last executing test programs: 5.88572518s ago: executing program 3 (id=4503): mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) close_range$auto(0x0, 0x5, 0x0) openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000280)='/proc/swaps\x00', 0x40000, 0x0) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x60742, 0x0) socket(0x2, 0x1, 0x0) epoll_create$auto(0x4) epoll_ctl$auto(0x5, 0x1, 0x8000000000000000, 0x0) 5.603505043s ago: executing program 3 (id=4514): mmap$auto(0x0, 0x20009, 0x5, 0xeb2, 0x8, 0x1008000) r0 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000229bd70001cdddf250200020008000308"], 0x24}, 0x1, 0x0, 0x0, 0x20000010}, 0x0) sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB="0700000000000000df250a"], 0x14}, 0x1, 0x0, 0x0, 0x20008000}, 0x10004010) write$auto(0xffffffffffffffff, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1800"], 0x1ac}, 0x1, 0x0, 0x0, 0x4000044}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc8}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x1f00) 5.401927952s ago: executing program 3 (id=4508): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x0, 0x5, 0x0) pipe$auto(0x0) epoll_create$auto(0x1) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7fffffe) close_range$auto(0x2, 0x8, 0x0) 4.380348311s ago: executing program 3 (id=4512): openat$auto_i2cdev_fops_i2c_dev(0xffffffffffffff9c, &(0x7f0000000140), 0x500, 0x0) unshare$auto(0x40000080) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @loopback}, 0x54) 3.895878627s ago: executing program 2 (id=4517): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000500)={0x0, 0x6c}}, 0x0) r0 = getpid() process_vm_readv$auto(r0, &(0x7f0000000000)={0x0, 0xffd}, 0x800000001, &(0x7f0000000280)={&(0x7f0000000180), 0x1ffffffff}, 0x6, 0x0) ioctl$auto(0x3, 0xc018aec0, 0x38) r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace$auto(0x10, r1, 0x1, 0x7ff) ptrace$auto(0xd, r1, 0x8000000000000000, 0x9) 2.988568922s ago: executing program 3 (id=4519): socket(0x10, 0x2, 0x0) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'team_slave_1\x00', 0x0}) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)={0x68, 0x0, 0x800, 0x70bd2d, 0x25dfdbfe, {}, [@HSR_A_IF2_AGE={0x8, 0x4, 0xab7}, @HSR_A_IF2_SEQ={0x6, 0x7, 0x8000}, @HSR_A_IFINDEX={0x8, 0x2, r1}, @HSR_A_NODE_ADDR_B={0xa, 0x5, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}}, @HSR_A_NODE_ADDR={0xa, 0x1, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}}, @HSR_A_NODE_ADDR={0xa, 0x1, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x35}}, @HSR_A_IFINDEX={0x8, 0x2, r1}, @HSR_A_IF1_SEQ={0x6, 0x6, 0x5}, @HSR_A_IF2_AGE={0x8, 0x4, 0x4b3d}]}, 0x68}, 0x1, 0x0, 0x0, 0x40080}, 0x40) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="13"], 0x1ac}}, 0x4004) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 2.788255481s ago: executing program 3 (id=4520): sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x5) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) mbind$auto(0x2000, 0x2091d2, 0x4, 0x0, 0x6, 0x2) r0 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000300)='/proc/self/smaps_rollup\x00', 0x40000, 0x0) madvise$auto(0x0, 0xffffffffffff0001, 0x15) read$auto_proc_pid_maps_operations_internal(r0, &(0x7f00000020c0)=""/4093, 0xffd) 2.301262991s ago: executing program 1 (id=4523): mmap$auto(0x0, 0x7f, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) memfd_create$auto(0x0, 0xe) r0 = socket(0x2b, 0x1, 0x1) getsockopt$auto(r0, 0x0, 0x80, 0x0, 0x0) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(r0, 0x0, 0x24084005) listen$auto(0x3, 0x81) close_range$auto(0x2, 0x8, 0x0) 2.1740964s ago: executing program 2 (id=4524): mmap$auto(0x0, 0x400008, 0x5f, 0x9b72, 0x2, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={0x0, 0x38}}, 0x40008c0) bpf$auto(0x1, &(0x7f0000000000)=@batch={0xfffffffffffffffb, 0x44, 0x4, 0x9, 0x80100, 0xffffffffffffffff, 0x2, 0x9}, 0x4) r0 = socket(0x29, 0x2, 0x0) r1 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200"], 0x1ac}}, 0x40000) recvmmsg$auto(r1, &(0x7f0000000040)={{0x0, 0x5, 0x0, 0x5, 0x0, 0x200002, 0x13}, 0x803}, 0xfffffff9, 0x10, 0x0) ioctl$auto(r0, 0x8931, 0x24) 1.976796547s ago: executing program 1 (id=4526): mmap$auto(0x0, 0x5, 0x2, 0x40eb2, 0x401, 0x300000000000) close_range$auto(0x2, 0x8, 0x0) socket(0x15, 0x5, 0x0) openat$auto_mousedev_fops_mousedev(0xffffffffffffff9c, &(0x7f0000000140)='/dev/input/mice\x00', 0x22002, 0x0) readv$auto(0xffffffffffffffff, 0x0, 0x21) syz_genetlink_get_family_id$auto_tipcv2(0x0, 0xffffffffffffffff) socket(0x2, 0x1, 0x106) write$auto(0x3, 0x0, 0xffd8) 1.915636098s ago: executing program 0 (id=4527): openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000100)='/proc/irq/25/smp_affinity_list\x00', 0x402, 0x0) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x2, 0x15) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1000"], 0x1ac}, 0x1, 0x0, 0x0, 0x22004840}, 0x0) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 1.408501447s ago: executing program 1 (id=4528): mmap$auto(0x0, 0x4003, 0x2, 0x40eb2, 0x401, 0x300000000000) sendmsg$auto_NL802154_CMD_SET_WPAN_PHY_NETNS(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x80}, 0x0) mmap$auto(0x0, 0x400007, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) r0 = openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0) r1 = openat$auto_drm_debugfs_entry_fops_drm_debugfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/dri/vkms/clients\x00', 0x2100, 0x0) ioctl$auto(r0, 0x80286f4e, r1) gettid() ioctl$auto(0x3, 0x541b, 0x10000000000402) 1.405498053s ago: executing program 0 (id=4536): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) open(0x0, 0x2a4c0, 0x20) prctl$auto(0x29, 0x17000000, 0x0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) memfd_create$auto(0x0, 0xe) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ram10\x00', 0x60742, 0x0) write$auto(r0, &(0x7f0000000000)='//\xf2\x00', 0x80000000) mmap$auto(0x0, 0x810006, 0xffb, 0x8000000008011, 0x3, 0x0) 1.279315128s ago: executing program 0 (id=4529): close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) fanotify_init$auto(0x6a1, 0x2000000000002) socket(0x26, 0x80805, 0x0) socket(0x2, 0x801, 0x100) socket(0x28, 0x1, 0x0) socket(0x1, 0x1, 0x1) fanotify_mark$auto(0x0, 0x1, 0x9, 0x4, 0x0) close_range$auto(0x2, 0x8, 0x0) 1.123881627s ago: executing program 0 (id=4530): mmap$auto(0x0, 0x420009, 0xdf, 0xeb1, 0x401, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) open(0x0, 0x8643, 0x15e) r0 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000080)='/dev/v4l-subdev3\x00', 0x80000, 0x0) ioctl$auto(r0, 0xc0305602, r0) 1.038965577s ago: executing program 2 (id=4531): mmap$auto(0x0, 0x2020009, 0x2, 0xeb1, 0xfffffffffffffffa, 0x8000) io_uring_register$auto(0x2, 0x11, 0x0, 0x83) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/block/loop14/queue/dma_alignment\x00', 0x80000, 0x0) read$auto(r0, 0x0, 0x4) close_range$auto(0x2, 0x8, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/nullb0\x00', 0x14fa02, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/module/tcp_dctcp/parameters/dctcp_shift_g\x00', 0xc0202, 0x0) write$auto(0x3, 0x0, 0xfffffdef) 959.544259ms ago: executing program 0 (id=4532): close_range$auto(0x2, 0x8, 0x0) socket(0x18, 0xa, 0x1) socket(0xa, 0x2, 0x0) socket(0x18, 0xa, 0x1) socket(0xa, 0x2, 0x0) r0 = landlock_create_ruleset$auto(&(0x7f0000000140)={0xdaa0, 0x1, 0x9}, 0x9, 0x0) landlock_restrict_self$auto(r0, 0x3) connect$auto(0x3, &(0x7f00000006c0)=@in={0x2, 0x7, @local}, 0x55) 861.371335ms ago: executing program 2 (id=4533): mmap$auto(0x0, 0x20008, 0xdf, 0xeb1, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x4004810}, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0x4) socket(0x10, 0x3, 0x6) r0 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_LINKMODES_SET(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000380)=ANY=[@ANYBLOB="f0020000", @ANYRES16=r0, @ANYBLOB="01002d"], 0x2f0}, 0x1, 0x0, 0x0, 0x40000}, 0x50) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 824.402569ms ago: executing program 0 (id=4534): r0 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x2, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f0000000000)='/dev/usbmon33\x00', 0x121200, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) openat$auto_proc_mountinfo_operations_mnt_namespace(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/mountinfo\x00', 0x42100, 0x0) r1 = epoll_create$auto(0x70c) epoll_ctl$auto(r1, 0x1, r0, 0x0) 666.112477ms ago: executing program 2 (id=4535): mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) close_range$auto(0x2, 0x8, 0x0) memfd_create$auto(0x0, 0xe) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x141702, 0x0) write$auto(r0, &(0x7f0000000400)='\xfd\xf6\xff]\xe1@\xef\x84\xfe\xa0\xed\x06\x00\xf2\x894z\xaa`\xe0_e\xa33\xeafr\xe3{\x17&\xe5\xd9\xd9\x9dr\xd9\xbc\xdbq\x81\xa2\x970\x10\xaa\xc2\x1d{z\\\a\x94\xf5<:\xcc\xe8\xc0\xdd\xd4\t\xfb\xae\xc8h/\xf7\f:$\xe5w\x05\xfd]\x97A\x1d(`]\xe8o1\x85\xb9\x05\xb4i\xe2\x9b(\xe0\vw\x98\x124\xff\\\xc8\xb4d^\xa0\x1b@)\xe6*\x1aSF\xff\xa1\x86\x99;\xaa\xb1\x01;\x0e\xe20TLg\x94\x90\f\x1d\x98\xffulN\x0e\xa4\xe7\xd5\"D\xc2\xe0.\xbe\xbd\x82\xba\xc6\xd5e\xaajG\xbe!\x86\xb9\xe5\xa2\xc2\xdb\xb9\xe9qX\xf9\xb9\x01f\n\x87\x15\xd3\xcf9a*\xb4w\xaf\xab7\x9f\x0e\xba\x02\x95\xd4\\-\x04\xa3\x80\x8b\xae\r\xe4\xc6:\xb4\xa4b\x90Ow\xa7L\xb3\xa2\xf5\xa7\xc6\x8f4\xe9\xb9)\xa2I\x14GS\xd8\xa8Z\x8er', 0x7ffffffd) r1 = landlock_create_ruleset$auto(&(0x7f0000000140)={0xdaa0, 0x1, 0x9}, 0x9, 0x0) landlock_restrict_self$auto(r1, 0x8) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0x10002}, 0x1) 503.343274ms ago: executing program 2 (id=4537): sendmsg$auto_TIPC_NL_LINK_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)={0x194, 0x0, 0x8, 0x70bd2b, 0x25dfdbfe, {}, [@TIPC_NLA_NAME_TABLE={0x17e, 0x8, 0x0, 0x1, [@generic="4ee3e2228f072f775509c37cd7cecb289e14439e215648c9db21880740644d3881e08835cd40082d24f12f077f8b5ddf776a13f2fff3884f0532bf81c8616b70684282f7ba9b3cd0d345824ebb8a457bc10751506b1b17fa47d59e2a9f8466080e16f7b2739caa149594a6f18206edc6a3ffc337e8430bca88c4b6fe0996ca8aa4739b75041cb8a4c04c470de0e9c576bc49bffe9e6d351131f2", @generic="57440c89bf4ca0c9fe186a252b604605c03b3b37fdcc215336e090873ba894644dc3ba50d2e3da7b064d666e58278ffdba80674353fca24d8989514570b32f89856a7f533e2e4264f46265bd948e4e9ca1447c3a030829a16229686da16a127d8539b81395ef6d1d886f2fee927ee982922475dd421eda37d8a330ce967820316863a3df91a9321231c8ed5f6bb5e8f5c69534e866eb74ee7f618946efc6aade15965caddec732e6cc277a01c6dbd0362f016736cd3536b707628c1f10b8823afffc3be3e29ba2640ee73369", @generic="afd5551217c0a6decce4be24", @typed={0x8, 0x121, 0x0, 0x0, @fd}]}]}, 0x194}, 0x1, 0x0, 0x0, 0x8010}, 0x4000840) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket(0x1d, 0x2, 0x7) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'vcan0\x00', 0x0}) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) bind$auto(0x3, &(0x7f0000000040)=@can={0x1d, r1}, 0x6a) sendto$auto(r0, 0x0, 0x6f9, 0xfffffff8, &(0x7f0000000440)=@can={0x1d, r2}, 0x36) 378.338094ms ago: executing program 1 (id=4538): r0 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x20009, 0x7, 0x40000000000eb1, 0xffffffffffffffff, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) socket(0xa, 0x1, 0x84) getsockopt$auto_SO_PASSSEC(r0, 0x1, 0x22, 0x0, 0x0) 200.526022ms ago: executing program 1 (id=4539): close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000db, 0xeb1, 0x400, 0x8000) socket(0xa, 0x2, 0x0) socket(0x10, 0x2, 0x0) sendmsg$auto_BATADV_CMD_TP_METER(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000200bd7000fedbdf250200000800130001"], 0x24}, 0x1, 0x0, 0x0, 0x4c894}, 0x4) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="180027"], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 0s ago: executing program 1 (id=4540): r0 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8, 0x0) r1 = socket(0x10, 0x2, 0x4) close_range$auto(0x2, 0x8, 0x0) r2 = socket(0x10, 0x2, 0xc) sendmsg$auto_TIPC_NL_BEARER_ENABLE(0xffffffffffffffff, &(0x7f0000003780)={0x0, 0x0, &(0x7f0000003740)={&(0x7f0000000000)=ANY=[@ANYBLOB="b1000000", @ANYRES16, @ANYBLOB="01002dbd7000fddbdf25030000000c0001"], 0x20}, 0x1, 0x0, 0x0, 0x41}, 0x40080) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="18000000", @ANYRES8=r2, @ANYRES8=r0], 0x18}, 0x1, 0x0, 0x0, 0x60008004}, 0x4000050) write$auto(r1, &(0x7f0000000000)='-\x00', 0xfdef) kernel console output (not intermixed with test programs): 7] ? __x64_sys_acct+0x81/0x1e0 [ 454.758520][T13497] do_file_open+0x20e/0x430 [ 454.758570][T13497] ? __pfx_do_file_open+0x10/0x10 [ 454.758653][T13497] ? find_held_lock+0x2b/0x80 [ 454.758688][T13497] ? __might_fault+0xc5/0x140 [ 454.758736][T13497] ? __might_fault+0xc5/0x140 [ 454.758797][T13497] file_open_name+0x1c3/0x3e0 [ 454.758834][T13497] ? __pfx_file_open_name+0x10/0x10 [ 454.758877][T13497] ? do_getname+0x191/0x390 [ 454.758916][T13497] acct_on+0xa6/0xa00 [ 454.758953][T13497] ? __pfx_acct_on+0x10/0x10 [ 454.758989][T13497] ? bpf_lsm_capable+0x9/0x10 [ 454.759031][T13497] ? security_capable+0x80/0x260 [ 454.759136][T13497] __x64_sys_acct+0x81/0x1e0 [ 454.759170][T13497] ? lockdep_hardirqs_on+0x78/0x100 [ 454.759216][T13497] do_syscall_64+0x115/0x840 [ 454.759262][T13497] ? clear_bhb_loop+0x40/0x90 [ 454.759299][T13497] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 454.759331][T13497] RIP: 0033:0x7f1d9fb9de59 [ 454.759358][T13497] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 454.759387][T13497] RSP: 002b:00007f1da09e9028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a3 [ 454.759418][T13497] RAX: ffffffffffffffda RBX: 00007f1d9fe25fa0 RCX: 00007f1d9fb9de59 [ 454.759456][T13497] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000100 [ 454.759476][T13497] RBP: 00007f1d9fc33e6f R08: 0000000000000000 R09: 0000000000000000 [ 454.759496][T13497] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 454.759515][T13497] R13: 00007f1d9fe26038 R14: 00007f1d9fe25fa0 R15: 00007fff9891bef8 [ 454.759558][T13497] [ 455.383489][T13504] netlink: 342 bytes leftover after parsing attributes in process `syz.3.2806'. [ 457.539540][T13535] netlink: 342 bytes leftover after parsing attributes in process `syz.3.2818'. [ 457.911499][T13538] netlink: 146 bytes leftover after parsing attributes in process `syz.1.2819'. [ 459.471780][T13545] kexec: Could not allocate control_code_buffer [ 460.526541][T13560] Process accounting paused [ 461.518771][T13587] netlink: 'syz.2.2836': attribute type 33 has an invalid length. [ 461.533524][T13587] netlink: 322 bytes leftover after parsing attributes in process `syz.2.2836'. [ 461.540416][T13595] netlink: 334 bytes leftover after parsing attributes in process `syz.1.2838'. [ 462.380675][T13618] FAULT_INJECTION: forcing a failure. [ 462.380675][T13618] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 462.438486][T13618] CPU: 0 UID: 0 PID: 13618 Comm: syz.1.2845 Tainted: G L syzkaller #0 PREEMPT(full) [ 462.438537][T13618] Tainted: [L]=SOFTLOCKUP [ 462.438548][T13618] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 462.438564][T13618] Call Trace: [ 462.438573][T13618] [ 462.438584][T13618] dump_stack_lvl+0x100/0x190 [ 462.438623][T13618] should_fail_ex.cold+0x5/0xa [ 462.438659][T13618] _copy_from_user+0x2e/0xd0 [ 462.438752][T13618] copy_mount_options+0x76/0x190 [ 462.438791][T13618] __x64_sys_mount+0x1ab/0x310 [ 462.438824][T13618] ? __pfx___x64_sys_mount+0x10/0x10 [ 462.438864][T13618] do_syscall_64+0x115/0x840 [ 462.438902][T13618] ? clear_bhb_loop+0x40/0x90 [ 462.438936][T13618] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 462.438966][T13618] RIP: 0033:0x7f5ec419de59 [ 462.438990][T13618] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 462.439016][T13618] RSP: 002b:00007f5ec5021028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 462.439044][T13618] RAX: ffffffffffffffda RBX: 00007f5ec4426090 RCX: 00007f5ec419de59 [ 462.439064][T13618] RDX: 0000200000000140 RSI: 0000000000000000 RDI: 0000200000000080 [ 462.439082][T13618] RBP: 00007f5ec4233e6f R08: 00002000000002c0 R09: 0000000000000000 [ 462.439100][T13618] R10: 0000000000000005 R11: 0000000000000246 R12: 0000000000000000 [ 462.439128][T13618] R13: 00007f5ec4426128 R14: 00007f5ec4426090 R15: 00007ffc63015f68 [ 462.439166][T13618] [ 462.833214][T13609] Process accounting paused [ 463.086727][T13633] netlink: 322 bytes leftover after parsing attributes in process `syz.1.2853'. [ 463.335366][T13641] netlink: 146 bytes leftover after parsing attributes in process `syz.3.2855'. [ 464.531305][T13667] netlink: 334 bytes leftover after parsing attributes in process `syz.3.2865'. [ 464.784759][T13673] netlink: 334 bytes leftover after parsing attributes in process `syz.3.2868'. [ 464.912873][ T5635] Bluetooth: hci1: unexpected event 0x04 length: 47 > 10 [ 464.912918][ T5635] Bluetooth: unknown link type 255 [ 464.927050][ T5635] Bluetooth: hci1: connection err: -111 [ 464.931081][T13677] netlink: 'syz.1.2869': attribute type 4 has an invalid length. [ 465.401749][ T5635] Bluetooth: hci0: unexpected event 0x03 length: 8 < 11 [ 465.678545][T13695] netlink: 334 bytes leftover after parsing attributes in process `syz.1.2876'. [ 466.668884][T13721] netlink: 'syz.1.2887': attribute type 27 has an invalid length. [ 466.684119][T13721] netlink: 