last executing test programs: 7.366492236s ago: executing program 1 (id=4089): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) r1 = openat$auto_drm_crtc_crc_control_fops_drm_debugfs_crc(0xffffffffffffff9c, &(0x7f0000003500), 0x40002, 0x0) write$auto_drm_crtc_crc_control_fops_drm_debugfs_crc(r1, &(0x7f0000003540)='\n', 0x1) symlink$auto(&(0x7f0000000000)='./file0/../file0\x00', 0x0) mount$auto(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x200, 0x0) ioctl$auto_BLKFLSBUF(r0, 0x1261, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0x800000000000eb1, 0xfffffffffffffffa, 0x8000) openat$auto_cpu_latency_qos_fops_qos(0xffffffffffffff9c, &(0x7f0000002640), 0x241, 0x0) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000480)='/dev/sda1\x00', 0x8800, 0x0) cachestat$auto(r2, 0x0, 0x0, 0x0) 5.879750898s ago: executing program 1 (id=4093): mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) r0 = socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) ioctl$auto_BTRFS_IOC_SCRUB_PROGRESS(r1, 0xc400941d, &(0x7f0000000500)={0x40a, 0x3, 0x3ac, 0x9, {0x1, 0x10001, 0xb, 0x3, 0x8, 0x4, 0x9, 0x2, 0x8, 0xa5, 0x1, 0x4, 0x0, 0xb, 0xff}}) socket(0x15, 0x5, 0x0) getpeername$auto(0x200000003, 0x0, 0x0) open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x100) mmap$auto(0x0, 0x400006, 0xdf, 0x809b72, 0x2, 0x8000) pipe2$auto(0x0, 0x80) socket$nl_generic(0x10, 0x3, 0x10) dup2$auto(0x5, 0x4) select$auto(0xb, &(0x7f0000000100)={[0x7f, 0x31, 0xffffffffffffffff, 0x80000000, 0x7, 0x6, 0x81, 0x67e, 0x8, 0x2, 0x5, 0x10001, 0x334, 0x4, 0xfffffffffffffffe, 0x8]}, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r2 = syz_genetlink_get_family_id$auto_nfc(&(0x7f00000000c0), r1) sendmsg$auto_NFC_CMD_ENABLE_SE(r1, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x1c, r2, 0x2, 0x70bd29, 0x25dfdbfd, {}, [@NFC_ATTR_VENDOR_ID={0x8, 0x1d, 0x9b}]}, 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0x4) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, 0x0, 0x802, 0x0) write$auto(0x3, 0x0, 0xfffffdef) keyctl$auto(0x1d, 0xffffffffffffffff, 0x8, 0x5, 0x8) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB, @ANYRES8=r1, @ANYRES16=r0], 0x14}, 0x1, 0x0, 0x0, 0x4004040}, 0x40000) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0x2, 0x1, 0x0) mmap$auto(0x0, 0xa00006, 0x400002, 0x40ebe, 0xffffffffffffffff, 0x300000000000) io_uring_setup$auto(0x6, 0x0) close_range$auto(0x2, 0xa, 0x4) openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000200), 0x400, 0x3f) syz_genetlink_get_family_id$auto_net_shaper(&(0x7f00000001c0), r1) sendmsg$auto_ETHTOOL_MSG_PSE_SET(0xffffffffffffffff, 0x0, 0x40000) 5.467557877s ago: executing program 3 (id=4094): bpf$auto(0x0, &(0x7f0000000100)=@task_fd_query={0x5, 0x1ff, 0x7fa, 0x22104, 0x9, 0x7, 0x7ff, 0x20010180, 0x4000000f}, 0x198) ustat$auto(0xba1, 0x0) sendmsg$auto_BATADV_CMD_SET_MESH(r0, 0x0, 0x20000084) pread64$auto(0xffffffffffffffff, 0x0, 0x400100000001, 0x11ff) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0xc) socket$nl_generic(0x10, 0x3, 0x10) mkdir$auto(&(0x7f0000000100)='}[,&*}\x00', 0x8001) mount$auto(0x0, &(0x7f0000000040)='}[,&*}\x00', &(0x7f0000000080)='nfsd\x00', 0x7, 0x0) chdir$auto(&(0x7f0000000000)='}[,&*}\x00') umount2$auto(&(0x7f0000000000)='.\x00', 0x8) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000010c0), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r3) ioctl$auto_KVM_GET_MSRS(r2, 0x4008ae89, &(0x7f0000001100)={0xdd, 0x0, [{0x26d, 0x4, 0x20000000}]}) ioctl$auto(r1, 0x5, r1) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0x400c1, 0x0) ustat$auto(0x7, &(0x7f0000000040)={0x5, 0x8001, "df433498eeca", "ca5047b7b8f2"}) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/bus/usb/drivers/cx231xx/bind\x00', 0x80000, 0x0) sendmsg$auto_L2TP_CMD_SESSION_MODIFY(r0, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000001c0)={&(0x7f00000000c0)={0x1c, 0x0, 0x8, 0x70bd2b, 0x25dfdbfd, {}, [@L2TP_ATTR_CONN_ID={0x8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0x1) 5.18818943s ago: executing program 0 (id=4095): r0 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000040), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r1, &(0x7f0000004240)={0x0, 0x0, &(0x7f0000004200)={&(0x7f0000000140)={0x14, r0, 0x1, 0x70bd25, 0x25dfdbfe, {0x4, 0x0, 0x60}}, 0x14}, 0x1, 0x0, 0x0, 0x40c8}, 0x4048000) 4.871024318s ago: executing program 0 (id=4096): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NL80211_CMD_RELOAD_REGDB(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16, @ANYBLOB="0508"], 0x28}, 0x1, 0x0, 0x0, 0x4004044}, 0x8000) mmap$auto(0x0, 0x2020009, 0x7, 0xeb1, 0xfffffffffffffffa, 0x8000) recvmmsg$auto(r0, &(0x7f0000000180)={{0x0, 0x5, 0x0, 0x0, 0x0, 0x2, 0x6}, 0x803}, 0x10a, 0x6, 0x0) close_range$auto(0x2, 0x8, 0x0) userfaultfd$auto(0x1) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video1\x00', 0xc0400, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, 0x0, 0x189400, 0x0) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r2) ioctl$auto_KVM_GET_MSRS(r1, 0x4138ae84, &(0x7f0000000140)={0x7, 0x28000000}) 4.792417482s ago: executing program 2 (id=4097): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/module/zswap/parameters/compressor\x00', 0xc0002, 0x0) write$auto_ocfs2_control_fops_stack_user(r0, 0x0, 0x0) socket(0x18, 0x80003, 0x1) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/module/zswap/parameters/compressor\x00', 0xc0002, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/module/apparmor/parameters/mode\x00', 0x121102, 0x0) write$auto(r2, &(0x7f0000000040)='\\\x00', 0x2) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000001a40), r3) sendmsg$auto_ETHTOOL_MSG_CABLE_TEST_TDR_ACT(r3, &(0x7f0000002f40)={0x0, 0x0, &(0x7f0000002f00)={&(0x7f0000000000)={0x34, r4, 0x1, 0x70bd2b, 0x25dfdbfc, {}, [@ETHTOOL_A_CABLE_TEST_TDR_HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv0\x00'}, @ETHTOOL_A_HEADER_PHY_INDEX={0x8, 0x4, 0x10001}]}]}, 0x34}, 0x1, 0x0, 0x0, 0x24040000}, 0x700000000000000) syz_genetlink_get_family_id$auto_psample(&(0x7f0000000040), r3) r5 = socket(0x10, 0x2, 0xf) r6 = bpf$auto(0x0, &(0x7f0000000080)=@bpf_attr_4={0x1e, r5, 0xffffffff}, 0xd) bpf$auto(0x2, &(0x7f0000000080)=@iter_create={r6, 0x98}, 0x5) r7 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/module/button/parameters/lid_init_state\x00', 0x169882, 0x0) r8 = socket$nl_generic(0x10, 0x3, 0x10) sendfile$auto(r8, r7, 0x0, 0x8) fcntl$auto_F_OFD_SETLKW(r1, 0x26, 0xc) 4.651997387s ago: executing program 3 (id=4098): unshare$auto(0x40000080) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/mtdblock0\x00', 0x14fe02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) preadv2$auto(r0, &(0x7f0000000040)={0x0, 0x80000003}, 0x6, 0xffffffffffffffff, 0x8000000000000, 0x2f) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) r1 = socket(0x11, 0x80000, 0x6) sendto$auto(0xffffffffffffffff, 0x0, 0x1, 0xacf8, &(0x7f0000000180)=@can, 0x2) capset$auto(0x0, &(0x7f0000000000)={0x9, 0x2c, 0x3}) sendmmsg$auto(r0, &(0x7f0000000100)={{&(0x7f0000000080)="6adff3b64236d3897283683421efe1d26872eb764a5eea588350025f44de21", 0x5aa, &(0x7f0000000200)={&(0x7f0000000040)='\x00', 0x69}, 0x1, &(0x7f0000000200), 0x8, 0x3}, 0x6}, 0x2, 0x100) listen$auto(r0, 0x0) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttynull\x00', 0x0, 0x0) mmap$auto(0x8001, 0x100, 0x3, 0xeb1, 0x7, 0x8000) sendmsg$auto_NETDEV_CMD_DEV_GET(r1, &(0x7f0000000280)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x7f}, 0xc, &(0x7f00000002c0)={&(0x7f0000000680)=ANY=[@ANYBLOB="0000000081dc62fa55651c38c007693fc46e0c79cb48e1765fd620a0e756cd8b3ff526b07bca74ecb1f4b4ee66617411b5e33fc8048d5b6804836a43a114b981bfa602ae7c0c469be54672f86dea26ab58863f221a3d66b1bf1f305774fc81a59693558473", @ANYRESHEX=r1, @ANYBLOB="000425bd7000fcdbdf25010000000800010085ca3e1af4287b65a580e97e87690f00c64841165bb2d91fb01b9a439308524f4a0584e0b92bab82064838ca9d3d678db3c0b81b5ab2efcb14d9a996d1cc8abf5df69c66e45b24acfd2dd80e946626f21658661d243bb32f4f7493847f646a26c2287be02cfb4fafc8c2fdcdc15fbe8e97263e203adea221795566f934fc33fb3000a50cbc6513f3fccd6cc3f0aaed19529c54", @ANYRES32=0x0, @ANYBLOB="316924ed0f1a822d98b8ef691f99fcabf6d64620ee6b3c32763a1974c69fa90680a207db02b4cdf8cb8ca61934fa07c2cd738fa3a906ec83d2eba20702da72a95525b69e044c402d7ceadaf80be95807b35eef65f97061bedc1194e078562fecac1051757599c0e67a13a73dce6d98736de2000254a92ca63b92048b8b74d4bc22a52e293ba828ed25e52057138b48f1", @ANYRESDEC=r1], 0x1c}}, 0x0) futex$auto(0x0, 0x85, 0x38, 0x0, 0x0, 0x80800005) r3 = openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000400)='/dev/mtd0\x00', 0x68082, 0x0) ioctl$auto_BLKPG2(r3, 0x1269, 0x0) ioctl$auto_MEMGETINFO(r3, 0x80204d01, 0x0) r4 = openat$auto_tracing_fops_trace(0xffffffffffffff9c, 0x0, 0x40200, 0x0) mmap$auto(0x0, 0x402000b, 0x4af, 0xeb1, 0x401, 0x8000) read$auto(0x3, 0x0, 0xfffffdef) r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.cpu/memory.limit_in_bytes\x00', 0x182b02, 0x0) sendfile$auto(r5, r5, 0x0, 0x7) syz_genetlink_get_family_id$auto_seg6(0x0, 0xffffffffffffffff) mmap$auto(0x0, 0xe983, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) getsockopt$auto_SO_SNDBUF(r4, 0x73, 0x7, &(0x7f0000000100)='SEG\x85\x00', &(0x7f0000000140)=0x9d9) mmap$auto(0x5, 0x2020009, 0x3, 0x80000000eb1, 0xfffffffffffffffa, 0x8000) mbind$auto(0xffffffff, 0x4, 0x1, 0x0, 0x3, 0x1) mbind$auto(0x0, 0x800605, 0x41, &(0x7f0000000500)=0xffff, 0xffffffffffffff8f, 0x3) ioctl$auto(0x3, 0x402c542b, 0x38) ioctl$auto_TIOCSTI2(r2, 0x5412, 0x0) 4.525648308s ago: executing program 0 (id=4099): fspick$auto(0xffffffffffffffff, 0x0, 0x7) syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000180), 0xffffffffffffffff) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x1e, 0x5, 0x0) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r1) ioctl$auto_KVM_GET_MSRS(r0, 0x4008ae89, &(0x7f00000000c0)={0xdd, 0x0, [{0x40000081, 0x402, 0x2}]}) close_range$auto(0x2, 0x8, 0x0) mknod$auto(&(0x7f0000000040)='./file0\x00', 0x1001, 0x4) open$dir(&(0x7f00000001c0)='./file0\x00', 0x201, 0x14) openat$auto_qrtr_tun_ops_tun(0xffffffffffffff9c, 0x0, 0x481, 0x0) open(&(0x7f00000002c0)='./file0\x00', 0x40a00, 0x1c7) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D2\x00', 0x1, 0x0) pidfd_open$auto(0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) sysfs$auto(0x9, 0x4, 0x81) write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) select$auto(0x8, 0x0, 0x0, &(0x7f00000002c0)={[0x1fe, 0x7, 0x9, 0x1, 0x948d, 0x1ff, 0x15f4da07, 0x3, 0x8003, 0x65, 0x8000001f, 0x1000, 0x100000000006d3e, 0x9, 0x1, 0x8]}, 0x0) 4.447742036s ago: executing program 1 (id=4100): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/module/zswap/parameters/compressor\x00', 0xc0002, 0x0) write$auto_ocfs2_control_fops_stack_user(r0, 0x0, 0x0) syslog$auto(0x3, &(0x7f0000000080)='..\x00k\xac\x8c\x1d\x0e\x98\x80\xd2\xaf\xa1\xf2\x1e\xe1R1\xa2\x8e\xce\xa0\x17\bI3\'\xc5tw\xd7\x1d\xa6\xf4#+\xfa\xd7\x01\xb9j<\v\xf47\n\xa7\xd2\x8b\x11e1\xb3\xfdd\x04\xa9 1q\x97\xc4,\xa9^\xc1\xb6\x84q\x0f\xd1\x013\x87l\xb9\x1e\x05\x90\xa24X@\xadD\xf8\x9d\xf3 \xd2]\xc4\x13G\x1d\x04!\xc1\xeb.e$\xfb\xa3KU\xcf\xc1\x7fFD\x99\xf5v\v\x9dS\xc11P\xa3\xe9\xb0SqL\x85\xea\xb2\x9cY\x83.I\xca\x92\x1c\xc4\x13CV=\x92\x17c\x87iOt\x14On\x15=\v\xf0 \xc5\x8b~\xd6\xd4\xc7\xa3a\x1c\x06\x17\xb3\x88\x8c\xf1L\xba\x89a\xfd\xa5\xc6\x7fU\x00\xe5\x9b', 0x5) r1 = mq_open$auto(&(0x7f0000000280)='\\*)A\x00', 0x7e, 0x9, 0x0) mq_timedsend$auto(r1, 0x0, 0x40000000000001, 0x9, 0x0) r2 = syz_open_procfs$namespace(0x0, &(0x7f0000000080)) getdents64$auto(r2, &(0x7f0000000180)={0x0, 0x100000000000048, 0x9, 0x1}, 0x800) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/module/button/parameters/lid_init_state\x00', 0x169882, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socketpair$auto(0xf3, 0x4, 0x8000000000000000, 0x0) r4 = socket(0xa, 0x801, 0x84) getsockopt$auto(r4, 0x84, 0x6f, 0x0, &(0x7f0000000000)=0x9000c) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0) write$auto(0x4, 0x0, 0x100082) recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd) close_range$auto(0x2, 0xa, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendfile$auto(r5, r3, 0x0, 0x8) 4.254290011s ago: executing program 2 (id=4101): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/pci0000:00/0000:00:03.0/resource1\x00', 0x0, 0x0) mmap$auto(0x0, 0x9, 0xffb, 0x1000012, 0x3, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0x8000000000000000, 0x15) pwrite64$auto(0xffffffffffffffff, 0x0, 0xb, 0x8000) sysfs$auto(0x2, 0xa, 0x0) r0 = fsopen$auto(0x0, 0x1) fsconfig$auto(r0, 0x8, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x20009, 0x20004000000000df, 0xeb1, 0xffffffffffffffff, 0x8000) openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/fb1\x00', 0x519142, 0x0) mmap$auto(0x0, 0x20009, 0x9, 0xeb5, r0, 0x2008000) setrlimit$auto(0x7, 0x0) unshare$auto(0x40000080) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r1 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000001940), 0x101000, 0x0) socket(0x2, 0x801, 0x100) connect$auto(0x3, 0x0, 0x400051) setsockopt$auto(0xffffffffffffffff, 0x1, 0x1, &(0x7f0000000000)='\x98\x00', 0xb559) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/module/vivid/parameters/n_devs\x00', 0x1e1202, 0x0) mmap$auto(0x0, 0x4, 0x3, 0x9000000eb1, 0xfffffffffffffffa, 0x20000007fff) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) openat$auto_lowpan_enable_fops_(0xffffffffffffff9c, 0x0, 0x109500, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) sysfs$auto(0x2, 0x14, 0x0) fsconfig$auto(r1, 0xc7f, 0x0, 0x0, 0x0) write$auto(0xffffffffffffffff, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x68e00, 0x0) openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x101001, 0x0) 3.386626916s ago: executing program 0 (id=4102): fspick$auto(0xffffffffffffffff, 0x0, 0x7) syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000180), 0xffffffffffffffff) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x1e, 0x5, 0x0) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r1) ioctl$auto_KVM_GET_MSRS(r0, 0x4008ae89, &(0x7f00000000c0)={0xdd, 0x0, [{0x40000081, 0x402, 0x2}]}) close_range$auto(0x2, 0x8, 0x0) mknod$auto(&(0x7f0000000040)='./file0\x00', 0x1001, 0x4) open$dir(&(0x7f00000001c0)='./file0\x00', 0x201, 0x14) openat$auto_qrtr_tun_ops_tun(0xffffffffffffff9c, 0x0, 0x481, 0x0) open(&(0x7f00000002c0)='./file0\x00', 0x40a00, 0x1c7) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D2\x00', 0x1, 0x0) pidfd_open$auto(0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) sysfs$auto(0x9, 0x4, 0x81) write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) select$auto(0x8, 0x0, 0x0, &(0x7f00000002c0)={[0x1fe, 0x7, 0x9, 0x1, 0x948d, 0x1ff, 0x15f4da07, 0x3, 0x8003, 0x65, 0x8000001f, 0x1000, 0x100000000006d3e, 0x9, 0x1, 0x8]}, 0x0) 3.306050771s ago: executing program 1 (id=4103): r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x82, 0x0) r1 = ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/system/clockevents/broadcast/current_device\x00', 0x181400, 0x0) pread64$auto(r3, 0x0, 0x7, 0xd3f3) write$auto(r2, 0x0, 0x80000000) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000000c0)={'bond_slave_0\x00'}) mmap$auto(0x0, 0x5, 0x3, 0x14, 0xffffffffffffffff, 0x8000) openat$auto_dynamic_events_ops_trace_dynevent(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/tracing/dynamic_events\x00', 0x280, 0x0) r4 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r4, &(0x7f00000003c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4G\x0f\xed\xc0D\xd6\xaf%\xa5\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xccT\fZq', 0x100000a3da) ptrace$auto(0x10, 0x0, 0x4, 0x7ff) close_range$auto(0x0, 0xffffffffffffffff, 0x2) socket(0x11, 0x80003, 0x300) socket(0x29, 0x5, 0x0) open(&(0x7f0000000040)='./cgroup\x00', 0x80, 0xb5d1af1605322de0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda1\x00', 0x0, 0x0) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) close_range$auto(0x2, 0x8, 0x0) 2.336336125s ago: executing program 2 (id=4104): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NL80211_CMD_RELOAD_REGDB(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16, @ANYBLOB="0508"], 0x28}, 0x1, 0x0, 0x0, 0x4004044}, 0x8000) mmap$auto(0x0, 0x2020009, 0x7, 0xeb1, 0xfffffffffffffffa, 0x8000) recvmmsg$auto(r0, &(0x7f0000000180)={{0x0, 0x5, 0x0, 0x0, 0x0, 0x2, 0x6}, 0x803}, 0x10a, 0x6, 0x0) close_range$auto(0x2, 0x8, 0x0) userfaultfd$auto(0x1) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video1\x00', 0xc0400, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, 0x0, 0x189400, 0x0) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r2) ioctl$auto_KVM_GET_MSRS(r1, 0x4138ae84, &(0x7f0000000140)={0x7, 0x60000010}) 2.331078681s ago: executing program 3 (id=4105): r0 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000000), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_TIPC_NL_MON_PEER_GET(r1, &(0x7f0000006140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x14, r0, 0x711, 0x70b52c, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x4405}, 0x4c848) 2.258899407s ago: executing program 0 (id=4106): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/pci0000:00/0000:00:03.0/resource1\x00', 0x0, 0x0) mmap$auto(0x0, 0x9, 0xffb, 0x1000012, 0x3, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0x8000000000000000, 0x15) pwrite64$auto(0xffffffffffffffff, 0x0, 0xb, 0x8000) sysfs$auto(0x2, 0xa, 0x0) r0 = fsopen$auto(0x0, 0x1) fsconfig$auto(r0, 0x8, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x20009, 0x20004000000000df, 0xeb1, 0xffffffffffffffff, 0x8000) openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/fb1\x00', 0x519142, 0x0) madvise$auto(0x9, 0x3, 0x1ff) setrlimit$auto(0x7, 0x0) unshare$auto(0x40000080) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r1 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000001940), 0x101000, 0x0) socket(0x2, 0x801, 0x100) connect$auto(0x3, 0x0, 0x400051) setsockopt$auto(0xffffffffffffffff, 0x1, 0x1, &(0x7f0000000000)='\x98\x00', 0xb559) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/module/vivid/parameters/n_devs\x00', 0x1e1202, 0x0) mmap$auto(0x0, 0x4, 0x3, 0x9000000eb1, 0xfffffffffffffffa, 0x20000007fff) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) openat$auto_lowpan_enable_fops_(0xffffffffffffff9c, 0x0, 0x109500, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) sysfs$auto(0x2, 0x14, 0x0) fsconfig$auto(r1, 0xc7f, 0x0, 0x0, 0x0) write$auto(0xffffffffffffffff, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x68e00, 0x0) openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x101001, 0x0) 2.053808649s ago: executing program 3 (id=4107): r0 = dup$auto(0xffffffffffffffff) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/mac80211_hwsim/hwsim1/ieee80211/phy1/rfkill3/power/control\x00', 0xa0002, 0x0) setsockopt$auto(r0, 0x6, 0x80, &(0x7f0000000040)='^,-!