last executing test programs: 19.560692676s ago: executing program 3 (id=1880): futex$auto(&(0x7f0000000200)=0x2948, 0x6, 0x294a, 0x0, 0x0, 0x800b7) futex$auto(&(0x7f0000000080)=0x3, 0x3, 0x1f, 0x0, &(0x7f0000000100)=0x4, 0x440a48d3) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0xffffffffffffffff, 0x40008000) r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) fcntl$auto_F_CREATED_QUERY(0xffffffffffffffff, 0x404, 0x8) capget$auto(0x0, 0xfffffffffffffffe) capset$auto(0x0, &(0x7f0000000000)={0x3, 0x7, 0x8}) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f00000001c0), r1) sendmsg$auto_HWSIM_CMD_GET_RADIO(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r2, @ANYBLOB="010006bd7000feaab12506"], 0x1c}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000240), r1) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0xe0180, 0x0) openat$auto_proc_mem_operations_base(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/mem\x00', 0x0, 0x0) mmap$auto(0x0, 0x2020009, 0x10, 0xeb1, 0xfffffffffffffffa, 0x8000) r3 = prctl$auto(0x23, 0x8, 0x2008, 0x0, 0x0) process_vm_writev$auto(0x1, &(0x7f0000002980)={0x0, 0x4}, 0x3, &(0x7f0000002a40)={0x0, 0x7}, 0x4, 0x0) ioctl$auto_XFS_IOC_ERROR_INJECTION(r3, 0x40085874, &(0x7f0000000140)={r3, 0x42}) mmap$auto(0x0, 0x70e, 0x2000000000000081, 0x11, 0xffffffffffffffff, 0xa) ptrace$auto_PTRACE_GETEVENTMSG(0x4201, r0, 0x80000000, 0x2) io_getevents$auto(0xdf4, 0x4, 0x7, &(0x7f0000000040)={0x0, 0x80, 0x200003, 0x7}, &(0x7f00000000c0)={0x8, 0x80000000000008}) r4 = epoll_create$auto(0x4) r5 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video48\x00', 0x18a041, 0x0) epoll_ctl$auto(r4, 0x1, r5, 0x0) 18.752317067s ago: executing program 3 (id=1884): r0 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) socket(0xa, 0x5, 0x0) socket(0xa, 0x3, 0xff) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) pidfd_open$auto(0x1, 0x0) syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) socket(0x1e, 0x1, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, 0x0, 0x1, 0x0) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x55) socket(0x2, 0x3, 0xa) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x8) connect$auto(0x3, &(0x7f00000018c0)=@l2tp={0x2, 0x0, @multicast1}, 0x55) sendmmsg$auto(0x3, 0x0, 0x9a6, 0xe000) getpid() ioctl$auto_VHOST_SET_OWNER(r0, 0xaf01, 0x5) 17.7694735s ago: executing program 3 (id=1885): socket(0xa, 0x801, 0x106) setsockopt$auto(0x3, 0x6, 0x9, 0x0, 0xfb3) r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), 0xffffffffffffffff) openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/binderfs/binder1\x00', 0x214000, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r1 = socket(0x2b, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @multicast2}, 0x6a) mmap$auto(0xfffffffffffffffc, 0x4, 0x7, 0x800015, 0x7, 0x5) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) ioctl$auto(r2, 0x4b71, 0x1) connect$auto(r1, &(0x7f0000000080)=@tipc=@nameseq={0x1e, 0x1, 0x3, {0x0, 0x2, 0x1}}, 0x54) madvise$auto(0x0, 0xffffffffffff0001, 0x15) syz_genetlink_get_family_id$auto_mac80211_hwsim(0x0, 0xffffffffffffffff) unshare$auto(0x40000080) setsockopt$auto(0x3, 0x1, 0x21, 0x0, 0x9) r3 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000140), r1) sendmsg$auto_NL80211_CMD_START_SCHED_SCAN(r1, &(0x7f0000000340)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000380)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES64=r2, @ANYRESOCT=r3], 0x9c}, 0x1, 0x0, 0x0, 0x20000045}, 0x20044025) write$auto(r0, 0x0, 0x8) mmap$auto(0x0, 0x400008, 0xdf, 0x14, 0x2, 0x7ffe) connect$auto(0x3, 0x0, 0x55) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) mmap$auto(0x0, 0x20809, 0xdf, 0xeb1, 0x40000000000a5, 0x7ffe) socketpair$auto(0x5e, 0x5, 0x8000000000000000, 0x0) socket(0x29, 0xa, 0x8) rseq$auto(&(0x7f00000001c0)={0xe, 0x421, 0xf735, 0x7, 0xffffffff, 0x2, "3457c6218c9fcc7acfc948566c068db54b5d135e0d35ac8b3d1fe732e81396e2337ad75d7034d734486d3462f1dd3c3ff8cb695be1af9e173a8b5fc5e688e58a4a65a76091d579aed8e12b469397c0468caf036a6fad5117cad28bacd604568d8d5253fb98d80a8d5fe4be71dab745812bef5243bf6a784616cf8650f588d68830bc0e1b60c909ce000000000000006924d1da3b"}, 0x7ffc, 0x0, 0x6) readv$auto(0x4, &(0x7f0000000100)={0x0, 0x1000}, 0x8) write$auto(0x3, 0x0, 0xfdef) select$auto(0x8, 0x0, 0x0, &(0x7f00000002c0)={[0x9, 0x49c, 0x8000, 0x2, 0x948b, 0x3, 0x15f4da0b, 0x800, 0x3, 0x9, 0x80000009, 0x1, 0x893, 0x20000000000046, 0x1, 0xfffffffffffffffe]}, 0x0) 13.668073893s ago: executing program 2 (id=1898): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) r0 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket(0x848000000015, 0x805, 0x0) bind$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x37}}, 0x6b) connect$auto(0x3, &(0x7f00000000c0)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0xff, 0x0}}, 0x55) keyctl$auto(0x5, 0xffffffffffffffff, 0x5, 0x5, 0x8) r3 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/keys\x00', 0x1c9802, 0x0) r4 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000140), r2) sendmsg$auto_NL80211_CMD_SET_NOACK_MAP(r1, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000180)={&(0x7f0000000900)=ANY=[@ANYBLOB="f8000000", @ANYRES16=r4, @ANYBLOB="00022abd7000fddbdf2557000003e4511cc076a9fc2182d718df080bca28001a007979ca1c81aefea98cf6a569a586693ac044c7758b25dbd1a1595339cad96e009031323be07556b8fb6b9f000d90ba10b4f4c82727788f3e2fca3ba20a55344556b191bbe1d6806cee471382db72946d652cafb87f086bada6f1ee0e699f024ca569b02fa2c429adc2938d9ba8b58bc24b08a7db856da7fdeb88aa057206e1e76689fecb3b7834e33f9953e9d9e8db089f4bf7aec4ef587b1168ce0328f731e753157994120e33a0a8b57f3d5d51f59162c1800df7e2eae15965b855fdaab91629f2962a658b5372e277531d621e66ca586098ee"], 0xf8}}, 0x4000000) mmap$auto(0x0, 0x420009, 0xdf, 0xeb1, 0x401, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x0, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) r5 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000300)='/proc/self/smaps_rollup\x00', 0x40000, 0x0) read$auto_proc_pid_maps_operations_internal(r5, &(0x7f0000001580)=""/4101, 0x1005) r6 = waitid$auto_P_ALL(0x0, 0x5cb, &(0x7f00000004c0)={@_si_pad}, 0xffff4b81, &(0x7f0000000540)={{}, {0xcb, 0x9580}, 0x6, 0x57, 0x1, 0x5821, 0x0, 0x1, 0x7, 0xa1, 0x1000, 0x200, 0x6246, 0xa, 0x7, 0x55c}) shmctl$auto_SHM_STAT_ANY(0x53c, 0xf, &(0x7f0000000800)={{0x1e, 0xee00, 0xee00, 0x307e68c5, 0x1, 0x792, 0x9}, 0xaf6, 0x6, 0x100, 0x1, @raw=0x33e, @inferred, 0x5, 0x0, &(0x7f0000000600)="3fa30759c01e598ab35c7a2b23fc0b38fd11729d666ad25dafcc6dcf4a43fc9e0e8d0575615c9e698dcee79b585a7be6e97fac780a977698ad2b4dac4840c1c2625433862c15a74133855e31e1bced218f1e63197a4ff36dc7917677d75aaee279b2e4d2f663cb66359fcbee7f7de96a5859b57c74ad00bcb564c1adc856bb68024de534299cab35065dcc8d3a337508d23e3179e4f3d75c6960a6fe0230fc8d87b5dbd9bd3a26aed3991727b9f13a9050dfb2f359aeaf3d2fbb14d51d3f71d2ae0e79bb", &(0x7f0000000700)="c9158de1c1b86f68ef2245d3417d025a65ede4642c41b91d652e38dc83fb8af1b0ac22d8085dddc2aee5681f1eb268dd56e8fbf690b1028beae2e9128ede88ff54d511d2b1fac89bc25c892ffb826b28ed5db3ab8e627e3975a04b0b4513451cea10bb00c1fe320cc40996f078e6cfc615f3673787fdc54bf1a54c74d31f5a81ea94facc911705a8d9af9e57bee9362cf0fe73cf21a4a5f48610f7d91fb9b39b2c319353a935ae54994011c40a760c5d30415f7c30fdbbb5017d64e418301aad5f41f1ffd438f0dad16c67f4c270538d3e84dc1a8a4f3d7857a8f906ed7ff43cffba53c1"}) pidfd_send_signal$auto_PIDFD_SELF_THREAD_GROUP(0xffffffffffffb1e0, 0x0, &(0x7f0000000880)={@siginfo_0_0={0x4, 0x5, 0x3, @_sigchld={r6, r7, 0x0, 0x6, 0x7fffffff}}}, 0x1000) pread64$auto(r3, &(0x7f0000000380)='/proc/scsi/sg/devices\x00', 0x100000001, 0x100) socket(0x2d, 0x2, 0x0) bind$auto(0x3, &(0x7f0000000000)=@in={0x2, 0x4e20, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x4) sendmsg$auto_NL80211_CMD_GET_WIPHY(r0, 0x0, 0x0) sendmsg$auto_OVS_FLOW_CMD_GET(r0, 0x0, 0x0) ioctl$auto_XFS_IOC_PATH_TO_FSHANDLE(0xffffffffffffffff, 0xc0385868, &(0x7f0000000280)={r2, &(0x7f0000000100), 0xffffffff, &(0x7f0000000000)="0c54893d92c8e14117e7c244a0e9219e586449e72bdc6a0bfb01a1f634512364b048e46d75c95f7795f96638335e65b4cd218823f9da2b006f7fd5a6af69cada86dfdeffac550e0945263002a823b78b424ff4a3f6d591f36f", 0x100, &(0x7f0000000200)="9dabc562d54a8c25f5f8b0d1849a1cadfb21967ba4c681dbcd241d57", &(0x7f0000000240)=0x4}) read$auto_ipsec_dbg_fops_ipsec(r8, &(0x7f00000002c0)=""/167, 0xa7) close_range$auto(0x2, 0x8, 0x0) 13.255552023s ago: executing program 3 (id=1900): openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) socket(0xa, 0x5, 0x0) socket(0xa, 0x3, 0xff) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) pidfd_open$auto(0x1, 0x0) syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) socket(0x1e, 0x1, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x7, 0xd, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, 0x0, 0x1, 0x0) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x55) socket(0x2, 0x3, 0xa) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x8) connect$auto(0x3, &(0x7f00000018c0)=@l2tp={0x2, 0x0, @multicast1}, 0x55) sendmmsg$auto(0x3, 0x0, 0x9a6, 0xe000) 12.161864515s ago: executing program 2 (id=1904): r0 = openat$auto_sw_sync_debugfs_fops_sync_debug(0xffffffffffffff9c, &(0x7f0000000000), 0xc0040, 0x0) ioctl$auto_SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000080)={0x1, "36a2662b59209f6bd4aafa4ed15fdb9c791daf044ae6ff089930def80ce28999"}) r1 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/015/001\x00', 0xa901, 0x0) ioctl$auto(r1, 0x5522, 0xf15) ioctl$auto_USBDEVFS_SETINTERFACE(r1, 0x80085504, &(0x7f00000000c0)={0x1, 0x577595a2}) ppoll$auto(&(0x7f0000000100)={r0, 0x3ff, 0x4}, 0x6, 0x0, 0x0, 0x8) ioctl$auto_SW_SYNC_IOC_INC(r0, 0x40045701, &(0x7f0000000040)=0xa) 11.402818163s ago: executing program 2 (id=1906): r0 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) socket(0xa, 0x5, 0x0) socket(0xa, 0x3, 0xff) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) pidfd_open$auto(0x1, 0x0) syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) socket(0x1e, 0x1, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x7, 0xd, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, 0x0, 0x1, 0x0) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x55) socket(0x2, 0x3, 0xa) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x8) connect$auto(0x3, &(0x7f00000018c0)=@l2tp={0x2, 0x0, @multicast1}, 0x55) sendmmsg$auto(0x3, 0x0, 0x9a6, 0xe000) getpid() ioctl$auto_VHOST_SET_OWNER(r0, 0xaf01, 0x5) 11.205221445s ago: executing program 0 (id=1907): r0 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) socket(0xa, 0x5, 0x0) socket(0xa, 0x3, 0xff) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) pidfd_open$auto(0x1, 0x0) syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) socket(0x1e, 0x1, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, 0x0, 0x1, 0x0) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x55) socket(0x2, 0x3, 0xa) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x8) connect$auto(0x3, &(0x7f00000018c0)=@l2tp={0x2, 0x0, @multicast1}, 0x55) sendmmsg$auto(0x3, 0x0, 0x9a6, 0xe000) getpid() ioctl$auto_VHOST_SET_OWNER(r0, 0xaf01, 0x5) 9.318243225s ago: executing program 3 (id=1910): sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1000008) prctl$auto_PR_SCHED_CORE_SHARE_FROM(0x8, 0x3, 0x0, 0x0, 0x72f3) r0 = socket(0x10, 0x2, 0x4) sendmsg$auto_NFSD_CMD_THREADS_SET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c0000001400c7"], 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x400c000) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/input/event2\x00', 0x8841, 0x0) mmap$auto(0x0, 0x9, 0x3ff57697, 0x9b72, 0x2, 0x8000000000008000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = openat$auto_lowpan_control_fops_6lowpan(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) getpeername$auto(r1, &(0x7f00000001c0)=@rc={0x1f, @any, 0x20}, &(0x7f0000000240)=0xfffffffa) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_ipvs(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_IPVS_CMD_GET_SERVICE(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)={0x14, r3, 0x301, 0x70bd27, 0x25dfdc03}, 0x14}, 0x1, 0x0, 0x0, 0x2000001c}, 0x20000800) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) unshare$auto(0x40000080) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/pci0000:00/0000:00:01.0/remove\x00', 0xb01, 0x0) write$auto(r4, &(0x7f0000000100)='9\x00d1L\xff\x15\xba\xa17=w\xc1\xf8\xff\xff\v\xb5^\xa1/\xfb\xaf\xc8\xfc\\\xa9@\xc0\xee\xa2[', 0x1) socket(0x10, 0x2, 0x0) r5 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x48402, 0x0) read$auto(r5, 0x0, 0x7) r6 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000140)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r6, &(0x7f0000000200)={0x0, 0x9}, 0x3) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x40000) close_range$auto(0x2, 0xa, 0x0) 9.237576239s ago: executing program 0 (id=1911): r0 = openat$auto(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x200, 0x8af5) mmap$auto(0x0, 0x100000020009, 0x800, 0x410, r0, 0x8000) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x2020009, 0x10, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x23, 0x8, 0x2008, 0x0, 0x0) process_vm_writev$auto(0x1, &(0x7f0000002980)={0x0, 0x4}, 0x3, &(0x7f0000002a40)={0x0, 0x7}, 0x4, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/sys/net/ipv6/neigh/ip_vti0/base_reachable_time_ms\x00', 0x202, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000400)='/dev/sequencer2\x00', 0x0, 0x0) epoll_create$auto(0xa223) mmap$auto(0x0, 0x400008, 0xdb, 0x9b72, 0x2, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/block/nbd4/integrity/read_verify\x00', 0x20a800, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x1, 0x8000) setrlimit$auto(0x8, 0x0) mlock$auto(0x81, 0xffff) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f0000000380)='/dev/cuse\x00', 0x101000, 0x0) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) openat$auto_nvram_misc_fops_nvram(0xffffffffffffff9c, 0x0, 0x22641, 0x0) open(0x0, 0xcd1e23e41b02d660, 0x154) open(0x0, 0x161342, 0x0) socket(0x2, 0x5, 0x0) socketpair$auto(0x0, 0x3, 0x0, 0x0) semctl$auto(0x204, 0xfffffffe, 0x3, 0x4) r1 = openat$auto_ucma_fops_ucma(0xffffffffffffff9c, &(0x7f0000000180), 0x101002, 0x0) write$auto(r1, 0x0, 0xc3) 8.315211549s ago: executing program 0 (id=1912): r0 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/cec2\x00', 0x101000, 0x0) ioctl$auto_CEC_ADAP_S_LOG_ADDRS(r0, 0xc05c6104, &(0x7f00000000c0)={"58f99464", 0x8, 0x6, 0x1, 0x3, 0x5, "4bb69ec4b3f4c14539898e4c5682f5", "347f00", "a630df9d", "a0ed9959", ["cd9196b8fe1a8a7eb90401a9", "2f9c30017721de33c560b95a", "d3fe6c55a78d6932211c9b69", "ea334f1f1e5e27a1320d6edb"]}) r1 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000048c0)='/dev/dsp1\x00', 0x20000, 0x0) ioctl$auto_SNDCTL_DSP_SETFMT(r1, 0xc0045005, &(0x7f0000000180)="6da6b940dfe114cacac8b7cca871a393aaf922f69708e0") close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00\b', @ANYRES16=0x0, @ANYBLOB], 0x28}, 0x1, 0x0, 0x0, 0x4004040}, 0xc800) sendmsg$auto_BATADV_CMD_TP_METER(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000400)=ANY=[@ANYBLOB="141e00dd7f0038537b7ff52045486a0bdc6901c61ba3777428b50129f254b446ab6e3cd3484bc5bcf0c592fda4190103f7628098f1a4beb3baedae7f610449c0a60af75192dab729c77501353be2d6a1f14874b6bf8502f42e46d89d75ff897b6c7e9ba71ce612dac5b0d20585e9179c0db9e9a4e4d921abdbc02e1f7933ad0634219be36cef0bc6f309551f8711769dfbc465b60f8436f24f87c89bee8aaae1eab8266fb70f08eb1904ebd16797f22648", @ANYRES16=0x0, @ANYBLOB="000326bd7000fedbdf2502000000"], 0x14}, 0x1, 0x0, 0x0, 0x4c894}, 0x4) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB=' \x00\''], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x8002, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x9}, 0x3, 0x0) write$auto(0xca, &(0x7f0000000040)='\x045h\xd5\x89|d\v\x00\x00\x00\x00\x81\x00\x00\x00\xf6\xf5\x00\xdf\xff\x00', 0x10) mmap$auto(0x0, 0x2020009, 0x3, 0xf8, 0xfffffffffffffffa, 0x8000) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/event1\x00', 0x8000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_macsec(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$auto_MACSEC_CMD_UPD_RXSC(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000500)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="01022cbd7000fedbdf250300e0ff0f0002800c0001000a000000001d000008000100d606e03121b8409c494188459c5229bca1564e7a0dd36289e4c7dd8c509a2a029df3b7492fa56be1c129efba0e8aba9b05760a6fec0b21fec34b81ee150065da1ff532d47b56748cf10e9bf14b8076565ef0c43789b31b4004bd751b413001b785b49ac6a775273fa73ef3d0d8ff3d2f89691ceab0abdf05f5d20e9a6ec1335875a480515353a89ba327b75acea0c74d243e0b92d423091f8d4b602d8382ca62d16cefe286bff6e231a15290520206b198505f20745b71a014270705c23262db9c2278024c7fdabe0d33ea9b836ae7323d30e12e3e2597e8664c35496116bb8ee011be2cd4955b331eab96e0", @ANYRES32=0x0, @ANYBLOB], 0x2c}, 0x1, 0x0, 0x0, 0x20004054}, 0x480b0) 6.398647993s ago: executing program 0 (id=1916): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000001880)='/dev/ram6\x00', 0xce083, 0x0) mmap$auto(0x7ffffffd, 0x40000c, 0x11, 0x9b72, 0x2, 0x8000) r1 = socket(0x1d, 0x1, 0x7fff) futex$auto(0x0, 0x89, 0x4, 0x0, 0x0, 0x100) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r3 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, 0x0, 0x8000) write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/system/node/node1/compact\x00', 0xc2481, 0x0) writev$auto(r4, &(0x7f0000000080)={&(0x7f0000000040), 0x1000}, 0x3) socket(0x22, 0x0, 0x1) syz_genetlink_get_family_id$auto_smbd_genl(&(0x7f0000000240), r1) msync$auto(0x1ffff000, 0x1800000000000fe, 0x400000004) epoll_ctl$auto_EPOLL_CTL_ADD(r3, 0x1, r4, &(0x7f0000000040)={0x0, 0x7}) r5 = openat$auto_sw_sync_debugfs_fops_sync_debug(0xffffffffffffff9c, &(0x7f0000000000), 0xc0040, 0x0) ioctl$auto_SW_SYNC_IOC_CREATE_FENCE(r5, 0xc0285700, &(0x7f0000000080)={0x1, "36a2662b59209f6bd4aafa4ed15fdb9c791daf044ae6ff089930def80ce28999", @inferred=0xffffffffffffffff}) ppoll$auto(&(0x7f0000000100)={r6, 0x3ff, 0x4}, 0x1, 0x0, 0x0, 0x8) r7 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/blkio.prio.class\x00', 0x183042, 0x0) sendfile$auto(r7, r7, 0x0, 0x1) ioctl$auto_SW_SYNC_IOC_INC(r5, 0x40045701, &(0x7f0000000040)=0xa) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) io_uring_register$auto_IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, 0x0, 0xf090) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x103e81, 0x0) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) r8 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/mtrr\x00', 0xc0000, 0x0) statx$auto(0x2, 0x0, 0x1000, 0x8, 0x0) ioctl$auto(r8, 0x40104d04, 0x7) ioctl$auto_BLKSECDISCARD(r0, 0x127d, 0x0) 5.905098122s ago: executing program 2 (id=1918): sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x100007fdfdffb) r0 = prctl$auto_PR_SCHED_CORE_SHARE_FROM(0x8, 0x3, 0x0, 0x0, 0x2) sendfile$auto(r0, r0, &(0x7f0000000340)=0x7, 0x0) mmap$auto(0x6, 0x4020009, 0xdf, 0x13, 0x401, 0xfffffffffffffffe) keyctl$auto(0x4a3a, 0x0, 0x2, 0x0, 0x8) write$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, &(0x7f0000000180)="12", 0x1) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000200)='/sys/module/zswap/parameters/compressor\x00', 0x80002, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/devices/platform/dummy_hcd.0/usb1/1-0:1.0/usb1-port1/quirks\x00', 0x123a42, 0x0) sendfile$auto(r1, r2, 0x0, 0x3) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000006c0)='/sys/module/psmouse/parameters/proto\x00', 0x20a42, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r3, &(0x7f0000001080)=""/4076, 0xfec) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000200)={{0x0, 0x2000000, &(0x7f0000000080)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x4008) mmap$auto(0x0, 0x2020009, 0x3, 0xeb2, 0xfffffffffffffffb, 0x8000) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x101800, 0x0) write$auto(0xffffffffffffffff, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) 4.710623968s ago: executing program 2 (id=1919): openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) socket(0xa, 0x5, 0x0) socket(0xa, 0x3, 0xff) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) pidfd_open$auto(0x1, 0x0) syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) socket(0x1e, 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x7, 0xd, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0) write$auto(0xffffffffffffffff, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, 0x0, 0x1, 0x0) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x55) socket(0x2, 0x3, 0xa) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x8) connect$auto(0x3, &(0x7f00000018c0)=@l2tp={0x2, 0x0, @multicast1}, 0x55) sendmmsg$auto(0x3, 0x0, 0x9a6, 0xe000) 3.527544266s ago: executing program 0 (id=1921): socket(0xa, 0x801, 0x106) setsockopt$auto(0x3, 0x6, 0x9, 0x0, 0xfb3) r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), 0xffffffffffffffff) openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/binderfs/binder1\x00', 0x214000, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r1 = socket(0x2b, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @multicast2}, 0x6a) mmap$auto(0xfffffffffffffffc, 0x4, 0x7, 0x800015, 0x7, 0x5) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) ioctl$auto(r2, 0x4b71, 0x1) connect$auto(r1, &(0x7f0000000080)=@tipc=@nameseq={0x1e, 0x1, 0x3, {0x0, 0x2, 0x1}}, 0x54) madvise$auto(0x0, 0xffffffffffff0001, 0x15) syz_genetlink_get_family_id$auto_mac80211_hwsim(0x0, 0xffffffffffffffff) unshare$auto(0x40000080) setsockopt$auto(0x3, 0x1, 0x21, 0x0, 0x9) r3 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000140), r1) sendmsg$auto_NL80211_CMD_START_SCHED_SCAN(r1, &(0x7f0000000340)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000380)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES64=r2, @ANYRESOCT=r3], 0x9c}, 0x1, 0x0, 0x0, 0x20000045}, 0x20044025) write$auto(r0, 0x0, 0x8) mmap$auto(0x0, 0x400008, 0xdf, 0x14, 0x2, 0x7ffe) connect$auto(0x3, 0x0, 0x55) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) mmap$auto(0x0, 0x20809, 0xdf, 0xeb1, 0x40000000000a5, 0x7ffe) socketpair$auto(0x5e, 0x5, 0x8000000000000000, 0x0) socket(0x29, 0xa, 0x8) rseq$auto(&(0x7f00000001c0)={0xe, 0x421, 0xf735, 0x7, 0xffffffff, 