last executing test programs: 9.603387757s ago: executing program 3 (id=1875): prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) r0 = socket(0x22, 0x3, 0x37) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e1000000ff00"}, 0x58) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) sendmmsg$auto(r0, 0x0, 0x7, 0x7ff) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) acct$auto(&(0x7f0000000380)='/sys/kernel/debug/tracing/events/fmalloc/free_vmap_area_noflush/fo\"mat\x00') mmap$auto(0x0, 0xa00006, 0x400002, 0x40ebe, 0xffffffffffffffff, 0x300000000000) openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000200), 0x400, 0x3f) sendmsg$auto_ETHTOOL_MSG_PSE_SET(0xffffffffffffffff, 0x0, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, 0x0, 0x42, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7fffffe) mmap$auto(0x0, 0x30009, 0x4000000000df, 0x4000eb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) 9.082543333s ago: executing program 0 (id=1878): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/block/ram6/queue/max_hw_sectors_kb\x00', 0x80000, 0x0) bpf$auto(0x0, &(0x7f0000000100)=@task_fd_query={0xe, 0x4, 0x4, 0x10001, 0x8, 0xc, 0xffffffffffffffff, 0x9, 0x7ff}, 0xee) mmap$auto(0x0, 0x40009, 0x1ff, 0x9b72, 0x7, 0x28000) modify_ldt$auto(0x1, 0x0, 0x10) modify_ldt$auto(0x0, 0x0, 0xfffffffffffffffb) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x82002, 0x0) write$auto_kernfs_file_fops_kernfs_internal(r1, &(0x7f0000000080)="2dfc", 0x2) close_range$auto(0x2, 0x8, 0x0) unshare$auto(0x40000080) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r3 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) ioctl$auto_VHOST_SET_FEATURES2(r3, 0x4008af00, &(0x7f0000000040)=0x3) ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) mremap$auto(0xfffffffffffffe01, 0x40000000100005, 0x843, 0x3, 0x2) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) r4 = openat$auto_tracing_iter_fops_trace(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/kernel/debug/tracing/trace_options\x00', 0x2, 0x0) write$auto(r4, 0x0, 0x6) madvise$auto(0x0, 0x2003f2, 0x15) mmap$auto(0x0, 0x4020009, 0xdb, 0xebf, r3, 0x8000) fanotify_init$auto(0x5, 0x0) creat$auto(0x0, 0x3ff) r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup.cpu/memory.limit_in_bytes\x00', 0x182b02, 0x0) sendfile$auto(r5, r5, 0x0, 0x3) read$auto(r0, 0x0, 0x20) r6 = openat$auto_tracing_saved_cmdlines_size_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/tracing/saved_cmdlines_size\x00', 0x80001, 0x0) writev$auto(r6, &(0x7f0000000340)={0x0, 0x2}, 0x7) 8.982150778s ago: executing program 3 (id=1879): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/block/ram6/queue/max_hw_sectors_kb\x00', 0x80000, 0x0) bpf$auto(0x0, &(0x7f0000000100)=@task_fd_query={0xe, 0x4, 0x4, 0x10001, 0x8, 0xc, 0xffffffffffffffff, 0x9, 0x7ff}, 0xee) mmap$auto(0x0, 0x40009, 0x1ff, 0x9b72, 0x7, 0x28000) modify_ldt$auto(0x1, 0x0, 0x10) modify_ldt$auto(0x0, 0x0, 0xfffffffffffffffb) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x82002, 0x0) write$auto_kernfs_file_fops_kernfs_internal(r1, &(0x7f0000000080)="2dfc", 0x2) close_range$auto(0x2, 0x8, 0x0) unshare$auto(0x40000080) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r3 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) ioctl$auto_VHOST_SET_FEATURES2(r3, 0x4008af00, &(0x7f0000000040)=0x3) ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) mremap$auto(0xfffffffffffffe01, 0x40000000100005, 0x843, 0x3, 0x2) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) r4 = openat$auto_tracing_iter_fops_trace(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/kernel/debug/tracing/trace_options\x00', 0x2, 0x0) write$auto(r4, 0x0, 0x6) madvise$auto(0x0, 0x2003f2, 0x15) mmap$auto(0x0, 0x4020009, 0xdb, 0xebf, r3, 0x8000) fanotify_init$auto(0x5, 0x0) creat$auto(0x0, 0x3ff) r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup.cpu/memory.limit_in_bytes\x00', 0x182b02, 0x0) sendfile$auto(r5, r5, 0x0, 0x3) read$auto(r0, 0x0, 0x20) r6 = openat$auto_tracing_saved_cmdlines_size_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/tracing/saved_cmdlines_size\x00', 0x80001, 0x0) writev$auto(r6, &(0x7f0000000340)={0x0, 0x2}, 0x7) 8.563912875s ago: executing program 1 (id=1881): mmap$auto(0x0, 0x202000d, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x2, 0x0) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) socketpair$auto(0x1e, 0x2, 0x8000000000000000, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) r1 = epoll_create$auto(0x70c) syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), 0xffffffffffffffff) epoll_ctl$auto(r1, 0x1, r0, 0x0) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x40006) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) r2 = socket(0x10, 0x2, 0x0) sendmsg$auto_IPVS_CMD_GET_SERVICE(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000004c0)=ANY=[], 0x15a4}, 0x1, 0x0, 0x0, 0x90}, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200", @ANYBLOB="5de1"], 0x1ac}}, 0x40000) recvmmsg$auto(r2, &(0x7f0000000140)={{0x0, 0x4, &(0x7f0000000080)={0x0, 0x803}, 0x5, 0x0, 0x2, 0x8}, 0x800}, 0x10a, 0x8, 0x0) 7.420725976s ago: executing program 1 (id=1883): ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/nullb0\x00', 0x14fa02, 0x0) mmap$auto(0x0, 0x810004, 0x400000000ffb, 0x8000000008011, 0x3, 0x8000) r1 = socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x1, 0x0) getsockopt$auto(r1, 0x7ff, 0x7ff, 0xfffffffffffffffc, 0x0) r2 = open(&(0x7f0000000140)='./file0\x00', 0x123040, 0x1d4) socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000f40)={'nr0\x00'}) io_uring_register$auto(0xffffffffffffffff, 0x8, 0x0, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x10000, 0x0) syz_clone(0x80000980, 0x0, 0x0, 0x0, 0x0, 0x0) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) sendfile$auto(0x3, 0x3, 0x0, 0x400000000006) preadv2$auto(r0, &(0x7f0000000080)={0x0, 0x80000000}, 0x6, 0xffffffffffffffff, 0x4, 0x2e) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_TCP_METRICS_CMD_DEL(r3, &(0x7f0000000cc0)={0x0, 0x0, &(0x7f0000000c80)={&(0x7f0000000180)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16, @ANYBLOB="010927bd7000fbdbdf250200000014000c00ff01000000000000000021000000000108000100ac1414bb"], 0x30}, 0x1, 0x0, 0x0, 0x80}, 0x40) r4 = openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/fb1\x00', 0x4000, 0x0) bpf$auto(0xfffffffd, &(0x7f0000000580)=@link_create={@map_fd=r4, @target_ifindex, 0xd, 0x341d, @tcx={@relative_id=0x5, 0x4}}, 0x6f4) readv$auto(0x3, &(0x7f0000000000)={0x0, 0x10000ffff}, 0x1) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x0, 0xfffffffffffff001, 0x2) socket(0x2, 0x1, 0x0) socket(0x1e, 0x1, 0x0) socket(0x10, 0x2, 0x0) memfd_create$auto(&(0x7f0000000000)='\xc4--:\xdd:,./-${\x00', 0x4) mmap$auto(0x400000000000, 0x9, 0x8, 0x800000000c812, 0x3, 0x0) ftruncate$auto(0x3, 0x0) remap_file_pages$auto(0x6a27, 0x1000, 0x0, 0x3, 0x4) 7.382525541s ago: executing program 0 (id=1884): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/block/ram6/queue/max_hw_sectors_kb\x00', 0x80000, 0x0) bpf$auto(0x0, &(0x7f0000000100)=@task_fd_query={0xe, 0x4, 0x4, 0x10001, 0x8, 0xc, 0xffffffffffffffff, 0x9, 0x7ff}, 0xee) mmap$auto(0x0, 0x40009, 0x1ff, 0x9b72, 0x7, 0x28000) modify_ldt$auto(0x1, 0x0, 0x10) modify_ldt$auto(0x0, 0x0, 0xfffffffffffffffb) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x82002, 0x0) write$auto_kernfs_file_fops_kernfs_internal(r1, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) unshare$auto(0x40000080) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r3 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) ioctl$auto_VHOST_SET_FEATURES2(r3, 0x4008af00, &(0x7f0000000040)=0x3) mremap$auto(0xfffffffffffffe01, 0x40000000100005, 0x843, 0x3, 0x2) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) write$auto(0xffffffffffffffff, 0x0, 0x6) mmap$auto(0x0, 0x4020009, 0xdb, 0xebf, r3, 0x8000) fanotify_init$auto(0x5, 0x0) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup.cpu/memory.limit_in_bytes\x00', 0x182b02, 0x0) sendfile$auto(r4, r4, 0x0, 0x3) read$auto(r0, 0x0, 0x20) r5 = openat$auto_tracing_saved_cmdlines_size_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/tracing/saved_cmdlines_size\x00', 0x80001, 0x0) writev$auto(r5, &(0x7f0000000340)={0x0, 0x2}, 0x7) 6.245334779s ago: executing program 2 (id=1886): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x0) (async) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80802, 0x0) (async) r0 = socket(0x2b, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x11}}, 0x6a) (async) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x3, 0x20000000) (async) r1 = open(&(0x7f0000000000)='./file0\x00', 0x4242, 0xe1d2b27bdc14aabc) fallocate$auto(r1, 0x0, 0x7, 0x4cbd5d) (async) madvise$auto(0x0, 0xffffffffffff0001, 0x15) (async) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) (async) madvise$auto(0x0, 0xffffffffffff0005, 0x19) (async) sendfile$auto(0x1, 0x3, 0x0, 0x7ff) (async) sendto$auto(0x3, 0x0, 0x7, 0x101, 0x0, 0x6) 6.070947304s ago: executing program 3 (id=1887): unshare$auto(0x40000080) syz_genetlink_get_family_id$auto_smc_gen_netlink(&(0x7f0000000680), 0xffffffffffffffff) ioctl$auto_TIOCGDEV2(0xffffffffffffffff, 0x80045432, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0x1f, 0x80000, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0x0, "0000e100"}, 0x59) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) r0 = socket$nl_generic(0x10, 0x3, 0x10) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) landlock_create_ruleset$auto(&(0x7f0000000000)={0xd1d, 0x3, 0x7}, 0x0, 0x10000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(0x2, 0x0, &(0x7f0000000000), 0x1000) io_uring_register$auto(0x2, 0x0, &(0x7f0000000000), 0x5) sendmsg$auto_CTRL_CMD_GETPOLICY(r0, 0x0, 0x0) sendmsg$auto_SMC_NETLINK_REMOVE_UEID(0xffffffffffffffff, 0x0, 0x4040) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) preadv2$auto(r1, &(0x7f0000000280)={0x0, 0x80000000}, 0x6, 0x3, 0x4, 0x2e) ioctl$auto_BLKFLSBUF(r1, 0x1261, 0x0) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, 0x0, 0x42, 0x0) mmap$auto(0x4, 0x4, 0x3, 0x100000000040eb1, r1, 0x40000000006) socket(0x15, 0x5, 0x0) prctl$auto(0x0, 0x2, 0x4, 0x5, 0x7) mmap$auto(0x9a3, 0xfffffffffffffff3, 0x9b90, 0x50, r0, 0x11cf) unshare$auto(0x40000080) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:0d/power/autosuspend_delay_ms\x00', 0x80000, 0x0) ioctl$auto_SNDCTL_SEQ_GETTIME(0xffffffffffffffff, 0x80045113, &(0x7f0000000080)="42d7d74205fdecd9c537fad846056cbe8e976f58099d49ba1f0e49bc4d7c7083acffdd9dbbc80aacf0d126dc8137110a80efce779671d6e6774a7b7bdb5a54f5c94452bf2b6a015a4893095230dbcdcfa0e89cea250e1ed6503a75977115b499b6a4928cb30a65e1ecaab0c21645dea9e4d113fcfaf7b8ca7ba99d4c2d701ecc28182f71758a0095afb133b84983da0941e9f874d84f53bdc4099a1a211741c60e735096f6c2f46da099c6931abe6d9aaf79d67771dc80c24bb314130b845abfed906ddc1f52d58a9ac78027fd597026752674934af4ccba6efb0891628ed93ceed76badf37474a8b224") 5.805822131s ago: executing program 1 (id=1888): socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_ubi_ctrl_cdev_operations_ubi(0xffffffffffffff9c, &(0x7f0000000040), 0x141000, 0x0) mmap$auto(0x0, 0x400008, 0x5f, 0x9b72, 0x2, 0x8000) ioctl$auto_PPPIOCSPASS(0xffffffffffffffff, 0x40107447, 0x0) fsconfig$auto(0xffffffffffffffff, 0x3, 0x0, 0x0, 0x0) futex$auto(0x0, 0x85, 0x38, 0x0, 0x0, 0x80800005) openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000080)='/dev/mtd0ro\x00', 0x0, 0x0) ioctl$auto_UBI_IOCATT(r0, 0x40186f40, 0x0) 5.491529837s ago: executing program 2 (id=1889): r0 = socket(0xa, 0x5, 0x84) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sda\x00', 0x14fa02, 0x0) sendfile$auto(0x3, 0x3, 0x0, 0x400000000006) preadv2$auto(r1, 0x0, 0x6, 0xfffffffffffffffb, 0x4, 0x800) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) open$dir(0x0, 0x10000, 0x6) close_range$auto(0x2, 0xa, 0x0) sendmsg$auto_OVS_DP_CMD_NEW(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="0f0026bd7000fcdbdf9907"], 0x24}, 0x1, 0x0, 0x0, 0x20000800}, 0x4) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1e00df45"], 0x1ac}}, 0x0) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) r3 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r3, &(0x7f0000000200)={{0x0, 0xfffffffc, &(0x7f0000000100)={0x0, 0xfbe}, 0x8, 0x0, 0x8, 0x1}, 0x3}, 0xc, 0x4008) r4 = openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/tracing/per_cpu/cpu1/trace_pipe_raw\x00', 0x189880, 0x0) ioctl$auto_tracing_buffers_fops_trace(r4, 0x5220, 0x0) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) r5 = socketpair$auto(0x1, 0x5, 0x3b, 0x0) openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, 0x0, 0x20401, 0x0) connect$auto(0xffffffffffffffff, 0x0, 0x8) mmap$auto(0x0, 0x861, 0x100001000000004, 0xfa31, 0x400, 0x8000) r6 = setfsuid$auto(0xee00) setresuid$auto(0xffffffffffffffff, r6, 0xffffffffffffffff) waitid$auto_P_ALL(0x0, 0x9, &(0x7f00000008c0)={@siginfo_0_0={0x8, 0x1, 0x2, @_sigchld={0x0, 0xffffffffffffffff, 0x5, 0x7fffffffffffffff}}}, 0x1000, &(0x7f0000000940)={{0x0, 0x6}, {0x0, 0x7}, 0x8, 0xd, 0x3ff, 0x1, 0x5, 0x8000000000000000, 0x8, 0x16, 0x2, 0x9, 0x4, 0x6, 0x7fffffff, 0x4}) sendmsg$auto_NL802154_CMD_SET_MAX_CSMA_BACKOFFS(r3, &(0x7f0000001000)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8608d100}, 0xc, &(0x7f0000000fc0)={&(0x7f0000000a00)={0x590, 0x0, 0x20, 0x70bd26, 0x25dfdbfb, {}, [@NL802154_ATTR_PEER={0x33e, 0x28, 0x0, 0x1, [@generic="24661b389ea2e77dac9f1e4d22309e6ca45b1820247112e8065127e84c131fe682ecc595f3c1d09f626a11f473a5c26151f1f9026ca5cbd58de13ea2cfd01cc2c044c300aacfadd919fde7885402888ae2123f98939443e0eedcd7899d42b8830c5a667c516b6957e0f01caaf3f402c1d554c72141e5c373d7efed8f9485c0182c91c5060db744ffcec179467c", @generic="289f9b91e208441f416a9bc5dc19ae888dd21d0f0bd3f9ea8370762465ce50ace5105bc712985898b57196235e30811a156df6c2207c5bd2fc3ed23c70397ab7c7bc9bdca5e5753f916521d0e21fd121de3f26d193629f387e79c91a92ec33a7c1dfd7dfc41b617d03fdd47cc19a4b950da220c6d8ec3b4a5ae87cac15c9d808437a2d0afe29be35b5551f4a81e7c8bf59735f04a4f5636c0c72d703500f97f820c2fd58d49b1d551bd4e05217748171edf502ab5dc71dca6227c0894c7d4f919869260ef42685538f1fbb357c971cb17c3512cf357ca410e7fd850c6d0844b0d053fc", @generic="723973e47cc39f9fbaa0", @nested={0x1bd, 0x9d, 0x0, 0x1, [@typed={0x8, 0x146, 0x0, 0x0, @fd}, @typed={0x8, 0x88, 0x0, 0x0, @uid}, @typed={0x8, 0x160, 0x0, 0x0, @uid=r6}, @generic="d78bbc9ac135d291f48121175d2538067dc8d99011f28969b645ce78f81a066342a01f2f4bb0e764c28e5712f84cbed8bd77e3a481a1d27dda1a2b9f425ff8fc425a30545a5795b529aaa99a772d28d59c8e0b44eb914d033cae27e79d5300836037b94e3f3f7c3da76d9430a524b07ca5b6913efdecdbf425a6b1f767eb6b696d8b7a7b56b69fc4177ba13a641ebc4d46901223b3a59eefa9ddb592c1b7b987984db860b8cb5f41d85c23bf92232955b3e6a6453c25f718a7be4f838f7f232956fcf3704f6567adcf7b33a21ce76231", @typed={0x8, 0xfe, 0x0, 0x0, @fd=r3}, @generic="13b19ad1f42981538fb051d6de980f7c89dd23c56141281de1d742f25869efbe1e918eb433182c7cfcd06b440677cc4e18276f3ac4f4161f05fdd5026235d6a18bd6a7d083150a9ef86038508d49cd148f8acb5ef59d2f1fbea9f10cf82edf4daf58a8c8bf4faf60d3092179fe63963b4df53b147fe4597a2d60fb4380d2a07c472408611aa1c540bb4834236c2ecc97d72ee757374752c2d723dc17c9ceb195a2bf694f80cd02d8cee4eb648098628d9976379be19e66c1f287370fb126ecd2530f36bf5ec18ca99b"]}]}, @NL802154_ATTR_LBT_MODE={0x5, 0x13, 0x7}, @NL802154_ATTR_WPAN_PHY_CAPS={0x229, 0x18, 0x0, 0x1, [@typed={0x8, 0x72, 0x0, 0x0, @pid=r7}, @generic="539901c148ab318e3aae711860703e38d54e97660c4efbe287164b19c69f64bb23e1b5d541b256164391e72a9af9a21b2edce7a7dac9b6e8f00bedc48b47013820af0cab3f3130bde55c39fc0de87446eeb968251eefe02e358c59a47cf4cf2eaac2408c986460404e940c34512889a4d22ab41d851dd96f3641d96ac234cfe00a7a894d5d5972acb7d51e8414b22a4c6069b87c3c21c7019a464b2f30981745f247ebcb7239bab91dc599b16c8c0c914d991e78887d205c8dcef16aa60acfa2a2eab455ef305a8e854d6d0b854d9e562fb734b50cf70297", @nested={0xe2, 0x13a, 0x0, 0x1, [@nested={0x4, 0x13c}, @typed={0x8, 0xcf, 0x0, 0x0, @fd=r3}, @generic="e3691dd838576cbd8cc120200b6eae55fc3798e93607360a328722fe689f7026dce03421de86ade50be948e65d0ead2fdae4b48e62afbf0c5136d9fbccac3ca8db4b3d1517ac24058bd11d067562336430df4cbc7955c54677dbc24da4bc7a122697f1b6c70f158dc4a0f63fcbf20bc28b0e3e2e061fa99e15da372af76e9036aa4d7f13b64fa6d12378d1832656181a2cb03930ad82e27734df11be4ee3312551ee0e2a18d81c9755abceb91e2908d92abeedb59c73d22c701042aa73cbddfd93c0d6a2fcc271e01483fe22f68ddfa9b7fb"]}, @generic="846ba310f64e8714a59d1c55c5e9a219decc62bd6ddddff0760800a156143840d4079ecf5dc09a699b7026fba43266aaf4aa4c2cab445b00cc280e2bd67f26ab118bb41798cb500d302a267e12706a15927cb8bb857c36633cbd9d0e343fef818a"]}, @NL802154_ATTR_TX_POWER={0x8, 0xb, 0xfffffd64}]}, 0x590}}, 0xc094) io_setup$auto(0x8000003, 0x0) kexec_load$auto(0x5b50, 0x2, 0x0, 0xe) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x88542, 0x0) syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000140), r0) r8 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NL80211_CMD_GET_REG(r8, &(0x7f0000000640)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000600)={&(0x7f00000002c0)={0x318, 0x0, 0x20, 0x70bd2c, 0x25dfdbfd, {}, [@NL80211_ATTR_SCHED_SCAN_MATCH={0xba, 0x84, 0x0, 0x1, [@typed={0x4, 0x9}, @generic="c2175dcc0f1a4185e788a2773372740625105d4d8a112b18c1a46ba70dd6572264755c5c1bf6afdaebffd41566c0ffe902249451bfaeaf57f9d4", @typed={0x7, 0x13c, 0x0, 0x0, @str='=,\x00'}, @typed={0x48, 0xa9, 0x0, 0x0, @binary="1c3d96e2d4e00b4907772a970d5ef39efe3475a907e6db9280c57cad1d97ba5b1ec0820c4f2daf7c81b6703fcf0f26b34f3783dbd73e390d4230c074001368c4564ad508"}, @generic="117b", @nested={0x14, 0x1a, 0x0, 0x1, [@nested={0x4, 0xe0}, @typed={0xc, 0x141, 0x0, 0x0, @u64=0x101}]}, @generic="c12561c76329a574e6e51550bdb9bb13899a"]}, @NL80211_ATTR_EPCS={0x4}, @NL80211_ATTR_USER_REG_HINT_TYPE={0x8, 0x9a, 0xddb}, @NL80211_ATTR_NETNS_FD={0x8, 0xdb, r5}, @NL80211_ATTR_AIRTIME_WEIGHT={0x6, 0x112, 0x5}, @NL80211_ATTR_STA_VLAN={0x8, 0x14, 0x401}, @NL80211_ATTR_MU_MIMO_GROUP_DATA={0x1c, 0xe7, "6f4a152d85ffd2d7efee7f6b388d2e506e5374e9b9b0b085"}, @NL80211_ATTR_MBSSID_ELEMS={0x208, 0x133, 0x0, 0x1, [@nested={0x201, 0xae, 0x0, 0x1, [@typed={0xe8, 0x115, 0x0, 0x0, @binary="5ea750fcbe62640508241e5a6728751268c1f54bddab4dec9f2dcf55947e0a58747c49cc61901bc158cf6eb5eea0ffa1b46c68ba1bf3992a88d2f9a094b0da55e2ee4fb78a873397f84d70c1cdc9a38e35f1c01b18f64702ad49f7a4b76f90092ab4bd6a876886aaf4ad08bbba2cb235a092588e7725b9a1f165ff6ca3d2d7638689b2220fa7b377ad5e57b260945a0066bdacdcad1ca710b3e125ace906c43adb7f1fa32641e4ff5851a48ccf11afbbc4e8c858d211e5e56b434ab4eeb519c5eec0663539103f0c202ad755cbf74b369ce96aede5d474f4dd7a78ca7c7024c195b91238"}, @nested={0x4, 0xfa}, @typed={0x8, 0x5d, 0x0, 0x0, @fd=r2}, @typed={0x8, 0x97, 0x0, 0x0, @uid}, @nested={0x4, 0x126}, @generic="ca4590f90025182ecb9fae42bdec37b708aa59b4c3b56662b4556adfaf4559d8382af274092fc2b083ad64b0c76934d493c39c1457bf9d2f8b7e140805a3b674fe8d14e24e5165e935fdc4e2b1009409e74c06ef30d5b91b7b24d854f3d2d639abc11e2d26de2691360633d87fe68286d311a7e9e370313ea0cbef0c6d91a7231ca57bf7be0fddeb36f77ea538bc3e4f6e1500e9f49a2e87785c8529e4735353315dc5262e4d75013546fca80efd3a8a49884e630757af14aeab904fac379e9a51605ee0cc2ede7da843ada053c98255878e5306303718b2c6522c543527cb6f75632f36be77b3a884b7c8f4a851fdf9617b21b3f721dca07157613152"]}]}]}, 0x318}}, 0x10) 5.438501152s ago: executing program 1 (id=1890): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/block/ram6/queue/max_hw_sectors_kb\x00', 0x80000, 0x0) bpf$auto(0x0, &(0x7f0000000100)=@task_fd_query={0xe, 0x4, 0x4, 0x10001, 0x8, 0xc, 0xffffffffffffffff, 0x9, 0x7ff}, 0xee) mmap$auto(0x0, 0x40009, 0x1ff, 0x9b72, 0x7, 0x28000) modify_ldt$auto(0x1, 0x0, 0x10) modify_ldt$auto(0x0, 0x0, 0xfffffffffffffffb) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x82002, 0x0) write$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000000080), 0x0) close_range$auto(0x2, 0x8, 0x0) unshare$auto(0x40000080) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) ioctl$auto_VHOST_SET_FEATURES2(r2, 0x4008af00, &(0x7f0000000040)=0x3) ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) mremap$auto(0xfffffffffffffe01, 0x40000000100005, 0x843, 0x3, 0x2) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) r3 = openat$auto_tracing_iter_fops_trace(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/kernel/debug/tracing/trace_options\x00', 0x2, 0x0) write$auto(r3, 0x0, 0x6) madvise$auto(0x0, 0x2003f2, 0x15) mmap$auto(0x0, 0x4020009, 0xdb, 0xebf, r2, 0x8000) fanotify_init$auto(0x5, 0x0) creat$auto(&(0x7f0000000000)='./file0\x00', 0x3ff) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup.cpu/memory.limit_in_bytes\x00', 0x182b02, 0x0) sendfile$auto(r4, r4, 0x0, 0x3) r5 = openat$auto_tracing_saved_cmdlines_size_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/tracing/saved_cmdlines_size\x00', 0x80001, 0x0) writev$auto(r5, &(0x7f0000000340)={0x0, 0x2}, 0x7) 4.75623817s ago: executing program 0 (id=1891): mmap$auto(0x0, 0x202000d, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x2, 0x0) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) socketpair$auto(0x1e, 0x2, 0x8000000000000000, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) r1 = epoll_create$auto(0x70c) syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), 0xffffffffffffffff) epoll_ctl$auto(r1, 0x1, r0, 0x0) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x40006) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) r2 = socket(0x10, 0x2, 0x0) sendmsg$auto_IPVS_CMD_GET_SERVICE(r2, 0x0, 0x0) recvmmsg$auto(r2, &(0x7f0000000140)={{0x0, 0x4, &(0x7f0000000080)={0x0, 0x803}, 0x5, 0x0, 0x2, 0x8}, 0x800}, 0x10a, 0x8, 0x0) 4.354579099s ago: executing program 2 (id=1892): chdir$auto(0x0) socket(0x3, 0x800, 0xffff0001) mmap$auto(0x0, 0x9bc, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) r0 = socket(0xa, 0x1, 0x84) socket(0x23, 0x80805, 0x0) close_range$auto(0x0, 0xffffffffffffffff, 0x2) r1 = socket(0xa, 0x2, 0x0) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000180)='/dev/loop10\x00', 0x40000, 0x0) ioctl$auto_BLKBSZSET(r2, 0x40081271, &(0x7f00000000c0)=0x1000) cachestat$auto(r1, &(0x7f0000000000)={0xb, 0x7f8}, &(0x7f0000000040)={0xffffffffffffffff, 0x3ff, 0x20000000008, 0xede, 0x9}, 0xb2f) fanotify_init$auto(0x5, 0x2000000000002) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) bpf$auto(0x0, &(0x7f00000001c0)=@bpf_attr_0={0x1, 0xb9, 0xf, 0x7, 0x400004, 0xffffffffffffffff, 0x7, "00000000000000e3ffffffffffffff00", 0x0, 0xffffffffffffffff, 0x5, 0x7, 0xe5, 0x3}, 0x10) mmap$auto(0x0, 0x400008, 0xdf, 0x100000009b72, 0x2, 0x8000) r3 = io_uring_setup$auto(0x1, 0x0) r4 = socket(0x2, 0x2, 0x1) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f00000000c0)={'bridge0\x00', 0x0}) bpf$auto(0x0, &(0x7f0000000000)=@bpf_attr_5={@target_ifindex=r5, r3, 0x4, 0x4e, r4, @relative_fd=r4, 0x41}, 0x10) open(&(0x7f0000000080)='./file0\x00', 0x4000, 0x44) io_uring_setup$auto(0x3, 0x0) pipe$auto(0x0) socket$nl_generic(0x10, 0x3, 0x10) r6 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8, 0x0) socket(0xa, 0x1, 0x84) socket(0x2, 0x801, 0x106) socket(0x15, 0x5, 0x5) socket(0x10, 0x2, 0x0) r7 = socket(0x10, 0x2, 0xc) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r7, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="18000000", @ANYRES8=r7, @ANYRES8=r6, @ANYRES64=r0], 0x18}, 0x1, 0x2000, 0x0, 0x40000}, 0x80) 3.953082077s ago: executing program 2 (id=1893): mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) connect$auto(0x3, 0x0, 0x50) unshare$auto(0x40000080) socket(0x2c, 0x1, 0x0) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x59, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttynull\x00', 0x0, 0x0) read$auto(0x3, 0x0, 0x5) read$auto(0xffffffffffffffff, &(0x7f00000002c0)='N\xd5\f\xb9GC*(,\x00\xc4bAL\xa3`\xb1\xf2\xe7\xc04b$\x99.