.703399][T11782] netlink: 62 bytes leftover after parsing attributes in process `syz.1.1782'. [ 484.779824][T11782] netlink: 62 bytes leftover after parsing attributes in process `syz.1.1782'. [ 484.827632][T11782] netlink: 62 bytes leftover after parsing attributes in process `syz.1.1782'. [ 484.862424][T11782] netlink: 62 bytes leftover after parsing attributes in process `syz.1.1782'. [ 484.907652][T11782] netlink: 62 bytes leftover after parsing attributes in process `syz.1.1782'. [ 484.976122][T11782] netlink: 62 bytes leftover after parsing attributes in process `syz.1.1782'. [ 484.988232][T11782] netlink: 62 bytes leftover after parsing attributes in process `syz.1.1782'. [ 484.997904][T11782] netlink: 62 bytes leftover after parsing attributes in process `syz.1.1782'. [ 485.080149][T11782] netlink: 62 bytes leftover after parsing attributes in process `syz.1.1782'. [ 485.118767][T11782] netlink: 62 bytes leftover after parsing attributes in process `syz.1.1782'. [ 485.647216][T11799] FAULT_INJECTION: forcing a failure. [ 485.647216][T11799] name failslab, interval 1, probability 0, space 0, times 0 [ 485.706441][T11799] CPU: 0 UID: 0 PID: 11799 Comm: syz.0.1786 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 485.706507][T11799] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 485.706524][T11799] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 485.706541][T11799] Call Trace: [ 485.706550][T11799] [ 485.706561][T11799] dump_stack_lvl+0x100/0x190 [ 485.706608][T11799] should_fail_ex.cold+0x5/0xa [ 485.706641][T11799] should_failslab+0xc2/0x120 [ 485.706680][T11799] __kmalloc_cache_noprof+0x7a/0x6f0 [ 485.706707][T11799] ? kernfs_fop_open+0x9f4/0xd50 [ 485.706749][T11799] kernfs_fop_open+0x9f4/0xd50 [ 485.706793][T11799] do_dentry_open+0x6d8/0x1660 [ 485.706828][T11799] ? __pfx_kernfs_fop_open+0x10/0x10 [ 485.706870][T11799] vfs_open+0x82/0x3f0 [ 485.706915][T11799] path_openat+0x208c/0x31a0 [ 485.706966][T11799] ? __pfx_path_openat+0x10/0x10 [ 485.707016][T11799] do_file_open+0x20e/0x430 [ 485.707066][T11799] ? __pfx_do_file_open+0x10/0x10 [ 485.707132][T11799] ? alloc_fd+0x476/0x790 [ 485.707170][T11799] ? do_getname+0x191/0x390 [ 485.707216][T11799] do_sys_openat2+0x10d/0x1e0 [ 485.707243][T11799] ? __pfx_do_sys_openat2+0x10/0x10 [ 485.707299][T11799] __x64_sys_openat+0x12d/0x210 [ 485.707327][T11799] ? __pfx___x64_sys_openat+0x10/0x10 [ 485.707353][T11799] ? ksys_write+0x1ac/0x250 [ 485.707399][T11799] do_syscall_64+0x106/0xf80 [ 485.707439][T11799] ? clear_bhb_loop+0x40/0x90 [ 485.707473][T11799] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 485.707501][T11799] RIP: 0033:0x7f1f4d79bf79 [ 485.707525][T11799] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 485.707552][T11799] RSP: 002b:00007f1f4e65d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 485.707578][T11799] RAX: ffffffffffffffda RBX: 00007f1f4da15fa0 RCX: 00007f1f4d79bf79 [ 485.707596][T11799] RDX: 0000000000183841 RSI: 0000200000000280 RDI: ffffffffffffff9c [ 485.707613][T11799] RBP: 00007f1f4d8327e0 R08: 0000000000000000 R09: 0000000000000000 [ 485.707630][T11799] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 485.707646][T11799] R13: 00007f1f4da16038 R14: 00007f1f4da15fa0 R15: 00007ffdc76dbce8 [ 485.707685][T11799] [ 486.569752][T11807] zswap: compressor not available [ 488.202995][T11825] FAULT_INJECTION: forcing a failure. [ 488.202995][T11825] name failslab, interval 1, probability 0, space 0, times 0 [ 488.232170][T11825] CPU: 1 UID: 0 PID: 11825 Comm: syz.3.1794 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 488.232233][T11825] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 488.232248][T11825] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 488.232264][T11825] Call Trace: [ 488.232273][T11825] [ 488.232284][T11825] dump_stack_lvl+0x100/0x190 [ 488.232330][T11825] should_fail_ex.cold+0x5/0xa [ 488.232359][T11825] should_failslab+0xc2/0x120 [ 488.232396][T11825] __kmalloc_node_track_caller_noprof+0xe3/0x850 [ 488.232433][T11825] ? kasprintf+0xc7/0x100 [ 488.232483][T11825] kvasprintf+0xbc/0x150 [ 488.232524][T11825] ? __pfx_kvasprintf+0x10/0x10 [ 488.232567][T11825] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 488.232605][T11825] ? lockdep_hardirqs_on+0x78/0x100 [ 488.232644][T11825] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 488.232687][T11825] kasprintf+0xc7/0x100 [ 488.232726][T11825] ? __pfx_kasprintf+0x10/0x10 [ 488.232786][T11825] ieee80211_alloc_led_names+0x11b/0x420 [ 488.232836][T11825] ieee80211_alloc_hw_nm+0x1934/0x22a0 [ 488.232888][T11825] mac80211_hwsim_new_radio+0x1e1/0x57d0 [ 488.232938][T11825] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 488.232982][T11825] ? __nla_validate_parse+0x1e7/0x28b0 [ 488.233014][T11825] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 488.233064][T11825] hwsim_new_radio_nl+0xc1f/0x1340 [ 488.233100][T11825] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 488.233143][T11825] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1aa/0x290 [ 488.233173][T11825] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1b4/0x290 [ 488.233209][T11825] genl_family_rcv_msg_doit+0x214/0x300 [ 488.233243][T11825] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 488.233270][T11825] ? genl_get_cmd+0x3ef/0x720 [ 488.233319][T11825] ? bpf_lsm_capable+0x9/0x10 [ 488.233356][T11825] ? security_capable+0x80/0x260 [ 488.233392][T11825] ? ns_capable+0xd2/0xf0 [ 488.233434][T11825] genl_rcv_msg+0x560/0x800 [ 488.233466][T11825] ? __pfx_genl_rcv_msg+0x10/0x10 [ 488.233493][T11825] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 488.233537][T11825] netlink_rcv_skb+0x159/0x420 [ 488.233575][T11825] ? __pfx_genl_rcv_msg+0x10/0x10 [ 488.233605][T11825] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 488.233662][T11825] ? netlink_deliver_tap+0x1ae/0xcc0 [ 488.233706][T11825] genl_rcv+0x28/0x40 [ 488.233730][T11825] netlink_unicast+0x5aa/0x870 [ 488.233776][T11825] ? __pfx_netlink_unicast+0x10/0x10 [ 488.233830][T11825] netlink_sendmsg+0x8b0/0xda0 [ 488.233878][T11825] ? __pfx_netlink_sendmsg+0x10/0x10 [ 488.233917][T11825] ? __import_iovec+0x1d2/0x640 [ 488.233963][T11825] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 488.234003][T11825] ____sys_sendmsg+0xa54/0xc30 [ 488.234044][T11825] ? __pfx_____sys_sendmsg+0x10/0x10 [ 488.234083][T11825] ? __pfx_futex_wake_mark+0x10/0x10 [ 488.234126][T11825] ___sys_sendmsg+0x190/0x1e0 [ 488.234161][T11825] ? __pfx____sys_sendmsg+0x10/0x10 [ 488.234236][T11825] __sys_sendmsg+0x170/0x220 [ 488.234276][T11825] ? __pfx___sys_sendmsg+0x10/0x10 [ 488.234311][T11825] ? __x64_sys_futex+0x34f/0x4d0 [ 488.234363][T11825] do_syscall_64+0x106/0xf80 [ 488.234400][T11825] ? clear_bhb_loop+0x40/0x90 [ 488.234432][T11825] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 488.234460][T11825] RIP: 0033:0x7f567cf9bf79 [ 488.234484][T11825] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 488.234511][T11825] RSP: 002b:00007f567de02028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 488.234538][T11825] RAX: ffffffffffffffda RBX: 00007f567d215fa0 RCX: 00007f567cf9bf79 [ 488.234557][T11825] RDX: 0000000000008000 RSI: 0000200000000200 RDI: 0000000000000006 [ 488.234575][T11825] RBP: 00007f567d0327e0 R08: 0000000000000000 R09: 0000000000000000 [ 488.234591][T11825] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 488.234607][T11825] R13: 00007f567d216038 R14: 00007f567d215fa0 R15: 00007ffe563c8278 [ 488.234646][T11825] [ 493.161711][T11880] __nla_validate_parse: 7 callbacks suppressed [ 493.161733][T11880] netlink: 98 bytes leftover after parsing