last executing test programs: 11.524390005s ago: executing program 3 (id=1593): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000540)='/dev/sequencer\x00', 0x1c8300, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) socket(0x23, 0x80805, 0x0) socket(0x2, 0x1, 0x106) openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) socket(0x2, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/workqueue/cpumask\x00', 0x2, 0x0) socketpair$auto(0x1e, 0x5, 0x9, 0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ptys5\x00', 0x2000, 0x0) ioctl$auto_TIOCSETD2(r0, 0x5423, 0x0) ioctl$auto_TIOCSTI2(r0, 0x5412, &(0x7f0000000300)="dd") 10.726058415s ago: executing program 3 (id=1598): close_range$auto(0x0, 0xfffffffffffff000, 0x2) openat$auto_vhci_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r0 = socket(0x11, 0xa, 0x9) socket(0xa, 0x2, 0x3a) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptyz9\x00', 0x600882, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000400)='/dev/snd/controlC0\x00', 0x880, 0x0) openat$auto_proc_mountinfo_operations_mnt_namespace(0xffffffffffffff9c, &(0x7f0000000000)='/proc/cpuinfo\x00', 0x8800, 0x0) socket(0xa, 0x2, 0x0) r1 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sequencer\x00', 0x787806, 0x0) close_range$auto(0x2, 0x8, 0x0) r2 = socket(0x10, 0x2, 0x4) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0xc) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/bdi/43:480/min_ratio\x00', 0x2062, 0x0) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYRES32=0x0, @ANYRES8=r0, @ANYRES8=r1], 0x18}, 0x1, 0x0, 0x0, 0x60008004}, 0x2000c082) write$auto(r2, &(0x7f0000000000)='-\x00', 0xfdef) 10.117615147s ago: executing program 3 (id=1601): openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sg0\x00', 0x8001, 0x0) r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/audio\x00', 0x3b7742, 0x0) ioctl$auto_SNDCTL_DSP_SETTRIGGER(r0, 0x40045010, &(0x7f0000000040)) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000180)='/proc/thread-self/oom_adj\x00', 0x48402, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x400004, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/domain_policy\x00', 0x101000, 0x0) write$auto(r3, &(0x7f0000000040)='S\x00\x00\x00\xfe\xff\xff\xff', 0x8587) syz_genetlink_get_family_id$auto_nl80211(0x0, r2) syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff) mmap$auto(0x2000, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) ioctl$auto_PAGEMAP_SCAN(0xffffffffffffffff, 0xc0606610, &(0x7f000000c380)={0x60, 0x0, 0x100000, 0x7fffffffefff, 0xfffffffffffffffe, 0x1, 0x8, 0xbff, 0x2c, 0x2c, 0x3, 0x2}) syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff) ioctl$auto_SNDCTL_DSP_SETTRIGGER(r0, 0x40045010, &(0x7f0000000080)) r4 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/midiC2D0\x00', 0x8001, 0x0) write$auto(r4, &(0x7f0000000100)='d>*\xd2x\xc7\xbf\xff\x9a\xc01(\x00iM\x9c\bAa\x9e\xe98\xee\x15\xd3\xc5v\x99\f|\xe3\xbf\xd9\xf4C\x14A\xe6k\x105\xee\xc5\xaa$\x16\t?g\xb8b\x12\v*\xf9@B\xd0\xd2\x99{\x8b^\xff@\x83\x02Tvt\xc1_\x98\x9f\x16\xd5Is', 0x100000a3da) mknod$auto(0x0, 0x20e9, 0x103) unshare$auto(0x20000) r5 = pidfd_open$auto(0x1, 0x0) setns(r5, 0x60020000) mlockall$auto(0x800000000000005) msync$auto(0x1ffff000, 0x1800000ff000000, 0x400000004) read$auto_proc_pid_smaps_operations_internal(0xffffffffffffffff, &(0x7f00000002c0)=""/182, 0xb6) 7.826184015s ago: executing program 3 (id=1608): socket(0x18, 0x3, 0x2) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) r0 = socket(0xa, 0x3, 0x3b) connect$auto(0x3, 0x0, 0x58) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) io_uring_setup$auto(0xf0, &(0x7f0000000180)={0x6, 0x18, 0xd64, 0xc852, 0x6, 0x7, r0, [0x1, 0x401, 0x1000], {0x7, 0x5, 0x1, 0x4, 0x95, 0xf4c, 0x7fff, 0xfffffffb, 0x65f29f6d}, {0x3, 0xadc, 0x10000, 0x0, 0x5, 0xffffffff, 0x1000, 0x54f, 0x5}}) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) close_range$auto(0x2, 0xa, 0x0) socket(0xa, 0x2, 0x0) socket(0xa, 0x3, 0xff) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x400008, 0xb, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) mremap$auto(0x0, 0x4, 0x4, 0x7, 0x100000000) syz_clone(0x1002000, 0x0, 0x0, 0x0, 0x0, 0x0) futex_wake$auto(0x0, 0x5, 0x4, 0xa) 7.777756412s ago: executing program 1 (id=1610): r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/net/sctp/eps\x00', 0x121000, 0x0) read$auto_proc_reg_file_ops_compat_inode(r0, &(0x7f0000000e80)=""/215, 0xd7) r1 = socket$nl_generic(0x10, 0x3, 0x10) bind$auto(0x3, &(0x7f0000000000)=@generic={0x10, "a500acb75c9cedd1b5e9a0d76293"}, 0x68) r2 = openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim2/health/break_health\x00', 0x48081, 0x0) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000480)='/sys/devices/virtual/net/bond0/bonding/arp_ip_target\x00', 0xa0002, 0x0) write$auto_ocfs2_control_fops_stack_user(r3, &(0x7f0000003900)='\t', 0x1) write$auto(r2, &(0x7f0000000080)=')@-!\x00', 0x1e1) r4 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/kernel/perf_event_max_contexts_per_stack\x00', 0x202, 0x0) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) socket(0x2b, 0x1, 0x1) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x3ff, 0x9, 0x5, 0x14, 0x944, 0x1ffe4, 0x3, 0x6, 0x4, 0x9, 0x400005, 0x4000fff, 0x8000007, 0x8001, 0xd, 0x5, 0x3, 0x4, 0x7, 0x20, 0x309, 0x8, 0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x78, 0x0, 0x0, [0x0, 0x0, 0x0, 0x200, 0x9, 0x0, 0x0, 0x4, 0xffffffffffffffff, 0x0, 0x0, 0x4000000000000, 0x2000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x82, 0x800000000002, 0x9, 0x0, 0xbec, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x10, 0xfffffffffffffffe, 0xffffffffffffd059, 0x0, 0x0, 0x0, 0x2961, 0x0, 0x2]}, 0x2001fb, 0x7f) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x800}, 0x800) socket(0x10, 0x2, 0x0) r5 = ioctl$auto_SW_SYNC_IOC_CREATE_FENCE(0xffffffffffffffff, 0xc0285700, &(0x7f0000000040)={0x2, "f74d086d6600f5daa47fca1f1a0730a2f629350000000000000008600418af10", @inferred=r4}) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r6 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/net/ipv4/neigh/vlan1/base_reachable_time\x00', 0x40400, 0x0) read$auto(r6, 0x0, 0x1ff) r7 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x8002, 0x0) writev$auto(r7, &(0x7f0000000200)={0x0, 0x7}, 0x3) fsconfig$auto_XFS_DAX_ALWAYS(r7, 0x0, 0x0, 0x0, 0x1) sendmsg$auto_NL80211_CMD_NOTIFY_RADAR(0xffffffffffffffff, 0x0, 0x4) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x4, 0x0) seccomp$auto(0x1, 0x0, &(0x7f0000000100)="740fb5dc698e7ba7e41f") sendfile$auto(r5, r4, 0x0, 0x7fffe002) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000001140), 0xffffffffffffffff) r8 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f00000000c0)={'wlan1\x00'}) 7.565696396s ago: executing program 0 (id=1611): mmap$auto(0x0, 0x3, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) io_uring_setup$auto(0x59, 0x0) r0 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event2\x00', 0x20881, 0x0) write$auto(r0, &(0x7f0000000040)='/dev/input/event1\x00', 0x10001) r1 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) write$auto(0x3, 0x0, 0xfdef) r2 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) ioctl$auto(r1, 0x5609, r2) mmap$auto(0x0, 0x2020009, 0x10, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000180), 0x2000, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x101000, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r3 = socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/oom_adj\x00', 0x20a2c0, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, 0x0, 0x100000a3d9) mmap$auto(0x0, 0x400004, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$IOCTL_GET_NCIDEV_IDX(r3, 0x0, &(0x7f0000000040)) syz_genetlink_get_family_id$auto_nl80211(0x0, r4) syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff) fchown$auto(r2, 0x0, 0x0) mmap$auto(0x2000, 0x400008, 0xdf, 0x9b72, r3, 0x8000) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f000000c340)='/proc/thread-self/pagemap\x00', 0x8000, 0x0) 7.089188839s ago: executing program 1 (id=1614): mmap$auto(0x0, 0x2020005, 0x203, 0xeb1, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x2, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptya1\x00', 0x101e81, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/firmware/acpi/interrupts/ff_pmtimer\x00', 0x0, 0x0) r1 = epoll_create$auto(0x8800001) epoll_ctl$auto(r1, 0x1, r0, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x18, 0xa, 0x1) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_proc_pid_attr_operations_base(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/self/attr/apparmor/prev\x00', 0x12fee09ba9fddee3, 0x0) recvmmsg$auto(0xffffffffffffffff, &(0x7f0000000380)={{&(0x7f00000001c0)="a36d3fa58cc14c483eaeefbda25ed11e6584b0e06b6f7d2a0920bb3dac705aa384572b6a4be4e53907a7b258", 0x7fff, 0x0, 0x9, 0x0, 0x2, 0x9}, 0x2}, 0xfffffffd, 0x3, 0x0) open(&(0x7f0000000040)='./file0\x00', 0x149443, 0x0) ppoll$auto(0x0, 0x7f, 0x0, &(0x7f00000001c0)={0x3}, 0x8) mount$auto(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000140)='nfs\x00', 0x1, &(0x7f00000001c0)) r2 = socket(0xa, 0x3, 0x2f) sendmsg$auto_ETHTOOL_MSG_LINKMODES_SET(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4010}, 0x400c052) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c000000", @ANYBLOB="5e0027b4839f3015398d3b61", @ANYRES32, @ANYRES32=r2], 0x1ac}, 0x1, 0x0, 0x0, 0x40}, 0x40000) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_ila(&(0x7f0000000f80), 0xffffffffffffffff) sendmsg$auto_ILA_CMD_DEL(r3, &(0x7f0000001040)={0x0, 0x0, &(0x7f0000001000)={&(0x7f0000000fc0)={0x14, r4, 0x1, 0x70bd28, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x10}, 0x44884) openat$auto_kernel_debug_fops_orangefs_debugfs(0xffffffffffffff9c, &(0x7f0000000040), 0x242780, 0x0) r5 = openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/tracing/set_event\x00', 0x121000, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000001340), 0xffffffffffffffff) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r6, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)=ANY=[@ANYRES16=r7, @ANYBLOB="01002bbd7000fcdbdf2504000000040010"], 0x20}, 0x1, 0x0, 0x0, 0x24040000}, 0x18800) socket$nl_generic(0x10, 0x3, 0x10) madvise$auto(0x0, 0xff7fffffffff0001, 0x15) close_range$auto(r5, 0x8, 0x0) 6.241379767s ago: executing program 3 (id=1616): pipe2$auto(0x0, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = openat$auto_mousedev_fops_mousedev(0xffffffffffffff9c, &(0x7f0000001140)='/dev/psaux\x00', 0x42000, 0x0) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7ffffffc, 0x8, 0x3000, 0x6, 0x7, 0x400b, r0, [], {0x6, 0x6, 0x8c48, 0x29a, 0x9, 0x80, 0x104, 0x6, 0x4}, {0x100, 0x1, 0x101, 0x85, 0x2, 0x24, 0xfe000000, 0x8, 0x3}}) r1 = openat$auto_vhci_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000d00), 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) ioctl$auto(0xffffffffffffffff, 0x921064aa, 0x20000a) read$auto_vhci_fops_hci_vhci(r1, &(0x7f0000000d40)=""/16, 0x10) select$auto(0xe, 0x0, 0x0, &(0x7f0000000580)={[0x1ff, 0x8000, 0xd, 0x1, 0x200948d, 0x3, 0x10015f4da0a, 0xd, 0x7, 0x6, 0x8000001f, 0x8, 0x6d3e, 0xc, 0x2, 0x2]}, 0x0) mmap$auto(0x0, 0x2020009, 0x8000000000000003, 0x40000000000eb1, 0xffffffffffffffff, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0001, 0x15) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) 5.920753886s ago: executing program 0 (id=1617): mmap$auto(0x0, 0x2020005, 0x203, 0xeb1, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x2, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptya1\x00', 0x101e81, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/firmware/acpi/interrupts/ff_pmtimer\x00', 0x0, 0x0) r1 = epoll_create$auto(0x8800001) epoll_ctl$auto(r1, 0x1, r0, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x18, 0xa, 0x1) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_proc_pid_attr_operations_base(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/self/attr/apparmor/prev\x00', 0x12fee09ba9fddee3, 0x0) recvmmsg$auto(0xffffffffffffffff, &(0x7f0000000380)={{&(0x7f00000001c0)="a36d3fa58cc14c483eaeefbda25ed11e6584b0e06b6f7d2a0920bb3dac705aa384572b6a4be4e53907a7b258", 0x7fff, 0x0, 0x9, 0x0, 0x2, 0x9}, 0x2}, 0xfffffffd, 0x3, 0x0) open(&(0x7f0000000040)='./file0\x00', 0x149443, 0x0) ppoll$auto(0x0, 0x7f, 0x0, &(0x7f00000001c0)={0x3}, 0x8) mount$auto(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000140)='nfs\x00', 0x1, &(0x7f00000001c0)) r2 = socket(0xa, 0x3, 0x2f) sendmsg$auto_ETHTOOL_MSG_LINKMODES_SET(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4010}, 0x400c052) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c000000", @ANYBLOB="5e0027b4839f3015398d3b61", @ANYRES32, @ANYRES32=r2], 0x1ac}, 0x1, 0x0, 0x0, 0x40}, 0x40000) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_ila(&(0x7f0000000f80), 0xffffffffffffffff) sendmsg$auto_ILA_CMD_DEL(r3, &(0x7f0000001040)={0x0, 0x0, &(0x7f0000001000)={&(0x7f0000000fc0)={0x14, r4, 0x1, 0x70bd28, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x10}, 0x44884) openat$auto_kernel_debug_fops_orangefs_debugfs(0xffffffffffffff9c, &(0x7f0000000040), 0x242780, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000001340), 0xffffffffffffffff) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r5, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="01002bbd7000fcdbdf2504000000040010"], 0x20}, 0x1, 0x0, 0x0, 0x24040000}, 0x18800) socket$nl_generic(0x10, 0x3, 0x10) madvise$auto(0x0, 0xff7fffffffff0001, 0x15) close_range$auto(0xffffffffffffffff, 0x8, 0x0) 5.432627004s ago: executing program 2 (id=1618): openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sg0\x00', 0x8001, 0x0) r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/audio\x00', 0x3b7742, 0x0) ioctl$auto_SNDCTL_DSP_SETTRIGGER(r0, 0x40045010, &(0x7f0000000040)) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000180)='/proc/thread-self/oom_adj\x00', 0x48402, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x400004, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/domain_policy\x00', 0x101000, 0x0) write$auto(r3, &(0x7f0000000040)='S\x00\x00\x00\xfe\xff\xff\xff', 0x8587) syz_genetlink_get_family_id$auto_nl80211(0x0, r2) syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff) mmap$auto(0x2000, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) ioctl$auto_PAGEMAP_SCAN(0xffffffffffffffff, 0xc0606610, &(0x7f000000c380)={0x60, 0x0, 0x100000, 0x7fffffffefff, 0xfffffffffffffffe, 0x1, 0x8, 0xbff, 0x2c, 0x2c, 0x3, 0x2}) syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff) ioctl$auto_SNDCTL_DSP_SETTRIGGER(r0, 0x40045010, &(0x7f0000000080)) r4 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/midiC2D0\x00', 0x8001, 0x0) write$auto(r4, &(0x7f0000000100)='d>*\xd2x\xc7\xbf\xff\x9a\xc01(\x00iM\x9c\bAa\x9e\xe98\xee\x15\xd3\xc5v\x99\f|\xe3\xbf\xd9\xf4C\x14A\xe6k\x105\xee\xc5\xaa$\x16\t?g\xb8b\x12\v*\xf9@B\xd0\xd2\x99{\x8b^\xff@\x83\x02Tvt\xc1_\x98\x9f\x16\xd5Is', 0x100000a3da) mknod$auto(0x0, 0x20e9, 0x103) unshare$auto(0x20000) r5 = pidfd_open$auto(0x1, 0x0) setns(r5, 0x60020000) mlockall$auto(0x800000000000005) msync$auto(0x1ffff000, 0x1800000ff000000, 0x400000004) read$auto_proc_pid_smaps_operations_internal(0xffffffffffffffff, &(0x7f00000002c0)=""/182, 0xb6) 4.90969219s ago: executing program 1 (id=1619): ustat$auto(0x12, &(0x7f0000000340)={0x2, 0x80, "417acc606935", "df5f19b5a360"}) socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0x0) r0 = open(&(0x7f0000000040)='./file0\x00', 0x22240, 0x154) r1 = fcntl$auto(r0, 0x400, 0x1) open(&(0x7f0000000100)='./file0\x00', 0x60280, 0x158) close_range$auto(0x0, 0xfffffffffffff000, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000240)='/proc/self/net/ip_vs_conn_sync\x00', 0x181800, 0x0) r2 = openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$auto(r2, 0x405c5504, 0x81) syz_genetlink_get_family_id$auto_seg6(&(0x7f0000000040), 0xffffffffffffffff) mmap$auto(0x0, 0x420009, 0xfff, 0xeb1, 0x401, 0x7ffd) bpf$auto(0x0, &(0x7f00000001c0)=@task_fd_query={0x19, 0x4, 0x4, 0x9, 0x8, 0xd, 0x66b, 0x4, 0x7ff}, 0x6f7) prctl$auto(0x3e, 0x4a, r3, 0x9, 0x80000001) sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2048000}, 0x40014) kexec_load$auto(0xffffffff, 0x2, &(0x7f0000000080)={@buf=0x0, 0x0, 0x8000, 0x403000}, 0x4) read$auto_tk_debug_sleep_time_fops_(r1, &(0x7f0000000140)=""/143, 0x8f) 4.76205583s ago: executing program 0 (id=1620): openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sg0\x00', 0x8001, 0x0) r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/audio\x00', 0x3b7742, 0x0) ioctl$auto_SNDCTL_DSP_SETTRIGGER(r0, 0x40045010, &(0x7f0000000040)) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000180)='/proc/thread-self/oom_adj\x00', 0x48402, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x400004, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/domain_policy\x00', 0x101000, 0x0) write$auto(r3, &(0x7f0000000040)='S\x00\x00\x00\xfe\xff\xff\xff', 0x8587) syz_genetlink_get_family_id$auto_nl80211(0x0, r2) syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff) mmap$auto(0x2000, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) ioctl$auto_PAGEMAP_SCAN(0xffffffffffffffff, 0xc0606610, &(0x7f000000c380)={0x60, 0x0, 0x100000, 0x7fffffffefff, 0xfffffffffffffffe, 0x1, 0x8, 0xbff, 0x2c, 0x2c, 0x3, 0x2}) syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff) ioctl$auto_SNDCTL_DSP_SETTRIGGER(r0, 0x40045010, &(0x7f0000000080)) r4 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/midiC2D0\x00', 0x8001, 0x0) write$auto(r4, &(0x7f0000000100)='d>*\xd2x\xc7\xbf\xff\x9a\xc01(\x00iM\x9c\bAa\x9e\xe98\xee\x15\xd3\xc5v\x99\f|\xe3\xbf\xd9\xf4C\x14A\xe6k\x105\xee\xc5\xaa$\x16\t?g\xb8b\x12\v*\xf9@B\xd0\xd2\x99{\x8b^\xff@\x83\x02Tvt\xc1_\x98\x9f\x16\xd5Is', 0x100000a3da) mknod$auto(0x0, 0x20e9, 0x103) unshare$auto(0x20000) r5 = pidfd_open$auto(0x1, 0x0) setns(r5, 0x60020000) mlockall$auto(0x800000000000005) read$auto_proc_pid_smaps_operations_internal(0xffffffffffffffff, &(0x7f00000002c0)=""/182, 0xb6) 3.724853884s ago: executing program 2 (id=1621): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptya1\x00', 0x20080, 0x0) r1 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x2, 0x0) write$auto_seq_oss_f_ops_seq_oss(r1, &(0x7f0000000240)="f6e6812018deadf7e88f819e30236ce79200b01532f2ed0dff68130f", 0x1c) socket(0x2c, 0x5, 0x0) io_uring_setup$auto(0x101, 0x0) ioctl$auto(0x3, 0x5420, 0x38) socket(0x29, 0x2, 0x0) socket(0x2, 0x5, 0x0) select$auto(0x8, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x0, 0xd, 0x2, 0x948b, 0x3, 0x15f4da0a, 0x1, 0x3, 0x62, 0x80000001, 0x4, 0x6d3f, 0x6, 0x5, 0x5]}, 0x0) ioctl$auto_SNDCTL_TMR_CONTINUE(r0, 0x5404, 0x0) r2 = socket(0xa, 0x5, 0x0) ioctl$auto(r2, 0x8941, 0x8) setfsuid$auto(0xee00) shmctl$auto_IPC_STAT(0x4, 0x2, &(0x7f0000000340)={{0x7fff, 0xee00, 0xee01, 0x4e3, 0x8, 0x7, 0x3}, 0x94c, 0xffffffff, 0xfffffffffffffffd, 0x252, @raw=0x6, @raw=0x9, 0x906, 0x0, &(0x7f00000000c0)="1c9e3099f7f02373b64211d9aac165bc0d1bd0239f9e6bff24115c37a070353106b617e4c492b2a984d913b25001fc46ac2d92b5b77014b05062bbbf6aa17f7ed745570385f8853fa6dd30babc8a575d5a72a0c5721a357e54c26ed7d191ccf1de96538493df4b1cce329dacca2c", &(0x7f00000001c0)="6cf0c416a335be129732155e56c72f95ccf1a6243dbcf42305a29ecd3598ac6dc41aeff8807174418bf0721fb5dcf8043199df450737dcc9a43ff27ba95dabcf9eadecefd01ad040522f504fb74084412179e7219972719f"}) getpid() capset$auto(&(0x7f0000000400), 0x0) msgctl$auto(0x28, 0x4, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/loop6\x00', 0x101202, 0x0) 3.35971048s ago: executing program 2 (id=1622): mmap$auto(0x0, 0x3, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x6, 0xd, 0xfffffffe, 0x6, 0x7fff, 0x8, 0xffffffffffffffff, [0x0, 0xfffffffc], {0x6, 0x10001, 0xb, 0x2de, 0x504, 0x1, 0x101, 0x6, 0x6}, {0xfff7ffff, 0x2, 0x52, 0x5, 0x10001, 0x40, 0x76c5, 0xd11e, 0x8000000000000000}}) r0 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event2\x00', 0x20881, 0x0) write$auto(r0, 0x0, 0x10001) r1 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) write$auto(0x3, 0x0, 0xfdef) r2 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) ioctl$auto(r1, 0x5609, r2) mmap$auto(0x0, 0x2020009, 0x10, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000180), 0x2000, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x101000, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r3 = socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/oom_adj\x00', 0x20a2c0, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, 0x0, 0x100000a3d9) mmap$auto(0x0, 0x400004, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$IOCTL_GET_NCIDEV_IDX(r3, 0x0, &(0x7f0000000040)) syz_genetlink_get_family_id$auto_nl80211(0x0, r4) syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f000000c340)='/proc/thread-self/pagemap\x00', 0x8000, 0x0) 3.341481354s ago: executing program 1 (id=1623): mmap$auto(0x0, 0x3, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x6, 