last executing test programs: 7.158619978s ago: executing program 1 (id=1882): unshare$auto(0x40000080) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) socket(0x2b, 0x1, 0x0) listen$auto(0x3, 0x81) ioctl$auto(0x3, 0x8905, 0x38) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) keyctl$auto(0x1f, 0x1, 0x6, 0x3, 0x3ff) madvise$auto(0x0, 0x240007, 0x19) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) socket(0x5, 0x4, 0x7) close_range$auto(0x2, 0x8, 0x0) openat$auto_rng_chrdev_ops_core(0xffffffffffffff9c, 0x0, 0x42800, 0x0) openat$auto_mousedev_fops_mousedev(0xffffffffffffff9c, &(0x7f0000000140)='/dev/input/mice\x00', 0x22002, 0x0) read$auto_proc_mem_operations_base(0xffffffffffffffff, &(0x7f0000000200)=""/81, 0x51) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) r1 = socket(0x2, 0x80002, 0x73) r2 = io_uring_setup$auto(0x406, 0x0) mmap$auto(0x0, 0x9, 0xffb, 0x8000000008011, 0x3, 0x0) sendmsg$auto_NL80211_CMD_SET_WIPHY(r1, 0x0, 0x80) getrandom$auto(0x0, 0x200006000000, 0x0) io_uring_enter$auto(0x3, 0xa84, 0x80000001, 0xa, 0x0, 0x46) io_uring_enter$auto(r2, 0x7, 0x7ffffffb, 0x3, 0x0, 0x3) move_pages$auto(0x0, 0xa, 0x0, 0x0, 0x0, 0x2) ioctl$auto_IOCTL_VMCI_DATAGRAM_SEND(r2, 0x7ab, 0x0) 4.962089831s ago: executing program 3 (id=1895): r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/memfd_noexec\x00', 0x2, 0x0) socket(0x3, 0x6, 0x3) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0006, 0x17) madvise$auto(0x0, 0xffffffffffff0001, 0x15) write$auto(0x3, 0x0, 0xfdef) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x400053, 0x9) ioctl$auto_FS_IOC_RESVSP(r0, 0x40305828, 0x80) 4.082956303s ago: executing program 0 (id=1896): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) write$auto(0x1, 0x0, 0x80000000) write$auto_seq_oss_f_ops_seq_oss(0xffffffffffffffff, &(0x7f0000000c80)="5f74ab2fc43781e047140a5cbc3ac5229b90633d9cddda9efb1f2c3d5d1e63f3fb5acf079b9336319d009cb514679a42eaca52b81c166d19625d173c26ece6542f2fb29712f4fb9072fc432b4cf3e6f5a7f3c9f91ee88ba5fa11d48fd3658e8f44f8423b4cd02bbec912ed34f9f4b19b03d4c62b24ede44c0c76c34edf7bde061903c2ee4c64110ac668239fa53ba4291bae74c3d173663248ff0945dd2e405e0d378b5a8e4643a7bc3b35a7248431450ca8901467ea6dc5d86de1e90f869f6a04ac10043676f3b2c7f1339b2d7468133fb8447d17846b6b78079ecc31d7d0f74caa4a3db1ac4d312bfdb34bd331f1f771a239", 0xf3) unshare$auto(0x40000080) mmap$auto(0x1002, 0x9, 0x4, 0x200000eb0, 0x401, 0x701cf82a) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/mm/transparent_hugepage/hugepages-2048kB/enabled\x00', 0x22b42, 0x0) r1 = eventfd$auto(0x34b) read$auto_ptdump_fops_(r1, &(0x7f00000000c0)=""/32, 0x20) sendfile$auto(r0, r0, 0x0, 0x6) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0x10000010, 0x0, 0x0, &(0x7f00000001c0)={[0x1ff, 0x0, 0x7, 0xfff, 0x948b, 0x9, 0x15f4da0a, 0x3, 0x400, 0x62, 0x80000000, 0x4, 0x6d41, 0x8001, 0xa, 0xfffffffffffffdf7]}, 0x0) write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) sendmsg$auto_HWSIM_CMD_NEW_RADIO(0xffffffffffffffff, &(0x7f0000001e00)={0x0, 0x0, &(0x7f0000001dc0)={&(0x7f0000001e40)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="010027bd7000fbdbdf2504000000080017000800000004001e"], 0x20}, 0x1, 0x0, 0x0, 0x220000c1}, 0xc0) mmap$auto(0x0, 0x1, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) setpriority$auto(0x2, 0x0, 0x80000) sendmmsg$auto(0x4, 0x0, 0x400, 0x7) close_range$auto(0x2, 0x8, 0x0) 3.980171395s ago: executing program 2 (id=1897): openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f0000000000)='/dev/usbmon33\x00', 0x121200, 0x0) (async) r0 = openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f0000000000)='/dev/usbmon33\x00', 0x121200, 0x0) mmap$auto(0x0, 0x4000002, 0xfffffffffffffe01, 0x8051, 0x3, 0x0) syz_clone(0x5004000, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f0000000300)='/dio1\x00\x00\xff\xf3\xa5m\x1c\x11\x1bT\x00\xeb\xde\x00\x00\x00\x9c<=\x9d:\xfa\xd3\xa3\x04\xb6\xb9\x84\xec\x9c\xe1\x14\x81\x95\xf2c\xc8*\xd1n\xacB\xb6\x1e\xfcN\xb8%\xae\xfe\x98\xec\xd1\x15\xf4\n\x1aB\xceD\xf2\x15\x12\xcc\x89\xb7\xbd\xed\x96\x8ba\x1d\xd7\n\\\xdd\xe3\x1f\xff~\x18>\xc7', 0x3) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) (async) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) openat$auto_drm_debugfs_entry_fops_drm_debugfs(0xffffffffffffff9c, 0x0, 0x200, 0x0) syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000080), 0xffffffffffffffff) (async) syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$auto_HWSIM_CMD_NEW_RADIO(0xffffffffffffffff, 0x0, 0x40800) unshare$auto(0x40000080) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x0, 0x0) pwrite64$auto(0xc8, &(0x7f0000000040)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x86\xdde\x1cJ\x99\x00\x00\x00\x00\x00\x00\xfd\xfd\xd3\xd3\x1d\xf8\xbe\x01\x00\x00\x00\'\x03\x00\x00\x9f\x1e\xf9\xa4*\x01\x00\x00\x00^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x0e#\xae\xa9i8W\xe5Iq\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2E\xd8?\'\x8dg\x81K*&\xab\xaf\x94\x90\xd7\xa6+,\xc3\xc2g\x01JZ\xbb*\xb5\xa1;0\x81\x11\x9a?g`sFh\x00\x00,,\x93\xba\x88\x93\xc6#\xe5\xaae\x9d\xb6\x1a\x7f\xc0%\xb0\rfOJ+\x02\x9b#)\x9b\x17\x82\xd7\xee\xd1\xbf2[\xd0\xbdn\x1d\x00\xeb]B\xa0\x99\xb0R\xb4J}\xa8\xa1\x84]F\xe0\x83/\xc0\xd8\x05f_\xfa\x19\a\x00\xf1\x12lwU&[\xde?\xde8\xf7\xc1\xa6\xf2\xc1\"\xact\xee\xc9\x00'/231, 0xfdf2, 0x3a) semctl$auto(0x80001ff, 0x804, 0x13, 0x4) (async) semctl$auto(0x80001ff, 0x804, 0x13, 0x4) keyctl$auto(0x1, 0x7, 0x100, 0x8, 0x4) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) timerfd_create$auto(0x1, 0x0) getxattrat$auto(0xffffffffffffffff, &(0x7f0000000080)='./file0\x00', 0x1000, 0x0, &(0x7f00000001c0)={0x0, 0xa50, 0x10000}, 0x1000) unshare$auto(0x40000080) openat$auto_kmsg_fops_printk(0xffffffffffffff9c, 0x0, 0x40001, 0x0) (async) openat$auto_kmsg_fops_printk(0xffffffffffffff9c, 0x0, 0x40001, 0x0) openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/security/tomoyo/domain_policy\x00', 0x2, 0x0) (async) openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/security/tomoyo/domain_policy\x00', 0x2, 0x0) r2 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/controlC2\x00', 0x80ac2, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_ADD(r2, 0xc1105517, &(0x7f0000000380)={{@inferred=0x0, 0x7, 0x109, 0x200007, "aab8e80600080043529f895cf5e8ec8f46cbb766439d070a00", @raw=0x2}, 0x6, 0x4, 0x6, @raw=0xd7, @integer64={0x442df60c, 0x81, 0x7}, "a4699d30a05edbe0d28473c399a7dc920b153e9b1675451d7de94b4123f970bedd3460c667373fcc59b584d81592f6ab606c276852295e00af49e6de6e768034"}) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_REMOVE(r2, 0xc0405519, &(0x7f00000000c0)={@inferred=r3, 0x7, 0xd, 0xa4, "e3eabf11dce36a2eac9cb4682c339b3ce615a9b97386d4462bc6553245da56e4978f37368e849db4a6e0aa4e", @raw=0xa2cfa1c}) (async) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_REMOVE(r2, 0xc0405519, &(0x7f00000000c0)={@inferred=r3, 0x7, 0xd, 0xa4, "e3eabf11dce36a2eac9cb4682c339b3ce615a9b97386d4462bc6553245da56e4978f37368e849db4a6e0aa4e", @raw=0xa2cfa1c}) openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/usbmon0\x00', 0x0, 0x0) (async) r4 = openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/usbmon0\x00', 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) (async) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000640), r5) sendmsg$auto_NL80211_CMD_RELOAD_REGDB(r5, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f00000000c0)={&(0x7f0000001300)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r6, @ANYBLOB="05082dbd7000fbdbdf257e0000000800db00ab29dc931f0e02b7745be74fb8e8255f614f85f94bc5ef8facda4b1cb3e135ef23203752a9a06f5adc02fe10fd6059eb5ec860fbb39453d7ba92bd5a73e0e45ce2d585cccf203901d41ed36536bffcadc5fa27dbe72d209b4c922ee03aba35fb65731b21d405c9def0a3765c9b0ff8fbbff63336633bec215ead541e5766cb7e6a546c58ddbc3cbd84697b73ae550f26f7eb", @ANYRES32, @ANYBLOB], 0x1c}, 0x1, 0x0, 0x0, 0x4004044}, 0x8000) sendmsg$auto_NL80211_CMD_ADD_TX_TS(0xffffffffffffffff, &(0x7f00000012c0)={&(0x7f0000001100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000001280)={&(0x7f0000001140)={0x108, r6, 0x8, 0x70bd27, 0x25dfdbfd, {}, [@NL80211_ATTR_FRAME_TYPE={0x6, 0x65, 0x9}, @NL80211_ATTR_MLO_RECONF_REM_LINKS={0x6, 0x14f, 0x9}, @NL80211_ATTR_STA_SUPPORTED_RATES={0x17, 0x13, "13c366f9244357d432f6e44cc4bf4e5878fe5d"}, @NL80211_ATTR_WIPHY_NAME={0x8, 0x2, '/${\x00'}, @NL80211_ATTR_AP_ISOLATE={0x5, 0x60, 0x8}, @NL80211_ATTR_P2P_OPPPS={0x5, 0xa3, 0x2}, @NL80211_ATTR_HT_CAPABILITY={0x45, 0x1f, "ff8ddbe0dca3a0c40b31575a0fc89a052ad1070f85525f215dde201061c7ecbce4e876ab8d9dd571ee3b51789e3654f47243f6e34471afffdadef51ab57ef583e9"}, @NL80211_ATTR_WOWLAN_TRIGGERS={0x5c, 0x75, 0x0, 0x1, [@generic="ba6aeb15a3f761572ca4eb336e5dfaa39a4e112524144c26d5a6468d0f3a3919ee7a2bf863f683c121bc3b2170c49b100b274baaf7e35af6d0f2356f99129b14dfb3c040f557f81b", @typed={0x8, 0x138, 0x0, 0x0, @u32=0x400}, @typed={0x8, 0xe6, 0x0, 0x0, @fd=r1}]}, @NL80211_ATTR_TDLS_OPERATION={0x5, 0x8a, 0x8}, @NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI={0x5, 0xf6, 0x7}]}, 0x108}, 0x1, 0x0, 0x0, 0x91}, 0x10) ioctl$auto_MON_IOCX_MFETCH(r4, 0xc0109207, 0x0) (async) ioctl$auto_MON_IOCX_MFETCH(r4, 0xc0109207, 0x0) 3.79446461s ago: executing program 1 (id=1898): r0 = openat$auto_ns_file_operations_nsfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/ns/cgroup\x00', 0x400, 0x0) recvmmsg$auto(r0, &(0x7f0000001580)={{&(0x7f00000003c0)="44d76cb939eb92c7cd561283322a20a6447574da44088dd01d16e3770ff64caddb3eb800fd4c46d99d54622dd36600da089cf80a0052dcaa56dc5be29753d84e4f7c19cf27d677a1d5ac786b304e76f986221b7c05ae3f2ac30908bf0ddbd1317028c55b6b637d730ddd659c4c5ff3eae5d4ab33f9bfedf6ce74892d52b754d2875c6f6b382b06f6ae426096bd3c6f8b757f96eaf7b3a77fbab6dd4c832058f25b55b7d9e6d32a1cebc1f23d3d565cb0455e7e7cbaa8dc56f7fa6e171f0716ae3de7c95076f6c3f5a286ce0bf371078f08db7391f97eab1e6a9cdeb80e130da20c2fab5beec697aeab36c200d2ceb046", 0x6, &(0x7f00000014c0)={&(0x7f00000004c0)="b17a847dd4ef3da039660dbb1198865eb731a2e6a29be9373af2d9b802287ccde25a587587cd386a49ab1d367672d74b1857e98558f9083a24527005b0018851a4ac94d8732b55310206eec78f40b5448360a776e64b4e85ee4212d00fae450a75e81ecea8b2482c1dd9fc3a6a7f43ac6d71b00de7016361efacab8c8f4f3408a0ee34662916fc67d9c4187036c9d2ef0c6e7edcd20a1e9f7ee9def5cc285b3ba40bbfea4d389674dc762df99b8362249d3ebc0c44eb0e40bc3b64243ecabe1bf6ac6eee96346710834b5bbe15e3afaf859fd60c897489888af055688defc3ddf6acadb27d8d0bdd9b57f8a3181dae540ca642e50761c7be3bf4466cd339eb00563b5e7de5f71609c579150c2158d219340c146a7fc4f50a77a7c44199dddcdbed82aa4d62dcd83e1e812ee167e8069e591dcccd0de9a524fb9b0e80fc03ac295e5358a914997d8e9c98cfcd4e04d352892065691330c8f95bb016c4a7c44f44940959f8426d3b935d5bfc4bbca1751260886b51f8c9598da192b44042f85061c350e9c00334ae3e9fa8aca9d9d528d25d031b07cd2af00504d1ce18c2127429cb6750152fab586d1c98b805cb44c931e71c77ef39c4311d97f8f333a8dbad252da5fec9e8161c7e698197cf87bc3ecbf95b48ba4e891e4ce52f7f557e03d97d240fcc28c3dd4611e5f95b8d9494e6712056436befed19805c3241f057bf9c680aeaf3c6055f532314f3cd2c40fe56d6c148789cd442a75c6843f6cfb5fdaeca13a2243371967233f140f83a385dd27e62bb8d9dbf696be01a911327601306703b37d5dae01b8cb154a7f7fd4694b2575f21532b77c4e03fea11628b8e438384cc0d9e3a5851d0025f686c285d2d22077637effc942ba576853713fe74396f576cb8fdf31f3133a238bfc92ab31a4368b9add642b90c6fd29110ad5dab6127cd7ef1dc8f32225cf30bf2995e597856f78973dd37607e3147b02e69c7b3104e3f1a06eb1fa282f04ff793325eb2eb881a97deb3e5ca4c770c2a150e261ebbc4dfb92dc272d14af1f811fd9fb51e50f2e5eca2ec9f32e27dc5fac3ef28b5f0cf8a7ddf4191a38562f5f78a2cdd73b9e439a6c6f737b1149f0f5f78170cf7fe1a4c8230370fd03c522ba8c3020bb265ad3469eaafaea7fb1ffc2346a9862afb3ac92a106e0b2aca47073713352b450e6713177d1cdc3ba8d9c7a69a14cb3732940893be9f38228ecda5b9ff1e83e3615db791e0781dfe4e5b47aa23aa05053a081089208451d86c69c3f7b3197be77ad7c87539860bdcc4552f3d4740c52e5f43a2bb1257eadc379a0c6a60ddfc617eb4b0ede45befbffb1cb8a422b74022a9bdeb01e36c1fa59c118fa3ac7925692922aec78657e3e8fb0f92e1abd47456034d4c6b809eb619788b17b4d7bee8fb478e22e3d5358f9cc24ff6c9e01662c8927abe4d3db81c4a8b50995db3c9ba6c7f21b7a7f4cf7b55d5a3f9eeebbdd4b821de11dfa490e04dce920991f6489ec836ca13a8cbeb8599ee89385a2718800e8be3d2443613728cee0d04f67fd43d1a116d5b206e7b5df9444ba43a79038ceae17771fe0a43223c8fcbeebb74c754c98d0856510b5a737ac9ea35e9afced481922c715ab614eab471814c88a25ee262d8b96bcc17be44bb444d83550bdb7a8eeeeb12004a1366266975aad635448759e1b7a2c30f3dceaebc76841dcceb6c40e50380be8b1fb34090fd7b21114a156e45b03322f1df004b4b1297c6b6abed5ed8818f67c57976151b9d4752aad6878f9a6c06fa41c358c3884a1c276235694923140d14bf6568b1f9b65be9633e70da1e8a04312a75189a7cd300c7c77a7dcbbbbf3bbd921472fd45259a8d204970c0413c76f0928a5a2cc5dabd1ea01c675a8d1584416a3ebccf8ae69a36fadd37d10171d07530d5465509b407c8e5a7892eea9bea3b62ff1fe35b39432e66567645ce1b1d38f542f536db9f2a66d280bf53e3da8b87881b2aafcdf592f9ebba803a2ec7955b0965bbe6d36ea493312889de9da1e37b3a23e90f024b85968a362089f50202901d274f0e00311c45ea007cb9eee94a6162485f5d7c622f833c4fcfcd9d9d956137a91d029cd7a79fcb17504f77563a54a742b76db40f094be032936836a0f6c8edd1563b6b4bdb8f927005e6d23d2818512b9f905d94b57d045f97e8fed302f16faf2563cdb15a7da1a46019970a8ce79d4a1ab4ac0b76ad41ece3a6ed6a87c21576fc6d0cd707466195a0730e8da7f68e49a3d2b7dc8f95dd8818aee8b0f85a76f9da7f1f80b07a4c5ca5ca4bbfbe0d2d4c20d2a5a311ba91a0140950a143de0bdd54f58754272eec3b0e9824e0fbc2c8d68fc3c9e43121ae7049f51ef78256720eb419380550ba126cc90c1d010bcc6f7cf1aaf3d76523676f439a4bf9c252f6981c2d5aa786fe9a1721020067000dd34063dfdaeeec900c3fca0ac2453b55bbd6c22947b24bdf5111d161f90ff84c75215e8f83e9604afead792808e2225113ecfefcba386414265ac0815449a141dc54f7bfb0152111d419c9e69d7500375620da5c07e2b2826871a07cec7e928e1023f0b56049d26bc8b612a6cacb2c7dc69e9566c743d12d592f4bbc277dd24c3b8b8b180b5429b11ce8243be01488e8bae70c2c1dd403f2ca46d23bc3f5c4b8c0deabd3357a6913b9bd37c45550f1e98246e79ca5a66ad8350e6bcfc88c5ed5f37ddb991a22e248785cfc50d49ad08e4c2302549e8703d13d15cbd70aa338ec942fde3e00d33b4a974a3eca7dee763ba2b5d2fb5efb9f4bcbf19e2d3635342451167c77679dd5ed54105cf01d1ea0f54fc8763f7e0555be11cc93aee44dccc371e685901fdaac3799d24bff288f6a02b1310731fe287c9172878c17caec5e5d74fcfb01483fcfef4b47e3b58356d9be692b62f8f0cd5b0c1150d3b7d0e7d6637fb57d56be3765efd2383e3e1a81e0c9372e258c8d08e99d8218068afc041fd4c07e0b4a75d08eb15fec97825d1d46bf1d91c6f763e7e4bc2121cff778082dd9145a776ac1d3510852612fd00fc5e73467e542798590f80ab81ad6cecee2378e349dfb93a71c54abc519b4593a4f4e734cefebe871216843de19d00add7c915fd8f0f6ba312d1ce05a55c4b48703feafe56faefdbfb04e88a73d158a893bfba388c287779e70b531ebdffbeece79143f02a50b03cc8fcbc12963a981d119e069cbde8c4024b026042f5ac1b2a567a33ed225ffbe966f95bfa463de6901345cd97fa3dcfa09634ce401b521d7118d3f55f5912a55a8ce3e69066d49e41c8363adfecc0a3de6dc5d674cdc5a95fc0b3d923a42dfc5090a16b701a399384d12cd55eb96bda975ed52e74bfc410f6c1e5632c0bf7ac682dae5b50c206eebcbfe5e22131550770d85f8b8d6eb076c6c794083faeeb67e4c7455ba79f2de1b4fa153f857589ba3c257fcc0c1cac0a099fb5ffe2dca03c2d6794aaddb11d5dbd60c9c89ffd808f63d9bd3842c0254b01f66644b46e41c138e3420e6272d9187aa4bbbbe8e9143e37829c40746df026bda7a247ee9705e2d1e0949eb3f56afc37a2d4f07bddd3f2625aed8441e25b37d1ba1a72d8cce332ac72781641afa32cc55dd53386db064ff91d2ba2d0ae22d5b577770fe8f519e3af5a9ae17d69fe3570c45b1906b710891f37ebc937a635d6702bc79b375750c89433b9b6e33e08a3fe2c9cfae78bfd3fea0b542af8a4ca3c2c7b8157f87f2c7bcd2f27fc56fd7140bfccb7cca2fbbc0c30652ca31fcefd5f142a5bdc84d760d414568920908a9a3d85443ddbf39784574b5b26327f2b830f89c2f6b8b267de429ababf47ed9c854bda5b9d0207d38147993652ba99a729432f91cccb91ac6cf6cdd2158f5a6fbfacdb94d4079a6be4fdde7e03d724856fda04d918023a4d00ac87370347c211cadd04d1109581be503064972b50f04f4afe912c8a19bf7a8c5b1488ef1b65def2f91f9ac017f1d82896457e308dcbadeaeb9cf538d39a71cad24b0df5b616a1f6cb797531af8c016c93dababda99f7d18db1d12185b4367775d521be40e5f623e42e80e225459101b63139693fcbc9f5922fa68507a1d4777e696d3574e61368b6a4f72491942264edd11f1ed7807b91af26993b20715c5911689144bbd09e46d3f275a652bb9458b4f31ea2d0dee6633ea0e392d51701183d4e7fcb6a65cb8cf07e0b6a855621e4275a17fe93407b1ad7c1dcfbec90dff7ff9753791a37c9085e6031583ee0cf6b3edcf1d5d92ee1ae686646f9d03a685c3c9b523c9ab76526714c42a189d77b4073cc1f6f31f647e1bd47ccad0f37221fa7da7f93209020dacf86f6af51a074ff9e034d1c121eb9b19f4ff75ef848643a96189978ca2f094b6659058b121bcbebff254d74e7a1416c8a4632bcd104691f44e747f4971af0a69407de20294292769e9b84f9035e0aaaa0ffd02810b214c52c7d58bbce5ac5fbc1e80dfabe755138760f3c28627fc940c40d1b672221e5c19fe37acd36ae205ee8bb6b4acb8ce365eb04e64dd83534fcadd6afef59c831a1e1f72fb91103bf70a22169b2414dd7d417de04c17bf4b16e4eb83620e90d49e9a0f94d96c302179026d38d58c61c4c9fbb05e91daa17269ffaa105ee208c56dcac834583dfe2d78486bda924b80ab3add1f24eb6648c6f951f0e7cae2cb05560691f7814ee0abe9c9e62019ccd8c7037983a40aa3dba03b50dc9a2c2696c67446b7c24a512b819b37f599c38d89e06b4187df8d7ea128607ecb3ea85aeb6ebd5b3739582f008beee3dd8583c14ece96c258d5afd039b0e9f90a7d07fbc20eb5827e62976af604d3a3c9aacd2a82d349d2a83616197883874b4903c9a346591fe5d26ef9789cd9e35f85b613660e237affe4a8e55672d7fad0fbaddf1ff0203593a0cc32732ce58182a2eb8d535ebcae7d21a616f84daf951a049a7715415c4553e851379a88e5c681246dcc8b50c7136bac01725173f93c6b6bf0fadca22765e084c4aa4ee495dfa926f4857aab5e50bd0ca261562c5461624694f7f3bba23f1fb50beb81b2f1860142a7901054e947cba801e0b546a25955d7a5dee2dac846fceebb45ae107c262153f21e1a238d7a6215d52fed3f366821ac6526d7240fb43506ab9928e4f39f8542f54745d2af65fa1d3e2c77838ea7b3609856873370c9147a5217a8e2476de25875721203020895b75033b946812ed8934f8a51a0d67cab5c4fc2c90a1d49ecdba1c4eb6ff519124ab9bd639cb3a297c2b17323bc9017c96463f266f57d414b5eeda06349178a2f4be05c6853d79f918fb57c98749b1f6652bd630c94ad5ba3aad4465e7a54e3b657aad76f871cf21762eadfee99bcd101a348d4ed3379d7c82220adb3aae876162ef9a22da22460bd0415ea120db56c603008437192136e9378e1c90cc138f3acfff123aaccd9d67194a4b630f4e3735760816e20e6cfb4c69ebd3230a7a4c4075b8095e7108a7bc031a2d426df914832966e131e0ab77ed3fc3ea0b7725edcc369e201e1efee55806d0dd8124b28a607f1ae8d1d137d489de38a652f5e36fa4cb87505f3591d984a7c849c08e88748b067f1a15f4ad1c9147256cd04421c18047ad9be63f17a8c051b83fca05a1d40504b92d8cdff7b97801d4672c1f24362709f14342c17df764bc856e96271fe9a0881d34b527d377b693c5cdfff7bce7db7ac78c6db802bf8a4b764878cb79a4ab625512374496a7c87cd7640de1214acc5aa989f57b52e4ad3660140add3e07c26e2616cdf1323b71398917938d"}, 0x48af0b71, &(0x7f0000001500)="a69168cebfe279bac80935b0adf512006f8085f2f58d2d2d21a233b20b79989d4680d8548cbf5cf8a8cf03392c4b72d7f75204e44d4f7b43f727c19c568e4226c69a16e91df4573c4d365efa8380d2e2cfb92f45e09d263c3bf7cd32033c26d3ff7a533e907fe23267f7f3efc3c9a9ec", 0x48, 0x3ac}, 0x24}, 0x1, 0x3, &(0x7f00000015c0)={0x7, 0x2}) openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/config/nullb/features\x00', 0x48400, 0x0) r1 = openat$auto_dev_fops_plock(0xffffffffffffff9c, &(0x7f0000000000), 0x60000, 0x0) read$auto_dev_fops_plock(r1, &(0x7f00000001c0)=""/132, 0x84) socket(0x2, 0x3, 0xa) r2 = socket(0x2, 0x5, 0x0) pread64$auto(0xffffffffffffffff, 0x0, 0x10, 0xfffefffffffff72f) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r3 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000240), r2) sendmsg$auto_ETHTOOL_MSG_MODULE_EEPROM_GET(r0, &(0x7f0000000380)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000300)={&(0x7f0000000280)={0x64, r3, 0x300, 0x70bd25, 0x25dfdbfc, {}, [@ETHTOOL_A_MODULE_EEPROM_HEADER={0x2c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ipvlan0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bond_slave_0\x00'}]}, @ETHTOOL_A_MODULE_EEPROM_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x4}]}, @ETHTOOL_A_MODULE_EEPROM_I2C_ADDRESS={0x5, 0x6, 0xe}, @ETHTOOL_A_MODULE_EEPROM_PAGE={0x5, 0x4, 0xff}, @ETHTOOL_A_MODULE_EEPROM_BANK={0x5, 0x5, 0x4e}]}, 0x64}, 0x1, 0x0, 0x0, 0x85}, 0x48040) r4 = fanotify_init$auto(0x1f53, 0x2000000000002) open(&(0x7f00000000c0)='./cgroup\x00', 0x80400, 0xb5d1af1605322dd2) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/vivid.0/video4linux/vbi17/dev\x00', 0x208183, 0x0) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/driver/nvram\x00', 0xa502, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$auto_smc_gen_netlink(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$auto_SMC_NETLINK_ENABLE_SEID(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r6, 0x1, 0x70bd29, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x4805}, 0x2000c000) socket(0x2a, 0x2, 0x0) r7 = socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x155) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000340)='/dev/video14\x00', 0x20003, 0x0) read$auto_proc_mem_operations_base(r4, &(0x7f0000000100)=""/217, 0xd9) ioctl$auto(0x3, 0xc0585609, r7) 3.415539987s ago: executing program 1 (id=1899): mmap$auto(0x0, 0x202000a, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = io_uring_setup$auto(0x59, &(0x7f0000000000)={0x3, 0x1000, 0x6, 0x1, 0xffffffff, 0xa, 0xffffffffffffffff, [], {0x8, 0x1, 0x4, 0x8998d5c, 0x8000100, 0x7fff, 0x8000105, 0x1000006, 0xffffffffffffffff}, {0xbfc7, 0x1, 0x52, 0x8, 0x47302, 0x3d, 0x8, 0x7, 0x8001}}) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000640)='/dev/snd/controlC2\x00', 0x20000, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_READ(r1, 0xc4c85512, &(0x7f0000000100)={{@raw=0xb, 0x3, 0xcf, 0x8, "16a0d89bf208384515b5375a677609aa1bc737276563c3d5a2fca999d5797ab7a10a4d2bc341c4bd369ae535", @raw=0x4}, 0x1, @integer=@value=[0x6d, 0x7, 0x0, 0xbb, 0x2, 0x80000000, 0x1, 0x7ff, 0x1, 0x200, 0xc2, 0x9, 0xa10c, 0x4, 0x3, 0x6, 0x1, 0x3, 0x8, 0x401, 0x2, 0x0, 0xa0, 0x5, 0x2, 0x3, 0x5, 0xa, 0x8, 0x1, 0x8, 0x7f, 0xffffffffffffdb75, 0x100000000, 0x3, 0x7, 0x7fffffffffffffff, 0x1, 0xd, 0x1, 0x1000000071, 0x0, 0x4000000008, 0x2, 0x3, 0x8, 0x2d7, 0x0, 0x5, 0x6, 0x2, 0x800000001, 0x6, 0x7, 0x0, 0x6, 0x4, 0x3, 0x8, 0xd, 0x3fd, 0x8, 0x7, 0xffff, 0x50ce0883, 0xbd9, 0x5, 0x2, 0xd8f, 0x80000000, 0x0, 0x1, 0x46e, 0xa5cf, 0x8, 0x3f2, 0xc16b, 0x6, 0x9, 0x6, 0x8000002, 0x8, 0x1, 0x3, 0x200002, 0x5, 0x6, 0xffffffffffff0001, 0x7, 0x4, 0x8, 0x4, 0x100000000002, 0x2000000003, 0xfffffffffffffffe, 0x20007cf9, 0x3f, 0x2, 0x80000000, 0x100, 0x14b, 0x2, 0x45f7, 0x0, 0x0, 0x0, 0xfe, 0x8001, 0x3, 0x1, 0x7, 0x9, 0x101, 0x3, 0x100000000000277, 0x4, 0x7, 0x6, 0x25e2, 0xc9a, 0xd09, 0x4, 0x2, 0x3, 0x7, 0xd, 0xfffffffffffffff8, 0x40], "f3fadb90a56b67d92a5b28b4b23f332550b1e5454e2027fb1a37efe81bbc27deaf7c3100aab088cdb3b40dad335c9174f18934845ac3152fef1e0f42b42471efc0225a4ebe7e05ce3d4ab429805d7221633ffbce8f1a82ff9dec6c288f431cb7005b85ca8633c55d49bbdf4bd9cac1046064001bca7ba37e4b5eacf1940c9a78"}) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/power/pm_async\x00', 0x183941, 0x0) openat$auto_vcs_fops_vc_screen(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcs\x00', 0x2a801, 0x0) (async) r2 = openat$auto_vcs_fops_vc_screen(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcs\x00', 0x2a801, 0x0) pwrite64$auto(r2, 0x0, 0x7b05, 0x1800) (async) pwrite64$auto(r2, 0x0, 0x7b05, 0x1800) socket(0x2, 0x1, 0x0) (async) socket(0x2, 0x1, 0x0) shutdown$auto(0x200000003, 