last executing test programs: 5.046825358s ago: executing program 3 (id=10322): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) pipe2$auto(0x0, 0x80) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) setrlimit$auto(0x1000000007, 0x0) keyctl$auto(0x200000000000020, 0xffffffffffffffff, 0x5, 0x5, 0x8) keyctl$auto(0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0) 4.619538106s ago: executing program 3 (id=10325): openat$auto_mgts_fops_(0xffffffffffffff9c, &(0x7f0000000000), 0x82142, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/freezer.state\x00', 0x10b342, 0x0) socket(0xa, 0x3, 0x3a) socket(0x1d, 0x2, 0x7) socket(0xa, 0x1, 0x84) r0 = socket(0x1e, 0x4, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000340)='/proc/sys/net/netfilter/nf_conntrack_buckets\x00', 0x101000, 0x0) bpf$auto_BPF_PROG_LOAD(0x5, &(0x7f0000000300)=@info={r0, 0x7}, 0x7ff) 4.127835488s ago: executing program 3 (id=10327): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000280)='/proc/thread-self/fail-nth\x00', 0x28082, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/net/afs/sysname\x00', 0x40000, 0x0) socketpair$auto(0x1, 0x1, 0x3, 0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/tty45\x00', 0x100, 0x0) ioctl$auto_TIOCSTI2(r0, 0x5412, &(0x7f0000000140)="13") ioctl$auto_TIOCSTI2(r0, 0x5412, 0x0) 3.09352549s ago: executing program 0 (id=10337): mmap$auto(0x0, 0x400007, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) r0 = socket(0xa, 0x5, 0x0) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) getsockopt$auto(r0, 0x84, 0x10, 0x0, 0x0) 2.959865859s ago: executing program 3 (id=10338): mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0xffffffffffffffff, 0x8000) rt_sigtimedwait$auto(0x0, 0x0, 0x0, 0x8) syz_clone3(&(0x7f000000dd80)={0x100000, 0x0, 0x0, 0x0, {0x13}, 0x0, 0x0, 0x0, 0x0}, 0x58) syz_clone3(&(0x7f000000dd80)={0xa04400, 0x0, 0x0, 0x0, {0x12}, 0x0, 0x0, 0x0, 0x0}, 0x58) sendmsg$auto_TCP_METRICS_CMD_DEL(0xffffffffffffffff, 0x0, 0x20008090) syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_CABLE_TEST_ACT(0xffffffffffffffff, 0x0, 0x4104) 2.581852136s ago: executing program 2 (id=10340): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) r0 = open(&(0x7f0000000100)='.\x00', 0x595002, 0x408) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) fanotify_init$auto(0x200, 0x1) r1 = open(&(0x7f0000000000)='./bus\x00', 0x12ba7e, 0x45) fanotify_mark$auto(0x0, 0x55, 0x9, r1, 0x0) unshare$auto(0x40000080) linkat$auto(r0, 0x0, 0xffffffffffffff9c, &(0x7f0000000080)='&&\x00', 0x1000) 2.378462953s ago: executing program 0 (id=10341): sendmmsg$auto(0x3, 0x0, 0x3, 0x0) close_range$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x3) statmount$auto(0x0, &(0x7f0000000180)={0x6, 0x8, 0x80001ff, 0x7c9, 0x26, 0x7fffffffffffffff, 0x1ffe0, 0x8, 0x3, 0x2000000c, 0x9, 0x3, 0x4, 0xffffffffffffffff, 0x68d, 0x9, 0x8000, 0x7fffffff, 0x80, 0x3, 0xb5d, 0xa, 0x22000, 0x200, 0xffffff28, 0x84, 0x0, 0x0, 0x0, 0x0, 0x0, [0x8000000000000000, 0x101, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0xe26, 0x3, 0xfffffffffffffffb, 0x0, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff7fffffffffffe, 0xffffffffffffffff, 0x6, 0xfffffffffffffff5, 0x0, 0x0, 0x80000, 0x20000000000002, 0xffff, 0x10, 0x0, 0x8, 0x10000, 0x0, 0x0, 0x40090, 0x6, 0xbdcc, 0x0, 0xfffffffffffffffe]}, 0x1fe, 0x9) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000180)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x20000008}, 0x40000) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x20000044}, 0x8000) r0 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0x1892, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f0000000140), 0xb, 0xa505}, 0x800}, 0x7, 0x4008) 2.182807107s ago: executing program 2 (id=10342): r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000280)='/proc/sys/net/ipv4/fib_multipath_hash_policy\x00', 0x2602, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) memfd_create$auto(&(0x7f0000000380)='_k\x8ba59Be\x92\xdf\xd8Y&\x1bM\xb5\xaaH9\xd9\x84\x184P\xdb\xbaaDq% \x81\xa4\xa89\xf9\xd7\xef\xd2\x03\xdb!!\x99QBX@\xea\\z\xec\xb1\xcc,g\xb1L\x90/\xa80\x16\xc3\x97\x9e\x88G;\xe2Cpw$>\xb4\f^\x9a\x9c\n\x9e\xba9\xb4\xb9\x88\xbf\xd4\xach\x16x\xf0\xea\xcd\xbbnS\x88\xc3\xa3\x15]\xa1\x14\x93\xd31\x82kR\x87\xbc\xf2@\xbe\"\x98@\x80\x98\xd2\x8cz\xe7\xcdFHX\xf5ff\xef\xb2\xff\xcf\xd4\"\xef\x12\x88\bU4!\xee\x9d\n\xc7', 0x3) mmap$auto(0x7ffffdfde000, 0x2020006, 0x9, 0x11, 0x8000000000000000, 0x8000) prctl$auto(0x23, 0x7, 0x7fffffffefff, 0x0, 0x0) brk$auto(0x7fffffffafff) brk$auto(0x7fffffffefff) write$auto(r0, &(0x7f0000000000)=']\xdc--\'+:&$//&^!&\x00', 0x1) 2.00003774s ago: executing program 0 (id=10344): mmap$auto(0x0, 0x2000c, 0xdf, 0x20eb1, 0x40000000000a5, 0x8000) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x400c000) socket(0x29, 0x2, 0x0) write$auto(0xca, &(0x7f0000000000)='\x04>\x01\x01\x00\x00\x00\x00\x01_\x9e\x99:R\xcc\x96\b\'\x02\xb0\x93l\xeb\x87\r\b\x87\x14\xf8e6\x9c%\xb6\x9a\\S\xa2(Q\xcc', 0x7f) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c03, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) io_uring_setup$auto(0x6, 0x0) bpf$auto(0x1, &(0x7f0000000000)=@test={0xffffffffffffffff, 0x8000, 0xf9c, 0x466, 0x9, 0x3, 0x4, 0x2, 0x4, 0x200, 0x3, 0xb6, 0x4, 0x6, 0x9}, 0xa3) writev$auto(0xca, &(0x7f0000000080)={&(0x7f0000000040), 0x1}, 0x7e) 1.68438112s ago: executing program 0 (id=10345): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) socket(0xa, 0x1, 0x84) madvise$auto(0x0, 0xffffffffffff0001, 0x15) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) unshare$auto(0x40000080) setsockopt$auto(0x3, 0x10000000084, 0x7b, 0x0, 0xd) 1.681719752s ago: executing program 2 (id=10347): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x59, &(0x7f0000000100)={0x0, 0x1d, 0x3000, 0x6, 0x7, 0x400a, 0xffffffffffffffff, [], {0x6, 0x6, 0x8c48, 0x29b, 0x3, 0x7f, 0x0, 0x6}, {0xe63c, 0x1, 0x52, 0x85, 0x2, 0x1a7b870a, 0x76c2, 0x8000c, 0x100000000}}) socket(0x2b, 0x1, 0x0) io_uring_setup$auto(0x6, 0x0) setsockopt$auto(0x3, 0x1, 0x2e, 0x0, 0x9) select$auto(0x4, 0x0, 0x0, &(0x7f0000000080)={[0x1ff, 0x7, 0x3, 0x1, 0x7, 0x1000000000000004, 0x15f4da0a, 0x4000000400039, 0x3, 0x2bffffffffffffe, 0x80000002, 0x7a142c64, 0x6d3c, 0x5, 0x80, 0xfb]}, 0x0) close_range$auto(0x2, 0x8, 0x0) 1.474833203s ago: executing program 3 (id=10349): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0x3, 0x0) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) r0 = open(&(0x7f0000000100)='.\x00', 0x0, 0x57e) fcntl$auto_F_ADD_SEALS(r0, 0x410, 0x0) open(&(0x7f0000000000)='./file0\x00', 0x4242, 0xe1d2b27bdc14aab4) close_range$auto(0x2, 0x8, 0x0) 1.305546029s ago: executing program 1 (id=10350): r0 = socket(0x25, 0x1, 0x20106) bind$auto(r0, 0x0, 0x6a) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) mremap$auto(0x0, 0x4, 0x4, 0x7, 0x100000000) madvise$auto(0x0, 0x200007, 0x19) io_uring_setup$auto(0x2, &(0x7f0000000080)={0x80000003, 0x9, 0x4002, 0x6, 0x4, 0x8, 0xffffffffffffffff, [], {0x9, 0x6, 0xf, 0x29f, 0x100, 0x7f, 0x101, 0x4000006, 0x2000}, {0x100, 0x1, 0x52, 0x5, 0x1, 0x40, 0x104, 0x8, 0x100000000}}) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) madvise$auto(0x0, 0x2003ec, 0x14) 1.047387136s ago: executing program 2 (id=10351): socket(0xa, 0x801, 0x84) socket(0x80000000000000a, 0x2, 0x0) socket(0xa, 0x801, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) move_pages$auto(0x1, 0xf54, 0x0, 0x0, 0x0, 0x8000000000000000) setsockopt$auto(0x3, 0x10000000084, 0x1, 0x0, 0x14) 987.687806ms ago: executing program 3 (id=10352): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) pwrite64$auto(0xffffffffffffffff, 0x0, 0xf4a, 0x100000001) io_uring_setup$auto(0x6, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x1e, 0x805, 0x0) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f00000010c0)='/dev/snd/controlC1\x00', 0x802, 0x0) ioctl$auto(0x3, 0x40045532, 0x38) openat$auto_snd_pcm_f_ops_pcm1(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/pcmC1D0c\x00', 0x103, 0x0) 791.766888ms ago: executing program 2 (id=10353): openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000240)='/dev/video37\x00', 0x8a240, 0x0) mmap$auto(0x0, 0x30009, 0x4000000000df, 0x4000eb1, 0x401, 0x8000) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) r0 = socket(0x11, 0x80003, 0x300) setsockopt$auto(r0, 0x107, 0xf, 0x0, 0x6) sendmsg$auto_OVS_VPORT_CMD_GET(0xffffffffffffffff, &(0x7f0000002780)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x8804}, 0x800) capset$auto(0x0, &(0x7f0000000000)={0x3, 0x5, 0x100}) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000000), 0x5ac, &(0x7f0000000280)={&(0x7f0000000200), 0x23ef2}, 0x5, 0x0, 0x5, 0x1}, 0x2000005}, 0x30000000, 0x100) 758.092771ms ago: executing program 0 (id=10354): io_uring_setup$auto(0x59, &(0x7f0000000080)={0x80000002, 0x201d, 0x3000, 0xfffffff8, 0x7, 0x400a, 0xffffffffffffffff, [], {0x6, 0x9, 0x4, 0x29c, 0x1, 0x4, 0x1, 0x7, 0x1}, {0x10100, 0x1, 0x52, 0x88, 0x2, 0x8, 0x76c5, 0x8, 0x100000000}}) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x1, 0x106) socket(0xa, 0x1, 0x84) uname$auto(0x0) setsockopt$auto(0x3, 0x10000000084, 0x85, 0x0, 0x90) sendto$auto(0x3, 0x0, 0x6, 0xe, &(0x7f0000000100)=@in={0x2, 0x4e20, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x1d) 648.668959ms ago: executing program 1 (id=10355): close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) fanotify_init$auto(0x1f53, 0x2000000000002) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) fanotify_mark$auto(0x0, 0x401, 0x4, 0x4, 0x0) fanotify_mark$auto(0x400000000000, 0x6, 0x9, 0x4, 0x0) 483.830717ms ago: executing program 2 (id=10356): close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x2000a, 0xdf, 0xe31, 0x40000000000a5, 0x8000) socket(0x10, 0x2, 0x0) socket(0x1d, 0x2, 0x6) r0 = socket(0x2, 0x2, 0x1) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'vxcan1\x00', 0x0}) bind$auto(0x3, &(0x7f0000000040)=@can={0x1d, r1, 0xfd}, 0x6a) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0x206c}, 0x1, 0x0, 0x3, 0xa}, 0x8}, 0x5, 0xffb) 436.96859ms ago: executing program 0 (id=10357): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000440)='/sys/devices/platform/dummy_hcd.0/usb1/1-0:1.0/usb1-port1/quirks\x00', 0x103a42, 0x0) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket(0x1d, 0x2, 0x7) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'vcan0\x00', 0x0}) bind$auto(0x3, &(0x7f0000000040)=@can={0x1d, r1}, 0x6a) sendto$auto(r0, 0x0, 0x6fffff9, 0xfffffff8, &(0x7f0000000440)=@can, 0x36) 387.186611ms ago: executing program 1 (id=10358): mmap$auto(0x0, 0x2020209, 0x1, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = socket(0x10, 0x2, 0x0) syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000040)='ns/pid_for_children\x00') sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1a00"], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) recvmmsg$auto(r0, &(0x7f0000000100)={{0x0, 0x4, 0x0, 0x3, 0x0, 0x80000000, 0x6}, 0x9}, 0x7, 0x6, 0x0) close_range$auto(0x2, 0x8, 0x0) 243.857098ms ago: executing program 1 (id=10359): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) setresuid$auto(0x0, 0x7, 0x8080) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x2, 0x15) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1100af"], 0x1ac}, 0x1, 0x0, 0x0, 0x26004814}, 0x0) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 109.311644ms ago: executing program 1 (id=10360): r0 = socket(0xa, 0x1, 0x0) mknod$auto(&(0x7f0000000140)=':,\x00', 0xc3, 0xfffffffa) execve$auto(&(0x7f0000000000)=':,\x00', 0x0, 0x0) listen$auto(r0, 0x1) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x1, 0x106) listen$auto(0x3, 0x81) 0s ago: executing program 1 (id=10361): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = socket(0x2, 0x801, 0x106) setsockopt$auto(r0, 0x3, 0x4, &(0x7f0000000040)='\xe2 \xa8\xf4', 0x7) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000340), r1) syz_genetlink_get_family_id$auto_ovs_packet(0x0, 0xffffffffffffffff) sendmsg$auto_TIPC_NL_NET_SET(r1, &(0x7f00000079c0)={0x0, 0x0, &(0x7f0000007980)={&(0x7f0000000040)={0x20, r2, 0x1, 0x70bd2c, 0x25dfdbff, {}, [@TIPC_NLA_NET={0xc, 0x7, 0x0, 0x1, [@typed={0x8, 0x2, 0x0, 0x0, @uid=0xee00}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x40010}, 0x2) kernel console output (not intermixed with test programs): ar_bhb_loop+0x40/0x90 [ 638.724278][T23968] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 638.724313][T23968] RIP: 0033:0x7f4e6499de59 [ 638.724341][T23968] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 638.724375][T23968] RSP: 002b:00007f4e65787028 EFLAGS: 00000246 ORIG_RAX: 000000000000011b [ 638.724407][T23968] RAX: ffffffffffffffda RBX: 00007f4e64c25fa0 RCX: 00007f4e6499de59 [ 638.724429][T23968] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000009 [ 638.724449][T23968] RBP: 00007f4e64a33e6f R08: 0000000000000000 R09: 0000000000000000 [ 638.724470][T23968] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 638.724491][T23968] R13: 00007f4e64c26038 R14: 00007f4e64c25fa0 R15: 00007ffe957aaf38 [ 638.724533][T23968] [ 638.955938][T23657] veth0_macvtap: entered promiscuous mode [ 638.974340][T23657] veth1_macvtap: entered promiscuous mode [ 639.019352][T23971] netlink: 222 bytes leftover after parsing attributes in process `syz.1.7921'. [ 639.054438][T23657] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 639.091157][T23657] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 639.141824][ T48] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 639.164938][ T48] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 639.232903][ T48] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 639.273561][ T48] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 639.518517][ T59] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 639.535238][ T59] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 639.792757][ T1171] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 639.813191][ T1171] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 640.018907][T23657] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 640.397401][T24017] netlink: 342 bytes leftover after parsing attributes in process `syz.1.7932'. [ 640.652515][T23146] Bluetooth: hci2: SCO packet for unknown connection handle 0 [ 640.838358][T24031] netlink: 326 bytes leftover after parsing attributes in process `syz.0.7936'. [ 641.722119][T24067] netlink: 206 bytes leftover after parsing attributes in process `syz.1.7948'. [ 643.360238][T24118] netlink: 20 bytes leftover after parsing attributes in process `syz.2.7962'. [ 645.189353][T23146] Bluetooth: hci1: unexpected event 0x03 length: 40 > 11 [ 645.780728][T24192] netlink: 326 bytes leftover after parsing attributes in process `syz.3.7986'. [ 647.526573][T24202] kexec: Could not allocate control_code_buffer [ 647.677858][T24227] netlink: 186 bytes leftover after parsing attributes in process `syz.0.7997'. [ 647.708073][T24227] netlink: 186 bytes leftover after parsing attributes in process `syz.0.7997'. [ 648.237124][T24248] netlink: 342 bytes leftover after parsing attributes in process `syz.3.8004'. [ 649.083809][T24282] netlink: 342 bytes leftover after parsing attributes in process `syz.3.8017'. [ 649.616525][T24291] netlink: 20 bytes leftover after parsing attributes in process `syz.2.8021'. [ 650.148438][T24301] netlink: 130 bytes leftover after parsing attributes in process `syz.3.8025'. [ 651.132823][T24332] netlink: 342 bytes leftover after parsing attributes in process `syz.0.8037'. [ 651.198444][T24334] netlink: 8 bytes leftover after parsing attributes in process `syz.1.8035'. [ 651.223801][T24336] netlink: 28 bytes leftover after parsing attributes in process `syz.0.8039'. [ 651.291632][T24339] netlink: 8 bytes leftover after parsing attributes in process `syz.1.8035'. [ 651.897703][T24363] netlink: 342 bytes leftover after parsing attributes in process `syz.3.8050'. [ 652.056430][T24367] netlink: 326 bytes leftover after parsing attributes in process `syz.3.8051'. [ 652.213719][T24371] netlink: 326 bytes leftover after parsing attributes in process `syz.1.8060'. [ 653.815185][T24404] bridge0: port 4(team0) entered disabled state [ 654.538295][T24419] netlink: 'syz.0.8068': attribute type 19 has an invalid length. [ 654.577282][T24419] __nla_validate_parse: 3 callbacks suppressed [ 654.577307][T24419] netlink: 334 bytes leftover after parsing attributes in process `syz.0.8068'. [ 659.994308][T24552] netlink: 326 bytes leftover after parsing attributes in process `syz.0.8119'. [ 660.037122][T24552] bridge0: port 3(dummy0) entered disabled state [ 660.746378][T24572] netlink: 350 bytes leftover after parsing attributes in process `syz.3.8133'. [ 661.785385][T24585] netlink: 342 bytes leftover after parsing attributes in process `syz.3.8126'. [ 663.454411][T24626] netlink: 342 bytes leftover after parsing attributes in process `syz.2.8144'. [ 663.525303][T24629] netlink: 330 bytes leftover after parsing attributes in process `syz.1.8145'. [ 663.604758][T24623] zswap: compressor not available [ 664.094235][T24612] kexec: Could not allocate control_code_buffer [ 664.613098][T24651] netlink: 28 bytes leftover after parsing attributes in process `syz.1.8154'. [ 664.660576][T24651] bond0: (slave bond_slave_0): Releasing backup