last executing test programs: 7.397006882s ago: executing program 2 (id=1153): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) close_range$auto(0x2, 0x8, 0x0) openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f0000000340), 0x189400, 0x0) pwrite64$auto(r0, &(0x7f0000000000)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x88\xa8s\x1c\b\x06\x8a>)\x14\r>\x94\x1a\xd3\xd3\x1d\xf8\xbebZ\xddL\'\x03\xf1`\x9f\x1e\xf9\xa4\xf8\x15\x02l@\x18*\xc0\xc1\xf2\x14^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x0e\xa4\xdf\xdav\x1cC\x8a\xeeq\xf0\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2', 0x4e, 0x3) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/cgroup.threads\x00', 0x80302, 0x0) preadv$auto(0x3, &(0x7f0000000040)={0x0, 0x5}, 0x3, 0xf8, 0xffffffffffffffff) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r1) ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae80, 0x0) close_range$auto(0x2, 0x8, 0x0) io_uring_register$auto(0x2, 0x1d, 0x0, 0x0) mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x40eb2, 0xd, 0x300000000000) mremap$auto(0x0, 0x7, 0x3fd6, 0x3, 0x200000) mremap$auto(0x1, 0x4, 0x3, 0x50a, 0x6) socket(0x2, 0x1, 0x0) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) 6.509253791s ago: executing program 0 (id=1155): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, &(0x7f0000000200), 0x145001, 0x0) ioctl$auto_dma_heap_fops_dma_heap(r0, 0xffffffffffdffe00, &(0x7f0000000140)=';') socket(0xa, 0x1, 0x100) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) sendmmsg$auto(0xffffffffffffffff, 0x0, 0x7, 0x20020000) pwrite64$auto(0xc8, 0x0, 0xfdf0, 0x39) mmap$auto(0x0, 0x2020009, 0x7, 0x2000000000000eb1, 0xfffffffffffffffa, 0x3) madvise$auto(0x0, 0xffffffffffff0005, 0x17) mmap$auto(0x0, 0xe983, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/fs/ext4/sda1/mb_groups\x00', 0x109180, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000280)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:01/PNP0B00:00/uevent\x00', 0xb02, 0x0) sendmsg$auto_NL80211_CMD_ABORT_SCAN(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000001980)=ANY=[@ANYBLOB="000428bd7000fddbdf2572000000d5074801df1af0ebe5aff861f90fef1cd29caf556101167b1ccb2741bde9cc96d71b7295da0b178f3145eaa4a00a4fa9fcb281c65c30c1430b48e6f91275f00ee96d06f7e6bd05c1af7b9c0ee013ca8dc3e82a4f7efb413a0b9cd35763b92ded7ee1b9336e0bc7d12d0f26083a168c6a2ee064b2d0f1ae837a4f045fc61d947670f450a56dcff9232275db4c9bdfa9497da2c52e0bf4761f0c22b4a637f951ae926928aa18a8b30cc0c74aecb71862892bac4bf26d65323f9a420a2b0a08b7ae78d2b6c8ab635ddc019192eecf0609683042ca1b7f925fb94234d9a499ac22ca7fb11491478430dfcd6d86fff6598161d76b7688b3af1608daa3de12cffc0dfbfc732073ffd2d967b6a291a471822d0b8c681a370cbb192ac9c7e8f7b2b4119a6549a60dfb08b96f50b9b4143460618f0747ce7330fd6cdc4f79bd47e9420972292f97e72501e07fbf574ddb144caf67a5105d344c669dfa56ee1fd9d0b3c98c72eb8c6c942f9aab5830f2c719947168f101b599369e682da9ba5d3c6019ed6c6c6c376e41e3357455077aa8c321e40f034c6f81eb69767672c53adbfe236c5a49a15ddea8a657a818a8e8ea921fdc11d6034e40ab2afc5e2919de79af646f82d79ca078372f3f1328b25e0718e7f64be83d58a4cbe12ffe3505307434554c96d7095051a6704101a23fb2baf5b81401da72b5213552a7cb54ee801d26f6efb25c3d20c03768e9ffb6b50546735f5d1b553f73d5f8c36a5aa5ab5a5d4e08b910e6f29a52e77d53e27c4827b5bc154c11e8f2625d0c5d8e15a138a0fd72c9458d72bd8be57afa648a003f5d909c0a7aa1062546407f019695df71228ee704c4fe870bca3c4f3d5183aa4f4f19e9bfcf9b282241ee6eabaab6777f72b0b1e52a498464978fa44e2d9a73935efe46b0c3e91fee32949f032740bd3b018c1eb330ce7d0a44553ff12a25f20ed41aefc8b12f4374f1dcdaeae16345ec004ba3bf0d5bf39037bd4b73fb2a6d5022198f3bcf9d623c4f706ae5b3ba632c112424ad5d673f38e3c673c50552731151cb53dd9ec9699d375b451d8f4e2457e5eab34766a66b031dcdcae85e67939edb373588801a5ea82f8d266aa78341c0e1104f2b0dd5ee0c081f3855a06bec389a29645871ea53b10e19e44737951756ecc062dedfccc3fd84aae13d3c5c8328379756f42b1cf8e9453e9491033f2ede522c8daa0577152799451358694c3771169411150f5066a243d6f869671a4a924602cdfa5a35e4cf303cf7271afb702c93a6101275319153d7c88c112b7d1331db47415023ec18b7d558967f82e7970b1616d8cd1bd5deda3f90bcddec801412e8a4ceb854241bcfe0850c7495399338b41ae01528fe5da8296d5cb4a0a5e4ca8c82327da83c0999ab91549f5a08c1ded5d54509bc60b3afbace2fea3c7817aeed4fefc038e86bc77be0029dc5a8f70d41770990583da9b943c9f7c646888171188a9ca40b58b7ff2066bc657dcf369fc8faf74576f61347b0d4016854d5701cacce7eb0ee48f3a302b5892649dad4c910e27976e0ba3f781fb9fc8908904b03455d8d45a6875a18a97da67e91b9f43424c58ceac55ab788fd91097db30ef891cf659dca25f64300f52b544b4be462724803171a0c4328472c3c9a863dbb331029066f55a0e8ef1c3852c3f19c2bbd71c17852bcf22a125ff854592c146258ba99fe1a9dcca3e1a9178ecd0d6096d0642bd1639d547d475dbe4e"], 0x7ec}, 0x1, 0x0, 0x0, 0x40000}, 0x4000) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000340)={'pimreg0\x00', 0x0}) syz_genetlink_get_family_id$auto_net_shaper(&(0x7f0000001500), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000001540)={'netdevsim0\x00'}) sendmsg$auto_NET_SHAPER_CMD_GROUP(0xffffffffffffffff, &(0x7f0000001600)={0x0, 0x0, &(0x7f00000015c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="14000000e31f4595f72ece9ed3dab1c87640c45d53918fbc22b845285daf16705b77372238ecf2874d3d1d662ca730f1b84a509e289ff4c1a5af720213c5aa83d457b12cacc1db627089aa8943510dbf125e66a29d194b99b371c0973774cb976ec169ae80b88920604f69bb5549fc50", @ANYBLOB="010029bd7000fedbdf2504000000"], 0xfffffffffffffcad}, 0x1, 0x0, 0x0, 0x44000}, 0x8014) sendmsg$auto_ETHTOOL_MSG_PAUSE_SET(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f00000004c0)={&(0x7f00000005c0)=ANY=[@ANYRESHEX=r1, @ANYRES16=0x0, @ANYBLOB="000825bd7000ffdbdf2516000000180001801400020076657468315f766972745f776966690004000180050002000900000005000300b30000000000018000000100", @ANYRES32=r2, @ANYBLOB="00000100", @ANYBLOB="30843d39c0af6622f0eb77d37e4ed117159b8ee0ae2bce6daa12677f86e56de4a37040fa683ed568c93a48ffba7c1a62570096367177b7f3850e5237fa6f21a2dba5335bee8c604bd2f6f8802cfd6046c67a9c1d385d8e40b3", @ANYBLOB="050003000000000005000400d900000018000180"], 0x67}}, 0x8000) write$auto(0xca, &(0x7f0000000140)='\x04>\x01\x01\x00\x00\x00\x00\x01_\x9e\x99:\x06F\x96\b\'\x02\xb0\x93l\xeb\x87\r\b\x87\x14\xf8e6\x9c%\xb6\x9a\\S\xa2(Q\xcc', 0x7f) r3 = openat$auto_proc_pid_numa_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000003640)='/proc/self/numa_maps\x00', 0x40080, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xc, 0x800008000) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) lseek$auto(r3, 0x7ff, 0x1) madvise$auto(0x0, 0xffffffffffff0001, 0x15) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) 6.351003607s ago: executing program 2 (id=1156): r0 = open(&(0x7f0000000140)='./file0\x00', 0x2a4c0, 0x20) chmod$auto(&(0x7f00000000c0)='./file0\x00', 0xf4ba) writev$auto(r0, &(0x7f0000000000)={&(0x7f0000000280)="f23da39cc0107cb68840a4e3c66748fe14c2a4be33aaf3b402e34b9e4e79b1eb2d0c88ad7b380657a129ed57d9e71835228d893d45be03026f57ed3045075646db6a214fca811426ef583c483d16c60f83baa686bf1a3c876c27b17cda0affbfbdcec723ca183960ee87d64c8b283d8d590ffda64f52d31d3446ab0a2db2ce049e0e88fdf9858fddf128a272900ffa4a013f5f3905c7bd7bcdc6ed2dded458acaef4c43c4a4979e6b6a144a955ede2c60c5b401b3a167d426e3d4597c7cf6ddfa5", 0xfffffffffffffffd}, 0x6) write$auto_proc_setgroups_operations_base(0xffffffffffffffff, &(0x7f0000000180)="d2e80904bc764086f602166499c9cb1715a7685777f8388c6b6668f47c61b900b234785ff321c6b87a1e92810565e765de7d1c346574ba207b7c5344d77f64d0fe8c20c076bb0c55b129e56844c9de8959c813ec210a2dc5234ad49fd57ef88ce2e0caf01aa4fbb26c3cfc8378e03ab8b369dd11b78e58b9e389d2e7341d9b7a3d84f87ccdcc807aa24b54572c3453bc9298e4f71a631bd2feec2b8262e583275bded89c9bb2fb91e37ae522af70a7397e89820f4427a1508ed00103efe48946e531e40f626b80e85443ade868494823391d3900de", 0xd5) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(0xffffffffffffffff, &(0x7f0000000000)='-\x00', 0x2fb) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_ipvs(&(0x7f0000000400), r1) unshare$auto(0x40000080) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r3, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) read$auto(0xffffffffffffffff, 0x0, 0x1f40) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0xc2061, 0x0) write$auto(r4, 0x0, 0x80) listen$auto(0x3, 0x81) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f2, 0x15) madvise$auto(0x0, 0x200007, 0x19) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x101001, 0x0) r5 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000001c0), 0x101000, 0x0) ioctl$auto_KVM_CREATE_VM(r5, 0xae01, 0x0) r6 = openat$auto_zero_fops_mem(0xffffffffffffff9c, &(0x7f0000000340), 0x80200, 0x0) pread64$auto(r6, &(0x7f0000000240)='\x03W\x96l\x15\x00'/21, 0x100000002, 0x100000001) sendmsg$auto_IPVS_CMD_ZERO(r1, &(0x7f0000002900)={0x0, 0x0, &(0x7f00000028c0)={&(0x7f0000002600)={0x14, r2, 0x1, 0x74bd2b, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x4001}, 0x0) chown$auto(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) 6.221930763s ago: executing program 3 (id=1157): setresuid$auto(0x8, 0x8, 0x0) r0 = setfsuid$auto(0xee00) setreuid$auto(r0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_net_shaper(&(0x7f0000000540), r1) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'netdevsim0\x00'}) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000140)='/proc/self/net/rt_acct\x00', 0x840, 0x0) lseek$auto(0x3, 0x7fffffffffffffff, 0x1) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) syz_genetlink_get_family_id$auto_tipcv2(&(0x7f000000c180), 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) pipe2$auto(&(0x7f0000000140)=0x2, 0x800) read$auto(0x4, 0x0, 0x80) syz_genetlink_get_family_id$auto_macsec(&(0x7f0000000080), r1) sendmsg$auto_TIPC_NL_NAME_TABLE_GET(0xffffffffffffffff, 0x0, 0x4) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) fsconfig$auto(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, 0x0, 0x802, 0x0) waitid$auto_P_PGID(0x2, 0x0, 0x0, 0x3, &(0x7f0000000440)={{0x8, 0x6}, {0x8, 0xc5e}, 0x100000011, 0x3, 0x5, 0xf9, 0xfffffffffffffffc, 0x5, 0x6274, 0x9, 0x0, 0xb, 0x360, 0x439c, 0x9, 0x7}) mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x40eb2, 0xd, 0x300000000000) close_range$auto(0x0, 0xfffffffffffff000, 0x0) bpf$auto(0x0, &(0x7f00000001c0)=@bpf_attr_0={0xa, 0xb8, 0x10, 0x4, 0x4, 0xffffffffffffffff, 0xa, "2af051b26b658a20d8dc6b36c83ce63f", 0x0, 0xffffffffffffffff, 0x5, 0x7, 0x7, 0x6}, 0xf) bpf$auto(0x1a, &(0x7f0000000380)=@link_create={@prog_fd, @target_ifindex=r3, 0x3, 0x81, @uprobe_multi={0x3, 0x1ff, 0x3d7e, 0x0, 0x1, 0x4}}, 0x96) 5.381894154s ago: executing program 0 (id=1159): r0 = open(&(0x7f0000000000)='./file0\x00', 0x4242, 0xe1d2b27bdc14aabc) fallocate$auto(r0, 0x0, 0x7, 0x4cbd5d) openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f0000000000)='/dev/usbmon33\x00', 0x121200, 0x0) mmap$auto(0x0, 0x4000002, 0xfffffffffffffe01, 0x8051, 0x3, 0x0) syz_clone(0x5004000, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) openat$auto_drm_debugfs_entry_fops_drm_debugfs(0xffffffffffffff9c, 0x0, 0x503083, 0x0) syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$auto_HWSIM_CMD_NEW_RADIO(0xffffffffffffffff, 0x0, 0x40800) unshare$auto(0x40000080) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) getrandom$auto(0x0, 0x6000002, 0x3) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) open(0x0, 0x22240, 0x55) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x12de82, 0x0) ioctl$auto(0x3, 0x40106f52, r2) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x24801, 0x0) r3 = openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/usbmon0\x00', 0x0, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000640), r4) sendmsg$auto_NL80211_CMD_RELOAD_REGDB(r4, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f00000000c0)={&(0x7f0000001300)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r5, @ANYBLOB="05082dbd7000fbdbdf257e0000000800db00ab29dc931f0e02b7745be74fb8e8255f614f85f94bc5ef8facda4b1cb3e135ef23203752a9a06f5adc02fe10fd6059eb5ec860fbb39453d7ba92bd5a73e0e45ce2d585cccf203901d41ed36536bffcadc5fa27dbe72d209b4c922ee03aba35fb65731b21d405c9def0", @ANYBLOB], 0x1c}, 0x1, 0x0, 0x0, 0x4004044}, 0x8000) sendmsg$auto_NL80211_CMD_ADD_TX_TS(0xffffffffffffffff, &(0x7f00000012c0)={&(0x7f0000001100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000001280)={&(0x7f0000000240)=ANY=[@ANYBLOB="08010000", @ANYRES16=r5, @ANYBLOB="080027bd7000fddbdf2569000000060065000900000006004f01090000001700130013c366f9244357d432f6e44cc4bf4e5878fe5d00080002002f247b0005006000080000000500a3000200000045001f00ff8ddbe0dca3a0c40b31575a0fc89a052ad1070f85525f215dde201061c7ecbce4e876ab8d9dd571ee3b51789e3654f47243f6e34471afffdadef51ab57ef583e90000005c007580ba6aeb15a3f761572ca4eb336e5dfaa39a4e112524144c26d5a6468d0f3a3919ee7a2bf863f683c121bc3b2170c49b100b274baaf7e35af6d0f2356f99129b14dfb3c040f557f81b08003800000400000800e600", @ANYRES32=r1, @ANYBLOB="05008a00080042000500f600071a0000000bc38e66a8950ee3ab259a4dffde2016f61a9d1a71fdd267b60e8be22f016b650bbcaa453fb002bcf118f0e96d4b6248efe1352050bde81bcec7d7d37591a1304ff17feb"], 0x108}, 0x1, 0x0, 0x0, 0x91}, 0x10) ioctl$auto_MON_IOCX_MFETCH(r3, 0xc0109207, 0x0) mlockall$auto(0x7) mprotect$auto(0x0, 0x806121, 0x6) bpf$auto(0x5, &(0x7f0000000080)=@bpf_attr_7={@prog_id=0xc, 0x92f1, 0x4}, 0xa) 5.176738138s ago: executing program 1 (id=1160): setgroups$auto(0xe32, 0x0) setgroups$auto(0x6, &(0x7f0000000000)=0x3) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0001, 0x15) prctl$auto(0x5, 0x3ff, 0x4, 0x2, 0x400000e) madvise$auto(0x0, 0xffffffffffff0005, 0x19) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) getsid$auto(0x0) write$auto(0xffffffffffffffff, &(0x7f0000000400)='/dev/audio1\x00', 0x5) openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000005280), 0x50b880, 0x0) write$auto(r0, 0x0, 0x100000a3dd) syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) close_range$auto(0x2, 0x8, 0x0) socket(0xa, 0x5, 0x84) r1 = openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/sg0\x00', 0x141000, 0x0) bpf$auto(0x40, &(0x7f00000000c0)=@bpf_attr_0={0x0, 0x5, 0x4, 0x4, 0x800, 0xffffffffffffffff, 0x13, "f0f59673e700", 0x0, r1, 0xfffff588, 0x8, 0x2, 0x100000000000200}, 0x7f) ioctl$auto_SCSI_IOCTL_SEND_COMMAND2(r1, 0x1, &(0x7f00000000c0)) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda\x00', 0x14f602, 0x0) fcntl$auto_F_DUPFD_QUERY(0xffffffffffffffff, 0x403, 0xffffffffffffffff) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) madvise$auto(0x0, 0x400053, 0x9) r2 = openat$auto_proc_mem_operations_base(0xffffffffffffff9c, &(0x7f0000000200)='/proc/self/mem\x00', 0x401, 0x0) write$auto_proc_mem_operations_base(r2, &(0x7f0000001680)="a7", 0x80000) openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000040), 0x12080, 0x0) mprotect$auto(0x200000000000, 0x806121, 0x6) 5.115643173s ago: executing program 3 (id=1161): setresuid$auto(0x8, 0x8, 0x0) r0 = setfsuid$auto(0xee00) setreuid$auto(r0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_net_shaper(&(0x7f0000000540), r1) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'netdevsim0\x00'}) lseek$auto(0x3, 0x7fffffffffffffff, 0x1) fsconfig$auto(r1, 0x2, &(0x7f0000000180)='\x00', &(0x7f0000000580)="10ab6b39a25e5d9c4947936e05c1ebf9895356b0a5fc915241b26bebe1bf3648ecb6260c4d40bcaaf9620450e0f236d9cf2e9bfa15663032904f14a0bfebeb6f41d8f77bd0bca982", 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) syz_genetlink_get_family_id$auto_tipcv2(&(0x7f000000c180), 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) pipe2$auto(&(0x7f0000000140)=0x2, 0x800) read$auto(0x4, 0x0, 0x80) syz_genetlink_get_family_id$auto_macsec(&(0x7f0000000080), r1) sendmsg$auto_TIPC_NL_NAME_TABLE_GET(0xffffffffffffffff, 0x0, 0x4) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) fsconfig$auto(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, 0x0, 0x802, 0x0) waitid$auto_P_PGID(0x2, 0x0, 0x0, 0x3, &(0x7f0000000440)={{0x8, 0x6}, {0x8, 0xc5e}, 0x100000011, 0x3, 0x5, 0xf9, 0xfffffffffffffffc, 0x5, 0x6274, 0x9, 0x0, 0xb, 0x360, 0x439c, 0x9, 0x7}) mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x40eb2, 0xd, 0x300000000000) close_range$auto(0x0, 0xfffffffffffff000, 0x0) bpf$auto(0x0, &(0x7f00000001c0)=@bpf_attr_0={0xa, 0xb8, 0x10, 0x4, 0x4, 0xffffffffffffffff, 0xa, "2af051b26b658a20d8dc6b36c83ce63f", 0x0, 0xffffffffffffffff, 0x5, 0x7, 0x7, 0x6}, 0xf) bpf$auto(0x1a, &(0x7f0000000380)=@link_create={@prog_fd, @target_ifindex=r3, 0x3, 0x81, @uprobe_multi={0x3, 0x1ff, 0x3d7e, 0x0, 0x1, 0x4}}, 0x96) 4.716802263s ago: executing program 1 (id=1162): r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/audio\x00', 0x20342, 0x0) ioctl$auto_SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000000)) mmap$auto(0x0, 0x400007, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x1a9402, 0x0) sendmsg$auto_ETHTOOL_MSG_CABLE_TEST_TDR_ACT(0xffffffffffffffff, 0x0, 0x800) timer_create$auto(0x9, 0x0, 0x0) read$auto(0x3, 0x0, 0x8080) socket(0xa, 0x1, 0x100) write$auto(0x3, 0x0, 0xffd8) unshare$auto(0x40000080) shmctl$auto_IPC_SET(0x4, 0x1, &(0x7f0000000280)={{0x80, 0xee00, 0xee00, 0xca6d, 0x8, 0x4bd6, 0x5}, 0xd21, 0x5, 0x8000000000000000, 0x1, @inferred=0xffffffffffffffff, @inferred=0xffffffffffffffff, 0x9, 0x0, &(0x7f0000000140)="4f0d6995e943b6bc1919e836e1a6e889b4881e233d3b51e066bb0a054c9e474be535fd29da", &(0x7f0000000200)="e3ac9b01ee8d985b677531eeeee5cb5bf774d2df4d9ae6dccbc98def20b72c7c2826a585ba3a8d67815abade214708a4ade77c6faa2f2889ca3e7989f32645dd597a3ae1b46e8d8c7e03ae6b8a"}) fsconfig$auto(r0, 0x800, &(0x7f0000000040)='/sys/devices/LNXSYSTM:00/LNXPWRBN:00/power/wakeup_abort_count\x00', 0x0, r1) process_mrelease$auto(0xffffffffffffffff, 0xa) mmap$auto(0x0, 0x40000b, 0xde, 0x9b72, 0xffffffffffffffff, 0x8000) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r3 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mount$auto(0x0, 0xfffffffffffffffe, 0x0, 0x80, 0xfffffffffffffffe) write$auto(r2, &(0x7f0000000180)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8\xa6\xb6\xaa\x96/OX\xba\x02\xc5\xc6B\x1d}Y\xbc@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf\xd6f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8', 0x100000a3d6) openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x60042, 0x0) mkdir$auto(&(0x7f0000000100)='./file0\x00', 0xff) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/adsp1\x00', 0x20342, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/037/001\x00', 0x802, 0x0) socket(0x2, 0x1, 0x106) mmap$auto(0x1000000000, 0x100000400008, 0x1000000000000df, 0x4000009b73, r3, 0x8000) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/admmidi2\x00', 0x40080, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x10000000000001ff, 0x7, 0xd3e, 0x20, 0x9687, 0x100000000000003, 0x3c2a19d5, 0x6, 0x3, 0x62, 0x8, 0x7, 0x6d3f, 0x6, 0xa, 0xfffffffffffffffe]}, 0x0) close_range$auto(0x2, 0x8, 0x0) 4.095981896s ago: executing program 3 (id=1163): setgroups$auto(0xe32, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) setgroups$auto(0x6, &(0x7f0000000000)=0x3) madvise$auto(0x0, 0xffffffffffff0001, 0x15) prctl$auto(0x5, 0x3ff, 0x4, 0x2, 0x400000e) madvise$auto(0x0, 0xffffffffffff0005, 0x19) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) getsid$auto(0x0) write$auto(0xffffffffffffffff, &(0x7f0000000400)='/dev/audio1\x00', 0x5) openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000005280), 0x50b880, 0x0) write$auto(r0, 0x0, 0x100000a3dd) syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) close_range$auto(0x2, 0x8, 0x0) socket(0xa, 0x5, 0x84) r1 = openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/sg0\x00', 0x141000, 0x0) bpf$auto(0x40, &(0x7f00000000c0)=@bpf_attr_0={0x0, 0x5, 0x4, 0x4, 0x800, 0xffffffffffffffff, 0x13, "f0f59673e700", 0x0, r1, 0xfffff588, 0x8, 0x2, 0x100000000000200}, 0x7f) ioctl$auto_SCSI_IOCTL_SEND_COMMAND2(r1, 0x1, &(0x7f00000000c0)) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda\x00', 0x14f602, 0x0) fcntl$auto_F_DUPFD_QUERY(0xffffffffffffffff, 0x403, 0xffffffffffffffff) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) madvise$auto(0x0, 0x400053, 0x9) r2 = openat$auto_proc_mem_operations_base(0xffffffffffffff9c, &(0x7f0000000200)='/proc/self/mem\x00', 0x401, 0x0) write$auto_proc_mem_operations_base(r2, &(0x7f0000001680)="a7", 0x80000) openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000040), 0x12080, 0x0) mprotect$auto(0x200000000000, 0x806121, 0x6) 3.951851227s ago: executing program 2 (id=1164): setgroups$auto(0xe32, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) setgroups$auto(0x6, &(0x7f0000000000)=0x3) madvise$auto(0x0, 0xffffffffffff0005, 0x17) prctl$auto(0x5, 0x3ff, 0x4, 0x2, 0x400000e) madvise$auto(0x0, 0xffffffffffff0005, 0x19) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) getsid$auto(0x0) write$auto(0xffffffffffffffff, &(0x7f0000000400)='/dev/audio1\x00', 0x5) openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000005280), 0x50b880, 0x0) write$auto(r0, 0x0, 0x100000a3dd) syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) close_range$auto(0x2, 0x8, 0x0) socket(0xa, 0x5, 0x84) r1 = openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/sg0\x00', 0x141000, 0x0) bpf$auto(0x40, &(0x7f00000000c0)=@bpf_attr_0={0x0, 0x5, 0x4, 0x4, 0x800, 0xffffffffffffffff, 0x13, "f0f59673e700", 0x0, r1, 0xfffff588, 0x8, 0x2, 0x100000000000200}, 0x7f) ioctl$auto_SCSI_IOCTL_SEND_COMMAND2(r1, 0x1, &(0x7f00000000c0)) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda\x00', 0x14f602, 0x0) fcntl$auto_F_DUPFD_QUERY(0xffffffffffffffff, 0x403, 0xffffffffffffffff) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) madvise$auto(0x0, 0x400053, 0x9) r2 = openat$auto_proc_mem_operations_base(0xffffffffffffff9c, &(0x7f0000000200)='/proc/self/mem\x00', 0x401, 0x0) write$auto_proc_mem_operations_base(r2, &(0x7f0000001680)="a7", 0x80000) openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000040), 0x12080, 0x0) mprotect$auto(0x200000000000, 0x806121, 0x6) 3.796241769s ago: executing program 0 (id=1165): setresuid$auto(0x8, 0x8, 0x0) r0 = setfsuid$auto(0xee00) setreuid$auto(r0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_net_shaper(&(0x7f0000000540), r1) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000140)='/proc/self/net/rt_acct\x00', 