0x2, "3457c6218c9fcc7acfc948566c068db54b5d135e0d35ac8b3d1fe732e81396e2337ad75d7034d734486d3462f1dd3c3ff8cb695be1af9e173a8b5fc5e688e58a4a65a76091d579aed8e12b469397c0468caf036a6fad5117cad28bacd604568d8d5253fb98d80a8d5fe4be71dab745812bef5243bf6a784616cf8650f588d68830bc0e1b60c909ce000000000000006924d1da3b"}, 0x7ffc, 0x0, 0x6) readv$auto(0x4, &(0x7f0000000100)={0x0, 0x1000}, 0x8) write$auto(0x3, 0x0, 0xfdef) select$auto(0x8, 0x0, 0x0, &(0x7f00000002c0)={[0x9, 0x49c, 0x8000, 0x2, 0x948b, 0x3, 0x15f4da0b, 0x800, 0x3, 0x9, 0x80000009, 0x1, 0x893, 0x20000000000046, 0x1, 0xfffffffffffffffe]}, 0x0) 2.555133537s ago: executing program 1 (id=1922): mmap$auto(0x0, 0x2020009, 0x8000000000000003, 0x40000000000eb1, 0xffffffffffffffff, 0x8000) r0 = socket(0x2, 0x1, 0x106) ppoll$auto(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x8) sendmsg$auto_NL80211_CMD_COLOR_CHANGE_REQUEST(r0, 0x0, 0x2000c004) r1 = io_uring_setup$auto(0x6, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) connect$auto(0xffffffffffffffff, &(0x7f00000018c0)=@in={0x2, 0x300, @rand_addr=0x64010100}, 0x55) r2 = socket(0x2, 0x1, 0x0) openat$auto_ftrace_subsystem_filter_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/tracing/events/vmalloc/filter\x00', 0x303, 0x0) getsockopt$auto(r2, 0x6, 0x21, 0x0, &(0x7f00000000c0)=0x28000) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_ipvs(&(0x7f0000000700), 0xffffffffffffffff) sendmsg$auto_IPVS_CMD_SET_CONFIG(r3, &(0x7f0000000bc0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=ANY=[@ANYBLOB="14000000", @ANYRES16=r4, @ANYBLOB="1bbf1146e81c80a4c408f2fa0651"], 0x14}}, 0x4000050) close_range$auto(0x2, 0x8, 0x0) r5 = open(0x0, 0x1ad240, 0x1b1) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/scsi/device_info\x00', 0x48041, 0x0) write$auto(0x3, 0x0, 0xfffffdef) socket(0xa, 0x3, 0x3b) sendmsg$auto_NLBL_UNLABEL_C_LIST(r1, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000080)={0x48, 0x0, 0x8, 0x70bd2a, 0x25dfdbfc, {}, [@NLBL_UNLABEL_A_ACPTFLG={0x5, 0x1, 0x9}, @NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'veth0_vlan\x00'}, @NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @rand_addr=0x64010101}, @NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @private=0xa010101}, @NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @local}]}, 0x48}, 0x1, 0x0, 0x0, 0x2000c852}, 0x10) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) connect$auto(r5, &(0x7f00000018c0)=@in={0x2, 0x4e21, @broadcast}, 0x55) 2.402942995s ago: executing program 1 (id=1923): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0xa, 0x0) writev$auto(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x1002}, 0x7) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(0x2, 0x16, &(0x7f0000000040), 0x1) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x3, 0x7) sysinfo$auto(0x0) r1 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_REQ_SET_REG(r1, &(0x7f0000000380)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="007000fe1cdf251b00000008379f0002000046010400080108004d01040000000800ef00000100"/54], 0x3c}, 0x1, 0x0, 0x0, 0x20040081}, 0x85) openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f00000003c0)='/sys/kernel/tracing/per_cpu/cpu1/trace_pipe_raw\x00', 0x24302, 0x0) mmap$auto(0x3, 0x2000a, 0x10000000000df, 0xeb2, r0, 0x8000) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000240)='/dev/input/event2\x00', 0x4a404, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/midiC2D3\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r2, &(0x7f00000000c0)='/dev/audio1\x00', 0x100000a3d9) r3 = openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x20001, 0x0) ppoll$auto(&(0x7f00000000c0)={r3, 0x0, 0x8}, 0xf7, &(0x7f0000000100)={0x80000000008000, 0x1}, 0x0, 0x8) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000000)={{0x0, 0x2, 0x0, 0x3, 0x0, 0xfffffffffffffffc, 0x696b}, 0xed7138c}, 0x2, 0x9) r4 = socket(0x4, 0x5, 0x84) sendto$auto(r4, 0x0, 0x401, 0x7f, &(0x7f0000000000)=@generic={0xa, "e2e18340cba8fe80000700"}, 0x1c) r5 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/net/sctp/assocs\x00', 0x0, 0x0) read$auto_proc_reg_file_ops_compat_inode(r5, 0x0, 0xfffffe36) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/bus/usb/034/001\x00', 0x20882, 0x0) r6 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/wakeup_count\x00', 0xc0082, 0x0) write$auto_kernfs_file_fops_kernfs_internal(r6, &(0x7f0000000080)='7', 0x1) ioctl$auto_BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000140)={"2252f65ca1b92f72a92538725b0694521629e8c3e6ba91c62e2e9d42cf4aef15", 0x4, 0x3, 0x8004, 0x6, 0xff}) 2.374765637s ago: executing program 3 (id=1924): mmap$auto(0x0, 0x2020007, 0xffffffffffffffff, 0xeb1, 0xffffffffffffffff, 0x8000) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ram5\x00', 0x14fa02, 0x0) r0 = openat$auto_userio_fops_userio(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) writev$auto(r0, &(0x7f0000000300)={0x0, 0x10001}, 0xc) mmap$auto(0x0, 0x810004, 0x400000000ffb, 0x8000000008011, 0x3, 0x8000) openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x82000, 0x0) openat$auto_snd_pcm_f_ops_pcm1(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$auto_SO_RCVPRIORITY(0xffffffffffffffff, 0x2, 0x52, &(0x7f00000001c0)='/dev/virtual_nci\x00', 0x0) setresuid$auto(0x0, 0x0, 0x0) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x60742, 0x0) r2 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000540)='/proc/sys/net/ipv4/fib_multipath_hash_policy\x00', 0x40a81, 0x0) sendfile$auto(r2, r1, 0x0, 0x1000202) ioctl$auto_HDIO_GETGEO(r1, 0x301, &(0x7f0000000200)="087822ecf8d2fbbaccd09826fe4a4bfa887afb6c8c4ed23579ce10c76894fa9ddfb4d78f031bc2c507ac1a50afd12854f3585a9bcaff9d7e5f191ec977dcc43afafa602ec045a0c278eda634fd910233f5fbc71de658f213aa0292488d6497769d259bfbf9487c557a84") sendmsg$auto_NL80211_CMD_GET_STATION(r2, &(0x7f0000000480)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000440)={&(0x7f0000001900)=ANY=[@ANYBLOB="58050000", @ANYRES16=0x0, @ANYRES32, @ANYBLOB="0c00598008002000", @ANYRES32=0x0, @ANYRESOCT=0x0], 0x558}, 0x1, 0x0, 0x0, 0x8805}, 0x20084010) openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x121900, 0x0) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x0, 0x0) prctl$auto_PR_SET_MM_START_STACK(0x80000000, 0x5, 0x0, 0x2, 0x1) mmap$auto(0x0, 0x1000000a0009, 0xe1, 0xfffffffefffffff7, r0, 0x10) r4 = openat$auto_iommufd_fops_main(0xffffffffffffff9c, &(0x7f0000000400), 0x80001, 0x0) ioctl$auto(r4, 0x3b82, 0x38) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r3, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/net/anycast6\x00', 0x402, 0x0) sched_setattr$auto(0x0, 0x0, 0x2) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) sendfile$auto(0x3, 0x3, 0x0, 0x400000000006) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x101801, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000000), 0x80201, 0x0) 1.22486846s ago: executing program 1 (id=1925): r0 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/cec2\x00', 0x101000, 0x0) ioctl$auto_CEC_ADAP_S_LOG_ADDRS(r0, 0xc05c6104, &(0x7f00000000c0)={"58f99464", 0x8, 0x6, 0x1, 0x3, 0x5, "4bb69ec4b3f4c14539898e4c5682f5", "347f00", "a630df9d", "a0ed9959", ["cd9196b8fe1a8a7eb90401a9", "2f9c30017721de33c560b95a", "d3fe6c55a78d6932211c9b69", "ea334f1f1e5e27a1320d6edb"]}) r1 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000048c0)='/dev/dsp1\x00', 0x20000, 0x0) ioctl$auto_SNDCTL_DSP_SETFMT(r1, 0xc0045005, &(0x7f0000000180)="6da6b940dfe114cacac8b7cca871a393aaf922f69708e0") close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00\b', @ANYRES16=0x0, @ANYBLOB], 0x28}, 0x1, 0x0, 0x0, 0x4004040}, 0xc800) sendmsg$auto_BATADV_CMD_TP_METER(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000400)=ANY=[@ANYBLOB="141e00dd7f0038537b7ff52045486a0bdc6901c61ba3777428b50129f254b446ab6e3cd3484bc5bcf0c592fda4190103f7628098f1a4beb3baedae7f610449c0a60af75192dab729c77501353be2d6a1f14874b6bf8502f42e46d89d75ff897b6c7e9ba71ce612dac5b0d20585e9179c0db9e9a4e4d921abdbc02e1f7933ad0634219be36cef0bc6f309551f8711769dfbc465b60f8436f24f87c89bee8aaae1eab8266fb70f08eb1904ebd16797f22648", @ANYRES16=0x0, @ANYBLOB="000326bd7000fedbdf2502000000"], 0x14}, 0x1, 0x0, 0x0, 0x4c894}, 0x4) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB=' \x00\''], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x8002, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x9}, 0x3, 0x0) write$auto(0xca, &(0x7f0000000040)='\x045h\xd5\x89|d\v\x00\x00\x00\x00\x81\x00\x00\x00\xf6\xf5\x00\xdf\xff\x00', 0x10) mmap$auto(0x0, 0x2020009, 0x3, 0xf8, 0xfffffffffffffffa, 0x8000) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/event1\x00', 0x8000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_macsec(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$auto_MACSEC_CMD_UPD_RXSC(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000500)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="01022cbd7000fedbdf250300e0ff0f0002800c0001000a000000001d000008000100d606e03121b8409c494188459c5229bca1564e7a0dd36289e4c7dd8c509a2a029df3b7492fa56be1c129efba0e8aba9b05760a6fec0b21fec34b81ee150065da1ff532d47b56748cf10e9bf14b8076565ef0c43789b31b4004bd751b413001b785b49ac6a775273fa73ef3d0d8ff3d2f89691ceab0abdf05f5d20e9a6ec1335875a480515353a89ba327b75acea0c74d243e0b92d423091f8d4b602d8382ca62d16cefe286bff6e231a15290520206b198505f20745b71a014270705c23262db9c2278024c7fdabe0d33ea9b836ae7323d30e12e3e2597e8664c35496116bb8ee011be2cd4955b331eab96e0", @ANYRES32=0x0, @ANYBLOB], 0x2c}, 0x1, 0x0, 0x0, 0x20004054}, 0x480b0) 912.734628ms ago: executing program 1 (id=1926): r0 = openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000000)='/dev/binderfs/binder0\x00', 0x102, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2020009, 0x100003, 0x9000000eb1, 0xfffffffffffffffa, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptyr0\x00', 0x60540, 0x0) socket(0x15, 0x5, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket(0x11, 0x2, 0x73) pipe2$auto(0x0, 0x0) io_uring_setup$auto(0x7e1b, 0x0) socket(0x2, 0x5, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0x1, 0x5, 0x100000, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptya7\x00', 0x101e81, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptyde\x00', 0xa0102, 0x0) ioctl$auto_TIOCSETD2(r1, 0x5423, 0x0) ioctl$auto(0x3, 0x80000541b, 0x38) ioctl$auto_BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) select$auto(0x6c50, &(0x7f0000000080)={[0x10, 0x7, 0xc, 0x8000000000000001, 0xe, 0x2, 0x8, 0x8000, 0xb, 0x6, 0x80, 0x5, 0xd, 0xdc, 0x7, 0x7fffffffffffffff]}, &(0x7f0000000100)={[0x6, 0xfffffffffffeffff, 0x1, 0x7, 0x7f, 0x6, 0x5, 0x2, 0x5b6, 0x1, 0x46, 0x3, 0x10000, 0x2, 0x3, 0x6]}, &(0x7f00000001c0)={[0x4000000, 0x2c0, 0xc9, 0x0, 0x1, 0x4, 0x80000001, 0x2, 0x9, 0x80000001, 0xb3, 0x81, 0x1, 0x1, 0x5, 0x4]}, &(0x7f0000000240)={0x8001, 0xfff}) r2 = openat$auto_state_fops_(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) read$auto_state_fops_(r2, &(0x7f0000000180)=""/61, 0xfffffeeb) 674.772934ms ago: executing program 1 (id=1927): openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/003/001\x00', 0x1, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/sys/net/ipv6/neigh/ip_vti0/base_reachable_time_ms\x00', 0x202, 0x0) write$auto(0x3, 0x0, 0xfdef) mmap$auto(0x0, 0xf4, 0xdf, 0xeb1, 0x69a5, 0xa800000000000000) r1 = openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000001cc0), 0x101440, 0x0) ioctl$auto_SNDRV_TIMER_IOCTL_SELECT(r1, 0x40345410, &(0x7f00000000c0)={{0x6, 0x2, 0x200800, 0xffebffff, 0xfffffffb}, "0dcffd570001000000000000000000000000000000000000000000000000000a"}) sysfs$auto(0x2, 0x41, 0x0) r2 = fsopen$auto(0x0, 0x1) fsconfig$auto_SHMEM_HUGE_NEVER(r2, 0x5, &(0x7f0000000180)='+\x00_\xe8\xdb\xff\x0f\\X\xc9#\xa0\xdc\x04\x0f\x99v\xbc\xc3\xf2\x03\xe2T\b\x9c\xe7J\xcd\x00\x00\x00\x00\x00\x00\x00\x00c\x00\x00\x00\x00\x00\x00\x00', 0x0, 0x0) mmap$auto(0x0, 0x1000, 0xe3, 0x11, r0, 0x8000) socket(0x2, 0x80002, 0x73) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r3 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000140)='/proc/kcore\x00', 0x10b402, 0x0) pread64$auto(r3, 0x0, 0x800003, 0x2e5c) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @loopback}, 0x54) write$auto(0x3, 0x0, 0xfdef) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) read$auto(r3, &(0x7f0000000000)='\x00', 0x8) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="0d566b3dd008e4edd9650200000000000008"], 0x24}, 0x1, 0x0, 0x0, 0x20000010}, 0x200000c4) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000280)='/sys/bus/usb/drivers/ushc/remove_id\x00', 0x3c5981, 0x0) socket(0x10, 0xa, 0x5) sendmsg$auto_NETDEV_CMD_QUEUE_GET(0xffffffffffffffff, &(0x7f0000003040)={0x0, 0x0, &(0x7f0000003000)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c000000", @ANYRES16=0x0, @ANYBLOB="010600bd7000fbdbdf250a"], 0x1c}, 0x1, 0x0, 0x0, 0x20040004}, 0x20008810) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="18"], 0x1ac}}, 0x40000) r4 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r4, &(0x7f0000000080)={{0x0, 0x400, &(0x7f00000002c0)={0x0, 0xc4}, 0x2, 0x0, 0x6, 0x1}, 0x5}, 0x1, 0x8000) 666.655195ms ago: executing program 2 (id=1928): sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x100007fdfdffb) r0 = prctl$auto_PR_SCHED_CORE_SHARE_FROM(0x8, 0x3, 0x0, 0x0, 0x2) sendfile$auto(r0, r0, &(0x7f0000000340)=0x7, 0x0) mmap$auto(0x6, 0x4020009, 0xdf, 0x13, 0x401, 0xfffffffffffffffe) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, r0, 0x7ffe) write$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, &(0x7f0000000180)="12", 0x1) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000200)='/sys/module/zswap/parameters/compressor\x00', 0x80002, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/devices/platform/dummy_hcd.0/usb1/1-0:1.0/usb1-port1/quirks\x00', 0x123a42, 0x0) sendfile$auto(r1, r2, 0x0, 0x3) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000006c0)='/sys/module/psmouse/parameters/proto\x00', 0x20a42, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r3, &(0x7f0000001080)=""/4076, 0xfec) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000200)={{0x0, 0x2000000, &(0x7f0000000080)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x4008) mmap$auto(0x0, 0x2020009, 0x3, 0xeb2, 0xfffffffffffffffb, 0x8000) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x101800, 0x0) write$auto(0xffffffffffffffff, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) 390.700896ms ago: executing program 0 (id=1929): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) r0 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket(0x848000000015, 0x805, 0x0) bind$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x37}}, 0x6b) connect$auto(0x3, &(0x7f00000000c0)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0xff, 0x0}}, 0x55) keyctl$auto(0x5, 0xffffffffffffffff, 0x5, 0x5, 0x8) r3 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/keys\x00', 0x1c9802, 0x0) r4 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000140), r2) sendmsg$auto_NL80211_CMD_SET_NOACK_MAP(r1, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000180)={&(0x7f0000000900)=ANY=[@ANYBLOB="f8000000", @ANYRES16=r4, @ANYBLOB="00022abd7000fddbdf2557000003e4511cc076a9fc2182d718df080bca28001a007979ca1c81aefea98cf6a569a586693ac044c7758b25dbd1a1595339cad96e009031323be07556b8fb6b9f000d90ba10b4f4c82727788f3e2fca3ba20a55344556b191bbe1d6806cee471382db72946d652cafb87f086bada6f1ee0e699f024ca569b02fa2c429adc2938d9ba8b58bc24b08a7db856da7fdeb88aa057206e1e76689fecb3b7834e33f9953e9d9e8db089f4bf7aec4ef587b1168ce0328f731e753157994120e33a0a8b57f3d5d51f59162c1800df7e2eae15965b855fdaab91629f2962a658b5372e277531d621e66ca586098ee"], 0xf8}}, 0x4000000) mmap$auto(0x0, 0x420009, 0xdf, 0xeb1, 0x401, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x0, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) r5 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000300)='/proc/self/smaps_rollup\x00', 0x40000, 0x0) read$auto_proc_pid_maps_operations_internal(r5, &(0x7f0000001580)=""/4101, 0x1005) r6 = waitid$auto_P_ALL(0x0, 0x5cb, &(0x7f00000004c0)={@_si_pad}, 0xffff4b81, &(0x7f0000000540)={{}, {0xcb, 0x9580}, 0x6, 0x57, 0x1, 0x5821, 0x0, 0x1, 0x7, 0xa1, 0x1000, 0x200, 0x6246, 0xa, 0x7, 0x55c}) shmctl$auto_SHM_STAT_ANY(0x53c, 0xf, &(0x7f0000000800)={{0x1e, 0xee00, 0xee00, 0x307e68c5, 0x1, 0x792, 0x9}, 0xaf6, 0x6, 0x100, 0x1, @raw=0x33e, @inferred, 0x5, 0x0, &(0x7f0000000600)="3fa30759c01e598ab35c7a2b23fc0b38fd11729d666ad25dafcc6dcf4a43fc9e0e8d0575615c9e698dcee79b585a7be6e97fac780a977698ad2b4dac4840c1c2625433862c15a74133855e31e1bced218f1e63197a4ff36dc7917677d75aaee279b2e4d2f663cb66359fcbee7f7de96a5859b57c74ad00bcb564c1adc856bb68024de534299cab35065dcc8d3a337508d23e3179e4f3d75c6960a6fe0230fc8d87b5dbd9bd3a26aed3991727b9f13a9050dfb2f359aeaf3d2fbb14d51d3f71d2ae0e79bb", &(0x7f0000000700)="c9158de1c1b86f68ef2245d3417d025a65ede4642c41b91d652e38dc83fb8af1b0ac22d8085dddc2aee5681f1eb268dd56e8fbf690b1028beae2e9128ede88ff54d511d2b1fac89bc25c892ffb826b28ed5db3ab8e627e3975a04b0b4513451cea10bb00c1fe320cc40996f078e6cfc615f3673787fdc54bf1a54c74d31f5a81ea94facc911705a8d9af9e57bee9362cf0fe73cf21a4a5f48610f7d91fb9b39b2c319353a935ae54994011c40a760c5d30415f7c30fdbbb5017d64e418301aad5f41f1ffd438f0dad16c67f4c270538d3e84dc1a8a4f3d7857a8f906ed7ff43cffba53c1"}) pidfd_send_signal$auto_PIDFD_SELF_THREAD_GROUP(0xffffffffffffb1e0, 0x0, &(0x7f0000000880)={@siginfo_0_0={0x4, 0x5, 0x3, @_sigchld={r6, r7, 0x0, 0x6, 0x7fffffff}}}, 0x1000) pread64$auto(r3, &(0x7f0000000380)='/proc/scsi/sg/devices\x00', 0x100000001, 0x100) socket(0x2d, 0x2, 0x0) bind$auto(0x3, &(0x7f0000000000)=@in={0x2, 0x4e20, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x4) sendmsg$auto_NL80211_CMD_GET_WIPHY(r0, 0x0, 0x0) sendmsg$auto_OVS_FLOW_CMD_GET(r0, 0x0, 0x0) ioctl$auto_XFS_IOC_PATH_TO_FSHANDLE(0xffffffffffffffff, 0xc0385868, &(0x7f0000000280)={r2, &(0x7f0000000100), 0xffffffff, &(0x7f0000000000)="0c54893d92c8e14117e7c244a0e9219e586449e72bdc6a0bfb01a1f634512364b048e46d75c95f7795f96638335e65b4cd218823f9da2b006f7fd5a6af69cada86dfdeffac550e0945263002a823b78b424ff4a3f6d591f36f73e0cc9f398b", 0x100, &(0x7f0000000200)="9dabc562d54a8c25f5f8b0d1849a1cadfb21967ba4c681dbcd241d57", &(0x7f0000000240)=0x4}) read$auto_ipsec_dbg_fops_ipsec(r8, &(0x7f00000002c0)=""/167, 0xa7) close_range$auto(0x2, 0x8, 0x0) 0s ago: executing program 1 (id=1930): openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/fb1\x00', 0x422400, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffff7, 0x8000) r0 = socket(0x1d, 0x2, 0x6) mmap$auto(0x0, 0x4000040009, 0xdf, 0x9b72, r0, 0x28000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) r1 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x0, 0x2020009, 0x203, 0xeb1, 0xfffffffffffffffa, 0x8000) unshare$auto(0x40000080) r2 = set_tid_address$auto(0x0) syz_open_procfs$namespace(r2, &(0x7f0000000080)) r3 = syz_clone(0x124a000, 0x0, 0x0, 0x0, 0x0, 0x0) read$auto(0xffffffffffffffff, 0x0, 0xea) read$auto(0xffffffffffffffff, 0x0, 0x0) writev$auto(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x7}, 0x20000003) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, 0x0, 0x1, 0x0) geteuid() socket(0x9, 0x8000a, 0x1ff) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) prctl$auto(0x3e, 0x3, r3, 0x1, 0x4000) openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f0000000000), 0x804, 0x0) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000140)={{0x0, 0x12, 0x0, 0x6, 0x0, 0x2, 0x7}, 0x800008}, 0x1ff, 0x4) semget$auto(0x0, 0x13c, 0x1ff) bpf$auto(0x1000007, &(0x7f00000000c0)=@raw_tracepoint={0x9, 0x0, 0x0, 0x6}, 0x3d) semtimedop$auto(0x0, &(0x7f00000001c0)={0xa, 0x7, 0x7}, 0x1f4, 0x0) semtimedop$auto(0x0, &(0x7f0000000000)={0x7, 0x8000, 0x36ec}, 0x1, 0x0) semctl$auto(0x0, 0x9, 0x0, 0x2) io_uring_register$auto(r1, 0xe, 0x0, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000180), 0x800, 0x0) kernel console output (not intermixed with test programs): killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 543.995756][ T5826] CPU: 1 UID: 0 PID: 5826 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) [ 543.995793][ T5826] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 543.995809][ T5826] Call Trace: [ 543.995818][ T5826] [ 543.995828][ T5826] dump_stack_lvl+0x16c/0x1f0 [ 543.995861][ T5826] dump_header+0x101/0x930 [ 543.995891][ T5826] oom_kill_process+0x272/0xa40 [ 543.995923][ T5826] out_of_memory+0x350/0x1700 [ 543.995959][ T5826] ? __pfx_out_of_memory+0x10/0x10 [ 543.995995][ T5826] mem_cgroup_out_of_memory+0x118/0x130 [ 543.996037][ T5826] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 543.996086][ T5826] ? do_raw_spin_unlock+0x172/0x230 [ 543.996138][ T5826] try_charge_memcg+0x695/0xd30 [ 543.996180][ T5826] ? __pfx_try_charge_memcg+0x10/0x10 [ 543.996222][ T5826] ? find_held_lock+0x2b/0x80 [ 543.996256][ T5826] charge_memcg+0x8a/0x230 [ 543.996289][ T5826] mem_cgroup_swapin_charge_folio+0xbb/0x440 [ 543.996329][ T5826] __read_swap_cache_async+0x397/0x500 [ 543.996363][ T5826] ? __pfx___read_swap_cache_async+0x10/0x10 [ 543.996394][ T5826] ? __schedule+0x11a3/0x5de0 [ 543.996431][ T5826] swap_cluster_readahead+0x432/0x770 [ 543.996469][ T5826] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 543.996496][ T5826] ? __pfx___schedule+0x10/0x10 [ 543.996545][ T5826] ? __lock_acquire+0x622/0x1c90 [ 543.996578][ T5826] ? get_vma_policy+0x242/0x3c0 [ 543.996618][ T5826] swapin_readahead+0x13a/0xd60 [ 543.996659][ T5826] ? __pfx_swapin_readahead+0x10/0x10 [ 543.996685][ T5826] ? swap_cache_get_folio+0x267/0x8e0 [ 543.996711][ T5826] ? swap_cache_get_folio+0x267/0x8e0 [ 543.996734][ T5826] ? swap_cache_get_folio+0x267/0x8e0 [ 543.996762][ T5826] ? swap_cache_get_folio+0x267/0x8e0 [ 543.996786][ T5826] ? swap_cache_get_folio+0x1f/0x8e0 [ 543.996809][ T5826] ? swap_cache_get_folio+0x293/0x8e0 [ 543.996838][ T5826] ? __pfx_swap_cache_get_folio+0x10/0x10 [ 543.996863][ T5826] ? __pfx_get_swap_device+0x10/0x10 [ 543.996896][ T5826] ? do_swap_page+0x125/0x6340 [ 543.996936][ T5826] do_swap_page+0x86c/0x6340 [ 543.996989][ T5826] ? __pfx_do_swap_page+0x10/0x10 [ 543.997026][ T5826] ? __pfx_default_wake_function+0x10/0x10 [ 543.997061][ T5826] ? rcu_is_watching+0x12/0xc0 [ 543.997090][ T5826] ? ___pte_offset_map+0x2ad/0x4f0 [ 543.997135][ T5826] __handle_mm_fault+0x17d1/0x2aa0 [ 543.997180][ T5826] ? mt_find+0x3e2/0xa20 [ 543.997211][ T5826] ? __pfx___handle_mm_fault+0x10/0x10 [ 543.997248][ T5826] ? __pfx_mt_find+0x10/0x10 [ 543.997301][ T5826] ? find_vma+0xbf/0x140 [ 543.997331][ T5826] ? __pfx_find_vma+0x10/0x10 [ 543.997366][ T5826] handle_mm_fault+0x589/0xd10 [ 543.997407][ T5826] ? __pkru_allows_pkey+0x11/0xb0 [ 543.997449][ T5826] do_user_addr_fault+0x7a6/0x1370 [ 543.997478][ T5826] ? rcu_is_watching+0x12/0xc0 [ 543.997510][ T5826] exc_page_fault+0x64/0xc0 [ 543.997541][ T5826] asm_exc_page_fault+0x26/0x30 [ 543.997566][ T5826] RIP: 0033:0x7f10b1fc1f88 [ 543.997588][ T5826] Code: 3c 24 48 89 4c 24 18 e8 f6 54 ff ff 4c 8b 54 24 18 48 8b 54 24 10 41 89 c0 8b 74 24 0c 8b 3c 24 b8 e6 00 00 00 0f 05 44 89 c7 <48> 89 04 24 e8 4f 55 ff ff 48 8b 04 24 48 83 c4 28 f7 d8 c3 0f 1f [ 543.997612][ T5826] RSP: 002b:00007ffc1e7545a0 EFLAGS: 00010293 [ 543.997634][ T5826] RAX: 0000000000000000 RBX: 0000000000000451 RCX: 00007f10b1fc1f85 [ 543.997650][ T5826] RDX: 00007ffc1e7545e0 RSI: 0000000000000000 RDI: 0000000000000000 [ 543.997667][ T5826] RBP: 00007ffc1e75464c R08: 0000000000000000 R09: 0000000000000000 [ 543.997682][ T5826] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000001388 [ 543.997699][ T5826] R13: 00000000000927c0 R14: 00000000000849b5 R15: 00007ffc1e7546a0 [ 543.997737][ T5826] [ 543.997747][ T5826] memory: usage 3072kB, limit 3072kB, failcnt 151555 [ 544.381027][ T5826] memory+swap: usage 3732kB, limit 9007199254740988kB, failcnt 0 [ 544.396162][ T5826] kmem: usage 2472kB, limit 9007199254740988kB, failcnt 0 [ 544.403839][ T5826] Memory cgroup stats for /syz3: [ 544.404351][ T5826] cache 0 [ 544.418349][ T5826] rss 0 [ 544.421502][ T5826] rss_huge 0 [ 544.424775][ T5826] shmem 0 [ 544.427826][ T5826] mapped_file 0 [ 544.432026][ T5826] dirty 0 [ 544.436501][ T5826] writeback 0 [ 544.440336][ T5826] workingset_refault_anon 37935 [ 544.445333][ T5826] workingset_refault_file 27076 [ 544.453800][ T5826] swap 675840 [ 544.457248][ T5826] swapcached 614400 [ 544.461658][ T5826] pgpgin 262086 [ 544.465290][ T5826] pgpgout 263469 [ 544.468978][ T5826] pgfault 375491 [ 544.473249][ T5826] pgmajfault 14701 [ 544.477134][ T5826] inactive_anon 614400 [ 544.481953][ T5826] active_anon 0 [ 544.485756][ T5826] inactive_file 0 [ 544.489501][ T5826] active_file 0 [ 544.494171][ T5826] unevictable 0 [ 544.497735][ T5826] hierarchical_memory_limit 3145728 [ 544.503835][ T5826] hierarchical_memsw_limit 9223372036854771712 [ 544.510358][ T5826] total_cache 0 [ 544.514004][ T5826] total_rss 0 [ 544.517363][ T5826] total_rss_huge 0 [ 544.521685][ T5826] total_shmem 0 [ 544.525320][ T5826] total_mapped_file 0 [ 544.529382][ T5826] total_dirty 0 [ 544.533476][ T5826] total_writeback 0 [ 544.537464][ T5826] total_workingset_refault_anon 37935 [ 544.543347][ T5826] total_workingset_refault_file 27076 [ 544.548902][ T5826] total_swap 675840 [ 544.555328][ T5826] total_swapcached 614400 [ 544.560172][ T5826] total_pgpgin 262086 [ 544.564253][ T5826] total_pgpgout 263469 [ 544.568416][ T5826] total_pgfault 375491 [ 544.573517][ T5826] total_pgmajfault 14701 [ 544.577865][ T5826] total_inactive_anon 614400 [ 544.583158][ T5826] total_active_anon 0 [ 544.587486][ T5826] total_inactive_file 0 [ 544.592171][ T5826] total_active_file 0 [ 544.596323][ T5826] total_unevictable 0 [ 544.600968][ T5826] anon_cost 0 [ 544.604384][ T5826] file_cost 0 [ 544.607916][ T5826] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz.3.1599,pid=13280,uid=0 [ 544.625948][ T5826] Memory cgroup out of memory: Killed process 13280 (syz.3.1599) total-vm:134980kB, anon-rss:1140kB, file-rss:22780kB, shmem-rss:0kB, UID:0 pgtables:144kB oom_score_adj:1000 [ 544.690243][T13293] FAULT_INJECTION: forcing a failure. [ 544.690243][T13293] name fail_futex, interval 1, probability 0, space 0, times 0 [ 544.709731][T13293] CPU: 0 UID: 0 PID: 13293 Comm: syz.0.1601 Not tainted syzkaller #0 PREEMPT(full) [ 544.709767][T13293] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 544.709784][T13293] Call Trace: [ 544.709792][T13293] [ 544.709802][T13293] dump_stack_lvl+0x16c/0x1f0 [ 544.709836][T13293] should_fail_ex+0x512/0x640 [ 544.709877][T13293] get_futex_key+0x293/0x1560 [ 544.709915][T13293] ? __pfx_get_futex_key+0x10/0x10 [ 544.709947][T13293] ? __mutex_trylock_common+0xe9/0x250 [ 544.709993][T13293] futex_wake+0xea/0x530 [ 544.710033][T13293] ? __pfx_futex_wake+0x10/0x10 [ 544.710064][T13293] ? __lock_acquire+0xb8a/0x1c90 [ 544.710121][T13293] do_futex+0x1e3/0x350 [ 544.710157][T13293] ? __pfx_do_futex+0x10/0x10 [ 544.710188][T13293] ? __might_fault+0xe3/0x190 [ 544.710226][T13293] mm_release+0x24e/0x300 [ 544.710256][T13293] do_exit+0x68e/0x2bf0 [ 544.710299][T13293] ? __pfx_do_exit+0x10/0x10 [ 544.710333][T13293] ? do_raw_spin_lock+0x12c/0x2b0 [ 544.710371][T13293] ? find_held_lock+0x2b/0x80 [ 544.710405][T13293] do_group_exit+0xd3/0x2a0 [ 544.710444][T13293] get_signal+0x2671/0x26d0 [ 544.710488][T13293] ? __pfx_get_signal+0x10/0x10 [ 544.710513][T13293] ? do_futex+0x122/0x350 [ 544.710545][T13293] ? __pfx_do_futex+0x10/0x10 [ 544.710582][T13293] arch_do_signal_or_restart+0x8f/0x790 [ 544.710617][T13293] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 544.710660][T13293] ? xfd_validate_state+0x61/0x180 [ 544.710694][T13293] ? __pfx___do_sys_close_range+0x10/0x10 [ 544.710733][T13293] exit_to_user_mode_loop+0x85/0x130 [ 544.710773][T13293] do_syscall_64+0x426/0xfa0 [ 544.710806][T13293] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 544.710833][T13293] RIP: 0033:0x7f0eba78f6c9 [ 544.710854][T13293] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 544.710881][T13293] RSP: 002b:00007f0ebb5c50e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 544.710907][T13293] RAX: fffffffffffffe00 RBX: 00007f0eba9e6098 RCX: 00007f0eba78f6c9 [ 544.710926][T13293] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f0eba9e6098 [ 544.710943][T13293] RBP: 00007f0eba9e6090 R08: 0000000000000000 R09: 0000000000000000 [ 544.710960][T13293] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 544.710976][T13293] R13: 00007f0eba9e6128 R14: 00007ffdc869a310 R15: 00007ffdc869a3f8 [ 544.711014][T13293] [ 545.814198][T13305] zswap: compressor 000 not available [ 546.208844][T13248] Bluetooth: hci2: unexpected event 0x35 length: 13 > 6 [ 546.213763][T13323] netlink: 11 bytes leftover after parsing attributes in process `syz.2.1610'. [ 548.224221][T13318] syz.3.1609 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000 [ 548.235334][T13318] CPU: 0 UID: 0 PID: 13318 Comm: syz.3.1609 Not tainted syzkaller #0 PREEMPT(full) [ 548.235371][T13318] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 548.235386][T13318] Call Trace: [ 548.235396][T13318] [ 548.235407][T13318] dump_stack_lvl+0x16c/0x1f0 [ 548.235440][T13318] dump_header+0x101/0x930 [ 548.235472][T13318] oom_kill_process+0x272/0xa40 [ 548.235504][T13318] out_of_memory+0x350/0x1700 [ 548.235540][T13318] ? __pfx_out_of_memory+0x10/0x10 [ 548.235579][T13318] mem_cgroup_out_of_memory+0x118/0x130 [ 548.235625][T13318] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 548.235674][T13318] ? do_raw_spin_unlock+0x172/0x230 [ 548.235721][T13318] try_charge_memcg+0x695/0xd30 [ 548.235761][T13318] ? __pfx_try_charge_memcg+0x10/0x10 [ 548.235802][T13318] ? find_held_lock+0x2b/0x80 [ 548.235837][T13318] charge_memcg+0x8a/0x230 [ 548.235868][T13318] mem_cgroup_swapin_charge_folio+0xbb/0x440 [ 548.235910][T13318] __read_swap_cache_async+0x397/0x500 [ 548.235943][T13318] ? __pfx___read_swap_cache_async+0x10/0x10 [ 548.235974][T13318] ? trace_sched_exit_tp+0xd1/0x120 [ 548.236013][T13318] ? __schedule+0x11a3/0x5de0 [ 548.236047][T13318] swap_cluster_readahead+0x432/0x770 [ 548.236085][T13318] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 548.236137][T13318] ? __lock_acquire+0x622/0x1c90 [ 548.236170][T13318] ? get_vma_policy+0x242/0x3c0 [ 548.236209][T13318] swapin_readahead+0x13a/0xd60 [ 548.236249][T13318] ? __pfx_swapin_readahead+0x10/0x10 [ 548.236275][T13318] ? swap_cache_get_folio+0x267/0x8e0 [ 548.236299][T13318] ? swap_cache_get_folio+0x267/0x8e0 [ 548.236323][T13318] ? swap_cache_get_folio+0x267/0x8e0 [ 548.236352][T13318] ? swap_cache_get_folio+0x267/0x8e0 [ 548.236377][T13318] ? swap_cache_get_folio+0x1f/0x8e0 [ 548.236401][T13318] ? swap_cache_get_folio+0x293/0x8e0 [ 548.236430][T13318] ? __pfx_swap_cache_get_folio+0x10/0x10 [ 548.236454][T13318] ? __pfx_get_swap_device+0x10/0x10 [ 548.236487][T13318] ? do_swap_page+0x125/0x6340 [ 548.236524][T13318] do_swap_page+0x86c/0x6340 [ 548.236572][T13318] ? __pfx_do_swap_page+0x10/0x10 [ 548.236610][T13318] ? __pfx_default_wake_function+0x10/0x10 [ 548.236650][T13318] ? __lock_acquire+0x622/0x1c90 [ 548.236688][T13318] ? rcu_is_watching+0x12/0xc0 [ 548.236716][T13318] ? ___pte_offset_map+0x2ad/0x4f0 [ 548.236755][T13318] __handle_mm_fault+0x17d1/0x2aa0 [ 548.236806][T13318] ? __pfx___handle_mm_fault+0x10/0x10 [ 548.236855][T13318] ? lock_vma_under_rcu+0x176/0x530 [ 548.236899][T13318] ? __pfx_lock_vma_under_rcu+0x10/0x10 [ 548.236948][T13318] handle_mm_fault+0x589/0xd10 [ 548.236984][T13318] ? __pkru_allows_pkey+0x11/0xb0 [ 548.237026][T13318] do_user_addr_fault+0x60c/0x1370 [ 548.237052][T13318] ? rcu_is_watching+0x12/0xc0 [ 548.237082][T13318] exc_page_fault+0x64/0xc0 [ 548.237112][T13318] asm_exc_page_fault+0x26/0x30 [ 548.237135][T13318] RIP: 0033:0x7f10b1f8f78f [ 548.237155][T13318] Code: ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 0a 00 00 00 0f 05 48 3d 01 f0 ff ff 73 01 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f [ 548.237180][T13318] RSP: 002b:00007ffc1e754228 EFLAGS: 00010217 [ 548.237200][T13318] RAX: 0000000000000000 RBX: 00007f10b2ea46c0 RCX: 00007f10b1f8f787 [ 548.237218][T13318] RDX: 0000000000000003 RSI: 0000000000020000 RDI: 00007f10b2e85000 [ 548.237232][T13318] RBP: 0000000000000000 R08: 00000000ffffffff R09: 0000000000000000 [ 548.237248][T13318] R10: 0000000000021000 R11: 0000000000000206 R12: 00007ffc1e754380 [ 548.237265][T13318] R13: ffffffffffffffc0 R14: 0000000000001000 R15: 0000000000000000 [ 548.237302][T13318] [ 548.595506][T13318] memory: usage 3072kB, limit 3072kB, failcnt 151971 [ 548.825618][T13318] memory+swap: usage 3804kB, limit 9007199254740988kB, failcnt 0 [ 548.917309][T13347] FAULT_INJECTION: forcing a failure. [ 548.917309][T13347] name fail_futex, interval 1, probability 0, space 0, times 0 [ 548.952349][T13318] kmem: usage 2052kB, limit 9007199254740988kB, failcnt 0 [ 548.966006][T13318] Memory cgroup stats for /syz3: [ 548.966183][T13318] cache 499712 [ 548.975637][T13318] rss 0 [ 548.978420][T13318] rss_huge 0 [ 548.982556][T13347] CPU: 1 UID: 0 PID: 13347 Comm: syz.1.1614 Not tainted syzkaller #0 PREEMPT(full) [ 548.982577][T13347] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 548.982586][T13347] Call Trace: [ 548.982591][T13347] [ 548.982596][T13347] dump_stack_lvl+0x16c/0x1f0 [ 548.982617][T13347] should_fail_ex+0x512/0x640 [ 548.982641][T13347] get_futex_key+0x293/0x1560 [ 548.982662][T13347] ? __pfx_get_futex_key+0x10/0x10 [ 548.982680][T13347] ? __mutex_trylock_common+0xe9/0x250 [ 548.982705][T13347] futex_wake+0xea/0x530 [ 548.982727][T13347] ? __pfx_futex_wake+0x10/0x10 [ 548.982747][T13347] ? __lock_acquire+0xb8a/0x1c90 [ 548.982780][T13347] do_futex+0x1e3/0x350 [ 548.982799][T13347] ? __pfx_do_futex+0x10/0x10 [ 548.982816][T13347] ? __might_fault+0xe3/0x190 [ 548.982835][T13347] mm_release+0x24e/0x300 [ 548.982851][T13347] do_exit+0x68e/0x2bf0 [ 548.982874][T13347] ? __pfx_do_exit+0x10/0x10 [ 548.982893][T13347] ? do_raw_spin_lock+0x12c/0x2b0 [ 548.982914][T13347] ? find_held_lock+0x2b/0x80 [ 548.982931][T13347] do_group_exit+0xd3/0x2a0 [ 548.982951][T13347] get_signal+0x2671/0x26d0 [ 548.982974][T13347] ? __pfx_get_signal+0x10/0x10 [ 548.982989][T13347] ? do_futex+0x122/0x350 [ 548.983008][T13347] ? __pfx_do_futex+0x10/0x10 [ 548.983028][T13347] arch_do_signal_or_restart+0x8f/0x790 [ 548.983046][T13347] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 548.983069][T13347] ? __pfx___do_sys_close_range+0x10/0x10 [ 548.983088][T13347] exit_to_user_mode_loop+0x85/0x130 [ 548.983111][T13347] do_syscall_64+0x426/0xfa0 [ 548.983128][T13347] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 548.983142][T13347] RIP: 0033:0x7f3f2eb8f6c9 [ 548.983154][T13347] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 548.983167][T13347] RSP: 002b:00007f3f2f9410e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 548.983181][T13347] RAX: fffffffffffffe00 RBX: 00007f3f2ede6098 RCX: 00007f3f2eb8f6c9 [ 548.983191][T13347] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f3f2ede6098 [ 548.983200][T13347] RBP: 00007f3f2ede6090 R08: 0000000000000000 R09: 0000000000000000 [ 548.983208][T13347] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 548.983217][T13347] R13: 00007f3f2ede6128 R14: 00007ffc21696e40 R15: 00007ffc21696f28 [ 548.983236][T13347] [ 548.986040][T13318] shmem 0 [ 549.349397][T13318] mapped_file 0 [ 549.355900][T13318] dirty 0 [ 549.358876][T13318] writeback 0 [ 549.363209][T13318] workingset_refault_anon 38008 [ 549.373365][T13318] workingset_refault_file 27076 [ 549.391243][T13318] swap 749568 [ 549.434646][T13318] swapcached 544768 [ 549.450215][T13318] pgpgin 262359 [ 549.500111][T13318] pgpgout 263637 [ 549.503698][T13318] pgfault 376336 [ 549.507230][T13318] pgmajfault 14770 [ 549.557187][T13318] inactive_anon 262144 [ 549.616620][T13318] active_anon 282624 [ 549.639801][T13318] inactive_file 0 [ 549.643560][T13318] active_file 499712 [ 549.740868][T13318] unevictable 0 [ 549.745570][T13318] hierarchical_memory_limit 3145728 [ 549.751228][T13318] hierarchical_memsw_limit 9223372036854771712 [ 549.757568][T13318] total_cache 499712 [ 549.762008][T13318] total_rss 0 [ 549.765850][T13318] total_rss_huge 0 [ 549.770378][T13318] total_shmem 0 [ 549.775328][T13318] total_mapped_file 0 [ 549.779405][T13318] total_dirty 0 [ 549.783392][T13318] total_writeback 0 [ 549.787258][T13318] total_workingset_refault_anon 38008 [ 549.793054][T13318] total_workingset_refault_file 27076 [ 549.798494][T13318] total_swap 749568 [ 549.802688][T13318] total_swapcached 544768 [ 549.807079][T13318] total_pgpgin 262359 [ 549.811386][T13318] total_pgpgout 263637 [ 549.815641][T13318] total_pgfault 376336 [ 549.823142][T13318] total_pgmajfault 14770 [ 549.827450][T13318] total_inactive_anon 262144 [ 549.839706][T13318] total_active_anon 282624 [ 549.844309][T13318] total_inactive_file 0 [ 549.856016][T13318] total_active_file 0 [ 549.866895][T13318] total_unevictable 0 [ 549.879077][T13318] anon_cost 0 [ 549.899812][T13318] file_cost 0 [ 549.914070][T13318] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz.3.1609,pid=13318,uid=0 [ 549.970975][T13318] Memory cgroup out of memory: Killed process 13318 (syz.3.1609) total-vm:102212kB, anon-rss:1304kB, file-rss:22728kB, shmem-rss:0kB, UID:0 pgtables:136kB oom_score_adj:1000 [ 550.495360][T13371] zswap: compressor 000 not available [ 550.595168][T13248] Bluetooth: hci0: unexpected event 0x35 length: 13 > 6 [ 550.597193][T13376] netlink: 11 bytes leftover after parsing attributes in process `syz.0.1620'. [ 552.113095][ T32] oom_reaper: reaped process 13318 (syz.3.1609), now anon-rss:44kB, file-rss:21548kB, shmem-rss:0kB [ 552.643334][T13248] Bluetooth: hci0: unexpected event 0x35 length: 13 > 6 [ 552.675345][T13417] netlink: 11 bytes leftover after parsing attributes in process `syz.0.1631'. [ 552.738689][T13419] FAULT_INJECTION: forcing a failure. [ 552.738689][T13419] name failslab, interval 1, probability 0, space 0, times 0 [ 552.819739][T13419] CPU: 1 UID: 0 PID: 13419 Comm: syz.1.1628 Not tainted syzkaller #0 PREEMPT(full) [ 552.819774][T13419] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 552.819788][T13419] Call Trace: [ 552.819796][T13419] [ 552.819807][T13419] dump_stack_lvl+0x16c/0x1f0 [ 552.819838][T13419] should_fail_ex+0x512/0x640 [ 552.819874][T13419] ? __kmalloc_cache_noprof+0x5f/0x780 [ 552.819918][T13419] should_failslab+0xc2/0x120 [ 552.819952][T13419] __kmalloc_cache_noprof+0x72/0x780 [ 552.819996][T13419] ? snd_pcm_oss_change_params_locked+0x1db/0x3a30 [ 552.820040][T13419] ? snd_pcm_oss_change_params_locked+0x1db/0x3a30 [ 552.820074][T13419] snd_pcm_oss_change_params_locked+0x1db/0x3a30 [ 552.820115][T13419] ? trace_contention_end+0xdd/0x130 [ 552.820151][T13419] ? __mutex_lock+0x1c5/0x1060 [ 552.820181][T13419] ? preempt_schedule_thunk+0x16/0x30 [ 552.820224][T13419] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 552.820270][T13419] ? __pfx___mutex_lock+0x10/0x10 [ 552.820299][T13419] ? __lock_acquire+0xb8a/0x1c90 [ 552.820356][T13419] snd_pcm_oss_make_ready+0xe6/0x1b0 [ 552.820393][T13419] snd_pcm_oss_set_trigger.isra.0+0x5e/0x6b0 [ 552.820435][T13419] snd_pcm_oss_ioctl+0x1d38/0x37c0 [ 552.820470][T13419] ? find_held_lock+0x2b/0x80 [ 552.820495][T13419] ? hook_file_ioctl_common+0x145/0x410 [ 552.820523][T13419] ? __pfx_snd_pcm_oss_ioctl+0x10/0x10 [ 552.820562][T13419] ? __fget_files+0x20e/0x3c0 [ 552.820594][T13419] ? __pfx_snd_pcm_oss_ioctl+0x10/0x10 [ 552.820631][T13419] __x64_sys_ioctl+0x18e/0x210 [ 552.820671][T13419] do_syscall_64+0xcd/0xfa0 [ 552.820703][T13419] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 552.820730][T13419] RIP: 0033:0x7f3f2eb8f6c9 [ 552.820751][T13419] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 552.820776][T13419] RSP: 002b:00007f3f2cdd5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 552.820802][T13419] RAX: ffffffffffffffda RBX: 00007f3f2ede6270 RCX: 00007f3f2eb8f6c9 [ 552.820820][T13419] RDX: 0000000000000000 RSI: 0000000040045010 RDI: 0000000000000003 [ 552.820836][T13419] RBP: 00007f3f2cdd5090 R08: 0000000000000000 R09: 0000000000000000 [ 552.820852][T13419] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 552.820869][T13419] R13: 00007f3f2ede6308 R14: 00007f3f2ede6270 R15: 00007ffc21696f28 [ 552.820907][T13419] [ 553.838214][T13432] size and base must be multiples of 4 kiB [ 553.844565][T13432] CPU: 0 UID: 0 PID: 13432 Comm: syz.0.1634 Not tainted syzkaller #0 PREEMPT(full) [ 553.844601][T13432] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 553.844617][T13432] Call Trace: [ 553.844625][T13432] [ 553.844635][T13432] dump_stack_lvl+0x16c/0x1f0 [ 553.844671][T13432] mtrr_del+0xd1/0x110 [ 553.844708][T13432] mtrr_ioctl+0x922/0xcf0 [ 553.844744][T13432] ? __pfx_mtrr_ioctl+0x10/0x10 [ 553.844789][T13432] ? find_held_lock+0x2b/0x80 [ 553.844821][T13432] ? __fget_files+0x20e/0x3c0 [ 553.844845][T13432] ? __pfx_mtrr_ioctl+0x10/0x10 [ 553.844878][T13432] proc_reg_unlocked_ioctl+0x229/0x320 [ 553.844911][T13432] ? __pfx_proc_reg_unlocked_ioctl+0x10/0x10 [ 553.844946][T13432] __x64_sys_ioctl+0x18e/0x210 [ 553.844986][T13432] do_syscall_64+0xcd/0xfa0 [ 553.845016][T13432] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 553.845042][T13432] RIP: 0033:0x7f0eba78f6c9 [ 553.845064][T13432] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 553.845097][T13432] RSP: 002b:00007f0ebb5a4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 553.845121][T13432] RAX: ffffffffffffffda RBX: 00007f0eba9e6180 RCX: 00007f0eba78f6c9 [ 553.845139][T13432] RDX: 0000000000000007 RSI: 0000000040104d04 RDI: 0000000000000003 [ 553.845155][T13432] RBP: 00007f0eba811f91 R08: 0000000000000000 R09: 0000000000000000 [ 553.845169][T13432] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 553.845185][T13432] R13: 00007f0eba9e6218 R14: 00007f0eba9e6180 R15: 00007ffdc869a3f8 [ 553.845231][T13432] [ 555.006171][T13442] vcan0: tx drop: invalid sa for name 0x00000000000000fd [ 555.055745][T13442] vcan0: tx drop: invalid sa for name 0x00000000000000fd [ 555.976567][T13449] dmxdev: DVB (dvb_dmxdev_filter_start): could not set feed [ 555.991130][T13449] dvb_demux: dvb_demux_feed_del: feed not in list (type=1 state=0 pid=ffff) [ 556.046551][T13459] netlink: 11 bytes leftover after parsing attributes in process `syz.0.1641'. [ 556.056615][T13248] Bluetooth: hci0: unexpected event 0x35 length: 13 > 6 [ 556.458295][T13449] blktrace: Concurrent blktraces are not allowed on loop2 [ 556.981268][T13461] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 556.988759][T13461] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 556.999938][T13461] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 557.006206][T13461] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 557.120425][T13468] dmxdev: DVB (dvb_dmxdev_filter_start): could not set feed [ 557.139821][T13468] dvb_demux: dvb_demux_feed_del: feed not in list (type=1 state=0 pid=ffff) [ 557.329092][T13477] netlink: 346 bytes leftover after parsing attributes in process `syz.0.1645'. [ 557.712339][T13489] FAULT_INJECTION: forcing a failure. [ 557.712339][T13489] name failslab, interval 1, probability 0, space 0, times 0 [ 557.725786][T13489] CPU: 1 UID: 0 PID: 13489 Comm: syz.3.1648 Not tainted syzkaller #0 PREEMPT(full) [ 557.725824][T13489] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 557.725842][T13489] Call Trace: [ 557.725852][T13489] [ 557.725864][T13489] dump_stack_lvl+0x16c/0x1f0 [ 557.725902][T13489] should_fail_ex+0x512/0x640 [ 557.725945][T13489] ? __kmalloc_node_noprof+0xcd/0x8a0 [ 557.725979][T13489] should_failslab+0xc2/0x120 [ 557.726013][T13489] __kmalloc_node_noprof+0xe0/0x8a0 [ 557.726041][T13489] ? rcu_is_watching+0x12/0xc0 [ 557.726069][T13489] ? get_callchain_buffers+0x1ec/0x450 [ 557.726107][T13489] ? get_callchain_buffers+0xf1/0x450 [ 557.726151][T13489] ? get_callchain_buffers+0x1ec/0x450 [ 557.726184][T13489] get_callchain_buffers+0x1ec/0x450 [ 557.726225][T13489] stack_map_alloc+0x313/0x650 [ 557.726264][T13489] ? __pfx_stack_map_mem_usage+0x10/0x10 [ 557.726301][T13489] map_create+0x65c/0x27e0 [ 557.726356][T13489] ? __pfx_map_create+0x10/0x10 [ 557.726394][T13489] ? __might_fault+0xe3/0x190 [ 557.726419][T13489] ? __might_fault+0xe3/0x190 [ 557.726444][T13489] ? __might_fault+0x13b/0x190 [ 557.726485][T13489] __sys_bpf+0x3d9d/0x4980 [ 557.726510][T13489] ? futex_private_hash_put+0x18a/0x300 [ 557.726544][T13489] ? __pfx___sys_bpf+0x10/0x10 [ 557.726568][T13489] ? __pfx_futex_wait+0x10/0x10 [ 557.726621][T13489] ? do_futex+0x122/0x350 [ 557.726668][T13489] ? fput+0x9b/0xd0 [ 557.726700][T13489] ? xfd_validate_state+0x61/0x180 [ 557.726732][T13489] ? __pfx_ksys_write+0x10/0x10 [ 557.726763][T13489] __x64_sys_bpf+0x78/0xc0 [ 557.726786][T13489] ? lockdep_hardirqs_on+0x7c/0x110 [ 557.726813][T13489] do_syscall_64+0xcd/0xfa0 [ 557.726841][T13489] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 557.726865][T13489] RIP: 0033:0x7f10b1f8f6c9 [ 557.726885][T13489] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 557.726907][T13489] RSP: 002b:00007f10b2ee6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 557.726943][T13489] RAX: ffffffffffffffda RBX: 00007f10b21e5fa0 RCX: 00007f10b1f8f6c9 [ 557.726961][T13489] RDX: 00000000000004f4 RSI: 0000200000000100 RDI: 0000000000000000 [ 557.726976][T13489] RBP: 00007f10b2011f91 R08: 0000000000000000 R09: 0000000000000000 [ 557.726992][T13489] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 557.727007][T13489] R13: 00007f10b21e6038 R14: 00007f10b21e5fa0 R15: 00007ffc1e754288 [ 557.727041][T13489] [ 558.058462][ T52] Bluetooth: hci2: unexpected event 0x35 length: 13 > 6 [ 558.061205][T13487] netlink: 11 bytes leftover after parsing attributes in process `syz.2.1650'. [ 558.570192][ T52] Bluetooth: hci2: command 0x0406 tx timeout [ 558.651896][T13494] size and base must be multiples of 4 kiB [ 558.657759][T13494] CPU: 0 UID: 0 PID: 13494 Comm: syz.1.1649 Not tainted syzkaller #0 PREEMPT(full) [ 558.657780][T13494] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 558.657790][T13494] Call Trace: [ 558.657796][T13494] [ 558.657803][T13494] dump_stack_lvl+0x16c/0x1f0 [ 558.657830][T13494] mtrr_del+0xd1/0x110 [ 558.657849][T13494] mtrr_ioctl+0x922/0xcf0 [ 558.657869][T13494] ? __pfx_mtrr_ioctl+0x10/0x10 [ 558.657892][T13494] ? find_held_lock+0x2b/0x80 [ 558.657911][T13494] ? __fget_files+0x20e/0x3c0 [ 558.657926][T13494] ? __pfx_mtrr_ioctl+0x10/0x10 [ 558.657945][T13494] proc_reg_unlocked_ioctl+0x229/0x320 [ 558.657964][T13494] ? __pfx_proc_reg_unlocked_ioctl+0x10/0x10 [ 558.657984][T13494] __x64_sys_ioctl+0x18e/0x210 [ 558.658006][T13494] do_syscall_64+0xcd/0xfa0 [ 558.658022][T13494] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 558.658037][T13494] RIP: 0033:0x7f3f2eb8f6c9 [ 558.658050][T13494] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 558.658063][T13494] RSP: 002b:00007f3f2cdf6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 558.658078][T13494] RAX: ffffffffffffffda RBX: 00007f3f2ede6180 RCX: 00007f3f2eb8f6c9 [ 558.658087][T13494] RDX: 0000000000000007 RSI: 0000000040104d04 RDI: 0000000000000003 [ 558.658096][T13494] RBP: 00007f3f2ec11f91 R08: 0000000000000000 R09: 0000000000000000 [ 558.658105][T13494] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 558.658114][T13494] R13: 00007f3f2ede6218 R14: 00007f3f2ede6180 R15: 00007ffc21696f28 [ 558.658134][T13494] [ 559.049873][ T52] Bluetooth: hci0: command 0x0406 tx timeout [ 559.056101][T13248] Bluetooth: hci1: command 0x0406 tx timeout [ 559.060294][ T5831] Bluetooth: hci3: command 0x0406 tx timeout [ 559.886282][T13514] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 559.893371][T13514] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 559.924071][T13514] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 559.945112][T13514] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 560.967919][T13551] FAULT_INJECTION: forcing a failure. [ 560.967919][T13551] name failslab, interval 1, probability 0, space 0, times 0 [ 561.011536][T13542] zswap: compressor 000 not available [ 561.075717][T13551] CPU: 0 UID: 0 PID: 13551 Comm: syz.0.1665 Not tainted syzkaller #0 PREEMPT(full) [ 561.075753][T13551] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 561.075768][T13551] Call Trace: [ 561.075778][T13551] [ 561.075788][T13551] dump_stack_lvl+0x16c/0x1f0 [ 561.075825][T13551] should_fail_ex+0x512/0x640 [ 561.075861][T13551] ? fs_reclaim_acquire+0xae/0x150 [ 561.075897][T13551] should_failslab+0xc2/0x120 [ 561.075930][T13551] __kmalloc_noprof+0xdd/0x880 [ 561.075969][T13551] ? tomoyo_encode2+0x100/0x3e0 [ 561.076003][T13551] ? tomoyo_encode2+0x100/0x3e0 [ 561.076030][T13551] tomoyo_encode2+0x100/0x3e0 [ 561.076062][T13551] tomoyo_encode+0x29/0x50 [ 561.076089][T13551] tomoyo_realpath_from_path+0x18f/0x6e0 [ 561.076123][T13551] ? tomoyo_profile+0x47/0x60 [ 561.076163][T13551] tomoyo_path_number_perm+0x245/0x580 [ 561.076201][T13551] ? tomoyo_path_number_perm+0x237/0x580 [ 561.076244][T13551] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 561.076285][T13551] ? find_held_lock+0x2b/0x80 [ 561.076344][T13551] ? find_held_lock+0x2b/0x80 [ 561.076369][T13551] ? hook_file_ioctl_common+0x145/0x410 [ 561.076403][T13551] ? __fget_files+0x20e/0x3c0 [ 561.076435][T13551] security_file_ioctl+0x9b/0x240 [ 561.076462][T13551] __x64_sys_ioctl+0xb7/0x210 [ 561.076501][T13551] do_syscall_64+0xcd/0xfa0 [ 561.076532][T13551] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 561.076558][T13551] RIP: 0033:0x7f0eba78f6c9 [ 561.076579][T13551] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 561.076603][T13551] RSP: 002b:00007f0ebb5c5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 561.076628][T13551] RAX: ffffffffffffffda RBX: 00007f0eba9e6090 RCX: 00007f0eba78f6c9 [ 561.076646][T13551] RDX: 0000200000000040 RSI: 0000000040045701 RDI: 0000000000000003 [ 561.076669][T13551] RBP: 00007f0ebb5c5090 R08: 0000000000000000 R09: 0000000000000000 [ 561.076685][T13551] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 561.076700][T13551] R13: 00007f0eba9e6128 R14: 00007f0eba9e6090 R15: 00007ffdc869a3f8 [ 561.076738][T13551] [ 561.130251][T13551] ERROR: Out of memory at tomoyo_realpath_from_path. [ 561.653653][T13560] FAULT_INJECTION: forcing a failure. [ 561.653653][T13560] name fail_futex, interval 1, probability 0, space 0, times 0 [ 561.689866][ T5831] Bluetooth: hci2: command 0x0406 tx timeout [ 561.701822][T13560] CPU: 0 UID: 0 PID: 13560 Comm: syz.1.1667 Not tainted syzkaller #0 PREEMPT(full) [ 561.701856][T13560] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 561.701872][T13560] Call Trace: [ 561.701881][T13560] [ 561.701891][T13560] dump_stack_lvl+0x16c/0x1f0 [ 561.701926][T13560] should_fail_ex+0x512/0x640 [ 561.701970][T13560] get_futex_key+0x293/0x1560 [ 561.702009][T13560] ? __pfx_get_futex_key+0x10/0x10 [ 561.702042][T13560] ? __mutex_trylock_common+0xe9/0x250 [ 561.702085][T13560] futex_wake+0xea/0x530 [ 561.702125][T13560] ? __pfx_futex_wake+0x10/0x10 [ 561.702157][T13560] ? __lock_acquire+0xb8a/0x1c90 [ 561.702206][T13560] do_futex+0x1e3/0x350 [ 561.702234][T13560] ? __pfx_do_futex+0x10/0x10 [ 561.702263][T13560] ? __might_fault+0xe3/0x190 [ 561.702298][T13560] mm_release+0x24e/0x300 [ 561.702324][T13560] do_exit+0x68e/0x2bf0 [ 561.702362][T13560] ? __pfx_do_exit+0x10/0x10 [ 561.702395][T13560] ? do_raw_spin_lock+0x12c/0x2b0 [ 561.702429][T13560] ? find_held_lock+0x2b/0x80 [ 561.702461][T13560] do_group_exit+0xd3/0x2a0 [ 561.702498][T13560] get_signal+0x2671/0x26d0 [ 561.702538][T13560] ? __pfx_get_signal+0x10/0x10 [ 561.702565][T13560] ? do_futex+0x122/0x350 [ 561.702608][T13560] ? __pfx_do_futex+0x10/0x10 [ 561.702645][T13560] arch_do_signal_or_restart+0x8f/0x790 [ 561.702675][T13560] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 561.702713][T13560] ? __pfx___do_sys_close_range+0x10/0x10 [ 561.702753][T13560] exit_to_user_mode_loop+0x85/0x130 [ 561.702788][T13560] do_syscall_64+0x426/0xfa0 [ 561.702816][T13560] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 561.702839][T13560] RIP: 0033:0x7f3f2eb8f6c9 [ 561.702858][T13560] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 561.702880][T13560] RSP: 002b:00007f3f2f9410e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 561.702902][T13560] RAX: fffffffffffffe00 RBX: 00007f3f2ede6098 RCX: 00007f3f2eb8f6c9 [ 561.702918][T13560] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f3f2ede6098 [ 561.702932][T13560] RBP: 00007f3f2ede6090 R08: 0000000000000000 R09: 0000000000000000 [ 561.702947][T13560] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 561.702961][T13560] R13: 00007f3f2ede6128 R14: 00007ffc21696e40 R15: 00007ffc21696f28 [ 561.702993][T13560] [ 561.953902][ T5831] Bluetooth: hci1: command 0x0406 tx timeout [ 561.960262][ T5831] Bluetooth: hci3: command 0x0406 tx timeout [ 562.019853][ T5831] Bluetooth: hci0: command 0x0406 tx timeout [ 562.405738][T13553] ptrace attach of "./syz-executor exec"[5826] was attempted by ""[13553] [ 562.589863][T13572] vcan0: tx drop: invalid sa for name 0x00000000000000fd [ 562.648814][T13572] vcan0: tx drop: invalid sa for name 0x00000000000000fd [ 562.977208][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 562.984096][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 563.902665][T13583] vcan0: tx drop: invalid sa for name 0x00000000000000fd [ 564.763993][T13574] vcan0: tx drop: invalid sa for name 0x00000000000000fd [ 565.659862][T13614] vcan0: tx drop: invalid sa for name 0x00000000000000fd [ 565.829187][T13608] vcan0: tx drop: invalid sa for name 0x00000000000000fd [ 566.494495][T13604] syz.3.1683 invoked oom-killer: gfp_mask=0x408d40(GFP_NOFS|__GFP_ZERO|__GFP_NOFAIL|__GFP_ACCOUNT), order=0, oom_score_adj=1000 [ 566.614319][T13604] CPU: 0 UID: 0 PID: 13604 Comm: syz.3.1683 Not tainted syzkaller #0 PREEMPT(full) [ 566.614356][T13604] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 566.614379][T13604] Call Trace: [ 566.614388][T13604] [ 566.614399][T13604] dump_stack_lvl+0x16c/0x1f0 [ 566.614433][T13604] dump_header+0x101/0x930 [ 566.614465][T13604] oom_kill_process+0x272/0xa40 [ 566.614497][T13604] out_of_memory+0x350/0x1700 [ 566.614531][T13604] ? __pfx_out_of_memory+0x10/0x10 [ 566.614570][T13604] mem_cgroup_out_of_memory+0x118/0x130 [ 566.614610][T13604] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 566.614659][T13604] ? do_raw_spin_unlock+0x172/0x230 [ 566.614706][T13604] try_charge_memcg+0x695/0xd30 [ 566.614747][T13604] ? __pfx_try_charge_memcg+0x10/0x10 [ 566.614779][T13604] ? find_held_lock+0x2b/0x80 [ 566.614807][T13604] ? rcu_read_unlock+0x17/0x60 [ 566.614852][T13604] obj_cgroup_charge_account+0x292/0x500 [ 566.614893][T13604] __memcg_slab_post_alloc_hook+0x2ea/0x940 [ 566.614934][T13604] ? kasan_save_track+0x14/0x30 [ 566.614969][T13604] kmem_cache_alloc_noprof+0x550/0x6e0 [ 566.614996][T13604] ? alloc_buffer_head+0x21/0x160 [ 566.615035][T13604] ? alloc_buffer_head+0x21/0x160 [ 566.615064][T13604] alloc_buffer_head+0x21/0x160 [ 566.615095][T13604] folio_alloc_buffers+0x2b5/0x6c0 [ 566.615135][T13604] create_empty_buffers+0x36/0x480 [ 566.615172][T13604] folio_create_buffers+0x109/0x150 [ 566.615209][T13604] __block_write_begin_int+0x320/0x16d0 [ 566.615251][T13604] ? __pfx_ext4_da_get_block_prep+0x10/0x10 [ 566.615289][T13604] ? __pfx___block_write_begin_int+0x10/0x10 [ 566.615328][T13604] ? __pfx___might_resched+0x10/0x10 [ 566.615362][T13604] ? __pfx_ext4_da_get_block_prep+0x10/0x10 [ 566.615397][T13604] block_page_mkwrite+0x3d3/0x4b0 [ 566.615438][T13604] ext4_page_mkwrite+0x1362/0x1880 [ 566.615486][T13604] ? __pfx_ext4_page_mkwrite+0x10/0x10 [ 566.615521][T13604] ? inode_to_bdi+0x9e/0x160 [ 566.615562][T13604] do_page_mkwrite+0x174/0x380 [ 566.615594][T13604] ? __pfx_filemap_map_pages+0x10/0x10 [ 566.615618][T13604] do_pte_missing+0x29d/0x3ba0 [ 566.615658][T13604] ? find_held_lock+0x2b/0x80 [ 566.615686][T13604] ? __handle_mm_fault+0x1529/0x2aa0 [ 566.615730][T13604] __handle_mm_fault+0x1556/0x2aa0 [ 566.615775][T13604] ? mt_find+0x3e2/0xa20 [ 566.615809][T13604] ? __pfx___handle_mm_fault+0x10/0x10 [ 566.615845][T13604] ? __pfx_mt_find+0x10/0x10 [ 566.615899][T13604] ? find_vma+0xbf/0x140 [ 566.615929][T13604] ? __pfx_find_vma+0x10/0x10 [ 566.615964][T13604] handle_mm_fault+0x589/0xd10 [ 566.616005][T13604] ? __pkru_allows_pkey+0x11/0xb0 [ 566.616047][T13604] do_user_addr_fault+0x7a6/0x1370 [ 566.616075][T13604] ? rcu_is_watching+0x12/0xc0 [ 566.616107][T13604] exc_page_fault+0x64/0xc0 [ 566.616141][T13604] asm_exc_page_fault+0x26/0x30 [ 566.616167][T13604] RIP: 0033:0x7f10b1f57455 [ 566.616188][T13604] Code: 80 00 00 00 00 c5 fe 6f 0e c5 fe 6f 56 20 c5 fe 6f 5e 40 c5 fe 6f 66 60 48 83 ee 80 c5 fd 7f 0f c5 fd 7f 57 20 c5 fd 7f 5f 40 fd 7f 67 60 48 83 ef 80 48 39 fa 77 cd c5 fe 7f 6a 60 c5 fe 7f [ 566.616212][T13604] RSP: 002b:00007ffc1e7542c8 EFLAGS: 00010203 [ 566.616233][T13604] RAX: 0000001b31a17f80 RBX: 0000000000001140 RCX: 0000001b31a17f80 [ 566.616251][T13604] RDX: 0000001b31a19040 RSI: 00007f10afdf60a8 RDI: 0000001b31a17fa0 [ 566.616268][T13604] RBP: 00007f10b2d15720 R08: 0000000000000000 R09: 0000000000000001 [ 566.616285][T13604] R10: 0000000000000001 R11: 00007f10afdf6208 R12: 00007f10afdf6008 [ 566.616302][T13604] R13: 0000000000000004 R14: 0000000000000004 R15: 000000000000008a [ 566.616341][T13604] [ 566.618652][T13604] memory: usage 3072kB, limit 3072kB, failcnt 160439 [ 566.975299][T13604] memory+swap: usage 3744kB, limit 9007199254740988kB, failcnt 0 [ 567.195031][T13604] kmem: usage 2532kB, limit 9007199254740988kB, failcnt 0 [ 567.261855][T13604] Memory cgroup stats for /syz3: [ 567.262247][T13604] cache 4096 [ 567.308461][T13604] rss 0 [ 567.318164][T13604] rss_huge 0 [ 567.328219][T13604] shmem 0 [ 567.346102][T13604] mapped_file 0 [ 567.368915][T13604] dirty 0 [ 567.377187][T13604] writeback 0 [ 567.381943][T13604] workingset_refault_anon 38603 [ 567.395534][T13604] workingset_refault_file 27159 [ 567.405472][T13604] swap 688128 [ 567.426925][T13604] swapcached 548864 [ 567.440796][T13604] pgpgin 272073 [ 567.454322][T13604] pgpgout 273471 [ 567.468148][T13604] pgfault 390124 [ 567.478551][T13604] pgmajfault 15172 [ 567.482467][T13604] inactive_anon 290816 [ 567.496626][T13604] active_anon 258048 [ 567.511253][T13604] inactive_file 0 [ 567.514905][T13604] active_file 4096 [ 567.518608][T13604] unevictable 0 [ 567.532461][T13604] hierarchical_memory_limit 3145728 [ 567.537700][T13604] hierarchical_memsw_limit 9223372036854771712 [ 567.545335][T13604] total_cache 4096 [ 567.549059][T13604] total_rss 0 [ 567.559649][T13604] total_rss_huge 0 [ 567.565100][T13604] total_shmem 0 [ 567.568690][T13604] total_mapped_file 0 [ 567.574139][T13604] total_dirty 0 [ 567.579931][T13604] total_writeback 0 [ 567.583745][T13604] total_workingset_refault_anon 38603 [ 567.599337][T13604] total_workingset_refault_file 27159 [ 567.609262][T13604] total_swap 688128 [ 567.615123][T13604] total_swapcached 548864 [ 567.619481][T13604] total_pgpgin 272073 [ 567.633573][T13604] total_pgpgout 273471 [ 567.637767][T13604] total_pgfault 390124 [ 567.642321][T13604] total_pgmajfault 15172 [ 567.646569][T13604] total_inactive_anon 290816 [ 567.659951][T13604] total_active_anon 258048 [ 567.664529][T13604] total_inactive_file 0 [ 567.668681][T13604] total_active_file 4096 [ 567.680136][T13604] total_unevictable 0 [ 567.684127][T13604] anon_cost 0 [ 567.698860][T13604] file_cost 0 [ 567.702546][T13604] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz.3.1683,pid=13604,uid=0 [ 567.720997][T13604] Memory cgroup out of memory: Killed process 13604 (syz.3.1683) total-vm:116688kB, anon-rss:1140kB, file-rss:25756kB, shmem-rss:0kB, UID:0 pgtables:140kB oom_score_adj:1000 [ 568.226157][T13621] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 568.234775][T13621] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 568.241280][T13621] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 568.249377][T13621] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 568.893873][T13651] netlink: Failed to add  helper -22 [ 569.149372][ T52] Bluetooth: hci1: unexpected event 0x35 length: 13 > 6 [ 569.406322][T13665] ptrace attach of "./syz-executor exec"[5826] was attempted by ""[13665] [ 569.792080][T13662] size and base must be multiples of 4 kiB [ 569.805110][T13662] CPU: 1 UID: 0 PID: 13662 Comm: syz.2.1695 Not tainted syzkaller #0 PREEMPT(full) [ 569.805148][T13662] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 569.805162][T13662] Call Trace: [ 569.805170][T13662] [ 569.805180][T13662] dump_stack_lvl+0x16c/0x1f0 [ 569.805204][T13662] mtrr_del+0xd1/0x110 [ 569.805224][T13662] mtrr_ioctl+0x922/0xcf0 [ 569.805243][T13662] ? __pfx_mtrr_ioctl+0x10/0x10 [ 569.805266][T13662] ? find_held_lock+0x2b/0x80 [ 569.805289][T13662] ? __fget_files+0x20e/0x3c0 [ 569.805304][T13662] ? __pfx_mtrr_ioctl+0x10/0x10 [ 569.805322][T13662] proc_reg_unlocked_ioctl+0x229/0x320 [ 569.805347][T13662] ? __pfx_proc_reg_unlocked_ioctl+0x10/0x10 [ 569.805374][T13662] __x64_sys_ioctl+0x18e/0x210 [ 569.805396][T13662] do_syscall_64+0xcd/0xfa0 [ 569.805414][T13662] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 569.805429][T13662] RIP: 0033:0x7f04e778f6c9 [ 569.805441][T13662] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 569.805455][T13662] RSP: 002b:00007f04e860f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 569.805470][T13662] RAX: ffffffffffffffda RBX: 00007f04e79e6090 RCX: 00007f04e778f6c9 [ 569.805480][T13662] RDX: 0000000000000007 RSI: 0000000040104d04 RDI: 0000000000000003 [ 569.805488][T13662] RBP: 00007f04e7811f91 R08: 0000000000000000 R09: 0000000000000000 [ 569.805497][T13662] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 569.805506][T13662] R13: 00007f04e79e6128 R14: 00007f04e79e6090 R15: 00007ffdc7172908 [ 569.805524][T13662] [ 570.258426][ T52] Bluetooth: hci0: command 0x0406 tx timeout [ 570.258454][ T5831] Bluetooth: hci1: command 0x0406 tx timeout [ 570.264567][T13248] Bluetooth: hci3: command 0x0406 tx timeout [ 570.270620][ T5831] Bluetooth: hci2: command 0x0406 tx timeout [ 571.277989][T13674] Bluetooth: hci2: unexpected event 0x35 length: 13 > 6 [ 572.990870][T13730] ptrace attach of "./syz-executor exec"[5826] was attempted by ""[13730] [ 573.945608][T13674] Bluetooth: hci3: unexpected event 0x35 length: 13 > 6 [ 576.579392][ T5826] syz-executor invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 576.683740][ T5826] CPU: 0 UID: 0 PID: 5826 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) [ 576.683762][ T5826] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 576.683770][ T5826] Call Trace: [ 576.683776][ T5826] [ 576.683782][ T5826] dump_stack_lvl+0x16c/0x1f0 [ 576.683802][ T5826] dump_header+0x101/0x930 [ 576.683819][ T5826] oom_kill_process+0x272/0xa40 [ 576.683836][ T5826] out_of_memory+0x350/0x1700 [ 576.683854][ T5826] ? __pfx_out_of_memory+0x10/0x10 [ 576.683874][ T5826] mem_cgroup_out_of_memory+0x118/0x130 [ 576.683896][ T5826] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 576.683922][ T5826] ? do_raw_spin_unlock+0x172/0x230 [ 576.683948][ T5826] try_charge_memcg+0x695/0xd30 [ 576.683969][ T5826] ? __pfx_try_charge_memcg+0x10/0x10 [ 576.683991][ T5826] ? find_held_lock+0x2b/0x80 [ 576.684008][ T5826] charge_memcg+0x8a/0x230 [ 576.684026][ T5826] mem_cgroup_swapin_charge_folio+0xbb/0x440 [ 576.684048][ T5826] __read_swap_cache_async+0x397/0x500 [ 576.684067][ T5826] ? __pfx___read_swap_cache_async+0x10/0x10 [ 576.684082][ T5826] ? lockdep_hardirqs_on+0x7c/0x110 [ 576.684097][ T5826] ? finish_task_switch.isra.0+0x221/0xc10 [ 576.684114][ T5826] ? rcu_is_watching+0x12/0xc0 [ 576.684132][ T5826] swap_cluster_readahead+0x528/0x770 [ 576.684158][ T5826] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 576.684185][ T5826] ? __lock_acquire+0x622/0x1c90 [ 576.684202][ T5826] ? get_vma_policy+0x242/0x3c0 [ 576.684223][ T5826] swapin_readahead+0x13a/0xd60 [ 576.684238][ T5826] ? irqentry_exit+0x3b/0x90 [ 576.684258][ T5826] ? __pfx_swapin_readahead+0x10/0x10 [ 576.684271][ T5826] ? swap_cache_get_folio+0x267/0x8e0 [ 576.684284][ T5826] ? swap_cache_get_folio+0x267/0x8e0 [ 576.684297][ T5826] ? swap_cache_get_folio+0x267/0x8e0 [ 576.684311][ T5826] ? swap_cache_get_folio+0x267/0x8e0 [ 576.684324][ T5826] ? swap_cache_get_folio+0x1f/0x8e0 [ 576.684336][ T5826] ? swap_cache_get_folio+0x293/0x8e0 [ 576.684351][ T5826] ? __pfx_swap_cache_get_folio+0x10/0x10 [ 576.684364][ T5826] ? __pfx_get_swap_device+0x10/0x10 [ 576.684382][ T5826] ? do_swap_page+0x125/0x6340 [ 576.684404][ T5826] do_swap_page+0x86c/0x6340 [ 576.684432][ T5826] ? __pfx_do_swap_page+0x10/0x10 [ 576.684452][ T5826] ? __pfx_default_wake_function+0x10/0x10 [ 576.684468][ T5826] ? __lock_acquire+0x622/0x1c90 [ 576.684489][ T5826] ? rcu_is_watching+0x12/0xc0 [ 576.684503][ T5826] ? ___pte_offset_map+0x2ad/0x4f0 [ 576.684524][ T5826] __handle_mm_fault+0x17d1/0x2aa0 [ 576.684552][ T5826] ? __pfx___handle_mm_fault+0x10/0x10 [ 576.684581][ T5826] ? lock_vma_under_rcu+0x176/0x530 [ 576.684609][ T5826] ? __pfx_lock_vma_under_rcu+0x10/0x10 [ 576.684629][ T5826] ? get_timespec64+0x136/0x1b0 [ 576.684651][ T5826] handle_mm_fault+0x589/0xd10 [ 576.684673][ T5826] ? __pkru_allows_pkey+0x11/0xb0 [ 576.684697][ T5826] do_user_addr_fault+0x60c/0x1370 [ 576.684712][ T5826] ? rcu_is_watching+0x12/0xc0 [ 576.684729][ T5826] exc_page_fault+0x64/0xc0 [ 576.684745][ T5826] asm_exc_page_fault+0x26/0x30 [ 576.684759][ T5826] RIP: 0033:0x7f10b1fc1f88 [ 576.684773][ T5826] Code: 3c 24 48 89 4c 24 18 e8 f6 54 ff ff 4c 8b 54 24 18 48 8b 54 24 10 41 89 c0 8b 74 24 0c 8b 3c 24 b8 e6 00 00 00 0f 05 44 89 c7 <48> 89 04 24 e8 4f 55 ff ff 48 8b 04 24 48 83 c4 28 f7 d8 c3 0f 1f [ 576.684786][ T5826] RSP: 002b:00007ffc1e7545a0 EFLAGS: 00010293 [ 576.684799][ T5826] RAX: 0000000000000000 RBX: 0000000000000493 RCX: 00007f10b1fc1f85 [ 576.684808][ T5826] RDX: 00007ffc1e7545e0 RSI: 0000000000000000 RDI: 0000000000000000 [ 576.684817][ T5826] RBP: 00007ffc1e75464c R08: 0000000000000000 R09: 0000000000000000 [ 576.684825][ T5826] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000001388 [ 576.684834][ T5826] R13: 00000000000927c0 R14: 000000000008c7ab R15: 00007ffc1e7546a0 [ 576.684854][ T5826] [ 576.684860][ T5826] memory: usage 3072kB, limit 3072kB, failcnt 162159 [ 577.105970][ T5826] memory+swap: usage 3788kB, limit 9007199254740988kB, failcnt 0 [ 577.279742][ T5826] kmem: usage 2516kB, limit 9007199254740988kB, failcnt 0 [ 577.287725][ T5826] Memory cgroup stats for /syz3: [ 577.287911][ T5826] cache 0 [ 577.464520][ T5826] rss 0 [ 577.467397][ T5826] rss_huge 0 [ 577.470773][ T5826] shmem 0 [ 577.473863][ T5826] mapped_file 0 [ 577.477325][ T5826] dirty 0 [ 577.480718][ T5826] writeback 0 [ 577.484102][ T5826] workingset_refault_anon 38989 [ 577.489049][ T5826] workingset_refault_file 27159 [ 577.493969][ T5826] swap 