last executing test programs: 6.157564178s ago: executing program 1 (id=2823): mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) socket(0x2, 0x1, 0x106) io_uring_setup$auto(0x80000000, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) r2 = set_tid_address$auto(&(0x7f0000000180)=0xf0) waitid$auto_P_PIDFD(0x3, r1, &(0x7f0000000040)={@siginfo_0_0={0x2, 0x4000008, 0xf8, @_rt={r2, 0x0, @sival_ptr=&(0x7f0000000280)="79ca6170c72c9b5affac767c0127e58e38f3f407303ed544651fc514ea2bf3a8d8ec1b5efc99d62cbb8043d4582607afd440f400a4fdcd74a0d6cc759ee437d05a5a149e70f79615cb36ed421aea340b2fe6"}}}, 0x20f5, &(0x7f0000000440)={{0xfffffffffffffffd, 0x82}, {0x5f, 0xd}, 0x0, 0x10, 0x80000001, 0x8, 0x1ff, 0x22, 0x5, 0x501, 0xfff, 0x3, 0x3, 0x9, 0xc, 0x9}) prctl$auto(0x3e, 0x3, r2, 0x4, 0x0) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) socket(0x28, 0x5, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000180), r3) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="18"], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4c084}, 0x51) sendmsg$auto_NL802154_CMD_SET_WPAN_PHY_NETNS(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="01002dbd7000ffdf4a737ddbdf25140000200800032f6b", @ANYRES32=0x0, @ANYBLOB="0800010006000000"], 0x24}, 0x1, 0x0, 0x0, 0x4000c00}, 0x4000000) listen$auto(r3, 0x2) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video3\x00', 0x2aa01, 0x0) socket$nl_generic(0x10, 0x3, 0x10) select$auto(0x9, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0x3, 0x1, 0x948b, 0x9, 0x15f4da07, 0x6, 0x2, 0x64, 0x80000020, 0x1000, 0xb, 0x9, 0x2, 0xd8]}, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x8000000000001fd, 0x20000000007, 0x4, 0x1000000000000bc3, 0x800, 0x3, 0xff, 0x10001, 0x400000000003, 0x3, 0xfffffffffffffffc, 0xfffffffffffffffe, 0x80000000, 0x9, 0xffffdfffffffff81, 0x4]}, 0x0) 4.802921221s ago: executing program 2 (id=2826): r0 = socket(0xa, 0x3, 0x3a) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) getsockopt$auto(r0, 0x29, 0x36, 0x0, 0x0) mmap$auto(0x0, 0x6, 0xdf, 0xeb1, 0x401, 0x8000) getrandom$auto(0x0, 0x6000000, 0x3) madvise$auto(0x0, 0x9, 0x15) sendmsg$auto_HWSIM_CMD_FRAME(0xffffffffffffffff, 0x0, 0x0) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/timer_list\x00', 0x1c9802, 0x0) mmap$auto(0x0, 0x420009, 0xdf, 0xeb1, 0x401, 0x8000) sendmsg$auto_OVS_CT_LIMIT_CMD_SET(0xffffffffffffffff, 0x0, 0x4) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = semctl$auto(0x5, 0x102, 0x13, 0x9) r2 = socket(0x2b, 0x1, 0x1) setsockopt$auto(r2, 0x29, 0x20, 0x0, 0x20) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, 0x0, 0xc0c02, 0x0) process_vm_readv$auto(r1, &(0x7f00000000c0)={&(0x7f0000000000)="7f116342c6ec70e3d584200bb6a2001be7a78f2d2b53a7d6f26a4f0dc37df91940cba3e80a378a95031bceb2140b54f252b4d4853c25983002f8a7227f27c283ce8ee219ff4566c28932b5e28a4c8600086a9f9e46773d5a9574b63f07212843e707136f608b281c4308f5af6d", 0x6}, 0x3, &(0x7f0000000200)={&(0x7f0000000100)="8a72f691bb42783ab6cc0fa8db2b810f78034f7048309738d8c029eddba65a034441d9240724b2974ab95049436f3f20ee7a023c7bc4630760567d1b42a44e684926d0a6a875122f41a97129513236e2f61561e86ba3141f2ccc41eee7cf8ae2bafb6948138555b737bcdd2089aa146a68d64760c8e8d7e68a949f49a1b234a7e83083a26fb0f563b042ab94d58f9705383ee8a6ba6d1b34895a3b393e346ebf7b972088cc2feb2932a45a3a570052c05ed982f711c0a9a2bed6c94b425106e75ee0157679961dc95eb8d3a4080add37213c65e6c30b", 0x3}, 0x1, 0xffffffffffffffff) preadv$auto(0x40000000000003, &(0x7f0000000080)={0x0, 0xf15c}, 0x6, 0x8, 0x5) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) 4.743222491s ago: executing program 0 (id=2827): mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) socket(0x2, 0x1, 0x106) io_uring_setup$auto(0x80000000, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) r2 = set_tid_address$auto(&(0x7f0000000180)=0xf0) waitid$auto_P_PIDFD(0x3, r1, &(0x7f0000000040)={@siginfo_0_0={0x2, 0x4000008, 0xf8, @_rt={r2, 0x0, @sival_ptr=&(0x7f0000000280)="79ca6170c72c9b5affac767c0127e58e38f3f407303ed544651fc514ea2bf3a8d8ec1b5efc99d62cbb8043d4582607afd440f400a4fdcd74a0d6cc759ee437d05a5a149e70f79615cb36ed421aea340b2fe6"}}}, 0x20f5, &(0x7f0000000440)={{0xfffffffffffffffd, 0x82}, {0x5f, 0xd}, 0x0, 0x10, 0x80000001, 0x8, 0x1ff, 0x22, 0x5, 0x501, 0xfff, 0x3, 0x3, 0x9, 0xc, 0x9}) prctl$auto(0x3e, 0x3, r2, 0x4, 0x0) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) socket(0x28, 0x5, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000180), r3) socket(0x10, 0x2, 0x14) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="18"], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4c084}, 0x51) sendmsg$auto_NL802154_CMD_SET_WPAN_PHY_NETNS(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="01002dbd7000ffdf4a737ddbdf25140000200800032f6b", @ANYRES32=0x0, @ANYBLOB="0800010006000000"], 0x24}, 0x1, 0x0, 0x0, 0x4000c00}, 0x4000000) listen$auto(r3, 0x2) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video3\x00', 0x2aa01, 0x0) socket$nl_generic(0x10, 0x3, 0x10) select$auto(0x9, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0x3, 0x1, 0x948b, 0x9, 0x15f4da07, 0x6, 0x2, 0x64, 0x80000020, 0x1000, 0xb, 0x9, 0x2, 0xd8]}, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x8000000000001fd, 0x20000000007, 0x4, 0x1000000000000bc3, 0x800, 0x3, 0xff, 0x10001, 0x400000000003, 0x3, 0xfffffffffffffffc, 0xfffffffffffffffe, 0x80000000, 0x9, 0xffffdfffffffff81, 0x4]}, 0x0) 4.64839114s ago: executing program 1 (id=2828): mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) unshare$auto(0x40000080) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008012, r0, 0x8000) mbind$auto(0x0, 0x2091d2, 0x1, 0x0, 0x6, 0x2) mlock$auto(0x7c87, 0x40022a) r1 = openat$auto_ns_file_operations_nsfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/ns/cgroup\x00', 0x8080, 0x0) r2 = ioctl$auto_NS_GET_OWNER_UID(r1, 0xb704, 0x0) mmap$auto(0x0, 0x8, 0xde, 0x9b72, 0x2, 0x8000) r3 = openat$auto_blk_mq_debugfs_fops_blk_mq_debugfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/kernel/debug/block/sda/state\x00', 0x100, 0x0) socket(0x11, 0xa, 0x300) ioctl$auto(r3, 0x80108907, r3) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) lseek$auto(0x3, 0x40, 0x1) openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/thread-self/maps\x00', 0x0, 0x0) socket(0xa, 0x3, 0x3b) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_ftrace_set_event_notrace_pid_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/tracing/set_event_notrace_pid\x00', 0x200702, 0x0) write$auto_console_fops_tty_io(r2, &(0x7f0000000040)='4', 0x1) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) recvmmsg$auto(0xffffffffffffffff, 0x0, 0x10001, 0xfffffffc, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) pwrite64$auto(r0, &(0x7f0000000380)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x88\xa8s0\xf5Y\xd5>)\x14\x81\x00\x94\x1a\xd3\xd3\x1d\xf8\xbebZ\xddL\'\x03\xf1`\x9f\x1e\xf9\xa4\xf8\x15\x02l@\x18*\xc0\xc1\xf2\x14^\x0fo\x84\xfc\x89\v\xea\x1b\x8d~\xb9D[\xe2~\xe6q\xf0\xcdr\xfa\xa2@X\xb9_\xdd*\x86\xff^\xbe\xa2\x00\x00\x00\x00\x00\x00\x00\x00\x00k\x00jX\x9e\x06\xe5\b\x9c[r\x91\b\xe7\x89\b\x1dM\xa5\"\xcf\xe1\x86\xa5\xab\x14!\x9eK|l\xec\xc7\xaf\xa5P\x88\x84\xe4Ee\xe1\x9a:u{\xb9\x10\xd8\xfc\xce2\x93=\x12.\x82\xa3L\nX\xad\xeb\x19\xff\t8\x84\x16\x9dO\x9b\xec4G\xae\xae^\xa4\x86\vX\xc3\x83\x02,\xa5*\xe1B\xb1\x8aV\xc9\xbb/\x13\x17T\x06\xf0\xf4\x944\xbeF\x91\x7fV\x97}iT[\xcd\x90\xe1\xfb;\xf1\x97y\xb5]\xe1\xecLBG6\xcd\xfc\xd6N\xdc\xb3\xbc\x1a\x1a3\xfc\xed\xb3\xc8]Jh\xbe\xe4\xba\x8d\xa5L\xd2\xcc]\xb2\xeb\xc0\x8f\\\x908,\xc2MKr\"R\xd8U\"8\x16\xec\x02:{\xf1}d\xa1\xb3\xe0\xfc\x82\x1f\x8a\xbe\xf4\x8c\xed\xa3\x1a>cA}\n\xb5\xb5UdzQw\'\xbaN\xe2\v\xa9\xf5\r#{_\\\xb0\xf8\xb6t\xd9\xf9\xda=6>\xd6\xf1\xc4>\xb1\x04^OM\x1e<\xb97lu9\xbd\x9c\xd3\xc5\xfbN\x94lu\xcc=\xa6M\xe0}\xfb\x1c\x92o0\x050Y\xecT\xa0\xc7\xf4\xa9r\xaaEp\x91^\xcf\xe9vrj\x05]\xfd\xb5\x02\x13\x02\xc7\x1bL5\x17(P\x1b\x19<\x95\x04W\x1e\x9c\t\x9c\xb4M\xea}\x00\x1a\xc2\xe2O\xd4g\xcd#z\xda\x0f\xfaM\xab\x9c\x0e\xf9:\x8c0Y/\xfe\xceoQ\x1eK\xb5\x92\xe1e\x147\xf9\xb3\xa5\xf8\xe4\x9f\xcb\xd6\xebs\xcfZb}:\x93\x9a)\xe9\xdf%J\xb6\x8c\xdd\xd6\x91\xafv\tZ\xd1\xec\x15\xe91\xc3B0\xb8\xd2\xf6\x9f\v\xeb\x02\x8b\xb1\x1e\x12(U\xbf\xb4\x87\x8aJ\x14gt/\xd4)\xcds\xbb\x18\x97b\xa6\x1e7\x02\x14R\t_\x02\x1b', 0x4e, 0x3) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup/cgroup.threads\x00', 0x80302, 0x0) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) gettid() openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) 3.83915586s ago: executing program 3 (id=2832): close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x4020005, 0xdf, 0xeb1, 0x401, 0x8000) write$auto(0xca, &(0x7f0000000000)='\x04>\x01\x01\x00\x00\x00\x00\x01_\x9e\x99:R\xcc\x96\b\'\x02\xb0\x93l\xeb\x87\r\b\x87\x14\xf8e6\x9c%\xb6\x9a\\S\xa2(Q\xcc', 0x7f) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) socket(0x10, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c03, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) bpf$auto(0x1, &(0x7f0000000000)=@test={0xffffffffffffffff, 0x8000, 0xf9c, 0x466, 0x9, 0x3, 0x4, 0x2, 0x4, 0x200, 0x1fd, 0xb6, 0x4, 0x6, 0x3}, 0xa3) writev$auto(0xca, &(0x7f0000000080)={&(0x7f0000000040), 0x1}, 0x7e) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x2062, 0x0) write$auto(r0, 0x0, 0x81) ioctl$auto(0xffffffffffffffff, 0x5646, 0xffffffffffffffff) madvise$auto(0x0, 0xffffffffffff0005, 0x17) write$auto(0xffffffffffffffff, 0x0, 0x81) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, 0x0) bind$auto(0xffffffffffffffff, 0x0, 0x6b) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000005c0)='/sys/devices/platform/vhci_hcd.3/usb15/15-0:1.0/usb15-port4/power/autosuspend_delay_ms\x00', 0x4000, 0x0) fanotify_init$auto(0x5, 0x2000000000002) r2 = open(0x0, 0xc00, 0x409) preadv$auto(r2, &(0x7f0000000080)={0x0}, 0x4, 0x8001, 0x6) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x401bf, 0x734f, 0x37, 0x67f, 0xfffffff8, 0x7, 0x3, 0x20000002, 0xd, 0x3, 0x1, 0x2091, 0xb4, 0x9, 0x6, 0x6, 0x80, 0x4, 0x1cd7, 0x1000, 0x2000, 0x203, 0x8, 0x84, 0x0, 0x0, 0x0, 0x0, 0x3, [0x0, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x1, 0x0, 0x0, 0x20000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x0, 0x4]}, 0x1fe, 0xd) io_uring_register$auto_IORING_REGISTER_RESTRICTIONS(0xffffffffffffffff, 0xb, &(0x7f0000000280), 0x1) io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x9, 0xffb, 0x8000000008011, 0x3, 0x0) 3.598932782s ago: executing program 1 (id=2833): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x2000c000}, 0x0) close_range$auto(0x2, 0x8, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) socket(0x1e, 0x4, 0x0) r1 = socket(0x1e, 0x4, 0x0) get_robust_list$auto(0x0, 0x0, 0x0) setsockopt$auto(r1, 0x10f, 0x87, 0x0, 0x14) setsockopt$auto(0x3, 0x10f, 0x87, 0x0, 0x14) recvmmsg$auto(r1, &(0x7f0000000200)={{0x0, 0x2, &(0x7f0000000140)={0x0, 0x4da}, 0x6, 0x0, 0x8, 0x7ff}, 0x1000}, 0xffffffff, 0x4, 0x0) r2 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000140)={'wlan1\x00', 0x0}) sendmsg$auto_NL80211_CMD_SET_WIPHY(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010029bd7073000000001400000008000300", @ANYRES32=r4], 0x24}, 0x1, 0x1400, 0x0, 0xaee2e45ddcc9e3a5}, 0x20040080) sendmsg$auto_NL80211_CMD_ABORT_SCAN(r0, &(0x7f0000000a40)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000a00)={&(0x7f0000000300)={0x6f4, r2, 0x20, 0x70bd27, 0x25dfdbfd, {}, [@NL80211_ATTR_BEACON_HEAD={0x6d6, 0xe, "d746c94ab0d671b83ca357eec2b26a0e88589f1569f3c3ff0949849c0c37065ae7f9b1f33344a5e784848f21aad6c852580c08b1bca21715919b3d076ee938881e3227bb4019353270e7bc6ae36dade74847cb861febce3b997323b2b5d88a3d4db2c6e56eda5bc99bd9afb226713303ef6a1ca0e179e2f1a87754959497d31ff38e8471658c08f82f8fca8ba0e4567371cb1b31022d7f11c7797b0fe3493a7d276b92fcdf0db7ad08e24ed5ef6c63b615d77a9d258c1697df29efb5742fc2152bebe5485b024ca7e3595b596d43a357a964e03d0b58b8a31ba81e07c7db29026f9af3510b0dd2938befe56a709098452fdd45f551b3df1f503afcbb4b08366d3710d60254bc306d92e38e2ac8e8bbb84e1502c8de673986ddd5e2d2bf00a4c1435540f97496431eef124df35c30ed8d2578b508c2e4ac8f44673b67df02244433cc8c0999948ae07cbb69a4ea163c74cc9529a16386c610e73407fdd3b5c5e7d0d3debb656f4c1af666e960890e998d26b3e62088106212c73936f63df13a03e84e810f2a3a734854e49b43f3d147b983c1e9380bd54eabe5e295f5cf444ec2a3958d558b52072af65ff98437f627b73cb31dcfd9f0d0c4a41be69c675ff2c99405a9818653a6d35fcb5069b9b59ceb6a888f756a320702dfa657907fc3836091049773334d1ab90db0b65bee6646e53e35b7ed894168380d4091813a0c2307c865e1194a84e8989f797d70eaa6a2f398c490b8213e144159c09e984a65dcb94cdf269a158b91b0d413aa62c5df3e0cda8c1ad2be1462339c0f28bd5fcefce5875b16d96e142b4f1bde5472a5a248eb047b974cc15c2b790722dc9132224814bb95e0d977d53f02b33e22c9b03dc44d3f70e848af286e55637a02f6978f688087d8a619652ef8e797565be0cd06449210f1003db1415004e391ec0a2c2c5a65ebaa7d2a514108be92a24c78637c2b97096e1cac405a8ea09e1912ae5dc133756903988ba935ba6c9e54ce0c0e9a63e133b0a58afb68444f4ab361e4018cd58f7aeefaf501722a3792aa32f875d636f52cad369aa0b25ee13389bf9aa529e36d51d03296fb40ef701b5c1580ee9ec238de420206a6601bc7c28e2ff2a0adbbcddf7d0cebbb6de6f89bb41a0cdbeebc861e2d1c32f2cd2eac58f31a723eeee1aea7cddd25df90a7ed22827a984ef7132bc2cd50688c4e347c8a1799a07adc0f7ffbdb7eeb08f2c9be5d964da57aeedb962abe5ebe40b15c1dd89611e1c954ff08a37f6a5ddef2465d68b06d5e26841c8df83ce069fe11bd3c4ed3be3be2f24b775f9cfa9ad23c21ccc04c35d62069a126fb144ce1b01752eff3999f1f2e2864fc6ae72a811c8d748407887a9bbcf64e5a284f23219c0c4781a6d44a0cfd489e4c30b4bfd0c46eb09933e6f754b649455851632706ca4f1e1019289f013cc398da8ab902c2eca7dd54412c0df690cce020216e9f0c87cb05948c01f97ce0e067563d88c4885a4d347a9312f8e8a83c9926556ff3761ec26fc69ef3459acf5e4e4e8bb5a04f7f0c873b5c0f4e09d885d41fe45ebb676747c9b52eb303b5a471ffdc90a4e69aec75e6d3f5088884461ccfa8438b939f2a1d34227ffb2e970a57a7287650587349d161313082f9d6c00860da94be5228714125e36d906ecd2d236aa4e80f154f7d2a60d81aa24563dd2bdd4ff3f7e8bcf7fdb629ee9dde68f8687d5cbcdbeec4b7f01a062e15634f5df276a46c532fd9a98be3d7fe097e112b2576d632ce69884f94f3dfd701b4181242dbaf3d31f171111473942a1ff0238111af3103cf8e7947d20eb0b366a0027e685ba249a766431c7a487b6e54da6ab8c3414a23bafa49414138a3e85a0e071744c19a07e312bff19e9c7f2ef4f7fa747dcc13145064f4e849fa0270d1ebba7006547bfbc1504101ddeebac41ca9f432bcf225f016f4b6a757b8e4124334f15367aade1e93aa8dfb073da96225fa293102eaaf2650774f0c1115cfd79a080985c6ddc65592824b41787eba244bf537c5a2b607a772e431b8192f4865e729bcc5414e2d713977a29db1a6ebf0b342c03fedabd82a71e3f1aec1bc14bf3b425856d4ffa71a1a9a2f75140df29c40f72da45dfb1924d6b00ecbf0e94b886c68a59548b26f131337689a0cd141b2963c970a5eb93b4c38cbc3ae33e033e160f6118d2238aa454fb03f9099c2014a5286ce2be264c589732882d191ff5004e8ef9761071e699a47db965589c2de7733670c50b690f14fc7b3d72ea237d0652649ad43bad61e773c562f430659142a10d2287d09e0de34fe833de9de3230e6d21239c013dc149490227b82adeb45e60bc015d2bbbde866e21c05da2f82d0bc5b0da265cb28401e19c695117cd7b4c31c34d768d414697cf6e20258c9b3dbc97354cdbc99c19a6663d94b7982ce5dfb689dce2ec41dded158d3631884859cf3793889dd0f95ef64be"}, @NL80211_ATTR_WIPHY_RETRY_SHORT={0x5, 0x3d, 0x81}]}, 0x6f4}}, 0x40080) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f0000000140)='/dev/cuse\x00', 0x1c1041, 0x0) write$auto_fuse_dev_operations_fuse_i(r6, &(0x7f0000000440)="1100000000000000000000000000010000", 0x11) getsockopt$auto_SO_DEBUG(r6, 0x1, 0x1, &(0x7f0000000100)='},:(.!/\x00', &(0x7f00000001c0)) r7 = getpid() r8 = setfsuid$auto(0xee01) setresuid$auto(0x0, r8, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r5, &(0x7f0000001f00)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000001ec0)={&(0x7f0000001f40)={0x1408, r2, 0x8, 0x70bd29, 0x25dfdbfc, {}, [@NL80211_ATTR_CQM={0x289, 0x5e, 0x0, 0x1, [@nested={0x18, 0x137, 0x0, 0x1, [@typed={0x8, 0xb7, 0x0, 0x0, @ipv4=@empty}, @typed={0x4, 0x93, 0x0, 0x0, @binary}, @typed={0x8, 0xa2, 0x0, 0x0, @pid=r7}]}, @generic="0c7bca135190d9ab29869a42a0b8325aa184c13dcbfd025d00ce8ed964bdba50d3a0f412d7599356c5cc79a20da377aeb1c5b355822032de3d90830dafdf0c7f4785afd7a4ddbc4f102acc38e4e0478378f772678789afbfb2b15a1981a23266e0a0305af035d9a33b727ce5cf6b552ee7c1eda2698bc7bebb3fdc0e1e1e25b3bbd518f759148dc552077bbed05c7f9269886acddc5aec0cdf01bca8b73b7e39383e06b2ffd7172d5dd4f6cc016638e6d69f27b839076e", @typed={0x5, 0xd0, 0x0, 0x0, @str='\x00'}, @nested={0xc, 0x146, 0x0, 0x1, [@typed={0x8, 0xcb, 0x0, 0x0, @ipv4=@multicast2}]}, @generic="17c3f700f16ac22990636f47f0656f6b6936fc8a1a311cc455d80867b107ee05e7f9cdd618c2e567d7ecf79d31299e454638c353025f02993e34f49f359cae1d1331b7825f8a74589ed21b6bf747a9252fed8098c8060701628dea85a58d8050d1b0db4714d70e61993df7505679e7b251b63920a95758d755aebd9b840fae0921c213776a4b0aac279a66c35342d4d69c2e8d774dec61452cacf3c1091e8e81c0ffed25ea42cf900834b407ddd40572209af6d976d80aef5f2d28f64148ea7d16990f5b5bdddd37", @typed={0x8, 0x81, 0x0, 0x0, @uid=r8}, @generic="a628948c7a1e2e056a527b0dfa36b28f18abe1527d8e6ccfceffff4bcb81b8895328329cbf360938b2dd30306bad7ed61a33bbcda75632fbd8d568c61be4e204369afb563b49f34b897af9c6a6e82fd748c47bd71b6ea3f5797c4859c0c22a1d8f44c97cd017820f005ba1a3088f6debaca719ace433ee08ed36bc8a0ab6a37e7a4527018645c2a135e9a39e924155021d2da840fa0c90bd1d7a4dc883b5dcd3da7ad50b1279c247835ee799b7f72d7b783199985a1fc822c045f662eb7090b5cd947b7b20d2c02f69d61eb2647d6b65facf"]}, @NL80211_ATTR_CSA_IES={0x1128, 0xb9, 0x0, 0x1, [@nested={0x10a1, 0x1f, 0x0, 0x1, [@generic="83762722cf3353b0cf177f0dacf2316636b2de6efe30116667f43b2d2ef5d4e77bf9d46456813e521ed1d5b66aae0cbee315d7bc133fd792d5d466190dc13abcda0d28221a46b5bedf6bc29b466f5d38ab9d364b26615e7c8dd485c253871192bb377f1c56f0e4cf8ecaba8f76b983e8760d1a4c7cc67bdb744f66e2e23b1afff0af49896d71a69b76ab4f025c41157da0925ee3cf09efdff0", @nested={0x4, 0x149}, @generic="a938244aa4fe98c96c15b86b030a9784705a3e4d1e2cdebcf3f7d5130f3b335af9d77f8696223b94af78a7a143516a5e7c66abc2ca3874aa58112f4d7bd1c084b1f4b63d3f676b517300e727849fe17095e4ca018e7d4ee32d79c323b46779f4960ef0bad52dbd55bc043b4f4741eca24d1c886f088ebb327730e66870c7cdf063a3072443a8bbd6f74362f9f5b9e1efdc321f31467924dca8a7d9f75b389d20f2d18af1124943254db04fcdcac58bcfb3068315968ce6d9357bd572537a80711172223ca3d1a2ff21684dd4f4c37fc65f88054471ae621ce11775f02b4852e718f6e86e861872fae6fb526d3db6583c70a6e6412c088caf6a481a5fc9681b81e71f105c3401edba52235d8516cc5d16ea12ff402e8702cf63686cf3b4f65620fe6a21e5364e0326816ecff081b331add741303f49c140cbd978f477b8c6616ab91e09b3523723205172be148069daaeba6e7fc0f3e3e6e5979b016e6d4640175a39835c42e47f6b10d6b9bd2f4424966fe3d7746fb20098d092104dc90989700135b53f663609336411c8408738e98e355a06f295d35d896a72be83cbb5e84bc5fbe584afb1df1faba5483a500a9386521826df97736e6fbfd12777f09af9de80831d0323427e18406b2db3e051ab91d779665e69d2c676e79d6121384a45be197d59dbfbdb5c6edac52c4dac3e882a79edcb4e8793daadb7c0097a9057fd0efa5011a9dd7277eae815e551aaefca7afe74f4951f8789fe4d0d5bdda26cbd42e578ddb9cfa44086b8d975864031bdd1fb72ba87c819891e26721d197aee24d7484eec7f42a6035649790a535a88d0514aaaa58dc9f1568bb02f315876be7e84e7dfb824be8cac52fb4f06057804cab0719887a18920a17263e6e9c9f9639f1d6eee6a6d97ab46af107733539f336806d6acf77f78dae06245945e441248bd9b82eb97455a0025d189529a4322ad267d308ffc7401fe940d996ec8fda1c9fe2a9442d3fb0c55c82a74fa216eb8dc3d46fa09f22691de74f64826d49d7bae410e35df9eaa0725a9beb9499657da1a3921f138afa05420b70415b3bc8885495f7afc04dede98cbb9285e068ed3401b27b0147e66a835c44cad65bd8738cc2b60dcec20b19867c187aa679ae14fa021321ccaeabd4f6832c0229d2dc9a1ce9218d5c8e4e040a03b14701978df5bcfd22b957d2e901888ce556d9e63d8d4bc7609b8705b06d98fb7aba8ae0eb44825d4d46896e61fe7abc15c10bb6743bafcce24c91a937ebef08d4723e033d66a7c2b10775f9e2eb42fd776202805efec1a019e2124e05f49b79bfb32d503a8deadecf7780a01ac8b2840e5bd6c8bc0078962c480b7b3ec3f58816aa5e3532cf841c6606d0d6bb643ad0ded99bd8448ea78414d3e7bb049585c9b12d80811675cd6653c76693cd2337e64ae133178cc620dc365fe1cd6bd5e51333f63aa5eee0c9219d0b19322e37651063b78f9857d7e6e39faa833328189eab4dd8c199371688a77bd3855537f1b6a2d376e48c8bb1a99e5df4c9a24c5b82ac5a19be8ca7a76e057bd91c3933268d47be9cb3123f370b3cde125e68fd86e8bffb93e8383b583c386f0072c65f1266018b5f9b509eb57b4e217bae1749fef8beb4714ea30ed83ecb9a01f3bd41a47d77aab6e95fe4c5059a10358c64b1e705a322dc09933594a74eb52e8cbc96e293b0d26ab61075c1f9c2c71de57c3266b18d593e10c7390390b541336193e54755ffaf3cd8bcc1c265be1e4ce5c78d94deff4bcfe11f0d8e71de04724ea732fc1333dfe586c665579a49301be6200812c33a3363866cbbbee0f3341958e194bbe5ce640d9d2725b90d6914365f3671ef0cb1a31af731af3365bab7ff4b1265913685fab26b3ed30ec17cb86f317f3fd864013ecf1b7de1f9634d306d08449c41ad9e2c9b64ea55200c03fd2b996a172ca348da347d1bff7338bda7df6a34c370d32d7ad1efc0abc81ae2462dc28defd58e7e7c31c9397598b78e7ffe1a59fc308224c0ee542b4d1bc16048e68041c15bb82ebeac5e775591c23843681875664a63fb09fcb24710715c07ea3c343d2a3fde0e7b6d5ba164f82f4719508c577aad12d74e64e48502e8c082f1d2dc998fc4503a71dd400623798516c59436c8a2d08256614e40400dcf3e8bb026c044abde75c2e6fd35b154503669b0b0bc00e8caa6c1960a3c427d24551d3b4f8487a58a340c68c242cff6b9d5636ff51d1aaaacbfdb8b4ee33bb056c77a8e9fba4fa7eb6ae7a38b3371b4907515342ef2fea277bebef271e6984402c5a9ad123a742a7164e184674153db2e51990f066db7a18c4d16f059ccc4f3e656d8683b12825d522c20f64c6b16d7346f96b5db72fa7f968861f560be54fb2f270583399066b58eecdc3e7f6b0bd2ab114d39652fb3685e9366bb61ce9dae50ce904aa1c105fc4efa6f8ee224fd9f5cb9cb186d02835f8031696e06bdea56d04650b2b767c656635bd7489d17e36d31a46a84f5902e4dfd3bfaf15b2d34db2913954c51f8e8afb873b5326ae185e4b51de3ba4cd367374f8f483dad1dab835e22fd77a63cfe679a580fffa6d165460de996409cd379df0b89e349418f14925c67f3b045bcaabf899c0bab7c5df0ca2234dbfccd46ed4bcb2f3add2a5198d94ee9a5312a4f0b1165a1e21288de925734f609c30603cf20004fd8ef218e770cd88765cf6e4cdf96ae3de021e78b7c0859911ec7a34d782383d816d3518b3e25a8b117f5f75ab2d2e3a7c72100dea05e6e6c57729b8e3cb8531d0977a369b03bdeaf1e68c2cf46e01b976d9b388dce00e71e766fa4e68486df7c75316ea2d0b5ba3effe8eaeae258de0ebd9b374033831e6eb64edd0153f6d8982cb5acc8550f2ea1ed5105376189f61bfaa74fc272c69d61570d54d76f3303b37da1f4a201f740cd081fee8a0d97055e0ab5894e72a3a2a53c5df3fda79b8a61a674e42bd45e1690eb792d26533e3f45fbb08957a28e27633d87e71e6f7b31e00d59fbbc6bcff8bde4f2cd11f2cbb19e062802eba5e90fb8aa65ed3b27c5b83747fc4ecb5bc6ac423149579db949640cb8ab21f17520e24be76adc88e78c5689b92f15234bd2cfd41fbe81f2f5638e6b8b9216d33fde9acde536f8e5fd2a8192aa3907a922b324181979bd1fa8be1d34a160b8f734de8d67be14c68a60c32d3297c767fd81a467bf76a1823733e6a30072c19c858a152540f4db6bd56a78e13ff42e599c3b52aa23f1ffef33b6d2e3a4c69c10b89b00206beb4270c8afc01d6cd76c65dd70d3852dac08ce6ad3be3d73326fd6e2315ea10bd5652261d98dd86ecc017373a552e9f357f3b5ca541af751ba438cc78916027125e1195b74407a3a3756edce22dba1bcbf8f80dfbe17eef712683b71a110dddc6831d62449324b09cbb335be6f041c0d204092dba2b22dc836eecdb41159b04282ce1cc16cb4d34745fa3a4683c188d60c3d17773871286235358d05ed7e07abd0dcf57f4eb092b938a5e3bfac8ec84fff1f85f3f752dc73a52317a9f057b93ddb1f8d7c3fb8fdf623c2ff20041d55f3372c51a6211ef11d647f52e3f5db35768729ff0a5ab7cec9e3d45cdaab32c64d46ec262eb84e10a861050cf9fa99cf01a68d7e1bec19ffed1c69f5d0e469bf3ed4ae11b7b8cb678b080ffa33ee57e20b9d50ef52f1a32ab2a4a102b7a7fb8da0e4b04004caa79c9609f341a6f6b3c1904234f519b12ca31407670be1d6b7b7efc22b288ad56a6c64d187295084b04cf8ca1456f002c1cb6c99170a3d68e1ddd5fc56bbd3bb5e9055bf5501b85211a9485b244e3a772d23c43d1b1aa20227fa9bcbaff47fffabfadf07df41dcc4ab34c66de34b86f27a5125bc20e1e8c5e63bfcae9dfef83b005ea8e14b9199a8bc3762a5ec4aadc9bf9a147fe3fe63709c99ea7722bd36c5a3c5b69155b46440e6694d5e13a5492277a8ba4c79a29eb6c5bf5525092cf47dd9234a5bfaa79cb935f0bb843fc2134939d0bae168ae2fbd1ea1e88b539d26ca094e915dc5612abf71d17d53ab38727ad60dff42700d7bd8461758ad2f881349a4b3ad7431368cccdd3c827c5095aa8dbbd780b4639f8d09a0d7b3903168bbfca4d169a0281fa6e20723933232f3c85ae2d743d14764aa2419dde8f1988f2aae40350dcc7ff94b8c19eda33b1ec8856183bd5c5732c8a71b3c15013c10eea2556e8ede07c9e2a3b804a9107ce50b68c069d63225e59d74b86667f445fec2f9aed161638de7a292f9a3c2942e74b2383a861a1a5c270a009db4c967b338b7ed6fe777c0f33da80fcd20ef2cb893e419fb98fb1bb0cb9c4835d9cc657a759aedba4ad9ddefc97f900cce6180322a887bb500926bf04faa541b7175ffcb0a23c97625ad75ee09129e77664c8cf808dfdcefc80f72544cf5654805651899a54159916be3627ea553f3571dbc9e82ac29d2cb086e9771d11bd1bf931a837e927f4df89e544885b16d8a26c8a27e310e5d54c5ec81edd39608f410a145f84143faac93b27ddf53cb7b430216156b39e0eb70ddd8f2d9bedf27a13719bad2638b23833cfe29c75fa8d9cf6adcdc5736313aafcef882963513abb95b6ff46b4b956fd0d33cdea7b95f462224f56f22089ceed5cb6a4e0a7a98251b74c789befaea587d86cadbd96f5def5c1246fd248c01733f1a83abb4dc1ddfba27b7bcaadcad03d3c5f66802fb02a860e36a902a58c5fc8d580b70960ed1a2457638bb101e2112b37c03b973a781d9431052d42bdc05a7ed79003a1d69dc6c833b1140c3afa53fa580a58ea0c818b1465ba152c32c4efe73d13a262fdc11341ac90662d1a7af90a7bbee52ca82196dc517b04e9eb340a5c887c95945a123d11aa8c8a13dd1de35276e147defb334c0b865e21e99a379c6658291b1b04f51375399197ec29ac1f435258176771ae55be48e73ac2722f935a14f148ede3aef25d36032806c88aeed2744a06222be44ba9dc08f0336ae3f6dbac3aa70afff1df97a3bf2ee60ba87c78d15f0780a7a73d3a125627ac4ddb36fca014427330c3804fa88274839456aa3d89d9961b38ebeb187bec0d8399fd815d44d9c289de8887760d75b5ee6191bbf9b6eb97efe8da1649be938dcd994d0595d49961e05aaa18276f7e9ba876493f307d4f0d13d5b11dc39b41a3df95783cf3b4e7bc13f7c5450e7101806dd38b72ca8cebb0805e95bb140d93a86950c201b45b84e4a430a2c7d79369db00998d70a2bee354f374ec3c25870f555a936a1ab24ef6d86d22cb8aa08cddb0aa83ee4d357d165f42055a3548e6145b7f16eb494bf3d9418e84836c71b7798f71ab992472e4fa35d148f98794cac12b0c17ad5f3b303c69e45c8c748cb3f0677547a98ec017d3179c46b7a50fb80516e2841a608956618da36e992251acad034de400146acc82b1b76dbd5f76fc7648e8e6a700a72d1202f96c72a781cf7b33c13df0fa8e9011c43d1fd3eba9c66367d677307f18b05acc3f986a2cce96362f7c7c3ed4de018156f8d638a0da4cdf50e3688d7c31d9b80b5bd4b3acc03f160c50aa66b679521b67ebc3224b54451b0326f93354474b43f4106d79b913789944aa4c61ee3974961c1f1d4e37f9dcc1ab98c1f40c4833c1842b913bb56fd69c1b8f55e76473bca6e0e4efaddfef5ba109e26e72d68a481f795d04199be1d84c4275f90ff5c50ad905eab01a5fbdedbc637aa5b6f6acef7a8e90e4860a322155d40929faffd51d781a6518a997faebd4d902ade410e6ea32ef1c925a2cdea150f13f8ea35db2"]}, @nested={0x7c, 0xa6, 0x0, 