last executing test programs: 2m32.780028638s ago: executing program 1 (id=450): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000300), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000840)={'wlan1\x00', 0x0}) sendmsg$auto_NL80211_CMD_DEL_PMK(r0, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000880)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r1, @ANYBLOB="01002cbd7000fbd751589d00000008000300", @ANYRES32=r2], 0x1c}, 0x1, 0x0, 0x0, 0x48880}, 0x830) mmap$auto(0x0, 0x5, 0x800000000002, 0x14, r0, 0x300000000001) socket(0x2, 0x1, 0x106) sendmsg$auto_NBD_CMD_RECONFIGURE(r0, &(0x7f00000004c0)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000500)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="040025bd7000000000250300000004000a000c000300040000000000000002e78dd2b6ee52edf2b464a817bf7f1eb079b865b056cf73e277dc11f2085dec532046e0b3063c1915cd683cad79f0f7263932374a96e09cc61ac256a2f9b5bcd1513737322c6398ad05ee44bb42bf60ebf7bf4a291d20bcbc2dc968e0cc02ca397947b7e5b35aa7b16aaea7b4bc5a00004d6548054d820215993ccc6f5164953f13f82533580d5b55a822b369383f212b9ccee29c46ee6c2bf85d58aade2265eb8cbb2280781b6b53dcb24e564448dbb64c3f2a9b372592ca4989eba9a7cabb70914869eda31eb4"], 0x24}, 0x1, 0x0, 0x0, 0x889}, 0xe1) setsockopt$auto_SO_TIMESTAMPING_OLD(r0, 0xdfe4, 0x25, &(0x7f0000000380)='.}:^))#-\x00', 0x401) close_range$auto(0x2, 0x8, 0x0) r3 = socket(0x2, 0x80802, 0x0) setsockopt$auto_SO_DOMAIN(r3, 0x8, 0x27, &(0x7f0000000080)='/dev/snd/midiC2D0\x00', 0xcd) r4 = socket(0x21, 0x6, 0x3) openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000000)='/dev/binderfs/binder0\x00', 0x0, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snd/midiC2D0\x00', 0x1, 0x0) openat$auto_snd_pcm_f_ops_pcm(0xffffffffffffff9c, &(0x7f0000002180)='/dev/snd/pcmC0D0p\x00', 0x0, 0x0) socket(0x15, 0x4, 0x201) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x163340, 0x16e) socket(0x2, 0x80802, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) connect$auto(0x3, &(0x7f0000000140)=@in={0x2, 0x4e23, @multicast2}, 0x55) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7fffffe) io_uring_setup$auto(0x6, 0x0) setsockopt$auto(0x3, 0x0, 0x13, 0x0, 0x2) openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000002940)='/dev/fb0\x00', 0x200cc1, 0x0) select$auto(0x9, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0x0, 0x1, 0x948b, 0x5, 0x15f4da07, 0x1cb, 0x1010, 0x64, 0xfffffffffffffffe, 0x1000, 0xb, 0xb02a, 0x2, 0xa]}, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x11}}, 0x6a) sendmmsg$auto(r4, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x0, 0x0, 0x8001, 0xb}, 0x800009}, 0x3, 0x20000000) 2m32.148532908s ago: executing program 1 (id=453): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0x2, 0x1, 0x0) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000100)='/dev/radio6\x00', 0x8a240, 0x0) socket(0x10, 0x3, 0x15) socket(0xa, 0x1, 0x84) capset$auto(0x0, 0x0) r0 = open(0x0, 0x22240, 0x154) bpf$auto(0x0, &(0x7f0000000400)=@link_update={r0, @new_prog_fd=0x4, 0x4, @old_map_fd=0x3ff}, 0xa3) openat$auto_proc_page_owner_operations_page_owner(0xffffffffffffff9c, &(0x7f0000000000), 0x301402, 0x0) r1 = openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000000), 0x8001, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000440)='/sys/devices/platform/dummy_hcd.0/usb1/bConfigurationValue\x00', 0x63102, 0x0) sendfile$auto(r2, r2, 0x0, 0x2) io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) fcntl$auto_F_GET_RW_HINT(r1, 0x40b, 0x4bf060d9) write$auto(0x3, 0x0, 0xfffffdef) mmap$auto(0x4, 0x400007, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup.cpu/hugetlb.1GB.limit_in_bytes\x00', 0xa001, 0x0) unshare$auto(0x40000080) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/firmware/memmap/2/type\x00', 0x18b740, 0x0) mmap$auto(0x0, 0x2000d, 0x4000000000df, 0xeb1, 0x404, 0x8000) r4 = openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) r5 = getpid() process_vm_readv$auto(r5, &(0x7f0000000000)={0x0, 0xfff}, 0x40000000001, &(0x7f0000000180)={&(0x7f0000000040)="8c9700089d1b208365d5b5d112dbab029ed13881d2f2c7ba2eb01c3db79f77fdc2bb50c64a925009dff4cd1aca925c57100112d88f73348a54396800ed598a0e5500d7c0cbb6b1e91d", 0x40000000001243}, 0x4, 0x0) ioctl$auto(r4, 0x400454ca, 0x38) ioctl$auto_TUNSETTXFILTER(r4, 0x400454d1, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r3, &(0x7f0000000000)=""/112, 0x70) mmap$auto(0x0, 0x6, 0x3, 0xeb1, 0x7, 0x8000) mmap$auto(0x0, 0x2020006, 0xa, 0xeb1, 0xfffffffffffffffa, 0x8000) 2m31.554749274s ago: executing program 1 (id=455): msgctl$auto_IPC_STAT(0xfffffffe, 0x2, &(0x7f0000000640)={{0x80000005, 0x0, 0x0, 0xa8f1, 0x6, 0x6, 0x7}, 0x0, 0x0, 0xfffffffffffffffd, 0x80000001, 0x100d, 0x6, 0x80cf, 0x7fff, 0xf, 0xfff8, @inferred, @raw=0xaa72}) mmap$auto(0x8, 0x5, 0xe0, 0x9b7f, 0x2, 0x8199) r0 = socket$nl_generic(0x10, 0x3, 0x10) getsockopt$auto_SO_COOKIE(r0, 0x1, 0x39, 0x0, &(0x7f0000005b00)=0x7) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttyS2\x00', 0x101e81, 0x0) ioctl$auto_TIOCSTI2(r1, 0x545c, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$auto_HWSIM_CMD_DEL_RADIO(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="ac010000", @ANYRES16=r2, @ANYBLOB="fec4492fe6b933f75c070100090005000000"], 0xfffffe94}, 0x1, 0x0, 0x0, 0x40}, 0x0) ioctl$auto_TIOCVHANGUP2(r1, 0x5437, 0x0) mmap$auto(0x0, 0x420009, 0xdf, 0xeb1, 0x401, 0x8000) r3 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x800000000000e983, 0xdf, 0xeb1, r3, 0x100000000) ioctl$auto_EVIOCGID(r3, 0x80084502, &(0x7f0000000040)={0xbdec, 0xfff8, 0x61, 0xa}) ioctl$auto_XFS_IOC_ATTRLIST_BY_HANDLE(r3, 0x4058587a, &(0x7f0000000480)={{r0, &(0x7f0000000140)="dd5ced4f359cd68f35977020d4ea520c72b3209215c5ccc4f516eb85e98e2856a751578efdea9529d589ffb72c47565ada31590d8dc3a20e8855512d0ca7a4278039887a0a29c7b8320a", 0x3, &(0x7f0000000240)="d4f868f441dcb321288cb0985c007b56293031336a6518c2184c1d7f58965447d36fbf5c1cbc576fac7df718b21922069647b83cfff6723901249e5094e8ccc0d53b2c9fd2b55cf983feb4a28ce73cd184ae02", 0x0, &(0x7f00000002c0)="a9f30d92aa558d10609042843a75dd0178", &(0x7f0000000300)=0x6}, {[0xfffffffd, 0x2, 0x0, 0x60000000]}, 0x2, 0xc83, &(0x7f0000000380)="2c69e0e00a2647cb2f76fcc5c86e1ae7aabb4a16de21d349f1d58aa4e839750411cd6c785451afb4fc3172f7a125b4ee6fbbf4b4eee889bcfe07d98764b5ec6d99f0a9cbfa3db8203a3afeb6bcb1e9ca9335ce1819daf132ca1078491bc683e32970e9470899ce01329b2aac7c4f439c723c7a36398256b753342ca12e6e3f88d50b6fa8261ce427f7be173d3228f87e82a94b0c254fb8abfc1c2136d2b59db65b9bd46bf18b86ea77f12117a989db6cfa9ac1d5f4fa19e88492b440ab75789f93e1843e4ec9a804edef0d35cec33fd4dcc4deb18497c647e0905433f3fbdfb447f273b630d772915b2605f7ae2e62d96d5a3681fe"}) openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000100), 0x2b8303, 0x0) openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000200), 0xffffffffffffffff) write$auto(0xffffffffffffffff, 0x0, 0x98c4) mmap$auto(0x0, 0x10005, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, 0x0, 0x802, 0x0) openat$nci(0xffffffffffffff9c, 0x0, 0x2, 0x0) close_range$auto(0x2, 0x8, 0x0) r4 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/bus/usb/003/001\x00', 0x189701, 0x0) ioctl$auto_USBDEVFS_CLAIM_PORT(r4, 0x80045518, 0x0) fcntl$auto_F_SETOWN(0xffffffffffffffff, 0x8, 0x0) read$auto(0xffffffffffffffff, 0x0, 0x20) r5 = openat$auto_nsim_dev_max_vfs_fops_dev(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim3/max_vfs\x00', 0x48002, 0x0) write$auto(r5, 0x0, 0x1) 2m30.568011228s ago: executing program 1 (id=466): openat$auto_debugfs_full_proxy_file_operations_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/ieee80211/phy0/misc\x00', 0x20a40, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f000000fc00), 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x80002, 0x73) socket(0x15, 0x5, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty46\x00', 0x0, 0x0) openat$auto_msr_fops_msr(0xffffffffffffff9c, &(0x7f0000000400)='/dev/cpu/0/msr\x00', 0x8142, 0x0) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x8000, 0x0) socket(0x15, 0x5, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000280)='/proc/asound/modules\x00', 0x88400, 0x0) io_uring_setup$auto(0xc, 0x0) socket(0x2, 0x5, 0x0) pipe2$auto(0x0, 0x80) openat$auto_uhid_fops_uhid(0xffffffffffffff9c, &(0x7f0000000100), 0x9400, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x1d, 0x2, 0x6) openat$auto_blk_mq_debugfs_fops_blk_mq_debugfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/kernel/debug/block/nbd6/sched/write0_fifo_list\x00', 0x400, 0x0) socket(0xa, 0x1, 0x84) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) close_range$auto(0x2, 0xffffffffffffffff, 0x0) open(0x0, 0x22240, 0x55) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0xc8e03, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x2, 0x0) r1 = socket(0xa, 0x801, 0x84) getsockopt$auto(r1, 0x84, 0x82, 0x0, 0x0) ioctl$auto(0x3, 0x40106f52, r0) 2m30.412479372s ago: executing program 1 (id=468): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) r0 = open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x100) r1 = openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sg0\x00', 0x10000, 0x0) ioctl$auto_SG_SET_RESERVED_SIZE2(r1, 0x2275, &(0x7f0000000040)="8811afbe8050939700f945c23947713c97a8123a9e9a4e729215c3fa0657586b53e403d0553d844799994ef8364171ff21a7d5c93db41ed97c16865f22469c90318c05a74b1c81976c4b46115904649c51cfc7f2937cde7558286e0a45897143049fbeadf925ce48bd894f") r2 = open(&(0x7f0000000100)='.\x00', 0x0, 0x57e) fcntl$auto_F_ADD_SEALS(r2, 0x410, 0x5f) r3 = syz_clone(0x0, &(0x7f0000000140)="5873600577cc31895dc2678d92bfd105cd1ff12a479d72236e8f75bb0ba07eeecdb3e8efbfa166ff13c4ba1b44bc028e28fd6b2262e5f407fea006efe31edafd4374180c0dee837e534575a6743d9f002246c5f3d345e86689de3472b8d7afed4fb161b945435d56faaa1238dcb7077ebbac45bfa44972edb7c3e2a9afe5f3ebcfa6aa9510c8bf7160090e7fbee83040877622b75e89361c2542f32b210d9a0ad9254c37ebd01ebd9eadee0a8dcc87e597613eed9f4f5ca937d324eb15e5f8413f5f67777e71781914a8e5fc3b8740201275bb1d002bd72e6e46046db5815c0ea9f5fb29c0f5e8d7ee8f82e060063bd89811855f19c960b1", 0xf8, &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)="f3815213910f958353233129c648eb5c145b50ef814c55fc657e44a4d4eaf719d66e3f1a64288bd5ca1714c4b180a7a16ba68f28f049632538727e2f7b01c1bc0feacb54d693c52a895795dc0af3aee5e3ddcee7dba871f7788ff1956dbea8220e244100fe3cfaccabcb5d612ba67afd0aa0fbca866e6e9f45f9ba3f881f8f411c4ed085c9421c56fbb851ba0d6cf40f1b4efc93e9c3400d2bf12fa916b7a8a27b0ea165bdf97e3c94fb34740f953f6cdf845dae134255f5a6e3a436162f17a3118b5b5c937a78133fb445c7bd66efc04567f0b4a4a63b652eaf3407c0946fc522a0abb23bbdbf3bd44e40791fbf9cc2e8e7813f0b7a423f9b5cc25105f942cdd87c7526becf8ad0ac8340aeed789ffaeb697983950b593aff79d3d920b872ca34ed6e31a655f6d8a69720fd5f427807a4825937b836bd5b33e4c63e274fecbe363088af3b3d6dff6af205a472ff4e53343360d7ee18109ee87ec7532f99567623b42ad7e0331cd2fcf05c231ecb810fb0a0e31206cc5becf7f369d0859a35f0b8164079b95422568f049a203e9be34a5d600bd213f13f87785e9d45c10b0dfafeff6dd7912d38591938e0b32869fd1d48f04b4166e03f433068411cdb997473de985b0d9c62f4b7afeb26018d11da29dbee4262da4f26bed2e4fdb8b5752ad16af44de3a0734de5fa3e78f478219e7e44e188dbf2c333e2f332d77696440190ee0af51c49e49f8e77872ce10fa3a631d86548fd0b5530c9bd4bd29c58254cc4e5004f71c4d56ac0b17dea4cf2356058c66f75ae51b9cbb2f6a6c3f72ccd887d755a04b546612bb884f3daaf1516df6e9e9637c488d44ff25e84bb66559e3742d58646f2e6849b63c21aa78e9c1af66ad173a4ac23362f81504194300e16e5587eefba483b92a226030cb71b502c3ba196483e30c31c795bc80e341622ff58f33428b5e165d91bc9de0e3aa83870f1f0d8cce7487f0324b0e80bcd4e72d08c0b4189f14a7d60adeb0f8dca6cc255967e13d963e27b0a023ab1692aaf201c53f678ab730ba4f6a52277249e0b25aa844620668837a7e08078d629e78eac20c31a8ce64746d570ffc7de27a7e70cd5b0e1144bb9095f9fd946721bbd43102647b8bc33c1db778469707d0313900347e6912cd6b5f318ff3a986fe684aae161fa83f87222b16c11f49f003720e3b6c8907164f7990f2f88a1c6144744dfa857e4b7ea14bdf59413a4fc769f33a9dff59822ab4e0adbfe3fbf9bdc96f3c8470ee42a5840a54a021a0fd619713ef373861d89dbd727737ef8edd50aca4ade6b3ceb72d21ff87a6e301be34dceb2a71571528c269500a3fa76770447a66269418fe614a502a4c87b9cd521a0452fec19f3e03cac259cf716d94ca5de785e4f06f8464f9554531c369d60923f4b8a684b0467b056837d86fce47d1e80156a601632a483468d3e1a65df399ab0b7dd10f8aa3d0c0ad727ad2615b42f301f44828081498f797058556b53578831991c4a55ea5022a6fe969b2a9e433c547bbbc9052d19508679b9556665e535d6e7dbfdcc7fdf3f64804e14749ff3e8d2d8aeb627b8597e7b5a13e3f4cf17184d412853834f88bc1c3212c94bc4dc6247483b8bce2bb97e23fbc0ceb068ff7018c7e2e6fda867aa99cdeff604cdcd057cdd696ac0fb0393e3e08d6dd4aab071c9e4795ff54aaa8a0809e4804ebd237a68093508454cb327126c88e62896d9391eee35fe8437fab88849aec8feab1d266234763d02fe4c5f2b666ed789b8ff50b19693ae7c429adc97d3841638aff929a17361ac68a3f79cd90b65e35f18ad5c2cbbbda3d108237d502dd6be1e898f22a67e054fe185b67f95fb21a40dd401c3bdfb8b07d817005d68dd52d4606e8e08f15c483d67a8e0c9ce190a3b92d0c0bb60f386e0738a7439b70fb16136e7ddbc5fbe76871d8f9a6c25abc723857367d11079bfba8cd7996dca35637382cd158a340b85397aca0745f0de0e894db4355a655ad83ed3b4bde554d8eed8ceeb016f579d71c347f82b5f1dbb7e5b08f96dcd3d9dc01f33506c688b7df0bcf67670c5b90dc322b6da01959ec6ff7893f3b999199bb214fdde6f5f761d488625e731b6cf12b67c0d686152f82d94b0e30e813697a028e9c32087273752d9edd0768e0a1bfb75feeb67b46dfc8f4df346549346f8541a761dbb2f1e31d9af5f59d61df5038f25ff32b71dc97ff4f6515af3aa3068d56a1e42c1c162a532f3387e5a79e03c1c4a92001e6695b1bcf98871c101cd547cc59342cf58374c4c9f07200fee40d0ca539d13170ebac7f52a16406f828e733ccf6f315b9ca4434c58ee393aa397f054fc403bd56613de228bcfc7da5547235156da23cbedad448679392791f08ad52123de6ced04445f0e2e553eb320d857329b3e43273790e06bd0f2fafbe140a6eb54e7d88ccfe8c39e60e48c0e8fbe07e16147723f961ec7b08f4b3d705501e255278040b75d925b36ebf9ef25584a7db1f8b4247412fb20e724997eb013fe14000be8e5c7b36b08c4c0ae9781e857ef945b6a4895f1bd77e0109cb16acffb4f2d5c60c3d1e3428bb9bfd8f532103be3388ea9372d70a5132ebdf5fd78190c65df136d1c8e21ecc8140a7cf17eaa2b76cfcac7d49afbfe6936d332386beaa340b5282e36396b3143b12fff1fcd6c1bfc8e6e25a537945ee89db348a0d092290d798bb0f4e7db32a065f166c23afe61927c5bd5573b32cff030f7eb3e55e247a36b8ebe820494bbc74ec10b09e84c517d5c029769e127bb53106f643d1c6f7f97ceb9b9cedd935c3ba78f566661ccf1ba66a5e0bf72fa991d2612e3b1a298c3ca8c1adc11798486fcd53addff72cabb5cbb93fa35fd9cb26b490ebae4f095afe8ef7540ac50d430b79f422c92ec7e509cd4203f39512f3ee9f881b7250847a165b3b712444a2b90837658a4906a03e99702415a3e3231595fd340e5c027e9df4d9ab59b11997f68d3a7dfa0037fafb1ad8dc8d78da4b6583fa201dbf38088c527ebceb52f8808f88eb6291a87ccb1e2f75b2c46e966589d0af31088d63cc36faa218da1dcc2001453deef0e3b4a00fbff7897cd72b54a8064939d6fc03c1b3a7ddd0e5cf3bed0e48ceab969ac402236c469ffd18ddb3be1076655e11bf7291d1cd1fa15af779beeb17d27b0d4bfabe3bb663deb146a81d7a89495c8900af9bd45b6a6e1b62686d8bca9f6d9bd07e9bb1421673ea7fe27c90d750e626ef0fca0dd809900e73a41fbc0999e4d6d04c9ece2832db867e3e0b59b88923c28732c243cf0bbf8cb093af2dd49dc0dc5b4c64e83c7fa2951db68f24112c19514e66ce63ebe8382119cc58c8f4bcd2f0b19716791454eda102494a050f8405d51167ec3b1b975ad9e4110be1d0051985cdbd7775a8256174b21457fd89f53da8456c7010f54bbf017cca8e356cacb06bbe678a7a739cac5ce4d68134310d3ed86555765da12e5b45c93a213946e0f8fed6b68910948a5e3f7efbd3a1a5f1cf1d497e363ecec97360bf90d7f92376675af871325ab8af69f4c44d5848c65c5c78067e9b85c461632d3f09c213d99fb58038f6c8b39a18bfe1ce9f67709b394342ea04f8d27a3dfea423cbaee17ce81184aba4179fcdf1703e10ff6950c30fedc69dd8460bb9c3cfb95fb3f1c5c2adef89ef464e68ae1d07b6bc6a25719ef2d8eaf5e7891db9da30ba2d66264c87cf0c108dea2c8a1d2b9b880ad4e30d59e05b220a0c959560786fb2ae5544c3f9225d24acf671a97d2f8afffcd7ff9b79eb777a0a37d3d2a11949b6176b2c9f63143e445883f5e0351aefa23492608b797b08b2da4c6c6415cd4db5e4eb53cbb22b1d66c350605f2a3e9725913ece2b69649020f76318f7dd8fed46cffe84bf04479a4bd8579dabf1933809c63961772a3bf3cb272f7be46392bd3624d5828627c7401128162e830f31488e81e7100b4db09bc941ec9ea6948fe7fbcedcd8261c21c417551d613f626746dc57e1dc1556db09d1073d85d4bf6f4c67a7dfda71234e0d39b14c03fc7f888516617d3e8b1f2f26f0397b2aa9d30c287a1f19e5f010fc8ea9699198db242dc4b0aca9f6fdad7de5eb1047e7f493bd3a1f2c2a90fca74eb73b6e98dabdd84bfeddf0a9aefd4d1cf4d4676f4a30a53cac4b839c05d4394ac7d2b67f20004243ae676c969f3dbb8c757cab26e7e1d87d4bf96e8d5b55384c6bba49f0c580c9036e500f2ee0635fb8003edebf8b8bf685187b36ad209e3072ea6dee7ed8c11d3ef4af5b27ec0ea441ffefa8587892f7b094b4d4547ede23daa7a232b199ef710fef920cb609b393669fa566ae73cfb16a8711c8b31066fc46af728fdb0d3320e2cf56f7927e8e27eb4f0d858b5c3008d5c7f66d2fdb0f8bce36025239883e74196410a5001890dd8fc613a85cd1c86de2b5c4102381082ac4af6fe7023ec4c292fdf709768a7139644f78be6264030912d1e87c4b9b73e5bef2919f27e7b5e603eb4b0e857b63fc95155503b4a4847198054e91e27f61ab2ca6e42ab5d7e85dbce368a5b91d94d70235bdba4f8cd9ea730ddbcd92d3270cb79cf366c7a1050d73f546de419ab535837e65c6df9625f928c61ca543f2d995acecad35505908ab7185055336389a79b7fcf4a5b24189ea56e50c0a77b74f12d2964863ae48bdbdd752c94734dfe8492c9d71feaf15bfbccec5c48d6081bbeeb0dd52f5d70dae0e4880284086de79cb9c77a6d598c2dab31e298f457c5182d5c227276523374dc340ef9e3fcea7053b8f895d31ce1dfbd1315f98e6378640581d90fe29c6dfe109b66137ab203edec8b68df14c75a8c344aa9eccd3d1aca6a2fd7b94861fa1c67a5fff39da5860f24eff9009df150c9725327b932ae906aeb209cec6a117a1241d06ae66bbd07d8e90d22cd05f455faaf4862702729bb92e9165bbaf4f531aa107af33ba85c49080a4f2a2bd3b5ecc44b2378321617f3e4203fccedd0e919d6e71f806b6c644413fe68a81541c7f910e3557cd18a1590a71e5418aa373c5c283dd88ce51a2a9b572cb985f316f4b80212af9d0c156a29a1834a4e6e772b43feec32b1ec4f36dc3d173eeefac028163042316c3b6c571151efcb5fa6615be69d019a7bd84a7318af5d4c5a1df8fddc62f0e67f5c3e2ae9cdadfd331cc1ecbbd8f0bb0d35c5efffb29a6f7b307acad96814b90c829fabb872b2568390dcc59b8d9b60401966f526fd481e20b012fe25fbaac42565c69b557fcb074f1e233675380b0994320933389d43e782d672372e01f06c2cace9a4ce89843403213d29e0a224df28d30890d1ce282d0de6a01b36623c3e997b0061138863fa78441e52314a248ad8291b6ece33ad71941d291a3261f067736a8a935b5ec6c8d7eac09e467fecb28c072d1cefde1741aff44f2f0afad06db648be485d0b23a688bc60910509d951040bf12e157dfaba30aadc708ea29078947c418e637598e609c150c6b8a1e85b82c16fcfe1b9ec6e9aa902857384436feb3b7fc5e80add86b1e057dc88b840661213cf8c296d5f77d55307b348b7a4dc18550ccd0abd9ea745ab8eeaa4ba4d9cbb918b0d92552b7ad1f0ea69f246be7ef935712b0e53596a9097024573012fb9bd0862b00ba938c49d223b0415324b2102229582973e1f1cf66473df353f9c5780a65eec92ba15ed1417e998b615edcdcbf610235a3bfe00e756489b379d073b313620867038775dfa15366e1ca39d4c440ad7abd8b954495efe2ea42d73315a4edf27916b446be896dddf1699f5c74f22b430e8aed8") ioctl$auto_BLKTRACESETUP2(r1, 