last executing test programs: 6.23349952s ago: executing program 1 (id=2380): close_range$auto(0x2, 0x8, 0x0) 6.061744041s ago: executing program 1 (id=2381): memfd_secret$auto(0x0) openat$auto_tap_fops_tap(0xffffffffffffff9c, 0x0, 0x1, 0x0) socket(0x1a, 0x1, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0x40001, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) listmount$auto(&(0x7f0000000100)={0x1f, @raw, 0x80000002, 0xfffffffffffffff7, 0x2}, 0x0, 0xf4240, 0x1) socket(0x2b, 0x1, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) mlock$auto(0x112, 0x80006) mlockall$auto(0x800000000000005) madvise$auto(0x0, 0x200007, 0x19) write$auto_console_fops_tty_io(0xffffffffffffffff, &(0x7f0000000000)="4c91f2c388274610e12c861bb2bfd9800e9b394b", 0x14) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) r2 = socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(r2, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) 5.529512558s ago: executing program 2 (id=2382): waitid$auto(0x8, 0xffffffffffffffff, 0x0, 0x3, &(0x7f0000000180)={{0xfffffffffffffff9, 0x7fffffffffffffff}, {0x2, 0x6}, 0x4, 0x5, 0x1, 0x3, 0x0, 0x8000, 0x80000000, 0x7, 0xb7, 0x5d9, 0x5, 0x7ff, 0x2055}) mmap$auto(0x2, 0x400008, 0xdf, 0x9b72, 0x2, 0x10000000008000) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) socket(0xa, 0x5, 0x0) accept$auto(0x3, 0xffffffffffffffff, 0xfffffffffffffffd) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x787b, 0x7000000) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) pread64$auto(0xffffffffffffffff, 0x0, 0x200000000003, 0x2f4a3a23) ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x2, 0x0) writev$auto(r0, &(0x7f0000000300)={&(0x7f0000000200), 0x200}, 0x3) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptye9\x00', 0x101e81, 0x0) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda\x00', 0x2c402, 0x0) r2 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000980)='/dev/ttye9\x00', 0x102, 0x0) sendfile$auto(r2, r1, 0x0, 0x10000) close_range$auto(0x2, 0x8, 0x0) semctl$auto_GETNCNT(0x0, 0x4, 0xe, 0x4) bpf$auto(0x12, 0x0, 0x26) r3 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x60742, 0x0) fstat$auto(r3, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x4610, 0x0) write$auto(0xffffffffffffffff, 0x0, 0x100000a3d7) 5.500619142s ago: executing program 3 (id=2383): socket$nl_generic(0x10, 0x3, 0x10) r0 = socket(0x5, 0x801, 0x0) unshare$auto(0x40000080) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) socket(0x2c, 0x1, 0x0) listen$auto(0x3, 0x81) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) keyctl$auto(0x1f, 0x1, 0x6, 0x0, 0x3ff) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f2, 0x15) r2 = socket(0x23, 0x2, 0x0) sendto$auto(r2, 0x0, 0x8000000008000, 0x0, &(0x7f0000000100)=@in={0x23, 0x0, @local}, 0x80) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) r5 = io_uring_setup$auto(0x2, 0x0) close_range$auto(0x2, 0x8, 0x0) r6 = open(0x0, 0x22040, 0x75) socket(0xa, 0x3, 0x87) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "00800000ffefffffff0200000001"}, 0x55) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c03, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x1f4) sendmsg$auto_ETHTOOL_MSG_FEATURES_SET(r3, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000480)=ANY=[@ANYRES64=r4, @ANYRES16=r0, @ANYRESHEX=r5, @ANYBLOB="c1f050d04069eb9993cdc376dcc54877ec379609e393ecac66db8bc8575d51c6a087088b393bb4e27155a3fdb5773276e29da116d38bd6c7133ed3efba8bdfa2a7d3c63b45fcd9496cf3b4442be4fd157b8581e82f0dd10c53234bd1df968e1173f3861fe6c9a4000accb79c917831e0a8ef574b", @ANYBLOB="e9aecc05c92d95c71ca66ff0b89f549f9b807c80f3126c359522fe88b560a897cce0af7cc71958a15bd81c4f82847e57f3d834c7d522f89ed1dcb63c0723ab7fe580a89807c9b564fc5e326f918eb14402bcbb5eb8fc39264ec069776a0308a7816b8c9822e3ca7e85e957f93eb819872b2858", @ANYBLOB="2be9d2de2535c2c15bc1b12403f6e3d8412934e56668bad57ada43ce6e24dbe607eb53931e95a7a75a72ea81bb95292f93ddddad03cd575ace38f3be6de2a858128aa5ce35da6a7cb30174709b6873f668455716b66b93c234ccaa84beaae3c0f9f103770db44a0098c82026f26149ab4dd0aed9a19eca", @ANYRES32=r1, @ANYRES64=r6], 0x14}}, 0x24048004) openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/pagemap\x00', 0x309801, 0x0) mmap$auto(0x0, 0x200006, 0x2, 0x40eb1, 0x602, 0x300000000000) mmap$auto(0x0, 0x420009, 0xdf, 0xeb1, 0x401, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) 4.887052394s ago: executing program 0 (id=2385): syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ram5\x00', 0x1eba02, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/disk\x00', 0x100, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r1, &(0x7f0000000140)=""/123, 0x7b) setresuid$auto(0x0, 0x0, 0x0) ioctl$auto_BLKALIGNOFF(r0, 0x127a, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) sendmsg$auto_NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xc000}, 0x2404c800) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram0\x00', 0x402800, 0x0) close_range$auto(r2, r2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x1a1842, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x10000000009b72, 0xffffffffffffffff, 0x8000) pread64$auto(0xffffffffffffffff, 0x0, 0x80000000008, 0x8000) kexec_load$auto(0x5, 0xff00, &(0x7f0000000040)={@buf=&(0x7f00000003c0)="690b7f56107658eca46c9730a742a1594ab012ab53ff6a63d3e8b4cdc86176367cd19732f892a6ec0bceb04fdd527c1ae55163dd6be1a22799a958b1e5eb605f1ffccde3bb9cba41", 0x800c000, 0x4800c000, 0x800c000}, 0x4) 4.779133437s ago: executing program 2 (id=2386): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/devices/virtual/block/ram3/queue/iostats_passthrough\x00', 0x80202, 0x0) sendfile$auto(r0, r0, 0x0, 0x3) write$auto(0xffffffffffffffff, &(0x7f0000000080)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94&\x81\xe2\x13\x8f\xea#\xf8F\xbbOO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\b\xc1\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xcbA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(', 0xa) unshare$auto(0x40000080) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x2020009, 0x3, 0xf8, 0xfffffffffffffffa, 0x8000) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r2, 0x0, 0xe8) close_range$auto(0x2, 0x8, 0x0) socket(0xa, 0x1, 0x84) openat$auto_proc_oom_score_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_score_adj\x00', 0x142, 0x0) write$auto(0x3, 0x0, 0x100086) socket(0x2b, 0x3, 0xffff) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x202000a, 0xffffffff, 0xdc, 0xfffffffffffffffa, 0x8000) keyctl$auto(0x1f, 0x1, 0x6, 0x3, 0x3ff) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f2, 0x15) r3 = syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_FEATURES_SET(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000980)=ANY=[@ANYBLOB="00020000", @ANYRES16=r3, @ANYBLOB="010031bd7000fddbdf250c000000"], 0x14}}, 0x24048084) madvise$auto(0x0, 0x200007, 0x19) openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000300)='/proc/thread-self/pagemap\x00', 0x103003, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x101001, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000001c0), 0x101000, 0x0) openat$auto_zero_fops_mem(0xffffffffffffff9c, &(0x7f0000000340), 0x80200, 0x0) r4 = socket(0x2c, 0x80003, 0x0) setsockopt$auto(r4, 0x11b, 0x4, 0xffffffffffffffff, 0x18) 4.567615203s ago: executing program 0 (id=2387): r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/audio\x00', 0x20342, 0x0) ioctl$auto_SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000000)) mmap$auto(0x0, 0x400007, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x1e9a42, 0x0) sendmsg$auto_ETHTOOL_MSG_CABLE_TEST_TDR_ACT(0xffffffffffffffff, 0x0, 0x0) timer_create$auto(0x9, 0x0, 0x0) read$auto(0x3, 0x0, 0x8080) socket(0x26, 0x1, 0xfe) write$auto(0x3, 0x0, 0xffd8) shmctl$auto_IPC_SET(0x84, 0x1, &(0x7f0000000280)={{0x5, 0xee00, 0xee00, 0xca6d, 0x69, 0x8, 0x5}, 0xd21, 0x5, 0x8000000000000000, 0x5, @inferred=0xffffffffffffffff, @raw, 0x9, 0x0, &(0x7f0000000080)="4f0d6995e943b6bc1919e836e1a6e889b4881e233d3b51e066bb0a054c9e474be535fd29da", &(0x7f0000000200)="e3ac9b01ee8d985b677531eeeee5cb5bf774d2df4d9ae6dccbc98def20b72c7c2826a585ba3a8d67815affff214708a4ade77c6faa2f2889ca3e7989f32645dd597a3ae1b46e8d8c7e03ae6b8aaa49f6bf64cc5fa98e25"}) fsconfig$auto(r0, 0x800, &(0x7f0000000040)='/sys/devices/LNXSYSTM:00/LNXPWRBN:00/power/wakeup_abort_count\x00', 0x0, r1) write$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffffff, &(0x7f00000001c0)="624d1bfe595046ab5c98199adf260600de16baef6176e6021e1dce210500e8fdffff0000000000fffffffe00a7ed73de11691c13403c82be", 0x7b) process_mrelease$auto(0xffffffffffffffff, 0xa) mmap$auto(0x0, 0x40000b, 0xde, 0x9b72, 0xffffffffffffffff, 0x8000) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r3 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mount$auto(0x0, 0xfffffffffffffffe, 0x0, 0x80, 0xfffffffffffffffe) write$auto(r2, &(0x7f0000000180)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8\xa6\xb6\xaa\x96/OX\xba\x02\xc5\xc6B\x1d}Y\xbc@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf\xd6f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8', 0x100000a3d6) openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x60042, 0x0) mkdir$auto(&(0x7f0000000100)='./file0\x00', 0xff) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/037/001\x00', 0x802, 0x0) socket(0x2, 0x1, 0x106) mmap$auto(0x1000000000, 0x100000400008, 0x1000000000000df, 0x4000009b73, r3, 0x8000) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/admmidi2\x00', 0x40080, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x10000000000001ff, 0x7, 0xd3e, 0x20, 0x9687, 0x100000000000003, 0x3c2a19d5, 0x6, 0x3, 0x62, 0x8, 0x7, 0x6d3f, 0x6, 0xa, 0xfffffffffffffffe]}, 0x0) r4 = socket(0x2b, 0x1, 0x1) setsockopt$auto(r4, 0x0, 0x20, 0x0, 0x20) 4.343899696s ago: executing program 3 (id=2388): memfd_secret$auto(0x0) openat$auto_tap_fops_tap(0xffffffffffffff9c, 0x0, 0x1, 0x0) r0 = socket(0x1a, 0x1, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r2 = getpid() process_vm_readv$auto(r2, &(0x7f0000000000)={0x0, 0xfff}, 0x1, &(0x7f0000000280)={&(0x7f0000000080), 0xffffffff}, 0x6, 0x0) sendmsg$auto_NL80211_CMD_GET_MPATH(r0, &(0x7f00000002c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x1c, 0x0, 0x388, 0x70bd29, 0x25dfdbfc, {}, [@NL80211_ATTR_MAX_CRIT_PROT_DURATION={0x6, 0xb4, 0x4}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4004090}, 0x4) prctl$auto(0x1d47, 0x1, r2, 0x1, 0x2) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0x40001, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) r3 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r3, 0x0, 0x3) listmount$auto(&(0x7f0000000100)={0x1f, @raw, 0x80000002, 0xfffffffffffffff7, 0x2}, 0x0, 0xf4240, 0x1) socket(0x2b, 0x1, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) mlock$auto(0x112, 0x80006) mlockall$auto(0x800000000000005) madvise$auto(0x0, 0x200007, 0x19) msgrcv$auto(0x0, 0x0, 0xff9, 0xfffffffffffffffc, 0xb4) r4 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) write$auto_console_fops_tty_io(r4, &(0x7f0000000000)="4c91f2c388274610e12c861bb2bfd9800e9b394b", 0x14) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) r5 = socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) select$auto(0xff, &(0x7f0000000300)={[0x2, 0x1000, 0xc00000000, 0x8, 0x2, 0x3, 0x101, 0x800, 0x8001, 0xffff, 0x1, 0x8, 0x101, 0x7, 0x475d, 0xe77]}, &(0x7f0000000380)={[0x3, 0xd8fc, 0x80, 0x2ed, 0xd0, 0xcf8, 0x4cc, 0x7, 0x28, 0x51ca9feb, 0xcb6, 0x3, 0xffffffffffffffff, 0xb, 0xffffffffffffffff, 0x7fffffffffffffff]}, &(0x7f0000000400)={[0x1ff, 0x7, 0x0, 0x8, 0x100, 0x8000000000000000, 0x3, 0x1, 0x204, 0x3, 0x100, 0x4b95, 0x7fffffffffffffff, 0x0, 0x10000, 0x7]}, &(0x7f00000001c0)={0x6e, 0x2}) connect$auto(r5, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) 3.766839957s ago: executing program 1 (id=2389): r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/audio\x00', 0x20342, 0x0) ioctl$auto_SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000000)) mmap$auto(0x0, 0x400007, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x1e9a42, 0x0) sendmsg$auto_ETHTOOL_MSG_CABLE_TEST_TDR_ACT(0xffffffffffffffff, 0x0, 0x0) timer_create$auto(0x9, 0x0, 0x0) read$auto(0x3, 0x0, 0x7ffffffff000) socket(0x26, 0x1, 0xfe) write$auto(0x3, 0x0, 0xffd8) shmctl$auto_IPC_SET(0x84, 0x1, &(0x7f0000000280)={{0x5, 0xee00, 0xee00, 0xca6d, 0x69, 0x8, 0x5}, 0xd21, 0x5, 0x8000000000000000, 0x5, @inferred=0xffffffffffffffff, @raw, 0x9, 0x0, &(0x7f0000000080)="4f0d6995e943b6bc1919e836e1a6e889b4881e233d3b51e066bb0a054c9e474be535fd29da", &(0x7f0000000200)="e3ac9b01ee8d985b677531eeeee5cb5bf774d2df4d9ae6dccbc98def20b72c7c2826a585ba3a8d67815affff214708a4ade77c6faa2f2889ca3e7989f32645dd597a3ae1b46e8d8c7e03ae6b8aaa49f6bf64cc5fa98e25"}) fsconfig$auto(r0, 0x800, &(0x7f0000000040)='/sys/devices/LNXSYSTM:00/LNXPWRBN:00/power/wakeup_abort_count\x00', 0x0, r1) write$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffffff, &(0x7f00000001c0)="624d1bfe595046ab5c98199adf260600de16baef6176e6021e1dce210500e8fdffff0000000000fffffffe00a7ed73de11691c13403c82be", 0x7b) process_mrelease$auto(0xffffffffffffffff, 0xa) mmap$auto(0x0, 0x40000b, 0xde, 0x9b72, 0xffffffffffffffff, 0x8000) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r3 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mount$auto(0x0, 0xfffffffffffffffe, 0x0, 0x80, 0xfffffffffffffffe) write$auto(r2, &(0x7f0000000180)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8\xa6\xb6\xaa\x96/OX\xba\x02\xc5\xc6B\x1d}Y\xbc@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf\xd6f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8', 0x100000a3d6) openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x60042, 0x0) mkdir$auto(&(0x7f0000000100)='./file0\x00', 0xff) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/adsp1\x00', 0x20342, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/037/001\x00', 0x802, 0x0) socket(0x2, 0x1, 0x106) mmap$auto(0x1000000000, 0x100000400008, 0x1000000000000df, 0x4000009b73, r3, 0x8000) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x10000000000001ff, 0x7, 0xd3e, 0x20, 0x9687, 0x100000000000003, 0x3c2a19d5, 0x6, 0x3, 0x62, 0x8, 0x7, 0x6d3f, 0x6, 0xa, 0xfffffffffffffffe]}, 0x0) r4 = socket(0x2b, 0x1, 0x1) setsockopt$auto(r4, 0x0, 0x20, 0x0, 0x20) close_range$auto(0x2, 0x8, 0x0) 3.481201854s ago: executing program 0 (id=2390): mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) unshare$auto(0x40000080) ioctl$auto(0xffffffffffffffff, 0x90006441, 0xc35) pwrite64$auto(0xc8, &(0x7f00000001c0)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x00\re\x1cJ\x99?\x00/\x00\x00\x00\xfd\xfdX\xd3\x1d\xf8\xbebZ\xddL\x01\x00\x00\x00^\x0fo\x84\xad\x83\x13\x82\xdfT\x916;CL\"\x81\x88\v\xae\xa9i8W\xe5\x00!\xf0\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2E\xd8?\'\x8dg\x81K*&\xab\xaf\x94\x90\xd7\xa6+,\xc3\xc2g\x01JZ\xbb*\xb5\xa1;0\x81\x11\x9a?g`sFh\x00\x00,,\x93\xba\x88\x93\xc6#\xe5\xaae\x9d\xb6\x1a\x7f\xc0%\xb0\rfOJ+\x02\x9b#)\x9b\x17\x82\xd7\xee\xd1\xbf2[\xd0\xbdn\x1d\x00\xeb]B\xa0\x99\xb0R\xb4J}\xa8\xa1\x84]F\xe0\x83/\xc0\xd8\x05f_\xfa\x19\a\x00\xf1\x12lwU&[\xde?\xde8\xf7\xc1\xa6\xf2\xc1\"\xact\xee\xc9\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2SZ\xf6\x8d\xdb\xcb\r\xcaN_\xa6h\xe2\xf9*w_\x84\xb8\x1aY>%:\xad9\xb8\x87\xfc\x85\x90\xfaB\xb6\xe3I\x18$\x1f\xc1YG\x94\xec\x82\xb7b[8n(\xd1Y\a\x04w\xd53\xce\xee\xdbw\xb0\xd4\xae\x0f\xce\x8e+\xaa\xcf\x86\xcd@~\xe0', 0xfded, 0x3) 2.664835157s ago: executing program 2 (id=2391): mmap$auto(0x0, 0xe983, 0x6, 0xeb1, 0xffffffffffffffff, 0x8000) close_range$auto(0x0, 0xffffffffffffffff, 0x4000000000002) eventfd$auto(0x8e) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) r1 = ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$auto(r1, 0x4040ae79, r2) close_range$auto(0x2, 0x8, 0x0) getsockopt$auto_SO_TIMESTAMP_OLD(r0, 0x5, 0x1d, &(0x7f0000000000)='[9*,\x0e/*.-(^\x00', &(0x7f0000000040)=0x6) 2.663142157s ago: executing program 0 (id=2392): mmap$auto(0x0, 0x20006, 0x4000000000df, 0xeb1, 0x4, 0x8000) socket(0x29, 0x2, 0x0) connect$auto(0x3, 0x0, 0x54) ioprio_set$auto(0x3, 0x0, 0x4b34) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x19) (fail_nth: 4) 2.599797484s ago: executing program 1 (id=2393): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) unshare$auto(0x40000080) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000180)='/proc/kcore\x00', 0xc40, 0x0) r0 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/domain_policy\x00', 0x40802, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r1, 0x0, 0x20) r2 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x4802, 0x0) writev$auto(r2, &(0x7f0000000200)={0x0, 0x7}, 0x400000003) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x40000008000) r3 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x80080, 0x0) socket(0x10, 0x2, 0x0) mmap$auto(0x0, 0x2000a, 0x10000000000df, 0xeb2, 0x401, 0x8000) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)={0x6c, 0x0, 0x200, 0x70bd26, 0x25dfdbfc, {}, [@HSR_A_IF1_AGE={0x8, 0x3, 0x200}, @HSR_A_IF1_AGE={0x8, 0x3, 0x8d1e}, @HSR_A_IFINDEX={0x8}, @HSR_A_NODE_ADDR_B={0xa, 0x5, @random="431396a271ac"}, @HSR_A_NODE_ADDR={0xa, 0x1, @local}, @HSR_A_NODE_ADDR={0xa}, @HSR_A_IF2_AGE={0x8, 0x4, 0x11}, @HSR_A_IF1_AGE={0x8, 0x3, 0x5}, @HSR_A_NODE_ADDR={0xa, 0x1, @remote}]}, 0x6c}, 0x1, 0x0, 0x0, 0x40080}, 0x40090) r4 = socket(0x10, 0x2, 0x0) r5 = syz_genetlink_get_family_id$auto_ipvs(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$auto_IPVS_CMD_DEL_DEST(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000004f40)={&(0x7f0000000240)={0x18, r5, 0x8574a35e83815fa9, 0x70bd28, 0x25dfdbfc, {}, [@IPVS_CMD_ATTR_SERVICE={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x20000800}, 0x14) r6 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda1\x00', 0xe6e43, 0x0) ioctl$auto_HDIO_GETGEO(r6, 0x301, &(0x7f0000000540)) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) r7 = socket(0xa, 0x5, 0x0) io_uring_setup$auto(0x40000002c55, 0x0) setsockopt$auto(r7, 0x10000000084, 0x7f, 0x0, 0xad4) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="13"], 0x1ac}}, 0x4004) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x800002, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x209}, 0x7}, 0x3, 0x0) ioctl$auto_PPPIOCSMRU(r3, 0xc004743e, 0x0) read$auto(r0, 0x0, 0xb4d3) r8 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nbd12\x00', 0x44003, 0x0) ioctl$auto_BLKPG(r8, 0x1269, 0x300) 2.369469033s ago: executing program 0 (id=2394): mmap$auto(0x0, 0xe983, 0x6, 0xeb1, 0xffffffffffffffff, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) mmap$auto(0x0, 0x400008, 0xdf, 0x9b73, 0x2, 0x10000) r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000280)='/proc/asound/card1/pcm0p/sub4/info\x00', 0x1ca40, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x600, 0x0) r1 = openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f0000001a00), 0x88000, 0x0) ioctl$auto_RTC_IRQP_SET(r1, 0x4008700c, 0x0) r2 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/controlC1\x00', 0x2000, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_READ(r2, 0xc4c85512, &(0x7f00000006c0)={{@raw=0x1, 0x2, 0x2, 0x1, "162629e6b2259bee9878f8e7b039aa20b33e487d34917b4a9acce903cb72dd4cd8dde6d41c914d63af7a9de9", @raw}, 0x0, @integer=@value=[0x400000000006, 0x12d800000000000, 0x179, 0xfffffffffffff8ad, 0x5, 0x7, 0x89, 0x8, 0x4, 0x7, 0x6, 0x7, 0x100000001, 0xd, 0x9, 0x8, 0x81, 0x9f, 0xa, 0x9, 0xb1, 0x0, 0x3, 0x8, 0x2, 0x10001, 0x1, 0x80000000, 0x8000, 0xffffffff8db4d983, 0x0, 0x80000000, 0xf, 0xfffffffffffffffe, 0x4, 0x7c000, 0x2, 0x0, 0x804, 0x7, 0x3, 0x4f3, 0xc, 0x4, 0xe02, 0x0, 0xe4, 0x5, 0x6, 0x81, 0x401, 0x4, 0xa, 0x8, 0x6, 0x800, 0x0, 0x7, 0x101, 0x82, 0x8000000c9d, 0x401, 0x9, 0x5, 0x640c, 0x3, 0x1000, 0x6, 0x201, 0x0, 0xec31, 0x9, 0x9, 0x0, 0xffb0000000000000, 0x4, 0xbd2a, 0x903, 0x7, 0x7fffffffffffffff, 0x400000000000005, 0x1, 0xfffffffffffffffe, 0x0, 0x7eda8566, 0x7, 0x8000000000000001, 0x4, 0x401, 0xfffffffffffffff7, 0x9, 0x14000000000000, 0x5, 0xfffffffffffffffe, 0x0, 0x9, 0x8000000000000001, 0x5, 0x1ff, 0x1, 0x40, 0xe0, 0x7, 0x2, 0x3, 0x8, 0x1f, 0x8001, 0xc13, 0x6, 0xbf5, 0x2, 0xff, 0x7, 0xf, 0xe0, 0x8000000009, 0x8, 0x3, 0x7fffffff, 0x6, 0x2, 0x1, 0xa, 0x5, 0x1, 0x100, 0xffff], "54a5f1d1dd2f17b169e8263c3a740d6611142f4b3c69d0f6e967c91125d235ac53e1b00d9fddc53d8f56969329274a57d5f4213fb46616a4faa700873d91426befc561500a5391d522c480bd37f8e7f0050cedfc627c6702978a8f018ad9a7b04711dc3a5c6a755e7a506645ea28e2baa4a6786ca43b3d5d976157eb07c3cdb8"}) pread64$auto(0xffffffffffffffff, 0x0, 0x6, 0x40008) unshare$auto(0x40000080) mmap$auto(0x0, 0x2020007, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x41555856, 0x3f, 0x2008, 0x0, 0x0) ioctl$auto(0xffffffffffffffff, 0x890b, 0x1) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r3 = clone3$auto(&(0x7f0000000180)={0x9, 0x7, 0xa5e7, 0x10000, 0x3, 0x8000000000000000, 0x10, 0x5, 0x10003, 0x1ff, 0x5185}, 0x3ff) prctl$auto(0x3e, 0x1, r3, 0x1, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) ioctl$auto_SNDCTL_DSP_GETBLKSIZE(0xffffffffffffffff, 0xc0045004, &(0x7f0000000000)) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) ioperm$auto(0x800, 0x5, 0xd) setxattrat$auto(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0, 0x1) keyctl$auto(0x1f, 0x1, 0x6, 0x3, 0x3ff) r4 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x101000, 0x0) ioctl$auto_TIOCMSET2(r4, 0x5418, &(0x7f00000001c0)="6ab1") pipe$auto(&(0x7f00000002c0)=r0) vmsplice$auto(r5, &(0x7f0000000040)={0x0, 0x400000d1e7}, 0x9, 0xd) 2.272006392s ago: executing program 2 (id=2395): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_gtp(0x0, 0xffffffffffffffff) sendmsg$auto_GTP_CMD_NEWPDP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)={0x34, r1, 0x1, 0x5, 0x25dfdbfd, {}, [@GTPA_I_TEI={0x8, 0x8, 0x5}, @GTPA_LINK={0x8, 0x1, 0x6551e4e0}, @GTPA_VERSION={0x8, 0x2, 0x1}, @GTPA_O_TEI={0x8, 0x9, 0x6}]}, 0x34}, 0x1, 0x0, 0x0, 0x4}, 0x14) openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000000000), 0x10000, 0x0) 2.162686555s ago: executing program 3 (id=2396): r0 = openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000400)='/dev/mtd0\x00', 0x28082, 0x0) write$auto(0xca, &(0x7f0000000000)='\x04#\x01\n2\x7f\x88\x83\xa9\xd7\xbea\xcd\x00\x00\x00\xef\xabJY\xee,\xf6\x80\xecP\x9f\x00\x00\x00\x00\x00\x00\x00\x80\xe0Z\x1bsZ\xac\xff\x92+\xc9\x9fs\xbf\xd8\f\xf5\xa7jUA\x11\xf9\xb4U\xc5\x92\xf1', 0x82) socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0) sysfs$auto(0x2, 0x4d, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) mmap$auto(0x0, 0x2000c, 0x8443, 0x20eb1, r1, 0x8000) openat$auto_tun_fops_tun(0xffffffffffffff9c, 0x0, 0x2002, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) lseek$auto(r2, 0xffffffffffffbaeb, 0xcd06) sendmsg$auto_ETHTOOL_MSG_EEE_SET(0xffffffffffffffff, 0x0, 0x4048010) r4 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r3, &(0x7f0000000400)='\x00\x00\x00\x00', 0x100000a3d9) capset$auto(0x0, &(0x7f0000000000)={0x1, 0x6, 0x48}) r5 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000400), 0x189002, 0x0) ioctl$auto_PPPIOCSMRU(r5, 0xc004743e, 0x0) ioctl$auto_PPPIOCSPASS(r5, 0x40107447, 0x0) ioctl$auto_PPPIOCSPASS(r5, 0x40107447, &(0x7f00000000c0)={0x9, &(0x7f0000000000)={0x28, 0xf3, 0xb0, @raw=0xfffff024}}) write$auto(r5, 0x0, 0x6) close_range$auto(0x2, 0x8, 0x0) memfd_create$auto(0x0, 0xe) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x60742, 0x0) r6 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000002f00)='/sys/module/vmxnet3/version\x00', 0x400, 0x0) read$auto(r6, &(0x7f00000032c0)='#(@-]\x00', 0x9) write$auto(r4, &(0x7f0000000280)='\x90\x96\xd1\x00\xe4\xd2\xab1\xc7\xe8\xad\x83\xb7=\x89Z;\xa3\f\x13A\x1c\xdc\x9a\x89\x98\x12\xb4\xbb\'\x1eu@\xe1=A\xbe\xaaa\xabA\xea\x147\xa6\xb2\x1d,\xafD\xcd\xa1\x8c\xd2\xc1R\xeb\x01\x86\xf8\x92ys&\xcf\x83\b&s\x04\x9b\xd6\xe9\xb0\x82_\xd2\xb9\x8a\xcd\x87jY\x03\xe7\xedW\x17<\xca\xef\xc2\x97\xdb\x91Pk\xd3\x01!