interface [ 664.679082][T24651] bond_slave_0 (unregistering): left promiscuous mode [ 664.686190][T24651] bond_slave_0 (unregistering): left allmulticast mode [ 664.790552][T24632] FAULT_INJECTION: forcing a failure. [ 664.790552][T24632] name fail_futex, interval 1, probability 0, space 0, times 1 [ 664.824972][T24632] CPU: 0 UID: 0 PID: 24632 Comm: syz.2.8146 Tainted: G L syzkaller #0 PREEMPT(full) [ 664.825027][T24632] Tainted: [L]=SOFTLOCKUP [ 664.825050][T24632] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 664.825071][T24632] Call Trace: [ 664.825082][T24632] [ 664.825094][T24632] dump_stack_lvl+0x100/0x190 [ 664.825149][T24632] should_fail_ex.cold+0x5/0xa [ 664.825188][T24632] get_futex_key+0x1d2/0x14f0 [ 664.825249][T24632] ? __pfx_get_futex_key+0x10/0x10 [ 664.825308][T24632] ? __lock_acquire+0x49f/0x1a40 [ 664.825362][T24632] futex_wake+0xf4/0x5e0 [ 664.825409][T24632] ? __pfx_futex_wake+0x10/0x10 [ 664.825456][T24632] ? find_held_lock+0x2b/0x80 [ 664.825495][T24632] ? do_sys_openat2+0x1b6/0x1e0 [ 664.825534][T24632] ? do_sys_openat2+0x1b6/0x1e0 [ 664.825578][T24632] do_futex+0x2b2/0x440 [ 664.825612][T24632] ? __pfx_do_futex+0x10/0x10 [ 664.825641][T24632] ? __pfx_do_sys_openat2+0x10/0x10 [ 664.825684][T24632] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 664.825739][T24632] __x64_sys_futex+0x34f/0x4d0 [ 664.825769][T24632] ? __x64_sys_openat+0x12d/0x210 [ 664.825805][T24632] ? __pfx___x64_sys_futex+0x10/0x10 [ 664.825847][T24632] do_syscall_64+0x115/0x840 [ 664.825890][T24632] ? clear_bhb_loop+0x40/0x90 [ 664.825926][T24632] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 664.825956][T24632] RIP: 0033:0x7f4e6499de59 [ 664.826005][T24632] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 664.826035][T24632] RSP: 002b:00007f4e657870e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 664.826070][T24632] RAX: ffffffffffffffda RBX: 00007f4e64c25fa8 RCX: 00007f4e6499de59 [ 664.826090][T24632] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f4e64c25fac [ 664.826108][T24632] RBP: 00007f4e64c25fa0 R08: 0000000000000001 R09: 0000000000000000 [ 664.826126][T24632] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000 [ 664.826145][T24632] R13: 00007f4e64c26038 R14: 00007ffe957aae50 R15: 00007ffe957aaf38 [ 664.826181][T24632] [ 665.372753][T23146] block nbd2: Receive control failed (result -32) [ 666.768365][T24702] HfR: entered promiscuous mode [ 666.829421][T24702] netlink: 12 bytes leftover after parsing attributes in process `syz.2.8171'. [ 666.855781][T24702] HfR: left promiscuous mode [ 668.183069][T24703] Process accounting paused [ 668.997438][T24741] vivid-008: ================= START STATUS ================= [ 669.016023][T24741] vivid-008: ================== END STATUS ================== [ 670.700917][T24770] netlink: 28 bytes leftover after parsing attributes in process `syz.0.8191'. [ 670.792096][T24770] bond0: (slave bond_slave_0): Releasing backup interface [ 670.893124][T24772] netlink: 28 bytes leftover after parsing attributes in process `syz.3.8192'. [ 670.925926][T24772] bridge0: entered promiscuous mode [ 670.943709][T24772] bridge0: entered allmulticast mode [ 670.991173][T24774] netlink: 342 bytes leftover after parsing attributes in process `syz.2.8193'. [ 671.184758][T24777] netlink: 334 bytes leftover after parsing attributes in process `syz.0.8195'. [ 671.203301][T24780] netlink: 350 bytes leftover after parsing attributes in process `syz.3.8196'. [ 671.902363][T24801] vivid-008: ================= START STATUS ================= [ 671.929181][T24801] vivid-008: ================== END STATUS ================== [ 672.707822][T24816] Process accounting resumed [ 673.491669][T24839] vivid-008: ================= START STATUS ================= [ 673.511228][T24839] vivid-008: ================== END STATUS ================== [ 673.792776][T24843] usb usb2: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 674.561617][T24856] netlink: 28 bytes leftover after parsing attributes in process `syz.2.8223'. [ 674.595749][T24856] vlan1: entered allmulticast mode [ 674.610551][T24856] veth0_vlan: entered allmulticast mode [ 674.749749][T24858] HfR: entered promiscuous mode [ 674.783720][T24858] netlink: 12 bytes leftover after parsing attributes in process `syz.0.8224'. [ 674.801943][T24858] HfR: left promiscuous mode [ 676.667592][T24894] HfR: entered promiscuous mode [ 676.686500][T24896] netlink: 12 bytes leftover after parsing attributes in process `syz.3.8236'. [ 676.720953][T24896] HfR: left promiscuous mode [ 676.749013][T24898] netlink: 334 bytes leftover after parsing attributes in process `syz.0.8238'. [ 678.682196][T24942] netlink: 28 bytes leftover after parsing attributes in process `syz.2.8255'. [ 678.788064][T24942] bond0: (slave bond_slave_0): Releasing backup interface [ 681.716287][T24997] netlink: 130 bytes leftover after parsing attributes in process `syz.0.8276'. [ 685.036371][T25067] netlink: 28 bytes leftover after parsing attributes in process `syz.1.8298'. [ 685.059820][T25061] FAULT_INJECTION: forcing a failure. [ 685.059820][T25061] name failslab, interval 1, probability 0, space 0, times 0 [ 685.072878][T25061] CPU: 0 UID: 0 PID: 25061 Comm: syz.0.8297 Tainted: G L syzkaller #0 PREEMPT(full) [ 685.072933][T25061] Tainted: [L]=SOFTLOCKUP [ 685.072945][T25061] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 685.072966][T25061] Call Trace: [ 685.072977][T25061] [ 685.072989][T25061] dump_stack_lvl+0x100/0x190 [ 685.073042][T25061] should_fail_ex.cold+0x5/0xa [ 685.073081][T25061] should_failslab+0xc2/0x120 [ 685.073125][T25061] kmem_cache_alloc_noprof+0x91/0x6a0 [ 685.073166][T25061] ? fuse_request_alloc+0x22/0x200 [ 685.073305][T25061] fuse_request_alloc+0x22/0x200 [ 685.073338][T25061] fuse_get_req+0x20a/0x400 [ 685.073374][T25061] ? __pfx_fuse_get_req+0x10/0x10 [ 685.073409][T25061] ? from_kgid+0x8f/0xd0 [ 685.073452][T25061] ? __pfx_from_kgid+0x10/0x10 [ 685.073501][T25061] ? pid_nr_ns+0xe6/0x150 [ 685.073542][T25061] fuse_chan_send_bg+0x3ab/0x800 [ 685.073586][T25061] fuse_simple_background+0x273/0x2e0 [ 685.073682][T25061] cuse_channel_open+0x5dd/0x8e0 [ 685.073737][T25061] ? __pfx_cuse_channel_open+0x10/0x10 [ 685.073794][T25061] misc_open+0x26d/0x450 [ 685.073867][T25061] ? __pfx_misc_open+0x10/0x10 [ 685.073919][T25061] chrdev_open+0x234/0x6a0 [ 685.073973][T25061] ? __pfx_apparmor_file_open+0x10/0x10 [ 685.074041][T25061] ? __pfx_chrdev_open+0x10/0x10 [ 685.074099][T25061] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 685.074142][T25061] do_dentry_open+0x6ab/0x14d0 [ 685.074195][T25061] ? __pfx_chrdev_open+0x10/0x10 [ 685.074258][T25061] vfs_open+0x82/0x3f0 [ 685.074301][T25061] path_openat+0x2873/0x4280 [ 685.074371][T25061] ? __pfx_path_openat+0x10/0x10 [ 685.074434][T25061] do_file_open+0x20e/0x430 [ 685.074491][T25061] ? __pfx_do_file_open+0x10/0x10 [ 685.074568][T25061] ? alloc_fd+0x471/0x7a0 [ 685.074615][T25061] ? do_getname+0x191/0x390 [ 685.074651][T25061] do_sys_openat2+0x10f/0x1e0 [ 685.074686][T25061] ? __pfx_do_sys_openat2+0x10/0x10 [ 685.074728][T25061] ? __fget_files+0x21f/0x3d0 [ 685.074785][T25061] __x64_sys_openat+0x12d/0x210 [ 685.074825][T25061] ? __pfx___x64_sys_openat+0x10/0x10 [ 685.074883][T25061] do_syscall_64+0x115/0x840 [ 685.074934][T25061] ? clear_bhb_loop+0x40/0x90 [ 685.074976][T25061] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 685.075021][T25061] RIP: 0033:0x7f6fa5b9de59 [ 685.075048][T25061] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 685.075081][T25061] RSP: 002b:00007f6fa6aba028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 685.075113][T25061] RAX: ffffffffffffffda RBX: 00007f6fa5e25fa0 RCX: 00007f6fa5b9de59 [ 685.075136][T25061] RDX: 00000000001c1041 RSI: 0000200000000140 RDI: ffffffffffffff9c [ 685.075159][T25061] RBP: 00007f6fa5c33e6f R08: 0000000000000000 R09: 0000000000000000 [ 685.075179][T25061] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 685.075200][T25061] R13: 00007f6fa5e26038 R14: 00007f6fa5e25fa0 R15: 00007fff6a65e128 [ 685.075245][T25061] [ 685.785993][T25069] netlink: 16 bytes leftover after parsing attributes in process `syz.3.8299'. [ 685.900307][ T1316] ieee802154 phy0 wpan0: encryption failed: -22 [ 685.906926][ T1316] ieee802154 phy1 wpan1: encryption failed: -22 [ 686.037092][T25083] FAULT_INJECTION: forcing a failure. [ 686.037092][T25083] name failslab, interval 1, probability 0, space 0, times 0 [ 686.052203][T25083] CPU: 1 UID: 0 PID: 25083 Comm: syz.0.8304 Tainted: G L syzkaller #0 PREEMPT(full) [ 686.052257][T25083] Tainted: [L]=SOFTLOCKUP [ 686.052269][T25083] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 686.052289][T25083] Call Trace: [ 686.052301][T25083] [ 686.052313][T25083] dump_stack_lvl+0x100/0x190 [ 686.052356][T25083] should_fail_ex.cold+0x5/0xa [ 686.052394][T25083] should_failslab+0xc2/0x120 [ 686.052437][T25083] __kmalloc_cache_noprof+0x91/0x6c0 [ 686.052489][T25083] ? __x64_sys_futex+0x34f/0x4d0 [ 686.052522][T25083] ? __x64_sys_futex+0x358/0x4d0 [ 686.052556][T25083] ? fsnotify_alloc_group+0x8d/0x320 [ 686.052600][T25083] fsnotify_alloc_group+0x8d/0x320 [ 686.052638][T25083] do_inotify_init+0x4b/0x5e0 [ 686.052687][T25083] __x64_sys_inotify_init1+0x30/0x40 [ 686.052744][T25083] do_syscall_64+0x115/0x840 [ 686.052794][T25083] ? clear_bhb_loop+0x40/0x90 [ 686.052847][T25083] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 686.052884][T25083] RIP: 0033:0x7f6fa5b9de59 [ 686.052912][T25083] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 686.052946][T25083] RSP: 002b:00007f6fa6aba028 EFLAGS: 00000246 ORIG_RAX: 0000000000000126 [ 686.052979][T25083] RAX: ffffffffffffffda RBX: 00007f6fa5e25fa0 RCX: 00007f6fa5b9de59 [ 686.053001][T25083] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0003000000000000 [ 686.053023][T25083] RBP: 00007f6fa5c33e6f R08: 0000000000000000 R09: 0000000000000000 [ 686.053043][T25083] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 686.053063][T25083] R13: 00007f6fa5e26038 R14: 00007f6fa5e25fa0 R15: 00007fff6a65e128 [ 686.053104][T25083] [ 686.483867][T25092] netlink: 326 bytes leftover after parsing attributes in process `syz.0.8308'. [ 686.636038][T25096] netlink: 'syz.1.8311': attribute type 2 has an invalid length. [ 687.476547][T25114] netlink: 'syz.3.8315': attribute type 4 has an invalid length. [ 688.899054][T25145] netlink: 334 bytes leftover after parsing attributes in process `syz.1.8328'. [ 689.207555][T25150] netlink: 342 bytes leftover after parsing attributes in process `syz.2.8330'. [ 689.233615][T25150] netlink: 342 bytes leftover after parsing attributes in process `syz.2.8330'. [ 690.795277][T25182] netlink: 8 bytes leftover after parsing attributes in process `syz.0.8341'. [ 693.680364][T25225] netlink: 28 bytes leftover after parsing attributes in process `syz.2.8352'. [ 694.353498][T25244] netlink: 342 bytes leftover after parsing attributes in process `syz.1.8358'. [ 694.388681][T25245] netlink: 342 bytes leftover after parsing attributes in process `syz.1.8358'. [ 696.277398][T25268] netlink: 206 bytes leftover after parsing attributes in process `syz.0.8365'. [ 696.307496][T25270] netlink: 28 bytes leftover after parsing attributes in process `syz.3.8364'. [ 696.412270][T25270] bond0: (slave bond_slave_0): Releasing backup interface [ 696.470989][T25275] netlink: 28 bytes leftover after parsing attributes in process `syz.2.8369'. [ 697.679371][T25302] netlink: 28 bytes leftover after parsing attributes in process `syz.1.8380'. [ 698.373886][T25295] Process accounting resumed [ 698.740250][T25330] netlink: 342 bytes leftover after parsing attributes in process `syz.0.8390'. [ 702.914418][T25374] FAULT_INJECTION: forcing a failure. [ 702.914418][T25374] name failslab, interval 1, probability 0, space 0, times 0 [ 702.952705][T25374] CPU: 0 UID: 0 PID: 25374 Comm: syz.3.8402 Tainted: G L syzkaller #0 PREEMPT(full) [ 702.952760][T25374] Tainted: [L]=SOFTLOCKUP [ 702.952772][T25374] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 702.952793][T25374] Call Trace: [ 702.952804][T25374] [ 702.952817][T25374] dump_stack_lvl+0x100/0x190 [ 702.952863][T25374] should_fail_ex.cold+0x5/0xa [ 702.952904][T25374] should_failslab+0xc2/0x120 [ 702.952959][T25374] kmem_cache_alloc_noprof+0x91/0x6a0 [ 702.953002][T25374] ? mas_preallocate+0x1105/0x14a0 [ 702.953049][T25374] mas_preallocate+0x1105/0x14a0 [ 702.953096][T25374] ? __pfx_mas_preallocate+0x10/0x10 [ 702.953148][T25374] ? anon_vma_name+0x5a/0x250 [ 702.953206][T25374] __split_vma+0x33d/0xda0 [ 702.953266][T25374] ? __pfx___split_vma+0x10/0x10 [ 702.953328][T25374] ? trace_hrtimer_start+0x77/0x220 [ 702.953375][T25374] vma_modify+0x1cf4/0x25c0 [ 702.953432][T25374] ? finish_task_switch.isra.0+0x2a0/0x10c0 [ 702.953502][T25374] ? __pfx_vma_modify+0x10/0x10 [ 702.953557][T25374] ? rcu_is_watching+0x12/0xc0 [ 702.953594][T25374] ? trace_sched_exit_tp+0x120/0x160 [ 702.953651][T25374] vma_modify_flags+0x257/0x3d0 [ 702.953708][T25374] ? __pfx_vma_modify_flags+0x10/0x10 [ 702.953782][T25374] ? futex_unqueue+0x13d/0x2c0 [ 702.953850][T25374] mlock_fixup+0x496/0xb50 [ 702.953912][T25374] ? __pfx_mlock_fixup+0x10/0x10 [ 702.953999][T25374] apply_vma_lock_flags+0x256/0x370 [ 702.954066][T25374] ? __pfx_apply_vma_lock_flags+0x10/0x10 [ 702.954124][T25374] ? __pfx___might_resched+0x10/0x10 [ 702.954186][T25374] ? __pfx_down_write_killable+0x10/0x10 [ 702.954248][T25374] ? do_futex+0x190/0x440 [ 702.954286][T25374] do_mlock+0x261/0x7f0 [ 702.954347][T25374] ? __pfx_do_mlock+0x10/0x10 [ 702.954401][T25374] ? __x64_sys_futex+0x34f/0x4d0 [ 702.954433][T25374] ? __x64_sys_futex+0x358/0x4d0 [ 702.954469][T25374] ? fput+0x79/0x100 [ 702.954503][T25374] ? __pfx___x64_sys_futex+0x10/0x10 [ 702.954536][T25374] ? ksys_write+0x1ac/0x250 [ 702.954586][T25374] ? __pfx_ksys_write+0x10/0x10 [ 702.954647][T25374] __x64_sys_mlock+0x59/0x80 [ 702.954682][T25374] do_syscall_64+0x115/0x840 [ 702.954731][T25374] ? clear_bhb_loop+0x40/0x90 [ 702.954773][T25374] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 702.954809][T25374] RIP: 0033:0x7f3ef379de59 [ 702.954845][T25374] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 702.954885][T25374] RSP: 002b:00007f3ef4617028 EFLAGS: 00000246 ORIG_RAX: 0000000000000095 [ 702.954919][T25374] RAX: ffffffffffffffda RBX: 00007f3ef3a25fa0 RCX: 00007f3ef379de59 [ 702.954941][T25374] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000001004 [ 702.954970][T25374] RBP: 00007f3ef3833e6f R08: 0000000000000000 R09: 0000000000000000 [ 702.954991][T25374] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 702.955011][T25374] R13: 00007f3ef3a26038 R14: 00007f3ef3a25fa0 R15: 00007ffc62608bb8 [ 702.955056][T25374] [ 703.363048][T25381] Process accounting paused [ 703.500155][T25386] netlink: 78 bytes leftover after parsing attributes in process `syz.1.8405'. [ 707.531320][T25484] netlink: 334 bytes leftover after parsing attributes in process `syz.1.8441'. [ 708.319007][T25502] netlink: 342 bytes leftover after parsing attributes in process `syz.2.8449'. [ 712.142347][T25580] netlink: 'syz.2.8475': attribute type 1 has an invalid length. [ 712.177220][T25580] netlink: 322 bytes leftover after parsing attributes in process `syz.2.8475'. [ 712.199313][T25580] netlink: 'syz.2.8475': attribute type 1 has an invalid length. [ 712.236518][T25580] netlink: 322 bytes leftover after parsing attributes in process `syz.2.8475'. [ 712.443332][T25592] netlink: 330 bytes leftover after parsing attributes in process `syz.2.8488'. [ 714.094034][T25587] kexec: Could not allocate control_code_buffer [ 716.967907][T25701] FAULT_INJECTION: forcing a failure. [ 716.967907][T25701] name failslab, interval 1, probability 0, space 0, times 0 [ 716.981155][T25701] CPU: 0 UID: 0 PID: 25701 Comm: syz.0.8523 Tainted: G L syzkaller #0 PREEMPT(full) [ 716.981207][T25701] Tainted: [L]=SOFTLOCKUP [ 716.981219][T25701] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 716.981240][T25701] Call Trace: [ 716.981251][T25701] [ 716.981264][T25701] dump_stack_lvl+0x100/0x190 [ 716.981304][T25701] should_fail_ex.cold+0x5/0xa [ 716.981337][T25701] should_failslab+0xc2/0x120 [ 716.981374][T25701] kmem_cache_alloc_noprof+0x91/0x6a0 [ 716.981409][T25701] ? seq_open+0x55/0x170 [ 716.981448][T25701] seq_open+0x55/0x170 [ 716.981484][T25701] __seq_open_private+0x3e/0xd0 [ 716.981523][T25701] __tracing_open+0x99/0xa80 [ 716.981557][T25701] tracing_open+0x26b/0x4d0 [ 716.981589][T25701] do_dentry_open+0x6ab/0x14d0 [ 716.981633][T25701] ? __pfx_tracing_open+0x10/0x10 [ 716.981669][T25701] vfs_open+0x82/0x3f0 [ 716.981706][T25701] path_openat+0x2873/0x4280 [ 716.981766][T25701] ? __pfx_path_openat+0x10/0x10 [ 716.981821][T25701] do_file_open+0x20e/0x430 [ 716.981869][T25701] ? __pfx_do_file_open+0x10/0x10 [ 716.981940][T25701] ? alloc_fd+0x471/0x7a0 [ 716.981986][T25701] ? do_getname+0x191/0x390 [ 716.982021][T25701] do_sys_openat2+0x10f/0x1e0 [ 716.982055][T25701] ? __pfx_do_sys_openat2+0x10/0x10 [ 716.982107][T25701] ? __fget_files+0x21f/0x3d0 [ 716.982157][T25701] __x64_sys_openat+0x12d/0x210 [ 716.982194][T25701] ? __pfx___x64_sys_openat+0x10/0x10 [ 716.982244][T25701] do_syscall_64+0x115/0x840 [ 716.982287][T25701] ? clear_bhb_loop+0x40/0x90 [ 716.982323][T25701] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 