334 bytes leftover after parsing attributes in process `syz.1.2887'. [ 466.709592][T13722] random: crng reseeded on system resumption [ 467.573424][T13738] FAULT_INJECTION: forcing a failure. [ 467.573424][T13738] name failslab, interval 1, probability 0, space 0, times 0 [ 467.605279][T13738] CPU: 1 UID: 0 PID: 13738 Comm: syz.3.2892 Tainted: G L syzkaller #0 PREEMPT(full) [ 467.605323][T13738] Tainted: [L]=SOFTLOCKUP [ 467.605331][T13738] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 467.605346][T13738] Call Trace: [ 467.605354][T13738] [ 467.605364][T13738] dump_stack_lvl+0x100/0x190 [ 467.605397][T13738] should_fail_ex.cold+0x5/0xa [ 467.605425][T13738] should_failslab+0xc2/0x120 [ 467.605457][T13738] kmem_cache_alloc_lru_noprof+0x8d/0x6a0 [ 467.605485][T13738] ? find_held_lock+0x2b/0x80 [ 467.605512][T13738] ? alloc_inode+0x183/0x250 [ 467.605547][T13738] alloc_inode+0x183/0x250 [ 467.605574][T13738] path_from_stashed+0x25b/0x750 [ 467.605605][T13738] pidfs_alloc_file+0xf8/0x290 [ 467.605707][T13738] ? __pfx_pidfs_alloc_file+0x10/0x10 [ 467.605753][T13738] pidfd_prepare+0x107/0x1b0 [ 467.605781][T13738] __x64_sys_pidfd_open+0x105/0x1a0 [ 467.605813][T13738] ? __pfx___x64_sys_pidfd_open+0x10/0x10 [ 467.605853][T13738] do_syscall_64+0x115/0x840 [ 467.605887][T13738] ? clear_bhb_loop+0x40/0x90 [ 467.605916][T13738] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 467.605941][T13738] RIP: 0033:0x7f0571d9de59 [ 467.605961][T13738] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 467.605983][T13738] RSP: 002b:00007f0572d45028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b2 [ 467.606008][T13738] RAX: ffffffffffffffda RBX: 00007f0572025fa0 RCX: 00007f0571d9de59 [ 467.606024][T13738] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000074d [ 467.606048][T13738] RBP: 00007f0571e33e6f R08: 0000000000000000 R09: 0000000000000000 [ 467.606062][T13738] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 467.606076][T13738] R13: 00007f0572026038 R14: 00007f0572025fa0 R15: 00007ffec18cc448 [ 467.606108][T13738] [ 468.870781][ T5635] Bluetooth: hci0: unexpected event 0x08 length: 6 > 4 [ 469.667571][T13767] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2902'. [ 469.758778][T13767] team0: Port device team_slave_1 removed [ 470.692830][T13799] netlink: 342 bytes leftover after parsing attributes in process `syz.2.2918'. [ 470.897120][T13805] netlink: 25 bytes leftover after parsing attributes in process `syz.2.2922'. [ 470.948744][T13807] netlink: 342 bytes leftover after parsing attributes in process `syz.0.2920'. [ 471.713141][T13831] FAULT_INJECTION: forcing a failure. [ 471.713141][T13831] name failslab, interval 1, probability 0, space 0, times 0 [ 471.729490][T13831] CPU: 0 UID: 0 PID: 13831 Comm: syz.3.2931 Tainted: G L syzkaller #0 PREEMPT(full) [ 471.729541][T13831] Tainted: [L]=SOFTLOCKUP [ 471.729552][T13831] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 471.729569][T13831] Call Trace: [ 471.729579][T13831] [ 471.729591][T13831] dump_stack_lvl+0x100/0x190 [ 471.729632][T13831] should_fail_ex.cold+0x5/0xa [ 471.729683][T13831] should_failslab+0xc2/0x120 [ 471.729724][T13831] kmem_cache_alloc_noprof+0x91/0x6a0 [ 471.729761][T13831] ? trace_kmem_cache_alloc+0xdd/0x100 [ 471.729800][T13831] ? security_file_alloc+0x34/0x2c0 [ 471.729913][T13831] security_file_alloc+0x34/0x2c0 [ 471.729950][T13831] init_file+0x95/0x480 [ 471.729984][T13831] alloc_empty_file+0x79/0x1c0 [ 471.730020][T13831] alloc_file_pseudo+0x183/0x290 [ 471.730060][T13831] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 471.730096][T13831] ? security_inode_init_security_anon+0x7b/0x230 [ 471.730157][T13831] __anon_inode_getfile+0xe8/0x280 [ 471.730207][T13831] new_userfaultfd+0x255/0x400 [ 471.730251][T13831] __x64_sys_userfaultfd+0x4b/0xb0 [ 471.730300][T13831] do_syscall_64+0x115/0x840 [ 471.730345][T13831] ? clear_bhb_loop+0x40/0x90 [ 471.730392][T13831] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 471.730424][T13831] RIP: 0033:0x7f0571d9de59 [ 471.730453][T13831] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 471.730482][T13831] RSP: 002b:00007f0572d45028 EFLAGS: 00000246 ORIG_RAX: 0000000000000143 [ 471.730513][T13831] RAX: ffffffffffffffda RBX: 00007f0572025fa0 RCX: 00007f0571d9de59 [ 471.730534][T13831] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 471.730551][T13831] RBP: 00007f0571e33e6f R08: 0000000000000000 R09: 0000000000000000 [ 471.730570][T13831] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 471.730588][T13831] R13: 00007f0572026038 R14: 00007f0572025fa0 R15: 00007ffec18cc448 [ 471.730628][T13831] [ 472.108572][T13833] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2933'. [ 472.137841][T13833] netlink: 25 bytes leftover after parsing attributes in process `syz.1.2933'. [ 472.781239][T13849] netlink: 346 bytes leftover after parsing attributes in process `syz.0.2938'. [ 473.731558][T13869] sctp: [Deprecated]: syz.1.2944 (pid 13869) Use of int in maxseg socket option. [ 473.731558][T13869] Use struct sctp_assoc_value instead [ 473.911929][T13873] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2947'. [ 475.182654][T13908] vivid-011: ================= START STATUS ================= [ 475.210522][T13908] vivid-011: Radio HW Seek Mode: Bounded [ 475.229860][T13908] vivid-011: Radio Programmable HW Seek: false [ 475.247965][T13908] vivid-011: RDS Rx I/O Mode: Block I/O [ 475.255389][T13908] vivid-011: Generate RBDS Instead of RDS: false [ 475.262006][T13908] vivid-011: RDS Reception: true [ 475.267286][T13908] vivid-011: RDS Program Type: 0 inactive [ 475.273435][T13908] vivid-011: RDS PS Name: inactive [ 475.285767][T13908] vivid-011: RDS Radio Text: inactive [ 475.291388][T13908] vivid-011: RDS Traffic Announcement: false inactive [ 475.303083][T13908] vivid-011: RDS Traffic Program: false inactive [ 475.313302][T13908] vivid-011: RDS Music: false inactive [ 475.319246][T13908] vivid-011: ================== END STATUS ================== [ 475.799870][T13921] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2966'. [ 475.827473][T13921] netlink: 5 bytes leftover after parsing attributes in process `syz.0.2966'. [ 475.855320][T13921] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2966'. [ 476.079198][T13929] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2969'. [ 476.177901][T13931] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2970'. [ 476.187647][T13931] veth1_macvtap: left promiscuous mode [ 476.193322][T13931] macsec0: entered promiscuous mode [ 476.203572][T13931] macsec0: entered allmulticast mode [ 477.219993][T13962] netlink: 342 bytes leftover after parsing attributes in process `syz.1.2980'. [ 477.234340][T13958] netlink: 342 bytes leftover after parsing attributes in process `syz.3.2979'. [ 477.244815][T13962] netlink: 342 bytes leftover after parsing attributes in process `syz.1.2980'. [ 477.548915][T13967] netlink: 346 bytes leftover after parsing attributes in process `syz.1.2981'. [ 478.613482][T13997] netlink: 342 bytes leftover after parsing attributes in process `syz.2.2992'. [ 479.655970][T14019] random: crng reseeded on system resumption [ 479.691412][T14018] Restarting kernel threads ... [ 479.699281][T14018] Done restarting kernel threads. [ 480.523230][T14041] FAULT_INJECTION: forcing a failure. [ 480.523230][T14041] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 480.584463][T14041] CPU: 0 UID: 0 PID: 14041 Comm: syz.2.3008 Tainted: G L syzkaller #0 PREEMPT(full) [ 480.584519][T14041] Tainted: [L]=SOFTLOCKUP [ 480.584531][T14041] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 480.584550][T14041] Call Trace: [ 480.584562][T14041] [ 480.584576][T14041] dump_stack_lvl+0x100/0x190 [ 480.584619][T14041] should_fail_ex.cold+0x5/0xa [ 480.584655][T14041] _copy_to_iter+0x5a4/0x1720 [ 480.584765][T14041] ? __pfx__copy_to_iter+0x10/0x10 [ 480.584813][T14041] ? __pfx___might_resched+0x10/0x10 [ 480.584856][T14041] ? crng_make_state+0x2b0/0x6c0 [ 480.584993][T14041] get_random_bytes_user+0x17b/0x3d0 [ 480.585067][T14041] ? __pfx_get_random_bytes_user+0x10/0x10 [ 480.585117][T14041] ? rcu_is_watching+0x12/0xc0 [ 480.585156][T14041] ? trace_kmalloc+0xeb/0x110 [ 480.585208][T14041] do_iter_readv_writev+0x616/0x930 [ 480.585251][T14041] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 480.585300][T14041] ? bpf_lsm_file_permission+0x9/0x10 [ 480.585343][T14041] ? security_file_permission+0x76/0x210 [ 480.585382][T14041] ? rw_verify_area+0xce/0x6d0 [ 480.585434][T14041] vfs_readv+0x4d3/0x8d0 [ 480.585486][T14041] ? __pfx_vfs_readv+0x10/0x10 [ 480.585556][T14041] ? __fget_files+0x21f/0x3d0 [ 480.585615][T14041] ? do_readv+0x13e/0x340 [ 480.585653][T14041] do_readv+0x13e/0x340 [ 480.585694][T14041] ? __pfx_do_readv+0x10/0x10 [ 480.585745][T14041] do_syscall_64+0x115/0x840 [ 480.585790][T14041] ? clear_bhb_loop+0x40/0x90 [ 480.585828][T14041] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 480.585861][T14041] RIP: 0033:0x7f896339de59 [ 480.585889][T14041] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 480.585916][T14041] RSP: 002b:00007f8964242028 EFLAGS: 00000246 ORIG_RAX: 0000000000000013 [ 480.585947][T14041] RAX: ffffffffffffffda RBX: 00007f8963625fa0 RCX: 00007f896339de59 [ 480.585964][T14041] RDX: 00000000000000c8 RSI: 0000200000001200 RDI: 0000000000000005 [ 480.585981][T14041] RBP: 00007f8963433e6f R08: 0000000000000000 R09: 0000000000000000 [ 480.585997][T14041] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 480.586012][T14041] R13: 00007f8963626038 R14: 00007f8963625fa0 R15: 00007ffdd436d308 [ 480.586047][T14041] [ 481.687745][T14058] __nla_validate_parse: 2 callbacks suppressed [ 481.687772][T14058] netlink: 334 bytes leftover after parsing attributes in process `syz.2.3016'. [ 482.507312][T14078] netlink: 334 bytes leftover after parsing attributes in process `syz.1.3024'. [ 483.111377][T14097] netlink: 'syz.2.3030': attribute type 19 has an invalid length. [ 483.154146][T14097] netlink: 334 bytes leftover after parsing attributes in process `syz.2.3030'. [ 483.223434][T14100] FAULT_INJECTION: forcing a failure. [ 483.223434][T14100] name fail_futex, interval 1, probability 0, space 0, times 0 [ 483.236761][T14100] CPU: 0 UID: 0 PID: 14100 Comm: syz.1.3033 Tainted: G L syzkaller #0 PREEMPT(full) [ 483.236810][T14100] Tainted: [L]=SOFTLOCKUP [ 483.236821][T14100] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 483.236837][T14100] Call Trace: [ 483.236847][T14100] [ 483.236859][T14100] dump_stack_lvl+0x100/0x190 [ 483.236900][T14100] should_fail_ex.cold+0x5/0xa [ 483.236935][T14100] get_futex_key+0x1d2/0x14f0 [ 483.236988][T14100] ? __pfx_get_futex_key+0x10/0x10 [ 483.237037][T14100] ? get_futex_key+0x4e8/0x14f0 [ 483.237092][T14100] futex_wait_setup+0x91/0x540 [ 483.237143][T14100] futex_wait_requeue_pi+0x258/0x8a0 [ 483.237185][T14100] ? __pfx_futex_wait_requeue_pi+0x10/0x10 [ 483.237223][T14100] ? __futex_wait+0x256/0x300 [ 483.237264][T14100] ? __pfx___futex_wait+0x10/0x10 [ 483.237299][T14100] ? futex_hash+0x311/0x400 [ 483.237389][T14100] ? __pfx_futex_wake_mark+0x10/0x10 [ 483.237439][T14100] ? __fget_files+0x21f/0x3d0 [ 483.237492][T14100] do_futex+0x414/0x440 [ 483.237523][T14100] ? __pfx_do_futex+0x10/0x10 [ 483.237554][T14100] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 483.237603][T14100] __x64_sys_futex+0x34f/0x4d0 [ 483.237636][T14100] ? __pfx___x64_sys_futex+0x10/0x10 [ 483.237676][T14100] do_syscall_64+0x115/0x840 [ 483.237719][T14100] ? clear_bhb_loop+0x40/0x90 [ 483.237756][T14100] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 483.237789][T14100] RIP: 0033:0x7f5ec419de59 [ 483.237816][T14100] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 483.237844][T14100] RSP: 002b:00007f5ec5042028 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 483.237874][T14100] RAX: ffffffffffffffda RBX: 00007f5ec4425fa0 RCX: 00007f5ec419de59 [ 483.237896][T14100] RDX: 0000000000000001 RSI: 000000000000000b RDI: 0000200000000080 [ 483.237915][T14100] RBP: 00007f5ec4233e6f R08: 0000000000000000 R09: 00000000fffffffa [ 483.237940][T14100] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 483.237960][T14100] R13: 00007f5ec4426038 R14: 00007f5ec4425fa0 R15: 00007ffc63015f68 [ 483.238000][T14100] [ 483.915342][ T5635] Bluetooth: hci2: command 0x0406 tx timeout [ 484.702318][T14128] netlink: 110 bytes leftover after parsing attributes in process `syz.2.3043'. [ 484.807635][T14098] kexec: Could not allocate control_code_buffer [ 485.000996][T14135] batadv_slave_1: entered promiscuous mode [ 485.029976][T14135] batadv_slave_1: left promiscuous mode [ 485.485465][T14139] netlink: 146 bytes leftover after parsing attributes in process `syz.1.3049'. [ 486.522775][T14172] netlink: 342 bytes leftover after parsing attributes in process `syz.0.3063'. [ 487.092778][T14189] dmxdev: DVB (dvb_dmxdev_filter_start): could not set feed [ 487.136343][T14189] dvb_demux: dvb_demux_feed_del: feed not in list (type=1 state=0 pid=ffff) [ 487.671286][T14197] netlink: 334 bytes leftover after parsing attributes in process `syz.1.3071'. [ 488.807473][T14216] netlink: 'syz.1.3078': attribute type 27 has an invalid length. [ 488.826097][T14216] netlink: 334 bytes leftover after parsing attributes in process `syz.1.3078'. [ 489.894902][T14237] netlink: 'syz.3.3087': attribute type 27 has an invalid length. [ 489.903379][T14237] netlink: 334 bytes leftover after parsing attributes in process `syz.3.3087'. [ 490.547505][T14245] Process accounting resumed [ 490.888472][T14262] netlink: 342 bytes leftover after parsing attributes in process `syz.0.3098'. [ 491.107321][T14270] netlink: 'syz.2.3102': attribute type 64 has an invalid length. [ 491.124254][T14270] netlink: 74 bytes leftover after parsing attributes in process `syz.2.3102'. [ 491.591137][T14283] FAULT_INJECTION: forcing a failure. [ 491.591137][T14283] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 491.646518][T14283] CPU: 1 UID: 0 PID: 14283 Comm: syz.2.3108 Tainted: G L syzkaller #0 PREEMPT(full) [ 491.646579][T14283] Tainted: [L]=SOFTLOCKUP [ 491.646591][T14283] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 491.646609][T14283] Call Trace: [ 491.646620][T14283] [ 491.646632][T14283] dump_stack_lvl+0x100/0x190 [ 491.646673][T14283] should_fail_ex.cold+0x5/0xa [ 491.646708][T14283] _copy_from_user+0x2e/0xd0 [ 491.646751][T14283] copy_mount_options+0x76/0x190 [ 491.646794][T14283] __x64_sys_mount+0x1ab/0x310 [ 491.646829][T14283] ? __pfx___x64_sys_mount+0x10/0x10 [ 491.646875][T14283] do_syscall_64+0x115/0x840 [ 491.646918][T14283] ? clear_bhb_loop+0x40/0x90 [ 491.646954][T14283] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 491.646981][T14283] RIP: 0033:0x7f896339de59 [ 491.647005][T14283] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 491.647033][T14283] RSP: 002b:00007f8964221028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 491.647063][T14283] RAX: ffffffffffffffda RBX: 00007f8963626090 RCX: 00007f896339de59 [ 491.647084][T14283] RDX: 0000200000000140 RSI: 0000000000000000 RDI: 0000200000000080 [ 491.647103][T14283] RBP: 00007f8963433e6f R08: 00002000000002c0 R09: 0000000000000000 [ 491.647122][T14283] R10: 0000000000000005 R11: 0000000000000246 R12: 0000000000000000 [ 491.647140][T14283] R13: 00007f8963626128 R14: 00007f8963626090 R15: 00007ffdd436d308 [ 491.647182][T14283] [ 491.951883][T14291] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 493.264489][T14324] netlink: 342 bytes leftover after parsing attributes in process `syz.2.3123'. [ 493.454956][T14330] netlink: 334 bytes leftover after parsing attributes in process `syz.2.3126'. [ 493.502029][T14304] Process accounting resumed [ 494.063466][T14351] netlink: 146 bytes leftover after parsing attributes in process `syz.0.3135'. [ 495.491388][T14397] netlink: 342 bytes leftover after parsing attributes in process `syz.1.3151'. [ 495.662364][T14401] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3153'. [ 496.586113][T14426] netlink: 342 bytes leftover after parsing attributes in process `syz.2.3162'. [ 496.851035][T14434] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3165'. [ 496.896001][T14436] netlink: 334 bytes leftover after parsing attributes in process `syz.0.3166'. [ 497.509000][T14454] netlink: 342 bytes leftover after parsing attributes in process `syz.2.3174'. [ 497.661902][T14460] netlink: 342 bytes leftover after parsing attributes in process `syz.2.3176'. [ 501.554479][T14560] random: crng reseeded on system resumption [ 502.320530][ T1316] ieee802154 phy0 wpan0: encryption failed: -22 [ 502.327469][ T1316] ieee802154 phy1 wpan1: encryption failed: -22 [ 504.786267][T14626] netlink: 'syz.1.3232': attribute type 21 has an invalid length. [ 504.794724][T14626] __nla_validate_parse: 1 callbacks suppressed [ 504.794748][T14626] netlink: 334 bytes leftover after parsing attributes in process `syz.1.3232'. [ 505.369480][T14637] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3237'. [ 505.827026][T14656] HfR: entered promiscuous mode [ 505.910900][T14656] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3245'. [ 505.930479][T14656] HfR: left promiscuous mode [ 506.716050][T14678] netlink: 334 bytes leftover after parsing attributes in process `syz.2.3251'. [ 