0x1, [@generic="5a285b156f94665f1b967a257c1172d57974f133342edeb71c8389c0ae9da533cba7c9371cc32efe6b8e69f44a737ff4a95178b8db73e7d6a53e24bde27d58b33b75f243f586bc5688495dc162e43913cb060a6fd34347c0cc28ad4c9aa54d2cc4fa5214a446744a9859c9fb0965b8b52c0a33e233dceb84"]}, @typed={0x4, 0x77}]}, @NL80211_ATTR_CNTDWN_OFFS_BEACON={0x29, 0xba, "8a9740d55adcaefe50b1797cb10892da185b79bad7aa34bb51f0dc0fdd6ee03d6375f9a0d8"}, @NL80211_ATTR_KEY_DATA={0x14, 0x7, "9238fbc3514aef7e368d78f2f326c8bd"}]}, 0x1408}, 0x1, 0x0, 0x0, 0x80}, 0x0) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x230) setgroups$auto(0xe32, 0x0) write$auto(0x3, 0x0, 0xffd8) 3.491601134s ago: executing program 2 (id=2834): mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) socket(0x2, 0x1, 0x106) io_uring_setup$auto(0x80000000, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) r2 = set_tid_address$auto(&(0x7f0000000180)=0xf0) waitid$auto_P_PIDFD(0x3, r1, &(0x7f0000000040)={@siginfo_0_0={0x2, 0x4000008, 0xf8, @_rt={r2, 0x0, @sival_ptr=&(0x7f0000000280)="79ca6170c72c9b5affac767c0127e58e38f3f407303ed544651fc514ea2bf3a8d8ec1b5efc99d62cbb8043d4582607afd440f400a4fdcd74a0d6cc759ee437d05a5a149e70f79615cb36ed421aea340b2fe6"}}}, 0x20f5, &(0x7f0000000440)={{0xfffffffffffffffd, 0x82}, {0x5f, 0xd}, 0x0, 0x10, 0x80000001, 0x8, 0x1ff, 0x22, 0x5, 0x501, 0xfff, 0x3, 0x3, 0x9, 0xc, 0x9}) prctl$auto(0x3e, 0x3, r2, 0x4, 0x0) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x2, 0x14) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4c084}, 0x51) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video3\x00', 0x2aa01, 0x0) select$auto(0x9, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0x3, 0x1, 0x948b, 0x9, 0x15f4da07, 0x6, 0x2, 0x64, 0x80000020, 0x1000, 0xb, 0x9, 0x2, 0xd8]}, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x8000000000001fd, 0x20000000007, 0x4, 0x1000000000000bc3, 0x800, 0x3, 0xff, 0x10001, 0x400000000003, 0x3, 0xfffffffffffffffc, 0xfffffffffffffffe, 0x80000000, 0x9, 0xffffdfffffffff81, 0x4]}, 0x0) 3.260648622s ago: executing program 0 (id=2835): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup.cpu/memory.limit_in_bytes\x00', 0x182b02, 0x0) syz_genetlink_get_family_id$auto_ipvs(&(0x7f00000009c0), 0xffffffffffffffff) unshare$auto(0x40000080) mmap$auto(0x0, 0x2020009, 0x2, 0xeb1, 0xfffffffffffffffa, 0x8000) ioctl$auto(0x4000000000000c8, 0x400454c9, 0x3) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0xa, 0x3, 0x73) setsockopt$auto(0x400000000000003, 0xff, 0x24, 0x0, 0xfff) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) ioctl$auto_FS_IOC_SETFLAGS2(0xffffffffffffffff, 0x40086602, 0x0) mmap$auto(0x0, 0x400005, 0xe2, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0x600006, 0x19) sendfile$auto(r0, r0, 0x0, 0x3) 2.450599679s ago: executing program 3 (id=2836): mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) unshare$auto(0x40000080) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008012, r0, 0x8000) mbind$auto(0x0, 0x2091d2, 0x1, 0x0, 0x6, 0x2) mlock$auto(0x7c87, 0x40022a) r1 = openat$auto_ns_file_operations_nsfs(0xffffffffffffff9c, 0x0, 0x8080, 0x0) r2 = ioctl$auto_NS_GET_OWNER_UID(r1, 0xb704, 0x0) mmap$auto(0x0, 0x8, 0xde, 0x9b72, 0x2, 0x8000) r3 = openat$auto_blk_mq_debugfs_fops_blk_mq_debugfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/kernel/debug/block/sda/state\x00', 0x100, 0x0) socket(0x11, 0xa, 0x300) ioctl$auto(r3, 0x80108907, r3) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) lseek$auto(0x3, 0x40, 0x1) openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/thread-self/maps\x00', 0x0, 0x0) socket(0xa, 0x3, 0x3b) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_ftrace_set_event_notrace_pid_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/tracing/set_event_notrace_pid\x00', 0x200702, 0x0) write$auto_console_fops_tty_io(r2, &(0x7f0000000040)='4', 0x1) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) recvmmsg$auto(0xffffffffffffffff, 0x0, 0x10001, 0xfffffffc, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) pwrite64$auto(r0, &(0x7f0000000380)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x88\xa8s0\xf5Y\xd5>)\x14\x81\x00\x94\x1a\xd3\xd3\x1d\xf8\xbebZ\xddL\'\x03\xf1`\x9f\x1e\xf9\xa4\xf8\x15\x02l@\x18*\xc0\xc1\xf2\x14^\x0fo\x84\xfc\x89\v\xea\x1b\x8d~\xb9D[\xe2~\xe6q\xf0\xcdr\xfa\xa2@X\xb9_\xdd*\x86\xff^\xbe\xa2\x00\x00\x00\x00\x00\x00\x00\x00\x00k\x00jX\x9e\x06\xe5\b\x9c[r\x91\b\xe7\x89\b\x1dM\xa5\"\xcf\xe1\x86\xa5\xab\x14!\x9eK|l\xec\xc7\xaf\xa5P\x88\x84\xe4Ee\xe1\x9a:u{\xb9\x10\xd8\xfc\xce2\x93=\x12.\x82\xa3L\nX\xad\xeb\x19\xff\t8\x84\x16\x9dO\x9b\xec4G\xae\xae^\xa4\x86\vX\xc3\x83\x02,\xa5*\xe1B\xb1\x8aV\xc9\xbb/\x13\x17T\x06\xf0\xf4\x944\xbeF\x91\x7fV\x97}iT[\xcd\x90\xe1\xfb;\xf1\x97y\xb5]\xe1\xecLBG6\xcd\xfc\xd6N\xdc\xb3\xbc\x1a\x1a3\xfc\xed\xb3\xc8]Jh\xbe\xe4\xba\x8d\xa5L\xd2\xcc]\xb2\xeb\xc0\x8f\\\x908,\xc2MKr\"R\xd8U\"8\x16\xec\x02:{\xf1}d\xa1\xb3\xe0\xfc\x82\x1f\x8a\xbe\xf4\x8c\xed\xa3\x1a>cA}\n\xb5\xb5UdzQw\'\xbaN\xe2\v\xa9\xf5\r#{_\\\xb0\xf8\xb6t\xd9\xf9\xda=6>\xd6\xf1\xc4>\xb1\x04^OM\x1e<\xb97lu9\xbd\x9c\xd3\xc5\xfbN\x94lu\xcc=\xa6M\xe0}\xfb\x1c\x92o0\x050Y\xecT\xa0\xc7\xf4\xa9r\xaaEp\x91^\xcf\xe9vrj\x05]\xfd\xb5\x02\x13\x02\xc7\x1bL5\x17(P\x1b\x19<\x95\x04W\x1e\x9c\t\x9c\xb4M\xea}\x00\x1a\xc2\xe2O\xd4g\xcd#z\xda\x0f\xfaM\xab\x9c\x0e\xf9:\x8c0Y/\xfe\xceoQ\x1eK\xb5\x92\xe1e\x147\xf9\xb3\xa5\xf8\xe4\x9f\xcb\xd6\xebs\xcfZb}:\x93\x9a)\xe9\xdf%J\xb6\x8c\xdd\xd6\x91\xafv\tZ\xd1\xec\x15\xe91\xc3B0\xb8\xd2\xf6\x9f\v\xeb\x02\x8b\xb1\x1e\x12(U\xbf\xb4\x87\x8aJ\x14gt/\xd4)\xcds\xbb\x18\x97b\xa6\x1e7\x02\x14R\t_\x02\x1b', 0x4e, 0x3) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup/cgroup.threads\x00', 0x80302, 0x0) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) gettid() openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) 2.383524397s ago: executing program 2 (id=2837): mmap$auto(0x0, 0x2020009, 0x3, 0xb8, 0xfffffffffffffffa, 0x8000) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_open_procfs$namespace(0x0, 0x0) syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000000080), r0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth0_to_bond\x00', 0x0}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000200)={'veth0\x00', 0x0}) ioctl$auto_XFS_IOC_PATH_TO_FSHANDLE(0xffffffffffffffff, 0xc0385868, &(0x7f0000000680)={r1, &(0x7f0000000340)="1b52b486db2f09cfb4f21b6874188a61c3f1f451b2b06bd34c8df4c047ef5ce74bbe2337cfd6ce7834d7d1533aff6af9e34dcc8dde5cab90ffabd1c0b17c923b35190a6afb0fb87027b50294b76fd78f8718d609b8a092e5564f7eedc8229d675d8abe", 0xf, &(0x7f0000000440)="e4964ec60178892e53d1ee70ff857976a67a46df316a72d85a3ef88bddecf1f57b459565712c8fb30137da8dd727703ea86e57c271406f048cb9693de1b945d1c16233456aef5cd9a3b2318f272655571109e88476141d2f3f81b5e33971d11b386a2fbabbd4986f282defe2f8e07b2c42702bb85af67119820b37927a217782e76926b39c4af81d95a25dd32db96126bf57e7c1928c7b17b546d177a2186cd5cf7304fb30db6202c021ce55f44165c8021066e283dc2b10100198d5ead0eda77a7b4fa8ea20bddfe49bde36689756c893721e", 0x2, &(0x7f0000000540)="4bed484837d2adf5c4c86b5cee88bb886020e8d42450b92917bcef73cc0a27d18b886a1d4c99cdc1cb62b22c8df200734c34931c0740e50e5114b637530f2acef56fdaf20347b85d41b8d8a089051c3be8df0c1de2fd9c120fe72eeb039f79fa43499693d08f53353c66e0b0b28c15183a5fa52322afe66f1c4445eb72b8d9cdcd8cf84c880c21cf662fe01d1a3f2d804fbca196f5bb3f4ffdd43ee1243e980f9156d9c54b94def49bc3609e45d11f7f8fb1cd0a502d78c91646bd9387bcc0a5531d92f834707477e3ff6bda072b40abd3e24fa65397c4251fd4f88237f2d8edb7d4f1f560b84853d0b7e658", &(0x7f0000000640)=0x8001}) ioctl$auto_PROCMAP_QUERY(r4, 0xc0686611, &(0x7f00000006c0)={0x3, 0x9, 0xfffffffffffffff8, 0x8000, 0x400, 0x7, 0x4, 0x1, 0x81, 0x4, 0x2, 0x10, 0x80000000, 0x1, 0x3}) r5 = openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f0000000080)='/dev/fuse\x00', 0x501, 0x0) ioctl$auto_FUSE_DEV_IOC_CLONE(r5, 0x8004e500, 0x0) openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f00000001c0), 0x220000, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'vlan0\x00', 0x0}) sendmsg$auto_OVS_DP_CMD_GET(r0, &(0x7f0000000280)={&(0x7f0000000040), 0xc, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="040025bd7000fbdbdf250300000008000700ffffffff080005000200000008000900", @ANYRES32=r2, @ANYBLOB='\b\x00\a\x00\t\x00\x00\x00\b\x00\t\x00', @ANYRES32=r3, @ANYBLOB="080005000100000008000900", @ANYRES32=0x0, @ANYBLOB="0800050009b500090000000000c4db06e600000000", @ANYRES32=r6, @ANYBLOB], 0x5c}, 0x1, 0x0, 0x0, 0x10}, 0x8001) socketpair$auto(0xc6, 0x3, 0xfff, &(0x7f0000000000)=0x1) r7 = socket(0x11, 0x3, 0x9) sendmmsg$auto(r7, &(0x7f0000000400)={{&(0x7f0000000000), 0x205aa, &(0x7f0000000100)={0x0, 0x4b}, 0x1, 0x0, 0x5, 0x1000}, 0x5}, 0x2, 0x100) 2.291681436s ago: executing program 1 (id=2838): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x2000c000}, 0x0) close_range$auto(0x2, 0x8, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) socket(0x1e, 0x4, 0x0) r1 = socket(0x1e, 0x4, 0x0) get_robust_list$auto(0x0, 0x0, 0x0) setsockopt$auto(r1, 0x10f, 0x87, 0x0, 0x14) setsockopt$auto(0x3, 0x10f, 0x87, 0x0, 0x14) recvmmsg$auto(r1, &(0x7f0000000200)={{0x0, 0x2, &(0x7f0000000140)={0x0, 0x4da}, 0x6, 0x0, 0x8, 0x7ff}, 0x1000}, 0xffffffff, 0x4, 0x0) r2 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000140)={'wlan1\x00', 0x0}) sendmsg$auto_NL80211_CMD_SET_WIPHY(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010029bd7073000000001400000008000300", @ANYRES32=r4], 0x24}, 0x1, 0x1400, 0x0, 0xaee2e45ddcc9e3a5}, 0x20040080) sendmsg$auto_NL80211_CMD_ABORT_SCAN(r0, &(0x7f0000000a40)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000a00)={&(0x7f0000000300)={0x6f4, r2, 0x20, 0x70bd27, 0x25dfdbfd, {}, [@NL80211_ATTR_BEACON_HEAD={0x6d8, 0xe, "d746c94ab0d671b83ca357eec2b26a0e88589f1569f3c3ff0949849c0c37065ae7f9b1f33344a5e784848f21aad6c852580c08b1bca21715919b3d076ee938881e3227bb4019353270e7bc6ae36dade74847cb861febce3b997323b2b5d88a3d4db2c6e56eda5bc99bd9afb226713303ef6a1ca0e179e2f1a87754959497d31ff38e8471658c08f82f8fca8ba0e4567371cb1b31022d7f11c7797b0fe3493a7d276b92fcdf0db7ad08e24ed5ef6c63b615d77a9d258c1697df29efb5742fc2152bebe5485b024ca7e3595b596d43a357a964e03d0b58b8a31ba81e07c7db29026f9af3510b0dd2938befe56a709098452fdd45f551b3df1f503afcbb4b08366d3710d60254bc306d92e38e2ac8e8bbb84e1502c8de673986ddd5e2d2bf00a4c1435540f97496431eef124df35c30ed8d2578b508c2e4ac8f44673b67df02244433cc8c0999948ae07cbb69a4ea163c74cc9529a16386c610e73407fdd3b5c5e7d0d3debb656f4c1af666e960890e998d26b3e62088106212c73936f63df13a03e84e810f2a3a734854e49b43f3d147b983c1e9380bd54eabe5e295f5cf444ec2a3958d558b52072af65ff98437f627b73cb31dcfd9f0d0c4a41be69c675ff2c99405a9818653a6d35fcb5069b9b59ceb6a888f756a320702dfa657907fc3836091049773334d1ab90db0b65bee6646e53e35b7ed894168380d4091813a0c2307c865e1194a84e8989f797d70eaa6a2f398c490b8213e144159c09e984a65dcb94cdf269a158b91b0d413aa62c5df3e0cda8c1ad2be1462339c0f28bd5fcefce5875b16d96e142b4f1bde5472a5a248eb047b974cc15c2b790722dc9132224814bb95e0d977d53f02b33e22c9b03dc44d3f70e848af286e55637a02f6978f688087d8a619652ef8e797565be0cd06449210f1003db1415004e391ec0a2c2c5a65ebaa7d2a514108be92a24c78637c2b97096e1cac405a8ea09e1912ae5dc133756903988ba935ba6c9e54ce0c0e9a63e133b0a58afb68444f4ab361e4018cd58f7aeefaf501722a3792aa32f875d636f52cad369aa0b25ee13389bf9aa529e36d51d03296fb40ef701b5c1580ee9ec238de420206a6601bc7c28e2ff2a0adbbcddf7d0cebbb6de6f89bb41a0cdbeebc861e2d1c32f2cd2eac58f31a723eeee1aea7cddd25df90a7ed22827a984ef7132bc2cd50688c4e347c8a1799a07adc0f7ffbdb7eeb08f2c9be5d964da57aeedb962abe5ebe40b15c1dd89611e1c954ff08a37f6a5ddef2465d68b06d5e26841c8df83ce069fe11bd3c4ed3be3be2f24b775f9cfa9ad23c21ccc04c35d62069a126fb144ce1b01752eff3999f1f2e2864fc6ae72a811c8d748407887a9bbcf64e5a284f23219c0c4781a6d44a0cfd489e4c30b4bfd0c46eb09933e6f754b649455851632706ca4f1e1019289f013cc398da8ab902c2eca7dd54412c0df690cce020216e9f0c87cb05948c01f97ce0e067563d88c4885a4d347a9312f8e8a83c9926556ff3761ec26fc69ef3459acf5e4e4e8bb5a04f7f0c873b5c0f4e09d885d41fe45ebb676747c9b52eb303b5a471ffdc90a4e69aec75e6d3f5088884461ccfa8438b939f2a1d34227ffb2e970a57a7287650587349d161313082f9d6c00860da94be5228714125e36d906ecd2d236aa4e80f154f7d2a60d81aa24563dd2bdd4ff3f7e8bcf7fdb629ee9dde68f8687d5cbcdbeec4b7f01a062e15634f5df276a46c532fd9a98be3d7fe097e112b2576d632ce69884f94f3dfd701b4181242dbaf3d31f171111473942a1ff0238111af3103cf8e7947d20eb0b366a0027e685ba249a766431c7a487b6e54da6ab8c3414a23bafa49414138a3e85a0e071744c19a07e312bff19e9c7f2ef4f7fa747dcc13145064f4e849fa0270d1ebba7006547bfbc1504101ddeebac41ca9f432bcf225f016f4b6a757b8e4124334f15367aade1e93aa8dfb073da96225fa293102eaaf2650774f0c1115cfd79a080985c6ddc65592824b41787eba244bf537c5a2b607a772e431b8192f4865e729bcc5414e2d713977a29db1a6ebf0b342c03fedabd82a71e3f1aec1bc14bf3b425856d4ffa71a1a9a2f75140df29c40f72da45dfb1924d6b00ecbf0e94b886c68a59548b26f131337689a0cd141b2963c970a5eb93b4c38cbc3ae33e033e160f6118d2238aa454fb03f9099c2014a5286ce2be264c589732882d191ff5004e8ef9761071e699a47db965589c2de7733670c50b690f14fc7b3d72ea237d0652649ad43bad61e773c562f430659142a10d2287d09e0de34fe833de9de3230e6d21239c013dc149490227b82adeb45e60bc015d2bbbde866e21c05da2f82d0bc5b0da265cb28401e19c695117cd7b4c31c34d768d414697cf6e20258c9b3dbc97354cdbc99c19a6663d94b7982ce5dfb689dce2ec41dded158d3631884859cf3793889dd0f95ef64be110d"}, @NL80211_ATTR_WIPHY_RETRY_SHORT={0x5, 0x3d, 0x81}]}, 0x6f4}}, 0x40080) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f0000000140)='/dev/cuse\x00', 0x1c1041, 0x0) write$auto_fuse_dev_operations_fuse_i(r6, &(0x7f0000000440)="1100000000000000000000000000010000", 0x11) getsockopt$auto_SO_DEBUG(r6, 0x1, 0x1, &(0x7f0000000100)='},:(.!/\x00', &(0x7f00000001c0)) r7 = getpid() r8 = setfsuid$auto(0xee01) setresuid$auto(0x0, r8, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r5, &(0x7f0000001f00)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000001ec0)={&(0x7f0000001f40)={0x1408, r2, 0x8, 0x70bd29, 0x25dfdbfc, {}, [@NL80211_ATTR_CQM={0x289, 0x5e, 0x0, 0x1, [@nested={0x18, 0x137, 0x0, 0x1, [@typed={0x8, 0xb7, 0x0, 0x0, @ipv4=@empty}, @typed={0x4, 0x93, 0x0, 0x0, @binary}, @typed={0x8, 0xa2, 0x0, 0x0, @pid=r7}]}, @generic="0c7bca135190d9ab29869a42a0b8325aa184c13dcbfd025d00ce8ed964bdba50d3a0f412d7599356c5cc79a20da377aeb1c5b355822032de3d90830dafdf0c7f4785afd7a4ddbc4f102acc38e4e0478378f772678789afbfb2b15a1981a23266e0a0305af035d9a33b727ce5cf6b552ee7c1eda2698bc7bebb3fdc0e1e1e25b3bbd518f759148dc552077bbed05c7f9269886acddc5aec0cdf01bca8b73b7e39383e06b2ffd7172d5dd4f6cc016638e6d69f27b839076e", @typed={0x5, 0xd0, 0x0, 0x0, @str='\x00'}, @nested={0xc, 0x146, 0x0, 0x1, [@typed={0x8, 0xcb, 0x0, 0x0, @ipv4=@multicast2}]}, @generic="17c3f700f16ac22990636f47f0656f6b6936fc8a1a311cc455d80867b107ee05e7f9cdd618c2e567d7ecf79d31299e454638c353025f02993e34f49f359cae1d1331b7825f8a74589ed21b6bf747a9252fed8098c8060701628dea85a58d8050d1b0db4714d70e61993df7505679e7b251b63920a95758d755aebd9b840fae0921c213776a4b0aac279a66c35342d4d69c2e8d774dec61452cacf3c1091e8e81c0ffed25ea42cf900834b407ddd40572209af6d976d80aef5f2d28f64148ea7d16990f5b5bdddd37", @typed={0x8, 0x81, 0x0, 0x0, @uid=r8}, @generic="a628948c7a1e2e056a527b0dfa36b28f18abe1527d8e6ccfceffff4bcb81b8895328329cbf360938b2dd30306bad7ed61a33bbcda75632fbd8d568c61be4e204369afb563b49f34b897af9c6a6e82fd748c47bd71b6ea3f5797c4859c0c22a1d8f44c97cd017820f005ba1a3088f6debaca719ace433ee08ed36bc8a0ab6a37e7a4527018645c2a135e9a39e924155021d2da840fa0c90bd1d7a4dc883b5dcd3da7ad50b1279c247835ee799b7f72d7b783199985a1fc822c045f662eb7090b5cd947b7b20d2c02f69d61eb2647d6b65facf"]}, @NL80211_ATTR_CSA_IES={0x1128, 0xb9, 0x0, 0x1, [@nested={0x10a1, 0x1f, 0x0, 0x1, [@generic="83762722cf3353b0cf177f0dacf2316636b2de6efe30116667f43b2d2ef5d4e77bf9d46456813e521ed1d5b66aae0cbee315d7bc133fd792d5d466190dc13abcda0d28221a46b5bedf6bc29b466f5d38ab9d364b26615e7c8dd485c253871192bb377f1c56f0e4cf8ecaba8f76b983e8760d1a4c7cc67bdb744f66e2e23b1afff0af49896d71a69b76ab4f025c41157da0925ee3cf09efdff0", @nested={0x4, 0x149}, @generic="a938244aa4fe98c96c15b86b030a9784705a3e4d1e2cdebcf3f7d5130f3b335af9d77f8696223b94af78a7a143516a5e7c66abc2ca3874aa58112f4d7bd1c084b1f4b63d3f676b517300e727849fe17095e4ca018e7d4ee32d79c323b46779f4960ef0bad52dbd55bc043b4f4741eca24d1c886f088ebb327730e66870c7cdf063a3072443a8bbd6f74362f9f5b9e1efdc321f31467924dca8a7d9f75b389d20f2d18af1124943254db04fcdcac58bcfb3068315968ce6d9357bd572537a80711172223ca3d1a2ff21684dd4f4c37fc65f88054471ae621ce11775f02b4852e718f6e86e861872fae6fb526d3db6583c70a6e6412c088caf6a481a5fc9681b81e71f105c3401edba52235d8516cc5d16ea12ff402e8702cf63686cf3b4f65620fe6a21e5364e0326816ecff081b331add741303f49c140cbd978f477b8c6616ab91e09b3523723205172be148069daaeba6e7fc0f3e3e6e5979b016e6d4640175a39835c42e47f6b10d6b9bd2f4424966fe3d7746fb20098d092104dc90989700135b53f663609336411c8408738e98e355a06f295d35d896a72be83cbb5e84bc5fbe584afb1df1faba5483a500a9386521826df97736e6fbfd12777f09af9de80831d0323427e18406b2db3e051ab91d779665e69d2c676e79d6121384a45be197d59dbfbdb5c6edac52c4dac3e882a79edcb4e8793daadb7c0097a9057fd0efa5011a9dd7277eae815e551aaefca7afe74f4951f8789fe4d0d5bdda26cbd42e578ddb9cfa44086b8d975864031bdd1fb72ba87c819891e26721d197aee24d7484eec7f42a6035649790a535a88d0514aaaa58dc9f1568bb02f315876be7e84e7dfb824be8cac52fb4f06057804cab0719887a18920a17263e6e9c9f9639f1d6eee6a6d97ab46af107733539f336806d6acf77f78dae06245945e441248bd9b82eb97455a0025d189529a4322ad267d308ffc7401fe940d996ec8fda1c9fe2a9442d3fb0c55c82a74fa216eb8dc3d46fa09f22691de74f64826d49d7bae410e35df9eaa0725a9beb9499657da1a3921f138afa05420b70415b3bc8885495f7afc04dede98cbb9285e068ed3401b27b0147e66a835c44cad65bd8738cc2b60dcec20b19867c187aa679ae14fa021321ccaeabd4f6832c0229d2dc9a1ce9218d5c8e4e040a03b14701978df5bcfd22b957d2e901888ce556d9e63d8d4bc7609b8705b06d98fb7aba8ae0eb44825d4d46896e61fe7abc15c10bb6743bafcce24c91a937ebef08d4723e033d66a7c2b10775f9e2eb42fd776202805efec1a019e2124e05f49b79bfb32d503a8deadecf7780a01ac8b2840e5bd6c8bc0078962c480b7b3ec3f58816aa5e3532cf841c6606d0d6bb643ad0ded99bd8448ea78414d3e7bb049585c9b12d80811675cd6653c76693cd2337e64ae133178cc620dc365fe1cd6bd5e51333f63aa5eee0c9219d0b19322e37651063b78f9857d7e6e39faa833328189eab4dd8c199371688a77bd3855537f1b6a2d376e48c8bb1a99e5df4c9a24c5b82ac5a19be8ca7a76e057bd91c3933268d47be9cb3123f370b3cde125e68fd86e8bffb93e8383b583c386f0072c65f1266018b5f9b509eb57b4e217bae1749fef8beb4714ea30ed83ecb9a01f3bd41a47d77aab6e95fe4c5059a10358c64b1e705a322dc09933594a74eb52e8cbc96e293b0d26ab61075c1f9c2c71de57c3266b18d593e10c7390390b541336193e54755ffaf3cd8bcc1c265be1e4ce5c78d94deff4bcfe11f0d8e71de04724ea732fc1333dfe586c665579a49301be6200812c33a3363866cbbbee0f3341958e194bbe5ce640d9d2725b90d6914365f3671ef0cb1a31af731af3365bab7ff4b1265913685fab26b3ed30ec17cb86f317f3fd864013ecf1b7de1f9634d306d08449c41ad9e2c9b64ea55200c03fd2b996a172ca348da347d1bff7338bda7df6a34c370d32d7ad1efc0abc81ae2462dc28defd58e7e7c31c9397598b78e7ffe1a59fc308224c0ee542b4d1bc16048e68041c15bb82ebeac5e775591c23843681875664a63fb09fcb24710715c07ea3c343d2a3fde0e7b6d5ba164f82f4719508c577aad12d74e64e48502e8c082f1d2dc998fc4503a71dd400623798516c59436c8a2d08256614e40400dcf3e8bb026c044abde75c2e6fd35b154503669b0b0bc00e8caa6c1960a3c427d24551d3b4f8487a58a340c68c242cff6b9d5636ff51d1aaaacbfdb8b4ee33bb056c77a8e9fba4fa7eb6ae7a38b3371b4907515342ef2fea277bebef271e6984402c5a9ad123a742a7164e184674153db2e51990f066db7a18c4d16f059ccc4f3e656d8683b12825d522c20f64c6b16d7346f96b5db72fa7f968861f560be54fb2f270583399066b58eecdc3e7f6b0bd2ab114d39652fb3685e9366bb61ce9dae50ce904aa1c105fc4efa6f8ee224fd9f5cb9cb186d02835f8031696e06bdea56d04650b2b767c656635bd7489d17e36d31a46a84f5902e4dfd3bfaf15b2d34db2913954c51f8e8afb873b5326ae185e4b51de3ba4cd367374f8f483dad1dab835e22fd77a63cfe679a580fffa6d165460de996409cd379df0b89e349418f14925c67f3b045bcaabf899c0bab7c5df0ca2234dbfccd46ed4bcb2f3add2a5198d94ee9a5312a4f0b1165a1e21288de925734f609c30603cf20004fd8ef218e770cd88765cf6e4cdf96ae3de021e78b7c0859911ec7a34d782383d816d3518b3e25a8b117f5f75ab2d2e3a7c72100dea05e6e6c57729b8e3cb8531d0977a369b03bdeaf1e68c2cf46e01b976d9b388dce00e71e766fa4e68486df7c75316ea2d0b5ba3effe8eaeae258de0ebd9b374033831e6eb64edd0153f6d8982cb5acc8550f2ea1ed5105376189f61bfaa74fc272c69d61570d54d76f3303b37da1f4a201f740cd081fee8a0d97055e0ab5894e72a3a2a53c5df3fda79b8a61a674e42bd45e1690eb792d26533e3f45fbb08957a28e27633d87e71e6f7b31e00d59fbbc6bcff8bde4f2cd11f2cbb19e062802eba5e90fb8aa65ed3b27c5b83747fc4ecb5bc6ac423149579db949640cb8ab21f17520e24be76adc88e78c5689b92f15234bd2cfd41fbe81f2f5638e6b8b9216d33fde9acde536f8e5fd2a8192aa3907a922b324181979bd1fa8be1d34a160b8f734de8d67be14c68a60c32d3297c767fd81a467bf76a1823733e6a30072c19c858a152540f4db6bd56a78e13ff42e599c3b52aa23f1ffef33b6d2e3a4c69c10b89b00206beb4270c8afc01d6cd76c65dd70d3852dac08ce6ad3be3d73326fd6e2315ea10bd5652261d98dd86ecc017373a552e9f357f3b5ca541af751ba438cc78916027125e1195b74407a3a3756edce22dba1bcbf8f80dfbe17eef712683b71a110dddc6831d62449324b09cbb335be6f041c0d204092dba2b22dc836eecdb41159b04282ce1cc16cb4d34745fa3a4683c188d60c3d17773871286235358d05ed7e07abd0dcf57f4eb092b938a5e3bfac8ec84fff1f85f3f752dc73a52317a9f057b93ddb1f8d7c3fb8fdf623c2ff20041d55f3372c51a6211ef11d647f52e3f5db35768729ff0a5ab7cec9e3d45cdaab32c64d46ec262eb84e10a861050cf9fa99cf01a68d7e1bec19ffed1c69f5d0e469bf3ed4ae11b7b8cb678b080ffa33ee57e20b9d50ef52f1a32ab2a4a102b7a7fb8da0e4b04004caa79c9609f341a6f6b3c1904234f519b12ca31407670be1d6b7b7efc22b288ad56a6c64d187295084b04cf8ca1456f002c1cb6c99170a3d68e1ddd5fc56bbd3bb5e9055bf5501b85211a9485b244e3a772d23c43d1b1aa20227fa9bcbaff47fffabfadf07df41dcc4ab34c66de34b86f27a5125bc20e1e8c5e63bfcae9dfef83b005ea8e14b9199a8bc3762a5ec4aadc9bf9a147fe3fe63709c99ea7722bd36c5a3c5b69155b46440e6694d5e13a5492277a8ba4c79a29eb6c5bf5525092cf47dd9234a5bfaa79cb935f0bb843fc2134939d0bae168ae2fbd1ea1e88b539d26ca094e915dc5612abf71d17d53ab38727ad60dff42700d7bd8461758ad2f881349a4b3ad7431368cccdd3c827c5095aa8dbbd780b4639f8d09a0d7b3903168bbfca4d169a0281fa6e20723933232f3c85ae2d743d14764aa2419dde8f1988f2aae40350dcc7ff94b8c19eda33b1ec8856183bd5c5732c8a71b3c15013c10eea2556e8ede07c9e2a3b804a9107ce50b68c069d63225e59d74b86667f445fec2f9aed161638de7a292f9a3c2942e74b2383a861a1a5c270a009db4c967b338b7ed6fe777c0f33da80fcd20ef2cb893e419fb98fb1bb0cb9c4835d9cc657a759aedba4ad9ddefc97f900cce6180322a887bb500926bf04faa541b7175ffcb0a23c97625ad75ee09129e77664c8cf808dfdcefc80f72544cf5654805651899a54159916be3627ea553f3571dbc9e82ac29d2cb086e9771d11bd1bf931a837e927f4df89e544885b16d8a26c8a27e310e5d54c5ec81edd39608f410a145f84143faac93b27ddf53cb7b430216156b39e0eb70ddd8f2d9bedf27a13719bad2638b23833cfe29c75fa8d9cf6adcdc5736313aafcef882963513abb95b6ff46b4b956fd0d33cdea7b95f462224f56f22089ceed5cb6a4e0a7a98251b74c789befaea587d86cadbd96f5def5c1246fd248c01733f1a83abb4dc1ddfba27b7bcaadcad03d3c5f66802fb02a860e36a902a58c5fc8d580b70960ed1a2457638bb101e2112b37c03b973a781d9431052d42bdc05a7ed79003a1d69dc6c833b1140c3afa53fa580a58ea0c818b1465ba152c32c4efe73d13a262fdc11341ac90662d1a7af90a7bbee52ca82196dc517b04e9eb340a5c887c95945a123d11aa8c8a13dd1de35276e147defb334c0b865e21e99a379c6658291b1b04f51375399197ec29ac1f435258176771ae55be48e73ac2722f935a14f148ede3aef25d36032806c88aeed2744a06222be44ba9dc08f0336ae3f6dbac3aa70afff1df97a3bf2ee60ba87c78d15f0780a7a73d3a125627ac4ddb36fca014427330c3804fa88274839456aa3d89d9961b38ebeb187bec0d8399fd815d44d9c289de8887760d75b5ee6191bbf9b6eb97efe8da1649be938dcd994d0595d49961e05aaa18276f7e9ba876493f307d4f0d13d5b11dc39b41a3df95783cf3b4e7bc13f7c5450e7101806dd38b72ca8cebb0805e95bb140d93a86950c201b45b84e4a430a2c7d79369db00998d70a2bee354f374ec3c25870f555a936a1ab24ef6d86d22cb8aa08cddb0aa83ee4d357d165f42055a3548e6145b7f16eb494bf3d9418e84836c71b7798f71ab992472e4fa35d148f98794cac12b0c17ad5f3b303c69e45c8c748cb3f0677547a98ec017d3179c46b7a50fb80516e2841a608956618da36e992251acad034de400146acc82b1b76dbd5f76fc7648e8e6a700a72d1202f96c72a781cf7b33c13df0fa8e9011c43d1fd3eba9c66367d677307f18b05acc3f986a2cce96362f7c7c3ed4de018156f8d638a0da4cdf50e3688d7c31d9b80b5bd4b3acc03f160c50aa66b679521b67ebc3224b54451b0326f93354474b43f4106d79b913789944aa4c61ee3974961c1f1d4e37f9dcc1ab98c1f40c4833c1842b913bb56fd69c1b8f55e76473bca6e0e4efaddfef5ba109e26e72d68a481f795d04199be1d84c4275f90ff5c50ad905eab01a5fbdedbc637aa5b6f6acef7a8e90e4860a322155d40929faffd51d781a6518a997faebd4d902ade410e6ea32ef1c925a2cdea150f13f8ea35db2"]}, @nested={0x7c, 0xa6, 0x0, 0x1, [@generic="5a285b156f94665f1b967a257c1172d57974f133342edeb71c8389c0ae9da533cba7c9371cc32efe6b8e69f44a737ff4a95178b8db73e7d6a53e24bde27d58b33b75f243f586bc5688495dc162e43913cb060a6fd34347c0cc28ad4c9aa54d2cc4fa5214a446744a9859c9fb0965b8b52c0a33e233dceb84"]}, @typed={0x4, 0x77}]}, @NL80211_ATTR_CNTDWN_OFFS_BEACON={0x29, 0xba, "8a9740d55adcaefe50b1797cb10892da185b79bad7aa34bb51f0dc0fdd6ee03d6375f9a0d8"}, @NL80211_ATTR_KEY_DATA={0x14, 0x7, "9238fbc3514aef7e368d78f2f326c8bd"}]}, 0x1408}, 0x1, 0x0, 0x0, 0x80}, 0x0) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x230) setgroups$auto(0xe32, 0x0) write$auto(0x3, 0x0, 0xffd8) 2.213604258s ago: executing program 2 (id=2839): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup.cpu/memory.limit_in_bytes\x00', 0x182b02, 0x0) syz_genetlink_get_family_id$auto_ipvs(&(0x7f00000009c0), 0xffffffffffffffff) unshare$auto(0x40000080) mmap$auto(0x0, 0x2020009, 0x2, 0xeb1, 0xfffffffffffffffa, 0x8000) ioctl$auto(0x4000000000000c8, 0x400454c9, 0x3) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0xa, 0x3, 0x73) setsockopt$auto(0x400000000000003, 0xff, 0x24, 0x0, 0xfff) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) ioctl$auto_FS_IOC_SETFLAGS2(0xffffffffffffffff, 0x40086602, 0x0) mmap$auto(0x0, 0x400005, 0xe2, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0x600006, 0x19) sendfile$auto(r0, r0, 0x0, 0x3) 2.007580415s ago: executing program 0 (id=2840): r0 = open(&(0x7f0000000040)='./file0\x00', 0x22240, 0x154) fcntl$auto(r0, 0x400, 0x1) fcntl$auto(0x3, 0x400, 0x2) r1 = io_uring_setup$auto(0xffffe969, 0x0) readv$auto(r1, &(0x7f0000000a80)={0x0, 0x21}, 0x21) openat$auto_bm_status_operations_binfmt_misc(0xffffffffffffff9c, &(0x7f0000000000), 0x40002, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r2 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) write$auto(r2, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) close_range$auto(0x2, 0x8, 0x0) 1.806121772s ago: executing program 0 (id=2841): recvmmsg$auto(0xffffffffffffffff, 0x0, 0xffffffff, 0xffffffff, 0x0) sendmmsg$auto(0x3, 0x0, 0x3, 0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000002dc0)='/dev/adsp1\x00', 0x2401, 0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) r1 = memfd_create$auto(&(0x7f0000000100)='\x00', 0xc) ioctl$auto(r0, 0x0, r1) ioctl$auto_FICLONERANGE(r0, 0x4020940d, 0x2) mq_open$auto(0x0, 0x7e, 0x9, 0x0) syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000180), 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) r2 = socket(0x15, 0x5, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0xffff, @remote}, 0x6a) setsockopt$auto(r2, 0x114, 0x1, 0x0, 0x1c) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x3fd, 0x8000) io_uring_setup$auto(0x3, 0x0) rt_sigprocmask$auto(0x0, &(0x7f0000000000)={0xfffffffffffffe01}, 0x0, 0x8) r3 = getpid() gettid() rt_tgsigqueueinfo$auto(r3, 0x0, 0x1f, 0x0) ppoll$auto(&(0x7f0000000100)={0xffffffffffffffff, 0x690, 0xffa1}, 0x5, 0x0, &(0x7f0000000140)={0x4}, 0x8) close_range$auto(0x2, 0x8, 0x0) syz_clone(0x25f8f4310ce904af, 0x0, 0xfffffffffffffd1d, 0x0, 0x0, 0x0) socket(0x1d, 0x2, 0x6) bind$auto(0x3, &(0x7f0000000040)=@can={0x1d, 0x0, 0xfd, 0xfd000000}, 0x6a) r4 = openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000000080), 0x101080, 0x0) ioctl$auto_VHOST_SET_VRING_CALL2(r4, 0x4008af21, &(0x7f00000000c0)={0xf27}) setsockopt$auto(0x3, 0x0, 0xc8, 0xfffffffffffffffc, 0x4) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/block/nbd4/trace/start_lba\x00', 0x22062, 0x0) 1.406235817s ago: executing program 3 (id=2842): close_range$auto(0x0, 0x5, 0x0) mmap$auto(0x0, 0x40020009, 0x6, 0x13, 0x40000000000a1, 0x8000) socketpair$auto(0xa, 0x4, 0x8000000000000000, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/pts/ptmx\x00', 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000040), 0xe0180, 0x0) syz_open_procfs$namespace(0x0, &(0x7f0000000100)='ns/net\x00') ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto_KVM_CREATE_VM(r0, 0xaea2, 0x0) 1.049504516s ago: executing program 1 (id=2843): r0 = open(&(0x7f0000000040)='./file0\x00', 0x22240, 0x154) fcntl$auto(r0, 0x400, 0x1) fcntl$auto(0x3, 0x400, 0x2) r1 = io_uring_setup$auto(0xffffe969, 0x0) readv$auto(r1, &(0x7f0000000a80)={0x0, 0x21}, 0x21) openat$auto_bm_status_operations_binfmt_misc(0xffffffffffffff9c, &(0x7f0000000000), 0x40002, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r2 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) write$auto(r2, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) close_range$auto(0x2, 0x8, 0x0) 1.048086595s ago: executing program 3 (id=2844): r0 = openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) poll$auto(&(0x7f0000002940)={r0, 0x100, 0x8}, 0x4, 0x8) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket(0x28, 0x1, 0x0) getsockopt$auto(r2, 0x28, 0x8, 0x0, 0x0) r3 = socket(0x23, 0x2, 0x0) sendto$auto(r3, 0x0, 0x8000000008000, 0x0, &(0x7f0000000100)=@l2tp={0x2, 0x0, @local, 0x1}, 0x80) syz_genetlink_get_family_id$auto_thermal(&(0x7f0000000200), r3) openat$dir(0xffffffffffffff9c, &(0x7f0000000280)='.