0xc0481273, &(0x7f00000012c0)={"d7d912e1b6d3aa83aa32a1b8bb6e8d108aaceaf89ed194cf5d1aaf29639e6b16", 0x0, 0x7, 0x10001, 0x4, 0x0, r3}) mmap$auto(0x0, 0x2020009, 0xfffffffffffffffd, 0xeb1, 0xfffffffffffffffa, 0x8000) mprotect$auto(0x0, 0x8000000000000001, 0x8) link$auto(&(0x7f0000003240)='./file0\x00', &(0x7f0000003280)='./file2\x00') mmap$auto(0x0, 0x200, 0x5, 0x7fffffffffffffff, 0xfffffffffffffffa, 0x8000) socket(0xa, 0x5, 0x0) close_range$auto(0x2, 0x8, 0x0) ioctl$auto_NVRAM_INIT(r0, 0x7040, 0x0) 2m29.422291843s ago: executing program 1 (id=477): mmap$auto(0xffffffffffffff3b, 0x2020009, 0x2, 0x17, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x2020009, 0x7, 0xf9, 0xfffffffffffffffa, 0xffff) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0x2, 0x2, 0x0) bind$auto(0x3, &(0x7f00000001c0)=@l2={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x2}, 0x2ad8) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x50) recvmmsg$auto(0x3, 0x0, 0x10000, 0x700, 0x0) prctl$auto(0x3e, 0x0, 0xffffffffffffffff, 0x1, 0xff00000000000001) mmap$auto(0x0, 0x202000d, 0x3, 0xeb1, 0xfffffffffffffffa, 0x2000000000000) r0 = socketpair$auto(0x1e, 0x5, 0xfffffffe, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mremap$auto(0x0, 0x7, 0x4, 0xf8, 0x100000000) io_uring_setup$auto(0x2, &(0x7f0000000080)={0x80000003, 0x9, 0x4002, 0x0, 0x4, 0x8, 0xffffffffffffffff, [], {0x9, 0x6, 0xc, 0x47, 0x100, 0x7f, 0x101, 0x4000006, 0x2000}, {0x100, 0x1, 0x52, 0x5, 0x1, 0x40, 0x104, 0x8, 0x100000000}}) madvise$auto(0x0, 0x2003f0, 0x15) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) mmap$auto(0x0, 0x6, 0x2, 0x40eb2, 0xffffffffffffffff, 0x308000000000) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) move_pages$auto(0x0, 0x1002, 0x0, 0x0, 0x0, 0x2) r1 = openat$auto_uinput_fops_uinput(0xffffffffffffff9c, 0x0, 0x101001, 0x0) madvise$auto(0x0, 0xffffffffffff0006, 0x19) capset$auto(0x0, &(0x7f0000000000)={0x2, 0x10000002, 0x6}) acct$auto(&(0x7f0000000100)='./cgroup/cgroup.subtree_control\x00') write$auto(r1, &(0x7f0000000280)='\x04>\x01\x01\x00J:\xdd\xfc\xb6\xc6\x0f\xaf\xe3\x0f\xd1V\xb1yz\\\xa6\xed\ag+\xa3p(\xc7\x1b\xdc7\x1b\xc4TM}\xce\x90\xfa9\x957\xec\xd8\xe0TC\x86\xad\xe1G\xc7\xd4\x96\x12h\x84;Y\xe2\x03i\xa1)`\n\xc3\xfeR\x06\x03\xf5/@\xf0\'\xb9\xdf\xe1\xef\v\x19B\xc0\xe2\xac\xa5^\x01\x00\x00\x00\x00\x00\x00\x00\b\xdc\xc3),=1\b\x05\x9d\x82\xd4\'\xe8\xfe\xfd\x9a\x9f\x00\x00\x00\x00\x00\x00\x00\x00', 0x8000007f) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ram1\x00', 0x68100, 0x0) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/loop4\x00', 0x16fa02, 0x0) sendfile$auto(0x3, r2, 0x0, 0x400000000006) writev$auto(r0, &(0x7f0000000140)={&(0x7f0000000040), 0xc4}, 0x400000000009) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0xe0301, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000180)='/proc/sys/kernel/task_delayacct\x00', 0x80282, 0x0) 2m14.379453544s ago: executing program 32 (id=477): mmap$auto(0xffffffffffffff3b, 0x2020009, 0x2, 0x17, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x2020009, 0x7, 0xf9, 0xfffffffffffffffa, 0xffff) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0x2, 0x2, 0x0) bind$auto(0x3, &(0x7f00000001c0)=@l2={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x2}, 0x2ad8) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x50) recvmmsg$auto(0x3, 0x0, 0x10000, 0x700, 0x0) prctl$auto(0x3e, 0x0, 0xffffffffffffffff, 0x1, 0xff00000000000001) mmap$auto(0x0, 0x202000d, 0x3, 0xeb1, 0xfffffffffffffffa, 0x2000000000000) r0 = socketpair$auto(0x1e, 0x5, 0xfffffffe, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mremap$auto(0x0, 0x7, 0x4, 0xf8, 0x100000000) io_uring_setup$auto(0x2, &(0x7f0000000080)={0x80000003, 0x9, 0x4002, 0x0, 0x4, 0x8, 0xffffffffffffffff, [], {0x9, 0x6, 0xc, 0x47, 0x100, 0x7f, 0x101, 0x4000006, 0x2000}, {0x100, 0x1, 0x52, 0x5, 0x1, 0x40, 0x104, 0x8, 0x100000000}}) madvise$auto(0x0, 0x2003f0, 0x15) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) mmap$auto(0x0, 0x6, 0x2, 0x40eb2, 0xffffffffffffffff, 0x308000000000) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) move_pages$auto(0x0, 0x1002, 0x0, 0x0, 0x0, 0x2) r1 = openat$auto_uinput_fops_uinput(0xffffffffffffff9c, 0x0, 0x101001, 0x0) madvise$auto(0x0, 0xffffffffffff0006, 0x19) capset$auto(0x0, &(0x7f0000000000)={0x2, 0x10000002, 0x6}) acct$auto(&(0x7f0000000100)='./cgroup/cgroup.subtree_control\x00') write$auto(r1, &(0x7f0000000280)='\x04>\x01\x01\x00J:\xdd\xfc\xb6\xc6\x0f\xaf\xe3\x0f\xd1V\xb1yz\\\xa6\xed\ag+\xa3p(\xc7\x1b\xdc7\x1b\xc4TM}\xce\x90\xfa9\x957\xec\xd8\xe0TC\x86\xad\xe1G\xc7\xd4\x96\x12h\x84;Y\xe2\x03i\xa1)`\n\xc3\xfeR\x06\x03\xf5/@\xf0\'\xb9\xdf\xe1\xef\v\x19B\xc0\xe2\xac\xa5^\x01\x00\x00\x00\x00\x00\x00\x00\b\xdc\xc3),=1\b\x05\x9d\x82\xd4\'\xe8\xfe\xfd\x9a\x9f\x00\x00\x00\x00\x00\x00\x00\x00', 0x8000007f) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ram1\x00', 0x68100, 0x0) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/loop4\x00', 0x16fa02, 0x0) sendfile$auto(0x3, r2, 0x0, 0x400000000006) writev$auto(r0, &(0x7f0000000140)={&(0x7f0000000040), 0xc4}, 0x400000000009) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0xe0301, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000180)='/proc/sys/kernel/task_delayacct\x00', 0x80282, 0x0) 6.281358381s ago: executing program 0 (id=1197): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0x2, 0x1, 0x0) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000100)='/dev/radio6\x00', 0x8a240, 0x0) socket(0x10, 0x3, 0x15) socket(0xa, 0x1, 0x84) capset$auto(0x0, 0x0) open(0x0, 0x22240, 0x154) openat$auto_proc_page_owner_operations_page_owner(0xffffffffffffff9c, &(0x7f0000000000), 0x301402, 0x0) r0 = openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000000), 0x8001, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000440)='/sys/devices/platform/dummy_hcd.0/usb1/bConfigurationValue\x00', 0x63102, 0x0) sendfile$auto(r1, r1, 0x0, 0x2) io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) fcntl$auto_F_GET_RW_HINT(r0, 0x40b, 0x4bf060d9) write$auto(0x3, 0x0, 0xfffffdef) mmap$auto(0x4, 0x400007, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup.cpu/hugetlb.1GB.limit_in_bytes\x00', 0xa001, 0x0) write$auto(r2, &(0x7f00000002c0)='0T\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k>\xc8\x1f\xad\xf6\xf0\xef\xe4s\x95\xf2\x00\x97S\xb9O\xac\xbe\xd6\\J<\x02YK\xd6M\xe6\xe7\xa0\xb8\xc3[\x01\xc5\xe8|\xb0\xb0\x80\xbf\xa5?=i\x88UB\x1d\x8e\xd3\xc2\x949\xb6\xfb\x006\x02\x9c\x83\x14\x13\x99\xc7\xb4)M\xed\tN $\xd4\x90^?J\x92\x9a?\xf8b\x03\xd8\xdd\x84\xdf\x92\xf0\xcd\xd8\xba\xab\x15\x80\x9eo,\xc8\xf2\x82\xd2\x88\xbeL\xa0\x1a\xd3\xd5Of\x95\xee\x13e\xeb}o\x9b\x86_\xf0?\f<\xf3t7\xb6\x0f\x93\xc79@\xd8x\x9e\xef!\x006\b\xdbWB\x84\xdd\xac\xdau\x86g\x8f\x02@O7\x0f\xf8\x8d(\x9c\xf2NyD\x7f3\x14\x9eg\x86%)\xd6\b\xcd\x1f\x03\x00:\xa6\x83\'\xf4\xf2\x9dd\xf4z\x89\xc5D\xc4\x02\\\x81\xcf\x02Ep\xf6`\xde*\x1dV', 0x2) unshare$auto(0x40000080) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/firmware/memmap/2/type\x00', 0x18b740, 0x0) mmap$auto(0x0, 0x2000d, 0x4000000000df, 0xeb1, 0x404, 0x8000) r4 = openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) r5 = getpid() process_vm_readv$auto(r5, &(0x7f0000000000)={0x0, 0xfff}, 0x40000000001, &(0x7f0000000180)={&(0x7f0000000040)="8c9700089d1b208365d5b5d112dbab029ed13881d2f2c7ba2eb01c3db79f77fdc2bb50c64a925009dff4cd1aca925c57100112d88f73348a54396800ed598a0e5500d7c0cbb6b1e91d", 0x40000000001243}, 0x4, 0x0) ioctl$auto(r4, 0x400454ca, 0x38) ioctl$auto_TUNSETTXFILTER(r4, 0x400454d1, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r3, &(0x7f0000000000)=""/112, 0x70) mmap$auto(0x0, 0x6, 0x3, 0xeb1, 0x7, 0x8000) mmap$auto(0x0, 0x2020006, 0xa, 0xeb1, 0xfffffffffffffffa, 0x8000) 5.688992426s ago: executing program 4 (id=1200): keyctl$auto(0x200000000000020, 0xffffffffffffffff, 0x5, 0x5, 0x8) r0 = open(&(0x7f0000000100)='.\x00', 0x40000, 0x0) mmap$auto(0x0, 0x9, 0xfc, 0x1000000eb1, 0x401, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) time$auto(0x0) recvmmsg$auto(0x3, &(0x7f0000000100)={{0x0, 0x9, &(0x7f0000000080)={0x0, 0x9}, 0x7, 0x0, 0x1, 0x4}, 0x4}, 0x10000, 0x300, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/mm/transparent_hugepage/khugepaged/alloc_sleep_millisecs\x00', 0x20681, 0x0) write$auto_kernfs_file_fops_kernfs_internal(r1, &(0x7f00000000c0)='5', 0x1) writev$auto(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000480)="3472517ba6", 0x5}, 0x1) open(&(0x7f0000000800)='./file0\x00', 0x62240, 0x154) quotactl$auto(0x9, &(0x7f0000000000)='/sys/kernel/mm/transparent_hugepage/khugepaged/alloc_sleep_millisecs\x00', 0xee01, &(0x7f00000004c0)="5f865082dea48a5120697f1dfdfa25db5140bcc1c80a4f634aef6ed739ad5affcd6f11ed4a2e1dee4629f12a309107c8b5e85c181b27ff528bafd3812dd61942749b4248a7036e5274710b58c36fe105369e60270fd2f140dbfe94955295d1e21c7769b2b0b95f2f1be3a3b7ea4b3be9d5956d567fb43d3d00d42dd5000000000000000095e04dc443356fda27596f3f4d6f8341ed7db017854aca8dcc9de3ccdaed1427c6d2ed8649ed3aed4e43fb9575491eb59771f1a66bb0cdfa0807abed52bedaffdd80bac5181c0a38ec6bc3ecab62f67e2b045c7fa5a68dcee5") execveat$auto(r0, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0, 0x10000) ioctl$auto(0xffffffffffffffff, 0xab03, 0xffffffffffffffff) openat$auto_stats_seq_fops_netdebug(0xffffffffffffff9c, &(0x7f0000000200), 0x40200, 0x0) 5.180211534s ago: executing program 0 (id=1203): pread64$auto(0xffffffffffffffff, 0x0, 0x800003, 0x270) openat$auto_nvram_misc_fops_nvram(0xffffffffffffff9c, &(0x7f0000000000), 0x820181, 0x0) r0 = getpid() process_vm_readv$auto(r0, &(0x7f0000000000)={0x0, 0xfff}, 0x1, 0x0, 0x6, 0x0) mremap$auto(0x0, 0x4, 0x4, 0x7, 0x100000000) mmap$auto(0x0, 0x200006, 0x2, 0x40eb1, 0x602, 0x300000000000) connect$auto(0x3, 0x0, 0x54) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/015/001\x00', 0xa901, 0x0) ioctl$auto(r1, 0x5522, 0xf15) ioctl$auto(r1, 0x5523, r1) landlock_create_ruleset$auto(&(0x7f0000000140)={0x4, 0x1, 0x9}, 0xe, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x14f602, 0x0) socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0) 5.175293226s ago: executing program 4 (id=1204): r0 = socket(0xa, 0x2, 0x73) mmap$auto(0x0, 0x2020006, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x1b9, 0x3, 0x1b, 0xfffffffffffffffa, 0x80000008000) mmap$auto(0x0, 0x40006, 0xdf, 0x200009b72, 0x7, 0x20000) io_uring_setup$auto(0x6, 0x0) io_uring_setup$auto(0xe, &(0x7f0000000080)={0x7, 0x6a1, 0x5, 0x0, 0x2456, 0xf, r0, [0x2, 0x8, 0xad14], {0x5, 0x5, 0x1, 0x5, 0x8bbf, 0x1, 0x1, 0x5, 0x2ac1}, {0x6, 0x4, 0x1, 0xd0e, 0x1ff, 0x78c, 0x9, 0x6b27, 0x3}}) ustat$auto(0x801, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x155) socket(0x2, 0x2, 0x0) socket(0x2, 0x1, 0x0) socket(0xa, 0x2, 0x73) mmap$auto(0x0, 0x2020006, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x1b9, 0x3, 0x1b, 0xfffffffffffffffa, 0x80000008000) mmap$auto(0x0, 0x40006, 0xdf, 0x200009b72, 0x7, 0x20000) io_uring_setup$auto(0x6, 0x0) ustat$auto(0x801, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x155) socket(0x2, 0x2, 0x0) r1 = socket(0x2, 0x1, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x1, 0x106) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0xffff, @remote}, 0x6a) socket(0x2, 0x1, 0x106) listen$auto(0x3, 0x81) sendmmsg$auto(r1, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x5, 0x20000000) mmap$auto(0x0, 0x400004, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) 3.971767395s ago: executing program 0 (id=1206): unshare$auto(0x40000080) mmap$auto(0x0, 0x4020009, 0x2000df, 0xeb1, 0x401, 0x8000) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/controlC0\x00', 0x81, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x17) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ram5\x00', 0x14fa02, 0x0) mmap$auto(0x0, 0x810004, 0x400000000ffb, 0x8000000008011, 0x3, 0x8000) openat$auto_vrr_range_fops_(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/debug/dri/vkms/Virtual-1/vrr_range\x00', 0x800, 0x0) getpgrp(0xffffffffffffffff) bpf$auto(0x3, &(0x7f0000000200)=@query={@target_fd, 0x4, 0x7, 0x9, 0x4, @count=0x85, 0x0, 0x80000000, 0x4, 0x12, 0x5}, 0x7) r0 = socket(0xa, 0x2, 0x3a) setsockopt$auto(r0, 0x29, 0x1b, &(0x7f0000000040)='!\x00', 0x1ff) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) sendmmsg$auto(0x3, &(0x7f0000000000)={{0x0, 0x2506, &(0x7f00000002c0)={0x0, 0xae}, 0x5, 0x0, 0x3, 0x3a32182}, 0x4}, 0x3, 0x1ff) recvmmsg$auto(0x4, 0x0, 0x7, 0xe, 0x0) recvfrom$auto(0x4, 0x0, 0x101d0, 0x3ffffd, 0x0, 0x0) prlimit64$auto(0x0, 0x7, &(0x7f0000000cc0)={0xfff, 0xf1c6}, 0x0) ptrace$auto(0x2d, 0x0, 0x4c2a, 0x3) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x300c00, 0x0) prctl$auto(0x3c, 0x80000000, 0x0, 0x4, 0x4) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) 3.928164749s ago: executing program 4 (id=1207): mmap$auto(0x0, 0x4020009, 0x7ff, 0x1000000000ebe, 0x401, 0x8000) openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/fb0\x00', 0x83, 0x0) ioctl$auto(0x3, 0x80000541b, 0x38) close_range$auto(0x2, 0x8, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mtdblock0\x00', 0x0, 0x0) r0 = socket(0x2, 0x1, 0x106) bind$auto(r0, &(0x7f0000000040)=@in={0x2, 0x3, @broadcast}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@sco={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}}, 0x55) r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/net/arp\x00', 0x101000, 0x0) read$auto_proc_reg_file_ops_compat_inode(r1, &(0x7f0000000100)=""/92, 0x5c) write$auto(0x3, 0x0, 0x1) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ram5\x00', 0x14fa02, 0x0) sendfile$auto(0x3, r2, 0x0, 0x400000000006) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x80161, 0x0) sysfs$auto(0x2, 0x3c, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, 0x0) read$auto(0x3, 0x0, 0x80) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_ADD(0xffffffffffffffff, 0xc1105517, &(0x7f0000000580)={{@inferred, 0x1000, 0x202000b, 0x3, "790eaa00ffff8eac2cdafc1f64010043eeb0b053030001ffff000e000000000100", @raw=0x3}, 0x4, 0x2000963, 0x3, @raw=0x1, @integer64={0x7, 0x1007, 0x10001}, "6cc1294d63a4f1b4285854c5368de438f8cc142ef6df12bf3372a1183bedbd31b642b4051b078fa1c1c61c329794e5311121c760cb9611c78e6947a99807bcc1"}) unshare$auto(0x40000080) openat$auto_ns_file_operations_nsfs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/self/ns/cgroup\x00', 0x480080, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) adjtimex$auto(&(0x7f0000000200)={0x5f95, 0x0, 0x2, 0x2000000a, 0xff7d, 0xbc58, 0x4000005, 0x0, 0x5, 0x8, 0x80000000, {0x7ff, 0xf423f}, 0x2744, 0x200000001, 0xff, 0x7, 0x0, 0x3c8, 0x8, 0x8, 0xffffffffffffffff, 0x1560cc85, 0x9}) 3.758289276s ago: executing program 3 (id=1210): bpf$auto_BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, &(0x7f0000000400)=@bpf_attr_11={0x4, 0x4e, 0x5, 0x2, 0x2, 0x1, 0xfffffffa, 0xffffffffffffffff}, 0x5) r1 = getsockopt$auto(0xffffffffffffffff, 0x3a, 0xbe2, 0x0, 0x0) io_uring_setup$auto(0xa, 0x0) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x1b1080, 0x0) pwrite64$auto(0xffffffffffffffff, 0x0, 0x3747, 0x100) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000000180)='/dev/cec15\x00', 0x80200, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) sendmsg$auto_NCSI_CMD_SET_PACKAGE_MASK(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x34, 0x0, 0x2, 0x70bd2a, 0x25dfdbfc, {}, [@NCSI_ATTR_CHANNEL_MASK={0x8, 0x8, 0x800}, @NCSI_ATTR_CHANNEL_ID={0x8, 0x4, 0x6}, @NCSI_ATTR_CHANNEL_MASK={0x8, 0x8, 0x9}, @NCSI_ATTR_PACKAGE_MASK={0x8, 0x7, 0x6}]}, 0x34}, 0x1, 0x0, 0x0, 0x4040041}, 0x8000) sendmmsg$auto(0x4, 0x0, 0x9a2, 0x4e) recvmmsg$auto(0x3, 0x0, 0x10000, 0x6, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) syz_genetlink_get_family_id$auto_batadv(0x0, r1) 2.804018214s ago: executing program 3 (id=1211): set_mempolicy$auto(0x6, &(0x7f0000000000)=0x7f, 0xffffffffffffffff) close_range$auto(0xffffffffffffffff, 0x8, 0x0) mmap$auto(0x0, 0x9, 0xdf, 0xeb1, 0x401, 0x8000) pwrite64$auto(0xc8, 0x0, 0xfdef, 0x2) write$auto(0xca, &(0x7f0000000000)='\x04>\x01\x01\x00\x00\x00\x00\x01_\x9e\x99:R\xcc\x96\b\'\x02\xb0\x93l\xeb\x87\r\b\x87\x14\xf8e6\x9c%\xb6\x9a\\S\xa2(Q\xcc', 0x81) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/i8042/serio0/scroll\x00', 0x2062, 0x0) write$auto(r0, &(0x7f00000001c0)='1\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) ioctl$auto(0xffffffffffffffff, 0x5646, 0xffffffffffffffff) r1 = open(&(0x7f0000000100)='.