507.553819][T14695] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3257'. [ 507.572528][T14694] HfR: entered promiscuous mode [ 507.588558][T14695] HfR: left promiscuous mode [ 508.106084][T14702] netlink: 342 bytes leftover after parsing attributes in process `syz.1.3268'. [ 509.049324][T14723] netlink: 342 bytes leftover after parsing attributes in process `syz.3.3276'. [ 509.295202][T14730] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3278'. [ 509.328676][T14730] veth1_macvtap: left promiscuous mode [ 509.338885][T14730] macsec0: entered promiscuous mode [ 509.347780][T14730] macsec0: entered allmulticast mode [ 509.377954][T14732] HfR: entered promiscuous mode [ 509.394158][T14732] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3269'. [ 509.407987][T14732] HfR: left promiscuous mode [ 511.619282][T14771] HfR: entered promiscuous mode [ 511.643297][T14771] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3283'. [ 511.653272][T14771] HfR: left promiscuous mode [ 512.348524][T14789] vivid-011: ================= START STATUS ================= [ 512.357911][T14789] vivid-011: Radio HW Seek Mode: Bounded [ 512.365888][T14789] vivid-011: Radio Programmable HW Seek: false [ 512.372295][T14789] vivid-011: RDS Rx I/O Mode: Block I/O [ 512.379197][T14789] vivid-011: Generate RBDS Instead of RDS: false [ 512.386937][T14789] vivid-011: RDS Reception: true [ 512.400457][T14789] vivid-011: RDS Program Type: 0 inactive [ 512.413600][T14789] vivid-011: RDS PS Name: inactive [ 512.419184][T14789] vivid-011: RDS Radio Text: inactive [ 512.424864][T14789] vivid-011: RDS Traffic Announcement: false inactive [ 512.431892][T14789] vivid-011: RDS Traffic Program: false inactive [ 512.438655][T14789] vivid-011: RDS Music: false inactive [ 512.444388][T14789] vivid-011: ================== END STATUS ================== [ 512.575152][T14797] vivid-011: ================= START STATUS ================= [ 512.596493][T14797] vivid-011: Radio HW Seek Mode: Bounded [ 512.606640][T14797] vivid-011: Radio Programmable HW Seek: false [ 512.628647][T14797] vivid-011: RDS Rx I/O Mode: Block I/O [ 512.638855][T14797] vivid-011: Generate RBDS Instead of RDS: false [ 512.656827][T14797] vivid-011: RDS Reception: true [ 512.671140][T14797] vivid-011: RDS Program Type: 0 inactive [ 512.685519][T14797] vivid-011: RDS PS Name: inactive [ 512.702164][T14797] vivid-011: RDS Radio Text: inactive [ 512.721424][T14797] vivid-011: RDS Traffic Announcement: false inactive [ 512.741750][T14797] vivid-011: RDS Traffic Program: false inactive [ 512.766193][T14797] vivid-011: RDS Music: false inactive [ 512.782718][T14797] vivid-011: ================== END STATUS ================== [ 513.968837][T14815] HfR: entered promiscuous mode [ 514.007788][T14815] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3295'. [ 514.029949][T14815] HfR: left promiscuous mode [ 514.892669][T14826] netlink: 'syz.0.3298': attribute type 1 has an invalid length. [ 514.917992][T14826] netlink: 33 bytes leftover after parsing attributes in process `syz.0.3298'. [ 516.854775][T14866] random: crng reseeded on system resumption [ 518.116565][T14897] netlink: 334 bytes leftover after parsing attributes in process `syz.1.3320'. [ 518.610138][T14908] netlink: 342 bytes leftover after parsing attributes in process `syz.3.3323'. [ 518.753005][T14912] netlink: 330 bytes leftover after parsing attributes in process `syz.1.3325'. [ 518.929282][T14917] netlink: 342 bytes leftover after parsing attributes in process `syz.3.3336'. [ 519.196215][T14925] random: crng reseeded on system resumption [ 520.208733][T14949] netlink: 334 bytes leftover after parsing attributes in process `syz.1.3339'. [ 520.319565][T14954] netlink: 'syz.1.3340': attribute type 4 has an invalid length. [ 520.357215][T14951] FAULT_INJECTION: forcing a failure. [ 520.357215][T14951] name failslab, interval 1, probability 0, space 0, times 0 [ 520.390768][T14951] CPU: 1 UID: 0 PID: 14951 Comm: syz.3.3338 Tainted: G L syzkaller #0 PREEMPT(full) [ 520.390816][T14951] Tainted: [L]=SOFTLOCKUP [ 520.390827][T14951] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 520.390844][T14951] Call Trace: [ 520.390854][T14951] [ 520.390866][T14951] dump_stack_lvl+0x100/0x190 [ 520.390910][T14951] should_fail_ex.cold+0x5/0xa [ 520.390949][T14951] should_failslab+0xc2/0x120 [ 520.390992][T14951] __kmalloc_cache_noprof+0x91/0x6c0 [ 520.391075][T14951] ? usbdev_open+0x9d/0x870 [ 520.391219][T14951] usbdev_open+0x9d/0x870 [ 520.391260][T14951] ? kobject_get_unless_zero+0x156/0x200 [ 520.391296][T14951] ? __pfx_usbdev_open+0x10/0x10 [ 520.391332][T14951] ? chrdev_open+0x10b/0x6a0 [ 520.391377][T14951] ? chrdev_open+0x10b/0x6a0 [ 520.391427][T14951] ? __pfx_usbdev_open+0x10/0x10 [ 520.391466][T14951] chrdev_open+0x234/0x6a0 [ 520.391515][T14951] ? __pfx_apparmor_file_open+0x10/0x10 [ 520.391566][T14951] ? __pfx_chrdev_open+0x10/0x10 [ 520.391616][T14951] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 520.391655][T14951] do_dentry_open+0x6ab/0x14d0 [ 520.391697][T14951] ? __pfx_chrdev_open+0x10/0x10 [ 520.391751][T14951] vfs_open+0x82/0x3f0 [ 520.391791][T14951] path_openat+0x2873/0x4280 [ 520.391851][T14951] ? __pfx_path_openat+0x10/0x10 [ 520.391907][T14951] do_file_open+0x20e/0x430 [ 520.391956][T14951] ? __pfx_do_file_open+0x10/0x10 [ 520.392037][T14951] ? alloc_fd+0x471/0x7a0 [ 520.392086][T14951] ? do_getname+0x191/0x390 [ 520.392124][T14951] do_sys_openat2+0x10f/0x1e0 [ 520.392158][T14951] ? __pfx_do_sys_openat2+0x10/0x10 [ 520.392196][T14951] ? do_raw_spin_lock+0x128/0x260 [ 520.392236][T14951] __x64_sys_openat+0x12d/0x210 [ 520.392272][T14951] ? __pfx___x64_sys_openat+0x10/0x10 [ 520.392320][T14951] do_syscall_64+0x115/0x840 [ 520.392359][T14951] ? clear_bhb_loop+0x40/0x90 [ 520.392400][T14951] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 520.392432][T14951] RIP: 0033:0x7f0571d9de59 [ 520.392460][T14951] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 520.392489][T14951] RSP: 002b:00007f0572d24028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 520.392519][T14951] RAX: ffffffffffffffda RBX: 00007f0572026090 RCX: 00007f0571d9de59 [ 520.392538][T14951] RDX: 000000000000a901 RSI: 0000200000000140 RDI: ffffffffffffff9c [ 520.392557][T14951] RBP: 00007f0571e33e6f R08: 0000000000000000 R09: 0000000000000000 [ 520.392576][T14951] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 520.392593][T14951] R13: 00007f0572026128 R14: 00007f0572026090 R15: 00007ffec18cc448 [ 520.392630][T14951] [ 520.817945][T14958] netlink: 342 bytes leftover after parsing attributes in process `syz.1.3342'. [ 520.871696][T14958] Process accounting paused [ 524.254984][T15012] Process accounting paused [ 524.383845][ T30] audit: type=1800 audit(4294967579.250:14): pid=15026 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.3360" name="dbroot" dev="configfs" ino=41556 res=0 errno=0 [ 527.022868][T15080] netlink: 342 bytes leftover after parsing attributes in process `syz.3.3380'. [ 531.996055][T15180] random: crng reseeded on system resumption [ 532.524418][T15189] netlink: 222 bytes leftover after parsing attributes in process `syz.1.3417'. [ 534.213488][T15217] netlink: 342 bytes leftover after parsing attributes in process `syz.3.3427'. [ 535.308768][T15245] random: crng reseeded on system resumption [ 537.620195][T15284] netlink: 'syz.2.3449': attribute type 27 has an invalid length. [ 537.637588][T15284] netlink: 334 bytes leftover after parsing attributes in process `syz.2.3449'. [ 540.787605][T15340] FAULT_INJECTION: forcing a failure. [ 540.787605][T15340] name failslab, interval 1, probability 0, space 0, times 0 [ 540.816357][T15340] CPU: 1 UID: 0 PID: 15340 Comm: syz.2.3477 Tainted: G L syzkaller #0 PREEMPT(full) [ 540.816406][T15340] Tainted: [L]=SOFTLOCKUP [ 540.816418][T15340] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 540.816434][T15340] Call Trace: [ 540.816445][T15340] [ 540.816457][T15340] dump_stack_lvl+0x100/0x190 [ 540.816498][T15340] should_fail_ex.cold+0x5/0xa [ 540.816534][T15340] should_failslab+0xc2/0x120 [ 540.816585][T15340] kmem_cache_alloc_lru_noprof+0x8d/0x6a0 [ 540.816622][T15340] ? __d_alloc+0x35/0xa50 [ 540.816658][T15340] __d_alloc+0x35/0xa50 [ 540.816693][T15340] d_alloc_pseudo+0x1c/0xc0 [ 540.816730][T15340] alloc_file_pseudo+0x118/0x290 [ 540.816768][T15340] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 540.816814][T15340] __shmem_file_setup+0x205/0x460 [ 540.816857][T15340] ? __pfx___shmem_file_setup+0x10/0x10 [ 540.816903][T15340] ? vm_area_alloc+0x1f/0x160 [ 540.816954][T15340] shmem_zero_setup+0x96/0x1b0 [ 540.816988][T15340] __mmap_region+0x24ef/0x2db0 [ 540.817073][T15340] ? __pfx___mmap_region+0x10/0x10 [ 540.817122][T15340] ? __lock_acquire+0x49f/0x1a40 [ 540.817182][T15340] ? __lock_acquire+0x49f/0x1a40 [ 540.817228][T15340] ? hrtimer_start_range_ns_common+0x78e/0x18b0 [ 540.817279][T15340] ? rcu_is_watching+0x12/0xc0 [ 540.817309][T15340] ? finish_task_switch.isra.0+0x2c5/0x10c0 [ 540.817357][T15340] ? lockdep_hardirqs_on+0x78/0x100 [ 540.817458][T15340] mmap_region+0x35d/0x620 [ 540.817488][T15340] ? rcu_is_watching+0x12/0xc0 [ 540.817521][T15340] ? __pfx_mmap_region+0x10/0x10 [ 540.817565][T15340] ? cap_mmap_addr+0x4b/0x120 [ 540.817612][T15340] ? bpf_lsm_mmap_addr+0x9/0x30 [ 540.817657][T15340] ? security_mmap_addr+0x71/0x1e0 [ 540.817708][T15340] ? __get_unmapped_area+0x255/0x3e0 [ 540.817754][T15340] do_mmap+0xc63/0x12f0 [ 540.817801][T15340] ? __pfx_do_mmap+0x10/0x10 [ 540.817840][T15340] ? __pfx_down_write_killable+0x10/0x10 [ 540.817888][T15340] ? __pfx_futex_wait+0x10/0x10 [ 540.817933][T15340] vm_mmap_pgoff+0x29e/0x470 [ 540.817980][T15340] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 540.818025][T15340] ? __pfx_do_futex+0x10/0x10 [ 540.818062][T15340] ksys_mmap_pgoff+0xe4/0x610 [ 540.818101][T15340] ? __x64_sys_futex+0x358/0x4d0 [ 540.818132][T15340] ? __pfx_ksys_mmap_pgoff+0x10/0x10 [ 540.818171][T15340] ? xfd_validate_state+0x129/0x190 [ 540.818241][T15340] __x64_sys_mmap+0x125/0x190 [ 540.818282][T15340] do_syscall_64+0x115/0x840 [ 540.818326][T15340] ? clear_bhb_loop+0x40/0x90 [ 540.818366][T15340] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 540.818399][T15340] RIP: 0033:0x7f896339de59 [ 540.818427][T15340] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 540.818457][T15340] RSP: 002b:00007f8964242028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 540.818499][T15340] RAX: ffffffffffffffda RBX: 00007f8963625fa0 RCX: 00007f896339de59 [ 540.818519][T15340] RDX: 0000000000000003 RSI: 0000000002020009 RDI: 0000000000000000 [ 540.818537][T15340] RBP: 00007f8963433e6f R08: fffffffffffffffa R09: 0000000000008000 [ 540.818567][T15340] R10: 0000000000000eb1 R11: 0000000000000246 R12: 0000000000000000 [ 540.818585][T15340] R13: 00007f8963626038 R14: 00007f8963625fa0 R15: 00007ffdd436d308 [ 540.818624][T15340] [ 540.821929][T15345] FAULT_INJECTION: forcing a failure. [ 540.821929][T15345] name failslab, interval 1, probability 0, space 0, times 0 [ 541.264874][T15345] CPU: 0 UID: 0 PID: 15345 Comm: syz.0.3469 Tainted: G L syzkaller #0 PREEMPT(full) [ 541.264922][T15345] Tainted: [L]=SOFTLOCKUP [ 541.264932][T15345] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 541.264950][T15345] Call Trace: [ 541.264959][T15345] [ 541.264970][T15345] dump_stack_lvl+0x100/0x190 [ 541.265012][T15345] should_fail_ex.cold+0x5/0xa [ 541.265046][T15345] should_failslab+0xc2/0x120 [ 541.265085][T15345] __kmalloc_cache_noprof+0x91/0x6c0 [ 541.265133][T15345] ? copy_mount_options+0x55/0x190 [ 541.265184][T15345] copy_mount_options+0x55/0x190 [ 541.265222][T15345] __x64_sys_mount+0x1ab/0x310 [ 541.265254][T15345] ? __pfx___x64_sys_mount+0x10/0x10 [ 541.265297][T15345] do_syscall_64+0x115/0x840 [ 541.265338][T15345] ? clear_bhb_loop+0x40/0x90 [ 541.265374][T15345] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 541.265405][T15345] RIP: 0033:0x7f1d9fb9de59 [ 541.265431][T15345] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 541.265460][T15345] RSP: 002b:00007f1da09c8028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 541.265489][T15345] RAX: ffffffffffffffda RBX: 00007f1d9fe26090 RCX: 00007f1d9fb9de59 [ 541.265509][T15345] RDX: 0000200000000140 RSI: 0000000000000000 RDI: 0000200000000080 [ 541.265532][T15345] RBP: 00007f1d9fc33e6f R08: 00002000000002c0 R09: 0000000000000000 [ 541.265551][T15345] R10: 0000000000000005 R11: 0000000000000246 R12: 0000000000000000 [ 541.265568][T15345] R13: 00007f1d9fe26128 R14: 00007f1d9fe26090 R15: 00007fff9891bef8 [ 541.265610][T15345] [ 541.763351][T15356] netlink: 342 bytes leftover after parsing attributes in process `syz.1.3474'. [ 543.364957][T15387] netlink: 146 bytes leftover after parsing attributes in process `syz.1.3493'. [ 543.996459][T15399] FAULT_INJECTION: forcing a failure. [ 543.996459][T15399] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 544.011620][T15399] CPU: 1 UID: 0 PID: 15399 Comm: syz.2.3487 Tainted: G L syzkaller #0 PREEMPT(full) [ 544.011670][T15399] Tainted: [L]=SOFTLOCKUP [ 544.011680][T15399] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 544.011698][T15399] Call Trace: [ 544.011708][T15399] [ 544.011720][T15399] dump_stack_lvl+0x100/0x190 [ 544.011762][T15399] should_fail_ex.cold+0x5/0xa [ 544.011793][T15399] ? prepare_alloc_pages+0x16d/0x5f0 [ 544.011846][T15399] should_fail_alloc_page+0xeb/0x140 [ 544.011886][T15399] prepare_alloc_pages+0x1f0/0x5f0 [ 544.011932][T15399] __alloc_frozen_pages_noprof+0x1af/0x2dc0 [ 544.011985][T15399] ? __asan_memset+0x23/0x50 [ 544.012028][T15399] ? folios_put_refs+0x58a/0xaa0 [ 544.012151][T15399] ? __lock_acquire+0x49f/0x1a40 [ 544.012197][T15399] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 544.012249][T15399] ? __css_rstat_updated+0x1ce/0x5a0 [ 544.012341][T15399] ? do_raw_spin_lock+0x128/0x260 [ 544.012374][T15399] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 544.012405][T15399] ? find_held_lock+0x2b/0x80 [ 544.012454][T15399] ? __lock_acquire+0x49f/0x1a40 [ 544.012495][T15399] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 544.012538][T15399] ? policy_nodemask+0xed/0x4f0 [ 544.012581][T15399] alloc_pages_mpol+0x1fb/0x540 [ 544.012625][T15399] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 544.012679][T15399] folio_alloc_mpol_noprof+0x36/0x260 [ 544.012729][T15399] shmem_alloc_folio+0x135/0x160 [ 544.012775][T15399] shmem_alloc_and_add_folio+0x371/0xd40 [ 544.012837][T15399] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 544.012892][T15399] ? shmem_allowable_huge_orders+0x2bd/0x400 [ 544.012956][T15399] shmem_get_folio_gfp+0x6ad/0x1910 [ 544.013017][T15399] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 544.013089][T15399] ? ktime_get_coarse_real_ts64_mg+0x235/0x300 [ 544.013145][T15399] ? lockdep_hardirqs_on+0x78/0x100 [ 544.013200][T15399] shmem_fault+0x1f9/0xa20 [ 544.013250][T15399] ? __lock_acquire+0x49f/0x1a40 [ 544.013297][T15399] ? __pfx_shmem_fault+0x10/0x10 [ 544.013347][T15399] ? rcu_is_watching+0x12/0xc0 [ 544.013402][T15399] ? __pfx_filemap_map_pages+0x10/0x10 [ 544.013446][T15399] __do_fault+0x10b/0x440 [ 544.013476][T15399] ? find_held_lock+0x2b/0x80 [ 544.013511][T15399] do_fault+0x2db/0x1750 [ 544.013554][T15399] __handle_mm_fault+0x187d/0x2a00 [ 544.013601][T15399] ? mt_find+0x45e/0x8e0 [ 544.013693][T15399] ? __pfx___handle_mm_fault+0x10/0x10 [ 544.013739][T15399] ? __pfx_mt_find+0x10/0x10 [ 544.013793][T15399] ? find_vma+0xbf/0x140 [ 544.013826][T15399] ? __pfx_find_vma+0x10/0x10 [ 544.013865][T15399] handle_mm_fault+0x37b/0xa30 [ 544.013919][T15399] do_user_addr_fault+0x74c/0x12f0 [ 544.013981][T15399] exc_page_fault+0x6f/0xd0 [ 544.014023][T15399] asm_exc_page_fault+0x26/0x30 [ 544.014087][T15399] RIP: 0010:rep_movs_alternative+0x4a/0xa0 [ 544.014126][T15399] Code: 9d 04 00 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 73 e8 eb c5 a4 e9 4f 9d 04 00 48 8b 06 48 89 07 48 8d 47 08 48 83 e0 f8 48 [ 544.014155][T15399] RSP: 0018:ffffc90006867920 EFLAGS: 00050206 [ 544.014180][T15399] RAX: 0000000000000001 RBX: 000000000002bc40 RCX: 0000000000000c40 [ 544.014199][T15399] RDX: 0000000000000001 RSI: ffff88800bdf63c0 RDI: 000000000002c000 [ 544.014219][T15399] RBP: ffffc90006867ce8 R08: 0000000000000000 R09: ffffed10017bedff [ 544.014239][T15399] R10: ffff88800bdf6fff R11: 0000000000000000 R12: 000000000002cc40 [ 544.014258][T15399] R13: 00007ffffffff000 R14: ffff88800bdf6000 R15: 0000000000001000 [ 544.014296][T15399] _copy_to_iter+0x391/0x1720 [ 544.014349][T15399] ? __pfx__copy_to_iter+0x10/0x10 [ 544.014393][T15399] ? rcu_is_watching+0x12/0xc0 [ 544.014427][T15399] ? __up_read+0x333/0x980 [ 544.014463][T15399] copy_page_to_iter+0x285/0x370 [ 544.014507][T15399] process_vm_rw_core.constprop.0+0x5a3/0x950 [ 544.014559][T15399] ? __pfx_process_vm_rw_core.constprop.0+0x10/0x10 [ 544.014597][T15399] ? import_ubuf+0x1b6/0x220 [ 544.014652][T15399] ? iovec_from_user+0xda/0x140 [ 544.014695][T15399] process_vm_rw+0x226/0x2d0 [ 544.014724][T15399] ? futex_wait+0x11e/0x370 [ 544.014764][T15399] ? __pfx_process_vm_rw+0x10/0x10 [ 544.014805][T15399] ? do_writev+0x214/0x340 [ 544.014845][T15399] ? do_writev+0x214/0x340 [ 544.014900][T15399] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 544.014963][T15399] ? xfd_validate_state+0x129/0x190 [ 544.015004][T15399] __x64_sys_process_vm_readv+0xe2/0x1c0 [ 544.015038][T15399] ? do_syscall_64+0x90/0x840 [ 544.015085][T15399] ? lockdep_hardirqs_on+0x78/0x100 [ 544.015126][T15399] do_syscall_64+0x115/0x840 [ 544.015168][T15399] ? clear_bhb_loop+0x40/0x90 [ 544.015205][T15399] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 544.015237][T15399] RIP: 0033:0x7f896339de59 [ 544.015264][T15399] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 544.015293][T15399] RSP: 002b:00007f8964242028 EFLAGS: 00000246 ORIG_RAX: 0000000000000136 [ 544.015321][T15399] RAX: ffffffffffffffda RBX: 00007f8963625fa0 RCX: 00007f896339de59 [ 544.015341][T15399] RDX: 0000040000000001 RSI: 0000200000000000 RDI: 00000000000001f6 [ 544.015360][T15399] RBP: 00007f8963433e6f R08: 0000000000000006 R09: 0000000000000000 [ 544.015378][T15399] R10: 0000200000000180 R11: 0000000000000246 R12: 0000000000000000 [ 544.015396][T15399] R13: 00007f8963626038 R14: 00007f8963625fa0 R15: 00007ffdd436d308 [ 544.015438][T15399] [ 544.967003][T15410] ovs_: entered promiscuous mode [ 545.354100][T15385] Bluetooth: hci1: command 0x0406 tx timeout [ 545.733885][T15426] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 546.122082][T15441] netlink: 'syz.3.3502': attribute type 4 has an invalid length. [ 546.175683][T15442] netlink: 'syz.3.3502': attribute type 4 has an invalid length. [ 546.767477][T15459] netlink: 342 bytes leftover after parsing attributes in process `syz.0.3518'. [ 547.303802][T15474] netlink: 334 bytes leftover after parsing attributes in process `syz.0.3514'. [ 547.453304][T15476] netlink: 334 bytes leftover after parsing attributes in process `syz.2.3515'. [ 547.710864][T15486] FAULT_INJECTION: forcing a failure. [ 547.710864][T15486] name failslab, interval 1, probability 0, space 0, times 0 [ 547.786070][T15486] CPU: 1 UID: 0 PID: 15486 Comm: syz.3.3516 Tainted: G L syzkaller #0 PREEMPT(full) [ 547.786122][T15486] Tainted: [L]=SOFTLOCKUP [ 547.786134][T15486] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 547.786153][T15486] Call Trace: [ 547.786163][T15486] [ 547.786176][T15486] dump_stack_lvl+0x100/0x190 [ 547.786218][T15486] should_fail_ex.cold+0x5/0xa [ 547.786258][T15486] should_failslab+0xc2/0x120 [ 547.786298][T15486] __kmalloc_cache_noprof+0x91/0x6c0 [ 547.786348][T15486] ? copy_mount_options+0x55/0x190 [ 547.786394][T15486] copy_mount_options+0x55/0x190 [ 547.786436][T15486] __x64_sys_mount+0x1ab/0x310 [ 547.786468][T15486] ? __pfx___x64_sys_mount+0x10/0x10 [ 547.786510][T15486] do_syscall_64+0x115/0x840 [ 547.786555][T15486] ? clear_bhb_loop+0x40/0x90 [ 547.786594][T15486] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 547.786628][T15486] RIP: 0033:0x7f0571d9de59 [ 547.786655][T15486] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 547.786685][T15486] RSP: 002b:00007f0572d24028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 547.786717][T15486] RAX: ffffffffffffffda RBX: 00007f0572026090 RCX: 00007f0571d9de59 [ 547.786737][T15486] RDX: 0000200000000140 RSI: 0000000000000000 RDI: 0000200000000080 [ 547.786756][T15486] RBP: 00007f0571e33e6f R08: 00002000000002c0 R09: 0000000000000000 [ 547.786775][T15486] R10: 0000000000000005 R11: 0000000000000246 R12: 0000000000000000 [ 547.786793][T15486] R13: 00007f0572026128 R14: 00007f0572026090 R15: 00007ffec18cc448 [ 547.786840][T15486] [ 548.795125][T15509] netlink: 322 bytes leftover after parsing attributes in process `syz.3.3526'. [ 550.236945][T15538] netlink: 342 bytes leftover after parsing attributes in process `syz.2.3537'. [ 550.369133][T15540] netlink: 342 bytes leftover after parsing attributes in process `syz.0.3538'. [ 550.777371][T15557] netlink: 'syz.2.3545': attribute type 19 has an invalid length. [ 550.820829][T15557] netlink: 334 bytes leftover after parsing attributes in process `syz.2.3545'. [ 550.880909][T15562] netlink: 334 bytes leftover after parsing attributes in process `syz.1.3547'. [ 550.986536][T15562] Process accounting resumed [ 552.076675][T15586] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3555'. [ 552.087475][T15586] netlink: 'syz.1.3555': attribute type 7 has an invalid length. [ 554.336967][T15620] Process accounting resumed [ 554.538060][T15643] netlink: 342 bytes leftover after parsing attributes in process `syz.0.3573'. [ 555.544492][T15669] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3582'. [ 556.110315][T15669] syz.2.3582 (15669) used greatest stack depth: 20144 bytes left [ 558.495248][T15717] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3596'. [ 559.464332][T15728] netlink: 330 bytes leftover after parsing attributes in process `syz.3.3602'. [ 559.642781][T15710] kexec: Could not allocate control_code_buffer [ 561.752591][T15777] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3617'. [ 562.268790][T15771] kexec: Could not allocate control_code_buffer [ 562.551819][T15795] netlink: 342 bytes leftover after parsing attributes in process `syz.0.3624'. [ 562.722151][T15801] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3625'. [ 563.383130][T15805] netlink: 334 bytes leftover after parsing attributes in process `syz.0.3627'. [ 563.765901][ T1316] ieee802154 phy0 wpan0: encryption failed: -22 [ 563.774895][ T1316] ieee802154 phy1 wpan1: encryption failed: -22 [ 563.937653][T15814] netlink: 330 bytes leftover after parsing attributes in process `syz.1.3632'. [ 564.383150][T15825] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3637'. [ 564.988337][T15845] netlink: 'syz.1.3641': attribute type 4 has an invalid length. [ 565.197014][T15855] netlink: 330 bytes leftover after parsing attributes in process `syz.2.3644'. [ 565.799293][T15868] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3651'. [ 566.091474][T15877] netlink: 86 bytes leftover after parsing attributes in process `syz.0.3654'. [ 567.142663][T15888] netlink: 330 bytes leftover after parsing attributes in process `syz.0.3657'. [ 567.501735][T15898] netlink: 'syz.0.3661': attribute type 4 has an invalid length. [ 568.361333][T15925] netlink: 330 bytes leftover after parsing attributes in process `syz.1.3670'. [ 568.480152][T15929] netlink: 334 bytes leftover after parsing attributes in process `syz.0.3671'. [ 569.364134][T15950] netlink: 342 bytes leftover after parsing attributes in process `syz.2.3680'. [ 569.903363][T15967] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3684'. [ 570.179170][T15972] mmap: syz.3.3686 (15972) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 570.209545][T15974] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3687'. [ 571.158880][T15994] netlink: 86 bytes leftover after parsing attributes in process `syz.1.3702'. [ 572.110728][T16018] netlink: 'syz.3.3710': attribute type 1 has an invalid length. [ 572.377410][T16027] netlink: 334 bytes leftover after parsing attributes in process `syz.3.3705'. [ 572.432085][T16027] netlink: 334 bytes leftover after parsing attributes in process `syz.3.3705'. [ 574.139004][T16060] netlink: 21 bytes leftover after parsing attributes in process `syz.1.3713'. [ 575.250603][T16044] kexec: Could not allocate control_code_buffer [ 575.771147][ T30] audit: type=1800 audit(4294967630.640:15): pid=16093 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.3727" name="dbroot" dev="configfs" ino=46828 res=0 errno=0 [ 575.902999][ T4944] Bluetooth: hci1: unexpected event 0x05 length: 6 > 4 [ 576.442566][T16109] netlink: 334 bytes leftover after parsing attributes in process `syz.2.3732'. [ 576.477448][T16109] netlink: 334 bytes leftover after parsing attributes in process `syz.2.3732'. [ 577.350836][ T4944] Bluetooth: hci2: unexpected event 0x05 length: 6 > 4 [ 577.783808][T16110] kexec: Could not allocate control_code_buffer [ 577.969900][ T30] audit: type=1800 audit(4294967632.840:16): pid=16144 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.3743" name="file0" dev="tmpfs" ino=1858 res=0 errno=0 [ 578.229039][T16149] netlink: 342 bytes leftover after parsing attributes in process `syz.2.3746'. [ 579.089901][ T30] audit: type=1800 audit(4294967633.960:17): pid=16164 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.3759" name="file0" dev="tmpfs" ino=4887 res=0 errno=0 [ 581.671106][T16209] Process accounting paused [ 582.403887][ T30] audit: type=1800 audit(4294967637.270:18): pid=16226 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.3770" name="file0" dev="tmpfs" ino=2876 res=0 errno=0 [ 583.508283][T16245] netlink: 334 bytes leftover after parsing attributes in process `syz.3.3777'. [ 584.887796][T16280] netlink: 334 bytes leftover after parsing attributes in process `syz.2.3789'. [ 585.392839][T16285] FAULT_INJECTION: forcing a failure. [ 585.392839][T16285] name fail_futex, interval 1, probability 0, space 0, times 0 [ 585.460196][T16285] CPU: 1 UID: 0 PID: 16285 Comm: syz.2.3790 Tainted: G L syzkaller #0 PREEMPT(full) [ 585.460245][T16285] Tainted: [L]=SOFTLOCKUP [ 585.460256][T16285] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 585.460273][T16285] Call Trace: [ 585.460282][T16285] [ 585.460293][T16285] dump_stack_lvl+0x100/0x190 [ 585.460331][T16285] should_fail_ex.cold+0x5/0xa [ 585.460364][T16285] get_futex_key+0x1d2/0x14f0 [ 585.460412][T16285] ? __pfx_get_futex_key+0x10/0x10 [ 585.460455][T16285] ? wakeup_preempt_fair+0x640/0x1060 [ 585.460510][T16285] futex_wait_setup+0x91/0x540 [ 585.460555][T16285] __futex_wait+0x19f/0x300 [ 585.460591][T16285] ? __pfx___futex_wait+0x10/0x10 [ 585.460620][T16285] ? __pfx_try_to_wake_up+0x10/0x10 [ 585.460674][T16285] ? futex_hash+0x311/0x400 [ 585.460718][T16285] ? __pfx_futex_wake_mark+0x10/0x10 [ 585.460763][T16285] ? find_held_lock+0x2b/0x80 [ 585.460795][T16285] ? futex_wake+0x4ea/0x5e0 [ 585.460837][T16285] futex_wait+0xe6/0x370 [ 585.460871][T16285] ? __pfx_futex_wait+0x10/0x10 [ 585.460912][T16285] ? putname+0xb1/0x110 [ 585.460936][T16285] ? kmem_cache_free+0x127/0x6b0 [ 585.460983][T16285] ? do_sys_openat2+0x1b6/0x1e0 [ 585.461019][T16285] do_futex+0x265/0x440 [ 585.461048][T16285] ? __pfx_do_futex+0x10/0x10 [ 585.461072][T16285] ? __pfx_do_sys_openat2+0x10/0x10 [ 585.461105][T16285] ? do_raw_spin_lock+0x128/0x260 [ 585.461138][T16285] __x64_sys_futex+0x34f/0x4d0 [ 585.461167][T16285] ? __x64_sys_openat+0x12d/0x210 [ 585.461200][T16285] ? __pfx___x64_sys_futex+0x10/0x10 [ 585.461245][T16285] do_syscall_64+0x115/0x840 [ 585.461283][T16285] ? clear_bhb_loop+0x40/0x90 [ 585.461317][T16285] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 585.461346][T16285] RIP: 0033:0x7f896339de59 [ 585.461372][T16285] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 585.461399][T16285] RSP: 002b:00007f89642210e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 585.461429][T16285] RAX: ffffffffffffffda RBX: 00007f8963626098 RCX: 00007f896339de59 [ 585.461449][T16285] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f8963626098 [ 585.461467][T16285] RBP: 00007f8963626090 R08: 0000000000000000 R09: 0000000000000000 [ 585.461483][T16285] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 585.461500][T16285] R13: 00007f8963626128 R14: 00007ffdd436d220 R15: 00007ffdd436d308 [ 585.461538][T16285] [ 585.964242][T16266] Process accounting paused [ 586.830181][T16311] netlink: 74 bytes leftover after parsing attributes in process `syz.2.3801'. [ 587.049233][T16320] netlink: 25 bytes leftover after parsing attributes in process `syz.1.3804'. [ 587.736666][T16331] FAULT_INJECTION: forcing a failure. [ 587.736666][T16331] name fail_futex, interval 1, probability 0, space 0, times 0 [ 587.795509][T16331] CPU: 1 UID: 0 PID: 16331 Comm: syz.0.3805 Tainted: G L syzkaller #0 PREEMPT(full) [ 587.795559][T16331] Tainted: [L]=SOFTLOCKUP [ 587.795570][T16331] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 587.795589][T16331] Call Trace: [ 587.795598][T16331] [ 587.795611][T16331] dump_stack_lvl+0x100/0x190 [ 587.795651][T16331] should_fail_ex.cold+0x5/0xa [ 587.795692][T16331] get_futex_key+0x1d2/0x14f0 [ 587.795744][T16331] ? __pfx_get_futex_key+0x10/0x10 [ 587.795793][T16331] ? __pfx___schedule+0x10/0x10 [ 587.795843][T16331] futex_wait_setup+0x91/0x540 [ 587.795893][T16331] __futex_wait+0x19f/0x300 [ 587.795932][T16331] ? __pfx___futex_wait+0x10/0x10 [ 587.795957][T16331] ? __pfx_try_to_wake_up+0x10/0x10 [ 587.796004][T16331] ? futex_hash+0x311/0x400 [ 587.796053][T16331] ? __pfx_futex_wake_mark+0x10/0x10 [ 587.796097][T16331] ? find_held_lock+0x2b/0x80 [ 587.796132][T16331] ? futex_wake+0x4ea/0x5e0 [ 587.796175][T16331] futex_wait+0xe6/0x370 [ 587.796211][T16331] ? __pfx_futex_wait+0x10/0x10 [ 587.796258][T16331] ? putname+0xb1/0x110 [ 587.796285][T16331] ? kmem_cache_free+0x127/0x6b0 [ 587.796330][T16331] ? do_sys_openat2+0x1b6/0x1e0 [ 587.796370][T16331] do_futex+0x265/0x440 [ 587.796397][T16331] ? __pfx_do_futex+0x10/0x10 [ 587.796431][T16331] ? __pfx_do_sys_openat2+0x10/0x10 [ 587.796470][T16331] ? do_raw_spin_lock+0x128/0x260 [ 587.796507][T16331] __x64_sys_futex+0x34f/0x4d0 [ 587.796539][T16331] ? __x64_sys_openat+0x12d/0x210 [ 587.796576][T16331] ? __pfx___x64_sys_futex+0x10/0x10 [ 587.796621][T16331] do_syscall_64+0x115/0x840 [ 587.796661][T16331] ? clear_bhb_loop+0x40/0x90 [ 587.796698][T16331] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 587.796728][T16331] RIP: 0033:0x7f1d9fb9de59 [ 587.796755][T16331] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 587.796784][T16331] RSP: 002b:00007f1da09c80e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 587.796813][T16331] RAX: ffffffffffffffda RBX: 00007f1d9fe26098 RCX: 00007f1d9fb9de59 [ 587.796831][T16331] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f1d9fe26098 [ 587.796848][T16331] RBP: 00007f1d9fe26090 R08: 0000000000000000 R09: 0000000000000000 [ 587.796867][T16331] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 587.796884][T16331] R13: 00007f1d9fe26128 R14: 00007fff9891be10 R15: 00007fff9891bef8 [ 587.796924][T16331] [ 588.563686][T16344] netlink: 74 bytes leftover after parsing attributes in process `syz.0.3812'. [ 589.845544][T16371] netlink: 334 bytes leftover after parsing attributes in process `syz.1.3821'. [ 591.413549][ T30] audit: type=1800 audit(4294967646.280:19): pid=16398 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.3829" name="file0" dev="tmpfs" ino=1454 res=0 errno=0 [ 591.680634][T16405] FAULT_INJECTION: forcing a failure. [ 591.680634][T16405] name failslab, interval 1, probability 0, space 0, times 0 [ 591.704174][T16405] CPU: 0 UID: 0 PID: 16405 Comm: syz.1.3833 Tainted: G L syzkaller #0 PREEMPT(full) [ 591.704226][T16405] Tainted: [L]=SOFTLOCKUP [ 591.704237][T16405] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 591.704255][T16405] Call Trace: [ 591.704266][T16405] [ 591.704278][T16405] dump_stack_lvl+0x100/0x190 [ 591.704320][T16405] should_fail_ex.cold+0x5/0xa [ 591.704364][T16405] should_failslab+0xc2/0x120 [ 591.704404][T16405] kmem_cache_alloc_noprof+0x91/0x6a0 [ 591.704438][T16405] ? __pfx_map_id_range_down+0x10/0x10 [ 591.704477][T16405] ? rcu_is_watching+0x12/0xc0 [ 591.704511][T16405] ? security_inode_alloc+0x3b/0x2c0 [ 591.704568][T16405] security_inode_alloc+0x3b/0x2c0 [ 591.704619][T16405] inode_init_always_gfp+0xc77/0xfb0 [ 591.704673][T16405] alloc_inode+0x8e/0x250 [ 591.704707][T16405] new_inode+0x22/0x1c0 [ 591.704746][T16405] shmem_get_inode+0x1e3/0xf70 [ 591.704792][T16405] ? __pfx_shmem_get_inode+0x10/0x10 [ 591.704902][T16405] shmem_tmpfile+0xc1/0x210 [ 591.704992][T16405] ? d_alloc+0x176/0x1e0 [ 591.705022][T16405] ? __pfx_shmem_tmpfile+0x10/0x10 [ 591.705065][T16405] ? do_raw_spin_unlock+0x145/0x1e0 [ 591.705097][T16405] ? _raw_spin_unlock+0x28/0x50 [ 591.705215][T16405] vfs_tmpfile+0x2be/0x9a0 [ 591.705271][T16405] path_openat+0x10b6/0x4280 [ 591.705314][T16405] ? kasan_save_track+0x14/0x30 [ 591.705346][T16405] ? __kasan_slab_alloc+0x89/0x90 [ 591.705531][T16405] ? kmem_cache_alloc_noprof+0x26b/0x6a0 [ 591.705572][T16405] ? do_sys_openat2+0xc7/0x1e0 [ 591.705607][T16405] ? __x64_sys_open+0xfe/0x1d0 [ 591.705640][T16405] ? do_syscall_64+0x115/0x840 [ 591.705697][T16405] ? __pfx_path_openat+0x10/0x10 [ 591.705756][T16405] do_file_open+0x20e/0x430 [ 591.705798][T16405] ? __lock_acquire+0x49f/0x1a40 [ 591.705845][T16405] ? __pfx_do_file_open+0x10/0x10 [ 591.705922][T16405] ? _raw_spin_unlock+0x28/0x50 [ 591.705959][T16405] ? alloc_fd+0x471/0x7a0 [ 591.706014][T16405] do_sys_openat2+0x10f/0x1e0 [ 591.706048][T16405] ? __pfx_do_sys_openat2+0x10/0x10 [ 591.706083][T16405] ? do_raw_spin_lock+0x128/0x260 [ 591.706120][T16405] __x64_sys_open+0xfe/0x1d0 [ 591.706154][T16405] ? __pfx___x64_sys_open+0x10/0x10 [ 591.706205][T16405] do_syscall_64+0x115/0x840 [ 591.706247][T16405] ? clear_bhb_loop+0x40/0x90 [ 591.706286][T16405] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 591.706318][T16405] RIP: 0033:0x7f5ec419de59 [ 591.706346][T16405] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 591.706374][T16405] RSP: 002b:00007f5ec5021028 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 591.706406][T16405] RAX: ffffffffffffffda RBX: 00007f5ec4426090 RCX: 00007f5ec419de59 [ 591.706426][T16405] RDX: 0000000000000408 RSI: 0000000000595002 RDI: 0000200000000100 [ 591.706444][T16405] RBP: 00007f5ec4233e6f R08: 0000000000000000 R09: 0000000000000000 [ 591.706461][T16405] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 