last executing test programs: 7.815414678s ago: executing program 3 (id=1356): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) timerfd_settime$auto(0xffffffffffffffff, 0x0, &(0x7f0000000000)={{0xe, 0x3ff}, {0x10, 0xd}}, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x0) r0 = socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x6, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x8100, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r1, 0xc0045516, 0x0) r2 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000300)='/dev/snd/controlC2\x00', 0x8100, 0x0) r3 = openat$auto_tracing_saved_cmdlines_size_fops_trace(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/tracing/saved_cmdlines_size\x00', 0x20000, 0x0) ioctl$auto_XFS_IOC_OPEN_BY_HANDLE(r0, 0xc038586b, &(0x7f0000000340)={r3, &(0x7f0000000080)="ba69fd8a1d42e3b5ad7fe77f50f93d635537317657426afb02fc7a2a3adb0be0afe8818e85d70cf5cc13f6ba3427f3698a5f8de971d2cb24c821273f55b3d0998de659693aaa49d51e7a407618b34e6a5cb321f540cad016291f29b8f1856c89c711d458cbd3f4701d3032d18d613a188b249d925608e89bea8582d18c921ec8adcf9cedcfe4ccc24a788e777d8c838f01df9d2eaee150fbb27c6118ff9f43c4ae1b03f48443993cbc879b", 0x9f94, 0x0, 0x1, 0x0, &(0x7f00000002c0)=0x6}) r4 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x80, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_ADD(r4, 0xc1105517, &(0x7f0000000580)={{@raw=0x7fffffff, 0xf0ee, 0x20009, 0x3, "790eaa00ffff8eac2cdafc1f64010043eeb0b053030001ffff000e00", @raw=0x5}, 0x4, 0x966, 0x3, @raw=0x404, @integer64={0xc, 0xeb1e, 0x34}, "6cc1294d63a4f1b4285854c5368de438f8cc142ef6df12bf3373a1183bedbd31b642b4051b078fa1c1c61c329794e5311121c760cb9611c78e6947a99807bcc1"}) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_LIST(r2, 0xc0505510, 0x0) close_range$auto(0x2, 0xa, 0x0) r5 = landlock_create_ruleset$auto(&(0x7f0000000000)={0x6, 0x3, 0x3}, 0x2a, 0xf) bpf$auto(0x5e, &(0x7f00000003c0)=@task_fd_query={0x5, r5, 0x454f, 0x5f, 0x0, 0x0, r5, 0x80000001}, 0x6d4) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$auto_SG_EMULATED_HOST2(0xffffffffffffffff, 0x2203, 0x0) r6 = socket(0xa, 0x5, 0x84) sendto$auto(r6, 0x0, 0x401, 0x101, &(0x7f0000000000)=@generic={0xa, "000000000000fe8000"}, 0x1f) 7.276507843s ago: executing program 2 (id=1360): socket(0x2, 0x3, 0x6) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/mm/ksm/advisor_min_pages_to_scan\x00', 0x88282, 0x0) socket(0xa, 0x1, 0x100) mmap$auto(0x0, 0xa, 0xdb, 0x9b72, 0x5, 0x8000) getrandom$auto(0x0, 0x6000000, 0x3) r0 = socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) r1 = socket(0xa, 0x801, 0x84) getsockopt$auto(r1, 0x84, 0xc, 0x0, 0x0) r2 = openat$auto_i2cdev_fops_i2c_dev(0xffffffffffffff9c, &(0x7f0000008040), 0x2, 0x0) ioctl$auto_I2C_SMBUS(r2, 0x720, 0x0) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x50) mkdir$auto(&(0x7f0000000040)='./file0\x00', 0x443d) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000580)='/sys/power/disk\x00', 0xc0082, 0x0) r4 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty48\x00', 0x40000, 0x0) ioctl$auto_TIOCSWINSZ2(r4, 0x5414, &(0x7f0000000080)="d8") ioctl$auto_USB_RAW_IOCTL_EP_DISABLE(r0, 0x40045506, &(0x7f0000000000)=0x1e5) openat$auto_generic(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/platform/regulatory.0/firmware/regulatory.db/power/control\x00', 0x101200, 0x0) write$auto(r3, &(0x7f0000000340)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,D\xbf&\x9eb|\n\xee\xa1Y\x94V[8\x04c\xdf:]\xd9\x94&\x81\xe2\x13\x8f\xea#\xf8F\xbb\xbb\xf9\xcdz\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x1d\x88mr\xfd\xf1\x1b;\xabt\xd1a}\x10\xab\xeb_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xcbA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:kJr\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL\x15/\xf9\'\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\aA\xe9(\x00\x00\x00\x00\x00N\xb5J\xc8A\xc7m\xbf\x19\xae\x9d\xcaR\x0f\xa8\xdf\xe4M\xe1>k\x93\x01\xe5\xba(\x96K\xc1=d3\xe00u\"`]\xb3\x11a\x1cSn\xe7\x87\x84\x93\xe4\x90]\x86\x10\xe5\xacK\x99\xc1$\x91\x05\x00\x00\x00O\x01xc\xa8\x9a\x1bK\x00\x00\xf6\xa2\x8a\x7f4\f[BLH$6\xfb,\xd8\xd3\xd0\x8b\xb3yA.\xb4\xbc\td\x9d\\\xd0\xff\xd2Y\xc4\x9fT\xb2\xd5\r\xf1#\xd5\xf2\x9cU\xd1:+\xb63\xae\xc1\xf7\xe1\xd4\x879?\xdd\xd6\xd4\xa3\xc7\xd8 S\xfc:\xe1{\x16\\h\x9d\xbc#KEC\x1a\xf9KH`\x82e:_\x9b\xf1\xc1\x8e\xf0\xc46\x98\xd6u\x90\x18\x8f\xe8\xc3%\x8e9\xab\x7f\x0e\n\xb2\xa4\xef\x90\xb16\x04\xbc\xc9\xdc\xad,\xcc\xad}DY\x1d\x1fv\x90\x97u\xa1\xfb\x13\xa93\xb6XJ\x84\xe3\xc1)\x98\xae5q\xa5L\x87\x1aq\x1d0\xf1\xcb\xe5\xf4F!*\xf9\xb3,w\"\xf2\xd0\xd1Vj\xd0\x06\xcc\xbc\xee0\x98.\xd9dC\x8e9\xfdM\\\xc5&\\\x9b\x81\x88t\xa4\x9f\xd1P\xd2e\x9c\xf9\xd2\xaf\x00\x00\x00\x00\x00\x00\x00 \x00'/478, 0x8000000000b) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0x11, 0xa, 0x300) sendmmsg$auto(0x3, 0x0, 0x9a6, 0xa00) 6.80062538s ago: executing program 1 (id=1361): mmap$auto(0x0, 0x4020009, 0xdb, 0xeb1, 0x401, 0x8000) setreuid$auto(0x4, 0x8) futimesat$auto(0xda, 0x0, 0x0) r0 = socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) fcntl$auto(0x3, 0x4, 0xa553) swapon$auto(0x0, 0x4) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) ioctl$auto_TIOCSETD2(r0, 0x5423, 0x0) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) adjtimex$auto(&(0x7f0000000000)={0xffff92b5, 0x0, 0x9, 0x3, 0x0, 0x80000000000000, 0x80000000, 0x0, 0x4513, 0x9, 0xffffffffffffffff, {0x7, 0x6}, 0xfffffffc, 0xbfa, 0x9, 0x10, 0x0, 0x2, 0x8, 0xff, 0x10000, 0x100000001, 0x4}) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x24) r1 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dsp\x00', 0x20002, 0x0) ioctl$auto_SNDCTL_DSP_SPEED(r1, 0xc0045002, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x60980, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) mmap$auto(0x0, 0x5, 0x2, 0x40eb2, 0x401, 0x300000000000) r3 = openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/pagemap\x00', 0x80800, 0x0) read$auto(r3, 0x0, 0x39b8) 6.041941805s ago: executing program 2 (id=1363): timer_create$auto_CLOCK_TAI(0xb, 0x0, &(0x7f0000000fc0)=0xa) mmap$auto(0x0, 0x4020005, 0xdf, 0xeb1, 0x401, 0x8000) unshare$auto(0x40000080) write$auto(0xca, &(0x7f0000000000)='\x04>\x01\x01\x00\x00\x00\x00\x01_\x9e\x99:R\xcc\x96\b\'\x02\xb0\x93l\xeb\x87\r\b\x87\x14\xf8e6\x9c%\xb6\x9a\\S\xa2(Q\xcc', 0x7f) ioctl$auto(0xffffffffffffffff, 0x5646, 0xffffffffffffffff) read$auto_v4l2_fops_v4l2_dev(0xffffffffffffffff, &(0x7f0000000280)=""/40, 0x28) madvise$auto(0x0, 0xffffffffffff0001, 0x15) mmap$auto(0x0, 0x400007, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) madvise$auto(0x1, 0x10d3, 0x3ff) r0 = socket(0x15, 0x5, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) ustat$auto(0x801, 0x0) sendmsg$auto(r0, &(0x7f0000000180)={&(0x7f0000000040), 0x7fc, 0x0, 0x8, 0x0, 0x1, 0x4}, 0x0) read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, &(0x7f0000003f40)=""/156, 0x9c) openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000000), 0x2401, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000480)='/sys/power/resume\x00', 0x189002, 0x0) bpf$auto_BPF_LINK_GET_FD_BY_ID(0x1e, &(0x7f0000000180)=@raw_tracepoint={0x8, 0xffffffffffffffff, 0x0, 0x7}, 0x6) sendfile$auto(r1, r1, 0x0, 0x1) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000580)='/sys/power/disk\x00', 0xc0082, 0x0) write$auto(r2, &(0x7f0000000340)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,D\xbf&\x9eb|\n\xee\xa1Y\x94V[8\x04c\xdf:]\xd9\x94&\x81\xe2\x13\x8f\xea#\xf8F\xbb\xbb\xf9\xcdz\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x1d\x88mr\xfd\xf1\x1b;\xabt\xd1a}\x10\xab\xeb_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xcbA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL\x15/\xf9\'\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\aA\xe9(\x00\x00\x00\x00\x00N\xb5J\xc8A\xc7m\xbf\x19\xae\x9d\xcaR\x0f\xa8\xdf\xe4M\xe1>k\x93\x01\xe5\xba(\x96K\xc1=d3\xe00u\"`]\xb3\x11a\x1cSn\xe7\x87\x84\x93\xe4\x90]\x86\x10\xe5\xacK\x99\xc1$\x91\x05\x00\x00\x00O\x01xc\xa8\x9a\x1bK\x00\x00\xf6\xa2\x8a\x7f4\f[BLH$6\xfb,\xd8\xd3\xd0\xa1v\x14\xcd\x1a\xbdx\xaed\x9d\\\xd0\xff\xd2Y\xc4\x9fT\xb2\xd5\r\xf1#\xd5\xf2\x9cU\xd1:+\xb63\xae\xc1\xf7\xe1\xd4\x879?\xdd\xd6\xd4\xa3\xc7\xd8 S\xfc:\xe1{\x16\\h\x9d\xbc#KEC\x1a\xf9KH`\x82e:_\x9b\xf1\xc1\x8e\xf0\xc46\x98\xd6u\x90\x18\x8f\xe8\xc3%\x8e9\xab\x7f\x0e\n\xb2\xa4\xef\x90\xb16\x04\xbc\xc9\xdc\xad,\xcc\xad}DY\x1d\x1fv\x90\x97u\xa1\xfb\x13\xa93\xb6XJ\x84\xe3\xc1)\x98\xae5q\xa5L\x87\x1aq\x1d0\xf1\xcb\xe5\xf4F!*\xf9\xb3,w\"\xf2\xd0\xd1Vj\xd0\x06\xcc\xbc\xee0\x98.\xd9dC\x8e9\xfdM\\\xc5&\\\x9b\x81\x88t\xa4\x9f\xd1P\xd2e\x9c\xf9\xd2\xaf\x00'/478, 0xb) 5.996069141s ago: executing program 3 (id=1364): openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sg0\x00', 0x8001, 0x0) r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) ioctl$auto_SNDCTL_DSP_SETTRIGGER(r0, 0x40045010, &(0x7f0000000040)) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000180)='/proc/thread-self/oom_adj\x00', 0x48402, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x400004, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff) mmap$auto(0x2000, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) r2 = openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f000000c340)='/proc/thread-self/pagemap\x00', 0x8000, 0x0) ioctl$auto_PAGEMAP_SCAN(r2, 0xc0606610, &(0x7f000000c380)={0x60, 0x0, 0x100000, 0x7fffffffefff, 0xfffffffffffffffe, 0x1, 0x8, 0xbff, 0x2c, 0x2c, 0x3, 0x2}) ioctl$auto_SNDCTL_DSP_SETTRIGGER(r0, 0x40045010, &(0x7f0000000080)) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/midiC2D0\x00', 0x8001, 0x0) write$auto(r3, &(0x7f0000000100)='d>*\xd2x\xc7\xbf\xff\x9a\xc01(\x00iM\x9c\bAa\x9e\xe98\xee\x15\xd3\xc5v\x99\f|\xe3\xbf\xd9\xf4C\x14A\xe6k\x105\xee\xc5\xaa$\x16\t?g\xb8b\x12\v*\xf9@B\xd0\xd2\x99{\x8b^\xff@\x83\x02Tvt\xc1_\x98\x9f\x16\xd5Is', 0x100000a3da) keyctl$auto(0x1f, 0x1, 0x6, 0x3, 0x3ff) mlockall$auto(0x800000000000005) msync$auto(0x1ffff000, 0x1800000ff000000, 0x400000004) 5.188231646s ago: executing program 0 (id=1365): mmap$auto(0x0, 0x2020009, 0x2, 0xeb1, 0xfffffffffffffffa, 0x8000) syslog$auto(0x4, &(0x7f0000000080)='..\x00k\xac\x8c\x1d\x0e\x98\x80\xd2\xaf\xa1\xf2\x1e\xe1R1\xa2\x8e\xce\xa0\x17\bI3\'\xc5tw\xd7\x1d}\x7f\x85y\xfd\x9f\x98\t\xf2{|\x14\x8eo\xd9\xa6\xf4#+\xfa\xd7\x01\xb9j<\v\xf47\n\xa7\xd2\x8b\x11e1\xb3\xfdd\x04\xa9 1q\x97\xc4,\xa9^\xc1\xb6\x84q\x0f\xd1\x013\x87l\xb9\x1e\x05\x90\xa24X@\xadD\xf8\x9d\xf3 \xd2]\xc4\x13G\x1d\x04!\xc1\xeb.e$\xfb\xa3KU\xcf\xc1\x7fFD\x99\xf5v\v\x9dS\xc11P\xa3\xe9\xb0SqL\x85\xea\xb2\x9cY\x83.I\xca\x92\x1c\xc4\x13CV=\x92\x17c\xdcGOt\x14On\x15=\v\xf0 \xc5\x8b~\xd6\xd4\xc7\xa3a\x1c\x06\x17\xb3', 0x5) mmap$auto(0x0, 0x202000a, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0x6, 0x0) close_range$auto(0x2, 0x8, 0x0) r0 = socketcall$auto(0x1, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0x4040ae79, r0) r2 = openat$auto_ucma_fops_ucma(0xffffffffffffff9c, &(0x7f0000000180), 0x101002, 0x0) writev$auto(r2, &(0x7f0000001100)={0x0, 0xe5e7}, 0x1) mmap$auto(0x0, 0x402000b, 0xdf, 0xeb1, 0x401, 0x8000) socket(0x10, 0x2, 0x0) name_to_handle_at$auto(0x1010, 0x0, 0x0, 0x0, 0x200) r3 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x8000, 0x0) read$auto(r3, 0x0, 0x7) socket$nl_generic(0x10, 0x3, 0x10) clone$auto(0x20003b4a, 0x8, 0x0, 0x0, 0x2) prctl$auto(0xd, 0x1, 0x0, 0x1, 0x0) write$auto(0xffffffffffffffff, 0x0, 0x100000a3d9) mmap$auto(0x0, 0x400004, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) 5.187705621s ago: executing program 1 (id=1366): unshare$auto(0x40000080) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/mtdblock0\x00', 0x14fe02, 0x0) getsockopt$auto_SO_BSDCOMPAT(r0, 0x3, 0xe, &(0x7f00000000c0)='*\\\x00', &(0x7f0000000180)=0x40) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) preadv2$auto(r0, &(0x7f0000000040)={0x0, 0x80000003}, 0x6, 0xffffffffffffffff, 0x8000000000000, 0x2f) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) listen$auto(r0, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttynull\x00', 0x0, 0x0) close_range$auto(0xffffffffffffffff, 0xa, 0x0) mmap$auto(0x0, 0x6, 0x3, 0xeb1, 0x7, 0x8000) futex$auto(0x0, 0x85, 0x38, 0x0, 0x0, 0x80800005) r1 = openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000400)='/dev/mtd0\x00', 0x68082, 0x0) ioctl$auto_BLKPG2(r1, 0x1269, 0x0) ioctl$auto_MEMGETINFO(r1, 0x80204d01, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) openat$auto_tracing_fops_trace(0xffffffffffffff9c, 0x0, 0x40200, 0x0) mmap$auto(0x0, 0x402000b, 0x4af, 0xeb1, 0x401, 0x8000) open(&(0x7f0000000000)='./file0\x00', 0x621c2, 0x84) read$auto(0x3, 0x0, 0xfffffdef) syz_genetlink_get_family_id$auto_seg6(0x0, 0xffffffffffffffff) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) 4.485760464s ago: executing program 2 (id=1367): mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) read$auto(0xffffffffffffffff, &(0x7f0000000000)='veth1\x00', 0x10) madvise$auto(0x0, 0xffffffffffff0005, 0x19) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) mmap$auto(0x0, 0x3, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) unshare$auto(0x40000080) read$auto(0xffffffffffffffff, 0x0, 0x7f) mprotect$auto(0x8000, 0x8, 0x8) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$auto_TUNSETCARRIER(0xffffffffffffffff, 0x400454e2, 0x0) mmap$auto(0x100000001, 0x4020009, 0xe2, 0xeb4, 0x401, 0x8000) io_uring_setup$auto(0x6, 0x0) getsockopt$auto(0xffffffffffffffff, 0x84, 0x80, 0x0, 0x0) syz_genetlink_get_family_id$auto_mac80211_hwsim(0x0, 0xffffffffffffffff) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r0, 0x0, 0x18800) read$auto(0xffffffffffffffff, 0x0, 0x3) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) 4.097747584s ago: executing program 0 (id=1368): futex$auto(&(0x7f0000000040)=0x1, 0x5, 0x10001, 0x0, &(0x7f0000000140)=0x3, 0x6fffffff) syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff) r0 = socket$nl_generic(0x10, 0x3, 0x10) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/loop6\x00', 0x101202, 0x0) write$auto(0x3, 0x0, 0x200000100082) r1 = openat$auto_clk_dump_fops_(0xffffffffffffff9c, &(0x7f0000005f40)='/sys/kernel/debug/clk/clk_dump\x00', 0x8800, 0x0) pread64$auto(r1, 0x0, 0x13, 0x4) r2 = syz_genetlink_get_family_id$auto_macsec(&(0x7f00000003c0), 0xffffffffffffffff) sendmsg$auto_MACSEC_CMD_DEL_TXSA(r0, &(0x7f00000056c0)={0x0, 0x0, &(0x7f0000005680)={&(0x7f0000000280)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r2, @ANYBLOB="2bb22bbd7000fcdbdf250500000008000100", @ANYRES32=0x0, @ANYBLOB="47f22acf9310318f1a2b6298cdc500f2c6544ce39b9cc6c37107b4f8269dfcbc343565f33ba808206482de5c7bc83fdf721946ab0c5bcc0511324cb2359886c0e2c5cf6f5609a26e04038c2e2127eb78fd45b3f0487fc58872f06d7f63ae9613da8d2226d5104173b6e488daf1132a1f27bb404b18f993a0f65ae40b1a50ac55d391b1a01f69af17c6ef25da36ea3cff0a790dbb9d2ea101f358f3ac6b46b037882e"], 0x1c}, 0x1, 0x0, 0x0, 0x20000050}, 0x40094) r3 = socket(0x10, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'team0\x00'}) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) openat$auto_tracing_saved_tgids_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/tracing/saved_tgids\x00', 0x101002, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttynull\x00', 0x201, 0x0) move_pages$auto(0x1, 0xf54, 0x0, 0x0, 0x0, 0x8000000000000000) open(&(0x7f0000001bc0)='./file0\x00', 0x4142, 0x1) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000400)='/sys/devices/virtual/block/loop12/integrity/protection_interval_bytes\x00', 0x80000, 0x0) r4 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty57\x00', 0x40741, 0x0) ioctl$auto(0x3, 0x402c542d, r4) write$auto(0x3, 0x0, 0xfffffdef) 3.560674489s ago: executing program 1 (id=1369): mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) setpriority$auto_PRIO_PGRP(0x1, 0x0, 0x1) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) sysfs$auto(0x2, 0x27, 0x0) mmap$auto(0x8, 0x2, 0xffff, 0x18, 0xffffffffffffffff, 0x7a) r0 = fsopen$auto(0x0, 0x1) fsconfig$auto(r0, 0x5, 0x0, 0x0, 0x0) ioctl$auto_RTC_IRQP_READ(r0, 0x8008700b, &(0x7f0000000000)=0x7fff) bpf$auto_BPF_LINK_DETACH(0x22, &(0x7f0000001040)=@link_update={r0, @new_prog_fd=r0, 0xfffffffd, @old_map_fd=r0}, 0x8) close_range$auto(0x2, 0x8, 0x0) read$auto_zero_fops_mem(r0, &(0x7f0000000040)=""/4096, 0x1000) io_uring_setup$auto(0x6, 0x0) socket(0xa, 0x2, 0x73) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000640), 0xffffffffffffffff) sendmsg$auto_L2TP_CMD_TUNNEL_CREATE(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)={0x5c, r2, 0x1, 0x70bd2b, 0x25dfdbf9, {}, [@L2TP_ATTR_ENCAP_TYPE={0x6, 0x2, 0x1}, @L2TP_ATTR_PROTO_VERSION={0x5, 0x7, 0x58}, @L2TP_ATTR_CONN_ID={0x8, 0x9, 0x8}, @L2TP_ATTR_PEER_CONN_ID={0x8, 0xa, 0x8}, @L2TP_ATTR_IP6_SADDR={0x14}, @L2TP_ATTR_IP6_DADDR={0x14, 0x20, @ipv4={'\x00', '\xff\xff', @private=0xa010100}}]}, 0x5c}, 0x1, 0x0, 0x0, 0x40000}, 0x0) r3 = openat$auto_tracing_total_entries_fops_trace(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/tracing/buffer_total_size_kb\x00', 0x2000, 0x0) preadv$auto(r3, &(0x7f0000000180)={0x0, 0x4}, 0x6, 0x7, 0xe68) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/irq/8/actions\x00', 0x0, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r4, &(0x7f0000000200)=""/73, 0x49) io_uring_register$auto(0x2, 0x0, &(0x7f0000000000), 0x1000) 2.928783178s ago: executing program 1 (id=1370): mmap$auto(0x0, 0x420009, 0xfff, 0xeb1, 0x401, 0x7ffd) r0 = bpf$auto(0x0, &(0x7f00000001c0)=@task_fd_query={0x19, 0x4, 0x4, 0x880b, 0x8, 0xd, 0x66b, 0x4, 0x7ff}, 0x6f4) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ram5\x00', 0x14fa02, 0x0) mmap$auto(0x0, 0x810004, 0x400000000ffb, 0x8000000008011, 0x3, 0x8000) sendmsg$auto_NL80211_CMD_GET_STATION(0xffffffffffffffff, 0x0, 0x8000) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r3 = openat$auto_stats_fops_(0xffffffffffffff9c, &(0x7f0000000000), 0x100, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) ioctl$auto_SNDCTL_TMR_CONTINUE(r0, 0x5404, &(0x7f00000000c0)="873302e301e0b01ae9e5d8a7401b66e72e4857fababb0070dec76e27ea1c71b7f8b800abcfb9974f59c538ef") pread64$auto(r3, 0x0, 0x2, 0x3) prctl$auto(0x3e, 0x4a, r1, 0x6, 0x80000001) r4 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) r5 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'wlan1\x00'}) sendmsg$auto_NL80211_CMD_SET_WIPHY(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x24004080}, 0x20040894) sendmsg$auto_NL80211_CMD_GET_REG(r2, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x20, r4, 0x1028, 0x70bd2b, 0x25dfdbfd, {}, [@NL80211_ATTR_LOCAL_MESH_POWER_MODE={0x8, 0xa4, 0x4}, @NL80211_ATTR_TIMED_OUT={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x8855}, 0x10) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x181500, 0x0) fanotify_mark$auto(0xffffffffffffffff, 0x9, 0x1000000009, r0, 0x0) open(0x0, 0x0, 0x408) sendfile$auto(0x3, 0x3, 0x0, 0x400000000006) 2.928570808s ago: executing program 2 (id=1371): socket(0x2, 0x1, 0x106) socket(0x8, 0x2, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_proc_mem_operations_base(0xffffffffffffff9c, &(0x7f0000001640)='/proc/self/mem\x00', 