0x840, 0x0) lseek$auto(0x3, 0x7fffffffffffffff, 0x1) fsconfig$auto(r1, 0x2, &(0x7f0000000180)='\x00', &(0x7f0000000580)="10ab6b39a25e5d9c4947936e05c1ebf9895356b0a5fc915241b26bebe1bf3648ecb6260c4d40bcaaf9620450e0f236d9cf2e9bfa15663032904f14a0bfebeb6f41d8f77bd0bca982", 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) syz_genetlink_get_family_id$auto_tipcv2(&(0x7f000000c180), 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) pipe2$auto(&(0x7f0000000140)=0x2, 0x800) read$auto(0x4, 0x0, 0x80) syz_genetlink_get_family_id$auto_macsec(&(0x7f0000000080), r1) sendmsg$auto_TIPC_NL_NAME_TABLE_GET(0xffffffffffffffff, 0x0, 0x4) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) fsconfig$auto(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, 0x0, 0x802, 0x0) waitid$auto_P_PGID(0x2, 0x0, 0x0, 0x3, &(0x7f0000000440)={{0x8, 0x6}, {0x8, 0xc5e}, 0x100000011, 0x3, 0x5, 0xf9, 0xfffffffffffffffc, 0x5, 0x6274, 0x9, 0x0, 0xb, 0x360, 0x439c, 0x9, 0x7}) mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x40eb2, 0xd, 0x300000000000) close_range$auto(0x0, 0xfffffffffffff000, 0x0) bpf$auto(0x0, &(0x7f00000001c0)=@bpf_attr_0={0xa, 0xb8, 0x10, 0x4, 0x4, 0xffffffffffffffff, 0xa, "2af051b26b658a20d8dc6b36c83ce63f", 0x0, 0xffffffffffffffff, 0x5, 0x7, 0x7, 0x6}, 0xf) bpf$auto(0x1a, &(0x7f0000000380)=@link_create={@prog_fd, @target_ifindex=r3, 0x3, 0x81, @uprobe_multi={0x3, 0x1ff, 0x3d7e, 0x0, 0x1, 0x4}}, 0x96) 3.571163002s ago: executing program 1 (id=1166): unshare$auto(0x40000080) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) listen$auto(0x3, 0x81) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) keyctl$auto(0x1f, 0x1, 0x6, 0x0, 0x3ff) madvise$auto(0x0, 0x2003f2, 0x15) syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_FEATURES_SET(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000040)=ANY=[@ANYRES8, @ANYRES16, @ANYBLOB="df250c0000000000000000"], 0x14}}, 0x24048004) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000340), 0xffffffffffffffff) r3 = openat$auto_proc_uid_map_operations_base(0xffffffffffffff9c, &(0x7f00000013c0)='/proc/self/uid_map\x00', 0x8006, 0x0) write$auto_proc_uid_map_operations_base(r3, 0x0, 0x0) sendmsg$auto_NFSD_CMD_THREADS_SET(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000200)={0xa8, r2, 0x1, 0x70bd2c, 0x25dfdbfd, {}, [@NFSD_A_SERVER_SCOPE={0x81, 0x4, 'nfsf\x00\xd8\xef\xe4-\x13+r\xf3\fT1Z\xa7J[\x81\a\xcf-\xdf\x90\x1f\x8f\xc8\x13e\xe2R7D\x832j\xce}\xa3V\xb7\xa1o\\\xe6\x13\xbc\f\xe3\xae\xb8~\xd3\xd2+J\'\xc3\xec\xc9\fp\xc8a\xbe\xfe`\xa7\xa9AKDd\'\xa0\x01\xf6\x13y\xe8\xca\xf4Q\x9e\x03*]\xda\x1e\x11t\xe2\xd5uw+\x93\xfc\x04l\xd3\xa6t\x86k\x80\xd9\x14s\xec\xe2H\xc0=(\xf99\x8ac\xa7\x85\x99\x87'}, @NFSD_A_SERVER_LEASETIME={0x8, 0x3, 0x85}, @NFSD_A_SERVER_THREADS={0x8, 0x1, 0x2}]}, 0xa8}}, 0x4000) madvise$auto(0x0, 0x200007, 0x19) openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000300)='/proc/thread-self/pagemap\x00', 0x404001, 0x0) mmap$auto(0x0, 0x420009, 0xdf, 0xeb1, 0x401, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) remap_file_pages$auto(0x6a27, 0x1000, 0x0, 0xb74, 0x66a) madvise$auto(0x0, 0xffffffffffff0001, 0x15) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x3b}}, 0x54) mmap$auto(0x0, 0xe983, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) bpf$auto(0xfffffffe, &(0x7f00000001c0)=@query={@target_fd, 0x8, 0x3, 0x5, 0xff, @count=0xe35c, 0x0, 0x5, 0x80000000000006, 0xd9, 0xffffffff}, 0x6f2) sendmsg$auto_ETHTOOL_MSG_EEE_SET(0xffffffffffffffff, &(0x7f0000001700)={0x0, 0x0, &(0x7f00000016c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="d4000000", @ANYRES16=0x0, @ANYBLOB="100027bd7000fbdbdf2518000000200001800247eea41fac000014000200766574683100000000000000000000000800070063fbffff0500060001000000840002803d00488013b37090badc49d6dc93876646d25a4d297d01cd3b7da38d12889cc50d505f353dc42d0a3c0a14c7b46428910708003600", @ANYRES32=0x0, @ANYBLOB="0400b3800000003d003b800400a4800c009a00008000000000000004008680c16ab1b1b39dcaa14b6af7dcc011b43cf706e562811c62b28a702b72e0a87126700294f2350000000c000180080003"], 0xd4}, 0x1, 0x0, 0x0, 0x20000880}, 0x20008000) 3.376628398s ago: executing program 3 (id=1167): openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0xe6e43, 0x0) setsockopt$auto(0x3, 0x29, 0x46, 0x0, 0x808) madvise$auto(0x0, 0x2000040080000004, 0xe) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) write$auto(r0, &(0x7f0000000040)='//\xf2\x00', 0x80000000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x800008000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) shmdt$auto(0x0) socket(0x7, 0x3, 0x2) r1 = socket(0xa, 0x3, 0x3b) io_uring_setup$auto(0xa, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x80000, 0x0) mmap$auto(0xfffffffffffffffe, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/sys/kernel/perf_event_max_stack\x00', 0x143402, 0x0) capset$auto(&(0x7f0000000180)={0x19980330}, 0x0) epoll_ctl$auto(r1, 0x3, r1, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r2, 0x0, 0x20) r3 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r3, &(0x7f0000000200)={0x0, 0x7}, 0x3) mmap$auto(0x0, 0x8000000000000000, 0x3, 0xf1, 0xfffffffffffffffa, 0x1) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/block/loop13/integrity/read_verify\x00', 0x80000, 0x0) read$auto(r4, 0x0, 0x24) r5 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x101000, 0x0) ioctl$auto_SNDRV_RAWMIDI_IOCTL_STATUS32(r5, 0xc0245720, 0x0) syz_clone(0x2360411, 0x0, 0x0, 0x0, 0x0, 0x0) 2.52238418s ago: executing program 0 (id=1168): mmap$auto(0x0, 0x1, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) read$auto(0xffffffffffffffff, 0x0, 0xb) r0 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x140082, 0x0) writev$auto(r0, &(0x7f0000000200)={0x0, 0x7}, 0x3) r1 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sequencer\x00', 0x787806, 0x0) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, r1, 0x28000) r2 = io_uring_setup$auto(0x5, 0x0) close_range$auto(0x2, r2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2b, 0x1, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0xffff, @remote}, 0x6d) listen$auto(0x3, 0x81) accept$auto(0x3, 0x0, 0x0) r3 = socket(0x2, 0x1, 0x0) sendmmsg$auto(r3, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x4, 0x0, 0x7fff, 0x1}, 0x80000b}, 0x5, 0x20000000) futex$auto(0x0, 0x6, 0x8, 0x0, 0x0, 0x8000fff5) close_range$auto(0x2, 0xa, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_set_tracer_fops_trace(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/tracing/current_tracer\x00', 0x2, 0x0) r4 = openat$auto_raw_fops_raw_gadget(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0) ioctl$auto_USB_RAW_IOCTL_EP_SET_HALT(r4, 0x4004550d, &(0x7f0000000080)=0x2457) mmap$auto(0xae72, 0x400007, 0xdf, 0x9b72, 0xffffffffffffffff, 0x9) write$auto(0x3, 0x0, 0xffd8) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0x11, 0x80003, 0x300) 2.428854247s ago: executing program 2 (id=1169): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000100)='/proc/thread-self/net/protocols\x00', 0x100, 0x0) unshare$auto(0x5) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto(0x3, 0xae41, r2) sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x5) ioctl$auto_KVM_GET_MSRS(r1, 0xc008ae88, &(0x7f0000000080)={0x2}) pread64$auto(r0, 0x0, 0x40000000f42c, 0x585) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/asound/card0/oss_mixer\x00', 0x121002, 0x0) r3 = open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154) r4 = semctl$auto(0x2, 0x10000, 0x8, 0x4) prctl$auto(0x7, 0x1, r4, 0x3, 0x5) mmap$auto(0x0, 0x40009, 0x4, 0x9b72, 0x7, 0x28000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) select$auto(0x11, 0x0, 0x0, 0x0, 0x0) io_cancel$auto(0x6, 0x0, 0x0) fcntl$auto(r3, 0x400, 0x1) open(&(0x7f0000000800)='./file0\x00', 0xe2240, 0x154) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x0, 0x0) r5 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000140)='/proc/asound/card0/pcm0c/sub0/hw_params\x00', 0x60800, 0x0) read$auto_proc_reg_file_ops_compat_inode(r5, &(0x7f0000000200)=""/220, 0xdc) 1.765268005s ago: executing program 0 (id=1170): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x100) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000240)='/dev/snd/midiC2D0\x00', 0x2841, 0x0) unshare$auto(0x6) ioctl$auto_SNDRV_RAWMIDI_IOCTL_PARAMS(r0, 0xc0305710, &(0x7f0000000040)={0x0, 0x318f, 0x4, 0x0, 0xff, "50cfeeca8e00"}) r1 = socket(0xa, 0x5, 0x0) mmap$auto(0x4, 0xa020009, 0x3, 0xeb1, r1, 0x7ffe) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000100)='/proc/fs/cifs/mount_params\x00', 0x802, 0x0) r3 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r2, &(0x7f0000000640)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\xff\x7f\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc:\xfa\x01\xd1\xa3\xb5\xc2B\xa5\xac:woR^a\xb9}\xe7\xbd\xe1\xf77.\xa3\xd8\xc2T\x95\x13\x91\xb6p\xf3\xb2w\xe6\xd7\x94DW\x97\x90a\xe6c\xfb\x88x\xd5L\xa9\xe4\x82\x04\xb1\x8b\r\xcaP\\\x1aVP\xc9\xa4`\xfd\v\x94\f\xc1\x0fQ\xc9\xdcL\x03\x9c\xbfk\xa6\xb1\xb0\xa1\xeeJ\xd8\xef\xc8t\x9d\x1e=J\x91W\xc6AuJ\xb9Q\xed\xd1\a\x05\x9d\x85\xb7b#r\xcd\xaf\xb7\x9f\xf7\xd2\xae\x0f\x98\xa9&\xb6~\xd4\xbd\xbbr\xb9\xc3\xacH!\xc1\x90K2\x05K@\xee\xac\xe8\xc7\t\xab\xbf\xa3\xedb\xd7\xb5\xd7\x83&\x95\xb2?\x0e\x85\xaaIGu\xd6$\xeb\xb6\xdd\a\x121\a\xac\x1bx#\x87\xa9\x10\x9b\xf8YD\x04ZL\xca\x99]\x8f[\x90[\xa8\xbf\x98\xa6\xe50(zC\xe84*w\x13\x96\xd5\xd0\x877\x12\xbc\xa1\xd0h@|\xf9\xfa\x9b\x17\x94\xb9\xe7\xf3\x15\x05\x91\xe8\x98p\x7f:\xd7s\xd9wo\x82\xda\xec\x91\xb7\xd9;H\x8a\b\x00\x00\x00\x00\x00\x00\x00\x8aZ\x94\x14$X7\xaeW6=^I\x9fQ\r5c\x81\xca]\x97m\x89o\x8f\xd8}P>I\xd0\xb3\x88C\xd7', 0x100000a3d9) close_range$auto(0x2, r3, 0x401) syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000180), 0xffffffffffffffff) openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000000300), 0x80000, 0x0) openat$auto_rfkill_fops_core(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x8fd5, 0x948b, 0x3, 0x15f4da0a, 0x4, 0x3, 0x62, 0x80000002, 0x7, 0x1, 0x9, 0x3, 0xfffffffffefffffe]}, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd3e, 0x1, 0x1000, 0x3, 0x95f4da0a, 0xffffffffffffffff, 0x3, 0x8062, 0x80000001, 0x800, 0x6d3f, 0x9, 0x8, 0xfffffffffffffffe]}, 0x0) openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000100), 0x20400, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x10000000001ff, 0x4, 0xd, 0x1, 0x3, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000023, 0x7, 0x6d3e, 0xd, 0xd, 0x1]}, 0x0) r4 = openat$auto_stats_fops_(0xffffffffffffff9c, &(0x7f0000000000), 0x40002, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_mousedev_fops_mousedev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/input/mouse0\x00', 0x181502, 0x0) openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000000), 0x180b01, 0x0) writev$auto(0x3, &(0x7f0000000080)={0x0, 0x1}, 0x3) close_range$auto(0x2, 0x8, 0x0) read$auto_stats_fops_(r4, 0x0, 0x0) 1.441849957s ago: executing program 1 (id=1171): mmap$auto(0x0, 0x20009, 0xe, 0xeb1, 0x403, 0x8000) openat$auto_tun_fops_tun(0xffffffffffffff9c, 0x0, 0x2002, 0x0) mount$auto(0x0, &(0x7f00000000c0)='}[,&*}\x00', 0x0, 0xf, 0x0) migrate_pages$auto(0x0, 0x99, 0x0, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) r0 = openat$auto_ubi_ctrl_cdev_operations_ubi(0xffffffffffffff9c, &(0x7f0000000180), 0x40900, 0x0) ioctl$auto_UBI_IOCATT(r0, 0x40186f40, 0x0) ioctl$auto_UBI_IOCDET(r0, 0x40046f41, &(0x7f00000000c0)=0x922) ioctl$auto_UBI_IOCDET(r0, 0x40046f41, 0x0) ioctl$auto__ctl_fops_dm_ioctl(0xffffffffffffffff, 0x4, 0x0) r1 = io_uring_setup$auto(0x6, 0x0) madvise$auto(0x0, 0x200204, 0x15) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x800, 0x0) close_range$auto(0x0, 0xe903, 0x2) socket(0x1e, 0x4, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x1, 0x0) setsockopt$auto(0x2, 0x1, 0x50, &(0x7f0000000000)='\x00', 0x40) clock_settime$auto(0x0, 0x0) syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000080), r1) adjtimex$auto(&(0x7f0000000540)={0x72, 0x0, 0xff, 0x801, 0x5, 0x1, 0x96c, 0x0, 0x101, 0x9533, 0x7, {0x10001, 0x40000000000002}, 0x80, 0x80, 0x800, 0x6, 0x0, 0x100000000, 0x21, 0x18d, 0x4000000000006, 0xe870, 0x1001}) fanotify_init$auto(0x19, 0x1) io_uring_setup$auto(0x6, 0x0) move_pages$auto(0x0, 0x1002, 0x0, 0x0, 0x0, 0x2) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/system/memory/memory12/power/control\x00', 0x100, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xae00, 0x0) 1.202944026s ago: executing program 3 (id=1172): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) prctl$auto(0x3d, 0x1, 0x0, 0x1, 0x0) r0 = socket(0x2000000000000021, 0x2, 0x10000000000002) shutdown$auto(r0, 0x10000) madvise$auto(0x108000, 0x800032, 0x4) unshare$auto(0x40000080) close_range$auto(0x0, 0xffffffffffffffff, 0x4000000000002) rt_sigsuspend$auto(0x0, 0x8) close_range$auto(0x2, 0x8, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/event0\x00', 0x2000, 0x0) ioctl$auto_EVIOCGMASK(r2, 0x80104592, &(0x7f0000000000)={0x2000, 0x800004, 0x105}) ioctl$auto(r2, 0xa, r1) ioctl$auto(0x3, 0x800005411, 0x38) mmap$auto(0x0, 0x2020009, 0x7, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x261c2, 0x184) openat$auto_generic(0xffffffffffffff9c, &(0x7f0000000080)='/proc/kpageflags\x00', 0x2, 0x0) readv$auto(0x3, &(0x7f00000000c0)={0x0, 0x101d0}, 0x400) ustat$auto(0x801, 0x0) socket(0x2b, 0x1, 0x0) select$auto(0xa, 0x0, &(0x7f0000000100)={[0x20000000000d, 0x203, 0x0, 0xc, 0x5, 0x3, 0x5, 0x2000000000000002, 0x9, 0x8, 0x400000000ff, 0xa, 0x4, 0xaab, 0x8, 0x7]}, 0x0, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NBD_CMD_CONNECT(r3, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000540)={0x14, 0x0, 0x1, 0x70bd2d, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x40080}, 0x20040000) 979.053253ms ago: executing program 2 (id=1173): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, &(0x7f0000000200), 0x145001, 0x0) ioctl$auto_dma_heap_fops_dma_heap(r0, 0xffffffffffdffe00, &(0x7f0000000140)=';') socket(0xa, 0x1, 0x100) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) sendmmsg$auto(0xffffffffffffffff, 0x0, 0x7, 0x20020000) pwrite64$auto(0xc8, 0x0, 0xfdf0, 0x39) mmap$auto(0x0, 0x2020009, 0x7, 0x2000000000000eb1, 0xfffffffffffffffa, 0x3) madvise$auto(0x0, 0xffffffffffff0005, 0x17) mmap$auto(0x0, 0xe983, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/fs/ext4/sda1/mb_groups\x00', 0x109180, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000280)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:01/PNP0B00:00/uevent\x00', 0xb02, 0x0) sendmsg$auto_NL80211_CMD_ABORT_SCAN(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000001980)=ANY=[@ANYBLOB="000428bd7000fddbdf2572000000d5074801df1af0ebe5aff861f90fef1cd29caf556101167b1ccb2741bde9cc96d71b7295da0b178f3145eaa4a00a4fa9fcb281c65c30c1430b48e6f91275f00ee96d06f7e6bd05c1af7b9c0ee013ca8dc3e82a4f7efb413a0b9cd35763b92ded7ee1b9336e0bc7d12d0f26083a168c6a2ee064b2d0f1ae837a4f045fc61d947670f450a56dcff9232275db4c9bdfa9497da2c52e0bf4761f0c22b4a637f951ae926928aa18a8b30cc0c74aecb71862892bac4bf26d65323f9a420a2b0a08b7ae78d2b6c8ab635ddc019192eecf0609683042ca1b7f925fb94234d9a499ac22ca7fb11491478430dfcd6d86fff6598161d76b7688b3af1608daa3de12cffc0dfbfc732073ffd2d967b6a291a471822d0b8c681a370cbb192ac9c7e8f7b2b4119a6549a60dfb08b96f50b9b4143460618f0747ce7330fd6cdc4f79bd47e9420972292f97e72501e07fbf574ddb144caf67a5105d344c669dfa56ee1fd9d0b3c98c72eb8c6c942f9aab5830f2c719947168f101b599369e682da9ba5d3c6019ed6c6c6c376e41e3357455077aa8c321e40f034c6f81eb69767672c53adbfe236c5a49a15ddea8a657a818a8e8ea921fdc11d6034e40ab2afc5e2919de79af646f82d79ca078372f3f1328b25e0718e7f64be83d58a4cbe12ffe3505307434554c96d7095051a6704101a23fb2baf5b81401da72b5213552a7cb54ee801d26f6efb25c3d20c03768e9ffb6b50546735f5d1b553f73d5f8c36a5aa5ab5a5d4e08b910e6f29a52e77d53e27c4827b5bc154c11e8f2625d0c5d8e15a138a0fd72c9458d72bd8be57afa648a003f5d909c0a7aa1062546407f019695df71228ee704c4fe870bca3c4f3d5183aa4f4f19e9bfcf9b282241ee6eabaab6777f72b0b1e52a498464978fa44e2d9a73935efe46b0c3e91fee32949f032740bd3b018c1eb330ce7d0a44553ff12a25f20ed41aefc8b12f4374f1dcdaeae16345ec004ba3bf0d5bf39037bd4b73fb2a6d5022198f3bcf9d623c4f706ae5b3ba632c112424ad5d673f38e3c673c50552731151cb53dd9ec9699d375b451d8f4e2457e5eab34766a66b031dcdcae85e67939edb373588801a5ea82f8d266aa78341c0e1104f2b0dd5ee0c081f3855a06bec389a29645871ea53b10e19e44737951756ecc062dedfccc3fd84aae13d3c5c8328379756f42b1cf8e9453e9491033f2ede522c8daa0577152799451358694c3771169411150f5066a243d6f869671a4a924602cdfa5a35e4cf303cf7271afb702c93a6101275319153d7c88c112b7d1331db47415023ec18b7d558967f82e7970b1616d8cd1bd5deda3f90bcddec801412e8a4ceb854241bcfe0850c7495399338b41ae01528fe5da8296d5cb4a0a5e4ca8c82327da83c0999ab91549f5a08c1ded5d54509bc60b3afbace2fea3c7817aeed4fefc038e86bc77be0029dc5a8f70d41770990583da9b943c9f7c646888171188a9ca40b58b7ff2066bc657dcf369fc8faf74576f61347b0d4016854d5701cacce7eb0ee48f3a302b5892649dad4c910e27976e0ba3f781fb9fc8908904b03455d8d45a6875a18a97da67e91b9f43424c58ceac55ab788fd91097db30ef891cf659dca25f64300f52b544b4be462724803171a0c4328472c3c9a863dbb331029066f55a0e8ef1c3852c3f19c2bbd71c17852bcf22a125ff854592c146258ba99fe1a9dcca3e1a9178ecd0d6096d0642bd1639d547d475dbe4e"], 0x7ec}, 0x1, 0x0, 0x0, 0x40000}, 0x4000) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000340)={'pimreg0\x00', 0x0}) syz_genetlink_get_family_id$auto_net_shaper(&(0x7f0000001500), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000001540)={'netdevsim0\x00'}) sendmsg$auto_NET_SHAPER_CMD_GROUP(0xffffffffffffffff, &(0x7f0000001600)={0x0, 0x0, &(0x7f00000015c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="14000000e31f4595f72ece9ed3dab1c87640c45d53918fbc22b845285daf16705b77372238ecf2874d3d1d662ca730f1b84a509e289ff4c1a5af720213c5aa83d457b12cacc1db627089aa8943510dbf125e66a29d194b99b371c0973774cb976ec169ae80b88920604f69bb5549fc50", @ANYBLOB="010029bd7000fedbdf2504000000"], 0xfffffffffffffcad}, 0x1, 0x0, 0x0, 0x44000}, 0x8014) sendmsg$auto_ETHTOOL_MSG_PAUSE_SET(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f00000004c0)={&(0x7f00000005c0)=ANY=[@ANYRESHEX=r1, @ANYRES16=0x0, @ANYBLOB="000825bd7000ffdbdf2516000000180001801400020076657468315f766972745f776966690004000180050002000900000005000300b30000000000018000000100", @ANYRES32=r2, @ANYBLOB="00000100", @ANYBLOB="30843d39c0af6622f0eb77d37e4ed117159b8ee0ae2bce6daa12677f86e56de4a37040fa683ed568c93a48ffba7c1a62570096367177b7f3850e5237fa6f21a2dba5335bee8c604bd2f6f8802cfd6046c67a9c1d385d8e40b3", @ANYBLOB="050003000000000005000400d900000018000180"], 0x67}}, 0x8000) write$auto(0xca, &(0x7f0000000140)='\x04>\x01\x01\x00\x00\x00\x00\x01_\x9e\x99:\x06F\x96\b\'\x02\xb0\x93l\xeb\x87\r\b\x87\x14\xf8e6\x9c%\xb6\x9a\\S\xa2(Q\xcc', 0x7f) r3 = openat$auto_proc_pid_numa_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000003640)='/proc/self/numa_maps\x00', 0x40080, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xc, 0x800008000) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) lseek$auto(r3, 0x7ff, 0x1) madvise$auto(0x0, 0xffffffffffff0001, 0x15) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) 896.914295ms ago: executing program 1 (id=1174): write$auto(0xffffffffffffffff, 0x0, 0x100000a3d9) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) r0 = socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) io_uring_setup$auto(0xf0, &(0x7f0000000180)={0x6, 0x18, 0xd64, 0xc852, 0x6, 0x7, r0, [0x1, 0x401, 0x1000], {0x7, 0x5, 0x1, 0x4, 0x95, 0xf4c, 0x7fff, 0xfffffffb, 0x65f29f6d}, {0x3, 0xadc, 0x10000, 0x0, 0x5, 0xffffffff, 0x1000, 0x54f, 0x5}}) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) close_range$auto(0x2, 0xa, 0x0) socket(0xa, 0x2, 0x0) r1 = socket(0xa, 0x3, 0xff) connect$auto(r1, &(0x7f00000018c0)=@generic={0xa}, 0x55) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7fffffe) write$auto_proc_mem_operations_base(0xffffffffffffffff, &(0x7f0000001680), 0x0) syz_clone3(0x0, 0x0) madvise$auto(0x1ffff000, 0x7, 0x100000000) mmap$auto(0x0, 0x400008, 0xb, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) mremap$auto(0x0, 0x4, 0x4, 0x7, 0x100000000) io_uring_setup$auto(0x2, &(0x7f0000000080)={0x80000003, 0x9, 0x4002, 0x6, 0x4, 0x8, 0xffffffffffffffff, [], {0x9, 0x6, 0xf, 0x29f, 0x100, 0x7f, 0x101, 0x4000006, 0x2000}, {0x100, 0x1, 0x52, 0x5, 0x1, 0x40, 0x104, 0x8, 0x100000000}}) syz_clone(0x1002000, 0x0, 0x0, 0x0, 0x0, 0x0) futex_wake$auto(0x0, 0x5, 0x4, 0xa) futex_wake$auto(&(0x7f0000000000)="facff2b53ab3522cb329b5a87bdbc091f5a6ad597f2789e870d64db4cf6503135f5a750abc973b65703b664991ab45d13445d9c4df1d25210345f44468854c9689b943d1c65073bf11fd0c98fb48f9f4d67c0908e7470167", 0xfffffffffffffff8, 0xfff, 0x7f) sysfs$auto(0x2, 0x20, 0x0) shmget$auto(0x8, 0x10563, 0x568d1af2) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/event2\x00', 0x20081, 0x0) mmap$auto(0x0, 0x2000a, 0x10000000000e1, 0xeb2, 0x401, 0x8000) 276.968395ms ago: executing program 2 (id=1175): r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv6/conf/all/forwarding\x00', 0x42a81, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) migrate_pages$auto(0x0, 0x99, 0x0, &(0x7f00000001c0)=0x7b) r1 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/audio1\x00', 0x80e42, 0x0) ioctl$auto_SNDCTL_DSP_CHANNELS(r1, 0xc0045006, &(0x7f00000001c0)) r2 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/adsp1\x00', 0x20342, 0x0) ioctl$auto_SNDCTL_DSP_SYNC(r2, 0x5001, 0x0) read$auto(r1, 0x0, 0x8000) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/bdi/43:288/max_ratio_fine\x00', 0x10b142, 0x0) socket(0x22, 0x3, 0x0) bind$auto(0x3, &(0x7f0000000080)=@isdn={0x22, 0x3d, 0x7, 0x64, 0x7}, 0x6b) sendfile$auto(r0, r3, 0x0, 0x1000200) mmap$auto(0x0, 0x5, 0x4000, 0xeb1, r3, 0x8001) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f0000000b00)='/dev/cuse\x00', 0x0, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) io_uring_setup$auto(0x6, 0x0) socket(0x2, 0x801, 0x106) select$auto(0x5, 0x0, &(0x7f0000000140)={[0x9, 0x8, 0x3, 0x10, 0x3, 0x9, 0x9, 0xff, 0x3, 0x2, 0x2, 0x7, 0x100000001, 0x8000000000000001, 0x4, 0x9]}, 0x0, 0x0) r4 = socket(0x2, 0x1, 0x84) setsockopt$auto(r4, 0x84, 0x15, 0x0, 0x1) r5 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x460802, 0x0) write$auto_console_fops_tty_io(r5, &(0x7f0000000000)="c80d1b5d399b3f", 0xfdef) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/devices/pci0000:00/0000:00:00.0/msi_bus\x00', 0x149b01, 0x0) writev$auto(0x3, &(0x7f0000000100)={&(0x7f0000000140), 0x7111}, 0x8) 271.062403ms ago: executing program 0 (id=1183): setgroups$auto(0xe32, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0001, 0x15) prctl$auto(0x5, 0x3ff, 0x4, 0x2, 0x400000e) madvise$auto(0x0, 0xffffffffffff0005, 0x19) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) getsid$auto(0x0) write$auto(0xffffffffffffffff, &(0x7f0000000400)='/dev/audio1\x00', 0x5) openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000005280), 0x50b880, 0x0) write$auto(r0, 0x0, 0x100000a3dd) syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) close_range$auto(0x2, 0x8, 0x0) socket(0xa, 0x5, 0x84) r1 = openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/sg0\x00', 0x141000, 0x0) bpf$auto(0x40, &(0x7f00000000c0)=@bpf_attr_0={0x0, 0x5, 0x4, 0x4, 0x800, 0xffffffffffffffff, 0x13, "f0f59673e700", 0x0, r1, 0xfffff588, 0x8, 0x2, 0x100000000000200}, 0x7f) ioctl$auto_SCSI_IOCTL_SEND_COMMAND2(r1, 0x1, &(0x7f00000000c0)) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda\x00', 0x14f602, 0x0) fcntl$auto_F_DUPFD_QUERY(0xffffffffffffffff, 0x403, 0xffffffffffffffff) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) madvise$auto(0x0, 0x400053, 0x9) r2 = openat$auto_proc_mem_operations_base(0xffffffffffffff9c, &(0x7f0000000200)='/proc/self/mem\x00', 0x401, 0x0) write$auto_proc_mem_operations_base(r2, &(0x7f0000001680)="a7", 0x80000) openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000040), 0x12080, 0x0) mprotect$auto(0x200000000000, 0x806121, 0x6) 240.572098ms ago: executing program 1 (id=1176): connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) unshare$auto(0x40000080) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), r0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'wlan0\x00', 0x0}) sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000440)={0x1c, r1, 0xd0d58b333228212f, 0x70bd2c, 0x25dfdbfc, {}, [@NL80211_ATTR_IFINDEX={0x8, 0x3, r2}]}, 0x1c}}, 0x4000000) write$auto(0xffffffffffffffff, 0x0, 0xfff) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x401bf, 0x7352, 0x30, 0x65f, 0x6, 0x2, 0x3, 0x20000002, 0x7, 0x3, 0x4, 0x4, 0xb4, 0x6, 0x80000000000a, 0x10003, 0x80, 0x4, 0x3, 0x2, 0x1002000, 0x205, 0x108, 0x84, 0xfffffffffffffffd, 0x0, 0x0, 0x40000000, 0x0, [0x0, 0xfbfffffffffffffc, 0x8, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x1ff, 0x0, 0x0, 0xfffffffffffffffc, 0x4, 0x0, 0x0, 0x2, 0x0, 0x400000000000, 0x0, 0x0, 0x3, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x1]}, 0x3, 0xd) pwrite64$auto(0xc8, &(0x7f0000000040)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x86\xdde\x1cJ\x99\x00\x00\x00\x00\x00\x00\xfd\xfd\xd3\xd3\x1d\xf8\xbe\x01\x00\x00\x00\'\x03\x00\x00\x9f\x1e\xf9\xa4*\x01\x00\x00\x00^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x0e#\xae\xa9i8W\xe5Iq\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2E\xd8?