\xb4\xcc\xc0%\xaa\xd3\xd5\xef\xa4\xd35u\xc0\xa6\r\xcaJ\x11\xaf\x93\xde\xc3|\x17\x96\xd1\x15g\x10\x1ai1(=!\xf1\xe8\xe4\xcdm\xedKW\xe7\xfbL\\\xf2sj(\v\xcd\xe5\x02B\x81ss\xdd\x8199\xa5\x1e\xb0A\xa3\xcbj7\xe9\xc9L\xcc\xc6\xa4\xaf%\xba\xda\xee\xd8%:bXj\xd5[UG\x8a\x8ab\x9a\x18\xe8K\xafU\x8d\xb1\f~\xaa\xab(\x86(\xf9\b\xf7$%\xf2\x11\xa4\x9bj\xc1)\n\x1ft\xb6\xaf\xe2\xd4\x95\xa3\xe1\x1f\xf7uw\a\xd0\x83{_>/\xff', 0x100000001) ioctl$auto(0x3, 0x402c542b, 0x38) 3.799355575s ago: executing program 3 (id=1894): mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) connect$auto(0x3, 0x0, 0x50) unshare$auto(0x40000080) socket(0x2c, 0x1, 0x0) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x59, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttynull\x00', 0x0, 0x0) read$auto(0x3, 0x0, 0x5) read$auto(0xffffffffffffffff, &(0x7f00000002c0)='N\xd5\f\xb9GC*(,\x00\xc4bAL\xa3`\xb1\xf2\xe7\xc04b$\x99.\xb4\xcc\xc0%\xaa\xd3\xd5\xef\xa4\xd35u\xc0\xa6\r\xcaJ\x11\xaf\x93\xde\xc3|\x17\x96\xd1\x15g\x10\x1ai1(=!\xf1\xe8\xe4\xcdm\xedKW\xe7\xfbL\\\xf2sj(\v\xcd\xe5\x02B\x81ss\xdd\x8199\xa5\x1e\xb0A\xa3\xcbj7\xe9\xc9L\xcc\xc6\xa4\xaf%\xba\xda\xee\xd8%:bXj\xd5[UG\x8a\x8ab\x9a\x18\xe8K\xafU\x8d\xb1\f~\xaa\xab(\x86(\xf9\b\xf7$%\xf2\x11\xa4\x9bj\xc1)\n\x1ft\xb6\xaf\xe2\xd4\x95\xa3\xe1\x1f\xf7uw\a\xd0\x83{_>/\xff', 0x100000001) ioctl$auto(0x3, 0x402c542b, 0x38) (fail_nth: 1) 3.609585917s ago: executing program 0 (id=1895): mmap$auto(0x0, 0x420009, 0xdf, 0xeb1, 0x401, 0x8000) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'veth1_to_batadv\x00'}) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/nullb0\x00', 0x14fa02, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x1, 0x0) getsockopt$auto(0x4, 0x6, 0x1b, 0xfffffffffffffffc, 0x0) open(&(0x7f0000000140)='./file0\x00', 0x123040, 0x1d4) r0 = bpf$auto_BPF_BTF_LOAD(0x12, 0x0, 0x9) r1 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000200)='/proc/kcore\x00', 0x28000, 0x0) pread64$auto(r1, 0x0, 0x840003, 0x2e6c) r2 = openat$auto_ep0_operations_inode(0xffffffffffffff9c, &(0x7f0000000180), 0x80, 0x0) sendmsg$auto_TIPC_NL_BEARER_DISABLE(r0, &(0x7f0000000880)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000840)={&(0x7f0000002200)=ANY=[@ANYRESOCT, @ANYRES16, @ANYBLOB="020127bd700000a001f1a83e3d6a00", @ANYRES32, @ANYBLOB="040056008f018d80c5b1640938c027e5a27fc8db8a7e17484987aeb38bb8cae34293a8342496efe178d97a521ef9d2686b269dc99da6a8c32fdfdf14b4d6252c9be32af52a36a96c786ed2d9b82b6c0585f725702016d444cf5cdead4a60f419944abba2f526ddceb09ddcd1d795f660b67eaa88e039a9670a09a32a02a82caf614af01db1d7d28141373796f3d162d193ba6ed664d63ef21cefb24bf76b1d801fbd0a72364ce399232f7aa52ff060f3c8b570b3b73a7c9d67787a7f6d3365eb1ad02877491686aba11481a2fdce16fb0ff2ca6b86b71d288d8f21a746f612122a7381640290b8e20cdb9e9dee5ed424c6940c03888bda7fdba488ba8afbaf63c2ae814f782121abd22e7e9a65ad7320b5c27d48e0cfdffce505efe340836544b0e213b8194c185c205032582e751facd5e84e714b8a78b746fdc5e2f138a48e4464f8c03341e42c45d684bcf360cdd090c69ec033f05d4d7387af829de36c49427937c99713a5ead0a277ebb01c1c883947c96a1cae37e817e2384144d5f499d0b89593ae17c26586d8473047f6bdce758704002702068008004700", @ANYRES32=r1, @ANYBLOB, @ANYRES32, @ANYBLOB="0800e00012090000b5af7f7d4965da93a3c405f32eecb3b06116cef5b32614d1783367f83a902d5aafff1e728d3f3db24987ef8b74aa7ac276b848029c7af8afdd03f2d633ac4f640ed8e28370f185363eeaa250daf607e6c28a995a9a98b043903e3a42944a4082120351f888e6457d4f3bf17abc9197ba8c87dcf92713d12d61264566353a4259d556e9895183364cb86cda4ebf0c3f5b3c9db94f738b508f60a4b593d4e781e1bf702a1aa5be5251f96bec1ac1b4b7feb6a303252d5499a828482f0b07ff27c420d5ee009baf6f5e6607bec4824f7013f66194c041b16c4c6dbbf9c629bd13786c3c68949913ef8c9b6db6642306669a79713a357c3db46be744d3ed1ecc85dfa87984533cb72e620a84ca87eec97c0014040480100366800800", @ANYRES32=r2, @ANYBLOB="04002180bf0120800c00db000100000000000000424dbdaa9906dad591819ad93673e6415585dbd68f0839544d27945fb0cb1a20bc185d04bdc52ef2060bf44d197ff37f499ae86ad4c90ccb7ef23f7b643dd2b8edb8e303a3acc06b4126db1aed341b5d5602c226791eafb4b12a62d2f7898c750d403ee73805b60c09f48eaf623cab378f240ee782e7e12a70c7e3167ceb22c3fd20df8f4f6eca48edceac9be8cb0ade89975b60cc3dc74d5610f82efe9d1957d0b1632d9cdb1343109b8af631b6e13adbc1306ff8b7a4f60088801700ab0000a3339ee2c537afbef2cd6df2e0bc58f05d4d007401bdf7fc73850e70840f81adf3d4d873a4824a662c5bca2365a2e1dd26c672cf072802e2a24f20793b9b5782acb224efc32699390ed1519782bdc5f796f08e378e7318182f7be734d93407a37d6419da1a59b1e83a7c7d1a0a0a46320388f661aa028f66283d0acba453733eb5324de89cafbbcb70324f4d768a93f8d5ecae5e769369f0de4368e223c6ffd2b38bd723601f16ac5c7575d919b038faab7d5eb9c6ab69fe158912f837d3f152665dc78be07c8f313d86afb94837c3de4b7f2a113cdc9f7a6eabaf1c9f2f1a3036fd0cd5ad08004000000000000000000400440004002480a7f41d5a0c55820c3b779673ee912de5fde3f152ad8c0b6413847aeffe234e0a17d2f9760f143b20a4cdd2a9cbd0c1147373aeacca2e945a457bc6e733a5ee0d7d4f0b3bd9a1e59836c6a2c0f7301a4efb314f91bda64d56d4dc547fd0659a980a36bf51432f5387bf3cd4a67db1adc9dc22a006f98f73080ae04b437b050ccd719b11fd67872bc6d96eef0daf9091ee0d63224e7c3c1d4215007ff7f80ca48de6037d9c0d4b5058f314a74e1b6ff41b8a61bf2178f8e9b3925e2c5e523ae9b7aabdd3ecdb8f1b855519ea1b0fa57fff7724ab41772dac38e31f9bf4dc8f863aaa2affb3b8ff0d4058a51c0157d96c583196c509f47fa5005e722cf3cbecab54fa9899c8c8d40d264f7b793988ba6a6ad5a20ef1fd05ea549a66c4c4da3461f2c93531fdfdea49c365914ffe45125136ba5cd29f04001d800400910004000900d18d2194c05a1e24a7d865725c0b93a3ded84f9c795c1186944bbde211301335325b5bd9b63095c6c0847051b5008cb5805f8297383cbb989115d283f73c7cd7ccb1736787b5bd8ff4fef9f9de31cd8d01c440816348e198b12f03cefc8a0c91fda21ff99a15b75ef01e44364527100c583ac0002feffdc44c8557cc24c5ca696466452920bf647d50b7bd4c49dfb5416bb260ff6bdec4e25453d52969ec82c14cbcd65c9382f5347188cdf08a53b2baed0ef6d538839baa4bcb504015a085c77a6ae5f902fa5f2e0b73328856779a7ee9eb37fc74ba3b2d1906102b3c735da54b993b271a5fa05281e62ab7748dc21b5950d243c388d4a5"], 0x7f0}, 0x1, 0x0, 0x0, 0x8000}, 0x40000) acct$auto(&(0x7f0000000040)='/dev/binderfs/features/extended_error\x00') openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/loop5\x00', 0x68b81, 0x0) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) write$auto_userio_fops_userio(0xffffffffffffffff, &(0x7f0000001200)="3d6c98e358c5e5045943365682aea98b21117c70706c5c01d2eca7e759df7a4b9b80c28fb2c5d519226beafce7fb65036f33b40c8c9d9db7e883ce74ffc72083fc3a8f2b170a2ce654fd2c722486f1dc52f505cb70e8e6a94eebf89c31fb2b7b95ddd9d10f0210c9271c9419abdad4d724b46a128fef748fe093014aad815d5b95c0fb5fcc54c272403c654968c233b8df18d3ab7cb698cae090843df334fd4382182fb7499d52532621a1a98ef4cd99fad2e2155228c591295c3d91ed4fcbf0c1a9356a01734b4cbdb60c5774e3d5a58dc6a171f949c0f18ec9dd40a339a9143d5b6e1e36128cb996f4a37f30251bba825bf59d627d516d0fcc37ac27dcbbaf065e09dfbc8802f3da990e10d3a270e6fed4c7f9b0968c335b6a3b65541fc7005bd274a90c4b7f9f116d769d190fc0b5265db032876a6a6824884cf33cc4e0a92ef106ea74eb00a8224097cf173266024934ea4e1de4771fc610551ccf72997e027526d73f71a5dea5c170070db60aad2988b2b145b3855a3054785f3d117cb6b44a7adde29617767283e221c4e81db4dd4272204f8f7a5cac4f0db7e0eb7ff8af760962e30a2ab1e3100c6c72cd6804e6007c499163f6033b609e1ec499ff13cbfd5bd977fc2a55f8529a485c91a23e2e76dc82529e2206182ee85ba4eb6d689e63b350d06fdc2ae26c0d4623c600a8e6f0e746419731a365f26918594ad653b42dd853562828bb6b25554aa45eb0ac016dbcd06a9d0491241720bdca1cd933c44953f20aed732cadc915ea81f34fe23092d0817fb9d97fb4e23b600d9c02f79cdc3c46a3ca0a6ebcb9323d8b28cd1ed27d5e202220d7cb09972b6e341fa7a36fe118421303e9d162fc66d8ca78fdbb907ee597439b7277ca4ca9c9e68801a62eeb1864771bcca7c61b505f5ba314ecea6856077a804e00fa41f7e1e9e56c1aee6d6d8a2a7c76cf5ad8c1323dd2c7d2edb541794acab3799cdcad3e679e49fee2bfd28b4ca22d1d20d07a4af9997023c83510eac9eb8c0ae8fa9d47cab9ed38ff2ad6a8d6151063427e77511ed7a34d80720f2f07693abcba67aa017a200a82c116a731e393ea57c5079cf80d27e4d02697432b7c1cba5218a9b6429a6f4f715636d7bd44b6eac248306f94a19fc267fa65bb4d3bcbdf01f58b0ab9242a088c3e9fb006930b736f7358626c8528568452917a9ec3f538193bf4665a1947d7d47cdc5d1ba92413b16518a8ff10a405a67737dbc9d99f36443b9e62bbf79279598d0428f2e3c33b84e541eac2d9a63d2803de1ea0cee183f02f130e8d243b4c43ddf052cbf27a28704092100f144fe7b54ed8bb8a6fa29c3cdfb0f591a4d651ca47148d81eaf0a8593b0de3baf4724c72879471173fd1fd5d719830b75b764f256e4312f381e162ff8dcb1c6230e76ecb7a724a26385172bdb35035583c9dd053c489d4f239311a1dccc7d31dcee324f1833e603994d99726b8632660910c3ab0ce8171ba27a672b3a5b3f113d43dae7ee832b92a5b67bc02f0318b137f0f0760caadb58cbc18f5c16e03d12d8024d3ef7c25e5f19ec5aed962dc70bcb75b7b0bb22be5d0c7ecb0a33f903f0ab9c9f3d84139adc8b8adb637c985d6721bead8c9efcb2ae5b64ccbe30e5189e3af4775aaeb5e86a7acbc42f06621a1f75edb9ed9044025c16bd95040aa62519ab5f25a1fc13c1175ebca4532086c00452ebcf35797671bce8d5973ff394688bf0aa291e1482dabd11d5c6872a5e4d7ca43f6187a5e9ff8e8320b78c378c2f88b5a7062398dc44a8d73cfe15d4185ac05479c015c38e8fc75a3ae21cc957583722a0370bd0805021fbcedabb7f97a063bbb18e107b155caacdbc2f7b7f733ae1ff9023003e6df6c3ba6b4b15aae42fabbcdc275ada8bfdb90406ccaff806882a9eb235d88d2d9dcbdf5f6d5b02819044c4e8aa794062457c885881d73e0fed47ee39b2ca2a3f65761ed813fc94cf6d3d97a083b490f19f6f17ea270fe6838197711dd51d32fab1966b0954dc16e190aad0eb7d3b3499b6519b21f2cb548c98d271fb55ff16b7edfe8b6a3f28b3510bc6be18dc6d6fb1e58ba99ff7cab4ab16b11ea33636b8f7230f46ec49eae9d9c02805283fb1fe6711f8e9459e04db490a6b071811e1c597c3fc7cab6fca8d7874f1cc7a7b3402ae0903d079b4022ef5194c1552f525035f3726c173feb007c8a0628497ccdb8d19687ed0f6447e6c4dd34fbad088a699b226d097ed81f694f28eb0a9648279e46f8d2ed1c09b43f25caa42ba33b8df01ff3e613e2b2297e50b5c0bf47bb762112a7cb16ef1014a278fc36d32f737b2ad3665deca11cafd6d7065e668b1e4bfa2414b17f075f35e47c3e09a8162887247cc84352583ba5612ff44c9986193d1c80e537d57ea657bbc440478ad1e2a750d92e8d03df61f88e92b98545829bc1121d504fa6d56746321b741b7534d5650810a8e7106850364530202387fbc3fd5237b958e7413aa8ac00267fb1c7c82de67e6c18cb4bd649476e5687058b0f5a235c7e3eaaa01af7a70b2821050f21c6757d3b557c084dcd498ef097c37e4886e9b851c200c58a3f2547054a11cada5d16e57d67a44a77d7edca9ca878f2c682e808940ba014f79c982b48b3457bf881b563908646bcfe67f5c4d2d0ebc7a598c6d81c6889c2037fbef3d327ebc3b7797f2615c688049ac70e1c7e37f2eb117a2d809d1339ae99d4a60986265769bb2132da904f5733b9b9e32677f9d76a8cd630e4575983be233b25c9b29e37bce4a210f55da22dcc53567fd4c98c95157977ad7530f6128bfcd5d98d673868e1ae3e640874b13d2714309328ef4e967e701f7521069a66b3d94f9f7e4a9735654d962dfd501f097d8efc17c60ad48e699b7c7682e386cbeb778c9210fc7da6baeb01c6a23b67f44e93a52cb7c8930392d5f8c193d5f6ef7b84f818fafa0282f7e1b3155ce84631c46339dcc149859d94c6fa4488050bfbfd2bc58b7d714d19f911e2db65485cd556119f74207b647bed2f39ac95f3ce8ee1fd2056475994251b1af5ceb94b8880c9ad04fb49fafb716791704a16ad02d5ec4b808ceb517ae5fa757a1550eda69111cd0224cef490bca0905a672bac7e6c61e7f8dfadcba29d12f87df523ca6a3c36e8a28bdb8971e5f33305b4b7c174913de0f6ce7b0b9cbc0891a34a14d21d982f3bd2addfebcdc3862da96279b9f3b99c5cf9add2319765bf06959b3e6559f3a1583a7e93cae31e4fa269171335259dafd44ac1570d94a67010ec55a40fe6662de3051e4c9641ff427bfe1e16f2e13c5b95c6c1a1d33ec8d8f7dd086a7ae55f3fb2ca29381e82fd45f434eaceb4d0876b6d10390341fb4d65c2ad79b0a0d156d2477234e20476d92954343e59a3f3fdf04eb8ab9d4280739db3a4b6e8ea70d6dcaf46af47de1c126ea103ae1f7c4c4e0b08d34c01930bc64bc4a755c77d524d4dc4394b2893c96cab7d5e83aa5b8dbb89ae662e6c823a0bb52245bdf8b1f33a6ac8ddbdb17eb76a42abbe56128c532d3fb5a7965f0275359d6cb32cca7d4a782c04ee124db3fd87cd82be23e7270bcb3103e1dc330543367fa85f84f3c911267256401f25cc0802f2953679f297e91817dd7d03313102a003f2b35f75b562f2f105541f8ae4a2aa1fe7bd61869b22726202bc928684fe22ae80e00692c82f09518c28eeb0f06abd39f76dfe0f05e099388e514873d054e74bdc22323bedbd4d166884d644d7d065e9e1392f5c376bbcce5fda83305fab30c42a1ad77ac1984190957b7073304512499675378cded9ec5ad5c840aa496113f322b7609666ad11b244e495958730a08c46082f5bd3794f781350b6bc76adc37d8e58c4cb0631e4cc282286a9d1fd273beecedab1c63fd5388b1f241646a3d284387978a29b0c1ddb44b1f0905b73dcc60db7c9dacd5336c4ad91da63c798f8fd48980e108db91d993427b0d0c4c2e3c7da0f8a307135720e6b36edebc8691bfa708b5a445dd31f00b969588da216f5d308a66a21e9479fd3e7d3cf2a26a0ab3bc232d234a33451ad35b09c7e5348854f58e25ac08681cc664a3afb20485529c3ce93ab6469f882f1720de41356efa38ab5f43567608b6d216029dbe4d97d4075d537de3f439d98a0d47e261a725fedacc24931ca5cfdf4d657571c43b2f91e0a269fdfb2723d199e25fe005f2c47a608280d861466ee197ec37ee8d691d596623abfb9d02c2a4b97eb4732bb334fd717b2cdb268be03213285d4bfc82a459bdadfa5b6c5229d1b847e3b66033358127488e699f4eee91725ae90b2849c22bfa16e637e472c1aa1fafdf8ba6e2d3443755bcb426a9e4942ccff6394320ad077060d97073b24aca03aec28e86ba232abc6b9c69de6988b13d4a84fc85b02d7b461873471e86b6273a4c1fa218228ae6d2ef9e619f9406f65558f11e3a2c28ac72dafdcd623d1adf423a66a5fc7294a48bef94886434d810f5f6f763e1515f7f2963d1569eac9537d727680b3bf86839c283337be7961b5009b5d6704aa19950e6d8dc9dcf9fa654f81ff45070dad6f33167725afe4930b75a7ef6d71d1b31492832a5a4874d2b40481029ac2bfa6f6be779c691cf13ce9f8ab716f779166641302328a4773000094b7adf548f00e3d8e314f1731959e0ef8f04cbfe6af64464c342be87cffa1ff9c5c0943263ab53dae06a99ebe52c07c92b44ab4b5301cf0b2d1ce2097499c82166bee860d6530320b66d4e849ce7bf9e42c5a103f2e0f75b7e340316839f2b566578598e024cfdf9ec218510e3e3ca22620369c5ee81a21abb6c608f7a7b35d089a7d40e2a864a652a13d390d475943bc5f59945527304444b84a538ce4176c82c9c9c804e12c0acbfb3da83652326926644645aad95f32be5f5b056b62adb363364bf9e558f29ee56650e789627bc7cc9abbfa654f63d73201a9238918dd15fde8b5d480c8c1579e48775fc1a9ff40d565aade7e9c3ce76c93ae7aa95f8fd589cc299789eaf05311d64b6355a371f4d6eb0eca39faea2c47b5d02fc9a3d3b7ac1def4d1e12f70b4e7442b1fde3eeba7e5fdbf21ab70f4ba0e8c6636eeb7c0c137efb7d6fe87ff308659f8188564cbdb59b3fae4f37aacb0ceb0b8bad6b6b967d6267c013728622e93fc9da2557230ada15e8381d7d468f800c2597983b59dd9d2419f00b8b1c5e960782097295f0f62a08fd1172ed78dcac5f39457431f4fa7ea88842fff85adb0bfe7ee839246f2a402a19912407b9e16c522fae91a2b4a50ee85e67c8d388cd60b74574ffabd11309f3482f9ca7e3bacc9443260b5a0f6fea72041bc18f9aab962b4a2f66d699ec756c5ff3ea96bfb3eddc5de04a8bfc7cb24ce55d9d041fd9109fca6cf30a158f71e6332d42a27ffec19ea0275d4f09c076d63116d8e7691d42bfdb7f145dae495f9c8b601fd2278a8e79ce8a25d097f23b80f99db1c1aecdc23c52e255aad475b785ed730ed54d93f53befe6f48856e1756390889f5d7539fd5c023d204c7a6387ca224d7078b9d357152846dac756bf66e4580e72d2baf5962aaae4ea58b7eb92e8d8ce20277cce30652719520e180662198e0b77a31f844281488314ef2ad826d8b8c7700f6e12be4c2fe7212cd9d582c6c3f9b5f3e657a385a33eecce44dbc64484bc50e3f4338427bf3d1cb309d9ae86332ad8004d355c0acd506e649ecbcf44065a43f1d4df63e07fd6147d431bb63e3463d517a08aae2a8594337df422e1f9918f37fd36dd396ba536cea1be78c6bce01986354164651186298a", 0x1000) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r3, 0x0, 0x20) shmctl$auto_SHM_INFO(0x0, 0xe, &(0x7f0000000400)={{0xfffffffd, 0x0, 0xee00, 0x6, 0x7, 0x10001, 0x9}, 0xfffffbff, 0x7, 0x9, 0xb, @raw=0x68, @raw=0x5, 0x8, 0x0, &(0x7f0000000240), &(0x7f0000000340)}) keyctl$auto(0xb087, 0x0, 0x0, r4, 0x6) r5 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r5, &(0x7f0000000200)={0x0, 0x7}, 0x3) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) clone$auto(0x21, 0x80000007, 0xfffffffffffffffe, 0xfffffffffffffffd, 0x6) setsockopt$auto(0xffffffffffffffff, 0x29, 0x48, 0x0, 0x10000110) sysfs$auto(0x2, 0x100000000000011, 0x0) syz_genetlink_get_family_id$auto_nl80211(&(0x7f00000000c0), 0xffffffffffffffff) 2.787760725s ago: executing program 1 (id=1896): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/block/ram6/queue/max_hw_sectors_kb\x00', 0x80000, 0x0) bpf$auto(0x0, &(0x7f0000000100)=@task_fd_query={0xe, 0x4, 0x4, 0x10001, 0x8, 0xc, 0xffffffffffffffff, 0x9, 0x7ff}, 0xee) mmap$auto(0x0, 0x40009, 0x1ff, 0x9b72, 0x7, 0x28000) modify_ldt$auto(0x1, 0x0, 0x10) modify_ldt$auto(0x0, 0x0, 0xfffffffffffffffb) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x82002, 0x0) write$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000000080), 0x0) close_range$auto(0x2, 0x8, 0x0) unshare$auto(0x40000080) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) ioctl$auto_VHOST_SET_FEATURES2(r2, 0x4008af00, &(0x7f0000000040)=0x3) ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) mremap$auto(0xfffffffffffffe01, 0x40000000100005, 0x843, 0x3, 0x2) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) r3 = openat$auto_tracing_iter_fops_trace(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/kernel/debug/tracing/trace_options\x00', 0x2, 0x0) write$auto(r3, 0x0, 0x6) madvise$auto(0x0, 0x2003f2, 0x15) mmap$auto(0x0, 0x4020009, 0xdb, 0xebf, r2, 0x8000) fanotify_init$auto(0x5, 0x0) creat$auto(&(0x7f0000000000)='./file0\x00', 0x3ff) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup.cpu/memory.limit_in_bytes\x00', 0x182b02, 0x0) sendfile$auto(r4, r4, 0x0, 0x3) r5 = openat$auto_tracing_saved_cmdlines_size_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/tracing/saved_cmdlines_size\x00', 0x80001, 0x0) writev$auto(r5, &(0x7f0000000340)={0x0, 0x2}, 0x7) 2.75214196s ago: executing program 0 (id=1897): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/block/ram6/queue/max_hw_sectors_kb\x00', 0x80000, 0x0) bpf$auto(0x0, &(0x7f0000000100)=@task_fd_query={0xe, 0x4, 0x4, 0x10001, 0x8, 0xc, 0xffffffffffffffff, 0x9, 0x7ff}, 0xee) mmap$auto(0x0, 0x40009, 0x1ff, 0x9b72, 0x7, 0x28000) modify_ldt$auto(0x1, 0x0, 0x10) modify_ldt$auto(0x0, 0x0, 0xfffffffffffffffb) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x82002, 0x0) write$auto_kernfs_file_fops_kernfs_internal(r1, &(0x7f0000000080), 0x0) close_range$auto(0x2, 0x8, 0x0) unshare$auto(0x40000080) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r3 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) ioctl$auto_VHOST_SET_FEATURES2(r3, 0x4008af00, &(0x7f0000000040)=0x3) mremap$auto(0xfffffffffffffe01, 0x40000000100005, 0x843, 0x3, 0x2) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) write$auto(0xffffffffffffffff, 0x0, 0x6) mmap$auto(0x0, 0x4020009, 0xdb, 0xebf, r3, 0x8000) fanotify_init$auto(0x5, 0x0) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup.cpu/memory.limit_in_bytes\x00', 0x182b02, 0x0) sendfile$auto(r4, r4, 0x0, 0x3) read$auto(r0, 0x0, 0x20) r5 = openat$auto_tracing_saved_cmdlines_size_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/tracing/saved_cmdlines_size\x00', 0x80001, 0x0) writev$auto(r5, &(0x7f0000000340)={0x0, 0x2}, 0x7) 2.302424739s ago: executing program 2 (id=1898): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/block/ram6/queue/max_hw_sectors_kb\x00', 0x80000, 0x0) bpf$auto(0x0, &(0x7f0000000100)=@task_fd_query={0xe, 0x4, 0x4, 0x10001, 0x8, 0xc, 0xffffffffffffffff, 0x9, 0x7ff}, 0xee) modify_ldt$auto(0x1, 0x0, 0x10) modify_ldt$auto(0x0, 0x0, 0xfffffffffffffffb) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x82002, 0x0) write$auto_kernfs_file_fops_kernfs_internal(r1, &(0x7f0000000080)="2dfc", 0x2) close_range$auto(0x2, 0x8, 0x0) unshare$auto(0x40000080) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r3 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) ioctl$auto_VHOST_SET_FEATURES2(r3, 0x4008af00, &(0x7f0000000040)=0x3) mremap$auto(0xfffffffffffffe01, 0x40000000100005, 0x843, 0x3, 0x2) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) write$auto(0xffffffffffffffff, 0x0, 0x6) mmap$auto(0x0, 0x4020009, 0xdb, 0xebf, r3, 0x8000) fanotify_init$auto(0x5, 0x0) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup.cpu/memory.limit_in_bytes\x00', 0x182b02, 0x0) sendfile$auto(r4, r4, 0x0, 0x3) read$auto(r0, 0x0, 0x20) r5 = openat$auto_tracing_saved_cmdlines_size_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/tracing/saved_cmdlines_size\x00', 0x80001, 0x0) writev$auto(r5, &(0x7f0000000340)={0x0, 0x2}, 0x7) 1.765670417s ago: executing program 3 (id=1899): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/block/ram6/queue/max_hw_sectors_kb\x00', 0x80000, 0x0) bpf$auto(0x0, &(0x7f0000000100)=@task_fd_query={0xe, 0x4, 0x4, 0x10001, 0x8, 0xc, 0xffffffffffffffff, 0x9, 0x7ff}, 0xee) mmap$auto(0x0, 0x40009, 0x1ff, 0x9b72, 0x7, 0x28000) modify_ldt$auto(0x1, 0x0, 0x10) modify_ldt$auto(0x0, 0x0, 0xfffffffffffffffb) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x82002, 0x0) write$auto_kernfs_file_fops_kernfs_internal(r1, &(0x7f0000000080), 0x0) close_range$auto(0x2, 0x8, 0x0) unshare$auto(0x40000080) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) mremap$auto(0xfffffffffffffe01, 0x40000000100005, 0x843, 0x3, 0x2) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) write$auto(0xffffffffffffffff, 0x0, 0x6) mmap$auto(0x0, 0x4020009, 0xdb, 0xebf, r2, 0x8000) fanotify_init$auto(0x5, 0x0) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup.cpu/memory.limit_in_bytes\x00', 0x182b02, 0x0) sendfile$auto(r3, r3, 0x0, 0x3) read$auto(r0, 0x0, 0x20) r4 = openat$auto_tracing_saved_cmdlines_size_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/tracing/saved_cmdlines_size\x00', 0x80001, 0x0) writev$auto(r4, &(0x7f0000000340)={0x0, 0x2}, 0x7) 142.775924ms ago: executing program 0 (id=1900): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/block/ram6/queue/max_hw_sectors_kb\x00', 0x80000, 0x0) bpf$auto(0x0, &(0x7f0000000100)=@task_fd_query={0xe, 0x4, 0x4, 0x10001, 0x8, 0xc, 0xffffffffffffffff, 0x9, 0x7ff}, 0xee) mmap$auto(0x0, 0x40009, 0x1ff, 0x9b72, 0x7, 0x28000) modify_ldt$auto(0x0, 0x0, 0xfffffffffffffffb) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x82002, 