0x401, 0x0) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) pwritev$auto(r0, &(0x7f0000000140)={0x0, 0x400000000001}, 0x5, 0x5, 0xd3b8) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$auto(0x3, 0x6f42, 0x38) ioctl$auto_TIOCSETD2(0xffffffffffffffff, 0x5423, 0x0) ioctl$auto(0xffffffffffffffff, 0x89f0, 0xffffffffffffffff) ioctl$auto_SIOCGIFHWADDR2(0xffffffffffffffff, 0x8927, 0x0) madvise$auto(0x0, 0xffffffffffff0001, 0x15) socket(0xb, 0x2, 0x8) r1 = prctl$auto(0xbb, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x3, 0x8, 0x0, 0x14, r1, 0x8000) madvise$auto(0xfe7, 0x9, 0x3) write$auto(0xffffffffffffffff, 0x0, 0xfffffdf1) pwrite64$auto(0xffffffffffffffff, 0x0, 0x32e, 0x8) mmap$auto(0x0, 0x2020009, 0x3, 0xf8, 0xfffffffffffffffa, 0x8000) madvise$auto_MADV_GUARD_INSTALL(0x0, 0x2021000, 0x66) 2.915841781s ago: executing program 0 (id=1378): sendmsg$auto_NFC_CMD_DISABLE_SE(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000003c00)={&(0x7f0000000380)=ANY=[@ANYBLOB="e0000000", @ANYRES16, @ANYBLOB="000127bd7000fcdbdf251200000005000c00ff0000000800010000000000a00019007dba6907273140a43172cc0f5945474437143f69a5777674364501bd4661e84d7eeab5f94717d98d0624f33f803fbd6a756bebd8e1f84dc9170d"], 0xe0}, 0x1, 0x0, 0x0, 0x2}, 0x8) ioctl$auto_RTC_IRQP_SET(0xffffffffffffffff, 0x4008700c, &(0x7f0000000440)=0x77b) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/virtual/tty/ttyv7/power/control\x00', 0x22902, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x189401, 0x0) close_range$auto(0x2, 0x8, 0x0) socketcall$auto(0xa, 0x0) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x0, 0xfffff004, 0x2) socket(0xa, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = socket(0x10, 0x2, 0x9) socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'bond0\x00', 0x0}) r4 = bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_5={@target_ifindex=r3, r2, 0x8, 0x7f, 0xffffffffffffffff, @relative_fd, 0x4}, 0xf) r5 = bpf$auto(0x2, &(0x7f00000001c0)=@raw_tracepoint={0x5, r4, 0x0, 0x1}, 0x4) ioctl$auto_XFS_IOC_FREESP64(r5, 0x541b, 0x0) 2.913868932s ago: executing program 3 (id=1379): socket(0x80000000000000a, 0x2, 0x0) socket(0x10, 0x2, 0x0) socket(0x15, 0x5, 0x0) mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x40eb2, 0xd, 0x300000000000) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/bus/usb/013/001\x00', 0xa901, 0x0) socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0) socket(0x10, 0x2, 0xc) socket(0x10, 0x2, 0x0) socket(0x15, 0x5, 0x0) socket(0x2, 0x1, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) pipe$auto(0x0) close_range$auto(0x2, 0xffffffffffffffff, 0x0) open(0x0, 0x22240, 0x6f) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0x2100, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x2, 0x0) r1 = socket(0xa, 0x801, 0x84) getsockopt$auto(r1, 0x84, 0x82, 0x0, 0x0) ioctl$auto(0x3, 0x80106f53, r0) 1.582126652s ago: executing program 1 (id=1372): r0 = socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) r1 = openat$auto_ftrace_set_event_notrace_pid_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/tracing/set_event_notrace_pid\x00', 0x582, 0x0) write$auto_console_fops_tty_io(r1, &(0x7f0000001240)='4', 0x1) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) close_range$auto(0x2, 0x8, 0x0) openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) pwrite64$auto(r0, &(0x7f0000000000)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x88\xa8s\x1c\b\x06\x8a>)\x14\r>\x94\x1a\xd3\xd3\x1d\xf8\xbebZ\xddL\'\x03\xf1`\x9f\x1e\xf9\xa4\xf8\x15\x02l@\x18*\xc0\xc1\xf2\x14^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x0e\xa4\xdf\xdav\x1cC\x8a\xeeq\xf0\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2', 0x4e, 0x3) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/cgroup.threads\x00', 0x80302, 0x0) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r3) ioctl$auto_KVM_CREATE_VM(r2, 0xae80, 0x0) close_range$auto(0x2, 0x8, 0x0) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000600)={{&(0x7f0000000400)="5cdd59f1a68d086a02a2cc1399c7b3f7410eb36cfbec7e7224eaf6de379d09771080b197b8057225ffa98bc9a7bd53a5aee9a2d48d74d149c199be3009d2d61af64942e106e9b586aabcd7ae4de8a0e87e02af7f6af674c2fc8d8a8a78916f9c23e6b8a8be7141ae87f2996f079bfcbadc2ef4a6a3e894ba7dd3d9f11bd4d05558df32f9eeb4fda5e29576787e2ced58e35355c37e1ff8a11d36a067d362a37323c582eee83ea4cc9e7f", 0x6, &(0x7f0000000540)={&(0x7f00000004c0)="35a4988620ed7f4ab66aa8948d2c0530bb25f6057ba29add8bbc1d2db5f8682804b365a0d809d366e189194941627ddf76d73565a6133f661519a99780edab37135a9058cfbea6f19ec9ad30287159ec1c6afd59583911a5239ff895b0871d32f098c6cfdef0b944fe4659694d8716"}, 0x2, &(0x7f0000000580)="6ea0838008f497d022b78e5e7eb7c80c499b948523cfff8c50f12ebc124c316e0b644f39bb8b55a743fb004e0ed1aec82d0b82794ab3801ad7705749f562a3d87256f1ec7ebea9a0fd16decd422f095cc3abfc2c4e7fcc9916d6a7139c731bdeed", 0x4, 0xc7b}, 0xfffffffe}, 0x6, 0x2) 1.581317048s ago: executing program 3 (id=1373): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mtdblock0\x00', 0x2400, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) r0 = socket(0x2d, 0x2, 0x0) sendmsg$auto_SMC_NETLINK_ENABLE_SEID(r0, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40000}, 0x42804) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x14240, 0x145) r1 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f00000010c0)='/dev/snd/controlC1\x00', 0x802, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_ADD(r1, 0xc1105517, &(0x7f0000000140)={{@inferred, 0x0, 0x4, 0x8, "3112d585005a614d19e22af9ffb683dbede3d0bf828bbfba40f035f4be6b7fe5e2f94bd90484b0755015e48d"}, 0x3, 0x5, 0x4, @inferred, @enumerated={0x3, 0x800, "c832bcbae48ab01ec23457b7fd2dd3547c4e2eeba79edd0d1599ded9cbfaf517162fbe6a6f50f1aaa18fb20cabb4f176263bb0e781e3d0a2f992e8fcdcec86d9", 0x400, 0xc278}, "7a9fc199a16a2311eacf2fc7ae1da978dc3e8090334fdd73340238d212b6debe0ada55bdd70925450e24e87212f0bcab84a16f7ce8cbce0bb32777702b8d7c2d"}) mmap$auto(0x0, 0x20005, 0x4000000000df, 0xeb1, 0xffffffffffffffff, 0x8000) socket(0x2, 0x801, 0x106) openat$auto_i2cdev_fops_i2c_dev(0xffffffffffffff9c, &(0x7f0000000040), 0x3240, 0x0) getsockopt$auto(0xffffffffffffffff, 0x101, 0x4, 0x0, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$auto(0x3, 0xc00caee0, 0xffffffffffffffff) bpf$auto(0x2, &(0x7f00000001c0)=@bpf_attr_11={0x1, 0x7, 0x3, 0x5, 0x8, 0x9, 0x6}, 0x4) 1.579414401s ago: executing program 0 (id=1382): statmount$auto(0x0, &(0x7f0000000180)={0x770, 0xfffffffe, 0x8, 0x4, 0x4005, 0x0, 0x5, 0x400, 0x3, 0x9, 0x6, 0x6, 0x4, 0x11ffffffffffb, 0xc, 0xffffffffffffffff, 0x6, 0x10, 0x80, 0x801, 0x8000, 0x1, 0x1, 0x202, 0xd, 0xbca7, 0xfffffffffffffff6, 0x0, 0x0, 0x0, 0x6b4, [0x2, 0x6, 0x0, 0xc, 0x0, 0x0, 0x20000000000, 0x3, 0x4, 0xb, 0x3169b201, 0x0, 0x3, 0xfffffffffffffc01, 0x5, 0xfffffbfffffffffb, 0x0, 0x9, 0x2000000, 0xfffffffffffffffe, 0x0, 0x8, 0xfffffffffffffffe, 0x200000000000000, 0x0, 0x8000000000000000, 0x0, 0x1, 0x0, 0x7fffffff, 0x101, 0x0, 0x20000000000000, 0x40000000000000, 0x1000000000000200, 0x0, 0x400, 0x96, 0x5, 0x4, 0xe17, 0xfffffffffffffffc, 0x6]}, 0x1fe, 0x1) ioctl$auto_TUNSETVNETLE2(0xffffffffffffffff, 0x400454dc, &(0x7f0000000040)=0x81) r0 = openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f0000000180), 0x1541, 0x0) openat$auto_proc_mountinfo_operations_mnt_namespace(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/mountinfo\x00', 0xe0000, 0x0) syz_clone(0x80000000, &(0x7f0000000000)="085a1056b6aa2f10d8ddee0633aea682a5ff", 0x12, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) io_uring_setup$auto(0x6, 0x0) r1 = socket(0x10, 0x2, 0xa) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) getcwd$auto(0x0, 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) inotify_init1$auto(0x3000000000000) inotify_add_watch$auto(0x4, 0x0, 0x4000e6e) openat$auto_percpu_stats_fops_(0xffffffffffffff9c, 0x0, 0x8800, 0x0) socket(0xa, 0x2, 0x0) getpeername$auto(0x3, 0x0, 0x0) setsockopt$auto(r1, 0x104000000000010e, 0x1, 0x0, 0x16) r2 = socket(0x10, 0x2, 0x4) sendmsg$auto_NFSD_CMD_THREADS_SET(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c0000001400c72da808bf8d5feacf8510"], 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x400c001) write$auto(r2, &(0x7f0000000000)='-\x00', 0x2fb) ioctl$auto__ctl_fops_dm_ioctl(r0, 0xfffffffffffffd03, &(0x7f00000001c0)) 1.36170789s ago: executing program 3 (id=1374): openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sg0\x00', 0x8001, 0x0) socket(0xa, 0x1, 0x84) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x80, 0x0) read$auto(r0, 0x0, 0x20) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3) connect$auto(0x3, &(0x7f0000000080)=@tipc=@id={0x1e, 0x3, 0x0, {0x4e21, 0x1}}, 0x54) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mlock$auto(0x800, 0x85fc) remap_file_pages$auto(0x6a27, 0x7ffffffd, 0x0, 0x3, 0x4) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) r2 = openat$auto_ubi_ctrl_cdev_operations_ubi(0xffffffffffffff9c, &(0x7f0000000180), 0x40900, 0x0) ioctl$auto_UBI_IOCATT(r2, 0x40186f40, 0x0) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x802, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'vlan0\x00'}) r3 = openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000001c80)='/dev/fb0\x00', 0x20401, 0x0) ioctl$auto_TUNSETCARRIER(0xffffffffffffffff, 0x400454e2, &(0x7f0000000080)=0x6a) ioctl$auto_FBIOPUT_VSCREENINFO(r3, 0x4601, 0x0) 970.103833ms ago: executing program 2 (id=1375): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) unshare$auto(0x8000000) semtimedop$auto(0x0, &(0x7f0000000000)={0x7, 0x9, 0x36ec}, 0x1f4, 0x0) mkdir$auto(&(0x7f0000000000)='./cgroup.cpu/cpuset.cpus\x00', 0x8cd) bpf$auto_BPF_OBJ_GET_INFO_BY_FD(0xf, &(0x7f00000002c0)=@test={0xffffffffffffffff, 0x0, 0x856, 0x189, 0x8, 0x7fff, 0x7fff, 0x10000, 0xc91a, 0x7, 0x5, 0x3, 0x3, 0x3, 0x6}, 0x1) close_range$auto(0x0, 0xfffffffffffff000, 0x2) r0 = inotify_init1$auto(0x3000000000000) socket$nl_generic(0x11, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x2, 0x1) openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000180)='/proc/thread-self/smaps_rollup\x00', 0x840, 0x0) read$auto(r0, 0x0, 0x7) socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @loopback}, 0x54) write$auto(0x3, 0x0, 0xfdef) write$auto(0x3, 0x0, 0xfdef) 686.037419ms ago: executing program 0 (id=1376): openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000000240)='/dev/fb0\x00', 0x2a082, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_smc_gen_netlink(0x0, 0xffffffffffffffff) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/v4l-subdev6\x00', 0x103281, 0x0) mmap$auto(0x0, 0x20009, 0x4000000001df, 0xeb1, 0x401, 0x8000) openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000140), 0x8040, 0x0) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/platform/dummy_hcd.7/usb8/authorized_default\x00', 0x20582, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup.cpu/hugetlb.2MB.rsvd.limit_in_bytes\x00', 0x0, 0x0) read$auto(r0, 0x0, 0x20) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ram5\x00', 0x14fa02, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/bus/usb/001/001\x00', 0x0, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/module/kfence/parameters/sample_interval\x00', 0x102, 0x0) socket$nl_generic(0x10, 0x3, 0x10) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) open(0x0, 0x261c2, 0x84) socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) r1 = openat$auto_ucma_fops_ucma(0xffffffffffffff9c, &(0x7f0000000180), 0x101002, 0x0) write$auto(r1, 0x0, 0xc3) 397.976241ms ago: executing program 3 (id=1377): openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/mtdblock0\x00', 0x14fe02, 0x0) getpgid$auto(0xffffffffffffffff) set_mempolicy$auto(0x7, &(0x7f0000000300)=0x2, 0x4) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r0 = openat$auto_proc_mountinfo_operations_mnt_namespace(0xffffffffffffff9c, &(0x7f0000000000)='/proc/stat\x00', 0x40002, 0x0) openat$auto_event_trigger_fops_trace(0xffffffffffffff9c, &(0x7f0000002800)='/sys/kernel/debug/tracing/events/vmalloc/free_vmap_area_noflush/trigger\x00', 0x1a1040, 0x0) sendfile$auto(r0, r0, 0x0, 0x788b) ioctl$auto(0xffffffffffffffff, 0x4, 0xffffffffffffffff) socket(0x10, 0x2, 0x4) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB], 0x1ac}}, 0x40000) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) socket(0x1d, 0x4, 0x5) close_range$auto(0x2, 0x8, 0x0) lstat$auto(0x0, &(0x7f0000000180)={0x4, 0x9, 0x6, 0x63, 0x0, 0x0, 0x0, 0xac, 0x200, 0x2, 0x40000402, 0x9, 0x9, 0xffffffffffffffff, 0x6, 0x8, 0x200000100103}) sendmsg$auto_OVS_DP_CMD_NEW(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="0f"], 0x24}, 0x1, 0x0, 0x0, 0x20000800}, 0x4) r1 = socket(0x10, 0x2, 0x6) socket(0xf, 0x3, 0x2) sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="13"], 0x1ac}, 0x1, 0x0, 0x0, 0x2000c000}, 0x4004) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xb5}, 0x1) write$auto(0x3, 0x0, 0xffd8) 247.762664ms ago: executing program 0 (id=1380): r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) r2 = openat$auto_snd_mixer_oss_f_ops_mixer_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mixer1\x00', 0x180, 0x0) ioctl$auto_OSS_ALSAEMULVER(r2, 0x40086602, &(0x7f0000000100)) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x400004, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nl80211(0x0, r3) syz_genetlink_get_family_id$auto_ovs_packet(0x0, 0xffffffffffffffff) mmap$auto(0x2000, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) syz_genetlink_get_family_id$auto_ovs_packet(0x0, 0xffffffffffffffff) ioctl$auto_SNDCTL_DSP_SETTRIGGER(r0, 0x40045010, &(0x7f0000000080)) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x8001, 0x0) keyctl$auto(0x1f, 0x1, 0x6, 0x3, 0x3ff) msync$auto(0x1ffff000, 0x1800000ff000000, 0x400000004) r4 = openat$auto_proc_pid_smaps_operations_internal(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/smaps\x00', 0x42000, 0x0) read$auto_proc_pid_smaps_operations_internal(r4, 0x0, 0x0) 135.975ms ago: executing program 1 (id=1381): openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/mtdblock0\x00', 0x14fe02, 0x0) mmap$auto(0x0, 0x7, 0xffb, 0x8000000008011, 0x3, 0x8000) semctl$auto(0x1000, 0x10, 0x3, 0x5) r0 = openat$auto_ucma_fops_ucma(0xffffffffffffff9c, &(0x7f0000000180), 0x101002, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) r1 = io_uring_setup$auto(0x5, 0x0) close_range$auto(0x2, r1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2b, 0x1, 0x0) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0xffff, @remote}, 0x69) listen$auto(0x3, 0x81) r2 = socket(0x2, 0x1, 0x0) sendmmsg$auto(r2, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x6, 0x0, 0x7, 0x1}, 0x3}, 0x4, 0x20000000) poll$auto(&(0x7f0000000d40)={0x3, 0x1, 0xa}, 0x5, 0x400) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) arch_prctl$auto(0x5003, 0x5) arch_prctl$auto(0x5002, 0x1) remap_file_pages$auto(0x40, 0x2000fff, 0x0, 0xdc, 0x100000) write$auto(r0, 0x0, 0xc3) 0s ago: executing program 2 (id=1383): mmap$auto(0x0, 0xf6, 0xdf, 0xeb1, 0x401, 0x0) openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, 0x0, 0x189002, 0x0) ioctl$auto_SW_SYNC_IOC_CREATE_FENCE(0xffffffffffffffff, 0xc0285700, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000840)='/dev/ttyS1\x00', 0x0, 0x0) r0 = openat$auto_rng_chrdev_ops_core(0xffffffffffffff9c, &(0x7f0000000000), 0x101040, 0x0) read$auto_rng_chrdev_ops_core(r0, &(0x7f0000000040)=""/4096, 0xfffffe82) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_seg6(&(0x7f0000000b40), 0xffffffffffffffff) sendmsg$auto_SEG6_CMD_SETHMAC(r1, &(0x7f0000000c80)={0x0, 0x0, &(0x7f0000000c40)={&(0x7f0000000340)=ANY=[@ANYRES32=r1, @ANYRES16=r2, @ANYRESOCT=0x0, @ANYBLOB="1ed7504904c59df2465e774c34316d44c46efb883c56ebae51f17617795dd841eeee37d8e053918c3dbe3dc4d6dfc55c502308a45b3c6519bdc52004664c5f302c98357c767a0fbe347f09be4a8901c38ef8af5c11c4f1820462b55875bb9d07a0f046fa40c75c303aa085ab0c27a783f6d916f65376dbc9af089d128b1f81d7c76ee462c360c48cca18be507730b43ee6f79dbd7b73a22bbce5460128f1832f08e7141e3604adb59a73c02a7951bb", @ANYRES64=r2, @ANYRESOCT=r1, @ANYRES64=r2], 0x2c}, 0x1, 0x0, 0x0, 0x44}, 0x84) sendmsg$auto_SEG6_CMD_DUMPHMAC(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x80000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4080}, 0x4000004) unshare$auto(0x40000080) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r3, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\a\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4.