\x00', 0x595002, 0x408) mmap$auto(0x100000, 0x7, 0x4000000000df, 0x40eb1, 0xffffffffffffffff, 0x4300000000000) r2 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x8000, 0x0) socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000140)=@ax25={0x3, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x8}, 0x66) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/platform/dummy_hcd.4/usb5/power/level\x00', 0x129882, 0x0) sendfile$auto(r3, r3, 0x0, 0x7) mmap$auto(0x0, 0x2020009, 0x6, 0xeb1, 0xfffffffffffffffa, 0x8000) sysfs$auto(0x2, 0xd, 0x0) r4 = fsopen$auto(0x0, 0xfffffffe) fsconfig$auto(0xffffffffffffffff, 0x8, 0x0, 0x0, 0x0) fsconfig$auto_FSCONFIG_SET_FD(r4, 0x5, &(0x7f00000000c0)='[\x99}/:H\x00', 0x0, 0x0) r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/virtual/block/ram7/queue/chunk_sectors\x00', 0x0, 0x0) pipe2$auto(&(0x7f0000000500)=r3, 0x7) read$auto_kernfs_file_fops_kernfs_internal(r5, &(0x7f0000000200)=""/200, 0x3a) connect$auto(0x3, 0x0, 0x50) read$auto(r2, 0x0, 0x7) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) read$auto_ptdump_curusr_fops_(r1, 0x0, 0x0) mprotect$auto(0x1ffffffffffd, 0x800000008, 0x8000000000004) close_range$auto(0x2, 0x8000, 0x0) 2.706947848s ago: executing program 2 (id=1212): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) r0 = socket(0x28, 0x1, 0x0) r1 = openat$auto_sw_sync_debugfs_fops_sync_debug(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0) ioctl$auto_EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, &(0x7f0000000040)={0x10000, r0, 0x72fd, 0x3, 0x7fff, 0x3b1}) ioctl$auto_SW_SYNC_IOC_CREATE_FENCE(r1, 0xc0285700, &(0x7f0000000080)={0x6, "857e8a33ffd727c793aae4bcf123f6728fcb35c716b9c241eaf12c57a1903b1b", @inferred=r2}) getsockopt$auto(0x3, 0x200000000001, 0x45, 0x0, 0x0) 2.484785842s ago: executing program 3 (id=1213): pread64$auto(0xffffffffffffffff, 0x0, 0x800003, 0x270) openat$auto_nvram_misc_fops_nvram(0xffffffffffffff9c, &(0x7f0000000000), 0x820181, 0x0) r0 = getpid() process_vm_readv$auto(r0, &(0x7f0000000000)={0x0, 0xfff}, 0x1, 0x0, 0x6, 0x0) mremap$auto(0x0, 0x4, 0x4, 0x7, 0x100000000) mmap$auto(0x0, 0x200006, 0x2, 0x40eb1, 0x602, 0x300000000000) connect$auto(0x3, 0x0, 0x54) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/015/001\x00', 0xa901, 0x0) ioctl$auto(r1, 0x5522, 0xf15) ioctl$auto(r1, 0x5523, r1) r2 = landlock_create_ruleset$auto(&(0x7f0000000140)={0x4, 0x1, 0x9}, 0xe, 0x0) landlock_restrict_self$auto(r2, 0xb) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x14f602, 0x0) unshare$auto(0x40000080) semctl$auto(0x201, 0xfffffffffffffffa, 0x3, 0x0) socket(0x2, 0x1, 0x106) shutdown$auto(0x200000003, 0x2) recvmmsg$auto(0x3, &(0x7f0000000100)={{0x0, 0x9, &(0x7f0000000080)={0x0, 0x9}, 0x7, 0x0, 0x1, 0x4}, 0x4}, 0x10000, 0x300, 0x0) listen$auto(0x3, 0x400000) close_range$auto(0x2, 0x8, 0x0) socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0) pwrite64$auto(0xc8, &(0x7f0000000000)='\vX5n\x91p\xe6\x1eRN8\x99\x88\xa2\x06\x00J\x99\x00:\x00!\r>\x94\x1a\xd3\xd3\x1d\xf8\xbebZ\xddL\'\x03\xf1`\x9f\x1e\xf9\xa4\xf8\x15\x02l@\x18*\xc0\xc1\xf2\x14^\x0fo\x84\xfc\x89\x01\x0e\xa4\xdf\xdav\x1cC\x8a\v\x00\x00\x00\x00\x00\x00\x00X\xb9_\xdd*\xd1\x14^\xbe\xa2\x00'/97, 0x10, 0x3) r3 = socket(0x1e, 0x3, 0x2) sendmsg$auto_NFC_CMD_DEP_LINK_UP(r3, &(0x7f0000000240)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x34, 0x0, 0x228, 0x70bd2a, 0x25dfdbff, {}, [@NFC_ATTR_LLC_PARAM_LTO={0x5, 0xf, 0xe}, @NFC_ATTR_TARGET_INDEX={0x8, 0x4, 0x4}, @NFC_ATTR_VENDOR_ID={0x8, 0x1d, 0x7}, @NFC_ATTR_RF_MODE={0x5, 0xb, 0x9}]}, 0x34}, 0x1, 0x0, 0x0, 0x8000}, 0x80) ioctl$sock_SIOCGIFINDEX(r3, 0x8953, 0x0) open$auto(&(0x7f0000000100)='./file0\x00', 0xfffffffc, 0x4) 2.481429836s ago: executing program 2 (id=1221): openat$auto_debugfs_full_proxy_file_operations_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/ieee80211/phy0/misc\x00', 0x20a40, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f000000fc00), 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x80002, 0x73) socket(0x15, 0x5, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty46\x00', 0x0, 0x0) openat$auto_msr_fops_msr(0xffffffffffffff9c, &(0x7f0000000400)='/dev/cpu/0/msr\x00', 0x8142, 0x0) mmap$auto(0x0, 0x8000, 0xdf, 0xeb1, 0x401, 0x8000) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x8000, 0x0) socket(0x15, 0x5, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000280)='/proc/asound/modules\x00', 0x88400, 0x0) io_uring_setup$auto(0xc, 0x0) socket(0x2, 0x5, 0x0) pipe2$auto(0x0, 0x80) openat$auto_uhid_fops_uhid(0xffffffffffffff9c, &(0x7f0000000100), 0x9400, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x1d, 0x2, 0x6) openat$auto_blk_mq_debugfs_fops_blk_mq_debugfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/kernel/debug/block/nbd6/sched/write0_fifo_list\x00', 0x400, 0x0) socket(0xa, 0x1, 0x84) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) close_range$auto(0x2, 0xffffffffffffffff, 0x0) open(0x0, 0x22240, 0x55) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0xc8e03, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x2, 0x0) r1 = socket(0xa, 0x801, 0x84) getsockopt$auto(r1, 0x84, 0x82, 0x0, 0x0) ioctl$auto(0x3, 0x80286f4e, r0) 2.232889599s ago: executing program 2 (id=1214): bpf$auto_BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, &(0x7f0000000400)=@bpf_attr_11={0x4, 0x4e, 0x4, 0x2, 0x2, 0x1, 0xfffffffa}, 0x5) getsockopt$auto(0xffffffffffffffff, 0x3a, 0xbe2, 0x0, 0x0) io_uring_setup$auto(0xa, 0x0) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x1b1080, 0x0) pwrite64$auto(0xffffffffffffffff, 0x0, 0x3747, 0x100) sendmsg$auto_GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x14}, 0x1, 0x0, 0x0, 0x8010}, 0x4000804) lstat$auto(0x0, &(0x7f0000000180)={0xd, 0x2, 0x9, 0x2, 0x0, 0x0, 0x0, 0xfa9a, 0x8, 0x7fffffffffffffff, 0x8000000008, 0x100000007ffffffb, 0x81, 0x0, 0x7, 0x4, 0x3}) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x89fc, &(0x7f0000000040)={'bridge0\x00'}) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000000180)='/dev/cec15\x00', 0x80200, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/nullb0\x00', 0x14fa02, 0x0) close_range$auto(0x0, 0xffffffffffffffff, 0x2) socket(0xa, 0x2, 0x0) cachestat$auto(0xffffffffffffffff, &(0x7f0000000000)={0x4000000000000009, 0x6}, &(0x7f00000000c0)={0x200000200000006, 0x2, 0x20000002008, 0x203, 0x9}, 0x101) mmap$auto(0xfffffffffffffffe, 0x2000a, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) socket(0xa, 0x3, 0x3a) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(0xffffffffffffffff, 0x4, 0x0, 0xeb) r1 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000140)='/dev/bus/usb/039/001\x00', 0x4a941, 0x0) ioctl$auto_USBDEVFS_IOCTL(r1, 0xc0105512, &(0x7f00000001c0)={0x0, 0x5516, 0x0}) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x8001) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) open(0x0, 0x0, 0x408) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) r2 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000240)='/dev/vbi27\x00', 0x88660, 0x0) ioctl$auto(r2, 0x5646, r2) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vbi15\x00', 0x802, 0x0) 2.22582311s ago: executing program 0 (id=1215): pread64$auto(0xffffffffffffffff, 0x0, 0x800003, 0x270) openat$auto_nvram_misc_fops_nvram(0xffffffffffffff9c, &(0x7f0000000000), 0x820181, 0x0) r0 = getpid() process_vm_readv$auto(r0, &(0x7f0000000000)={0x0, 0xfff}, 0x1, 0x0, 0x6, 0x0) mremap$auto(0x0, 0x4, 0x4, 0x7, 0x100000000) mmap$auto(0x0, 0x200006, 0x2, 0x40eb1, 0x602, 0x300000000000) connect$auto(0x3, 0x0, 0x54) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/015/001\x00', 0xa901, 0x0) ioctl$auto(r1, 0x5522, 0xf15) ioctl$auto(r1, 0x5523, r1) landlock_restrict_self$auto(0xffffffffffffffff, 0xb) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x14f602, 0x0) socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0) 1.760506448s ago: executing program 2 (id=1216): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x20000000}, 0x890) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x48000}, 0x40044011) close_range$auto(0x2, 0x8, 0x0) r0 = io_uring_setup$auto(0x6, 0x0) socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff) r1 = openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f000000c340)='/proc/thread-self/pagemap\x00', 0x8000, 0x0) ioctl$auto_PAGEMAP_SCAN(r1, 0xc0606610, &(0x7f000000c380)={0x60, 0x0, 0x100000, 0x7fffffffefff, 0xfffffffffffffffe, 0x1, 0x8, 0xbff, 0x2c, 0x2c, 0x3, 0x2}) prctl$auto(0x1000000003b, 0x1, 0x0, 0x5, 0x7) mmap$auto(0x0, 0x400009, 0xdf, 0x9b72, 0x8000000000000003, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/bus/usb/drivers/usbip-host/match_busid\x00', 0x28b42, 0x0) writev$auto(0x3, &(0x7f0000000100)={&(0x7f0000000340), 0x7111}, 0x8) mlockall$auto(0x7) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) close_range$auto(0x0, 0xffffeffe, 0x2) fanotify_init$auto(0x602, 0x1) open(0x0, 0x662c2, 0xe1d2b27bdc14aa0c) unshare$auto(0x40000080) setsockopt$auto(0x3, 0x10000000084, 0x7b, 0x0, 0xd) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x4, &(0x7f00000002c0)={0x0, 0xffeb}, 0x1, 0x0, 0x5, 0x7}, 0x8}, 0xffffffff, 0xb00) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) ioctl$auto(r2, 0x4b68, 0x1) 1.659946498s ago: executing program 4 (id=1217): set_mempolicy$auto(0x6, &(0x7f0000000000)=0x7f, 0xffffffffffffffff) close_range$auto(0xffffffffffffffff, 0x8, 0x0) mmap$auto(0x0, 0x9, 0xdf, 0xeb1, 0x401, 0x8000) pwrite64$auto(0xc8, 0x0, 0xfdef, 0x2) write$auto(0xca, &(0x7f0000000000)='\x04>\x01\x01\x00\x00\x00\x00\x01_\x9e\x99:R\xcc\x96\b\'\x02\xb0\x93l\xeb\x87\r\b\x87\x14\xf8e6\x9c%\xb6\x9a\\S\xa2(Q\xcc', 0x81) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/i8042/serio0/scroll\x00', 0x2062, 0x0) write$auto(r0, &(0x7f00000001c0)='1\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) ioctl$auto(0xffffffffffffffff, 0x5646, 0xffffffffffffffff) r1 = open(&(0x7f0000000100)='.\x00', 0x595002, 0x408) mmap$auto(0x100000, 0x7, 0x4000000000df, 0x40eb1, 0xffffffffffffffff, 0x4300000000000) r2 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x8000, 0x0) socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000140)=@ax25={0x3, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x8}, 0x66) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/platform/dummy_hcd.4/usb5/power/level\x00', 0x129882, 0x0) sendfile$auto(r3, r3, 0x0, 0x7) mmap$auto(0x0, 0x2020009, 0x6, 0xeb1, 0xfffffffffffffffa, 0x8000) sysfs$auto(0x2, 0xd, 0x0) r4 = fsopen$auto(0x0, 0xfffffffe) fsconfig$auto(0xffffffffffffffff, 0x8, 0x0, 0x0, 0x0) fsconfig$auto_FSCONFIG_SET_FD(r4, 0x5, &(0x7f00000000c0)='[\x99}/:H\x00', 0x0, 0x0) r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/virtual/block/ram7/queue/chunk_sectors\x00', 0x0, 0x0) pipe2$auto(&(0x7f0000000500)=r3, 0x7) read$auto_kernfs_file_fops_kernfs_internal(r5, 0x0, 0x0) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x50) read$auto(r2, 0x0, 0x7) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) read$auto_ptdump_curusr_fops_(r1, 0x0, 0x0) mprotect$auto(0x1ffffffffffd, 0x800000008, 0x8000000000004) close_range$auto(0x2, 0x8000, 0x0) 1.647794525s ago: executing program 3 (id=1218): openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000140)='/dev/audio\x00', 0x100, 0x0) r0 = openat$auto_generic(0xffffffffffffff9c, &(0x7f00000032c0)='/proc/kmsg\x00', 0x20080, 0x0) poll$auto(&(0x7f0000000040)={r0, 0x1000, 0x1c9}, 0x2, 0x7) r1 = socket(0x10, 0x2, 0x4) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'bridge_slave_1\x00'}) syz_genetlink_get_family_id$auto_net_shaper(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$auto_NFSD_CMD_THREADS_SET(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB="0c0000001400"], 0x2c}, 0x1, 0x0, 0x0, 0x4000004}, 0x4830) write$auto(r1, &(0x7f0000000000)='-\x00', 0x2fb) openat$auto_debugfs_full_proxy_file_operations_internal(0xffffffffffffff9c, 0x0, 0x82, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sequencer\x00', 0x800, 0x0) mmap$auto(0x0, 0xe883, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) mmap$auto(0xfffffffffffffffc, 0x40000a, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) r3 = prctl$auto_PR_SET_MM_ENV_END(0x3, 0xb, 0xffffffffffffffff, 0x40000, 0x5e) close_range$auto(r3, 0xffffffffffffffff, 0xfefffffb) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x3, 0x2) connect$auto(0x3, &(0x7f0000000080)=@llc={0x1a, 0x324, 0x9, 0x0, 0x0, 0x1, @random="04e109250f95"}, 0x54) madvise$auto(0x110c230000, 0x8031ca, 0x9) madvise$auto(0x110d231000, 0x1, 0x9) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000480)='/sys/module/zswap/parameters/compressor\x00', 0x80002, 0x0) r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000440)='/sys/devices/platform/dummy_hcd.0/usb1/1-0:1.0/usb1-port1/quirks\x00', 0x0, 0x0) sendfile$auto(r4, r5, 0x0, 0x3) r6 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/module/apparmor/parameters/audit\x00', 0x2, 0x0) read$auto(r6, &(0x7f00000003c0)=']%\'\x00', 0x5) setsockopt$auto(0x3, 0x0, 0x4, 0x0, 0x28) r7 = openat$auto_zero_fops_mem(0xffffffffffffff9c, &(0x7f0000000000), 0x109002, 0x0) sendfile$auto(r7, r7, 0x0, 0x10000800000003) connect$auto(0x3, &(0x7f00000018c0)=@l2tp={0x2, 0x0, @multicast1}, 0x55) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) 1.289245814s ago: executing program 0 (id=1219): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0x2, 0x1, 0x0) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000100)='/dev/radio6\x00', 0x8a240, 0x0) socket(0x10, 0x3, 0x15) socket(0xa, 0x1, 0x84) capset$auto(0x0, 0x0) r0 = open(0x0, 0x22240, 0x154) bpf$auto(0x0, &(0x7f0000000400)=@link_update={r0, @new_prog_fd=0x4, 0x4, @old_map_fd=0x3ff}, 0xa3) openat$auto_proc_page_owner_operations_page_owner(0xffffffffffffff9c, &(0x7f0000000000), 0x301402, 0x0) r1 = openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000000), 0x8001, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000440)='/sys/devices/platform/dummy_hcd.0/usb1/bConfigurationValue\x00', 0x63102, 0x0) sendfile$auto(r2, r2, 0x0, 0x2) io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) fcntl$auto_F_GET_RW_HINT(r1, 0x40b, 0x4bf060d9) write$auto(0x3, 0x0, 0xfffffdef) mmap$auto(0x4, 0x400007, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) write$auto(0xffffffffffffffff, &(0x7f00000002c0)='0T\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k>\xc8\x1f\xad\xf6\xf0\xef\xe4s\x95\xf2\x00\x97S\xb9O\xac\xbe\xd6\\J<\x02YK\xd6M\xe6\xe7\xa0\xb8\xc3[\x01\xc5\xe8|\xb0\xb0\x80\xbf\xa5?