last executing test programs: 5m5.783322871s ago: executing program 1 (id=3001): bpf$auto(0x5, &(0x7f0000000000)=@test={0x12, 0x1, 0xa93f, 0x9, 0x3, 0x3, 0x3da1, 0x0, 0xb4, 0x5, 0x140000000000, 0x0, 0x7fffffff, 0x9, 0x1}, 0x171) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) sendmsg$auto_NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000000)=ANY=[@ANYBLOB='Y\x00\x00\x00', @ANYRES16, @ANYBLOB="01002dbd7000fcdbdf2501"], 0x14}, 0x1, 0x0, 0x0, 0x40080}, 0x20040000) r0 = socket(0x10, 0x2, 0x4) sendmsg$auto_NFSD_CMD_THREADS_SET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c0000001400"], 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x400c000) write$auto(r0, &(0x7f0000000000)='-\x00', 0x2fb) 5m5.705158302s ago: executing program 1 (id=3002): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, 0x0, 0x40) r0 = fanotify_init$auto(0x5, 0x0) creat$auto(&(0x7f0000000000)='./file0\x00', 0x3ff) fanotify_mark$auto(r0, 0x205, 0xa, 0x4, 0x0) read$auto(0x3, 0x0, 0x87f) close_range$auto(0x2, 0x8, 0x0) 5m5.493558578s ago: executing program 1 (id=3003): close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/mnt\x00') sendmsg$auto_OVS_PACKET_CMD_EXECUTE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16, @ANYBLOB="1b0026bd7000fddbdf250300000004000800100003800c000b8008001c"], 0x4c}, 0x1, 0x0, 0x0, 0x4004040}, 0xc800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1000"], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) r0 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0xfffffffe, &(0x7f0000000100)={&(0x7f0000000080), 0xfbe}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x4008) 5m5.41319595s ago: executing program 1 (id=3005): mmap$auto(0x0, 0x4020009, 0xdb, 0xeb1, 0xffffffffffffffff, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) socket$nl_generic(0x10, 0x3, 0x10) sysfs$auto(0x2, 0x2, 0x0) r0 = fsopen$auto(0x0, 0x1) fsconfig$auto(r0, 0x8, 0x0, 0x0, 0x0) fsmount$auto(0x4, 0x0, 0x200003) 5m5.337453424s ago: executing program 1 (id=3006): set_mempolicy$auto(0x6, &(0x7f0000000000)=0x3, 0x21) io_uring_register$auto(0xffffffffffffffff, 0x1f, &(0x7f0000000040)="78298dc7", 0x1) r0 = openat$auto_proc_pid_attr_operations_base(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/attr/current\x00', 0x1, 0x0) write$auto(r0, 0x0, 0x5) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x402, 0x300000000000) tkill$auto(0x1, 0x7) 5m4.897038958s ago: executing program 1 (id=3010): mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/bus/pci/00/01.3\x00', 0x149041, 0x0) r0 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_NETDEV_CMD_QUEUE_GET(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="14000000", @ANYRES16=0x0, @ANYBLOB="01002cbd7000fbdbdf250a0080"], 0x14}, 0x1, 0x0, 0x0, 0x40000}, 0x20008810) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB='J'], 0x1ac}}, 0x40000) sendmmsg$auto(r0, &(0x7f0000000080)={{0x0, 0xfffffffe, &(0x7f00000002c0)={0x0, 0xc5}, 0x1, 0x0, 0x0, 0x9}, 0x107}, 0x3, 0x0) 5m4.400451019s ago: executing program 32 (id=3010): mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/bus/pci/00/01.3\x00', 0x149041, 0x0) r0 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_NETDEV_CMD_QUEUE_GET(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="14000000", @ANYRES16=0x0, @ANYBLOB="01002cbd7000fbdbdf250a0080"], 0x14}, 0x1, 0x0, 0x0, 0x40000}, 0x20008810) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB='J'], 0x1ac}}, 0x40000) sendmmsg$auto(r0, &(0x7f0000000080)={{0x0, 0xfffffffe, &(0x7f00000002c0)={0x0, 0xc5}, 0x1, 0x0, 0x0, 0x9}, 0x107}, 0x3, 0x0) 2m37.590303667s ago: executing program 3 (id=3915): socket$nl_generic(0x10, 0x3, 0x10) unshare$auto(0x400) openat$auto_vcs_fops_vc_screen(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcsa\x00', 0x2a801, 0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) socket(0x2, 0x1, 0x0) socket(0x2, 0x1, 0x106) openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000040), 0x109001, 0x0) select$auto(0x9, 0x0, 0x0, &(0x7f0000000440)={[0x1ff, 0x6, 0xd, 0x8000000000001, 0x948b, 0x3, 0x15f4da07, 0x3, 0xa, 0x4, 0x8000001f, 0x1000, 0x6d3e, 0x9, 0x2, 0x1]}, 0x0) 2m37.346889002s ago: executing program 3 (id=3918): unshare$auto(0x40000080) mmap$auto(0x0, 0xe983, 0x6, 0xeb1, 0xffffffffffffffff, 0x8000) close_range$auto(0x2, 0x8, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/system/cpu/cpu1/hotplug/fail\x00', 0x100, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/platform/vhci_hcd.0/detach\x00', 0x2501, 0x0) r0 = open(&(0x7f0000000040)='./cgroup.cpu/cgroup.procs\x00', 0x101840, 0x33903f3ada88772b) read$auto(r0, 0x0, 0x1) write$auto(0x3, 0x0, 0xffd8) 2m36.66019767s ago: executing program 3 (id=3921): mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r0, 0x0, 0x7) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/pts/ptmx\x00', 0x40001, 0x0) ioctl$auto_TCFLSH2(r2, 0x80045439, 0x0) ioctl$auto_TIOCSETD2(r2, 0x5423, 0x0) 2m34.16775692s ago: executing program 3 (id=3931): close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2, 0x3, 0x6) lsm_list_modules$auto(0x0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x401c5820, 0x0) mkdir$auto(0x0, 0x353) 2m33.539640687s ago: executing program 3 (id=3936): r0 = openat$auto_ctl_device_fops_user(0xffffffffffffff9c, &(0x7f0000000100), 0x20082, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x22240, 0x0) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x20, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttyprintk\x00', 0x40001, 0x0) ioctl$auto(0x3, 0x5402, r1) write$auto_ctl_device_fops_user(r0, &(0x7f0000000080)="a504ff", 0x3) 2m32.829579477s ago: executing program 3 (id=3940): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x155) socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "ab06fdffff00fff500"}, 0x55) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000100)={{0x0, 0x6, 0x0, 0xa7, 0x0, 0x8000, 0x1}, 0x8}, 0x4, 0x9) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0xff, 0x0, 0x1, 0x3}, 0xed7138c}, 0xb, 0x0) 2m32.151377243s ago: executing program 33 (id=3940): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x155) socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "ab06fdffff00fff500"}, 0x55) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000100)={{0x0, 0x6, 0x0, 0xa7, 0x0, 0x8000, 0x1}, 0x8}, 0x4, 0x9) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0xff, 0x0, 0x1, 0x3}, 0xed7138c}, 0xb, 0x0) 2m13.988180119s ago: executing program 2 (id=4002): mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0x1e, 0x1, 0x0) socket(0x28, 0x5, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2b, 0x1, 0x1) pipe2$auto(0x0, 0x80) keyctl$auto(0x200000000000020, 0xffffffffffffffff, 0x5, 0x5, 0x8) keyctl$auto(0x200000000000020, 0xffffffffffffffff, 0x4, 0xffffffffffffffff, 0x4) 2m13.73391831s ago: executing program 2 (id=4003): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/net/rose11/tx_queue_len\x00', 0x0, 0x0) read$auto(r0, 0x0, 0x20) close_range$auto(0x0, 0xfffffffffffff000, 0x2) bpf$auto(0x0, &(0x7f00000001c0)=@task_fd_query={0x9, 0x21eb, 0x7ff, 0x6, 0xa, 0x1000009, 0x5f, 0x0, 0x3}, 0x6f3) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_proc_loginuid_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/loginuid\x00', 0x40002, 0x0) write$auto(0x3, 0x0, 0xfdef) 2m13.133569618s ago: executing program 2 (id=4004): mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) fanotify_init$auto(0x5, 0x2000000000002) open(&(0x7f0000000000)='.\x00', 0xc00, 0x409) open(&(0x7f0000000100)='.\x00', 0x40000, 0x104) openat$auto_debugfs_full_proxy_file_operations_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/netdevsim/netdevsim2/hwstats/l3/enable_ifindex\x00', 0x81242, 0x0) r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv6/conf/veth0/accept_ra_pinfo\x00', 0x2000, 0x0) read$auto(r0, 0x0, 0x1ff) write$auto(0x3, 0x0, 0x100082) 2m12.807132464s ago: executing program 2 (id=4006): sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, 0x0, 0x4) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000500)='/sys/devices/virtual/block/ram12/queue/read_ahead_kb\x00', 0x80000, 0x0) mmap$auto(0x0, 0x2020009, 0x100000000000003, 0xeb1, 0xfffffffffffffffa, 0x0) ioctl$auto_PPPIOCGDEBUG(0xffffffffffffffff, 0x80047441, 0x0) read$auto(r0, 0x0, 0x20) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x3a3fc3, 0x0) unshare$auto(0x40000080) 2m11.214269106s ago: executing program 2 (id=4016): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0x2, 0x1, 0x106) madvise$auto(0x0, 0xffffffffffff0001, 0x15) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) io_uring_setup$auto(0x1, 0x0) futex$auto(0x0, 0x6, 0x8, 0x0, 0x0, 0xffffffd6) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x402, 0x300000000000) tkill$auto(0x1, 0x7) 2m9.323075249s ago: executing program 2 (id=4024): close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0xc) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000080), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r1) ioctl$auto_KVM_GET_MSRS(r0, 0x4008ae89, &(0x7f00000000c0)={0x2, 0x0, [{0x200, 0xfffffdff, 0x2}]}) 2m8.729569066s ago: executing program 34 (id=4024): close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0xc) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000080), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r1) ioctl$auto_KVM_GET_MSRS(r0, 0x4008ae89, &(0x7f00000000c0)={0x2, 0x0, [{0x200, 0xfffffdff, 0x2}]}) 7.533158518s ago: executing program 6 (id=4552): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) getrandom$auto(0x0, 0x6000000, 0x3) sendmsg$auto_OVS_DP_CMD_NEW(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0}, 0x1, 0x0, 0x0, 0x40000}, 0x80) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000080)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x4000000000007, 0xa505}, 0x800}, 0x4, 0x4008) r0 = socket(0x29, 0x2, 0x0) r1 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200", @ANYBLOB="5de1"], 0x1ac}}, 0x40000) mmap$auto(0x0, 0x10008, 0x4000000000df, 0xeb1, 0x401, 0x8000) recvmmsg$auto(r1, &(0x7f0000000040)={{0x0, 0x5, 0x0, 0x5, 0x0, 0x200002, 0x13}, 0x6}, 0xfffffff9, 0x10, 0x0) ioctl$auto(r0, 0x89f2, 0x24) 5.18287985s ago: executing program 6 (id=4560): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0xa, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket(0x1e, 0x4, 0x0) r1 = socket(0x1e, 0x4, 0x0) get_robust_list$auto(0x0, 0x0, 0x0) setsockopt$auto(r1, 0x10f, 0x87, 0x0, 0x14) setsockopt$auto(0x3, 0x10f, 0x87, 0x0, 0x14) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) close_range$auto(r0, 0xffffffffffffffff, 0x0) 5.18270537s ago: executing program 5 (id=4561): close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) write$auto(r0, &(0x7f0000000040)='//\xf2\x00', 0x80000000) r1 = socket(0x15, 0x5, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @loopback}, 0x6a) ustat$auto(0x801, 0x0) sendmsg$auto(r1, &(0x7f0000000180)={&(0x7f0000000040), 0x7fc, 0x0, 0x8, 0x0, 0x1, 0x4}, 0x0) sendmsg$auto_MAC802154_HWSIM_CMD_NEW_EDGE(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x400000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x40000}, 0x81) readv$auto(0x3, &(0x7f00000001c0)={0x0}, 0x100000007) 4.785305431s ago: executing program 6 (id=4562): ioctl$auto(0x3, 0x80000541b, 0x38) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0xc) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r1) ioctl$auto_KVM_GET_MSRS(r0, 0x4008ae89, &(0x7f0000000040)={0x2, 0x0, [{0x4b564d01, 0x400, 0x8000}]}) 4.421712674s ago: executing program 6 (id=4563): r0 = socket(0x2, 0x3, 0xa) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x7, @local}, 0x54) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) recvmmsg$auto(r0, 0x0, 0x400fffd, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) mmap$auto(0x0, 0x400007, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) socket$nl_generic(0x10, 0x3, 0x10) bpf$auto(0x5, &(0x7f00000001c0)=@bpf_attr_7={@prog_id=0xc, 0x92f1, 0x4}, 0xa) sendmmsg$auto(0x3, 0x0, 0x9a5, 0x47ffff7a) 4.317995699s ago: executing program 4 (id=4564): mmap$auto(0x0, 0x2000c, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0C0F:00/status\x00', 0xa140, 0x0) r1 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/oom_adj\x00', 0x300, 0x0) read$auto(r1, 0x0, 0x1f40) r2 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x8002, 0x0) writev$auto(r2, &(0x7f00000000c0)={0x0, 0x7}, 0x3) getpgid$auto(0x0) sendmsg$auto_ETHTOOL_MSG_COALESCE_SET(0xffffffffffffffff, 0x0, 0x40) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000000140)=""/122, 0x7a) setsockopt$auto_SO_RCVTIMEO_NEW(0xffffffffffffffff, 0xffff, 0x42, 0x0, 0x0) 4.221512444s ago: executing program 0 (id=4565): mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) r0 = socket(0x10, 0x2, 0x0) sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB="0700000000000000df250a"], 0x14}, 0x1, 0x0, 0x0, 0x20008000}, 0x10004010) syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1a00"], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x20000800) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) recvmmsg$auto(r0, &(0x7f0000000100)={{0x0, 0x4, &(0x7f0000000080)={&(0x7f0000000040), 0xcb}, 0x3, 0x0, 0x80000000, 0x6}, 0x9}, 0x7, 0x6, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB=' \x00\''], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="19"], 0x1ac}, 0x1, 0x0, 0x0, 0x20}, 0x40000) 3.349779808s ago: executing program 0 (id=4566): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) prctl$auto(0x3e, 0x4000000000001, 0x0, 0x1, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) socket(0x18, 0x2, 0x0) sendto$auto(0x3, 0x0, 0x2000f, 0x0, 0x0, 0x1c) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x2) r0 = openat$auto_ftrace_system_enable_fops_trace_events(0xffffffffffffff9c, &(0x7f0000001580)='/sys/kernel/debug/tracing/events/vmalloc/enable\x00', 0x204, 0x1a00) read$auto(r0, 0x0, 0x0) 3.087352684s ago: executing program 5 (id=4567): pwrite64$auto(0xc8, &(0x7f0000000000)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x88\xf5s\x1cJ\x99\x8a>c\x14\r>\x94\x1a\xd3\xd3\x1d\xf8\xbebZ\xddL\'\x03\xf1`\x9f\x1e\xf9\xa4\xf8\x15\x02l@\x18*\xc0\xc1\xf2\x14^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x0e\xa4\xdf\xdav\x1cC\x8a\xeeq\xf0\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2', 0x4e, 0x3) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0xc) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x4ad83, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r1) ioctl$auto_KVM_GET_MSRS(r0, 0x4040ae9e, &(0x7f0000000040)={0x2}) 3.052972628s ago: executing program 4 (id=4575): socket(0xa, 0x1, 0x100) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x800008000) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r0 = openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/usbmon0\x00', 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x8c00, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) memfd_secret$auto(0x0) ioctl$auto(0x3, 0xaece, 0xffffffffffffffff) pread64$auto(r0, 0x0, 0x7ff, 0xef) 2.251355869s ago: executing program 0 (id=4568): openat$auto_snd_pcm_f_ops_pcm(0xffffffffffffff9c, &(0x7f0000002180)='/dev/snd/pcmC0D0p\x00', 0x0, 0x0) fcntl$auto(0x3, 0x4, 0xa553) close_range$auto(0x2, 0x8, 0x0) r0 = socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) r1 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r2, &(0x7f0000004240)={0x0, 0x0, &(0x7f0000004200)={&(0x7f00000005c0)={0x1c, r1, 0x1, 0x70bd29, 0x25dfdbfe, {}, [@HWSIM_ATTR_REG_HINT_ALPHA2={0x6, 0xb, ',)'}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000060}, 0x0) sendmsg$auto_HWSIM_CMD_FRAME(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000a80)={0x138, r1, 0x800, 0x70bd2c, 0x25dfdbfd, {}, [@HWSIM_ATTR_CHANNELS={0x8}, @HWSIM_ATTR_ADDR_RECEIVER={0xd1, 0x1, "84b56093ca5714bb39689dda0c2f3f26db5d40a77ba03183cf19239631e5f965324b20ddaed7d37d1b689e58ffeea609debb95f36c29ac47a9225934164660d9097dd928a5dc4344b07bf96d5d042b88baba96e4c167b2ffff79d7296556fb38b4c0ff7d3b7e6e3e389a59b18825d13e2d6647e85bb4857747349c254e74a7d846363b22cc7ef6d3b56ee29492f9a6260500009ef5b1443e5eeffbce45c6d66ef85291a6c363801a293905ab485fd61e5a68f29d3330a66612fef80adf473b0813c4fcd84bad66b39d092a295f"}, @HWSIM_ATTR_FREQ={0x8}, @HWSIM_ATTR_RADIO_NAME={0x24, 0x11, '/proc/sys/kernel/random/boot_id\x00'}, @HWSIM_ATTR_IFTYPE_SUPPORT={0x8, 0x17, 0x5}, @HWSIM_ATTR_SIGNAL={0x8, 0x6, 0x30a549bc}, @HWSIM_ATTR_ADDR_TRANSMITTER={0x4}, @HWSIM_ATTR_IFTYPE_SUPPORT={0x8, 0x17, 0xc0}]}, 0x138}, 0x1, 0x0, 0x0, 0x2}, 0x4048881) ioctl$auto_FS_IOC_ENABLE_VERITY(r0, 0x40806685, &(0x7f0000000000)={0x9, 0x9, 0x0, 0x4000, 0x77ba, 0x46f1, 0x0, 0x6}) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000300)='/proc/self/net/rpc/nfs4.idtoname/channel\x00', 0x8f3b7a51b80ebd01, 0x0) 1.905994102s ago: executing program 5 (id=4569): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2b, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @multicast2}, 0x6a) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) connect$auto(r0, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x3c}}, 0x54) sendmsg$auto_NL80211_CMD_START_SCHED_SCAN(r0, 0x0, 0x20044025) connect$auto(0x3, 0x0, 0x55) openat$auto_bm_status_operations_binfmt_misc(0xffffffffffffff9c, &(0x7f0000000100), 0x301402, 0x0) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) select$auto(0x8, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x2, 0x948b, 0x3, 0x15f4da0a, 0x1, 0x3, 0x62, 0x80000001, 0x7, 0x6d3f, 0x9, 0x2, 0xfffffffffffffffe]}, 0x0) 1.71517021s ago: executing program 4 (id=4570): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0x7, 0x13) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) r0 = socket(0x2, 0x80002, 0x73) getpeername$auto(r0, 0x0, 0x0) r1 = openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dri/card0\x00', 0x129800, 0x0) ioctl$auto(r1, 0x92106400, r1) 1.597685567s ago: executing program 0 (id=4571): bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/net/nr4/statistics/tx_window_errors\x00', 0x40000, 0x0) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x55) socket(0x2, 0x3, 0xa) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x8) connect$auto(0x3, &(0x7f00000018c0)=@l2tp={0x2, 0x0, @multicast1}, 0x55) sendmmsg$auto(0x3, 0x0, 0x9a6, 0xe000) 1.154225066s ago: executing program 5 (id=4572): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x60, 0x0, 0x200, 0x70bd25, 0x25dfdbfc, {}, [@HSR_A_IF2_SEQ={0x6, 0x7, 0x7ffe}, @HSR_A_IF1_SEQ={0x6, 0x6, 0x1}, @HSR_A_IF1_AGE={0x8, 0x3, 0x400}, @HSR_A_NODE_ADDR_B={0xa, 0x5, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x36}}, @HSR_A_NODE_ADDR_B={0xa, 0x5, @remote}, @HSR_A_NODE_ADDR_B={0xa}, @HSR_A_IFINDEX={0x8}, @HSR_A_IF2_SEQ={0x6, 0x7, 0x8}]}, 0x60}, 0x1, 0x0, 0x0, 0x40080}, 0x40080) socket(0x2, 0x3, 0x100) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x4004c18}, 0x48880) sendmsg$auto_NETDEV_CMD_QUEUE_GET(0xffffffffffffffff, &(0x7f0000003040)={0x0, 0x0, &(0x7f0000003000)={&(0x7f0000000040)={0x14, 0x0, 0x1, 0x70bd2c, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x40000}, 0x20008810) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000040)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB='h'], 0x1ac}, 0x1, 0x0, 0x0, 0x40814}, 0x2004c0c4) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 1.105336848s ago: executing program 4 (id=4573): bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x37}}, 0x6e) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x9, 0x20000000) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) close_range$auto(0x2, 0x8, 0x0) socket(0x18, 0xa, 0x1) socket(0xa, 0x2, 0x0) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa}, 0x55) semctl$auto(0x7, 0x2, 0x13, 0x1) lsm_list_modules$auto(0x0, 0x0, 0x0) sendmmsg$auto(0x3, &(0x7f0000000000)={{0x0, 0x2, 0x0, 0x106, 0x0, 0x6c, 0x697c}, 