\xba\x04\x951B\xa1\xc7ue&vU\xbc\xcesG\xea\x01\xd1\x8c\xca\xb3{\x1c7^gk&\x85\x95k4\xc3\xf4\x1fC\xceN\xcc\x16@\x1f\x0e\r', 0x80000000) mmap$auto(0x200000000000, 0x810004, 0x40000000000ffb, 0x8000000008011, 0x3, 0x8000) socket(0x10, 0x2, 0x6) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x1fe, 0x8000) ioctl$auto(r0, 0x40084d05, 0x7) 2.09963372s ago: executing program 2 (id=2397): mmap$auto(0x2, 0x0, 0xdf, 0x9b72, 0x2, 0xc000) unshare$auto(0x40000080) openat$auto_mon_fops_text_t_mon_text(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/usb/usbmon/9t\x00', 0xa00, 0x0) r0 = openat$auto_tracing_entries_fops_trace(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/tracing/per_cpu/cpu1/buffer_size_kb\x00', 0x300, 0x0) read$auto_tracing_entries_fops_trace(r0, 0x0, 0x0) mmap$auto(0x0, 0x2020006, 0xa, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/mtrr\x00', 0xc0000, 0x0) openat$auto_ubi_ctrl_cdev_operations_ubi(0xffffffffffffff9c, &(0x7f0000000080), 0x80000, 0x0) statx$auto(0x2, 0x0, 0x1000, 0x8, 0x0) pread64$auto(0xffffffffffffffff, 0x0, 0x7ff, 0x400) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x3, 0x1ff, 0x1001, 0x5, 0x717e, 0x0, 0x7, 0x200000000000003, 0xd, 0x2, 0x80003, 0x4, 0x1ffffffffffd, 0xb5, 0xfffffffffffffffe, 0x7, 0x10002, 0x7f, 0x2a0, 0x5, 0xa, 0x22000, 0x200, 0x4, 0x84, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, [0x56, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x46, 0x0, 0x0, 0x0, 0x0, 0x7, 0x4, 0x400, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x8000000, 0x0, 0xffffffffffffffff, 0x3]}, 0x1fe, 0xd) r3 = openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f00000003c0), 0x1541, 0x0) ioctl$auto__ctl_fops_dm_ioctl(r3, 0xfffffffffffffd03, &(0x7f00000001c0)) r4 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/pts/ptmx\x00', 0x4c0041, 0x0) ioctl$auto(r4, 0x40045431, r1) connect$auto(r0, &(0x7f00000000c0)=@ethernet={0x1, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}}, 0x6) mmap$auto(0x0, 0x400005, 0xe2, 0x9b72, 0x2, 0x8000) syz_genetlink_get_family_id$auto_vdpa(&(0x7f0000000040), r2) r5 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS0\x00', 0x800, 0x0) ioctl$auto_TIOCSWINSZ2(r5, 0x5414, &(0x7f00000001c0)) ioctl$auto(0xffffffffffffffff, 0x80a86f3d, 0x38) mmap$auto(0x0, 0x400408, 0xdf, 0x9b72, 0x2, 0x8000) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x1000, 0x2) mbind$auto(0x0, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_mon_fops_text_t_mon_text(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/usb/usbmon/12t\x00', 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) 1.638939477s ago: executing program 1 (id=2398): waitid$auto(0x8, 0xffffffffffffffff, 0x0, 0x3, &(0x7f0000000180)={{0xfffffffffffffff9, 0x7fffffffffffffff}, {0x2, 0x6}, 0x4, 0x5, 0x1, 0x3, 0x0, 0x8000, 0x80000000, 0x7, 0xb7, 0x5d9, 0x5, 0x7ff, 0x2055}) mmap$auto(0x2, 0x400008, 0xdf, 0x9b72, 0x2, 0x10000000008000) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) socket(0xa, 0x5, 0x0) accept$auto(0x3, 0xffffffffffffffff, 0xfffffffffffffffd) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x787b, 0x7000000) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) pread64$auto(0xffffffffffffffff, 0x0, 0x200000000003, 0x2f4a3a23) ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x2, 0x0) writev$auto(r0, &(0x7f0000000300)={&(0x7f0000000200), 0x200}, 0x3) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptye9\x00', 0x101e81, 0x0) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda\x00', 0x2c402, 0x0) r2 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000980)='/dev/ttye9\x00', 0x102, 0x0) sendfile$auto(r2, r1, 0x0, 0x10000) close_range$auto(0x2, 0x8, 0x0) semctl$auto_GETNCNT(0x0, 0x4, 0xe, 0x4) bpf$auto(0x12, 0x0, 0x26) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) fstat$auto(0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x4610, 0x0) write$auto(0xffffffffffffffff, 0x0, 0x100000a3d7) 1.427570651s ago: executing program 0 (id=2399): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ovs_vport(&(0x7f0000000180), 0xffffffffffffffff) mmap$auto(0x0, 0x4, 0xdf, 0xeb1, 0x401, 0x0) bpf$auto(0x5, &(0x7f0000000100)=@task_fd_query={0x2, 0xffffffffffffffff, 0x3, 0x0, 0x85, 0x7, 0x9, 0x6, 0x8001}, 0x100) r2 = getpid() process_vm_readv$auto(r2, &(0x7f0000000000)={0x0, 0xfff}, 0x1, &(0x7f0000000280)={&(0x7f0000000100), 0xffffffff}, 0x6, 0x0) r3 = socket(0x1e, 0x5, 0x0) ioctl$auto(r3, 0x8941, 0x8) sendmsg$auto_OVS_VPORT_CMD_DEL(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000002c0)={0x20, r1, 0x1, 0x70bd27, 0x25dfdbfc, {}, [@OVS_VPORT_ATTR_UPCALL_STATS={0x4}, @OVS_VPORT_ATTR_PORT_NO={0x8, 0x1, 0x8000000}]}, 0x20}, 0x1, 0x0, 0x0, 0x8800}, 0x4000000) 1.423166884s ago: executing program 3 (id=2400): futex_waitv$auto(&(0x7f0000000000)={0x10000000, 0x7f00, 0x9}, 0x1, 0x0, 0x0, 0x100623d) 1.033864303s ago: executing program 3 (id=2402): memfd_secret$auto(0x0) openat$auto_tap_fops_tap(0xffffffffffffff9c, 0x0, 0x1, 0x0) socket(0x1a, 0x1, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0x40001, 0x0) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) writev$auto(0xffffffffffffffff, 0x0, 0x3) listmount$auto(&(0x7f0000000100)={0x1f, @raw, 0x80000002, 0xfffffffffffffff7, 0x2}, 0x0, 0xf4240, 0x1) socket(0x2b, 0x1, 0x0) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) mlock$auto(0x112, 0x80006) mlockall$auto(0x800000000000005) madvise$auto(0x0, 0x200007, 0x19) write$auto_console_fops_tty_io(0xffffffffffffffff, &(0x7f0000000000)="4c91f2c388274610e12c861bb2bfd9800e9b394b", 0x14) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) r1 = socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(r1, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) 936.045798ms ago: executing program 1 (id=2403): memfd_secret$auto(0x0) openat$auto_tap_fops_tap(0xffffffffffffff9c, 0x0, 0x1, 0x0) socket(0x1a, 0x1, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0x40001, 0x0) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) writev$auto(0xffffffffffffffff, 0x0, 0x3) listmount$auto(&(0x7f0000000100)={0x1f, @raw, 0x80000002, 0xfffffffffffffff7, 0x2}, 0x0, 0xf4240, 0x1) socket(0x2b, 0x1, 0x0) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) mlock$auto(0x112, 0x80006) mlockall$auto(0x800000000000005) madvise$auto(0x0, 0x200007, 0x19) write$auto_console_fops_tty_io(0xffffffffffffffff, &(0x7f0000000000)="4c91f2c388274610e12c861bb2bfd9800e9b394b", 0x14) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) r1 = socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(r1, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) 865.532217ms ago: executing program 2 (id=2404): select$auto(0x4, 0x0, 0x0, &(0x7f0000000100)={[0x1ff, 0x7, 0x2, 0x1, 0x948b, 0x1000000000000004, 0x15f4da0a, 0x39, 0x3, 0x2fffffffffffffe, 0x80000002, 0x7a142c64, 0x6d3c, 0x5, 0x80, 0xfb]}, 0x0) openat$auto_snd_pcm_f_ops_pcm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snd/pcmC1D1p\x00', 0x2480, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000280)='/sys/fs/ocfs2/loaded_cluster_plugins\x00', 0x800, 0x0) syz_clone(0x4000, &(0x7f00000002c0)="f03f0b0be4f2597d8b11ed14dfa636ba", 0x10, 0x0, 0x0, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/devices/platform/i8042/serio1/rate\x00', 0x2, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/cpu.max\x00', 0x2a02c0, 0x0) sendfile$auto(r0, r0, &(0x7f0000000000)=0x3, 0xad6) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/vtconsole/vtcon1/bind\x00', 0x182b02, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda1\x00', 0xe6e43, 0x0) ioctl$auto_BLKFLSBUF(r2, 0x1261, 0x0) ioctl$auto_BLKFLSBUF(r2, 0x1261, 0x0) openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, 0x0, 0x20800, 0x0) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x9}, 0x8) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r3 = socket(0x2b, 0x1, 0x1) setsockopt$auto(r3, 0x6, 0x20, 0x0, 0x21) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) landlock_create_ruleset$auto(&(0x7f0000000000)={0x6, 0x3, 0x3}, 0x18, 0x0) read$auto(r4, 0x0, 0x20) r5 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000200)='/proc/fs/cifs/LinuxExtensionsEnabled\x00', 0x48043, 0x0) write$auto(r5, 0x0, 0x6) unshare$auto(0x40000080) r6 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000001180)='/sys/devices/virtual/block/zram0/compact\x00', 0x20001, 0x0) write$auto_kernfs_file_fops_kernfs_internal(r6, &(0x7f0000000000)="b2", 0x1) r7 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv6/neigh/bond_slave_1/ucast_solicit\x00', 0x101202, 0x0) sendfile$auto(r1, r7, 0x0, 0x1) 0s ago: executing program 3 (id=2405): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_gtp(0x0, 0xffffffffffffffff) sendmsg$auto_GTP_CMD_NEWPDP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)={0x34, r1, 0x1, 0x5, 0x25dfdbfd, {}, [@GTPA_I_TEI={0x8, 0x8, 0x5}, @GTPA_LINK={0x8, 0x1, 0x6551e4e0}, @GTPA_VERSION={0x8, 0x2, 0x1}, @GTPA_O_TEI={0x8, 0x9, 0x6}]}, 0x34}, 0x1, 0x0, 0x0, 0x4}, 0x14) openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000000000), 0x10000, 0x0) kernel console output (not intermixed with test programs): 2fe/0xa90 [ 1117.054297][T16140] ? __pfx_madvise_walk_vmas+0x10/0x10 [ 1117.054345][T16140] madvise_do_behavior+0x1ea/0x510 [ 1117.054384][T16140] ? __pfx_madvise_do_behavior+0x10/0x10 [ 1117.054420][T16140] ? down_read+0x13b/0x460 [ 1117.054480][T16140] do_madvise+0x195/0x240 [ 1117.054514][T16140] ? __pfx_do_madvise+0x10/0x10 [ 1117.054546][T16140] ? __mutex_unlock_slowpath+0x15c/0x790 [ 1117.054611][T16140] ? ksys_write+0x1ac/0x250 [ 1117.054657][T16140] ? __pfx_ksys_write+0x10/0x10 [ 1117.054725][T16140] __x64_sys_madvise+0xa9/0x110 [ 1117.054759][T16140] ? lockdep_hardirqs_on+0x78/0x100 [ 1117.054793][T16140] do_syscall_64+0x106/0xf80 [ 1117.054827][T16140] ? clear_bhb_loop+0x40/0x90 [ 1117.054864][T16140] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1117.054895][T16140] RIP: 0033:0x7f217f79c799 [ 1117.054920][T16140] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1117.054948][T16140] RSP: 002b:00007f2180672028 EFLAGS: 00000246 ORIG_RAX: 000000000000001c [ 1117.054977][T16140] RAX: ffffffffffffffda RBX: 00007f217fa15fa0 RCX: 00007f217f79c799 [ 1117.054997][T16140] RDX: 0000000000000019 RSI: ffffffffffff0005 RDI: 0000000000000000 [ 1117.055013][T16140] RBP: 00007f2180672090 R08: 0000000000000000 R09: 0000000000000000 [ 1117.055029][T16140] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1117.055045][T16140] R13: 00007f217fa16038 R14: 00007f217fa15fa0 R15: 00007ffd5162e458 [ 1117.055085][T16140] [ 1117.459079][T16136] random: crng reseeded on system resumption [ 1120.474131][T16189] FAULT_INJECTION: forcing a failure. [ 1120.474131][T16189] name failslab, interval 1, probability 0, space 0, times 0 [ 1120.688191][ T5143] Bluetooth: hci0: Malformed LE Event: 0x1b [ 1120.743067][T16189] CPU: 0 UID: 0 PID: 16189 Comm: syz.0.2059 Not tainted syzkaller #0 PREEMPT(full) [ 1120.743106][T16189] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1120.743122][T16189] Call Trace: [ 1120.743132][T16189] [ 1120.743142][T16189] dump_stack_lvl+0x100/0x190 [ 1120.743191][T16189] should_fail_ex.cold+0x5/0xa [ 1120.743224][T16189] should_failslab+0xc2/0x120 [ 1120.743256][T16189] __kmalloc_node_track_caller_noprof+0xe3/0x850 [ 1120.743301][T16189] ? kvasprintf_const+0x66/0x1a0 [ 1120.743329][T16189] ? nci_allocate_device+0x23b/0x410 [ 1120.743370][T16189] ? virtual_ncidev_open+0x6f/0x220 [ 1120.743409][T16189] kvasprintf+0xbc/0x150 [ 1120.743437][T16189] ? __pfx_kvasprintf+0x10/0x10 [ 1120.743468][T16189] ? rcu_is_watching+0x12/0xc0 [ 1120.743511][T16189] ? ida_alloc_range+0x70d/0x830 [ 1120.743543][T16189] ? kfree+0x2ec/0x6b0 [ 1120.743576][T16189] ? mark_held_locks+0x40/0x70 [ 1120.743619][T16189] kvasprintf_const+0x66/0x1a0 [ 1120.743648][T16189] kobject_set_name_vargs+0x5a/0x140 [ 1120.743684][T16189] dev_set_name+0xc7/0x100 [ 1120.743710][T16189] ? __pfx_dev_set_name+0x10/0x10 [ 1120.743752][T16189] ? nfc_allocate_device+0x190/0x5e0 [ 1120.743790][T16189] nfc_allocate_device+0x206/0x5e0 [ 1120.743830][T16189] nci_allocate_device+0x23b/0x410 [ 1120.743875][T16189] virtual_ncidev_open+0x6f/0x220 [ 1120.743915][T16189] ? __pfx_virtual_ncidev_open+0x10/0x10 [ 1120.743947][T16189] misc_open+0x26d/0x450 [ 1120.743992][T16189] ? __pfx_misc_open+0x10/0x10 [ 1120.744032][T16189] chrdev_open+0x234/0x6a0 [ 1120.744061][T16189] ? __pfx_apparmor_file_open+0x10/0x10 [ 1120.744102][T16189] ? __pfx_chrdev_open+0x10/0x10 [ 1120.744134][T16189] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 1120.744173][T16189] do_dentry_open+0x6d8/0x1660 [ 1120.744201][T16189] ? __pfx_chrdev_open+0x10/0x10 [ 1120.744239][T16189] vfs_open+0x82/0x3f0 [ 1120.744276][T16189] path_openat+0x208c/0x31a0 [ 1120.744322][T16189] ? __pfx_path_openat+0x10/0x10 [ 1120.744367][T16189] do_file_open+0x20e/0x430 [ 1120.744400][T16189] ? __pfx_do_file_open+0x10/0x10 [ 1120.744462][T16189] ? alloc_fd+0x476/0x790 [ 1120.744496][T16189] ? do_getname+0x191/0x390 [ 1120.744538][T16189] do_sys_openat2+0x10d/0x1e0 [ 1120.744574][T16189] ? __pfx_do_sys_openat2+0x10/0x10 [ 1120.744629][T16189] __x64_sys_openat+0x12d/0x210 [ 1120.744666][T16189] ? __pfx___x64_sys_openat+0x10/0x10 [ 1120.744716][T16189] do_syscall_64+0x106/0xf80 [ 1120.744747][T16189] ? clear_bhb_loop+0x40/0x90 [ 1120.744790][T16189] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1120.744818][T16189] RIP: 0033:0x7f217f79c799 [ 1120.744842][T16189] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1120.744867][T16189] RSP: 002b:00007f2180672028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1120.744902][T16189] RAX: ffffffffffffffda RBX: 00007f217fa15fa0 RCX: 00007f217f79c799 [ 1120.744920][T16189] RDX: 0000000000000002 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 1120.744937][T16189] RBP: 00007f217f832bd9 R08: 0000000000000000 R09: 0000000000000000 [ 1120.744953][T16189] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1120.744969][T16189] R13: 00007f217fa16038 R14: 00007f217fa15fa0 R15: 00007ffd5162e458 [ 1120.745009][T16189] [ 1121.265156][T16189] workqueue: Failed to create a rescuer kthread for wq "(null)_nci_rx_wq": -EINTR [ 1122.702213][T16223] ptrace attach of "./syz-executor exec"[14871] was attempted by ""[16223] [ 1124.321490][T16246] FAULT_INJECTION: forcing a failure. [ 1124.321490][T16246] name failslab, interval 1, probability 0, space 0, times 0 [ 1124.374732][T16246] CPU: 0 UID: 0 PID: 16246 Comm: syz.3.2070 Not tainted syzkaller #0 PREEMPT(full) [ 1124.374761][T16246] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1124.374772][T16246] Call Trace: [ 1124.374779][T16246] [ 1124.374787][T16246] dump_stack_lvl+0x100/0x190 [ 1124.374821][T16246] should_fail_ex.cold+0x5/0xa [ 1124.374853][T16246] should_failslab+0xc2/0x120 [ 1124.374872][T16246] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1124.374896][T16246] ? vidtv_psi_service_list_desc_init+0xf3/0x550 [ 1124.374934][T16246] vidtv_psi_service_list_desc_init+0xf3/0x550 [ 1124.374984][T16246] vidtv_psi_nit_table_init+0x39a/0x5f0 [ 1124.375004][T16246] ? kasan_save_track+0x14/0x30 [ 1124.375034][T16246] vidtv_channel_si_init+0xcd0/0x18d0 [ 1124.375065][T16246] vidtv_mux_init+0x526/0xbf0 [ 1124.375091][T16246] vidtv_start_feed+0x33e/0x4c0 [ 1124.375119][T16246] ? __pfx_vidtv_start_feed+0x10/0x10 [ 1124.375148][T16246] ? __pfx_vidtv_bridge_on_new_pkts_avail+0x10/0x10 [ 1124.375181][T16246] ? mark_held_locks+0x40/0x70 [ 1124.375208][T16246] ? __pfx_vidtv_start_feed+0x10/0x10 [ 1124.375236][T16246] dmx_ts_feed_start_filtering+0xf6/0x220 [ 1124.375279][T16246] dvb_dmxdev_start_feed+0x273/0x3f0 [ 1124.375315][T16246] dvb_dmxdev_filter_start+0x1b6/0xdd0 [ 1124.375360][T16246] ? dvb_dmxdev_add_pid+0x2a1/0x380 [ 1124.375407][T16246] dvb_demux_do_ioctl+0xe64/0x1200 [ 1124.375464][T16246] dvb_usercopy+0x167/0x340 [ 1124.375501][T16246] ? __pfx_dvb_demux_do_ioctl+0x10/0x10 [ 1124.375548][T16246] ? __pfx_dvb_usercopy+0x10/0x10 [ 1124.375615][T16246] ? __fget_files+0x21f/0x3d0 [ 1124.375654][T16246] dvb_demux_ioctl+0x29/0x40 [ 1124.375692][T16246] ? __pfx_dvb_demux_ioctl+0x10/0x10 [ 1124.375734][T16246] __x64_sys_ioctl+0x18e/0x210 [ 1124.375782][T16246] do_syscall_64+0x106/0xf80 [ 1124.375815][T16246] ? clear_bhb_loop+0x40/0x90 [ 1124.375853][T16246] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1124.375885][T16246] RIP: 0033:0x7f14f879c799 [ 1124.375911][T16246] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1124.375940][T16246] RSP: 002b:00007f14f9628028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1124.375983][T16246] RAX: ffffffffffffffda RBX: 00007f14f8a16090 RCX: 00007f14f879c799 [ 1124.376002][T16246] RDX: 0000000000000000 RSI: 0000000040146f2c RDI: 0000000000000002 [ 1124.376020][T16246] RBP: 00007f14f8832bd9 R08: 0000000000000000 R09: 0000000000000000 [ 1124.376039][T16246] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1124.376057][T16246] R13: 00007f14f8a16128 R14: 00007f14f8a16090 R15: 00007ffc25744d78 [ 1124.376098][T16246] [ 1125.061121][T16255] FAULT_INJECTION: forcing a failure. [ 1125.061121][T16255] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1125.075485][T16255] CPU: 0 UID: 0 PID: 16255 Comm: syz.2.2071 Not tainted syzkaller #0 PREEMPT(full) [ 1125.075524][T16255] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1125.075541][T16255] Call Trace: [ 1125.075550][T16255] [ 1125.075560][T16255] dump_stack_lvl+0x100/0x190 [ 1125.075607][T16255] should_fail_ex.cold+0x5/0xa [ 1125.075642][T16255] strncpy_from_user+0x3b/0x2d0 [ 1125.075693][T16255] do_getname+0x78/0x390 [ 1125.075731][T16255] __x64_sys_rename+0x57/0xb0 [ 1125.075768][T16255] do_syscall_64+0x106/0xf80 [ 1125.075802][T16255] ? clear_bhb_loop+0x40/0x90 [ 1125.075848][T16255] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1125.075878][T16255] RIP: 0033:0x7f9bcbf9c799 [ 1125.075903][T16255] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1125.075931][T16255] RSP: 