=i\x88UB\x1d\x8e\xd3\xc2\x949\xb6\xfb\x006\x02\x9c\x83\x14\x13\x99\xc7\xb4)M\xed\tN $\xd4\x90^?J\x92\x9a?\xf8b\x03\xd8\xdd\x84\xdf\x92\xf0\xcd\xd8\xba\xab\x15\x80\x9eo,\xc8\xf2\x82\xd2\x88\xbeL\xa0\x1a\xd3\xd5Of\x95\xee\x13e\xeb}o\x9b\x86_\xf0?\f<\xf3t7\xb6\x0f\x93\xc79@\xd8x\x9e\xef!\x006\b\xdbWB\x84\xdd\xac\xdau\x86g\x8f\x02@O7\x0f\xf8\x8d(\x9c\xf2NyD\x7f3\x14\x9eg\x86%)\xd6\b\xcd\x1f\x03\x00:\xa6\x83\'\xf4\xf2\x9dd\xf4z\x89\xc5D\xc4\x02\\\x81\xcf\x02Ep\xf6`\xde*\x1dV', 0x2) unshare$auto(0x40000080) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/firmware/memmap/2/type\x00', 0x18b740, 0x0) mmap$auto(0x0, 0x2000d, 0x4000000000df, 0xeb1, 0x404, 0x8000) r4 = getpid() process_vm_readv$auto(r4, &(0x7f0000000000)={0x0, 0xfff}, 0x40000000001, &(0x7f0000000180)={&(0x7f0000000040)="8c9700089d1b208365d5b5d112dbab029ed13881d2f2c7ba2eb01c3db79f77fdc2bb50c64a925009dff4cd1aca925c57100112d88f73348a54396800ed598a0e5500d7c0cbb6b1e91d", 0x40000000001243}, 0x4, 0x0) ioctl$auto(0xffffffffffffffff, 0x400454ca, 0x38) ioctl$auto_TUNSETTXFILTER(0xffffffffffffffff, 0x400454d1, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r3, &(0x7f0000000000)=""/112, 0x70) mmap$auto(0x0, 0x6, 0x3, 0xeb1, 0x7, 0x8000) mmap$auto(0x0, 0x2020006, 0xa, 0xeb1, 0xfffffffffffffffa, 0x8000) 943.118908ms ago: executing program 4 (id=1220): r0 = openat$auto_debugfs_full_proxy_file_operations_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/ieee80211/phy6/aql_enable\x00', 0x2481, 0x0) pwrite64$auto(r0, 0x0, 0x3, 0x4200000000000005) r1 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000002c00)='/dev/cec29\x00', 0x8801, 0x0) ioctl$auto_CEC_ADAP_S_LOG_ADDRS(r1, 0xc05c6104, &(0x7f0000000800)={"fda25684", 0x0, 0x5, 0x3, 0x9b4, 0x9, "e919df43f641bff500000000000010", '\x00', "00010247", '\x00', ["22dfffffffefffff480400", "080000ea385d2cd706e10301", "b000", "5f0600000091148db1ca2a92"]}) close_range$auto(0x2, r0, 0x2) io_uring_setup$auto(0x59, &(0x7f0000000200)={0x0, 0x1d, 0x3800, 0x2, 0x7, 0x400a, 0xffffffffffffffff, [0x9, 0x0, 0xfffffbb5], {0x6, 0x6, 0x8c48, 0x29b, 0x3, 0x7f, 0x0, 0x6, 0xfffffffffffffffd}, {0x100, 0x1, 0x52, 0x8, 0x2, 0x1a7b870a, 0x76c2, 0x9, 0x100000000}}) r2 = socket(0x11, 0x3, 0x2) setresuid$auto(0x2, 0x7, 0x8080) ioctl$sock_SIOCGIFINDEX(r2, 0x8955, 0x0) io_uring_register$auto(0x2, 0x21, &(0x7f0000000240), 0x1) 668.400031ms ago: executing program 4 (id=1222): set_mempolicy$auto(0x6, &(0x7f0000000000)=0x7f, 0xffffffffffffffff) close_range$auto(0xffffffffffffffff, 0x8, 0x0) mmap$auto(0x0, 0x9, 0xdf, 0xeb1, 0x401, 0x8000) pwrite64$auto(0xc8, 0x0, 0xfdef, 0x2) write$auto(0xca, &(0x7f0000000000)='\x04>\x01\x01\x00\x00\x00\x00\x01_\x9e\x99:R\xcc\x96\b\'\x02\xb0\x93l\xeb\x87\r\b\x87\x14\xf8e6\x9c%\xb6\x9a\\S\xa2(Q\xcc', 0x81) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/i8042/serio0/scroll\x00', 0x2062, 0x0) write$auto(r0, &(0x7f00000001c0)='1\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) ioctl$auto(0xffffffffffffffff, 0x5646, 0xffffffffffffffff) r1 = open(&(0x7f0000000100)='.\x00', 0x595002, 0x408) mmap$auto(0x100000, 0x7, 0x4000000000df, 0x40eb1, 0xffffffffffffffff, 0x4300000000000) r2 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x8000, 0x0) socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000140)=@ax25={0x3, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x8}, 0x66) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/platform/dummy_hcd.4/usb5/power/level\x00', 0x129882, 0x0) sendfile$auto(r3, r3, 0x0, 0x7) mmap$auto(0x0, 0x2020009, 0x6, 0xeb1, 0xfffffffffffffffa, 0x8000) sysfs$auto(0x2, 0xd, 0x0) r4 = fsopen$auto(0x0, 0xfffffffe) fsconfig$auto(0xffffffffffffffff, 0x8, 0x0, 0x0, 0x0) fsconfig$auto_FSCONFIG_SET_FD(r4, 0x5, &(0x7f00000000c0)='[\x99}/:H\x00', 0x0, 0x0) r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/virtual/block/ram7/queue/chunk_sectors\x00', 0x0, 0x0) pipe2$auto(&(0x7f0000000500)=r3, 0x7) read$auto_kernfs_file_fops_kernfs_internal(r5, &(0x7f0000000200)=""/200, 0x3a) connect$auto(0x3, 0x0, 0x50) read$auto(r2, 0x0, 0x7) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) read$auto_ptdump_curusr_fops_(r1, 0x0, 0x0) mprotect$auto(0x1ffffffffffd, 0x800000008, 0x8000000000004) close_range$auto(0x2, 0x8000, 0x0) 614.832142ms ago: executing program 3 (id=1223): socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x7, 0xdf, 0x9b72, 0x7, 0x28000) r0 = openat$auto_urandom_fops_random(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$auto_RNDADDENTROPY2(r0, 0x40085203, &(0x7f0000000440)=[0xfff, 0xedc0]) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio\x00', 0x80c0, 0x0) close_range$auto(0x2, r1, 0x0) r2 = socket(0xa, 0x801, 0x84) shutdown$auto(0x200000003, 0x2) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) r3 = openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) poll$auto(&(0x7f0000000180)={r3, 0xfff7, 0x9816}, 0x7f, 0x9) ioctl$auto_VHOST_SET_LOG_FD(r4, 0x4004af07, &(0x7f0000000040)=r2) ioctl$auto_VHOST_SET_OWNER(r4, 0xaf01, 0x0) ioctl$auto(r4, 0x4008af12, 0xe) keyctl$auto(0x7, 0x7fffffffffffffff, 0x0, 0x4, 0x3) r5 = open(&(0x7f00000000c0)='./file0\x00', 0x22240, 0x0) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0xb, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptyr9\x00', 0x40001, 0x0) write$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffffff, 0x0, 0x0) ioctl$auto(0x3, 0x541a, r5) statmount$auto(0x0, &(0x7f0000000180)={0x49, 0x4000001, 0x6, 0x1, 0x4, 0x7181, 0x3ffde, 0xbb41, 0x10, 0x9, 0x80006, 0x80803, 0x4, 0x11ffffffffffd, 0x85, 0xfffffffffffffffe, 0x9, 0x50007, 0x0, 0x0, 0x0, 0x80000001, 0x10000, 0x202, 0x9, 0x7ffc, 0x0, 0x0, 0x7fffffff, 0x3, 0xfffffffc, [0x1, 0x0, 0x0, 0x0, 0xd, 0xfff, 0x3, 0x2, 0x800005, 0x6, 0x4, 0x0, 0x0, 0xfffffffffffffffe, 0x3, 0x2000000800000000, 0x6, 0x0, 0x0, 0xfffffffffffffffe, 0x2, 0xffffffffffffffff, 0x3, 0x4, 0x6, 0x80000000, 0x0, 0x20000000, 0x2, 0x1, 0x0, 0x0, 0x800000009, 0xfffffffffffffffe, 0x4, 0x8001, 0x6, 0x0, 0x1000000000000001, 0x7ff, 0xbffffffffffffffb, 0xfffffffffffffffc, 0x6]}, 0x8, 0xd) r6 = openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f0000000180), 0x1541, 0x0) ioctl$auto__ctl_fops_dm_ioctl(r6, 0xfffffffffffffd02, &(0x7f00000001c0)) arch_prctl$auto_ARCH_SHSTK_STATUS(0x5005, 0x2) prctl$auto_PR_SVE_GET_VL(0x33, 0x3a, 0x2, 0x4, 0x7) 118.364315ms ago: executing program 2 (id=1224): openat$auto_debugfs_full_proxy_file_operations_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/ieee80211/phy0/misc\x00', 0x20a40, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f000000fc00), 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x80002, 0x73) socket(0x15, 0x5, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty46\x00', 0x0, 0x0) openat$auto_msr_fops_msr(0xffffffffffffff9c, &(0x7f0000000400)='/dev/cpu/0/msr\x00', 0x8142, 0x0) mmap$auto(0x0, 0x8000, 0xdf, 0xeb1, 0x401, 0x8000) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x8000, 0x0) socket(0x15, 0x5, 0x40000) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000280)='/proc/asound/modules\x00', 0x88400, 0x0) io_uring_setup$auto(0xc, 0x0) socket(0x2, 0x5, 0x0) pipe2$auto(0x0, 0x80) openat$auto_uhid_fops_uhid(0xffffffffffffff9c, &(0x7f0000000100), 0x9400, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x1d, 0x2, 0x6) openat$auto_blk_mq_debugfs_fops_blk_mq_debugfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/kernel/debug/block/nbd6/sched/write0_fifo_list\x00', 0x400, 0x0) socket(0xa, 0x1, 0x84) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) close_range$auto(0x2, 0xffffffffffffffff, 0x0) open(0x0, 0x22240, 0x55) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0xc8e03, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x2, 0x0) socket(0xa, 0x801, 0x84) getsockopt$auto(r0, 0x400084, 0x7, 0x0, 0x0) ioctl$auto(0x3, 0x40106f52, r1) 63.395973ms ago: executing program 0 (id=1225): openat$auto_debugfs_full_proxy_file_operations_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/ieee80211/phy0/misc\x00', 0x20a40, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f000000fc00), 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x80002, 0x73) socket(0x15, 0x5, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty46\x00', 0x0, 0x0) openat$auto_msr_fops_msr(0xffffffffffffff9c, &(0x7f0000000400)='/dev/cpu/0/msr\x00', 0x8142, 0x0) mmap$auto(0x0, 0x8000, 0xdf, 0xeb1, 0x401, 0x8000) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x8000, 0x0) socket(0x15, 0x5, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000280)='/proc/asound/modules\x00', 0x88400, 0x0) io_uring_setup$auto(0xc, 0x0) socket(0x2, 0x5, 0x0) pipe2$auto(0x0, 0x80) openat$auto_uhid_fops_uhid(0xffffffffffffff9c, &(0x7f0000000100), 0x9400, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x1d, 0x2, 0x6) openat$auto_blk_mq_debugfs_fops_blk_mq_debugfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/kernel/debug/block/nbd6/sched/write0_fifo_list\x00', 0x400, 0x0) socket(0xa, 0x1, 0x84) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) close_range$auto(0x2, 0xffffffffffffffff, 0x0) open(0x0, 0x22240, 0x55) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0xc8e03, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x2, 0x0) r1 = socket(0xa, 0x801, 0x84) getsockopt$auto(r1, 0x84, 0x82, 0x0, 0x0) ioctl$auto(0x3, 0x80a86f3d, r0) 16.537482ms ago: executing program 3 (id=1226): bpf$auto_BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, &(0x7f0000000400)=@bpf_attr_11={0x4, 0x4e, 0x4, 0x2, 0x2, 0x1, 0xfffffffa}, 0x5) getsockopt$auto(0xffffffffffffffff, 0x3a, 0xbe2, 0x0, 0x0) io_uring_setup$auto(0xa, 0x0) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x1b1080, 0x0) pwrite64$auto(0xffffffffffffffff, 0x0, 0x3747, 0x100) sendmsg$auto_GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x14}, 0x1, 0x0, 0x0, 0x8010}, 0x4000804) lstat$auto(0x0, &(0x7f0000000180)={0xd, 0x2, 0x9, 0x2, 0x0, 0x0, 0x0, 0xfa9a, 0x8, 0x7fffffffffffffff, 0x8000000008, 0x100000007ffffffb, 0x81, 0x0, 0x7, 0x4, 0x3}) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x89fc, &(0x7f0000000040)={'bridge0\x00'}) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000000180)='/dev/cec15\x00', 0x80200, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/nullb0\x00', 0x14fa02, 0x0) close_range$auto(0x0, 0xffffffffffffffff, 0x2) socket(0xa, 0x2, 0x0) cachestat$auto(0xffffffffffffffff, &(0x7f0000000000)={0x4000000000000009, 0x6}, &(0x7f00000000c0)={0x200000200000006, 0x2, 0x20000002008, 0x203, 0x9}, 0x101) mmap$auto(0xfffffffffffffffe, 0x2000a, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) socket(0xa, 0x3, 0x3a) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(0xffffffffffffffff, 0x4, 0x0, 0xeb) r1 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000140)='/dev/bus/usb/039/001\x00', 0x4a941, 0x0) ioctl$auto_USBDEVFS_IOCTL(r1, 0xc0105512, &(0x7f00000001c0)={0x0, 0x5516, 0x0}) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x8001) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) open(0x0, 0x0, 0x408) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) r2 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000240)='/dev/vbi27\x00', 0x88660, 0x0) ioctl$auto(r2, 0x5646, r2) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vbi15\x00', 0x802, 0x0) 0s ago: executing program 2 (id=1234): openat$auto_debugfs_full_proxy_file_operations_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/ieee80211/phy0/misc\x00', 0x20a40, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f000000fc00), 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket(0x11, 0x80002, 0x0) socket(0x15, 0x5, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty46\x00', 0x0, 0x0) openat$auto_msr_fops_msr(0xffffffffffffff9c, &(0x7f0000000400)='/dev/cpu/0/msr\x00', 0x8142, 0x0) mmap$auto(0x0, 0x8000, 0xdf, 0xeb1, 0x401, 0x8000) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x8000, 0x0) socket(0x15, 0x5, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/asound/card1/pcm1c/sub4/info\x00', 0x8400, 0x0) io_uring_setup$auto(0xc, 0x0) socket(0x2, 0x5, 0x0) pipe2$auto(0x0, 0x10000401) openat$auto_uhid_fops_uhid(0xffffffffffffff9c, &(0x7f0000000100), 0x9400, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x1, 0x2, 0x8) openat$auto_blk_mq_debugfs_fops_blk_mq_debugfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/kernel/debug/block/nbd6/sched/write0_fifo_list\x00', 0x400, 0x0) socket(0xa, 0x1, 0x84) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) close_range$auto(0x2, 0xffffffffffffffff, 0x0) open(0x0, 0x22240, 0x55) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0xc8e03, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x2, 0x0) r1 = socket(0xa, 0x801, 0x84) getsockopt$auto(r1, 0x84, 0x82, 0x0, 0x0) ioctl$auto(0x3, 0x40106f52, r0) kernel console output (not intermixed with test programs): fter parsing attributes in process `syz.3.403'. [ 164.026447][ T5640] Bluetooth: hci3: command 0x2016 tx timeout [ 164.642352][ T5633] Bluetooth: hci0: unexpected subevent 0x01 length: 125 > 18 [ 164.650245][ T5633] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:0' [ 164.661980][ T5633] CPU: 0 UID: 0 PID: 5633 Comm: kworker/u9:4 Tainted: G L syzkaller #0 PREEMPT(full) [ 164.662028][ T5633] Tainted: [L]=SOFTLOCKUP [ 164.662038][ T5633] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 164.662058][ T5633] Workqueue: hci0 hci_rx_work [ 164.662100][ T5633] Call Trace: [ 164.662109][ T5633] [ 164.662120][ T5633] dump_stack_lvl+0x100/0x190 [ 164.662156][ T5633] sysfs_warn_dup.cold+0x1c/0x28 [ 164.662199][ T5633] sysfs_create_dir_ns+0x24b/0x2b0 [ 164.662232][ T5633] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 164.662261][ T5633] ? find_held_lock+0x2b/0x80 [ 164.662298][ T5633] ? kobject_add_internal+0x25f/0x930 [ 164.662328][ T5633] ? kobject_add_internal+0x25f/0x930 [ 164.662361][ T5633] ? do_raw_spin_unlock+0x145/0x1e0 [ 164.662397][ T5633] kobject_add_internal+0x2c8/0x930 [ 164.662434][ T5633] kobject_add+0x16a/0x1e0 [ 164.662464][ T5633] ? __pfx_kobject_add+0x10/0x10 [ 164.662492][ T5633] ? class_to_subsys+0x10f/0x150 [ 164.662537][ T5633] ? kobject_put+0xb9/0x640 [ 164.662572][ T5633] ? _raw_spin_unlock+0x28/0x50 [ 164.662619][ T5633] device_add+0x294/0x1950 [ 164.662658][ T5633] ? __pfx_dev_set_name+0x10/0x10 [ 164.662701][ T5633] ? __pfx_device_add+0x10/0x10 [ 164.662738][ T5633] ? mgmt_send_event_skb+0x2fb/0x460 [ 164.662785][ T5633] hci_conn_add_sysfs+0x1a3/0x260 [ 164.662839][ T5633] le_conn_complete_evt+0x11eb/0x1f60 [ 164.662900][ T5633] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 164.662936][ T5633] ? __pfx_bt_warn+0x10/0x10 [ 164.662995][ T5633] hci_le_conn_complete_evt+0x23c/0x3a0 [ 164.663041][ T5633] ? skb_pull_data+0x15f/0x1e0 [ 164.663086][ T5633] hci_le_meta_evt+0x34a/0x5f0 [ 164.663127][ T5633] ? __pfx_hci_le_conn_complete_evt+0x10/0x10 [ 164.663171][ T5633] hci_event_packet+0x51c/0xcd0 [ 164.663210][ T5633] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 164.663251][ T5633] ? __pfx_hci_event_packet+0x10/0x10 [ 164.663293][ T5633] ? kcov_remote_start+0x374/0x660 [ 164.663333][ T5633] ? lockdep_hardirqs_on+0x78/0x100 [ 164.663387][ T5633] hci_rx_work+0x451/0xfc0 [ 164.663431][ T5633] process_one_work+0xa0e/0x1980 [ 164.663478][ T5633] ? __pfx_process_one_work+0x10/0x10 [ 164.663519][ T5633] ? __pfx_hci_rx_work+0x10/0x10 [ 164.663559][ T5633] worker_thread+0x5ef/0xe50 [ 164.663601][ T5633] ? kthread+0x13a/0x450 [ 164.663624][ T5633] ? __pfx_worker_thread+0x10/0x10 [ 164.663651][ T5633] kthread+0x370/0x450 [ 164.663675][ T5633] ? __pfx_kthread+0x10/0x10 [ 164.663703][ T5633] ret_from_fork+0x72b/0xd50 [ 164.663735][ T5633] ? __pfx_ret_from_fork+0x10/0x10 [ 164.663768][ T5633] ? __switch_to+0x800/0x1100 [ 164.663807][ T5633] ? __switch_to_asm+0x39/0x70 [ 164.663851][ T5633] ? __pfx_kthread+0x10/0x10 [ 164.663879][ T5633] ret_from_fork_asm+0x1a/0x30 [ 164.663936][ T5633] [ 164.663995][ T5633] kobject: kobject_add_internal failed for hci0:0 with -EEXIST, don't try to register things with the same name in the same directory. [ 164.664043][ T5633] Bluetooth: hci0: failed to register connection device [ 164.986396][ T5633] Bluetooth: hci2: command 0x2016 tx timeout [ 165.206994][ T7475] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(6.0.4294967293), cmd(2) [ 165.248185][ T4943] Bluetooth: hci0: command 0x2016 tx timeout [ 165.751476][ T7485] FAULT_INJECTION: forcing a failure. [ 165.751476][ T7485] name fail_futex, interval 1, probability 0, space 0, times 0 [ 