0xed71390}, 0x9a6, 0xff00) 839.440173ms ago: executing program 5 (id=4574): ioctl$auto_BTRFS_IOC_RM_DEV_V2(0xffffffffffffffff, 0x5000943a, &(0x7f00000014c0)={@raw=0xfffffffffffffff7, 0xfffffffffffffffa, 0xaf9, @btrfs_ioctl_vol_args_v2_3_0={0x9, &(0x7f00000000c0)={0x1, 0x4, 0x5, 0x800, {0x6, 0x4, 0x7, 0x18064d98}}}, @name="7e1b99ca0b35175217d2abd1ae5edd775e86a368eb333fd64e21f84c491dfbd8a87b1911c13b07c09d7eefdfb0625691bac6b85f9d5a6c777ac2541d071574091588f79cc600a76395923d25b6074f2fa29139605906690353bb5f0d966feda8223f2eca7e2aaca386a1169eb22bca4e43e7e275fba1ba82a5e0993285416f3714b0d5356189e75d17c7504768545b36e63cbca3b324f1c8a213b793ba1428042ebd15464a0b8e22d265274082d408810fced2b8829cb442b590576ccd35167a06ba06f57dff08e742078dc2827516ebe8ad62bf3790da382e50c6994046b106219b44b5ab5a5c071b6f1dd37a417ce8383f0a7994d118938136c82b4519999a6acda18798654b75be5bce6de093a50f5595de476150b2eeac31786362d3cc186905c8f2cfe844f0f02db37c83494a1c967e3982e3ad1fa9ac12ab97fb9e88b44f6deb9b5a9c0e0087edfe47ec4ab86c74a943abd221330daa9996d982e36e6b590850eb54985a2eb51e49f003e02854233af25bb7c2208c112e997ee47b12449ae9d0ab836c557b53e1767f7edbb7067451e55ad9be85ba7a333eb66d4efd60bff3da2133e668f5c640534aaffd46b1b38c0e3de1be9a8af169f61f6e036dac56ef3563c5c8cda76d4e30f977a15eaa30ffacb417f428958d0a16998f8129368003653358634f98a89a04acf2bdadcc804e04de34fd94dcff77cac62aa4ee1d671241a505a8378f97d2e0b3e24f436e809ebaf44a3c7160120bf2787828b89cbba7c3644a64b70f1617f8ab11e541a22631f19cd8414d2b3655ac836aa23a34d65927d294587bb01b273984718468c5f9ac8051b3b2e983a8e09b7e9cdc5a36880e734ee1ea734ae0556b44375f5accf1fc703c1e936fa950ad6a930effb8d0d03d4cb497bf83bd0a000e49e13a0dcd0b53496e06efe4d03da7fe7d94f3e4cd8f6bedac5b81221a4cb858f4bdbc7d9ff1f85334289ce9bcb1254de9b99ca668f0e1578c688d61212c0808a84a3851b193386431057f4a73870680b53be6d9735b05340e3eff523f5dde527eeeebb810723ca718584a2bf1ab602ebec11ac2dc8995944fe9c320664127b84c9a3226feec39cbc442b9ebed20ef3eaee8f8ca4929879338f45223b367a0ce75ee8f14a0491d67fbf5249ce65fddb038f2c2eb623d6be69cf63449689a542927c5e68a7274e1d2bca3adecfce7e4537e9e0b1fd3939b3318b7ff27a7de774e7b1241ecb0cc6655d59f94d81f7b58b9ce180478c4d2baef4025638460d70329eedd581c4e4f09bf2f62b6682fcfb69709e86aee5d3bf6efa30a15f06bbd3beeebc74d5f5977d217c0cd8e8fccb4e391dbd72c28d6a842e4a7cc82cb9fdbfb1651c9e2f1caa3e33d0e4f8819734fc587ec245d7dec9b64e4e79d5afa9e54fd86ff90f3ec4dc441600eccc3b9cc739b94c0cceb4b77034d5edbffc03ff232feabddbc08cc756898d3750e834e11d03846265008df7ced219c908c1060583b50e8b64f47a3fa48d53cab2c1ce8b1be7e395df718c594a4ae51c05e45bd45816489a2f69f8e6cb042491b9a8b1048e0641a53ccb304f285b587d864db3d84cfc79735cee1799f724e907e55285f3ab2d1f0c6a3cadea75890cb9f3a56a3ee377404cab359a69ef5c356c782728ebbb583879491178df2a777db5488dd678457093a098e5130e809bb48a256f498994c58ba8bc82284e768ea21f9aa41d96f211f27c93b32f819d3187e033b3b2c1b4c468e255182b2c107ef97d4ced24624735e0f6827322a8840e4d2ead7812b3846537a1bf275c07cb8b2edbb90eede0684cc90527c4a8b3d7057818677e97cf1177fe8657a6371bc56bf253b036fa57a19d9e1905fa2b973b55253a110d683e75fbb05239c28bafe007de37aaa7e5c458f11fd2748af2838d14cc7a90a8a3768a6af234bbdb87c1801459233dfbaf2516f98b1b585f2b1f12b507ac9914fc85d730e767f2e982aa327068684d179dcc7da8047de55b86b27c5bf8bc0c4d73d03cbe7acf68d9fbce409dc604dfbcbda280fdeab4c7b1b8a01d47a337f0275da4f68ab87d814ad24c3843dd3ffa17e9c77119ad4cccdb4d2504dbdc0c08d836055c8daed3fcdb3f6cad4c259a366bf9b031e76346b7e6dd001cac71ef98b360215db0b68f7d3158f657f2f88ddffc8ede874343e426851cf374fd072bb4a1fba93e916a7687ea420337f54ff4e09438857ec2ed0b2476c2d14a094ce74c31de2f540a1c505eddc8e54d7993af0fc0b75d8e5e6ba961689757f3f608bb03e644bcfe024d1ca1294272c863027c66a4a7c6967518ddf54892de5b1d4bba0b72dccc289b6be01be656f9f13c8e106d9f1a803ad5cc4c5c6d192737963b1b2a0b92a9b4514de3ef61b4c0fd61780ea05821cbe68558aa3961c0b6d2653f8fad80b14ba8d2a327800800e10b75b53975a3ff9a916ffe056ba8e4d971114bb292701b84f4901607796ab5c2ae0185dfa17317198c9cca5a1997452ec8e2a8adb16f47b5187a60bc5830c607879a61ba7d7f3ba591e1614f64903fe9920c7d2dfd1986239412ec00664ec39372270c91dfc248fdcb310dfe39a77bef34bfd573b8a365ed59d7a542234f92e350437699c470a4256534f09ec381765cf39a98412722743bb2b6001ad0cd7052e312d1c1c9e1d6ad09b71774e149dd1978408b69fb0e73b94e850b70843c54684a4d610be0f5ca7e59b6a471ea377d824f2666af1dd5dd908bfb38061ee81d092f05cdd5c31fdffbaac423c26ed1f531e5b9dc18a753ceac36e8ba1485c12340cb3b986d7b5cb5d83533fe0b86ab17139603125e4e7239c6cb88d7e0feee431749d97998ca203c993cf90dfb63001d321e96cd922d155353d7f76c3324056585cc8ee7886a7f11d8b3032f286e10e0d34f3ac251d1cb1422204a6ef29a46ec782d6f4c6745d6d1073d315fa8dbb363d87f5e23157a05d7958b7a050ac97904292b6a5a1befa25397d4bd2e6d38f05fbf8fc2231f5d3491f1d62bb47dd02c87de4fec18784da6010b7f06aa36affdc0e54fea4e9663b59b054e643d9f6f334d150ec8356c0e2383e27c3b902fe7470dae718734bd4dcf251e887617035fa32ccafbe2c5767fc5236bfee7a4a97ea630110f37c0c1cc07cccdfdf7e0c4fba144bda4e83642bd5f1a65215fc6bf5d289f7e6e16e593e04818de73a11409e1dda5184024238ffd690274ac97c5245e08057aad84f4a3a46cd9e0ea8aecfd6d17c11a9396957dea4ee149d930a1a594e4cc37fafc0e95192bbababb562aaf207ef1ec59046447f5d155b5922e5fca9b7f205d997921ded7516bc5974348d913917611ea052dc498812f543245c42e920e97dd0bd4080b7b27677c02357976adfef7e749e18ca08e88da33e3377b291e001619dabd0a1581d3d9951e6b0710756381330c5c7c1e68acb356365c526736db2271c4d44bee0f6400edca217dc37f8a3a5de1f821092de1e49a537904ea94d60010559423ec98f400d621fef27566ef091333e0f98ab392b4c685156cd21ed8baccfe20522151211868ea3cc04aebb180e9cbcf12d699aac6729528130e416f5ff43eb6d33155cb098e6fd49de40c7b1134807b5ab7c3745874b51e4d5bcf6259b6d47faf4cc1b8fb182283452766b8359773836979f1cf03fffea961a15a479297ff6b52b2ca3f98213e6a0f4eb8de967a370301fc0f03ea98cea54eabd920c394b8a7974ae9ebe4f75b9e88e8340794645bf36c728a8d001a7f316dd7878ec247221c436e6ba2bb0a7e523a057ffa78438917145fec62db06d67e13e2c3e94bf0913f71f62440423ec04b572be04af45ddc2ee02b90630be59af89ea6b3cf39ba2015077e3dcfe3cab607f6d5171ca4400c7e0c7192a9ff8feccc25926327d4590d72775d404ea7f33ab2a4dc055bedc985338c5044e51394948a5ca791e9500270f07c60a5bec94ee8bc3b62b17e2a4bd7042d43068936f866047e0c8a4c8c106c414d26cf9032567c95e3490d142ffe9f0ac26cabec1e1c77f932a240063693be691749c20aad779112b3437f0f6fe2bc12eb401bcca434b9039e6d56ce5933ff2bb6b658d8f4d523ab92bbc3aa3b672b4e158189db25be380d441ddcf04f8f606a88759e3547bb70a9d08e56897b1b4b9654393fc1584d28de2cc584904801ccaae5fba14838725a2f47277439fb2605bf040a8743a474848469f93a88180021e42a6b52f7ef0e1b046f3ca5bbb683abbcb595f71803d702313104e53d367f0d16839e456c3f1deae3dcab05f46ae0a58990e00a0394ee4f8d29dba727ddb29dd1119bc455c2edc6124ddc31cc4731fa9209aa428a591cc7fda6d038b19e8fe00af0c637175f58f75889e4eb936fcff165dbf0c97466b76bd967f211b7d12e1ee12c138dc445085938341e63d0eff262d13fa0f4888d32afa410f4a2def39e998f54411b154b041946e79ae867f2d9af59d37a2aa14da9f37107621e1d510fd6da9ae73a84f358418d34aac61297b312c9e48a3492353664d25b3ad5e9117a86ae491e78d7e296b7382cd5a41b1a7f14de96f50f9be0f72798db204847dea3dd9d09fde66c4b00130d7cadf0ceec73f38e56b4e853026e4f78ebf6cb67f2d89fff2b1148b21272293c36a0ff5d70bf86216670012063158bfec6a09451f4fc10277fc5204c325529a6b91a26ab75b9d18dfcb20ec03b5dd654c901ab7b867756f200377a26551f24bed2bdecdd019b0dfc8c836036974c252cfafd0cbfec6d4278b31c3f6167917a00b57d4dff716651ab4160f8a158e992b5efc607b3e350f2ef31d56fcdc765fedb16c272dd2adaa2c6d26aca421da118874361e764886f2afc70930a6cf7ca3fd6ba04763e0be00aa93746c358916b41843f84a0fca6461c3a13a684d219c6491815da3a35cbcd9d71ee64db1d0cab9a45957393fd5f09aadb84ffcdf47104a2ba549eca83aef9f1f31e93c91c2a830d572b59ae305e4cde8c03e4ea301e83081007327036834e6ef4386ad2910f4b5055f1cb41476f4d6a7c1d17b839a2cd44d3164ada8f77fabb1421f708d4b0c6e9939fe3923ebba79e0bf95fb9edde466245916ebd51ff32240c98075f7e0d574055c3b7fb234c0ea1919ad1efaf44822ff1d7f0f1779091f6d368cd1fd44fb72ea3ec5c952ba21f37734715b6bb9f1f0be08211925ef5dde2fc99846fc8da8f6395ab4f84016d0ae5938d197229ab1509a26c3ef5473489c4f6ed4a1771145393a7d8cbcc576c2ad136bcc50b0860faa385a2935590ff09175beb182f1214b97a5a1cc8a93dd4555ce1b3098a261125e271e08deb96d6fe638e45af911bae6475aa2c62bc2b8385d49cda5918bc746c0031f1e16c35f37116c30648872f668355635aed1b81a119eca812a132c537b6737d3ba5d65bc6841c01612ca3a930ca561ff36e92b9335587c502185353d4d3d4663190b27ea2bf35f4b0e1b2cc4c1dcf5e3c5cd6a02a9f215f2dd0b971f0269386f6c3157be2d22018019bf252c4c080f6926c42e663a0b966a899095239795dd7be03081ad583ad343545e5f2196573c4e22d8d18c64cdff33403aac4d80f4e3653981c859c6af76216fd401965c032049f78eee1a476f288032cbb7f029e64491526cb4dcdbdd622a7a56663f1f3a0835baa4738e1e1f859314ad5f6880394812c8f95c418771c3f5c8d5b97d739a"}) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0xc) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000080), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r1) ioctl$auto_KVM_GET_MSRS(r0, 0x4008ae89, &(0x7f00000000c0)={0x2, 0x0, [{0x200, 0xfffffdff, 0x1}]}) 832.523005ms ago: executing program 6 (id=4576): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_generic(0xffffffffffffff9c, &(0x7f0000000100)='/proc/kpageflags\x00', 0x2, 0x0) read$auto(0x3, 0x0, 0x80) r0 = socketcall$auto(0x8000, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r0) r2 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) r3 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000140)='/dev/snd/controlC2\x00', 0x80, 0x0) ioctl$auto(r3, 0xc10c5541, r2) 779.62669ms ago: executing program 4 (id=4577): mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) r0 = open(&(0x7f0000000000)='./cgroup\x00', 0x0, 0x64) fchdir$auto(r0) close_range$auto(0x0, 0x5, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/tty12\x00', 0x0, 0x0) fanotify_init$auto(0x5, 0x2000000000002) inotify_init1$auto(0x3000000000000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup/cgroup.type\x00', 0x103042, 0x0) rmdir$auto(&(0x7f0000000300)='./cgroup\x00') lseek$auto(0x3, 0x8, 0x1) 454.115835ms ago: executing program 4 (id=4578): mmap$auto(0x0, 0x20009, 0x80000001, 0xeb1, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_macsec(&(0x7f0000000240), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'ip6gretap0\x00', 0x0}) sendmsg$auto_MACSEC_CMD_ADD_RXSC(r0, &(0x7f0000004100)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)={0x2c, r1, 0x1, 0x70bd26, 0x25dfdbfc, {}, [@MACSEC_ATTR_RXSC_CONFIG={0x10, 0x2, 0x0, 0x1, [@typed={0xc, 0x1, 0x0, 0x0, @u64=0x3f}]}, @MACSEC_ATTR_IFINDEX={0x8, 0x1, r2}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20040801}, 0x4000040) openat$auto_sc_seq_fops_netdebug(0xffffffffffffff9c, &(0x7f00000000c0), 0x62b00, 0x0) r3 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) write$auto_console_fops_tty_io(r3, &(0x7f00000005c0)="671f264add69b6440843b66668ef000000df2669e6f9cd237232b20ed763ac8caf4b9b4cd10196bc7b4c3cf9ee0cb9f61968f4782754e1706b1bb14a4ace080c4c96c604a2812c41ceb0540ad94892a9e1fc919c762d1b29000c4b", 0x5b) 398.084041ms ago: executing program 5 (id=4579): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x6, 0x8000) socket(0x11, 0x80003, 0x300) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) socketpair$auto(0x1, 0xfffffffd, 0x6, 0x0) close_range$auto(0x2, 0xa, 0x0) socket(0x18, 0xa, 0x1) socket(0xa, 0x2, 0x0) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "ab06fdffff00fff500"}, 0x55) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0xe000) 394.667549ms ago: executing program 0 (id=4580): mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) mincore$auto(0x1000, 0x8001, 0x0) fcntl$auto(0x8000000000000001, 0x26, 0x8) mmap$auto(0x0, 0x2020009, 0x10000000000000a, 0xeb1, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0x6, 0x0) fcntl$auto(0x8000000000000001, 0x26, 0x8) fcntl$auto(0x8000000000000001, 0x7, 0x8) 51.261767ms ago: executing program 0 (id=4581): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) r0 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/block/ram9/diskseq\x00', 0x20000, 0x0) read$auto(r1, 0x0, 0x20) writev$auto(r0, &(0x7f0000000200)={0x0, 0x3}, 0x3) accept$auto(r1, 0x0, 0x0) connect$auto(0x3, 0x0, 0x54) sendmsg$auto_BATADV_CMD_TP_METER(0xffffffffffffffff, 0x0, 0x24008010) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7114}, 0x8) 0s ago: executing program 6 (id=4582): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) io_uring_setup$auto(0x6, 0x0) close_range$auto(0x2, 0x8, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket(0xa, 0x2, 0x88) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'team0\x00', 0x0}) bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_5={@target_ifindex=r3, r2, 0x4, 0x1, r1, @relative_id=0x13, 0xe600}, 0xf) r4 = open(0x0, 0x221c2, 0x84) bpf$auto(0x2, &(0x7f00000001c0)=@raw_tracepoint={0x5, r4, 0x0, 0x3}, 0xc) kernel console output (not intermixed with test programs): /0x10 [ 621.487119][T16052] __memcg_slab_post_alloc_hook+0x133/0x940 [ 621.487151][T16052] ? kasan_save_track+0x14/0x30 [ 621.487191][T16052] kmem_cache_alloc_lru_noprof+0x556/0x6e0 [ 621.487227][T16052] ? alloc_inode+0xc3/0x240 [ 621.487256][T16052] ? alloc_inode+0xc3/0x240 [ 621.487279][T16052] alloc_inode+0xc3/0x240 [ 621.487304][T16052] alloc_anon_inode+0x28/0x3e0 [ 621.487339][T16052] ioctx_alloc+0x4ad/0x2120 [ 621.487386][T16052] ? find_held_lock+0x2b/0x80 [ 621.487421][T16052] ? __pfx_ioctx_alloc+0x10/0x10 [ 621.487455][T16052] ? __might_fault+0x13b/0x190 [ 621.487501][T16052] __x64_sys_io_setup+0xc9/0x210 [ 621.487540][T16052] do_syscall_64+0xcd/0xfa0 [ 621.487581][T16052] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 621.487606][T16052] RIP: 0033:0x7f78b238efc9 [ 621.487625][T16052] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 621.487649][T16052] RSP: 002b:00007f78b3235038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ce [ 621.487672][T16052] RAX: ffffffffffffffda RBX: 00007f78b25e5fa0 RCX: 00007f78b238efc9 [ 621.487689][T16052] RDX: 0000000000000000 RSI: 0000200000000580 RDI: 000000000000fff4 [ 621.487704][T16052] RBP: 00007f78b2411f91 R08: 0000000000000000 R09: 0000000000000000 [ 621.487719][T16052] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 621.487733][T16052] R13: 00007f78b25e6038 R14: 00007f78b25e5fa0 R15: 00007ffe40406ac8 [ 621.487765][T16052] [ 622.788032][T16079] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 623.936448][T15918] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 624.100023][T15918] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 624.156039][T15918] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 624.203774][T15918] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 624.226543][T16099] netlink: 330 bytes leftover after parsing attributes in process `syz.4.3988'. [ 624.332045][T16099] veth0_macvtap: left promiscuous mode [ 624.776991][T15918] 8021q: adding VLAN 0 to HW filter on device bond0 [ 624.892883][T15918] 8021q: adding VLAN 0 to HW filter on device team0 [ 624.933987][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 624.941199][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 624.995629][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 625.002877][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 625.187164][T16120] netlink: 330 bytes leftover after parsing attributes in process `syz.0.3992'. [ 625.295630][T16120] veth1_macvtap: left promiscuous mode [ 625.347366][T16120] macsec0: entered promiscuous mode [ 625.385914][T16120] macsec0: entered allmulticast mode [ 625.870901][T15918] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 627.062416][T15918] veth0_vlan: entered promiscuous mode [ 627.106269][T15918] veth1_vlan: entered promiscuous mode [ 627.214010][T15918] veth0_macvtap: entered promiscuous mode [ 627.266688][T15918] veth1_macvtap: entered promiscuous mode [ 627.328572][T15918] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 627.373702][T15918] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 627.404428][ T2952] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 627.453930][ T2952] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 627.483869][ T2952] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 627.531293][ T2952] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 627.803807][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 627.842061][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 627.940156][ T2952] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 627.972710][ T2952] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 629.103223][T16173] FAULT_INJECTION: forcing a failure. [ 629.103223][T16173] name failslab, interval 1, probability 393216, space 0, times 0 [ 629.148330][T16173] CPU: 1 UID: 0 PID: 16173 Comm: syz.2.4006 Tainted: G U I syzkaller #0 PREEMPT(full) [ 629.148372][T16173] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 629.148381][T16173] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 629.148396][T16173] Call Trace: [ 629.148404][T16173] [ 629.148413][T16173] dump_stack_lvl+0x16c/0x1f0 [ 629.148456][T16173] should_fail_ex+0x512/0x640 [ 629.148480][T16173] ? __kmalloc_noprof+0xca/0x880 [ 629.148513][T16173] should_failslab+0xc2/0x120 [ 629.148538][T16173] __kmalloc_noprof+0xdd/0x880 [ 629.148567][T16173] ? lockdep_init_map_type+0x5c/0x280 [ 629.148595][T16173] ? xfrm_hash_alloc+0xd1/0x100 [ 629.148631][T16173] ? __pfx_xfrm_net_init+0x10/0x10 [ 629.148667][T16173] ? xfrm_hash_alloc+0xd1/0x100 [ 629.148702][T16173] xfrm_hash_alloc+0xd1/0x100 [ 629.148736][T16173] xfrm_net_init+0x244/0xcc0 [ 629.148776][T16173] ? __pfx_xfrm_net_init+0x10/0x10 [ 629.148812][T16173] ops_init+0x1e2/0x5f0 [ 629.148838][T16173] setup_net+0x100/0x390 [ 629.148861][T16173] ? __pfx_setup_net+0x10/0x10 [ 629.148886][T16173] ? debug_mutex_init+0x37/0x70 [ 629.148923][T16173] copy_net_ns+0x2f8/0x690 [ 629.148952][T16173] create_new_namespaces+0x3ea/0xa90 [ 629.148995][T16173] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 629.149035][T16173] ksys_unshare+0x45b/0xa40 [ 629.149060][T16173] ? __pfx_ksys_unshare+0x10/0x10 [ 629.149085][T16173] ? xfd_validate_state+0x61/0x180 [ 629.149120][T16173] __x64_sys_unshare+0x31/0x40 [ 629.149144][T16173] do_syscall_64+0xcd/0xfa0 [ 629.149185][T16173] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 629.149210][T16173] RIP: 0033:0x7f714138efc9 [ 629.149229][T16173] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 629.149254][T16173] RSP: 002b:00007f7142286038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 629.149283][T16173] RAX: ffffffffffffffda RBX: 00007f71415e5fa0 RCX: 00007f714138efc9 [ 629.149299][T16173] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 629.149314][T16173] RBP: 00007f7141411f91 R08: 0000000000000000 R09: 0000000000000000 [ 629.149329][T16173] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 629.149344][T16173] R13: 00007f71415e6038 R14: 00007f71415e5fa0 R15: 00007fff9388b588 [ 629.149375][T16173] [ 630.037864][T16186] kvm: kvm [16185]: vcpu2, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010015) = 0x2 [ 630.292182][T16188] mkiss: ax0: crc mode is auto. [ 630.310263][T16190] device-mapper: ioctl: Unable to rename non-existent device,  to „ [ 630.402360][T16192] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4015'. [ 631.797348][T16212] netlink: 346 bytes leftover after parsing attributes in process `syz.4.4020'. [ 632.668950][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 632.675869][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 633.894369][ T5829] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 633.905903][ T5829] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 633.919995][ T5829] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 633.938080][ T5829] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 633.945719][ T5829] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 634.513856][T16234] bridge0: port 3(hsr0) entered blocking state [ 634.549325][T16234] bridge0: port 3(hsr0) entered disabled state [ 634.597145][T16234] hsr0: entered allmulticast mode [ 634.638779][T16234] hsr_slave_0: entered allmulticast mode [ 634.741240][T16234] hsr_slave_1: entered allmulticast mode [ 