716.982354][T25701] RIP: 0033:0x7f6fa5b9de59 [ 716.982379][T25701] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 716.982409][T25701] RSP: 002b:00007f6fa6aba028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 716.982438][T25701] RAX: ffffffffffffffda RBX: 00007f6fa5e25fa0 RCX: 00007f6fa5b9de59 [ 716.982458][T25701] RDX: 0000000000082000 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 716.982478][T25701] RBP: 00007f6fa5c33e6f R08: 0000000000000000 R09: 0000000000000000 [ 716.982496][T25701] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 716.982514][T25701] R13: 00007f6fa5e26038 R14: 00007f6fa5e25fa0 R15: 00007fff6a65e128 [ 716.982552][T25701] [ 717.615751][T23146] Bluetooth: hci1: SCO packet for unknown connection handle 3 [ 718.594514][T25737] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8536'. [ 718.654590][T25740] netlink: 354 bytes leftover after parsing attributes in process `syz.3.8536'. [ 719.172489][T25750] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 719.431553][T25759] tipc: Trying to set illegal importance in message [ 719.583002][T25756] FAULT_INJECTION: forcing a failure. [ 719.583002][T25756] name failslab, interval 1, probability 0, space 0, times 0 [ 719.632011][T25756] CPU: 1 UID: 0 PID: 25756 Comm: syz.0.8541 Tainted: G L syzkaller #0 PREEMPT(full) [ 719.632065][T25756] Tainted: [L]=SOFTLOCKUP [ 719.632078][T25756] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 719.632098][T25756] Call Trace: [ 719.632109][T25756] [ 719.632122][T25756] dump_stack_lvl+0x100/0x190 [ 719.632166][T25756] should_fail_ex.cold+0x5/0xa [ 719.632203][T25756] should_failslab+0xc2/0x120 [ 719.632245][T25756] __kmalloc_cache_noprof+0x91/0x6c0 [ 719.632296][T25756] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 719.632351][T25756] ? usbdev_open+0x9d/0x870 [ 719.632404][T25756] usbdev_open+0x9d/0x870 [ 719.632453][T25756] ? do_raw_spin_lock+0x128/0x260 [ 719.632491][T25756] ? __pfx_usbdev_open+0x10/0x10 [ 719.632533][T25756] ? chrdev_open+0x589/0x6a0 [ 719.632584][T25756] ? chrdev_open+0x589/0x6a0 [ 719.632638][T25756] ? __pfx_usbdev_open+0x10/0x10 [ 719.632679][T25756] chrdev_open+0x234/0x6a0 [ 719.632729][T25756] ? __pfx_chrdev_open+0x10/0x10 [ 719.632793][T25756] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 719.632835][T25756] do_dentry_open+0x6ab/0x14d0 [ 719.632886][T25756] ? __pfx_chrdev_open+0x10/0x10 [ 719.632946][T25756] vfs_open+0x82/0x3f0 [ 719.632988][T25756] path_openat+0x2873/0x4280 [ 719.633059][T25756] ? __pfx_path_openat+0x10/0x10 [ 719.633123][T25756] do_file_open+0x20e/0x430 [ 719.633177][T25756] ? __pfx_do_file_open+0x10/0x10 [ 719.633258][T25756] ? alloc_fd+0x471/0x7a0 [ 719.633313][T25756] ? do_getname+0x191/0x390 [ 719.633354][T25756] do_sys_openat2+0x10f/0x1e0 [ 719.633394][T25756] ? __pfx_do_sys_openat2+0x10/0x10 [ 719.633436][T25756] ? do_raw_spin_lock+0x128/0x260 [ 719.633483][T25756] __x64_sys_openat+0x12d/0x210 [ 719.633525][T25756] ? __pfx___x64_sys_openat+0x10/0x10 [ 719.633579][T25756] do_syscall_64+0x115/0x840 [ 719.633631][T25756] ? clear_bhb_loop+0x40/0x90 [ 719.633672][T25756] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 719.633706][T25756] RIP: 0033:0x7f6fa5b9de59 [ 719.633733][T25756] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 719.633766][T25756] RSP: 002b:00007f6fa6a99028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 719.633806][T25756] RAX: ffffffffffffffda RBX: 00007f6fa5e26090 RCX: 00007f6fa5b9de59 [ 719.633828][T25756] RDX: 000000000000a901 RSI: 0000200000000140 RDI: ffffffffffffff9c [ 719.633850][T25756] RBP: 00007f6fa5c33e6f R08: 0000000000000000 R09: 0000000000000000 [ 719.633874][T25756] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 719.633893][T25756] R13: 00007f6fa5e26128 R14: 00007f6fa5e26090 R15: 00007fff6a65e128 [ 719.633935][T25756] [ 722.332722][T25807] netlink: 326 bytes leftover after parsing attributes in process `syz.2.8559'. [ 722.517056][T25813] block nbd3: Unsupported socket: should be TCP or UNIX. [ 723.178129][T25830] netlink: 218 bytes leftover after parsing attributes in process `syz.3.8568'. [ 723.719820][T25849] netlink: 342 bytes leftover after parsing attributes in process `syz.3.8575'. [ 727.179605][T25917] netlink: 36 bytes leftover after parsing attributes in process `syz.1.8600'. [ 728.848750][T25949] netlink: 334 bytes leftover after parsing attributes in process `syz.1.8612'. [ 729.085391][T25956] netlink: 12 bytes leftover after parsing attributes in process `syz.1.8615'. [ 729.117319][T25941] Process accounting paused [ 729.558126][T25966] netlink: 342 bytes leftover after parsing attributes in process `syz.2.8620'. [ 729.603383][T25966] netlink: 342 bytes leftover after parsing attributes in process `syz.2.8620'. [ 731.863742][T26013] netlink: 114 bytes leftover after parsing attributes in process `syz.0.8638'. [ 731.911661][T26016] kernel read not supported for file /sg0 (pid: 26016 comm: syz.2.8639) [ 732.021931][T26018] netlink: 'syz.0.8648': attribute type 15 has an invalid length. [ 732.030231][T26018] netlink: 186 bytes leftover after parsing attributes in process `syz.0.8648'. [ 732.156491][ T5637] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 732.172959][ T5637] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 732.189019][ T5637] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 732.197400][ T5637] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 732.206789][ T5637] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 732.223261][T26023] x_tables: duplicate underflow at hook 4 [ 734.185094][T26022] bridge0: port 1(bridge_slave_0) entered blocking state [ 734.205989][T26022] bridge0: port 1(bridge_slave_0) entered disabled state [ 734.224967][T26022] bridge_slave_0: entered allmulticast mode [ 734.244807][T26070] netlink: 130 bytes leftover after parsing attributes in process `syz.2.8654'. [ 734.267750][T26022] bridge_slave_0: entered promiscuous mode [ 734.292537][T26022] bridge0: port 2(bridge_slave_1) entered blocking state [ 734.299993][T23146] Bluetooth: hci1: command tx timeout [ 734.327442][T26022] bridge0: port 2(bridge_slave_1) entered disabled state [ 734.336001][T26022] bridge_slave_1: entered allmulticast mode [ 734.344139][T26022] bridge_slave_1: entered promiscuous mode [ 734.393689][T26022] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 734.407880][T26022] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 734.480448][T26022] team0: Port device team_slave_0 added [ 734.503596][T26022] team0: Port device team_slave_1 added [ 734.593211][T26022] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 734.613546][T26022] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 734.665712][T26022] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 734.730781][T26022] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 734.751125][T26022] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 734.829669][T26022] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 734.870333][T26078] netlink: 3 bytes leftover after parsing attributes in process `syz.2.8657'. [ 734.998199][T26022] hsr_slave_0: entered promiscuous mode [ 735.009119][T26022] hsr_slave_1: entered promiscuous mode [ 735.023516][T26022] debugfs: 'hsr0' already exists in 'hsr' [ 735.035697][T26022] Cannot create hsr debugfs directory [ 735.511609][T26022] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 735.709338][T26022] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 735.850728][T26022] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 735.995340][T26022] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 736.103229][T26099] netlink: 20 bytes leftover after parsing attributes in process `syz.2.8664'. [ 736.252471][T26101] netlink: 22 bytes leftover after parsing attributes in process `syz.2.8665'. [ 736.375858][T23146] Bluetooth: hci1: command tx timeout [ 736.647610][T26022] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 736.705648][T26022] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 736.730400][T26022] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 736.764158][T26022] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 736.778977][T26022] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 736.812285][T26022] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 736.832791][T26022] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 736.874355][T26022] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 737.013884][T26115] netlink: 'syz.1.8669': attribute type 4 has an invalid length. [ 737.041987][T26115] netlink: 314 bytes leftover after parsing attributes in process `syz.1.8669'. [ 737.083370][T26022] 8021q: adding VLAN 0 to HW filter on device bond0 [ 737.159885][T26022] 8021q: adding VLAN 0 to HW filter on device team0 [ 737.191827][ T48] bridge0: port 1(bridge_slave_0) entered blocking state [ 737.199138][ T48] bridge0: port 1(bridge_slave_0) entered forwarding state [ 737.249247][ T1171] bridge0: port 2(bridge_slave_1) entered blocking state [ 737.256528][ T1171] bridge0: port 2(bridge_slave_1) entered forwarding state [ 738.269278][T26022] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 738.407588][T26022] veth0_vlan: entered promiscuous mode [ 738.441427][T26022] veth1_vlan: entered promiscuous mode [ 738.455924][T23146] Bluetooth: hci1: command tx timeout [ 738.581394][T26022] veth0_macvtap: entered promiscuous mode [ 738.614671][T26022] veth1_macvtap: entered promiscuous mode [ 738.653550][T26022] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 738.704437][T26022] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 738.742161][ T14] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 738.757258][ T14] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 738.794409][ T14] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 738.815364][ T14] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 739.092897][ T14] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 739.106189][ T14] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 739.187767][ T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 739.204650][ T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 740.419226][T26182] netlink: 'syz.2.8687': attribute type 1 has an invalid length. [ 740.535716][T23146] Bluetooth: hci1: command tx timeout [ 744.328973][T26278] netlink: 342 bytes leftover after parsing attributes in process `syz.1.8724'. [ 744.386956][T26278] netlink: 342 bytes leftover after parsing attributes in process `syz.1.8724'. [ 745.110194][T26301] FAULT_INJECTION: forcing a failure. [ 745.110194][T26301] name failslab, interval 1, probability 0, space 0, times 0 [ 745.124368][T26301] CPU: 0 UID: 0 PID: 26301 Comm: syz.3.8730 Tainted: G L syzkaller #0 PREEMPT(full) [ 745.124417][T26301] Tainted: [L]=SOFTLOCKUP [ 745.124435][T26301] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 745.124455][T26301] Call Trace: [ 745.124465][T26301] [ 745.124477][T26301] dump_stack_lvl+0x100/0x190 [ 745.124519][T26301] should_fail_ex.cold+0x5/0xa [ 745.124553][T26301] should_failslab+0xc2/0x120 [ 745.124591][T26301] kmem_cache_alloc_noprof+0x91/0x6a0 [ 745.124627][T26301] ? __pmd_alloc+0xbf/0x950 [ 745.124671][T26301] __pmd_alloc+0xbf/0x950 [ 745.124712][T26301] move_page_tables+0x2f7c/0x4610 [ 745.124762][T26301] ? __pfx_copy_vma+0x10/0x10 [ 745.124803][T26301] ? __pfx_move_page_tables+0x10/0x10 [ 745.124876][T26301] copy_vma_and_data+0x25c/0x7c0 [ 745.124928][T26301] ? __pfx_copy_vma_and_data+0x10/0x10 [ 745.124991][T26301] ? __vma_start_write+0x17f/0x280 [ 745.125034][T26301] ? __pfx___vma_start_write+0x10/0x10 [ 745.125086][T26301] move_vma+0x574/0x1920 [ 745.125148][T26301] ? __pfx_move_vma+0x10/0x10 [ 745.125199][T26301] ? mm_get_unmapped_area_vmflags+0xd7/0x130 [ 745.125239][T26301] ? cap_mmap_addr+0x4b/0x120 [ 745.125284][T26301] ? bpf_lsm_mmap_addr+0x9/0x30 [ 745.125326][T26301] ? security_mmap_addr+0x71/0x1e0 [ 745.125360][T26301] ? __get_unmapped_area+0x255/0x3e0 [ 745.125402][T26301] ? vrm_set_new_addr+0x204/0x290 [ 745.125451][T26301] mremap_to+0x234/0x4c0 [ 745.125477][T26301] ? mas_walk+0x6ef/0x9b0 [ 745.125529][T26301] ? __pfx_mremap_to+0x10/0x10 [ 745.125559][T26301] ? check_prep_vma+0x912/0xe60 [ 745.125621][T26301] __do_sys_mremap+0x88c/0x1850 [ 745.125665][T26301] ? __pfx___do_sys_mremap+0x10/0x10 [ 745.125691][T26301] ? ksys_write+0x190/0x250 [ 745.125743][T26301] ? __pfx_do_futex+0x10/0x10 [ 745.125781][T26301] ? __x64_sys_futex+0x34f/0x4d0 [ 745.125831][T26301] do_syscall_64+0x115/0x840 [ 745.125871][T26301] ? clear_bhb_loop+0x40/0x90 [ 745.125907][T26301] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 745.125937][T26301] RIP: 0033:0x7f7c5a79de59 [ 745.125962][T26301] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 745.125992][T26301] RSP: 002b:00007f7c5b6f9028 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 745.126020][T26301] RAX: ffffffffffffffda RBX: 00007f7c5aa25fa0 RCX: 00007f7c5a79de59 [ 745.126041][T26301] RDX: 0000000000000004 RSI: 0000000000000004 RDI: 0000200000000000 [ 745.126059][T26301] RBP: 00007f7c5a833e6f R08: 0000000100000000 R09: 0000000000000000 [ 745.126077][T26301] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000000 [ 745.126094][T26301] R13: 00007f7c5aa26038 R14: 00007f7c5aa25fa0 R15: 00007ffe116d7768 [ 745.126143][T26301] [ 745.694476][T26316] netlink: 28 bytes leftover after parsing attributes in process `syz.1.8738'. [ 747.339172][ T1316] ieee802154 phy0 wpan0: encryption failed: -22 [ 747.345725][ T1316] ieee802154 phy1 wpan1: encryption failed: -22 [ 747.397504][T26345] FAULT_INJECTION: forcing a failure. [ 747.397504][T26345] name failslab, interval 1, probability 0, space 0, times 0 [ 747.414233][T26345] CPU: 0 UID: 0 PID: 26345 Comm: syz.3.8746 Tainted: G L syzkaller #0 PREEMPT(full) [ 747.414289][T26345] Tainted: [L]=SOFTLOCKUP [ 747.414302][T26345] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 747.414322][T26345] Call Trace: [ 747.414334][T26345] [ 747.414346][T26345] dump_stack_lvl+0x100/0x190 [ 747.414392][T26345] should_fail_ex.cold+0x5/0xa [ 747.414431][T26345] should_failslab+0xc2/0x120 [ 747.414476][T26345] __kmalloc_cache_noprof+0x91/0x6c0 [ 747.414533][T26345] ? newque+0xa3/0x680 [ 747.414675][T26345] newque+0xa3/0x680 [ 747.414724][T26345] ipcget+0xee/0xf50 [ 747.414771][T26345] ? __pfx_do_futex+0x10/0x10 [ 747.414808][T26345] ? find_held_lock+0x2b/0x80 [ 747.414848][T26345] ? __pfx_ipcget+0x10/0x10 [ 747.414899][T26345] ? __x64_sys_futex+0x34f/0x4d0 [ 747.414931][T26345] ? __x64_sys_futex+0x358/0x4d0 [ 747.414973][T26345] __x64_sys_msgget+0x125/0x1a0 [ 747.415027][T26345] ? __pfx___x64_sys_msgget+0x10/0x10 [ 747.415088][T26345] do_syscall_64+0x115/0x840 [ 747.415150][T26345] ? clear_bhb_loop+0x40/0x90 [ 747.415192][T26345] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 747.415227][T26345] RIP: 0033:0x7f7c5a79de59 [ 747.415254][T26345] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 747.415288][T26345] RSP: 002b:00007f7c5b6f9028 EFLAGS: 00000246 ORIG_RAX: 0000000000000044 [ 747.415321][T26345] RAX: ffffffffffffffda RBX: 00007f7c5aa25fa0 RCX: 00007f7c5a79de59 [ 747.415343][T26345] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000000 [ 747.415363][T26345] RBP: 00007f7c5a833e6f R08: 0000000000000000 R09: 0000000000000000 [ 747.415384][T26345] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 747.415403][T26345] R13: 00007f7c5aa26038 R14: 00007f7c5aa25fa0 R15: 00007ffe116d7768 [ 747.415446][T26345] [ 747.668473][T26343] FAULT_INJECTION: forcing a failure. [ 747.668473][T26343] name failslab, interval 1, probability 0, space 0, times 0 [ 747.706269][T26343] CPU: 1 UID: 0 PID: 26343 Comm: syz.0.8745 Tainted: G L syzkaller #0 PREEMPT(full) [ 747.706324][T26343] Tainted: [L]=SOFTLOCKUP [ 747.706336][T26343] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 747.706356][T26343] Call Trace: [ 747.706366][T26343] [ 747.706378][T26343] dump_stack_lvl+0x100/0x190 [ 747.706423][T26343] should_fail_ex.cold+0x5/0xa [ 747.706462][T26343] should_failslab+0xc2/0x120 [ 747.706507][T26343] __kmalloc_cache_noprof+0x91/0x6c0 [ 747.706559][T26343] ? __lock_acquire+0x49f/0x1a40 [ 747.706610][T26343] ? tty_open+0x139/0xfa0 [ 747.706769][T26343] ? __pfx_tty_open+0x10/0x10 [ 747.706816][T26343] tty_open+0x139/0xfa0 [ 747.706864][T26343] ? __pfx_tty_open+0x10/0x10 [ 747.706904][T26343] ? chrdev_open+0x10b/0x6a0 [ 747.706957][T26343] ? chrdev_open+0x10b/0x6a0 [ 747.707014][T26343] ? __pfx_tty_open+0x10/0x10 [ 747.707055][T26343] chrdev_open+0x234/0x6a0 [ 747.707125][T26343] ? __pfx_apparmor_file_open+0x10/0x10 [ 747.707182][T26343] ? __pfx_chrdev_open+0x10/0x10 [ 747.707239][T26343] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 747.707284][T26343] do_dentry_open+0x6ab/0x14d0 [ 747.707338][T26343] ? __pfx_chrdev_open+0x10/0x10 [ 747.707402][T26343] vfs_open+0x82/0x3f0 [ 747.707445][T26343] path_openat+0x2873/0x4280 [ 747.707518][T26343] ? __pfx_path_openat+0x10/0x10 [ 747.707584][T26343] do_file_open+0x20e/0x430 [ 747.707642][T26343] ? __pfx_do_file_open+0x10/0x10 [ 747.707729][T26343] ? alloc_fd+0x471/0x7a0 [ 747.707791][T26343] ? do_getname+0x191/0x390 [ 747.707834][T26343] do_sys_openat2+0x10f/0x1e0 [ 747.707875][T26343] ? __pfx_do_sys_openat2+0x10/0x10 [ 