last executing test programs: 14.810976s ago: executing program 2 (id=2065): socket(0xa, 0x5, 0x0) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/loop13\x00', 0x60742, 0x0) write$auto(r0, &(0x7f0000000040)='//\xf2\x00', 0x80000000) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) timer_create$auto(0x0, 0x0, 0x0) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r1, 0x0, 0x0) mmap$auto(0x0, 0x2020006, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) unshare$auto(0x40000080) mmap$auto(0x0, 0x2020009, 0x2, 0xeb1, 0xfffffffffffffffa, 0x8000) r2 = socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) io_uring_register$auto(0x2, 0x11, &(0x7f0000000180), 0x83) sendmsg$auto_NL80211_CMD_LEAVE_OCB(r2, 0x0, 0x40000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) mmap$auto(0x0, 0x4, 0x4000000000e3, 0x40eb1, 0x401, 0x300000000000) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/devices/platform/vivid.0/video4linux/video42/power/control\x00', 0xc2902, 0x0) read$auto(r3, 0x0, 0x20) close_range$auto(0x2, 0xa, 0x0) socket(0x2, 0x1, 0x106) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000280)='/sys/module/kvm/parameters/nx_huge_pages\x00', 0x80302, 0x0) write$auto(0x3, 0x0, 0xffd8) mbind$auto(0x8000, 0xfa9d, 0x2, &(0x7f0000000280)=0x20000000000000fb, 0x3, 0x1) set_mempolicy_home_node$auto(0x0, 0x2010001, 0x0, 0x0) mmap$auto(0x0, 0xa, 0xdb, 0x9b72, 0x5, 0x8000) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_HWSIM_CMD_DEL_RADIO(r4, &(0x7f0000001a00)={0x0, 0x0, &(0x7f00000019c0)={&(0x7f0000000080)={0x1c, r5, 0x1, 0x70bd2d, 0x25dfdbfd, {}, [@HWSIM_ATTR_RADIO_ID={0x8, 0xa, 0x2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000080}, 0x4000010) 13.368510089s ago: executing program 0 (id=2068): socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) connect$auto(0x3, 0x0, 0x58) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/platform/vidtv.0/i2c-0/dvb/dvb0.dvr0/uevent\x00', 0x183800, 0x0) mmap$auto(0x0, 0x2020009, 0x7, 0xeb1, 0xfffffffffffffffa, 0x8000) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) listen$auto(0x3, 0x83) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0xffffffffffffffff, 0x8000) r0 = openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000000000), 0xc0402, 0x0) select$auto(0x3ff, &(0x7f00000000c0)={[0xe9, 0x3, 0x0, 0x7fffffffffffffff, 0x9, 0x7, 0xaf, 0x0, 0x5, 0x9, 0x9, 0xaa, 0x5, 0x10000080, 0x7]}, &(0x7f00000002c0)={[0x1d, 0x4, 0x6, 0x7b0, 0x6, 0xa, 0x8, 0x3, 0x5, 0xffffffff80000002, 0x5, 0xfffffffffffffffd, 0x1002, 0x100, 0x8db, 0x7]}, &(0x7f0000000340)={[0x3, 0x2, 0xa6d6, 0xda3, 0x7, 0x6, 0x8, 0xffffffff, 0x1ff, 0x800, 0x7, 0xd4f, 0x0, 0x6, 0x80000000000, 0x9]}, &(0x7f0000000040)={0x1, 0x4}) ioctl$auto_posix_clock_file_operations_posix_clock(r0, 0x40383d0c, 0x0) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x200000000000001, 0x0) r2 = socket(0x10, 0x2, 0x0) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_JOIN_MESH(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES32=r1, @ANYBLOB="3b1ce6edb55d7f4a1bcb01002bbd7000fedbdf254400000005002f01"], 0x28}, 0x1, 0x0, 0x0, 0x20000840}, 0x20000800) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000280)='/sys/devices/virtual/net/bond0/bonding/slaves\x00', 0x80002, 0x0) write$auto_ocfs2_control_fops_stack_user(r3, &(0x7f00000003c0)="8915417b735a96fa9da581b0a032975abfb54745baaeef241794ea872b4e7516dbdcc82ab1c9d25a5365a182a15467ff7ad1afbd872dffa41ecb904076172b904526631c2e4ac28a58e71bef7c0a48e9b796911e4162a63b0c21020102e7041efb25cb0c1898353d670d5f5ac909a757f64399af9852627f0a4d10199ecbb4cfdbc86d91f013bb425431a7b19a2892b982a445ea8c93986876bbd18c748cd823e1965643ef99a5a63fd9d0386be0ce3b6226286ec73ca6c6066c5a86cead0f7a", 0xc0) close_range$auto(0x2, r3, 0x0) r4 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/pagetypeinfo\x00', 0x43102, 0x0) read$auto_proc_iter_file_ops_compat_inode(r4, &(0x7f0000000180)=""/178, 0xb2) r5 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, 0x0, 0x20342, 0x0) ioctl$auto_SNDCTL_DSP_SETFRAGMENT(r5, 0xc004500a, &(0x7f0000000000)) mmap$auto(0x0, 0x400007, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) mmap$auto(0x0, 0x400008, 0x1, 0x9b72, 0xffffffffffffffff, 0x8000) read$auto(0x3, 0x0, 0x7fffffff) 12.779741773s ago: executing program 3 (id=2070): openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f0000000000)='/dev/usbmon33\x00', 0x121200, 0x0) mmap$auto(0x0, 0x4000002, 0xfffffffffffffe01, 0x8051, 0x3, 0x0) r0 = syz_clone(0x5004000, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = open(&(0x7f0000000100)='.\x00', 0x591002, 0x408) write$auto(r1, 0x0, 0xfffffdef) fcntl$auto_F_ADD_SEALS(r1, 0x409, 0x0) r2 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x8c42, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x1000, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) r3 = set_tid_address$auto(0x0) r4 = socket(0x11, 0x80003, 0x300) setsockopt$auto(r4, 0x107, 0xf, 0x0, 0x6) r5 = setfsuid$auto(0xee00) setresuid$auto(r5, 0x0, r5) msgctl$auto_MSG_INFO(0x8, 0xc, &(0x7f0000000200)={{0x9, 0x0, 0xffffffffffffffff, 0x800, 0x10, 0xad15, 0x7}, &(0x7f0000000180)=0xf, &(0x7f00000003c0)=0x3, 0x3ff, 0x5, 0x200, 0x0, 0x65, 0x7, 0x2, 0x3, @inferred=r0, @inferred=r3}) fstat$auto(r4, &(0x7f0000000300)={0x0, 0xf07, 0xaf4, 0x9, r5, r6, 0x0, 0x0, 0x8000000000, 0x74786f25, 0x1, 0x7, 0x40, 0x2, 0x1, 0xa841, 0x100000000000}) waitid$auto_P_PID(0x1, r0, 0x0, 0x7, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_REMOVE(r2, 0xc0405519, 0x0) r7 = semctl$auto_GETPID(0x19, 0x5a48, 0xb, 0x6) mmap$auto(0x0, 0x40008, 0x1000000004, 0x9b72, 0x2, 0x8000) userfaultfd$auto(0x1) ioctl$auto(r4, 0x6, r4) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_INFO(r1, 0xc1105511, &(0x7f0000000040)={{@inferred=r3, 0x8, 0x5, 0x4338, "0508ef5c02864dd5c35496fab129fe93e170b30016d0cf0a93b570d8ea6943760ea9119f58f5db6093defac0", @inferred=0xffffffffffffffff}, 0x10, 0x1, 0x3, @inferred=r7, @integer={0x7, 0x3fffc000000, 0x9}, "ece132c65533f6ae0f69aea0f58e0ec1fed8e73a2133901c005333801c23678a8922a550ace2a9c0c2c66c50c9048320382f8e2a87ac9e4a277621056af6f983"}) sendto$auto(0xffffffffffffffff, 0x0, 0x404, 0x0, 0x0, 0x1d) r8 = openat$auto_sw_sync_debugfs_fops_sync_debug(0xffffffffffffff9c, &(0x7f0000000280), 0xc02, 0x0) fcntl$auto_F_GETOWN_EX(r1, 0x10, 0x4) ioctl$auto_SW_SYNC_GET_DEADLINE(r8, 0xc0105702, &(0x7f00000002c0)={0x3ff}) 11.69736251s ago: executing program 0 (id=2071): socket(0x11, 0x3, 0x9) capset$auto(0x0, &(0x7f0000000000)={0x1, 0x6, 0x48}) mmap$auto(0x0, 0xa, 0xdb, 0x9b72, 0x5, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x4f64a1d5) socket(0xa, 0x4, 0x5) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000080), 0x88000, 0x0) ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0) socket(0xa, 0x2, 0x73) madvise$auto(0x0, 0xffffffffffff0005, 0x17) unshare$auto(0x40000080) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/module/usbcore/parameters/quirks\x00', 0xc0202, 0x0) r1 = openat$auto_cpuid_fops_cpuid(0xffffffffffffff9c, &(0x7f0000000500)='/dev/cpu/0/cpuid\x00', 0xad00, 0x0) readv$auto(r1, &(0x7f0000000680)={0x0, 0x40200}, 0x3) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000180)='/dev/snd/controlC0\x00', 0x0, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) setresuid$auto(0xffffffffffffffff, 0x0, 0x0) write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) madvise$auto(0x0, 0x2003f2, 0x15) unshare$auto(0x20000) unshare$auto(0x20000) mmap$auto(0x0, 0x202000d, 0x3, 0x200000000eb1, 0xfffffffffffffffa, 0x8000) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/virtual/mac80211_hwsim/hwsim0/net/wlan0/flags\x00', 0x189082, 0x0) sendfile$auto(r3, r3, 0x0, 0x1) prctl$auto_PR_SET_MM_ARG_START(0x9, 0x8, 0x0, 0x3, 0x527) 11.422297852s ago: executing program 2 (id=2073): socket$nl_generic(0x10, 0x3, 0x10) unshare$auto(0x40000080) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) listen$auto(0x3, 0x81) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) keyctl$auto(0x1f, 0x1, 0x6, 0x0, 0x3ff) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f2, 0x15) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_ETHTOOL_MSG_FEATURES_SET(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000040)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x40851}, 0x24008845) madvise$auto(0x0, 0x200007, 0x19) openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/pagemap\x00', 0x309801, 0x0) r2 = getpid() waitid$auto_P_PID(0x1, r2, &(0x7f0000000200)={@siginfo_0_0={0x87b, 0xff, 0x8, @_sigsys={&(0x7f0000000180)="a066b8e840c6311618ee915dcba2b561883f43193d2a5631fe8489c54c2e58e828919abdaea9ede3515e3e06ef5d9e26a3", 0xffffffff, 0x7}}}, 0x1, &(0x7f0000000340)={{0x1, 0x8}, {0x8000000, 0x9}, 0x8, 0x6, 0x8, 0x1, 0x9, 0x6, 0x69, 0x3, 0x6, 0x0, 0x2, 0x37, 0x4, 0x6}) mmap$auto(0x0, 0x200006, 0x2, 0x40eb1, 0x602, 0x300000000000) mmap$auto(0x0, 0x420009, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/virtual/block/nbd2/mq/0/nr_reserved_tags\x00', 0x8200, 0x0) read$auto(r3, 0x0, 0x20) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) bpf$auto_BPF_OBJ_GET_INFO_BY_FD(0xf, &(0x7f0000001480)=@enable_stats={0x8}, 0x2) r4 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000300)='/proc/self/smaps_rollup\x00', 0x40000, 0x0) remap_file_pages$auto(0x6a27, 0x1000, 0x0, 0xb74, 0x66a) madvise$auto(0x0, 0xffffffffffff0001, 0x15) read$auto_proc_pid_maps_operations_internal(r4, &(0x7f0000000480)=""/4083, 0xff3) 11.420555755s ago: executing program 3 (id=2074): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) r0 = socket(0x2, 0x80002, 0x73) r1 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video2\x00', 0x0, 0x0) ioctl$auto(0x3, 0xc0205647, 0x38) r2 = openat$auto_evm_xattr_ops_evm_secfs(0xffffffffffffff9c, &(0x7f0000000080), 0x100401, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_tcp_metrics(&(0x7f0000000ac0), 0xffffffffffffffff) sendmsg$auto_TCP_METRICS_CMD_GET(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000140)={0x14, r4, 0x1, 0x70bd27, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x4004055}, 0x400c0c0) write$auto_evm_xattr_ops_evm_secfs(r2, &(0x7f00000000c0)='.', 0x1) r5 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000080), r0) getpgid(0xffffffffffffffff) sendmsg$auto_NL802154_CMD_STOP_BEACONS(r1, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, r5, 0x400, 0x70bd2a, 0x25dfdbfb, {}, [@NL802154_ATTR_SCAN_DURATION={0x5, 0x24, 0x6}]}, 0x1c}, 0x1, 0x0, 0x0, 0x800}, 0x40100) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mprotect$auto(0x8000, 0x8, 0x8) syz_clone(0x4001000, 0x0, 0x1b, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x4000c, 0xdf, 0xbb72, 0x7, 0x28000) mmap$auto(0x0, 0x6, 0x2, 0x40eb2, 0xffffffffffffffff, 0x308000000000) io_uring_setup$auto(0x6, 0x0) r6 = openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000001c80)='/dev/fb0\x00', 0x20401, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x4606, 0x0) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event1\x00', 0x34d802, 0x0) r7 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000180), 0x109802, 0x0) close_range$auto(0x2, 0x8, 0x0) r8 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000080), 0x88000, 0x0) ioctl$auto_KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r8) ioctl$auto_KVM_GET_MSRS(r7, 0x4048ae9b, &(0x7f0000000100)={0x7}) 10.069829181s ago: executing program 3 (id=2075): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = socket(0x2, 0x1, 0x106) bind$auto(r0, &(0x7f0000000040)=@in={0x2, 0x3, @multicast2}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) write$auto(0x3, 0x0, 0xfffffdef) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x100) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) socket(0x10, 0x2, 0x4) sendmsg$auto_ETHTOOL_MSG_EEE_SET(0xffffffffffffffff, &(0x7f0000001700)={0x0, 0x0, &(0x7f00000016c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="d4000000", @ANYRES16=0x0, @ANYBLOB="100027bd7000fbdbdf2518000000200001800247eea41fac000014000200766574683100000000000000000000000800070063fbffff050006000100", @ANYRES32=0x0, @ANYBLOB="0400b3800000003d003b800400a4800c009a00008000000000000004008680c16ab1b1b39dcaa14b6af7dcc011b43cf706e562811c62b28a702b72e0a87126700294f2350000000c000180080003"], 0xd4}, 0x1, 0x0, 0x0, 0x20000010}, 0x20008000) syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x40000) mount$auto(0x0, &(0x7f00000001c0)='}[,&*}\x00', 0x0, 0x7fff, 0x0) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc6}, 0x1, 0x0, 0x2, 0x9}, 0x7}, 0x3, 0xa6) 9.866553614s ago: executing program 1 (id=2076): r0 = socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/mtrr\x00', 0x301000, 0x0) r2 = socket(0x22, 0x3, 0x0) bind$auto(r2, &(0x7f0000000040)=@l2tp={0x2, 0x0, @multicast2}, 0x5) ioctl$auto(r1, 0x40104d01, r1) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) close_range$auto(0x2, 0x8, 0x0) openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f0000000340), 0x189400, 0x0) r3 = openat$auto_bm_register_operations_binfmt_misc(0xffffffffffffff9c, &(0x7f0000000640), 0x401, 0x0) write$auto(r3, 0x0, 0xff) pwrite64$auto(r0, 0x0, 0x4e, 0x3) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/cgroup.threads\x00', 0x80302, 0x0) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) r4 = openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/usbmon0\x00', 0x0, 0x0) ioctl$auto_MON_IOCX_MFETCH(r4, 0xc0109207, 0x0) ioctl$auto_MON_IOCX_MFETCH(r4, 0xc0109207, &(0x7f0000000100)={0x0, 0x2000004, 0x7}) pread64$auto(r4, 0x0, 0x7ff, 0xd) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/037/001\x00', 0x20882, 0x0) r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/bdi/43:448/power/autosuspend_delay_ms\x00', 0x200, 0x0) write$auto_kernfs_file_fops_kernfs_internal(r5, &(0x7f0000000000)='\x00', 0x1) close_range$auto(0x2, 0x8, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x1) 8.087809202s ago: executing program 1 (id=2077): ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'veth0_to_team\x00'}) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) preadv2$auto(r0, &(0x7f0000000280)={0x0, 0x80000000}, 0x6, 0x3, 0x4, 0x2e) ioctl$auto_BLKFLSBUF(r0, 0x1261, 0x0) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, 0x0, 0x42, 0x0) mmap$auto(0x0, 0x202000a, 0x5, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x4, 0xa00006, 0x2, 0x100000000040eb1, 0x602, 0x300000000000) ioctl$auto_USBDEVFS_DISCSIGNAL(0xffffffffffffffff, 0x8010550e, &(0x7f0000000540)={0xfff, &(0x7f0000000180)="f2e37aa851f172bd24308737938225756749a2cd058f981d81224e731c1514b4fd0290f2fb02e666a68c1d72ad5615b16c73b5c0cedf17801dfece4a243f6e3a47ecc1c5db92b3500cefe0e7c269c25cd32701679442d287388dedeedd83d20b9d079d0a971a993bfa4a4499f8631caa1722a7a93bf39c2535ea752a9b05e21efeebdeaa71269153bdd6ba4fac9b230a6653e8cbaf66e11ea7c105"}) rseq$auto(0x0, 0x80000002, 0x8, 0xfd) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x112) rt_sigsuspend$auto(0x0, 0x8) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/event0\x00', 0x2000, 0x0) ioctl$auto_EVIOCGMASK(r1, 0x80104592, &(0x7f0000000000)={0x2000, 0x800004, 0x105}) ioctl$auto(0x3, 0x80004509, 0x10000000000402) ioctl$auto(0x3, 0x800005411, 0x38) mbind$auto(0x0, 0x800605, 0x1, &(0x7f0000000500)=0xffff, 0xa, 0x1) futex_wake$auto(0x0, 0x5, 0x4, 0xa) socket(0x11, 0x80003, 0x1d12) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x82940, 0x0) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000280)='/proc/thread-self/fail-nth\x00', 0x2, 0x0) getdents$auto(0xffffffffffffffff, &(0x7f0000001c40)={0x81, 0xffffffffffffffff, 0x4}, 0x4) socket(0xa, 0x3, 0x3b) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) 7.962065079s ago: executing program 3 (id=2078): openat$auto_proc_setgroups_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/setgroups\x00', 0x149002, 0x0) unshare$auto(0x40000080) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) socket(0x2b, 0x1, 0x0) listen$auto(0x3, 0x81) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x202000a, 0xffffffff, 0xdc, 0xfffffffffffffffa, 0x8000) r1 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f2, 0x15) syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_FEATURES_SET(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000980)=ANY=[], 0x14}}, 0x24048084) madvise$auto(0x0, 0x200007, 0x19) openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, 0x0, 0x103003, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x101001, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000001c0), 0x101000, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) r3 = openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x8001, 0x0) ioctl$auto_UI_SET_RELBIT(r3, 0x40045566, &(0x7f0000000040)=0x7fffffff) r4 = openat$auto_zero_fops_mem(0xffffffffffffff9c, &(0x7f0000000340), 0x80200, 0x0) pread64$auto(r4, &(0x7f0000000240)='\x03W\x96l\x15\x00'/21, 0x100000002, 0x100000001) close_range$auto(0x0, 0xfffffffffffff000, 0x0) mq_notify$auto(0xffffffffffffffff, &(0x7f0000000180)={@sival_ptr=0x0, @inferred, 0x0, @_sigev_thread={0x0, 0x0}}) mq_timedsend$auto(r1, 0x0, 0x2, 0x9, 0x0) 7.900138198s ago: executing program 2 (id=2079): mmap$auto(0x0, 0x20008, 0x4000000000df, 0x2000eb1, 0xffffffffffffffff, 0x3) move_pages$auto(0x1, 0x20007, 0x0, 0x0, 0x0, 0x8000000000000000) socket(0xb, 0xa, 0x4) mmap$auto(0x0, 0x20009, 0xe3, 0x100000eb1, 0x40000000000a1, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) bpf$auto(0x0, &(0x7f0000000100)=@query={@target_ifindex, 0x2, 0xff, 0x9f9f, 0x5, @count=0x1, 0x0, 0x200, 0x7dc0, 0x8, 0x8}, 0xa3) bpf$auto(0x1, &(0x7f00000001c0)=@raw_tracepoint={0x5, 0x3, 0x0, 0x3}, 0x4) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_tracing_entries_fops_trace(0xffffffffffffff9c, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x2020009, 0x5, 0xeb1, 0xfffffffffffffffa, 0x8000) setsockopt$auto(0xffffffffffffffff, 0x10000000084, 0x4, 0x0, 0x4) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/system/node/node1/compact\x00', 0xc2481, 0x0) writev$auto(r1, &(0x7f0000000080)={0x0, 0x1000}, 0x3) mmap$auto(0x0, 0x2020006, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) socket(0x11, 0x80003, 0x300) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000480)='/sys/module/zswap/parameters/compressor\x00', 0x82002, 0x0) write$auto_ocfs2_control_fops_stack_user(r2, &(0x7f0000003900)="fb", 0x1) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000001080)='/sys/module/i915/parameters/mitigations\x00', 0x88302, 0x0) sendfile$auto(r3, r3, 0x0, 0x7ffff000) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) semget$auto(0x7eb, 0xc7, 0xfffffffd) 4.491337743s ago: executing program 2 (id=2080): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4004810}, 0x800) mmap$auto(0x0, 0x238, 0x1000, 0x12, 0xffffffffffffffff, 0x28000) r0 = openat$auto_proc_mem_operations_base(0xffffffffffffff9c, &(0x7f0000001640)='/proc/self/mem\x00', 0x401, 0x0) write$auto_proc_mem_operations_base(r0, &(0x7f0000001680)="a7", 0x80047) mmap$auto(0x0, 0xe983, 0x6, 0xeb1, 0x401, 0x8000) syz_genetlink_get_family_id$auto_batadv(0x0, 0xffffffffffffffff) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) bind$auto(0x3, 0x0, 0x6a) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r1, 0x0, 0x20) r2 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r2, &(0x7f0000000200)={0x0, 0x7}, 0x3) mmap$auto(0x6, 0x800000002020009, 0x6, 0xeb6, r0, 0x8400) syz_clone(0x2360411, 0x0, 0x0, 0x0, 0x0, 0x0) llistxattr$auto(&(0x7f0000000040)='}[,&*}\x00', 0x0, 0x7) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) mount$auto(0x0, &(0x7f0000000180)='}[,&*}\x00', &(0x7f00000001c0)='nfsd\x00\xee\x1a\x8f\xa2~?\xe2\x82fg\xb3G\xbe\xc8\x12\xae\xc3\xc0@[\x99\xec\xbf(\xec\xc3\xb2\xf2\x15Zi\xc4S6\'\x14\x05\t\x8c\xd5?\xa0\x00\xd8\xe4\xafW\xcc\xa3\xce\tI\x95\xe12\xaclJ\xba\xeb\xe4\x83Z\xaev\xd7\xd9\xdd_\x14O\x84\xaa\x13W\xb7\x06\'fvQ\x95\xc5\xd1\x98\xe3T\xcdfk\xc7\xe9\x96\r\x91\xb0\xc46\xf2\xfc\xef\xfe\xa0\xc9d\xb3h$\xeb\xad\xa4P\x8f\xc3bM{4RQ\x00\x9d)_\xd81(\x03\xfd\rw\xca1\x88|\xe5\x1e\x10\x89X\x01\xe9\xf6g\x95xx\xaf\xa9~m\x05\xe1\xa8\xda\x80\xc5\x8f\xb41\x81\xf0\xa3\xa2\xe4\x81\xb9\x92\xda\x13\xfe5\xfb\xc6\xd8>\x01\xd4\x14', 0x5, 0x0) getcwd$auto(0x0, 0xffffffffffffffff) move_mount$auto(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x104) close_range$auto(0x2, 0xffffffffffffffff, 0x0) socket(0x2, 0x80002, 0x73) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) 4.283042433s ago: executing program 3 (id=2081): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4004810}, 0x800) mmap$auto(0x0, 0x238, 0x1000, 0x12, 0xffffffffffffffff, 0x28000) r0 = openat$auto_proc_mem_operations_base(0xffffffffffffff9c, &(0x7f0000001640)='/proc/self/mem\x00', 0x401, 0x0) write$auto_proc_mem_operations_base(r0, &(0x7f0000001680)="a7", 0x80047) mmap$auto(0x0, 0xe983, 0x6, 0xeb1, 0x401, 0x8000) syz_genetlink_get_family_id$auto_batadv(0x0, 0xffffffffffffffff) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) bind$auto(0x3, 0x0, 0x6a) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r1, 0x0, 0x20) r2 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r2, &(0x7f0000000200)={0x0, 0x7}, 0x3) mmap$auto(0x6, 0x800000002020009, 0x6, 0xeb6, r0, 0x8400) syz_clone(0x2360411, 0x0, 0x0, 0x0, 0x0, 0x0) llistxattr$auto(&(0x7f0000000040)='}[,&*}\x00', 0x0, 0x7) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) mount$auto(0x0, &(0x7f0000000180)='}[,&*}\x00', &(0x7f00000001c0)='nfsd\x00\xee\x1a\x8f\xa2~?\xe2\x82fg\xb3G\xbe\xc8\x12\xae\xc3\xc0@[\x99\xec\xbf(\xec\xc3\xb2\xf2\x15Zi\xc4S6\'\x14\x05\t\x8c\xd5?