\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d5) socket(0x10, 0x2, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) pread64$auto(0xffffffffffffffff, 0x0, 0x8100000041, 0x413e) clock_nanosleep$auto(0xfffffff2, 0x5, 0x0, 0x0) kernel console output (not intermixed with test programs): 683][ T8483] program syz.1.540 not setting count and/or reply_len properly [ 275.417936][ T8500] kexec: Could not allocate control_code_buffer [ 275.831076][ T8513] vhci_hcd: not connected 4 [ 278.133568][ T8543] Process accounting paused [ 279.265740][ T8555] Process accounting resumed [ 283.025324][ T8608] futex_wake_op: syz.2.565 tries to shift op by -2048; fix this program [ 285.338747][ T8628] vhci_hcd: not connected 4 [ 286.389162][ T8656] netlink: 28 bytes leftover after parsing attributes in process `syz.3.574'. [ 286.516903][ T8656] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 286.554465][ T8655] ptp ptp0: only physical clock in use now [ 286.643477][ T8656] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 286.998856][ T50] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 287.110774][ T8666] FAULT_INJECTION: forcing a failure. [ 287.110774][ T8666] name failslab, interval 1, probability 0, space 0, times 0 [ 287.204170][ T8666] CPU: 1 UID: 0 PID: 8666 Comm: syz.2.575 Tainted: G L syzkaller #0 PREEMPT(full) [ 287.204214][ T8666] Tainted: [L]=SOFTLOCKUP [ 287.204224][ T8666] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 287.204240][ T8666] Call Trace: [ 287.204248][ T8666] [ 287.204263][ T8666] dump_stack_lvl+0x100/0x190 [ 287.204302][ T8666] should_fail_ex.cold+0x5/0xa [ 287.204339][ T8666] should_failslab+0xc2/0x120 [ 287.204373][ T8666] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 287.204400][ T8666] ? __kernfs_new_node+0xd2/0x9f0 [ 287.204440][ T8666] __kernfs_new_node+0xd2/0x9f0 [ 287.204477][ T8666] ? __pfx___kernfs_new_node+0x10/0x10 [ 287.204519][ T8666] ? find_held_lock+0x2b/0x80 [ 287.204554][ T8666] ? kernfs_root+0xee/0x2a0 [ 287.204584][ T8666] ? kernfs_root+0xee/0x2a0 [ 287.204624][ T8666] kernfs_new_node+0x11b/0x1a0 [ 287.204667][ T8666] __kernfs_create_file+0x53/0x350 [ 287.204714][ T8666] sysfs_add_file_mode_ns+0x207/0x3c0 [ 287.204753][ T8666] sysfs_merge_group+0x194/0x340 [ 287.204786][ T8666] ? __pfx_sysfs_merge_group+0x10/0x10 [ 287.204819][ T8666] ? bus_add_device+0x368/0x6b0 [ 287.204851][ T8666] ? __pfx_bus_add_device+0x10/0x10 [ 287.204878][ T8666] ? __pfx_dev_add_physical_location+0x10/0x10 [ 287.204925][ T8666] dpm_sysfs_add+0x237/0x280 [ 287.204965][ T8666] device_add+0x9ef/0x1950 [ 287.205007][ T8666] ? __pfx_device_add+0x10/0x10 [ 287.205044][ T8666] ? lockdep_init_map_type+0x5c/0x250 [ 287.205073][ T8666] ? __init_waitqueue_head+0xca/0x150 [ 287.205115][ T8666] rfkill_register+0x1ad/0xb30 [ 287.205154][ T8666] nfc_register_device+0x11f/0x3e0 [ 287.205201][ T8666] nci_register_device+0x7f1/0xb80 [ 287.205241][ T8666] ? __pfx_nci_register_device+0x10/0x10 [ 287.205290][ T8666] ? lockdep_init_map_type+0x5c/0x250 [ 287.205327][ T8666] virtual_ncidev_open+0x141/0x220 [ 287.205357][ T8666] ? __pfx_virtual_ncidev_open+0x10/0x10 [ 287.205384][ T8666] misc_open+0x26d/0x450 [ 287.205422][ T8666] ? __pfx_misc_open+0x10/0x10 [ 287.205457][ T8666] chrdev_open+0x234/0x6a0 [ 287.205491][ T8666] ? __pfx_apparmor_file_open+0x10/0x10 [ 287.205524][ T8666] ? __pfx_chrdev_open+0x10/0x10 [ 287.205565][ T8666] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 287.205611][ T8666] do_dentry_open+0x6d8/0x1660 [ 287.205644][ T8666] ? __pfx_chrdev_open+0x10/0x10 [ 287.205690][ T8666] vfs_open+0x82/0x3f0 [ 287.205735][ T8666] path_openat+0x208c/0x31a0 [ 287.205789][ T8666] ? __pfx_path_openat+0x10/0x10 [ 287.205841][ T8666] do_file_open+0x20e/0x430 [ 287.205881][ T8666] ? __pfx_do_file_open+0x10/0x10 [ 287.205957][ T8666] ? alloc_fd+0x476/0x790 [ 287.205996][ T8666] ? do_getname+0x191/0x390 [ 287.206037][ T8666] do_sys_openat2+0x10d/0x1e0 [ 287.206079][ T8666] ? __pfx_do_sys_openat2+0x10/0x10 [ 287.206124][ T8666] ? __fget_files+0x21f/0x3d0 [ 287.206167][ T8666] __x64_sys_openat+0x12d/0x210 [ 287.206194][ T8666] ? __pfx___x64_sys_openat+0x10/0x10 [ 287.206246][ T8666] ? rcu_is_watching+0x12/0xc0 [ 287.206293][ T8666] do_syscall_64+0x10b/0x830 [ 287.206321][ T8666] ? clear_bhb_loop+0x40/0x90 [ 287.206357][ T8666] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 287.206385][ T8666] RIP: 0033:0x7fa301d9ce59 [ 287.206409][ T8666] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 287.206435][ T8666] RSP: 002b:00007fa2fffb4028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 287.206461][ T8666] RAX: ffffffffffffffda RBX: 00007fa302016180 RCX: 00007fa301d9ce59 [ 287.206480][ T8666] RDX: 0000000000000002 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 287.206499][ T8666] RBP: 00007fa301e32d6f R08: 0000000000000000 R09: 0000000000000000 [ 287.206515][ T8666] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 287.206531][ T8666] R13: 00007fa302016218 R14: 00007fa302016180 R15: 00007ffe5db9d798 [ 287.206569][ T8666] [ 288.205194][ T8673] random: crng reseeded on system resumption [ 289.598151][ T8685] vhci_hcd: not connected 4 [ 291.658040][ T0] NOHZ tick-stop error: local softirq work is pending, handler #342!!! [ 292.250263][ T8723] vivid-008: ================= START STATUS ================= [ 292.309324][ T8723] vivid-008: ================== END STATUS ================== [ 294.221253][ T8732] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 294.233145][ T8732] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 294.248405][ T8732] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 294.259097][ T8732] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 294.267341][ T8732] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 294.669218][ T8753] random: crng reseeded on system resumption [ 294.697646][ T8750] netlink: 28 bytes leftover after parsing attributes in process `syz.2.592'. [ 294.742567][ T8750] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 294.805742][ T8753] hub 1-0:1.0: USB hub found [ 294.829484][ T8753] hub 1-0:1.0: 1 port detected [ 294.879540][ T8757] ptp ptp0: only physical clock in use now [ 294.960913][ T8750] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 295.728124][ T50] Bluetooth: hci0: command 0x0c1a tx timeout [ 296.289749][ T50] Bluetooth: hci3: command 0x0c1a tx timeout [ 296.290900][ T5640] Bluetooth: hci2: command 0x0c1a tx timeout [ 296.295822][ T5641] Bluetooth: hci1: command 0x0c1a tx timeout [ 298.369921][ T5640] Bluetooth: hci3: command 0x0c1a tx timeout [ 299.315050][ T8820] netlink: 28 bytes leftover after parsing attributes in process `syz.2.607'. [ 299.397142][ T8823] futex_wake_op: syz.0.615 tries to shift op by -2048; fix this program [ 299.400779][ T0] NOHZ tick-stop error: local softirq work is pending, handler #82!!! [ 299.649459][ T8820] Zero length message leads to an empty skb [ 300.234505][ T8839] random: crng reseeded on system resumption [ 303.984609][ T8898] futex_wake_op: syz.3.624 tries to shift op by -2048; fix this program [ 304.428018][ T8900] random: crng reseeded on system resumption [ 305.270408][ T8912] mmap: syz.2.626 (8912) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 308.874643][ T8959] futex_wake_op: syz.2.635 tries to shift op by -2048; fix this program [ 309.346790][ T8935] Process accounting resumed [ 309.751337][ T8957] Process accounting paused [ 311.334491][ T8991] netlink: 28 bytes leftover after parsing attributes in process `syz.1.642'. [ 313.102165][ T9016] random: crng reseeded on system resumption [ 313.228746][ T9016] hub 1-0:1.0: USB hub found [ 313.239249][ T9016] hub 1-0:1.0: 1 port detected [ 314.986341][ T5640] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 317.182814][ T1312] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.190066][ T1312] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.800455][ T9092] netlink: 'syz.3.660': attribute type 3 has an invalid length. [ 317.864192][ T9092] netlink: 94 bytes leftover after parsing attributes in process `syz.3.660'. [ 317.899517][ T9092] netlink: 'syz.3.660': attribute type 1 has an invalid length. [ 317.914512][ T9092] netlink: 'syz.3.660': attribute type 2 has an invalid length. [ 317.941840][ T9092] netlink: 4 bytes leftover after parsing attributes in process `syz.3.660'. [ 318.628974][ T9102] futex_wake_op: syz.2.662 tries to shift op by -2048; fix this program [ 320.294810][ T9127] FAULT_INJECTION: forcing a failure. [ 320.294810][ T9127] name failslab, interval 1, probability 0, space 0, times 0 [ 320.379779][ T9127] CPU: 1 UID: 0 PID: 9127 Comm: syz.1.668 Tainted: G L syzkaller #0 PREEMPT(full) [ 320.379825][ T9127] Tainted: [L]=SOFTLOCKUP [ 320.379835][ T9127] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 320.379852][ T9127] Call Trace: [ 320.379861][ T9127] [ 320.379878][ T9127] dump_stack_lvl+0x100/0x190 [ 320.379915][ T9127] should_fail_ex.cold+0x5/0xa [ 320.379952][ T9127] should_failslab+0xc2/0x120 [ 320.379986][ T9127] __kvmalloc_node_noprof+0xfa/0xa00 [ 320.380015][ T9127] ? sbitmap_init_node+0x1cc/0x720 [ 320.380069][ T9127] sbitmap_init_node+0x1cc/0x720 [ 320.380119][ T9127] sbitmap_queue_init_node+0x40/0x4a0 [ 320.380168][ T9127] blk_mq_init_tags+0x184/0x300 [ 320.380213][ T9127] blk_mq_alloc_map_and_rqs+0x218/0xeb0 [ 320.380260][ T9127] ? blk_mq_update_queue_map+0x227/0x3a0 [ 320.380306][ T9127] blk_mq_alloc_tag_set+0x848/0x1330 [ 320.380356][ T9127] loop_add+0x3b7/0xb60 [ 320.380384][ T9127] ? __pfx_loop_add+0x10/0x10 [ 320.380429][ T9127] ? find_held_lock+0x2b/0x80 [ 320.380463][ T9127] ? __fget_files+0x215/0x3d0 [ 320.380500][ T9127] loop_control_ioctl+0xae/0x620 [ 320.380530][ T9127] ? __pfx_loop_control_ioctl+0x10/0x10 [ 320.380563][ T9127] ? __pfx_loop_control_ioctl+0x10/0x10 [ 320.380595][ T9127] __x64_sys_ioctl+0x18e/0x210 [ 320.380628][ T9127] do_syscall_64+0x10b/0x830 [ 320.380655][ T9127] ? clear_bhb_loop+0x40/0x90 [ 320.380691][ T9127] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 320.380722][ T9127] RIP: 0033:0x7f7972b9ce59 [ 320.380746][ T9127] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 320.380772][ T9127] RSP: 002b:00007f7970dcd028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 320.380803][ T9127] RAX: ffffffffffffffda RBX: 00007f7972e16090 RCX: 00007f7972b9ce59 [ 320.380823][ T9127] RDX: fffffffffffffffd RSI: 0000000000004c80 RDI: 000000000000000b [ 320.380840][ T9127] RBP: 00007f7972c32d6f R08: 0000000000000000 R09: 0000000000000000 [ 320.380855][ T9127] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 320.380880][ T9127] R13: 00007f7972e16128 R14: 00007f7972e16090 R15: 00007ffde98ef098 [ 320.380918][ T9127] [ 320.384487][ T9127] blk-mq: reduced tag depth (128 -> 64) [ 322.309647][ T9136] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 323.117225][ T9167] futex_wake_op: syz.3.676 tries to shift op by -2048; fix this program [ 326.918130][ T9216] ptrace attach of "ci-qemu-gce-upstream-auto/syz-executor exec"[5639] was attempted by "ci-qemu-gce-upstream-auto/syz-executor exec"[9216] [ 328.360895][ T9224] netlink: 28 bytes leftover after parsing attributes in process `syz.0.687'. [ 328.403693][ T9229] futex_wake_op: syz.1.688 tries to shift op by -2048; fix this program [ 328.834657][ T5640] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 328.842253][ T5640] Bluetooth: hci0: Invalid handle: 0x3a4a > 0x0eff [ 330.759341][ T5723] Process accounting resumed [ 331.358430][ T9265] Process accounting resumed [ 334.121044][ T9301] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 334.274393][ T5640] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 334.282160][ T5640] Bluetooth: hci3: Invalid handle: 0x3a4a > 0x0eff [ 335.536175][ T5723] Process accounting resumed [ 336.049822][ T9325] Process accounting resumed [ 336.125236][ T9332] netlink: 28 bytes leftover after parsing attributes in process `syz.3.704'. [ 339.143299][ T9373] Page cache invalidation failure on direct I/O. Possible data corruption due to collision with buffered I/O! [ 339.194722][ T9373] File: /dev/nullb0 PID: 9373 Comm: syz.3.712 [ 339.499838][ T9351] Process accounting paused [ 339.942259][ T5640] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 339.952402][ T5640] Bluetooth: hci0: Invalid handle: 0x3a4a > 0x0eff [ 341.362494][ T808] Process accounting resumed [ 341.746604][ T9391] Process accounting resumed [ 342.026911][ T5640] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 342.858513][ T9399] futex_wake_op: syz.2.718 tries to shift op by -1; fix this program [ 344.493634][ T9435] netlink: 330 bytes leftover after parsing attributes in process `syz.2.724'. [ 344.502886][ T9435] mac80211_hwsim hwsim2 : renamed from wlan0 (while UP) [ 346.499496][ T30] audit: type=1800 audit(4294967342.907:3): pid=9455 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.726" name="file0" dev="tmpfs" ino=993 res=0 errno=0 [ 347.668748][ T9477] netlink: 342 bytes leftover after parsing attributes in process `syz.2.741'. [ 347.717168][ T50] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 347.725406][ T50] Bluetooth: hci1: Invalid handle: 0x3a4a > 0x0eff [ 348.171371][ T5640] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18 [ 348.180601][ T5640] Bluetooth: hci2: Invalid handle: 0x3a4a > 0x0eff [ 349.245574][ T9493] futex_wake_op: syz.2.734 tries to shift op by -2048; fix this program [ 349.389132][ T5730] Process accounting resumed [ 349.915670][ T9487] Process accounting resumed [ 350.256552][ T5640] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 350.264146][ T5640] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection [ 350.333987][ T5723] Process accounting resumed [ 350.378582][ T9501] FAULT_INJECTION: forcing a failure. [ 350.378582][ T9501] name failslab, interval 1, probability 0, space 0, times 0 [ 350.391673][ T9501] CPU: 0 UID: 0 PID: 9501 Comm: syz.0.746 Tainted: G L syzkaller #0 PREEMPT(full) [ 350.391716][ T9501] Tainted: [L]=SOFTLOCKUP [ 350.391726][ T9501] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 350.391742][ T9501] Call Trace: [ 350.391752][ T9501] [ 350.391762][ T9501] dump_stack_lvl+0x100/0x190 [ 350.391800][ T9501] should_fail_ex.cold+0x5/0xa [ 350.391837][ T9501] should_failslab+0xc2/0x120 [ 350.391871][ T9501] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 350.391898][ T9501] ? __kernfs_new_node+0xd2/0x9f0 [ 350.391939][ T9501] __kernfs_new_node+0xd2/0x9f0 [ 350.391976][ T9501] ? __pfx___kernfs_new_node+0x10/0x10 [ 350.392026][ T9501] ? find_held_lock+0x2b/0x80 [ 350.392067][ T9501] ? kernfs_root+0xee/0x2a0 [ 350.392099][ T9501] ? kernfs_root+0xee/0x2a0 [ 350.392141][ T9501] kernfs_new_node+0x11b/0x1a0 [ 350.392186][ T9501] __kernfs_create_file+0x53/0x350 [ 350.392236][ T9501] sysfs_add_file_mode_ns+0x207/0x3c0 [ 350.392276][ T9501] sysfs_merge_group+0x194/0x340 [ 350.392313][ T9501] ? __pfx_sysfs_merge_group+0x10/0x10 [ 350.392347][ T9501] ? bus_add_device+0x368/0x6b0 [ 350.392379][ T9501] ? __pfx_bus_add_device+0x10/0x10 [ 350.392407][ T9501] ? __pfx_dev_add_physical_location+0x10/0x10 [ 350.392458][ T9501] dpm_sysfs_add+0x237/0x280 [ 350.392499][ T9501] device_add+0x9ef/0x1950 [ 350.392543][ T9501] ? __pfx_device_add+0x10/0x10 [ 350.392582][ T9501] ? lockdep_init_map_type+0x5c/0x250 [ 350.392613][ T9501] ? __init_waitqueue_head+0xca/0x150 [ 350.392662][ T9501] rfkill_register+0x1ad/0xb30 [ 350.392706][ T9501] nfc_register_device+0x11f/0x3e0 [ 350.392756][ T9501] nci_register_device+0x7f1/0xb80 [ 350.392795][ T9501] ? __pfx_nci_register_device+0x10/0x10 [ 350.392833][ T9501] ? lockdep_init_map_type+0x5c/0x250 [ 350.392868][ T9501] virtual_ncidev_open+0x141/0x220 [ 350.392898][ T9501] ? __pfx_virtual_ncidev_open+0x10/0x10 [ 350.392927][ T9501] misc_open+0x26d/0x450 [ 350.392963][ T9501] ? __pfx_misc_open+0x10/0x10 [ 350.392998][ T9501] chrdev_open+0x234/0x6a0 [ 350.393041][ T9501] ? __pfx_apparmor_file_open+0x10/0x10 [ 350.393071][ T9501] ? __pfx_chrdev_open+0x10/0x10 [ 350.393111][ T9501] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 350.393158][ T9501] do_dentry_open+0x6d8/0x1660 [ 350.393193][ T9501] ? __pfx_chrdev_open+0x10/0x10 [ 350.393239][ T9501] vfs_open+0x82/0x3f0 [ 350.393285][ T9501] path_openat+0x208c/0x31a0 [ 350.393335][ T9501] ? __pfx_path_openat+0x10/0x10 [ 350.393386][ T9501] do_file_open+0x20e/0x430 [ 350.393426][ T9501] ? __pfx_do_file_open+0x10/0x10 [ 350.393489][ T9501] ? alloc_fd+0x476/0x790 [ 350.393524][ T9501] ? do_getname+0x191/0x390 [ 350.393565][ T9501] do_sys_openat2+0x10d/0x1e0 [ 350.393603][ T9501] ? __pfx_do_sys_openat2+0x10/0x10 [ 350.393646][ T9501] ? __fget_files+0x21f/0x3d0 [ 350.393686][ T9501] __x64_sys_openat+0x12d/0x210 [ 350.393713][ T9501] ? __pfx___x64_sys_openat+0x10/0x10 [ 350.393764][ T9501] ? rcu_is_watching+0x12/0xc0 [ 350.393804][ T9501] do_syscall_64+0x10b/0x830 [ 350.393831][ T9501] ? clear_bhb_loop+0x40/0x90 [ 350.393867][ T9501] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 350.393897][ T9501] RIP: 0033:0x7f41f039ce59 [ 350.393921][ T9501] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 350.393946][ T9501] RSP: 002b:00007f41f1277028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 350.393972][ T9501] RAX: ffffffffffffffda RBX: 00007f41f0616180 RCX: 00007f41f039ce59 [ 350.393989][ T9501] RDX: 0000000000000002 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 350.394012][ T9501] RBP: 00007f41f0432d6f R08: 0000000000000000 R09: 0000000000000000 [ 350.394031][ T9501] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 350.394047][ T9501] R13: 00007f41f0616218 R14: 00007f41f0616180 R15: 00007fff1bdc58a8 [ 350.394085][ T9501] [ 351.434081][ T9478] Process accounting resumed [ 351.710240][ T5640] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 351.717718][ T5640] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection [ 351.847790][ T9519] FAULT_INJECTION: forcing a failure. [ 351.847790][ T9519] name failslab, interval 1, probability 0, space 0, times 0 [ 351.898829][ T9519] CPU: 0 UID: 0 PID: 9519 Comm: syz.0.748 Tainted: G L syzkaller #0 PREEMPT(full) [ 351.898881][ T9519] Tainted: [L]=SOFTLOCKUP [ 351.898891][ T9519] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 351.898908][ T9519] Call Trace: [ 351.898916][ T9519] [ 351.898927][ T9519] dump_stack_lvl+0x100/0x190 [ 351.898964][ T9519] should_fail_ex.cold+0x5/0xa [ 351.899002][ T9519] should_failslab+0xc2/0x120 [ 351.899036][ T9519] __kmalloc_cache_noprof+0x7a/0x6f0 [ 351.899079][ T9519] ? kobject_uevent_env+0x263/0x18b0 [ 351.899116][ T9519] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 351.899157][ T9519] kobject_uevent_env+0x263/0x18b0 [ 351.899201][ T9519] ? bus_to_subsys+0x114/0x150 [ 351.899250][ T9519] device_add+0x116e/0x1950 [ 351.899294][ T9519] ? __pfx_device_add+0x10/0x10 [ 351.899333][ T9519] ? lockdep_init_map_type+0x5c/0x250 [ 351.899362][ T9519] ? __init_waitqueue_head+0xca/0x150 [ 351.899405][ T9519] rfkill_register+0x1ad/0xb30 [ 351.899448][ T9519] nfc_register_device+0x11f/0x3e0 [ 351.899497][ T9519] nci_register_device+0x7f1/0xb80 [ 351.899535][ T9519] ? __pfx_nci_register_device+0x10/0x10 [ 351.899579][ T9519] ? lockdep_init_map_type+0x5c/0x250 [ 351.899614][ T9519] virtual_ncidev_open+0x141/0x220 [ 351.899642][ T9519] ? __pfx_virtual_ncidev_open+0x10/0x10 [ 351.899669][ T9519] misc_open+0x26d/0x450 [ 351.899706][ T9519] ? __pfx_misc_open+0x10/0x10 [ 351.899740][ T9519] chrdev_open+0x234/0x6a0 [ 351.899775][ T9519] ? __pfx_apparmor_file_open+0x10/0x10 [ 351.899823][ T9519] ? __pfx_chrdev_open+0x10/0x10 [ 351.899871][ T9519] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 351.899918][ T9519] do_dentry_open+0x6d8/0x1660 [ 351.899952][ T9519] ? __pfx_chrdev_open+0x10/0x10 [ 351.899998][ T9519] vfs_open+0x82/0x3f0 [ 351.900046][ T9519] path_openat+0x208c/0x31a0 [ 351.900095][ T9519] ? __pfx_path_openat+0x10/0x10 [ 351.900145][ T9519] do_file_open+0x20e/0x430 [ 351.900185][ T9519] ? __pfx_do_file_open+0x10/0x10 [ 351.900247][ T9519] ? alloc_fd+0x476/0x790 [ 351.900285][ T9519] ? do_getname+0x191/0x390 [ 351.900335][ T9519] do_sys_openat2+0x10d/0x1e0 [ 351.900380][ T9519] ? __pfx_do_sys_openat2+0x10/0x10 [ 351.900428][ T9519] ? __fget_files+0x21f/0x3d0 [ 351.900471][ T9519] __x64_sys_openat+0x12d/0x210 [ 351.900498][ T9519] ? __pfx___x64_sys_openat+0x10/0x10 [ 351.900551][ T9519] ? rcu_is_watching+0x12/0xc0 [ 351.900591][ T9519] do_syscall_64+0x10b/0x830 [ 351.900617][ T9519] ? clear_bhb_loop+0x40/0x90 [ 351.900653][ T9519] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 351.900682][ T9519] RIP: 0033:0x7f41f039ce59 [ 351.900707][ T9519] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 351.900734][ T9519] RSP: 002b:00007f41f1277028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 351.900761][ T9519] RAX: ffffffffffffffda RBX: 00007f41f0616180 RCX: 00007f41f039ce59 [ 351.900781][ T9519] RDX: 0000000000000002 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 351.900893][ T9519] RBP: 00007f41f0432d6f R08: 0000000000000000 R09: 0000000000000000 [ 351.900910][ T9519] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 351.900931][ T9519] R13: 00007f41f0616218 R14: 00007f41f0616180 R15: 00007fff1bdc58a8 [ 351.900975][ T9519] [ 356.010766][ T50] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 356.018450][ T50] Bluetooth: hci1: Invalid handle: 0x3a4a > 0x0eff [ 357.616350][ T5361] Process accounting resumed [ 358.061294][ T30] audit: type=1800 audit(4294967354.471:4): pid=9588 