-\x00', 0x9) bpf$auto(0x0, &(0x7f0000000100)=@task_fd_query={0x5, 0x1ff, 0x7fa, 0x22102, 0x3, 0x7, 0x7ff, 0x20010180, 0x40000011}, 0x198) ustat$auto(0xba1, 0x0) openat$auto_lsm_ops_inode(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) socket(0x2, 0x1, 0x106) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/audio1\x00', 0x80e42, 0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/adsp1\x00', 0x20342, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) select$auto(0x11, 0x0, 0x0, &(0x7f00000002c0)={[0x10000000000001fc, 0x7, 0xd3e, 0x1, 0x9687, 0x100000000000003, 0x95f4da0a, 0x6, 0x3, 0x62, 0x5, 0x5, 0x6d3f, 0x7, 0x6, 0x6]}, 0x0) socket(0xa, 0x801, 0x84) mmap$auto(0x0, 0x20004, 0x1ff, 0xeb1, 0x8000000000000024, 0x8000) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/loop15\x00', 0x6600, 0x0) openat$auto_tomoyo_self_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000000)='/dev/binderfs/binder0\x00', 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nfsd(0x0, 0xffffffffffffffff) socket(0xa, 0x5, 0x84) socket(0x2, 0x2, 0x0) socketpair$auto(0xffffffff, 0x2, 0x63, 0x0) close_range$auto(0x2, 0xffffffffffffffff, 0x0) open(0x0, 0x22240, 0x55) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0xc8e03, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x0, 0x0) socket(0xa, 0x801, 0x84) ioctl$auto(0x3, 0x40106f52, r1) 2.024623874s ago: executing program 1 (id=4108): mmap$auto(0x0, 0x2020009, 0x3, 0x9000000eb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) write$auto(r0, &(0x7f0000000040)='//\xf2\x00', 0x80000000) write$auto(r0, 0x0, 0x2) getrlimit$auto(0x3, 0x0) fdatasync$auto(r0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000380)='/dev/snd/controlC1\x00', 0x51c140, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) socket(0x2, 0x3, 0x2) setsockopt$auto(0x3, 0x0, 0x1, 0x0, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/035/001\x00', 0x1102, 0x0) r1 = open(&(0x7f0000000040)='./file0\x00', 0x22240, 0x110) r2 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x0, 0x0) write$auto_seq_oss_f_ops_seq_oss(r2, &(0x7f0000000040)="86ad180916cd35e093b9901f03de02ef", 0x5d) fcntl$auto(r1, 0x400, 0x1) fcntl$auto(r1, 0xa, 0x0) write$auto(0xffffffffffffffff, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xc8d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\xc6\x00\x89\te\x8d\a\xfb\\n\x89C:\x84D\x10u\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k', 0x100000a3d9) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x8ca180, 0x0) sendfile$auto(0x3, 0x3, 0x0, 0x400000000006) openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x411501, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) init_module$auto(0x0, 0xffff9, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x8000000000000000, 0x15) madvise$auto(0x0, 0x2000000080000001, 0x3) r3 = openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$auto_dma_heap_fops_dma_heap(r3, 0xffffffffffdffe02, &(0x7f00000001c0)="3bbddf00fa17687e718e6006f6a9ab96add4bd9ea8071d370a13f95da2d3e25c5913acca51fa4f7044a8ce217c9c8134248be0adbb3c0a96a3ecc4414a8d673f3b30f5d411e3361d08d7e338415ce450579cc2941cf9284e30235033a755c6b984549ec8e805eca455d06710376176f878c1e79b79fa4f9ff82e2f213f1d2c1de6a8731e59c1c66f368fc0c59e499c71da5e60457eaf59bcc69af1d9d542b10a6a281ec64ed872549a583a0446479a8ad1b96520a06eecfa59241bfaccc29a5d32fc2e08d2f3a2f956b0f60841cb2146960ef29e571800acb0dcacbfe7cf6e0181bc25ff59e7529e03f0a61092445aae19290e8e23dac0a87ead63978f6f63aa630101893213c838217390ab183731cbb303fa451590f633b2ac094f3bee") mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) capget$auto(0x0, 0xfffffffffffffffe) 1.813243945s ago: executing program 2 (id=4109): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) ioctl$auto_IOCTL_VMCI_INIT_CONTEXT(0xffffffffffffffff, 0x7a0, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) socket(0xa, 0x5, 0x0) open(0x0, 0x261c2, 0x89) r0 = socket(0x5, 0x2, 0x88) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'bond0\x00'}) ioctl$auto_MEMWRITEOOB(0xffffffffffffffff, 0xc0104d03, &(0x7f0000000280)={0x3ff, 0x7, &(0x7f0000000180)='/dev/urandom\x00'}) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0xa, 0x801, 0x84) r1 = openat$auto_urandom_fops_random(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$auto_RNDADDTOENTCNT2(r1, 0x40045201, &(0x7f0000000080)=0x3) writev$auto(0xffffffffffffffff, 0x0, 0x61b3) r2 = socketcall$auto(0xffe, 0x0) close_range$auto(0x2, 0x8, 0x0) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0) mmap$auto(0x0, 0xe9f, 0x4000000000df, 0xeb1, 0x401, 0x8000) io_uring_setup$auto(0x6, 0x0) ioctl$auto(0x3, 0xae60, 0x10000000000402) ioctl$auto(0x3, 0x4008ae6a, r2) write$auto(0xffffffffffffffff, 0x0, 0x2) r4 = io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0xe97f, 0xe0, 0xeb1, r4, 0x8000) futex_waitv$auto(&(0x7f0000000300)={0x0, 0x4, 0x2}, 0x1, 0x0, &(0x7f0000000340)={0x225c17d03, 0x800006}, 0x0) syz_genetlink_get_family_id$auto_macsec(0x0, 0xffffffffffffffff) close_range$auto(0x2, 0x8, 0x0) 1.525863619s ago: executing program 0 (id=4110): openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x82, 0x0) close_range$auto(0x2, 0x8, 0x0) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x181400, 0x0) pread64$auto(r1, 0x0, 0x7, 0xd3f3) write$auto(r0, 0x0, 0x80000000) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x581402, 0x0) r2 = openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, 0x0, 0xc0402, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'bond_slave_0\x00'}) ioctl$auto_posix_clock_file_operations_posix_clock(r2, 0xc0403d11, 0x0) prctl$auto(0x3e, 0x4, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x5, 0x3, 0x14, r2, 0x8000) madvise$auto(0x0, 0x200007, 0x1d) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r3, &(0x7f00000003c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4G\x0f\xed\xc0D\xd6\xaf%\xa5\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xccT\fZq', 0x100000a3da) r4 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace$auto(0x10, r4, 0x4, 0x7ff) close_range$auto(0x0, 0xffffffffffffffff, 0x2) socket(0x11, 0x80003, 0x300) socket(0x29, 0x5, 0x0) open(&(0x7f0000000040)='./cgroup\x00', 0x80, 0xb5d1af1605322de0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda1\x00', 0x0, 0x0) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) close_range$auto(0x2, 0x8, 0x0) 1.338611866s ago: executing program 3 (id=4111): mmap$auto(0x0, 0x4, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) msgctl$auto_IPC_INFO(0x8, 0x3, 0x0) ioctl$auto(0xffffffffffffffff, 0x560a, 0x7) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NL80211_CMD_RELOAD_REGDB(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16, @ANYBLOB="0508"], 0x28}, 0x1, 0x0, 0x0, 0x4004044}, 0x8000) mmap$auto(0x0, 0x2020009, 0x7, 0xeb1, 0xfffffffffffffffa, 0x8000) recvmmsg$auto(r0, &(0x7f0000000180)={{0x0, 0x5, 0x0, 0x0, 0x0, 0x2, 0x6}, 0x803}, 0x10a, 0x6, 0x0) close_range$auto(0x2, 0x8, 0x0) userfaultfd$auto(0x1) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video1\x00', 0xc0400, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, 0x0, 0x189400, 0x0) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r2) ioctl$auto_KVM_GET_MSRS(r1, 0x4138ae84, &(0x7f0000000140)={0x7}) 1.296191938s ago: executing program 2 (id=4112): r0 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000040), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r1, &(0x7f0000004240)={0x0, 0x0, &(0x7f0000004200)={&(0x7f0000000140)={0x14, r0, 0x1, 0x70bd25, 0x25dfdbfe, {0x4, 0x0, 0x30}}, 0x14}, 0x1, 0x0, 0x0, 0x40c8}, 0x4048000) 259.38323ms ago: executing program 3 (id=4113): mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) r0 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) ioctl$auto_BTRFS_IOC_SCRUB_PROGRESS(r0, 0xc400941d, &(0x7f0000000500)={0x40a, 0x3, 0x3ac, 0x8, {0x1, 0x4, 0xb, 0x3, 0x8, 0x4, 0x9, 0x2, 0xe, 0xa5, 0x1, 0x4, 0x0, 0xf, 0xff}}) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, 0x0, 0x802, 0x0) write$auto(0x3, 0x0, 0xfffffdef) keyctl$auto(0x1d, 0xffffffffffffffff, 0x8, 0x5, 0x8) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB, @ANYRES16, @ANYBLOB="1b0026bd2503000000"], 0x14}, 0x1, 0x0, 0x0, 0x4004040}, 0xc800) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0x2, 0x1, 0x0) mmap$auto(0x0, 0xa00006, 0x400002, 0x40ebe, 0xffffffffffffffff, 0x300000000000) io_uring_setup$auto(0x5, 0x0) close_range$auto(0x2, 0xa, 0x0) openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000200), 0x400, 0x3f) sendmsg$auto_ETHTOOL_MSG_PSE_SET(0xffffffffffffffff, 0x0, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/tty17\x00', 0x165981, 0x0) socket(0x28, 0x5, 0x0) setsockopt$auto(0x400000000000003, 0x28, 0xa, 0x0, 0x56d) write$auto(0xffffffffffffffff, &(0x7f0000000200)='/de\xef\xe7audio1\x00', 0xa3d9) 258.437227ms ago: executing program 2 (id=4121): r0 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0xc0002, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, 0x0, 0x2, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0x9000000eb1, 0xfffffffffffffffa, 0x8000) getrlimit$auto(0x3, 0x0) r1 = openat$auto_snd_pcm_f_ops_pcm1(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/pcmC0D0c\x00', 0x28000, 0x0) mmap$auto(0x0, 0x40009, 0x0, 0x9b72, 0x7, 0x28000) mprotect$auto(0x0, 0x806121, 0x6) ioctl$auto___SNDRV_PCM_IOCTL_SYNC_PTR322(r1, 0xc0844123, 0x0) ioctl$auto_BLKZEROOUT(0xffffffffffffffff, 0x127f, 0x0) r2 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, 0x0, 0x20342, 0x0) ioctl$auto_SNDCTL_DSP_SPEED(r2, 0xc0045002, 0x0) ioctl$auto_BLKFLSBUF(0xffffffffffffffff, 0x1261, 0x0) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x40009, 0xe2, 0x9b72, 0x7, 0x28000) openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, &(0x7f00000011c0), 0xa2741, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/vtconsole/vtcon1/bind\x00', 0x182b02, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) r3 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda1\x00', 0xe6e43, 0x0) ioctl$auto_BLKFLSBUF(r3, 0x1261, 0x0) lseek$auto(0x3, 0xffffffffff800002, 0x10) ioctl$auto_BLKFLSBUF(r3, 0x1261, 0x0) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x9}, 0x8) write$auto(r0, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x84) symlink$auto(&(0x7f0000000000)='./file0/../file0\x00', &(0x7f0000000440)='./file0\x00') mount$auto(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x200, 0x0) 0s ago: executing program 1 (id=4114): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/pci0000:00/0000:00:03.0/resource1\x00', 0x0, 0x0) mmap$auto(0x0, 0x9, 0xffb, 0x1000012, 0x3, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0x8000000000000000, 0x15) pwrite64$auto(0xffffffffffffffff, 0x0, 0xb, 0x8000) sysfs$auto(0x2, 0xa, 0x0) r0 = fsopen$auto(0x0, 0x1) fsconfig$auto(r0, 0x8, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x20009, 0x20004000000000df, 0xeb1, 0xffffffffffffffff, 0x8000) openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/fb1\x00', 0x519142, 0x0) mmap$auto(0x0, 0x20009, 0x9, 0xeb5, r0, 0x2008000) setrlimit$auto(0x7, 0x0) unshare$auto(0x40000080) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r1 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000001940), 0x101000, 0x0) socket(0x2, 0x801, 0x100) connect$auto(0x3, 0x0, 0x400051) setsockopt$auto(0xffffffffffffffff, 0x1, 0x1, &(0x7f0000000000)='\x98\x00', 0xb559) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/module/vivid/parameters/n_devs\x00', 0x1e1202, 0x0) mmap$auto(0x0, 0x4, 0x3, 0x9000000eb1, 0xfffffffffffffffa, 0x20000007fff) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) openat$auto_lowpan_enable_fops_(0xffffffffffffff9c, 0x0, 0x109500, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) sysfs$auto(0x2, 0x14, 0x0) fsconfig$auto(r1, 0xc7f, 0x0, 0x0, 0x0) write$auto(0xffffffffffffffff, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x68e00, 0x0) openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x101001, 0x0) kernel console output (not intermixed with test programs): PID: 23495 Comm: syz.1.3381 Not tainted syzkaller #0 PREEMPT(full) [ 1391.199520][T23495] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1391.199542][T23495] Call Trace: [ 1391.199562][T23495] [ 1391.199576][T23495] dump_stack_lvl+0x100/0x190 [ 1391.199635][T23495] should_fail_ex.cold+0x5/0xa [ 1391.199676][T23495] should_failslab+0xc2/0x120 [ 1391.199713][T23495] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1391.199762][T23495] ? syslog_print_all+0xed/0x3f0 [ 1391.199819][T23495] syslog_print_all+0xed/0x3f0 [ 1391.199864][T23495] ? futex_wait+0x125/0x380 [ 1391.199921][T23495] ? __pfx_syslog_print_all+0x10/0x10 [ 1391.199989][T23495] ? bpf_lsm_capable+0x9/0x10 [ 1391.200027][T23495] ? security_capable+0x80/0x260 [ 1391.200088][T23495] do_syslog+0x350/0x6d0 [ 1391.200127][T23495] ? __pfx_do_syslog+0x10/0x10 [ 1391.200183][T23495] __x64_sys_syslog+0x74/0xb0 [ 1391.200220][T23495] ? lockdep_hardirqs_on+0x78/0x100 [ 1391.200256][T23495] do_syscall_64+0x106/0xf80 [ 1391.200290][T23495] ? clear_bhb_loop+0x40/0x90 [ 1391.200321][T23495] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1391.200347][T23495] RIP: 0033:0x7f07ceb9c799 [ 1391.200367][T23495] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1391.200392][T23495] RSP: 002b:00007f07cf982028 EFLAGS: 00000246 ORIG_RAX: 0000000000000067 [ 1391.200416][T23495] RAX: ffffffffffffffda RBX: 00007f07cee16090 RCX: 00007f07ceb9c799 [ 1391.200433][T23495] RDX: 00000000000000f4 RSI: 0000200000000040 RDI: 0000000000000004 [ 1391.200449][T23495] RBP: 00007f07cec32c99 R08: 0000000000000000 R09: 0000000000000000 [ 1391.200465][T23495] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1391.200481][T23495] R13: 00007f07cee16128 R14: 00007f07cee16090 R15: 00007ffcfbb82758 [ 1391.200512][T23495] [ 1392.050142][T23519] FAULT_INJECTION: forcing a failure. [ 1392.050142][T23519] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1392.170844][T23519] CPU: 1 UID: 0 PID: 23519 Comm: syz.1.3384 Not tainted syzkaller #0 PREEMPT(full) [ 1392.170899][T23519] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1392.170920][T23519] Call Trace: [ 1392.170931][T23519] [ 1392.170944][T23519] dump_stack_lvl+0x100/0x190 [ 1392.170999][T23519] should_fail_ex.cold+0x5/0xa [ 1392.171040][T23519] _copy_from_user+0x2e/0xd0 [ 1392.171081][T23519] copy_msghdr_from_user+0x9f/0x4f0 [ 1392.171121][T23519] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 1392.171164][T23519] ? rcu_is_watching+0x12/0xc0 [ 1392.171215][T23519] ? ___sys_recvmsg+0x177/0x1a0 [ 1392.171249][T23519] ? kfree+0x2ec/0x6b0 [ 1392.171298][T23519] ___sys_recvmsg+0xdd/0x1a0 [ 1392.171335][T23519] ? __pfx____sys_recvmsg+0x10/0x10 [ 1392.171396][T23519] ? __pfx___might_resched+0x10/0x10 [ 1392.171455][T23519] do_recvmmsg+0x301/0x760 [ 1392.171498][T23519] ? __pfx_do_recvmmsg+0x10/0x10 [ 1392.171532][T23519] ? ksys_write+0x190/0x250 [ 1392.171562][T23519] ? ksys_write+0x190/0x250 [ 1392.171600][T23519] ? __mutex_unlock_slowpath+0x15c/0x790 [ 1392.171676][T23519] ? __fget_files+0x21f/0x3d0 [ 1392.171716][T23519] __x64_sys_recvmmsg+0x22a/0x280 [ 1392.171767][T23519] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 1392.171828][T23519] do_syscall_64+0x106/0xf80 [ 1392.171878][T23519] ? clear_bhb_loop+0x40/0x90 [ 1392.171937][T23519] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1392.171972][T23519] RIP: 0033:0x7f07ceb9c799 [ 1392.171999][T23519] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1392.172034][T23519] RSP: 002b:00007f07ccdf6028 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1392.172066][T23519] RAX: ffffffffffffffda RBX: 00007f07cee16180 RCX: 00007f07ceb9c799 [ 1392.172089][T23519] RDX: 0000000000010000 RSI: 0000000000000000 RDI: 0000000000000003 [ 1392.172111][T23519] RBP: 00007f07ccdf6090 R08: 0000000000000000 R09: 0000000000000000 [ 1392.172132][T23519] R10: 0000000000000006 R11: 0000000000000246 R12: 0000000000000002 [ 1392.172153][T23519] R13: 00007f07cee16218 R14: 00007f07cee16180 R15: 00007ffcfbb82758 [ 1392.172198][T23519] [ 1392.820125][T13870] Bluetooth: hci0: command 0x041b tx timeout [ 1392.826942][T13870] Bluetooth: hci4: command 0x040f tx timeout [ 1392.833112][T13870] Bluetooth: hci2: command 0x040f tx timeout [ 1392.839257][T13870] Bluetooth: hci1: command 0x041b tx timeout [ 1394.935313][T23555] FAULT_INJECTION: forcing a failure. [ 1394.935313][T23555] name fail_futex, interval 1, probability 0, space 0, times 0 [ 1395.128921][T23555] CPU: 1 UID: 0 PID: 23555 Comm: syz.0.3389 Not tainted syzkaller #0 PREEMPT(full) [ 1395.128968][T23555] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1395.128990][T23555] Call Trace: [ 1395.129003][T23555] [ 1395.129024][T23555] dump_stack_lvl+0x100/0x190 [ 1395.129104][T23555] should_fail_ex.cold+0x5/0xa [ 1395.129149][T23555] get_futex_key+0x1d2/0x1620 [ 1395.129226][T23555] ? __pfx_get_futex_key+0x10/0x10 [ 1395.129266][T23555] ? futex_hash+0x2c5/0x380 [ 1395.129322][T23555] futex_wake+0xea/0x530 [ 1395.129377][T23555] ? __pfx_futex_wait+0x10/0x10 [ 1395.129432][T23555] ? __pfx_futex_wake+0x10/0x10 [ 1395.129492][T23555] ? __lock_acquire+0x4a5/0x2630 [ 1395.129548][T23555] do_futex+0x32b/0x350 [ 1395.129594][T23555] ? __pfx_do_futex+0x10/0x10 [ 1395.129643][T23555] ? find_held_lock+0x2b/0x80 [ 1395.129682][T23555] __x64_sys_futex+0x34f/0x4d0 [ 1395.129733][T23555] ? __fget_files+0x21f/0x3d0 [ 1395.129766][T23555] ? __pfx___x64_sys_futex+0x10/0x10 [ 1395.129830][T23555] do_syscall_64+0x106/0xf80 [ 1395.129881][T23555] ? clear_bhb_loop+0x40/0x90 [ 1395.129926][T23555] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1395.129964][T23555] RIP: 0033:0x7f310cb9c799 [ 1395.129994][T23555] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1395.130031][T23555] RSP: 002b:00007f310daee0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1395.130065][T23555] RAX: ffffffffffffffda RBX: 00007f310ce16188 RCX: 00007f310cb9c799 [ 1395.130089][T23555] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f310ce1618c [ 1395.130111][T23555] RBP: 00007f310ce16180 R08: 0000000000000000 R09: 0000000000000000 [ 1395.130133][T23555] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000 [ 1395.130156][T23555] R13: 00007f310ce16218 R14: 00007ffd27fd6170 R15: 00007ffd27fd6258 [ 1395.130211][T23555] [ 1395.905901][T23573] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1395.913112][T23573] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1395.920286][T23573] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1395.927253][T23573] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1397.871251][T23621] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1397.887904][T23621] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1397.894888][T23621] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1397.903531][T23621] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1399.750238][T23665] FAULT_INJECTION: forcing a failure. [ 1399.750238][T23665] name fail_futex, interval 1, probability 0, space 0, times 0 [ 1399.901590][T23665] CPU: 0 UID: 0 PID: 23665 Comm: syz.2.3421 Not tainted syzkaller #0 PREEMPT(full) [ 1399.901639][T23665] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1399.901662][T23665] Call Trace: [ 1399.901675][T23665] [ 1399.901689][T23665] dump_stack_lvl+0x100/0x190 [ 1399.901749][T23665] should_fail_ex.cold+0x5/0xa [ 1399.901792][T23665] get_futex_key+0x1d2/0x1620 [ 1399.901848][T23665] ? __pfx_get_futex_key+0x10/0x10 [ 1399.901893][T23665] ? rcu_is_watching+0x12/0xc0 [ 1399.901947][T23665] ? finish_task_switch.isra.0+0x205/0xb80 [ 1399.901987][T23665] ? lockdep_hardirqs_on+0x78/0x100 [ 1399.902041][T23665] futex_wake+0xea/0x530 [ 1399.902093][T23665] ? __pfx_futex_wait+0x10/0x10 [ 1399.902145][T23665] ? __schedule+0x1000/0x6120 [ 1399.902189][T23665] ? __pfx_futex_wake+0x10/0x10 [ 1399.902262][T23665] do_futex+0x32b/0x350 [ 1399.902309][T23665] ? __pfx_do_futex+0x10/0x10 [ 1399.902353][T23665] ? __pfx_do_sys_openat2+0x10/0x10 [ 1399.902411][T23665] __x64_sys_futex+0x34f/0x4d0 [ 1399.902458][T23665] ? __x64_sys_openat+0x12d/0x210 [ 1399.902505][T23665] ? __pfx___x64_sys_futex+0x10/0x10 [ 1399.902574][T23665] do_syscall_64+0x106/0xf80 [ 1399.902622][T23665] ? clear_bhb_loop+0x40/0x90 [ 1399.902667][T23665] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1399.902703][T23665] RIP: 0033:0x7f6ea2b9c799 [ 1399.902734][T23665] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1399.902769][T23665] RSP: 002b:00007f6ea3b190e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1399.902802][T23665] RAX: ffffffffffffffda RBX: 00007f6ea2e16098 RCX: 00007f6ea2b9c799 [ 1399.902826][T23665] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f6ea2e1609c [ 1399.902855][T23665] RBP: 00007f6ea2e16090 R08: 0000000000000000 R09: 0000000000000000 [ 1399.902878][T23665] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000 [ 1399.902900][T23665] R13: 00007f6ea2e16128 R14: 00007ffe1004db30 R15: 00007ffe1004dc18 [ 1399.902946][T23665] [ 1400.141353][T13893] Bluetooth: hci2: command 0x040f tx timeout [ 1400.147581][T13893] Bluetooth: hci1: command 0x041b tx timeout [ 1400.156153][T13893] Bluetooth: hci0: command 0x041b tx timeout [ 1400.162308][T13893] Bluetooth: hci4: command 0x040f tx timeout [ 1401.659439][T23695] syz.0.3430: vmalloc error: size 18446744073709551615, exceeds total pages, mode:0xcc0(GFP_KERNEL), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 1401.659639][T23695] CPU: 0 UID: 0 PID: 23695 Comm: syz.0.3430 Not tainted syzkaller #0 PREEMPT(full) [ 1401.659669][T23695] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1401.659684][T23695] Call Trace: [ 1401.659692][T23695] [ 1401.659702][T23695] dump_stack_lvl+0x100/0x190 [ 1401.659745][T23695] warn_alloc.cold+0x95/0x1c1 [ 1401.659789][T23695] ? __pfx_warn_alloc+0x10/0x10 [ 1401.659860][T23695] ? __lock_acquire+0x4a5/0x2630 [ 1401.659923][T23695] __vmalloc_node_range_noprof+0x1252/0x1530 [ 1401.659959][T23695] ? rcu_is_watching+0x12/0xc0 [ 1401.659998][T23695] ? trace_contention_end+0x140/0x180 [ 1401.660035][T23695] ? dvb_dvr_do_ioctl+0x15d/0x270 [ 1401.660122][T23695] ? dvb_dvr_do_ioctl+0x7e/0x270 [ 1401.660144][T23695] ? tomoyo_path_number_perm+0x28f/0x580 [ 1401.660173][T23695] ? tomoyo_path_number_perm+0x28f/0x580 [ 1401.660203][T23695] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 1401.660236][T23695] ? __pfx___mutex_lock+0x10/0x10 [ 1401.660292][T23695] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1401.660318][T23695] ? futex_wait+0x125/0x380 [ 1401.660360][T23695] ? dvb_dvr_do_ioctl+0x15d/0x270 [ 1401.660400][T23695] __vmalloc_node_noprof+0xad/0xf0 [ 1401.660432][T23695] ? dvb_dvr_do_ioctl+0x15d/0x270 [ 1401.660460][T23695] dvb_dvr_do_ioctl+0x15d/0x270 [ 1401.660489][T23695] dvb_usercopy+0x167/0x340 [ 1401.660549][T23695] ? __pfx_dvb_dvr_do_ioctl+0x10/0x10 [ 1401.660584][T23695] ? __pfx_dvb_usercopy+0x10/0x10 [ 1401.660637][T23695] ? __fget_files+0x21f/0x3d0 [ 1401.660666][T23695] dvb_dvr_ioctl+0x29/0x40 [ 1401.660688][T23695] ? __pfx_dvb_dvr_ioctl+0x10/0x10 [ 1401.660713][T23695] __x64_sys_ioctl+0x18e/0x210 [ 1401.660752][T23695] do_syscall_64+0x106/0xf80 [ 1401.660788][T23695] ? clear_bhb_loop+0x40/0x90 [ 1401.660819][T23695] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1401.660845][T23695] RIP: 0033:0x7f310cb9c799 [ 1401.660866][T23695] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1401.660890][T23695] RSP: 002b:00007f310db30028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1401.660914][T23695] RAX: ffffffffffffffda RBX: 00007f310ce15fa0 RCX: 00007f310cb9c799 [ 1401.660931][T23695] RDX: ffffffffffffffff RSI: 0000000000006f2d RDI: 0000000000000004 [ 1401.660947][T23695] RBP: 00007f310cc32c99 R08: 0000000000000000 R09: 0000000000000000 [ 1401.660963][T23695] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1401.660979][T23695] R13: 00007f310ce16038 R14: 00007f310ce15fa0 R15: 00007ffd27fd6258 [ 1401.661011][T23695] [ 1401.686708][T23695] Mem-Info: [ 1401.686725][T23695] active_anon:20417 inactive_anon:586 isolated_anon:0 [ 1401.686725][T23695] active_file:9476 inactive_file:59521 isolated_file:0 [ 1401.686725][T23695] unevictable:768 dirty:2187 writeback:0 [ 1401.686725][T23695] slab_reclaimable:12513 slab_unreclaimable:94713 [ 1401.686725][T23695] mapped:27959 shmem:3269 pagetables:1368 [ 1401.686725][T23695] sec_pagetables:0 bounce:0 [ 1401.686725][T23695] kernel_misc_reclaimable:0 [ 1401.686725][T23695] free:1294879 free_pcp:8600 free_cma:0 [ 1401.686794][T23695] Node 0 active_anon:81668kB inactive_anon:2344kB active_file:37904kB inactive_file:237904kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:111796kB dirty:8740kB writeback:0kB shmem:11540kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:36864kB kernel_stack:12512kB pagetables:5324kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 1401.686862][T23695] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:180kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:40kB dirty:8kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:32kB pagetables:148kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 1401.686925][T23695] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1401.686999][T23695] lowmem_reserve[]: 0 2477 2478 2478 2478 [ 1401.687046][T23695] Node 0 DMA32 free:1225920kB boost:0kB min:34304kB low:42880kB high:51456kB reserved_highatomic:0KB free_highatomic:0KB active_anon:81668kB inactive_anon:2344kB active_file:37904kB inactive_file:237904kB unevictable:1536kB writepending:8740kB zspages:0kB present:3129332kB managed:2537384kB mlocked:0kB bounce:0kB free_pcp:34384kB local_pcp:18316kB free_cma:0kB [ 1401.687127][T23695] lowmem_reserve[]: 0 0 1 1 1 [ 1401.687172][T23695] Node 0 Normal free:0kB boost:0kB min:12kB low:12kB high:12kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:1060kB mlocked:0kB bounce:0kB free_pcp:16kB local_pcp:12kB free_cma:0kB [ 1401.687245][T23695] lowmem_reserve[]: 0 0 0 0 0 [ 1401.687291][T23695] Node 1 Normal free:3938236kB boost:0kB min:55580kB low:69472kB high:83364kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:180kB unevictable:1536kB writepending:8kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1401.687366][T23695] lowmem_reserve[]: 0 0 0 0 0 [ 1401.687411][T23695] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 1401.687592][T23695] Node 0 DMA32: 3836*4kB (UME) 5945*8kB (UME) 4515*16kB (UM) 1810*32kB (UME) 1699*64kB (UME) 1007*128kB (UME) 768*256kB (UME) 399*512kB (UME) 285*1024kB (UME) 14*2048kB (UME) 18*4096kB (M) = 1225832kB [ 1401.687805][T23695] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1401.687933][T23695] Node 1 Normal: 5*4kB (UM) 5*8kB (U) 6*16kB (UM) 11*32kB (U) 7*64kB (UM) 4*128kB (UM) 4*256kB (UM) 3*512kB (UM) 2*1024kB (UM) 4*2048kB (UM) 958*4096kB (M) = 3938236kB [ 1401.688143][T23695] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1401.688193][T23695] Node 0 hugepages_total=3 hugepages_free=3 hugepages_surp=0 hugepages_size=2048kB [ 1401.688223][T23695] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1401.688309][T23695] Node 1 hugepages_total=1 hugepages_free=1 hugepages_surp=0 hugepages_size=2048kB [ 1401.688339][T23695] 72264 total pagecache pages [ 1401.688355][T23695] 2 pages in swap cache [ 1401.688369][T23695] Free swap = 124988kB [ 1401.688382][T23695] Total swap = 124996kB [ 1401.688395][T23695] 2097051 pages RAM [ 1401.688407][T23695] 0 pages HighMem/MovableOnly [ 1401.688420][T23695] 430825 pages reserved [ 1401.688434][T23695] 0 pages cma reserved [ 1402.177463][T23703] usb usb37: usbfs: process 23703 (syz.3.3433) did not claim interface 0 before use [ 1403.036763][T23714] FAULT_INJECTION: forcing a failure. [ 1403.036763][T23714] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1403.036800][T23714] CPU: 0 UID: 0 PID: 23714 Comm: syz.0.3435 Not tainted syzkaller #0 PREEMPT(full) [ 1403.036858][T23714] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1403.036878][T23714] Call Trace: [ 1403.036889][T23714] [ 1403.036902][T23714] dump_stack_lvl+0x100/0x190 [ 1403.036956][T23714] should_fail_ex.cold+0x5/0xa [ 1403.036985][T23714] _copy_from_user+0x2e/0xd0 [ 1403.037014][T23714] copy_msghdr_from_user+0x9f/0x4f0 [ 1403.037043][T23714] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 1403.037074][T23714] ? rcu_is_watching+0x12/0xc0 [ 1403.037110][T23714] ? ___sys_recvmsg+0x177/0x1a0 [ 1403.037134][T23714] ? kfree+0x2ec/0x6b0 [ 1403.037170][T23714] ___sys_recvmsg+0xdd/0x1a0 [ 1403.037197][T23714] ? __pfx____sys_recvmsg+0x10/0x10 [ 1403.037244][T23714] ? __pfx___might_resched+0x10/0x10 [ 1403.037285][T23714] do_recvmmsg+0x301/0x760 [ 1403.037315][T23714] ? __pfx_do_recvmmsg+0x10/0x10 [ 1403.037339][T23714] ? ksys_write+0x190/0x250 [ 1403.037359][T23714] ? ksys_write+0x190/0x250 [ 1403.037385][T23714] ? __mutex_unlock_slowpath+0x15c/0x790 [ 1403.037438][T23714] ? __fget_files+0x21f/0x3d0 [ 1403.037468][T23714] __x64_sys_recvmmsg+0x22a/0x280 [ 1403.037505][T23714] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 1403.037550][T23714] do_syscall_64+0x106/0xf80 [ 1403.037583][T23714] ? clear_bhb_loop+0x40/0x90 [ 1403.037613][T23714] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1403.037638][T23714] RIP: 0033:0x7f310cb9c799 [ 1403.037657][T23714] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1403.037680][T23714] RSP: 002b:00007f310db0f028 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1403.037702][T23714] RAX: ffffffffffffffda RBX: 00007f310ce16090 RCX: 00007f310cb9c799 [ 1403.037719][T23714] RDX: 0000000000010000 RSI: 0000000000000000 RDI: 0000000000000003 [ 1403.037733][T23714] RBP: 00007f310db0f090 R08: 0000000000000000 R09: 0000000000000000 [ 1403.037748][T23714] R10: 0000000000000006 R11: 0000000000000246 R12: 0000000000000002 [ 1403.037762][T23714] R13: 00007f310ce16128 R14: 00007f310ce16090 R15: 00007ffd27fd6258 [ 1403.037793][T23714] [ 1403.216186][T23717] FAULT_INJECTION: forcing a failure. [ 1403.216186][T23717] name fail_futex, interval 1, probability 0, space 0, times 0 [ 1403.216228][T23717] CPU: 1 UID: 0 PID: 23717 Comm: syz.3.3436 Not tainted syzkaller #0 PREEMPT(full) [ 1403.216259][T23717] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1403.216274][T23717] Call Trace: [ 1403.216283][T23717] [ 1403.216293][T23717] dump_stack_lvl+0x100/0x190 [ 1403.216336][T23717] should_fail_ex.cold+0x5/0xa [ 1403.216366][T23717] get_futex_key+0x1d2/0x1620 [ 1403.216401][T23717] ? __pfx_get_futex_key+0x10/0x10 [ 1403.216441][T23717] futex_wait_setup+0x83/0x510 [ 1403.216488][T23717] __futex_wait+0x19f/0x300 [ 1403.216530][T23717] ? __pfx___futex_wait+0x10/0x10 [ 1403.216569][T23717] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 1403.216603][T23717] ? lockdep_hardirqs_on+0x78/0x100 [ 1403.216642][T23717] ? __pfx_futex_wake_mark+0x10/0x10 [ 1403.216685][T23717] ? futex_hash+0x2c5/0x380 [ 1403.216723][T23717] futex_wait+0xed/0x380 [ 1403.216762][T23717] ? __pfx_futex_wait+0x10/0x10 [ 1403.216808][T23717] ? user_get_super+0xa6/0x1b0 [ 1403.216848][T23717] ? user_get_super+0xa6/0x1b0 [ 1403.216893][T23717] do_futex+0x1ef/0x350 [ 1403.216926][T23717] ? __pfx_do_futex+0x10/0x10 [ 1403.216965][T23717] ? __pfx_do_sys_openat2+0x10/0x10 [ 1403.217006][T23717] __x64_sys_futex+0x34f/0x4d0 [ 1403.217040][T23717] ? __x64_sys_openat+0x12d/0x210 [ 1403.217075][T23717] ? __pfx___x64_sys_futex+0x10/0x10 [ 1403.217120][T23717] do_syscall_64+0x106/0xf80 [ 1403.217156][T23717] ? clear_bhb_loop+0x40/0x90 [ 1403.217186][T23717] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1403.217213][T23717] RIP: 0033:0x7f3da1d9c799 [ 1403.217233][T23717] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1403.217258][T23717] RSP: 002b:00007f3da2d1a0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1403.217282][T23717] RAX: ffffffffffffffda RBX: 00007f3da2016098 RCX: 00007f3da1d9c799 [ 1403.217299][T23717] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f3da2016098 [ 1403.217315][T23717] RBP: 00007f3da2016090 R08: 0000000000000000 R09: 0000000000000000 [ 1403.217331][T23717] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1403.217346][T23717] R13: 00007f3da2016128 R14: 00007ffcbbfeec20 R15: 00007ffcbbfeed08 [ 1403.217378][T23717] [ 1406.289349][T23743] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1406.423801][T23743] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1406.547892][T23743] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1406.561181][T23743] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1407.417452][T23758] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1407.513397][T23758] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1407.531907][T23758] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1407.555646][T23758] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1408.955030][T23778] can: request_module (can-proto-3) failed. [ 1409.470252][T13870] Bluetooth: hci4: command 0x040f tx timeout [ 1409.549567][T13870] Bluetooth: hci1: command 0x041b tx timeout [ 1409.555611][T13870] Bluetooth: hci0: command 0x041b tx timeout [ 1409.629404][T13870] Bluetooth: hci2: command 0x040f tx timeout [ 1411.161229][T23810] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1411.167702][T23810] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1411.420035][T23810] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1411.428624][T23810] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1411.959358][T23831] FAULT_INJECTION: forcing a failure. [ 1411.959358][T23831] name fail_futex, interval 1, probability 0, space 0, times 0 [ 1411.997431][T23831] CPU: 0 UID: 0 PID: 23831 Comm: syz.2.3464 Not tainted syzkaller #0 PREEMPT(full) [ 1411.997478][T23831] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1411.997503][T23831] Call Trace: [ 1411.997515][T23831] [ 1411.997528][T23831] dump_stack_lvl+0x100/0x190 [ 1411.997602][T23831] should_fail_ex.cold+0x5/0xa [ 1411.997642][T23831] get_futex_key+0x1d2/0x1620 [ 1411.997689][T23831] ? __pfx_get_futex_key+0x10/0x10 [ 1411.997728][T23831] ? find_held_lock+0x2b/0x80 [ 1411.997760][T23831] ? futex_wake+0x456/0x530 [ 1411.997819][T23831] futex_wake+0xea/0x530 [ 1411.997870][T23831] ? __pfx_futex_wait+0x10/0x10 [ 1411.997922][T23831] ? __pfx_futex_wake+0x10/0x10 [ 1411.997977][T23831] ? user_get_super+0xa6/0x1b0 [ 1411.998029][T23831] ? user_get_super+0xa6/0x1b0 [ 1411.998088][T23831] do_futex+0x32b/0x350 [ 1411.998131][T23831] ? __pfx_do_futex+0x10/0x10 [ 1411.998172][T23831] ? __pfx_do_sys_openat2+0x10/0x10 [ 1411.998225][T23831] __x64_sys_futex+0x34f/0x4d0 [ 1411.998273][T23831] ? __x64_sys_openat+0x12d/0x210 [ 1411.998329][T23831] ? __pfx___x64_sys_futex+0x10/0x10 [ 1411.998389][T23831] do_syscall_64+0x106/0xf80 [ 1411.998440][T23831] ? clear_bhb_loop+0x40/0x90 [ 1411.998482][T23831] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1411.998519][T23831] RIP: 0033:0x7f6ea2b9c799 [ 1411.998554][T23831] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1411.998590][T23831] RSP: 002b:00007f6ea3b190e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1411.998623][T23831] RAX: ffffffffffffffda RBX: 00007f6ea2e16098 RCX: 00007f6ea2b9c799 [ 1411.998647][T23831] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f6ea2e1609c [ 1411.998670][T23831] RBP: 00007f6ea2e16090 R08: 0000000000000000 R09: 0000000000000000 [ 1411.998692][T23831] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000 [ 1411.998714][T23831] R13: 00007f6ea2e16128 R14: 00007ffe1004db30 R15: 00007ffe1004dc18 [ 1411.998759][T23831] [ 1412.833112][T23842] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1412.841197][T23842] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1412.851811][T23842] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1412.860225][T23842] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1414.922469][T13893] Bluetooth: hci2: command 0x040f tx timeout [ 1414.928554][T13893] Bluetooth: hci1: command 0x041b tx timeout [ 1414.934689][T13870] Bluetooth: hci0: command 0x041b tx timeout [ 1414.940809][T18966] Bluetooth: hci4: command 0x040f tx timeout [ 1422.087938][T23970] netlink: 29 bytes leftover after parsing attributes in process `syz.1.3503'. [ 1422.600529][T23979] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1422.606708][T23979] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1422.750954][T23979] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1422.920089][T23979] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1423.830737][T23988] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1423.837827][T23988] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1423.879844][T23988] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1423.920064][T23988] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1425.869341][T13893] Bluetooth: hci0: command 0x041b tx timeout [ 1425.875454][T13893] Bluetooth: hci4: command 0x040f tx timeout [ 1425.951139][T13893] Bluetooth: hci2: command 0x040f tx timeout [ 1425.958349][T13870] Bluetooth: hci1: command 0x041b tx timeout [ 1427.949452][T13893] Bluetooth: hci4: command 0x040f tx timeout [ 1427.978984][T24018] Bluetooth: hci4: Opcode 0x0c1a failed: -110 [ 1429.057060][T24018] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1429.057402][T24018] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1429.057681][T24018] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1430.029206][T13893] Bluetooth: hci0: command 0x041b tx timeout [ 1431.069241][T13893] Bluetooth: hci2: command 0x040f tx timeout [ 1431.076596][T13870] Bluetooth: hci1: command 0x041b tx timeout [ 1433.633105][T24115] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3541'. [ 1434.418785][T24132] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1434.425885][T24132] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1434.433759][T24132] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1434.440531][T24132] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1435.199891][T24146] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1435.206092][T24146] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1435.229595][T24146] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1435.239915][T24146] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1436.756088][T13870] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 1437.041120][T24159] FAULT_INJECTION: forcing a failure. [ 1437.041120][T24159] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1437.117707][T24159] CPU: 1 UID: 0 PID: 24159 Comm: syz.2.3549 Not tainted syzkaller #0 PREEMPT(full) [ 1437.117754][T24159] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1437.117777][T24159] Call Trace: [ 1437.117789][T24159] [ 1437.117803][T24159] dump_stack_lvl+0x100/0x190 [ 1437.117862][T24159] should_fail_ex.cold+0x5/0xa [ 1437.117903][T24159] _copy_from_user+0x2e/0xd0 [ 1437.117946][T24159] copy_msghdr_from_user+0x9f/0x4f0 [ 1437.117989][T24159] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 1437.118039][T24159] ? __pfx_futex_wake_mark+0x10/0x10 [ 1437.118102][T24159] ___sys_sendmsg+0x106/0x1e0 [ 1437.118145][T24159] ? __pfx____sys_sendmsg+0x10/0x10 [ 1437.118233][T24159] __sys_sendmsg+0x170/0x220 [ 1437.118286][T24159] ? __pfx___sys_sendmsg+0x10/0x10 [ 1437.118335][T24159] ? __x64_sys_futex+0x34f/0x4d0 [ 1437.118415][T24159] do_syscall_64+0x106/0xf80 [ 1437.118463][T24159] ? clear_bhb_loop+0x40/0x90 [ 1437.118512][T24159] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1437.118549][T24159] RIP: 0033:0x7f6ea2b9c799 [ 1437.118578][T24159] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1437.118613][T24159] RSP: 002b:00007f6ea3b19028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1437.118647][T24159] RAX: ffffffffffffffda RBX: 00007f6ea2e16090 RCX: 00007f6ea2b9c799 [ 1437.118669][T24159] RDX: 0000000000008000 RSI: 00002000000005c0 RDI: 0000000000000006 [ 1437.118690][T24159] RBP: 00007f6ea2c32c99 R08: 0000000000000000 R09: 0000000000000000 [ 1437.118710][T24159] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1437.118732][T24159] R13: 00007f6ea2e16128 R14: 00007f6ea2e16090 R15: 00007ffe1004dc18 [ 1437.118779][T24159] [ 1437.314813][T13870] Bluetooth: hci4: command 0x040f tx timeout [ 1437.324200][T13893] Bluetooth: hci2: command 0x040f tx timeout [ 1437.339247][T18966] Bluetooth: hci1: command 0x041b tx timeout [ 1437.345629][T18966] Bluetooth: hci0: command 0x041b tx timeout [ 1439.114258][T24182] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1439.121462][T24182] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1439.128734][T24182] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1439.136377][T24182] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1440.546656][T24200] bridge0: port 3(netdevsim1) entered blocking state [ 1440.583914][T24200] bridge0: port 3(netdevsim1) entered disabled state [ 1440.597281][T24200] netdevsim netdevsim1 netdevsim1: entered allmulticast mode [ 1440.652437][T24200] netdevsim netdevsim1 netdevsim1: entered promiscuous mode [ 1440.680961][T24200] bridge0: port 3(netdevsim1) entered blocking state [ 1440.687796][T24200] bridge0: port 3(netdevsim1) entered forwarding state [ 1441.061935][T24205] FAULT_INJECTION: forcing a failure. [ 1441.061935][T24205] name fail_futex, interval 1, probability 0, space 0, times 0 [ 1441.089904][T24205] CPU: 0 UID: 0 PID: 24205 Comm: syz.1.3560 Not tainted syzkaller #0 PREEMPT(full) [ 1441.089953][T24205] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1441.089977][T24205] Call Trace: [ 1441.089988][T24205] [ 1441.090002][T24205] dump_stack_lvl+0x100/0x190 [ 1441.090062][T24205] should_fail_ex.cold+0x5/0xa [ 1441.090102][T24205] get_futex_key+0x1d2/0x1620 [ 1441.090147][T24205] ? __pfx_get_futex_key+0x10/0x10 [ 1441.090184][T24205] ? futex_hash+0x2c5/0x380 [ 1441.090228][T24205] ? __lock_acquire+0x4a5/0x2630 [ 1441.090280][T24205] futex_wake+0xea/0x530 [ 1441.090335][T24205] ? __pfx_futex_wake+0x10/0x10 [ 1441.090394][T24205] ? __fget_files+0x215/0x3d0 [ 1441.090437][T24205] do_futex+0x32b/0x350 [ 1441.090483][T24205] ? __pfx_do_futex+0x10/0x10 [ 1441.090540][T24205] ? fdget+0x18b/0x210 [ 1441.090572][T24205] ? __sys_sendmsg+0x18f/0x220 [ 1441.090627][T24205] __x64_sys_futex+0x34f/0x4d0 [ 1441.090678][T24205] ? __pfx___x64_sys_futex+0x10/0x10 [ 1441.090740][T24205] do_syscall_64+0x106/0xf80 [ 1441.090788][T24205] ? clear_bhb_loop+0x40/0x90 [ 1441.090831][T24205] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1441.090867][T24205] RIP: 0033:0x7f07ceb9c799 [ 1441.090897][T24205] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1441.090931][T24205] RSP: 002b:00007f07cf9a30e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1441.090965][T24205] RAX: ffffffffffffffda RBX: 00007f07cee15fa8 RCX: 00007f07ceb9c799 [ 