\'\x8dg\x81K*&\xab\xaf\x94\x90\xd7\xa6+,\xc3\xc2g\x01JZ\xbb*\xb5\xa1;0\x81\x11\x9a?g`sFh\x00\x00,,\x93\xba\x88\x93\xc6#\xe5\xaae\x9d\xb6\x1a\x7f\xc0%\xb0\rfOJ+\x02\x9b#)\x9b\x17\x82\xd7\xee\xd1\xbf2[\xd0\xbdn\x1d\x00\xeb]B\xa0\x99\xb0R\xb4J}\xa8\xa1\x84]F\xe0\x83/\xc0\xd8\x05f_\xfa\x19\a\x00\xf1\x12lwU&[\xde?\xde8\xf7\xc1\xa6\xf2\xc1\"\xact\xee\xc9\x00'/231, 0xfdf2, 0x3a) mmap$auto(0x0, 0x7, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) sendmsg$auto_OVS_DP_CMD_NEW(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYRES16=0x0, @ANYBLOB="0f0026bd7000fcdbdf9907"], 0x24}, 0x1, 0x0, 0x0, 0x20000800}, 0x6040804) sendmsg$auto_NL80211_CMD_GET_REG(r0, 0x0, 0x1ea0e65cd64b4e7a) write$auto_ocfs2_control_fops_stack_user(0xffffffffffffffff, 0x0, 0x0) sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x43) r3 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f00000010c0)='/dev/snd/controlC1\x00', 0x80000, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_WRITE(r3, 0xc4c85513, &(0x7f0000001480)={{@raw=0x9, 0x2, 0x5, 0x0, "e462f5a29a0b2f987b9ea452a1bc9eaafd83a8eb9eea79a10397a3126cb6c4380ae1dc84e847c5ccf57f14eb", @raw=0x8}, 0x1, @integer64=@value=[0xf, 0x80, 0x0, 0x3, 0x3, 0x1000, 0xd1f6, 0x5, 0x10, 0x6, 0x4, 0xbe1, 0x1, 0x0, 0x0, 0xffffffffffffff80, 0x40, 0x5, 0x4, 0x3, 0xfffffffffffff000, 0x5, 0x2, 0x2, 0x7, 0x8, 0x2, 0x1, 0x2, 0x5cb56b90, 0x0, 0x81, 0xfffffffffffffffb, 0x9, 0x0, 0x10, 0x2, 0x6, 0x0, 0x6, 0x5, 0x5, 0x8, 0x6, 0xe7d8, 0x7fff, 0x7fffffff, 0x2, 0x2, 0x0, 0x8000000000000001, 0x6, 0xc500000000000000, 0x2, 0x9, 0x0, 0x40, 0x4, 0x5, 0x4, 0xe, 0xb, 0x800, 0x10000], "2ffa3e20e80e755123e1f42e350d190e3032fa30c3621af4571878aad95f51aea60df3a075b1c15529b67947b4b67f290e12883f526b4e566ef511611abf96d1d9b723613b1fce6def179ed465852003f47d532de2721cc6b407490cd09e96be8bf6d01dca81d1d22f2554f48d1796ac750c48d1a4c1d889a0e6b6528742320c"}) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000200)={{0x0, 0xfffffffc, &(0x7f0000000100)={0x0, 0xfbe}, 0x8, 0x0, 0x8, 0x1}, 0x3}, 0xc, 0x4008) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) close_range$auto(0x2, 0x8, 0x0) openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f0000000340), 0x189400, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/cgroup.threads\x00', 0x80302, 0x0) r4 = openat$auto_ftrace_subsystem_filter_fops_trace_events(0xffffffffffffff9c, &(0x7f00000006c0)='/sys/kernel/debug/tracing/events/vmalloc/filter\x00', 0x103041, 0x0) write$auto(r4, &(0x7f0000000700)='!dev_vhc&\x00', 0x9) preadv$auto(0x3, &(0x7f0000000040)={0x0, 0x5}, 0x3, 0xf8, 0xffffffffffffffff) 0s ago: executing program 3 (id=1177): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/module/zswap/parameters/compressor\x00', 0xc0002, 0x0) socket(0x6, 0x3, 0x37) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) close_range$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket(0x26, 0x5, 0x8c68) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/midi2\x00', 0x101e41, 0x0) ioperm$auto(0x84, 0x7, 0x4000008) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptyr0\x00', 0x74c40, 0x0) openat$auto_uinput_fops_uinput(0xffffffffffffff9c, 0x0, 0x40, 0x0) mmap$auto(0x802, 0x8000009, 0x1, 0x19, 0xffffffffffffffff, 0x100000000000008) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r1, 0x0, 0x20) r2 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x140082, 0x0) writev$auto(r2, &(0x7f0000000200)={0x0, 0x7}, 0x3) close_range$auto(0x2, 0x8, 0x0) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0xffffffffffffffff, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) sysfs$auto(0x2, 0x7, 0x0) lsm_list_modules$auto(0x0, 0x0, 0x0) r3 = openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000280), 0x141182, 0x0) ioctl$auto_dvb_demux_fops_dmxdev(r3, 0x40146f2c, 0x0) ioctl$auto_dvb_demux_fops_dmxdev(0xffffffffffffffff, 0x40146f2b, 0x0) r4 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/security/tomoyo/audit\x00', 0x50ba82, 0x0) read$auto(r4, 0x0, 0xb4d3) unshare$auto(0x40000080) setsockopt$auto(r0, 0xd0, 0x800000e4, 0x0, 0x569) kernel console output (not intermixed with test programs): ][ T5826] ? ret_from_fork+0x79/0xaf0 [ 360.197610][ T5826] ? rcu_is_watching+0x12/0xc0 [ 360.197637][ T5826] ? __pfx_kthread+0x10/0x10 [ 360.197678][ T5826] ret_from_fork+0x754/0xaf0 [ 360.197706][ T5826] ? __pfx_ret_from_fork+0x10/0x10 [ 360.197736][ T5826] ? __switch_to+0x7b9/0x10c0 [ 360.197771][ T5826] ? __pfx_kthread+0x10/0x10 [ 360.197811][ T5826] ret_from_fork_asm+0x1a/0x30 [ 360.197870][ T5826] [ 360.197901][ T5826] kobject: kobject_add_internal failed for hci0:0 with -EEXIST, don't try to register things with the same name in the same directory. [ 360.496597][ T5826] Bluetooth: hci0: failed to register connection device [ 360.605615][ T5826] Bluetooth: hci0: command 0x2016 tx timeout [ 361.417423][ T5826] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 361.427912][ T5826] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:0' [ 361.438370][ T5826] CPU: 0 UID: 0 PID: 5826 Comm: kworker/u9:3 Tainted: G L syzkaller #0 PREEMPT(full) [ 361.438412][ T5826] Tainted: [L]=SOFTLOCKUP [ 361.438422][ T5826] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 361.438440][ T5826] Workqueue: hci3 hci_rx_work [ 361.438480][ T5826] Call Trace: [ 361.438491][ T5826] [ 361.438502][ T5826] dump_stack_lvl+0x100/0x190 [ 361.438540][ T5826] sysfs_warn_dup.cold+0x1c/0x28 [ 361.438578][ T5826] sysfs_create_dir_ns+0x24b/0x2b0 [ 361.438616][ T5826] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 361.438651][ T5826] ? find_held_lock+0x2b/0x80 [ 361.438680][ T5826] ? kobject_add_internal+0x25f/0x930 [ 361.438717][ T5826] ? kobject_add_internal+0x25f/0x930 [ 361.438759][ T5826] ? do_raw_spin_unlock+0x145/0x1e0 [ 361.438805][ T5826] kobject_add_internal+0x2c8/0x930 [ 361.438851][ T5826] kobject_add+0x16a/0x1e0 [ 361.438888][ T5826] ? __pfx_kobject_add+0x10/0x10 [ 361.438924][ T5826] ? class_to_subsys+0x10f/0x150 [ 361.438970][ T5826] ? kobject_put+0xb9/0x640 [ 361.439002][ T5826] ? _raw_spin_unlock+0x28/0x50 [ 361.439038][ T5826] device_add+0x294/0x1950 [ 361.439073][ T5826] ? __pfx_dev_set_name+0x10/0x10 [ 361.439104][ T5826] ? __pfx_device_add+0x10/0x10 [ 361.439126][ T5826] ? mgmt_send_event_skb+0x2fb/0x460 [ 361.439150][ T5826] hci_conn_add_sysfs+0x1a3/0x260 [ 361.439172][ T5826] le_conn_complete_evt+0x11cb/0x1f40 [ 361.439195][ T5826] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 361.439211][ T5826] ? __pfx_bt_warn+0x10/0x10 [ 361.439233][ T5826] ? irqentry_exit+0x180/0x670 [ 361.439253][ T5826] hci_le_conn_complete_evt+0x23c/0x3a0 [ 361.439272][ T5826] ? skb_pull_data+0x15f/0x1e0 [ 361.439291][ T5826] hci_le_meta_evt+0x34a/0x5f0 [ 361.439310][ T5826] ? __pfx_hci_le_conn_complete_evt+0x10/0x10 [ 361.439332][ T5826] hci_event_packet+0x682/0x11c0 [ 361.439353][ T5826] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 361.439373][ T5826] ? __pfx_hci_event_packet+0x10/0x10 [ 361.439394][ T5826] ? kcov_remote_start+0x384/0x660 [ 361.439413][ T5826] hci_rx_work+0x451/0xfc0 [ 361.439434][ T5826] process_one_work+0x9c2/0x1840 [ 361.439464][ T5826] ? __pfx_process_one_work+0x10/0x10 [ 361.439490][ T5826] ? assign_work+0x19c/0x250 [ 361.439512][ T5826] worker_thread+0x5da/0xe40 [ 361.439540][ T5826] ? kthread+0x17d/0x730 [ 361.439563][ T5826] ? __pfx_worker_thread+0x10/0x10 [ 361.439584][ T5826] kthread+0x3b3/0x730 [ 361.439604][ T5826] ? __pfx_kthread+0x10/0x10 [ 361.439624][ T5826] ? ret_from_fork+0x79/0xaf0 [ 361.439637][ T5826] ? ret_from_fork+0x79/0xaf0 [ 361.439651][ T5826] ? rcu_is_watching+0x12/0xc0 [ 361.439665][ T5826] ? __pfx_kthread+0x10/0x10 [ 361.439686][ T5826] ret_from_fork+0x754/0xaf0 [ 361.439701][ T5826] ? __pfx_ret_from_fork+0x10/0x10 [ 361.439716][ T5826] ? __switch_to+0x7b9/0x10c0 [ 361.439734][ T5826] ? __pfx_kthread+0x10/0x10 [ 361.439760][ T5826] ret_from_fork_asm+0x1a/0x30 [ 361.439792][ T5826] [ 361.439810][ T5826] kobject: kobject_add_internal failed for hci3:0 with -EEXIST, don't try to register things with the same name in the same directory. [ 361.737473][ T5826] Bluetooth: hci3: failed to register connection device [ 361.908783][T10284] netlink: 4 bytes leftover after parsing attributes in process `syz.3.737'. [ 361.929322][T10284] netlink: 'syz.3.737': attribute type 1 has an invalid length. [ 361.950967][T10285] bridge0: port 4(gretap0) entered blocking state [ 361.957546][T10285] bridge0: port 4(gretap0) entered disabled state [ 361.964281][T10285] gretap0: entered allmulticast mode [ 361.971103][T10285] FAULT_INJECTION: forcing a failure. [ 361.971103][T10285] name failslab, interval 1, probability 0, space 0, times 0 [ 361.983821][T10285] CPU: 0 UID: 0 PID: 10285 Comm: syz.1.735 Tainted: G L syzkaller #0 PREEMPT(full) [ 361.983864][T10285] Tainted: [L]=SOFTLOCKUP [ 361.983874][T10285] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 361.983890][T10285] Call Trace: [ 361.983899][T10285] [ 361.983910][T10285] dump_stack_lvl+0x100/0x190 [ 361.983948][T10285] should_fail_ex.cold+0x5/0xa [ 361.983990][T10285] should_failslab+0xc2/0x120 [ 361.984029][T10285] kmem_cache_alloc_noprof+0x83/0x780 [ 361.984077][T10285] ? __kernfs_new_node+0xd2/0x960 [ 361.984123][T10285] ? __kernfs_new_node+0xd2/0x960 [ 361.984156][T10285] __kernfs_new_node+0xd2/0x960 [ 361.984199][T10285] ? __pfx___kernfs_new_node+0x10/0x10 [ 361.984244][T10285] ? find_held_lock+0x2b/0x80 [ 361.984271][T10285] ? kernfs_root+0xee/0x2a0 [ 361.984314][T10285] ? kernfs_root+0xee/0x2a0 [ 361.984361][T10285] kernfs_new_node+0x11b/0x1a0 [ 361.984407][T10285] kernfs_create_link+0xcc/0x240 [ 361.984441][T10285] sysfs_do_create_link_sd+0x90/0x140 [ 361.984480][T10285] sysfs_create_link+0x61/0xc0 [ 361.984516][T10285] __netdev_adjacent_dev_insert+0x43e/0xbf0 [ 361.984561][T10285] ? __pfx___netdev_adjacent_dev_insert+0x10/0x10 [ 361.984614][T10285] __netdev_upper_dev_link+0x3d8/0x7e0 [ 361.984649][T10285] ? __pfx___netdev_upper_dev_link+0x10/0x10 [ 361.984686][T10285] ? kernfs_add_one+0x214/0x850 [ 361.984736][T10285] netdev_master_upper_dev_link+0x9f/0xd0 [ 361.984769][T10285] ? __pfx_netdev_master_upper_dev_link+0x10/0x10 [ 361.984804][T10285] ? lockdep_rtnl_is_held+0x26/0x40 [ 361.984836][T10285] ? netdev_is_rx_handler_busy+0x83/0x140 [ 361.984883][T10285] br_add_if+0x9fd/0x1b40 [ 361.984923][T10285] ? security_capable+0x80/0x260 [ 361.984962][T10285] add_del_if+0x114/0x160 [ 361.985001][T10285] br_dev_siocdevprivate+0x8ac/0x1650 [ 361.985055][T10285] ? __pfx_br_dev_siocdevprivate+0x10/0x10 [ 361.985111][T10285] ? lock_acquire+0x17c/0x330 [ 361.985153][T10285] ? __pfx___might_resched+0x10/0x10 [ 361.985201][T10285] ? netdev_name_node_lookup+0x107/0x150 [ 361.985236][T10285] ? __mutex_lock+0x26a/0x1b90 [ 361.985275][T10285] dev_ifsioc+0xc15/0x1eb0 [ 361.985315][T10285] ? __pfx_dev_ifsioc+0x10/0x10 [ 361.985350][T10285] ? __pfx___mutex_lock+0x10/0x10 [ 361.985395][T10285] ? dev_load+0x8e/0x240 [ 361.985429][T10285] ? dev_load+0x8e/0x240 [ 361.985472][T10285] dev_ioctl+0x70e/0x1070 [ 361.985512][T10285] sock_ioctl+0x494/0x6b0 [ 361.985545][T10285] ? __pfx_sock_ioctl+0x10/0x10 [ 361.985594][T10285] ? __pfx_sock_ioctl+0x10/0x10 [ 361.985628][T10285] __x64_sys_ioctl+0x18e/0x210 [ 361.985673][T10285] do_syscall_64+0xc9/0xf80 [ 361.985709][T10285] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 361.985737][T10285] RIP: 0033:0x7f93d1f9af79 [ 361.985760][T10285] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 361.985785][T10285] RSP: 002b:00007f93d2e98028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 361.985812][T10285] RAX: ffffffffffffffda RBX: 00007f93d2216180 RCX: 00007f93d1f9af79 [ 361.985830][T10285] RDX: 0000200000000040 RSI: 00000000000089fc RDI: 0000000000000008 [ 361.985846][T10285] RBP: 00007f93d20316e0 R08: 0000000000000000 R09: 0000000000000000 [ 361.985863][T10285] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 361.985880][T10285] R13: 00007f93d2216218 R14: 00007f93d2216180 R15: 00007ffea4dd7498 [ 361.985918][T10285] [ 362.333634][ T5826] Bluetooth: hci3: command 0x2016 tx timeout [ 362.352371][T10284] netlink: 5 bytes leftover after parsing attributes in process `syz.3.737'. [ 362.431153][T10285] gretap0: left allmulticast mode [ 362.702948][ T5826] Bluetooth: hci0: command 0x2016 tx timeout [ 363.792248][ T1152] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 0 with max blocks 1 with error 117 [ 363.805306][ T1152] EXT4-fs (sda1): This should not happen!! Data will be lost [ 363.805306][ T1152] [ 364.684727][ T5832] Bluetooth: hci3: command 0x2016 tx timeout [ 364.793512][T10323] program syz.3.738 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 364.852442][ T7751] Bluetooth: hci0: command 0x2016 tx timeout [ 366.190337][T10333] program syz.1.745 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 366.763690][ T5826] Bluetooth: hci3: command 0x2016 tx timeout [ 367.453135][T10355] FAULT_INJECTION: forcing a failure. [ 367.453135][T10355] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 367.501964][T10355] CPU: 1 UID: 0 PID: 10355 Comm: syz.2.749 Tainted: G L syzkaller #0 PREEMPT(full) [ 367.502004][T10355] Tainted: [L]=SOFTLOCKUP [ 367.502010][T10355] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 367.502021][T10355] Call Trace: [ 367.502026][T10355] [ 367.502032][T10355] dump_stack_lvl+0x100/0x190 [ 367.502056][T10355] should_fail_ex.cold+0x5/0xa [ 367.502078][T10355] ? prepare_alloc_pages+0x16d/0x5f0 [ 367.502102][T10355] should_fail_alloc_page+0xeb/0x140 [ 367.502124][T10355] prepare_alloc_pages+0x1f0/0x5f0 [ 367.502149][T10355] __alloc_frozen_pages_noprof+0x193/0x2410 [ 367.502174][T10355] ? __lock_acquire+0x4a5/0x2630 [ 367.502194][T10355] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 367.502213][T10355] ? __lock_acquire+0x4a5/0x2630 [ 367.502238][T10355] ? lock_acquire+0x17c/0x330 [ 367.502256][T10355] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 367.502273][T10355] ? policy_nodemask+0xed/0x4f0 [ 367.502294][T10355] alloc_pages_mpol+0x1fb/0x550 [ 367.502315][T10355] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 367.502340][T10355] alloc_pages_noprof+0x131/0x390 [ 367.502361][T10355] pte_alloc_one+0x1e/0x3e0 [ 367.502380][T10355] do_huge_pmd_anonymous_page+0x836/0x1c00 [ 367.502402][T10355] __handle_mm_fault+0x1e96/0x2b50 [ 367.502420][T10355] ? mt_find+0x45e/0x8e0 [ 367.502440][T10355] ? __pfx___handle_mm_fault+0x10/0x10 [ 367.502454][T10355] ? __pfx_mt_find+0x10/0x10 [ 367.502487][T10355] handle_mm_fault+0x36d/0xa20 [ 367.502507][T10355] __get_user_pages+0xf9c/0x34d0 [ 367.502534][T10355] ? down_read_killable+0x30e/0x4c0 [ 367.502553][T10355] ? __lock_acquire+0x4a5/0x2630 [ 367.502571][T10355] ? __pfx___get_user_pages+0x10/0x10 [ 367.502598][T10355] __gup_longterm_locked+0x87d/0x16f0 [ 367.502625][T10355] ? __pfx___gup_longterm_locked+0x10/0x10 [ 367.502647][T10355] ? try_get_folio+0x262/0x750 [ 367.502669][T10355] ? pmd_write+0xd3/0x150 [ 367.502687][T10355] ? sanity_check_pinned_pages+0x5f6/0x1250 [ 367.502712][T10355] gup_fast_fallback+0x18c6/0x2460 [ 367.502746][T10355] ? __pfx_gup_fast_fallback+0x10/0x10 [ 367.502767][T10355] ? ksys_write+0x12a/0x250 [ 367.502782][T10355] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 367.502805][T10355] pin_user_pages_fast+0xa7/0xf0 [ 367.502826][T10355] ? __pfx_pin_user_pages_fast+0x10/0x10 [ 367.502853][T10355] iov_iter_extract_pages+0xa0d/0x1ef0 [ 367.502881][T10355] ? pfn_valid+0x98/0x4e0 [ 367.502900][T10355] ? __pfx_iov_iter_extract_pages+0x10/0x10 [ 367.502930][T10355] ? bvec_try_merge_page+0x1cd/0x290 [ 367.502954][T10355] ? bio_add_page+0x162/0x760 [ 367.502973][T10355] ? iov_iter_revert+0x252/0x5b0 [ 367.502997][T10355] bio_iov_iter_get_pages+0x35e/0x12c0 [ 367.503031][T10355] ? __pfx_bio_iov_iter_get_pages+0x10/0x10 [ 367.503054][T10355] ? __pfx_bio_alloc_bioset+0x10/0x10 [ 367.503076][T10355] ? iov_iter_npages+0xf8/0x500 [ 367.503097][T10355] blkdev_direct_IO+0x1302/0x1fb0 [ 367.503123][T10355] ? __pfx_blkdev_direct_IO+0x10/0x10 [ 367.503144][T10355] ? filemap_check_errors+0xa9/0x150 [ 367.503175][T10355] blkdev_write_iter+0x703/0xd70 [ 367.503196][T10355] vfs_write+0x6ac/0x1070 [ 367.503213][T10355] ? __pfx_blkdev_write_iter+0x10/0x10 [ 367.503232][T10355] ? __pfx_vfs_write+0x10/0x10 [ 367.503247][T10355] ? find_held_lock+0x2b/0x80 [ 367.503273][T10355] ksys_write+0x12a/0x250 [ 367.503289][T10355] ? __pfx_ksys_write+0x10/0x10 [ 367.503310][T10355] do_syscall_64+0xc9/0xf80 [ 367.503329][T10355] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 367.503344][T10355] RIP: 0033:0x7fae22b9af79 [ 367.503357][T10355] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 367.503371][T10355] RSP: 002b:00007fae239d7028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 367.503392][T10355] RAX: ffffffffffffffda RBX: 00007fae22e16180 RCX: 00007fae22b9af79 [ 367.503410][T10355] RDX: 000000100000a3d9 RSI: 00002000000000c0 RDI: 0000000000000004 [ 367.503427][T10355] RBP: 00007fae22c316e0 R08: 0000000000000000 R09: 0000000000000000 [ 367.503443][T10355] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 367.503459][T10355] R13: 00007fae22e16218 R14: 00007fae22e16180 R15: 00007ffd7f7d1538 [ 367.503483][T10355] [ 367.944170][T10361] netlink: 28 bytes leftover after parsing attributes in process `syz.3.750'. [ 368.604312][T10367] FAULT_INJECTION: forcing a failure. [ 368.604312][T10367] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 368.637959][T10367] CPU: 0 UID: 0 PID: 10367 Comm: syz.1.751 Tainted: G L syzkaller #0 PREEMPT(full) [ 368.638003][T10367] Tainted: [L]=SOFTLOCKUP [ 368.638013][T10367] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 368.638030][T10367] Call Trace: [ 368.638039][T10367] [ 368.638050][T10367] dump_stack_lvl+0x100/0x190 [ 368.638089][T10367] should_fail_ex.cold+0x5/0xa [ 368.638129][T10367] ? prepare_alloc_pages+0x16d/0x5f0 [ 368.638174][T10367] should_fail_alloc_page+0xeb/0x140 [ 368.638216][T10367] prepare_alloc_pages+0x1f0/0x5f0 [ 368.638264][T10367] __alloc_frozen_pages_noprof+0x193/0x2410 [ 368.638300][T10367] ? __lock_acquire+0x4a5/0x2630 [ 368.638344][T10367] ? __lock_acquire+0x4a5/0x2630 [ 368.638383][T10367] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 368.638430][T10367] ? find_held_lock+0x2b/0x80 [ 368.638456][T10367] ? is_bpf_text_address+0x8a/0x1a0 [ 368.638481][T10367] ? is_bpf_text_address+0x8a/0x1a0 [ 368.638505][T10367] ? bpf_ksym_find+0x124/0x1c0 [ 368.638540][T10367] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 368.638570][T10367] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 368.638602][T10367] ? policy_nodemask+0xed/0x4f0 [ 368.638644][T10367] alloc_pages_mpol+0x1fb/0x550 [ 368.638685][T10367] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 368.638734][T10367] alloc_pages_noprof+0x131/0x390 [ 368.638776][T10367] __pud_alloc+0x3b/0x760 [ 368.638830][T10367] copy_page_range+0x3fcf/0x6ba0 [ 368.638866][T10367] ? __lock_acquire+0x4a5/0x2630 [ 368.638908][T10367] ? __lock_acquire+0x4a5/0x2630 [ 368.638962][T10367] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 368.638995][T10367] ? __pfx_copy_page_range+0x10/0x10 [ 368.639036][T10367] ? mas_store+0x666/0xac0 [ 368.639076][T10367] ? __pfx_mas_store+0x10/0x10 [ 368.639135][T10367] dup_mmap+0xbea/0x1e20 [ 368.639173][T10367] ? __pfx_dup_mmap+0x10/0x10 [ 368.639223][T10367] copy_process+0x7451/0x7890 [ 368.639258][T10367] ? preempt_schedule_thunk+0x16/0x30 [ 368.639302][T10367] ? __pfx_copy_process+0x10/0x10 [ 368.639338][T10367] ? find_held_lock+0x2b/0x80 [ 368.639372][T10367] ? futex_private_hash_put+0x107/0x1c0 [ 368.639413][T10367] kernel_clone+0xfc/0x930 [ 368.639453][T10367] ? __pfx_kernel_clone+0x10/0x10 [ 368.639513][T10367] __do_sys_clone+0xd9/0x120 [ 368.639550][T10367] ? __pfx___do_sys_clone+0x10/0x10 [ 368.639585][T10367] ? find_held_lock+0x2b/0x80 [ 368.639626][T10367] ? xfd_validate_state+0x129/0x190 [ 368.639682][T10367] do_syscall_64+0xc9/0xf80 [ 368.639720][T10367] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 368.639748][T10367] RIP: 0033:0x7f93d1f9af79 [ 368.639771][T10367] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 368.639798][T10367] RSP: 002b:00007f93d2e97fd8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 368.639831][T10367] RAX: ffffffffffffffda RBX: 00007f93d2216180 RCX: 00007f93d1f9af79 [ 368.639850][T10367] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000002360411 [ 368.639868][T10367] RBP: 00007f93d20316e0 R08: 0000000000000000 R09: 0000000000000000 [ 368.639886][T10367] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 368.639903][T10367] R13: 00007f93d2216218 R14: 00007f93d2216180 R15: 00007ffea4dd7498 [ 368.639943][T10367] [ 369.571488][T10378] EXT4-fs: 6 callbacks suppressed [ 369.571528][T10378] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 0 with max blocks 1 with error 117 [ 369.589186][T10378] EXT4-fs (sda1): This should not happen!! Data will be lost [ 369.589186][T10378] [ 371.209885][T10405] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 0 with max blocks 1 with error 117 [ 371.233733][T10405] EXT4-fs (sda1): This should not happen!! Data will be lost [ 371.233733][T10405] [ 371.589363][T10410] program syz.3.756 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 372.308729][T10421] program syz.1.759 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 372.333627][T10426] program syz.0.757 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 372.847505][T10420] mkiss: ax0: crc mode is auto. [ 373.370604][T10442] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 0 with max blocks 1 with error 117 [ 373.441996][T10442] EXT4-fs (sda1): This should not happen!! Data will be lost [ 373.441996][T10442] [ 374.152482][T10441] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 0 with max blocks 1 with error 117 [ 374.210590][T10441] EXT4-fs (sda1): This should not happen!! Data will be lost [ 374.210590][T10441] [ 374.913012][ T5832] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 375.236948][T10467] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 375.266851][T10467] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 375.275106][T10467] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 375.338021][T10467] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 375.345651][T10467] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 376.124340][T10474] FAULT_INJECTION: forcing a failure. [ 376.124340][T10474] name failslab, interval 1, probability 0, space 0, times 0 [ 376.163522][T10474] CPU: 0 UID: 0 PID: 10474 Comm: syz.0.771 Tainted: G L syzkaller #0 PREEMPT(full) [ 376.163558][T10474] Tainted: [L]=SOFTLOCKUP [ 376.163564][T10474] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 376.163574][T10474] Call Trace: [ 376.163579][T10474] [ 376.163586][T10474] dump_stack_lvl+0x100/0x190 [ 376.163609][T10474] should_fail_ex.cold+0x5/0xa [ 376.163633][T10474] should_failslab+0xc2/0x120 [ 376.163653][T10474] kmem_cache_alloc_noprof+0x83/0x780 [ 376.163672][T10474] ? ptlock_alloc+0x1f/0x70 [ 376.163692][T10474] ? ptlock_alloc+0x1f/0x70 [ 376.163706][T10474] ptlock_alloc+0x1f/0x70 [ 376.163721][T10474] pte_alloc_one+0x84/0x3e0 [ 376.163740][T10474] do_huge_pmd_anonymous_page+0x836/0x1c00 [ 376.163762][T10474] __handle_mm_fault+0x1e96/0x2b50 [ 376.163780][T10474] ? mt_find+0x45e/0x8e0 [ 376.163800][T10474] ? __pfx___handle_mm_fault+0x10/0x10 [ 376.163814][T10474] ? __pfx_mt_find+0x10/0x10 [ 376.163847][T10474] handle_mm_fault+0x36d/0xa20 [ 376.163866][T10474] __get_user_pages+0xf9c/0x34d0 [ 376.163893][T10474] ? down_read_killable+0x30e/0x4c0 [ 376.163912][T10474] ? __lock_acquire+0x4a5/0x2630 [ 376.163930][T10474] ? __pfx___get_user_pages+0x10/0x10 [ 376.163957][T10474] __gup_longterm_locked+0x87d/0x16f0 [ 376.163984][T10474] ? __pfx___gup_longterm_locked+0x10/0x10 [ 376.164007][T10474] ? try_get_folio+0x262/0x750 [ 376.164025][T10474] ? pmd_write+0xd3/0x150 [ 376.164043][T10474] ? sanity_check_pinned_pages+0x5f6/0x1250 [ 376.164067][T10474] gup_fast_fallback+0x18c6/0x2460 [ 376.164101][T10474] ? __pfx_gup_fast_fallback+0x10/0x10 [ 376.164122][T10474] ? ksys_write+0x12a/0x250 [ 376.164137][T10474] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 376.164160][T10474] pin_user_pages_fast+0xa7/0xf0 [ 376.164181][T10474] ? __pfx_pin_user_pages_fast+0x10/0x10 [ 376.164208][T10474] iov_iter_extract_pages+0xa0d/0x1ef0 [ 376.164236][T10474] ? pfn_valid+0x98/0x4e0 [ 376.164265][T10474] ? __pfx_iov_iter_extract_pages+0x10/0x10 [ 376.164287][T10474] ? bvec_try_merge_page+0x1cd/0x290 [ 376.164310][T10474] ? bio_add_page+0x162/0x760 [ 376.164329][T10474] ? iov_iter_revert+0x252/0x5b0 [ 376.164353][T10474] bio_iov_iter_get_pages+0x35e/0x12c0 [ 376.164385][T10474] ? __pfx_bio_iov_iter_get_pages+0x10/0x10 [ 376.164408][T10474] ? __pfx_bio_alloc_bioset+0x10/0x10 [ 376.164430][T10474] ? iov_iter_npages+0xf8/0x500 [ 376.164451][T10474] blkdev_direct_IO+0x1302/0x1fb0 [ 376.164477][T10474] ? __pfx_blkdev_direct_IO+0x10/0x10 [ 376.164498][T10474] ? filemap_check_errors+0xa9/0x150 [ 376.164525][T10474] blkdev_write_iter+0x703/0xd70 [ 376.164547][T10474] vfs_write+0x6ac/0x1070 [ 376.164563][T10474] ? __pfx_blkdev_write_iter+0x10/0x10 [ 376.164582][T10474] ? __pfx_vfs_write+0x10/0x10 [ 376.164597][T10474] ? find_held_lock+0x2b/0x80 [ 376.164623][T10474] ksys_write+0x12a/0x250 [ 376.164638][T10474] ? __pfx_ksys_write+0x10/0x10 [ 376.164660][T10474] do_syscall_64+0xc9/0xf80 [ 376.164679][T10474] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 376.164694][T10474] RIP: 0033:0x7fc727d9af79 [ 376.164707][T10474] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 376.164721][T10474] RSP: 002b:00007fc728cca028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 376.164735][T10474] RAX: ffffffffffffffda RBX: 00007fc728015fa0 RCX: 00007fc727d9af79 [ 376.164745][T10474] RDX: 000000100000a3d9 RSI: 00002000000000c0 RDI: 0000000000000004 [ 376.164754][T10474] RBP: 00007fc727e316e0 R08: 0000000000000000 R09: 0000000000000000 [ 376.164764][T10474] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 376.164772][T10474] R13: 00007fc728016038 R14: 00007fc728015fa0 R15: 00007ffd191e6368 [ 376.164792][T10474] [ 377.064288][T10490] program syz.2.772 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 377.099961][T10485] program syz.1.770 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 377.252592][ T5826] Bluetooth: hci0: command 0x2016 tx timeout [ 377.326399][ T5826] Bluetooth: hci1: command 0x2016 tx timeout [ 377.403584][ T5826] Bluetooth: hci3: command 0x2016 tx timeout [ 377.409681][ T5832] Bluetooth: hci2: command 0x2016 tx timeout [ 377.549681][T10484] program syz.3.773 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 378.528625][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.535116][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 379.035922][T10505] FAULT_INJECTION: forcing a failure. [ 379.035922][T10505] name failslab, interval 1, probability 0, space 0, times 0 [ 379.049830][T10505] CPU: 0 UID: 0 PID: 10505 Comm: syz.0.776 Tainted: G L syzkaller #0 PREEMPT(full) [ 379.049873][T10505] Tainted: [L]=SOFTLOCKUP [ 379.049883][T10505] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 379.049899][T10505] Call Trace: [ 379.049908][T10505] [ 379.049918][T10505] dump_stack_lvl+0x100/0x190 [ 379.049957][T10505] should_fail_ex.cold+0x5/0xa [ 379.050001][T10505] should_failslab+0xc2/0x120 [ 379.050039][T10505] kmem_cache_alloc_noprof+0x83/0x780 [ 379.050075][T10505] ? kmem_cache_alloc_noprof+0x2a1/0x780 [ 379.050110][T10505] ? anon_vma_fork+0x202/0x620 [ 379.050146][T10505] ? anon_vma_fork+0x202/0x620 [ 379.050172][T10505] anon_vma_fork+0x202/0x620 [ 379.050205][T10505] dup_mmap+0x1182/0x1e20 [ 379.050243][T10505] ? __pfx_dup_mmap+0x10/0x10 [ 379.050292][T10505] copy_process+0x7451/0x7890 [ 379.050326][T10505] ? preempt_schedule_thunk+0x16/0x30 [ 379.050370][T10505] ? __pfx_copy_process+0x10/0x10 [ 379.050406][T10505] ? find_held_lock+0x2b/0x80 [ 379.050440][T10505] ? futex_private_hash_put+0x107/0x1c0 [ 379.050481][T10505] kernel_clone+0xfc/0x930 [ 379.050519][T10505] ? __pfx_kernel_clone+0x10/0x10 [ 379.050573][T10505] __do_sys_clone+0xd9/0x120 [ 379.050610][T10505] ? __pfx___do_sys_clone+0x10/0x10 [ 379.050644][T10505] ? find_held_lock+0x2b/0x80 [ 379.050686][T10505] ? xfd_validate_state+0x129/0x190 [ 379.050745][T10505] do_syscall_64+0xc9/0xf80 [ 379.050782][T10505] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 379.050822][T10505] RIP: 0033:0x7fc727d9af79 [ 379.050845][T10505] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 379.050872][T10505] RSP: 002b:00007fc728ca8fd8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 379.050898][T10505] RAX: ffffffffffffffda RBX: 00007fc728016090 RCX: 00007fc727d9af79 [ 379.050917][T10505] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000002360411 [ 379.050933][T10505] RBP: 00007fc727e316e0 R08: 0000000000000000 R09: 0000000000000000 [ 379.050950][T10505] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 379.050965][T10505] R13: 00007fc728016128 R14: 00007fc728016090 R15: 00007ffd191e6368 [ 379.051005][T10505] [ 379.391719][T10515] netlink: 4 bytes leftover after parsing attributes in process `syz.1.779'. [ 379.534811][T10515] netlink: 354 bytes leftover after parsing attributes in process `syz.1.779'. [ 379.537729][ T5826] Bluetooth: hci1: command 0x2016 tx timeout [ 379.967628][T10516] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 0 with max blocks 1 with error 117 [ 380.007551][T10516] EXT4-fs (sda1): This should not happen!! Data will be lost [ 380.007551][T10516] [ 381.189131][T10534] EXT4-fs error (device sda1): ext4_discard_preallocations:5703: comm syz.1.781: Error -117 reading block bitmap for 4 [ 381.440670][T10546] EXT4-fs error (device sda1): ext4_validate_block_bitmap:423: comm syz.3.784: bg 5: bad block bitmap checksum [ 381.470676][T10546] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 0 with max blocks 1 with error 74 [ 381.497204][T10546] EXT4-fs (sda1): This should not happen!! Data will be lost [ 381.497204][T10546] [ 382.502325][T10554] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 382.518248][T10554] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 382.562146][T10554] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 382.963537][T10563] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 0 with max blocks 1 with error 117 [ 383.101451][T10563] EXT4-fs (sda1): This should not happen!! Data will be lost [ 383.101451][T10563] [ 383.112185][T10554] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 383.640207][ T5832] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18 [ 383.792373][T10575] dmxdev: DVB (dvb_dmxdev_filter_start): could not set feed [ 383.792437][T10575] dvb_demux: dvb_demux_feed_del: feed not in list (type=1 state=0 pid=ffff) [ 384.022878][T10576] zswap: compressor û not available [ 384.613687][ T5832] Bluetooth: hci2: command 0x2016 tx timeout [ 384.619704][ T7751] Bluetooth: hci1: command 0x2016 tx timeout [ 384.619731][ T52] Bluetooth: hci0: command 0x2016 tx timeout [ 385.029793][T10587] FAULT_INJECTION: forcing a failure. [ 385.029793][T10587] name failslab, interval 1, probability 0, space 0, times 0 [ 385.042521][T10587] CPU: 1 UID: 0 PID: 10587 Comm: syz.3.792 Tainted: G L syzkaller #0 PREEMPT(full) [ 385.042546][T10587] Tainted: [L]=SOFTLOCKUP [ 385.042552][T10587] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 385.042561][T10587] Call Trace: [ 385.042568][T10587] [ 385.042578][T10587] dump_stack_lvl+0x100/0x190 [ 385.042626][T10587] should_fail_ex.cold+0x5/0xa [ 385.042669][T10587] should_failslab+0xc2/0x120 [ 385.042692][T10587] kmem_cache_alloc_noprof+0x83/0x780 [ 385.042711][T10587] ? ptlock_alloc+0x1f/0x70 [ 385.042730][T10587] ? ptlock_alloc+0x1f/0x70 [ 385.042743][T10587] ptlock_alloc+0x1f/0x70 [ 385.042758][T10587] pte_alloc_one+0x84/0x3e0 [ 385.042777][T10587] __pte_alloc+0x6d/0x3f0 [ 385.042796][T10587] ? __pfx___pte_alloc+0x10/0x10 [ 385.042817][T10587] ? _raw_spin_unlock+0x28/0x50 [ 385.042832][T10587] ? __pmd_alloc+0x6aa/0x9c0 [ 385.042855][T10587] copy_page_range+0x3f17/0x6ba0 [ 385.042873][T10587] ? __lock_acquire+0x4a5/0x2630 [ 385.042908][T10587] ? __pfx_copy_page_range+0x10/0x10 [ 385.042929][T10587] ? mas_store+0x666/0xac0 [ 385.042950][T10587] ? __pfx_mas_store+0x10/0x10 [ 385.042979][T10587] dup_mmap+0xbea/0x1e20 [ 385.042999][T10587] ? __pfx_dup_mmap+0x10/0x10 [ 385.043025][T10587] copy_process+0x7451/0x7890 [ 385.043053][T10587] ? __pfx_copy_process+0x10/0x10 [ 385.043071][T10587] ? find_held_lock+0x2b/0x80 [ 385.043093][T10587] kernel_clone+0xfc/0x930 [ 385.043110][T10587] ? __pfx_futex_wait+0x10/0x10 [ 385.043126][T10587] ? __pfx_kernel_clone+0x10/0x10 [ 385.043155][T10587] __do_sys_clone+0xd9/0x120 [ 385.043174][T10587] ? __pfx___do_sys_clone+0x10/0x10 [ 385.043192][T10587] ? find_held_lock+0x2b/0x80 [ 385.043213][T10587] ? xfd_validate_state+0x129/0x190 [ 385.043242][T10587] do_syscall_64+0xc9/0xf80 [ 385.043261][T10587] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 385.043276][T10587] RIP: 0033:0x7f24ee59af79 [ 385.043288][T10587] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 385.043302][T10587] RSP: 002b:00007f24ef4aefd8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 385.043317][T10587] RAX: ffffffffffffffda RBX: 00007f24ee815fa0 RCX: 00007f24ee59af79 [ 385.043327][T10587] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000002360411 [ 385.043335][T10587] RBP: 00007f24ee6316e0 R08: 0000000000000000 R09: 0000000000000000 [ 385.043346][T10587] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 385.043361][T10587] R13: 00007f24ee816038 R14: 00007f24ee815fa0 R15: 00007ffc73581728 [ 385.043386][T10587] [ 385.297396][ T52] Bluetooth: hci3: command 0x2016 tx timeout [ 386.086478][T10618] FAULT_INJECTION: forcing a failure. [ 386.086478][T10618] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 386.132346][T10618] CPU: 1 UID: 0 PID: 10618 Comm: syz.1.795 Tainted: G L syzkaller #0 PREEMPT(full) [ 386.132379][T10618] Tainted: [L]=SOFTLOCKUP [ 386.132385][T10618] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 386.132394][T10618] Call Trace: [ 386.132400][T10618] [ 386.132406][T10618] dump_stack_lvl+0x100/0x190 [ 386.132429][T10618] should_fail_ex.cold+0x5/0xa [ 386.132450][T10618] ? prepare_alloc_pages+0x16d/0x5f0 [ 386.132474][T10618] should_fail_alloc_page+0xeb/0x140 [ 386.132495][T10618] prepare_alloc_pages+0x1f0/0x5f0 [ 386.132520][T10618] ? __folio_batch_add_and_move+0x464/0xc60 [ 386.132542][T10618] __alloc_frozen_pages_noprof+0x193/0x2410 [ 386.132559][T10618] ? __lock_acquire+0x4a5/0x2630 [ 386.132581][T10618] ? __lock_acquire+0x4a5/0x2630 [ 386.132599][T10618] ? css_rstat_updated+0x1ce/0x5a0 [ 386.132620][T10618] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 386.132638][T10618] ? find_held_lock+0x2b/0x80 [ 386.132651][T10618] ? page_table_check_set+0x49a/0xa10 [ 386.132668][T10618] ? page_table_check_set+0x49a/0xa10 [ 386.132688][T10618] ? page_table_check_set+0x4a9/0xa10 [ 386.132708][T10618] ? __page_table_check_ptes_set+0x1b5/0x4e0 [ 386.132725][T10618] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 386.132742][T10618] ? policy_nodemask+0xed/0x4f0 [ 386.132763][T10618] alloc_pages_mpol+0x1fb/0x550 [ 386.132784][T10618] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 386.132809][T10618] alloc_pages_noprof+0x131/0x390 [ 386.132830][T10618] pte_alloc_one+0x1e/0x3e0 [ 386.132849][T10618] do_huge_pmd_anonymous_page+0x836/0x1c00 [ 386.132871][T10618] __handle_mm_fault+0x1e96/0x2b50 [ 386.132890][T10618] ? mt_find+0x45e/0x8e0 [ 386.132909][T10618] ? __pfx___handle_mm_fault+0x10/0x10 [ 386.132924][T10618] ? __pfx_mt_find+0x10/0x10 [ 386.132957][T10618] handle_mm_fault+0x36d/0xa20 [ 386.132977][T10618] __get_user_pages+0xf9c/0x34d0 [ 386.133005][T10618] ? down_read_killable+0x30e/0x4c0 [ 386.133024][T10618] ? __lock_acquire+0x4a5/0x2630 [ 386.133042][T10618] ? __pfx___get_user_pages+0x10/0x10 [ 386.133068][T10618] __gup_longterm_locked+0x87d/0x16f0 [ 386.133095][T10618] ? __pfx___gup_longterm_locked+0x10/0x10 [ 386.133118][T10618] ? try_get_folio+0x262/0x750 [ 386.133136][T10618] ? pmd_write+0xd3/0x150 [ 386.133155][T10618] ? sanity_check_pinned_pages+0x5f6/0x1250 [ 386.133179][T10618] gup_fast_fallback+0x18c6/0x2460 [ 386.133213][T10618] ? __pfx_gup_fast_fallback+0x10/0x10 [ 386.133233][T10618] ? ksys_write+0x12a/0x250 [ 386.133249][T10618] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 386.133291][T10618] pin_user_pages_fast+0xa7/0xf0 [ 386.133313][T10618] ? __pfx_pin_user_pages_fast+0x10/0x10 [ 386.133340][T10618] iov_iter_extract_pages+0xa0d/0x1ef0 [ 386.133372][T10618] ? pfn_valid+0x98/0x4e0 [ 386.133396][T10618] ? __pfx_iov_iter_extract_pages+0x10/0x10 [ 386.133433][T10618] ? bvec_try_merge_page+0x1cd/0x290 [ 386.133472][T10618] ? bio_add_page+0x162/0x760 [ 386.133505][T10618] ? iov_iter_revert+0x252/0x5b0 [ 386.133546][T10618] bio_iov_iter_get_pages+0x35e/0x12c0 [ 386.133607][T10618] ? __pfx_bio_iov_iter_get_pages+0x10/0x10 [ 386.133650][T10618] ? __pfx_bio_alloc_bioset+0x10/0x10 [ 386.133693][T10618] ? iov_iter_npages+0xf8/0x500 [ 386.133732][T10618] blkdev_direct_IO+0x1302/0x1fb0 [ 386.133780][T10618] ? __pfx_blkdev_direct_IO+0x10/0x10 [ 386.133819][T10618] ? filemap_check_errors+0xa9/0x150 [ 386.133870][T10618] blkdev_write_iter+0x703/0xd70 [ 386.133909][T10618] vfs_write+0x6ac/0x1070 [ 386.133940][T10618] ? __pfx_blkdev_write_iter+0x10/0x10 [ 386.133976][T10618] ? __pfx_vfs_write+0x10/0x10 [ 386.134003][T10618] ? find_held_lock+0x2b/0x80 [ 386.134052][T10618] ksys_write+0x12a/0x250 [ 386.134081][T10618] ? __pfx_ksys_write+0x10/0x10 [ 386.134122][T10618] do_syscall_64+0xc9/0xf80 [ 386.134157][T10618] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 386.134184][T10618] RIP: 0033:0x7f93d1f9af79 [ 386.134205][T10618] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 386.134231][T10618] RSP: 002b:00007f93d2e56028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 386.134264][T10618] RAX: ffffffffffffffda RBX: 00007f93d2216360 RCX: 00007f93d1f9af79 [ 386.134282][T10618] RDX: 000000100000a3d9 RSI: 00002000000000c0 RDI: 0000000000000004 [ 386.134299][T10618] RBP: 00007f93d20316e0 R08: 0000000000000000 R09: 0000000000000000 [ 386.134315][T10618] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 386.134332][T10618] R13: 00007f93d22163f8 R14: 00007f93d2216360 R15: 00007ffea4dd7498 [ 386.134368][T10618] [ 386.710587][ T5832] Bluetooth: hci2: command 0x2016 tx timeout [ 386.960445][T10622] program syz.0.804 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 387.324413][T10626] FAULT_INJECTION: forcing a failure. [ 387.324413][T10626] name failslab, interval 1, probability 0, space 0, times 0 [ 387.367611][T10626] CPU: 0 UID: 0 PID: 10626 Comm: syz.3.798 Tainted: G L syzkaller #0 PREEMPT(full) [ 387.367638][T10626] Tainted: [L]=SOFTLOCKUP [ 387.367643][T10626] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 387.367653][T10626] Call Trace: [ 387.367658][T10626] [ 387.367664][T10626] dump_stack_lvl+0x100/0x190 [ 387.367686][T10626] should_fail_ex.cold+0x5/0xa [ 387.367711][T10626] should_failslab+0xc2/0x120 [ 387.367732][T10626] __kmalloc_cache_noprof+0x80/0x810 [ 387.367748][T10626] ? ip_vs_protocol_net_init+0xbe/0x300 [ 387.367767][T10626] ? ip_vs_protocol_net_init+0xbe/0x300 [ 387.367780][T10626] ip_vs_protocol_net_init+0xbe/0x300 [ 387.367797][T10626] __ip_vs_init+0x239/0x520 [ 387.367817][T10626] ? __pfx___ip_vs_init+0x10/0x10 [ 387.367835][T10626] ops_init+0x1e2/0x5f0 [ 387.367859][T10626] setup_net+0x118/0x3a0 [ 387.367872][T10626] ? __pfx_setup_net+0x10/0x10 [ 387.367884][T10626] ? lockdep_init_map_type+0x5c/0x250 [ 387.367904][T10626] ? mutex_init_lockep+0x110/0x150 [ 387.367944][T10626] copy_net_ns+0x46f/0x7c0 [ 387.367962][T10626] create_new_namespaces+0x3ea/0xab0 [ 387.367984][T10626] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 387.368003][T10626] ksys_unshare+0x455/0xab0 [ 387.368025][T10626] ? __pfx_ksys_unshare+0x10/0x10 [ 387.368044][T10626] ? xfd_validate_state+0x129/0x190 [ 387.368072][T10626] __x64_sys_unshare+0x31/0x40 [ 387.368091][T10626] do_syscall_64+0xc9/0xf80 [ 387.368111][T10626] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 387.368126][T10626] RIP: 0033:0x7f24ee59af79 [ 387.368138][T10626] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 387.368152][T10626] RSP: 002b:00007f24ef4af028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 387.368167][T10626] RAX: ffffffffffffffda RBX: 00007f24ee815fa0 RCX: 00007f24ee59af79 [ 387.368177][T10626] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 387.368186][T10626] RBP: 00007f24ee6316e0 R08: 0000000000000000 R09: 0000000000000000 [ 387.368195][T10626] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 387.368204][T10626] R13: 00007f24ee816038 R14: 00007f24ee815fa0 R15: 00007ffc73581728 [ 387.368223][T10626] [ 387.955699][ T5826] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 388.506426][T10647] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 