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.756" name="file0" dev="tmpfs" ino=974 res=0 errno=0 [ 358.294287][ T9578] Process accounting resumed [ 358.978576][ T5640] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18 [ 358.987515][ T5640] Bluetooth: hci2: Invalid handle: 0x3a4a > 0x0eff [ 360.084229][ T5722] Process accounting resumed [ 360.618487][ T9606] Process accounting resumed [ 361.945530][ T50] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18 [ 361.998370][ T9644] input: f as /devices/virtual/input/input6 [ 362.083562][ T9645] FAULT_INJECTION: forcing a failure. [ 362.083562][ T9645] name failslab, interval 1, probability 0, space 0, times 0 [ 362.166355][ T9645] CPU: 0 UID: 0 PID: 9645 Comm: syz.1.760 Tainted: G L syzkaller #0 PREEMPT(full) [ 362.166397][ T9645] Tainted: [L]=SOFTLOCKUP [ 362.166407][ T9645] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 362.166424][ T9645] Call Trace: [ 362.166431][ T9645] [ 362.166437][ T9645] dump_stack_lvl+0x100/0x190 [ 362.166460][ T9645] should_fail_ex.cold+0x5/0xa [ 362.166480][ T9645] should_failslab+0xc2/0x120 [ 362.166498][ T9645] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 362.166511][ T9645] ? __kernfs_new_node+0xd2/0x9f0 [ 362.166533][ T9645] __kernfs_new_node+0xd2/0x9f0 [ 362.166552][ T9645] ? __pfx___kernfs_new_node+0x10/0x10 [ 362.166573][ T9645] ? find_held_lock+0x2b/0x80 [ 362.166592][ T9645] ? kernfs_root+0xee/0x2a0 [ 362.166607][ T9645] ? kernfs_root+0xee/0x2a0 [ 362.166630][ T9645] kernfs_new_node+0x11b/0x1a0 [ 362.166652][ T9645] __kernfs_create_file+0x53/0x350 [ 362.166676][ T9645] sysfs_add_file_mode_ns+0x207/0x3c0 [ 362.166696][ T9645] sysfs_merge_group+0x194/0x340 [ 362.166715][ T9645] ? __pfx_sysfs_merge_group+0x10/0x10 [ 362.166733][ T9645] ? bus_add_device+0x368/0x6b0 [ 362.166750][ T9645] ? __pfx_bus_add_device+0x10/0x10 [ 362.166764][ T9645] ? __pfx_dev_add_physical_location+0x10/0x10 [ 362.166789][ T9645] dpm_sysfs_add+0x237/0x280 [ 362.166810][ T9645] device_add+0x9ef/0x1950 [ 362.166832][ T9645] ? __pfx_device_add+0x10/0x10 [ 362.166851][ T9645] ? lockdep_init_map_type+0x5c/0x250 [ 362.166875][ T9645] ? __init_waitqueue_head+0xca/0x150 [ 362.166898][ T9645] rfkill_register+0x1ad/0xb30 [ 362.166921][ T9645] nfc_register_device+0x11f/0x3e0 [ 362.166947][ T9645] nci_register_device+0x7f1/0xb80 [ 362.166967][ T9645] ? __pfx_nci_register_device+0x10/0x10 [ 362.166989][ T9645] ? lockdep_init_map_type+0x5c/0x250 [ 362.167007][ T9645] virtual_ncidev_open+0x141/0x220 [ 362.167023][ T9645] ? __pfx_virtual_ncidev_open+0x10/0x10 [ 362.167037][ T9645] misc_open+0x26d/0x450 [ 362.167056][ T9645] ? __pfx_misc_open+0x10/0x10 [ 362.167075][ T9645] chrdev_open+0x234/0x6a0 [ 362.167093][ T9645] ? __pfx_apparmor_file_open+0x10/0x10 [ 362.167111][ T9645] ? __pfx_chrdev_open+0x10/0x10 [ 362.167132][ T9645] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 362.167174][ T9645] do_dentry_open+0x6d8/0x1660 [ 362.167200][ T9645] ? __pfx_chrdev_open+0x10/0x10 [ 362.167223][ T9645] vfs_open+0x82/0x3f0 [ 362.167247][ T9645] path_openat+0x208c/0x31a0 [ 362.167290][ T9645] ? __pfx_path_openat+0x10/0x10 [ 362.167337][ T9645] do_file_open+0x20e/0x430 [ 362.167374][ T9645] ? __pfx_do_file_open+0x10/0x10 [ 362.167437][ T9645] ? alloc_fd+0x476/0x790 [ 362.167476][ T9645] ? do_getname+0x191/0x390 [ 362.167522][ T9645] do_sys_openat2+0x10d/0x1e0 [ 362.167566][ T9645] ? __pfx_do_sys_openat2+0x10/0x10 [ 362.167614][ T9645] ? __fget_files+0x21f/0x3d0 [ 362.167656][ T9645] __x64_sys_openat+0x12d/0x210 [ 362.167685][ T9645] ? __pfx___x64_sys_openat+0x10/0x10 [ 362.167737][ T9645] ? rcu_is_watching+0x12/0xc0 [ 362.167777][ T9645] do_syscall_64+0x10b/0x830 [ 362.167804][ T9645] ? clear_bhb_loop+0x40/0x90 [ 362.167839][ T9645] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 362.167876][ T9645] RIP: 0033:0x7f7972b9ce59 [ 362.167900][ T9645] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 362.167927][ T9645] RSP: 002b:00007f7970dac028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 362.167954][ T9645] RAX: ffffffffffffffda RBX: 00007f7972e16180 RCX: 00007f7972b9ce59 [ 362.167972][ T9645] RDX: 0000000000000002 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 362.167990][ T9645] RBP: 00007f7972c32d6f R08: 0000000000000000 R09: 0000000000000000 [ 362.168006][ T9645] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 362.168022][ T9645] R13: 00007f7972e16218 R14: 00007f7972e16180 R15: 00007ffde98ef098 [ 362.168062][ T9645] [ 365.021030][ T9676] smpboot: CPU 1 is now offline [ 365.039275][ T50] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 365.046849][ T50] Bluetooth: hci3: Invalid handle: 0x3a4a > 0x0eff [ 366.443869][ T9681] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 366.485237][ T9681] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 366.527425][ T5722] Process accounting resumed [ 366.581998][ T9681] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 366.626556][ T9681] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 366.698437][ T9681] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 366.763823][ T9681] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 366.812511][ T9681] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 367.246260][ T9699] Process accounting resumed [ 368.402015][ T50] Bluetooth: hci0: command 0x0c1a tx timeout [ 368.644178][ T50] Bluetooth: hci1: command 0x0c1a tx timeout [ 368.725967][ T50] Bluetooth: hci2: command 0x0c1a tx timeout [ 368.882775][ T50] Bluetooth: hci3: command 0x0c1a tx timeout [ 370.483159][ T50] Bluetooth: hci0: command 0x0c1a tx timeout [ 370.723170][ T50] Bluetooth: hci1: command 0x0c1a tx timeout [ 370.803557][ T50] Bluetooth: hci2: command 0x0c1a tx timeout [ 371.116106][ T50] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 371.123819][ T50] Bluetooth: hci1: Invalid handle: 0x3a4a > 0x0eff [ 371.239183][ T9765] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 371.267516][ T9765] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 371.318615][ T9765] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 371.346758][ T9765] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 371.770670][ T9780] FAULT_INJECTION: forcing a failure. [ 371.770670][ T9780] name failslab, interval 1, probability 0, space 0, times 0 [ 371.865787][ T9780] CPU: 0 UID: 0 PID: 9780 Comm: syz.2.787 Tainted: G L syzkaller #0 PREEMPT(full) [ 371.865813][ T9780] Tainted: [L]=SOFTLOCKUP [ 371.865819][ T9780] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 371.865828][ T9780] Call Trace: [ 371.865834][ T9780] [ 371.865839][ T9780] dump_stack_lvl+0x100/0x190 [ 371.865861][ T9780] should_fail_ex.cold+0x5/0xa [ 371.865880][ T9780] should_failslab+0xc2/0x120 [ 371.865898][ T9780] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 371.865913][ T9780] ? mqueue_alloc_inode+0x25/0x50 [ 371.865934][ T9780] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 371.865952][ T9780] ? __pfx_mqueue_alloc_inode+0x10/0x10 [ 371.865980][ T9780] mqueue_alloc_inode+0x25/0x50 [ 371.866001][ T9780] alloc_inode+0x68/0x250 [ 371.866019][ T9780] new_inode+0x22/0x1c0 [ 371.866035][ T9780] mqueue_get_inode+0x2e/0xe00 [ 371.866057][ T9780] ? sget_fc+0x801/0xc70 [ 371.866074][ T9780] ? __pfx_mqueue_fill_super+0x10/0x10 [ 371.866095][ T9780] mqueue_fill_super+0x14d/0x260 [ 371.866117][ T9780] get_tree_nodev+0xdd/0x190 [ 371.866134][ T9780] mqueue_get_tree+0xf1/0x130 [ 371.866155][ T9780] vfs_get_tree+0x92/0x320 [ 371.866170][ T9780] fc_mount_longterm+0x1a/0x270 [ 371.866186][ T9780] mq_init_ns+0x482/0x820 [ 371.866202][ T9780] copy_ipcs+0x3dd/0x7e0 [ 371.866219][ T9780] create_new_namespaces+0x20a/0xac0 [ 371.866238][ T9780] ? security_capable+0x80/0x260 [ 371.866263][ T9780] unshare_nsproxy_namespaces+0xf2/0x220 [ 371.866284][ T9780] ksys_unshare+0x438/0xab0 [ 371.866306][ T9780] ? __pfx_ksys_unshare+0x10/0x10 [ 371.866326][ T9780] ? xfd_validate_state+0x129/0x190 [ 371.866348][ T9780] __x64_sys_unshare+0x31/0x40 [ 371.866368][ T9780] do_syscall_64+0x10b/0x830 [ 371.866382][ T9780] ? clear_bhb_loop+0x40/0x90 [ 371.866399][ T9780] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 371.866414][ T9780] RIP: 0033:0x7fa301d9ce59 [ 371.866427][ T9780] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 371.866441][ T9780] RSP: 002b:00007fa2ffb91028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 371.866455][ T9780] RAX: ffffffffffffffda RBX: 00007fa302016270 RCX: 00007fa301d9ce59 [ 371.866465][ T9780] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000006c000000 [ 371.866473][ T9780] RBP: 00007fa301e32d6f R08: 0000000000000000 R09: 0000000000000000 [ 371.866482][ T9780] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 371.866490][ T9780] R13: 00007fa302016308 R14: 00007fa302016270 R15: 00007ffe5db9d798 [ 371.866510][ T9780] [ 372.645514][ T9753] Process accounting paused [ 372.811674][ T5737] Process accounting resumed [ 372.844278][ T9766] Process accounting resumed [ 373.157139][ T9782] futex_wake_op: syz.1.786 tries to shift op by -1; fix this program [ 373.284638][ T50] Bluetooth: hci1: command 0x0c1a tx timeout [ 373.290715][ T5640] Bluetooth: hci0: command 0x0c1a tx timeout [ 373.365285][ T50] Bluetooth: hci3: command 0x0c1a tx timeout [ 373.371501][ T5640] Bluetooth: hci2: command 0x0c1a tx timeout [ 375.601420][ T9826] netlink: 4 bytes leftover after parsing attributes in process `syz.2.796'. [ 375.645066][ T9826] netlink: 'syz.2.796': attribute type 2 has an invalid length. [ 375.690794][ T9826] netlink: 'syz.2.796': attribute type 3 has an invalid length. [ 375.732084][ T9826] netlink: 51465 bytes leftover after parsing attributes in process `syz.2.796'. [ 375.840674][ T9830] netlink: 186 bytes leftover after parsing attributes in process `syz.3.797'. [ 375.890817][ T9828] can: request_module (can-proto-5) failed. [ 377.368409][ T1312] ieee802154 phy0 wpan0: encryption failed: -22 [ 377.375925][ T1312] ieee802154 phy1 wpan1: encryption failed: -22 [ 377.833920][ T9864] [ 379.730596][ T9901] netlink: 8 bytes leftover after parsing attributes in process `syz.2.814'. [ 383.850511][ T50] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 383.860938][ T50] Bluetooth: hci1: Invalid handle: 0x3a4a > 0x0eff [ 385.506201][ T10] Process accounting resumed [ 385.776087][ T9995] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input7 [ 386.035282][ T9986] Process accounting resumed [ 386.460656][T10008] netlink: 342 bytes leftover after parsing attributes in process `syz.2.828'. [ 386.545381][T10012] futex_wake_op: syz.0.825 tries to shift op by -1; fix this program [ 389.097919][T10046] netlink: 4 bytes leftover after parsing attributes in process `syz.3.838'. [ 389.159388][T10049] netlink: 'syz.3.838': attribute type 1 has an invalid length. [ 389.211270][T10049] netlink: 51465 bytes leftover after parsing attributes in process `syz.3.838'. [ 391.339986][T10064] Process accounting paused [ 391.479188][T10091] netlink: 342 bytes leftover after parsing attributes in process `syz.3.847'. [ 391.552479][T10095] netlink: 334 bytes leftover after parsing attributes in process `syz.0.849'. [ 391.577405][T10096] netlink: 342 bytes leftover after parsing attributes in process `syz.3.847'.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   syzkaller syzkaller login: [ 441.429714][T10992] vivid-007: ================= START STATUS ================= [ 441.474996][T10992] vivid-007: Generate PTS: true [ 441.507235][T10992] vivid-007: Generate SCR: true [ 441.544070][T10992] tpg source WxH: 320x240 (Y'CbCr) [ 441.565894][T10992] tpg field: 1 [ 441.577216][T10992] tpg crop: (0,0)/320x240 [ 441.595555][T10992] tpg compose: (0,0)/320x240 [ 441.617428][T10992] tpg colorspace: 8 [ 441.636480][T10992] tpg transfer function: 0/0 [ 441.684060][T10992] tpg Y'CbCr encoding: 0/0 [ 441.710184][T10992] tpg quantization: 0/0 [ 441.726383][T10992] tpg RGB range: 0/2 [ 441.742556][T10992] vivid-007: ================== END STATUS ================== [ 442.501906][ T5640] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 442.660643][T11012] futex_wake_op: syz.2.996 tries to shift op by -2048; fix this program [ 442.775338][T10996] netlink: 12 bytes leftover after parsing attributes in process `syz.1.992'. [ 442.797012][T11012] futex_wake_op: syz.2.996 tries to shift op by -2048; fix this program [ 444.273717][T10986] kexec: Could not allocate control_code_buffer [ 445.096272][ T808] ACPI Error: Could not disable RealTimeClock events (20251212/evxfevnt-243) [ 445.554053][T11041] ovs_: entered promiscuous mode [ 447.326060][T11075] random: crng reseeded on system resumption [ 447.420644][T11077] netlink: zone id is out of range [ 447.454706][T11077] netlink: zone id is out of range [ 447.550388][T11077] netlink: set zone limit has 8 unknown bytes [ 448.572713][T11095] zswap: compressor 000 not available [ 448.778241][T11105] FAULT_INJECTION: forcing a failure. [ 448.778241][T11105] name fail_futex, interval 1, probability 0, space 0, times 0 [ 448.880397][T11105] CPU: 0 UID: 0 PID: 11105 Comm: syz.1.1020 Tainted: G L syzkaller #0 PREEMPT(full) [ 448.880424][T11105] Tainted: [L]=SOFTLOCKUP [ 448.880429][T11105] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 448.880438][T11105] Call Trace: [ 448.880444][T11105] [ 448.880450][T11105] dump_stack_lvl+0x100/0x190 [ 448.880471][T11105] should_fail_ex.cold+0x5/0xa [ 448.880492][T11105] get_futex_key+0x1d2/0x1510 [ 448.880510][T11105] ? __pfx_get_futex_key+0x10/0x10 [ 448.880532][T11105] futex_wake+0xea/0x530 [ 448.880552][T11105] ? __do_sys_mremap+0x97f/0x1850 [ 448.880567][T11105] ? __pfx_futex_wake+0x10/0x10 [ 448.880590][T11105] ? __pfx___do_sys_mremap+0x10/0x10 [ 448.880607][T11105] do_futex+0x32b/0x350 [ 448.880624][T11105] ? __pfx_do_futex+0x10/0x10 [ 448.880644][T11105] __x64_sys_futex+0x34f/0x4d0 [ 448.880671][T11105] ? __pfx___x64_sys_futex+0x10/0x10 [ 448.880691][T11105] ? rcu_is_watching+0x12/0xc0 [ 448.880712][T11105] do_syscall_64+0x10b/0x830 [ 448.880726][T11105] ? clear_bhb_loop+0x40/0x90 [ 448.880744][T11105] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 448.880759][T11105] RIP: 0033:0x7f7972b9ce59 [ 448.880772][T11105] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 448.880786][T11105] RSP: 002b:00007f7970dee0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 448.880801][T11105] RAX: ffffffffffffffda RBX: 00007f7972e15fa8 RCX: 00007f7972b9ce59 [ 448.880811][T11105] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f7972e15fac [ 448.880820][T11105] RBP: 00007f7972e15fa0 R08: 0000000000000001 R09: 0000000000000000 [ 448.880828][T11105] R10: 0000000100000000 R11: 0000000000000246 R12: 0000000000000000 [ 448.880837][T11105] R13: 00007f7972e16038 R14: 00007ffde98eefb0 R15: 00007ffde98ef098 [ 448.880856][T11105] [ 452.049184][T11144] random: crng reseeded on system resumption [ 452.088174][T11135] FAULT_INJECTION: forcing a failure. [ 452.088174][T11135] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 452.231575][T11135] CPU: 0 UID: 0 PID: 11135 Comm: syz.0.1026 Tainted: G L syzkaller #0 PREEMPT(full) [ 452.231601][T11135] Tainted: [L]=SOFTLOCKUP [ 452.231606][T11135] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 452.231616][T11135] Call Trace: [ 452.231621][T11135] [ 452.231628][T11135] dump_stack_lvl+0x100/0x190 [ 452.231650][T11135] should_fail_ex.cold+0x5/0xa [ 452.231667][T11135] ? prepare_alloc_pages+0x16d/0x5f0 [ 452.231689][T11135] should_fail_alloc_page+0xeb/0x140 [ 452.231708][T11135] prepare_alloc_pages+0x1f0/0x5f0 [ 452.231730][T11135] __alloc_frozen_pages_noprof+0x19a/0x2bc0 [ 452.231749][T11135] ? rcu_is_watching+0x12/0xc0 [ 452.231768][T11135] ? trace_mm_page_alloc+0x163/0x1d0 [ 452.231787][T11135] ? __alloc_frozen_pages_noprof+0x2b1/0x2bc0 [ 452.231803][T11135] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 452.231819][T11135] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 452.231841][T11135] ? lockdep_hardirqs_on+0x78/0x100 [ 452.231855][T11135] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 452.231876][T11135] ? stack_depot_save_flags+0x479/0x9d0 [ 452.231899][T11135] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 452.231913][T11135] ? kasan_save_stack+0x3f/0x50 [ 452.231927][T11135] ? kasan_save_stack+0x30/0x50 [ 452.231940][T11135] ? kasan_save_track+0x14/0x30 [ 452.231958][T11135] ? kmem_cache_alloc_node_noprof+0x25a/0x6f0 [ 452.231974][T11135] ? __get_vm_area_node+0x1ca/0x330 [ 452.231991][T11135] ? __vmalloc_node_range_noprof+0x228/0x1630 [ 452.232010][T11135] ? __kvmalloc_node_noprof+0x3de/0xa00 [ 452.232024][T11135] ? __do_sys_listmount+0x289/0xee0 [ 452.232040][T11135] ? do_syscall_64+0x10b/0x830 [ 452.232052][T11135] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 452.232074][T11135] alloc_pages_bulk_noprof+0x649/0x1360 [ 452.232093][T11135] ? policy_nodemask+0xed/0x4f0 [ 452.232112][T11135] ? __pfx_alloc_pages_bulk_noprof+0x10/0x10 [ 452.232137][T11135] __kasan_populate_vmalloc+0xf0/0x210 [ 452.232156][T11135] alloc_vmap_area+0x95d/0x2b70 [ 452.232181][T11135] ? __pfx_alloc_vmap_area+0x10/0x10 [ 452.232203][T11135] __get_vm_area_node+0x1ca/0x330 [ 452.232225][T11135] __vmalloc_node_range_noprof+0x228/0x1630 [ 452.232245][T11135] ? __do_sys_listmount+0x289/0xee0 [ 452.232260][T11135] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 452.232294][T11135] ? __do_sys_listmount+0x289/0xee0 [ 452.232313][T11135] ? alloc_pages_mpol+0x25a/0x540 [ 452.232332][T11135] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 452.232356][T11135] ? rcu_is_watching+0x12/0xc0 [ 452.232378][T11135] __kvmalloc_node_noprof+0x3de/0xa00 [ 452.232395][T11135] ? __do_sys_listmount+0x289/0xee0 [ 452.232410][T11135] ? __do_sys_listmount+0x289/0xee0 [ 452.232425][T11135] ? _copy_from_user+0x59/0xd0 [ 452.232441][T11135] ? copy_mnt_id_req+0x1b1/0x350 [ 452.232466][T11135] __do_sys_listmount+0x289/0xee0 [ 452.232482][T11135] ? __pfx_do_futex+0x10/0x10 [ 452.232500][T11135] ? __fget_files+0x21f/0x3d0 [ 452.232518][T11135] ? __pfx___do_sys_listmount+0x10/0x10 [ 452.232543][T11135] ? rcu_is_watching+0x12/0xc0 [ 452.232562][T11135] do_syscall_64+0x10b/0x830 [ 452.232576][T11135] ? clear_bhb_loop+0x40/0x90 [ 452.232593][T11135] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 452.232609][T11135] RIP: 0033:0x7f41f039ce59 [ 452.232623][T11135] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 452.232637][T11135] RSP: 002b:00007f41f12b9028 EFLAGS: 00000246 ORIG_RAX: 00000000000001ca [ 452.232653][T11135] RAX: ffffffffffffffda RBX: 00007f41f0615fa0 RCX: 00007f41f039ce59 [ 452.232663][T11135] RDX: 00000000000f4240 RSI: 0000000000000000 RDI: 0000200000000080 [ 452.232672][T11135] RBP: 00007f41f0432d6f R08: 0000000000000000 R09: 0000000000000000 [ 452.232681][T11135] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 452.232690][T11135] R13: 00007f41f0616038 R14: 00007f41f0615fa0 R15: 00007fff1bdc58a8 [ 452.232710][T11135] [ 453.023659][T11135] syz.0.1026: vmalloc error: size 8000000, vm_struct allocation