0x2) (async) shutdown$auto(0x200000003, 0x2) select$auto(0xe, 0x0, 0x0, &(0x7f0000000200)={[0x8, 0xffffffffffffff49, 0x5, 0x5, 0x800000000004, 0x1, 0x5, 0x19, 0x10, 0x5, 0x3, 0x4000000000008, 0xfffffffffffffffd, 0xab, 0x0, 0x9]}, &(0x7f0000000040)={0x0, 0x7}) mmap$auto(0x0, 0x8000, 0xdf, 0xeb1, 0x401, 0x8000) (async) mmap$auto(0x0, 0x8000, 0xdf, 0xeb1, 0x401, 0x8000) select$auto(0x4, 0x0, &(0x7f0000000080)={[0x209c, 0x80000e9e, 0x5, 0x8001, 0xfffffffffffffffb, 0x100000004, 0x2c2, 0x800002017d, 0x4, 0xdfdfffff, 0xd, 0xd59, 0xfb, 0xff, 0x6, 0x100000005]}, 0x0, 0x0) (async) select$auto(0x4, 0x0, &(0x7f0000000080)={[0x209c, 0x80000e9e, 0x5, 0x8001, 0xfffffffffffffffb, 0x100000004, 0x2c2, 0x800002017d, 0x4, 0xdfdfffff, 0xd, 0xd59, 0xfb, 0xff, 0x6, 0x100000005]}, 0x0, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_smc_gen_netlink(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_SMC_NETLINK_DISABLE_SEID(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB="14000000", @ANYRES16=r4, @ANYBLOB="013b"], 0x14}, 0x1, 0x0, 0x0, 0x880}, 0x810) mknod$auto(&(0x7f0000000180)=':,\x00', 0xcb, 0xfffffffa) (async) mknod$auto(&(0x7f0000000180)=':,\x00', 0xcb, 0xfffffffa) execve$auto(&(0x7f0000000000)=':,\x00', 0x0, 0x0) (async) execve$auto(&(0x7f0000000000)=':,\x00', 0x0, 0x0) symlinkat$auto(&(0x7f0000000000)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00') shmctl$auto(0x0, 0xd, 0x0) read$auto_proc_sessionid_operations_base(r0, &(0x7f0000000680)=""/240, 0xf0) sendmmsg$auto(r3, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080), 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x4008) write$auto(0x3, 0x0, 0x100082) 3.364310878s ago: executing program 3 (id=1900): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2b, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @remote}, 0x6a) sendmmsg$auto(r0, &(0x7f0000000000)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xfffffffd}, 0xffff}, 0x5, 0x20000043) recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd) socket(0x2, 0x3, 0xa) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/ram5/queue/discard_granularity\x00', 0x0, 0x0) r1 = openat$auto_stat_fops_per_vm_kvm_main(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/kvm/exits\x00', 0x0, 0x0) write$auto_stat_fops_per_vm_kvm_main(r1, &(0x7f0000000180)="c51c5aa15677e82f67c2f78559d6d2dede1a8158b503b978be7ebb7ec3f8c5ce7042b0073f8ced6ab824938d610ff23874b631f5fa176430a922858bd8b1ab1f99ec2022c33fcf5cc4c98469bcaf7347e6973e566c8e7d9a48f186723b6bef8364cac6eac4a8c01917449e15bb0332bdf829e95e", 0x74) socket$nl_generic(0x10, 0x3, 0x10) ioctl$auto_TIOCSETD2(0xffffffffffffffff, 0x5423, 0x0) fcntl$auto(0x3, 0x4, 0xa553) r2 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/event0\x00', 0x2000, 0x0) ioctl$auto_EVIOCSCLOCKID(r2, 0x400445a0, 0x0) write$auto(0x3, 0x0, 0x7fffffff) select$auto(0x4, 0x0, 0x0, &(0x7f0000000100)={[0x1ff, 0x7, 0x2, 0x1, 0x948b, 0x1000000000000004, 0x15f4da0a, 0x39, 0x3, 0x2fffffffffffffe, 0x80000002, 0x7a142c64, 0x6d3c, 0x5, 0x80, 0xfb]}, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x20000, 0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, 0x0, 0x20342, 0x0) shutdown$auto(0x200000003, 0x2) bpf$auto(0x0, 0x0, 0x6f3) socket(0xa, 0xa, 0x84) 3.154262776s ago: executing program 1 (id=1901): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) openat$auto_ftrace_system_enable_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/tracing/events/vmalloc/enable\x00', 0x181000, 0x0) r0 = io_uring_setup$auto(0x3, 0x0) close_range$auto(0x2, r0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket(0x2, 0x5, 0x0) getcwd$auto(0x0, 0xffffffffffffffff) setsockopt$auto(0x3, 0x10000000084, 0x2, 0x0, 0x8) write$auto_tomoyo_operations_securityfs_if(0xffffffffffffffff, &(0x7f0000000180)="0a1b9a5c4000006e163bb154d7886d8edeea371cadb848770dc8f745d1c76eedba12b9f694dabdbcf3401910000000000060000023b5d40a", 0x38) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) sendmmsg$auto(r2, &(0x7f0000000140)={{&(0x7f0000000040), 0x10, &(0x7f00000000c0)={0x0, 0x1fff8}, 0x7, 0x0, 0x2, 0xb}, 0xfff}, 0x5, 0x311) socket(0x848000000015, 0x5, 0x0) bind$auto(r1, 0x0, 0x0) socket(0xa, 0x1, 0x84) write$auto(0xffffffffffffffff, 0x0, 0xfffffdf1) open(&(0x7f0000000040)='&&\x00', 0x40202, 0x79) mmap$auto(0x0, 0x2020009, 0x3, 0x9000000eb1, 0xfffffffffffffffa, 0x8000) socket(0xa, 0x1, 0x84) r3 = eventfd$auto(0x80) readv$auto(r3, &(0x7f0000000380)={0x0, 0x8}, 0x8) read$auto(r3, 0x0, 0xcc9c) write$auto(r3, &(0x7f0000000400)='\'\x00', 0x8) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) sendto$auto(0x3, 0x0, 0x2000f, 0x101, &(0x7f0000000000)=@in={0x2, 0x4e22, @loopback}, 0x1c) shutdown$auto(0x200000003, 0x2) ioctl$auto(r3, 0x8, r2) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/fs/ext4/sda1/journal_task\x00', 0x100, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) 3.120209576s ago: executing program 0 (id=1902): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) close_range$auto(0x2, 0x8, 0x0) openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f0000000340), 0x189400, 0x0) pwrite64$auto(r0, 0x0, 0x4e, 0x3) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/cgroup.threads\x00', 0x80302, 0x0) preadv$auto(0x3, 0x0, 0x3, 0xf8, 0xffffffffffffffff) mmap$auto(0x0, 0x7069, 0x8, 0x19, 0x401, 0x8ffd) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x100007) madvise$auto(0x0, 0x200007, 0x19) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r2) r3 = socket(0x11, 0x2, 0x6) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/nbd7/queue/max_discard_segments\x00', 0x1c1000, 0x0) capset$auto(0x0, &(0x7f0000000000)={0xa82, 0x3a, 0x4001}) sendmmsg$auto(r3, &(0x7f00000001c0)={{&(0x7f0000000000), 0x1aa, &(0x7f0000000100)={&(0x7f00000003c0), 0x49}, 0x5, &(0x7f0000000180), 0x5, 0x1000}, 0x5}, 0x2, 0x100) ioctl$auto_KVM_CREATE_VM(r1, 0xae80, 0x0) close_range$auto(0x2, r1, 0x104) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0xfffffeff, 0x2, 0x6, 0x7, 0x8, 0xffffffffffffffff, [], {0x6, 0x6, 0xf, 0x29f, 0x5, 0x83, 0x4, 0x17f, 0x2}, {0xff, 0x1, 0x52, 0x5, 0x1, 0x40, 0x4, 0x8, 0x100000004}}) 3.105947589s ago: executing program 2 (id=1903): mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0xffffffffffffffff, 0x8000) r0 = socket(0x2, 0x2, 0x0) bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a) recvfrom$auto(r0, &(0x7f0000000000)="8da863ce99a677246cb5feafca7ae2263dee315442b47da959d460ac27c328c409dd4235de0723d77ab4dc27f4a0cb01c77a423fa73c944ea5f41456f29e3b7ba032bdc59a", 0x8, 0xfffffffa, &(0x7f00000000c0)=@in={0x2, 0x4e23, @broadcast}, &(0x7f0000000140)) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x50) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x700, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/dummy_hcd.3/usb4/4-0:1.0/authorized\x00', 0x2142, 0x0) sendfile$auto(r1, r1, 0x0, 0x1000200) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000180)='/dev/sequencer2\x00', 0x8ed40, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x7, 0x9, 0x2, 0x3, 0x5, 0x4, 0x15f4da0e, 0x6, 0x10000000009, 0x100000000000000c, 0x9, 0x8, 0x800000000000200, 0x9, 0x2, 0x40000000000011]}, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) bind$auto(r0, &(0x7f0000000240)=@sco, 0xfffffffb) mmap$auto(0x0, 0x40009, 0x36, 0x9b72, 0x7, 0x28000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x6, 0x0) 2.394838207s ago: executing program 3 (id=1904): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) unshare$auto(0x40000080) close_range$auto(0x2, 0x8, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0xfffffffe, 0x103, 0x10000007, 0x1f, 0x86, 0x1ffde, 0xb099, 0x3, 0x9, 0x6, 0x3, 0x884, 0x1, 0xb7, 0x9, 0x8, 0xc, 0xb2, 0x4, 0x0, 0xb, 0x2004, 0x20000200, 0x300000, 0x83, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0xc0, 0x0, 0x7, 0x0, 0xb, 0x8, 0x2, 0x0, 0x2, 0x0, 0xad7, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}, 0x1fe, 0xd) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0xf7374674b920089e) openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x0, 0x0) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB='r'], 0x1ac}}, 0x4004) mmap$auto(0xfff, 0xff, 0x1ff, 0x872, 0xffffffffffffffff, 0x3) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x6, &(0x7f00000002c0)={0x0, 0xc6}, 0x1, 0x0, 0x2, 0x9}, 0x7}, 0x3, 0x0) 2.181504208s ago: executing program 2 (id=1905): r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x108a02, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000240)='./cgroup/pids.peak\x00', 0x3250c2, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000e3d9) mmap$auto(0x0, 0x9644, 0xdf, 0x9b72, 0x2, 0x2d4a29c0) pivot_root$auto(0x0, 0x0) kexec_load$auto(0x9, 0x0, 0x0, 0x1003e0000) mmap$auto(0x0, 0x2020009, 0x3, 0xf8, r0, 0x8000) madvise$auto(0xffffffffffffffff, 0x2000040080000005, 0xe) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) mmap$auto(0x7e, 0x82020009, 0x3, 0xeb1, 0xffffffffffffffff, 0xfff) connect$auto(r1, 0x0, 0x90) unshare$auto(0x40000080) r2 = openat$auto_kmsg_fops_printk(0xffffffffffffff9c, &(0x7f0000000100), 0x80840, 0x0) lseek$auto(r2, 0x5, 0x5) readv$auto(r2, &(0x7f0000000a80)={0x0, 0x5b53}, 0x440) getsockopt$auto(0xffffffffffffffff, 0x1, 0x3, &(0x7f0000000040)='/dev/cec27\x00', 0x0) madvise$auto(0x0, 0xffffffffffff0001, 0x15) r3 = openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000000), 0x180b01, 0x0) madvise$auto(0x8000000000000000, 0x1, 0x80) msgctl$auto_MSG_STAT_ANY(0x3, 0xd, &(0x7f00000003c0)={{0x7fff, 0x0, 0x0, 0x2, 0xa8, 0x200, 0xfffe}, 0x0, &(0x7f0000000380)=0x7, 0x0, 0x1, 0x3, 0x0, 0x1, 0x5, 0x2, 0x6, @inferred, @raw=0x9}) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x3, 0x4) madvise$auto(0x0, 0xffffffffffff0001, 0x15) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x8000009, 0x800007, 0x17, 0x401, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) bpf$auto(0x0, &(0x7f0000000280)=@bpf_attr_1={r3, 0x20000003, @value=0x6, 0x371b}, 0x3) bpf$auto(0xc, &(0x7f00000001c0)=@raw_tracepoint={0x805, r0, 0x0, 0x7}, 0xc) 2.119409486s ago: executing program 3 (id=1906): r0 = open(&(0x7f0000000000)='./file0\x00', 0x10000, 0x130) r1 = timerfd_create$auto(0x9, 0x0) fallocate$auto(0x8000000000000003, 0x0, 0x9, 0x4cbd5d) fallocate$auto(r0, 0x1, 0x820, 0x7fff) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x14fa02, 0x0) mmap$auto(0x0, 0x2020009, 0x8000000000000003, 0x40000000000eb1, 0xffffffffffffffff, 0x8000) ioctl$auto(0x4000000000000c8, 0x800454cf, r0) r2 = socket(0x18, 0x2, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_L2TP_CMD_TUNNEL_MODIFY(r3, &(0x7f00000002c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000340)={&(0x7f00000003c0)=ANY=[@ANYRESHEX=r0, @ANYRES16=0x0, @ANYBLOB="00012dbd7000ffdbdf25030000000500040005000000"], 0x1c}, 0x1, 0x0, 0x0, 0x40c4800}, 0x40000) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'veth0\x00'}) close_range$auto(0x0, 0xffffffffffffffff, 0x2) socket(0xa, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x801, 0x84) r4 = socket(0x18, 0x5, 0x1) connect$auto(r4, &(0x7f0000000000)=@in={0x2, 0x100}, 0x3a) ioctl$sock_SIOCGIFINDEX(r2, 0x80487436, 0x0) ioctl$auto_SNDCTL_DSP_SPEED(r1, 0xc0045002, &(0x7f0000000180)="fc5ea5f1401a03cd7d362456adda0cf384c0e2d7bd3d31e409957ab6bd240c4af9373f9691253b947acf08619bf87d27ebc9b1fff0ce71c342980e157ce4c431437e") mmap$auto(0x0, 0xb9f, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) bpf$auto(0x5, &(0x7f0000000200)=@info={0xffffffffffffffff, 0x9, 0x8}, 0x1) unshare$auto(0x40000080) openat$auto_snd_pcm_f_ops_pcm1(0xffffffffffffff9c, 0x0, 0x0, 0x0) r5 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r5, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) sendfile$auto(0x3, 0x3, 0x0, 0x400000000006) preadv2$auto(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x80000000}, 0x6, 0xffffffffffffffff, 0x4, 0x2e) 2.088982924s ago: executing program 0 (id=1907): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0x3, 0x3000, 0x8000006, 0x4, 0x80000000, 0xffffffffffffffff, [], {0x6, 0x10008, 0x8c48, 0x29d, 0x100, 0x77fffffb, 0x101, 0xb0d, 0x7}, {0x0, 0x1, 0xfffffffe, 0x5, 0x2, 0x40, 0x76c4, 0xb, 0x100000000}}) r0 = epoll_create$auto(0x3e) mmap$auto(0x100000000, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) prctl$auto(0x41, 0x3, 0x0, 0x0, 0x0) prctl$auto(0x41, 0x0, 0x0, 0x0, 0x0) close_range$auto(0x2, 0x8000, 0x0) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(0x2, 0x19, &(0x7f0000000000), 0x0) epoll_ctl$auto(r0, 0x1, 0x8000000000000000, 0x0) ioctl$auto_USB_RAW_IOCTL_CONFIGURE(r0, 0x5509, 0x0) 1.85448584s ago: executing program 0 (id=1908): mmap$auto(0x0, 0xfffffffffffffff8, 0xdb, 0xeb1, 0x401, 0x7ffd) r0 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000001080)='/dev/v4l-touch5\x00', 0x103040, 0x0) read$auto_v4l2_fops_v4l2_dev(r0, &(0x7f00000010c0)=""/22, 0x16) openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x80080, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x8, 0x8000) mmap$auto(0x0, 0x2020005, 0x4, 0x400eb1, 0xfffffffffffffffa, 0x8000) chmod$auto(0x0, 0xf4ba) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x400c000) bpf$auto(0x1, &(0x7f0000000000)=@batch={0xfffffffffffffffb, 0x44, 0x4, 0x9, 0x100, 0xffffffffffffffff, 0x2, 0x8}, 0x100000ce) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r1 = socket(0x29, 0x2, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200"], 0x1ac}}, 0x40000) rseq$auto(0x0, 0x8000, 0x0, 0x6) r3 = openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000080), 0x40, 0x0) ioctl$auto_TUNGETIFF(r3, 0x800454d2, 0x0) ioctl$auto(r1, 0x89f1, 0x24) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) r4 = socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) unshare$auto(0x40000080) setsockopt$auto(0x3, 0x10000000084, 0x7c, 0x0, 0x8) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) socket(0x10, 0x2, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x3ff, 0x2, 0x7, 0x48, 0x7ff, 0x5, 0x7, 0x4, 0x6, 0x8, 0x3, 0x5, 0x4, 0xb4, 0xa, 0x6, 0x10001, 0x80, 0x1, 0x7, 0x7, 0x8, 0x200, 0xfffffffd, 0x84, 0x0, 0x6, 0x2, 0x0, 0x0, [0x0, 0x1ff, 0x1, 0x0, 0x5, 0x0, 0x0, 0x0, 0x3, 0x82, 0x8003, 0x4000000, 0xd1e4, 0x8000000000, 0x1, 0x10000000000000, 0x0, 0x0, 0x0, 0x20000000000, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0xec4e, 0x0, 0x8000000000000001, 0xffffffffffffffff, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x9a]}, 0x1fe, 0xd) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="10002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) 1.730529502s ago: executing program 1 (id=1909): socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/system/cpu/online\x00', 0x800, 0x0) socket(0x1d, 0x3, 0x2) mmap$auto(0x0, 0x6f7, 0x4000000000000df, 0x400000000eb1, 0x40000000000a5, 0x6) r0 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/partitions\x00', 0x43102, 0x0) read$auto_proc_iter_file_ops_compat_inode(r0, &(0x7f0000000180)=""/190, 0xbe) pipe$auto(0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x206201, 0x1a9) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0xc7f16bff2a10ba01, 0x0) setsockopt$auto_SO_PREFER_BUSY_POLL(r1, 0xfffffff7, 0x45, &(0x7f0000000000)='\x9d&!}\x00', 0x7ff) write$auto(0x3, 0x0, 0xfffffdef) r2 = socket(0x10, 0x2, 0x0) sendmsg$auto_OVS_FLOW_CMD_DEL(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x18, 0x0, 0x1, 0x70bd2d, 0x25dfdbfd, {}, [@OVS_FLOW_ATTR_KEY={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x40}, 0x800) sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, &(0x7f00000011c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)={0x14, 0x0, 0x1, 0x4070bd25, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x30000881}, 0xc040804) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB='R'], 0x1ac}}, 0x40000) sendmmsg$auto(r2, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x4008) r3 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) ioctl$auto_TCFLSH2(r3, 0x5408, 0x0) 1.547294345s ago: executing program 1 (id=1910): socket(0xa, 0x3, 0x3a) ioctl$auto_BTRFS_IOC_SUBVOL_CREATE(0xffffffffffffffff, 0x5000940e, 0x0) io_uring_setup$auto(0x80, 0x0) setsockopt$auto(0xffffffffffffffff, 0x107, 0xe, 0x0, 0x4) setsockopt$auto(0x400000000000003, 0x29, 0xc8, 0x0, 0x567) r0 = socket$nl_generic(0x10, 0x3, 0x10) listmount$auto(&(0x7f0000000080)={0x100, @raw, 0x80000002, 0xfffffffffffffff3, 0xffffffffffffffb6}, 0x0, 0xf4240, 0x1) r1 = syz_genetlink_get_family_id$auto_ipvs(&(0x7f00000009c0), 0xffffffffffffffff) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0xb, 0x0) socket(0x2, 0x5, 0x0) setsockopt$auto(0x3, 0x10000000084, 0x1f, 0x0, 0xd) socket(0x10, 0x3, 0x0) sendmsg$auto_IPVS_CMD_SET_SERVICE(r0, &(0x7f0000002ac0)={0x0, 0x0, &(0x7f0000002a80)={&(0x7f00000001c0)=ANY=[@ANYBLOB, @ANYRES16=r1, @ANYBLOB="010028bd7000fcdbdf250200000004000180"], 0x18}, 0x1, 0x0, 0x0, 0x4050}, 0x4000000) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/scsi/scsi\x00', 0x80002, 0x0) r2 = openat$auto_ctl_device_fops_user(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$auto_FIONREAD(r2, 0x541b, 0x3859) preadv$auto(0x3, &(0x7f0000000040)={0x0, 0xffffffffffffffff}, 0x3, 0xf8, 0x10) unshare$auto(0x40000080) close_range$auto(0x2, 0x8, 0x0) 1.219982583s ago: executing program 2 (id=1911): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) write$auto(0x1, 0x0, 0x80000000) write$auto_seq_oss_f_ops_seq_oss(0xffffffffffffffff, &(0x7f0000000c80)="5f74ab2fc43781e047140a5cbc3ac5229b90633d9cddda9efb1f2c3d5d1e63f3fb5acf079b9336319d009cb514679a42eaca52b81c166d19625d173c26ece6542f2fb29712f4fb9072fc432b4cf3e6f5a7f3c9f91ee88ba5fa11d48fd3658e8f44f8423b4cd02bbec912ed34f9f4b19b03d4c62b24ede44c0c76c34edf7bde061903c2ee4c64110ac668239fa53ba4291bae74c3d173663248ff0945dd2e405e0d378b5a8e4643a7bc3b35a7248431450ca8901467ea6dc5d86de1e90f869f6a04ac10043676f3b2c7f1339b2d7468133fb8447d17846b6b78079ecc31d7d0f74caa4a3db1ac4d312bfdb34bd331f1f771a2396108561a52153d63a7b2a3a077a7e4c1a22bcb23e1f3e511fee310baa67904d2aad4d6671e8b77c772", 0x11c) unshare$auto(0x40000080) mmap$auto(0x1002, 0x9, 0x4, 0x200000eb0, 0x401, 0x701cf82a) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/mm/transparent_hugepage/hugepages-2048kB/enabled\x00', 0x22b42, 0x0) r1 = eventfd$auto(0x34b) read$auto_ptdump_fops_(r1, &(0x7f00000000c0)=""/32, 0x20) sendfile$auto(r0, r0, 0x0, 0x6) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0x10000010, 0x0, 0x0, &(0x7f00000001c0)={[0x1ff, 0x0, 0x7, 0xfff, 0x948b, 0x9, 0x15f4da0a, 0x3, 0x400, 0x62, 0x80000000, 0x4, 0x6d41, 0x8001, 0xa, 0xfffffffffffffdf7]}, 0x0) write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) sendmsg$auto_HWSIM_CMD_NEW_RADIO(0xffffffffffffffff, &(0x7f0000001e00)={0x0, 0x0, &(0x7f0000001dc0)={&(0x7f0000001e40)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="010027bd7000fbdbdf2504000000080017000800000004001e"], 0x20}, 0x1, 0x0, 0x0, 0x220000c1}, 0xc0) mmap$auto(0x0, 0x1, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) setpriority$auto(0x2, 0x0, 0x80000) sendmmsg$auto(0x4, 0x0, 0x400, 0x7) close_range$auto(0x2, 0x8, 0x0) 1.159397315s ago: executing program 0 (id=1912): bind$auto(0x3, 0x0, 0x6a) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x89b0, &(0x7f0000000080)={'bond0\x00'}) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup.net/blkio.bfq.sectors\x00', 0x182, 0x0) socket$nl_generic(0x10, 0x3, 0x10) (async) socket$nl_generic(0x10, 0x3, 0x10) write$auto_debugfs_full_proxy_file_operations_internal(0xffffffffffffffff, 0x0, 0x20) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) (async) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) (async) socket(0x2, 0x80002, 0x73) r0 = io_uring_setup$auto(0x406, 0x0) mmap$auto(0x0, 0x9, 0xffb, 0x8000000008011, 0x3, 0x0) getrandom$auto(0x0, 0x6000000, 0x3) io_uring_enter$auto(0x3, 0xa84, 0x80000001, 0xa, 0x0, 0x46) io_uring_enter$auto(r0, 0x7, 0x7ffffffb, 0x3, 0x0, 0x3) move_pages$auto(0x0, 0x477, 0x0, 0x0, 0x0, 0x0) (async) move_pages$auto(0x0, 0x477, 0x0, 0x0, 0x0, 0x0) io_uring_enter$auto(0x3, 0x5, 0x5f3, 0x3, 0x0, 0x1) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x101002, 0x0) (async) r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x101002, 0x0) write$auto(r1, 0x0, 0x1eb0800) (async) write$auto(r1, 0x0, 0x1eb0800) mmap$auto(0x0, 0xe97f, 0xdf, 0xeb1, 0x401, 0x200000f) (async) mmap$auto(0x0, 0xe97f, 0xdf, 0xeb1, 0x401, 0x200000f) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0xa) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x2000009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) setrlimit$auto(0x2, 0x0) (async) setrlimit$auto(0x2, 0x0) mprotect$auto(0x200000000000, 0x8000, 0x6) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) (async) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) madvise$auto(0x0, 0xffffffffffff0001, 0x15) prctl$auto(0x1000000003b, 0x200, 0x4, 0x5, 0x7) (async) prctl$auto(0x1000000003b, 0x200, 0x4, 0x5, 0x7) unshare$auto(0x40000080) r2 = pidfd_open$auto(0x1, 0x0) setns(r2, 0x60020000) 1.120524259s ago: executing program 3 (id=1913): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = getpid() r1 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, 0x0, 0x189002, 0x0) capset$auto(0x0, 0x0) ioctl$auto_PPPIOCSPASS(r1, 0x40107447, &(0x7f00000002c0)={0x9, &(0x7f0000000000)={0x50, 0xf2, 0xb0, @raw=0x2}}) write$auto(0x3, 0x0, 0xfdef) process_vm_readv$auto(r0, 0x0, 0x40000000001, 0x0, 0x4, 0x0) ioctl$auto_BLKFLSBUF(0xffffffffffffffff, 0x1261, 0x0) socket(0x28, 0x5, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto_SECCOMP_MODE_FILTER(0xfffffff9, 0x2, r0, 0x3, 0x30e) set_mempolicy$auto(0x2005, &(0x7f0000000080)=0x87e, 0x4) move_pages$auto(0x0, 0x1002, 0x0, &(0x7f0000001140), 0x0, 0x2) write$auto(0xffffffffffffffff, 0x0, 0x81) madvise$auto(0x0, 0xffffffffffff0001, 0x15) setsockopt$auto(0x400000000000003, 0x28, 0x6, 0x0, 0x56d) 547.096805ms ago: executing program 3 (id=1914): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) unshare$auto(0x40000080) close_range$auto(0x2, 0x8, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0xfffffffe, 0x103, 0x10000007, 0x1f, 0x86, 0x1ffde, 0xb099, 0x3, 0x9, 0x6, 0x3, 0x884, 0x1, 0xb7, 0x9, 0x8, 0xc, 0xb2, 0x4, 0x0, 0xb, 0x2004, 0x20000200, 0x300000, 0x83, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0xc0, 0x0, 0x7, 0x0, 0xb, 0x8, 0x2, 0x0, 0x2, 0x0, 0xad7, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}, 0x1fe, 0xd) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0xf7374674b920089e) openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x0, 0x0) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB='r'], 0x1ac}}, 0x4004) mmap$auto(0xfff, 0xff, 0x1ff, 0x872, 0xffffffffffffffff, 0x3) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x6, &(0x7f00000002c0)={0x0, 0xc6}, 0x1, 0x0, 0x2, 0x9}, 0x7}, 0x3, 0x0) 398.122802ms ago: executing program 0 (id=1915): openat$auto_dvb_dvr_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000040), 0xb0081, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0xa, 0x0) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) close_range$auto(0x2, 0xa, 0x0) open(0x0, 0xa240, 0x15e) open(0x0, 0x161342, 0x100) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) unshare$auto(0x40000080) mmap$auto(0x4ab8f800, 0xa0009, 0x4000000000db, 0x11, 0xffffffffffffffff, 0x18002) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(0xffffffffffffffff, 0x0, 0xfff) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) r1 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYBLOB='&\x00', @ANYBLOB="5de1"], 0x1ac}, 0x1, 0x0, 0x0, 0x8000}, 0x40000) read$auto(r1, &(0x7f0000002300)='MAC802154_HWSIM\x00', 0xfdef) close_range$auto(0x2, 0x8, 0x6) fsconfig$auto_SHMEM_HUGE_FORCE(r0, 0x0, &(0x7f0000000100)='/sys/kernel/config/target/core/alua/lu_gps/default_lu_gp/lu_gp_id\x00', &(0x7f00000001c0)="0611488d42a94124dcc295b55630dbeb534977d84f60d0c942edd4f74262deac4c", 0xfffffffffffffffe) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event1\x00', 0x34d802, 0x0) r2 = openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000bc0)='/dev/binderfs/binder1\x00', 0x204084, 0x0) ioctl$auto_BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) select$auto(0x1, 0x0, 0x0, 0x0, 0x0) r3 = openat$auto_state_fops_(0xffffffffffffff9c, &(0x7f0000000040), 0x1e9482, 0x0) read$auto_state_fops_(r3, &(0x7f0000000180)=""/61, 0xfffffeeb) syz_genetlink_get_family_id$auto_ovs_flow(0x0, 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x4, 0x4000000000df, 0x18, 0x401, 0x300000000000) openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/config/target/core/alua/lu_gps/default_lu_gp/lu_gp_id\x00', 0x189002, 0x0) 247.114161ms ago: executing program 2 (id=1916): socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$nl_generic(0x10, 0x3, 0x10) socket(0x21, 0x2, 0xa) sendmsg$auto_NBD_CMD_CONNECT(r0, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40080}, 0x20040000) sendmmsg$auto(0x6, &(0x7f0000000400)={{0x0, 0x3, &(0x7f00000002c0)={0x0, 0x8}, 0x1, &(0x7f0000000300), 0x10, 0x8000000}, 0xed7138c}, 0x6, 0x0) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000100)='/dev/snd/midiC2D0\x00', 0x80102, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) read$auto_ep0_operations_inode(r2, &(0x7f0000000280)=""/96, 0x60) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r3 = openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/usbmon0\x00', 0x0, 0x0) ioctl$auto_MON_IOCX_MFETCH(r3, 0xc0109207, 0x0) ioctl$auto_MON_IOCX_MFETCH(r3, 0xc0109207, &(0x7f0000000100)={0x0, 0x2000004, 0x7}) pread64$auto(r3, 0x0, 0x7ff, 0xd) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/037/001\x00', 0x20882, 0x0) close_range$auto(0x2, 0x8, 0x0) write$auto(r1, &(0x7f0000000080)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) r4 = socket(0x2, 0x2, 0x88) ioctl$auto__dev_ioctl_fops_dev_ioctl(0xffffffffffffffff, 0x19300, 0x0) r5 = syz_clone(0xa00000, &(0x7f0000000540)="0134ef90c39ddd41ffff72dcbe5381db31812248a9375efba600ad10f75b89b18919e6ca1f2b775adcf79567ea296469321b283c8bc29f04ce4ff00c923675f1fa97e61fbe5caef49a6ebf77a49b3b56bbc8c5b8e031da04d77ecb9c457e3f64908584d1c13980ea4df1b1a92fb0aee2b4b7ae94cc43d497c9ffe49c0b5367abede4936b3b1d4ca5ba9f7c65608c564e8764be6dc828c1fba19c2b3b81f1462c9a093c01bd0ae92ef5508cb78f18b18c602a13f20fefb8aa3c065d1330a04853d3277f024a70b4a8a3ce11455fa0b919576c24fd22", 0xd5, &(0x7f0000000200), &(0x7f0000000240), &(0x7f0000000640)="6dfe99d05b9fae67fa0be35d0dbaab412874c20b790fdb8727aed338c1e5ed25770d7d47504acc45cd1f5d17a003105a652702d4dddacabf591175226876f8958b41d97b1da85bf604c94cb872dd04f11322cef6c145b6b89cd6b6f354c17390fe30eb12ed4a32708eda4216b26adce916baa7661313113d6bb1bde297699da867e62798003bf1cb36036dfe382c04ac8b0bb6b702d8956723178e14f8d386bc6bd9a307b9d172c5705103bb238aa4e9def80c6d2f834e1ad3431ebd02e7527726ee6c7d843d489be9e0952d67901b446aacf1e063022a4e3fd26e10906c81df1b8d4d6bda0fd59cf92321d096") r6 = getpgid(r5) kill$auto(r6, 0x6) syz_open_procfs$namespace(0x0, &(0x7f0000000040)) preadv2$auto(0x3, &(0x7f0000001000)={0x0}, 0x5, 0xffffffffffffffff, 0x7, 0x31) r7 = syz_genetlink_get_family_id$auto_taskstats(&(0x7f00000000c0), r4) sendmsg$auto_CGROUPSTATS_CMD_GET(r4, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="02002cbd7000fddbdf250400000008000100", @ANYRES32=r1, @ANYBLOB="08000100", @ANYRES32=r1, @ANYBLOB="0d000100", @ANYRES32=r4, @ANYBLOB="08000100", @ANYRES32=r1, @ANYBLOB="08000100", @ANYRES32=r4, @ANYBLOB="08000100", @ANYRES32=r1, @ANYBLOB="08000100", @ANYRES32=r1, @ANYBLOB], 0x4c}, 0x1, 0x0, 0x0, 0x4048095}, 0x404c080) 0s ago: executing program 2 (id=1917): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) io_uring_setup$auto(0x6, 0x0) openat$auto_tracing_mark_fops_trace(0xffffffffffffff9c, 0x0, 0x341, 0x0) truncate$auto(0x0, 0x6) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x600000, 0x0) socketpair$auto(0xd2, 0x1, 0x3, &(0x7f0000000000)=0x800) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) (async) io_uring_setup$auto(0x6, 0x0) (async) openat$auto_tracing_mark_fops_trace(0xffffffffffffff9c, 0x0, 0x341, 0x0) (async) truncate$auto(0x0, 0x6) (async) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x600000, 0x0) (async) socketpair$auto(0xd2, 0x1, 0x3, &(0x7f0000000000)=0x800) (async) kernel console output (not intermixed with test programs): t [ 301.473715][ T7264] Bluetooth: hci0: command 0x0c1a tx timeout [ 301.480229][ T7712] Bluetooth: hci2: command 0x0c1a tx timeout [ 301.536850][T10197] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input13 [ 301.562685][ T7712] Bluetooth: hci3: command 0x0c1a tx timeout [ 301.892383][T10204] netlink: 330 bytes leftover after parsing attributes in process `syz.2.912'. [ 301.963616][T10197] Process accounting paused [ 303.052082][T10252] random: crng reseeded on system resumption [ 303.294609][T10260] Invalid ELF header magic: != ELF [ 303.395919][ T30] audit: type=1800 audit(4294970475.028:41): pid=10241 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.919" name="lu_gp_id" dev="configfs" ino=32295 res=0 errno=0 [ 305.788922][T10299] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input14 [ 306.062311][T10309] netlink: 28 bytes leftover after parsing attributes in process `syz.0.932'. [ 306.201864][T10310] Invalid ELF header magic: != ELF [ 306.438288][T10304] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input15 [ 306.560094][ T9358] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 306.589289][ T9358] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 306.613471][ T9358] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 306.671328][ T9358] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 306.827111][T10304] netlink: 2468 bytes leftover after parsing attributes in process `syz.1.931'. [ 310.359322][T10394] synth uevent: /module/au0828: unknown uevent action string [ 313.651825][T10456] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 313.721059][T10456] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 313.815983][T10456] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 313.856956][T10456] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 314.862551][T10489] Process accounting paused [ 315.721058][ T7712] Bluetooth: hci1: command 0x0c1a tx timeout [ 315.727105][ T7712] Bluetooth: hci0: command 0x0c1a tx timeout [ 315.883744][ T7712] Bluetooth: hci3: command 0x0c1a tx timeout [ 315.889786][ T7264] Bluetooth: hci2: command 0x0c1a tx timeout [ 318.207384][T10532] overlayfs: "check_copy_up" module option is obsolete [ 320.397549][ C1] vcan0: j1939_tp_rxtimer: 0xffff88807e842400: rx timeout, send abort [ 320.407701][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88807e842400: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 321.938673][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 321.945509][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 322.611307][T10610] ======================================================= [ 322.611307][T10610] WARNING: The mand mount option has been deprecated and [ 322.611307][T10610] and is ignored by this kernel. Remove the mand [ 322.611307][T10610] option from the mount to silence this warning. [ 322.611307][T10610] ======================================================= [ 324.233246][T10637] random: crng reseeded on system resumption [ 324.506288][T10617] Invalid ELF header magic: != ELF [ 327.251057][T10682] nbd: illegal input index -1073725440 [ 327.539388][T10685] Invalid ELF header magic: != ELF [ 328.374072][T10694] syz.1.1013 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 329.659046][T10720] random: crng reseeded on system resumption [ 330.228556][T10729] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1020'. [ 330.604366][T10724] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 330.640977][T10724] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 330.772215][T10739] Invalid ELF header magic: != ELF [ 331.968162][T10740] Process accounting resumed [ 332.128603][T10777] FAULT_INJECTION: forcing a failure. [ 332.128603][T10777] name fail_futex, interval 1, probability 0, space 0, times 0 [ 332.143610][T10777] CPU: 0 UID: 0 PID: 10777 Comm: syz.3.1033 Not tainted syzkaller #0 PREEMPT(full) [ 332.143648][T10777] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 332.143674][T10777] Call Trace: [ 332.143684][T10777] [ 332.143695][T10777] dump_stack_lvl+0x100/0x190 [ 332.143736][T10777] should_fail_ex.cold+0x5/0xa [ 332.143782][T10777] get_futex_key+0x1d2/0x1620 [ 332.143824][T10777] ? __pfx_get_futex_key+0x10/0x10 [ 332.143861][T10777] ? __lock_acquire+0x4a5/0x2630 [ 332.143907][T10777] futex_wake+0xea/0x530 [ 332.143954][T10777] ? __pfx_futex_wake+0x10/0x10 [ 332.143998][T10777] ? __fget_files+0x215/0x3d0 [ 332.144043][T10777] do_futex+0x32b/0x350 [ 332.144080][T10777] ? __pfx_do_futex+0x10/0x10 [ 332.144117][T10777] ? __sys_bind+0x1c7/0x260 [ 332.144158][T10777] __x64_sys_futex+0x34f/0x4d0 [ 332.144218][T10777] ? __pfx___x64_sys_futex+0x10/0x10 [ 332.144272][T10777] do_syscall_64+0xc9/0xf80 [ 332.144309][T10777] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 332.144337][T10777] RIP: 0033:0x7f334699aeb9 [ 332.144360][T10777] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 332.144388][T10777] RSP: 002b:00007f334793b0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 332.144413][T10777] RAX: ffffffffffffffda RBX: 00007f3346c15fa8 RCX: 00007f334699aeb9 [ 332.144431][T10777] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f3346c15fac [ 332.144448][T10777] RBP: 00007f3346c15fa0 R08: 0000000000000000 R09: 0000000000000000 [ 332.144464][T10777] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000 [ 332.144481][T10777] R13: 00007f3346c16038 R14: 00007ffe974d2e00 R15: 00007ffe974d2ee8 [ 332.144518][T10777] [ 333.821634][T10807] netlink: 330 bytes leftover after parsing attributes in process `syz.0.1040'. [ 334.260788][T10813] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1041'. [ 334.274802][ T30] audit: type=1800 audit(4294972554.037:42): pid=10813 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.1041" name="dbroot" dev="configfs" ino=35521 res=0 errno=0 [ 335.251830][T10829] random: crng reseeded on system resumption [ 337.671017][T10869] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 337.671208][T10869] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 337.671632][T10869] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 337.671798][T10869] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 339.515441][T10919] zram0: detected capacity change from 8 to 0 [ 339.692996][ T7264] Bluetooth: hci3: command 0x0c1a tx timeout [ 339.702315][ T7712] Bluetooth: hci2: command 0x0c1a tx timeout [ 339.708604][ T6987] Bluetooth: hci1: command 0x0c1a tx timeout [ 339.714686][ T6987] Bluetooth: hci0: command 0x0c1a tx timeout [ 342.982618][T11009] netlink: 'syz.0.1076': attribute type 1 has an invalid length. [ 343.712377][T11007] kexec: Could not allocate control_code_buffer [ 343.995582][T11031] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1082'. [ 344.032393][T11031] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1082'. [ 344.067976][T11031] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1082'. [ 344.107570][T11031] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1082'. [ 344.126729][T11031] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1082'. [ 344.156966][T11031] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1082'. [ 344.183863][T11031] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1082'. [ 344.257951][T11031] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1082'. [ 344.329959][T11031] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1082'. [ 344.429353][T11031] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1082'. [ 344.750182][T11035] KVM: debugfs: duplicate directory 11035-3 [ 344.795690][T11035] KVM: debugfs: duplicate directory 11035-4 [ 344.802361][T11035] KVM: debugfs: duplicate directory 11035-5 [ 344.914295][T11035] KVM: debugfs: duplicate directory 11035-6 [ 344.920952][T11035] KVM: debugfs: duplicate directory 11035-7 [ 345.135131][T11054] zram: Added device: zram1 [ 347.338019][T11070] zram0: detected capacity change from 0 to 8 [ 347.987508][T11055] Process accounting resumed [ 351.561104][T11109] __nla_validate_parse: 56 callbacks suppressed [ 351.561125][T11109] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1102'. [ 351.840474][T11119] netlink: 'syz.0.1104': attribute type 7 has an invalid length. [ 351.848370][T11119] netlink: 17 bytes leftover after parsing attributes in process `syz.0.1104'. [ 352.749697][ T30] audit: type=1800 audit(4294976668.619:43): pid=11118 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.1100" name="SYSV00000008" dev="hugetlbfs" ino=0 res=0 errno=0 [ 353.503801][T11111] kexec: Could not allocate control_code_buffer [ 354.179984][ T30] audit: type=1326 audit(4294976670.046:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11169 comm="syz.0.1113" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7ff3c639aeb9 code=0x0 [ 354.808784][T10333] syz.1.936 (10333) used greatest stack depth: 17832 bytes left [ 355.734379][T11226] netlink: 178 bytes leftover after parsing attributes in process `syz.3.1120'. [ 357.146789][ C1] vcan0: j1939_tp_rxtimer: 0xffff888031edc000: rx timeout, send abort [ 357.155274][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff888031edc000: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 360.898733][T11371] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1150'. [ 362.668269][T11388] Process accounting paused [ 363.091738][ C1] vcan0: j1939_tp_rxtimer: 0xffff88805bc42c00: rx timeout, send abort [ 363.100323][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88805bc42c00: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 364.247847][ C0] vcan0: j1939_tp_rxtimer: 0xffff88805bfe1400: rx timeout, send abort [ 364.256219][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff88805bfe1400: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 365.776209][T11480] hub 1-0:1.0: USB hub found [ 365.784354][T11480] hub 1-0:1.0: 1 port detected [ 366.091193][ C0] vcan0: j1939_tp_rxtimer: 0xffff88802a0fc000: rx timeout, send abort [ 366.101309][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff88802a0fc000: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 368.354565][ T7712] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 368.620273][T11528] netlink: Setting conntrack mark requires 'commit' flag. [ 369.397622][T11524] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1183'. [ 370.307491][ T30] audit: type=1800 audit(4294976686.270:45): pid=11555 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.1189" name="lu_gp_id" dev="configfs" ino=42841 res=0 errno=0 [ 372.212122][T11602] random: crng reseeded on system resumption [ 372.469843][T11601] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1198'. [ 373.205818][T11621] ubi0: detaching mtd0 [ 373.242272][T11621] ubi0: mtd0 is detached [ 373.960945][T11641] random: crng reseeded on system resumption [ 374.496353][T11659] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1209'. [ 376.223003][T11702] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1216'. [ 376.263961][T11702] netlink: 'syz.2.1216': attribute type 1 has an invalid length. [ 376.313373][T11702] netlink: 'syz.2.1216': attribute type 4 has an invalid length. [ 376.346588][T11702] netlink: 'syz.2.1216': attribute type 5 has an invalid length. [ 376.481539][T11702] netlink: 20232 bytes leftover after parsing attributes in process `syz.2.1216'. [ 376.653630][T11705] netlink: zone id is out of range [ 376.693078][T11705] netlink: zone id is out of range [ 376.826756][T11705] netlink: set zone limit has 8 unknown bytes [ 378.271935][T11735] Process accounting paused [ 378.468415][T11755] zswap: compressor not available [ 380.505811][T11809] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1243'. [ 380.796011][T11814] netlink: 'syz.2.1244': attribute type 10 has an invalid length. [ 380.803967][T11814] netlink: 330 bytes leftover after parsing attributes in process `syz.2.1244'. [ 381.065666][T11820] random: crng reseeded on system resumption [ 383.081769][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 383.095999][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 387.127097][T11928] zswap: compressor not available [ 387.316341][T11942] zswap: compressor not available [ 387.539179][T11949] input: jJǸ-9%vJ86 as /devices/virtual/input/input18 [ 390.582324][ T30] audit: type=1800 audit(4294976706.615:46): pid=12022 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.1284" name="lu_gp_id" dev="configfs" ino=45432 res=0 errno=0 [ 390.771919][ C0] vcan0: j1939_tp_rxtimer: 0xffff88807e42d000: rx timeout, send abort [ 391.277578][ C0] vcan0: j1939_tp_rxtimer: 0xffff88807e42d000: abort rx timeout. Force session deactivation [ 391.396491][T12039] binder: 12036:12039 ioctl 400c620e 0 returned -22 [ 391.786053][ T30] audit: type=1800 audit(4294976707.861:47): pid=12052 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.1289" name="lu_gp_id" dev="configfs" ino=45512 res=0 errno=0 [ 392.455533][T12070] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1295'. [ 392.871273][T12079] netlink: 'syz.2.1298': attribute type 29 has an invalid length. [ 392.888400][T12079] netlink: 334 bytes leftover after parsing attributes in process `syz.2.1298'. [ 394.390907][T12111] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1306'. [ 394.480998][T12111] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1306'. [ 394.569999][T12111] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1306'. [ 394.619548][T12111] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1306'. [ 394.689376][T12111] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1306'. [ 394.813632][T12111] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1306'. [ 394.843297][T12111] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1306'. [ 394.888261][T12111] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1306'. [ 395.104991][T12119] netlink: 'syz.1.1308': attribute type 2 has an invalid length. [ 395.363212][T12128] hub 1-0:1.0: USB hub found [ 395.373559][T12128] hub 1-0:1.0: 1 port detected [ 395.499337][T12071] Process accounting resumed [ 395.515011][ C1] vcan0: j1939_tp_rxtimer: 0xffff88805ba59400: rx timeout, send abort [ 395.523547][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88805ba59400: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 397.146160][ T30] audit: type=1800 audit(4294976713.239:48): pid=12145 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.1315" name="lu_gp_id" dev="configfs" ino=46728 res=0 errno=0 [ 397.459457][T12170] zswap: compressor not available [ 397.985010][ C1] vcan0: j1939_tp_rxtimer: 0xffff88803aaeb000: rx timeout, send abort [ 397.994457][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88803aaeb000: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 398.466178][T12170] zswap: compressor 842 [ 398.466178][T12170] 6/02/01 13:42:25# profile=0 mode=learning granted=no (global-pid=13) task={ pid=13 ppid=2 uid=0 gid=0 euid=0 egid=0 suid=0 sgid=0 fsuid=0 fsgid=0 } path1.parent={ uid=0 gid=0 ino=1 perm=0755 } [ 398.466178][T12170] [ 398.466178][T12170] file mkdir /dev/ 0755 not available [ 398.713014][T12216] FAULT_INJECTION: forcing a failure. [ 398.713014][T12216] name failslab, interval 1, probability 0, space 0, times 0 [ 398.729969][T12216] CPU: 0 UID: 0 PID: 12216 Comm: syz.3.1325 Not tainted syzkaller #0 PREEMPT(full) [ 398.730005][T12216] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 398.730022][T12216] Call Trace: [ 398.730031][T12216] [ 398.730041][T12216] dump_stack_lvl+0x100/0x190 [ 398.730083][T12216] should_fail_ex.cold+0x5/0xa [ 398.730130][T12216] should_failslab+0xc2/0x120 [ 398.730171][T12216] kmem_cache_alloc_noprof+0x83/0x780 [ 398.730208][T12216] ? __proc_create+0xc2/0x8c0 [ 398.730250][T12216] ? __proc_create+0x2cb/0x8c0 [ 398.730300][T12216] ? __proc_create+0x2cb/0x8c0 [ 398.730343][T12216] __proc_create+0x2cb/0x8c0 [ 398.730388][T12216] ? __pfx___proc_create+0x10/0x10 [ 398.730436][T12216] ? _raw_write_unlock+0x28/0x50 [ 398.730468][T12216] ? proc_register+0x559/0x8a0 [ 398.730498][T12216] proc_create_reg+0x75/0x170 [ 398.730528][T12216] proc_create_net_data+0x8e/0x1c0 [ 398.730574][T12216] ? __pfx_proc_create_net_data+0x10/0x10 [ 398.730631][T12216] sctp_proc_init+0x199/0x270 [ 398.730669][T12216] ? __pfx_sctp_defaults_init+0x10/0x10 [ 398.730709][T12216] sctp_defaults_init+0x758/0xd90 [ 398.730758][T12216] ? __pfx_sctp_defaults_init+0x10/0x10 [ 398.730798][T12216] ops_init+0x1e2/0x5f0 [ 398.730848][T12216] setup_net+0x118/0x3a0 [ 398.730875][T12216] ? __pfx_setup_net+0x10/0x10 [ 398.730916][T12216] ? lockdep_init_map_type+0x5c/0x250 [ 398.730955][T12216] ? mutex_init_lockep+0x110/0x150 [ 398.730998][T12216] copy_net_ns+0x46f/0x7c0 [ 398.731030][T12216] create_new_namespaces+0x3ea/0xab0 [ 398.731071][T12216] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 398.731104][T12216] ksys_unshare+0x455/0xab0 [ 398.731143][T12216] ? __pfx_ksys_unshare+0x10/0x10 [ 398.731184][T12216] ? xfd_validate_state+0x129/0x190 [ 398.731242][T12216] __x64_sys_unshare+0x31/0x40 [ 398.731281][T12216] do_syscall_64+0xc9/0xf80 [ 398.731319][T12216] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 398.731348][T12216] RIP: 0033:0x7f334699aeb9 [ 398.731372][T12216] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 398.731399][T12216] RSP: 002b:00007f334793b028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 398.731426][T12216] RAX: ffffffffffffffda RBX: 00007f3346c15fa0 