591.706477][T16405] R13: 00007f5ec4426128 R14: 00007f5ec4426090 R15: 00007ffc63015f68 [ 591.706537][T16405] [ 592.503387][T16425] FAULT_INJECTION: forcing a failure. [ 592.503387][T16425] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 592.517325][T16425] CPU: 1 UID: 0 PID: 16425 Comm: syz.0.3839 Tainted: G L syzkaller #0 PREEMPT(full) [ 592.517373][T16425] Tainted: [L]=SOFTLOCKUP [ 592.517384][T16425] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 592.517401][T16425] Call Trace: [ 592.517411][T16425] [ 592.517422][T16425] dump_stack_lvl+0x100/0x190 [ 592.517461][T16425] should_fail_ex.cold+0x5/0xa [ 592.517493][T16425] _copy_to_iter+0x1f3/0x1720 [ 592.517539][T16425] ? __pfx__copy_to_iter+0x10/0x10 [ 592.517579][T16425] ? rcu_is_watching+0x12/0xc0 [ 592.517611][T16425] ? __up_read+0x333/0x980 [ 592.517645][T16425] copy_page_to_iter+0x285/0x370 [ 592.517684][T16425] process_vm_rw_core.constprop.0+0x5a3/0x950 [ 592.517733][T16425] ? __pfx_process_vm_rw_core.constprop.0+0x10/0x10 [ 592.517766][T16425] ? import_ubuf+0x1b6/0x220 [ 592.517815][T16425] ? iovec_from_user+0xda/0x140 [ 592.517855][T16425] process_vm_rw+0x226/0x2d0 [ 592.517882][T16425] ? futex_wait+0x11e/0x370 [ 592.517922][T16425] ? __pfx_process_vm_rw+0x10/0x10 [ 592.517959][T16425] ? do_writev+0x214/0x340 [ 592.518012][T16425] ? do_writev+0x214/0x340 [ 592.518067][T16425] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 592.518127][T16425] ? xfd_validate_state+0x129/0x190 [ 592.518164][T16425] __x64_sys_process_vm_readv+0xe2/0x1c0 [ 592.518196][T16425] ? do_syscall_64+0x90/0x840 [ 592.518231][T16425] ? lockdep_hardirqs_on+0x78/0x100 [ 592.518267][T16425] do_syscall_64+0x115/0x840 [ 592.518303][T16425] ? clear_bhb_loop+0x40/0x90 [ 592.518337][T16425] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 592.518365][T16425] RIP: 0033:0x7f1d9fb9de59 [ 592.518390][T16425] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 592.518415][T16425] RSP: 002b:00007f1da09e9028 EFLAGS: 00000246 ORIG_RAX: 0000000000000136 [ 592.518441][T16425] RAX: ffffffffffffffda RBX: 00007f1d9fe25fa0 RCX: 00007f1d9fb9de59 [ 592.518458][T16425] RDX: 0000040000000001 RSI: 0000200000000000 RDI: 000000000000041c [ 592.518475][T16425] RBP: 00007f1d9fc33e6f R08: 0000000000000006 R09: 0000000000000000 [ 592.518490][T16425] R10: 0000200000000180 R11: 0000000000000246 R12: 0000000000000000 [ 592.518512][T16425] R13: 00007f1d9fe26038 R14: 00007f1d9fe25fa0 R15: 00007fff9891bef8 [ 592.518548][T16425] [ 593.538320][T16441] netlink: 'syz.0.3846': attribute type 14 has an invalid length. [ 593.562592][T16441] netlink: 330 bytes leftover after parsing attributes in process `syz.0.3846'. [ 594.592917][T16470] netlink: 'syz.3.3858': attribute type 14 has an invalid length. [ 594.625743][T16470] netlink: 330 bytes leftover after parsing attributes in process `syz.3.3858'. [ 594.760657][T16471] FAULT_INJECTION: forcing a failure. [ 594.760657][T16471] name failslab, interval 1, probability 0, space 0, times 0 [ 594.782376][T16473] FAULT_INJECTION: forcing a failure. [ 594.782376][T16473] name failslab, interval 1, probability 0, space 0, times 0 [ 594.783786][T16471] CPU: 0 UID: 0 PID: 16471 Comm: syz.0.3857 Tainted: G L syzkaller #0 PREEMPT(full) [ 594.783829][T16471] Tainted: [L]=SOFTLOCKUP [ 594.783839][T16471] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 594.783855][T16471] Call Trace: [ 594.783864][T16471] [ 594.783873][T16471] dump_stack_lvl+0x100/0x190 [ 594.783959][T16471] should_fail_ex.cold+0x5/0xa [ 594.783991][T16471] should_failslab+0xc2/0x120 [ 594.784026][T16471] kmem_cache_alloc_lru_noprof+0x8d/0x6a0 [ 594.784058][T16471] ? __d_alloc+0x35/0xa50 [ 594.784091][T16471] __d_alloc+0x35/0xa50 [ 594.784121][T16471] d_alloc_pseudo+0x1c/0xc0 [ 594.784155][T16471] alloc_file_pseudo+0x118/0x290 [ 594.784189][T16471] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 594.784231][T16471] __shmem_file_setup+0x205/0x460 [ 594.784268][T16471] ? __pfx___shmem_file_setup+0x10/0x10 [ 594.784307][T16471] ? vm_area_alloc+0x1f/0x160 [ 594.784348][T16471] shmem_zero_setup+0x96/0x1b0 [ 594.784377][T16471] __mmap_region+0x24ef/0x2db0 [ 594.784423][T16471] ? __pfx___mmap_region+0x10/0x10 [ 594.784460][T16471] ? __pfx___might_resched+0x10/0x10 [ 594.784514][T16471] ? __lock_acquire+0x49f/0x1a40 [ 594.784576][T16471] ? __lock_acquire+0x49f/0x1a40 [ 594.784632][T16471] ? hrtimer_start_range_ns_common+0x78e/0x18b0 [ 594.784681][T16471] ? rcu_is_watching+0x12/0xc0 [ 594.784711][T16471] ? finish_task_switch.isra.0+0x2c5/0x10c0 [ 594.784753][T16471] ? lockdep_hardirqs_on+0x78/0x100 [ 594.784847][T16471] mmap_region+0x35d/0x620 [ 594.784875][T16471] ? rcu_is_watching+0x12/0xc0 [ 594.784930][T16471] ? __pfx_mmap_region+0x10/0x10 [ 594.784962][T16471] ? cap_mmap_addr+0x4b/0x120 [ 594.785002][T16471] ? bpf_lsm_mmap_addr+0x9/0x30 [ 594.785041][T16471] ? security_mmap_addr+0x71/0x1e0 [ 594.785073][T16471] ? __get_unmapped_area+0x255/0x3e0 [ 594.785114][T16471] do_mmap+0xc63/0x12f0 [ 594.785155][T16471] ? __pfx_do_mmap+0x10/0x10 [ 594.785187][T16471] ? __pfx_down_write_killable+0x10/0x10 [ 594.785226][T16471] ? __pfx_futex_wait+0x10/0x10 [ 594.785262][T16471] vm_mmap_pgoff+0x29e/0x470 [ 594.785300][T16471] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 594.785339][T16471] ? __pfx_do_futex+0x10/0x10 [ 594.785372][T16471] ksys_mmap_pgoff+0xe4/0x610 [ 594.785405][T16471] ? __x64_sys_futex+0x358/0x4d0 [ 594.785432][T16471] ? __pfx_ksys_mmap_pgoff+0x10/0x10 [ 594.785465][T16471] ? xfd_validate_state+0x129/0x190 [ 594.785500][T16471] __x64_sys_mmap+0x125/0x190 [ 594.785534][T16471] do_syscall_64+0x115/0x840 [ 594.785570][T16471] ? clear_bhb_loop+0x40/0x90 [ 594.785603][T16471] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 594.785631][T16471] RIP: 0033:0x7f1d9fb9de59 [ 594.785655][T16471] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 594.785681][T16471] RSP: 002b:00007f1da09e9028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 594.785708][T16471] RAX: ffffffffffffffda RBX: 00007f1d9fe25fa0 RCX: 00007f1d9fb9de59 [ 594.785725][T16471] RDX: 0000000000000003 RSI: 0000000002020009 RDI: 0000000000000000 [ 594.785741][T16471] RBP: 00007f1d9fc33e6f R08: fffffffffffffffa R09: 0000000000008000 [ 594.785758][T16471] R10: 0000000000000eb1 R11: 0000000000000246 R12: 0000000000000000 [ 594.785774][T16471] R13: 00007f1d9fe26038 R14: 00007f1d9fe25fa0 R15: 00007fff9891bef8 [ 594.785810][T16471] [ 595.153555][T16473] CPU: 0 UID: 0 PID: 16473 Comm: syz.1.3855 Tainted: G L syzkaller #0 PREEMPT(full) [ 595.153601][T16473] Tainted: [L]=SOFTLOCKUP [ 595.153612][T16473] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 595.153627][T16473] Call Trace: [ 595.153637][T16473] [ 595.153649][T16473] dump_stack_lvl+0x100/0x190 [ 595.153690][T16473] should_fail_ex.cold+0x5/0xa [ 595.153725][T16473] should_failslab+0xc2/0x120 [ 595.153759][T16473] __kmalloc_cache_noprof+0x91/0x6c0 [ 595.153799][T16473] ? usbdev_open+0x9d/0x870 [ 595.153862][T16473] usbdev_open+0x9d/0x870 [ 595.153910][T16473] ? kobject_get_unless_zero+0x156/0x200 [ 595.153942][T16473] ? __pfx_usbdev_open+0x10/0x10 [ 595.153976][T16473] ? chrdev_open+0x10b/0x6a0 [ 595.154016][T16473] ? chrdev_open+0x10b/0x6a0 [ 595.154066][T16473] ? __pfx_usbdev_open+0x10/0x10 [ 595.154127][T16473] chrdev_open+0x234/0x6a0 [ 595.154197][T16473] ? __pfx_apparmor_file_open+0x10/0x10 [ 595.154254][T16473] ? __pfx_chrdev_open+0x10/0x10 [ 595.154296][T16473] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 595.154334][T16473] do_dentry_open+0x6ab/0x14d0 [ 595.154378][T16473] ? __pfx_chrdev_open+0x10/0x10 [ 595.154426][T16473] vfs_open+0x82/0x3f0 [ 595.154464][T16473] path_openat+0x2873/0x4280 [ 595.154524][T16473] ? __pfx_path_openat+0x10/0x10 [ 595.154580][T16473] do_file_open+0x20e/0x430 [ 595.154627][T16473] ? __pfx_do_file_open+0x10/0x10 [ 595.154698][T16473] ? alloc_fd+0x471/0x7a0 [ 595.154748][T16473] ? do_getname+0x191/0x390 [ 595.154785][T16473] do_sys_openat2+0x10f/0x1e0 [ 595.154833][T16473] ? __pfx_do_sys_openat2+0x10/0x10 [ 595.154871][T16473] ? do_raw_spin_lock+0x128/0x260 [ 595.154911][T16473] __x64_sys_openat+0x12d/0x210 [ 595.154947][T16473] ? __pfx___x64_sys_openat+0x10/0x10 [ 595.154993][T16473] do_syscall_64+0x115/0x840 [ 595.155045][T16473] ? clear_bhb_loop+0x40/0x90 [ 595.155082][T16473] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 595.155113][T16473] RIP: 0033:0x7f5ec419de59 [ 595.155141][T16473] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 595.155167][T16473] RSP: 002b:00007f5ec5021028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 595.155207][T16473] RAX: ffffffffffffffda RBX: 00007f5ec4426090 RCX: 00007f5ec419de59 [ 595.155230][T16473] RDX: 000000000000a901 RSI: 0000200000000140 RDI: ffffffffffffff9c [ 595.155250][T16473] RBP: 00007f5ec4233e6f R08: 0000000000000000 R09: 0000000000000000 [ 595.155277][T16473] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 595.155294][T16473] R13: 00007f5ec4426128 R14: 00007f5ec4426090 R15: 00007ffc63015f68 [ 595.155356][T16473] [ 595.447506][T16481] : renamed from team0 [ 595.711768][T16487] netlink: 'syz.1.3863': attribute type 22 has an invalid length. [ 595.721266][T16487] netlink: 330 bytes leftover after parsing attributes in process `syz.1.3863'. [ 596.033198][T16498] netlink: 146 bytes leftover after parsing attributes in process `syz.2.3867'. [ 596.118086][T16497] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3866'. [ 596.144299][T16497] bridge0: port 2(bridge_slave_1) entered disabled state [ 596.152440][T16497] bridge0: port 1(bridge_slave_0) entered disabled state [ 596.253319][T16497] bridge0: entered promiscuous mode [ 596.918636][T16517] FAULT_INJECTION: forcing a failure. [ 596.918636][T16517] name fail_futex, interval 1, probability 0, space 0, times 0 [ 596.969954][T16517] CPU: 1 UID: 0 PID: 16517 Comm: syz.0.3874 Tainted: G L syzkaller #0 PREEMPT(full) [ 596.970027][T16517] Tainted: [L]=SOFTLOCKUP [ 596.970039][T16517] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 596.970054][T16517] Call Trace: [ 596.970064][T16517] [ 596.970077][T16517] dump_stack_lvl+0x100/0x190 [ 596.970117][T16517] should_fail_ex.cold+0x5/0xa [ 596.970150][T16517] get_futex_key+0x1d2/0x14f0 [ 596.970201][T16517] ? __pfx_get_futex_key+0x10/0x10 [ 596.970250][T16517] ? __pfx___schedule+0x10/0x10 [ 596.970289][T16517] ? __resched_curr+0x42e/0x500 [ 596.970339][T16517] ? __pfx___resched_curr+0x10/0x10 [ 596.970390][T16517] futex_wait_setup+0x91/0x540 [ 596.970434][T16517] __futex_wait+0x19f/0x300 [ 596.970475][T16517] ? __pfx___futex_wait+0x10/0x10 [ 596.970509][T16517] ? __pfx_try_to_wake_up+0x10/0x10 [ 596.970555][T16517] ? futex_hash+0x311/0x400 [ 596.970604][T16517] ? __pfx_futex_wake_mark+0x10/0x10 [ 596.970645][T16517] ? find_held_lock+0x2b/0x80 [ 596.970677][T16517] ? futex_wake+0x4ea/0x5e0 [ 596.970724][T16517] futex_wait+0xe6/0x370 [ 596.970758][T16517] ? __pfx_futex_wait+0x10/0x10 [ 596.970800][T16517] ? putname+0xb1/0x110 [ 596.970825][T16517] ? kmem_cache_free+0x127/0x6b0 [ 596.970864][T16517] ? do_sys_openat2+0x1b6/0x1e0 [ 596.970909][T16517] do_futex+0x265/0x440 [ 596.970937][T16517] ? __pfx_do_futex+0x10/0x10 [ 596.970960][T16517] ? __pfx_do_sys_openat2+0x10/0x10 [ 596.970993][T16517] ? do_raw_spin_lock+0x128/0x260 [ 596.971025][T16517] __x64_sys_futex+0x34f/0x4d0 [ 596.971056][T16517] ? __x64_sys_openat+0x12d/0x210 [ 596.971088][T16517] ? __pfx___x64_sys_futex+0x10/0x10 [ 596.971133][T16517] do_syscall_64+0x115/0x840 [ 596.971172][T16517] ? clear_bhb_loop+0x40/0x90 [ 596.971205][T16517] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 596.971233][T16517] RIP: 0033:0x7f1d9fb9de59 [ 596.971257][T16517] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 596.971285][T16517] RSP: 002b:00007f1da09c80e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 596.971314][T16517] RAX: ffffffffffffffda RBX: 00007f1d9fe26098 RCX: 00007f1d9fb9de59 [ 596.971333][T16517] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f1d9fe26098 [ 596.971352][T16517] RBP: 00007f1d9fe26090 R08: 0000000000000000 R09: 0000000000000000 [ 596.971369][T16517] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 596.971457][T16517] R13: 00007f1d9fe26128 R14: 00007fff9891be10 R15: 00007fff9891bef8 [ 596.971508][T16517] [ 597.307985][T16527] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3879'. [ 597.338725][T16527] netlink: 25 bytes leftover after parsing attributes in process `syz.3.3879'. [ 597.785944][T16540] netlink: 342 bytes leftover after parsing attributes in process `syz.2.3884'. [ 597.937669][T16543] netlink: 330 bytes leftover after parsing attributes in process `syz.2.3894'. [ 599.091116][T16574] netlink: 342 bytes leftover after parsing attributes in process `syz.0.3893'. [ 599.331883][T16580] netlink: 330 bytes leftover after parsing attributes in process `syz.0.3897'. [ 599.351989][T16579] macvtap0: entered promiscuous mode [ 599.360158][T16579] macvtap0: entered allmulticast mode [ 599.367923][T16579] veth0_macvtap: entered allmulticast mode [ 599.435410][T16582] [U]  [ 599.438600][T16582] [U] [ 599.441413][T16582] [U] [ 599.444251][T16582] [U] [ 599.464883][T16582] [U] [ 599.467868][T16582] [U] [ 599.470918][T16582] [U] [ 599.473682][T16582] [U] [ 599.487096][T16582] [U] [ 599.489988][T16582] [U] [ 599.492807][T16582] [U] [ 599.495520][T16582] [U] [ 599.499564][T16582] [U] [ 599.502336][T16582] [U] [ 599.505089][T16582] [U] [ 599.507832][T16582] [U] [ 599.512965][T16582] [U] [ 599.515758][T16582] [U] [ 599.518682][T16582] [U] [ 599.521429][T16582] [U] [ 599.525261][T16582] [U] [ 599.528106][T16582] [U] [ 599.530852][T16582] [U] [ 599.533597][T16582] [U] [ 599.538988][T16582] [U] [ 599.541769][T16582] [U] [ 599.544591][T16582] [U] [ 599.547306][T16582] [U] [ 599.551219][T16582] [U] [ 599.554182][T16582] [U] [ 599.556890][T16582] [U] [ 599.559608][T16582] [U] [ 599.562950][T16582] [U] [ 599.565689][T16582] [U] [ 599.568537][T16582] [U] [ 599.571346][T16582] [U] [ 599.575245][T16582] [U] [ 599.577971][T16582] [U] [ 599.580701][T16582] [U] [ 599.583408][T16582] [U] [ 599.587423][T16582] [U] [ 599.590140][T16582] [U] [ 599.592841][T16582] [U] [ 599.595552][T16582] [U] [ 599.600684][T16582] [U] [ 599.603468][T16582] [U] [ 599.606213][T16582] [U] [ 599.609062][T16582] [U] [ 599.612779][T16582] [U] [ 599.615813][T16582] [U] [ 599.618630][T16582] [U] [ 599.621694][T16582] [U] [ 599.625880][T16582] [U] [ 599.628844][T16582] [U] [ 599.631878][T16582] [U] [ 599.634656][T16582] [U] [ 599.639984][T16582] [U] [ 599.642735][T16582] [U] [ 599.645527][T16582] [U] [ 599.648424][T16582] [U] [ 599.652065][T16582] [U] [ 599.654911][T16582] [U] [ 599.657700][T16582] [U] [ 599.660455][T16582] [U] [ 599.663799][T16582] [U] [ 599.666542][T16582] [U] [ 599.669340][T16582] [U] [ 599.672052][T16582] [U] [ 599.678973][T16582] [U] [ 599.681709][T16582] [U] [ 599.684625][T16582] [U] [ 599.687510][T16582] [U] [ 599.691749][T16582] [U] [ 599.694574][T16582] [U] [ 599.697368][T16582] [U] [ 599.700453][T16582] [U] [ 599.705650][T16582] [U] [ 599.708380][T16582] [U] [ 599.711076][T16582] [U] [ 599.713786][T16582] [U] [ 599.717015][T16582] [U] [ 599.719779][T16582] [U] [ 599.722505][T16582] [U] [ 599.725225][T16582] [U] [ 599.728277][T16582] [U] [ 599.731049][T16582] [U] [ 599.734001][T16582] [U] [ 599.736760][T16582] [U] [ 599.741190][T16582] [U] [ 599.743962][T16582] [U] [ 599.746707][T16582] [U] [ 599.749504][T16582] [U] [ 599.752567][T16582] [U] [ 599.755308][T16582] [U] [ 599.758094][T16582] [U] [ 599.760834][T16582] [U] [ 599.764985][T16582] [U] [ 599.767740][T16582] [U] [ 599.770459][T16582] [U] [ 599.773187][T16582] [U] [ 599.776255][T16582] [U] [ 599.778998][T16582] [U] [ 599.781842][T16582] [U] [ 599.784655][T16582] [U] [ 599.788002][T16582] [U] [ 599.790950][T16582] [U] [ 599.793683][T16582] [U] [ 599.796455][T16582] [U] [ 599.799745][T16582] [U] [ 599.802532][T16582] [U] [ 599.805376][T16582] [U] [ 599.808209][T16582] [U] [ 599.811592][T16582] [U] [ 599.814362][T16582] [U] [ 599.817090][T16582] [U] [ 599.820148][T16582] [U] [ 599.823879][T16582] [U] [ 599.826648][T16582] [U] [ 599.829478][T16582] [U] [ 599.832290][T16582] [U] [ 599.835652][T16582] [U] [ 599.838591][T16582] [U] [ 599.841648][T16582] [U] [ 599.844463][T16582] [U] [ 599.848492][T16582] [U] [ 599.851547][T16582] [U] [ 599.854459][T16582] [U] [ 599.880862][T16581] [U] [ 600.346800][T16593] __nla_validate_parse: 1 callbacks suppressed [ 600.346828][T16593] netlink: 146 bytes leftover after parsing attributes in process `syz.0.3909'. [ 601.512591][T16621] netlink: 330 bytes leftover after parsing attributes in process `syz.1.3913'. [ 601.590442][T16624] : renamed from bond0 (while UP) [ 601.649800][T16628] netlink: 342 bytes leftover after parsing attributes in process `syz.0.3916'. [ 601.872165][T16630] FAULT_INJECTION: forcing a failure. [ 601.872165][T16630] name failslab, interval 1, probability 0, space 0, times 0 [ 601.885573][T16630] CPU: 1 UID: 0 PID: 16630 Comm: syz.1.3919 Tainted: G L syzkaller #0 PREEMPT(full) [ 601.885620][T16630] Tainted: [L]=SOFTLOCKUP [ 601.885632][T16630] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 601.885650][T16630] Call Trace: [ 601.885659][T16630] [ 601.885671][T16630] dump_stack_lvl+0x100/0x190 [ 601.885711][T16630] should_fail_ex.cold+0x5/0xa [ 601.885746][T16630] should_failslab+0xc2/0x120 [ 601.885784][T16630] kmem_cache_alloc_lru_noprof+0x8d/0x6a0 [ 601.885831][T16630] ? __d_alloc+0x35/0xa50 [ 601.885865][T16630] __d_alloc+0x35/0xa50 [ 601.885903][T16630] d_alloc+0x4a/0x1e0 [ 601.885933][T16630] lookup_one_qstr_excl+0x171/0x250 [ 601.885973][T16630] start_dirop+0x59/0xb0 [ 601.886017][T16630] simple_start_creating+0xf9/0x110 [ 601.886061][T16630] ? __pfx_simple_start_creating+0x10/0x10 [ 601.886103][T16630] ? mntput+0x70/0xa0 [ 601.886160][T16630] ? simple_pin_fs+0xa3/0x190 [ 601.886199][T16630] debugfs_start_creating.part.0+0x82/0x170 [ 601.886239][T16630] __debugfs_create_file+0xb3/0x4f0 [ 601.886280][T16630] debugfs_create_file_full+0x41/0x60 [ 601.886317][T16630] ref_tracker_dir_debugfs+0x19e/0x2e0 [ 601.886361][T16630] ? __pfx_ref_tracker_dir_debugfs+0x10/0x10 [ 601.886400][T16630] ? ida_alloc_range+0x70d/0x830 [ 601.886472][T16630] ? kasan_save_track+0x14/0x30 [ 601.886505][T16630] ? __kasan_kmalloc+0xaa/0xb0 [ 601.886539][T16630] ? lockdep_init_map_type+0x5c/0x250 [ 601.886593][T16630] preinit_net.part.0+0x252/0x920 [ 601.886636][T16630] copy_net_ns+0x339/0x7c0 [ 601.886681][T16630] create_new_namespaces+0x3ea/0xac0 [ 601.886741][T16630] unshare_nsproxy_namespaces+0xf2/0x220 [ 601.886794][T16630] ksys_unshare+0x438/0xab0 [ 601.886840][T16630] ? __pfx_ksys_unshare+0x10/0x10 [ 601.886889][T16630] __x64_sys_unshare+0x31/0x40 [ 601.886921][T16630] do_syscall_64+0x115/0x840 [ 601.886962][T16630] ? clear_bhb_loop+0x40/0x90 [ 601.886997][T16630] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 601.887028][T16630] RIP: 0033:0x7f5ec419de59 [ 601.887057][T16630] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 601.887085][T16630] RSP: 002b:00007f5ec5042028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 601.887116][T16630] RAX: ffffffffffffffda RBX: 00007f5ec4425fa0 RCX: 00007f5ec419de59 [ 601.887137][T16630] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 601.887156][T16630] RBP: 00007f5ec4233e6f R08: 0000000000000000 R09: 0000000000000000 [ 601.887174][T16630] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 601.887191][T16630] R13: 00007f5ec4426038 R14: 00007f5ec4425fa0 R15: 00007ffc63015f68 [ 601.887233][T16630] [ 602.178708][T16635] netlink: 334 bytes leftover after parsing attributes in process `syz.3.3920'. [ 603.050588][T16651] netlink: 504 bytes leftover after parsing attributes in process `syz.0.3933'. [ 603.175153][T16647] netlink: 146 bytes leftover after parsing attributes in process `syz.1.3924'. [ 603.348706][T16653] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3925'. [ 603.368549][T16653] bridge0: port 2(bridge_slave_1) entered disabled state [ 603.376080][T16653] bridge0: port 1(bridge_slave_0) entered disabled state [ 603.419491][T16653] bridge0: entered promiscuous mode [ 603.687923][T16665] netlink: 334 bytes leftover after parsing attributes in process `syz.3.3930'. [ 604.253228][T16686] netlink: 334 bytes leftover after parsing attributes in process `syz.0.3941'. [ 604.397630][T16692] netlink: 198 bytes leftover after parsing attributes in process `syz.1.3944'. [ 604.764745][T16706] netlink: 'syz.0.3957': attribute type 33 has an invalid length. [ 604.912014][T16710] udc dummy_udc.0: soft-connect without a gadget driver [ 605.176634][ T30] audit: type=1800 audit(4294967660.050:20): pid=16721 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.3953" name="file0" dev="tmpfs" ino=5109 res=0 errno=0 [ 605.363292][T16726] : renamed from team0 (while UP) [ 606.677278][T16753] netlink: 'syz.1.3967': attribute type 29 has an invalid length. [ 606.725733][T16753] __nla_validate_parse: 3 callbacks suppressed [ 606.725757][T16753] netlink: 334 bytes leftover after parsing attributes in process `syz.1.3967'. [ 606.781483][T16755] netlink: 'syz.2.3968': attribute type 4 has an invalid length. [ 607.006145][T16761] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3971'. [ 607.038048][T16761] netlink: 13 bytes leftover after parsing attributes in process `syz.2.3971'. [ 607.069712][T16761] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3971'. [ 607.171970][T16763] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3972'. [ 607.210214][T16763] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3972'. [ 607.595229][T16777] netlink: 504 bytes leftover after parsing attributes in process `syz.2.3979'. [ 607.737108][T16784] netlink: 86 bytes leftover after parsing attributes in process `syz.0.3980'. [ 607.983628][T16786] netlink: 74 bytes leftover after parsing attributes in process `syz.1.3981'. [ 608.050712][T16789] netlink: 330 bytes leftover after parsing attributes in process `syz.2.3983'. [ 611.744151][T16863] Process accounting resumed [ 612.489088][T16917] __nla_validate_parse: 10 callbacks suppressed [ 612.489118][T16917] netlink: 130 bytes leftover after parsing attributes in process `syz.2.4035'. [ 612.718755][T16926] netlink: 146 bytes leftover after parsing attributes in process `syz.3.4039'. [ 614.075988][T16950] netlink: 130 bytes leftover after parsing attributes in process `syz.1.4047'. [ 614.878707][T16983] netlink: 146 bytes leftover after parsing attributes in process `syz.1.4061'. [ 615.390660][ T4944] block nbd2: Receive control failed (result -32) [ 615.623859][T17013] netlink: 16 bytes leftover after parsing attributes in process `syz.3.4072'. [ 615.982116][T17012] Process accounting resumed [ 616.159711][T17028] netlink: 326 bytes leftover after parsing attributes in process `syz.2.4079'. [ 616.205622][T17031] netlink: 326 bytes leftover after parsing attributes in process `syz.3.4081'. [ 616.308511][T17036] netlink: 338 bytes leftover after parsing attributes in process `syz.2.4083'. [ 618.278789][T17074] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 618.754213][T17095] netlink: 342 bytes leftover after parsing attributes in process `syz.0.4104'. [ 618.771091][T17095] IPv6: NLM_F_CREATE should be specified when creating new route [ 618.779459][T17095] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 618.788812][T17095] IPv6: NLM_F_CREATE should be set when creating new route [ 618.796598][T17095] IPv6: NLM_F_CREATE should be set when creating new route [ 618.808020][T17100] netlink: 342 bytes leftover after parsing attributes in process `syz.0.4104'. [ 618.846177][T17100] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 618.948336][T17097] zswap: compressor not available [ 619.070649][T17112] netlink: 326 bytes leftover after parsing attributes in process `syz.2.4109'. [ 619.651672][T17126] __vm_enough_memory: pid: 17126, comm: syz.2.4114, bytes: 4398046457856 not enough memory for the allocation [ 619.665431][ T4944] block nbd3: Receive control failed (result -32) [ 620.321339][T17143] netlink: 16 bytes leftover after parsing attributes in process `syz.2.4117'. [ 620.456378][T17146] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4118'. [ 620.909262][T17162] netlink: 146 bytes leftover after parsing attributes in process `syz.3.4128'. [ 621.778533][T17182] netlink: 16 bytes leftover after parsing attributes in process `syz.1.4134'. [ 622.413269][T17189] FAULT_INJECTION: forcing a failure. [ 622.413269][T17189] name failslab, interval 1, probability 0, space 0, times 0 [ 622.497007][T17189] CPU: 1 UID: 0 PID: 17189 Comm: syz.2.4136 Tainted: G L syzkaller #0 PREEMPT(full) [ 622.497058][T17189] Tainted: [L]=SOFTLOCKUP [ 622.497069][T17189] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 622.497086][T17189] Call Trace: [ 622.497097][T17189] [ 622.497109][T17189] dump_stack_lvl+0x100/0x190 [ 622.497154][T17189] should_fail_ex.cold+0x5/0xa [ 622.497192][T17189] should_failslab+0xc2/0x120 [ 622.497235][T17189] kmem_cache_alloc_noprof+0x91/0x6a0 [ 622.497269][T17189] ? rcu_is_watching+0x12/0xc0 [ 622.497306][T17189] ? anon_vma_clone+0x2ba/0xcd0 [ 622.497358][T17189] anon_vma_clone+0x2ba/0xcd0 [ 622.497412][T17189] copy_vma+0x6ed/0xac0 [ 622.497448][T17189] ? __pfx_copy_vma+0x10/0x10 [ 622.497528][T17189] copy_vma_and_data+0x1cf/0x7c0 [ 622.497583][T17189] ? __pfx_copy_vma_and_data+0x10/0x10 [ 622.497651][T17189] ? __vma_start_write+0x17f/0x280 [ 622.497698][T17189] ? __pfx___vma_start_write+0x10/0x10 [ 622.497755][T17189] move_vma+0x574/0x1920 [ 622.497813][T17189] ? __pfx_move_vma+0x10/0x10 [ 622.497865][T17189] ? mm_get_unmapped_area_vmflags+0xd7/0x130 [ 622.497901][T17189] ? cap_mmap_addr+0x4b/0x120 [ 622.497955][T17189] ? bpf_lsm_mmap_addr+0x9/0x30 [ 622.497996][T17189] ? security_mmap_addr+0x71/0x1e0 [ 622.498034][T17189] ? __get_unmapped_area+0x255/0x3e0 [ 622.498077][T17189] ? vrm_set_new_addr+0x204/0x290 [ 622.498127][T17189] mremap_to+0x234/0x4c0 [ 622.498155][T17189] ? mas_walk+0x6ef/0x9b0 [ 622.498190][T17189] ? __pfx_mremap_to+0x10/0x10 [ 622.498212][T17189] ? check_prep_vma+0x912/0xe60 [ 622.498258][T17189] __do_sys_mremap+0x88c/0x1850 [ 622.498294][T17189] ? __pfx___do_sys_mremap+0x10/0x10 [ 622.498327][T17189] ? __pfx_do_futex+0x10/0x10 [ 622.498361][T17189] ? __x64_sys_futex+0x34f/0x4d0 [ 622.498406][T17189] do_syscall_64+0x115/0x840 [ 622.498448][T17189] ? clear_bhb_loop+0x40/0x90 [ 622.498478][T17189] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 622.498503][T17189] RIP: 0033:0x7f896339de59 [ 622.498527][T17189] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 622.498552][T17189] RSP: 002b:00007f8964221028 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 622.498578][T17189] RAX: ffffffffffffffda RBX: 00007f8963626090 RCX: 00007f896339de59 [ 622.498596][T17189] RDX: 0000000000000004 RSI: 0000000000000004 RDI: 0000200000000000 [ 622.498612][T17189] RBP: 00007f8963433e6f R08: 0000000100000000 R09: 0000000000000000 [ 622.498629][T17189] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000000 [ 622.498644][T17189] R13: 00007f8963626128 R14: 00007f8963626090 R15: 00007ffdd436d308 [ 622.498678][T17189] [ 623.989386][T17206] smpboot: CPU 1 is now offline [ 624.037653][ T1316] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.045618][ T1316] ieee802154 phy1 wpan1: encryption failed: -22 [ 624.318044][T17213] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4144'. [ 624.530495][T17219] netlink: 'syz.1.4147': attribute type 16 has an invalid length. [ 624.568371][T17219] netlink: 306 bytes leftover after parsing attributes in process `syz.1.4147'. [ 624.785733][T17218] zswap: compressor not available [ 625.328733][T17238] netlink: 342 bytes leftover after parsing attributes in process `syz.0.4153'. [ 626.823295][T17259] zswap: compressor not available [ 626.837112][T17266] netlink: 346 bytes leftover after parsing attributes in process `syz.1.4163'. [ 627.008111][T17272] netlink: 342 bytes leftover after parsing attributes in process `syz.1.4165'. [ 627.209476][T17274] netlink: 334 bytes leftover after parsing attributes in process `syz.0.4174'. [ 627.253818][T17274] netlink: 334 bytes leftover after parsing attributes in process `syz.0.4174'. [ 628.570463][T17304] netlink: 'syz.3.4176': attribute type 4 has an invalid length. [ 628.606836][T17304] netlink: 314 bytes leftover after parsing attributes in process `syz.3.4176'. [ 628.828494][T17308] zswap: compressor not available [ 629.188436][T17317] netlink: 334 bytes leftover after parsing attributes in process `syz.3.4179'. [ 629.231742][T17317] netlink: 334 bytes leftover after parsing attributes in process `syz.3.4179'. [ 630.252931][T17340] FAULT_INJECTION: forcing a failure. [ 630.252931][T17340] name failslab, interval 1, probability 0, space 0, times 0 [ 630.307417][T17340] CPU: 0 UID: 0 PID: 17340 Comm: syz.2.4187 Tainted: G L syzkaller #0 PREEMPT(full) [ 630.307453][T17340] Tainted: [L]=SOFTLOCKUP [ 630.307460][T17340] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 630.307473][T17340] Call Trace: [ 630.307481][T17340] [ 630.307489][T17340] dump_stack_lvl+0x100/0x190 [ 630.307514][T17340] should_fail_ex.cold+0x5/0xa [ 630.307540][T17340] should_failslab+0xc2/0x120 [ 630.307564][T17340] kmem_cache_alloc_noprof+0x91/0x6a0 [ 630.307584][T17340] ? d_instantiate+0x8a/0xb0 [ 630.307603][T17340] ? d_instantiate+0x8a/0xb0 [ 630.307626][T17340] ? alloc_empty_file+0x5b/0x1c0 [ 630.307657][T17340] alloc_empty_file+0x5b/0x1c0 [ 630.307680][T17340] alloc_file_pseudo+0x183/0x290 [ 630.307709][T17340] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 630.307735][T17340] ? _raw_spin_unlock+0x28/0x50 [ 630.307761][T17340] ? alloc_fd+0x471/0x7a0 [ 630.307798][T17340] __anon_inode_getfile+0xe8/0x280 [ 630.307824][T17340] do_epoll_create+0x3ac/0x540 [ 630.307857][T17340] __x64_sys_epoll_create+0x45/0x70 [ 630.307876][T17340] do_syscall_64+0x115/0x840 [ 630.307901][T17340] ? clear_bhb_loop+0x40/0x90 [ 630.307931][T17340] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 630.307950][T17340] RIP: 0033:0x7f896339de59 [ 630.307966][T17340] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 630.307984][T17340] RSP: 002b:00007f8964242028 EFLAGS: 00000246 ORIG_RAX: 00000000000000d5 [ 630.308002][T17340] RAX: ffffffffffffffda RBX: 00007f8963625fa0 RCX: 00007f896339de59 [ 630.308014][T17340] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000003e [ 630.308025][T17340] RBP: 00007f8963433e6f R08: 0000000000000000 R09: 0000000000000000 [ 630.308037][T17340] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 630.308047][T17340] R13: 00007f8963626038 R14: 00007f8963625fa0 R15: 00007ffdd436d308 [ 630.308075][T17340] [ 630.686240][T17346] netlink: 330 bytes leftover after parsing attributes in process `syz.2.4190'. [ 631.556162][T17371] FAULT_INJECTION: forcing a failure. [ 631.556162][T17371] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 631.605287][T17371] CPU: 0 UID: 0 PID: 17371 Comm: syz.1.4199 Tainted: G L syzkaller #0 PREEMPT(full) [ 631.605324][T17371] Tainted: [L]=SOFTLOCKUP [ 631.605331][T17371] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 631.605342][T17371] Call Trace: [ 631.605349][T17371] [ 631.605356][T17371] dump_stack_lvl+0x100/0x190 [ 631.605382][T17371] should_fail_ex.cold+0x5/0xa [ 631.605400][T17371] ? prepare_alloc_pages+0x16d/0x5f0 [ 631.605427][T17371] should_fail_alloc_page+0xeb/0x140 [ 631.605452][T17371] prepare_alloc_pages+0x1f0/0x5f0 [ 631.605478][T17371] ? unwind_get_return_address+0x59/0xa0 [ 631.605508][T17371] __alloc_frozen_pages_noprof+0x1af/0x2dc0 [ 631.605546][T17371] ? stack_trace_save+0x8e/0xc0 [ 631.605569][T17371] ? __pfx_stack_trace_save+0x10/0x10 [ 631.605590][T17371] ? kasan_save_track+0x14/0x30 [ 631.605610][T17371] ? stack_depot_save_flags+0x27/0x9d0 [ 631.605636][T17371] ? pte_alloc_one+0x82/0x3d0 [ 631.605660][T17371] ? __pte_alloc+0x6d/0x3e0 [ 631.605679][T17371] ? move_page_tables+0x2ec4/0x4610 [ 631.605711][T17371] ? copy_vma_and_data+0x25c/0x7c0 [ 631.605746][T17371] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 631.605779][T17371] ? kasan_save_stack+0x30/0x50 [ 631.605797][T17371] ? kasan_save_track+0x14/0x30 [ 631.605823][T17371] ? __kasan_slab_alloc+0x89/0x90 [ 631.605844][T17371] ? kmem_cache_alloc_noprof+0x26b/0x6a0 [ 631.605863][T17371] ? __pmd_alloc+0xbf/0x950 [ 631.605886][T17371] ? move_page_tables+0x2f7c/0x4610 [ 631.605916][T17371] ? copy_vma_and_data+0x25c/0x7c0 [ 631.605943][T17371] ? move_vma+0x574/0x1920 [ 631.605970][T17371] ? mremap_to+0x234/0x4c0 [ 631.605986][T17371] ? __do_sys_mremap+0xb3e/0x1850 [ 631.606002][T17371] ? do_syscall_64+0x115/0x840 [ 631.606028][T17371] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 631.606060][T17371] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 631.606086][T17371] ? policy_nodemask+0xed/0x4f0 [ 631.606112][T17371] alloc_pages_mpol+0x1fb/0x540 [ 631.606137][T17371] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 631.606167][T17371] alloc_pages_noprof+0x1a/0x160 [ 631.606194][T17371] pte_alloc_one+0x1c/0x3d0 [ 631.606220][T17371] __pte_alloc+0x6d/0x3e0 [ 631.606241][T17371] ? __pfx___pte_alloc+0x10/0x10 [ 631.606262][T17371] ? _raw_spin_unlock+0x28/0x50 [ 631.606284][T17371] ? __pmd_alloc+0x3fb/0x950 [ 631.606312][T17371] move_page_tables+0x2ec4/0x4610 [ 631.606354][T17371] ? __pfx_move_page_tables+0x10/0x10 [ 631.606393][T17371] ? __lock_acquire+0x49f/0x1a40 [ 631.606421][T17371] ? finish_task_switch.isra.0+0x2c5/0x10c0 [ 631.606455][T17371] copy_vma_and_data+0x25c/0x7c0 [ 631.606488][T17371] ? __pfx_copy_vma_and_data+0x10/0x10 [ 631.606518][T17371] ? mtree_load+0x311/0xa90 [ 631.606549][T17371] ? arch_get_unmapped_area_topdown+0x3e6/0x9b0 [ 631.606579][T17371] ? __pfx_arch_get_unmapped_area_topdown+0x10/0x10 [ 631.606608][T17371] move_vma+0x574/0x1920 [ 631.606642][T17371] ? __pfx_move_vma+0x10/0x10 [ 631.606673][T17371] ? shmem_get_unmapped_area+0x141/0x960 [ 631.606701][T17371] ? cap_mmap_addr+0x4b/0x120 [ 631.606728][T17371] ? bpf_lsm_mmap_addr+0x9/0x30 [ 631.606757][T17371] ? security_mmap_addr+0x71/0x1e0 [ 631.606781][T17371] ? __get_unmapped_area+0x255/0x3e0 [ 631.606815][T17371] ? vrm_set_new_addr+0x204/0x290 [ 631.606846][T17371] mremap_to+0x234/0x4c0 [ 631.606863][T17371] ? __pfx_mremap_to+0x10/0x10 [ 631.606879][T17371] ? check_prep_vma+0x912/0xe60 [ 631.606912][T17371] __do_sys_mremap+0xb3e/0x1850 [ 631.606941][T17371] ? find_held_lock+0x2b/0x80 [ 631.606970][T17371] ? do_writev+0x214/0x340 [ 631.606995][T17371] ? __pfx___do_sys_mremap+0x10/0x10 [ 631.607020][T17371] ? __pfx_do_futex+0x10/0x10 [ 631.607038][T17371] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 631.607068][T17371] ? __fget_files+0x21f/0x3d0 [ 631.607102][T17371] ? __x64_sys_futex+0x34f/0x4d0 [ 631.607133][T17371] do_syscall_64+0x115/0x840 [ 631.607158][T17371] ? clear_bhb_loop+0x40/0x90 [ 631.607181][T17371] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 631.607200][T17371] RIP: 0033:0x7f5ec419de59 [ 631.607217][T17371] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 631.607235][T17371] RSP: 002b:00007f5ec5042028 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 631.607254][T17371] RAX: ffffffffffffffda RBX: 00007f5ec4425fa0 RCX: 00007f5ec419de59 [ 631.607266][T17371] RDX: 0000000000003fd6 RSI: 000000000000fee0 RDI: 00000000001fc000 [ 631.607277][T17371] RBP: 00007f5ec4233e6f R08: 00000000fffff000 R09: 0000000000000000 [ 631.607288][T17371] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000000 [ 631.607299][T17371] R13: 00007f5ec4426038 R14: 00007f5ec4425fa0 R15: 00007ffc63015f68 [ 631.607332][T17371] [ 633.489282][T17392] netlink: 334 bytes leftover after parsing attributes in process `syz.0.4207'. [ 634.555801][T17404] netlink: 342 bytes leftover after parsing attributes in process `syz.2.4211'. [ 635.231325][T17412] smpboot: Booting Node 0 Processor 1 APIC 0x1 [ 635.422052][T17417] smpboot: CPU 1 is now offline [ 636.367767][T17444] zswap: compressor not available [ 636.463368][T17455] netlink: 350 bytes leftover after parsing attributes in process `syz.0.4229'. [ 636.900291][T17471] vivid-007: ================= START STATUS ================= [ 636.923760][T17471] vivid-007: Enable Output Cropping: true [ 636.943376][T17471] vivid-007: Enable Output Composing: true [ 636.960720][T17471] vivid-007: Enable Output Scaler: true [ 636.979433][T17471] vivid-007: Tx RGB Quantization Range: Automatic [ 636.994170][T17471] vivid-007: Transmit Mode: HDMI [ 637.003672][T17471] vivid-007: Hotplug Present: 0x00000000 [ 637.022357][T17471] vivid-007: RxSense Present: 0x00000000 [ 637.039083][T17471] vivid-007: EDID Present: 0x00000000 [ 637.050324][T17471] vivid-007: ================== END STATUS ================== [ 637.247807][T17479] netlink: 334 bytes leftover after parsing attributes in process `syz.2.4235'. [ 637.468213][T17485] netlink: 25 bytes leftover after parsing attributes in process `syz.3.4239'. [ 640.449643][T17551] netlink: 342 bytes leftover after parsing attributes in process `syz.0.4262'. [ 640.961070][T17564] netlink: 342 bytes leftover after parsing attributes in process `syz.1.4267'. [ 641.347568][T17573] netlink: 330 bytes leftover after parsing attributes in process `syz.1.4271'. [ 641.592322][T17581] netlink: 334 bytes leftover after parsing attributes in process `syz.0.4275'. [ 641.813318][T17589] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4278'. [ 642.145823][T17595] FAULT_INJECTION: forcing a failure. [ 642.145823][T17595] name failslab, interval 1, probability 0, space 0, times 0 [ 642.205237][T17595] CPU: 0 UID: 0 PID: 17595 Comm: syz.0.4281 Tainted: G L syzkaller #0 PREEMPT(full) [ 642.205270][T17595] Tainted: [L]=SOFTLOCKUP [ 642.205276][T17595] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 642.205287][T17595] Call Trace: [ 642.205293][T17595] [ 642.205300][T17595] dump_stack_lvl+0x100/0x190 [ 642.205326][T17595] should_fail_ex.cold+0x5/0xa [ 642.205347][T17595] should_failslab+0xc2/0x120 [ 642.205390][T17595] kmem_cache_alloc_lru_noprof+0x8d/0x6a0 [ 642.205412][T17595] ? alloc_inode+0x183/0x250 [ 642.205437][T17595] alloc_inode+0x183/0x250 [ 642.205459][T17595] alloc_anon_inode+0x2a/0x3e0 [ 642.205491][T17595] anon_inode_make_secure_inode+0x2f/0x140 [ 642.205519][T17595] __anon_inode_getfile+0x1cf/0x280 [ 642.205539][T17595] ? _copy_to_user+0xaf/0xd0 [ 642.205565][T17595] io_uring_setup.cold+0x1928/0x1c2e [ 642.205595][T17595] ? __pfx_io_uring_setup+0x10/0x10 [ 642.205692][T17595] ? __pfx_do_futex+0x10/0x10 [ 642.205722][T17595] ? xfd_validate_state+0x129/0x190 [ 642.205747][T17595] __x64_sys_io_uring_setup+0xc2/0x170 [ 642.205777][T17595] do_syscall_64+0x115/0x840 [ 642.205805][T17595] ? clear_bhb_loop+0x40/0x90 [ 642.205827][T17595] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 642.205847][T17595] RIP: 0033:0x7f1d9fb9de59 [ 642.205864][T17595] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 642.205882][T17595] RSP: 002b:00007f1da09e9028 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 642.205901][T17595] RAX: ffffffffffffffda RBX: 00007f1d9fe25fa0 RCX: 00007f1d9fb9de59 [ 642.205912][T17595] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000fa3 [ 642.205923][T17595] RBP: 00007f1d9fc33e6f R08: 0000000000000000 R09: 0000000000000000 [ 642.205934][T17595] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 642.205946][T17595] R13: 00007f1d9fe26038 R14: 00007f1d9fe25fa0 R15: 00007fff9891bef8 [ 642.205969][T17595] [ 643.177331][T17602] netlink: 334 bytes leftover after parsing attributes in process `syz.0.4283'. [ 643.325204][T17604] netlink: 342 bytes leftover after parsing attributes in process `syz.3.4284'. [ 643.587429][T17610] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4287'. [ 643.625484][T17610] netlink: 25 bytes leftover after parsing attributes in process `syz.0.4287'. [ 643.796625][T17613] netlink: 330 bytes leftover after parsing attributes in process `syz.0.4288'. [ 643.850256][T17615] netlink: 21 bytes leftover after parsing attributes in process `syz.2.4289'. [ 643.940344][T17585] Process accounting paused [ 644.257805][T17621] netlink: 322 bytes leftover after parsing attributes in process `syz.1.4292'. [ 646.070356][T17660] Process accounting paused [ 646.271719][T17687] netlink: 342 bytes leftover after parsing attributes in process `syz.0.4317'. [ 646.512035][T17693] netlink: 'syz.3.4318': attribute type 19 has an invalid length. [ 647.050600][T17707] __nla_validate_parse: 1 callbacks suppressed [ 647.050620][T17707] netlink: 25 bytes leftover after parsing attributes in process `syz.1.4322'. [ 647.247092][T17711] netlink: 334 bytes leftover after parsing attributes in process `syz.0.4323'. [ 647.599888][T17717] netlink: 36 bytes leftover after parsing attributes in process `syz.1.4326'. [ 648.039769][T17723] FAULT_INJECTION: forcing a failure. [ 648.039769][T17723] name failslab, interval 1, probability 0, space 0, times 0 [ 648.063855][T17725] netlink: 342 bytes leftover after parsing attributes in process `syz.3.4330'. [ 648.082250][T17723] CPU: 0 UID: 0 PID: 17723 Comm: syz.1.4329 Tainted: G L syzkaller #0 PREEMPT(full) [ 648.082287][T17723] Tainted: [L]=SOFTLOCKUP [ 648.082294][T17723] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 648.082305][T17723] Call Trace: [ 648.082314][T17723] [ 648.082322][T17723] dump_stack_lvl+0x100/0x190 [ 648.082348][T17723] should_fail_ex.cold+0x5/0xa [ 648.082370][T17723] should_failslab+0xc2/0x120 [ 648.082397][T17723] __kmalloc_noprof+0xfc/0x820 [ 648.082418][T17723] ? sk_prot_alloc+0x10b/0x2a0 [ 648.082506][T17723] sk_prot_alloc+0x10b/0x2a0 [ 648.082531][T17723] sk_alloc+0x36/0xe80 [ 648.082550][T17723] __netlink_create+0x5e/0x2c0 [ 648.082609][T17723] ? __wake_up+0x3f/0x60 [ 648.082633][T17723] netlink_create+0x29b/0x610 [ 648.082656][T17723] ? __pfx_genl_bind+0x10/0x10 [ 648.082696][T17723] ? __pfx_genl_unbind+0x10/0x10 [ 648.082722][T17723] ? __pfx_genl_release+0x10/0x10 [ 648.082760][T17723] __sock_create+0x339/0x860 [ 648.082805][T17723] __sys_socket+0x14d/0x260 [ 648.082832][T17723] ? __pfx___sys_socket+0x10/0x10 [ 648.082864][T17723] __x64_sys_socket+0x72/0xb0 [ 648.082890][T17723] ? lockdep_hardirqs_on+0x78/0x100 [ 648.082916][T17723] do_syscall_64+0x115/0x840 [ 648.082942][T17723] ? clear_bhb_loop+0x40/0x90 [ 648.082964][T17723] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 648.082986][T17723] RIP: 0033:0x7f5ec419de59 [ 648.083005][T17723] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 648.083023][T17723] RSP: 002b:00007f5ec5042028 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 648.083041][T17723] RAX: ffffffffffffffda RBX: 00007f5ec4425fa0 RCX: 00007f5ec419de59 [ 648.083052][T17723] RDX: 0000000000000010 RSI: 0000000000000003 RDI: 0000000000000010 [ 648.083063][T17723] RBP: 00007f5ec4233e6f R08: 0000000000000000 R09: 0000000000000000 [ 648.083073][T17723] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 648.083083][T17723] R13: 00007f5ec4426038 R14: 00007f5ec4425fa0 R15: 00007ffc63015f68 [ 648.083106][T17723] [ 648.414598][T17729] FAULT_INJECTION: forcing a failure. [ 648.414598][T17729] name fail_futex, interval 1, probability 0, space 0, times 0 [ 648.427669][T17729] CPU: 0 UID: 0 PID: 17729 Comm: syz.0.4331 Tainted: G L syzkaller #0 PREEMPT(full) [ 648.427699][T17729] Tainted: [L]=SOFTLOCKUP [ 648.427706][T17729] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 648.427716][T17729] Call Trace: [ 648.427730][T17729] [ 648.427738][T17729] dump_stack_lvl+0x100/0x190 [ 648.427763][T17729] should_fail_ex.cold+0x5/0xa [ 648.427784][T17729] get_futex_key+0x1d2/0x14f0 [ 648.427816][T17729] ? __pfx_get_futex_key+0x10/0x10 [ 648.427844][T17729] ? wakeup_preempt_fair+0x640/0x1060 [ 648.427880][T17729] futex_wait_setup+0x91/0x540 [ 648.427908][T17729] __futex_wait+0x19f/0x300 [ 648.427931][T17729] ? __pfx___futex_wait+0x10/0x10 [ 648.427952][T17729] ? __pfx_try_to_wake_up+0x10/0x10 [ 648.427980][T17729] ? futex_hash+0x311/0x400 [ 648.428010][T17729] ? __pfx_futex_wake_mark+0x10/0x10 [ 648.428035][T17729] ? find_held_lock+0x2b/0x80 [ 648.428054][T17729] ? futex_wake+0x4ea/0x5e0 [ 648.428080][T17729] futex_wait+0xe6/0x370 [ 648.428101][T17729] ? __pfx_futex_wait+0x10/0x10 [ 648.428130][T17729] ? putname+0xb1/0x110 [ 648.428149][T17729] do_futex+0x265/0x440 [ 648.428167][T17729] ? __pfx_do_futex+0x10/0x10 [ 648.428182][T17729] ? __x64_sys_acct+0x90/0x1e0 [ 648.428208][T17729] __x64_sys_futex+0x34f/0x4d0 [ 648.428227][T17729] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 648.428256][T17729] ? __pfx___x64_sys_futex+0x10/0x10 [ 648.428275][T17729] ? bpf_lsm_capable+0x9/0x10 [ 648.428299][T17729] do_syscall_64+0x115/0x840 [ 648.428324][T17729] ? clear_bhb_loop+0x40/0x90 [ 648.428346][T17729] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 648.428366][T17729] RIP: 0033:0x7f1d9fb9de59 [ 648.428382][T17729] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 648.428398][T17729] RSP: 002b:00007f1da09e90e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 648.428416][T17729] RAX: ffffffffffffffda RBX: 00007f1d9fe25fa8 RCX: 00007f1d9fb9de59 [ 648.428428][T17729] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f1d9fe25fa8 [ 648.428439][T17729] RBP: 00007f1d9fe25fa0 R08: 0000000000000000 R09: 0000000000000000 [ 648.428450][T17729] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 648.428460][T17729] R13: 00007f1d9fe26038 R14: 00007fff9891be10 R15: 00007fff9891bef8 [ 648.428482][T17729] [ 649.368464][T17752] netlink: 342 bytes leftover after parsing attributes in process `syz.0.4340'. [ 650.357194][T17770] FAULT_INJECTION: forcing a failure. [ 650.357194][T17770] name failslab, interval 1, probability 0, space 0, times 0 [ 650.545755][T17770] CPU: 0 UID: 0 PID: 17770 Comm: syz.3.4345 Tainted: G L syzkaller #0 PREEMPT(full) [ 650.545788][T17770] Tainted: [L]=SOFTLOCKUP [ 650.545795][T17770] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 650.545806][T17770] Call Trace: [ 650.545812][T17770] [ 650.545819][T17770] dump_stack_lvl+0x100/0x190 [ 650.545845][T17770] should_fail_ex.cold+0x5/0xa [ 650.545866][T17770] should_failslab+0xc2/0x120 [ 650.545890][T17770] kmem_cache_alloc_noprof+0x91/0x6a0 [ 650.545912][T17770] ? sk_prot_alloc+0x60/0x2a0 [ 650.545940][T17770] sk_prot_alloc+0x60/0x2a0 [ 650.545964][T17770] sk_alloc+0x36/0xe80 [ 650.545983][T17770] inet_create+0x3a0/0x1060 [ 650.546066][T17770] ? inet_create+0x94/0x1060 [ 650.546086][T17770] __sock_create+0x339/0x860 [ 650.546115][T17770] smc_create+0x163/0x290 [ 650.546190][T17770] __sock_create+0x339/0x860 [ 650.546222][T17770] __sys_socket+0x14d/0x260 [ 650.546250][T17770] ? __pfx___sys_socket+0x10/0x10 [ 650.546284][T17770] __x64_sys_socket+0x72/0xb0 [ 650.546309][T17770] ? lockdep_hardirqs_on+0x78/0x100 [ 650.546335][T17770] do_syscall_64+0x115/0x840 [ 650.546362][T17770] ? clear_bhb_loop+0x40/0x90 [ 650.546393][T17770] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 650.546413][T17770] RIP: 0033:0x7f0571d9de59 [ 650.546429][T17770] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 650.546448][T17770] RSP: 002b:00007f0572d24028 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 650.546467][T17770] RAX: ffffffffffffffda RBX: 00007f0572026090 RCX: 00007f0571d9de59 [ 650.546479][T17770] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 000000000000002b [ 650.546490][T17770] RBP: 00007f0571e33e6f R08: 0000000000000000 R09: 0000000000000000 [ 650.546502][T17770] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 650.546513][T17770] R13: 00007f0572026128 R14: 00007f0572026090 R15: 00007ffec18cc448 [ 650.546537][T17770] [ 651.759750][T17807] FAULT_INJECTION: forcing a failure. [ 651.759750][T17807] name failslab, interval 1, probability 0, space 0, times 0 [ 651.838857][T17807] CPU: 0 UID: 0 PID: 17807 Comm: syz.1.4357 Tainted: G L syzkaller #0 PREEMPT(full) [ 651.838891][T17807] Tainted: [L]=SOFTLOCKUP [ 651.838897][T17807] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 651.838908][T17807] Call Trace: [ 651.838915][T17807] [ 651.838922][T17807] dump_stack_lvl+0x100/0x190 [ 651.838947][T17807] should_fail_ex.cold+0x5/0xa [ 651.838968][T17807] should_failslab+0xc2/0x120 [ 651.838992][T17807] kmem_cache_alloc_noprof+0x91/0x6a0 [ 651.839013][T17807] ? stack_trace_save+0x8e/0xc0 [ 651.839036][T17807] ? alloc_empty_file+0x5b/0x1c0 [ 651.839060][T17807] alloc_empty_file+0x5b/0x1c0 [ 651.839081][T17807] path_openat+0xe7/0x4280 [ 651.839107][T17807] ? __kasan_slab_alloc+0x89/0x90 [ 651.839128][T17807] ? kmem_cache_alloc_noprof+0x26b/0x6a0 [ 651.839146][T17807] ? do_getname+0x35/0x390 [ 651.839168][T17807] ? do_sys_openat2+0xc7/0x1e0 [ 651.839187][T17807] ? __x64_sys_openat+0x12d/0x210 [ 651.839207][T17807] ? do_syscall_64+0x115/0x840 [ 651.839234][T17807] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 651.839260][T17807] ? __pfx_path_openat+0x10/0x10 [ 651.839294][T17807] do_file_open+0x20e/0x430 [ 651.839324][T17807] ? __pfx_do_file_open+0x10/0x10 [ 651.839368][T17807] ? alloc_fd+0x471/0x7a0 [ 651.839397][T17807] ? do_getname+0x191/0x390 [ 651.839419][T17807] do_sys_openat2+0x10f/0x1e0 [ 651.839440][T17807] ? __pfx_do_sys_openat2+0x10/0x10 [ 651.839471][T17807] __x64_sys_openat+0x12d/0x210 [ 651.839494][T17807] ? __pfx___x64_sys_openat+0x10/0x10 [ 651.839524][T17807] do_syscall_64+0x115/0x840 [ 651.839549][T17807] ? clear_bhb_loop+0x40/0x90 [ 651.839571][T17807] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 651.839590][T17807] RIP: 0033:0x7f5ec415e68e [ 651.839606][T17807] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 651.839632][T17807] RSP: 002b:00007f5ec5041ec8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 651.839651][T17807] RAX: ffffffffffffffda RBX: 00007f5ec50426c0 RCX: 00007f5ec415e68e [ 651.839663][T17807] RDX: 0000000000000002 RSI: 00007f5ec5041f90 RDI: ffffffffffffff9c [ 651.839675][T17807] RBP: 00007f5ec4233e6f R08: 0000000000000000 R09: 0000000000000000 [ 651.839686][T17807] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 651.839697][T17807] R13: 00007f5ec4426038 R14: 00007f5ec4425fa0 R15: 00007ffc63015f68 [ 651.839721][T17807] [ 653.731634][T17833] FAULT_INJECTION: forcing a failure. [ 653.731634][T17833] name failslab, interval 1, probability 0, space 0, times 0 [ 653.827830][T17833] CPU: 0 UID: 0 PID: 17833 Comm: syz.3.4366 Tainted: G L syzkaller #0 PREEMPT(full) [ 653.827867][T17833] Tainted: [L]=SOFTLOCKUP [ 653.827875][T17833] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 653.827889][T17833] Call Trace: [ 653.827896][T17833] [ 653.827903][T17833] dump_stack_lvl+0x100/0x190 [ 653.827930][T17833] should_fail_ex.cold+0x5/0xa [ 653.827951][T17833] should_failslab+0xc2/0x120 [ 653.827975][T17833] kmem_cache_alloc_noprof+0x91/0x6a0 [ 653.827995][T17833] ? rcu_is_watching+0x12/0xc0 [ 653.828016][T17833] ? anon_vma_clone+0x2ba/0xcd0 [ 653.828046][T17833] anon_vma_clone+0x2ba/0xcd0 [ 653.828078][T17833] copy_vma+0x6ed/0xac0 [ 653.828098][T17833] ? __pfx_copy_vma+0x10/0x10 [ 653.828151][T17833] copy_vma_and_data+0x1cf/0x7c0 [ 653.828187][T17833] ? __pfx_copy_vma_and_data+0x10/0x10 [ 653.828228][T17833] ? __vma_start_write+0x17f/0x280 [ 653.828255][T17833] ? __pfx___vma_start_write+0x10/0x10 [ 653.828290][T17833] move_vma+0x574/0x1920 [ 653.828324][T17833] ? __pfx_move_vma+0x10/0x10 [ 653.828357][T17833] ? mm_get_unmapped_area_vmflags+0xd7/0x130 [ 653.828382][T17833] ? cap_mmap_addr+0x4b/0x120 [ 653.828410][T17833] ? bpf_lsm_mmap_addr+0x9/0x30 [ 653.828436][T17833] ? security_mmap_addr+0x71/0x1e0 [ 653.828458][T17833] ? __get_unmapped_area+0x255/0x3e0 [ 653.828484][T17833] ? vrm_set_new_addr+0x204/0x290 [ 653.828517][T17833] mremap_to+0x234/0x4c0 [ 653.828535][T17833] ? mas_walk+0x6ef/0x9b0 [ 653.828562][T17833] ? __pfx_mremap_to+0x10/0x10 [ 653.828578][T17833] ? check_prep_vma+0x912/0xe60 [ 653.828614][T17833] __do_sys_mremap+0x88c/0x1850 [ 