0xd, 0xfffffffe, 0x6, 0x7fff, 0x8, 0xffffffffffffffff, [0x0, 0xfffffffc], {0x6, 0x10001, 0xb, 0x2de, 0x504, 0x1, 0x101, 0x6, 0x6}, {0xfff7ffff, 0x2, 0x52, 0x5, 0x10001, 0x40, 0x76c5, 0xd11e, 0x8000000000000000}}) r0 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event2\x00', 0x20881, 0x0) write$auto(r0, 0x0, 0x10001) r1 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) write$auto(0x3, 0x0, 0xfdef) r2 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) ioctl$auto(r1, 0x5609, r2) mmap$auto(0x0, 0x2020009, 0x10, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000180), 0x2000, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x101000, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r3 = socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/oom_adj\x00', 0x20a2c0, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, 0x0, 0x100000a3d9) mmap$auto(0x0, 0x400004, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$IOCTL_GET_NCIDEV_IDX(r3, 0x0, &(0x7f0000000040)) syz_genetlink_get_family_id$auto_nl80211(0x0, r4) syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff) fchown$auto(r2, 0x0, 0x0) mmap$auto(0x2000, 0x400008, 0xdf, 0x9b72, r3, 0x8000) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f000000c340)='/proc/thread-self/pagemap\x00', 0x8000, 0x0) 3.19570714s ago: executing program 0 (id=1624): openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sg0\x00', 0x8001, 0x0) r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/audio\x00', 0x3b7742, 0x0) ioctl$auto_SNDCTL_DSP_SETTRIGGER(r0, 0x40045010, &(0x7f0000000040)) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000180)='/proc/thread-self/oom_adj\x00', 0x48402, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x400004, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/domain_policy\x00', 0x101000, 0x0) write$auto(r3, &(0x7f0000000040)='S\x00\x00\x00\xfe\xff\xff\xff', 0x8587) syz_genetlink_get_family_id$auto_nl80211(0x0, r2) syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff) mmap$auto(0x2000, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) ioctl$auto_PAGEMAP_SCAN(0xffffffffffffffff, 0xc0606610, &(0x7f000000c380)={0x60, 0x0, 0x100000, 0x7fffffffefff, 0xfffffffffffffffe, 0x1, 0x8, 0xbff, 0x2c, 0x2c, 0x3, 0x2}) syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff) ioctl$auto_SNDCTL_DSP_SETTRIGGER(r0, 0x40045010, &(0x7f0000000080)) r4 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/midiC2D0\x00', 0x8001, 0x0) write$auto(r4, &(0x7f0000000100)='d>*\xd2x\xc7\xbf\xff\x9a\xc01(\x00iM\x9c\bAa\x9e\xe98\xee\x15\xd3\xc5v\x99\f|\xe3\xbf\xd9\xf4C\x14A\xe6k\x105\xee\xc5\xaa$\x16\t?g\xb8b\x12\v*\xf9@B\xd0\xd2\x99{\x8b^\xff@\x83\x02Tvt\xc1_\x98\x9f\x16\xd5Is', 0x100000a3da) keyctl$auto(0x1f, 0x1, 0x6, 0x3, 0x3ff) unshare$auto(0x20000) r5 = pidfd_open$auto(0x1, 0x0) setns(r5, 0x60020000) mlockall$auto(0x800000000000005) msync$auto(0x1ffff000, 0x1800000ff000000, 0x400000004) read$auto_proc_pid_smaps_operations_internal(0xffffffffffffffff, &(0x7f00000002c0)=""/182, 0xb6) 2.11880858s ago: executing program 2 (id=1625): write$auto(0xffffffffffffffff, &(0x7f0000000080)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94&\x81\xe2\x13\x8f\xea#\xf8F\xbbOO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\b\xc1\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xcbA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(', 0xa) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_FEATURES_SET(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, 0x0}, 0x24048084) madvise$auto(0x0, 0x200007, 0x19) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000001c0), 0x101000, 0x0) r2 = openat$auto_zero_fops_mem(0xffffffffffffff9c, &(0x7f0000000340), 0x80200, 0x0) r3 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x40, 0x0) pread64$auto(r3, 0x0, 0x80000000, 0x9fffffffd) pread64$auto(r2, &(0x7f0000000240)='\x03W\x96l\x15\x0f\xff\x00'/21, 0x100000002, 0x100000001) mq_notify$auto(0xffffffffffffffff, &(0x7f0000000180)={@sival_ptr=0x0, @inferred, 0x0, @_sigev_thread={0x0, 0x0}}) mq_timedsend$auto(r1, 0x0, 0x2, 0x9, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) 1.359415244s ago: executing program 0 (id=1626): mmap$auto(0x0, 0x2020005, 0x203, 0xeb1, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x2, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptya1\x00', 0x101e81, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/firmware/acpi/interrupts/ff_pmtimer\x00', 0x0, 0x0) r1 = epoll_create$auto(0x8800001) epoll_ctl$auto(r1, 0x1, r0, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x18, 0xa, 0x1) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_proc_pid_attr_operations_base(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/self/attr/apparmor/prev\x00', 0x12fee09ba9fddee3, 0x0) recvmmsg$auto(0xffffffffffffffff, &(0x7f0000000380)={{&(0x7f00000001c0)="a36d3fa58cc14c483eaeefbda25ed11e6584b0e06b6f7d2a0920bb3dac705aa384572b6a4be4e53907a7b258", 0x7fff, 0x0, 0x9, 0x0, 0x2, 0x9}, 0x2}, 0xfffffffd, 0x3, 0x0) open(&(0x7f0000000040)='./file0\x00', 0x149443, 0x0) ppoll$auto(0x0, 0x7f, 0x0, &(0x7f00000001c0)={0x3}, 0x8) mount$auto(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000140)='nfs\x00', 0x1, &(0x7f00000001c0)) r2 = socket(0xa, 0x3, 0x2f) sendmsg$auto_ETHTOOL_MSG_LINKMODES_SET(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4010}, 0x400c052) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c000000", @ANYBLOB="5e0027b4839f3015398d3b61", @ANYRES32, @ANYRES32=r2], 0x1ac}, 0x1, 0x0, 0x0, 0x40}, 0x40000) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_ila(&(0x7f0000000f80), 0xffffffffffffffff) sendmsg$auto_ILA_CMD_DEL(r3, &(0x7f0000001040)={0x0, 0x0, &(0x7f0000001000)={&(0x7f0000000fc0)={0x14, r4, 0x1, 0x70bd28, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x10}, 0x44884) openat$auto_kernel_debug_fops_orangefs_debugfs(0xffffffffffffff9c, &(0x7f0000000040), 0x242780, 0x0) r5 = openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/tracing/set_event\x00', 0x121000, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000001340), 0xffffffffffffffff) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r6, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r7, @ANYBLOB="01002bbd7000fcdbdf"], 0x20}, 0x1, 0x0, 0x0, 0x24040000}, 0x18800) socket$nl_generic(0x10, 0x3, 0x10) madvise$auto(0x0, 0xff7fffffffff0001, 0x15) close_range$auto(r5, 0x8, 0x0) 1.103807622s ago: executing program 1 (id=1627): openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) openat$auto_stat_fops_per_vm_kvm_main(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/fail_io_timeout/probability\x00', 0x2, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/nbd7/queue/max_discard_segments\x00', 0x1c1000, 0x0) read$auto(r0, 0x0, 0x9) write$auto(0x3, 0x0, 0xffd8) r1 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/v4l-subdev6\x00', 0x200, 0x0) ioctl$auto(r1, 0xc0945662, r1) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_ncsi(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$auto_NCSI_CMD_PKG_INFO(r2, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x1c, r3, 0x20, 0x70bd2c, 0x25dfdbff, {}, [@NCSI_ATTR_PACKAGE_ID={0x8, 0x3, 0x5e70}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000001}, 0x40080) io_uring_setup$auto(0x5b, &(0x7f0000000080)={0x7fffffff, 0xd, 0x10000, 0x7, 0x3, 0x7ffffffd, 0xffffffffffffffff, [], {0x6, 0x1ff, 0x8c48, 0x2a2, 0x100, 0x7ffffffb, 0x101, 0x6, 0x3}, {0x100, 0x1, 0x0, 0x5, 0x3, 0x40, 0x76c5, 0x8, 0x100000000}}) mmap$auto(0x0, 0x9, 0x3, 0x8012, 0x3, 0x8300f000) r4 = timerfd_create$auto(0x9, 0x0) timerfd_settime$auto(r4, 0x0, &(0x7f0000000000)={{0x10, 0x3ff}, {0x10, 0x9}}, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) ioctl$auto(0x3, 0x541b, 0x38) 595.853346ms ago: executing program 3 (id=1628): rt_tgsigqueueinfo$auto(0x0, 0xffffffffffffffff, 0x4, &(0x7f0000000240)={@siginfo_0_0={0x6, 0x8, 0x8, @_kill={0x0, 0xee01}}}) bpf$auto(0x0, &(0x7f0000000100)=@task_fd_query={0x5, 0x1ff, 0x7fa, 0x22104, 0x9, 0x7, 0x7ff, 0x20010180, 0x4000000f}, 0x198) r1 = openat$auto_lsm_ops_inode(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) readv$auto(r1, &(0x7f0000000200)={&(0x7f0000000080), 0x9}, 0x5) r2 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, r2, 0x0) r3 = socket(0xa, 0x2, 0x88) socket$nl_generic(0x10, 0x3, 0x10) statmount$auto(&(0x7f0000000180)={0x1f, @raw, 0x80000002, 0x0, 0x8}, 0x0, 0x7ffffffff000, 0x0) bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_5={@target_ifindex, 0xffffffffffffffff, 0x4, 0x1ff, r3, @relative_id=0x13, 0xe600}, 0xf) bpf$auto(0x2, &(0x7f00000001c0)=@raw_tracepoint={0x5, 0xffffffffffffffff, 0x0, 0x3}, 0xc) readv$auto(0x6, &(0x7f00000000c0)={0x0, 0x1}, 0x1) msgctl$auto_MSG_STAT(0x0, 0xb, &(0x7f00000000c0)={{0x7, 0xee01, 0x0, 0x7, 0x1, 0x0, 0x20}, &(0x7f0000000040)=0xfb, &(0x7f0000000080)=0x8, 0x7f, 0x936d, 0xd, 0x7, 0x401, 0x4, 0x5, 0xff, @inferred=r0, @inferred=r0}) r4 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ram5\x00', 0x14fa02, 0x0) sendfile$auto(0x3, r4, 0x0, 0x400000000006) 595.208843ms ago: executing program 2 (id=1629): setrlimit$auto(0x6, &(0x7f0000001280)={0x6, 0xf0c}) mmap$auto(0x0, 0x6, 0x2, 0x40eb2, 0xffffffffffffffff, 0x308000000000) close_range$auto(0x2, 0x8, 0x0) openat$auto_buffer_percent_fops_trace(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/tracing/buffer_percent\x00', 0x2ca283, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket(0x25, 0x1, 0x3) r0 = socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) r1 = eventfd$auto(0x3) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video1\x00', 0xc0400, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000100), 0x7c3142, 0x0) socketpair$auto(0x1a, 0x1, 0x8000000000000000, 0x0) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/pts/ptmx\x00', 0x0, 0x0) openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/maps\x00', 0x1a1000, 0x0) ioctl$auto_PROCMAP_QUERY(r1, 0xc0686611, &(0x7f0000000080)={0x67, 0x3f, 0x7fff, 0x5, 0x80000000007, 0x1, 0xa, 0xff, 0x5, 0x7f, 0xfbfffffe, 0xfff, 0x7fb, 0x0, 0x5}) ioctl$auto_TIOCSETD2(r2, 0x5423, 0x0) ioctl$auto(r2, 0x5411, r0) 384.373253ms ago: executing program 2 (id=1630): r0 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0xc0002, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, 0x0, 0x2, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0x9000000eb1, 0xfffffffffffffffa, 0x8000) getrlimit$auto(0x3, 0x0) ioctl$auto_BLKZEROOUT(0xffffffffffffffff, 0x127f, 0x0) r1 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, 0x0, 0x20342, 0x0) ioctl$auto_SNDCTL_DSP_SPEED(r1, 0xc0045002, 0x0) ioctl$auto_BLKFLSBUF(0xffffffffffffffff, 0x1261, 0x0) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x40009, 0xe2, 0x9b72, 0x7, 0x28000) openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, &(0x7f00000011c0), 0xa2741, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/vtconsole/vtcon1/bind\x00', 0x182b02, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda1\x00', 0xe6e43, 0x0) ioctl$auto_BLKFLSBUF(r2, 0x1261, 0x0) lseek$auto(0x3, 0xffffffffff800002, 0x10) ioctl$auto_BLKFLSBUF(r2, 0x1261, 0x0) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x9}, 0x8) write$auto(r0, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x84) 318.363889ms ago: executing program 0 (id=1631): mmap$auto(0x0, 0x2020005, 0x203, 0xeb1, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x2, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptya1\x00', 0x101e81, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/firmware/acpi/interrupts/ff_pmtimer\x00', 0x0, 0x0) r1 = epoll_create$auto(0x8800001) epoll_ctl$auto(r1, 0x1, r0, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x18, 0xa, 0x1) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_proc_pid_attr_operations_base(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/self/attr/apparmor/prev\x00', 0x12fee09ba9fddee3, 0x0) recvmmsg$auto(0xffffffffffffffff, &(0x7f0000000380)={{&(0x7f00000001c0)="a36d3fa58cc14c483eaeefbda25ed11e6584b0e06b6f7d2a0920bb3dac705aa384572b6a4be4e53907a7b258", 0x7fff, 0x0, 0x9, 0x0, 0x2, 0x9}, 0x2}, 0xfffffffd, 0x3, 0x0) open(&(0x7f0000000040)='./file0\x00', 0x149443, 0x0) ppoll$auto(0x0, 0x7f, 0x0, &(0x7f00000001c0)={0x3}, 0x8) mount$auto(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000140)='nfs\x00', 0x1, &(0x7f00000001c0)) r2 = socket(0xa, 0x3, 0x2f) sendmsg$auto_ETHTOOL_MSG_LINKMODES_SET(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4010}, 0x400c052) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c000000", @ANYBLOB="5e0027b4839f3015398d3b61", @ANYRES32, @ANYRES32=r2], 0x1ac}, 0x1, 0x0, 0x0, 0x40}, 0x40000) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_ila(&(0x7f0000000f80), 0xffffffffffffffff) sendmsg$auto_ILA_CMD_DEL(r3, &(0x7f0000001040)={0x0, 0x0, &(0x7f0000001000)={&(0x7f0000000fc0)={0x14, r4, 0x1, 0x70bd28, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x10}, 0x44884) openat$auto_kernel_debug_fops_orangefs_debugfs(0xffffffffffffff9c, &(0x7f0000000040), 0x242780, 0x0) r5 = openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/tracing/set_event\x00', 0x121000, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000001340), 0xffffffffffffffff) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r6, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)=ANY=[@ANYBLOB=' \x00', @ANYRES16=r7, @ANYBLOB="01002bbd7000fcdbdf2504000000040010"], 0x20}, 0x1, 0x0, 0x0, 0x24040000}, 0x18800) socket$nl_generic(0x10, 0x3, 0x10) madvise$auto(0x0, 0xff7fffffffff0001, 0x15) close_range$auto(r5, 0x8, 0x0) 0s ago: executing program 1 (id=1632): mmap$auto(0x0, 0x3, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x6, 0xd, 0xfffffffe, 0x6, 0x7fff, 0x8, 0xffffffffffffffff, [0x0, 0xfffffffc], {0x6, 0x10001, 0xb, 0x2de, 0x504, 0x1, 0x101, 0x6, 0x6}, {0xfff7ffff, 0x2, 0x52, 0x5, 0x10001, 0x40, 0x76c5, 0xd11e, 0x8000000000000000}}) r0 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event2\x00', 0x20881, 0x0) write$auto(r0, &(0x7f0000000040)='/dev/input/event1\x00', 0x10001) r1 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) write$auto(0x3, 0x0, 0xfdef) r2 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) ioctl$auto(r1, 0x5609, r2) mmap$auto(0x0, 0x2020009, 0x10, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_snapshot_fops_user(0xffffffffffffff9c, 0x0, 0x2000, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x101000, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r3 = socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/oom_adj\x00', 0x20a2c0, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, 0x0, 0x100000a3d9) mmap$auto(0x0, 0x400004, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$IOCTL_GET_NCIDEV_IDX(r3, 0x0, &(0x7f0000000040)) syz_genetlink_get_family_id$auto_nl80211(0x0, r4) syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff) fchown$auto(r2, 0x0, 0x0) mmap$auto(0x2000, 0x400008, 0xdf, 0x9b72, r3, 0x8000) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f000000c340)='/proc/thread-self/pagemap\x00', 0x8000, 0x0) kernel console output (not intermixed with test programs): x timeout [ 622.787981][T11964] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 622.803595][T11964] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 622.841503][T11964] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 622.873832][T11964] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 622.961890][ T9970] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 623.169005][ T30] audit: type=1326 audit(4294967324.110:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11983 comm="syz.2.1047" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fbe3e79c799 code=0x0 [ 623.305072][T11987] FAULT_INJECTION: forcing a failure. [ 623.305072][T11987] name failslab, interval 1, probability 0, space 0, times 0 [ 623.351434][T11987] CPU: 1 UID: 0 PID: 11987 Comm: syz.0.1048 Tainted: G L syzkaller #0 PREEMPT(full) [ 623.351480][T11987] Tainted: [L]=SOFTLOCKUP [ 623.351491][T11987] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 623.351507][T11987] Call Trace: [ 623.351517][T11987] [ 623.351528][T11987] dump_stack_lvl+0x100/0x190 [ 623.351575][T11987] should_fail_ex.cold+0x5/0xa [ 623.351608][T11987] ? sk_prot_alloc+0x10b/0x2a0 [ 623.351634][T11987] should_failslab+0xc2/0x120 [ 623.351664][T11987] __kmalloc_noprof+0xe0/0x850 [ 623.351712][T11987] sk_prot_alloc+0x10b/0x2a0 [ 623.351741][T11987] sk_alloc+0x36/0xe80 [ 623.351775][T11987] mISDN_sock_create+0x267/0x420 [ 623.351930][T11987] __sock_create+0x339/0x860 [ 623.351967][T11987] __sys_socket+0x14d/0x260 [ 623.351997][T11987] ? __pfx___sys_socket+0x10/0x10 [ 623.352035][T11987] __x64_sys_socket+0x72/0xb0 [ 623.352062][T11987] ? lockdep_hardirqs_on+0x78/0x100 [ 623.352100][T11987] do_syscall_64+0x106/0xf80 [ 623.352136][T11987] ? clear_bhb_loop+0x40/0x90 [ 623.352171][T11987] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 623.352201][T11987] RIP: 0033:0x7f25c959c799 [ 623.352224][T11987] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 623.352253][T11987] RSP: 002b:00007f25ca3c2028 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 623.352280][T11987] RAX: ffffffffffffffda RBX: 00007f25c9815fa0 RCX: 00007f25c959c799 [ 623.352298][T11987] RDX: 0000000000000001 RSI: 0000000000000002 RDI: 0000000000000022 [ 623.352314][T11987] RBP: 00007f25c9632c99 R08: 0000000000000000 R09: 0000000000000000 [ 623.352330][T11987] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 623.352346][T11987] R13: 00007f25c9816038 R14: 00007f25c9815fa0 R15: 00007ffcd9819c28 [ 623.352381][T11987] [ 624.074641][ T9970] Bluetooth: hci0: command 0x0419 tx timeout [ 624.322162][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.322228][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 624.874755][ T9970] Bluetooth: hci2: command 0x0c1a tx timeout [ 624.874800][ T9970] Bluetooth: hci3: command 0x0c1a tx timeout [ 624.874830][ T9970] Bluetooth: hci1: command 0x0c1a tx timeout [ 626.281006][T12054] program syz.0.1075 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 626.630642][T12056] zswap: compressor not available [ 626.631580][T12060] ACPI: EC: Assuming SCI_EVT clearing on QR_EC writes [ 627.033533][T12083] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1084'. [ 627.563645][T12063] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 627.568845][T12063] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 627.569104][T12063] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 627.569360][T12063] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 627.787154][T12095] usb usb36: usbfs: process 12095 (syz.3.1089) did not claim interface 0 before use [ 628.024191][T12101] capability: warning: `syz.0.1091' uses 32-bit capabilities (legacy support in use) [ 628.046979][T12104] binder: 12102:12104 ioctl c0306201 0 returned -14 [ 628.364694][T12112] sd 0:0:1:0: PR command failed: 1026 [ 628.370174][T12112] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 628.387957][T12114] bond0: invalid ARP target specified [ 628.434193][T12112] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 628.480320][T12117] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1094'. [ 628.635901][ T6478] Bluetooth: hci0: command 0x0419 tx timeout [ 629.157165][T12132] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1101'. [ 629.596571][ T6478] Bluetooth: hci2: command 0x0c1a tx timeout [ 629.596602][ T6478] Bluetooth: hci3: command 0x0c1a tx timeout [ 629.596622][ T6478] Bluetooth: hci1: command 0x0c1a tx timeout [ 630.069348][T12127] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 630.076900][T12127] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 630.077709][T12127] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 630.080021][T12127] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 630.298996][T12147] bond0: invalid ARP target specified [ 630.364287][T12150] FAULT_INJECTION: forcing a failure. [ 630.364287][T12150] name failslab, interval 1, probability 0, space 0, times 0 [ 630.405642][T12150] CPU: 1 UID: 0 PID: 12150 Comm: syz.1.1106 Tainted: G L syzkaller #0 PREEMPT(full) [ 630.405697][T12150] Tainted: [L]=SOFTLOCKUP [ 630.405707][T12150] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 630.405724][T12150] Call Trace: [ 630.405733][T12150] [ 630.405743][T12150] dump_stack_lvl+0x100/0x190 [ 630.405791][T12150] should_fail_ex.cold+0x5/0xa [ 630.405824][T12150] should_failslab+0xc2/0x120 [ 630.405854][T12150] __kmalloc_cache_noprof+0x7a/0x6f0 [ 630.405889][T12150] ? io_uring_setup.cold+0x6c/0x1d79 [ 630.405950][T12150] io_uring_setup.cold+0x6c/0x1d79 [ 630.405992][T12150] ? __pfx_io_uring_setup+0x10/0x10 [ 630.406144][T12150] ? do_futex+0x192/0x350 [ 630.406181][T12150] ? __pfx_do_futex+0x10/0x10 [ 630.406233][T12150] ? xfd_validate_state+0x129/0x190 [ 630.406282][T12150] __x64_sys_io_uring_setup+0xc2/0x170 [ 630.406319][T12150] do_syscall_64+0x106/0xf80 [ 630.406353][T12150] ? clear_bhb_loop+0x40/0x90 [ 630.406387][T12150] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 630.406415][T12150] RIP: 0033:0x7f8d6519c799 [ 630.406438][T12150] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 630.406466][T12150] RSP: 002b:00007f8d660f1028 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 630.406494][T12150] RAX: ffffffffffffffda RBX: 00007f8d65415fa0 RCX: 00007f8d6519c799 [ 630.406514][T12150] RDX: 0000000000000000 RSI: 0000200000000200 RDI: 0000000000000059 [ 630.406530][T12150] RBP: 00007f8d65232c99 R08: 0000000000000000 R09: 0000000000000000 [ 630.406546][T12150] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 630.406563][T12150] R13: 00007f8d65416038 R14: 00007f8d65415fa0 R15: 00007ffdf0524398 [ 630.406600][T12150] [ 630.858277][T12157] FAULT_INJECTION: forcing a failure. [ 630.858277][T12157] name failslab, interval 1, probability 0, space 0, times 0 [ 630.858324][T12157] CPU: 1 UID: 0 PID: 12157 Comm: syz.1.1109 Tainted: G L syzkaller #0 PREEMPT(full) [ 630.858370][T12157] Tainted: [L]=SOFTLOCKUP [ 630.858381][T12157] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 630.858398][T12157] Call Trace: [ 630.858407][T12157] [ 630.858417][T12157] dump_stack_lvl+0x100/0x190 [ 630.858462][T12157] should_fail_ex.cold+0x5/0xa [ 630.858496][T12157] should_failslab+0xc2/0x120 [ 630.858526][T12157] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 630.858562][T12157] ? do_fcntl_add_lease+0x9d/0x550 [ 630.858594][T12157] do_fcntl_add_lease+0x9d/0x550 [ 630.858622][T12157] ? __pfx_do_fcntl_add_lease+0x10/0x10 [ 630.858648][T12157] ? __pfx_futex_wait+0x10/0x10 [ 630.858700][T12157] fcntl_setlease+0xfc/0x180 [ 630.858728][T12157] ? __pfx_fcntl_setlease+0x10/0x10 [ 630.858768][T12157] do_fcntl+0x1149/0x1670 [ 630.858803][T12157] ? __pfx_do_fcntl+0x10/0x10 [ 630.858833][T12157] ? __fget_files+0x215/0x3d0 [ 630.858869][T12157] ? tomoyo_file_fcntl+0x6c/0xc0 [ 630.858913][T12157] __x64_sys_fcntl+0x163/0x200 [ 630.858951][T12157] do_syscall_64+0x106/0xf80 [ 630.858988][T12157] ? clear_bhb_loop+0x40/0x90 [ 630.859022][T12157] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 630.859050][T12157] RIP: 0033:0x7f8d6519c799 [ 630.859074][T12157] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 630.859102][T12157] RSP: 002b:00007f8d660f1028 EFLAGS: 00000246 ORIG_RAX: 0000000000000048 [ 630.859130][T12157] RAX: ffffffffffffffda RBX: 00007f8d65415fa0 RCX: 00007f8d6519c799 [ 630.859149][T12157] RDX: 9ec0000000000000 RSI: 0000000000000400 RDI: 0000000000000003 [ 630.859167][T12157] RBP: 00007f8d65232c99 R08: 0000000000000000 R09: 0000000000000000 [ 630.859184][T12157] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 630.859199][T12157] R13: 00007f8d65416038 R14: 00007f8d65415fa0 R15: 00007ffdf0524398 [ 630.859237][T12157] [ 631.113830][T12164] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input29 [ 631.279013][ T9970] Bluetooth: hci0: command 0x0419 tx timeout [ 631.888474][T12179] bond0: invalid ARP target specified [ 632.074229][ T9970] Bluetooth: hci1: command 0x0c1a tx timeout [ 632.077018][T12166] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 632.077220][T12166] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 632.077375][T12166] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 632.077471][T12166] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 632.903359][T12183] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 632.903500][T12183] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 632.903907][T12183] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 632.905345][T12183] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 634.040742][T12208] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1123'. [ 634.339056][T12212] FAULT_INJECTION: forcing a failure. [ 634.339056][T12212] name failslab, interval 1, probability 0, space 0, times 0 [ 634.339103][T12212] CPU: 1 UID: 0 PID: 12212 Comm: syz.1.1124 Tainted: G L syzkaller #0 PREEMPT(full) [ 634.339144][T12212] Tainted: [L]=SOFTLOCKUP [ 634.339154][T12212] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 634.339171][T12212] Call Trace: [ 634.339180][T12212] [ 634.339190][T12212] dump_stack_lvl+0x100/0x190 [ 634.339237][T12212] should_fail_ex.cold+0x5/0xa [ 634.339271][T12212] should_failslab+0xc2/0x120 [ 634.339301][T12212] __kmalloc_cache_noprof+0x7a/0x6f0 [ 634.339336][T12212] ? do_kimage_alloc_init+0x40/0x320 [ 634.339371][T12212] do_kimage_alloc_init+0x40/0x320 [ 634.339398][T12212] do_kexec_load+0x11b/0x810 [ 634.339430][T12212] ? __pfx_do_kexec_load+0x10/0x10 [ 634.339461][T12212] ? _copy_from_user+0x59/0xd0 [ 634.339626][T12212] __x64_sys_kexec_load+0x1bf/0x230 [ 634.339670][T12212] do_syscall_64+0x106/0xf80 [ 634.339709][T12212] ? clear_bhb_loop+0x40/0x90 [ 634.339743][T12212] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 634.339772][T12212] RIP: 0033:0x7f8d6519c799 [ 634.339795][T12212] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 634.339823][T12212] RSP: 002b:00007f8d660f1028 EFLAGS: 00000246 ORIG_RAX: 00000000000000f6 [ 634.339853][T12212] RAX: ffffffffffffffda RBX: 00007f8d65415fa0 RCX: 00007f8d6519c799 [ 634.339871][T12212] RDX: 0000200000000040 RSI: 0000000000000002 RDI: 0000000000000005 [ 634.339888][T12212] RBP: 00007f8d65232c99 R08: 0000000000000000 R09: 0000000000000000 [ 634.339906][T12212] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000000000 [ 634.339922][T12212] R13: 00007f8d65416038 R14: 00007f8d65415fa0 R15: 00007ffdf0524398 [ 634.339960][T12212] [ 634.635117][T12218] usb usb27: usbfs: interface 0 claimed by hub while 'syz.1.1126' sets config #0 [ 634.914091][T12198] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 634.914295][T12198] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 634.922071][T12198] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 634.922337][T12198] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 636.409215][T12248] futex_wake_op: syz.0.1137 tries to shift op by -2048; fix this program [ 636.411505][T12248] 0x000000000001-0x00000c0d36d5 : "" [ 636.411558][T12248] mtd: partition "" extends beyond the end of device "mtdram test device" -- size truncated to 0x1ffff [ 636.423383][T12234] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 636.472395][T12248] ftl_cs: FTL header corrupt! [ 636.495540][T12234] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 636.543913][T12250] batman_adv: Routing algorithm '' is not supported [ 636.644646][T12234] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 636.650728][T12234] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 637.100143][ T30] audit: type=1807 audit(4294967338.040:11): UNKNOWN=1 res=0 [ 637.115063][T12258] ima: policy update failed [ 637.138645][ T30] audit: type=1802 audit(4294967338.040:12): pid=12259 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=update_policy cause=invalid-policy comm="syz.2.1140" res=0 errno=0 [ 637.204142][ T30] audit: type=1802 audit(4294967338.100:13): pid=12258 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.2.1140" res=0 errno=0 [ 637.675163][ T9970] Bluetooth: hci0: command 0x0419 tx timeout [ 637.745667][T12280] bond0: invalid ARP target specified [ 637.791379][T12280] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1151'. [ 637.857447][T12280] FAULT_INJECTION: forcing a failure. [ 637.857447][T12280] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 637.916207][T12280] CPU: 1 UID: 0 PID: 12280 Comm: syz.3.1151 Tainted: G L syzkaller #0 PREEMPT(full) [ 637.916253][T12280] Tainted: [L]=SOFTLOCKUP [ 637.916263][T12280] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 637.916279][T12280] Call Trace: [ 637.916289][T12280] [ 637.916299][T12280] dump_stack_lvl+0x100/0x190 [ 637.916347][T12280] should_fail_ex.cold+0x5/0xa [ 637.916374][T12280] ? prepare_alloc_pages+0x16d/0x5f0 [ 637.916408][T12280] should_fail_alloc_page+0xeb/0x140 [ 637.916439][T12280] prepare_alloc_pages+0x1f0/0x5f0 [ 637.916469][T12280] ? __lock_acquire+0x4a5/0x2630 [ 637.916507][T12280] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 637.916555][T12280] ? lock_acquire+0x1cf/0x380 [ 637.916587][T12280] ? find_held_lock+0x2b/0x80 [ 637.916612][T12280] ? page_table_check_set+0x49a/0xa10 [ 637.916654][T12280] ? page_table_check_set+0x49a/0xa10 [ 637.916697][T12280] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 637.916747][T12280] ? __page_table_check_ptes_set+0x1b5/0x4e0 [ 637.916774][T12280] ? xas_move_index+0xae/0x110 [ 637.916823][T12280] ? xas_find+0x32c/0x8e0 [ 637.916867][T12280] ? find_held_lock+0x2b/0x80 [ 637.916891][T12280] ? find_held_lock+0x2b/0x80 [ 637.916916][T12280] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 637.916960][T12280] ? policy_nodemask+0xed/0x4f0 [ 637.916992][T12280] alloc_pages_mpol+0x1fb/0x550 [ 637.917021][T12280] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 637.917060][T12280] folio_alloc_mpol_noprof+0x36/0x340 [ 637.917095][T12280] vma_alloc_folio_noprof+0xed/0x1d0 [ 637.917129][T12280] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 637.917173][T12280] do_anonymous_page+0xb3a/0x1fb0 [ 637.917225][T12280] __handle_mm_fault+0x1d42/0x2b60 [ 637.917271][T12280] ? reacquire_held_locks+0xce/0x1e0 [ 637.917306][T12280] ? __pfx___handle_mm_fault+0x10/0x10 [ 637.917349][T12280] ? lock_vma_under_rcu+0x17c/0x590 [ 637.917405][T12280] handle_mm_fault+0x36d/0xa20 [ 637.917449][T12280] do_user_addr_fault+0x5a3/0x12f0 [ 637.917501][T12280] exc_page_fault+0x6f/0xd0 [ 637.917540][T12280] asm_exc_page_fault+0x26/0x30 [ 637.917568][T12280] RIP: 0033:0x7f1804a5df4b [ 637.917591][T12280] Code: 00 00 00 48 8d 3d 3d a7 1a 00 48 89 c1 31 c0 e8 9b 32 ff ff eb d2 66 0f 1f 84 00 00 00 00 00 55 31 c0 53 48 81 ec 68 10 00 00 <48> 89 7c 24 08 48 8d 3d 71 a7 1a 00 48 89 34 24 48 8b 14 24 48 8b [ 637.917619][T12280] RSP: 002b:00007f18059effa0 EFLAGS: 00010206 [ 637.917641][T12280] RAX: 0000000000000000 RBX: 00007f1804e15fa0 RCX: 0000000000000000 [ 637.917659][T12280] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000200000001140 [ 637.917677][T12280] RBP: 00007f1804c32c99 R08: 0000000000000000 R09: 0000000000000000 [ 637.917694][T12280] R10: 0000200000001140 R11: 0000000000000000 R12: 0000000000000000 [ 637.917710][T12280] R13: 00007f1804e16038 R14: 00007f1804e15fa0 R15: 00007ffea0ee7b78 [ 637.917749][T12280] [ 638.224692][T12280] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF [ 638.584075][ T9970] Bluetooth: hci1: command 0x0c1a tx timeout [ 638.636579][T12295] bond0: invalid ARP target specified [ 638.689407][T12295] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1157'. [ 638.714530][ T9970] Bluetooth: hci2: command 0x0c1a tx timeout [ 638.720589][ T9970] Bluetooth: hci3: command 0x0c1a tx timeout [ 638.738586][T12295] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 638.785562][T12295] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 638.834624][T12299] FAULT_INJECTION: forcing a failure. [ 638.834624][T12299] name failslab, interval 1, probability 0, space 0, times 0 [ 638.889624][T12299] CPU: 1 UID: 0 PID: 12299 Comm: syz.1.1157 Tainted: G L syzkaller #0 PREEMPT(full) [ 638.889671][T12299] Tainted: [L]=SOFTLOCKUP [ 638.889681][T12299] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 638.889698][T12299] Call Trace: [ 638.889707][T12299] [ 638.889717][T12299] dump_stack_lvl+0x100/0x190 [ 638.889767][T12299] should_fail_ex.cold+0x5/0xa [ 638.889799][T12299] should_failslab+0xc2/0x120 [ 638.889839][T12299] __kmalloc_cache_noprof+0x7a/0x6f0 [ 638.889875][T12299] ? bpf_prog_store_orig_filter+0x7b/0x1d0 [ 638.889921][T12299] bpf_prog_store_orig_filter+0x7b/0x1d0 [ 638.889959][T12299] bpf_prog_create_from_user+0x1c3/0x2f0 [ 638.890001][T12299] ? __pfx_seccomp_check_filter+0x10/0x10 [ 638.890049][T12299] do_seccomp+0x7f7/0x2740 [ 638.890090][T12299] ? __pfx_do_seccomp+0x10/0x10 [ 638.890125][T12299] ? __x64_sys_openat+0x12d/0x210 [ 638.890160][T12299] ? xfd_validate_state+0x129/0x190 [ 638.890209][T12299] do_syscall_64+0x106/0xf80 [ 638.890243][T12299] ? clear_bhb_loop+0x40/0x90 [ 638.890276][T12299] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 638.890305][T12299] RIP: 0033:0x7f8d6519c799 [ 638.890329][T12299] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 638.890357][T12299] RSP: 002b:00007f8d660d0028 EFLAGS: 00000246 ORIG_RAX: 000000000000013d [ 638.890383][T12299] RAX: ffffffffffffffda RBX: 00007f8d65416090 RCX: 00007f8d6519c799 [ 638.890401][T12299] RDX: 0000200000000100 RSI: 0000000000000000 RDI: 0000000000000001 [ 638.890418][T12299] RBP: 00007f8d65232c99 R08: 0000000000000000 R09: 0000000000000000 [ 638.890445][T12299] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 638.890461][T12299] R13: 00007f8d65416128 R14: 00007f8d65416090 R15: 00007ffdf0524398 [ 638.890500][T12299] [ 639.291607][T12295] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 639.291635][T12295] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 639.881906][T12317] FAULT_INJECTION: forcing a failure. [ 639.881906][T12317] name failslab, interval 1, probability 0, space 0, times 0 [ 639.994077][T12317] CPU: 1 UID: 0 PID: 12317 Comm: syz.2.1166 Tainted: G L syzkaller #0 PREEMPT(full) [ 639.994121][T12317] Tainted: [L]=SOFTLOCKUP [ 639.994130][T12317] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 639.994146][T12317] Call Trace: [ 639.994155][T12317] [ 639.994166][T12317] dump_stack_lvl+0x100/0x190 [ 639.994224][T12317] should_fail_ex.cold+0x5/0xa [ 639.994257][T12317] ? __pfx_memory_stat_show+0x10/0x10 [ 639.994296][T12317] should_failslab+0xc2/0x120 [ 639.994324][T12317] ? __pfx_memory_stat_show+0x10/0x10 [ 639.994361][T12317] __kmalloc_cache_noprof+0x7a/0x6f0 [ 639.994399][T12317] ? memory_stat_show+0xca/0x1c0 [ 639.994441][T12317] ? __pfx_memory_stat_show+0x10/0x10 [ 639.994475][T12317] memory_stat_show+0xca/0x1c0 [ 639.994514][T12317] ? __pfx_memory_stat_show+0x10/0x10 [ 639.994552][T12317] ? kernfs_root+0xf8/0x2a0 [ 639.994641][T12317] ? kernfs_root_flags+0x19/0x60 [ 639.994688][T12317] cgroup_seqfile_show+0xd2/0x1f0 [ 639.994722][T12317] traverse.part.0.constprop.0+0x107/0x650 [ 639.994779][T12317] seq_read_iter+0x93f/0x1270 [ 639.994835][T12317] kernfs_fop_read_iter+0x46c/0x610 [ 639.994867][T12317] ? rw_verify_area+0xce/0x6d0 [ 639.994905][T12317] ? __pfx_kernfs_fop_read_iter+0x10/0x10 [ 639.994939][T12317] vfs_read+0x825/0xb30 [ 639.994984][T12317] ? __pfx_vfs_read+0x10/0x10 [ 639.995022][T12317] ? find_held_lock+0x2b/0x80 [ 639.995074][T12317] __x64_sys_pread64+0x1eb/0x250 [ 639.995102][T12317] ? __pfx___x64_sys_pread64+0x10/0x10 [ 639.995141][T12317] do_syscall_64+0x106/0xf80 [ 639.995178][T12317] ? clear_bhb_loop+0x40/0x90 [ 639.995221][T12317] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 639.995250][T12317] RIP: 0033:0x7fbe3e79c799 [ 639.995274][T12317] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 639.995303][T12317] RSP: 002b:00007fbe3f612028 EFLAGS: 00000246 ORIG_RAX: 0000000000000011 [ 639.995330][T12317] RAX: ffffffffffffffda RBX: 00007fbe3ea15fa0 RCX: 00007fbe3e79c799 [ 639.995349][T12317] RDX: 0000000000000006 RSI: 0000000000000000 RDI: 0000000000000003 [ 639.995366][T12317] RBP: 00007fbe3e832c99 R08: 0000000000000000 R09: 0000000000000000 [ 639.995383][T12317] R10: 0000000000040008 R11: 0000000000000246 R12: 0000000000000000 [ 639.995400][T12317] R13: 00007fbe3ea16038 R14: 00007fbe3ea15fa0 R15: 00007ffd655b1b28 [ 639.995439][T12317] [ 640.843876][T12340] __vm_enough_memory: pid: 12340, comm: syz.1.1173, bytes: 4398046511104 not enough memory for the allocation [ 641.555984][T12348] bond0: invalid ARP target specified [ 641.565411][T12348] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1176'. [ 641.611122][T12324] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 641.612351][T12324] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 641.615670][T12324] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 641.615952][T12324] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 641.655694][T12348] FAULT_INJECTION: forcing a failure. [ 641.655694][T12348] name fail_futex, interval 1, probability 0, space 0, times 0 [ 641.655741][T12348] CPU: 1 UID: 0 PID: 12348 Comm: syz.3.1176 Tainted: G L syzkaller #0 PREEMPT(full) [ 641.655782][T12348] Tainted: [L]=SOFTLOCKUP [ 641.655791][T12348] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 641.655807][T12348] Call Trace: [ 641.655816][T12348] [ 641.655826][T12348] dump_stack_lvl+0x100/0x190 [ 641.655870][T12348] should_fail_ex.cold+0x5/0xa [ 641.655904][T12348] get_futex_key+0x1d2/0x1620 [ 641.655940][T12348] ? __pfx_get_futex_key+0x10/0x10 [ 641.655969][T12348] ? futex_hash+0x2c5/0x380 [ 641.656012][T12348] futex_wake+0xea/0x530 [ 641.656061][T12348] ? __pfx_futex_wait+0x10/0x10 [ 641.656101][T12348] ? __pfx_futex_wake+0x10/0x10 [ 641.656143][T12348] ? __lock_acquire+0x4a5/0x2630 [ 641.656184][T12348] do_futex+0x32b/0x350 [ 641.656219][T12348] ? __pfx_do_futex+0x10/0x10 [ 641.656254][T12348] ? find_held_lock+0x2b/0x80 [ 641.656284][T12348] __x64_sys_futex+0x34f/0x4d0 [ 641.656322][T12348] ? __fget_files+0x21f/0x3d0 [ 641.656349][T12348] ? __pfx___x64_sys_futex+0x10/0x10 [ 641.656398][T12348] do_syscall_64+0x106/0xf80 [ 641.656435][T12348] ? clear_bhb_loop+0x40/0x90 [ 641.656470][T12348] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 641.656499][T12348] RIP: 0033:0x7f1804b9c799 [ 641.656522][T12348] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 641.656549][T12348] RSP: 002b:00007f18059f10e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 641.656576][T12348] RAX: ffffffffffffffda RBX: 00007f1804e15fa8 RCX: 00007f1804b9c799 [ 641.656596][T12348] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f1804e15fac [ 641.656613][T12348] RBP: 00007f1804e15fa0 R08: 0000000000000000 R09: 0000000000000000 [ 641.656632][T12348] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000 [ 641.656650][T12348] R13: 00007f1804e16038 R14: 00007ffea0ee7a90 R15: 00007ffea0ee7b78 [ 641.656688][T12348] [ 641.925995][T12355] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1179'. [ 642.104382][T12361] bond0: invalid ARP target specified [ 642.114754][T12361] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1182'. [ 642.158556][ T6478] Bluetooth: hci0: command 0x0419 tx timeout [ 642.222288][T12363] FAULT_INJECTION: forcing a failure. [ 642.222288][T12363] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 642.357312][T12363] CPU: 0 UID: 0 PID: 12363 Comm: syz.1.1182 Tainted: G L syzkaller #0 PREEMPT(full) [ 642.357359][T12363] Tainted: [L]=SOFTLOCKUP [ 642.357370][T12363] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 642.357387][T12363] Call Trace: [ 642.357396][T12363] [ 642.357407][T12363] dump_stack_lvl+0x100/0x190 [ 642.357454][T12363] should_fail_ex.cold+0x5/0xa [ 642.357481][T12363] ? prepare_alloc_pages+0x16d/0x5f0 [ 642.357517][T12363] should_fail_alloc_page+0xeb/0x140 [ 642.357550][T12363] prepare_alloc_pages+0x1f0/0x5f0 [ 642.357580][T12363] ? __lock_acquire+0x4a5/0x2630 [ 642.357620][T12363] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 642.357670][T12363] ? lock_acquire+0x1cf/0x380 [ 642.357704][T12363] ? find_held_lock+0x2b/0x80 [ 642.357730][T12363] ? page_table_check_set+0x49a/0xa10 [ 642.357772][T12363] ? page_table_check_set+0x49a/0xa10 [ 642.357822][T12363] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 642.357873][T12363] ? __page_table_check_ptes_set+0x1b5/0x4e0 [ 642.357901][T12363] ? xas_move_index+0xae/0x110 [ 642.357940][T12363] ? xas_find+0x32c/0x8e0 [ 642.357989][T12363] ? find_held_lock+0x2b/0x80 [ 642.358014][T12363] ? find_held_lock+0x2b/0x80 [ 642.358038][T12363] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 642.358084][T12363] ? policy_nodemask+0xed/0x4f0 [ 642.358117][T12363] alloc_pages_mpol+0x1fb/0x550 [ 642.358148][T12363] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 642.358189][T12363] folio_alloc_mpol_noprof+0x36/0x340 [ 642.358226][T12363] vma_alloc_folio_noprof+0xed/0x1d0 [ 642.358260][T12363] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 642.358306][T12363] do_anonymous_page+0xb3a/0x1fb0 [ 642.358357][T12363] __handle_mm_fault+0x1d42/0x2b60 [ 642.358401][T12363] ? reacquire_held_locks+0xce/0x1e0 [ 642.358434][T12363] ? __pfx___handle_mm_fault+0x10/0x10 [ 642.358474][T12363] ? lock_vma_under_rcu+0x17c/0x590 [ 642.358532][T12363] handle_mm_fault+0x36d/0xa20 [ 642.358575][T12363] do_user_addr_fault+0x5a3/0x12f0 [ 642.358629][T12363] exc_page_fault+0x6f/0xd0 [ 642.358666][T12363] asm_exc_page_fault+0x26/0x30 [ 642.358694][T12363] RIP: 0033:0x7f8d6505df4b [ 642.358717][T12363] Code: 00 00 00 48 8d 3d 3d a7 1a 00 48 89 c1 31 c0 e8 9b 32 ff ff eb d2 66 0f 1f 84 00 00 00 00 00 55 31 c0 53 48 81 ec 68 10 00 00 <48> 89 7c 24 08 48 8d 3d 71 a7 1a 00 48 89 34 24 48 8b 14 24 48 8b [ 642.358745][T12363] RSP: 002b:00007f8d660cefa0 EFLAGS: 00010206 [ 642.358768][T12363] RAX: 0000000000000000 RBX: 00007f8d65416090 RCX: 0000000000000000 [ 