RCX: 00007f334699aeb9 [ 398.731445][T12216] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 398.731463][T12216] RBP: 00007f3346a08c1f R08: 0000000000000000 R09: 0000000000000000 [ 398.731480][T12216] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 398.731497][T12216] R13: 00007f3346c16038 R14: 00007f3346c15fa0 R15: 00007ffe974d2ee8 [ 398.731535][T12216] [ 400.252195][T12254] NFSD: Failed to start, no listeners configured. [ 401.551541][T12291] vhci_hcd vhci_hcd.3: USB_PORT_FEAT_SUSPEND req not supported for USB 3.0 roothub [ 404.368697][T12363] zswap: compressor not available [ 404.980323][ C0] vcan0: j1939_tp_rxtimer: 0xffff888050617000: rx timeout, send abort [ 404.988953][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff888050617000: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 406.620687][T12419] vhci_hcd vhci_hcd.0: invalid port number 16 [ 407.215485][T12439] FAULT_INJECTION: forcing a failure. [ 407.215485][T12439] name failslab, interval 1, probability 0, space 0, times 0 [ 407.292729][T12439] CPU: 0 UID: 0 PID: 12439 Comm: syz.3.1369 Not tainted syzkaller #0 PREEMPT(full) [ 407.292768][T12439] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 407.292785][T12439] Call Trace: [ 407.292796][T12439] [ 407.292806][T12439] dump_stack_lvl+0x100/0x190 [ 407.292846][T12439] should_fail_ex.cold+0x5/0xa [ 407.292893][T12439] should_failslab+0xc2/0x120 [ 407.292932][T12439] kmem_cache_alloc_lru_noprof+0x8e/0x7d0 [ 407.292968][T12439] ? __pfx___debug_object_init+0x10/0x10 [ 407.292994][T12439] ? __d_alloc+0x34/0xa80 [ 407.293015][T12439] ? __d_alloc+0x34/0xa80 [ 407.293032][T12439] __d_alloc+0x34/0xa80 [ 407.293052][T12439] d_alloc_pseudo+0x1c/0xc0 [ 407.293074][T12439] alloc_file_pseudo+0xcf/0x230 [ 407.293096][T12439] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 407.293117][T12439] ? alloc_fd+0x476/0x790 [ 407.293145][T12439] sock_alloc_file+0x50/0x210 [ 407.293170][T12439] __sys_socket+0x1c0/0x260 [ 407.293186][T12439] ? __fget_files+0x21f/0x3d0 [ 407.293201][T12439] ? __pfx___sys_socket+0x10/0x10 [ 407.293217][T12439] ? xfd_validate_state+0x129/0x190 [ 407.293245][T12439] __x64_sys_socket+0x72/0xb0 [ 407.293261][T12439] ? lockdep_hardirqs_on+0x78/0x100 [ 407.293278][T12439] do_syscall_64+0xc9/0xf80 [ 407.293297][T12439] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 407.293322][T12439] RIP: 0033:0x7f334699aeb9 [ 407.293344][T12439] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 407.293370][T12439] RSP: 002b:00007f33478f9028 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 407.293393][T12439] RAX: ffffffffffffffda RBX: 00007f3346c16180 RCX: 00007f334699aeb9 [ 407.293403][T12439] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000015 [ 407.293412][T12439] RBP: 00007f3346a08c1f R08: 0000000000000000 R09: 0000000000000000 [ 407.293422][T12439] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 407.293430][T12439] R13: 00007f3346c16218 R14: 00007f3346c16180 R15: 00007ffe974d2ee8 [ 407.293450][T12439] [ 407.824462][T12444] vhci_hcd vhci_hcd.1: invalid port number 37 [ 407.910570][T12444] vhci_hcd vhci_hcd.1: default hub control req: 600d v002b i0025 l1 [ 409.009412][T12464] Process accounting resumed [ 410.042522][T12489] syz.1.1380 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 410.052689][T12489] CPU: 0 UID: 0 PID: 12489 Comm: syz.1.1380 Not tainted syzkaller #0 PREEMPT(full) [ 410.052722][T12489] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 410.052738][T12489] Call Trace: [ 410.052748][T12489] [ 410.052758][T12489] dump_stack_lvl+0x100/0x190 [ 410.052797][T12489] dump_header+0xfb/0x606 [ 410.052828][T12489] oom_kill_process.cold+0xd/0x321 [ 410.052867][T12489] out_of_memory+0x340/0x14f0 [ 410.052911][T12489] ? __pfx_out_of_memory+0x10/0x10 [ 410.052957][T12489] mem_cgroup_out_of_memory+0xc6/0x130 [ 410.052987][T12489] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 410.053013][T12489] ? find_held_lock+0x2b/0x80 [ 410.053047][T12489] ? do_raw_spin_unlock+0x145/0x1e0 [ 410.053090][T12489] ? _raw_spin_unlock+0x28/0x50 [ 410.053123][T12489] try_charge_memcg+0x652/0xc90 [ 410.053169][T12489] ? __pfx_try_charge_memcg+0x10/0x10 [ 410.053207][T12489] ? find_held_lock+0x2b/0x80 [ 410.053233][T12489] ? rcu_read_unlock+0x17/0x60 [ 410.053271][T12489] ? rcu_read_unlock+0x17/0x60 [ 410.053323][T12489] charge_memcg+0xa6/0x280 [ 410.053361][T12489] __mem_cgroup_charge+0x2b/0x1e0 [ 410.053405][T12489] shmem_alloc_and_add_folio+0x451/0xd40 [ 410.053450][T12489] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 410.053488][T12489] ? shmem_allowable_huge_orders+0x2bd/0x400 [ 410.053524][T12489] ? do_fault+0x6a4/0x1990 [ 410.053569][T12489] shmem_get_folio_gfp+0x6ab/0x1900 [ 410.053612][T12489] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 410.053658][T12489] shmem_write_begin+0x1a4/0x420 [ 410.053696][T12489] ? __pfx_shmem_write_begin+0x10/0x10 [ 410.053733][T12489] ? balance_dirty_pages_ratelimited_flags+0x91/0x1170 [ 410.053785][T12489] generic_perform_write+0x292/0xa40 [ 410.053820][T12489] ? __pfx_shmem_file_write_iter+0x10/0x10 [ 410.053876][T12489] ? __pfx_generic_perform_write+0x10/0x10 [ 410.053916][T12489] ? file_update_time_flags+0x31f/0x510 [ 410.053961][T12489] ? __pfx_shmem_file_write_iter+0x10/0x10 [ 410.053999][T12489] shmem_file_write_iter+0x10e/0x140 [ 410.054042][T12489] __kernel_write_iter+0x2ac/0x920 [ 410.054077][T12489] ? __pfx___kernel_write_iter+0x10/0x10 [ 410.054109][T12489] ? __up_read+0x2c5/0x700 [ 410.054154][T12489] ? dump_user_range+0x73b/0xb50 [ 410.054194][T12489] dump_user_range+0x3f9/0xb50 [ 410.054232][T12489] ? __pfx_dump_user_range+0x10/0x10 [ 410.054276][T12489] ? __pfx_writenote+0x10/0x10 [ 410.054318][T12489] elf_core_dump+0x2d16/0x3c60 [ 410.054373][T12489] ? __pfx_elf_core_dump+0x10/0x10 [ 410.054404][T12489] ? kasan_save_stack+0x30/0x50 [ 410.054436][T12489] ? kasan_save_track+0x14/0x30 [ 410.054467][T12489] ? __kasan_kmalloc+0xaa/0xb0 [ 410.054498][T12489] ? __kvmalloc_node_noprof+0x34d/0xac0 [ 410.054530][T12489] ? vfs_coredump+0x1f01/0x5530 [ 410.054558][T12489] ? arch_do_signal_or_restart+0x91/0x770 [ 410.054595][T12489] ? irqentry_exit+0x1f8/0x670 [ 410.054624][T12489] ? asm_exc_page_fault+0x26/0x30 [ 410.054660][T12489] ? 0xffffffffff600000 [ 410.054748][T12489] ? vfs_coredump+0x276c/0x5530 [ 410.054777][T12489] vfs_coredump+0x276c/0x5530 [ 410.054822][T12489] ? __pfx_vfs_coredump+0x10/0x10 [ 410.054857][T12489] ? __lock_acquire+0x4a5/0x2630 [ 410.054902][T12489] ? __lock_acquire+0x4a5/0x2630 [ 410.054942][T12489] ? lock_acquire+0x17c/0x330 [ 410.054986][T12489] ? lock_acquire+0x17c/0x330 [ 410.055029][T12489] ? bpf_ksym_find+0x124/0x1c0 [ 410.055064][T12489] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 410.055110][T12489] ? arch_stack_walk+0xa6/0xf0 [ 410.055157][T12489] ? stack_trace_save+0x8e/0xc0 [ 410.055187][T12489] ? __pfx_stack_trace_save+0x10/0x10 [ 410.055220][T12489] ? stack_depot_save_flags+0x27/0x9c0 [ 410.055262][T12489] ? __lock_acquire+0x4a5/0x2630 [ 410.055368][T12489] ? proc_coredump_connector+0x2d3/0x4f0 [ 410.055413][T12489] ? __pfx_proc_coredump_connector+0x10/0x10 [ 410.055467][T12489] ? rcu_is_watching+0x12/0xc0 [ 410.055500][T12489] get_signal+0x1f2a/0x21e0 [ 410.055549][T12489] ? __pfx_get_signal+0x10/0x10 [ 410.055581][T12489] ? bad_area_access_error+0xab/0x1d0 [ 410.055613][T12489] ? fixup_vdso_exception+0x2d1/0x370 [ 410.055659][T12489] arch_do_signal_or_restart+0x91/0x770 [ 410.055696][T12489] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 410.055745][T12489] ? do_user_addr_fault+0x8d6/0x12f0 [ 410.055782][T12489] irqentry_exit+0x1f8/0x670 [ 410.055817][T12489] asm_exc_page_fault+0x26/0x30 [ 410.055843][T12489] RIP: 0033:0x0 [ 410.055867][T12489] Code: Unable to access opcode bytes at 0xffffffffffffffd6. [ 410.055879][T12489] RSP: 002b:0000000000000010 EFLAGS: 00010217 [ 410.055900][T12489] RAX: 0000000000000000 RBX: 00007f9ea9a16090 RCX: 00007f9ea979aeb9 [ 410.055918][T12489] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000020003b4a [ 410.055934][T12489] RBP: 00007f9ea9808c1f R08: 0000000000000002 R09: 0000000000000000 [ 410.055951][T12489] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 410.055967][T12489] R13: 00007f9ea9a16128 R14: 00007f9ea9a16090 R15: 00007fff72e95c48 [ 410.056005][T12489] [ 410.058663][T12489] memory: usage 3072kB, limit 3072kB, failcnt 98879 [ 410.567886][T12489] memory+swap: usage 7232kB, limit 9007199254740988kB, failcnt 0 [ 410.575625][T12489] kmem: usage 1116kB, limit 9007199254740988kB, failcnt 0 [ 410.617298][T12489] Memory cgroup stats for /syz1: [ 410.617834][T12489] cache 1695744 [ 410.627452][T12489] rss 176128 [ 410.630666][T12489] rss_huge 0 [ 410.633867][T12489] shmem 1695744 [ 410.659621][T12489] mapped_file 1695744 [ 410.663627][T12489] dirty 0 [ 410.679655][T12489] writeback 0 [ 410.682959][T12489] workingset_refault_anon 14625 [ 410.745443][T12489] workingset_refault_file 17262 [ 410.750323][T12489] swap 4251648 [ 410.753700][T12489] swapcached 106496 [ 410.785444][T12489] pgpgin 270960 [ 410.798177][T12489] pgpgout 274575 [ 410.801714][T12489] pgfault 301772 [ 410.821042][T12489] pgmajfault 5504 [ 410.824673][T12489] inactive_anon 98304 [ 410.854897][T12489] active_anon 0 [ 410.858384][T12489] inactive_file 0 [ 410.862022][T12489] active_file 0 [ 410.869393][T12489] unevictable 1871872 [ 410.878678][T12489] hierarchical_memory_limit 3145728 [ 410.904444][T12489] hierarchical_memsw_limit 9223372036854771712 [ 410.914535][T12489] total_cache 1695744 [ 410.920503][T12489] total_rss 176128 [ 410.924222][T12489] total_rss_huge 0 [ 410.938071][T12489] total_shmem 1695744 [ 410.953780][T12489] total_mapped_file 1695744 [ 410.960553][T12489] total_dirty 0 [ 410.964024][T12489] total_writeback 0 [ 410.980134][T12489] total_workingset_refault_anon 14625 [ 410.996798][T12489] total_workingset_refault_file 17262 [ 411.007866][T12489] total_swap 4251648 [ 411.011775][T12489] total_swapcached 106496 [ 411.016794][T12489] total_pgpgin 270960 [ 411.020848][T12489] total_pgpgout 274575 [ 411.031279][T12489] total_pgfault 301772 [ 411.037301][T12489] total_pgmajfault 5504 [ 411.042276][T12489] total_inactive_anon 98304 [ 411.050022][T12489] total_active_anon 0 [ 411.072365][T12489] total_inactive_file 0 [ 411.098916][T12489] total_active_file 0 [ 411.103627][T12489] total_unevictable 1871872 [ 411.109021][T12489] anon_cost 368 [ 411.112886][T12489] file_cost 0 [ 411.129037][T12489] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz.1.1380,pid=12489,uid=0 [ 411.174752][T12489] Memory cgroup out of memory: Killed process 12489 (syz.1.1380) total-vm:167996kB, anon-rss:1208kB, file-rss:22288kB, shmem-rss:1536kB, UID:0 pgtables:148kB oom_score_adj:1000 [ 411.512468][T12521] __nla_validate_parse: 26 callbacks suppressed [ 411.512491][T12521] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1382'. [ 411.577138][T12522] netlink: 13 bytes leftover after parsing attributes in process `syz.1.1382'. [ 413.317942][T12551] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1394'. [ 413.365671][T12551] netlink: 322 bytes leftover after parsing attributes in process `syz.2.1394'. [ 413.883329][T12553] FAULT_INJECTION: forcing a failure. [ 413.883329][T12553] name failslab, interval 1, probability 0, space 0, times 0 [ 413.910283][T12553] CPU: 1 UID: 0 PID: 12553 Comm: syz.1.1395 Not tainted syzkaller #0 PREEMPT(full) [ 413.910324][T12553] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 413.910342][T12553] Call Trace: [ 413.910351][T12553] [ 413.910362][T12553] dump_stack_lvl+0x100/0x190 [ 413.910407][T12553] should_fail_ex.cold+0x5/0xa [ 413.910455][T12553] should_failslab+0xc2/0x120 [ 413.910502][T12553] kmem_cache_alloc_node_noprof+0x8c/0x880 [ 413.910541][T12553] ? percpu_ref_put_many.constprop.0+0xc4/0x2a0 [ 413.910589][T12553] ? percpu_ref_put_many.constprop.0+0xc4/0x2a0 [ 413.910636][T12553] ? zswap_store+0xc42/0x29d0 [ 413.910670][T12553] ? zswap_store+0xc42/0x29d0 [ 413.910696][T12553] zswap_store+0xc42/0x29d0 [ 413.910727][T12553] ? down_write_nested+0x121/0x200 [ 413.910765][T12553] ? __pfx_should_flush_tlb+0x10/0x10 [ 413.910812][T12553] ? __pfx_zswap_store+0x10/0x10 [ 413.910840][T12553] ? folio_free_swap+0x277/0x850 [ 413.910877][T12553] ? folio_free_swap+0x277/0x850 [ 413.910917][T12553] ? do_raw_spin_unlock+0x145/0x1e0 [ 413.910961][T12553] ? _raw_spin_unlock+0x28/0x50 [ 413.910987][T12553] ? folio_free_swap+0x39/0x850 [ 413.911033][T12553] swap_writeout+0x49d/0x12b0 [ 413.911069][T12553] shrink_folio_list+0x5459/0x6000 [ 413.911107][T12553] ? css_rstat_updated+0x1ce/0x5a0 [ 413.911136][T12553] ? css_rstat_updated+0x1ce/0x5a0 [ 413.911165][T12553] ? __pfx_shrink_folio_list+0x10/0x10 [ 413.911196][T12553] ? lock_acquire+0x17c/0x330 [ 413.911232][T12553] ? rcu_is_watching+0x12/0xc0 [ 413.911258][T12553] ? mod_memcg_lruvec_state+0x1a6/0x5d0 [ 413.911284][T12553] ? __mod_zone_page_state+0xe2/0x190 [ 413.911314][T12553] ? isolate_lru_folios+0xafc/0x10f0 [ 413.911365][T12553] ? find_held_lock+0x2b/0x80 [ 413.911393][T12553] ? mark_held_locks+0x40/0x70 [ 413.911430][T12553] shrink_lruvec+0xf5a/0x2c20 [ 413.911456][T12553] ? find_held_lock+0x2b/0x80 [ 413.911509][T12553] ? __pfx_shrink_lruvec+0x10/0x10 [ 413.911539][T12553] ? __pfx_zswap_shrinker_count+0x10/0x10 [ 413.911563][T12553] ? find_held_lock+0x2b/0x80 [ 413.911589][T12553] ? do_shrink_slab+0xc36/0x1110 [ 413.911635][T12553] ? __lock_acquire+0x4a5/0x2630 [ 413.911672][T12553] ? __lock_acquire+0x4a5/0x2630 [ 413.911726][T12553] ? __pfx___might_resched+0x10/0x10 [ 413.911764][T12553] ? page_counter_calculate_protection+0x344/0x730 [ 413.911790][T12553] ? mem_cgroup_iter+0x37b/0x710 [ 413.911826][T12553] shrink_node+0x8e0/0x3e90 [ 413.911858][T12553] ? __page_table_check_zero+0x2f0/0x410 [ 413.911900][T12553] ? __pfx_shrink_node+0x10/0x10 [ 413.911931][T12553] ? prep_compound_page+0x266/0x530 [ 413.911962][T12553] ? get_page_from_freelist+0x1fac/0x2e10 [ 413.912000][T12553] ? do_try_to_free_pages+0x342/0x18f0 [ 413.912030][T12553] do_try_to_free_pages+0x342/0x18f0 [ 413.912076][T12553] ? __pfx_do_try_to_free_pages+0x10/0x10 [ 413.912117][T12553] try_to_free_mem_cgroup_pages+0x313/0x7c0 [ 413.912151][T12553] ? __pfx_try_to_free_mem_cgroup_pages+0x10/0x10 [ 413.912197][T12553] ? psi_memstall_enter+0x21d/0x320 [ 413.912225][T12553] ? lockdep_hardirqs_on+0x78/0x100 [ 413.912255][T12553] ? psi_memstall_enter+0x21d/0x320 [ 413.912288][T12553] try_charge_memcg+0x3e3/0xc90 [ 413.912328][T12553] ? __pfx_try_charge_memcg+0x10/0x10 [ 413.912363][T12553] ? find_held_lock+0x2b/0x80 [ 413.912387][T12553] ? rcu_read_unlock+0x17/0x60 [ 413.912422][T12553] ? rcu_read_unlock+0x17/0x60 [ 413.912468][T12553] charge_memcg+0xa6/0x280 [ 413.912507][T12553] __mem_cgroup_charge+0x2b/0x1e0 [ 413.912548][T12553] filemap_add_folio+0xe7/0x690 [ 413.912585][T12553] ? __pfx_filemap_add_folio+0x10/0x10 [ 413.912628][T12553] __filemap_get_folio_mpol+0x5d5/0xe70 [ 413.912672][T12553] iomap_write_begin+0x15c3/0x22b0 [ 413.912703][T12553] ? fault_in_readable+0xde/0x190 [ 413.912736][T12553] ? fault_in_readable+0xde/0x190 [ 413.912769][T12553] ? __pfx_iomap_write_begin+0x10/0x10 [ 413.912791][T12553] ? fault_in_readable+0x14c/0x190 [ 413.912825][T12553] ? __pfx_fault_in_readable+0x10/0x10 [ 413.912858][T12553] ? rcu_is_cpu_rrupt_from_idle+0x1a0/0x270 [ 413.912883][T12553] ? I_BDEV+0xd/0x20 [ 413.912920][T12553] ? inode_to_bdi+0x9e/0x160 [ 413.912962][T12553] iomap_file_buffered_write+0x48b/0xac0 [ 413.913000][T12553] ? __pfx_iomap_file_buffered_write+0x10/0x10 [ 413.913028][T12553] ? reacquire_held_locks+0xce/0x1e0 [ 413.913062][T12553] ? __mark_inode_dirty+0xe7b/0x1560 [ 413.913126][T12553] ? __pfx_down_read+0x10/0x10 [ 413.913160][T12553] ? mnt_put_write_access_file+0x4e/0x100 [ 413.913189][T12553] ? file_update_time_flags+0x31f/0x510 [ 413.913229][T12553] blkdev_write_iter+0x575/0xd70 [ 413.913268][T12553] vfs_write+0x6ac/0x1070 [ 413.913297][T12553] ? __pfx_blkdev_write_iter+0x10/0x10 [ 413.913331][T12553] ? __pfx_vfs_write+0x10/0x10 [ 413.913357][T12553] ? find_held_lock+0x2b/0x80 [ 413.913403][T12553] ksys_write+0x12a/0x250 [ 413.913431][T12553] ? __pfx_ksys_write+0x10/0x10 [ 413.913469][T12553] do_syscall_64+0xc9/0xf80 [ 413.913507][T12553] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 413.913533][T12553] RIP: 0033:0x7f9ea979aeb9 [ 413.913554][T12553] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 413.913578][T12553] RSP: 002b:00007f9eaa619028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 413.913604][T12553] RAX: ffffffffffffffda RBX: 00007f9ea9a15fa0 RCX: 00007f9ea979aeb9 [ 413.913622][T12553] RDX: 000000100000a3d9 RSI: 00002000000000c0 RDI: 0000000000000004 [ 413.913638][T12553] RBP: 00007f9ea9808c1f R08: 0000000000000000 R09: 0000000000000000 [ 413.913654][T12553] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 413.913670][T12553] R13: 00007f9ea9a16038 R14: 00007f9ea9a15fa0 R15: 00007fff72e95c48 [ 413.913705][T12553] [ 414.672493][T12569] Invalid ELF header magic: != ELF [ 415.320473][T12583] netlink: 330 bytes leftover after parsing attributes in process `syz.2.1401'. [ 415.331681][T12583] : renamed from bond_slave_0 (while UP) [ 415.399319][T12583] netlink: 330 bytes leftover after parsing attributes in process `syz.2.1401'. [ 417.791647][T12653] Invalid ELF header magic: != ELF [ 418.474246][T12646] kexec: Could not allocate control_code_buffer [ 418.494340][T12662] netlink: 504 bytes leftover after parsing attributes in process `syz.3.1418'. [ 419.414747][T12689] netlink: 'syz.1.1422': attribute type 1 has an invalid length. [ 419.556867][ C0] vcan0: j1939_tp_rxtimer: 0xffff88802d55b800: rx timeout, send abort [ 419.565486][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff88802d55b800: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 420.587555][T12706] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input19 [ 421.062909][ C1] vcan0: j1939_tp_rxtimer: 0xffff88807f6b7800: rx timeout, send abort [ 421.071440][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88807f6b7800: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 421.115877][T12710] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input20 [ 421.456951][T12730] NFSD: Failed to start, no listeners configured. [ 422.294778][ T9358] netdevsim netdevsim1335 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 423.924679][T12768] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888078000e10 pfn:0x78000 [ 423.951453][T12768] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 423.977319][T12768] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000 [ 424.014701][T12768] raw: ffff888078000e10 0000000000000000 00000001ffffffff 0000000000000000 [ 424.050484][T12768] page dumped because: unmovable page [ 424.055880][T12768] page_owner tracks the page as allocated [ 424.105945][T12768] page last allocated via order 0, migratetype Unmovable, gfp_mask 0xd02(GFP_NOIO|__GFP_HIGHMEM|__GFP_ZERO), pid 8612, tgid 8609 (syz.0.567), ts 220891315280, free_ts 218935632613 [ 424.196653][T12768] post_alloc_hook+0x1e1/0x250 [ 424.201474][T12768] get_page_from_freelist+0xe3d/0x2e10 [ 424.217178][T12768] __alloc_frozen_pages_noprof+0x26c/0x2410 [ 424.225244][T12768] alloc_pages_mpol+0x1fb/0x550 [ 424.241260][T12768] alloc_pages_noprof+0x131/0x390 [ 424.246648][T12768] brd_submit_bio+0x116a/0x20d0 [ 424.251675][T12768] __submit_bio+0x32f/0x6c0 [ 424.256620][T12768] submit_bio_noacct_nocheck+0x6fc/0xbb0 [ 424.262437][T12768] submit_bio_noacct+0xb5c/0x1e80 [ 424.353863][T12768] blkdev_direct_IO+0x16be/0x1fb0 [ 424.358284][T12769] FAULT_INJECTION: forcing a failure. [ 424.358284][T12769] name failslab, interval 1, probability 0, space 0, times 0 [ 424.423257][T12769] CPU: 0 UID: 0 PID: 12769 Comm: syz.3.1439 Not tainted syzkaller #0 PREEMPT(full) [ 424.423294][T12769] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 424.423310][T12769] Call Trace: [ 424.423319][T12769] [ 424.423329][T12769] dump_stack_lvl+0x100/0x190 [ 424.423367][T12769] should_fail_ex.cold+0x5/0xa [ 424.423414][T12769] should_failslab+0xc2/0x120 [ 424.423456][T12769] __kmalloc_node_track_caller_noprof+0xf9/0x9d0 [ 424.423493][T12769] ? find_held_lock+0x2b/0x80 [ 424.423521][T12769] ? mptcp_net_init+0x29c/0x620 [ 424.423575][T12769] ? kmemdup_noprof+0x29/0x60 [ 424.423611][T12769] kmemdup_noprof+0x29/0x60 [ 424.423647][T12769] mptcp_net_init+0x29c/0x620 [ 424.423696][T12769] ? __pfx_mptcp_net_init+0x10/0x10 [ 424.423736][T12769] ops_init+0x1e2/0x5f0 [ 424.423783][T12769] setup_net+0x118/0x3a0 [ 424.423810][T12769] ? __pfx_setup_net+0x10/0x10 [ 424.423852][T12769] ? lockdep_init_map_type+0x5c/0x250 [ 424.423892][T12769] ? mutex_init_lockep+0x110/0x150 [ 424.423937][T12769] copy_net_ns+0x46f/0x7c0 [ 424.423970][T12769] create_new_namespaces+0x3ea/0xab0 [ 424.424010][T12769] copy_namespaces+0x468/0x5e0 [ 424.424045][T12769] copy_process+0x32d5/0x7890 [ 424.424100][T12769] ? __pfx_copy_process+0x10/0x10 [ 424.424139][T12769] ? find_held_lock+0x2b/0x80 [ 424.424182][T12769] kernel_clone+0xfc/0x930 [ 424.424227][T12769] ? __pfx_futex_wait+0x10/0x10 [ 424.424255][T12769] ? __pfx_kernel_clone+0x10/0x10 [ 424.424310][T12769] __do_sys_clone+0xd9/0x120 [ 424.424348][T12769] ? __pfx___do_sys_clone+0x10/0x10 [ 424.424386][T12769] ? find_held_lock+0x2b/0x80 [ 424.424434][T12769] ? fdget+0x18b/0x210 [ 424.424471][T12769] do_syscall_64+0xc9/0xf80 [ 424.424509][T12769] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 424.424538][T12769] RIP: 0033:0x7f334699aeb9 [ 424.424561][T12769] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 424.424589][T12769] RSP: 002b:00007f3347919fd8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 424.424617][T12769] RAX: ffffffffffffffda RBX: 00007f3346c16090 RCX: 00007f334699aeb9 [ 424.424637][T12769] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040180211 [ 424.424662][T12769] RBP: 00007f3346a08c1f R08: 0000000000000000 R09: 0000000000000000 [ 424.424680][T12769] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 424.424702][T12769] R13: 00007f3346c16128 R14: 00007f3346c16090 R15: 00007ffe974d2ee8 [ 424.424742][T12769] [ 424.741259][T12768] blkdev_write_iter+0x703/0xd70 [ 424.767621][T12768] vfs_write+0x6ac/0x1070 [ 424.784689][T12768] ksys_write+0x12a/0x250 [ 424.796778][T12768] do_syscall_64+0xc9/0xf80 [ 424.810253][T12768] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 424.828691][T12768] page last free pid 8573 tgid 8569 stack trace: [ 424.848684][T12768] __free_frozen_pages+0x822/0x1130 [ 424.863187][T12773] nfs: Unknown parameter 'nl802154' [ 424.927277][T12768] kimage_free+0x245/0x5a0 [ 424.950217][T12768] do_kexec_load+0x34c/0x810 [ 424.983249][T12768] __x64_sys_kexec_load+0x1bf/0x230 [ 