attributes in process `syz.3.1809'. [ 493.787496][T11894] netlink: 350 bytes leftover after parsing attributes in process `syz.2.1811'. [ 500.869615][T11973] WARNING! power/level is deprecated; use power/control instead [ 504.837978][ T1295] ieee802154 phy0 wpan0: encryption failed: -22 [ 504.844632][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 505.034403][T11893] Process accounting resumed [ 510.480825][T12084] netlink: 504 bytes leftover after parsing attributes in process `syz.2.1859'. [ 510.539282][T12084] netlink: 350 bytes leftover after parsing attributes in process `syz.2.1859'. [ 512.637997][T12094] nvme_fabrics: missing parameter 'transport=%s' [ 512.749416][T12094] nvme_fabrics: missing parameter 'nqn=%s' [ 512.937715][T12072] Process accounting resumed [ 513.668604][T12116] netlink: 'syz.1.1865': attribute type 4 has an invalid length. [ 513.785569][T12116] netlink: 'syz.1.1865': attribute type 5 has an invalid length. [ 513.874733][T12116] netlink: 10 bytes leftover after parsing attributes in process `syz.1.1865'. [ 516.230798][T12129] HfR: entered promiscuous mode [ 523.117865][T12212] netlink: 'syz.2.1889': attribute type 2 has an invalid length. [ 523.125946][T12212] netlink: 'syz.2.1889': attribute type 3 has an invalid length. [ 523.135855][T12212] netlink: 158 bytes leftover after parsing attributes in process `syz.2.1889'. [ 523.162229][ T29] audit: type=1800 audit(2147483747.497:10): pid=12210 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.1889" name="dbroot" dev="configfs" ino=342878 res=0 errno=0 [ 523.191940][T12212] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1889'. [ 523.670335][T12220] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1893'. [ 523.681107][T12220] netlink: 354 bytes leftover after parsing attributes in process `syz.2.1893'. [ 524.331732][ T51] Bluetooth: hci1: unexpected event 0x3e length: 726 > 260 [ 524.331771][ T51] Bluetooth: hci1: unexpected subevent 0x03 length: 725 > 9 [ 524.351606][T12218] zswap: compressor not available [ 525.441154][T12242] netlink: 330 bytes leftover after parsing attributes in process `syz.0.1895'. [ 529.372764][T12295] FAULT_INJECTION: forcing a failure. [ 529.372764][T12295] name fail_futex, interval 1, probability 0, space 0, times 0 [ 529.438263][T12295] CPU: 0 UID: 0 PID: 12295 Comm: syz.2.1905 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 529.438327][T12295] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 529.438341][T12295] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 529.438358][T12295] Call Trace: [ 529.438366][T12295] [ 529.438377][T12295] dump_stack_lvl+0x100/0x190 [ 529.438422][T12295] should_fail_ex.cold+0x5/0xa [ 529.438454][T12295] get_futex_key+0x1d2/0x1620 [ 529.438502][T12295] ? __pfx_get_futex_key+0x10/0x10 [ 529.438544][T12295] ? futex_hash+0x2c5/0x380 [ 529.438599][T12295] futex_wake+0xea/0x530 [ 529.438633][T12295] ? __pfx_futex_wait+0x10/0x10 [ 529.438668][T12295] ? __pfx_futex_wake+0x10/0x10 [ 529.438707][T12295] ? ksys_write+0x190/0x250 [ 529.438740][T12295] ? ksys_write+0x190/0x250 [ 529.438781][T12295] do_futex+0x32b/0x350 [ 529.438810][T12295] ? __pfx_do_futex+0x10/0x10 [ 529.438840][T12295] ? cap_task_prctl+0x104/0xa50 [ 529.438875][T12295] ? __pfx_sched_core_share_pid+0x10/0x10 [ 529.438923][T12295] __x64_sys_futex+0x34f/0x4d0 [ 529.438958][T12295] ? __pfx___x64_sys_futex+0x10/0x10 [ 529.438989][T12295] ? __pfx___do_sys_prctl+0x10/0x10 [ 529.439034][T12295] do_syscall_64+0x106/0xf80 [ 529.439074][T12295] ? clear_bhb_loop+0x40/0x90 [ 529.439108][T12295] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 529.439137][T12295] RIP: 0033:0x7fd9d599bf79 [ 529.439160][T12295] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 529.439195][T12295] RSP: 002b:00007fd9d3bf60e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 529.439224][T12295] RAX: ffffffffffffffda RBX: 00007fd9d5c16098 RCX: 00007fd9d599bf79 [ 529.439244][T12295] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fd9d5c1609c [ 529.439262][T12295] RBP: 00007fd9d5c16090 R08: 0000000000000000 R09: 0000000000000000 [ 529.439280][T12295] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000 [ 529.439297][T12295] R13: 00007fd9d5c16128 R14: 00007ffe98cfcc60 R15: 00007ffe98cfcd48 [ 529.439335][T12295] [ 535.738976][T12329] Process accounting paused [ 536.708035][T12345] could not allocate digest TFM handle [ 537.531709][T12366] netlink: 17 bytes leftover after parsing attributes in process `syz.2.1927'. [ 540.716767][T12404] zram0: detected capacity change from 0 to 8 [ 541.120641][T12411] netlink: 2468 bytes leftover after parsing attributes in process `syz.2.1940'. [ 543.834016][T12442] Dead loop on virtual device ip6_vti0, fix it urgently! [ 543.845645][T12442] Dead loop on virtual device ip6_vti0, fix it urgently! [ 543.923366][T12442] Dead loop on virtual device ip6_vti0, fix it urgently! [ 543.998833][T12442] Dead loop on virtual device ip6_vti0, fix it urgently! [ 544.087090][T12442] Dead loop on virtual device ip6_vti0, fix it urgently! [ 544.161781][T12442] Dead loop on virtual device ip6_vti0, fix it urgently! [ 546.188699][T12458] FAULT_INJECTION: forcing a failure. [ 546.188699][T12458] name failslab, interval 1, probability 0, space 0, times 0 [ 546.262080][T12458] CPU: 0 UID: 0 PID: 12458 Comm: syz.0.1951 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 546.262118][T12458] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 546.262127][T12458] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 546.262137][T12458] Call Trace: [ 546.262142][T12458] [ 546.262149][T12458] dump_stack_lvl+0x100/0x190 [ 546.262175][T12458] should_fail_ex.cold+0x5/0xa [ 546.262193][T12458] should_failslab+0xc2/0x120 [ 546.262214][T12458] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 546.262232][T12458] ? dup_fd+0x4d/0xd10 [ 546.262253][T12458] dup_fd+0x4d/0xd10 [ 546.262274][T12458] ? apparmor_task_alloc+0x2c1/0x3b0 [ 546.262295][T12458] copy_process+0x2631/0x79b0 [ 546.262319][T12458] ? __pfx_copy_process+0x10/0x10 [ 546.262343][T12458] kernel_clone+0xfc/0x930 [ 546.262357][T12458] ? __pfx_futex_wait+0x10/0x10 [ 546.262377][T12458] ? __pfx_kernel_clone+0x10/0x10 [ 546.262402][T12458] __do_sys_clone+0xd9/0x120 [ 546.262417][T12458] ? __pfx___do_sys_clone+0x10/0x10 [ 546.262431][T12458] ? __fget_files+0x21f/0x3d0 [ 546.262455][T12458] ? xfd_validate_state+0x129/0x190 [ 546.262479][T12458] do_syscall_64+0x106/0xf80 [ 546.262500][T12458] ? clear_bhb_loop+0x40/0x90 [ 546.262518][T12458] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 546.262533][T12458] RIP: 0033:0x7f1f4d79bf79 [ 546.262546][T12458] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 546.262560][T12458] RSP: 002b:00007f1f4e65cfd8 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 546.262575][T12458] RAX: ffffffffffffffda RBX: 00007f1f4da15fa0 RCX: 00007f1f4d79bf79 [ 546.262584][T12458] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 546.262593][T12458] RBP: 00007f1f4d8327e0 R08: 0000000000000000 R09: 0000000000000000 [ 546.262602][T12458] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 546.262611][T12458] R13: 00007f1f4da16038 R14: 00007f1f4da15fa0 R15: 00007ffdc76dbce8 [ 546.262631][T12458] [ 546.568912][T12435] Process accounting paused [ 547.154736][T12466] netlink: 9 bytes leftover after parsing attributes in process `syz.0.1953'. [ 548.789754][T12479] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 548.795809][T12479] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 549.078881][T12479] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 