0x0) write$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000000080)="2dfc", 0x2) close_range$auto(0x2, 0x8, 0x0) unshare$auto(0x40000080) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) ioctl$auto_VHOST_SET_FEATURES2(r2, 0x4008af00, &(0x7f0000000040)=0x3) ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) mremap$auto(0xfffffffffffffe01, 0x40000000100005, 0x843, 0x3, 0x2) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) r3 = openat$auto_tracing_iter_fops_trace(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/kernel/debug/tracing/trace_options\x00', 0x2, 0x0) write$auto(r3, 0x0, 0x6) madvise$auto(0x0, 0x2003f2, 0x15) 41.819899ms ago: executing program 1 (id=1901): mkdir$auto(&(0x7f00000000c0)='}[,&*}\x00', 0xfffe) migrate_pages$auto(0x0, 0x8, 0x0, &(0x7f00000001c0)=0x7b) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000280)='/dev/adsp1\x00', 0x40440, 0x0) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x2000c, 0xdf, 0xe31, 0x40000000000a5, 0x8000) syz_genetlink_get_family_id$auto_802_15_4_mac(0x0, 0xffffffffffffffff) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) setsockopt$auto(0x3, 0x1, 0x4c, 0x0, 0x9) r0 = prctl$auto(0x2, 0x1, 0x0, 0xdfba, 0x0) preadv$auto(0xffffffffffffffff, 0x0, 0xc, 0x9, 0x402) madvise$auto(0x110c230000, 0x8031ca, 0x9) madvise$auto(0x110d230000, 0x1, 0x3) openat$auto_proc_pid_numa_maps_operations_internal(0xffffffffffffff9c, 0x0, 0xc4142, 0x0) read$auto_ptdump_fops_(r0, 0x0, 0x0) unshare$auto(0x40000080) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r3 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000240)='/proc/fs/netfs/requests\x00', 0x40080, 0x0) pread64$auto(r3, 0x0, 0x8100000041, 0x413e) mremap$auto(0xfffff000, 0x4, 0x4, 0x7, 0x1001ff000) waitid$auto_P_PIDFD(0x3, r2, &(0x7f0000000040)={@_si_pad}, 0x20f5, &(0x7f0000000440)={{0x0, 0x7e}, {0x8, 0x3}, 0x5, 0xbffffffffffffff1, 0x80000001, 0x8000000000000001, 0x1, 0x3, 0x3, 0x501, 0xfff, 0x0, 0x3, 0x3, 0xc, 0xfffffffffffffff8}) madvise$auto(0x0, 0x2003f2, 0x15) ioctl$auto_CEC_TRANSMIT(0xffffffffffffffff, 0xc0386105, &(0x7f0000000000)={0x7, 0x3, 0x7, 0x2, 0x3ff, 0x7fffffff, "9b2189083b030000000d933475a77466", 0x7, 0x5, 0x9, 0x4, 0x2, 0xb, 0x2}) syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000180), 0xffffffffffffffff) mmap$auto(0x0, 0x5, 0x4000000000df, 0xdc5e, r0, 0x300000000000) r4 = socket(0x26, 0x6, 0x7f) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) copy_file_range$auto(r3, &(0x7f0000000200)=0xfffffffffffffffa, r4, &(0x7f0000000300)=0x3, 0x7, 0x0) 15.580244ms ago: executing program 2 (id=1902): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/block/ram6/queue/max_hw_sectors_kb\x00', 0x80000, 0x0) bpf$auto(0x0, &(0x7f0000000100)=@task_fd_query={0xe, 0x4, 0x4, 0x10001, 0x8, 0xc, 0xffffffffffffffff, 0x9, 0x7ff}, 0xee) mmap$auto(0x0, 0x40009, 0x1ff, 0x9b72, 0x7, 0x28000) modify_ldt$auto(0x1, 0x0, 0x10) modify_ldt$auto(0x0, 0x0, 0xfffffffffffffffb) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x82002, 0x0) write$auto_kernfs_file_fops_kernfs_internal(r1, &(0x7f0000000080)="2dfc", 0x2) close_range$auto(0x2, 0x8, 0x0) unshare$auto(0x40000080) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r3 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r4 = ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) mremap$auto(0xfffffffffffffe01, 0x40000000100005, 0x843, 0x3, 0x2) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) write$auto(0xffffffffffffffff, 0x0, 0x6) mmap$auto(0x0, 0x4020009, 0xdb, 0xebf, r3, 0x8000) fanotify_init$auto(0x7, 0x4b5) r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup.cpu/memory.limit_in_bytes\x00', 0x182b02, 0x0) sendfile$auto(r4, r5, 0x0, 0x1) read$auto(r0, 0x0, 0x20) r6 = openat$auto_tracing_saved_cmdlines_size_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/tracing/saved_cmdlines_size\x00', 0x80001, 0x0) writev$auto(r6, &(0x7f0000000340)={0x0, 0x2}, 0x7) 0s ago: executing program 3 (id=1903): r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/thread-self/net/can/stats\x00', 0x121040, 0x0) unshare$auto(0x40000080) mmap$auto(0x0, 0x402000b, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x20000000, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x2ffffffffffe) sendmsg$auto_ETHTOOL_MSG_STATS_GET(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={0x0}, 0x1, 0x0, 0x0, 0x24040000}, 0x4000080) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r1, 0x0, 0x20) mprotect$auto(0x1ffffffff000, 0x100004, 0x6) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000006c0)='/sys/devices/platform/dummy_hcd.5/usb6/bMaxPower\x00', 0x80, 0x0) r2 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x140082, 0x0) setresuid$auto(0x0, 0x8, 0x0) setfsuid$auto(0x0) r3 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sda\x00', 0x20001, 0x0) ioctl$auto_BLKRRPART(r3, 0x801070cf, 0x700000000000000) writev$auto(r2, &(0x7f0000000200)={0x0, 0x7}, 0x3) mq_getsetattr$auto(0x3, 0x0, &(0x7f0000000100)={0x8, 0x8, 0x2, 0x1}) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) sysfs$auto(0x2, 0xe, 0x0) lsm_list_modules$auto(0x0, 0x0, 0x0) r4 = openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000280), 0x141182, 0x0) ioctl$auto_dvb_demux_fops_dmxdev(r4, 0x403c6f2b, 0x0) pread64$auto(r0, 0x0, 0x100006, 0xc982) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) clone$auto(0x1, 0x0, 0x0, 0x0, 0x42) unshare$auto(0x40000080) acct$auto(0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/mtdblock0\x00', 0x14fe02, 0x0) mmap$auto(0x0, 0x128008, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) shmget$auto(0x0, 0x7b, 0x100) kernel console output (not intermixed with test programs): 1'. [ 469.256537][ T6375] Bluetooth: hci1: unexpected event 0x30 length: 10 > 3 [ 469.343080][ T30] audit: type=1800 audit(1780232756.372:46): pid=9990 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.782" name="dbroot" dev="configfs" ino=29671 res=0 errno=0 [ 469.479190][ T6375] Bluetooth: hci3: unexpected event 0x30 length: 10 > 3 [ 470.283228][ T9987] Process accounting paused [ 470.910265][ T9968] Process accounting paused [ 472.228595][T10024] netlink: 8 bytes leftover after parsing attributes in process `syz.1.789'. [ 476.096316][ T30] audit: type=1804 audit(1780232763.167:47): pid=10046 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.794" name="/newroot/sys/kernel/debug/tracing/current_tracer" dev="tracefs" ino=3810 res=1 errno=0 [ 476.127443][ T6375] Bluetooth: hci3: unexpected event 0x30 length: 10 > 3 [ 476.202658][ T30] audit: type=1800 audit(1780232763.278:48): pid=10049 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.794" name="dbroot" dev="configfs" ino=30472 res=0 errno=0 [ 477.611282][T10068] netlink: 342 bytes leftover after parsing attributes in process `syz.3.796'. [ 480.425380][T10100] random: crng reseeded on system resumption [ 480.527472][T10100] hub 1-0:1.0: USB hub found [ 480.543682][T10100] hub 1-0:1.0: 1 port detected [ 482.214027][T10119] sg_write: data in/out 262108/1 bytes for SCSI command 0x7f-- guessing data in; [ 482.214027][T10119] program syz.1.807 not setting count and/or reply_len properly [ 484.452986][T10137] [U] 0 [ 484.537963][T10139] [U] QUI [ 490.261766][T10209] netlink: 338 bytes leftover after parsing attributes in process `syz.3.823'. [ 490.324652][T10209] netlink: 338 bytes leftover after parsing attributes in process `syz.3.823'. [ 492.128061][T10221] program syz.0.825 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 494.254124][ T6375] Bluetooth: hci1: unexpected event 0x30 length: 10 > 3 [ 494.348212][ T30] audit: type=1800 audit(1843104526.478:49): pid=10260 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.833" name="dbroot" dev="configfs" ino=32176 res=0 errno=0 [ 495.180347][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 495.712084][T10276] random: crng reseeded on system resumption [ 495.889644][T10278] netlink: 338 bytes leftover after parsing attributes in process `syz.1.837'. [ 496.359595][T10285] FAULT_INJECTION: forcing a failure. [ 496.359595][T10285] name failslab, interval 1, probability 0, space 0, times 0 [ 496.373680][T10285] CPU: 1 UID: 0 PID: 10285 Comm: syz.2.840 Not tainted syzkaller #0 PREEMPT(full) [ 496.373722][T10285] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 496.373742][T10285] Call Trace: [ 496.373752][T10285] [ 496.373764][T10285] dump_stack_lvl+0x100/0x190 [ 496.373831][T10285] should_fail_ex.cold+0x5/0xa [ 496.373875][T10285] should_failslab+0xc2/0x120 [ 496.373915][T10285] __kmalloc_cache_noprof+0x7a/0x6f0 [ 496.373965][T10285] ? io_uring_alloc_task_context+0x1a3/0x51f [ 496.374019][T10285] ? __percpu_counter_init_many+0x2c1/0x3b0 [ 496.374201][T10285] io_uring_alloc_task_context+0x1a3/0x51f [ 496.374260][T10285] ? __pfx_io_uring_alloc_task_context+0x10/0x10 [ 496.374321][T10285] ? alloc_file_pseudo+0x1a5/0x230 [ 496.374378][T10285] __io_uring_add_tctx_node.cold+0x15/0x201 [ 496.374432][T10285] ? security_inode_init_security_anon+0x7b/0x230 [ 496.374476][T10285] ? __pfx___io_uring_add_tctx_node+0x10/0x10 [ 496.374576][T10285] ? __anon_inode_getfile+0x17c/0x280 [ 496.374644][T10285] io_uring_setup.cold+0x1993/0x1c6e [ 496.374704][T10285] ? __pfx_io_uring_setup+0x10/0x10 [ 496.374789][T10285] ? __pfx_do_futex+0x10/0x10 [ 496.374841][T10285] ? fdget_pos+0x2c0/0x380 [ 496.374884][T10285] ? __pfx___x64_sys_futex+0x10/0x10 [ 496.374918][T10285] ? ksys_write+0x1ac/0x250 [ 496.374956][T10285] ? __pfx_ksys_write+0x10/0x10 [ 496.374999][T10285] __x64_sys_io_uring_setup+0xc2/0x170 [ 496.375055][T10285] do_syscall_64+0x115/0x840 [ 496.375112][T10285] ? clear_bhb_loop+0x40/0x90 [ 496.375152][T10285] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 496.375186][T10285] RIP: 0033:0x7faa6d19ce59 [ 496.375213][T10285] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 496.375244][T10285] RSP: 002b:00007faa6df91028 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 496.375275][T10285] RAX: ffffffffffffffda RBX: 00007faa6d415fa0 RCX: 00007faa6d19ce59 [ 496.375296][T10285] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000c [ 496.375314][T10285] RBP: 00007faa6d232d6f R08: 0000000000000000 R09: 0000000000000000 [ 496.375333][T10285] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 496.375352][T10285] R13: 00007faa6d416038 R14: 00007faa6d415fa0 R15: 00007ffc4ec381e8 [ 496.375393][T10285] [ 498.773808][ T6375] Bluetooth: hci3: unexpected event 0x30 length: 10 > 3 [ 498.917661][ T30] audit: type=1800 audit(1843104531.062:50): pid=10314 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.845" name="dbroot" dev="configfs" ino=32539 res=0 errno=0 [ 499.458917][ T6375] Bluetooth: hci1: unexpected event 0x30 length: 10 > 3 [ 499.601950][ T30] audit: type=1800 audit(1843104531.766:51): pid=10322 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.847" name="dbroot" dev="configfs" ino=31588 res=0 errno=0 [ 501.019226][T10316] Process accounting resumed [ 501.784849][T10334] Process accounting resumed [ 502.386663][T10356] netlink: 28 bytes leftover after parsing attributes in process `syz.3.854'. [ 502.862601][T10369] kafs: addr_prefs: Invalid Command [ 504.796028][T10387] netlink: 338 bytes leftover after parsing attributes in process `syz.2.861'. [ 505.799844][ T6375] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 505.807701][ T6375] Bluetooth: hci0: Invalid handle: 0x3a4a > 0x0eff [ 506.065006][ T1318] ieee802154 phy0 wpan0: encryption failed: -22 [ 506.071367][ T1318] ieee802154 phy1 wpan1: encryption failed: -22 [ 506.377393][T10417] zswap: compressor not available [ 507.511958][T10407] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 507.637417][T10432] futex_wake_op: syz.1.869 tries to shift op by -2048; fix this program [ 507.649794][T10432] futex_wake_op: syz.1.869 tries to shift op by -2048; fix this program [ 507.787053][T10403] Process accounting resumed [ 511.489755][T10407] Bluetooth: hci1: unexpected event 0x30 length: 10 > 3 [ 511.560235][ T30] audit: type=1800 audit(1843104543.778:52): pid=10482 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.879" name="dbroot" dev="configfs" ino=33127 res=0 errno=0 [ 512.338817][T10499] netlink: 16 bytes leftover after parsing attributes in process `syz.2.883'. [ 514.232672][T10407] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18 [ 516.251732][ T6291] Bluetooth: hci2: command 0x0c1a tx timeout [ 517.537724][T10407] Bluetooth: hci3: unexpected event 0x30 length: 10 > 3 [ 517.546841][T10555] netlink: 8 bytes leftover after parsing attributes in process `syz.0.893'. [ 517.616800][ T30] audit: type=1800 audit(1843104549.869:53): pid=10556 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.894" name="dbroot" dev="configfs" ino=34427 res=0 errno=0 [ 518.320488][T10407] Bluetooth: hci2: command 0x0c1a tx timeout [ 519.139186][T10580] random: crng reseeded on system resumption [ 520.978969][T10596] netlink: 8 bytes leftover after parsing attributes in process `syz.0.899'. [ 522.066887][T10602] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 522.114767][T10602] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 522.142378][T10602] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 522.226674][T10602] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 522.285593][T10602] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 523.413383][ T6291] Bluetooth: hci0: command 0x0c1a tx timeout [ 524.129622][ T6291] Bluetooth: hci1: command 0x0c1a tx timeout [ 524.291330][ T6291] Bluetooth: hci2: command 0x0c1a tx timeout [ 524.297523][T10407] Bluetooth: hci3: command 0x0c1a tx timeout [ 524.388988][T10647] netlink: 28 bytes leftover after parsing attributes in process `syz.3.910'. [ 525.777412][T10667] FAULT_INJECTION: forcing a failure. [ 525.777412][T10667] name failslab, interval 1, probability 0, space 0, times 0 [ 525.791080][T10667] CPU: 0 UID: 0 PID: 10667 Comm: syz.3.914 Tainted: G L syzkaller #0 PREEMPT(full) [ 525.791139][T10667] Tainted: [L]=SOFTLOCKUP [ 525.791151][T10667] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 525.791170][T10667] Call Trace: [ 525.791181][T10667] [ 525.791193][T10667] dump_stack_lvl+0x100/0x190 [ 525.791259][T10667] should_fail_ex.cold+0x5/0xa [ 525.791302][T10667] ? fib_default_rule_add+0x4f/0x420 [ 525.791440][T10667] should_failslab+0xc2/0x120 [ 525.791485][T10667] __kmalloc_noprof+0xe0/0x850 [ 525.791556][T10667] fib_default_rule_add+0x4f/0x420 [ 525.791600][T10667] ? __pfx_fib6_rules_net_init+0x10/0x10 [ 525.791720][T10667] fib6_rules_net_init+0x95/0x140 [ 525.791763][T10667] ops_init+0x1e2/0x5f0 [ 525.791833][T10667] setup_net+0x118/0x3a0 [ 525.791871][T10667] ? __pfx_setup_net+0x10/0x10 [ 525.791908][T10667] ? mutex_init_lockdep+0xf1/0x120 [ 525.791949][T10667] copy_net_ns+0x46f/0x7c0 [ 525.791994][T10667] create_new_namespaces+0x3ea/0xac0 [ 525.792063][T10667] unshare_nsproxy_namespaces+0xf2/0x220 [ 525.792109][T10667] ksys_unshare+0x438/0xab0 [ 525.792171][T10667] ? __pfx_ksys_unshare+0x10/0x10 [ 525.792222][T10667] ? xfd_validate_state+0x129/0x190 [ 525.792259][T10667] ? exit_to_user_mode_loop+0xf3/0x670 [ 525.792328][T10667] __x64_sys_unshare+0x31/0x40 [ 525.792375][T10667] do_syscall_64+0x115/0x840 [ 525.792421][T10667] ? clear_bhb_loop+0x40/0x90 [ 525.792464][T10667] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 525.792498][T10667] RIP: 0033:0x7fcf1db9ce59 [ 525.792526][T10667] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 525.792558][T10667] RSP: 002b:00007fcf1e973028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 525.792590][T10667] RAX: ffffffffffffffda RBX: 00007fcf1de15fa0 RCX: 00007fcf1db9ce59 [ 525.792612][T10667] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 525.792632][T10667] RBP: 00007fcf1dc32d6f R08: 0000000000000000 R09: 0000000000000000 [ 525.792651][T10667] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 525.792669][T10667] R13: 00007fcf1de16038 R14: 00007fcf1de15fa0 R15: 00007ffd32962048 [ 525.792717][T10667] [ 526.208871][ T6291] Bluetooth: hci1: command 0x0c1a tx timeout [ 526.543176][T10677] netlink: 8 bytes leftover after parsing attributes in process `syz.2.917'. [ 528.655883][T10702] netlink: 338 bytes leftover after parsing attributes in process `syz.0.921'. [ 528.820170][T10701] netlink: 338 bytes leftover after parsing attributes in process `syz.0.921'. [ 528.962736][T10708] netlink: 338 bytes leftover after parsing attributes in process `syz.2.922'. [ 529.279710][T10707] netlink: 338 bytes leftover after parsing attributes in process `syz.2.922'. [ 532.786364][T10714] Process accounting paused [ 533.508491][T10746] netlink: 8 bytes leftover after parsing attributes in process `syz.0.930'. [ 536.437460][ T6291] Bluetooth: hci1: unexpected event 0x30 length: 10 > 3 [ 536.540810][ T30] audit: type=1800 audit(1843104568.898:54): pid=10772 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.934" name="dbroot" dev="configfs" ino=35087 res=0 errno=0 [ 539.437941][T10807] vhci_hcd vhci_hcd.2: invalid port number 194 [ 539.533430][T10807] vhci_hcd vhci_hcd.2: invalid port number 194 [ 539.894325][T10776] Process accounting paused [ 543.014567][T10854] netlink: 338 bytes leftover after parsing attributes in process `syz.0.950'. [ 543.055597][T10855] netlink: 338 bytes leftover after parsing attributes in process `syz.0.950'. [ 544.419072][T10872] ACPI: button: Initial lid state set to 'ignore' [ 546.886673][ T6291] Bluetooth: hci0: unexpected event 0x30 length: 10 > 3 [ 546.995036][ T30] audit: type=1800 audit(1843104579.402:55): pid=10897 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.958" name="dbroot" dev="configfs" ino=36305 res=0 errno=0 [ 547.809810][T10909] netlink: 338 bytes leftover after parsing attributes in process `syz.1.960'. [ 548.144875][T10908] netlink: 338 bytes leftover after parsing attributes in process `syz.1.960'. [ 548.931175][T10921] netlink: 338 bytes leftover after parsing attributes in process `syz.0.962'. [ 549.902989][T10919] netlink: 338 bytes leftover after parsing attributes in process `syz.0.962'. [ 551.992918][T10940] netlink: 338 bytes leftover after parsing attributes in process `syz.1.966'. [ 552.076078][T10942] netlink: 338 bytes leftover after parsing attributes in process `syz.1.966'. [ 552.231726][T10947] FAULT_INJECTION: forcing a failure. [ 552.231726][T10947] name failslab, interval 1, probability 0, space 0, times 0 [ 552.292830][T10947] CPU: 0 UID: 0 PID: 10947 Comm: syz.0.967 Tainted: G L syzkaller #0 PREEMPT(full) [ 552.292881][T10947] Tainted: [L]=SOFTLOCKUP [ 552.292893][T10947] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 552.292928][T10947] Call Trace: [ 552.292940][T10947] [ 552.292952][T10947] dump_stack_lvl+0x100/0x190 [ 552.293020][T10947] should_fail_ex.cold+0x5/0xa [ 552.293063][T10947] should_failslab+0xc2/0x120 [ 552.293105][T10947] __kmalloc_node_noprof+0xe6/0x850 [ 552.293160][T10947] ? blk_mq_alloc_tag_set+0x57a/0x1330 [ 552.293297][T10947] ? rt_mutex_debug_task_free+0x1a0/0x1e0 [ 552.293343][T10947] blk_mq_alloc_tag_set+0x57a/0x1330 [ 552.293377][T10947] ? idr_alloc+0x37/0x130 [ 552.293520][T10947] loop_add+0x3b7/0xb60 [ 552.293653][T10947] ? __pfx_loop_add+0x10/0x10 [ 552.293726][T10947] ? find_held_lock+0x2b/0x80 [ 552.293767][T10947] ? __fget_files+0x215/0x3d0 [ 552.293812][T10947] loop_control_ioctl+0xae/0x620 [ 552.293859][T10947] ? __pfx_loop_control_ioctl+0x10/0x10 [ 552.293898][T10947] ? __pfx_loop_control_ioctl+0x10/0x10 [ 552.293935][T10947] __x64_sys_ioctl+0x18e/0x210 [ 552.293961][T10947] do_syscall_64+0x115/0x840 [ 552.293995][T10947] ? clear_bhb_loop+0x40/0x90 [ 552.294024][T10947] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 552.294049][T10947] RIP: 0033:0x7f39ceb9ce59 [ 552.294069][T10947] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 552.294092][T10947] RSP: 002b:00007f39cfa97028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 552.294115][T10947] RAX: ffffffffffffffda RBX: 00007f39cee16090 RCX: 00007f39ceb9ce59 [ 552.294130][T10947] RDX: 0000000000000431 RSI: 0000000000004c80 RDI: 000000000000000c [ 552.294144][T10947] RBP: 00007f39cec32d6f R08: 0000000000000000 R09: 0000000000000000 [ 552.294158][T10947] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 552.294173][T10947] R13: 00007f39cee16128 R14: 00007f39cee16090 R15: 00007ffdcf1042b8 [ 552.294203][T10947] [ 554.161425][T10969] netlink: 338 bytes leftover after parsing attributes in process `syz.2.970'. [ 554.429862][T10972] netlink: 338 bytes leftover after parsing attributes in process `syz.2.970'. [ 558.067845][T11016] kAFS: Invalid Command on /proc/fs/afs/cells file [ 560.158785][ T6291] Bluetooth: hci1: unexpected event 0x30 length: 10 > 3 [ 560.266243][ T30] audit: type=1800 audit(1843104592.741:56): pid=11048 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.984" name="dbroot" dev="configfs" ino=35829 res=0 errno=0 [ 563.243285][T11056] Process accounting resumed [ 565.419624][ T6291] Bluetooth: hci0: unexpected event 0x30 length: 10 > 3 [ 565.519094][ T30] audit: type=1800 audit(1843104598.018:57): pid=11101 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.995" name="dbroot" dev="configfs" ino=37076 res=0 errno=0 [ 567.186996][ T1318] ieee802154 phy0 wpan0: encryption failed: -22 [ 567.193386][ T1318] ieee802154 phy1 wpan1: encryption failed: -22 [ 571.299426][T11138] Process accounting resumed [ 575.153495][T11203] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1013'. [ 579.616097][ T6291] Bluetooth: hci1: unexpected event 0x30 length: 10 > 3 [ 579.760821][ T30] audit: type=1800 audit(1843104612.332:58): pid=11256 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.1024" name="dbroot" dev="configfs" ino=37547 res=0 errno=0 [ 580.020249][T11261] netlink: 338 bytes leftover after parsing attributes in process `syz.3.1025'. [ 580.402631][T11264] netlink: 338 bytes leftover after parsing attributes in process `syz.3.1025'. [ 580.985838][T11274] serio: Serial port pty173 [ 581.003152][ T6291] Bluetooth: hci2: unexpected event 0x30 length: 10 > 3 [ 581.082951][T11278] FAULT_INJECTION: forcing a failure. [ 581.082951][T11278] name fail_futex, interval 1, probability 0, space 0, times 0 [ 581.194652][T11278] CPU: 0 UID: 0 PID: 11278 Comm: syz.2.1027 Tainted: G L syzkaller #0 PREEMPT(full) [ 581.194692][T11278] Tainted: [L]=SOFTLOCKUP [ 581.194700][T11278] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 581.194715][T11278] Call