1441.090988][T24205] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f07cee15fac [ 1441.091009][T24205] RBP: 00007f07cee15fa0 R08: 0000000000000000 R09: 0000000000000000 [ 1441.091031][T24205] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000 [ 1441.091052][T24205] R13: 00007f07cee16038 R14: 00007ffcfbb82670 R15: 00007ffcfbb82758 [ 1441.091096][T24205] [ 1441.499489][T14470] Bluetooth: hci4: command 0x040f tx timeout [ 1441.505593][T14470] Bluetooth: hci2: command 0x040f tx timeout [ 1441.511718][T24162] Bluetooth: hci1: command 0x041b tx timeout [ 1441.517777][T24162] Bluetooth: hci0: command 0x041b tx timeout [ 1441.996974][T24223] aoe: can't write to that file. [ 1442.015895][T24223] aoe: can't write to that file. [ 1442.026746][T24214] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_rx_wq": -EINTR [ 1442.961381][T24209] Invalid ELF header magic: != ELF [ 1444.236601][T24245] bridge0: port 3(netdevsim1) entered blocking state [ 1444.300229][T24245] bridge0: port 3(netdevsim1) entered disabled state [ 1444.316158][T24245] netdevsim netdevsim0 netdevsim1: entered allmulticast mode [ 1444.356582][T24245] netdevsim netdevsim0 netdevsim1: entered promiscuous mode [ 1444.420035][T24245] bridge0: port 3(netdevsim1) entered blocking state [ 1444.426875][T24245] bridge0: port 3(netdevsim1) entered forwarding state [ 1446.630188][T24267] FAULT_INJECTION: forcing a failure. [ 1446.630188][T24267] name fail_futex, interval 1, probability 0, space 0, times 0 [ 1446.646227][T24267] CPU: 1 UID: 0 PID: 24267 Comm: syz.2.3573 Not tainted syzkaller #0 PREEMPT(full) [ 1446.646273][T24267] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1446.646295][T24267] Call Trace: [ 1446.646307][T24267] [ 1446.646321][T24267] dump_stack_lvl+0x100/0x190 [ 1446.646380][T24267] should_fail_ex.cold+0x5/0xa [ 1446.646421][T24267] get_futex_key+0x1d2/0x1620 [ 1446.646469][T24267] ? __pfx_get_futex_key+0x10/0x10 [ 1446.646535][T24267] futex_wait_setup+0x83/0x510 [ 1446.646596][T24267] __futex_wait+0x19f/0x300 [ 1446.646645][T24267] ? __pfx___futex_wait+0x10/0x10 [ 1446.646694][T24267] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 1446.646740][T24267] ? lockdep_hardirqs_on+0x78/0x100 [ 1446.646795][T24267] ? __pfx_futex_wake_mark+0x10/0x10 [ 1446.646854][T24267] ? futex_hash+0x2c5/0x380 [ 1446.646907][T24267] futex_wait+0xed/0x380 [ 1446.646960][T24267] ? __pfx_futex_wait+0x10/0x10 [ 1446.647024][T24267] ? __fget_files+0x215/0x3d0 [ 1446.647067][T24267] do_futex+0x1ef/0x350 [ 1446.647114][T24267] ? __pfx_do_futex+0x10/0x10 [ 1446.647160][T24267] ? fdget+0x18b/0x210 [ 1446.647193][T24267] ? __sys_sendmsg+0x18f/0x220 [ 1446.647247][T24267] __x64_sys_futex+0x34f/0x4d0 [ 1446.647298][T24267] ? __pfx___x64_sys_futex+0x10/0x10 [ 1446.647362][T24267] do_syscall_64+0x106/0xf80 [ 1446.647410][T24267] ? clear_bhb_loop+0x40/0x90 [ 1446.647454][T24267] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1446.647500][T24267] RIP: 0033:0x7f6ea2b9c799 [ 1446.647531][T24267] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1446.647567][T24267] RSP: 002b:00007f6ea3b3a0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1446.647601][T24267] RAX: ffffffffffffffda RBX: 00007f6ea2e15fa8 RCX: 00007f6ea2b9c799 [ 1446.647624][T24267] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f6ea2e15fa8 [ 1446.647646][T24267] RBP: 00007f6ea2e15fa0 R08: 0000000000000000 R09: 0000000000000000 [ 1446.647669][T24267] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1446.647690][T24267] R13: 00007f6ea2e16038 R14: 00007ffe1004db30 R15: 00007ffe1004dc18 [ 1446.647736][T24267] [ 1447.263791][T24273] warn_alloc: 1 callbacks suppressed [ 1447.263816][T24273] syz.2.3575: vmalloc error: size 18446744073709551615, exceeds total pages, mode:0xcc0(GFP_KERNEL), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 1447.485632][T24273] CPU: 1 UID: 0 PID: 24273 Comm: syz.2.3575 Not tainted syzkaller #0 PREEMPT(full) [ 1447.485685][T24273] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1447.485707][T24273] Call Trace: [ 1447.485720][T24273] [ 1447.485734][T24273] dump_stack_lvl+0x100/0x190 [ 1447.485794][T24273] warn_alloc.cold+0x95/0x1c1 [ 1447.485857][T24273] ? __pfx_warn_alloc+0x10/0x10 [ 1447.485915][T24273] ? __lock_acquire+0x4a5/0x2630 [ 1447.485986][T24273] __vmalloc_node_range_noprof+0x1252/0x1530 [ 1447.486037][T24273] ? rcu_is_watching+0x12/0xc0 [ 1447.486094][T24273] ? trace_contention_end+0x140/0x180 [ 1447.486147][T24273] ? dvb_dvr_do_ioctl+0x15d/0x270 [ 1447.486186][T24273] ? dvb_dvr_do_ioctl+0x7e/0x270 [ 1447.486218][T24273] ? tomoyo_path_number_perm+0x28f/0x580 [ 1447.486260][T24273] ? tomoyo_path_number_perm+0x28f/0x580 [ 1447.486310][T24273] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 1447.486360][T24273] ? __pfx___mutex_lock+0x10/0x10 [ 1447.486424][T24273] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1447.486465][T24273] ? futex_wait+0x125/0x380 [ 1447.486527][T24273] ? dvb_dvr_do_ioctl+0x15d/0x270 [ 1447.486570][T24273] __vmalloc_node_noprof+0xad/0xf0 [ 1447.486623][T24273] ? dvb_dvr_do_ioctl+0x15d/0x270 [ 1447.486671][T24273] dvb_dvr_do_ioctl+0x15d/0x270 [ 1447.486714][T24273] dvb_usercopy+0x167/0x340 [ 1447.486772][T24273] ? __pfx_dvb_dvr_do_ioctl+0x10/0x10 [ 1447.486810][T24273] ? __pfx_dvb_usercopy+0x10/0x10 [ 1447.486892][T24273] ? __fget_files+0x21f/0x3d0 [ 1447.486941][T24273] dvb_dvr_ioctl+0x29/0x40 [ 1447.486977][T24273] ? __pfx_dvb_dvr_ioctl+0x10/0x10 [ 1447.487012][T24273] __x64_sys_ioctl+0x18e/0x210 [ 1447.487069][T24273] do_syscall_64+0x106/0xf80 [ 1447.487118][T24273] ? clear_bhb_loop+0x40/0x90 [ 1447.487164][T24273] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1447.487202][T24273] RIP: 0033:0x7f6ea2b9c799 [ 1447.487241][T24273] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1447.487277][T24273] RSP: 002b:00007f6ea3b3a028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1447.487312][T24273] RAX: ffffffffffffffda RBX: 00007f6ea2e15fa0 RCX: 00007f6ea2b9c799 [ 1447.487342][T24273] RDX: ffffffffffffffff RSI: 0000000000006f2d RDI: 0000000000000003 [ 1447.487366][T24273] RBP: 00007f6ea2c32c99 R08: 0000000000000000 R09: 0000000000000000 [ 1447.487389][T24273] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1447.487412][T24273] R13: 00007f6ea2e16038 R14: 00007f6ea2e15fa0 R15: 00007ffe1004dc18 [ 1447.487461][T24273] [ 1447.499763][T24273] Mem-Info: [ 1447.759303][T24273] active_anon:21509 inactive_anon:586 isolated_anon:0 [ 1447.759303][T24273] active_file:12205 inactive_file:50817 isolated_file:0 [ 1447.759303][T24273] unevictable:768 dirty:178 writeback:0 [ 1447.759303][T24273] slab_reclaimable:12679 slab_unreclaimable:95186 [ 1447.759303][T24273] mapped:25931 shmem:3293 pagetables:1453 [ 1447.759303][T24273] sec_pagetables:0 bounce:0 [ 1447.759303][T24273] kernel_misc_reclaimable:0 [ 1447.759303][T24273] free:1300238 free_pcp:8025 free_cma:0 [ 1447.824921][T24273] Node 0 active_anon:88136kB inactive_anon:2344kB active_file:48820kB inactive_file:203088kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:103784kB dirty:712kB writeback:0kB shmem:11636kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:43008kB kernel_stack:12620kB pagetables:5664kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 1447.862347][T24273] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:180kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:40kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:32kB pagetables:148kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 1447.899902][T24273] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1447.942903][T24273] lowmem_reserve[]: 0 2477 2478 2478 2478 [ 1447.948851][T24273] Node 0 DMA32 free:1241536kB boost:0kB min:34304kB low:42880kB high:51456kB reserved_highatomic:0KB free_highatomic:0KB active_anon:88116kB inactive_anon:2344kB active_file:48820kB inactive_file:204300kB unevictable:1536kB writepending:912kB zspages:0kB present:3129332kB managed:2537384kB mlocked:0kB bounce:0kB free_pcp:30164kB local_pcp:12716kB free_cma:0kB [ 1448.032701][T24273] lowmem_reserve[]: 0 0 1 1 1 [ 1448.060777][T24273] Node 0 Normal free:0kB boost:0kB min:12kB low:12kB high:12kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:1060kB mlocked:0kB bounce:0kB free_pcp:16kB local_pcp:4kB free_cma:0kB [ 1448.205188][T24273] lowmem_reserve[]: 0 0 0 0 0 [ 1448.262451][T24273] Node 1 Normal free:3938236kB boost:0kB min:55580kB low:69472kB high:83364kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:180kB unevictable:1536kB writepending:0kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1448.819454][T24273] lowmem_reserve[]: 0 0 0 0 0 [ 1448.824328][T24273] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 1448.904683][T24273] Node 0 DMA32: 5442*4kB (UM) 5912*8kB (UME) 4066*16kB (UME) 1811*32kB (UME) 1770*64kB (UME) 1039*128kB (UME) 797*256kB (UME) 428*512kB (UME) 298*1024kB (UME) 12*2048kB (UE) 7*4096kB (M) = 1219912kB [ 1449.009978][T24273] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1449.050855][T24273] Node 1 Normal: 5*4kB (UM) 5*8kB (U) 6*16kB (UM) 11*32kB (U) 7*64kB (UM) 4*128kB (UM) 4*256kB (UM) 3*512kB (UM) 2*1024kB (UM) 4*2048kB (UM) 958*4096kB (M) = 3938236kB [ 1449.127191][T24273] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1449.201776][T24273] Node 0 hugepages_total=3 hugepages_free=3 hugepages_surp=0 hugepages_size=2048kB [ 1449.239321][T24273] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1449.248986][T24273] Node 1 hugepages_total=1 hugepages_free=1 hugepages_surp=0 hugepages_size=2048kB [ 1449.321595][T24273] 73008 total pagecache pages [ 1449.326452][T24273] 2 pages in swap cache [ 1449.339959][T24273] Free swap = 124988kB [ 1449.346215][T24296] net_ratelimit: 16 callbacks suppressed [ 1449.346242][T24296] netlink: zone id is out of range [ 1449.362909][T24273] Total swap = 124996kB [ 1449.367157][T24273] 2097051 pages RAM [ 1449.373158][T24273] 0 pages HighMem/MovableOnly [ 1449.377900][T24273] 430825 pages reserved [ 1449.382727][T24273] 0 pages cma reserved [ 1451.569524][T24342] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1451.583461][T24342] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1451.593694][T24342] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1451.625418][T24342] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1452.774381][T24356] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1453.549304][T14470] Bluetooth: hci4: command 0x040f tx timeout [ 1453.635576][T14470] Bluetooth: hci2: command 0x040f tx timeout [ 1453.641826][T24162] Bluetooth: hci0: command 0x041b tx timeout [ 1453.647900][T24162] Bluetooth: hci1: command 0x041b tx timeout [ 1454.117295][T24381] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1454.124560][T24381] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1454.131634][T24381] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1454.138779][T24381] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1455.017644][T24395] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1455.028951][T24395] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1456.109834][T24162] Bluetooth: hci4: command 0x040f tx timeout [ 1456.189329][T24162] Bluetooth: hci2: command 0x040f tx timeout [ 1456.195442][T24162] Bluetooth: hci1: command 0x041b tx timeout [ 1456.201627][T14470] Bluetooth: hci0: command 0x041b tx timeout [ 1458.880195][T24432] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1458.889555][T24432] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1458.916429][T24432] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1458.928939][T24432] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1460.910185][T24162] Bluetooth: hci0: command 0x041b tx timeout [ 1460.916319][T13870] Bluetooth: hci4: command 0x040f tx timeout [ 1460.992005][T13870] Bluetooth: hci1: command 0x041b tx timeout [ 1460.998121][T24162] Bluetooth: hci2: command 0x040f tx timeout [ 1462.707253][T24485] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1462.717816][T24485] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1462.729370][T24485] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1462.759458][T24485] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1464.753418][T24162] Bluetooth: hci1: command 0x041b tx timeout [ 1464.759692][T13870] Bluetooth: hci0: command 0x041b tx timeout [ 1464.766861][T13870] Bluetooth: hci4: command 0x040f tx timeout [ 1464.829391][T13870] Bluetooth: hci2: command 0x040f tx timeout [ 1466.402439][T24530] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1466.414909][T24530] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1466.437246][T24530] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1466.476789][T24530] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1468.429226][T13870] Bluetooth: hci0: command 0x041b tx timeout [ 1468.436063][T13870] Bluetooth: hci4: command 0x040f tx timeout [ 1468.519216][T13870] Bluetooth: hci2: command 0x040f tx timeout [ 1468.525345][T13870] Bluetooth: hci1: command 0x041b tx timeout [ 1468.802575][T24554] syz.2.3650: vmalloc error: size 18446744073709551615, exceeds total pages, mode:0xcc0(GFP_KERNEL), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 1468.864105][T24554] CPU: 0 UID: 0 PID: 24554 Comm: syz.2.3650 Tainted: G L syzkaller #0 PREEMPT(full) [ 1468.864163][T24554] Tainted: [L]=SOFTLOCKUP [ 1468.864178][T24554] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1468.864201][T24554] Call Trace: [ 1468.864214][T24554] [ 1468.864229][T24554] dump_stack_lvl+0x100/0x190 [ 1468.864291][T24554] warn_alloc.cold+0x95/0x1c1 [ 1468.864355][T24554] ? __pfx_warn_alloc+0x10/0x10 [ 1468.864413][T24554] ? __lock_acquire+0x4a5/0x2630 [ 1468.864483][T24554] __vmalloc_node_range_noprof+0x1252/0x1530 [ 1468.864534][T24554] ? rcu_is_watching+0x12/0xc0 [ 1468.864587][T24554] ? trace_contention_end+0x140/0x180 [ 1468.864636][T24554] ? dvb_dvr_do_ioctl+0x15d/0x270 [ 1468.864674][T24554] ? dvb_dvr_do_ioctl+0x7e/0x270 [ 1468.864705][T24554] ? tomoyo_path_number_perm+0x28f/0x580 [ 1468.865025][T24554] ? tomoyo_path_number_perm+0x28f/0x580 [ 1468.865076][T24554] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 1468.865131][T24554] ? __pfx___mutex_lock+0x10/0x10 [ 1468.865208][T24554] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1468.865249][T24554] ? futex_wait+0x125/0x380 [ 1468.865314][T24554] ? dvb_dvr_do_ioctl+0x15d/0x270 [ 1468.865351][T24554] __vmalloc_node_noprof+0xad/0xf0 [ 1468.865397][T24554] ? dvb_dvr_do_ioctl+0x15d/0x270 [ 1468.865435][T24554] dvb_dvr_do_ioctl+0x15d/0x270 [ 1468.865478][T24554] dvb_usercopy+0x167/0x340 [ 1468.865533][T24554] ? __pfx_dvb_dvr_do_ioctl+0x10/0x10 [ 1468.865570][T24554] ? __pfx_dvb_usercopy+0x10/0x10 [ 1468.865641][T24554] ? __fget_files+0x21f/0x3d0 [ 1468.865683][T24554] dvb_dvr_ioctl+0x29/0x40 [ 1468.865711][T24554] ? __pfx_dvb_dvr_ioctl+0x10/0x10 [ 1468.865745][T24554] __x64_sys_ioctl+0x18e/0x210 [ 1468.865808][T24554] do_syscall_64+0x106/0xf80 [ 1468.865868][T24554] ? clear_bhb_loop+0x40/0x90 [ 1468.865914][T24554] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1468.865950][T24554] RIP: 0033:0x7f6ea2b9c799 [ 1468.865979][T24554] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1468.866014][T24554] RSP: 002b:00007f6ea3b3a028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1468.866047][T24554] RAX: ffffffffffffffda RBX: 00007f6ea2e15fa0 RCX: 00007f6ea2b9c799 [ 1468.866068][T24554] RDX: ffffffffffffffff RSI: 0000000000006f2d RDI: 0000000000000003 [ 1468.866087][T24554] RBP: 00007f6ea2c32c99 R08: 0000000000000000 R09: 0000000000000000 [ 1468.866107][T24554] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1468.866127][T24554] R13: 00007f6ea2e16038 R14: 00007f6ea2e15fa0 R15: 00007ffe1004dc18 [ 1468.866169][T24554] [ 1468.866236][T24554] Mem-Info: [ 1469.175753][T24554] active_anon:23722 inactive_anon:586 isolated_anon:0 [ 1469.175753][T24554] active_file:12245 inactive_file:68828 isolated_file:0 [ 1469.175753][T24554] unevictable:768 dirty:919 writeback:0 [ 1469.175753][T24554] slab_reclaimable:12730 slab_unreclaimable:95550 [ 1469.175753][T24554] mapped:26991 shmem:3274 pagetables:1488 [ 1469.175753][T24554] sec_pagetables:0 bounce:0 [ 1469.175753][T24554] kernel_misc_reclaimable:0 [ 1469.175753][T24554] free:1277639 free_pcp:9374 free_cma:0 [ 1469.289323][T24554] Node 0 active_anon:92772kB inactive_anon:2344kB active_file:48980kB inactive_file:275132kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:107924kB dirty:3668kB writeback:0kB shmem:11560kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:47104kB kernel_stack:12576kB pagetables:5804kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 1469.419202][T24554] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:180kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:40kB dirty:8kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:32kB pagetables:148kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 1469.501729][T24554] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1469.594995][T24554] lowmem_reserve[]: 0 2477 2478 2478 2478 [ 1469.644391][T24554] Node 0 DMA32 free:1162568kB boost:0kB min:34304kB low:42880kB high:51456kB reserved_highatomic:0KB free_highatomic:0KB active_anon:96968kB inactive_anon:2344kB active_file:48980kB inactive_file:275132kB unevictable:1536kB writepending:3668kB zspages:0kB present:3129332kB managed:2537384kB mlocked:0kB bounce:0kB free_pcp:33980kB local_pcp:13532kB free_cma:0kB [ 1469.774230][T24554] lowmem_reserve[]: 0 0 1 1 1 [ 1469.801275][T24554] Node 0 Normal free:0kB boost:0kB min:12kB low:12kB high:12kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:1060kB mlocked:0kB bounce:0kB free_pcp:16kB local_pcp:12kB free_cma:0kB [ 1469.900452][T24554] lowmem_reserve[]: 0 0 0 0 0 [ 1469.923446][T24554] Node 1 Normal free:3938236kB boost:0kB min:55580kB low:69472kB high:83364kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:180kB unevictable:1536kB writepending:8kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1469.995532][T24554] lowmem_reserve[]: 0 0 0 0 0 [ 1470.001904][T24554] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 1470.017302][T24554] Node 0 DMA32: 4103*4kB (UME) 5871*8kB (UME) 3932*16kB (UME) 2206*32kB (UME) 1796*64kB (UME) 1018*128kB (UME) 796*256kB (UME) 341*512kB (UME) 302*1024kB (UME) 12*2048kB (UM) 2*4096kB (M) = 1162516kB [ 1470.046088][T24554] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1470.061278][T24554] Node 1 Normal: 5*4kB (UM) 5*8kB (U) 6*16kB (UM) 11*32kB (U) 7*64kB (UM) 4*128kB (UM) 4*256kB (UM) 3*512kB (UM) 2*1024kB (UM) 4*2048kB (UM) 958*4096kB (M) = 3938236kB [ 1470.168058][T24554] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1470.225092][T24554] Node 0 hugepages_total=3 hugepages_free=3 hugepages_surp=0 hugepages_size=2048kB [ 1470.279564][T24554] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1470.289393][T24554] Node 1 hugepages_total=1 hugepages_free=1 hugepages_surp=0 hugepages_size=2048kB [ 1470.299602][T24554] 84344 total pagecache pages [ 1470.304649][T24554] 2 pages in swap cache [ 1470.308869][T24554] Free swap = 124920kB [ 1470.314744][T24554] Total swap = 124996kB [ 1470.319838][T24554] 2097051 pages RAM [ 1470.323801][T24554] 0 pages HighMem/MovableOnly [ 1470.328617][T24554] 430825 pages reserved [ 1470.333002][T24554] 0 pages cma reserved [ 1471.017893][T24576] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1471.052840][T24576] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1471.099289][T24576] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1471.152216][T24576] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1473.076272][T13870] Bluetooth: hci0: command 0x041b tx timeout [ 1473.083863][T24162] Bluetooth: hci4: command 0x040f tx timeout [ 1473.151666][T24162] Bluetooth: hci1: command 0x041b tx timeout [ 1473.229254][T24162] Bluetooth: hci2: command 0x040f tx timeout [ 1475.580092][T24611] zswap: compressor û not available [ 1478.687604][T24655] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1478.717965][T24655] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1478.750931][T24655] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1478.769985][T24655] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1480.749276][T24162] Bluetooth: hci0: command 0x041b tx timeout [ 1480.755331][T13870] Bluetooth: hci4: command 0x040f tx timeout [ 1480.829306][T13870] Bluetooth: hci1: command 0x041b tx timeout [ 1480.835436][T24162] Bluetooth: hci2: command 0x040f tx timeout [ 