634.783842][T16234] hsr0: entered promiscuous mode [ 634.789370][T16234] bridge0: port 3(hsr0) entered blocking state [ 634.795686][T16234] bridge0: port 3(hsr0) entered forwarding state [ 635.036578][T16255] FAULT_INJECTION: forcing a failure. [ 635.036578][T16255] name failslab, interval 1, probability 393216, space 0, times 0 [ 635.103742][T16255] CPU: 1 UID: 0 PID: 16255 Comm: syz.5.4037 Tainted: G U I syzkaller #0 PREEMPT(full) [ 635.103792][T16255] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 635.103803][T16255] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 635.103818][T16255] Call Trace: [ 635.103826][T16255] [ 635.103835][T16255] dump_stack_lvl+0x16c/0x1f0 [ 635.103878][T16255] should_fail_ex+0x512/0x640 [ 635.103901][T16255] ? kmem_cache_alloc_noprof+0x62/0x6e0 [ 635.103939][T16255] should_failslab+0xc2/0x120 [ 635.103963][T16255] kmem_cache_alloc_noprof+0x75/0x6e0 [ 635.103997][T16255] ? mm_alloc+0x1c/0xc0 [ 635.104038][T16255] ? mm_alloc+0x1c/0xc0 [ 635.104072][T16255] mm_alloc+0x1c/0xc0 [ 635.104107][T16255] alloc_bprm+0x2af/0x710 [ 635.104143][T16255] do_execveat_common.isra.0+0x1ce/0x610 [ 635.104183][T16255] __x64_sys_execve+0x8e/0xb0 [ 635.104218][T16255] do_syscall_64+0xcd/0xfa0 [ 635.104259][T16255] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 635.104283][T16255] RIP: 0033:0x7f5234f8efc9 [ 635.104302][T16255] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 635.104325][T16255] RSP: 002b:00007f5235e3a038 EFLAGS: 00000246 ORIG_RAX: 000000000000003b [ 635.104348][T16255] RAX: ffffffffffffffda RBX: 00007f52351e5fa0 RCX: 00007f5234f8efc9 [ 635.104365][T16255] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000000 [ 635.104380][T16255] RBP: 00007f5235011f91 R08: 0000000000000000 R09: 0000000000000000 [ 635.104394][T16255] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 635.104409][T16255] R13: 00007f52351e6038 R14: 00007f52351e5fa0 R15: 00007ffe23b65248 [ 635.104440][T16255] [ 635.641641][T16237] chnl_net:caif_netlink_parms(): no params data found [ 636.006991][ T5829] Bluetooth: hci1: command tx timeout [ 636.502955][T16237] bridge0: port 1(bridge_slave_0) entered blocking state [ 636.554123][T16237] bridge0: port 1(bridge_slave_0) entered disabled state [ 636.588075][T16237] bridge_slave_0: entered allmulticast mode [ 636.643708][T16237] bridge_slave_0: entered promiscuous mode [ 636.688065][T16237] bridge0: port 2(bridge_slave_1) entered blocking state [ 636.743250][T16237] bridge0: port 2(bridge_slave_1) entered disabled state [ 636.774757][T16237] bridge_slave_1: entered allmulticast mode [ 636.825051][T16237] bridge_slave_1: entered promiscuous mode [ 637.180489][T16237] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 637.249789][T16237] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 637.584233][T16237] team0: Port device team_slave_0 added [ 637.615385][T16237] team0: Port device team_slave_1 added [ 637.756357][T16237] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 637.786469][T16237] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 637.923356][T16237] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 637.994642][T16237] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 638.041797][T16237] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 638.082879][ T5829] Bluetooth: hci1: command tx timeout [ 638.216584][T16237] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 638.628965][T16237] hsr_slave_0: entered promiscuous mode [ 638.695004][T16237] hsr_slave_1: entered promiscuous mode [ 638.701230][T16237] debugfs: 'hsr0' already exists in 'hsr' [ 638.771836][T16237] Cannot create hsr debugfs directory [ 640.147593][ T5829] Bluetooth: hci1: command tx timeout [ 640.516335][T16237] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 640.602862][T16237] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 640.669650][T16237] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 640.771450][T16237] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 640.889530][T16343] FAULT_INJECTION: forcing a failure. [ 640.889530][T16343] name failslab, interval 1, probability 393216, space 0, times 0 [ 640.903010][T16343] CPU: 1 UID: 0 PID: 16343 Comm: syz.4.4054 Tainted: G U I syzkaller #0 PREEMPT(full) [ 640.903054][T16343] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 640.903065][T16343] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 640.903080][T16343] Call Trace: [ 640.903090][T16343] [ 640.903100][T16343] dump_stack_lvl+0x116/0x1f0 [ 640.903145][T16343] should_fail_ex+0x512/0x640 [ 640.903175][T16343] should_failslab+0xc2/0x120 [ 640.903201][T16343] kmem_cache_alloc_noprof+0x75/0x6e0 [ 640.903236][T16343] ? __send_signal_locked+0x159/0x12c0 [ 640.903276][T16343] ? __send_signal_locked+0x159/0x12c0 [ 640.903306][T16343] __send_signal_locked+0x159/0x12c0 [ 640.903339][T16343] ? __lock_task_sighand+0x146/0x340 [ 640.903375][T16343] do_send_specific+0x1e8/0x370 [ 640.903398][T16343] ? __pfx_do_send_specific+0x10/0x10 [ 640.903419][T16343] ? __task_pid_nr_ns+0x1f5/0x500 [ 640.903454][T16343] do_rt_tgsigqueueinfo+0xa9/0x100 [ 640.903480][T16343] __x64_sys_rt_tgsigqueueinfo+0x17a/0x210 [ 640.903516][T16343] ? __pfx___x64_sys_rt_tgsigqueueinfo+0x10/0x10 [ 640.903560][T16343] do_syscall_64+0xcd/0xfa0 [ 640.903602][T16343] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 640.903628][T16343] RIP: 0033:0x7f9ec038efc9 [ 640.903649][T16343] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 640.903673][T16343] RSP: 002b:00007f9ec120d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000129 [ 640.903697][T16343] RAX: ffffffffffffffda RBX: 00007f9ec05e5fa0 RCX: 00007f9ec038efc9 [ 640.903714][T16343] RDX: 0000000000000021 RSI: 0000000000000270 RDI: 000000000000026f [ 640.903730][T16343] RBP: 00007f9ec0411f91 R08: 0000000000000000 R09: 0000000000000000 [ 640.903746][T16343] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 640.903762][T16343] R13: 00007f9ec05e6038 R14: 00007f9ec05e5fa0 R15: 00007ffe598e7d98 [ 640.903794][T16343] [ 641.724408][T16237] 8021q: adding VLAN 0 to HW filter on device bond0 [ 641.838920][T16237] 8021q: adding VLAN 0 to HW filter on device team0 [ 641.892834][ T60] bridge0: port 1(bridge_slave_0) entered blocking state [ 641.900062][ T60] bridge0: port 1(bridge_slave_0) entered forwarding state [ 641.998079][ T60] bridge0: port 2(bridge_slave_1) entered blocking state [ 642.005291][ T60] bridge0: port 2(bridge_slave_1) entered forwarding state [ 642.034985][T16369] KVM: debugfs: duplicate directory 16369-4 [ 642.221035][ T5829] Bluetooth: hci1: command tx timeout [ 643.277225][T16381] FAULT_INJECTION: forcing a failure. [ 643.277225][T16381] name failslab, interval 1, probability 393216, space 0, times 0 [ 643.370747][T16381] CPU: 1 UID: 0 PID: 16381 Comm: syz.5.4061 Tainted: G U I syzkaller #0 PREEMPT(full) [ 643.370792][T16381] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 643.370803][T16381] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 643.370818][T16381] Call Trace: [ 643.370827][T16381] [ 643.370837][T16381] dump_stack_lvl+0x16c/0x1f0 [ 643.370882][T16381] should_fail_ex+0x512/0x640 [ 643.370905][T16381] ? __kmalloc_cache_node_noprof+0x62/0x7a0 [ 643.370949][T16381] should_failslab+0xc2/0x120 [ 643.370975][T16381] __kmalloc_cache_node_noprof+0x75/0x7a0 [ 643.371022][T16381] ? __alloc_workqueue+0x7fe/0x1810 [ 643.371049][T16381] ? lockdep_init_map_type+0x5c/0x280 [ 643.371081][T16381] ? __alloc_workqueue+0x7fe/0x1810 [ 643.371104][T16381] __alloc_workqueue+0x7fe/0x1810 [ 643.371138][T16381] alloc_workqueue_noprof+0xd2/0x200 [ 643.371163][T16381] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 643.371192][T16381] ? rcu_is_watching+0x12/0xc0 [ 643.371227][T16381] ? trace_kmalloc+0x2b/0xd0 [ 643.371248][T16381] ? __kmalloc_noprof+0x34f/0x880 [ 643.371280][T16381] ? ieee80211_register_hw+0x15c9/0x4120 [ 643.371319][T16381] ieee80211_register_hw+0x1f1a/0x4120 [ 643.371358][T16381] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 643.371388][T16381] ? __pfx___debug_object_init+0x10/0x10 [ 643.371429][T16381] ? find_held_lock+0x2b/0x80 [ 643.371467][T16381] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 643.371501][T16381] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 643.371539][T16381] ? __hrtimer_setup+0x176/0x280 [ 643.371572][T16381] mac80211_hwsim_new_radio+0x32d8/0x50b0 [ 643.371622][T16381] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 643.371664][T16381] hwsim_new_radio_nl+0xba2/0x1330 [ 643.371696][T16381] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 643.371734][T16381] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 643.371773][T16381] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 643.371811][T16381] genl_family_rcv_msg_doit+0x209/0x2f0 [ 643.371843][T16381] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 643.371884][T16381] ? bpf_lsm_capable+0x9/0x10 [ 643.371908][T16381] ? security_capable+0x7e/0x260 [ 643.371935][T16381] ? ns_capable+0xd7/0x110 [ 643.371973][T16381] genl_rcv_msg+0x55c/0x800 [ 643.372005][T16381] ? __pfx_genl_rcv_msg+0x10/0x10 [ 643.372041][T16381] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 643.372081][T16381] netlink_rcv_skb+0x158/0x420 [ 643.372106][T16381] ? __pfx_genl_rcv_msg+0x10/0x10 [ 643.372137][T16381] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 643.372174][T16381] ? netlink_deliver_tap+0x1ae/0xd30 [ 643.372220][T16381] genl_rcv+0x28/0x40 [ 643.372245][T16381] netlink_unicast+0x5aa/0x870 [ 643.372278][T16381] ? __pfx_netlink_unicast+0x10/0x10 [ 643.372318][T16381] netlink_sendmsg+0x8c8/0xdd0 [ 643.372348][T16381] ? __pfx_netlink_sendmsg+0x10/0x10 [ 643.372377][T16381] ? aa_sock_msg_perm.constprop.0+0x100/0x1d0 [ 643.372411][T16381] ____sys_sendmsg+0xa98/0xc70 [ 643.372443][T16381] ? copy_msghdr_from_user+0x10a/0x160 [ 643.372483][T16381] ? __pfx_____sys_sendmsg+0x10/0x10 [ 643.372528][T16381] ___sys_sendmsg+0x134/0x1d0 [ 643.372565][T16381] ? futex_private_hash_put+0x176/0x300 [ 643.372608][T16381] ? __pfx____sys_sendmsg+0x10/0x10 [ 643.372646][T16381] ? __lock_acquire+0x622/0x1c90 [ 643.372707][T16381] __sys_sendmsg+0x16d/0x220 [ 643.372748][T16381] ? __pfx___sys_sendmsg+0x10/0x10 [ 643.372788][T16381] ? __x64_sys_futex+0x1e0/0x4c0 [ 643.372831][T16381] do_syscall_64+0xcd/0xfa0 [ 643.372874][T16381] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 643.372900][T16381] RIP: 0033:0x7f5234f8efc9 [ 643.372920][T16381] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 643.372945][T16381] RSP: 002b:00007f5235e3a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 643.372969][T16381] RAX: ffffffffffffffda RBX: 00007f52351e5fa0 RCX: 00007f5234f8efc9 [ 643.372986][T16381] RDX: 0000000000008000 RSI: 0000200000000200 RDI: 0000000000000006 [ 643.373002][T16381] RBP: 00007f5235011f91 R08: 0000000000000000 R09: 0000000000000000 [ 643.373026][T16381] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 643.373041][T16381] R13: 00007f52351e6038 R14: 00007f52351e5fa0 R15: 00007ffe23b65248 [ 643.373074][T16381] [ 644.081141][T16237] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 644.759559][T16409] netlink: 25 bytes leftover after parsing attributes in process `syz.0.4067'. [ 645.241493][ T30] audit: type=1800 audit(4294969572.441:16): pid=16413 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.4066" name="SYSV00000008" dev="tmpfs" ino=0 res=0 errno=0 [ 645.428720][T16416] sp0: Synchronizing with TNC [ 645.545202][T16237] veth0_vlan: entered promiscuous mode [ 645.586374][T16237] veth1_vlan: entered promiscuous mode [ 645.903157][T16237] veth0_macvtap: entered promiscuous mode [ 645.973665][T16237] veth1_macvtap: entered promiscuous mode [ 646.066229][T16237] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 646.213442][T16237] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 646.301432][T10913] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 646.334113][T10913] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 646.414449][T10913] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 646.457180][T10913] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 646.835975][ T50] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 646.874844][ T50] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 647.036875][ T50] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 647.080055][ T50] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 647.150993][T16435] FAULT_INJECTION: forcing a failure. [ 647.150993][T16435] name failslab, interval 1, probability 393216, space 0, times 0 [ 647.214041][T16435] CPU: 1 UID: 0 PID: 16435 Comm: syz.0.4075 Tainted: G U I syzkaller #0 PREEMPT(full) [ 647.214086][T16435] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 647.214097][T16435] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 647.214112][T16435] Call Trace: [ 647.214120][T16435] [ 647.214129][T16435] dump_stack_lvl+0x16c/0x1f0 [ 647.214173][T16435] should_fail_ex+0x512/0x640 [ 647.214197][T16435] ? kmem_cache_alloc_noprof+0x62/0x6e0 [ 647.214235][T16435] should_failslab+0xc2/0x120 [ 647.214259][T16435] kmem_cache_alloc_noprof+0x75/0x6e0 [ 647.214294][T16435] ? __do_sys_getcwd+0xe0/0x930 [ 647.214324][T16435] ? __do_sys_getcwd+0xe0/0x930 [ 647.214348][T16435] __do_sys_getcwd+0xe0/0x930 [ 647.214371][T16435] ? do_raw_spin_unlock+0x172/0x230 [ 647.214407][T16435] ? __x64_sys_futex+0x1e0/0x4c0 [ 647.214432][T16435] ? __x64_sys_futex+0x1e9/0x4c0 [ 647.214457][T16435] ? __pfx___do_sys_getcwd+0x10/0x10 [ 647.214486][T16435] ? xfd_validate_state+0x61/0x180 [ 647.214512][T16435] ? __pfx_do_writev+0x10/0x10 [ 647.214554][T16435] do_syscall_64+0xcd/0xfa0 [ 647.214596][T16435] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 647.214621][T16435] RIP: 0033:0x7f78b238efc9 [ 647.214640][T16435] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 647.214666][T16435] RSP: 002b:00007f78b3235038 EFLAGS: 00000246 ORIG_RAX: 000000000000004f [ 647.214689][T16435] RAX: ffffffffffffffda RBX: 00007f78b25e5fa0 RCX: 00007f78b238efc9 [ 647.214706][T16435] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000000 [ 647.214721][T16435] RBP: 00007f78b2411f91 R08: 0000000000000000 R09: 0000000000000000 [ 647.214737][T16435] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 647.214761][T16435] R13: 00007f78b25e6038 R14: 00007f78b25e5fa0 R15: 00007ffe40406ac8 [ 647.214793][T16435] [ 647.659452][T16442] netlink: 20 bytes leftover after parsing attributes in process `syz.4.4078'. [ 647.669836][T16442] mac80211_hwsim hwsim13 wlan1: entered promiscuous mode [ 647.679869][T16442] mac80211_hwsim hwsim13 wlan1: entered allmulticast mode [ 648.006957][T16444] netlink: 326 bytes leftover after parsing attributes in process `syz.4.4079'. [ 650.455166][T16489] netlink: 354 bytes leftover after parsing attributes in process `syz.5.4094'. [ 650.833829][T16499] FAULT_INJECTION: forcing a failure. [ 650.833829][T16499] name failslab, interval 1, probability 393216, space 0, times 0 [ 650.875638][T16499] CPU: 1 UID: 0 PID: 16499 Comm: syz.5.4099 Tainted: G U I syzkaller #0 PREEMPT(full) [ 650.875683][T16499] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 650.875694][T16499] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 650.875709][T16499] Call Trace: [ 650.875718][T16499] [ 650.875727][T16499] dump_stack_lvl+0x16c/0x1f0 [ 650.875771][T16499] should_fail_ex+0x512/0x640 [ 650.875795][T16499] ? kmem_cache_alloc_noprof+0x62/0x6e0 [ 650.875833][T16499] should_failslab+0xc2/0x120 [ 650.875857][T16499] kmem_cache_alloc_noprof+0x75/0x6e0 [ 650.875892][T16499] ? copy_pid_ns+0x2cf/0xca0 [ 650.875934][T16499] ? copy_pid_ns+0x2cf/0xca0 [ 650.875968][T16499] copy_pid_ns+0x2cf/0xca0 [ 650.876004][T16499] ? __memcg_slab_post_alloc_hook+0x47c/0x940 [ 650.876032][T16499] ? __pfx_copy_pid_ns+0x10/0x10 [ 650.876072][T16499] ? rcu_is_watching+0x12/0xc0 [ 650.876108][T16499] ? copy_mnt_ns+0xac/0xac0 [ 650.876144][T16499] ? rcu_is_watching+0x12/0xc0 [ 650.876182][T16499] ? copy_ipcs+0xb6/0x550 [ 650.876214][T16499] create_new_namespaces+0x2aa/0xa90 [ 650.876257][T16499] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 650.876298][T16499] ksys_unshare+0x45b/0xa40 [ 650.876323][T16499] ? __pfx_ksys_unshare+0x10/0x10 [ 650.876349][T16499] ? xfd_validate_state+0x61/0x180 [ 650.876385][T16499] __x64_sys_unshare+0x31/0x40 [ 650.876416][T16499] do_syscall_64+0xcd/0xfa0 [ 650.876458][T16499] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 650.876484][T16499] RIP: 0033:0x7f5234f8efc9 [ 650.876503][T16499] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 650.876528][T16499] RSP: 002b:00007f5235e3a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 650.876557][T16499] RAX: ffffffffffffffda RBX: 00007f52351e5fa0 RCX: 00007f5234f8efc9 [ 650.876574][T16499] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000080 [ 650.876589][T16499] RBP: 00007f5235011f91 R08: 0000000000000000 R09: 0000000000000000 [ 650.876606][T16499] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 650.876620][T16499] R13: 00007f52351e6038 R14: 00007f52351e5fa0 R15: 00007ffe23b65248 [ 650.876652][T16499] [ 651.964694][ T30] audit: type=1800 audit(4294969579.183:17): pid=16511 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.4103" name="lu_gp_id" dev="configfs" ino=54501 res=0 errno=0 [ 652.653604][T16521] FAULT_INJECTION: forcing a failure. [ 652.653604][T16521] name failslab, interval 1, probability 393216, space 0, times 0 [ 652.712660][T16521] CPU: 1 UID: 7 PID: 16521 Comm: syz.4.4108 Tainted: G U I syzkaller #0 PREEMPT(full) [ 652.712704][T16521] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 652.712715][T16521] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 652.712731][T16521] Call Trace: [ 652.712739][T16521] [ 652.712749][T16521] dump_stack_lvl+0x16c/0x1f0 [ 652.712792][T16521] should_fail_ex+0x512/0x640 [ 652.712816][T16521] ? __kmalloc_cache_noprof+0x5f/0x780 [ 652.712852][T16521] should_failslab+0xc2/0x120 [ 652.712877][T16521] __kmalloc_cache_noprof+0x72/0x780 [ 652.712910][T16521] ? alloc_ucounts+0x13d/0x440 [ 652.712938][T16521] ? alloc_ucounts+0x13d/0x440 [ 652.712960][T16521] alloc_ucounts+0x13d/0x440 [ 652.712983][T16521] ? __pfx_alloc_ucounts+0x10/0x10 [ 652.713019][T16521] inc_ucount+0x81/0x370 [ 652.713044][T16521] ? lockdep_init_map_type+0x5c/0x280 [ 652.713072][T16521] ? __pfx_inc_ucount+0x10/0x10 [ 652.713094][T16521] ? lockdep_init_map_type+0x5c/0x280 [ 652.713122][T16521] ? debug_mutex_init+0x37/0x70 [ 652.713159][T16521] __do_sys_fanotify_init+0x317/0xc80 [ 652.713190][T16521] ? rcu_is_watching+0x12/0xc0 [ 652.713228][T16521] do_syscall_64+0xcd/0xfa0 [ 652.713323][T16521] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 652.713349][T16521] RIP: 0033:0x7f9ec038efc9 [ 652.713369][T16521] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 652.713394][T16521] RSP: 002b:00007f9ec120d038 EFLAGS: 00000246 ORIG_RAX: 000000000000012c [ 652.713417][T16521] RAX: ffffffffffffffda RBX: 00007f9ec05e5fa0 RCX: 00007f9ec038efc9 [ 652.713434][T16521] RDX: 0000000000000000 RSI: 0002000000000002 RDI: 0000000000000c00 [ 652.713449][T16521] RBP: 00007f9ec0411f91 R08: 0000000000000000 R09: 0000000000000000 [ 652.713465][T16521] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 652.713480][T16521] R13: 00007f9ec05e6038 R14: 00007f9ec05e5fa0 R15: 00007ffe598e7d98 [ 652.713512][T16521] [ 653.017755][T16526] netlink: 252 bytes leftover after parsing attributes in process `syz.6.4110'. [ 653.028279][T16526] unsupported nla_type 65535 [ 653.736895][T16540] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4116'. [ 653.767671][T16541] [U] /Eev/audio1 [ 653.771511][T16541] [U] F츱Z|ÿGP—)Ïû\n‰C:„Du´šbΧtUw´U‹¤U•3.O«"4Š»Y8@Z5`¤mÿb»ê4*¤ô´À¿Ôm¿Ç¾˜×lD—)}úKß>f¸&•9- [ 653.782486][T16541] [U] ÌWwâœK EÊÓ6èË?