\x00', 0x40400, 0x48) socketpair$auto(0x1, 0x8, 0x7, 0x0) syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) close_range$auto(0x2, 0x8, 0x0) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/input/event0\x00', 0x3496c2, 0x0) socket(0xa, 0x5, 0x0) r4 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r5 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) ioctl$auto_KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r5) ioctl$auto_KVM_GET_MSRS(r4, 0x4140aecd, &(0x7f0000000180)={0x7}) r6 = syz_genetlink_get_family_id$auto_nfc(&(0x7f0000000180), r3) sendmsg$auto_NFC_CMD_STOP_POLL(r2, &(0x7f0000001c80)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000001c40)={&(0x7f0000000c00)={0x1040, r6, 0x10, 0x70bd2d, 0x25dfdbff, {}, [@NFC_ATTR_LLC_PARAM_MIUX={0x6, 0x11, 0x9}, @NFC_ATTR_LLC_PARAM_LTO={0x5, 0xf, 0x8}, @NFC_ATTR_LLC_PARAM_LTO={0x5, 0xf, 0x5}, @NFC_ATTR_VENDOR_ID={0x8, 0x1d, 0x8}, @NFC_ATTR_TARGET_INDEX={0x8, 0x4, 0x6}, @NFC_ATTR_VENDOR_DATA={0x1004, 0x1f, "ffb9bd33c7a87315b5c06604f5f64626642ffe556c7eafe815eb1712c97ac6edb5e29d4cb0404032fd38047cbcae5d0453e50ad91140178c544f77879c7b2f25405462319cf423d19711bf7d9b7df6154ed5336478e0f5fe8563e89395dfa4bd0a9953a9a63091ae05894f4a10536f03aaf021a2bed332f42859367801e4ae463cf1a27a26003008a62987263343fc208959b88fb27013d4ee30b9e1b42f6b383900a9f198dbaf6229ded852d1b853d9aa14f77555656d94e519ba509918ed7441921c72ed93fdc66537e0c0bb19b6550087ed578b687c109684244ee3048de8292397722e2347094d16f389c0fc7c1a66b52eff2e7bf63348a6f38958cf85b85882d9498c4ec94ad387e2c8893536a5a5d7e6a8a2b835d3f56d0cd9a1dafed73988a42079cfd822f682e7c25c1c982a289f371ad1f2ed353c9a6bdd24b04f5bf4640f81080caeae598f8fad9b3148b99ac08fe1e4571daec62dbd48fa4d30232e83b9419dbebd25a62a33bec269de81ad5d30c349ff49c18857c0dee35ae9512273be031231729cff48a73c412c0f5421f38904b6e2bde6efddd341668e24d36efae98c0779310ce6ee9e46ab3e8765b41109180ce9553c4a34cd756bc5adbc81c5277721de2bdfdb998e97bcd9842d3c42d50e24b6292dc717e6a2a4e0b275e19fdd896b7a71ec784b9ea6873d3ce967bc172c0f20d8a30e6921f6bed1de90b4288e97b831fdd985c80f4c86c7d936284f93b2510525a8f5f4cb1ae3b36eff0d8b7d31bef604dbc32746c7c22cfdbfa8d03576d7e2036ff6a4a3404b5afa8c7596776f3b9d75e72dc73ca8c2e3ae569c1c9290eddf516710e09a25c19f62477258f35789576dd36f2d31b33e407395532dd826bf4da6d211be3cfc39885794644ba9e104893146fa8dd37d8c415f3c372c4dcf4329bec7ec76d043b771514fa9842525f9dab454f7ae5a6fbe5ca373a8a25e616dfc77b76fcf8134254ffc91ff08baaf489d985ac5997fdec8dac958aca368e54a54d3543911128f7c6b1fc01edebdfb0e55bed0564e3d1ae5a0013bce9a2f8ff97f4f5f1d322c53d5f27676e910adaf07be820182e7bbf2af11ab89a4ac9ee4fd26c5e2f24018a864743b1ac944c181454ecb8adfd5b5873499096e87fbe3089a3b079b5fe7762acc501526e23f4364991feb5186e92e633dc8746141a396a6ea31d0bd8e21519578479b07d975651fdfb62a24eef2a9245bf845071e5900950fbe2b62417b06d28e3d17ad1ef84d52f597709d55f8809919d1b380339c657bd3f2bf6ee0656bf82ddc9c54a147ae55dcf2d817567c246c75ff2aec103865097d16897b82b5f654bcef80d2f661e3fc202a221ee1a38d449d04d0aaee30cc04ae925f20b286776239b12cebcb6aa77a17bdf0d29de14d54bb8bbf41b4a8e373decc3badad298fa4a80a747036b82737092b8b364ebc78d7915c582b87f229ba985cfbcc35505c26b85cce2d4ecb23c0c22806a07c80d7d582e9a1785d9e53e6376f7b93a1c6775967e60fea0e64844e830b2880e6fd8dfd6708397de3fa6b538471c2fabaa7e0ed351c582989d03b4ed7e70b56869d6dd75c517ec4566d28b724045f1f19ba0d8cd7c9f752939b8abf8c139aee898743c9ff8cfcc07d536e2535f9076641f839ccf4135e2916aa0ba11849daec351d0e2ddbdc33397033d79c352d5ae9f8f1a1e60bd7469d44038fef61ebeaf8a8b36835953084d3ffcf87a249c7fd33dc1e9fc7cdf59935f59811d08ee0d95aae850303a398ed6418183aeaa4d584dd486d2405c50ddb68c5dacedc4e9221325c07984e004c7d1c12951a943481e2fa06cff09e268dee573342a1725830b7c166b52e250181b47ad1b7b16d14957d3fb18e0f5441a1a9c0561a99623bf63fd2e2dfe15df96822de853ef47ecdd36a45b2135063efde7e238e91aa7312077345e2769a8ffee0a5fdd628b438749ccafe969e46d24c976c470918ee6e05f08e3ef5ce414126e1387f4d76a424fa94aff9d600b20f1915b2df00c1b70844214a8e50705c76946975a0cdac50f6d3e907680d86b2867577e30cafd653b6525f5149dca115fdde51de65f745999eae8d4d2b74ae86f773acdda2cc4c217d3ab964522c5db8b8998175ccd15a14e5c24d4eb9c0197e31df40ec8eabc66e16dd7ceddb596dd99904f0faeba12be44cf3d80da3e7535c553d811e747ef5913bbf56a0c39d94148ea3f737dd88ff465005b8516947dd1867d62e6c80e57831c92a05681a21ffe2cbdf01e25e693a8e772f77a4ecfb718389676dd95896ad75fea95909b9022bebe2c048090515b74b42d00dd3a9953e9d53eccd0ef4c8f9e877617a3c467e6e74c8bbed0fc9e55cff26dd81832f056c27a92836cb46e3d2c5272f221495f763fd1a17539396d96c143c7a071b0435315d9293ed92ff7008fa28ddde3f8d067b5e0ed8f33b3979d78d77bbb27f6b04e92eedc6d6a37201810525b2487bd7b3b77786836f6d5bf63a7157764120a64b6529acccf7aa8b77ddfb2c2f9c3a84d7cf47590d12795cc28262a3433865e5ccfb53e5714b8e3eee301a4637ddd1b5575088f186c2551e430698db02bc897ce23d5be1833c2d2d7599d0d430de1200ef4be1bbffc49284991f63d59faee2b1884504a8d9ba6aa8383717dd0a50a901f493c084d6e58aebedb142a97f8b540f89f2ca1270aea03c48b72aa37387cf395ec3639ed4a148dfac7a67fc0cdebaeed58ec2b56965ae66e47fbf3b1d1c54650ee6ca21124a145184d85093fa9a68c7a848c7edf89676212783df2643ed4cfe7bd0c15c7339ea682725406ec4a8dcd62c4d4daaa6443a44526845936749f17439462b55cefe55f1e8a5a600ba614151d765c7919c364f6d1cae43b578c0cf7117a8dcbe1541987738c8d3cf153605470b8955bcd1f01f29331539b50395814286e2f8313650b1858488cfc8d384094664de47fc9e6465216b6483d294670fb6da9bf6f462f809fe87897f92227e98d31a6d7cc1fcec523d4b083640528c893c1e61df0999d3a60bd31d830ab617f3915451e9fe05f55909e17fed0100204ff2a39d806d09a88b283c8e072f5bc5f11617762a3acd41212d57dd43910175f9dbedb85aa2b64cc417a172f6eeb2c1094fd7926f328eeba3abfefad7faec04536bf3932a8735019c8cd972c6b0341796e13c1823ad29812eb3620f9ca2e901ef5b45a0150998b60e20a1518f2215eb79f6e161ef538b9a4539c4adcdd523cef739b5d57fdee42fcc28da31eabdbd94c505a2743a70aca841097f32f0b1ad55c40cc269982daf0c2a9900c08df4678301852bb5d0bf07dac2b2068aae82104e5cbcfedc64cb6b0cbf5b5cdcbbfa14b50e5a1c0347c3ec0c8480dc83b6af2f5c026fa261c78ad4764915bfaeab7a78b8715638714751552712953cee63bae887cd4be1dd426fc05b139c0f795af0be8a9c312ffe7e03aa36d501c20c63380d6ec5e062f8322afe5fc6bb4dbab3e240e4268121f260335d20f4fd4fb850003e5bc2fee39816461719d7915d40a357854013dc5dbda69b35d53ee44403163a380351f5a5a0b7f84f7160da2dc90ba980a3efc4ea08557f6e471df29f608dac3f695188dcab82029e9fecc9111541c7708c96a0817dc278755a50f3acba582eaa099240d664d1ada99611682ec0a1b5598a2cf05910143f72ea517c024553f43d59f83bcb570a9fbd5dccaa57ac8a68e452a03422c56d0101ba7adc09a09234bae4272502f8c25d058484bc48af52cce535a30df8f81d987bf39f7c2bf963af10fafaf83931a37ea106ad961d0bb6363ff1cd322929d9e1d3257d7e01934cef57cd4077cd26f3e0fcb3355d8b429e86b6a541df4ddfb92e16519c11c384fb066eca2144e300fbf906032cc81ad2c2061832ed174fcc961c3b7122b8104a42a477d532b779de2baf43c1fe7a724b3372ff291a686bcfdb8439719fb8b8705b0d1e7a7edd7c44aa0bcc335fbe65954f3f6e49b8281a4cdd11ee424aebc4e90f2dcbc4f78934ac04f77911e72a66736a8c4541ebcf59f911fb2ed84a7477cb638ab648e672906e19adf5800af3ce916868dfb74fd99cbbab953a029691582482ad36db8b5609a2a45131cee3540ef45d4fc880eaca9a3d696e06468e03ef39600021aa4166779126cda5a58ca03cb8edcb33117f26ad0af0aa5963b8b421cb8ec7859baecb0e8df545ed9381da5bbd8d60a565285c7a14e9dfed803312e042f1cee2b915e44115698da55f675cbf6ffe74bfe02159b62a525021189868b67d8caa8ee67dcff4913c57784f0d32326b3a002e140762b6f8e2d5e619c3c086d68341e1c5097c619dfad9e3ff2ced726c539cf145fb9fcfdd78072cc030ae76b5968d9b31479bc03192f52bc5d3a72b6840956edfa15546da473acdb7f52b2d7cada3909636907010f1606d8fb2773d8374e42ea60dd17ae5ee88f51372a9545c3ea8d1313f2c851fbe4a3526cca8a699ecf33acc7b0dd3cb1a19ac82c1900e662208595ac1c02e6bea120518aebdc490eeba8b4e9a9b768cd098b7f7228ee68fad2b242b4c4b7eb7a9ae07260e0f60ab33721a26d0d1917b8ff6ff67708b7aeef24845cc8b2b553d72ee64713c7cc1330ed60386c70ddc5eade48145db9255231f0e6eb9d85b8b59a9f357ceafb5736db4cc9c5b18a6f8ce730f7df5cd0fc57e5a92ce6e8bd488a9d8de881c764f02255c3ae722a5575c1bcc102b8011ef716e72c267138adea0cbd67e0a58894a8039bcafc088489668574ece664d7de4f26e0cb76aa0971b3371898bfccb32687761efadcdaaffa2604b942bd10d486be79991935ead83891624f1babb54d1d73fa39badf18a595a786330ac8c80119091b6c7b8b83155afb9d8c3932a94ac280379f2684a442a1aba406619ea4f8c2688281ba50272c02a09903ac518c1eaf1204ef88de27405e906294de4b19db76634e3596a4da67cd97335cdc0c4e3bc7e80d73ebac82f962568beab7935f2752cb62234308145ed3f9e022b538a0de5174b42ef5220ede086657c0403560f82d080023539684b272634ee1360a3fed029cd52dffff8f6ca06e87289c65fbc2e5692f3f43ff4fc07e66cc6a9727092dcd15f70e231a2886c4009f21cf897a3c03fc80de44a953d573d28a4aec61d747faf4f2c6e3acb71034e13154670a4c08cb93ffba2d072d627603f5a25772afefabad73b3583d8594d53668e2b1d7beb02488dd63137de38261a8c0b595b715f273df8d14b359859869c890112914b1fbfdaa5b11c83ff80d59a2aaca1d4a99dc6caaafd0c4a4b0f433a10f8182fd98b6b3f4d5ef7cabe22a08b08c573820a7e465d0020d79337c9b350a48d4e7a428673cae4a2e098158af0c49052d1b091e3b03abca4dcbf7e1be064cc6e9be34aac9ccba7f86e147e6c395e3d0f2a0b29651fe37cb4744f60381cb8a2c4e413c8138a4a18bf9a24cb832120435b60ee379c38f08aa0caf8c5bb0ae3451aab2ab74b2532f47e7e50eb7be4f899b2e673c6475834ad7cd981a6ade4500b9bb42cbceb84452ea9be3da856458bf8ecf4cf8d1a0f8edf9b3589f3172e837c0c6b50f73bee6c294afd9c966237ed1f3d0d3676043683824985f1c027ce8f72dad9bfa9ef4319ac0488b6d62f75ba0d138c0e5d7e88363b945ee92dfe2235e5bed773e1f108ae633b906af7cf99595e01b2d484ab63aae2e90be854187c19ee3871ff031c0ed714c7d98fc58d796c286821780eefae7743d70b2adc3fa4aa04f76cbcff1d0a38"}]}, 0x1040}, 0x1, 0x0, 0x0, 0x884}, 0x20000000) sendmsg$auto_NFC_CMD_VENDOR(r1, &(0x7f00000013c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000001380)={&(0x7f0000002980)={0x1018, r6, 0x100, 0x70bd2c, 0x25dfdbff, {}, [@NFC_ATTR_VENDOR_DATA={0x1004, 0x1f, "9b425f0b1c98d1b077fb83c32a97ac9b76e102e8ad6697f65163ecac387240378580833aa97ebc6d9c3821302600a5f6cd4674500e2c8b5c1606a301663eeecce5c895d6d4b201228460b9777036eb1250eb6dd7a402f7acba7cd15b0717aa8b850b5e7060e88fa52a45785dddc00cb561b5512d14bba9c033bae89c76bff73281bc2289afdc070ec799872a40474e7a747b0b5fb4a3abfd06bacd445c247a696eb2900e58e59e059162870ae32988ac9c58c3f0d73cf8e132fcf3e86898907a2f10cffd3a56afa47e8702680569de10afd5cd7b85d5cd7509f3e422c0c51c4465c0a9cc2a685b2d9fceff2c7ba0c48f0f17fe69cb53c264d5d4036ffaf476a2f0750a3c313c37af973baf2fc7229c53509ba4103d1400e2c1191c8391c2169db42b66ff26f777be462346ec65cd88f6f2bfaedeaab66eac6ba2843d0c7f421361e0e7a5fe84b00ee07ff7ef63c0472f14d1017d862d5249db5e0796138704fd1a9d2b14c16c4946ca50bdfc799ce943a6bb6c298576b9c59b69bbd3ebf2df7bbc4671fffe7750211117b82728e9c56a7c24d55e456b3a39f767975dc1bee8d70c06f953e16e72cfe88ebfef44f4d395b777db5a60d5668dd631312ce190f8bc61f0d49410e3870a4aa92bd5f6ad7f89948b53179cc3a1cc502da7bae006651c4b081e4ee30e7ec4f9eff4f111e4c9e989c0895156bf96567bfc819f7aacc04a63d015bebed251978ab00fbfbb9f10e364198297ff533c2ddf2fa75c0c08b6b4fcb11949155a1fda7f18b2238b962c6dd27fdef596e0500cf23ec7f39eb50278632ccf95400384fe630a29815d0ab92da397ec21911b0c2dcfbaff45cb5937e27273dd1e1657deca455e21312dbf227adf1d86d97a58639aa9b7fcf56ebad36ec329f516a842e355febd9ae2d391e8adc23097802c89d36627b5181f6616b6ab3212faaa11478dbe99b1df0794add138c279dd9d56d91b2d4bbaeac607ee7f59a116e73b43ef7a90d34f8f0feced455971b31ee950b9a4bac43346a194eddf0146b61402f3a4d26865d857e8012e81da975667d2f18f0b857ec73451158b4e379b19cee237f4c528b9020764c903595da326c0ecfbb6b484937e9877584b1a40f43317bceeaff7bbb5e197adc6eb196589ca2d9f1ee2d029cd633b72e9a8db912e7b4b095df20df0daf16a42946245129061959ae9036859d266792475d3adaaa3add31d5ec8cba3687ee9c76768ac877d17841b33163aa0e362e2b3f4435dd7a5461dacd0f117aabeefa362c3f7b0c62e7207a0cd16ee4ff882fba66116a4498da9d59604dc97b3e61fa57bdfae46ca7c349081d76491681da147f28f98aaebd6ee8d9f0a9f20e57d09b76362f03125140d3f6cb1fdb516f98f227b02cc6902a0e2b31c60a1dbb6d27c5b6e8a5a575c251b155a6d2dddcad0fd3519a7ea058de090aa4841645ff4133eb67845e92005af77742fb79d819b5aeb2fe8f5c1bfbb4e78bad0d082c1fe2ebe538f25d8d5aecb474bb380907b48e85c9c78b32b07646da71910ad9ca6ca18c2544c57b2916451b7cda1c8f44988ed5b91e5ef54ada8e2a520536d3b9af30ae22634c485b711c42545d3719af6aad210daf6d01e1ca9399761997552f0b9b995866d4a20b02f56843bb48c21fe0ae886e34117c67014f2fd0848a451145259220458b11b4347e179ca67b1100a676ee56470d41790b93e5a52a6d8b52ed6c63fd375b2b11389095cc707f76d3ac99d7aff261d365ff54f0a24e7ae9552b3d39372f60cea792b323763e0a53308036cea9cc18541068a6e20c626a1fbec777baf04c9c67823c807be2d00225c91aaaefe05bd66c542c21b97b2b81e312e55eaeafb1bd63b1b306f6c610b8a753d8532745fe87c04d91b65e04a3e5752f8e1203f459ea634069fbbd47a0aa0b82125914c136ad7a5ea2d7d209a04958d1c038bf4c05be848b150cea3921b0a21bf2d71a2597f80dec6ab45dbe134826856ab8c6abda0e1e983a67366367f7c467bbe1df4076f1525b2dfaba18d98a69a12d8fb52c877a45cd800768898f14b0cabe7b9d246792c5ec5e7f5b59728307db372e557adccd9819e0ed1c37585bd12561139a9f3c7b80f89b9cf260998f90f18f9b941dcc21dcefd8d6856aaf1fe9de44a36ce3ad30cb13406d408cd67bc3de7ee2211667c6fcc0c82bffea19d8a33630919c3a193617064f9b6945d389f42420eb4666168ae98ea57d05b0364b5d34828e40d65fde83f3dbc132288c1ac652b0f028de3ea43d461ff377a3ab76b351cc8de5559ec88acc1e62f661dbc6fffac356448c55953f8ab99a5f24f51a2172976eebadcb51da704ffc88974629dcc20eeecc5327e57558d91f3908e61c4feb13e0829e370cce94ef14e8c77e31c2310948072405f21a78903977843568cf022ff348d37b8cc5105bba596dc052ce5ffb5c9df070affe370890c3a8808c327278683c04d7deaf52ad7a5325cebd8aecc0fa6bf163de8693edf3d0ada96b9f719007f9c82f4898de2f08a709f4e4313f03d6d3a27ebef50f915809f707f78c7a455d487823b9300864bdd11a57a53b80a2a48ed39534575fa6e567e9c55a5da0cdf88b48c7f9e0d8e3961f443b2f907871bbb560472e7616b70f377022ef5b46897fa9e4f682c495fd020fda0dcb357ad9877e31f1f64ac75c9a45d66401800aa5b3369062c1e96bac63057aa6e83d06c1360e9d6b3f039d8736b2a94ffd7da5152634caeaf833171f2723dcfe6b4bcdfd17e4ec789a5d28809c6c897179c3e49a2e194dc18040bd50724317dd8e3a9f3aef3f4e920017da1d35e37b1e727ec137158235f88e9c58fb664ee6e0a7119d3b4f140612f666d9b9d3edcb2d931546dea03ae2f2c629a49ea81cba38130ccd0155347142751618d58782261ea5aeefaa910b3b4534ab538eecb17c7a1fd2c3a8aad81535bbc320e580e5297638da9c943d33cb4f263cf2ec99460179664bed3c5206576a94e9b9af6900ce64250dd52beeaf62a11241c684078c1debf6bdca38ba8601bbe3538cc1ecfc29b2b101661c65b19778190c9a52c5d029506835a0f5ec195d1b4c409ee8b2234bb5f41cbf85121c6e7bef32df5ec96f4ec416403ea53e04637f183e531a96dadf53a1cd085be27d73a503667b9b86fe48406164973adeaa6ed3011afa57af9748320f00d20e169d0a906c7057d6a5dd29a4fb347da00378aa2b6dd77578247f35033082257dcddd4b12e18b55fe92ab5bfcefc42e8ee5c440d50d3ec9ee062c421307153cb04a28b00e079561d33ef55288ed05aa4c48917beb337bb3e4429531f8bc824b3bd4afaff3d50e709b48b6b3d70125ab97003ea799d5ca1ae6cd46ff7d18e7dbf5262a3590036318b2566305b2955401abff811e219611d32e8dfe94157860f3277122b9caebfbb83a930743cefe41a40aab3956cbdf68a37fcaafa573be08f3a98124d156fc15243507f65e7b567c9e7b4a72539cf205e9de9639822e1f6cd9ae4f22faf633be3b551a60d89a892c969fca146f69ffcab305e15d6249d07c0a5a716f0d20bc7cc76d6d1a3e206f05c2180cb3f849a3fa078e994f1d1722a049a3d4ce53a26e84f69c9bf16da04efe8f3d52aa55e5600a0bf25b2c2cc5c0d45e4c982395d125ca9f3c211e09d05d96402bff88cab015e1a2a7b6ba13c4f7ae3cbfde7e89fa878c772a333985e91a49bd9a4fdac2a66abec8547903d446ec47f44bc1f3216dc37a58b303778f1289d5f92129a76caaa61c4890447c81ab5184fea2a73ac652ccf9a0bfd00a78a3e83c09adff9658659e0cd1391fbc8d8ca99ad5e14e66887cf8c2554cc5cc291bbf9b3555bfd89f7640b5c49d45c65a73892ba87d2abd2365deb889e16ab42588dbe995943450dede49b07028413423999bef390c51519c78668a2d78e60abdca7f8171f663de8a59715b557980b8d0323d2e9ae4247b3fe77c7358c0ede8133367514587a8484d7bd0b19f8d676b551f6d574a61aad65f594beb9582e0937c9e3a580f3cf706f6a6ec10223ec3694008e12f9466b8fa2927306dc85874e05f0f09755e402888a9f7d1fcf4ab99783cb67b3fc78b679afda421b0ad6affc500c40b1ac6da1012c83eac8d585eef559a8637b6863359e9a5643007ef778596f56ea0fbd14744231609ce80dde355120325263367de5daf8a3d740ea829efc3938ea24521e61fe6005e3713b91283b53932039b805b7fe56892d959781af04b78ffd79ad7980e48deb987a1e717dffec99df9df0106b6ee1bbad9f1fb033f950311db4ff9e445a82d6be109f9e8289b8e7bd3732af32b4535866ea5806d7fef3436aecba9e556881821ed5651ef0a7006229040ff94aa933e712a1c06b9fe4005de3c03e714861a304f240ee186e052ed4d1a44a2809c0437b313a37d9f590189bf1eb347a12aa143cd2137fc51a7820771bf5329231e8c2b087cd89990ad07188bb4fa6d2a25cd805dbe3da308872c9ac19869576f0da5e3edf93bb9797ce935f82c77d275cc1499bb55e2afa621a96bfd0cedbbbfb5ce2dad8645ab112cdafb1d7ee3ddb7b91045e4ec4c53112dc40a7fd6a680e3d94143c3d88fd6bc9a12d7b307fcbcb9f2dc901ebf11f9bc9781e6da74c63d8ed2d49baba32861c7125892b1c9f38d009d1f53a9c7ab3b0acfbd11acacb121384ade15263e3646bfb441a74e1708c8dadbbabb763c3332c633da62bd525748c4a279ede6ea7747bca32008e20c25d533e589718831aa4457ee21e9a1bd751038761292a6d95177d781ae1d5cde8c4b165f165da90e792d0e483933c6eda9976c2c5a98b0408a08ea39bab57ec2f4dac17b5c080bba1c5600fbf21685e30f6c17f07526cc4953c0939c03bad529a7965e75f44cc00e2b6a7ce2cce21727c0ee9b7fe53bda191e4b249670a865625b2dd4386fc60f9a8ae144995991764d466f3542a6c4779589a742e62e88159aad809106a17ff04120dec61224a90f799e200693a840d026ae898f538ce097d6461d71b1f8de6a2c811bc6d9257dc8f531d1dab0174cc7a86fc51ade534bc3e1dea7311e4b2c4c49e748da74fd83aad9a76438c0345d94cfa44e3301acca3a4829ef471d71337598d19f17bb7cbdf2b11d2c9c1201444b8a2cad73ecf143c4e1b75955e0938e73b0d339a0630019f0cff98f666b84accc5e8ee69cfd7c6fe292979eedf4348c86169279036a4fed55bfc2998564a9dd2227c0c6545101c05299ca13e23230c44acb3adab0e68950c519cc283252ada760738bbac38e7c7c00ca6f62193cb3b26d02156ff2b69df257b88b8e3c60636832d8241b8e4bb1e54660ba609502c30472b548823e6f80f0208ee20c8e46ea9f792bfaaa5bbf481cc5875c03fc2b3d5396c2d644bb28bf79fd7581f5d34fdf9654afd7a23891d432fcbcc2e99afb060c3903fb80f2eee8d3227a72b27072620ef4dc20a3e2fd4cb08ba79651671550531ca6b960d5b4f8874f0085b8c21ba91ce69e0a98b1704e2e87e64e2dc9bb75ab0bf6b5377d310e9de07602efa423f5b9bcaa0782fdf21a4e30f998d45b21170ad8ff81551a775039b239db6c3167e22b76fd5e5f1c236321f97b94f67f1ee6221ecc6c28a4763aa38dd7aa028a04c4d79d9c43025c5f03d62f5154e28758a056b5e9a08a02fcb23369ba51db9e73d573f2e71affa9bd7c1cb55c935cf998687f224f3e2517706237c845dcd2611a299f4dc675dc2e322a5619c82540827293ba9d9496778d18a16f348665e783d167077ca51dfaeb2"}]}, 0x1018}, 0x1, 0x0, 0x0, 0x1ad7b12868a36300}, 0x4011) mkdir$auto(&(0x7f0000000100)='}[,&*}\x00', 0x8001) mmap$auto(0x0, 0x420009, 0xdf, 0xeb1, 0x401, 0x8000) r7 = socket(0xa, 0x1, 0x84) getsockopt$auto(r7, 0x0, 0x482, 0x0, &(0x7f0000000040)=0x83) mount$auto(0x0, &(0x7f00000000c0)='}[,&*}\x00', &(0x7f0000000140)='nfsd\x00', 0xf, 0x0) chdir$auto(&(0x7f0000000000)='}[,&*}\x00') open$auto(&(0x7f0000000080)='\x00', 0x3ff, 0x7) 656.179187ms ago: executing program 2 (id=2845): mmap$auto(0x10000, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffff7fffff0005, 0x8) mmap$auto(0x0, 0x5, 0x2, 0x40eb2, 0x401, 0x300000000000) mmap$auto(0x3cd3, 0x9, 0xdf, 0x9b73, 0x2, 0x8000) r0 = socket(0x2, 0x1, 0x106) bind$auto(r0, 0x0, 0x6a) connect$auto(0x3, 0x0, 0x54) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000300)='/sys/devices/platform/dummy_hcd.4/usb5/5-0:1.0/usb5-port1/power/pm_qos_no_power_off\x00', 0x101001, 0x0) write$auto(r1, 0x0, 0x81) r2 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x0) close_range$auto(0x2, 0x8, 0x0) r3 = io_uring_setup$auto(0x9, 0x0) r4 = openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/tracing/trace_pipe\x00', 0x20100, 0x0) sendfile$auto(r0, 0xffffffffffffffff, 0x0, 0x9) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000001080)='/sys/module/i915/parameters/mitigations\x00', 0x88302, 0x0) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_SET_REG(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYRESHEX=r4, @ANYRES32=r4, @ANYRESDEC=r0], 0x14}, 0x1, 0x0, 0x0, 0xc050}, 0x4800) write$auto(0xffffffffffffffff, &(0x7f0000000240)='802.15.4 MAC\x00', 0x7) r5 = open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x100) sendmsg$auto_SMC_NETLINK_GET_DEV_SMCD(r3, &(0x7f0000000440)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x1802000}, 0xc, &(0x7f0000000400)={&(0x7f00000003c0)={0x34, 0x0, 0x800, 0x70bd26, 0x25dfdbfc, {}, "7bbe09fe20c0ad5e4ab7b72c6e107d6d359cd0076290c3425bc40d4d86"}, 0x34}, 0x1, 0x0, 0x0, 0x4000041}, 0x80c4) r6 = eventfd$auto(0x6) copy_file_range$auto(r5, 0x0, r6, 0x0, 0x8000000000000002, 0x0) ioctl$auto_MEMGETINFO(r5, 0x80204d01, &(0x7f0000000140)={0x4, 0x8a0, 0x3, 0xd4, 0x6}) r7 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/stat\x00', 0x42802, 0x0) read$auto(r7, &(0x7f0000000200)='N\xd5\f\xb9GC*(,\x00\xc4bAL\xa3`\xb1\xf2\xe7\xc04b$\x99.\xb4\xcc\xc0%\xaa\xd3\xd5\xef\xa4\xd35u\xc0\xa6\r\xcaJ\x11\xaf\x93\xde\xc3|\x17\x96\xd1\x15g\x10\x1ai1(=!