failed, mode:0x400cc0(GFP_KERNEL_ACCOUNT), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 453.087740][T11135] CPU: 0 UID: 0 PID: 11135 Comm: syz.0.1026 Tainted: G L syzkaller #0 PREEMPT(full) [ 453.087769][T11135] Tainted: [L]=SOFTLOCKUP [ 453.087774][T11135] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 453.087784][T11135] Call Trace: [ 453.087790][T11135] [ 453.087796][T11135] dump_stack_lvl+0x100/0x190 [ 453.087818][T11135] warn_alloc.cold+0x95/0x1c1 [ 453.087835][T11135] ? __pfx_warn_alloc+0x10/0x10 [ 453.087849][T11135] ? lockdep_hardirqs_on+0x78/0x100 [ 453.087866][T11135] ? __get_vm_area_node+0x2c5/0x330 [ 453.087889][T11135] ? __get_vm_area_node+0x208/0x330 [ 453.087911][T11135] __vmalloc_node_range_noprof+0xccd/0x1630 [ 453.087931][T11135] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 453.087960][T11135] ? __do_sys_listmount+0x289/0xee0 [ 453.087979][T11135] ? alloc_pages_mpol+0x25a/0x540 [ 453.087998][T11135] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 453.088022][T11135] ? rcu_is_watching+0x12/0xc0 [ 453.088044][T11135] __kvmalloc_node_noprof+0x3de/0xa00 [ 453.088061][T11135] ? __do_sys_listmount+0x289/0xee0 [ 453.088076][T11135] ? __do_sys_listmount+0x289/0xee0 [ 453.088091][T11135] ? _copy_from_user+0x59/0xd0 [ 453.088107][T11135] ? copy_mnt_id_req+0x1b1/0x350 [ 453.088131][T11135] __do_sys_listmount+0x289/0xee0 [ 453.088147][T11135] ? __pfx_do_futex+0x10/0x10 [ 453.088166][T11135] ? __fget_files+0x21f/0x3d0 [ 453.088184][T11135] ? __pfx___do_sys_listmount+0x10/0x10 [ 453.088215][T11135] ? rcu_is_watching+0x12/0xc0 [ 453.088236][T11135] do_syscall_64+0x10b/0x830 [ 453.088251][T11135] ? clear_bhb_loop+0x40/0x90 [ 453.088269][T11135] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 453.088285][T11135] RIP: 0033:0x7f41f039ce59 [ 453.088300][T11135] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 453.088314][T11135] RSP: 002b:00007f41f12b9028 EFLAGS: 00000246 ORIG_RAX: 00000000000001ca [ 453.088329][T11135] RAX: ffffffffffffffda RBX: 00007f41f0615fa0 RCX: 00007f41f039ce59 [ 453.088339][T11135] RDX: 00000000000f4240 RSI: 0000000000000000 RDI: 0000200000000080 [ 453.088349][T11135] RBP: 00007f41f0432d6f R08: 0000000000000000 R09: 0000000000000000 [ 453.088358][T11135] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 453.088367][T11135] R13: 00007f41f0616038 R14: 00007f41f0615fa0 R15: 00007fff1bdc58a8 [ 453.088387][T11135] [ 453.088401][T11135] Mem-Info: [ 453.339986][T11126] Process accounting paused [ 453.381124][T11142] hub 1-0:1.0: USB hub found [ 453.424298][T11142] hub 1-0:1.0: 1 port detected [ 454.318214][T11150] Format for adding new port is "id [perm_addr]" (uint MAC). [ 454.579184][T11152] can0: slcan on ttyS2. [ 454.675539][T11152] can0 (unregistered): slcan off ttyS2. [ 454.869514][T11162] random: crng reseeded on system resumption [ 454.885323][T11135] active_anon:40662 inactive_anon:12 isolated_anon:0 [ 454.885323][T11135] active_file:15433 inactive_file:42749 isolated_file:0 [ 454.885323][T11135] unevictable:777 dirty:114 writeback:0 [ 454.885323][T11135] slab_reclaimable:11180 slab_unreclaimable:95893 [ 454.885323][T11135] mapped:43373 shmem:34463 pagetables:1257 [ 454.885323][T11135] sec_pagetables:0 bounce:0 [ 454.885323][T11135] kernel_misc_reclaimable:0 [ 454.885323][T11135] free:1275634 free_pcp:23984 free_cma:0 [ 455.370548][T11135] Node 0 active_anon:169308kB inactive_anon:256kB active_file:61528kB inactive_file:170696kB unevictable:1572kB isolated(anon):0kB isolated(file):0kB mapped:181600kB dirty:68kB writeback:0kB shmem:142860kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:11456kB pagetables:5056kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB gpu_active:0kB gpu_reclaim:0kB [ 455.511422][T11182] Line length is too long: Should be less than 4094 [ 455.802024][T11135] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:308kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:108kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:32kB pagetables:140kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB gpu_active:0kB gpu_reclaim:0kB [ 456.191997][T11135] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 456.273780][T11193] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input9 [ 456.549833][T11135] lowmem_reserve[]: 0 2477 2478 2478 2478 [ 456.615390][T11135] Node 0 DMA32 free:1167748kB boost:0kB min:34056kB low:42568kB high:51080kB reserved_highatomic:0KB free_highatomic:0KB active_anon:194276kB inactive_anon:48kB active_file:63816kB inactive_file:170696kB unevictable:1572kB writepending:368kB zspages:572kB present:3129332kB managed:2537248kB mlocked:36kB bounce:0kB free_pcp:31184kB local_pcp:31184kB free_cma:0kB [ 457.118312][T11135] lowmem_reserve[]: 0 0 1 1 1 [ 457.133047][T11182] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1034'. [ 457.188491][T11135] Node 0 Normal free:4kB boost:0kB min:12kB low:12kB high:12kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:1096kB mlocked:0kB bounce:0kB free_pcp:12kB local_pcp:12kB free_cma:0kB [ 457.575277][T11135] lowmem_reserve[]: 0 0 0 0 0 [ 457.642956][T11135] Node 1 Normal free:3890124kB boost:0kB min:55828kB low:69784kB high:83740kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:308kB unevictable:1536kB writepending:0kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:57348kB local_pcp:57348kB free_cma:0kB [ 457.894956][T11223] ubi0: attaching mtd0 [ 457.929097][T11223] ubi0 error: ubi_add_to_av: two LEBs with same sequence number 1 [ 457.954106][T11131] Process accounting resumed [ 457.985591][T11223] eraseblock attaching information dump: [ 457.995938][T11135] lowmem_reserve[]: 0 0 0 0 0 [ 458.020857][T11135] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (UM) = 15360kB [ 458.034738][T11223] ec 1 [ 458.057517][T11223] pnum 0 [ 458.076768][T11223] lnum 0 [ 458.083364][T11135] Node 0 DMA32: 73*4kB (UME) 1372*8kB (UE) 1278*16kB (UE) 625*32kB (UE) 642*64kB (UME) 517*128kB (UE) 460*256kB (UME) 463*512kB (UME) 278*1024kB (UME) 108*2048kB (UM) 31*4096kB (UM) = 1146628kB [ 458.110353][T11223] scrub 0 [ 458.120621][T11223] sqnum 1 [ 458.144612][T11226] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1040'. [ 458.159930][T11223] Volume identifier header dump: [ 458.183273][T11223] magic 55424921 [ 458.187543][T11135] Node 0 Normal: 1*4kB (U) 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 4kB [ 458.201936][T11229] netlink: 'syz.1.1040': attribute type 2 has an invalid length. [ 458.216837][T11223] version 1 [ 458.232845][T11223] vol_type 1 [ 458.245610][T11229] netlink: 'syz.1.1040': attribute type 3 has an invalid length. [ 458.266853][T11135] Node 1 Normal: 2*4kB (UM) 0*8kB 2*16kB (UM) 1*32kB (M) 2*64kB (UM) 2*128kB (UM) 1*256kB (M) 1*512kB (U) 2*1024kB (UM) 2*2048kB (UM) 948*4096kB (UM) = 3890376kB [ 458.283309][T11223] copy_flag 0 [ 458.298646][T11229] netlink: 51465 bytes leftover after parsing attributes in process `syz.1.1040'. [ 458.310917][T11223] compat 5 [ 458.330648][T11223] vol_id 2147479551 [ 458.381909][T11135] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 458.402918][T11223] lnum 0 [ 458.450009][T11223] data_size 0 [ 458.488464][T11135] Node 0 hugepages_total=2 hugepages_free=1 hugepages_surp=0 hugepages_size=2048kB [ 458.524056][T11223] used_ebs 0 [ 458.591603][T11223] data_pad 0 [ 458.601317][T11135] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 458.642084][T11223] sqnum 1 [ 458.704431][T11135] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 458.714042][T11223] hdr_crc 65b3bd2d [ 458.772155][T11223] Volume identifier header hexdump: [ 458.786721][T11135] 103480 total pagecache pages [ 458.837665][T11135] 8 pages in swap cache [ 458.869814][T11135] Free swap = 124808kB [ 458.901372][T11135] Total swap = 124996kB [ 458.929461][T11135] 2097051 pages RAM [ 458.962170][T11135] 0 pages HighMem/MovableOnly [ 458.999549][T11135] 430850 pages reserved [ 459.038512][T11135] 0 pages cma reserved [ 459.420568][T11223] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 460.324734][T11252] netlink: 'syz.1.1046': attribute type 1 has an invalid length. [ 460.391596][T11252] netlink: 9 bytes leftover after parsing attributes in process `syz.1.1046'. [ 460.937453][T11264] [ 464.326248][T11284] Process accounting paused [ 464.803961][T11305] FAULT_INJECTION: forcing a failure. [ 464.803961][T11305] name failslab, interval 1, probability 0, space 0, times 0 [ 464.952545][T11305] CPU: 0 UID: 0 PID: 11305 Comm: syz.0.1057 Tainted: G L syzkaller #0 PREEMPT(full) [ 464.952572][T11305] Tainted: [L]=SOFTLOCKUP [ 464.952578][T11305] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 464.952587][T11305] Call Trace: [ 464.952593][T11305] [ 464.952599][T11305] dump_stack_lvl+0x100/0x190 [ 464.952621][T11305] should_fail_ex.cold+0x5/0xa [ 464.952642][T11305] should_failslab+0xc2/0x120 [ 464.952660][T11305] __kmalloc_cache_noprof+0x7a/0x6f0 [ 464.952681][T11305] ? mpi_alloc+0x46/0x230 [ 464.952697][T11305] ? sg_miter_next.part.0+0x220/0x4b0 [ 464.952720][T11305] mpi_alloc+0x46/0x230 [ 464.952736][T11305] mpi_read_raw_from_sgl+0x251/0x620 [ 464.952762][T11305] ? __pfx_mpi_read_raw_from_sgl+0x10/0x10 [ 464.952793][T11305] ? kasan_save_track+0x14/0x30 [ 464.952808][T11305] ? __kasan_kmalloc+0xaa/0xb0 [ 464.952825][T11305] rsa_enc+0x15d/0x3b0 [ 464.952840][T11305] ? __pfx_rsa_enc+0x10/0x10 [ 464.952854][T11305] ? __virt_addr_valid+0x239/0x430 [ 464.952877][T11305] ? sg_init_one+0xf5/0x1b0 [ 464.952899][T11305] rsassa_pkcs1_verify+0x4eb/0xc20 [ 464.952923][T11305] ? __pfx_rsassa_pkcs1_verify+0x10/0x10 [ 464.952949][T11305] ? rsa_max_size+0xd/0x70 [ 464.952961][T11305] ? rsassa_pkcs1_set_pub_key+0x17d/0x1f0 [ 464.952981][T11305] public_key_verify_signature+0x5ee/0x910 [ 464.953000][T11305] ? __pfx_public_key_verify_signature+0x10/0x10 [ 464.953025][T11305] ? __kmalloc_noprof+0x320/0x850 [ 464.953044][T11305] x509_check_for_self_signed+0x325/0x510 [ 464.953065][T11305] x509_cert_parse+0x60c/0x910 [ 464.953080][T11305] ? kasan_save_stack+0x3f/0x50 [ 464.953094][T11305] ? kasan_save_stack+0x30/0x50 [ 464.953107][T11305] ? kasan_save_track+0x14/0x30 [ 464.953130][T11305] pkcs7_extract_cert+0xa4/0x380 [ 464.953152][T11305] asn1_ber_decoder+0x12b3/0x2170 [ 464.953182][T11305] ? __pfx_asn1_ber_decoder+0x10/0x10 [ 464.953216][T11305] pkcs7_parse_message+0x289/0x870 [ 464.953238][T11305] verify_pkcs7_signature+0x30/0xa0 [ 464.953256][T11305] valid_regdb+0x211/0x590 [ 464.953278][T11305] ? __pfx_valid_regdb+0x10/0x10 [ 464.953301][T11305] reg_reload_regdb+0x11a/0x460 [ 464.953323][T11305] ? __pfx_reg_reload_regdb+0x10/0x10 [ 464.953346][T11305] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 464.953362][T11305] ? nl80211_pre_doit+0x19a/0xae0 [ 464.953381][T11305] genl_family_rcv_msg_doit+0x214/0x300 [ 464.953399][T11305] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 464.953415][T11305] ? genl_get_cmd+0x3e7/0x760 [ 464.953434][T11305] ? bpf_lsm_capable+0x9/0x10 [ 464.953451][T11305] ? security_capable+0x80/0x260 [ 464.953477][T11305] genl_rcv_msg+0x560/0x800 [ 464.953495][T11305] ? __pfx_genl_rcv_msg+0x10/0x10 [ 464.953511][T11305] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 464.953526][T11305] ? __pfx_nl80211_reload_regdb+0x10/0x10 [ 464.953545][T11305] ? __pfx_nl80211_post_doit+0x10/0x10 [ 464.953568][T11305] netlink_rcv_skb+0x159/0x420 [ 464.953590][T11305] ? __pfx_genl_rcv_msg+0x10/0x10 [ 464.953607][T11305] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 464.953637][T11305] ? netlink_deliver_tap+0x1ae/0xcc0 [ 464.953661][T11305] genl_rcv+0x28/0x40 [ 464.953674][T11305] netlink_unicast+0x585/0x850 [ 464.953699][T11305] ? __pfx_netlink_unicast+0x10/0x10 [ 464.953727][T11305] netlink_sendmsg+0x8b0/0xda0 [ 464.953752][T11305] ? __pfx_netlink_sendmsg+0x10/0x10 [ 464.953773][T11305] ? __import_iovec+0x1d2/0x640 [ 464.953791][T11305] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 464.953817][T11305] ____sys_sendmsg+0x9e1/0xb70 [ 464.953839][T11305] ? __pfx_netlink_sendmsg+0x10/0x10 [ 464.953863][T11305] ? __pfx_____sys_sendmsg+0x10/0x10 [ 464.953888][T11305] ? __pfx_futex_wake_mark+0x10/0x10 [ 464.953911][T11305] ___sys_sendmsg+0x190/0x1e0 [ 464.953927][T11305] ? __pfx____sys_sendmsg+0x10/0x10 [ 464.953968][T11305] __sys_sendmsg+0x170/0x220 [ 464.953987][T11305] ? __pfx___sys_sendmsg+0x10/0x10 [ 464.954005][T11305] ? __x64_sys_futex+0x34f/0x4d0 [ 464.954030][T11305] ? rcu_is_watching+0x12/0xc0 [ 464.954052][T11305] do_syscall_64+0x10b/0x830 [ 464.954066][T11305] ? clear_bhb_loop+0x40/0x90 [ 464.954085][T11305] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 464.954101][T11305] RIP: 0033:0x7f41f039ce59 [ 464.954114][T11305] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 464.954137][T11305] RSP: 002b:00007f41f1298028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 464.954153][T11305] RAX: ffffffffffffffda RBX: 00007f41f0616090 RCX: 00007f41f039ce59 [ 464.954163][T11305] RDX: 0000000000008000 RSI: 0000200000000200 RDI: 0000000000000007 [ 464.954173][T11305] RBP: 00007f41f0432d6f R08: 0000000000000000 R09: 0000000000000000 [ 464.954182][T11305] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 464.954191][T11305] R13: 00007f41f0616128 R14: 00007f41f0616090 R15: 00007fff1bdc58a8 [ 464.954211][T11305] [ 466.560044][ T3368] [drm:drm_crtc_add_crc_entry] *ERROR* Overflow of CRC buffer, userspace reads too slow. [ 470.674508][T11376] zswap: compressor 000 not available [ 470.693080][ T5640] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 471.643579][T11393] program syz.0.1075 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 472.206219][T11401] netlink: 13 bytes leftover after parsing attributes in process `syz.1.1076'. [ 472.237346][T11403] netlink: zone id is out of range [ 472.255379][T11403] netlink: zone id is out of range [ 472.359810][T11403] netlink: set zone limit has 8 unknown bytes [ 472.381281][T11394] ubi0: attaching mtd0 [ 472.403121][T11394] ubi0 error: ubi_add_to_av: two LEBs with same sequence number 1 [ 472.441994][T11394] eraseblock attaching information dump: [ 472.474612][T11394] ec 1 [ 472.492810][T11394] pnum 0 [ 472.511755][T11394] lnum 0 [ 472.529626][T11394] scrub 0 [ 472.545729][T11394] sqnum 1 [ 472.566350][T11394] Volume identifier header dump: [ 472.603417][T11394] magic 55424921 [ 472.659391][T11394] version 1 [ 472.697372][T11394] vol_type 1 [ 472.719028][T11394] copy_flag 0 [ 472.771296][T11394] compat 5 [ 472.819017][T11394] vol_id 2147479551 [ 472.862953][T11394] lnum 0 [ 472.909507][T11394] data_size 0 [ 472.960296][T11394] used_ebs 0 [ 473.030057][T11394] data_pad 0 [ 473.090357][T11394] sqnum 1 [ 473.133365][T11394] hdr_crc 65b3bd2d [ 473.207432][T11394] Volume identifier header hexdump: [ 473.493136][T11394] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 474.592686][T11445] kafs: addr_prefs: Invalid Command [ 474.964384][T11447] usb usb21: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 477.387781][T11476] can0: slcan on ttyS2. [ 477.518047][T11476] can0 (unregistered): slcan off ttyS2. [ 478.155063][T11488] random: crng reseeded on system resumption [ 479.849434][T11533] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1099'. [ 480.876342][T11552] debugfs: '11!phy1!netdev:wlan1!rc_rateidx_mcs_mask' already exists in 'ieee80211' [ 481.195216][T11555] sysfs: cannot create duplicate filename '/class/ieee80211/11!phy1!netdev:wlan1!rc_rateidx_mcs_mask' [ 481.243845][T11555] CPU: 0 UID: 0 PID: 11555 Comm: syz.2.1102 Tainted: G L syzkaller #0 PREEMPT(full) [ 481.243873][T11555] Tainted: [L]=SOFTLOCKUP [ 481.243879][T11555] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 481.243888][T11555] Call Trace: [ 481.243894][T11555] [ 481.243900][T11555] dump_stack_lvl+0x100/0x190 [ 481.243923][T11555] sysfs_warn_dup.cold+0x1c/0x28 [ 481.243946][T11555] sysfs_do_create_link_sd+0x113/0x140 [ 481.243966][T11555] sysfs_create_link+0x61/0xc0 [ 481.243983][T11555] device_add+0x675/0x1950 [ 481.244006][T11555] ? __pfx_device_add+0x10/0x10 [ 481.244026][T11555] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 481.244052][T11555] ? ieee80211_set_bitrate_flags+0x41b/0x6b0 [ 481.244074][T11555] wiphy_register+0x1edd/0x2d90 [ 481.244095][T11555] ? __rtnl_unlock+0xb9/0xf0 [ 481.244123][T11555] ? __pfx_wiphy_register+0x10/0x10 [ 481.244144][T11555] ? __asan_memset+0x23/0x50 [ 481.244167][T11555] ? minstrel_ht_alloc+0x5e6/0x7f0 [ 481.244192][T11555] ieee80211_register_hw+0x3055/0x4570 [ 481.244218][T11555] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 481.244234][T11555] ? __pfx___debug_object_init+0x10/0x10 [ 481.244253][T11555] ? find_held_lock+0x2b/0x80 [ 481.244274][T11555] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 481.244295][T11555] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 481.244317][T11555] ? __hrtimer_setup+0x208/0x330 [ 481.244336][T11555] mac80211_hwsim_new_radio+0x2a01/0x5aa0 [ 481.244367][T11555] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 481.244388][T11555] ? __asan_memcpy+0x3c/0x60 [ 481.244412][T11555] hwsim_new_radio_nl+0xc5f/0x1370 [ 481.244430][T11555] ? rcu_is_watching+0x12/0xc0 [ 481.244449][T11555] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 481.244472][T11555] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1e5/0x2f0 [ 481.244490][T11555] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1ef/0x2f0 [ 481.244511][T11555] genl_family_rcv_msg_doit+0x214/0x300 [ 481.244534][T11555] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 481.244551][T11555] ? genl_get_cmd+0x3e7/0x760 [ 481.244571][T11555] ? bpf_lsm_capable+0x9/0x10 [ 481.244589][T11555] ? security_capable+0x80/0x260 [ 481.244613][T11555] ? ns_capable+0xd2/0xf0 [ 481.244633][T11555] genl_rcv_msg+0x560/0x800 [ 481.244651][T11555] ? __pfx_genl_rcv_msg+0x10/0x10 [ 481.244667][T11555] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 481.244692][T11555] netlink_rcv_skb+0x159/0x420 [ 481.244715][T11555] ? __pfx_genl_rcv_msg+0x10/0x10 [ 481.244732][T11555] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 481.244762][T11555] ? netlink_deliver_tap+0x1ae/0xcc0 [ 481.244786][T11555] genl_rcv+0x28/0x40 [ 481.244799][T11555] netlink_unicast+0x585/0x850 [ 481.244825][T11555] ? __pfx_netlink_unicast+0x10/0x10 [ 481.244852][T11555] netlink_sendmsg+0x8b0/0xda0 [ 481.244878][T11555] ? __pfx_netlink_sendmsg+0x10/0x10 [ 481.244899][T11555] ? __import_iovec+0x1d2/0x640 [ 481.244918][T11555] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 481.244945][T11555] ____sys_sendmsg+0x9e1/0xb70 [ 481.244966][T11555] ? __pfx_netlink_sendmsg+0x10/0x10 [ 481.244990][T11555] ? __pfx_____sys_sendmsg+0x10/0x10 [ 481.245015][T11555] ? rcu_is_watching+0x12/0xc0 [ 481.245031][T11555] ? ___sys_sendmsg+0x19d/0x1e0 [ 481.245044][T11555] ? kfree+0x1dd/0x6c0 [ 481.245068][T11555] ___sys_sendmsg+0x190/0x1e0 [ 481.245083][T11555] ? __pfx____sys_sendmsg+0x10/0x10 [ 481.245116][T11555] ? __pfx___might_resched+0x10/0x10 [ 481.245137][T11555] __sys_sendmmsg+0x205/0x430 [ 