549.085005][T12479] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 549.155556][T12479] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 549.161599][T12479] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 549.727903][T12497] openvswitch: netlink: IP tunnel TTL not specified. [ 550.279477][ T51] Bluetooth: hci0: command 0x0c1a tx timeout [ 551.076957][ T51] Bluetooth: hci1: command 0x0c1a tx timeout [ 551.082995][ T51] Bluetooth: hci3: command 0x0c1a tx timeout [ 551.156079][ T51] Bluetooth: hci2: command 0x0406 tx timeout [ 552.364551][T12513] Bluetooth: hci0: command 0x0c1a tx timeout [ 553.224637][T12513] Bluetooth: hci2: command 0x0406 tx timeout [ 553.370666][T12520] netlink: 354 bytes leftover after parsing attributes in process `syz.0.1968'. [ 554.549699][T12537] netlink: 330 bytes leftover after parsing attributes in process `syz.2.1970'. [ 555.394914][T12547] Dead loop on virtual device ip6_vti0, fix it urgently! [ 555.492947][T12547] Dead loop on virtual device ip6_vti0, fix it urgently! [ 555.552482][T12547] Dead loop on virtual device ip6_vti0, fix it urgently! [ 555.623396][T12547] Dead loop on virtual device ip6_vti0, fix it urgently! [ 555.708462][T12547] Dead loop on virtual device ip6_vti0, fix it urgently! [ 555.776001][T12547] Dead loop on virtual device ip6_vti0, fix it urgently! [ 556.131829][T12556] Format for adding new device is "id port_count num_queues" (uint uint unit). [ 556.745957][T12562] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1980'. [ 556.769786][T12565] netlink: 25 bytes leftover after parsing attributes in process `syz.3.1980'. [ 557.676795][T12580] : Can't lookup blockdev [ 559.641162][T12600] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1990'. [ 559.732015][T12600] netlink: 'syz.2.1990': attribute type 1 has an invalid length. [ 559.793918][T12600] netlink: 'syz.2.1990': attribute type 6 has an invalid length. [ 560.952178][T12610] netlink: 504 bytes leftover after parsing attributes in process `syz.1.1992'. [ 561.109023][T12608] netlink: 350 bytes leftover after parsing attributes in process `syz.1.1992'. [ 563.494111][T12633] netlink: 330 bytes leftover after parsing attributes in process `syz.1.1999'. [ 564.352758][T12639] netlink: 25 bytes leftover after parsing attributes in process `syz.3.2001'. [ 565.966903][ T1295] ieee802154 phy0 wpan0: encryption failed: -22 [ 565.980536][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 565.987176][T12632] Process accounting resumed [ 567.575372][T12661] FAULT_INJECTION: forcing a failure. [ 567.575372][T12661] name failslab, interval 1, probability 0, space 0, times 0 [ 567.663087][T12661] CPU: 0 UID: 0 PID: 12661 Comm: syz.3.2008 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 567.663150][T12661] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 567.663166][T12661] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 567.663182][T12661] Call Trace: [ 567.663191][T12661] [ 567.663201][T12661] dump_stack_lvl+0x100/0x190 [ 567.663248][T12661] should_fail_ex.cold+0x5/0xa [ 567.663280][T12661] ? ieee80211_register_hw+0x15a1/0x4140 [ 567.663308][T12661] should_failslab+0xc2/0x120 [ 567.663349][T12661] __kmalloc_noprof+0xe0/0x850 [ 567.663381][T12661] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 567.663428][T12661] ieee80211_register_hw+0x15a1/0x4140 [ 567.663474][T12661] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 567.663503][T12661] ? __pfx___debug_object_init+0x10/0x10 [ 567.663547][T12661] ? find_held_lock+0x2b/0x80 [ 567.663586][T12661] ? net_generic+0xea/0x2a0 [ 567.663629][T12661] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 567.663670][T12661] ? __hrtimer_setup+0x178/0x280 [ 567.663705][T12661] mac80211_hwsim_new_radio+0x2847/0x57d0 [ 567.663763][T12661] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 567.663808][T12661] hwsim_new_radio_nl+0xc1f/0x1340 [ 567.663853][T12661] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 567.663899][T12661] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1aa/0x290 [ 567.663931][T12661] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1b4/0x290 [ 567.663969][T12661] genl_family_rcv_msg_doit+0x214/0x300 [ 567.664003][T12661] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 567.664032][T12661] ? genl_get_cmd+0x3ef/0x720 [ 567.664089][T12661] ? bpf_lsm_capable+0x9/0x10 [ 567.664127][T12661] ? security_capable+0x80/0x260 [ 567.664163][T12661] ? ns_capable+0xd2/0xf0 [ 567.664207][T12661] genl_rcv_msg+0x560/0x800 [ 567.664241][T12661] ? __pfx_genl_rcv_msg+0x10/0x10 [ 567.664271][T12661] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 567.664318][T12661] netlink_rcv_skb+0x159/0x420 [ 567.664362][T12661] ? __pfx_genl_rcv_msg+0x10/0x10 [ 567.664394][T12661] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 567.664451][T12661] ? netlink_deliver_tap+0x1ae/0xcc0 [ 567.664498][T12661] genl_rcv+0x28/0x40 [ 567.664522][T12661] netlink_unicast+0x5aa/0x870 [ 567.664569][T12661] ? __pfx_netlink_unicast+0x10/0x10 [ 567.664626][T12661] netlink_sendmsg+0x8b0/0xda0 [ 567.664675][T12661] ? __pfx_netlink_sendmsg+0x10/0x10 [ 567.664715][T12661] ? __import_iovec+0x1d2/0x640 [ 567.664762][T12661] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 567.664803][T12661] ____sys_sendmsg+0xa54/0xc30 [ 567.664842][T12661] ? __pfx_____sys_sendmsg+0x10/0x10 [ 567.664881][T12661] ? __pfx_futex_wake_mark+0x10/0x10 [ 567.664924][T12661] ___sys_sendmsg+0x190/0x1e0 [ 567.664959][T12661] ? __pfx____sys_sendmsg+0x10/0x10 [ 567.665038][T12661] __sys_sendmsg+0x170/0x220 [ 567.665079][T12661] ? __pfx___sys_sendmsg+0x10/0x10 [ 567.665118][T12661] ? __x64_sys_futex+0x34f/0x4d0 [ 567.665172][T12661] do_syscall_64+0x106/0xf80 [ 567.665211][T12661] ? clear_bhb_loop+0x40/0x90 [ 567.665246][T12661] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 567.665275][T12661] RIP: 0033:0x7f567cf9bf79 [ 567.665300][T12661] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 567.665326][T12661] RSP: 002b:00007f567de02028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 567.665353][T12661] RAX: ffffffffffffffda RBX: 00007f567d215fa0 RCX: 00007f567cf9bf79 [ 567.665372][T12661] RDX: 0000000000008000 RSI: 0000200000000200 RDI: 0000000000000007 [ 567.665389][T12661] RBP: 00007f567d0327e0 R08: 0000000000000000 R09: 0000000000000000 [ 567.665406][T12661] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 567.665422][T12661] R13: 00007f567d216038 R14: 00007f567d215fa0 R15: 00007ffe563c8278 [ 567.665460][T12661] [ 572.476957][T12708] : Can't lookup blockdev [ 577.309187][T12738] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2025'. [ 577.395752][T12719] Process accounting resumed [ 578.185496][T12749] vivid-009: ================= START STATUS ================= [ 578.193698][T12749] vivid-009: Radio HW Seek Mode: Bounded [ 578.232189][T12749] vivid-009: Radio Programmable HW Seek: false [ 578.242302][T12749] vivid-009: RDS Rx I/O Mode: Block I/O [ 578.260453][T12743] HfR: entered promiscuous mode [ 578.268529][T12749] vivid-009: Generate RBDS Instead of RDS: false [ 578.278659][T12749] vivid-009: RDS Reception: true [ 578.283610][T12749] vivid-009: RDS Program Type: 0 inactive [ 578.311784][T12749] vivid-009: RDS PS Name: inactive [ 578.344920][T12749] vivid-009: RDS Radio Text: inactive [ 578.350461][T12749] vivid-009: RDS Traffic Announcement: false inactive [ 578.466502][T12749] vivid-009: RDS Traffic Program: false inactive [ 578.497001][T12749] vivid-009: RDS Music: false inactive [ 578.517122][T12749] vivid-009: ================== END STATUS ================== [ 578.559000][T12738] i: entered promiscuous mode [ 585.915414][T12813] futex_wake_op: syz.3.2041 tries to shift op by -2048; fix this program [ 585.955356][T12813] futex_wake_op: syz.3.2041 tries to shift op by -2048; fix this program [ 589.654722][T12850] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2050'. [ 589.687748][T12850] veth1_macvtap: entered allmulticast mode [ 590.881603][T12859] FAULT_INJECTION: forcing a failure. [ 590.881603][T12859] name failslab, interval 1, probability 0, space 0, times 0 [ 590.958107][T12859] CPU: 1 UID: 0 PID: 12859 Comm: syz.0.2054 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 590.958169][T12859] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 590.958185][T12859] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 590.958202][T12859] Call Trace: [ 590.958212][T12859] [ 590.958223][T12859] dump_stack_lvl+0x100/0x190 [ 590.958271][T12859] should_fail_ex.cold+0x5/0xa [ 590.958305][T12859] should_failslab+0xc2/0x120 [ 590.958344][T12859] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 590.958377][T12859] ? acpi_ut_create_generic_state+0x61/0xc0 [ 590.958420][T12859] ? __pfx_acpi_ut_trace+0x10/0x10 [ 590.958468][T12859] acpi_ut_create_generic_state+0x61/0xc0 [ 590.958509][T12859] acpi_ps_init_scope+0x3a/0x240 [ 590.958554][T12859] acpi_ds_init_aml_walk+0x1f6/0x680 [ 590.958602][T12859] acpi_ps_execute_method+0x39d/0xe90 [ 590.958656][T12859] acpi_ns_evaluate+0x640/0x1670 [ 590.958694][T12859] acpi_evaluate_object+0x420/0xe00 [ 590.958730][T12859] ? kasan_save_stack+0x30/0x50 [ 590.958761][T12859] ? kasan_save_track+0x14/0x30 [ 590.958810][T12859] ? __pfx_acpi_evaluate_object+0x10/0x10 [ 590.958853][T12859] ? __pfx___might_resched+0x10/0x10 [ 590.958896][T12859] acpi_evaluate_integer+0xdf/0x220 [ 590.958930][T12859] ? __pfx_acpi_evaluate_integer+0x10/0x10 [ 590.958978][T12859] ? __pfx_status_show+0x10/0x10 [ 590.959013][T12859] status_show+0xa0/0x120 [ 590.959049][T12859] ? __pfx_status_show+0x10/0x10 [ 590.959096][T12859] dev_attr_show+0x52/0xa0 [ 590.959137][T12859] ? __pfx_dev_attr_show+0x10/0x10 [ 590.959175][T12859] sysfs_kf_seq_show+0x217/0x3a0 [ 590.959222][T12859] seq_read_iter+0x32f/0x1270 [ 590.959272][T12859] kernfs_fop_read_iter+0x46c/0x610 [ 590.959307][T12859] ? rw_verify_area+0xce/0x6d0 [ 590.959337][T12859] ? __pfx_kernfs_fop_read_iter+0x10/0x10 [ 590.959373][T12859] vfs_read+0x825/0xb30 [ 590.959410][T12859] ? __pfx_vfs_read+0x10/0x10 [ 590.959467][T12859] ksys_read+0x12a/0x250 [ 590.959501][T12859] ? __pfx_ksys_read+0x10/0x10 [ 590.959547][T12859] do_syscall_64+0x106/0xf80 [ 590.959587][T12859] ? clear_bhb_loop+0x40/0x90 [ 590.959622][T12859] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 590.959651][T12859] RIP: 0033:0x7f1f4d79bf79 [ 590.959676][T12859] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 590.959704][T12859] RSP: 002b:00007f1f4e65d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 590.959732][T12859] RAX: ffffffffffffffda RBX: 00007f1f4da15fa0 RCX: 00007f1f4d79bf79 [ 590.959751][T12859] RDX: 000000000000007a RSI: 0000200000000240 RDI: 0000000000000005 [ 590.959769][T12859] RBP: 00007f1f4d8327e0 R08: 0000000000000000 R09: 0000000000000000 [ 590.959794][T12859] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 590.959811][T12859] R13: 00007f1f4da16038 R14: 00007f1f4da15fa0 R15: 00007ffdc76dbce8 [ 590.959852][T12859] [ 592.767105][T12880] netlink: 9 bytes leftover after parsing attributes in process `syz.2.2058'. [ 596.695746][T12912] Process accounting paused [ 605.957544][T12999] hub 1-0:1.0: USB hub found [ 606.032762][T12999] hub 1-0:1.0: 1 port detected [ 607.437436][T13013] Process accounting paused [ 607.643505][T13029] netlink: 'syz.3.2098': attribute type 12 has an invalid length. [ 613.370684][T13089] netlink: 186 bytes leftover after parsing attributes in process `syz.3.2114'. [ 615.015613][T13115] futex_wake_op: syz.2.2122 tries to shift op by -2048; fix this program [ 615.218376][T13115] futex_wake_op: syz.2.2122 tries to shift op by -2048; fix this program [ 616.549781][T13134] netlink: 'syz.2.2130': attribute type 3 has an invalid length. [ 616.636740][T13134] netlink: 306 bytes leftover after parsing attributes in process `syz.2.2130'. [ 623.791979][ T29] audit: type=1800 audit(2147483848.661:11): pid=13206 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.2147" name="features" dev="configfs" ino=438935 res=0 errno=0 [ 623.856394][T13204] netlink: 330 bytes leftover after parsing attributes in process `syz.3.2145'. [ 624.699564][T13215] openvswitch: netlink: IP tunnel attribute has 4 unknown bytes. [ 626.760307][T13218] Process accounting resumed [ 627.085051][ T1295] ieee802154 phy0 wpan0: encryption failed: -22 [ 627.091745][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 628.705495][T13255] netlink: 62 bytes leftover after parsing attributes in process `syz.2.2161'. [ 629.656540][T13259] Invalid ELF header magic: != ELF [ 630.055223][ T29] audit: type=1326 audit(2147483854.953:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13266 comm="syz.3.2165" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f567cf9bf79 code=0x0 [ 631.860045][T13302] random: crng reseeded on system resumption [ 632.029441][T13292] HSR: entered promiscuous mode [ 632.472176][T13310] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2173'. [ 634.334814][T13331] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2180'. [ 634.377934][T13331] netlink: 354 bytes leftover after parsing attributes in process `syz.1.2180'. [ 636.888417][T12513] Bluetooth: hci2: Malformed Event: 0x13 [ 637.803899][T13353] Process accounting resumed [ 640.890016][T13411] netlink: 13 bytes leftover after parsing attributes in process `syz.2.2200'. [ 641.185879][T13401] kexec: Could not allocate control_code_buffer [ 641.601776][T13417] vcan0: tx drop: invalid sa for name 0x00000000000000fd [ 641.684940][ T1295] ieee802154 phy0 wpan0: encryption failed: -22 [ 641.694801][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 643.237621][T13437] netlink: 'syz.3.2209': attribute type 4 has an invalid length. [ 643.245381][T13437] netlink: 314 bytes leftover after parsing attributes in process `syz.3.2209'. [ 643.347586][T13437] IPv6: NLM_F_CREATE should be specified when creating new route [ 645.848186][T13455] ecryptfs_miscdev_write: Invalid packet size [192] [ 646.442681][T13458] Invalid ELF header magic: != ELF [ 648.534343][ T1295] ieee802154 phy0 wpan0: encryption failed: -22 [ 648.540771][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 649.656225][T13492] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2221'. [ 654.222706][T13530] FAULT_INJECTION: forcing a failure. [ 654.222706][T13530] name failslab, interval 1, probability 0, space 0, times 0 [ 654.318612][T13530] CPU: 0 UID: 0 PID: 13530 Comm: syz.3.2230 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 654.318681][T13530] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 654.318696][T13530] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 654.318713][T13530] Call Trace: [ 654.318722][T13530] [ 654.318733][T13530] dump_stack_lvl+0x100/0x190 [ 654.318780][T13530] should_fail_ex.cold+0x5/0xa [ 654.318811][T13530] ? acpi_ns_get_normalized_pathname+0x95/0x250 [ 654.318842][T13530] should_failslab+0xc2/0x120 [ 654.318879][T13530] __kmalloc_noprof+0xe0/0x850 [ 654.318919][T13530] acpi_ns_get_normalized_pathname+0x95/0x250 [ 654.318954][T13530] acpi_ds_call_control_method+0x5d4/0xab0 [ 654.318997][T13530] acpi_ps_parse_aml+0xacd/0x1120 [ 654.319044][T13530] acpi_ps_execute_method+0x5c4/0xe90 [ 654.319095][T13530] acpi_ns_evaluate+0x640/0x1670 [ 654.319133][T13530] acpi_evaluate_object+0x420/0xe00 [ 