733184 [ 577.497362][ T5826] swapcached 569344 [ 577.501261][ T5826] pgpgin 274867 [ 577.504726][ T5826] pgpgout 276261 [ 577.508506][ T5826] pgfault 396159 [ 577.536080][ T5826] pgmajfault 15476 [ 577.569109][ T5826] inactive_anon 569344 [ 577.574752][ T5826] active_anon 0 [ 577.584343][ T5826] inactive_file 0 [ 577.603085][ T5826] active_file 0 [ 577.606624][ T5826] unevictable 0 [ 577.610373][ T5826] hierarchical_memory_limit 3145728 [ 577.615733][ T5826] hierarchical_memsw_limit 9223372036854771712 [ 577.622196][ T5826] total_cache 0 [ 577.628120][ T5826] total_rss 0 [ 577.631545][ T5826] total_rss_huge 0 [ 577.638767][ T5826] total_shmem 0 [ 577.648352][ T5826] total_mapped_file 0 [ 577.652547][ T5826] total_dirty 0 [ 577.656021][ T5826] total_writeback 0 [ 577.659910][ T5826] total_workingset_refault_anon 38989 [ 577.670126][ T5826] total_workingset_refault_file 27159 [ 577.679651][ T5826] total_swap 733184 [ 577.683573][ T5826] total_swapcached 569344 [ 577.690263][ T5826] total_pgpgin 274867 [ 577.694357][ T5826] total_pgpgout 276261 [ 577.698485][ T5826] total_pgfault 396159 [ 577.702631][ T5826] total_pgmajfault 15476 [ 577.707222][ T5826] total_inactive_anon 569344 [ 577.712102][ T5826] total_active_anon 0 [ 577.720742][ T5826] total_inactive_file 0 [ 577.728810][ T5826] total_active_file 0 [ 577.733401][ T5826] total_unevictable 0 [ 577.737407][ T5826] anon_cost 0 [ 577.748406][ T5826] file_cost 0 [ 577.753697][ T5826] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz.3.1717,pid=13744,uid=0 [ 577.769215][ T5826] Memory cgroup out of memory: Killed process 13744 (syz.3.1717) total-vm:135112kB, anon-rss:1140kB, file-rss:21788kB, shmem-rss:0kB, UID:0 pgtables:144kB oom_score_adj:1000 [ 578.181260][T13760] vcan0: tx drop: invalid sa for name 0x00000000000000fd [ 578.203010][T13760] vcan0: tx drop: invalid sa for name 0x00000000000000fd [ 578.766695][T13674] Bluetooth: hci2: unexpected event 0x35 length: 13 > 6 [ 578.772330][T13784] ptrace attach of "./syz-executor exec"[5827] was attempted by ""[13784] [ 581.856695][T13821] vcan0: tx drop: invalid sa for name 0x00000000000000fd [ 581.882858][T13821] vcan0: tx drop: invalid sa for name 0x00000000000000fd [ 582.033556][T13823] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 582.040347][T13823] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 582.049868][T13823] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 582.061772][T13823] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 582.604574][T13853] size and base must be multiples of 4 kiB [ 582.610563][T13853] CPU: 0 UID: 0 PID: 13853 Comm: syz.0.1740 Not tainted syzkaller #0 PREEMPT(full) [ 582.610601][T13853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 582.610617][T13853] Call Trace: [ 582.610627][T13853] [ 582.610636][T13853] dump_stack_lvl+0x16c/0x1f0 [ 582.610668][T13853] mtrr_del+0xd1/0x110 [ 582.610703][T13853] mtrr_ioctl+0x922/0xcf0 [ 582.610736][T13853] ? __pfx_mtrr_ioctl+0x10/0x10 [ 582.610775][T13853] ? find_held_lock+0x2b/0x80 [ 582.610810][T13853] ? __fget_files+0x20e/0x3c0 [ 582.610831][T13853] ? __pfx_mtrr_ioctl+0x10/0x10 [ 582.610849][T13853] proc_reg_unlocked_ioctl+0x229/0x320 [ 582.610869][T13853] ? __pfx_proc_reg_unlocked_ioctl+0x10/0x10 [ 582.610889][T13853] __x64_sys_ioctl+0x18e/0x210 [ 582.610911][T13853] do_syscall_64+0xcd/0xfa0 [ 582.610928][T13853] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 582.610942][T13853] RIP: 0033:0x7f0eba78f6c9 [ 582.610954][T13853] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 582.610968][T13853] RSP: 002b:00007f0ebb583038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 582.610981][T13853] RAX: ffffffffffffffda RBX: 00007f0eba9e6270 RCX: 00007f0eba78f6c9 [ 582.610991][T13853] RDX: 0000000000000007 RSI: 0000000040104d04 RDI: 0000000000000003 [ 582.610999][T13853] RBP: 00007f0eba811f91 R08: 0000000000000000 R09: 0000000000000000 [ 582.611008][T13853] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 582.611016][T13853] R13: 00007f0eba9e6308 R14: 00007f0eba9e6270 R15: 00007ffdc869a3f8 [ 582.611035][T13853] [ 583.699780][T13674] Bluetooth: hci2: command 0x0406 tx timeout [ 584.099839][T13674] Bluetooth: hci0: command 0x0406 tx timeout [ 584.106177][T13674] Bluetooth: hci1: command 0x0406 tx timeout [ 584.109751][ T5843] Bluetooth: hci3: command 0x0406 tx timeout [ 584.438881][ T5826] syz-executor invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 584.482497][ T5826] CPU: 1 UID: 0 PID: 5826 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) [ 584.482532][ T5826] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 584.482547][ T5826] Call Trace: [ 584.482557][ T5826] [ 584.482567][ T5826] dump_stack_lvl+0x16c/0x1f0 [ 584.482599][ T5826] dump_header+0x101/0x930 [ 584.482629][ T5826] oom_kill_process+0x272/0xa40 [ 584.482660][ T5826] out_of_memory+0x350/0x1700 [ 584.482692][ T5826] ? __pfx_out_of_memory+0x10/0x10 [ 584.482729][ T5826] mem_cgroup_out_of_memory+0x118/0x130 [ 584.482768][ T5826] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 584.482815][ T5826] ? do_raw_spin_unlock+0x172/0x230 [ 584.482873][ T5826] try_charge_memcg+0x695/0xd30 [ 584.482912][ T5826] ? __pfx_try_charge_memcg+0x10/0x10 [ 584.482950][ T5826] ? find_held_lock+0x2b/0x80 [ 584.482983][ T5826] charge_memcg+0x8a/0x230 [ 584.483014][ T5826] mem_cgroup_swapin_charge_folio+0xbb/0x440 [ 584.483053][ T5826] __read_swap_cache_async+0x397/0x500 [ 584.483093][ T5826] ? __pfx___read_swap_cache_async+0x10/0x10 [ 584.483123][ T5826] ? __schedule+0x11a3/0x5de0 [ 584.483166][ T5826] swap_cluster_readahead+0x432/0x770 [ 584.483202][ T5826] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 584.483234][ T5826] ? css_rstat_updated+0x1c2/0x510 [ 584.483266][ T5826] ? __pfx_css_rstat_updated+0x10/0x10 [ 584.483305][ T5826] ? __lock_acquire+0x622/0x1c90 [ 584.483332][ T5826] ? get_vma_policy+0x242/0x3c0 [ 584.483369][ T5826] swapin_readahead+0x13a/0xd60 [ 584.483408][ T5826] ? __pfx_swapin_readahead+0x10/0x10 [ 584.483430][ T5826] ? swap_cache_get_folio+0x267/0x8e0 [ 584.483452][ T5826] ? swap_cache_get_folio+0x267/0x8e0 [ 584.483475][ T5826] ? swap_cache_get_folio+0x267/0x8e0 [ 584.483502][ T5826] ? swap_cache_get_folio+0x267/0x8e0 [ 584.483526][ T5826] ? swap_cache_get_folio+0x1f/0x8e0 [ 584.483549][ T5826] ? swap_cache_get_folio+0x293/0x8e0 [ 584.483577][ T5826] ? __pfx_swap_cache_get_folio+0x10/0x10 [ 584.483599][ T5826] ? __pfx_get_swap_device+0x10/0x10 [ 584.483632][ T5826] ? do_swap_page+0x125/0x6340 [ 584.483670][ T5826] do_swap_page+0x86c/0x6340 [ 584.483718][ T5826] ? __pfx_do_swap_page+0x10/0x10 [ 584.483755][ T5826] ? __pfx_default_wake_function+0x10/0x10 [ 584.483784][ T5826] ? __lock_acquire+0x622/0x1c90 [ 584.483817][ T5826] ? rcu_is_watching+0x12/0xc0 [ 584.483843][ T5826] ? ___pte_offset_map+0x2ad/0x4f0 [ 584.483880][ T5826] __handle_mm_fault+0x17d1/0x2aa0 [ 584.483923][ T5826] ? __pfx___handle_mm_fault+0x10/0x10 [ 584.483964][ T5826] ? lock_vma_under_rcu+0x176/0x530 [ 584.484013][ T5826] ? __pfx_lock_vma_under_rcu+0x10/0x10 [ 584.484046][ T5826] ? get_timespec64+0x136/0x1b0 [ 584.484142][ T5826] handle_mm_fault+0x589/0xd10 [ 584.484177][ T5826] ? __pkru_allows_pkey+0x11/0xb0 [ 584.484217][ T5826] do_user_addr_fault+0x60c/0x1370 [ 584.484244][ T5826] ? rcu_is_watching+0x12/0xc0 [ 584.484275][ T5826] exc_page_fault+0x64/0xc0 [ 584.484303][ T5826] asm_exc_page_fault+0x26/0x30 [ 584.484328][ T5826] RIP: 0033:0x7f10b1fc1f88 [ 584.484348][ T5826] Code: 3c 24 48 89 4c 24 18 e8 f6 54 ff ff 4c 8b 54 24 18 48 8b 54 24 10 41 89 c0 8b 74 24 0c 8b 3c 24 b8 e6 00 00 00 0f 05 44 89 c7 <48> 89 04 24 e8 4f 55 ff ff 48 8b 04 24 48 83 c4 28 f7 d8 c3 0f 1f [ 584.484371][ T5826] RSP: 002b:00007ffc1e7545a0 EFLAGS: 00010293 [ 584.484391][ T5826] RAX: 0000000000000000 RBX: 000000000000049b RCX: 00007f10b1fc1f85 [ 584.484407][ T5826] RDX: 00007ffc1e7545e0 RSI: 0000000000000000 RDI: 0000000000000000 [ 584.484422][ T5826] RBP: 00007ffc1e75464c R08: 0000000000000000 R09: 0000000000000000 [ 584.484437][ T5826] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000001388 [ 584.484452][ T5826] R13: 00000000000927c0 R14: 000000000008e798 R15: 00007ffc1e7546a0 [ 584.484490][ T5826] [ 584.484573][ T5826] memory: usage 3072kB, limit 3072kB, failcnt 165488 [ 584.887006][ T5826] memory+swap: usage 7876kB, limit 9007199254740988kB, failcnt 0 [ 584.895907][ T5826] kmem: usage 2488kB, limit 9007199254740988kB, failcnt 0 [ 584.920238][T13869] size and base must be multiples of 4 kiB [ 584.926092][T13869] CPU: 1 UID: 0 PID: 13869 Comm: syz.2.1745 Not tainted syzkaller #0 PREEMPT(full) [ 584.926134][T13869] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 584.926149][T13869] Call Trace: [ 584.926159][T13869] [ 584.926170][T13869] dump_stack_lvl+0x16c/0x1f0 [ 584.926214][T13869] mtrr_del+0xd1/0x110 [ 584.926246][T13869] mtrr_ioctl+0x922/0xcf0 [ 584.926278][T13869] ? __pfx_mtrr_ioctl+0x10/0x10 [ 584.926315][T13869] ? find_held_lock+0x2b/0x80 [ 584.926339][T13869] ? __fget_files+0x20e/0x3c0 [ 584.926354][T13869] ? __pfx_mtrr_ioctl+0x10/0x10 [ 584.926373][T13869] proc_reg_unlocked_ioctl+0x229/0x320 [ 584.926394][T13869] ? __pfx_proc_reg_unlocked_ioctl+0x10/0x10 [ 584.926414][T13869] __x64_sys_ioctl+0x18e/0x210 [ 584.926436][T13869] do_syscall_64+0xcd/0xfa0 [ 584.926453][T13869] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 584.926468][T13869] RIP: 0033:0x7f04e778f6c9 [ 584.926480][T13869] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 584.926494][T13869] RSP: 002b:00007f04e860f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 584.926508][T13869] RAX: ffffffffffffffda RBX: 00007f04e79e6090 RCX: 00007f04e778f6c9 [ 584.926523][T13869] RDX: 0000000000000007 RSI: 0000000040104d04 RDI: 0000000000000003 [ 584.926532][T13869] RBP: 00007f04e7811f91 R08: 0000000000000000 R09: 0000000000000000 [ 584.926541][T13869] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 584.926550][T13869] R13: 00007f04e79e6128 R14: 00007f04e79e6090 R15: 00007ffdc7172908 [ 584.926571][T13869] [ 585.091385][ T5826] Memory cgroup stats for /syz3: [ 585.091555][ T5826] cache 0 [ 585.099441][ T5826] rss 0 [ 585.102633][ T5826] rss_huge 0 [ 585.105842][ T5826] shmem 0 [ 585.108793][ T5826] mapped_file 0 [ 585.112324][ T5826] dirty 0 [ 585.115358][ T5826] writeback 0 [ 585.118647][ T5826] workingset_refault_anon 39564 [ 585.129941][ T5826] workingset_refault_file 27159 [ 585.140125][ T5826] swap 4919296 [ 585.143531][ T5826] swapcached 598016 [ 585.149713][ T5826] pgpgin 279643 [ 585.154593][ T5826] pgpgout 281030 [ 585.163501][ T5826] pgfault 401213 [ 585.168670][ T5826] pgmajfault 15924 [ 585.180592][ T5826] inactive_anon 598016 [ 585.184702][ T5826] active_anon 0 [ 585.188176][ T5826] inactive_file 0 [ 585.192260][ T5826] active_file 0 [ 585.199728][ T5826] unevictable 0 [ 585.203218][ T5826] hierarchical_memory_limit 3145728 [ 585.209792][ T5826] hierarchical_memsw_limit 9223372036854771712 [ 585.215969][ T5826] total_cache 0 [ 585.219471][ T5826] total_rss 0 [ 585.222883][ T5826] total_rss_huge 0 [ 585.226604][ T5826] total_shmem 0 [ 585.230287][ T5826] total_mapped_file 0 [ 585.234287][ T5826] total_dirty 0 [ 585.237757][ T5826] total_writeback 0 [ 585.241711][ T5826] total_workingset_refault_anon 39564 [ 585.247108][ T5826] total_workingset_refault_file 27159 [ 585.252589][ T5826] total_swap 4919296 [ 585.277697][ T5826] total_swapcached 598016 [ 585.299659][ T5826] total_pgpgin 279643 [ 585.311833][ T5826] total_pgpgout 281030 [ 585.315997][ T5826] total_pgfault 401213 [ 585.329438][ T5826] total_pgmajfault 15924 [ 585.343560][ T5826] total_inactive_anon 598016 [ 585.348190][ T5826] total_active_anon 0 [ 585.352689][ T5826] total_inactive_file 0 [ 585.366718][ T5826] total_active_file 0 [ 585.383913][ T5826] total_unevictable 0 [ 585.393381][ T5826] anon_cost 0 [ 585.396685][ T5826] file_cost 0 [ 585.435597][ T5826] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz.3.1737,pid=13831,uid=0 [ 585.472556][ T5826] Memory cgroup out of memory: Killed process 13831 (syz.3.1737) total-vm:110548kB, anon-rss:1268kB, file-rss:26168kB, shmem-rss:0kB, UID:0 pgtables:168kB oom_score_adj:1000 [ 585.975574][ T5843] Bluetooth: hci0: unexpected event 0x35 length: 13 > 6 [ 585.978729][T13883] netlink: 11 bytes leftover after parsing attributes in process `syz.0.1749'. [ 586.348738][T13890] size and base must be multiples of 4 kiB [ 586.362540][T13890] CPU: 0 UID: 0 PID: 13890 Comm: syz.0.1751 Not tainted syzkaller #0 PREEMPT(full) [ 586.362576][T13890] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 586.362591][T13890] Call Trace: [ 586.362602][T13890] [ 586.362612][T13890] dump_stack_lvl+0x16c/0x1f0 [ 586.362649][T13890] mtrr_del+0xd1/0x110 [ 586.362686][T13890] mtrr_ioctl+0x922/0xcf0 [ 586.362724][T13890] ? __pfx_mtrr_ioctl+0x10/0x10 [ 586.362766][T13890] ? irqentry_exit+0x3b/0x90 [ 586.362810][T13890] ? proc_reg_unlocked_ioctl+0x1c4/0x320 [ 586.362847][T13890] ? __pfx_mtrr_ioctl+0x10/0x10 [ 586.362882][T13890] proc_reg_unlocked_ioctl+0x229/0x320 [ 586.362918][T13890] ? __pfx_proc_reg_unlocked_ioctl+0x10/0x10 [ 586.362957][T13890] __x64_sys_ioctl+0x18e/0x210 [ 586.363007][T13890] do_syscall_64+0xcd/0xfa0 [ 586.363040][T13890] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 586.363069][T13890] RIP: 0033:0x7f0eba78f6c9 [ 586.363093][T13890] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 586.363120][T13890] RSP: 002b:00007f0ebb5a4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 586.363154][T13890] RAX: ffffffffffffffda RBX: 00007f0eba9e6180 RCX: 00007f0eba78f6c9 [ 586.363175][T13890] RDX: 0000000000000007 RSI: 0000000040104d04 RDI: 0000000000000003 [ 586.363193][T13890] RBP: 00007f0eba811f91 R08: 0000000000000000 R09: 0000000000000000 [ 586.363211][T13890] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 586.363228][T13890] R13: 00007f0eba9e6218 R14: 00007f0eba9e6180 R15: 00007ffdc869a3f8 [ 586.363267][T13890] [ 587.739298][T13915] size and base must be multiples of 4 kiB [ 587.790066][T13915] CPU: 1 UID: 0 PID: 13915 Comm: syz.2.1757 Not tainted syzkaller #0 PREEMPT(full) [ 587.790101][T13915] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 587.790119][T13915] Call Trace: [ 587.790129][T13915] [ 587.790140][T13915] dump_stack_lvl+0x16c/0x1f0 [ 587.790174][T13915] mtrr_del+0xd1/0x110 [ 587.790211][T13915] mtrr_ioctl+0x922/0xcf0 [ 587.790249][T13915] ? __pfx_mtrr_ioctl+0x10/0x10 [ 587.790289][T13915] ? find_held_lock+0x2b/0x80 [ 587.790322][T13915] ? __fget_files+0x20e/0x3c0 [ 587.790349][T13915] ? __pfx_mtrr_ioctl+0x10/0x10 [ 587.790372][T13915] proc_reg_unlocked_ioctl+0x229/0x320 [ 587.790391][T13915] ? __pfx_proc_reg_unlocked_ioctl+0x10/0x10 [ 587.790412][T13915] __x64_sys_ioctl+0x18e/0x210 [ 587.790433][T13915] do_syscall_64+0xcd/0xfa0 [ 587.790450][T13915] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 587.790464][T13915] RIP: 0033:0x7f04e778f6c9 [ 587.790477][T13915] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 587.790490][T13915] RSP: 002b:00007f04e85ee038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 587.790504][T13915] RAX: ffffffffffffffda RBX: 00007f04e79e6180 RCX: 00007f04e778f6c9 [ 587.790514][T13915] RDX: 0000000000000007 RSI: 0000000040104d04 RDI: 0000000000000003 [ 587.790522][T13915] RBP: 00007f04e7811f91 R08: 0000000000000000 R09: 0000000000000000 [ 587.790531][T13915] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 587.790539][T13915] R13: 00007f04e79e6218 R14: 00007f04e79e6180 R15: 00007ffdc7172908 [ 587.790558][T13915] [ 588.844402][T13892] blktrace: Concurrent blktraces are not allowed on loop2 [ 589.387477][T13928] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 589.486285][T13928] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 589.506610][T13928] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 589.528838][T13928] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 589.917399][T13942] size and base must be multiples of 4 kiB [ 589.958938][T13942] CPU: 1 UID: 0 PID: 13942 Comm: syz.0.1764 Not tainted syzkaller #0 PREEMPT(full) [ 589.958977][T13942] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 589.958994][T13942] Call Trace: [ 589.959004][T13942] [ 589.959015][T13942] dump_stack_lvl+0x16c/0x1f0 [ 589.959052][T13942] mtrr_del+0xd1/0x110 [ 589.959095][T13942] mtrr_ioctl+0x922/0xcf0 [ 589.959133][T13942] ? __pfx_mtrr_ioctl+0x10/0x10 [ 589.959176][T13942] ? find_held_lock+0x2b/0x80 [ 589.959216][T13942] ? __fget_files+0x20e/0x3c0 [ 589.959245][T13942] ? __pfx_mtrr_ioctl+0x10/0x10 [ 589.959282][T13942] proc_reg_unlocked_ioctl+0x229/0x320 [ 589.959320][T13942] ? __pfx_proc_reg_unlocked_ioctl+0x10/0x10 [ 589.959360][T13942] __x64_sys_ioctl+0x18e/0x210 [ 589.959401][T13942] do_syscall_64+0xcd/0xfa0 [ 589.959444][T13942] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 589.959488][T13942] RIP: 0033:0x7f0eba78f6c9 [ 589.959513][T13942] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 589.959539][T13942] RSP: 002b:00007f0ebb5c5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 589.959569][T13942] RAX: ffffffffffffffda RBX: 00007f0eba9e6090 RCX: 00007f0eba78f6c9 [ 589.959585][T13942] RDX: 0000000000000007 RSI: 0000000040104d04 RDI: 0000000000000003 [ 589.959600][T13942] RBP: 00007f0eba811f91 R08: 0000000000000000 R09: 0000000000000000 [ 589.959624][T13942] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 589.959641][T13942] R13: 00007f0eba9e6128 R14: 00007f0eba9e6090 R15: 00007ffdc869a3f8 [ 589.959676][T13942] [ 591.049736][ T5843] Bluetooth: hci2: command 0x0406 tx timeout [ 591.542052][ T5843] Bluetooth: hci0: command 0x0406 tx timeout [ 591.542422][T13674] Bluetooth: hci1: command 0x0406 tx timeout [ 591.548099][ T5843] Bluetooth: hci3: command 0x0406 tx timeout [ 592.573355][T13978] size and base must be multiples of 4 kiB [ 592.645940][T13978] CPU: 0 UID: 0 PID: 13978 Comm: syz.0.1773 Not tainted syzkaller #0 PREEMPT(full) [ 592.645977][T13978] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 592.645995][T13978] Call Trace: [ 592.646006][T13978] [ 592.646018][T13978] dump_stack_lvl+0x16c/0x1f0 [ 592.646056][T13978] mtrr_del+0xd1/0x110 [ 592.646093][T13978] mtrr_ioctl+0x922/0xcf0 [ 592.646131][T13978] ? __pfx_mtrr_ioctl+0x10/0x10 [ 592.646176][T13978] ? find_held_lock+0x2b/0x80 [ 592.646215][T13978] ? __fget_files+0x20e/0x3c0 [ 592.646244][T13978] ? __pfx_mtrr_ioctl+0x10/0x10 [ 592.646281][T13978] proc_reg_unlocked_ioctl+0x229/0x320 [ 592.646316][T13978] ? __pfx_proc_reg_unlocked_ioctl+0x10/0x10 [ 592.646357][T13978] __x64_sys_ioctl+0x18e/0x210 [ 592.646398][T13978] do_syscall_64+0xcd/0xfa0 [ 592.646425][T13978] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 592.646451][T13978] RIP: 0033:0x7f0eba78f6c9 [ 592.646481][T13978] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 592.646508][T13978] RSP: 002b:00007f0ebb5c5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 592.646534][T13978] RAX: ffffffffffffffda RBX: 00007f0eba9e6090 RCX: 00007f0eba78f6c9 [ 592.646551][T13978] RDX: 0000000000000007 RSI: 0000000040104d04 RDI: 0000000000000003 [ 592.646567][T13978] RBP: 00007f0eba811f91 R08: 0000000000000000 R09: 0000000000000000 [ 592.646584][T13978] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 592.646601][T13978] R13: 00007f0eba9e6128 R14: 00007f0eba9e6090 R15: 00007ffdc869a3f8 [ 592.646640][T13978] [ 593.237507][T13975] blktrace: Concurrent blktraces are not allowed on loop2 [ 593.740360][ T5843] Bluetooth: hci1: unexpected event 0x35 length: 13 > 6 [ 593.744276][T13990] netlink: 11 bytes leftover after parsing attributes in process `syz.3.1775'. [ 594.001861][T13985] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 594.008731][T13985] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 594.019001][T13985] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 594.050470][T13985] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 594.312740][T14006] ptrace attach of "./syz-executor exec"[5828] was attempted by ""[14006] [ 595.849977][ T5843] Bluetooth: hci2: command 0x0406 tx timeout [ 596.013611][T14015] size and base must be multiples of 4 kiB [ 596.019431][T14015] CPU: 0 UID: 0 PID: 14015 Comm: syz.0.1783 Not tainted syzkaller #0 PREEMPT(full) [ 596.019461][T14015] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 596.019471][T14015] Call Trace: [ 596.019477][T14015] [ 596.019484][T14015] dump_stack_lvl+0x16c/0x1f0 [ 596.019505][T14015] mtrr_del+0xd1/0x110 [ 596.019526][T14015] mtrr_ioctl+0x922/0xcf0 [ 596.019552][T14015] ? __pfx_mtrr_ioctl+0x10/0x10 [ 596.019588][T14015] ? find_held_lock+0x2b/0x80 [ 596.019619][T14015] ? __fget_files+0x20e/0x3c0 [ 596.019643][T14015] ? __pfx_mtrr_ioctl+0x10/0x10 [ 596.019674][T14015] proc_reg_unlocked_ioctl+0x229/0x320 [ 596.019707][T14015] ? __pfx_proc_reg_unlocked_ioctl+0x10/0x10 [ 596.019734][T14015] __x64_sys_ioctl+0x18e/0x210 [ 596.019756][T14015] do_syscall_64+0xcd/0xfa0 [ 596.019774][T14015] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 596.019789][T14015] RIP: 0033:0x7f0eba78f6c9 [ 596.019801][T14015] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 596.019815][T14015] RSP: 002b:00007f0ebb5c5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 596.019829][T14015] RAX: ffffffffffffffda RBX: 00007f0eba9e6090 RCX: 00007f0eba78f6c9 [ 596.019839][T14015] RDX: 0000000000000007 RSI: 0000000040104d04 RDI: 0000000000000003 [ 596.019847][T14015] RBP: 00007f0eba811f91 R08: 0000000000000000 R09: 0000000000000000 [ 596.019855][T14015] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 596.019864][T14015] R13: 00007f0eba9e6128 R14: 00007f0eba9e6090 R15: 00007ffdc869a3f8 [ 596.019884][T14015] [ 596.369363][ T5843] Bluetooth: hci0: command 0x0406 tx timeout [ 596.375589][ T5843] Bluetooth: hci1: command 0x0406 tx timeout [ 596.381759][ T5831] Bluetooth: hci3: command 0x0406 tx timeout [ 596.950661][T13674] Bluetooth: hci0: unexpected event 0x35 length: 13 > 6 [ 596.963166][T14029] netlink: 11 bytes leftover after parsing attributes in process `syz.0.1786'. [ 598.604836][T14047] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 598.614183][T14047] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 598.643976][T14047] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 598.669530][T14047] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 