Trace: [ 581.194722][T11278] [ 581.194731][T11278] dump_stack_lvl+0x100/0x190 [ 581.194778][T11278] should_fail_ex.cold+0x5/0xa [ 581.194809][T11278] get_futex_key+0x1d2/0x1510 [ 581.194865][T11278] ? __pfx_get_futex_key+0x10/0x10 [ 581.194903][T11278] ? do_mmap+0x93f/0x12f0 [ 581.194932][T11278] ? __pfx_userfaultfd_unmap_complete+0x10/0x10 [ 581.194968][T11278] futex_wake+0xea/0x530 [ 581.194999][T11278] ? __pfx_futex_wake+0x10/0x10 [ 581.195049][T11278] do_futex+0x32b/0x350 [ 581.195073][T11278] ? __pfx_do_futex+0x10/0x10 [ 581.195095][T11278] ? __pfx_do_sys_openat2+0x10/0x10 [ 581.195140][T11278] __x64_sys_futex+0x34f/0x4d0 [ 581.195168][T11278] ? __pfx___x64_sys_futex+0x10/0x10 [ 581.195198][T11278] ? rcu_is_watching+0x12/0xc0 [ 581.195228][T11278] do_syscall_64+0x115/0x840 [ 581.195261][T11278] ? clear_bhb_loop+0x40/0x90 [ 581.195289][T11278] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 581.195313][T11278] RIP: 0033:0x7faa6d19ce59 [ 581.195332][T11278] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 581.195355][T11278] RSP: 002b:00007faa6df700e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 581.195377][T11278] RAX: ffffffffffffffda RBX: 00007faa6d416098 RCX: 00007faa6d19ce59 [ 581.195392][T11278] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007faa6d41609c [ 581.195406][T11278] RBP: 00007faa6d416090 R08: 0000000000000001 R09: 0000000000000000 [ 581.195420][T11278] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 581.195455][T11278] R13: 00007faa6d416128 R14: 00007ffc4ec38100 R15: 00007ffc4ec381e8 [ 581.195486][T11278] [ 581.263850][ T30] audit: type=1800 audit(1843104613.790:59): pid=11279 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.1028" name="dbroot" dev="configfs" ino=37608 res=0 errno=0 [ 582.356470][ T6291] Bluetooth: hci1: unexpected event 0x30 length: 10 > 3 [ 582.483026][ T30] audit: type=1800 audit(1843104615.077:60): pid=11289 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.1029" name="dbroot" dev="configfs" ino=37682 res=0 errno=0 [ 583.260705][T11304] netlink: 338 bytes leftover after parsing attributes in process `syz.0.1034'. [ 583.364197][T11303] netlink: 338 bytes leftover after parsing attributes in process `syz.0.1034'. [ 585.410226][T11330] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 585.493067][T11330] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 585.527013][T11330] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 585.539777][T11330] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 586.677948][T11359] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1044'. [ 587.085493][ T6291] Bluetooth: hci0: command 0x0c1a tx timeout [ 587.218953][ T6291] Bluetooth: hci0: unexpected event 0x30 length: 10 > 3 [ 587.289896][ T30] audit: type=1800 audit(1843104619.901:61): pid=11365 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.1045" name="dbroot" dev="configfs" ino=37850 res=0 errno=0 [ 587.564877][ T6291] Bluetooth: hci2: command 0x0c1a tx timeout [ 587.570985][T10407] Bluetooth: hci3: command 0x0c1a tx timeout [ 587.577150][ T6291] Bluetooth: hci1: command 0x0c1a tx timeout [ 589.405334][T11400] netlink: 338 bytes leftover after parsing attributes in process `syz.0.1053'. [ 589.650973][T11402] netlink: 338 bytes leftover after parsing attributes in process `syz.0.1053'. [ 591.139295][T11421] netlink: 338 bytes leftover after parsing attributes in process `syz.1.1057'. [ 591.632607][T11421] netlink: 338 bytes leftover after parsing attributes in process `syz.1.1057'. [ 593.201429][T11369] Bluetooth: hci0: unexpected event 0x30 length: 10 > 3 [ 593.281998][ T30] audit: type=1800 audit(1843104625.933:62): pid=11439 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.1060" name="dbroot" dev="configfs" ino=38772 res=0 errno=0 [ 593.540964][T11369] Bluetooth: hci1: unexpected event for opcode 0x7c89 [ 593.939393][T11450] warning: `syz.2.1062' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 593.971454][T11450] FAULT_INJECTION: forcing a failure. [ 593.971454][T11450] name failslab, interval 1, probability 0, space 0, times 0 [ 593.996725][T11450] CPU: 0 UID: 0 PID: 11450 Comm: syz.2.1062 Tainted: G L syzkaller #0 PREEMPT(full) [ 593.996774][T11450] Tainted: [L]=SOFTLOCKUP [ 593.996785][T11450] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 593.996803][T11450] Call Trace: [ 593.996812][T11450] [ 593.996823][T11450] dump_stack_lvl+0x100/0x190 [ 593.996881][T11450] should_fail_ex.cold+0x5/0xa [ 593.996920][T11450] should_failslab+0xc2/0x120 [ 593.996957][T11450] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 593.997007][T11450] ? __d_alloc+0x34/0xa40 [ 593.997057][T11450] __d_alloc+0x34/0xa40 [ 593.997111][T11450] d_alloc+0x4a/0x1e0 [ 593.997154][T11450] lookup_one_qstr_excl+0x171/0x250 [ 593.997205][T11450] start_dirop+0x59/0xb0 [ 593.997242][T11450] simple_start_creating+0xf9/0x110 [ 593.997286][T11450] ? __pfx_simple_start_creating+0x10/0x10 [ 593.997330][T11450] ? mntput+0x70/0xa0 [ 593.997366][T11450] ? simple_pin_fs+0xa3/0x190 [ 593.997405][T11450] debugfs_start_creating.part.0+0x82/0x170 [ 593.997518][T11450] __debugfs_create_file+0xb3/0x4f0 [ 593.997547][T11450] debugfs_create_file_full+0x41/0x60 [ 593.997576][T11450] ref_tracker_dir_debugfs+0x19e/0x2e0 [ 593.997627][T11450] ? __pfx_ref_tracker_dir_debugfs+0x10/0x10 [ 593.997651][T11450] ? ida_alloc_range+0x70d/0x830 [ 593.997711][T11450] ? lockdep_init_map_type+0x5c/0x250 [ 593.997788][T11450] preinit_net.part.0+0x252/0x920 [ 593.997825][T11450] copy_net_ns+0x339/0x7c0 [ 593.997858][T11450] create_new_namespaces+0x3ea/0xac0 [ 593.997897][T11450] unshare_nsproxy_namespaces+0xf2/0x220 [ 593.997931][T11450] ksys_unshare+0x438/0xab0 [ 593.997968][T11450] ? __pfx_ksys_unshare+0x10/0x10 [ 593.998002][T11450] ? ksys_write+0x1ac/0x250 [ 593.998040][T11450] __x64_sys_unshare+0x31/0x40 [ 593.998075][T11450] do_syscall_64+0x115/0x840 [ 593.998115][T11450] ? clear_bhb_loop+0x40/0x90 [ 593.998162][T11450] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 593.998197][T11450] RIP: 0033:0x7faa6d19ce59 [ 593.998224][T11450] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 593.998261][T11450] RSP: 002b:00007faa6df91028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 593.998290][T11450] RAX: ffffffffffffffda RBX: 00007faa6d415fa0 RCX: 00007faa6d19ce59 [ 593.998307][T11450] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 593.998321][T11450] RBP: 00007faa6d232d6f R08: 0000000000000000 R09: 0000000000000000 [ 593.998336][T11450] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 593.998368][T11450] R13: 00007faa6d416038 R14: 00007faa6d415fa0 R15: 00007ffc4ec381e8 [ 593.998412][T11450] [ 594.654671][T11428] Process accounting paused [ 596.320831][T11489] netlink: 338 bytes leftover after parsing attributes in process `syz.2.1071'. [ 596.468671][T11489] netlink: 338 bytes leftover after parsing attributes in process `syz.2.1071'. [ 596.485121][T11369] Bluetooth: hci2: unexpected event 0x30 length: 10 > 3 [ 596.601392][ T30] audit: type=1800 audit(1843104629.260:63): pid=11503 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.1073" name="dbroot" dev="configfs" ino=39318 res=0 errno=0 [ 597.302084][T11369] Bluetooth: hci3: unexpected event 0x30 length: 10 > 3 [ 597.473546][ T30] audit: type=1800 audit(1843104630.144:64): pid=11514 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.1074" name="dbroot" dev="configfs" ino=39993 res=0 errno=0 [ 602.350909][T11557] Process accounting paused [ 603.617083][T11593] netlink: 338 bytes leftover after parsing attributes in process `syz.1.1090'. [ 603.681877][T11593] netlink: 338 bytes leftover after parsing attributes in process `syz.1.1090'. [ 607.585577][T11638] FAULT_INJECTION: forcing a failure. [ 607.585577][T11638] name failslab, interval 1, probability 0, space 0, times 0 [ 607.638409][T11638] CPU: 0 UID: 0 PID: 11638 Comm: syz.2.1096 Tainted: G L syzkaller #0 PREEMPT(full) [ 607.638448][T11638] Tainted: [L]=SOFTLOCKUP [ 607.638459][T11638] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 607.638474][T11638] Call Trace: [ 607.638481][T11638] [ 607.638490][T11638] dump_stack_lvl+0x100/0x190 [ 607.638538][T11638] should_fail_ex.cold+0x5/0xa [ 607.638569][T11638] should_failslab+0xc2/0x120 [ 607.638599][T11638] __kmalloc_node_track_caller_noprof+0xe3/0x850 [ 607.638625][T11638] ? key_alloc+0x423/0x1310 [ 607.638727][T11638] ? kmem_cache_alloc_noprof+0x292/0x6e0 [ 607.638772][T11638] kmemdup_noprof+0x29/0x60 [ 607.638799][T11638] key_alloc+0x423/0x1310 [ 607.638840][T11638] ? __pfx_key_alloc+0x10/0x10 [ 607.638875][T11638] ? __pfx_key_default_cmp+0x10/0x10 [ 607.638912][T11638] ? __pfx_keyring_search_iterator+0x10/0x10 [ 607.638952][T11638] keyring_alloc+0x44/0xc0 [ 607.638989][T11638] look_up_user_keyrings+0x465/0x790 [ 607.639023][T11638] ? __pfx_look_up_user_keyrings+0x10/0x10 [ 607.639063][T11638] lookup_user_key+0xbb1/0x1300 [ 607.639094][T11638] ? __pfx_lookup_user_key+0x10/0x10 [ 607.639124][T11638] ? __pfx_do_futex+0x10/0x10 [ 607.639154][T11638] ? __pfx_lookup_user_key_possessed+0x10/0x10 [ 607.639189][T11638] ? xfd_validate_state+0x129/0x190 [ 607.639212][T11638] ? ksys_write+0x1ac/0x250 [ 607.639243][T11638] keyctl_keyring_unlink+0x1f/0x1b0 [ 607.639269][T11638] __do_sys_keyctl+0x3dd/0x5a0 [ 607.639297][T11638] do_syscall_64+0x115/0x840 [ 607.639333][T11638] ? clear_bhb_loop+0x40/0x90 [ 607.639368][T11638] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 607.639394][T11638] RIP: 0033:0x7faa6d19ce59 [ 607.639414][T11638] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 607.639438][T11638] RSP: 002b:00007faa6b3f6028 EFLAGS: 00000246 ORIG_RAX: 00000000000000fa [ 607.639461][T11638] RAX: ffffffffffffffda RBX: 00007faa6d416180 RCX: 00007faa6d19ce59 [ 607.639477][T11638] RDX: fffffffffffffffd RSI: fffffffffffffffc RDI: 0000000000000009 [ 607.639492][T11638] RBP: 00007faa6d232d6f R08: 0000000000000008 R09: 0000000000000000 [ 607.639507][T11638] R10: fffffffffffffffd R11: 0000000000000246 R12: 0000000000000000 [ 607.639522][T11638] R13: 00007faa6d416218 R14: 00007faa6d416180 R15: 00007ffc4ec381e8 [ 607.639553][T11638] [ 610.930445][T11369] Bluetooth: hci3: unexpected event 0x30 length: 10 > 3 [ 611.011217][ T30] audit: type=1800 audit(1843104643.755:65): pid=11666 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.1102" name="dbroot" dev="configfs" ino=40364 res=0 errno=0 [ 611.824858][T11680] netlink: 338 bytes leftover after parsing attributes in process `syz.1.1103'. [ 612.064446][T11682] netlink: 338 bytes leftover after parsing attributes in process `syz.1.1103'. [ 614.628786][T11369] Bluetooth: hci2: unexpected event 0x30 length: 10 > 3 [ 614.712627][ T30] audit: type=1800 audit(1843104647.474:66): pid=11716 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.1110" name="dbroot" dev="configfs" ino=41054 res=0 errno=0 [ 616.423519][T11733] random: crng reseeded on system resumption [ 617.812081][T11744] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1113'. [ 618.071982][T11752] netlink: 338 bytes leftover after parsing attributes in process `syz.3.1115'. [ 618.126205][T11754] netlink: 338 bytes leftover after parsing attributes in process `syz.3.1115'. [ 622.987780][T11807] netlink: 338 bytes leftover after parsing attributes in process `syz.2.1126'. [ 623.060555][T11809] netlink: 338 bytes leftover after parsing attributes in process `syz.2.1126'. [ 624.606359][T11792] Process accounting resumed [ 624.944974][T11822] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 624.962685][T11822] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 624.985761][T11822] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 625.010151][T11822] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 625.249546][T11834] netlink: 338 bytes leftover after parsing attributes in process `syz.1.1132'. [ 625.282332][T11836] netlink: 338 bytes leftover after parsing attributes in process `syz.1.1132'. [ 626.477550][T11369] Bluetooth: hci0: command 0x0c1a tx timeout [ 626.957373][T11369] Bluetooth: hci1: command 0x0c1a tx timeout [ 627.034861][ T6375] Bluetooth: hci3: command 0x0c1a tx timeout [ 627.040975][T11369] Bluetooth: hci2: command 0x0c1a tx timeout [ 627.686751][T11369] Bluetooth: hci0: unexpected event 0x30 length: 10 > 3 [ 627.759933][ T30] audit: type=1800 audit(1843104660.582:67): pid=11870 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.1137" name="dbroot" dev="configfs" ino=41443 res=0 errno=0 [ 628.309387][ T1318] ieee802154 phy0 wpan0: encryption failed: -22 [ 628.315872][ T1318] ieee802154 phy1 wpan1: encryption failed: -22 [ 628.434343][T11879] netlink: 256 bytes leftover after parsing attributes in process `syz.3.1138'. [ 628.613847][T11871] FAULT_INJECTION: forcing a failure. [ 628.613847][T11871] name failslab, interval 1, probability 0, space 0, times 0 [ 628.662257][T11871] CPU: 1 UID: 0 PID: 11871 Comm: syz.0.1137 Tainted: G L syzkaller #0 PREEMPT(full) [ 628.662307][T11871] Tainted: [L]=SOFTLOCKUP [ 628.662318][T11871] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 628.662337][T11871] Call Trace: [ 628.662347][T11871] [ 628.662361][T11871] dump_stack_lvl+0x100/0x190 [ 628.662426][T11871] should_fail_ex.cold+0x5/0xa [ 628.662469][T11871] should_failslab+0xc2/0x120 [ 628.662511][T11871] __kvmalloc_node_noprof+0xfa/0xa00 [ 628.662544][T11871] ? seq_read_iter+0x819/0x1270 [ 628.662591][T11871] seq_read_iter+0x819/0x1270 [ 628.662649][T11871] seq_read+0x33b/0x4c0 [ 628.662686][T11871] ? __pfx_seq_read+0x10/0x10 [ 628.662718][T11871] ? __pfx___might_resched+0x10/0x10 [ 628.662765][T11871] ? lock_acquire+0x1b1/0x370 [ 628.662835][T11871] ? rw_verify_area+0xce/0x6d0 [ 628.662868][T11871] ? __pfx_seq_read+0x10/0x10 [ 628.662905][T11871] vfs_read+0x1e4/0xb30 [ 628.662945][T11871] ? __pfx_vfs_read+0x10/0x10 [ 628.662981][T11871] ? __fget_files+0x215/0x3d0 [ 628.663027][T11871] ? __fget_files+0x21f/0x3d0 [ 628.663073][T11871] ksys_read+0x12a/0x250 [ 628.663109][T11871] ? __pfx_ksys_read+0x10/0x10 [ 628.663147][T11871] ? rcu_is_watching+0x12/0xc0 [ 628.663188][T11871] do_syscall_64+0x115/0x840 [ 628.663233][T11871] ? clear_bhb_loop+0x40/0x90 [ 628.663274][T11871] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 628.663306][T11871] RIP: 0033:0x7f39ceb9ce59 [ 628.663331][T11871] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 628.663362][T11871] RSP: 002b:00007f39cfa76028 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 628.663391][T11871] RAX: ffffffffffffffda RBX: 00007f39cee16180 RCX: 00007f39ceb9ce59 [ 628.663411][T11871] RDX: 0000000000000fff RSI: 00002000000004c0 RDI: 0000000000000005 [ 628.663429][T11871] RBP: 00007f39cfa76090 R08: 0000000000000000 R09: 0000000000000000 [ 628.663449][T11871] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 628.663467][T11871] R13: 00007f39cee16218 R14: 00007f39cee16180 R15: 00007ffdcf1042b8 [ 628.663510][T11871] [ 629.604177][T11369] Bluetooth: hci2: unexpected event 0x30 length: 10 > 3 [ 629.706028][ T30] audit: type=1800 audit(1843104662.542:68): pid=11897 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.1142" name="dbroot" dev="configfs" ino=41574 res=0 errno=0 [ 630.621741][T11910] zswap: compressor not available [ 631.074836][T11919] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1145'. [ 631.656653][T11926] usb usb16: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 632.903050][T11946] netlink: 338 bytes leftover after parsing attributes in process `syz.2.1151'. [ 633.247041][T11950] netlink: 338 bytes leftover after parsing attributes in process `syz.2.1151'. [ 633.950294][T11961] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1154'. [ 634.666702][T11965] : Can't lookup blockdev [ 634.757334][T11933] Process accounting resumed [ 638.431184][T12006] FAULT_INJECTION: forcing a failure. [ 638.431184][T12006] name failslab, interval 1, probability 0, space 0, times 0 [ 638.526218][T12006] CPU: 0 UID: 0 PID: 12006 Comm: syz.0.1162 Tainted: G L syzkaller #0 PREEMPT(full) [ 638.526273][T12006] Tainted: [L]=SOFTLOCKUP [ 638.526285][T12006] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 638.526305][T12006] Call Trace: [ 638.526315][T12006] [ 638.526329][T12006] dump_stack_lvl+0x100/0x190 [ 638.526396][T12006] should_fail_ex.cold+0x5/0xa [ 638.526429][T12006] should_failslab+0xc2/0x120 [ 638.526459][T12006] __kmalloc_node_track_caller_noprof+0xe3/0x850 [ 638.526488][T12006] ? key_alloc+0x423/0x1310 [ 638.526521][T12006] ? kmem_cache_alloc_noprof+0x292/0x6e0 [ 638.526564][T12006] kmemdup_noprof+0x29/0x60 [ 638.526594][T12006] key_alloc+0x423/0x1310 [ 638.526634][T12006] ? __pfx_key_alloc+0x10/0x10 [ 638.526665][T12006] ? __pfx_key_default_cmp+0x10/0x10 [ 638.526701][T12006] ? __pfx_keyring_search_iterator+0x10/0x10 [ 638.526741][T12006] keyring_alloc+0x44/0xc0 [ 638.526778][T12006] look_up_user_keyrings+0x465/0x790 [ 638.526811][T12006] ? __pfx_look_up_user_keyrings+0x10/0x10 [ 638.526850][T12006] lookup_user_key+0xbb1/0x1300 [ 638.526882][T12006] ? __pfx_lookup_user_key+0x10/0x10 [ 638.526912][T12006] ? __pfx_do_futex+0x10/0x10 [ 638.526941][T12006] ? __pfx_lookup_user_key_possessed+0x10/0x10 [ 638.526982][T12006] ? xfd_validate_state+0x129/0x190 [ 638.527006][T12006] ? ksys_write+0x1ac/0x250 [ 638.527038][T12006] keyctl_keyring_unlink+0x1f/0x1b0 [ 638.527063][T12006] __do_sys_keyctl+0x3dd/0x5a0 [ 638.527092][T12006] do_syscall_64+0x115/0x840 [ 638.527127][T12006] ? clear_bhb_loop+0x40/0x90 [ 638.527156][T12006] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 638.527181][T12006] RIP: 0033:0x7f39ceb9ce59 [ 638.527201][T12006] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 638.527225][T12006] RSP: 002b:00007f39cfa76028 EFLAGS: 00000246 ORIG_RAX: 00000000000000fa [ 638.527248][T12006] RAX: ffffffffffffffda RBX: 00007f39cee16180 RCX: 00007f39ceb9ce59 [ 638.527264][T12006] RDX: fffffffffffffffd RSI: fffffffffffffffc RDI: 0000000000000009 [ 638.527279][T12006] RBP: 00007f39cec32d6f R08: 0000000000000008 R09: 0000000000000000 [ 638.527294][T12006] R10: fffffffffffffffd R11: 0000000000000246 R12: 0000000000000000 [ 638.527309][T12006] R13: 00007f39cee16218 R14: 00007f39cee16180 R15: 00007ffdcf1042b8 [ 638.527340][T12006] [ 642.519535][T11369] Bluetooth: hci3: unexpected event 0x30 length: 10 > 3 [ 642.686539][ T30] audit: type=1800 audit(1843104675.590:69): pid=12053 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.1172" name="dbroot" dev="configfs" ino=43091 res=0 errno=0 [ 643.301367][T12063] random: crng reseeded on system resumption [ 646.208070][T12082] netlink: 338 bytes leftover after parsing attributes in process `syz.2.1178'. [ 646.246174][T12083] netlink: 338 bytes leftover after parsing attributes in process `syz.2.1178'. [ 649.543603][T11369] Bluetooth: hci1: unexpected event 0x30 length: 10 > 3 [ 649.660645][ T30] audit: type=1800 audit(1843104682.606:70): pid=12135 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.1187" name="dbroot" dev="configfs" ino=43281 res=0 errno=0 [ 652.870716][T12160] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 652.877317][T12160] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 652.904274][T12160] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 652.934074][T12160] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 654.089211][T12183] netlink: 338 bytes leftover after parsing attributes in process `syz.3.1194'. [ 654.253060][T11369] Bluetooth: hci0: command 0x0c1a tx timeout [ 654.345626][T12186] netlink: 338 bytes leftover after parsing attributes in process `syz.3.1194'. [ 654.889603][T11369] Bluetooth: hci1: command 0x0c1a tx timeout [ 654.969266][T11369] Bluetooth: hci2: command 0x0c1a tx timeout [ 654.975351][ T6375] Bluetooth: hci3: command 0x0c1a tx timeout [ 655.191278][T12178] Process accounting paused [ 657.201008][T12218] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 657.215283][T12218] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 657.244937][T12218] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 657.284276][T12218] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 658.872175][T11369] Bluetooth: hci0: command 0x0c1a tx timeout [ 659.266798][T11369] Bluetooth: hci3: command 0x0c1a tx timeout [ 659.274374][ T6375] Bluetooth: hci1: command 0x0c1a tx timeout [ 659.346696][T11369] Bluetooth: hci2: command 0x0c1a tx timeout [ 661.143597][T12253] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 661.165482][T12253] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 661.183875][T12253] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 661.212793][T12253] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 662.532625][T11369] Bluetooth: hci0: command 0x0c1a tx timeout [ 663.167861][T11369] Bluetooth: hci1: command 0x0c1a tx timeout [ 663.248437][T11369] Bluetooth: hci2: command 0x0c1a tx timeout [ 663.254627][ T6375] Bluetooth: hci3: command 0x0c1a tx timeout [ 666.741101][T12290] Process accounting paused [ 667.832255][T12330] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 667.848348][T12330] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 667.863045][T12330] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 667.877268][T12330] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 668.980752][T11369] Bluetooth: hci0: unexpected event 0x30 length: 10 > 3 [ 669.027972][T12345] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 669.062901][ T30] audit: type=1800 audit(1843104702.087:71): pid=12353 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.1227" name="lu_gp_id" dev="configfs" ino=43981 res=0 errno=0 [ 669.093666][T12345] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 669.107227][T12345] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 669.113378][T12353] kstrtoul() returned -22 for lu_gp_id [ 669.140673][T12345] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 670.121505][T12360] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 670.138583][T12360] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 670.165321][T12360] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 670.173489][T12360] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 670.865539][T12382] netlink: 338 bytes leftover after parsing attributes in process `syz.3.1231'. [ 670.957304][T12384] netlink: 338 bytes leftover after parsing attributes in process `syz.3.1231'. [ 671.682216][T11369] Bluetooth: hci0: command 