654.319169][T13530] ? kasan_save_stack+0x30/0x50 [ 654.319200][T13530] ? kasan_save_track+0x14/0x30 [ 654.319238][T13530] ? __pfx_acpi_evaluate_object+0x10/0x10 [ 654.319279][T13530] ? __pfx___might_resched+0x10/0x10 [ 654.319320][T13530] acpi_evaluate_integer+0xdf/0x220 [ 654.319353][T13530] ? __pfx_acpi_evaluate_integer+0x10/0x10 [ 654.319399][T13530] ? __pfx_status_show+0x10/0x10 [ 654.319433][T13530] status_show+0xa0/0x120 [ 654.319465][T13530] ? __pfx_status_show+0x10/0x10 [ 654.319511][T13530] dev_attr_show+0x52/0xa0 [ 654.319550][T13530] ? __pfx_dev_attr_show+0x10/0x10 [ 654.319588][T13530] sysfs_kf_seq_show+0x217/0x3a0 [ 654.319645][T13530] seq_read_iter+0x32f/0x1270 [ 654.319697][T13530] kernfs_fop_read_iter+0x46c/0x610 [ 654.319733][T13530] ? rw_verify_area+0xce/0x6d0 [ 654.319761][T13530] ? __pfx_kernfs_fop_read_iter+0x10/0x10 [ 654.319798][T13530] vfs_read+0x825/0xb30 [ 654.319835][T13530] ? __pfx_vfs_read+0x10/0x10 [ 654.319893][T13530] ksys_read+0x12a/0x250 [ 654.319926][T13530] ? __pfx_ksys_read+0x10/0x10 [ 654.319971][T13530] do_syscall_64+0x106/0xf80 [ 654.320009][T13530] ? clear_bhb_loop+0x40/0x90 [ 654.320042][T13530] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 654.320071][T13530] RIP: 0033:0x7f567cf9bf79 [ 654.320094][T13530] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 654.320123][T13530] RSP: 002b:00007f567de02028 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 654.320150][T13530] RAX: ffffffffffffffda RBX: 00007f567d215fa0 RCX: 00007f567cf9bf79 [ 654.320169][T13530] RDX: 000000000000007a RSI: 0000200000000240 RDI: 0000000000000006 [ 654.320187][T13530] RBP: 00007f567d0327e0 R08: 0000000000000000 R09: 0000000000000000 [ 654.320203][T13530] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 654.320219][T13530] R13: 00007f567d216038 R14: 00007f567d215fa0 R15: 00007ffe563c8278 [ 654.320259][T13530] [ 654.716564][T13530] ACPI Error: Could not allocate 10 bytes (20251212/nsnames-308) [ 655.755476][T13542] FAULT_INJECTION: forcing a failure. [ 655.755476][T13542] name failslab, interval 1, probability 0, space 0, times 0 [ 655.771269][T13542] CPU: 0 UID: 0 PID: 13542 Comm: syz.3.2234 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 655.771336][T13542] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 655.771352][T13542] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 655.771367][T13542] Call Trace: [ 655.771377][T13542] [ 655.771387][T13542] dump_stack_lvl+0x100/0x190 [ 655.771432][T13542] should_fail_ex.cold+0x5/0xa [ 655.771464][T13542] should_failslab+0xc2/0x120 [ 655.771502][T13542] __kmalloc_cache_noprof+0x7a/0x6f0 [ 655.771536][T13542] ? create_filter_start.constprop.0+0x1c4/0x310 [ 655.771574][T13542] ? __asan_memcpy+0x3c/0x60 [ 655.771609][T13542] create_filter_start.constprop.0+0x1c4/0x310 [ 655.771650][T13542] create_filter+0xb5/0x210 [ 655.771686][T13542] ? __pfx_create_filter+0x10/0x10 [ 655.771724][T13542] ? find_held_lock+0x2b/0x80 [ 655.771765][T13542] apply_event_filter+0x220/0x500 [ 655.771802][T13542] ? __pfx_apply_event_filter+0x10/0x10 [ 655.771847][T13542] event_filter_write+0x16d/0x290 [ 655.771893][T13542] vfs_write+0x2aa/0x1070 [ 655.771927][T13542] ? __pfx_event_filter_write+0x10/0x10 [ 655.771973][T13542] ? __pfx_vfs_write+0x10/0x10 [ 655.772007][T13542] ? __fget_files+0x215/0x3d0 [ 655.772049][T13542] ? __fget_files+0x21f/0x3d0 [ 655.772094][T13542] ksys_write+0x12a/0x250 [ 655.772128][T13542] ? __pfx_ksys_write+0x10/0x10 [ 655.772174][T13542] do_syscall_64+0x106/0xf80 [ 655.772213][T13542] ? clear_bhb_loop+0x40/0x90 [ 655.772249][T13542] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 655.772277][T13542] RIP: 0033:0x7f567cf9bf79 [ 655.772301][T13542] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 655.772327][T13542] RSP: 002b:00007f567de02028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 655.772352][T13542] RAX: ffffffffffffffda RBX: 00007f567d215fa0 RCX: 00007f567cf9bf79 [ 655.772372][T13542] RDX: 00000000000005c8 RSI: 0000000000000000 RDI: 0000000000000003 [ 655.772389][T13542] RBP: 00007f567d0327e0 R08: 0000000000000000 R09: 0000000000000000 [ 655.772406][T13542] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 655.772421][T13542] R13: 00007f567d216038 R14: 00007f567d215fa0 R15: 00007ffe563c8278 [ 655.772458][T13542] [ 657.040348][T13534] Process accounting paused [ 657.446496][T13558] FAULT_INJECTION: forcing a failure. [ 657.446496][T13558] name failslab, interval 1, probability 0, space 0, times 0 [ 657.459632][T13558] CPU: 0 UID: 0 PID: 13558 Comm: syz.3.2238 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 657.459695][T13558] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 657.459710][T13558] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 657.459725][T13558] Call Trace: [ 657.459735][T13558] [ 657.459747][T13558] dump_stack_lvl+0x100/0x190 [ 657.459792][T13558] should_fail_ex.cold+0x5/0xa [ 657.459825][T13558] should_failslab+0xc2/0x120 [ 657.459865][T13558] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 657.459896][T13558] ? skb_clone+0x190/0x400 [ 657.459941][T13558] skb_clone+0x190/0x400 [ 657.459981][T13558] dev_queue_xmit_nit+0x255/0xa60 [ 657.460041][T13558] dev_hard_start_xmit+0x2fb/0x6c0 [ 657.460086][T13558] __dev_queue_xmit+0x6dd/0x46f0 [ 657.460134][T13558] ? __pfx___dev_queue_xmit+0x10/0x10 [ 657.460168][T13558] ? __local_bh_enable_ip+0x9e/0x120 [ 657.460208][T13558] ? __lock_acquire+0x4a5/0x2630 [ 657.460248][T13558] ? find_held_lock+0x2b/0x80 [ 657.460293][T13558] ip_finish_output2+0xf4a/0x24d0 [ 657.460345][T13558] ? __pfx_ip_finish_output2+0x10/0x10 [ 657.460389][T13558] ? __pfx_ip_dst_mtu_maybe_forward+0x10/0x10 [ 657.460441][T13558] __ip_finish_output.part.0+0x444/0x6f0 [ 657.460489][T13558] ip_output+0x39b/0xec0 [ 657.460533][T13558] ? __pfx_ip_output+0x10/0x10 [ 657.460581][T13558] ? __pfx_ip_finish_output+0x10/0x10 [ 657.460622][T13558] ? ip4_dst_hoplimit+0x1a9/0x400 [ 657.460673][T13558] __ip_queue_xmit+0x1b73/0x22b0 [ 657.460724][T13558] ? __pfx_ip_queue_xmit+0x10/0x10 [ 657.460769][T13558] __tcp_transmit_skb+0x3347/0x4b50 [ 657.460824][T13558] ? __pfx___tcp_transmit_skb+0x10/0x10 [ 657.460881][T13558] ? ktime_get+0x200/0x300 [ 657.460921][T13558] ? lockdep_hardirqs_on+0x78/0x100 [ 657.460969][T13558] tcp_write_xmit+0x12a2/0x8980 [ 657.461046][T13558] __tcp_push_pending_frames+0xaf/0x3b0 [ 657.461089][T13558] tcp_send_fin+0x11f/0x10f0 [ 657.461133][T13558] __tcp_close+0xa0d/0x1110 [ 657.461166][T13558] ? __local_bh_enable_ip+0x9e/0x120 [ 657.461212][T13558] tcp_close+0x28/0x110 [ 657.461245][T13558] inet_release+0xed/0x200 [ 657.461277][T13558] __sock_release+0xb3/0x260 [ 657.461317][T13558] ? __pfx_sock_close+0x10/0x10 [ 657.461357][T13558] sock_close+0x1c/0x30 [ 657.461396][T13558] __fput+0x3ff/0xb40 [ 657.461447][T13558] task_work_run+0x150/0x240 [ 657.461484][T13558] ? __pfx_task_work_run+0x10/0x10 [ 657.461520][T13558] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 657.461570][T13558] get_signal+0x1bd/0x21e0 [ 657.461611][T13558] ? __pfx___fput_deferred+0x10/0x10 [ 657.461651][T13558] ? __pfx___file_ref_put+0x10/0x10 [ 657.461698][T13558] ? __pfx_get_signal+0x10/0x10 [ 657.461738][T13558] ? do_sendfile+0x44d/0xe20 [ 657.461780][T13558] arch_do_signal_or_restart+0x91/0x770 [ 657.461813][T13558] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 657.461854][T13558] ? __x64_sys_sendfile64+0x189/0x220 [ 657.461892][T13558] ? xfd_validate_state+0x129/0x190 [ 657.461935][T13558] exit_to_user_mode_loop+0x86/0x4a0 [ 657.461965][T13558] ? rcu_is_watching+0x12/0xc0 [ 657.462002][T13558] do_syscall_64+0x668/0xf80 [ 