1482.626374][T24702] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1482.641792][T24702] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1482.671371][T24702] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1482.743213][T24702] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1484.689313][T24162] Bluetooth: hci0: command 0x041b tx timeout [ 1484.698751][T24162] Bluetooth: hci4: command 0x040f tx timeout [ 1484.749981][T24162] Bluetooth: hci1: command 0x041b tx timeout [ 1484.829471][T24162] Bluetooth: hci2: command 0x040f tx timeout [ 1486.738713][T24729] zswap: compressor not available [ 1489.330183][T24752] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1489.374558][T24752] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1489.524694][T24752] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1489.564237][T24752] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1491.309427][T24162] Bluetooth: hci4: command 0x040f tx timeout [ 1491.406866][T24162] Bluetooth: hci0: command 0x041b tx timeout [ 1491.549634][T24162] Bluetooth: hci1: command 0x041b tx timeout [ 1491.630058][T24162] Bluetooth: hci2: command 0x040f tx timeout [ 1492.531563][T24768] syz.2.3706: vmalloc error: size 18446744073709551615, exceeds total pages, mode:0xcc0(GFP_KERNEL), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 1492.600723][T24768] CPU: 1 UID: 0 PID: 24768 Comm: syz.2.3706 Tainted: G L syzkaller #0 PREEMPT(full) [ 1492.600783][T24768] Tainted: [L]=SOFTLOCKUP [ 1492.600827][T24768] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1492.600851][T24768] Call Trace: [ 1492.600865][T24768] [ 1492.600879][T24768] dump_stack_lvl+0x100/0x190 [ 1492.600972][T24768] warn_alloc.cold+0x95/0x1c1 [ 1492.601026][T24768] ? __pfx_warn_alloc+0x10/0x10 [ 1492.601075][T24768] ? __lock_acquire+0x4a5/0x2630 [ 1492.601139][T24768] __vmalloc_node_range_noprof+0x1252/0x1530 [ 1492.601193][T24768] ? rcu_is_watching+0x12/0xc0 [ 1492.601246][T24768] ? trace_contention_end+0x140/0x180 [ 1492.601294][T24768] ? dvb_dvr_do_ioctl+0x15d/0x270 [ 1492.601338][T24768] ? dvb_dvr_do_ioctl+0x7e/0x270 [ 1492.601371][T24768] ? tomoyo_path_number_perm+0x28f/0x580 [ 1492.601413][T24768] ? tomoyo_path_number_perm+0x28f/0x580 [ 1492.601457][T24768] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 1492.601504][T24768] ? __pfx___mutex_lock+0x10/0x10 [ 1492.601568][T24768] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1492.601606][T24768] ? futex_wake+0x1ad/0x530 [ 1492.601662][T24768] ? dvb_dvr_do_ioctl+0x15d/0x270 [ 1492.601694][T24768] __vmalloc_node_noprof+0xad/0xf0 [ 1492.601733][T24768] ? dvb_dvr_do_ioctl+0x15d/0x270 [ 1492.601772][T24768] dvb_dvr_do_ioctl+0x15d/0x270 [ 1492.601829][T24768] dvb_usercopy+0x167/0x340 [ 1492.601882][T24768] ? __pfx_dvb_dvr_do_ioctl+0x10/0x10 [ 1492.601914][T24768] ? __pfx_dvb_usercopy+0x10/0x10 [ 1492.601985][T24768] ? __fget_files+0x21f/0x3d0 [ 1492.602067][T24768] dvb_dvr_ioctl+0x29/0x40 [ 1492.602099][T24768] ? __pfx_dvb_dvr_ioctl+0x10/0x10 [ 1492.602132][T24768] __x64_sys_ioctl+0x18e/0x210 [ 1492.602188][T24768] do_syscall_64+0x106/0xf80 [ 1492.602241][T24768] ? clear_bhb_loop+0x40/0x90 [ 1492.602286][T24768] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1492.602322][T24768] RIP: 0033:0x7f6ea2b9c799 [ 1492.602351][T24768] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1492.602386][T24768] RSP: 002b:00007f6ea3b3a028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1492.602421][T24768] RAX: ffffffffffffffda RBX: 00007f6ea2e15fa0 RCX: 00007f6ea2b9c799 [ 1492.602445][T24768] RDX: ffffffffffffffff RSI: 0000000000006f2d RDI: 0000000000000003 [ 1492.602468][T24768] RBP: 00007f6ea2c32c99 R08: 0000000000000000 R09: 0000000000000000 [ 1492.602489][T24768] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1492.602510][T24768] R13: 00007f6ea2e16038 R14: 00007f6ea2e15fa0 R15: 00007ffe1004dc18 [ 1492.602557][T24768] [ 1492.602705][T24768] Mem-Info: [ 1492.993272][T24768] active_anon:37256 inactive_anon:586 isolated_anon:0 [ 1492.993272][T24768] active_file:12165 inactive_file:71054 isolated_file:0 [ 1492.993272][T24768] unevictable:768 dirty:4554 writeback:0 [ 1492.993272][T24768] slab_reclaimable:12875 slab_unreclaimable:96683 [ 1492.993272][T24768] mapped:36651 shmem:17885 pagetables:1525 [ 1492.993272][T24768] sec_pagetables:0 bounce:0 [ 1492.993272][T24768] kernel_misc_reclaimable:0 [ 1492.993272][T24768] free:1262491 free_pcp:7376 free_cma:0 [ 1493.111767][T24768] Node 0 active_anon:152324kB inactive_anon:2344kB active_file:48660kB inactive_file:284036kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:146552kB dirty:18208kB writeback:0kB shmem:73344kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:45056kB kernel_stack:12828kB pagetables:5972kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 1493.169916][T24768] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:180kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:40kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:32kB pagetables:148kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 1493.295440][T24768] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1493.482500][T24768] lowmem_reserve[]: 0 2477 2478 2478 2478 [ 1493.499229][T24768] Node 0 DMA32 free:1081204kB boost:0kB min:34304kB low:42880kB high:51456kB reserved_highatomic:0KB free_highatomic:0KB active_anon:159372kB inactive_anon:2344kB active_file:48660kB inactive_file:284036kB unevictable:1536kB writepending:18428kB zspages:0kB present:3129332kB managed:2537384kB mlocked:0kB bounce:0kB free_pcp:31484kB local_pcp:13000kB free_cma:0kB [ 1493.609666][T24768] lowmem_reserve[]: 0 0 1 1 1 [ 1493.617760][T24768] Node 0 Normal free:0kB boost:0kB min:12kB low:12kB high:12kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:1060kB mlocked:0kB bounce:0kB free_pcp:16kB local_pcp:12kB free_cma:0kB [ 1493.736340][T24768] lowmem_reserve[]: 0 0 0 0 0 [ 1493.757300][T24768] Node 1 Normal free:3938236kB boost:0kB min:55580kB low:69472kB high:83364kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:180kB unevictable:1536kB writepending:0kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1493.907227][T24768] lowmem_reserve[]: 0 0 0 0 0 [ 1493.933284][T24768] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 1494.009581][T24768] Node 0 DMA32: 3560*4kB (UME) 4720*8kB (UME) 3000*16kB (UM) 748*32kB (UME) 1818*64kB (UME) 1030*128kB (UM) 807*256kB (UME) 346*512kB (UME) 306*1024kB (UME) 5*2048kB (UM) 0*4096kB = 1079456kB [ 1494.105111][T24768] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1494.155832][T24768] Node 1 Normal: 5*4kB (UM) 5*8kB (U) 6*16kB (UM) 11*32kB (U) 7*64kB (UM) 4*128kB (UM) 4*256kB (UM) 3*512kB (UM) 2*1024kB (UM) 4*2048kB (UM) 958*4096kB (M) = 3938236kB [ 1494.211235][T24784] ecryptfs_miscdev_write: Dropping miscdev message of unrecognized type [34] [ 1494.239243][T24768] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1494.307419][T24768] Node 0 hugepages_total=3 hugepages_free=3 hugepages_surp=0 hugepages_size=2048kB [ 1494.320072][T24768] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1494.342838][T24768] Node 1 hugepages_total=1 hugepages_free=1 hugepages_surp=0 hugepages_size=2048kB [ 1494.449736][T24768] 99643 total pagecache pages [ 1494.455877][T24768] 2 pages in swap cache [ 1494.487454][T24768] Free swap = 124988kB [ 1494.505652][T24768] Total swap = 124996kB [ 1494.528914][T24768] 2097051 pages RAM [ 1494.544741][T24768] 0 pages HighMem/MovableOnly [ 1494.568461][T24768] 430825 pages reserved [ 1494.586227][T24768] 0 pages cma reserved [ 1496.043846][T24798] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1496.071647][T24798] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1496.090221][T24798] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1496.104772][T24798] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1498.037894][T24162] Bluetooth: hci4: command 0x040f tx timeout [ 1498.116235][T24162] Bluetooth: hci1: command 0x041b tx timeout [ 1498.126872][T13870] Bluetooth: hci0: command 0x041b tx timeout [ 1498.193521][T13870] Bluetooth: hci2: command 0x040f tx timeout [ 1498.603278][T24822] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1498.653339][T24822] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1498.694253][T24822] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1498.744928][T24822] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1500.572674][T24836] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1500.581284][T24836] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1500.649669][T24836] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1500.689630][T24836] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1501.629367][T13870] Bluetooth: hci4: command 0x040f tx timeout [ 1502.669449][T24162] Bluetooth: hci0: command 0x041b tx timeout [ 1502.676711][T13870] Bluetooth: hci1: command 0x041b tx timeout [ 1502.749268][T13870] Bluetooth: hci2: command 0x040f tx timeout [ 1507.876979][T24894] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1507.963898][T24894] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1508.277764][T24894] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1508.309932][T24894] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1509.959363][T13870] Bluetooth: hci4: command 0x040f tx timeout [ 1510.029452][T13870] Bluetooth: hci0: command 0x041b tx timeout [ 1510.351021][T13870] Bluetooth: hci2: command 0x040f tx timeout [ 1510.357833][T13870] Bluetooth: hci1: command 0x041b tx timeout [ 1511.276757][T13870] Bluetooth: hci1: unexpected event 0x1c length: 725 > 5 [ 1511.629618][T13870] Bluetooth: hci1: unexpected event 0x3e length: 726 > 260 [ 1511.650482][T13870] Bluetooth: hci1: unexpected subevent 0x0d length: 725 > 260 [ 1511.675241][T13870] Bluetooth: hci1: Unknown advertising packet type: 0x7f [ 1511.675322][T13870] Bluetooth: hci1: adv larger than maximum supported [ 1511.701879][T13870] Bluetooth: hci1: Unknown advertising packet type: 0x17 [ 1511.709770][T13870] Bluetooth: hci1: Unknown advertising packet type: 0x78 [ 1511.721000][T13870] Bluetooth: hci1: Malformed LE Event: 0x0d [ 1522.938052][T24999] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1522.958388][T24999] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1522.973060][T24999] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1522.983758][T24999] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1525.071115][T24162] Bluetooth: hci2: command 0x040f tx timeout [ 1525.099427][T13870] Bluetooth: hci1: command 0x041b tx timeout [ 1525.109193][T14470] Bluetooth: hci0: command 0x041b tx timeout [ 1525.118559][T14470] Bluetooth: hci4: command 0x040f tx timeout [ 1526.056518][T25020] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1526.089952][T25020] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1526.121329][T25020] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1526.149450][T25020] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1527.478730][T25041] zswap: compressor not available [ 1528.121433][T14470] Bluetooth: hci0: command 0x041b tx timeout [ 1528.128702][T14470] Bluetooth: hci4: command 0x040f tx timeout [ 1528.189462][T13870] Bluetooth: hci1: command 0x041b tx timeout [ 1528.199726][T14470] Bluetooth: hci2: command 0x040f tx timeout [ 1535.914595][T25115] zswap: compressor not available [ 1541.968191][T25181] FAULT_INJECTION: forcing a failure. [ 1541.968191][T25181] name failslab, interval 1, probability 0, space 0, times 0 [ 1542.107661][T25186] FAULT_INJECTION: forcing a failure. [ 1542.107661][T25186] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1542.124302][T25181] CPU: 0 UID: 0 PID: 25181 Comm: syz.0.3807 Tainted: G L syzkaller #0 PREEMPT(full) [ 1542.124355][T25181] Tainted: [L]=SOFTLOCKUP [ 1542.124366][T25181] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1542.124385][T25181] Call Trace: [ 1542.124397][T25181] [ 1542.124410][T25181] dump_stack_lvl+0x100/0x190 [ 1542.124468][T25181] should_fail_ex.cold+0x5/0xa [ 1542.124507][T25181] should_failslab+0xc2/0x120 [ 1542.124541][T25181] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 1542.124587][T25181] ? security_inode_alloc+0x3b/0x2c0 [ 1542.124619][T25181] ? lockdep_init_map_type+0x5c/0x250 [ 1542.124671][T25181] security_inode_alloc+0x3b/0x2c0 [ 1542.124706][T25181] inode_init_always_gfp+0xced/0x1040 [ 1542.124748][T25181] alloc_inode+0x8e/0x250 [ 1542.124792][T25181] new_inode+0x22/0x1c0 [ 1542.124838][T25181] proc_pid_make_inode+0x22/0x160 [ 1542.124887][T25181] proc_pident_instantiate+0x85/0x310 [ 1542.124938][T25181] proc_pident_lookup+0x1e3/0x270 [ 1542.125002][T25181] __lookup_slow+0x251/0x460 [ 1542.125046][T25181] ? __pfx___lookup_slow+0x10/0x10 [ 1542.125121][T25181] lookup_slow+0x50/0x70 [ 1542.125163][T25181] link_path_walk+0x1377/0x1cc0 [ 1542.125228][T25181] path_openat+0x1be/0x31a0 [ 1542.125260][T25181] ? kasan_save_stack+0x3f/0x50 [ 1542.125307][T25181] ? kasan_save_stack+0x30/0x50 [ 1542.125353][T25181] ? kasan_save_track+0x14/0x30 [ 1542.125402][T25181] ? kmem_cache_alloc_noprof+0x241/0x6e0 [ 1542.125459][T25181] ? __pfx_path_openat+0x10/0x10 [ 1542.125937][T25181] do_file_open+0x20e/0x430 [ 1542.125989][T25181] ? __pfx_do_file_open+0x10/0x10 [ 1542.126033][T25181] ? __pfx_kfree_link+0x10/0x10 [ 1542.126087][T25181] ? alloc_fd+0x476/0x790 [ 1542.126121][T25181] ? do_getname+0x191/0x390 [ 1542.126162][T25181] do_sys_openat2+0x10d/0x1e0 [ 1542.126204][T25181] ? __pfx_do_sys_openat2+0x10/0x10 [ 1542.126288][T25181] ? fd_install+0x24f/0x580 [ 1542.126328][T25181] __x64_sys_openat+0x12d/0x210 [ 1542.126373][T25181] ? __pfx___x64_sys_openat+0x10/0x10 [ 1542.126413][T25181] ? ksys_write+0x1ac/0x250 [ 1542.126457][T25181] do_syscall_64+0x106/0xf80 [ 1542.126503][T25181] ? clear_bhb_loop+0x40/0x90 [ 1542.126548][T25181] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1542.126582][T25181] RIP: 0033:0x7f310cb9c799 [ 1542.126610][T25181] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1542.126642][T25181] RSP: 002b:00007f310db0f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1542.126673][T25181] RAX: ffffffffffffffda RBX: 00007f310ce16090 RCX: 00007f310cb9c799 [ 1542.126694][T25181] RDX: 00000000001cb842 RSI: 0000200000000100 RDI: ffffffffffffff9c [ 1542.126721][T25181] RBP: 00007f310db0f090 R08: 0000000000000000 R09: 0000000000000000 [ 1542.126742][T25181] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1542.126762][T25181] R13: 00007f310ce16128 R14: 00007f310ce16090 R15: 00007ffd27fd6258 [ 1542.126804][T25181] [ 1542.139331][T25186] CPU: 1 UID: 0 PID: 25186 Comm: syz.3.3809 Tainted: G L syzkaller #0 PREEMPT(full) [ 1542.139474][T25186] Tainted: [L]=SOFTLOCKUP [ 1542.139507][T25186] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1542.139560][T25186] Call Trace: [ 1542.139600][T25186] [ 1542.139640][T25186] dump_stack_lvl+0x100/0x190 [ 1542.139795][T25186] should_fail_ex.cold+0x5/0xa [ 1542.139900][T25186] _copy_from_user+0x2e/0xd0 [ 1542.140013][T25186] __sys_bpf+0x243/0x4b90 [ 1542.140160][T25186] ? __pfx___sys_bpf+0x10/0x10 [ 1542.140257][T25186] ? proc_fail_nth_write+0x9f/0x220 [ 1542.140348][T25186] ? find_held_lock+0x2b/0x80 [ 1542.140452][T25186] ? find_held_lock+0x2b/0x80 [ 1542.140532][T25186] ? ksys_write+0x190/0x250 [ 1542.140634][T25186] ? __mutex_unlock_slowpath+0x15c/0x790 [ 1542.140769][T25186] ? __fget_files+0x215/0x3d0 [ 1542.140900][T25186] ? fput+0x79/0x100 [ 1542.140993][T25186] ? ksys_write+0x1ac/0x250 [ 1542.141072][T25186] ? __pfx_ksys_write+0x10/0x10 [ 1542.141165][T25186] __x64_sys_bpf+0x7b/0xc0 [ 1542.141283][T25186] ? lockdep_hardirqs_on+0x78/0x100 [ 1542.141408][T25186] do_syscall_64+0x106/0xf80 [ 1542.141523][T25186] ? clear_bhb_loop+0x40/0x90 [ 1542.141648][T25186] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1542.141754][T25186] RIP: 0033:0x7f3da1d9c799 [ 1542.141837][T25186] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1542.141919][T25186] RSP: 002b:00007f3da2d3b028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 1542.142001][T25186] RAX: ffffffffffffffda RBX: 00007f3da2015fa0 RCX: 00007f3da1d9c799 [ 1542.142056][T25186] RDX: 0000000000000198 RSI: 0000200000000100 RDI: 0000000000000000 [ 1542.142106][T25186] RBP: 00007f3da2d3b090 R08: 0000000000000000 R09: 0000000000000000 [ 1542.142158][T25186] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1542.142208][T25186] R13: 00007f3da2016038 R14: 00007f3da2015fa0 R15: 00007ffcbbfeed08 [ 1542.142347][T25186] [ 1542.805821][T25182] zswap: compressor not available [ 1552.390057][T25272] zswap: compressor not available [ 1554.996781][T25304] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1555.004890][T25304] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1555.072644][T25304] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1555.101085][T25304] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1557.071950][T13870] Bluetooth: hci1: command 0x041b tx timeout [ 1557.079550][T14470] Bluetooth: hci0: command 0x041b tx timeout [ 1557.087066][T14470] Bluetooth: hci4: command 0x040f tx timeout [ 1557.152587][T14470] Bluetooth: hci2: command 0x040f tx timeout [ 1557.234861][T25323] warn_alloc: 1 callbacks suppressed [ 1557.234889][T25323] syz.2.3845: vmalloc error: size 18446744073709551615, exceeds total pages, mode:0xcc0(GFP_KERNEL), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 1557.282443][T25322] netlink: 'syz.0.3844': attribute type 8 has an invalid length. [ 1557.282963][T25323] CPU: 1 UID: 0 PID: 25323 Comm: syz.2.3845 Tainted: G L syzkaller #0 PREEMPT(full) [ 1557.283122][T25323] Tainted: [L]=SOFTLOCKUP [ 1557.283173][T25323] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1557.283268][T25323] Call Trace: [ 1557.283295][T25323] [ 1557.283336][T25323] dump_stack_lvl+0x100/0x190 [ 1557.283504][T25323] warn_alloc.cold+0x95/0x1c1 [ 1557.283664][T25323] ? __pfx_warn_alloc+0x10/0x10 [ 1557.283814][T25323] ? __lock_acquire+0x4a5/0x2630 [ 1557.283991][T25323] __vmalloc_node_range_noprof+0x1252/0x1530 [ 1557.284131][T25323] ? rcu_is_watching+0x12/0xc0 [ 1557.284271][T25323] ? trace_contention_end+0x140/0x180 [ 1557.284409][T25323] ? dvb_dvr_do_ioctl+0x15d/0x270 [ 1557.284518][T25323] ? dvb_dvr_do_ioctl+0x7e/0x270 [ 1557.284630][T25323] ? tomoyo_path_number_perm+0x28f/0x580 [ 1557.284735][T25323] ? tomoyo_path_number_perm+0x28f/0x580 [ 1557.284852][T25323] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 1557.284967][T25323] ? __pfx___mutex_lock+0x10/0x10 [ 1557.285124][T25323] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1557.285220][T25323] ? futex_wake+0x1ad/0x530 [ 1557.285372][T25323] ? dvb_dvr_do_ioctl+0x15d/0x270 [ 1557.285456][T25323] __vmalloc_node_noprof+0xad/0xf0 [ 1557.285572][T25323] ? dvb_dvr_do_ioctl+0x15d/0x270 [ 1557.285670][T25323] dvb_dvr_do_ioctl+0x15d/0x270 [ 1557.285786][T25323] dvb_usercopy+0x167/0x340 [ 1557.285929][T25323] ? __pfx_dvb_dvr_do_ioctl+0x10/0x10 [ 1557.286019][T25323] ? __pfx_dvb_usercopy+0x10/0x10 [ 1557.286200][T25323] ? __fget_files+0x21f/0x3d0 [ 1557.286481][T25323] dvb_dvr_ioctl+0x29/0x40 [ 1557.286616][T25323] ? __pfx_dvb_dvr_ioctl+0x10/0x10 [ 1557.286703][T25323] __x64_sys_ioctl+0x18e/0x210 [ 1557.287084][T25323] do_syscall_64+0x106/0xf80 [ 1557.287227][T25323] ? clear_bhb_loop+0x40/0x90 [ 1557.287368][T25323] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1557.287466][T25323] RIP: 0033:0x7f6ea2b9c799 [ 1557.287550][T25323] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1557.287635][T25323] RSP: 002b:00007f6ea3b3a028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1557.287730][T25323] RAX: ffffffffffffffda RBX: 00007f6ea2e15fa0 RCX: 00007f6ea2b9c799 [ 1557.287831][T25323] RDX: ffffffffffffffff RSI: 0000000000006f2d RDI: 0000000000000003 [ 1557.287887][T25323] RBP: 00007f6ea2c32c99 R08: 0000000000000000 R09: 0000000000000000 [ 1557.287948][T25323] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1557.288003][T25323] R13: 00007f6ea2e16038 R14: 00007f6ea2e15fa0 R15: 00007ffe1004dc18 [ 1557.288126][T25323] [ 1557.288169][T25323] Mem-Info: [ 1557.684751][T25323] active_anon:22500 inactive_anon:586 isolated_anon:0 [ 1557.684751][T25323] active_file:10275 inactive_file:78079 isolated_file:0 [ 1557.684751][T25323] unevictable:768 dirty:1156 writeback:0 [ 1557.684751][T25323] slab_reclaimable:12923 slab_unreclaimable:97218 [ 1557.684751][T25323] mapped:26088 shmem:3274 pagetables:1450 [ 1557.684751][T25323] sec_pagetables:0 bounce:0 [ 1557.684751][T25323] kernel_misc_reclaimable:0 [ 1557.684751][T25323] free:1255810 free_pcp:22416 free_cma:0 [ 1557.700916][T25328] netlink: 'syz.0.3844': attribute type 8 has an invalid length. [ 1557.805379][T25323] Node 0 active_anon:91968kB inactive_anon:2344kB active_file:41100kB inactive_file:312136kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:106384kB dirty:4620kB writeback:0kB shmem:13608kB shmem_thp:2048kB shmem_pmdmapped:2048kB anon_thp:45056kB kernel_stack:11744kB pagetables:5552kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 1557.976950][T25323] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:180kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:12kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:32kB pagetables:148kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 1558.192144][T25323] Node 0 DMA free:13304kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:2048kB unevictable:0kB writepending:2048kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:8kB free_cma:0kB [ 1558.376326][T25323] lowmem_reserve[]: 0 2477 2478 2478 2478 [ 1558.450947][T25323] Node 0 DMA32 free:1125448kB boost:0kB min:34304kB low:42880kB high:51456kB reserved_highatomic:0KB free_highatomic:0KB active_anon:94044kB inactive_anon:2344kB active_file:41100kB inactive_file:310088kB unevictable:1536kB writepending:2592kB zspages:0kB present:3129332kB managed:2537384kB mlocked:0kB bounce:0kB free_pcp:33008kB local_pcp:13208kB free_cma:0kB [ 1558.559290][T25323] lowmem_reserve[]: 0 0 1 1 1 [ 1558.582507][T25323] Node 0 Normal free:0kB boost:0kB min:12kB low:12kB high:12kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:1060kB mlocked:0kB bounce:0kB free_pcp:16kB local_pcp:4kB free_cma:0kB [ 1558.720554][T25323] lowmem_reserve[]: 0 0 0 0 0 [ 1558.726691][T25323] Node 1 Normal free:3883096kB boost:0kB min:55580kB low:69472kB high:83364kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:180kB unevictable:1536kB writepending:4kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:55140kB local_pcp:21488kB free_cma:0kB [ 1558.910586][T25323] lowmem_reserve[]: 0 0 0 0 0 [ 1558.958210][T25323] Node 0 DMA: 3*4kB (UM) 1*8kB (U) 2*16kB (UM) 2*32kB (UM) 2*64kB (UM) 2*128kB (UM) 2*256kB (UM) 2*512kB (UM) 3*1024kB (UM) 3*2048kB (UM) 0*4096kB = 11252kB [ 1559.048818][T25323] Node 0 DMA32: 3540*4kB (UME) 5615*8kB (UME) 3786*16kB (UME) 2017*32kB (UME) 1795*64kB (UM) 1099*128kB (UM) 813*256kB (UM) 298*512kB (UME) 316*1024kB (UME) 0*2048kB 0*4096kB = 1124040kB [ 1559.124807][T25323] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1559.176564][T25323] Node 1 Normal: 5*4kB (UM) 6*8kB (U) 7*16kB (UM) 11*32kB (U) 9*64kB (UM) 6*128kB (UM) 6*256kB (UM) 4*512kB (UM) 3*1024kB (UM) 2*2048kB (UM) 945*4096kB (M) = 3883348kB [ 1559.285752][T25323] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1559.300257][T25323] Node 0 hugepages_total=3 hugepages_free=3 hugepages_surp=0 hugepages_size=2048kB [ 1559.312595][T25323] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1559.331783][T25323] Node 1 hugepages_total=1 hugepages_free=1 hugepages_surp=0 hugepages_size=2048kB [ 1559.370165][T25323] 91657 total pagecache pages [ 1559.394363][T25323] 34 pages in swap cache [ 1559.445719][T25323] Free swap = 124856kB [ 1559.461029][T25323] Total swap = 124996kB [ 1559.466650][T25323] 2097051 pages RAM [ 1559.491173][T25323] 0 pages HighMem/MovableOnly [ 1559.511230][T25323] 430825 pages reserved [ 1559.516071][T25323] 0 pages cma reserved [ 1561.375012][T25354] [U] ^@ [ 1564.016397][T25397] vivid-007: ================= START STATUS ================= [ 1564.088823][T25397] vivid-007: Generate PTS: true [ 1564.111565][T25411] FAULT_INJECTION: forcing a failure. [ 1564.111565][T25411] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1564.116653][T25397] vivid-007: Generate SCR: [ 1564.139572][T25411] CPU: 1 UID: 0 PID: 25411 Comm: syz.1.3862 Tainted: G L syzkaller #0 PREEMPT(full) [ 1564.139626][T25411] Tainted: [L]=SOFTLOCKUP [ 1564.139647][T25411] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1564.139666][T25411] Call Trace: [ 1564.139676][T25411] [ 1564.139688][T25411] dump_stack_lvl+0x100/0x190 [ 1564.139744][T25411] should_fail_ex.cold+0x5/0xa [ 1564.139785][T25411] _copy_from_user+0x2e/0xd0 [ 1564.139825][T25411] kstrtouint_from_user+0xd6/0x1d0 [ 1564.139875][T25411] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 1564.139922][T25411] ? __lock_acquire+0x4a5/0x2630 [ 1564.139967][T25411] ? lock_acquire+0x1cf/0x380 [ 1564.140017][T25411] proc_fail_nth_write+0x83/0x220 [ 1564.140061][T25411] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 1564.140115][T25411] vfs_write+0x2aa/0x1070 [ 1564.140171][T25411] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 1564.140216][T25411] ? __pfx_vfs_write+0x10/0x10 [ 1564.140267][T25411] ? __fget_files+0x215/0x3d0 [ 1564.140309][T25411] ? __fget_files+0x21f/0x3d0 [ 1564.140364][T25411] ksys_write+0x12a/0x250 [ 1564.140395][T25411] ? __pfx_ksys_write+0x10/0x10 [ 1564.140444][T25411] do_syscall_64+0x106/0xf80 [ 1564.140492][T25411] ? clear_bhb_loop+0x40/0x90 [ 1564.140535][T25411] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1564.140570][T25411] RIP: 0033:0x7f07ceb5cfce [ 1564.140598][T25411] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 1564.140672][T25411] RSP: 002b:00007f07cf981fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1564.140709][T25411] RAX: ffffffffffffffda RBX: 00007f07cf9826c0 RCX: 00007f07ceb5cfce [ 1564.140731][T25411] RDX: 0000000000000001 RSI: 00007f07cf9820a0 RDI: 0000000000000004 [ 1564.140753][T25411] RBP: 00007f07cf982090 R08: 0000000000000000 R09: 0000000000000000 [ 1564.140773][T25411] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1564.140794][T25411] R13: 00007f07cee16128 R14: 00007f07cee16090 R15: 00007ffcfbb82758 [ 1564.140844][T25411] [ 1564.433458][T25397] true [ 1564.436268][T25397] tpg source WxH: 320x240 (Y'CbCr) [ 1564.442193][T25397] tpg field: 1 [ 1564.445624][T25397] tpg crop: (0,0)/320x240 [ 1564.519378][T25410] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1564.525748][T25410] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1564.532043][T25410] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1564.538276][T25410] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1564.614317][T25397] tpg compose: (0,0)/320x240 [ 1564.718879][T25397] tpg colorspace: 8 [ 1564.769215][T25397] tpg transfer function: 0/0 [ 1564.773896][T25397] tpg Y'CbCr encoding: 0/0 [ 1564.813509][T25397] tpg quantization: 0/0 [ 1564.817932][T25397] tpg RGB range: 0/2 [ 1564.829211][T25397] vivid-007: ================== END STATUS ================== [ 1564.896530][T25417] netlink: 672 bytes leftover after parsing attributes in process `syz.1.3864'. [ 1566.672586][T13870] Bluetooth: hci2: command 0x040f tx timeout [ 1566.678682][T13870] Bluetooth: hci1: command 0x041b tx timeout [ 1566.684913][T14470] Bluetooth: hci0: command 0x041b tx timeout [ 1566.691092][T24162] Bluetooth: hci4: command 0x040f tx timeout [ 1567.808825][T25468] FAULT_INJECTION: forcing a failure. [ 1567.808825][T25468] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1567.914217][T25468] CPU: 0 UID: 0 PID: 25468 Comm: syz.2.3879 Tainted: G L syzkaller #0 PREEMPT(full) [ 1567.914256][T25468] Tainted: [L]=SOFTLOCKUP [ 1567.914265][T25468] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1567.914279][T25468] Call Trace: [ 1567.914287][T25468] [ 1567.914297][T25468] dump_stack_lvl+0x100/0x190 [ 1567.914338][T25468] should_fail_ex.cold+0x5/0xa [ 1567.914367][T25468] _copy_from_user+0x2e/0xd0 [ 1567.914397][T25468] copy_msghdr_from_user+0x9f/0x4f0 [ 1567.914427][T25468] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 1567.914459][T25468] ? rcu_is_watching+0x12/0xc0 [ 1567.914495][T25468] ? ___sys_sendmsg+0x19d/0x1e0 [ 1567.914520][T25468] ? kfree+0x2ec/0x6b0 [ 1567.914555][T25468] ___sys_sendmsg+0x106/0x1e0 [ 1567.914584][T25468] ? __pfx____sys_sendmsg+0x10/0x10 [ 1567.914636][T25468] ? __pfx___might_resched+0x10/0x10 [ 1567.914678][T25468] __sys_sendmmsg+0x205/0x430 [ 1567.914717][T25468] ? __pfx___sys_sendmmsg+0x10/0x10 [ 1567.914761][T25468] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 1567.914810][T25468] ? fput+0x79/0x100 [ 1567.914840][T25468] ? ksys_write+0x1ac/0x250 [ 1567.914869][T25468] ? __pfx_ksys_write+0x10/0x10 [ 1567.914895][T25468] __x64_sys_sendmmsg+0x9c/0x100 [ 1567.914929][T25468] ? lockdep_hardirqs_on+0x78/0x100 [ 1567.914970][T25468] do_syscall_64+0x106/0xf80 [ 1567.915003][T25468] ? clear_bhb_loop+0x40/0x90 [ 1567.915032][T25468] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1567.915056][T25468] RIP: 0033:0x7f6ea2b9c799 [ 1567.915075][T25468] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1567.915105][T25468] RSP: 002b:00007f6ea3b19028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1567.915127][T25468] RAX: ffffffffffffffda RBX: 00007f6ea2e16090 RCX: 00007f6ea2b9c799 [ 1567.915142][T25468] RDX: 00000000000009a6 RSI: 0000000000000000 RDI: 0000000000000003 [ 1567.915157][T25468] RBP: 00007f6ea3b19090 R08: 0000000000000000 R09: 0000000000000000 [ 1567.915172][T25468] R10: 0000000007000000 R11: 0000000000000246 R12: 0000000000000001 [ 1567.915187][T25468] R13: 00007f6ea2e16128 R14: 00007f6ea2e16090 R15: 00007ffe1004dc18 [ 1567.915217][T25468] [ 1568.431063][T25468] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1568.437199][T25468] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1568.471090][T25468] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1568.497840][T25468] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1570.519924][T14470] Bluetooth: hci2: command 0x040f tx timeout [ 1570.526000][T14470] Bluetooth: hci1: command 0x041b tx timeout [ 1570.532213][T13870] Bluetooth: hci0: command 0x041b tx timeout [ 1570.538239][T13870] Bluetooth: hci4: command 0x040f tx timeout [ 1572.107089][T25526] FAULT_INJECTION: forcing a failure. [ 1572.107089][T25526] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1572.158108][T25526] CPU: 1 UID: 0 PID: 25526 Comm: syz.0.3897 Tainted: G L syzkaller #0 PREEMPT(full) [ 1572.158146][T25526] Tainted: [L]=SOFTLOCKUP [ 1572.158156][T25526] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1572.158170][T25526] Call Trace: [ 1572.158178][T25526] [ 1572.158187][T25526] dump_stack_lvl+0x100/0x190 [ 1572.158229][T25526] should_fail_ex.cold+0x5/0xa [ 1572.158253][T25526] ? prepare_alloc_pages+0x16d/0x5f0 [ 1572.158283][T25526] should_fail_alloc_page+0xeb/0x140 [ 1572.158310][T25526] prepare_alloc_pages+0x1f0/0x5f0 [ 1572.158343][T25526] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 1572.158387][T25526] ? __lock_acquire+0x4a5/0x2630 [ 1572.158428][T25526] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 1572.158475][T25526] ? do_raw_spin_lock+0x128/0x260 [ 1572.158511][T25526] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 1572.158546][T25526] ? find_held_lock+0x2b/0x80 [ 1572.158582][T25526] ? __lock_acquire+0x4a5/0x2630 [ 1572.158612][T25526] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1572.158655][T25526] ? policy_nodemask+0xed/0x4f0 [ 1572.158683][T25526] alloc_pages_mpol+0x1fb/0x550 [ 1572.158716][T25526] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 1572.158748][T25526] ? __folio_batch_add_and_move+0x5e5/0xc60 [ 1572.158787][T25526] ? __folio_batch_add_and_move+0x5e5/0xc60 [ 1572.158833][T25526] folio_alloc_mpol_noprof+0x36/0x340 [ 1572.158866][T25526] shmem_alloc_folio+0x135/0x160 [ 1572.158899][T25526] shmem_alloc_and_add_folio+0x371/0xd40 [ 1572.158944][T25526] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 1572.158984][T25526] ? shmem_allowable_huge_orders+0x2bd/0x400 [ 1572.159028][T25526] shmem_get_folio_gfp+0x6ab/0x1900 [ 1572.159103][T25526] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 1572.159154][T25526] ? filemap_map_pages+0xe69/0x2020 [ 1572.159216][T25526] shmem_fault+0x1f9/0xa20 [ 1572.159267][T25526] ? __lock_acquire+0x4a5/0x2630 [ 1572.159309][T25526] ? __pfx_shmem_fault+0x10/0x10 [ 1572.159366][T25526] ? __pfx_filemap_map_pages+0x10/0x10 [ 1572.159427][T25526] __do_fault+0x10d/0x550 [ 1572.159468][T25526] do_fault+0xabb/0x1990 [ 1572.159512][T25526] __handle_mm_fault+0x180f/0x2b60 [ 1572.159569][T25526] ? mt_find+0x45e/0x8e0 [ 1572.159611][T25526] ? __pfx___handle_mm_fault+0x10/0x10 [ 1572.159642][T25526] ? __pfx_mt_find+0x10/0x10 [ 1572.159713][T25526] ? find_vma+0xbf/0x140 [ 1572.159736][T25526] ? __pfx_find_vma+0x10/0x10 [ 1572.159773][T25526] handle_mm_fault+0x36d/0xa20 [ 1572.159811][T25526] do_user_addr_fault+0x74c/0x12f0 [ 1572.159859][T25526] exc_page_fault+0x6f/0xd0 [ 1572.159893][T25526] asm_exc_page_fault+0x26/0x30 [ 1572.159919][T25526] RIP: 0010:rep_movs_alternative+0xf/0x90 [ 1572.159945][T25526] Code: c4 10 c3 cc cc cc cc 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 48 83 f9 40 73 44 83 f9 08 73 25 85 c9 74 0f <8a> 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 e9 fd 93 04 00 66 66 [ 1572.159969][T25526] RSP: 0018:ffffc9000579fb20 EFLAGS: 00050206 [ 1572.159988][T25526] RAX: 0000000000000000 RBX: 000000000000ffff RCX: 0000000000000003 [ 1572.160004][T25526] RDX: 0000000000000001 RSI: 0000000000010000 RDI: ffff88802a1d3941 [ 1572.160019][T25526] RBP: 0000000000000004 R08: 0000000000000001 R09: ffffed100543a728 [ 1572.160035][T25526] R10: 0000000000000003 R11: 0000000000000000 R12: 0000000000000000 [ 1572.160049][T25526] R13: ffff88802a1d3940 R14: 0000000000000004 R15: ffff888036a89c00 [ 1572.160081][T25526] _copy_from_user+0x98/0xd0 [ 1572.160112][T25526] map_update_elem+0x922/0xb00 [ 1572.160160][T25526] ? __pfx_map_update_elem+0x10/0x10 [ 1572.160204][T25526] __sys_bpf+0x20d5/0x4b90 [ 1572.160235][T25526] ? __pfx___sys_bpf+0x10/0x10 [ 1572.160259][T25526] ? proc_fail_nth_write+0x9f/0x220 [ 1572.160290][T25526] ? find_held_lock+0x2b/0x80 [ 1572.160318][T25526] ? rcu_read_lock_any_held+0x6a/0xa0 [ 1572.160342][T25526] ? vfs_write+0x15d/0x1070 [ 1572.160382][T25526] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 1572.160414][T25526] ? __pfx_vfs_write+0x10/0x10 [ 1572.160452][T25526] ? do_sys_openat2+0x157/0x1e0 [ 1572.160527][T25526] ? ksys_write+0x1ac/0x250 [ 1572.160558][T25526] ? __pfx_ksys_write+0x10/0x10 [ 1572.160603][T25526] __x64_sys_bpf+0x7b/0xc0 [ 1572.160724][T25526] ? lockdep_hardirqs_on+0x78/0x100 [ 1572.160769][T25526] do_syscall_64+0x106/0xf80 [ 1572.160813][T25526] ? clear_bhb_loop+0x40/0x90 [ 1572.160853][T25526] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1572.160886][T25526] RIP: 0033:0x7f310cb9c799 [ 1572.160914][T25526] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1572.160947][T25526] RSP: 002b:00007f310db30028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 1572.160979][T25526] RAX: ffffffffffffffda RBX: 00007f310ce15fa0 RCX: 00007f310cb9c799 [ 1572.161001][T25526] RDX: 000000000000000c RSI: 00002000000001c0 RDI: 0000000000000002 [ 1572.161022][T25526] RBP: 00007f310db30090 R08: 0000000000000000 R09: 0000000000000000 [ 1572.161043][T25526] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1572.161062][T25526] R13: 00007f310ce16038 R14: 00007f310ce15fa0 R15: 00007ffd27fd6258 [ 1572.161107][T25526] [ 1574.115214][T25538] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1574.174258][T25538] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1574.232512][T25538] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1574.299824][T25538] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1575.040397][T25552] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1575.046752][T25552] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1575.058515][T25552] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1575.069337][T25552] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1576.421271][ T29] audit: type=1800 audit(4294967563.110:167): pid=25570 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.3907" name="trace_pipe" dev="tracefs" ino=3742 res=0 errno=0 [ 1576.530412][T25556] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1576.642380][T25556] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1576.648517][T25556] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1576.816735][T25556] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1578.590260][T14470] Bluetooth: hci4: command 0x040f tx timeout [ 1578.669375][T13870] Bluetooth: hci1: command 0x041b tx timeout [ 1578.675510][T14470] Bluetooth: hci0: command 0x041b tx timeout [ 1578.829297][T14470] Bluetooth: hci2: command 0x040f tx timeout [ 1579.840950][T25586] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1579.883770][T25586] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1579.914880][T25586] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1579.974823][T25586] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1581.872005][T14470] Bluetooth: hci4: command 0x040f tx timeout [ 1581.950383][T14470] Bluetooth: hci1: command 0x041b tx timeout [ 1581.956482][T14470] Bluetooth: hci0: command 0x041b tx timeout [ 1582.029332][T14470] Bluetooth: hci2: command 0x040f tx timeout [ 1583.310003][T25646] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1583.319874][T25646] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1583.325953][T25646] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1583.375447][T25646] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1585.389195][T13870] Bluetooth: hci2: command 0x040f tx timeout [ 1585.398023][T14470] Bluetooth: hci1: command 0x041b tx timeout [ 1585.406080][T24162] Bluetooth: hci0: command 0x041b tx timeout [ 1585.412272][T18966] Bluetooth: hci4: command 0x040f tx timeout [ 1589.925829][T25702] can: request_module (can-proto-3) failed. [ 1590.946794][T25723] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input16 [ 1594.962576][T25753] netlink: 326 bytes leftover after parsing attributes in process `syz.2.3946'. [ 1595.440075][T25764] syz.0.3950: vmalloc error: size 18446744073709551615, exceeds total pages, mode:0xcc0(GFP_KERNEL), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 1595.458718][T25764] CPU: 1 UID: 0 PID: 25764 Comm: syz.0.3950 Tainted: G L syzkaller #0 PREEMPT(full) [ 1595.458775][T25764] Tainted: [L]=SOFTLOCKUP [ 1595.458789][T25764] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1595.458810][T25764] Call Trace: [ 1595.458821][T25764] [ 1595.458834][T25764] dump_stack_lvl+0x100/0x190 [ 1595.458905][T25764] warn_alloc.cold+0x95/0x1c1 [ 1595.458962][T25764] ? __pfx_warn_alloc+0x10/0x10 [ 1595.459010][T25764] ? __lock_acquire+0x4a5/0x2630 [ 1595.459078][T25764] __vmalloc_node_range_noprof+0x1252/0x1530 [ 1595.459129][T25764] ? rcu_is_watching+0x12/0xc0 [ 1595.459174][T25764] ? trace_contention_end+0x140/0x180 [ 1595.459216][T25764] ? dvb_dvr_do_ioctl+0x15d/0x270 [ 1595.459248][T25764] ? dvb_dvr_do_ioctl+0x7e/0x270 [ 1595.459274][T25764] ? tomoyo_path_number_perm+0x28f/0x580 [ 1595.459309][T25764] ? tomoyo_path_number_perm+0x28f/0x580 [ 1595.459344][T25764] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 1595.459384][T25764] ? __pfx___mutex_lock+0x10/0x10 [ 1595.459443][T25764] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1595.459483][T25764] ? futex_wait+0x125/0x380 [ 1595.459542][T25764] ? dvb_dvr_do_ioctl+0x15d/0x270 [ 1595.459571][T25764] __vmalloc_node_noprof+0xad/0xf0 [ 1595.459618][T25764] ? dvb_dvr_do_ioctl+0x15d/0x270 [ 1595.459659][T25764] dvb_dvr_do_ioctl+0x15d/0x270 [ 1595.459699][T25764] dvb_usercopy+0x167/0x340 [ 1595.459752][T25764] ? __pfx_dvb_dvr_do_ioctl+0x10/0x10 [ 1595.459786][T25764] ? __pfx_dvb_usercopy+0x10/0x10 [ 1595.459852][T25764] ? __fget_files+0x21f/0x3d0 [ 1595.459903][T25764] dvb_dvr_ioctl+0x29/0x40 [ 1595.459933][T25764] ? __pfx_dvb_dvr_ioctl+0x10/0x10 [ 1595.459965][T25764] __x64_sys_ioctl+0x18e/0x210 [ 1595.460017][T25764] do_syscall_64+0x106/0xf80 [ 1595.460065][T25764] ? clear_bhb_loop+0x40/0x90 [ 1595.460110][T25764] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1595.460145][T25764] RIP: 0033:0x7f310cb9c799 [ 1595.460175][T25764] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1595.460211][T25764] RSP: 002b:00007f310db30028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1595.460241][T25764] RAX: ffffffffffffffda RBX: 00007f310ce15fa0 RCX: 00007f310cb9c799 [ 1595.460261][T25764] RDX: ffffffffffffffff RSI: 0000000000006f2d RDI: 0000000000000006 [ 1595.460280][T25764] RBP: 00007f310cc32c99 R08: 0000000000000000 R09: 0000000000000000 [ 1595.460300][T25764] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1595.460319][T25764] R13: 00007f310ce16038 R14: 00007f310ce15fa0 R15: 00007ffd27fd6258 [ 1595.460365][T25764] [ 1595.785064][T25764] Mem-Info: [ 