0x0c1a tx timeout [ 672.163043][T11369] Bluetooth: hci3: command 0x0c1a tx timeout [ 672.169128][ T6375] Bluetooth: hci1: command 0x0c1a tx timeout [ 672.239474][ T6375] Bluetooth: hci2: command 0x0c1a tx timeout [ 672.941925][T12398] netlink: 338 bytes leftover after parsing attributes in process `syz.1.1235'. [ 673.213430][T12399] netlink: 338 bytes leftover after parsing attributes in process `syz.1.1235'. [ 676.128814][T12429] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 676.140993][T12429] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 676.158167][T12429] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 676.179910][T12429] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 676.813914][T12443] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 676.823187][T12443] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 676.842855][T12443] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 676.856593][T12443] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 678.142883][T12450] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 678.162943][T12450] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 678.175480][T12450] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 678.185494][T12450] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 678.871543][T12473] nfs4: Unknown parameter 'ECH];^YىZL`~^g ' [ 679.481749][ T6375] Bluetooth: hci0: command 0x0c1a tx timeout [ 680.199411][T11369] Bluetooth: hci3: command 0x0c1a tx timeout [ 680.205496][ T6291] Bluetooth: hci1: command 0x0c1a tx timeout [ 680.211818][ T6375] Bluetooth: hci2: command 0x0c1a tx timeout [ 681.827463][T12505] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 681.844239][T12505] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 681.871161][T12505] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 681.901835][T12505] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 682.722672][ T6375] Bluetooth: hci0: unexpected event 0x30 length: 10 > 3 [ 682.812083][ T30] audit: type=1800 audit(1843104715.918:72): pid=12525 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.1258" name="dbroot" dev="configfs" ino=45509 res=0 errno=0 [ 683.097111][T12518] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 683.120896][T12518] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 683.145753][T12518] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 683.165440][T12518] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 683.216357][T12534] netlink: 338 bytes leftover after parsing attributes in process `syz.2.1259'. [ 683.380199][T12534] netlink: 338 bytes leftover after parsing attributes in process `syz.2.1259'. [ 684.577691][ T6375] Bluetooth: hci0: command 0x0c1a tx timeout [ 685.132587][ T6375] Bluetooth: hci1: command 0x0c1a tx timeout [ 685.211852][T11369] Bluetooth: hci3: command 0x0c1a tx timeout [ 685.217981][ T6375] Bluetooth: hci2: command 0x0c1a tx timeout [ 685.415981][T12538] Process accounting resumed [ 686.358817][T12562] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 686.383529][T12562] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 686.413701][T12562] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 686.433571][T12562] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 686.846368][ T6375] Bluetooth: hci3: unexpected event 0x30 length: 10 > 3 [ 686.959788][T12574] netlink: 338 bytes leftover after parsing attributes in process `syz.3.1266'. [ 687.162425][T12574] netlink: 338 bytes leftover after parsing attributes in process `syz.3.1266'. [ 687.920441][ T6375] Bluetooth: hci0: command 0x0c1a tx timeout [ 688.318556][T12593] netlink: 186 bytes leftover after parsing attributes in process `syz.3.1271'. [ 688.395809][ T6375] Bluetooth: hci1: command 0x0c1a tx timeout [ 688.474981][ T6375] Bluetooth: hci2: command 0x0c1a tx timeout [ 688.481101][T11369] Bluetooth: hci3: command 0x0c1a tx timeout [ 689.425235][T12598] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 689.443050][ T1318] ieee802154 phy0 wpan0: encryption failed: -22 [ 689.450325][ T1318] ieee802154 phy1 wpan1: encryption failed: -22 [ 689.471076][T12598] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 689.489475][T12598] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 689.515963][T12598] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 690.942444][ T6375] Bluetooth: hci0: command 0x0c1a tx timeout [ 691.500678][ T6375] Bluetooth: hci3: command 0x0c1a tx timeout [ 691.508106][T11369] Bluetooth: hci1: command 0x0c1a tx timeout [ 691.578805][T11369] Bluetooth: hci2: command 0x0c1a tx timeout [ 695.615419][T12675] netlink: 338 bytes leftover after parsing attributes in process `syz.1.1286'. [ 695.705521][T12675] netlink: 338 bytes leftover after parsing attributes in process `syz.1.1286'. [ 696.977057][T12695] netlink: 338 bytes leftover after parsing attributes in process `syz.1.1290'. [ 697.068473][T12694] netlink: 338 bytes leftover after parsing attributes in process `syz.1.1290'. [ 698.781092][T11369] Bluetooth: hci3: unexpected event 0x30 length: 10 > 3 [ 698.878315][ T30] audit: type=1800 audit(1843104732.072:73): pid=12720 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.1294" name="dbroot" dev="configfs" ino=46558 res=0 errno=0 [ 699.004664][T12684] Process accounting resumed [ 703.181366][T12761] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 703.187807][T12761] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 703.210446][T12761] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 703.239472][T12761] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 703.593405][T12784] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1305'. [ 703.669053][T12782] HfR: entered promiscuous mode [ 703.849806][T12784] HfR: left promiscuous mode [ 704.552303][T11369] Bluetooth: hci0: command 0x0c1a tx timeout [ 704.872576][T12795] netlink: 338 bytes leftover after parsing attributes in process `syz.2.1308'. [ 704.963897][T12795] netlink: 338 bytes leftover after parsing attributes in process `syz.2.1308'. [ 705.188058][T11369] Bluetooth: hci1: command 0x0c1a tx timeout [ 705.269892][ T6375] Bluetooth: hci3: command 0x0c1a tx timeout [ 705.276287][T11369] Bluetooth: hci2: command 0x0c1a tx timeout [ 706.740263][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 713.175308][T12873] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 713.219162][T12873] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 713.246577][T12873] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 713.303164][T12873] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 714.499674][T11369] Bluetooth: hci0: command 0x0c1a tx timeout [ 715.089923][T12904] netlink: 338 bytes leftover after parsing attributes in process `syz.3.1327'. [ 715.147753][T12904] netlink: 338 bytes leftover after parsing attributes in process `syz.3.1327'. [ 715.216357][T11369] Bluetooth: hci1: command 0x0c1a tx timeout [ 715.295847][T11369] Bluetooth: hci3: command 0x0c1a tx timeout [ 715.375189][T11369] Bluetooth: hci2: command 0x0c1a tx timeout [ 715.554623][T12915] netlink: 338 bytes leftover after parsing attributes in process `syz.2.1329'. [ 715.617392][T12917] netlink: 338 bytes leftover after parsing attributes in process `syz.2.1329'. [ 716.160420][T12902] Process accounting paused [ 716.724253][T12920] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 716.751660][T12920] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 716.808097][T12920] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 716.839300][T12920] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 718.015632][T11369] Bluetooth: hci0: command 0x0c1a tx timeout [ 718.800089][T11369] Bluetooth: hci1: command 0x0c1a tx timeout [ 718.877643][T11369] Bluetooth: hci2: command 0x0c1a tx timeout [ 718.885955][ T6375] Bluetooth: hci3: command 0x0c1a tx timeout [ 719.091383][T12948] : Can't lookup blockdev [ 721.205171][ T0] NOHZ tick-stop error: local softirq work is pending, handler #240!!! [ 721.545318][T12975] FAULT_INJECTION: forcing a failure. [ 721.545318][T12975] name failslab, interval 1, probability 0, space 0, times 0 [ 721.567040][T12975] CPU: 0 UID: 0 PID: 12975 Comm: syz.0.1341 Tainted: G L syzkaller #0 PREEMPT(full) [ 721.567103][T12975] Tainted: [L]=SOFTLOCKUP [ 721.567113][T12975] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 721.567131][T12975] Call Trace: [ 721.567141][T12975] [ 721.567152][T12975] dump_stack_lvl+0x100/0x190 [ 721.567213][T12975] should_fail_ex.cold+0x5/0xa [ 721.567253][T12975] should_failslab+0xc2/0x120 [ 721.567294][T12975] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 721.567361][T12975] ? skb_clone+0x190/0x400 [ 721.567490][T12975] skb_clone+0x190/0x400 [ 721.568055][T12975] netlink_deliver_tap+0xaed/0xcc0 [ 721.568178][T12975] netlink_unicast+0x62b/0x850 [ 721.568255][T12975] ? __pfx_netlink_unicast+0x10/0x10 [ 721.568340][T12975] netlink_sendmsg+0x8b0/0xda0 [ 721.568392][T12975] ? __pfx_netlink_sendmsg+0x10/0x10 [ 721.568434][T12975] ? __import_iovec+0x1d2/0x640 [ 721.568486][T12975] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 721.568730][T12975] ____sys_sendmsg+0x9e1/0xb70 [ 721.568773][T12975] ? __pfx_netlink_sendmsg+0x10/0x10 [ 721.568819][T12975] ? __pfx_____sys_sendmsg+0x10/0x10 [ 721.568876][T12975] ___sys_sendmsg+0x190/0x1e0 [ 721.568931][T12975] ? __pfx____sys_sendmsg+0x10/0x10 [ 721.569016][T12975] __sys_sendmsg+0x170/0x220 [ 721.569135][T12975] ? __pfx___sys_sendmsg+0x10/0x10 [ 721.569186][T12975] ? rcu_is_watching+0x12/0xc0 [ 721.569226][T12975] do_syscall_64+0x115/0x840 [ 721.569271][T12975] ? clear_bhb_loop+0x40/0x90 [ 721.569310][T12975] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 721.569343][T12975] RIP: 0033:0x7f39ceb9ce59 [ 721.569369][T12975] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 721.569402][T12975] RSP: 002b:00007f39cfa97028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 721.569432][T12975] RAX: ffffffffffffffda RBX: 00007f39cee16090 RCX: 00007f39ceb9ce59 [ 721.569453][T12975] RDX: 0000000000000040 RSI: 0000200000000cc0 RDI: 0000000000000008 [ 721.569473][T12975] RBP: 00007f39cfa97090 R08: 0000000000000000 R09: 0000000000000000 [ 721.569492][T12975] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 721.569510][T12975] R13: 00007f39cee16128 R14: 00007f39cee16090 R15: 00007ffdcf1042b8 [ 721.569551][T12975] [ 721.645327][T12975] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1341'. [ 722.536212][T12973] netlink: 338 bytes leftover after parsing attributes in process `syz.2.1340'. [ 722.812673][T12984] netlink: 338 bytes leftover after parsing attributes in process `syz.2.1340'. [ 723.973319][T13005] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1346'. [ 724.927239][T13009] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 724.937886][T13009] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 724.954408][T13009] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 724.971758][T13009] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 726.378143][T13034] rcu: RCU calculated value of scheduler-enlistment delay is 10 jiffies. [ 726.496013][T13034] ICMPv6: process `syz.3.1355' is using deprecated sysctl (syscall) net.ipv6.neigh.veth0_to_bridge.base_reachable_time - use net.ipv6.neigh.veth0_to_bridge.base_reachable_time_ms instead [ 726.596727][ T6375] Bluetooth: hci0: command 0x0c1a tx timeout [ 726.771029][ T6375] Bluetooth: hci1: unexpected event 0x30 length: 10 > 3 [ 726.843102][T13034] loop13: detected capacity change from 0 to 8 [ 726.866224][ T30] audit: type=1800 audit(1843104760.207:74): pid=13039 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.1356" name="dbroot" dev="configfs" ino=48077 res=0 errno=0 [ 726.995664][ T6375] Bluetooth: hci2: command 0x0c1a tx timeout [ 727.003513][T11369] Bluetooth: hci3: command 0x0c1a tx timeout [ 727.012063][ T6291] Bluetooth: hci1: command 0x0c1a tx timeout [ 727.742706][T13049] FAULT_INJECTION: forcing a failure. [ 727.742706][T13049] name failslab, interval 1, probability 0, space 0, times 0 [ 727.762903][T13049] CPU: 1 UID: 0 PID: 13049 Comm: syz.3.1358 Tainted: G L syzkaller #0 PREEMPT(full) [ 727.762953][T13049] Tainted: [L]=SOFTLOCKUP [ 727.762964][T13049] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 727.762994][T13049] Call Trace: [ 727.763005][T13049] [ 727.763020][T13049] dump_stack_lvl+0x100/0x190 [ 727.763092][T13049] should_fail_ex.cold+0x5/0xa [ 727.763135][T13049] ? genl_family_rcv_msg_attrs_parse.isra.0+0x100/0x2f0 [ 727.763185][T13049] should_failslab+0xc2/0x120 [ 727.763222][T13049] __kmalloc_noprof+0xe0/0x850 [ 727.763270][T13049] ? lockdep_hardirqs_on+0x78/0x100 [ 727.763327][T13049] genl_family_rcv_msg_attrs_parse.isra.0+0x100/0x2f0 [ 727.763390][T13049] genl_family_rcv_msg_doit+0xc7/0x300 [ 727.763441][T13049] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 727.763492][T13049] ? genl_get_cmd+0x3e7/0x760 [ 727.763550][T13049] ? bpf_lsm_capable+0x9/0x10 [ 727.763587][T13049] ? security_capable+0x80/0x260 [ 727.763630][T13049] genl_rcv_msg+0x560/0x800 [ 727.763687][T13049] ? __pfx_genl_rcv_msg+0x10/0x10 [ 727.763740][T13049] ? __pfx_tcp_metrics_nl_cmd_del+0x10/0x10 [ 727.763920][T13049] netlink_rcv_skb+0x159/0x420 [ 727.763976][T13049] ? __pfx_genl_rcv_msg+0x10/0x10 [ 727.764031][T13049] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 727.764094][T13049] ? netlink_deliver_tap+0x1ae/0xcc0 [ 727.764138][T13049] genl_rcv+0x28/0x40 [ 727.764180][T13049] netlink_unicast+0x585/0x850 [ 727.764231][T13049] ? __pfx_netlink_unicast+0x10/0x10 [ 727.764284][T13049] netlink_sendmsg+0x8b0/0xda0 [ 727.764330][T13049] ? __pfx_netlink_sendmsg+0x10/0x10 [ 727.764370][T13049] ? __import_iovec+0x1d2/0x640 [ 727.764419][T13049] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 727.764460][T13049] ____sys_sendmsg+0x9e1/0xb70 [ 727.764502][T13049] ? __pfx_netlink_sendmsg+0x10/0x10 [ 727.764549][T13049] ? __pfx_____sys_sendmsg+0x10/0x10 [ 727.764611][T13049] ___sys_sendmsg+0x190/0x1e0 [ 727.764659][T13049] ? __pfx____sys_sendmsg+0x10/0x10 [ 727.764773][T13049] __sys_sendmsg+0x170/0x220 [ 727.764810][T13049] ? __pfx___sys_sendmsg+0x10/0x10 [ 727.764863][T13049] ? rcu_is_watching+0x12/0xc0 [ 727.764907][T13049] do_syscall_64+0x115/0x840 [ 727.764952][T13049] ? clear_bhb_loop+0x40/0x90 [ 727.765003][T13049] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 727.765037][T13049] RIP: 0033:0x7fcf1db9ce59 [ 727.765064][T13049] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 727.765097][T13049] RSP: 002b:00007fcf1bdf6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 727.765128][T13049] RAX: ffffffffffffffda RBX: 00007fcf1de16090 RCX: 00007fcf1db9ce59 [ 727.765149][T13049] RDX: 0000000000000040 RSI: 0000200000000cc0 RDI: 0000000000000008 [ 727.765168][T13049] RBP: 00007fcf1bdf6090 R08: 0000000000000000 R09: 0000000000000000 [ 727.765187][T13049] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 727.765206][T13049] R13: 00007fcf1de16128 R14: 00007fcf1de16090 R15: 00007ffd32962048 [ 727.765248][T13049] [ 728.918670][T13032] Process accounting paused [ 729.496134][T13054] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 729.527691][T13054] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 729.563308][T13054] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 729.583497][T13054] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 729.735170][T13069] netlink: 338 bytes leftover after parsing attributes in process `syz.1.1361'. [ 730.894529][T11369] Bluetooth: hci0: command 0x0c1a tx timeout [ 731.533244][T11369] Bluetooth: hci1: command 0x0c1a tx timeout [ 731.612853][T11369] Bluetooth: hci2: command 0x0c1a tx timeout [ 731.619004][ T6291] Bluetooth: hci3: command 0x0c1a tx timeout [ 735.106412][T13120] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1371'. [ 735.514468][T13124] netlink: 338 bytes leftover after parsing attributes in process `syz.2.1372'. [ 735.715051][T13124] netlink: 338 bytes leftover after parsing attributes in process `syz.2.1372'. [ 736.111246][T13128] netlink: 338 bytes leftover after parsing attributes in process `syz.1.1373'. [ 737.289575][T13145] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 737.352859][T13145] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 737.408155][T13145] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 737.458403][T13145] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 738.932818][T11369] Bluetooth: hci0: command 0x0c1a tx timeout [ 739.410088][T11369] Bluetooth: hci3: command 0x0c1a tx timeout [ 739.418127][ T6291] Bluetooth: hci1: command 0x0c1a tx timeout [ 739.490064][ T6291] Bluetooth: hci2: command 0x0c1a tx timeout [ 744.791974][T13229] netlink: 338 bytes leftover after parsing attributes in process `syz.0.1392'. [ 745.018895][T13231] netlink: 338 bytes leftover after parsing attributes in process `syz.0.1392'. [ 746.538574][T13211] Process accounting resumed [ 747.766374][T13252] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 747.781271][T13252] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 747.826459][T13252] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 747.865334][T13252] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 748.086227][T13258] FAULT_INJECTION: forcing a failure. [ 748.086227][T13258] name failslab, interval 1, probability 0, space 0, times 0 [ 748.166908][T13258] CPU: 1 UID: 0 PID: 13258 Comm: syz.0.1395 Tainted: G L syzkaller #0 PREEMPT(full) [ 748.166958][T13258] Tainted: [L]=SOFTLOCKUP [ 748.166969][T13258] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 748.166988][T13258] Call Trace: [ 748.166997][T13258] [ 748.167009][T13258] dump_stack_lvl+0x100/0x190 [ 748.167069][T13258] should_fail_ex.cold+0x5/0xa [ 748.167117][T13258] should_failslab+0xc2/0x120 [ 748.167155][T13258] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 748.167210][T13258] ? alloc_empty_file+0x5b/0x1c0 [ 748.167257][T13258] ? __pfx_stack_trace_save+0x10/0x10 [ 748.167304][T13258] alloc_empty_file+0x5b/0x1c0 [ 748.168002][T13258] path_openat+0xe8/0x31a0 [ 748.168048][T13258] ? kasan_save_stack+0x3f/0x50 [ 748.168079][T13258] ? kasan_save_stack+0x30/0x50 [ 748.168108][T13258] ? kasan_save_track+0x14/0x30 [ 748.168137][T13258] ? __kasan_slab_alloc+0x89/0x90 [ 748.168169][T13258] ? kmem_cache_alloc_noprof+0x241/0x6e0 [ 748.168233][T13258] ? do_getname+0x35/0x390 [ 748.168278][T13258] ? do_sys_openat2+0xc5/0x1e0 [ 748.168478][T13258] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 748.168536][T13258] ? __pfx_path_openat+0x10/0x10 [ 748.168598][T13258] do_file_open+0x20e/0x430 [ 748.168647][T13258] ? __pfx_do_file_open+0x10/0x10 [ 748.168719][T13258] ? alloc_fd+0x476/0x790 [ 748.168767][T13258] ? do_getname+0x191/0x390 [ 748.168821][T13258] do_sys_openat2+0x10d/0x1e0 [ 748.168940][T13258] ? __pfx_do_sys_openat2+0x10/0x10 [ 748.168992][T13258] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 748.169055][T13258] ? __fget_files+0x21f/0x3d0 [ 748.169105][T13258] __x64_sys_openat+0x12d/0x210 [ 748.169164][T13258] ? __pfx___x64_sys_openat+0x10/0x10 [ 748.169220][T13258] ? ksys_write+0x1ac/0x250 [ 748.169268][T13258] ? rcu_is_watching+0x12/0xc0 [ 748.169317][T13258] do_syscall_64+0x115/0x840 [ 748.169367][T13258] ? clear_bhb_loop+0x40/0x90 [ 748.169412][T13258] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 748.169452][T13258] RIP: 0033:0x7f39ceb9ce59 [ 748.169482][T13258] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 748.169519][T13258] RSP: 002b:00007f39cfa76028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 748.169554][T13258] RAX: ffffffffffffffda RBX: 00007f39cee16180 RCX: 00007f39ceb9ce59 [ 748.169577][T13258] RDX: 0000000000000400 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 748.169600][T13258] RBP: 00007f39cfa76090 R08: 0000000000000000 R09: 0000000000000000 [ 748.169622][T13258] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 748.169642][T13258] R13: 00007f39cee16218 R14: 00007f39cee16180 R15: 00007ffdcf1042b8 [ 748.169689][T13258] [ 749.208137][ T6291] Bluetooth: hci0: command 0x0c1a tx timeout [ 749.836118][ T6291] Bluetooth: hci3: command 0x0c1a tx timeout [ 749.843716][T11369] Bluetooth: hci1: command 0x0c1a tx timeout [ 749.916238][T11369] Bluetooth: hci2: command 0x0c1a tx timeout [ 750.554401][ T1318] ieee802154 phy0 wpan0: encryption failed: -22 [ 750.567182][ T1318] ieee802154 phy1 wpan1: encryption failed: -22 [ 750.634053][T13274] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 750.652876][T13274] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 750.690360][T13274] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 750.740690][T13274] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 752.387651][T11369] Bluetooth: hci0: command 0x0c1a tx timeout [ 752.701726][T11369] Bluetooth: hci3: command 0x0c1a tx timeout [ 752.708237][ T6291] Bluetooth: hci1: command 0x0c1a tx timeout [ 752.793589][ T6291] Bluetooth: hci2: command 0x0c1a tx timeout [ 755.203828][T13312] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1407'. [ 755.843607][T13319] netlink: 338 bytes leftover after parsing attributes in process `syz.2.1409'. [ 756.254604][T13321] netlink: 338 bytes leftover after parsing attributes in process `syz.2.1409'. [ 757.172064][T13326] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 757.218442][T13326] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 757.257539][T13326] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 757.330020][T13326] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 757.374471][T13336] netlink: 338 bytes leftover after parsing attributes in process `syz.2.1412'. [ 758.594109][ T6291] Bluetooth: hci0: command 0x0c1a tx timeout [ 759.227121][ T6291] Bluetooth: hci1: command 0x0c1a tx timeout [ 759.306631][ T6291] Bluetooth: hci3: command 0x0c1a tx timeout [ 759.386206][ T6291] Bluetooth: hci2: command 0x0c1a tx timeout [ 759.430594][T13360] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 759.456264][T13360] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 759.486421][T13360] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 759.511220][T13360] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 759.639451][T13360] Process accounting resumed [ 761.139660][ T6291] Bluetooth: hci0: command 0x0c1a tx timeout [ 761.457345][ T6291] Bluetooth: hci1: command 0x0c1a tx timeout [ 761.535046][T11369] Bluetooth: hci3: command 0x0c1a tx timeout [ 761.542970][ T6291] Bluetooth: hci2: command 0x0c1a tx timeout [ 761.780355][T13387] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 761.804048][T13387] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 761.811798][T13387] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 761.827677][T13387] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 763.846627][ T6291] Bluetooth: hci2: command 0x0c1a tx timeout [ 763.854296][T11369] Bluetooth: hci3: command 0x0c1a tx timeout [ 763.861294][ T6375] Bluetooth: hci1: command 0x0c1a tx timeout [ 763.869174][ T6291] Bluetooth: hci0: command 0x0c1a tx timeout [ 769.227443][T13472] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 769.271841][T13472] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 769.300877][T13472] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 769.314870][T13472] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 770.529015][ T6291] Bluetooth: hci0: command 0x0c1a tx timeout [ 770.999058][T13506] netlink: 146 bytes leftover after parsing attributes in process `syz.1.1441'. [ 771.324218][ T6291] Bluetooth: hci2: command 0x0c1a tx timeout [ 771.333494][T11369] Bluetooth: hci3: command 0x0c1a tx timeout [ 771.342526][T13423] Bluetooth: hci1: command 0x0c1a tx timeout [ 771.677192][T13515] FAULT_INJECTION: forcing a failure. [ 771.677192][T13515] name failslab, interval 1, probability 0, space 0, times 0 [ 771.859368][T13515] CPU: 1 UID: 0 PID: 13515 Comm: syz.3.1440 Tainted: G L syzkaller #0 PREEMPT(full) [ 771.859418][T13515] Tainted: [L]=SOFTLOCKUP [ 771.859429][T13515] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 771.859447][T13515] Call Trace: [ 771.859458][T13515] [ 771.859469][T13515] dump_stack_lvl+0x100/0x190 [ 771.859608][T13515] should_fail_ex.cold+0x5/0xa [ 771.859649][T13515] ? tomoyo_encode2+0xfb/0x3c0 [ 771.859693][T13515] should_failslab+0xc2/0x120 [ 771.859736][T13515] __kmalloc_noprof+0xe0/0x850 [ 771.859785][T13515] ? d_absolute_path+0x136/0x1b0 [ 771.859824][T13515] tomoyo_encode2+0xfb/0x3c0 [ 771.859875][T13515] tomoyo_encode+0x29/0x50 [ 771.859918][T13515] tomoyo_realpath_from_path+0x18c/0x690 [ 771.859977][T13515] tomoyo_check_open_permission+0x2af/0x3c0 [ 771.860021][T13515] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 771.860073][T13515] ? hook_file_open+0x24e/0x7a0 [ 771.860142][T13515] ? path_get+0x61/0x80 [ 771.860189][T13515] tomoyo_file_open+0x6b/0x90 [ 771.860221][T13515] security_file_open+0xb5/0x1e0 [ 771.860263][T13515] do_dentry_open+0x588/0x14d0 [ 771.860312][T13515] vfs_open+0x82/0x3f0 [ 771.860363][T13515] path_openat+0x208c/0x31a0 [ 771.860416][T13515] ? __pfx_path_openat+0x10/0x10 [ 771.860470][T13515] do_file_open+0x20e/0x430 [ 771.860513][T13515] ? __pfx_do_file_open+0x10/0x10 [ 771.860721][T13515] ? alloc_fd+0x476/0x790 [ 771.860764][T13515] ? do_getname+0x191/0x390 [ 771.860815][T13515] do_sys_openat2+0x10d/0x1e0 [ 771.860865][T13515] ? __pfx_do_sys_openat2+0x10/0x10 [ 771.860914][T13515] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 771.860971][T13515] ? __fget_files+0x21f/0x3d0 [ 771.861016][T13515] __x64_sys_openat+0x12d/0x210 [ 771.861083][T13515] ? __pfx___x64_sys_openat+0x10/0x10 [ 771.861132][T13515] ? ksys_write+0x1ac/0x250 [ 771.861172][T13515] ? rcu_is_watching+0x12/0xc0 [ 771.861214][T13515] do_syscall_64+0x115/0x840 [ 771.861264][T13515] ? clear_bhb_loop+0x40/0x90 [ 771.861305][T13515] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 771.861338][T13515] RIP: 0033:0x7fcf1db9ce59 [ 771.861364][T13515] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 771.861395][T13515] RSP: 002b:00007fcf1bdd5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 771.861427][T13515] RAX: ffffffffffffffda RBX: 00007fcf1de16180 RCX: 00007fcf1db9ce59 [ 771.861447][T13515] RDX: 0000000000000400 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 771.861467][T13515] RBP: 00007fcf1bdd5090 R08: 0000000000000000 R09: 0000000000000000 [ 771.861486][T13515] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 771.861504][T13515] R13: 00007fcf1de16218 R14: 00007fcf1de16180 R15: 00007ffd32962048 [ 771.861589][T13515] [ 772.414738][T13515] ERROR: Out of memory at tomoyo_realpath_from_path. [ 772.890895][T13531] FAULT_INJECTION: forcing a failure. [ 772.890895][T13531] name failslab, interval 1, probability 0, space 0, times 0 [ 773.016485][T13531] CPU: 1 UID: 0 PID: 13531 Comm: syz.2.1444 Tainted: G L syzkaller #0 PREEMPT(full) [ 773.016540][T13531] Tainted: [L]=SOFTLOCKUP [ 773.016552][T13531] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 773.016571][T13531] Call Trace: [ 773.016582][T13531] [ 773.016599][T13531] dump_stack_lvl+0x100/0x190 [ 773.016713][T13531] should_fail_ex.cold+0x5/0xa [ 773.016759][T13531] should_failslab+0xc2/0x120 [ 773.016802][T13531] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 773.016860][T13531] ? __d_alloc+0x34/0xa40 [ 773.016915][T13531] __d_alloc+0x34/0xa40 [ 773.016977][T13531] d_alloc+0x4a/0x1e0 [ 773.017024][T13531] lookup_one_qstr_excl+0x171/0x250 [ 773.017075][T13531] ? mnt_want_write+0x161/0x450 [ 773.017111][T13531] filename_create+0x1cf/0x400 [ 773.017147][T13531] ? __pfx_filename_create+0x10/0x10 [ 773.017202][T13531] filename_mknodat+0x190/0x7f0 [ 773.017251][T13531] ? __pfx_filename_mknodat+0x10/0x10 [ 773.017295][T13531] ? strncpy_from_user+0x19d/0x2d0 [ 773.017350][T13531] ? do_getname+0x191/0x390 [ 773.017405][T13531] __x64_sys_mknod+0x8f/0xc0 [ 773.017453][T13531] do_syscall_64+0x115/0x840 [ 773.017503][T13531] ? clear_bhb_loop+0x40/0x90 [ 773.017548][T13531] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 773.017584][T13531] RIP: 0033:0x7faa6d19ce59 [ 773.017614][T13531] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 773.017649][T13531] RSP: 002b:00007faa6df70028 EFLAGS: 00000246 ORIG_RAX: 0000000000000085 [ 773.017683][T13531] RAX: ffffffffffffffda RBX: 00007faa6d416090 RCX: 00007faa6d19ce59 [ 773.017706][T13531] RDX: 0000000000000007 RSI: 0000000000001e20 RDI: 0000200000000040 [ 773.017728][T13531] RBP: 00007faa6d232d6f R08: 0000000000000000 R09: 0000000000000000 [ 773.017749][T13531] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 773.017768][T13531] R13: 00007faa6d416128 R14: 00007faa6d416090 R15: 00007ffc4ec381e8 [ 773.017820][T13531] [ 777.397926][T13548] Process accounting paused [ 779.257015][T13596] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 779.278549][T13596] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 779.305289][T13596] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 779.338992][T13596] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 780.446683][ T0] NOHZ tick-stop error: local softirq work is pending, handler #10!!! [ 780.646234][ T6291] Bluetooth: hci0: command 0x0c1a tx timeout [ 781.277360][ T6291] Bluetooth: hci1: command 0x0c1a tx timeout [ 781.352278][ T6291] Bluetooth: hci2: command 0x0c1a tx timeout [ 781.360242][T13423] Bluetooth: hci3: command 0x0c1a tx timeout [ 783.417944][T13659] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 783.446245][T13659] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 783.477111][T13659] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 783.533336][T13659] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 784.775832][T13423] Bluetooth: hci0: command 0x0c1a tx timeout [ 785.490414][T13423] Bluetooth: hci3: command 0x0c1a tx timeout [ 785.496709][ T6291] Bluetooth: hci1: command 0x0c1a tx timeout [ 785.570201][ T6291] Bluetooth: hci2: command 0x0c1a tx timeout [ 785.916317][T13690] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 785.946713][T13690] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 785.969533][T13690] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 786.005449][T13690] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 787.400631][ T6291] Bluetooth: hci0: command 0x0c1a tx timeout [ 787.558979][T13719] futex_wake_op: syz.1.1474 tries to shift op by -2048; fix this program [ 787.644259][T13721] 0x000000000001-0x000000020000 : "" [ 787.959157][ T6291] Bluetooth: hci1: command 0x0c1a tx timeout [ 788.039863][ T6291] Bluetooth: hci2: command 0x0c1a tx timeout [ 788.048762][T13423] Bluetooth: hci3: command 0x0c1a tx timeout [ 788.488436][T13728] FAULT_INJECTION: forcing a failure. [ 788.488436][T13728] name failslab, interval 1, probability 0, space 0, times 0 [ 788.595176][T13728] CPU: 0 UID: 0 PID: 13728 Comm: syz.1.1474 Tainted: G L syzkaller #0 PREEMPT(full) [ 788.595215][T13728] Tainted: [L]=SOFTLOCKUP [ 788.595225][T13728] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 788.595239][T13728] Call Trace: [ 788.595247][T13728] [ 788.595256][T13728] dump_stack_lvl+0x100/0x190 [ 788.595305][T13728] should_fail_ex.cold+0x5/0xa [ 788.595463][T13728] should_failslab+0xc2/0x120 [ 788.595514][T13728] __kmalloc_node_noprof+0xe6/0x850 [ 788.595594][T13728] ? mempool_init_node+0x11b/0x6e0 [ 788.595626][T13728] ? lockdep_init_map_type+0x5c/0x250 [ 788.595673][T13728] ? __pfx_mempool_free_slab+0x10/0x10 [ 788.595703][T13728] ? __pfx_mempool_alloc_slab+0x10/0x10 [ 788.595734][T13728] mempool_init_node+0x11b/0x6e0 [ 788.595770][T13728] ? __pfx_xa_load+0x10/0x10 [ 788.595833][T13728] ? __pfx_mempool_alloc_slab+0x10/0x10 [ 788.595861][T13728] ? __pfx_mempool_free_slab+0x10/0x10 [ 788.595891][T13728] mempool_init_noprof+0x3a/0x50 [ 788.595928][T13728] bioset_init+0x37e/0x8a0 [ 788.596044][T13728] ? __pfx_bioset_init+0x10/0x10 [ 788.596088][T13728] __alloc_disk_node+0x83/0x6b0 [ 788.596171][T13728] __blk_alloc_disk+0xd2/0x170 [ 788.596202][T13728] ? __pfx___blk_alloc_disk+0x10/0x10 [ 788.596260][T13728] ? __pfx_idr_alloc+0x10/0x10 [ 788.596298][T13728] ? lockdep_init_map_type+0x5c/0x250 [ 788.596345][T13728] ? __raw_spin_lock_init+0x3a/0x110 [ 788.596376][T13728] ? __pfx_hot_add_show+0x10/0x10 [ 788.596441][T13728] zram_add+0x1bf/0x5d0 [ 788.596476][T13728] ? __pfx_zram_add+0x10/0x10 [ 788.596543][T13728] ? __pfx_hot_add_show+0x10/0x10 [ 788.596577][T13728] hot_add_show+0x21/0x80 [ 788.596611][T13728] class_attr_show+0x72/0xa0 [ 788.596684][T13728] ? __pfx_class_attr_show+0x10/0x10 [ 788.596710][T13728] sysfs_kf_seq_show+0x217/0x3a0 [ 788.596745][T13728] seq_read_iter+0x32f/0x1270 [ 788.596774][T13728] ? lock_acquire+0x1b1/0x370 [ 788.596934][T13728] kernfs_fop_read_iter+0x46c/0x610 [ 788.596994][T13728] ? rw_verify_area+0xce/0x6d0 [ 788.597019][T13728] ? __pfx_kernfs_fop_read_iter+0x10/0x10 [ 788.597058][T13728] vfs_read+0x825/0xb30 [ 788.597139][T13728] ? __pfx_vfs_read+0x10/0x10 [ 788.597202][T13728] ksys_read+0x12a/0x250 [ 788.597240][T13728] ? __pfx_ksys_read+0x10/0x10 [ 788.597271][T13728] ? rcu_is_watching+0x12/0xc0 [ 788.597302][T13728] do_syscall_64+0x115/0x840 [ 788.597340][T13728] ? clear_bhb_loop+0x40/0x90 [ 788.597370][T13728] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 788.597726][T13728] RIP: 0033:0x7f0242f9ce59 [ 788.597750][T13728] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 788.597774][T13728] RSP: 002b:00007f0243dba028 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 788.597797][T13728] RAX: ffffffffffffffda RBX: 00007f0243216270 RCX: 00007f0242f9ce59 [ 788.597813][T13728] RDX: 0000000000001000 RSI: 0000200000000ec0 RDI: 000000000000000a [ 788.597827][T13728] RBP: 00007f0243032d6f R08: 0000000000000000 R09: 0000000000000000 [ 788.597842][T13728] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 788.597857][T13728] R13: 00007f0243216308 R14: 00007f0243216270 R15: 00007ffd99d9d6a8 [ 788.597889][T13728] [ 789.039248][T13721] ftl_cs: FTL header corrupt! [ 789.493177][T13728] zram: Error allocating disk structure for device 1 [ 790.760607][T13719] ubi1: attaching mtd0 [ 790.767555][T13719] ubi1: scanning is finished [ 790.941872][T13719] ubi1 error: ubi_attach_mtd_dev: cannot spawn "ubi_bgt1d", error -4 [ 791.370275][T13725] Process accounting paused [ 794.422466][T13791] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 794.451102][T13791] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 794.484544][T13791] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 794.524694][T13791] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 795.105986][T13803] netlink: 338 bytes leftover after parsing attributes in process `syz.0.1488'. [ 795.465862][T13800] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1486'. [ 795.525921][T13803] netlink: 338 bytes leftover after parsing attributes in process `syz.0.1488'. [ 795.836719][ T6291] Bluetooth: hci0: command 0x0c1a tx timeout [ 796.473291][ T6291] Bluetooth: hci1: command 0x0c1a tx timeout [ 796.553198][ T6291] Bluetooth: hci2: command 0x0c1a tx timeout [ 796.560650][T13423] Bluetooth: hci3: command 0x0c1a tx timeout [ 798.024903][T13843] hub 1-0:1.0: USB hub found [ 798.062286][T13843] hub 1-0:1.0: 1 port detected [ 800.405743][T13865] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1501'. [ 801.725556][T13868] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 801.753234][T13868] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 801.764078][T13868] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 801.778741][T13868] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 803.158571][T13423] Bluetooth: hci0: command 0x0c1a tx timeout [ 803.371444][T13903] random: crng reseeded on system resumption [ 803.795629][ T6291] Bluetooth: hci3: command 0x0c1a tx timeout [ 803.802087][T11369] Bluetooth: hci1: command 0x0c1a tx timeout [ 803.808908][T13423] Bluetooth: hci2: command 0x0c1a tx timeout [ 806.927625][T13927] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 806.938529][T13927] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 806.946079][T13927] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 806.958215][T13927] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 808.332479][T13423] Bluetooth: hci0: command 0x0c1a tx timeout [ 808.968427][T13423] Bluetooth: hci2: command 0x0c1a tx timeout [ 808.975649][ T6291] Bluetooth: hci3: command 0x0c1a tx timeout [ 808.982585][T11369] Bluetooth: hci1: command 0x0c1a tx timeout [ 809.038247][T13964] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 809.093406][T13964] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 809.130427][T13964] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 809.154726][T13964] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 810.410898][T11369] Bluetooth: hci0: command 0x0c1a tx timeout [ 811.117225][T11369] Bluetooth: hci1: command 0x0c1a tx timeout [ 811.199695][T11369] Bluetooth: hci2: command 0x0c1a tx timeout [ 811.206345][T13423] Bluetooth: hci3: command 0x0c1a tx timeout [ 811.677221][ T1318] ieee802154 phy0 wpan0: encryption failed: -22 [ 811.688470][ T1318] ieee802154 phy1 wpan1: encryption failed: -22 [ 817.822529][T14062] netlink: 338 bytes leftover after parsing attributes in process `syz.0.1541'. [ 818.080662][T14054] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 818.104915][T14054] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 818.122926][T14054] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 818.182723][T14054] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 818.359692][T14061] netlink: 338 bytes leftover after parsing attributes in process `syz.0.1541'. [ 819.406110][T11369] Bluetooth: hci0: command 0x0c1a tx timeout [ 820.110545][T11369] Bluetooth: hci1: command 0x0c1a tx timeout [ 820.190409][T11369] Bluetooth: hci2: command 0x0c1a tx timeout [ 820.196824][T13423] Bluetooth: hci3: command 0x0c1a tx timeout [ 820.574145][T14090] netlink: 338 bytes leftover after parsing attributes in process `syz.3.1545'. [ 820.661414][T14089] netlink: 338 bytes leftover after parsing attributes in process `syz.3.1545'. [ 821.591786][T14096] Process accounting resumed [ 822.778484][T14114] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 822.807737][T14114] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 822.822904][T14114] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 822.840991][T14114] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 824.248957][T11369] Bluetooth: hci0: command 0x0c1a tx timeout [ 824.808892][T11369] Bluetooth: hci1: command 0x0c1a tx timeout [ 824.886411][T13423] Bluetooth: hci3: command 0x0c1a tx timeout [ 824.892867][T11369] Bluetooth: hci2: command 0x0c1a tx timeout [ 826.603502][T14159] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 826.611338][T14159] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 826.617880][T14159] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 826.624470][T14159] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 828.148595][T11369] Bluetooth: hci0: command 0x0c1a tx timeout [ 828.626375][T13423] Bluetooth: hci3: command 0x0c1a tx timeout [ 828.634648][ T6291] Bluetooth: hci1: command 0x0c1a tx timeout [ 828.640858][T11369] Bluetooth: hci2: command 0x0c1a tx timeout [ 831.864480][T14218] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 831.883424][T14218] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 831.899361][T14218] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 831.911088][T14218] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 833.321805][T11369] Bluetooth: hci0: command 0x0c1a tx timeout [ 833.878774][T11369] Bluetooth: hci1: command 0x0c1a tx timeout [ 833.958595][T11369] Bluetooth: hci2: command 0x0c1a tx timeout [ 833.964775][ T6291] Bluetooth: hci3: command 0x0c1a tx timeout [ 836.084825][T14256] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 836.097683][T14256] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 836.113116][T14256] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 836.138338][T14256] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 837.380621][T11369] Bluetooth: hci0: command 0x0c1a tx timeout [ 838.096889][T11369] Bluetooth: hci1: command 0x0c1a tx timeout [ 838.176550][T11369] Bluetooth: hci2: command 0x0c1a tx timeout [ 838.182769][ T6291] Bluetooth: hci3: command 0x0c1a tx timeout [ 841.660567][T14330] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 841.667420][T14330] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 841.696835][T14330] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 841.709998][T14330] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 842.117083][ T0] NOHZ tick-stop error: local softirq work is pending, handler #202!!! [ 842.954387][T11369] Bluetooth: hci0: command 0x0c1a tx timeout [ 843.669362][T11369] Bluetooth: hci1: command 0x0c1a tx timeout [ 843.747406][T11369] Bluetooth: hci2: command 0x0c1a tx timeout [ 843.753525][ T6291] Bluetooth: hci3: command 0x0c1a tx timeout [ 846.550036][T14409] netlink: 342 bytes leftover after parsing attributes in process `syz.3.1605'. [ 847.367666][T14420] netlink: 342 bytes leftover after parsing attributes in process `syz.2.1609'. [ 848.040328][T14431] FAULT_INJECTION: forcing a failure. [ 848.040328][T14431] name failslab, interval 1, probability 0, space 0, times 0 [ 848.063784][T14431] CPU: 1 UID: 0 PID: 14431 Comm: syz.0.1607 Tainted: G L syzkaller #0 PREEMPT(full) [ 848.063836][T14431] Tainted: [L]=SOFTLOCKUP [ 848.063847][T14431] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 848.063865][T14431] Call Trace: [ 848.063875][T14431] [ 848.063887][T14431] dump_stack_lvl+0x100/0x190 [ 848.063947][T14431] should_fail_ex.cold+0x5/0xa [ 848.063988][T14431] ? copy_splice_read+0x1a3/0xb90 [ 848.064026][T14431] should_failslab+0xc2/0x120 [ 848.064065][T14431] __kmalloc_noprof+0xe0/0x850 [ 848.064130][T14431] copy_splice_read+0x1a3/0xb90 [ 848.064181][T14431] ? __pfx_copy_splice_read+0x10/0x10 [ 848.064225][T14431] ? look_up_lock_class+0x64/0x120 [ 848.064282][T14431] ? lockdep_init_map_type+0x5c/0x250 [ 848.064337][T14431] ? __pfx_pipe_lock_cmp_fn+0x10/0x10 [ 848.064378][T14431] ? __pfx_copy_splice_read+0x10/0x10 [ 848.064417][T14431] do_splice_read+0x285/0x370 [ 848.064462][T14431] splice_direct_to_actor+0x2a1/0xa30 [ 848.064506][T14431] ? __pfx_direct_splice_actor+0x10/0x10 [ 848.064553][T14431] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 848.064608][T14431] do_splice_direct+0x174/0x240 [ 848.064650][T14431] ? __pfx_do_splice_direct+0x10/0x10 [ 848.064692][T14431] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 848.064738][T14431] ? rw_verify_area+0xce/0x6d0 [ 848.064782][T14431] do_sendfile+0xadc/0xe20 [ 848.064825][T14431] ? __pfx_do_sendfile+0x10/0x10 [ 848.064906][T14431] ? __fget_files+0x21f/0x3d0 [ 848.064968][T14431] __x64_sys_sendfile64+0x1d8/0x220 [ 848.065012][T14431] ? ksys_write+0x1ac/0x250 [ 848.065047][T14431] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 848.065094][T14431] ? rcu_is_watching+0x12/0xc0 [ 848.065137][T14431] do_syscall_64+0x115/0x840 [ 848.065181][T14431] ? clear_bhb_loop+0x40/0x90 [ 848.065221][T14431] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 848.065254][T14431] RIP: 0033:0x7f39ceb9ce59 [ 848.065281][T14431] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 848.065312][T14431] RSP: 002b:00007f39cfa76028 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 848.065343][T14431] RAX: ffffffffffffffda RBX: 00007f39cee16180 RCX: 00007f39ceb9ce59 [ 848.065363][T14431] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000004 [ 848.065380][T14431] RBP: 00007f39cfa76090 R08: 0000000000000000 R09: 0000000000000000 [ 848.065398][T14431] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000001 [ 848.065416][T14431] R13: 00007f39cee16218 R14: 00007f39cee16180 R15: 00007ffdcf1042b8 [ 848.065466][T14431] [ 848.392770][T14435] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1611'. [ 849.498320][T14454] netlink: 338 bytes leftover after parsing attributes in process `syz.1.1613'. [ 850.328348][T14455] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 850.361200][T14455] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 850.378893][T14455] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 850.386214][T14455] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 850.776390][T14484] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1620'. [ 851.225919][T14473] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 851.243124][T14473] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 851.259765][T14473] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 851.276919][T14473] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 851.563109][T14490] Process accounting paused [ 851.858739][T14499] netlink: 