657.462064][T13558] ? clear_bhb_loop+0x40/0x90 [ 657.462100][T13558] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 657.462129][T13558] RIP: 0033:0x7f567cf9bf79 [ 657.462154][T13558] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 657.462181][T13558] RSP: 002b:00007f567de02028 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 657.462207][T13558] RAX: fffffffffffffe00 RBX: 00007f567d215fa0 RCX: 00007f567cf9bf79 [ 657.462224][T13558] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000001 [ 657.462239][T13558] RBP: 00007f567d0327e0 R08: 0000000000000000 R09: 0000000000000000 [ 657.462255][T13558] R10: 00000000000000a1 R11: 0000000000000246 R12: 0000000000000000 [ 657.462271][T13558] R13: 00007f567d216038 R14: 00007f567d215fa0 R15: 00007ffe563c8278 [ 657.462308][T13558] [ 659.672039][T13581] netlink: 25 bytes leftover after parsing attributes in process `syz.2.2245'. [ 660.303163][T13588] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2246'. [ 660.456879][T13588] bond0: entered promiscuous mode [ 660.478642][T13588] bond_slave_0: entered promiscuous mode [ 660.484538][T13588] bond_slave_1: entered promiscuous mode [ 660.537302][T13588] bond0: entered allmulticast mode [ 660.542735][T13588] bond_slave_0: entered allmulticast mode [ 660.556002][T13588] bond_slave_1: entered allmulticast mode [ 661.178917][T13593] netlink: 186 bytes leftover after parsing attributes in process `syz.2.2247'. [ 664.693680][T13635] zram: Cannot change disksize for initialized device [ 665.772277][T13649] synth uevent: /module/orangefs: unknown uevent action string [ 665.919038][T13640] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2259'. [ 669.299628][T13654] Process accounting paused [ 669.612741][T13683] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2270'. [ 669.669267][T13683] netlink: 354 bytes leftover after parsing attributes in process `syz.3.2270'. [ 671.153802][T13708] input: jJǸ-9%vJ86 as /devices/virtual/input/input12 [ 672.102328][T13714] netlink: 25 bytes leftover after parsing attributes in process `syz.0.2277'. [ 672.796578][T13702] delete_channel: no stack [ 673.308290][T13731] netlink: 25 bytes leftover after parsing attributes in process `syz.3.2280'. [ 674.853598][T13742] Invalid ELF header magic: != ELF [ 675.093558][T13743] delete_channel: no stack [ 676.588226][T13773] netlink: 306 bytes leftover after parsing attributes in process `syz.0.2294'. [ 684.857850][T13872] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2318'. [ 686.957175][ C0] vcan0: j1939_tp_rxtimer: 0xffff88805a81bc00: rx timeout, send abort [ 686.968715][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff88805a81bc00: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 687.665755][T13884] FAULT_INJECTION: forcing a failure. [ 687.665755][T13884] name failslab, interval 1, probability 0, space 0, times 0 [ 687.719407][T13884] CPU: 1 UID: 0 PID: 13884 Comm: syz.3.2321 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 687.719467][T13884] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 687.719482][T13884] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 687.719499][T13884] Call Trace: [ 687.719508][T13884] [ 687.719519][T13884] dump_stack_lvl+0x100/0x190 [ 687.719579][T13884] should_fail_ex.cold+0x5/0xa [ 687.719613][T13884] should_failslab+0xc2/0x120 [ 687.719652][T13884] __kmalloc_cache_noprof+0x7a/0x6f0 [ 687.719677][T13884] ? crtc_or_fake_commit.part.0+0x7f/0x110 [ 687.719729][T13884] crtc_or_fake_commit.part.0+0x7f/0x110 [ 687.719770][T13884] drm_atomic_helper_setup_commit+0xfae/0x14f0 [ 687.719826][T13884] drm_atomic_helper_commit+0xa9/0x380 [ 687.719869][T13884] ? __pfx_drm_atomic_helper_commit+0x10/0x10 [ 687.719913][T13884] drm_atomic_commit+0x230/0x300 [ 687.719953][T13884] ? __pfx_drm_atomic_commit+0x10/0x10 [ 687.719988][T13884] ? __pfx___drm_printfn_info+0x10/0x10 [ 687.720023][T13884] ? drm_client_rotation+0x451/0x6a0 [ 687.720069][T13884] drm_client_modeset_commit_atomic+0x6a6/0x7e0 [ 687.720124][T13884] ? __mutex_lock+0x26a/0x1b90 [ 687.720167][T13884] ? __pfx_drm_client_modeset_commit_atomic+0x10/0x10 [ 687.720213][T13884] ? trace_contention_end+0xd6/0x110 [ 687.720244][T13884] ? drm_master_internal_acquire+0x21/0x80 [ 687.720320][T13884] drm_client_modeset_commit_locked+0x14d/0x580 [ 687.720370][T13884] drm_client_modeset_commit+0x4f/0x80 [ 687.720398][T13884] __drm_fb_helper_restore_fbdev_mode_unlocked.part.0+0x137/0x160 [ 687.720448][T13884] drm_fb_helper_restore_fbdev_mode_unlocked+0x93/0xc0 [ 687.720496][T13884] drm_fbdev_client_restore+0x1b/0x30 [ 687.720544][T13884] ? __pfx_drm_fbdev_client_restore+0x10/0x10 [ 687.720584][T13884] drm_client_dev_restore+0x205/0x2a0 [ 687.720637][T13884] drm_release+0x2c6/0x360 [ 687.720685][T13884] ? __pfx_drm_release+0x10/0x10 [ 687.720724][T13884] __fput+0x3ff/0xb40 [ 687.720770][T13884] task_work_run+0x150/0x240 [ 687.720801][T13884] ? __pfx_task_work_run+0x10/0x10 [ 687.720840][T13884] exit_to_user_mode_loop+0x100/0x4a0 [ 687.720866][T13884] ? rcu_is_watching+0x12/0xc0 [ 687.720899][T13884] do_syscall_64+0x668/0xf80 [ 687.720933][T13884] ? clear_bhb_loop+0x40/0x90 [ 687.720966][T13884] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 687.720992][T13884] RIP: 0033:0x7f567cf9bf79 [ 687.721014][T13884] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 687.721041][T13884] RSP: 002b:00007f567de02028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 687.721066][T13884] RAX: 0000000000000000 RBX: 00007f567d215fa0 RCX: 00007f567cf9bf79 [ 687.721084][T13884] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 687.721100][T13884] RBP: 00007f567d0327e0 R08: 0000000000000000 R09: 0000000000000000 [ 687.721116][T13884] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 687.721131][T13884] R13: 00007f567d216038 R14: 00007f567d215fa0 R15: 00007ffe563c8278 [ 687.721165][T13884] [ 688.211812][ T1295] ieee802154 phy0 wpan0: encryption failed: -22 [ 688.226329][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 688.309877][T13885] zswap: compressor not available [ 688.358933][ C1] vcan0: j1939_tp_rxtimer: 0xffff88805a749000: rx timeout, send abort [ 688.367384][ C1] vcan0: j1939_tp_rxtimer: 0xffff88805a749c00: rx timeout, send abort [ 688.376091][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88805a749000: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 688.390524][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88805a749c00: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 689.024039][T13896] Process accounting resumed [ 689.797007][T13906] netlink: 334 bytes leftover after parsing attributes in process `syz.2.2326'. [ 690.331315][T13925] netlink: 93 bytes leftover after parsing attributes in process `syz.1.2330'. [ 690.397267][T13921] netlink: 93 bytes leftover after parsing attributes in process `syz.1.2330'. [ 690.432050][T13928] netlink: 93 bytes leftover after parsing attributes in process `syz.1.2330'. [ 690.493250][T13929] hub 1-0:1.0: USB hub found [ 690.540856][T13929] hub 1-0:1.0: 1 port detected [ 690.634946][T13932] netlink: 17 bytes leftover after parsing attributes in process `syz.2.2332'. [ 691.015029][T13937] usb usb13: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 691.058915][T13912] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 691.069793][T13912] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 691.086129][T13912] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 691.123535][T13912] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 691.498279][T13944] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2335'. [ 691.535896][T13944] netlink: 354 bytes