(úIâ®,•k8ƒÏÅDÌ [ 653.787736][T16541] [U] [ 653.790444][T16541] [U] [ 653.805170][T16540] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4116'. [ 653.863239][T16541] [U] [ 653.873428][T16541] [U] [ 653.876191][T16541] [U] [ 653.878923][T16541] [U] [ 653.881640][T16541] [U] [ 653.948015][T16541] [U] [ 654.303763][T16550] netlink: 146 bytes leftover after parsing attributes in process `syz.0.4122'. [ 654.369423][T16553] FAULT_INJECTION: forcing a failure. [ 654.369423][T16553] name failslab, interval 1, probability 393216, space 0, times 0 [ 654.393330][T16556] netlink: 'syz.5.4123': attribute type 33 has an invalid length. [ 654.424145][T16553] CPU: 1 UID: 0 PID: 16553 Comm: syz.6.4121 Tainted: G U I syzkaller #0 PREEMPT(full) [ 654.424197][T16553] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 654.424208][T16553] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 654.424223][T16553] Call Trace: [ 654.424231][T16553] [ 654.424240][T16553] dump_stack_lvl+0x16c/0x1f0 [ 654.424283][T16553] should_fail_ex+0x512/0x640 [ 654.424311][T16553] ? __kmalloc_cache_noprof+0x5f/0x780 [ 654.424347][T16553] should_failslab+0xc2/0x120 [ 654.424372][T16553] __kmalloc_cache_noprof+0x72/0x780 [ 654.424406][T16553] ? kvm_uevent_notify_change.part.0+0x2b2/0x450 [ 654.424454][T16553] ? kvm_uevent_notify_change.part.0+0x2b2/0x450 [ 654.424497][T16553] kvm_uevent_notify_change.part.0+0x2b2/0x450 [ 654.424540][T16553] ? __pfx_kvm_vm_release+0x10/0x10 [ 654.424576][T16553] kvm_put_kvm+0xe3/0xb00 [ 654.424612][T16553] ? lockdep_hardirqs_on+0x7c/0x110 [ 654.424651][T16553] ? _raw_spin_unlock_irq+0x2e/0x50 [ 654.424690][T16553] ? __pfx_kvm_vm_release+0x10/0x10 [ 654.424726][T16553] kvm_vm_release+0x3c/0x50 [ 654.424761][T16553] __fput+0x402/0xb70 [ 654.424793][T16553] task_work_run+0x150/0x240 [ 654.424826][T16553] ? __pfx_task_work_run+0x10/0x10 [ 654.424857][T16553] ? __pfx___do_sys_close_range+0x10/0x10 [ 654.424901][T16553] exit_to_user_mode_loop+0xec/0x130 [ 654.424933][T16553] do_syscall_64+0x426/0xfa0 [ 654.424974][T16553] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 654.424999][T16553] RIP: 0033:0x7f33f1b8efc9 [ 654.425018][T16553] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 654.425043][T16553] RSP: 002b:00007f33f2a5c038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 654.425066][T16553] RAX: 0000000000000000 RBX: 00007f33f1de5fa0 RCX: 00007f33f1b8efc9 [ 654.425083][T16553] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 654.425098][T16553] RBP: 00007f33f1c11f91 R08: 0000000000000000 R09: 0000000000000000 [ 654.425113][T16553] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 654.425129][T16553] R13: 00007f33f1de6038 R14: 00007f33f1de5fa0 R15: 00007fffc41c0588 [ 654.425161][T16553] [ 654.425323][T16556] netlink: 322 bytes leftover after parsing attributes in process `syz.5.4123'. [ 656.156374][T16588] netlink: 4 bytes leftover after parsing attributes in process `syz.6.4136'. [ 656.193256][T16588] netlink: 13 bytes leftover after parsing attributes in process `syz.6.4136'. [ 656.428078][T16594] FAULT_INJECTION: forcing a failure. [ 656.428078][T16594] name failslab, interval 1, probability 393216, space 0, times 0 [ 656.472408][T16594] CPU: 1 UID: 0 PID: 16594 Comm: syz.0.4139 Tainted: G U I syzkaller #0 PREEMPT(full) [ 656.472452][T16594] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 656.472464][T16594] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 656.472479][T16594] Call Trace: [ 656.472487][T16594] [ 656.472497][T16594] dump_stack_lvl+0x16c/0x1f0 [ 656.472541][T16594] should_fail_ex+0x512/0x640 [ 656.472565][T16594] ? __kmalloc_cache_noprof+0x5f/0x780 [ 656.472601][T16594] should_failslab+0xc2/0x120 [ 656.472626][T16594] __kmalloc_cache_noprof+0x72/0x780 [ 656.472659][T16594] ? kernfs_fop_open+0x244/0xda0 [ 656.472697][T16594] ? kernfs_fop_open+0x244/0xda0 [ 656.472729][T16594] kernfs_fop_open+0x244/0xda0 [ 656.472768][T16594] do_dentry_open+0x982/0x1530 [ 656.472807][T16594] ? __pfx_kernfs_fop_open+0x10/0x10 [ 656.472845][T16594] vfs_open+0x82/0x3f0 [ 656.472876][T16594] path_openat+0x1de4/0x2cb0 [ 656.472926][T16594] ? __pfx_path_openat+0x10/0x10 [ 656.472964][T16594] ? __lock_acquire+0xb8a/0x1c90 [ 656.472994][T16594] do_filp_open+0x20b/0x470 [ 656.473031][T16594] ? __pfx_do_filp_open+0x10/0x10 [ 656.473089][T16594] ? alloc_fd+0x471/0x7d0 [ 656.473131][T16594] do_sys_openat2+0x11b/0x1d0 [ 656.473158][T16594] ? __pfx_do_sys_openat2+0x10/0x10 [ 656.473198][T16594] __x64_sys_openat+0x174/0x210 [ 656.473235][T16594] ? __pfx___x64_sys_openat+0x10/0x10 [ 656.473277][T16594] do_syscall_64+0xcd/0xfa0 [ 656.473319][T16594] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 656.473344][T16594] RIP: 0033:0x7f78b238efc9 [ 656.473364][T16594] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 656.473388][T16594] RSP: 002b:00007f78b3235038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 656.473411][T16594] RAX: ffffffffffffffda RBX: 00007f78b25e5fa0 RCX: 00007f78b238efc9 [ 656.473428][T16594] RDX: 00000000000c0002 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 656.473445][T16594] RBP: 00007f78b2411f91 R08: 0000000000000000 R09: 0000000000000000 [ 656.473460][T16594] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 656.473475][T16594] R13: 00007f78b25e6038 R14: 00007f78b25e5fa0 R15: 00007ffe40406ac8 [ 656.473507][T16594] [ 657.067781][T16604] FAULT_INJECTION: forcing a failure. [ 657.067781][T16604] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 657.147228][T16604] CPU: 1 UID: 0 PID: 16604 Comm: syz.4.4144 Tainted: G U I syzkaller #0 PREEMPT(full) [ 657.147273][T16604] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 657.147283][T16604] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 657.147299][T16604] Call Trace: [ 657.147307][T16604] [ 657.147317][T16604] dump_stack_lvl+0x16c/0x1f0 [ 657.147360][T16604] should_fail_ex+0x512/0x640 [ 657.147389][T16604] _copy_to_user+0x32/0xd0 [ 657.147416][T16604] put_user_ifreq+0x72/0xc0 [ 657.147444][T16604] sock_do_ioctl+0x230/0x280 [ 657.147470][T16604] ? __pfx_sock_do_ioctl+0x10/0x10 [ 657.147505][T16604] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 657.147541][T16604] sock_ioctl+0x227/0x6b0 [ 657.147574][T16604] ? __pfx_sock_ioctl+0x10/0x10 [ 657.147602][T16604] ? hook_file_ioctl_common+0x145/0x410 [ 657.147643][T16604] ? __fget_files+0x20e/0x3c0 [ 657.147681][T16604] ? __pfx_sock_ioctl+0x10/0x10 [ 657.147713][T16604] __x64_sys_ioctl+0x18e/0x210 [ 657.147743][T16604] do_syscall_64+0xcd/0xfa0 [ 657.147784][T16604] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 657.147810][T16604] RIP: 0033:0x7f9ec038efc9 [ 657.147828][T16604] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 657.147853][T16604] RSP: 002b:00007f9ec120d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 657.147878][T16604] RAX: ffffffffffffffda RBX: 00007f9ec05e5fa0 RCX: 00007f9ec038efc9 [ 657.147894][T16604] RDX: 0000200000000000 RSI: 0000000000008933 RDI: 0000000000000005 [ 657.147910][T16604] RBP: 00007f9ec0411f91 R08: 0000000000000000 R09: 0000000000000000 [ 657.147932][T16604] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 657.147947][T16604] R13: 00007f9ec05e6038 R14: 00007f9ec05e5fa0 R15: 00007ffe598e7d98 [ 657.147979][T16604] [ 657.615288][T16608] netlink: 330 bytes leftover after parsing attributes in process `syz.5.4147'. [ 659.169125][T16637] netlink: 28 bytes leftover after parsing attributes in process `syz.5.4156'. [ 659.484028][T16642] sd 0:0:1:0: PR command failed: 1026 [ 659.493350][T16641] netlink: 25 bytes leftover after parsing attributes in process `syz.5.4158'. [ 659.521927][T16642] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 659.555925][T16642] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 659.843246][T16651] netlink: 'syz.5.4160': attribute type 7 has an invalid length. [ 659.915817][T16651] netlink: 17 bytes leftover after parsing attributes in process `syz.5.4160'. [ 659.981201][T16644] [U] [ 659.984076][T16644] [U] [ 659.986792][T16644] [U] [ 659.989503][T16644] [U] [ 659.992229][T16644] [U] [ 660.065599][T16653] netlink: 146 bytes leftover after parsing attributes in process `syz.0.4161'. [ 660.086589][T16644] [U] [ 660.089354][T16644] [U] [ 660.092067][T16644] [U] [ 660.094789][T16644] [U] [ 660.163328][T16644] [U] [ 660.166099][T16644] [U] [ 660.168828][T16644] [U] [ 660.171618][T16644] [U] [ 660.240844][T16644] [U] [ 660.243605][T16644] [U] [ 660.246324][T16644] [U] [ 660.249046][T16644] [U] [ 660.304115][T16644] [U] [ 660.306904][T16644] [U] [ 660.309623][T16644] [U] [ 660.312333][T16644] [U] [ 660.419404][T16644] [U] [ 660.422171][T16644] [U] [ 660.424896][T16644] [U] [ 660.427609][T16644] [U] [ 660.513517][T16644] [U] [ 660.516293][T16644] [U] [ 660.519033][T16644] [U] [ 660.521745][T16644] [U] [ 660.598657][T16644] [U] [ 661.414599][T16666] FAULT_INJECTION: forcing a failure. [ 661.414599][T16666] name failslab, interval 1, probability 393216, space 0, times 0 [ 661.494757][T16666] CPU: 1 UID: 0 PID: 16666 Comm: syz.6.4167 Tainted: G U I syzkaller #0 PREEMPT(full) [ 661.494802][T16666] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 661.494812][T16666] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 661.494828][T16666] Call Trace: [ 661.494837][T16666] [ 661.494846][T16666] dump_stack_lvl+0x16c/0x1f0 [ 661.494890][T16666] should_fail_ex+0x512/0x640 [ 661.494913][T16666] ? __kmalloc_cache_noprof+0x5f/0x780 [ 661.494949][T16666] should_failslab+0xc2/0x120 [ 661.494974][T16666] __kmalloc_cache_noprof+0x72/0x780 [ 661.495008][T16666] ? hugetlb_vma_lock_alloc+0xbc/0x1f0 [ 661.495049][T16666] ? hugetlb_vma_lock_alloc+0xbc/0x1f0 [ 661.495085][T16666] hugetlb_vma_lock_alloc+0xbc/0x1f0 [ 661.495123][T16666] hugetlb_reserve_pages+0x151/0xf40 [ 661.495154][T16666] ? __vma_enter_locked+0x163/0x3f0 [ 661.495186][T16666] ? __pfx_hugetlb_reserve_pages+0x10/0x10 [ 661.495219][T16666] ? atime_needs_update+0x8b/0x710 [ 661.495255][T16666] hugetlbfs_file_mmap+0x4a1/0x730 [ 661.495295][T16666] __mmap_region+0x1309/0x27a0 [ 661.495333][T16666] ? __pfx___mmap_region+0x10/0x10 [ 661.495366][T16666] ? find_held_lock+0x2b/0x80 [ 661.495401][T16666] ? is_bpf_text_address+0x8a/0x1a0 [ 661.495429][T16666] ? bpf_ksym_find+0x124/0x1c0 [ 661.495465][T16666] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 661.495505][T16666] ? is_bpf_text_address+0x94/0x1a0 [ 661.495562][T16666] ? __pfx_stack_trace_save+0x10/0x10 [ 661.495637][T16666] ? trace_cap_capable+0x18d/0x200 [ 661.495675][T16666] mmap_region+0x32b/0x3f0 [ 661.495714][T16666] do_mmap+0xa3e/0x1210 [ 661.495743][T16666] ? __pfx_do_mmap+0x10/0x10 [ 661.495767][T16666] ? __pfx_down_write_killable+0x10/0x10 [ 661.495802][T16666] vm_mmap_pgoff+0x29e/0x470 [ 661.495837][T16666] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 661.495859][T16666] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 661.495889][T16666] ? hugetlbfs_get_inode+0x31f/0x730 [ 661.495938][T16666] ksys_mmap_pgoff+0x1c8/0x5c0 [ 661.495967][T16666] __x64_sys_mmap+0x125/0x190 [ 661.496001][T16666] do_syscall_64+0xcd/0xfa0 [ 661.496042][T16666] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 661.496068][T16666] RIP: 0033:0x7f33f1b8efc9 [ 661.496088][T16666] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 661.496113][T16666] RSP: 002b:00007f33f2a5c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 661.496137][T16666] RAX: ffffffffffffffda RBX: 00007f33f1de5fa0 RCX: 00007f33f1b8efc9 [ 661.496154][T16666] RDX: 0000000000400002 RSI: 0000000000a00006 RDI: 0000000000000000 [ 661.496170][T16666] RBP: 00007f33f1c11f91 R08: 0000000000000602 R09: 0000300000000000 [ 661.496187][T16666] R10: 0000000000040eb1 R11: 0000000000000246 R12: 0000000000000000 [ 661.496202][T16666] R13: 00007f33f1de6038 R14: 00007f33f1de5fa0 R15: 00007fffc41c0588 [ 661.496235][T16666] [ 661.496245][T16666] HugeTLB: unable to allocate vma specific lock [ 662.366912][T16673] delete_channel: no stack [ 662.606147][ T2952] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 662.953393][ T2952] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 663.177515][ T2952] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 663.290860][T15456] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 663.301615][T15456] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 663.316249][T15456] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 663.327400][T15456] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 663.336117][T15456] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 663.519922][ T2952] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 663.662094][T16688] netlink: 342 bytes leftover after parsing attributes in process `syz.6.4176'. [ 664.265501][ T2952] bridge_slave_1: left allmulticast mode [ 664.285979][ T2952] bridge_slave_1: left promiscuous mode [ 664.319239][ T2952] bridge0: port 2(bridge_slave_1) entered disabled state [ 664.418575][ T2952] bridge_slave_0: left allmulticast mode [ 664.446336][ T2952] bridge_slave_0: left promiscuous mode [ 664.483221][ T2952] bridge0: port 1(bridge_slave_0) entered disabled state [ 664.614626][T16701] netlink: 334 bytes leftover after parsing attributes in process `syz.6.4182'. [ 665.391768][T15456] Bluetooth: hci2: command tx timeout [ 665.877634][T16719] FAULT_INJECTION: forcing a failure. [ 665.877634][T16719] name failslab, interval 1, probability 393216, space 0, times 0 [ 665.908712][T16719] CPU: 1 UID: 0 PID: 16719 Comm: syz.0.4188 Tainted: G U I syzkaller #0 PREEMPT(full) [ 665.908758][T16719] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 665.908769][T16719] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 665.908784][T16719] Call Trace: [ 665.908794][T16719] [ 665.908806][T16719] dump_stack_lvl+0x16c/0x1f0 [ 665.908850][T16719] should_fail_ex+0x512/0x640 [ 665.908874][T16719] ? kmem_cache_alloc_noprof+0x62/0x6e0 [ 665.908911][T16719] should_failslab+0xc2/0x120 [ 665.908936][T16719] kmem_cache_alloc_noprof+0x75/0x6e0 [ 665.908971][T16719] ? fasync_helper+0x3d/0xd0 [ 665.909003][T16719] ? fasync_helper+0x3d/0xd0 [ 665.909027][T16719] ? lockdep_hardirqs_on+0x7c/0x110 [ 665.909066][T16719] fasync_helper+0x3d/0xd0 [ 665.909093][T16719] sock_fasync+0x92/0x140 [ 665.909123][T16719] ? __pfx_sock_fasync+0x10/0x10 [ 665.909150][T16719] do_fcntl+0xa3d/0x15a0 [ 665.909174][T16719] ? __pfx_do_fcntl+0x10/0x10 [ 665.909217][T16719] ? tomoyo_file_fcntl+0xa5/0xc0 [ 665.909246][T16719] __x64_sys_fcntl+0x163/0x200 [ 665.909276][T16719] do_syscall_64+0xcd/0xfa0 [ 665.909317][T16719] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 665.909343][T16719] RIP: 0033:0x7f78b238efc9 [ 665.909362][T16719] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 665.909387][T16719] RSP: 002b:00007f78b3235038 EFLAGS: 00000246 ORIG_RAX: 0000000000000048 [ 665.909411][T16719] RAX: ffffffffffffffda RBX: 00007f78b25e5fa0 RCX: 00007f78b238efc9 [ 665.909428][T16719] RDX: 000000000000a553 RSI: 0000000000000004 RDI: 0000000000000003 [ 665.909443][T16719] RBP: 00007f78b2411f91 R08: 0000000000000000 R09: 0000000000000000 [ 665.909458][T16719] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 665.909473][T16719] R13: 00007f78b25e6038 R14: 00007f78b25e5fa0 R15: 00007ffe40406ac8 [ 665.909509][T16719] [ 666.213336][ T2952] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 666.229711][ T2952] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 666.241395][ T2952] bond0 (unregistering): Released all slaves [ 666.483701][T16712] ip_vti0: entered allmulticast mode [ 666.545483][T16714] ip_vti0: left allmulticast mode [ 666.630390][T16726] FAULT_INJECTION: forcing a failure. [ 666.630390][T16726] name failslab, interval 1, probability 393216, space 0, times 0 [ 666.704983][T16726] CPU: 1 UID: 0 PID: 16726 Comm: syz.6.4190 Tainted: G U I syzkaller #0 PREEMPT(full) [ 666.705028][T16726] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 666.705039][T16726] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 666.705053][T16726] Call Trace: [ 666.705061][T16726] [ 666.705071][T16726] dump_stack_lvl+0x16c/0x1f0 [ 666.705115][T16726] should_fail_ex+0x512/0x640 [ 666.705139][T16726] ? kmem_cache_alloc_noprof+0x62/0x6e0 [ 666.705179][T16726] should_failslab+0xc2/0x120 [ 666.705203][T16726] kmem_cache_alloc_noprof+0x75/0x6e0 [ 666.705238][T16726] ? radix_tree_node_alloc.constprop.0+0x7c/0x350 [ 666.705279][T16726] ? radix_tree_node_alloc.constprop.0+0x7c/0x350 [ 666.705311][T16726] radix_tree_node_alloc.constprop.0+0x7c/0x350 [ 666.705357][T16726] radix_tree_insert+0x247/0x630 [ 666.705397][T16726] qrtr_node_enqueue+0x1077/0x12e0 [ 666.705427][T16726] ? __asan_memcpy+0x3c/0x60 [ 666.705463][T16726] ? __pfx_qrtr_node_enqueue+0x10/0x10 [ 666.705486][T16726] ? skb_set_owner_w+0x31f/0x710 [ 666.705521][T16726] ? skb_copy_header+0x20/0x2b0 [ 666.705557][T16726] ? __pfx_skb_set_owner_w+0x10/0x10 [ 666.705590][T16726] ? __pskb_copy_fclone+0x48e/0xb50 [ 666.705617][T16726] ? __pfx__copy_from_iter+0x10/0x10 [ 666.705647][T16726] qrtr_bcast_enqueue+0xc7/0x1b0 [ 666.705679][T16726] qrtr_sendmsg+0x444/0x7b0 [ 666.705704][T16726] ? __pfx_qrtr_bcast_enqueue+0x10/0x10 [ 666.705728][T16726] ? __pfx_qrtr_sendmsg+0x10/0x10 [ 666.705757][T16726] ? aa_sock_msg_perm.constprop.0+0x100/0x1d0 [ 666.705791][T16726] sock_write_iter+0x566/0x610 [ 666.705825][T16726] ? __pfx_sock_write_iter+0x10/0x10 [ 666.705866][T16726] ? __futex_wait+0x24b/0x2f0 [ 666.705898][T16726] ? copy_iovec_from_user+0x131/0x170 [ 666.705925][T16726] do_iter_readv_writev+0x662/0x9e0 [ 666.705963][T16726] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 666.706002][T16726] ? bpf_lsm_file_permission+0x9/0x10 [ 666.706040][T16726] ? security_file_permission+0x71/0x210 [ 666.706076][T16726] ? rw_verify_area+0xcf/0x6c0 [ 666.706111][T16726] vfs_writev+0x35f/0xde0 [ 666.706153][T16726] ? __pfx_vfs_writev+0x10/0x10 [ 666.706208][T16726] ? __fget_files+0x20e/0x3c0 [ 666.706250][T16726] ? do_writev+0x28c/0x340 [ 666.706281][T16726] do_writev+0x28c/0x340 [ 666.706315][T16726] ? __pfx_do_writev+0x10/0x10 [ 666.706365][T16726] do_syscall_64+0xcd/0xfa0 [ 666.706408][T16726] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 666.706433][T16726] RIP: 0033:0x7f33f1b8efc9 [ 666.706453][T16726] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 666.706477][T16726] RSP: 002b:00007f33f2a5c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 666.706500][T16726] RAX: ffffffffffffffda RBX: 00007f33f1de5fa0 RCX: 00007f33f1b8efc9 [ 666.706517][T16726] RDX: 0000000000000008 RSI: 0000200000000100 RDI: 0000000000000003 [ 666.706532][T16726] RBP: 00007f33f1c11f91 R08: 0000000000000000 R09: 0000000000000000 [ 666.706548][T16726] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 666.706563][T16726] R13: 00007f33f1de6038 R14: 00007f33f1de5fa0 R15: 00007fffc41c0588 [ 666.706595][T16726] [ 667.544787][T15456] Bluetooth: hci2: command tx timeout [ 667.696711][T16734] netlink: 'syz.6.4194': attribute type 32 has an invalid length. [ 667.736524][T16734] netlink: 'syz.6.4194': attribute type 33 has an invalid length. [ 667.786003][T16734] netlink: 'syz.6.4194': attribute type 35 has an invalid length. [ 667.825648][T16734] netlink: 'syz.6.4194': attribute type 37 has an invalid length. [ 667.877278][T16734] netlink: 'syz.6.4194': attribute type 39 has an invalid length. [ 667.908851][T16734] netlink: 'syz.6.4194': attribute type 40 has an invalid length. [ 667.947304][T16734] netlink: 'syz.6.4194': attribute type 41 has an invalid length. [ 667.981284][T16734] netlink: 'syz.6.4194': attribute type 44 has an invalid length. [ 668.020096][T16734] netlink: 'syz.6.4194': attribute type 46 has an invalid length. [ 668.033032][T16734] netlink: 'syz.6.4194': attribute type 47 has an invalid length. [ 668.078448][T16734] netlink: 2 bytes leftover after parsing attributes in process `syz.6.4194'. [ 668.129073][T16683] chnl_net:caif_netlink_parms(): no params data found [ 668.843909][ T2952] hsr_slave_0: left promiscuous mode [ 668.923463][ T2952] hsr_slave_1: left promiscuous mode [ 668.930202][T16742] FAULT_INJECTION: forcing a failure. [ 668.930202][T16742] name failslab, interval 1, probability 393216, space 0, times 0 [ 668.957930][ T2952] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 669.001823][ T2952] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 669.053730][ T2952] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 669.101476][ T2952] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 669.121307][T16742] CPU: 1 UID: 0 PID: 16742 Comm: syz.4.4196 Tainted: G U I syzkaller #0 PREEMPT(full) [ 669.121350][T16742] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 669.121361][T16742] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 669.121377][T16742] Call Trace: [ 669.121385][T16742] [ 669.121396][T16742] dump_stack_lvl+0x16c/0x1f0 [ 669.121440][T16742] should_fail_ex+0x512/0x640 [ 669.121465][T16742] ? __kmalloc_noprof+0xca/0x880 [ 669.121499][T16742] should_failslab+0xc2/0x120 [ 669.121524][T16742] __kmalloc_noprof+0xdd/0x880 [ 669.121556][T16742] ? apply_wqattrs_prepare+0xf8/0xbd0 [ 669.121598][T16742] ? apply_wqattrs_prepare+0xf8/0xbd0 [ 669.121633][T16742] apply_wqattrs_prepare+0xf8/0xbd0 [ 669.121681][T16742] apply_workqueue_attrs_locked+0x64/0xe0 [ 669.121720][T16742] __alloc_workqueue+0xf3f/0x1810 [ 669.121754][T16742] alloc_workqueue_noprof+0xd2/0x200 [ 669.121779][T16742] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 669.121808][T16742] ? rcu_is_watching+0x12/0xc0 [ 669.121843][T16742] ? trace_kmalloc+0x2b/0xd0 [ 669.121872][T16742] ? __kmalloc_noprof+0x34f/0x880 [ 669.121904][T16742] ? ieee80211_register_hw+0x15c9/0x4120 [ 669.121939][T16742] ieee80211_register_hw+0x1f1a/0x4120 [ 669.121978][T16742] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 669.122005][T16742] ? __pfx___debug_object_init+0x10/0x10 [ 669.122046][T16742] ? find_held_lock+0x2b/0x80 [ 669.122081][T16742] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 669.122116][T16742] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 669.122153][T16742] ? __hrtimer_setup+0x176/0x280 [ 669.122187][T16742] mac80211_hwsim_new_radio+0x32d8/0x50b0 [ 669.122234][T16742] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 669.122273][T16742] hwsim_new_radio_nl+0xba2/0x1330 [ 669.122305][T16742] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 669.122344][T16742] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 669.122377][T16742] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 669.122416][T16742] genl_family_rcv_msg_doit+0x209/0x2f0 [ 669.122448][T16742] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 669.122488][T16742] ? bpf_lsm_capable+0x9/0x10 [ 669.122513][T16742] ? security_capable+0x7e/0x260 [ 669.122540][T16742] ? ns_capable+0xd7/0x110 [ 669.122581][T16742] genl_rcv_msg+0x55c/0x800 [ 669.122614][T16742] ? __pfx_genl_rcv_msg+0x10/0x10 [ 669.122644][T16742] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 669.122684][T16742] netlink_rcv_skb+0x158/0x420 [ 669.122709][T16742] ? __pfx_genl_rcv_msg+0x10/0x10 [ 669.122740][T16742] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 669.122778][T16742] ? netlink_deliver_tap+0x1ae/0xd30 [ 669.122822][T16742] genl_rcv+0x28/0x40 [ 669.122848][T16742] netlink_unicast+0x5aa/0x870 [ 669.122883][T16742] ? __pfx_netlink_unicast+0x10/0x10 [ 669.122919][T16742] netlink_sendmsg+0x8c8/0xdd0 [ 669.122949][T16742] ? __pfx_netlink_sendmsg+0x10/0x10 [ 669.122978][T16742] ? aa_sock_msg_perm.constprop.0+0x100/0x1d0 [ 669.123011][T16742] ____sys_sendmsg+0xa98/0xc70 [ 669.123043][T16742] ? copy_msghdr_from_user+0x10a/0x160 [ 669.123083][T16742] ? __pfx_____sys_sendmsg+0x10/0x10 [ 669.123127][T16742] ___sys_sendmsg+0x134/0x1d0 [ 669.123165][T16742] ? futex_private_hash_put+0x176/0x300 [ 669.123208][T16742] ? __pfx____sys_sendmsg+0x10/0x10 [ 669.123245][T16742] ? __lock_acquire+0x622/0x1c90 [ 669.123307][T16742] __sys_sendmsg+0x16d/0x220 [ 669.123348][T16742] ? __pfx___sys_sendmsg+0x10/0x10 [ 669.123387][T16742] ? __x64_sys_futex+0x1e0/0x4c0 [ 669.123431][T16742] do_syscall_64+0xcd/0xfa0 [ 669.123473][T16742] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 669.123499][T16742] RIP: 0033:0x7f9ec038efc9 [ 669.123519][T16742] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 669.123543][T16742] RSP: 002b:00007f9ec120d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 669.123566][T16742] RAX: ffffffffffffffda RBX: 00007f9ec05e5fa0 RCX: 00007f9ec038efc9 [ 669.123583][T16742] RDX: 0000000000008000 RSI: 0000200000000200 RDI: 0000000000000006 [ 669.123598][T16742] RBP: 00007f9ec0411f91 R08: 0000000000000000 R09: 0000000000000000 [ 669.123614][T16742] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 669.123628][T16742] R13: 00007f9ec05e6038 R14: 00007f9ec05e5fa0 R15: 00007ffe598e7d98 [ 669.123662][T16742] [ 669.933262][ T2952] veth1_macvtap: left promiscuous mode [ 669.939931][ T2952] veth0_macvtap: left promiscuous mode [ 669.945578][ T2952] veth1_vlan: left promiscuous mode [ 669.951145][ T2952] veth0_vlan: left promiscuous mode [ 670.020934][T15456] Bluetooth: hci2: command tx timeout [ 671.143566][T16780] zswap: compressor not available [ 671.383043][T16789] random: crng reseeded on system resumption [ 671.413893][T16789] FAULT_INJECTION: forcing a failure. [ 671.413893][T16789] name failslab, interval 1, probability 393216, space 0, times 0 [ 671.449503][T16789] CPU: 1 UID: 0 PID: 16789 Comm: syz.4.4209 Tainted: G U I syzkaller #0 PREEMPT(full) [ 671.449556][T16789] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 671.449567][T16789] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 671.449583][T16789] Call Trace: [ 671.449591][T16789] [ 671.449600][T16789] dump_stack_lvl+0x16c/0x1f0 [ 671.449645][T16789] should_fail_ex+0x512/0x640 [ 671.449670][T16789] ? __kmalloc_cache_noprof+0x5f/0x780 [ 671.449706][T16789] should_failslab+0xc2/0x120 [ 671.449736][T16789] __kmalloc_cache_noprof+0x72/0x780 [ 671.449770][T16789] ? memory_bm_create+0x154/0x810 [ 671.449810][T16789] ? memory_bm_create+0x154/0x810 [ 671.449849][T16789] memory_bm_create+0x154/0x810 [ 671.449896][T16789] create_basic_memory_bitmaps+0x10b/0x320 [ 671.449939][T16789] snapshot_open+0x235/0x2b0 [ 671.449962][T16789] ? __pfx_snapshot_open+0x10/0x10 [ 671.449986][T16789] misc_open+0x26d/0x450 [ 671.450010][T16789] ? __pfx_misc_open+0x10/0x10 [ 671.450032][T16789] chrdev_open+0x234/0x6a0 [ 671.450072][T16789] ? __pfx_apparmor_file_open+0x10/0x10 [ 671.450102][T16789] ? __pfx_chrdev_open+0x10/0x10 [ 671.450142][T16789] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 671.450185][T16789] do_dentry_open+0x982/0x1530 [ 671.450224][T16789] ? __pfx_chrdev_open+0x10/0x10 [ 671.450269][T16789] vfs_open+0x82/0x3f0 [ 671.450300][T16789] path_openat+0x1de4/0x2cb0 [ 671.450346][T16789] ? __pfx_path_openat+0x10/0x10 [ 671.450384][T16789] ? __lock_acquire+0xb8a/0x1c90 [ 671.450413][T16789] do_filp_open+0x20b/0x470 [ 671.450454][T16789] ? __pfx_do_filp_open+0x10/0x10 [ 671.450512][T16789] ? alloc_fd+0x471/0x7d0 [ 671.450554][T16789] do_sys_openat2+0x11b/0x1d0 [ 671.450581][T16789] ? __pfx_do_sys_openat2+0x10/0x10 [ 671.450621][T16789] __x64_sys_openat+0x174/0x210 [ 671.450650][T16789] ? __pfx___x64_sys_openat+0x10/0x10 [ 671.450692][T16789] do_syscall_64+0xcd/0xfa0 [ 671.450739][T16789] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 671.450764][T16789] RIP: 0033:0x7f9ec038efc9 [ 671.450785][T16789] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 671.450809][T16789] RSP: 002b:00007f9ec120d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 671.450833][T16789] RAX: ffffffffffffffda RBX: 00007f9ec05e5fa0 RCX: 00007f9ec038efc9 [ 671.450850][T16789] RDX: 0000000000180b01 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 671.450869][T16789] RBP: 00007f9ec0411f91 R08: 0000000000000000 R09: 0000000000000000 [ 671.450885][T16789] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 671.450900][T16789] R13: 00007f9ec05e6038 R14: 00007f9ec05e5fa0 R15: 00007ffe598e7d98 [ 671.450932][T16789] [ 671.891316][ T2952] team0 (unregistering): Port device team_slave_1 removed [ 671.931880][ T2952] team0 (unregistering): Port device team_slave_0 removed [ 672.124273][T15456] Bluetooth: hci2: command tx timeout [ 673.487833][T16683] bridge0: port 1(bridge_slave_0) entered blocking state [ 673.536750][T16683] bridge0: port 1(bridge_slave_0) entered disabled state [ 673.586406][T16683] bridge_slave_0: entered allmulticast mode [ 673.624876][T16683] bridge_slave_0: entered promiscuous mode [ 673.733261][T16683] bridge0: port 2(bridge_slave_1) entered blocking state [ 673.784917][T16683] bridge0: port 2(bridge_slave_1) entered disabled state [ 673.843852][T16683] bridge_slave_1: entered allmulticast mode [ 673.887993][T16683] bridge_slave_1: entered promiscuous mode [ 674.405243][T16683] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 674.494682][T16683] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 674.797105][T16683] team0: Port device team_slave_0 added [ 674.833218][T16683] team0: Port device team_slave_1 added [ 675.030829][T16842] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4222'. [ 675.089921][T16842] netlink: 13 bytes leftover after parsing attributes in process `syz.4.4222'. [ 675.199879][T16683] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 675.247645][T16683] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 675.410865][T16683] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 675.501642][T16683] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 675.525280][T16683] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 675.554360][T16849] FAULT_INJECTION: forcing a failure. [ 675.554360][T16849] name failslab, interval 1, probability 393216, space 0, times 0 [ 675.613936][T16849] CPU: 1 UID: 0 PID: 16849 Comm: syz.0.4225 Tainted: G U I syzkaller #0 PREEMPT(full) [ 675.613980][T16849] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 675.613991][T16849] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 675.614007][T16849] Call Trace: [ 675.614015][T16849] [ 675.614025][T16849] dump_stack_lvl+0x16c/0x1f0 [ 675.614069][T16849] should_fail_ex+0x512/0x640 [ 675.614093][T16849] ? kmem_cache_alloc_noprof+0x62/0x6e0 [ 675.614131][T16849] should_failslab+0xc2/0x120 [ 675.614156][T16849] kmem_cache_alloc_noprof+0x75/0x6e0 [ 675.614190][T16849] ? __pfx_acpi_ut_track_stack_ptr+0x10/0x10 [ 675.614218][T16849] ? acpi_ut_create_thread_state+0x6d/0x170 [ 675.614249][T16849] ? acpi_ut_create_thread_state+0x6d/0x170 [ 675.614272][T16849] acpi_ut_create_thread_state+0x6d/0x170 [ 675.614298][T16849] acpi_ps_parse_aml+0x12e/0x1170 [ 675.614321][T16849] ? acpi_ut_ptr_exit+0xfe/0x180 [ 675.614361][T16849] acpi_ps_execute_method+0x5c4/0xe90 [ 675.614397][T16849] acpi_ns_evaluate+0x98c/0x16d0 [ 675.614435][T16849] acpi_evaluate_object+0x4ca/0xdf0 [ 675.614481][T16849] ? __pfx_acpi_evaluate_object+0x10/0x10 [ 675.614521][T16849] ? __mutex_trylock_common+0xe9/0x250 [ 675.614555][T16849] acpi_evaluate_integer+0xdd/0x200 [ 675.614589][T16849] ? __pfx_acpi_evaluate_integer+0x10/0x10 [ 675.614634][T16849] ? __pfx_status_show+0x10/0x10 [ 675.614672][T16849] status_show+0xa0/0x120 [ 675.614710][T16849] ? __pfx_status_show+0x10/0x10 [ 675.614756][T16849] dev_attr_show+0x56/0xe0 [ 675.614781][T16849] ? __pfx_dev_attr_show+0x10/0x10 [ 675.614802][T16849] sysfs_kf_seq_show+0x216/0x3e0 [ 675.614846][T16849] seq_read_iter+0x50e/0x12d0 [ 675.614891][T16849] kernfs_fop_read_iter+0x46c/0x610 [ 675.614925][T16849] ? rw_verify_area+0xcf/0x6c0 [ 675.614960][T16849] vfs_read+0x8bf/0xcf0 [ 675.614999][T16849] ? __pfx___mutex_lock+0x10/0x10 [ 675.615023][T16849] ? __pfx_vfs_read+0x10/0x10 [ 675.615078][T16849] ksys_read+0x12a/0x250 [ 675.615113][T16849] ? __pfx_ksys_read+0x10/0x10 [ 675.615158][T16849] do_syscall_64+0xcd/0xfa0 [ 675.615215][T16849] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 675.615241][T16849] RIP: 0033:0x7f78b238efc9 [ 675.615260][T16849] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 675.615285][T16849] RSP: 002b:00007f78b3235038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 675.615308][T16849] RAX: ffffffffffffffda RBX: 00007f78b25e5fa0 RCX: 00007f78b238efc9 [ 675.615325][T16849] RDX: 000000000000007a RSI: 0000200000000140 RDI: 0000000000000003 [ 675.615346][T16849] RBP: 00007f78b2411f91 R08: 0000000000000000 R09: 0000000000000000 [ 675.615362][T16849] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 675.615377][T16849] R13: 00007f78b25e6038 R14: 00007f78b25e5fa0 R15: 00007ffe40406ac8 [ 675.615410][T16849] [ 675.615490][T16849] ACPI Error: [ 675.951087][T16683] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 676.408466][T16683] hsr_slave_0: entered promiscuous mode [ 676.414948][T16683] hsr_slave_1: entered promiscuous mode [ 676.489261][T16683] debugfs: 'hsr0' already exists in 'hsr' [ 676.495039][T16683] Cannot create hsr debugfs directory [ 676.643247][T16849] ffff88807b49c000 walk still has a scope list (20250807/dswstate-694) [ 676.930383][T15456] Bluetooth: hci1: ISO packet for unknown connection handle 0 [ 677.785705][T16879] FAULT_INJECTION: forcing a failure. [ 677.785705][T16879] name failslab, interval 1, probability 393216, space 0, times 0 [ 677.844489][T16879] CPU: 1 UID: 0 PID: 16879 Comm: syz.6.4234 Tainted: G U I syzkaller #0 PREEMPT(full) [ 677.844533][T16879] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 677.844544][T16879] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 677.844560][T16879] Call Trace: [ 677.844568][T16879] [ 677.844578][T16879] dump_stack_lvl+0x16c/0x1f0 [ 677.844622][T16879] should_fail_ex+0x512/0x640 [ 677.844646][T16879] ? __kmalloc_cache_noprof+0x5f/0x780 [ 677.844683][T16879] should_failslab+0xc2/0x120 [ 677.844708][T16879] __kmalloc_cache_noprof+0x72/0x780 [ 677.844742][T16879] ? input_allocate_device+0xc5/0x350 [ 677.844773][T16879] ? input_allocate_device+0xc5/0x350 [ 677.844797][T16879] input_allocate_device+0xc5/0x350 [ 677.844823][T16879] uinput_write+0x9cc/0xff0 [ 677.844864][T16879] ? __pfx_uinput_write+0x10/0x10 [ 677.844897][T16879] ? common_file_perm+0x1a9/0x340 [ 677.844931][T16879] ? bpf_lsm_file_permission+0x9/0x10 [ 677.844969][T16879] ? security_file_permission+0x71/0x210 [ 677.845006][T16879] ? rw_verify_area+0xcf/0x6c0 [ 677.845039][T16879] ? __pfx_uinput_write+0x10/0x10 [ 677.845072][T16879] vfs_write+0x2a0/0x11d0 [ 677.845114][T16879] ? __pfx_vfs_write+0x10/0x10 [ 677.845156][T16879] ? find_held_lock+0x2b/0x80 [ 677.845192][T16879] ? __fget_files+0x204/0x3c0 [ 677.845231][T16879] ? __fget_files+0x20e/0x3c0 [ 677.845272][T16879] ksys_write+0x1f8/0x250 [ 677.845309][T16879] ? __pfx_ksys_write+0x10/0x10 [ 677.845353][T16879] do_syscall_64+0xcd/0xfa0 [ 677.845395][T16879] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 677.845420][T16879] RIP: 0033:0x7f33f1b8efc9 [ 677.845439][T16879] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 677.845463][T16879] RSP: 002b:00007f33f2a5c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 677.845487][T16879] RAX: ffffffffffffffda RBX: 00007f33f1de5fa0 RCX: 00007f33f1b8efc9 [ 677.845504][T16879] RDX: 000000000000045c RSI: 0000000000000000 RDI: 0000000000000005 [ 677.845519][T16879] RBP: 00007f33f1c11f91 R08: 0000000000000000 R09: 0000000000000000 [ 677.845534][T16879] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 677.845549][T16879] R13: 00007f33f1de6038 R14: 00007f33f1de5fa0 R15: 00007fffc41c0588 [ 677.845582][T16879] [ 678.525568][T16877] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 679.247698][T16683] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 679.340421][T16683] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 679.434497][T16683] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 679.516183][T16683] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 679.949196][T16911] sctp: [Deprecated]: syz.4.4240 (pid 16911) Use of struct sctp_assoc_value in delayed_ack socket option. [ 679.949196][T16911] Use struct sctp_sack_info instead [ 680.146294][T16683] 8021q: adding VLAN 0 to HW filter on device bond0 [ 680.336670][T16683] 8021q: adding VLAN 0 to HW filter on device team0 [ 680.465633][T16757] bridge0: port 1(bridge_slave_0) entered blocking state [ 680.472854][T16757] bridge0: port 1(bridge_slave_0) entered forwarding state [ 680.589321][T16757] bridge0: port 2(bridge_slave_1) entered blocking state [ 680.596662][T16757] bridge0: port 2(bridge_slave_1) entered forwarding state [ 680.918995][T16929] netlink: 354 bytes leftover after parsing attributes in process `syz.6.4242'. [ 681.220471][T16683] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 681.314146][T16683] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 682.551561][T16683] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 682.763817][T16948] mkiss: ax0: crc mode is auto. [ 682.816775][T16960] netlink: zone id is out of range [ 682.821972][T16960] netlink: del zone limit has 4 unknown bytes [ 683.001422][T16956] netlink: set zone limit has 8 unknown bytes [ 683.599289][T16978] netlink: 186 bytes leftover after parsing attributes in process `syz.4.4249'. [ 684.019778][T16683] veth0_vlan: entered promiscuous mode [ 684.123081][T16683] veth1_vlan: entered promiscuous mode [ 684.296719][T16683] veth0_macvtap: entered promiscuous mode [ 684.375281][T16683] veth1_macvtap: entered promiscuous mode [ 684.516793][T16683] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 684.632189][T16683] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 684.715400][T16995] netlink: 25 bytes leftover after parsing attributes in process `syz.6.4255'. [ 684.736286][ T2952] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 684.781242][ T2952] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 684.840646][ T2952] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 684.895431][ T2952] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 685.396911][T10913] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 685.431456][T17003] FAULT_INJECTION: forcing a failure. [ 685.431456][T17003] name failslab, interval 1, probability 393216, space 0, times 0 [ 685.467284][T10913] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 685.584733][T17003] CPU: 1 UID: 0 PID: 17003 Comm: syz.4.4256 Tainted: G U I syzkaller #0 PREEMPT(full) [ 685.584777][T17003] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 685.584788][T17003] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 685.584804][T17003] Call Trace: [ 685.584812][T17003] [ 685.584822][T17003] dump_stack_lvl+0x16c/0x1f0 [ 685.584866][T17003] should_fail_ex+0x512/0x640 [ 685.584889][T17003] ? __kmalloc_noprof+0xca/0x880 [ 685.584923][T17003] should_failslab+0xc2/0x120 [ 685.584948][T17003] __kmalloc_noprof+0xdd/0x880 [ 685.584980][T17003] ? process_preds+0x48b/0x1c50 [ 685.585012][T17003] ? process_preds+0x48b/0x1c50 [ 685.585036][T17003] process_preds+0x48b/0x1c50 [ 685.585068][T17003] ? create_filter_start.constprop.0+0x56/0x300 [ 685.585099][T17003] create_filter+0x140/0x210 [ 685.585127][T17003] ? __pfx_create_filter+0x10/0x10 [ 685.585156][T17003] ? __pfx___mutex_lock+0x10/0x10 [ 685.585179][T17003] ? find_held_lock+0x2b/0x80 [ 685.585216][T17003] apply_event_filter+0x220/0x500 [ 685.585245][T17003] ? __pfx_apply_event_filter+0x10/0x10 [ 685.585282][T17003] event_filter_write+0x16d/0x290 [ 685.585318][T17003] ? __pfx_event_filter_write+0x10/0x10 [ 685.585351][T17003] vfs_write+0x2a0/0x11d0 [ 685.585392][T17003] ? __pfx___mutex_lock+0x10/0x10 [ 685.585416][T17003] ? __pfx_vfs_write+0x10/0x10 [ 685.585460][T17003] ? __fget_files+0x20e/0x3c0 [ 685.585503][T17003] ksys_write+0x12a/0x250 [ 685.585587][T17003] ? __pfx_ksys_write+0x10/0x10 [ 685.585633][T17003] do_syscall_64+0xcd/0xfa0 [ 