\xa0\x00\xd8\xe4\xafW\xcc\xa3\xce\tI\x95\xe12\xaclJ\xba\xeb\xe4\x83Z\xaev\xd7\xd9\xdd_\x14O\x84\xaa\x13W\xb7\x06\'fvQ\x95\xc5\xd1\x98\xe3T\xcdfk\xc7\xe9\x96\r\x91\xb0\xc46\xf2\xfc\xef\xfe\xa0\xc9d\xb3h$\xeb\xad\xa4P\x8f\xc3bM{4RQ\x00\x9d)_\xd81(\x03\xfd\rw\xca1\x88|\xe5\x1e\x10\x89X\x01\xe9\xf6g\x95xx\xaf\xa9~m\x05\xe1\xa8\xda\x80\xc5\x8f\xb41\x81\xf0\xa3\xa2\xe4\x81\xb9\x92\xda\x13\xfe5\xfb\xc6\xd8>\x01\xd4\x14', 0x5, 0x0) 3.99766895s ago: executing program 1 (id=2082): r0 = inotify_init1$auto(0x2) r1 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) unshare$auto(0x40000080) mmap$auto(0x9, 0x7fffffffffffffff, 0x107, 0x7ffe, r0, 0x17fff) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(0xffffffffffffffff, 0x0, 0xfff) write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) r3 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYBLOB='&\x00', @ANYBLOB="5de1"], 0x1ac}, 0x1, 0x0, 0x0, 0x8000}, 0x40000) read$auto(r3, &(0x7f0000002300)='MAC802154_HWSIM\x00', 0xfdef) mmap$auto(0x0, 0x200006, 0x2, 0x40eb1, 0x602, 0x300000000000) prctl$auto(0x0, 0x1, 0x4, 0x5, 0x7) getcpu$auto(0x0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) r4 = openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000100)='/dev/binderfs/binder1\x00', 0x0, 0x0) ioctl$auto_BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) select$auto(0xe, 0x0, 0x0, 0x0, 0x0) r5 = openat$auto_state_fops_(0xffffffffffffff9c, &(0x7f0000000040), 0x1e9482, 0x0) read$auto_state_fops_(r5, &(0x7f0000000180)=""/61, 0xfffffeeb) syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000180), 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x4, 0x4000000000df, 0x18, 0x401, 0x300000000000) prctl$auto_SECCOMP_MODE_STRICT(0xf, 0x1, 0x0, 0x9, 0x2) openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/config/target/core/alua/lu_gps/default_lu_gp/lu_gp_id\x00', 0x189002, 0x0) ptrace$auto(0x3, r1, 0x5, 0x4) syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000140), 0xffffffffffffffff) 3.991897057s ago: executing program 0 (id=2090): mmap$auto(0x400000000000, 0x6, 0x5, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) unshare$auto(0x40000080) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x41, 0x0) r1 = clone3$auto(&(0x7f0000000040)={0x43, 0x4, 0xa5e7, 0x10000, 0x1, 0x8000000000000000, 0x10, 0x5, 0xf, 0x1ff, 0x5185}, 0x1) prctl$auto(0x3e, 0x1, r1, 0x1, 0x0) setresuid$auto(0xffffffffffffffff, 0x0, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r2 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/audio\x00', 0x123002, 0x0) ioctl$auto_SNDCTL_DSP_GETBLKSIZE(r2, 0xc0045004, &(0x7f0000000000)) mmap$auto(0x0, 0x2020009, 0x3, 0xebf, 0xfffffffffffffffa, 0x80000001) unshare$auto(0x8) keyctl$auto(0x1f, 0x1, 0x6, 0x3, 0x3ff) madvise$auto(0xfffffffffffffffe, 0x240007, 0x17) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) unshare$auto(0x40000084) ioctl$auto_SNDCTL_DSP_PROFILE(r2, 0x40045017, &(0x7f0000000180)="d145d0e91274995474c3f52da5506c2b5db017d54aec541e9c8eb418c73025c7e03b9bc8e20791b4ce1c4f4db3f48f0246d00a9d3d16546f77c531039b9187bc82b91c8cc22987ceb2006b062985d7cbf928bad56be8db05e3504b3912e23aee4ea963405c575980c60b64308e6c636b5157dbd1380c04bc0614aa7382cb4ff3cdd5bc7f112690d8640b830c68706ff3f04a0846eb48e1be4eb2f5d0b03ef92d53705b83531f22fa6af3aa740b1a6904b64cf750f0c6971b55fab357bc236143ef33d74124d97b2eb796885d9c1c19c1069f21d7c046ad33c1aaeb31f469e0851bd9254c78ec81b894a2bb3a0b8627b485de483bc9523201b20c5b01") close_range$auto(0x0, 0xfffffffffffff000, 0x2) r3 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) ioctl$auto(r3, 0x4b72, 0xffffffffffffffff) madvise$auto(0x0, 0x2003f2, 0x15) madvise$auto(0x0, 0x200007, 0x19) rseq$auto(&(0x7f0000000280)={0xe, 0x401, 0x0, 0x806, 0x7, 0x2, "a005e2079990dbea867d20f42a909da4bd862dd72f80af99f59d86b567b54339f9b0684def766e0ed26bb934a5d4f977ea74add42aecf45ef5799ce682dcaae1bdd579f1e0a2644be3281def8a948ab91137d0d6577a9e7efd2639688d2ae832b4947ab26e0d4e8b00572342e2a8ac0fb63464ea1ee16b46cbfec625d3d196532879"}, 0x8003, 0x0, 0x8000006) signalfd4$auto(0xffffffff, 0x0, 0x8, 0x0) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) 2.607547265s ago: executing program 1 (id=2083): r0 = ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) socket(0xf, 0x800, 0x5) r1 = openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000040), 0x2001, 0x0) r2 = syz_genetlink_get_family_id$auto_ioam6(&(0x7f00000000c0), r0) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_IOAM6_CMD_DEL_NAMESPACE(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)={0x1c, r2, 0x9, 0x70bd2c, 0x25dfdbfb, {}, [@IOAM6_ATTR_NS_ID={0x6, 0x1, 0x3}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40000}, 0x808) ioctl$auto(r1, 0x400454d0, r1) r4 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace$auto(0x10, r4, 0x8, 0x7fe) ptrace$auto_PTRACE_DETACH(0x4212, r4, 0x8, 0xd) pread64$auto(0xffffffffffffffff, 0x0, 0xf42c, 0x400) socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x3c}}, 0x54) r5 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) r6 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000000)={'virt_wifi0\x00', 0x0}) sendmsg$auto_NL80211_CMD_SET_WIPHY(r6, &(0x7f0000000080)={0x0, 0xfce6, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="130036bd7000fbdbdf250200000008000300", @ANYRES32=r7, @ANYBLOB="0800610002000000"], 0x24}, 0x1, 0x0, 0x0, 0x4004080}, 0x20040894) close_range$auto(0x0, 0xfffffffffffff000, 0x2) eventfd$auto(0x4) socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0xfffffffd, 0x5, 0xffffffff, 0x0) waitid$auto(0x9, 0xffffffffffffffff, 0x0, 0x9, &(0x7f00000001c0)={{0x4, 0x4000000000002}, {0x3}, 0xffffffffffffff74, 0x3ff, 0x4, 0x3, 0x4, 0x3, 0x7c3, 0x6, 0x1, 0x3, 0x8, 0x2, 0x9, 0x200}) r8 = openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f0000000580), 0x2802, 0x0) ioctl$auto__ctl_fops_dm_ioctl(r8, 0xfffffff7effffd0a, &(0x7f00000001c0)) unshare$auto(0x40000080) setsockopt$auto(0x3, 0x10000000084, 0x7b, 0x0, 0xd) setsockopt$auto(0x3, 0x7f, 0x7e, 0x0, 0x8) 2.569966298s ago: executing program 3 (id=2084): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) timer_settime$auto(0x0, 0xffff8000, &(0x7f00000000c0)={{0xf, 0x10007}, {0x0, 0x800}}, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/system/memory/memory12/power/control\x00', 0x100, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000280), 0x8000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000740), r1) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) migrate_pages$auto(0x0, 0xa, &(0x7f0000000100)=0x5, &(0x7f0000000140)=0x2) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) move_pages$auto(0x0, 0x1002, 0x0, &(0x7f0000001140), 0x0, 0x2) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/tty38\x00', 0x301, 0x0) write$auto_tty_fops_tty_io(r2, &(0x7f0000000080)="976f09bd689a850edbe36136c8515f5b3331280bb0b4ba0edd7932ab185cca0dd500a70a2c064833fd9b4b", 0x2b) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x0, 0x0) ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0) ioperm$auto(0x7, 0x6, 0x2) unshare$auto(0x5) close_range$auto(0x2, 0x8, 0x0) r4 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000140)='/proc/asound/card0/pcm0c/sub0/hw_params\x00', 0x60800, 0x0) read$auto_proc_reg_file_ops_compat_inode(r4, &(0x7f0000000200)=""/220, 0xdc) io_uring_setup$auto(0x6, 0x0) close_range$auto(0x2, 0xffffffffffffffff, 0x0) open(0x0, 0x22240, 0x55) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x1adf82, 0x0) ioctl$auto(0x3, 0x80286f4e, r5) mmap$auto(0x100000000000, 0x200006, 0x2, 0x2000000040eb1, 0x602, 0x300000000000) ioctl$auto(0x3, 0x4038ae7a, r0) 2.376306856s ago: executing program 0 (id=2085): mmap$auto(0x0, 0x2020009, 0x3, 0x9000400eb1, 0xfffffffffffffffa, 0x4000008000) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/audio\x00', 0x20342, 0x0) openat$auto_ftrace_subsystem_filter_fops_trace_events(0xffffffffffffff9c, &(0x7f00000006c0)='/sys/kernel/debug/tracing/events/vmalloc/filter\x00', 0x103041, 0x0) r1 = socket(0x11, 0x80000, 0x5) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000280), r2) sendmsg$auto_HWSIM_CMD_REGISTER(r2, 0x0, 0x0) sendmmsg$auto(r1, &(0x7f00000001c0)={{&(0x7f0000000000), 0x5aa, &(0x7f0000000100)={&(0x7f00000003c0)='\a', 0x5ea}, 0x5, 0x0, 0x0, 0x1001}, 0x5}, 0x2, 0x2) close_range$auto(r0, 0x8, 0xfffffffc) socket(0xa, 0x1, 0x100) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0x800000000000eb1, 0xfffffffffffffffa, 0x8000) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/net/ipv6/conf/lo/disable_ipv6\x00', 0x82, 0x0) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/virtual/block/loop10/queue/scheduler\x00', 0x2440, 0x0) read$auto(r3, 0x0, 0x20) writev$auto(0x3, &(0x7f0000000080)={0x0, 0x1}, 0x3) close_range$auto(0x0, 0xe903, 0x2) socket(0x1e, 0x4, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x11, 0x2, 0x4002) setsockopt$auto(0x2, 0x1, 0x50, &(0x7f0000000000)='\x00', 0x40) write$auto(0xffffffffffffffff, &(0x7f0000000040)='//\xf2\x00', 0x80000000) getrlimit$auto(0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ioam6(&(0x7f0000001180), 0xffffffffffffffff) 1.758828739s ago: executing program 2 (id=2086): openat$auto_debugfs_full_proxy_file_operations_internal(0xffffffffffffff9c, &(0x7f0000000240)='/sys/kernel/debug/netdevsim/netdevsim3/hwstats/l3/disable_ifindex\x00', 0x1242, 0x0) r0 = openat$auto_snd_pcm_f_ops_pcm1(0xffffffffffffff9c, &(0x7f0000000400)='/dev/snd/pcmC0D0c\x00', 0x1200, 0x0) readv$auto(r0, &(0x7f00000004c0)={0x0, 0x5}, 0x369) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/loop11\x00', 0x0, 0x0) mmap$auto(0xce80, 0x1, 0x4000000000de, 0x40eb1, r1, 0x1) r2 = socket(0x29, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x40000) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) r3 = socket(0xa, 0x801, 0x106) setsockopt$auto(r3, 0x6, 0x21, 0x0, 0x10) close_range$auto(r1, r2, 0x1) r4 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) getrandom$auto(0x0, 0x6000000, 0x3) mmap$auto(0x0, 0x810004, 0x2000000efb, 0x8000000008011, r4, 0x8000) ioctl$auto_BLKRRPART(r4, 0x125f, 0x0) mmap$auto(0x0, 0x400004, 0x9, 0x9b72, 0xffffffffffffffff, 0x8000) r5 = openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000000000), 0x100, 0x0) ioctl$auto_SNDRV_TIMER_IOCTL_PVERSION(r5, 0x80045400, &(0x7f0000000040)=0x10) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xf8, 0xfffffffffffffffa, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) r6 = socket(0x11, 0x3, 0x9) syslog$auto(0x9, &(0x7f0000000080)='..\x00k\xac\x8c\x1d\x0e\x98\x80\xd2\xaf\xa1\xf2\x1e\xe1R1\xa2\x8e\xce\xa0\x17\bI3\'\xc5tw\xd7\x1d\xa6\xf4#+\xfa\xd7\x01\xb9j<\v\xf47\n\xa7\xd2\x8b\x11e1\xb3\xfdd\x04\xa9 1q\x97\xc4,\xa9^\xc1\xb6\xa1q\x0f\xd1\x013\x87l\xb9\x1e\x05\x90\xa2', 0x7) r7 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$auto_VHOST_SET_OWNER(r7, 0xaf01, 0x5) ioctl$auto(r7, 0x4008af03, 0x0) ioctl$auto_VHOST_NET_SET_BACKEND(r7, 0x4008af30, 0x0) close_range$auto(r6, 0xffffffffffffffff, 0x0) 1.365121392s ago: executing program 1 (id=2087): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = socket(0x2, 0x1, 0x106) bind$auto(r0, &(0x7f0000000040)=@in={0x2, 0x3, @multicast2}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) write$auto(0x3, 0x0, 0xfffffdef) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x100) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) socket(0x10, 0x2, 0x4) sendmsg$auto_ETHTOOL_MSG_EEE_SET(0xffffffffffffffff, &(0x7f0000001700)={0x0, 0x0, &(0x7f00000016c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="d4000000", @ANYRES16=0x0, @ANYBLOB="100027bd7000fbdbdf2518000000200001800247eea41fac000014000200766574683100000000000000000000000800070063fbffff050006000100", @ANYRES32=0x0, @ANYBLOB="0400b3800000003d003b800400a4800c009a00008000000000000004008680c16ab1b1b39dcaa14b6af7dcc011b43cf706e562811c62b28a702b72e0a87126700294f2350000000c000180080003"], 0xd4}, 0x1, 0x0, 0x0, 0x20000010}, 0x20008000) syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x40000) mount$auto(0x0, &(0x7f00000001c0)='}[,&*}\x00', 0x0, 0x7fff, 0x0) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc6}, 0x1, 0x0, 0x2, 0x9}, 0x7}, 0x3, 0xa6) 1.315906802s ago: executing program 0 (id=2088): mmap$auto(0x0, 0x2000c, 0xdf, 0x20eb1, 0x40000000000a5, 0x8000) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) ioctl$auto_BLKRRPART(0xffffffffffffffff, 0x125f, 0x700000000000000) r0 = socket(0x10, 0x2, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0x6, 0x1, 0x9, 0x7, 0x3b, 0x3ff, 0x1ffde, 0x7, 0x6, 0x2, 0x9, 0x3, 0x6, 0x4, 0xb2, 0x9, 0x3, 0x40fffc, 0x80, 0x7, 0x40000, 0x7, 0x2000, 0x200, 0x0, 0x81, 0x0, 0x7, 0x0, 0x0, 0x0, [0x1000000001, 0x0, 0x4, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x2, 0x6, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x7]}, 0x202, 0xd) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="10002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x5}, 0x7, 0x0) acct$auto(0x0) r1 = socket(0x10, 0x3, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r2, 0x0, 0x100000a3d9) mmap$auto(0xf0, 0x400009, 0xdf, 0x9b72, r1, 0x8000) socket(0xa, 0x5, 0x0) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event1\x00', 0x31f882, 0x0) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000180), 0x109802, 0x0) close_range$auto(0x2, r3, 0x0) r4 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000080), 0x88000, 0x0) ioctl$auto_KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r4) bpf$auto_BPF_OBJ_GET_INFO_BY_FD(0xf, &(0x7f0000000380)=@bpf_attr_1={0xffffffffffffffff, 0x7, @next_key=0x3, 0x1ff}, 0x8) ioctl$auto_KVM_GET_MSRS(r3, 0xc008ae88, &(0x7f0000000040)={0x7, 0x0, [{0x400000b5, 0x2, 0x6}]}) msync$auto(0x7, 0x8, 0x400000004) open(0x0, 0x163340, 0x2c) ioctl$auto_TIOCVHANGUP2(0xffffffffffffffff, 0x5437, &(0x7f0000000280)="34516f7276dfaacf46facb8323edc3f98472075577769a1f838e20ecf400bfb58bb5") prctl$auto(0x35, 0x0, 0x8, 0x0, 0x400) 538.53817ms ago: executing program 2 (id=2089): mmap$auto(0x0, 0x2, 0x1000000000000007, 0xeb1, 0x0, 0x1008000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/bdi/250:0/read_ahead_kb\x00', 0x5e30523b26a2a748, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_seg6(&(0x7f0000000200), 0xffffffffffffffff) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) r3 = socket(0xa, 0x5, 0x84) setsockopt$auto(r3, 0x10000000084, 0x20, 0x0, 0x7) sendmsg$auto_SEG6_CMD_SET_TUNSRC(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x28, r2, 0x1, 0x70bd25, 0x25dfdbff, {}, [@SEG6_ATTR_DST={0x14, 0x1, @mcast2}]}, 0x28}}, 0x20000040) sendmsg$auto_NLBL_MGMT_C_REMOVE(r1, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x2c, 0x0, 0x100, 0x70bd27, 0x25dfdbfe, {}, [@NLBL_MGMT_A_VERSION={0x8, 0x3, 0x9}, @NLBL_MGMT_A_CLPDOI={0x8, 0xc, 0x3ff}, @NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x67ed}]}, 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0xc0) r4 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty19\x00', 0x800, 0x0) ioctl$auto(r4, 0x4b62, r0) close_range$auto(0x2, 0x8, 0x0) r5 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r6 = socket(0x2, 0x1, 0x106) bind$auto(r6, &(0x7f0000000040)=@in={0x2, 0x3, @multicast2}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) ioctl$auto(0x4000000000000c8, 0x400454cc, 0x6f) write$auto(0x3, 0x0, 0x1) write$auto(0x3, 0x0, 0xfffffdef) recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd) write$auto(0x3, 0x0, 0x100000000) socketpair$auto(0x3, 0x5, 0x8, 0x0) setsockopt$auto(0x3, 0x0, 0x13, 0x0, 0x9) ioctl$auto(0xc8, 0x400454ce, 0x5c8d) close_range$auto(0x2, 0xa, 0x0) ioctl$auto_KVM_CREATE_VM(r5, 0xae01, 0x0) close_range$auto(0x2, 0xa, 0x0) 153.121219ms ago: executing program 1 (id=2091): close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) getdents64$auto(0xffffffffffffffff, &(0x7f0000000ac0)={0x5, 0x2, 0x5, 0x10, "5fd42d2266a8a18d1c1de1e81b17ef92fcc21928e7d6a0536f96e09d86aa0325b8315e496588603dfa2eb3c790aa0bb7ded07c016c319a10bf1bce5ae65da02347cfad43ea6334ea7fe1eaf8fa7df21ecfedc214f70172787d7291c1042456d02c20a4fe2e0a2ddc46349489ef00d348e9beaf500ad464c86dcc8769507f8d677bdc7fcce0bd9407ad41e290391c685095eb9e8ae3c49d2b32f3184e8e2ddb381fc50901b4480c8c2735dcfa6c2f2ef92391c9d60a03399da809d257ed50f8d5623ed9bd8949d63f9f5fc26a48955da87393227f92b0ec705599a4d5c2dc05dd6ca0e02c41ecfbce2a27e1fd6b46d05e01c26094c2403512113ceb4ebce2e8a23b4520628270632fc81909efe27cce404503bac907b3a198b9fb74826df86e22650150b4f532f64fc8254415111d5e46d553d0addbb478c2c968a08a88e924275947e9fc3728303269c4439412a5fbed2dd80bf64ae14715f26549e1aa62888201330ecee58c30fabb928d6ce6ec89effc0610c62688d16afe59f0366ab90e4f3d9879be1f79c2a3f648e69e89fce1f2ea3f40a439e33ee847265150acf0c33d83b1ca194b23b0dacdbcf92e6213f9c5a6582e7518efe5e8cca2025b4f487e6f3641d350318c7f1b94fc75d7c2c90de480d391230a8dba0a892c4d9f1828b40e06ff528e2a6b0021595f7594cabfc6b955b4b62eee54e2e96fa18f6c6273c2293888a76c1f7e5424e927b1b6eb31fe427573fc96de81575db6d8003d110f5654b293d4ee17bbff61b283bd7982e5e4d291537f3f0a76fce8371ce794c0f016ee762b0b6cb72ab8b385e1617a117ac72cc6f807020e951ce80fc58c89fb48ff5bc15bfa729eec6f6333d44d65f899f585441a5cf6a485e0a0919c301316e91241215b4f764e87c5cc98b22081e17671ed1fb999e5efb98a81bec5a2ccfc291f29c297832a086dcdbec9321f4bce9f0f932b46c6c11abe9c2d4d5f7dfd52b9e326e64b575c8046cb2c1d612cf15c2391682ee692dd249554ece71c65c6574f3089c1009f71e19f94684b6bbd87bb80784afaa58a3652c896331472ae04c2a5f8e67f5eb56a76fbe10a1e4c9bfb9b916ce5ba015fb26f581bfd2dbc7e9f06e40661814e3086e0b4c1f7bc794248d26eb7c9e8d412679e042c54fb5659805688c25172727fc02c06452710181a53db904f18b0d6bfcdaced3dc9f0712f1e5cfa1d0271e65b8a7371c5e50219b46e06ca89455e7c2501254084285ea757ba5d66bc5a8694cf51289bd5a8c5d6b141307530e895f1082b2bc7498e34393da96b059dca3409b5d00d20ecf4460259b571f7174d01cd8ece0c4f83c0231313c9ae572110c63a14ac4e4ab958c0dacb63eadca9e02cf7117ee451b0ca860e9896ab6a72ce00a7a4b157e7384b35cebbeec238411bc901a5d8541f87dc8e9cbc69777ebefcfcc4bed55902a264ef0ea01017bc6a9e3eadd4ce5a5ce3aead20a7eb441a00a2278e52903eee74b0f9a393406914c8873412713b139abe4a240a185a71877dbec93a633dd29e2685b471eb233f1c41180528a06e150fefb4c89f857dc69dba87a05743df4c011226f0a1271b4f5b3d92756e7d390bcace7bbd0256c67e5d1f3bd8336a3dbd24a236ac1c20da9f42384dad06d4dac824840dc5ad6a71314763a714a05ec056e47bcf7096b34f24323163c33b0bc4662a08fbb9d28c55fe7152d9a9fb402dba7cb3b79571780b62a3dc662b2230b9312eea4af4f0ede14dfc1eca3b7c6d6005a91e497da68f790c1c589188998c946be168f710d89ab718e26103b34d2cad4622de510eade88b088611e942c286d894f630f0c36c0bf3cafbe251ea950954152689010fd912040ed6822f89b96c762693db5bcc5f6aea8f9a9d8a87d48352daa80209b6e191d3dbead277635371b50569d23af86276adc93703c077bb93176af6190e01649b200e32837489000ab23868ff40e26f412eff56bcbee1a6f45dedcdc28bf4004b293436260710eb9a0841e9799e8c059c76626293abc02dc700e00d4c9426e0014502805f137ed46e0aad93ad6b409fb410494134a34a1ec57e362b0f0b156e41931f87b7b155cefd656d3ea4115eec2bd6721efe63fbfa74585407d7b020a5311e567de5b3bc44a899284f385282ba50fa7eaae78c9a3e6a9ab457d5affa6a8e0cae302f62d1411b39fdcae30164217696e22a96d823566ed5234d4ef0ca8ed0f6cf73dc0f48fc13eea6c5f00f0fa770be6e80a583d72e6bc35d5fdf1129874e2d23d1b6668b2cacd872628490a5724b095199e6ce3b2229cab8a8cdc14999738e6a34d6416d4b8aed744da4c62fa94fe03b0fd5aa02db9049a1ac18f9e376afab43c8ddf1d153e107f7ab17e6960c5bbcb0b1f4f04273296ca7676e2d0f7729dc93a47a99d4619cdc0fd0c21434ab5dc7e2bc08006bc1b3bb0cbfba9e0d68bb046b86d4aa11c757d14905a6cd0e6b34bff03ec390e4bf0bba8a1075512d7fc7cb18ab6cac69cfd53c7dd9149d5e8b176366ba25f9541a04fe7da31ea8e93609752cb00eaac8a602d0c5bd538e8187c08c7e0109d85e116ed6b5b0817873dc2cd939bf90c1fa530fa0040e9842e1b8701df3ee3e188cb65c1998c40f6db69e207cdac6122d1c63c2d6a4c657f0e9c43e670f84d569b3b8daf3fb51b3923e8dfd538f63822891c2fabdc0e898902e548c3d8a4d85c1d7779f9f13fd4eb4a041ad5eb6bd3e5e636e52b6dd7c08e5584e613f45e05265c554a6bcb0f9b5cdc727e036a683295843b3282ed679a267908625f2149664f154677906d229dec379d0cc6cfa663192007573eb230cff9c0d4e96ba5b2845b6500524459e0b919bcd599569f51746d37b7ec74da303ae0257caf6292eac562dd930d0b549c96e3b7d5fd119e4c5cda3cdc325b2912b0f5e489d4653b6615358c88e2439fbd4c868fcc21adf1436b25ea75b77dc1559c2e0659eb39ff837228bbc6eab64a8dbbeb9e813d6c79bd8a1fa5c344f8569d016922706999f27c253ad6b87fe772d7a75515b77d1ed973fe6a7abcff1d7bede5217b4b524e07d263ba57fff971d0b0fd9621ffe4b5cb1665ccdbdeb654565040d5e5b10ff1cde5c41158cce32af16bc8e316ca77b8411fb47de92722d181e348a5b40123131cf8d51657a6c7de0d6a33beb0003149027ebd8d23dde55ed5477f00d6cc8b0077bd010346d90be15983b05e313bdfada8338191609320d1cf1b6f227a82816451bea078846a4eb6fb51231bd7980a689cda8462b8e760ce0850bdea2e7db27b4d6edc63864817e32714bc91cc704a2b2da8b0b6420205f6d3fa2a1d6d431810a1ed7c6971db31602ec8aabf05f2c6acc4a64e38c5a92ab293dbc781d4500773d81c0d1f5146132cd28877900c8317bc64f356c1b536e57c3348009f7d81b0450efa01844b91aa5a6883f56c6f4e18e5da00de836f98ea09b2ba451bb1a8f1b3e4aef7ee8841904fd097471c3fc7c8ddae2f1895d794fa5d7766dad77f6ab0e8b08e665fb966d652869d2c7c9e93e66c19552b5e22775293ec96f3469408d419eddacacaf49dd7e69eba32b904e192667c5ba2f74a2c0479b92a0205d3175fd3fbbd59ede6bafefbd16a684b94f885ebdc944424a3b6ed3c1e85879c1449f73ba20329a9a92077cdf0963cf5773b347221a077fc6add86da13e70e8d76b5dbefdda1f415c6a4465fe79d03d6f30699a772264aa4216e500ba059a8c02ba55569878a091bdbd2b47f4f2abf8f67c16195c024e639fb83a13c3f838e6c29d0e853227a38e35a977a75398fde806b9f3fb1886a1fec0a030f6ba004a20bb64a7808695c399a4a5a5f24877ea5d3acef157b616eceadb1dd39f6dce200699ca951cb49c369ef4e578c7d251ecbe08efc798a5cbef8d11cb88442406bce97b7e0d1ee4e7d1f834e2bf92354ea2d153678beaf3053a7a699baf22e36df80187a14e3505c306d0bc43d56f5d5820d28d04adf90e3b02b4315098c80df2a102c5cc80ba2e4a1aa9bdb7b94faa6523437ac5582f9aa5f804d879e8f5d156fa713b2024bbc3f22a3bed576ced05dd4354fb9565384236f4354b8e786157b56bf7e69746afb56129edf0e60154b6cc3758068361df2441bfcc2034ca0bcd00d14edfd1a4caf049c887c821366c840fc254adc640c05fbe3307ae5609e5e6f53ad4bd373bfd1af04c381c73b632e345ab3a7fe8cf74caeb794ff33650ce3005f008a33a452ed876e8e1fe3c4fa0c8f54821cfcb455c6ce90952f1633c3cfc535be39724f3178745e334472b702ecc635d82de5c0d6bbef2cf07f1c3825bbed99f5dece382ca35e28423fe839fac2c58dfbbfe042e2918f64d644a0be8ace6ca0597c838123802f4a1fe4b9eb6c132e0b96aeb0333414f81fffdd132e1f818199a8d840707f70c4751a84eb5f851e074828bc054468c817e219fdeae9e0880a5fea1857092a5f318d5d2a1fb7d3677fd3a25476ef60378f9a474285fbac33d0e46f99ca5f61cff57dc595e28b1a91531d028c19219c6e5f7c98f35a08ed8aaf5f799c00b853e9b7e008f72f3bb085fb733a90526d1b3207f9a8e4e027470387ed1aef5d53f67ed6b7d370d1f7e45c1dcfde684b954a13127da889a394f139900dc0bbedd5078830f773efc690a90d5f93c619d8a1f0c9e2944a4d477222b2f178419e786dc9401818b74ac96b5cbd3a937da2cde3a39e021cd5f40d2220d7b4d5f79859420e2c64e944249c2d3bbfdd2890e8790d1b803f282b2c9d3e2dbc7efc935e9f8211729217934df90c51646bbeaedf410f1fafd47c2bb43fdd7dbbed876092c0f8a4c4f874edee2b31efc61a0788ca5326aa0e1f6cc062339c38b281800fff2c729254e92a2612ce2ae64296152c0bff5d591c2f75cb4d3471d820010a30b48e54eddb91033b7e6a18e93b6ed49f32e2544c7748fb44b1dea5413becaaf19414bd586144a6c8b7550562a3d6fd6d73157b463a9ac379d6bd72a4c46922adcb8298444ebfaaea2a9d1a5d4225b548ad2ff9eaf36b6172694054ef1850fcef998d9883afcea6261178baa0570db510301b7faa67f7ad17fabfc65e5d1c3b1da14720d13b0c903cc9b8f73ea03c36e2e44cbf08dcccfa086a586ffcf0e58b620327ba859fee726c9de3a01af3f2572a891f664e00af9286bf762ec83f0e619d7d177da26dd816ac13ee3aa04339d94740e5b38a2439dec98e9cb5f04c7663840c5b86b6d9583f417a4dafbf66be283eb02260979a64e9074940ddac77dc3eed6c8c6ede1d9149faa69cb98fef7839b63608f72cf5bdbaf116585aa0e39b58ecf64c0cb37e04a6155469b20cb11f8f0f688374f4d80b9bf95ea2f1494388469737d2873b3ba850596c61c81407e16baec6fd2f0693cb58ae34337aa4fca1af41496573d392e36458a19500eaea9b9b8d31f6a8ca8b99778b1638bfce383428947d8401fe711fcb1de9e2a4126c1ceaa369369133e3a8a519d05eba20ceae0ce2d0c9543739d440e9cefaf17d4c84ab954ab52874683428bfb41006530c6c33e5a2f6e8a6562956ed402ad2ec02d27c046b50cb0bb47aae0ab9360f0255293161a082e3efef1d8df365bbc865dd75075bfd197716f5f1836beea87b5c3e535176ce4243d339a208270055924218368b1e3e7b9c1ea299ccfe3a841a757d76d8dc872eadcc257a9b991c583810bafb1423401cf61ad2dac50858f0a2749e411f7e2beb25d9de0231beb7799943df68a45286952ba35ab1639d9dde39f8250212103d2beafa97970"}, 0x1) socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0) socket(0x11, 0xa, 0x300) sendmmsg$auto(0x3, 0x0, 0x9a6, 0xa00) kexec_load$auto(0x5, 0x2, &(0x7f0000000100)={@kbuf=0x0, 0x2aa7, 0x6c0000c000, 0xc000}, 0x6) unshare$auto(0x40000080) write$auto(0xca, 0x0, 0x7f) r0 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000005440)='/dev/snd/controlC1\x00', 0x2000, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r0, 0xc0045516, 0xfffffffffffffffd) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/tty12\x00', 0x101840, 0x0) ioctl$auto(r1, 0x5427, 0xffffffffffffffff) sendmsg$auto_GTP_CMD_NEWPDP(0xffffffffffffffff, 0x0, 0x4000804) lstat$auto(0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x3, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NL80211_CMD_VENDOR(r2, &(0x7f0000001780)={0x0, 0x0, &(0x7f0000001740)={&(0x7f0000001700)={0x14, 0x0, 0x705, 0x70bd27, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x80) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/pcrypt/pencrypt/parallel_cpumask\x00', 0x80302, 0x0) socket$nl_generic(0x10, 0x3, 0x10) semctl$auto_GETPID(0xe9, 0x5, 0xb, 0x43b4658a) write$auto(r3, &(0x7f0000000340)=',02.15.4 ]\x98\x0f7V\xd4l\xf2AC\x04\xecQ=\xa2\xce\nO}\x1d\xd7\xb5\x92\xf7\xb2\xc2\xddm\xfbR\xfb\x92x\xd8\xb2\x8a&\xda\\\xa1}&^\x03\x02\xf28\xfd|\xed~\a\xaf\x14\xb5.