481.245158][T11555] ? __pfx___sys_sendmmsg+0x10/0x10 [ 481.245193][T11555] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 481.245218][T11555] ? kcov_ioctl+0x16a/0x720 [ 481.245241][T11555] __x64_sys_sendmmsg+0x9c/0x100 [ 481.245259][T11555] ? lockdep_hardirqs_on+0x78/0x100 [ 481.245274][T11555] do_syscall_64+0x10b/0x830 [ 481.245289][T11555] ? clear_bhb_loop+0x40/0x90 [ 481.245307][T11555] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 481.245322][T11555] RIP: 0033:0x7fa301d9ce59 [ 481.245337][T11555] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 481.245351][T11555] RSP: 002b:00007fa2fffd5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 481.245366][T11555] RAX: ffffffffffffffda RBX: 00007fa302016090 RCX: 00007fa301d9ce59 [ 481.245376][T11555] RDX: 0000000000000003 RSI: 0000200000000080 RDI: 0000000000000003 [ 481.245386][T11555] RBP: 00007fa301e32d6f R08: 0000000000000000 R09: 0000000000000000 [ 481.245395][T11555] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 481.245404][T11555] R13: 00007fa302016128 R14: 00007fa302016090 R15: 00007ffe5db9d798 [ 481.245425][T11555] syzkaller syzkaller login: [ 482.741277][T11562] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1106'. [ 482.816633][ T3302] [drm:drm_crtc_add_crc_entry] *ERROR* Overflow of CRC buffer, userspace reads too slow. [ 482.913690][T11562] geneve0: entered promiscuous mode [ 482.919033][T11562] geneve0: entered allmulticast mode [ 483.716333][T11566] FAULT_INJECTION: forcing a failure. [ 483.716333][T11566] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 483.765123][T11571] can0: slcan on pty238. [ 483.890185][T11567] can0 (unregistered): slcan off pty238. [ 483.895934][T11566] CPU: 0 UID: 0 PID: 11566 Comm: syz.1.1104 Tainted: G L syzkaller #0 PREEMPT(full) [ 483.895959][T11566] Tainted: [L]=SOFTLOCKUP [ 483.895965][T11566] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 483.895978][T11566] Call Trace: [ 483.895984][T11566] [ 483.895990][T11566] dump_stack_lvl+0x100/0x190 [ 483.896012][T11566] should_fail_ex.cold+0x5/0xa [ 483.896030][T11566] ? prepare_alloc_pages+0x16d/0x5f0 [ 483.896051][T11566] should_fail_alloc_page+0xeb/0x140 [ 483.896071][T11566] prepare_alloc_pages+0x1f0/0x5f0 [ 483.896090][T11566] ? do_raw_spin_unlock+0x145/0x1e0 [ 483.896109][T11566] __alloc_frozen_pages_noprof+0x19a/0x2bc0 [ 483.896127][T11566] ? do_raw_spin_lock+0x128/0x260 [ 483.896144][T11566] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 483.896164][T11566] ? rcu_is_watching+0x12/0xc0 [ 483.896183][T11566] ? trace_hrtimer_start+0x79/0x230 [ 483.896202][T11566] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 483.896217][T11566] ? hrtimer_start_range_ns+0x860/0x1a50 [ 483.896237][T11566] ? finish_task_switch.isra.0+0x2c6/0x1010 [ 483.896259][T11566] ? mark_held_locks+0x40/0x70 [ 483.896275][T11566] ? finish_task_switch.isra.0+0x2cb/0x1010 [ 483.896295][T11566] ? vma_is_special_huge+0x23f/0x2d0 [ 483.896313][T11566] ? __pfx_vma_is_special_huge+0x10/0x10 [ 483.896336][T11566] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 483.896360][T11566] ? policy_nodemask+0xed/0x4f0 [ 483.896380][T11566] alloc_pages_mpol+0x1fb/0x540 [ 483.896400][T11566] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 483.896420][T11566] ? __pfx___thp_vma_allowable_orders+0x10/0x10 [ 483.896442][T11566] alloc_pages_noprof+0x1a/0x160 [ 483.896462][T11566] __pmd_alloc+0x3b/0x950 [ 483.896483][T11566] __handle_mm_fault+0xa9c/0x2a00 [ 483.896508][T11566] ? mt_find+0x45e/0x8e0 [ 483.896524][T11566] ? __pfx___handle_mm_fault+0x10/0x10 [ 483.896544][T11566] ? __pfx_mt_find+0x10/0x10 [ 483.896570][T11566] ? find_vma+0xbf/0x140 [ 483.896585][T11566] ? __pfx_find_vma+0x10/0x10 [ 483.896603][T11566] handle_mm_fault+0x36d/0xa20 [ 483.896629][T11566] do_user_addr_fault+0x74c/0x12f0 [ 483.896651][T11566] ? trace_page_fault_kernel+0x7a/0x200 [ 483.896670][T11566] exc_page_fault+0x6f/0xd0 [ 483.896694][T11566] asm_exc_page_fault+0x26/0x30 [ 483.896709][T11566] RIP: 0010:rep_movs_alternative+0x30/0x90 [ 483.896728][T11566] Code: 83 f9 08 73 25 85 c9 74 0f 8a 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 e9 4d 9b 04 00 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 <48> 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 [ 483.896743][T11566] RSP: 0018:ffffc900015e7da8 EFLAGS: 00050202 [ 483.896755][T11566] RAX: 0000000000000001 RBX: 0000000000000000 RCX: 0000000000000018 [ 483.896764][T11566] RDX: 0000000000000001 RSI: 0000000000000000 RDI: ffffc900015e7e78 [ 483.896773][T11566] RBP: 0000000000000018 R08: 0000000000000001 R09: fffff520002bcfd1 [ 483.896782][T11566] R10: ffffc900015e7e8f R11: 0000000000000000 R12: 0000000000000000 [ 483.896791][T11566] R13: ffffc900015e7e78 R14: 0000000000000000 R15: 000000000000007e [ 483.896810][T11566] _copy_from_user+0x98/0xd0 [ 483.896828][T11566] __do_sys_capset+0x1ec/0x460 [ 483.896846][T11566] ? __pfx___do_sys_capset+0x10/0x10 [ 483.896866][T11566] ? __x64_sys_futex+0x358/0x4d0 [ 483.896890][T11566] ? rcu_is_watching+0x12/0xc0 [ 483.896910][T11566] do_syscall_64+0x10b/0x830 [ 483.896924][T11566] ? clear_bhb_loop+0x40/0x90 [ 483.896941][T11566] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 483.896956][T11566] RIP: 0033:0x7f7972b9ce59 [ 483.896969][T11566] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 483.896983][T11566] RSP: 002b:00007f7970dcd028 EFLAGS: 00000246 ORIG_RAX: 000000000000007e [ 483.896996][T11566] RAX: ffffffffffffffda RBX: 00007f7972e16090 RCX: 00007f7972b9ce59 [ 483.897006][T11566] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000100 [ 483.897014][T11566] RBP: 00007f7972c32d6f R08: 0000000000000000 R09: 0000000000000000 [ 483.897023][T11566] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 483.897032][T11566] R13: 00007f7972e16128 R14: 00007f7972e16090 R15: 00007ffde98ef098 [ 483.897051][T11566] [ 484.496567][T11563] Process accounting resumed [ 484.836073][T11595] ima: policy update failed [ 484.928587][ T30] audit: type=1802 audit(4294969527.234:5): pid=11595 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.3.1110" res=0 errno=0 [ 486.675866][T11591] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 487.589739][T11643] futex_wake_op: syz.1.1125 tries to shift op by -2048; fix this program [ 487.703557][T11643] futex_wake_op: syz.1.1125 tries to shift op by -2048; fix this program [ 488.515248][T11630] Process accounting paused [ 489.135685][T11659] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1120'. [ 489.707665][ T5640] Bluetooth: hci2: unexpected event for opcode 0x7c89 [ 494.521089][T11736] debugfs: '11!phy1!netdev:wlan1!rc_rateidx_mcs_mask' already exists in 'ieee80211' [ 494.774623][T11741] sysfs: cannot create duplicate filename '/class/ieee80211/11!phy1!netdev:wlan1!rc_rateidx_mcs_mask' [ 494.928107][T11741] CPU: 0 UID: 0 PID: 11741 Comm: syz.0.1134 Tainted: G L syzkaller #0 PREEMPT(full) [ 494.928135][T11741] Tainted: [L]=SOFTLOCKUP [ 494.928140][T11741] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 494.928150][T11741] Call Trace: [ 494.928155][T11741] [ 494.928161][T11741] dump_stack_lvl+0x100/0x190 [ 494.928184][T11741] sysfs_warn_dup.cold+0x1c/0x28 [ 494.928206][T11741] sysfs_do_create_link_sd+0x113/0x140 [ 494.928226][T11741] sysfs_create_link+0x61/0xc0 [ 494.928243][T11741] device_add+0x675/0x1950 [ 494.928267][T11741] ? __pfx_device_add+0x10/0x10 [ 494.928286][T11741] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 494.928316][T11741] ? ieee80211_set_bitrate_flags+0x41b/0x6b0 [ 494.928339][T11741] wiphy_register+0x1edd/0x2d90 [ 494.928361][T11741] ? __rtnl_unlock+0xb9/0xf0 [ 494.928388][T11741] ? __pfx_wiphy_register+0x10/0x10 [ 494.928409][T11741] ? __asan_memset+0x23/0x50 [ 494.928432][T11741] ? minstrel_ht_alloc+0x5e6/0x7f0 [ 494.928456][T11741] ieee80211_register_hw+0x3055/0x4570 [ 494.928483][T11741] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 494.928499][T11741] ? __pfx___debug_object_init+0x10/0x10 [ 494.928518][T11741] ? find_held_lock+0x2b/0x80 [ 494.928539][T11741] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 494.928563][T11741] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 494.928586][T11741] ? __hrtimer_setup+0x208/0x330 [ 494.928604][T11741] mac80211_hwsim_new_radio+0x2a01/0x5aa0 [ 494.928637][T11741] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 494.928658][T11741] ? __asan_memcpy+0x3c/0x60 [ 494.928682][T11741] hwsim_new_radio_nl+0xc5f/0x1370 [ 494.928700][T11741] ? rcu_is_watching+0x12/0xc0 [ 494.928719][T11741] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 494.928743][T11741] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1e5/0x2f0 [ 494.928760][T11741] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1ef/0x2f0 [ 494.928781][T11741] genl_family_rcv_msg_doit+0x214/0x300 [ 494.928799][T11741] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 494.928815][T11741] ? genl_get_cmd+0x3e7/0x760 [ 494.928834][T11741] ? bpf_lsm_capable+0x9/0x10 [ 494.928850][T11741] ? security_capable+0x80/0x260 [ 494.928874][T11741] ? ns_capable+0xd2/0xf0 [ 494.928894][T11741] genl_rcv_msg+0x560/0x800 [ 494.928912][T11741] ? __pfx_genl_rcv_msg+0x10/0x10 [ 494.928928][T11741] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 494.928952][T11741] netlink_rcv_skb+0x159/0x420 [ 494.928975][T11741] ? __pfx_genl_rcv_msg+0x10/0x10 [ 494.928992][T11741] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 494.929022][T11741] ? netlink_deliver_tap+0x1ae/0xcc0 [ 494.929046][T11741] genl_rcv+0x28/0x40 [ 494.929059][T11741] netlink_unicast+0x585/0x850 [ 494.929085][T11741] ? __pfx_netlink_unicast+0x10/0x10 [ 494.929113][T11741] netlink_sendmsg+0x8b0/0xda0 [ 494.929139][T11741] ? __pfx_netlink_sendmsg+0x10/0x10 [ 494.929160][T11741] ? __import_iovec+0x1d2/0x640 [ 494.929178][T11741] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 494.929205][T11741] ____sys_sendmsg+0x9e1/0xb70 [ 494.929227][T11741] ? __pfx_netlink_sendmsg+0x10/0x10 [ 494.929251][T11741] ? __pfx_____sys_sendmsg+0x10/0x10 [ 494.929276][T11741] ? rcu_is_watching+0x12/0xc0 [ 494.929293][T11741] ? ___sys_sendmsg+0x19d/0x1e0 [ 494.929311][T11741] ? kfree+0x1dd/0x6c0 [ 494.929336][T11741] ___sys_sendmsg+0x190/0x1e0 [ 494.929353][T11741] ? __pfx____sys_sendmsg+0x10/0x10 [ 494.929387][T11741] ? __pfx___might_resched+0x10/0x10 [ 494.929409][T11741] __sys_sendmmsg+0x205/0x430 [ 494.929430][T11741] ? __pfx___sys_sendmmsg+0x10/0x10 [ 494.929464][T11741] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 494.929491][T11741] ? kcov_ioctl+0x16a/0x720 [ 494.929514][T11741] __x64_sys_sendmmsg+0x9c/0x100 [ 494.929532][T11741] ? lockdep_hardirqs_on+0x78/0x100 [ 494.929548][T11741] do_syscall_64+0x10b/0x830 [ 494.929561][T11741] ? clear_bhb_loop+0x40/0x90 [ 494.929580][T11741] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 494.929595][T11741] RIP: 0033:0x7f41f039ce59 [ 494.929610][T11741] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 494.929625][T11741] RSP: 002b:00007f41f1298028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 494.929640][T11741] RAX: ffffffffffffffda RBX: 00007f41f0616090 RCX: 00007f41f039ce59 [ 494.929651][T11741] RDX: 0000000000000003 RSI: 0000200000000080 RDI: 0000000000000003 [ 494.929660][T11741] RBP: 00007f41f0432d6f R08: 0000000000000000 R09: 0000000000000000 [ 494.929669][T11741] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 494.929677][T11741] R13: 00007f41f0616128 R14: 00007f41f0616090 R15: 00007fff1bdc58a8 [ 494.929698][T11741] [ 495.878806][T11740] can0: slcan on ttyS2. syzkaller[ 495.939264][T11740] can0 (unregistered): slcan off ttyS2. syzkaller login: [ 496.597379][T11737] Process accounting resumed [ 497.061458][T11762] usb usb21: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 498.774109][T11754] kexec: Could not allocate control_code_buffer [ 499.076016][T11782] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1140'. [ 500.109827][T11829] input: jJǸ-9%vJ86 as /devices/virtual/input/input11 [ 500.206951][ T12] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 501.589760][ T1312] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.596189][ T1312] ieee802154 phy1 wpan1: encryption failed: -22 [ 502.186529][ T12] EXT4-fs error (device sda1): ext4_validate_block_bitmap:423: comm kworker/u8:0: bg 2: bad block bitmap checksum [ 502.255623][ T12] EXT4-fs (sda1): Delayed block allocation failed for inode 2035 at logical offset 1341 with max blocks 27 with error 74 [ 502.344662][ T12] EXT4-fs (sda1): This should not happen!! Data will be lost [ 502.344662][ T12] [ 502.446298][ T12] EXT4-fs (sda1): Delayed block allocation failed for inode 2035 at logical offset 1333 with max blocks 8 with error 117 [ 502.526453][ T12] EXT4-fs (sda1): This should not happen!! Data will be lost [ 502.526453][ T12] [ 502.575188][ T12] EXT4-fs (sda1): Delayed block allocation failed for inode 2035 at logical offset 1329 with max blocks 4 with error 117 [ 502.640091][ T12] EXT4-fs (sda1): This should not happen!! Data will be lost [ 502.640091][ T12] [ 503.594941][T11885] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1159'. [ 503.782944][T11887] FAULT_INJECTION: forcing a failure. [ 503.782944][T11887] name failslab, interval 1, probability 0, space 0, times 0 [ 503.830865][ T5640] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 503.932737][T11887] CPU: 0 UID: 0 PID: 11887 Comm: syz.2.1159 Tainted: G L syzkaller #0 PREEMPT(full) [ 503.932763][T11887] Tainted: [L]=SOFTLOCKUP [ 503.932769][T11887] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 503.932778][T11887] Call Trace: [ 503.932784][T11887] [ 503.932791][T11887] dump_stack_lvl+0x100/0x190 [ 503.932812][T11887] should_fail_ex.cold+0x5/0xa [ 503.932833][T11887] should_failslab+0xc2/0x120 [ 503.932851][T11887] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 503.932867][T11887] ? alloc_inode+0x68/0x250 [ 503.932881][T11887] ? simple_start_creating+0xb0/0x110 [ 503.932900][T11887] ? __pfx_debugfs_alloc_inode+0x10/0x10 [ 503.932925][T11887] alloc_inode+0x68/0x250 [ 503.932939][T11887] new_inode+0x22/0x1c0 [ 503.932954][T11887] __debugfs_create_file+0x105/0x4f0 [ 503.932980][T11887] debugfs_create_file_full+0x41/0x60 [ 503.933006][T11887] ref_tracker_dir_debugfs+0x19e/0x2e0 [ 503.933026][T11887] ? __pfx_ref_tracker_dir_debugfs+0x10/0x10 [ 503.933045][T11887] ? ida_alloc_range+0x70d/0x830 [ 503.933076][T11887] ? lockdep_init_map_type+0x5c/0x250 [ 503.933095][T11887] preinit_net.part.0+0x252/0x920 [ 503.933117][T11887] copy_net_ns+0x339/0x7c0 [ 503.933139][T11887] create_new_namespaces+0x3ea/0xac0 [ 503.933164][T11887] unshare_nsproxy_namespaces+0xf2/0x220 [ 503.933186][T11887] ksys_unshare+0x438/0xab0 [ 503.933209][T11887] ? __pfx_ksys_unshare+0x10/0x10 [ 503.933229][T11887] ? xfd_validate_state+0x129/0x190 [ 503.933244][T11887] ? ksys_write+0x1ac/0x250 [ 503.933267][T11887] __x64_sys_unshare+0x31/0x40 [ 503.933288][T11887] do_syscall_64+0x10b/0x830 [ 503.933301][T11887] ? clear_bhb_loop+0x40/0x90 [ 503.933319][T11887] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 503.933335][T11887] RIP: 0033:0x7fa301d9ce59 [ 503.933348][T11887] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 503.933362][T11887] RSP: 002b:00007fa2fffb4028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 503.933378][T11887] RAX: ffffffffffffffda RBX: 00007fa302016180 RCX: 00007fa301d9ce59 [ 503.933395][T11887] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 503.933404][T11887] RBP: 00007fa301e32d6f R08: 0000000000000000 R09: 0000000000000000 [ 503.933414][T11887] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 503.933422][T11887] R13: 00007fa302016218 R14: 00007fa302016180 R15: 00007ffe5db9d798 [ 503.933443][T11887] [ 503.933450][T11887] debugfs: out of free dentries, can not create file 'net_refcnt@ffff8880371a0280' [ 504.300374][ T12] EXT4-fs (sda1): Delayed block allocation failed for inode 2035 at logical offset 1329 with max blocks 1 with error 117 [ 504.339663][ T12] EXT4-fs (sda1): This should not happen!! Data will be lost [ 504.339663][ T12] [ 504.593667][ T5640] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 504.653088][T11904] futex_wake_op: syz.0.1160 tries to shift op by -2048; fix this program [ 504.745701][T11904] futex_wake_op: syz.0.1160 tries to shift op by -2048; fix this program [ 507.270122][T11930] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1167'. [ 507.413502][T11936] hub 1-0:1.0: USB hub found [ 507.466711][T11936] hub 1-0:1.0: 1 port detected [ 507.859884][T11949] netlink: 13 bytes leftover after parsing attributes in process `syz.3.1173'. [ 509.664507][T11992] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1180'. [ 510.941914][T12010] netlink: 13 bytes leftover after parsing attributes in process `syz.0.1184'. [ 511.582693][ T5730] Process accounting resumed [ 513.072002][ T50] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 513.079684][ T50] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection [ 513.219616][T12032] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1190'. [ 513.282259][T12045] futex_wake_op: syz.0.1192 tries to shift op by -2048; fix this program [ 513.356326][T12045] futex_wake_op: syz.0.1192 tries to shift op by -2048; fix this program [ 515.286464][T12077] netlink: 25 bytes leftover after parsing attributes in process `syz.2.1198'. [ 516.208532][T12066] Process accounting paused [ 516.575515][T12089] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1199'. [ 518.096492][T12101] kexec: Could not allocate control_code_buffer [ 518.178856][T12124] netlink: 'syz.2.1207': attribute type 1 has an invalid length. [ 518.220712][T12124] netlink: 9 bytes leftover after parsing attributes in process `syz.2.1207'. [ 519.254706][T12138] ima: policy update failed [ 519.279892][ T30] audit: type=1802 audit(4294969567.615:6): pid=12138 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.1.1211" res=0 errno=0 [ 520.391570][ T30] audit: type=1800 audit(4294969568.725:7): pid=12162 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.1216" name="lu_gp_id" dev="configfs" ino=42283 res=0 errno=0 [ 522.166431][T12191] FAULT_INJECTION: forcing a failure. [ 522.166431][T12191] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 522.223505][T12191] CPU: 0 UID: 0 PID: 12191 Comm: syz.2.1221 Tainted: G L syzkaller #0 PREEMPT(full) [ 522.223534][T12191] Tainted: [L]=SOFTLOCKUP [ 522.223539][T12191] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 522.223549][T12191] Call Trace: [ 522.223555][T12191] [ 522.223562][T12191] dump_stack_lvl+0x100/0x190 [ 522.223584][T12191] should_fail_ex.cold+0x5/0xa [ 522.223602][T12191] ? prepare_alloc_pages+0x16d/0x5f0 [ 522.223623][T12191] should_fail_alloc_page+0xeb/0x140 [ 522.223662][T12191] prepare_alloc_pages+0x1f0/0x5f0 [ 522.223685][T12191] __alloc_frozen_pages_noprof+0x19a/0x2bc0 [ 522.223707][T12191] ? __lock_acquire+0x4a5/0x2630 [ 522.223722][T12191] ? __lock_acquire+0x4a5/0x2630 [ 522.223735][T12191] ? __css_rstat_updated+0x1ce/0x5a0 [ 