\xf1\xe8\xe4\xcdM\xedKW\xe7\xfbL\\\xf2sj(\v\xcd\xe5\x02B\x81ss$ \x93\xff\xd9aze\x9a\xa4f5\x7f\xec\xa1\xf4\x85\xc8\x96\xb8\x88\x92@{\xdd\x8199\xa5\x1e\xb0A\xa3\xcbj7\xe9\xc9L\xcc\xc6\xa4\xaf%\xba\xda\xee\xd8%:bXj\xd5[UG\x8a\x8ab\x9a\x18\xe8K\xafU\x8d\xb1\f~\xaa\xab(\x86(\xf9\b\xf7$%\xf2\x11\xa4\x9bj\xc1)\n\x1ft\xb6\xaf\xe2\xd4\x95\xa3\xe1\x1f\xf7uw\a\xd0\x83{_>/\xff', 0x100000005) sendmsg$auto_OVS_DP_CMD_NEW(0xffffffffffffffff, &(0x7f0000000980)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4c804}, 0x240480b0) write$auto(r7, &(0x7f00000000c0)='\xc4\x1dR\x00\x003\x1bO\xbb\x98)\x7fTa1\xa3\xd0\x89\x1e\\\xff', 0x8587) 653.144004ms ago: executing program 1 (id=2846): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup.cpu/memory.limit_in_bytes\x00', 0x182b02, 0x0) syz_genetlink_get_family_id$auto_ipvs(&(0x7f00000009c0), 0xffffffffffffffff) unshare$auto(0x40000080) writev$auto(0x3, &(0x7f0000000100)={&(0x7f0000000040), 0x7111}, 0x8) ioctl$auto(0x4000000000000c8, 0x400454c9, 0x3) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0xa, 0x3, 0x73) setsockopt$auto(0x400000000000003, 0xff, 0x24, 0x0, 0xfff) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) ioctl$auto_FS_IOC_SETFLAGS2(0xffffffffffffffff, 0x40086602, 0x0) mmap$auto(0x0, 0x400005, 0xe2, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0x600006, 0x19) sendfile$auto(r0, r0, 0x0, 0x3) 599.807234ms ago: executing program 0 (id=2847): r0 = openat$auto_rfkill_fops_core(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) write$auto_rfkill_fops_core(r0, &(0x7f0000000100)="22017e1829e0e4", 0x7) r1 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) write$auto_console_fops_tty_io(r1, &(0x7f0000000000)="c80d1b5d509b3b", 0xfdef) r2 = userfaultfd$auto(0x3) getsockopt$auto_SO_SNDTIMEO_NEW(r2, 0x0, 0x43, &(0x7f0000000040)='/dev/rfkill\x00', &(0x7f0000000080)=0x9) 470.80148ms ago: executing program 3 (id=2848): close_range$auto(0x0, 0x5, 0x0) mmap$auto(0x0, 0x20009, 0xe3, 0x100000eb1, 0x40000000000a1, 0x8000) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/pts/ptmx\x00', 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000031c0)='/sys/devices/pci0000:00/0000:00:03.0/virtio0/vendor\x00', 0x101000, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r1, &(0x7f0000003200)=""/64, 0x40) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000040), 0xe0180, 0x0) syz_open_procfs$namespace(0x0, &(0x7f0000000100)='ns/net\x00') ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) fanotify_mark$auto(0xffffffffffffffff, 0x1, 0xf45c, 0x4, 0x0) ioctl$auto_KVM_CREATE_VM(r0, 0xaea2, 0x0) 144.978484ms ago: executing program 3 (id=2849): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup.cpu/memory.limit_in_bytes\x00', 0x182b02, 0x0) syz_genetlink_get_family_id$auto_ipvs(&(0x7f00000009c0), 0xffffffffffffffff) unshare$auto(0x40000080) mmap$auto(0x0, 0x2020009, 0x2, 0xeb1, 0xfffffffffffffffa, 0x8000) ioctl$auto(0x4000000000000c8, 0x400454c9, 0x3) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0xa, 0x3, 0x73) setsockopt$auto(0x400000000000003, 0xff, 0x24, 0x0, 0xfff) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) ioctl$auto_FS_IOC_SETFLAGS2(0xffffffffffffffff, 0x40086602, 0x0) mmap$auto(0x0, 0x400005, 0xe2, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0x600006, 0x19) sendfile$auto(r0, r0, 0x0, 0x3) 143.198618ms ago: executing program 0 (id=2850): r0 = openat$auto_mon_fops_text_t_mon_text(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/usb/usbmon/26u\x00', 0x22202, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x1, 0x8000) openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f0000000040)='/dev/usbmon25\x00', 0x4000, 0x0) r1 = fanotify_init$auto(0x0, 0x9) flistxattr$auto(0xffffffffffffffff, 0x0, 0x7) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty46\x00', 0x0, 0x0) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000005c0)='/sys/devices/virtual/mac80211_hwsim/hwsim1/ieee80211/phy1/rfkill3/state\x00', 0x102, 0x0) mmap$auto(0x0, 0x2a, 0xdf, 0x9b72, 0x1000, 0x28000) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) epoll_create$auto(0x3e) r4 = socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) r5 = socket(0x18, 0x3, 0x2) setsockopt$auto_SO_LINGER(r0, 0x1, 0xd, &(0x7f0000000100)='(,\x00:\x00\\\xb3\xc7\xaf\x19\x7f\x82S%h*SI', 0x8) bind$auto(r5, &(0x7f0000000180)=@in={0x2, 0x4e20, @private=0xa010101}, 0x6a) mq_notify$auto(0xffffffffffffffff, &(0x7f00000000c0)={@sival_ptr=0x0, @raw=0x3, 0x2, @_sigev_thread={0x0, 0x0}}) connect$auto(0x3, &(0x7f00000000c0)=@hci={0x1f, 0x2, 0x3}, 0x55) close_range$auto(r4, 0xffffffffffffffff, 0x0) r6 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/sound/ctl-led/speaker/mode\x00', 0x2a001, 0x0) write$auto(r6, &(0x7f0000000040)='0\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) mmap$auto(0x0, 0x2020006, 0x3, 0xffffffff, 0xfffffffffffffff6, 0x8003) setsockopt$auto(r2, 0x0, 0x16, 0x0, 0x2) sendfile$auto(r3, r3, 0x0, 0x7ffffffc) syz_genetlink_get_family_id$auto_thermal(0x0, r1) sendmsg$auto_THERMAL_GENL_CMD_TZ_GET_TRIP(r1, &(0x7f00000008c0)={0x0, 0x0, 0x0}, 0x2004cc44) ioctl$auto(r2, 0x5608, 0x0) r7 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_mac80211_hwsim(0x0, 0xffffffffffffffff) sendmsg$auto_HWSIM_CMD_DEL_RADIO(r7, 0x0, 0x4010010) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) 0s ago: executing program 2 (id=2851): mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) socket(0x2, 0x1, 0x106) io_uring_setup$auto(0x80000000, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) r2 = set_tid_address$auto(&(0x7f0000000180)=0xf0) waitid$auto_P_PIDFD(0x3, r1, &(0x7f0000000040)={@siginfo_0_0={0x2, 0x4000008, 0xf8, @_rt={r2, 0x0, @sival_ptr=&(0x7f0000000280)="79ca6170c72c9b5affac767c0127e58e38f3f407303ed544651fc514ea2bf3a8d8ec1b5efc99d62cbb8043d4582607afd440f400a4fdcd74a0d6cc759ee437d05a5a149e70f79615cb36ed421aea340b2fe6"}}}, 0x20f5, &(0x7f0000000440)={{0xfffffffffffffffd, 0x82}, {0x5f, 0xd}, 0x0, 0x10, 0x80000001, 0x8, 0x1ff, 0x22, 0x5, 0x501, 0xfff, 0x3, 0x3, 0x9, 0xc, 0x9}) prctl$auto(0x3e, 0x3, r2, 0x4, 0x0) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) socket(0x28, 0x5, 0x0) r3 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000180), 0xffffffffffffffff) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) socket(0x10, 0x2, 0x14) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="18"], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4c084}, 0x51) sendmsg$auto_NL802154_CMD_SET_WPAN_PHY_NETNS(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="01002dbd7000ffdf4a737ddbdf25140000200800032f6b", @ANYRES32=0x0, @ANYBLOB="0800010006000000"], 0x24}, 0x1, 0x0, 0x0, 0x4000c00}, 0x4000000) listen$auto(0xffffffffffffffff, 0x2) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video3\x00', 0x2aa01, 0x0) socket$nl_generic(0x10, 0x3, 0x10) select$auto(0x9, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0x3, 0x1, 0x948b, 0x9, 0x15f4da07, 0x6, 0x2, 0x64, 0x80000020, 0x1000, 0xb, 0x9, 0x2, 0xd8]}, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x8000000000001fd, 0x20000000007, 0x4, 0x1000000000000bc3, 0x800, 0x3, 0xff, 0x10001, 0x400000000003, 0x3, 0xfffffffffffffffc, 0xfffffffffffffffe, 0x80000000, 0x9, 0xffffdfffffffff81, 0x4]}, 0x0) kernel console output (not intermixed with test programs): +0x10/0x10 [ 822.535287][T18323] __fput+0x3ff/0xb50 [ 822.535338][T18323] task_work_run+0x150/0x240 [ 822.535367][T18323] ? __pfx_task_work_run+0x10/0x10 [ 822.535399][T18323] ? rcu_is_watching+0x12/0xc0 [ 822.535436][T18323] exit_to_user_mode_loop+0x107/0x4f0 [ 822.535466][T18323] ? rcu_is_watching+0x12/0xc0 [ 822.535505][T18323] do_syscall_64+0x6f2/0xf80 [ 822.535548][T18323] ? clear_bhb_loop+0x40/0x90 [ 822.535583][T18323] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 822.535613][T18323] RIP: 0033:0x7fb49d79ce59 [ 822.535639][T18323] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 822.535668][T18323] RSP: 002b:00007fb49e642028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 822.535696][T18323] RAX: 0000000000000000 RBX: 00007fb49da15fa0 RCX: 00007fb49d79ce59 [ 822.535716][T18323] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 822.535734][T18323] RBP: 00007fb49d832d6f R08: 0000000000000000 R09: 0000000000000000 [ 822.535752][T18323] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 822.535770][T18323] R13: 00007fb49da16038 R14: 00007fb49da15fa0 R15: 00007fffb30e6378 [ 822.535807][T18323] [ 822.977253][T18331] FAULT_INJECTION: forcing a failure. [ 822.977253][T18331] name failslab, interval 1, probability 0, space 0, times 0 [ 823.028576][T18331] CPU: 0 UID: 0 PID: 18331 Comm: syz.3.2525 Not tainted syzkaller #0 PREEMPT(full) [ 823.028617][T18331] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 823.028634][T18331] Call Trace: [ 823.028645][T18331] [ 823.028657][T18331] dump_stack_lvl+0x100/0x190 [ 823.028694][T18331] should_fail_ex.cold+0x5/0xa [ 823.028731][T18331] should_failslab+0xc2/0x120 [ 823.028767][T18331] __kmalloc_cache_noprof+0x7a/0x6f0 [ 823.028807][T18331] ? snd_pcm_oss_change_params_locked+0x81c/0x39f0 [ 823.028862][T18331] ? _snd_pcm_hw_param_min+0x1ea/0x670 [ 823.028912][T18331] snd_pcm_oss_change_params_locked+0x81c/0x39f0 [ 823.028972][T18331] ? snd_pcm_oss_sync+0x243/0x840 [ 823.029013][T18331] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 823.029053][T18331] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 823.029098][T18331] ? task_work_add+0x201/0x3b0 [ 823.029128][T18331] ? __pfx___mutex_lock+0x10/0x10 [ 823.029155][T18331] ? __pfx_task_work_add+0x10/0x10 [ 823.029207][T18331] snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 823.029252][T18331] snd_pcm_oss_sync+0x265/0x840 [ 823.029301][T18331] snd_pcm_oss_release+0x238/0x300 [ 823.029345][T18331] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 823.029386][T18331] __fput+0x3ff/0xb50 [ 823.029433][T18331] task_work_run+0x150/0x240 [ 823.029463][T18331] ? __pfx_task_work_run+0x10/0x10 [ 823.029496][T18331] ? rcu_is_watching+0x12/0xc0 [ 823.029534][T18331] exit_to_user_mode_loop+0x107/0x4f0 [ 823.029564][T18331] ? rcu_is_watching+0x12/0xc0 [ 823.029601][T18331] do_syscall_64+0x6f2/0xf80 [ 823.029642][T18331] ? clear_bhb_loop+0x40/0x90 [ 823.029678][T18331] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 823.029708][T18331] RIP: 0033:0x7fb49d79ce59 [ 823.029732][T18331] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 823.029761][T18331] RSP: 002b:00007fb49e642028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 823.029789][T18331] RAX: 0000000000000000 RBX: 00007fb49da15fa0 RCX: 00007fb49d79ce59 [ 823.029809][T18331] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 823.029826][T18331] RBP: 00007fb49d832d6f R08: 0000000000000000 R09: 0000000000000000 [ 823.029845][T18331] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 823.029877][T18331] R13: 00007fb49da16038 R14: 00007fb49da15fa0 R15: 00007fffb30e6378 [ 823.029916][T18331] [ 823.299890][T18337] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2526'. [ 823.345375][T18338] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2524'. [ 823.541713][T18341] netlink: 'syz.3.2527': attribute type 1 has an invalid length. [ 823.549932][T18341] netlink: 322 bytes leftover after parsing attributes in process `syz.3.2527'. [ 823.596238][T18343] FAULT_INJECTION: forcing a failure. [ 823.596238][T18343] name failslab, interval 1, probability 0, space 0, times 0 [ 823.623151][T18343] CPU: 0 UID: 0 PID: 18343 Comm: syz.3.2527 Not tainted syzkaller #0 PREEMPT(full) [ 823.623192][T18343] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 823.623211][T18343] Call Trace: [ 823.623221][T18343] [ 823.623231][T18343] dump_stack_lvl+0x100/0x190 [ 823.623272][T18343] should_fail_ex.cold+0x5/0xa [ 823.623309][T18343] should_failslab+0xc2/0x120 [ 823.623351][T18343] __kmalloc_cache_noprof+0x7a/0x6f0 [ 823.623393][T18343] ? snd_pcm_oss_change_params_locked+0x1db/0x39f0 [ 823.623453][T18343] snd_pcm_oss_change_params_locked+0x1db/0x39f0 [ 823.623502][T18343] ? rcu_is_watching+0x12/0xc0 [ 823.623537][T18343] ? trace_contention_end+0x122/0x170 [ 823.623576][T18343] ? snd_pcm_oss_sync+0x243/0x840 [ 823.623622][T18343] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 823.623691][T18343] ? __pfx___mutex_lock+0x10/0x10 [ 823.623729][T18343] ? __fsnotify_parent+0x2b4/0xca0 [ 823.623779][T18343] snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 823.623828][T18343] snd_pcm_oss_sync+0x265/0x840 [ 823.623877][T18343] snd_pcm_oss_release+0x238/0x300 [ 823.623921][T18343] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 823.623966][T18343] __fput+0x3ff/0xb50 [ 823.624013][T18343] task_work_run+0x150/0x240 [ 823.624049][T18343] ? __pfx_task_work_run+0x10/0x10 [ 823.624081][T18343] ? rcu_is_watching+0x12/0xc0 [ 823.624121][T18343] exit_to_user_mode_loop+0x107/0x4f0 [ 823.624156][T18343] ? rcu_is_watching+0x12/0xc0 [ 823.624196][T18343] do_syscall_64+0x6f2/0xf80 [ 823.624239][T18343] ? clear_bhb_loop+0x40/0x90 [ 823.624274][T18343] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 823.624305][T18343] RIP: 0033:0x7fb49d79ce59 [ 823.624334][T18343] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 823.624368][T18343] RSP: 002b:00007fb49e621028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 823.624398][T18343] RAX: 0000000000000000 RBX: 00007fb49da16090 RCX: 00007fb49d79ce59 [ 823.624417][T18343] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 823.624436][T18343] RBP: 00007fb49d832d6f R08: 0000000000000000 R09: 0000000000000000 [ 823.624455][T18343] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 823.624473][T18343] R13: 00007fb49da16128 R14: 00007fb49da16090 R15: 00007fffb30e6378 [ 823.624512][T18343] [ 824.163724][T18349] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2529'. [ 824.226698][T18351] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2528'. [ 824.412867][T14787] Bluetooth: hci4: command 0x2016 tx timeout [ 825.297524][T18369] netlink: 'syz.3.2532': attribute type 33 has an invalid length. [ 825.320662][T18369] netlink: 322 bytes leftover after parsing attributes in process `syz.3.2532'. [ 825.384533][T18372] netlink: 'syz.1.2533': attribute type 33 has an invalid length. [ 825.392656][T18372] netlink: 322 bytes leftover after parsing attributes in process `syz.1.2533'. [ 825.498390][T18377] FAULT_INJECTION: forcing a failure. [ 825.498390][T18377] name failslab, interval 1, probability 0, space 0, times 0 [ 825.534087][T18377] CPU: 0 UID: 0 PID: 18377 Comm: syz.0.2534 Not tainted syzkaller #0 PREEMPT(full) [ 825.534127][T18377] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 825.534144][T18377] Call Trace: [ 825.534154][T18377] [ 825.534166][T18377] dump_stack_lvl+0x100/0x190 [ 825.534211][T18377] should_fail_ex.cold+0x5/0xa [ 825.534249][T18377] should_failslab+0xc2/0x120 [ 825.534284][T18377] __kmalloc_cache_noprof+0x7a/0x6f0 [ 825.534325][T18377] ? snd_pcm_oss_change_params_locked+0x1db/0x39f0 [ 825.534379][T18377] snd_pcm_oss_change_params_locked+0x1db/0x39f0 [ 825.534426][T18377] ? rcu_is_watching+0x12/0xc0 [ 825.534462][T18377] ? trace_contention_end+0x122/0x170 [ 825.534496][T18377] ? snd_pcm_oss_sync+0x243/0x840 [ 825.534538][T18377] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 825.534593][T18377] ? __pfx___mutex_lock+0x10/0x10 [ 825.534626][T18377] ? __fsnotify_parent+0x2b4/0xca0 [ 825.534673][T18377] snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 825.534725][T18377] snd_pcm_oss_sync+0x265/0x840 [ 825.534774][T18377] snd_pcm_oss_release+0x238/0x300 [ 825.534821][T18377] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 825.534861][T18377] __fput+0x3ff/0xb50 [ 825.534908][T18377] task_work_run+0x150/0x240 [ 825.534938][T18377] ? __pfx_task_work_run+0x10/0x10 [ 825.534970][T18377] ? rcu_is_watching+0x12/0xc0 [ 825.535017][T18377] exit_to_user_mode_loop+0x107/0x4f0 [ 825.535046][T18377] ? rcu_is_watching+0x12/0xc0 [ 825.535083][T18377] do_syscall_64+0x6f2/0xf80 [ 825.535123][T18377] ? clear_bhb_loop+0x40/0x90 [ 825.535159][T18377] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 825.535189][T18377] RIP: 0033:0x7fa36f99ce59 [ 825.535215][T18377] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 825.535244][T18377] RSP: 002b:00007fa37085e028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 825.535272][T18377] RAX: 0000000000000000 RBX: 00007fa36fc15fa0 RCX: 00007fa36f99ce59 [ 825.535292][T18377] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 825.535309][T18377] RBP: 00007fa36fa32d6f R08: 0000000000000000 R09: 0000000000000000 [ 825.535327][T18377] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 825.535352][T18377] R13: 00007fa36fc16038 R14: 00007fa36fc15fa0 R15: 00007fff187d4868 [ 825.535392][T18377] [ 825.921124][T14787] Bluetooth: hci4: unexpected subevent 0x01 length: 123 > 18 [ 825.960072][T14787] Bluetooth: hci4: unexpected event 0x05 length: 6 > 4 [ 826.302233][T14787] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 826.354525][T14787] Bluetooth: hci1: unexpected event 0x05 length: 6 > 4 [ 827.324206][T18406] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2539'. [ 827.923610][T18411] netlink: 'syz.3.2540': attribute type 1 has an invalid length. [ 827.934301][ T5623] Bluetooth: hci4: command 0x2016 tx timeout [ 827.951181][T18412] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2548'. [ 827.963989][T18411] netlink: 322 bytes leftover after parsing attributes in process `syz.3.2540'. [ 828.332969][ T5623] Bluetooth: hci1: command 0x2016 tx timeout [ 828.357468][T18421] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2541'. [ 829.411892][T18445] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2545'. [ 829.932533][ T5623] Bluetooth: hci4: unexpected subevent 0x01 length: 123 > 18 [ 829.956810][ T5623] Bluetooth: hci4: unexpected event 0x05 length: 6 > 4 [ 830.659942][ T5623] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 830.712663][ T5623] Bluetooth: hci0: unexpected event 0x05 length: 6 > 4 [ 830.939643][T18473] syz_tun: tun_chr_ioctl cmd 1074025673 [ 831.531553][T18482] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2552'. [ 832.013301][ T50] Bluetooth: hci4: command 0x2016 tx timeout [ 832.677757][T18488] netlink: 'syz.2.2554': attribute type 33 has an invalid length. [ 832.715805][T18488] netlink: 322 bytes leftover after parsing attributes in process `syz.2.2554'. [ 832.733272][ T50] Bluetooth: hci0: command tx timeout [ 833.051866][T18502] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2556'. [ 833.582289][ T50] Bluetooth: hci4: unexpected subevent 0x01 length: 123 > 18 [ 833.619659][ T50] Bluetooth: hci4: unexpected event 0x05 length: 6 > 4 [ 834.837213][T18530] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2563'. [ 835.370746][T18536] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2564'. [ 835.614193][ T5623] Bluetooth: hci4: command 0x2016 tx timeout [ 835.658859][T18542] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2573'. [ 835.717382][T18543] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2565'. [ 836.692334][ T5623] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 836.711995][ T5623] Bluetooth: hci0: unexpected event 0x05 length: 6 > 4 [ 836.790843][T18555] syz_tun: tun_chr_ioctl cmd 1074025673 [ 837.020972][T18549] netlink: 'syz.3.2566': attribute type 33 has an invalid length. [ 837.049341][T18549] netlink: 322 bytes leftover after parsing attributes in process `syz.3.2566'. [ 837.200876][T18565] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2569'. [ 837.693269][T18579] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2572'. [ 838.532510][T18591] syz_tun: tun_chr_ioctl cmd 1074025673 [ 838.733253][ T50] Bluetooth: hci0: command 0x2016 tx timeout [ 838.799871][T18599] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2576'. [ 838.868552][T18602] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2577'. [ 839.504361][T18610] FAULT_INJECTION: forcing a failure. [ 839.504361][T18610] name failslab, interval 1, probability 0, space 0, times 0 [ 839.551006][T18610] CPU: 1 UID: 0 PID: 18610 Comm: syz.2.2578 Not tainted syzkaller #0 PREEMPT(full) [ 839.551052][T18610] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 839.551071][T18610] Call Trace: [ 839.551082][T18610] [ 839.551094][T18610] dump_stack_lvl+0x100/0x190 [ 839.551146][T18610] should_fail_ex.cold+0x5/0xa [ 839.551186][T18610] should_failslab+0xc2/0x120 [ 839.551220][T18610] __kmalloc_cache_noprof+0x7a/0x6f0 [ 839.551262][T18610] ? snd_pcm_oss_change_params_locked+0x247/0x39f0 [ 839.551319][T18610] snd_pcm_oss_change_params_locked+0x247/0x39f0 [ 839.551371][T18610] ? trace_contention_end+0x122/0x170 [ 839.551409][T18610] ? snd_pcm_oss_sync+0x243/0x840 [ 839.551452][T18610] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 839.551504][T18610] ? __pfx___mutex_lock+0x10/0x10 [ 839.551540][T18610] ? __fsnotify_parent+0x2b4/0xca0 [ 839.551590][T18610] snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 839.551635][T18610] snd_pcm_oss_sync+0x265/0x840 [ 839.551683][T18610] snd_pcm_oss_release+0x238/0x300 [ 839.551727][T18610] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 839.551769][T18610] __fput+0x3ff/0xb50 [ 839.551814][T18610] task_work_run+0x150/0x240 [ 839.551843][T18610] ? __pfx_task_work_run+0x10/0x10 [ 839.551876][T18610] ? rcu_is_watching+0x12/0xc0 [ 839.551916][T18610] exit_to_user_mode_loop+0x107/0x4f0 [ 839.551943][T18610] ? rcu_is_watching+0x12/0xc0 [ 839.551982][T18610] do_syscall_64+0x6f2/0xf80 [ 839.552025][T18610] ? clear_bhb_loop+0x40/0x90 [ 839.552059][T18610] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 839.552089][T18610] RIP: 0033:0x7fcfd139ce59 [ 839.552125][T18610] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 839.552154][T18610] RSP: 002b:00007fcfd21e5028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 839.552184][T18610] RAX: 0000000000000000 RBX: 00007fcfd1615fa0 RCX: 00007fcfd139ce59 [ 839.552203][T18610] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 839.552220][T18610] RBP: 00007fcfd1432d6f R08: 0000000000000000 R09: 0000000000000000 [ 839.552238][T18610] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 839.552255][T18610] R13: 00007fcfd1616038 R14: 00007fcfd1615fa0 R15: 00007ffc81b0a448 [ 839.552293][T18610] [ 840.086240][T18613] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2579'. [ 840.538819][T18628] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2582'. [ 840.555877][T18629] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2581'. [ 841.477119][ T5623] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 841.515826][T18649] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2583'. [ 841.529271][ T50] Bluetooth: hci1: unexpected event 0x05 length: 6 > 4 [ 841.548945][T18648] FAULT_INJECTION: forcing a failure. [ 841.548945][T18648] name failslab, interval 1, probability 0, space 0, times 0 [ 841.621719][T18648] CPU: 1 UID: 0 PID: 18648 Comm: syz.0.2585 Not tainted syzkaller #0 PREEMPT(full) [ 841.621759][T18648] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 841.621777][T18648] Call Trace: [ 841.621787][T18648] [ 841.621799][T18648] dump_stack_lvl+0x100/0x190 [ 841.621838][T18648] should_fail_ex.cold+0x5/0xa [ 841.621876][T18648] should_failslab+0xc2/0x120 [ 841.621912][T18648] __kmalloc_cache_noprof+0x7a/0x6f0 [ 841.621953][T18648] ? snd_pcm_oss_change_params_locked+0x81c/0x39f0 [ 841.621998][T18648] ? _snd_pcm_hw_param_min+0x1ea/0x670 [ 841.622044][T18648] snd_pcm_oss_change_params_locked+0x81c/0x39f0 [ 841.622102][T18648] ? snd_pcm_oss_sync+0x243/0x840 [ 841.622137][T18648] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 841.622175][T18648] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 841.622219][T18648] ? task_work_add+0x201/0x3b0 [ 841.622259][T18648] ? __pfx___mutex_lock+0x10/0x10 [ 841.622286][T18648] ? __pfx_task_work_add+0x10/0x10 [ 841.622332][T18648] snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 841.622381][T18648] snd_pcm_oss_sync+0x265/0x840 [ 841.622443][T18648] snd_pcm_oss_release+0x238/0x300 [ 841.622490][T18648] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 841.622536][T18648] __fput+0x3ff/0xb50 [ 841.622583][T18648] task_work_run+0x150/0x240 [ 841.622615][T18648] ? __pfx_task_work_run+0x10/0x10 [ 841.622649][T18648] ? rcu_is_watching+0x12/0xc0 [ 841.622689][T18648] exit_to_user_mode_loop+0x107/0x4f0 [ 841.622717][T18648] ? rcu_is_watching+0x12/0xc0 [ 841.622750][T18648] do_syscall_64+0x6f2/0xf80 [ 841.622788][T18648] ? clear_bhb_loop+0x40/0x90 [ 841.622819][T18648] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 841.622845][T18648] RIP: 0033:0x7fa36f99ce59 [ 841.622869][T18648] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 841.622897][T18648] RSP: 002b:00007fa37085e028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 841.622924][T18648] RAX: 0000000000000000 RBX: 00007fa36fc15fa0 RCX: 00007fa36f99ce59 [ 841.622944][T18648] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 841.622962][T18648] RBP: 00007fa36fa32d6f R08: 0000000000000000 R09: 0000000000000000 [ 841.622980][T18648] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 841.622998][T18648] R13: 00007fa36fc16038 R14: 00007fa36fc15fa0 R15: 00007fff187d4868 [ 841.623035][T18648] [ 842.259688][T18664] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2588'. [ 842.514387][T18668] FAULT_INJECTION: forcing a failure. [ 842.514387][T18668] name failslab, interval 1, probability 0, space 0, times 0 [ 842.534467][T18668] CPU: 0 UID: 0 PID: 18668 Comm: syz.0.2589 Not tainted syzkaller #0 PREEMPT(full) [ 842.534507][T18668] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 842.534525][T18668] Call Trace: [ 842.534534][T18668] [ 842.534542][T18668] dump_stack_lvl+0x100/0x190 [ 842.534564][T18668] should_fail_ex.cold+0x5/0xa [ 842.534585][T18668] ? constrain_params_by_rules+0x175/0xcc0 [ 842.534603][T18668] should_failslab+0xc2/0x120 [ 842.534622][T18668] __kmalloc_noprof+0xe0/0x850 [ 842.534636][T18668] ? unwind_get_return_address+0x59/0xa0 [ 842.534662][T18668] constrain_params_by_rules+0x175/0xcc0 [ 842.534682][T18668] ? stack_trace_save+0x8e/0xc0 [ 842.534706][T18668] ? __pfx_constrain_params_by_rules+0x10/0x10 [ 842.534727][T18668] ? __kasan_kmalloc+0xaa/0xb0 [ 842.534742][T18668] ? snd_pcm_oss_change_params_locked+0x81c/0x39f0 [ 842.534767][T18668] ? snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 842.534791][T18668] ? snd_pcm_oss_sync+0x265/0x840 [ 842.534820][T18668] ? snd_interval_refine+0x2d0/0x580 [ 842.534906][T18668] snd_pcm_hw_refine+0x7e7/0xad0 [ 842.534926][T18668] ? __pfx_snd_pcm_hw_refine+0x10/0x10 [ 842.534951][T18668] ? snd_interval_refine+0x2d0/0x580 [ 842.534973][T18668] snd_pcm_oss_change_params_locked+0xdb3/0x39f0 [ 842.535005][T18668] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 842.535028][T18668] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 842.535051][T18668] ? task_work_add+0x201/0x3b0 [ 842.535067][T18668] ? __pfx___mutex_lock+0x10/0x10 [ 842.535082][T18668] ? __pfx_task_work_add+0x10/0x10 [ 842.535107][T18668] snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 842.535131][T18668] snd_pcm_oss_sync+0x265/0x840 [ 842.535157][T18668] snd_pcm_oss_release+0x238/0x300 [ 842.535182][T18668] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 842.535206][T18668] __fput+0x3ff/0xb50 [ 842.535231][T18668] task_work_run+0x150/0x240 [ 842.535248][T18668] ? __pfx_task_work_run+0x10/0x10 [ 842.535271][T18668] ? rcu_is_watching+0x12/0xc0 [ 842.535294][T18668] exit_to_user_mode_loop+0x107/0x4f0 [ 842.535311][T18668] ? rcu_is_watching+0x12/0xc0 [ 842.535332][T18668] do_syscall_64+0x6f2/0xf80 [ 842.535356][T18668] ? clear_bhb_loop+0x40/0x90 [ 842.535375][T18668] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 842.535391][T18668] RIP: 0033:0x7fa36f99ce59 [ 842.535405][T18668] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 842.535423][T18668] RSP: 002b:00007fa37085e028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 842.535439][T18668] RAX: 0000000000000000 RBX: 00007fa36fc15fa0 RCX: 00007fa36f99ce59 [ 842.535450][T18668] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 842.535460][T18668] RBP: 00007fa36fa32d6f R08: 0000000000000000 R09: 0000000000000000 [ 842.535470][T18668] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 842.535479][T18668] R13: 00007fa36fc16038 R14: 00007fa36fc15fa0 R15: 00007fff187d4868 [ 842.535499][T18668] [ 842.617494][T18670] FAULT_INJECTION: forcing a failure. [ 842.617494][T18670] name failslab, interval 1, probability 0, space 0, times 0 [ 842.862069][T18670] CPU: 0 UID: 0 PID: 18670 Comm: syz.1.2590 Not tainted syzkaller #0 PREEMPT(full) [ 842.862108][T18670] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 842.862126][T18670] Call Trace: [ 842.862135][T18670] [ 842.862146][T18670] dump_stack_lvl+0x100/0x190 [ 842.862193][T18670] should_fail_ex.cold+0x5/0xa [ 842.862230][T18670] should_failslab+0xc2/0x120 [ 842.862264][T18670] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 842.862308][T18670] ? sk_prot_alloc+0x60/0x2a0 [ 842.862354][T18670] sk_prot_alloc+0x60/0x2a0 [ 842.862395][T18670] sk_alloc+0x36/0xe80 [ 842.862427][T18670] kcm_create+0xfc/0x6a0 [ 842.862469][T18670] __sock_create+0x339/0x860 [ 842.862517][T18670] __sys_socket+0x14d/0x260 [ 842.862559][T18670] ? __pfx___sys_socket+0x10/0x10 [ 842.862612][T18670] __x64_sys_socket+0x72/0xb0 [ 842.862653][T18670] ? lockdep_hardirqs_on+0x78/0x100 [ 842.862697][T18670] do_syscall_64+0x10b/0xf80 [ 842.862731][T18670] ? clear_bhb_loop+0x40/0x90 [ 842.862764][T18670] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 842.862794][T18670] RIP: 0033:0x7f5d1ef9ce59 [ 842.862818][T18670] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 842.862846][T18670] RSP: 002b:00007f5d1fefd028 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 842.862874][T18670] RAX: ffffffffffffffda RBX: 00007f5d1f215fa0 RCX: 00007f5d1ef9ce59 [ 842.862893][T18670] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000029 [ 842.862910][T18670] RBP: 00007f5d1f032d6f R08: 0000000000000000 R09: 0000000000000000 [ 842.862927][T18670] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 842.862945][T18670] R13: 00007f5d1f216038 R14: 00007f5d1f215fa0 R15: 00007ffcaf194568 [ 842.862982][T18670] [ 843.115787][T18672] FAULT_INJECTION: forcing a failure. [ 843.115787][T18672] name failslab, interval 1, probability 0, space 0, times 0 [ 843.128795][T18672] CPU: 1 UID: 0 PID: 18672 Comm: syz.0.2591 Not tainted syzkaller #0 PREEMPT(full) [ 843.128835][T18672] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 843.128853][T18672] Call Trace: [ 843.128863][T18672] [ 843.128874][T18672] dump_stack_lvl+0x100/0x190 [ 843.128913][T18672] should_fail_ex.cold+0x5/0xa [ 843.128952][T18672] should_failslab+0xc2/0x120 [ 843.128986][T18672] __kmalloc_cache_noprof+0x7a/0x6f0 [ 843.129028][T18672] ? snd_pcm_oss_change_params_locked+0x81c/0x39f0 [ 843.129074][T18672] ? _snd_pcm_hw_param_min+0x1ea/0x670 [ 843.129123][T18672] snd_pcm_oss_change_params_locked+0x81c/0x39f0 [ 843.129181][T18672] ? snd_pcm_oss_sync+0x243/0x840 [ 843.129223][T18672] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 843.129267][T18672] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 843.129312][T18672] ? task_work_add+0x201/0x3b0 [ 843.129344][T18672] ? __pfx___mutex_lock+0x10/0x10 [ 843.129373][T18672] ? __pfx_task_work_add+0x10/0x10 [ 843.129422][T18672] snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 843.129471][T18672] snd_pcm_oss_sync+0x265/0x840 [ 843.129519][T18672] snd_pcm_oss_release+0x238/0x300 [ 843.129583][T18672] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 843.129629][T18672] __fput+0x3ff/0xb50 [ 843.129683][T18672] task_work_run+0x150/0x240 [ 843.129715][T18672] ? __pfx_task_work_run+0x10/0x10 [ 843.129749][T18672] ? rcu_is_watching+0x12/0xc0 [ 843.129789][T18672] exit_to_user_mode_loop+0x107/0x4f0 [ 843.129817][T18672] ? rcu_is_watching+0x12/0xc0 [ 843.129855][T18672] do_syscall_64+0x6f2/0xf80 [ 843.129901][T18672] ? clear_bhb_loop+0x40/0x90 [ 843.129937][T18672] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 843.129968][T18672] RIP: 0033:0x7fa36f99ce59 [ 843.129994][T18672] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 843.130025][T18672] RSP: 002b:00007fa37085e028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 843.130055][T18672] RAX: 0000000000000000 RBX: 00007fa36fc15fa0 RCX: 00007fa36f99ce59 [ 843.130075][T18672] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 843.130093][T18672] RBP: 00007fa36fa32d6f R08: 0000000000000000 R09: 0000000000000000 [ 843.130113][T18672] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 843.130132][T18672] R13: 00007fa36fc16038 R14: 00007fa36fc15fa0 R15: 00007fff187d4868 [ 843.130170][T18672] [ 843.534302][ T50] Bluetooth: hci1: command 0x2016 tx timeout [ 843.549873][T18679] FAULT_INJECTION: forcing a failure. [ 843.549873][T18679] name failslab, interval 1, probability 0, space 0, times 0 [ 843.562667][T18679] CPU: 1 UID: 0 PID: 18679 Comm: syz.0.2602 Not tainted syzkaller #0 PREEMPT(full) [ 843.562708][T18679] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 843.562726][T18679] Call Trace: [ 843.562736][T18679] [ 843.562747][T18679] dump_stack_lvl+0x100/0x190 [ 843.562784][T18679] should_fail_ex.cold+0x5/0xa [ 843.562821][T18679] should_failslab+0xc2/0x120 [ 843.562854][T18679] __kmalloc_cache_noprof+0x7a/0x6f0 [ 843.562896][T18679] ? snd_pcm_oss_change_params_locked+0x81c/0x39f0 [ 843.562942][T18679] ? _snd_pcm_hw_param_min+0x1ea/0x670 [ 843.562989][T18679] snd_pcm_oss_change_params_locked+0x81c/0x39f0 [ 843.563047][T18679] ? snd_pcm_oss_sync+0x243/0x840 [ 843.563087][T18679] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 843.563128][T18679] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 843.563172][T18679] ? task_work_add+0x201/0x3b0 [ 843.563202][T18679] ? __pfx___mutex_lock+0x10/0x10 [ 843.563229][T18679] ? __pfx_task_work_add+0x10/0x10 [ 843.563276][T18679] snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 843.563322][T18679] snd_pcm_oss_sync+0x265/0x840 [ 843.563369][T18679] snd_pcm_oss_release+0x238/0x300 [ 843.563412][T18679] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 843.563456][T18679] __fput+0x3ff/0xb50 [ 843.563504][T18679] task_work_run+0x150/0x240 [ 843.563533][T18679] ? __pfx_task_work_run+0x10/0x10 [ 843.563566][T18679] ? rcu_is_watching+0x12/0xc0 [ 843.563614][T18679] exit_to_user_mode_loop+0x107/0x4f0 [ 843.563644][T18679] ? rcu_is_watching+0x12/0xc0 [ 843.563682][T18679] do_syscall_64+0x6f2/0xf80 [ 843.563725][T18679] ? clear_bhb_loop+0x40/0x90 [ 843.563760][T18679] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 843.563791][T18679] RIP: 0033:0x7fa36f99ce59 [ 843.563816][T18679] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 843.563844][T18679] RSP: 002b:00007fa37085e028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 843.563871][T18679] RAX: 0000000000000000 RBX: 00007fa36fc15fa0 RCX: 00007fa36f99ce59 [ 843.563890][T18679] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 843.563905][T18679] RBP: 00007fa36fa32d6f R08: 0000000000000000 R09: 0000000000000000 [ 843.563920][T18679] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 843.563937][T18679] R13: 00007fa36fc16038 R14: 00007fa36fc15fa0 R15: 00007fff187d4868 [ 843.563975][T18679] [ 843.848066][T18687] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2593'. [ 843.860501][T18688] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2594'. [ 843.977235][T18683] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2592'. [ 844.227444][T18699] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2595'. [ 844.528731][T18705] syz_tun: tun_chr_ioctl cmd 1074025673 [ 844.546950][T18709] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2597'. [ 845.041495][T18719] FAULT_INJECTION: forcing a failure. [ 845.041495][T18719] name failslab, interval 1, probability 0, space 0, times 0 [ 845.091590][T18719] CPU: 0 UID: 0 PID: 18719 Comm: syz.1.2599 Not tainted syzkaller #0 PREEMPT(full) [ 845.091630][T18719] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 845.091641][T18719] Call Trace: [ 845.091648][T18719] [ 845.091654][T18719] dump_stack_lvl+0x100/0x190 [ 845.091677][T18719] should_fail_ex.cold+0x5/0xa [ 845.091698][T18719] should_failslab+0xc2/0x120 [ 845.091717][T18719] __kmalloc_cache_noprof+0x7a/0x6f0 [ 845.091739][T18719] ? snd_pcm_oss_change_params_locked+0x211/0x39f0 [ 845.091769][T18719] snd_pcm_oss_change_params_locked+0x211/0x39f0 [ 845.091794][T18719] ? rcu_is_watching+0x12/0xc0 [ 845.091814][T18719] ? trace_contention_end+0x122/0x170 [ 845.091833][T18719] ? snd_pcm_oss_sync+0x243/0x840 [ 845.091856][T18719] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 845.091883][T18719] ? __pfx___mutex_lock+0x10/0x10 [ 845.091902][T18719] ? __fsnotify_parent+0x2b4/0xca0 [ 845.091937][T18719] snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 845.091963][T18719] snd_pcm_oss_sync+0x265/0x840 [ 845.091991][T18719] snd_pcm_oss_release+0x238/0x300 [ 845.092015][T18719] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 845.092039][T18719] __fput+0x3ff/0xb50 [ 845.092064][T18719] task_work_run+0x150/0x240 [ 845.092081][T18719] ? __pfx_task_work_run+0x10/0x10 [ 845.092098][T18719] ? rcu_is_watching+0x12/0xc0 [ 845.092118][T18719] exit_to_user_mode_loop+0x107/0x4f0 [ 845.092134][T18719] ? rcu_is_watching+0x12/0xc0 [ 845.092155][T18719] do_syscall_64+0x6f2/0xf80 [ 845.092183][T18719] ? clear_bhb_loop+0x40/0x90 [ 845.092231][T18719] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 845.092249][T18719] RIP: 0033:0x7f5d1ef9ce59 [ 845.092264][T18719] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 845.092279][T18719] RSP: 002b:00007f5d1fefd028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 845.092295][T18719] RAX: 0000000000000000 RBX: 00007f5d1f215fa0 RCX: 00007f5d1ef9ce59 [ 845.092306][T18719] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 845.092316][T18719] RBP: 00007f5d1f032d6f R08: 0000000000000000 R09: 0000000000000000 [ 845.092325][T18719] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 845.092335][T18719] R13: 00007f5d1f216038 R14: 00007f5d1f215fa0 R15: 00007ffcaf194568 [ 845.092356][T18719] [ 846.318546][T18738] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2604'. [ 847.000898][T18744] FAULT_INJECTION: forcing a failure. [ 847.000898][T18744] name failslab, interval 1, probability 0, space 0, times 0 [ 847.083528][T18744] CPU: 0 UID: 0 PID: 18744 Comm: syz.0.2605 Not tainted syzkaller #0 PREEMPT(full) [ 847.083552][T18744] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 847.083562][T18744] Call Trace: [ 847.083568][T18744] [ 847.083575][T18744] dump_stack_lvl+0x100/0x190 [ 847.083598][T18744] should_fail_ex.cold+0x5/0xa [ 847.083619][T18744] should_failslab+0xc2/0x120 [ 847.083638][T18744] __kmalloc_cache_noprof+0x7a/0x6f0 [ 847.083660][T18744] ? snd_pcm_oss_change_params_locked+0x81c/0x39f0 [ 847.083685][T18744] ? _snd_pcm_hw_param_min+0x1ea/0x670 [ 847.083710][T18744] snd_pcm_oss_change_params_locked+0x81c/0x39f0 [ 847.083741][T18744] ? snd_pcm_oss_sync+0x243/0x840 [ 847.083766][T18744] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 847.083788][T18744] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 847.083812][T18744] ? task_work_add+0x201/0x3b0 [ 847.083828][T18744] ? __pfx___mutex_lock+0x10/0x10 [ 847.083843][T18744] ? __pfx_task_work_add+0x10/0x10 [ 847.083868][T18744] snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 847.083893][T18744] snd_pcm_oss_sync+0x265/0x840 [ 847.083920][T18744] snd_pcm_oss_release+0x238/0x300 [ 847.083944][T18744] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 847.083969][T18744] __fput+0x3ff/0xb50 [ 847.083994][T18744] task_work_run+0x150/0x240 [ 847.084011][T18744] ? __pfx_task_work_run+0x10/0x10 [ 847.084028][T18744] ? rcu_is_watching+0x12/0xc0 [ 847.084049][T18744] exit_to_user_mode_loop+0x107/0x4f0 [ 847.084064][T18744] ? rcu_is_watching+0x12/0xc0 [ 847.084084][T18744] do_syscall_64+0x6f2/0xf80 [ 847.084107][T18744] ? clear_bhb_loop+0x40/0x90 [ 847.084125][T18744] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 847.084141][T18744] RIP: 0033:0x7fa36f99ce59 [ 847.084155][T18744] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 847.084171][T18744] RSP: 002b:00007fa37085e028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 847.084186][T18744] RAX: 0000000000000000 RBX: 00007fa36fc15fa0 RCX: 00007fa36f99ce59 [ 847.084197][T18744] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 847.084206][T18744] RBP: 00007fa36fa32d6f R08: 0000000000000000 R09: 0000000000000000 [ 847.084215][T18744] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 847.084224][T18744] R13: 00007fa36fc16038 R14: 00007fa36fc15fa0 R15: 00007fff187d4868 [ 847.084244][T18744] [ 847.588919][T18750] FAULT_INJECTION: forcing a failure. [ 847.588919][T18750] name failslab, interval 1, probability 0, space 0, times 0 [ 847.623054][T18750] CPU: 0 UID: 0 PID: 18750 Comm: syz.1.2614 Not tainted syzkaller #0 PREEMPT(full) [ 847.623094][T18750] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 847.623111][T18750] Call Trace: [ 847.623120][T18750] [ 847.623132][T18750] dump_stack_lvl+0x100/0x190 [ 847.623177][T18750] should_fail_ex.cold+0x5/0xa [ 847.623214][T18750] should_failslab+0xc2/0x120 [ 847.623247][T18750] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 847.623293][T18750] ? sk_prot_alloc+0x60/0x2a0 [ 847.623340][T18750] sk_prot_alloc+0x60/0x2a0 [ 847.623379][T18750] sk_alloc+0x36/0xe80 [ 847.623411][T18750] kcm_create+0xfc/0x6a0 [ 847.623453][T18750] __sock_create+0x339/0x860 [ 847.623499][T18750] __sys_socket+0x14d/0x260 [ 847.623541][T18750] ? __pfx___sys_socket+0x10/0x10 [ 847.623592][T18750] __x64_sys_socket+0x72/0xb0 [ 847.623631][T18750] ? lockdep_hardirqs_on+0x78/0x100 [ 847.623670][T18750] do_syscall_64+0x10b/0xf80 [ 847.623710][T18750] ? clear_bhb_loop+0x40/0x90 [ 847.623744][T18750] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 847.623774][T18750] RIP: 0033:0x7f5d1ef9ce59 [ 847.623798][T18750] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 847.623826][T18750] RSP: 002b:00007f5d1fefd028 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 847.623854][T18750] RAX: ffffffffffffffda RBX: 00007f5d1f215fa0 RCX: 00007f5d1ef9ce59 [ 847.623874][T18750] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000029 [ 847.623890][T18750] RBP: 00007f5d1f032d6f R08: 0000000000000000 R09: 0000000000000000 [ 847.623908][T18750] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 847.623925][T18750] R13: 00007f5d1f216038 R14: 00007f5d1f215fa0 R15: 00007ffcaf194568 [ 847.623959][T18750] [ 847.735494][T18751] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2607'. [ 847.774978][T18752] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2606'. [ 848.096557][T18757] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2608'. [ 848.493986][T18759] netlink: 'syz.3.2609': attribute type 33 has an invalid length. [ 848.512227][T18759] netlink: 322 bytes leftover after parsing attributes in process `syz.3.2609'. [ 848.753972][T18766] FAULT_INJECTION: forcing a failure. [ 848.753972][T18766] name failslab, interval 1, probability 0, space 0, times 0 [ 848.756338][T18764] netlink: 'syz.0.2610': attribute type 33 has an invalid length. [ 848.767373][T18766] CPU: 1 UID: 0 PID: 18766 Comm: syz.3.2611 Not tainted syzkaller #0 PREEMPT(full) [ 848.767410][T18766] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 848.767427][T18766] Call Trace: [ 848.767438][T18766] [ 848.767449][T18766] dump_stack_lvl+0x100/0x190 [ 848.767487][T18766] should_fail_ex.cold+0x5/0xa [ 848.767523][T18766] should_failslab+0xc2/0x120 [ 848.767558][T18766] __kmalloc_cache_noprof+0x7a/0x6f0 [ 848.767598][T18766] ? snd_pcm_oss_change_params_locked+0x1db/0x39f0 [ 848.767651][T18766] snd_pcm_oss_change_params_locked+0x1db/0x39f0 [ 848.767704][T18766] ? rcu_is_watching+0x12/0xc0 [ 848.767738][T18766] ? trace_contention_end+0x122/0x170 [ 848.767774][T18766] ? snd_pcm_oss_sync+0x243/0x840 [ 848.767815][T18766] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 848.767864][T18766] ? __pfx___mutex_lock+0x10/0x10 [ 848.767897][T18766] ? __fsnotify_parent+0x2b4/0xca0 [ 848.767944][T18766] snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 848.767992][T18766] snd_pcm_oss_sync+0x265/0x840 [ 848.768039][T18766] snd_pcm_oss_release+0x238/0x300 [ 848.768081][T18766] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 848.768130][T18766] __fput+0x3ff/0xb50 [ 848.768181][T18766] task_work_run+0x150/0x240 [ 848.768212][T18766] ? __pfx_task_work_run+0x10/0x10 [ 848.768244][T18766] ? rcu_is_watching+0x12/0xc0 [ 848.768281][T18766] exit_to_user_mode_loop+0x107/0x4f0 [ 848.768308][T18766] ? rcu_is_watching+0x12/0xc0 [ 848.768344][T18766] do_syscall_64+0x6f2/0xf80 [ 848.768384][T18766] ? clear_bhb_loop+0x40/0x90 [ 848.768418][T18766] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 848.768447][T18766] RIP: 0033:0x7fb49d79ce59 [ 848.768470][T18766] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 848.768498][T18766] RSP: 002b:00007fb49e642028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 848.768525][T18766] RAX: 0000000000000000 RBX: 00007fb49da15fa0 RCX: 00007fb49d79ce59 [ 848.768543][T18766] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 848.768560][T18766] RBP: 00007fb49d832d6f R08: 0000000000000000 R09: 0000000000000000 [ 848.768578][T18766] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 848.768595][T18766] R13: 00007fb49da16038 R14: 00007fb49da15fa0 R15: 00007fffb30e6378 [ 848.768631][T18766] [ 848.912551][ T50] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 848.939115][T18764] netlink: 322 bytes leftover after parsing attributes in process `syz.0.2610'. [ 849.037892][ T50] Bluetooth: hci1: unexpected event 0x05 length: 6 > 4 [ 849.045496][T18772] syz_tun: tun_chr_ioctl cmd 1074025673 [ 849.185921][T18776] FAULT_INJECTION: forcing a failure. [ 849.185921][T18776] name failslab, interval 1, probability 0, space 0, times 0 [ 849.219930][T18778] FAULT_INJECTION: forcing a failure. [ 849.219930][T18778] name failslab, interval 1, probability 0, space 0, times 0 [ 849.232846][T18776] CPU: 0 UID: 0 PID: 18776 Comm: syz.0.2616 Not tainted syzkaller #0 PREEMPT(full) [ 849.232886][T18776] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 849.232905][T18776] Call Trace: [ 849.232913][T18776] [ 849.232924][T18776] dump_stack_lvl+0x100/0x190 [ 849.232961][T18776] should_fail_ex.cold+0x5/0xa [ 849.232999][T18776] should_failslab+0xc2/0x120 [ 849.233033][T18776] __kmalloc_cache_noprof+0x7a/0x6f0 [ 849.233072][T18776] ? snd_pcm_oss_change_params_locked+0x211/0x39f0 [ 849.233134][T18776] snd_pcm_oss_change_params_locked+0x211/0x39f0 [ 849.233184][T18776] ? rcu_is_watching+0x12/0xc0 [ 849.233219][T18776] ? trace_contention_end+0x122/0x170 [ 849.233255][T18776] ? snd_pcm_oss_sync+0x243/0x840 [ 849.233299][T18776] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 849.233348][T18776] ? __pfx___mutex_lock+0x10/0x10 [ 849.233384][T18776] ? __fsnotify_parent+0x2b4/0xca0 [ 849.233431][T18776] snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 849.233477][T18776] snd_pcm_oss_sync+0x265/0x840 [ 849.233526][T18776] snd_pcm_oss_release+0x238/0x300 [ 849.233568][T18776] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 849.233613][T18776] __fput+0x3ff/0xb50 [ 849.233659][T18776] task_work_run+0x150/0x240 [ 849.233690][T18776] ? __pfx_task_work_run+0x10/0x10 [ 849.233722][T18776] ? rcu_is_watching+0x12/0xc0 [ 849.233760][T18776] exit_to_user_mode_loop+0x107/0x4f0 [ 849.233790][T18776] ? rcu_is_watching+0x12/0xc0 [ 849.233826][T18776] do_syscall_64+0x6f2/0xf80 [ 849.233866][T18776] ? clear_bhb_loop+0x40/0x90 [ 849.233901][T18776] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 849.233930][T18776] RIP: 0033:0x7fa36f99ce59 [ 849.233954][T18776] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 849.233981][T18776] RSP: 002b:00007fa37085e028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 849.234010][T18776] RAX: 0000000000000000 RBX: 00007fa36fc15fa0 RCX: 00007fa36f99ce59 [ 849.234028][T18776] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 849.234043][T18776] RBP: 00007fa36fa32d6f R08: 0000000000000000 R09: 0000000000000000 [ 849.234060][T18776] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 849.234076][T18776] R13: 00007fa36fc16038 R14: 00007fa36fc15fa0 R15: 00007fff187d4868 [ 849.234113][T18776] [ 849.473047][T18778] CPU: 1 UID: 0 PID: 18778 Comm: syz.1.2615 Not tainted syzkaller #0 PREEMPT(full) [ 849.473085][T18778] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 849.473102][T18778] Call Trace: [ 849.473113][T18778] [ 849.473124][T18778] dump_stack_lvl+0x100/0x190 [ 849.473162][T18778] should_fail_ex.cold+0x5/0xa [ 849.473196][T18778] ? constrain_params_by_rules+0x175/0xcc0 [ 849.473228][T18778] should_failslab+0xc2/0x120 [ 849.473262][T18778] __kmalloc_noprof+0xe0/0x850 [ 849.473288][T18778] ? unwind_get_return_address+0x59/0xa0 [ 849.473334][T18778] constrain_params_by_rules+0x175/0xcc0 [ 849.473375][T18778] ? stack_trace_save+0x8e/0xc0 [ 849.473418][T18778] ? __pfx_constrain_params_by_rules+0x10/0x10 [ 849.473459][T18778] ? __kasan_kmalloc+0xaa/0xb0 [ 849.473486][T18778] ? snd_pcm_oss_change_params_locked+0x81c/0x39f0 [ 849.473528][T18778] ? snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 849.473570][T18778] ? snd_pcm_oss_sync+0x265/0x840 [ 849.473637][T18778] ? snd_interval_refine+0x2d0/0x580 [ 849.473680][T18778] snd_pcm_hw_refine+0x7e7/0xad0 [ 849.473718][T18778] ? __pfx_snd_pcm_hw_refine+0x10/0x10 [ 849.473766][T18778] ? snd_interval_refine+0x2d0/0x580 [ 849.473806][T18778] snd_pcm_oss_change_params_locked+0xdb3/0x39f0 [ 849.473862][T18778] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 849.473903][T18778] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 849.473949][T18778] ? task_work_add+0x201/0x3b0 [ 849.473980][T18778] ? __pfx___mutex_lock+0x10/0x10 [ 849.474007][T18778] ? __pfx_task_work_add+0x10/0x10 [ 849.474056][T18778] snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 849.474105][T18778] snd_pcm_oss_sync+0x265/0x840 [ 849.474152][T18778] snd_pcm_oss_release+0x238/0x300 [ 849.474195][T18778] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 849.474239][T18778] __fput+0x3ff/0xb50 [ 849.474287][T18778] task_work_run+0x150/0x240 [ 849.474318][T18778] ? __pfx_task_work_run+0x10/0x10 [ 849.474351][T18778] ? rcu_is_watching+0x12/0xc0 [ 849.474391][T18778] exit_to_user_mode_loop+0x107/0x4f0 [ 849.474420][T18778] ? rcu_is_watching+0x12/0xc0 [ 849.474458][T18778] do_syscall_64+0x6f2/0xf80 [ 849.474498][T18778] ? clear_bhb_loop+0x40/0x90 [ 849.474533][T18778] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 849.474563][T18778] RIP: 0033:0x7f5d1ef9ce59 [ 849.474586][T18778] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 849.474623][T18778] RSP: 002b:00007f5d1fefd028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 849.474653][T18778] RAX: 0000000000000000 RBX: 00007f5d1f215fa0 RCX: 00007f5d1ef9ce59 [ 849.474672][T18778] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 849.474690][T18778] RBP: 00007f5d1f032d6f R08: 0000000000000000 R09: 0000000000000000 [ 849.474709][T18778] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 849.474727][T18778] R13: 00007f5d1f216038 R14: 00007f5d1f215fa0 R15: 00007ffcaf194568 [ 849.474766][T18778] [ 849.884008][ T1168] bridge_slave_1: left allmulticast mode [ 849.889780][ T1168] bridge_slave_1: left promiscuous mode [ 849.901724][ T1168] bridge0: port 2(bridge_slave_1) entered disabled state [ 849.964622][ T1168] bridge_slave_0: left allmulticast mode [ 849.984239][ T1168] bridge_slave_0: left promiscuous mode [ 850.007790][ T1168] bridge0: port 1(bridge_slave_0) entered disabled state [ 850.037538][T18784] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2617'. [ 850.237408][T18791] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2619'. [ 850.525772][ T1168] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 850.587188][ T1168] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 850.627894][ T1168] bond0 (unregistering): Released all slaves [ 850.734143][T18790] syz_tun: tun_chr_ioctl cmd 1074025673 [ 850.777640][ T1168] HSR: left promiscuous mode [ 850.974830][ T5623] Bluetooth: hci1: command 0x2016 tx timeout [ 851.503906][T18806] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2621'. [ 852.164406][T18816] syz_tun: tun_chr_ioctl cmd 1074025673 [ 852.186775][T18817] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2624'. [ 852.277508][ T1168] hsr_slave_0: left promiscuous mode [ 852.292010][ T1168] hsr_slave_1: left promiscuous mode [ 852.325243][ T1168] veth1_macvtap: left promiscuous mode [ 852.339132][ T1168] veth0_macvtap: left promiscuous mode [ 852.357064][ T1168] veth1_vlan: left promiscuous mode [ 852.383252][ T1168] veth0_vlan: left promiscuous mode [ 853.063005][ T1168] team0 (unregistering): Port device team_slave_1 removed [ 853.092480][ T1168] team0 (unregistering): Port device team_slave_0 removed [ 853.571308][T18834] syz_tun: tun_chr_ioctl cmd 1074025673 [ 854.328437][T18841] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2628'. [ 854.330315][T18842] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2629'. [ 854.589178][T18847] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2630'. [ 854.799000][T18851] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2631'. [ 855.855805][T18855] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2632'. [ 856.189223][T18861] FAULT_INJECTION: forcing a failure. [ 856.189223][T18861] name failslab, interval 1, probability 0, space 0, times 0 [ 856.244113][T18861] CPU: 0 UID: 0 PID: 18861 Comm: syz.1.2634 Not tainted syzkaller #0 PREEMPT(full) [ 856.244145][T18861] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 856.244155][T18861] Call Trace: [ 856.244161][T18861] [ 856.244168][T18861] dump_stack_lvl+0x100/0x190 [ 856.244190][T18861] should_fail_ex.cold+0x5/0xa [ 856.244210][T18861] ? constrain_params_by_rules+0x175/0xcc0 [ 856.244228][T18861] should_failslab+0xc2/0x120 [ 856.244247][T18861] __kmalloc_noprof+0xe0/0x850 [ 856.244261][T18861] ? unwind_get_return_address+0x59/0xa0 [ 856.244289][T18861] constrain_params_by_rules+0x175/0xcc0 [ 856.244317][T18861] ? stack_trace_save+0x8e/0xc0 [ 856.244341][T18861] ? __pfx_constrain_params_by_rules+0x10/0x10 [ 856.244361][T18861] ? __kasan_kmalloc+0xaa/0xb0 [ 856.244376][T18861] ? snd_pcm_oss_change_params_locked+0x81c/0x39f0 [ 856.244400][T18861] ? snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 856.244422][T18861] ? snd_pcm_oss_sync+0x265/0x840 [ 856.244451][T18861] ? snd_interval_refine+0x2d0/0x580 [ 856.244472][T18861] snd_pcm_hw_refine+0x7e7/0xad0 [ 856.244502][T18861] ? __pfx_snd_pcm_hw_refine+0x10/0x10 [ 856.244535][T18861] ? snd_interval_refine+0x2d0/0x580 [ 856.244555][T18861] snd_pcm_oss_change_params_locked+0xdb3/0x39f0 [ 856.244586][T18861] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 856.244609][T18861] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 856.244633][T18861] ? task_work_add+0x201/0x3b0 [ 856.244649][T18861] ? __pfx___mutex_lock+0x10/0x10 [ 856.244664][T18861] ? __pfx_task_work_add+0x10/0x10 [ 856.244689][T18861] snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 856.244714][T18861] snd_pcm_oss_sync+0x265/0x840 [ 856.244740][T18861] snd_pcm_oss_release+0x238/0x300 [ 856.244764][T18861] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 856.244788][T18861] __fput+0x3ff/0xb50 [ 856.244816][T18861] task_work_run+0x150/0x240 [ 856.244832][T18861] ? __pfx_task_work_run+0x10/0x10 [ 856.244850][T18861] ? rcu_is_watching+0x12/0xc0 [ 856.244871][T18861] exit_to_user_mode_loop+0x107/0x4f0 [ 856.244886][T18861] ? rcu_is_watching+0x12/0xc0 [ 856.244906][T18861] do_syscall_64+0x6f2/0xf80 [ 856.244928][T18861] ? clear_bhb_loop+0x40/0x90 [ 856.244947][T18861] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 856.244963][T18861] RIP: 0033:0x7f5d1ef9ce59 [ 856.244978][T18861] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 856.244993][T18861] RSP: 002b:00007f5d1fefd028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 856.245008][T18861] RAX: 0000000000000000 RBX: 00007f5d1f215fa0 RCX: 00007f5d1ef9ce59 [ 856.245019][T18861] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 856.245029][T18861] RBP: 00007f5d1f032d6f R08: 0000000000000000 R09: 0000000000000000 [ 856.245039][T18861] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 856.245049][T18861] R13: 00007f5d1f216038 R14: 00007f5d1f215fa0 R15: 00007ffcaf194568 [ 856.245069][T18861] [ 856.613356][T18865] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2633'. [ 857.420902][T18879] FAULT_INJECTION: forcing a failure. [ 857.420902][T18879] name failslab, interval 1, probability 0, space 0, times 0 [ 857.449618][T18879] CPU: 1 UID: 0 PID: 18879 Comm: syz.0.2638 Not tainted syzkaller #0 PREEMPT(full) [ 857.449657][T18879] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 857.449676][T18879] Call Trace: [ 857.449686][T18879] [ 857.449702][T18879] dump_stack_lvl+0x100/0x190 [ 857.449741][T18879] should_fail_ex.cold+0x5/0xa [ 857.449776][T18879] should_failslab+0xc2/0x120 [ 857.449808][T18879] __kmalloc_cache_noprof+0x7a/0x6f0 [ 857.449848][T18879] ? snd_pcm_oss_change_params_locked+0x1db/0x39f0 [ 857.449901][T18879] snd_pcm_oss_change_params_locked+0x1db/0x39f0 [ 857.449953][T18879] ? rcu_is_watching+0x12/0xc0 [ 857.449988][T18879] ? trace_contention_end+0x122/0x170 [ 857.450025][T18879] ? snd_pcm_oss_sync+0x243/0x840 [ 857.450069][T18879] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 857.450117][T18879] ? __pfx___mutex_lock+0x10/0x10 [ 857.450157][T18879] ? __fsnotify_parent+0x2b4/0xca0 [ 857.450207][T18879] snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 857.450254][T18879] snd_pcm_oss_sync+0x265/0x840 [ 857.450297][T18879] snd_pcm_oss_release+0x238/0x300 [ 857.450336][T18879] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 857.450377][T18879] __fput+0x3ff/0xb50 [ 857.450419][T18879] task_work_run+0x150/0x240 [ 857.450448][T18879] ? __pfx_task_work_run+0x10/0x10 [ 857.450478][T18879] ? rcu_is_watching+0x12/0xc0 [ 857.450516][T18879] exit_to_user_mode_loop+0x107/0x4f0 [ 857.450543][T18879] ? rcu_is_watching+0x12/0xc0 [ 857.450578][T18879] do_syscall_64+0x6f2/0xf80 [ 857.450627][T18879] ? clear_bhb_loop+0x40/0x90 [ 857.450662][T18879] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 857.450692][T18879] RIP: 0033:0x7fa36f99ce59 [ 857.450716][T18879] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 857.450744][T18879] RSP: 002b:00007fa37085e028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 857.450774][T18879] RAX: 0000000000000000 RBX: 00007fa36fc15fa0 RCX: 00007fa36f99ce59 [ 857.450794][T18879] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 857.450811][T18879] RBP: 00007fa36fa32d6f R08: 0000000000000000 R09: 0000000000000000 [ 857.450828][T18879] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 857.450846][T18879] R13: 00007fa36fc16038 R14: 00007fa36fc15fa0 R15: 00007fff187d4868 [ 857.450884][T18879] [ 858.439077][T18895] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2641'. [ 859.231361][T18904] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2650'. [ 859.356786][T18913] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2644'. [ 860.762485][T18924] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2646'. [ 860.799055][T18927] FAULT_INJECTION: forcing a failure. [ 860.799055][T18927] name failslab, interval 1, probability 0, space 0, times 0 [ 860.856846][T18927] CPU: 0 UID: 0 PID: 18927 Comm: syz.3.2648 Not tainted syzkaller #0 PREEMPT(full) [ 860.856870][T18927] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 860.856880][T18927] Call Trace: [ 860.856886][T18927] [ 860.856892][T18927] dump_stack_lvl+0x100/0x190 [ 860.856916][T18927] should_fail_ex.cold+0x5/0xa [ 860.856937][T18927] should_failslab+0xc2/0x120 [ 860.856956][T18927] __kmalloc_cache_noprof+0x7a/0x6f0 [ 860.856978][T18927] ? snd_pcm_oss_change_params_locked+0x1db/0x39f0 [ 860.857007][T18927] snd_pcm_oss_change_params_locked+0x1db/0x39f0 [ 860.857033][T18927] ? rcu_is_watching+0x12/0xc0 [ 860.857053][T18927] ? trace_contention_end+0x122/0x170 [ 860.857072][T18927] ? snd_pcm_oss_sync+0x243/0x840 [ 860.857095][T18927] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 860.857121][T18927] ? __pfx___mutex_lock+0x10/0x10 [ 860.857140][T18927] ? __fsnotify_parent+0x2b4/0xca0 [ 860.857166][T18927] snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 860.857191][T18927] snd_pcm_oss_sync+0x265/0x840 [ 860.857218][T18927] snd_pcm_oss_release+0x238/0x300 [ 860.857241][T18927] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 860.857265][T18927] __fput+0x3ff/0xb50 [ 860.857290][T18927] task_work_run+0x150/0x240 [ 860.857307][T18927] ? __pfx_task_work_run+0x10/0x10 [ 860.857331][T18927] ? rcu_is_watching+0x12/0xc0 [ 860.857352][T18927] exit_to_user_mode_loop+0x107/0x4f0 [ 860.857369][T18927] ? rcu_is_watching+0x12/0xc0 [ 860.857391][T18927] do_syscall_64+0x6f2/0xf80 [ 860.857414][T18927] ? clear_bhb_loop+0x40/0x90 [ 860.857432][T18927] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 860.857448][T18927] RIP: 0033:0x7fb49d79ce59 [ 860.857462][T18927] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 860.857477][T18927] RSP: 002b:00007fb49e642028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 860.857492][T18927] RAX: 0000000000000000 RBX: 00007fb49da15fa0 RCX: 00007fb49d79ce59 [ 860.857503][T18927] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 860.857512][T18927] RBP: 00007fb49d832d6f R08: 0000000000000000 R09: 0000000000000000 [ 860.857521][T18927] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 860.857530][T18927] R13: 00007fb49da16038 R14: 00007fb49da15fa0 R15: 00007fffb30e6378 [ 860.857550][T18927] [ 861.709257][T18942] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2652'. [ 861.729213][T18943] syz_tun: tun_chr_ioctl cmd 1074025673 [ 862.964690][T18959] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2654'. [ 863.264514][T18965] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2656'. [ 863.276804][T18966] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2655'. [ 864.288743][T18974] FAULT_INJECTION: forcing a failure. [ 864.288743][T18974] name failslab, interval 1, probability 0, space 0, times 0 [ 864.302886][T18974] CPU: 0 UID: 0 PID: 18974 Comm: syz.1.2665 Not tainted syzkaller #0 PREEMPT(full) [ 864.302937][T18974] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 864.302955][T18974] Call Trace: [ 864.302965][T18974] [ 864.302976][T18974] dump_stack_lvl+0x100/0x190 [ 864.303013][T18974] should_fail_ex.cold+0x5/0xa [ 864.303048][T18974] should_failslab+0xc2/0x120 [ 864.303081][T18974] __kmalloc_cache_noprof+0x7a/0x6f0 [ 864.303119][T18974] ? snd_pcm_oss_change_params_locked+0x211/0x39f0 [ 864.303167][T18974] snd_pcm_oss_change_params_locked+0x211/0x39f0 [ 864.303208][T18974] ? rcu_is_watching+0x12/0xc0 [ 864.303240][T18974] ? trace_contention_end+0x122/0x170 [ 864.303273][T18974] ? snd_pcm_oss_sync+0x243/0x840 [ 864.303313][T18974] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 864.303361][T18974] ? __pfx___mutex_lock+0x10/0x10 [ 864.303393][T18974] ? __fsnotify_parent+0x2b4/0xca0 [ 864.303440][T18974] snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 864.303486][T18974] snd_pcm_oss_sync+0x265/0x840 [ 864.303531][T18974] snd_pcm_oss_release+0x238/0x300 [ 864.303571][T18974] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 864.303613][T18974] __fput+0x3ff/0xb50 [ 864.303656][T18974] task_work_run+0x150/0x240 [ 864.303686][T18974] ? __pfx_task_work_run+0x10/0x10 [ 864.303717][T18974] ? rcu_is_watching+0x12/0xc0 [ 864.303752][T18974] exit_to_user_mode_loop+0x107/0x4f0 [ 864.303779][T18974] ? rcu_is_watching+0x12/0xc0 [ 864.303818][T18974] do_syscall_64+0x6f2/0xf80 [ 864.303858][T18974] ? clear_bhb_loop+0x40/0x90 [ 864.303891][T18974] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 864.303919][T18974] RIP: 0033:0x7f5d1ef9ce59 [ 864.303987][T18974] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 864.304018][T18974] RSP: 002b:00007f5d1fefd028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 864.304048][T18974] RAX: 0000000000000000 RBX: 00007f5d1f215fa0 RCX: 00007f5d1ef9ce59 [ 864.304069][T18974] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 864.304087][T18974] RBP: 00007f5d1f032d6f R08: 0000000000000000 R09: 0000000000000000 [ 864.304105][T18974] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 864.304120][T18974] R13: 00007f5d1f216038 R14: 00007f5d1f215fa0 R15: 00007ffcaf194568 [ 864.304157][T18974] [ 864.756811][T18983] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2657'. [ 864.894179][T18989] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2660'. [ 865.387746][T19000] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2662'. [ 865.797220][T19005] syz_tun: tun_chr_ioctl cmd 1074025673 [ 866.701761][ T50] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 866.719802][ T50] Bluetooth: hci0: unexpected event 0x05 length: 6 > 4 [ 867.406546][ T50] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 867.452235][ T50] Bluetooth: hci1: unexpected event 0x05 length: 6 > 4 [ 868.671960][T19059] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2675'. [ 868.715961][T19061] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2676'. [ 869.313849][T19075] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2678'. [ 869.453118][ T50] Bluetooth: hci1: command 0x2016 tx timeout [ 870.015616][ T1313] ieee802154 phy0 wpan0: encryption failed: -22 [ 870.022037][ T1313] ieee802154 phy1 wpan1: encryption failed: -22 [ 870.111748][T19092] syz_tun: tun_chr_ioctl cmd 1074025673 [ 870.469129][T19097] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2683'. [ 871.513000][T19115] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2694'. [ 872.235656][T19126] syz_tun: tun_chr_ioctl cmd 1074025673 [ 872.396619][T19132] FAULT_INJECTION: forcing a failure. [ 872.396619][T19132] name failslab, interval 1, probability 0, space 0, times 0 [ 872.416493][T19132] CPU: 0 UID: 0 PID: 19132 Comm: syz.0.2691 Not tainted syzkaller #0 PREEMPT(full) [ 872.416537][T19132] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 872.416555][T19132] Call Trace: [ 872.416565][T19132] [ 872.416575][T19132] dump_stack_lvl+0x100/0x190 [ 872.416616][T19132] should_fail_ex.cold+0x5/0xa [ 872.416651][T19132] should_failslab+0xc2/0x120 [ 872.416685][T19132] __kmalloc_cache_noprof+0x7a/0x6f0 [ 872.416726][T19132] ? snd_pcm_oss_change_params_locked+0x81c/0x39f0 [ 872.416772][T19132] ? _snd_pcm_hw_param_min+0x1ea/0x670 [ 872.416819][T19132] snd_pcm_oss_change_params_locked+0x81c/0x39f0 [ 872.416877][T19132] ? snd_pcm_oss_sync+0x243/0x840 [ 872.416917][T19132] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 872.416959][T19132] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 872.417001][T19132] ? task_work_add+0x201/0x3b0 [ 872.417029][T19132] ? __pfx___mutex_lock+0x10/0x10 [ 872.417054][T19132] ? __pfx_task_work_add+0x10/0x10 [ 872.417098][T19132] snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 872.417148][T19132] snd_pcm_oss_sync+0x265/0x840 [ 872.417199][T19132] snd_pcm_oss_release+0x238/0x300 [ 872.417242][T19132] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 872.417283][T19132] __fput+0x3ff/0xb50 [ 872.417330][T19132] task_work_run+0x150/0x240 [ 872.417361][T19132] ? __pfx_task_work_run+0x10/0x10 [ 872.417393][T19132] ? rcu_is_watching+0x12/0xc0 [ 872.417433][T19132] exit_to_user_mode_loop+0x107/0x4f0 [ 872.417462][T19132] ? rcu_is_watching+0x12/0xc0 [ 872.417500][T19132] do_syscall_64+0x6f2/0xf80 [ 872.417542][T19132] ? clear_bhb_loop+0x40/0x90 [ 872.417577][T19132] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 872.417611][T19132] RIP: 0033:0x7fa36f99ce59 [ 872.417636][T19132] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 872.417665][T19132] RSP: 002b:00007fa37085e028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 872.417692][T19132] RAX: 0000000000000000 RBX: 00007fa36fc15fa0 RCX: 00007fa36f99ce59 [ 872.417710][T19132] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 872.417728][T19132] RBP: 00007fa36fa32d6f R08: 0000000000000000 R09: 0000000000000000 [ 872.417746][T19132] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 872.417763][T19132] R13: 00007fa36fc16038 R14: 00007fa36fc15fa0 R15: 00007fff187d4868 [ 872.417801][T19132] [ 872.747045][T19134] FAULT_INJECTION: forcing a failure. [ 872.747045][T19134] name failslab, interval 1, probability 0, space 0, times 0 [ 872.818332][T19134] CPU: 1 UID: 0 PID: 19134 Comm: syz.0.2692 Not tainted syzkaller #0 PREEMPT(full) [ 872.818356][T19134] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 872.818367][T19134] Call Trace: [ 872.818373][T19134] [ 872.818380][T19134] dump_stack_lvl+0x100/0x190 [ 872.818404][T19134] should_fail_ex.cold+0x5/0xa [ 872.818425][T19134] ? constrain_params_by_rules+0x175/0xcc0 [ 872.818442][T19134] should_failslab+0xc2/0x120 [ 872.818460][T19134] __kmalloc_noprof+0xe0/0x850 [ 872.818475][T19134] ? unwind_get_return_address+0x59/0xa0 [ 872.818500][T19134] constrain_params_by_rules+0x175/0xcc0 [ 872.818520][T19134] ? stack_trace_save+0x8e/0xc0 [ 872.818544][T19134] ? __pfx_constrain_params_by_rules+0x10/0x10 [ 872.818564][T19134] ? __kasan_kmalloc+0xaa/0xb0 [ 872.818586][T19134] ? snd_pcm_oss_change_params_locked+0x247/0x39f0 [ 872.818610][T19134] ? snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 872.818634][T19134] ? snd_pcm_oss_sync+0x265/0x840 [ 872.818662][T19134] ? rcu_is_watching+0x12/0xc0 [ 872.818681][T19134] ? snd_interval_refine+0x2d0/0x580 [ 872.818702][T19134] snd_pcm_hw_refine+0x7e7/0xad0 [ 872.818721][T19134] ? __pfx_snd_pcm_hw_refine+0x10/0x10 [ 872.818743][T19134] ? __asan_memset+0x23/0x50 [ 872.818766][T19134] ? _snd_pcm_hw_param_min+0x1ea/0x670 [ 872.818791][T19134] snd_pcm_oss_change_params_locked+0x2594/0x39f0 [ 872.818821][T19134] ? snd_pcm_oss_sync+0x243/0x840 [ 872.818844][T19134] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 872.818870][T19134] ? __pfx___mutex_lock+0x10/0x10 [ 872.818896][T19134] snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 872.818922][T19134] snd_pcm_oss_sync+0x265/0x840 [ 872.818948][T19134] snd_pcm_oss_release+0x238/0x300 [ 872.818971][T19134] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 872.818995][T19134] __fput+0x3ff/0xb50 [ 872.819021][T19134] task_work_run+0x150/0x240 [ 872.819038][T19134] ? __pfx_task_work_run+0x10/0x10 [ 872.819055][T19134] ? rcu_is_watching+0x12/0xc0 [ 872.819079][T19134] exit_to_user_mode_loop+0x107/0x4f0 [ 872.819095][T19134] ? rcu_is_watching+0x12/0xc0 [ 872.819114][T19134] do_syscall_64+0x6f2/0xf80 [ 872.819137][T19134] ? clear_bhb_loop+0x40/0x90 [ 872.819156][T19134] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 872.819172][T19134] RIP: 0033:0x7fa36f99ce59 [ 872.819186][T19134] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 872.819201][T19134] RSP: 002b:00007fa37085e028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 872.819216][T19134] RAX: 0000000000000000 RBX: 00007fa36fc15fa0 RCX: 00007fa36f99ce59 [ 872.819227][T19134] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 872.819236][T19134] RBP: 00007fa36fa32d6f R08: 0000000000000000 R09: 0000000000000000 [ 872.819245][T19134] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 872.819258][T19134] R13: 00007fa36fc16038 R14: 00007fa36fc15fa0 R15: 00007fff187d4868 [ 872.819278][T19134] [ 874.023441][T19144] FAULT_INJECTION: forcing a failure. [ 874.023441][T19144] name failslab, interval 1, probability 0, space 0, times 0 [ 874.066737][T19144] CPU: 0 UID: 0 PID: 19144 Comm: syz.2.2695 Not tainted syzkaller #0 PREEMPT(full) [ 874.066778][T19144] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 874.066796][T19144] Call Trace: [ 874.066806][T19144] [ 874.066818][T19144] dump_stack_lvl+0x100/0x190 [ 874.066856][T19144] should_fail_ex.cold+0x5/0xa [ 874.066894][T19144] should_failslab+0xc2/0x120 [ 874.066932][T19144] __kmalloc_cache_noprof+0x7a/0x6f0 [ 874.066974][T19144] ? snd_pcm_oss_change_params_locked+0x211/0x39f0 [ 874.067028][T19144] snd_pcm_oss_change_params_locked+0x211/0x39f0 [ 874.067077][T19144] ? rcu_is_watching+0x12/0xc0 [ 874.067112][T19144] ? trace_contention_end+0x122/0x170 [ 874.067149][T19144] ? snd_pcm_oss_sync+0x243/0x840 [ 874.067191][T19144] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 874.067239][T19144] ? __pfx___mutex_lock+0x10/0x10 [ 874.067274][T19144] ? __fsnotify_parent+0x2b4/0xca0 [ 874.067321][T19144] snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 874.067367][T19144] snd_pcm_oss_sync+0x265/0x840 [ 874.067414][T19144] snd_pcm_oss_release+0x238/0x300 [ 874.067457][T19144] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 874.067501][T19144] __fput+0x3ff/0xb50 [ 874.067547][T19144] task_work_run+0x150/0x240 [ 874.067587][T19144] ? __pfx_task_work_run+0x10/0x10 [ 874.067620][T19144] ? rcu_is_watching+0x12/0xc0 [ 874.067660][T19144] exit_to_user_mode_loop+0x107/0x4f0 [ 874.067686][T19144] ? rcu_is_watching+0x12/0xc0 [ 874.067721][T19144] do_syscall_64+0x6f2/0xf80 [ 874.067758][T19144] ? clear_bhb_loop+0x40/0x90 [ 874.067794][T19144] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 874.067821][T19144] RIP: 0033:0x7fcfd139ce59 [ 874.067845][T19144] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 874.067871][T19144] RSP: 002b:00007fcfd21e5028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 874.067897][T19144] RAX: 0000000000000000 RBX: 00007fcfd1615fa0 RCX: 00007fcfd139ce59 [ 874.067916][T19144] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 874.067933][T19144] RBP: 00007fcfd1432d6f R08: 0000000000000000 R09: 0000000000000000 [ 874.067950][T19144] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 874.067968][T19144] R13: 00007fcfd1616038 R14: 00007fcfd1615fa0 R15: 00007ffc81b0a448 [ 874.068005][T19144] [ 874.368656][ T50] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 874.378638][ T50] Bluetooth: hci3: unexpected event 0x05 length: 6 > 4 [ 874.674708][T19154] FAULT_INJECTION: forcing a failure. [ 874.674708][T19154] name failslab, interval 1, probability 0, space 0, times 0 [ 874.732395][T19154] CPU: 0 UID: 0 PID: 19154 Comm: syz.1.2698 Not tainted syzkaller #0 PREEMPT(full) [ 874.732436][T19154] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 874.732454][T19154] Call Trace: [ 874.732465][T19154] [ 874.732477][T19154] dump_stack_lvl+0x100/0x190 [ 874.732524][T19154] should_fail_ex.cold+0x5/0xa [ 874.732563][T19154] should_failslab+0xc2/0x120 [ 874.732598][T19154] __kmalloc_cache_noprof+0x7a/0x6f0 [ 874.732639][T19154] ? snd_pcm_oss_change_params_locked+0x1db/0x39f0 [ 874.732694][T19154] snd_pcm_oss_change_params_locked+0x1db/0x39f0 [ 874.732735][T19154] ? rcu_is_watching+0x12/0xc0 [ 874.732769][T19154] ? trace_contention_end+0x122/0x170 [ 874.732802][T19154] ? snd_pcm_oss_sync+0x243/0x840 [ 874.732845][T19154] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 874.732895][T19154] ? __pfx___mutex_lock+0x10/0x10 [ 874.732929][T19154] ? __fsnotify_parent+0x2b4/0xca0 [ 874.732973][T19154] snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 874.733021][T19154] snd_pcm_oss_sync+0x265/0x840 [ 874.733072][T19154] snd_pcm_oss_release+0x238/0x300 [ 874.733121][T19154] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 874.733165][T19154] __fput+0x3ff/0xb50 [ 874.733209][T19154] task_work_run+0x150/0x240 [ 874.733238][T19154] ? __pfx_task_work_run+0x10/0x10 [ 874.733269][T19154] ? rcu_is_watching+0x12/0xc0 [ 874.733308][T19154] exit_to_user_mode_loop+0x107/0x4f0 [ 874.733336][T19154] ? rcu_is_watching+0x12/0xc0 [ 874.733373][T19154] do_syscall_64+0x6f2/0xf80 [ 874.733414][T19154] ? clear_bhb_loop+0x40/0x90 [ 874.733448][T19154] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 874.733478][T19154] RIP: 0033:0x7f5d1ef9ce59 [ 874.733510][T19154] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 874.733538][T19154] RSP: 002b:00007f5d1fefd028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 874.733565][T19154] RAX: 0000000000000000 RBX: 00007f5d1f215fa0 RCX: 00007f5d1ef9ce59 [ 874.733582][T19154] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 874.733598][T19154] RBP: 00007f5d1f032d6f R08: 0000000000000000 R09: 0000000000000000 [ 874.733615][T19154] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 874.733632][T19154] R13: 00007f5d1f216038 R14: 00007f5d1f215fa0 R15: 00007ffcaf194568 [ 874.733669][T19154] [ 875.993884][T19164] FAULT_INJECTION: forcing a failure. [ 875.993884][T19164] name failslab, interval 1, probability 0, space 0, times 0 [ 876.007860][T19164] CPU: 1 UID: 0 PID: 19164 Comm: syz.3.2701 Not tainted syzkaller #0 PREEMPT(full) [ 876.007902][T19164] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 876.007921][T19164] Call Trace: [ 876.007931][T19164] [ 876.007943][T19164] dump_stack_lvl+0x100/0x190 [ 876.007983][T19164] should_fail_ex.cold+0x5/0xa [ 876.008022][T19164] should_failslab+0xc2/0x120 [ 876.008056][T19164] __kmalloc_cache_noprof+0x7a/0x6f0 [ 876.008098][T19164] ? snd_pcm_oss_change_params_locked+0x81c/0x39f0 [ 876.008144][T19164] ? _snd_pcm_hw_param_min+0x1ea/0x670 [ 876.008193][T19164] snd_pcm_oss_change_params_locked+0x81c/0x39f0 [ 876.008252][T19164] ? snd_pcm_oss_sync+0x243/0x840 [ 876.008293][T19164] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 876.008334][T19164] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 876.008379][T19164] ? task_work_add+0x201/0x3b0 [ 876.008410][T19164] ? __pfx___mutex_lock+0x10/0x10 [ 876.008437][T19164] ? __pfx_task_work_add+0x10/0x10 [ 876.008486][T19164] snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 876.008534][T19164] snd_pcm_oss_sync+0x265/0x840 [ 876.008584][T19164] snd_pcm_oss_release+0x238/0x300 [ 876.008628][T19164] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 876.008672][T19164] __fput+0x3ff/0xb50 [ 876.008726][T19164] task_work_run+0x150/0x240 [ 876.008758][T19164] ? __pfx_task_work_run+0x10/0x10 [ 876.008792][T19164] ? rcu_is_watching+0x12/0xc0 [ 876.008833][T19164] exit_to_user_mode_loop+0x107/0x4f0 [ 876.008864][T19164] ? rcu_is_watching+0x12/0xc0 [ 876.008904][T19164] do_syscall_64+0x6f2/0xf80 [ 876.008947][T19164] ? clear_bhb_loop+0x40/0x90 [ 876.008983][T19164] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 876.009013][T19164] RIP: 0033:0x7fb49d79ce59 [ 876.009037][T19164] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 876.009066][T19164] RSP: 002b:00007fb49e642028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 876.009094][T19164] RAX: 0000000000000000 RBX: 00007fb49da15fa0 RCX: 00007fb49d79ce59 [ 876.009114][T19164] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 876.009131][T19164] RBP: 00007fb49d832d6f R08: 0000000000000000 R09: 0000000000000000 [ 876.009149][T19164] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 876.009167][T19164] R13: 00007fb49da16038 R14: 00007fb49da15fa0 R15: 00007fffb30e6378 [ 876.009204][T19164] [ 876.413273][ T50] Bluetooth: hci3: command 0x2016 tx timeout [ 877.657788][T19192] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2707'. [ 878.397240][T19208] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2709'. [ 878.685022][ T50] Bluetooth: hci4: unexpected subevent 0x01 length: 123 > 18 [ 878.701844][ T50] Bluetooth: hci4: unexpected event 0x05 length: 6 > 4 [ 878.900859][ T50] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 878.918656][ T50] Bluetooth: hci1: unexpected event 0x05 length: 6 > 4 [ 879.345066][T19228] FAULT_INJECTION: forcing a failure. [ 879.345066][T19228] name failslab, interval 1, probability 0, space 0, times 0 [ 879.476078][T19228] CPU: 0 UID: 0 PID: 