186 bytes leftover after parsing attributes in process `syz.0.1623'. [ 852.663050][ T6291] Bluetooth: hci0: command 0x0c1a tx timeout [ 853.300031][ T6291] Bluetooth: hci2: command 0x0c1a tx timeout [ 853.306185][T11369] Bluetooth: hci3: command 0x0c1a tx timeout [ 853.312482][T13423] Bluetooth: hci1: command 0x0c1a tx timeout [ 855.020275][T14528] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 855.020496][T14528] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 855.021538][T14528] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 855.021688][T14528] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 855.704248][T14543] hub 1-0:1.0: USB hub found [ 855.766932][T14543] hub 1-0:1.0: 1 port detected [ 856.561204][T13423] Bluetooth: hci0: command 0x0c1a tx timeout [ 857.038315][T13423] Bluetooth: hci1: command 0x0c1a tx timeout [ 857.044453][ T6291] Bluetooth: hci2: command 0x0c1a tx timeout [ 857.050877][T11369] Bluetooth: hci3: command 0x0c1a tx timeout [ 858.530001][T14576] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 858.539589][T14576] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 858.560717][T14576] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 858.579051][T14576] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 860.034403][T14594] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 860.069773][T14594] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 860.086697][T14594] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 860.109345][T14594] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 861.415709][T13423] Bluetooth: hci0: command 0x0c1a tx timeout [ 861.779640][T14632] netlink: 338 bytes leftover after parsing attributes in process `syz.2.1647'. [ 861.866038][T14633] netlink: 338 bytes leftover after parsing attributes in process `syz.2.1647'. [ 862.133093][T13423] Bluetooth: hci2: command 0x0c1a tx timeout [ 862.139333][T11369] Bluetooth: hci3: command 0x0c1a tx timeout [ 862.145409][ T6291] Bluetooth: hci1: command 0x0c1a tx timeout [ 866.891091][T14698] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1661'. [ 869.422398][T14726] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 869.437282][T14726] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 869.450469][T14726] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 869.461971][T14726] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 870.727389][T13423] Bluetooth: hci0: command 0x0c1a tx timeout [ 871.446641][T13423] Bluetooth: hci3: command 0x0c1a tx timeout [ 871.452752][ T6291] Bluetooth: hci1: command 0x0c1a tx timeout [ 871.523252][T13423] Bluetooth: hci2: command 0x0c1a tx timeout [ 872.754751][T14768] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 872.765749][T14768] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 872.781875][T14768] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 872.799745][ T1318] ieee802154 phy0 wpan0: encryption failed: -22 [ 872.808965][ T1318] ieee802154 phy1 wpan1: encryption failed: -22 [ 872.838870][T14768] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 874.782780][T14791] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 874.790001][ T6291] Bluetooth: hci1: command 0x0c1a tx timeout [ 874.796270][T13423] Bluetooth: hci3: command 0x0c1a tx timeout [ 874.809091][T14791] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 874.832421][T14791] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 874.843819][T14791] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 875.190667][T14813] smpboot: CPU 1 is now offline [ 876.059684][T13423] Bluetooth: hci0: command 0x0c1a tx timeout [ 876.696591][T14838] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1685'. [ 876.855279][ T6291] Bluetooth: hci3: command 0x0c1a tx timeout [ 876.861367][T11369] Bluetooth: hci1: command 0x0c1a tx timeout [ 876.869679][T13423] Bluetooth: hci2: command 0x0c1a tx timeout [ 878.275537][T14852] netlink: 338 bytes leftover after parsing attributes in process `syz.0.1690'. [ 878.443364][T14855] netlink: 338 bytes leftover after parsing attributes in process `syz.0.1690'. [ 879.254288][T14861] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 879.285449][T14861] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 879.323104][T14861] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 879.358719][T14861] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 880.595736][T13423] Bluetooth: hci0: command 0x0c1a tx timeout [ 881.313817][T13423] Bluetooth: hci1: command 0x0c1a tx timeout [ 881.394096][T13423] Bluetooth: hci2: command 0x0c1a tx timeout [ 881.400233][ T6291] Bluetooth: hci3: command 0x0c1a tx timeout [ 881.609985][T14869] Process accounting resumed [ 881.893599][T14895] FAULT_INJECTION: forcing a failure. [ 881.893599][T14895] name failslab, interval 1, probability 0, space 0, times 0 [ 881.987853][T14895] CPU: 0 UID: 0 PID: 14895 Comm: syz.3.1700 Tainted: G L syzkaller #0 PREEMPT(full) [ 881.987891][T14895] Tainted: [L]=SOFTLOCKUP [ 881.987900][T14895] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 881.987914][T14895] Call Trace: [ 881.987922][T14895] [ 881.987930][T14895] dump_stack_lvl+0x100/0x190 [ 881.987978][T14895] should_fail_ex.cold+0x5/0xa [ 881.988011][T14895] ? kernfs_fop_write_iter+0x26a/0x5f0 [ 881.988046][T14895] should_failslab+0xc2/0x120 [ 881.988074][T14895] __kmalloc_noprof+0xe0/0x850 [ 881.988112][T14895] ? trace_kmalloc+0xe3/0x110 [ 881.988149][T14895] kernfs_fop_write_iter+0x26a/0x5f0 [ 881.988187][T14895] iter_file_splice_write+0x830/0x10a0 [ 881.988233][T14895] ? __pfx_iter_file_splice_write+0x10/0x10 [ 881.988270][T14895] ? __pfx_copy_splice_read+0x10/0x10 [ 881.988339][T14895] ? __pfx_iter_file_splice_write+0x10/0x10 [ 881.988373][T14895] direct_splice_actor+0x192/0x6c0 [ 881.988406][T14895] splice_direct_to_actor+0x345/0xa30 [ 881.988444][T14895] ? __pfx_direct_splice_actor+0x10/0x10 [ 881.988479][T14895] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 881.988518][T14895] do_splice_direct+0x174/0x240 [ 881.988549][T14895] ? __pfx_do_splice_direct+0x10/0x10 [ 881.988580][T14895] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 881.988613][T14895] ? rw_verify_area+0xce/0x6d0 [ 881.988639][T14895] do_sendfile+0xadc/0xe20 [ 881.988671][T14895] ? __pfx_do_sendfile+0x10/0x10 [ 881.988696][T14895] ? __fget_files+0x21f/0x3d0 [ 881.988731][T14895] __x64_sys_sendfile64+0x1d8/0x220 [ 881.988763][T14895] ? ksys_write+0x1ac/0x250 [ 881.988789][T14895] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 881.988824][T14895] ? rcu_is_watching+0x12/0xc0 [ 881.988856][T14895] do_syscall_64+0x115/0x840 [ 881.988890][T14895] ? clear_bhb_loop+0x40/0x90 [ 881.988919][T14895] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 881.988947][T14895] RIP: 0033:0x7fcf1db9ce59 [ 881.988966][T14895] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 881.988988][T14895] RSP: 002b:00007fcf1e973028 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 881.989011][T14895] RAX: ffffffffffffffda RBX: 00007fcf1de15fa0 RCX: 00007fcf1db9ce59 [ 881.989026][T14895] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000004 [ 881.989039][T14895] RBP: 00007fcf1e973090 R08: 0000000000000000 R09: 0000000000000000 [ 881.989053][T14895] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000001 [ 881.989066][T14895] R13: 00007fcf1de16038 R14: 00007fcf1de15fa0 R15: 00007ffd32962048 [ 881.989096][T14895] [ 884.100066][T14918] FAULT_INJECTION: forcing a failure. [ 884.100066][T14918] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 884.182697][T14918] CPU: 0 UID: 0 PID: 14918 Comm: syz.2.1703 Tainted: G L syzkaller #0 PREEMPT(full) [ 884.182733][T14918] Tainted: [L]=SOFTLOCKUP [ 884.182741][T14918] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 884.182755][T14918] Call Trace: [ 884.182763][T14918] [ 884.182771][T14918] dump_stack_lvl+0x100/0x190 [ 884.182817][T14918] should_fail_ex.cold+0x5/0xa [ 884.182842][T14918] ? prepare_alloc_pages+0x16d/0x5f0 [ 884.182874][T14918] should_fail_alloc_page+0xeb/0x140 [ 884.182905][T14918] prepare_alloc_pages+0x1f0/0x5f0 [ 884.182939][T14918] __alloc_frozen_pages_noprof+0x19a/0x2bc0 [ 884.182978][T14918] ? is_bpf_text_address+0x8a/0x1a0 [ 884.183042][T14918] ? is_bpf_text_address+0x8a/0x1a0 [ 884.183073][T14918] ? bpf_ksym_find+0x124/0x1c0 [ 884.183101][T14918] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 884.183135][T14918] ? is_bpf_text_address+0x94/0x1a0 [ 884.183167][T14918] ? kernel_text_address+0x8d/0x100 [ 884.183198][T14918] ? __kernel_text_address+0xd/0x30 [ 884.183220][T14918] ? unwind_get_return_address+0x59/0xa0 [ 884.183253][T14918] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 884.183292][T14918] ? __lock_acquire+0x4a5/0x2630 [ 884.183333][T14918] ? tomoyo_check_open_permission+0x1a2/0x3c0 [ 884.183370][T14918] ? look_up_lock_class+0x64/0x120 [ 884.183406][T14918] ? vma_is_special_huge+0x23f/0x2d0 [ 884.183434][T14918] ? __pfx_vma_is_special_huge+0x10/0x10 [ 884.183462][T14918] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 884.183497][T14918] ? policy_nodemask+0xed/0x4f0 [ 884.183527][T14918] alloc_pages_mpol+0x1fb/0x540 [ 884.183556][T14918] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 884.183587][T14918] ? __pfx___thp_vma_allowable_orders+0x10/0x10 [ 884.183623][T14918] alloc_pages_noprof+0x1a/0x160 [ 884.183656][T14918] __pmd_alloc+0x3b/0x950 [ 884.183690][T14918] __handle_mm_fault+0xa9c/0x2a00 [ 884.183734][T14918] ? mt_find+0x45e/0x8e0 [ 884.183815][T14918] ? __pfx___handle_mm_fault+0x10/0x10 [ 884.183849][T14918] ? __pfx_mt_find+0x10/0x10 [ 884.183899][T14918] ? find_vma+0xbf/0x140 [ 884.183923][T14918] ? __pfx_find_vma+0x10/0x10 [ 884.183952][T14918] handle_mm_fault+0x37b/0xa30 [ 884.183992][T14918] do_user_addr_fault+0x74c/0x12f0 [ 884.184023][T14918] ? trace_page_fault_kernel+0x7a/0x200 [ 884.184051][T14918] exc_page_fault+0x6f/0xd0 [ 884.184084][T14918] asm_exc_page_fault+0x26/0x30 [ 884.184107][T14918] RIP: 0010:rep_movs_alternative+0xf/0x90 [ 884.184132][T14918] Code: c4 10 e9 44 9d 04 00 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 48 83 f9 40 73 44 83 f9 08 73 25 85 c9 74 0f <8a> 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 e9 0d 9d 04 00 66 66 [ 884.184155][T14918] RSP: 0018:ffffc9000566f9b0 EFLAGS: 00050202 [ 884.184174][T14918] RAX: 0000000000000001 RBX: 0000000000000000 RCX: 0000000000000007 [ 884.184193][T14918] RDX: 0000000000000001 RSI: 0000000000000000 RDI: ffffc9000566fa38 [ 884.184207][T14918] RBP: 0000000000000007 R08: 0000000000000001 R09: fffff52000acdf47 [ 884.184221][T14918] R10: ffffc9000566fa3e R11: 0000000000000000 R12: 0000000000000000 [ 884.184235][T14918] R13: ffffc9000566fa38 R14: 1ffff92000acdf41 R15: ffffc9000566fd6c [ 884.184264][T14918] _copy_from_user+0x98/0xd0 [ 884.184309][T14918] ____sys_sendmsg+0x1d1/0xb70 [ 884.184346][T14918] ? __pfx_____sys_sendmsg+0x10/0x10 [ 884.184381][T14918] ? __pfx__kstrtoull+0x10/0x10 [ 884.184409][T14918] ___sys_sendmsg+0x190/0x1e0 [ 884.184444][T14918] ? __pfx____sys_sendmsg+0x10/0x10 [ 884.184515][T14918] ? find_held_lock+0x2b/0x80 [ 884.184561][T14918] __sys_sendmmsg+0x205/0x430 [ 884.184589][T14918] ? __pfx___sys_sendmmsg+0x10/0x10 [ 884.184623][T14918] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 884.184670][T14918] ? fput+0x79/0x100 [ 884.184702][T14918] ? ksys_write+0x1ac/0x250 [ 884.184728][T14918] ? __pfx_ksys_write+0x10/0x10 [ 884.184760][T14918] __x64_sys_sendmmsg+0x9c/0x100 [ 884.184784][T14918] ? lockdep_hardirqs_on+0x78/0x100 [ 884.184817][T14918] do_syscall_64+0x115/0x840 [ 884.184850][T14918] ? clear_bhb_loop+0x40/0x90 [ 884.184878][T14918] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 884.184902][T14918] RIP: 0033:0x7faa6d19ce59 [ 884.184920][T14918] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 884.184942][T14918] RSP: 002b:00007faa6df70028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 884.184963][T14918] RAX: ffffffffffffffda RBX: 00007faa6d416090 RCX: 00007faa6d19ce59 [ 884.184978][T14918] RDX: 0000000000000007 RSI: 0000200000000200 RDI: 0000000000000003 [ 884.184992][T14918] RBP: 00007faa6df70090 R08: 0000000000000000 R09: 0000000000000000 [ 884.185006][T14918] R10: 0000000000004008 R11: 0000000000000246 R12: 0000000000000001 [ 884.185019][T14918] R13: 00007faa6d416128 R14: 00007faa6d416090 R15: 00007ffc4ec381e8 [ 884.185048][T14918] [ 886.703589][T14936] netlink: 338 bytes leftover after parsing attributes in process `syz.1.1707'. [ 886.803235][T14941] netlink: 338 bytes leftover after parsing attributes in process `syz.1.1707'. [ 889.584040][T14979] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1717'. [ 890.713491][T14995] netlink: 338 bytes leftover after parsing attributes in process `syz.1.1720'. [ 890.866047][T14995] netlink: 338 bytes leftover after parsing attributes in process `syz.1.1720'. [ 893.617297][T15032] FAULT_INJECTION: forcing a failure. [ 893.617297][T15032] name failslab, interval 1, probability 0, space 0, times 0 [ 893.660935][T15032] CPU: 0 UID: 0 PID: 15032 Comm: syz.1.1728 Tainted: G L syzkaller #0 PREEMPT(full) [ 893.660974][T15032] Tainted: [L]=SOFTLOCKUP [ 893.660982][T15032] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 893.660997][T15032] Call Trace: [ 893.661004][T15032] [ 893.661013][T15032] dump_stack_lvl+0x100/0x190 [ 893.661060][T15032] should_fail_ex.cold+0x5/0xa [ 893.661091][T15032] ? __register_sysctl_table+0xac/0x1650 [ 893.661123][T15032] should_failslab+0xc2/0x120 [ 893.661153][T15032] __kmalloc_noprof+0xe0/0x850 [ 893.661198][T15032] __register_sysctl_table+0xac/0x1650 [ 893.661231][T15032] ? is_module_address+0x5f/0xf0 [ 893.661258][T15032] ? __pfx___register_sysctl_table+0x10/0x10 [ 893.661291][T15032] ? is_module_address+0x69/0xf0 [ 893.661312][T15032] ? register_net_sysctl_sz+0x222/0x430 [ 893.661462][T15032] ? __asan_memcpy+0x3c/0x60 [ 893.661503][T15032] __ip_vs_lblcr_init+0x150/0x330 [ 893.661559][T15032] ? __pfx___ip_vs_lblcr_init+0x10/0x10 [ 893.661587][T15032] ops_init+0x1e2/0x5f0 [ 893.661617][T15032] setup_net+0x118/0x3a0 [ 893.661644][T15032] ? __pfx_setup_net+0x10/0x10 [ 893.661670][T15032] ? mutex_init_lockdep+0xf1/0x120 [ 893.661700][T15032] copy_net_ns+0x46f/0x7c0 [ 893.661732][T15032] create_new_namespaces+0x3ea/0xac0 [ 893.661769][T15032] unshare_nsproxy_namespaces+0xf2/0x220 [ 893.661803][T15032] ksys_unshare+0x438/0xab0 [ 893.661839][T15032] ? __pfx_ksys_unshare+0x10/0x10 [ 893.661873][T15032] ? xfd_validate_state+0x129/0x190 [ 893.661907][T15032] __x64_sys_unshare+0x31/0x40 [ 893.661942][T15032] do_syscall_64+0x115/0x840 [ 893.661976][T15032] ? clear_bhb_loop+0x40/0x90 [ 893.662006][T15032] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 893.662031][T15032] RIP: 0033:0x7f0242f9ce59 [ 893.662051][T15032] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 893.662075][T15032] RSP: 002b:00007f0243e1d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 893.662098][T15032] RAX: ffffffffffffffda RBX: 00007f0243215fa0 RCX: 00007f0242f9ce59 [ 893.662114][T15032] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 893.662129][T15032] RBP: 00007f0243032d6f R08: 0000000000000000 R09: 0000000000000000 [ 893.662144][T15032] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 893.662158][T15032] R13: 00007f0243216038 R14: 00007f0243215fa0 R15: 00007ffd99d9d6a8 [ 893.662188][T15032] [ 901.411879][T15125] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1746'. [ 901.468600][T15126] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1746'. [ 902.446152][T15130] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 902.465356][T15130] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 902.489224][T15130] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 902.517483][T15130] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 903.680143][ T6291] Bluetooth: hci0: command 0x0c1a tx timeout [ 904.223054][T15173] netlink: 338 bytes leftover after parsing attributes in process `syz.3.1755'. [ 904.326755][T15174] netlink: 338 bytes leftover after parsing attributes in process `syz.3.1755'. [ 904.472391][ T6291] Bluetooth: hci1: command 0x0c1a tx timeout [ 904.551820][ T6291] Bluetooth: hci2: command 0x0c1a tx timeout [ 904.557979][T13423] Bluetooth: hci3: command 0x0c1a tx timeout [ 909.188972][T15214] kexec: Could not allocate control_code_buffer [ 909.243345][T15232] netlink: 338 bytes leftover after parsing attributes in process `syz.2.1767'. [ 909.482017][T15237] FAULT_INJECTION: forcing a failure. [ 909.482017][T15237] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 909.572097][T15237] CPU: 0 UID: 0 PID: 15237 Comm: syz.1.1768 Tainted: G L syzkaller #0 PREEMPT(full) [ 909.572134][T15237] Tainted: [L]=SOFTLOCKUP [ 909.572143][T15237] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 909.572165][T15237] Call Trace: [ 909.572173][T15237] [ 909.572182][T15237] dump_stack_lvl+0x100/0x190 [ 909.572228][T15237] should_fail_ex.cold+0x5/0xa [ 909.572257][T15237] _copy_from_user+0x2e/0xd0 [ 909.572293][T15237] copy_msghdr_from_user+0x9f/0x4f0 [ 909.572328][T15237] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 909.572365][T15237] ? rcu_is_watching+0x12/0xc0 [ 909.572391][T15237] ? ___sys_sendmsg+0x19d/0x1e0 [ 909.572421][T15237] ? kfree+0x1dd/0x6c0 [ 909.572458][T15237] ___sys_sendmsg+0x106/0x1e0 [ 909.572493][T15237] ? __pfx____sys_sendmsg+0x10/0x10 [ 909.572550][T15237] ? __pfx___might_resched+0x10/0x10 [ 909.572582][T15237] __sys_sendmmsg+0x205/0x430 [ 909.572611][T15237] ? __pfx___sys_sendmmsg+0x10/0x10 [ 909.572644][T15237] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 909.572693][T15237] ? fput+0x79/0x100 [ 909.572725][T15237] ? ksys_write+0x1ac/0x250 [ 909.572752][T15237] ? __pfx_ksys_write+0x10/0x10 [ 909.572784][T15237] __x64_sys_sendmmsg+0x9c/0x100 [ 909.572808][T15237] ? lockdep_hardirqs_on+0x78/0x100 [ 909.572841][T15237] do_syscall_64+0x115/0x840 [ 909.572874][T15237] ? clear_bhb_loop+0x40/0x90 [ 909.572902][T15237] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 909.572926][T15237] RIP: 0033:0x7f0242f9ce59 [ 909.572945][T15237] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 909.572968][T15237] RSP: 002b:00007f0243dfc028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 909.572994][T15237] RAX: ffffffffffffffda RBX: 00007f0243216090 RCX: 00007f0242f9ce59 [ 909.573009][T15237] RDX: 00000000000009a6 RSI: 0000000000000000 RDI: 0000000000000003 [ 909.573023][T15237] RBP: 00007f0243dfc090 R08: 0000000000000000 R09: 0000000000000000 [ 909.573037][T15237] R10: 0000000007fffffe R11: 0000000000000246 R12: 0000000000000001 [ 909.573050][T15237] R13: 00007f0243216128 R14: 00007f0243216090 R15: 00007ffd99d9d6a8 [ 909.573080][T15237] [ 910.167077][T15235] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 910.175672][T15235] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 910.182998][T15235] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 910.210326][T15235] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 912.192205][T13423] Bluetooth: hci1: command 0x0c1a tx timeout [ 912.198385][T13423] Bluetooth: hci0: command 0x0c1a tx timeout [ 912.204860][ T6291] Bluetooth: hci3: command 0x0c1a tx timeout [ 912.271452][ T6291] Bluetooth: hci2: command 0x0c1a tx timeout [ 914.030136][T15263] Process accounting paused [ 914.486620][T15283] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 914.513333][T15283] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 914.538820][T15283] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 914.563418][T15283] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 915.932159][ T6291] Bluetooth: hci0: command 0x0c1a tx timeout [ 916.569257][ T6291] Bluetooth: hci2: command 0x0c1a tx timeout [ 916.569421][T13423] Bluetooth: hci3: command 0x0c1a tx timeout [ 916.581715][T11369] Bluetooth: hci1: command 0x0c1a tx timeout [ 919.236387][T15349] hub 1-0:1.0: USB hub found [ 919.270262][T15349] hub 1-0:1.0: 1 port detected [ 922.080353][T15380] netlink: 338 bytes leftover after parsing attributes in process `syz.1.1796'. [ 922.165331][T15381] netlink: 338 bytes leftover after parsing attributes in process `syz.1.1796'. [ 923.498429][T15392] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 923.530210][T15392] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 923.550029][T15392] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 923.570939][T15392] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 924.291970][ T30] audit: type=1800 audit(1843104958.664:75): pid=15409 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.1802" name="dbroot" dev="configfs" ino=63282 res=0 errno=0 [ 924.586096][T15398] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 924.618635][T15398] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 924.648248][T15398] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 924.674471][T15398] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 925.969458][T13423] Bluetooth: hci0: command 0x0c1a tx timeout [ 926.676293][T13423] Bluetooth: hci2: command 0x0c1a tx timeout [ 926.683020][ T6291] Bluetooth: hci3: command 0x0c1a tx timeout [ 926.689590][T11369] Bluetooth: hci1: command 0x0c1a tx timeout [ 927.436862][T15453] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 927.483109][T15453] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 927.557221][T15453] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 927.640918][T15453] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 928.257725][T15466] FAULT_INJECTION: forcing a failure. [ 928.257725][T15466] name failslab, interval 1, probability 0, space 0, times 0 [ 928.613988][T15466] CPU: 0 UID: 0 PID: 15466 Comm: syz.0.1812 Tainted: G L syzkaller #0 PREEMPT(full) [ 928.614027][T15466] Tainted: [L]=SOFTLOCKUP [ 928.614036][T15466] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 928.614051][T15466] Call Trace: [ 928.614059][T15466] [ 928.614067][T15466] dump_stack_lvl+0x100/0x190 [ 928.614116][T15466] should_fail_ex.cold+0x5/0xa [ 928.614146][T15466] should_failslab+0xc2/0x120 [ 928.614176][T15466] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 928.614215][T15466] ? __kernfs_new_node+0xd2/0x9f0 [ 928.614249][T15466] __kernfs_new_node+0xd2/0x9f0 [ 928.614280][T15466] ? __pfx___kernfs_new_node+0x10/0x10 [ 928.614314][T15466] ? find_held_lock+0x2b/0x80 [ 928.614344][T15466] ? kernfs_root+0xee/0x2a0 [ 