642.358786][T12363] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000200000001140 [ 642.358803][T12363] RBP: 00007f8d65232c99 R08: 0000000000000000 R09: 0000000000000000 [ 642.358821][T12363] R10: 0000200000001140 R11: 0000000000000000 R12: 0000000000000000 [ 642.358837][T12363] R13: 00007f8d65416128 R14: 00007f8d65416090 R15: 00007ffdf0524398 [ 642.358876][T12363] [ 642.484098][T12363] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF [ 643.113297][ T6557] netdevsim netdevsim100 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 643.434804][T12382] FAULT_INJECTION: forcing a failure. [ 643.434804][T12382] name failslab, interval 1, probability 0, space 0, times 0 [ 643.497682][T12382] CPU: 1 UID: 0 PID: 12382 Comm: syz.2.1190 Tainted: G L syzkaller #0 PREEMPT(full) [ 643.497727][T12382] Tainted: [L]=SOFTLOCKUP [ 643.497737][T12382] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 643.497755][T12382] Call Trace: [ 643.497764][T12382] [ 643.497774][T12382] dump_stack_lvl+0x100/0x190 [ 643.497821][T12382] should_fail_ex.cold+0x5/0xa [ 643.497855][T12382] should_failslab+0xc2/0x120 [ 643.497896][T12382] __kmalloc_node_track_caller_noprof+0xe3/0x850 [ 643.497945][T12382] ? snd_pcm_hw_rule_add+0x3b3/0x510 [ 643.498053][T12382] ? kfree+0x2ec/0x6b0 [ 643.498094][T12382] krealloc_node_align_noprof+0xfb/0x3e0 [ 643.498137][T12382] ? __split_page_owner+0x1f9/0x350 [ 643.498169][T12382] snd_pcm_hw_rule_add+0x3b3/0x510 [ 643.498198][T12382] ? __pfx_snd_pcm_hw_rule_muldivk+0x10/0x10 [ 643.498275][T12382] ? __pfx_snd_pcm_hw_rule_add+0x10/0x10 [ 643.498302][T12382] ? __pfx_snd_pcm_hw_rule_add+0x10/0x10 [ 643.498335][T12382] ? mutex_init_lockep+0x110/0x150 [ 643.498372][T12382] ? snd_pcm_attach_substream+0x29b/0xd60 [ 643.498416][T12382] snd_pcm_open_substream+0x942/0x1850 [ 643.498459][T12382] ? __pfx_snd_pcm_open_substream+0x10/0x10 [ 643.498507][T12382] snd_pcm_oss_open+0x735/0x1390 [ 643.498554][T12382] ? __pfx_snd_pcm_oss_open+0x10/0x10 [ 643.498585][T12382] ? __lock_acquire+0x4a5/0x2630 [ 643.498619][T12382] ? __pfx_default_wake_function+0x10/0x10 [ 643.498650][T12382] ? __lock_acquire+0x4a5/0x2630 [ 643.498695][T12382] ? do_raw_spin_lock+0x128/0x260 [ 643.498737][T12382] ? soundcore_open+0x231/0x5a0 [ 643.498767][T12382] ? __pfx_snd_pcm_oss_open+0x10/0x10 [ 643.498800][T12382] soundcore_open+0x2e3/0x5a0 [ 643.498829][T12382] ? __pfx_soundcore_open+0x10/0x10 [ 643.498865][T12382] chrdev_open+0x234/0x6a0 [ 643.498895][T12382] ? __pfx_apparmor_file_open+0x10/0x10 [ 643.498940][T12382] ? __pfx_chrdev_open+0x10/0x10 [ 643.498970][T12382] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 643.499008][T12382] do_dentry_open+0x6d8/0x1660 [ 643.499034][T12382] ? __pfx_chrdev_open+0x10/0x10 [ 643.499072][T12382] vfs_open+0x82/0x3f0 [ 643.499111][T12382] path_openat+0x208c/0x31a0 [ 643.499150][T12382] ? __pfx_path_openat+0x10/0x10 [ 643.499193][T12382] do_file_open+0x20e/0x430 [ 643.499225][T12382] ? __pfx_do_file_open+0x10/0x10 [ 643.499276][T12382] ? alloc_fd+0x476/0x790 [ 643.499308][T12382] ? do_getname+0x191/0x390 [ 643.499344][T12382] do_sys_openat2+0x10d/0x1e0 [ 643.499377][T12382] ? __pfx_do_sys_openat2+0x10/0x10 [ 643.499416][T12382] ? __fget_files+0x21f/0x3d0 [ 643.499451][T12382] __x64_sys_openat+0x12d/0x210 [ 643.499487][T12382] ? __pfx___x64_sys_openat+0x10/0x10 [ 643.499537][T12382] do_syscall_64+0x106/0xf80 [ 643.499574][T12382] ? clear_bhb_loop+0x40/0x90 [ 643.499607][T12382] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 643.499636][T12382] RIP: 0033:0x7fbe3e79c799 [ 643.499661][T12382] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 643.499689][T12382] RSP: 002b:00007fbe3f612028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 643.499717][T12382] RAX: ffffffffffffffda RBX: 00007fbe3ea15fa0 RCX: 00007fbe3e79c799 [ 643.499736][T12382] RDX: 0000000000020342 RSI: 0000200000000100 RDI: ffffffffffffff9c [ 643.499753][T12382] RBP: 00007fbe3e832c99 R08: 0000000000000000 R09: 0000000000000000 [ 643.499770][T12382] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 643.499786][T12382] R13: 00007fbe3ea16038 R14: 00007fbe3ea15fa0 R15: 00007ffd655b1b28 [ 643.499824][T12382] [ 643.879834][ T6478] Bluetooth: hci2: command 0x0c1a tx timeout [ 643.886109][ T6478] Bluetooth: hci3: command 0x0c1a tx timeout [ 643.892240][ T6478] Bluetooth: hci1: command 0x0c1a tx timeout [ 644.311127][T12390] zswap: compressor not available [ 644.641465][T12405] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1196'. [ 644.695927][T12406] FAULT_INJECTION: forcing a failure. [ 644.695927][T12406] name fail_futex, interval 1, probability 0, space 0, times 0 [ 644.695957][T12406] CPU: 0 UID: 0 PID: 12406 Comm: syz.1.1196 Tainted: G L syzkaller #0 PREEMPT(full) [ 644.695978][T12406] Tainted: [L]=SOFTLOCKUP [ 644.695983][T12406] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 644.695991][T12406] Call Trace: [ 644.695997][T12406] [ 644.696002][T12406] dump_stack_lvl+0x100/0x190 [ 644.696028][T12406] should_fail_ex.cold+0x5/0xa [ 644.696046][T12406] get_futex_key+0x1d2/0x1620 [ 644.696066][T12406] ? __pfx_get_futex_key+0x10/0x10 [ 644.696089][T12406] futex_wake+0xea/0x530 [ 644.696108][T12406] ? __fget_files+0x215/0x3d0 [ 644.696123][T12406] ? __pfx_futex_wake+0x10/0x10 [ 644.696144][T12406] ? __fget_files+0x21f/0x3d0 [ 644.696163][T12406] do_futex+0x32b/0x350 [ 644.696181][T12406] ? __pfx_do_futex+0x10/0x10 [ 644.696200][T12406] ? __pfx_do_sendfile+0x10/0x10 [ 644.696223][T12406] __x64_sys_futex+0x34f/0x4d0 [ 644.696244][T12406] ? __pfx___x64_sys_futex+0x10/0x10 [ 644.696262][T12406] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 644.696284][T12406] do_syscall_64+0x106/0xf80 [ 644.696303][T12406] ? clear_bhb_loop+0x40/0x90 [ 644.696321][T12406] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 644.696358][T12406] RIP: 0033:0x7f8d6519c799 [ 644.696372][T12406] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 644.696387][T12406] RSP: 002b:00007f8d660af0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 644.696402][T12406] RAX: ffffffffffffffda RBX: 00007f8d65416188 RCX: 00007f8d6519c799 [ 644.696412][T12406] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f8d6541618c [ 644.696422][T12406] RBP: 00007f8d65416180 R08: 0000000000000000 R09: 0000000000000000 [ 644.696431][T12406] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000 [ 644.696440][T12406] R13: 00007f8d65416218 R14: 00007ffdf05242b0 R15: 00007ffdf0524398 [ 644.696459][T12406] [ 644.782786][T12404] bond0: invalid ARP target specified [ 645.088796][T12392] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 645.089044][T12392] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 645.089223][T12392] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 645.089391][T12392] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 645.765232][T12421] bond0: invalid ARP target specified [ 645.794980][T12421] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1201'. [ 645.847654][T12421] FAULT_INJECTION: forcing a failure. [ 645.847654][T12421] name fail_futex, interval 1, probability 0, space 0, times 0 [ 645.888636][T12421] CPU: 1 UID: 0 PID: 12421 Comm: syz.3.1201 Tainted: G L syzkaller #0 PREEMPT(full) [ 645.888681][T12421] Tainted: [L]=SOFTLOCKUP [ 645.888691][T12421] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 645.888707][T12421] Call Trace: [ 645.888716][T12421] [ 645.888727][T12421] dump_stack_lvl+0x100/0x190 [ 645.888785][T12421] should_fail_ex.cold+0x5/0xa [ 645.888820][T12421] get_futex_key+0x1d2/0x1620 [ 645.888857][T12421] ? __pfx_get_futex_key+0x10/0x10 [ 645.888902][T12421] futex_wake+0xea/0x530 [ 645.888938][T12421] ? __fget_files+0x215/0x3d0 [ 645.888969][T12421] ? __pfx_futex_wake+0x10/0x10 [ 645.889008][T12421] ? __fget_files+0x21f/0x3d0 [ 645.889045][T12421] do_futex+0x32b/0x350 [ 645.889080][T12421] ? __pfx_do_futex+0x10/0x10 [ 645.889113][T12421] ? __pfx_do_sendfile+0x10/0x10 [ 645.889157][T12421] __x64_sys_futex+0x34f/0x4d0 [ 645.889197][T12421] ? __pfx___x64_sys_futex+0x10/0x10 [ 645.889231][T12421] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 645.889273][T12421] do_syscall_64+0x106/0xf80 [ 645.889311][T12421] ? clear_bhb_loop+0x40/0x90 [ 645.889345][T12421] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 645.889373][T12421] RIP: 0033:0x7f1804b9c799 [ 645.889396][T12421] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 645.889423][T12421] RSP: 002b:00007f18059f10e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 645.889455][T12421] RAX: ffffffffffffffda RBX: 00007f1804e15fa8 RCX: 00007f1804b9c799 [ 645.889473][T12421] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f1804e15fac [ 645.889491][T12421] RBP: 00007f1804e15fa0 R08: 0000000000000000 R09: 0000000000000000 [ 645.889507][T12421] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000 [ 645.889525][T12421] R13: 00007f1804e16038 R14: 00007ffea0ee7a90 R15: 00007ffea0ee7b78 [ 645.889558][T12421] [ 646.264205][ T6478] Bluetooth: hci0: command 0x0419 tx timeout [ 647.115289][ T6478] Bluetooth: hci2: command 0x0c1a tx timeout [ 647.115326][ T6478] Bluetooth: hci3: command 0x0c1a tx timeout [ 647.115345][ T6478] Bluetooth: hci1: command 0x0c1a tx timeout [ 647.479378][T12435] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 647.479598][T12435] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 647.479781][T12435] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 647.479954][T12435] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 647.745141][T12458] FAULT_INJECTION: forcing a failure. [ 647.745141][T12458] name failslab, interval 1, probability 0, space 0, times 0 [ 647.824194][T12458] CPU: 1 UID: 0 PID: 12458 Comm: syz.2.1212 Tainted: G L syzkaller #0 PREEMPT(full) [ 647.824238][T12458] Tainted: [L]=SOFTLOCKUP [ 647.824247][T12458] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 647.824262][T12458] Call Trace: [ 647.824271][T12458] [ 647.824281][T12458] dump_stack_lvl+0x100/0x190 [ 647.824329][T12458] should_fail_ex.cold+0x5/0xa [ 647.824362][T12458] should_failslab+0xc2/0x120 [ 647.824393][T12458] __kmalloc_cache_noprof+0x7a/0x6f0 [ 647.824430][T12458] ? mon_text_open+0x1d9/0x510 [ 647.824566][T12458] ? lockdep_init_map_type+0x5c/0x250 [ 647.824609][T12458] ? __pfx_mon_text_open+0x10/0x10 [ 647.824633][T12458] mon_text_open+0x1d9/0x510 [ 647.824669][T12458] ? __pfx_mon_text_open+0x10/0x10 [ 647.824697][T12458] ? __debugfs_file_get+0x1fc/0x860 [ 647.824808][T12458] ? __pfx___debugfs_file_get+0x10/0x10 [ 647.824846][T12458] ? __pfx_apparmor_file_open+0x10/0x10 [ 647.824888][T12458] ? lockdown_is_locked_down+0x3d/0x140 [ 647.824956][T12458] ? bpf_lsm_locked_down+0x9/0x10 [ 647.824989][T12458] ? __pfx_mon_text_open+0x10/0x10 [ 647.825013][T12458] full_proxy_open_regular+0x1b6/0x370 [ 647.825057][T12458] do_dentry_open+0x6d8/0x1660 [ 647.825084][T12458] ? __pfx_full_proxy_open_regular+0x10/0x10 [ 647.825135][T12458] vfs_open+0x82/0x3f0 [ 647.825171][T12458] path_openat+0x208c/0x31a0 [ 647.825211][T12458] ? __pfx_path_openat+0x10/0x10 [ 647.825254][T12458] do_file_open+0x20e/0x430 [ 647.825283][T12458] ? __pfx_do_file_open+0x10/0x10 [ 647.825334][T12458] ? alloc_fd+0x476/0x790 [ 647.825365][T12458] ? do_getname+0x191/0x390 [ 647.825402][T12458] do_sys_openat2+0x10d/0x1e0 [ 647.825437][T12458] ? __pfx_do_sys_openat2+0x10/0x10 [ 647.825475][T12458] ? __fget_files+0x21f/0x3d0 [ 647.825509][T12458] __x64_sys_openat+0x12d/0x210 [ 647.825545][T12458] ? __pfx___x64_sys_openat+0x10/0x10 [ 647.825596][T12458] do_syscall_64+0x106/0xf80 [ 647.825633][T12458] ? clear_bhb_loop+0x40/0x90 [ 647.825678][T12458] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 647.825708][T12458] RIP: 0033:0x7fbe3e79c799 [ 647.825732][T12458] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 647.825760][T12458] RSP: 002b:00007fbe3f612028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 647.825788][T12458] RAX: ffffffffffffffda RBX: 00007fbe3ea15fa0 RCX: 00007fbe3e79c799 [ 647.825807][T12458] RDX: 0000000000080080 RSI: 0000200000000280 RDI: ffffffffffffff9c [ 647.825825][T12458] RBP: 00007fbe3e832c99 R08: 0000000000000000 R09: 0000000000000000 [ 647.825842][T12458] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 647.825858][T12458] R13: 00007fbe3ea16038 R14: 00007fbe3ea15fa0 R15: 00007ffd655b1b28 [ 647.825897][T12458] [ 648.405984][ T6478] block nbd2: Receive control failed (result -32) [ 649.420839][T12462] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 649.421060][T12462] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 649.427740][T12462] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 649.431982][T12462] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 650.405675][T12507] bond0: invalid ARP target specified [ 650.448395][T12507] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1225'. [ 650.487536][T12507] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 650.532073][T12507] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 650.554244][ T6478] Bluetooth: hci0: command 0x0419 tx timeout [ 650.645383][T12507] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 650.652811][T12507] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 650.661016][T12508] FAULT_INJECTION: forcing a failure. [ 650.661016][T12508] name fail_futex, interval 1, probability 0, space 0, times 0 [ 650.707784][T12508] CPU: 1 UID: 0 PID: 12508 Comm: syz.0.1225 Tainted: G L syzkaller #0 PREEMPT(full) [ 650.707830][T12508] Tainted: [L]=SOFTLOCKUP [ 650.707840][T12508] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 650.707856][T12508] Call Trace: [ 650.707864][T12508] [ 650.707884][T12508] dump_stack_lvl+0x100/0x190 [ 650.707930][T12508] should_fail_ex.cold+0x5/0xa [ 650.707964][T12508] get_futex_key+0x1d2/0x1620 [ 650.708001][T12508] ? __pfx_get_futex_key+0x10/0x10 [ 650.708036][T12508] ? do_raw_spin_lock+0x128/0x260 [ 650.708083][T12508] ? __pfx_call_function_single_prep_ipi+0x10/0x10 [ 650.708125][T12508] futex_wait_setup+0x83/0x510 [ 650.708172][T12508] __futex_wait+0x19f/0x300 [ 650.708214][T12508] ? __pfx___futex_wait+0x10/0x10 [ 650.708248][T12508] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 650.708283][T12508] ? lockdep_hardirqs_on+0x78/0x100 [ 650.708323][T12508] ? __pfx_futex_wake_mark+0x10/0x10 [ 650.708363][T12508] ? find_held_lock+0x2b/0x80 [ 650.708385][T12508] ? futex_wake+0x456/0x530 [ 650.708429][T12508] futex_wait+0xed/0x380 [ 650.708468][T12508] ? __pfx_futex_wait+0x10/0x10 [ 650.708516][T12508] ? lockdep_hardirqs_on+0x78/0x100 [ 650.708559][T12508] do_futex+0x1ef/0x350 [ 650.708594][T12508] ? __pfx_do_futex+0x10/0x10 [ 650.708636][T12508] __x64_sys_futex+0x34f/0x4d0 [ 650.708672][T12508] ? __x64_sys_openat+0x12d/0x210 [ 650.708707][T12508] ? __pfx___x64_sys_futex+0x10/0x10 [ 650.708756][T12508] do_syscall_64+0x106/0xf80 [ 650.708790][T12508] ? clear_bhb_loop+0x40/0x90 [ 650.708823][T12508] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 650.708853][T12508] RIP: 0033:0x7f25c959c799 [ 650.708885][T12508] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 650.708912][T12508] RSP: 002b:00007f25ca3a10e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 650.708938][T12508] RAX: ffffffffffffffda RBX: 00007f25c9816098 RCX: 00007f25c959c799 [ 650.708957][T12508] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f25c9816098 [ 650.708974][T12508] RBP: 00007f25c9816090 R08: 0000000000000000 R09: 0000000000000000 [ 650.708992][T12508] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 650.709009][T12508] R13: 00007f25c9816128 R14: 00007ffcd9819b40 R15: 00007ffcd9819c28 [ 650.709047][T12508] [ 651.444028][ T6478] Bluetooth: hci2: command 0x0c1a tx timeout [ 651.444069][ T6478] Bluetooth: hci3: command 0x0c1a tx timeout [ 651.444099][ T6478] Bluetooth: hci1: command 0x0c1a tx timeout [ 652.189190][T12532] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1233'. [ 652.569692][T12513] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 652.638721][T12513] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 652.638831][T12513] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 652.638925][T12513] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 654.052890][T12542] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 654.053123][T12542] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 654.123525][T12542] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 654.147371][T12542] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 655.114124][ T6478] Bluetooth: hci0: command 0x0419 tx timeout [ 655.490134][T12594] netlink: 'syz.1.1246': attribute type 1 has an invalid length. [ 655.718446][T12599] FAULT_INJECTION: forcing a failure. [ 655.718446][T12599] name failslab, interval 1, probability 0, space 0, times 0 [ 655.767689][T12599] CPU: 1 UID: 0 PID: 12599 Comm: syz.2.1247 Tainted: G L syzkaller #0 PREEMPT(full) [ 655.767735][T12599] Tainted: [L]=SOFTLOCKUP [ 655.767745][T12599] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 655.767761][T12599] Call Trace: [ 655.767770][T12599] [ 655.767781][T12599] dump_stack_lvl+0x100/0x190 [ 655.767826][T12599] should_fail_ex.cold+0x5/0xa [ 655.767857][T12599] ? constrain_params_by_rules+0x175/0xcc0 [ 655.767894][T12599] should_failslab+0xc2/0x120 [ 655.767931][T12599] __kmalloc_noprof+0xe0/0x850 [ 655.767979][T12599] constrain_params_by_rules+0x175/0xcc0 [ 655.768024][T12599] ? arch_stack_walk+0xa6/0xf0 [ 655.768063][T12599] ? __pfx_constrain_params_by_rules+0x10/0x10 [ 655.768098][T12599] ? stack_trace_save+0x8e/0xc0 [ 655.768130][T12599] ? kfree+0x1f6/0x6b0 [ 655.768160][T12599] ? snd_pcm_hw_param_near.constprop.0+0x573/0x850 [ 655.768202][T12599] ? snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 655.768231][T12599] ? snd_pcm_oss_read+0x3d4/0x730 [ 655.768262][T12599] ? vfs_read+0x1e4/0xb30 [ 655.768298][T12599] ? ksys_read+0x12a/0x250 [ 655.768336][T12599] ? do_syscall_64+0x106/0xf80 [ 655.768372][T12599] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 655.768401][T12599] ? snd_interval_refine+0x2d0/0x580 [ 655.768444][T12599] snd_pcm_hw_refine+0x7e7/0xad0 [ 655.768486][T12599] ? __pfx_snd_pcm_hw_refine+0x10/0x10 [ 655.768544][T12599] snd_pcm_hw_param_last+0x2b2/0x660 [ 655.768583][T12599] snd_pcm_hw_param_near.constprop.0+0x546/0x850 [ 655.768621][T12599] ? __pfx_snd_pcm_hw_param_near.constprop.0+0x10/0x10 [ 655.768655][T12599] ? calc_src_frames.isra.0+0x17c/0x1c0 [ 655.768697][T12599] snd_pcm_oss_change_params_locked+0x193a/0x39f0 [ 655.768747][T12599] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 655.768807][T12599] snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 655.768843][T12599] snd_pcm_oss_read+0x3d4/0x730 [ 655.768881][T12599] ? __pfx_snd_pcm_oss_read+0x10/0x10 [ 655.768915][T12599] vfs_read+0x1e4/0xb30 [ 655.768962][T12599] ? __pfx_vfs_read+0x10/0x10 [ 655.769006][T12599] ? find_held_lock+0x2b/0x80 [ 655.769031][T12599] ? __fget_files+0x215/0x3d0 [ 655.769056][T12599] ? __fget_files+0x215/0x3d0 [ 655.769088][T12599] ? __fget_files+0x21f/0x3d0 [ 655.769126][T12599] ksys_read+0x12a/0x250 [ 655.769165][T12599] ? __pfx_ksys_read+0x10/0x10 [ 655.769218][T12599] do_syscall_64+0x106/0xf80 [ 655.769254][T12599] ? clear_bhb_loop+0x40/0x90 [ 655.769288][T12599] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 655.769316][T12599] RIP: 0033:0x7fbe3e79c799 [ 655.769339][T12599] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 655.769367][T12599] RSP: 002b:00007fbe3f612028 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 655.769394][T12599] RAX: ffffffffffffffda RBX: 00007fbe3ea15fa0 RCX: 00007fbe3e79c799 [ 655.769413][T12599] RDX: 0000000000008080 RSI: 0000000000000000 RDI: 0000000000000003 [ 655.769430][T12599] RBP: 00007fbe3e832c99 R08: 0000000000000000 R09: 0000000000000000 [ 655.769446][T12599] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 655.769463][T12599] R13: 00007fbe3ea16038 R14: 00007fbe3ea15fa0 R15: 00007ffd655b1b28 [ 655.769500][T12599] [ 656.092132][T12601] FAULT_INJECTION: forcing a failure. [ 656.092132][T12601] name failslab, interval 1, probability 0, space 0, times 0 [ 656.105588][T12601] CPU: 1 UID: 0 PID: 12601 Comm: syz.1.1248 Tainted: G L syzkaller #0 PREEMPT(full) [ 656.105632][T12601] Tainted: [L]=SOFTLOCKUP [ 656.105642][T12601] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 656.105657][T12601] Call Trace: [ 656.105666][T12601] [ 656.105676][T12601] dump_stack_lvl+0x100/0x190 [ 656.105724][T12601] should_fail_ex.cold+0x5/0xa [ 656.105756][T12601] should_failslab+0xc2/0x120 [ 656.105786][T12601] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 656.105826][T12601] ? mpol_new+0x11b/0x2d0 [ 656.105871][T12601] mpol_new+0x11b/0x2d0 [ 656.105912][T12601] do_mbind+0x210/0xfd0 [ 656.105956][T12601] ? __pfx_do_mbind+0x10/0x10 [ 656.105986][T12601] ? __lock_acquire+0x4a5/0x2630 [ 656.106037][T12601] ? __pfx_get_nodes+0x10/0x10 [ 656.106073][T12601] ? find_held_lock+0x2b/0x80 [ 656.106107][T12601] kernel_mbind+0x1b7/0x200 [ 656.106143][T12601] ? __pfx_kernel_mbind+0x10/0x10 [ 656.106187][T12601] do_syscall_64+0x106/0xf80 [ 656.106224][T12601] ? clear_bhb_loop+0x40/0x90 [ 656.106266][T12601] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 656.106295][T12601] RIP: 0033:0x7f8d6519c799 [ 656.106319][T12601] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 656.106345][T12601] RSP: 002b:00007f8d660f1028 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed [ 656.106372][T12601] RAX: ffffffffffffffda RBX: 00007f8d65415fa0 RCX: 00007f8d6519c799 [ 656.106391][T12601] RDX: 0000000000000004 RSI: 00000000002091d2 RDI: 0000000000000000 [ 656.106407][T12601] RBP: 00007f8d65232c99 R08: 0000000000000006 R09: 0000000000000002 [ 656.106424][T12601] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 656.106441][T12601] R13: 00007f8d65416038 R14: 00007f8d65415fa0 R15: 00007ffdf0524398 [ 656.106476][T12601] [ 656.164127][ T6478] Bluetooth: hci1: command 0x0c1a tx timeout [ 656.420953][ T6478] Bluetooth: hci2: command 0x0c1a tx timeout [ 656.420979][ T6478] Bluetooth: hci3: command 0x0c1a tx timeout [ 657.052532][T12591] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 657.052746][T12591] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 657.079581][T12591] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 657.155624][T12591] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 657.440293][ T9970] Bluetooth: hci0: command 0x0419 tx timeout [ 657.670979][T12623] FAULT_INJECTION: forcing a failure. [ 657.670979][T12623] name failslab, interval 1, probability 0, space 0, times 0 [ 657.764136][T12623] CPU: 1 UID: 0 PID: 12623 Comm: syz.0.1255 Tainted: G L syzkaller #0 PREEMPT(full) [ 657.764179][T12623] Tainted: [L]=SOFTLOCKUP [ 657.764188][T12623] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 657.764203][T12623] Call Trace: [ 657.764213][T12623] [ 657.764223][T12623] dump_stack_lvl+0x100/0x190 [ 657.764268][T12623] should_fail_ex.cold+0x5/0xa [ 657.764312][T12623] should_failslab+0xc2/0x120 [ 657.764341][T12623] __kvmalloc_node_noprof+0xfa/0xa00 [ 657.764377][T12623] ? proc_sys_call_handler+0x2c7/0x5a0 [ 657.764427][T12623] proc_sys_call_handler+0x2c7/0x5a0 [ 657.764469][T12623] ? __pfx_proc_sys_call_handler+0x10/0x10 [ 657.764520][T12623] vfs_write+0x6ac/0x1070 [ 657.764561][T12623] ? __pfx_proc_sys_write+0x10/0x10 [ 657.764599][T12623] ? __pfx_vfs_write+0x10/0x10 [ 657.764658][T12623] ksys_write+0x12a/0x250 [ 657.764680][T12623] ? __pfx_ksys_write+0x10/0x10 [ 657.764714][T12623] do_syscall_64+0x106/0xf80 [ 657.764751][T12623] ? clear_bhb_loop+0x40/0x90 [ 657.764785][T12623] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 657.764811][T12623] RIP: 0033:0x7f25c959c799 [ 657.764832][T12623] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 657.764858][T12623] RSP: 002b:00007f25ca3c2028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 657.764885][T12623] RAX: ffffffffffffffda RBX: 00007f25c9815fa0 RCX: 00007f25c959c799 [ 657.764904][T12623] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 657.764921][T12623] RBP: 00007f25c9632c99 R08: 0000000000000000 R09: 0000000000000000 [ 657.764938][T12623] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 657.764954][T12623] R13: 00007f25c9816038 R14: 00007f25c9815fa0 R15: 00007ffcd9819c28 [ 657.764993][T12623] [ 658.100878][T12632] bond0: invalid ARP target specified [ 658.140126][T12632] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1258'. [ 658.156618][T12632] FAULT_INJECTION: forcing a failure. [ 658.156618][T12632] name failslab, interval 1, probability 0, space 0, times 0 [ 658.170258][T12632] CPU: 1 UID: 0 PID: 12632 Comm: syz.1.1258 Tainted: G L syzkaller #0 PREEMPT(full) [ 658.170312][T12632] Tainted: [L]=SOFTLOCKUP [ 658.170320][T12632] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 658.170336][T12632] Call Trace: [ 658.170345][T12632] [ 658.170355][T12632] dump_stack_lvl+0x100/0x190 [ 658.170401][T12632] should_fail_ex.cold+0x5/0xa [ 658.170438][T12632] should_failslab+0xc2/0x120 [ 658.170468][T12632] kmem_cache_alloc_node_noprof+0x81/0x6f0 [ 658.170511][T12632] ? __alloc_skb+0x140/0x710 [ 658.170553][T12632] __alloc_skb+0x140/0x710 [ 658.170585][T12632] ? __alloc_skb+0x5b7/0x710 [ 658.170617][T12632] ? __pfx___alloc_skb+0x10/0x10 [ 658.170647][T12632] ? genl_rcv_msg+0x4be/0x800 [ 658.170681][T12632] netlink_ack+0x117/0xb80 [ 658.170731][T12632] netlink_rcv_skb+0x333/0x420 [ 658.170771][T12632] ? __pfx_genl_rcv_msg+0x10/0x10 [ 658.170797][T12632] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 658.170847][T12632] ? netlink_deliver_tap+0x1ae/0xcc0 [ 658.170890][T12632] genl_rcv+0x28/0x40 [ 658.170914][T12632] netlink_unicast+0x5aa/0x870 [ 658.170960][T12632] ? __pfx_netlink_unicast+0x10/0x10 [ 658.171013][T12632] netlink_sendmsg+0x8b0/0xda0 [ 658.171059][T12632] ? __pfx_netlink_sendmsg+0x10/0x10 [ 658.171104][T12632] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 658.171155][T12632] __sys_sendto+0x468/0x4b0 [ 658.171187][T12632] ? __pfx_netlink_sendmsg+0x10/0x10 [ 658.171231][T12632] ? __pfx___sys_sendto+0x10/0x10 [ 658.171278][T12632] ? count_memcg_events_mm.constprop.0+0xfa/0x2a0 [ 658.171330][T12632] ? count_memcg_events_mm.constprop.0+0xfa/0x2a0 [ 658.171404][T12632] __x64_sys_sendto+0xe0/0x1c0 [ 658.171439][T12632] ? do_syscall_64+0x95/0xf80 [ 658.171476][T12632] ? lockdep_hardirqs_on+0x78/0x100 [ 658.171515][T12632] do_syscall_64+0x106/0xf80 [ 658.171549][T12632] ? clear_bhb_loop+0x40/0x90 [ 658.171583][T12632] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 658.171612][T12632] RIP: 0033:0x7f8d6515cfce [ 658.171636][T12632] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 658.171664][T12632] RSP: 002b:00007f8d660efe88 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 658.171691][T12632] RAX: ffffffffffffffda RBX: 00007f8d660f16c0 RCX: 00007f8d6515cfce [ 658.171709][T12632] RDX: 0000000000000020 RSI: 00007f8d660f0000 RDI: 000000000000000c [ 658.171726][T12632] RBP: 0000000000000000 R08: 00007f8d660eff04 R09: 000000000000000c [ 658.171742][T12632] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000000c [ 658.171759][T12632] R13: 00007f8d660eff58 R14: 00007f8d660f0000 R15: 0000000000000000 [ 658.171796][T12632] [ 658.956409][T12629] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 659.047060][T12629] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 659.053822][T12629] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 659.146307][T12629] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 660.160574][ T9970] Bluetooth: hci0: command 0x0419 tx timeout [ 661.114057][ T9970] Bluetooth: hci3: command 0x0c1a tx timeout [ 661.120083][ T6478] Bluetooth: hci1: command 0x0c1a tx timeout [ 661.194056][ T9970] Bluetooth: hci2: command 0x0c1a tx timeout [ 661.429303][T12666] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 661.467863][T12666] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 661.498060][T12666] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 661.522225][T12666] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 662.475482][ T9970] Bluetooth: hci0: command 0x0419 tx timeout [ 663.072601][T12718] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1284'. [ 663.514082][ T9970] Bluetooth: hci3: command 0x0c1a tx timeout [ 663.520134][ T6478] Bluetooth: hci1: command 0x0c1a tx timeout [ 663.616601][ T9970] Bluetooth: hci2: command 0x0c1a tx timeout [ 663.662439][T12705] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 663.674039][T12705] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 663.674192][T12705] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 663.674583][T12705] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 664.795725][ T9970] Bluetooth: hci0: command 0x0419 tx timeout [ 665.674032][ T9970] Bluetooth: hci1: command 0x0c1a tx timeout [ 665.754574][ T9970] Bluetooth: hci2: command 0x0c1a tx timeout [ 665.760605][ T9970] Bluetooth: hci3: command 0x0c1a tx timeout [ 668.336587][T12775] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 668.341287][T12775] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 668.341567][T12775] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 668.341817][T12775] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 668.502092][T12793] FAULT_INJECTION: forcing a failure. [ 668.502092][T12793] name failslab, interval 1, probability 0, space 0, times 0 [ 668.562934][T12793] CPU: 0 UID: 0 PID: 12793 Comm: syz.2.1302 Tainted: G L syzkaller #0 PREEMPT(full) [ 668.562980][T12793] Tainted: [L]=SOFTLOCKUP [ 668.562990][T12793] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 668.563007][T12793] Call Trace: [ 668.563016][T12793] [ 668.563027][T12793] dump_stack_lvl+0x100/0x190 [ 668.563075][T12793] should_fail_ex.cold+0x5/0xa [ 668.563111][T12793] should_failslab+0xc2/0x120 [ 668.563142][T12793] __kmalloc_cache_noprof+0x7a/0x6f0 [ 668.563178][T12793] ? dummy_hrtimer_create+0x45/0x170 [ 668.563304][T12793] dummy_hrtimer_create+0x45/0x170 [ 668.563338][T12793] ? __pfx_dummy_hrtimer_create+0x10/0x10 [ 668.563370][T12793] dummy_pcm_open+0xc1/0x5b0 [ 668.563403][T12793] snd_pcm_open_substream+0xa76/0x1850 [ 668.563444][T12793] ? __pfx_snd_pcm_open_substream+0x10/0x10 [ 668.563490][T12793] ? rcu_is_watching+0x12/0xc0 [ 668.563539][T12793] snd_pcm_open+0x2a3/0x710 [ 668.563581][T12793] ? __pfx_snd_pcm_open+0x10/0x10 [ 668.563623][T12793] ? __pfx_default_wake_function+0x10/0x10 [ 668.563664][T12793] ? __pfx_snd_pcm_playback_open+0x10/0x10 [ 668.563702][T12793] snd_pcm_playback_open+0x86/0xe0 [ 668.563739][T12793] snd_open+0x22d/0x4c0 [ 668.563770][T12793] ? __pfx_snd_open+0x10/0x10 [ 668.563797][T12793] chrdev_open+0x234/0x6a0 [ 668.563825][T12793] ? __pfx_apparmor_file_open+0x10/0x10 [ 668.563868][T12793] ? __pfx_chrdev_open+0x10/0x10 [ 668.563899][T12793] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 668.563937][T12793] do_dentry_open+0x6d8/0x1660 [ 668.563966][T12793] ? __pfx_chrdev_open+0x10/0x10 [ 668.564000][T12793] vfs_open+0x82/0x3f0 [ 668.564035][T12793] path_openat+0x208c/0x31a0 [ 668.564077][T12793] ? __pfx_path_openat+0x10/0x10 [ 668.564119][T12793] do_file_open+0x20e/0x430 [ 668.564151][T12793] ? __pfx_do_file_open+0x10/0x10 [ 668.564208][T12793] ? alloc_fd+0x476/0x790 [ 668.564238][T12793] ? do_getname+0x191/0x390 [ 668.564276][T12793] do_sys_openat2+0x10d/0x1e0 [ 668.564311][T12793] ? __pfx_do_sys_openat2+0x10/0x10 [ 668.564360][T12793] __x64_sys_openat+0x12d/0x210 [ 668.564397][T12793] ? __pfx___x64_sys_openat+0x10/0x10 [ 668.564448][T12793] do_syscall_64+0x106/0xf80 [ 668.564490][T12793] ? clear_bhb_loop+0x40/0x90 [ 668.564526][T12793] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 668.564554][T12793] RIP: 0033:0x7fbe3e79c799 [ 668.564578][T12793] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 668.564606][T12793] RSP: 002b:00007fbe3f612028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 668.564632][T12793] RAX: ffffffffffffffda RBX: 00007fbe3ea15fa0 RCX: 00007fbe3e79c799 [ 668.564652][T12793] RDX: 0000000000040002 RSI: 0000200000000140 RDI: ffffffffffffff9c [ 668.564670][T12793] RBP: 00007fbe3e832c99 R08: 0000000000000000 R09: 0000000000000000 [ 668.564686][T12793] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 668.564703][T12793] R13: 00007fbe3ea16038 R14: 00007fbe3ea15fa0 R15: 00007ffd655b1b28 [ 668.564742][T12793] [ 669.674326][ T9970] Bluetooth: hci0: command 0x0419 tx timeout [ 670.079481][T12816] FAULT_INJECTION: forcing a failure. [ 670.079481][T12816] name failslab, interval 1, probability 0, space 0, times 0 [ 670.146398][T12816] CPU: 1 UID: 0 PID: 12816 Comm: syz.3.1308 Tainted: G L syzkaller #0 PREEMPT(full) [ 670.146425][T12816] Tainted: [L]=SOFTLOCKUP [ 670.146431][T12816] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 670.146440][T12816] Call Trace: [ 670.146445][T12816] [ 670.146451][T12816] dump_stack_lvl+0x100/0x190 [ 670.146479][T12816] should_fail_ex.cold+0x5/0xa [ 670.146496][T12816] ? __pfx_lowpan_enable_set+0x10/0x10 [ 670.146603][T12816] should_failslab+0xc2/0x120 [ 670.146619][T12816] ? __pfx_lowpan_enable_set+0x10/0x10 [ 670.146637][T12816] __kmalloc_cache_noprof+0x7a/0x6f0 [ 670.146657][T12816] ? simple_attr_open+0x57/0x1c0 [ 670.146678][T12816] ? __pfx___debugfs_file_get+0x10/0x10 [ 670.146700][T12816] ? __pfx_lowpan_enable_set+0x10/0x10 [ 670.146718][T12816] ? __pfx_lowpan_enable_get+0x10/0x10 [ 670.146735][T12816] simple_attr_open+0x57/0x1c0 [ 670.146757][T12816] ? __pfx_lowpan_enable_fops_open+0x10/0x10 [ 670.146775][T12816] open_proxy_open+0x220/0x330 [ 670.146797][T12816] do_dentry_open+0x6d8/0x1660 [ 670.146812][T12816] ? __pfx_open_proxy_open+0x10/0x10 [ 670.146836][T12816] vfs_open+0x82/0x3f0 [ 670.146856][T12816] path_openat+0x208c/0x31a0 [ 670.146884][T12816] ? __pfx_path_openat+0x10/0x10 [ 670.146906][T12816] do_file_open+0x20e/0x430 [ 670.146923][T12816] ? __pfx_do_file_open+0x10/0x10 [ 670.146951][T12816] ? alloc_fd+0x476/0x790 [ 670.146967][T12816] ? do_getname+0x191/0x390 [ 670.146987][T12816] do_sys_openat2+0x10d/0x1e0 [ 670.147005][T12816] ? __pfx_do_sys_openat2+0x10/0x10 [ 670.147030][T12816] __x64_sys_openat+0x12d/0x210 [ 670.147050][T12816] ? __pfx___x64_sys_openat+0x10/0x10 [ 670.147075][T12816] do_syscall_64+0x106/0xf80 [ 670.147095][T12816] ? clear_bhb_loop+0x40/0x90 [ 670.147112][T12816] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 670.147127][T12816] RIP: 0033:0x7f1804b9c799 [ 670.147141][T12816] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 670.147155][T12816] RSP: 002b:00007f18059f1028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 670.147170][T12816] RAX: ffffffffffffffda RBX: 00007f1804e15fa0 RCX: 00007f1804b9c799 [ 670.147180][T12816] RDX: 0000000000000080 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 670.147190][T12816] RBP: 00007f1804c32c99 R08: 0000000000000000 R09: 0000000000000000 [ 670.147200][T12816] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 670.147209][T12816] R13: 00007f1804e16038 R14: 00007f1804e15fa0 R15: 00007ffea0ee7b78 [ 670.147228][T12816] [ 670.394548][ T6478] Bluetooth: hci2: command 0x0c1a tx timeout [ 670.394580][ T6478] Bluetooth: hci3: command 0x0c1a tx timeout [ 670.394599][ T6478] Bluetooth: hci1: command 0x0c1a tx timeout [ 671.460468][T12800] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 671.460650][T12800] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 671.460856][T12800] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 671.461043][T12800] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 671.754063][ T9970] Bluetooth: hci0: command 0x0419 tx timeout [ 673.457550][T12854] FAULT_INJECTION: forcing a failure. [ 673.457550][T12854] name failslab, interval 1, probability 0, space 0, times 0 [ 673.531274][ T9970] Bluetooth: hci2: command 0x0c1a tx timeout [ 673.531317][ T9970] Bluetooth: hci3: command 0x0c1a tx timeout [ 673.531348][ T9970] Bluetooth: hci1: command 0x0c1a tx timeout [ 673.601503][T12854] CPU: 0 UID: 0 PID: 12854 Comm: syz.3.1315 Tainted: G L syzkaller #0 PREEMPT(full) [ 673.601551][T12854] Tainted: [L]=SOFTLOCKUP [ 673.601561][T12854] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 673.601578][T12854] Call Trace: [ 673.601588][T12854] [ 673.601599][T12854] dump_stack_lvl+0x100/0x190 [ 673.601649][T12854] should_fail_ex.cold+0x5/0xa [ 673.601684][T12854] should_failslab+0xc2/0x120 [ 673.601714][T12854] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 673.601754][T12854] ? ep_ptable_queue_proc+0x5b/0x280 [ 673.601807][T12854] ep_ptable_queue_proc+0x5b/0x280 [ 673.601851][T12854] ? __pfx_ep_ptable_queue_proc+0x10/0x10 [ 673.601893][T12854] snd_seq_pool_poll_wait+0x5b/0x190 [ 673.601929][T12854] snd_seq_kernel_client_write_poll+0xa5/0x110 [ 673.601977][T12854] snd_seq_oss_poll+0x17d/0x1d0 [ 673.602010][T12854] ? __pfx_odev_poll+0x10/0x10 [ 673.602036][T12854] odev_poll+0x4a/0x90 [ 673.602064][T12854] ep_item_poll+0x141/0x1f0 [ 673.602093][T12854] do_epoll_ctl+0x1f33/0x36a0 [ 673.602146][T12854] ? __pfx_do_epoll_ctl+0x10/0x10 [ 673.602174][T12854] ? find_held_lock+0x2b/0x80 [ 673.602200][T12854] ? __might_fault+0xc5/0x140 [ 673.602237][T12854] ? __might_fault+0xc5/0x140 [ 673.602272][T12854] ? __pfx_ep_ptable_queue_proc+0x10/0x10 [ 673.602330][T12854] ? __x64_sys_epoll_ctl+0x15c/0x1e0 [ 673.602358][T12854] __x64_sys_epoll_ctl+0x15c/0x1e0 [ 673.602389][T12854] ? __pfx___x64_sys_epoll_ctl+0x10/0x10 [ 673.602431][T12854] do_syscall_64+0x106/0xf80 [ 673.602468][T12854] ? clear_bhb_loop+0x40/0x90 [ 673.602503][T12854] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 673.602532][T12854] RIP: 0033:0x7f1804b9c799 [ 673.602556][T12854] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 673.602583][T12854] RSP: 002b:00007f18059f1028 EFLAGS: 00000246 ORIG_RAX: 00000000000000e9 [ 673.602610][T12854] RAX: ffffffffffffffda RBX: 00007f1804e15fa0 RCX: 00007f1804b9c799 [ 673.602629][T12854] RDX: 0000000000000003 RSI: 0000000000000001 RDI: 0000000000000005 [ 673.602646][T12854] RBP: 00007f1804c32c99 R08: 0000000000000000 R09: 0000000000000000 [ 673.602663][T12854] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 673.602680][T12854] R13: 00007f1804e16038 R14: 00007f1804e15fa0 R15: 00007ffea0ee7b78 [ 673.602719][T12854] [ 676.414205][T12886] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1321'. [ 676.438589][T12883] FAULT_INJECTION: forcing a failure. [ 676.438589][T12883] name failslab, interval 1, probability 0, space 0, times 0 [ 676.501021][T12883] CPU: 1 UID: 0 PID: 12883 Comm: syz.0.1322 Tainted: G L syzkaller #0 PREEMPT(full) [ 676.501049][T12883] Tainted: [L]=SOFTLOCKUP [ 676.501055][T12883] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 676.501064][T12883] Call Trace: [ 676.501069][T12883] [ 676.501075][T12883] dump_stack_lvl+0x100/0x190 [ 676.501103][T12883] should_fail_ex.cold+0x5/0xa [ 676.501122][T12883] should_failslab+0xc2/0x120 [ 676.501138][T12883] __kmalloc_cache_noprof+0x7a/0x6f0 [ 676.501156][T12883] ? dummy_hrtimer_create+0x45/0x170 [ 676.501179][T12883] dummy_hrtimer_create+0x45/0x170 [ 676.501197][T12883] ? __pfx_dummy_hrtimer_create+0x10/0x10 [ 676.501214][T12883] dummy_pcm_open+0xc1/0x5b0 [ 676.501231][T12883] snd_pcm_open_substream+0xa76/0x1850 [ 676.501253][T12883] ? __pfx_snd_pcm_open_substream+0x10/0x10 [ 676.501273][T12883] ? rcu_is_watching+0x12/0xc0 [ 676.501298][T12883] snd_pcm_open+0x2a3/0x710 [ 676.501320][T12883] ? __pfx_snd_pcm_open+0x10/0x10 [ 676.501341][T12883] ? __pfx_default_wake_function+0x10/0x10 [ 676.501362][T12883] ? __pfx_snd_pcm_playback_open+0x10/0x10 [ 676.501381][T12883] snd_pcm_playback_open+0x86/0xe0 [ 676.501400][T12883] snd_open+0x22d/0x4c0 [ 676.501416][T12883] ? __pfx_snd_open+0x10/0x10 [ 676.501430][T12883] chrdev_open+0x234/0x6a0 [ 676.501444][T12883] ? __pfx_apparmor_file_open+0x10/0x10 [ 676.501467][T12883] ? __pfx_chrdev_open+0x10/0x10 [ 676.501483][T12883] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 676.501503][T12883] do_dentry_open+0x6d8/0x1660 [ 676.501517][T12883] ? __pfx_chrdev_open+0x10/0x10 [ 676.501537][T12883] vfs_open+0x82/0x3f0 [ 676.501557][T12883] path_openat+0x208c/0x31a0 [ 676.501579][T12883] ? __pfx_path_openat+0x10/0x10 [ 676.501600][T12883] do_file_open+0x20e/0x430 [ 676.501616][T12883] ? __pfx_do_file_open+0x10/0x10 [ 676.501645][T12883] ? alloc_fd+0x476/0x790 [ 676.501661][T12883] ? do_getname+0x191/0x390 [ 676.501680][T12883] do_sys_openat2+0x10d/0x1e0 [ 676.501698][T12883] ? __pfx_do_sys_openat2+0x10/0x10 [ 676.501723][T12883] __x64_sys_openat+0x12d/0x210 [ 676.501743][T12883] ? __pfx___x64_sys_openat+0x10/0x10 [ 676.501768][T12883] do_syscall_64+0x106/0xf80 [ 676.501788][T12883] ? clear_bhb_loop+0x40/0x90 [ 676.501805][T12883] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 676.501820][T12883] RIP: 0033:0x7f25c959c799 [ 676.501833][T12883] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 676.501848][T12883] RSP: 002b:00007f25ca3c2028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 676.501862][T12883] RAX: ffffffffffffffda RBX: 00007f25c9815fa0 RCX: 00007f25c959c799 [ 676.501872][T12883] RDX: 0000000000040002 RSI: 0000200000000140 RDI: ffffffffffffff9c [ 676.501881][T12883] RBP: 00007f25c9632c99 R08: 0000000000000000 R09: 0000000000000000 [ 676.501889][T12883] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 676.501898][T12883] R13: 00007f25c9816038 R14: 00007f25c9815fa0 R15: 00007ffcd9819c28 [ 676.501917][T12883] [ 677.818876][T12909] bond0: invalid ARP target specified [ 677.974971][T12909] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1330'. [ 678.023322][T12912] FAULT_INJECTION: forcing a failure. [ 678.023322][T12912] name failslab, interval 1, probability 0, space 0, times 0 [ 678.023409][T12912] CPU: 1 UID: 0 PID: 12912 Comm: syz.2.1329 Tainted: G L syzkaller #0 PREEMPT(full) [ 678.023453][T12912] Tainted: [L]=SOFTLOCKUP [ 678.023463][T12912] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 678.023480][T12912] Call Trace: [ 678.023489][T12912] [ 678.023500][T12912] dump_stack_lvl+0x100/0x190 [ 678.023546][T12912] should_fail_ex.cold+0x5/0xa [ 678.023581][T12912] ? lsm_blob_alloc+0x68/0x90 [ 678.023618][T12912] should_failslab+0xc2/0x120 [ 678.023647][T12912] __kmalloc_noprof+0xe0/0x850 [ 678.023686][T12912] ? trace_kmem_cache_alloc+0xf3/0x120 [ 678.023723][T12912] lsm_blob_alloc+0x68/0x90 [ 678.023760][T12912] security_sk_alloc+0x2d/0x290 [ 678.023805][T12912] sk_prot_alloc+0x1d1/0x2a0 [ 678.023838][T12912] sk_alloc+0x36/0xe80 [ 678.023874][T12912] inet6_create+0x385/0x12b0 [ 678.024017][T12912] ? inet6_create+0x7f/0x12b0 [ 678.024059][T12912] __sock_create+0x339/0x860 [ 678.024091][T12912] udp_sock_create6+0xc7/0x6a0 [ 678.024160][T12912] ? __pfx_udp_sock_create6+0x10/0x10 [ 678.024201][T12912] ? crng_make_state+0x477/0x6c0 [ 678.024266][T12912] ? lockdep_hardirqs_on+0x78/0x100 [ 678.024305][T12912] ? crng_make_state+0x2b0/0x6c0 [ 678.024334][T12912] rxrpc_open_socket+0x206/0x6b0 [ 678.024397][T12912] ? __pfx_rxrpc_open_socket+0x10/0x10 [ 678.024445][T12912] ? rcu_is_watching+0x12/0xc0 [ 678.024493][T12912] rxrpc_lookup_local+0xac7/0x1220 [ 678.024529][T12912] ? __pfx_rxrpc_lookup_local+0x10/0x10 [ 678.024563][T12912] ? __local_bh_enable_ip+0x9e/0x120 [ 678.024599][T12912] rxrpc_sendmsg+0x34a/0x680 [ 678.024691][T12912] sock_write_iter+0x524/0x5a0 [ 678.024719][T12912] ? __pfx_rxrpc_sendmsg+0x10/0x10 [ 678.024751][T12912] ? __pfx_sock_write_iter+0x10/0x10 [ 678.024792][T12912] ? bpf_lsm_file_permission+0x9/0x10 [ 678.024833][T12912] ? security_file_permission+0x76/0x210 [ 678.024868][T12912] ? rw_verify_area+0xce/0x6d0 [ 678.024910][T12912] vfs_write+0x6ac/0x1070 [ 678.024952][T12912] ? __pfx_sock_write_iter+0x10/0x10 [ 678.024984][T12912] ? __pfx_vfs_write+0x10/0x10 [ 678.025023][T12912] ? find_held_lock+0x2b/0x80 [ 678.025075][T12912] ksys_write+0x1f8/0x250 [ 678.025100][T12912] ? __pfx_ksys_write+0x10/0x10 [ 678.025137][T12912] do_syscall_64+0x106/0xf80 [ 678.025172][T12912] ? clear_bhb_loop+0x40/0x90 [ 678.025204][T12912] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 678.025232][T12912] RIP: 0033:0x7fbe3e79c799 [ 678.025253][T12912] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 678.025287][T12912] RSP: 002b:00007fbe3f5d0028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 678.025311][T12912] RAX: ffffffffffffffda RBX: 00007fbe3ea16180 RCX: 00007fbe3e79c799 [ 678.025328][T12912] RDX: 0000000000100082 RSI: 0000000000000000 RDI: 0000000000000003 [ 678.025345][T12912] RBP: 00007fbe3e832c99 R08: 0000000000000000 R09: 0000000000000000 [ 678.025362][T12912] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 678.025378][T12912] R13: 00007fbe3ea16218 R14: 00007fbe3ea16180 R15: 00007ffd655b1b28 [ 678.025414][T12912] [ 678.032214][T12911] FAULT_INJECTION: forcing a failure. [ 678.032214][T12911] name fail_futex, interval 1, probability 0, space 0, times 0 [ 678.032268][T12911] CPU: 1 UID: 0 PID: 12911 Comm: syz.0.1330 Tainted: G L syzkaller #0 PREEMPT(full) [ 678.032309][T12911] Tainted: [L]=SOFTLOCKUP [ 678.032320][T12911] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 678.032336][T12911] Call Trace: [ 678.032344][T12911] [ 678.032355][T12911] dump_stack_lvl+0x100/0x190 [ 678.032399][T12911] should_fail_ex.cold+0x5/0xa [ 678.032432][T12911] get_futex_key+0x1d2/0x1620 [ 678.032472][T12911] ? __pfx_get_futex_key+0x10/0x10 [ 678.032517][T12911] futex_wake+0xea/0x530 [ 678.032560][T12911] ? __pfx_futex_wake+0x10/0x10 [ 678.032604][T12911] ? lockdep_hardirqs_on+0x78/0x100 [ 678.032652][T12911] do_futex+0x32b/0x350 [ 678.032688][T12911] ? __pfx_do_futex+0x10/0x10 [ 678.032733][T12911] __x64_sys_futex+0x34f/0x4d0 [ 678.032770][T12911] ? __x64_sys_openat+0x12d/0x210 [ 678.032805][T12911] ? __pfx___x64_sys_futex+0x10/0x10 [ 678.032853][T12911] do_syscall_64+0x106/0xf80 [ 678.032888][T12911] ? clear_bhb_loop+0x40/0x90 [ 678.032921][T12911] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 678.032949][T12911] RIP: 0033:0x7f25c959c799 [ 678.032972][T12911] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 678.033000][T12911] RSP: 002b:00007f25ca3a10e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 678.033027][T12911] RAX: ffffffffffffffda RBX: 00007f25c9816098 RCX: 00007f25c959c799 [ 678.033047][T12911] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f25c981609c [ 678.033064][T12911] RBP: 00007f25c9816090 R08: 0000000000000000 R09: 0000000000000000 [ 678.033084][T12911] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000 [ 678.033102][T12911] R13: 00007f25c9816128 R14: 00007ffcd9819b40 R15: 00007ffcd9819c28 [ 678.033139][T12911] [ 678.736851][T12903] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 679.398512][T12903] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 679.461186][T12903] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 679.470951][T12903] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 679.834328][ T6473] Bluetooth: hci0: command 0x0419 tx timeout [ 681.434135][ T6473] Bluetooth: hci1: command 0x0c1a tx timeout [ 681.514070][ T6473] Bluetooth: hci2: command 0x0c1a tx timeout [ 681.520148][ T9970] Bluetooth: hci3: command 0x0c1a tx timeout [ 681.752931][T12962] FAULT_INJECTION: forcing a failure. [ 681.752931][T12962] name failslab, interval 1, probability 0, space 0, times 0 [ 681.774685][T12962] CPU: 0 UID: 0 PID: 12962 Comm: syz.0.1341 Tainted: G L syzkaller #0 PREEMPT(full) [ 681.774734][T12962] Tainted: [L]=SOFTLOCKUP [ 681.774744][T12962] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 681.774761][T12962] Call Trace: [ 681.774770][T12962] [ 681.774781][T12962] dump_stack_lvl+0x100/0x190 [ 681.774830][T12962] should_fail_ex.cold+0x5/0xa [ 681.774865][T12962] should_failslab+0xc2/0x120 [ 681.774894][T12962] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 681.774935][T12962] ? security_inode_alloc+0x3b/0x2c0 [ 681.774963][T12962] ? lockdep_init_map_type+0x5c/0x250 [ 681.775006][T12962] security_inode_alloc+0x3b/0x2c0 [ 681.775035][T12962] inode_init_always_gfp+0xced/0x1040 [ 681.775069][T12962] alloc_inode+0x8e/0x250 [ 681.775105][T12962] new_inode+0x22/0x1c0 [ 681.775147][T12962] shmem_get_inode+0x212/0x1040 [ 681.775188][T12962] ? __pfx_shmem_get_inode+0x10/0x10 [ 681.775223][T12962] ? __pfx_make_vfsuid+0x10/0x10 [ 681.775262][T12962] ? current_check_access_path+0x281/0x460 [ 681.775297][T12962] ? make_vfsgid+0xf1/0x140 [ 681.775336][T12962] shmem_mknod+0x20c/0x470 [ 681.775375][T12962] ? __pfx_shmem_mknod+0x10/0x10 [ 681.775422][T12962] vfs_mknod+0x3a5/0x7f0 [ 681.775468][T12962] filename_mknodat+0x5aa/0x7f0 [ 681.775501][T12962] ? __pfx_filename_mknodat+0x10/0x10 [ 681.775531][T12962] ? strncpy_from_user+0x19d/0x2d0 [ 681.775666][T12962] ? do_getname+0x191/0x390 [ 681.775704][T12962] __x64_sys_mknod+0x8f/0xc0 [ 681.775737][T12962] do_syscall_64+0x106/0xf80 [ 681.775774][T12962] ? clear_bhb_loop+0x40/0x90 [ 681.775810][T12962] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 681.775839][T12962] RIP: 0033:0x7f25c959c799 [ 681.775863][T12962] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 681.775892][T12962] RSP: 002b:00007f25ca3c2028 EFLAGS: 00000246 ORIG_RAX: 0000000000000085 [ 681.775920][T12962] RAX: ffffffffffffffda RBX: 00007f25c9815fa0 RCX: 00007f25c959c799 [ 681.775941][T12962] RDX: 0000000000000004 RSI: 0000000000001000 RDI: 0000000000000000 [ 681.775958][T12962] RBP: 00007f25c9632c99 R08: 0000000000000000 R09: 0000000000000000 [ 681.775976][T12962] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 681.775993][T12962] R13: 00007f25c9816038 R14: 00007f25c9815fa0 R15: 00007ffcd9819c28 [ 681.776034][T12962] [ 683.165881][T12968] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 683.166100][T12968] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 683.198633][T12968] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 683.246320][T12968] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 684.394258][ T6473] Bluetooth: hci0: command 0x0419 tx timeout [ 685.194170][ T6473] Bluetooth: hci1: command 0x0c1a tx timeout [ 685.274426][ T6473] Bluetooth: hci2: command 0x0c1a tx timeout [ 685.280464][ T6473] Bluetooth: hci3: command 0x0c1a tx timeout [ 685.758104][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 685.764489][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 687.012164][T13027] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 687.012451][T13027] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 687.013233][T13027] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 687.015773][T13027] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 688.081583][ T6473] Bluetooth: hci0: command 0x0419 tx timeout [ 689.035601][ T6473] Bluetooth: hci2: command 0x0c1a tx timeout [ 689.035635][ T6473] Bluetooth: hci3: command 0x0c1a tx timeout [ 689.035654][ T6473] Bluetooth: hci1: command 0x0c1a tx timeout [ 689.444788][T13082] FAULT_INJECTION: forcing a failure. [ 689.444788][T13082] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 689.444881][T13082] CPU: 1 UID: 0 PID: 13082 Comm: syz.1.1369 Tainted: G L syzkaller #0 PREEMPT(full) [ 689.444918][T13082] Tainted: [L]=SOFTLOCKUP [ 689.444928][T13082] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 689.444944][T13082] Call Trace: [ 689.444953][T13082] [ 689.444964][T13082] dump_stack_lvl+0x100/0x190 [ 689.445012][T13082] should_fail_ex.cold+0x5/0xa [ 689.445039][T13082] ? prepare_alloc_pages+0x16d/0x5f0 [ 689.445074][T13082] should_fail_alloc_page+0xeb/0x140 [ 689.445105][T13082] prepare_alloc_pages+0x1f0/0x5f0 [ 689.445143][T13082] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 689.445191][T13082] ? __lock_acquire+0x4a5/0x2630 [ 689.445234][T13082] ? __lock_acquire+0x4a5/0x2630 [ 689.445270][T13082] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 689.445315][T13082] ? __lock_acquire+0x4a5/0x2630 [ 689.445352][T13082] ? css_rstat_updated+0x1ce/0x5a0 [ 689.445406][T13082] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 689.445454][T13082] ? policy_nodemask+0xed/0x4f0 [ 689.445488][T13082] alloc_pages_mpol+0x1fb/0x550 [ 689.445518][T13082] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 689.445550][T13082] ? lock_acquire+0x1cf/0x380 [ 689.445589][T13082] folio_alloc_mpol_noprof+0x36/0x340 [ 689.445626][T13082] shmem_alloc_folio+0x135/0x160 [ 689.445661][T13082] shmem_alloc_and_add_folio+0x371/0xd40 [ 689.445711][T13082] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 689.445754][T13082] ? shmem_allowable_huge_orders+0x2bd/0x400 [ 689.445803][T13082] shmem_get_folio_gfp+0x6ab/0x1900 [ 689.445852][T13082] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 689.445902][T13082] shmem_write_begin+0x1a4/0x420 [ 689.445946][T13082] ? __pfx_shmem_write_begin+0x10/0x10 [ 689.445989][T13082] ? balance_dirty_pages_ratelimited_flags+0x91/0x1170 [ 689.446021][T13082] ? __mark_inode_dirty+0xff5/0x1790 [ 689.446063][T13082] generic_perform_write+0x292/0xa40 [ 689.446114][T13082] ? __pfx_generic_perform_write+0x10/0x10 [ 689.446150][T13082] ? __mark_inode_dirty+0x55c/0x1790 [ 689.446190][T13082] ? mnt_put_write_access_file+0x4e/0x100 [ 689.446218][T13082] ? file_update_time_flags+0x373/0x500 [ 689.446267][T13082] shmem_file_write_iter+0x10e/0x140 [ 689.446300][T13082] vfs_write+0x6ac/0x1070 [ 689.446344][T13082] ? __pfx_shmem_file_write_iter+0x10/0x10 [ 689.446377][T13082] ? __pfx_vfs_write+0x10/0x10 [ 689.446450][T13082] ksys_write+0x12a/0x250 [ 689.446476][T13082] ? __pfx_ksys_write+0x10/0x10 [ 689.446513][T13082] do_syscall_64+0x106/0xf80 [ 689.446550][T13082] ? clear_bhb_loop+0x40/0x90 [ 689.446585][T13082] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 689.446614][T13082] RIP: 0033:0x7f8d6519c799 [ 689.446636][T13082] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 689.446664][T13082] RSP: 002b:00007f8d660f1028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 689.446690][T13082] RAX: ffffffffffffffda RBX: 00007f8d65415fa0 RCX: 00007f8d6519c799 [ 689.446709][T13082] RDX: 0000000000100082 RSI: 0000000000000000 RDI: 0000000000000003 [ 689.446725][T13082] RBP: 00007f8d65232c99 R08: 0000000000000000 R09: 0000000000000000 [ 689.446742][T13082] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 689.446758][T13082] R13: 00007f8d65416038 R14: 00007f8d65415fa0 R15: 00007ffdf0524398 [ 689.446797][T13082] [ 690.338537][T13074] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 690.342699][T13074] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 690.342895][T13074] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 690.349260][T13074] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 691.355831][ T9970] Bluetooth: hci0: command 0x0419 tx timeout [ 692.265404][T13118] futex_wake_op: syz.2.1378 tries to shift op by -2048; fix this program [ 692.368204][T13118] futex_wake_op: syz.2.1378 tries to shift op by -2048; fix this program [ 692.394475][ T9970] Bluetooth: hci2: command 0x0c1a tx timeout [ 692.400525][ T9970] Bluetooth: hci3: command 0x0c1a tx timeout [ 692.406577][ T6473] Bluetooth: hci1: command 0x0c1a tx timeout [ 692.420812][T13118] 0x000000000001-0x000000020000 : "" [ 692.496352][T13118] ftl_cs: FTL header corrupt! [ 693.086341][T13130] zswap: compressor not available [ 693.268508][T13142] FAULT_INJECTION: forcing a failure. [ 693.268508][T13142] name failslab, interval 1, probability 0, space 0, times 0 [ 693.584915][T13142] CPU: 0 UID: 0 PID: 13142 Comm: syz.1.1384 Tainted: G L syzkaller #0 PREEMPT(full) [ 693.584942][T13142] Tainted: [L]=SOFTLOCKUP [ 693.584948][T13142] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 693.584957][T13142] Call Trace: [ 693.584962][T13142] [ 693.584968][T13142] dump_stack_lvl+0x100/0x190 [ 693.584997][T13142] should_fail_ex.cold+0x5/0xa [ 693.585016][T13142] ? lsm_blob_alloc+0x68/0x90 [ 693.585036][T13142] should_failslab+0xc2/0x120 [ 693.585053][T13142] __kmalloc_noprof+0xe0/0x850 [ 693.585075][T13142] ? trace_kmem_cache_alloc+0xf3/0x120 [ 693.585094][T13142] lsm_blob_alloc+0x68/0x90 [ 693.585113][T13142] security_sk_alloc+0x2d/0x290 [ 693.585137][T13142] sk_prot_alloc+0x1d1/0x2a0 [ 693.585155][T13142] sk_alloc+0x36/0xe80 [ 693.585174][T13142] inet6_create+0x385/0x12b0 [ 693.585197][T13142] ? inet6_create+0x7f/0x12b0 [ 693.585219][T13142] __sock_create+0x339/0x860 [ 693.585237][T13142] udp_sock_create6+0xc7/0x6a0 [ 693.585259][T13142] ? __pfx_udp_sock_create6+0x10/0x10 [ 693.585281][T13142] ? crng_make_state+0x477/0x6c0 [ 693.585296][T13142] ? lockdep_hardirqs_on+0x78/0x100 [ 693.585318][T13142] ? crng_make_state+0x2b0/0x6c0 [ 693.585334][T13142] rxrpc_open_socket+0x206/0x6b0 [ 693.585350][T13142] ? __pfx_rxrpc_open_socket+0x10/0x10 [ 693.585374][T13142] ? rcu_is_watching+0x12/0xc0 [ 693.585400][T13142] rxrpc_lookup_local+0xac7/0x1220 [ 693.585418][T13142] ? __pfx_rxrpc_lookup_local+0x10/0x10 [ 693.585435][T13142] ? __local_bh_enable_ip+0x9e/0x120 [ 693.585453][T13142] rxrpc_sendmsg+0x34a/0x680 [ 693.585474][T13142] sock_write_iter+0x524/0x5a0 [ 693.585488][T13142] ? __pfx_rxrpc_sendmsg+0x10/0x10 [ 693.585503][T13142] ? __pfx_sock_write_iter+0x10/0x10 [ 693.585525][T13142] ? bpf_lsm_file_permission+0x9/0x10 [ 693.585547][T13142] ? security_file_permission+0x76/0x210 [ 693.585565][T13142] ? rw_verify_area+0xce/0x6d0 [ 693.585588][T13142] vfs_write+0x6ac/0x1070 [ 693.585610][T13142] ? __pfx_sock_write_iter+0x10/0x10 [ 693.585626][T13142] ? __pfx_vfs_write+0x10/0x10 [ 693.585646][T13142] ? find_held_lock+0x2b/0x80 [ 693.585681][T13142] ksys_write+0x1f8/0x250 [ 693.585695][T13142] ? __pfx_ksys_write+0x10/0x10 [ 693.585714][T13142] do_syscall_64+0x106/0xf80 [ 693.585734][T13142] ? clear_bhb_loop+0x40/0x90 [ 693.585753][T13142] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 693.585768][T13142] RIP: 0033:0x7f8d6519c799 [ 693.585781][T13142] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 693.585796][T13142] RSP: 002b:00007f8d660af028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 693.585810][T13142] RAX: ffffffffffffffda RBX: 00007f8d65416180 RCX: 00007f8d6519c799 [ 693.585820][T13142] RDX: 0000000000100082 RSI: 0000000000000000 RDI: 0000000000000003 [ 693.585829][T13142] RBP: 00007f8d65232c99 R08: 0000000000000000 R09: 0000000000000000 [ 693.585838][T13142] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 693.585846][T13142] R13: 00007f8d65416218 R14: 00007f8d65416180 R15: 00007ffdf0524398 [ 693.585867][T13142] [ 693.824650][T13131] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 693.824860][T13131] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 693.825037][T13131] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 693.825204][T13131] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 695.114144][ T9970] Bluetooth: hci0: command 0x0419 tx timeout [ 695.834286][ T9970] Bluetooth: hci2: command 0x0c1a tx timeout [ 695.840330][ T9970] Bluetooth: hci3: command 0x0c1a tx timeout [ 695.846472][ T6473] Bluetooth: hci1: command 0x0c1a tx timeout [ 697.167314][T13183] mkiss: ax0: crc mode is auto. [ 698.109640][T13204] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1398'. [ 700.138549][T13230] FAULT_INJECTION: forcing a failure. [ 700.138549][T13230] name failslab, interval 1, probability 0, space 0, times 0 [ 700.195334][T13230] CPU: 0 UID: 0 PID: 13230 Comm: syz.0.1407 Tainted: G L syzkaller #0 PREEMPT(full) [ 700.195361][T13230] Tainted: [L]=SOFTLOCKUP [ 700.195367][T13230] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 700.195377][T13230] Call Trace: [ 700.195382][T13230] [ 700.195389][T13230] dump_stack_lvl+0x100/0x190 [ 700.195418][T13230] should_fail_ex.cold+0x5/0xa [ 700.195436][T13230] should_failslab+0xc2/0x120 [ 700.195451][T13230] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 700.195473][T13230] ? __kernfs_new_node+0xd2/0x960 [ 700.195498][T13230] __kernfs_new_node+0xd2/0x960 [ 700.195520][T13230] ? __pfx___kernfs_new_node+0x10/0x10 [ 700.195545][T13230] ? find_held_lock+0x2b/0x80 [ 700.195558][T13230] ? kernfs_root+0xee/0x2a0 [ 700.195576][T13230] ? kernfs_root+0xee/0x2a0 [ 700.195599][T13230] kernfs_new_node+0x11b/0x1a0 [ 700.195624][T13230] __kernfs_create_file+0x53/0x350 [ 700.195643][T13230] sysfs_add_file_mode_ns+0x207/0x3c0 [ 700.195677][T13230] internal_create_group+0x593/0xf40 [ 700.195704][T13230] ? __pfx_internal_create_group+0x10/0x10 [ 700.195729][T13230] ? kernfs_create_link+0x1bd/0x240 [ 700.195750][T13230] internal_create_groups+0x9d/0x150 [ 700.195772][T13230] device_add+0x71a/0x1950 [ 700.195879][T13230] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 700.195904][T13230] ? __pfx_device_add+0x10/0x10 [ 700.195921][T13230] ? lockdep_init_map_type+0x5c/0x250 [ 700.195941][T13230] ? __init_waitqueue_head+0xca/0x150 [ 700.195966][T13230] netdev_register_kobject+0x1a9/0x3d0 [ 700.196044][T13230] register_netdevice+0x12e0/0x2210 [ 700.196110][T13230] ? __pfx_register_netdevice+0x10/0x10 [ 700.196165][T13230] ? __pfx_loopback_net_init+0x10/0x10 [ 700.196230][T13230] register_netdev+0x34/0x50 [ 700.196254][T13230] loopback_net_init+0x7a/0x170 [ 700.196270][T13230] ? __pfx_loopback_net_init+0x10/0x10 [ 700.196285][T13230] ops_init+0x1e2/0x5f0 [ 700.196308][T13230] setup_net+0x118/0x3a0 [ 700.196328][T13230] ? __pfx_setup_net+0x10/0x10 [ 700.196348][T13230] ? lockdep_init_map_type+0x5c/0x250 [ 700.196367][T13230] ? mutex_init_lockep+0x110/0x150 [ 700.196389][T13230] copy_net_ns+0x46f/0x7c0 [ 700.196414][T13230] create_new_namespaces+0x3ea/0xac0 [ 700.196434][T13230] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 700.196453][T13230] ksys_unshare+0x473/0xad0 [ 700.196476][T13230] ? __pfx_ksys_unshare+0x10/0x10 [ 700.196500][T13230] __x64_sys_unshare+0x31/0x40 [ 700.196518][T13230] do_syscall_64+0x106/0xf80 [ 700.196538][T13230] ? clear_bhb_loop+0x40/0x90 [ 700.196556][T13230] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 700.196572][T13230] RIP: 0033:0x7f25c959c799 [ 700.196585][T13230] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 700.196599][T13230] RSP: 002b:00007f25ca3c2028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 700.196618][T13230] RAX: ffffffffffffffda RBX: 00007f25c9815fa0 RCX: 00007f25c959c799 [ 700.196627][T13230] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 700.196636][T13230] RBP: 00007f25c9632c99 R08: 0000000000000000 R09: 0000000000000000 [ 700.196647][T13230] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 700.196657][T13230] R13: 00007f25c9816038 R14: 00007f25c9815fa0 R15: 00007ffcd9819c28 [ 700.196676][T13230] [ 701.823790][T13240] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1408'. [ 701.918142][T13237] bond0: invalid ARP target specified [ 702.222931][T13238] smpboot: CPU 1 is now offline [ 703.290678][T13245] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 703.290852][T13245] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 703.290999][T13245] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 703.291133][T13245] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 704.634247][ T9970] Bluetooth: hci0: command 0x0419 tx timeout [ 704.939676][T13291] input: 