424.993896][T12768] do_syscall_64+0xc9/0xf80 [ 424.998405][T12768] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 425.340757][T12769] Process accounting paused [ 425.833389][ T30] audit: type=1800 audit(4294995086.082:49): pid=12809 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.1445" name="lu_gp_id" dev="configfs" ino=50719 res=0 errno=0 [ 425.946383][T12813] can: request_module (can-proto-0) failed. [ 426.892825][T12837] netlink: 186 bytes leftover after parsing attributes in process `syz.0.1454'. [ 427.053568][ T6987] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18 [ 427.764959][ T30] audit: type=1800 audit(4294995088.022:50): pid=12865 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.1457" name="lu_gp_id" dev="configfs" ino=50835 res=0 errno=0 [ 428.506793][ C0] vcan0: j1939_tp_rxtimer: 0xffff88807eaa6c00: rx timeout, send abort [ 428.515209][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff88807eaa6c00: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 431.620478][T12927] random: crng reseeded on system resumption [ 432.886053][T12956] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1476'. [ 433.431578][T12973] sg_write: process 1589 (syz.0.1478) changed security contexts after opening file descriptor, this is not allowed. [ 434.072933][T12994] debugfs: '!PjE r҄y*"l-y–L̓]' already exists in 'ieee80211' [ 434.606170][T13008] netlink: 62 bytes leftover after parsing attributes in process `syz.2.1487'. [ 434.856906][T13001] Format for linking two devices is "netnsfd_a:ifidx_a netnsfd_b:ifidx_b" (int uint int uint). [ 435.807778][T13032] netlink: 342 bytes leftover after parsing attributes in process `syz.2.1493'. [ 436.753103][T13051] netlink: 330 bytes leftover after parsing attributes in process `syz.2.1497'. [ 437.813916][T13074] cgroup: fork rejected by pids controller in /syz0 [ 439.003397][T13170] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1508'. [ 439.483270][T13158] Process accounting paused [ 443.318787][T13188] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888078000e10 pfn:0x78000 [ 443.372876][T13188] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 443.393627][T13188] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000 [ 443.424839][T13188] raw: ffff888078000e10 0000000000000000 00000001ffffffff 0000000000000000 [ 443.455454][T13188] page dumped because: unmovable page [ 443.482975][T13188] page_owner tracks the page as allocated [ 443.519922][T13188] page last allocated via order 0, migratetype Unmovable, gfp_mask 0xd02(GFP_NOIO|__GFP_HIGHMEM|__GFP_ZERO), pid 8612, tgid 8609 (syz.0.567), ts 220891315280, free_ts 218935632613 [ 443.677843][T13188] post_alloc_hook+0x1e1/0x250 [ 443.720102][T13188] get_page_from_freelist+0xe3d/0x2e10 [ 443.752732][T13188] __alloc_frozen_pages_noprof+0x26c/0x2410 [ 443.773286][T13188] alloc_pages_mpol+0x1fb/0x550 [ 443.814890][T13188] alloc_pages_noprof+0x131/0x390 [ 443.846643][T13188] brd_submit_bio+0x116a/0x20d0 [ 443.895685][T13188] __submit_bio+0x32f/0x6c0 [ 443.917115][T13188] submit_bio_noacct_nocheck+0x6fc/0xbb0 [ 443.950084][T13188] submit_bio_noacct+0xb5c/0x1e80 [ 443.981986][T13188] blkdev_direct_IO+0x16be/0x1fb0 [ 443.997391][T13188] blkdev_write_iter+0x703/0xd70 [ 444.012416][T13188] vfs_write+0x6ac/0x1070 [ 444.022470][T13188] ksys_write+0x12a/0x250 [ 444.026909][T13188] do_syscall_64+0xc9/0xf80 [ 444.052340][T13188] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 444.068882][T13188] page last free pid 8573 tgid 8569 stack trace: [ 444.083240][T13188] __free_frozen_pages+0x822/0x1130 [ 444.112203][T13188] kimage_free+0x245/0x5a0 [ 444.116661][T13188] do_kexec_load+0x34c/0x810 [ 444.121281][T13188] __x64_sys_kexec_load+0x1bf/0x230 [ 444.183884][T13188] do_syscall_64+0xc9/0xf80 [ 444.188441][T13188] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 444.208263][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 444.221344][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 444.539238][T13192] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888078000e10 pfn:0x78000 [ 444.604415][T13192] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 444.631954][T13192] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000 [ 444.672741][T13192] raw: ffff888078000e10 0000000000000000 00000001ffffffff 0000000000000000 [ 444.703380][T13192] page dumped because: unmovable page [ 444.753598][T13192] page_owner tracks the page as allocated [ 444.787096][T13192] page last allocated via order 0, migratetype Unmovable, gfp_mask 0xd02(GFP_NOIO|__GFP_HIGHMEM|__GFP_ZERO), pid 8612, tgid 8609 (syz.0.567), ts 220891315280, free_ts 218935632613 [ 444.948175][T13192] post_alloc_hook+0x1e1/0x250 [ 444.965215][T13192] get_page_from_freelist+0xe3d/0x2e10 [ 445.206529][T13192] __alloc_frozen_pages_noprof+0x26c/0x2410 [ 445.268953][T13192] alloc_pages_mpol+0x1fb/0x550 [ 445.323835][T13192] alloc_pages_noprof+0x131/0x390 [ 445.361612][T13192] brd_submit_bio+0x116a/0x20d0 [ 445.375516][T13192] __submit_bio+0x32f/0x6c0 [ 445.405881][T13192] submit_bio_noacct_nocheck+0x6fc/0xbb0 [ 445.411565][T13192] submit_bio_noacct+0xb5c/0x1e80 [ 445.465242][T13192] blkdev_direct_IO+0x16be/0x1fb0 [ 445.470322][T13192] blkdev_write_iter+0x703/0xd70 [ 445.549928][ C1] vcan0: j1939_tp_rxtimer: 0xffff88805c047000: rx timeout, send abort [ 445.558404][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88805c047000: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 445.574462][T13192] vfs_write+0x6ac/0x1070 [ 445.578833][T13192] ksys_write+0x12a/0x250 [ 445.583194][T13192] do_syscall_64+0xc9/0xf80 [ 445.625063][T13192] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 445.631010][T13192] page last free pid 8573 tgid 8569 stack trace: [ 445.678008][T13192] __free_frozen_pages+0x822/0x1130 [ 445.683259][T13192] kimage_free+0x245/0x5a0 [ 445.732786][T13192] do_kexec_load+0x34c/0x810 [ 445.750870][T13192] __x64_sys_kexec_load+0x1bf/0x230 [ 445.768497][T13192] do_syscall_64+0xc9/0xf80 [ 445.786158][T13192] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 449.112643][ T30] audit: type=1800 audit(4294995109.483:51): pid=13266 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.1528" name="lu_gp_id" dev="configfs" ino=52539 res=0 errno=0 [ 449.249657][T12998] syz.1.1480 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000 [ 449.264762][T12998] CPU: 1 UID: 0 PID: 12998 Comm: syz.1.1480 Not tainted syzkaller #0 PREEMPT(full) [ 449.264797][T12998] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 449.264813][T12998] Call Trace: [ 449.264822][T12998] [ 449.264832][T12998] dump_stack_lvl+0x100/0x190 [ 449.264870][T12998] dump_header+0xfb/0x606 [ 449.264914][T12998] oom_kill_process.cold+0xd/0x321 [ 449.264945][T12998] out_of_memory+0x340/0x14f0 [ 449.264994][T12998] ? __pfx_out_of_memory+0x10/0x10 [ 449.265037][T12998] mem_cgroup_out_of_memory+0xc6/0x130 [ 449.265067][T12998] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 449.265093][T12998] ? find_held_lock+0x2b/0x80 [ 449.265126][T12998] ? do_raw_spin_unlock+0x145/0x1e0 [ 449.265166][T12998] ? _raw_spin_unlock+0x28/0x50 [ 449.265195][T12998] try_charge_memcg+0x652/0xc90 [ 449.265236][T12998] ? __pfx_try_charge_memcg+0x10/0x10 [ 449.265269][T12998] ? find_held_lock+0x2b/0x80 [ 449.265292][T12998] ? rcu_read_unlock+0x17/0x60 [ 449.265327][T12998] ? rcu_read_unlock+0x17/0x60 [ 449.265372][T12998] charge_memcg+0xa6/0x280 [ 449.265406][T12998] __mem_cgroup_charge+0x2b/0x1e0 [ 449.265445][T12998] filemap_add_folio+0xe7/0x690 [ 449.265480][T12998] ? __pfx_filemap_add_folio+0x10/0x10 [ 449.265523][T12998] __filemap_get_folio_mpol+0x5d5/0xe70 [ 449.265565][T12998] filemap_fault+0x8b6/0x37c0 [ 449.265605][T12998] ? __folio_batch_add_and_move+0x464/0xc60 [ 449.265639][T12998] ? __pfx_filemap_fault+0x10/0x10 [ 449.265677][T12998] ? __pfx_filemap_map_pages+0x10/0x10 [ 449.265718][T12998] __do_fault+0x10d/0x550 [ 449.265755][T12998] do_fault+0xaf9/0x1990 [ 449.265797][T12998] __handle_mm_fault+0x1807/0x2b50 [ 449.265834][T12998] ? __pfx___handle_mm_fault+0x10/0x10 [ 449.265864][T12998] ? __pte_offset_map_lock+0x174/0x320 [ 449.265899][T12998] ? find_held_lock+0x2b/0x80 [ 449.265934][T12998] ? follow_page_pte+0x5b4/0x1410 [ 449.265983][T12998] handle_mm_fault+0x36d/0xa20 [ 449.266016][T12998] __get_user_pages+0xf9c/0x34d0 [ 449.266066][T12998] ? __pfx___get_user_pages+0x10/0x10 [ 449.266112][T12998] get_dump_page+0x27e/0x3d0 [ 449.266150][T12998] ? __pfx_get_dump_page+0x10/0x10 [ 449.266188][T12998] ? dump_user_range+0x73b/0xb50 [ 449.266222][T12998] dump_user_range+0x18d/0xb50 [ 449.266256][T12998] ? __pfx_dump_user_range+0x10/0x10 [ 449.266294][T12998] ? __pfx_writenote+0x10/0x10 [ 449.266332][T12998] elf_core_dump+0x2d16/0x3c60 [ 449.266380][T12998] ? __pfx_elf_core_dump+0x10/0x10 [ 449.266407][T12998] ? kasan_save_stack+0x30/0x50 [ 449.266436][T12998] ? kasan_save_track+0x14/0x30 [ 449.266463][T12998] ? __kasan_kmalloc+0xaa/0xb0 [ 449.266491][T12998] ? __kvmalloc_node_noprof+0x34d/0xac0 [ 449.266520][T12998] ? vfs_coredump+0x1f01/0x5530 [ 449.266545][T12998] ? arch_do_signal_or_restart+0x91/0x770 [ 449.266577][T12998] ? irqentry_exit+0x1f8/0x670 [ 449.266604][T12998] ? asm_exc_general_protection+0x26/0x30 [ 449.266637][T12998] ? 0xffffffffff600000 [ 449.266713][T12998] ? vfs_coredump+0x276c/0x5530 [ 449.266738][T12998] vfs_coredump+0x276c/0x5530 [ 449.266777][T12998] ? __pfx_vfs_coredump+0x10/0x10 [ 449.266804][T12998] ? __lock_acquire+0x4a5/0x2630 [ 449.266843][T12998] ? __lock_acquire+0x4a5/0x2630 [ 449.266877][T12998] ? lock_acquire+0x17c/0x330 [ 449.266916][T12998] ? lock_acquire+0x17c/0x330 [ 449.266954][T12998] ? bpf_ksym_find+0x124/0x1c0 [ 449.266990][T12998] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 449.267030][T12998] ? arch_stack_walk+0xa6/0xf0 [ 449.267072][T12998] ? stack_trace_save+0x8e/0xc0 [ 449.267098][T12998] ? __pfx_stack_trace_save+0x10/0x10 [ 449.267126][T12998] ? stack_depot_save_flags+0x27/0x9c0 [ 449.267165][T12998] ? __lock_acquire+0x4a5/0x2630 [ 449.267256][T12998] ? proc_coredump_connector+0x2d3/0x4f0 [ 449.267297][T12998] ? __pfx_proc_coredump_connector+0x10/0x10 [ 449.267344][T12998] ? rcu_is_watching+0x12/0xc0 [ 449.267374][T12998] get_signal+0x1f2a/0x21e0 [ 449.267417][T12998] ? __pfx_get_signal+0x10/0x10 [ 449.267455][T12998] arch_do_signal_or_restart+0x91/0x770 [ 449.267491][T12998] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 449.267534][T12998] ? exc_general_protection+0x12e/0x250 [ 449.267579][T12998] irqentry_exit+0x1f8/0x670 [ 449.267611][T12998] asm_exc_general_protection+0x26/0x30 [ 449.267636][T12998] RIP: 0033:0x7f9ea979aec1 [ 449.267655][T12998] Code: 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f [ 449.267679][T12998] RSP: 002b:00002000000003c0 EFLAGS: 00010217 [ 449.267698][T12998] RAX: 0000000000000000 RBX: 00007f9ea9a16090 RCX: 00007f9ea979aeb9 [ 449.267714][T12998] RDX: 00002000000001c0 RSI: 00002000000003c0 RDI: 0000000080000000 [ 449.267731][T12998] RBP: 00007f9ea9808c1f R08: 0000200000000400 R09: 0000200000000400 [ 449.267747][T12998] R10: 0000200000000240 R11: 0000000000000206 R12: 0000000000000000 [ 449.267763][T12998] R13: 00007f9ea9a16128 R14: 00007f9ea9a16090 R15: 00007fff72e95c48 [ 449.267798][T12998] [ 449.787664][T12998] memory: usage 3072kB, limit 3072kB, failcnt 123053 [ 449.806405][T12998] memory+swap: usage 48052kB, limit 9007199254740988kB, failcnt 0 [ 449.880804][T12998] kmem: usage 2552kB, limit 9007199254740988kB, failcnt 0 [ 449.972556][T12998] Memory cgroup stats for /syz1: [ 449.972828][T12998] cache 245760 [ 449.990148][T12998] rss 65536 [ 450.016343][T12998] rss_huge 0 [ 450.045145][T12998] shmem 126976 [ 450.067327][T12998] mapped_file 4096 [ 450.098016][T12998] dirty 0 [ 450.132928][T12998] writeback 0 [ 450.141591][T12998] workingset_refault_anon 17979 [ 450.187651][T12998] workingset_refault_file 21770 [ 450.217575][T12998] swap 46059520 [ 450.232528][T12998] swapcached 221184 [ 450.248012][T12998] pgpgin 306936 [ 450.263782][T12998] pgpgout 310903 [ 450.284642][T12998] pgfault 331774 [ 450.300409][T12998] pgmajfault 7146 [ 450.319868][T12998] inactive_anon 385024 [ 450.323959][T12998] active_anon 24576 [ 450.329615][T12998] inactive_file 0 [ 450.333260][T12998] active_file 0 [ 450.336722][T12998] unevictable 0 [ 450.349514][T12998] hierarchical_memory_limit 3145728 [ 450.354731][T12998] hierarchical_memsw_limit 9223372036854771712 [ 450.373968][T12998] total_cache 245760 [ 450.377857][T12998] total_rss 65536 [ 450.385514][T12998] total_rss_huge 0 [ 450.389299][T12998] total_shmem 126976 [ 450.393197][T12998] total_mapped_file 4096 [ 450.398995][T12998] total_dirty 0 [ 450.418151][T12998] total_writeback 0 [ 450.426279][T12998] total_workingset_refault_anon 17979 [ 450.434794][T12998] total_workingset_refault_file 21770 [ 450.448980][T12998] total_swap 46059520 [ 450.452976][T12998] total_swapcached 221184 [ 450.457307][T12998] total_pgpgin 306936 [ 450.479563][T12998] total_pgpgout 310903 [ 450.487989][T12998] total_pgfault 331774 [ 450.495681][T12998] total_pgmajfault 7146 [ 450.519083][T12998] total_inactive_anon 385024 [ 450.533117][T12998] total_active_anon 24576 [ 450.542820][T12998] total_inactive_file 0 [ 450.551737][T12998] total_active_file 0 [ 450.562416][T12998] total_unevictable 0 [ 450.570269][T12998] anon_cost 333 [ 450.579605][T12998] file_cost 23 [ 450.586918][T12998] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz.1.1480,pid=12998,uid=0 [ 450.623255][T12998] Memory cgroup out of memory: Killed process 12998 (syz.1.1480) total-vm:102852kB, anon-rss:1428kB, file-rss:53864kB, shmem-rss:0kB, UID:0 pgtables:208kB oom_score_adj:1000 [ 450.666358][T13102] syz.0.1501 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 450.748762][T13291] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1535'. [ 450.790549][T13291] netlink: 'syz.3.1535': attribute type 1 has an invalid length. [ 450.863986][T13291] netlink: 'syz.3.1535': attribute type 6 has an invalid length. [ 450.979840][T13102] CPU: 1 UID: 0 PID: 13102 Comm: syz.0.1501 Not tainted syzkaller #0 PREEMPT(full) [ 450.979878][T13102] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 450.979895][T13102] Call Trace: [ 450.979904][T13102] [ 450.979914][T13102] dump_stack_lvl+0x100/0x190 [ 450.979953][T13102] dump_header+0xfb/0x606 [ 450.979983][T13102] oom_kill_process.cold+0xd/0x321 [ 450.980015][T13102] out_of_memory+0x340/0x14f0 [ 450.980058][T13102] ? __pfx_out_of_memory+0x10/0x10 [ 450.980104][T13102] mem_cgroup_out_of_memory+0xc6/0x130 [ 450.980133][T13102] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 450.980160][T13102] ? find_held_lock+0x2b/0x80 [ 450.980196][T13102] ? do_raw_spin_unlock+0x145/0x1e0 [ 450.980238][T13102] ? _raw_spin_unlock+0x28/0x50 [ 450.980270][T13102] try_charge_memcg+0x652/0xc90 [ 450.980316][T13102] ? __pfx_try_charge_memcg+0x10/0x10 [ 450.980352][T13102] ? find_held_lock+0x2b/0x80 [ 450.980378][T13102] ? rcu_read_unlock+0x17/0x60 [ 450.980416][T13102] ? rcu_read_unlock+0x17/0x60 [ 450.980467][T13102] charge_memcg+0xa6/0x280 [ 450.980504][T13102] __mem_cgroup_charge+0x2b/0x1e0 [ 450.980552][T13102] shmem_alloc_and_add_folio+0x451/0xd40 [ 450.980595][T13102] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 450.980629][T13102] ? shmem_allowable_huge_orders+0x2bd/0x400 [ 450.980663][T13102] ? do_fault+0x6a4/0x1990 [ 450.980708][T13102] shmem_get_folio_gfp+0x6ab/0x1900 [ 450.980750][T13102] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 450.980794][T13102] shmem_write_begin+0x1a4/0x420 [ 450.980831][T13102] ? __pfx_shmem_write_begin+0x10/0x10 [ 450.980868][T13102] ? balance_dirty_pages_ratelimited_flags+0x91/0x1170 [ 450.980917][T13102] generic_perform_write+0x292/0xa40 [ 450.980951][T13102] ? __pfx_shmem_file_write_iter+0x10/0x10 [ 450.980999][T13102] ? __pfx_generic_perform_write+0x10/0x10 [ 450.981038][T13102] ? file_update_time_flags+0x31f/0x510 [ 450.981080][T13102] ? __pfx_shmem_file_write_iter+0x10/0x10 [ 450.981117][T13102] shmem_file_write_iter+0x10e/0x140 [ 450.981158][T13102] __kernel_write_iter+0x2ac/0x920 [ 450.981193][T13102] ? __pfx___kernel_write_iter+0x10/0x10 [ 450.981224][T13102] ? __up_read+0x2c5/0x700 [ 450.981266][T13102] ? dump_user_range+0x73b/0xb50 [ 450.981295][T13102] ? __sanitizer_cov_trace_pc+0x3f/0x70 [ 450.981330][T13102] dump_user_range+0x3f9/0xb50 [ 450.981368][T13102] ? __pfx_dump_user_range+0x10/0x10 [ 450.981409][T13102] ? __pfx_writenote+0x10/0x10 [ 450.981451][T13102] elf_core_dump+0x2d16/0x3c60 [ 450.981505][T13102] ? __pfx_elf_core_dump+0x10/0x10 [ 450.981536][T13102] ? __pick_eevdf+0x14c/0x430 [ 450.981584][T13102] ? find_held_lock+0x2b/0x80 [ 450.981611][T13102] ? 0xffffffffff600000 [ 450.981633][T13102] ? rcu_is_watching+0x12/0xc0 [ 450.981658][T13102] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 450.981687][T13102] ? lockdep_hardirqs_on+0x78/0x100 [ 450.981777][T13102] ? vfs_coredump+0x276c/0x5530 [ 450.981804][T13102] vfs_coredump+0x276c/0x5530 [ 450.981849][T13102] ? __pfx_vfs_coredump+0x10/0x10 [ 450.981878][T13102] ? __lock_acquire+0x4a5/0x2630 [ 450.981921][T13102] ? __lock_acquire+0x4a5/0x2630 [ 450.981961][T13102] ? lock_acquire+0x17c/0x330 [ 450.982004][T13102] ? lock_acquire+0x17c/0x330 [ 450.982046][T13102] ? bpf_ksym_find+0x124/0x1c0 [ 450.982081][T13102] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 450.982126][T13102] ? arch_stack_walk+0xa6/0xf0 [ 450.982173][T13102] ? stack_trace_save+0x8e/0xc0 [ 450.982203][T13102] ? __pfx_stack_trace_save+0x10/0x10 [ 450.982234][T13102] ? stack_depot_save_flags+0x27/0x9c0 [ 450.982276][T13102] ? __lock_acquire+0x4a5/0x2630 [ 450.982382][T13102] ? proc_coredump_connector+0x2d3/0x4f0 [ 450.982426][T13102] ? __pfx_proc_coredump_connector+0x10/0x10 [ 450.982479][T13102] ? rcu_is_watching+0x12/0xc0 [ 450.982511][T13102] get_signal+0x1f2a/0x21e0 [ 450.982566][T13102] ? __pfx_get_signal+0x10/0x10 [ 450.982596][T13102] ? find_held_lock+0x2b/0x80 [ 450.982621][T13102] ? bad_area_access_error+0xab/0x1d0 [ 450.982651][T13102] ? fixup_vdso_exception+0x2d1/0x370 [ 450.982702][T13102] arch_do_signal_or_restart+0x91/0x770 [ 450.982741][T13102] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 450.982789][T13102] ? do_user_addr_fault+0x8d6/0x12f0 [ 450.982829][T13102] irqentry_exit+0x1f8/0x670 [ 450.982865][T13102] asm_exc_page_fault+0x26/0x30 [ 450.982892][T13102] RIP: 0033:0x0 [ 450.982910][T13102] Code: Unable to access opcode bytes at 0xffffffffffffffd6. [ 450.982923][T13102] RSP: 002b:000000000000000a EFLAGS: 00010217 [ 450.982944][T13102] RAX: 0000000000000000 RBX: 00007ff3c6615fa0 RCX: 00007ff3c639aeb9 [ 450.982962][T13102] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000020003b46 [ 450.982979][T13102] RBP: 00007ff3c6408c1f R08: 0000000000000002 R09: 0000000000000000 [ 450.982995][T13102] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 450.983012][T13102] R13: 00007ff3c6616038 R14: 00007ff3c6615fa0 R15: 00007ffd17d5a338 [ 450.983052][T13102] [ 450.983062][T13102] memory: usage 307196kB, limit 307200kB, failcnt 17277 [ 451.878145][T13102] memory+swap: usage 395692kB, limit 9007199254740988kB, failcnt 0 [ 451.942766][T13102] kmem: usage 7404kB, limit 9007199254740988kB, failcnt 0 [ 451.950175][T13102] Memory cgroup stats for /syz0: [ 451.950364][T13102] cache 299155456 [ 451.989801][T13102] rss 6602752 [ 452.140251][T13102] rss_huge 6291456 [ 452.144719][T13102] shmem 299155456 [ 452.148372][T13102] mapped_file 39731200 [ 452.229444][T13303] random: crng reseeded on system resumption [ 452.236841][T13102] dirty 0 [ 452.279490][T13102] writeback 0 [ 452.282800][T13102] workingset_refault_anon 3833 [ 452.287565][T13102] workingset_refault_file 10986 [ 452.344639][T13102] swap 92270592 [ 452.348140][T13102] swapcached 1228800 [ 452.501492][T13102] pgpgin 551144 [ 452.504991][T13102] pgpgout 491046 [ 452.597567][T13102] pgfault 294189 [ 452.627776][T13102] pgmajfault 616 [ 452.631324][T13102] inactive_anon 183324672 [ 452.679899][T13102] active_anon 123506688 [ 452.684062][T13102] inactive_file 0 [ 452.687984][T13318] [ 452.781383][T13102] active_file 0 [ 452.802137][T13102] unevictable 0 [ 452.805626][T13102] hierarchical_memory_limit 314572800 [ 452.841784][T13102] hierarchical_memsw_limit 9223372036854771712 [ 452.856515][T13102] total_cache 299155456 [ 452.877729][T13321] xs_local_setup_socket: unhandled error (13) connecting to /var/run/rpcbind.sock [ 452.899146][T13102] total_rss 6602752 [ 452.903007][T13102] total_rss_huge 6291456 [ 452.907368][T13102] total_shmem 299155456 [ 452.911526][T13102] total_mapped_file 39731200 [ 452.916206][T13102] total_dirty 0 [ 452.919758][T13102] total_writeback 0 [ 452.923570][T13102] total_workingset_refault_anon 3833 [ 452.930885][T13102] total_workingset_refault_file 10986 [ 452.936332][T13102] total_swap 92270592 [ 452.940394][T13102] total_swapcached 1228800 [ 452.952004][T13102] total_pgpgin 551144 [ 452.956643][T13102] total_pgpgout 491046 [ 452.960786][T13102] total_pgfault 294189 [ 452.964864][T13102] total_pgmajfault 616 [ 452.968985][T13102] total_inactive_anon 183324672 [ 452.973899][T13102] total_active_anon 123506688 [ 452.985740][T13102] total_inactive_file 0 [ 452.989911][T13102] total_active_file 0 [ 453.024398][T13102] total_unevictable 0 [ 453.048845][T13102] anon_cost 12313 [ 453.052500][T13102] file_cost 0 [ 453.109757][T13102] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz.0.1501,pid=13123,uid=0 [ 453.289915][T13102] Memory cgroup out of memory: Killed process 13123 (syz.0.1501) total-vm:132048kB, anon-rss:5356kB, file-rss:39956kB, shmem-rss:16380kB, UID:0 pgtables:212kB oom_score_adj:0 [ 454.254841][T13340] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1546'. [ 454.742030][T13341] Process accounting resumed [ 454.888746][ C0] vcan0: j1939_tp_rxtimer: 0xffff8880460cd800: rx timeout, send abort [ 454.897235][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff8880460cd800: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 455.420321][ T32] oom_reaper: reaped process 13123 (syz.0.1501), now anon-rss:12kB, file-rss:26552kB, shmem-rss:0kB [ 455.585485][T13357] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1549'. [ 456.021926][T13357] veth1_macvtap: left promiscuous mode [ 456.076687][T13349] Process accounting resumed [ 456.556883][T13364] Invalid ELF header magic: != ELF [ 461.090856][T13419] syz.1.1562 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=1, oom_score_adj=1000 [ 461.121915][T13419] CPU: 1 UID: 0 PID: 13419 Comm: syz.1.1562 Not tainted syzkaller #0 PREEMPT(full) [ 461.121952][T13419] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 461.121969][T13419] Call Trace: [ 461.121978][T13419] [ 461.121988][T13419] dump_stack_lvl+0x100/0x190 [ 461.122014][T13419] dump_header+0xfb/0x606 [ 