1595.788230][T25764] active_anon:22129 inactive_anon:586 isolated_anon:0 [ 1595.788230][T25764] active_file:10414 inactive_file:88403 isolated_file:0 [ 1595.788230][T25764] unevictable:2693 dirty:796 writeback:0 [ 1595.788230][T25764] slab_reclaimable:13108 slab_unreclaimable:96829 [ 1595.788230][T25764] mapped:28496 shmem:4464 pagetables:1495 [ 1595.788230][T25764] sec_pagetables:0 bounce:0 [ 1595.788230][T25764] kernel_misc_reclaimable:0 [ 1595.788230][T25764] free:1251576 free_pcp:16613 free_cma:0 [ 1595.977257][T25764] Node 0 active_anon:92732kB inactive_anon:2344kB active_file:41572kB inactive_file:353304kB unevictable:8696kB isolated(anon):0kB isolated(file):0kB mapped:113432kB dirty:3224kB writeback:0kB shmem:19752kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:43008kB kernel_stack:11776kB pagetables:6008kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 1596.019382][T25764] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:180kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:12kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:32kB pagetables:148kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 1596.142372][T25764] Node 0 DMA free:11172kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:4096kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:92kB local_pcp:0kB free_cma:0kB [ 1596.208447][T25764] lowmem_reserve[]: 0 2477 2478 2478 2478 [ 1596.239203][T25764] Node 0 DMA32 free:1094948kB boost:0kB min:34304kB low:42880kB high:51456kB reserved_highatomic:0KB free_highatomic:0KB active_anon:88636kB inactive_anon:2344kB active_file:41572kB inactive_file:353292kB unevictable:8708kB writepending:3224kB zspages:0kB present:3129332kB managed:2537384kB mlocked:7280kB bounce:0kB free_pcp:25416kB local_pcp:5056kB free_cma:0kB [ 1596.327032][T25770] FAULT_INJECTION: forcing a failure. [ 1596.327032][T25770] name failslab, interval 1, probability 0, space 0, times 0 [ 1596.388214][T25764] lowmem_reserve[]: 0 0 1 1 1 [ 1596.398540][T25770] CPU: 0 UID: 0 PID: 25770 Comm: syz.3.3951 Tainted: G L syzkaller #0 PREEMPT(full) [ 1596.398593][T25770] Tainted: [L]=SOFTLOCKUP [ 1596.398605][T25770] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1596.398626][T25770] Call Trace: [ 1596.398639][T25770] [ 1596.398652][T25770] dump_stack_lvl+0x100/0x190 [ 1596.398707][T25770] should_fail_ex.cold+0x5/0xa [ 1596.398754][T25770] ? alloc_pipe_info+0x1ec/0x590 [ 1596.398787][T25770] should_failslab+0xc2/0x120 [ 1596.398823][T25770] __kmalloc_noprof+0xe0/0x850 [ 1596.398880][T25770] alloc_pipe_info+0x1ec/0x590 [ 1596.398919][T25770] splice_direct_to_actor+0x78f/0xa30 [ 1596.398954][T25770] ? __lock_acquire+0x4a5/0x2630 [ 1596.398994][T25770] ? __pfx_direct_splice_actor+0x10/0x10 [ 1596.399054][T25770] ? __pfx_aa_file_perm+0x10/0x10 [ 1596.399100][T25770] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 1596.399156][T25770] do_splice_direct+0x174/0x240 [ 1596.399191][T25770] ? __pfx_do_splice_direct+0x10/0x10 [ 1596.399227][T25770] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 1596.399284][T25770] ? bpf_lsm_file_permission+0x9/0x10 [ 1596.399338][T25770] ? security_file_permission+0x76/0x210 [ 1596.399379][T25770] ? rw_verify_area+0xce/0x6d0 [ 1596.399432][T25770] do_sendfile+0xadc/0xe20 [ 1596.399489][T25770] ? __pfx_do_sendfile+0x10/0x10 [ 1596.399541][T25770] ? __fget_files+0x21f/0x3d0 [ 1596.399583][T25770] __x64_sys_sendfile64+0x1d8/0x220 [ 1596.399621][T25770] ? ksys_write+0x1ac/0x250 [ 1596.399650][T25770] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 1596.399702][T25770] do_syscall_64+0x106/0xf80 [ 1596.399755][T25770] ? clear_bhb_loop+0x40/0x90 [ 1596.399798][T25770] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1596.399832][T25770] RIP: 0033:0x7f3da1d9c799 [ 1596.399860][T25770] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1596.399892][T25770] RSP: 002b:00007f3da2d3b028 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1596.399925][T25770] RAX: ffffffffffffffda RBX: 00007f3da2015fa0 RCX: 00007f3da1d9c799 [ 1596.399947][T25770] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000005 [ 1596.399967][T25770] RBP: 00007f3da2d3b090 R08: 0000000000000000 R09: 0000000000000000 [ 1596.399988][T25770] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000001 [ 1596.400008][T25770] R13: 00007f3da2016038 R14: 00007f3da2015fa0 R15: 00007ffcbbfeed08 [ 1596.400052][T25770] [ 1596.698248][T25764] Node 0 Normal free:0kB boost:0kB min:12kB low:12kB high:12kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:1060kB mlocked:0kB bounce:0kB free_pcp:16kB local_pcp:12kB free_cma:0kB [ 1596.728232][T25764] lowmem_reserve[]: 0 0 0 0 0 [ 1596.733020][T25764] Node 1 Normal free:3895852kB boost:0kB min:55580kB low:69472kB high:83364kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:180kB unevictable:1536kB writepending:0kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:42384kB local_pcp:19824kB free_cma:0kB [ 1596.766675][T25764] lowmem_reserve[]: 0 0 0 0 0 [ 1596.772172][T25764] Node 0 DMA: 1*4kB (M) 0*8kB 0*16kB 1*32kB (M) 0*64kB 1*128kB (M) 1*256kB (M) 1*512kB (M) 2*1024kB (UM) 0*2048kB 2*4096kB (U) = 11172kB [ 1596.787272][T25764] Node 0 DMA32: 3689*4kB (UE) 6450*8kB (UME) 4358*16kB (UME) 2192*32kB (UME) 1718*64kB (UME) 1026*128kB (UME) 817*256kB (UME) 296*512kB (UME) 280*1024kB (UM) 0*2048kB 0*4096kB = 1094932kB [ 1596.806121][T25764] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1596.818729][T25764] Node 1 Normal: 5*4kB (UM) 5*8kB (U) 7*16kB (UM) 12*32kB (U) 8*64kB (UM) 6*128kB (UM) 5*256kB (UM) 5*512kB (UM) 3*1024kB (UM) 6*2048kB (UM) 946*4096kB (UM) = 3895852kB [ 1596.837111][T25764] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1596.847049][T25764] Node 0 hugepages_total=3 hugepages_free=3 hugepages_surp=0 hugepages_size=2048kB [ 1596.856835][T25764] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1596.867601][T25764] Node 1 hugepages_total=1 hugepages_free=1 hugepages_surp=0 hugepages_size=2048kB [ 1596.878214][T25764] 102497 total pagecache pages [ 1596.883272][T25764] 10 pages in swap cache [ 1596.887989][T25764] Free swap = 124988kB [ 1596.892335][T25764] Total swap = 124996kB [ 1596.896519][T25764] 2097051 pages RAM [ 1596.900422][T25764] 0 pages HighMem/MovableOnly [ 1596.905288][T25764] 430825 pages reserved [ 1596.909962][T25764] 0 pages cma reserved [ 1597.259155][ T29] audit: type=1800 audit(4294967583.950:168): pid=25778 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.3954" name="SYSV00000008" dev="tmpfs" ino=0 res=0 errno=0 [ 1597.300463][T25780] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3953'. [ 1598.583742][T25801] netlink: 330 bytes leftover after parsing attributes in process `syz.3.3958'. [ 1599.035380][T25812] FAULT_INJECTION: forcing a failure. [ 1599.035380][T25812] name fail_futex, interval 1, probability 0, space 0, times 0 [ 1599.065269][T25812] CPU: 0 UID: 0 PID: 25812 Comm: syz.1.3963 Tainted: G L syzkaller #0 PREEMPT(full) [ 1599.065329][T25812] Tainted: [L]=SOFTLOCKUP [ 1599.065343][T25812] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1599.065364][T25812] Call Trace: [ 1599.065376][T25812] [ 1599.065389][T25812] dump_stack_lvl+0x100/0x190 [ 1599.065449][T25812] should_fail_ex.cold+0x5/0xa [ 1599.065501][T25812] get_futex_key+0x1d2/0x1620 [ 1599.065548][T25812] ? __pfx_get_futex_key+0x10/0x10 [ 1599.065606][T25812] futex_wake+0xea/0x530 [ 1599.065679][T25812] ? __pfx_futex_wake+0x10/0x10 [ 1599.065736][T25812] ? putname+0xb1/0x110 [ 1599.065772][T25812] ? kmem_cache_free+0x124/0x6a0 [ 1599.065827][T25812] do_futex+0x32b/0x350 [ 1599.065874][T25812] ? __pfx_do_futex+0x10/0x10 [ 1599.065917][T25812] ? __pfx_do_sys_openat2+0x10/0x10 [ 1599.065963][T25812] ? __do_sys_capset+0xfb/0x460 [ 1599.066005][T25812] __x64_sys_futex+0x34f/0x4d0 [ 1599.066052][T25812] ? __x64_sys_openat+0x12d/0x210 [ 1599.066098][T25812] ? __pfx___x64_sys_futex+0x10/0x10 [ 1599.066160][T25812] do_syscall_64+0x106/0xf80 [ 1599.066208][T25812] ? clear_bhb_loop+0x40/0x90 [ 1599.066252][T25812] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1599.066287][T25812] RIP: 0033:0x7f07ceb9c799 [ 1599.066315][T25812] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1599.066350][T25812] RSP: 002b:00007f07cf9a30e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1599.066385][T25812] RAX: ffffffffffffffda RBX: 00007f07cee15fa8 RCX: 00007f07ceb9c799 [ 1599.066409][T25812] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f07cee15fac [ 1599.066432][T25812] RBP: 00007f07cee15fa0 R08: 0000000000000000 R09: 0000000000000000 [ 1599.066454][T25812] R10: 0000000000000005 R11: 0000000000000246 R12: 0000000000000000 [ 1599.066484][T25812] R13: 00007f07cee16038 R14: 00007ffcfbb82670 R15: 00007ffcfbb82758 [ 1599.066529][T25812] [ 1599.067890][T25812] program syz.1.3963 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1599.879535][T25825] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3966'. [ 1601.629357][T13870] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 1602.333886][T25860] FAULT_INJECTION: forcing a failure. [ 1602.333886][T25860] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1602.374571][T25860] CPU: 0 UID: 0 PID: 25860 Comm: syz.1.3976 Tainted: G L syzkaller #0 PREEMPT(full) [ 1602.374623][T25860] Tainted: [L]=SOFTLOCKUP [ 1602.374636][T25860] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1602.374656][T25860] Call Trace: [ 1602.374667][T25860] [ 1602.374681][T25860] dump_stack_lvl+0x100/0x190 [ 1602.374738][T25860] should_fail_ex.cold+0x5/0xa [ 1602.374788][T25860] _copy_to_user+0x32/0xd0 [ 1602.374830][T25860] simple_read_from_buffer+0xcb/0x170 [ 1602.374886][T25860] proc_fail_nth_read+0x1af/0x230 [ 1602.374928][T25860] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1602.374973][T25860] ? rw_verify_area+0xce/0x6d0 [ 1602.375021][T25860] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1602.375061][T25860] vfs_read+0x1e4/0xb30 [ 1602.375119][T25860] ? __pfx_vfs_read+0x10/0x10 [ 1602.375169][T25860] ? do_sys_openat2+0x157/0x1e0 [ 1602.375234][T25860] ksys_read+0x12a/0x250 [ 1602.375286][T25860] ? __pfx_ksys_read+0x10/0x10 [ 1602.375351][T25860] do_syscall_64+0x106/0xf80 [ 1602.375395][T25860] ? clear_bhb_loop+0x40/0x90 [ 1602.375436][T25860] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1602.375470][T25860] RIP: 0033:0x7f07ceb5cfce [ 1602.375498][T25860] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 1602.375531][T25860] RSP: 002b:00007f07cf9a2fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1602.375562][T25860] RAX: ffffffffffffffda RBX: 00007f07cf9a36c0 RCX: 00007f07ceb5cfce [ 1602.375584][T25860] RDX: 000000000000000f RSI: 00007f07cf9a30a0 RDI: 0000000000000009 [ 1602.375603][T25860] RBP: 00007f07cf9a3090 R08: 0000000000000000 R09: 0000000000000000 [ 1602.375622][T25860] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1602.375640][T25860] R13: 00007f07cee16038 R14: 00007f07cee15fa0 R15: 00007ffcfbb82758 [ 1602.375682][T25860] [ 1604.341667][T25873] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input17 [ 1604.614880][T25885] FAULT_INJECTION: forcing a failure. [ 1604.614880][T25885] name fail_futex, interval 1, probability 0, space 0, times 0 [ 1604.736264][T25885] CPU: 0 UID: 0 PID: 25885 Comm: syz.2.3980 Tainted: G L syzkaller #0 PREEMPT(full) [ 1604.736323][T25885] Tainted: [L]=SOFTLOCKUP [ 1604.736337][T25885] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1604.736358][T25885] Call Trace: [ 1604.736372][T25885] [ 1604.736386][T25885] dump_stack_lvl+0x100/0x190 [ 1604.736446][T25885] should_fail_ex.cold+0x5/0xa [ 1604.736490][T25885] get_futex_key+0x1d2/0x1620 [ 1604.736549][T25885] ? __pfx_get_futex_key+0x10/0x10 [ 1604.736608][T25885] futex_wake+0xea/0x530 [ 1604.736667][T25885] ? __pfx_futex_wake+0x10/0x10 [ 1604.736727][T25885] ? putname+0xb1/0x110 [ 1604.736763][T25885] ? kmem_cache_free+0x124/0x6a0 [ 1604.736821][T25885] do_futex+0x32b/0x350 [ 1604.736868][T25885] ? __pfx_do_futex+0x10/0x10 [ 1604.736911][T25885] ? __pfx_do_sys_openat2+0x10/0x10 [ 1604.736962][T25885] ? __do_sys_capset+0xfb/0x460 [ 1604.737002][T25885] __x64_sys_futex+0x34f/0x4d0 [ 1604.737051][T25885] ? __x64_sys_openat+0x12d/0x210 [ 1604.737099][T25885] ? __pfx___x64_sys_futex+0x10/0x10 [ 1604.737162][T25885] do_syscall_64+0x106/0xf80 [ 1604.737211][T25885] ? clear_bhb_loop+0x40/0x90 [ 1604.737254][T25885] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1604.737291][T25885] RIP: 0033:0x7f6ea2b9c799 [ 1604.737321][T25885] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1604.737356][T25885] RSP: 002b:00007f6ea3b3a0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1604.737390][T25885] RAX: ffffffffffffffda RBX: 00007f6ea2e15fa8 RCX: 00007f6ea2b9c799 [ 1604.737414][T25885] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f6ea2e15fac [ 1604.737447][T25885] RBP: 00007f6ea2e15fa0 R08: 0000000000000000 R09: 0000000000000000 [ 1604.737470][T25885] R10: 0000000000000005 R11: 0000000000000246 R12: 0000000000000000 [ 1604.737491][T25885] R13: 00007f6ea2e16038 R14: 00007ffe1004db30 R15: 00007ffe1004dc18 [ 1604.737544][T25885] [ 1604.737679][T25885] program syz.2.3980 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1605.438515][T25883] FAULT_INJECTION: forcing a failure. [ 1605.438515][T25883] name failslab, interval 1, probability 0, space 0, times 0 [ 1605.469419][T25883] CPU: 1 UID: 0 PID: 25883 Comm: syz.1.3989 Tainted: G L syzkaller #0 PREEMPT(full) [ 1605.469477][T25883] Tainted: [L]=SOFTLOCKUP [ 1605.469491][T25883] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1605.469514][T25883] Call Trace: [ 1605.469547][T25883] [ 1605.469563][T25883] dump_stack_lvl+0x100/0x190 [ 1605.469624][T25883] should_fail_ex.cold+0x5/0xa [ 1605.469666][T25883] should_failslab+0xc2/0x120 [ 1605.469704][T25883] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1605.469751][T25883] ? alloc_fs_context+0x57/0xf40 [ 1605.469800][T25883] alloc_fs_context+0x57/0xf40 [ 1605.469848][T25883] mq_init_ns+0x16e/0x820 [ 1605.469888][T25883] copy_ipcs+0x3dd/0x7e0 [ 1605.469926][T25883] create_new_namespaces+0x20a/0xac0 [ 1605.469965][T25883] ? security_capable+0x80/0x260 [ 1605.470027][T25883] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 1605.470070][T25883] ksys_unshare+0x473/0xad0 [ 1605.470119][T25883] ? __pfx_ksys_unshare+0x10/0x10 [ 1605.470181][T25883] __x64_sys_unshare+0x31/0x40 [ 1605.470224][T25883] do_syscall_64+0x106/0xf80 [ 1605.470274][T25883] ? clear_bhb_loop+0x40/0x90 [ 1605.470319][T25883] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1605.470355][T25883] RIP: 0033:0x7f07ceb9c799 [ 1605.470385][T25883] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1605.470422][T25883] RSP: 002b:00007f07cf9a3028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 1605.470457][T25883] RAX: ffffffffffffffda RBX: 00007f07cee15fa0 RCX: 00007f07ceb9c799 [ 1605.470480][T25883] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000006c000000 [ 1605.470503][T25883] RBP: 00007f07cec32c99 R08: 0000000000000000 R09: 0000000000000000 [ 1605.470538][T25883] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1605.470560][T25883] R13: 00007f07cee16038 R14: 00007f07cee15fa0 R15: 00007ffcfbb82758 [ 1605.470608][T25883] [ 1605.882970][T25879] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input18 [ 1607.110532][T25907] FAULT_INJECTION: forcing a failure. [ 1607.110532][T25907] name failslab, interval 1, probability 0, space 0, times 0 [ 1607.139226][T25907] CPU: 1 UID: 0 PID: 25907 Comm: syz.1.3986 Tainted: G L syzkaller #0 PREEMPT(full) [ 1607.139286][T25907] Tainted: [L]=SOFTLOCKUP [ 1607.139299][T25907] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1607.139319][T25907] Call Trace: [ 1607.139330][T25907] [ 1607.139343][T25907] dump_stack_lvl+0x100/0x190 [ 1607.139395][T25907] should_fail_ex.cold+0x5/0xa [ 1607.139432][T25907] ? copy_splice_read+0x1a3/0xb90 [ 1607.139477][T25907] should_failslab+0xc2/0x120 [ 1607.139506][T25907] __kmalloc_noprof+0xe0/0x850 [ 1607.139554][T25907] copy_splice_read+0x1a3/0xb90 [ 1607.139608][T25907] ? __pfx_copy_splice_read+0x10/0x10 [ 1607.139656][T25907] ? look_up_lock_class+0x55/0x120 [ 1607.139701][T25907] ? lockdep_init_map_type+0x5c/0x250 [ 1607.139740][T25907] ? __pfx_pipe_lock_cmp_fn+0x10/0x10 [ 1607.139787][T25907] ? __pfx_copy_splice_read+0x10/0x10 [ 1607.139831][T25907] do_splice_read+0x285/0x370 [ 1607.139861][T25907] splice_direct_to_actor+0x2a1/0xa30 [ 1607.139891][T25907] ? __pfx_direct_splice_actor+0x10/0x10 [ 1607.139949][T25907] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 1607.139987][T25907] do_splice_direct+0x174/0x240 [ 1607.140015][T25907] ? __pfx_do_splice_direct+0x10/0x10 [ 1607.140044][T25907] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 1607.140091][T25907] ? bpf_lsm_file_permission+0x9/0x10 [ 1607.140133][T25907] ? security_file_permission+0x76/0x210 [ 1607.140169][T25907] ? rw_verify_area+0xce/0x6d0 [ 1607.140212][T25907] do_sendfile+0xadc/0xe20 [ 1607.140268][T25907] ? __pfx_do_sendfile+0x10/0x10 [ 1607.140311][T25907] ? __fget_files+0x21f/0x3d0 [ 1607.140346][T25907] __x64_sys_sendfile64+0x1d8/0x220 [ 1607.140376][T25907] ? ksys_write+0x1ac/0x250 [ 1607.140400][T25907] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 1607.140442][T25907] do_syscall_64+0x106/0xf80 [ 1607.140479][T25907] ? clear_bhb_loop+0x40/0x90 [ 1607.140513][T25907] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1607.140541][T25907] RIP: 0033:0x7f07ceb9c799 [ 1607.140564][T25907] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1607.140591][T25907] RSP: 002b:00007f07cf9a3028 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1607.140618][T25907] RAX: ffffffffffffffda RBX: 00007f07cee15fa0 RCX: 00007f07ceb9c799 [ 1607.140637][T25907] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000005 [ 1607.140654][T25907] RBP: 00007f07cf9a3090 R08: 0000000000000000 R09: 0000000000000000 [ 1607.140672][T25907] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000001 [ 1607.140688][T25907] R13: 00007f07cee16038 R14: 00007f07cee15fa0 R15: 00007ffcfbb82758 [ 1607.140724][T25907] [ 1610.699489][T25939] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1610.749603][T13870] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 1610.801387][T25939] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1610.879461][T25939] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1610.885599][T25939] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1611.185738][T25949] FAULT_INJECTION: forcing a failure. [ 1611.185738][T25949] name failslab, interval 1, probability 0, space 0, times 0 [ 1611.199219][T25949] CPU: 1 UID: 0 PID: 25949 Comm: syz.3.3999 Tainted: G L syzkaller #0 PREEMPT(full) [ 1611.199270][T25949] Tainted: [L]=SOFTLOCKUP [ 1611.199283][T25949] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1611.199303][T25949] Call Trace: [ 1611.199314][T25949] [ 1611.199328][T25949] dump_stack_lvl+0x100/0x190 [ 1611.199388][T25949] should_fail_ex.cold+0x5/0xa [ 1611.199427][T25949] ? tomoyo_encode2+0xfb/0x3c0 [ 1611.199470][T25949] should_failslab+0xc2/0x120 [ 1611.199506][T25949] __kmalloc_noprof+0xe0/0x850 [ 1611.199544][T25949] ? rcu_is_watching+0x12/0xc0 [ 1611.199587][T25949] tomoyo_encode2+0xfb/0x3c0 [ 1611.199622][T25949] tomoyo_encode+0x29/0x50 [ 1611.199652][T25949] tomoyo_realpath_from_path+0x18c/0x690 [ 1611.199691][T25949] tomoyo_path_number_perm+0x23c/0x580 [ 1611.199716][T25949] ? tomoyo_path_number_perm+0x22e/0x580 [ 1611.199745][T25949] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1611.199773][T25949] ? find_held_lock+0x2b/0x80 [ 1611.199822][T25949] ? find_held_lock+0x2b/0x80 [ 1611.199844][T25949] ? current_check_access_path+0x281/0x460 [ 1611.199877][T25949] ? __pfx_current_check_access_path+0x10/0x10 [ 1611.199910][T25949] ? d_alloc_parallel+0x864/0x14e0 [ 1611.199952][T25949] tomoyo_path_mknod+0x164/0x190 [ 1611.199988][T25949] ? __pfx_tomoyo_path_mknod+0x10/0x10 [ 1611.200028][T25949] ? find_held_lock+0x2b/0x80 [ 1611.200051][T25949] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1611.200096][T25949] security_path_mknod+0x161/0x300 [ 1611.200131][T25949] may_o_create+0x30/0x3a0 [ 1611.200168][T25949] lookup_open.isra.0+0xa0d/0x11b0 [ 1611.200210][T25949] ? __pfx_lookup_open.isra.0+0x10/0x10 [ 1611.200296][T25949] ? __pfx___might_resched+0x10/0x10 [ 1611.200343][T25949] ? mnt_get_write_access+0x52/0x2f0 [ 1611.200396][T25949] ? __pfx_down_write+0x10/0x10 [ 1611.200445][T25949] ? mnt_get_write_access+0x1e9/0x2f0 [ 1611.200482][T25949] path_openat+0x2291/0x31a0 [ 1611.200521][T25949] ? __pfx_path_openat+0x10/0x10 [ 1611.200565][T25949] do_file_open+0x20e/0x430 [ 1611.200598][T25949] ? __pfx_do_file_open+0x10/0x10 [ 1611.200633][T25949] ? __pfx_kfree_link+0x10/0x10 [ 1611.200675][T25949] ? alloc_fd+0x476/0x790 [ 1611.200701][T25949] ? do_getname+0x191/0x390 [ 1611.200734][T25949] do_sys_openat2+0x10d/0x1e0 [ 1611.200766][T25949] ? __pfx_do_sys_openat2+0x10/0x10 [ 1611.200797][T25949] ? fd_install+0x24f/0x580 [ 1611.200826][T25949] __x64_sys_openat+0x12d/0x210 [ 1611.200859][T25949] ? __pfx___x64_sys_openat+0x10/0x10 [ 1611.200889][T25949] ? ksys_write+0x1ac/0x250 [ 1611.200920][T25949] do_syscall_64+0x106/0xf80 [ 1611.200954][T25949] ? clear_bhb_loop+0x40/0x90 [ 1611.200985][T25949] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1611.201017][T25949] RIP: 0033:0x7f3da1d9c799 [ 1611.201037][T25949] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1611.201060][T25949] RSP: 002b:00007f3da2d3b028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1611.201083][T25949] RAX: ffffffffffffffda RBX: 00007f3da2015fa0 RCX: 00007f3da1d9c799 [ 1611.201099][T25949] RDX: 00000000001cb842 RSI: 0000200000000100 RDI: ffffffffffffff9c [ 1611.201115][T25949] RBP: 00007f3da2d3b090 R08: 0000000000000000 R09: 0000000000000000 [ 1611.201130][T25949] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1611.201145][T25949] R13: 00007f3da2016038 R14: 00007f3da2015fa0 R15: 00007ffcbbfeed08 [ 1611.201176][T25949] [ 1611.201299][T25949] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1612.749368][T14470] Bluetooth: hci4: command 0x040f tx timeout [ 1612.831695][T14470] Bluetooth: hci0: command 0x041b tx timeout [ 1612.909304][T14470] Bluetooth: hci2: command 0x040f tx timeout [ 1612.916056][T14470] Bluetooth: hci1: command 0x041b tx timeout [ 1613.377026][T25965] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4004'. [ 1618.350755][T26037] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4018'. [ 1618.990410][T14470] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 1625.416521][T26126] futex_wake_op: syz.2.4039 tries to shift op by -2048; fix this program [ 1625.439469][T26126] 0x000000000001-0x000000020000 : "" [ 1625.528458][T26126] ftl_cs: FTL header corrupt! [ 1625.759753][T26133] MTRR 1 not used [ 1627.418970][T26160] futex_wake_op: syz.1.4049 tries to shift op by -2048; fix this program [ 1627.468498][T26160] futex_wake_op: syz.1.4049 tries to shift op by -2048; fix this program [ 1627.626922][T26158] 0x000000000001-0x000000020000 : "" [ 1627.914551][T26158] ftl_cs: FTL header corrupt! [ 1631.331309][T14470] Bluetooth: hci0: unexpected event 0x1c length: 725 > 5 [ 1631.875221][T14470] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 1631.888229][T14470] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 1631.904048][T14470] Bluetooth: hci0: Unknown advertising packet type: 0x7f [ 1631.904114][T14470] Bluetooth: hci0: adv larger than maximum supported [ 1631.915436][T14470] Bluetooth: hci0: Unknown advertising packet type: 0x11 [ 1631.926298][T14470] Bluetooth: hci0: adv larger than maximum supported [ 1631.936582][T14470] Bluetooth: hci0: Unknown advertising packet type: 0x7f [ 1631.996917][T14470] Bluetooth: hci0: adv larger than maximum supported [ 1632.008961][T14470] Bluetooth: hci0: Unknown advertising packet type: 0x37 [ 1632.015944][T14470] Bluetooth: hci0: Malformed LE Event: 0x0d [ 1632.122276][T26205] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1632.128658][T26205] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1632.134926][T26205] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1632.149761][T26205] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1633.145520][T26222] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate. [ 1634.189333][T14470] Bluetooth: hci2: command 0x040f tx timeout [ 1634.195487][T13870] Bluetooth: hci1: command 0x041b tx timeout [ 1634.201642][T24162] Bluetooth: hci0: command 0x041b tx timeout [ 1634.207716][T24162] Bluetooth: hci4: command 0x040f tx timeout [ 1636.681456][T26261] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1636.739362][T26261] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1636.769982][T26261] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1636.851172][T26261] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1637.135850][T26266] futex_wake_op: syz.1.4077 tries to shift op by -2048; fix this program [ 1637.158770][T26266] 0x000000000001-0x000000020000 : "" [ 1637.419732][T26266] ftl_cs: FTL header corrupt! [ 1638.658138][T26292] FAULT_INJECTION: forcing a failure. [ 1638.658138][T26292] name failslab, interval 1, probability 0, space 0, times 0 [ 1638.710328][T26292] CPU: 0 UID: 0 PID: 26292 Comm: syz.2.4084 Tainted: G L syzkaller #0 PREEMPT(full) [ 1638.710378][T26292] Tainted: [L]=SOFTLOCKUP [ 1638.710391][T26292] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1638.710411][T26292] Call Trace: [ 1638.710422][T26292] [ 1638.710435][T26292] dump_stack_lvl+0x100/0x190 [ 1638.710489][T26292] should_fail_ex.cold+0x5/0xa [ 1638.710527][T26292] should_failslab+0xc2/0x120 [ 1638.710562][T26292] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 1638.710613][T26292] ? proc_reg_open+0x23f/0x5f0 [ 1638.710672][T26292] proc_reg_open+0x23f/0x5f0 [ 1638.710727][T26292] do_dentry_open+0x6d8/0x1660 [ 1638.710769][T26292] ? __pfx_proc_reg_open+0x10/0x10 [ 1638.710829][T26292] vfs_open+0x82/0x3f0 [ 1638.710874][T26292] path_openat+0x208c/0x31a0 [ 1638.710919][T26292] ? __pfx_path_openat+0x10/0x10 [ 1638.710967][T26292] do_file_open+0x20e/0x430 [ 1638.711004][T26292] ? __pfx_do_file_open+0x10/0x10 [ 1638.711052][T26292] ? __pfx_kfree_link+0x10/0x10 [ 1638.711110][T26292] ? alloc_fd+0x476/0x790 [ 1638.711147][T26292] ? do_getname+0x191/0x390 [ 1638.711190][T26292] do_sys_openat2+0x10d/0x1e0 [ 1638.711232][T26292] ? __pfx_do_sys_openat2+0x10/0x10 [ 1638.711275][T26292] ? fd_install+0x24f/0x580 [ 1638.711316][T26292] __x64_sys_openat+0x12d/0x210 [ 1638.711359][T26292] ? __pfx___x64_sys_openat+0x10/0x10 [ 1638.711401][T26292] ? ksys_write+0x1ac/0x250 [ 1638.711445][T26292] do_syscall_64+0x106/0xf80 [ 1638.711480][T26292] ? clear_bhb_loop+0x40/0x90 [ 1638.711510][T26292] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1638.711535][T26292] RIP: 0033:0x7f6ea2b9c799 [ 1638.711555][T26292] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1638.711579][T26292] RSP: 002b:00007f6ea3b19028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1638.711602][T26292] RAX: ffffffffffffffda RBX: 00007f6ea2e16090 RCX: 00007f6ea2b9c799 [ 1638.711618][T26292] RDX: 00000000001cb842 RSI: 0000200000000100 RDI: ffffffffffffff9c [ 1638.711633][T26292] RBP: 00007f6ea3b19090 R08: 0000000000000000 R09: 0000000000000000 [ 1638.711647][T26292] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1638.711662][T26292] R13: 00007f6ea2e16128 R14: 00007f6ea2e16090 R15: 00007ffe1004dc18 [ 1638.711692][T26292] [ 1638.951537][T24162] Bluetooth: hci0: command 0x041b tx timeout [ 1638.957605][T24162] Bluetooth: hci4: command 0x040f tx timeout [ 1638.963683][T24162] Bluetooth: hci1: command 0x041b tx timeout [ 1638.969710][T24162] Bluetooth: hci2: command 0x040f tx timeout [ 1642.458238][T26324] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1642.468538][T26324] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1642.478670][T26324] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1642.519594][T26324] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1642.846774][T26340] futex_wake_op: syz.3.4098 tries to shift op by -2048; fix this program [ 1642.879483][T26340] 0x000000000001-0x000000020000 : "" [ 1642.922895][T26340] ftl_cs: FTL header corrupt! [ 1644.350422][T14470] Bluetooth: hci4: command 0x040f tx timeout [ 1644.513119][T14470] Bluetooth: hci1: command 0x041b tx timeout [ 1644.519252][T24162] Bluetooth: hci0: command 0x041b tx timeout [ 1644.589316][T14470] Bluetooth: hci2: command 0x040f tx timeout [ 1645.491926][T26374] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 1646.270026][T26379] Invalid ELF header magic: != ELF [ 1647.508492][T26406] ================================================================== [ 1647.508529][T26406] BUG: KASAN: slab-out-of-bounds in fbcon_prepare_logo+0x94e/0xc60 [ 1647.508630][T26406] Read of size 256 at addr ffff888076746380 by task syz.2.4121/26406 [ 1647.508662][T26406] [ 1647.508683][T26406] CPU: 1 UID: 0 PID: 26406 Comm: syz.2.4121 Tainted: G L syzkaller #0 PREEMPT(full) [ 1647.508734][T26406] Tainted: [L]=SOFTLOCKUP [ 1647.508747][T26406] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1647.508768][T26406] Call Trace: [ 1647.508779][T26406] [ 1647.508794][T26406] dump_stack_lvl+0x100/0x190 [ 1647.508847][T26406] print_report+0x156/0x4c9 [ 1647.508896][T26406] ? __virt_addr_valid+0x81/0x620 [ 1647.508941][T26406] ? __phys_addr+0xe8/0x180 [ 1647.508987][T26406] ? fbcon_prepare_logo+0x94e/0xc60 [ 1647.509024][T26406] kasan_report+0xdf/0x1e0 [ 1647.509059][T26406] ? fbcon_prepare_logo+0x94e/0xc60 [ 1647.509099][T26406] kasan_check_range+0x10f/0x1e0 [ 1647.509149][T26406] __asan_memcpy+0x23/0x60 [ 1647.509198][T26406] fbcon_prepare_logo+0x94e/0xc60 [ 1647.509244][T26406] fbcon_init+0x10a0/0x1820 [ 1647.509286][T26406] visual_init+0x320/0x620 [ 1647.509384][T26406] do_bind_con_driver.isra.0+0x636/0x9c0 [ 1647.509440][T26406] store_bind+0x609/0x730 [ 1647.509491][T26406] ? __pfx_store_bind+0x10/0x10 [ 1647.509537][T26406] dev_attr_store+0x58/0x80 [ 1647.509611][T26406] ? __pfx_dev_attr_store+0x10/0x10 [ 1647.509650][T26406] sysfs_kf_write+0xf2/0x150 [ 1647.509696][T26406] kernfs_fop_write_iter+0x3e0/0x5f0 [ 1647.509733][T26406] ? __pfx_sysfs_kf_write+0x10/0x10 [ 1647.509779][T26406] vfs_write+0x6ac/0x1070 [ 1647.509836][T26406] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 1647.509877][T26406] ? __pfx_vfs_write+0x10/0x10 [ 1647.509945][T26406] ksys_write+0x12a/0x250 [ 1647.509976][T26406] ? __pfx_ksys_write+0x10/0x10 [ 1647.510007][T26406] ? kcov_ioctl+0x16a/0x720 [ 1647.510044][T26406] do_syscall_64+0x106/0xf80 [ 1647.510094][T26406] ? clear_bhb_loop+0x40/0x90 [ 1647.510137][T26406] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1647.510173][T26406] RIP: 0033:0x7f6ea2b9c799 [ 1647.510202][T26406] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1647.510239][T26406] RSP: 002b:00007f6ea3af8028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1647.510273][T26406] RAX: ffffffffffffffda RBX: 00007f6ea2e16180 RCX: 00007f6ea2b9c799 [ 1647.510297][T26406] RDX: 0000000000000084 RSI: 0000200000000040 RDI: 0000000000000003 [ 1647.510319][T26406] RBP: 00007f6ea2c32c99 R08: 0000000000000000 R09: 0000000000000000 [ 1647.510341][T26406] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1647.510362][T26406] R13: 00007f6ea2e16218 R14: 00007f6ea2e16180 R15: 00007ffe1004dc18 [ 1647.510397][T26406] [ 1647.510411][T26406] [ 1647.510420][T26406] Allocated by task 26155: [ 1647.510438][T26406] kasan_save_stack+0x30/0x50 [ 1647.510490][T26406] kasan_save_track+0x14/0x30 [ 1647.510542][T26406] __kasan_slab_alloc+0x89/0x90 [ 1647.510579][T26406] kmem_cache_alloc_node_noprof+0x25a/0x6f0 [ 1647.510633][T26406] kmalloc_reserve+0x148/0x350 [ 1647.510668][T26406] __alloc_skb+0x185/0x710 [ 1647.510710][T26406] alloc_uevent_skb+0x7d/0x210 [ 1647.510743][T26406] kobject_uevent_env+0x122c/0x18b0 [ 1647.510778][T26406] netdev_queue_update_kobjects+0x1a7/0x6f0 [ 1647.510835][T26406] netdev_register_kobject+0x2b3/0x3d0 [ 1647.510890][T26406] register_netdevice+0x12e0/0x2210 [ 1647.510941][T26406] __ip_tunnel_create+0x52b/0x670 [ 1647.510993][T26406] ip_tunnel_init_net+0x230/0x780 [ 1647.511045][T26406] vti_init_net+0x2e/0x140 [ 1647.511109][T26406] ops_init+0x1e2/0x5f0 [ 1647.511157][T26406] setup_net+0x118/0x3a0 [ 1647.511205][T26406] copy_net_ns+0x46f/0x7c0 [ 1647.511233][T26406] create_new_namespaces+0x3ea/0xac0 [ 1647.511268][T26406] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 1647.511304][T26406] ksys_unshare+0x473/0xad0 [ 1647.511344][T26406] __x64_sys_unshare+0x31/0x40 [ 1647.511385][T26406] do_syscall_64+0x106/0xf80 [ 1647.511432][T26406] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1647.511467][T26406] [ 1647.511476][T26406] Freed by task 26155: [ 1647.511492][T26406] kasan_save_stack+0x30/0x50 [ 1647.511543][T26406] kasan_save_track+0x14/0x30 [ 1647.511602][T26406] kasan_save_free_info+0x3b/0x70 [ 1647.511645][T26406] __kasan_slab_free+0x5f/0x80 [ 1647.511675][T26406] kmem_cache_free+0x124/0x6a0 [ 1647.511718][T26406] skb_free_head+0x1c6/0x220 [ 1647.511758][T26406] skb_release_data+0x79b/0x9d0 [ 1647.511803][T26406] consume_skb+0xc4/0x110 [ 1647.511852][T26406] netlink_broadcast_filtered+0x3cc/0xf50 [ 1647.511904][T26406] netlink_broadcast+0x39/0x50 [ 1647.511950][T26406] kobject_uevent_env+0x1313/0x18b0 [ 1647.511985][T26406] netdev_queue_update_kobjects+0x1a7/0x6f0 [ 1647.512041][T26406] netdev_register_kobject+0x2b3/0x3d0 [ 1647.512096][T26406] register_netdevice+0x12e0/0x2210 [ 1647.512147][T26406] __ip_tunnel_create+0x52b/0x670 [ 1647.512196][T26406] ip_tunnel_init_net+0x230/0x780 [ 1647.512250][T26406] vti_init_net+0x2e/0x140 [ 1647.512279][T26406] ops_init+0x1e2/0x5f0 [ 1647.512324][T26406] setup_net+0x118/0x3a0 [ 1647.512369][T26406] copy_net_ns+0x46f/0x7c0 [ 1647.512396][T26406] create_new_namespaces+0x3ea/0xac0 [ 1647.512429][T26406] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 1647.512464][T26406] ksys_unshare+0x473/0xad0 [ 1647.512503][T26406] __x64_sys_unshare+0x31/0x40 [ 1647.512544][T26406] do_syscall_64+0x106/0xf80 [ 1647.512597][T26406] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1647.512631][T26406] [ 1647.512640][T26406] The buggy address belongs to the object at ffff888076746080 [ 1647.512640][T26406] which belongs to the cache skbuff_small_head of size 704 [ 1647.512670][T26406] The buggy address is located 64 bytes to the right of [ 1647.512670][T26406] allocated 704-byte region [ffff888076746080, ffff888076746340) [ 1647.512707][T26406] [ 1647.512717][T26406] The buggy address belongs to the physical page: [ 1647.512734][T26406] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x76744 [ 1647.512766][T26406] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 1647.512795][T26406] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 1647.512828][T26406] page_type: f5(slab) [ 1647.512859][T26406] raw: 00fff00000000040 ffff88801eab8dc0 dead000000000100 dead000000000122 [ 1647.512893][T26406] raw: 0000000000000000 0000000800130013 00000000f5000000 0000000000000000 [ 1647.512927][T26406] head: 00fff00000000040 ffff88801eab8dc0 dead000000000100 dead000000000122 [ 1647.512960][T26406] head: 0000000000000000 0000000800130013 00000000f5000000 0000000000000000 [ 1647.512994][T26406] head: 00fff00000000002 ffffea0001d9d101 00000000ffffffff 00000000ffffffff [ 1647.513027][T26406] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 1647.513049][T26406] page dumped because: kasan: bad access detected [ 1647.513075][T26406] page_owner tracks the page as allocated [ 1647.513088][T26406] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd2820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 13211, tgid 13210 (syz.0.1265), ts 660644397942, free_ts 656149329790 [ 1647.513149][T26406] post_alloc_hook+0x153/0x170 [ 1647.513196][T26406] get_page_from_freelist+0x111d/0x3140 [ 1647.513244][T26406] __alloc_frozen_pages_noprof+0x27c/0x2ba0 [ 1647.513295][T26406] new_slab+0xa6/0x6b0 [ 1647.513335][T26406] refill_objects+0x26b/0x400 [ 1647.513379][T26406] __pcs_replace_empty_main+0x1ab/0x660 [ 1647.513430][T26406] kmem_cache_alloc_node_noprof+0x569/0x6f0 [ 1647.513483][T26406] kmalloc_reserve+0x148/0x350 [ 1647.513515][T26406] __alloc_skb+0x185/0x710 [ 1647.513564][T26406] alloc_skb_with_frags+0xe0/0x810 [ 1647.513614][T26406] sock_alloc_send_pskb+0x801/0x980 [ 1647.513655][T26406] __ip_append_data+0x227d/0x4690 [ 1647.513745][T26406] ip_append_data+0x10f/0x1a0 [ 1647.513797][T26406] icmp_push_reply+0xab/0x450 [ 1647.513837][T26406] __icmp_send+0x1184/0x2c30 [ 1647.513876][T26406] ip_protocol_deliver_rcu+0x421/0x4d0 [ 1647.513919][T26406] page last free pid 13149 tgid 13148 stack trace: [ 1647.513939][T26406] __free_frozen_pages+0x7e1/0x10d0 [ 1647.513979][T26406] qlist_free_all+0x47/0xe0 [ 1647.514026][T26406] kasan_quarantine_reduce+0x1a0/0x1f0 [ 1647.514077][T26406] __kasan_slab_alloc+0x69/0x90 [ 1647.514107][T26406] __kmalloc_cache_noprof+0x243/0x6f0 [ 1647.514151][T26406] kset_create_and_add+0x4d/0x190 [ 1647.514182][T26406] netdev_register_kobject+0x1ef/0x3d0 [ 1647.514236][T26406] register_netdevice+0x12e0/0x2210 [ 1647.514285][T26406] register_netdev+0x34/0x50 [ 1647.514333][T26406] sit_init_net+0x2c0/0x5f0 [ 1647.514394][T26406] ops_init+0x1e2/0x5f0 [ 1647.514439][T26406] setup_net+0x118/0x3a0 [ 1647.514484][T26406] copy_net_ns+0x46f/0x7c0 [ 1647.514512][T26406] create_new_namespaces+0x3ea/0xac0 [ 1647.514545][T26406] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 1647.514585][T26406] ksys_unshare+0x473/0xad0 [ 1647.514623][T26406] [ 1647.514632][T26406] Memory state around the buggy address: [ 1647.514650][T26406] ffff888076746280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1647.514674][T26406] ffff888076746300: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 1647.514699][T26406] >ffff888076746380: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 1647.514720][T26406] ^ [ 1647.514737][T26406] ffff888076746400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1647.514763][T26406] ffff888076746480: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1647.514783][T26406] ================================================================== [ 1647.550297][T26406] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 1647.550332][T26406] CPU: 1 UID: 0 PID: 26406 Comm: syz.2.4121 Tainted: G L syzkaller #0 PREEMPT(full) [ 1647.550385][T26406] Tainted: [L]=SOFTLOCKUP [ 1647.550399][T26406] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1647.550420][T26406] Call Trace: [ 1647.550432][T26406] [ 1647.550446][T26406] dump_stack_lvl+0x100/0x190 [ 1647.550501][T26406] vpanic+0x552/0x970 [ 1647.550534][T26406] ? __pfx_vpanic+0x10/0x10 [ 1647.550583][T26406] ? fbcon_prepare_logo+0x94e/0xc60 [ 1647.550619][T26406] panic+0xd1/0xe0 [ 1647.550651][T26406] ? __pfx_panic+0x10/0x10 [ 1647.550684][T26406] ? fbcon_prepare_logo+0x94e/0xc60 [ 1647.550719][T26406] ? preempt_schedule_common+0x42/0xc0 [ 1647.550774][T26406] check_panic_on_warn.cold+0x19/0x34 [ 1647.550812][T26406] end_report.part.0+0x3a/0x90 [ 1647.550862][T26406] kasan_report.cold+0xe/0x18 [ 1647.550913][T26406] ? fbcon_prepare_logo+0x94e/0xc60 [ 1647.550953][T26406] kasan_check_range+0x10f/0x1e0 [ 1647.550993][T26406] __asan_memcpy+0x23/0x60 [ 1647.551041][T26406] fbcon_prepare_logo+0x94e/0xc60 [ 1647.551084][T26406] fbcon_init+0x10a0/0x1820 [ 1647.551124][T26406] visual_init+0x320/0x620 [ 1647.551164][T26406] do_bind_con_driver.isra.0+0x636/0x9c0 [ 1647.551217][T26406] store_bind+0x609/0x730 [ 1647.551265][T26406] ? __pfx_store_bind+0x10/0x10 [ 1647.551307][T26406] dev_attr_store+0x58/0x80 [ 1647.551350][T26406] ? __pfx_dev_attr_store+0x10/0x10 [ 1647.551388][T26406] sysfs_kf_write+0xf2/0x150 [ 1647.551433][T26406] kernfs_fop_write_iter+0x3e0/0x5f0 [ 1647.551469][T26406] ? __pfx_sysfs_kf_write+0x10/0x10 [ 1647.551512][T26406] vfs_write+0x6ac/0x1070 [ 1647.551574][T26406] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 1647.551612][T26406] ? __pfx_vfs_write+0x10/0x10 [ 1647.551679][T26406] ksys_write+0x12a/0x250 [ 1647.551711][T26406] ? __pfx_ksys_write+0x10/0x10 [ 1647.551741][T26406] ? kcov_ioctl+0x16a/0x720 [ 1647.551777][T26406] do_syscall_64+0x106/0xf80 [ 1647.551825][T26406] ? clear_bhb_loop+0x40/0x90 [ 1647.551865][T26406] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1647.551901][T26406] RIP: 0033:0x7f6ea2b9c799 [ 1647.551927][T26406] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1647.551961][T26406] RSP: 002b:00007f6ea3af8028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1647.551993][T26406] RAX: ffffffffffffffda RBX: 00007f6ea2e16180 RCX: 00007f6ea2b9c799 [ 1647.552016][T26406] RDX: 0000000000000084 RSI: 0000200000000040 RDI: 0000000000000003 [ 1647.552037][T26406] RBP: 00007f6ea2c32c99 R08: 0000000000000000 R09: 0000000000000000 [ 1647.552059][T26406] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1647.552080][T26406] R13: 00007f6ea2e16218 R14: 00007f6ea2e16180 R15: 00007ffe1004dc18 [ 1647.552114][T26406] [ 1647.552797][T26406] Kernel Offset: disabled