002b:00007f9bccd99028 EFLAGS: 00000246 ORIG_RAX: 0000000000000052 [ 1125.075960][T16255] RAX: ffffffffffffffda RBX: 00007f9bcc215fa0 RCX: 00007f9bcbf9c799 [ 1125.075979][T16255] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1125.075995][T16255] RBP: 00007f9bccd99090 R08: 0000000000000000 R09: 0000000000000000 [ 1125.076011][T16255] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1125.076028][T16255] R13: 00007f9bcc216038 R14: 00007f9bcc215fa0 R15: 00007ffe23b1c608 [ 1125.076068][T16255] [ 1125.573557][T16265] netlink: 'syz.1.2075': attribute type 1 has an invalid length. [ 1127.559958][ T5143] Bluetooth: hci3: unexpected subevent 0x0c length: 118 > 5 [ 1127.936918][T16307] FAULT_INJECTION: forcing a failure. [ 1127.936918][T16307] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1127.972975][T16307] CPU: 0 UID: 0 PID: 16307 Comm: syz.1.2088 Not tainted syzkaller #0 PREEMPT(full) [ 1127.973012][T16307] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1127.973028][T16307] Call Trace: [ 1127.973037][T16307] [ 1127.973048][T16307] dump_stack_lvl+0x100/0x190 [ 1127.973095][T16307] should_fail_ex.cold+0x5/0xa [ 1127.973130][T16307] _copy_from_iter+0x1f4/0x1690 [ 1127.973164][T16307] ? __pfx___might_resched+0x10/0x10 [ 1127.973208][T16307] ? __pfx__copy_from_iter+0x10/0x10 [ 1127.973258][T16307] ? find_held_lock+0x2b/0x80 [ 1127.973283][T16307] ? raw_sendmsg+0x76e/0x3800 [ 1127.973321][T16307] ? raw_sendmsg+0x76e/0x3800 [ 1127.973367][T16307] raw_sendmsg+0x1845/0x3800 [ 1127.973417][T16307] ? __pfx_raw_sendmsg+0x10/0x10 [ 1127.973455][T16307] ? __lock_acquire+0x4a5/0x2630 [ 1127.973493][T16307] ? __lock_acquire+0x4a5/0x2630 [ 1127.973566][T16307] ? __import_iovec+0x1d2/0x640 [ 1127.973595][T16307] ? __pfx_raw_sendmsg+0x10/0x10 [ 1127.973634][T16307] inet_sendmsg+0x11c/0x140 [ 1127.973674][T16307] ____sys_sendmsg+0x9ad/0xc30 [ 1127.973716][T16307] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1127.973757][T16307] ? __pfx__kstrtoull+0x10/0x10 [ 1127.973797][T16307] ___sys_sendmsg+0x190/0x1e0 [ 1127.973841][T16307] ? __pfx____sys_sendmsg+0x10/0x10 [ 1127.973901][T16307] ? find_held_lock+0x2b/0x80 [ 1127.973951][T16307] __sys_sendmmsg+0x205/0x430 [ 1127.973990][T16307] ? __pfx___sys_sendmmsg+0x10/0x10 [ 1127.974037][T16307] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 1127.974090][T16307] ? fput+0x79/0x100 [ 1127.974120][T16307] ? ksys_write+0x1ac/0x250 [ 1127.974163][T16307] ? __pfx_ksys_write+0x10/0x10 [ 1127.974212][T16307] __x64_sys_sendmmsg+0x9c/0x100 [ 1127.974246][T16307] ? lockdep_hardirqs_on+0x78/0x100 [ 1127.974279][T16307] do_syscall_64+0x106/0xf80 [ 1127.974311][T16307] ? clear_bhb_loop+0x40/0x90 [ 1127.974347][T16307] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1127.974375][T16307] RIP: 0033:0x7f64c159c799 [ 1127.974400][T16307] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1127.974425][T16307] RSP: 002b:00007f64bf7f6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1127.974453][T16307] RAX: ffffffffffffffda RBX: 00007f64c1815fa0 RCX: 00007f64c159c799 [ 1127.974472][T16307] RDX: 0000000000000003 RSI: 00002000000001c0 RDI: 0000000000000003 [ 1127.974489][T16307] RBP: 00007f64bf7f6090 R08: 0000000000000000 R09: 0000000000000000 [ 1127.974504][T16307] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1127.974519][T16307] R13: 00007f64c1816038 R14: 00007f64c1815fa0 R15: 00007ffd81aa23a8 [ 1127.974568][T16307] [ 1128.307791][T16312] FAULT_INJECTION: forcing a failure. [ 1128.307791][T16312] name failslab, interval 1, probability 0, space 0, times 0 [ 1128.320881][T16312] CPU: 0 UID: 0 PID: 16312 Comm: syz.1.2090 Not tainted syzkaller #0 PREEMPT(full) [ 1128.320922][T16312] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1128.320940][T16312] Call Trace: [ 1128.320950][T16312] [ 1128.320962][T16312] dump_stack_lvl+0x100/0x190 [ 1128.321012][T16312] should_fail_ex.cold+0x5/0xa [ 1128.321046][T16312] ? tomoyo_encode2+0xfb/0x3c0 [ 1128.321074][T16312] should_failslab+0xc2/0x120 [ 1128.321106][T16312] __kmalloc_noprof+0xe0/0x850 [ 1128.321147][T16312] ? d_absolute_path+0x136/0x1b0 [ 1128.321194][T16312] tomoyo_encode2+0xfb/0x3c0 [ 1128.321232][T16312] tomoyo_encode+0x29/0x50 [ 1128.321263][T16312] tomoyo_realpath_from_path+0x18c/0x690 [ 1128.321307][T16312] tomoyo_path_number_perm+0x23c/0x580 [ 1128.321351][T16312] ? tomoyo_path_number_perm+0x22e/0x580 [ 1128.321399][T16312] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1128.321462][T16312] ? rcu_read_lock_any_held+0x6a/0xa0 [ 1128.321537][T16312] ? hook_file_ioctl_common+0x146/0x410 [ 1128.321603][T16312] security_file_ioctl+0xd3/0x230 [ 1128.321652][T16312] __x64_sys_ioctl+0xb7/0x210 [ 1128.321697][T16312] do_syscall_64+0x106/0xf80 [ 1128.321731][T16312] ? clear_bhb_loop+0x40/0x90 [ 1128.321769][T16312] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1128.321798][T16312] RIP: 0033:0x7f64c159c799 [ 1128.321832][T16312] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1128.321860][T16312] RSP: 002b:00007f64bf7f6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1128.321889][T16312] RAX: ffffffffffffffda RBX: 00007f64c1815fa0 RCX: 00007f64c159c799 [ 1128.321909][T16312] RDX: 0000000000000038 RSI: 00000000c05c5340 RDI: 0000000000000003 [ 1128.321927][T16312] RBP: 00007f64bf7f6090 R08: 0000000000000000 R09: 0000000000000000 [ 1128.321945][T16312] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1128.321962][T16312] R13: 00007f64c1816038 R14: 00007f64c1815fa0 R15: 00007ffd81aa23a8 [ 1128.322003][T16312] [ 1128.322033][T16312] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1130.540912][T16364] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2099'. [ 1130.921852][T16371] random: crng reseeded on system resumption [ 1131.139957][T16371] hub 1-0:1.0: USB hub found [ 1131.177680][T16371] hub 1-0:1.0: 1 port detected [ 1132.405526][ T5143] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18 [ 1133.644924][T16426] FAULT_INJECTION: forcing a failure. [ 1133.644924][T16426] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1133.660678][T16426] CPU: 1 UID: 0 PID: 16426 Comm: syz.3.2112 Not tainted syzkaller #0 PREEMPT(full) [ 1133.660717][T16426] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1133.660736][T16426] Call Trace: [ 1133.660745][T16426] [ 1133.660757][T16426] dump_stack_lvl+0x100/0x190 [ 1133.660816][T16426] should_fail_ex.cold+0x5/0xa [ 1133.660851][T16426] _copy_from_user+0x2e/0xd0 [ 1133.660898][T16426] move_addr_to_kernel+0x65/0x170 [ 1133.660946][T16426] copy_msghdr_from_user+0x417/0x4f0 [ 1133.660992][T16426] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 1133.661048][T16426] ? mark_held_locks+0x40/0x70 [ 1133.661088][T16426] ___sys_sendmsg+0x106/0x1e0 [ 1133.661136][T16426] ? __pfx____sys_sendmsg+0x10/0x10 [ 1133.661179][T16426] ? __schedule+0x1000/0x60e0 [ 1133.661228][T16426] ? find_held_lock+0x2b/0x80 [ 1133.661282][T16426] __sys_sendmmsg+0x205/0x430 [ 1133.661323][T16426] ? __pfx___sys_sendmmsg+0x10/0x10 [ 1133.661370][T16426] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 1133.661426][T16426] ? xfd_validate_state+0x129/0x190 [ 1133.661479][T16426] __x64_sys_sendmmsg+0x9c/0x100 [ 1133.661512][T16426] ? lockdep_hardirqs_on+0x78/0x100 [ 1133.661546][T16426] do_syscall_64+0x106/0xf80 [ 1133.661585][T16426] ? clear_bhb_loop+0x40/0x90 [ 1133.661622][T16426] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1133.661652][T16426] RIP: 0033:0x7f14f879c799 [ 1133.661677][T16426] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1133.661704][T16426] RSP: 002b:00007f14f9628028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1133.661733][T16426] RAX: ffffffffffffffda RBX: 00007f14f8a16090 RCX: 00007f14f879c799 [ 1133.661752][T16426] RDX: 0000000000000005 RSI: 0000200000000140 RDI: 0000000000000003 [ 1133.661770][T16426] RBP: 00007f14f9628090 R08: 0000000000000000 R09: 0000000000000000 [ 1133.661796][T16426] R10: 0000000020000000 R11: 0000000000000246 R12: 0000000000000001 [ 1133.661814][T16426] R13: 00007f14f8a16128 R14: 00007f14f8a16090 R15: 00007ffc25744d78 [ 1133.661855][T16426] [ 1134.399861][T12788] Bluetooth: hci3: unexpected subevent 0x0c length: 118 > 5 [ 1136.721834][T12788] Bluetooth: hci2: unexpected subevent 0x0c length: 118 > 5 [ 1137.189209][T16491] FAULT_INJECTION: forcing a failure. [ 1137.189209][T16491] name failslab, interval 1, probability 0, space 0, times 0 [ 1137.255612][T16491] CPU: 0 UID: 0 PID: 16491 Comm: syz.1.2126 Not tainted syzkaller #0 PREEMPT(full) [ 1137.255652][T16491] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1137.255665][T16491] Call Trace: [ 1137.255675][T16491] [ 1137.255685][T16491] dump_stack_lvl+0x100/0x190 [ 1137.255735][T16491] should_fail_ex.cold+0x5/0xa [ 1137.255769][T16491] should_failslab+0xc2/0x120 [ 1137.255788][T16491] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 1137.255815][T16491] ? sock_alloc_inode+0x25/0x1c0 [ 1137.255839][T16491] ? copy_net_ns+0x46f/0x7c0 [ 1137.255863][T16491] ? unshare_nsproxy_namespaces+0xc3/0x1f0 [ 1137.255882][T16491] ? ksys_unshare+0x473/0xad0 [ 1137.255904][T16491] ? __pfx_sock_alloc_inode+0x10/0x10 [ 1137.255930][T16491] sock_alloc_inode+0x25/0x1c0 [ 1137.255954][T16491] alloc_inode+0x68/0x250 [ 1137.255977][T16491] sock_alloc+0x44/0x280 [ 1137.255998][T16491] ? security_socket_create+0x7f/0x250 [ 1137.256025][T16491] sock_create_lite+0x82/0x120 [ 1137.256050][T16491] __netlink_kernel_create+0xbd/0x750 [ 1137.256075][T16491] ? __pfx___netlink_kernel_create+0x10/0x10 [ 1137.256097][T16491] ? find_held_lock+0x2b/0x80 [ 1137.256112][T16491] ? audit_net_init+0x190/0x440 [ 1137.256135][T16491] ? audit_net_init+0x190/0x440 [ 1137.256161][T16491] audit_net_init+0x1ae/0x440 [ 1137.256185][T16491] ? __pfx_audit_net_init+0x10/0x10 [ 1137.256207][T16491] ? rcu_is_watching+0x12/0xc0 [ 1137.256234][T16491] ? __pfx_audit_receive+0x10/0x10 [ 1137.256260][T16491] ? __pfx_audit_multicast_bind+0x10/0x10 [ 1137.256286][T16491] ? __pfx_audit_multicast_unbind+0x10/0x10 [ 1137.256314][T16491] ? __kmalloc_noprof+0x320/0x850 [ 1137.256344][T16491] ? __pfx_audit_net_init+0x10/0x10 [ 1137.256367][T16491] ops_init+0x1e2/0x5f0 [ 1137.256391][T16491] setup_net+0x118/0x3a0 [ 1137.256414][T16491] ? __pfx_setup_net+0x10/0x10 [ 1137.256435][T16491] ? lockdep_init_map_type+0x5c/0x250 [ 1137.256459][T16491] ? mutex_init_lockep+0x110/0x150 [ 1137.256487][T16491] copy_net_ns+0x46f/0x7c0 [ 1137.256518][T16491] create_new_namespaces+0x3ea/0xac0 [ 1137.256542][T16491] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 1137.256563][T16491] ksys_unshare+0x473/0xad0 [ 1137.256587][T16491] ? __pfx_ksys_unshare+0x10/0x10 [ 1137.256618][T16491] __x64_sys_unshare+0x31/0x40 [ 1137.256639][T16491] do_syscall_64+0x106/0xf80 [ 1137.256661][T16491] ? clear_bhb_loop+0x40/0x90 [ 1137.256683][T16491] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1137.256701][T16491] RIP: 0033:0x7f64c159c799 [ 1137.256718][T16491] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1137.256736][T16491] RSP: 002b:00007f64bf7f6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 1137.256761][T16491] RAX: ffffffffffffffda RBX: 00007f64c1815fa0 RCX: 00007f64c159c799 [ 1137.256772][T16491] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 1137.256783][T16491] RBP: 00007f64c1632bd9 R08: 0000000000000000 R09: 0000000000000000 [ 1137.256793][T16491] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1137.256804][T16491] R13: 00007f64c1816038 R14: 00007f64c1815fa0 R15: 00007ffd81aa23a8 [ 1137.256827][T16491] [ 1137.256838][T16491] audit: cannot initialize netlink socket in namespace [ 1137.719787][T16495] FAULT_INJECTION: forcing a failure. [ 1137.719787][T16495] name failslab, interval 1, probability 0, space 0, times 0 [ 1137.742451][T16495] CPU: 0 UID: 0 PID: 16495 Comm: syz.2.2127 Not tainted syzkaller #0 PREEMPT(full) [ 1137.742490][T16495] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1137.742507][T16495] Call Trace: [ 1137.742516][T16495] [ 1137.742527][T16495] dump_stack_lvl+0x100/0x190 [ 1137.742582][T16495] should_fail_ex.cold+0x5/0xa [ 1137.742614][T16495] should_failslab+0xc2/0x120 [ 1137.742643][T16495] __kmalloc_cache_node_noprof+0x7d/0x770 [ 1137.742683][T16495] ? __get_vm_area_node+0x101/0x330 [ 1137.742725][T16495] __get_vm_area_node+0x101/0x330 [ 1137.742761][T16495] __vmalloc_node_range_noprof+0x213/0x1530 [ 1137.742795][T16495] ? __do_sys_listmount+0x289/0xee0 [ 1137.742846][T16495] ? __do_sys_listmount+0x289/0xee0 [ 1137.742906][T16495] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 1137.742950][T16495] ? rcu_is_watching+0x12/0xc0 [ 1137.743009][T16495] __kvmalloc_node_noprof+0x3de/0xa00 [ 1137.743050][T16495] ? __do_sys_listmount+0x289/0xee0 [ 1137.743090][T16495] ? __do_sys_listmount+0x289/0xee0 [ 1137.743128][T16495] ? _copy_from_user+0x59/0xd0 [ 1137.743175][T16495] ? copy_mnt_id_req+0x1b1/0x350 [ 1137.743216][T16495] __do_sys_listmount+0x289/0xee0 [ 1137.743266][T16495] ? __fget_files+0x21f/0x3d0 [ 1137.743293][T16495] ? __pfx___do_sys_listmount+0x10/0x10 [ 1137.743340][T16495] ? fput+0x79/0x100 [ 1137.743389][T16495] do_syscall_64+0x106/0xf80 [ 1137.743420][T16495] ? clear_bhb_loop+0x40/0x90 [ 1137.743460][T16495] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1137.743487][T16495] RIP: 0033:0x7f9bcbf9c799 [ 1137.743509][T16495] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1137.743542][T16495] RSP: 002b:00007f9bccd99028 EFLAGS: 00000246 ORIG_RAX: 00000000000001ca [ 1137.743570][T16495] RAX: ffffffffffffffda RBX: 00007f9bcc215fa0 RCX: 00007f9bcbf9c799 [ 1137.743589][T16495] RDX: 00000000000f4240 RSI: 0000000000000000 RDI: 0000200000000100 [ 1137.743605][T16495] RBP: 00007f9bccd99090 R08: 0000000000000000 R09: 0000000000000000 [ 1137.743622][T16495] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000001 [ 1137.743638][T16495] R13: 00007f9bcc216038 R14: 00007f9bcc215fa0 R15: 00007ffe23b1c608 [ 1137.743676][T16495] [ 1137.743884][T16495] syz.2.2127: vmalloc error: size 8000000, vm_struct allocation failed, mode:0x400cc0(GFP_KERNEL_ACCOUNT), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 1138.009907][T16495] CPU: 0 UID: 0 PID: 16495 Comm: syz.2.2127 Not tainted syzkaller #0 PREEMPT(full) [ 1138.009946][T16495] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1138.009963][T16495] Call Trace: [ 1138.009972][T16495] [ 1138.009983][T16495] dump_stack_lvl+0x100/0x190 [ 1138.010034][T16495] warn_alloc.cold+0x95/0x1c1 [ 1138.010084][T16495] ? __pfx_warn_alloc+0x10/0x10 [ 1138.010123][T16495] ? trace_kmalloc+0x101/0x130 [ 1138.010156][T16495] ? __kmalloc_cache_node_noprof+0x2d9/0x770 [ 1138.010206][T16495] ? __kasan_kmalloc+0x8a/0xb0 [ 1138.010251][T16495] ? __get_vm_area_node+0x208/0x330 [ 1138.010292][T16495] __vmalloc_node_range_noprof+0xbf4/0x1530 [ 1138.010337][T16495] ? __do_sys_listmount+0x289/0xee0 [ 1138.010393][T16495] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 1138.010437][T16495] ? rcu_is_watching+0x12/0xc0 [ 1138.010489][T16495] __kvmalloc_node_noprof+0x3de/0xa00 [ 1138.010532][T16495] ? __do_sys_listmount+0x289/0xee0 [ 1138.010568][T16495] ? __do_sys_listmount+0x289/0xee0 [ 1138.010607][T16495] ? _copy_from_user+0x59/0xd0 [ 1138.010653][T16495] ? copy_mnt_id_req+0x1b1/0x350 [ 1138.010694][T16495] __do_sys_listmount+0x289/0xee0 [ 1138.010743][T16495] ? __fget_files+0x21f/0x3d0 [ 1138.010769][T16495] ? __pfx___do_sys_listmount+0x10/0x10 [ 1138.010826][T16495] ? fput+0x79/0x100 [ 1138.010876][T16495] do_syscall_64+0x106/0xf80 [ 1138.010909][T16495] ? clear_bhb_loop+0x40/0x90 [ 1138.010945][T16495] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1138.010975][T16495] RIP: 0033:0x7f9bcbf9c799 [ 1138.010999][T16495] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1138.011026][T16495] RSP: 002b:00007f9bccd99028 EFLAGS: 00000246 ORIG_RAX: 00000000000001ca [ 1138.011055][T16495] RAX: ffffffffffffffda RBX: 00007f9bcc215fa0 RCX: 00007f9bcbf9c799 [ 1138.011073][T16495] RDX: 00000000000f4240 RSI: 0000000000000000 RDI: 0000200000000100 [ 1138.011090][T16495] RBP: 00007f9bccd99090 R08: 0000000000000000 R09: 0000000000000000 [ 1138.011106][T16495] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000001 [ 1138.011123][T16495] R13: 00007f9bcc216038 R14: 00007f9bcc215fa0 R15: 00007ffe23b1c608 [ 1138.011161][T16495] [ 1138.011171][T16495] Mem-Info: [ 1138.268846][T16495] active_anon:10387 inactive_anon:0 isolated_anon:0 [ 1138.268846][T16495] active_file:20462 inactive_file:41189 isolated_file:0 [ 1138.268846][T16495] unevictable:768 dirty:1150 writeback:0 [ 1138.268846][T16495] slab_reclaimable:12049 slab_unreclaimable:92219 [ 1138.268846][T16495] mapped:26821 shmem:1362 pagetables:1104 [ 1138.268846][T16495] sec_pagetables:0 bounce:0 [ 1138.268846][T16495] kernel_misc_reclaimable:0 [ 1138.268846][T16495] free:1322764 free_pcp:11187 free_cma:0 [ 1138.316346][T16495] Node 0 active_anon:41548kB inactive_anon:0kB active_file:81848kB inactive_file:164576kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:104740kB dirty:4600kB writeback:0kB shmem:3912kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:18432kB kernel_stack:11700kB pagetables:4288kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 1138.349038][T16495] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:180kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:44kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:64kB pagetables:128kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 1138.384573][T16495] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1138.471407][T16495] lowmem_reserve[]: 0 2477 2478 2478 2478 [ 1138.489685][T16495] Node 0 DMA32 free:1334944kB boost:0kB min:34304kB low:42880kB high:51456kB reserved_highatomic:0KB free_highatomic:0KB active_anon:39200kB inactive_anon:0kB active_file:81848kB inactive_file:164576kB unevictable:1536kB writepending:4600kB zspages:12kB present:3129332kB managed:2537420kB mlocked:0kB bounce:0kB free_pcp:42028kB local_pcp:20996kB free_cma:0kB [ 1138.553216][T16495] lowmem_reserve[]: 0 0 1 1 1 [ 1138.574190][T16495] Node 0 Normal free:4kB boost:0kB min:12kB low:12kB high:12kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:1060kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1138.617461][T16495] lowmem_reserve[]: 0 0 0 0 0 [ 1138.622320][T16495] Node 1 Normal free:3941704kB boost:0kB min:55580kB low:69472kB high:83364kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:180kB unevictable:1536kB writepending:0kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:5052kB local_pcp:0kB free_cma:0kB [ 1138.661595][T16495] lowmem_reserve[]: 0 0 0 0 0 [ 1138.666752][T16495] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (UM) = 15360kB [ 1138.680196][T16495] Node 0 DMA32: 5740*4kB (UM) 3940*8kB (UME) 1731*16kB (UME) 1460*32kB (UME) 1007*64kB (UME) 813*128kB (UME) 625*256kB (UME) 442*512kB (UME) 284*1024kB (UME) 66*2048kB (UM) 54*4096kB (M) = 1330880kB [ 1138.709794][T16495] Node 0 Normal: 1*4kB (U) 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 4kB [ 1138.723718][T16495] Node 1 Normal: 8*4kB (UM) 15*8kB (UM) 11*16kB (UME) 12*32kB (UME) 10*64kB (UM) 6*128kB (UME) 5*256kB (UM) 4*512kB (UM) 4*1024kB (ME) 4*2048kB (UME) 958*4096kB (M) = 3941704kB [ 1138.743394][T16495] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1138.753655][T16495] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 1138.766030][T16495] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1138.793229][T16495] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 1138.818114][T16495] 63009 total pagecache pages [ 1138.832452][T16495] 0 pages in swap cache [ 1138.841378][T16495] Free swap = 124996kB [ 1138.852453][T16495] Total swap = 124996kB [ 1138.861308][T16495] 2097051 pages RAM [ 1138.883495][T16495] 0 pages HighMem/MovableOnly [ 1138.908713][T16495] 430816 pages reserved [ 1138.920981][T16495] 0 pages cma reserved [ 1140.437732][T16554] netlink: 'syz.2.2140': attribute type 1 has an invalid length. [ 1142.568098][T16599] FAULT_INJECTION: forcing a failure. [ 1142.568098][T16599] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1142.581298][T16599] CPU: 1 UID: 0 PID: 16599 Comm: syz.1.2149 Not tainted syzkaller #0 PREEMPT(full) [ 1142.581324][T16599] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1142.581342][T16599] Call Trace: [ 1142.581351][T16599] [ 1142.581358][T16599] dump_stack_lvl+0x100/0x190 [ 1142.581389][T16599] should_fail_ex.cold+0x5/0xa [ 1142.581410][T16599] _copy_from_user+0x2e/0xd0 [ 1142.581439][T16599] memdup_user+0x6b/0xe0 [ 1142.581474][T16599] __x64_sys_kexec_load+0x18e/0x230 [ 1142.581497][T16599] do_syscall_64+0x106/0xf80 [ 1142.581518][T16599] ? clear_bhb_loop+0x40/0x90 [ 1142.581539][T16599] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1142.581558][T16599] RIP: 0033:0x7f64c159c799 [ 1142.581580][T16599] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1142.581596][T16599] RSP: 