747.707919][T26343] ? do_raw_spin_lock+0x128/0x260 [ 747.707962][T26343] __x64_sys_openat+0x12d/0x210 [ 747.708004][T26343] ? __pfx___x64_sys_openat+0x10/0x10 [ 747.708063][T26343] do_syscall_64+0x115/0x840 [ 747.708114][T26343] ? clear_bhb_loop+0x40/0x90 [ 747.708156][T26343] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 747.708192][T26343] RIP: 0033:0x7f6fa5b9de59 [ 747.708222][T26343] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 747.708255][T26343] RSP: 002b:00007f6fa6a99028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 747.708288][T26343] RAX: ffffffffffffffda RBX: 00007f6fa5e26090 RCX: 00007f6fa5b9de59 [ 747.708313][T26343] RDX: 0000000000103e81 RSI: 0000200000000400 RDI: ffffffffffffff9c [ 747.708336][T26343] RBP: 00007f6fa5c33e6f R08: 0000000000000000 R09: 0000000000000000 [ 747.708357][T26343] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 747.708377][T26343] R13: 00007f6fa5e26128 R14: 00007f6fa5e26090 R15: 00007fff6a65e128 [ 747.708420][T26343] [ 748.279536][T26353] netlink: 'syz.3.8749': attribute type 1 has an invalid length. [ 748.980321][T26370] netlink: 342 bytes leftover after parsing attributes in process `syz.3.8755'. [ 750.978417][T26426] netlink: 330 bytes leftover after parsing attributes in process `syz.0.8776'. [ 751.644262][T26440] FAULT_INJECTION: forcing a failure. [ 751.644262][T26440] name failslab, interval 1, probability 0, space 0, times 0 [ 751.705557][T26440] CPU: 1 UID: 0 PID: 26440 Comm: syz.0.8782 Tainted: G L syzkaller #0 PREEMPT(full) [ 751.705609][T26440] Tainted: [L]=SOFTLOCKUP [ 751.705622][T26440] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 751.705643][T26440] Call Trace: [ 751.705654][T26440] [ 751.705666][T26440] dump_stack_lvl+0x100/0x190 [ 751.705709][T26440] should_fail_ex.cold+0x5/0xa [ 751.705747][T26440] should_failslab+0xc2/0x120 [ 751.705794][T26440] kmem_cache_alloc_noprof+0x91/0x6a0 [ 751.705847][T26440] ? jbd2__journal_start+0x194/0x6a0 [ 751.705989][T26440] jbd2__journal_start+0x194/0x6a0 [ 751.706030][T26440] __ext4_journal_start_sb+0x367/0x670 [ 751.706126][T26440] ? ext4_dirty_inode+0xa1/0x130 [ 751.706223][T26440] ? __pfx_ext4_dirty_inode+0x10/0x10 [ 751.706271][T26440] ext4_dirty_inode+0xa1/0x130 [ 751.706318][T26440] ? rcu_is_watching+0x12/0xc0 [ 751.706353][T26440] __mark_inode_dirty+0x1f3/0x16e0 [ 751.706437][T26440] file_update_time_flags+0x46b/0x500 [ 751.706474][T26440] file_modified+0x36/0x50 [ 751.706503][T26440] ext4_fallocate+0x2c8/0x3c80 [ 751.706553][T26440] ? __pfx_ext4_fallocate+0x10/0x10 [ 751.706602][T26440] ? __pfx_ext4_fallocate+0x10/0x10 [ 751.706643][T26440] vfs_fallocate+0x576/0x10a0 [ 751.706690][T26440] ? __pfx_vfs_fallocate+0x10/0x10 [ 751.706731][T26440] ? madvise_vma_behavior+0x1258/0x2240 [ 751.706771][T26440] ? madvise_vma_behavior+0x1258/0x2240 [ 751.706826][T26440] madvise_vma_behavior+0x909/0x2240 [ 751.706872][T26440] ? __pfx_madvise_vma_behavior+0x10/0x10 [ 751.706944][T26440] ? find_vma_prev+0xd8/0x150 [ 751.706984][T26440] ? __pfx_find_vma_prev+0x10/0x10 [ 751.707031][T26440] ? __futex_wait+0x256/0x300 [ 751.707074][T26440] madvise_walk_vmas+0x2fe/0xa90 [ 751.707121][T26440] ? __pfx_madvise_walk_vmas+0x10/0x10 [ 751.707172][T26440] madvise_do_behavior+0x1ea/0x510 [ 751.707216][T26440] ? __pfx_madvise_do_behavior+0x10/0x10 [ 751.707259][T26440] ? down_read+0x13b/0x4c0 [ 751.707303][T26440] ? __pfx_futex_wait+0x10/0x10 [ 751.707359][T26440] do_madvise+0x238/0x290 [ 751.707409][T26440] ? __pfx_do_madvise+0x10/0x10 [ 751.707457][T26440] ? do_futex+0x190/0x440 [ 751.707498][T26440] ? __fget_files+0x21f/0x3d0 [ 751.707569][T26440] ? __pfx_do_preadv+0x10/0x10 [ 751.707626][T26440] __x64_sys_madvise+0xa9/0x110 [ 751.707676][T26440] ? lockdep_hardirqs_on+0x78/0x100 [ 751.707726][T26440] do_syscall_64+0x115/0x840 [ 751.707777][T26440] ? clear_bhb_loop+0x40/0x90 [ 751.707831][T26440] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 751.707868][T26440] RIP: 0033:0x7f6fa5b9de59 [ 751.707896][T26440] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 751.707930][T26440] RSP: 002b:00007f6fa6aba028 EFLAGS: 00000246 ORIG_RAX: 000000000000001c [ 751.707964][T26440] RAX: ffffffffffffffda RBX: 00007f6fa5e25fa0 RCX: 00007f6fa5b9de59 [ 751.707987][T26440] RDX: 0000000000000009 RSI: 00000000008031ca RDI: 000000110c230000 [ 751.708009][T26440] RBP: 00007f6fa5c33e6f R08: 0000000000000000 R09: 0000000000000000 [ 751.708030][T26440] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 751.708051][T26440] R13: 00007f6fa5e26038 R14: 00007f6fa5e25fa0 R15: 00007fff6a65e128 [ 751.708096][T26440] [ 752.662364][T26450] netlink: 'syz.3.8794': attribute type 3 has an invalid length. [ 752.684017][T26451] netlink: 8 bytes leftover after parsing attributes in process `syz.1.8793'. [ 752.727805][T26451] netlink: 8 bytes leftover after parsing attributes in process `syz.1.8793'. [ 752.818509][T26459] netlink: 'syz.0.8786': attribute type 1 has an invalid length. [ 753.315201][T26471] netlink: 334 bytes leftover after parsing attributes in process `syz.0.8791'. [ 753.522115][T26479] netlink: 28 bytes leftover after parsing attributes in process `syz.3.8796'. [ 753.897637][T26484] netlink: 330 bytes leftover after parsing attributes in process `syz.1.8798'. [ 754.036750][T26486] FAULT_INJECTION: forcing a failure. [ 754.036750][T26486] name failslab, interval 1, probability 0, space 0, times 0 [ 754.070880][T26486] CPU: 1 UID: 0 PID: 26486 Comm: syz.3.8797 Tainted: G L syzkaller #0 PREEMPT(full) [ 754.070942][T26486] Tainted: [L]=SOFTLOCKUP [ 754.070956][T26486] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 754.070979][T26486] Call Trace: [ 754.070991][T26486] [ 754.071005][T26486] dump_stack_lvl+0x100/0x190 [ 754.071055][T26486] should_fail_ex.cold+0x5/0xa [ 754.071101][T26486] should_failslab+0xc2/0x120 [ 754.071153][T26486] kmem_cache_alloc_lru_noprof+0x8d/0x6a0 [ 754.071202][T26486] ? __d_alloc+0x35/0xa50 [ 754.071247][T26486] __d_alloc+0x35/0xa50 [ 754.071294][T26486] d_alloc+0x4a/0x1e0 [ 754.071333][T26486] lookup_one_qstr_excl+0x171/0x250 [ 754.071385][T26486] start_dirop+0x59/0xb0 [ 754.071443][T26486] simple_start_creating+0xf9/0x110 [ 754.071503][T26486] ? __pfx_simple_start_creating+0x10/0x10 [ 754.071565][T26486] ? mntput+0x70/0xa0 [ 754.071628][T26486] ? simple_pin_fs+0xa3/0x190 [ 754.071685][T26486] debugfs_start_creating.part.0+0x82/0x170 [ 754.071861][T26486] __debugfs_create_file+0xb3/0x4f0 [ 754.071923][T26486] debugfs_create_file_full+0x41/0x60 [ 754.071979][T26486] ref_tracker_dir_debugfs+0x19e/0x2e0 [ 754.072047][T26486] ? __pfx_ref_tracker_dir_debugfs+0x10/0x10 [ 754.072104][T26486] ? ida_alloc_range+0x70d/0x830 [ 754.072199][T26486] ? kasan_save_track+0x14/0x30 [ 754.072241][T26486] ? __kasan_kmalloc+0xaa/0xb0 [ 754.072287][T26486] ? lockdep_init_map_type+0x5c/0x250 [ 754.072356][T26486] preinit_net.part.0+0x252/0x920 [ 754.072407][T26486] copy_net_ns+0x339/0x7c0 [ 754.072462][T26486] create_new_namespaces+0x3ea/0xac0 [ 754.072539][T26486] unshare_nsproxy_namespaces+0xf2/0x220 [ 754.072618][T26486] ksys_unshare+0x438/0xab0 [ 754.072669][T26486] ? __pfx_ksys_unshare+0x10/0x10 [ 754.072733][T26486] __x64_sys_unshare+0x31/0x40 [ 754.072780][T26486] do_syscall_64+0x115/0x840 [ 754.072836][T26486] ? clear_bhb_loop+0x40/0x90 [ 754.072885][T26486] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 754.072927][T26486] RIP: 0033:0x7f7c5a79de59 [ 754.072959][T26486] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 754.072997][T26486] RSP: 002b:00007f7c5b6f9028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 754.073036][T26486] RAX: ffffffffffffffda RBX: 00007f7c5aa25fa0 RCX: 00007f7c5a79de59 [ 754.073062][T26486] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 754.073086][T26486] RBP: 00007f7c5a833e6f R08: 0000000000000000 R09: 0000000000000000 [ 754.073110][T26486] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 754.073133][T26486] R13: 00007f7c5aa26038 R14: 00007f7c5aa25fa0 R15: 00007ffe116d7768 [ 754.073185][T26486] [ 754.572985][T26498] netlink: 'syz.1.8803': attribute type 1 has an invalid length. [ 755.108689][T26503] FAULT_INJECTION: forcing a failure. [ 755.108689][T26503] name failslab, interval 1, probability 0, space 0, times 0 [ 755.145182][T26503] CPU: 1 UID: 0 PID: 26503 Comm: syz.0.8804 Tainted: G L syzkaller #0 PREEMPT(full) [ 755.145240][T26503] Tainted: [L]=SOFTLOCKUP [ 755.145253][T26503] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 755.145273][T26503] Call Trace: [ 755.145284][T26503] [ 755.145297][T26503] dump_stack_lvl+0x100/0x190 [ 755.145342][T26503] should_fail_ex.cold+0x5/0xa [ 755.145381][T26503] should_failslab+0xc2/0x120 [ 755.145427][T26503] kmem_cache_alloc_noprof+0x91/0x6a0 [ 755.145467][T26503] ? __pmd_alloc+0xbf/0x950 [ 755.145518][T26503] __pmd_alloc+0xbf/0x950 [ 755.145567][T26503] move_page_tables+0x2f7c/0x4610 [ 755.145626][T26503] ? __pfx_copy_vma+0x10/0x10 [ 755.145673][T26503] ? __pfx_move_page_tables+0x10/0x10 [ 755.145758][T26503] copy_vma_and_data+0x25c/0x7c0 [ 755.145817][T26503] ? __pfx_copy_vma_and_data+0x10/0x10 [ 755.145884][T26503] ? __vma_start_write+0x17f/0x280 [ 755.145932][T26503] ? __pfx___vma_start_write+0x10/0x10 [ 755.146004][T26503] move_vma+0x574/0x1920 [ 755.146067][T26503] ? __pfx_move_vma+0x10/0x10 [ 755.146128][T26503] ? mm_get_unmapped_area_vmflags+0xd7/0x130 [ 755.146175][T26503] ? cap_mmap_addr+0x4b/0x120 [ 755.146226][T26503] ? bpf_lsm_mmap_addr+0x9/0x30 [ 755.146278][T26503] ? security_mmap_addr+0x71/0x1e0 [ 755.146319][T26503] ? __get_unmapped_area+0x255/0x3e0 [ 755.146368][T26503] ? vrm_set_new_addr+0x204/0x290 [ 755.146428][T26503] mremap_to+0x234/0x4c0 [ 755.146459][T26503] ? mas_walk+0x6ef/0x9b0 [ 755.146510][T26503] ? __pfx_mremap_to+0x10/0x10 [ 755.146541][T26503] ? check_prep_vma+0x912/0xe60 [ 755.146605][T26503] __do_sys_mremap+0x88c/0x1850 [ 755.146654][T26503] ? __pfx___do_sys_mremap+0x10/0x10 [ 755.146686][T26503] ? ksys_write+0x190/0x250 [ 755.146747][T26503] ? __pfx_do_futex+0x10/0x10 [ 755.146793][T26503] ? __x64_sys_futex+0x34f/0x4d0 [ 755.146853][T26503] do_syscall_64+0x115/0x840 [ 755.146902][T26503] ? clear_bhb_loop+0x40/0x90 [ 755.146944][T26503] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 755.146986][T26503] RIP: 0033:0x7f6fa5b9de59 [ 755.147014][T26503] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 755.147049][T26503] RSP: 002b:00007f6fa6aba028 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 755.147083][T26503] RAX: ffffffffffffffda RBX: 00007f6fa5e25fa0 RCX: 00007f6fa5b9de59 [ 755.147106][T26503] RDX: 0000000000000004 RSI: 0000000000000004 RDI: 0000200000000000 [ 755.147127][T26503] RBP: 00007f6fa5c33e6f R08: 0000000100000000 R09: 0000000000000000 [ 755.147148][T26503] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000000 [ 755.147168][T26503] R13: 00007f6fa5e26038 R14: 00007f6fa5e25fa0 R15: 00007fff6a65e128 [ 755.147212][T26503] [ 755.759005][T26518] netlink: 330 bytes leftover after parsing attributes in process `syz.3.8812'. [ 755.907650][T26521] netlink: 28 bytes leftover after parsing attributes in process `syz.2.8814'. [ 756.249794][T21865] bridge0: port 5(syz_tun) entered disabled state [ 756.294706][T21865] syz_tun (unregistering): left allmulticast mode [ 756.304767][T21865] syz_tun (unregistering): left promiscuous mode [ 756.332410][T21865] bridge0: port 5(syz_tun) entered disabled state [ 756.375441][T26530] netlink: 342 bytes leftover after parsing attributes in process `syz.2.8819'. [ 756.702929][ T1171] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 756.738916][T26537] syz.1.8826(26537): Attempt to set a LOCK_MAND lock via flock(2). This support has been removed and the request ignored. [ 757.007746][ T1171] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 757.241215][ T5637] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 757.258696][ T5637] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 757.268728][ T5637] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 757.278632][ T5637] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 757.287673][ T5637] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 757.463626][ T1171] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 757.680501][T26553] netlink: 326 bytes leftover after parsing attributes in process `syz.1.8823'. [ 757.695096][ T1171] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 757.963594][T26559] netlink: 326 bytes leftover after parsing attributes in process `syz.2.8825'. [ 758.213054][T26564] netlink: 342 bytes leftover after parsing attributes in process `syz.3.8828'. [ 758.264392][ T1171] batadv0: left allmulticast mode [ 758.288452][ T1171] batadv0: left promiscuous mode [ 758.315558][ T1171] bridge0: port 4(batadv0) entered disabled state [ 758.357621][ T1171] dummy0: left allmulticast mode [ 758.383298][ T1171] dummy0: left promiscuous mode [ 758.409331][ T1171] bridge0: port 3(dummy0) entered disabled state [ 758.464533][ T1171] bridge_slave_1: left allmulticast mode [ 758.476976][ T1171] bridge_slave_1: left promiscuous mode [ 758.488802][ T1171] bridge0: port 2(bridge_slave_1) entered disabled state [ 758.510850][ T1171] bridge_slave_0: left allmulticast mode [ 758.525604][ T1171] bridge_slave_0: left promiscuous mode [ 758.538838][ T1171] bridge0: port 1(bridge_slave_0) entered disabled state [ 758.575759][T26580] netlink: 'syz.1.8831': attribute type 1 has an invalid length. [ 758.900380][ T1171] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 758.914304][ T1171] bond0 (unregistering): Released all slaves [ 759.037444][ T1171] : left promiscuous mode [ 759.179921][ T1171] &#$@\]\-: left promiscuous mode [ 759.265445][ T5286] 8021q: adding VLAN 0 to HW filter on device eth1 [ 759.298703][ T1171] ovs_ÿþÿþ?: left promiscuous mode [ 759.335679][ T5637] Bluetooth: hci0: command tx timeout [ 760.754801][T26544] bridge0: port 1(bridge_slave_0) entered blocking state [ 760.781288][T26544] bridge0: port 1(bridge_slave_0) entered disabled state [ 760.796532][T26544] bridge_slave_0: entered allmulticast mode [ 760.804817][T26544] bridge_slave_0: entered promiscuous mode [ 760.839715][T26544] bridge0: port 2(bridge_slave_1) entered blocking state [ 760.851495][T26544] bridge0: port 2(bridge_slave_1) entered disabled state [ 760.875790][T26544] bridge_slave_1: entered allmulticast mode [ 760.892271][T26544] bridge_slave_1: entered promiscuous mode [ 760.912200][ T5286] 8021q: adding VLAN 0 to HW filter on device eth2 [ 760.968356][T26544] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 760.982912][T26544] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 761.065830][T26544] team0: Port device team_slave_0 added [ 761.095024][T26544] team0: Port device team_slave_1 added [ 761.154830][T26544] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 761.162003][T26544] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 761.197037][T26544] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 761.223852][T26544] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 761.231716][T26544] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 761.274809][T26544] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 761.360997][T26544] hsr_slave_0: entered promiscuous mode [ 761.370671][T26544] hsr_slave_1: entered promiscuous mode [ 761.377624][T26544] debugfs: 'hsr0' already exists in 'hsr' [ 761.383426][T26544] Cannot create hsr debugfs directory [ 761.416386][ T5637] Bluetooth: hci0: command tx timeout [ 761.847359][ T1171] hsr_slave_0: left promiscuous mode [ 761.860984][ T1171] hsr_slave_1: left promiscuous mode [ 761.867770][ T1171] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 761.875265][ T1171] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 761.887027][ T1171] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 761.894486][ T1171] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 761.910490][ T1171] veth1_macvtap: left promiscuous mode [ 761.916207][ T1171] veth0_macvtap: left promiscuous mode [ 761.921851][ T1171] veth1_vlan: left promiscuous mode [ 761.927926][ T1171] veth0_vlan: left promiscuous mode [ 762.160921][ T1171] team0 (unregistering): Port device team_slave_1 removed [ 762.183997][ T1171] team0 (unregistering): Port device team_slave_0 removed [ 762.303584][ T5286] 8021q: adding VLAN 0 to HW filter on device eth3 [ 763.153706][T26544] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 763.204367][T26544] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 763.246318][T26544] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 763.289329][T26544] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 763.320274][T26544] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 763.343974][T26544] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 763.358297][T26544] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 763.371135][T26544] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 763.490389][T26544] 8021q: adding VLAN 0 to HW filter on device bond0 [ 763.497429][ T5637] Bluetooth: hci0: command tx timeout [ 763.528422][T26544] 8021q: adding VLAN 0 to HW filter on device team0 [ 763.544758][ T14] bridge0: port 1(bridge_slave_0) entered blocking state [ 763.552037][ T14] bridge0: port 1(bridge_slave_0) entered forwarding state [ 763.580855][ T14] bridge0: port 