461.122031][T13419] oom_kill_process.cold+0xd/0x321 [ 461.122047][T13419] out_of_memory+0x340/0x14f0 [ 461.122071][T13419] ? __pfx_out_of_memory+0x10/0x10 [ 461.122095][T13419] mem_cgroup_out_of_memory+0xc6/0x130 [ 461.122111][T13419] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 461.122126][T13419] ? find_held_lock+0x2b/0x80 [ 461.122145][T13419] ? do_raw_spin_unlock+0x145/0x1e0 [ 461.122168][T13419] ? _raw_spin_unlock+0x28/0x50 [ 461.122185][T13419] try_charge_memcg+0x652/0xc90 [ 461.122209][T13419] ? __pfx_try_charge_memcg+0x10/0x10 [ 461.122229][T13419] ? rcu_read_unlock+0x17/0x60 [ 461.122249][T13419] ? rcu_read_unlock+0x17/0x60 [ 461.122274][T13419] ? get_mem_cgroup_from_objcg+0xd3/0x330 [ 461.122293][T13419] obj_cgroup_charge_account+0x335/0x7e0 [ 461.122318][T13419] __memcg_slab_post_alloc_hook+0x2e4/0x880 [ 461.122344][T13419] ? __register_sysctl_table+0xac/0x1650 [ 461.122369][T13419] __kmalloc_noprof+0x777/0x9c0 [ 461.122383][T13419] ? __pfx_vsnprintf+0x10/0x10 [ 461.122404][T13419] ? __register_sysctl_table+0xac/0x1650 [ 461.122427][T13419] __register_sysctl_table+0xac/0x1650 [ 461.122449][T13419] ? is_module_address+0x5f/0xf0 [ 461.122474][T13419] ? __pfx___register_sysctl_table+0x10/0x10 [ 461.122496][T13419] ? is_module_address+0x69/0xf0 [ 461.122515][T13419] ? register_net_sysctl_sz+0x222/0x430 [ 461.122543][T13419] __devinet_sysctl_register+0x1b9/0x360 [ 461.122562][T13419] ? __pfx_neigh_sysctl_register+0x10/0x10 [ 461.122584][T13419] ? inetdev_init+0x245/0x570 [ 461.122600][T13419] ? __pfx___devinet_sysctl_register+0x10/0x10 [ 461.122617][T13419] ? copy_net_ns+0x46f/0x7c0 [ 461.122631][T13419] ? create_new_namespaces+0x3ea/0xab0 [ 461.122646][T13419] ? unshare_nsproxy_namespaces+0xc3/0x1f0 [ 461.122662][T13419] ? ksys_unshare+0x455/0xab0 [ 461.122682][T13419] ? __x64_sys_unshare+0x31/0x40 [ 461.122701][T13419] ? do_syscall_64+0xc9/0xf80 [ 461.122718][T13419] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 461.122735][T13419] devinet_sysctl_register+0x17b/0x210 [ 461.122752][T13419] inetdev_init+0x2b8/0x570 [ 461.122767][T13419] inetdev_event+0x7fa/0x17f0 [ 461.122782][T13419] ? ib_netdevice_event+0xfc/0x330 [ 461.122800][T13419] ? __pfx_inetdev_event+0x10/0x10 [ 461.122820][T13419] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 461.122839][T13419] notifier_call_chain+0x99/0x3b0 [ 461.122863][T13419] call_netdevice_notifiers_info+0xbe/0x110 [ 461.122882][T13419] register_netdevice+0x16b9/0x21d0 [ 461.122900][T13419] ? __pfx_register_netdevice+0x10/0x10 [ 461.122924][T13419] ? alloc_netdev_mqs+0x1163/0x14f0 [ 461.122950][T13419] register_netdev+0x34/0x50 [ 461.122964][T13419] sit_init_net+0x2c0/0x5f0 [ 461.122982][T13419] ? __pfx_sit_init_net+0x10/0x10 [ 461.122999][T13419] ops_init+0x1e2/0x5f0 [ 461.123024][T13419] setup_net+0x118/0x3a0 [ 461.123037][T13419] ? __pfx_setup_net+0x10/0x10 [ 461.123059][T13419] ? lockdep_init_map_type+0x5c/0x250 [ 461.123079][T13419] ? mutex_init_lockep+0x110/0x150 [ 461.123103][T13419] copy_net_ns+0x46f/0x7c0 [ 461.123120][T13419] create_new_namespaces+0x3ea/0xab0 [ 461.123141][T13419] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 461.123160][T13419] ksys_unshare+0x455/0xab0 [ 461.123181][T13419] ? __pfx_ksys_unshare+0x10/0x10 [ 461.123202][T13419] ? ksys_read+0x1ac/0x250 [ 461.123225][T13419] __x64_sys_unshare+0x31/0x40 [ 461.123245][T13419] do_syscall_64+0xc9/0xf80 [ 461.123264][T13419] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 461.123279][T13419] RIP: 0033:0x7f9ea979aeb9 [ 461.123292][T13419] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 461.123306][T13419] RSP: 002b:00007f9eaa5f8028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 461.123321][T13419] RAX: ffffffffffffffda RBX: 00007f9ea9a16090 RCX: 00007f9ea979aeb9 [ 461.123330][T13419] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 461.123339][T13419] RBP: 00007f9ea9808c1f R08: 0000000000000000 R09: 0000000000000000 [ 461.123348][T13419] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 461.123357][T13419] R13: 00007f9ea9a16128 R14: 00007f9ea9a16090 R15: 00007fff72e95c48 [ 461.123377][T13419] [ 462.028947][T13419] memory: usage 3072kB, limit 3072kB, failcnt 126271 [ 462.049823][T13419] memory+swap: usage 5616kB, limit 9007199254740988kB, failcnt 0 [ 462.057789][T13419] kmem: usage 2968kB, limit 9007199254740988kB, failcnt 0 [ 462.065504][T13419] Memory cgroup stats for /syz1: [ 462.065946][T13419] cache 0 [ 462.074517][T13419] rss 8192 [ 462.077632][T13419] rss_huge 0 [ 462.081130][T13419] shmem 0 [ 462.084126][T13419] mapped_file 0 [ 462.087700][T13419] dirty 0 [ 462.091882][T13419] writeback 0 [ 462.095262][T13419] workingset_refault_anon 18591 [ 462.112647][T13419] workingset_refault_file 21771 [ 462.117523][T13419] swap 2605056 [ 462.124052][T13419] swapcached 102400 [ 462.127875][T13419] pgpgin 310966 [ 462.206390][T13419] pgpgout 315037 [ 462.215368][T13419] pgfault 338168 [ 462.219903][T13419] pgmajfault 7365 [ 462.223576][T13419] inactive_anon 0 [ 462.247645][T13419] active_anon 0 [ 462.251549][T13419] inactive_file 0 [ 462.258626][T13419] active_file 0 [ 462.263579][T13419] unevictable 0 [ 462.267072][T13419] hierarchical_memory_limit 3145728 [ 462.283753][T13419] hierarchical_memsw_limit 9223372036854771712 [ 462.290024][T13419] total_cache 0 [ 462.293500][T13419] total_rss 8192 [ 462.297136][T13419] total_rss_huge 0 [ 462.324901][T13419] total_shmem 0 [ 462.335004][T13419] total_mapped_file 0 [ 462.345173][T13419] total_dirty 0 [ 462.347643][T13436] openvswitch: netlink: Tunnel attr 0 has unexpected len 0 expected 8 [ 462.367540][T13419] total_writeback 0 [ 462.371646][T13419] total_workingset_refault_anon 18591 [ 462.381241][T13419] total_workingset_refault_file 21771 [ 462.386661][T13419] total_swap 2605056 [ 462.391297][T13419] total_swapcached 102400 [ 462.449798][T13419] total_pgpgin 310966 [ 462.470265][T13419] total_pgpgout 315037 [ 462.500382][T13419] total_pgfault 338168 [ 462.535400][T13419] total_pgmajfault 7365 [ 462.631840][T13419] total_inactive_anon 0 [ 462.641333][T13419] total_active_anon 0 [ 462.645691][T13419] total_inactive_file 0 [ 462.667051][T13419] total_active_file 0 [ 462.671513][T13419] total_unevictable 0 [ 462.762860][T13419] anon_cost 356 [ 462.774951][T13419] file_cost 0 [ 462.778264][T13419] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz.1.1562,pid=13417,uid=0 [ 462.925830][T13419] Memory cgroup out of memory: Killed process 13417 (syz.1.1562) total-vm:176468kB, anon-rss:1336kB, file-rss:31324kB, shmem-rss:0kB, UID:0 pgtables:180kB oom_score_adj:1000 [ 463.668287][T13451] sysfs_service_op_show: Client not running :-5: [ 464.738969][T13476] netlink: 330 bytes leftover after parsing attributes in process `syz.2.1574'. [ 465.080780][T13485] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1576'. [ 465.419185][T13485] bridge0: port 2(bridge_slave_1) entered disabled state [ 465.648446][T13485] bridge_slave_1 (unregistering): left allmulticast mode [ 465.655839][T13485] bridge_slave_1 (unregistering): left promiscuous mode [ 465.678334][T13485] bridge0: port 2(bridge_slave_1) entered disabled state [ 468.098838][T13532] random: crng reseeded on system resumption [ 468.327364][ T7712] Bluetooth: hci2: unexpected subevent 0x03 length: 253 > 9 [ 468.611856][T13549] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(10.0.1), cmd(2) [ 469.179857][T13552] could not allocate digest TFM handle [ 469.248295][T13552] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1588'. [ 469.374493][T13524] Process accounting resumed [ 469.449997][T13552] team0: Port device team_slave_1 removed [ 471.370910][T13597] netlink: 'syz.0.1597': attribute type 33 has an invalid length. [ 471.667056][ T30] audit: type=1800 audit(4294995132.150:52): pid=13591 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.1595" name="lu_gp_id" dev="configfs" ino=54374 res=0 errno=0 [ 471.813268][ C1] vcan0: j1939_tp_rxtimer: 0xffff88805bc3b000: rx timeout, send abort [ 471.821751][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88805bc3b000: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 471.952971][T13609] zswap: compressor not available [ 472.160360][T13623] Ignoring unsupported numa_zonelist_order value: [ 472.423865][T13628] __vm_enough_memory: pid: 13628, comm: syz.1.1604, bytes: 4398046511104 not enough memory for the allocation [ 473.440118][T13641] netlink: 'syz.0.1606': attribute type 1 has an invalid length. [ 474.139970][ T30] audit: type=1800 audit(4294995134.633:53): pid=13659 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.1608" name="lu_gp_id" dev="configfs" ino=55504 res=0 errno=0 [ 475.232282][ T7712] Bluetooth: hci5: Opcode 0x0c03 failed: -110 [ 475.567787][T13674] Format for unlinking a device is "netnsfd:ifidx" (int uint). [ 475.692876][T13674] ptp ptp0: new virtual clock ptp1 [ 475.713917][T13674] ptp ptp0: new virtual clock ptp2 [ 475.748514][T13674] ptp ptp0: new virtual clock ptp3 [ 475.757448][T13674] ptp ptp0: guarantee physical clock free running [ 476.010303][T13686] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1614'. [ 476.873888][T13655] kexec: Could not allocate control_code_buffer [ 477.708368][T13727] snd_virmidi snd_virmidi.0: control 61678:131081:3:y>o[k<:0 is already present [ 478.486275][ T30] audit: type=1800 audit(4294995139.005:54): pid=13746 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.1626" name="lu_gp_id" dev="configfs" ino=54691 res=0 errno=0 [ 479.222627][ T30] audit: type=1800 audit(4294995139.739:55): pid=13748 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.1628" name="lu_gp_id" dev="configfs" ino=54720 res=0 errno=0 [ 480.450685][T13788] random: crng reseeded on system resumption [ 483.895110][T13849] EXT4-fs error (device sda1): trigger_test_error:129: comm syz.0.1647: 7 [ 484.662910][T13865] random: crng reseeded on system resumption [ 486.047323][ T7712] Bluetooth: hci0: Unexpected cc 0x7c89 with no status [ 486.123251][T13882] Process accounting paused [ 486.842354][ C0] vcan0: j1939_tp_rxtimer: 0xffff8880269ba000: rx timeout, send abort [ 486.850880][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff8880269ba000: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 487.100117][ C1] vcan0: j1939_tp_rxtimer: 0xffff888030aa5c00: rx timeout, send abort [ 487.108552][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff888030aa5c00: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 487.348354][T13938] ACPI: Enabling force_remove is not supported anymore. Please report to linux-acpi@vger.kernel.org if you depend on this functionality [ 487.426421][T13938] openvswitch: netlink: Tunnel attr 242 out of range max 16 [ 488.063229][T13957] netlink: 342 bytes leftover after parsing attributes in process `syz.3.1670'. [ 488.092531][T13958] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1670'. [ 488.101678][T13957] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1670'. [ 488.123961][T13958] veth0_macvtap: left promiscuous mode [ 488.328361][T13962] Invalid ELF header magic: != ELF [ 488.578388][T13962] input: jJǸ;9%vlQ J86 as /devices/virtual/input/input21 [ 488.601071][T13962] FAULT_INJECTION: forcing a failure. [ 488.601071][T13962] name failslab, interval 1, probability 0, space 0, times 0 [ 488.621206][T13962] CPU: 0 UID: 0 PID: 13962 Comm: syz.3.1672 Not tainted syzkaller #0 PREEMPT(full) [ 488.621246][T13962] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 488.621264][T13962] Call Trace: [ 488.621274][T13962] [ 488.621284][T13962] dump_stack_lvl+0x100/0x190 [ 488.621325][T13962] should_fail_ex.cold+0x5/0xa [ 488.621374][T13962] should_failslab+0xc2/0x120 [ 488.621414][T13962] kmem_cache_alloc_noprof+0x83/0x780 [ 488.621452][T13962] ? __kernfs_new_node+0xd2/0x960 [ 488.621497][T13962] ? __kernfs_new_node+0xd2/0x960 [ 488.621535][T13962] __kernfs_new_node+0xd2/0x960 [ 488.621573][T13962] ? kernfs_add_one+0x583/0x850 [ 488.621620][T13962] ? __pfx___kernfs_new_node+0x10/0x10 [ 488.621669][T13962] ? find_held_lock+0x2b/0x80 [ 488.621696][T13962] ? kernfs_root+0xee/0x2a0 [ 488.621733][T13962] ? kernfs_root+0xee/0x2a0 [ 488.621780][T13962] kernfs_new_node+0x11b/0x1a0 [ 488.621830][T13962] __kernfs_create_file+0x53/0x350 [ 488.621873][T13962] sysfs_add_file_mode_ns+0x207/0x3c0 [ 488.621920][T13962] sysfs_create_file_ns+0x145/0x1e0 [ 488.621959][T13962] ? __pfx_sysfs_create_file_ns+0x10/0x10 [ 488.621998][T13962] ? __pfx___up_read+0x10/0x10 [ 488.622042][T13962] ? acpi_device_notify+0x464/0x500 [ 488.622076][T13962] ? kobject_put+0xb9/0x640 [ 488.622118][T13962] device_create_file+0xf2/0x1d0 [ 488.622167][T13962] device_add+0x2cb/0x1950 [ 488.622211][T13962] ? __pfx_device_add+0x10/0x10 [ 488.622257][T13962] ? kobject_get+0xbb/0x150 [ 488.622297][T13962] cdev_device_add+0x12b/0x270 [ 488.622335][T13962] evdev_connect+0x3a8/0x4b0 [ 488.622378][T13962] input_attach_handler.isra.0+0x177/0x1e0 [ 488.622421][T13962] input_register_device.cold+0x139/0x375 [ 488.622475][T13962] uinput_ioctl_handler.isra.0+0x8d8/0x1d10 [ 488.622522][T13962] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 488.622567][T13962] ? __pfx_uinput_ioctl_handler.isra.0+0x10/0x10 [ 488.622624][T13962] ? find_held_lock+0x2b/0x80 [ 488.622651][T13962] ? hook_file_ioctl_common+0x146/0x410 [ 488.622711][T13962] ? __pfx_uinput_ioctl+0x10/0x10 [ 488.622757][T13962] __x64_sys_ioctl+0x18e/0x210 [ 488.622805][T13962] do_syscall_64+0xc9/0xf80 [ 488.622844][T13962] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 488.622880][T13962] RIP: 0033:0x7f334699aeb9 [ 488.622903][T13962] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 488.622931][T13962] RSP: 002b:00007f334793b028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 488.622958][T13962] RAX: ffffffffffffffda RBX: 00007f3346c15fa0 RCX: 00007f334699aeb9 [ 488.622978][T13962] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000006 [ 488.622996][T13962] RBP: 00007f3346a08c1f R08: 0000000000000000 R09: 0000000000000000 [ 488.623014][T13962] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 488.623032][T13962] R13: 00007f3346c16038 R14: 00007f3346c15fa0 R15: 00007ffe974d2ee8 [ 488.623072][T13962] [ 489.129768][T13962] input: failed to attach handler evdev to device input21, error: -12 [ 489.704336][ C0] vcan0: j1939_tp_rxtimer: 0xffff88805c5eb000: rx timeout, send abort [ 489.712866][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff88805c5eb000: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 491.967413][T14058] ptp ptp0: delete virtual clock ptp3 [ 492.051903][T14058] ptp ptp0: delete virtual clock ptp2 [ 492.090453][T14058] ptp ptp0: guarantee physical clock free running [ 492.106429][T14063] ptp ptp0: delete virtual clock ptp1 [ 492.204727][T14063] ptp ptp0: only physical clock in use now [ 493.618670][ T7712] Bluetooth: hci5: Opcode 0x0c03 failed: -110 [ 494.075474][T14095] FAULT_INJECTION: forcing a failure. [ 494.075474][T14095] name failslab, interval 1, probability 0, space 0, times 0 [ 494.144908][T14098] binder: 14096:14098 ioctl c018620c 0 returned -1 [ 494.145478][T14095] CPU: 1 UID: 0 PID: 14095 Comm: syz.1.1696 Not tainted syzkaller #0 PREEMPT(full) [ 494.145514][T14095] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 494.145539][T14095] Call Trace: [ 494.145548][T14095] [ 494.145559][T14095] dump_stack_lvl+0x100/0x190 [ 494.145599][T14095] should_fail_ex.cold+0x5/0xa [ 494.145645][T14095] should_failslab+0xc2/0x120 [ 494.145685][T14095] __kmalloc_cache_noprof+0x80/0x810 [ 494.145715][T14095] ? snd_timer_user_open+0x6b/0x180 [ 494.145757][T14095] ? snd_timer_user_open+0x6b/0x180 [ 494.145790][T14095] ? stream_open+0xd/0x50 [ 494.145818][T14095] ? __pfx_snd_timer_user_open+0x10/0x10 [ 494.145851][T14095] snd_timer_user_open+0x6b/0x180 [ 494.145887][T14095] snd_open+0x22d/0x4c0 [ 494.145919][T14095] ? __pfx_snd_open+0x10/0x10 [ 494.145948][T14095] chrdev_open+0x234/0x6a0 [ 494.145981][T14095] ? __pfx_apparmor_file_open+0x10/0x10 [ 494.146018][T14095] ? __pfx_chrdev_open+0x10/0x10 [ 494.146053][T14095] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 494.146094][T14095] do_dentry_open+0x73e/0x1570 [ 494.146127][T14095] ? __pfx_chrdev_open+0x10/0x10 [ 494.146162][T14095] ? security_inode_permission+0xbf/0x250 [ 494.146209][T14095] vfs_open+0x82/0x3f0 [ 494.146252][T14095] path_openat+0x21dc/0x3120 [ 494.146295][T14095] ? __pfx_path_openat+0x10/0x10 [ 494.146340][T14095] do_filp_open+0x1f7/0x420 [ 494.146375][T14095] ? __pfx_do_filp_open+0x10/0x10 [ 494.146431][T14095] ? _raw_spin_unlock+0x28/0x50 [ 494.146458][T14095] ? alloc_fd+0x476/0x790 [ 494.146499][T14095] do_sys_openat2+0x12e/0x220 [ 494.146546][T14095] ? __pfx_do_sys_openat2+0x10/0x10 [ 494.146592][T14095] ? __fget_files+0x21f/0x3d0 [ 494.146629][T14095] __x64_sys_openat+0x12d/0x210 [ 494.146673][T14095] ? __pfx___x64_sys_openat+0x10/0x10 [ 494.146715][T14095] ? xfd_validate_state+0x129/0x190 [ 494.146769][T14095] do_syscall_64+0xc9/0xf80 [ 494.146805][T14095] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 494.146833][T14095] RIP: 0033:0x7f9ea979aeb9 [ 494.146855][T14095] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 494.146880][T14095] RSP: 002b:00007f9eaa5f8028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 494.146906][T14095] RAX: ffffffffffffffda RBX: 00007f9ea9a16090 RCX: 00007f9ea979aeb9 [ 494.146925][T14095] RDX: 0000000000000000 RSI: 0000200000000100 RDI: ffffffffffffff9c [ 494.146943][T14095] RBP: 00007f9ea9808c1f R08: 0000000000000000 R09: 0000000000000000 [ 494.146960][T14095] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 494.146977][T14095] R13: 00007f9ea9a16128 R14: 00007f9ea9a16090 R15: 00007fff72e95c48 [ 494.147013][T14095] [ 494.956385][T14111] can: request_module (can-proto-0) failed. [ 495.085523][T14117] can: request_module (can-proto-0) failed. [ 496.282757][T14149] netlink: 'syz.1.1707': attribute type 1 has an invalid length. [ 496.336005][T14149] FAULT_INJECTION: forcing a failure. [ 496.336005][T14149] name failslab, interval 1, probability 0, space 0, times 0 [ 496.351455][T14149] CPU: 0 UID: 0 PID: 14149 Comm: syz.1.1707 Not tainted syzkaller #0 PREEMPT(full) [ 496.351491][T14149] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 496.351507][T14149] Call Trace: [ 496.351515][T14149] [ 496.351526][T14149] dump_stack_lvl+0x100/0x190 [ 496.351565][T14149] should_fail_ex.cold+0x5/0xa [ 496.351612][T14149] should_failslab+0xc2/0x120 [ 496.351652][T14149] __kmalloc_cache_noprof+0x80/0x810 [ 496.351682][T14149] ? io_uring_setup.cold+0x6c/0x1a89 [ 496.351725][T14149] ? io_uring_setup.cold+0x6c/0x1a89 [ 496.351761][T14149] io_uring_setup.cold+0x6c/0x1a89 [ 496.351802][T14149] ? __pfx_io_uring_setup+0x10/0x10 [ 496.351839][T14149] ? do_futex+0x192/0x350 [ 496.351876][T14149] ? __pfx_do_futex+0x10/0x10 [ 496.351903][T14149] ? arch_syscall_is_vdso_sigreturn+0xb6/0x200 [ 496.351928][T14149] ? syscall_user_dispatch+0x76/0x130 [ 496.351953][T14149] __x64_sys_io_uring_setup+0xc2/0x170 [ 496.351972][T14149] do_syscall_64+0xc9/0xf80 [ 496.351996][T14149] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 496.352011][T14149] RIP: 0033:0x7f9ea979aeb9 [ 496.352023][T14149] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 496.352038][T14149] RSP: 002b:00007f9eaa5f8028 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 496.352060][T14149] RAX: ffffffffffffffda RBX: 00007f9ea9a16090 RCX: 00007f9ea979aeb9 [ 496.352070][T14149] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006 [ 496.352079][T14149] RBP: 00007f9ea9808c1f R08: 0000000000000000 R09: 0000000000000000 [ 496.352088][T14149] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 496.352097][T14149] R13: 00007f9ea9a16128 R14: 00007f9ea9a16090 R15: 00007fff72e95c48 [ 496.352116][T14149] [ 496.827461][T14167] netlink: 'syz.3.1710': attribute type 1 has an invalid length. [ 498.360697][T14214] hub 1-0:1.0: USB hub found [ 498.366907][T14214] hub 1-0:1.0: 1 port detected [ 499.274086][T14205] Process accounting paused [ 500.301281][T14261] netlink: 'syz.2.1734': attribute type 4 has an invalid length. [ 500.347501][T14261] netlink: 302 bytes leftover after parsing attributes in process `syz.2.1734'. [ 500.495057][T14268] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1737'. [ 500.575468][T14268] team0 (unregistering): Port device team_slave_0 removed [ 500.630273][T14268] team0 (unregistering): Port device team_slave_1 removed [ 503.063897][T14358] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1752'. [ 503.268901][T14370] netlink: 334 bytes leftover after parsing attributes in process `syz.3.1754'. [ 503.449594][T14373] random: crng reseeded on system resumption [ 503.968409][T14381] kvm: kvm [14379]: vcpu2, guest rIP: 0xfff0 Unhandled RDMSR(0x40000085) [ 504.378874][T14388] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1758'. [ 505.318364][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 505.324745][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 506.618604][ T30] audit: type=1800 audit(4294967338.539:56): pid=14445 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.1768" name="lu_gp_id" dev="configfs" ino=59022 res=0 errno=0 [ 506.851148][T14452] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1771'. [ 508.000802][ T7712] Bluetooth: hci2: unexpected event 0x3e length: 508 > 260 [ 508.000839][ T7712] Bluetooth: hci2: unexpected subevent 0x02 length: 507 > 260 [ 508.015707][ T7712] Bluetooth: hci2: Dropping invalid advertising data [ 508.022453][ T7712] Bluetooth: hci2: Dropping invalid advertising data [ 508.022586][T14486] FAULT_INJECTION: forcing a failure. [ 508.022586][T14486] name failslab, interval 1, probability 0, space 0, times 0 [ 508.029209][ T7712] Bluetooth: hci2: Malformed LE Event: 0x02 [ 508.149350][T14486] CPU: 1 UID: 0 PID: 14486 Comm: syz.3.1779 Not tainted syzkaller #0 PREEMPT(full) [ 508.149385][T14486] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 508.149401][T14486] Call Trace: [ 508.149409][T14486] [ 508.149419][T14486] dump_stack_lvl+0x100/0x190 [ 508.149456][T14486] should_fail_ex.cold+0x5/0xa [ 508.149499][T14486] should_failslab+0xc2/0x120 [ 508.149529][T14486] __kmalloc_cache_noprof+0x80/0x810 [ 508.149545][T14486] ? usbdev_open+0x9d/0x870 [ 508.149561][T14486] ? usbdev_open+0x9d/0x870 [ 508.149573][T14486] usbdev_open+0x9d/0x870 [ 508.149587][T14486] ? kobject_get_unless_zero+0x156/0x200 [ 508.149607][T14486] ? __pfx_usbdev_open+0x10/0x10 [ 508.149619][T14486] ? chrdev_open+0x10b/0x6a0 [ 508.149636][T14486] ? chrdev_open+0x10b/0x6a0 [ 508.149656][T14486] ? __pfx_usbdev_open+0x10/0x10 [ 508.149669][T14486] chrdev_open+0x234/0x6a0 [ 508.149685][T14486] ? __pfx_apparmor_file_open+0x10/0x10 [ 508.149705][T14486] ? __pfx_chrdev_open+0x10/0x10 [ 508.149724][T14486] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 