\x92\"-6.\xb2$\x88\xeb\xdc\x0f\xba$?c\x8b\xcb\xf4q\r\xf5>}4\x99(\xb8D\x15\xb8\xc9U\x14\xd6r\xc9\x81\xbbI\xc9+^\x00\xf6\xb5\xd9\x1e\x89G?/\xc5\x86\xd0\xab\xb3\xfd\xc9?\xa7B\x1b\xdc\xff\xab\xb6~\x96\xd6\x9f\x1d\xfb\xa1dg\x9d\x8d]\xdek\x9c0\xea\xb3\nV\x1d\x10g\xaa\xf9\xf0\xc9\n\x8c\xf25G\x9c\x19\xe5\xd8\xa3\xee\x11\x12f\xd5o\x00\xeaY\n\xe0\x9f\r\xd4\x8e9G\x01\x04\xb2j\xbfYX\x9a)OQ\xedk\xb9\x85\x03c\xf3\x80\x10eG(\x94m81PL\x8d\xa47\x1a\x16\x11\xcd\xcdf\x15\r\x19\xc3\x90\xbe\x12\x85V\xeb\x8d\x97\xf0\x9c!\x86:\xe8\x8b\xa7@l', 0x3) getpid() r4 = openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0xc1000, 0x0) mmap$auto_tracing_buffers_fops_trace(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1, 0x8e051, r4, 0x0) r5 = openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x364f9cefc8a0a83, 0x0) ioctl$auto_tracing_buffers_fops_trace(r5, 0x5220, 0x0) 0s ago: executing program 0 (id=2092): mmap$auto(0x0, 0x7ffffffff000, 0x8004, 0xeb4, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = fcntl$auto(r0, 0xa, 0x1) fcntl$auto(r0, 0x10, 0x2) close_range$auto(0x2, 0x8, 0x0) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000080), 0xffffffffffffffff) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/conf/virt_wifi0/route_localnet\x00', 0x2202, 0x0) r2 = socket(0x10, 0x2, 0x14) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(0xffffffffffffffff, &(0x7f0000003000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYRESHEX=r1], 0x14}, 0x1, 0x0, 0x0, 0x20000085}, 0x24000004) write$auto(r2, &(0x7f0000000100)='\x00', 0xfffffffffffffffa) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/platform/dummy_hcd.7/usb8/remove\x00', 0xa001, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) mbind$auto(0x2000, 0x100000008, 0x2100000000, 0x0, 0x6, 0x2) madvise$auto(0x110c230000, 0x8031ca, 0x9) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) bpf$auto(0x7fffffe, &(0x7f0000000000)=@test={0xffffffffffffffff, 0x5, 0x9, 0x3, 0x5, 0x8, 0x4, 0x1, 0x200, 0x8, 0x401, 0x2, 0xe2, 0x4, 0xd}, 0x0) r4 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r3, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d7) r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/i8042/serio0/scroll\x00', 0x2062, 0x0) sendmsg$auto_ETHTOOL_MSG_PAUSE_SET(r4, 0x0, 0x24000000) write$auto(r5, &(0x7f00000001c0)='1\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) write$auto(r5, &(0x7f00000005c0)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb', 0x98c7) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) unshare$auto(0x40000080) mmap$auto(0xffffffffffffffff, 0x2000d, 0x8, 0xeb1, 0x404, 0x80000000) mmap$auto(0x0, 0x2020005, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) kernel console output (not intermixed with test programs): [ 662.813410][T13501] dump_stack_lvl+0x100/0x190 [ 662.813438][T13501] should_fail_ex.cold+0x5/0xa [ 662.813457][T13501] should_failslab+0xc2/0x120 [ 662.813473][T13501] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 662.813495][T13501] ? alloc_inode+0x183/0x250 [ 662.813512][T13501] ? stashed_dentry_get+0x10a/0x2c0 [ 662.813527][T13501] ? stashed_dentry_get+0x10a/0x2c0 [ 662.813545][T13501] alloc_inode+0x183/0x250 [ 662.813563][T13501] path_from_stashed+0x25b/0x750 [ 662.813582][T13501] pidfs_alloc_file+0xf8/0x290 [ 662.813610][T13501] ? __pfx_pidfs_alloc_file+0x10/0x10 [ 662.813637][T13501] pidfd_prepare+0x123/0x200 [ 662.813655][T13501] __x64_sys_pidfd_open+0x105/0x1a0 [ 662.813675][T13501] ? __pfx___x64_sys_pidfd_open+0x10/0x10 [ 662.813700][T13501] do_syscall_64+0x106/0xf80 [ 662.813720][T13501] ? clear_bhb_loop+0x40/0x90 [ 662.813737][T13501] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 662.813753][T13501] RIP: 0033:0x7f3a6999c799 [ 662.813765][T13501] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 662.813786][T13501] RSP: 002b:00007f3a6a8f5028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b2 [ 662.813801][T13501] RAX: ffffffffffffffda RBX: 00007f3a69c15fa0 RCX: 00007f3a6999c799 [ 662.813811][T13501] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 662.813820][T13501] RBP: 00007f3a69a32c99 R08: 0000000000000000 R09: 0000000000000000 [ 662.813829][T13501] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 662.813838][T13501] R13: 00007f3a69c16038 R14: 00007f3a69c15fa0 R15: 00007fffa975b8e8 [ 662.813858][T13501] [ 663.423049][T13493] hub 1-0:1.0: USB hub found [ 663.443912][T13493] hub 1-0:1.0: 1 port detected [ 664.765563][T13508] netlink: 334 bytes leftover after parsing attributes in process `syz.0.1406'. [ 664.931843][T13508] FAULT_INJECTION: forcing a failure. [ 664.931843][T13508] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 664.931908][T13508] CPU: 0 UID: 0 PID: 13508 Comm: syz.0.1406 Tainted: G L syzkaller #0 PREEMPT(full) [ 664.931931][T13508] Tainted: [L]=SOFTLOCKUP [ 664.931936][T13508] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 664.931946][T13508] Call Trace: [ 664.931951][T13508] [ 664.931957][T13508] dump_stack_lvl+0x100/0x190 [ 664.931985][T13508] should_fail_ex.cold+0x5/0xa [ 664.932001][T13508] ? prepare_alloc_pages+0x16d/0x5f0 [ 664.932020][T13508] should_fail_alloc_page+0xeb/0x140 [ 664.932038][T13508] prepare_alloc_pages+0x1f0/0x5f0 [ 664.932059][T13508] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 664.932093][T13508] ? __rb_reserve_next.constprop.0+0x6f7/0x1650 [ 664.932123][T13508] ? ring_buffer_lock_reserve+0x48b/0x11c0 [ 664.932143][T13508] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 664.932168][T13508] ? rb_commit+0x129/0x9d0 [ 664.932183][T13508] ? kernel_text_address+0x8d/0x100 [ 664.932211][T13508] ? ring_buffer_unlock_commit+0x2e6/0x6f0 [ 664.932234][T13508] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 664.932258][T13508] ? policy_nodemask+0xed/0x4f0 [ 664.932276][T13508] alloc_pages_mpol+0x1fb/0x550 [ 664.932292][T13508] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 664.932311][T13508] ? trace_event_raw_event_alloc_vmap_area+0x21f/0x300 [ 664.932337][T13508] alloc_pages_noprof+0x131/0x390 [ 664.932353][T13508] get_free_pages_noprof+0x10/0xb0 [ 664.932368][T13508] __kasan_populate_vmalloc+0xa0/0x210 [ 664.932393][T13508] alloc_vmap_area+0x95d/0x2bd0 [ 664.932416][T13508] ? __pfx_alloc_vmap_area+0x10/0x10 [ 664.932437][T13508] __get_vm_area_node+0x1ca/0x330 [ 664.932457][T13508] __vmalloc_node_range_noprof+0x213/0x1530 [ 664.932476][T13508] ? n_tty_open+0x1a/0x170 [ 664.932491][T13508] ? look_up_lock_class+0x64/0x120 [ 664.932514][T13508] ? n_tty_open+0x1a/0x170 [ 664.932535][T13508] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 664.932553][T13508] ? __ldsem_down_write_nested+0xfd/0x830 [ 664.932568][T13508] ? __ldsem_down_write_nested+0x10e/0x830 [ 664.932582][T13508] ? is_console_locked+0x9/0x20 [ 664.932602][T13508] ? __pfx___ldsem_down_write_nested+0x10/0x10 [ 664.932619][T13508] ? n_tty_open+0x1a/0x170 [ 664.932632][T13508] __vmalloc_node_noprof+0xad/0xf0 [ 664.932649][T13508] ? n_tty_open+0x1a/0x170 [ 664.932663][T13508] ? __pfx_n_tty_open+0x10/0x10 [ 664.932677][T13508] n_tty_open+0x1a/0x170 [ 664.932691][T13508] tty_ldisc_open+0xa2/0x120 [ 664.932709][T13508] tty_ldisc_setup+0x40/0xf0 [ 664.932728][T13508] tty_init_dev.part.0+0x1b5/0x470 [ 664.932752][T13508] tty_open+0xa63/0xfa0 [ 664.932776][T13508] ? __pfx_tty_open+0x10/0x10 [ 664.932795][T13508] ? chrdev_open+0x10b/0x6a0 [ 664.932809][T13508] ? chrdev_open+0x10b/0x6a0 [ 664.932826][T13508] ? __pfx_tty_open+0x10/0x10 [ 664.932847][T13508] chrdev_open+0x234/0x6a0 [ 664.932861][T13508] ? __pfx_apparmor_file_open+0x10/0x10 [ 664.932971][T13508] ? __pfx_chrdev_open+0x10/0x10 [ 664.932988][T13508] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 664.933009][T13508] do_dentry_open+0x6d8/0x1660 [ 664.933024][T13508] ? __pfx_chrdev_open+0x10/0x10 [ 664.933044][T13508] vfs_open+0x82/0x3f0 [ 664.933072][T13508] path_openat+0x208c/0x31a0 [ 664.933095][T13508] ? __pfx_path_openat+0x10/0x10 [ 664.933118][T13508] do_file_open+0x20e/0x430 [ 664.933135][T13508] ? __pfx_do_file_open+0x10/0x10 [ 664.933165][T13508] ? alloc_fd+0x476/0x790 [ 664.933182][T13508] ? do_getname+0x191/0x390 [ 664.933202][T13508] do_sys_openat2+0x10d/0x1e0 [ 664.933220][T13508] ? __pfx_do_sys_openat2+0x10/0x10 [ 664.933246][T13508] __x64_sys_openat+0x12d/0x210 [ 664.933266][T13508] ? __pfx___x64_sys_openat+0x10/0x10 [ 664.933292][T13508] do_syscall_64+0x106/0xf80 [ 664.933312][T13508] ? clear_bhb_loop+0x40/0x90 [ 664.933331][T13508] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 664.933347][T13508] RIP: 0033:0x7f904b79c799 [ 664.933361][T13508] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 664.933375][T13508] RSP: 002b:00007f904c66d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 664.933391][T13508] RAX: ffffffffffffffda RBX: 00007f904ba15fa0 RCX: 00007f904b79c799 [ 664.933402][T13508] RDX: 0000000000000000 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 664.933411][T13508] RBP: 00007f904b832c99 R08: 0000000000000000 R09: 0000000000000000 [ 664.933420][T13508] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 664.933430][T13508] R13: 00007f904ba16038 R14: 00007f904ba15fa0 R15: 00007ffeef7871f8 [ 664.933449][T13508] [ 664.945717][T13508] syz.0.1406: vmalloc error: size 9128, vm_struct allocation failed, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 664.945935][T13508] CPU: 0 UID: 0 PID: 13508 Comm: syz.0.1406 Tainted: G L syzkaller #0 PREEMPT(full) [ 664.945959][T13508] Tainted: [L]=SOFTLOCKUP [ 664.945964][T13508] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 664.945974][T13508] Call Trace: [ 664.945979][T13508] [ 664.945986][T13508] dump_stack_lvl+0x100/0x190 [ 664.946014][T13508] warn_alloc.cold+0x95/0x1c1 [ 664.946041][T13508] ? __pfx_warn_alloc+0x10/0x10 [ 664.946071][T13508] ? lockdep_hardirqs_on+0x78/0x100 [ 664.946097][T13508] ? __get_vm_area_node+0x2c5/0x330 [ 664.946119][T13508] ? __get_vm_area_node+0x208/0x330 [ 664.946141][T13508] __vmalloc_node_range_noprof+0xbf4/0x1530 [ 664.946162][T13508] ? look_up_lock_class+0x64/0x120 [ 664.946186][T13508] ? n_tty_open+0x1a/0x170 [ 664.946208][T13508] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 664.946227][T13508] ? __ldsem_down_write_nested+0xfd/0x830 [ 664.946242][T13508] ? __ldsem_down_write_nested+0x10e/0x830 [ 664.946256][T13508] ? is_console_locked+0x9/0x20 [ 664.946277][T13508] ? __pfx___ldsem_down_write_nested+0x10/0x10 [ 664.946295][T13508] ? n_tty_open+0x1a/0x170 [ 664.946309][T13508] __vmalloc_node_noprof+0xad/0xf0 [ 664.946326][T13508] ? n_tty_open+0x1a/0x170 [ 664.946341][T13508] ? __pfx_n_tty_open+0x10/0x10 [ 664.946355][T13508] n_tty_open+0x1a/0x170 [ 664.946369][T13508] tty_ldisc_open+0xa2/0x120 [ 664.946388][T13508] tty_ldisc_setup+0x40/0xf0 [ 664.946407][T13508] tty_init_dev.part.0+0x1b5/0x470 [ 664.946432][T13508] tty_open+0xa63/0xfa0 [ 664.946456][T13508] ? __pfx_tty_open+0x10/0x10 [ 664.946477][T13508] ? chrdev_open+0x10b/0x6a0 [ 664.946491][T13508] ? chrdev_open+0x10b/0x6a0 [ 664.946510][T13508] ? __pfx_tty_open+0x10/0x10 [ 664.946531][T13508] chrdev_open+0x234/0x6a0 [ 664.946545][T13508] ? __pfx_apparmor_file_open+0x10/0x10 [ 664.946573][T13508] ? __pfx_chrdev_open+0x10/0x10 [ 664.946589][T13508] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 664.946612][T13508] do_dentry_open+0x6d8/0x1660 [ 664.946627][T13508] ? __pfx_chrdev_open+0x10/0x10 [ 664.946647][T13508] vfs_open+0x82/0x3f0 [ 664.946668][T13508] path_openat+0x208c/0x31a0 [ 664.946690][T13508] ? __pfx_path_openat+0x10/0x10 [ 664.946713][T13508] do_file_open+0x20e/0x430 [ 664.946730][T13508] ? __pfx_do_file_open+0x10/0x10 [ 664.946775][T13508] ? alloc_fd+0x476/0x790 [ 664.946793][T13508] ? do_getname+0x191/0x390 [ 664.946814][T13508] do_sys_openat2+0x10d/0x1e0 [ 664.946834][T13508] ? __pfx_do_sys_openat2+0x10/0x10 [ 664.946861][T13508] __x64_sys_openat+0x12d/0x210 [ 664.946899][T13508] ? __pfx___x64_sys_openat+0x10/0x10 [ 664.946928][T13508] do_syscall_64+0x106/0xf80 [ 664.946948][T13508] ? clear_bhb_loop+0x40/0x90 [ 664.946967][T13508] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 664.946984][T13508] RIP: 0033:0x7f904b79c799 [ 664.946999][T13508] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 664.947014][T13508] RSP: 002b:00007f904c66d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 664.947028][T13508] RAX: ffffffffffffffda RBX: 00007f904ba15fa0 RCX: 00007f904b79c799 [ 664.947040][T13508] RDX: 0000000000000000 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 664.947050][T13508] RBP: 00007f904b832c99 R08: 0000000000000000 R09: 0000000000000000 [ 664.947061][T13508] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 664.947077][T13508] R13: 00007f904ba16038 R14: 00007f904ba15fa0 R15: 00007ffeef7871f8 [ 664.947099][T13508] [ 664.947343][T13508] Mem-Info: [ 664.947362][T13508] active_anon:17266 inactive_anon:2957 isolated_anon:0 [ 664.947362][T13508] active_file:22587 inactive_file:38443 isolated_file:0 [ 664.947362][T13508] unevictable:768 dirty:2186 writeback:0 [ 664.947362][T13508] slab_reclaimable:15926 slab_unreclaimable:93157 [ 664.947362][T13508] mapped:31808 shmem:5900 pagetables:1158 [ 664.947362][T13508] sec_pagetables:0 bounce:0 [ 664.947362][T13508] kernel_misc_reclaimable:0 [ 664.947362][T13508] free:1290515 free_pcp:16700 free_cma:0 [ 664.947410][T13508] Node 0 active_anon:66496kB inactive_anon:11804kB active_file:90292kB inactive_file:153644kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:127228kB dirty:8740kB writeback:0kB shmem:19472kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:32768kB kernel_stack:11296kB pagetables:4480kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 664.947452][T13508] Node 1 active_anon:2568kB inactive_anon:24kB active_file:56kB inactive_file:128kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:4kB dirty:4kB writeback:0kB shmem:4128kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:64kB pagetables:152kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 664.947492][T13508] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 664.947540][T13508] lowmem_reserve[]: 0 2477 2478 2478 2478 [ 664.947573][T13508] Node 0 DMA32 free:1211352kB boost:0kB min:34304kB low:42880kB high:51456kB reserved_highatomic:0KB free_highatomic:0KB active_anon:66496kB inactive_anon:11804kB active_file:90292kB inactive_file:153644kB unevictable:1536kB writepending:8740kB zspages:0kB present:3129332kB managed:2537384kB mlocked:0kB bounce:0kB free_pcp:66788kB local_pcp:66788kB free_cma:0kB [ 664.947622][T13508] lowmem_reserve[]: 0 0 1 1 1 [ 664.947652][T13508] Node 0 Normal free:12kB boost:0kB min:12kB low:12kB high:12kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:1060kB mlocked:0kB bounce:0kB free_pcp:12kB local_pcp:12kB free_cma:0kB [ 664.947697][T13508] lowmem_reserve[]: 0 0 0 0 0 [ 664.947728][T13508] Node 1 Normal free:3935336kB boost:0kB min:55580kB low:69472kB high:83364kB reserved_highatomic:0KB free_highatomic:0KB active_anon:2568kB inactive_anon:24kB active_file:56kB inactive_file:128kB unevictable:1536kB writepending:4kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 664.947774][T13508] lowmem_reserve[]: 0 0 0 0 0 [ 664.947805][T13508] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 664.947925][T13508] Node 0 DMA32: 1736*4kB (UM) 1273*8kB (UE) 2198*16kB (UME) 1379*32kB (UME) 1286*64kB (UME) 845*128kB (UME) 613*256kB (UME) 423*512kB (UM) 228*1024kB (UM) 5*2048kB (UME) 75*4096kB (UM) = 1211304kB [ 664.948082][T13508] Node 0 Normal: 1*4kB (U) 1*8kB (U) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB [ 664.948185][T13508] Node 1 Normal: 9*4kB (UM) 9*8kB (UM) 8*16kB (UM) 8*32kB (UM) 8*64kB (UM) 5*128kB (UM) 2*256kB (M) 4*512kB (UM) 3*1024kB (UM) 2*2048kB (UM) 958*4096kB (M) = 3935340kB [ 664.948330][T13508] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 664.948343][T13508] Node 0 hugepages_total=6 hugepages_free=6 hugepages_surp=0 hugepages_size=2048kB [ 664.948356][T13508] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 664.948368][T13508] Node 1 hugepages_total=1 hugepages_free=1 hugepages_surp=0 hugepages_size=2048kB [ 664.948439][T13508] 66979 total pagecache pages [ 664.948447][T13508] 55 pages in swap cache [ 664.948454][T13508] Free swap = 113684kB [ 664.948460][T13508] Total swap = 124996kB [ 664.948468][T13508] 2097051 pages RAM [ 664.948474][T13508] 0 pages HighMem/MovableOnly [ 664.948480][T13508] 430825 pages reserved [ 664.948487][T13508] 0 pages cma reserved [ 664.948638][T13508] tty tty16: ldisc open failed (-12), clearing slot 15 [ 664.999007][T13504] kexec: Could not allocate control_code_buffer [ 666.392813][T13509] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 666.392993][T13509] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 666.393150][T13509] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 666.393313][T13509] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 667.346674][T11025] Bluetooth: hci0: command 0x0c1a tx timeout [ 668.464230][T11025] Bluetooth: hci3: command 0x0c1a tx timeout [ 668.464263][T11025] Bluetooth: hci2: command 0x0c1a tx timeout [ 668.464281][T11025] Bluetooth: hci1: command 0x0c1a tx timeout [ 671.506867][T13542] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1414'. [ 674.948096][T13564] netlink: 25 bytes leftover after parsing attributes in process `syz.1.1419'. [ 677.468430][T13576] FAULT_INJECTION: forcing a failure. [ 677.468430][T13576] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 677.614263][T13576] CPU: 0 UID: 0 PID: 13576 Comm: syz.2.1421 Tainted: G L syzkaller #0 PREEMPT(full) [ 677.614298][T13576] Tainted: [L]=SOFTLOCKUP [ 677.614304][T13576] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 677.614313][T13576] Call Trace: [ 677.614318][T13576] [ 677.614325][T13576] dump_stack_lvl+0x100/0x190 [ 677.614360][T13576] should_fail_ex.cold+0x5/0xa [ 677.614380][T13576] _copy_from_user+0x2e/0xd0 [ 677.614398][T13576] copy_mount_options+0x76/0x190 [ 677.614420][T13576] __x64_sys_mount+0x1ab/0x310 [ 677.614438][T13576] ? __pfx___x64_sys_mount+0x10/0x10 [ 677.614460][T13576] do_syscall_64+0x106/0xf80 [ 677.614481][T13576] ? clear_bhb_loop+0x40/0x90 [ 677.614499][T13576] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 677.614514][T13576] RIP: 0033:0x7f3a6999c799 [ 677.614527][T13576] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 677.614542][T13576] RSP: 002b:00007f3a6a8d4028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 677.614557][T13576] RAX: ffffffffffffffda RBX: 00007f3a69c16090 RCX: 00007f3a6999c799 [ 677.614567][T13576] RDX: 0000200000000240 RSI: 0000000000000000 RDI: 0000200000000180 [ 677.614576][T13576] RBP: 00007f3a69a32c99 R08: 0000200000000280 R09: 0000000000000000 [ 677.614585][T13576] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000000000 [ 677.614593][T13576] R13: 00007f3a69c16128 R14: 00007f3a69c16090 R15: 00007fffa975b8e8 [ 677.614612][T13576] [ 679.226213][T13592] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.0.1424: iget: checksum invalid [ 679.549235][T13592] faux_driver regulatory: loading /lib/firmware/updates/syzkaller/regulatory.db failed with error -74 [ 679.892675][T13592] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.0.1424: iget: checksum invalid [ 680.135980][T13592] faux_driver regulatory: loading /lib/firmware/updates/regulatory.db failed with error -74 [ 680.365558][T13592] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.0.1424: iget: checksum invalid [ 680.759278][T13592] faux_driver regulatory: loading /lib/firmware/syzkaller/regulatory.db failed with error -74 [ 681.205316][T13592] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.0.1424: iget: checksum invalid [ 681.515076][T13592] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -74 [ 681.619254][T13592] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -74 [ 681.715914][T13592] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 684.921338][T13651] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 684.986923][T13651] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 685.092859][T13651] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 685.202753][T13651] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 685.459797][ T30] audit: type=1807 audit(4294968338.406:11): UNKNOWN=0"]$|1j0B|dӉO+/xWӦ^gq%ḦrO res=0 [ 685.501209][T13661] ima: policy update failed [ 685.571648][ T30] audit: type=1802 audit(4294968338.456:12): pid=13661 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=update_policy cause=invalid-policy comm="syz.3.1435" res=0 errno=0 [ 685.760587][ T30] audit: type=1802 audit(4294968338.456:13): pid=13661 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.3.1435" res=0 errno=0 [ 685.994194][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 686.000727][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 686.800968][ T51] Bluetooth: hci0: command 0x0c1a tx timeout [ 687.031118][ T51] Bluetooth: hci1: command 0x0c1a tx timeout [ 687.111423][ T51] Bluetooth: hci2: command 0x0c1a tx timeout [ 687.271430][ T51] Bluetooth: hci3: command 0x0c1a tx timeout [ 687.965993][T13683] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 688.141982][T13683] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 688.201842][T13683] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 688.293710][T13683] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 689.112578][ T51] Bluetooth: hci0: command 0x0c1a tx timeout [ 690.159688][ T51] Bluetooth: hci1: command 0x0c1a tx timeout [ 690.232735][ T51] Bluetooth: hci2: command 0x0c1a tx timeout [ 690.308071][T13730] hugetlbfs: syz.0.1447 (13730): Using mlock ulimits for SHM_HUGETLB is obsolete [ 690.319738][ T51] Bluetooth: hci3: command 0x0c1a tx timeout [ 690.776556][T13720] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 690.841612][T13720] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 690.969122][T13720] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 691.023918][T13720] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 691.995553][ T51] Bluetooth: hci0: command 0x0c1a tx timeout [ 692.005711][ T30] audit: type=1807 audit(4294968344.952:14): UNKNOWN=0"]$|1j0B|dӉO+/xWӦ^gq%ḦrO res=0 [ 692.025891][T13751] ima: policy update failed [ 692.144095][ T30] audit: type=1802 audit(4294968344.952:15): pid=13751 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=update_policy cause=invalid-policy comm="syz.0.1451" res=0 errno=0 [ 692.349818][ T30] audit: type=1802 audit(4294968344.972:16): pid=13751 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.0.1451" res=0 errno=0 [ 692.654187][T13739] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input14 [ 692.874282][ T51] Bluetooth: hci1: command 0x0c1a tx timeout [ 693.034314][ T51] Bluetooth: hci3: command 0x0c1a tx timeout [ 693.040371][ T51] Bluetooth: hci2: command 0x0c1a tx timeout [ 693.841536][T13756] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.1.1453: iget: checksum invalid [ 693.961041][T13756] faux_driver regulatory: loading /lib/firmware/updates/syzkaller/regulatory.db failed with error -74 [ 694.083051][T13756] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.1.1453: iget: checksum invalid [ 694.244904][T13756] faux_driver regulatory: loading /lib/firmware/updates/regulatory.db failed with error -74 [ 694.431547][T13756] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.1.1453: iget: checksum invalid [ 694.640409][T13756] faux_driver regulatory: loading /lib/firmware/syzkaller/regulatory.db failed with error -74 [ 694.640554][T13756] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.1.1453: iget: checksum invalid [ 694.640829][T13756] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -74 [ 694.640854][T13756] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -74 [ 694.640870][T13756] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 696.536674][ T9] usb usb40-port2: attempt power cycle [ 697.157078][ T9] usb usb40-port2: unable to enumerate USB device [ 697.562429][T13799] kvm: kvm [13797]: vcpu2, guest rIP: 0xfff0 Unhandled RDMSR(0x40000085) [ 698.958796][ T51] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 703.727553][T13846] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.3.1467: iget: checksum invalid [ 704.063917][T13846] faux_driver regulatory: loading /lib/firmware/updates/syzkaller/regulatory.db failed with error -74 [ 704.201038][T13833] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 704.372584][T13833] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 704.381447][T13846] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.3.1467: iget: checksum invalid [ 704.418861][T13833] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 704.460943][T13833] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 704.609138][T13846] faux_driver regulatory: loading /lib/firmware/updates/regulatory.db failed with error -74 [ 704.812009][T13846] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.3.1467: iget: checksum invalid [ 704.993816][T13846] faux_driver regulatory: loading /lib/firmware/syzkaller/regulatory.db failed with error -74 [ 705.228781][T13846] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.3.1467: iget: checksum invalid [ 705.360272][ T51] Bluetooth: hci0: command 0x0c1a tx timeout [ 705.468733][T13846] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -74 [ 705.625242][T13846] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -74 [ 705.881835][T13846] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 706.240788][ T51] Bluetooth: hci1: command 0x0c1a tx timeout [ 706.480890][ T51] Bluetooth: hci3: command 0x0c1a tx timeout [ 706.486963][T11025] Bluetooth: hci2: command 0x0c1a tx timeout [ 706.954010][T13875] hub 1-0:1.0: USB hub found [ 707.217003][T13875] hub 1-0:1.0: 1 port detected [ 712.537122][T13934] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 712.543756][T13934] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 713.032628][T13949] FAULT_INJECTION: forcing a failure. [ 713.032628][T13949] name failslab, interval 1, probability 0, space 0, times 0 [ 713.272455][T13949] CPU: 0 UID: 0 PID: 13949 Comm: syz.1.1485 Tainted: G L syzkaller #0 PREEMPT(full) [ 713.272483][T13949] Tainted: [L]=SOFTLOCKUP [ 713.272488][T13949] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 713.272497][T13949] Call Trace: [ 713.272503][T13949] [ 713.272509][T13949] dump_stack_lvl+0x100/0x190 [ 713.272540][T13949] should_fail_ex.cold+0x5/0xa [ 713.272560][T13949] ? cache_create_net+0xa2/0x1f0 [ 713.272582][T13949] should_failslab+0xc2/0x120 [ 713.272599][T13949] __kmalloc_noprof+0xe0/0x850 [ 713.272626][T13949] cache_create_net+0xa2/0x1f0 [ 713.272647][T13949] gss_svc_init_net+0x11f/0x640 [ 713.272752][T13949] ? __pfx_canbcm_pernet_init+0x10/0x10 [ 713.272836][T13949] ? __pfx_rpcsec_gss_init_net+0x10/0x10 [ 713.272886][T13949] ops_init+0x1e2/0x5f0 [ 713.272913][T13949] setup_net+0x118/0x3a0 [ 713.272934][T13949] ? __pfx_setup_net+0x10/0x10 [ 713.272953][T13949] ? lockdep_init_map_type+0x5c/0x250 [ 713.272974][T13949] ? mutex_init_lockep+0x110/0x150 [ 713.272996][T13949] copy_net_ns+0x46f/0x7c0 [ 713.273012][T13949] create_new_namespaces+0x3ea/0xac0 [ 713.273032][T13949] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 713.273050][T13949] ksys_unshare+0x473/0xad0 [ 713.273069][T13949] ? __pfx_ksys_unshare+0x10/0x10 [ 713.273094][T13949] __x64_sys_unshare+0x31/0x40 [ 713.273111][T13949] do_syscall_64+0x106/0xf80 [ 713.273133][T13949] ? clear_bhb_loop+0x40/0x90 [ 713.273151][T13949] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 713.273166][T13949] RIP: 0033:0x7f16c899c799 [ 713.273180][T13949] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 713.273195][T13949] RSP: 002b:00007f16c97d9028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 713.273210][T13949] RAX: ffffffffffffffda RBX: 00007f16c8c16090 RCX: 00007f16c899c799 [ 713.273220][T13949] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 713.273229][T13949] RBP: 00007f16c8a32c99 R08: 0000000000000000 R09: 0000000000000000 [ 713.273238][T13949] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 713.273248][T13949] R13: 00007f16c8c16128 R14: 00007f16c8c16090 R15: 00007ffe7214eb78 [ 713.273268][T13949] [ 715.407022][T13965] __vm_enough_memory: pid: 13965, comm: syz.0.1487, bytes: 4398046511104 not enough memory for the allocation [ 716.173354][T13985] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1489'. [ 717.814813][T13999] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 717.971811][T13999] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 718.161846][T13999] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 718.226908][T13999] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 719.527570][ T51] Bluetooth: hci0: command 0x0c1a tx timeout [ 720.007678][ T51] Bluetooth: hci1: command 0x0c1a tx timeout [ 720.053059][T14045] binder: 14044:14045 ioctl c018620c 0 returned -1 [ 720.167769][ T51] Bluetooth: hci2: command 0x0c1a tx timeout [ 720.250764][ T51] Bluetooth: hci3: command 0x0c1a tx timeout [ 722.937300][T14064] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 723.049525][T14064] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 723.169508][T14064] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 723.294303][T14064] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 724.096483][ T51] Bluetooth: hci0: command 0x0c1a tx timeout [ 725.144806][ T51] Bluetooth: hci1: command 0x0c1a tx timeout [ 725.221332][ T51] Bluetooth: hci2: command 0x0c1a tx timeout [ 725.370558][ T51] Bluetooth: hci3: command 0x0c1a tx timeout [ 726.134910][T14103] FAULT_INJECTION: forcing a failure. [ 726.134910][T14103] name failslab, interval 1, probability 0, space 0, times 0 [ 726.332708][T14103] CPU: 0 UID: 0 PID: 14103 Comm: syz.0.1506 Tainted: G L syzkaller #0 PREEMPT(full) [ 726.332736][T14103] Tainted: [L]=SOFTLOCKUP [ 726.332741][T14103] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 726.332751][T14103] Call Trace: [ 726.332757][T14103] [ 726.332763][T14103] dump_stack_lvl+0x100/0x190 [ 726.332793][T14103] should_fail_ex.cold+0x5/0xa [ 726.332811][T14103] ? ptp_open+0x104/0x550 [ 726.332959][T14103] should_failslab+0xc2/0x120 [ 726.332990][T14103] __kmalloc_noprof+0xe0/0x850 [ 726.333016][T14103] ptp_open+0x104/0x550 [ 726.333041][T14103] ? __pfx_ptp_open+0x10/0x10 [ 726.333069][T14103] ? __pfx_ptp_open+0x10/0x10 [ 726.333090][T14103] posix_clock_open+0x17b/0x290 [ 726.333109][T14103] ? __pfx_posix_clock_open+0x10/0x10 [ 726.333124][T14103] chrdev_open+0x234/0x6a0 [ 726.333140][T14103] ? __pfx_apparmor_file_open+0x10/0x10 [ 726.333165][T14103] ? __pfx_chrdev_open+0x10/0x10 [ 726.333181][T14103] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 726.333201][T14103] do_dentry_open+0x6d8/0x1660 [ 726.333215][T14103] ? __pfx_chrdev_open+0x10/0x10 [ 726.333234][T14103] vfs_open+0x82/0x3f0 [ 726.333254][T14103] path_openat+0x208c/0x31a0 [ 726.333276][T14103] ? __pfx_path_openat+0x10/0x10 [ 726.333298][T14103] do_file_open+0x20e/0x430 [ 726.333314][T14103] ? __pfx_do_file_open+0x10/0x10 [ 726.333342][T14103] ? alloc_fd+0x476/0x790 [ 726.333359][T14103] ? do_getname+0x191/0x390 [ 726.333378][T14103] do_sys_openat2+0x10d/0x1e0 [ 726.333396][T14103] ? __pfx_do_sys_openat2+0x10/0x10 [ 726.333416][T14103] ? __fget_files+0x21f/0x3d0 [ 726.333434][T14103] __x64_sys_openat+0x12d/0x210 [ 726.333453][T14103] ? __pfx___x64_sys_openat+0x10/0x10 [ 726.333479][T14103] do_syscall_64+0x106/0xf80 [ 726.333499][T14103] ? clear_bhb_loop+0x40/0x90 [ 726.333524][T14103] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 726.333546][T14103] RIP: 0033:0x7f904b79c799 [ 726.333561][T14103] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 726.333575][T14103] RSP: 002b:00007f904c66d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 726.333590][T14103] RAX: ffffffffffffffda RBX: 00007f904ba15fa0 RCX: 00007f904b79c799 [ 726.333600][T14103] RDX: 0000000000008000 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 726.333610][T14103] RBP: 00007f904b832c99 R08: 0000000000000000 R09: 0000000000000000 [ 726.333619][T14103] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 726.333628][T14103] R13: 00007f904ba16038 R14: 00007f904ba15fa0 R15: 00007ffeef7871f8 [ 726.333649][T14103] [ 733.726413][T14165] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 733.819059][T14177] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1519'. [ 733.860823][T14165] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 733.894062][T14178] netlink: 354 bytes leftover after parsing attributes in process `syz.2.1519'. [ 733.934908][T14165] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 733.940973][T14165] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 735.136000][T11025] Bluetooth: hci0: command 0x0c1a tx timeout [ 735.666168][T14183] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 735.835789][T14183] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 735.889524][T14183] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 736.016152][T11025] Bluetooth: hci3: command 0x0c1a tx timeout [ 736.022449][T14183] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 737.380673][T11025] Bluetooth: hci0: command 0x0c1a tx timeout [ 737.860370][T11025] Bluetooth: hci1: command 0x0c1a tx timeout [ 737.937192][ T51] Bluetooth: hci2: command 0x0c1a tx timeout [ 738.104341][ T51] Bluetooth: hci3: command 0x0c1a tx timeout [ 739.942946][T11025] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 741.582746][T14243] netlink: 'syz.1.1530': attribute type 1 has an invalid length. [ 742.701549][T14257] FAULT_INJECTION: forcing a failure. [ 742.701549][T14257] name failslab, interval 1, probability 0, space 0, times 0 [ 742.701595][T14257] CPU: 0 UID: 0 PID: 14257 Comm: syz.2.1533 Tainted: G L syzkaller #0 PREEMPT(full) [ 742.701617][T14257] Tainted: [L]=SOFTLOCKUP [ 742.701623][T14257] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 742.701632][T14257] Call Trace: [ 742.701638][T14257] [ 742.701643][T14257] dump_stack_lvl+0x100/0x190 [ 742.701670][T14257] should_fail_ex.cold+0x5/0xa [ 742.701690][T14257] should_failslab+0xc2/0x120 [ 742.701706][T14257] __kmalloc_cache_noprof+0x7a/0x6f0 [ 742.701725][T14257] ? ptp_open+0xe4/0x550 [ 742.701751][T14257] ptp_open+0xe4/0x550 [ 742.701774][T14257] ? __pfx_ptp_open+0x10/0x10 [ 742.701801][T14257] ? __pfx_ptp_open+0x10/0x10 [ 742.701821][T14257] posix_clock_open+0x17b/0x290 [ 742.701839][T14257] ? __pfx_posix_clock_open+0x10/0x10 [ 742.701855][T14257] chrdev_open+0x234/0x6a0 [ 742.701869][T14257] ? __pfx_apparmor_file_open+0x10/0x10 [ 742.701892][T14257] ? __pfx_chrdev_open+0x10/0x10 [ 742.701908][T14257] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 742.701928][T14257] do_dentry_open+0x6d8/0x1660 [ 742.701942][T14257] ? __pfx_chrdev_open+0x10/0x10 [ 742.701962][T14257] vfs_open+0x82/0x3f0 [ 742.701994][T14257] path_openat+0x208c/0x31a0 [ 742.702016][T14257] ? __pfx_path_openat+0x10/0x10 [ 742.702039][T14257] do_file_open+0x20e/0x430 [ 742.702056][T14257] ? __pfx_do_file_open+0x10/0x10 [ 742.702085][T14257] ? alloc_fd+0x476/0x790 [ 742.702102][T14257] ? do_getname+0x191/0x390 [ 742.702122][T14257] do_sys_openat2+0x10d/0x1e0 [ 742.702140][T14257] ? __pfx_do_sys_openat2+0x10/0x10 [ 742.702160][T14257] ? __fget_files+0x21f/0x3d0 [ 742.702178][T14257] __x64_sys_openat+0x12d/0x210 [ 742.702197][T14257] ? __pfx___x64_sys_openat+0x10/0x10 [ 742.702223][T14257] do_syscall_64+0x106/0xf80 [ 742.702243][T14257] ? clear_bhb_loop+0x40/0x90 [ 742.702261][T14257] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 742.702276][T14257] RIP: 0033:0x7f3a6999c799 [ 742.702289][T14257] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 742.702303][T14257] RSP: 002b:00007f3a6a8f5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 742.702317][T14257] RAX: ffffffffffffffda RBX: 00007f3a69c15fa0 RCX: 00007f3a6999c799 [ 742.702327][T14257] RDX: 0000000000008000 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 742.702336][T14257] RBP: 00007f3a69a32c99 R08: 0000000000000000 R09: 0000000000000000 [ 742.702344][T14257] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 742.702353][T14257] R13: 00007f3a69c16038 R14: 00007f3a69c15fa0 R15: 00007fffa975b8e8 [ 742.702372][T14257] [ 742.721600][T14253] Console: switching to colour frame buffer device 128x48 [ 747.214834][T14278] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 747.351647][T14278] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 747.357691][T14278] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 747.463925][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 747.470219][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 747.502844][T14278] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 748.027285][T14301] FAULT_INJECTION: forcing a failure. [ 748.027285][T14301] name failslab, interval 1, probability 0, space 0, times 0 [ 748.151697][ T30] audit: type=1800 audit(4294972493.067:17): pid=14304 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.1540" name="dbroot" dev="configfs" ino=431304 res=0 errno=0 [ 748.282166][T14301] CPU: 0 UID: 0 PID: 14301 Comm: syz.3.1539 Tainted: G L syzkaller #0 PREEMPT(full) [ 748.282194][T14301] Tainted: [L]=SOFTLOCKUP [ 748.282199][T14301] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 748.282208][T14301] Call Trace: [ 748.282214][T14301] [ 748.282222][T14301] dump_stack_lvl+0x100/0x190 [ 748.282250][T14301] should_fail_ex.cold+0x5/0xa [ 748.282268][T14301] ? security_inode_init_security+0x113/0x370 [ 748.282290][T14301] should_failslab+0xc2/0x120 [ 748.282306][T14301] __kmalloc_noprof+0xe0/0x850 [ 748.282331][T14301] security_inode_init_security+0x113/0x370 [ 748.282353][T14301] ? __pfx_shmem_initxattrs+0x10/0x10 [ 748.282371][T14301] ? __pfx_security_inode_init_security+0x10/0x10 [ 748.282393][T14301] ? make_vfsgid+0xf1/0x140 [ 748.282414][T14301] shmem_mknod+0x2bf/0x470 [ 748.282443][T14301] ? __pfx_shmem_mknod+0x10/0x10 [ 748.282468][T14301] vfs_create+0x301/0x6c0 [ 748.282491][T14301] filename_mknodat+0x2de/0x7f0 [ 748.282511][T14301] ? __pfx_filename_mknodat+0x10/0x10 [ 748.282526][T14301] ? strncpy_from_user+0x19d/0x2d0 [ 748.282546][T14301] ? do_getname+0x191/0x390 [ 748.282565][T14301] __x64_sys_mknod+0x8f/0xc0 [ 748.282581][T14301] do_syscall_64+0x106/0xf80 [ 748.282601][T14301] ? clear_bhb_loop+0x40/0x90 [ 748.282618][T14301] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 748.282634][T14301] RIP: 0033:0x7f871ab9c799 [ 748.282647][T14301] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 748.282662][T14301] RSP: 002b:00007f871ba05028 EFLAGS: 00000246 ORIG_RAX: 0000000000000085 [ 748.282677][T14301] RAX: ffffffffffffffda RBX: 00007f871ae16090 RCX: 00007f871ab9c799 [ 748.282686][T14301] RDX: 0000000000000009 RSI: 0000000000000002 RDI: 0000000000000000 [ 748.282695][T14301] RBP: 00007f871ac32c99 R08: 0000000000000000 R09: 0000000000000000 [ 748.282703][T14301] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 748.282712][T14301] R13: 00007f871ae16128 R14: 00007f871ae16090 R15: 00007ffcc5759948 [ 748.282732][T14301] [ 748.612558][T14302] hub 1-0:1.0: USB hub found [ 748.621959][T14302] hub 1-0:1.0: 1 port detected [ 748.783455][ T51] Bluetooth: hci0: command 0x0c1a tx timeout [ 748.893808][T14298] zswap: compressor not available [ 749.386395][T11025] Bluetooth: hci2: command 0x0c1a tx timeout [ 749.392591][ T51] Bluetooth: hci1: command 0x0c1a tx timeout [ 749.542666][T11025] Bluetooth: hci3: command 0x0c1a tx timeout [ 749.687078][T14330] FAULT_INJECTION: forcing a failure. [ 749.687078][T14330] name failslab, interval 1, probability 0, space 0, times 0 [ 749.822133][T14314] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 749.846152][T14330] CPU: 0 UID: 0 PID: 14330 Comm: syz.3.1544 Tainted: G L syzkaller #0 PREEMPT(full) [ 749.846180][T14330] Tainted: [L]=SOFTLOCKUP [ 749.846185][T14330] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 749.846194][T14330] Call Trace: [ 749.846200][T14330] [ 749.846207][T14330] dump_stack_lvl+0x100/0x190 [ 749.846234][T14330] should_fail_ex.cold+0x5/0xa [ 749.846252][T14330] ? ptp_open+0x104/0x550 [ 749.846273][T14330] should_failslab+0xc2/0x120 [ 749.846290][T14330] __kmalloc_noprof+0xe0/0x850 [ 749.846315][T14330] ptp_open+0x104/0x550 [ 749.846338][T14330] ? __pfx_ptp_open+0x10/0x10 [ 749.846364][T14330] ? __pfx_ptp_open+0x10/0x10 [ 749.846385][T14330] posix_clock_open+0x17b/0x290 [ 749.846402][T14330] ? __pfx_posix_clock_open+0x10/0x10 [ 749.846417][T14330] chrdev_open+0x234/0x6a0 [ 749.846432][T14330] ? __pfx_apparmor_file_open+0x10/0x10 [ 749.846455][T14330] ? __pfx_chrdev_open+0x10/0x10 [ 749.846471][T14330] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 749.846491][T14330] do_dentry_open+0x6d8/0x1660 [ 749.846505][T14330] ? __pfx_chrdev_open+0x10/0x10 [ 749.846525][T14330] vfs_open+0x82/0x3f0 [ 749.846544][T14330] path_openat+0x208c/0x31a0 [ 749.846566][T14330] ? __pfx_path_openat+0x10/0x10 [ 749.846587][T14330] do_file_open+0x20e/0x430 [ 749.846603][T14330] ? __pfx_do_file_open+0x10/0x10 [ 749.846631][T14330] ? alloc_fd+0x476/0x790 [ 749.846647][T14330] ? do_getname+0x191/0x390 [ 749.846666][T14330] do_sys_openat2+0x10d/0x1e0 [ 749.846694][T14330] ? __pfx_do_sys_openat2+0x10/0x10 [ 749.846714][T14330] ? __fget_files+0x21f/0x3d0 [ 749.846733][T14330] __x64_sys_openat+0x12d/0x210 [ 749.846752][T14330] ? __pfx___x64_sys_openat+0x10/0x10 [ 749.846780][T14330] do_syscall_64+0x106/0xf80 [ 749.846800][T14330] ? clear_bhb_loop+0x40/0x90 [ 749.846818][T14330] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 749.846835][T14330] RIP: 0033:0x7f871ab9c799 [ 749.846848][T14330] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 749.846862][T14330] RSP: 