19228 Comm: syz.2.2713 Not tainted syzkaller #0 PREEMPT(full) [ 879.476119][T19228] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 879.476137][T19228] Call Trace: [ 879.476149][T19228] [ 879.476161][T19228] dump_stack_lvl+0x100/0x190 [ 879.476201][T19228] should_fail_ex.cold+0x5/0xa [ 879.476238][T19228] should_failslab+0xc2/0x120 [ 879.476274][T19228] __kmalloc_cache_noprof+0x7a/0x6f0 [ 879.476314][T19228] ? snd_pcm_oss_change_params_locked+0x81c/0x39f0 [ 879.476360][T19228] ? _snd_pcm_hw_param_min+0x1ea/0x670 [ 879.476408][T19228] snd_pcm_oss_change_params_locked+0x81c/0x39f0 [ 879.476467][T19228] ? snd_pcm_oss_sync+0x243/0x840 [ 879.476509][T19228] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 879.476550][T19228] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 879.476595][T19228] ? task_work_add+0x201/0x3b0 [ 879.476625][T19228] ? __pfx___mutex_lock+0x10/0x10 [ 879.476651][T19228] ? __pfx_task_work_add+0x10/0x10 [ 879.476697][T19228] snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 879.476743][T19228] snd_pcm_oss_sync+0x265/0x840 [ 879.476792][T19228] snd_pcm_oss_release+0x238/0x300 [ 879.476835][T19228] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 879.476879][T19228] __fput+0x3ff/0xb50 [ 879.476926][T19228] task_work_run+0x150/0x240 [ 879.476957][T19228] ? __pfx_task_work_run+0x10/0x10 [ 879.476996][T19228] ? rcu_is_watching+0x12/0xc0 [ 879.477046][T19228] exit_to_user_mode_loop+0x107/0x4f0 [ 879.477076][T19228] ? rcu_is_watching+0x12/0xc0 [ 879.477115][T19228] do_syscall_64+0x6f2/0xf80 [ 879.477158][T19228] ? clear_bhb_loop+0x40/0x90 [ 879.477193][T19228] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 879.477223][T19228] RIP: 0033:0x7fcfd139ce59 [ 879.477248][T19228] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 879.477277][T19228] RSP: 002b:00007fcfd21e5028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 879.477307][T19228] RAX: 0000000000000000 RBX: 00007fcfd1615fa0 RCX: 00007fcfd139ce59 [ 879.477326][T19228] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 879.477343][T19228] RBP: 00007fcfd1432d6f R08: 0000000000000000 R09: 0000000000000000 [ 879.477361][T19228] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 879.477378][T19228] R13: 00007fcfd1616038 R14: 00007fcfd1615fa0 R15: 00007ffc81b0a448 [ 879.477416][T19228] [ 880.342603][T19246] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2719'. [ 880.418285][T19247] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2720'. [ 880.732995][ T5623] Bluetooth: hci4: command 0x2016 tx timeout [ 881.603191][T19265] syz_tun: tun_chr_ioctl cmd 1074025673 [ 881.666997][T19266] syz_tun: tun_chr_ioctl cmd 1074025673 [ 881.965984][T19273] FAULT_INJECTION: forcing a failure. [ 881.965984][T19273] name failslab, interval 1, probability 0, space 0, times 0 [ 881.986013][T19273] CPU: 0 UID: 0 PID: 19273 Comm: syz.1.2725 Not tainted syzkaller #0 PREEMPT(full) [ 881.986050][T19273] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 881.986068][T19273] Call Trace: [ 881.986077][T19273] [ 881.986088][T19273] dump_stack_lvl+0x100/0x190 [ 881.986126][T19273] should_fail_ex.cold+0x5/0xa [ 881.986170][T19273] ? constrain_params_by_rules+0x175/0xcc0 [ 881.986202][T19273] should_failslab+0xc2/0x120 [ 881.986237][T19273] __kmalloc_noprof+0xe0/0x850 [ 881.986261][T19273] ? unwind_get_return_address+0x59/0xa0 [ 881.986305][T19273] constrain_params_by_rules+0x175/0xcc0 [ 881.986346][T19273] ? stack_trace_save+0x8e/0xc0 [ 881.986387][T19273] ? __pfx_constrain_params_by_rules+0x10/0x10 [ 881.986424][T19273] ? __kasan_kmalloc+0xaa/0xb0 [ 881.986448][T19273] ? snd_pcm_oss_change_params_locked+0x247/0x39f0 [ 881.986484][T19273] ? snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 881.986528][T19273] ? snd_pcm_oss_sync+0x265/0x840 [ 881.986576][T19273] ? rcu_is_watching+0x12/0xc0 [ 881.986611][T19273] ? snd_interval_refine+0x2d0/0x580 [ 881.986650][T19273] snd_pcm_hw_refine+0x7e7/0xad0 [ 881.986685][T19273] ? __pfx_snd_pcm_hw_refine+0x10/0x10 [ 881.986724][T19273] ? __asan_memset+0x23/0x50 [ 881.986762][T19273] ? _snd_pcm_hw_param_min+0x1ea/0x670 [ 881.986805][T19273] snd_pcm_oss_change_params_locked+0x2594/0x39f0 [ 881.986862][T19273] ? snd_pcm_oss_sync+0x243/0x840 [ 881.986906][T19273] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 881.986956][T19273] ? __pfx___mutex_lock+0x10/0x10 [ 881.987005][T19273] snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 881.987052][T19273] snd_pcm_oss_sync+0x265/0x840 [ 881.987102][T19273] snd_pcm_oss_release+0x238/0x300 [ 881.987157][T19273] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 881.987203][T19273] __fput+0x3ff/0xb50 [ 881.987252][T19273] task_work_run+0x150/0x240 [ 881.987285][T19273] ? __pfx_task_work_run+0x10/0x10 [ 881.987318][T19273] ? rcu_is_watching+0x12/0xc0 [ 881.987357][T19273] exit_to_user_mode_loop+0x107/0x4f0 [ 881.987387][T19273] ? rcu_is_watching+0x12/0xc0 [ 881.987423][T19273] do_syscall_64+0x6f2/0xf80 [ 881.987463][T19273] ? clear_bhb_loop+0x40/0x90 [ 881.987498][T19273] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 881.987528][T19273] RIP: 0033:0x7f5d1ef9ce59 [ 881.987552][T19273] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 881.987581][T19273] RSP: 002b:00007f5d1fefd028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 881.987609][T19273] RAX: 0000000000000000 RBX: 00007f5d1f215fa0 RCX: 00007f5d1ef9ce59 [ 881.987629][T19273] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 881.987645][T19273] RBP: 00007f5d1f032d6f R08: 0000000000000000 R09: 0000000000000000 [ 881.987661][T19273] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 881.987678][T19273] R13: 00007f5d1f216038 R14: 00007f5d1f215fa0 R15: 00007ffcaf194568 [ 881.987714][T19273] [ 883.244546][T19293] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2729'. [ 883.269703][T19294] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2730'. [ 884.355210][T19311] syz_tun: tun_chr_ioctl cmd 1074025673 [ 886.102287][T19342] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2739'. [ 886.461208][ T50] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 886.493954][ T50] Bluetooth: hci1: unexpected event 0x05 length: 6 > 4 [ 886.842469][T19359] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2743'. [ 887.457600][ T50] Bluetooth: hci4: command 0x2016 tx timeout [ 888.312228][T19387] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2750'. [ 888.412550][T19391] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2751'. [ 888.466475][ T5623] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 888.492878][T14787] Bluetooth: hci1: command 0x2016 tx timeout [ 888.499048][T14787] Bluetooth: hci0: unexpected event 0x05 length: 6 > 4 [ 889.306606][T19407] FAULT_INJECTION: forcing a failure. [ 889.306606][T19407] name failslab, interval 1, probability 0, space 0, times 0 [ 889.362940][T19407] CPU: 0 UID: 0 PID: 19407 Comm: syz.1.2754 Not tainted syzkaller #0 PREEMPT(full) [ 889.362983][T19407] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 889.363003][T19407] Call Trace: [ 889.363013][T19407] [ 889.363026][T19407] dump_stack_lvl+0x100/0x190 [ 889.363065][T19407] should_fail_ex.cold+0x5/0xa [ 889.363101][T19407] ? constrain_params_by_rules+0x175/0xcc0 [ 889.363133][T19407] should_failslab+0xc2/0x120 [ 889.363163][T19407] __kmalloc_noprof+0xe0/0x850 [ 889.363187][T19407] ? unwind_get_return_address+0x59/0xa0 [ 889.363229][T19407] constrain_params_by_rules+0x175/0xcc0 [ 889.363267][T19407] ? stack_trace_save+0x8e/0xc0 [ 889.363310][T19407] ? __pfx_constrain_params_by_rules+0x10/0x10 [ 889.363352][T19407] ? __kasan_kmalloc+0xaa/0xb0 [ 889.363378][T19407] ? snd_pcm_oss_change_params_locked+0x247/0x39f0 [ 889.363421][T19407] ? snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 889.363462][T19407] ? snd_pcm_oss_sync+0x265/0x840 [ 889.363514][T19407] ? rcu_is_watching+0x12/0xc0 [ 889.363548][T19407] ? snd_interval_refine+0x2d0/0x580 [ 889.363588][T19407] snd_pcm_hw_refine+0x7e7/0xad0 [ 889.363626][T19407] ? __pfx_snd_pcm_hw_refine+0x10/0x10 [ 889.363668][T19407] ? __asan_memset+0x23/0x50 [ 889.363709][T19407] ? _snd_pcm_hw_param_min+0x1ea/0x670 [ 889.363755][T19407] snd_pcm_oss_change_params_locked+0x2594/0x39f0 [ 889.363814][T19407] ? snd_pcm_oss_sync+0x243/0x840 [ 889.363865][T19407] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 889.363916][T19407] ? __pfx___mutex_lock+0x10/0x10 [ 889.363966][T19407] snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 889.364012][T19407] snd_pcm_oss_sync+0x265/0x840 [ 889.364064][T19407] snd_pcm_oss_release+0x238/0x300 [ 889.364114][T19407] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 889.364152][T19407] __fput+0x3ff/0xb50 [ 889.364192][T19407] task_work_run+0x150/0x240 [ 889.364222][T19407] ? __pfx_task_work_run+0x10/0x10 [ 889.364251][T19407] ? rcu_is_watching+0x12/0xc0 [ 889.364291][T19407] exit_to_user_mode_loop+0x107/0x4f0 [ 889.364321][T19407] ? rcu_is_watching+0x12/0xc0 [ 889.364359][T19407] do_syscall_64+0x6f2/0xf80 [ 889.364402][T19407] ? clear_bhb_loop+0x40/0x90 [ 889.364437][T19407] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 889.364467][T19407] RIP: 0033:0x7f5d1ef9ce59 [ 889.364493][T19407] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 889.364520][T19407] RSP: 002b:00007f5d1fefd028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 889.364549][T19407] RAX: 0000000000000000 RBX: 00007f5d1f215fa0 RCX: 00007f5d1ef9ce59 [ 889.364568][T19407] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 889.364586][T19407] RBP: 00007f5d1f032d6f R08: 0000000000000000 R09: 0000000000000000 [ 889.364602][T19407] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 889.364619][T19407] R13: 00007f5d1f216038 R14: 00007f5d1f215fa0 R15: 00007ffcaf194568 [ 889.364658][T19407] [ 889.749040][T19410] FAULT_INJECTION: forcing a failure. [ 889.749040][T19410] name failslab, interval 1, probability 0, space 0, times 0 [ 889.820260][T19410] CPU: 1 UID: 0 PID: 19410 Comm: syz.3.2756 Not tainted syzkaller #0 PREEMPT(full) [ 889.820329][T19410] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 889.820348][T19410] Call Trace: [ 889.820360][T19410] [ 889.820373][T19410] dump_stack_lvl+0x100/0x190 [ 889.820414][T19410] should_fail_ex.cold+0x5/0xa [ 889.820453][T19410] should_failslab+0xc2/0x120 [ 889.820488][T19410] __kmalloc_cache_noprof+0x7a/0x6f0 [ 889.820531][T19410] ? snd_pcm_oss_change_params_locked+0x247/0x39f0 [ 889.820585][T19410] snd_pcm_oss_change_params_locked+0x247/0x39f0 [ 889.820637][T19410] ? trace_contention_end+0x122/0x170 [ 889.820674][T19410] ? snd_pcm_oss_sync+0x243/0x840 [ 889.820717][T19410] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 889.820768][T19410] ? __pfx___mutex_lock+0x10/0x10 [ 889.820804][T19410] ? __fsnotify_parent+0x2b4/0xca0 [ 889.820852][T19410] snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 889.820900][T19410] snd_pcm_oss_sync+0x265/0x840 [ 889.820949][T19410] snd_pcm_oss_release+0x238/0x300 [ 889.820993][T19410] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 889.821037][T19410] __fput+0x3ff/0xb50 [ 889.821085][T19410] task_work_run+0x150/0x240 [ 889.821117][T19410] ? __pfx_task_work_run+0x10/0x10 [ 889.821150][T19410] ? rcu_is_watching+0x12/0xc0 [ 889.821189][T19410] exit_to_user_mode_loop+0x107/0x4f0 [ 889.821216][T19410] ? rcu_is_watching+0x12/0xc0 [ 889.821254][T19410] do_syscall_64+0x6f2/0xf80 [ 889.821299][T19410] ? clear_bhb_loop+0x40/0x90 [ 889.821342][T19410] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 889.821372][T19410] RIP: 0033:0x7fb49d79ce59 [ 889.821398][T19410] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 889.821427][T19410] RSP: 002b:00007fb49e642028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 889.821456][T19410] RAX: 0000000000000000 RBX: 00007fb49da15fa0 RCX: 00007fb49d79ce59 [ 889.821475][T19410] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 889.821493][T19410] RBP: 00007fb49d832d6f R08: 0000000000000000 R09: 0000000000000000 [ 889.821512][T19410] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 889.821529][T19410] R13: 00007fb49da16038 R14: 00007fb49da15fa0 R15: 00007fffb30e6378 [ 889.821568][T19410] [ 890.504566][T14787] Bluetooth: hci0: command 0x2016 tx timeout [ 890.693205][T19424] FAULT_INJECTION: forcing a failure. [ 890.693205][T19424] name fail_futex, interval 1, probability 0, space 0, times 0 [ 890.736539][T19424] CPU: 0 UID: 0 PID: 19424 Comm: syz.0.2759 Not tainted syzkaller #0 PREEMPT(full) [ 890.736565][T19424] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 890.736575][T19424] Call Trace: [ 890.736585][T19424] [ 890.736596][T19424] dump_stack_lvl+0x100/0x190 [ 890.736635][T19424] should_fail_ex.cold+0x5/0xa [ 890.736657][T19424] get_futex_key+0x1d2/0x1510 [ 890.736676][T19424] ? __pfx_get_futex_key+0x10/0x10 [ 890.736693][T19424] ? trace_pid_list_is_set+0x11a/0x390 [ 890.736714][T19424] ? trace_pid_list_is_set+0x22c/0x390 [ 890.736739][T19424] futex_wait_setup+0x83/0x510 [ 890.736765][T19424] __futex_wait+0x19f/0x300 [ 890.736787][T19424] ? __pfx___futex_wait+0x10/0x10 [ 890.736806][T19424] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 890.736832][T19424] ? __pfx_futex_wake_mark+0x10/0x10 [ 890.736854][T19424] ? find_held_lock+0x2b/0x80 [ 890.736875][T19424] ? futex_wake+0x456/0x530 [ 890.736909][T19424] futex_wait+0xe6/0x370 [ 890.736930][T19424] ? __pfx_futex_wait+0x10/0x10 [ 890.736960][T19424] do_futex+0x1ef/0x350 [ 890.736978][T19424] ? __pfx_do_futex+0x10/0x10 [ 890.736995][T19424] ? __pfx___might_resched+0x10/0x10 [ 890.737012][T19424] ? blkcg_maybe_throttle_current+0x5e8/0xeb0 [ 890.737114][T19424] __x64_sys_futex+0x34f/0x4d0 [ 890.737135][T19424] ? __pfx___x64_sys_futex+0x10/0x10 [ 890.737151][T19424] ? exit_to_user_mode_loop+0xe2/0x4f0 [ 890.737167][T19424] ? rcu_is_watching+0x12/0xc0 [ 890.737186][T19424] ? exit_to_user_mode_loop+0xe2/0x4f0 [ 890.737202][T19424] ? rcu_is_watching+0x12/0xc0 [ 890.737222][T19424] do_syscall_64+0x10b/0xf80 [ 890.737246][T19424] ? clear_bhb_loop+0x40/0x90 [ 890.737264][T19424] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 890.737280][T19424] RIP: 0033:0x7fa36f99ce59 [ 890.737294][T19424] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 890.737309][T19424] RSP: 002b:00007fa37085e0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 890.737324][T19424] RAX: ffffffffffffffda RBX: 00007fa36fc15fa8 RCX: 00007fa36f99ce59 [ 890.737335][T19424] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fa36fc15fa8 [ 890.737345][T19424] RBP: 00007fa36fc15fa0 R08: 0000000000000000 R09: 0000000000000000 [ 890.737354][T19424] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 890.737364][T19424] R13: 00007fa36fc16038 R14: 00007fff187d4780 R15: 00007fff187d4868 [ 890.737384][T19424] [ 891.080577][ T5623] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 891.095852][ T5623] Bluetooth: hci0: unexpected event 0x05 length: 6 > 4 [ 891.241396][T19432] FAULT_INJECTION: forcing a failure. [ 891.241396][T19432] name failslab, interval 1, probability 0, space 0, times 0 [ 891.261410][T19432] CPU: 0 UID: 0 PID: 19432 Comm: syz.3.2762 Not tainted syzkaller #0 PREEMPT(full) [ 891.261451][T19432] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 891.261466][T19432] Call Trace: [ 891.261476][T19432] [ 891.261487][T19432] dump_stack_lvl+0x100/0x190 [ 891.261524][T19432] should_fail_ex.cold+0x5/0xa [ 891.261560][T19432] should_failslab+0xc2/0x120 [ 891.261596][T19432] __kmalloc_cache_noprof+0x7a/0x6f0 [ 891.261637][T19432] ? snd_pcm_oss_change_params_locked+0x81c/0x39f0 [ 891.261679][T19432] ? _snd_pcm_hw_param_min+0x1ea/0x670 [ 891.261720][T19432] snd_pcm_oss_change_params_locked+0x81c/0x39f0 [ 891.261774][T19432] ? snd_pcm_oss_sync+0x243/0x840 [ 891.261815][T19432] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 891.261868][T19432] ? __pfx___mutex_lock+0x10/0x10 [ 891.261919][T19432] snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 891.261968][T19432] snd_pcm_oss_sync+0x265/0x840 [ 891.262016][T19432] snd_pcm_oss_release+0x238/0x300 [ 891.262057][T19432] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 891.262098][T19432] __fput+0x3ff/0xb50 [ 891.262146][T19432] task_work_run+0x150/0x240 [ 891.262175][T19432] ? __pfx_task_work_run+0x10/0x10 [ 891.262205][T19432] ? rcu_is_watching+0x12/0xc0 [ 891.262243][T19432] exit_to_user_mode_loop+0x107/0x4f0 [ 891.262270][T19432] ? rcu_is_watching+0x12/0xc0 [ 891.262375][T19432] do_syscall_64+0x6f2/0xf80 [ 891.262432][T19432] ? clear_bhb_loop+0x40/0x90 [ 891.262465][T19432] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 891.262495][T19432] RIP: 0033:0x7fb49d79ce59 [ 891.262519][T19432] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 891.262546][T19432] RSP: 002b:00007fb49e642028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 891.262571][T19432] RAX: 0000000000000000 RBX: 00007fb49da15fa0 RCX: 00007fb49d79ce59 [ 891.262590][T19432] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 891.262606][T19432] RBP: 00007fb49d832d6f R08: 0000000000000000 R09: 0000000000000000 [ 891.262622][T19432] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 891.262645][T19432] R13: 00007fb49da16038 R14: 00007fb49da15fa0 R15: 00007fffb30e6378 [ 891.262685][T19432] [ 892.210221][T19443] syz_tun: tun_chr_ioctl cmd 1074025673 [ 892.248270][T19447] FAULT_INJECTION: forcing a failure. [ 892.248270][T19447] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 892.272812][T19447] CPU: 0 UID: 0 PID: 19447 Comm: syz.1.2765 Not tainted syzkaller #0 PREEMPT(full) [ 892.272848][T19447] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 892.272864][T19447] Call Trace: [ 892.272873][T19447] [ 892.272884][T19447] dump_stack_lvl+0x100/0x190 [ 892.272919][T19447] should_fail_ex.cold+0x5/0xa [ 892.272952][T19447] _copy_to_user+0x32/0xd0 [ 892.272982][T19447] simple_read_from_buffer+0xcb/0x170 [ 892.273015][T19447] proc_fail_nth_read+0x1af/0x230 [ 892.273052][T19447] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 892.273092][T19447] ? rw_verify_area+0xce/0x6d0 [ 892.273117][T19447] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 892.273157][T19447] vfs_read+0x1e4/0xb30 [ 892.273190][T19447] ? __pfx_vfs_read+0x10/0x10 [ 892.273218][T19447] ? __fget_files+0x215/0x3d0 [ 892.273256][T19447] ? __fget_files+0x21f/0x3d0 [ 892.273295][T19447] ksys_read+0x12a/0x250 [ 892.273324][T19447] ? __pfx_ksys_read+0x10/0x10 [ 892.273357][T19447] ? rcu_is_watching+0x12/0xc0 [ 892.273393][T19447] do_syscall_64+0x10b/0xf80 [ 892.273430][T19447] ? clear_bhb_loop+0x40/0x90 [ 892.273462][T19447] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 892.273489][T19447] RIP: 0033:0x7f5d1ef5d68e [ 892.273511][T19447] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 892.273536][T19447] RSP: 002b:00007f5d1fefcfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 892.273617][T19447] RAX: ffffffffffffffda RBX: 00007f5d1fefd6c0 RCX: 00007f5d1ef5d68e [ 892.273636][T19447] RDX: 000000000000000f RSI: 00007f5d1fefd0a0 RDI: 0000000000000004 [ 892.273653][T19447] RBP: 00007f5d1fefd090 R08: 0000000000000000 R09: 0000000000000000 [ 892.273669][T19447] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 892.273685][T19447] R13: 00007f5d1f216038 R14: 00007f5d1f215fa0 R15: 00007ffcaf194568 [ 892.273722][T19447] [ 892.963307][T19452] FAULT_INJECTION: forcing a failure. [ 892.963307][T19452] name failslab, interval 1, probability 0, space 0, times 0 [ 893.010694][T19452] CPU: 0 UID: 0 PID: 19452 Comm: syz.1.2767 Not tainted syzkaller #0 PREEMPT(full) [ 893.010733][T19452] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 893.010750][T19452] Call Trace: [ 893.010759][T19452] [ 893.010770][T19452] dump_stack_lvl+0x100/0x190 [ 893.010808][T19452] should_fail_ex.cold+0x5/0xa [ 893.010845][T19452] should_failslab+0xc2/0x120 [ 893.010879][T19452] __kmalloc_cache_noprof+0x7a/0x6f0 [ 893.010928][T19452] ? snd_pcm_oss_change_params_locked+0x211/0x39f0 [ 893.010981][T19452] snd_pcm_oss_change_params_locked+0x211/0x39f0 [ 893.011023][T19452] ? rcu_is_watching+0x12/0xc0 [ 893.011059][T19452] ? trace_contention_end+0x122/0x170 [ 893.011095][T19452] ? snd_pcm_oss_sync+0x243/0x840 [ 893.011140][T19452] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 893.011191][T19452] ? __pfx___mutex_lock+0x10/0x10 [ 893.011227][T19452] ? __fsnotify_parent+0x2b4/0xca0 [ 893.011277][T19452] snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 893.011327][T19452] snd_pcm_oss_sync+0x265/0x840 [ 893.011377][T19452] snd_pcm_oss_release+0x238/0x300 [ 893.011417][T19452] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 893.011456][T19452] __fput+0x3ff/0xb50 [ 893.011504][T19452] task_work_run+0x150/0x240 [ 893.011537][T19452] ? __pfx_task_work_run+0x10/0x10 [ 893.011571][T19452] ? rcu_is_watching+0x12/0xc0 [ 893.011610][T19452] exit_to_user_mode_loop+0x107/0x4f0 [ 893.011640][T19452] ? rcu_is_watching+0x12/0xc0 [ 893.011679][T19452] do_syscall_64+0x6f2/0xf80 [ 893.011720][T19452] ? clear_bhb_loop+0x40/0x90 [ 893.011755][T19452] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 893.011785][T19452] RIP: 0033:0x7f5d1ef9ce59 [ 893.011811][T19452] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 893.011840][T19452] RSP: 002b:00007f5d1fefd028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 893.011869][T19452] RAX: 0000000000000000 RBX: 00007f5d1f215fa0 RCX: 00007f5d1ef9ce59 [ 893.011889][T19452] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 893.011907][T19452] RBP: 00007f5d1f032d6f R08: 0000000000000000 R09: 0000000000000000 [ 893.011936][T19452] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 893.011954][T19452] R13: 00007f5d1f216038 R14: 00007f5d1f215fa0 R15: 00007ffcaf194568 [ 893.011994][T19452] [ 893.281134][T14787] Bluetooth: hci0: command 0x2016 tx timeout [ 893.429950][T19459] FAULT_INJECTION: forcing a failure. [ 893.429950][T19459] name failslab, interval 1, probability 0, space 0, times 0 [ 893.488657][T19459] CPU: 1 UID: 0 PID: 19459 Comm: syz.1.2769 Not tainted syzkaller #0 PREEMPT(full) [ 893.488701][T19459] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 893.488721][T19459] Call Trace: [ 893.488732][T19459] [ 893.488744][T19459] dump_stack_lvl+0x100/0x190 [ 893.488784][T19459] should_fail_ex.cold+0x5/0xa [ 893.488823][T19459] should_failslab+0xc2/0x120 [ 893.488858][T19459] __kmalloc_cache_noprof+0x7a/0x6f0 [ 893.488899][T19459] ? snd_pcm_oss_change_params_locked+0x211/0x39f0 [ 893.488961][T19459] snd_pcm_oss_change_params_locked+0x211/0x39f0 [ 893.489011][T19459] ? rcu_is_watching+0x12/0xc0 [ 893.489047][T19459] ? trace_contention_end+0x122/0x170 [ 893.489083][T19459] ? snd_pcm_oss_sync+0x243/0x840 [ 893.489128][T19459] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 893.489178][T19459] ? __pfx___mutex_lock+0x10/0x10 [ 893.489214][T19459] ? __fsnotify_parent+0x2b4/0xca0 [ 893.489263][T19459] snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 893.489313][T19459] snd_pcm_oss_sync+0x265/0x840 [ 893.489362][T19459] snd_pcm_oss_release+0x238/0x300 [ 893.489406][T19459] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 893.489449][T19459] __fput+0x3ff/0xb50 [ 893.489497][T19459] task_work_run+0x150/0x240 [ 893.489528][T19459] ? __pfx_task_work_run+0x10/0x10 [ 893.489561][T19459] ? rcu_is_watching+0x12/0xc0 [ 893.489600][T19459] exit_to_user_mode_loop+0x107/0x4f0 [ 893.489629][T19459] ? rcu_is_watching+0x12/0xc0 [ 893.489668][T19459] do_syscall_64+0x6f2/0xf80 [ 893.489709][T19459] ? clear_bhb_loop+0x40/0x90 [ 893.489747][T19459] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 893.489778][T19459] RIP: 0033:0x7f5d1ef9ce59 [ 893.489803][T19459] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 893.489832][T19459] RSP: 002b:00007f5d1fefd028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 893.489860][T19459] RAX: 0000000000000000 RBX: 00007f5d1f215fa0 RCX: 00007f5d1ef9ce59 [ 893.489880][T19459] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 893.489898][T19459] RBP: 00007f5d1f032d6f R08: 0000000000000000 R09: 0000000000000000 [ 893.489917][T19459] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 893.489941][T19459] R13: 00007f5d1f216038 R14: 00007f5d1f215fa0 R15: 00007ffcaf194568 [ 893.489981][T19459] [ 894.407019][T19478] FAULT_INJECTION: forcing a failure. [ 894.407019][T19478] name failslab, interval 1, probability 0, space 0, times 0 [ 894.466510][T19478] CPU: 1 UID: 0 PID: 19478 Comm: syz.2.2772 Not tainted syzkaller #0 PREEMPT(full) [ 894.466535][T19478] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 894.466546][T19478] Call Trace: [ 894.466552][T19478] [ 894.466559][T19478] dump_stack_lvl+0x100/0x190 [ 894.466583][T19478] should_fail_ex.cold+0x5/0xa [ 894.466604][T19478] should_failslab+0xc2/0x120 [ 894.466623][T19478] __kmalloc_cache_noprof+0x7a/0x6f0 [ 894.466645][T19478] ? snd_pcm_oss_change_params_locked+0x81c/0x39f0 [ 894.466670][T19478] ? _snd_pcm_hw_param_min+0x1ea/0x670 [ 894.466695][T19478] snd_pcm_oss_change_params_locked+0x81c/0x39f0 [ 894.466726][T19478] ? snd_pcm_oss_sync+0x243/0x840 [ 894.466749][T19478] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 894.466783][T19478] ? __pfx___mutex_lock+0x10/0x10 [ 894.466811][T19478] snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 894.466837][T19478] snd_pcm_oss_sync+0x265/0x840 [ 894.466865][T19478] snd_pcm_oss_release+0x238/0x300 [ 894.466889][T19478] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 894.466914][T19478] __fput+0x3ff/0xb50 [ 894.466939][T19478] task_work_run+0x150/0x240 [ 894.466956][T19478] ? __pfx_task_work_run+0x10/0x10 [ 894.466973][T19478] ? rcu_is_watching+0x12/0xc0 [ 894.466994][T19478] exit_to_user_mode_loop+0x107/0x4f0 [ 894.467010][T19478] ? rcu_is_watching+0x12/0xc0 [ 894.467030][T19478] do_syscall_64+0x6f2/0xf80 [ 894.467053][T19478] ? clear_bhb_loop+0x40/0x90 [ 