508.149745][T14486] do_dentry_open+0x73e/0x1570 [ 508.149763][T14486] ? __pfx_chrdev_open+0x10/0x10 [ 508.149780][T14486] ? security_inode_permission+0xbf/0x250 [ 508.149806][T14486] vfs_open+0x82/0x3f0 [ 508.149829][T14486] path_openat+0x21dc/0x3120 [ 508.149852][T14486] ? __pfx_path_openat+0x10/0x10 [ 508.149876][T14486] do_filp_open+0x1f7/0x420 [ 508.149894][T14486] ? __pfx_do_filp_open+0x10/0x10 [ 508.149924][T14486] ? _raw_spin_unlock+0x28/0x50 [ 508.149938][T14486] ? alloc_fd+0x476/0x790 [ 508.149960][T14486] do_sys_openat2+0x12e/0x220 [ 508.149981][T14486] ? __pfx_do_sys_openat2+0x10/0x10 [ 508.150005][T14486] ? rcu_is_watching+0x12/0xc0 [ 508.150027][T14486] __x64_sys_openat+0x12d/0x210 [ 508.150050][T14486] ? __pfx___x64_sys_openat+0x10/0x10 [ 508.150072][T14486] ? xfd_validate_state+0x129/0x190 [ 508.150101][T14486] do_syscall_64+0xc9/0xf80 [ 508.150120][T14486] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 508.150135][T14486] RIP: 0033:0x7f334699aeb9 [ 508.150154][T14486] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 508.150167][T14486] RSP: 002b:00007f334791a028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 508.150182][T14486] RAX: ffffffffffffffda RBX: 00007f3346c16090 RCX: 00007f334699aeb9 [ 508.150192][T14486] RDX: 0000000000000001 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 508.150201][T14486] RBP: 00007f3346a08c1f R08: 0000000000000000 R09: 0000000000000000 [ 508.150210][T14486] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 508.150218][T14486] R13: 00007f3346c16128 R14: 00007f3346c16090 R15: 00007ffe974d2ee8 [ 508.150236][T14486] [ 509.696048][ T30] audit: type=1800 audit(4294967341.625:57): pid=14505 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.1781" name="lu_gp_id" dev="configfs" ino=59182 res=0 errno=0 [ 513.267117][T14587] sysfs: cannot create duplicate filename '/class/ieee80211/!PjE r҄y*"l-y–L̓]' [ 513.325277][T14587] CPU: 0 UID: 0 PID: 14587 Comm: syz.2.1802 Not tainted syzkaller #0 PREEMPT(full) [ 513.325316][T14587] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 513.325332][T14587] Call Trace: [ 513.325340][T14587] [ 513.325351][T14587] dump_stack_lvl+0x100/0x190 [ 513.325388][T14587] sysfs_warn_dup.cold+0x1c/0x28 [ 513.325427][T14587] sysfs_do_create_link_sd+0x113/0x140 [ 513.325468][T14587] sysfs_create_link+0x61/0xc0 [ 513.325505][T14587] device_add+0x675/0x1950 [ 513.325548][T14587] ? __pfx_device_add+0x10/0x10 [ 513.325585][T14587] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 513.325624][T14587] ? ieee80211_set_bitrate_flags+0x41b/0x6b0 [ 513.325669][T14587] wiphy_register+0x1e58/0x2d30 [ 513.325710][T14587] ? __rtnl_unlock+0xb9/0xf0 [ 513.325748][T14587] ? __pfx_wiphy_register+0x10/0x10 [ 513.325791][T14587] ? __asan_memset+0x23/0x50 [ 513.325821][T14587] ? minstrel_ht_alloc+0x5e6/0x7f0 [ 513.325876][T14587] ieee80211_register_hw+0x2c11/0x4040 [ 513.325936][T14587] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 513.325978][T14587] ? __pfx___debug_object_init+0x10/0x10 [ 513.326021][T14587] ? find_held_lock+0x2b/0x80 [ 513.326048][T14587] ? net_generic+0xea/0x2a0 [ 513.326080][T14587] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 513.326113][T14587] ? __hrtimer_setup+0x178/0x280 [ 513.326157][T14587] mac80211_hwsim_new_radio+0x2847/0x57c0 [ 513.326239][T14587] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 513.326293][T14587] hwsim_new_radio_nl+0xc1f/0x1340 [ 513.326331][T14587] ? genl_family_rcv_msg_attrs_parse.isra.0+0xc8/0x290 [ 513.326368][T14587] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 513.326420][T14587] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1aa/0x290 [ 513.326451][T14587] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1b4/0x290 [ 513.326490][T14587] genl_family_rcv_msg_doit+0x214/0x300 [ 513.326524][T14587] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 513.326554][T14587] ? genl_get_cmd+0x3ef/0x720 [ 513.326591][T14587] ? bpf_lsm_capable+0x9/0x10 [ 513.326614][T14587] ? security_capable+0x80/0x260 [ 513.326655][T14587] ? ns_capable+0xd2/0xf0 [ 513.326688][T14587] genl_rcv_msg+0x560/0x800 [ 513.326723][T14587] ? __pfx_genl_rcv_msg+0x10/0x10 [ 513.326752][T14587] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 513.326806][T14587] netlink_rcv_skb+0x159/0x420 [ 513.326849][T14587] ? __pfx_genl_rcv_msg+0x10/0x10 [ 513.326881][T14587] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 513.326941][T14587] ? netlink_deliver_tap+0x1ae/0xcc0 [ 513.326988][T14587] genl_rcv+0x28/0x40 [ 513.327013][T14587] netlink_unicast+0x5aa/0x870 [ 513.327062][T14587] ? __pfx_netlink_unicast+0x10/0x10 [ 513.327103][T14587] ? __pfx___might_resched+0x10/0x10 [ 513.327143][T14587] ? __lock_acquire+0x4a5/0x2630 [ 513.327190][T14587] netlink_sendmsg+0x8b0/0xda0 [ 513.327239][T14587] ? __pfx_netlink_sendmsg+0x10/0x10 [ 513.327279][T14587] ? __import_iovec+0x1d2/0x640 [ 513.327324][T14587] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 513.327366][T14587] ____sys_sendmsg+0xa54/0xc30 [ 513.327400][T14587] ? __pfx_____sys_sendmsg+0x10/0x10 [ 513.327428][T14587] ? __pfx___futex_wait+0x10/0x10 [ 513.327461][T14587] ? __pfx_futex_wake_mark+0x10/0x10 [ 513.327512][T14587] ___sys_sendmsg+0x190/0x1e0 [ 513.327547][T14587] ? __pfx____sys_sendmsg+0x10/0x10 [ 513.327600][T14587] ? find_held_lock+0x2b/0x80 [ 513.327658][T14587] __sys_sendmsg+0x170/0x220 [ 513.327701][T14587] ? __pfx___sys_sendmsg+0x10/0x10 [ 513.327741][T14587] ? __x64_sys_futex+0x34f/0x4d0 [ 513.327803][T14587] do_syscall_64+0xc9/0xf80 [ 513.327840][T14587] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 513.327868][T14587] RIP: 0033:0x7f19a2d9aeb9 [ 513.327890][T14587] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 513.327917][T14587] RSP: 002b:00007f19a3bb3028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 513.327942][T14587] RAX: ffffffffffffffda RBX: 00007f19a3015fa0 RCX: 00007f19a2d9aeb9 [ 513.327961][T14587] RDX: 0000000000040800 RSI: 00002000000000c0 RDI: 0000000000000003 [ 513.327978][T14587] RBP: 00007f19a2e08c1f R08: 0000000000000000 R09: 0000000000000000 [ 513.327995][T14587] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 513.328011][T14587] R13: 00007f19a3016038 R14: 00007f19a3015fa0 R15: 00007ffee50fd978 [ 513.328050][T14587] [ 514.445601][T14597] sysfs: cannot create duplicate filename '/class/ieee80211/!PjE r҄y*"l-y–L̓]' [ 514.485332][T14597] CPU: 0 UID: 0 PID: 14597 Comm: syz.2.1802 Not tainted syzkaller #0 PREEMPT(full) [ 514.485367][T14597] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 514.485383][T14597] Call Trace: [ 514.485391][T14597] [ 514.485401][T14597] dump_stack_lvl+0x100/0x190 [ 514.485438][T14597] sysfs_warn_dup.cold+0x1c/0x28 [ 514.485474][T14597] sysfs_do_create_link_sd+0x113/0x140 [ 514.485519][T14597] sysfs_create_link+0x61/0xc0 [ 514.485555][T14597] device_add+0x675/0x1950 [ 514.485595][T14597] ? __pfx_device_add+0x10/0x10 [ 514.485630][T14597] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 514.485661][T14597] ? ieee80211_set_bitrate_flags+0x41b/0x6b0 [ 514.485704][T14597] wiphy_register+0x1e58/0x2d30 [ 514.485743][T14597] ? __rtnl_unlock+0xb9/0xf0 [ 514.485778][T14597] ? __pfx_wiphy_register+0x10/0x10 [ 514.485820][T14597] ? __asan_memset+0x23/0x50 [ 514.485849][T14597] ? minstrel_ht_alloc+0x5e6/0x7f0 [ 514.485904][T14597] ieee80211_register_hw+0x2c11/0x4040 [ 514.485959][T14597] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 514.486003][T14597] ? __pfx___debug_object_init+0x10/0x10 [ 514.486046][T14597] ? find_held_lock+0x2b/0x80 [ 514.486071][T14597] ? net_generic+0xea/0x2a0 [ 514.486117][T14597] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 514.486149][T14597] ? __hrtimer_setup+0x178/0x280 [ 514.486193][T14597] mac80211_hwsim_new_radio+0x2847/0x57c0 [ 514.486253][T14597] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 514.486303][T14597] hwsim_new_radio_nl+0xc1f/0x1340 [ 514.486338][T14597] ? genl_family_rcv_msg_attrs_parse.isra.0+0xc8/0x290 [ 514.486374][T14597] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 514.486423][T14597] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1aa/0x290 [ 514.486453][T14597] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1b4/0x290 [ 514.486496][T14597] genl_family_rcv_msg_doit+0x214/0x300 [ 514.486529][T14597] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 514.486558][T14597] ? genl_get_cmd+0x3ef/0x720 [ 514.486593][T14597] ? bpf_lsm_capable+0x9/0x10 [ 514.486615][T14597] ? security_capable+0x80/0x260 [ 514.486649][T14597] ? ns_capable+0xd2/0xf0 [ 514.486681][T14597] genl_rcv_msg+0x560/0x800 [ 514.486713][T14597] ? __pfx_genl_rcv_msg+0x10/0x10 [ 514.486742][T14597] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 514.486793][T14597] netlink_rcv_skb+0x159/0x420 [ 514.486834][T14597] ? __pfx_genl_rcv_msg+0x10/0x10 [ 514.486864][T14597] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 514.486920][T14597] ? netlink_deliver_tap+0x1ae/0xcc0 [ 514.486965][T14597] genl_rcv+0x28/0x40 [ 514.486989][T14597] netlink_unicast+0x5aa/0x870 [ 514.487035][T14597] ? __pfx_netlink_unicast+0x10/0x10 [ 514.487074][T14597] ? __pfx___might_resched+0x10/0x10 [ 514.487112][T14597] ? __lock_acquire+0x4a5/0x2630 [ 514.487156][T14597] netlink_sendmsg+0x8b0/0xda0 [ 514.487203][T14597] ? __pfx_netlink_sendmsg+0x10/0x10 [ 514.487240][T14597] ? __import_iovec+0x1d2/0x640 [ 514.487283][T14597] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 514.487322][T14597] ____sys_sendmsg+0xa54/0xc30 [ 514.487356][T14597] ? __pfx_____sys_sendmsg+0x10/0x10 [ 514.487390][T14597] ? rcu_read_unlock+0x2d/0xb0 [ 514.487430][T14597] ___sys_sendmsg+0x190/0x1e0 [ 514.487464][T14597] ? __pfx____sys_sendmsg+0x10/0x10 [ 514.487518][T14597] ? find_held_lock+0x2b/0x80 [ 514.487569][T14597] __sys_sendmsg+0x170/0x220 [ 514.487608][T14597] ? __pfx___sys_sendmsg+0x10/0x10 [ 514.487644][T14597] ? _raw_spin_unlock_irq+0x2e/0x50 [ 514.487685][T14597] ? do_user_addr_fault+0x8d6/0x12f0 [ 514.487723][T14597] do_syscall_64+0xc9/0xf80 [ 514.487757][T14597] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 514.487784][T14597] RIP: 0033:0x7f19a2d9aeb9 [ 514.487806][T14597] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 514.487834][T14597] RSP: 002b:00007f19a0f72028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 514.487860][T14597] RAX: ffffffffffffffda RBX: 00007f19a3016630 RCX: 00007f19a2d9aeb9 [ 514.487878][T14597] RDX: 0000000000040800 RSI: 00002000000000c0 RDI: 0000000000000003 [ 514.487898][T14597] RBP: 00007f19a2e08c1f R08: 0000000000000000 R09: 0000000000000000 [ 514.487914][T14597] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 514.487930][T14597] R13: 00007f19a30166c8 R14: 00007f19a3016630 R15: 00007ffee50fd978 [ 514.487970][T14597] [ 517.001509][T14609] Process accounting resumed [ 518.264332][ T30] audit: type=1800 audit(4294967350.240:58): pid=14651 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.1808" name="lu_gp_id" dev="configfs" ino=60678 res=0 errno=0 [ 518.864391][T14654] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 518.881809][T14654] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 518.899267][T14654] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 518.948757][T14673] FAULT_INJECTION: forcing a failure. [ 518.948757][T14673] name fail_futex, interval 1, probability 0, space 0, times 0 [ 518.979769][T14654] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 518.993331][T14654] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 519.013044][T14673] CPU: 1 UID: 0 PID: 14673 Comm: syz.3.1812 Not tainted syzkaller #0 PREEMPT(full) [ 519.013076][T14673] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 519.013091][T14673] Call Trace: [ 519.013099][T14673] [ 519.013107][T14673] dump_stack_lvl+0x100/0x190 [ 519.013138][T14673] should_fail_ex.cold+0x5/0xa [ 519.013168][T14673] ? __cgroup_account_cputime+0xd5/0x130 [ 519.013197][T14673] get_futex_key+0x1d2/0x1620 [ 519.013226][T14673] ? __pfx_get_futex_key+0x10/0x10 [ 519.013258][T14673] ? rcu_is_watching+0x12/0xc0 [ 519.013280][T14673] ? trace_sched_exit_tp+0xcd/0x100 [ 519.013309][T14673] futex_wait_setup+0x81/0x500 [ 519.013339][T14673] __futex_wait+0x19f/0x300 [ 519.013365][T14673] ? __pfx___futex_wait+0x10/0x10 [ 519.013386][T14673] ? __pfx___schedule+0x10/0x10 [ 519.013419][T14673] ? __pfx_futex_wake_mark+0x10/0x10 [ 519.013465][T14673] ? futex_hash+0x2c5/0x380 [ 519.013509][T14673] futex_wait+0xed/0x380 [ 519.013535][T14673] ? __pfx_futex_wait+0x10/0x10 [ 519.013558][T14673] ? __mm_populate+0x33a/0x3a0 [ 519.013606][T14673] ? __mm_populate+0x2b0/0x3a0 [ 519.013648][T14673] ? __pfx___mm_populate+0x10/0x10 [ 519.013692][T14673] do_futex+0x1ef/0x350 [ 519.013729][T14673] ? __pfx_do_futex+0x10/0x10 [ 519.013764][T14673] ? do_mlock+0x33a/0x7f0 [ 519.013794][T14673] ? __sys_sendmsg+0x18f/0x220 [ 519.013836][T14673] __x64_sys_futex+0x34f/0x4d0 [ 519.013886][T14673] ? __pfx___x64_sys_futex+0x10/0x10 [ 519.013921][T14673] ? xfd_validate_state+0x129/0x190 [ 519.013975][T14673] do_syscall_64+0xc9/0xf80 [ 519.014010][T14673] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 519.014038][T14673] RIP: 0033:0x7f334699aeb9 [ 519.014059][T14673] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 519.014086][T14673] RSP: 002b:00007f33478f90e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 519.014111][T14673] RAX: ffffffffffffffda RBX: 00007f3346c16188 RCX: 00007f334699aeb9 [ 519.014129][T14673] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f3346c16188 [ 519.014145][T14673] RBP: 00007f3346c16180 R08: 0000000000000000 R09: 0000000000000000 [ 519.014162][T14673] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 519.014177][T14673] R13: 00007f3346c16218 R14: 00007ffe974d2e00 R15: 00007ffe974d2ee8 [ 519.014213][T14673] [ 519.019072][T14654] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 519.619611][T14684] phram: not enough arguments [ 520.201776][ T7712] Bluetooth: hci0: command 0x0c1a tx timeout [ 520.912605][ T7712] Bluetooth: hci1: command 0x0c1a tx timeout [ 520.996905][ T7712] Bluetooth: hci2: command 0x0c1a tx timeout [ 521.073097][ T7712] Bluetooth: hci3: command 0x0c1a tx timeout [ 522.919410][T14745] syz.1.1825 invoked oom-killer: gfp_mask=0x402dc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), order=0, oom_score_adj=1000 [ 522.939510][T14745] CPU: 0 UID: 0 PID: 14745 Comm: syz.1.1825 Not tainted syzkaller #0 PREEMPT(full) [ 522.939550][T14745] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 522.939567][T14745] Call Trace: [ 522.939576][T14745] [ 522.939587][T14745] dump_stack_lvl+0x100/0x190 [ 522.939628][T14745] dump_header+0xfb/0x606 [ 522.939653][T14745] oom_kill_process.cold+0xd/0x321 [ 522.939676][T14745] out_of_memory+0x340/0x14f0 [ 522.939699][T14745] ? __pfx_out_of_memory+0x10/0x10 [ 522.939723][T14745] mem_cgroup_out_of_memory+0xc6/0x130 [ 522.939739][T14745] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 522.939754][T14745] ? find_held_lock+0x2b/0x80 [ 522.939773][T14745] ? do_raw_spin_unlock+0x145/0x1e0 [ 522.939796][T14745] ? _raw_spin_unlock+0x28/0x50 [ 522.939813][T14745] try_charge_memcg+0x652/0xc90 [ 522.939837][T14745] ? __pfx_try_charge_memcg+0x10/0x10 [ 522.939856][T14745] ? rcu_read_unlock+0x17/0x60 [ 522.939877][T14745] ? rcu_read_unlock+0x17/0x60 [ 522.939902][T14745] ? get_mem_cgroup_from_objcg+0xd3/0x330 [ 522.939921][T14745] __memcg_kmem_charge_page+0xd0/0x530 [ 522.939945][T14745] __alloc_frozen_pages_noprof+0x318/0x2410 [ 522.939964][T14745] ? kasan_save_stack+0x3f/0x50 [ 522.939982][T14745] ? kasan_save_stack+0x30/0x50 [ 522.939998][T14745] ? kasan_save_track+0x14/0x30 [ 522.940018][T14745] ? alloc_pages_bulk_noprof+0x806/0x1500 [ 522.940035][T14745] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 522.940053][T14745] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 522.940075][T14745] ? __pfx_alloc_pages_bulk_noprof+0x10/0x10 [ 522.940098][T14745] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 522.940116][T14745] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 522.940133][T14745] ? policy_nodemask+0xed/0x4f0 [ 522.940159][T14745] alloc_pages_mpol+0x1fb/0x550 [ 522.940181][T14745] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 522.940202][T14745] ? trace_kmalloc+0x83/0xb0 [ 522.940221][T14745] ? __kmalloc_node_noprof+0x375/0x9e0 [ 522.940239][T14745] ? __get_vm_area_node+0x1dc/0x330 [ 522.940264][T14745] alloc_pages_noprof+0x131/0x390 [ 522.940286][T14745] __vmalloc_node_range_noprof+0xa1d/0x1530 [ 522.940306][T14745] ? newary+0x185/0xc30 [ 522.940330][T14745] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 522.940346][T14745] ? __lock_acquire+0x4a5/0x2630 [ 522.940372][T14745] __kvmalloc_node_noprof+0x3cd/0xac0 [ 522.940390][T14745] ? newary+0x185/0xc30 [ 522.940410][T14745] ? newary+0x185/0xc30 [ 522.940429][T14745] ? __pfx___might_resched+0x10/0x10 [ 522.940456][T14745] ? newary+0x185/0xc30 [ 522.940473][T14745] ? down_write+0x146/0x1f0 [ 522.940491][T14745] newary+0x185/0xc30 [ 522.940509][T14745] ? __pfx_down_write+0x10/0x10 [ 522.940533][T14745] ipcget+0xee/0xf50 [ 522.940547][T14745] ? do_futex+0x192/0x350 [ 522.940568][T14745] ? __pfx_do_futex+0x10/0x10 [ 522.940588][T14745] ? ksys_unshare+0x6a7/0xab0 [ 522.940609][T14745] ? __pfx_ipcget+0x10/0x10 [ 522.940625][T14745] ? __x64_sys_futex+0x34f/0x4d0 [ 522.940648][T14745] __x64_sys_semget+0x1cb/0x260 [ 522.940674][T14745] ? __pfx___x64_sys_semget+0x10/0x10 [ 522.940699][T14745] do_syscall_64+0xc9/0xf80 [ 522.940719][T14745] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 522.940734][T14745] RIP: 0033:0x7f9ea979aeb9 [ 522.940747][T14745] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 522.940762][T14745] RSP: 002b:00007f9eaa619028 EFLAGS: 00000246 ORIG_RAX: 0000000000000040 [ 522.940776][T14745] RAX: ffffffffffffffda RBX: 00007f9ea9a15fa0 RCX: 00007f9ea979aeb9 [ 522.940786][T14745] RDX: 0000000000008000 RSI: 0000000000002e4a RDI: 0000000000000000 [ 522.940795][T14745] RBP: 00007f9ea9808c1f R08: 0000000000000000 R09: 0000000000000000 [ 522.940804][T14745] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 522.940813][T14745] R13: 00007f9ea9a16038 R14: 00007f9ea9a15fa0 R15: 00007fff72e95c48 [ 522.940833][T14745] [ 522.941272][T14745] memory: usage 3072kB, limit 3072kB, failcnt 156191 [ 523.339908][ T7712] Bluetooth: hci1: command 0x0c1a tx timeout [ 523.345942][ T7712] Bluetooth: hci2: command 0x0c1a tx timeout [ 523.364472][T14745] memory+swap: usage 34968kB, limit 9007199254740988kB, failcnt 0 [ 523.397119][T14745] kmem: usage 2936kB, limit 9007199254740988kB, failcnt 0 [ 523.411030][T14745] Memory cgroup stats for /syz1: [ 523.411335][T14745] cache 0 [ 523.432222][T14745] rss 0 [ 523.434981][T14745] rss_huge 0 [ 523.483229][T14745] shmem 0 [ 523.521145][T14745] mapped_file 0 [ 523.536043][T14745] dirty 0 [ 523.563065][T14745] writeback 0 [ 523.566398][T14745] workingset_refault_anon 24665 [ 523.622541][T14745] workingset_refault_file 22247 [ 523.627417][T14745] swap 32665600 [ 523.678284][T14745] swapcached 135168 [ 523.682130][T14745] pgpgin 354977 [ 523.685599][T14745] pgpgout 359041 [ 523.741218][T14745] pgfault 385051 [ 523.750096][T14745] pgmajfault 9896 [ 523.770525][T14745] inactive_anon 4096 [ 523.782343][T14745] active_anon 0 [ 523.796870][T14745] inactive_file 0 [ 523.805670][T14745] active_file 0 [ 523.812726][T14745] unevictable 0 [ 523.820669][T14745] hierarchical_memory_limit 3145728 [ 523.834734][T14745] hierarchical_memsw_limit 9223372036854771712 [ 523.850303][T14745] total_cache 0 [ 523.857265][T14745] total_rss 0 [ 523.864006][T14745] total_rss_huge 0 [ 523.902637][T14745] total_shmem 0 [ 523.915028][T14745] total_mapped_file 0 [ 523.922456][T14745] total_dirty 0 [ 523.930369][T14745] total_writeback 0 [ 523.937570][T14745] total_workingset_refault_anon 24665 [ 523.950461][T14745] total_workingset_refault_file 22247 [ 523.962572][T14745] total_swap 32665600 [ 523.970926][T14745] total_swapcached 135168 [ 523.980929][T14745] total_pgpgin 354977 [ 523.991558][T14745] total_pgpgout 359041 [ 524.000091][T14745] total_pgfault 385051 [ 524.010398][T14745] total_pgmajfault 9896 [ 524.019949][T14745] total_inactive_anon 4096 [ 524.028856][T14745] total_active_anon 0 [ 524.037220][T14745] total_inactive_file 0 [ 524.048130][T14745] total_active_file 0 [ 524.066571][T14745] total_unevictable 0 [ 524.070576][T14745] anon_cost 182 [ 524.074016][T14745] file_cost 0 [ 524.099206][T14745] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz.1.1792,pid=14557,uid=0 [ 524.159352][T14745] Memory cgroup out of memory: Killed process 14557 (syz.1.1792) total-vm:135096kB, anon-rss:1336kB, file-rss:21944kB, shmem-rss:128kB, UID:0 pgtables:200kB oom_score_adj:1000 [ 524.718933][T14785] futex_wake_op: syz.3.1835 tries to shift op by -2048; fix this program [ 524.783056][T14785] futex_wake_op: syz.3.1835 tries to shift op by -2048; fix this program [ 524.801218][T14744] syz.1.1825 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000 [ 524.815222][T14785] 0x000000000001-0x000000020000 : "" [ 524.898966][T14785] ftl_cs: FTL header corrupt! [ 524.998649][T14744] CPU: 0 UID: 0 PID: 14744 Comm: syz.1.1825 Not tainted syzkaller #0 PREEMPT(full) [ 524.998672][T14744] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 524.998681][T14744] Call Trace: [ 524.998687][T14744] [ 524.998692][T14744] dump_stack_lvl+0x100/0x190 [ 524.998715][T14744] dump_header+0xfb/0x606 [ 524.998731][T14744] oom_kill_process.cold+0xd/0x321 [ 524.998748][T14744] out_of_memory+0x340/0x14f0 [ 524.998771][T14744] ? __pfx_out_of_memory+0x10/0x10 [ 524.998795][T14744] mem_cgroup_out_of_memory+0xc6/0x130 [ 524.998811][T14744] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 524.998825][T14744] ? find_held_lock+0x2b/0x80 [ 524.998843][T14744] ? do_raw_spin_unlock+0x145/0x1e0 [ 524.998866][T14744] ? _raw_spin_unlock+0x28/0x50 [ 524.998882][T14744] try_charge_memcg+0x652/0xc90 [ 524.998906][T14744] ? __pfx_try_charge_memcg+0x10/0x10 [ 524.998945][T14744] ? find_held_lock+0x2b/0x80 [ 524.998971][T14744] ? rcu_read_unlock+0x17/0x60 [ 524.999001][T14744] ? rcu_read_unlock+0x17/0x60 [ 524.999041][T14744] charge_memcg+0xa6/0x280 [ 524.999078][T14744] mem_cgroup_swapin_charge_folio+0xeb/0x470 [ 524.999122][T14744] __read_swap_cache_async+0x449/0x610 [ 524.999158][T14744] ? __pfx___read_swap_cache_async+0x10/0x10 [ 524.999185][T14744] ? mlock_drain_local+0x254/0x4e0 [ 524.999213][T14744] ? mlock_drain_local+0x254/0x4e0 [ 524.999256][T14744] swap_cluster_readahead+0x414/0x770 [ 524.999282][T14744] ? __schedule+0xff6/0x5e10 [ 524.999314][T14744] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 524.999346][T14744] ? __lock_acquire+0x4a5/0x2630 [ 524.999380][T14744] ? __lock_acquire+0x4a5/0x2630 [ 