002b:00007f871ba26028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 749.846877][T14330] RAX: ffffffffffffffda RBX: 00007f871ae15fa0 RCX: 00007f871ab9c799 [ 749.846887][T14330] RDX: 0000000000008000 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 749.846897][T14330] RBP: 00007f871ac32c99 R08: 0000000000000000 R09: 0000000000000000 [ 749.846906][T14330] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 749.846915][T14330] R13: 00007f871ae16038 R14: 00007f871ae15fa0 R15: 00007ffcc5759948 [ 749.846935][T14330] [ 750.472995][T14314] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 750.512161][T14314] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 750.594077][T14314] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 751.128129][T14340] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1547'. [ 751.546576][T11025] Bluetooth: hci0: command 0x0c1a tx timeout [ 751.681187][T14340] macvlan1: entered promiscuous mode [ 751.731708][T14340] macvlan1: entered allmulticast mode [ 751.883793][T14340] veth1_vlan: entered allmulticast mode [ 752.596471][T11025] Bluetooth: hci2: command 0x0c1a tx timeout [ 752.602535][T11025] Bluetooth: hci1: command 0x0c1a tx timeout [ 752.751515][T11025] Bluetooth: hci3: command 0x0c1a tx timeout [ 753.916968][T14358] hub 1-0:1.0: USB hub found [ 754.056482][T14358] hub 1-0:1.0: 1 port detected [ 754.441659][T14375] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 756.299575][T14390] FAULT_INJECTION: forcing a failure. [ 756.299575][T14390] name failslab, interval 1, probability 0, space 0, times 0 [ 756.610493][T14390] CPU: 0 UID: 0 PID: 14390 Comm: syz.1.1555 Tainted: G L syzkaller #0 PREEMPT(full) [ 756.610523][T14390] Tainted: [L]=SOFTLOCKUP [ 756.610528][T14390] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 756.610537][T14390] Call Trace: [ 756.610544][T14390] [ 756.610550][T14390] dump_stack_lvl+0x100/0x190 [ 756.610577][T14390] should_fail_ex.cold+0x5/0xa [ 756.610596][T14390] should_failslab+0xc2/0x120 [ 756.610612][T14390] __kmalloc_cache_noprof+0x7a/0x6f0 [ 756.610631][T14390] ? ptp_open+0xe4/0x550 [ 756.610656][T14390] ptp_open+0xe4/0x550 [ 756.610680][T14390] ? __pfx_ptp_open+0x10/0x10 [ 756.610706][T14390] ? __pfx_ptp_open+0x10/0x10 [ 756.610727][T14390] posix_clock_open+0x17b/0x290 [ 756.610746][T14390] ? __pfx_posix_clock_open+0x10/0x10 [ 756.610761][T14390] chrdev_open+0x234/0x6a0 [ 756.610775][T14390] ? __pfx_apparmor_file_open+0x10/0x10 [ 756.610799][T14390] ? __pfx_chrdev_open+0x10/0x10 [ 756.610815][T14390] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 756.610835][T14390] do_dentry_open+0x6d8/0x1660 [ 756.610850][T14390] ? __pfx_chrdev_open+0x10/0x10 [ 756.610869][T14390] vfs_open+0x82/0x3f0 [ 756.610888][T14390] path_openat+0x208c/0x31a0 [ 756.610910][T14390] ? __pfx_path_openat+0x10/0x10 [ 756.610931][T14390] do_file_open+0x20e/0x430 [ 756.610948][T14390] ? __pfx_do_file_open+0x10/0x10 [ 756.610976][T14390] ? alloc_fd+0x476/0x790 [ 756.610992][T14390] ? do_getname+0x191/0x390 [ 756.611011][T14390] do_sys_openat2+0x10d/0x1e0 [ 756.611029][T14390] ? __pfx_do_sys_openat2+0x10/0x10 [ 756.611049][T14390] ? __fget_files+0x21f/0x3d0 [ 756.611066][T14390] __x64_sys_openat+0x12d/0x210 [ 756.611085][T14390] ? __pfx___x64_sys_openat+0x10/0x10 [ 756.611112][T14390] do_syscall_64+0x106/0xf80 [ 756.611132][T14390] ? clear_bhb_loop+0x40/0x90 [ 756.611150][T14390] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 756.611165][T14390] RIP: 0033:0x7f16c899c799 [ 756.611189][T14390] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 756.611204][T14390] RSP: 002b:00007f16c97fa028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 756.611220][T14390] RAX: ffffffffffffffda RBX: 00007f16c8c15fa0 RCX: 00007f16c899c799 [ 756.611230][T14390] RDX: 0000000000008000 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 756.611240][T14390] RBP: 00007f16c8a32c99 R08: 0000000000000000 R09: 0000000000000000 [ 756.611249][T14390] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 756.611258][T14390] R13: 00007f16c8c16038 R14: 00007f16c8c15fa0 R15: 00007ffe7214eb78 [ 756.611278][T14390] [ 759.158393][T14410] page: refcount:8 mapcount:0 mapping:0000000000000000 index:0xffff88807fe04000 pfn:0x7fe00 [ 759.260710][T14410] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 759.356625][T14410] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 759.488403][T14410] raw: 00fff00000000040 0000000000000000 dead000000000122 0000000000000000 [ 759.631552][T14410] raw: ffff88807fe04000 0000000000000000 00000008ffffffff 0000000000000000 [ 759.805835][T14410] head: 00fff00000000040 0000000000000000 dead000000000122 0000000000000000 [ 759.888655][T14410] head: ffff88807fe04000 0000000000000000 00000008ffffffff 0000000000000000 [ 759.897377][T14410] head: 00fff00000000003 ffffea0001ff8001 00000000ffffffff 00000000ffffffff [ 760.020620][T14410] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 760.111471][T14410] page dumped because: unmovable page [ 760.116907][T14410] page_owner tracks the page as allocated [ 760.211699][T14410] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 5689, tgid 5689 (sshd-session), ts 63588415306, free_ts 62793771897 [ 760.399334][T14410] post_alloc_hook+0x153/0x170 [ 760.423496][T14410] get_page_from_freelist+0x111d/0x3140 [ 760.477952][T14410] __alloc_frozen_pages_noprof+0x27c/0x2ba0 [ 760.539592][T14410] alloc_pages_mpol+0x1fb/0x550 [ 760.544495][T14410] alloc_pages_noprof+0x131/0x390 [ 760.608286][T14410] skb_page_frag_refill+0x365/0x5b0 [ 760.613575][T14410] try_fill_recv+0x7f1/0x2930 [ 760.681353][T14410] virtnet_poll+0x154a/0x3a20 [ 760.728170][T14410] __napi_poll.constprop.0+0xaf/0x450 [ 760.733696][T14410] net_rx_action+0xa40/0xf20 [ 760.800856][T14410] handle_softirqs+0x1eb/0x9e0 [ 760.805671][T14410] __irq_exit_rcu+0xef/0x150 [ 760.858213][T14410] irq_exit_rcu+0x9/0x30 [ 760.893316][T14410] common_interrupt+0xbe/0xe0 [ 760.942022][T14410] asm_common_interrupt+0x26/0x40 [ 760.980056][T14410] page last free pid 5730 tgid 5730 stack trace: [ 761.028352][T14410] __free_frozen_pages+0x7e1/0x10d0 [ 761.047972][T14410] qlist_free_all+0x47/0xe0 [ 761.088292][T14410] kasan_quarantine_reduce+0x1a0/0x1f0 [ 761.119790][T14410] __kasan_slab_alloc+0x69/0x90 [ 761.160684][T14410] __kmalloc_noprof+0x2b9/0x850 [ 761.198402][T14410] load_elf_phdrs+0x102/0x210 [ 761.233937][T14410] load_elf_binary+0x29e/0x51b0 [ 761.266028][T14410] bprm_execve+0x8fb/0x1680 [ 761.285673][T14410] do_execveat_common.isra.0+0x4a5/0x580 [ 761.337129][T14410] __x64_sys_execve+0x93/0xd0 [ 761.370997][T14410] do_syscall_64+0x106/0xf80 [ 761.417003][T14410] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 761.603656][T14413] page: refcount:8 mapcount:0 mapping:0000000000000000 index:0xffff88807fe04000 pfn:0x7fe00 [ 761.713420][T14413] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 761.778752][T14413] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 761.856816][T14413] raw: 00fff00000000040 0000000000000000 dead000000000122 0000000000000000 [ 761.936316][T14413] raw: ffff88807fe04000 0000000000000000 00000008ffffffff 0000000000000000 [ 762.048655][T14413] head: 00fff00000000040 0000000000000000 dead000000000122 0000000000000000 [ 762.145985][T14413] head: ffff88807fe04000 0000000000000000 00000008ffffffff 0000000000000000 [ 762.242665][T14413] head: 00fff00000000003 ffffea0001ff8001 00000000ffffffff 00000000ffffffff [ 762.345440][T14413] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 762.408838][T14413] page dumped because: unmovable page [ 762.499169][T14413] page_owner tracks the page as allocated [ 762.532300][T14413] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 5689, tgid 5689 (sshd-session), ts 63588415306, free_ts 62793771897 [ 762.694232][T14413] post_alloc_hook+0x153/0x170 [ 762.738995][T14413] get_page_from_freelist+0x111d/0x3140 [ 762.784228][T14413] __alloc_frozen_pages_noprof+0x27c/0x2ba0 [ 762.833363][T14413] alloc_pages_mpol+0x1fb/0x550 [ 762.881302][T14413] alloc_pages_noprof+0x131/0x390 [ 762.940441][T14413] skb_page_frag_refill+0x365/0x5b0 [ 762.970897][T14413] try_fill_recv+0x7f1/0x2930 [ 763.017999][T14413] virtnet_poll+0x154a/0x3a20 [ 763.079646][T14413] __napi_poll.constprop.0+0xaf/0x450 [ 763.100999][T14413] net_rx_action+0xa40/0xf20 [ 763.132683][T14413] handle_softirqs+0x1eb/0x9e0 [ 763.181843][T14413] __irq_exit_rcu+0xef/0x150 [ 763.221743][T14413] irq_exit_rcu+0x9/0x30 [ 763.251681][T14413] common_interrupt+0xbe/0xe0 [ 763.279233][T14413] asm_common_interrupt+0x26/0x40 [ 763.307173][T14413] page last free pid 5730 tgid 5730 stack trace: [ 763.355783][T14413] __free_frozen_pages+0x7e1/0x10d0 [ 763.384765][T14413] qlist_free_all+0x47/0xe0 [ 763.428292][T14413] kasan_quarantine_reduce+0x1a0/0x1f0 [ 763.455051][T14413] __kasan_slab_alloc+0x69/0x90 [ 763.492506][T14413] __kmalloc_noprof+0x2b9/0x850 [ 763.523733][T14413] load_elf_phdrs+0x102/0x210 [ 763.551843][T14413] load_elf_binary+0x29e/0x51b0 [ 763.587267][T14413] bprm_execve+0x8fb/0x1680 [ 763.611564][T14413] do_execveat_common.isra.0+0x4a5/0x580 [ 763.639556][T14413] __x64_sys_execve+0x93/0xd0 [ 763.672010][T14413] do_syscall_64+0x106/0xf80 [ 763.701684][T14413] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 764.272515][T14451] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input15 [ 764.818079][T14455] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input16 [ 768.916507][T11025] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 774.124506][T14539] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input17 [ 775.827836][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 775.835044][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 776.648648][T14549] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 778.217053][T14573] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input18 [ 779.525163][T14574] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input19 [ 781.179840][T14610] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1597'. [ 781.336927][T14613] vivid-007: ================= START STATUS ================= [ 781.358095][T14610] ipvlan0: entered promiscuous mode [ 781.411554][T14610] ipvlan0: entered allmulticast mode [ 781.428454][T14613] vivid-007: Generate PTS: true [ 781.465631][T14613] vivid-007: Generate SCR: true [ 781.479636][T14610] veth0_vlan: entered allmulticast mode [ 781.519335][T14613] tpg source WxH: 320x240 (Y'CbCr) [ 781.524476][T14613] tpg field: 1 [ 781.603753][T14613] tpg crop: (0,0)/320x240 [ 781.608115][T14613] tpg compose: (0,0)/320x240 [ 781.733643][T14613] tpg colorspace: 8 [ 781.737480][T14613] tpg transfer function: 0/0 [ 781.840491][T14613] tpg Y'CbCr encoding: 0/0 [ 781.936975][T14613] tpg quantization: 0/0 [ 782.060516][T14613] tpg RGB range: 0/2 [ 782.064446][T14613] vivid-007: ================== END STATUS ================== [ 787.044234][T14661] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 787.181278][T14661] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 787.231506][T14661] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 787.330973][T14661] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 788.211721][T11025] Bluetooth: hci0: command 0x0c1a tx timeout [ 789.082480][T11025] Bluetooth: hci1: command 0x0c1a tx timeout [ 789.243264][ T51] Bluetooth: hci2: command 0x0c1a tx timeout [ 789.402331][ T51] Bluetooth: hci3: command 0x0c1a tx timeout [ 790.431472][T14709] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 790.564672][T14709] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 790.636490][T14709] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 790.703185][T14709] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 791.162145][T14722] vivid-007: ================= START STATUS ================= [ 791.240126][T14722] vivid-007: Generate PTS: true [ 791.324519][T14722] vivid-007: Generate SCR: true [ 791.329418][T14722] tpg source WxH: 320x240 (Y'CbCr) [ 791.407066][T14722] tpg field: 1 [ 791.410471][T14722] tpg crop: (0,0)/320x240 [ 791.566705][T14722] tpg compose: (0,0)/320x240 [ 791.683760][T14722] tpg colorspace: 8 [ 791.780917][T14722] tpg transfer function: 0/0 [ 791.969460][T14722] tpg Y'CbCr encoding: 0/0 [ 792.027828][T14722] tpg quantization: 0/0 [ 792.032049][T14722] tpg RGB range: 0/2 [ 792.043668][ T51] Bluetooth: hci0: command 0x0c1a tx timeout [ 792.251309][T14722] vivid-007: ================== END STATUS ================== [ 792.604142][ T51] Bluetooth: hci1: command 0x0c1a tx timeout [ 792.684082][ T51] Bluetooth: hci2: command 0x0c1a tx timeout [ 792.776294][ T51] Bluetooth: hci3: command 0x0c1a tx timeout [ 794.251880][T14748] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 794.348205][T14748] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 794.409647][T14748] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 794.465072][T14748] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 795.645750][ T51] Bluetooth: hci0: command 0x0c1a tx timeout [ 795.729815][ T30] audit: type=1800 audit(4294973563.621:18): pid=14777 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="" name="lu_gp_id" dev="configfs" ino=471983 res=0 errno=0 [ 796.091455][T14777] could not allocate digest TFM handle [ 796.368525][ T51] Bluetooth: hci1: command 0x0c1a tx timeout [ 796.446027][ T51] Bluetooth: hci2: command 0x0c1a tx timeout [ 796.475294][T14766] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.3.1621: iget: checksum invalid [ 796.529926][ T51] Bluetooth: hci3: command 0x0c1a tx timeout [ 796.577374][T14766] faux_driver regulatory: loading /lib/firmware/updates/syzkaller/regulatory.db failed with error -74 [ 796.705126][T14766] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.3.1621: iget: checksum invalid [ 796.946320][T14766] faux_driver regulatory: loading /lib/firmware/updates/regulatory.db failed with error -74 [ 797.187761][T14766] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.3.1621: iget: checksum invalid [ 797.431236][T14766] faux_driver regulatory: loading /lib/firmware/syzkaller/regulatory.db failed with error -74 [ 797.676503][T14766] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.3.1621: iget: checksum invalid [ 797.881020][T14766] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -74 [ 798.070556][T14766] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -74 [ 798.340243][T14766] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 798.538140][T14804] Invalid ELF header magic: != ELF [ 800.713299][T14831] FAULT_INJECTION: forcing a failure. [ 800.713299][T14831] name failslab, interval 1, probability 0, space 0, times 0 [ 800.898048][T14831] CPU: 0 UID: 0 PID: 14831 Comm: syz.3.1632 Tainted: G L syzkaller #0 PREEMPT(full) [ 800.898077][T14831] Tainted: [L]=SOFTLOCKUP [ 800.898082][T14831] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 800.898092][T14831] Call Trace: [ 800.898098][T14831] [ 800.898104][T14831] dump_stack_lvl+0x100/0x190 [ 800.898132][T14831] should_fail_ex.cold+0x5/0xa [ 800.898151][T14831] should_failslab+0xc2/0x120 [ 800.898170][T14831] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 800.898191][T14831] ? alloc_empty_file+0x55/0x1c0 [ 800.898213][T14831] alloc_empty_file+0x55/0x1c0 [ 800.898232][T14831] alloc_file_pseudo+0x13a/0x230 [ 800.898252][T14831] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 800.898275][T14831] __anon_inode_getfile+0xe8/0x280 [ 800.898292][T14831] ? kasan_save_track+0x14/0x30 [ 800.898324][T14831] sync_file_alloc+0x65/0x160 [ 800.898428][T14831] sync_file_create+0x17/0xf0 [ 800.898444][T14831] sw_sync_ioctl+0x849/0xf80 [ 800.898487][T14831] ? find_held_lock+0x2b/0x80 [ 800.898501][T14831] ? __pfx_sw_sync_ioctl+0x10/0x10 [ 800.898525][T14831] ? __pfx_sw_sync_ioctl+0x10/0x10 [ 800.898543][T14831] __x64_sys_ioctl+0x18e/0x210 [ 800.898565][T14831] do_syscall_64+0x106/0xf80 [ 800.898594][T14831] ? clear_bhb_loop+0x40/0x90 [ 800.898613][T14831] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 800.898629][T14831] RIP: 0033:0x7f871ab9c799 [ 800.898642][T14831] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 800.898657][T14831] RSP: 002b:00007f871ba26028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 800.898672][T14831] RAX: ffffffffffffffda RBX: 00007f871ae15fa0 RCX: 00007f871ab9c799 [ 800.898682][T14831] RDX: 0000200000000080 RSI: 00000000c0285700 RDI: 0000000000000009 [ 800.898691][T14831] RBP: 00007f871ac32c99 R08: 0000000000000000 R09: 0000000000000000 [ 800.898701][T14831] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 800.898710][T14831] R13: 00007f871ae16038 R14: 00007f871ae15fa0 R15: 00007ffcc5759948 [ 800.898731][T14831] [ 802.071946][T14843] ecryptfs_miscdev_write: Acceptable packet size range is [6-531], but amount of data written is [1]. [ 802.208659][T14848] hub 1-0:1.0: USB hub found [ 802.287822][T14848] hub 1-0:1.0: 1 port detected [ 803.951197][T14860] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 804.110928][T14860] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 804.221210][T14860] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 804.285646][T14860] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 805.495801][ T51] Bluetooth: hci0: command 0x0c1a tx timeout [ 805.856985][T14880] hub 1-0:1.0: USB hub found [ 805.980555][ T51] Bluetooth: hci1: command 0x0c1a tx timeout [ 806.082236][T14880] hub 1-0:1.0: 1 port detected [ 806.299971][ T51] Bluetooth: hci3: command 0x0c1a tx timeout [ 806.306192][T11025] Bluetooth: hci2: command 0x0c1a tx timeout [ 808.938283][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 808.953236][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 809.711164][T14914] Invalid ELF header magic: != ELF [ 812.567602][T14924] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 812.640405][T14924] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 812.710377][T14924] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 812.762193][T14924] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 813.385337][T14938] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1649'. [ 813.472346][T14938] netlink: 'syz.0.1649': attribute type 1 has an invalid length. [ 813.576178][T14938] netlink: 5 bytes leftover after parsing attributes in process `syz.0.1649'. [ 814.534893][ T51] Bluetooth: hci0: command 0x0c1a tx timeout [ 814.702414][ T51] Bluetooth: hci1: command 0x0c1a tx timeout [ 814.781253][ T51] Bluetooth: hci3: command 0x0c1a tx timeout [ 814.787408][ T51] Bluetooth: hci2: command 0x0c1a tx timeout [ 815.777965][T14956] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 815.816762][T14956] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 815.886453][T14956] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 815.965396][T14956] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 816.039987][T14964] Invalid ELF header magic: != ELF [ 817.577607][T14981] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1658'. [ 817.816588][ T51] Bluetooth: hci0: command 0x0c1a tx timeout [ 817.898729][ T51] Bluetooth: hci2: command 0x0c1a tx timeout [ 817.904880][T11025] Bluetooth: hci1: command 0x0c1a tx timeout [ 817.977245][ T51] Bluetooth: hci3: command 0x0c1a tx timeout [ 822.490761][T15033] ubi31: attaching mtd0 [ 822.496976][T15033] ubi31: scanning is finished [ 822.595918][T15033] ubi31: empty MTD device detected [ 823.397744][T15039] netlink: 'syz.0.1667': attribute type 1 has an invalid length. [ 823.689596][T15033] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB) [ 823.697214][T15033] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3518 bytes [ 823.860798][T15033] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 823.867857][T15033] ubi31: VID header offset: 514 (aligned 514), data offset: 578 [ 824.009619][T15033] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 824.089688][T15033] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 20 [ 824.097824][T15033] ubi31: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 1244534484 [ 824.285575][T15033] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 824.416187][T15042] ubi31: background thread "ubi_bgt31d" started, PID 15042 [ 828.186390][T15080] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 829.092242][T15093] netlink: 'syz.2.1677': attribute type 4 has an invalid length. [ 829.100259][T15093] netlink: 'syz.2.1677': attribute type 1 has an invalid length. [ 830.986166][T15098] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 831.129310][T15098] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 831.243361][T15098] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 831.249431][T15098] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 832.706916][T11025] Bluetooth: hci0: command 0x0c1a tx timeout [ 833.024075][T11025] Bluetooth: hci1: command 0x0c1a tx timeout [ 833.264416][T11025] Bluetooth: hci3: command 0x0c1a tx timeout [ 833.270469][T11025] Bluetooth: hci2: command 0x0c1a tx timeout [ 833.887475][T15124] netlink: 'syz.3.1683': attribute type 1 has an invalid length. [ 834.321374][T15123] Invalid ELF header magic: != ELF [ 835.207352][T15116] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 835.265353][T15116] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 835.318010][T15116] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 835.374788][T15116] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 835.905604][T11025] Bluetooth: hci0: command 0x0c1a tx timeout [ 837.266180][T11025] Bluetooth: hci1: command 0x0c1a tx timeout [ 837.347356][T11025] Bluetooth: hci3: command 0x0c1a tx timeout [ 837.353451][ T51] Bluetooth: hci2: command 0x0c1a tx timeout [ 845.334982][T15211] nvme_fcloop: unknown parameter or missing value '7' [ 845.950299][T15203] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 845.999993][T15203] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 846.061198][T15203] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 846.067234][T15203] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 847.191294][ T51] Bluetooth: hci0: command 0x0c1a tx timeout [ 848.072431][ T51] Bluetooth: hci1: command 0x0c1a tx timeout [ 848.152230][ T51] Bluetooth: hci3: command 0x0c1a tx timeout [ 848.158365][T11025] Bluetooth: hci2: command 0x0c1a tx timeout [ 849.461881][T15251] futex_wake_op: syz.0.1709 tries to shift op by -2048; fix this program [ 849.744092][T15251] futex_wake_op: syz.0.1709 tries to shift op by -2048; fix this program [ 851.208135][T15261] hub 1-0:1.0: USB hub found [ 851.303470][T15261] hub 1-0:1.0: 1 port detected [ 852.424554][T15272] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 852.515971][T15272] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 852.758692][T15272] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 852.914279][T15272] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 853.354679][ T51] Bluetooth: hci0: command 0x0c1a tx timeout [ 853.711888][T15295] zswap: compressor not available [ 854.486815][T11025] Bluetooth: hci1: command 0x0c1a tx timeout [ 854.555254][T11025] Bluetooth: hci2: command 0x0c1a tx timeout [ 854.955022][T11025] Bluetooth: hci3: command 0x0c1a tx timeout [ 856.155752][ T51] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 856.680905][T15325] hub 1-0:1.0: USB hub found [ 856.751683][T15325] hub 1-0:1.0: 1 port detected [ 858.148789][T15348] syz.2.1724(15348): Attempt to set a LOCK_MAND lock via flock(2). This support has been removed and the request ignored. [ 858.845383][T15356] futex_wake_op: syz.3.1725 tries to shift op by -2048; fix this program [ 858.927451][T15356] futex_wake_op: syz.3.1725 tries to shift op by -2048; fix this program [ 859.009079][T15358] 0x000000000001-0x000000020000 : "" [ 859.159478][T15358] ftl_cs: FTL header corrupt! [ 860.666779][T15374] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1729'. [ 860.808174][T15383] netlink: 'syz.2.1729': attribute type 1 has an invalid length. [ 861.002287][T15383] netlink: 5 bytes leftover after parsing attributes in process `syz.2.1729'. [ 861.300267][T15376] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 861.380008][T15376] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 861.520466][T15376] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 861.661932][T15376] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 862.575839][T15399] input: jJǸ-9%vJ86 as /devices/virtual/input/input20 [ 862.650757][ T51] Bluetooth: hci0: command 0x0c1a tx timeout [ 863.360232][ T51] Bluetooth: hci1: command 0x0c1a tx timeout [ 863.599774][T11025] Bluetooth: hci2: command 0x0c1a tx timeout [ 863.606828][ T51] Bluetooth: hci3: command 0x0c1a tx timeout [ 866.023899][T15434] usb usb13: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 869.987949][T15467] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1745'. [ 870.400607][T15469] hub 1-0:1.0: USB hub found [ 870.406420][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 870.406474][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 870.411933][T15469] hub 1-0:1.0: 1 port detected [ 871.292662][T15464] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 871.292796][T15464] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 871.292890][T15464] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 871.292993][T15464] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 871.532614][T11025] Bluetooth: hci0: command 0x0c1a tx timeout [ 872.995257][T15499] ima: Unable to open file: /sys/kernel/security/integrity/ima/policy (-26) [ 873.247050][T15498] ima: policy update failed [ 873.355811][ T30] audit: type=1802 audit(4294979779.216:19): pid=15498 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.3.1751" res=0 errno=0 [ 873.374193][T11025] Bluetooth: hci3: command 0x0c1a tx timeout [ 873.380213][T11025] Bluetooth: hci2: command 0x0c1a tx timeout [ 873.386268][ T51] Bluetooth: hci1: command 0x0c1a tx timeout [ 874.458097][T15513] zswap: compressor not available [ 875.804736][T15529] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 875.882472][T15529] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 876.015843][T15529] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 876.021988][T15529] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 876.736523][ T5824] Bluetooth: hci0: command 0x0c1a tx timeout [ 877.927039][ T5824] Bluetooth: hci1: command 0x0c1a tx timeout [ 878.086972][ T5824] Bluetooth: hci3: command 0x0c1a tx timeout [ 878.093256][T11025] Bluetooth: hci2: command 0x0c1a tx timeout [ 879.658173][T15573] hub 1-0:1.0: USB hub found [ 879.725530][T15573] hub 1-0:1.0: 1 port detected [ 881.588975][T15593] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 881.730357][T15593] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 881.888710][T15593] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 881.894751][T15593] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 883.529628][T11025] Bluetooth: hci0: command 0x0c1a tx timeout [ 883.769701][T11025] Bluetooth: hci1: command 0x0c1a tx timeout [ 883.929800][T11025] Bluetooth: hci3: command 0x0c1a tx timeout [ 883.935866][ T5824] Bluetooth: hci2: command 0x0c1a tx timeout [ 885.143103][T15646] FAULT_INJECTION: forcing a failure. [ 885.143103][T15646] name failslab, interval 1, probability 0, space 0, times 0 [ 885.261352][T15646] CPU: 0 UID: 0 PID: 15646 Comm: syz.2.1776 Tainted: G L syzkaller #0 PREEMPT(full) [ 885.261382][T15646] Tainted: [L]=SOFTLOCKUP [ 885.261387][T15646] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 885.261397][T15646] Call Trace: [ 885.261403][T15646] [ 885.261410][T15646] dump_stack_lvl+0x100/0x190 [ 885.261442][T15646] should_fail_ex.cold+0x5/0xa [ 885.261461][T15646] should_failslab+0xc2/0x120 [ 885.261479][T15646] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 885.261501][T15646] ? sk_prot_alloc+0x60/0x2a0 [ 885.261522][T15646] sk_prot_alloc+0x60/0x2a0 [ 885.261537][T15646] sk_alloc+0x36/0xe80 [ 885.261555][T15646] tipc_sk_create+0xf9/0x2420 [ 885.261684][T15646] ? find_held_lock+0x2b/0x80 [ 885.261698][T15646] ? __sock_create+0x2f3/0x860 [ 885.261713][T15646] ? __sock_create+0x2f3/0x860 [ 885.261731][T15646] __sock_create+0x339/0x860 [ 885.261750][T15646] __sys_socket+0x14d/0x260 [ 885.261767][T15646] ? __pfx___sys_socket+0x10/0x10 [ 885.261790][T15646] __x64_sys_socket+0x72/0xb0 [ 885.261806][T15646] ? lockdep_hardirqs_on+0x78/0x100 [ 885.261828][T15646] do_syscall_64+0x106/0xf80 [ 885.261847][T15646] ? clear_bhb_loop+0x40/0x90 [ 885.261865][T15646] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 885.261880][T15646] RIP: 0033:0x7f3a6999c799 [ 885.261895][T15646] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 885.261909][T15646] RSP: 002b:00007f3a6a8f5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 885.261924][T15646] RAX: ffffffffffffffda RBX: 00007f3a69c15fa0 RCX: 00007f3a6999c799 [ 885.261934][T15646] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 000000000000001e [ 885.261943][T15646] RBP: 00007f3a69a32c99 R08: 0000000000000000 R09: 0000000000000000 [ 885.261952][T15646] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 885.261961][T15646] R13: 00007f3a69c16038 R14: 00007f3a69c15fa0 R15: 00007fffa975b8e8 [ 885.261981][T15646] [ 889.498060][T15683] syz.2.1785 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 892.869095][T15729] hub 1-0:1.0: USB hub found [ 892.934653][T15729] hub 1-0:1.0: 1 port detected [ 895.494502][T15746] [U] ^@ [ 897.429855][T15789] netlink: 342 bytes leftover after parsing attributes in process `syz.1.1804'. [ 898.801833][T15784] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 898.926393][T15784] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 899.002478][T15784] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 899.083148][T15784] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 899.860577][T11025] Bluetooth: hci0: command 0x0c1a tx timeout [ 899.869371][T15811] zswap: compressor not available [ 900.980205][T11025] Bluetooth: hci1: command 0x0c1a tx timeout [ 901.058114][T11025] Bluetooth: hci2: command 0x0c1a tx timeout [ 901.138316][T11025] Bluetooth: hci3: command 0x0c1a tx timeout [ 902.249222][T15844] zswap: compressor not available [ 902.964921][T15844] FAULT_INJECTION: forcing a failure. [ 902.964921][T15844] name fail_futex, interval 1, probability 0, space 0, times 0 [ 903.080982][T15844] CPU: 0 UID: 0 PID: 15844 Comm: syz.0.1816 Tainted: G L syzkaller #0 PREEMPT(full) [ 903.081010][T15844] Tainted: [L]=SOFTLOCKUP [ 903.081015][T15844] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 903.081025][T15844] Call Trace: [ 903.081030][T15844] [ 903.081036][T15844] dump_stack_lvl+0x100/0x190 [ 903.081065][T15844] should_fail_ex.cold+0x5/0xa [ 903.081083][T15844] get_futex_key+0x1d2/0x1620 [ 903.081104][T15844] ? __pfx_get_futex_key+0x10/0x10 [ 903.081128][T15844] futex_wait_setup+0x83/0x510 [ 903.081154][T15844] __futex_wait+0x19f/0x300 [ 903.081176][T15844] ? __pfx___futex_wait+0x10/0x10 [ 903.081200][T15844] ? __pfx_futex_wake_mark+0x10/0x10 [ 903.081224][T15844] ? find_held_lock+0x2b/0x80 [ 903.081238][T15844] ? futex_wake+0x456/0x530 [ 903.081262][T15844] futex_wait+0xed/0x380 [ 903.081283][T15844] ? __pfx_futex_wait+0x10/0x10 [ 903.081309][T15844] ? madvise_unlock+0xa9/0x220 [ 903.081339][T15844] do_futex+0x1ef/0x350 [ 903.081358][T15844] ? __pfx_do_futex+0x10/0x10 [ 903.081376][T15844] ? __fget_files+0x215/0x3d0 [ 903.081396][T15844] __x64_sys_futex+0x34f/0x4d0 [ 903.081418][T15844] ? __pfx___x64_sys_futex+0x10/0x10 [ 903.081444][T15844] do_syscall_64+0x106/0xf80 [ 903.081463][T15844] ? clear_bhb_loop+0x40/0x90 [ 903.081481][T15844] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 903.081496][T15844] RIP: 0033:0x7f904b79c799 [ 903.081510][T15844] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 903.081525][T15844] RSP: 002b:00007f904c66d0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 903.081540][T15844] RAX: ffffffffffffffda RBX: 00007f904ba15fa8 RCX: 00007f904b79c799 [ 903.081550][T15844] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f904ba15fa8 [ 903.081559][T15844] RBP: 00007f904ba15fa0 R08: 0000000000000000 R09: 0000000000000000 [ 903.081567][T15844] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 903.081576][T15844] R13: 00007f904ba16038 R14: 00007ffeef787110 R15: 00007ffeef7871f8 [ 903.081594][T15844] [ 903.363166][T15829] program syz.3.1812 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 905.485867][T11025] Bluetooth: hci0: unexpected event 0x32 length: 727 > 9 [ 906.686895][T11025] Bluetooth: hci3: unexpected event 0x0e length: 440 > 260 [ 906.696859][T11025] Bluetooth: hci3: unexpected event for opcode 0x0f00 [ 907.931478][T15918] hub 1-0:1.0: USB hub found [ 908.048518][T15918] hub 1-0:1.0: 1 port detected [ 910.747517][T11025] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0 [ 910.758119][T11025] Bluetooth: hci3: Injecting HCI hardware error event [ 910.768234][ T5824] Bluetooth: hci3: hardware error 0x00 [ 912.423549][T15956] netlink: 186 bytes leftover after parsing attributes in process `syz.1.1834'. [ 912.824030][ T5824] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 914.132212][T15964] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 914.249176][T15964] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 914.325046][T15964] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 915.000892][T15984] zero sized request [ 915.028101][T15984] zero sized request [ 915.946860][ T5824] Bluetooth: hci0: command 0x0c1a tx timeout [ 916.265710][ T5824] Bluetooth: hci1: command 0x0c1a tx timeout [ 916.348343][ T5824] Bluetooth: hci2: command 0x0c1a tx timeout [ 918.667085][ T5824] Bluetooth: hci0: command 0x0c1a tx timeout [ 918.686924][T16003] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 919.335486][T16003] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 919.405001][T16003] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 920.756961][ T5824] Bluetooth: hci1: command 0x0c1a tx timeout [ 921.078478][T16041] page: refcount:8 mapcount:0 mapping:0000000000000000 index:0xffff88807fe04000 pfn:0x7fe00 [ 921.261428][T16041] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 921.338710][T16041] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 921.388569][T16041] raw: 00fff00000000040 0000000000000000 dead000000000122 0000000000000000 [ 921.470351][ T5824] Bluetooth: hci2: command 0x0c1a tx timeout [ 921.508888][T16041] raw: ffff88807fe04000 0000000000000000 00000008ffffffff 0000000000000000 [ 921.629887][T16041] head: 00fff00000000040 0000000000000000 dead000000000122 0000000000000000 [ 921.710268][T16041] head: ffff88807fe04000 0000000000000000 00000008ffffffff 0000000000000000 [ 921.808473][T16041] head: 00fff00000000003 ffffea0001ff8001 00000000ffffffff 00000000ffffffff [ 921.894587][T16041] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 921.960483][T16041] page dumped because: unmovable page [ 921.965904][T16041] page_owner tracks the page as allocated [ 922.068653][T16041] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 5689, tgid 5689 (sshd-session), ts 63588415306, free_ts 62793771897 [ 922.208825][T16041] post_alloc_hook+0x153/0x170 [ 922.213693][T16041] get_page_from_freelist+0x111d/0x3140 [ 922.298684][T16041] __alloc_frozen_pages_noprof+0x27c/0x2ba0 [ 922.304698][T16041] alloc_pages_mpol+0x1fb/0x550 [ 922.385380][T16041] alloc_pages_noprof+0x131/0x390 [ 922.424430][T16041] skb_page_frag_refill+0x365/0x5b0 [ 922.478814][T16041] try_fill_recv+0x7f1/0x2930 [ 922.483564][T16041] virtnet_poll+0x154a/0x3a20 [ 922.555936][T16041] __napi_poll.constprop.0+0xaf/0x450 [ 922.605162][T16041] net_rx_action+0xa40/0xf20 [ 922.637338][T16041] handle_softirqs+0x1eb/0x9e0 [ 922.680979][T16041] __irq_exit_rcu+0xef/0x150 [ 922.728965][T16041] irq_exit_rcu+0x9/0x30 [ 922.733279][T16041] common_interrupt+0xbe/0xe0 [ 922.779744][T16041] asm_common_interrupt+0x26/0x40 [ 922.784912][T16041] page last free pid 5730 tgid 5730 stack trace: [ 922.860004][T16041] __free_frozen_pages+0x7e1/0x10d0 [ 922.865272][T16041] qlist_free_all+0x47/0xe0 [ 922.949005][T16041] kasan_quarantine_reduce+0x1a0/0x1f0 [ 922.954566][T16041] __kasan_slab_alloc+0x69/0x90 [ 923.009185][T16041] __kmalloc_noprof+0x2b9/0x850 [ 923.014115][T16041] load_elf_phdrs+0x102/0x210 [ 923.101710][T16041] load_elf_binary+0x29e/0x51b0 [ 923.106645][T16041] bprm_execve+0x8fb/0x1680 [ 923.151980][T16048] FAULT_INJECTION: forcing a failure. [ 923.151980][T16048] name failslab, interval 1, probability 0, space 0, times 0 [ 923.164948][T16041] do_execveat_common.isra.0+0x4a5/0x580 [ 923.201655][T16041] __x64_sys_execve+0x93/0xd0 [ 923.206420][T16041] do_syscall_64+0x106/0xf80 [ 923.253140][T16048] CPU: 0 UID: 0 PID: 16048 Comm: syz.2.1851 Tainted: G L syzkaller #0 PREEMPT(full) [ 923.253168][T16048] Tainted: [L]=SOFTLOCKUP [ 923.253174][T16048] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 923.253184][T16048] Call Trace: [ 923.253189][T16048] [ 923.253195][T16048] dump_stack_lvl+0x100/0x190 [ 923.253224][T16048] should_fail_ex.cold+0x5/0xa [ 923.253244][T16048] should_failslab+0xc2/0x120 [ 923.253260][T16048] __kmalloc_cache_noprof+0x7a/0x6f0 [ 923.253279][T16048] ? newseg+0x269/0xed0 [ 923.253303][T16048] newseg+0x269/0xed0 [ 923.253320][T16048] ? __pfx_futex_wait+0x10/0x10 [ 923.253343][T16048] ? __pfx_newseg+0x10/0x10 [ 923.253360][T16048] ? down_write+0x146/0x1f0 [ 923.253394][T16048] ? __sched_setaffinity+0x17c/0x280 [ 923.253444][T16048] ? __pfx___sched_setaffinity+0x10/0x10 [ 923.253462][T16048] ipcget+0xee/0xf50 [ 923.253480][T16048] ? do_futex+0x192/0x350 [ 923.253500][T16048] ? __pfx_do_futex+0x10/0x10 [ 923.253519][T16048] ? sched_setaffinity+0xe0/0x400 [ 923.253533][T16048] ? __might_fault+0xc5/0x140 [ 923.253554][T16048] ? __pfx_ipcget+0x10/0x10 [ 923.253572][T16048] ? __x64_sys_futex+0x34f/0x4d0 [ 923.253589][T16048] ? __x64_sys_futex+0x358/0x4d0 [ 923.253610][T16048] __x64_sys_shmget+0x13b/0x1b0 [ 923.253628][T16048] ? __pfx___x64_sys_shmget+0x10/0x10 [ 923.253652][T16048] do_syscall_64+0x106/0xf80 [ 923.253671][T16048] ? clear_bhb_loop+0x40/0x90 [ 923.253688][T16048] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 923.253704][T16048] RIP: 0033:0x7f3a6999c799 [ 923.253716][T16048] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 923.253731][T16048] RSP: 002b:00007f3a6a8f5028 EFLAGS: 00000246 ORIG_RAX: 000000000000001d [ 923.253745][T16048] RAX: ffffffffffffffda RBX: 00007f3a69c15fa0 RCX: 00007f3a6999c799 [ 923.253755][T16048] RDX: 0000000079e56dc9 RSI: 0000000000000003 RDI: 0000000100000000 [ 923.253764][T16048] RBP: 00007f3a69a32c99 R08: 0000000000000000 R09: 0000000000000000 [ 923.253773][T16048] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 923.253782][T16048] R13: 00007f3a69c16038 R14: 00007f3a69c15fa0 R15: 00007fffa975b8e8 [ 923.253801][T16048] [ 923.480803][T16041] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 925.289729][T16021] kexec: Could not allocate control_code_buffer [ 925.367633][T16061] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 925.421283][T16061] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 925.478899][T16061] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 926.510315][T16075] hub 1-0:1.0: USB hub found [ 926.587929][T16075] hub 1-0:1.0: 1 port detected [ 926.671034][ T5824] Bluetooth: hci0: command 0x0c1a tx timeout [ 927.471445][ T5824] Bluetooth: hci1: command 0x0c1a tx timeout [ 927.559905][ T5824] Bluetooth: hci2: command 0x0c1a tx timeout [ 928.464982][T16108] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.1.1860: iget: checksum invalid [ 928.822976][T16108] faux_driver regulatory: loading /lib/firmware/updates/syzkaller/regulatory.db failed with error -74 [ 929.163683][T16108] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.1.1860: iget: checksum invalid [ 929.488771][T16108] faux_driver regulatory: loading /lib/firmware/updates/regulatory.db failed with error -74 [ 929.798848][T16108] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.1.1860: iget: checksum invalid [ 930.140709][T16108] faux_driver regulatory: loading /lib/firmware/syzkaller/regulatory.db failed with error -74 [ 930.312885][T16108] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.1.1860: iget: checksum invalid [ 930.397256][T16108] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -74 [ 930.488946][T16108] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -74 [ 930.586214][T16108] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 931.877818][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 931.887402][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 932.393743][T16138] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 932.498483][T16138] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 932.608109][T16138] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 933.554593][ T5824] Bluetooth: hci0: command 0x0c1a tx timeout [ 934.356880][T16147] zswap: compressor not available [ 934.441654][ T5824] Bluetooth: hci1: command 0x0c1a tx timeout [ 934.675194][ T5824] Bluetooth: hci2: command 0x0c1a tx timeout [ 935.149397][T16157] program syz.0.1870 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 936.391791][T16200] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.0.1876: iget: checksum invalid [ 936.660784][T16200] faux_driver regulatory: loading /lib/firmware/updates/syzkaller/regulatory.db failed with error -74 [ 937.005605][T16200] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.0.1876: iget: checksum invalid [ 937.461648][T16200] faux_driver regulatory: loading /lib/firmware/updates/regulatory.db failed with error -74 [ 937.786701][T16200] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.0.1876: iget: checksum invalid [ 938.188252][T16200] faux_driver regulatory: loading /lib/firmware/syzkaller/regulatory.db failed with error -74 [ 938.431822][T16200] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.0.1876: iget: checksum invalid [ 938.553570][T16200] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -74 [ 938.655716][T16200] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -74 [ 938.761310][T16200] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 941.660082][T16274] program syz.1.1886 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 941.752061][ T30] audit: type=1807 audit(4294989054.563:20): UNKNOWN=0"]$|1j0B|dӉO+/xWӦ^gq%ḦrO res=0 [ 941.826541][T16269] ima: policy update failed [ 941.900444][ T30] audit: type=1802 audit(4294989054.573:21): pid=16276 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=update_policy cause=invalid-policy comm="syz.1.1886" res=0 errno=0 [ 942.068542][ T30] audit: type=1802 audit(4294989054.703:22): pid=16269 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.1.1886" res=0 errno=0 [ 942.993511][T16293] FAULT_INJECTION: forcing a failure. [ 942.993511][T16293] name failslab, interval 1, probability 0, space 0, times 0 [ 943.151348][T16293] CPU: 0 UID: 0 PID: 16293 Comm: syz.3.1890 Tainted: G L syzkaller #0 PREEMPT(full) [ 943.151376][T16293] Tainted: [L]=SOFTLOCKUP [ 943.151382][T16293] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 943.151391][T16293] Call Trace: [ 943.151397][T16293] [ 943.151404][T16293] dump_stack_lvl+0x100/0x190 [ 943.151442][T16293] should_fail_ex.cold+0x5/0xa [ 943.151462][T16293] should_failslab+0xc2/0x120 [ 943.151479][T16293] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 943.151500][T16293] ? security_file_alloc+0x34/0x2c0 [ 943.151519][T16293] ? trace_kmem_cache_alloc+0xf3/0x120 [ 943.151537][T16293] security_file_alloc+0x34/0x2c0 [ 943.151555][T16293] init_file+0x95/0x480 [ 943.151573][T16293] alloc_empty_file+0x73/0x1c0 [ 943.151592][T16293] dentry_open+0x46/0xd0 [ 943.151610][T16293] acct_on+0x189/0x9e0 [ 943.151632][T16293] ? __pfx_acct_on+0x10/0x10 [ 943.151652][T16293] ? bpf_lsm_capable+0x9/0x10 [ 943.151667][T16293] ? security_capable+0x80/0x260 [ 943.151691][T16293] __x64_sys_acct+0x81/0x1e0 [ 943.151720][T16293] ? lockdep_hardirqs_on+0x78/0x100 [ 943.151743][T16293] do_syscall_64+0x106/0xf80 [ 943.151762][T16293] ? clear_bhb_loop+0x40/0x90 [ 943.151781][T16293] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 943.151797][T16293] RIP: 0033:0x7f871ab9c799 [ 943.151817][T16293] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 