894.467072][T19478] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 894.467087][T19478] RIP: 0033:0x7fcfd139ce59 [ 894.467101][T19478] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 894.467115][T19478] RSP: 002b:00007fcfd21e5028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 894.467131][T19478] RAX: 0000000000000000 RBX: 00007fcfd1615fa0 RCX: 00007fcfd139ce59 [ 894.467141][T19478] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 894.467150][T19478] RBP: 00007fcfd1432d6f R08: 0000000000000000 R09: 0000000000000000 [ 894.467159][T19478] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 894.467168][T19478] R13: 00007fcfd1616038 R14: 00007fcfd1615fa0 R15: 00007ffc81b0a448 [ 894.467188][T19478] [ 894.941416][ T5623] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 894.950684][ T5623] Bluetooth: hci3: unexpected event 0x05 length: 6 > 4 [ 895.257607][T19489] FAULT_INJECTION: forcing a failure. [ 895.257607][T19489] name failslab, interval 1, probability 0, space 0, times 0 [ 895.291474][T19489] CPU: 1 UID: 0 PID: 19489 Comm: syz.3.2774 Not tainted syzkaller #0 PREEMPT(full) [ 895.291499][T19489] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 895.291509][T19489] Call Trace: [ 895.291516][T19489] [ 895.291524][T19489] dump_stack_lvl+0x100/0x190 [ 895.291547][T19489] should_fail_ex.cold+0x5/0xa [ 895.291568][T19489] ? constrain_params_by_rules+0x175/0xcc0 [ 895.291585][T19489] should_failslab+0xc2/0x120 [ 895.291603][T19489] __kmalloc_noprof+0xe0/0x850 [ 895.291617][T19489] ? unwind_get_return_address+0x59/0xa0 [ 895.291641][T19489] constrain_params_by_rules+0x175/0xcc0 [ 895.291662][T19489] ? stack_trace_save+0x8e/0xc0 [ 895.291686][T19489] ? __pfx_constrain_params_by_rules+0x10/0x10 [ 895.291707][T19489] ? __kasan_kmalloc+0xaa/0xb0 [ 895.291721][T19489] ? snd_pcm_oss_change_params_locked+0x247/0x39f0 [ 895.291760][T19489] ? snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 895.291786][T19489] ? snd_pcm_oss_sync+0x265/0x840 [ 895.291816][T19489] ? rcu_is_watching+0x12/0xc0 [ 895.291836][T19489] ? snd_interval_refine+0x2d0/0x580 [ 895.291857][T19489] snd_pcm_hw_refine+0x7e7/0xad0 [ 895.291876][T19489] ? __pfx_snd_pcm_hw_refine+0x10/0x10 [ 895.291898][T19489] ? __asan_memset+0x23/0x50 [ 895.291920][T19489] ? _snd_pcm_hw_param_min+0x1ea/0x670 [ 895.291945][T19489] snd_pcm_oss_change_params_locked+0x2594/0x39f0 [ 895.291976][T19489] ? snd_pcm_oss_sync+0x243/0x840 [ 895.292002][T19489] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 895.292028][T19489] ? __pfx___mutex_lock+0x10/0x10 [ 895.292055][T19489] snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 895.292080][T19489] snd_pcm_oss_sync+0x265/0x840 [ 895.292106][T19489] snd_pcm_oss_release+0x238/0x300 [ 895.292130][T19489] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 895.292154][T19489] __fput+0x3ff/0xb50 [ 895.292181][T19489] task_work_run+0x150/0x240 [ 895.292198][T19489] ? __pfx_task_work_run+0x10/0x10 [ 895.292214][T19489] ? rcu_is_watching+0x12/0xc0 [ 895.292235][T19489] exit_to_user_mode_loop+0x107/0x4f0 [ 895.292250][T19489] ? rcu_is_watching+0x12/0xc0 [ 895.292270][T19489] do_syscall_64+0x6f2/0xf80 [ 895.292293][T19489] ? clear_bhb_loop+0x40/0x90 [ 895.292320][T19489] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 895.292336][T19489] RIP: 0033:0x7fb49d79ce59 [ 895.292351][T19489] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 895.292367][T19489] RSP: 002b:00007fb49e642028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 895.292394][T19489] RAX: 0000000000000000 RBX: 00007fb49da15fa0 RCX: 00007fb49d79ce59 [ 895.292412][T19489] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 895.292428][T19489] RBP: 00007fb49d832d6f R08: 0000000000000000 R09: 0000000000000000 [ 895.292446][T19489] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 895.292462][T19489] R13: 00007fb49da16038 R14: 00007fb49da15fa0 R15: 00007fffb30e6378 [ 895.292495][T19489] [ 896.973385][ T50] Bluetooth: hci3: command 0x2016 tx timeout [ 897.026584][T19507] FAULT_INJECTION: forcing a failure. [ 897.026584][T19507] name failslab, interval 1, probability 0, space 0, times 0 [ 897.081585][T19505] netlink: ct family unspecified [ 897.096840][T19507] CPU: 1 UID: 0 PID: 19507 Comm: syz.1.2779 Not tainted syzkaller #0 PREEMPT(full) [ 897.096881][T19507] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 897.096899][T19507] Call Trace: [ 897.096908][T19507] [ 897.096920][T19507] dump_stack_lvl+0x100/0x190 [ 897.096959][T19507] should_fail_ex.cold+0x5/0xa [ 897.096997][T19507] should_failslab+0xc2/0x120 [ 897.097030][T19507] __kmalloc_cache_noprof+0x7a/0x6f0 [ 897.097073][T19507] ? snd_pcm_oss_change_params_locked+0x1db/0x39f0 [ 897.097127][T19507] snd_pcm_oss_change_params_locked+0x1db/0x39f0 [ 897.097185][T19507] ? rcu_is_watching+0x12/0xc0 [ 897.097222][T19507] ? trace_contention_end+0x122/0x170 [ 897.097255][T19507] ? snd_pcm_oss_sync+0x243/0x840 [ 897.097292][T19507] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 897.097335][T19507] ? __pfx___mutex_lock+0x10/0x10 [ 897.097365][T19507] ? __fsnotify_parent+0x2b4/0xca0 [ 897.097413][T19507] snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 897.097459][T19507] snd_pcm_oss_sync+0x265/0x840 [ 897.097507][T19507] snd_pcm_oss_release+0x238/0x300 [ 897.097551][T19507] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 897.097593][T19507] __fput+0x3ff/0xb50 [ 897.097636][T19507] task_work_run+0x150/0x240 [ 897.097663][T19507] ? __pfx_task_work_run+0x10/0x10 [ 897.097692][T19507] ? rcu_is_watching+0x12/0xc0 [ 897.097729][T19507] exit_to_user_mode_loop+0x107/0x4f0 [ 897.097757][T19507] ? rcu_is_watching+0x12/0xc0 [ 897.097792][T19507] do_syscall_64+0x6f2/0xf80 [ 897.097832][T19507] ? clear_bhb_loop+0x40/0x90 [ 897.097867][T19507] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 897.097898][T19507] RIP: 0033:0x7f5d1ef9ce59 [ 897.097923][T19507] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 897.097953][T19507] RSP: 002b:00007f5d1fefd028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 897.097981][T19507] RAX: 0000000000000000 RBX: 00007f5d1f215fa0 RCX: 00007f5d1ef9ce59 [ 897.098000][T19507] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 897.098018][T19507] RBP: 00007f5d1f032d6f R08: 0000000000000000 R09: 0000000000000000 [ 897.098035][T19507] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 897.098053][T19507] R13: 00007f5d1f216038 R14: 00007f5d1f215fa0 R15: 00007ffcaf194568 [ 897.098091][T19507] [ 897.397276][ T50] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 897.407962][ T50] Bluetooth: hci1: unexpected event 0x05 length: 6 > 4 [ 897.518563][ T50] Bluetooth: hci4: unexpected subevent 0x01 length: 123 > 18 [ 897.578081][T14787] Bluetooth: hci4: unexpected event 0x05 length: 6 > 4 [ 897.782840][ T5623] Bluetooth: hci1: command 0x2016 tx timeout [ 898.973979][T19542] FAULT_INJECTION: forcing a failure. [ 898.973979][T19542] name failslab, interval 1, probability 0, space 0, times 0 [ 899.016138][T19542] CPU: 0 UID: 0 PID: 19542 Comm: syz.1.2786 Not tainted syzkaller #0 PREEMPT(full) [ 899.016159][T19542] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 899.016169][T19542] Call Trace: [ 899.016175][T19542] [ 899.016181][T19542] dump_stack_lvl+0x100/0x190 [ 899.016204][T19542] should_fail_ex.cold+0x5/0xa [ 899.016225][T19542] should_failslab+0xc2/0x120 [ 899.016243][T19542] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 899.016266][T19542] ? security_inode_alloc+0x3b/0x2c0 [ 899.016283][T19542] ? lockdep_init_map_type+0x5c/0x250 [ 899.016301][T19542] security_inode_alloc+0x3b/0x2c0 [ 899.016324][T19542] inode_init_always_gfp+0xcc0/0x1000 [ 899.016346][T19542] alloc_inode+0x8e/0x250 [ 899.016371][T19542] new_inode+0x22/0x1c0 [ 899.016395][T19542] shmem_get_inode+0x1e3/0xfb0 [ 899.016418][T19542] ? __pfx_shmem_get_inode+0x10/0x10 [ 899.016443][T19542] __shmem_file_setup+0x382/0x460 [ 899.016464][T19542] ? __pfx___shmem_file_setup+0x10/0x10 [ 899.016486][T19542] ? vm_area_alloc+0x1f/0x160 [ 899.016510][T19542] shmem_zero_setup+0x96/0x1b0 [ 899.016527][T19542] __mmap_region+0x24e9/0x2da0 [ 899.016553][T19542] ? __pfx___mmap_region+0x10/0x10 [ 899.016579][T19542] ? find_held_lock+0x2b/0x80 [ 899.016597][T19542] ? process_measurement+0x4c8/0x2350 [ 899.016620][T19542] ? process_measurement+0x4c8/0x2350 [ 899.016666][T19542] ? process_measurement+0x1f4/0x2350 [ 899.016694][T19542] ? tomoyo_check_open_permission+0x1db/0x3c0 [ 899.016711][T19542] ? tomoyo_check_open_permission+0x1db/0x3c0 [ 899.016737][T19542] ? __lock_acquire+0x4a5/0x2630 [ 899.016760][T19542] ? find_held_lock+0x2b/0x80 [ 899.016779][T19542] ? is_bpf_text_address+0x8a/0x1a0 [ 899.016831][T19542] mmap_region+0x35d/0x620 [ 899.016846][T19542] ? rcu_is_watching+0x12/0xc0 [ 899.016864][T19542] ? __pfx_mmap_region+0x10/0x10 [ 899.016880][T19542] ? cap_mmap_addr+0x4b/0x120 [ 899.016901][T19542] ? bpf_lsm_mmap_addr+0x9/0x30 [ 899.016917][T19542] ? security_mmap_addr+0x71/0x1e0 [ 899.016934][T19542] ? __get_unmapped_area+0x255/0x3e0 [ 899.016955][T19542] do_mmap+0xc63/0x12f0 [ 899.016977][T19542] ? __pfx_do_mmap+0x10/0x10 [ 899.016994][T19542] ? __pfx_down_write_killable+0x10/0x10 [ 899.017015][T19542] vm_mmap_pgoff+0x29e/0x470 [ 899.017037][T19542] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 899.017056][T19542] ? __mutex_unlock_slowpath+0x15d/0x8a0 [ 899.017080][T19542] ? __fget_files+0x215/0x3d0 [ 899.017098][T19542] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 899.017125][T19542] ksys_mmap_pgoff+0xe4/0x610 [ 899.017145][T19542] ? __pfx_ksys_mmap_pgoff+0x10/0x10 [ 899.017161][T19542] ? fput+0x79/0x100 [ 899.017182][T19542] ? ksys_write+0x1ac/0x250 [ 899.017198][T19542] ? __pfx_ksys_write+0x10/0x10 [ 899.017217][T19542] __x64_sys_mmap+0x125/0x190 [ 899.017237][T19542] do_syscall_64+0x10b/0xf80 [ 899.017259][T19542] ? clear_bhb_loop+0x40/0x90 [ 899.017277][T19542] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 899.017292][T19542] RIP: 0033:0x7f5d1ef9ce59 [ 899.017306][T19542] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 899.017325][T19542] RSP: 002b:00007f5d1fefd028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 899.017340][T19542] RAX: ffffffffffffffda RBX: 00007f5d1f215fa0 RCX: 00007f5d1ef9ce59 [ 899.017350][T19542] RDX: 0000000000000003 RSI: 0000000002020009 RDI: 0000000000000000 [ 899.017358][T19542] RBP: 00007f5d1fefd090 R08: fffffffffffffffa R09: 0000000000008000 [ 899.017367][T19542] R10: 0000000000000eb1 R11: 0000000000000246 R12: 0000000000000001 [ 899.017376][T19542] R13: 00007f5d1f216038 R14: 00007f5d1f215fa0 R15: 00007ffcaf194568 [ 899.017396][T19542] [ 899.431513][T19545] FAULT_INJECTION: forcing a failure. [ 899.431513][T19545] name failslab, interval 1, probability 0, space 0, times 0 [ 899.444242][T19545] CPU: 0 UID: 0 PID: 19545 Comm: syz.3.2789 Not tainted syzkaller #0 PREEMPT(full) [ 899.444265][T19545] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 899.444275][T19545] Call Trace: [ 899.444282][T19545] [ 899.444290][T19545] dump_stack_lvl+0x100/0x190 [ 899.444312][T19545] should_fail_ex.cold+0x5/0xa [ 899.444333][T19545] should_failslab+0xc2/0x120 [ 899.444352][T19545] __kmalloc_cache_noprof+0x7a/0x6f0 [ 899.444375][T19545] ? snd_pcm_oss_change_params_locked+0x1db/0x39f0 [ 899.444404][T19545] snd_pcm_oss_change_params_locked+0x1db/0x39f0 [ 899.444430][T19545] ? rcu_is_watching+0x12/0xc0 [ 899.444451][T19545] ? trace_contention_end+0x122/0x170 [ 899.444470][T19545] ? snd_pcm_oss_sync+0x243/0x840 [ 899.444493][T19545] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 899.444519][T19545] ? __pfx___mutex_lock+0x10/0x10 [ 899.444539][T19545] ? __fsnotify_parent+0x2b4/0xca0 [ 899.444565][T19545] snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 899.444590][T19545] snd_pcm_oss_sync+0x265/0x840 [ 899.444617][T19545] snd_pcm_oss_release+0x238/0x300 [ 899.444640][T19545] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 899.444664][T19545] __fput+0x3ff/0xb50 [ 899.444689][T19545] task_work_run+0x150/0x240 [ 899.444706][T19545] ? __pfx_task_work_run+0x10/0x10 [ 899.444723][T19545] ? rcu_is_watching+0x12/0xc0 [ 899.444743][T19545] exit_to_user_mode_loop+0x107/0x4f0 [ 899.444759][T19545] ? rcu_is_watching+0x12/0xc0 [ 899.444779][T19545] do_syscall_64+0x6f2/0xf80 [ 899.444808][T19545] ? clear_bhb_loop+0x40/0x90 [ 899.444827][T19545] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 899.444844][T19545] RIP: 0033:0x7fb49d79ce59 [ 899.444858][T19545] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 899.444873][T19545] RSP: 002b:00007fb49e642028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 899.444889][T19545] RAX: 0000000000000000 RBX: 00007fb49da15fa0 RCX: 00007fb49d79ce59 [ 899.444900][T19545] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 899.444909][T19545] RBP: 00007fb49d832d6f R08: 0000000000000000 R09: 0000000000000000 [ 899.444919][T19545] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 899.444928][T19545] R13: 00007fb49da16038 R14: 00007fb49da15fa0 R15: 00007fffb30e6378 [ 899.444948][T19545] [ 899.710834][ T50] Bluetooth: hci4: command 0x2016 tx timeout [ 899.879425][T19555] syz_tun: tun_chr_ioctl cmd 1074025673 [ 900.943254][ T5623] Bluetooth: hci4: unexpected subevent 0x01 length: 123 > 18 [ 900.951829][ T5623] Bluetooth: hci4: unexpected event 0x05 length: 6 > 4 [ 901.634721][ T5623] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 901.667596][ T5623] Bluetooth: hci0: unexpected event 0x05 length: 6 > 4 [ 902.983055][ T50] Bluetooth: hci4: command 0x2016 tx timeout [ 903.692750][ T50] Bluetooth: hci0: command 0x2016 tx timeout [ 904.058916][T19624] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2806'. [ 904.379861][ T50] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 904.399627][ T50] Bluetooth: hci1: unexpected event 0x05 length: 6 > 4 [ 905.699016][ T50] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 905.769587][ T50] Bluetooth: hci1: unexpected event 0x05 length: 6 > 4 [ 906.412794][ T50] Bluetooth: hci1: command 0x2016 tx timeout [ 906.988032][T19665] FAULT_INJECTION: forcing a failure. [ 906.988032][T19665] name failslab, interval 1, probability 0, space 0, times 0 [ 907.023239][T19665] CPU: 0 UID: 0 PID: 19665 Comm: syz.2.2814 Not tainted syzkaller #0 PREEMPT(full) [ 907.023283][T19665] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 907.023302][T19665] Call Trace: [ 907.023313][T19665] [ 907.023325][T19665] dump_stack_lvl+0x100/0x190 [ 907.023364][T19665] should_fail_ex.cold+0x5/0xa [ 907.023398][T19665] ? constrain_params_by_rules+0x175/0xcc0 [ 907.023429][T19665] should_failslab+0xc2/0x120 [ 907.023463][T19665] __kmalloc_noprof+0xe0/0x850 [ 907.023489][T19665] ? unwind_get_return_address+0x59/0xa0 [ 907.023545][T19665] constrain_params_by_rules+0x175/0xcc0 [ 907.023586][T19665] ? stack_trace_save+0x8e/0xc0 [ 907.023629][T19665] ? __pfx_constrain_params_by_rules+0x10/0x10 [ 907.023669][T19665] ? __kasan_kmalloc+0xaa/0xb0 [ 907.023696][T19665] ? snd_pcm_oss_change_params_locked+0x247/0x39f0 [ 907.023739][T19665] ? snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 907.023781][T19665] ? snd_pcm_oss_sync+0x265/0x840 [ 907.023832][T19665] ? rcu_is_watching+0x12/0xc0 [ 907.023867][T19665] ? snd_interval_refine+0x2d0/0x580 [ 907.023908][T19665] snd_pcm_hw_refine+0x7e7/0xad0 [ 907.023947][T19665] ? __pfx_snd_pcm_hw_refine+0x10/0x10 [ 907.023995][T19665] ? __asan_memset+0x23/0x50 [ 907.024038][T19665] ? _snd_pcm_hw_param_min+0x1ea/0x670 [ 907.024087][T19665] snd_pcm_oss_change_params_locked+0x2594/0x39f0 [ 907.024150][T19665] ? snd_pcm_oss_sync+0x243/0x840 [ 907.024190][T19665] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 907.024234][T19665] ? __pfx___mutex_lock+0x10/0x10 [ 907.024270][T19665] snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 907.024297][T19665] snd_pcm_oss_sync+0x265/0x840 [ 907.024324][T19665] snd_pcm_oss_release+0x238/0x300 [ 907.024349][T19665] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 907.024373][T19665] __fput+0x3ff/0xb50 [ 907.024399][T19665] task_work_run+0x150/0x240 [ 907.024416][T19665] ? __pfx_task_work_run+0x10/0x10 [ 907.024433][T19665] ? rcu_is_watching+0x12/0xc0 [ 907.024454][T19665] exit_to_user_mode_loop+0x107/0x4f0 [ 907.024469][T19665] ? rcu_is_watching+0x12/0xc0 [ 907.024489][T19665] do_syscall_64+0x6f2/0xf80 [ 907.024512][T19665] ? clear_bhb_loop+0x40/0x90 [ 907.024539][T19665] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 907.024555][T19665] RIP: 0033:0x7fcfd139ce59 [ 907.024570][T19665] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 907.024585][T19665] RSP: 002b:00007fcfd21e5028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 907.024601][T19665] RAX: 0000000000000000 RBX: 00007fcfd1615fa0 RCX: 00007fcfd139ce59 [ 907.024617][T19665] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 907.024632][T19665] RBP: 00007fcfd1432d6f R08: 0000000000000000 R09: 0000000000000000 [ 907.024649][T19665] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 907.024661][T19665] R13: 00007fcfd1616038 R14: 00007fcfd1615fa0 R15: 00007ffc81b0a448 [ 907.024681][T19665] [ 907.644623][T19671] syz_tun: tun_chr_ioctl cmd 1074025673 [ 908.051012][ T50] Bluetooth: hci4: unexpected subevent 0x01 length: 123 > 18 [ 908.062587][ T50] Bluetooth: hci4: unexpected event 0x05 length: 6 > 4 [ 910.092874][ T50] Bluetooth: hci4: command 0x2016 tx timeout [ 910.537776][T19716] netlink: ct family unspecified [ 911.709712][ T50] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 911.743329][ T50] Bluetooth: hci1: unexpected event 0x05 length: 6 > 4 [ 912.136742][T19743] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2833'. [ 912.330592][T19748] syz_tun: tun_chr_ioctl cmd 1074025673 [ 913.385907][T19763] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2838'. [ 913.415179][T19766] syz_tun: tun_chr_ioctl cmd 1074025673 [ 913.772971][ T50] Bluetooth: hci1: command 0x2016 tx timeout [ 914.486518][T19781] FAULT_INJECTION: forcing a failure. [ 914.486518][T19781] name fail_futex, interval 1, probability 0, space 0, times 0 [ 914.512819][T19781] CPU: 1 UID: 0 PID: 19781 Comm: syz.1.2843 Not tainted syzkaller #0 PREEMPT(full) [ 914.512858][T19781] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 914.512876][T19781] Call Trace: [ 914.512885][T19781] [ 914.512896][T19781] dump_stack_lvl+0x100/0x190 [ 914.512937][T19781] should_fail_ex.cold+0x5/0xa [ 914.512978][T19781] get_futex_key+0x1d2/0x1510 [ 914.513012][T19781] ? __pfx_get_futex_key+0x10/0x10 [ 914.513043][T19781] ? __fput+0x68d/0xb50 [ 914.513078][T19781] ? stack_trace_save+0x8e/0xc0 [ 914.513117][T19781] futex_wait_setup+0x83/0x510 [ 914.513158][T19781] __futex_wait+0x19f/0x300 [ 914.513192][T19781] ? __pfx___futex_wait+0x10/0x10 [ 914.513231][T19781] ? __pfx_futex_wake_mark+0x10/0x10 [ 914.513266][T19781] ? futex_hash+0x2ad/0x370 [ 914.513343][T19781] ? futex_hash+0x141/0x370 [ 914.513371][T19781] futex_wait+0xe6/0x370 [ 914.513404][T19781] ? __pfx_futex_wait+0x10/0x10 [ 914.513452][T19781] do_futex+0x1ef/0x350 [ 914.513481][T19781] ? __pfx_do_futex+0x10/0x10 [ 914.513508][T19781] ? __pfx___might_resched+0x10/0x10 [ 914.513537][T19781] ? blkcg_maybe_throttle_current+0x5e8/0xeb0 [ 914.513578][T19781] __x64_sys_futex+0x34f/0x4d0 [ 914.513609][T19781] ? __pfx___x64_sys_futex+0x10/0x10 [ 914.513635][T19781] ? exit_to_user_mode_loop+0xe2/0x4f0 [ 914.513660][T19781] ? rcu_is_watching+0x12/0xc0 [ 914.513689][T19781] ? exit_to_user_mode_loop+0xe2/0x4f0 [ 914.513716][T19781] ? rcu_is_watching+0x12/0xc0 [ 914.513748][T19781] do_syscall_64+0x10b/0xf80 [ 914.513785][T19781] ? clear_bhb_loop+0x40/0x90 [ 914.513814][T19781] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 914.513839][T19781] RIP: 0033:0x7f5d1ef9ce59 [ 914.513860][T19781] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 914.513885][T19781] RSP: 002b:00007f5d1fefd0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 914.513909][T19781] RAX: ffffffffffffffda RBX: 00007f5d1f215fa8 RCX: 00007f5d1ef9ce59 [ 914.513927][T19781] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f5d1f215fa8 [ 914.513943][T19781] RBP: 00007f5d1f215fa0 R08: 0000000000000000 R09: 0000000000000000 [ 914.513959][T19781] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 914.513974][T19781] R13: 00007f5d1f216038 R14: 00007ffcaf194480 R15: 00007ffcaf194568 [ 914.514007][T19781] [ 914.783353][T19784] IPVS: length: 131 != 8 [ 915.006492][T19791] syz_tun: tun_chr_ioctl cmd 1074025673 [ 915.503052][T19804] syz_tun: tun_chr_ioctl cmd 1074025673 [ 915.553288][ T808] ================================================================== [ 915.553321][ T808] BUG: KASAN: vmalloc-out-of-bounds in sys_imageblit+0x19fb/0x1d60 [ 915.553508][ T808] Write of size 8 at addr ffffc900049912e0 by task kworker/1:2/808 [ 915.553530][ T808] [ 915.553542][ T808] CPU: 1 UID: 0 PID: 808 Comm: kworker/1:2 Not tainted syzkaller #0 PREEMPT(full) [ 915.553573][ T808] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 915.553591][ T808] Workqueue: events_power_efficient fb_flashcursor [ 915.553619][ T808] Call Trace: [ 915.553628][ T808] [ 915.553639][ T808] dump_stack_lvl+0x100/0x190 [ 915.553667][ T808] print_report+0x13d/0x4b0 [ 915.553703][ T808] ? _raw_spin_lock_irqsave+0x52/0x60 [ 915.553741][ T808] ? sys_imageblit+0x19fb/0x1d60 [ 915.553772][ T808] kasan_report+0xdf/0x1d0 [ 915.553800][ T808] ? sys_imageblit+0x19fb/0x1d60 [ 915.553845][ T808] sys_imageblit+0x19fb/0x1d60 [ 915.553884][ T808] ? __pfx_sys_imageblit+0x10/0x10 [ 915.553925][ T808] drm_fbdev_shmem_defio_imageblit+0x20/0x130 [ 915.554001][ T808] soft_cursor+0x524/0xa10 [ 915.554038][ T808] bit_cursor+0xca1/0x1490 [ 915.554072][ T808] ? __pfx_bit_cursor+0x10/0x10 [ 915.554115][ T808] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 915.554149][ T808] ? get_color+0x1da/0x450 [ 915.554171][ T808] ? __pfx_bit_cursor+0x10/0x10 [ 915.554195][ T808] fb_flashcursor+0x338/0x430 [ 915.554218][ T808] process_one_work+0xa0e/0x1980 [ 915.554248][ T808] ? __pfx_process_one_work+0x10/0x10 [ 915.554277][ T808] ? __pfx_fb_flashcursor+0x10/0x10 [ 915.554305][ T808] worker_thread+0x5ef/0xe50 [ 915.554334][ T808] ? __pfx_worker_thread+0x10/0x10 [ 915.554360][ T808] ? kthread+0x13a/0x450 [ 915.554382][ T808] ? __pfx_worker_thread+0x10/0x10 [ 915.554407][ T808] kthread+0x370/0x450 [ 915.554426][ T808] ? __pfx_kthread+0x10/0x10 [ 915.554449][ T808] ret_from_fork+0x72b/0xd50 [ 915.554477][ T808] ? __pfx_ret_from_fork+0x10/0x10 [ 915.554503][ T808] ? __switch_to+0x800/0x1100 [ 915.554536][ T808] ? __switch_to_asm+0x39/0x70 [ 915.554567][ T808] ? __pfx_kthread+0x10/0x10 [ 915.554589][ T808] ret_from_fork_asm+0x1a/0x30 [ 915.554627][ T808] [ 915.554637][ T808] [ 915.554650][ T808] The buggy address belongs to a vmalloc virtual mapping [ 915.554669][ T808] Memory state around the buggy address: [ 915.554683][ T808] ffffc90004991180: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 915.554704][ T808] ffffc90004991200: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 915.554721][ T808] >ffffc90004991280: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 915.554735][ T808] ^ [ 915.554749][ T808] ffffc90004991300: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 915.554766][ T808] ffffc90004991380: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 915.554781][ T808] ================================================================== [ 915.554905][ T808] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 915.554923][ T808] CPU: 1 UID: 0 PID: 808 Comm: kworker/1:2 Not tainted syzkaller #0 PREEMPT(full) [ 915.554954][ T808] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 915.554972][ T808] Workqueue: events_power_efficient fb_flashcursor [ 915.555001][ T808] Call Trace: [ 915.555010][ T808] [ 915.555020][ T808] dump_stack_lvl+0x100/0x190 [ 915.555048][ T808] vpanic+0x552/0x970 [ 915.555074][ T808] ? __pfx_vpanic+0x10/0x10 [ 915.555099][ T808] ? mark_held_locks+0x40/0x70 [ 915.555132][ T808] ? irqentry_exit+0x24d/0x7e0 [ 915.555171][ T808] ? sys_imageblit+0x19fb/0x1d60 [ 915.555206][ T808] panic+0xd1/0xe0 [ 915.555228][ T808] ? __pfx_panic+0x10/0x10 [ 915.555254][ T808] ? sys_imageblit+0x19fb/0x1d60 [ 915.555290][ T808] ? preempt_schedule_common+0x42/0xc0 [ 915.555328][ T808] ? check_panic_on_warn+0x1f/0x90 [ 915.555355][ T808] check_panic_on_warn.cold+0x19/0x34 [ 915.555384][ T808] end_report.part.0+0x3a/0x90 [ 915.555418][ T808] kasan_report.cold+0xe/0x18 [ 915.555453][ T808] ? sys_imageblit+0x19fb/0x1d60 [ 915.555492][ T808] sys_imageblit+0x19fb/0x1d60 [ 915.555531][ T808] ? __pfx_sys_imageblit+0x10/0x10 [ 915.555573][ T808] drm_fbdev_shmem_defio_imageblit+0x20/0x130 [ 915.555606][ T808] soft_cursor+0x524/0xa10 [ 915.555643][ T808] bit_cursor+0xca1/0x1490 [ 915.555679][ T808] ? __pfx_bit_cursor+0x10/0x10 [ 915.555715][ T808] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 915.555753][ T808] ? get_color+0x1da/0x450 [ 915.555780][ T808] ? __pfx_bit_cursor+0x10/0x10 [ 915.555810][ T808] fb_flashcursor+0x338/0x430 [ 915.555838][ T808] process_one_work+0xa0e/0x1980 [ 915.555872][ T808] ? __pfx_process_one_work+0x10/0x10 [ 915.555906][ T808] ? __pfx_fb_flashcursor+0x10/0x10 [ 915.555936][ T808] worker_thread+0x5ef/0xe50 [ 915.555966][ T808] ? __pfx_worker_thread+0x10/0x10 [ 915.555992][ T808] ? kthread+0x13a/0x450 [ 915.556014][ T808] ? __pfx_worker_thread+0x10/0x10 [ 915.556039][ T808] kthread+0x370/0x450 [ 915.556062][ T808] ? __pfx_kthread+0x10/0x10 [ 915.556085][ T808] ret_from_fork+0x72b/0xd50 [ 915.556121][ T808] ? __pfx_ret_from_fork+0x10/0x10 [ 915.556149][ T808] ? __switch_to+0x800/0x1100 [ 915.556183][ T808] ? __switch_to_asm+0x39/0x70 [ 915.556215][ T808] ? __pfx_kthread+0x10/0x10 [ 915.556239][ T808] ret_from_fork_asm+0x1a/0x30 [ 915.556279][ T808] [ 915.556615][ T808] Kernel Offset: disabled