388.764380][ T5832] Bluetooth: hci2: command 0x2016 tx timeout [ 390.556471][ T5832] Bluetooth: hci1: command 0x2016 tx timeout [ 390.562943][ T52] Bluetooth: hci0: command 0x2016 tx timeout [ 390.611650][T10647] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 390.624304][T10647] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 390.649094][T10647] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 391.263227][T10686] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 0 with max blocks 1 with error 117 [ 391.353066][T10686] EXT4-fs (sda1): This should not happen!! Data will be lost [ 391.353066][T10686] [ 391.750047][T10695] program syz.0.811 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 391.814193][ T52] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 392.696219][ T5826] Bluetooth: hci3: command 0x2016 tx timeout [ 392.696454][ T7751] Bluetooth: hci1: command 0x2016 tx timeout [ 392.708603][ T5832] Bluetooth: hci2: command 0x2016 tx timeout [ 394.770075][ T7751] Bluetooth: hci1: command 0x2016 tx timeout [ 394.826932][T10744] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 0 with max blocks 1 with error 117 [ 394.839599][T10744] EXT4-fs (sda1): This should not happen!! Data will be lost [ 394.839599][T10744] [ 395.090012][ T52] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 395.557729][ T33] EXT4-fs (sda1): Delayed block allocation failed for inode 2029 at logical offset 1383 with max blocks 15 with error 117 [ 395.566067][T10755] zswap: compressor @ not available [ 395.630406][ T33] EXT4-fs (sda1): This should not happen!! Data will be lost [ 395.630406][ T33] [ 395.787713][ T33] EXT4-fs (sda1): Delayed block allocation failed for inode 2026 at logical offset 2 with max blocks 1 with error 117 [ 395.847530][ T33] EXT4-fs (sda1): This should not happen!! Data will be lost [ 395.847530][ T33] [ 395.878112][ T7751] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 395.910220][T10759] EXT4-fs error (device sda1): ext4_discard_preallocations:5703: comm syz.2.825: Error -117 reading block bitmap for 5 [ 396.843656][ T5832] Bluetooth: hci1: command 0x2016 tx timeout [ 396.921156][T10780] program syz.0.828 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 397.165646][ T7751] Bluetooth: hci0: command 0x2016 tx timeout [ 397.854871][T10787] program syz.1.838 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 398.923615][ T7751] Bluetooth: hci1: command 0x2016 tx timeout [ 399.164806][T10807] program syz.0.840 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 399.243909][ T5832] Bluetooth: hci0: command 0x2016 tx timeout [ 400.515185][T10825] netlink: 4 bytes leftover after parsing attributes in process `syz.1.837'. [ 401.013202][ T5832] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 401.021289][ T52] Bluetooth: hci1: command 0x2016 tx timeout [ 401.998864][T10857] program syz.2.841 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 402.012351][T10849] zswap: compressor û not available [ 402.954756][ T5832] Bluetooth: hci3: unexpected subevent 0x03 length: 253 > 9 [ 403.097420][ T5832] Bluetooth: hci3: command 0x2016 tx timeout [ 403.466188][T10866] FAULT_INJECTION: forcing a failure. [ 403.466188][T10866] name failslab, interval 1, probability 0, space 0, times 0 [ 403.489476][T10866] CPU: 0 UID: 0 PID: 10866 Comm: syz.3.847 Tainted: G L syzkaller #0 PREEMPT(full) [ 403.489516][T10866] Tainted: [L]=SOFTLOCKUP [ 403.489526][T10866] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 403.489541][T10866] Call Trace: [ 403.489549][T10866] [ 403.489559][T10866] dump_stack_lvl+0x100/0x190 [ 403.489595][T10866] should_fail_ex.cold+0x5/0xa [ 403.489639][T10866] should_failslab+0xc2/0x120 [ 403.489676][T10866] kmem_cache_alloc_noprof+0x83/0x780 [ 403.489710][T10866] ? ptlock_alloc+0x1f/0x70 [ 403.489742][T10866] ? ptlock_alloc+0x1f/0x70 [ 403.489768][T10866] ptlock_alloc+0x1f/0x70 [ 403.489795][T10866] pte_alloc_one+0x84/0x3e0 [ 403.489831][T10866] __pte_alloc+0x6d/0x3f0 [ 403.489866][T10866] ? __pfx___pte_alloc+0x10/0x10 [ 403.489902][T10866] ? _raw_spin_unlock+0x28/0x50 [ 403.489931][T10866] ? __pmd_alloc+0x6aa/0x9c0 [ 403.489976][T10866] copy_page_range+0x3f17/0x6ba0 [ 403.490010][T10866] ? __lock_acquire+0x4a5/0x2630 [ 403.490074][T10866] ? __pfx_copy_page_range+0x10/0x10 [ 403.490117][T10866] ? mas_store+0x666/0xac0 [ 403.490157][T10866] ? __pfx_mas_store+0x10/0x10 [ 403.490214][T10866] dup_mmap+0xbea/0x1e20 [ 403.490260][T10866] ? __pfx_dup_mmap+0x10/0x10 [ 403.490311][T10866] copy_process+0x7451/0x7890 [ 403.490365][T10866] ? __pfx_copy_process+0x10/0x10 [ 403.490417][T10866] kernel_clone+0xfc/0x930 [ 403.490450][T10866] ? __pfx_futex_wait+0x10/0x10 [ 403.490473][T10866] ? lockdep_hardirqs_on+0x78/0x100 [ 403.490507][T10866] ? __pfx_kernel_clone+0x10/0x10 [ 403.490558][T10866] __do_sys_clone+0xd9/0x120 [ 403.490596][T10866] ? __pfx___do_sys_clone+0x10/0x10 [ 403.490632][T10866] ? find_held_lock+0x2b/0x80 [ 403.490672][T10866] ? xfd_validate_state+0x129/0x190 [ 403.490727][T10866] do_syscall_64+0xc9/0xf80 [ 403.490762][T10866] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 403.490792][T10866] RIP: 0033:0x7f24ee59af79 [ 403.490814][T10866] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 403.490841][T10866] RSP: 002b:00007f24ef4aefd8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 403.490868][T10866] RAX: ffffffffffffffda RBX: 00007f24ee815fa0 RCX: 00007f24ee59af79 [ 403.490887][T10866] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000002360411 [ 403.490903][T10866] RBP: 00007f24ee6316e0 R08: 0000000000000000 R09: 0000000000000000 [ 403.490920][T10866] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 403.490938][T10866] R13: 00007f24ee816038 R14: 00007f24ee815fa0 R15: 00007ffc73581728 [ 403.490976][T10866] [ 404.413714][T10886] program syz.1.849 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 405.173659][ T5832] Bluetooth: hci3: command 0x2016 tx timeout [ 405.770208][T10891] Invalid ELF header magic: != ELF [ 406.953065][T10929] FAULT_INJECTION: forcing a failure. [ 406.953065][T10929] name failslab, interval 1, probability 0, space 0, times 0 [ 407.044814][T10929] CPU: 0 UID: 0 PID: 10929 Comm: syz.3.857 Tainted: G L syzkaller #0 PREEMPT(full) [ 407.044841][T10929] Tainted: [L]=SOFTLOCKUP [ 407.044847][T10929] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 407.044856][T10929] Call Trace: [ 407.044861][T10929] [ 407.044867][T10929] dump_stack_lvl+0x100/0x190 [ 407.044889][T10929] should_fail_ex.cold+0x5/0xa [ 407.044913][T10929] should_failslab+0xc2/0x120 [ 407.044935][T10929] kmem_cache_alloc_noprof+0x83/0x780 [ 407.044952][T10929] ? __proc_create+0xc2/0x8c0 [ 407.044974][T10929] ? __proc_create+0x2cb/0x8c0 [ 407.044998][T10929] ? __proc_create+0x2cb/0x8c0 [ 407.045018][T10929] __proc_create+0x2cb/0x8c0 [ 407.045040][T10929] ? __pfx___proc_create+0x10/0x10 [ 407.045065][T10929] ? _raw_write_unlock+0x28/0x50 [ 407.045081][T10929] ? proc_register+0x559/0x8a0 [ 407.045096][T10929] proc_create_reg+0x75/0x170 [ 407.045111][T10929] proc_create_net_data+0x8e/0x1c0 [ 407.045125][T10929] ? __pfx_proc_create_net_data+0x10/0x10 [ 407.045145][T10929] sctp_proc_init+0xfb/0x270 [ 407.045164][T10929] ? __pfx_sctp_defaults_init+0x10/0x10 [ 407.045183][T10929] sctp_defaults_init+0x758/0xd90 [ 407.045203][T10929] ? __pfx_sctp_defaults_init+0x10/0x10 [ 407.045223][T10929] ops_init+0x1e2/0x5f0 [ 407.045247][T10929] setup_net+0x118/0x3a0 [ 407.045260][T10929] ? __pfx_setup_net+0x10/0x10 [ 407.045272][T10929] ? lockdep_init_map_type+0x5c/0x250 [ 407.045292][T10929] ? mutex_init_lockep+0x110/0x150 [ 407.045314][T10929] copy_net_ns+0x46f/0x7c0 [ 407.045331][T10929] create_new_namespaces+0x3ea/0xab0 [ 407.045351][T10929] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 407.045370][T10929] ksys_unshare+0x455/0xab0 [ 407.045391][T10929] ? __pfx_ksys_unshare+0x10/0x10 [ 407.045411][T10929] ? xfd_validate_state+0x129/0x190 [ 407.045438][T10929] __x64_sys_unshare+0x31/0x40 [ 407.045458][T10929] do_syscall_64+0xc9/0xf80 [ 407.045477][T10929] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 407.045492][T10929] RIP: 0033:0x7f24ee59af79 [ 407.045504][T10929] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 407.045518][T10929] RSP: 002b:00007f24ef48e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 407.045533][T10929] RAX: ffffffffffffffda RBX: 00007f24ee816090 RCX: 00007f24ee59af79 [ 407.045543][T10929] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 407.045551][T10929] RBP: 00007f24ee6316e0 R08: 0000000000000000 R09: 0000000000000000 [ 407.045560][T10929] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 407.045569][T10929] R13: 00007f24ee816128 R14: 00007f24ee816090 R15: 00007ffc73581728 [ 407.045588][T10929] [ 408.166035][T10945] FAULT_INJECTION: forcing a failure. [ 408.166035][T10945] name failslab, interval 1, probability 0, space 0, times 0 [ 408.263540][T10945] CPU: 1 UID: 0 PID: 10945 Comm: syz.0.862 Tainted: G L syzkaller #0 PREEMPT(full) [ 408.263566][T10945] Tainted: [L]=SOFTLOCKUP [ 408.263572][T10945] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 408.263581][T10945] Call Trace: [ 408.263587][T10945] [ 408.263593][T10945] dump_stack_lvl+0x100/0x190 [ 408.263615][T10945] should_fail_ex.cold+0x5/0xa [ 408.263659][T10945] should_failslab+0xc2/0x120 [ 408.263679][T10945] __kmalloc_cache_noprof+0x80/0x810 [ 408.263695][T10945] ? single_open+0x4d/0x1d0 [ 408.263717][T10945] ? find_held_lock+0x2b/0x80 [ 408.263733][T10945] ? __pfx_proc_setgroups_show+0x10/0x10 [ 408.263749][T10945] ? single_open+0x4d/0x1d0 [ 408.263769][T10945] single_open+0x4d/0x1d0 [ 408.263791][T10945] proc_setgroups_open+0x35a/0x7e0 [ 408.263811][T10945] do_dentry_open+0x73e/0x1570 [ 408.263828][T10945] ? __pfx_proc_setgroups_open+0x10/0x10 [ 408.263848][T10945] ? security_inode_permission+0xbf/0x250 [ 408.263874][T10945] vfs_open+0x82/0x3f0 [ 408.263898][T10945] path_openat+0x21dc/0x3120 [ 408.263921][T10945] ? __pfx_path_openat+0x10/0x10 [ 408.263945][T10945] do_filp_open+0x1f7/0x420 [ 408.263963][T10945] ? __pfx_do_filp_open+0x10/0x10 [ 408.263987][T10945] ? __pfx_kfree_link+0x10/0x10 [ 408.264013][T10945] ? _raw_spin_unlock+0x28/0x50 [ 408.264028][T10945] ? alloc_fd+0x476/0x790 [ 408.264049][T10945] do_sys_openat2+0x12e/0x220 [ 408.264070][T10945] ? __pfx_do_sys_openat2+0x10/0x10 [ 408.264093][T10945] ? ksys_semctl.constprop.0+0x14e/0x2e0 [ 408.264118][T10945] __x64_sys_openat+0x12d/0x210 [ 408.264140][T10945] ? __pfx___x64_sys_openat+0x10/0x10 [ 408.264161][T10945] ? xfd_validate_state+0x129/0x190 [ 408.264190][T10945] do_syscall_64+0xc9/0xf80 [ 408.264209][T10945] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 408.264224][T10945] RIP: 0033:0x7fc727d9af79 [ 408.264237][T10945] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 408.264251][T10945] RSP: 002b:00007fc728cca028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 408.264265][T10945] RAX: ffffffffffffffda RBX: 00007fc728015fa0 RCX: 00007fc727d9af79 [ 408.264275][T10945] RDX: 0000000000183200 RSI: 00002000000003c0 RDI: ffffffffffffff9c [ 408.264284][T10945] RBP: 00007fc727e316e0 R08: 0000000000000000 R09: 0000000000000000 [ 408.264294][T10945] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 408.264303][T10945] R13: 00007fc728016038 R14: 00007fc728015fa0 R15: 00007ffd191e6368 [ 408.264323][T10945] [ 408.999086][T10958] program syz.1.860 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 409.916068][T10970] Invalid ELF header magic: != ELF [ 410.196086][T10974] program syz.0.866 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 411.639641][T10983] FAULT_INJECTION: forcing a failure. [ 411.639641][T10983] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 411.657182][T10983] CPU: 1 UID: 0 PID: 10983 Comm: syz.3.867 Tainted: G L syzkaller #0 PREEMPT(full) [ 411.657225][T10983] Tainted: [L]=SOFTLOCKUP [ 411.657236][T10983] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 411.657251][T10983] Call Trace: [ 411.657258][T10983] [ 411.657264][T10983] dump_stack_lvl+0x100/0x190 [ 411.657287][T10983] should_fail_ex.cold+0x5/0xa [ 411.657309][T10983] ? prepare_alloc_pages+0x16d/0x5f0 [ 411.657332][T10983] should_fail_alloc_page+0xeb/0x140 [ 411.657354][T10983] prepare_alloc_pages+0x1f0/0x5f0 [ 411.657378][T10983] __alloc_frozen_pages_noprof+0x193/0x2410 [ 411.657396][T10983] ? __lock_acquire+0x4a5/0x2630 [ 411.657415][T10983] ? find_held_lock+0x2b/0x80 [ 411.657436][T10983] ? trace_ignore_this_task+0xbc/0x100 [ 411.657454][T10983] ? trace_ignore_this_task+0xbc/0x100 [ 411.657475][T10983] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 411.657492][T10983] ? find_held_lock+0x2b/0x80 [ 411.657509][T10983] ? mark_held_locks+0x40/0x70 [ 411.657529][T10983] ? finish_task_switch.isra.0+0x2c5/0xb70 [ 411.657547][T10983] ? rcu_is_watching+0x12/0xc0 [ 411.657561][T10983] ? trace_sched_exit_tp+0xcd/0x100 [ 411.657578][T10983] ? __schedule+0xf67/0x5fa0 [ 411.657593][T10983] ? __schedule+0xff8/0x5fa0 [ 411.657606][T10983] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 411.657623][T10983] ? policy_nodemask+0xed/0x4f0 [ 411.657645][T10983] alloc_pages_mpol+0x1fb/0x550 [ 411.657667][T10983] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 411.657696][T10983] alloc_pages_noprof+0x131/0x390 [ 411.657717][T10983] pte_alloc_one+0x1e/0x3e0 [ 411.657735][T10983] do_huge_pmd_anonymous_page+0x836/0x1c00 [ 411.657757][T10983] __handle_mm_fault+0x1e96/0x2b50 [ 411.657776][T10983] ? mt_find+0x45e/0x8e0 [ 411.657795][T10983] ? __pfx___handle_mm_fault+0x10/0x10 [ 411.657810][T10983] ? __pfx_mt_find+0x10/0x10 [ 411.657842][T10983] handle_mm_fault+0x36d/0xa20 [ 411.657861][T10983] __get_user_pages+0xf9c/0x34d0 [ 411.657888][T10983] ? down_read_killable+0x30e/0x4c0 [ 411.657906][T10983] ? __lock_acquire+0x4a5/0x2630 [ 411.657924][T10983] ? __pfx___get_user_pages+0x10/0x10 [ 411.657950][T10983] __gup_longterm_locked+0x87d/0x16f0 [ 411.657980][T10983] ? __pfx___gup_longterm_locked+0x10/0x10 [ 411.658004][T10983] ? try_get_folio+0x262/0x750 [ 411.658022][T10983] ? pmd_write+0xd3/0x150 [ 411.658041][T10983] ? sanity_check_pinned_pages+0x5f6/0x1250 [ 411.658065][T10983] gup_fast_fallback+0x18c6/0x2460 [ 411.658100][T10983] ? __pfx_gup_fast_fallback+0x10/0x10 [ 411.658120][T10983] ? ksys_write+0x12a/0x250 [ 411.658136][T10983] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 411.658159][T10983] pin_user_pages_fast+0xa7/0xf0 [ 411.658181][T10983] ? __pfx_pin_user_pages_fast+0x10/0x10 [ 411.658208][T10983] iov_iter_extract_pages+0xa0d/0x1ef0 [ 411.658246][T10983] ? pfn_valid+0x98/0x4e0 [ 411.658266][T10983] ? __pfx_iov_iter_extract_pages+0x10/0x10 [ 411.658288][T10983] ? bvec_try_merge_page+0x1cd/0x290 [ 411.658311][T10983] ? bio_add_page+0x162/0x760 [ 411.658330][T10983] ? iov_iter_revert+0x252/0x5b0 [ 411.658354][T10983] bio_iov_iter_get_pages+0x35e/0x12c0 [ 411.658388][T10983] ? __pfx_bio_iov_iter_get_pages+0x10/0x10 [ 411.658410][T10983] ? __pfx_bio_alloc_bioset+0x10/0x10 [ 411.658439][T10983] ? iov_iter_npages+0xf8/0x500 [ 411.658461][T10983] blkdev_direct_IO+0x1302/0x1fb0 [ 411.658488][T10983] ? __pfx_blkdev_direct_IO+0x10/0x10 [ 411.658509][T10983] ? filemap_check_errors+0xa9/0x150 [ 411.658537][T10983] blkdev_write_iter+0x703/0xd70 [ 411.658558][T10983] vfs_write+0x6ac/0x1070 [ 411.658575][T10983] ? __pfx_blkdev_write_iter+0x10/0x10 [ 411.658594][T10983] ? __pfx_vfs_write+0x10/0x10 [ 411.658609][T10983] ? find_held_lock+0x2b/0x80 [ 411.658635][T10983] ksys_write+0x12a/0x250 [ 411.658651][T10983] ? __pfx_ksys_write+0x10/0x10 [ 411.658675][T10983] do_syscall_64+0xc9/0xf80 [ 411.658694][T10983] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 411.658709][T10983] RIP: 0033:0x7f24ee59af79 [ 411.658722][T10983] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 411.658736][T10983] RSP: 002b:00007f24ef4af028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 411.658750][T10983] RAX: ffffffffffffffda RBX: 00007f24ee815fa0 RCX: 00007f24ee59af79 [ 411.658761][T10983] RDX: 000000100000a3d9 RSI: 00002000000000c0 RDI: 0000000000000004 [ 411.658770][T10983] RBP: 00007f24ee6316e0 R08: 0000000000000000 R09: 0000000000000000 [ 411.658779][T10983] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 411.658788][T10983] R13: 00007f24ee816038 R14: 00007f24ee815fa0 R15: 00007ffc73581728 [ 411.658808][T10983] [ 413.374687][T11004] program syz.2.871 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 414.555112][T11037] FAULT_INJECTION: forcing a failure. [ 414.555112][T11037] name failslab, interval 1, probability 0, space 0, times 0 [ 414.603298][T11037] CPU: 0 UID: 0 PID: 11037 Comm: syz.2.878 Tainted: G L syzkaller #0 PREEMPT(full) [ 414.603342][T11037] Tainted: [L]=SOFTLOCKUP [ 414.603351][T11037] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 414.603368][T11037] Call Trace: [ 414.603377][T11037] [ 414.603390][T11037] dump_stack_lvl+0x100/0x190 [ 414.603429][T11037] should_fail_ex.cold+0x5/0xa [ 414.603457][T11037] should_failslab+0xc2/0x120 [ 414.603478][T11037] __kmalloc_cache_noprof+0x80/0x810 [ 414.603494][T11037] ? percpu_ref_init+0xec/0x3f0 [ 414.603523][T11037] ? percpu_ref_init+0xec/0x3f0 [ 414.603539][T11037] ? __pfx_css_release+0x10/0x10 [ 414.603559][T11037] percpu_ref_init+0xec/0x3f0 [ 414.603578][T11037] cgroup_mkdir+0x2a0/0x12d0 [ 414.603596][T11037] ? __pfx_cgroup_mkdir+0x10/0x10 [ 414.603612][T11037] kernfs_iop_mkdir+0x111/0x190 [ 414.603633][T11037] ? bpf_lsm_inode_mkdir+0x9/0x10 [ 414.603652][T11037] vfs_mkdir+0x729/0xb50 [ 414.603692][T11037] do_mkdirat+0x435/0x590 [ 414.603712][T11037] ? __pfx_do_mkdirat+0x10/0x10 [ 414.603730][T11037] ? strncpy_from_user+0x19d/0x2d0 [ 414.603753][T11037] ? getname_flags.part.0+0x1c5/0x540 [ 414.603776][T11037] __x64_sys_mkdir+0xef/0x140 [ 414.603794][T11037] do_syscall_64+0xc9/0xf80 [ 414.603814][T11037] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 414.603830][T11037] RIP: 0033:0x7fae22b9af79 [ 414.603842][T11037] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 414.603857][T11037] RSP: 002b:00007fae239f8028 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 414.603872][T11037] RAX: ffffffffffffffda RBX: 00007fae22e16090 RCX: 00007fae22b9af79 [ 414.603881][T11037] RDX: 0000000000000000 RSI: 00000000000007ff RDI: 0000200000000000 [ 414.603890][T11037] RBP: 00007fae22c316e0 R08: 0000000000000000 R09: 0000000000000000 [ 414.603899][T11037] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 414.603908][T11037] R13: 00007fae22e16128 R14: 00007fae22e16090 R15: 00007ffd7f7d1538 [ 414.603928][T11037] [ 415.042377][ T12] EXT4-fs (sda1): Delayed block allocation failed for inode 2027 at logical offset 1366 with max blocks 7 with error 117 [ 415.089662][ T12] EXT4-fs (sda1): This should not happen!! Data will be lost [ 415.089662][ T12] [ 415.257235][ T33] EXT4-fs (sda1): Delayed block allocation failed for inode 2027 at logical offset 1364 with max blocks 2 with error 117 [ 415.273152][ T33] EXT4-fs (sda1): This should not happen!! Data will be lost [ 415.273152][ T33] [ 416.146679][ T52] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 418.203543][ T5832] Bluetooth: hci3: command 0x2016 tx timeout [ 420.296483][ T52] Bluetooth: hci3: command 0x2016 tx timeout [ 420.873213][T11142] program syz.2.894 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 422.459792][T11171] program syz.2.899 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 423.013723][ T5832] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 424.812743][T11218] program syz.1.906 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 427.067220][T11256] program syz.1.918 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 427.411428][T11263] program syz.3.912 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 427.818486][T11277] bridge0: port 3(gretap0) entered blocking state [ 427.826347][T11277] bridge0: port 3(gretap0) entered disabled state [ 427.833972][T11277] gretap0: entered allmulticast mode [ 427.840671][T11277] FAULT_INJECTION: forcing a failure. [ 427.840671][T11277] name failslab, interval 1, probability 0, space 0, times 0 [ 428.048020][T11277] CPU: 0 UID: 0 PID: 11277 Comm: syz.0.915 Tainted: G L syzkaller #0 PREEMPT(full) [ 428.048064][T11277] Tainted: [L]=SOFTLOCKUP [ 428.048074][T11277] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 428.048090][T11277] Call Trace: [ 428.048099][T11277] [ 428.048108][T11277] dump_stack_lvl+0x100/0x190 [ 428.048147][T11277] should_fail_ex.cold+0x5/0xa [ 428.048193][T11277] should_failslab+0xc2/0x120 [ 428.048232][T11277] kmem_cache_alloc_noprof+0x83/0x780 [ 428.048269][T11277] ? __kernfs_new_node+0xd2/0x960 [ 428.048314][T11277] ? __kernfs_new_node+0xd2/0x960 [ 428.048349][T11277] __kernfs_new_node+0xd2/0x960 [ 428.048390][T11277] ? __pfx___kernfs_new_node+0x10/0x10 [ 428.048445][T11277] ? find_held_lock+0x2b/0x80 [ 428.048472][T11277] ? kernfs_root+0xee/0x2a0 [ 428.048508][T11277] ? kernfs_root+0xee/0x2a0 [ 428.048553][T11277] kernfs_new_node+0x11b/0x1a0 [ 428.048600][T11277] kernfs_create_link+0xcc/0x240 [ 428.048635][T11277] sysfs_do_create_link_sd+0x90/0x140 [ 428.048674][T11277] sysfs_create_link+0x61/0xc0 [ 428.048712][T11277] __netdev_adjacent_dev_insert+0x43e/0xbf0 [ 428.048757][T11277] ? __pfx___netdev_adjacent_dev_insert+0x10/0x10 [ 428.048811][T11277] __netdev_upper_dev_link+0x3d8/0x7e0 [ 428.048849][T11277] ? __pfx___netdev_upper_dev_link+0x10/0x10 [ 428.048886][T11277] ? kernfs_add_one+0x214/0x850 [ 428.048937][T11277] netdev_master_upper_dev_link+0x9f/0xd0 [ 428.048970][T11277] ? __pfx_netdev_master_upper_dev_link+0x10/0x10 [ 428.049006][T11277] ? lockdep_rtnl_is_held+0x26/0x40 [ 428.049035][T11277] ? netdev_is_rx_handler_busy+0x83/0x140 [ 428.049083][T11277] br_add_if+0x9fd/0x1b40 [ 428.049124][T11277] ? security_capable+0x80/0x260 [ 428.049162][T11277] add_del_if+0x114/0x160 [ 428.049203][T11277] br_dev_siocdevprivate+0x8ac/0x1650 [ 428.049247][T11277] ? __pfx_br_dev_siocdevprivate+0x10/0x10 [ 428.049303][T11277] ? lock_acquire+0x17c/0x330 [ 428.049342][T11277] ? __pfx___might_resched+0x10/0x10 [ 