002b:00007f64bf7f6028 EFLAGS: 00000246 ORIG_RAX: 00000000000000f6 [ 1142.581614][T16599] RAX: ffffffffffffffda RBX: 00007f64c1815fa0 RCX: 00007f64c159c799 [ 1142.581625][T16599] RDX: 0000200000000040 RSI: 0000000000000002 RDI: 0000000000000005 [ 1142.581635][T16599] RBP: 00007f64bf7f6090 R08: 0000000000000000 R09: 0000000000000000 [ 1142.581646][T16599] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000000001 [ 1142.581655][T16599] R13: 00007f64c1816038 R14: 00007f64c1815fa0 R15: 00007ffd81aa23a8 [ 1142.581677][T16599] [ 1146.527856][T16662] FAULT_INJECTION: forcing a failure. [ 1146.527856][T16662] name failslab, interval 1, probability 0, space 0, times 0 [ 1146.542418][T16662] CPU: 1 UID: 0 PID: 16662 Comm: syz.1.2162 Not tainted syzkaller #0 PREEMPT(full) [ 1146.542462][T16662] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1146.542481][T16662] Call Trace: [ 1146.542492][T16662] [ 1146.542503][T16662] dump_stack_lvl+0x100/0x190 [ 1146.542569][T16662] should_fail_ex.cold+0x5/0xa [ 1146.542611][T16662] should_failslab+0xc2/0x120 [ 1146.542645][T16662] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1146.542688][T16662] ? sctp_endpoint_new+0xfc/0xb20 [ 1146.542729][T16662] ? __debug_object_init+0x2de/0x3d0 [ 1146.542780][T16662] sctp_endpoint_new+0xfc/0xb20 [ 1146.542826][T16662] ? __pfx_sctp_endpoint_new+0x10/0x10 [ 1146.542869][T16662] ? lockdep_init_map_type+0x5c/0x250 [ 1146.542914][T16662] ? lockdep_init_map_type+0x5c/0x250 [ 1146.542956][T16662] ? lockdep_init_map_type+0x5c/0x250 [ 1146.543006][T16662] sctp_init_sock+0xe2b/0x1300 [ 1146.543044][T16662] ? __pfx_sctp_v6_init_sock+0x10/0x10 [ 1146.543086][T16662] sctp_v6_init_sock+0x16/0x70 [ 1146.543123][T16662] ? __pfx_sctp_v6_init_sock+0x10/0x10 [ 1146.543163][T16662] inet6_create+0xb21/0x12b0 [ 1146.543205][T16662] ? inet6_create+0x7f/0x12b0 [ 1146.543249][T16662] __sock_create+0x339/0x860 [ 1146.543308][T16662] __sys_socket+0x14d/0x260 [ 1146.543359][T16662] ? __pfx___sys_socket+0x10/0x10 [ 1146.543416][T16662] __x64_sys_socket+0x72/0xb0 [ 1146.543465][T16662] ? lockdep_hardirqs_on+0x78/0x100 [ 1146.543504][T16662] do_syscall_64+0x106/0xf80 [ 1146.543554][T16662] ? clear_bhb_loop+0x40/0x90 [ 1146.543595][T16662] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1146.543629][T16662] RIP: 0033:0x7f64c159c799 [ 1146.543658][T16662] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1146.543689][T16662] RSP: 002b:00007f64bf7d5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 1146.543721][T16662] RAX: ffffffffffffffda RBX: 00007f64c1816090 RCX: 00007f64c159c799 [ 1146.543743][T16662] RDX: 0000000000000084 RSI: 0000000000000801 RDI: 000000000000000a [ 1146.543763][T16662] RBP: 00007f64c1632bd9 R08: 0000000000000000 R09: 0000000000000000 [ 1146.543782][T16662] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1146.543802][T16662] R13: 00007f64c1816128 R14: 00007f64c1816090 R15: 00007ffd81aa23a8 [ 1146.543844][T16662] [ 1146.895537][T16667] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2165'. [ 1147.298699][T16679] FAULT_INJECTION: forcing a failure. [ 1147.298699][T16679] name failslab, interval 1, probability 0, space 0, times 0 [ 1147.327352][T16679] CPU: 0 UID: 0 PID: 16679 Comm: syz.1.2167 Not tainted syzkaller #0 PREEMPT(full) [ 1147.327397][T16679] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1147.327414][T16679] Call Trace: [ 1147.327422][T16679] [ 1147.327431][T16679] dump_stack_lvl+0x100/0x190 [ 1147.327473][T16679] should_fail_ex.cold+0x5/0xa [ 1147.327502][T16679] should_failslab+0xc2/0x120 [ 1147.327527][T16679] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 1147.327560][T16679] ? do_getname+0x35/0x390 [ 1147.327589][T16679] ? strncpy_from_user+0x19d/0x2d0 [ 1147.327628][T16679] do_getname+0x35/0x390 [ 1147.327660][T16679] __x64_sys_rename+0x66/0xb0 [ 1147.327697][T16679] do_syscall_64+0x106/0xf80 [ 1147.327726][T16679] ? clear_bhb_loop+0x40/0x90 [ 1147.327755][T16679] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1147.327779][T16679] RIP: 0033:0x7f64c159c799 [ 1147.327800][T16679] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1147.327823][T16679] RSP: 002b:00007f64bf7f6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000052 [ 1147.327846][T16679] RAX: ffffffffffffffda RBX: 00007f64c1815fa0 RCX: 00007f64c159c799 [ 1147.327861][T16679] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1147.327876][T16679] RBP: 00007f64bf7f6090 R08: 0000000000000000 R09: 0000000000000000 [ 1147.327890][T16679] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1147.327904][T16679] R13: 00007f64c1816038 R14: 00007f64c1815fa0 R15: 00007ffd81aa23a8 [ 1147.327936][T16679] [ 1147.622595][T16681] FAULT_INJECTION: forcing a failure. [ 1147.622595][T16681] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1147.636234][T16681] CPU: 0 UID: 0 PID: 16681 Comm: syz.3.2168 Not tainted syzkaller #0 PREEMPT(full) [ 1147.636272][T16681] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1147.636289][T16681] Call Trace: [ 1147.636301][T16681] [ 1147.636312][T16681] dump_stack_lvl+0x100/0x190 [ 1147.636359][T16681] should_fail_ex.cold+0x5/0xa [ 1147.636393][T16681] _copy_to_user+0x32/0xd0 [ 1147.636450][T16681] simple_read_from_buffer+0xcb/0x170 [ 1147.636497][T16681] proc_fail_nth_read+0x1af/0x230 [ 1147.636532][T16681] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1147.636570][T16681] ? rw_verify_area+0xce/0x6d0 [ 1147.636610][T16681] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1147.636644][T16681] vfs_read+0x1e4/0xb30 [ 1147.636693][T16681] ? __pfx_vfs_read+0x10/0x10 [ 1147.636735][T16681] ? __fget_files+0x215/0x3d0 [ 1147.636770][T16681] ? __fget_files+0x21f/0x3d0 [ 1147.636807][T16681] ksys_read+0x12a/0x250 [ 1147.636851][T16681] ? __pfx_ksys_read+0x10/0x10 [ 1147.636907][T16681] do_syscall_64+0x106/0xf80 [ 1147.636940][T16681] ? clear_bhb_loop+0x40/0x90 [ 1147.636976][T16681] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1147.637005][T16681] RIP: 0033:0x7f14f875cfce [ 1147.637029][T16681] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 1147.637057][T16681] RSP: 002b:00007f14f9648fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1147.637086][T16681] RAX: ffffffffffffffda RBX: 00007f14f96496c0 RCX: 00007f14f875cfce [ 1147.637105][T16681] RDX: 000000000000000f RSI: 00007f14f96490a0 RDI: 0000000000000004 [ 1147.637122][T16681] RBP: 00007f14f9649090 R08: 0000000000000000 R09: 0000000000000000 [ 1147.637138][T16681] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1147.637153][T16681] R13: 00007f14f8a16038 R14: 00007f14f8a15fa0 R15: 00007ffc25744d78 [ 1147.637192][T16681] [ 1148.102476][T16690] bridge0: port 3(team0) entered blocking state [ 1148.115856][T16690] bridge0: port 3(team0) entered disabled state [ 1148.143702][T16690] team0: entered allmulticast mode [ 1148.153671][T16690] team_slave_0: entered allmulticast mode [ 1148.163805][T16690] team_slave_1: entered allmulticast mode [ 1148.178515][T16690] team0: entered promiscuous mode [ 1148.183605][T16690] team_slave_0: entered promiscuous mode [ 1148.193114][T16690] team_slave_1: entered promiscuous mode [ 1148.200379][T16690] bridge0: port 3(team0) entered blocking state [ 1148.206850][T16690] bridge0: port 3(team0) entered forwarding state [ 1149.735700][T16728] FAULT_INJECTION: forcing a failure. [ 1149.735700][T16728] name failslab, interval 1, probability 0, space 0, times 0 [ 1149.787519][T16728] CPU: 1 UID: 0 PID: 16728 Comm: syz.1.2179 Not tainted syzkaller #0 PREEMPT(full) [ 1149.787562][T16728] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1149.787579][T16728] Call Trace: [ 1149.787596][T16728] [ 1149.787607][T16728] dump_stack_lvl+0x100/0x190 [ 1149.787654][T16728] should_fail_ex.cold+0x5/0xa [ 1149.787675][T16728] should_failslab+0xc2/0x120 [ 1149.787694][T16728] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 1149.787719][T16728] ? alloc_empty_file+0x55/0x1c0 [ 1149.787741][T16728] ? __pfx_stack_trace_save+0x10/0x10 [ 1149.787763][T16728] alloc_empty_file+0x55/0x1c0 [ 1149.787785][T16728] path_openat+0xe8/0x31a0 [ 1149.787800][T16728] ? kasan_save_stack+0x3f/0x50 [ 1149.787831][T16728] ? kasan_save_stack+0x30/0x50 [ 1149.787855][T16728] ? kasan_save_track+0x14/0x30 [ 1149.787880][T16728] ? __kasan_slab_alloc+0x89/0x90 [ 1149.787895][T16728] ? kmem_cache_alloc_noprof+0x241/0x6e0 [ 1149.787919][T16728] ? do_getname+0x35/0x390 [ 1149.787939][T16728] ? do_sys_openat2+0xc5/0x1e0 [ 1149.787960][T16728] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1149.787982][T16728] ? __pfx_path_openat+0x10/0x10 [ 1149.788013][T16728] do_file_open+0x20e/0x430 [ 1149.788033][T16728] ? __pfx_do_file_open+0x10/0x10 [ 1149.788066][T16728] ? alloc_fd+0x476/0x790 [ 1149.788085][T16728] ? do_getname+0x191/0x390 [ 1149.788108][T16728] do_sys_openat2+0x10d/0x1e0 [ 1149.788131][T16728] ? __pfx_do_sys_openat2+0x10/0x10 [ 1149.788152][T16728] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 1149.788178][T16728] ? __fget_files+0x21f/0x3d0 [ 1149.788197][T16728] __x64_sys_openat+0x12d/0x210 [ 1149.788220][T16728] ? __pfx___x64_sys_openat+0x10/0x10 [ 1149.788242][T16728] ? ksys_write+0x1ac/0x250 [ 1149.788276][T16728] do_syscall_64+0x106/0xf80 [ 1149.788296][T16728] ? clear_bhb_loop+0x40/0x90 [ 1149.788317][T16728] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1149.788335][T16728] RIP: 0033:0x7f64c159c799 [ 1149.788351][T16728] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1149.788368][T16728] RSP: 002b:00007f64bf7f6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1149.788385][T16728] RAX: ffffffffffffffda RBX: 00007f64c1815fa0 RCX: 00007f64c159c799 [ 1149.788396][T16728] RDX: 00000000000e0800 RSI: 00002000000000c0 RDI: ffffffffffffff9c [ 1149.788413][T16728] RBP: 00007f64bf7f6090 R08: 0000000000000000 R09: 0000000000000000 [ 1149.788423][T16728] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1149.788433][T16728] R13: 00007f64c1816038 R14: 00007f64c1815fa0 R15: 00007ffd81aa23a8 [ 1149.788456][T16728] [ 1150.164133][T16732] FAULT_INJECTION: forcing a failure. [ 1150.164133][T16732] name failslab, interval 1, probability 0, space 0, times 0 [ 1150.190626][T16735] FAULT_INJECTION: forcing a failure. [ 1150.190626][T16735] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1150.203779][T16732] CPU: 0 UID: 0 PID: 16732 Comm: syz.3.2182 Not tainted syzkaller #0 PREEMPT(full) [ 1150.203815][T16732] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1150.203830][T16732] Call Trace: [ 1150.203839][T16732] [ 1150.203849][T16732] dump_stack_lvl+0x100/0x190 [ 1150.203891][T16732] should_fail_ex.cold+0x5/0xa [ 1150.203923][T16732] should_failslab+0xc2/0x120 [ 1150.203954][T16732] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 1150.203993][T16732] ? shmem_alloc_inode+0x25/0x50 [ 1150.204029][T16732] ? __pfx_shmem_alloc_inode+0x10/0x10 [ 1150.204060][T16732] shmem_alloc_inode+0x25/0x50 [ 1150.204086][T16732] alloc_inode+0x68/0x250 [ 1150.204119][T16732] new_inode+0x22/0x1c0 [ 1150.204148][T16732] ? trace_kmem_cache_alloc+0xf3/0x120 [ 1150.204178][T16732] shmem_get_inode+0x212/0x1040 [ 1150.204216][T16732] ? __pfx_shmem_get_inode+0x10/0x10 [ 1150.204246][T16732] ? rcu_is_watching+0x12/0xc0 [ 1150.204281][T16732] ? percpu_counter_add_batch+0xb9/0x230 [ 1150.204332][T16732] __shmem_file_setup+0x3ac/0x490 [ 1150.204366][T16732] ? __pfx___shmem_file_setup+0x10/0x10 [ 1150.204405][T16732] ? vm_area_alloc+0x1f/0x160 [ 1150.204450][T16732] shmem_zero_setup+0x96/0x1b0 [ 1150.204490][T16732] __mmap_region+0x2198/0x29e0 [ 1150.204532][T16732] ? __pfx___mmap_region+0x10/0x10 [ 1150.204563][T16732] ? process_measurement+0x1f4/0x2350 [ 1150.204601][T16732] ? tomoyo_check_open_permission+0x1db/0x3c0 [ 1150.204639][T16732] ? tomoyo_check_open_permission+0x1db/0x3c0 [ 1150.204731][T16732] ? is_bpf_text_address+0x94/0x1a0 [ 1150.204768][T16732] ? kernel_text_address+0x8d/0x100 [ 1150.204804][T16732] ? __kernel_text_address+0xd/0x30 [ 1150.204885][T16732] ? rcu_is_watching+0x12/0xc0 [ 1150.204921][T16732] ? cap_capable+0x107/0x460 [ 1150.204960][T16732] mmap_region+0x180/0x3e0 [ 1150.205004][T16732] do_mmap+0xc63/0x12f0 [ 1150.205045][T16732] ? __pfx_do_mmap+0x10/0x10 [ 1150.205072][T16732] ? __pfx_down_write_killable+0x10/0x10 [ 1150.205115][T16732] vm_mmap_pgoff+0x29e/0x470 [ 1150.205150][T16732] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 1150.205182][T16732] ? __fget_files+0x215/0x3d0 [ 1150.205207][T16732] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 1150.205245][T16732] ksys_mmap_pgoff+0xe1/0x650 [ 1150.205276][T16732] ? __pfx_ksys_mmap_pgoff+0x10/0x10 [ 1150.205305][T16732] ? fput+0x79/0x100 [ 1150.205334][T16732] ? ksys_write+0x1ac/0x250 [ 1150.205371][T16732] ? __pfx_ksys_write+0x10/0x10 [ 1150.205414][T16732] __x64_sys_mmap+0x125/0x190 [ 1150.205462][T16732] do_syscall_64+0x106/0xf80 [ 1150.205491][T16732] ? clear_bhb_loop+0x40/0x90 [ 1150.205524][T16732] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1150.205551][T16732] RIP: 0033:0x7f14f879c799 [ 1150.205573][T16732] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1150.205597][T16732] RSP: 002b:00007f14f9649028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 1150.205622][T16732] RAX: ffffffffffffffda RBX: 00007f14f8a15fa0 RCX: 00007f14f879c799 [ 1150.205640][T16732] RDX: 0000000000000003 RSI: 0000000002020009 RDI: 0000000000000000 [ 1150.205655][T16732] RBP: 00007f14f9649090 R08: fffffffffffffffa R09: 0000000000008000 [ 1150.205672][T16732] R10: 0000000000000eb1 R11: 0000000000000246 R12: 0000000000000001 [ 1150.205687][T16732] R13: 00007f14f8a16038 R14: 00007f14f8a15fa0 R15: 00007ffc25744d78 [ 1150.205723][T16732] [ 1150.567685][T16742] FAULT_INJECTION: forcing a failure. [ 1150.567685][T16742] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1150.588717][T16742] CPU: 1 UID: 0 PID: 16742 Comm: syz.3.2185 Not tainted syzkaller #0 PREEMPT(full) [ 1150.588743][T16742] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1150.588754][T16742] Call Trace: [ 1150.588760][T16742] [ 1150.588767][T16742] dump_stack_lvl+0x100/0x190 [ 1150.588804][T16742] should_fail_ex.cold+0x5/0xa [ 1150.588821][T16742] ? prepare_alloc_pages+0x16d/0x5f0 [ 1150.588843][T16742] should_fail_alloc_page+0xeb/0x140 [ 1150.588863][T16742] prepare_alloc_pages+0x1f0/0x5f0 [ 1150.588887][T16742] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 1150.588927][T16742] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 1150.588954][T16742] ? is_bpf_text_address+0x8a/0x1a0 [ 1150.588982][T16742] ? bpf_ksym_find+0x124/0x1c0 [ 1150.589002][T16742] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 1150.589021][T16742] ? is_bpf_text_address+0x94/0x1a0 [ 1150.589049][T16742] ? __kernel_text_address+0xd/0x30 [ 1150.589073][T16742] ? unwind_get_return_address+0x59/0xa0 [ 1150.589097][T16742] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1150.589127][T16742] ? policy_nodemask+0xed/0x4f0 [ 1150.589147][T16742] alloc_pages_mpol+0x1fb/0x550 [ 1150.589167][T16742] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 1150.589191][T16742] alloc_pages_noprof+0x131/0x390 [ 1150.589211][T16742] __pmd_alloc+0x3b/0x9c0 [ 1150.589234][T16742] __handle_mm_fault+0xa99/0x2b60 [ 1150.589261][T16742] ? mt_find+0x45e/0x8e0 [ 1150.589284][T16742] ? __pfx___handle_mm_fault+0x10/0x10 [ 1150.589306][T16742] ? __pfx_mt_find+0x10/0x10 [ 1150.589345][T16742] ? find_vma+0xbf/0x140 [ 1150.589361][T16742] ? __pfx_find_vma+0x10/0x10 [ 1150.589379][T16742] handle_mm_fault+0x36d/0xa20 [ 1150.589407][T16742] do_user_addr_fault+0x74c/0x12f0 [ 1150.589445][T16742] exc_page_fault+0x6f/0xd0 [ 1150.589466][T16742] asm_exc_page_fault+0x26/0x30 [ 1150.589483][T16742] RIP: 0010:rep_movs_alternative+0xf/0x90 [ 1150.589510][T16742] Code: c4 10 c3 cc cc cc cc 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 48 83 f9 40 73 44 83 f9 08 73 25 85 c9 74 0f <8a> 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 e9 bd 93 04 00 66 66 [ 1150.589527][T16742] RSP: 0018:ffffc90003777598 EFLAGS: 00050202 [ 1150.589542][T16742] RAX: 0000000000000001 RBX: ffffc900037778b8 RCX: 0000000000000002 [ 1150.589553][T16742] RDX: 0000000000000001 RSI: 0000000000000000 RDI: ffffc900037778b8 [ 1150.589563][T16742] RBP: 0000000000000000 R08: 0000000000000001 R09: fffff520006eef17 [ 1150.589573][T16742] R10: ffffc900037778b9 R11: 0000000000000000 R12: ffffc90003777d40 [ 1150.589583][T16742] R13: 0000000000000000 R14: 0000000000000002 R15: 0000000000000000 [ 1150.589608][T16742] _copy_from_iter+0x355/0x1690 [ 1150.589629][T16742] ? __pfx___might_resched+0x10/0x10 [ 1150.589656][T16742] ? __pfx__copy_from_iter+0x10/0x10 [ 1150.589694][T16742] ? find_held_lock+0x2b/0x80 [ 1150.589710][T16742] ? raw_sendmsg+0x76e/0x3800 [ 1150.589736][T16742] ? raw_sendmsg+0x76e/0x3800 [ 1150.589765][T16742] raw_sendmsg+0x1845/0x3800 [ 1150.589799][T16742] ? __pfx_raw_sendmsg+0x10/0x10 [ 1150.589826][T16742] ? __lock_acquire+0x4a5/0x2630 [ 1150.589852][T16742] ? __lock_acquire+0x4a5/0x2630 [ 1150.589895][T16742] ? __import_iovec+0x1d2/0x640 [ 1150.589913][T16742] ? __pfx_raw_sendmsg+0x10/0x10 [ 1150.589941][T16742] inet_sendmsg+0x11c/0x140 [ 1150.589969][T16742] ____sys_sendmsg+0x9ad/0xc30 [ 1150.589997][T16742] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1150.590027][T16742] ? __pfx__kstrtoull+0x10/0x10 [ 1150.590053][T16742] ___sys_sendmsg+0x190/0x1e0 [ 1150.590081][T16742] ? __pfx____sys_sendmsg+0x10/0x10 [ 1150.590119][T16742] ? find_held_lock+0x2b/0x80 [ 1150.590149][T16742] __sys_sendmmsg+0x205/0x430 [ 1150.590174][T16742] ? __pfx___sys_sendmmsg+0x10/0x10 [ 1150.590207][T16742] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 1150.590243][T16742] ? fput+0x79/0x100 [ 1150.590263][T16742] ? ksys_write+0x1ac/0x250 [ 1150.590290][T16742] ? __pfx_ksys_write+0x10/0x10 [ 1150.590321][T16742] __x64_sys_sendmmsg+0x9c/0x100 [ 1150.590342][T16742] ? lockdep_hardirqs_on+0x78/0x100 [ 1150.590363][T16742] do_syscall_64+0x106/0xf80 [ 1150.590383][T16742] ? clear_bhb_loop+0x40/0x90 [ 1150.590405][T16742] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1150.590423][T16742] RIP: 0033:0x7f14f879c799 [ 1150.590440][T16742] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1150.590456][T16742] RSP: 002b:00007f14f9649028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1150.590472][T16742] RAX: ffffffffffffffda RBX: 00007f14f8a15fa0 RCX: 00007f14f879c799 [ 1150.590482][T16742] RDX: 0000000000000003 RSI: 00002000000001c0 RDI: 0000000000000003 [ 1150.590492][T16742] RBP: 00007f14f9649090 R08: 0000000000000000 R09: 0000000000000000 [ 1150.590502][T16742] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1150.590512][T16742] R13: 00007f14f8a16038 R14: 00007f14f8a15fa0 R15: 00007ffc25744d78 [ 1150.590535][T16742] [ 1151.065818][T16735] CPU: 1 UID: 0 PID: 16735 Comm: syz.0.2181 Not tainted syzkaller #0 PREEMPT(full) [ 1151.065859][T16735] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1151.065875][T16735] Call Trace: [ 1151.065885][T16735] [ 1151.065896][T16735] dump_stack_lvl+0x100/0x190 [ 1151.065944][T16735] should_fail_ex.cold+0x5/0xa [ 1151.065972][T16735] ? prepare_alloc_pages+0x16d/0x5f0 [ 1151.066008][T16735] should_fail_alloc_page+0xeb/0x140 [ 1151.066041][T16735] prepare_alloc_pages+0x1f0/0x5f0 [ 1151.066081][T16735] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 1151.066129][T16735] ? stack_trace_save+0x8e/0xc0 [ 1151.066156][T16735] ? __pfx_stack_trace_save+0x10/0x10 [ 1151.066185][T16735] ? stack_depot_save_flags+0x27/0x9d0 [ 1151.066224][T16735] ? kasan_save_stack+0x3f/0x50 [ 1151.066265][T16735] ? kasan_save_stack+0x30/0x50 [ 1151.066308][T16735] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 1151.066349][T16735] ? __pmd_alloc+0xbf/0x9c0 [ 1151.066377][T16735] ? __handle_mm_fault+0xa99/0x2b60 [ 1151.066412][T16735] ? handle_mm_fault+0x36d/0xa20 [ 1151.066457][T16735] ? exc_page_fault+0x6f/0xd0 [ 1151.066488][T16735] ? __get_user_8+0x14/0x30 [ 1151.066530][T16735] ? __x64_sys_msgsnd+0xb7/0x130 [ 1151.066566][T16735] ? do_syscall_64+0x106/0xf80 [ 1151.066597][T16735] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1151.066650][T16735] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1151.066699][T16735] ? policy_nodemask+0xed/0x4f0 [ 1151.066732][T16735] alloc_pages_mpol+0x1fb/0x550 [ 1151.066765][T16735] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 1151.066807][T16735] alloc_pages_noprof+0x131/0x390 [ 1151.066841][T16735] pte_alloc_one+0x1e/0x3e0 [ 1151.066875][T16735] do_fault+0x8cc/0x1950 [ 1151.066905][T16735] ? __pmd_alloc+0x6aa/0x9c0 [ 1151.066942][T16735] __handle_mm_fault+0x180f/0x2b60 [ 1151.066987][T16735] ? mt_find+0x45e/0x8e0 [ 1151.067026][T16735] ? __pfx___handle_mm_fault+0x10/0x10 [ 1151.067061][T16735] ? __pfx_mt_find+0x10/0x10 [ 1151.067120][T16735] ? find_vma+0xbf/0x140 [ 1151.067146][T16735] ? __pfx_find_vma+0x10/0x10 [ 1151.067176][T16735] handle_mm_fault+0x36d/0xa20 [ 