685.585675][T17003] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 685.585700][T17003] RIP: 0033:0x7f9ec038efc9 [ 685.585720][T17003] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 685.585746][T17003] RSP: 002b:00007f9ec120d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 685.585775][T17003] RAX: ffffffffffffffda RBX: 00007f9ec05e5fa0 RCX: 00007f9ec038efc9 [ 685.585793][T17003] RDX: 00000000000005c8 RSI: 0000000000000000 RDI: 0000000000000003 [ 685.585808][T17003] RBP: 00007f9ec0411f91 R08: 0000000000000000 R09: 0000000000000000 [ 685.585823][T17003] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 685.585839][T17003] R13: 00007f9ec05e6038 R14: 00007f9ec05e5fa0 R15: 00007ffe598e7d98 [ 685.585871][T17003] [ 686.197769][ T2952] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 686.233741][ T2952] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 686.419466][T17012] netlink: 146 bytes leftover after parsing attributes in process `syz.4.4259'. [ 687.388366][T17027] netlink: 326 bytes leftover after parsing attributes in process `syz.4.4262'. [ 688.439846][T17051] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 691.703100][T17081] FAULT_INJECTION: forcing a failure. [ 691.703100][T17081] name failslab, interval 1, probability 393216, space 0, times 0 [ 691.771340][T17081] CPU: 1 UID: 0 PID: 17081 Comm: syz.6.4278 Tainted: G U I syzkaller #0 PREEMPT(full) [ 691.771388][T17081] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 691.771399][T17081] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 691.771414][T17081] Call Trace: [ 691.771423][T17081] [ 691.771432][T17081] dump_stack_lvl+0x16c/0x1f0 [ 691.771477][T17081] should_fail_ex+0x512/0x640 [ 691.771500][T17081] ? __kmalloc_cache_noprof+0x5f/0x780 [ 691.771536][T17081] should_failslab+0xc2/0x120 [ 691.771561][T17081] __kmalloc_cache_noprof+0x72/0x780 [ 691.771594][T17081] ? hugetlb_vma_lock_alloc+0xbc/0x1f0 [ 691.771636][T17081] ? hugetlb_vma_lock_alloc+0xbc/0x1f0 [ 691.771672][T17081] hugetlb_vma_lock_alloc+0xbc/0x1f0 [ 691.771709][T17081] hugetlb_reserve_pages+0x151/0xf40 [ 691.771742][T17081] ? __vma_enter_locked+0x163/0x3f0 [ 691.771774][T17081] ? __pfx_hugetlb_reserve_pages+0x10/0x10 [ 691.771807][T17081] ? atime_needs_update+0x8b/0x710 [ 691.771843][T17081] hugetlbfs_file_mmap+0x4a1/0x730 [ 691.771884][T17081] __mmap_region+0x1309/0x27a0 [ 691.771922][T17081] ? __pfx___mmap_region+0x10/0x10 [ 691.771955][T17081] ? find_held_lock+0x2b/0x80 [ 691.771991][T17081] ? is_bpf_text_address+0x8a/0x1a0 [ 691.772025][T17081] ? bpf_ksym_find+0x124/0x1c0 [ 691.772062][T17081] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 691.772103][T17081] ? is_bpf_text_address+0x94/0x1a0 [ 691.772152][T17081] ? __pfx_stack_trace_save+0x10/0x10 [ 691.772226][T17081] ? trace_cap_capable+0x18d/0x200 [ 691.772263][T17081] mmap_region+0x32b/0x3f0 [ 691.772302][T17081] do_mmap+0xa3e/0x1210 [ 691.772332][T17081] ? __pfx_do_mmap+0x10/0x10 [ 691.772356][T17081] ? __pfx_down_write_killable+0x10/0x10 [ 691.772390][T17081] vm_mmap_pgoff+0x29e/0x470 [ 691.772420][T17081] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 691.772441][T17081] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 691.772471][T17081] ? hugetlbfs_get_inode+0x31f/0x730 [ 691.772517][T17081] ksys_mmap_pgoff+0x1c8/0x5c0 [ 691.772546][T17081] __x64_sys_mmap+0x125/0x190 [ 691.772579][T17081] do_syscall_64+0xcd/0xfa0 [ 691.772621][T17081] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 691.772647][T17081] RIP: 0033:0x7f33f1b8efc9 [ 691.772666][T17081] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 691.772690][T17081] RSP: 002b:00007f33f2a5c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 691.772713][T17081] RAX: ffffffffffffffda RBX: 00007f33f1de5fa0 RCX: 00007f33f1b8efc9 [ 691.772730][T17081] RDX: 0000000000400002 RSI: 0000000000a00006 RDI: 0000000000000000 [ 691.772745][T17081] RBP: 00007f33f1c11f91 R08: 0000000000000602 R09: 0000300000000000 [ 691.772761][T17081] R10: 0000000000040eb1 R11: 0000000000000246 R12: 0000000000000000 [ 691.772777][T17081] R13: 00007f33f1de6038 R14: 00007f33f1de5fa0 R15: 00007fffc41c0588 [ 691.772810][T17081] [ 692.704009][ C1] vcan0: j1939_tp_rxtimer: 0xffff88805f316000: rx timeout, send abort [ 692.720159][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88805f316000: 0x0ffff: (3) A timeout occurred and this is the connection abort to close the session. [ 693.820324][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 693.828460][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 694.384645][T17112] netlink: 186 bytes leftover after parsing attributes in process `syz.5.4287'. [ 694.832312][ C1] vcan0: j1939_tp_rxtimer: 0xffff8880655c3c00: rx timeout, send abort [ 694.840947][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff8880655c3c00: 0x40000: (3) A timeout occurred and this is the connection abort to close the session. [ 695.471243][T17125] mkiss: ax0: crc mode is auto. [ 697.652513][T17148] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 697.816954][T17162] kvm: kvm [17161]: vcpu2, guest rIP: 0xfff0 Unhandled WRMSR(0x11e) = 0x0 [ 699.361712][T17185] input: f¬ as /devices/virtual/input/input15 [ 699.532880][ T5183] ERROR: Out of memory at tomoyo_memory_ok. [ 700.313262][T17198] mkiss: ax0: crc mode is auto. [ 700.722169][T17211] zram0: detected capacity change from 8 to 0 [ 700.858803][T17211] zram: Removed device: zram0 [ 701.309367][T17215] FAULT_INJECTION: forcing a failure. [ 701.309367][T17215] name failslab, interval 1, probability 393216, space 0, times 0 [ 701.386983][T17215] CPU: 1 UID: 0 PID: 17215 Comm: syz.4.4322 Tainted: G U I syzkaller #0 PREEMPT(full) [ 701.387027][T17215] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 701.387037][T17215] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 701.387053][T17215] Call Trace: [ 701.387061][T17215] [ 701.387071][T17215] dump_stack_lvl+0x16c/0x1f0 [ 701.387114][T17215] should_fail_ex+0x512/0x640 [ 701.387139][T17215] ? __kmalloc_cache_noprof+0x5f/0x780 [ 701.387175][T17215] should_failslab+0xc2/0x120 [ 701.387207][T17215] __kmalloc_cache_noprof+0x72/0x780 [ 701.387240][T17215] ? __pfx_ida_alloc_range+0x10/0x10 [ 701.387277][T17215] ? alloc_fs_context+0x57/0x9c0 [ 701.387321][T17215] ? alloc_fs_context+0x57/0x9c0 [ 701.387358][T17215] alloc_fs_context+0x57/0x9c0 [ 701.387401][T17215] mq_init_ns+0x172/0x620 [ 701.387433][T17215] copy_ipcs+0x2d6/0x550 [ 701.387465][T17215] create_new_namespaces+0x20a/0xa90 [ 701.387502][T17215] ? security_capable+0x7e/0x260 [ 701.387531][T17215] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 701.387572][T17215] ksys_unshare+0x45b/0xa40 [ 701.387597][T17215] ? __pfx_ksys_unshare+0x10/0x10 [ 701.387623][T17215] ? xfd_validate_state+0x61/0x180 [ 701.387659][T17215] __x64_sys_unshare+0x31/0x40 [ 701.387683][T17215] do_syscall_64+0xcd/0xfa0 [ 701.387724][T17215] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 701.387749][T17215] RIP: 0033:0x7f9ec038efc9 [ 701.387768][T17215] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 701.387794][T17215] RSP: 002b:00007f9ec120d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 701.387817][T17215] RAX: ffffffffffffffda RBX: 00007f9ec05e5fa0 RCX: 00007f9ec038efc9 [ 701.387834][T17215] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000008000000 [ 701.387850][T17215] RBP: 00007f9ec0411f91 R08: 0000000000000000 R09: 0000000000000000 [ 701.387865][T17215] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 701.387881][T17215] R13: 00007f9ec05e6038 R14: 00007f9ec05e5fa0 R15: 00007ffe598e7d98 [ 701.387913][T17215] [ 703.120213][T17246] mkiss: ax0: crc mode is auto. [ 703.594833][T17261] netlink: 'syz.4.4337': attribute type 33 has an invalid length. [ 706.934390][T17319] FAULT_INJECTION: forcing a failure. [ 706.934390][T17319] name failslab, interval 1, probability 393216, space 0, times 0 [ 707.030037][T17319] CPU: 1 UID: 0 PID: 17319 Comm: syz.4.4353 Tainted: G U I syzkaller #0 PREEMPT(full) [ 707.030082][T17319] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 707.030092][T17319] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 707.030108][T17319] Call Trace: [ 707.030117][T17319] [ 707.030127][T17319] dump_stack_lvl+0x16c/0x1f0 [ 707.030170][T17319] should_fail_ex+0x512/0x640 [ 707.030194][T17319] ? __kmalloc_noprof+0xca/0x880 [ 707.030228][T17319] should_failslab+0xc2/0x120 [ 707.030253][T17319] __kmalloc_noprof+0xdd/0x880 [ 707.030282][T17319] ? __pfx___mutex_lock+0x10/0x10 [ 707.030305][T17319] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 707.030343][T17319] ? strset_prepare_data+0x5f4/0xb40 [ 707.030373][T17319] ? strset_prepare_data+0x5f4/0xb40 [ 707.030397][T17319] strset_prepare_data+0x5f4/0xb40 [ 707.030430][T17319] ethnl_default_dump_one+0x29b/0xa20 [ 707.030474][T17319] ethnl_default_dumpit+0x28d/0x6c0 [ 707.030519][T17319] ? __pfx_ethnl_default_dumpit+0x10/0x10 [ 707.030577][T17319] genl_dumpit+0x125/0x230 [ 707.030608][T17319] netlink_dump+0x539/0xd30 [ 707.030651][T17319] ? __pfx_netlink_dump+0x10/0x10 [ 707.030690][T17319] ? rcu_is_watching+0x12/0xc0 [ 707.030725][T17319] ? kasan_quarantine_put+0x10a/0x240 [ 707.030769][T17319] ? lockdep_hardirqs_on+0x7c/0x110 [ 707.030821][T17319] ? kfree_skbmem+0x1a4/0x1f0 [ 707.030851][T17319] ? kfree_skbmem+0x1a4/0x1f0 [ 707.030884][T17319] netlink_recvmsg+0x7dc/0xa90 [ 707.030926][T17319] ? __pfx_netlink_recvmsg+0x10/0x10 [ 707.030965][T17319] ? aa_file_perm+0x29e/0x12e0 [ 707.031009][T17319] ? aa_sock_msg_perm.constprop.0+0x100/0x1d0 [ 707.031042][T17319] sock_recvmsg+0x1f9/0x250 [ 707.031072][T17319] sock_read_iter+0x2b9/0x3b0 [ 707.031101][T17319] ? __pfx_sock_read_iter+0x10/0x10 [ 707.031141][T17319] ? bpf_lsm_file_permission+0x9/0x10 [ 707.031179][T17319] ? security_file_permission+0x71/0x210 [ 707.031215][T17319] ? rw_verify_area+0xcf/0x6c0 [ 707.031251][T17319] vfs_read+0xa98/0xcf0 [ 707.031292][T17319] ? __pfx_vfs_read+0x10/0x10 [ 707.031324][T17319] ? find_held_lock+0x2b/0x80 [ 707.031379][T17319] ksys_read+0x1f8/0x250 [ 707.031414][T17319] ? __pfx_ksys_read+0x10/0x10 [ 707.031458][T17319] do_syscall_64+0xcd/0xfa0 [ 707.031499][T17319] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 707.031525][T17319] RIP: 0033:0x7f9ec038efc9 [ 707.031544][T17319] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 707.031569][T17319] RSP: 002b:00007f9ec120d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 707.031593][T17319] RAX: ffffffffffffffda RBX: 00007f9ec05e5fa0 RCX: 00007f9ec038efc9 [ 707.031610][T17319] RDX: 000000000000ff09 RSI: 0000200000000080 RDI: 0000000000000005 [ 707.031626][T17319] RBP: 00007f9ec0411f91 R08: 0000000000000000 R09: 0000000000000000 [ 707.031642][T17319] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 707.031658][T17319] R13: 00007f9ec05e6038 R14: 00007f9ec05e5fa0 R15: 00007ffe598e7d98 [ 707.031691][T17319] [ 707.491847][T17327] FAULT_INJECTION: forcing a failure. [ 707.491847][T17327] name failslab, interval 1, probability 393216, space 0, times 0 [ 707.505029][T17327] CPU: 1 UID: 0 PID: 17327 Comm: syz.5.4357 Tainted: G U I syzkaller #0 PREEMPT(full) [ 707.505071][T17327] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 707.505081][T17327] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 707.505095][T17327] Call Trace: [ 707.505104][T17327] [ 707.505114][T17327] dump_stack_lvl+0x16c/0x1f0 [ 707.505157][T17327] should_fail_ex+0x512/0x640 [ 707.505180][T17327] ? kmem_cache_alloc_noprof+0x62/0x6e0 [ 707.505217][T17327] should_failslab+0xc2/0x120 [ 707.505260][T17327] kmem_cache_alloc_noprof+0x75/0x6e0 [ 707.505294][T17327] ? fasync_helper+0x3d/0xd0 [ 707.505325][T17327] ? __pfx_rtc_dev_fasync+0x10/0x10 [ 707.505355][T17327] ? fasync_helper+0x3d/0xd0 [ 707.505379][T17327] fasync_helper+0x3d/0xd0 [ 707.505406][T17327] do_fcntl+0xa3d/0x15a0 [ 707.505431][T17327] ? __pfx_do_fcntl+0x10/0x10 [ 707.505463][T17327] ? tomoyo_file_fcntl+0xa5/0xc0 [ 707.505492][T17327] __x64_sys_fcntl+0x163/0x200 [ 707.505520][T17327] do_syscall_64+0xcd/0xfa0 [ 707.505562][T17327] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 707.505587][T17327] RIP: 0033:0x7f116e98efc9 [ 707.505607][T17327] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 707.505632][T17327] RSP: 002b:00007f116f877038 EFLAGS: 00000246 ORIG_RAX: 0000000000000048 [ 707.505656][T17327] RAX: ffffffffffffffda RBX: 00007f116ebe5fa0 RCX: 00007f116e98efc9 [ 707.505673][T17327] RDX: 000000000000a553 RSI: 0000000000000004 RDI: 0000000000000003 [ 707.505700][T17327] RBP: 00007f116ea11f91 R08: 0000000000000000 R09: 0000000000000000 [ 707.505716][T17327] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 707.505731][T17327] R13: 00007f116ebe6038 R14: 00007f116ebe5fa0 R15: 00007ffce833edd8 [ 707.505763][T17327] [ 711.671747][T17384] kvm: kvm [17383]: vcpu2, guest rIP: 0xfff0 Unhandled WRMSR(0xc1) = 0x2 [ 712.011687][T17389] netlink: 330 bytes leftover after parsing attributes in process `syz.6.4375'. [ 712.552777][T15456] Bluetooth: hci2: unexpected event 0x08 length: 435 > 4 [ 712.655565][T17403] netlink: 'syz.6.4380': attribute type 4 has an invalid length. [ 712.870681][T17403] netlink: 314 bytes leftover after parsing attributes in process `syz.6.4380'. [ 712.958795][T17403] IPv6: NLM_F_CREATE should be specified when creating new route [ 713.074568][T17403] IPv6: Can't replace route, no match found [ 713.325555][T17414] blktrace: Concurrent blktraces are not allowed on loop2 [ 713.439562][T17418] Loading of unsigned module is rejected [ 715.252044][T17448] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4396'. [ 715.294855][T17448] bridge_slave_1: left allmulticast mode [ 715.300575][T17448] bridge_slave_1: left promiscuous mode [ 715.349864][T17448] bridge0: port 2(bridge_slave_1) entered disabled state [ 715.401592][T17448] bridge_slave_0: left allmulticast mode [ 715.426982][T17448] bridge_slave_0: left promiscuous mode [ 715.459257][T17448] bridge0: port 1(bridge_slave_0) entered disabled state [ 718.759830][T17506] ptp ptp0: delete virtual clock ptp43 [ 718.841637][T17506] ptp ptp0: delete virtual clock ptp42 [ 718.869437][T17508] netlink: 28 bytes leftover after parsing attributes in process `syz.5.4410'. [ 718.942787][T17506] ptp ptp0: delete virtual clock ptp41 [ 719.091646][T17506] ptp ptp0: only physical clock in use now [ 719.293181][T17510] FAULT_INJECTION: forcing a failure. [ 719.293181][T17510] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 719.384171][T17510] CPU: 1 UID: 0 PID: 17510 Comm: syz.4.4411 Tainted: G U I syzkaller #0 PREEMPT(full) [ 719.384215][T17510] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 719.384226][T17510] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 719.384241][T17510] Call Trace: [ 719.384249][T17510] [ 719.384259][T17510] dump_stack_lvl+0x16c/0x1f0 [ 719.384302][T17510] should_fail_ex+0x512/0x640 [ 719.384331][T17510] should_fail_alloc_page+0xe7/0x130 [ 719.384360][T17510] prepare_alloc_pages+0x3c2/0x610 [ 719.384389][T17510] __alloc_frozen_pages_noprof+0x18b/0x2470 [ 719.384428][T17510] ? __lock_acquire+0x622/0x1c90 [ 719.384465][T17510] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 719.384502][T17510] ? find_held_lock+0x2b/0x80 [ 719.384541][T17510] ? aa_file_perm+0x28f/0x12e0 [ 719.384583][T17510] ? aa_file_perm+0x29e/0x12e0 [ 719.384624][T17510] ? __pfx___futex_wait+0x10/0x10 [ 719.384656][T17510] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 719.384691][T17510] ? policy_nodemask+0xea/0x4e0 [ 719.384728][T17510] alloc_pages_mpol+0x1fb/0x550 [ 719.384755][T17510] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 719.384790][T17510] alloc_pages_noprof+0x131/0x390 [ 719.384816][T17510] get_free_pages_noprof+0x10/0xb0 [ 719.384856][T17510] mem_rw+0x94/0x640 [ 719.384890][T17510] ? __pfx_mem_write+0x10/0x10 [ 719.384920][T17510] vfs_write+0x2a0/0x11d0 [ 719.384960][T17510] ? __pfx___mutex_lock+0x10/0x10 [ 719.384985][T17510] ? __pfx_vfs_write+0x10/0x10 [ 719.385029][T17510] ? __fget_files+0x20e/0x3c0 [ 719.385071][T17510] ksys_write+0x12a/0x250 [ 719.385107][T17510] ? __pfx_ksys_write+0x10/0x10 [ 719.385152][T17510] do_syscall_64+0xcd/0xfa0 [ 719.385193][T17510] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 719.385219][T17510] RIP: 0033:0x7f9ec038efc9 [ 719.385238][T17510] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 719.385264][T17510] RSP: 002b:00007f9ec120d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 719.385287][T17510] RAX: ffffffffffffffda RBX: 00007f9ec05e5fa0 RCX: 00007f9ec038efc9 [ 719.385304][T17510] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 719.385319][T17510] RBP: 00007f9ec0411f91 R08: 0000000000000000 R09: 0000000000000000 [ 719.385335][T17510] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 719.385350][T17510] R13: 00007f9ec05e6038 R14: 00007f9ec05e5fa0 R15: 00007ffe598e7d98 [ 719.385383][T17510] @[ 721.625489][T17545] FAULT_INJECTION: forcing a failure. [ 721.625489][T17545] name failslab, interval 1, probability 393216, space 0, times 0 [ 721.639285][T17545] CPU: 1 UID: 0 PID: 17545 Comm: syz.6.4417 Tainted: G U I syzkaller #0 PREEMPT(full) [ 721.639329][T17545] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 721.639339][T17545] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 721.639354][T17545] Call Trace: [ 721.639362][T17545] [ 721.639372][T17545] dump_stack_lvl+0x16c/0x1f0 [ 721.639417][T17545] should_fail_ex+0x512/0x640 [ 721.639441][T17545] ? lockdep_hardirqs_on+0x7c/0x110 [ 721.639483][T17545] should_failslab+0xc2/0x120 [ 721.639517][T17545] kmem_cache_alloc_noprof+0x75/0x6e0 [ 721.639555][T17545] ? do_raw_spin_lock+0x12c/0x2b0 [ 721.639584][T17545] ? inet_bind_bucket_create+0x2d/0x280 [ 721.639627][T17545] ? inet_bind_bucket_create+0x2d/0x280 [ 721.639661][T17545] inet_bind_bucket_create+0x2d/0x280 [ 721.639700][T17545] inet_csk_get_port+0x117d/0x2890 [ 721.639740][T17545] ? trace_inet_sock_set_state+0x194/0x220 [ 721.639777][T17545] ? __pfx_inet_csk_get_port+0x10/0x10 [ 721.639805][T17545] inet_csk_listen_start+0x158/0x380 [ 721.639834][T17545] __inet_listen_sk+0x20f/0x520 [ 721.639870][T17545] ? __pfx___inet_listen_sk+0x10/0x10 [ 721.639906][T17545] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 721.639944][T17545] ? __local_bh_enable_ip+0xa4/0x120 [ 721.639986][T17545] inet_listen+0x93/0xd0 [ 721.640021][T17545] __sys_listen_socket+0x117/0x160 [ 721.640057][T17545] __sys_listen+0xa7/0x130 [ 721.640091][T17545] __x64_sys_listen+0x53/0x80 [ 721.640125][T17545] do_syscall_64+0xcd/0xfa0 [ 721.640166][T17545] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 721.640199][T17545] RIP: 0033:0x7f33f1b8efc9 [ 721.640220][T17545] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 721.640245][T17545] RSP: 002b:00007f33f2a5c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000032 [ 721.640269][T17545] RAX: ffffffffffffffda RBX: 00007f33f1de5fa0 RCX: 00007f33f1b8efc9 [ 721.640286][T17545] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 721.640301][T17545] RBP: 00007f33f1c11f91 R08: 0000000000000000 R09: 0000000000000000 [ 721.640316][T17545] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 721.640331][T17545] R13: 00007f33f1de6038 R14: 00007f33f1de5fa0 R15: 00007fffc41c0588 [ 721.640364][T17545] [ 722.777358][T17560] netlink: 28 bytes leftover after parsing attributes in process `syz.5.4426'. [ 725.744865][T15456] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 726.466019][T17595] FAULT_INJECTION: forcing a failure. [ 726.466019][T17595] name failslab, interval 1, probability 393216, space 0, times 0 [ 726.599058][T17595] CPU: 1 UID: 0 PID: 17595 Comm: syz.0.4436 Tainted: G U I syzkaller #0 PREEMPT(full) [ 726.599108][T17595] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 726.599119][T17595] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 726.599134][T17595] Call Trace: [ 726.599143][T17595] [ 