522.223761][T12191] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 522.223778][T12191] ? lock_acquire+0x1b1/0x370 [ 522.223792][T12191] ? find_held_lock+0x2b/0x80 [ 522.223811][T12191] ? page_table_check_set+0x477/0x920 [ 522.223833][T12191] ? page_table_check_set+0x486/0x920 [ 522.223851][T12191] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 522.223874][T12191] ? policy_nodemask+0xed/0x4f0 [ 522.223893][T12191] alloc_pages_mpol+0x1fb/0x540 [ 522.223911][T12191] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 522.223927][T12191] ? __lock_acquire+0x4a5/0x2630 [ 522.223941][T12191] ? rcu_read_unlock+0x2d/0xb0 [ 522.223959][T12191] folio_alloc_mpol_noprof+0x36/0x260 [ 522.223980][T12191] vma_alloc_folio_noprof+0xed/0x1d0 [ 522.224000][T12191] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 522.224022][T12191] ? __lock_acquire+0x4a5/0x2630 [ 522.224038][T12191] ? __pfx_filemap_map_pages+0x10/0x10 [ 522.224052][T12191] do_fault+0x1e6/0x1750 [ 522.224073][T12191] __handle_mm_fault+0x187d/0x2a00 [ 522.224097][T12191] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 522.224117][T12191] ? __pfx___handle_mm_fault+0x10/0x10 [ 522.224140][T12191] ? pte_offset_map_lock+0x174/0x320 [ 522.224157][T12191] ? find_held_lock+0x2b/0x80 [ 522.224182][T12191] ? follow_page_pte+0x4d0/0x13f0 [ 522.224204][T12191] handle_mm_fault+0x36d/0xa20 [ 522.224229][T12191] __get_user_pages+0x1178/0x32a0 [ 522.224255][T12191] ? __pfx___get_user_pages+0x10/0x10 [ 522.224279][T12191] populate_vma_page_range+0x267/0x3f0 [ 522.224300][T12191] ? __pfx_populate_vma_page_range+0x10/0x10 [ 522.224319][T12191] ? __pfx_find_vma_intersection+0x10/0x10 [ 522.224338][T12191] ? do_mmap+0x93f/0x12f0 [ 522.224357][T12191] __mm_populate+0x107/0x3a0 [ 522.224377][T12191] ? __pfx___mm_populate+0x10/0x10 [ 522.224398][T12191] ? up_write+0x28c/0x4f0 [ 522.224416][T12191] vm_mmap_pgoff+0x37f/0x470 [ 522.224437][T12191] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 522.224455][T12191] ? __fget_files+0x215/0x3d0 [ 522.224476][T12191] ? __fget_files+0x21f/0x3d0 [ 522.224497][T12191] ksys_mmap_pgoff+0x3cb/0x610 [ 522.224515][T12191] ? __x64_sys_futex+0x358/0x4d0 [ 522.224532][T12191] ? __pfx_ksys_mmap_pgoff+0x10/0x10 [ 522.224550][T12191] ? xfd_validate_state+0x129/0x190 [ 522.224564][T12191] ? ksys_read+0x1ac/0x250 [ 522.224585][T12191] __x64_sys_mmap+0x125/0x190 [ 522.224603][T12191] do_syscall_64+0x10b/0x830 [ 522.224618][T12191] ? clear_bhb_loop+0x40/0x90 [ 522.224637][T12191] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 522.224659][T12191] RIP: 0033:0x7fa301d9ce59 [ 522.224673][T12191] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 522.224691][T12191] RSP: 002b:00007fa2ffff6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 522.224706][T12191] RAX: ffffffffffffffda RBX: 00007fa302015fa0 RCX: 00007fa301d9ce59 [ 522.224716][T12191] RDX: 0000000000000ffb RSI: 0000000000810004 RDI: 0000000000000000 [ 522.224726][T12191] RBP: 00007fa301e32d6f R08: 0000000000000005 R09: 0000000000008000 [ 522.224735][T12191] R10: 0008000000008012 R11: 0000000000000246 R12: 0000000000000000 [ 522.224744][T12191] R13: 00007fa302016038 R14: 00007fa302015fa0 R15: 00007ffe5db9d798 [ 522.224765][T12191] [ 523.342967][T12201] ICMPv6: process `syz.1.1223' is using deprecated sysctl (syscall) net.ipv6.neigh.veth0_to_bridge.base_reachable_time - use net.ipv6.neigh.veth0_to_bridge.base_reachable_time_ms instead [ 525.374551][T12220] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 525.415170][T12220] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 525.460733][T12220] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 525.492553][T12220] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 525.550433][T12220] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 525.583899][T12220] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 525.628574][T12220] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 525.672030][T12220] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 526.200361][T12240] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input12 [ 527.031568][ T50] Bluetooth: hci0: command 0x0c1a tx timeout [ 527.402512][T12236] Process accounting paused [ 527.512910][ T50] Bluetooth: hci1: command 0x0c1a tx timeout [ 527.591654][ T50] Bluetooth: hci2: command 0x0c1a tx timeout [ 527.671503][ T50] Bluetooth: hci3: command 0x0c1a tx timeout [ 529.092959][T12281] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1239'. [ 529.112226][ T50] Bluetooth: hci0: command 0x0c1a tx timeout [ 529.423234][T12284] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input13 [ 529.592048][ T50] Bluetooth: hci1: command 0x0c1a tx timeout [ 529.671477][ T50] Bluetooth: hci2: command 0x0c1a tx timeout [ 529.751931][ T50] Bluetooth: hci3: command 0x0c1a tx timeout [ 531.071676][T12298] zswap: compressor 000 not available [ 532.115509][T12326] netlink: 25 bytes leftover after parsing attributes in process `syz.0.1250'. [ 532.652671][T12335] FAULT_INJECTION: forcing a failure. [ 532.652671][T12335] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 532.748111][T12339] netlink: 'syz.2.1253': attribute type 1 has an invalid length. [ 532.796064][T12339] netlink: 9 bytes leftover after parsing attributes in process `syz.2.1253'. [ 532.823045][T12335] CPU: 0 UID: 0 PID: 12335 Comm: syz.1.1252 Tainted: G L syzkaller #0 PREEMPT(full) [ 532.823073][T12335] Tainted: [L]=SOFTLOCKUP [ 532.823078][T12335] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 532.823089][T12335] Call Trace: [ 532.823094][T12335] [ 532.823100][T12335] dump_stack_lvl+0x100/0x190 [ 532.823122][T12335] should_fail_ex.cold+0x5/0xa [ 532.823142][T12335] _copy_to_user+0x32/0xd0 [ 532.823161][T12335] io_uring_setup.cold+0x14ba/0x1c6e [ 532.823188][T12335] ? __pfx_io_uring_setup+0x10/0x10 [ 532.823211][T12335] ? __pfx_do_futex+0x10/0x10 [ 532.823236][T12335] ? xfd_validate_state+0x129/0x190 [ 532.823251][T12335] ? exit_to_user_mode_loop+0xe2/0x4f0 [ 532.823272][T12335] __x64_sys_io_uring_setup+0xc2/0x170 [ 532.823292][T12335] do_syscall_64+0x10b/0x830 [ 532.823306][T12335] ? clear_bhb_loop+0x40/0x90 [ 532.823323][T12335] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 532.823338][T12335] RIP: 0033:0x7f7972b9ce59 [ 532.823351][T12335] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 532.823366][T12335] RSP: 002b:00007f7970dcd028 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 532.823381][T12335] RAX: ffffffffffffffda RBX: 00007f7972e16090 RCX: 00007f7972b9ce59 [ 532.823391][T12335] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006 [ 532.823400][T12335] RBP: 00007f7972c32d6f R08: 0000000000000000 R09: 0000000000000000 [ 532.823408][T12335] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 532.823417][T12335] R13: 00007f7972e16128 R14: 00007f7972e16090 R15: 00007ffde98ef098 [ 532.823437][T12335] [ 534.554770][T12356] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input14 [ 535.349514][T12373] futex_wake_op: syz.0.1261 tries to shift op by -2048; fix this program [ 535.466318][T12373] futex_wake_op: syz.0.1261 tries to shift op by -2048; fix this program [ 536.576756][ T50] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18 [ 538.470941][T12418] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input15 [ 538.633581][ T5640] Bluetooth: hci2: command 0x0c1a tx timeout [ 539.572228][T12424] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 539.572367][T12424] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 539.633432][T12424] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 539.633585][T12424] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 541.277382][T12466] netlink: 342 bytes leftover after parsing attributes in process `syz.1.1278'. [ 541.439593][ T5640] Bluetooth: hci0: command 0x0c1a tx timeout [ 541.591502][ T5640] Bluetooth: hci1: command 0x0c1a tx timeout [ 541.673059][ T5640] Bluetooth: hci3: command 0x0c1a tx timeout [ 541.679727][ T50] Bluetooth: hci2: command 0x0c1a tx timeout [ 543.730242][T12488] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 543.731307][T12488] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 543.732126][T12488] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 543.732477][T12488] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 545.432835][ T50] Bluetooth: hci0: command 0x0c1a tx timeout [ 545.751541][ T50] Bluetooth: hci3: command 0x0c1a tx timeout [ 545.757717][ T5640] Bluetooth: hci2: command 0x0c1a tx timeout [ 545.763894][ T5640] Bluetooth: hci1: command 0x0c1a tx timeout [ 546.475460][T12551] netlink: 342 bytes leftover after parsing attributes in process `syz.2.1301'. [ 546.608861][T12550] Process accounting resumed [ 546.690909][T12558] random: crng reseeded on system resumption [ 547.381685][T12575] usb usb37: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 547.459776][T12575] vhci_hcd vhci_hcd.2: default hub control req: 0000 v0000 i0000 l0 [ 548.236491][T12592] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1311'. [ 548.286932][T12592] netlink: 'syz.2.1311': attribute type 1 has an invalid length. [ 548.356524][T12592] netlink: 51465 bytes leftover after parsing attributes in process `syz.2.1311'. [ 548.659623][T12600] netlink: 342 bytes leftover after parsing attributes in process `syz.3.1312'. [ 548.698760][T12605] syz.0.1313(12605): Attempt to set a LOCK_MAND lock via flock(2). This support has been removed and the request ignored. [ 548.782305][T12608] capability: warning: `syz.1.1320' uses deprecated v2 capabilities in a way that may be insecure [ 548.971919][T12612] netlink: 'syz.1.1320': attribute type 1 has an invalid length. [ 549.020529][T12609] can0: slcan on ttyS2. [ 549.053174][T12608] syz.1.1320 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 549.360616][T12617] can0 (unregistered): slcan off ttyS2. [ 549.635750][T12615] can0: slcan on ttyS2. [ 549.771056][T12624] random: crng reseeded on system resumption [ 550.312058][T12614] can0 (unregistered): slcan off ttyS2. [ 553.150865][ T808] ACPI Error: Could not disable RealTimeClock events (20251212/evxfevnt-243) [ 554.147236][T12452] ACPI Error: Could not disable RealTimeClock events (20251212/evxfevnt-243) [ 554.334644][T12706] netlink: 'syz.0.1327': attribute type 11 has an invalid length. [ 554.398145][T12706] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1327'. [ 555.139235][T12452] ACPI Error: Could not disable RealTimeClock events (20251212/evxfevnt-243) [ 555.331589][T12722] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1330'. [ 555.419753][T12723] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1330'. [ 556.107795][T12734] netlink: 'syz.0.1332': attribute type 11 has an invalid length. [ 556.135591][ T10] ACPI Error: Could not disable RealTimeClock events (20251212/evxfevnt-243) [ 556.196153][T12738] FAULT_INJECTION: forcing a failure. [ 556.196153][T12738] name failslab, interval 1, probability 0, space 0, times 0 [ 556.303862][T12738] CPU: 0 UID: 0 PID: 12738 Comm: syz.2.1333 Tainted: G L syzkaller #0 PREEMPT(full) [ 556.303893][T12738] Tainted: [L]=SOFTLOCKUP [ 556.303899][T12738] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 556.303909][T12738] Call Trace: [ 556.303915][T12738] [ 556.303921][T12738] dump_stack_lvl+0x100/0x190 [ 556.303944][T12738] should_fail_ex.cold+0x5/0xa [ 556.303964][T12738] should_failslab+0xc2/0x120 [ 556.303982][T12738] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 556.303997][T12738] ? mas_preallocate+0x1105/0x14a0 [ 556.304020][T12738] mas_preallocate+0x1105/0x14a0 [ 556.304040][T12738] ? __pfx_mas_preallocate+0x10/0x10 [ 556.304064][T12738] ? mt_find+0x45e/0x8e0 [ 556.304081][T12738] vma_link+0x14a/0x8d0 [ 556.304106][T12738] ? __pfx_vma_link+0x10/0x10 [ 556.304133][T12738] ? rcu_is_watching+0x12/0xc0 [ 556.304151][T12738] ? percpu_counter_add_batch+0xb9/0x230 [ 556.304174][T12738] insert_vm_struct+0x100/0x2e0 [ 556.304192][T12738] create_init_stack_vma+0x782/0xc10 [ 556.304211][T12738] ? __pfx_create_init_stack_vma+0x10/0x10 [ 556.304235][T12738] ? do_raw_spin_lock+0x128/0x260 [ 556.304252][T12738] ? alloc_bprm+0x3da/0x710 [ 556.304267][T12738] ? alloc_bprm+0x3da/0x710 [ 556.304286][T12738] alloc_bprm+0x405/0x710 [ 556.304303][T12738] do_execveat_common.isra.0+0x19c/0x580 [ 556.304321][T12738] ? do_getname+0x191/0x390 [ 556.304344][T12738] __x64_sys_execve+0x93/0xd0 [ 556.304362][T12738] do_syscall_64+0x10b/0x830 [ 556.304376][T12738] ? clear_bhb_loop+0x40/0x90 [ 556.304394][T12738] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 556.304416][T12738] RIP: 0033:0x7fa301d9ce59 [ 556.304430][T12738] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 556.304446][T12738] RSP: 002b:00007fa2fffd5028 EFLAGS: 00000246 ORIG_RAX: 000000000000003b [ 556.304461][T12738] RAX: ffffffffffffffda RBX: 00007fa302016090 RCX: 00007fa301d9ce59 [ 556.304472][T12738] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000080 [ 556.304481][T12738] RBP: 00007fa301e32d6f R08: 0000000000000000 R09: 0000000000000000 [ 556.304490][T12738] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 556.304499][T12738] R13: 00007fa302016128 R14: 00007fa302016090 R15: 00007ffe5db9d798 [ 556.304520][T12738] [ 557.129586][ T10] ACPI Error: Could not disable RealTimeClock events (20251212/evxfevnt-243) [ 557.197222][T12750] FAULT_INJECTION: forcing a failure. [ 557.197222][T12750] name failslab, interval 1, probability 0, space 0, times 0 [ 557.233186][T12750] CPU: 0 UID: 0 PID: 12750 Comm: syz.1.1337 Tainted: G L syzkaller #0 PREEMPT(full) [ 557.233213][T12750] Tainted: [L]=SOFTLOCKUP [ 557.233219][T12750] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 557.233229][T12750] Call Trace: [ 557.233236][T12750] [ 557.233243][T12750] dump_stack_lvl+0x100/0x190 [ 557.233266][T12750] should_fail_ex.cold+0x5/0xa [ 557.233287][T12750] should_failslab+0xc2/0x120 [ 557.233307][T12750] __kmalloc_cache_node_noprof+0x7d/0x770 [ 557.233324][T12750] ? __pfx_stack_trace_save+0x10/0x10 [ 557.233344][T12750] ? __get_vm_area_node+0x101/0x330 [ 557.233365][T12750] __get_vm_area_node+0x101/0x330 [ 557.233384][T12750] ? kasan_save_stack+0x3f/0x50 [ 557.233400][T12750] ? vb2_vmalloc_alloc+0x135/0x410 [ 557.233425][T12750] __vmalloc_node_range_noprof+0x228/0x1630 [ 557.233446][T12750] ? vb2_vmalloc_alloc+0x135/0x410 [ 557.233464][T12750] ? vfs_read+0x1e4/0xb30 [ 557.233479][T12750] ? ksys_read+0x12a/0x250 [ 557.233494][T12750] ? do_syscall_64+0x10b/0x830 [ 557.233508][T12750] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 557.233528][T12750] ? vb2_vmalloc_alloc+0x135/0x410 [ 557.233553][T12750] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 557.233581][T12750] ? vb2_vmalloc_alloc+0x135/0x410 [ 557.233601][T12750] vmalloc_user_noprof+0x9e/0xe0 [ 557.233621][T12750] ? vb2_vmalloc_alloc+0x135/0x410 [ 557.233641][T12750] vb2_vmalloc_alloc+0x135/0x410 [ 557.233661][T12750] ? __pfx_vb2_vmalloc_alloc+0x10/0x10 [ 557.233689][T12750] __vb2_queue_alloc+0x8d5/0x1160 [ 557.233719][T12750] vb2_core_reqbufs+0x899/0xf30 [ 557.233743][T12750] ? __pfx_vb2_core_reqbufs+0x10/0x10 [ 557.233776][T12750] __vb2_init_fileio+0x32d/0x1000 [ 557.233796][T12750] ? aa_file_perm+0x7f3/0x14d0 [ 557.233822][T12750] __vb2_perform_fileio+0x91e/0x1380 [ 557.233846][T12750] ? __pfx___vb2_perform_fileio+0x10/0x10 [ 557.233866][T12750] ? __pfx___might_resched+0x10/0x10 [ 557.233890][T12750] vb2_fop_read+0x211/0x520 [ 557.233911][T12750] v4l2_read+0x229/0x2c0 [ 557.233927][T12750] ? __pfx_v4l2_read+0x10/0x10 [ 557.233944][T12750] vfs_read+0x1e4/0xb30 [ 557.233963][T12750] ? __pfx_vfs_read+0x10/0x10 [ 557.233978][T12750] ? find_held_lock+0x2b/0x80 [ 557.233997][T12750] ? __fget_files+0x215/0x3d0 [ 557.234014][T12750] ? __fget_files+0x215/0x3d0 [ 557.234034][T12750] ? __fget_files+0x21f/0x3d0 [ 557.234057][T12750] ksys_read+0x12a/0x250 [ 557.234073][T12750] ? __pfx_ksys_read+0x10/0x10 [ 557.234091][T12750] ? rcu_is_watching+0x12/0xc0 [ 557.234112][T12750] do_syscall_64+0x10b/0x830 [ 557.234125][T12750] ? clear_bhb_loop+0x40/0x90 [ 557.234143][T12750] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 557.234158][T12750] RIP: 0033:0x7f7972b9ce59 [ 557.234172][T12750] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 557.234187][T12750] RSP: 002b:00007f7970dee028 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 557.234201][T12750] RAX: ffffffffffffffda RBX: 00007f7972e15fa0 RCX: 00007f7972b9ce59 [ 557.234212][T12750] RDX: 0000000000000028 RSI: 0000200000000280 RDI: 0000000000000004 [ 557.234221][T12750] RBP: 00007f7972c32d6f R08: 0000000000000000 R09: 0000000000000000 [ 557.234230][T12750] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 557.234239][T12750] R13: 00007f7972e16038 R14: 00007f7972e15fa0 R15: 00007ffde98ef098 [ 557.234260][T12750] [ 557.659829][T12732] Process accounting resumed [ 558.123720][T12452] ACPI Error: Could not disable RealTimeClock events (20251212/evxfevnt-243) [ 558.393463][T12750] syz.1.1337: vmalloc error: size 4096, vm_struct allocation failed, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 558.487775][T12750] CPU: 0 UID: 0 PID: 12750 Comm: syz.1.1337 Tainted: G L syzkaller #0 PREEMPT(full) [ 558.487802][T12750] Tainted: [L]=SOFTLOCKUP [ 558.487808][T12750] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 558.487826][T12750] Call Trace: [ 558.487832][T12750] [ 558.487838][T12750] dump_stack_lvl+0x100/0x190 [ 558.487864][T12750] warn_alloc.cold+0x95/0x1c1 [ 558.487883][T12750] ? __pfx_warn_alloc+0x10/0x10 [ 558.487896][T12750] ? trace_kmalloc+0xe3/0x110 [ 558.487915][T12750] ? __kmalloc_cache_node_noprof+0x2d9/0x770 [ 558.487935][T12750] ? __kasan_kmalloc+0x8a/0xb0 [ 558.487956][T12750] ? __get_vm_area_node+0x208/0x330 [ 558.487976][T12750] ? vb2_vmalloc_alloc+0x135/0x410 [ 558.487997][T12750] __vmalloc_node_range_noprof+0xccd/0x1630 [ 558.488017][T12750] ? vfs_read+0x1e4/0xb30 [ 558.488032][T12750] ? ksys_read+0x12a/0x250 [ 558.488048][T12750] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 558.488068][T12750] ? vb2_vmalloc_alloc+0x135/0x410 [ 558.488093][T12750] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 558.488121][T12750] ? vb2_vmalloc_alloc+0x135/0x410 [ 558.488141][T12750] vmalloc_user_noprof+0x9e/0xe0 [ 558.488161][T12750] ? vb2_vmalloc_alloc+0x135/0x410 [ 558.488180][T12750] vb2_vmalloc_alloc+0x135/0x410 [ 558.488204][T12750] ? __pfx_vb2_vmalloc_alloc+0x10/0x10 [ 558.488225][T12750] __vb2_queue_alloc+0x8d5/0x1160 [ 558.488254][T12750] vb2_core_reqbufs+0x899/0xf30 [ 558.488277][T12750] ? __pfx_vb2_core_reqbufs+0x10/0x10 [ 558.488307][T12750] __vb2_init_fileio+0x32d/0x1000 [ 558.488327][T12750] ? aa_file_perm+0x7f3/0x14d0 [ 558.488352][T12750] __vb2_perform_fileio+0x91e/0x1380 [ 558.488377][T12750] ? __pfx___vb2_perform_fileio+0x10/0x10 [ 558.488396][T12750] ? __pfx___might_resched+0x10/0x10 [ 558.488419][T12750] vb2_fop_read+0x211/0x520 [ 558.488440][T12750] v4l2_read+0x229/0x2c0 [ 558.488463][T12750] ? __pfx_v4l2_read+0x10/0x10 [ 558.488480][T12750] vfs_read+0x1e4/0xb30 [ 558.488500][T12750] ? __pfx_vfs_read+0x10/0x10 [ 558.488516][T12750] ? find_held_lock+0x2b/0x80 [ 558.488535][T12750] ? __fget_files+0x215/0x3d0 [ 558.488553][T12750] ? __fget_files+0x215/0x3d0 [ 558.488573][T12750] ? __fget_files+0x21f/0x3d0 [ 558.488595][T12750] ksys_read+0x12a/0x250 [ 558.488611][T12750] ? __pfx_ksys_read+0x10/0x10 [ 558.488630][T12750] ? rcu_is_watching+0x12/0xc0 [ 558.488650][T12750] do_syscall_64+0x10b/0x830 [ 558.488664][T12750] ? clear_bhb_loop+0x40/0x90 [ 558.488681][T12750] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 558.488697][T12750] RIP: 0033:0x7f7972b9ce59 [ 558.488712][T12750] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 558.488726][T12750] RSP: 002b:00007f7970dee028 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 558.488741][T12750] RAX: ffffffffffffffda RBX: 00007f7972e15fa0 RCX: 00007f7972b9ce59 [ 558.488752][T12750] RDX: 0000000000000028 RSI: 0000200000000280 RDI: 0000000000000004 [ 558.488761][T12750] RBP: 00007f7972c32d6f R08: 0000000000000000 R09: 0000000000000000 [ 558.488770][T12750] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 558.488782][T12750] R13: 00007f7972e16038 R14: 00007f7972e15fa0 R15: 00007ffde98ef098 [ 558.488808][T12750] [ 558.493073][T12750] Mem-Info: [ 559.118663][T12452] ACPI Error: Could not disable RealTimeClock events (20251212/evxfevnt-243) [ 559.216632][T12622] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 559.832837][T12750] active_anon:8911 inactive_anon:1 isolated_anon:0 [ 559.832837][T12750] active_file:5933 inactive_file:49894 isolated_file:0 [ 559.832837][T12750] unevictable:777 dirty:82 writeback:0 [ 559.832837][T12750] slab_reclaimable:11434 slab_unreclaimable:95957 [ 559.832837][T12750] mapped:25883 shmem:1291 pagetables:1164 [ 559.832837][T12750] sec_pagetables:0 bounce:0 [ 559.832837][T12750] kernel_misc_reclaimable:0 [ 559.832837][T12750] free:1309719 free_pcp:23201 free_cma:0 [ 559.909048][T12781] FAULT_INJECTION: forcing a failure. [ 559.909048][T12781] name failslab, interval 1, probability 0, space 0, times 0 [ 559.981381][T12781] CPU: 0 UID: 0 PID: 12781 Comm: syz.2.1343 Tainted: G L syzkaller #0 PREEMPT(full) [ 559.981411][T12781] Tainted: [L]=SOFTLOCKUP [ 559.981416][T12781] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 559.981426][T12781] Call Trace: [ 559.981432][T12781] [ 559.981439][T12781] dump_stack_lvl+0x100/0x190 [ 559.981461][T12781] should_fail_ex.cold+0x5/0xa [ 559.981482][T12781] ? constrain_params_by_rules+0x175/0xcc0 [ 559.981498][T12781] should_failslab+0xc2/0x120 [ 559.981518][T12781] __kmalloc_noprof+0xe0/0x850 [ 559.981532][T12781] ? kfree+0x223/0x6c0 [ 559.981556][T12781] constrain_params_by_rules+0x175/0xcc0 [ 559.981582][T12781] ? __pfx_constrain_params_by_rules+0x10/0x10 [ 559.981604][T12781] ? __pfx_constrain_params_by_rules+0x10/0x10 [ 559.981620][T12781] ? stack_depot_save_flags+0x27/0x9d0 [ 559.981650][T12781] snd_pcm_hw_refine+0x7e7/0xad0 [ 559.981670][T12781] ? __pfx_snd_pcm_hw_refine+0x10/0x10 [ 559.981690][T12781] ? __pfx_snd_pcm_hw_refine+0x10/0x10 [ 559.981710][T12781] ? snd_pcm_hw_param_value+0x27b/0x5b0 [ 559.981735][T12781] snd_pcm_hw_param_first+0x2b0/0x680 [ 559.981750][T12781] ? trace_hw_mask_param+0x83/0x230 [ 559.981774][T12781] snd_pcm_hw_params+0x458/0x1bf0 [ 559.981795][T12781] ? __pfx_snd_pcm_hw_params+0x10/0x10 [ 559.981813][T12781] ? snd_pcm_hw_param_near.constprop.0+0x578/0x850 [ 559.981840][T12781] ? __pfx_snd_pcm_hw_param_near.constprop.0+0x10/0x10 [ 559.981868][T12781] snd_pcm_kernel_ioctl+0x167/0x2e0 [ 559.981887][T12781] snd_pcm_oss_change_params_locked+0x1973/0x39f0 [ 559.981920][T12781] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 559.981959][T12781] snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 559.981990][T12781] snd_pcm_oss_read+0x3d4/0x730 [ 559.982020][T12781] ? __pfx_snd_pcm_oss_read+0x10/0x10 [ 559.982036][T12781] vfs_read+0x1e4/0xb30 [ 559.982057][T12781] ? __pfx_vfs_read+0x10/0x10 [ 559.982073][T12781] ? find_held_lock+0x2b/0x80 [ 559.982093][T12781] ? __fget_files+0x215/0x3d0 [ 559.982110][T12781] ? __fget_files+0x215/0x3d0 [ 559.982131][T12781] ? __fget_files+0x21f/0x3d0 [ 559.982153][T12781] ksys_read+0x12a/0x250 [ 559.982170][T12781] ? __pfx_ksys_read+0x10/0x10 [ 559.982189][T12781] ? rcu_is_watching+0x12/0xc0 [ 559.982210][T12781] do_syscall_64+0x10b/0x830 [ 559.982224][T12781] ? clear_bhb_loop+0x40/0x90 [ 559.982244][T12781] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 559.982259][T12781] RIP: 0033:0x7fa301d9ce59 [ 559.982273][T12781] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 559.982288][T12781] RSP: 002b:00007fa2ffff6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 559.982303][T12781] RAX: ffffffffffffffda RBX: 00007fa302015fa0 RCX: 00007fa301d9ce59 [ 559.982320][T12781] RDX: 0000000000008080 RSI: 0000000000000000 RDI: 0000000000000003 [ 559.982329][T12781] RBP: 00007fa301e32d6f R08: 0000000000000000 R09: 0000000000000000 [ 559.982338][T12781] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 559.982348][T12781] R13: 00007fa302016038 R14: 00007fa302015fa0 R15: 00007ffe5db9d798 [ 559.982368][T12781] [ 560.309502][T12750] Node 0 active_anon:37832kB inactive_anon:4kB active_file:23728kB inactive_file:199332kB unevictable:1572kB isolated(anon):0kB isolated(file):0kB mapped:107584kB dirty:536kB writeback:0kB shmem:3648kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:11328kB pagetables:4500kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB gpu_active:0kB gpu_reclaim:0kB [ 560.344577][T12750] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:244kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:48kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:32kB pagetables:132kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB gpu_active:0kB gpu_reclaim:0kB [ 560.377490][T12750] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 560.407541][T12750] lowmem_reserve[]: 0 2477 2478 2478 2478 [ 560.413284][T12750] Node 0 DMA32 free:1328336kB boost:0kB min:34056kB low:42568kB high:51080kB reserved_highatomic:0KB free_highatomic:0KB active_anon:37832kB inactive_anon:4kB active_file:23728kB inactive_file:199332kB unevictable:1572kB writepending:536kB zspages:576kB present:3129332kB managed:2537248kB mlocked:36kB bounce:0kB free_pcp:38232kB local_pcp:38232kB free_cma:0kB [ 560.447766][T12750] lowmem_reserve[]: 0 0 1 1 1 [ 560.452473][T12750] Node 0 Normal free:4kB boost:0kB min:12kB low:12kB high:12kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:1096kB mlocked:0kB bounce:0kB free_pcp:12kB local_pcp:12kB free_cma:0kB [ 560.482596][T12750] lowmem_reserve[]: 0 0 0 0 0 [ 560.487330][T12750] Node 1 Normal free:3895384kB boost:0kB min:55828kB low:69784kB high:83740kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:244kB unevictable:1536kB writepending:0kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:52116kB local_pcp:52116kB free_cma:0kB [ 560.520192][T12750] lowmem_reserve[]: 0 0 0 0 0 [ 560.525089][T12750] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (UM) = 15360kB [ 560.537944][T12750] Node 0 DMA32: 5392*4kB (UME) 5086*8kB (UM) 3458*16kB (UME) 1870*32kB (UME) 1345*64kB (UM) 721*128kB (UM) 551*256kB (UME) 464*512kB (UME) 290*1024kB (UME) 89*2048kB (UM) 28*4096kB (UM) = 1328336kB [ 560.557539][T12750] Node 0 Normal: 1*4kB (U) 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 4kB [ 560.569453][T12750] Node 1 Normal: 1*4kB (M) 0*8kB 2*16kB (UM) 1*32kB (M) 3*64kB (UM) 3*128kB (UM) 4*256kB (UM) 1*512kB (U) 2*1024kB (UM) 2*2048kB (UM) 949*4096kB (UM) = 3895428kB [ 560.585908][T12750] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 560.595524][T12750] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 560.604953][T12750] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 560.614574][T12750] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 560.624486][T12750] 57175 total pagecache pages [ 560.629389][T12750] 48 pages in swap cache [ 560.633612][T12750] Free swap = 124644kB [ 560.642549][T12750] Total swap = 124996kB [ 560.658581][T12750] 2097051 pages RAM [ 560.663222][T12750] 0 pages HighMem/MovableOnly [ 560.675727][T12750] 430850 pages reserved [ 560.686794][T12750] 0 pages cma reserved [ 561.269802][T12798] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1346'. [ 561.409620][T12777] Bluetooth: hci1: command 0x0c1a tx timeout [ 562.103026][T12452] ACPI Error: Could not disable RealTimeClock events (20251212/evxfevnt-243) [ 562.350610][T12819] vhci_hcd vhci_hcd.0: default hub control req: 0000 v0000 i0000 l0 [ 562.419738][ T30] audit: type=1800 audit(4294971658.800:8): pid=12819 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.1350" name="SYSV00000008" dev="tmpfs" ino=0 res=0 errno=0 [ 562.979642][ T1312] ieee802154 phy0 wpan0: encryption failed: -22 [ 562.986057][ T1312] ieee802154 phy1 wpan1: encryption failed: -22 [ 563.097859][ T10] ACPI Error: Could not disable RealTimeClock events (20251212/evxfevnt-243) [ 563.453213][T12622] Bluetooth: hci1: command 0x0c1a tx timeout [ 563.641438][T12833] futex_wake_op: syz.2.1352 tries to shift op by -2048; fix this program [ 563.735312][T12833] futex_wake_op: syz.2.1352 tries to shift op by -2048; fix this program [ 563.844882][T12839] 0x000000000001-0x000000020000 : "" [ 564.092757][ T5730] ACPI Error: Could not disable RealTimeClock events (20251212/evxfevnt-243) [ 564.258246][T12839] ftl_cs: FTL header corrupt! [ 565.087499][T12452] ACPI Error: Could not disable RealTimeClock events (20251212/evxfevnt-243) [ 565.397203][T12854] netlink: 25 bytes leftover after parsing attributes in process `syz.2.1357'. [ 565.645066][T12857] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1358'. [ 565.733192][T12857] netlink: 'syz.1.1358': attribute type 1 has an invalid length. [ 565.798483][T12857] netlink: 51465 bytes leftover after parsing attributes in process `syz.1.1358'. [ 566.082345][T12452] ACPI Error: Could not disable RealTimeClock events (20251212/evxfevnt-243) [ 566.978354][T12622] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 567.077696][T12452] ACPI Error: Could not disable RealTimeClock events (20251212/evxfevnt-243) [ 567.797275][T12875] RDS: rds_bind could not find a transport for ::ffff:172.20.20.187, load rds_tcp or rds_rdma? [ 567.844366][T12875] random: crng reseeded on system resumption [ 568.071970][ T10] ACPI Error: Could not disable RealTimeClock events (20251212/evxfevnt-243) [ 568.204277][T12890] futex_wake_op: syz.1.1366 tries to shift op by -2048; fix this program [ 568.351012][T12890] futex_wake_op: syz.1.1366 tries to shift op by -2048; fix this program [ 569.025369][T12777] Bluetooth: hci3: command 0x0c1a tx timeout [ 569.068171][ T10] ACPI Error: Could not disable RealTimeClock events (20251212/evxfevnt-243) [ 570.061721][ T5730] ACPI Error: Could not disable RealTimeClock events (20251212/evxfevnt-243) [ 571.057712][ T10] ACPI Error: Could not disable RealTimeClock events (20251212/evxfevnt-243) [ 571.096014][T12622] Bluetooth: hci3: command 0x0c1a tx timeout [ 571.645704][T12931] ubi0: attaching mtd0 [ 571.669625][T12931] ubi0 error: ubi_add_to_av: two LEBs with same sequence number 1 [ 571.715818][T12931] eraseblock attaching information dump: [ 571.747890][T12931] ec 1 [ 571.762916][T12931] pnum 0 [ 571.781201][T12931] lnum 0 [ 571.796648][T12931] scrub 0 [ 571.810587][T12931] sqnum 1 [ 571.827382][T12931] Volume identifier header dump: [ 571.851877][T12931] magic 55424921 [ 571.868622][T12931] version 1 [ 571.889097][T12931] vol_type 1 [ 571.907750][T12931] copy_flag 0 [ 571.924368][T12931] compat 5 [ 571.942998][T12931] vol_id 2147479551 [ 571.962452][T12931] lnum 0 [ 571.985522][T12931] data_size 0 [ 571.999601][T12931] used_ebs 0 [ 572.018517][T12931] data_pad 0 [ 572.033289][T12931] sqnum 1 [ 572.051967][T12931] hdr_crc 65b3bd2d [ 572.058451][ T5730] ACPI Error: Could not disable RealTimeClock events (20251212/evxfevnt-243) [ 572.080356][T12931] Volume identifier header hexdump: [ 572.328124][T12931] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 572.630282][T12948] netlink: 186 bytes leftover after parsing attributes in process `syz.3.1377'. [ 572.672802][T12945] can: request_module (can-proto-5) failed. [ 572.997103][T12950] [ 572.999444][T12950] ====================================================== [ 573.006441][T12950] WARNING: possible circular locking dependency detected [ 573.013440][T12950] syzkaller #0 Tainted: G L [ 573.019397][T12950] ------------------------------------------------------ [ 573.026402][T12950] syz.1.1381/12950 is trying to acquire lock: [ 573.032447][T12950] ffff888028cda368 ((work_completion)(&new_smc->smc_listen_work)){+.+.}-{0:0}, at: __flush_work+0x4ca/0xcb0 [ 573.043917][T12950] [ 573.043917][T12950] but task is already holding lock: [ 573.051256][T12950] ffff88804af8a7e0 (sk_lock-AF_SMC/1){+.+.}-{0:0}, at: smc_release+0x3a5/0x620 [ 573.060219][T12950] [ 573.060219][T12950] which lock already depends on the new lock. [ 573.060219][T12950] [ 573.070610][T12950] [ 573.070610][T12950] the existing dependency chain (in reverse order) is: [ 573.079608][T12950] [ 573.079608][T12950] -> #1 (sk_lock-AF_SMC/1){+.+.}-{0:0}: [ 573.087339][T12950] lock_sock_nested+0x41/0xf0 [ 573.092524][T12950] smc_listen_out+0x1f5/0x4b0 [ 573.097711][T12950] smc_listen_work+0x4c2/0x50e0 [ 573.103075][T12950] process_one_work+0xa0e/0x1980 [ 573.108525][T12950] worker_thread+0x5ef/0xe50 [ 573.113615][T12950] kthread+0x370/0x450 [ 573.118184][T12950] ret_from_fork+0x72b/0xd50 [ 573.123276][T12950] ret_from_fork_asm+0x1a/0x30 [ 573.128545][T12950] [ 573.128545][T12950] -> #0 ((work_completion)(&new_smc->smc_listen_work)){+.+.}-{0:0}: [ 573.138715][T12950] __lock_acquire+0x14b8/0x2630 [ 573.144070][T12950] lock_acquire+0x1b1/0x370 [ 573.149072][T12950] __flush_work+0x4de/0xcb0 [ 573.154075][T12950] cancel_work_sync+0xd1/0xf0 [ 573.159342][T12950] smc_clcsock_release+0x5f/0xe0 [ 573.164787][T12950] __smc_release+0x5c2/0x880 [ 573.169881][T12950] smc_close_non_accepted+0xda/0x200 [ 573.175673][T12950] smc_close_active+0x4ff/0x1070 [ 573.181116][T12950] __smc_release+0x634/0x880 [ 573.186211][T12950] smc_release+0x1fc/0x620 [ 573.191132][T12950] __sock_release+0xb3/0x260 [ 573.196228][T12950] sock_close+0x1c/0x30 [ 573.200889][T12950] __fput+0x3ff/0xb50 [ 573.205380][T12950] task_work_run+0x150/0x240 [ 573.210496][T12950] exit_to_user_mode_loop+0x107/0x4f0 [ 573.216368][T12950] do_syscall_64+0x6f2/0x830 [ 573.221543][T12950] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 573.227937][T12950] [ 573.227937][T12950] other info that might help us debug this: [ 573.227937][T12950] [ 573.238141][T12950] Possible unsafe locking scenario: [ 573.238141][T12950] [ 573.245564][T12950] CPU0 CPU1 [ 573.250905][T12950] ---- ---- [ 573.256249][T12950] lock(sk_lock-AF_SMC/1); [ 573.260737][T12950] lock((work_completion)(&new_smc->smc_listen_work)); [ 573.270180][T12950] lock(sk_lock-AF_SMC/1); [ 573.277190][T12950] lock((work_completion)(&new_smc->smc_listen_work)); [ 573.284106][T12950] [ 573.284106][T12950] *** DEADLOCK *** [ 573.284106][T12950] [ 573.292226][T12950] 3 locks held by syz.1.1381/12950: [ 573.297396][T12950] #0: ffff8880778f6840 (&sb->s_type->i_mutex_key#13){+.+.}-{4:4}, at: __sock_release+0x86/0x260 [ 573.307914][T12950] #1: ffff88804af8a7e0 (sk_lock-AF_SMC/1){+.+.}-{0:0}, at: smc_release+0x3a5/0x620 [ 573.317299][T12950] #2: ffffffff8e7e5420 (rcu_read_lock){....}-{1:3}, at: __flush_work+0xfd/0xcb0 [ 573.326414][T12950] [ 573.326414][T12950] stack backtrace: [ 573.332288][T12950] CPU: 0 UID: 0 PID: 12950 Comm: syz.1.1381 Tainted: G L syzkaller #0 PREEMPT(full) [ 573.332311][T12950] Tainted: [L]=SOFTLOCKUP [ 573.332316][T12950] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 573.332325][T12950] Call Trace: [ 573.332333][T12950] [ 573.332339][T12950] dump_stack_lvl+0x100/0x190 [ 573.332356][T12950] print_circular_bug.cold+0x178/0x1c7 [ 573.332380][T12950] check_noncircular+0x146/0x160 [ 573.332404][T12950] __lock_acquire+0x14b8/0x2630 [ 573.332422][T12950] lock_acquire+0x1b1/0x370 [ 573.332435][T12950] ? __flush_work+0x4ca/0xcb0 [ 573.332450][T12950] ? mark_held_locks+0x40/0x70 [ 573.332464][T12950] ? __flush_work+0x4ca/0xcb0 [ 573.332478][T12950] __flush_work+0x4de/0xcb0 [ 573.332493][T12950] ? __flush_work+0x4ca/0xcb0 [ 573.332509][T12950] ? __pfx___flush_work+0x10/0x10 [ 573.332525][T12950] ? __pfx_wq_barrier_func+0x10/0x10 [ 573.332547][T12950] ? __pfx___might_resched+0x10/0x10 [ 573.332565][T12950] cancel_work_sync+0xd1/0xf0 [ 573.332583][T12950] smc_clcsock_release+0x5f/0xe0 [ 573.332605][T12950] __smc_release+0x5c2/0x880 [ 573.332625][T12950] ? __pfx_sock_def_readable+0x10/0x10 [ 573.332642][T12950] smc_close_non_accepted+0xda/0x200 [ 573.332664][T12950] smc_close_active+0x4ff/0x1070 [ 573.332686][T12950] __smc_release+0x634/0x880 [ 573.332705][T12950] smc_release+0x1fc/0x620 [ 573.332725][T12950] __sock_release+0xb3/0x260 [ 573.332743][T12950] ? __pfx_sock_close+0x10/0x10 [ 573.332761][T12950] sock_close+0x1c/0x30 [ 573.332777][T12950] __fput+0x3ff/0xb50 [ 573.332799][T12950] ? _raw_spin_unlock_irq+0x23/0x50 [ 573.332827][T12950] task_work_run+0x150/0x240 [ 573.332842][T12950] ? __pfx_task_work_run+0x10/0x10 [ 573.332857][T12950] ? rcu_is_watching+0x12/0xc0 [ 573.332875][T12950] exit_to_user_mode_loop+0x107/0x4f0 [ 573.332889][T12950] ? rcu_is_watching+0x12/0xc0 [ 573.332907][T12950] do_syscall_64+0x6f2/0x830 [ 573.332921][T12950] ? clear_bhb_loop+0x40/0x90 [ 573.332938][T12950] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 573.332953][T12950] RIP: 0033:0x7f7972b9ce59 [ 573.332966][T12950] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 573.332981][T12950] RSP: 002b:00007f7970dee028 EFLAGS: 00000246 ORIG_RAX: 00000000000000db [ 573.332995][T12950] RAX: 0000000000000001 RBX: 00007f7972e15fa0 RCX: 00007f7972b9ce59 [ 573.333004][T12950] RDX: 0000000000000400 RSI: 0000000000000005 RDI: 0000200000000d40 [ 573.333013][T12950] RBP: 00007f7972c32d6f R08: 0000000000000000 R09: 0000000000000000 [ 573.333023][T12950] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 573.333032][T12950] R13: 00007f7972e16038 R14: 00007f7972e15fa0 R15: 00007ffde98ef098 [ 573.333045][T12950] [ 575.035742][ T5730] ACPI Error: Could not disable RealTimeClock events (20251212/evxfevnt-243) [ 576.030563][ T10] ACPI Error: Could not disable RealTimeClock events (20251212/evxfevnt-243) [ 577.025414][ T10] ACPI Error: Could not disable RealTimeClock events (20251212/evxfevnt-243) [ 578.020245][ T10] ACPI Error: Could not disable RealTimeClock events (20251212/evxfevnt-243) [ 579.015099][ T10] ACPI Error: Could not disable RealTimeClock events (20251212/evxfevnt-243) [ 580.009902][ T10] ACPI Error: Could not disable RealTimeClock events (20251212/evxfevnt-243) [ 581.004774][ T10] ACPI Error: Could not disable RealTimeClock events (20251212/evxfevnt-243) [ 581.999555][ T10] ACPI Error: Could not disable RealTimeClock events (20251212/evxfevnt-243)