1151.067224][T16735] do_user_addr_fault+0x74c/0x12f0 [ 1151.067282][T16735] exc_page_fault+0x6f/0xd0 [ 1151.067317][T16735] asm_exc_page_fault+0x26/0x30 [ 1151.067344][T16735] RIP: 0010:__get_user_8+0x14/0x30 [ 1151.067388][T16735] Code: ca c3 cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 48 ba 00 f0 ff ff ff 7f 00 00 48 39 d0 48 0f 47 c2 0f 01 cb <48> 8b 10 31 c0 0f 01 ca e9 3f 8c 04 00 66 66 2e 0f 1f 84 00 00 00 [ 1151.067414][T16735] RSP: 0018:ffffc9000498fec8 EFLAGS: 00050287 [ 1151.067445][T16735] RAX: 0000000000000000 RBX: ffffc9000498ff48 RCX: ffffc9000498fe6c [ 1151.067464][T16735] RDX: 00007ffffffff000 RSI: ffffffff8255d9d1 RDI: ffffffff8c1af420 [ 1151.067482][T16735] RBP: 0000000000000000 R08: 0000000000000001 R09: 00000000000001c9 [ 1151.067499][T16735] R10: 0000000000000200 R11: 0000000000000000 R12: 0000000000000007 [ 1151.067515][T16735] R13: 0000000000000009 R14: 0000000000000000 R15: 0000000000000000 [ 1151.067545][T16735] ? __might_fault+0x111/0x140 [ 1151.067598][T16735] __x64_sys_msgsnd+0xb7/0x130 [ 1151.067639][T16735] do_syscall_64+0x106/0xf80 [ 1151.067671][T16735] ? clear_bhb_loop+0x40/0x90 [ 1151.067706][T16735] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1151.067734][T16735] RIP: 0033:0x7f217f79c799 [ 1151.067757][T16735] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1151.067785][T16735] RSP: 002b:00007f2180672028 EFLAGS: 00000246 ORIG_RAX: 0000000000000045 [ 1151.067810][T16735] RAX: ffffffffffffffda RBX: 00007f217fa15fa0 RCX: 00007f217f79c799 [ 1151.067828][T16735] RDX: 0000000000000007 RSI: 0000000000000000 RDI: 0000000000000000 [ 1151.067844][T16735] RBP: 00007f2180672090 R08: 0000000000000000 R09: 0000000000000000 [ 1151.067861][T16735] R10: 0000000000000009 R11: 0000000000000246 R12: 0000000000000001 [ 1151.067878][T16735] R13: 00007f217fa16038 R14: 00007f217fa15fa0 R15: 00007ffd5162e458 [ 1151.067918][T16735] [ 1151.462318][T16740] delete_channel: no stack [ 1151.505369][T16738] phram: not enough arguments [ 1151.742437][T16739] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1151.751381][T16739] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 1151.796451][T16739] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1151.802553][T16739] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1151.809470][T16739] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1151.815551][T16739] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 1151.943803][T16749] type: 65536 invalid [ 1152.724938][T16768] futex_wake_op: syz.3.2192 tries to shift op by -2048; fix this program [ 1152.768339][T16765] FAULT_INJECTION: forcing a failure. [ 1152.768339][T16765] name failslab, interval 1, probability 0, space 0, times 0 [ 1152.798699][T16765] CPU: 0 UID: 0 PID: 16765 Comm: syz.1.2191 Not tainted syzkaller #0 PREEMPT(full) [ 1152.798734][T16765] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1152.798745][T16765] Call Trace: [ 1152.798751][T16765] [ 1152.798759][T16765] dump_stack_lvl+0x100/0x190 [ 1152.798789][T16765] should_fail_ex.cold+0x5/0xa [ 1152.798812][T16765] should_failslab+0xc2/0x120 [ 1152.798831][T16765] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 1152.798858][T16765] ? seq_open+0x55/0x170 [ 1152.798882][T16765] ? __pfx_tracing_trace_options_show+0x10/0x10 [ 1152.798907][T16765] seq_open+0x55/0x170 [ 1152.798928][T16765] ? __pfx_tracing_trace_options_show+0x10/0x10 [ 1152.798950][T16765] single_open+0xfc/0x1d0 [ 1152.798976][T16765] tracing_trace_options_open+0xb0/0x100 [ 1152.799006][T16765] do_dentry_open+0x6d8/0x1660 [ 1152.799023][T16765] ? __pfx_tracing_trace_options_open+0x10/0x10 [ 1152.799056][T16765] vfs_open+0x82/0x3f0 [ 1152.799080][T16765] path_openat+0x208c/0x31a0 [ 1152.799106][T16765] ? __pfx_path_openat+0x10/0x10 [ 1152.799132][T16765] do_file_open+0x20e/0x430 [ 1152.799151][T16765] ? __pfx_do_file_open+0x10/0x10 [ 1152.799185][T16765] ? alloc_fd+0x476/0x790 [ 1152.799204][T16765] ? do_getname+0x191/0x390 [ 1152.799228][T16765] do_sys_openat2+0x10d/0x1e0 [ 1152.799251][T16765] ? __pfx_do_sys_openat2+0x10/0x10 [ 1152.799275][T16765] ? __fget_files+0x21f/0x3d0 [ 1152.799296][T16765] __x64_sys_openat+0x12d/0x210 [ 1152.799323][T16765] ? __pfx___x64_sys_openat+0x10/0x10 [ 1152.799347][T16765] ? arch_syscall_is_vdso_sigreturn+0xb6/0x200 [ 1152.799371][T16765] ? syscall_user_dispatch+0x76/0x130 [ 1152.799398][T16765] do_syscall_64+0x106/0xf80 [ 1152.799419][T16765] ? clear_bhb_loop+0x40/0x90 [ 1152.799441][T16765] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1152.799460][T16765] RIP: 0033:0x7f64c159c799 [ 1152.799476][T16765] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1152.799500][T16765] RSP: 002b:00007f64bf7f6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1152.799518][T16765] RAX: ffffffffffffffda RBX: 00007f64c1815fa0 RCX: 00007f64c159c799 [ 1152.799530][T16765] RDX: 0000000000000442 RSI: 0000200000000cc0 RDI: ffffffffffffff9c [ 1152.799541][T16765] RBP: 00007f64c1632bd9 R08: 0000000000000000 R09: 0000000000000000 [ 1152.799552][T16765] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1152.799563][T16765] R13: 00007f64c1816038 R14: 00007f64c1815fa0 R15: 00007ffd81aa23a8 [ 1152.799586][T16765] [ 1152.841881][T16774] FAULT_INJECTION: forcing a failure. [ 1152.841881][T16774] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1153.174130][T16774] CPU: 1 UID: 0 PID: 16774 Comm: syz.0.2194 Not tainted syzkaller #0 PREEMPT(full) [ 1153.174168][T16774] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1153.174185][T16774] Call Trace: [ 1153.174195][T16774] [ 1153.174206][T16774] dump_stack_lvl+0x100/0x190 [ 1153.174256][T16774] should_fail_ex.cold+0x5/0xa [ 1153.174291][T16774] _copy_from_user+0x2e/0xd0 [ 1153.174340][T16774] get_user_ifreq+0x77/0x1c0 [ 1153.174381][T16774] sock_do_ioctl+0x16e/0x280 [ 1153.174422][T16774] ? __pfx_sock_do_ioctl+0x10/0x10 [ 1153.174471][T16774] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 1153.174521][T16774] sock_ioctl+0x599/0x6b0 [ 1153.174568][T16774] ? __pfx_sock_ioctl+0x10/0x10 [ 1153.174610][T16774] ? hook_file_ioctl_common+0x146/0x410 [ 1153.174666][T16774] ? __fget_files+0x21f/0x3d0 [ 1153.174700][T16774] ? __pfx_sock_ioctl+0x10/0x10 [ 1153.174756][T16774] __x64_sys_ioctl+0x18e/0x210 [ 1153.174801][T16774] do_syscall_64+0x106/0xf80 [ 1153.174835][T16774] ? clear_bhb_loop+0x40/0x90 [ 1153.174873][T16774] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1153.174903][T16774] RIP: 0033:0x7f217f79c799 [ 1153.174928][T16774] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1153.174955][T16774] RSP: 002b:00007f2180630028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1153.174982][T16774] RAX: ffffffffffffffda RBX: 00007f217fa16180 RCX: 00007f217f79c799 [ 1153.175001][T16774] RDX: 0000000000000024 RSI: 0000000000008971 RDI: 0000000000000003 [ 1153.175018][T16774] RBP: 00007f2180630090 R08: 0000000000000000 R09: 0000000000000000 [ 1153.175035][T16774] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1153.175052][T16774] R13: 00007f217fa16218 R14: 00007f217fa16180 R15: 00007ffd5162e458 [ 1153.175091][T16774] [ 1153.691048][ T5143] Bluetooth: hci0: command 0x0406 tx timeout [ 1153.700297][T16781] netlink: 'syz.3.2195': attribute type 1 has an invalid length. [ 1153.756443][T16778] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2195'. [ 1153.795480][T16781] netlink: 306 bytes leftover after parsing attributes in process `syz.3.2195'. [ 1153.845161][T16781] netlink: 'syz.3.2195': attribute type 1 has an invalid length. [ 1153.854883][ T5143] Bluetooth: hci2: command 0x0c1a tx timeout [ 1153.860003][T12788] Bluetooth: hci3: command 0x0406 tx timeout [ 1153.861466][ T5143] Bluetooth: hci1: command 0x0406 tx timeout [ 1153.893340][T16781] netlink: 306 bytes leftover after parsing attributes in process `syz.3.2195'. [ 1153.990148][T16789] FAULT_INJECTION: forcing a failure. [ 1153.990148][T16789] name failslab, interval 1, probability 0, space 0, times 0 [ 1154.016986][T16789] CPU: 1 UID: 0 PID: 16789 Comm: syz.0.2198 Not tainted syzkaller #0 PREEMPT(full) [ 1154.017025][T16789] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1154.017043][T16789] Call Trace: [ 1154.017053][T16789] [ 1154.017065][T16789] dump_stack_lvl+0x100/0x190 [ 1154.017114][T16789] should_fail_ex.cold+0x5/0xa [ 1154.017149][T16789] should_failslab+0xc2/0x120 [ 1154.017181][T16789] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 1154.017222][T16789] ? __pmd_alloc+0xbf/0x9c0 [ 1154.017262][T16789] __pmd_alloc+0xbf/0x9c0 [ 1154.017299][T16789] __handle_mm_fault+0xa99/0x2b60 [ 1154.017343][T16789] ? mt_find+0x45e/0x8e0 [ 1154.017382][T16789] ? __pfx___handle_mm_fault+0x10/0x10 [ 1154.017419][T16789] ? __pfx_mt_find+0x10/0x10 [ 1154.017477][T16789] ? find_vma+0xbf/0x140 [ 1154.017504][T16789] ? __pfx_find_vma+0x10/0x10 [ 1154.017537][T16789] handle_mm_fault+0x36d/0xa20 [ 1154.017585][T16789] do_user_addr_fault+0x74c/0x12f0 [ 1154.017653][T16789] exc_page_fault+0x6f/0xd0 [ 1154.017688][T16789] asm_exc_page_fault+0x26/0x30 [ 1154.017727][T16789] RIP: 0010:copy_iovec_from_user+0xcf/0x140 [ 1154.017775][T16789] Code: 0f 85 87 00 00 00 4c 89 6b 08 49 83 ec 01 31 ff 48 83 c5 10 4c 89 e6 48 83 c3 10 e8 0b 04 17 fd 4d 85 e4 74 57 e8 21 09 17 fd <4c> 8b 6d 08 e8 18 09 17 fd 4c 8b 7d 00 e8 0f 09 17 fd 31 ff 4c 89 [ 1154.017804][T16789] RSP: 0018:ffffc90003217930 EFLAGS: 00050293 [ 1154.017829][T16789] RAX: 0000000000000000 RBX: ffffc90003217bb0 RCX: ffffffff84f0f10b [ 1154.017848][T16789] RDX: ffff888035438000 RSI: ffffffff84f0f17f RDI: ffff888035438000 [ 1154.017867][T16789] RBP: 0000000000000000 R08: 0000000000000006 R09: 0000000000000000 [ 1154.017884][T16789] R10: 0000000000000050 R11: 0000000000000000 R12: 0000000000000005 [ 1154.017901][T16789] R13: 0000000000000050 R14: dffffc0000000000 R15: 0000000000000000 [ 1154.017930][T16789] ? copy_iovec_from_user+0x5b/0x140 [ 1154.017974][T16789] ? copy_iovec_from_user+0xcf/0x140 [ 1154.018029][T16789] iovec_from_user+0xc1/0x140 [ 1154.018063][T16789] __import_iovec+0x81/0x640 [ 1154.018090][T16789] ? __might_fault+0xc5/0x140 [ 1154.018139][T16789] import_iovec+0x82/0xb0 [ 1154.018173][T16789] copy_msghdr_from_user+0x2ed/0x4f0 [ 1154.018222][T16789] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 1154.018298][T16789] ? __lock_acquire+0x4a5/0x2630 [ 1154.018344][T16789] ___sys_recvmsg+0xdd/0x1a0 [ 1154.018390][T16789] ? __pfx____sys_recvmsg+0x10/0x10 [ 1154.018441][T16789] ? find_held_lock+0x2b/0x80 [ 1154.018493][T16789] do_recvmmsg+0x301/0x760 [ 1154.018545][T16789] ? __pfx_do_recvmmsg+0x10/0x10 [ 1154.018586][T16789] ? ksys_write+0x190/0x250 [ 1154.018630][T16789] ? ksys_write+0x190/0x250 [ 1154.018681][T16789] ? __mutex_unlock_slowpath+0x15c/0x790 [ 1154.018739][T16789] ? __fget_files+0x21f/0x3d0 [ 1154.018777][T16789] __x64_sys_recvmmsg+0x22a/0x280 [ 1154.018813][T16789] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 1154.018862][T16789] do_syscall_64+0x106/0xf80 [ 1154.018894][T16789] ? clear_bhb_loop+0x40/0x90 [ 1154.018931][T16789] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1154.018961][T16789] RIP: 0033:0x7f217f79c799 [ 1154.018984][T16789] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1154.019011][T16789] RSP: 002b:00007f2180672028 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1154.019038][T16789] RAX: ffffffffffffffda RBX: 00007f217fa15fa0 RCX: 00007f217f79c799 [ 1154.019056][T16789] RDX: 00000000fffffff9 RSI: 0000200000000040 RDI: 0000000000000004 [ 1154.019074][T16789] RBP: 00007f2180672090 R08: 0000000000000000 R09: 0000000000000000 [ 1154.019091][T16789] R10: 0000000000000010 R11: 0000000000000246 R12: 0000000000000001 [ 1154.019107][T16789] R13: 00007f217fa16038 R14: 00007f217fa15fa0 R15: 00007ffd5162e458 [ 1154.019149][T16789] [ 1154.468803][T16793] qrtr: Invalid version 0 [ 1155.766154][ T5143] Bluetooth: hci0: command 0x0406 tx timeout [ 1155.925687][ T5143] Bluetooth: hci2: command 0x0c1a tx timeout [ 1156.477212][T16833] FAULT_INJECTION: forcing a failure. [ 1156.477212][T16833] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1156.522966][T16831] block2mtd: error: cannot open device çinX‘©¼Ëò¨±ÂÚjFBçB>U»;߸³Ilk¬ [ 1156.616918][T16833] CPU: 0 UID: 0 PID: 16833 Comm: syz.0.2205 Not tainted syzkaller #0 PREEMPT(full) [ 1156.616944][T16833] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1156.616955][T16833] Call Trace: [ 1156.616961][T16833] [ 1156.616968][T16833] dump_stack_lvl+0x100/0x190 [ 1156.616998][T16833] should_fail_ex.cold+0x5/0xa [ 1156.617019][T16833] _copy_from_user+0x2e/0xd0 [ 1156.617048][T16833] do_tcp_getsockopt+0x20be/0x2a00 [ 1156.617066][T16833] ? bpf_ksym_find+0x124/0x1c0 [ 1156.617088][T16833] ? __pfx_do_tcp_getsockopt+0x10/0x10 [ 1156.617107][T16833] ? kernel_text_address+0x8d/0x100 [ 1156.617133][T16833] ? unwind_get_return_address+0x59/0xa0 [ 1156.617156][T16833] ? __lock_acquire+0x4a5/0x2630 [ 1156.617183][T16833] ? aa_label_sk_perm+0x194/0x5f0 [ 1156.617215][T16833] ? __pfx_aa_label_sk_perm+0x10/0x10 [ 1156.617250][T16833] ? __lock_acquire+0x4a5/0x2630 [ 1156.617280][T16833] ? __lock_acquire+0x4a5/0x2630 [ 1156.617301][T16833] ? find_held_lock+0x2b/0x80 [ 1156.617320][T16833] ? aa_sk_perm+0x309/0xaa0 [ 1156.617366][T16833] ? find_held_lock+0x2b/0x80 [ 1156.617382][T16833] ? __might_fault+0xc5/0x140 [ 1156.617406][T16833] ? __might_fault+0xc5/0x140 [ 1156.617435][T16833] tcp_getsockopt+0xe4/0x110 [ 1156.617455][T16833] ? __pfx_sock_common_getsockopt+0x10/0x10 [ 1156.617481][T16833] do_sock_getsockopt+0x259/0x3d0 [ 1156.617508][T16833] ? __pfx_do_sock_getsockopt+0x10/0x10 [ 1156.617544][T16833] __sys_getsockopt+0x133/0x1d0 [ 1156.617566][T16833] ? __pfx_ksys_write+0x10/0x10 [ 1156.617602][T16833] ? __x64_sys_getsockopt+0xbd/0x160 [ 1156.617621][T16833] __x64_sys_getsockopt+0xbd/0x160 [ 1156.617639][T16833] ? do_syscall_64+0x95/0xf80 [ 1156.617665][T16833] ? lockdep_hardirqs_on+0x78/0x100 [ 1156.617686][T16833] do_syscall_64+0x106/0xf80 [ 1156.617705][T16833] ? clear_bhb_loop+0x40/0x90 [ 1156.617727][T16833] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1156.617746][T16833] RIP: 0033:0x7f217f79c799 [ 1156.617761][T16833] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1156.617786][T16833] RSP: 002b:00007f2180672028 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 1156.617812][T16833] RAX: ffffffffffffffda RBX: 00007f217fa15fa0 RCX: 00007f217f79c799 [ 1156.617829][T16833] RDX: 0000000000000023 RSI: 0000000000000006 RDI: 0000000000000003 [ 1156.617844][T16833] RBP: 00007f2180672090 R08: 0000200000000100 R09: 0000000000000000 [ 1156.617861][T16833] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1156.617878][T16833] R13: 00007f217fa16038 R14: 00007f217fa15fa0 R15: 00007ffd5162e458 [ 1156.617926][T16833] [ 1157.491375][T16844] FAULT_INJECTION: forcing a failure. [ 1157.491375][T16844] name failslab, interval 1, probability 0, space 0, times 0 [ 1157.613023][T16844] CPU: 1 UID: 0 PID: 16844 Comm: syz.1.2207 Not tainted syzkaller #0 PREEMPT(full) [ 1157.613066][T16844] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1157.613086][T16844] Call Trace: [ 1157.613096][T16844] [ 1157.613110][T16844] dump_stack_lvl+0x100/0x190 [ 1157.613163][T16844] should_fail_ex.cold+0x5/0xa [ 1157.613200][T16844] ? lsm_blob_alloc+0x68/0x90 [ 1157.613234][T16844] should_failslab+0xc2/0x120 [ 1157.613266][T16844] __kmalloc_noprof+0xe0/0x850 [ 1157.613310][T16844] ? trace_kmalloc+0x101/0x130 [ 1157.613349][T16844] lsm_blob_alloc+0x68/0x90 [ 1157.613393][T16844] security_sk_alloc+0x2d/0x290 [ 1157.613440][T16844] sk_prot_alloc+0x12a/0x2a0 [ 1157.613488][T16844] sk_alloc+0x36/0xe80 [ 1157.613524][T16844] __netlink_create+0x5e/0x2c0 [ 1157.613561][T16844] __netlink_kernel_create+0xed/0x750 [ 1157.613599][T16844] ? __lock_acquire+0x4a5/0x2630 [ 1157.613632][T16844] ? __pfx___netlink_kernel_create+0x10/0x10 [ 1157.613676][T16844] rtnetlink_net_init+0xb9/0x140 [ 1157.613707][T16844] ? __pfx_rtnetlink_net_init+0x10/0x10 [ 1157.613736][T16844] ? lockdep_init_map_type+0x5c/0x250 [ 1157.613771][T16844] ? __pfx_rtnetlink_rcv+0x10/0x10 [ 1157.613796][T16844] ? __pfx_rtnetlink_bind+0x10/0x10 [ 1157.613825][T16844] ? mutex_init_lockep+0x110/0x150 [ 1157.613864][T16844] ? __pfx_rtnetlink_net_init+0x10/0x10 [ 1157.613890][T16844] ops_init+0x1e2/0x5f0 [ 1157.613928][T16844] setup_net+0x118/0x3a0 [ 1157.613961][T16844] ? __pfx_setup_net+0x10/0x10 [ 1157.613991][T16844] ? lockdep_init_map_type+0x5c/0x250 [ 1157.614027][T16844] ? mutex_init_lockep+0x110/0x150 [ 1157.614075][T16844] copy_net_ns+0x46f/0x7c0 [ 1157.614116][T16844] create_new_namespaces+0x3ea/0xac0 [ 1157.614154][T16844] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 1157.614186][T16844] ksys_unshare+0x473/0xad0 [ 1157.614223][T16844] ? __pfx_ksys_unshare+0x10/0x10 [ 1157.614276][T16844] __x64_sys_unshare+0x31/0x40 [ 1157.614312][T16844] do_syscall_64+0x106/0xf80 [ 1157.614346][T16844] ? clear_bhb_loop+0x40/0x90 [ 1157.614394][T16844] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1157.614426][T16844] RIP: 0033:0x7f64c159c799 [ 1157.614452][T16844] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1157.614479][T16844] RSP: 002b:00007f64bf7f6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 1157.614509][T16844] RAX: ffffffffffffffda RBX: 00007f64c1815fa0 RCX: 00007f64c159c799 [ 1157.614527][T16844] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 1157.614545][T16844] RBP: 00007f64c1632bd9 R08: 0000000000000000 R09: 0000000000000000 [ 1157.614563][T16844] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1157.614581][T16844] R13: 00007f64c1816038 R14: 00007f64c1815fa0 R15: 00007ffd81aa23a8 [ 1157.614621][T16844] [ 1157.970314][T16853] netlink: 350 bytes leftover after parsing attributes in process `syz.3.2210'. [ 1159.816559][T16876] Page cache invalidation failure on direct I/O. Possible data corruption due to collision with buffered I/O! [ 1159.914108][T16876] File: /dev/nullb0 PID: 16876 Comm: syz.0.2215 [ 1160.004316][T16881] FAULT_INJECTION: forcing a failure. [ 1160.004316][T16881] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1160.053837][T16881] CPU: 1 UID: 0 PID: 16881 Comm: syz.2.2216 Not tainted syzkaller #0 PREEMPT(full) [ 1160.053877][T16881] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1160.053894][T16881] Call Trace: [ 1160.053904][T16881] [ 1160.053915][T16881] dump_stack_lvl+0x100/0x190 [ 1160.053963][T16881] should_fail_ex.cold+0x5/0xa [ 1160.053989][T16881] ? page_copy_sane+0x17c/0x2d0 [ 1160.054035][T16881] copy_folio_from_iter_atomic+0x427/0x1e70 [ 1160.054078][T16881] ? simple_xattr_get+0x179/0x1d0 [ 1160.054119][T16881] ? __pfx_copy_folio_from_iter_atomic+0x10/0x10 [ 1160.054147][T16881] ? shmem_write_begin+0x1ba/0x420 [ 1160.054194][T16881] ? __pfx_shmem_write_begin+0x10/0x10 [ 1160.054239][T16881] ? balance_dirty_pages_ratelimited_flags+0x91/0x1170 [ 1160.054271][T16881] ? lockdep_hardirqs_on+0x78/0x100 [ 1160.054311][T16881] generic_perform_write+0x4cb/0xa40 [ 1160.054362][T16881] ? __pfx_generic_perform_write+0x10/0x10 [ 1160.054410][T16881] ? file_update_time_flags+0x373/0x500 [ 1160.054448][T16881] shmem_file_write_iter+0x10e/0x140 [ 1160.054480][T16881] vfs_write+0x6ac/0x1070 [ 1160.054522][T16881] ? __pfx_shmem_file_write_iter+0x10/0x10 [ 1160.054556][T16881] ? __pfx_vfs_write+0x10/0x10 [ 1160.054616][T16881] ? __pfx_do_sys_openat2+0x10/0x10 [ 1160.054672][T16881] ksys_write+0x12a/0x250 [ 1160.054716][T16881] ? __pfx_ksys_write+0x10/0x10 [ 1160.054771][T16881] do_syscall_64+0x106/0xf80 [ 1160.054804][T16881] ? clear_bhb_loop+0x40/0x90 [ 1160.054840][T16881] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1160.054870][T16881] RIP: 0033:0x7f9bcbf9c799 [ 1160.054894][T16881] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1160.054923][T16881] RSP: 002b:00007f9bccd78028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1160.054950][T16881] RAX: ffffffffffffffda RBX: 00007f9bcc216090 RCX: 00007f9bcbf9c799 [ 1160.054969][T16881] RDX: 00000000fffffdf1 RSI: 0000000000000000 RDI: 0000000000000001 [ 1160.054986][T16881] RBP: 00007f9bccd78090 R08: 0000000000000000 R09: 0000000000000000 [ 1160.055001][T16881] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1160.055018][T16881] R13: 00007f9bcc216128 R14: 00007f9bcc216090 R15: 00007ffe23b1c608 [ 1160.055056][T16881] [ 1160.833562][T16895] ref_tracker: memory allocation failure, unreliable refcount tracker. [ 1162.730155][T16922] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 1166.378774][ T30] audit: type=1800 audit(6067377095.522:45): pid=16992 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.2241" name="features" dev="configfs" ino=100834 res=0 errno=0 [ 1167.775612][T17015] ubi0: attaching mtd0 [ 1167.809953][T17015] ubi0: scanning is finished [ 1167.814602][T17015] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 1168.128554][T17015] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 