2(bridge_slave_1) entered blocking state [ 763.588128][ T14] bridge0: port 2(bridge_slave_1) entered forwarding state [ 764.251732][T26544] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 764.319488][T26544] veth0_vlan: entered promiscuous mode [ 764.348863][T26544] veth1_vlan: entered promiscuous mode [ 764.394764][T26544] veth0_macvtap: entered promiscuous mode [ 764.408246][T26544] veth1_macvtap: entered promiscuous mode [ 764.435088][T26544] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 764.460897][T26544] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 764.482561][ T48] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 764.523553][ T48] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 764.539415][ T48] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 764.626083][ T1171] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 764.712718][ T48] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 764.731398][ T48] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 764.793867][ T14] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 764.804556][ T14] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 765.575627][ T5637] Bluetooth: hci0: command tx timeout [ 768.215270][ T5637] Bluetooth: hci1: unexpected event 0x3e length: 726 > 260 [ 768.215321][ T5637] Bluetooth: hci1: unexpected subevent 0x06 length: 725 > 10 [ 768.354063][T26767] netlink: 130 bytes leftover after parsing attributes in process `syz.1.8854'. [ 768.619402][T26774] netlink: 'syz.1.8856': attribute type 1 has an invalid length. [ 768.823697][T26784] netlink: 16 bytes leftover after parsing attributes in process `syz.2.8860'. [ 769.121458][T26782] netlink: 350 bytes leftover after parsing attributes in process `syz.3.8859'. [ 769.186316][T26784] netlink: 16 bytes leftover after parsing attributes in process `syz.2.8860'. [ 769.596561][ T5637] Bluetooth: hci3: unexpected event 0x3e length: 726 > 260 [ 769.596605][ T5637] Bluetooth: hci3: unexpected subevent 0x06 length: 725 > 10 [ 770.297293][ T5637] Bluetooth: hci1: command tx timeout [ 771.327330][T26838] netlink: 'syz.2.8879': attribute type 1 has an invalid length. [ 771.658429][ T5637] Bluetooth: hci3: command 0x0406 tx timeout [ 772.183451][T26854] netlink: 40 bytes leftover after parsing attributes in process `syz.1.8892'. [ 772.528661][T26867] netlink: 338 bytes leftover after parsing attributes in process `syz.1.8888'. [ 773.401835][T26885] netlink: 8 bytes leftover after parsing attributes in process `syz.3.8896'. [ 775.884754][T26924] netlink: 'syz.3.8907': attribute type 1 has an invalid length. [ 776.436849][T26932] FAULT_INJECTION: forcing a failure. [ 776.436849][T26932] name failslab, interval 1, probability 0, space 0, times 0 [ 776.450285][T26932] CPU: 1 UID: 0 PID: 26932 Comm: syz.2.8909 Tainted: G L syzkaller #0 PREEMPT(full) [ 776.450334][T26932] Tainted: [L]=SOFTLOCKUP [ 776.450345][T26932] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 776.450364][T26932] Call Trace: [ 776.450374][T26932] [ 776.450384][T26932] dump_stack_lvl+0x100/0x190 [ 776.450424][T26932] should_fail_ex.cold+0x5/0xa [ 776.450458][T26932] should_failslab+0xc2/0x120 [ 776.450495][T26932] __kmalloc_cache_noprof+0x91/0x6c0 [ 776.450542][T26932] ? rcu_is_watching+0x12/0xc0 [ 776.450573][T26932] ? report_access+0x101/0x4d0 [ 776.450692][T26932] report_access+0x101/0x4d0 [ 776.450736][T26932] yama_ptrace_access_check+0x645/0xd00 [ 776.450780][T26932] security_ptrace_access_check+0xe9/0x210 [ 776.450827][T26932] __ptrace_may_access+0x4c1/0xa80 [ 776.450862][T26932] ptrace_may_access+0x2b/0x50 [ 776.450894][T26932] mm_access+0x180/0x2e0 [ 776.450926][T26932] process_vm_rw_core.constprop.0+0x214/0x950 [ 776.450966][T26932] ? __futex_wait+0x256/0x300 [ 776.451004][T26932] ? __pfx___futex_wait+0x10/0x10 [ 776.451038][T26932] ? __pfx_process_vm_rw_core.constprop.0+0x10/0x10 [ 776.451074][T26932] ? iovec_from_user+0xda/0x140 [ 776.451160][T26932] ? iovec_from_user+0xda/0x140 [ 776.451203][T26932] process_vm_rw+0x226/0x2d0 [ 776.451238][T26932] ? futex_wait+0x11e/0x370 [ 776.451275][T26932] ? __pfx_process_vm_rw+0x10/0x10 [ 776.451350][T26932] ? xfd_validate_state+0x129/0x190 [ 776.451389][T26932] __x64_sys_process_vm_writev+0xe2/0x1c0 [ 776.451423][T26932] ? do_syscall_64+0x90/0x840 [ 776.451465][T26932] ? lockdep_hardirqs_on+0x78/0x100 [ 776.451506][T26932] do_syscall_64+0x115/0x840 [ 776.451550][T26932] ? clear_bhb_loop+0x40/0x90 [ 776.451586][T26932] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 776.451616][T26932] RIP: 0033:0x7f4e6499de59 [ 776.451641][T26932] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 776.451669][T26932] RSP: 002b:00007f4e65787028 EFLAGS: 00000246 ORIG_RAX: 0000000000000137 [ 776.451698][T26932] RAX: ffffffffffffffda RBX: 00007f4e64c25fa0 RCX: 00007f4e6499de59 [ 776.451717][T26932] RDX: 0000000000000003 RSI: 0000200000002980 RDI: 0000000000000001 [ 776.451736][T26932] RBP: 00007f4e64a33e6f R08: 0000000000000004 R09: 0000000000000000 [ 776.451754][T26932] R10: 0000200000002a40 R11: 0000000000000246 R12: 0000000000000000 [ 776.451771][T26932] R13: 00007f4e64c26038 R14: 00007f4e64c25fa0 R15: 00007ffe957aaf38 [ 776.451810][T26932] [ 778.344825][T26961] netlink: 'syz.2.8919': attribute type 1 has an invalid length. [ 779.096507][T26977] bridge0: port 1(bond0) entered blocking state [ 779.107737][T26977] bridge0: port 1(bond0) entered disabled state [ 779.119625][T26977] bond0: entered allmulticast mode [ 779.129572][T26977] bond_slave_1: entered allmulticast mode [ 779.147066][T26977] bond0: entered promiscuous mode [ 779.157681][T26977] bond_slave_1: entered promiscuous mode [ 779.170351][T26977] bridge0: port 1(bond0) entered blocking state [ 779.176867][T26977] bridge0: port 1(bond0) entered forwarding state [ 779.220615][T26980] FAULT_INJECTION: forcing a failure. [ 779.220615][T26980] name failslab, interval 1, probability 0, space 0, times 0 [ 779.233643][T26980] CPU: 1 UID: 0 PID: 26980 Comm: syz.0.8926 Tainted: G L syzkaller #0 PREEMPT(full) [ 779.233697][T26980] Tainted: [L]=SOFTLOCKUP [ 779.233710][T26980] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 779.233731][T26980] Call Trace: [ 779.233742][T26980] [ 779.233754][T26980] dump_stack_lvl+0x100/0x190 [ 779.233799][T26980] should_fail_ex.cold+0x5/0xa [ 779.233843][T26980] should_failslab+0xc2/0x120 [ 779.233889][T26980] __kmalloc_cache_noprof+0x91/0x6c0 [ 779.233963][T26980] ? __do_sys_getcwd+0xe5/0x960 [ 779.234085][T26980] __do_sys_getcwd+0xe5/0x960 [ 779.234137][T26980] ? __x64_sys_futex+0x34f/0x4d0 [ 779.234171][T26980] ? __x64_sys_futex+0x358/0x4d0 [ 779.234205][T26980] ? __pfx___do_sys_getcwd+0x10/0x10 [ 779.234252][T26980] ? xfd_validate_state+0x129/0x190 [ 779.234304][T26980] do_syscall_64+0x115/0x840 [ 779.234355][T26980] ? clear_bhb_loop+0x40/0x90 [ 779.234399][T26980] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 779.234435][T26980] RIP: 0033:0x7efdc699de59 [ 779.234464][T26980] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 779.234505][T26980] RSP: 002b:00007efdc77b8028 EFLAGS: 00000246 ORIG_RAX: 000000000000004f [ 779.234537][T26980] RAX: ffffffffffffffda RBX: 00007efdc6c25fa0 RCX: 00007efdc699de59 [ 779.234559][T26980] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000000000000000 [ 779.234581][T26980] RBP: 00007efdc6a33e6f R08: 0000000000000000 R09: 0000000000000000 [ 779.234601][T26980] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 779.234622][T26980] R13: 00007efdc6c26038 R14: 00007efdc6c25fa0 R15: 00007ffd34c588f8 [ 779.234666][T26980] [ 780.863163][T27001] netlink: 'syz.0.8932': attribute type 1 has an invalid length. [ 783.203334][T27044] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8950'. [ 783.558170][T27048] netlink: 74 bytes leftover after parsing attributes in process `syz.2.8951'. [ 785.723967][T27100] netlink: 342 bytes leftover after parsing attributes in process `syz.1.8970'. [ 785.901721][ T29] audit: type=1800 audit(4294967483.630:33): pid=27095 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.8969" name="SYSV00000008" dev="hugetlbfs" ino=0 res=0 errno=0 [ 786.704118][T27118] netlink: 342 bytes leftover after parsing attributes in process `syz.0.8978'. [ 786.756770][T27120] netlink: 334 bytes leftover after parsing attributes in process `syz.2.8979'. [ 787.962130][T27148] netlink: 'syz.1.8989': attribute type 1 has an invalid length. [ 788.078611][T27150] nbd: socks must be embedded in a SOCK_ITEM attr [ 788.097059][T27150] block nbd3: shutting down sockets [ 789.893949][T27184] FAULT_INJECTION: forcing a failure. [ 789.893949][T27184] name failslab, interval 1, probability 0, space 0, times 0 [ 789.949085][T27184] CPU: 1 UID: 0 PID: 27184 Comm: syz.2.9002 Tainted: G L syzkaller #0 PREEMPT(full) [ 789.949138][T27184] Tainted: [L]=SOFTLOCKUP [ 789.949151][T27184] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 789.949171][T27184] Call Trace: [ 789.949182][T27184] [ 789.949194][T27184] dump_stack_lvl+0x100/0x190 [ 789.949238][T27184] should_fail_ex.cold+0x5/0xa [ 789.949276][T27184] should_failslab+0xc2/0x120 [ 789.949320][T27184] __kmalloc_cache_noprof+0x91/0x6c0 [ 789.949386][T27184] ? __do_sys_getcwd+0xe5/0x960 [ 789.949436][T27184] __do_sys_getcwd+0xe5/0x960 [ 789.949486][T27184] ? __x64_sys_futex+0x34f/0x4d0 [ 789.949518][T27184] ? __x64_sys_futex+0x358/0x4d0 [ 789.949553][T27184] ? __pfx___do_sys_getcwd+0x10/0x10 [ 789.949599][T27184] ? __pfx___x64_sys_futex+0x10/0x10 [ 789.949633][T27184] ? __sys_setsockopt+0x139/0x190 [ 789.949681][T27184] do_syscall_64+0x115/0x840 [ 789.949730][T27184] ? clear_bhb_loop+0x40/0x90 [ 789.949771][T27184] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 789.949806][T27184] RIP: 0033:0x7f4e6499de59 [ 789.949834][T27184] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 789.949869][T27184] RSP: 002b:00007f4e62bf6028 EFLAGS: 00000246 ORIG_RAX: 000000000000004f [ 789.949902][T27184] RAX: ffffffffffffffda RBX: 00007f4e64c26090 RCX: 00007f4e6499de59 [ 789.949925][T27184] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000000000000000 [ 789.949945][T27184] RBP: 00007f4e64a33e6f R08: 0000000000000000 R09: 0000000000000000 [ 789.949965][T27184] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 789.949986][T27184] R13: 00007f4e64c26128 R14: 00007f4e64c26090 R15: 00007ffe957aaf38 [ 789.950035][T27184] [ 790.572142][T27193] netlink: 'syz.1.9004': attribute type 1 has an invalid length. [ 790.945421][T27199] netlink: 29 bytes leftover after parsing attributes in process `syz.2.9007'. [ 790.999989][T27199] openvswitch: netlink: IP tunnel dst address not specified [ 791.485840][T27216] netlink: 'syz.0.9015': attribute type 64 has an invalid length. [ 791.525734][T27216] netlink: 74 bytes leftover after parsing attributes in process `syz.0.9015'. [ 792.357339][T27246] netlink: 28 bytes leftover after parsing attributes in process `syz.2.9026'. [ 792.661892][T27253] netlink: 334 bytes leftover after parsing attributes in process `syz.3.9029'. [ 793.042836][T27262] netlink: 342 bytes leftover after parsing attributes in process `syz.2.9034'. [ 793.256116][T27268] netlink: 338 bytes leftover after parsing attributes in process `syz.1.9037'. [ 793.939405][T27291] netlink: 16 bytes leftover after parsing attributes in process `syz.3.9046'. [ 794.048724][T27291] netlink: 16 bytes leftover after parsing attributes in process `syz.3.9046'. [ 794.692956][T27305] netlink: 334 bytes leftover after parsing attributes in process `syz.3.9051'. [ 796.698572][T27351] netlink: 334 bytes leftover after parsing attributes in process `syz.1.9071'. [ 797.207036][T27368] netlink: 16 bytes leftover after parsing attributes in process `syz.0.9076'. [ 797.416104][T27370] netlink: 342 bytes leftover after parsing attributes in process `syz.1.9078'. [ 797.536079][T27375] nbd: socks must be embedded in a SOCK_ITEM attr [ 797.565234][T27375] block nbd3: shutting down sockets [ 797.847276][T27386] netlink: 'syz.0.9083': attribute type 1 has an invalid length. [ 797.875659][T27386] netlink: 326 bytes leftover after parsing attributes in process `syz.0.9083'. [ 798.287678][T27406] FAULT_INJECTION: forcing a failure. [ 798.287678][T27406] name failslab, interval 1, probability 0, space 0, times 0 [ 798.302980][T27406] CPU: 0 UID: 0 PID: 27406 Comm: syz.3.9087 Tainted: G L syzkaller #0 PREEMPT(full) [ 798.303032][T27406] Tainted: [L]=SOFTLOCKUP [ 798.303044][T27406] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 798.303064][T27406] Call Trace: [ 798.303074][T27406] [ 798.303087][T27406] dump_stack_lvl+0x100/0x190 [ 798.303131][T27406] should_fail_ex.cold+0x5/0xa [ 798.303171][T27406] should_failslab+0xc2/0x120 [ 798.303218][T27406] __kmalloc_noprof+0xfc/0x820 [ 798.303252][T27406] ? find_held_lock+0x2b/0x80 [ 798.303291][T27406] ? __might_fault+0xc5/0x140 [ 798.303344][T27406] ? create_ruleset+0x21/0x140 [ 798.303475][T27406] create_ruleset+0x21/0x140 [ 798.303530][T27406] landlock_create_ruleset+0x5c/0x240 [ 798.303566][T27406] __do_sys_landlock_create_ruleset+0x2b0/0x580 [ 798.303623][T27406] ? __pfx___do_sys_landlock_create_ruleset+0x10/0x10 [ 798.303701][T27406] do_syscall_64+0x115/0x840 [ 798.303753][T27406] ? clear_bhb_loop+0x40/0x90 [ 798.303795][T27406] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 798.303833][T27406] RIP: 0033:0x7f7c5a79de59 [ 798.303862][T27406] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 798.303905][T27406] RSP: 002b:00007f7c5b6f9028 EFLAGS: 00000246 ORIG_RAX: 00000000000001bc [ 798.303940][T27406] RAX: ffffffffffffffda RBX: 00007f7c5aa25fa0 RCX: 00007f7c5a79de59 [ 798.303972][T27406] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 0000200000000000 [ 798.303992][T27406] RBP: 00007f7c5a833e6f R08: 0000000000000000 R09: 0000000000000000 [ 798.304013][T27406] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 798.304033][T27406] R13: 00007f7c5aa26038 R14: 00007f7c5aa25fa0 R15: 00007ffe116d7768 [ 798.304078][T27406] [ 798.786645][T27416] openvswitch: netlink: Tunnel attr 0 has unexpected len 0 expected 8 [ 798.806600][T27416] openvswitch: netlink: Tunnel attr 0 has unexpected len 0 expected 8 [ 799.022953][T27427] netlink: 'syz.1.9094': attribute type 27 has an invalid length. [ 799.054284][T27427] netlink: 334 bytes leftover after parsing attributes in process `syz.1.9094'. [ 799.280404][T27434] netlink: 334 bytes leftover after parsing attributes in process `syz.0.9097'. [ 799.590677][T27445] FAULT_INJECTION: forcing a failure. [ 799.590677][T27445] name failslab, interval 1, probability 0, space 0, times 0 [ 799.643775][T27445] CPU: 0 UID: 0 PID: 27445 Comm: syz.0.9100 Tainted: G L syzkaller #0 PREEMPT(full) [ 799.643834][T27445] Tainted: [L]=SOFTLOCKUP [ 799.643847][T27445] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 799.643872][T27445] Call Trace: [ 799.643884][T27445] [ 799.643897][T27445] dump_stack_lvl+0x100/0x190 [ 799.643945][T27445] should_fail_ex.cold+0x5/0xa [ 799.643984][T27445] should_failslab+0xc2/0x120 [ 799.644030][T27445] __kmalloc_noprof+0xfc/0x820 [ 799.644071][T27445] ? afs_proc_addr_prefs_write+0x3da/0x1540 [ 799.644217][T27445] afs_proc_addr_prefs_write+0x3da/0x1540 [ 799.644269][T27445] ? __pfx_afs_proc_addr_prefs_write+0x10/0x10 [ 799.644322][T27445] ? find_held_lock+0x2b/0x80 [ 799.644359][T27445] ? __might_fault+0xc5/0x140 [ 799.644413][T27445] ? __might_fault+0xc5/0x140 [ 799.644487][T27445] ? proc_simple_write+0x10e/0x1a0 [ 799.644558][T27445] proc_simple_write+0x10e/0x1a0 [ 799.644594][T27445] ? __pfx_proc_simple_write+0x10/0x10 [ 799.644630][T27445] proc_reg_write+0x240/0x330 [ 799.644713][T27445] vfs_write+0x2aa/0x1050 [ 799.644766][T27445] ? __pfx_proc_reg_write+0x10/0x10 [ 799.644822][T27445] ? __pfx_vfs_write+0x10/0x10 [ 799.644873][T27445] ? __fget_files+0x215/0x3d0 [ 799.644932][T27445] ? __fget_files+0x21f/0x3d0 [ 799.644996][T27445] ksys_write+0x12a/0x250 [ 799.645047][T27445] ? __pfx_ksys_write+0x10/0x10 [ 799.645110][T27445] do_syscall_64+0x115/0x840 [ 799.645162][T27445] ? clear_bhb_loop+0x40/0x90 [ 799.645205][T27445] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 799.645242][T27445] RIP: 0033:0x7efdc699de59 [ 799.645279][T27445] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 799.645314][T27445] RSP: 002b:00007efdc77b8028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 799.645345][T27445] RAX: ffffffffffffffda RBX: 00007efdc6c25fa0 RCX: 00007efdc699de59 [ 799.645367][T27445] RDX: 0000000000000009 RSI: 0000200000000100 RDI: 0000000000000003 [ 799.645387][T27445] RBP: 00007efdc6a33e6f R08: 0000000000000000 R09: 0000000000000000 [ 799.645408][T27445] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 799.645428][T27445] R13: 00007efdc6c26038 R14: 00007efdc6c25fa0 R15: 00007ffd34c588f8 [ 799.645471][T27445] [ 800.114115][T27456] netlink: 28 bytes leftover after parsing attributes in process `syz.3.9104'. [ 800.312521][T27453] raw_sendmsg: syz.0.9103 forgot to set AF_INET. Fix it! [ 801.838077][T27504] netlink: 314 bytes leftover after parsing attributes in process `syz.0.9119'. [ 806.720797][T27597] netlink: 25 bytes leftover after parsing attributes in process `syz.3.9153'. [ 807.019564][T27606] tipc: Started in network mode [ 807.051543][T27606] tipc: Node identity ee00, cluster identity 4711 [ 807.078212][T27606] tipc: Node number set to 