653.828640][T17833] ? __pfx___do_sys_mremap+0x10/0x10 [ 653.828664][T17833] ? __pfx_do_futex+0x10/0x10 [ 653.828689][T17833] ? __x64_sys_futex+0x34f/0x4d0 [ 653.828721][T17833] do_syscall_64+0x115/0x840 [ 653.828747][T17833] ? clear_bhb_loop+0x40/0x90 [ 653.828770][T17833] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 653.828791][T17833] RIP: 0033:0x7f0571d9de59 [ 653.828811][T17833] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 653.828832][T17833] RSP: 002b:00007f0572d24028 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 653.828852][T17833] RAX: ffffffffffffffda RBX: 00007f0572026090 RCX: 00007f0571d9de59 [ 653.828864][T17833] RDX: 0000000000000004 RSI: 0000000000000004 RDI: 0000200000000000 [ 653.828875][T17833] RBP: 00007f0571e33e6f R08: 0000000100000000 R09: 0000000000000000 [ 653.828885][T17833] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000000 [ 653.828896][T17833] R13: 00007f0572026128 R14: 00007f0572026090 R15: 00007ffec18cc448 [ 653.828920][T17833] [ 654.665378][T17851] netlink: 334 bytes leftover after parsing attributes in process `syz.1.4376'. [ 654.686694][T17853] netlink: 334 bytes leftover after parsing attributes in process `syz.0.4368'. [ 655.531834][T17873] netlink: 330 bytes leftover after parsing attributes in process `syz.1.4385'. [ 655.580423][T17876] netlink: 334 bytes leftover after parsing attributes in process `syz.0.4386'. [ 655.857368][T17882] bcache: register_bcache() error : failed to open device [ 656.665812][T17906] skbuff: bad partial csum: csum=65535/1 headroom=4 headlen=65543 [ 658.281787][T17930] FAULT_INJECTION: forcing a failure. [ 658.281787][T17930] name fail_futex, interval 1, probability 0, space 0, times 0 [ 658.342306][T17930] CPU: 0 UID: 0 PID: 17930 Comm: syz.0.4402 Tainted: G L syzkaller #0 PREEMPT(full) [ 658.342339][T17930] Tainted: [L]=SOFTLOCKUP [ 658.342345][T17930] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 658.342356][T17930] Call Trace: [ 658.342363][T17930] [ 658.342370][T17930] dump_stack_lvl+0x100/0x190 [ 658.342397][T17930] should_fail_ex.cold+0x5/0xa [ 658.342418][T17930] get_futex_key+0xf74/0x14f0 [ 658.342450][T17930] ? __pfx_get_futex_key+0x10/0x10 [ 658.342479][T17930] ? lock_acquire+0x1b9/0x370 [ 658.342511][T17930] futex_wake+0xf4/0x5e0 [ 658.342535][T17930] ? __pfx_futex_wake+0x10/0x10 [ 658.342556][T17930] ? find_held_lock+0x2b/0x80 [ 658.342577][T17930] ? exit_mm_release+0x19/0x30 [ 658.342602][T17930] do_futex+0x2b2/0x440 [ 658.342620][T17930] ? __pfx_do_futex+0x10/0x10 [ 658.342636][T17930] ? __might_fault+0xc5/0x140 [ 658.342671][T17930] mm_release+0x24a/0x2f0 [ 658.342701][T17930] do_exit+0x707/0x2ae0 [ 658.342727][T17930] ? __pfx_do_exit+0x10/0x10 [ 658.342750][T17930] ? do_raw_spin_lock+0x128/0x260 [ 658.342771][T17930] ? find_held_lock+0x2b/0x80 [ 658.342791][T17930] ? get_signal+0x7e0/0x21e0 [ 658.342812][T17930] do_group_exit+0xd5/0x2a0 [ 658.342837][T17930] get_signal+0x1ec7/0x21e0 [ 658.342861][T17930] ? putname+0xb1/0x110 [ 658.342879][T17930] ? __pfx_get_signal+0x10/0x10 [ 658.342899][T17930] ? do_futex+0x190/0x440 [ 658.342918][T17930] arch_do_signal_or_restart+0x91/0x7a0 [ 658.342974][T17930] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 658.343008][T17930] ? __x64_sys_openat+0x12d/0x210 [ 658.343043][T17930] exit_to_user_mode_loop+0x139/0x6f0 [ 658.343072][T17930] ? rcu_is_watching+0x12/0xc0 [ 658.343094][T17930] do_syscall_64+0x652/0x840 [ 658.343121][T17930] ? clear_bhb_loop+0x40/0x90 [ 658.343144][T17930] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 658.343163][T17930] RIP: 0033:0x7f1d9fb9de59 [ 658.343179][T17930] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 658.343197][T17930] RSP: 002b:00007f1da09e90e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 658.343215][T17930] RAX: fffffffffffffe00 RBX: 00007f1d9fe25fa8 RCX: 00007f1d9fb9de59 [ 658.343227][T17930] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f1d9fe25fa8 [ 658.343238][T17930] RBP: 00007f1d9fe25fa0 R08: 0000000000000000 R09: 0000000000000000 [ 658.343249][T17930] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 658.343260][T17930] R13: 00007f1d9fe26038 R14: 00007fff9891be10 R15: 00007fff9891bef8 [ 658.343283][T17930] [ 658.803227][T17942] sctp: [Deprecated]: syz.3.4409 (pid 17942) Use of struct sctp_assoc_value in delayed_ack socket option. [ 658.803227][T17942] Use struct sctp_sack_info instead [ 663.044367][T18056] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 663.403786][T18066] RDS: rds_bind could not find a transport for ::ffff:172.20.20.187, load rds_tcp or rds_rdma? [ 665.933246][ T4944] Bluetooth: hci1: unexpected event 0x06 length: 6 > 3 [ 666.182554][T18119] pim6reg: entered allmulticast mode [ 666.436814][T18126] FAULT_INJECTION: forcing a failure. [ 666.436814][T18126] name failslab, interval 1, probability 0, space 0, times 0 [ 666.484543][T18126] CPU: 0 UID: 0 PID: 18126 Comm: syz.0.4476 Tainted: G L syzkaller #0 PREEMPT(full) [ 666.484574][T18126] Tainted: [L]=SOFTLOCKUP [ 666.484581][T18126] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 666.484592][T18126] Call Trace: [ 666.484599][T18126] [ 666.484606][T18126] dump_stack_lvl+0x100/0x190 [ 666.484636][T18126] should_fail_ex.cold+0x5/0xa [ 666.484657][T18126] ? __pfx_mqueue_fill_super+0x10/0x10 [ 666.484685][T18126] should_failslab+0xc2/0x120 [ 666.484708][T18126] ? __pfx_mqueue_fill_super+0x10/0x10 [ 666.484733][T18126] kmem_cache_alloc_lru_noprof+0x8d/0x6a0 [ 666.484755][T18126] ? do_raw_spin_unlock+0x145/0x1e0 [ 666.484774][T18126] ? __d_alloc+0x35/0xa50 [ 666.484794][T18126] ? __pfx_mqueue_fill_super+0x10/0x10 [ 666.484820][T18126] __d_alloc+0x35/0xa50 [ 666.484836][T18126] ? __kmalloc_cache_noprof+0x2e5/0x6c0 [ 666.484875][T18126] ? __pfx_mqueue_fill_super+0x10/0x10 [ 666.484906][T18126] d_make_root+0x3e/0x90 [ 666.484932][T18126] mqueue_fill_super+0x175/0x260 [ 666.485008][T18126] get_tree_nodev+0xdd/0x190 [ 666.485036][T18126] mqueue_get_tree+0xf1/0x130 [ 666.485061][T18126] vfs_get_tree+0x92/0x320 [ 666.485085][T18126] fc_mount_longterm+0x1a/0x270 [ 666.485111][T18126] mq_init_ns+0x482/0x820 [ 666.485130][T18126] copy_ipcs+0x3dd/0x7e0 [ 666.485151][T18126] create_new_namespaces+0x20a/0xac0 [ 666.485180][T18126] ? security_capable+0x80/0x260 [ 666.485211][T18126] unshare_nsproxy_namespaces+0xf2/0x220 [ 666.485242][T18126] ksys_unshare+0x438/0xab0 [ 666.485265][T18126] ? __pfx_ksys_unshare+0x10/0x10 [ 666.485294][T18126] __x64_sys_unshare+0x31/0x40 [ 666.485314][T18126] do_syscall_64+0x115/0x840 [ 666.485341][T18126] ? clear_bhb_loop+0x40/0x90 [ 666.485363][T18126] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 666.485382][T18126] RIP: 0033:0x7f1d9fb9de59 [ 666.485398][T18126] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 666.485415][T18126] RSP: 002b:00007f1da09c8028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 666.485434][T18126] RAX: ffffffffffffffda RBX: 00007f1d9fe26090 RCX: 00007f1d9fb9de59 [ 666.485446][T18126] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000008000000 [ 666.485457][T18126] RBP: 00007f1d9fc33e6f R08: 0000000000000000 R09: 0000000000000000 [ 666.485468][T18126] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 666.485478][T18126] R13: 00007f1d9fe26128 R14: 00007f1d9fe26090 R15: 00007fff9891bef8 [ 666.485502][T18126] [ 668.480757][T18159] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4486'. [ 668.514712][T18159] netlink: 17 bytes leftover after parsing attributes in process `syz.3.4486'. [ 668.569475][T18153] smpboot: Booting Node 0 Processor 1 APIC 0x1 [ 668.688862][T18157] smpboot: CPU 1 is now offline [ 671.244453][T18206] netlink: 334 bytes leftover after parsing attributes in process `syz.1.4500'. [ 672.168663][T18224] netlink: 342 bytes leftover after parsing attributes in process `syz.3.4514'. [ 672.187139][T18224] IPv6: NLM_F_CREATE should be specified when creating new route [ 672.196466][T18224] IPv6: Can't replace route, no match found [ 672.207225][T18224] netlink: 342 bytes leftover after parsing attributes in process `syz.3.4514'. [ 672.216857][T18224] IPv6: Can't replace route, no match found [ 673.894419][T18259] FAULT_INJECTION: forcing a failure. [ 673.894419][T18259] name fail_futex, interval 1, probability 0, space 0, times 0 [ 673.947166][T18259] CPU: 0 UID: 0 PID: 18259 Comm: syz.0.4516 Tainted: G L syzkaller #0 PREEMPT(full) [ 673.947198][T18259] Tainted: [L]=SOFTLOCKUP [ 673.947205][T18259] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 673.947216][T18259] Call Trace: [ 673.947223][T18259] [ 673.947230][T18259] dump_stack_lvl+0x100/0x190 [ 673.947256][T18259] should_fail_ex.cold+0x5/0xa [ 673.947276][T18259] get_futex_key+0x1d2/0x14f0 [ 673.947308][T18259] ? __pfx_get_futex_key+0x10/0x10 [ 673.947337][T18259] ? lock_acquire+0x1b9/0x370 [ 673.947369][T18259] futex_wake+0xf4/0x5e0 [ 673.947393][T18259] ? __pfx_futex_wake+0x10/0x10 [ 673.947415][T18259] ? find_held_lock+0x2b/0x80 [ 673.947440][T18259] ? exit_mm_release+0x19/0x30 [ 673.947464][T18259] do_futex+0x2b2/0x440 [ 673.947483][T18259] ? __pfx_do_futex+0x10/0x10 [ 673.947499][T18259] ? __might_fault+0xc5/0x140 [ 673.947534][T18259] mm_release+0x24a/0x2f0 [ 673.947564][T18259] do_exit+0x707/0x2ae0 [ 673.947591][T18259] ? __pfx_do_exit+0x10/0x10 [ 673.947613][T18259] ? do_raw_spin_lock+0x128/0x260 [ 673.947631][T18259] ? find_held_lock+0x2b/0x80 [ 673.947650][T18259] ? get_signal+0x7e0/0x21e0 [ 673.947670][T18259] do_group_exit+0xd5/0x2a0 [ 673.947696][T18259] get_signal+0x1ec7/0x21e0 [ 673.947734][T18259] ? __pfx_get_signal+0x10/0x10 [ 673.947754][T18259] ? do_futex+0x190/0x440 [ 673.947773][T18259] arch_do_signal_or_restart+0x91/0x7a0 [ 673.947811][T18259] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 673.947845][T18259] ? fput+0x79/0x100 [ 673.947869][T18259] exit_to_user_mode_loop+0x139/0x6f0 [ 673.947898][T18259] ? rcu_is_watching+0x12/0xc0 [ 673.947919][T18259] do_syscall_64+0x652/0x840 [ 673.947947][T18259] ? clear_bhb_loop+0x40/0x90 [ 673.947969][T18259] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 673.947988][T18259] RIP: 0033:0x7f1d9fb9de59 [ 673.948004][T18259] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 673.948022][T18259] RSP: 002b:00007f1da09e90e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 673.948042][T18259] RAX: fffffffffffffe00 RBX: 00007f1d9fe25fa8 RCX: 00007f1d9fb9de59 [ 673.948054][T18259] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f1d9fe25fa8 [ 673.948066][T18259] RBP: 00007f1d9fe25fa0 R08: 0000000000000000 R09: 0000000000000000 [ 673.948077][T18259] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 673.948088][T18259] R13: 00007f1d9fe26038 R14: 00007fff9891be10 R15: 00007fff9891bef8 [ 673.948111][T18259] [ 674.632267][T18263] netlink: 146 bytes leftover after parsing attributes in process `syz.0.4518'. [ 674.765599][T18241] Process accounting resumed [ 674.850015][T18266] netlink: 330 bytes leftover after parsing attributes in process `syz.3.4519'. [ 675.709030][ T4944] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18 [ 675.738843][ T4944] Bluetooth: hci2: unexpected event 0x08 length: 44 > 4 [ 675.925634][T18292] netlink: 146 bytes leftover after parsing attributes in process `syz.0.4527'. [ 676.958082][T18311] netlink: 504 bytes leftover after parsing attributes in process `syz.2.4533'. [ 677.635387][T18323] netlink: 342 bytes leftover after parsing attributes in process `syz.1.4539'. [ 677.756795][T15385] ------------[ cut here ]------------ [ 677.763637][T15385] refcnt < 0 [ 677.763652][T15385] WARNING: net/bluetooth/hci_conn.c:631 at hci_conn_timeout+0x16a/0x230, CPU#0: kworker/u9:0/15385 [ 677.779977][T15385] Modules linked in: [ 677.784248][T15385] CPU: 0 UID: 0 PID: 15385 Comm: kworker/u9:0 Tainted: G L syzkaller #0 PREEMPT(full) [ 677.795623][T15385] Tainted: [L]=SOFTLOCKUP [ 677.800007][T15385] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 677.810442][T15385] Workqueue: hci2 hci_conn_timeout [ 677.816028][T15385] RIP: 0010:hci_conn_timeout+0x16a/0x230 [ 677.821899][T15385] Code: 44 0f b6 2d 2b 08 71 06 31 ff 41 83 e5 40 44 89 ee e8 1a 6e 5c f7 45 84 ed 0f 84 02 ff ff ff e9 50 a4 c4 f6 e8 f7 73 5c f7 90 <0f> 0b 90 e8 ee 73 5c f7 48 8d bb fd f5 ff ff 48 b8 00 00 00 00 00 [ 677.843187][T15385] RSP: 0018:ffffc90000117c18 EFLAGS: 00010293 [ 677.850000][T15385] RAX: 0000000000000000 RBX: ffff888056c8ca40 RCX: ffffffff8aacb74f [ 677.858510][T15385] RDX: ffff888033071f00 RSI: ffffffff8aacb849 RDI: ffff888033071f00 [ 677.867216][T15385] RBP: 00000000ffffffff R08: 0000000000000005 R09: 0000000000000000 [ 677.877047][T15385] R10: 00000000ffffffff R11: 0000000000000000 R12: ffff888056c8c000 [ 677.885185][T15385] R13: ffff8880330723c4 R14: ffffffff91227844 R15: 0000000000000000 [ 677.893191][T15385] FS: 0000000000000000(0000) GS:ffff888123df8000(0000) knlGS:0000000000000000 [ 677.902423][T15385] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 677.909155][T15385] CR2: 00007f5ec4f556b8 CR3: 0000000026bee000 CR4: 00000000003526f0 [ 677.917312][T15385] Call Trace: [ 677.920637][T15385] [ 677.923676][T15385] process_one_work+0xa23/0x1940 [ 677.928777][T15385] ? __pfx_process_one_work+0x10/0x10 [ 677.934223][T15385] ? __pfx_hci_conn_timeout+0x10/0x10 [ 677.940002][T15385] worker_thread+0x5ef/0xe50 [ 677.944771][T15385] ? __pfx_worker_thread+0x10/0x10 [ 677.950178][T15385] ? kthread+0x13a/0x450 [ 677.954614][T15385] ? __pfx_worker_thread+0x10/0x10 [ 677.959759][T15385] kthread+0x370/0x450 [ 677.963845][T15385] ? __pfx_kthread+0x10/0x10 [ 677.968487][T15385] ret_from_fork+0x72b/0xd50 [ 677.974307][T15385] ? __pfx_ret_from_fork+0x10/0x10 [ 677.980412][T15385] ? __switch_to+0x800/0x10f0 [ 677.985305][T15385] ? __switch_to_asm+0x39/0x70 [ 677.990196][T15385] ? __pfx_kthread+0x10/0x10 [ 677.995156][T15385] ret_from_fork_asm+0x1a/0x30 [ 678.000044][T15385] [ 678.003156][T15385] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 678.010538][T15385] CPU: 0 UID: 0 PID: 15385 Comm: kworker/u9:0 Tainted: G L syzkaller #0 PREEMPT(full) [ 678.021767][T15385] Tainted: [L]=SOFTLOCKUP [ 678.026105][T15385] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 678.036365][T15385] Workqueue: hci2 hci_conn_timeout [ 678.041622][T15385] Call Trace: [ 678.044939][T15385] [ 678.047902][T15385] dump_stack_lvl+0x100/0x190 [ 678.052676][T15385] vpanic+0x552/0x970 [ 678.056687][T15385] ? __pfx_vpanic+0x10/0x10 [ 678.061299][T15385] panic+0xd1/0xe0 [ 678.065148][T15385] ? __pfx_panic+0x10/0x10 [ 678.069965][T15385] ? check_panic_on_warn+0x1f/0x90 [ 678.075222][T15385] check_panic_on_warn.cold+0x19/0x34 [ 678.080995][T15385] ? hci_conn_timeout+0x16a/0x230 [ 678.086151][T15385] __warn.cold+0x191/0x318 [ 678.090806][T15385] __report_bug+0x30f/0x440 [ 678.095596][T15385] ? hci_conn_timeout+0x16a/0x230 [ 678.100665][T15385] ? __pfx___report_bug+0x10/0x10 [ 678.105717][T15385] ? find_held_lock+0x2b/0x80 [ 678.110496][T15385] ? try_to_wake_up+0x14c/0x1c90 [ 678.115463][T15385] ? try_to_wake_up+0x14c/0x1c90 [ 678.120502][T15385] ? look_up_lock_class+0x55/0x120 [ 678.125735][T15385] ? register_lock_class+0x40/0x560 [ 678.130971][T15385] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 678.136789][T15385] ? try_to_wake_up+0x158/0x1c90 [ 678.142085][T15385] ? hci_conn_timeout+0x16a/0x230 [ 678.147199][T15385] report_bug+0xb2/0x220 [ 678.151483][T15385] ? hci_conn_timeout+0x16a/0x230 [ 678.156517][T15385] handle_bug+0x16a/0x2a0 [ 678.161391][T15385] exc_invalid_op+0x17/0x50 [ 678.166226][T15385] asm_exc_invalid_op+0x1a/0x20 [ 678.171167][T15385] RIP: 0010:hci_conn_timeout+0x16a/0x230 [ 678.177011][T15385] Code: 44 0f b6 2d 2b 08 71 06 31 ff 41 83 e5 40 44 89 ee e8 1a 6e 5c f7 45 84 ed 0f 84 02 ff ff ff e9 50 a4 c4 f6 e8 f7 73 5c f7 90 <0f> 0b 90 e8 ee 73 5c f7 48 8d bb fd f5 ff ff 48 b8 00 00 00 00 00 [ 678.196839][T15385] RSP: 0018:ffffc90000117c18 EFLAGS: 00010293 [ 678.202947][T15385] RAX: 0000000000000000 RBX: ffff888056c8ca40 RCX: ffffffff8aacb74f [ 678.210952][T15385] RDX: ffff888033071f00 RSI: ffffffff8aacb849 RDI: ffff888033071f00 [ 678.219031][T15385] RBP: 00000000ffffffff R08: 0000000000000005 R09: 0000000000000000 [ 678.227095][T15385] R10: 00000000ffffffff R11: 0000000000000000 R12: ffff888056c8c000 [ 678.235106][T15385] R13: ffff8880330723c4 R14: ffffffff91227844 R15: 0000000000000000 [ 678.243372][T15385] ? hci_conn_timeout+0x6f/0x230 [ 678.248341][T15385] ? hci_conn_timeout+0x169/0x230 [ 678.253501][T15385] ? hci_conn_timeout+0x169/0x230 [ 678.258648][T15385] process_one_work+0xa23/0x1940 [ 678.263619][T15385] ? __pfx_process_one_work+0x10/0x10 [ 678.269278][T15385] ? __pfx_hci_conn_timeout+0x10/0x10 [ 678.274846][T15385] worker_thread+0x5ef/0xe50 [ 678.279653][T15385] ? __pfx_worker_thread+0x10/0x10 [ 678.284802][T15385] ? kthread+0x13a/0x450 [ 678.289081][T15385] ? __pfx_worker_thread+0x10/0x10 [ 678.294306][T15385] kthread+0x370/0x450 [ 678.298570][T15385] ? __pfx_kthread+0x10/0x10 [ 678.303401][T15385] ret_from_fork+0x72b/0xd50 [ 678.308221][T15385] ? __pfx_ret_from_fork+0x10/0x10 [ 678.313717][T15385] ? __switch_to+0x800/0x10f0 [ 678.318817][T15385] ? __switch_to_asm+0x39/0x70 [ 678.323635][T15385] ? __pfx_kthread+0x10/0x10 [ 678.328545][T15385] ret_from_fork_asm+0x1a/0x30 [ 678.333614][T15385] [ 678.336717][T15385] Kernel Offset: disabled [ 678.341423][T15385] Rebooting in 86400 seconds..