1168.563780][T17037] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2252'. [ 1170.830478][T17055] FAULT_INJECTION: forcing a failure. [ 1170.830478][T17055] name failslab, interval 1, probability 0, space 0, times 0 [ 1170.871691][T17055] CPU: 1 UID: 0 PID: 17055 Comm: syz.1.2256 Not tainted syzkaller #0 PREEMPT(full) [ 1170.871731][T17055] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1170.871747][T17055] Call Trace: [ 1170.871757][T17055] [ 1170.871765][T17055] dump_stack_lvl+0x100/0x190 [ 1170.871795][T17055] should_fail_ex.cold+0x5/0xa [ 1170.871817][T17055] should_failslab+0xc2/0x120 [ 1170.871835][T17055] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 1170.871861][T17055] ? alloc_empty_file+0x55/0x1c0 [ 1170.871882][T17055] ? __pfx_stack_trace_save+0x10/0x10 [ 1170.871903][T17055] alloc_empty_file+0x55/0x1c0 [ 1170.871925][T17055] path_openat+0xe8/0x31a0 [ 1170.871941][T17055] ? kasan_save_stack+0x3f/0x50 [ 1170.871967][T17055] ? kasan_save_stack+0x30/0x50 [ 1170.871991][T17055] ? kasan_save_track+0x14/0x30 [ 1170.872015][T17055] ? __kasan_slab_alloc+0x89/0x90 [ 1170.872030][T17055] ? kmem_cache_alloc_noprof+0x241/0x6e0 [ 1170.872055][T17055] ? do_getname+0x35/0x390 [ 1170.872074][T17055] ? do_sys_openat2+0xc5/0x1e0 [ 1170.872096][T17055] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1170.872117][T17055] ? __pfx_path_openat+0x10/0x10 [ 1170.872143][T17055] do_file_open+0x20e/0x430 [ 1170.872163][T17055] ? __pfx_do_file_open+0x10/0x10 [ 1170.872196][T17055] ? alloc_fd+0x476/0x790 [ 1170.872216][T17055] ? do_getname+0x191/0x390 [ 1170.872238][T17055] do_sys_openat2+0x10d/0x1e0 [ 1170.872261][T17055] ? __pfx_do_sys_openat2+0x10/0x10 [ 1170.872282][T17055] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 1170.872308][T17055] ? __fget_files+0x21f/0x3d0 [ 1170.872328][T17055] __x64_sys_openat+0x12d/0x210 [ 1170.872351][T17055] ? __pfx___x64_sys_openat+0x10/0x10 [ 1170.872375][T17055] ? ksys_write+0x1ac/0x250 [ 1170.872410][T17055] do_syscall_64+0x106/0xf80 [ 1170.872429][T17055] ? clear_bhb_loop+0x40/0x90 [ 1170.872450][T17055] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1170.872468][T17055] RIP: 0033:0x7f64c159c799 [ 1170.872483][T17055] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1170.872500][T17055] RSP: 002b:00007f64bf7d5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1170.872517][T17055] RAX: ffffffffffffffda RBX: 00007f64c1816090 RCX: 00007f64c159c799 [ 1170.872528][T17055] RDX: 0000000000000102 RSI: 0000200000000800 RDI: ffffffffffffff9c [ 1170.872539][T17055] RBP: 00007f64bf7d5090 R08: 0000000000000000 R09: 0000000000000000 [ 1170.872549][T17055] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1170.872559][T17055] R13: 00007f64c1816128 R14: 00007f64c1816090 R15: 00007ffd81aa23a8 [ 1170.872587][T17055] [ 1171.146784][T17072] FAULT_INJECTION: forcing a failure. [ 1171.146784][T17072] name failslab, interval 1, probability 0, space 0, times 0 [ 1171.160151][T17072] CPU: 1 UID: 0 PID: 17072 Comm: syz.2.2260 Not tainted syzkaller #0 PREEMPT(full) [ 1171.160177][T17072] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1171.160187][T17072] Call Trace: [ 1171.160194][T17072] [ 1171.160200][T17072] dump_stack_lvl+0x100/0x190 [ 1171.160230][T17072] should_fail_ex.cold+0x5/0xa [ 1171.160251][T17072] should_failslab+0xc2/0x120 [ 1171.160270][T17072] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1171.160292][T17072] ? snd_pcm_oss_change_params_locked+0x247/0x39f0 [ 1171.160334][T17072] snd_pcm_oss_change_params_locked+0x247/0x39f0 [ 1171.160364][T17072] ? rcu_is_watching+0x12/0xc0 [ 1171.160395][T17072] ? trace_contention_end+0x140/0x180 [ 1171.160430][T17072] ? snd_pcm_oss_read+0x3b2/0x730 [ 1171.160447][T17072] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 1171.160483][T17072] ? __pfx___mutex_lock+0x10/0x10 [ 1171.160519][T17072] snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 1171.160549][T17072] snd_pcm_oss_read+0x3d4/0x730 [ 1171.160569][T17072] ? __pfx_snd_pcm_oss_read+0x10/0x10 [ 1171.160587][T17072] vfs_read+0x1e4/0xb30 [ 1171.160616][T17072] ? __pfx_vfs_read+0x10/0x10 [ 1171.160641][T17072] ? find_held_lock+0x2b/0x80 [ 1171.160656][T17072] ? __fget_files+0x215/0x3d0 [ 1171.160671][T17072] ? __fget_files+0x215/0x3d0 [ 1171.160690][T17072] ? __fget_files+0x21f/0x3d0 [ 1171.160712][T17072] ksys_read+0x12a/0x250 [ 1171.160738][T17072] ? __pfx_ksys_read+0x10/0x10 [ 1171.160771][T17072] do_syscall_64+0x106/0xf80 [ 1171.160791][T17072] ? clear_bhb_loop+0x40/0x90 [ 1171.160812][T17072] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1171.160830][T17072] RIP: 0033:0x7f9bcbf9c799 [ 1171.160845][T17072] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1171.160862][T17072] RSP: 002b:00007f9bccd99028 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1171.160880][T17072] RAX: ffffffffffffffda RBX: 00007f9bcc215fa0 RCX: 00007f9bcbf9c799 [ 1171.160891][T17072] RDX: 0000000000008080 RSI: 0000000000000000 RDI: 0000000000000003 [ 1171.160901][T17072] RBP: 00007f9bccd99090 R08: 0000000000000000 R09: 0000000000000000 [ 1171.160911][T17072] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1171.160921][T17072] R13: 00007f9bcc216038 R14: 00007f9bcc215fa0 R15: 00007ffe23b1c608 [ 1171.160944][T17072] [ 1172.074128][T17079] FAULT_INJECTION: forcing a failure. [ 1172.074128][T17079] name failslab, interval 1, probability 0, space 0, times 0 [ 1172.169971][T17079] CPU: 0 UID: 0 PID: 17079 Comm: syz.2.2262 Not tainted syzkaller #0 PREEMPT(full) [ 1172.170014][T17079] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1172.170030][T17079] Call Trace: [ 1172.170039][T17079] [ 1172.170047][T17079] dump_stack_lvl+0x100/0x190 [ 1172.170079][T17079] should_fail_ex.cold+0x5/0xa [ 1172.170100][T17079] should_failslab+0xc2/0x120 [ 1172.170119][T17079] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1172.170141][T17079] ? do_kimage_alloc_init+0x40/0x320 [ 1172.170163][T17079] do_kimage_alloc_init+0x40/0x320 [ 1172.170182][T17079] do_kexec_load+0x11b/0x810 [ 1172.170204][T17079] ? __pfx_do_kexec_load+0x10/0x10 [ 1172.170226][T17079] ? _copy_from_user+0x59/0xd0 [ 1172.170256][T17079] __x64_sys_kexec_load+0x1bf/0x230 [ 1172.170278][T17079] do_syscall_64+0x106/0xf80 [ 1172.170299][T17079] ? clear_bhb_loop+0x40/0x90 [ 1172.170321][T17079] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1172.170340][T17079] RIP: 0033:0x7f9bcbf9c799 [ 1172.170363][T17079] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1172.170381][T17079] RSP: 002b:00007f9bccd99028 EFLAGS: 00000246 ORIG_RAX: 00000000000000f6 [ 1172.170399][T17079] RAX: ffffffffffffffda RBX: 00007f9bcc215fa0 RCX: 00007f9bcbf9c799 [ 1172.170411][T17079] RDX: 0000200000000040 RSI: 0000000000000002 RDI: 0000000000000005 [ 1172.170422][T17079] RBP: 00007f9bccd99090 R08: 0000000000000000 R09: 0000000000000000 [ 1172.170432][T17079] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000000001 [ 1172.170443][T17079] R13: 00007f9bcc216038 R14: 00007f9bcc215fa0 R15: 00007ffe23b1c608 [ 1172.170465][T17079] [ 1172.776688][T17089] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 1174.571078][T17097] kexec: Could not allocate control_code_buffer [ 1175.751655][T17137] FAULT_INJECTION: forcing a failure. [ 1175.751655][T17137] name failslab, interval 1, probability 0, space 0, times 0 [ 1175.901145][T17137] CPU: 0 UID: 0 PID: 17137 Comm: syz.2.2273 Not tainted syzkaller #0 PREEMPT(full) [ 1175.901172][T17137] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1175.901184][T17137] Call Trace: [ 1175.901190][T17137] [ 1175.901198][T17137] dump_stack_lvl+0x100/0x190 [ 1175.901230][T17137] should_fail_ex.cold+0x5/0xa [ 1175.901251][T17137] should_failslab+0xc2/0x120 [ 1175.901270][T17137] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1175.901294][T17137] ? snd_pcm_oss_change_params_locked+0x247/0x39f0 [ 1175.901329][T17137] snd_pcm_oss_change_params_locked+0x247/0x39f0 [ 1175.901360][T17137] ? rcu_is_watching+0x12/0xc0 [ 1175.901386][T17137] ? trace_contention_end+0x140/0x180 [ 1175.901414][T17137] ? snd_pcm_oss_read+0x3b2/0x730 [ 1175.901431][T17137] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 1175.901463][T17137] ? __pfx___mutex_lock+0x10/0x10 [ 1175.901513][T17137] snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 1175.901551][T17137] snd_pcm_oss_read+0x3d4/0x730 [ 1175.901585][T17137] ? __pfx_snd_pcm_oss_read+0x10/0x10 [ 1175.901603][T17137] vfs_read+0x1e4/0xb30 [ 1175.901634][T17137] ? __pfx_vfs_read+0x10/0x10 [ 1175.901659][T17137] ? find_held_lock+0x2b/0x80 [ 1175.901675][T17137] ? __fget_files+0x215/0x3d0 [ 1175.901690][T17137] ? __fget_files+0x215/0x3d0 [ 1175.901710][T17137] ? __fget_files+0x21f/0x3d0 [ 1175.901733][T17137] ksys_read+0x12a/0x250 [ 1175.901760][T17137] ? __pfx_ksys_read+0x10/0x10 [ 1175.901793][T17137] do_syscall_64+0x106/0xf80 [ 1175.901814][T17137] ? clear_bhb_loop+0x40/0x90 [ 1175.901837][T17137] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1175.901856][T17137] RIP: 0033:0x7f9bcbf9c799 [ 1175.901872][T17137] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1175.901889][T17137] RSP: 002b:00007f9bccd99028 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1175.901907][T17137] RAX: ffffffffffffffda RBX: 00007f9bcc215fa0 RCX: 00007f9bcbf9c799 [ 1175.901919][T17137] RDX: 0000000000008080 RSI: 0000000000000000 RDI: 0000000000000003 [ 1175.901930][T17137] RBP: 00007f9bccd99090 R08: 0000000000000000 R09: 0000000000000000 [ 1175.901941][T17137] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1175.901952][T17137] R13: 00007f9bcc216038 R14: 00007f9bcc215fa0 R15: 00007ffe23b1c608 [ 1175.901975][T17137] [ 1177.541113][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 1177.547671][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 1177.600786][T17169] FAULT_INJECTION: forcing a failure. [ 1177.600786][T17169] name failslab, interval 1, probability 0, space 0, times 0 [ 1177.657472][T17169] CPU: 1 UID: 0 PID: 17169 Comm: syz.3.2280 Not tainted syzkaller #0 PREEMPT(full) [ 1177.657501][T17169] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1177.657522][T17169] Call Trace: [ 1177.657529][T17169] [ 1177.657537][T17169] dump_stack_lvl+0x100/0x190 [ 1177.657571][T17169] should_fail_ex.cold+0x5/0xa [ 1177.657593][T17169] should_failslab+0xc2/0x120 [ 1177.657618][T17169] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 1177.657645][T17169] ? sock_alloc_inode+0x25/0x1c0 [ 1177.657670][T17169] ? copy_net_ns+0x46f/0x7c0 [ 1177.657695][T17169] ? unshare_nsproxy_namespaces+0xc3/0x1f0 [ 1177.657714][T17169] ? ksys_unshare+0x473/0xad0 [ 1177.657737][T17169] ? __pfx_sock_alloc_inode+0x10/0x10 [ 1177.657763][T17169] sock_alloc_inode+0x25/0x1c0 [ 1177.657788][T17169] alloc_inode+0x68/0x250 [ 1177.657813][T17169] sock_alloc+0x44/0x280 [ 1177.657835][T17169] ? security_socket_create+0x7f/0x250 [ 1177.657862][T17169] sock_create_lite+0x82/0x120 [ 1177.657888][T17169] __netlink_kernel_create+0xbd/0x750 [ 1177.657914][T17169] ? __pfx___netlink_kernel_create+0x10/0x10 [ 1177.657936][T17169] ? find_held_lock+0x2b/0x80 [ 1177.657953][T17169] ? audit_net_init+0x190/0x440 [ 1177.657977][T17169] ? audit_net_init+0x190/0x440 [ 1177.658003][T17169] audit_net_init+0x1ae/0x440 [ 1177.658027][T17169] ? __pfx_audit_net_init+0x10/0x10 [ 1177.658049][T17169] ? rcu_is_watching+0x12/0xc0 [ 1177.658092][T17169] ? __pfx_audit_receive+0x10/0x10 [ 1177.658119][T17169] ? __pfx_audit_multicast_bind+0x10/0x10 [ 1177.658146][T17169] ? __pfx_audit_multicast_unbind+0x10/0x10 [ 1177.658175][T17169] ? __kmalloc_noprof+0x320/0x850 [ 1177.658205][T17169] ? __pfx_audit_net_init+0x10/0x10 [ 1177.658229][T17169] ops_init+0x1e2/0x5f0 [ 1177.658255][T17169] setup_net+0x118/0x3a0 [ 1177.658340][T17169] ? __pfx_setup_net+0x10/0x10 [ 1177.658362][T17169] ? lockdep_init_map_type+0x5c/0x250 [ 1177.658394][T17169] ? mutex_init_lockep+0x110/0x150 [ 1177.658422][T17169] copy_net_ns+0x46f/0x7c0 [ 1177.658450][T17169] create_new_namespaces+0x3ea/0xac0 [ 1177.658475][T17169] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 1177.658498][T17169] ksys_unshare+0x473/0xad0 [ 1177.658529][T17169] ? __pfx_ksys_unshare+0x10/0x10 [ 1177.658564][T17169] __x64_sys_unshare+0x31/0x40 [ 1177.658586][T17169] do_syscall_64+0x106/0xf80 [ 1177.658608][T17169] ? clear_bhb_loop+0x40/0x90 [ 1177.658631][T17169] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1177.658651][T17169] RIP: 0033:0x7f14f879c799 [ 1177.658667][T17169] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1177.658685][T17169] RSP: 002b:00007f14f9628028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 1177.658704][T17169] RAX: ffffffffffffffda RBX: 00007f14f8a16090 RCX: 00007f14f879c799 [ 1177.658716][T17169] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 1177.658727][T17169] RBP: 00007f14f8832bd9 R08: 0000000000000000 R09: 0000000000000000 [ 1177.658738][T17169] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1177.658749][T17169] R13: 00007f14f8a16128 R14: 00007f14f8a16090 R15: 00007ffc25744d78 [ 1177.658774][T17169] [ 1178.057460][T17169] audit: cannot initialize netlink socket in namespace [ 1181.272174][T17218] bond0: invalid ARP target specified [ 1182.152537][T17232] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2291'. [ 1182.326520][T17234] ptrace attach of "./syz-executor exec"[5822] was attempted by ""[17234] [ 1183.073282][ T5143] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 1184.774444][T17269] FAULT_INJECTION: forcing a failure. [ 1184.774444][T17269] name failslab, interval 1, probability 0, space 0, times 0 [ 1184.855577][T17269] CPU: 1 UID: 0 PID: 17269 Comm: syz.2.2298 Not tainted syzkaller #0 PREEMPT(full) [ 1184.855623][T17269] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1184.855644][T17269] Call Trace: [ 1184.855656][T17269] [ 1184.855670][T17269] dump_stack_lvl+0x100/0x190 [ 1184.855723][T17269] should_fail_ex.cold+0x5/0xa [ 1184.855762][T17269] ? sk_prot_alloc+0x10b/0x2a0 [ 1184.855806][T17269] should_failslab+0xc2/0x120 [ 1184.855840][T17269] __kmalloc_noprof+0xe0/0x850 [ 1184.855885][T17269] ? security_inode_alloc+0xcf/0x2c0 [ 1184.855940][T17269] sk_prot_alloc+0x10b/0x2a0 [ 1184.855989][T17269] sk_alloc+0x36/0xe80 [ 1184.856025][T17269] __netlink_create+0x5e/0x2c0 [ 1184.856063][T17269] __netlink_kernel_create+0xed/0x750 [ 1184.856101][T17269] ? __pfx___netlink_kernel_create+0x10/0x10 [ 1184.856138][T17269] ? find_held_lock+0x2b/0x80 [ 1184.856167][T17269] ? audit_net_init+0x190/0x440 [ 1184.856209][T17269] ? audit_net_init+0x190/0x440 [ 1184.856267][T17269] audit_net_init+0x1ae/0x440 [ 1184.856309][T17269] ? __pfx_audit_net_init+0x10/0x10 [ 1184.856349][T17269] ? rcu_is_watching+0x12/0xc0 [ 1184.856398][T17269] ? __pfx_audit_receive+0x10/0x10 [ 1184.856445][T17269] ? __pfx_audit_multicast_bind+0x10/0x10 [ 1184.856493][T17269] ? __pfx_audit_multicast_unbind+0x10/0x10 [ 1184.856542][T17269] ? __kmalloc_noprof+0x320/0x850 [ 1184.856596][T17269] ? __pfx_audit_net_init+0x10/0x10 [ 1184.856637][T17269] ops_init+0x1e2/0x5f0 [ 1184.856683][T17269] setup_net+0x118/0x3a0 [ 1184.856724][T17269] ? __pfx_setup_net+0x10/0x10 [ 1184.856762][T17269] ? lockdep_init_map_type+0x5c/0x250 [ 1184.856805][T17269] ? mutex_init_lockep+0x110/0x150 [ 1184.856854][T17269] copy_net_ns+0x46f/0x7c0 [ 1184.856903][T17269] create_new_namespaces+0x3ea/0xac0 [ 1184.856948][T17269] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 1184.856988][T17269] ksys_unshare+0x473/0xad0 [ 1184.857030][T17269] ? __pfx_ksys_unshare+0x10/0x10 [ 1184.857086][T17269] __x64_sys_unshare+0x31/0x40 [ 1184.857126][T17269] do_syscall_64+0x106/0xf80 [ 1184.857163][T17269] ? clear_bhb_loop+0x40/0x90 [ 1184.857204][T17269] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1184.857238][T17269] RIP: 0033:0x7f9bcbf9c799 [ 1184.857275][T17269] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1184.857308][T17269] RSP: 002b:00007f9bccd99028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 1184.857341][T17269] RAX: ffffffffffffffda RBX: 00007f9bcc215fa0 RCX: 00007f9bcbf9c799 [ 1184.857364][T17269] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 1184.857384][T17269] RBP: 00007f9bcc032bd9 R08: 0000000000000000 R09: 0000000000000000 [ 1184.857404][T17269] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1184.857424][T17269] R13: 00007f9bcc216038 R14: 00007f9bcc215fa0 R15: 00007ffe23b1c608 [ 1184.857468][T17269] [ 1185.185545][T17269] audit: cannot initialize netlink socket in namespace [ 1185.956919][T17275] FAULT_INJECTION: forcing a failure. [ 1185.956919][T17275] name failslab, interval 1, probability 0, space 0, times 0 [ 1186.008499][T17275] CPU: 1 UID: 0 PID: 17275 Comm: syz.1.2300 Not tainted syzkaller #0 PREEMPT(full) [ 1186.008546][T17275] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1186.008565][T17275] Call Trace: [ 1186.008577][T17275] [ 1186.008591][T17275] dump_stack_lvl+0x100/0x190 [ 1186.008645][T17275] should_fail_ex.cold+0x5/0xa [ 1186.008683][T17275] should_failslab+0xc2/0x120 [ 1186.008717][T17275] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 1186.008764][T17275] ? security_inode_alloc+0x3b/0x2c0 [ 1186.008812][T17275] ? lockdep_init_map_type+0x5c/0x250 [ 1186.008860][T17275] security_inode_alloc+0x3b/0x2c0 [ 1186.008908][T17275] inode_init_always_gfp+0xced/0x1040 [ 1186.008948][T17275] alloc_inode+0x8e/0x250 [ 1186.008988][T17275] sock_alloc+0x44/0x280 [ 1186.009027][T17275] ? security_socket_create+0x7f/0x250 [ 1186.009074][T17275] sock_create_lite+0x82/0x120 [ 1186.009120][T17275] __netlink_kernel_create+0xbd/0x750 [ 1186.009173][T17275] ? __pfx___netlink_kernel_create+0x10/0x10 [ 1186.009212][T17275] ? find_held_lock+0x2b/0x80 [ 1186.009240][T17275] ? audit_net_init+0x190/0x440 [ 1186.009279][T17275] ? audit_net_init+0x190/0x440 [ 1186.009326][T17275] audit_net_init+0x1ae/0x440 [ 1186.009366][T17275] ? __pfx_audit_net_init+0x10/0x10 [ 1186.009402][T17275] ? rcu_is_watching+0x12/0xc0 [ 1186.009454][T17275] ? __pfx_audit_receive+0x10/0x10 [ 1186.009494][T17275] ? __pfx_audit_multicast_bind+0x10/0x10 [ 1186.009535][T17275] ? __pfx_audit_multicast_unbind+0x10/0x10 [ 1186.009578][T17275] ? __kmalloc_noprof+0x320/0x850 [ 1186.009624][T17275] ? __pfx_audit_net_init+0x10/0x10 [ 1186.009659][T17275] ops_init+0x1e2/0x5f0 [ 1186.009699][T17275] setup_net+0x118/0x3a0 [ 1186.009736][T17275] ? __pfx_setup_net+0x10/0x10 [ 1186.009768][T17275] ? lockdep_init_map_type+0x5c/0x250 [ 1186.009804][T17275] ? mutex_init_lockep+0x110/0x150 [ 1186.009850][T17275] copy_net_ns+0x46f/0x7c0 [ 1186.009893][T17275] create_new_namespaces+0x3ea/0xac0 [ 1186.009934][T17275] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 1186.009969][T17275] ksys_unshare+0x473/0xad0 [ 1186.010006][T17275] ? __pfx_ksys_unshare+0x10/0x10 [ 1186.010058][T17275] __x64_sys_unshare+0x31/0x40 [ 1186.010091][T17275] do_syscall_64+0x106/0xf80 [ 1186.010127][T17275] ? clear_bhb_loop+0x40/0x90 [ 1186.010174][T17275] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1186.010206][T17275] RIP: 0033:0x7f64c159c799 [ 1186.010231][T17275] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1186.010262][T17275] RSP: 002b:00007f64bf7f6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 1186.010292][T17275] RAX: ffffffffffffffda RBX: 00007f64c1815fa0 RCX: 00007f64c159c799 [ 1186.010313][T17275] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 1186.010330][T17275] RBP: 00007f64c1632bd9 R08: 0000000000000000 R09: 0000000000000000 [ 1186.010348][T17275] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1186.010376][T17275] R13: 00007f64c1816038 R14: 00007f64c1815fa0 R15: 00007ffd81aa23a8 [ 1186.010419][T17275] [ 1186.010466][T17275] audit: cannot initialize netlink socket in namespace [ 1187.979244][T17281] netlink: 334 bytes leftover after parsing attributes in process `syz.3.2301'. [ 1188.176284][T17277] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input6 [ 1189.412960][T17306] Invalid ELF header magic: != ELF [ 1190.414528][T17323] Sensor B: ================= START STATUS ================= [ 1190.465535][T17323] Sensor B: Test Pattern: 75% Colorbar [ 1190.487186][T17323] Sensor B: Show Information: All [ 1190.492660][T17323] Sensor B: Vertical Flip: false [ 1190.548825][T17323] Sensor B: Horizontal Flip: false [ 1190.559832][T17323] Sensor B: Brightness: 128 [ 1190.574930][T17323] Sensor B: Contrast: 128 [ 1190.585102][T17323] Sensor B: Hue: 0 [ 1190.591925][T17323] Sensor B: Saturation: 128 [ 1190.605464][T17323] Sensor B: ================== END STATUS ================== [ 1190.660376][T17319] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1190.843493][T17319] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 1191.385260][T17289] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input7 [ 1191.419804][T17319] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1191.491609][T17319] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1191.513359][T17319] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1191.618069][ T5820] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 1191.626933][ T5820] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 1191.634781][ T5820] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 1191.646729][ T5820] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 1191.655091][ T5820] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 1192.325495][ T5820] Bluetooth: hci0: command 0x0406 tx timeout [ 1192.603058][T17326] chnl_net:caif_netlink_parms(): no params data found [ 1193.464367][ T5820] Bluetooth: hci1: command 0x0406 tx timeout [ 1193.476374][T17326] bridge0: port 1(bridge_slave_0) entered blocking state [ 1193.495489][T17326] bridge0: port 1(bridge_slave_0) entered disabled state [ 1193.502699][T17326] bridge_slave_0: entered allmulticast mode [ 1193.526204][ T5820] Bluetooth: hci2: command 0x0c1a tx timeout [ 1193.558583][T17326] bridge_slave_0: entered promiscuous mode [ 1193.644333][T17326] bridge0: port 2(bridge_slave_1) entered blocking state [ 1193.667812][T17326] bridge0: port 2(bridge_slave_1) entered disabled state [ 1193.675095][T17326] bridge_slave_1: entered allmulticast mode [ 1193.729763][T17326] bridge_slave_1: entered promiscuous mode [ 1193.765569][ T5820] Bluetooth: hci4: command tx timeout [ 1194.092130][T17362] random: crng reseeded on system resumption [ 1194.188273][T17326] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1194.209397][T17326] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1194.268429][T17362] FAULT_INJECTION: forcing a failure. [ 1194.268429][T17362] name failslab, interval 1, probability 0, space 0, times 0 [ 1194.268505][T17362] CPU: 1 UID: 0 PID: 17362 Comm: syz.2.2316 Not tainted syzkaller #0 PREEMPT(full) [ 1194.268542][T17362] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1194.268562][T17362] Call Trace: [ 1194.268574][T17362] [ 1194.268586][T17362] dump_stack_lvl+0x100/0x190 [ 1194.268637][T17362] should_fail_ex.cold+0x5/0xa [ 1194.268670][T17362] should_failslab+0xc2/0x120 [ 1194.268700][T17362] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1194.268734][T17362] ? smc_stats_init+0x4e/0x160 [ 1194.268771][T17362] ? __pfx_smc_net_stat_init+0x10/0x10 [ 1194.268809][T17362] smc_stats_init+0x4e/0x160 [ 1194.268838][T17362] ? smc_net_init+0x39/0x50 [ 1194.268874][T17362] ops_init+0x1e2/0x5f0 [ 1194.268912][T17362] setup_net+0x118/0x3a0 [ 1194.268948][T17362] ? __pfx_setup_net+0x10/0x10 [ 1194.268980][T17362] ? lockdep_init_map_type+0x5c/0x250 [ 1194.269018][T17362] ? mutex_init_lockep+0x110/0x150 [ 1194.269059][T17362] copy_net_ns+0x46f/0x7c0 [ 1194.269098][T17362] create_new_namespaces+0x3ea/0xac0 [ 1194.269144][T17362] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 1194.269176][T17362] ksys_unshare+0x473/0xad0 [ 1194.269212][T17362] ? __pfx_ksys_unshare+0x10/0x10 [ 1194.269260][T17362] __x64_sys_unshare+0x31/0x40 [ 1194.269293][T17362] do_syscall_64+0x106/0xf80 [ 1194.269325][T17362] ? clear_bhb_loop+0x40/0x90 [ 1194.269359][T17362] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1194.269387][T17362] RIP: 0033:0x7f9bcbf9c799 [ 1194.269410][T17362] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1194.269437][T17362] RSP: 002b:00007f9bc9dd3028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 1194.269465][T17362] RAX: ffffffffffffffda RBX: 00007f9bcc216270 RCX: 00007f9bcbf9c799 [ 1194.269484][T17362] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 1194.269502][T17362] RBP: 00007f9bcc032bd9 R08: 0000000000000000 R09: 0000000000000000 [ 1194.269519][T17362] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1194.269536][T17362] R13: 00007f9bcc216308 R14: 00007f9bcc216270 R15: 00007ffe23b1c608 [ 1194.269575][T17362] [ 1194.405523][ T5820] Bluetooth: hci0: command 0x0406 tx timeout [ 1194.490008][T15916] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1194.514808][T17326] team0: Port device team_slave_0 added [ 1194.549824][T17326] team0: Port device team_slave_1 added [ 1194.666775][T15916] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1194.747088][T17326] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1194.747111][T17326] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1194.747142][T17326] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1194.840077][T15916] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1195.415913][T17326] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1195.422910][T17326] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1195.508912][T17326] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1195.757565][T15916] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1195.770692][T17377] FAULT_INJECTION: forcing a failure. [ 1195.770692][T17377] name failslab, interval 1, probability 0, space 0, times 0 [ 1195.825547][T17377] CPU: 0 UID: 0 PID: 17377 Comm: syz.2.2320 Not tainted syzkaller #0 PREEMPT(full) [ 1195.825589][T17377] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1195.825609][T17377] Call Trace: [ 1195.825620][T17377] [ 1195.825632][T17377] dump_stack_lvl+0x100/0x190 [ 1195.825680][T17377] should_fail_ex.cold+0x5/0xa [ 1195.825716][T17377] ? __netlink_kernel_create+0x181/0x750 [ 1195.825756][T17377] should_failslab+0xc2/0x120 [ 1195.825789][T17377] __kmalloc_noprof+0xe0/0x850 [ 1195.825850][T17377] __netlink_kernel_create+0x181/0x750 [ 1195.825893][T17377] ? __pfx___netlink_kernel_create+0x10/0x10 [ 1195.825943][T17377] ? __pfx_genl_pernet_init+0x10/0x10 [ 1195.825972][T17377] genl_pernet_init+0xbd/0x160 [ 1195.825998][T17377] ? __pfx_genl_pernet_init+0x10/0x10 [ 1195.826023][T17377] ? lockdep_init_map_type+0x5c/0x250 [ 1195.826047][T17377] ? __pfx_genl_rcv+0x10/0x10 [ 1195.826070][T17377] ? __pfx_genl_bind+0x10/0x10 [ 1195.826092][T17377] ? __pfx_genl_unbind+0x10/0x10 [ 1195.826114][T17377] ? __pfx_genl_release+0x10/0x10 [ 1195.826148][T17377] ? mutex_init_lockep+0x110/0x150 [ 1195.826175][T17377] ops_init+0x1e2/0x5f0 [ 1195.826200][T17377] setup_net+0x118/0x3a0 [ 1195.826225][T17377] ? __pfx_setup_net+0x10/0x10 [ 1195.826246][T17377] ? lockdep_init_map_type+0x5c/0x250 [ 1195.826270][T17377] ? mutex_init_lockep+0x110/0x150 [ 1195.826299][T17377] copy_net_ns+0x46f/0x7c0 [ 1195.826326][T17377] create_new_namespaces+0x3ea/0xac0 [ 1195.826352][T17377] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 1195.826377][T17377] ksys_unshare+0x473/0xad0 [ 1195.826401][T17377] ? __pfx_ksys_unshare+0x10/0x10 [ 1195.826432][T17377] __x64_sys_unshare+0x31/0x40 [ 1195.826454][T17377] do_syscall_64+0x106/0xf80 [ 1195.826475][T17377] ? clear_bhb_loop+0x40/0x90 [ 1195.826498][T17377] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1195.826516][T17377] RIP: 0033:0x7f9bcbf9c799 [ 1195.826533][T17377] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1195.826551][T17377] RSP: 002b:00007f9bccd99028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 1195.826570][T17377] RAX: ffffffffffffffda RBX: 00007f9bcc215fa0 RCX: 00007f9bcbf9c799 [ 1195.826581][T17377] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 1195.826593][T17377] RBP: 00007f9bcc032bd9 R08: 0000000000000000 R09: 0000000000000000 [ 1195.826604][T17377] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1195.826615][T17377] R13: 00007f9bcc216038 R14: 00007f9bcc215fa0 R15: 00007ffe23b1c608 [ 1195.826639][T17377] [ 1196.089185][ T5820] Bluetooth: hci4: command tx timeout [ 1196.218317][T17326] hsr_slave_0: entered promiscuous mode [ 1196.227797][T17326] hsr_slave_1: entered promiscuous mode [ 1196.234919][T17326] debugfs: 'hsr0' already exists in 'hsr' [ 1196.245100][T17326] Cannot create hsr debugfs directory [ 1197.293439][T17388] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2322'. [ 1197.371918][T17393] netlink: 'syz.2.2322': attribute type 2 has an invalid length. [ 1197.412683][T17393] netlink: 'syz.2.2322': attribute type 3 has an invalid length. [ 1197.425451][T17393] netlink: 51505 bytes leftover after parsing attributes in process `syz.2.2322'. [ 1197.471845][T15916] team0: left allmulticast mode [ 1197.499105][T15916] team_slave_0: left allmulticast mode [ 1197.504657][T15916] team_slave_1: left allmulticast mode [ 1197.605682][T15916] team0: left promiscuous mode [ 1197.610519][T15916] team_slave_0: left promiscuous mode [ 1197.616672][T15916] team_slave_1: left promiscuous mode [ 1197.626335][T15916] bridge0: port 3(team0) entered disabled state [ 1197.662105][T15916] bridge_slave_1: left allmulticast mode [ 1197.668060][T15916] bridge_slave_1: left promiscuous mode [ 1197.674863][T15916] bridge0: port 2(bridge_slave_1) entered disabled state [ 1197.700022][T15916] bridge_slave_0: left allmulticast mode [ 1197.725425][T15916] bridge_slave_0: left promiscuous mode [ 1197.731860][T15916] bridge0: port 1(bridge_slave_0) entered disabled state [ 1198.165644][ T5820] Bluetooth: hci4: command tx timeout [ 1198.445601][T15916] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1198.517726][T15916] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1198.583496][T15916] bond0 (unregistering): Released all slaves [ 1199.718285][T15916] hsr_slave_0: left promiscuous mode [ 1199.734871][T15916] hsr_slave_1: left promiscuous mode [ 1199.745476][T15916] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1199.766242][T15916] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1199.774658][T15916] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1199.792751][T15916] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1199.887791][T17444] i2c i2c-0: delete_device: Can't parse I2C address [ 1199.946400][T15916] veth1_macvtap: left promiscuous mode [ 1199.960695][T15916] veth0_macvtap: left promiscuous mode [ 1199.966511][T15916] veth1_vlan: left promiscuous mode [ 1199.994426][T15916] veth0_vlan: left promiscuous mode [ 1200.248766][ T5820] Bluetooth: hci4: command tx timeout [ 1200.721019][T15916] team0 (unregistering): Port device team_slave_1 removed [ 1200.774683][T15916] team0 (unregistering): Port device team_slave_0 removed [ 1201.521697][T17326] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 1201.683656][T17326] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 1201.760964][T17326] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 1201.830968][T17326] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 1202.540904][T17326] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1202.607374][T17326] 8021q: adding VLAN 0 to HW filter on device team0 [ 1202.687878][T16361] bridge0: port 1(bridge_slave_0) entered blocking state [ 1202.695102][T16361] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1202.764989][T16362] bridge0: port 2(bridge_slave_1) entered blocking state [ 1202.772217][T16362] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1203.700963][T17326] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1203.813605][T17326] veth0_vlan: entered promiscuous mode [ 1203.848646][T17326] veth1_vlan: entered promiscuous mode [ 1203.974567][T17326] veth0_macvtap: entered promiscuous mode [ 1204.152472][T17326] veth1_macvtap: entered promiscuous mode [ 1204.288066][T17509] FAULT_INJECTION: forcing a failure. [ 1204.288066][T17509] name failslab, interval 1, probability 0, space 0, times 0 [ 1204.527034][T17509] CPU: 1 UID: 0 PID: 17509 Comm: syz.0.2339 Not tainted syzkaller #0 PREEMPT(full) [ 1204.527062][T17509] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1204.527074][T17509] Call Trace: [ 1204.527081][T17509] [ 1204.527089][T17509] dump_stack_lvl+0x100/0x190 [ 1204.527122][T17509] should_fail_ex.cold+0x5/0xa [ 1204.527151][T17509] ? ops_init+0x77/0x5f0 [ 1204.527173][T17509] should_failslab+0xc2/0x120 [ 1204.527194][T17509] __kmalloc_noprof+0xe0/0x850 [ 1204.527227][T17509] ops_init+0x77/0x5f0 [ 1204.527252][T17509] setup_net+0x118/0x3a0 [ 1204.527276][T17509] ? __pfx_setup_net+0x10/0x10 [ 1204.527298][T17509] ? lockdep_init_map_type+0x5c/0x250 [ 1204.527323][T17509] ? mutex_init_lockep+0x110/0x150 [ 1204.527351][T17509] copy_net_ns+0x46f/0x7c0 [ 1204.527378][T17509] create_new_namespaces+0x3ea/0xac0 [ 1204.527403][T17509] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 1204.527425][T17509] ksys_unshare+0x473/0xad0 [ 1204.527449][T17509] ? __pfx_ksys_unshare+0x10/0x10 [ 1204.527480][T17509] __x64_sys_unshare+0x31/0x40 [ 1204.527502][T17509] do_syscall_64+0x106/0xf80 [ 1204.527523][T17509] ? clear_bhb_loop+0x40/0x90 [ 1204.527545][T17509] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1204.527564][T17509] RIP: 0033:0x7f217f79c799 [ 1204.527580][T17509] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1204.527599][T17509] RSP: 002b:00007f2180672028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 1204.527623][T17509] RAX: ffffffffffffffda RBX: 00007f217fa15fa0 RCX: 00007f217f79c799 [ 1204.527635][T17509] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 1204.527646][T17509] RBP: 00007f217f832bd9 R08: 0000000000000000 R09: 0000000000000000 [ 1204.527657][T17509] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1204.527668][T17509] R13: 00007f217fa16038 R14: 00007f217fa15fa0 R15: 00007ffd5162e458 [ 1204.527692][T17509] [ 1204.958450][T17326] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1204.995795][T17326] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1205.030851][T16361] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1205.040842][T16361] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1205.051686][T16361] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1205.066131][T15916] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1205.334300][T16361] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1205.361416][T16361] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1205.467535][T15924] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1205.475652][T15924] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1205.571904][T17512] FAULT_INJECTION: forcing a failure. [ 1205.571904][T17512] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1205.588635][T17512] CPU: 1 UID: 0 PID: 17512 Comm: syz.0.2340 Not tainted syzkaller #0 PREEMPT(full) [ 1205.588673][T17512] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1205.588689][T17512] Call Trace: [ 1205.588698][T17512] [ 1205.588709][T17512] dump_stack_lvl+0x100/0x190 [ 1205.588756][T17512] should_fail_ex.cold+0x5/0xa [ 1205.588784][T17512] ? prepare_alloc_pages+0x16d/0x5f0 [ 1205.588820][T17512] should_fail_alloc_page+0xeb/0x140 [ 1205.588852][T17512] prepare_alloc_pages+0x1f0/0x5f0 [ 1205.588893][T17512] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 1205.588937][T17512] ? rcu_is_watching+0x12/0xc0 [ 1205.588985][T17512] ? __lock_acquire+0x4a5/0x2630 [ 1205.589034][T17512] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 1205.589077][T17512] ? do_raw_spin_lock+0x128/0x260 [ 1205.589119][T17512] ? look_up_lock_class+0x64/0x120 [ 1205.589172][T17512] ? __lock_acquire+0x4a5/0x2630 [ 1205.589208][T17512] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1205.589260][T17512] ? policy_nodemask+0xed/0x4f0 [ 1205.589295][T17512] alloc_pages_mpol+0x1fb/0x550 [ 1205.589341][T17512] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 1205.589372][T17512] ? __folio_batch_add_and_move+0x5e5/0xc60 [ 1205.589418][T17512] ? __folio_batch_add_and_move+0x5e5/0xc60 [ 1205.589471][T17512] folio_alloc_mpol_noprof+0x36/0x340 [ 1205.589511][T17512] shmem_alloc_folio+0x135/0x160 [ 1205.589551][T17512] shmem_alloc_and_add_folio+0x371/0xd40 [ 1205.589606][T17512] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 1205.589654][T17512] ? shmem_allowable_huge_orders+0x2bd/0x400 [ 1205.589699][T17512] ? __lock_acquire+0x4a5/0x2630 [ 1205.589740][T17512] shmem_get_folio_gfp+0x6ab/0x1900 [ 1205.589793][T17512] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 1205.589842][T17512] ? simple_xattr_get+0x179/0x1d0 [ 1205.589881][T17512] shmem_write_begin+0x1a4/0x420 [ 1205.589923][T17512] ? __pfx_shmem_write_begin+0x10/0x10 [ 1205.589962][T17512] ? balance_dirty_pages_ratelimited_flags+0x91/0x1170 [ 1205.589997][T17512] generic_perform_write+0x292/0xa40 [ 1205.590048][T17512] ? __pfx_generic_perform_write+0x10/0x10 [ 1205.590094][T17512] ? file_update_time_flags+0x373/0x500 [ 1205.590133][T17512] shmem_file_write_iter+0x10e/0x140 [ 1205.590167][T17512] vfs_write+0x6ac/0x1070 [ 1205.590213][T17512] ? __pfx_shmem_file_write_iter+0x10/0x10 [ 1205.590249][T17512] ? __pfx_vfs_write+0x10/0x10 [ 1205.590298][T17512] ? __pfx_do_sys_openat2+0x10/0x10 [ 1205.590366][T17512] ksys_write+0x12a/0x250 [ 1205.590411][T17512] ? __pfx_ksys_write+0x10/0x10 [ 1205.590469][T17512] do_syscall_64+0x106/0xf80 [ 1205.590503][T17512] ? clear_bhb_loop+0x40/0x90 [ 1205.590541][T17512] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1205.590573][T17512] RIP: 0033:0x7f217f79c799 [ 1205.590599][T17512] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1205.590628][T17512] RSP: 002b:00007f2180651028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1205.590657][T17512] RAX: ffffffffffffffda RBX: 00007f217fa16090 RCX: 00007f217f79c799 [ 1205.590677][T17512] RDX: 00000000fffffdf1 RSI: 0000000000000000 RDI: 0000000000000001 [ 1205.590695][T17512] RBP: 00007f2180651090 R08: 0000000000000000 R09: 0000000000000000 [ 1205.590714][T17512] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1205.590731][T17512] R13: 00007f217fa16128 R14: 00007f217fa16090 R15: 00007ffd5162e458 [ 1205.590773][T17512] [ 1208.168606][T17557] FAULT_INJECTION: forcing a failure. [ 1208.168606][T17557] name failslab, interval 1, probability 0, space 0, times 0 [ 1208.407316][T17557] CPU: 0 UID: 0 PID: 17557 Comm: syz.2.2352 Not tainted syzkaller #0 PREEMPT(full) [ 1208.407357][T17557] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1208.407374][T17557] Call Trace: [ 1208.407385][T17557] [ 1208.407396][T17557] dump_stack_lvl+0x100/0x190 [ 1208.407465][T17557] should_fail_ex.cold+0x5/0xa [ 1208.407502][T17557] should_failslab+0xc2/0x120 [ 1208.407534][T17557] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 1208.407576][T17557] ? __pmd_alloc+0xbf/0x9c0 [ 1208.407629][T17557] __pmd_alloc+0xbf/0x9c0 [ 1208.407667][T17557] __handle_mm_fault+0xa99/0x2b60 [ 1208.407713][T17557] ? mt_find+0x45e/0x8e0 [ 1208.407752][T17557] ? __pfx___handle_mm_fault+0x10/0x10 [ 1208.407789][T17557] ? __pfx_mt_find+0x10/0x10 [ 1208.407848][T17557] ? find_vma+0xbf/0x140 [ 1208.407874][T17557] ? __pfx_find_vma+0x10/0x10 [ 1208.407906][T17557] handle_mm_fault+0x36d/0xa20 [ 1208.407953][T17557] do_user_addr_fault+0x74c/0x12f0 [ 1208.408020][T17557] exc_page_fault+0x6f/0xd0 [ 1208.408058][T17557] asm_exc_page_fault+0x26/0x30 [ 1208.408088][T17557] RIP: 0010:__get_user_4+0x14/0x20 [ 1208.408134][T17557] Code: 00 00 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 48 ba 00 f0 ff ff ff 7f 00 00 48 39 d0 48 0f 47 c2 0f 01 cb <8b> 10 31 c0 0f 01 ca c3 cc cc cc cc 90 90 90 90 90 90 90 90 90 90 [ 1208.408166][T17557] RSP: 0018:ffffc900045dfbb8 EFLAGS: 00050287 [ 1208.408190][T17557] RAX: 0000000000000003 RBX: ffff88805e0c0000 RCX: ffffc900045dfb5c [ 1208.408209][T17557] RDX: 00007ffffffff000 RSI: ffffffff8255d9d1 RDI: ffffffff8c1af420 [ 1208.408228][T17557] RBP: 1ffff920008bbf7d R08: 0000000000000001 R09: 00000000000001c9 [ 1208.408246][T17557] R10: 0000000000000200 R11: 0000000000000000 R12: dffffc0000000000 [ 1208.408263][T17557] R13: ffff88805e0c0000 R14: 0000000000000003 R15: 000000004008af22 [ 1208.408295][T17557] ? __might_fault+0x111/0x140 [ 1208.408341][T17557] vhost_vring_ioctl+0xc3/0x1560 [ 1208.408384][T17557] ? tomoyo_path_number_perm+0x28f/0x580 [ 1208.408431][T17557] ? __pfx_vhost_vring_ioctl+0x10/0x10 [ 1208.408475][T17557] ? vhost_dev_ioctl+0x395/0xe20 [ 1208.408512][T17557] ? tomoyo_path_number_perm+0x188/0x580 [ 1208.408561][T17557] ? __pfx_vhost_dev_ioctl+0x10/0x10 [ 1208.408615][T17557] vhost_net_ioctl+0xff8/0x1910 [ 1208.408654][T17557] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 1208.408693][T17557] ? __pfx_vhost_net_ioctl+0x10/0x10 [ 1208.408738][T17557] ? find_held_lock+0x2b/0x80 [ 1208.408766][T17557] ? __fget_files+0x215/0x3d0 [ 1208.408791][T17557] ? hook_file_ioctl_common+0x146/0x410 [ 1208.408845][T17557] ? __fget_files+0x21f/0x3d0 [ 1208.408880][T17557] ? __pfx_vhost_net_ioctl+0x10/0x10 [ 1208.408921][T17557] __x64_sys_ioctl+0x18e/0x210 [ 1208.408966][T17557] do_syscall_64+0x106/0xf80 [ 1208.409000][T17557] ? clear_bhb_loop+0x40/0x90 [ 1208.409047][T17557] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1208.409077][T17557] RIP: 0033:0x7f9bcbf9c799 [ 1208.409103][T17557] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1208.409131][T17557] RSP: 002b:00007f9bccd99028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1208.409158][T17557] RAX: ffffffffffffffda RBX: 00007f9bcc215fa0 RCX: 00007f9bcbf9c799 [ 1208.409178][T17557] RDX: 0000000000000003 RSI: 000000004008af22 RDI: 0000000000000004 [ 1208.409196][T17557] RBP: 00007f9bccd99090 R08: 