60928 [ 807.351838][T27618] netlink: 334 bytes leftover after parsing attributes in process `syz.0.9167'. [ 807.938574][T27631] netlink: 198 bytes leftover after parsing attributes in process `syz.1.9164'. [ 808.190760][T27636] sd 0:0:1:0: device reset [ 808.777259][ T1316] ieee802154 phy0 wpan0: encryption failed: -22 [ 808.790037][ T1316] ieee802154 phy1 wpan1: encryption failed: -22 [ 808.975182][ T5637] block nbd3: Receive control failed (result -32) [ 809.435221][T27663] FAULT_INJECTION: forcing a failure. [ 809.435221][T27663] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 809.483591][T27663] CPU: 0 UID: 0 PID: 27663 Comm: syz.0.9177 Tainted: G L syzkaller #0 PREEMPT(full) [ 809.483648][T27663] Tainted: [L]=SOFTLOCKUP [ 809.483661][T27663] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 809.483682][T27663] Call Trace: [ 809.483693][T27663] [ 809.483706][T27663] dump_stack_lvl+0x100/0x190 [ 809.483752][T27663] should_fail_ex.cold+0x5/0xa [ 809.483785][T27663] ? prepare_alloc_pages+0x16d/0x5f0 [ 809.483847][T27663] should_fail_alloc_page+0xeb/0x140 [ 809.483900][T27663] prepare_alloc_pages+0x1f0/0x5f0 [ 809.483948][T27663] ? unwind_get_return_address+0x59/0xa0 [ 809.484002][T27663] __alloc_frozen_pages_noprof+0x1af/0x2dc0 [ 809.484076][T27663] ? stack_trace_save+0x8e/0xc0 [ 809.484120][T27663] ? __pfx_stack_trace_save+0x10/0x10 [ 809.484166][T27663] ? kasan_save_track+0x14/0x30 [ 809.484205][T27663] ? stack_depot_save_flags+0x27/0x9d0 [ 809.484252][T27663] ? pte_alloc_one+0x82/0x3d0 [ 809.484298][T27663] ? __pte_alloc+0x6d/0x3e0 [ 809.484335][T27663] ? move_page_tables+0x2ec4/0x4610 [ 809.484390][T27663] ? copy_vma_and_data+0x25c/0x7c0 [ 809.484446][T27663] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 809.484509][T27663] ? kasan_save_stack+0x30/0x50 [ 809.484546][T27663] ? kasan_save_track+0x14/0x30 [ 809.484581][T27663] ? __kasan_slab_alloc+0x89/0x90 [ 809.484619][T27663] ? kmem_cache_alloc_noprof+0x26b/0x6a0 [ 809.484655][T27663] ? __pmd_alloc+0xbf/0x950 [ 809.484698][T27663] ? move_page_tables+0x2f7c/0x4610 [ 809.484752][T27663] ? copy_vma_and_data+0x25c/0x7c0 [ 809.484813][T27663] ? move_vma+0x574/0x1920 [ 809.484865][T27663] ? mremap_to+0x234/0x4c0 [ 809.484893][T27663] ? __do_sys_mremap+0xb3e/0x1850 [ 809.484923][T27663] ? do_syscall_64+0x115/0x840 [ 809.484972][T27663] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 809.485033][T27663] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 809.485084][T27663] ? policy_nodemask+0xed/0x4f0 [ 809.485133][T27663] alloc_pages_mpol+0x1fb/0x540 [ 809.485180][T27663] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 809.485239][T27663] alloc_pages_noprof+0x1a/0x160 [ 809.485291][T27663] pte_alloc_one+0x1c/0x3d0 [ 809.485341][T27663] __pte_alloc+0x6d/0x3e0 [ 809.485381][T27663] ? __pfx___pte_alloc+0x10/0x10 [ 809.485422][T27663] ? _raw_spin_unlock+0x28/0x50 [ 809.485463][T27663] ? __pmd_alloc+0x3fb/0x950 [ 809.485514][T27663] move_page_tables+0x2ec4/0x4610 [ 809.485594][T27663] ? __pfx_move_page_tables+0x10/0x10 [ 809.485668][T27663] ? __lock_acquire+0x49f/0x1a40 [ 809.485721][T27663] ? finish_task_switch.isra.0+0x2c5/0x10c0 [ 809.485787][T27663] copy_vma_and_data+0x25c/0x7c0 [ 809.485857][T27663] ? __pfx_copy_vma_and_data+0x10/0x10 [ 809.485916][T27663] ? mtree_load+0x311/0xa90 [ 809.485976][T27663] ? arch_get_unmapped_area_topdown+0x3e6/0x9b0 [ 809.486031][T27663] ? __pfx_arch_get_unmapped_area_topdown+0x10/0x10 [ 809.486086][T27663] move_vma+0x574/0x1920 [ 809.486149][T27663] ? __pfx_move_vma+0x10/0x10 [ 809.486210][T27663] ? shmem_get_unmapped_area+0x141/0x960 [ 809.486265][T27663] ? cap_mmap_addr+0x4b/0x120 [ 809.486316][T27663] ? bpf_lsm_mmap_addr+0x9/0x30 [ 809.486368][T27663] ? security_mmap_addr+0x71/0x1e0 [ 809.486409][T27663] ? __get_unmapped_area+0x255/0x3e0 [ 809.486460][T27663] ? vrm_set_new_addr+0x204/0x290 [ 809.486520][T27663] mremap_to+0x234/0x4c0 [ 809.486553][T27663] ? __pfx_mremap_to+0x10/0x10 [ 809.486583][T27663] ? check_prep_vma+0x912/0xe60 [ 809.486647][T27663] __do_sys_mremap+0xb3e/0x1850 [ 809.486690][T27663] ? find_held_lock+0x2b/0x80 [ 809.486728][T27663] ? do_writev+0x214/0x340 [ 809.486776][T27663] ? __pfx___do_sys_mremap+0x10/0x10 [ 809.486828][T27663] ? __pfx_do_futex+0x10/0x10 [ 809.486863][T27663] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 809.486919][T27663] ? __fget_files+0x21f/0x3d0 [ 809.486976][T27663] ? __x64_sys_futex+0x34f/0x4d0 [ 809.487036][T27663] do_syscall_64+0x115/0x840 [ 809.487085][T27663] ? clear_bhb_loop+0x40/0x90 [ 809.487128][T27663] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 809.487164][T27663] RIP: 0033:0x7efdc699de59 [ 809.487192][T27663] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 809.487226][T27663] RSP: 002b:00007efdc77b8028 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 809.487259][T27663] RAX: ffffffffffffffda RBX: 00007efdc6c25fa0 RCX: 00007efdc699de59 [ 809.487282][T27663] RDX: 0000000000003fd6 RSI: 000000000000fee0 RDI: 00000000001fc000 [ 809.487303][T27663] RBP: 00007efdc6a33e6f R08: 00000000fffff000 R09: 0000000000000000 [ 809.487324][T27663] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000000 [ 809.487345][T27663] R13: 00007efdc6c26038 R14: 00007efdc6c25fa0 R15: 00007ffd34c588f8 [ 809.487390][T27663] [ 810.541632][T27671] netlink: 350 bytes leftover after parsing attributes in process `syz.0.9180'. [ 811.942797][T27697] netlink: 'syz.0.9187': attribute type 4 has an invalid length. [ 812.958585][T27714] netlink: 86 bytes leftover after parsing attributes in process `syz.2.9195'. [ 813.033817][T27722] netlink: 334 bytes leftover after parsing attributes in process `syz.1.9197'. [ 814.064248][T27740] netlink: 20 bytes leftover after parsing attributes in process `syz.3.9207'. [ 814.992681][T27749] netlink: 146 bytes leftover after parsing attributes in process `syz.0.9210'. [ 816.317378][T27787] netlink: 326 bytes leftover after parsing attributes in process `syz.2.9222'. [ 819.560483][T27853] netlink: 504 bytes leftover after parsing attributes in process `syz.2.9254'. [ 820.769394][T27878] netlink: 342 bytes leftover after parsing attributes in process `syz.1.9255'. [ 820.874373][T27880] skbuff: bad partial csum: csum=65535/1 headroom=4 headlen=65543 [ 821.328783][T27895] vivid-011: ================= START STATUS ================= [ 821.355723][T27895] vivid-011: Radio HW Seek Mode: Bounded [ 821.377791][T27895] vivid-011: Radio Programmable HW Seek: false [ 821.396057][T27895] vivid-011: RDS Rx I/O Mode: Block I/O [ 821.416535][T27895] vivid-011: Generate RBDS Instead of RDS: false [ 821.449646][T27895] vivid-011: RDS Reception: true [ 821.466830][T27895] vivid-011: RDS Program Type: 0 inactive [ 821.473146][T27895] vivid-011: RDS PS Name: inactive [ 821.480728][T27895] vivid-011: RDS Radio Text: inactive [ 821.486585][T27895] vivid-011: RDS Traffic Announcement: false inactive [ 821.493603][T27895] vivid-011: RDS Traffic Program: false inactive [ 821.500509][T27895] vivid-011: RDS Music: false inactive [ 821.509430][T27895] vivid-011: ================== END STATUS ================== [ 822.022026][T27917] netlink: 342 bytes leftover after parsing attributes in process `syz.1.9267'. [ 826.436724][T28023] netlink: 21 bytes leftover after parsing attributes in process `syz.2.9306'. [ 826.598667][T28027] batadv_slave_1: entered promiscuous mode [ 826.616250][T28027] batadv_slave_1: left promiscuous mode [ 827.181300][T28048] netlink: 20 bytes leftover after parsing attributes in process `syz.2.9313'. [ 827.841179][T28055] netlink: 4 bytes leftover after parsing attributes in process `syz.3.9318'. [ 827.858548][T28055] netlink: 13 bytes leftover after parsing attributes in process `syz.3.9318'. [ 827.881468][T28055] netlink: 8 bytes leftover after parsing attributes in process `syz.3.9318'. [ 827.934297][T28057] netlink: 342 bytes leftover after parsing attributes in process `syz.2.9319'. [ 828.141823][T28065] netlink: 25 bytes leftover after parsing attributes in process `syz.2.9322'. [ 829.501752][T28097] netlink: 20 bytes leftover after parsing attributes in process `syz.0.9330'. [ 830.031949][T28102] netlink: 342 bytes leftover after parsing attributes in process `syz.1.9333'. [ 830.042383][T28102] netlink: 342 bytes leftover after parsing attributes in process `syz.1.9333'. [ 831.670782][T28143] batadv_slave_1: entered promiscuous mode [ 831.686699][T28143] batadv_slave_1: left promiscuous mode [ 833.002539][T28181] __nla_validate_parse: 1 callbacks suppressed [ 833.002568][T28181] netlink: 20 bytes leftover after parsing attributes in process `syz.0.9360'. [ 833.330100][T28191] netlink: 'syz.0.9364': attribute type 27 has an invalid length. [ 833.351812][T28191] netlink: 334 bytes leftover after parsing attributes in process `syz.0.9364'. [ 835.393899][T28239] netlink: 28 bytes leftover after parsing attributes in process `syz.1.9380'. [ 836.307095][T28273] netlink: 'syz.1.9394': attribute type 1 has an invalid length. [ 836.339552][T28273] netlink: 33 bytes leftover after parsing attributes in process `syz.1.9394'. [ 836.517135][T28280] netlink: 342 bytes leftover after parsing attributes in process `syz.2.9396'. [ 836.536306][T28280] IPv6: NLM_F_CREATE should be specified when creating new route [ 836.559623][T28280] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 836.568589][T28280] IPv6: NLM_F_CREATE should be set when creating new route [ 836.575944][T28280] IPv6: NLM_F_CREATE should be set when creating new route [ 836.615204][T28284] netlink: 342 bytes leftover after parsing attributes in process `syz.2.9396'. [ 836.635879][T28284] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 838.655246][T28323] netlink: 146 bytes leftover after parsing attributes in process `syz.3.9408'. [ 838.799065][T28321] netlink: 146 bytes leftover after parsing attributes in process `syz.1.9409'. [ 838.909146][T28330] netlink: 330 bytes leftover after parsing attributes in process `syz.0.9412'. [ 838.958097][T28333] netlink: 334 bytes leftover after parsing attributes in process `syz.1.9414'. [ 838.962496][T28334] FAULT_INJECTION: forcing a failure. [ 838.962496][T28334] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 838.982870][T28334] CPU: 0 UID: 0 PID: 28334 Comm: syz.3.9413 Tainted: G L syzkaller #0 PREEMPT(full) [ 838.982915][T28334] Tainted: [L]=SOFTLOCKUP [ 838.982926][T28334] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 838.982943][T28334] Call Trace: [ 838.982951][T28334] [ 838.982962][T28334] dump_stack_lvl+0x100/0x190 [ 838.983000][T28334] should_fail_ex.cold+0x5/0xa [ 838.983032][T28334] _copy_to_iter+0x5a4/0x1720 [ 838.983082][T28334] ? __pfx__copy_to_iter+0x10/0x10 [ 838.983126][T28334] ? __pfx___might_resched+0x10/0x10 [ 838.983170][T28334] ? crng_make_state+0x2b0/0x6c0 [ 838.983224][T28334] get_random_bytes_user+0x17b/0x3d0 [ 838.983269][T28334] ? __pfx_get_random_bytes_user+0x10/0x10 [ 838.983314][T28334] ? rcu_is_watching+0x12/0xc0 [ 838.983343][T28334] ? trace_kmalloc+0xeb/0x110 [ 838.983394][T28334] do_iter_readv_writev+0x616/0x930 [ 838.983440][T28334] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 838.983490][T28334] ? bpf_lsm_file_permission+0x9/0x10 [ 838.983536][T28334] ? security_file_permission+0x76/0x210 [ 838.983582][T28334] ? rw_verify_area+0xce/0x6d0 [ 838.983623][T28334] vfs_readv+0x4d3/0x8d0 [ 838.983668][T28334] ? __pfx_vfs_readv+0x10/0x10 [ 838.983743][T28334] ? __fget_files+0x21f/0x3d0 [ 838.983800][T28334] ? do_readv+0x13e/0x340 [ 838.983837][T28334] do_readv+0x13e/0x340 [ 838.983875][T28334] ? __pfx_do_readv+0x10/0x10 [ 838.983931][T28334] do_syscall_64+0x115/0x840 [ 838.983976][T28334] ? clear_bhb_loop+0x40/0x90 [ 838.984012][T28334] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 838.984041][T28334] RIP: 0033:0x7f7c5a79de59 [ 838.984064][T28334] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 838.984095][T28334] RSP: 002b:00007f7c5b6f9028 EFLAGS: 00000246 ORIG_RAX: 0000000000000013 [ 838.984124][T28334] RAX: ffffffffffffffda RBX: 00007f7c5aa25fa0 RCX: 00007f7c5a79de59 [ 838.984143][T28334] RDX: 00000000000000c8 RSI: 0000200000001200 RDI: 0000000000000005 [ 838.984161][T28334] RBP: 00007f7c5a833e6f R08: 0000000000000000 R09: 0000000000000000 [ 838.984180][T28334] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 838.984200][T28334] R13: 00007f7c5aa26038 R14: 00007f7c5aa25fa0 R15: 00007ffe116d7768 [ 838.984238][T28334] [ 839.227430][T28336] netlink: 330 bytes leftover after parsing attributes in process `syz.0.9415'. [ 839.898274][T28366] netlink: 342 bytes leftover after parsing attributes in process `syz.2.9429'. [ 840.338422][T28372] netlink: 28 bytes leftover after parsing attributes in process `syz.1.9431'. [ 840.366217][T28372] bridge0: port 1(bond0) entered disabled state [ 840.372995][T28372] bridge0: port 2(bridge_slave_1) entered disabled state [ 840.386459][T28372] bridge0: entered promiscuous mode [ 840.569889][T28380] netlink: 342 bytes leftover after parsing attributes in process `syz.3.9433'. [ 840.962744][T28397] netlink: 342 bytes leftover after parsing attributes in process `syz.2.9439'. [ 841.237589][T28407] netlink: 'syz.0.9442': attribute type 1 has an invalid length. [ 841.247590][T28407] netlink: 33 bytes leftover after parsing attributes in process `syz.0.9442'. [ 842.744201][T28448] netlink: 'syz.3.9453': attribute type 1 has an invalid length. [ 846.162517][T28519] __nla_validate_parse: 6 callbacks suppressed [ 846.162544][T28519] netlink: 28 bytes leftover after parsing attributes in process `syz.3.9484'. [ 846.217967][T28519] bridge0: port 2(bridge_slave_1) entered disabled state [ 846.227856][T28519] bridge0: port 1(bridge_slave_0) entered disabled state [ 846.265835][T28519] bridge0: entered promiscuous mode [ 846.703657][T28534] FAULT_INJECTION: forcing a failure. [ 846.703657][T28534] name failslab, interval 1, probability 0, space 0, times 0 [ 846.747185][T28534] CPU: 0 UID: 0 PID: 28534 Comm: syz.2.9488 Tainted: G L syzkaller #0 PREEMPT(full) [ 846.747234][T28534] Tainted: [L]=SOFTLOCKUP [ 846.747244][T28534] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 846.747262][T28534] Call Trace: [ 846.747271][T28534] [ 846.747282][T28534] dump_stack_lvl+0x100/0x190 [ 846.747335][T28534] should_fail_ex.cold+0x5/0xa [ 846.747368][T28534] should_failslab+0xc2/0x120 [ 846.747406][T28534] kmem_cache_alloc_lru_noprof+0x8d/0x6a0 [ 846.747440][T28534] ? alloc_inode+0x183/0x250 [ 846.747479][T28534] alloc_inode+0x183/0x250 [ 846.747511][T28534] alloc_anon_inode+0x2a/0x3e0 [ 846.747559][T28534] anon_inode_make_secure_inode+0x2f/0x140 [ 846.747596][T28534] __anon_inode_getfile+0x1cf/0x280 [ 846.747627][T28534] ? _copy_to_user+0xaf/0xd0 [ 846.747665][T28534] io_uring_setup.cold+0x1928/0x1c2e [ 846.747712][T28534] ? __pfx_io_uring_setup+0x10/0x10 [ 846.747863][T28534] ? __pfx_do_futex+0x10/0x10 [ 846.747908][T28534] ? xfd_validate_state+0x129/0x190 [ 846.747948][T28534] __x64_sys_io_uring_setup+0xc2/0x170 [ 846.747993][T28534] do_syscall_64+0x115/0x840 [ 846.748036][T28534] ? clear_bhb_loop+0x40/0x90 [ 846.748076][T28534] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 846.748112][T28534] RIP: 0033:0x7f4e6499de59 [ 846.748139][T28534] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 846.748169][T28534] RSP: 002b:00007f4e65787028 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 846.748198][T28534] RAX: ffffffffffffffda RBX: 00007f4e64c25fa0 RCX: 00007f4e6499de59 [ 846.748217][T28534] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000fa3 [ 846.748233][T28534] RBP: 00007f4e64a33e6f R08: 0000000000000000 R09: 0000000000000000 [ 846.748250][T28534] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 846.748267][T28534] R13: 00007f4e64c26038 R14: 00007f4e64c25fa0 R15: 00007ffe957aaf38 [ 846.748303][T28534] [ 847.606451][T28552] netlink: 28 bytes leftover after parsing attributes in process `syz.0.9495'. [ 847.616808][T28552] bridge0: port 2(bridge_slave_1) entered disabled state [ 847.624372][T28552] bridge0: port 1(bridge_slave_0) entered disabled state [ 847.632582][T28552] bridge0: entered promiscuous mode [ 848.316608][T28557] netlink: 4 bytes leftover after parsing attributes in process `syz.3.9497'. [ 848.327421][T28557] netlink: 17 bytes leftover after parsing attributes in process `syz.3.9497'. [ 848.349727][T28559] netlink: 342 bytes leftover after parsing attributes in process `syz.1.9498'. [ 848.710553][T28570] MTRR 2 not used [ 848.793119][T28573] netlink: 74 bytes leftover after parsing attributes in process `syz.3.9505'. [ 848.928629][T28584] netlink: 354 bytes leftover after parsing attributes in process `syz.3.9511'. [ 849.989997][T28622] netlink: 86 bytes leftover after parsing attributes in process `syz.0.9524'. [ 850.491892][T28632] netlink: 334 bytes leftover after parsing attributes in process `syz.0.9528'. [ 850.818661][T28641] netlink: 'syz.0.9531': attribute type 29 has an invalid length. [ 850.833500][T28641] netlink: 334 bytes leftover after parsing attributes in process `syz.0.9531'. [ 851.293273][T28661] __nla_validate_parse: 3 callbacks suppressed [ 851.293296][T28661] netlink: 342 bytes leftover after parsing attributes in process `syz.0.9541'. [ 851.780176][T28674] netlink: 334 bytes leftover after parsing attributes in process `syz.0.9545'. [ 