599.674202][T14066] dmxdev: DVB (dvb_dmxdev_filter_start): could not set feed [ 599.687946][T14066] dvb_demux: dvb_demux_feed_del: feed not in list (type=1 state=0 pid=ffff) [ 600.037167][T14066] blktrace: Concurrent blktraces are not allowed on loop2 [ 600.329740][T13674] Bluetooth: hci2: command 0x0406 tx timeout [ 600.392217][T13674] Bluetooth: hci0: unexpected event 0x35 length: 13 > 6 [ 600.404932][T14070] netlink: 11 bytes leftover after parsing attributes in process `syz.0.1796'. [ 600.659155][T13674] Bluetooth: hci1: command 0x0406 tx timeout [ 600.665397][ T5831] Bluetooth: hci3: command 0x0406 tx timeout [ 600.729998][T13674] Bluetooth: hci0: command 0x0406 tx timeout [ 600.854869][T14039] syz.3.1788 invoked oom-killer: gfp_mask=0x400cc0(GFP_KERNEL_ACCOUNT), order=1, oom_score_adj=1000 [ 600.878868][T14039] CPU: 1 UID: 0 PID: 14039 Comm: syz.3.1788 Not tainted syzkaller #0 PREEMPT(full) [ 600.878915][T14039] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 600.878933][T14039] Call Trace: [ 600.878943][T14039] [ 600.878954][T14039] dump_stack_lvl+0x16c/0x1f0 [ 600.878992][T14039] dump_header+0x101/0x930 [ 600.879026][T14039] oom_kill_process+0x272/0xa40 [ 600.879059][T14039] out_of_memory+0x350/0x1700 [ 600.879095][T14039] ? __pfx_out_of_memory+0x10/0x10 [ 600.879131][T14039] mem_cgroup_out_of_memory+0x118/0x130 [ 600.879172][T14039] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 600.879216][T14039] ? do_raw_spin_unlock+0x172/0x230 [ 600.879244][T14039] try_charge_memcg+0x695/0xd30 [ 600.879266][T14039] ? __pfx_try_charge_memcg+0x10/0x10 [ 600.879284][T14039] ? find_held_lock+0x2b/0x80 [ 600.879299][T14039] ? rcu_read_unlock+0x17/0x60 [ 600.879324][T14039] obj_cgroup_charge_account+0x292/0x500 [ 600.879346][T14039] __memcg_slab_post_alloc_hook+0x2ea/0x940 [ 600.879369][T14039] ? kasan_unpoison+0x27/0x60 [ 600.879387][T14039] __kmalloc_node_track_caller_noprof+0x698/0x8a0 [ 600.879407][T14039] ? neigh_sysctl_register+0xb2/0x670 [ 600.879426][T14039] ? kmemdup_noprof+0x29/0x60 [ 600.879440][T14039] kmemdup_noprof+0x29/0x60 [ 600.879456][T14039] neigh_sysctl_register+0xb2/0x670 [ 600.879469][T14039] ? __pfx_ndisc_ifinfo_sysctl_change+0x10/0x10 [ 600.879498][T14039] ? __pfx___debug_object_init+0x10/0x10 [ 600.879517][T14039] ? __pfx_neigh_sysctl_register+0x10/0x10 [ 600.879536][T14039] ? lockdep_init_map_type+0x5c/0x280 [ 600.879568][T14039] ? mld_in_v1_mode+0x2b2/0x3a0 [ 600.879606][T14039] addrconf_sysctl_register+0xb9/0x1f0 [ 600.879638][T14039] ipv6_add_dev+0xb31/0x15f0 [ 600.879674][T14039] addrconf_notify+0x53e/0x19e0 [ 600.879711][T14039] ? ip6mr_device_event+0x1bc/0x230 [ 600.879757][T14039] notifier_call_chain+0xbc/0x410 [ 600.879790][T14039] ? __pfx_addrconf_notify+0x10/0x10 [ 600.879816][T14039] call_netdevice_notifiers_info+0xbe/0x140 [ 600.879837][T14039] register_netdevice+0x182e/0x2270 [ 600.879857][T14039] ? __pfx_register_netdevice+0x10/0x10 [ 600.879874][T14039] ? net_generic+0xea/0x2a0 [ 600.879905][T14039] register_netdev+0x34/0x50 [ 600.879921][T14039] vti6_init_net+0x28f/0x490 [ 600.879941][T14039] ? __pfx_vti6_init_net+0x10/0x10 [ 600.879960][T14039] ops_init+0x1e2/0x5f0 [ 600.879978][T14039] setup_net+0x100/0x390 [ 600.879993][T14039] ? __pfx_setup_net+0x10/0x10 [ 600.880009][T14039] ? debug_mutex_init+0x37/0x70 [ 600.880027][T14039] copy_net_ns+0x2f8/0x690 [ 600.880046][T14039] create_new_namespaces+0x3ea/0xa90 [ 600.880067][T14039] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 600.880086][T14039] ksys_unshare+0x45b/0xa40 [ 600.880106][T14039] ? __pfx_ksys_unshare+0x10/0x10 [ 600.880126][T14039] ? xfd_validate_state+0x61/0x180 [ 600.880156][T14039] __x64_sys_unshare+0x31/0x40 [ 600.880174][T14039] do_syscall_64+0xcd/0xfa0 [ 600.880193][T14039] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 600.880219][T14039] RIP: 0033:0x7f10b1f8f6c9 [ 600.880241][T14039] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 600.880267][T14039] RSP: 002b:00007f10b2ee6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 600.880292][T14039] RAX: ffffffffffffffda RBX: 00007f10b21e5fa0 RCX: 00007f10b1f8f6c9 [ 600.880310][T14039] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 600.880326][T14039] RBP: 00007f10b2011f91 R08: 0000000000000000 R09: 0000000000000000 [ 600.880343][T14039] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 600.880359][T14039] R13: 00007f10b21e6038 R14: 00007f10b21e5fa0 R15: 00007ffc1e754288 [ 600.880395][T14039] [ 601.629957][T14039] memory: usage 3068kB, limit 3072kB, failcnt 171882 [ 601.636681][T14039] memory+swap: usage 7884kB, limit 9007199254740988kB, failcnt 0 [ 601.690634][T14039] kmem: usage 2476kB, limit 9007199254740988kB, failcnt 0 [ 601.697795][T14039] Memory cgroup stats for /syz3: [ 601.697983][T14039] cache 0 [ 601.739511][T14039] rss 4096 [ 601.774913][T14039] rss_huge 0 [ 601.780319][T14039] shmem 0 [ 601.783391][T14039] mapped_file 0 [ 601.787123][T14039] dirty 0 [ 601.790637][T14039] writeback 0 [ 601.800366][T14075] size and base must be multiples of 4 kiB [ 601.806223][T14075] CPU: 1 UID: 0 PID: 14075 Comm: syz.0.1798 Not tainted syzkaller #0 PREEMPT(full) [ 601.806245][T14075] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 601.806256][T14075] Call Trace: [ 601.806264][T14075] [ 601.806271][T14075] dump_stack_lvl+0x16c/0x1f0 [ 601.806292][T14075] mtrr_del+0xd1/0x110 [ 601.806312][T14075] mtrr_ioctl+0x922/0xcf0 [ 601.806333][T14075] ? __pfx_mtrr_ioctl+0x10/0x10 [ 601.806357][T14075] ? find_held_lock+0x2b/0x80 [ 601.806377][T14075] ? __fget_files+0x20e/0x3c0 [ 601.806392][T14075] ? __pfx_mtrr_ioctl+0x10/0x10 [ 601.806411][T14075] proc_reg_unlocked_ioctl+0x229/0x320 [ 601.806429][T14075] ? __pfx_proc_reg_unlocked_ioctl+0x10/0x10 [ 601.806450][T14075] __x64_sys_ioctl+0x18e/0x210 [ 601.806471][T14075] do_syscall_64+0xcd/0xfa0 [ 601.806488][T14075] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 601.806503][T14075] RIP: 0033:0x7f0eba78f6c9 [ 601.806516][T14075] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 601.806529][T14075] RSP: 002b:00007f0ebb5c5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 601.806544][T14075] RAX: ffffffffffffffda RBX: 00007f0eba9e6090 RCX: 00007f0eba78f6c9 [ 601.806554][T14075] RDX: 0000000000000007 RSI: 0000000040104d04 RDI: 0000000000000003 [ 601.806563][T14075] RBP: 00007f0eba811f91 R08: 0000000000000000 R09: 0000000000000000 [ 601.806572][T14075] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 601.806581][T14075] R13: 00007f0eba9e6128 R14: 00007f0eba9e6090 R15: 00007ffdc869a3f8 [ 601.806600][T14075] [ 601.809050][T14039] workingset_refault_anon 41733 [ 601.979854][T14039] workingset_refault_file 27159 [ 601.986619][T14039] swap 4927488 [ 601.992371][T14039] swapcached 577536 [ 602.008761][T14039] pgpgin 289472 [ 602.014194][T14039] pgpgout 290864 [ 602.017974][T14039] pgfault 411802 [ 602.021859][T14039] pgmajfault 17038 [ 602.025750][T14039] inactive_anon 573440 [ 602.030207][T14039] active_anon 0 [ 602.033781][T14039] inactive_file 0 [ 602.052911][T14039] active_file 0 [ 602.057869][T14039] unevictable 0 [ 602.061720][T14039] hierarchical_memory_limit 3145728 [ 602.067073][T14039] hierarchical_memsw_limit 9223372036854771712 [ 602.073587][T14039] total_cache 0 [ 602.077217][T14039] total_rss 4096 [ 602.082064][T14039] total_rss_huge 0 [ 602.086604][T14039] total_shmem 0 [ 602.090577][T14039] total_mapped_file 0 [ 602.094662][T14039] total_dirty 0 [ 602.098198][T14039] total_writeback 0 [ 602.102851][T14039] total_workingset_refault_anon 41733 [ 602.109135][T14039] total_workingset_refault_file 27159 [ 602.114953][T14039] total_swap 4927488 [ 602.119914][T14039] total_swapcached 577536 [ 602.126933][T14039] total_pgpgin 289472 [ 602.131366][T14039] total_pgpgout 290864 [ 602.139937][T14039] total_pgfault 411802 [ 602.152240][T14039] total_pgmajfault 17038 [ 602.162338][T14039] total_inactive_anon 573440 [ 602.166972][T14039] total_active_anon 0 [ 602.180867][T14039] total_inactive_file 0 [ 602.185110][T14039] total_active_file 0 [ 602.189110][T14039] total_unevictable 0 [ 602.194370][T14039] anon_cost 0 [ 602.197682][T14039] file_cost 0 [ 602.201297][T14039] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz.3.1788,pid=14038,uid=0 [ 602.216828][T14039] Memory cgroup out of memory: Killed process 14039 (syz.3.1788) total-vm:106180kB, anon-rss:1140kB, file-rss:22472kB, shmem-rss:0kB, UID:0 pgtables:156kB oom_score_adj:1000 [ 603.091447][T14089] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 603.099216][T14089] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 603.107967][T14089] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 603.124386][T14089] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 603.538607][ T5831] Bluetooth: hci3: unexpected event 0x35 length: 13 > 6 [ 603.550864][T14110] netlink: 11 bytes leftover after parsing attributes in process `syz.1.1806'. [ 604.133522][T14114] vcan0: tx drop: invalid sa for name 0x00000000000000fd [ 604.143085][T14114] vcan0: tx drop: invalid sa for name 0x00000000000000fd [ 604.499798][T14101] blktrace: Concurrent blktraces are not allowed on loop2 [ 604.569706][ T5831] Bluetooth: hci2: command 0x0406 tx timeout [ 605.129754][ T5831] Bluetooth: hci0: command 0x0406 tx timeout [ 605.135934][ T5831] Bluetooth: hci1: command 0x0406 tx timeout [ 605.142281][T13674] Bluetooth: hci3: command 0x0406 tx timeout [ 605.364159][T14135] ptrace attach of "./syz-executor exec"[5827] was attempted by ""[14135] [ 606.620362][T14141] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 606.627489][T14141] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 606.647775][T14141] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 606.677101][T14141] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 607.512475][ T5843] Bluetooth: hci0: unexpected event 0x35 length: 13 > 6 [ 607.517033][T14160] netlink: 11 bytes leftover after parsing attributes in process `syz.0.1816'. [ 607.745289][T14166] dmxdev: DVB (dvb_dmxdev_filter_start): could not set feed [ 607.754189][T14166] dvb_demux: dvb_demux_feed_del: feed not in list (type=1 state=0 pid=ffff) [ 607.962035][T14166] blktrace: Concurrent blktraces are not allowed on loop2 [ 608.249665][ T5843] Bluetooth: hci2: command 0x0406 tx timeout [ 608.393884][T14181] size and base must be multiples of 4 kiB [ 608.401390][T14181] CPU: 1 UID: 0 PID: 14181 Comm: syz.0.1823 Not tainted syzkaller #0 PREEMPT(full) [ 608.401425][T14181] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 608.401439][T14181] Call Trace: [ 608.401447][T14181] [ 608.401455][T14181] dump_stack_lvl+0x16c/0x1f0 [ 608.401490][T14181] mtrr_del+0xd1/0x110 [ 608.401525][T14181] mtrr_ioctl+0x922/0xcf0 [ 608.401558][T14181] ? __pfx_mtrr_ioctl+0x10/0x10 [ 608.401603][T14181] ? find_held_lock+0x2b/0x80 [ 608.401640][T14181] ? __fget_files+0x20e/0x3c0 [ 608.401670][T14181] ? __pfx_mtrr_ioctl+0x10/0x10 [ 608.401705][T14181] proc_reg_unlocked_ioctl+0x229/0x320 [ 608.401741][T14181] ? __pfx_proc_reg_unlocked_ioctl+0x10/0x10 [ 608.401780][T14181] __x64_sys_ioctl+0x18e/0x210 [ 608.401822][T14181] do_syscall_64+0xcd/0xfa0 [ 608.401855][T14181] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 608.401882][T14181] RIP: 0033:0x7f0eba78f6c9 [ 608.401905][T14181] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 608.401931][T14181] RSP: 002b:00007f0ebb5a4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 608.401958][T14181] RAX: ffffffffffffffda RBX: 00007f0eba9e6180 RCX: 00007f0eba78f6c9 [ 608.401977][T14181] RDX: 0000000000000007 RSI: 0000000040104d04 RDI: 0000000000000003 [ 608.401994][T14181] RBP: 00007f0eba811f91 R08: 0000000000000000 R09: 0000000000000000 [ 608.402012][T14181] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 608.402029][T14181] R13: 00007f0eba9e6218 R14: 00007f0eba9e6180 R15: 00007ffdc869a3f8 [ 608.402067][T14181] [ 608.678517][ T5843] Bluetooth: hci1: command 0x0406 tx timeout [ 608.705183][ T5831] Bluetooth: hci3: command 0x0406 tx timeout [ 608.731730][ T5843] Bluetooth: hci0: command 0x0406 tx timeout [ 609.043375][T14183] zswap: compressor 000 not available [ 609.330888][T14194] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1827'. [ 609.356257][T14190] size and base must be multiples of 4 kiB [ 609.367164][T14190] CPU: 0 UID: 0 PID: 14190 Comm: syz.3.1825 Not tainted syzkaller #0 PREEMPT(full) [ 609.367186][T14190] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 609.367196][T14190] Call Trace: [ 609.367203][T14190] [ 609.367210][T14190] dump_stack_lvl+0x16c/0x1f0 [ 609.367232][T14190] mtrr_del+0xd1/0x110 [ 609.367252][T14190] mtrr_ioctl+0x922/0xcf0 [ 609.367361][T14190] ? __pfx_mtrr_ioctl+0x10/0x10 [ 609.367384][T14190] ? find_held_lock+0x2b/0x80 [ 609.367404][T14190] ? __fget_files+0x20e/0x3c0 [ 609.367419][T14190] ? __pfx_mtrr_ioctl+0x10/0x10 [ 609.367438][T14190] proc_reg_unlocked_ioctl+0x229/0x320 [ 609.367456][T14190] ? __pfx_proc_reg_unlocked_ioctl+0x10/0x10 [ 609.367477][T14190] __x64_sys_ioctl+0x18e/0x210 [ 609.367497][T14190] do_syscall_64+0xcd/0xfa0 [ 609.367518][T14190] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 609.367538][T14190] RIP: 0033:0x7f10b1f8f6c9 [ 609.367550][T14190] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 609.367564][T14190] RSP: 002b:00007f10b2ec5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 609.367579][T14190] RAX: ffffffffffffffda RBX: 00007f10b21e6090 RCX: 00007f10b1f8f6c9 [ 609.367589][T14190] RDX: 0000000000000007 RSI: 0000000040104d04 RDI: 0000000000000003 [ 609.367598][T14190] RBP: 00007f10b2011f91 R08: 0000000000000000 R09: 0000000000000000 [ 609.367607][T14190] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 609.367616][T14190] R13: 00007f10b21e6128 R14: 00007f10b21e6090 R15: 00007ffc1e754288 [ 609.367636][T14190] [ 610.000543][T14196] zswap: compressor 000 not available [ 611.693204][T14237] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1837'. [ 612.766222][T14247] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 612.775067][T14247] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 612.809931][T14247] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 612.864685][T14247] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 613.397849][T14254] size and base must be multiples of 4 kiB [ 613.404624][T14254] CPU: 0 UID: 0 PID: 14254 Comm: syz.3.1840 Not tainted syzkaller #0 PREEMPT(full) [ 613.404660][T14254] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 613.404677][T14254] Call Trace: [ 613.404686][T14254] [ 613.404697][T14254] dump_stack_lvl+0x16c/0x1f0 [ 613.404733][T14254] mtrr_del+0xd1/0x110 [ 613.404778][T14254] mtrr_ioctl+0x922/0xcf0 [ 613.404815][T14254] ? __pfx_mtrr_ioctl+0x10/0x10 [ 613.404859][T14254] ? find_held_lock+0x2b/0x80 [ 613.404898][T14254] ? __fget_files+0x20e/0x3c0 [ 613.404935][T14254] ? __pfx_mtrr_ioctl+0x10/0x10 [ 613.404979][T14254] proc_reg_unlocked_ioctl+0x229/0x320 [ 613.405016][T14254] ? __pfx_proc_reg_unlocked_ioctl+0x10/0x10 [ 613.405067][T14254] __x64_sys_ioctl+0x18e/0x210 [ 613.405117][T14254] do_syscall_64+0xcd/0xfa0 [ 613.405151][T14254] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 613.405180][T14254] RIP: 0033:0x7f10b1f8f6c9 [ 613.405202][T14254] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 613.405230][T14254] RSP: 002b:00007f10b2ec5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 613.405257][T14254] RAX: ffffffffffffffda RBX: 00007f10b21e6090 RCX: 00007f10b1f8f6c9 [ 613.405276][T14254] RDX: 0000000000000007 RSI: 0000000040104d04 RDI: 0000000000000003 [ 613.405294][T14254] RBP: 00007f10b2011f91 R08: 0000000000000000 R09: 0000000000000000 [ 613.405312][T14254] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 613.405328][T14254] R13: 00007f10b21e6128 R14: 00007f10b21e6090 R15: 00007ffc1e754288 [ 613.405366][T14254] [ 614.126650][T14268] zswap: compressor 000 not available [ 614.409834][ T5843] Bluetooth: hci2: command 0x0406 tx timeout [ 614.497893][T14285] ptrace attach of "./syz-executor exec"[5825] was attempted by ""[14285] [ 614.809736][ T5843] Bluetooth: hci3: command 0x0406 tx timeout [ 614.890165][ T5843] Bluetooth: hci0: command 0x0406 tx timeout [ 614.890177][ T5831] Bluetooth: hci1: command 0x0406 tx timeout [ 615.568840][T14293] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 615.584654][T14293] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 615.593765][T14293] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 615.603083][T14293] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 616.013922][T14308] size and base must be multiples of 4 kiB [ 616.030956][T14308] CPU: 1 UID: 0 PID: 14308 Comm: syz.2.1852 Not tainted syzkaller #0 PREEMPT(full) [ 616.030993][T14308] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 616.031010][T14308] Call Trace: [ 616.031020][T14308] [ 616.031031][T14308] dump_stack_lvl+0x16c/0x1f0 [ 616.031067][T14308] mtrr_del+0xd1/0x110 [ 616.031105][T14308] mtrr_ioctl+0x922/0xcf0 [ 616.031139][T14308] ? __pfx_mtrr_ioctl+0x10/0x10 [ 616.031178][T14308] ? find_held_lock+0x2b/0x80 [ 616.031214][T14308] ? __fget_files+0x20e/0x3c0 [ 616.031240][T14308] ? __pfx_mtrr_ioctl+0x10/0x10 [ 616.031275][T14308] proc_reg_unlocked_ioctl+0x229/0x320 [ 616.031311][T14308] ? __pfx_proc_reg_unlocked_ioctl+0x10/0x10 [ 616.031350][T14308] __x64_sys_ioctl+0x18e/0x210 [ 616.031392][T14308] do_syscall_64+0xcd/0xfa0 [ 616.031424][T14308] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 616.031452][T14308] RIP: 0033:0x7f04e778f6c9 [ 616.031473][T14308] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 616.031500][T14308] RSP: 002b:00007f04e860f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 616.031526][T14308] RAX: ffffffffffffffda RBX: 00007f04e79e6090 RCX: 00007f04e778f6c9 [ 616.031544][T14308] RDX: 0000000000000007 RSI: 0000000040104d04 RDI: 0000000000000003 [ 616.031561][T14308] RBP: 00007f04e7811f91 R08: 0000000000000000 R09: 0000000000000000 [ 616.031578][T14308] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 616.031594][T14308] R13: 00007f04e79e6128 R14: 00007f04e79e6090 R15: 00007ffdc7172908 [ 616.031631][T14308] [ 616.667048][T14320] zswap: compressor 000 not available [ 616.824818][T14328] ptrace attach of "./syz-executor exec"[5828] was attempted by ""[14328] [ 617.055358][ T5843] Bluetooth: hci2: command 0x0406 tx timeout [ 617.610133][ T5843] Bluetooth: hci0: command 0x0406 tx timeout [ 617.610169][ T5831] Bluetooth: hci1: command 0x0406 tx timeout [ 617.616283][T13674] Bluetooth: hci3: command 0x0406 tx timeout [ 617.877531][T13674] Bluetooth: hci2: unexpected event 0x35 length: 13 > 6 [ 617.878452][T14333] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 617.880926][T14341] netlink: 11 bytes leftover after parsing attributes in process `syz.2.1860'. [ 617.919970][T14333] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 617.930488][T14333] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 617.945246][T14333] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 618.437920][T14348] FAULT_INJECTION: forcing a failure. [ 618.437920][T14348] name fail_futex, interval 1, probability 0, space 0, times 0 [ 618.481093][T14348] CPU: 0 UID: 0 PID: 14348 Comm: syz.2.1861 Not tainted syzkaller #0 PREEMPT(full) [ 618.481127][T14348] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 618.481143][T14348] Call Trace: [ 618.481152][T14348] [ 618.481163][T14348] dump_stack_lvl+0x16c/0x1f0 [ 618.481196][T14348] should_fail_ex+0x512/0x640 [ 618.481237][T14348] get_futex_key+0x293/0x1560 [ 618.481270][T14348] ? __pfx_get_futex_key+0x10/0x10 [ 618.481300][T14348] ? __mutex_trylock_common+0xe9/0x250 [ 618.481344][T14348] futex_wake+0xea/0x530 [ 618.481385][T14348] ? __pfx_futex_wake+0x10/0x10 [ 618.481420][T14348] ? __lock_acquire+0xb8a/0x1c90 [ 618.481467][T14348] do_futex+0x1e3/0x350 [ 618.481502][T14348] ? __pfx_do_futex+0x10/0x10 [ 618.481533][T14348] ? __might_fault+0xe3/0x190 [ 618.481570][T14348] mm_release+0x24e/0x300 [ 618.481599][T14348] do_exit+0x68e/0x2bf0 [ 618.481636][T14348] ? __pfx_do_exit+0x10/0x10 [ 618.481670][T14348] ? do_raw_spin_lock+0x12c/0x2b0 [ 618.481707][T14348] ? find_held_lock+0x2b/0x80 [ 618.481747][T14348] do_group_exit+0xd3/0x2a0 [ 618.481785][T14348] get_signal+0x2671/0x26d0 [ 618.481828][T14348] ? __pfx_get_signal+0x10/0x10 [ 618.481858][T14348] ? do_futex+0x122/0x350 [ 618.481891][T14348] ? __pfx_do_futex+0x10/0x10 [ 618.481927][T14348] arch_do_signal_or_restart+0x8f/0x790 [ 618.481962][T14348] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 618.482003][T14348] ? xfd_validate_state+0x61/0x180 [ 618.482037][T14348] ? __pfx___do_sys_close_range+0x10/0x10 [ 618.482072][T14348] exit_to_user_mode_loop+0x85/0x130 [ 618.482111][T14348] do_syscall_64+0x426/0xfa0 [ 618.482143][T14348] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 618.482169][T14348] RIP: 0033:0x7f04e778f6c9 [ 618.482190][T14348] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 618.482215][T14348] RSP: 002b:00007f04e85ee0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 618.482241][T14348] RAX: fffffffffffffe00 RBX: 00007f04e79e6188 RCX: 00007f04e778f6c9 [ 618.482259][T14348] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f04e79e6188 [ 618.482276][T14348] RBP: 00007f04e79e6180 R08: 0000000000000000 R09: 0000000000000000 [ 618.482293][T14348] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 618.482310][T14348] R13: 00007f04e79e6218 R14: 00007ffdc7172820 R15: 00007ffdc7172908 [ 618.482347][T14348] [ 619.039977][T14346] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 619.046287][T14346] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 619.062399][T14346] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 619.077495][T14346] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 620.218446][T14368] size and base must be multiples of 4 kiB [ 620.224591][T14368] CPU: 1 UID: 0 PID: 14368 Comm: syz.3.1866 Not tainted syzkaller #0 PREEMPT(full) [ 620.224629][T14368] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 620.224647][T14368] Call Trace: [ 620.224656][T14368] [ 620.224667][T14368] dump_stack_lvl+0x16c/0x1f0 [ 620.224702][T14368] mtrr_del+0xd1/0x110 [ 620.224748][T14368] mtrr_ioctl+0x922/0xcf0 [ 620.224787][T14368] ? __pfx_mtrr_ioctl+0x10/0x10 [ 620.224832][T14368] ? find_held_lock+0x2b/0x80 [ 620.224870][T14368] ? __fget_files+0x20e/0x3c0 [ 620.224900][T14368] ? __pfx_mtrr_ioctl+0x10/0x10 [ 620.224935][T14368] proc_reg_unlocked_ioctl+0x229/0x320 [ 620.224971][T14368] ? __pfx_proc_reg_unlocked_ioctl+0x10/0x10 [ 620.225011][T14368] __x64_sys_ioctl+0x18e/0x210 [ 620.225053][T14368] do_syscall_64+0xcd/0xfa0 [ 620.225084][T14368] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 620.225109][T14368] RIP: 0033:0x7f10b1f8f6c9 [ 620.225130][T14368] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 620.225157][T14368] RSP: 002b:00007f10b2ec5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 620.225183][T14368] RAX: ffffffffffffffda RBX: 00007f10b21e6090 RCX: 00007f10b1f8f6c9 [ 620.225201][T14368] RDX: 0000000000000007 RSI: 0000000040104d04 RDI: 0000000000000003 [ 620.225218][T14368] RBP: 00007f10b2011f91 R08: 0000000000000000 R09: 0000000000000000 [ 620.225233][T14368] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 620.225246][T14368] R13: 00007f10b21e6128 R14: 00007f10b21e6090 R15: 00007ffc1e754288 [ 620.225283][T14368] [ 620.726046][T14373] zswap: compressor 000 not available [ 621.049665][ T5843] Bluetooth: hci2: command 0x0406 tx timeout [ 621.090921][T14387] size and base must be multiples of 4 kiB [ 621.096861][T14387] CPU: 1 UID: 0 PID: 14387 Comm: syz.3.1869 Not tainted syzkaller #0 PREEMPT(full) [ 621.096896][T14387] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 621.096912][T14387] Call Trace: [ 621.096921][T14387] [ 621.096932][T14387] dump_stack_lvl+0x16c/0x1f0 [ 621.096967][T14387] mtrr_del+0xd1/0x110 [ 621.097004][T14387] mtrr_ioctl+0x922/0xcf0 [ 621.097037][T14387] ? __pfx_mtrr_ioctl+0x10/0x10 [ 621.097064][T14387] ? find_held_lock+0x2b/0x80 [ 621.097083][T14387] ? __fget_files+0x20e/0x3c0 [ 621.097098][T14387] ? __pfx_mtrr_ioctl+0x10/0x10 [ 621.097116][T14387] proc_reg_unlocked_ioctl+0x229/0x320 [ 621.097135][T14387] ? __pfx_proc_reg_unlocked_ioctl+0x10/0x10 [ 621.097155][T14387] __x64_sys_ioctl+0x18e/0x210 [ 621.097176][T14387] do_syscall_64+0xcd/0xfa0 [ 621.097194][T14387] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 621.097208][T14387] RIP: 0033:0x7f10b1f8f6c9 [ 621.097220][T14387] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 621.097234][T14387] RSP: 002b:00007f10b2ec5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 621.097249][T14387] RAX: ffffffffffffffda RBX: 00007f10b21e6090 RCX: 00007f10b1f8f6c9 [ 621.097258][T14387] RDX: 0000000000000007 RSI: 0000000040104d04 RDI: 0000000000000003 [ 621.097267][T14387] RBP: 00007f10b2011f91 R08: 0000000000000000 R09: 0000000000000000 [ 621.097281][T14387] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 621.097290][T14387] R13: 00007f10b21e6128 R14: 00007f10b21e6090 R15: 00007ffc1e754288 [ 621.097314][T14387] [ 621.269988][ T5843] Bluetooth: hci0: command 0x0406 tx timeout [ 621.276266][ T5843] Bluetooth: hci1: command 0x0406 tx timeout [ 621.276292][T13674] Bluetooth: hci3: command 0x0406 tx timeout [ 623.805127][T14424] size and base must be multiples of 4 kiB [ 623.817803][T14424] CPU: 1 UID: 0 PID: 14424 Comm: syz.0.1878 Not tainted syzkaller #0 PREEMPT(full) [ 623.817841][T14424] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 623.817859][T14424] Call Trace: [ 623.817867][T14424] [ 623.817877][T14424] dump_stack_lvl+0x16c/0x1f0 [ 623.817914][T14424] mtrr_del+0xd1/0x110 [ 623.817951][T14424] mtrr_ioctl+0x922/0xcf0 [ 623.817988][T14424] ? __pfx_mtrr_ioctl+0x10/0x10 [ 623.818032][T14424] ? find_held_lock+0x2b/0x80 [ 623.818070][T14424] ? __fget_files+0x20e/0x3c0 [ 623.818098][T14424] ? __pfx_mtrr_ioctl+0x10/0x10 [ 623.818134][T14424] proc_reg_unlocked_ioctl+0x229/0x320 [ 623.818169][T14424] ? __pfx_proc_reg_unlocked_ioctl+0x10/0x10 [ 623.818208][T14424] __x64_sys_ioctl+0x18e/0x210 [ 623.818262][T14424] do_syscall_64+0xcd/0xfa0 [ 623.818298][T14424] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 623.818326][T14424] RIP: 0033:0x7f0eba78f6c9 [ 623.818349][T14424] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 623.818376][T14424] RSP: 002b:00007f0ebb5c5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 623.818402][T14424] RAX: ffffffffffffffda RBX: 00007f0eba9e6090 RCX: 00007f0eba78f6c9 [ 623.818421][T14424] RDX: 0000000000000007 RSI: 0000000040104d04 RDI: 0000000000000003 [ 623.818438][T14424] RBP: 00007f0eba811f91 R08: 0000000000000000 R09: 0000000000000000 [ 623.818455][T14424] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 623.818472][T14424] R13: 00007f0eba9e6128 R14: 00007f0eba9e6090 R15: 00007ffdc869a3f8 [ 623.818509][T14424] [ 624.441441][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.449030][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 624.937155][T14431] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1880'. [ 626.743172][T14463] ptrace attach of "./syz-executor exec"[5828] was attempted by ""[14463] [ 627.723471][T14466] syz.2.1888 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000 [ 627.781609][T14466] CPU: 0 UID: 0 PID: 14466 Comm: syz.2.1888 Not tainted syzkaller #0 PREEMPT(full) [ 627.781647][T14466] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 627.781663][T14466] Call Trace: [ 627.781672][T14466] [ 627.781684][T14466] dump_stack_lvl+0x16c/0x1f0 [ 627.781718][T14466] dump_header+0x101/0x930 [ 627.781751][T14466] oom_kill_process+0x272/0xa40 [ 627.781792][T14466] out_of_memory+0x350/0x1700 [ 627.781828][T14466] ? __pfx_out_of_memory+0x10/0x10 [ 627.781867][T14466] mem_cgroup_out_of_memory+0x118/0x130 [ 627.781907][T14466] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 627.781956][T14466] ? do_raw_spin_unlock+0x172/0x230 [ 627.781999][T14466] try_charge_memcg+0x695/0xd30 [ 627.782038][T14466] ? __pfx_try_charge_memcg+0x10/0x10 [ 627.782080][T14466] ? find_held_lock+0x2b/0x80 [ 627.782113][T14466] charge_memcg+0x8a/0x230 [ 627.782145][T14466] mem_cgroup_swapin_charge_folio+0xbb/0x440 [ 627.782187][T14466] __read_swap_cache_async+0x397/0x500 [ 627.782220][T14466] ? __pfx___read_swap_cache_async+0x10/0x10 [ 627.782256][T14466] ? post_alloc_hook+0x150/0x230 [ 627.782307][T14466] swap_cluster_readahead+0x432/0x770 [ 627.782345][T14466] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 627.782374][T14466] ? rcu_is_watching+0x10/0xc0 [ 627.782403][T14466] ? trace_mm_page_alloc+0x11f/0x1a0 [ 627.782456][T14466] ? get_vma_policy+0x242/0x3c0 [ 627.782496][T14466] swapin_readahead+0x13a/0xd60 [ 627.782523][T14466] ? do_raw_spin_lock+0x12c/0x2b0 [ 627.782571][T14466] ? __pfx_swapin_readahead+0x10/0x10 [ 627.782597][T14466] ? swap_cache_get_folio+0x267/0x8e0 [ 627.782622][T14466] ? swap_cache_get_folio+0x267/0x8e0 [ 627.782645][T14466] ? swap_cache_get_folio+0x267/0x8e0 [ 627.782674][T14466] ? swap_cache_get_folio+0x267/0x8e0 [ 627.782700][T14466] ? swap_cache_get_folio+0x1f/0x8e0 [ 627.782723][T14466] ? swap_cache_get_folio+0x293/0x8e0 [ 627.782752][T14466] ? __pfx_swap_cache_get_folio+0x10/0x10 [ 627.782776][T14466] ? __pfx_get_swap_device+0x10/0x10 [ 627.782812][T14466] ? do_swap_page+0x125/0x6340 [ 627.782851][T14466] do_swap_page+0x86c/0x6340 [ 627.782896][T14466] ? __pfx_lru_add+0x10/0x10 [ 627.782923][T14466] ? const_folio_flags+0x5b/0x100 [ 627.782952][T14466] ? __pfx_do_swap_page+0x10/0x10 [ 627.782990][T14466] ? __pfx_default_wake_function+0x10/0x10 [ 627.783028][T14466] ? rcu_is_watching+0x12/0xc0 [ 627.783055][T14466] ? ___pte_offset_map+0x2ad/0x4f0 [ 627.783095][T14466] __handle_mm_fault+0x17d1/0x2aa0 [ 627.783146][T14466] ? __pfx___handle_mm_fault+0x10/0x10 [ 627.783190][T14466] ? __pte_offset_map_lock+0x174/0x310 [ 627.783223][T14466] ? find_held_lock+0x2b/0x80 [ 627.783269][T14466] ? follow_page_pte+0x5cf/0x1390 [ 627.783311][T14466] handle_mm_fault+0x589/0xd10 [ 627.783358][T14466] __get_user_pages+0x54e/0x3530 [ 627.783411][T14466] ? __pfx___get_user_pages+0x10/0x10 [ 627.783446][T14466] ? __kernel_write_iter+0x5a5/0xb10 [ 627.783484][T14466] get_dump_page+0x257/0x3d0 [ 627.783520][T14466] ? __pfx_get_dump_page+0x10/0x10 [ 627.783556][T14466] ? dump_user_range+0x756/0xb70 [ 627.783591][T14466] dump_user_range+0x195/0xb70 [ 627.783626][T14466] ? __pfx_dump_user_range+0x10/0x10 [ 627.783656][T14466] ? elf_coredump_extra_notes_write+0xbd/0x4f0 [ 627.783704][T14466] ? __pfx_writenote+0x10/0x10 [ 627.783742][T14466] elf_core_dump+0x29c3/0x3c00 [ 627.783790][T14466] ? __pfx_elf_core_dump+0x10/0x10 [ 627.783815][T14466] ? kasan_save_stack+0x33/0x60 [ 627.783844][T14466] ? kasan_save_track+0x14/0x30 [ 627.783872][T14466] ? __kasan_kmalloc+0xaa/0xb0 [ 627.783900][T14466] ? __kvmalloc_node_noprof+0x3a3/0x9c0 [ 627.783929][T14466] ? vfs_coredump+0x1ddc/0x5670 [ 627.783953][T14466] ? arch_do_signal_or_restart+0x8f/0x790 [ 627.783984][T14466] ? irqentry_exit_to_user_mode+0x176/0x310 [ 627.784013][T14466] ? asm_exc_page_fault+0x26/0x30 [ 627.784048][T14466] ? 0xffffffffff600000 [ 627.784136][T14466] ? vfs_coredump+0x2b9f/0x5670 [ 627.784159][T14466] vfs_coredump+0x2b9f/0x5670 [ 627.784200][T14466] ? __pfx_vfs_coredump+0x10/0x10 [ 627.784228][T14466] ? __lock_acquire+0x622/0x1c90 [ 627.784285][T14466] ? lock_acquire+0x179/0x350 [ 627.784338][T14466] ? is_bpf_text_address+0x8a/0x1a0 [ 627.784374][T14466] ? bpf_ksym_find+0x124/0x1c0 [ 627.784415][T14466] ? unwind_get_return_address+0x59/0xa0 [ 627.784444][T14466] ? arch_stack_walk+0xa6/0x100 [ 627.784487][T14466] ? stack_trace_save+0x8e/0xc0 [ 627.784517][T14466] ? __pfx_stack_trace_save+0x10/0x10 [ 627.784549][T14466] ? stack_depot_save_flags+0x29/0x9c0 [ 627.784590][T14466] ? __lock_acquire+0xb8a/0x1c90 [ 627.784692][T14466] ? proc_coredump_connector+0x2d1/0x4f0 [ 627.784721][T14466] ? __pfx_proc_coredump_connector+0x10/0x10 [ 627.784759][T14466] ? rcu_is_watching+0x12/0xc0 [ 627.784793][T14466] get_signal+0x22e1/0x26d0 [ 627.784839][T14466] ? __pfx_get_signal+0x10/0x10 [ 627.784871][T14466] ? rcu_is_watching+0x12/0xc0 [ 627.784907][T14466] arch_do_signal_or_restart+0x8f/0x790 [ 627.784942][T14466] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 627.784998][T14466] irqentry_exit_to_user_mode+0x176/0x310 [ 627.785032][T14466] asm_exc_page_fault+0x26/0x30 [ 627.785058][T14466] RIP: 0033:0x21000 [ 627.785083][T14466] Code: Unable to access opcode bytes at 0x20fd6. [ 627.785095][T14466] RSP: 002b:000000000000000a EFLAGS: 00010206 [ 627.785116][T14466] RAX: 0000000000000000 RBX: 00007f04e79e5fa0 RCX: 00007f04e778f6c9 [ 627.785134][T14466] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000020003b46 [ 627.785151][T14466] RBP: 00007f04e7811f91 R08: 0000000000000002 R09: 0000000000000000 [ 627.785168][T14466] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 627.785184][T14466] R13: 00007f04e79e6038 R14: 00007f04e79e5fa0 R15: 00007ffdc7172908 [ 627.785224][T14466] [ 627.785234][T14466] memory: usage 3072kB, limit 3072kB, failcnt 181258 [ 627.933454][ T5831] Bluetooth: hci3: unexpected event 0x35 length: 13 > 6 [ 627.960460][T14466] memory+swap: usage 7868kB, limit 9007199254740988kB, failcnt 0 [ 627.976888][T14480] netlink: 11 bytes leftover after parsing attributes in process `syz.1.1892'. [ 627.999716][T14466] kmem: usage 2492kB, limit 9007199254740988kB, failcnt 0 [ 628.408080][T14466] Memory cgroup stats for /syz3: [ 628.408553][T14466] cache 0 [ 628.480657][T14466] rss 0 [ 628.483455][T14466] rss_huge 0 [ 628.486652][T14466] shmem 0 [ 628.489667][T14466] mapped_file 0 [ 628.493124][T14466] dirty 0 [ 628.496062][T14466] writeback 0 [ 628.499340][T14466] workingset_refault_anon 43391 [ 628.504390][T14466] workingset_refault_file 27159 [ 628.509241][T14466] swap 4911104 [ 628.515443][T14466] swapcached 593920 [ 628.520927][T14466] pgpgin 304241 [ 628.524403][T14466] pgpgout 305629 [ 628.528069][T14466] pgfault 448047 [ 628.533142][T14466] pgmajfault 18198 [ 628.536869][T14466] inactive_anon 593920 [ 628.541836][T14466] active_anon 0 [ 628.545314][T14466] inactive_file 0 [ 628.548941][T14466] active_file 0 [ 628.570106][T14466] unevictable 0 [ 628.573609][T14466] hierarchical_memory_limit 3145728 [ 628.619852][T14466] hierarchical_memsw_limit 9223372036854771712 [ 628.628843][T14466] total_cache 0 [ 628.632503][T14466] total_rss 0 [ 628.635802][T14466] total_rss_huge 0 [ 628.639518][T14466] total_shmem 0 [ 628.643157][T14466] total_mapped_file 0 [ 628.647139][T14466] total_dirty 0 [ 628.663794][T14466] total_writeback 0 [ 628.667635][T14466] total_workingset_refault_anon 43391 [ 628.702030][T14466] total_workingset_refault_file 27159 [ 628.717492][T14466] total_swap 4911104 [ 628.729006][T14466] total_swapcached 593920 [ 628.734194][T14466] total_pgpgin 304241 [ 628.738323][T14466] total_pgpgout 305629 [ 628.765884][T14466] total_pgfault 448047 [ 628.782788][T14486] size and base must be multiples of 4 kiB [ 628.788613][T14486] CPU: 0 UID: 0 PID: 14486 Comm: syz.0.1894 Not tainted syzkaller #0 PREEMPT(full) [ 628.788634][T14486] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 628.788643][T14486] Call Trace: [ 628.788650][T14486] [ 628.788656][T14486] dump_stack_lvl+0x16c/0x1f0 [ 628.788678][T14486] mtrr_del+0xd1/0x110 [ 628.788697][T14486] mtrr_ioctl+0x922/0xcf0 [ 628.788717][T14486] ? __pfx_mtrr_ioctl+0x10/0x10 [ 628.788740][T14486] ? find_held_lock+0x2b/0x80 [ 628.788759][T14486] ? __fget_files+0x20e/0x3c0 [ 628.788774][T14486] ? __pfx_mtrr_ioctl+0x10/0x10 [ 628.788793][T14486] proc_reg_unlocked_ioctl+0x229/0x320 [ 628.788812][T14486] ? __pfx_proc_reg_unlocked_ioctl+0x10/0x10 [ 628.788833][T14486] __x64_sys_ioctl+0x18e/0x210 [ 628.788857][T14486] do_syscall_64+0xcd/0xfa0 [ 628.788874][T14486] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 628.788891][T14486] RIP: 0033:0x7f0eba78f6c9 [ 628.788903][T14486] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 628.788918][T14486] RSP: 002b:00007f0ebb5e6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 628.788932][T14486] RAX: ffffffffffffffda RBX: 00007f0eba9e5fa0 RCX: 00007f0eba78f6c9 [ 628.788942][T14486] RDX: 0000000000000007 RSI: 0000000040104d04 RDI: 0000000000000003 [ 628.788950][T14486] RBP: 00007f0eba811f91 R08: 0000000000000000 R09: 0000000000000000 [ 628.788959][T14486] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 628.788968][T14486] R13: 00007f0eba9e6038 R14: 00007f0eba9e5fa0 R15: 00007ffdc869a3f8 [ 628.788988][T14486] [ 628.920427][T14466] total_pgmajfault 18198 [ 628.955895][T14466] total_inactive_anon 593920 [ 628.960795][T14466] total_active_anon 0 [ 628.966640][T14466] total_inactive_file 0 [ 628.970914][T14466] total_active_file 0 [ 628.974926][T14466] total_unevictable 0 [ 628.978906][T14466] anon_cost 0 [ 628.982483][T14466] file_cost 0 [ 628.985784][T14466] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz.3.1885,pid=14451,uid=0 [ 629.003135][T14466] Memory cgroup out of memory: Killed process 14451 (syz.3.1885) total-vm:106180kB, anon-rss:1140kB, file-rss:22740kB, shmem-rss:0kB, UID:0 pgtables:156kB oom_score_adj:1000 [ 630.444926][T14501] zswap: compressor 000 not available [ 630.565656][T14510] ptrace attach of "./syz-executor exec"[5825] was attempted by ""[14510] [ 631.912357][T14525] size and base must be multiples of 4 kiB [ 631.939082][T14525] CPU: 1 UID: 0 PID: 14525 Comm: syz.1.1903 Not tainted syzkaller #0 PREEMPT(full) [ 631.939118][T14525] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 631.939134][T14525] Call Trace: [ 631.939143][T14525] [ 631.939156][T14525] dump_stack_lvl+0x16c/0x1f0 [ 631.939260][T14525] mtrr_del+0xd1/0x110 [ 631.939281][T14525] mtrr_ioctl+0x922/0xcf0 [ 631.939302][T14525] ? __pfx_mtrr_ioctl+0x10/0x10 [ 631.939325][T14525] ? find_held_lock+0x2b/0x80 [ 631.939345][T14525] ? __fget_files+0x20e/0x3c0 [ 631.939360][T14525] ? __pfx_mtrr_ioctl+0x10/0x10 [ 631.939388][T14525] proc_reg_unlocked_ioctl+0x229/0x320 [ 631.939409][T14525] ? __pfx_proc_reg_unlocked_ioctl+0x10/0x10 [ 631.939430][T14525] __x64_sys_ioctl+0x18e/0x210 [ 631.939452][T14525] do_syscall_64+0xcd/0xfa0 [ 631.939469][T14525] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 631.939484][T14525] RIP: 0033:0x7f3f2eb8f6c9 [ 631.939496][T14525] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 631.939510][T14525] RSP: 002b:00007f3f2f962038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 631.939524][T14525] RAX: ffffffffffffffda RBX: 00007f3f2ede5fa0 RCX: 00007f3f2eb8f6c9 [ 631.939552][T14525] RDX: 0000000000000007 RSI: 0000000040104d04 RDI: 0000000000000003 [ 631.939568][T14525] RBP: 00007f3f2ec11f91 R08: 0000000000000000 R09: 0000000000000000 [ 631.939582][T14525] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 631.939597][T14525] R13: 00007f3f2ede6038 R14: 00007f3f2ede5fa0 R15: 00007ffc21696f28 [ 631.939631][T14525] [ 632.282795][T14523] vivid-010: kernel_thread() failed [ 632.806039][T14535] size and base must be multiples of 4 kiB [ 632.811928][T14535] CPU: 1 UID: 0 PID: 14535 Comm: syz.1.1905 Not tainted syzkaller #0 PREEMPT(full) [ 632.811948][T14535] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 632.811957][T14535] Call Trace: [ 632.811966][T14535] [ 632.811972][T14535] dump_stack_lvl+0x16c/0x1f0 [ 632.811993][T14535] mtrr_del+0xd1/0x110 [ 632.812014][T14535] mtrr_ioctl+0x922/0xcf0 [ 632.812033][T14535] ? __pfx_mtrr_ioctl+0x10/0x10 [ 632.812055][T14535] ? find_held_lock+0x2b/0x80 [ 632.812075][T14535] ? __fget_files+0x20e/0x3c0 [ 632.812090][T14535] ? __pfx_mtrr_ioctl+0x10/0x10 [ 632.812108][T14535] proc_reg_unlocked_ioctl+0x229/0x320 [ 632.812127][T14535] ? __pfx_proc_reg_unlocked_ioctl+0x10/0x10 [ 632.812152][T14535] __x64_sys_ioctl+0x18e/0x210 [ 632.812173][T14535] do_syscall_64+0xcd/0xfa0 [ 632.812191][T14535] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 632.812205][T14535] RIP: 0033:0x7f3f2eb8f6c9 [ 632.812218][T14535] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 632.812232][T14535] RSP: 002b:00007f3f2f941038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 632.812246][T14535] RAX: ffffffffffffffda RBX: 00007f3f2ede6090 RCX: 00007f3f2eb8f6c9 [ 632.812256][T14535] RDX: 0000000000000007 RSI: 0000000040104d04 RDI: 0000000000000003 [ 632.812265][T14535] RBP: 00007f3f2ec11f91 R08: 0000000000000000 R09: 0000000000000000 [ 632.812274][T14535] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 632.812283][T14535] R13: 00007f3f2ede6128 R14: 00007f3f2ede6090 R15: 00007ffc21696f28 [ 632.812303][T14535] [ 634.053721][T14549] zswap: compressor 000 not available [ 634.797300][T14564] ptrace attach of "./syz-executor exec"[5825] was attempted by ""[14564] [ 636.380422][ T5831] Bluetooth: hci0: unexpected event 0x35 length: 13 > 6 [ 636.450696][T14577] netlink: 11 bytes leftover after parsing attributes in process `syz.0.1912'. [ 636.963712][T14581] FAULT_INJECTION: forcing a failure. [ 636.963712][T14581] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 637.038973][T14581] CPU: 1 UID: 0 PID: 14581 Comm: syz.1.1914 Not tainted syzkaller #0 PREEMPT(full) [ 637.039010][T14581] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 637.039026][T14581] Call Trace: [ 637.039035][T14581] [ 637.039044][T14581] dump_stack_lvl+0x16c/0x1f0 [ 637.039085][T14581] should_fail_ex+0x512/0x640 [ 637.039128][T14581] _copy_to_user+0x32/0xd0 [ 637.039171][T14581] simple_read_from_buffer+0xcb/0x170 [ 637.039213][T14581] proc_fail_nth_read+0x197/0x240 [ 637.039243][T14581] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 637.039274][T14581] ? rw_verify_area+0xcf/0x6c0 [ 637.039299][T14581] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 637.039332][T14581] vfs_read+0x1e4/0xcf0 [ 637.039365][T14581] ? __pfx___mutex_lock+0x10/0x10 [ 637.039397][T14581] ? __pfx_vfs_read+0x10/0x10 [ 637.039435][T14581] ? __fget_files+0x20e/0x3c0 [ 637.039472][T14581] ksys_read+0x12a/0x250 [ 637.039499][T14581] ? __pfx_ksys_read+0x10/0x10 [ 637.039539][T14581] do_syscall_64+0xcd/0xfa0 [ 637.039567][T14581] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 637.039591][T14581] RIP: 0033:0x7f3f2eb8e0dc [ 637.039610][T14581] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 637.039636][T14581] RSP: 002b:00007f3f2f962030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 637.039660][T14581] RAX: ffffffffffffffda RBX: 00007f3f2ede5fa0 RCX: 00007f3f2eb8e0dc [ 637.039678][T14581] RDX: 000000000000000f RSI: 00007f3f2f9620a0 RDI: 0000000000000005 [ 637.039694][T14581] RBP: 00007f3f2f962090 R08: 0000000000000000 R09: 0000000000000000 [ 637.039710][T14581] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 637.039725][T14581] R13: 00007f3f2ede6038 R14: 00007f3f2ede5fa0 R15: 00007ffc21696f28 [ 637.039764][T14581] [ 637.303325][T14562] syz.3.1910 invoked oom-killer: gfp_mask=0x400cc0(GFP_KERNEL_ACCOUNT), order=1, oom_score_adj=1000 [ 637.320142][T14562] CPU: 1 UID: 0 PID: 14562 Comm: syz.3.1910 Not tainted syzkaller #0 PREEMPT(full) [ 637.320179][T14562] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 637.320195][T14562] Call Trace: [ 637.320205][T14562] [ 637.320216][T14562] dump_stack_lvl+0x16c/0x1f0 [ 637.320253][T14562] dump_header+0x101/0x930 [ 637.320285][T14562] oom_kill_process+0x272/0xa40 [ 637.320319][T14562] out_of_memory+0x350/0x1700 [ 637.320365][T14562] ? __pfx_out_of_memory+0x10/0x10 [ 637.320404][T14562] mem_cgroup_out_of_memory+0x118/0x130 [ 637.320446][T14562] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 637.320498][T14562] ? do_raw_spin_unlock+0x172/0x230 [ 637.320546][T14562] try_charge_memcg+0x695/0xd30 [ 637.320587][T14562] ? __pfx_try_charge_memcg+0x10/0x10 [ 637.320620][T14562] ? find_held_lock+0x2b/0x80 [ 637.320649][T14562] ? rcu_read_unlock+0x17/0x60 [ 637.320695][T14562] obj_cgroup_charge_account+0x292/0x500 [ 637.320734][T14562] __memcg_slab_post_alloc_hook+0x2ea/0x940 [ 637.320776][T14562] ? kasan_unpoison+0x27/0x60 [ 637.320810][T14562] __kmalloc_node_track_caller_noprof+0x698/0x8a0 [ 637.320845][T14562] ? neigh_sysctl_register+0xb2/0x670 [ 637.320880][T14562] ? kmemdup_noprof+0x29/0x60 [ 637.320908][T14562] ? lockdep_hardirqs_on+0x7c/0x110 [ 637.320936][T14562] kmemdup_noprof+0x29/0x60 [ 637.320965][T14562] neigh_sysctl_register+0xb2/0x670 [ 637.320996][T14562] ? __pfx_neigh_sysctl_register+0x10/0x10 [ 637.321021][T14562] ? inetdev_init+0x245/0x5a0 [ 637.321053][T14562] ? inetdev_event+0xc5f/0x18a0 [ 637.321084][T14562] ? notifier_call_chain+0xbc/0x410 [ 637.321124][T14562] ? copy_net_ns+0x2f8/0x690 [ 637.321152][T14562] ? create_new_namespaces+0x3ea/0xa90 [ 637.321179][T14562] ? unshare_nsproxy_namespaces+0xc0/0x1f0 [ 637.321210][T14562] ? ksys_unshare+0x45b/0xa40 [ 637.321241][T14562] ? __x64_sys_unshare+0x31/0x40 [ 637.321274][T14562] ? do_syscall_64+0xcd/0xfa0 [ 637.321303][T14562] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 637.321340][T14562] devinet_sysctl_register+0xb6/0x200 [ 637.321373][T14562] inetdev_init+0x2b8/0x5a0 [ 637.321409][T14562] inetdev_event+0xc5f/0x18a0 [ 637.321445][T14562] ? ib_netdevice_event+0xfc/0x330 [ 637.321472][T14562] ? __pfx_inetdev_event+0x10/0x10 [ 637.321515][T14562] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 637.321565][T14562] notifier_call_chain+0xbc/0x410 [ 637.321599][T14562] ? __pfx_inetdev_event+0x10/0x10 [ 637.321640][T14562] call_netdevice_notifiers_info+0xbe/0x140 [ 637.321678][T14562] register_netdevice+0x182e/0x2270 [ 637.321716][T14562] ? __pfx_register_netdevice+0x10/0x10 [ 637.321748][T14562] ? net_generic+0xea/0x2a0 [ 637.321792][T14562] register_netdev+0x34/0x50 [ 637.321820][T14562] vti6_init_net+0x28f/0x490 [ 637.321856][T14562] ? __pfx_vti6_init_net+0x10/0x10 [ 637.321891][T14562] ops_init+0x1e2/0x5f0 [ 637.321923][T14562] setup_net+0x100/0x390 [ 637.321952][T14562] ? __pfx_setup_net+0x10/0x10 [ 637.321982][T14562] ? debug_mutex_init+0x37/0x70 [ 637.322016][T14562] copy_net_ns+0x2f8/0x690 [ 637.322051][T14562] create_new_namespaces+0x3ea/0xa90 [ 637.322091][T14562] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 637.322126][T14562] ksys_unshare+0x45b/0xa40 [ 637.322161][T14562] ? __pfx_ksys_unshare+0x10/0x10 [ 637.322198][T14562] ? syscall_user_dispatch+0x78/0x140 [ 637.322250][T14562] __x64_sys_unshare+0x31/0x40 [ 637.322284][T14562] do_syscall_64+0xcd/0xfa0 [ 637.322317][T14562] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 637.322356][T14562] RIP: 0033:0x7f10b1f8f6c9 [ 637.322380][T14562] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 637.322406][T14562] RSP: 002b:00007f10b2ec5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 637.322432][T14562] RAX: ffffffffffffffda RBX: 00007f10b21e6090 RCX: 00007f10b1f8f6c9 [ 637.322450][T14562] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 637.322467][T14562] RBP: 00007f10b2011f91 R08: 0000000000000000 R09: 0000000000000000 [ 637.322483][T14562] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 637.322499][T14562] R13: 00007f10b21e6128 R14: 00007f10b21e6090 R15: 00007ffc1e754288 [ 637.322540][T14562] [ 637.322551][T14562] memory: usage 3072kB, limit 3072kB, failcnt 182668 [ 637.754184][T14562] memory+swap: usage 3792kB, limit 9007199254740988kB, failcnt 0 [ 637.762025][T14562] kmem: usage 2516kB, limit 9007199254740988kB, failcnt 0 [ 637.770314][T14562] Memory cgroup stats for /syz3: [ 637.770507][T14562] cache 0 [ 637.778377][T14562] rss 0 [ 637.829624][T14562] rss_huge 0 [ 637.832865][T14562] shmem 0 [ 637.835806][T14562] mapped_file 0 [ 637.848208][T14562] dirty 0 [ 637.856260][T14562] writeback 0 [ 637.878216][T14562] workingset_refault_anon 43630 [ 637.899639][T14562] workingset_refault_file 27159 [ 637.904530][T14562] swap 737280 [ 637.907878][T14562] swapcached 569344 [ 637.959601][T14562] pgpgin 305595 [ 637.963107][T14562] pgpgout 306989 [ 637.966924][T14562] pgfault 449643 [ 637.971228][T14562] pgmajfault 18396 [ 637.974983][T14562] inactive_anon 569344 [ 637.979189][T14562] active_anon 0 [ 637.983290][T14562] inactive_file 0 [ 637.986948][T14562] active_file 0 [ 637.990896][T14562] unevictable 0 [ 637.994392][T14562] hierarchical_memory_limit 3145728 [ 638.000040][T14562] hierarchical_memsw_limit 9223372036854771712 [ 638.006360][T14562] total_cache 0 [ 638.011353][T14562] total_rss 0 [ 638.014656][T14562] total_rss_huge 0 [ 638.018589][T14562] total_shmem 0 [ 638.022653][T14562] total_mapped_file 0 [ 638.026653][T14562] total_dirty 0 [ 638.030600][T14562] total_writeback 0 [ 638.034428][T14562] total_workingset_refault_anon 43630 [ 638.052692][T14562] total_workingset_refault_file 27159 [ 638.058213][T14562] total_swap 737280 [ 638.066699][T14562] total_swapcached 569344 [ 638.071578][T14562] total_pgpgin 305595 [ 638.075576][T14562] total_pgpgout 306989 [ 638.081335][T14562] total_pgfault 449643 [ 638.085427][T14562] total_pgmajfault 18396 [ 638.097958][T14562] total_inactive_anon 569344 [ 638.121796][T14562] total_active_anon 0 [ 638.125820][T14562] total_inactive_file 0 [ 638.150862][T14562] total_active_file 0 [ 638.159643][T14562] total_unevictable 0 [ 638.163662][T14562] anon_cost 0 [ 638.166966][T14562] file_cost 0 [ 638.233084][T14562] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz.3.1910,pid=14559,uid=0 [ 638.279878][T14562] Memory cgroup out of memory: Killed process 14559 (syz.3.1910) total-vm:135112kB, anon-rss:1140kB, file-rss:22624kB, shmem-rss:0kB, UID:0 pgtables:144kB oom_score_adj:1000 [ 638.878056][T14593] zswap: compressor 000 not available [ 639.649500][T14588] size and base must be multiples of 4 kiB [ 639.767206][T14588] CPU: 0 UID: 0 PID: 14588 Comm: syz.0.1916 Not tainted syzkaller #0 PREEMPT(full) [ 639.767243][T14588] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 639.767257][T14588] Call Trace: [ 639.767266][T14588] [ 639.767275][T14588] dump_stack_lvl+0x16c/0x1f0 [ 639.767308][T14588] mtrr_del+0xd1/0x110 [ 639.767344][T14588] mtrr_ioctl+0x922/0xcf0 [ 639.767376][T14588] ? __pfx_mtrr_ioctl+0x10/0x10 [ 639.767414][T14588] ? find_held_lock+0x2b/0x80 [ 639.767448][T14588] ? __fget_files+0x20e/0x3c0 [ 639.767472][T14588] ? __pfx_mtrr_ioctl+0x10/0x10 [ 639.767503][T14588] proc_reg_unlocked_ioctl+0x229/0x320 [ 639.767536][T14588] ? __pfx_proc_reg_unlocked_ioctl+0x10/0x10 [ 639.767574][T14588] __x64_sys_ioctl+0x18e/0x210 [ 639.767616][T14588] do_syscall_64+0xcd/0xfa0 [ 639.767649][T14588] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 639.767677][T14588] RIP: 0033:0x7f0eba78f6c9 [ 639.767699][T14588] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 639.767725][T14588] RSP: 002b:00007f0ebb5e6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 639.767751][T14588] RAX: ffffffffffffffda RBX: 00007f0eba9e5fa0 RCX: 00007f0eba78f6c9 [ 639.767770][T14588] RDX: 0000000000000007 RSI: 0000000040104d04 RDI: 0000000000000003 [ 639.767787][T14588] RBP: 00007f0eba811f91 R08: 0000000000000000 R09: 0000000000000000 [ 639.767804][T14588] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 639.767820][T14588] R13: 00007f0eba9e6038 R14: 00007f0eba9e5fa0 R15: 00007ffdc869a3f8 [ 639.767859][T14588] [ 641.312191][ T32] oom_reaper: reaped process 14559 (syz.3.1910), now anon-rss:108kB, file-rss:21464kB, shmem-rss:0kB [ 641.628923][T14623] misc userio: Invalid payload size [ 642.148809][ T30] audit: type=1804 audit(1762398845.627:26): pid=14629 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.1924" name="/newroot/sys/kernel/debug/tracing/per_cpu/cpu0/trace_pipe_raw" dev="tracefs" ino=202 res=1 errno=0 [ 642.855534][ T5831] Bluetooth: hci3: unexpected event 0x35 length: 13 > 6 [ 642.870795][T14634] netlink: 11 bytes leftover after parsing attributes in process `syz.1.1925'. [ 643.773577][T14629] random: crng reseeded on system resumption [ 643.923947][T14623] [ 643.926282][T14623] ====================================================== [ 643.933285][T14623] WARNING: possible circular locking dependency detected [ 643.940308][T14623] syzkaller #0 Not tainted [ 643.944728][T14623] ------------------------------------------------------ [ 643.951749][T14623] syz.3.1924/14623 is trying to acquire lock: [ 643.957818][T14623] ffffffff8e5646a0 (fs_reclaim){+.+.}-{0:0}, at: prepare_alloc_pages+0x162/0x610 [ 643.966996][T14623] [ 643.966996][T14623] but task is already holding lock: [ 643.974347][T14623] ffff888148c014c8 (mapping.invalidate_lock){++++}-{4:4}, at: filemap_fault+0x61d/0x29a0 [ 643.984190][T14623] [ 643.984190][T14623] which lock already depends on the new lock. [ 643.984190][T14623] [ 643.994585][T14623] [ 643.994585][T14623] the existing dependency chain (in reverse order) is: [ 644.003590][T14623] [ 644.003590][T14623] -> #8 (mapping.invalidate_lock){++++}-{4:4}: [ 644.011932][T14623] down_read+0x9b/0x480 [ 644.016628][T14623] filemap_fault+0x2d8/0x29a0 [ 644.021821][T14623] __do_fault+0x10d/0x490 [ 644.026672][T14623] do_pte_missing+0x9e1/0x3ba0 [ 644.031961][T14623] __handle_mm_fault+0x1556/0x2aa0 [ 644.037625][T14623] handle_mm_fault+0x589/0xd10 [ 644.042914][T14623] do_user_addr_fault+0x7a6/0x1370 [ 644.048542][T14623] exc_page_fault+0x64/0xc0 [ 644.053563][T14623] asm_exc_page_fault+0x26/0x30 [ 644.058929][T14623] rep_movs_alternative+0x4a/0x90 [ 644.064477][T14623] _copy_to_iter+0x4eb/0x1710 [ 644.069670][T14623] copy_page_to_iter+0x12a/0x1e0 [ 644.075123][T14623] filemap_read+0x6b1/0xe40 [ 644.080143][T14623] blkdev_read_iter+0x1ac/0x500 [ 644.085510][T14623] do_iter_readv_writev+0x743/0x9e0 [ 644.091226][T14623] vfs_readv+0x4cb/0x8b0 [ 644.095985][T14623] do_readv+0x132/0x340 [ 644.100656][T14623] __x64_sys_preadv2+0x11f/0x160 [ 644.106116][T14623] do_syscall_64+0xcd/0xfa0 [ 644.111224][T14623] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 644.117634][T14623] [ 644.117634][T14623] -> #7 (&mm->mmap_lock){++++}-{4:4}: [ 644.125193][T14623] __might_fault+0x113/0x190 [ 644.130305][T14623] _copy_from_iter+0x1c2/0x1720 [ 644.135682][T14623] tcp_sendmsg_locked+0x2900/0x42e0 [ 644.141404][T14623] tcp_sendmsg+0x2e/0x50 [ 644.146168][T14623] inet_sendmsg+0xb9/0x140 [ 644.151109][T14623] sock_write_iter+0x509/0x610 [ 644.156392][T14623] vfs_write+0x7d3/0x11d0 [ 644.161251][T14623] ksys_write+0x1f8/0x250 [ 644.166134][T14623] do_syscall_64+0xcd/0xfa0 [ 644.171172][T14623] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 644.177586][T14623] [ 644.177586][T14623] -> #6 (sk_lock-AF_INET){+.+.}-{0:0}: [ 644.185236][T14623] lock_sock_nested+0x41/0xf0 [ 644.190432][T14623] inet_shutdown+0x67/0x440 [ 644.195465][T14623] nbd_mark_nsock_dead+0xae/0x5d0 [ 644.201015][T14623] recv_work+0x671/0xa80 [ 644.205954][T14623] process_one_work+0x9cf/0x1b70 [ 644.211419][T14623] worker_thread+0x6c8/0xf10 [ 644.216534][T14623] kthread+0x3c5/0x780 [ 644.221126][T14623] ret_from_fork+0x675/0x7d0 [ 644.226244][T14623] ret_from_fork_asm+0x1a/0x30 [ 644.231536][T14623] [ 644.231536][T14623] -> #5 (&nsock->tx_lock){+.+.}-{4:4}: [ 644.239184][T14623] __mutex_lock+0x193/0x1060 [ 644.244294][T14623] nbd_queue_rq+0x423/0x12d0 [ 644.249410][T14623] blk_mq_dispatch_rq_list+0x416/0x1e20 [ 644.255476][T14623] __blk_mq_sched_dispatch_requests+0xcb7/0x15f0 [ 644.262325][T14623] blk_mq_sched_dispatch_requests+0xd8/0x1b0 [ 644.268819][T14623] blk_mq_run_hw_queue+0x239/0x670 [ 644.274464][T14623] blk_mq_dispatch_list+0x514/0x1310 [ 644.280267][T14623] blk_mq_flush_plug_list+0x130/0x600 [ 644.286166][T14623] __blk_flush_plug+0x2c4/0x4b0 [ 644.291540][T14623] __submit_bio+0x545/0x690 [ 644.296581][T14623] submit_bio_noacct_nocheck+0x53d/0xc10 [ 644.302741][T14623] submit_bio_noacct+0x5bd/0x1f60 [ 644.308289][T14623] block_read_full_folio+0x4db/0x850 [ 644.314135][T14623] filemap_read_folio+0xc8/0x2a0 [ 644.319593][T14623] do_read_cache_folio+0x263/0x5c0 [ 644.325227][T14623] read_part_sector+0xd4/0x370 [ 644.330522][T14623] adfspart_check_ICS+0x93/0x940 [ 644.335980][T14623] bdev_disk_changed+0x723/0x1520 [ 644.341533][T14623] blkdev_get_whole+0x187/0x290 [ 644.347173][T14623] bdev_open+0x2c7/0xe40 [ 644.351934][T14623] blkdev_open+0x34e/0x4f0 [ 644.356941][T14623] do_dentry_open+0x982/0x1530 [ 644.362226][T14623] vfs_open+0x82/0x3f0 [ 644.366820][T14623] path_openat+0x1de4/0x2cb0 [ 644.371929][T14623] do_filp_open+0x20b/0x470 [ 644.376961][T14623] do_sys_openat2+0x11b/0x1d0 [ 644.382260][T14623] __x64_sys_openat+0x174/0x210 [ 644.387638][T14623] do_syscall_64+0xcd/0xfa0 [ 644.392665][T14623] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 644.399081][T14623] [ 644.399081][T14623] -> #4 (&cmd->lock){+.+.}-{4:4}: [ 644.406296][T14623] __mutex_lock+0x193/0x1060 [ 644.411417][T14623] nbd_queue_rq+0xbd/0x12d0 [ 644.416450][T14623] blk_mq_dispatch_rq_list+0x416/0x1e20 [ 644.422524][T14623] __blk_mq_sched_dispatch_requests+0xcb7/0x15f0 [ 644.429372][T14623] blk_mq_sched_dispatch_requests+0xd8/0x1b0 [ 644.435870][T14623] blk_mq_run_hw_queue+0x239/0x670 [ 644.441511][T14623] blk_mq_dispatch_list+0x514/0x1310 [ 644.447315][T14623] blk_mq_flush_plug_list+0x130/0x600 [ 644.453217][T14623] __blk_flush_plug+0x2c4/0x4b0 [ 644.458608][T14623] __submit_bio+0x545/0x690 [ 644.463627][T14623] submit_bio_noacct_nocheck+0x53d/0xc10 [ 644.469797][T14623] submit_bio_noacct+0x5bd/0x1f60 [ 644.475337][T14623] block_read_full_folio+0x4db/0x850 [ 644.481151][T14623] filemap_read_folio+0xc8/0x2a0 [ 644.486603][T14623] do_read_cache_folio+0x263/0x5c0 [ 644.492233][T14623] read_part_sector+0xd4/0x370 [ 644.497525][T14623] adfspart_check_ICS+0x93/0x940 [ 644.502991][T14623] bdev_disk_changed+0x723/0x1520 [ 644.508552][T14623] blkdev_get_whole+0x187/0x290 [ 644.513936][T14623] bdev_open+0x2c7/0xe40 [ 644.518699][T14623] blkdev_open+0x34e/0x4f0 [ 644.523633][T14623] do_dentry_open+0x982/0x1530 [ 644.528915][T14623] vfs_open+0x82/0x3f0 [ 644.533506][T14623] path_openat+0x1de4/0x2cb0 [ 644.538614][T14623] do_filp_open+0x20b/0x470 [ 644.543638][T14623] do_sys_openat2+0x11b/0x1d0 [ 644.548861][T14623] __x64_sys_openat+0x174/0x210 [ 644.554240][T14623] do_syscall_64+0xcd/0xfa0 [ 644.559267][T14623] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 644.565676][T14623] [ 644.565676][T14623] -> #3 (set->srcu){.+.+}-{0:0}: [ 644.572823][T14623] __synchronize_srcu+0xa1/0x290 [ 644.578290][T14623] blk_mq_quiesce_queue+0x149/0x1b0 [ 644.584015][T14623] elevator_switch+0x17d/0x810 [ 644.589315][T14623] elevator_change+0x391/0x5d0 [ 644.594608][T14623] elevator_set_default+0x2e9/0x380 [ 644.600323][T14623] blk_register_queue+0x384/0x4e0 [ 644.605879][T14623] __add_disk+0x74a/0xf00 [ 644.610836][T14623] add_disk_fwnode+0x13f/0x5d0 [ 644.616121][T14623] nbd_dev_add+0x783/0xbb0 [ 644.621067][T14623] nbd_init+0x1a2/0x3c0 [ 644.625757][T14623] do_one_initcall+0x123/0x6e0 [ 644.631049][T14623] kernel_init_freeable+0x5c8/0x920 [ 644.636806][T14623] kernel_init+0x1c/0x2b0 [ 644.641669][T14623] ret_from_fork+0x675/0x7d0 [ 644.646788][T14623] ret_from_fork_asm+0x1a/0x30 [ 644.652080][T14623] [ 644.652080][T14623] -> #2 (&q->elevator_lock){+.+.}-{4:4}: [ 644.659907][T14623] __mutex_lock+0x193/0x1060 [ 644.665029][T14623] queue_requests_store+0x3a7/0x670 [ 644.670754][T14623] queue_attr_store+0x26b/0x310 [ 644.676127][T14623] sysfs_kf_write+0xf2/0x150 [ 644.681241][T14623] kernfs_fop_write_iter+0x3af/0x570 [ 644.687076][T14623] vfs_write+0x7d3/0x11d0 [ 644.692101][T14623] ksys_write+0x12a/0x250 [ 644.696949][T14623] do_syscall_64+0xcd/0xfa0 [ 644.701973][T14623] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 644.708386][T14623] [ 644.708386][T14623] -> #1 (&q->q_usage_counter(io)#63){++++}-{0:0}: [ 644.717000][T14623] blk_alloc_queue+0x619/0x760 [ 644.722283][T14623] blk_mq_alloc_queue+0x172/0x280 [ 644.727830][T14623] __blk_mq_alloc_disk+0x29/0x120 [ 644.733377][T14623] nbd_dev_add+0x492/0xbb0 [ 644.738324][T14623] nbd_init+0x1a2/0x3c0 [ 644.743005][T14623] do_one_initcall+0x123/0x6e0 [ 644.748301][T14623] kernel_init_freeable+0x5c8/0x920 [ 644.754027][T14623] kernel_init+0x1c/0x2b0 [ 644.758894][T14623] ret_from_fork+0x675/0x7d0 [ 644.764010][T14623] ret_from_fork_asm+0x1a/0x30 [ 644.769303][T14623] [ 644.769303][T14623] -> #0 (fs_reclaim){+.+.}-{0:0}: [ 644.776516][T14623] __lock_acquire+0x126f/0x1c90 [ 644.781889][T14623] lock_acquire+0x179/0x350 [ 644.786916][T14623] fs_reclaim_acquire+0x102/0x150 [ 644.792464][T14623] prepare_alloc_pages+0x162/0x610 [ 644.798101][T14623] __alloc_frozen_pages_noprof+0x18b/0x2470 [ 644.804514][T14623] alloc_pages_mpol+0x1fb/0x550 [ 644.809890][T14623] folio_alloc_noprof+0x20/0x2d0 [ 644.815362][T14623] filemap_alloc_folio_noprof+0x3a1/0x470 [ 644.821609][T14623] __filemap_get_folio+0x5e1/0xc30 [ 644.827240][T14623] filemap_fault+0x661/0x29a0 [ 644.832437][T14623] __do_fault+0x10d/0x490 [ 644.837283][T14623] do_pte_missing+0xf4a/0x3ba0 [ 644.842574][T14623] __handle_mm_fault+0x1556/0x2aa0 [ 644.848215][T14623] handle_mm_fault+0x589/0xd10 [ 644.853504][T14623] __get_user_pages+0x54e/0x3530 [ 644.858964][T14623] populate_vma_page_range+0x267/0x3f0 [ 644.864949][T14623] __mm_populate+0x1d8/0x380 [ 644.870062][T14623] vm_mmap_pgoff+0x37f/0x470 [ 644.875172][T14623] ksys_mmap_pgoff+0x32c/0x5c0 [ 644.880456][T14623] __x64_sys_mmap+0x125/0x190 [ 644.885658][T14623] do_syscall_64+0xcd/0xfa0 [ 644.890681][T14623] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 644.897092][T14623] [ 644.897092][T14623] other info that might help us debug this: [ 644.897092][T14623] [ 644.907308][T14623] Chain exists of: [ 644.907308][T14623] fs_reclaim --> &mm->mmap_lock --> mapping.invalidate_lock [ 644.907308][T14623] [ 644.920526][T14623] Possible unsafe locking scenario: [ 644.920526][T14623] [ 644.927968][T14623] CPU0 CPU1 [ 644.933323][T14623] ---- ---- [ 644.938849][T14623] rlock(mapping.invalidate_lock); [ 644.944046][T14623] lock(&mm->mmap_lock); [ 644.950889][T14623] lock(mapping.invalidate_lock); [ 644.958513][T14623] lock(fs_reclaim); [ 644.962488][T14623] [ 644.962488][T14623] *** DEADLOCK *** [ 644.962488][T14623] [ 644.970616][T14623] 1 lock held by syz.3.1924/14623: [ 644.975718][T14623] #0: ffff888148c014c8 (mapping.invalidate_lock){++++}-{4:4}, at: filemap_fault+0x61d/0x29a0 [ 644.986005][T14623] [ 644.986005][T14623] stack backtrace: [ 644.991975][T14623] CPU: 1 UID: 0 PID: 14623 Comm: syz.3.1924 Not tainted syzkaller #0 PREEMPT(full) [ 644.992005][T14623] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 644.992020][T14623] Call Trace: [ 644.992034][T14623] [ 644.992044][T14623] dump_stack_lvl+0x116/0x1f0 [ 644.992073][T14623] print_circular_bug+0x275/0x350 [ 644.992105][T14623] check_noncircular+0x14c/0x170 [ 644.992139][T14623] __lock_acquire+0x126f/0x1c90 [ 644.992176][T14623] lock_acquire+0x179/0x350 [ 644.992206][T14623] ? prepare_alloc_pages+0x162/0x610 [ 644.992242][T14623] fs_reclaim_acquire+0x102/0x150 [ 644.992271][T14623] ? prepare_alloc_pages+0x162/0x610 [ 644.992301][T14623] prepare_alloc_pages+0x162/0x610 [ 644.992331][T14623] ? mpage_readahead+0x43a/0x5a0 [ 644.992368][T14623] __alloc_frozen_pages_noprof+0x18b/0x2470 [ 644.992394][T14623] ? __pfx_blk_mq_flush_plug_list+0x10/0x10 [ 644.992427][T14623] ? __blk_flush_plug+0x2f3/0x4b0 [ 644.992451][T14623] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 644.992477][T14623] ? __pfx___blk_flush_plug+0x10/0x10 [ 644.992501][T14623] ? lock_acquire+0x179/0x350 [ 644.992536][T14623] ? __lock_acquire+0x622/0x1c90 [ 644.992566][T14623] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 644.992606][T14623] ? policy_nodemask+0xea/0x4e0 [ 644.992639][T14623] alloc_pages_mpol+0x1fb/0x550 [ 644.992670][T14623] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 644.992702][T14623] ? filemap_get_entry+0x1a7/0x3b0 [ 644.992729][T14623] folio_alloc_noprof+0x20/0x2d0 [ 644.992764][T14623] filemap_alloc_folio_noprof+0x3a1/0x470 [ 644.992799][T14623] ? __pfx_filemap_alloc_folio_noprof+0x10/0x10 [ 644.992835][T14623] __filemap_get_folio+0x5e1/0xc30 [ 644.992864][T14623] filemap_fault+0x661/0x29a0 [ 644.992892][T14623] ? __pfx_filemap_fault+0x10/0x10 [ 644.992923][T14623] ? __pfx_filemap_map_pages+0x10/0x10 [ 644.992945][T14623] __do_fault+0x10d/0x490 [ 644.992971][T14623] ? __pfx_filemap_map_pages+0x10/0x10 [ 644.992993][T14623] do_pte_missing+0xf4a/0x3ba0 [ 644.993035][T14623] ? find_held_lock+0x2b/0x80 [ 644.993059][T14623] ? __handle_mm_fault+0x1529/0x2aa0 [ 644.993097][T14623] __handle_mm_fault+0x1556/0x2aa0 [ 644.993136][T14623] ? __pfx___handle_mm_fault+0x10/0x10 [ 644.993173][T14623] ? __pte_offset_map_lock+0x174/0x310 [ 644.993203][T14623] ? find_held_lock+0x2b/0x80 [ 644.993230][T14623] ? follow_page_pte+0x5cf/0x1390 [ 644.993264][T14623] handle_mm_fault+0x589/0xd10 [ 644.993302][T14623] __get_user_pages+0x54e/0x3530 [ 644.993339][T14623] ? __pfx___get_user_pages+0x10/0x10 [ 644.993374][T14623] populate_vma_page_range+0x267/0x3f0 [ 644.993408][T14623] ? __pfx_populate_vma_page_range+0x10/0x10 [ 644.993442][T14623] ? __pfx_find_vma_intersection+0x10/0x10 [ 644.993473][T14623] ? do_mmap+0x69c/0x1210 [ 644.993504][T14623] __mm_populate+0x1d8/0x380 [ 644.993537][T14623] ? __pfx___mm_populate+0x10/0x10 [ 644.993570][T14623] ? up_write+0x1b2/0x520 [ 644.993606][T14623] vm_mmap_pgoff+0x37f/0x470 [ 644.993637][T14623] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 644.993669][T14623] ? __fget_files+0x20e/0x3c0 [ 644.993696][T14623] ksys_mmap_pgoff+0x32c/0x5c0 [ 644.993725][T14623] ? __pfx_do_writev+0x10/0x10 [ 644.993750][T14623] __x64_sys_mmap+0x125/0x190 [ 644.993787][T14623] do_syscall_64+0xcd/0xfa0 [ 644.993814][T14623] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 644.993840][T14623] RIP: 0033:0x7f10b1f8f6c9 [ 644.993859][T14623] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 644.993882][T14623] RSP: 002b:00007f10b2ee6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 644.993904][T14623] RAX: ffffffffffffffda RBX: 00007f10b21e5fa0 RCX: 00007f10b1f8f6c9 [ 644.993921][T14623] RDX: 0000400000000ffb RSI: 0000000000810004 RDI: 0000000000000000 [ 644.993937][T14623] RBP: 00007f10b2011f91 R08: 0000000000000003 R09: 0000000000008000 [ 644.993952][T14623] R10: 0008000000008011 R11: 0000000000000246 R12: 0000000000000000 [ 644.993967][T14623] R13: 00007f10b21e6038 R14: 00007f10b21e5fa0 R15: 00007ffc1e754288 [ 644.993991][T14623] [ 645.381659][T14645] zswap: compressor 000 not available [ 645.421129][T14652] tty tty12: ldisc open failed (-12), clearing slot 11 [ 645.493375][T14623] PM: hibernation: Basic memory bitmaps freed [ 646.310671][T14658] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 646.319731][T14658] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 646.325818][T14658] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 646.349884][T14658] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 648.009652][ T5831] Bluetooth: hci2: command 0x0406 tx timeout [ 648.329663][T13674] Bluetooth: hci3: command 0x0406 tx timeout [ 648.335801][ T5831] Bluetooth: hci1: command 0x0406 tx timeout [ 648.410076][ T5831] Bluetooth: hci0: command 0x0406 tx timeout