00 [ 704.939676][T13291] as /devices/virtual/input/input30 [ 705.013601][T13291] FAULT_INJECTION: forcing a failure. [ 705.013601][T13291] name failslab, interval 1, probability 0, space 0, times 0 [ 705.074637][T13291] CPU: 0 UID: 0 PID: 13291 Comm: syz.2.1422 Tainted: G L syzkaller #0 PREEMPT(full) [ 705.074664][T13291] Tainted: [L]=SOFTLOCKUP [ 705.074670][T13291] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 705.074678][T13291] Call Trace: [ 705.074684][T13291] [ 705.074690][T13291] dump_stack_lvl+0x100/0x190 [ 705.074721][T13291] should_fail_ex.cold+0x5/0xa [ 705.074739][T13291] ? kobject_get_path+0xcf/0x2c0 [ 705.074836][T13291] should_failslab+0xc2/0x120 [ 705.074853][T13291] __kmalloc_noprof+0xe0/0x850 [ 705.074878][T13291] kobject_get_path+0xcf/0x2c0 [ 705.074903][T13291] kobject_uevent_env+0x287/0x18b0 [ 705.074920][T13291] ? kernfs_put+0x3f/0x60 [ 705.074940][T13291] ? sysfs_do_create_link_sd+0xbb/0x140 [ 705.074958][T13291] ? bus_to_subsys+0x114/0x150 [ 705.074980][T13291] device_add+0x116e/0x1950 [ 705.074998][T13291] ? __pfx_device_add+0x10/0x10 [ 705.075018][T13291] ? kobject_get+0xbb/0x150 [ 705.075040][T13291] cdev_device_add+0x12b/0x270 [ 705.075057][T13291] evdev_connect+0x3a8/0x4b0 [ 705.075149][T13291] input_attach_handler.isra.0+0x177/0x1e0 [ 705.075196][T13291] input_register_device.cold+0x139/0x375 [ 705.075229][T13291] uinput_ioctl_handler.isra.0+0x8d8/0x1d10 [ 705.075272][T13291] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 705.075293][T13291] ? __pfx_uinput_ioctl_handler.isra.0+0x10/0x10 [ 705.075316][T13291] ? find_held_lock+0x2b/0x80 [ 705.075329][T13291] ? __fget_files+0x215/0x3d0 [ 705.075352][T13291] ? __pfx_uinput_ioctl+0x10/0x10 [ 705.075369][T13291] __x64_sys_ioctl+0x18e/0x210 [ 705.075391][T13291] do_syscall_64+0x106/0xf80 [ 705.075410][T13291] ? clear_bhb_loop+0x40/0x90 [ 705.075427][T13291] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 705.075442][T13291] RIP: 0033:0x7fbe3e79c799 [ 705.075455][T13291] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 705.075469][T13291] RSP: 002b:00007fbe3f612028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 705.075484][T13291] RAX: ffffffffffffffda RBX: 00007fbe3ea15fa0 RCX: 00007fbe3e79c799 [ 705.075494][T13291] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000005 [ 705.075503][T13291] RBP: 00007fbe3e832c99 R08: 0000000000000000 R09: 0000000000000000 [ 705.075512][T13291] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 705.075520][T13291] R13: 00007fbe3ea16038 R14: 00007fbe3ea15fa0 R15: 00007ffd655b1b28 [ 705.075540][T13291] [ 705.952614][ T9970] Bluetooth: hci2: command 0x0c1a tx timeout [ 705.964044][ T9970] Bluetooth: hci3: command 0x0c1a tx timeout [ 705.970180][ T9970] Bluetooth: hci1: command 0x0c1a tx timeout [ 706.571778][T13302] zswap: compressor not available [ 706.633454][T13310] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1426'. [ 707.845552][T13313] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 707.921544][T13313] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 708.010478][T13313] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 708.043327][T13313] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 708.437014][T13336] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 708.474633][T13336] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 708.474779][T13336] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 708.474914][T13336] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 708.955525][T13350] mkiss: ax0: crc mode is auto. [ 709.232934][T13355] Page cache invalidation failure on direct I/O. Possible data corruption due to collision with buffered I/O! [ 709.232950][T13355] File: /dev/nullb0 PID: 13355 Comm: syz.2.1434 [ 709.712550][T13340] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 709.712740][T13340] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 709.712963][T13340] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 709.714717][T13340] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 710.195039][T13368] bond0: invalid ARP target specified [ 710.226610][T13368] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1437'. [ 710.795827][ T6478] Bluetooth: hci0: command 0x0419 tx timeout [ 711.008157][T13387] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input31 [ 711.597873][T13401] bond0: invalid ARP target specified [ 711.605925][T13399] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1446'. [ 711.668756][T13401] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1445'. [ 711.756757][ T6478] Bluetooth: hci2: command 0x0c1a tx timeout [ 711.762797][ T9970] Bluetooth: hci3: command 0x0c1a tx timeout [ 711.768861][ T9970] Bluetooth: hci1: command 0x0c1a tx timeout [ 712.255152][T13415] FAULT_INJECTION: forcing a failure. [ 712.255152][T13415] name failslab, interval 1, probability 0, space 0, times 0 [ 712.255214][T13415] CPU: 0 UID: 0 PID: 13415 Comm: syz.0.1450 Tainted: G L syzkaller #0 PREEMPT(full) [ 712.255236][T13415] Tainted: [L]=SOFTLOCKUP [ 712.255241][T13415] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 712.255250][T13415] Call Trace: [ 712.255255][T13415] [ 712.255261][T13415] dump_stack_lvl+0x100/0x190 [ 712.255287][T13415] should_fail_ex.cold+0x5/0xa [ 712.255306][T13415] should_failslab+0xc2/0x120 [ 712.255321][T13415] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 712.255342][T13415] ? can_rx_register+0x582/0x6f0 [ 712.255462][T13415] can_rx_register+0x582/0x6f0 [ 712.255479][T13415] ? __pfx_raw_rcv+0x10/0x10 [ 712.255500][T13415] ? __pfx_can_rx_register+0x10/0x10 [ 712.255525][T13415] raw_enable_filters+0xe0/0x210 [ 712.255550][T13415] raw_enable_allfilters+0x8b/0x2b0 [ 712.255570][T13415] ? __local_bh_enable_ip+0x9e/0x120 [ 712.255588][T13415] raw_bind+0x1bd/0xdf0 [ 712.255607][T13415] ? apparmor_socket_bind+0x105/0x1e0 [ 712.255632][T13415] __sys_bind+0x1a9/0x260 [ 712.255651][T13415] ? __pfx___sys_bind+0x10/0x10 [ 712.255679][T13415] __x64_sys_bind+0x72/0xb0 [ 712.255694][T13415] ? lockdep_hardirqs_on+0x78/0x100 [ 712.255715][T13415] do_syscall_64+0x106/0xf80 [ 712.255734][T13415] ? clear_bhb_loop+0x40/0x90 [ 712.255752][T13415] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 712.255766][T13415] RIP: 0033:0x7f25c959c799 [ 712.255779][T13415] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 712.255794][T13415] RSP: 002b:00007f25ca3c2028 EFLAGS: 00000246 ORIG_RAX: 0000000000000031 [ 712.255808][T13415] RAX: ffffffffffffffda RBX: 00007f25c9815fa0 RCX: 00007f25c959c799 [ 712.255818][T13415] RDX: 000000000000006a RSI: 0000200000000040 RDI: 0000000000000003 [ 712.255828][T13415] RBP: 00007f25c9632c99 R08: 0000000000000000 R09: 0000000000000000 [ 712.255837][T13415] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 712.255846][T13415] R13: 00007f25c9816038 R14: 00007f25c9815fa0 R15: 00007ffcd9819c28 [ 712.255866][T13415] [ 712.969654][T13403] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 712.969864][T13403] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 712.971097][T13403] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 712.971253][T13403] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 713.507981][T13429] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input32 [ 713.569749][T13432] netlink: 'syz.2.1453': attribute type 16 has an invalid length. [ 713.569768][T13432] netlink: 294 bytes leftover after parsing attributes in process `syz.2.1453'. [ 713.834640][ T6478] Bluetooth: hci0: command 0x0419 tx timeout [ 714.073614][T13441] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1456'. [ 714.447166][T13447] bond0: invalid ARP target specified [ 714.450066][T13447] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1458'. [ 715.034536][ T6478] Bluetooth: hci2: command 0x0c1a tx timeout [ 715.040734][ T6473] Bluetooth: hci3: command 0x0c1a tx timeout [ 715.046823][ T9970] Bluetooth: hci1: command 0x0c1a tx timeout [ 715.660179][T13472] [U] [ 715.663150][T13472] [U] [ 715.665827][T13472] [U] [ 715.668507][T13472] [U] [ 715.725625][T13472] [U] [ 715.725673][T13472] [U] [ 715.725695][T13472] [U] [ 715.725718][T13472] [U] [ 715.725824][T13472] [U] [ 715.725847][T13472] [U] [ 715.725869][T13472] [U] [ 715.725891][T13472] [U] [ 715.726002][T13472] [U] [ 715.726025][T13472] [U] [ 715.726046][T13472] [U] [ 715.726068][T13472] [U] [ 715.726249][T13472] [U] [ 715.726273][T13472] [U] [ 715.726295][T13472] [U] [ 715.726316][T13472] [U] [ 715.726420][T13472] [U] [ 715.726442][T13472] [U] [ 715.726463][T13472] [U] [ 715.726484][T13472] [U] [ 715.729875][T13472] [U] [ 715.729902][T13472] [U] [ 715.729924][T13472] [U] [ 715.729952][T13472] [U] [ 715.730059][T13472] [U] [ 715.730082][T13472] [U] [ 715.730104][T13472] [U] [ 715.730126][T13472] [U] [ 715.730296][T13472] [U] [ 715.730320][T13472] [U] [ 715.730343][T13472] [U] [ 715.730368][T13472] [U] [ 715.742505][T13472] [U] [ 715.742532][T13472] [U] [ 715.742554][T13472] [U] [ 715.742576][T13472] [U] [ 715.742683][T13472] [U] [ 715.742705][T13472] [U] [ 715.742726][T13472] [U] [ 715.742748][T13472] [U] [ 715.742852][T13472] [U] [ 715.742873][T13472] [U] [ 715.742895][T13472] [U] [ 715.742916][T13472] [U] [ 715.743109][T13472] [U] [ 715.743133][T13472] [U] [ 715.743154][T13472] [U] [ 715.743177][T13472] [U] [ 715.743282][T13472] [U] [ 715.743303][T13472] [U] [ 715.743327][T13472] [U] [ 715.743349][T13472] [U] [ 715.747844][T13472] [U] [ 715.747878][T13472] [U] [ 715.747907][T13472] [U] [ 715.747932][T13472] [U] [ 715.748049][T13472] [U] [ 715.748072][T13472] [U] [ 715.748095][T13472] [U] [ 715.748117][T13472] [U] [ 715.748295][T13472] [U] [ 715.748318][T13472] [U] [ 715.748340][T13472] [U] [ 715.748363][T13472] [U] [ 715.748467][T13472] [U] [ 715.748490][T13472] [U] [ 715.748511][T13472] [U] [ 715.748533][T13472] [U] [ 715.748637][T13472] [U] [ 715.748658][T13472] [U] [ 715.748680][T13472] [U] [ 715.748702][T13472] [U] [ 715.764237][T13472] [U] [ 715.764269][T13472] [U] [ 715.764293][T13472] [U] [ 715.764315][T13472] [U] [ 715.764548][T13472] [U] [ 715.764572][T13472] [U] [ 715.764595][T13472] [U] [ 715.764617][T13472] [U] [ 715.764721][T13472] [U] [ 715.764743][T13472] [U] [ 715.764764][T13472] [U] [ 715.764785][T13472] [U] [ 715.764889][T13472] [U] [ 715.764911][T13472] [U] [ 715.764932][T13472] [U] [ 715.764963][T13472] [U] [ 715.765069][T13472] [U] [ 715.765091][T13472] [U] [ 715.765113][T13472] [U] [ 715.765134][T13472] [U] [ 715.765296][T13472] [U] [ 715.765320][T13472] [U] [ 715.765343][T13472] [U] [ 715.765365][T13472] [U] [ 715.765522][T13472] [U] [ 715.765545][T13472] [U] [ 715.765570][T13472] [U] [ 715.765592][T13472] [U] [ 715.765710][T13472] [U] [ 715.765734][T13472] [U] [ 715.765757][T13472] [U] [ 715.765779][T13472] [U] [ 715.765884][T13472] [U] [ 715.765906][T13472] [U] [ 715.765928][T13472] [U] [ 715.765968][T13472] [U] [ 715.766137][T13472] [U] [ 715.766163][T13472] [U] [ 715.766185][T13472] [U] [ 715.766207][T13472] [U] [ 715.766325][T13472] [U] [ 715.766349][T13472] [U] [ 715.766371][T13472] [U] [ 715.766393][T13472] [U] [ 715.766498][T13472] [U] [ 715.766523][T13472] [U] [ 715.766545][T13472] [U] [ 715.766566][T13472] [U] [ 715.771771][T13472] [U] [ 715.771797][T13472] [U] [ 715.771818][T13472] [U] [ 715.816908][T13472] [U] [ 716.137916][T13460] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 716.138102][T13460] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 716.138236][T13460] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 716.138368][T13460] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 717.194896][ T6478] Bluetooth: hci0: command 0x0419 tx timeout [ 717.336850][T13491] sp0: Synchronizing with TNC [ 717.700232][T13497] vmstat_refresh: nr_hugetlb -7168 [ 718.154128][ T6478] Bluetooth: hci2: command 0x0c1a tx timeout [ 718.154157][ T6478] Bluetooth: hci3: command 0x0c1a tx timeout [ 718.154176][ T6478] Bluetooth: hci1: command 0x0c1a tx timeout [ 721.481406][T13533] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 721.486260][T13533] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 721.486417][T13533] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 721.486560][T13533] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 721.657009][T13547] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1481'. [ 721.657581][T13547] netlink: 'syz.0.1481': attribute type 1 has an invalid length. [ 721.657596][T13547] netlink: 13 bytes leftover after parsing attributes in process `syz.0.1481'. [ 722.126277][T13551] bond0: invalid ARP target specified [ 722.174504][T13554] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1483'. [ 722.321336][T13560] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1484'. [ 723.453418][T13562] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 723.516651][ T6473] Bluetooth: hci2: command 0x0c1a tx timeout [ 723.516680][ T6473] Bluetooth: hci3: command 0x0c1a tx timeout [ 723.516698][ T6473] Bluetooth: hci1: command 0x0c1a tx timeout [ 723.525617][T13562] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 723.526177][T13562] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 723.526365][T13562] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 724.330395][T13590] netlink: 25 bytes leftover after parsing attributes in process `syz.1.1490'. [ 724.634217][ T6478] Bluetooth: hci0: command 0x0419 tx timeout [ 724.849453][T13595] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1491'. [ 724.922022][T13597] netlink: 28905 bytes leftover after parsing attributes in process `syz.3.1491'. [ 725.594202][ T6478] Bluetooth: hci2: command 0x0c1a tx timeout [ 725.600224][ T6478] Bluetooth: hci3: command 0x0c1a tx timeout [ 725.606680][ T6473] Bluetooth: hci1: command 0x0c1a tx timeout [ 727.426318][T13622] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 727.488705][T13622] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 727.544361][T13622] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 727.601956][T13622] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 727.744784][T13640] device-mapper: ioctl: name not supplied when creating device [ 728.473992][ T6478] Bluetooth: hci0: command 0x0419 tx timeout [ 729.167060][T13658] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 729.167690][T13658] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 729.171567][T13658] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 729.171726][T13658] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 729.642061][T13677] input: f as /devices/virtual/input/input33 [ 730.634026][ T6478] Bluetooth: hci0: command 0x0419 tx timeout [ 731.197994][ T6478] Bluetooth: hci2: command 0x0c1a tx timeout [ 731.198025][ T6478] Bluetooth: hci3: command 0x0c1a tx timeout [ 731.198045][ T6478] Bluetooth: hci1: command 0x0c1a tx timeout [ 731.726451][T13698] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 731.728823][T13698] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 731.729055][T13698] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 731.730139][T13698] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 732.045690][T13716] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=4294967104 (549755789312 ns) > initial count (26496 ns). Using initial count to start timer. [ 732.347715][T13726] netlink: 330 bytes leftover after parsing attributes in process `syz.1.1521'. [ 732.915523][T13745] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1525'. [ 733.687042][T13738] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 733.688024][T13738] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 733.731221][T13738] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 733.731400][T13738] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 733.981970][T13760] bond0: invalid ARP target specified [ 734.032344][T13760] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1527'. [ 734.142513][T13760] FAULT_INJECTION: forcing a failure. [ 734.142513][T13760] name fail_futex, interval 1, probability 0, space 0, times 0 [ 734.250758][T13760] CPU: 0 UID: 0 PID: 13760 Comm: syz.2.1527 Tainted: G L syzkaller #0 PREEMPT(full) [ 734.250786][T13760] Tainted: [L]=SOFTLOCKUP [ 734.250791][T13760] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 734.250801][T13760] Call Trace: [ 734.250808][T13760] [ 734.250816][T13760] dump_stack_lvl+0x100/0x190 [ 734.250844][T13760] should_fail_ex.cold+0x5/0xa [ 734.250862][T13760] get_futex_key+0x1d2/0x1620 [ 734.250884][T13760] ? __pfx_get_futex_key+0x10/0x10 [ 734.250907][T13760] futex_wake+0xea/0x530 [ 734.250926][T13760] ? __fget_files+0x215/0x3d0 [ 734.250942][T13760] ? __pfx_futex_wake+0x10/0x10 [ 734.250963][T13760] ? __fget_files+0x21f/0x3d0 [ 734.250982][T13760] do_futex+0x32b/0x350 [ 734.251000][T13760] ? __pfx_do_futex+0x10/0x10 [ 734.251018][T13760] ? __pfx_do_sendfile+0x10/0x10 [ 734.251044][T13760] __x64_sys_futex+0x34f/0x4d0 [ 734.251065][T13760] ? __pfx___x64_sys_futex+0x10/0x10 [ 734.251084][T13760] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 734.251106][T13760] do_syscall_64+0x106/0xf80 [ 734.251125][T13760] ? clear_bhb_loop+0x40/0x90 [ 734.251143][T13760] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 734.251158][T13760] RIP: 0033:0x7fbe3e79c799 [ 734.251170][T13760] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 734.251185][T13760] RSP: 002b:00007fbe3f6120e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 734.251199][T13760] RAX: ffffffffffffffda RBX: 00007fbe3ea15fa8 RCX: 00007fbe3e79c799 [ 734.251209][T13760] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fbe3ea15fac [ 734.251218][T13760] RBP: 00007fbe3ea15fa0 R08: 0000000000000000 R09: 0000000000000000 [ 734.251227][T13760] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000 [ 734.251236][T13760] R13: 00007fbe3ea16038 R14: 00007ffd655b1a40 R15: 00007ffd655b1b28 [ 734.251254][T13760] [ 734.595498][T13766] EXT4-fs error (device sda1): ext4_validate_block_bitmap:423: comm syz.1.1528: bg 2: bad block bitmap checksum [ 734.607850][T13766] EXT4-fs (sda1): Delayed block allocation failed for inode 2029 at logical offset 931 with max blocks 1 with error 74 [ 734.620479][T13766] EXT4-fs (sda1): This should not happen!! Data will be lost [ 734.620479][T13766] [ 735.636769][T13769] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 735.637325][T13793] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1534'. [ 735.646293][T13769] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 735.646718][T13769] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 735.646860][T13769] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 736.618807][T13807] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1537'. [ 736.874219][ T9970] Bluetooth: hci0: command 0x0419 tx timeout [ 737.684070][ T9970] Bluetooth: hci2: command 0x0c1a tx timeout [ 737.684102][ T9970] Bluetooth: hci3: command 0x0c1a tx timeout [ 737.684122][ T9970] Bluetooth: hci1: command 0x0c1a tx timeout [ 737.789935][T13827] FAULT_INJECTION: forcing a failure. [ 737.789935][T13827] name failslab, interval 1, probability 0, space 0, times 0 [ 737.789965][T13827] CPU: 0 UID: 0 PID: 13827 Comm: syz.2.1543 Tainted: G L syzkaller #0 PREEMPT(full) [ 737.789987][T13827] Tainted: [L]=SOFTLOCKUP [ 737.789992][T13827] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 737.790000][T13827] Call Trace: [ 737.790006][T13827] [ 737.790011][T13827] dump_stack_lvl+0x100/0x190 [ 737.790037][T13827] should_fail_ex.cold+0x5/0xa [ 737.790055][T13827] ? tomoyo_encode2+0xfb/0x3c0 [ 737.790074][T13827] should_failslab+0xc2/0x120 [ 737.790090][T13827] __kmalloc_noprof+0xe0/0x850 [ 737.790110][T13827] ? d_absolute_path+0x136/0x1b0 [ 737.790132][T13827] tomoyo_encode2+0xfb/0x3c0 [ 737.790152][T13827] tomoyo_encode+0x29/0x50 [ 737.790169][T13827] tomoyo_realpath_from_path+0x18c/0x690 [ 737.790192][T13827] tomoyo_path_number_perm+0x23c/0x580 [ 737.790207][T13827] ? tomoyo_path_number_perm+0x22e/0x580 [ 737.790224][T13827] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 737.790239][T13827] ? futex_wake+0x1ad/0x530 [ 737.790277][T13827] ? find_held_lock+0x2b/0x80 [ 737.790290][T13827] ? __fget_files+0x215/0x3d0 [ 737.790302][T13827] ? hook_file_ioctl_common+0x146/0x410 [ 737.790322][T13827] ? __fget_files+0x21f/0x3d0 [ 737.790342][T13827] security_file_ioctl+0xd3/0x230 [ 737.790399][T13827] __x64_sys_ioctl+0xb7/0x210 [ 737.790421][T13827] do_syscall_64+0x106/0xf80 [ 737.790441][T13827] ? clear_bhb_loop+0x40/0x90 [ 737.790459][T13827] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 737.790475][T13827] RIP: 0033:0x7fbe3e79c799 [ 737.790488][T13827] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 737.790502][T13827] RSP: 002b:00007fbe3f5f1028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 737.790517][T13827] RAX: ffffffffffffffda RBX: 00007fbe3ea16090 RCX: 00007fbe3e79c799 [ 737.790527][T13827] RDX: 0010000000000402 RSI: 000000000000ae60 RDI: 0000000000000003 [ 737.790536][T13827] RBP: 00007fbe3e832c99 R08: 