853.167015][T28706] smpboot: CPU 1 is now offline [ 854.120461][T28722] netlink: 342 bytes leftover after parsing attributes in process `syz.0.9565'. [ 855.263814][T28757] netlink: 'syz.2.9576': attribute type 19 has an invalid length. [ 855.294892][T28758] netlink: 334 bytes leftover after parsing attributes in process `syz.3.9577'. [ 855.312870][T28753] netlink: 318 bytes leftover after parsing attributes in process `syz.1.9575'. [ 855.327731][T28757] netlink: 334 bytes leftover after parsing attributes in process `syz.2.9576'. [ 856.148066][T28774] netlink: 28 bytes leftover after parsing attributes in process `syz.1.9583'. [ 856.942736][ T5637] Bluetooth: hci1: command 0x0406 tx timeout [ 857.855026][T28813] netlink: 'syz.0.9596': attribute type 22 has an invalid length. [ 857.895163][T28813] netlink: 330 bytes leftover after parsing attributes in process `syz.0.9596'. [ 858.004474][T28816] sctp: [Deprecated]: syz.3.9597 (pid 28816) Use of struct sctp_assoc_value in delayed_ack socket option. [ 858.004474][T28816] Use struct sctp_sack_info instead [ 858.243127][T28821] netlink: 342 bytes leftover after parsing attributes in process `syz.0.9599'. [ 859.242445][T28840] netlink: 334 bytes leftover after parsing attributes in process `syz.2.9615'. [ 859.284070][T28842] netlink: 'syz.0.9613': attribute type 4 has an invalid length. [ 859.764888][T28855] netlink: 28 bytes leftover after parsing attributes in process `syz.0.9609'. [ 860.554634][T28865] netlink: 330 bytes leftover after parsing attributes in process `syz.3.9616'. [ 863.662451][T28936] netlink: 'syz.3.9637': attribute type 19 has an invalid length. [ 863.717835][T28936] netlink: 334 bytes leftover after parsing attributes in process `syz.3.9637'. [ 864.039788][T28943] netlink: 342 bytes leftover after parsing attributes in process `syz.3.9639'. [ 864.799182][T28967] netlink: 'syz.2.9643': attribute type 19 has an invalid length. [ 864.852430][T28967] netlink: 334 bytes leftover after parsing attributes in process `syz.2.9643'. [ 865.013740][T28972] netlink: 334 bytes leftover after parsing attributes in process `syz.0.9645'. [ 868.103511][T29034] netlink: 'syz.3.9666': attribute type 4 has an invalid length. [ 868.825342][T29016] kexec: Could not allocate control_code_buffer [ 868.938739][ T1316] ieee802154 phy0 wpan0: encryption failed: -22 [ 868.950289][ T1316] ieee802154 phy1 wpan1: encryption failed: -22 [ 869.662155][ T29] audit: type=1800 audit(4294967567.390:34): pid=29064 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.9677" name="file0" dev="tmpfs" ino=1306 res=0 errno=0 [ 869.814799][T29065] netlink: 146 bytes leftover after parsing attributes in process `syz.2.9678'. [ 873.429654][T29129] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 873.487333][T29131] netlink: 4 bytes leftover after parsing attributes in process `syz.0.9700'. [ 873.527295][T29131] netlink: 25 bytes leftover after parsing attributes in process `syz.0.9700'. [ 874.155152][T29148] netlink: 342 bytes leftover after parsing attributes in process `syz.0.9708'. [ 874.675555][ T29] audit: type=1800 audit(4294967572.400:35): pid=29158 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.9711" name="file0" dev="tmpfs" ino=1213 res=0 errno=0 [ 875.221245][T29165] netlink: 'syz.1.9713': attribute type 19 has an invalid length. [ 875.259233][T29165] netlink: 334 bytes leftover after parsing attributes in process `syz.1.9713'. [ 878.468549][T29221] netlink: 330 bytes leftover after parsing attributes in process `syz.3.9730'. [ 878.657863][T29226] netlink: 222 bytes leftover after parsing attributes in process `syz.3.9733'. [ 879.280974][T29240] netlink: 342 bytes leftover after parsing attributes in process `syz.2.9738'. [ 882.359490][T29296] netlink: 16 bytes leftover after parsing attributes in process `syz.0.9754'. [ 882.538775][ T5637] Bluetooth: hci0: command 0x0406 tx timeout [ 882.758887][T29302] netlink: 'syz.3.9756': attribute type 4 has an invalid length. [ 882.804066][T29302] netlink: 'syz.3.9756': attribute type 4 has an invalid length. [ 883.808581][T29299] kexec: Could not allocate control_code_buffer [ 883.923148][T29309] netlink: 346 bytes leftover after parsing attributes in process `syz.3.9760'. [ 886.508940][T29370] : renamed from bond0 (while UP) [ 886.993973][T29383] netlink: 334 bytes leftover after parsing attributes in process `syz.1.9790'. [ 887.455274][T29394] netlink: 334 bytes leftover after parsing attributes in process `syz.2.9794'. [ 887.931877][T29402] netlink: 342 bytes leftover after parsing attributes in process `syz.3.9797'. [ 889.670451][T29433] FAULT_INJECTION: forcing a failure. [ 889.670451][T29433] name failslab, interval 1, probability 0, space 0, times 0 [ 889.755088][T29433] CPU: 0 UID: 0 PID: 29433 Comm: syz.3.9810 Tainted: G L syzkaller #0 PREEMPT(full) [ 889.755130][T29433] Tainted: [L]=SOFTLOCKUP [ 889.755137][T29433] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 889.755152][T29433] Call Trace: [ 889.755160][T29433] [ 889.755168][T29433] dump_stack_lvl+0x100/0x190 [ 889.755199][T29433] should_fail_ex.cold+0x5/0xa [ 889.755236][T29433] should_failslab+0xc2/0x120 [ 889.755264][T29433] kmem_cache_alloc_noprof+0x91/0x6a0 [ 889.755293][T29433] ? __pfx_map_id_range_down+0x10/0x10 [ 889.755321][T29433] ? rcu_is_watching+0x12/0xc0 [ 889.755344][T29433] ? security_inode_alloc+0x3b/0x2c0 [ 889.755385][T29433] security_inode_alloc+0x3b/0x2c0 [ 889.755422][T29433] inode_init_always_gfp+0xc77/0xfb0 [ 889.755459][T29433] alloc_inode+0x8e/0x250 [ 889.755484][T29433] new_inode+0x22/0x1c0 [ 889.755511][T29433] shmem_get_inode+0x1e3/0xf70 [ 889.755542][T29433] ? __pfx_shmem_get_inode+0x10/0x10 [ 889.755577][T29433] shmem_tmpfile+0xc1/0x210 [ 889.755604][T29433] ? d_alloc+0x176/0x1e0 [ 889.755623][T29433] ? __pfx_shmem_tmpfile+0x10/0x10 [ 889.755651][T29433] ? do_raw_spin_unlock+0x145/0x1e0 [ 889.755673][T29433] ? _raw_spin_unlock+0x28/0x50 [ 889.755703][T29433] vfs_tmpfile+0x2be/0x9a0 [ 889.755742][T29433] path_openat+0x10b6/0x4280 [ 889.755794][T29433] ? kasan_save_track+0x14/0x30 [ 889.755818][T29433] ? __kasan_slab_alloc+0x89/0x90 [ 889.755844][T29433] ? kmem_cache_alloc_noprof+0x26b/0x6a0 [ 889.755869][T29433] ? do_sys_openat2+0xc7/0x1e0 [ 889.755894][T29433] ? __x64_sys_open+0xfe/0x1d0 [ 889.755919][T29433] ? do_syscall_64+0x115/0x840 [ 889.755960][T29433] ? __pfx_path_openat+0x10/0x10 [ 889.756005][T29433] do_file_open+0x20e/0x430 [ 889.756039][T29433] ? __lock_acquire+0x49f/0x1a40 [ 889.756075][T29433] ? __pfx_do_file_open+0x10/0x10 [ 889.756130][T29433] ? _raw_spin_unlock+0x28/0x50 [ 889.756158][T29433] ? alloc_fd+0x471/0x7a0 [ 889.756200][T29433] do_sys_openat2+0x10f/0x1e0 [ 889.756227][T29433] ? __pfx_do_sys_openat2+0x10/0x10 [ 889.756252][T29433] ? count_memcg_events_mm.constprop.0+0xfa/0x2a0 [ 889.756325][T29433] __x64_sys_open+0xfe/0x1d0 [ 889.756354][T29433] ? __pfx___x64_sys_open+0x10/0x10 [ 889.756394][T29433] do_syscall_64+0x115/0x840 [ 889.756428][T29433] ? clear_bhb_loop+0x40/0x90 [ 889.756457][T29433] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 889.756482][T29433] RIP: 0033:0x7f7c5a79de59 [ 889.756502][T29433] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 889.756525][T29433] RSP: 002b:00007f7c5b6d8028 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 889.756548][T29433] RAX: ffffffffffffffda RBX: 00007f7c5aa26090 RCX: 00007f7c5a79de59 [ 889.756564][T29433] RDX: 0000000000000408 RSI: 0000000000595002 RDI: 0000200000000100 [ 889.756579][T29433] RBP: 00007f7c5a833e6f R08: 0000000000000000 R09: 0000000000000000 [ 889.756594][T29433] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 889.756608][T29433] R13: 00007f7c5aa26128 R14: 00007f7c5aa26090 R15: 00007ffe116d7768 [ 889.756638][T29433] [ 892.570085][T29481] netlink: 16 bytes leftover after parsing attributes in process `syz.1.9826'. [ 892.590902][T29483] netlink: 146 bytes leftover after parsing attributes in process `syz.2.9827'. [ 893.572484][T29513] : renamed from team0 [ 893.624188][T29516] netlink: 110 bytes leftover after parsing attributes in process `syz.0.9837'. [ 894.977015][T29548] netlink: 334 bytes leftover after parsing attributes in process `syz.2.9848'. [ 895.675357][T29567] netlink: 334 bytes leftover after parsing attributes in process `syz.0.9852'. [ 895.724937][T29570] netlink: 342 bytes leftover after parsing attributes in process `syz.1.9853'. [ 896.073493][T29574] netlink: 350 bytes leftover after parsing attributes in process `syz.3.9855'. [ 897.125904][T29596] netlink: 146 bytes leftover after parsing attributes in process `syz.1.9865'. [ 899.454826][T29651] netlink: 36 bytes leftover after parsing attributes in process `syz.1.9884'. [ 900.254227][T29666] netlink: 330 bytes leftover after parsing attributes in process `syz.0.9889'. [ 900.537962][T29675] netlink: 342 bytes leftover after parsing attributes in process `syz.1.9893'. [ 900.720994][T29678] dmxdev: DVB (dvb_dmxdev_filter_start): could not set feed [ 900.851475][T29678] dvb_demux: dvb_demux_feed_del: feed not in list (type=1 state=0 pid=ffff) [ 905.847784][T29742] netlink: 16 bytes leftover after parsing attributes in process `syz.3.9917'. [ 905.904626][T29742] netlink: 16 bytes leftover after parsing attributes in process `syz.3.9917'. [ 906.133625][T29747] netlink: 334 bytes leftover after parsing attributes in process `syz.2.9919'. [ 906.380969][T29745] netlink: 28 bytes leftover after parsing attributes in process `syz.0.9918'. [ 908.377967][T29783] netlink: 342 bytes leftover after parsing attributes in process `syz.2.9931'. [ 910.369576][T29820] netlink: 322 bytes leftover after parsing attributes in process `syz.3.9945'. [ 912.061634][T29855] netlink: 'syz.1.9956': attribute type 4 has an invalid length. [ 912.113784][T29855] netlink: 314 bytes leftover after parsing attributes in process `syz.1.9956'. [ 912.480875][T29864] netlink: 346 bytes leftover after parsing attributes in process `syz.1.9960'. [ 916.099220][T29952] netlink: 334 bytes leftover after parsing attributes in process `syz.3.9997'. [ 916.208997][T29956] [U]  [ 916.212099][T29956] [U] [ 916.214840][T29956] [U] [ 916.217553][T29956] [U] [ 916.289538][T29956] [U] [ 916.292286][T29956] [U] [ 916.294992][T29956] [U] [ 916.297698][T29956] [U] [ 916.347097][T29956] [U] [ 916.349854][T29956] [U] [ 916.352563][T29956] [U] [ 916.355266][T29956] [U] [ 916.403551][T29956] [U] [ 916.406305][T29956] [U] [ 916.409042][T29956] [U] [ 916.411763][T29956] [U] [ 916.453708][T29956] [U] [ 916.456478][T29956] [U] [ 916.459186][T29956] [U] [ 916.461889][T29956] [U] [ 916.508138][T29956] [U] [ 916.510890][T29956] [U] [ 916.513607][T29956] [U] [ 916.516322][T29956] [U] [ 916.554196][T29956] [U] [ 916.556960][T29956] [U] [ 916.559679][T29956] [U] [ 916.562404][T29956] [U] [ 916.609253][T29956] [U] [ 916.612010][T29956] [U] [ 916.614718][T29956] [U] [ 916.617427][T29956] [U] [ 916.660770][T29956] [U] [ 916.663522][T29956] [U] [ 916.666231][T29956] [U] [ 916.668937][T29956] [U] [ 916.711781][T29956] [U] [ 916.714533][T29956] [U] [ 916.717244][T29956] [U] [ 916.719977][T29956] [U] [ 916.761500][T29956] [U] [ 916.764232][T29956] [U] [ 916.766940][T29956] [U] [ 916.769648][T29956] [U] [ 916.814358][T29956] [U] [ 916.817111][T29956] [U] [ 916.819819][T29956] [U] [ 916.822525][T29956] [U] [ 916.863258][T29956] [U] [ 916.866015][T29956] [U] [ 916.868724][T29956] [U] [ 916.871435][T29956] [U] [ 916.911041][T29956] [U] [ 916.913792][T29956] [U] [ 916.916498][T29956] [U] [ 916.919208][T29956] [U] [ 916.969778][T29956] [U] [ 916.972553][T29956] [U] [ 916.975265][T29956] [U] [ 916.977994][T29956] [U] [ 917.040363][T29956] [U] [ 917.287422][T29973] netlink: 28 bytes leftover after parsing attributes in process `syz.2.10004'. [ 917.339492][T29973] veth1_macvtap: left promiscuous mode [ 917.375251][T29973] macsec0: entered promiscuous mode [ 917.398934][T29973] macsec0: entered allmulticast mode [ 917.910434][T29960] kexec: Could not allocate control_code_buffer [ 918.007070][T29989] netlink: 338 bytes leftover after parsing attributes in process `syz.1.10011'. [ 918.304654][T29991] netlink: 28 bytes leftover after parsing attributes in process `syz.3.10012'. [ 918.340481][T30000] netlink: 130 bytes leftover after parsing attributes in process `syz.1.10016'. [ 918.355224][T30001] netlink: 'syz.0.10015': attribute type 27 has an invalid length. [ 918.365310][T30001] netlink: 334 bytes leftover after parsing attributes in process `syz.0.10015'. [ 918.524934][T30003] netlink: 'syz.1.10025': attribute type 4 has an invalid length. [ 918.601913][T30007] netlink: 322 bytes leftover after parsing attributes in process `syz.1.10018'. [ 918.742410][T30011] netlink: 'syz.1.10019': attribute type 1 has an invalid length. [ 919.274515][T30026] netlink: 4 bytes leftover after parsing attributes in process `syz.3.10026'. [ 919.295097][T30026] netlink: 'syz.3.10026': attribute type 7 has an invalid length. [ 919.425094][T30030] netlink: 330 bytes leftover after parsing attributes in process `syz.0.10035'. [ 920.014940][T30044] netlink: 8 bytes leftover after parsing attributes in process `syz.3.10031'. [ 920.253767][T30052] netlink: 334 bytes leftover after parsing attributes in process `syz.2.10034'. [ 920.694560][T30064] FAULT_INJECTION: forcing a failure. [ 920.694560][T30064] name failslab, interval 1, probability 0, space 0, times 0 [ 920.727512][T30064] CPU: 0 UID: 0 PID: 30064 Comm: syz.2.10039 Tainted: G L syzkaller #0 PREEMPT(full) [ 920.727556][T30064] Tainted: [L]=SOFTLOCKUP [ 920.727565][T30064] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 920.727580][T30064] Call Trace: [ 920.727588][T30064] [ 920.727597][T30064] dump_stack_lvl+0x100/0x190 [ 920.727627][T30064] should_fail_ex.cold+0x5/0xa [ 920.727657][T30064] should_failslab+0xc2/0x120 [ 920.727688][T30064] __kmalloc_noprof+0xfc/0x820 [ 920.727715][T30064] ? sk_prot_alloc+0x10b/0x2a0 [ 920.727753][T30064] sk_prot_alloc+0x10b/0x2a0 [ 920.727786][T30064] sk_alloc+0x36/0xe80 [ 920.727811][T30064] __netlink_create+0x5e/0x2c0 [ 920.727868][T30064] ? __wake_up+0x3f/0x60 [ 920.727899][T30064] netlink_create+0x29b/0x610 [ 920.727928][T30064] ? __pfx_genl_bind+0x10/0x10 [ 920.727964][T30064] ? __pfx_genl_unbind+0x10/0x10 [ 920.728074][T30064] ? __pfx_genl_release+0x10/0x10 [ 920.728117][T30064] __sock_create+0x339/0x860 [ 920.728158][T30064] __sys_socket+0x14d/0x260 [ 920.728194][T30064] ? __pfx___sys_socket+0x10/0x10 [ 920.728237][T30064] __x64_sys_socket+0x72/0xb0 [ 920.728270][T30064] ? lockdep_hardirqs_on+0x78/0x100 [ 920.728305][T30064] do_syscall_64+0x115/0x840 [ 920.728349][T30064] ? clear_bhb_loop+0x40/0x90 [ 920.728379][T30064] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 920.728404][T30064] RIP: 0033:0x7f4e6499de59 [ 920.728425][T30064] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 920.728448][T30064] RSP: 002b:00007f4e65787028 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 920.728472][T30064] RAX: ffffffffffffffda RBX: 00007f4e64c25fa0 RCX: 00007f4e6499de59 [ 920.728488][T30064] RDX: 0000000000000010 RSI: 0000000000000003 RDI: 0000000000000010 [ 920.728503][T30064] RBP: 00007f4e64a33e6f R08: 0000000000000000 R09: 0000000000000000 [ 920.728521][T30064] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 920.728535][T30064] R13: 00007f4e64c26038 R14: 00007f4e64c25fa0 R15: 00007ffe957aaf38 [ 920.728566][T30064] [ 922.553504][T30087] netlink: 346 bytes leftover after parsing attributes in process `syz.0.10044'. [ 923.643429][T30106] netlink: 342 bytes leftover after parsing attributes in process `syz.0.10052'. [ 924.720124][T30131] netlink: 28 bytes leftover after parsing attributes in process `syz.0.10060'. [ 924.747997][T30131] veth1_macvtap: left promiscuous mode [ 924.766708][T30131] macsec0: entered promiscuous mode [ 924.783293][T30131] macsec0: entered allmulticast mode [ 925.019159][T30136] netlink: 4 bytes leftover after parsing attributes in process `syz.0.10061'. [ 925.063730][T30136] netlink: 25 bytes leftover after parsing attributes in process `syz.0.10061'. [ 925.117649][T30138] netlink: 330 bytes leftover after parsing attributes in process `syz.3.10062'. [ 927.574546][T30176] ovs_: entered promiscuous mode [ 927.832218][T30187] FAULT_INJECTION: forcing a failure. [ 927.832218][T30187] name failslab, interval 1, probability 0, space 0, times 0 [ 927.890768][T30187] CPU: 0 UID: 0 PID: 30187 Comm: syz.3.10079 Tainted: G L syzkaller #0 PREEMPT(full) [ 927.890807][T30187] Tainted: [L]=SOFTLOCKUP [ 927.890816][T30187] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 927.890831][T30187] Call Trace: [ 927.890839][T30187] [ 927.890848][T30187] dump_stack_lvl+0x100/0x190 [ 927.890882][T30187] should_fail_ex.cold+0x5/0xa [ 927.890909][T30187] should_failslab+0xc2/0x120 [ 927.890940][T30187] kmem_cache_alloc_noprof+0x91/0x6a0 [ 927.890965][T30187] ? rcu_is_watching+0x12/0xc0 [ 927.890992][T30187] ? anon_vma_clone+0x2ba/0xcd0 [ 927.891030][T30187] anon_vma_clone+0x2ba/0xcd0 [ 927.891072][T30187] copy_vma+0x6ed/0xac0 [ 927.891099][T30187] ? __pfx_copy_vma+0x10/0x10 [ 927.891155][T30187] copy_vma_and_data+0x1cf/0x7c0 [ 927.891198][T30187] ? __pfx_copy_vma_and_data+0x10/0x10 [ 927.891251][T30187] ? __vma_start_write+0x17f/0x280 [ 927.891292][T30187] ? __pfx___vma_start_write+0x10/0x10 [ 