943.151832][T16293] RSP: 002b:00007f871ba26028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a3 [ 943.151848][T16293] RAX: ffffffffffffffda RBX: 00007f871ae15fa0 RCX: 00007f871ab9c799 [ 943.151858][T16293] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000100 [ 943.151867][T16293] RBP: 00007f871ac32c99 R08: 0000000000000000 R09: 0000000000000000 [ 943.151877][T16293] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 943.151886][T16293] R13: 00007f871ae16038 R14: 00007f871ae15fa0 R15: 00007ffcc5759948 [ 943.151906][T16293] [ 948.223808][T16329] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 948.352145][T16329] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 948.358185][T16329] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 949.322235][T16182] Bluetooth: hci0: command 0x0c1a tx timeout [ 949.534215][T16354] FAULT_INJECTION: forcing a failure. [ 949.534215][T16354] name failslab, interval 1, probability 0, space 0, times 0 [ 949.651993][T16354] CPU: 0 UID: 0 PID: 16354 Comm: syz.2.1900 Tainted: G L syzkaller #0 PREEMPT(full) [ 949.652021][T16354] Tainted: [L]=SOFTLOCKUP [ 949.652027][T16354] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 949.652036][T16354] Call Trace: [ 949.652042][T16354] [ 949.652050][T16354] dump_stack_lvl+0x100/0x190 [ 949.652079][T16354] should_fail_ex.cold+0x5/0xa [ 949.652097][T16354] ? tomoyo_realpath_from_path+0xb6/0x690 [ 949.652117][T16354] should_failslab+0xc2/0x120 [ 949.652134][T16354] __kmalloc_noprof+0xe0/0x850 [ 949.652160][T16354] tomoyo_realpath_from_path+0xb6/0x690 [ 949.652184][T16354] tomoyo_check_open_permission+0x2af/0x3c0 [ 949.652206][T16354] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 949.652240][T16354] ? lock_acquire+0x1cf/0x380 [ 949.652260][T16354] ? find_held_lock+0x2b/0x80 [ 949.652279][T16354] tomoyo_file_open+0x6b/0x90 [ 949.652301][T16354] security_file_open+0xb5/0x1e0 [ 949.652320][T16354] do_dentry_open+0x5aa/0x1660 [ 949.652341][T16354] vfs_open+0x82/0x3f0 [ 949.652360][T16354] path_openat+0x208c/0x31a0 [ 949.652382][T16354] ? __pfx_path_openat+0x10/0x10 [ 949.652404][T16354] do_file_open+0x20e/0x430 [ 949.652420][T16354] ? __pfx_do_file_open+0x10/0x10 [ 949.652449][T16354] ? alloc_fd+0x476/0x790 [ 949.652465][T16354] ? do_getname+0x191/0x390 [ 949.652485][T16354] do_sys_openat2+0x10d/0x1e0 [ 949.652503][T16354] ? __pfx_do_sys_openat2+0x10/0x10 [ 949.652528][T16354] __x64_sys_openat+0x12d/0x210 [ 949.652548][T16354] ? __pfx___x64_sys_openat+0x10/0x10 [ 949.652574][T16354] do_syscall_64+0x106/0xf80 [ 949.652594][T16354] ? clear_bhb_loop+0x40/0x90 [ 949.652612][T16354] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 949.652627][T16354] RIP: 0033:0x7f3a6999c799 [ 949.652642][T16354] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 949.652656][T16354] RSP: 002b:00007f3a6a8f5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 949.652671][T16354] RAX: ffffffffffffffda RBX: 00007f3a69c15fa0 RCX: 00007f3a6999c799 [ 949.652681][T16354] RDX: 0000000000000002 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 949.652690][T16354] RBP: 00007f3a69a32c99 R08: 0000000000000000 R09: 0000000000000000 [ 949.652699][T16354] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 949.652708][T16354] R13: 00007f3a69c16038 R14: 00007f3a69c15fa0 R15: 00007fffa975b8e8 [ 949.652728][T16354] [ 950.255774][T16351] NFSD: Failed to start, no listeners configured. [ 950.595999][T16182] Bluetooth: hci2: command 0x0c1a tx timeout [ 950.602077][T16182] Bluetooth: hci1: command 0x0c1a tx timeout [ 950.716208][T16349] kexec: Could not allocate control_code_buffer [ 951.684803][T16354] ERROR: Out of memory at tomoyo_realpath_from_path. [ 952.266482][ T30] audit: type=1800 audit(4294989065.088:23): pid=16386 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="" name="lu_gp_id" dev="configfs" ino=600095 res=0 errno=0 [ 952.877285][T16386] could not allocate digest TFM handle [ 954.677221][T16408] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 954.695003][T16408] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 954.771308][T16408] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 955.094078][T16411] FAULT_INJECTION: forcing a failure. [ 955.094078][T16411] name failslab, interval 1, probability 0, space 0, times 0 [ 955.249090][T16411] CPU: 0 UID: 0 PID: 16411 Comm: syz.0.1907 Tainted: G L syzkaller #0 PREEMPT(full) [ 955.249118][T16411] Tainted: [L]=SOFTLOCKUP [ 955.249124][T16411] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 955.249133][T16411] Call Trace: [ 955.249139][T16411] [ 955.249145][T16411] dump_stack_lvl+0x100/0x190 [ 955.249175][T16411] should_fail_ex.cold+0x5/0xa [ 955.249194][T16411] should_failslab+0xc2/0x120 [ 955.249212][T16411] __kmalloc_cache_noprof+0x7a/0x6f0 [ 955.249232][T16411] ? input_allocate_device+0x44/0x350 [ 955.249359][T16411] input_allocate_device+0x44/0x350 [ 955.249390][T16411] uinput_ioctl_handler.isra.0+0x3c8/0x1d10 [ 955.249437][T16411] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 955.249459][T16411] ? __pfx_uinput_ioctl_handler.isra.0+0x10/0x10 [ 955.249481][T16411] ? find_held_lock+0x2b/0x80 [ 955.249496][T16411] ? __fget_files+0x215/0x3d0 [ 955.249519][T16411] ? __pfx_uinput_ioctl+0x10/0x10 [ 955.249536][T16411] __x64_sys_ioctl+0x18e/0x210 [ 955.249557][T16411] do_syscall_64+0x106/0xf80 [ 955.249579][T16411] ? clear_bhb_loop+0x40/0x90 [ 955.249598][T16411] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 955.249614][T16411] RIP: 0033:0x7f904b79c799 [ 955.249628][T16411] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 955.249643][T16411] RSP: 002b:00007f904c66d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 955.249658][T16411] RAX: ffffffffffffffda RBX: 00007f904ba15fa0 RCX: 00007f904b79c799 [ 955.249668][T16411] RDX: 0000200000000400 RSI: 00000000405c5503 RDI: 0000000000000003 [ 955.249678][T16411] RBP: 00007f904b832c99 R08: 0000000000000000 R09: 0000000000000000 [ 955.249687][T16411] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 955.249696][T16411] R13: 00007f904ba16038 R14: 00007f904ba15fa0 R15: 00007ffeef7871f8 [ 955.249716][T16411] [ 956.695810][T16193] Bluetooth: hci0: command 0x0c1a tx timeout [ 956.768528][T16193] Bluetooth: hci1: command 0x0c1a tx timeout [ 956.848789][T16193] Bluetooth: hci2: command 0x0c1a tx timeout [ 957.099389][T16432] blktrace: Concurrent blktraces are not allowed on mtdblock0 [ 958.530460][T16421] kexec: Could not allocate control_code_buffer [ 958.620913][T16436] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 958.692387][T16446] Invalid ELF header magic: != ELF [ 958.777048][T16436] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 958.853871][T16436] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 959.428666][T16446] FAULT_INJECTION: forcing a failure. [ 959.428666][T16446] name fail_futex, interval 1, probability 0, space 0, times 0 [ 959.521797][T16446] CPU: 0 UID: 0 PID: 16446 Comm: syz.2.1914 Tainted: G L syzkaller #0 PREEMPT(full) [ 959.521829][T16446] Tainted: [L]=SOFTLOCKUP [ 959.521835][T16446] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 959.521844][T16446] Call Trace: [ 959.521848][T16446] [ 959.521854][T16446] dump_stack_lvl+0x100/0x190 [ 959.521879][T16446] should_fail_ex.cold+0x5/0xa [ 959.521893][T16446] ? __fput+0x68a/0xb40 [ 959.521911][T16446] get_futex_key+0x1d2/0x1620 [ 959.521931][T16446] ? __pfx_get_futex_key+0x10/0x10 [ 959.521946][T16446] ? lock_acquire+0x1cf/0x380 [ 959.521970][T16446] futex_wake+0xea/0x530 [ 959.521991][T16446] ? __pfx_futex_wake+0x10/0x10 [ 959.522011][T16446] ? exit_mm_release+0x19/0x30 [ 959.522033][T16446] do_futex+0x32b/0x350 [ 959.522051][T16446] ? __pfx_do_futex+0x10/0x10 [ 959.522066][T16446] ? __might_fault+0xc5/0x140 [ 959.522090][T16446] mm_release+0x24a/0x2f0 [ 959.522104][T16446] do_exit+0x704/0x2b60 [ 959.522120][T16446] ? __pfx___might_resched+0x10/0x10 [ 959.522144][T16446] ? __pfx_do_exit+0x10/0x10 [ 959.522160][T16446] ? do_raw_spin_lock+0x128/0x260 [ 959.522179][T16446] ? find_held_lock+0x2b/0x80 [ 959.522191][T16446] ? get_signal+0x7e0/0x21e0 [ 959.522208][T16446] do_group_exit+0xd5/0x2a0 [ 959.522226][T16446] get_signal+0x1ec7/0x21e0 [ 959.522244][T16446] ? task_work_add+0x201/0x3b0 [ 959.522264][T16446] ? __pfx_get_signal+0x10/0x10 [ 959.522279][T16446] ? __pfx_vfs_write+0x10/0x10 [ 959.522303][T16446] arch_do_signal_or_restart+0x91/0x770 [ 959.522357][T16446] ? __pfx___fput_deferred+0x10/0x10 [ 959.522373][T16446] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 959.522395][T16446] ? ksys_write+0x1ac/0x250 [ 959.522411][T16446] exit_to_user_mode_loop+0x86/0x4a0 [ 959.522431][T16446] do_syscall_64+0x668/0xf80 [ 959.522450][T16446] ? clear_bhb_loop+0x40/0x90 [ 959.522468][T16446] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 959.522482][T16446] RIP: 0033:0x7f3a6999c799 [ 959.522495][T16446] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 959.522508][T16446] RSP: 002b:00007f3a6a8f5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 959.522522][T16446] RAX: 0000000000000fe0 RBX: 00007f3a69c15fa0 RCX: 00007f3a6999c799 [ 959.522532][T16446] RDX: 0000000000100082 RSI: 0000000000000000 RDI: 0000000000000003 [ 959.522540][T16446] RBP: 00007f3a69a32c99 R08: 0000000000000000 R09: 0000000000000000 [ 959.522549][T16446] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 959.522557][T16446] R13: 00007f3a69c16038 R14: 00007f3a69c15fa0 R15: 00007fffa975b8e8 [ 959.522575][T16446] [ 960.420655][T16455] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 960.426729][T16455] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 960.477999][T16455] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 961.419092][T16193] Bluetooth: hci0: command 0x0c1a tx timeout [ 962.528773][T16193] Bluetooth: hci1: command 0x0c1a tx timeout [ 962.691711][T16193] Bluetooth: hci2: command 0x0c1a tx timeout [ 962.731420][T16469] NFSD: Failed to start, no listeners configured. [ 964.634244][T16498] lo: entered allmulticast mode [ 964.741545][T16498] lo: left allmulticast mode [ 966.070301][T16513] input: f as /devices/virtual/input/input23 [ 966.115811][ T30] audit: type=1804 audit(4294989078.911:24): pid=16515 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.1927" name="/newroot/sys/kernel/tracing/trace_marker" dev="tracefs" ino=3563 res=1 errno=0 [ 966.188897][T16506] NFSD: Failed to start, no listeners configured. [ 966.356733][T16518] zram: Removed device: zram0 [ 969.428062][T16553] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 969.762522][T16553] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 969.768607][T16553] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 971.493436][T16182] Bluetooth: hci0: command 0x0c1a tx timeout [ 971.755109][T16587] program syz.3.1933 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 971.813701][T16182] Bluetooth: hci2: command 0x0c1a tx timeout [ 971.819961][T16182] Bluetooth: hci1: command 0x0c1a tx timeout [ 975.008710][T16626] Invalid ELF header magic: != ELF [ 975.039287][T16628] lo: entered allmulticast mode [ 975.565573][T16628] lo: left allmulticast mode [ 977.682977][T16650] FAULT_INJECTION: forcing a failure. [ 977.682977][T16650] name failslab, interval 1, probability 0, space 0, times 0 [ 977.821490][T16650] CPU: 0 UID: 0 PID: 16650 Comm: syz.1.1944 Tainted: G L syzkaller #0 PREEMPT(full) [ 977.821519][T16650] Tainted: [L]=SOFTLOCKUP [ 977.821524][T16650] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 977.821534][T16650] Call Trace: [ 977.821540][T16650] [ 977.821548][T16650] dump_stack_lvl+0x100/0x190 [ 977.821575][T16650] should_fail_ex.cold+0x5/0xa [ 977.821594][T16650] ? tomoyo_realpath_from_path+0xb6/0x690 [ 977.821615][T16650] should_failslab+0xc2/0x120 [ 977.821631][T16650] __kmalloc_noprof+0xe0/0x850 [ 977.821663][T16650] tomoyo_realpath_from_path+0xb6/0x690 [ 977.821687][T16650] tomoyo_check_open_permission+0x2af/0x3c0 [ 977.821705][T16650] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 977.821741][T16650] ? do_raw_spin_lock+0x128/0x260 [ 977.821763][T16650] ? path_get+0x61/0x80 [ 977.821782][T16650] tomoyo_file_open+0x6b/0x90 [ 977.821803][T16650] security_file_open+0xb5/0x1e0 [ 977.821821][T16650] do_dentry_open+0x5aa/0x1660 [ 977.821838][T16650] ? security_inode_permission+0xbf/0x250 [ 977.821857][T16650] vfs_open+0x82/0x3f0 [ 977.821877][T16650] path_openat+0x208c/0x31a0 [ 977.821899][T16650] ? __pfx_path_openat+0x10/0x10 [ 977.821920][T16650] do_file_open+0x20e/0x430 [ 977.821936][T16650] ? __pfx_do_file_open+0x10/0x10 [ 977.821965][T16650] ? alloc_fd+0x476/0x790 [ 977.821982][T16650] ? do_getname+0x191/0x390 [ 977.822001][T16650] do_sys_openat2+0x10d/0x1e0 [ 977.822019][T16650] ? __pfx_do_sys_openat2+0x10/0x10 [ 977.822044][T16650] __x64_sys_openat+0x12d/0x210 [ 977.822063][T16650] ? __pfx___x64_sys_openat+0x10/0x10 [ 977.822089][T16650] do_syscall_64+0x106/0xf80 [ 977.822109][T16650] ? clear_bhb_loop+0x40/0x90 [ 977.822127][T16650] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 977.822143][T16650] RIP: 0033:0x7f16c899c799 [ 977.822157][T16650] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 977.822171][T16650] RSP: 002b:00007f16c97fa028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 977.822186][T16650] RAX: ffffffffffffffda RBX: 00007f16c8c15fa0 RCX: 00007f16c899c799 [ 977.822195][T16650] RDX: 0000000000080000 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 977.822205][T16650] RBP: 00007f16c8a32c99 R08: 0000000000000000 R09: 0000000000000000 [ 977.822214][T16650] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 977.822223][T16650] R13: 00007f16c8c16038 R14: 00007f16c8c15fa0 R15: 00007ffe7214eb78 [ 977.822243][T16650] [ 977.822251][T16650] ERROR: Out of memory at tomoyo_realpath_from_path. [ 978.980904][T16658] netlink: 98 bytes leftover after parsing attributes in process `syz.0.1946'. [ 985.110655][T16720] Invalid ELF header magic: != ELF [ 986.774815][T16739] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1962'. [ 987.146002][T16723] FAULT_INJECTION: forcing a failure. [ 987.146002][T16723] name failslab, interval 1, probability 0, space 0, times 0 [ 987.486678][T16723] CPU: 0 UID: 0 PID: 16723 Comm: syz.2.1958 Tainted: G L syzkaller #0 PREEMPT(full) [ 987.486706][T16723] Tainted: [L]=SOFTLOCKUP [ 987.486711][T16723] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 987.486721][T16723] Call Trace: [ 987.486727][T16723] [ 987.486732][T16723] dump_stack_lvl+0x100/0x190 [ 987.486761][T16723] should_fail_ex.cold+0x5/0xa [ 987.486779][T16723] should_failslab+0xc2/0x120 [ 987.486796][T16723] __kvmalloc_node_noprof+0xfa/0xa00 [ 987.486819][T16723] ? alloc_fdtable+0x110/0x2d0 [ 987.486848][T16723] alloc_fdtable+0x110/0x2d0 [ 987.486871][T16723] dup_fd+0x995/0xd10 [ 987.486887][T16723] ? fd_statfs+0xdd/0x120 [ 987.486910][T16723] ksys_unshare+0x7ad/0xad0 [ 987.486930][T16723] ? __pfx_ksys_unshare+0x10/0x10 [ 987.486949][T16723] ? arch_syscall_is_vdso_sigreturn+0xb6/0x200 [ 987.486968][T16723] ? syscall_user_dispatch+0x76/0x130 [ 987.486990][T16723] __x64_sys_unshare+0x31/0x40 [ 987.487007][T16723] do_syscall_64+0x106/0xf80 [ 987.487027][T16723] ? clear_bhb_loop+0x40/0x90 [ 987.487044][T16723] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 987.487060][T16723] RIP: 0033:0x7f3a6999c799 [ 987.487073][T16723] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 987.487117][T16723] RSP: 002b:00007f3a6a8b3028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 987.487132][T16723] RAX: ffffffffffffffda RBX: 00007f3a69c16180 RCX: 00007f3a6999c799 [ 987.487143][T16723] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000400 [ 987.487152][T16723] RBP: 00007f3a69a32c99 R08: 0000000000000000 R09: 0000000000000000 [ 987.487162][T16723] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 987.487171][T16723] R13: 00007f3a69c16218 R14: 00007f3a69c16180 R15: 00007fffa975b8e8 [ 987.487191][T16723] [ 988.013024][T16750] random: crng reseeded on system resumption [ 988.840621][ T30] audit: type=1800 audit(4294989101.640:25): pid=16753 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.1965" name="trace_pipe" dev="tracefs" ino=3559 res=0 errno=0 [ 991.056037][T16772] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 991.215132][T16772] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 991.260403][T16772] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 992.368074][T16811] NFSD: Failed to start, no listeners configured. [ 992.472019][T16193] Bluetooth: hci0: command 0x0c1a tx timeout [ 992.587950][T16798] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1970'. [ 992.774835][T16809] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1970'. [ 993.109737][T16193] Bluetooth: hci1: command 0x0c1a tx timeout [ 993.264215][T16193] Bluetooth: hci2: command 0x0c1a tx timeout [ 993.354834][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 993.361313][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 993.427111][T16591] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 995.248683][T16838] netlink: 252 bytes leftover after parsing attributes in process `syz.3.1974'. [ 995.360747][T16843] netlink: 252 bytes leftover after parsing attributes in process `syz.3.1974'. [ 995.513336][T16844] mkiss: ax0: crc mode is auto. [ 997.254711][T16861] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.1.1979: iget: checksum invalid [ 997.682096][T16861] faux_driver regulatory: loading /lib/firmware/updates/syzkaller/regulatory.db failed with error -74 [ 998.006646][T16861] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.1.1979: iget: checksum invalid [ 998.047770][T16865] ecryptfs_miscdev_write: Minimum acceptable packet size is [14], but amount of data written is only [5]. Discarding response packet. [ 998.216153][T16861] faux_driver regulatory: loading /lib/firmware/updates/regulatory.db failed with error -74 [ 998.342249][T16861] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.1.1979: iget: checksum invalid [ 998.454694][T16861] faux_driver regulatory: loading /lib/firmware/syzkaller/regulatory.db failed with error -74 [ 998.546992][T16861] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.1.1979: iget: checksum invalid [ 998.666981][T16861] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -74 [ 998.676442][T16861] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -74 [ 998.806870][T16861] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 999.344473][T16881] Invalid ELF header magic: != ELF [ 999.850325][ T30] audit: type=1800 audit(4294989112.644:26): pid=16873 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.1982" name="SYSV00000008" dev="hugetlbfs" ino=0 res=0 errno=0 [ 999.888371][T16889] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 999.890133][T16889] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 999.890300][T16889] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1000.218890][T16895] netlink: 330 bytes leftover after parsing attributes in process `syz.3.1986'. [ 1001.931605][T16591] Bluetooth: hci2: command 0x0c1a tx timeout [ 1001.937639][T16591] Bluetooth: hci1: command 0x0c1a tx timeout [ 1001.943869][T16193] Bluetooth: hci0: command 0x0c1a tx timeout [ 1008.210955][T16963] NFSD: Failed to start, no listeners configured. [ 1008.221789][T16949] vivid-007: ================= START STATUS ================= [ 1008.229477][T16949] vivid-007: Generate PTS: true [ 1008.372216][T16949] vivid-007: Generate SCR: true [ 1008.377127][T16949] tpg source WxH: 320x240 (Y'CbCr) [ 1008.562071][T16949] tpg field: 1 [ 1008.565477][T16949] tpg crop: (0,0)/320x240 [ 1008.624340][T16949] tpg compose: (0,0)/320x240 [ 1008.704732][T16949] tpg colorspace: 8 [ 1008.902894][T16949] tpg transfer function: 0/0 [ 1008.907522][T16949] tpg Y'CbCr encoding: 0/0 [ 1009.037159][T16949] tpg quantization: 0/0 [ 1009.041350][T16949] tpg RGB range: 0/2 [ 1009.172897][T16949] vivid-007: ================== END STATUS ================== [ 1009.264653][T16968] vivid-007: kernel_thread() failed [ 1009.299584][T16967] vivid-007: kernel_thread() failed [ 1011.271700][T16995] misc userio: Invalid payload size [ 1012.183658][T17007] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1012.284076][T17007] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1012.383807][T17007] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1014.236774][T16910] Bluetooth: hci0: command 0x0c1a tx timeout [ 1014.314770][T16910] Bluetooth: hci2: command 0x0c1a tx timeout [ 1014.320829][T16182] Bluetooth: hci1: command 0x0c1a tx timeout [ 1016.055611][T17041] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2016'. [ 1018.958642][T17080] netlink: 504 bytes leftover after parsing attributes in process `syz.2.2022'. [ 1019.042007][T17080] netlink: 350 bytes leftover after parsing attributes in process `syz.2.2022'. [ 1019.332798][T17083] FAULT_INJECTION: forcing a failure. [ 1019.332798][T17083] name fail_futex, interval 1, probability 0, space 0, times 0 [ 1019.543400][T17083] CPU: 0 UID: 0 PID: 17083 Comm: syz.3.2023 Tainted: G L syzkaller #0 PREEMPT(full) [ 1019.543428][T17083] Tainted: [L]=SOFTLOCKUP [ 1019.543433][T17083] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1019.543444][T17083] Call Trace: [ 1019.543452][T17083] [ 1019.543458][T17083] dump_stack_lvl+0x100/0x190 [ 1019.543485][T17083] should_fail_ex.cold+0x5/0xa [ 1019.543510][T17083] get_futex_key+0x1d2/0x1620 [ 1019.543535][T17083] ? __pfx_get_futex_key+0x10/0x10 [ 1019.543565][T17083] ? do_mmap+0x93f/0x12f0 [ 1019.543586][T17083] ? __pfx_userfaultfd_unmap_complete+0x10/0x10 [ 1019.543614][T17083] futex_wake+0xea/0x530 [ 1019.543637][T17083] ? __pfx_futex_wake+0x10/0x10 [ 1019.543666][T17083] do_futex+0x32b/0x350 [ 1019.543685][T17083] ? __pfx_do_futex+0x10/0x10 [ 1019.543701][T17083] ? __do_sys_clone+0xd9/0x120 [ 1019.543723][T17083] __x64_sys_futex+0x34f/0x4d0 [ 1019.543742][T17083] ? __pfx_ksys_mmap_pgoff+0x10/0x10 [ 1019.543758][T17083] ? __pfx___x64_sys_futex+0x10/0x10 [ 1019.543782][T17083] do_syscall_64+0x106/0xf80 [ 1019.543803][T17083] ? clear_bhb_loop+0x40/0x90 [ 1019.543821][T17083] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1019.543837][T17083] RIP: 