0000000000000000 R09: 0000000000000000 [ 737.790545][T13827] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 737.790553][T13827] R13: 00007fbe3ea16128 R14: 00007fbe3ea16090 R15: 00007ffd655b1b28 [ 737.790572][T13827] [ 737.790856][T13827] ERROR: Out of memory at tomoyo_realpath_from_path. [ 738.380206][T13818] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 738.381006][T13818] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 738.381181][T13818] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 738.402877][T13818] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 738.945808][T13845] bond0: invalid ARP target specified [ 738.960578][T13845] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1548'. [ 738.980046][T13845] FAULT_INJECTION: forcing a failure. [ 738.980046][T13845] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 738.980078][T13845] CPU: 0 UID: 0 PID: 13845 Comm: syz.0.1548 Tainted: G L syzkaller #0 PREEMPT(full) [ 738.980099][T13845] Tainted: [L]=SOFTLOCKUP [ 738.980104][T13845] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 738.980138][T13845] Call Trace: [ 738.980143][T13845] [ 738.980150][T13845] dump_stack_lvl+0x100/0x190 [ 738.980177][T13845] should_fail_ex.cold+0x5/0xa [ 738.980192][T13845] ? prepare_alloc_pages+0x16d/0x5f0 [ 738.980210][T13845] should_fail_alloc_page+0xeb/0x140 [ 738.980231][T13845] prepare_alloc_pages+0x1f0/0x5f0 [ 738.980247][T13845] ? __lock_acquire+0x4a5/0x2630 [ 738.980268][T13845] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 738.980299][T13845] ? lock_acquire+0x1cf/0x380 [ 738.980318][T13845] ? find_held_lock+0x2b/0x80 [ 738.980331][T13845] ? page_table_check_set+0x49a/0xa10 [ 738.980354][T13845] ? page_table_check_set+0x49a/0xa10 [ 738.980377][T13845] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 738.980404][T13845] ? __page_table_check_ptes_set+0x1b5/0x4e0 [ 738.980418][T13845] ? xas_move_index+0xae/0x110 [ 738.980438][T13845] ? xas_find+0x32c/0x8e0 [ 738.980460][T13845] ? find_held_lock+0x2b/0x80 [ 738.980472][T13845] ? find_held_lock+0x2b/0x80 [ 738.980484][T13845] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 738.980508][T13845] ? policy_nodemask+0xed/0x4f0 [ 738.980525][T13845] alloc_pages_mpol+0x1fb/0x550 [ 738.980541][T13845] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 738.980564][T13845] folio_alloc_mpol_noprof+0x36/0x340 [ 738.980583][T13845] vma_alloc_folio_noprof+0xed/0x1d0 [ 738.980600][T13845] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 738.980623][T13845] do_anonymous_page+0xb3a/0x1fb0 [ 738.980649][T13845] __handle_mm_fault+0x1d42/0x2b60 [ 738.980671][T13845] ? reacquire_held_locks+0xce/0x1e0 [ 738.980690][T13845] ? __pfx___handle_mm_fault+0x10/0x10 [ 738.980712][T13845] ? lock_vma_under_rcu+0x17c/0x590 [ 738.980742][T13845] handle_mm_fault+0x36d/0xa20 [ 738.980764][T13845] do_user_addr_fault+0x5a3/0x12f0 [ 738.980792][T13845] exc_page_fault+0x6f/0xd0 [ 738.980812][T13845] asm_exc_page_fault+0x26/0x30 [ 738.980826][T13845] RIP: 0033:0x7f25c945df4b [ 738.980838][T13845] Code: 00 00 00 48 8d 3d 3d a7 1a 00 48 89 c1 31 c0 e8 9b 32 ff ff eb d2 66 0f 1f 84 00 00 00 00 00 55 31 c0 53 48 81 ec 68 10 00 00 <48> 89 7c 24 08 48 8d 3d 71 a7 1a 00 48 89 34 24 48 8b 14 24 48 8b [ 738.980853][T13845] RSP: 002b:00007f25ca3c0fa0 EFLAGS: 00010206 [ 738.980865][T13845] RAX: 0000000000000000 RBX: 00007f25c9815fa0 RCX: 0000000000000000 [ 738.980874][T13845] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000200000001140 [ 738.980884][T13845] RBP: 00007f25c9632c99 R08: 0000000000000000 R09: 0000000000000000 [ 738.980893][T13845] R10: 0000200000001140 R11: 0000000000000000 R12: 0000000000000000 [ 738.980903][T13845] R13: 00007f25c9816038 R14: 00007f25c9815fa0 R15: 00007ffcd9819c28 [ 738.980922][T13845] [ 738.983449][T13845] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF [ 738.988881][T13846] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1547'. [ 739.433999][ T6478] Bluetooth: hci0: command 0x0419 tx timeout [ 740.396290][ T6478] Bluetooth: hci2: command 0x0c1a tx timeout [ 740.396322][ T6478] Bluetooth: hci3: command 0x0c1a tx timeout [ 740.396341][ T6478] Bluetooth: hci1: command 0x0c1a tx timeout [ 742.273716][T13885] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=538976288 (1077952576 ns) > initial count (3830 ns). Using initial count to start timer. [ 744.919836][T13909] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 745.020511][T13909] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 745.060496][T13909] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 745.114279][T13909] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 745.315315][T13930] vmstat_refresh: nr_hugetlb -7168 [ 745.397057][T13930] vmstat_refresh: nr_hugetlb -7168 [ 746.074000][ T9970] Bluetooth: hci0: command 0x0419 tx timeout [ 747.035270][ T9970] Bluetooth: hci1: command 0x0c1a tx timeout [ 747.114627][ T9970] Bluetooth: hci3: command 0x0c1a tx timeout [ 747.197134][ T9970] Bluetooth: hci2: command 0x0c1a tx timeout [ 747.203672][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 747.209999][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 748.593559][T13985] zswap: compressor not available [ 748.945046][T13976] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 748.945344][T13976] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 748.988784][T13976] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 748.990051][T13976] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 749.034620][ T6489] EXT4-fs (sda1): Delayed block allocation failed for inode 2029 at logical offset 929 with max blocks 3 with error 117 [ 749.034728][ T6489] EXT4-fs (sda1): This should not happen!! Data will be lost [ 749.034728][ T6489] [ 749.204893][T14003] bond0: invalid ARP target specified [ 749.218819][T14003] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1580'. [ 749.256608][T14003] FAULT_INJECTION: forcing a failure. [ 749.256608][T14003] name fail_futex, interval 1, probability 0, space 0, times 0 [ 749.256639][T14003] CPU: 0 UID: 0 PID: 14003 Comm: syz.0.1580 Tainted: G L syzkaller #0 PREEMPT(full) [ 749.256661][T14003] Tainted: [L]=SOFTLOCKUP [ 749.256666][T14003] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 749.256675][T14003] Call Trace: [ 749.256680][T14003] [ 749.256686][T14003] dump_stack_lvl+0x100/0x190 [ 749.256712][T14003] should_fail_ex.cold+0x5/0xa [ 749.256730][T14003] get_futex_key+0x1d2/0x1620 [ 749.256750][T14003] ? __pfx_get_futex_key+0x10/0x10 [ 749.256770][T14003] ? __cgroup_account_cputime+0xd5/0x130 [ 749.256789][T14003] futex_wait_setup+0x83/0x510 [ 749.256815][T14003] __futex_wait+0x19f/0x300 [ 749.256837][T14003] ? __pfx___futex_wait+0x10/0x10 [ 749.256857][T14003] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 749.256876][T14003] ? lockdep_hardirqs_on+0x78/0x100 [ 749.256897][T14003] ? __pfx_futex_wake_mark+0x10/0x10 [ 749.256921][T14003] ? find_held_lock+0x2b/0x80 [ 749.256934][T14003] ? futex_wake+0x456/0x530 [ 749.256959][T14003] futex_wait+0xed/0x380 [ 749.256981][T14003] ? __pfx_futex_wait+0x10/0x10 [ 749.257013][T14003] do_futex+0x1ef/0x350 [ 749.257031][T14003] ? __pfx_do_futex+0x10/0x10 [ 749.257049][T14003] ? __pfx_do_sendfile+0x10/0x10 [ 749.257073][T14003] __x64_sys_futex+0x34f/0x4d0 [ 749.257094][T14003] ? __pfx___x64_sys_futex+0x10/0x10 [ 749.257113][T14003] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 749.257135][T14003] do_syscall_64+0x106/0xf80 [ 749.257153][T14003] ? clear_bhb_loop+0x40/0x90 [ 749.257171][T14003] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 749.257186][T14003] RIP: 0033:0x7f25c959c799 [ 749.257199][T14003] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 749.257213][T14003] RSP: 002b:00007f25ca3c20e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 749.257228][T14003] RAX: ffffffffffffffda RBX: 00007f25c9815fa8 RCX: 00007f25c959c799 [ 749.257237][T14003] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f25c9815fa8 [ 749.257246][T14003] RBP: 00007f25c9815fa0 R08: 0000000000000000 R09: 0000000000000000 [ 749.257254][T14003] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 749.257263][T14003] R13: 00007f25c9816038 R14: 00007ffcd9819b40 R15: 00007ffcd9819c28 [ 749.257282][T14003] [ 749.900291][T14011] netlink: 25 bytes leftover after parsing attributes in process `syz.0.1584'. [ 749.994030][ T9970] Bluetooth: hci0: command 0x0419 tx timeout [ 749.994253][T14012] netlink: 334 bytes leftover after parsing attributes in process `syz.3.1583'. [ 750.919466][ T30] audit: type=1800 audit(4294967451.862:14): pid=14026 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.1587" name="SYSV00000008" dev="tmpfs" ino=0 res=0 errno=0 [ 750.963133][ T9970] Bluetooth: hci3: command 0x0c1a tx timeout [ 750.963164][ T9970] Bluetooth: hci1: command 0x0c1a tx timeout [ 751.034738][ T6478] Bluetooth: hci2: command 0x0c1a tx timeout [ 751.465202][T14033] bond0: invalid ARP target specified [ 751.482818][T14033] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1590'. [ 751.759525][T14039] netlink: 330 bytes leftover after parsing attributes in process `syz.0.1592'. [ 752.963873][T14049] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 752.965990][T14049] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 752.966147][T14049] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 752.966283][T14049] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 753.074733][T14067] netlink: 25 bytes leftover after parsing attributes in process `syz.3.1598'. [ 754.234226][ T9970] Bluetooth: hci0: command 0x0419 tx timeout [ 755.036209][ T9970] Bluetooth: hci2: command 0x0c1a tx timeout [ 755.042257][ T9970] Bluetooth: hci3: command 0x0c1a tx timeout [ 755.049630][ T6478] Bluetooth: hci1: command 0x0c1a tx timeout [ 755.120625][T14104] input: f as /devices/virtual/input/input34 [ 755.333255][T14110] netlink: 5 bytes leftover after parsing attributes in process `syz.1.1606'. [ 755.885031][T14119] bond0: invalid ARP target specified [ 757.122142][T14122] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 757.131649][T14122] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 757.131823][T14122] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 757.131966][T14122] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 758.074608][ T6478] Bluetooth: hci0: command 0x0419 tx timeout [ 759.194364][ T9970] Bluetooth: hci2: command 0x0c1a tx timeout [ 759.200686][ T9970] Bluetooth: hci3: command 0x0c1a tx timeout [ 759.206738][ T9970] Bluetooth: hci1: command 0x0c1a tx timeout [ 760.635574][ T6478] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 761.010236][T14185] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 761.010411][T14185] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 761.010555][T14185] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 761.010914][T14185] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 762.403886][ T6478] Bluetooth: hci0: command 0x0419 tx timeout [ 763.034286][ T6478] Bluetooth: hci2: command 0x0c1a tx timeout [ 763.044030][T14174] Bluetooth: hci3: command 0x0c1a tx timeout [ 763.050076][T14174] Bluetooth: hci1: command 0x0c1a tx timeout [ 763.316579][T14222] Console: switching to colour VGA+ 80x25 [ 763.472068][T14224] ================================================================== [ 763.472148][T14224] BUG: KASAN: slab-out-of-bounds in fbcon_prepare_logo+0x94e/0xc60 [ 763.472173][T14224] Read of size 26 at addr ffff88803478f3ea by task syz.2.1630/14224 [ 763.472186][T14224] [ 763.472197][T14224] CPU: 0 UID: 0 PID: 14224 Comm: syz.2.1630 Tainted: G L syzkaller #0 PREEMPT(full) [ 763.472218][T14224] Tainted: [L]=SOFTLOCKUP [ 763.472223][T14224] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 763.472232][T14224] Call Trace: [ 763.472238][T14224] [ 763.472244][T14224] dump_stack_lvl+0x100/0x190 [ 763.472265][T14224] print_report+0x156/0x4c9 [ 763.472301][T14224] ? __virt_addr_valid+0x81/0x620 [ 763.472320][T14224] ? __phys_addr+0xe8/0x180 [ 763.472339][T14224] ? fbcon_prepare_logo+0x94e/0xc60 [ 763.472356][T14224] kasan_report+0xdf/0x1e0 [ 763.472374][T14224] ? fbcon_prepare_logo+0x94e/0xc60 [ 763.472390][T14224] kasan_check_range+0x10f/0x1e0 [ 763.472407][T14224] __asan_memcpy+0x23/0x60 [ 763.472425][T14224] fbcon_prepare_logo+0x94e/0xc60 [ 763.472443][T14224] fbcon_init+0x10a0/0x1820 [ 763.472459][T14224] visual_init+0x320/0x620 [ 763.472476][T14224] do_bind_con_driver.isra.0+0x636/0x9c0 [ 763.472497][T14224] store_bind+0x609/0x730 [ 763.472516][T14224] ? __pfx_store_bind+0x10/0x10 [ 763.472534][T14224] dev_attr_store+0x58/0x80 [ 763.472583][T14224] ? __pfx_dev_attr_store+0x10/0x10 [ 763.472598][T14224] sysfs_kf_write+0xf2/0x150 [ 763.472616][T14224] kernfs_fop_write_iter+0x3e0/0x5f0 [ 763.472631][T14224] ? __pfx_sysfs_kf_write+0x10/0x10 [ 763.472648][T14224] vfs_write+0x6ac/0x1070 [ 763.472669][T14224] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 763.472685][T14224] ? __pfx_vfs_write+0x10/0x10 [ 763.472711][T14224] ksys_write+0x12a/0x250 [ 763.472723][T14224] ? __pfx_ksys_write+0x10/0x10 [ 763.472735][T14224] ? kcov_ioctl+0x16a/0x720 [ 763.472758][T14224] do_syscall_64+0x106/0xf80 [ 763.472777][T14224] ? clear_bhb_loop+0x40/0x90 [ 763.472794][T14224] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 763.472809][T14224] RIP: 0033:0x7fbe3e79c799 [ 763.472822][T14224] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 763.472837][T14224] RSP: 002b:00007fbe3f5af028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 763.472851][T14224] RAX: ffffffffffffffda RBX: 00007fbe3ea16270 RCX: 00007fbe3e79c799 [ 763.472862][T14224] RDX: 0000000000000084 RSI: 0000200000000040 RDI: 0000000000000003 [ 763.472871][T14224] RBP: 00007fbe3e832c99 R08: 0000000000000000 R09: 0000000000000000 [ 763.472880][T14224] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 763.472889][T14224] R13: 00007fbe3ea16308 R14: 00007fbe3ea16270 R15: 00007ffd655b1b28 [ 763.472904][T14224] [ 763.472909][T14224] [ 763.472913][T14224] Allocated by task 13118: [ 763.472949][T14224] kasan_save_stack+0x30/0x50 [ 763.472972][T14224] kasan_save_track+0x14/0x30 [ 763.472992][T14224] __kasan_kmalloc+0xaa/0xb0 [ 763.473011][T14224] blk_alloc_flush_queue+0xaa/0x2d0 [ 763.473056][T14224] blk_mq_alloc_and_init_hctx+0x2db/0x1000 [ 763.473092][T14224] __blk_mq_realloc_hw_ctxs+0x382/0x820 [ 763.473107][T14224] blk_mq_init_allocated_queue+0x308/0x1440 [ 763.473150][T14224] blk_mq_alloc_queue+0x1bd/0x290 [ 763.473169][T14224] __blk_mq_alloc_disk+0x29/0x120 [ 763.473188][T14224] add_mtd_blktrans_dev+0x7ad/0x1520 [ 763.473260][T14224] mtdblock_add_mtd+0x1cc/0x270 [ 763.473275][T14224] blktrans_notify_add+0xa2/0xf0 [ 763.473296][T14224] add_mtd_device+0xb1a/0x17a0 [ 763.473314][T14224] mtd_add_partition+0x30a/0x660 [ 763.473335][T14224] mtdchar_blkpg_ioctl+0x207/0x250 [ 763.473348][T14224] mtdchar_ioctl+0x1670/0x1fd0 [ 763.473361][T14224] mtdchar_unlocked_ioctl+0xb0/0xf0 [ 763.473375][T14224] __x64_sys_ioctl+0x18e/0x210 [ 763.473393][T14224] do_syscall_64+0x106/0xf80 [ 763.473411][T14224] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 763.473425][T14224] [ 763.473428][T14224] The buggy address belongs to the object at ffff88803478f300 [ 763.473428][T14224] which belongs to the cache kmalloc-192 of size 192 [ 763.473444][T14224] The buggy address is located 90 bytes to the right of [ 763.473444][T14224] allocated 144-byte region [ffff88803478f300, ffff88803478f390) [ 763.473459][T14224] [ 763.473463][T14224] The buggy address belongs to the physical page: [ 763.473470][T14224] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x3478f [ 763.473484][T14224] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 763.473498][T14224] page_type: f5(slab) [ 763.473513][T14224] raw: 00fff00000000000 ffff88813fe3c3c0 dead000000000100 dead000000000122 [ 763.473527][T14224] raw: 0000000000000000 0000000800100010 00000000f5000000 0000000000000000 [ 763.473536][T14224] page dumped because: kasan: bad access detected [ 763.473544][T14224] page_owner tracks the page as allocated [ 763.473551][T14224] page last allocated via order 0, migratetype Unmovable, gfp_mask 0xd2cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 20732915110, free_ts 20705847568 [ 763.473578][T14224] post_alloc_hook+0x153/0x170 [ 763.473596][T14224] get_page_from_freelist+0x111d/0x3140 [ 763.473615][T14224] __alloc_frozen_pages_noprof+0x27c/0x2ba0 [ 763.473634][T14224] new_slab+0xa6/0x6b0 [ 763.473649][T14224] refill_objects+0x26b/0x400 [ 763.473667][T14224] __pcs_replace_empty_main+0x1ab/0x660 [ 763.473687][T14224] __kmalloc_cache_noprof+0x493/0x6f0 [ 763.473704][T14224] call_usermodehelper_setup+0xaf/0x360 [ 763.473724][T14224] kobject_uevent_env+0x17c1/0x18b0 [ 763.473737][T14224] param_sysfs_builtin_init+0x37b/0x3f0 [ 763.473817][T14224] do_one_initcall+0x11d/0x760 [ 763.473832][T14224] kernel_init_freeable+0x6e5/0x7a0 [ 763.473867][T14224] kernel_init+0x1f/0x1e0 [ 763.473879][T14224] ret_from_fork+0x754/0xd80 [ 763.473899][T14224] ret_from_fork_asm+0x1a/0x30 [ 763.473915][T14224] page last free pid 10 tgid 10 stack trace: [ 763.473923][T14224] __free_frozen_pages+0x7e1/0x10d0 [ 763.473939][T14224] vfree.part.0+0x12b/0x9d0 [ 763.473953][T14224] delayed_vfree_work+0x8e/0xd0 [ 763.473967][T14224] process_one_work+0xa23/0x19a0 [ 763.473985][T14224] worker_thread+0x5ef/0xe50 [ 763.474002][T14224] kthread+0x370/0x450 [ 763.474018][T14224] ret_from_fork+0x754/0xd80 [ 763.474036][T14224] ret_from_fork_asm+0x1a/0x30 [ 763.474049][T14224] [ 763.474053][T14224] Memory state around the buggy address: [ 763.474060][T14224] ffff88803478f280: 00 00 00 04 fc fc fc fc fc fc fc fc fc fc fc fc [ 763.474070][T14224] ffff88803478f300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 763.474079][T14224] >ffff88803478f380: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 763.474087][T14224] ^ [ 763.474095][T14224] ffff88803478f400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 763.474105][T14224] ffff88803478f480: 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc [ 763.474112][T14224] ================================================================== [ 763.515075][T14224] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 763.515094][T14224] CPU: 0 UID: 0 PID: 14224 Comm: syz.2.1630 Tainted: G L syzkaller #0 PREEMPT(full) [ 763.515118][T14224] Tainted: [L]=SOFTLOCKUP [ 763.515124][T14224] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 763.515133][T14224] Call Trace: [ 763.515139][T14224] [ 763.515145][T14224] dump_stack_lvl+0x100/0x190 [ 763.515171][T14224] vpanic+0x552/0x970 [ 763.515186][T14224] ? __pfx_vpanic+0x10/0x10 [ 763.515201][T14224] ? fbcon_prepare_logo+0x94e/0xc60 [ 763.515217][T14224] panic+0xd1/0xe0 [ 763.515230][T14224] ? __pfx_panic+0x10/0x10 [ 763.515244][T14224] ? fbcon_prepare_logo+0x94e/0xc60 [ 763.515258][T14224] ? preempt_schedule_common+0x42/0xc0 [ 763.515280][T14224] check_panic_on_warn.cold+0x19/0x34 [ 763.515302][T14224] end_report.part.0+0x3a/0x90 [ 763.515323][T14224] kasan_report.cold+0xe/0x18 [ 763.515343][T14224] ? fbcon_prepare_logo+0x94e/0xc60 [ 763.515361][T14224] kasan_check_range+0x10f/0x1e0 [ 763.515379][T14224] __asan_memcpy+0x23/0x60 [ 763.515398][T14224] fbcon_prepare_logo+0x94e/0xc60 [ 763.515416][T14224] fbcon_init+0x10a0/0x1820 [ 763.515433][T14224] visual_init+0x320/0x620 [ 763.515449][T14224] do_bind_con_driver.isra.0+0x636/0x9c0 [ 763.515471][T14224] store_bind+0x609/0x730 [ 763.515490][T14224] ? __pfx_store_bind+0x10/0x10 [ 763.515507][T14224] dev_attr_store+0x58/0x80 [ 763.515523][T14224] ? __pfx_dev_attr_store+0x10/0x10 [ 763.515538][T14224] sysfs_kf_write+0xf2/0x150 [ 763.515556][T14224] kernfs_fop_write_iter+0x3e0/0x5f0 [ 763.515571][T14224] ? __pfx_sysfs_kf_write+0x10/0x10 [ 763.515589][T14224] vfs_write+0x6ac/0x1070 [ 763.515611][T14224] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 763.515627][T14224] ? __pfx_vfs_write+0x10/0x10 [ 763.515653][T14224] ksys_write+0x12a/0x250 [ 763.515666][T14224] ? __pfx_ksys_write+0x10/0x10 [ 763.515678][T14224] ? kcov_ioctl+0x16a/0x720 [ 763.515701][T14224] do_syscall_64+0x106/0xf80 [ 763.515720][T14224] ? clear_bhb_loop+0x40/0x90 [ 763.515737][T14224] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 763.515752][T14224] RIP: 0033:0x7fbe3e79c799 [ 763.515765][T14224] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 763.515779][T14224] RSP: 002b:00007fbe3f5af028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 763.515794][T14224] RAX: ffffffffffffffda RBX: 00007fbe3ea16270 RCX: 00007fbe3e79c799 [ 763.515804][T14224] RDX: 0000000000000084 RSI: 0000200000000040 RDI: 0000000000000003 [ 763.515813][T14224] RBP: 00007fbe3e832c99 R08: 0000000000000000 R09: 0000000000000000 [ 763.515822][T14224] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 763.515831][T14224] R13: 00007fbe3ea16308 R14: 00007fbe3ea16270 R15: 00007ffd655b1b28 [ 763.515846][T14224] [ 763.515911][T14224] Kernel Offset: disabled