927.891336][T30187] move_vma+0x574/0x1920 [ 927.891380][T30187] ? __pfx_move_vma+0x10/0x10 [ 927.891422][T30187] ? mm_get_unmapped_area_vmflags+0xd7/0x130 [ 927.891455][T30187] ? cap_mmap_addr+0x4b/0x120 [ 927.891492][T30187] ? bpf_lsm_mmap_addr+0x9/0x30 [ 927.891528][T30187] ? security_mmap_addr+0x71/0x1e0 [ 927.891557][T30187] ? __get_unmapped_area+0x255/0x3e0 [ 927.891591][T30187] ? vrm_set_new_addr+0x204/0x290 [ 927.891633][T30187] mremap_to+0x234/0x4c0 [ 927.891653][T30187] ? mas_walk+0x6ef/0x9b0 [ 927.891688][T30187] ? __pfx_mremap_to+0x10/0x10 [ 927.891709][T30187] ? check_prep_vma+0x912/0xe60 [ 927.891754][T30187] __do_sys_mremap+0x88c/0x1850 [ 927.891786][T30187] ? __pfx___do_sys_mremap+0x10/0x10 [ 927.891817][T30187] ? __pfx_do_futex+0x10/0x10 [ 927.891849][T30187] ? __x64_sys_futex+0x34f/0x4d0 [ 927.891889][T30187] do_syscall_64+0x115/0x840 [ 927.891923][T30187] ? clear_bhb_loop+0x40/0x90 [ 927.891953][T30187] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 927.891978][T30187] RIP: 0033:0x7f7c5a79de59 [ 927.891997][T30187] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 927.892021][T30187] RSP: 002b:00007f7c5b6d8028 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 927.892044][T30187] RAX: ffffffffffffffda RBX: 00007f7c5aa26090 RCX: 00007f7c5a79de59 [ 927.892060][T30187] RDX: 0000000000000004 RSI: 0000000000000004 RDI: 0000200000000000 [ 927.892075][T30187] RBP: 00007f7c5a833e6f R08: 0000000100000000 R09: 0000000000000000 [ 927.892090][T30187] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000000 [ 927.892105][T30187] R13: 00007f7c5aa26128 R14: 00007f7c5aa26090 R15: 00007ffe116d7768 [ 927.892135][T30187] [ 928.745199][T30190] netlink: 21 bytes leftover after parsing attributes in process `syz.0.10080'. [ 929.842222][T30218] netlink: 334 bytes leftover after parsing attributes in process `syz.1.10090'. [ 929.940368][T30219] netlink: 334 bytes leftover after parsing attributes in process `syz.1.10090'. [ 931.661519][ T1316] ieee802154 phy0 wpan0: encryption failed: -22 [ 931.670226][ T1316] ieee802154 phy1 wpan1: encryption failed: -22 [ 932.913423][T30268] netlink: 334 bytes leftover after parsing attributes in process `syz.3.10109'. [ 934.195849][T30299] netlink: 322 bytes leftover after parsing attributes in process `syz.2.10121'. [ 934.728598][T30315] netlink: 'syz.0.10127': attribute type 27 has an invalid length. [ 934.773584][T30315] netlink: 334 bytes leftover after parsing attributes in process `syz.0.10127'. [ 935.180694][T30329] netlink: 74 bytes leftover after parsing attributes in process `syz.0.10130'. [ 936.099979][T30353] netlink: 342 bytes leftover after parsing attributes in process `syz.0.10141'. [ 936.234104][T30357] netlink: 334 bytes leftover after parsing attributes in process `syz.0.10143'. [ 936.344259][T30359] netlink: 334 bytes leftover after parsing attributes in process `syz.3.10144'. [ 936.746048][T30362] netlink: 'syz.0.10153': attribute type 21 has an invalid length. [ 936.783050][T30362] netlink: 334 bytes leftover after parsing attributes in process `syz.0.10153'. [ 937.503838][T30383] netlink: 146 bytes leftover after parsing attributes in process `syz.0.10151'. [ 938.332718][T30403] netlink: 28 bytes leftover after parsing attributes in process `syz.3.10159'. [ 938.404063][T30403] team0: Port device team_slave_1 removed [ 939.387232][T30429] netlink: 334 bytes leftover after parsing attributes in process `syz.2.10169'. [ 939.435011][T30429] netlink: 334 bytes leftover after parsing attributes in process `syz.2.10169'. [ 939.705376][T30436] netlink: 334 bytes leftover after parsing attributes in process `syz.2.10172'. [ 940.003853][T30444] netlink: 'syz.0.10177': attribute type 4 has an invalid length. [ 940.045008][T30444] netlink: 314 bytes leftover after parsing attributes in process `syz.0.10177'. [ 940.328593][T30457] netlink: 342 bytes leftover after parsing attributes in process `syz.0.10181'. [ 940.461128][T30460] netlink: 'syz.3.10182': attribute type 16 has an invalid length. [ 940.505291][T30460] netlink: 306 bytes leftover after parsing attributes in process `syz.3.10182'. [ 941.279383][T30477] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 943.507051][T30533] netlink: 338 bytes leftover after parsing attributes in process `syz.3.10209'. [ 944.236861][T30554] netlink: 198 bytes leftover after parsing attributes in process `syz.2.10220'. [ 945.181950][T30578] FAULT_INJECTION: forcing a failure. [ 945.181950][T30578] name failslab, interval 1, probability 0, space 0, times 0 [ 945.209778][T30578] CPU: 0 UID: 0 PID: 30578 Comm: syz.3.10230 Tainted: G L syzkaller #0 PREEMPT(full) [ 945.209815][T30578] Tainted: [L]=SOFTLOCKUP [ 945.209823][T30578] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 945.209837][T30578] Call Trace: [ 945.209844][T30578] [ 945.209853][T30578] dump_stack_lvl+0x100/0x190 [ 945.209886][T30578] should_fail_ex.cold+0x5/0xa [ 945.209916][T30578] should_failslab+0xc2/0x120 [ 945.209948][T30578] __kmalloc_cache_noprof+0x91/0x6c0 [ 945.209986][T30578] ? snd_pcm_oss_open+0x5e5/0x1390 [ 945.210057][T30578] snd_pcm_oss_open+0x5e5/0x1390 [ 945.210099][T30578] ? __pfx_snd_pcm_oss_open+0x10/0x10 [ 945.210133][T30578] ? __lock_acquire+0x49f/0x1a40 [ 945.210170][T30578] ? __pfx_default_wake_function+0x10/0x10 [ 945.210204][T30578] ? do_raw_spin_lock+0x128/0x260 [ 945.210228][T30578] ? soundcore_open+0x231/0x5a0 [ 945.210257][T30578] ? __pfx_snd_pcm_oss_open+0x10/0x10 [ 945.210290][T30578] soundcore_open+0x2e3/0x5a0 [ 945.210320][T30578] ? __pfx_soundcore_open+0x10/0x10 [ 945.210347][T30578] chrdev_open+0x234/0x6a0 [ 945.210384][T30578] ? __pfx_apparmor_file_open+0x10/0x10 [ 945.210423][T30578] ? __pfx_chrdev_open+0x10/0x10 [ 945.210462][T30578] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 945.210491][T30578] do_dentry_open+0x6ab/0x14d0 [ 945.210526][T30578] ? __pfx_chrdev_open+0x10/0x10 [ 945.210569][T30578] vfs_open+0x82/0x3f0 [ 945.210605][T30578] path_openat+0x2873/0x4280 [ 945.210654][T30578] ? __pfx_path_openat+0x10/0x10 [ 945.210699][T30578] do_file_open+0x20e/0x430 [ 945.210737][T30578] ? __pfx_do_file_open+0x10/0x10 [ 945.210794][T30578] ? alloc_fd+0x471/0x7a0 [ 945.210831][T30578] ? do_getname+0x191/0x390 [ 945.210860][T30578] do_sys_openat2+0x10f/0x1e0 [ 945.210887][T30578] ? __pfx_do_sys_openat2+0x10/0x10 [ 945.210917][T30578] ? __fget_files+0x21f/0x3d0 [ 945.210957][T30578] __x64_sys_openat+0x12d/0x210 [ 945.210986][T30578] ? __pfx___x64_sys_openat+0x10/0x10 [ 945.211025][T30578] do_syscall_64+0x115/0x840 [ 945.211058][T30578] ? clear_bhb_loop+0x40/0x90 [ 945.211087][T30578] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 945.211111][T30578] RIP: 0033:0x7f7c5a79de59 [ 945.211132][T30578] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 945.211155][T30578] RSP: 002b:00007f7c5b6f9028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 945.211177][T30578] RAX: ffffffffffffffda RBX: 00007f7c5aa25fa0 RCX: 00007f7c5a79de59 [ 945.211193][T30578] RDX: 0000000000020342 RSI: 0000200000000100 RDI: ffffffffffffff9c [ 945.211208][T30578] RBP: 00007f7c5a833e6f R08: 0000000000000000 R09: 0000000000000000 [ 945.211222][T30578] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 945.211236][T30578] R13: 00007f7c5aa26038 R14: 00007f7c5aa25fa0 R15: 00007ffe116d7768 [ 945.211265][T30578] [ 946.102515][T30544] kexec: Could not allocate control_code_buffer [ 946.436024][T30602] netlink: 146 bytes leftover after parsing attributes in process `syz.1.10239'. [ 947.841254][T30636] netlink: 'syz.0.10250': attribute type 64 has an invalid length. [ 947.886194][T30636] netlink: 74 bytes leftover after parsing attributes in process `syz.0.10250'. [ 948.326910][T30645] netlink: 334 bytes leftover after parsing attributes in process `syz.3.10253'. [ 949.265310][T30664] netlink: 342 bytes leftover after parsing attributes in process `syz.1.10262'. [ 950.448480][T30690] FAULT_INJECTION: forcing a failure. [ 950.448480][T30690] name failslab, interval 1, probability 0, space 0, times 0 [ 950.562390][T30690] CPU: 0 UID: 0 PID: 30690 Comm: syz.0.10270 Tainted: G L syzkaller #0 PREEMPT(full) [ 950.562428][T30690] Tainted: [L]=SOFTLOCKUP [ 950.562436][T30690] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 950.562450][T30690] Call Trace: [ 950.562458][T30690] [ 950.562467][T30690] dump_stack_lvl+0x100/0x190 [ 950.562497][T30690] should_fail_ex.cold+0x5/0xa [ 950.562523][T30690] should_failslab+0xc2/0x120 [ 950.562554][T30690] kmem_cache_alloc_noprof+0x91/0x6a0 [ 950.562582][T30690] ? sk_prot_alloc+0x60/0x2a0 [ 950.562616][T30690] sk_prot_alloc+0x60/0x2a0 [ 950.562648][T30690] sk_alloc+0x36/0xe80 [ 950.562671][T30690] inet_create+0x3a0/0x1060 [ 950.562694][T30690] ? inet_create+0x94/0x1060 [ 950.562718][T30690] __sock_create+0x339/0x860 [ 950.562756][T30690] smc_create+0x163/0x290 [ 950.562792][T30690] __sock_create+0x339/0x860 [ 950.562828][T30690] __sys_socket+0x14d/0x260 [ 950.562862][T30690] ? __pfx___sys_socket+0x10/0x10 [ 950.562909][T30690] __x64_sys_socket+0x72/0xb0 [ 950.562942][T30690] ? lockdep_hardirqs_on+0x78/0x100 [ 950.562976][T30690] do_syscall_64+0x115/0x840 [ 950.563009][T30690] ? clear_bhb_loop+0x40/0x90 [ 950.563037][T30690] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 950.563061][T30690] RIP: 0033:0x7efdc699de59 [ 950.563080][T30690] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 950.563102][T30690] RSP: 002b:00007efdc7797028 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 950.563125][T30690] RAX: ffffffffffffffda RBX: 00007efdc6c26090 RCX: 00007efdc699de59 [ 950.563140][T30690] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 000000000000002b [ 950.563154][T30690] RBP: 00007efdc6a33e6f R08: 0000000000000000 R09: 0000000000000000 [ 950.563168][T30690] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 950.563182][T30690] R13: 00007efdc6c26128 R14: 00007efdc6c26090 R15: 00007ffd34c588f8 [ 950.563210][T30690] [ 951.085275][T30696] netlink: 4 bytes leftover after parsing attributes in process `syz.2.10273'. [ 953.343405][T30751] netlink: 25 bytes leftover after parsing attributes in process `syz.0.10293'. [ 956.288509][T30794] netlink: 25 bytes leftover after parsing attributes in process `syz.1.10308'. [ 956.324404][T30796] netlink: 350 bytes leftover after parsing attributes in process `syz.2.10317'. [ 957.163636][T30813] netlink: 342 bytes leftover after parsing attributes in process `syz.3.10316'. [ 958.540256][T30855] netlink: 78 bytes leftover after parsing attributes in process `syz.1.10328'. [ 959.134274][T23146] Bluetooth: hci3: unexpected event 0x30 length: 10 > 3 [ 959.400841][T30876] netlink: 12 bytes leftover after parsing attributes in process `syz.2.10335'. [ 959.485032][T30876] nbd: illegal input index 486543393 [ 959.528402][T30876] netlink: 12 bytes leftover after parsing attributes in process `syz.2.10335'. [ 959.577082][T30876] nbd: illegal input index 486543393 [ 959.804478][T30884] sctp: [Deprecated]: syz.0.10337 (pid 30884) Use of struct sctp_assoc_value in delayed_ack socket option. [ 959.804478][T30884] Use struct sctp_sack_info instead [ 960.154185][T30898] netlink: 28 bytes leftover after parsing attributes in process `syz.0.10341'. [ 960.205003][T30898] team0: Port device team_slave_1 removed [ 960.616350][T23146] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 960.647132][T30907] Bluetooth: hci0: unexpected event 0x08 length: 44 > 4 [ 962.252006][T30947] netlink: 146 bytes leftover after parsing attributes in process `syz.1.10359'. [ 962.698720][T23146] ------------[ cut here ]------------ [ 962.705367][T23146] refcnt < 0 [ 962.705629][T23146] WARNING: net/bluetooth/hci_conn.c:631 at hci_conn_timeout+0x16a/0x230, CPU#0: kworker/u9:1/23146 [ 962.719646][T23146] Modules linked in: [ 962.723765][T23146] CPU: 0 UID: 0 PID: 23146 Comm: kworker/u9:1 Tainted: G L syzkaller #0 PREEMPT(full) [ 962.735008][T23146] Tainted: [L]=SOFTLOCKUP [ 962.739361][T23146] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 962.749476][T23146] Workqueue: hci0 hci_conn_timeout [ 962.755250][T23146] RIP: 0010:hci_conn_timeout+0x16a/0x230 [ 962.760972][T23146] Code: 44 0f b6 2d 2b 08 71 06 31 ff 41 83 e5 40 44 89 ee e8 1a 6e 5c f7 45 84 ed 0f 84 02 ff ff ff e9 50 a4 c4 f6 e8 f7 73 5c f7 90 <0f> 0b 90 e8 ee 73 5c f7 48 8d bb fd f5 ff ff 48 b8 00 00 00 00 00 [ 962.780690][T23146] RSP: 0018:ffffc900052d7c18 EFLAGS: 00010293 [ 962.786792][T23146] RAX: 0000000000000000 RBX: ffff888036bb4a40 RCX: ffffffff8aacb74f [ 962.796029][T23146] RDX: ffff888033ce5d00 RSI: ffffffff8aacb849 RDI: ffff888033ce5d00 [ 962.805083][T23146] RBP: 00000000ffffffff R08: 0000000000000005 R09: 0000000000000000 [ 962.813201][T23146] R10: 00000000ffffffff R11: 0000000000000000 R12: ffff888036bb4000 [ 962.821215][T23146] R13: ffff888033ce61c4 R14: ffffffff91227844 R15: 0000000000000000 [ 962.829224][T23146] FS: 0000000000000000(0000) GS:ffff888123df8000(0000) knlGS:0000000000000000 [ 962.838185][T23146] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 962.844777][T23146] CR2: 0000001b34b1bff8 CR3: 0000000037202000 CR4: 00000000003526f0 [ 962.852810][T23146] Call Trace: [ 962.856398][T23146] [ 962.859342][T23146] process_one_work+0xa23/0x1940 [ 962.864315][T23146] ? __pfx_process_one_work+0x10/0x10 [ 962.869910][T23146] ? __pfx_hci_conn_timeout+0x10/0x10 [ 962.875317][T23146] worker_thread+0x5ef/0xe50 [ 962.879972][T23146] ? __pfx_worker_thread+0x10/0x10 [ 962.885140][T23146] ? kthread+0x13a/0x450 [ 962.889451][T23146] ? __pfx_worker_thread+0x10/0x10 [ 962.895826][T23146] kthread+0x370/0x450 [ 962.899958][T23146] ? __pfx_kthread+0x10/0x10 [ 962.904572][T23146] ret_from_fork+0x72b/0xd50 [ 962.910045][T23146] ? __pfx_ret_from_fork+0x10/0x10 [ 962.915180][T23146] ? __switch_to+0x800/0x10f0 [ 962.919936][T23146] ? __switch_to_asm+0x39/0x70 [ 962.924719][T23146] ? __pfx_kthread+0x10/0x10 [ 962.929349][T23146] ret_from_fork_asm+0x1a/0x30 [ 962.934147][T23146] [ 962.937333][T23146] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 962.944709][T23146] CPU: 0 UID: 0 PID: 23146 Comm: kworker/u9:1 Tainted: G L syzkaller #0 PREEMPT(full) [ 962.955916][T23146] Tainted: [L]=SOFTLOCKUP [ 962.960240][T23146] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 962.970299][T23146] Workqueue: hci0 hci_conn_timeout [ 962.975427][T23146] Call Trace: [ 962.978709][T23146] [ 962.981654][T23146] dump_stack_lvl+0x100/0x190 [ 962.986339][T23146] vpanic+0x552/0x970 [ 962.990329][T23146] ? __pfx_vpanic+0x10/0x10 [ 962.994850][T23146] panic+0xd1/0xe0 [ 962.998581][T23146] ? __pfx_panic+0x10/0x10 [ 963.003018][T23146] ? check_panic_on_warn+0x1f/0x90 [ 963.008167][T23146] check_panic_on_warn.cold+0x19/0x34 [ 963.013552][T23146] ? hci_conn_timeout+0x16a/0x230 [ 963.018585][T23146] __warn.cold+0x191/0x318 [ 963.023032][T23146] __report_bug+0x30f/0x440 [ 963.027550][T23146] ? hci_conn_timeout+0x16a/0x230 [ 963.032586][T23146] ? __pfx___report_bug+0x10/0x10 [ 963.037631][T23146] ? trace_contention_end+0x126/0x160 [ 963.043023][T23146] ? __mutex_lock+0x26d/0x1bd0 [ 963.047813][T23146] ? look_up_lock_class+0x55/0x120 [ 963.052941][T23146] ? register_lock_class+0x40/0x560 [ 963.058158][T23146] ? do_raw_spin_lock+0x128/0x260 [ 963.063188][T23146] ? hci_conn_timeout+0x16a/0x230 [ 963.068222][T23146] report_bug+0xb2/0x220 [ 963.072483][T23146] ? hci_conn_timeout+0x16a/0x230 [ 963.077516][T23146] handle_bug+0x16a/0x2a0 [ 963.081858][T23146] exc_invalid_op+0x17/0x50 [ 963.086375][T23146] asm_exc_invalid_op+0x1a/0x20 [ 963.091238][T23146] RIP: 0010:hci_conn_timeout+0x16a/0x230 [ 963.096879][T23146] Code: 44 0f b6 2d 2b 08 71 06 31 ff 41 83 e5 40 44 89 ee e8 1a 6e 5c f7 45 84 ed 0f 84 02 ff ff ff e9 50 a4 c4 f6 e8 f7 73 5c f7 90 <0f> 0b 90 e8 ee 73 5c f7 48 8d bb fd f5 ff ff 48 b8 00 00 00 00 00 [ 963.116495][T23146] RSP: 0018:ffffc900052d7c18 EFLAGS: 00010293 [ 963.122584][T23146] RAX: 0000000000000000 RBX: ffff888036bb4a40 RCX: ffffffff8aacb74f [ 963.130563][T23146] RDX: ffff888033ce5d00 RSI: ffffffff8aacb849 RDI: ffff888033ce5d00 [ 963.138544][T23146] RBP: 00000000ffffffff R08: 0000000000000005 R09: 0000000000000000 [ 963.146518][T23146] R10: 00000000ffffffff R11: 0000000000000000 R12: ffff888036bb4000 [ 963.154510][T23146] R13: ffff888033ce61c4 R14: ffffffff91227844 R15: 0000000000000000 [ 963.162495][T23146] ? hci_conn_timeout+0x6f/0x230 [ 963.167441][T23146] ? hci_conn_timeout+0x169/0x230 [ 963.172479][T23146] ? hci_conn_timeout+0x169/0x230 [ 963.177530][T23146] process_one_work+0xa23/0x1940 [ 963.182501][T23146] ? __pfx_process_one_work+0x10/0x10 [ 963.187908][T23146] ? __pfx_hci_conn_timeout+0x10/0x10 [ 963.193293][T23146] worker_thread+0x5ef/0xe50 [ 963.197903][T23146] ? __pfx_worker_thread+0x10/0x10 [ 963.203033][T23146] ? kthread+0x13a/0x450 [ 963.207288][T23146] ? __pfx_worker_thread+0x10/0x10 [ 963.212416][T23146] kthread+0x370/0x450 [ 963.216499][T23146] ? __pfx_kthread+0x10/0x10 [ 963.221124][T23146] ret_from_fork+0x72b/0xd50 [ 963.225730][T23146] ? __pfx_ret_from_fork+0x10/0x10 [ 963.230856][T23146] ? __switch_to+0x800/0x10f0 [ 963.235554][T23146] ? __switch_to_asm+0x39/0x70 [ 963.240344][T23146] ? __pfx_kthread+0x10/0x10 [ 963.244971][T23146] ret_from_fork_asm+0x1a/0x30 [ 963.249767][T23146] [ 963.252856][T23146] Kernel Offset: disabled [ 963.257189][T23146] Rebooting in 86400 seconds..