leftover after parsing attributes in process `syz.0.2335'. [ 691.623905][T13941] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 691.784294][T12513] Bluetooth: hci0: command 0x0c1a tx timeout [ 693.136845][T12513] Bluetooth: hci2: command 0x0406 tx timeout [ 693.145751][ T5828] Bluetooth: hci1: command 0x0c1a tx timeout [ 693.152613][ T5828] Bluetooth: hci3: command 0x0c1a tx timeout [ 693.454070][T13973] netlink: 17 bytes leftover after parsing attributes in process `syz.0.2342'. [ 694.223204][T13984] netlink: 334 bytes leftover after parsing attributes in process `syz.0.2344'. [ 697.468434][T14029] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2363'. [ 698.093456][T14018] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2353'. [ 698.192412][ T29] audit: type=1800 audit(2147483923.448:13): pid=14019 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.2354" name="features" dev="configfs" ino=506883 res=0 errno=0 [ 700.339879][T14050] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2359'. [ 701.427353][T14044] Process accounting resumed [ 710.468607][T14120] netlink: 186 bytes leftover after parsing attributes in process `syz.3.2376'. [ 710.664735][T14116] netlink: 186 bytes leftover after parsing attributes in process `syz.3.2376'. [ 711.440038][T14131] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2379'. [ 711.585441][T14132] random: crng reseeded on system resumption [ 711.745374][T14133] hub 1-0:1.0: USB hub found [ 711.816542][T14133] hub 1-0:1.0: 1 port detected [ 712.704503][T14144] device-mapper: ioctl: Unable to rename non-existent device, to uuid [ 714.630914][T14138] kexec: Could not allocate control_code_buffer [ 715.324439][ T29] audit: type=1800 audit(2147483940.667:14): pid=14157 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.2386" name="features" dev="configfs" ino=524874 res=0 errno=0 [ 718.511601][T14185] FAULT_INJECTION: forcing a failure. [ 718.511601][T14185] name failslab, interval 1, probability 0, space 0, times 0 [ 718.602537][T14185] CPU: 0 UID: 0 PID: 14185 Comm: syz.0.2391 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 718.602606][T14185] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 718.602623][T14185] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 718.602640][T14185] Call Trace: [ 718.602649][T14185] [ 718.602659][T14185] dump_stack_lvl+0x100/0x190 [ 718.602706][T14185] should_fail_ex.cold+0x5/0xa [ 718.602740][T14185] should_failslab+0xc2/0x120 [ 718.602780][T14185] kmem_cache_alloc_node_noprof+0x81/0x6f0 [ 718.602814][T14185] ? __alloc_skb+0x140/0x710 [ 718.602857][T14185] __alloc_skb+0x140/0x710 [ 718.602894][T14185] ? __pfx___alloc_skb+0x10/0x10 [ 718.602931][T14185] ? __pfx_aa_label_sk_perm+0x10/0x10 [ 718.602972][T14185] ? trace_sched_exit_tp+0xcd/0x100 [ 718.603003][T14185] tcp_stream_alloc_skb+0x34/0x660 [ 718.603036][T14185] tcp_sendmsg_locked+0x1351/0x45d0 [ 718.603078][T14185] ? aa_file_perm+0x268/0x1530 [ 718.603103][T14185] ? __pfx_tcp_sendmsg_locked+0x10/0x10 [ 718.603134][T14185] ? do_raw_spin_lock+0x128/0x260 [ 718.603165][T14185] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 718.603203][T14185] ? __local_bh_enable_ip+0x9e/0x120 [ 718.603260][T14185] tcp_sendmsg+0x2e/0x50 [ 718.603285][T14185] ? __pfx_tcp_sendmsg+0x10/0x10 [ 718.603311][T14185] inet_sendmsg+0xb9/0x140 [ 718.603339][T14185] sock_write_iter+0x509/0x610 [ 718.603367][T14185] ? __pfx_sock_write_iter+0x10/0x10 [ 718.603402][T14185] ? bpf_lsm_file_permission+0x9/0x10 [ 718.603420][T14185] ? security_file_permission+0x76/0x210 [ 718.603443][T14185] ? rw_verify_area+0xce/0x6d0 [ 718.603462][T14185] vfs_write+0x6ac/0x1070 [ 718.603479][T14185] ? __pfx_sock_write_iter+0x10/0x10 [ 718.603496][T14185] ? __pfx_vfs_write+0x10/0x10 [ 718.603512][T14185] ? find_held_lock+0x2b/0x80 [ 718.603544][T14185] ksys_write+0x1f8/0x250 [ 718.603565][T14185] ? __pfx_ksys_write+0x10/0x10 [ 718.603588][T14185] do_syscall_64+0x106/0xf80 [ 718.603608][T14185] ? clear_bhb_loop+0x40/0x90 [ 718.603626][T14185] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 718.603642][T14185] RIP: 0033:0x7f1f4d79bf79 [ 718.603656][T14185] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 718.603670][T14185] RSP: 002b:00007f1f4e65d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 718.603685][T14185] RAX: ffffffffffffffda RBX: 00007f1f4da15fa0 RCX: 00007f1f4d79bf79 [ 718.603695][T14185] RDX: 0000000000100082 RSI: 0000000000000000 RDI: 0000000000000003 [ 718.603704][T14185] RBP: 00007f1f4d8327e0 R08: 0000000000000000 R09: 0000000000000000 [ 718.603713][T14185] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 718.603721][T14185] R13: 00007f1f4da16038 R14: 00007f1f4da15fa0 R15: 00007ffdc76dbce8 [ 718.603742][T14185] [ 718.988748][T14185] Process accounting paused [ 723.001300][T14233] input: jJǸ-9%vJ86 as /devices/virtual/input/input13 [ 724.683181][T14260] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2410'. [ 724.702638][T14260] macvlan1: entered promiscuous mode [ 724.729841][T14260] macvlan1: entered allmulticast mode [ 724.792223][T14260] veth1_vlan: entered allmulticast mode [ 725.361482][T14265] netlink: 'syz.0.2412': attribute type 2 has an invalid length. [ 725.388959][T14265] netlink: 'syz.0.2412': attribute type 3 has an invalid length. [ 725.408832][T14265] netlink: 'syz.0.2412': attribute type 2 has an invalid length. [ 725.448908][T14265] netlink: 'syz.0.2412': attribute type 3 has an invalid length. [ 725.470787][T14265] netlink: 30 bytes leftover after parsing attributes in process `syz.0.2412'. [ 730.441460][T14311] Invalid ELF header magic: != ELF [ 731.570600][T14321] hub 1-0:1.0: USB hub found [ 731.667371][T14321] hub 1-0:1.0: 1 port detected [ 731.960344][T14326] Process accounting paused [ 740.026354][T14399] netlink: 'syz.2.2447': attribute type 64 has an invalid length. [ 740.163901][T14399] netlink: 74 bytes leftover after parsing attributes in process `syz.2.2447'. [ 741.730353][T14413] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2451'. [ 741.815523][T14413] bridge0: port 2(bridge_slave_1) entered disabled state [ 741.916553][T14413] bridge_slave_1 (unregistering): left allmulticast mode [ 741.942858][T14413] bridge_slave_1 (unregistering): left promiscuous mode [ 741.986049][T14421] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2450'. [ 742.015692][T14413] bridge0: port 2(bridge_slave_1) entered disabled state [ 744.243110][T14425] kexec: Could not allocate control_code_buffer [ 746.425544][ C0] vcan0: j1939_tp_rxtimer: 0xffff888032e49c00: rx timeout, send abort [ 746.931235][ C0] vcan0: j1939_tp_rxtimer: 0xffff888032e49c00: abort rx timeout. Force session deactivation [ 747.345580][T14477] ================================================================== [ 747.345604][T14477] BUG: KASAN: vmalloc-out-of-bounds in sys_imageblit+0x19fb/0x1d60 [ 747.345655][T14477] Write of size 8 at addr ffffc900036c9000 by task syz.0.2464/14477 [ 747.345677][T14477] [ 747.345694][T14477] CPU: 1 UID: 0 PID: 14477 Comm: syz.0.2464 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 747.345751][T14477] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 747.345767][T14477] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 747.345783][T14477] Call Trace: [ 747.345791][T14477] [ 747.345802][T14477] dump_stack_lvl+0x100/0x190 [ 747.345839][T14477] print_report+0x156/0x4c9 [ 747.345875][T14477] ? __virt_addr_valid+0x81/0x620 [ 747.345907][T14477] ? sys_imageblit+0x19fb/0x1d60 [ 747.345934][T14477] kasan_report+0xdf/0x1a0 [ 747.345969][T14477] ? sys_imageblit+0x19fb/0x1d60 [ 747.346001][T14477] sys_imageblit+0x19fb/0x1d60 [ 747.346033][T14477] ? __pfx__prb_read_valid+0x10/0x10 [ 747.346064][T14477] ? __pfx_sys_imageblit+0x10/0x10 [ 747.346094][T14477] ? panic_on_this_cpu+0x32/0x40 [ 747.346126][T14477] ? _prb_read_valid+0x72a/0x880 [ 747.346157][T14477] drm_fbdev_shmem_defio_imageblit+0x20/0x130 [ 747.346193][T14477] soft_cursor+0x524/0xa10 [ 747.346235][T14477] ? fb_get_color_depth+0x120/0x250 [ 747.346272][T14477] bit_cursor+0xe58/0x16f0 [ 747.346314][T14477] ? __pfx_bit_cursor+0x10/0x10 [ 747.346357][T14477] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 747.346394][T14477] ? get_color+0x1da/0x450 [ 747.346427][T14477] ? __pfx_bit_cursor+0x10/0x10 [ 747.346464][T14477] fbcon_cursor+0x43c/0x5e0 [ 747.346500][T14477] hide_cursor+0x87/0x230 [ 747.346539][T14477] do_con_write+0x2403/0x8550 [ 747.346567][T14477] ? trace_contention_end+0xd6/0x110 [ 747.346597][T14477] ? __mutex_lock+0x26a/0x1b90 [ 747.346649][T14477] ? n_tty_write+0x56b/0x12d0 [ 747.346685][T14477] ? console_unlock+0x1c9/0x260 [ 747.346721][T14477] ? __pfx___mutex_lock+0x10/0x10 [ 747.346757][T14477] ? __mutex_unlock_slowpath+0x15c/0x790 [ 747.346798][T14477] ? __pfx_do_con_write+0x10/0x10 [ 747.346825][T14477] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 747.346867][T14477] ? con_write+0x93/0xb0 [ 747.346894][T14477] con_write+0x23/0xb0 [ 747.346920][T14477] n_tty_write+0x44f/0x12d0 [ 747.346961][T14477] ? __pfx_n_tty_write+0x10/0x10 [ 747.346995][T14477] ? __pfx_woken_wake_function+0x10/0x10 [ 747.347030][T14477] ? rcu_is_watching+0x12/0xc0 [ 747.347065][T14477] ? kfree+0x2a0/0x670 [ 747.347089][T14477] ? __pfx_n_tty_write+0x10/0x10 [ 747.347124][T14477] file_tty_write.isra.0+0x4d2/0x890 [ 747.347156][T14477] redirected_tty_write+0xd4/0x120 [ 747.347184][T14477] vfs_write+0x6ac/0x1070 [ 747.347216][T14477] ? __pfx_redirected_tty_write+0x10/0x10 [ 747.347245][T14477] ? __pfx_vfs_write+0x10/0x10 [ 747.347274][T14477] ? find_held_lock+0x2b/0x80 [ 747.347322][T14477] ksys_write+0x12a/0x250 [ 747.347353][T14477] ? __pfx_ksys_write+0x10/0x10 [ 747.347388][T14477] do_syscall_64+0x106/0xf80 [ 747.347426][T14477] ? clear_bhb_loop+0x40/0x90 [ 747.347457][T14477] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 747.347485][T14477] RIP: 0033:0x7f1f4d79bf79 [ 747.347508][T14477] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 747.347536][T14477] RSP: 002b:00007f1f4e61b028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 747.347562][T14477] RAX: ffffffffffffffda RBX: 00007f1f4da16180 RCX: 00007f1f4d79bf79 [ 747.347581][T14477] RDX: 00000000000009cb RSI: 0000200000001000 RDI: 0000000000000005 [ 747.347599][T14477] RBP: 00007f1f4d8327e0 R08: 0000000000000000 R09: 0000000000000000 [ 747.347616][T14477] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 747.347643][T14477] R13: 00007f1f4da16218 R14: 00007f1f4da16180 R15: 00007ffdc76dbce8 [ 747.347672][T14477] [ 747.347682][T14477] [ 747.347689][T14477] The buggy address belongs to a 0-page vmalloc region starting at 0xffffc900033c9000 allocated at drm_gem_shmem_vmap_locked+0x54b/0x800 [ 747.347741][T14477] Memory state around the buggy address: [ 747.347756][T14477] ffffc900036c8f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 747.347784][T14477] ffffc900036c8f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 747.347803][T14477] >ffffc900036c9000: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 747.347817][T14477] ^ [ 747.347832][T14477] ffffc900036c9080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 747.347850][T14477] ffffc900036c9100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 747.347864][T14477] ================================================================== [ 747.347888][T14477] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 747.347909][T14477] CPU: 1 UID: 0 PID: 14477 Comm: syz.0.2464 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 747.347965][T14477] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 747.347982][T14477] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 747.347998][T14477] Call Trace: [ 747.348007][T14477] [ 747.348017][T14477] dump_stack_lvl+0x100/0x190 [ 747.348054][T14477] vpanic+0x552/0x970 [ 747.348078][T14477] ? __pfx_vpanic+0x10/0x10 [ 747.348103][T14477] ? __pfx_vprintk_emit+0x10/0x10 [ 747.348144][T14477] ? sys_imageblit+0x19fb/0x1d60 [ 747.348173][T14477] panic+0xd1/0xe0 [ 747.348198][T14477] ? __pfx_panic+0x10/0x10 [ 747.348227][T14477] ? sys_imageblit+0x19fb/0x1d60 [ 747.348258][T14477] check_panic_on_warn.cold+0x19/0x34 [ 747.348286][T14477] end_report.part.0+0x3a/0x90 [ 747.348321][T14477] kasan_report.cold+0xe/0x18 [ 747.348359][T14477] ? sys_imageblit+0x19fb/0x1d60 [ 747.348393][T14477] sys_imageblit+0x19fb/0x1d60 [ 747.348424][T14477] ? __pfx__prb_read_valid+0x10/0x10 [ 747.348456][T14477] ? __pfx_sys_imageblit+0x10/0x10 [ 747.348486][T14477] ? panic_on_this_cpu+0x32/0x40 [ 747.348514][T14477] ? _prb_read_valid+0x72a/0x880 [ 747.348540][T14477] drm_fbdev_shmem_defio_imageblit+0x20/0x130 [ 747.348573][T14477] soft_cursor+0x524/0xa10 [ 747.348612][T14477] ? fb_get_color_depth+0x120/0x250 [ 747.348659][T14477] bit_cursor+0xe58/0x16f0 [ 747.348701][T14477] ? __pfx_bit_cursor+0x10/0x10 [ 747.348744][T14477] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 747.348781][T14477] ? get_color+0x1da/0x450 [ 747.348814][T14477] ? __pfx_bit_cursor+0x10/0x10 [ 747.348854][T14477] fbcon_cursor+0x43c/0x5e0 [ 747.348890][T14477] hide_cursor+0x87/0x230 [ 747.348930][T14477] do_con_write+0x2403/0x8550 [ 747.348959][T14477] ? trace_contention_end+0xd6/0x110 [ 747.348989][T14477] ? __mutex_lock+0x26a/0x1b90 [ 747.349033][T14477] ? n_tty_write+0x56b/0x12d0 [ 747.349067][T14477] ? console_unlock+0x1c9/0x260 [ 747.349105][T14477] ? __pfx___mutex_lock+0x10/0x10 [ 747.349145][T14477] ? __mutex_unlock_slowpath+0x15c/0x790 [ 747.349187][T14477] ? __pfx_do_con_write+0x10/0x10 [ 747.349215][T14477] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 747.349260][T14477] ? con_write+0x93/0xb0 [ 747.349289][T14477] con_write+0x23/0xb0 [ 747.349316][T14477] n_tty_write+0x44f/0x12d0 [ 747.349359][T14477] ? __pfx_n_tty_write+0x10/0x10 [ 747.349394][T14477] ? __pfx_woken_wake_function+0x10/0x10 [ 747.349431][T14477] ? rcu_is_watching+0x12/0xc0 [ 747.349466][T14477] ? kfree+0x2a0/0x670 [ 747.349493][T14477] ? __pfx_n_tty_write+0x10/0x10 [ 747.349528][T14477] file_tty_write.isra.0+0x4d2/0x890 [ 747.349562][T14477] redirected_tty_write+0xd4/0x120 [ 747.349591][T14477] vfs_write+0x6ac/0x1070 [ 747.349620][T14477] ? __pfx_redirected_tty_write+0x10/0x10 [ 747.349660][T14477] ? __pfx_vfs_write+0x10/0x10 [ 747.349692][T14477] ? find_held_lock+0x2b/0x80 [ 747.349741][T14477] ksys_write+0x12a/0x250 [ 747.349774][T14477] ? __pfx_ksys_write+0x10/0x10 [ 747.349812][T14477] do_syscall_64+0x106/0xf80 [ 747.349851][T14477] ? clear_bhb_loop+0x40/0x90 [ 747.349884][T14477] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 747.349912][T14477] RIP: 0033:0x7f1f4d79bf79 [ 747.349933][T14477] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 747.349960][T14477] RSP: 002b:00007f1f4e61b028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 747.349987][T14477] RAX: ffffffffffffffda RBX: 00007f1f4da16180 RCX: 00007f1f4d79bf79 [ 747.350006][T14477] RDX: 00000000000009cb RSI: 0000200000001000 RDI: 0000000000000005 [ 747.350025][T14477] RBP: 00007f1f4d8327e0 R08: 0000000000000000 R09: 0000000000000000 [ 747.350043][T14477] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 747.350060][T14477] R13: 00007f1f4da16218 R14: 00007f1f4da16180 R15: 00007ffdc76dbce8 [ 747.350089][T14477] [ 747.350415][T14477] Kernel Offset: disabled