0000000000000000 R09: 0000000000000000 [ 1208.409213][T17557] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1208.409230][T17557] R13: 00007f9bcc216038 R14: 00007f9bcc215fa0 R15: 00007ffe23b1c608 [ 1208.409270][T17557] [ 1209.102740][T17576] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 1213.555684][T17622] ptrace attach of "./syz-executor exec"[14871] was attempted by "./syz-executor exec"[17622] [ 1214.067600][T17650] FAULT_INJECTION: forcing a failure. [ 1214.067600][T17650] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1214.081160][T17650] CPU: 1 UID: 0 PID: 17650 Comm: syz.2.2370 Not tainted syzkaller #0 PREEMPT(full) [ 1214.081198][T17650] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1214.081226][T17650] Call Trace: [ 1214.081236][T17650] [ 1214.081246][T17650] dump_stack_lvl+0x100/0x190 [ 1214.081294][T17650] should_fail_ex.cold+0x5/0xa [ 1214.081324][T17650] ? prepare_alloc_pages+0x16d/0x5f0 [ 1214.081362][T17650] should_fail_alloc_page+0xeb/0x140 [ 1214.081394][T17650] prepare_alloc_pages+0x1f0/0x5f0 [ 1214.081424][T17650] ? kernel_text_address+0x8d/0x100 [ 1214.081473][T17650] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 1214.081533][T17650] ? copy_splice_read+0x1a3/0xb90 [ 1214.081579][T17650] ? stack_trace_save+0x8e/0xc0 [ 1214.081609][T17650] ? __pfx_stack_trace_save+0x10/0x10 [ 1214.081642][T17650] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 1214.081692][T17650] ? copy_splice_read+0x1a3/0xb90 [ 1214.081736][T17650] ? kasan_save_stack+0x3f/0x50 [ 1214.081779][T17650] ? kasan_save_stack+0x30/0x50 [ 1214.081821][T17650] ? kasan_save_track+0x14/0x30 [ 1214.081864][T17650] ? __kasan_kmalloc+0xaa/0xb0 [ 1214.081905][T17650] ? __kmalloc_noprof+0x301/0x850 [ 1214.081945][T17650] ? copy_splice_read+0x1a3/0xb90 [ 1214.081986][T17650] ? do_splice_read+0x2bd/0x370 [ 1214.082034][T17650] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1214.082090][T17650] alloc_pages_bulk_noprof+0x782/0x1490 [ 1214.082152][T17650] ? __pfx_alloc_pages_bulk_noprof+0x10/0x10 [ 1214.082217][T17650] ? __kmalloc_noprof+0x320/0x850 [ 1214.082269][T17650] copy_splice_read+0x1e1/0xb90 [ 1214.082324][T17650] ? __pfx_copy_splice_read+0x10/0x10 [ 1214.082373][T17650] ? look_up_lock_class+0x55/0x120 [ 1214.082417][T17650] ? lockdep_init_map_type+0x5c/0x250 [ 1214.082459][T17650] ? __pfx_pipe_lock_cmp_fn+0x10/0x10 [ 1214.082508][T17650] ? __pfx_filemap_splice_read+0x10/0x10 [ 1214.082557][T17650] do_splice_read+0x2bd/0x370 [ 1214.082609][T17650] splice_direct_to_actor+0x2a1/0xa30 [ 1214.082660][T17650] ? __pfx_direct_splice_actor+0x10/0x10 [ 1214.082715][T17650] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 1214.082775][T17650] do_splice_direct+0x174/0x240 [ 1214.082807][T17650] ? __pfx_do_splice_direct+0x10/0x10 [ 1214.082855][T17650] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 1214.082905][T17650] ? bpf_lsm_file_permission+0x9/0x10 [ 1214.082950][T17650] ? security_file_permission+0x76/0x210 [ 1214.082981][T17650] ? rw_verify_area+0xce/0x6d0 [ 1214.083027][T17650] do_sendfile+0xadc/0xe20 [ 1214.083079][T17650] ? __pfx_do_sendfile+0x10/0x10 [ 1214.083123][T17650] ? __fget_files+0x21f/0x3d0 [ 1214.083162][T17650] __x64_sys_sendfile64+0x1d8/0x220 [ 1214.083195][T17650] ? ksys_write+0x1ac/0x250 [ 1214.083247][T17650] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 1214.083295][T17650] do_syscall_64+0x106/0xf80 [ 1214.083327][T17650] ? clear_bhb_loop+0x40/0x90 [ 1214.083364][T17650] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1214.083395][T17650] RIP: 0033:0x7f9bcbf9c799 [ 1214.083421][T17650] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1214.083451][T17650] RSP: 002b:00007f9bca1d5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1214.083481][T17650] RAX: ffffffffffffffda RBX: 00007f9bcc216270 RCX: 00007f9bcbf9c799 [ 1214.083500][T17650] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000008 [ 1214.083518][T17650] RBP: 00007f9bca1d5090 R08: 0000000000000000 R09: 0000000000000000 [ 1214.083537][T17650] R10: 0000000000010000 R11: 0000000000000246 R12: 0000000000000001 [ 1214.083554][T17650] R13: 00007f9bcc216308 R14: 00007f9bcc216270 R15: 00007ffe23b1c608 [ 1214.083594][T17650] [ 1214.558012][ T30] audit: type=1800 audit(6067377143.652:46): pid=17613 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.2363" name="features" dev="configfs" ino=105545 res=0 errno=0 [ 1215.886908][T17682] FAULT_INJECTION: forcing a failure. [ 1215.886908][T17682] name failslab, interval 1, probability 0, space 0, times 0 [ 1215.919327][T17682] CPU: 1 UID: 0 PID: 17682 Comm: syz.2.2377 Not tainted syzkaller #0 PREEMPT(full) [ 1215.919372][T17682] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1215.919391][T17682] Call Trace: [ 1215.919401][T17682] [ 1215.919413][T17682] dump_stack_lvl+0x100/0x190 [ 1215.919459][T17682] should_fail_ex.cold+0x5/0xa [ 1215.919496][T17682] should_failslab+0xc2/0x120 [ 1215.919529][T17682] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1215.919566][T17682] ? devinet_init_net+0x4f/0x8d0 [ 1215.919613][T17682] ? __pfx_devinet_init_net+0x10/0x10 [ 1215.919653][T17682] devinet_init_net+0x4f/0x8d0 [ 1215.919696][T17682] ? __pfx_devinet_init_net+0x10/0x10 [ 1215.919735][T17682] ops_init+0x1e2/0x5f0 [ 1215.919776][T17682] setup_net+0x118/0x3a0 [ 1215.919815][T17682] ? __pfx_setup_net+0x10/0x10 [ 1215.919848][T17682] ? lockdep_init_map_type+0x5c/0x250 [ 1215.919887][T17682] ? mutex_init_lockep+0x110/0x150 [ 1215.919930][T17682] copy_net_ns+0x46f/0x7c0 [ 1215.919974][T17682] create_new_namespaces+0x3ea/0xac0 [ 1215.920027][T17682] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 1215.920066][T17682] ksys_unshare+0x473/0xad0 [ 1215.920107][T17682] ? __pfx_ksys_unshare+0x10/0x10 [ 1215.920164][T17682] __x64_sys_unshare+0x31/0x40 [ 1215.920203][T17682] do_syscall_64+0x106/0xf80 [ 1215.920240][T17682] ? clear_bhb_loop+0x40/0x90 [ 1215.920278][T17682] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1215.920310][T17682] RIP: 0033:0x7f9bcbf9c799 [ 1215.920337][T17682] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1215.920373][T17682] RSP: 002b:00007f9bccd99028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 1215.920404][T17682] RAX: ffffffffffffffda RBX: 00007f9bcc215fa0 RCX: 00007f9bcbf9c799 [ 1215.920425][T17682] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 1215.920445][T17682] RBP: 00007f9bcc032bd9 R08: 0000000000000000 R09: 0000000000000000 [ 1215.920465][T17682] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1215.920483][T17682] R13: 00007f9bcc216038 R14: 00007f9bcc215fa0 R15: 00007ffe23b1c608 [ 1215.920527][T17682] [ 1220.295423][T17757] tc_dump_action: action bad kind [ 1220.488240][ T5820] Bluetooth: hci4: unexpected event 0x23 length: 127 > 13 [ 1221.906428][ T5143] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 1221.923722][ T5143] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 1221.935420][ T5143] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 1221.943827][ T5143] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 1221.975583][ T5143] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 1222.785569][T17802] ================================================================== [ 1222.785596][T17802] BUG: KASAN: slab-out-of-bounds in fbcon_prepare_logo+0x94e/0xc60 [ 1222.785655][T17802] Read of size 256 at addr ffff8880553de3c0 by task syz.2.2404/17802 [ 1222.785684][T17802] [ 1222.785700][T17802] CPU: 0 UID: 0 PID: 17802 Comm: syz.2.2404 Not tainted syzkaller #0 PREEMPT(full) [ 1222.785739][T17802] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1222.785759][T17802] Call Trace: [ 1222.785771][T17802] [ 1222.785782][T17802] dump_stack_lvl+0x100/0x190 [ 1222.785829][T17802] print_report+0x156/0x4c9 [ 1222.785873][T17802] ? __virt_addr_valid+0x81/0x620 [ 1222.785912][T17802] ? __phys_addr+0xe8/0x180 [ 1222.785963][T17802] ? fbcon_prepare_logo+0x94e/0xc60 [ 1222.786009][T17802] kasan_report+0xdf/0x1e0 [ 1222.786041][T17802] ? fbcon_prepare_logo+0x94e/0xc60 [ 1222.786094][T17802] kasan_check_range+0x10f/0x1e0 [ 1222.786132][T17802] __asan_memcpy+0x23/0x60 [ 1222.786174][T17802] fbcon_prepare_logo+0x94e/0xc60 [ 1222.786223][T17802] fbcon_init+0x10a0/0x1820 [ 1222.786273][T17802] visual_init+0x320/0x620 [ 1222.786324][T17802] do_bind_con_driver.isra.0+0x636/0x9c0 [ 1222.786367][T17802] store_bind+0x609/0x730 [ 1222.786404][T17802] ? __pfx_store_bind+0x10/0x10 [ 1222.786437][T17802] dev_attr_store+0x58/0x80 [ 1222.786486][T17802] ? __pfx_dev_attr_store+0x10/0x10 [ 1222.786533][T17802] sysfs_kf_write+0xf2/0x150 [ 1222.786572][T17802] kernfs_fop_write_iter+0x3e0/0x5f0 [ 1222.786609][T17802] ? __pfx_sysfs_kf_write+0x10/0x10 [ 1222.786648][T17802] iter_file_splice_write+0x830/0x10a0 [ 1222.786689][T17802] ? __pfx_iter_file_splice_write+0x10/0x10 [ 1222.786724][T17802] ? __pfx_copy_splice_read+0x10/0x10 [ 1222.786784][T17802] ? __pfx_iter_file_splice_write+0x10/0x10 [ 1222.786818][T17802] direct_splice_actor+0x192/0x6c0 [ 1222.786871][T17802] splice_direct_to_actor+0x345/0xa30 [ 1222.786932][T17802] ? __pfx_direct_splice_actor+0x10/0x10 [ 1222.786985][T17802] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 1222.787042][T17802] do_splice_direct+0x174/0x240 [ 1222.787074][T17802] ? __pfx_do_splice_direct+0x10/0x10 [ 1222.787127][T17802] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 1222.787178][T17802] ? rw_verify_area+0xce/0x6d0 [ 1222.787214][T17802] do_sendfile+0xadc/0xe20 [ 1222.787264][T17802] ? __pfx_do_sendfile+0x10/0x10 [ 1222.787314][T17802] ? __x64_sys_futex+0x34f/0x4d0 [ 1222.787354][T17802] ? __x64_sys_futex+0x358/0x4d0 [ 1222.787397][T17802] __x64_sys_sendfile64+0x1d8/0x220 [ 1222.787433][T17802] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 1222.787474][T17802] do_syscall_64+0x106/0xf80 [ 1222.787512][T17802] ? clear_bhb_loop+0x40/0x90 [ 1222.787549][T17802] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1222.787582][T17802] RIP: 0033:0x7f9bcbf9c799 [ 1222.787610][T17802] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1222.787654][T17802] RSP: 002b:00007f9bca1f6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1222.787687][T17802] RAX: ffffffffffffffda RBX: 00007f9bcc216180 RCX: 00007f9bcbf9c799 [ 1222.787708][T17802] RDX: 0000000000000000 RSI: 000000000000000d RDI: 0000000000000006 [ 1222.787728][T17802] RBP: 00007f9bcc032bd9 R08: 0000000000000000 R09: 0000000000000000 [ 1222.787748][T17802] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 1222.787768][T17802] R13: 00007f9bcc216218 R14: 00007f9bcc216180 R15: 00007ffe23b1c608 [ 1222.787800][T17802] [ 1222.787813][T17802] [ 1222.787822][T17802] Allocated by task 17511: [ 1222.787838][T17802] kasan_save_stack+0x30/0x50 [ 1222.787884][T17802] kasan_save_track+0x14/0x30 [ 1222.787935][T17802] __kasan_kmalloc+0xaa/0xb0 [ 1222.787978][T17802] inetdev_init+0x66/0x570 [ 1222.788015][T17802] inetdev_event+0x7fa/0x17f0 [ 1222.788052][T17802] notifier_call_chain+0x99/0x420 [ 1222.788088][T17802] call_netdevice_notifiers_info+0xbe/0x110 [ 1222.788131][T17802] register_netdevice+0x16e6/0x2210 [ 1222.788168][T17802] __ip_tunnel_create+0x52b/0x670 [ 1222.788202][T17802] ip_tunnel_init_net+0x230/0x780 [ 1222.788240][T17802] ops_init+0x1e2/0x5f0 [ 1222.788275][T17802] setup_net+0x118/0x3a0 [ 1222.788310][T17802] copy_net_ns+0x46f/0x7c0 [ 1222.788348][T17802] create_new_namespaces+0x3ea/0xac0 [ 1222.788378][T17802] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 1222.788408][T17802] ksys_unshare+0x473/0xad0 [ 1222.788444][T17802] __x64_sys_unshare+0x31/0x40 [ 1222.788480][T17802] do_syscall_64+0x106/0xf80 [ 1222.788513][T17802] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1222.788544][T17802] [ 1222.788552][T17802] Freed by task 16357: [ 1222.788567][T17802] kasan_save_stack+0x30/0x50 [ 1222.788610][T17802] kasan_save_track+0x14/0x30 [ 1222.788654][T17802] kasan_save_free_info+0x3b/0x70 [ 1222.788691][T17802] __kasan_slab_free+0x5f/0x80 [ 1222.788737][T17802] kfree+0x1f6/0x6b0 [ 1222.788772][T17802] rcu_core+0x5a2/0x10d0 [ 1222.788809][T17802] handle_softirqs+0x1eb/0x9e0 [ 1222.788839][T17802] do_softirq+0xac/0xe0 [ 1222.788867][T17802] __local_bh_enable_ip+0xf8/0x120 [ 1222.788897][T17802] cfg80211_inform_single_bss_data+0x959/0x1e20 [ 1222.788941][T17802] cfg80211_inform_bss_data+0x237/0x3a00 [ 1222.788975][T17802] cfg80211_inform_bss_frame_data+0x247/0x790 [ 1222.789011][T17802] ieee80211_bss_info_update+0x310/0xab0 [ 1222.789057][T17802] ieee80211_ibss_rx_queued_mgmt+0x1919/0x2f80 [ 1222.789104][T17802] ieee80211_iface_work+0xbff/0x13d0 [ 1222.789151][T17802] cfg80211_wiphy_work+0x446/0x5c0 [ 1222.789185][T17802] process_one_work+0x9d7/0x1920 [ 1222.789226][T17802] worker_thread+0x5da/0xe40 [ 1222.789267][T17802] kthread+0x370/0x450 [ 1222.789304][T17802] ret_from_fork+0x754/0xd80 [ 1222.789345][T17802] ret_from_fork_asm+0x1a/0x30 [ 1222.789376][T17802] [ 1222.789385][T17802] Last potentially related work creation: [ 1222.789396][T17802] kasan_save_stack+0x30/0x50 [ 1222.789439][T17802] kasan_record_aux_stack+0xa7/0xc0 [ 1222.789476][T17802] __call_rcu_common.constprop.0+0xa5/0x9b0 [ 1222.789514][T17802] in_dev_finish_destroy+0x139/0x1b0 [ 1222.789548][T17802] inetdev_event+0xb26/0x17f0 [ 1222.789586][T17802] notifier_call_chain+0x99/0x420 [ 1222.789622][T17802] call_netdevice_notifiers_info+0xbe/0x110 [ 1222.789664][T17802] unregister_netdevice_many_notify+0x1208/0x2580 [ 1222.789704][T17802] ops_undo_list+0x8ff/0xab0 [ 1222.789739][T17802] cleanup_net+0x499/0x920 [ 1222.789777][T17802] process_one_work+0x9d7/0x1920 [ 1222.789817][T17802] worker_thread+0x5da/0xe40 [ 1222.789856][T17802] kthread+0x370/0x450 [ 1222.789893][T17802] ret_from_fork+0x754/0xd80 [ 1222.789943][T17802] ret_from_fork_asm+0x1a/0x30 [ 1222.789974][T17802] [ 1222.789981][T17802] The buggy address belongs to the object at ffff8880553de000 [ 1222.789981][T17802] which belongs to the cache kmalloc-512 of size 512 [ 1222.790008][T17802] The buggy address is located 448 bytes to the right of [ 1222.790008][T17802] allocated 512-byte region [ffff8880553de000, ffff8880553de200) [ 1222.790043][T17802] [ 1222.790054][T17802] The buggy address belongs to the physical page: [ 1222.790069][T17802] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff8880553df800 pfn:0x553dc [ 1222.790099][T17802] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 1222.790124][T17802] flags: 0xfff00000000240(workingset|head|node=0|zone=1|lastcpupid=0x7ff) [ 1222.790153][T17802] page_type: f5(slab) [ 1222.790178][T17802] raw: 00fff00000000240 ffff88813fe3cc80 ffffea0000cc8710 ffffea00007cb410 [ 1222.790208][T17802] raw: ffff8880553df800 000000080010000f 00000000f5000000 0000000000000000 [ 1222.790238][T17802] head: 00fff00000000240 ffff88813fe3cc80 ffffea0000cc8710 ffffea00007cb410 [ 1222.790269][T17802] head: ffff8880553df800 000000080010000f 00000000f5000000 0000000000000000 [ 1222.790299][T17802] head: 00fff00000000002 ffffea000154f701 00000000ffffffff 00000000ffffffff [ 1222.790328][T17802] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 1222.790346][T17802] page dumped because: kasan: bad access detected [ 1222.790361][T17802] page_owner tracks the page as allocated [ 1222.790372][T17802] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 15164, tgid 15163 (syz.3.1838), ts 1065181200514, free_ts 1051381811512 [ 1222.790427][T17802] post_alloc_hook+0x153/0x170 [ 1222.790467][T17802] get_page_from_freelist+0x111d/0x3140 [ 1222.790509][T17802] __alloc_frozen_pages_noprof+0x27c/0x2ba0 [ 1222.790552][T17802] new_slab+0xa6/0x6d0 [ 1222.790585][T17802] refill_objects+0x26b/0x400 [ 1222.790623][T17802] __pcs_replace_empty_main+0x19f/0x600 [ 1222.790666][T17802] __kmalloc_cache_noprof+0x493/0x6f0 [ 1222.790703][T17802] __ipv6_dev_mc_inc+0x2f1/0xbc0 [ 1222.790731][T17802] ipv6_add_dev+0xb87/0x1520 [ 1222.790763][T17802] addrconf_notify+0x563/0x19c0 [ 1222.790803][T17802] notifier_call_chain+0x99/0x420 [ 1222.790840][T17802] call_netdevice_notifiers_info+0xbe/0x110 [ 1222.790882][T17802] register_netdevice+0x16e6/0x2210 [ 1222.790927][T17802] __ip_tunnel_create+0x52b/0x670 [ 1222.790964][T17802] ip_tunnel_init_net+0x230/0x780 [ 1222.791002][T17802] ops_init+0x1e2/0x5f0 [ 1222.791035][T17802] page last free pid 0 tgid 0 stack trace: [ 1222.791052][T17802] __free_frozen_pages+0x7e1/0x10d0 [ 1222.791087][T17802] tlb_remove_table_rcu+0x2b2/0x390 [ 1222.791123][T17802] rcu_core+0x5a2/0x10d0 [ 1222.791160][T17802] handle_softirqs+0x1eb/0x9e0 [ 1222.791188][T17802] __irq_exit_rcu+0xef/0x150 [ 1222.791216][T17802] irq_exit_rcu+0x9/0x30 [ 1222.791244][T17802] sysvec_call_function_single+0xa3/0xc0 [ 1222.791277][T17802] asm_sysvec_call_function_single+0x1a/0x20 [ 1222.791310][T17802] [ 1222.791318][T17802] Memory state around the buggy address: [ 1222.791334][T17802] ffff8880553de280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1222.791357][T17802] ffff8880553de300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1222.791380][T17802] >ffff8880553de380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1222.791398][T17802] ^ [ 1222.791415][T17802] ffff8880553de400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1222.791437][T17802] ffff8880553de480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1222.791455][T17802] ================================================================== [ 1222.840616][T17802] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 1222.840647][T17802] CPU: 0 UID: 0 PID: 17802 Comm: syz.2.2404 Not tainted syzkaller #0 PREEMPT(full) [ 1222.840685][T17802] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1222.840705][T17802] Call Trace: [ 1222.840717][T17802] [ 1222.840729][T17802] dump_stack_lvl+0x100/0x190 [ 1222.840777][T17802] vpanic+0x552/0x970 [ 1222.840807][T17802] ? __pfx_vpanic+0x10/0x10 [ 1222.840841][T17802] ? fbcon_prepare_logo+0x94e/0xc60 [ 1222.840884][T17802] panic+0xd1/0xe0 [ 1222.840912][T17802] ? __pfx_panic+0x10/0x10 [ 1222.840956][T17802] ? fbcon_prepare_logo+0x94e/0xc60 [ 1222.841001][T17802] ? preempt_schedule_common+0x42/0xc0 [ 1222.841042][T17802] check_panic_on_warn.cold+0x19/0x34 [ 1222.841077][T17802] end_report.part.0+0x3a/0x90 [ 1222.841122][T17802] kasan_report.cold+0xe/0x18 [ 1222.841166][T17802] ? fbcon_prepare_logo+0x94e/0xc60 [ 1222.841215][T17802] kasan_check_range+0x10f/0x1e0 [ 1222.841253][T17802] __asan_memcpy+0x23/0x60 [ 1222.841296][T17802] fbcon_prepare_logo+0x94e/0xc60 [ 1222.841350][T17802] fbcon_init+0x10a0/0x1820 [ 1222.841397][T17802] visual_init+0x320/0x620 [ 1222.841444][T17802] do_bind_con_driver.isra.0+0x636/0x9c0 [ 1222.841484][T17802] store_bind+0x609/0x730 [ 1222.841520][T17802] ? __pfx_store_bind+0x10/0x10 [ 1222.841551][T17802] dev_attr_store+0x58/0x80 [ 1222.841594][T17802] ? __pfx_dev_attr_store+0x10/0x10 [ 1222.841637][T17802] sysfs_kf_write+0xf2/0x150 [ 1222.841672][T17802] kernfs_fop_write_iter+0x3e0/0x5f0 [ 1222.841701][T17802] ? __pfx_sysfs_kf_write+0x10/0x10 [ 1222.841737][T17802] iter_file_splice_write+0x830/0x10a0 [ 1222.841775][T17802] ? __pfx_iter_file_splice_write+0x10/0x10 [ 1222.841809][T17802] ? __pfx_copy_splice_read+0x10/0x10 [ 1222.841863][T17802] ? __pfx_iter_file_splice_write+0x10/0x10 [ 1222.841892][T17802] direct_splice_actor+0x192/0x6c0 [ 1222.841948][T17802] splice_direct_to_actor+0x345/0xa30 [ 1222.841995][T17802] ? __pfx_direct_splice_actor+0x10/0x10 [ 1222.842040][T17802] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 1222.842090][T17802] do_splice_direct+0x174/0x240 [ 1222.842117][T17802] ? __pfx_do_splice_direct+0x10/0x10 [ 1222.842161][T17802] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 1222.842208][T17802] ? rw_verify_area+0xce/0x6d0 [ 1222.842249][T17802] do_sendfile+0xadc/0xe20 [ 1222.842292][T17802] ? __pfx_do_sendfile+0x10/0x10 [ 1222.842340][T17802] ? __x64_sys_futex+0x34f/0x4d0 [ 1222.842378][T17802] ? __x64_sys_futex+0x358/0x4d0 [ 1222.842418][T17802] __x64_sys_sendfile64+0x1d8/0x220 [ 1222.842452][T17802] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 1222.842492][T17802] do_syscall_64+0x106/0xf80 [ 1222.842527][T17802] ? clear_bhb_loop+0x40/0x90 [ 1222.842564][T17802] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1222.842595][T17802] RIP: 0033:0x7f9bcbf9c799 [ 1222.842623][T17802] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1222.842655][T17802] RSP: 002b:00007f9bca1f6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1222.842687][T17802] RAX: ffffffffffffffda RBX: 00007f9bcc216180 RCX: 00007f9bcbf9c799 [ 1222.842708][T17802] RDX: 0000000000000000 RSI: 000000000000000d RDI: 0000000000000006 [ 1222.842727][T17802] RBP: 00007f9bcc032bd9 R08: 0000000000000000 R09: 0000000000000000 [ 1222.842747][T17802] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 1222.842766][T17802] R13: 00007f9bcc216218 R14: 00007f9bcc216180 R15: 00007ffe23b1c608 [ 1222.842796][T17802] [ 1222.843293][T17802] Kernel Offset: disabled