726.599153][T17595] dump_stack_lvl+0x16c/0x1f0 [ 726.599198][T17595] should_fail_ex+0x512/0x640 [ 726.599222][T17595] ? __kmalloc_noprof+0xca/0x880 [ 726.599256][T17595] should_failslab+0xc2/0x120 [ 726.599282][T17595] __kmalloc_noprof+0xdd/0x880 [ 726.599313][T17595] ? usb_hcd_submit_urb+0x5cf/0x1c60 [ 726.599351][T17595] ? usb_hcd_submit_urb+0x5cf/0x1c60 [ 726.599382][T17595] usb_hcd_submit_urb+0x5cf/0x1c60 [ 726.599422][T17595] usb_submit_urb+0x89f/0x1990 [ 726.599463][T17595] ? __init_swait_queue_head+0xca/0x150 [ 726.599499][T17595] usb_start_wait_urb+0x104/0x4b0 [ 726.599543][T17595] ? __pfx_usb_start_wait_urb+0x10/0x10 [ 726.599590][T17595] ? __asan_memset+0x23/0x50 [ 726.599628][T17595] usb_control_msg+0x326/0x4a0 [ 726.599666][T17595] ? __pfx_usb_control_msg+0x10/0x10 [ 726.599712][T17595] hub_ext_port_status+0x14e/0x670 [ 726.599756][T17595] hub_activate+0x6e5/0x1d60 [ 726.599802][T17595] ? __pfx_hub_activate+0x10/0x10 [ 726.599837][T17595] ? find_held_lock+0x2b/0x80 [ 726.599872][T17595] ? proc_do_submiturb+0x1ac0/0x3b10 [ 726.599915][T17595] hub_resume+0xa8/0x3f0 [ 726.599952][T17595] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 726.599978][T17595] ? __pfx_hub_resume+0x10/0x10 [ 726.600015][T17595] ? __pfx_hcd_bus_resume+0x10/0x10 [ 726.600054][T17595] usb_resume_interface.constprop.0.isra.0+0x2c5/0x3e0 [ 726.600095][T17595] usb_resume_both+0x237/0x960 [ 726.600125][T17595] ? __pfx_usb_resume_both+0x10/0x10 [ 726.600155][T17595] ? __pfx_usb_runtime_resume+0x10/0x10 [ 726.600188][T17595] ? __pfx_usb_runtime_resume+0x10/0x10 [ 726.600221][T17595] __rpm_callback+0xc8/0x610 [ 726.600260][T17595] ? __pfx_usb_runtime_resume+0x10/0x10 [ 726.600293][T17595] rpm_callback+0x1b7/0x200 [ 726.600328][T17595] ? __pfx_usb_runtime_resume+0x10/0x10 [ 726.600359][T17595] rpm_resume+0xd16/0x1320 [ 726.600402][T17595] ? __pfx_rpm_resume+0x10/0x10 [ 726.600436][T17595] ? do_raw_spin_lock+0x12c/0x2b0 [ 726.600467][T17595] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 726.600509][T17595] __pm_runtime_resume+0xb6/0x170 [ 726.600549][T17595] usb_autoresume_device+0x23/0xe0 [ 726.600582][T17595] usbdev_open+0x228/0x8b0 [ 726.600614][T17595] ? kobject_get_unless_zero+0x156/0x1e0 [ 726.600639][T17595] ? __pfx_usbdev_open+0x10/0x10 [ 726.600671][T17595] ? chrdev_open+0x10b/0x6a0 [ 726.600714][T17595] ? __pfx_usbdev_open+0x10/0x10 [ 726.600745][T17595] chrdev_open+0x234/0x6a0 [ 726.600782][T17595] ? __pfx_apparmor_file_open+0x10/0x10 [ 726.600812][T17595] ? __pfx_chrdev_open+0x10/0x10 [ 726.600852][T17595] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 726.600895][T17595] do_dentry_open+0x982/0x1530 [ 726.600933][T17595] ? __pfx_chrdev_open+0x10/0x10 [ 726.600978][T17595] vfs_open+0x82/0x3f0 [ 726.601008][T17595] path_openat+0x1de4/0x2cb0 [ 726.601054][T17595] ? __pfx_path_openat+0x10/0x10 [ 726.601098][T17595] ? __lock_acquire+0xb8a/0x1c90 [ 726.601127][T17595] do_filp_open+0x20b/0x470 [ 726.601164][T17595] ? __pfx_do_filp_open+0x10/0x10 [ 726.601222][T17595] ? alloc_fd+0x471/0x7d0 [ 726.601264][T17595] do_sys_openat2+0x11b/0x1d0 [ 726.601292][T17595] ? __pfx_do_sys_openat2+0x10/0x10 [ 726.601332][T17595] __x64_sys_openat+0x174/0x210 [ 726.601361][T17595] ? __pfx___x64_sys_openat+0x10/0x10 [ 726.601403][T17595] do_syscall_64+0xcd/0xfa0 [ 726.601444][T17595] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 726.601469][T17595] RIP: 0033:0x7f78b238efc9 [ 726.601490][T17595] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 726.601515][T17595] RSP: 002b:00007f78b3235038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 726.601539][T17595] RAX: ffffffffffffffda RBX: 00007f78b25e5fa0 RCX: 00007f78b238efc9 [ 726.601556][T17595] RDX: 0000000000020882 RSI: 00002000000000c0 RDI: ffffffffffffff9c [ 726.601573][T17595] RBP: 00007f78b2411f91 R08: 0000000000000000 R09: 0000000000000000 [ 726.601588][T17595] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 726.601604][T17595] R13: 00007f78b25e6038 R14: 00007f78b25e5fa0 R15: 00007ffe40406ac8 [ 726.601636][T17595] [ 729.537656][T17626] mkiss: ax0: crc mode is auto. [ 731.438394][T17595] hub 37-0:1.0: hub_ext_port_status failed (err = -12) [ 733.675954][T17687] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 733.686113][T17689] Loading of unsigned module is rejected [ 735.379737][T15456] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 736.653558][T15456] Bluetooth: hci3: command 0x0c1a tx timeout [ 736.661045][T17700] Bluetooth: hci3: Opcode 0x0c1a failed: -110 [ 737.073011][T17700] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 737.085688][T17700] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 737.092792][T17700] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 737.106071][T17700] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 737.113042][T17700] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 737.123850][T17700] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 737.136749][T17700] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 737.146165][T17700] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 737.156404][T17700] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 737.164413][T17700] CPU0 is offline. [ 737.578749][T17719] FAULT_INJECTION: forcing a failure. [ 737.578749][T17719] name failslab, interval 1, probability 393216, space 0, times 0 [ 737.633537][T17719] CPU: 1 UID: 0 PID: 17719 Comm: syz.6.4468 Tainted: G U I syzkaller #0 PREEMPT(full) [ 737.633580][T17719] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 737.633591][T17719] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 737.633607][T17719] Call Trace: [ 737.633615][T17719] [ 737.633625][T17719] dump_stack_lvl+0x16c/0x1f0 [ 737.633669][T17719] should_fail_ex+0x512/0x640 [ 737.633693][T17719] ? __kmalloc_node_track_caller_noprof+0xcb/0x8a0 [ 737.633738][T17719] should_failslab+0xc2/0x120 [ 737.633763][T17719] __kmalloc_node_track_caller_noprof+0xde/0x8a0 [ 737.633805][T17719] ? append_filter_err+0x3d6/0x610 [ 737.633835][T17719] ? kmemdup_nul+0x49/0xf0 [ 737.633868][T17719] kmemdup_nul+0x49/0xf0 [ 737.633905][T17719] append_filter_err+0x3d6/0x610 [ 737.633935][T17719] apply_subsystem_event_filter+0x75a/0x17e0 [ 737.633973][T17719] ? __pfx_apply_subsystem_event_filter+0x10/0x10 [ 737.634008][T17719] ? _copy_from_user+0x59/0xd0 [ 737.634037][T17719] subsystem_filter_write+0x95/0x120 [ 737.634067][T17719] ? __pfx_subsystem_filter_write+0x10/0x10 [ 737.634094][T17719] vfs_write+0x2a0/0x11d0 [ 737.634145][T17719] ? __pfx___mutex_lock+0x10/0x10 [ 737.634171][T17719] ? __pfx_vfs_write+0x10/0x10 [ 737.634221][T17719] ? __fget_files+0x20e/0x3c0 [ 737.634264][T17719] ksys_write+0x12a/0x250 [ 737.634301][T17719] ? __pfx_ksys_write+0x10/0x10 [ 737.634347][T17719] do_syscall_64+0xcd/0xfa0 [ 737.634389][T17719] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 737.634414][T17719] RIP: 0033:0x7f33f1b8efc9 [ 737.634434][T17719] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 737.634459][T17719] RSP: 002b:00007f33f2a5c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 737.634483][T17719] RAX: ffffffffffffffda RBX: 00007f33f1de5fa0 RCX: 00007f33f1b8efc9 [ 737.634500][T17719] RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000006 [ 737.634520][T17719] RBP: 00007f33f1c11f91 R08: 0000000000000000 R09: 0000000000000000 [ 737.634536][T17719] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 737.634550][T17719] R13: 00007f33f1de6038 R14: 00007f33f1de5fa0 R15: 00007fffc41c0588 [ 737.634583][T17719] [ 737.902861][T17725] RDS: rds_bind could not find a transport for fe80::6664:5f6e:6f65:7865, load rds_tcp or rds_rdma? [ 738.666511][T17732] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 738.725650][T15456] Bluetooth: hci3: command 0x0c1a tx timeout [ 739.123119][T15456] Bluetooth: hci1: command 0x0c1a tx timeout [ 739.129195][ T5829] Bluetooth: hci0: command 0x0406 tx timeout [ 739.201949][T15456] Bluetooth: hci2: command 0x0c1a tx timeout [ 739.255777][T17746] ERROR: Out of memory at tomoyo_memory_ok. [ 739.564839][T17750] Loading of unsigned module is rejected [ 740.012205][T17763] netlink: 8 bytes leftover after parsing attributes in process `syz.6.4485'. [ 740.362232][T17768] FAULT_INJECTION: forcing a failure. [ 740.362232][T17768] name failslab, interval 1, probability 393216, space 0, times 0 [ 740.444808][T17768] CPU: 1 UID: 0 PID: 17768 Comm: syz.6.4487 Tainted: G U I syzkaller #0 PREEMPT(full) [ 740.444853][T17768] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 740.444863][T17768] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 740.444879][T17768] Call Trace: [ 740.444887][T17768] [ 740.444897][T17768] dump_stack_lvl+0x16c/0x1f0 [ 740.444947][T17768] should_fail_ex+0x512/0x640 [ 740.444971][T17768] ? __kmalloc_node_track_caller_noprof+0xcb/0x8a0 [ 740.445016][T17768] should_failslab+0xc2/0x120 [ 740.445041][T17768] __kmalloc_node_track_caller_noprof+0xde/0x8a0 [ 740.445083][T17768] ? sctp_sysctl_net_register+0x30/0x200 [ 740.445124][T17768] ? proc_create_reg+0xe3/0x180 [ 740.445156][T17768] ? __pfx_sctp_defaults_init+0x10/0x10 [ 740.445197][T17768] ? kmemdup_noprof+0x29/0x60 [ 740.445231][T17768] ? __pfx_proc_create_net_data+0x10/0x10 [ 740.445259][T17768] kmemdup_noprof+0x29/0x60 [ 740.445295][T17768] sctp_sysctl_net_register+0x30/0x200 [ 740.445338][T17768] ? __pfx_sctp_defaults_init+0x10/0x10 [ 740.445378][T17768] sctp_defaults_init+0x6d2/0xd90 [ 740.445419][T17768] ? __pfx_sctp_defaults_init+0x10/0x10 [ 740.445460][T17768] ops_init+0x1e2/0x5f0 [ 740.445487][T17768] setup_net+0x100/0x390 [ 740.445511][T17768] ? __pfx_setup_net+0x10/0x10 [ 740.445539][T17768] ? debug_mutex_init+0x37/0x70 [ 740.445578][T17768] copy_net_ns+0x2f8/0x690 [ 740.445609][T17768] create_new_namespaces+0x3ea/0xa90 [ 740.445653][T17768] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 740.445694][T17768] ksys_unshare+0x45b/0xa40 [ 740.445719][T17768] ? __pfx_ksys_unshare+0x10/0x10 [ 740.445744][T17768] ? xfd_validate_state+0x61/0x180 [ 740.445780][T17768] __x64_sys_unshare+0x31/0x40 [ 740.445804][T17768] do_syscall_64+0xcd/0xfa0 [ 740.445845][T17768] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 740.445870][T17768] RIP: 0033:0x7f33f1b8efc9 [ 740.445889][T17768] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 740.445920][T17768] RSP: 002b:00007f33f2a5c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 740.445944][T17768] RAX: ffffffffffffffda RBX: 00007f33f1de5fa0 RCX: 00007f33f1b8efc9 [ 740.445961][T17768] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 740.445976][T17768] RBP: 00007f33f1c11f91 R08: 0000000000000000 R09: 0000000000000000 [ 740.445991][T17768] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 740.446006][T17768] R13: 00007f33f1de6038 R14: 00007f33f1de5fa0 R15: 00007fffc41c0588 [ 740.446039][T17768] [ 741.123057][T17777] FAULT_INJECTION: forcing a failure. [ 741.123057][T17777] name failslab, interval 1, probability 393216, space 0, times 0 [ 741.174605][T17777] CPU: 1 UID: 0 PID: 17777 Comm: syz.0.4489 Tainted: G U I syzkaller #0 PREEMPT(full) [ 741.174649][T17777] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 741.174660][T17777] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 741.174675][T17777] Call Trace: [ 741.174683][T17777] [ 741.174693][T17777] dump_stack_lvl+0x16c/0x1f0 [ 741.174737][T17777] should_fail_ex+0x512/0x640 [ 741.174761][T17777] ? __kmalloc_noprof+0xca/0x880 [ 741.174795][T17777] should_failslab+0xc2/0x120 [ 741.174820][T17777] __kmalloc_noprof+0xdd/0x880 [ 741.174859][T17777] ? kernfs_fop_write_iter+0x237/0x570 [ 741.174897][T17777] ? kernfs_fop_write_iter+0x237/0x570 [ 741.174928][T17777] kernfs_fop_write_iter+0x237/0x570 [ 741.174965][T17777] do_iter_readv_writev+0x662/0x9e0 [ 741.175002][T17777] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 741.175050][T17777] vfs_writev+0x35f/0xde0 [ 741.175092][T17777] ? __pfx_vfs_writev+0x10/0x10 [ 741.175124][T17777] ? __mutex_lock+0x1c5/0x1060 [ 741.175155][T17777] ? __pfx___mutex_lock+0x10/0x10 [ 741.175190][T17777] ? __fget_files+0x20e/0x3c0 [ 741.175232][T17777] ? do_writev+0x132/0x340 [ 741.175263][T17777] do_writev+0x132/0x340 [ 741.175296][T17777] ? __pfx_do_writev+0x10/0x10 [ 741.175339][T17777] do_syscall_64+0xcd/0xfa0 [ 741.175380][T17777] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 741.175405][T17777] RIP: 0033:0x7f78b238efc9 [ 741.175425][T17777] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 741.175449][T17777] RSP: 002b:00007f78b3235038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 741.175472][T17777] RAX: ffffffffffffffda RBX: 00007f78b25e5fa0 RCX: 00007f78b238efc9 [ 741.175489][T17777] RDX: 0000000000000008 RSI: 0000200000000100 RDI: 0000000000000003 [ 741.175505][T17777] RBP: 00007f78b2411f91 R08: 0000000000000000 R09: 0000000000000000 [ 741.175527][T17777] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 741.175542][T17777] R13: 00007f78b25e6038 R14: 00007f78b25e5fa0 R15: 00007ffe40406ac8 [ 741.175575][T17777] [ 741.700842][T15456] Bluetooth: hci1: command 0x0c1a tx timeout [ 741.707422][T15456] Bluetooth: hci0: command 0x0406 tx timeout [ 741.719746][T15456] Bluetooth: hci2: command 0x0c1a tx timeout [ 742.767186][T17798] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78804 [ 742.869867][T17798] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 742.954272][T17798] memcg:ffff88806e2ca701 [ 742.979982][T17798] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 743.052861][T17798] page_type: f5(slab) [ 743.081524][T17798] raw: 00fff00000000040 ffff88801bec3a00 ffffea0000c68700 dead000000000004 [ 743.158112][T17798] raw: 0000000000000000 0000000000120012 00000000f5000000 ffff88806e2ca701 [ 743.201758][T17798] head: 00fff00000000040 ffff88801bec3a00 ffffea0000c68700 dead000000000004 [ 743.258862][T17798] head: 0000000000000000 0000000000120012 00000000f5000000 ffff88806e2ca701 [ 743.285526][T17798] head: 00fff00000000001 ffffea0001e20101 00000000ffffffff 00000000ffffffff [ 743.339130][T17798] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 743.396764][T17798] page dumped because: unmovable page [ 743.439592][T17798] page_owner tracks the page as allocated [ 743.458449][T17798] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 11936, tgid 11935 (syz.1.2429), ts 383322670359, free_ts 383280045034 [ 743.536945][T17798] post_alloc_hook+0x1c0/0x230 [ 743.557252][T17798] get_page_from_freelist+0x10a3/0x3a30 [ 743.573406][T17798] __alloc_frozen_pages_noprof+0x25f/0x2470 [ 743.598088][T17798] alloc_pages_mpol+0x1fb/0x550 [ 743.618680][T17798] new_slab+0x24a/0x360 [ 743.634649][T17798] ___slab_alloc+0xdc4/0x1ae0 [ 743.650856][T17798] __slab_alloc.constprop.0+0x63/0x110 [ 743.670543][T17798] kmem_cache_alloc_noprof+0x43f/0x6e0 [ 743.711971][T17798] alloc_empty_file+0x55/0x1e0 [ 743.716819][T17798] path_openat+0xda/0x2cb0 [ 743.744842][ T5829] Bluetooth: hci2: command 0x0c1a tx timeout [ 743.751133][T15456] Bluetooth: hci1: command 0x0c1a tx timeout [ 743.775654][T17798] do_filp_open+0x20b/0x470 [ 743.786655][T17798] do_sys_openat2+0x11b/0x1d0 [ 743.813821][T17798] __x64_sys_open+0x153/0x1e0 [ 743.818568][T17798] do_syscall_64+0xcd/0xfa0 [ 743.869825][T17798] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 743.875911][T17798] page last free pid 11538 tgid 11538 stack trace: [ 743.906412][T17798] __free_frozen_pages+0x7df/0x1160 [ 743.927067][T17798] qlist_free_all+0x4d/0x120 [ 743.941700][T17798] kasan_quarantine_reduce+0x195/0x1e0 [ 743.954125][T17798] __kasan_slab_alloc+0x69/0x90 [ 743.964771][T17798] __kmalloc_noprof+0x2e8/0x880 [ 743.975532][T17798] tomoyo_encode2+0x100/0x3e0 [ 743.989980][T17798] tomoyo_encode+0x29/0x50 [ 744.000072][T17798] tomoyo_realpath_from_path+0x18f/0x6e0 [ 744.016728][T17798] tomoyo_path_number_perm+0x245/0x580 [ 744.026914][T17798] security_file_ioctl+0x9b/0x240 [ 744.049173][T17798] __x64_sys_ioctl+0xb7/0x210 [ 744.061204][T17798] do_syscall_64+0xcd/0xfa0 [ 744.071553][T17798] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 745.005275][T17827] FAULT_INJECTION: forcing a failure. [ 745.005275][T17827] name failslab, interval 1, probability 393216, space 0, times 0 [ 745.113299][T17827] CPU: 1 UID: 0 PID: 17827 Comm: syz.0.4507 Tainted: G U I syzkaller #0 PREEMPT(full) [ 745.113343][T17827] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 745.113353][T17827] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 745.113369][T17827] Call Trace: [ 745.113377][T17827] [ 745.113387][T17827] dump_stack_lvl+0x16c/0x1f0 [ 745.113432][T17827] should_fail_ex+0x512/0x640 [ 745.113456][T17827] ? kmem_cache_alloc_noprof+0x62/0x6e0 [ 745.113494][T17827] should_failslab+0xc2/0x120 [ 745.113530][T17827] kmem_cache_alloc_noprof+0x75/0x6e0 [ 745.113565][T17827] ? __proc_create+0x2ce/0x8e0 [ 745.113602][T17827] ? __proc_create+0x2ce/0x8e0 [ 745.113628][T17827] __proc_create+0x2ce/0x8e0 [ 745.113656][T17827] ? __pfx___proc_create+0x10/0x10 [ 745.113696][T17827] proc_mkdir+0x81/0x170 [ 745.113724][T17827] ? __pfx_proc_mkdir+0x10/0x10 [ 745.113754][T17827] ? cache_register_net+0x137/0x5e0 [ 745.113785][T17827] cache_register_net+0x18f/0x5e0 [ 745.113813][T17827] gss_svc_init_net+0x98/0x660 [ 745.113849][T17827] ? __pfx_canbcm_pernet_init+0x10/0x10 [ 745.113877][T17827] ? __pfx_rpcsec_gss_init_net+0x10/0x10 [ 745.113916][T17827] ops_init+0x1e2/0x5f0 [ 745.113943][T17827] setup_net+0x100/0x390 [ 745.113967][T17827] ? __pfx_setup_net+0x10/0x10 [ 745.113992][T17827] ? debug_mutex_init+0x37/0x70 [ 745.114031][T17827] copy_net_ns+0x2f8/0x690 [ 745.114061][T17827] create_new_namespaces+0x3ea/0xa90 [ 745.114106][T17827] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 745.114147][T17827] ksys_unshare+0x45b/0xa40 [ 745.114171][T17827] ? __pfx_ksys_unshare+0x10/0x10 [ 745.114197][T17827] ? xfd_validate_state+0x61/0x180 [ 745.114233][T17827] __x64_sys_unshare+0x31/0x40 [ 745.114265][T17827] do_syscall_64+0xcd/0xfa0 [ 745.114306][T17827] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 745.114332][T17827] RIP: 0033:0x7f78b238efc9 [ 745.114351][T17827] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 745.114377][T17827] RSP: 002b:00007f78b3235038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 745.114400][T17827] RAX: ffffffffffffffda RBX: 00007f78b25e5fa0 RCX: 00007f78b238efc9 [ 745.114417][T17827] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 745.114433][T17827] RBP: 00007f78b2411f91 R08: 0000000000000000 R09: 0000000000000000 [ 745.114449][T17827] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 745.114464][T17827] R13: 00007f78b25e6038 R14: 00007f78b25e5fa0 R15: 00007ffe40406ac8 [ 745.114496][T17827] [ 747.614633][T17830] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 747.622121][T17830] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 747.649275][T17830] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 747.676697][T17830] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 747.710831][T17830] CPU0 is offline. [ 747.803535][ T5829] Bluetooth: hci3: command 0x0c1a tx timeout [ 748.553263][T17868] netlink: 330 bytes leftover after parsing attributes in process `syz.6.4522'. [ 748.689956][T17870] FAULT_INJECTION: forcing a failure. [ 748.689956][T17870] name failslab, interval 1, probability 393216, space 0, times 0 [ 748.776887][T17870] CPU: 1 UID: 0 PID: 17870 Comm: syz.5.4524 Tainted: G U I syzkaller #0 PREEMPT(full) [ 748.776932][T17870] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 748.776943][T17870] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 748.776959][T17870] Call Trace: [ 748.776969][T17870] [ 748.776979][T17870] dump_stack_lvl+0x16c/0x1f0 [ 748.777023][T17870] should_fail_ex+0x512/0x640 [ 748.777048][T17870] ? kmem_cache_alloc_noprof+0x62/0x6e0 [ 748.777086][T17870] should_failslab+0xc2/0x120 [ 748.777111][T17870] kmem_cache_alloc_noprof+0x75/0x6e0 [ 