928.614369][T15466] ? kernfs_root+0xee/0x2a0 [ 928.614406][T15466] kernfs_new_node+0x11b/0x1a0 [ 928.614442][T15466] __kernfs_create_file+0x53/0x350 [ 928.614483][T15466] sysfs_add_file_mode_ns+0x207/0x3c0 [ 928.614516][T15466] sysfs_merge_group+0x194/0x340 [ 928.614546][T15466] ? __pfx_sysfs_merge_group+0x10/0x10 [ 928.614573][T15466] ? bus_add_device+0x368/0x6b0 [ 928.614694][T15466] ? __pfx_bus_add_device+0x10/0x10 [ 928.614727][T15466] ? __pfx_dev_add_physical_location+0x10/0x10 [ 928.614765][T15466] dpm_sysfs_add+0x237/0x280 [ 928.614812][T15466] device_add+0x9ef/0x1950 [ 928.614841][T15466] ? __pfx_device_add+0x10/0x10 [ 928.614866][T15466] ? lockdep_init_map_type+0x5c/0x250 [ 928.614907][T15466] ? __init_waitqueue_head+0xca/0x150 [ 928.614942][T15466] rfkill_register+0x1ad/0xb30 [ 928.615009][T15466] nfc_register_device+0x11f/0x3e0 [ 928.615083][T15466] nci_register_device+0x7f1/0xb80 [ 928.615135][T15466] ? __pfx_nci_register_device+0x10/0x10 [ 928.615167][T15466] ? lockdep_init_map_type+0x5c/0x250 [ 928.615213][T15466] virtual_ncidev_open+0x141/0x220 [ 928.615264][T15466] ? __pfx_virtual_ncidev_open+0x10/0x10 [ 928.615290][T15466] misc_open+0x26d/0x450 [ 928.615353][T15466] ? __pfx_misc_open+0x10/0x10 [ 928.615377][T15466] chrdev_open+0x234/0x6a0 [ 928.615408][T15466] ? __pfx_apparmor_file_open+0x10/0x10 [ 928.615436][T15466] ? __pfx_chrdev_open+0x10/0x10 [ 928.615469][T15466] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 928.615509][T15466] do_dentry_open+0x6ab/0x14d0 [ 928.615538][T15466] ? __pfx_chrdev_open+0x10/0x10 [ 928.615582][T15466] vfs_open+0x82/0x3f0 [ 928.615622][T15466] path_openat+0x208c/0x31a0 [ 928.615664][T15466] ? __pfx_path_openat+0x10/0x10 [ 928.615706][T15466] do_file_open+0x20e/0x430 [ 928.615739][T15466] ? __pfx_do_file_open+0x10/0x10 [ 928.615792][T15466] ? alloc_fd+0x476/0x790 [ 928.615824][T15466] ? do_getname+0x191/0x390 [ 928.615863][T15466] do_sys_openat2+0x10d/0x1e0 [ 928.615901][T15466] ? __pfx_do_sys_openat2+0x10/0x10 [ 928.615942][T15466] ? __fget_files+0x21f/0x3d0 [ 928.615976][T15466] __x64_sys_openat+0x12d/0x210 [ 928.616016][T15466] ? __pfx___x64_sys_openat+0x10/0x10 [ 928.616060][T15466] ? rcu_is_watching+0x12/0xc0 [ 928.616091][T15466] do_syscall_64+0x115/0x840 [ 928.616126][T15466] ? clear_bhb_loop+0x40/0x90 [ 928.616155][T15466] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 928.616181][T15466] RIP: 0033:0x7f39ceb9ce59 [ 928.616202][T15466] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 928.616226][T15466] RSP: 002b:00007f39cfa55028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 928.616250][T15466] RAX: ffffffffffffffda RBX: 00007f39cee16270 RCX: 00007f39ceb9ce59 [ 928.616266][T15466] RDX: 0000000000000002 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 928.616281][T15466] RBP: 00007f39cec32d6f R08: 0000000000000000 R09: 0000000000000000 [ 928.616295][T15466] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 928.616310][T15466] R13: 00007f39cee16308 R14: 00007f39cee16270 R15: 00007ffdcf1042b8 [ 928.616341][T15466] [ 929.463133][T13423] Bluetooth: hci0: command 0x0c1a tx timeout [ 929.541251][T13423] Bluetooth: hci1: command 0x0c1a tx timeout [ 929.621018][T13423] Bluetooth: hci3: command 0x0c1a tx timeout [ 929.700594][T13423] Bluetooth: hci2: command 0x0c1a tx timeout [ 930.626729][T15484] workqueue: Failed to create a rescuer kthread for wq "nfc3_nci_cmd_wq": -EINTR [ 931.941411][T15515] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 932.003699][T15515] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 932.038069][T15515] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 932.062546][T15515] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 933.074678][T15516] kexec: Could not allocate control_code_buffer [ 933.800431][T15544] FAULT_INJECTION: forcing a failure. [ 933.800431][T15544] name failslab, interval 1, probability 0, space 0, times 0 [ 933.929573][ T1318] ieee802154 phy0 wpan0: encryption failed: -22 [ 933.936337][ T1318] ieee802154 phy1 wpan1: encryption failed: -22 [ 933.979549][T15544] CPU: 0 UID: 0 PID: 15544 Comm: syz.2.1828 Tainted: G L syzkaller #0 PREEMPT(full) [ 933.979588][T15544] Tainted: [L]=SOFTLOCKUP [ 933.979597][T15544] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 933.979612][T15544] Call Trace: [ 933.979619][T15544] [ 933.979628][T15544] dump_stack_lvl+0x100/0x190 [ 933.979676][T15544] should_fail_ex.cold+0x5/0xa [ 933.979708][T15544] should_failslab+0xc2/0x120 [ 933.979737][T15544] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 933.979777][T15544] ? __kernfs_new_node+0xd2/0x9f0 [ 933.979810][T15544] __kernfs_new_node+0xd2/0x9f0 [ 933.979840][T15544] ? __pfx___kernfs_new_node+0x10/0x10 [ 933.979874][T15544] ? find_held_lock+0x2b/0x80 [ 933.979905][T15544] ? kernfs_root+0xee/0x2a0 [ 933.979933][T15544] ? kernfs_root+0xee/0x2a0 [ 933.979967][T15544] kernfs_new_node+0x11b/0x1a0 [ 933.980003][T15544] __kernfs_create_file+0x53/0x350 [ 933.980043][T15544] sysfs_add_file_mode_ns+0x207/0x3c0 [ 933.980079][T15544] sysfs_merge_group+0x194/0x340 [ 933.980109][T15544] ? __pfx_sysfs_merge_group+0x10/0x10 [ 933.980137][T15544] ? bus_add_device+0x368/0x6b0 [ 933.980181][T15544] ? __pfx_bus_add_device+0x10/0x10 [ 933.980213][T15544] ? __pfx_dev_add_physical_location+0x10/0x10 [ 933.980248][T15544] dpm_sysfs_add+0x237/0x280 [ 933.980277][T15544] device_add+0x9ef/0x1950 [ 933.980306][T15544] ? __pfx_device_add+0x10/0x10 [ 933.980331][T15544] ? lockdep_init_map_type+0x5c/0x250 [ 933.980372][T15544] ? __init_waitqueue_head+0xca/0x150 [ 933.980406][T15544] rfkill_register+0x1ad/0xb30 [ 933.980438][T15544] nfc_register_device+0x11f/0x3e0 [ 933.980475][T15544] nci_register_device+0x7f1/0xb80 [ 933.980504][T15544] ? __pfx_nci_register_device+0x10/0x10 [ 933.980536][T15544] ? lockdep_init_map_type+0x5c/0x250 [ 933.980584][T15544] virtual_ncidev_open+0x141/0x220 [ 933.980611][T15544] ? __pfx_virtual_ncidev_open+0x10/0x10 [ 933.980637][T15544] misc_open+0x26d/0x450 [ 933.980661][T15544] ? __pfx_misc_open+0x10/0x10 [ 933.980686][T15544] chrdev_open+0x234/0x6a0 [ 933.980716][T15544] ? __pfx_apparmor_file_open+0x10/0x10 [ 933.980744][T15544] ? __pfx_chrdev_open+0x10/0x10 [ 933.980776][T15544] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 933.980815][T15544] do_dentry_open+0x6ab/0x14d0 [ 933.980844][T15544] ? __pfx_chrdev_open+0x10/0x10 [ 933.980881][T15544] vfs_open+0x82/0x3f0 [ 933.980925][T15544] path_openat+0x208c/0x31a0 [ 933.980966][T15544] ? __pfx_path_openat+0x10/0x10 [ 933.981008][T15544] do_file_open+0x20e/0x430 [ 933.981041][T15544] ? __pfx_do_file_open+0x10/0x10 [ 933.981094][T15544] ? alloc_fd+0x476/0x790 [ 933.981126][T15544] ? do_getname+0x191/0x390 [ 933.981171][T15544] do_sys_openat2+0x10d/0x1e0 [ 933.981209][T15544] ? __pfx_do_sys_openat2+0x10/0x10 [ 933.981249][T15544] ? __fget_files+0x21f/0x3d0 [ 933.981284][T15544] __x64_sys_openat+0x12d/0x210 [ 933.981323][T15544] ? __pfx___x64_sys_openat+0x10/0x10 [ 933.981368][T15544] ? rcu_is_watching+0x12/0xc0 [ 933.981400][T15544] do_syscall_64+0x115/0x840 [ 933.981435][T15544] ? clear_bhb_loop+0x40/0x90 [ 933.981464][T15544] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 933.981489][T15544] RIP: 0033:0x7faa6d19ce59 [ 933.981509][T15544] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 933.981533][T15544] RSP: 002b:00007faa6afd3028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 933.981556][T15544] RAX: ffffffffffffffda RBX: 00007faa6d416270 RCX: 00007faa6d19ce59 [ 933.981572][T15544] RDX: 0000000000000002 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 933.981588][T15544] RBP: 00007faa6d232d6f R08: 0000000000000000 R09: 0000000000000000 [ 933.981602][T15544] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 933.981616][T15544] R13: 00007faa6d416308 R14: 00007faa6d416270 R15: 00007ffc4ec381e8 [ 933.981648][T15544] [ 934.726589][T13423] Bluetooth: hci1: command 0x0c1a tx timeout [ 934.732641][T13423] Bluetooth: hci0: command 0x0c1a tx timeout [ 934.739725][T13423] Bluetooth: hci2: command 0x0c1a tx timeout [ 934.745795][T13423] Bluetooth: hci3: command 0x0c1a tx timeout [ 935.584701][T15565] FAULT_INJECTION: forcing a failure. [ 935.584701][T15565] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 935.618049][T15565] CPU: 0 UID: 0 PID: 15565 Comm: syz.3.1833 Tainted: G L syzkaller #0 PREEMPT(full) [ 935.618086][T15565] Tainted: [L]=SOFTLOCKUP [ 935.618095][T15565] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 935.618109][T15565] Call Trace: [ 935.618117][T15565] [ 935.618126][T15565] dump_stack_lvl+0x100/0x190 [ 935.618173][T15565] should_fail_ex.cold+0x5/0xa [ 935.618202][T15565] _copy_to_user+0x32/0xd0 [ 935.618238][T15565] simple_read_from_buffer+0xcb/0x170 [ 935.618267][T15565] proc_fail_nth_read+0x1af/0x230 [ 935.618306][T15565] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 935.618345][T15565] ? rw_verify_area+0xce/0x6d0 [ 935.618368][T15565] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 935.618405][T15565] vfs_read+0x1e4/0xb30 [ 935.618435][T15565] ? __pfx_vfs_read+0x10/0x10 [ 935.618460][T15565] ? __fget_files+0x215/0x3d0 [ 935.618496][T15565] ? __fget_files+0x21f/0x3d0 [ 935.618531][T15565] ksys_read+0x12a/0x250 [ 935.618557][T15565] ? __pfx_ksys_read+0x10/0x10 [ 935.618586][T15565] ? rcu_is_watching+0x12/0xc0 [ 935.618616][T15565] do_syscall_64+0x115/0x840 [ 935.618650][T15565] ? clear_bhb_loop+0x40/0x90 [ 935.618678][T15565] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 935.618702][T15565] RIP: 0033:0x7fcf1db5d68e [ 935.618721][T15565] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 935.618744][T15565] RSP: 002b:00007fcf1e972fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 935.618765][T15565] RAX: ffffffffffffffda RBX: 00007fcf1e9736c0 RCX: 00007fcf1db5d68e [ 935.618780][T15565] RDX: 000000000000000f RSI: 00007fcf1e9730a0 RDI: 0000000000000004 [ 935.618794][T15565] RBP: 00007fcf1e973090 R08: 0000000000000000 R09: 0000000000000000 [ 935.618808][T15565] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 935.618821][T15565] R13: 00007fcf1de16038 R14: 00007fcf1de15fa0 R15: 00007ffd32962048 [ 935.618850][T15565] [ 937.465941][T15577] kexec: Could not allocate control_code_buffer [ 943.189961][T15656] futex_wake_op: syz.2.1855 tries to shift op by -2048; fix this program [ 943.247359][T15656] ubi1: attaching mtd0 [ 943.302867][T15656] ubi1: scanning is finished [ 943.488011][T15650] kexec: Could not allocate control_code_buffer [ 943.502608][T15656] ubi1: attached mtd0 (name "mtdram test device", size 0 MiB) [ 943.536904][T15656] ubi1: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 943.580656][T15656] ubi1: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 943.624153][T15656] ubi1: VID header offset: 64 (aligned 64), data offset: 128 [ 943.665863][T15656] ubi1: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 943.696539][T15656] ubi1: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 943.739779][T15656] ubi1: max/mean erase counter: 2/1, WL threshold: 4096, image sequence number: 2630288603 [ 943.796810][T15656] ubi1: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 943.848494][T15663] ubi1: background thread "ubi_bgt1d" started, PID 15663 [ 945.915867][T15668] Process accounting resumed [ 946.179438][T15693] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 946.212281][T15693] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 946.233455][T15693] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 946.305764][T15693] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 946.964511][T15710] futex_wake_op: syz.1.1866 tries to shift op by -2048; fix this program [ 947.022830][T15710] ubi: mtd0 is already attached to ubi1 [ 948.244207][T13423] Bluetooth: hci1: command 0x0c1a tx timeout [ 948.250491][ T6291] Bluetooth: hci0: command 0x0c1a tx timeout [ 948.256785][T11369] Bluetooth: hci3: command 0x0c1a tx timeout [ 948.323982][T11369] Bluetooth: hci2: command 0x0c1a tx timeout [ 948.625487][T15726] ICMPv6: process `syz.2.1869' is using deprecated sysctl (syscall) net.ipv6.neigh.veth0_to_bridge.base_reachable_time - use net.ipv6.neigh.veth0_to_bridge.base_reachable_time_ms instead [ 951.780799][T15752] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 951.781180][T15752] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 951.781360][T15752] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 951.781531][T15752] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 951.822921][T15766] cifs: Unknown parameter 'no+ 1`rsFn)aHāh`9kA}1\D@.ZCg^' [ 952.121851][T15776] netlink: 'syz.2.1877': attribute type 3 has an invalid length. [ 953.258132][T11369] Bluetooth: hci0: command 0x0c1a tx timeout [ 953.815269][T11369] Bluetooth: hci2: command 0x0c1a tx timeout [ 953.821427][ T6291] Bluetooth: hci3: command 0x0c1a tx timeout [ 953.827570][T13423] Bluetooth: hci1: command 0x0c1a tx timeout [ 955.294296][T15826] futex_wake_op: syz.1.1888 tries to shift op by -2048; fix this program [ 955.360974][T15826] ubi: mtd0 is already attached to ubi1 [ 957.452181][T15859] FAULT_INJECTION: forcing a failure. [ 957.452181][T15859] name failslab, interval 1, probability 0, space 0, times 0 [ 957.521465][T15859] CPU: 0 UID: 0 PID: 15859 Comm: syz.3.1894 Tainted: G L syzkaller #0 PREEMPT(full) [ 957.521504][T15859] Tainted: [L]=SOFTLOCKUP [ 957.521512][T15859] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 957.521526][T15859] Call Trace: [ 957.521533][T15859] [ 957.521542][T15859] dump_stack_lvl+0x100/0x190 [ 957.521587][T15859] should_fail_ex.cold+0x5/0xa [ 957.521616][T15859] ? tomoyo_realpath_from_path+0xb6/0x690 [ 957.521651][T15859] should_failslab+0xc2/0x120 [ 957.521679][T15859] __kmalloc_noprof+0xe0/0x850 [ 957.521716][T15859] ? kfree+0x1dd/0x6c0 [ 957.521753][T15859] tomoyo_realpath_from_path+0xb6/0x690 [ 957.521793][T15859] tomoyo_path_number_perm+0x23c/0x580 [ 957.521822][T15859] ? tomoyo_path_number_perm+0x22e/0x580 [ 957.521852][T15859] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 957.521909][T15859] ? find_held_lock+0x2b/0x80 [ 957.521937][T15859] ? __fget_files+0x215/0x3d0 [ 957.521964][T15859] ? hook_file_ioctl_common+0x149/0x410 [ 957.521993][T15859] ? __fget_files+0x215/0x3d0 [ 957.522024][T15859] ? __fget_files+0x21f/0x3d0 [ 957.522056][T15859] security_file_ioctl+0xd3/0x230 [ 957.522094][T15859] __x64_sys_ioctl+0xb7/0x210 [ 957.522120][T15859] do_syscall_64+0x115/0x840 [ 957.522155][T15859] ? clear_bhb_loop+0x40/0x90 [ 957.522184][T15859] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 957.522208][T15859] RIP: 0033:0x7fcf1db9ce59 [ 957.522226][T15859] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 957.522251][T15859] RSP: 002b:00007fcf1bdd5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 957.522273][T15859] RAX: ffffffffffffffda RBX: 00007fcf1de16180 RCX: 00007fcf1db9ce59 [ 957.522288][T15859] RDX: 0000000000000038 RSI: 00000000402c542b RDI: 0000000000000003 [ 957.522302][T15859] RBP: 00007fcf1bdd5090 R08: 0000000000000000 R09: 0000000000000000 [ 957.522316][T15859] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 957.522330][T15859] R13: 00007fcf1de16218 R14: 00007fcf1de16180 R15: 00007ffd32962048 [ 957.522359][T15859] [ 957.522387][T15859] ERROR: Out of memory at tomoyo_realpath_from_path. [ 961.175983][T15895] FAULT_INJECTION: forcing a failure. [ 961.175983][T15895] name failslab, interval 1, probability 0, space 0, times 0 [ 961.267716][T15895] CPU: 0 UID: 8 PID: 15895 Comm: syz.3.1903 Tainted: G L syzkaller #0 PREEMPT(full) [ 961.267760][T15895] Tainted: [L]=SOFTLOCKUP [ 961.267768][T15895] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 961.267782][T15895] Call Trace: [ 961.267790][T15895] [ 961.267799][T15895] dump_stack_lvl+0x100/0x190 [ 961.267854][T15895] should_fail_ex.cold+0x5/0xa [ 961.267885][T15895] should_failslab+0xc2/0x120 [ 961.267914][T15895] __kmalloc_cache_noprof+0x7a/0x6f0 [ 961.267950][T15895] ? vidtv_mux_create_pid_ctx_once.part.0+0x49/0x200 [ 961.267999][T15895] vidtv_mux_create_pid_ctx_once.part.0+0x49/0x200 [ 961.268043][T15895] vidtv_mux_init+0x8a6/0xbf0 [ 961.268084][T15895] vidtv_start_feed+0x34e/0x500 [ 961.268112][T15895] ? __pfx_vidtv_start_feed+0x10/0x10 [ 961.268141][T15895] ? __pfx_vidtv_bridge_on_new_pkts_avail+0x10/0x10 [ 961.268184][T15895] dmx_section_feed_start_filtering+0x3a8/0x660 [ 961.268228][T15895] dvb_dmxdev_filter_start+0x767/0xdd0 [ 961.268264][T15895] dvb_demux_do_ioctl+0xe64/0x1200 [ 961.268299][T15895] dvb_usercopy+0x167/0x340 [ 961.268338][T15895] ? __pfx_dvb_demux_do_ioctl+0x10/0x10 [ 961.268367][T15895] ? __pfx_dvb_usercopy+0x10/0x10 [ 961.268416][T15895] ? __fget_files+0x21f/0x3d0 [ 961.268451][T15895] dvb_demux_ioctl+0x29/0x40 [ 961.268473][T15895] ? __pfx_dvb_demux_ioctl+0x10/0x10 [ 961.268496][T15895] __x64_sys_ioctl+0x18e/0x210 [ 961.268523][T15895] do_syscall_64+0x115/0x840 [ 961.268557][T15895] ? clear_bhb_loop+0x40/0x90 [ 961.268587][T15895] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 961.268613][T15895] RIP: 0033:0x7fcf1db9ce59 [ 961.268632][T15895] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 961.268656][T15895] RSP: 002b:00007fcf1bdf6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 961.268679][T15895] RAX: ffffffffffffffda RBX: 00007fcf1de16090 RCX: 00007fcf1db9ce59 [ 961.268695][T15895] RDX: 0000000000000000 RSI: 00000000403c6f2b RDI: 0000000000000008 [ 961.268709][T15895] RBP: 00007fcf1dc32d6f R08: 0000000000000000 R09: 0000000000000000 [ 961.268724][T15895] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 961.268738][T15895] R13: 00007fcf1de16128 R14: 00007fcf1de16090 R15: 00007ffd32962048 [ 961.268769][T15895] [ 961.851909][ T9] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] SMP KASAN PTI [ 961.863862][ T9] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] [ 961.872307][ T9] CPU: 0 UID: 0 PID: 9 Comm: kworker/0:0 Tainted: G L syzkaller #0 PREEMPT(full) [ 961.883022][ T9] Tainted: [L]=SOFTLOCKUP [ 961.887361][ T9] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 961.897432][ T9] Workqueue: events vidtv_mux_tick [ 961.902572][ T9] RIP: 0010:vidtv_psi_ts_psi_write_into+0x4bb/0xb40 [ 961.909177][ T9] Code: 5b ec d7 f9 4d 8d 65 20 4c 89 e0 48 c1 e8 03 80 3c 18 00 0f 85 fe 04 00 00 49 8b 45 20 48 89 c2 48 89 c1 48 c1 ea 03 83 e1 07 <0f> b6 14 1a 38 ca 7f 08 84 d2 0f 85 c6 04 00 00 0f b6 10 48 8b 7c [ 961.928795][ T9] RSP: 0000:ffffc900000e73f0 EFLAGS: 00010202 [ 961.934871][ T9] RAX: 0000000000000002 RBX: dffffc0000000000 RCX: 0000000000000002 [ 961.942850][ T9] RDX: 0000000000000000 RSI: ffffffff88300fe5 RDI: ffff88801e29dd00 [ 961.950825][ T9] RBP: 0000000000000008 R08: 0000000000000005 R09: 0000000000000000 [ 961.958806][ T9] R10: 0000000000000000 R11: 0000000000000000 R12: ffffc900000e7690 [ 961.966785][ T9] R13: ffffc900000e7670 R14: 0000000000000178 R15: 0000000000000000 [ 961.974775][ T9] FS: 0000000000000000(0000) GS:ffff88812438a000(0000) knlGS:0000000000000000 [ 961.983739][ T9] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 961.990331][ T9] CR2: 0000001b2d3bbff8 CR3: 0000000036e9c000 CR4: 00000000003526f0 [ 961.998323][ T9] Call Trace: [ 962.001605][ T9] [ 962.004545][ T9] ? __pfx_vidtv_psi_ts_psi_write_into+0x10/0x10 [ 962.010896][ T9] vidtv_psi_pmt_write_into+0x3b2/0xa70 [ 962.016463][ T9] ? __pfx_vidtv_psi_pmt_write_into+0x10/0x10 [ 962.022547][ T9] ? vidtv_psi_pat_write_into+0x56a/0x690 [ 962.028288][ T9] ? __pfx_vidtv_psi_pat_write_into+0x10/0x10 [ 962.034371][ T9] ? __lock_acquire+0x4a5/0x2630 [ 962.039332][ T9] ? lock_acquire+0x1b1/0x370 [ 962.044031][ T9] ? lock_acquire+0x1b1/0x370 [ 962.048847][ T9] ? find_held_lock+0x2b/0x80 [ 962.053541][ T9] vidtv_mux_push_si+0x932/0xe80 [ 962.058503][ T9] ? __pfx_vidtv_mux_push_si+0x10/0x10 [ 962.063985][ T9] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 962.070168][ T9] ? vidtv_memset+0x50/0x90 [ 962.074681][ T9] ? vidtv_ts_pcr_write_into+0x45b/0x650 [ 962.080332][ T9] ? work_busy+0x137/0x360 [ 962.084788][ T9] ? kthread+0x370/0x450 [ 962.089067][ T9] ? ret_from_fork+0x72b/0xd50 [ 962.093843][ T9] ? ret_from_fork_asm+0x1a/0x30 [ 962.098831][ T9] vidtv_mux_tick+0xe93/0x1460 [ 962.103636][ T9] ? __lock_acquire+0x4a5/0x2630 [ 962.108605][ T9] ? __pfx_vidtv_mux_tick+0x10/0x10 [ 962.113825][ T9] ? __lock_acquire+0x4a5/0x2630 [ 962.118787][ T9] ? do_raw_spin_unlock+0x145/0x1e0 [ 962.124003][ T9] ? debug_object_deactivate+0x2e4/0x3b0 [ 962.129658][ T9] ? rcu_is_watching+0x12/0xc0 [ 962.134434][ T9] process_one_work+0xa0e/0x1980 [ 962.139384][ T9] ? __pfx_process_one_work+0x10/0x10 [ 962.144774][ T9] ? __pfx_vidtv_mux_tick+0x10/0x10 [ 962.150015][ T9] worker_thread+0x5ef/0xe50 [ 962.154620][ T9] ? kthread+0x13a/0x450 [ 962.158883][ T9] ? __pfx_worker_thread+0x10/0x10 [ 962.164000][ T9] kthread+0x370/0x450 [ 962.168091][ T9] ? __pfx_kthread+0x10/0x10 [ 962.172704][ T9] ret_from_fork+0x72b/0xd50 [ 962.177304][ T9] ? __pfx_ret_from_fork+0x10/0x10 [ 962.182424][ T9] ? __switch_to+0x800/0x1100 [ 962.187148][ T9] ? __switch_to_asm+0x39/0x70 [ 962.191925][ T9] ? __pfx_kthread+0x10/0x10 [ 962.196535][ T9] ret_from_fork_asm+0x1a/0x30 [ 962.201319][ T9] [ 962.204347][ T9] Modules linked in: [ 962.209356][ T9] ---[ end trace 0000000000000000 ]--- [ 962.562261][ T9] RIP: 0010:vidtv_psi_ts_psi_write_into+0x4bb/0xb40 [ 962.580474][ T9] Code: 5b ec d7 f9 4d 8d 65 20 4c 89 e0 48 c1 e8 03 80 3c 18 00 0f 85 fe 04 00 00 49 8b 45 20 48 89 c2 48 89 c1 48 c1 ea 03 83 e1 07 <0f> b6 14 1a 38 ca 7f 08 84 d2 0f 85 c6 04 00 00 0f b6 10 48 8b 7c [ 962.624416][ T9] RSP: 0000:ffffc900000e73f0 EFLAGS: 00010202 [ 962.646443][ T9] RAX: 0000000000000002 RBX: dffffc0000000000 RCX: 0000000000000002 [ 962.670077][ T9] RDX: 0000000000000000 RSI: ffffffff88300fe5 RDI: ffff88801e29dd00 [ 962.678252][ T9] RBP: 0000000000000008 R08: 0000000000000005 R09: 0000000000000000 [ 962.693814][ T9] R10: 0000000000000000 R11: 0000000000000000 R12: ffffc900000e7690 [ 962.717301][ T9] R13: ffffc900000e7670 R14: 0000000000000178 R15: 0000000000000000 [ 962.734730][ T9] FS: 0000000000000000(0000) GS:ffff88812438a000(0000) knlGS:0000000000000000 [ 962.745473][ T9] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 962.755449][ T9] CR2: 00007f02431ea2f8 CR3: 0000000026602000 CR4: 00000000003526f0 [ 962.763805][ T9] Kernel panic - not syncing: Fatal exception [ 962.770028][ T9] Kernel Offset: disabled [ 962.774355][ T9] Rebooting in 86400 seconds..