524.999430][T14744] ? get_vma_policy+0x23f/0x3b0 [ 524.999482][T14744] swapin_readahead+0x14b/0x12e0 [ 524.999523][T14744] ? __pfx_swapin_readahead+0x10/0x10 [ 524.999555][T14744] ? find_held_lock+0x2b/0x80 [ 524.999583][T14744] ? swap_cache_get_folio+0x272/0x920 [ 524.999617][T14744] ? swap_cache_get_folio+0x272/0x920 [ 524.999644][T14744] ? swap_cache_get_folio+0x1f/0x920 [ 524.999670][T14744] ? swap_cache_get_folio+0x2a2/0x920 [ 524.999701][T14744] ? __pfx_swap_cache_get_folio+0x10/0x10 [ 524.999728][T14744] ? __pfx_get_swap_device+0x10/0x10 [ 524.999773][T14744] ? do_swap_page+0x9ba/0x6810 [ 524.999798][T14744] do_swap_page+0x9ba/0x6810 [ 524.999830][T14744] ? __lock_acquire+0x4a5/0x2630 [ 524.999874][T14744] ? __pfx_do_swap_page+0x10/0x10 [ 524.999907][T14744] ? __pfx_default_wake_function+0x10/0x10 [ 524.999941][T14744] ? __lock_acquire+0x4a5/0x2630 [ 524.999978][T14744] ? rcu_is_watching+0x12/0xc0 [ 525.000005][T14744] ? ___pte_offset_map+0x179/0x310 [ 525.000048][T14744] __handle_mm_fault+0x18b9/0x2b50 [ 525.000082][T14744] ? reacquire_held_locks+0xce/0x1e0 [ 525.000115][T14744] ? __pfx___handle_mm_fault+0x10/0x10 [ 525.000146][T14744] ? lock_vma_under_rcu+0x17c/0x5a0 [ 525.000197][T14744] handle_mm_fault+0x36d/0xa20 [ 525.000235][T14744] do_user_addr_fault+0x5a3/0x12f0 [ 525.000273][T14744] exc_page_fault+0x6f/0xd0 [ 525.000304][T14744] asm_exc_page_fault+0x26/0x30 [ 525.000329][T14744] RIP: 0033:0x7f9ea966897e [ 525.000350][T14744] Code: 0c 85 c0 74 e7 48 89 df 48 81 c3 f0 00 00 00 e8 e8 b8 ff ff 48 39 dd 75 df 0f 1f 00 8b 05 36 f4 3a 00 85 c0 0f 8e 53 fd ff ff 2d 88 fe ff 49 39 c4 73 88 48 8d 1d 11 d6 3a 00 83 3d 16 f4 3a [ 525.000374][T14744] RSP: 002b:00007fff72e95db0 EFLAGS: 00010202 [ 525.000394][T14744] RAX: 0000000000000001 RBX: 00007f9ea9a17da0 RCX: 0000555592249808 [ 525.000411][T14744] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 525.000426][T14744] RBP: 00007f9ea9a17da0 R08: 0000000000000000 R09: 0000000000000000 [ 525.000449][T14744] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000080092 [ 525.000464][T14744] R13: 00007f9ea9a1609c R14: 000000000007fe02 R15: 00007f9ea9a16090 [ 525.000502][T14744] [ 525.455688][T14744] memory: usage 3072kB, limit 3072kB, failcnt 156474 [ 525.537107][T14744] memory+swap: usage 18040kB, limit 9007199254740988kB, failcnt 0 [ 525.648048][T14744] kmem: usage 2940kB, limit 9007199254740988kB, failcnt 0 [ 525.655196][T14744] Memory cgroup stats for /syz1: [ 525.655378][T14744] cache 0 [ 525.747267][T14744] rss 0 [ 525.757937][T14744] rss_huge 0 [ 525.761168][T14744] shmem 0 [ 525.764098][T14744] mapped_file 0 [ 525.797319][T14744] dirty 0 [ 525.800284][T14744] writeback 0 [ 525.803567][T14744] workingset_refault_anon 24673 [ 525.839065][T14744] workingset_refault_file 22247 [ 525.865678][T14744] swap 9990144 [ 525.869188][T14744] swapcached 135168 [ 525.873007][T14744] pgpgin 354985 [ 525.878719][T14744] pgpgout 359049 [ 525.886904][T14744] pgfault 385055 [ 525.896197][T14744] pgmajfault 9897 [ 525.903378][T14744] inactive_anon 131072 [ 525.910108][T14744] active_anon 4096 [ 525.936926][T14744] inactive_file 0 [ 525.940590][T14744] active_file 0 [ 525.947268][T14744] unevictable 0 [ 525.950792][T14744] hierarchical_memory_limit 3145728 [ 525.955992][T14744] hierarchical_memsw_limit 9223372036854771712 [ 525.976250][T14744] total_cache 0 [ 525.979747][T14744] total_rss 0 [ 525.983034][T14744] total_rss_huge 0 [ 526.006302][T14744] total_shmem 0 [ 526.009796][T14744] total_mapped_file 0 [ 526.013777][T14744] total_dirty 0 [ 526.026524][T14744] total_writeback 0 [ 526.030499][T14744] total_workingset_refault_anon 24673 [ 526.043383][T14744] total_workingset_refault_file 22247 [ 526.052090][T14744] total_swap 9990144 [ 526.056349][T14744] total_swapcached 135168 [ 526.060685][T14744] total_pgpgin 354985 [ 526.064944][T14744] total_pgpgout 359049 [ 526.069532][T14744] total_pgfault 385055 [ 526.073611][T14744] total_pgmajfault 9897 [ 526.078501][T14744] total_inactive_anon 131072 [ 526.083168][T14744] total_active_anon 4096 [ 526.088978][T14744] total_inactive_file 0 [ 526.093144][T14744] total_active_file 0 [ 526.097803][T14744] total_unevictable 0 [ 526.101792][T14744] anon_cost 191 [ 526.105249][T14744] file_cost 0 [ 526.144444][T14744] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz.1.1825,pid=14744,uid=0 [ 526.215892][T14744] Memory cgroup out of memory: Killed process 14744 (syz.1.1825) total-vm:102332kB, anon-rss:1184kB, file-rss:22228kB, shmem-rss:0kB, UID:0 pgtables:144kB oom_score_adj:1000 [ 527.522812][T14837] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1845'. [ 529.314708][T14849] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1848'. [ 529.699713][T14806] Process accounting resumed [ 529.828153][T14861] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 529.834834][T14861] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 529.847998][T14861] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 529.864817][T14861] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 529.928822][T14861] futex_wake_op: syz.1.1852 tries to shift op by -2048; fix this program [ 529.937462][T14861] futex_wake_op: syz.1.1852 tries to shift op by -2048; fix this program [ 529.946994][T14861] 0x000000000001-0x000000020000 : "" [ 529.960671][T14861] ftl_cs: FTL header corrupt! [ 531.442665][T14900] [U]  [ 531.445800][T14900] [U] [ 531.448525][T14900] [U] [ 531.451242][T14900] [U] [ 531.545191][T14900] [U] [ 531.547946][T14900] [U] [ 531.550747][T14900] [U] [ 531.553450][T14900] [U] [ 531.632620][T14900] [U] [ 531.895727][ T6987] Bluetooth: hci3: command 0x0c1a tx timeout [ 531.901837][ T7712] Bluetooth: hci2: command 0x0c1a tx timeout [ 531.908463][ T7712] Bluetooth: hci1: command 0x0c1a tx timeout [ 531.914709][ T7264] Bluetooth: hci0: command 0x0c1a tx timeout [ 535.185955][T14999] input: jJǸ-9%v as /devices/virtual/input/input22 [ 535.739373][T15007] zswap: compressor not available [ 535.746920][T15012] Setting dangerous option i915.mitigations - tainting kernel [ 537.348859][T15044] netlink: 334 bytes leftover after parsing attributes in process `syz.3.1892'. [ 538.985889][ T30] audit: type=1800 audit(4294967377.066:59): pid=15079 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.1898" name="features" dev="configfs" ino=62864 res=0 errno=0 [ 541.554059][T15145] mmap: syz.0.1912 (15145): VmData 37756928 exceed data ulimit 0. Update limits or use boot option ignore_rlimit_data. [ 542.665155][ T30] audit: type=1800 audit(4294967380.765:60): pid=15170 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.1915" name="lu_gp_id" dev="configfs" ino=63186 res=0 errno=0 [ 542.854219][ T5833] syz-executor invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 542.865252][ T5833] CPU: 1 UID: 0 PID: 5833 Comm: syz-executor Tainted: G U syzkaller #0 PREEMPT(full) [ 542.865295][ T5833] Tainted: [U]=USER [ 542.865303][ T5833] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 542.865320][ T5833] Call Trace: [ 542.865329][ T5833] [ 542.865339][ T5833] dump_stack_lvl+0x100/0x190 [ 542.865377][ T5833] dump_header+0xfb/0x606 [ 542.865408][ T5833] oom_kill_process.cold+0xd/0x321 [ 542.865439][ T5833] out_of_memory+0x340/0x14f0 [ 542.865483][ T5833] ? __pfx_out_of_memory+0x10/0x10 [ 542.865530][ T5833] mem_cgroup_out_of_memory+0xc6/0x130 [ 542.865560][ T5833] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 542.865588][ T5833] ? find_held_lock+0x2b/0x80 [ 542.865624][ T5833] ? do_raw_spin_unlock+0x145/0x1e0 [ 542.865666][ T5833] ? _raw_spin_unlock+0x28/0x50 [ 542.865705][ T5833] try_charge_memcg+0x652/0xc90 [ 542.865751][ T5833] ? __pfx_try_charge_memcg+0x10/0x10 [ 542.865797][ T5833] ? find_held_lock+0x2b/0x80 [ 542.865824][ T5833] ? rcu_read_unlock+0x17/0x60 [ 542.865863][ T5833] ? rcu_read_unlock+0x17/0x60 [ 542.865906][ T5833] charge_memcg+0xa6/0x280 [ 542.865944][ T5833] mem_cgroup_swapin_charge_folio+0xeb/0x470 [ 542.865991][ T5833] __read_swap_cache_async+0x449/0x610 [ 542.866029][ T5833] ? __pfx___read_swap_cache_async+0x10/0x10 [ 542.866060][ T5833] ? rcu_is_watching+0x12/0xc0 [ 542.866087][ T5833] ? finish_task_switch.isra.0+0x204/0xb70 [ 542.866119][ T5833] ? lockdep_hardirqs_on+0x78/0x100 [ 542.866152][ T5833] ? finish_task_switch.isra.0+0x204/0xb70 [ 542.866190][ T5833] swap_cluster_readahead+0x414/0x770 [ 542.866220][ T5833] ? __schedule+0xff6/0x5e10 [ 542.866260][ T5833] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 542.866299][ T5833] ? __lock_acquire+0x4a5/0x2630 [ 542.866335][ T5833] ? __lock_acquire+0x4a5/0x2630 [ 542.866388][ T5833] ? get_vma_policy+0x23f/0x3b0 [ 542.866431][ T5833] swapin_readahead+0x14b/0x12e0 [ 542.866474][ T5833] ? __pfx_swapin_readahead+0x10/0x10 [ 542.866506][ T5833] ? find_held_lock+0x2b/0x80 [ 542.866534][ T5833] ? swap_cache_get_folio+0x272/0x920 [ 542.866569][ T5833] ? swap_cache_get_folio+0x272/0x920 [ 542.866596][ T5833] ? swap_cache_get_folio+0x1f/0x920 [ 542.866623][ T5833] ? swap_cache_get_folio+0x2a2/0x920 [ 542.866656][ T5833] ? __pfx_swap_cache_get_folio+0x10/0x10 [ 542.866690][ T5833] ? __pfx_get_swap_device+0x10/0x10 [ 542.866735][ T5833] ? do_swap_page+0x9ba/0x6810 [ 542.866762][ T5833] do_swap_page+0x9ba/0x6810 [ 542.866797][ T5833] ? __lock_acquire+0x4a5/0x2630 [ 542.866843][ T5833] ? __pfx_do_swap_page+0x10/0x10 [ 542.866877][ T5833] ? __pfx_default_wake_function+0x10/0x10 [ 542.866920][ T5833] ? rcu_is_watching+0x12/0xc0 [ 542.866947][ T5833] ? ___pte_offset_map+0x179/0x310 [ 542.866990][ T5833] __handle_mm_fault+0x18b9/0x2b50 [ 542.867029][ T5833] ? reacquire_held_locks+0xce/0x1e0 [ 542.867067][ T5833] ? __pfx___handle_mm_fault+0x10/0x10 [ 542.867104][ T5833] ? lock_vma_under_rcu+0x17c/0x5a0 [ 542.867157][ T5833] handle_mm_fault+0x36d/0xa20 [ 542.867196][ T5833] do_user_addr_fault+0x5a3/0x12f0 [ 542.867239][ T5833] exc_page_fault+0x6f/0xd0 [ 542.867271][ T5833] asm_exc_page_fault+0x26/0x30 [ 542.867298][ T5833] RIP: 0033:0x7f9ea9668f99 [ 542.867320][ T5833] Code: 4d 89 e5 48 89 44 24 10 49 c1 e5 04 4d 29 e5 49 c1 e5 03 e8 69 ad 12 00 85 c0 0f 85 62 0a 00 00 48 b8 db 34 b6 d7 82 de 1b 43 <48> f7 a4 24 98 00 00 00 48 8b 05 00 c8 ed 00 48 69 8c 24 90 00 00 [ 542.867347][ T5833] RSP: 002b:00007fff72e95fb0 EFLAGS: 00010246 [ 542.867369][ T5833] RAX: 431bde82d7b634db RBX: 000000000000062c RCX: 0000000000019ada [ 542.867387][ T5833] RDX: 0000000000000220 RSI: 00007fff72e96040 RDI: 0000000000000001 [ 542.867404][ T5833] RBP: 00007fff72e95fec R08: 00007f9eaa61a010 R09: 0000000000000000 [ 542.867422][ T5833] R10: 00007f9eaa61a000 R11: 0000000000019ada R12: 0000000000001388 [ 542.867440][ T5833] R13: 00000000000927c0 R14: 0000000000084c0a R15: 00007fff72e96040 [ 542.867479][ T5833] [ 542.867546][ T5833] memory: usage 3072kB, limit 3072kB, failcnt 163521 [ 543.405420][ T5833] memory+swap: usage 9808kB, limit 9007199254740988kB, failcnt 0 [ 543.428319][ T5833] kmem: usage 2896kB, limit 9007199254740988kB, failcnt 0 [ 543.469834][ T7264] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 543.480782][ T5833] Memory cgroup stats for /syz1: [ 543.480858][ T7264] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 543.480954][ T5833] cache 0 [ 543.499895][ T7264] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 543.509028][ T5833] rss 0 [ 543.522083][ T6987] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 543.529046][ T5833] rss_huge 0 [ 543.529060][ T5833] shmem 0 [ 543.529069][ T5833] mapped_file 0 [ 543.529079][ T5833] dirty 0 [ 543.529089][ T5833] writeback 0 [ 543.529099][ T5833] workingset_refault_anon 25895 [ 543.529111][ T5833] workingset_refault_file 22247 [ 543.529123][ T5833] swap 6897664 [ 543.529133][ T5833] swapcached 180224 [ 543.529144][ T5833] pgpgin 367598 [ 543.529154][ T5833] pgpgout 371651 [ 543.529165][ T5833] pgfault 400209 [ 543.529175][ T5833] pgmajfault 10671 [ 543.529186][ T5833] inactive_anon 131072 [ 543.529197][ T5833] active_anon 49152 [ 543.529208][ T5833] inactive_file 0 [ 543.529217][ T5833] active_file 0 [ 543.529228][ T5833] unevictable 0 [ 543.529238][ T5833] hierarchical_memory_limit 3145728 [ 543.529251][ T5833] hierarchical_memsw_limit 9223372036854771712 [ 543.529264][ T5833] total_cache 0 [ 543.529274][ T5833] total_rss 0 [ 543.529284][ T5833] total_rss_huge 0 [ 543.529295][ T5833] total_shmem 0 [ 543.529306][ T5833] total_mapped_file 0 [ 543.529316][ T5833] total_dirty 0 [ 543.529326][ T5833] total_writeback 0 [ 543.529338][ T5833] total_workingset_refault_anon 25895 [ 543.529349][ T5833] total_workingset_refault_file 22247 [ 543.529368][ T5833] total_swap 6897664 [ 543.529379][ T5833] total_swapcached 180224 [ 543.529390][ T5833] total_pgpgin 367598 [ 543.529402][ T5833] total_pgpgout 371651 [ 543.529413][ T5833] total_pgfault 400209 [ 543.529424][ T5833] total_pgmajfault 10671 [ 543.529436][ T5833] total_inactive_anon 131072 [ 543.529447][ T5833] total_active_anon 49152 [ 543.529459][ T5833] total_inactive_file 0 [ 543.529470][ T5833] total_active_file 0 [ 543.529481][ T5833] total_unevictable 0 [ 543.529491][ T5833] anon_cost 192 [ 543.529501][ T5833] file_cost 0 [ 543.694611][ T7264] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 543.698989][ T5833] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz.1.1910,pid=15136,uid=0 [ 543.788020][ T5833] Memory cgroup out of memory: Killed process 15136 (syz.1.1910) total-vm:106560kB, anon-rss:1336kB, file-rss:22456kB, shmem-rss:0kB, UID:0 pgtables:152kB oom_score_adj:1000 [ 544.113744][ T7551] ------------[ cut here ]------------ [ 544.119425][ T7551] ODEBUG: free active (active state 0) object: ffff888028765460 object type: timer_list hint: hci_devcd_timeout+0x0/0x2e0 [ 544.132628][ T7551] WARNING: lib/debugobjects.c:612 at debug_print_object+0x18e/0x2a0, CPU#0: syz.2.345/7551 [ 544.143037][ T7551] Modules linked in: [ 544.146925][ T7551] CPU: 0 UID: 0 PID: 7551 Comm: syz.2.345 Tainted: G U syzkaller #0 PREEMPT(full) [ 544.158010][ T7551] Tainted: [U]=USER SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 544.161845][ T7551] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 544.172087][ T7551] RIP: 0010:debug_print_object+0x19b/0x2a0 [ 544.177926][ T7551] Code: b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 75 4f 48 8d 3d d2 cc d4 0b 41 56 48 8b 14 dd e0 44 fa 8b 4c 89 e6 <67> 48 0f b9 3a 58 83 05 dc 8e ca 0b 01 48 83 c4 18 5b 5d 41 5c 41 [ 544.198312][ T7551] RSP: 0018:ffffc90017e17708 EFLAGS: 00010246 [ 544.204444][ T7551] RAX: dffffc0000000000 RBX: 0000000000000003 RCX: 0000000000000000 [ 544.212588][ T7551] RDX: ffffffff8bfa4420 RSI: ffffffff8bfa4040 RDI: ffffffff90c1e0a0 [ 544.220937][ T7551] RBP: 0000000000000001 R08: ffff888028765460 R09: ffffffff8b92b820 [ 544.229146][ T7551] R10: 0000000000000001 R11: 0000000000000000 R12: ffffffff8bfa4040 [ 544.237425][ T7551] R13: ffffffff8b92b860 R14: ffffffff8a806300 R15: ffffc90017e17808 [ 544.245859][ T7551] FS: 0000000000000000(0000) GS:ffff8881245e3000(0000) knlGS:0000000000000000 [ 544.255008][ T7551] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 544.261687][ T7551] CR2: 00007f28508f05a0 CR3: 0000000075c80000 CR4: 00000000003526f0 [ 544.269667][ T7551] Call Trace: [ 544.272963][ T7551] [ 544.275899][ T7551] ? __pfx_hci_devcd_timeout+0x10/0x10 [ 544.281415][ T7551] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 544.287249][ T7551] debug_check_no_obj_freed+0x4da/0x630 [ 544.292860][ T7551] ? __pfx_debug_check_no_obj_freed+0x10/0x10 [ 544.298920][ T7551] ? __page_table_check_zero+0x333/0x410 [ 544.304598][ T7551] ? __page_table_check_zero+0x333/0x410 [ 544.310260][ T7551] ? __page_table_check_zero+0x338/0x410 [ 544.316663][ T7551] __free_frozen_pages+0x358/0x1130 [ 544.322277][ T7551] hci_release_dev+0x4ef/0x630 [ 544.327069][ T7551] ? __pfx_hci_release_dev+0x10/0x10 [ 544.332623][ T7551] ? rcu_is_watching+0x12/0xc0 [ 544.337639][ T7551] ? kfree+0x2a9/0x690 [ 544.341979][ T7551] bt_host_release+0x6a/0xb0 [ 544.347285][ T7551] ? __pfx_bt_host_release+0x10/0x10 [ 544.352659][ T7551] device_release+0xa4/0x240 [ 544.357249][ T7551] kobject_put+0x1f7/0x640 [ 544.361673][ T7551] put_device+0x1f/0x30 [ 544.365812][ T7551] vhci_release+0x185/0x230 [ 544.370302][ T7551] ? __pfx_vhci_release+0x10/0x10 [ 544.375358][ T7551] __fput+0x3ff/0xb40 [ 544.379338][ T7551] task_work_run+0x150/0x240 [ 544.383950][ T7551] ? __pfx_task_work_run+0x10/0x10 [ 544.389058][ T7551] do_exit+0x829/0x2a30 [ 544.393266][ T7551] ? __pfx_do_exit+0x10/0x10 [ 544.397849][ T7551] ? do_raw_spin_lock+0x128/0x260 [ 544.402893][ T7551] ? find_held_lock+0x2b/0x80 [ 544.407563][ T7551] ? get_signal+0x7e0/0x21e0 [ 544.412187][ T7551] do_group_exit+0xd5/0x2a0 [ 544.416685][ T7551] get_signal+0x1ec7/0x21e0 [ 544.421196][ T7551] ? __pfx_css_rstat_updated+0x10/0x10 [ 544.426857][ T7551] ? __pfx_get_signal+0x10/0x10 [ 544.431842][ T7551] ? do_futex+0x192/0x350 [ 544.436301][ T7551] arch_do_signal_or_restart+0x91/0x770 [ 544.441997][ T7551] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 544.448203][ T7551] ? __pfx___x64_sys_futex+0x10/0x10 [ 544.453591][ T7551] exit_to_user_mode_loop+0x86/0x4b0 [ 544.458908][ T7551] ? rcu_is_watching+0x12/0xc0 [ 544.463754][ T7551] do_syscall_64+0x4ea/0xf80 [ 544.468372][ T7551] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 544.474366][ T7551] RIP: 0033:0x7f19a2d9aeb9 [ 544.478794][ T7551] Code: Unable to access opcode bytes at 0x7f19a2d9ae8f. [ 544.485867][ T7551] RSP: 002b:00007f19a3bb30e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 544.494342][ T7551] RAX: fffffffffffffe00 RBX: 00007f19a3015fa8 RCX: 00007f19a2d9aeb9 [ 544.502359][ T7551] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f19a3015fa8 [ 544.510384][ T7551] RBP: 00007f19a3015fa0 R08: 0000000000000000 R09: 0000000000000000 [ 544.518341][ T7551] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 544.526517][ T7551] R13: 00007f19a3016038 R14: 00007ffee50fd890 R15: 00007ffee50fd978 [ 544.534625][ T7551] [ 544.537761][ T7551] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 544.545024][ T7551] CPU: 0 UID: 0 PID: 7551 Comm: syz.2.345 Tainted: G U syzkaller #0 PREEMPT(full) [ 544.555765][ T7551] Tainted: [U]=USER [ 544.559550][ T7551] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 544.569593][ T7551] Call Trace: [ 544.572852][ T7551] [ 544.575766][ T7551] dump_stack_lvl+0x100/0x190 [ 544.580429][ T7551] vpanic+0x20d/0x630 [ 544.584390][ T7551] panic+0xd1/0xd1 [ 544.588092][ T7551] ? __pfx_panic+0x10/0x10 [ 544.592505][ T7551] ? check_panic_on_warn+0x1f/0x90 [ 544.597634][ T7551] check_panic_on_warn.cold+0x19/0x34 [ 544.603008][ T7551] ? debug_print_object+0x18e/0x2a0 [ 544.608210][ T7551] __warn.cold+0x191/0x2f8 [ 544.612634][ T7551] __report_bug+0x296/0x3d0 [ 544.617135][ T7551] ? debug_print_object+0x18e/0x2a0 [ 544.622337][ T7551] ? __pfx___report_bug+0x10/0x10 [ 544.627371][ T7551] ? __lock_acquire+0x4a5/0x2630 [ 544.632323][ T7551] report_bug_entry+0xe1/0x290 [ 544.637090][ T7551] ? debug_print_object+0x19b/0x2a0 [ 544.642293][ T7551] handle_bug+0x1c9/0x2a0 [ 544.646633][ T7551] exc_invalid_op+0x17/0x50 [ 544.651142][ T7551] asm_exc_invalid_op+0x1a/0x20 [ 544.655990][ T7551] RIP: 0010:debug_print_object+0x19b/0x2a0 [ 544.661801][ T7551] Code: b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 75 4f 48 8d 3d d2 cc d4 0b 41 56 48 8b 14 dd e0 44 fa 8b 4c 89 e6 <67> 48 0f b9 3a 58 83 05 dc 8e ca 0b 01 48 83 c4 18 5b 5d 41 5c 41 [ 544.681405][ T7551] RSP: 0018:ffffc90017e17708 EFLAGS: 00010246 [ 544.687472][ T7551] RAX: dffffc0000000000 RBX: 0000000000000003 RCX: 0000000000000000 [ 544.695438][ T7551] RDX: ffffffff8bfa4420 RSI: ffffffff8bfa4040 RDI: ffffffff90c1e0a0 [ 544.703405][ T7551] RBP: 0000000000000001 R08: ffff888028765460 R09: ffffffff8b92b820 [ 544.711369][ T7551] R10: 0000000000000001 R11: 0000000000000000 R12: ffffffff8bfa4040 [ 544.719333][ T7551] R13: ffffffff8b92b860 R14: ffffffff8a806300 R15: ffffc90017e17808 [ 544.727302][ T7551] ? __pfx_hci_devcd_timeout+0x10/0x10 [ 544.732781][ T7551] ? __pfx_hci_devcd_timeout+0x10/0x10 [ 544.738247][ T7551] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 544.744063][ T7551] debug_check_no_obj_freed+0x4da/0x630 [ 544.749631][ T7551] ? __pfx_debug_check_no_obj_freed+0x10/0x10 [ 544.755703][ T7551] ? __page_table_check_zero+0x333/0x410 [ 544.761343][ T7551] ? __page_table_check_zero+0x333/0x410 [ 544.766986][ T7551] ? __page_table_check_zero+0x338/0x410 [ 544.772629][ T7551] __free_frozen_pages+0x358/0x1130 [ 544.777834][ T7551] hci_release_dev+0x4ef/0x630 [ 544.782602][ T7551] ? __pfx_hci_release_dev+0x10/0x10 [ 544.787886][ T7551] ? rcu_is_watching+0x12/0xc0 [ 544.792650][ T7551] ? kfree+0x2a9/0x690 [ 544.796723][ T7551] bt_host_release+0x6a/0xb0 [ 544.801322][ T7551] ? __pfx_bt_host_release+0x10/0x10 [ 544.806613][ T7551] device_release+0xa4/0x240 [ 544.811219][ T7551] kobject_put+0x1f7/0x640 [ 544.815649][ T7551] put_device+0x1f/0x30 [ 544.819801][ T7551] vhci_release+0x185/0x230 [ 544.824315][ T7551] ? __pfx_vhci_release+0x10/0x10 [ 544.829352][ T7551] __fput+0x3ff/0xb40 [ 544.833351][ T7551] task_work_run+0x150/0x240 [ 544.837954][ T7551] ? __pfx_task_work_run+0x10/0x10 [ 544.843085][ T7551] do_exit+0x829/0x2a30 [ 544.847274][ T7551] ? __pfx_do_exit+0x10/0x10 [ 544.851874][ T7551] ? do_raw_spin_lock+0x128/0x260 [ 544.856910][ T7551] ? find_held_lock+0x2b/0x80 [ 544.861584][ T7551] ? get_signal+0x7e0/0x21e0 [ 544.866180][ T7551] do_group_exit+0xd5/0x2a0 [ 544.870702][ T7551] get_signal+0x1ec7/0x21e0 [ 544.875213][ T7551] ? __pfx_css_rstat_updated+0x10/0x10 [ 544.880684][ T7551] ? __pfx_get_signal+0x10/0x10 [ 544.885544][ T7551] ? do_futex+0x192/0x350 [ 544.889888][ T7551] arch_do_signal_or_restart+0x91/0x770 [ 544.895445][ T7551] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 544.901616][ T7551] ? __pfx___x64_sys_futex+0x10/0x10 [ 544.906917][ T7551] exit_to_user_mode_loop+0x86/0x4b0 [ 544.912212][ T7551] ? rcu_is_watching+0x12/0xc0 [ 544.917088][ T7551] do_syscall_64+0x4ea/0xf80 [ 544.921683][ T7551] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 544.927585][ T7551] RIP: 0033:0x7f19a2d9aeb9 [ 544.931995][ T7551] Code: Unable to access opcode bytes at 0x7f19a2d9ae8f. [ 544.939006][ T7551] RSP: 002b:00007f19a3bb30e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 544.947422][ T7551] RAX: fffffffffffffe00 RBX: 00007f19a3015fa8 RCX: 00007f19a2d9aeb9 [ 544.955389][ T7551] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f19a3015fa8 [ 544.963357][ T7551] RBP: 00007f19a3015fa0 R08: 0000000000000000 R09: 0000000000000000 [ 544.971322][ T7551] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 544.979287][ T7551] R13: 00007f19a3016038 R14: 00007ffee50fd890 R15: 00007ffee50fd978 [ 544.987271][ T7551] [ 544.990708][ T7551] Kernel Offset: disabled [ 544.995020][ T7551] Rebooting in 86400 seconds..