748.777146][T17870] ? __proc_create+0x2ce/0x8e0 [ 748.777180][T17870] ? __proc_create+0x2ce/0x8e0 [ 748.777206][T17870] __proc_create+0x2ce/0x8e0 [ 748.777235][T17870] ? __pfx___proc_create+0x10/0x10 [ 748.777269][T17870] ? proc_register+0x554/0x8b0 [ 748.777302][T17870] ? _raw_write_unlock+0x28/0x50 [ 748.777345][T17870] proc_create_reg+0x7d/0x180 [ 748.777379][T17870] proc_create_data+0x86/0x110 [ 748.777409][T17870] ? __pfx_proc_create_data+0x10/0x10 [ 748.777443][T17870] ? cache_register_net+0x137/0x5e0 [ 748.777478][T17870] cache_register_net+0x1e0/0x5e0 [ 748.777509][T17870] gss_svc_init_net+0x151/0x660 [ 748.777545][T17870] ? __pfx_canbcm_pernet_init+0x10/0x10 [ 748.777574][T17870] ? __pfx_rpcsec_gss_init_net+0x10/0x10 [ 748.777612][T17870] ops_init+0x1e2/0x5f0 [ 748.777639][T17870] setup_net+0x100/0x390 [ 748.777662][T17870] ? __pfx_setup_net+0x10/0x10 [ 748.777689][T17870] ? debug_mutex_init+0x37/0x70 [ 748.777730][T17870] copy_net_ns+0x2f8/0x690 [ 748.777760][T17870] create_new_namespaces+0x3ea/0xa90 [ 748.777804][T17870] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 748.777845][T17870] ksys_unshare+0x45b/0xa40 [ 748.777870][T17870] ? __pfx_ksys_unshare+0x10/0x10 [ 748.777896][T17870] ? xfd_validate_state+0x61/0x180 [ 748.777937][T17870] __x64_sys_unshare+0x31/0x40 [ 748.777961][T17870] do_syscall_64+0xcd/0xfa0 [ 748.778003][T17870] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 748.778028][T17870] RIP: 0033:0x7f116e98efc9 [ 748.778047][T17870] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 748.778072][T17870] RSP: 002b:00007f116f877038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 748.778097][T17870] RAX: ffffffffffffffda RBX: 00007f116ebe5fa0 RCX: 00007f116e98efc9 [ 748.778114][T17870] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 748.778130][T17870] RBP: 00007f116ea11f91 R08: 0000000000000000 R09: 0000000000000000 [ 748.778146][T17870] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 748.778161][T17870] R13: 00007f116ebe6038 R14: 00007f116ebe5fa0 R15: 00007ffce833edd8 [ 748.778194][T17870] [ 749.553231][ T30] audit: type=1800 audit(4294972748.207:18): pid=17876 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.4526" name="dbroot" dev="configfs" ino=65830 res=0 errno=0 [ 749.673491][ T5829] Bluetooth: hci0: command 0x0406 tx timeout [ 749.748733][ T5829] Bluetooth: hci2: command 0x0c1a tx timeout [ 749.761109][ T5829] Bluetooth: hci1: command 0x0c1a tx timeout [ 750.355527][T17886] netlink: 266 bytes leftover after parsing attributes in process `syz.0.4529'. [ 750.458005][T17886] IPv6: NLM_F_CREATE should be specified when creating new route [ 751.747300][T17909] ERROR: Out of memory at tomoyo_memory_ok. [ 751.995550][T17913] FAULT_INJECTION: forcing a failure. [ 751.995550][T17913] name failslab, interval 1, probability 393216, space 0, times 0 [ 752.025861][T17913] CPU: 1 UID: 0 PID: 17913 Comm: syz.5.4541 Tainted: G U I syzkaller #0 PREEMPT(full) [ 752.025904][T17913] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 752.025914][T17913] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 752.025972][T17913] Call Trace: [ 752.025981][T17913] [ 752.025991][T17913] dump_stack_lvl+0x16c/0x1f0 [ 752.026035][T17913] should_fail_ex+0x512/0x640 [ 752.026057][T17913] ? kmem_cache_alloc_lru_noprof+0x66/0x6e0 [ 752.026095][T17913] should_failslab+0xc2/0x120 [ 752.026120][T17913] kmem_cache_alloc_lru_noprof+0x79/0x6e0 [ 752.026175][T17913] ? alloc_inode+0x64/0x240 [ 752.026205][T17913] ? __pfx_debugfs_alloc_inode+0x10/0x10 [ 752.026235][T17913] ? alloc_inode+0x64/0x240 [ 752.026258][T17913] alloc_inode+0x64/0x240 [ 752.026283][T17913] new_inode+0x22/0x1c0 [ 752.026310][T17913] debugfs_create_dir+0xdd/0x5f0 [ 752.026346][T17913] ptp_open+0x334/0x550 [ 752.026373][T17913] ? __pfx_ptp_open+0x10/0x10 [ 752.026405][T17913] ? __pfx_ptp_open+0x10/0x10 [ 752.026427][T17913] posix_clock_open+0x17b/0x290 [ 752.026469][T17913] ? __pfx_posix_clock_open+0x10/0x10 [ 752.026509][T17913] chrdev_open+0x234/0x6a0 [ 752.026547][T17913] ? __pfx_apparmor_file_open+0x10/0x10 [ 752.026588][T17913] ? __pfx_chrdev_open+0x10/0x10 [ 752.026627][T17913] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 752.026668][T17913] do_dentry_open+0x982/0x1530 [ 752.026705][T17913] ? __pfx_chrdev_open+0x10/0x10 [ 752.026749][T17913] vfs_open+0x82/0x3f0 [ 752.026778][T17913] path_openat+0x1de4/0x2cb0 [ 752.026826][T17913] ? __pfx_path_openat+0x10/0x10 [ 752.026864][T17913] ? __lock_acquire+0xb8a/0x1c90 [ 752.026892][T17913] do_filp_open+0x20b/0x470 [ 752.026932][T17913] ? __pfx_do_filp_open+0x10/0x10 [ 752.026989][T17913] ? alloc_fd+0x471/0x7d0 [ 752.027030][T17913] do_sys_openat2+0x11b/0x1d0 [ 752.027057][T17913] ? __pfx_do_sys_openat2+0x10/0x10 [ 752.027096][T17913] __x64_sys_openat+0x174/0x210 [ 752.027124][T17913] ? __pfx___x64_sys_openat+0x10/0x10 [ 752.027165][T17913] do_syscall_64+0xcd/0xfa0 [ 752.027205][T17913] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 752.027230][T17913] RIP: 0033:0x7f116e98efc9 [ 752.027250][T17913] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 752.027273][T17913] RSP: 002b:00007f116f877038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 752.027296][T17913] RAX: ffffffffffffffda RBX: 00007f116ebe5fa0 RCX: 00007f116e98efc9 [ 752.027312][T17913] RDX: 0000000000000000 RSI: 0000200000005280 RDI: ffffffffffffff9c [ 752.027347][T17913] RBP: 00007f116ea11f91 R08: 0000000000000000 R09: 0000000000000000 [ 752.027363][T17913] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 752.027378][T17913] R13: 00007f116ebe6038 R14: 00007f116ebe5fa0 R15: 00007ffce833edd8 [ 752.027411][T17913] [ 752.029697][T17913] debugfs: out of free dentries, can not create directory '0xffff88806f29c000' [ 752.609211][T17920] openvswitch: netlink: IP tunnel dst address not specified [ 752.913426][T17925] netlink: 'syz.6.4545': attribute type 1 has an invalid length. [ 752.957224][T17925] netlink: 'syz.6.4545': attribute type 6 has an invalid length. [ 754.073921][T17936] zswap: compressor not available [ 754.807804][T17954] FAULT_INJECTION: forcing a failure. [ 754.807804][T17954] name failslab, interval 1, probability 393216, space 0, times 0 [ 754.850446][T17954] CPU: 1 UID: 0 PID: 17954 Comm: syz.5.4553 Tainted: G U I syzkaller #0 PREEMPT(full) [ 754.850491][T17954] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 754.850502][T17954] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 754.850518][T17954] Call Trace: [ 754.850526][T17954] [ 754.850536][T17954] dump_stack_lvl+0x16c/0x1f0 [ 754.850579][T17954] should_fail_ex+0x512/0x640 [ 754.850603][T17954] ? kmem_cache_alloc_noprof+0x62/0x6e0 [ 754.850642][T17954] should_failslab+0xc2/0x120 [ 754.850677][T17954] kmem_cache_alloc_noprof+0x75/0x6e0 [ 754.850712][T17954] ? __kernfs_new_node+0xd2/0x8e0 [ 754.850741][T17954] ? __kernfs_new_node+0xd2/0x8e0 [ 754.850763][T17954] __kernfs_new_node+0xd2/0x8e0 [ 754.850790][T17954] ? __pfx___kernfs_new_node+0x10/0x10 [ 754.850821][T17954] ? find_held_lock+0x2b/0x80 [ 754.850857][T17954] ? kernfs_root+0xee/0x2a0 [ 754.850886][T17954] kernfs_new_node+0x13c/0x1e0 [ 754.850920][T17954] __kernfs_create_file+0x53/0x350 [ 754.850957][T17954] sysfs_add_file_mode_ns+0x207/0x3c0 [ 754.851005][T17954] internal_create_group+0x578/0xf30 [ 754.851037][T17954] ? __pfx_internal_create_group+0x10/0x10 [ 754.851067][T17954] ? kernfs_create_link+0x1bd/0x240 [ 754.851106][T17954] internal_create_groups+0x9d/0x150 [ 754.851134][T17954] device_add+0x77f/0x1aa0 [ 754.851162][T17954] ? __pfx_device_add+0x10/0x10 [ 754.851186][T17954] ? lockdep_init_map_type+0x5c/0x280 [ 754.851214][T17954] ? __init_waitqueue_head+0xca/0x150 [ 754.851253][T17954] netdev_register_kobject+0x1a9/0x3d0 [ 754.851288][T17954] register_netdevice+0x13dc/0x2270 [ 754.851320][T17954] ? __pfx_register_netdevice+0x10/0x10 [ 754.851355][T17954] ppp_dev_configure+0xa1e/0xd40 [ 754.851402][T17954] ppp_ioctl+0x170e/0x2880 [ 754.851445][T17954] ? find_held_lock+0x2b/0x80 [ 754.851479][T17954] ? __pfx_ppp_ioctl+0x10/0x10 [ 754.851522][T17954] ? __fget_files+0x20e/0x3c0 [ 754.851560][T17954] ? __pfx_ppp_ioctl+0x10/0x10 [ 754.851599][T17954] __x64_sys_ioctl+0x18e/0x210 [ 754.851630][T17954] do_syscall_64+0xcd/0xfa0 [ 754.851676][T17954] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 754.851702][T17954] RIP: 0033:0x7f116e98efc9 [ 754.851722][T17954] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 754.851747][T17954] RSP: 002b:00007f116f877038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 754.851772][T17954] RAX: ffffffffffffffda RBX: 00007f116ebe5fa0 RCX: 00007f116e98efc9 [ 754.851788][T17954] RDX: 0000000000000000 RSI: 00000000c004743e RDI: 0000000000000004 [ 754.851804][T17954] RBP: 00007f116ea11f91 R08: 0000000000000000 R09: 0000000000000000 [ 754.851820][T17954] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 754.851837][T17954] R13: 00007f116ebe6038 R14: 00007f116ebe5fa0 R15: 00007ffce833edd8 [ 754.851870][T17954] [ 755.200128][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 755.207459][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 syzkaller syzkaller login: [ 757.559509][T17989] FAULT_INJECTION: forcing a failure. [ 757.559509][T17989] name failslab, interval 1, probability 393216, space 0, times 0 [ 757.630933][T17989] CPU: 1 UID: 0 PID: 17989 Comm: syz.4.4564 Tainted: G U I syzkaller #0 PREEMPT(full) [ 757.630977][T17989] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 757.630988][T17989] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 757.631004][T17989] Call Trace: [ 757.631012][T17989] [ 757.631022][T17989] dump_stack_lvl+0x16c/0x1f0 [ 757.631067][T17989] should_fail_ex+0x512/0x640 [ 757.631091][T17989] ? kmem_cache_alloc_noprof+0x62/0x6e0 [ 757.631129][T17989] should_failslab+0xc2/0x120 [ 757.631154][T17989] kmem_cache_alloc_noprof+0x75/0x6e0 [ 757.631188][T17989] ? __pfx_acpi_ut_track_stack_ptr+0x10/0x10 [ 757.631215][T17989] ? acpi_ut_create_generic_state+0x61/0xc0 [ 757.631246][T17989] ? acpi_ut_create_generic_state+0x61/0xc0 [ 757.631268][T17989] acpi_ut_create_generic_state+0x61/0xc0 [ 757.631298][T17989] acpi_ds_scope_stack_push+0x70/0x790 [ 757.631327][T17989] acpi_ds_init_aml_walk+0x2d8/0x680 [ 757.631357][T17989] acpi_ps_execute_method+0x39d/0xe90 [ 757.631393][T17989] acpi_ns_evaluate+0x98c/0x16d0 [ 757.631435][T17989] acpi_evaluate_object+0x4ca/0xdf0 [ 757.631481][T17989] ? __pfx_acpi_evaluate_object+0x10/0x10 [ 757.631522][T17989] ? __mutex_trylock_common+0xe9/0x250 [ 757.631557][T17989] acpi_evaluate_integer+0xdd/0x200 [ 757.631590][T17989] ? __pfx_acpi_evaluate_integer+0x10/0x10 [ 757.631636][T17989] ? __pfx_status_show+0x10/0x10 [ 757.631674][T17989] status_show+0xa0/0x120 [ 757.631711][T17989] ? __pfx_status_show+0x10/0x10 [ 757.631757][T17989] dev_attr_show+0x56/0xe0 [ 757.631782][T17989] ? __pfx_dev_attr_show+0x10/0x10 [ 757.631803][T17989] sysfs_kf_seq_show+0x216/0x3e0 [ 757.631847][T17989] seq_read_iter+0x50e/0x12d0 [ 757.631891][T17989] kernfs_fop_read_iter+0x46c/0x610 [ 757.631925][T17989] ? rw_verify_area+0xcf/0x6c0 [ 757.631960][T17989] vfs_read+0x8bf/0xcf0 [ 757.631999][T17989] ? __pfx___mutex_lock+0x10/0x10 [ 757.632023][T17989] ? __pfx_vfs_read+0x10/0x10 [ 757.632078][T17989] ksys_read+0x12a/0x250 [ 757.632113][T17989] ? __pfx_ksys_read+0x10/0x10 [ 757.632158][T17989] do_syscall_64+0xcd/0xfa0 [ 757.632200][T17989] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 757.632225][T17989] RIP: 0033:0x7f9ec038efc9 [ 757.632245][T17989] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 757.632269][T17989] RSP: 002b:00007f9ec120d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 757.632293][T17989] RAX: ffffffffffffffda RBX: 00007f9ec05e5fa0 RCX: 00007f9ec038efc9 [ 757.632310][T17989] RDX: 000000000000007a RSI: 0000200000000140 RDI: 0000000000000003 [ 757.632325][T17989] RBP: 00007f9ec0411f91 R08: 0000000000000000 R09: 0000000000000000 [ 757.632340][T17989] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 757.632356][T17989] R13: 00007f9ec05e6038 R14: 00007f9ec05e5fa0 R15: 00007ffe598e7d98 [ 757.632388][T17989] [ 758.234606][T17989] ACPI Error: ffff8880120ac000 walk still has a scope list (20250807/dswstate-694) [ 758.260454][T17993] netlink: 138 bytes leftover after parsing attributes in process `syz.0.4565'. [ 761.760791][T18031] ================================================================== [ 761.760810][T18031] BUG: KASAN: vmalloc-out-of-bounds in sys_imageblit+0x1a6f/0x1e60 [ 761.760850][T18031] Write of size 8 at addr ffffc900039b9340 by task syz.4.4578/18031 [ 761.760871][T18031] [ 761.760886][T18031] CPU: 1 UID: 0 PID: 18031 Comm: syz.4.4578 Tainted: G U I syzkaller #0 PREEMPT(full) [ 761.760924][T18031] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 761.760935][T18031] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 761.760951][T18031] Call Trace: [ 761.760959][T18031] [ 761.760969][T18031] dump_stack_lvl+0x116/0x1f0 [ 761.761009][T18031] print_report+0xcd/0x630 [ 761.761033][T18031] ? __virt_addr_valid+0x81/0x610 [ 761.761060][T18031] ? sys_imageblit+0x1a6f/0x1e60 [ 761.761099][T18031] kasan_report+0xe0/0x110 [ 761.761123][T18031] ? sys_imageblit+0x1a6f/0x1e60 [ 761.761159][T18031] sys_imageblit+0x1a6f/0x1e60 [ 761.761194][T18031] ? __pfx_sys_imageblit+0x10/0x10 [ 761.761225][T18031] ? try_to_wake_up+0x160/0x1870 [ 761.761262][T18031] ? __lock_acquire+0xb8a/0x1c90 [ 761.761294][T18031] drm_fbdev_shmem_defio_imageblit+0x20/0x130 [ 761.761327][T18031] soft_cursor+0x524/0xa10 [ 761.761354][T18031] ? fb_get_color_depth+0x120/0x250 [ 761.761394][T18031] bit_cursor+0xe8c/0x17e0 [ 761.761422][T18031] ? __pfx_bit_cursor+0x10/0x10 [ 761.761450][T18031] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 761.761485][T18031] ? get_color+0x1da/0x450 [ 761.761521][T18031] ? __pfx_bit_cursor+0x10/0x10 [ 761.761544][T18031] fbcon_cursor+0x40c/0x5a0 [ 761.761581][T18031] ? gcd+0x122/0x270 [ 761.761616][T18031] fbcon_scroll+0x222/0x640 [ 761.761656][T18031] con_scroll+0x45f/0x690 [ 761.761686][T18031] do_con_write+0x4173/0x8290 [ 761.761718][T18031] ? try_check_zero+0x140/0x780 [ 761.761751][T18031] ? __pfx___mutex_lock+0x10/0x10 [ 761.761775][T18031] ? __pfx_do_con_write+0x10/0x10 [ 761.761819][T18031] con_write+0x23/0xb0 [ 761.761849][T18031] n_tty_write+0x41e/0x11e0 [ 761.761892][T18031] ? __pfx_n_tty_write+0x10/0x10 [ 761.761929][T18031] ? trace_kmalloc+0x2b/0xd0 [ 761.761952][T18031] ? __pfx_woken_wake_function+0x10/0x10 [ 761.761985][T18031] ? kfree+0x252/0x6d0 [ 761.762016][T18031] ? __pfx_n_tty_write+0x10/0x10 [ 761.762053][T18031] file_tty_write.constprop.0+0x503/0x9b0 [ 761.762096][T18031] redirected_tty_write+0xd4/0x150 [ 761.762127][T18031] vfs_write+0x7d3/0x11d0 [ 761.762163][T18031] ? __pfx_redirected_tty_write+0x10/0x10 [ 761.762197][T18031] ? __pfx_vfs_write+0x10/0x10 [ 761.762231][T18031] ? find_held_lock+0x2b/0x80 [ 761.762275][T18031] ksys_write+0x12a/0x250 [ 761.762314][T18031] ? __pfx_ksys_write+0x10/0x10 [ 761.762353][T18031] do_syscall_64+0xcd/0xfa0 [ 761.762392][T18031] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 761.762416][T18031] RIP: 0033:0x7f9ec038efc9 [ 761.762435][T18031] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 761.762460][T18031] RSP: 002b:00007f9ec120d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 761.762483][T18031] RAX: ffffffffffffffda RBX: 00007f9ec05e5fa0 RCX: 00007f9ec038efc9 [ 761.762501][T18031] RDX: 000000000000005b RSI: 00002000000005c0 RDI: 0000000000000004 [ 761.762518][T18031] RBP: 00007f9ec0411f91 R08: 0000000000000000 R09: 0000000000000000 [ 761.762535][T18031] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 761.762550][T18031] R13: 00007f9ec05e6038 R14: 00007f9ec05e5fa0 R15: 00007ffe598e7d98 [ 761.762576][T18031] [ 761.762584][T18031] [ 761.762591][T18031] The buggy address belongs to a vmalloc virtual mapping [ 761.762610][T18031] Memory state around the buggy address: [ 761.762624][T18031] ffffc900039b9200: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 761.762642][T18031] ffffc900039b9280: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 761.762660][T18031] >ffffc900039b9300: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 761.762674][T18031] ^ [ 761.762688][T18031] ffffc900039b9380: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 761.762706][T18031] ffffc900039b9400: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 761.762721][T18031] ================================================================== [ 761.762735][T18031] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 761.762754][T18031] CPU: 1 UID: 0 PID: 18031 Comm: syz.4.4578 Tainted: G U I syzkaller #0 PREEMPT(full) [ 761.762793][T18031] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 761.762804][T18031] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 761.762820][T18031] Call Trace: [ 761.762828][T18031] [ 761.762837][T18031] dump_stack_lvl+0x3d/0x1f0 [ 761.762876][T18031] vpanic+0x640/0x6f0 [ 761.762904][T18031] panic+0xca/0xd0 [ 761.762930][T18031] ? __pfx_panic+0x10/0x10 [ 761.762964][T18031] check_panic_on_warn+0xab/0xb0 [ 761.762993][T18031] end_report+0x107/0x170 [ 761.763017][T18031] kasan_report+0xee/0x110 [ 761.763041][T18031] ? sys_imageblit+0x1a6f/0x1e60 [ 761.763088][T18031] sys_imageblit+0x1a6f/0x1e60 [ 761.763124][T18031] ? __pfx_sys_imageblit+0x10/0x10 [ 761.763155][T18031] ? try_to_wake_up+0x160/0x1870 [ 761.763193][T18031] ? __lock_acquire+0xb8a/0x1c90 [ 761.763224][T18031] drm_fbdev_shmem_defio_imageblit+0x20/0x130 [ 761.763257][T18031] soft_cursor+0x524/0xa10 [ 761.763284][T18031] ? fb_get_color_depth+0x120/0x250 [ 761.763325][T18031] bit_cursor+0xe8c/0x17e0 [ 761.763352][T18031] ? __pfx_bit_cursor+0x10/0x10 [ 761.763381][T18031] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 761.763415][T18031] ? get_color+0x1da/0x450 [ 761.763452][T18031] ? __pfx_bit_cursor+0x10/0x10 [ 761.763475][T18031] fbcon_cursor+0x40c/0x5a0 [ 761.763512][T18031] ? gcd+0x122/0x270 [ 761.763546][T18031] fbcon_scroll+0x222/0x640 [ 761.763587][T18031] con_scroll+0x45f/0x690 [ 761.763617][T18031] do_con_write+0x4173/0x8290 [ 761.763649][T18031] ? try_check_zero+0x140/0x780 [ 761.763683][T18031] ? __pfx___mutex_lock+0x10/0x10 [ 761.763707][T18031] ? __pfx_do_con_write+0x10/0x10 [ 761.763745][T18031] con_write+0x23/0xb0 [ 761.763775][T18031] n_tty_write+0x41e/0x11e0 [ 761.763818][T18031] ? __pfx_n_tty_write+0x10/0x10 [ 761.763854][T18031] ? trace_kmalloc+0x2b/0xd0 [ 761.763877][T18031] ? __pfx_woken_wake_function+0x10/0x10 [ 761.763910][T18031] ? kfree+0x252/0x6d0 [ 761.763940][T18031] ? __pfx_n_tty_write+0x10/0x10 [ 761.763977][T18031] file_tty_write.constprop.0+0x503/0x9b0 [ 761.764013][T18031] redirected_tty_write+0xd4/0x150 [ 761.764045][T18031] vfs_write+0x7d3/0x11d0 [ 761.764080][T18031] ? __pfx_redirected_tty_write+0x10/0x10 [ 761.764119][T18031] ? __pfx_vfs_write+0x10/0x10 [ 761.764153][T18031] ? find_held_lock+0x2b/0x80 [ 761.764196][T18031] ksys_write+0x12a/0x250 [ 761.764232][T18031] ? __pfx_ksys_write+0x10/0x10 [ 761.764273][T18031] do_syscall_64+0xcd/0xfa0 [ 761.764313][T18031] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 761.764339][T18031] RIP: 0033:0x7f9ec038efc9 [ 761.764357][T18031] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 761.764382][T18031] RSP: 002b:00007f9ec120d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 761.764406][T18031] RAX: ffffffffffffffda RBX: 00007f9ec05e5fa0 RCX: 00007f9ec038efc9 [ 761.764423][T18031] RDX: 000000000000005b RSI: 00002000000005c0 RDI: 0000000000000004 [ 761.764440][T18031] RBP: 00007f9ec0411f91 R08: 0000000000000000 R09: 0000000000000000 [ 761.764457][T18031] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 761.764473][T18031] R13: 00007f9ec05e6038 R14: 00007f9ec05e5fa0 R15: 00007ffe598e7d98 [ 761.764499][T18031] [ 761.764574][T18031] Kernel Offset: disabled