0033:0x7f871ab9c799 [ 1019.543850][T17083] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1019.543865][T17083] RSP: 002b:00007f871ba050e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1019.543885][T17083] RAX: ffffffffffffffda RBX: 00007f871ae16098 RCX: 00007f871ab9c799 [ 1019.543895][T17083] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f871ae1609c [ 1019.543904][T17083] RBP: 00007f871ae16090 R08: 0000000000000000 R09: 0000000000000000 [ 1019.543913][T17083] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1019.543921][T17083] R13: 00007f871ae16128 R14: 00007ffcc5759860 R15: 00007ffcc5759948 [ 1019.543941][T17083] [ 1022.943887][T17116] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1023.046688][T17116] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1023.221141][T17105] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2027'. [ 1023.319563][T17116] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1024.960001][T16910] Bluetooth: hci0: command 0x0c1a tx timeout [ 1025.122336][T16910] Bluetooth: hci1: command 0x0c1a tx timeout [ 1025.360141][T16910] Bluetooth: hci2: command 0x0c1a tx timeout [ 1025.837262][T17138] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.3.2033: iget: checksum invalid [ 1026.027590][T17138] faux_driver regulatory: loading /lib/firmware/updates/syzkaller/regulatory.db failed with error -74 [ 1026.241623][T17138] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.3.2033: iget: checksum invalid [ 1026.444608][T17138] faux_driver regulatory: loading /lib/firmware/updates/regulatory.db failed with error -74 [ 1026.658802][T17138] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.3.2033: iget: checksum invalid [ 1027.069861][T17138] faux_driver regulatory: loading /lib/firmware/syzkaller/regulatory.db failed with error -74 [ 1027.331510][T17138] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.3.2033: iget: checksum invalid [ 1027.741483][T17138] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -74 [ 1027.750934][T17138] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -74 [ 1028.123829][T17138] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 1028.432606][T17185] nvme_fcloop: unknown parameter or missing value '7' [ 1029.312708][T17200] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input25 [ 1029.435686][T17184] Process accounting resumed [ 1031.367232][ T30] audit: type=1800 audit(4294990167.149:27): pid=17223 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="" name="lu_gp_id" dev="configfs" ino=665389 res=0 errno=0 [ 1032.705312][T17203] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input26 [ 1035.856489][T17255] FAULT_INJECTION: forcing a failure. [ 1035.856489][T17255] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1036.078794][T17255] CPU: 0 UID: 0 PID: 17255 Comm: syz.2.2047 Tainted: G L syzkaller #0 PREEMPT(full) [ 1036.078822][T17255] Tainted: [L]=SOFTLOCKUP [ 1036.078828][T17255] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1036.078837][T17255] Call Trace: [ 1036.078843][T17255] [ 1036.078849][T17255] dump_stack_lvl+0x100/0x190 [ 1036.078876][T17255] should_fail_ex.cold+0x5/0xa [ 1036.078892][T17255] ? prepare_alloc_pages+0x16d/0x5f0 [ 1036.078911][T17255] should_fail_alloc_page+0xeb/0x140 [ 1036.078928][T17255] prepare_alloc_pages+0x1f0/0x5f0 [ 1036.078947][T17255] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 1036.078972][T17255] ? __pfx_validate_mm+0x10/0x10 [ 1036.078990][T17255] ? __call_rcu_common.constprop.0+0x3f0/0x9b0 [ 1036.079015][T17255] ? vms_complete_munmap_vmas+0x7ac/0xdd0 [ 1036.079034][T17255] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1036.079057][T17255] ? percpu_counter_add_batch+0xb9/0x230 [ 1036.079152][T17255] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 1036.079183][T17255] ? __pfx_vms_complete_munmap_vmas+0x10/0x10 [ 1036.079204][T17255] ? vma_wants_writenotify+0x10b/0x390 [ 1036.079236][T17255] ? __pfx_vma_wants_writenotify+0x10/0x10 [ 1036.079260][T17255] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1036.079285][T17255] ? policy_nodemask+0xed/0x4f0 [ 1036.079302][T17255] alloc_pages_mpol+0x1fb/0x550 [ 1036.079319][T17255] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 1036.079339][T17255] folio_alloc_mpol_noprof+0x36/0x340 [ 1036.079365][T17255] vma_alloc_folio_noprof+0xed/0x1d0 [ 1036.079384][T17255] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 1036.079408][T17255] do_anonymous_page+0xb3a/0x1fb0 [ 1036.079436][T17255] __handle_mm_fault+0x1d42/0x2b60 [ 1036.079461][T17255] ? __pfx___handle_mm_fault+0x10/0x10 [ 1036.079481][T17255] ? pte_offset_map_lock+0x174/0x320 [ 1036.079496][T17255] ? find_held_lock+0x2b/0x80 [ 1036.079516][T17255] ? follow_page_pte+0x5b3/0x1400 [ 1036.079536][T17255] handle_mm_fault+0x36d/0xa20 [ 1036.079558][T17255] __get_user_pages+0xf9c/0x34d0 [ 1036.079582][T17255] ? __pfx___get_user_pages+0x10/0x10 [ 1036.079603][T17255] populate_vma_page_range+0x267/0x3f0 [ 1036.079622][T17255] ? __pfx_populate_vma_page_range+0x10/0x10 [ 1036.079639][T17255] ? __pfx_find_vma_intersection+0x10/0x10 [ 1036.079655][T17255] ? do_mmap+0x93f/0x12f0 [ 1036.079672][T17255] __mm_populate+0x107/0x3a0 [ 1036.079690][T17255] ? __pfx___mm_populate+0x10/0x10 [ 1036.079708][T17255] ? up_write+0x290/0x4f0 [ 1036.079730][T17255] vm_mmap_pgoff+0x37f/0x470 [ 1036.079749][T17255] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 1036.079766][T17255] ? do_futex+0x192/0x350 [ 1036.079785][T17255] ? __pfx_do_futex+0x10/0x10 [ 1036.079806][T17255] ksys_mmap_pgoff+0xe1/0x650 [ 1036.079822][T17255] ? __x64_sys_futex+0x34f/0x4d0 [ 1036.079839][T17255] ? __x64_sys_futex+0x358/0x4d0 [ 1036.079857][T17255] ? __pfx_ksys_mmap_pgoff+0x10/0x10 [ 1036.079872][T17255] ? xfd_validate_state+0x129/0x190 [ 1036.079898][T17255] __x64_sys_mmap+0x125/0x190 [ 1036.079921][T17255] do_syscall_64+0x106/0xf80 [ 1036.079941][T17255] ? clear_bhb_loop+0x40/0x90 [ 1036.079960][T17255] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1036.079977][T17255] RIP: 0033:0x7f3a6999c799 [ 1036.079991][T17255] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1036.080006][T17255] RSP: 002b:00007f3a6a8d4028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 1036.080021][T17255] RAX: ffffffffffffffda RBX: 00007f3a69c16090 RCX: 00007f3a6999c799 [ 1036.080031][T17255] RDX: 00000000000000df RSI: 0000000000000008 RDI: 0000000000000000 [ 1036.080040][T17255] RBP: 00007f3a69a32c99 R08: 0000000000000002 R09: 0000000000008000 [ 1036.080050][T17255] R10: 0000000000009b72 R11: 0000000000000246 R12: 0000000000000000 [ 1036.080058][T17255] R13: 00007f3a69c16128 R14: 00007f3a69c16090 R15: 00007fffa975b8e8 [ 1036.080078][T17255] [ 1040.125586][T17284] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input27 [ 1040.435229][T17284] input: failed to attach handler evdev to device input27, error: -4 [ 1041.250327][T17272] program syz.1.2058 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1041.753913][T17297] device-mapper: ioctl: Unable to rename non-existent device,  to [ 1044.456262][T17331] input: jJǸ-9%vJ86 as /devices/virtual/input/input28 [ 1046.832863][T17346] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2066'. [ 1048.619554][T17359] FAULT_INJECTION: forcing a failure. [ 1048.619554][T17359] name failslab, interval 1, probability 0, space 0, times 0 [ 1048.712065][T17359] CPU: 0 UID: 0 PID: 17359 Comm: syz.1.2069 Tainted: G L syzkaller #0 PREEMPT(full) [ 1048.712094][T17359] Tainted: [L]=SOFTLOCKUP [ 1048.712100][T17359] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1048.712109][T17359] Call Trace: [ 1048.712115][T17359] [ 1048.712128][T17359] dump_stack_lvl+0x100/0x190 [ 1048.712157][T17359] should_fail_ex.cold+0x5/0xa [ 1048.712176][T17359] should_failslab+0xc2/0x120 [ 1048.712192][T17359] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 1048.712214][T17359] ? acpi_ps_alloc_op+0x29d/0x360 [ 1048.712255][T17359] acpi_ps_alloc_op+0x29d/0x360 [ 1048.712273][T17359] ? acpi_ut_status_exit+0x111/0x1c0 [ 1048.712360][T17359] acpi_ps_create_op+0x4b3/0xd10 [ 1048.712378][T17359] ? __pfx_acpi_ps_create_op+0x10/0x10 [ 1048.712397][T17359] ? acpi_ut_status_exit+0x111/0x1c0 [ 1048.712420][T17359] acpi_ps_parse_loop+0xa65/0x24a0 [ 1048.712442][T17359] ? __pfx_acpi_ps_parse_loop+0x10/0x10 [ 1048.712459][T17359] ? kmem_cache_alloc_noprof+0x292/0x6e0 [ 1048.712479][T17359] ? acpi_ut_create_thread_state+0x6d/0x170 [ 1048.712554][T17359] acpi_ps_parse_aml+0x81e/0x1120 [ 1048.712576][T17359] acpi_ps_execute_method+0x5c4/0xe90 [ 1048.712599][T17359] acpi_ns_evaluate+0x640/0x1670 [ 1048.712624][T17359] acpi_evaluate_object+0x420/0xe00 [ 1048.712638][T17359] ? kasan_save_stack+0x30/0x50 [ 1048.712659][T17359] ? kasan_save_track+0x14/0x30 [ 1048.712684][T17359] ? __pfx_acpi_evaluate_object+0x10/0x10 [ 1048.712705][T17359] acpi_evaluate_integer+0xdf/0x220 [ 1048.712727][T17359] ? __pfx_acpi_evaluate_integer+0x10/0x10 [ 1048.712756][T17359] ? __pfx_status_show+0x10/0x10 [ 1048.712773][T17359] status_show+0xa0/0x120 [ 1048.712787][T17359] ? __pfx_status_show+0x10/0x10 [ 1048.712807][T17359] dev_attr_show+0x52/0xa0 [ 1048.712827][T17359] ? __pfx_dev_attr_show+0x10/0x10 [ 1048.712843][T17359] sysfs_kf_seq_show+0x217/0x3a0 [ 1048.712866][T17359] seq_read_iter+0x32f/0x1270 [ 1048.712896][T17359] kernfs_fop_read_iter+0x46c/0x610 [ 1048.712913][T17359] ? rw_verify_area+0xce/0x6d0 [ 1048.712933][T17359] ? __pfx_kernfs_fop_read_iter+0x10/0x10 [ 1048.712951][T17359] vfs_read+0x825/0xb30 [ 1048.712982][T17359] ? __pfx_vfs_read+0x10/0x10 [ 1048.713022][T17359] ksys_read+0x12a/0x250 [ 1048.713043][T17359] ? __pfx_ksys_read+0x10/0x10 [ 1048.713071][T17359] do_syscall_64+0x106/0xf80 [ 1048.713091][T17359] ? clear_bhb_loop+0x40/0x90 [ 1048.713109][T17359] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1048.713132][T17359] RIP: 0033:0x7f16c899c799 [ 1048.713147][T17359] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1048.713163][T17359] RSP: 002b:00007f16c97fa028 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1048.713178][T17359] RAX: ffffffffffffffda RBX: 00007f16c8c15fa0 RCX: 00007f16c899c799 [ 1048.713188][T17359] RDX: 000000000000007a RSI: 0000200000000240 RDI: 0000000000000009 [ 1048.713197][T17359] RBP: 00007f16c8a32c99 R08: 0000000000000000 R09: 0000000000000000 [ 1048.713206][T17359] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1048.713214][T17359] R13: 00007f16c8c16038 R14: 00007f16c8c15fa0 R15: 00007ffe7214eb78 [ 1048.713235][T17359] [ 1049.291129][T17359] ACPI Error: Aborting method \_SB.LNKA._STA due to previous error (AE_NO_MEMORY) (20251212/psparse-529) [ 1049.915981][ T30] audit: type=1806 audit(4294990185.620:28): xattr="." res=0 [ 1054.818155][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 1054.824692][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 1055.010440][T17420] zswap: compressor not available [ 1057.002783][T17434] FAULT_INJECTION: forcing a failure. [ 1057.002783][T17434] name failslab, interval 1, probability 0, space 0, times 0 [ 1057.263534][T17434] CPU: 0 UID: 0 PID: 17434 Comm: syz.2.2080 Tainted: G L syzkaller #0 PREEMPT(full) [ 1057.263563][T17434] Tainted: [L]=SOFTLOCKUP [ 1057.263569][T17434] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1057.263578][T17434] Call Trace: [ 1057.263583][T17434] [ 1057.263589][T17434] dump_stack_lvl+0x100/0x190 [ 1057.263618][T17434] should_fail_ex.cold+0x5/0xa [ 1057.263638][T17434] should_failslab+0xc2/0x120 [ 1057.263654][T17434] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 1057.263675][T17434] ? __d_alloc+0x34/0xa80 [ 1057.263696][T17434] __d_alloc+0x34/0xa80 [ 1057.263715][T17434] d_alloc_parallel+0x111/0x14e0 [ 1057.263738][T17434] ? find_held_lock+0x2b/0x80 [ 1057.263752][T17434] ? is_bpf_text_address+0x8a/0x1a0 [ 1057.263777][T17434] ? __pfx_d_alloc_parallel+0x10/0x10 [ 1057.263811][T17434] ? lockdep_init_map_type+0x5c/0x250 [ 1057.263831][T17434] ? lockdep_init_map_type+0x5c/0x250 [ 1057.263854][T17434] __lookup_slow+0x193/0x460 [ 1057.263874][T17434] ? __pfx___lookup_slow+0x10/0x10 [ 1057.263909][T17434] lookup_slow+0x50/0x70 [ 1057.263928][T17434] path_lookupat+0x5e8/0xc40 [ 1057.263953][T17434] filename_lookup+0x202/0x590 [ 1057.263977][T17434] ? __pfx_filename_lookup+0x10/0x10 [ 1057.264013][T17434] ? strncpy_from_user+0x19d/0x2d0 [ 1057.264036][T17434] user_path_at+0x3c/0x60 [ 1057.264057][T17434] __x64_sys_mount+0x1fb/0x310 [ 1057.264075][T17434] ? __pfx___x64_sys_mount+0x10/0x10 [ 1057.264098][T17434] do_syscall_64+0x106/0xf80 [ 1057.264118][T17434] ? clear_bhb_loop+0x40/0x90 [ 1057.264137][T17434] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1057.264152][T17434] RIP: 0033:0x7f3a6999c799 [ 1057.264166][T17434] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1057.264180][T17434] RSP: 002b:00007f3a6a8d4028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1057.264195][T17434] RAX: ffffffffffffffda RBX: 00007f3a69c16090 RCX: 00007f3a6999c799 [ 1057.264205][T17434] RDX: 00002000000001c0 RSI: 0000200000000180 RDI: 0000000000000000 [ 1057.264214][T17434] RBP: 00007f3a69a32c99 R08: 0000000000000000 R09: 0000000000000000 [ 1057.264223][T17434] R10: 0000000000000005 R11: 0000000000000246 R12: 0000000000000000 [ 1057.264232][T17434] R13: 00007f3a69c16128 R14: 00007f3a69c16090 R15: 00007fffa975b8e8 [ 1057.264252][T17434] [ 1057.618257][T17444] FAULT_INJECTION: forcing a failure. [ 1057.618257][T17444] name fail_futex, interval 1, probability 0, space 0, times 0 [ 1057.631221][T17444] CPU: 0 UID: 0 PID: 17444 Comm: syz.3.2081 Tainted: G L syzkaller #0 PREEMPT(full) [ 1057.631247][T17444] Tainted: [L]=SOFTLOCKUP [ 1057.631253][T17444] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1057.631269][T17444] Call Trace: [ 1057.631277][T17444] [ 1057.631284][T17444] dump_stack_lvl+0x100/0x190 [ 1057.631314][T17444] should_fail_ex.cold+0x5/0xa [ 1057.631333][T17444] get_futex_key+0x1d2/0x1620 [ 1057.631355][T17444] ? __pfx_get_futex_key+0x10/0x10 [ 1057.631373][T17444] ? do_mmap+0x93f/0x12f0 [ 1057.631393][T17444] futex_wake+0xea/0x530 [ 1057.631414][T17444] ? __pfx___mm_populate+0x10/0x10 [ 1057.631433][T17444] ? __pfx_futex_wake+0x10/0x10 [ 1057.631461][T17444] do_futex+0x32b/0x350 [ 1057.631480][T17444] ? __pfx_do_futex+0x10/0x10 [ 1057.631503][T17444] __x64_sys_futex+0x34f/0x4d0 [ 1057.631522][T17444] ? __pfx_ksys_mmap_pgoff+0x10/0x10 [ 1057.631538][T17444] ? __pfx___x64_sys_futex+0x10/0x10 [ 1057.631564][T17444] do_syscall_64+0x106/0xf80 [ 1057.631584][T17444] ? clear_bhb_loop+0x40/0x90 [ 1057.631602][T17444] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1057.631616][T17444] RIP: 0033:0x7f871ab9c799 [ 1057.631630][T17444] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1057.631644][T17444] RSP: 002b:00007f871ba050e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1057.631659][T17444] RAX: ffffffffffffffda RBX: 00007f871ae16098 RCX: 00007f871ab9c799 [ 1057.631669][T17444] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f871ae1609c [ 1057.631678][T17444] RBP: 00007f871ae16090 R08: 0000000000000000 R09: 0000000000000000 [ 1057.631687][T17444] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1057.631695][T17444] R13: 00007f871ae16128 R14: 00007ffcc5759860 R15: 00007ffcc5759948 [ 1057.631714][T17444] [ 1058.265832][ T30] audit: type=1800 audit(4294990194.026:29): pid=17440 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="" name="lu_gp_id" dev="configfs" ino=688046 res=0 errno=0 [ 1058.810928][T17460] device-mapper: ioctl: Invalid ioctl structure: name , dev 3ff [ 1060.041788][T17474] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2088'. [ 1060.171554][T17474] ipvlan0: entered promiscuous mode [ 1060.176794][T17474] ipvlan0: entered allmulticast mode [ 1060.505483][T17467] Process accounting paused [ 1061.365880][T16910] Bluetooth: hci0: ACL packet for unknown connection handle 0 [ 1061.869734][T17488] ------------[ cut here ]------------ [ 1061.875462][T17488] !reader [ 1061.875486][T17488] WARNING: kernel/trace/ring_buffer.c:7407 at ring_buffer_map_get_reader+0x659/0x880, CPU#0: syz.1.2091/17488 [ 1061.890042][T17488] Modules linked in: [ 1061.894406][T17488] CPU: 0 UID: 0 PID: 17488 Comm: syz.1.2091 Tainted: G L syzkaller #0 PREEMPT(full) [ 1061.905364][T17488] Tainted: [L]=SOFTLOCKUP [ 1061.909679][T17488] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1061.919743][T17488] RIP: 0010:ring_buffer_map_get_reader+0x659/0x880 [ 1061.926270][T17488] Code: ff e8 1b d5 fb ff 48 8d 3d b4 5a d1 0e 4c 89 fe 67 48 0f b9 3a e9 e0 fc ff ff 4c 8b 7c 24 58 4c 8b 74 24 60 e8 f8 d4 fb ff 90 <0f> 0b 90 e8 ef d4 fb ff 48 89 df 31 db e8 e5 0f fe ff 48 8b 74 24 [ 1061.945883][T17488] RSP: 0018:ffffc900046d7d90 EFLAGS: 00010083 [ 1061.951945][T17488] RAX: 000000000000079b RBX: ffff88813fea5000 RCX: ffffc9000ee84000 [ 1061.959905][T17488] RDX: 0000000000080000 RSI: ffffffff820c4228 RDI: ffff888033785b80 [ 1061.967864][T17488] RBP: 0000000000000000 R08: 0000000000000007 R09: 0000000000000000 [ 1061.975819][T17488] R10: 0000000000000000 R11: ffff88813fea50b0 R12: ffff88813fea50b0 [ 1061.983796][T17488] R13: dffffc0000000000 R14: ffff88813fea5190 R15: ffff88813fea5018 [ 1061.991772][T17488] FS: 00007f16c97b86c0(0000) GS:ffff88812434a000(0000) knlGS:0000000000000000 [ 1062.000714][T17488] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1062.007319][T17488] CR2: 0000001b30dd6ff8 CR3: 0000000033b6a000 CR4: 00000000003526f0 [ 1062.015386][T17488] Call Trace: [ 1062.018653][T17488] [ 1062.021575][T17488] ? __pfx_ring_buffer_map_get_reader+0x10/0x10 [ 1062.027831][T17488] ? __fget_files+0x21f/0x3d0 [ 1062.032513][T17488] tracing_buffers_ioctl+0x30d/0x400 [ 1062.037813][T17488] ? __pfx_tracing_buffers_ioctl+0x10/0x10 [ 1062.043638][T17488] __x64_sys_ioctl+0x18e/0x210 [ 1062.048402][T17488] do_syscall_64+0x106/0xf80 [ 1062.052989][T17488] ? clear_bhb_loop+0x40/0x90 [ 1062.057657][T17488] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1062.063538][T17488] RIP: 0033:0x7f16c899c799 [ 1062.067936][T17488] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1062.087533][T17488] RSP: 002b:00007f16c97b8028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1062.095954][T17488] RAX: ffffffffffffffda RBX: 00007f16c8c16180 RCX: 00007f16c899c799 [ 1062.103923][T17488] RDX: 0000000000000000 RSI: 0000000000005220 RDI: 000000000000000b [ 1062.111877][T17488] RBP: 00007f16c8a32c99 R08: 0000000000000000 R09: 0000000000000000 [ 1062.119831][T17488] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1062.127785][T17488] R13: 00007f16c8c16218 R14: 00007f16c8c16180 R15: 00007ffe7214eb78 [ 1062.135751][T17488] [ 1062.138800][T17488] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 1062.146092][T17488] CPU: 0 UID: 0 PID: 17488 Comm: syz.1.2091 Tainted: G L syzkaller #0 PREEMPT(full) [ 1062.157018][T17488] Tainted: [L]=SOFTLOCKUP [ 1062.161326][T17488] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1062.171378][T17488] Call Trace: [ 1062.174652][T17488] [ 1062.177569][T17488] dump_stack_lvl+0x100/0x190 [ 1062.182245][T17488] vpanic+0x552/0x970 [ 1062.186214][T17488] ? __pfx_vpanic+0x10/0x10 [ 1062.190709][T17488] panic+0xd1/0xe0 [ 1062.194413][T17488] ? __pfx_panic+0x10/0x10 [ 1062.198822][T17488] check_panic_on_warn.cold+0x19/0x34 [ 1062.204178][T17488] ? ring_buffer_map_get_reader+0x659/0x880 [ 1062.210052][T17488] __warn.cold+0x191/0x348 [ 1062.214452][T17488] __report_bug+0x296/0x3d0 [ 1062.219031][T17488] ? ring_buffer_map_get_reader+0x659/0x880 [ 1062.224930][T17488] ? __pfx___report_bug+0x10/0x10 [ 1062.229969][T17488] ? add_lock_to_list+0x99/0x110 [ 1062.234930][T17488] ? lockdep_unlock+0x5a/0xc0 [ 1062.239624][T17488] ? rb_set_head_page+0x1e6/0x2f0 [ 1062.244643][T17488] ? ring_buffer_map_get_reader+0x659/0x880 [ 1062.250519][T17488] report_bug+0xb2/0x220 [ 1062.254779][T17488] ? ring_buffer_map_get_reader+0x659/0x880 [ 1062.260680][T17488] handle_bug+0x16a/0x2a0 [ 1062.265004][T17488] exc_invalid_op+0x17/0x50 [ 1062.269495][T17488] asm_exc_invalid_op+0x1a/0x20 [ 1062.274356][T17488] RIP: 0010:ring_buffer_map_get_reader+0x659/0x880 [ 1062.280970][T17488] Code: ff e8 1b d5 fb ff 48 8d 3d b4 5a d1 0e 4c 89 fe 67 48 0f b9 3a e9 e0 fc ff ff 4c 8b 7c 24 58 4c 8b 74 24 60 e8 f8 d4 fb ff 90 <0f> 0b 90 e8 ef d4 fb ff 48 89 df 31 db e8 e5 0f fe ff 48 8b 74 24 [ 1062.300600][T17488] RSP: 0018:ffffc900046d7d90 EFLAGS: 00010083 [ 1062.306679][T17488] RAX: 000000000000079b RBX: ffff88813fea5000 RCX: ffffc9000ee84000 [ 1062.314652][T17488] RDX: 0000000000080000 RSI: ffffffff820c4228 RDI: ffff888033785b80 [ 1062.322609][T17488] RBP: 0000000000000000 R08: 0000000000000007 R09: 0000000000000000 [ 1062.330559][T17488] R10: 0000000000000000 R11: ffff88813fea50b0 R12: ffff88813fea50b0 [ 1062.338515][T17488] R13: dffffc0000000000 R14: ffff88813fea5190 R15: ffff88813fea5018 [ 1062.346479][T17488] ? ring_buffer_map_get_reader+0x658/0x880 [ 1062.352375][T17488] ? __pfx_ring_buffer_map_get_reader+0x10/0x10 [ 1062.358619][T17488] ? __fget_files+0x21f/0x3d0 [ 1062.363388][T17488] tracing_buffers_ioctl+0x30d/0x400 [ 1062.368713][T17488] ? __pfx_tracing_buffers_ioctl+0x10/0x10 [ 1062.374530][T17488] __x64_sys_ioctl+0x18e/0x210 [ 1062.379289][T17488] do_syscall_64+0x106/0xf80 [ 1062.383893][T17488] ? clear_bhb_loop+0x40/0x90 [ 1062.388590][T17488] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1062.394492][T17488] RIP: 0033:0x7f16c899c799 [ 1062.398908][T17488] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1062.418517][T17488] RSP: 002b:00007f16c97b8028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1062.426934][T17488] RAX: ffffffffffffffda RBX: 00007f16c8c16180 RCX: 00007f16c899c799 [ 1062.434994][T17488] RDX: 0000000000000000 RSI: 0000000000005220 RDI: 000000000000000b [ 1062.442970][T17488] RBP: 00007f16c8a32c99 R08: 0000000000000000 R09: 0000000000000000 [ 1062.450936][T17488] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1062.458892][T17488] R13: 00007f16c8c16218 R14: 00007f16c8c16180 R15: 00007ffe7214eb78 [ 1062.466876][T17488] [ 1062.469972][T17488] Kernel Offset: disabled [ 1062.474298][T17488] Rebooting in 86400 seconds..