428.049391][T11277] ? netdev_name_node_lookup+0x107/0x150 [ 428.049434][T11277] ? __mutex_lock+0x26a/0x1b90 [ 428.049474][T11277] dev_ifsioc+0xc15/0x1eb0 [ 428.049516][T11277] ? __pfx_dev_ifsioc+0x10/0x10 [ 428.049551][T11277] ? __pfx___mutex_lock+0x10/0x10 [ 428.049598][T11277] ? dev_load+0x8e/0x240 [ 428.049632][T11277] ? dev_load+0x8e/0x240 [ 428.049677][T11277] dev_ioctl+0x70e/0x1070 [ 428.049719][T11277] sock_ioctl+0x494/0x6b0 [ 428.049752][T11277] ? __pfx_sock_ioctl+0x10/0x10 [ 428.049801][T11277] ? __pfx_sock_ioctl+0x10/0x10 [ 428.049835][T11277] __x64_sys_ioctl+0x18e/0x210 [ 428.049882][T11277] do_syscall_64+0xc9/0xf80 [ 428.049917][T11277] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 428.049946][T11277] RIP: 0033:0x7fc727d9af79 [ 428.049967][T11277] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 428.049995][T11277] RSP: 002b:00007fc728c88028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 428.050021][T11277] RAX: ffffffffffffffda RBX: 00007fc728016180 RCX: 00007fc727d9af79 [ 428.050040][T11277] RDX: 0000200000000040 RSI: 00000000000089fc RDI: 0000000000000008 [ 428.050058][T11277] RBP: 00007fc727e316e0 R08: 0000000000000000 R09: 0000000000000000 [ 428.050075][T11277] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 428.050092][T11277] R13: 00007fc728016218 R14: 00007fc728016180 R15: 00007ffd191e6368 [ 428.050130][T11277] [ 428.625188][T11277] gretap0: left allmulticast mode [ 432.114413][T11354] program syz.3.926 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 432.837961][T11364] program syz.2.928 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 435.098198][T11385] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 435.282558][T11385] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 435.313834][T11385] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 435.324960][T11385] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 436.019294][ T5832] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 436.283822][ T5832] Bluetooth: hci0: command 0x2016 tx timeout [ 436.404447][T11422] program syz.2.939 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 437.100560][T11435] random: crng reseeded on system resumption [ 437.163704][ T5832] Bluetooth: hci1: command 0x2016 tx timeout [ 437.403603][ T5832] Bluetooth: hci3: command 0x2016 tx timeout [ 437.409960][ T7751] Bluetooth: hci2: command 0x2016 tx timeout [ 438.364040][ T5832] Bluetooth: hci0: command 0x2016 tx timeout [ 439.958531][T11467] FAULT_INJECTION: forcing a failure. [ 439.958531][T11467] name failslab, interval 1, probability 0, space 0, times 0 [ 439.976744][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 439.983272][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 439.994893][T11467] CPU: 0 UID: 0 PID: 11467 Comm: syz.2.948 Tainted: G L syzkaller #0 PREEMPT(full) [ 439.994917][T11467] Tainted: [L]=SOFTLOCKUP [ 439.994923][T11467] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 439.994932][T11467] Call Trace: [ 439.994937][T11467] [ 439.994943][T11467] dump_stack_lvl+0x100/0x190 [ 439.994966][T11467] should_fail_ex.cold+0x5/0xa [ 439.994991][T11467] should_failslab+0xc2/0x120 [ 439.995012][T11467] kmem_cache_alloc_noprof+0x83/0x780 [ 439.995031][T11467] ? ptlock_alloc+0x1f/0x70 [ 439.995049][T11467] ? ptlock_alloc+0x1f/0x70 [ 439.995063][T11467] ptlock_alloc+0x1f/0x70 [ 439.995079][T11467] pte_alloc_one+0x84/0x3e0 [ 439.995098][T11467] do_huge_pmd_anonymous_page+0x836/0x1c00 [ 439.995120][T11467] __handle_mm_fault+0x1e96/0x2b50 [ 439.995139][T11467] ? mt_find+0x45e/0x8e0 [ 439.995159][T11467] ? __pfx___handle_mm_fault+0x10/0x10 [ 439.995173][T11467] ? __pfx_mt_find+0x10/0x10 [ 439.995206][T11467] handle_mm_fault+0x36d/0xa20 [ 439.995225][T11467] __get_user_pages+0xf9c/0x34d0 [ 439.995252][T11467] ? down_read_killable+0x30e/0x4c0 [ 439.995271][T11467] ? __lock_acquire+0x4a5/0x2630 [ 439.995298][T11467] ? __pfx___get_user_pages+0x10/0x10 [ 439.995326][T11467] __gup_longterm_locked+0x87d/0x16f0 [ 439.995354][T11467] ? __pfx___gup_longterm_locked+0x10/0x10 [ 439.995378][T11467] ? try_get_folio+0x262/0x750 [ 439.995396][T11467] ? pmd_write+0xd3/0x150 [ 439.995415][T11467] ? sanity_check_pinned_pages+0x5f6/0x1250 [ 439.995439][T11467] gup_fast_fallback+0x18c6/0x2460 [ 439.995473][T11467] ? __pfx_gup_fast_fallback+0x10/0x10 [ 439.995497][T11467] ? ksys_write+0x12a/0x250 [ 439.995513][T11467] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 439.995539][T11467] pin_user_pages_fast+0xa7/0xf0 [ 439.995561][T11467] ? __pfx_pin_user_pages_fast+0x10/0x10 [ 439.995588][T11467] iov_iter_extract_pages+0xa0d/0x1ef0 [ 439.995615][T11467] ? pfn_valid+0x98/0x4e0 [ 439.995634][T11467] ? __pfx_iov_iter_extract_pages+0x10/0x10 [ 439.995655][T11467] ? bvec_try_merge_page+0x1cd/0x290 [ 439.995677][T11467] ? bio_add_page+0x162/0x760 [ 439.995701][T11467] ? iov_iter_revert+0x252/0x5b0 [ 439.995724][T11467] bio_iov_iter_get_pages+0x35e/0x12c0 [ 439.995757][T11467] ? __pfx_bio_iov_iter_get_pages+0x10/0x10 [ 439.995779][T11467] ? __pfx_bio_alloc_bioset+0x10/0x10 [ 439.995802][T11467] ? iov_iter_npages+0xf8/0x500 [ 439.995822][T11467] blkdev_direct_IO+0x1302/0x1fb0 [ 439.995848][T11467] ? __pfx_blkdev_direct_IO+0x10/0x10 [ 439.995869][T11467] ? filemap_check_errors+0xa9/0x150 [ 439.995898][T11467] blkdev_write_iter+0x703/0xd70 [ 439.995934][T11467] vfs_write+0x6ac/0x1070 [ 439.995965][T11467] ? __pfx_blkdev_write_iter+0x10/0x10 [ 439.996003][T11467] ? __pfx_vfs_write+0x10/0x10 [ 439.996019][T11467] ? find_held_lock+0x2b/0x80 [ 439.996047][T11467] ksys_write+0x12a/0x250 [ 439.996064][T11467] ? __pfx_ksys_write+0x10/0x10 [ 439.996086][T11467] do_syscall_64+0xc9/0xf80 [ 439.996106][T11467] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 439.996122][T11467] RIP: 0033:0x7fae22b9af79 [ 439.996134][T11467] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 439.996161][T11467] RSP: 002b:00007fae23a19028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 439.996177][T11467] RAX: ffffffffffffffda RBX: 00007fae22e15fa0 RCX: 00007fae22b9af79 [ 439.996187][T11467] RDX: 000000100000a3d9 RSI: 00002000000000c0 RDI: 0000000000000004 [ 439.996197][T11467] RBP: 00007fae22c316e0 R08: 0000000000000000 R09: 0000000000000000 [ 439.996207][T11467] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 439.996216][T11467] R13: 00007fae22e16038 R14: 00007fae22e15fa0 R15: 00007ffd7f7d1538 [ 439.996236][T11467] [ 440.486593][ T5832] Bluetooth: hci0: command 0x2016 tx timeout [ 440.683191][T11484] program syz.0.957 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 440.695184][ T5832] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 441.492249][T11494] program syz.2.952 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 442.763552][ T52] Bluetooth: hci1: command 0x2016 tx timeout [ 444.465561][ T5832] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 444.746708][T11543] [U]  [ 444.844568][ T5832] Bluetooth: hci1: command 0x2016 tx timeout [ 445.579028][ T33] EXT4-fs (sda1): Delayed block allocation failed for inode 2027 at logical offset 1364 with max blocks 1 with error 117 [ 445.623565][ T33] EXT4-fs (sda1): This should not happen!! Data will be lost [ 445.623565][ T33] [ 445.644766][ T33] EXT4-fs (sda1): Delayed block allocation failed for inode 2029 at logical offset 1386 with max blocks 12 with error 117 [ 445.658602][ T33] EXT4-fs (sda1): This should not happen!! Data will be lost [ 445.658602][ T33] [ 445.670692][ T33] EXT4-fs (sda1): Delayed block allocation failed for inode 2026 at logical offset 2 with max blocks 1 with error 117 [ 445.705184][ T33] EXT4-fs (sda1): This should not happen!! Data will be lost [ 445.705184][ T33] [ 445.852022][T11569] program syz.2.964 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 446.535335][ T52] Bluetooth: hci0: command 0x2016 tx timeout [ 447.009469][T11597] program syz.1.967 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 448.314183][T11628] vivid-009: ================= START STATUS ================= [ 448.328094][ T52] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 448.332269][T11628] vivid-009: Radio HW Seek Mode: Bounded [ 448.379006][T11628] vivid-009: Radio Programmable HW Seek: false [ 448.417250][T11628] vivid-009: RDS Rx I/O Mode: Block I/O [ 448.422859][T11628] vivid-009: Generate RBDS Instead of RDS: false [ 448.478294][T11628] vivid-009: RDS Reception: true [ 448.503671][T11628] vivid-009: RDS Program Type: 0 inactive [ 448.524241][T11628] vivid-009: RDS PS Name: inactive [ 448.529515][T11628] vivid-009: RDS Radio Text: inactive [ 448.588917][T11628] vivid-009: RDS Traffic Announcement: false inactive [ 448.603471][ T5832] Bluetooth: hci0: command 0x2016 tx timeout [ 448.639986][T11628] vivid-009: RDS Traffic Program: false inactive [ 448.646525][T11628] vivid-009: RDS Music: false inactive [ 448.653322][T11628] vivid-009: ================== END STATUS ================== [ 450.370439][ T52] Bluetooth: hci3: command 0x2016 tx timeout [ 450.385742][T11671] program syz.3.979 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 450.515431][ T30] audit: type=1804 audit(4294967398.160:10): pid=11680 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.983" name="/newroot/244/file0" dev="tmpfs" ino=1270 res=1 errno=0 [ 450.687099][ T30] audit: type=1804 audit(4294967398.250:11): pid=11681 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.983" name="/newroot/244/file0" dev="tmpfs" ino=1270 res=1 errno=0 [ 451.681334][T11694] crash hp: kexec_trylock() failed, kdump image may be inaccurate [ 452.453436][ T7751] Bluetooth: hci3: command 0x2016 tx timeout [ 452.891937][T11713] program syz.0.988 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 454.111945][T11692] kexec: Could not allocate control_code_buffer [ 455.084578][T11748] Invalid ELF header magic: != ELF [ 455.551209][T11762] netlink: 330 bytes leftover after parsing attributes in process `syz.0.995'. [ 455.599788][T11762] : renamed from ip6tnl0 (while UP) [ 455.759015][ T52] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 456.709287][ T7751] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 457.181348][T11799] pim6reg: entered allmulticast mode [ 457.792321][T11807] netlink: 186 bytes leftover after parsing attributes in process `syz.0.1002'. [ 457.811272][ T7751] Bluetooth: hci0: command 0x2016 tx timeout [ 458.752441][ T52] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 458.760120][ T52] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:0' [ 458.770365][ T52] CPU: 1 UID: 0 PID: 52 Comm: kworker/u9:0 Tainted: G L syzkaller #0 PREEMPT(full) [ 458.770391][ T52] Tainted: [L]=SOFTLOCKUP [ 458.770397][ T52] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 458.770407][ T52] Workqueue: hci3 hci_rx_work [ 458.770428][ T52] Call Trace: [ 458.770434][ T52] [ 458.770440][ T52] dump_stack_lvl+0x100/0x190 [ 458.770460][ T52] sysfs_warn_dup.cold+0x1c/0x28 [ 458.770481][ T52] sysfs_create_dir_ns+0x24b/0x2b0 [ 458.770500][ T52] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 458.770518][ T52] ? find_held_lock+0x2b/0x80 [ 458.770532][ T52] ? kobject_add_internal+0x25f/0x930 [ 458.770552][ T52] ? kobject_add_internal+0x25f/0x930 [ 458.770573][ T52] ? do_raw_spin_unlock+0x145/0x1e0 [ 458.770596][ T52] kobject_add_internal+0x2c8/0x930 [ 458.770619][ T52] kobject_add+0x16a/0x1e0 [ 458.770638][ T52] ? __pfx_kobject_add+0x10/0x10 [ 458.770657][ T52] ? class_to_subsys+0x10f/0x150 [ 458.770680][ T52] ? kobject_put+0xb9/0x640 [ 458.770696][ T52] ? _raw_spin_unlock+0x28/0x50 [ 458.770716][ T52] device_add+0x294/0x1950 [ 458.770736][ T52] ? __pfx_dev_set_name+0x10/0x10 [ 458.770750][ T52] ? __pfx_device_add+0x10/0x10 [ 458.770769][ T52] ? mgmt_send_event_skb+0x2fb/0x460 [ 458.770792][ T52] hci_conn_add_sysfs+0x1a3/0x260 [ 458.770813][ T52] le_conn_complete_evt+0x11cb/0x1f40 [ 458.770836][ T52] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 458.770853][ T52] ? __pfx_bt_warn+0x10/0x10 [ 458.770878][ T52] hci_le_conn_complete_evt+0x23c/0x3a0 [ 458.770906][ T52] ? skb_pull_data+0x15f/0x1e0 [ 458.770926][ T52] hci_le_meta_evt+0x34a/0x5f0 [ 458.770947][ T52] ? __pfx_hci_le_conn_complete_evt+0x10/0x10 [ 458.770969][ T52] hci_event_packet+0x682/0x11c0 [ 458.770987][ T52] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 458.771008][ T52] ? __pfx_hci_event_packet+0x10/0x10 [ 458.771028][ T52] ? kcov_remote_start+0x374/0x660 [ 458.771043][ T52] ? lockdep_hardirqs_on+0x78/0x100 [ 458.771064][ T52] hci_rx_work+0x451/0xfc0 [ 458.771085][ T52] process_one_work+0x9c2/0x1840 [ 458.771114][ T52] ? __pfx_process_one_work+0x10/0x10 [ 458.771141][ T52] ? assign_work+0x19c/0x250 [ 458.771162][ T52] worker_thread+0x5da/0xe40 [ 458.771191][ T52] ? kthread+0x17d/0x730 [ 458.771208][ T52] ? __pfx_worker_thread+0x10/0x10 [ 458.771228][ T52] kthread+0x3b3/0x730 [ 458.771248][ T52] ? __pfx_kthread+0x10/0x10 [ 458.771266][ T52] ? ret_from_fork+0x79/0xaf0 [ 458.771280][ T52] ? ret_from_fork+0x79/0xaf0 [ 458.771293][ T52] ? rcu_is_watching+0x12/0xc0 [ 458.771307][ T52] ? __pfx_kthread+0x10/0x10 [ 458.771328][ T52] ret_from_fork+0x754/0xaf0 [ 458.771342][ T52] ? __pfx_ret_from_fork+0x10/0x10 [ 458.771358][ T52] ? __switch_to+0x7b9/0x10c0 [ 458.771375][ T52] ? __pfx_kthread+0x10/0x10 [ 458.771396][ T52] ret_from_fork_asm+0x1a/0x30 [ 458.771425][ T52] [ 458.771445][ T52] kobject: kobject_add_internal failed for hci3:0 with -EEXIST, don't try to register things with the same name in the same directory. [ 459.073016][ T52] Bluetooth: hci3: failed to register connection device [ 459.082376][ T52] Bluetooth: hci3: command 0x2016 tx timeout [ 459.206691][T11817] Invalid ELF header magic: != ELF [ 459.890796][ T52] Bluetooth: hci0: command 0x2016 tx timeout [ 459.964130][ T52] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 459.971795][ T52] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:0' [ 459.981174][ T52] CPU: 1 UID: 0 PID: 52 Comm: kworker/u9:0 Tainted: G L syzkaller #0 PREEMPT(full) [ 459.981199][ T52] Tainted: [L]=SOFTLOCKUP [ 459.981204][ T52] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 459.981215][ T52] Workqueue: hci3 hci_rx_work [ 459.981236][ T52] Call Trace: [ 459.981242][ T52] [ 459.981248][ T52] dump_stack_lvl+0x100/0x190 [ 459.981268][ T52] sysfs_warn_dup.cold+0x1c/0x28 [ 459.981289][ T52] sysfs_create_dir_ns+0x24b/0x2b0 [ 459.981308][ T52] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 459.981325][ T52] ? find_held_lock+0x2b/0x80 [ 459.981340][ T52] ? kobject_add_internal+0x25f/0x930 [ 459.981359][ T52] ? kobject_add_internal+0x25f/0x930 [ 459.981381][ T52] ? do_raw_spin_unlock+0x145/0x1e0 [ 459.981404][ T52] kobject_add_internal+0x2c8/0x930 [ 459.981426][ T52] kobject_add+0x16a/0x1e0 [ 459.981445][ T52] ? __pfx_kobject_add+0x10/0x10 [ 459.981464][ T52] ? class_to_subsys+0x10f/0x150 [ 459.981487][ T52] ? kobject_put+0xb9/0x640 [ 459.981503][ T52] ? _raw_spin_unlock+0x28/0x50 [ 459.981523][ T52] device_add+0x294/0x1950 [ 459.981542][ T52] ? __pfx_dev_set_name+0x10/0x10 [ 459.981557][ T52] ? __pfx_device_add+0x10/0x10 [ 459.981577][ T52] ? mgmt_send_event_skb+0x2fb/0x460 [ 459.981600][ T52] hci_conn_add_sysfs+0x1a3/0x260 [ 459.981621][ T52] le_conn_complete_evt+0x11cb/0x1f40 [ 459.981644][ T52] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 459.981660][ T52] ? __pfx_bt_warn+0x10/0x10 [ 459.981686][ T52] hci_le_conn_complete_evt+0x23c/0x3a0 [ 459.981705][ T52] ? skb_pull_data+0x15f/0x1e0 [ 459.981724][ T52] hci_le_meta_evt+0x34a/0x5f0 [ 459.981744][ T52] ? __pfx_hci_le_conn_complete_evt+0x10/0x10 [ 459.981764][ T52] hci_event_packet+0x682/0x11c0 [ 459.981783][ T52] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 459.981804][ T52] ? __pfx_hci_event_packet+0x10/0x10 [ 459.981824][ T52] ? kcov_remote_start+0x374/0x660 [ 459.981839][ T52] ? lockdep_hardirqs_on+0x78/0x100 [ 459.981860][ T52] hci_rx_work+0x451/0xfc0 [ 459.981881][ T52] process_one_work+0x9c2/0x1840 [ 459.981911][ T52] ? __pfx_process_one_work+0x10/0x10 [ 459.981938][ T52] ? assign_work+0x19c/0x250 [ 459.981959][ T52] worker_thread+0x5da/0xe40 [ 459.981987][ T52] ? kthread+0x17d/0x730 [ 459.982005][ T52] ? __pfx_worker_thread+0x10/0x10 [ 459.982025][ T52] kthread+0x3b3/0x730 [ 459.982056][ T52] ? __pfx_kthread+0x10/0x10 [ 459.982076][ T52] ? ret_from_fork+0x79/0xaf0 [ 459.982090][ T52] ? ret_from_fork+0x79/0xaf0 [ 459.982104][ T52] ? rcu_is_watching+0x12/0xc0 [ 459.982118][ T52] ? __pfx_kthread+0x10/0x10 [ 459.982139][ T52] ret_from_fork+0x754/0xaf0 [ 459.982154][ T52] ? __pfx_ret_from_fork+0x10/0x10 [ 459.982169][ T52] ? __switch_to+0x7b9/0x10c0 [ 459.982187][ T52] ? __pfx_kthread+0x10/0x10 [ 459.982207][ T52] ret_from_fork_asm+0x1a/0x30 [ 459.982237][ T52] [ 459.982258][ T52] kobject: kobject_add_internal failed for hci3:0 with -EEXIST, don't try to register things with the same name in the same directory. [ 460.281703][ T52] Bluetooth: hci3: failed to register connection device [ 461.166159][ T7751] Bluetooth: hci3: command 0x2016 tx timeout [ 463.263470][ T7751] Bluetooth: hci3: command 0x2016 tx timeout [ 463.822007][T11906] program syz.1.1017 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 465.072910][ T7751] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 465.185293][T11928] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1022'. [ 465.223604][T11928] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 465.231021][T11928] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 465.255132][T11933] FAULT_INJECTION: forcing a failure. [ 465.255132][T11933] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 465.316481][T11933] CPU: 1 UID: 0 PID: 11933 Comm: syz.2.1022 Tainted: G L syzkaller #0 PREEMPT(full) [ 465.316528][T11933] Tainted: [L]=SOFTLOCKUP [ 465.316537][T11933] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 465.316554][T11933] Call Trace: [ 465.316564][T11933] [ 465.316575][T11933] dump_stack_lvl+0x100/0x190 [ 465.316615][T11933] should_fail_ex.cold+0x5/0xa [ 465.316664][T11933] ? prepare_alloc_pages+0x16d/0x5f0 [ 465.316713][T11933] should_fail_alloc_page+0xeb/0x140 [ 465.316758][T11933] prepare_alloc_pages+0x1f0/0x5f0 [ 465.316801][T11933] ? rcu_is_watching+0x12/0xc0 [ 465.316834][T11933] __alloc_frozen_pages_noprof+0x193/0x2410 [ 465.316872][T11933] ? __lock_acquire+0x4a5/0x2630 [ 465.316923][T11933] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 465.316958][T11933] ? do_raw_spin_lock+0x128/0x260 [ 465.317000][T11933] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 465.317042][T11933] ? find_held_lock+0x2b/0x80 [ 465.317080][T11933] ? __lock_acquire+0x4a5/0x2630 [ 465.317116][T11933] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 465.317149][T11933] ? policy_nodemask+0xed/0x4f0 [ 465.317190][T11933] alloc_pages_mpol+0x1fb/0x550 [ 465.317231][T11933] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 465.317271][T11933] ? __folio_batch_add_and_move+0x5e5/0xc60 [ 465.317313][T11933] ? __folio_batch_add_and_move+0x5e5/0xc60 [ 465.317359][T11933] folio_alloc_mpol_noprof+0x36/0x340 [ 465.317405][T11933] shmem_alloc_folio+0x135/0x160 [ 465.317437][T11933] shmem_alloc_and_add_folio+0x371/0xd40 [ 465.317481][T11933] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 465.317519][T11933] ? shmem_allowable_huge_orders+0x2bd/0x400 [ 465.317563][T11933] shmem_get_folio_gfp+0x6ab/0x1900 [ 465.317606][T11933] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 465.317648][T11933] ? filemap_map_pages+0x9e0/0x2110 [ 465.317690][T11933] shmem_fault+0x1f9/0xa20 [ 465.317724][T11933] ? __lock_acquire+0x4a5/0x2630 [ 465.317761][T11933] ? __pfx_shmem_fault+0x10/0x10 [ 465.317802][T11933] ? __pfx_filemap_map_pages+0x10/0x10 [ 465.317848][T11933] __do_fault+0x10d/0x550 [ 465.317889][T11933] do_fault+0xaf9/0x1990 [ 465.317937][T11933] __handle_mm_fault+0x1807/0x2b50 [ 465.317973][T11933] ? mt_find+0x45e/0x8e0 [ 465.318008][T11933] ? __pfx___handle_mm_fault+0x10/0x10 [ 465.318033][T11933] ? __pfx_mt_find+0x10/0x10 [ 465.318083][T11933] ? find_vma+0xbf/0x140 [ 465.318117][T11933] ? __pfx_find_vma+0x10/0x10 [ 465.318154][T11933] handle_mm_fault+0x36d/0xa20 [ 465.318186][T11933] do_user_addr_fault+0x74c/0x12f0 [ 465.318222][T11933] exc_page_fault+0x6f/0xd0 [ 465.318251][T11933] asm_exc_page_fault+0x26/0x30 [ 465.318275][T11933] RIP: 0010:rep_movs_alternative+0x4a/0x90 [ 465.318312][T11933] Code: cc cc cc 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 73 e8 eb c5 a4 c3 cc cc cc cc 48 8b 06 48 89 07 48 8d 47 08 48 83 e0 f8 48 [ 465.318337][T11933] RSP: 0018:ffffc9000b767d38 EFLAGS: 00050206 [ 465.318358][T11933] RAX: 0000000000000001 RBX: 0000000000001fe4 RCX: 0000000000003b84 [ 465.318373][T11933] RDX: 0000000000000001 RSI: 0000000000006000 RDI: ffffc9000b75407c [ 465.318388][T11933] RBP: 0000000000007ba0 R08: 0000000000000001 R09: fffff520016eaf7f [ 465.318404][T11933] R10: ffffc9000b757bff R11: 0000000000000000 R12: 0000000000000000 [ 465.318418][T11933] R13: ffffc9000b750060 R14: 0000000000007ba0 R15: ffffc9000b750060 [ 465.318450][T11933] _copy_from_user+0x98/0xd0 [ 465.318487][T11933] bpf_prog_create_from_user+0x109/0x2f0 [ 465.318513][T11933] ? __pfx_seccomp_check_filter+0x10/0x10 [ 465.318548][T11933] do_seccomp+0x7f7/0x2740 [ 465.318588][T11933] ? __pfx_do_seccomp+0x10/0x10 [ 465.318624][T11933] ? xfd_validate_state+0x129/0x190 [ 465.318680][T11933] do_syscall_64+0xc9/0xf80 [ 465.318712][T11933] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 465.318736][T11933] RIP: 0033:0x7fae22b9af79 [ 465.318756][T11933] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 465.318779][T11933] RSP: 002b:00007fae239d7028 EFLAGS: 00000246 ORIG_RAX: 000000000000013d [ 465.318801][T11933] RAX: ffffffffffffffda RBX: 00007fae22e16180 RCX: 00007fae22b9af79 [ 465.318817][T11933] RDX: 0000200000000100 RSI: 0000000000000000 RDI: 0000000000000001 [ 465.318832][T11933] RBP: 00007fae22c316e0 R08: 0000000000000000 R09: 0000000000000000 [ 465.318848][T11933] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 465.318862][T11933] R13: 00007fae22e16218 R14: 00007fae22e16180 R15: 00007ffd7f7d1538 [ 465.318896][T11933] [ 465.773534][ T52] Bluetooth: hci3: command 0x2016 tx timeout [ 465.848733][T11928] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 465.879195][T11928] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 467.144096][ T5832] Bluetooth: hci0: command 0x2016 tx timeout [ 467.365453][T11957] program syz.3.1027 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 467.519096][T11963] binder: 11962:11963 ioctl 4018620d ffffffffffffffff returned -22 [ 467.804680][ T5832] Bluetooth: hci3: command 0x2016 tx timeout [ 468.088332][T11971] bridge0: port 4(netdevsim0) entered blocking state [ 468.095257][T11971] bridge0: port 4(netdevsim0) entered disabled state [ 468.108161][T11971] netdevsim netdevsim1 netdevsim0: entered allmulticast mode [ 468.155957][T11971] netdevsim netdevsim1 netdevsim0: entered promiscuous mode [ 468.185568][T11971] FAULT_INJECTION: forcing a failure. [ 468.185568][T11971] name failslab, interval 1, probability 0, space 0, times 0 [ 468.198324][T11971] CPU: 0 UID: 0 PID: 11971 Comm: syz.1.1032 Tainted: G L syzkaller #0 PREEMPT(full) [ 468.198348][T11971] Tainted: [L]=SOFTLOCKUP [ 468.198354][T11971] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 468.198362][T11971] Call Trace: [ 468.198368][T11971] [ 468.198374][T11971] dump_stack_lvl+0x100/0x190 [ 468.198395][T11971] should_fail_ex.cold+0x5/0xa [ 468.198420][T11971] should_failslab+0xc2/0x120 [ 468.198440][T11971] kmem_cache_alloc_noprof+0x83/0x780 [ 468.198459][T11971] ? fdb_create+0x22f/0x1960 [ 468.198478][T11971] ? fdb_create+0x22f/0x1960 [ 468.198492][T11971] fdb_create+0x22f/0x1960 [ 468.198512][T11971] ? __pfx_fdb_create+0x10/0x10 [ 468.198532][T11971] fdb_add_local+0x155/0x1c0 [ 468.198549][T11971] br_fdb_add_local+0x39/0x60 [ 468.198567][T11971] __vlan_add+0x1820/0x2dd0 [ 468.198593][T11971] ? __pfx___vlan_add+0x10/0x10 [ 468.198616][T11971] nbp_vlan_add+0x258/0x3e0 [ 468.198635][T11971] nbp_vlan_init+0x373/0x500 [ 468.198654][T11971] ? __pfx_nbp_vlan_init+0x10/0x10 [ 468.198674][T11971] ? __local_bh_enable_ip+0x9e/0x120 [ 468.198692][T11971] ? lockdep_hardirqs_on+0x78/0x100 [ 468.198709][T11971] ? br_fdb_add_local+0x43/0x60 [ 468.198724][T11971] ? __local_bh_enable_ip+0x9e/0x120 [ 468.198744][T11971] br_add_if+0xf79/0x1b40 [ 468.198767][T11971] add_del_if+0x114/0x160 [ 468.198788][T11971] br_dev_siocdevprivate+0x8ac/0x1650 [ 468.198809][T11971] ? __lock_acquire+0x4a5/0x2630 [ 468.198828][T11971] ? __pfx_br_dev_siocdevprivate+0x10/0x10 [ 468.198854][T11971] ? do_raw_spin_lock+0x128/0x260 [ 468.198878][T11971] ? mark_held_locks+0x40/0x70 [ 468.198899][T11971] ? netdev_name_node_lookup+0x107/0x150 [ 468.198917][T11971] ? __mutex_lock+0x26a/0x1b90 [ 468.198936][T11971] dev_ifsioc+0xc15/0x1eb0 [ 468.198958][T11971] ? __pfx_dev_ifsioc+0x10/0x10 [ 468.198977][T11971] ? __pfx___mutex_lock+0x10/0x10 [ 468.199001][T11971] ? dev_load+0x8e/0x240 [ 468.199019][T11971] ? dev_load+0x8e/0x240 [ 468.199041][T11971] dev_ioctl+0x70e/0x1070 [ 468.199061][T11971] sock_ioctl+0x494/0x6b0 [ 468.199079][T11971] ? __pfx_sock_ioctl+0x10/0x10 [ 468.199102][T11971] ? __pfx_sock_ioctl+0x10/0x10 [ 468.199120][T11971] __x64_sys_ioctl+0x18e/0x210 [ 468.199143][T11971] do_syscall_64+0xc9/0xf80 [ 468.199162][T11971] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 468.199187][T11971] RIP: 0033:0x7f93d1f9af79 [ 468.199200][T11971] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 468.199215][T11971] RSP: 002b:00007f93d2eda028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 468.199230][T11971] RAX: ffffffffffffffda RBX: 00007f93d2215fa0 RCX: 00007f93d1f9af79 [ 468.199241][T11971] RDX: 0000200000000040 RSI: 00000000000089fc RDI: 0000000000000007 [ 468.199250][T11971] RBP: 00007f93d20316e0 R08: 0000000000000000 R09: 0000000000000000 [ 468.199260][T11971] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 468.199269][T11971] R13: 00007f93d2216038 R14: 00007f93d2215fa0 R15: 00007ffea4dd7498 [ 468.199288][T11971] [ 468.555184][T11971] bridge0: failed insert local address into bridge forwarding table [ 468.582564][T11971] netdevsim netdevsim1 netdevsim0: failed to initialize vlan filtering on this port [ 468.595017][T11971] netdevsim netdevsim1 netdevsim0: left allmulticast mode [ 468.737622][ T12] EXT4-fs (sda1): Delayed block allocation failed for inode 2027 at logical offset 1361 with max blocks 3 with error 117 [ 468.888719][ T12] EXT4-fs (sda1): This should not happen!! Data will be lost [ 468.888719][ T12] [ 469.163469][ T5832] Bluetooth: hci0: command 0x2016 tx timeout [ 469.343727][ T7751] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18 [ 469.888142][ T7751] Bluetooth: hci3: command 0x2016 tx timeout [ 469.989781][T11995] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input22 [ 470.405724][T12000] program syz.1.1035 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 470.958141][ T7751] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18 [ 470.966015][ T7751] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:0' [ 470.977460][ T7751] CPU: 0 UID: 0 PID: 7751 Comm: kworker/u9:7 Tainted: G L syzkaller #0 PREEMPT(full) [ 470.977501][ T7751] Tainted: [L]=SOFTLOCKUP [ 470.977507][ T7751] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 470.977517][ T7751] Workqueue: hci2 hci_rx_work [ 470.977540][ T7751] Call Trace: [ 470.977545][ T7751] [ 470.977552][ T7751] dump_stack_lvl+0x100/0x190 [ 470.977572][ T7751] sysfs_warn_dup.cold+0x1c/0x28 [ 470.977592][ T7751] sysfs_create_dir_ns+0x24b/0x2b0 [ 470.977612][ T7751] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 470.977630][ T7751] ? find_held_lock+0x2b/0x80 [ 470.977645][ T7751] ? kobject_add_internal+0x25f/0x930 [ 470.977665][ T7751] ? kobject_add_internal+0x25f/0x930 [ 470.977686][ T7751] ? do_raw_spin_unlock+0x145/0x1e0 [ 470.977709][ T7751] kobject_add_internal+0x2c8/0x930 [ 470.977731][ T7751] kobject_add+0x16a/0x1e0 [ 470.977750][ T7751] ? __pfx_kobject_add+0x10/0x10 [ 470.977769][ T7751] ? class_to_subsys+0x10f/0x150 [ 470.977792][ T7751] ? kobject_put+0xb9/0x640 [ 470.977808][ T7751] ? _raw_spin_unlock+0x28/0x50 [ 470.977828][ T7751] device_add+0x294/0x1950 [ 470.977848][ T7751] ? __pfx_dev_set_name+0x10/0x10 [ 470.977862][ T7751] ? __pfx_device_add+0x10/0x10 [ 470.977882][ T7751] ? mgmt_send_event_skb+0x2fb/0x460 [ 470.977905][ T7751] hci_conn_add_sysfs+0x1a3/0x260 [ 470.977926][ T7751] le_conn_complete_evt+0x11cb/0x1f40 [ 470.977949][ T7751] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 470.977965][ T7751] ? __pfx_bt_warn+0x10/0x10 [ 470.978001][ T7751] hci_le_conn_complete_evt+0x23c/0x3a0 [ 470.978020][ T7751] ? skb_pull_data+0x15f/0x1e0 [ 470.978040][ T7751] hci_le_meta_evt+0x34a/0x5f0 [ 470.978059][ T7751] ? __pfx_hci_le_conn_complete_evt+0x10/0x10 [ 470.978081][ T7751] hci_event_packet+0x682/0x11c0 [ 470.978100][ T7751] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 470.978120][ T7751] ? __pfx_hci_event_packet+0x10/0x10 [ 470.978140][ T7751] ? kcov_remote_start+0x374/0x660 [ 470.978155][ T7751] ? lockdep_hardirqs_on+0x78/0x100 [ 470.978176][ T7751] hci_rx_work+0x451/0xfc0 [ 470.978197][ T7751] process_one_work+0x9c2/0x1840 [ 470.978226][ T7751] ? __pfx_process_one_work+0x10/0x10 [ 470.978253][ T7751] ? assign_work+0x19c/0x250 [ 470.978275][ T7751] worker_thread+0x5da/0xe40 [ 470.978301][ T7751] ? __pfx_worker_thread+0x10/0x10 [ 470.978322][ T7751] ? kthread+0x17d/0x730 [ 470.978340][ T7751] ? __pfx_worker_thread+0x10/0x10 [ 470.978360][ T7751] kthread+0x3b3/0x730 [ 470.978380][ T7751] ? __pfx_kthread+0x10/0x10 [ 470.978398][ T7751] ? ret_from_fork+0x79/0xaf0 [ 470.978412][ T7751] ? ret_from_fork+0x79/0xaf0 [ 470.978425][ T7751] ? rcu_is_watching+0x12/0xc0 [ 470.978440][ T7751] ? __pfx_kthread+0x10/0x10 [ 470.978460][ T7751] ret_from_fork+0x754/0xaf0 [ 470.978475][ T7751] ? __pfx_ret_from_fork+0x10/0x10 [ 470.978489][ T7751] ? rcu_is_watching+0x12/0xc0 [ 470.978503][ T7751] ? __switch_to+0x7b9/0x10c0 [ 470.978520][ T7751] ? __pfx_kthread+0x10/0x10 [ 470.978541][ T7751] ret_from_fork_asm+0x1a/0x30 [ 470.978571][ T7751] [ 470.978591][ T7751] kobject: kobject_add_internal failed for hci2:0 with -EEXIST, don't try to register things with the same name in the same directory. [ 471.293626][ T7751] Bluetooth: hci2: failed to register connection device [ 471.403508][ T7751] Bluetooth: hci2: command 0x2016 tx timeout [ 472.499283][T12029] vhci_hcd vhci_hcd.3: USB_PORT_FEAT_SUSPEND req not supported for USB 3.0 roothub [ 472.599462][ T7751] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18 [ 472.607235][ T7751] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:0' [ 472.617848][ T7751] CPU: 0 UID: 0 PID: 7751 Comm: kworker/u9:7 Tainted: G L syzkaller #0 PREEMPT(full) [ 472.617891][ T7751] Tainted: [L]=SOFTLOCKUP [ 472.617901][ T7751] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 472.617919][ T7751] Workqueue: hci2 hci_rx_work [ 472.617959][ T7751] Call Trace: [ 472.617976][ T7751] [ 472.617987][ T7751] dump_stack_lvl+0x100/0x190 [ 472.618025][ T7751] sysfs_warn_dup.cold+0x1c/0x28 [ 472.618062][ T7751] sysfs_create_dir_ns+0x24b/0x2b0 [ 472.618099][ T7751] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 472.618132][ T7751] ? find_held_lock+0x2b/0x80 [ 472.618158][ T7751] ? kobject_add_internal+0x25f/0x930 [ 472.618196][ T7751] ? kobject_add_internal+0x25f/0x930 [ 472.618237][ T7751] ? do_raw_spin_unlock+0x145/0x1e0 [ 472.618282][ T7751] kobject_add_internal+0x2c8/0x930 [ 472.618327][ T7751] kobject_add+0x16a/0x1e0 [ 472.618363][ T7751] ? __pfx_kobject_add+0x10/0x10 [ 472.618399][ T7751] ? class_to_subsys+0x10f/0x150 [ 472.618444][ T7751] ? kobject_put+0xb9/0x640 [ 472.618477][ T7751] ? _raw_spin_unlock+0x28/0x50 [ 472.618515][ T7751] device_add+0x294/0x1950 [ 472.618554][ T7751] ? __pfx_dev_set_name+0x10/0x10 [ 472.618580][ T7751] ? __pfx_device_add+0x10/0x10 [ 472.618619][ T7751] ? mgmt_send_event_skb+0x2fb/0x460 [ 472.618663][ T7751] hci_conn_add_sysfs+0x1a3/0x260 [ 472.618705][ T7751] le_conn_complete_evt+0x11cb/0x1f40 [ 472.618750][ T7751] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 472.618779][ T7751] ? __pfx_bt_warn+0x10/0x10 [ 472.618825][ T7751] hci_le_conn_complete_evt+0x23c/0x3a0 [ 472.618859][ T7751] ? skb_pull_data+0x15f/0x1e0 [ 472.618895][ T7751] hci_le_meta_evt+0x34a/0x5f0 [ 472.618934][ T7751] ? __pfx_hci_le_conn_complete_evt+0x10/0x10 [ 472.618981][ T7751] hci_event_packet+0x682/0x11c0 [ 472.619017][ T7751] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 472.619056][ T7751] ? __pfx_hci_event_packet+0x10/0x10 [ 472.619095][ T7751] ? kcov_remote_start+0x374/0x660 [ 472.619123][ T7751] ? lockdep_hardirqs_on+0x78/0x100 [ 472.619164][ T7751] hci_rx_work+0x451/0xfc0 [ 472.619206][ T7751] process_one_work+0x9c2/0x1840 [ 472.619261][ T7751] ? __pfx_process_one_work+0x10/0x10 [ 472.619313][ T7751] ? assign_work+0x19c/0x250 [ 472.619351][ T7751] worker_thread+0x5da/0xe40 [ 472.619400][ T7751] ? __pfx_worker_thread+0x10/0x10 [ 472.619442][ T7751] ? kthread+0x17d/0x730 [ 472.619477][ T7751] ? __pfx_worker_thread+0x10/0x10 [ 472.619515][ T7751] kthread+0x3b3/0x730 [ 472.619559][ T7751] ? __pfx_kthread+0x10/0x10 [ 472.619596][ T7751] ? ret_from_fork+0x79/0xaf0 [ 472.619622][ T7751] ? ret_from_fork+0x79/0xaf0 [ 472.619648][ T7751] ? rcu_is_watching+0x12/0xc0 [ 472.619676][ T7751] ? __pfx_kthread+0x10/0x10 [ 472.619716][ T7751] ret_from_fork+0x754/0xaf0 [ 472.619744][ T7751] ? __pfx_ret_from_fork+0x10/0x10 [ 472.619771][ T7751] ? rcu_is_watching+0x12/0xc0 [ 472.619798][ T7751] ? __switch_to+0x7b9/0x10c0 [ 472.619833][ T7751] ? __pfx_kthread+0x10/0x10 [ 472.619874][ T7751] ret_from_fork_asm+0x1a/0x30 [ 472.619933][ T7751] [ 472.619962][ T7751] kobject: kobject_add_internal failed for hci2:0 with -EEXIST, don't try to register things with the same name in the same directory. [ 472.933473][ T7751] Bluetooth: hci2: failed to register connection device [ 473.493711][ T7751] Bluetooth: hci2: command 0x2016 tx timeout [ 474.999754][T12068] program syz.0.1053 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 475.171414][ T7751] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 475.573498][ T7751] Bluetooth: hci2: command 0x2016 tx timeout [ 476.971673][T12097] program syz.2.1061 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 477.247303][ T5832] Bluetooth: hci0: command 0x2016 tx timeout [ 477.643481][ T5832] Bluetooth: hci2: command 0x2016 tx timeout [ 478.034788][T12115] futex_wake_op: syz.2.1064 tries to shift op by -1; fix this program [ 478.044465][T12115] FAULT_INJECTION: forcing a failure. [ 478.044465][T12115] name failslab, interval 1, probability 0, space 0, times 0 [ 478.102886][T12115] CPU: 1 UID: 0 PID: 12115 Comm: syz.2.1064 Tainted: G L syzkaller #0 PREEMPT(full) [ 478.102913][T12115] Tainted: [L]=SOFTLOCKUP [ 478.102918][T12115] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 478.102927][T12115] Call Trace: [ 478.102933][T12115] [ 478.102939][T12115] dump_stack_lvl+0x100/0x190 [ 478.102968][T12115] should_fail_ex.cold+0x5/0xa [ 478.102993][T12115] should_failslab+0xc2/0x120 [ 478.103015][T12115] kmem_cache_alloc_noprof+0x83/0x780 [ 478.103033][T12115] ? fsnotify_add_mark_locked+0x2fd/0xfc0 [ 478.103053][T12115] ? fsnotify_add_mark_locked+0x30e/0xfc0 [ 478.103076][T12115] ? fsnotify_add_mark_locked+0x30e/0xfc0 [ 478.103095][T12115] fsnotify_add_mark_locked+0x30e/0xfc0 [ 478.103119][T12115] do_fanotify_mark+0x3033/0x4010 [ 478.103142][T12115] ? __pfx_do_fanotify_mark+0x10/0x10 [ 478.103158][T12115] ? __x64_sys_futex+0x358/0x4d0 [ 478.103179][T12115] ? arch_syscall_is_vdso_sigreturn+0xb6/0x200 [ 478.103203][T12115] ? syscall_user_dispatch+0x76/0x130 [ 478.103227][T12115] __x64_sys_fanotify_mark+0xbd/0x160 [ 478.103241][T12115] ? do_syscall_64+0x94/0xf80 [ 478.103260][T12115] do_syscall_64+0xc9/0xf80 [ 478.103278][T12115] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 478.103293][T12115] RIP: 0033:0x7fae22b9af79 [ 478.103306][T12115] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 478.103320][T12115] RSP: 002b:00007fae23a19028 EFLAGS: 00000246 ORIG_RAX: 000000000000012d [ 478.103335][T12115] RAX: ffffffffffffffda RBX: 00007fae22e15fa0 RCX: 00007fae22b9af79 [ 478.103345][T12115] RDX: 0000000000008009 RSI: 0000000000000105 RDI: 0000000000000000 [ 478.103354][T12115] RBP: 00007fae22c316e0 R08: 0000000000000000 R09: 0000000000000000 [ 478.103362][T12115] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 478.103377][T12115] R13: 00007fae22e16038 R14: 00007fae22e15fa0 R15: 00007ffd7f7d1538 [ 478.103411][T12115] [ 479.323571][ T5832] Bluetooth: hci0: command 0x2016 tx timeout [ 479.535713][T12135] program syz.3.1066 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 479.723610][ T52] Bluetooth: hci2: command 0x2016 tx timeout [ 479.858844][T12140] netlink: 350 bytes leftover after parsing attributes in process `syz.2.1067'. [ 480.119481][ T52] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 480.373679][T12149] FAULT_INJECTION: forcing a failure. [ 480.373679][T12149] name fail_futex, interval 1, probability 0, space 0, times 1 [ 480.443491][T12149] CPU: 1 UID: 7 PID: 12149 Comm: syz.2.1069 Tainted: G L syzkaller #0 PREEMPT(full) [ 480.443537][T12149] Tainted: [L]=SOFTLOCKUP [ 480.443547][T12149] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 480.443563][T12149] Call Trace: [ 480.443573][T12149] [ 480.443584][T12149] dump_stack_lvl+0x100/0x190 [ 480.443624][T12149] should_fail_ex.cold+0x5/0xa [ 480.443670][T12149] get_futex_key+0x1d2/0x1620 [ 480.443712][T12149] ? __pfx_get_futex_key+0x10/0x10 [ 480.443742][T12149] ? __lock_acquire+0x4a5/0x2630 [ 480.443790][T12149] futex_wake+0xea/0x530 [ 480.443828][T12149] ? lock_acquire+0x17c/0x330 [ 480.443866][T12149] ? __pfx_futex_wake+0x10/0x10 [ 480.443920][T12149] ? proc_id_connector+0x2ed/0x650 [ 480.443967][T12149] do_futex+0x32b/0x350 [ 480.444005][T12149] ? __pfx_do_futex+0x10/0x10 [ 480.444054][T12149] __x64_sys_futex+0x34f/0x4d0 [ 480.444098][T12149] ? __pfx___x64_sys_futex+0x10/0x10 [ 480.444142][T12149] ? __sys_setresuid+0x697/0x1280 [ 480.444180][T12149] do_syscall_64+0xc9/0xf80 [ 480.444218][T12149] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 480.444245][T12149] RIP: 0033:0x7fae22b9af79 [ 480.444265][T12149] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 480.444309][T12149] RSP: 002b:00007fae239d70e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 480.444336][T12149] RAX: ffffffffffffffda RBX: 00007fae22e16188 RCX: 00007fae22b9af79 [ 480.444356][T12149] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fae22e1618c [ 480.444374][T12149] RBP: 00007fae22e16180 R08: 0000000000000000 R09: 0000000000000000 [ 480.444390][T12149] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 480.444406][T12149] R13: 00007fae22e16218 R14: 00007ffd7f7d1450 R15: 00007ffd7f7d1538 [ 480.444441][T12149] [ 481.809315][ T52] Bluetooth: hci2: command 0x2016 tx timeout [ 482.203595][ T5832] Bluetooth: hci3: command 0x2016 tx timeout [ 482.271662][T12176] Invalid ELF header magic: != ELF [ 483.239985][ T62] EXT4-fs (sda1): Delayed block allocation failed for inode 2029 at logical offset 1381 with max blocks 17 with error 117 [ 483.298485][ T62] EXT4-fs (sda1): This should not happen!! Data will be lost [ 483.298485][ T62] [ 483.516840][T12191] zswap: compressor not available [ 484.283470][ T52] Bluetooth: hci3: command 0x2016 tx timeout [ 484.683979][ T62] EXT4-fs (sda1): Delayed block allocation failed for inode 2029 at logical offset 918 with max blocks 14 with error 117 [ 484.723244][ T62] EXT4-fs (sda1): This should not happen!! Data will be lost [ 484.723244][ T62] [ 484.881388][ T62] EXT4-fs (sda1): Delayed block allocation failed for inode 2029 at logical offset 913 with max blocks 5 with error 117 [ 484.979161][T12211] FAULT_INJECTION: forcing a failure. [ 484.979161][T12211] name failslab, interval 1, probability 0, space 0, times 0 [ 485.001274][ T62] EXT4-fs (sda1): This should not happen!! Data will be lost [ 485.001274][ T62] [ 485.077574][T12211] CPU: 1 UID: 0 PID: 12211 Comm: syz.2.1080 Tainted: G L syzkaller #0 PREEMPT(full) [ 485.077600][T12211] Tainted: [L]=SOFTLOCKUP [ 485.077605][T12211] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 485.077614][T12211] Call Trace: [ 485.077620][T12211] [ 485.077626][T12211] dump_stack_lvl+0x100/0x190 [ 485.077649][T12211] should_fail_ex.cold+0x5/0xa [ 485.077674][T12211] should_failslab+0xc2/0x120 [ 485.077694][T12211] kmem_cache_alloc_noprof+0x83/0x780 [ 485.077713][T12211] ? kmem_cache_alloc_noprof+0x2a1/0x780 [ 485.077731][T12211] ? anon_vma_fork+0x202/0x620 [ 485.077750][T12211] ? anon_vma_fork+0x202/0x620 [ 485.077764][T12211] anon_vma_fork+0x202/0x620 [ 485.077781][T12211] dup_mmap+0x1182/0x1e20 [ 485.077802][T12211] ? __pfx_dup_mmap+0x10/0x10 [ 485.077827][T12211] copy_process+0x7451/0x7890 [ 485.077855][T12211] ? __pfx_copy_process+0x10/0x10 [ 485.077874][T12211] ? find_held_lock+0x2b/0x80 [ 485.077896][T12211] kernel_clone+0xfc/0x930 [ 485.077914][T12211] ? __pfx_futex_wait+0x10/0x10 [ 485.077929][T12211] ? __pfx_kernel_clone+0x10/0x10 [ 485.077968][T12211] __do_sys_clone+0xd9/0x120 [ 485.077988][T12211] ? __pfx___do_sys_clone+0x10/0x10 [ 485.078008][T12211] ? find_held_lock+0x2b/0x80 [ 485.078029][T12211] ? xfd_validate_state+0x129/0x190 [ 485.078059][T12211] do_syscall_64+0xc9/0xf80 [ 485.078078][T12211] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 485.078094][T12211] RIP: 0033:0x7fae22b9af79 [ 485.078107][T12211] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 485.078121][T12211] RSP: 002b:00007fae23a18fd8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 485.078136][T12211] RAX: ffffffffffffffda RBX: 00007fae22e15fa0 RCX: 00007fae22b9af79 [ 485.078145][T12211] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000002360411 [ 485.078154][T12211] RBP: 00007fae22c316e0 R08: 0000000000000000 R09: 0000000000000000 [ 485.078163][T12211] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 485.078171][T12211] R13: 00007fae22e16038 R14: 00007fae22e15fa0 R15: 00007ffd7f7d1538 [ 485.078191][T12211] [ 486.566599][T12243] program syz.0.1083 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 486.829910][T12269] EXT4-fs (sda1): Delayed block allocation failed for inode 2029 at logical offset 913 with max blocks 1 with error 117 [ 486.888761][T12269] EXT4-fs (sda1): This should not happen!! Data will be lost [ 486.888761][T12269] [ 487.704518][ T5832] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 488.610854][ T30] audit: type=1326 audit(4294967436.250:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12305 comm="syz.0.1093" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fc727d9af79 code=0x0 [ 488.785019][T12310] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. [ 488.785019][T12310] The task syz.0.1093 (12310) triggered the difference, watch for misbehavior. [ 489.280786][T12317] program syz.1.1092 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 489.723654][ T52] Bluetooth: hci3: command 0x2016 tx timeout [ 490.241723][T12330] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 491.813455][ T52] Bluetooth: hci3: command 0x2016 tx timeout [ 494.594955][T12386] program syz.3.1105 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 496.173146][T12399] binder: 12396:12399 ioctl c018620c 0 returned -1 [ 496.867451][T12413] random: crng reseeded on system resumption [ 497.251480][ T5832] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 497.683661][T12418] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.0.1114: iget: checksum invalid [ 497.708899][T12418] faux_driver regulatory: loading /lib/firmware/updates/syzkaller/regulatory.db failed with error -74 [ 497.722345][T12418] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.0.1114: iget: checksum invalid [ 497.738238][T12418] faux_driver regulatory: loading /lib/firmware/updates/regulatory.db failed with error -74 [ 497.749576][T12418] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.0.1114: iget: checksum invalid [ 497.761828][T12418] faux_driver regulatory: loading /lib/firmware/syzkaller/regulatory.db failed with error -74 [ 497.774310][T12418] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.0.1114: iget: checksum invalid [ 497.786494][T12418] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -74 [ 497.813639][T12418] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -74 [ 497.823778][T12418] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 498.986576][T12447] program syz.1.1118 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 499.348262][T12453] ERROR: Out of memory at tomoyo_memory_ok. [ 499.509794][T12460] netlink: 'syz.2.1123': attribute type 11 has an invalid length. [ 499.533665][T12460] netlink: 'syz.2.1123': attribute type 11 has an invalid length. [ 499.554659][T12460] netlink: 'syz.2.1123': attribute type 11 has an invalid length. [ 499.575107][T12460] netlink: 'syz.2.1123': attribute type 11 has an invalid length. [ 499.966490][T12432] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 499.973599][ T52] Bluetooth: hci0: command 0x2016 tx timeout [ 499.983496][T12432] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 499.992987][T12432] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 500.002810][T12432] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 500.199515][ T52] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 501.394180][T12492] block nbd8: shutting down sockets [ 501.407037][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.415231][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 502.043610][ T5826] Bluetooth: hci1: command 0x2016 tx timeout [ 502.043726][ T5824] Bluetooth: hci0: command 0x2016 tx timeout [ 502.056009][ T7751] Bluetooth: hci2: command 0x2016 tx timeout [ 502.062007][ T5832] Bluetooth: hci3: command 0x2016 tx timeout [ 502.268514][T12511] FAULT_INJECTION: forcing a failure. [ 502.268514][T12511] name failslab, interval 1, probability 0, space 0, times 0 [ 502.392232][T12511] CPU: 1 UID: 0 PID: 12511 Comm: syz.2.1134 Tainted: G L syzkaller #0 PREEMPT(full) [ 502.392278][T12511] Tainted: [L]=SOFTLOCKUP [ 502.392288][T12511] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 502.392304][T12511] Call Trace: [ 502.392313][T12511] [ 502.392323][T12511] dump_stack_lvl+0x100/0x190 [ 502.392364][T12511] should_fail_ex.cold+0x5/0xa [ 502.392409][T12511] should_failslab+0xc2/0x120 [ 502.392449][T12511] ? tomoyo_encode2+0xfb/0x3c0 [ 502.392475][T12511] __kmalloc_noprof+0xf6/0x9c0 [ 502.392515][T12511] ? tomoyo_encode2+0xfb/0x3c0 [ 502.392541][T12511] tomoyo_encode2+0xfb/0x3c0 [ 502.392574][T12511] tomoyo_encode+0x29/0x50 [ 502.392600][T12511] tomoyo_realpath_from_path+0x18c/0x690 [ 502.392638][T12511] tomoyo_check_open_permission+0x2af/0x3c0 [ 502.392680][T12511] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 502.392759][T12511] ? do_raw_spin_lock+0x128/0x260 [ 502.392802][T12511] ? path_get+0x61/0x80 [ 502.392842][T12511] tomoyo_file_open+0x6b/0x90 [ 502.392876][T12511] security_file_open+0xb5/0x1e0 [ 502.392911][T12511] do_dentry_open+0x58c/0x1570 [ 502.392948][T12511] ? security_inode_permission+0xbf/0x250 [ 502.392995][T12511] vfs_open+0x82/0x3f0 [ 502.393039][T12511] path_openat+0x21dc/0x3120 [ 502.393085][T12511] ? __pfx_path_openat+0x10/0x10 [ 502.393132][T12511] do_filp_open+0x1f7/0x420 [ 502.393167][T12511] ? __pfx_do_filp_open+0x10/0x10 [ 502.393225][T12511] ? _raw_spin_unlock+0x28/0x50 [ 502.393254][T12511] ? alloc_fd+0x476/0x790 [ 502.393296][T12511] do_sys_openat2+0x12e/0x220 [ 502.393339][T12511] ? __pfx_do_sys_openat2+0x10/0x10 [ 502.393385][T12511] ? blkcg_maybe_throttle_current+0x5df/0xeb0 [ 502.393429][T12511] __x64_sys_openat+0x12d/0x210 [ 502.393473][T12511] ? __pfx___x64_sys_openat+0x10/0x10 [ 502.393514][T12511] ? xfd_validate_state+0x129/0x190 [ 502.393571][T12511] do_syscall_64+0xc9/0xf80 [ 502.393608][T12511] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 502.393635][T12511] RIP: 0033:0x7fae22b9af79 [ 502.393657][T12511] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 502.393683][T12511] RSP: 002b:00007fae23a19028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 502.393712][T12511] RAX: ffffffffffffffda RBX: 00007fae22e15fa0 RCX: 00007fae22b9af79 [ 502.393731][T12511] RDX: 0000000000000001 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 502.393749][T12511] RBP: 00007fae22c316e0 R08: 0000000000000000 R09: 0000000000000000 [ 502.393766][T12511] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 502.393783][T12511] R13: 00007fae22e16038 R14: 00007fae22e15fa0 R15: 00007ffd7f7d1538 [ 502.393821][T12511] [ 502.777260][T12511] ERROR: Out of memory at tomoyo_realpath_from_path. [ 503.037745][T12501] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 504.128677][ T52] Bluetooth: hci3: command 0x2016 tx timeout [ 504.143068][T12554] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1142'. [ 504.192170][ T5832] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 504.200509][T12557] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1142'. [ 505.008462][T12547] zswap: compressor not available [ 505.207983][T12564] netlink: 186 bytes leftover after parsing attributes in process `syz.0.1144'. [ 505.219595][T12564] netlink: 186 bytes leftover after parsing attributes in process `syz.0.1144'. [ 505.371998][T12569] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.0.1144: iget: checksum invalid [ 505.409724][T12569] faux_driver regulatory: loading /lib/firmware/updates/syzkaller/regulatory.db failed with error -74 [ 505.452188][T12569] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.0.1144: iget: checksum invalid [ 505.516521][T12569] faux_driver regulatory: loading /lib/firmware/updates/regulatory.db failed with error -74 [ 505.533776][T12569] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.0.1144: iget: checksum invalid [ 505.591723][T12569] faux_driver regulatory: loading /lib/firmware/syzkaller/regulatory.db failed with error -74 [ 505.644390][T12569] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.0.1144: iget: checksum invalid [ 505.778450][T12575] netlink: 'syz.2.1147': attribute type 1 has an invalid length. [ 505.793895][T12569] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -74 [ 505.833731][T12569] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -74 [ 505.860339][T12569] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 506.211844][ T52] Bluetooth: hci3: command 0x2016 tx timeout [ 506.284967][ T52] Bluetooth: hci1: command 0x2016 tx timeout [ 506.807714][T12587] NFSD: Failed to start, no listeners configured. [ 507.330314][T12597] FAULT_INJECTION: forcing a failure. [ 507.330314][T12597] name failslab, interval 1, probability 0, space 0, times 0 [ 507.482465][T12597] CPU: 0 UID: 0 PID: 12597 Comm: syz.2.1151 Tainted: G L syzkaller #0 PREEMPT(full) [ 507.482492][T12597] Tainted: [L]=SOFTLOCKUP [ 507.482498][T12597] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 507.482507][T12597] Call Trace: [ 507.482512][T12597] [ 507.482518][T12597] dump_stack_lvl+0x100/0x190 [ 507.482541][T12597] should_fail_ex.cold+0x5/0xa [ 507.482565][T12597] should_failslab+0xc2/0x120 [ 507.482584][T12597] ? lsm_blob_alloc+0x68/0x90 [ 507.482600][T12597] __kmalloc_noprof+0xf6/0x9c0 [ 507.482619][T12597] ? lsm_blob_alloc+0x68/0x90 [ 507.482633][T12597] lsm_blob_alloc+0x68/0x90 [ 507.482650][T12597] security_sk_alloc+0x2d/0x290 [ 507.482669][T12597] sk_prot_alloc+0x1d1/0x2a0 [ 507.482685][T12597] sk_alloc+0x36/0xe80 [ 507.482705][T12597] unix_create1+0xa6/0x700 [ 507.482721][T12597] unix_create+0x145/0x270 [ 507.482735][T12597] __sock_create+0x339/0x860 [ 507.482755][T12597] __sys_socketpair+0x261/0x5b0 [ 507.482774][T12597] ? __pfx___sys_socketpair+0x10/0x10 [ 507.482799][T12597] __x64_sys_socketpair+0x96/0x100 [ 507.482817][T12597] ? lockdep_hardirqs_on+0x78/0x100 [ 507.482834][T12597] do_syscall_64+0xc9/0xf80 [ 507.482852][T12597] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 507.482867][T12597] RIP: 0033:0x7fae22b9af79 [ 507.482879][T12597] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 507.482893][T12597] RSP: 002b:00007fae23a19028 EFLAGS: 00000246 ORIG_RAX: 0000000000000035 [ 507.482908][T12597] RAX: ffffffffffffffda RBX: 00007fae22e15fa0 RCX: 00007fae22b9af79 [ 507.482918][T12597] RDX: 8000000000000000 RSI: 0000000000000002 RDI: 0000000000000001 [ 507.482926][T12597] RBP: 00007fae22c316e0 R08: 0000000000000000 R09: 0000000000000000 [ 507.482935][T12597] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 507.482944][T12597] R13: 00007fae22e16038 R14: 00007fae22e15fa0 R15: 00007ffd7f7d1538 [ 507.482962][T12597] [ 507.951264][ T52] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 508.364261][ T7751] Bluetooth: hci1: command 0x2016 tx timeout [ 509.199824][ T5832] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 509.451484][T12624] EXT4-fs error (device sda1): ext4_validate_block_bitmap:423: comm syz.3.1157: bg 2: bad block bitmap checksum [ 509.544048][T12624] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 6334 with max blocks 1 with error 74 [ 509.562357][T12624] EXT4-fs (sda1): This should not happen!! Data will be lost [ 509.562357][T12624] [ 509.634558][T12625] EXT4-fs error (device sda1): ext4_validate_block_bitmap:423: comm syz.1.1158: bg 7: bad block bitmap checksum [ 509.663586][T12625] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 6341 with max blocks 1 with error 74 [ 509.762617][T12625] EXT4-fs (sda1): This should not happen!! Data will be lost [ 509.762617][T12625] [ 510.055164][ T52] Bluetooth: hci0: command 0x2016 tx timeout [ 510.594706][T12640] program syz.1.1160 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 510.861572][T12637] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.0.1159: iget: checksum invalid [ 511.011700][T12637] faux_driver regulatory: loading /lib/firmware/updates/syzkaller/regulatory.db failed with error -74 [ 511.075866][T12637] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.0.1159: iget: checksum invalid [ 511.196644][T12637] faux_driver regulatory: loading /lib/firmware/updates/regulatory.db failed with error -74 [ 511.240001][T12637] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.0.1159: iget: checksum invalid [ 511.252008][ T5832] Bluetooth: hci3: command 0x2016 tx timeout [ 511.295786][T12637] faux_driver regulatory: loading /lib/firmware/syzkaller/regulatory.db failed with error -74 [ 511.307293][T12637] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.0.1159: iget: checksum invalid [ 511.321797][T12637] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -74 [ 511.334844][T12637] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -74 [ 511.345462][T12637] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 511.879033][T12663] program syz.3.1163 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 511.939140][T12664] program syz.2.1164 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 512.061715][T12672] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 6333 with max blocks 1 with error 117 [ 512.084579][T12672] EXT4-fs (sda1): This should not happen!! Data will be lost [ 512.084579][T12672] [ 512.137804][ T52] Bluetooth: hci0: command 0x2016 tx timeout [ 512.573157][T12682] NFSD: Failed to start, no listeners configured. [ 513.006186][T12684] FAULT_INJECTION: forcing a failure. [ 513.006186][T12684] name failslab, interval 1, probability 0, space 0, times 0 [ 513.103559][T12684] CPU: 1 UID: 0 PID: 12684 Comm: syz.3.1167 Tainted: G L syzkaller #0 PREEMPT(full) [ 513.103604][T12684] Tainted: [L]=SOFTLOCKUP [ 513.103615][T12684] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 513.103632][T12684] Call Trace: [ 513.103642][T12684] [ 513.103652][T12684] dump_stack_lvl+0x100/0x190 [ 513.103692][T12684] should_fail_ex.cold+0x5/0xa [ 513.103738][T12684] should_failslab+0xc2/0x120 [ 513.103778][T12684] kmem_cache_alloc_noprof+0x83/0x780 [ 513.103815][T12684] ? kmem_cache_alloc_noprof+0x2a1/0x780 [ 513.103849][T12684] ? anon_vma_fork+0xe8/0x620 [ 513.103885][T12684] ? anon_vma_fork+0xe8/0x620 [ 513.103912][T12684] anon_vma_fork+0xe8/0x620 [ 513.103949][T12684] ? vm_area_dup+0x59d/0x8e0 [ 513.103983][T12684] dup_mmap+0x1182/0x1e20 [ 513.104023][T12684] ? __pfx_dup_mmap+0x10/0x10 [ 513.104074][T12684] copy_process+0x7451/0x7890 [ 513.104111][T12684] ? preempt_schedule_thunk+0x16/0x30 [ 513.104155][T12684] ? __pfx_copy_process+0x10/0x10 [ 513.104189][T12684] ? find_held_lock+0x2b/0x80 [ 513.104224][T12684] ? futex_private_hash_put+0x107/0x1c0 [ 513.104266][T12684] kernel_clone+0xfc/0x930 [ 513.104306][T12684] ? __pfx_kernel_clone+0x10/0x10 [ 513.104365][T12684] __do_sys_clone+0xd9/0x120 [ 513.104402][T12684] ? __pfx___do_sys_clone+0x10/0x10 [ 513.104438][T12684] ? find_held_lock+0x2b/0x80 [ 513.104478][T12684] ? xfd_validate_state+0x129/0x190 [ 513.104534][T12684] do_syscall_64+0xc9/0xf80 [ 513.104571][T12684] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 513.104600][T12684] RIP: 0033:0x7f24ee59af79 [ 513.104622][T12684] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 513.104650][T12684] RSP: 002b:00007f24ef46cfd8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 513.104678][T12684] RAX: ffffffffffffffda RBX: 00007f24ee816180 RCX: 00007f24ee59af79 [ 513.104697][T12684] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000002360411 [ 513.104713][T12684] RBP: 00007f24ee6316e0 R08: 0000000000000000 R09: 0000000000000000 [ 513.104731][T12684] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 513.104747][T12684] R13: 00007f24ee816218 R14: 00007f24ee816180 R15: 00007ffc73581728 [ 513.104787][T12684] [ 513.430386][ T7751] Bluetooth: hci3: command 0x2016 tx timeout [ 514.145195][T12701] ubi0: attaching mtd0 [ 514.161940][T12697] random: crng reseeded on system resumption [ 514.169692][T12701] ubi0: scanning is finished [ 514.180451][T12701] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 514.301099][T12701] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 514.608181][ T5832] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18 [ 515.409901][ T12] EXT4-fs (sda1): Delayed block allocation failed for inode 2027 at logical offset 1344 with max blocks 29 with error 117 [ 515.445437][ T12] EXT4-fs (sda1): This should not happen!! Data will be lost [ 515.445437][ T12] [ 515.504110][ T12] EXT4-fs (sda1): Delayed block allocation failed for inode 2029 at logical offset 1346 with max blocks 52 with error 117 [ 515.537500][ T12] EXT4-fs (sda1): This should not happen!! Data will be lost [ 515.537500][ T12] [ 515.595874][ T12] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 6345 with max blocks 2 with error 117 [ 515.620466][ T12] EXT4-fs (sda1): This should not happen!! Data will be lost [ 515.620466][ T12] [ 515.725449][T12736] FAULT_INJECTION: forcing a failure. [ 515.725449][T12736] name failslab, interval 1, probability 0, space 0, times 0 [ 515.725498][T12736] CPU: 1 UID: 0 PID: 12736 Comm: syz.3.1177 Tainted: G L syzkaller #0 PREEMPT(full) [ 515.725519][T12736] Tainted: [L]=SOFTLOCKUP [ 515.725525][T12736] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 515.725535][T12736] Call Trace: [ 515.725540][T12736] [ 515.725546][T12736] dump_stack_lvl+0x100/0x190 [ 515.725567][T12736] should_fail_ex.cold+0x5/0xa [ 515.725593][T12736] should_failslab+0xc2/0x120 [ 515.725614][T12736] __kmalloc_cache_noprof+0x80/0x810 [ 515.725628][T12736] ? vidtv_psi_set_sec_len+0xa5/0x160 [ 515.725651][T12736] ? vidtv_psi_pmt_stream_init+0x4e/0x3e0 [ 515.725669][T12736] ? vidtv_psi_pmt_stream_init+0x4e/0x3e0 [ 515.725684][T12736] vidtv_psi_pmt_stream_init+0x4e/0x3e0 [ 515.725701][T12736] vidtv_channel_si_init+0x1289/0x18d0 [ 515.725724][T12736] vidtv_mux_init+0x526/0xbf0 [ 515.725743][T12736] vidtv_start_feed+0x33e/0x4c0 [ 515.725764][T12736] ? __pfx_vidtv_start_feed+0x10/0x10 [ 515.725784][T12736] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 515.725806][T12736] ? __pfx_vidtv_bridge_on_new_pkts_avail+0x10/0x10 [ 515.725831][T12736] ? mark_held_locks+0x40/0x70 [ 515.725853][T12736] ? __pfx_vidtv_start_feed+0x10/0x10 [ 515.725873][T12736] dmx_ts_feed_start_filtering+0xf6/0x220 [ 515.725898][T12736] dvb_dmxdev_start_feed+0x273/0x3f0 [ 515.725927][T12736] dvb_dmxdev_filter_start+0x1b6/0xdd0 [ 515.725951][T12736] ? dvb_dmxdev_add_pid+0x2a1/0x380 [ 515.725974][T12736] dvb_demux_do_ioctl+0xe64/0x1200 [ 515.726002][T12736] dvb_usercopy+0x167/0x340 [ 515.726020][T12736] ? __pfx_dvb_demux_do_ioctl+0x10/0x10 [ 515.726042][T12736] ? __pfx_dvb_usercopy+0x10/0x10 [ 515.726067][T12736] ? __fget_files+0x21f/0x3d0 [ 515.726087][T12736] dvb_demux_ioctl+0x29/0x40 [ 515.726105][T12736] ? __pfx_dvb_demux_ioctl+0x10/0x10 [ 515.726123][T12736] __x64_sys_ioctl+0x18e/0x210 [ 515.726147][T12736] do_syscall_64+0xc9/0xf80 [ 515.726166][T12736] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 515.726181][T12736] RIP: 0033:0x7f24ee59af79 [ 515.726193][T12736] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 515.726207][T12736] RSP: 002b:00007f24ef4af028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 515.726221][T12736] RAX: ffffffffffffffda RBX: 00007f24ee815fa0 RCX: 00007f24ee59af79 [ 515.726231][T12736] RDX: 0000000000000000 RSI: 0000000040146f2c RDI: 0000000000000002 [ 515.726240][T12736] RBP: 00007f24ee6316e0 R08: 0000000000000000 R09: 0000000000000000 [ 515.726250][T12736] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 515.726259][T12736] R13: 00007f24ee816038 R14: 00007f24ee815fa0 R15: 00007ffc73581728 [ 515.726280][T12736] [ 515.726327][T12736] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] SMP KASAN PTI [ 515.726346][T12736] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] [ 515.726365][T12736] CPU: 1 UID: 0 PID: 12736 Comm: syz.3.1177 Tainted: G L syzkaller #0 PREEMPT(full) [ 515.726386][T12736] Tainted: [L]=SOFTLOCKUP [ 515.726392][T12736] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 515.726401][T12736] RIP: 0010:vidtv_psi_desc_assign+0x24/0x90 [ 515.726417][T12736] Code: 90 90 90 90 90 90 0f 1f 40 d6 41 54 55 48 89 f5 53 48 89 fb e8 2d ab ed f9 48 89 da 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <80> 3c 02 00 75 4c 4c 8b 23 49 39 ec 74 36 e8 09 ab ed f9 4d 85 e4 [ 515.726432][T12736] RSP: 0018:ffffc90004d57a18 EFLAGS: 00010247 [ 515.726445][T12736] RAX: dffffc0000000000 RBX: 0000000000000005 RCX: ffffc9000cd6d000 [ 515.726455][T12736] RDX: 0000000000000000 RSI: ffffffff8818a333 RDI: 0000000000000005 [ 515.726464][T12736] RBP: ffff88803b2c74e0 R08: 0000000000000000 R09: 4453534204050000 [ 515.726474][T12736] R10: 0000000000000005 R11: 0000000000000000 R12: 0000000000000000 [ 515.726483][T12736] R13: ffff8880366ffec0 R14: ffff88802926d640 R15: ffff8880366fff80 [ 515.726494][T12736] FS: 00007f24ef4af6c0(0000) GS:ffff8881246e2000(0000) knlGS:0000000000000000 [ 515.726509][T12736] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 515.726519][T12736] CR2: 0000001b30efdff8 CR3: 000000007c7f0000 CR4: 00000000003526f0 [ 515.726528][T12736] Call Trace: [ 515.726533][T12736] [ 515.726539][T12736] vidtv_channel_si_init+0x12fc/0x18d0 [ 515.726559][T12736] vidtv_mux_init+0x526/0xbf0 [ 515.726576][T12736] vidtv_start_feed+0x33e/0x4c0 [ 515.726597][T12736] ? __pfx_vidtv_start_feed+0x10/0x10 [ 515.726617][T12736] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 515.726638][T12736] ? __pfx_vidtv_bridge_on_new_pkts_avail+0x10/0x10 [ 515.726661][T12736] ? mark_held_locks+0x40/0x70 [ 515.726680][T12736] ? __pfx_vidtv_start_feed+0x10/0x10 [ 515.726701][T12736] dmx_ts_feed_start_filtering+0xf6/0x220 [ 515.726724][T12736] dvb_dmxdev_start_feed+0x273/0x3f0 [ 515.726744][T12736] dvb_dmxdev_filter_start+0x1b6/0xdd0 [ 515.726765][T12736] ? dvb_dmxdev_add_pid+0x2a1/0x380 [ 515.726785][T12736] dvb_demux_do_ioctl+0xe64/0x1200 [ 515.726808][T12736] dvb_usercopy+0x167/0x340 [ 515.726825][T12736] ? __pfx_dvb_demux_do_ioctl+0x10/0x10 [ 515.726845][T12736] ? __pfx_dvb_usercopy+0x10/0x10 [ 515.726866][T12736] ? __fget_files+0x21f/0x3d0 [ 515.726883][T12736] dvb_demux_ioctl+0x29/0x40 [ 515.726900][T12736] ? __pfx_dvb_demux_ioctl+0x10/0x10 [ 515.726925][T12736] __x64_sys_ioctl+0x18e/0x210 [ 515.726949][T12736] do_syscall_64+0xc9/0xf80 [ 515.726967][T12736] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 515.726981][T12736] RIP: 0033:0x7f24ee59af79 [ 515.726992][T12736] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 515.727006][T12736] RSP: 002b:00007f24ef4af028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 515.727019][T12736] RAX: ffffffffffffffda RBX: 00007f24ee815fa0 RCX: 00007f24ee59af79 [ 515.727029][T12736] RDX: 0000000000000000 RSI: 0000000040146f2c RDI: 0000000000000002 [ 515.727038][T12736] RBP: 00007f24ee6316e0 R08: 0000000000000000 R09: 0000000000000000 [ 515.727047][T12736] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 515.727056][T12736] R13: 00007f24ee816038 R14: 00007f24ee815fa0 R15: 00007ffc73581728 [ 515.727070][T12736] [ 515.727075][T12736] Modules linked in: [ 515.727111][T12736] ---[ end trace 0000000000000000 ]--- [ 515.727130][T12736] RIP: 0010:vidtv_psi_desc_assign+0x24/0x90 [ 515.727147][T12736] Code: 90 90 90 90 90 90 0f 1f 40 d6 41 54 55 48 89 f5 53 48 89 fb e8 2d ab ed f9 48 89 da 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <80> 3c 02 00 75 4c 4c 8b 23 49 39 ec 74 36 e8 09 ab ed f9 4d 85 e4 [ 515.727162][T12736] RSP: 0018:ffffc90004d57a18 EFLAGS: 00010247 [ 515.727175][T12736] RAX: dffffc0000000000 RBX: 0000000000000005 RCX: ffffc9000cd6d000 [ 515.727185][T12736] RDX: 0000000000000000 RSI: ffffffff8818a333 RDI: 0000000000000005 [ 515.727195][T12736] RBP: ffff88803b2c74e0 R08: 0000000000000000 R09: 4453534204050000 [ 515.727205][T12736] R10: 0000000000000005 R11: 0000000000000000 R12: 0000000000000000 [ 515.727214][T12736] R13: ffff8880366ffec0 R14: ffff88802926d640 R15: ffff8880366fff80 [ 515.727225][T12736] FS: 00007f24ef4af6c0(0000) GS:ffff8881246e2000(0000) knlGS:0000000000000000 [ 515.727240][T12736] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 515.727251][T12736] CR2: 0000001b30efdff8 CR3: 000000007c7f0000 CR4: 00000000003526f0 [ 515.727263][T12736] Kernel panic - not syncing: Fatal exception [ 515.727581][T12736] Kernel Offset: disabled