165.812345][ T7485] CPU: 0 UID: 0 PID: 7485 Comm: syz.2.410 Tainted: G L syzkaller #0 PREEMPT(full) [ 165.812391][ T7485] Tainted: [L]=SOFTLOCKUP [ 165.812400][ T7485] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 165.812416][ T7485] Call Trace: [ 165.812425][ T7485] [ 165.812435][ T7485] dump_stack_lvl+0x100/0x190 [ 165.812472][ T7485] should_fail_ex.cold+0x5/0xa [ 165.812506][ T7485] get_futex_key+0x1d2/0x1510 [ 165.812539][ T7485] ? __pfx_get_futex_key+0x10/0x10 [ 165.812569][ T7485] ? find_held_lock+0x2b/0x80 [ 165.812604][ T7485] ? futex_wake+0x456/0x530 [ 165.812653][ T7485] futex_wake+0xea/0x530 [ 165.812692][ T7485] ? __pfx_futex_wake+0x10/0x10 [ 165.812731][ T7485] ? __lock_acquire+0x4a5/0x2630 [ 165.812767][ T7485] do_futex+0x32b/0x350 [ 165.812798][ T7485] ? __pfx_do_futex+0x10/0x10 [ 165.812830][ T7485] ? find_held_lock+0x2b/0x80 [ 165.812871][ T7485] __x64_sys_futex+0x34f/0x4d0 [ 165.812904][ T7485] ? __pfx___x64_sys_futex+0x10/0x10 [ 165.812939][ T7485] ? rcu_is_watching+0x12/0xc0 [ 165.812972][ T7485] do_syscall_64+0x10b/0xf80 [ 165.813008][ T7485] ? clear_bhb_loop+0x40/0x90 [ 165.813038][ T7485] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 165.813065][ T7485] RIP: 0033:0x7f530219ce59 [ 165.813087][ T7485] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 165.813112][ T7485] RSP: 002b:00007f5302fc40e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 165.813140][ T7485] RAX: ffffffffffffffda RBX: 00007f5302415fa8 RCX: 00007f530219ce59 [ 165.813156][ T7485] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f5302415fac [ 165.813171][ T7485] RBP: 00007f5302415fa0 R08: 0000000000000001 R09: 0000000000000000 [ 165.813186][ T7485] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000 [ 165.813202][ T7485] R13: 00007f5302416038 R14: 00007ffd5fa8f790 R15: 00007ffd5fa8f878 [ 165.813232][ T7485] [ 166.108085][ T5638] Bluetooth: hci3: command 0x2016 tx timeout [ 166.788449][ T5638] Bluetooth: hci1: unexpected subevent 0x01 length: 125 > 18 [ 166.980375][ T7502] Process accounting resumed [ 167.066919][ T5638] Bluetooth: hci2: command 0x2016 tx timeout [ 167.355864][ T7521] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(704.8192.32), cmd(4) [ 167.387744][ T5633] Bluetooth: hci0: command 0x2016 tx timeout [ 168.186438][ T4943] Bluetooth: hci3: command 0x2016 tx timeout [ 168.357642][ T7543] random: crng reseeded on system resumption [ 168.430006][ T7543] hub 1-0:1.0: USB hub found [ 168.451700][ T7543] hub 1-0:1.0: 1 port detected [ 168.826892][ T4943] Bluetooth: hci1: command 0x2016 tx timeout [ 169.239357][ T4943] Bluetooth: hci1: unexpected subevent 0x01 length: 125 > 18 [ 169.249208][ T4943] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci1/hci1:0' [ 169.258729][ T4943] CPU: 1 UID: 0 PID: 4943 Comm: kworker/u9:1 Tainted: G L syzkaller #0 PREEMPT(full) [ 169.258769][ T4943] Tainted: [L]=SOFTLOCKUP [ 169.258778][ T4943] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 169.258795][ T4943] Workqueue: hci1 hci_rx_work [ 169.258833][ T4943] Call Trace: [ 169.258842][ T4943] [ 169.258852][ T4943] dump_stack_lvl+0x100/0x190 [ 169.258887][ T4943] sysfs_warn_dup.cold+0x1c/0x28 [ 169.258931][ T4943] sysfs_create_dir_ns+0x24b/0x2b0 [ 169.258962][ T4943] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 169.258992][ T4943] ? find_held_lock+0x2b/0x80 [ 169.259030][ T4943] ? kobject_add_internal+0x25f/0x930 [ 169.259062][ T4943] ? kobject_add_internal+0x25f/0x930 [ 169.259097][ T4943] ? do_raw_spin_unlock+0x145/0x1e0 [ 169.259145][ T4943] kobject_add_internal+0x2c8/0x930 [ 169.259182][ T4943] kobject_add+0x16a/0x1e0 [ 169.259212][ T4943] ? __pfx_kobject_add+0x10/0x10 [ 169.259239][ T4943] ? class_to_subsys+0x10f/0x150 [ 169.259283][ T4943] ? kobject_put+0xb9/0x640 [ 169.259308][ T4943] ? _raw_spin_unlock+0x28/0x50 [ 169.259353][ T4943] device_add+0x294/0x1950 [ 169.259389][ T4943] ? __pfx_dev_set_name+0x10/0x10 [ 169.259430][ T4943] ? __pfx_device_add+0x10/0x10 [ 169.259467][ T4943] ? mgmt_send_event_skb+0x2fb/0x460 [ 169.259515][ T4943] hci_conn_add_sysfs+0x1a3/0x260 [ 169.259561][ T4943] le_conn_complete_evt+0x11eb/0x1f60 [ 169.259607][ T4943] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 169.259643][ T4943] ? __pfx_bt_warn+0x10/0x10 [ 169.259696][ T4943] hci_le_conn_complete_evt+0x23c/0x3a0 [ 169.259736][ T4943] ? skb_pull_data+0x15f/0x1e0 [ 169.259779][ T4943] hci_le_meta_evt+0x34a/0x5f0 [ 169.259819][ T4943] ? __pfx_hci_le_conn_complete_evt+0x10/0x10 [ 169.259863][ T4943] hci_event_packet+0x51c/0xcd0 [ 169.259901][ T4943] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 169.259941][ T4943] ? __pfx_hci_event_packet+0x10/0x10 [ 169.259982][ T4943] ? kcov_remote_start+0x374/0x660 [ 169.260023][ T4943] ? lockdep_hardirqs_on+0x78/0x100 [ 169.260076][ T4943] hci_rx_work+0x451/0xfc0 [ 169.260131][ T4943] process_one_work+0xa0e/0x1980 [ 169.260178][ T4943] ? __pfx_process_one_work+0x10/0x10 [ 169.260220][ T4943] ? __pfx_hci_rx_work+0x10/0x10 [ 169.260259][ T4943] worker_thread+0x5ef/0xe50 [ 169.260303][ T4943] ? kthread+0x13a/0x450 [ 169.260326][ T4943] ? __pfx_worker_thread+0x10/0x10 [ 169.260353][ T4943] kthread+0x370/0x450 [ 169.260387][ T4943] ? __pfx_kthread+0x10/0x10 [ 169.260415][ T4943] ret_from_fork+0x72b/0xd50 [ 169.260448][ T4943] ? __pfx_ret_from_fork+0x10/0x10 [ 169.260482][ T4943] ? __switch_to+0x800/0x1100 [ 169.260519][ T4943] ? __switch_to_asm+0x39/0x70 [ 169.260556][ T4943] ? __pfx_kthread+0x10/0x10 [ 169.260582][ T4943] ret_from_fork_asm+0x1a/0x30 [ 169.260637][ T4943] [ 169.260711][ T4943] kobject: kobject_add_internal failed for hci1:0 with -EEXIST, don't try to register things with the same name in the same directory. [ 169.483708][ T7551] hub 1-0:1.0: USB hub found [ 169.486990][ T5633] Bluetooth: hci0: command 0x2016 tx timeout [ 169.561983][ T4943] Bluetooth: hci1: failed to register connection device [ 169.570488][ T7551] hub 1-0:1.0: 1 port detected [ 169.771610][ T7558] usb usb21: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 170.906393][ T5633] Bluetooth: hci1: command 0x2016 tx timeout [ 171.467845][ T7589] FAULT_INJECTION: forcing a failure. [ 171.467845][ T7589] name failslab, interval 1, probability 0, space 0, times 0 [ 171.500190][ T7589] CPU: 0 UID: 0 PID: 7589 Comm: syz.3.437 Tainted: G L syzkaller #0 PREEMPT(full) [ 171.500235][ T7589] Tainted: [L]=SOFTLOCKUP [ 171.500244][ T7589] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 171.500259][ T7589] Call Trace: [ 171.500268][ T7589] [ 171.500280][ T7589] dump_stack_lvl+0x100/0x190 [ 171.500318][ T7589] should_fail_ex.cold+0x5/0xa [ 171.500355][ T7589] should_failslab+0xc2/0x120 [ 171.500389][ T7589] __kmalloc_cache_noprof+0x7a/0x6f0 [ 171.500430][ T7589] ? io_uring_alloc_task_context+0x1a3/0x51f [ 171.500474][ T7589] ? __percpu_counter_init_many+0x2c1/0x3b0 [ 171.500514][ T7589] io_uring_alloc_task_context+0x1a3/0x51f [ 171.500563][ T7589] ? __pfx_io_uring_alloc_task_context+0x10/0x10 [ 171.500615][ T7589] ? alloc_file_pseudo+0x1a5/0x230 [ 171.500659][ T7589] __io_uring_add_tctx_node.cold+0x15/0x1a1 [ 171.500703][ T7589] ? security_inode_init_security_anon+0x7b/0x230 [ 171.500733][ T7589] ? __pfx___io_uring_add_tctx_node+0x10/0x10 [ 171.500774][ T7589] ? __anon_inode_getfile+0x17c/0x280 [ 171.500818][ T7589] io_uring_setup.cold+0x1993/0x1c6e [ 171.500866][ T7589] ? __pfx_io_uring_setup+0x10/0x10 [ 171.500906][ T7589] ? __pfx_do_futex+0x10/0x10 [ 171.500949][ T7589] ? xfd_validate_state+0x129/0x190 [ 171.500987][ T7589] __x64_sys_io_uring_setup+0xc2/0x170 [ 171.501019][ T7589] do_syscall_64+0x10b/0xf80 [ 171.501057][ T7589] ? clear_bhb_loop+0x40/0x90 [ 171.501099][ T7589] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 171.501129][ T7589] RIP: 0033:0x7f0fb959ce59 [ 171.501154][ T7589] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 171.501178][ T7589] RSP: 002b:00007f0fba539028 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 171.501204][ T7589] RAX: ffffffffffffffda RBX: 00007f0fb9815fa0 RCX: 00007f0fb959ce59 [ 171.501223][ T7589] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000a [ 171.501239][ T7589] RBP: 00007f0fb9632d6f R08: 0000000000000000 R09: 0000000000000000 [ 171.501255][ T7589] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 171.501268][ T7589] R13: 00007f0fb9816038 R14: 00007f0fb9815fa0 R15: 00007fff308bfb48 [ 171.501303][ T7589] [ 171.957927][ T7280] syz.2.349 (7280) used greatest stack depth: 19120 bytes left [ 171.995445][ T7593] netlink: 8 bytes leftover after parsing attributes in process `syz.2.438'. [ 172.538177][ T7609] kernel profiling enabled (shift: 0) [ 172.619106][ T7602] sysfs_service_op_store: Client not running :-5: [ 172.700471][ T7602] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 172.728865][ T7602] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 172.784768][ T30] audit: type=1800 audit(1843104594.660:3): pid=7602 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.439" name="dbroot" dev="configfs" ino=17343 res=0 errno=0 [ 172.987781][ T5633] Bluetooth: hci1: command 0x2016 tx timeout [ 173.327678][ T7615] random: crng reseeded on system resumption [ 173.409281][ T7615] hub 1-0:1.0: USB hub found [ 173.425726][ T7615] hub 1-0:1.0: 1 port detected [ 174.208285][ T7309] syz.2.349 (7309) used greatest stack depth: 19096 bytes left [ 175.066503][ T5633] Bluetooth: hci1: command 0x2016 tx timeout [ 175.824979][ T7646] random: crng reseeded on system resumption [ 175.950853][ T7646] hub 1-0:1.0: USB hub found [ 175.977621][ T7646] hub 1-0:1.0: 1 port detected [ 177.002540][ T7681] random: crng reseeded on system resumption [ 177.022814][ T7681] hub 1-0:1.0: USB hub found [ 177.028714][ T7681] hub 1-0:1.0: 1 port detected [ 177.787597][ T7701] bond0: invalid ARP target specified [ 178.121601][ T7718] random: crng reseeded on system resumption [ 178.172075][ T7718] hub 1-0:1.0: USB hub found [ 178.177605][ T7718] hub 1-0:1.0: 1 port detected [ 179.371946][ T5640] Bluetooth: hci2: unexpected subevent 0x01 length: 125 > 18 [ 179.404102][ T7757] FAULT_INJECTION: forcing a failure. [ 179.404102][ T7757] name failslab, interval 1, probability 0, space 0, times 0 [ 179.443515][ T7757] CPU: 0 UID: 0 PID: 7757 Comm: syz.3.484 Tainted: G L syzkaller #0 PREEMPT(full) [ 179.443564][ T7757] Tainted: [L]=SOFTLOCKUP [ 179.443575][ T7757] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 179.443592][ T7757] Call Trace: [ 179.443601][ T7757] [ 179.443612][ T7757] dump_stack_lvl+0x100/0x190 [ 179.443650][ T7757] should_fail_ex.cold+0x5/0xa [ 179.443688][ T7757] should_failslab+0xc2/0x120 [ 179.443720][ T7757] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 179.443765][ T7757] ? security_file_alloc+0x34/0x2c0 [ 179.443798][ T7757] ? trace_kmem_cache_alloc+0xd5/0x100 [ 179.443832][ T7757] security_file_alloc+0x34/0x2c0 [ 179.443851][ T7757] init_file+0x95/0x480 [ 179.443873][ T7757] alloc_empty_file+0x79/0x1c0 [ 179.443895][ T7757] alloc_file_pseudo+0x13a/0x230 [ 179.443917][ T7757] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 179.443938][ T7757] ? security_inode_init_security_anon+0x7b/0x230 [ 179.443961][ T7757] __anon_inode_getfile+0xe8/0x280 [ 179.443981][ T7757] ? _copy_to_user+0xaf/0xd0 [ 179.443998][ T7757] io_uring_setup.cold+0x1951/0x1c6e [ 179.444024][ T7757] ? __pfx_io_uring_setup+0x10/0x10 [ 179.444045][ T7757] ? __pfx_do_futex+0x10/0x10 [ 179.444069][ T7757] ? xfd_validate_state+0x129/0x190 [ 179.444090][ T7757] __x64_sys_io_uring_setup+0xc2/0x170 [ 179.444109][ T7757] do_syscall_64+0x10b/0xf80 [ 179.444130][ T7757] ? clear_bhb_loop+0x40/0x90 [ 179.444147][ T7757] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 179.444163][ T7757] RIP: 0033:0x7f0fb959ce59 [ 179.444184][ T7757] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 179.444200][ T7757] RSP: 002b:00007f0fba539028 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 179.444215][ T7757] RAX: ffffffffffffffda RBX: 00007f0fb9815fa0 RCX: 00007f0fb959ce59 [ 179.444225][ T7757] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000a [ 179.444234][ T7757] RBP: 00007f0fb9632d6f R08: 0000000000000000 R09: 0000000000000000 [ 179.444243][ T7757] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 179.444252][ T7757] R13: 00007f0fb9816038 R14: 00007f0fb9815fa0 R15: 00007fff308bfb48 [ 179.444272][ T7757] [ 180.404333][ T7782] random: crng reseeded on system resumption [ 180.469913][ T7782] hub 1-0:1.0: USB hub found [ 180.484456][ T7782] hub 1-0:1.0: 1 port detected [ 180.570134][ T7785] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 181.392906][ T5633] Bluetooth: hci2: command 0x2016 tx timeout [ 182.052251][ T5640] Bluetooth: hci1: unexpected subevent 0x01 length: 125 > 18 [ 183.466831][ T5640] Bluetooth: hci2: command 0x2016 tx timeout [ 184.106420][ T5633] Bluetooth: hci1: command 0x2016 tx timeout [ 184.412773][ T7844] udc dummy_udc.0: soft-connect without a gadget driver [ 184.711641][ T7844] netlink: 'syz.2.504': attribute type 1 has an invalid length. [ 185.132721][ T7846] usb usb16: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 186.186613][ T4943] Bluetooth: hci1: command 0x2016 tx timeout [ 187.942889][ T5633] Bluetooth: hci1: unexpected subevent 0x01 length: 125 > 18 [ 188.184794][ T7909] random: crng reseeded on system resumption [ 188.251627][ T7909] hub 1-0:1.0: USB hub found [ 188.263998][ T7909] hub 1-0:1.0: 1 port detected [ 190.027688][ T4943] Bluetooth: hci1: command 0x2016 tx timeout [ 191.220975][ T4943] Bluetooth: hci2: unexpected subevent 0x01 length: 125 > 18 [ 192.106403][ T4943] Bluetooth: hci1: command 0x2016 tx timeout [ 192.116573][ T7976] futex_wake_op: syz.2.537 tries to shift op by -2048; fix this program [ 192.154508][ T7976] 0x000000000001-0x000000020000 : "" [ 192.167157][ T7976] ftl_cs: FTL header corrupt! [ 192.316460][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 193.306585][ T5640] Bluetooth: hci2: command 0x2016 tx timeout [ 193.780165][ T7997] netlink: 186 bytes leftover after parsing attributes in process `syz.2.542'. [ 193.821864][ T7994] can: request_module (can-proto-5) failed. [ 193.879631][ T4943] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 193.891233][ T4943] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 193.903772][ T4943] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 193.915163][ T4943] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 193.926463][ T4943] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 194.189427][ T8008] netlink: 342 bytes leftover after parsing attributes in process `syz.3.543'. [ 194.430630][ T1315] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.430709][ T1315] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.829401][ T8023] random: crng reseeded on system resumption [ 194.932616][ T8023] hub 1-0:1.0: USB hub found [ 194.946832][ T8023] hub 1-0:1.0: 1 port detected [ 195.039280][ T6094] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 195.201791][ T8032] hub 1-0:1.0: USB hub found [ 195.222931][ T8032] hub 1-0:1.0: 1 port detected [ 195.292903][ T6094] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 195.388553][ T4943] Bluetooth: hci2: command 0x2016 tx timeout [ 195.531979][ T6094] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 195.666159][ T8043] hub 1-0:1.0: USB hub found [ 195.674059][ T8043] hub 1-0:1.0: 1 port detected [ 195.676904][ T6094] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 196.027310][ T5640] Bluetooth: hci4: command tx timeout [ 196.585661][ T6094] bridge_slave_1: left allmulticast mode [ 196.605390][ T6094] bridge_slave_1: left promiscuous mode [ 196.630536][ T6094] bridge0: port 2(bridge_slave_1) entered disabled state [ 196.691176][ T6094] bridge_slave_0: left allmulticast mode [ 196.710156][ T6094] bridge_slave_0: left promiscuous mode [ 196.736749][ T6094] bridge0: port 1(bridge_slave_0) entered disabled state [ 197.033024][ T5640] Bluetooth: hci1: unexpected subevent 0x01 length: 125 > 18 [ 197.183345][ T6094] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 197.193049][ T8071] Process accounting paused [ 197.226289][ T6094] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 197.278566][ T6094] bond0 (unregistering): Released all slaves [ 197.460212][ T8076] FAULT_INJECTION: forcing a failure. [ 197.460212][ T8076] name failslab, interval 1, probability 0, space 0, times 0 [ 197.542381][ T8076] CPU: 1 UID: 0 PID: 8076 Comm: syz.0.561 Tainted: G L syzkaller #0 PREEMPT(full) [ 197.542428][ T8076] Tainted: [L]=SOFTLOCKUP [ 197.542438][ T8076] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 197.542455][ T8076] Call Trace: [ 197.542464][ T8076] [ 197.542476][ T8076] dump_stack_lvl+0x100/0x190 [ 197.542514][ T8076] should_fail_ex.cold+0x5/0xa [ 197.542551][ T8076] should_failslab+0xc2/0x120 [ 197.542585][ T8076] __kmalloc_cache_noprof+0x7a/0x6f0 [ 197.542626][ T8076] ? io_uring_alloc_task_context+0x1a3/0x51f [ 197.542674][ T8076] ? __percpu_counter_init_many+0x2c1/0x3b0 [ 197.542712][ T8076] io_uring_alloc_task_context+0x1a3/0x51f [ 197.542768][ T8076] ? __pfx_io_uring_alloc_task_context+0x10/0x10 [ 197.542821][ T8076] ? alloc_file_pseudo+0x1a5/0x230 [ 197.542869][ T8076] __io_uring_add_tctx_node.cold+0x15/0x1a1 [ 197.542916][ T8076] ? security_inode_init_security_anon+0x7b/0x230 [ 197.542949][ T8076] ? __pfx___io_uring_add_tctx_node+0x10/0x10 [ 197.542997][ T8076] ? __anon_inode_getfile+0x17c/0x280 [ 197.543042][ T8076] io_uring_setup.cold+0x1993/0x1c6e [ 197.543092][ T8076] ? __pfx_io_uring_setup+0x10/0x10 [ 197.543131][ T8076] ? __pfx_do_futex+0x10/0x10 [ 197.543179][ T8076] ? xfd_validate_state+0x129/0x190 [ 197.543219][ T8076] __x64_sys_io_uring_setup+0xc2/0x170 [ 197.543256][ T8076] do_syscall_64+0x10b/0xf80 [ 197.543297][ T8076] ? clear_bhb_loop+0x40/0x90 [ 197.543332][ T8076] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 197.543363][ T8076] RIP: 0033:0x7f2171b9ce59 [ 197.543386][ T8076] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 197.543414][ T8076] RSP: 002b:00007f21729a2028 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 197.543445][ T8076] RAX: ffffffffffffffda RBX: 00007f2171e15fa0 RCX: 00007f2171b9ce59 [ 197.543465][ T8076] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000a [ 197.543481][ T8076] RBP: 00007f2171c32d6f R08: 0000000000000000 R09: 0000000000000000 [ 197.543499][ T8076] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 197.543515][ T8076] R13: 00007f2171e16038 R14: 00007f2171e15fa0 R15: 00007ffd352b3728 [ 197.543552][ T8076] [ 197.940738][ T8085] random: crng reseeded on system resumption [ 198.065445][ T8085] hub 1-0:1.0: USB hub found [ 198.093166][ T8085] hub 1-0:1.0: 1 port detected [ 198.106733][ T4943] Bluetooth: hci4: command tx timeout [ 198.166084][ T8000] bridge0: port 1(bridge_slave_0) entered blocking state [ 198.175507][ T8000] bridge0: port 1(bridge_slave_0) entered disabled state [ 198.193225][ T8000] bridge_slave_0: entered allmulticast mode [ 198.226849][ T8000] bridge_slave_0: entered promiscuous mode [ 198.312991][ T8000] bridge0: port 2(bridge_slave_1) entered blocking state [ 198.331411][ T8000] bridge0: port 2(bridge_slave_1) entered disabled state [ 198.362603][ T8000] bridge_slave_1: entered allmulticast mode [ 198.384705][ T8000] bridge_slave_1: entered promiscuous mode [ 198.732245][ T8000] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 198.797697][ T6094] hsr_slave_0: left promiscuous mode [ 198.817127][ T6094] hsr_slave_1: left promiscuous mode [ 198.828708][ T6094] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 198.858221][ T6094] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 198.874658][ T6094] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 198.892777][ T6094] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 198.925075][ T8105] hub 1-0:1.0: USB hub found [ 198.941202][ T8105] hub 1-0:1.0: 1 port detected [ 198.959953][ T6094] veth1_macvtap: left promiscuous mode [ 198.979951][ T6094] veth0_macvtap: left promiscuous mode [ 198.985942][ T6094] veth1_vlan: left promiscuous mode [ 198.991816][ T6094] veth0_vlan: left promiscuous mode [ 199.066581][ T5640] Bluetooth: hci1: command 0x2016 tx timeout [ 199.376547][ T6094] team0 (unregistering): Port device team_slave_1 removed [ 199.398226][ T6094] team0 (unregistering): Port device team_slave_0 removed [ 199.599095][ T8000] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 199.660944][ T5288] 8021q: adding VLAN 0 to HW filter on device eth1 [ 199.782040][ T8000] team0: Port device team_slave_0 added [ 199.878047][ T8000] team0: Port device team_slave_1 added [ 199.985906][ T8000] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 200.010032][ T8000] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 200.052257][ T8000] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 200.095264][ T8000] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 200.104008][ T8000] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 200.131431][ T8000] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 200.189254][ T4943] Bluetooth: hci4: command tx timeout [ 200.224424][ T8000] hsr_slave_0: entered promiscuous mode [ 200.233525][ T8000] hsr_slave_1: entered promiscuous mode [ 200.365982][ T8118] block nbd0: Unsupported socket: should be TCP or UNIX. [ 200.415123][ T8118] FAULT_INJECTION: forcing a failure. [ 200.415123][ T8118] name failslab, interval 1, probability 0, space 0, times 0 [ 200.455177][ T8118] CPU: 1 UID: 0 PID: 8118 Comm: syz.0.571 Tainted: G L syzkaller #0 PREEMPT(full) [ 200.455224][ T8118] Tainted: [L]=SOFTLOCKUP [ 200.455235][ T8118] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 200.455253][ T8118] Call Trace: [ 200.455262][ T8118] [ 200.455274][ T8118] dump_stack_lvl+0x100/0x190 [ 200.455311][ T8118] should_fail_ex.cold+0x5/0xa [ 200.455349][ T8118] should_failslab+0xc2/0x120 [ 200.455381][ T8118] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 200.455425][ T8118] ? vm_area_dup+0x27/0x8e0 [ 200.455467][ T8118] vm_area_dup+0x27/0x8e0 [ 200.455508][ T8118] __split_vma+0x18c/0xd90 [ 200.455552][ T8118] ? __pfx___split_vma+0x10/0x10 [ 200.455602][ T8118] ? __pfx_mas_prev+0x10/0x10 [ 200.455638][ T8118] vms_gather_munmap_vmas+0x3a5/0x1720 [ 200.455686][ T8118] ? __pfx_vms_gather_munmap_vmas+0x10/0x10 [ 200.455729][ T8118] ? alloc_new_pud+0x217/0x320 [ 200.455769][ T8118] ? get_old_pud+0xd8/0x360 [ 200.455806][ T8118] ? move_page_tables+0xe1d/0x4500 [ 200.455847][ T8118] ? __pfx_copy_vma+0x10/0x10 [ 200.455903][ T8118] do_vmi_align_munmap+0x287/0x5f0 [ 200.455952][ T8118] ? __pfx_do_vmi_align_munmap+0x10/0x10 [ 200.456041][ T8118] do_vmi_munmap+0x1f8/0x3e0 [ 200.456090][ T8118] move_vma+0x849/0x1920 [ 200.456141][ T8118] ? __pfx_move_vma+0x10/0x10 [ 200.456200][ T8118] ? mm_get_unmapped_area_vmflags+0xd7/0x130 [ 200.456251][ T8118] ? vrm_set_new_addr+0x204/0x290 [ 200.456300][ T8118] mremap_to+0x234/0x4c0 [ 200.456320][ T8118] ? mas_walk+0x6ef/0x9b0 [ 200.456355][ T8118] ? __pfx_mremap_to+0x10/0x10 [ 200.456394][ T8118] ? check_prep_vma+0x878/0xdf0 [ 200.456443][ T8118] __do_sys_mremap+0xa7a/0x1850 [ 200.456477][ T8118] ? __pfx___do_sys_mremap+0x10/0x10 [ 200.456501][ T8118] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 200.456551][ T8118] ? do_futex+0x192/0x350 [ 200.456584][ T8118] ? __pfx_do_futex+0x10/0x10 [ 200.456626][ T8118] ? __x64_sys_futex+0x34f/0x4d0 [ 200.456672][ T8118] ? rcu_is_watching+0x12/0xc0 [ 200.456711][ T8118] do_syscall_64+0x10b/0xf80 [ 200.456752][ T8118] ? clear_bhb_loop+0x40/0x90 [ 200.456787][ T8118] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 200.456816][ T8118] RIP: 0033:0x7f2171b9ce59 [ 200.456841][ T8118] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 200.456869][ T8118] RSP: 002b:00007f21729a2028 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 200.456896][ T8118] RAX: ffffffffffffffda RBX: 00007f2171e15fa0 RCX: 00007f2171b9ce59 [ 200.456916][ T8118] RDX: 0000000000000004 RSI: 0000000000000004 RDI: 0000200001000000 [ 200.456934][ T8118] RBP: 00007f2171c32d6f R08: 0000200001001000 R09: 0000000000000000 [ 200.456952][ T8118] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000000 [ 200.456969][ T8118] R13: 00007f2171e16038 R14: 00007f2171e15fa0 R15: 00007ffd352b3728 [ 200.457008][ T8118] [ 201.146844][ T4943] Bluetooth: hci1: command 0x2016 tx timeout [ 201.466259][ T5288] 8021q: adding VLAN 0 to HW filter on device eth2 [ 201.518786][ T8120] ubi0: attaching mtd0 [ 201.525903][ T8120] ubi0: scanning is finished [ 201.626606][ T4943] Bluetooth: hci2: command 0x2016 tx timeout [ 201.632836][ T5630] Bluetooth: hci3: command 0x2016 tx timeout [ 201.755672][ T8000] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 201.783882][ T8000] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 201.800762][ T8000] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 201.806142][ T8120] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 201.848160][ T8120] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 201.857309][ T8000] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 201.865381][ T8000] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 201.870702][ T8120] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 201.898674][ T8120] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 201.904934][ T8000] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 201.915428][ T8120] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 201.922245][ T8000] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 201.935460][ T8120] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 201.954616][ T8000] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 201.955420][ T8120] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 3651590946 [ 201.992617][ T8120] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 202.037534][ T8141] ubi0: background thread "ubi_bgt0d" started, PID 8141 [ 202.046042][ T8130] ubi0: detaching mtd0 [ 202.062116][ T8130] ubi0: mtd0 is detached [ 202.268261][ T5638] Bluetooth: hci4: command tx timeout [ 202.322954][ T8000] 8021q: adding VLAN 0 to HW filter on device bond0 [ 202.363120][ T8000] 8021q: adding VLAN 0 to HW filter on device team0 [ 202.379950][ T7029] bridge0: port 1(bridge_slave_0) entered blocking state [ 202.387320][ T7029] bridge0: port 1(bridge_slave_0) entered forwarding state [ 202.435673][ T7029] bridge0: port 2(bridge_slave_1) entered blocking state [ 202.442911][ T7029] bridge0: port 2(bridge_slave_1) entered forwarding state [ 202.878010][ T5288] 8021q: adding VLAN 0 to HW filter on device eth3 [ 202.929377][ T8159] syz.0.573 (8159) used greatest stack depth: 18712 bytes left [ 203.227451][ T5638] Bluetooth: hci1: command 0x2016 tx timeout [ 204.004415][ T8000] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 204.483295][ T5640] Bluetooth: hci2: unexpected subevent 0x01 length: 125 > 18 [ 204.684111][ T5288] 8021q: adding VLAN 0 to HW filter on device eth4 [ 204.797641][ T8218] block nbd0: Unsupported socket: should be TCP or UNIX. [ 204.847790][ T8218] FAULT_INJECTION: forcing a failure. [ 204.847790][ T8218] name failslab, interval 1, probability 0, space 0, times 0 [ 204.883609][ T8218] CPU: 1 UID: 0 PID: 8218 Comm: syz.2.575 Tainted: G L syzkaller #0 PREEMPT(full) [ 204.883658][ T8218] Tainted: [L]=SOFTLOCKUP [ 204.883668][ T8218] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 204.883685][ T8218] Call Trace: [ 204.883694][ T8218] [ 204.883705][ T8218] dump_stack_lvl+0x100/0x190 [ 204.883753][ T8218] should_fail_ex.cold+0x5/0xa [ 204.883795][ T8218] should_failslab+0xc2/0x120 [ 204.883831][ T8218] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 204.883875][ T8218] ? vm_area_dup+0x27/0x8e0 [ 204.883923][ T8218] vm_area_dup+0x27/0x8e0 [ 204.883968][ T8218] __split_vma+0x18c/0xd90 [ 204.884017][ T8218] ? __pfx___split_vma+0x10/0x10 [ 204.884072][ T8218] ? __pfx_mas_prev+0x10/0x10 [ 204.884109][ T8218] vms_gather_munmap_vmas+0x3a5/0x1720 [ 204.884163][ T8218] ? __pfx_vms_gather_munmap_vmas+0x10/0x10 [ 204.884208][ T8218] ? alloc_new_pud+0x217/0x320 [ 204.884249][ T8218] ? get_old_pud+0xd8/0x360 [ 204.884290][ T8218] ? move_page_tables+0xe1d/0x4500 [ 204.884336][ T8218] ? __pfx_copy_vma+0x10/0x10 [ 204.884393][ T8218] do_vmi_align_munmap+0x287/0x5f0 [ 204.884442][ T8218] ? __pfx_do_vmi_align_munmap+0x10/0x10 [ 204.884537][ T8218] do_vmi_munmap+0x1f8/0x3e0 [ 204.884586][ T8218] move_vma+0x849/0x1920 [ 204.884637][ T8218] ? __pfx_move_vma+0x10/0x10 [ 204.884684][ T8218] ? mm_get_unmapped_area_vmflags+0xd7/0x130 [ 204.884741][ T8218] ? vrm_set_new_addr+0x204/0x290 [ 204.884789][ T8218] mremap_to+0x234/0x4c0 [ 204.884813][ T8218] ? mas_walk+0x6ef/0x9b0 [ 204.884851][ T8218] ? __pfx_mremap_to+0x10/0x10 [ 204.884893][ T8218] ? check_prep_vma+0x878/0xdf0 [ 204.884945][ T8218] __do_sys_mremap+0xa7a/0x1850 [ 204.884988][ T8218] ? __pfx___do_sys_mremap+0x10/0x10 [ 204.885015][ T8218] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 204.885067][ T8218] ? do_futex+0x192/0x350 [ 204.885100][ T8218] ? __pfx_do_futex+0x10/0x10 [ 204.885141][ T8218] ? __x64_sys_futex+0x34f/0x4d0 [ 204.885187][ T8218] ? rcu_is_watching+0x12/0xc0 [ 204.885224][ T8218] do_syscall_64+0x10b/0xf80 [ 204.885260][ T8218] ? clear_bhb_loop+0x40/0x90 [ 204.885294][ T8218] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 204.885326][ T8218] RIP: 0033:0x7f530219ce59 [ 204.885351][ T8218] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 204.885379][ T8218] RSP: 002b:00007f5302fc4028 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 204.885408][ T8218] RAX: ffffffffffffffda RBX: 00007f5302415fa0 RCX: 00007f530219ce59 [ 204.885429][ T8218] RDX: 0000000000000004 RSI: 0000000000000004 RDI: 0000200001000000 [ 204.885446][ T8218] RBP: 00007f5302232d6f R08: 0000200001001000 R09: 0000000000000000 [ 204.885464][ T8218] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000000 [ 204.885481][ T8218] R13: 00007f5302416038 R14: 00007f5302415fa0 R15: 00007ffd5fa8f878 [ 204.885519][ T8218] [ 205.162467][ T8000] veth0_vlan: entered promiscuous mode [ 205.242075][ T8000] veth1_vlan: entered promiscuous mode [ 205.328478][ T8000] veth0_macvtap: entered promiscuous mode [ 205.358966][ T8000] veth1_macvtap: entered promiscuous mode [ 205.715347][ T8000] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 205.895011][ T8000] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 205.945283][ T12] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 205.965511][ T12] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 206.001770][ T12] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 206.014286][ T12] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 206.205715][ T7030] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 206.223764][ T7030] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 206.323613][ T7028] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 206.345887][ T7028] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 206.393435][ T8238] FAULT_INJECTION: forcing a failure. [ 206.393435][ T8238] name failslab, interval 1, probability 0, space 0, times 0 [ 206.419840][ T8238] CPU: 1 UID: 0 PID: 8238 Comm: syz.0.585 Tainted: G L syzkaller #0 PREEMPT(full) [ 206.419888][ T8238] Tainted: [L]=SOFTLOCKUP [ 206.419899][ T8238] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 206.419916][ T8238] Call Trace: [ 206.419925][ T8238] [ 206.419935][ T8238] dump_stack_lvl+0x100/0x190 [ 206.419972][ T8238] should_fail_ex.cold+0x5/0xa [ 206.420011][ T8238] should_failslab+0xc2/0x120 [ 206.420045][ T8238] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 206.420090][ T8238] ? security_file_alloc+0x34/0x2c0 [ 206.420123][ T8238] ? trace_kmem_cache_alloc+0xd5/0x100 [ 206.420164][ T8238] security_file_alloc+0x34/0x2c0 [ 206.420198][ T8238] init_file+0x95/0x480 [ 206.420235][ T8238] alloc_empty_file+0x79/0x1c0 [ 206.420277][ T8238] alloc_file_pseudo+0x13a/0x230 [ 206.420322][ T8238] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 206.420375][ T8238] __shmem_file_setup+0x205/0x460 [ 206.420416][ T8238] ? __pfx___shmem_file_setup+0x10/0x10 [ 206.420465][ T8238] ? vm_area_alloc+0x1f/0x160 [ 206.420510][ T8238] shmem_zero_setup+0x96/0x1b0 [ 206.420543][ T8238] __mmap_region+0x24e9/0x2da0 [ 206.420601][ T8238] ? __pfx___mmap_region+0x10/0x10 [ 206.420654][ T8238] ? rcu_is_watching+0x12/0xc0 [ 206.420690][ T8238] ? trace_pelt_se_tp+0x13b/0x190 [ 206.420735][ T8238] ? __lock_acquire+0x4a5/0x2630 [ 206.420764][ T8238] ? do_raw_spin_unlock+0x145/0x1e0 [ 206.420798][ T8238] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 206.420858][ T8238] ? rcu_is_watching+0x12/0xc0 [ 206.420907][ T8238] ? rcu_is_watching+0x12/0xc0 [ 206.420946][ T8238] ? finish_task_switch.isra.0+0x2cb/0x1010 [ 206.420985][ T8238] ? lockdep_hardirqs_on+0x78/0x100 [ 206.421085][ T8238] mmap_region+0x35d/0x620 [ 206.421115][ T8238] ? rcu_is_watching+0x12/0xc0 [ 206.421147][ T8238] ? __pfx_mmap_region+0x10/0x10 [ 206.421179][ T8238] ? cap_mmap_addr+0x4b/0x120 [ 206.421219][ T8238] ? bpf_lsm_mmap_addr+0x9/0x30 [ 206.421244][ T8238] ? security_mmap_addr+0x71/0x1e0 [ 206.421278][ T8238] ? __get_unmapped_area+0x255/0x3e0 [ 206.421315][ T8238] do_mmap+0xc63/0x12f0 [ 206.421357][ T8238] ? __pfx_do_mmap+0x10/0x10 [ 206.421391][ T8238] ? __pfx_down_write_killable+0x10/0x10 [ 206.421428][ T8238] vm_mmap_pgoff+0x29e/0x470 [ 206.421472][ T8238] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 206.421510][ T8238] ? do_futex+0x192/0x350 [ 206.421542][ T8238] ? __pfx_do_futex+0x10/0x10 [ 206.421572][ T8238] ? __pfx___might_resched+0x10/0x10 [ 206.421623][ T8238] ksys_mmap_pgoff+0xe4/0x610 [ 206.421660][ T8238] ? __x64_sys_futex+0x358/0x4d0 [ 206.421692][ T8238] ? __pfx_ksys_mmap_pgoff+0x10/0x10 [ 206.421726][ T8238] ? xfd_validate_state+0x129/0x190 [ 206.421755][ T8238] ? exit_to_user_mode_loop+0xe2/0x4f0 [ 206.421791][ T8238] __x64_sys_mmap+0x125/0x190 [ 206.421827][ T8238] do_syscall_64+0x10b/0xf80 [ 206.421864][ T8238] ? clear_bhb_loop+0x40/0x90 [ 206.421899][ T8238] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 206.421927][ T8238] RIP: 0033:0x7f2171b9ce59 [ 206.421951][ T8238] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 206.421977][ T8238] RSP: 002b:00007f21729a2028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 206.422002][ T8238] RAX: ffffffffffffffda RBX: 00007f2171e15fa0 RCX: 00007f2171b9ce59 [ 206.422024][ T8238] RDX: 0000000000000003 RSI: 0000000002020009 RDI: 0000000000000000 [ 206.422040][ T8238] RBP: 00007f2171c32d6f R08: ffffffffffffffff R09: 0000000000008000 [ 206.422062][ T8238] R10: 0000000000000eb1 R11: 0000000000000246 R12: 0000000000000000 [ 206.422078][ T8238] R13: 00007f2171e16038 R14: 00007f2171e15fa0 R15: 00007ffd352b3728 [ 206.422116][ T8238] [ 206.790458][ T5640] Bluetooth: hci2: command 0x2016 tx timeout [ 208.741432][ T8277] netlink: 8 bytes leftover after parsing attributes in process `syz.0.587'. [ 208.850226][ T8276] ima: policy update failed [ 208.871917][ T30] audit: type=1802 audit(1843104630.740:4): pid=8276 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.0.587" res=0 errno=0 [ 208.906629][ T5640] Bluetooth: hci2: command 0x2016 tx timeout [ 209.427915][ T8285] netlink: 186 bytes leftover after parsing attributes in process `syz.0.588'. [ 209.458333][ T8282] can: request_module (can-proto-5) failed. [ 209.521332][ T8287] FAULT_INJECTION: forcing a failure. [ 209.521332][ T8287] name failslab, interval 1, probability 0, space 0, times 0 [ 209.576420][ T8287] CPU: 0 UID: 0 PID: 8287 Comm: syz.3.589 Tainted: G L syzkaller #0 PREEMPT(full) [ 209.576465][ T8287] Tainted: [L]=SOFTLOCKUP [ 209.576476][ T8287] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 209.576493][ T8287] Call Trace: [ 209.576501][ T8287] [ 209.576510][ T8287] dump_stack_lvl+0x100/0x190 [ 209.576545][ T8287] should_fail_ex.cold+0x5/0xa [ 209.576580][ T8287] should_failslab+0xc2/0x120 [ 209.576621][ T8287] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 209.576663][ T8287] ? security_file_alloc+0x34/0x2c0 [ 209.576695][ T8287] ? trace_kmem_cache_alloc+0xd5/0x100 [ 209.576735][ T8287] security_file_alloc+0x34/0x2c0 [ 209.576765][ T8287] init_file+0x95/0x480 [ 209.576801][ T8287] alloc_empty_file+0x79/0x1c0 [ 209.576840][ T8287] alloc_file_pseudo+0x13a/0x230 [ 209.576882][ T8287] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 209.576931][ T8287] __shmem_file_setup+0x205/0x460 [ 209.576972][ T8287] ? __pfx___shmem_file_setup+0x10/0x10 [ 209.577012][ T8287] ? vm_area_alloc+0x1f/0x160 [ 209.577053][ T8287] shmem_zero_setup+0x96/0x1b0 [ 209.577083][ T8287] __mmap_region+0x24e9/0x2da0 [ 209.577129][ T8287] ? __pfx___mmap_region+0x10/0x10 [ 209.577177][ T8287] ? lock_acquire+0x1b1/0x370 [ 209.577203][ T8287] ? find_held_lock+0x2b/0x80 [ 209.577252][ T8287] ? __lock_acquire+0x4a5/0x2630 [ 209.577280][ T8287] ? do_raw_spin_unlock+0x145/0x1e0 [ 209.577314][ T8287] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 209.577372][ T8287] ? rcu_is_watching+0x12/0xc0 [ 209.577420][ T8287] ? rcu_is_watching+0x12/0xc0 [ 209.577454][ T8287] ? finish_task_switch.isra.0+0x2cb/0x1010 [ 209.577491][ T8287] ? lockdep_hardirqs_on+0x78/0x100 [ 209.577596][ T8287] mmap_region+0x35d/0x620 [ 209.577626][ T8287] ? rcu_is_watching+0x12/0xc0 [ 209.577677][ T8287] ? __pfx_mmap_region+0x10/0x10 [ 209.577710][ T8287] ? cap_mmap_addr+0x4b/0x120 [ 209.577753][ T8287] ? bpf_lsm_mmap_addr+0x9/0x30 [ 209.577781][ T8287] ? security_mmap_addr+0x71/0x1e0 [ 209.577814][ T8287] ? __get_unmapped_area+0x255/0x3e0 [ 209.577855][ T8287] do_mmap+0xc63/0x12f0 [ 209.577895][ T8287] ? __pfx_do_mmap+0x10/0x10 [ 209.577931][ T8287] ? __pfx_down_write_killable+0x10/0x10 [ 209.577968][ T8287] vm_mmap_pgoff+0x29e/0x470 [ 209.578008][ T8287] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 209.578042][ T8287] ? do_futex+0x192/0x350 [ 209.578069][ T8287] ? __pfx_do_futex+0x10/0x10 [ 209.578098][ T8287] ? __pfx___might_resched+0x10/0x10 [ 209.578133][ T8287] ksys_mmap_pgoff+0xe4/0x610 [ 209.578166][ T8287] ? __x64_sys_futex+0x358/0x4d0 [ 209.578199][ T8287] ? __pfx_ksys_mmap_pgoff+0x10/0x10 [ 209.578230][ T8287] ? xfd_validate_state+0x129/0x190 [ 209.578259][ T8287] ? exit_to_user_mode_loop+0xe2/0x4f0 [ 209.578295][ T8287] __x64_sys_mmap+0x125/0x190 [ 209.578330][ T8287] do_syscall_64+0x10b/0xf80 [ 209.578369][ T8287] ? clear_bhb_loop+0x40/0x90 [ 209.578405][ T8287] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 209.578435][ T8287] RIP: 0033:0x7f0fb959ce59 [ 209.578460][ T8287] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 209.578488][ T8287] RSP: 002b:00007f0fba539028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 209.578516][ T8287] RAX: ffffffffffffffda RBX: 00007f0fb9815fa0 RCX: 00007f0fb959ce59 [ 209.578536][ T8287] RDX: 0000000000000003 RSI: 0000000002020009 RDI: 0000000000000000 [ 209.578552][ T8287] RBP: 00007f0fb9632d6f R08: ffffffffffffffff R09: 0000000000008000 [ 209.578569][ T8287] R10: 0000000000000eb1 R11: 0000000000000246 R12: 0000000000000000 [ 209.578594][ T8287] R13: 00007f0fb9816038 R14: 00007f0fb9815fa0 R15: 00007fff308bfb48 [ 209.578632][ T8287] [ 210.232810][ T8300] random: crng reseeded on system resumption [ 210.316147][ T8293] hub 1-0:1.0: USB hub found [ 210.322497][ T8293] hub 1-0:1.0: 1 port detected [ 210.705761][ T8311] hub 1-0:1.0: USB hub found [ 210.716617][ T8311] hub 1-0:1.0: 1 port detected [ 210.897133][ T5638] Bluetooth: hci1: unexpected subevent 0x01 length: 125 > 18 [ 211.094740][ T8321] netlink: 8 bytes leftover after parsing attributes in process `syz.4.598'. [ 211.233024][ T8320] ima: policy update failed [ 211.251145][ T30] audit: type=1802 audit(1843104633.130:5): pid=8320 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.4.598" res=0 errno=0 [ 211.279575][ T8329] random: crng reseeded on system resumption [ 211.341559][ T8329] hub 1-0:1.0: USB hub found [ 211.350313][ T8329] hub 1-0:1.0: 1 port detected [ 211.471407][ T8334] Setting dangerous option i915.mitigations - tainting kernel [ 211.740275][ T8342] hub 1-0:1.0: USB hub found [ 211.772199][ T8342] hub 1-0:1.0: 1 port detected [ 212.991096][ T5640] Bluetooth: hci1: command 0x2016 tx timeout [ 213.133071][ T8383] random: crng reseeded on system resumption [ 213.153917][ T8383] hub 1-0:1.0: USB hub found [ 213.159277][ T8383] hub 1-0:1.0: 1 port detected [ 213.485916][ T8392] netlink: 338 bytes leftover after parsing attributes in process `syz.0.621'. [ 213.523934][ T8392] netlink: 8 bytes leftover after parsing attributes in process `syz.0.621'. [ 213.561475][ T8392] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(5.0.4096), cmd(2) [ 213.761955][ T8397] FAULT_INJECTION: forcing a failure. [ 213.761955][ T8397] name failslab, interval 1, probability 0, space 0, times 0 [ 213.820888][ T8397] CPU: 0 UID: 0 PID: 8397 Comm: syz.4.622 Tainted: G U L syzkaller #0 PREEMPT(full) [ 213.820941][ T8397] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 213.820952][ T8397] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 213.820969][ T8397] Call Trace: [ 213.820977][ T8397] [ 213.820988][ T8397] dump_stack_lvl+0x100/0x190 [ 213.821025][ T8397] should_fail_ex.cold+0x5/0xa [ 213.821060][ T8397] should_failslab+0xc2/0x120 [ 213.821093][ T8397] __kmalloc_cache_noprof+0x7a/0x6f0 [ 213.821130][ T8397] ? __io_uring_add_tctx_node+0x1ac/0x510 [ 213.821188][ T8397] ? alloc_file_pseudo+0x1a5/0x230 [ 213.821234][ T8397] __io_uring_add_tctx_node+0x1ac/0x510 [ 213.821276][ T8397] ? __pfx___io_uring_add_tctx_node+0x10/0x10 [ 213.821320][ T8397] ? __anon_inode_getfile+0x17c/0x280 [ 213.821364][ T8397] io_uring_setup.cold+0x1993/0x1c6e [ 213.821424][ T8397] ? __pfx_io_uring_setup+0x10/0x10 [ 213.821469][ T8397] ? __pfx_do_futex+0x10/0x10 [ 213.821521][ T8397] ? xfd_validate_state+0x129/0x190 [ 213.821563][ T8397] __x64_sys_io_uring_setup+0xc2/0x170 [ 213.821599][ T8397] do_syscall_64+0x10b/0xf80 [ 213.821640][ T8397] ? clear_bhb_loop+0x40/0x90 [ 213.821676][ T8397] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 213.821706][ T8397] RIP: 0033:0x7f009d99ce59 [ 213.821730][ T8397] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 213.821758][ T8397] RSP: 002b:00007f009e7d7028 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 213.821787][ T8397] RAX: ffffffffffffffda RBX: 00007f009dc15fa0 RCX: 00007f009d99ce59 [ 213.821805][ T8397] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000a [ 213.821822][ T8397] RBP: 00007f009da32d6f R08: 0000000000000000 R09: 0000000000000000 [ 213.821839][ T8397] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 213.821855][ T8397] R13: 00007f009dc16038 R14: 00007f009dc15fa0 R15: 00007fff86afe9b8 [ 213.821891][ T8397] [ 214.124544][ T8399] FAULT_INJECTION: forcing a failure. [ 214.124544][ T8399] name failslab, interval 1, probability 0, space 0, times 0 [ 214.169583][ T5638] Bluetooth: hci2: unexpected subevent 0x01 length: 125 > 18 [ 214.194398][ T8399] CPU: 1 UID: 0 PID: 8399 Comm: syz.0.624 Tainted: G U L syzkaller #0 PREEMPT(full) [ 214.194451][ T8399] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 214.194462][ T8399] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 214.194479][ T8399] Call Trace: [ 214.194488][ T8399] [ 214.194499][ T8399] dump_stack_lvl+0x100/0x190 [ 214.194539][ T8399] should_fail_ex.cold+0x5/0xa [ 214.194577][ T8399] should_failslab+0xc2/0x120 [ 214.194613][ T8399] __kmalloc_cache_noprof+0x7a/0x6f0 [ 214.194656][ T8399] ? __io_uring_add_tctx_node+0x1ac/0x510 [ 214.194701][ T8399] ? alloc_file_pseudo+0x1a5/0x230 [ 214.194749][ T8399] __io_uring_add_tctx_node+0x1ac/0x510 [ 214.194795][ T8399] ? __pfx___io_uring_add_tctx_node+0x10/0x10 [ 214.194842][ T8399] ? __anon_inode_getfile+0x17c/0x280 [ 214.194889][ T8399] io_uring_setup.cold+0x1993/0x1c6e [ 214.194950][ T8399] ? __pfx_io_uring_setup+0x10/0x10 [ 214.194991][ T8399] ? __pfx_do_futex+0x10/0x10 [ 214.195045][ T8399] ? xfd_validate_state+0x129/0x190 [ 214.195088][ T8399] __x64_sys_io_uring_setup+0xc2/0x170 [ 214.195125][ T8399] do_syscall_64+0x10b/0xf80 [ 214.195166][ T8399] ? clear_bhb_loop+0x40/0x90 [ 214.195201][ T8399] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 214.195231][ T8399] RIP: 0033:0x7f2171b9ce59 [ 214.195256][ T8399] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 214.195284][ T8399] RSP: 002b:00007f21729a2028 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 214.195312][ T8399] RAX: ffffffffffffffda RBX: 00007f2171e15fa0 RCX: 00007f2171b9ce59 [ 214.195335][ T8399] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000a [ 214.195353][ T8399] RBP: 00007f2171c32d6f R08: 0000000000000000 R09: 0000000000000000 [ 214.195371][ T8399] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 214.195388][ T8399] R13: 00007f2171e16038 R14: 00007f2171e15fa0 R15: 00007ffd352b3728 [ 214.195427][ T8399] [ 215.036078][ T8420] random: crng reseeded on system resumption [ 215.066849][ T5633] Bluetooth: hci1: command 0x2016 tx timeout [ 215.144501][ T8426] hub 1-0:1.0: USB hub found [ 215.158238][ T8426] hub 1-0:1.0: 1 port detected [ 215.197986][ T8420] hub 1-0:1.0: USB hub found [ 215.216950][ T8420] hub 1-0:1.0: 1 port detected [ 215.522707][ T5640] Bluetooth: hci3: unexpected event 0x1c length: 725 > 5 [ 216.188677][ T5638] Bluetooth: hci2: command 0x2016 tx timeout [ 216.410345][ T8469] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(2) [ 216.974433][ T8477] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 217.198267][ T8498] FAULT_INJECTION: forcing a failure. [ 217.198267][ T8498] name failslab, interval 1, probability 0, space 0, times 0 [ 217.246721][ T8498] CPU: 0 UID: 0 PID: 8498 Comm: syz.0.645 Tainted: G U L syzkaller #0 PREEMPT(full) [ 217.246768][ T8498] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 217.246778][ T8498] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 217.246794][ T8498] Call Trace: [ 217.246803][ T8498] [ 217.246812][ T8498] dump_stack_lvl+0x100/0x190 [ 217.246855][ T8498] should_fail_ex.cold+0x5/0xa [ 217.246889][ T8498] ? kernfs_fop_write_iter+0x26a/0x5f0 [ 217.246925][ T8498] should_failslab+0xc2/0x120 [ 217.246957][ T8498] __kmalloc_noprof+0xe0/0x850 [ 217.246990][ T8498] kernfs_fop_write_iter+0x26a/0x5f0 [ 217.247032][ T8498] vfs_write+0x6ac/0x1070 [ 217.247064][ T8498] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 217.247104][ T8498] ? __pfx_vfs_write+0x10/0x10 [ 217.247156][ T8498] ksys_write+0x12a/0x250 [ 217.247187][ T8498] ? __pfx_ksys_write+0x10/0x10 [ 217.247221][ T8498] ? rcu_is_watching+0x12/0xc0 [ 217.247258][ T8498] do_syscall_64+0x10b/0xf80 [ 217.247295][ T8498] ? clear_bhb_loop+0x40/0x90 [ 217.247328][ T8498] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 217.247353][ T8498] RIP: 0033:0x7f2171b9ce59 [ 217.247376][ T8498] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 217.247402][ T8498] RSP: 002b:00007f21729a2028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 217.247427][ T8498] RAX: ffffffffffffffda RBX: 00007f2171e15fa0 RCX: 00007f2171b9ce59 [ 217.247446][ T8498] RDX: 0000000000000004 RSI: 0000200000000200 RDI: 0000000000000003 [ 217.247462][ T8498] RBP: 00007f21729a2090 R08: 0000000000000000 R09: 0000000000000000 [ 217.247479][ T8498] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 217.247495][ T8498] R13: 00007f2171e16038 R14: 00007f2171e15fa0 R15: 00007ffd352b3728 [ 217.247532][ T8498] [ 217.556716][ T8477] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 217.590852][ T8477] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 217.708101][ T8477] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 217.729140][ T8477] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 217.799967][ T8477] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 217.816775][ T8477] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 217.835125][ T8509] hub 1-0:1.0: USB hub found [ 217.846741][ T8509] hub 1-0:1.0: 1 port detected [ 217.865938][ T8477] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 217.892623][ T8477] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 217.921545][ T8477] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 219.626851][ T5640] Bluetooth: hci3: command 0x2016 tx timeout [ 219.796881][ T5640] Bluetooth: hci2: command 0x2016 tx timeout [ 219.866519][ T5640] Bluetooth: hci4: command 0x0c1a tx timeout [ 219.867383][ T5638] Bluetooth: hci1: command 0x2016 tx timeout [ 220.825065][ T8575] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 220.863839][ T8575] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 220.888064][ T8575] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 220.926808][ T8575] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 221.424564][ T8612] random: crng reseeded on system resumption [ 221.533333][ T8612] hub 1-0:1.0: USB hub found [ 221.556682][ T8612] hub 1-0:1.0: 1 port detected [ 222.586553][ T5638] Bluetooth: hci3: command 0x2016 tx timeout [ 222.906526][ T5638] Bluetooth: hci1: command 0x2016 tx timeout [ 222.906615][ T5640] Bluetooth: hci2: command 0x2016 tx timeout [ 222.988911][ T5640] Bluetooth: hci4: command 0x0c1a tx timeout [ 224.276581][ T8665] netlink: 4 bytes leftover after parsing attributes in process `syz.4.680'. [ 224.317707][ T8667] netlink: 25 bytes leftover after parsing attributes in process `syz.4.680'. [ 224.726199][ T8671] futex_wake_op: syz.0.682 tries to shift op by -2048; fix this program [ 224.775370][ T8676] 0x000000000001-0x000000020000 : "" [ 224.784824][ T8682] netlink: zone id is out of range [ 224.792661][ T8682] netlink: zone id is out of range [ 224.814195][ T8682] netlink: zone id is out of range [ 224.832334][ T8676] ftl_cs: FTL header corrupt! [ 224.843338][ T8682] netlink: zone id is out of range [ 224.868304][ T8682] netlink: zone id is out of range [ 224.883797][ T8682] netlink: zone id is out of range [ 224.900751][ T8682] netlink: zone id is out of range [ 224.959535][ T8682] netlink: zone id is out of range [ 224.992157][ T8682] netlink: zone id is out of range [ 224.997825][ T8682] netlink: zone id is out of range [ 225.066632][ T5640] Bluetooth: hci4: command 0x0c1a tx timeout [ 225.412010][ T8702] random: crng reseeded on system resumption [ 225.491249][ T8702] hub 1-0:1.0: USB hub found [ 225.509917][ T8702] hub 1-0:1.0: 1 port detected [ 225.835016][ T8707] FAULT_INJECTION: forcing a failure. [ 225.835016][ T8707] name failslab, interval 1, probability 0, space 0, times 0 [ 225.893567][ T8707] CPU: 0 UID: 0 PID: 8707 Comm: syz.2.689 Tainted: G U L syzkaller #0 PREEMPT(full) [ 225.893596][ T8707] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 225.893602][ T8707] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 225.893612][ T8707] Call Trace: [ 225.893618][ T8707] [ 225.893624][ T8707] dump_stack_lvl+0x100/0x190 [ 225.893647][ T8707] should_fail_ex.cold+0x5/0xa [ 225.893667][ T8707] should_failslab+0xc2/0x120 [ 225.893686][ T8707] __kmalloc_cache_noprof+0x7a/0x6f0 [ 225.893707][ T8707] ? nfc_allocate_device+0x15b/0x5e0 [ 225.893733][ T8707] nfc_allocate_device+0x15b/0x5e0 [ 225.893753][ T8707] ? __init_swait_queue_head+0xca/0x150 [ 225.893779][ T8707] nci_allocate_device+0x23b/0x410 [ 225.893799][ T8707] virtual_ncidev_open+0x6f/0x220 [ 225.893824][ T8707] ? __pfx_virtual_ncidev_open+0x10/0x10 [ 225.893845][ T8707] misc_open+0x26d/0x450 [ 225.893864][ T8707] ? __pfx_misc_open+0x10/0x10 [ 225.893882][ T8707] chrdev_open+0x234/0x6a0 [ 225.893902][ T8707] ? __pfx_apparmor_file_open+0x10/0x10 [ 225.893926][ T8707] ? __pfx_chrdev_open+0x10/0x10 [ 225.893945][ T8707] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 225.893969][ T8707] do_dentry_open+0x6d8/0x1660 [ 225.893987][ T8707] ? __pfx_chrdev_open+0x10/0x10 [ 225.894010][ T8707] vfs_open+0x82/0x3f0 [ 225.894040][ T8707] path_openat+0x208c/0x31a0 [ 225.894068][ T8707] ? __pfx_path_openat+0x10/0x10 [ 225.894093][ T8707] do_file_open+0x20e/0x430 [ 225.894113][ T8707] ? __pfx_do_file_open+0x10/0x10 [ 225.894145][ T8707] ? alloc_fd+0x476/0x790 [ 225.894164][ T8707] ? do_getname+0x191/0x390 [ 225.894186][ T8707] do_sys_openat2+0x10d/0x1e0 [ 225.894208][ T8707] ? __pfx_do_sys_openat2+0x10/0x10 [ 225.894230][ T8707] ? find_held_lock+0x2b/0x80 [ 225.894248][ T8707] ? __fget_files+0x215/0x3d0 [ 225.894268][ T8707] __x64_sys_openat+0x12d/0x210 [ 225.894291][ T8707] ? __pfx___x64_sys_openat+0x10/0x10 [ 225.894316][ T8707] ? rcu_is_watching+0x12/0xc0 [ 225.894338][ T8707] do_syscall_64+0x10b/0xf80 [ 225.894358][ T8707] ? clear_bhb_loop+0x40/0x90 [ 225.894376][ T8707] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 225.894392][ T8707] RIP: 0033:0x7f530219ce59 [ 225.894413][ T8707] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 225.894440][ T8707] RSP: 002b:00007f5302fc4028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 225.894465][ T8707] RAX: ffffffffffffffda RBX: 00007f5302415fa0 RCX: 00007f530219ce59 [ 225.894480][ T8707] RDX: 0000000000000002 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 225.894498][ T8707] RBP: 00007f5302232d6f R08: 0000000000000000 R09: 0000000000000000 [ 225.894514][ T8707] R10: 000000000000003e R11: 0000000000000246 R12: 0000000000000000 [ 225.894526][ T8707] R13: 00007f5302416038 R14: 00007f5302415fa0 R15: 00007ffd5fa8f878 [ 225.894545][ T8707] [ 228.874550][ T8728] Process accounting resumed [ 229.414041][ T8769] random: crng reseeded on system resumption [ 229.471760][ T8769] hub 1-0:1.0: USB hub found [ 229.483419][ T8769] hub 1-0:1.0: 1 port detected [ 229.825000][ T8782] hub 1-0:1.0: USB hub found [ 229.831989][ T8782] hub 1-0:1.0: 1 port detected [ 230.914413][ T8815] random: crng reseeded on system resumption [ 230.945586][ T8815] hub 1-0:1.0: USB hub found [ 230.968897][ T8815] hub 1-0:1.0: 1 port detected [ 231.602286][ T8829] random: crng reseeded on system resumption [ 231.677623][ T8829] hub 1-0:1.0: USB hub found [ 231.692866][ T8829] hub 1-0:1.0: 1 port detected [ 232.857685][ T8854] random: crng reseeded on system resumption [ 234.793183][ T8908] random: crng reseeded on system resumption [ 235.002246][ T8913] hub 1-0:1.0: USB hub found [ 235.060585][ T8913] hub 1-0:1.0: 1 port detected [ 236.954463][ T8959] Invalid ELF header magic: != ELF [ 237.222632][ T8963] random: crng reseeded on system resumption [ 237.297449][ T8963] hub 1-0:1.0: USB hub found [ 237.319512][ T8963] hub 1-0:1.0: 1 port detected [ 237.388768][ T8967] hub 1-0:1.0: USB hub found [ 237.416251][ T8967] hub 1-0:1.0: 1 port detected [ 240.254113][ T9037] net_ratelimit: 41 callbacks suppressed [ 240.254137][ T9037] netlink: zone id is out of range [ 240.297597][ T9037] netlink: zone id is out of range [ 240.321872][ T9037] netlink: zone id is out of range [ 240.345516][ T9037] netlink: zone id is out of range [ 240.401177][ T9037] netlink: zone id is out of range [ 240.422497][ T9037] netlink: zone id is out of range [ 240.449744][ T9037] netlink: zone id is out of range [ 240.488657][ T9037] netlink: zone id is out of range [ 240.509374][ T9037] netlink: zone id is out of range [ 240.538980][ T9037] netlink: zone id is out of range [ 240.746632][ T5640] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 243.670078][ T9091] hub 1-0:1.0: USB hub found [ 243.679014][ T9091] hub 1-0:1.0: 1 port detected [ 243.913161][ T9069] Process accounting resumed [ 244.504822][ T9105] random: crng reseeded on system resumption [ 244.555229][ T9105] hub 1-0:1.0: USB hub found [ 244.571732][ T9105] hub 1-0:1.0: 1 port detected [ 245.053355][ T5640] Bluetooth: hci2: unexpected subevent 0x01 length: 125 > 18 [ 245.395382][ T9125] random: crng reseeded on system resumption [ 245.425720][ T9125] hub 1-0:1.0: USB hub found [ 245.432188][ T9125] hub 1-0:1.0: 1 port detected [ 246.191994][ T9150] netlink: 4 bytes leftover after parsing attributes in process `syz.4.801'. [ 246.202470][ T9150] netlink: 13 bytes leftover after parsing attributes in process `syz.4.801'. [ 246.760897][ T9163] random: crng reseeded on system resumption [ 246.798444][ T9163] hub 1-0:1.0: USB hub found [ 246.798804][ T9163] hub 1-0:1.0: 1 port detected [ 247.142753][ T9175] hub 1-0:1.0: USB hub found [ 247.148957][ T5638] Bluetooth: hci2: command 0x2016 tx timeout [ 247.164690][ T9175] hub 1-0:1.0: 1 port detected [ 247.250395][ T9179] FAULT_INJECTION: forcing a failure. [ 247.250395][ T9179] name failslab, interval 1, probability 0, space 0, times 0 [ 247.273264][ T9179] CPU: 0 UID: 0 PID: 9179 Comm: syz.4.811 Tainted: G U L syzkaller #0 PREEMPT(full) [ 247.273308][ T9179] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 247.273317][ T9179] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 247.273333][ T9179] Call Trace: [ 247.273342][ T9179] [ 247.273352][ T9179] dump_stack_lvl+0x100/0x190 [ 247.273388][ T9179] should_fail_ex.cold+0x5/0xa [ 247.273421][ T9179] ? tomoyo_realpath_from_path+0xb6/0x690 [ 247.273458][ T9179] should_failslab+0xc2/0x120 [ 247.273489][ T9179] __kmalloc_noprof+0xe0/0x850 [ 247.273513][ T9179] ? kfree+0x1dd/0x6c0 [ 247.273556][ T9179] tomoyo_realpath_from_path+0xb6/0x690 [ 247.273597][ T9179] tomoyo_path_number_perm+0x23c/0x580 [ 247.273625][ T9179] ? tomoyo_path_number_perm+0x22e/0x580 [ 247.273657][ T9179] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 247.273718][ T9179] ? find_held_lock+0x2b/0x80 [ 247.273750][ T9179] ? __fget_files+0x215/0x3d0 [ 247.273777][ T9179] ? hook_file_ioctl_common+0x149/0x410 [ 247.273806][ T9179] ? __fget_files+0x215/0x3d0 [ 247.273842][ T9179] ? __fget_files+0x21f/0x3d0 [ 247.273879][ T9179] security_file_ioctl+0xd3/0x230 [ 247.273909][ T9179] __x64_sys_ioctl+0xb7/0x210 [ 247.273939][ T9179] do_syscall_64+0x10b/0xf80 [ 247.273976][ T9179] ? clear_bhb_loop+0x40/0x90 [ 247.274010][ T9179] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 247.274045][ T9179] RIP: 0033:0x7f009d99ce59 [ 247.274067][ T9179] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 247.274092][ T9179] RSP: 002b:00007f009e7d7028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 247.274117][ T9179] RAX: ffffffffffffffda RBX: 00007f009dc15fa0 RCX: 00007f009d99ce59 [ 247.274134][ T9179] RDX: 00002000000000c0 RSI: 000000004008ae89 RDI: 0000000000000004 [ 247.274150][ T9179] RBP: 00007f009e7d7090 R08: 0000000000000000 R09: 0000000000000000 [ 247.274167][ T9179] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 247.274183][ T9179] R13: 00007f009dc16038 R14: 00007f009dc15fa0 R15: 00007fff86afe9b8 [ 247.274218][ T9179] [ 247.274375][ T9179] ERROR: Out of memory at tomoyo_realpath_from_path. [ 247.582555][ T9187] netlink: 4 bytes leftover after parsing attributes in process `syz.3.813'. [ 248.605414][ T9214] random: crng reseeded on system resumption [ 248.664820][ T9214] hub 1-0:1.0: USB hub found [ 248.695313][ T9214] hub 1-0:1.0: 1 port detected [ 249.227189][ T5640] Bluetooth: hci2: command 0x2016 tx timeout [ 249.623941][ T9245] FAULT_INJECTION: forcing a failure. [ 249.623941][ T9245] name failslab, interval 1, probability 0, space 0, times 0 [ 249.647993][ T9245] CPU: 1 UID: 0 PID: 9245 Comm: syz.0.835 Tainted: G U L syzkaller #0 PREEMPT(full) [ 249.648040][ T9245] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 249.648050][ T9245] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 249.648066][ T9245] Call Trace: [ 249.648074][ T9245] [ 249.648085][ T9245] dump_stack_lvl+0x100/0x190 [ 249.648120][ T9245] should_fail_ex.cold+0x5/0xa [ 249.648155][ T9245] ? tomoyo_encode2+0xfb/0x3c0 [ 249.648186][ T9245] should_failslab+0xc2/0x120 [ 249.648218][ T9245] __kmalloc_noprof+0xe0/0x850 [ 249.648250][ T9245] tomoyo_encode2+0xfb/0x3c0 [ 249.648288][ T9245] tomoyo_encode+0x29/0x50 [ 249.648320][ T9245] tomoyo_realpath_from_path+0x18c/0x690 [ 249.648363][ T9245] tomoyo_path_number_perm+0x23c/0x580 [ 249.648390][ T9245] ? tomoyo_path_number_perm+0x22e/0x580 [ 249.648422][ T9245] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 249.648489][ T9245] ? find_held_lock+0x2b/0x80 [ 249.648521][ T9245] ? __fget_files+0x215/0x3d0 [ 249.648551][ T9245] ? hook_file_ioctl_common+0x149/0x410 [ 249.648580][ T9245] ? __fget_files+0x215/0x3d0 [ 249.648613][ T9245] ? __fget_files+0x21f/0x3d0 [ 249.648657][ T9245] security_file_ioctl+0xd3/0x230 [ 249.648686][ T9245] __x64_sys_ioctl+0xb7/0x210 [ 249.648715][ T9245] do_syscall_64+0x10b/0xf80 [ 249.648753][ T9245] ? clear_bhb_loop+0x40/0x90 [ 249.648786][ T9245] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 249.648812][ T9245] RIP: 0033:0x7f2171b9ce59 [ 249.648835][ T9245] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 249.648860][ T9245] RSP: 002b:00007f21729a2028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 249.648885][ T9245] RAX: ffffffffffffffda RBX: 00007f2171e15fa0 RCX: 00007f2171b9ce59 [ 249.648904][ T9245] RDX: 00002000000000c0 RSI: 000000004008ae89 RDI: 0000000000000004 [ 249.648925][ T9245] RBP: 00007f21729a2090 R08: 0000000000000000 R09: 0000000000000000 [ 249.648942][ T9245] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 249.648959][ T9245] R13: 00007f2171e16038 R14: 00007f2171e15fa0 R15: 00007ffd352b3728 [ 249.648997][ T9245] [ 249.649092][ T9245] ERROR: Out of memory at tomoyo_realpath_from_path. [ 250.184083][ T9256] random: crng reseeded on system resumption [ 250.219329][ T9256] hub 1-0:1.0: USB hub found [ 250.228878][ T9256] hub 1-0:1.0: 1 port detected [ 250.482920][ T9260] hub 1-0:1.0: USB hub found [ 250.488040][ T9260] hub 1-0:1.0: 1 port detected [ 250.847759][ T9269] random: crng reseeded on system resumption [ 250.965308][ T9270] hub 1-0:1.0: USB hub found [ 250.971298][ T9270] hub 1-0:1.0: 1 port detected [ 252.354168][ T9301] FAULT_INJECTION: forcing a failure. [ 252.354168][ T9301] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 252.371605][ T9301] CPU: 0 UID: 0 PID: 9301 Comm: syz.0.851 Tainted: G U L syzkaller #0 PREEMPT(full) [ 252.371652][ T9301] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 252.371662][ T9301] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 252.371677][ T9301] Call Trace: [ 252.371686][ T9301] [ 252.371696][ T9301] dump_stack_lvl+0x100/0x190 [ 252.371729][ T9301] should_fail_ex.cold+0x5/0xa [ 252.371764][ T9301] _copy_from_user+0x2e/0xd0 [ 252.371793][ T9301] msr_io+0x93/0x480 [ 252.371826][ T9301] ? __pfx_do_set_msr+0x10/0x10 [ 252.371869][ T9301] ? __pfx_msr_io+0x10/0x10 [ 252.371904][ T9301] ? __pfx_widen_string+0x10/0x10 [ 252.371935][ T9301] ? __kernel_text_address+0xd/0x30 [ 252.371967][ T9301] kvm_arch_vcpu_ioctl+0xd1a/0x5730 [ 252.372005][ T9301] ? kvm_arch_vcpu_ioctl+0xcfc/0x5730 [ 252.372053][ T9301] ? __pfx_kvm_arch_vcpu_ioctl+0x10/0x10 [ 252.372088][ T9301] ? __pfx_stack_trace_save+0x10/0x10 [ 252.372126][ T9301] ? stack_depot_save_flags+0x27/0x9d0 [ 252.372159][ T9301] ? __lock_acquire+0x4a5/0x2630 [ 252.372185][ T9301] ? tomoyo_path_number_perm+0x46d/0x580 [ 252.372222][ T9301] ? __lock_acquire+0x4a5/0x2630 [ 252.372247][ T9301] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 252.372290][ T9301] ? lock_acquire+0x1b1/0x370 [ 252.372319][ T9301] ? rcu_is_watching+0x12/0xc0 [ 252.372357][ T9301] ? trace_contention_end+0x122/0x170 [ 252.372386][ T9301] ? __mutex_lock+0x26d/0x1b10 [ 252.372424][ T9301] ? kvm_vcpu_ioctl+0x322/0x1720 [ 252.372455][ T9301] ? __pfx___mutex_lock+0x10/0x10 [ 252.372493][ T9301] ? kasan_quarantine_put+0x104/0x240 [ 252.372522][ T9301] ? tomoyo_path_number_perm+0x28f/0x580 [ 252.372558][ T9301] ? tomoyo_path_number_perm+0x188/0x580 [ 252.372591][ T9301] ? kvm_vcpu_ioctl+0x8a0/0x1720 [ 252.372612][ T9301] kvm_vcpu_ioctl+0x8a0/0x1720 [ 252.372641][ T9301] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 252.372667][ T9301] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 252.372703][ T9301] ? do_vfs_ioctl+0x226/0x13e0 [ 252.372730][ T9301] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 252.372768][ T9301] ? find_held_lock+0x2b/0x80 [ 252.372800][ T9301] ? __fget_files+0x215/0x3d0 [ 252.372830][ T9301] ? hook_file_ioctl_common+0x149/0x410 [ 252.372868][ T9301] ? __fget_files+0x21f/0x3d0 [ 252.372904][ T9301] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 252.372933][ T9301] __x64_sys_ioctl+0x18e/0x210 [ 252.372964][ T9301] do_syscall_64+0x10b/0xf80 [ 252.373001][ T9301] ? clear_bhb_loop+0x40/0x90 [ 252.373033][ T9301] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 252.373061][ T9301] RIP: 0033:0x7f2171b9ce59 [ 252.373084][ T9301] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 252.373110][ T9301] RSP: 002b:00007f21729a2028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 252.373134][ T9301] RAX: ffffffffffffffda RBX: 00007f2171e15fa0 RCX: 00007f2171b9ce59 [ 252.373152][ T9301] RDX: 00002000000000c0 RSI: 000000004008ae89 RDI: 0000000000000004 [ 252.373169][ T9301] RBP: 00007f21729a2090 R08: 0000000000000000 R09: 0000000000000000 [ 252.373186][ T9301] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 252.373202][ T9301] R13: 00007f2171e16038 R14: 00007f2171e15fa0 R15: 00007ffd352b3728 [ 252.373238][ T9301] [ 255.374141][ T9363] block2mtd: device name too long [ 255.869708][ T9372] random: crng reseeded on system resumption [ 255.870748][ T1315] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.890637][ T1315] ieee802154 phy1 wpan1: encryption failed: -22 [ 255.985529][ T9375] hub 1-0:1.0: USB hub found [ 256.020377][ T5638] Bluetooth: hci3: unexpected subevent 0x01 length: 125 > 18 [ 256.034878][ T9375] hub 1-0:1.0: 1 port detected [ 256.303817][ T9384] hub 1-0:1.0: USB hub found [ 256.323444][ T9384] hub 1-0:1.0: 1 port detected [ 256.596279][ T9389] net_ratelimit: 40 callbacks suppressed [ 256.614696][ T9389] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 258.106472][ T5638] Bluetooth: hci3: command 0x2016 tx timeout [ 258.912162][ T9440] FAULT_INJECTION: forcing a failure. [ 258.912162][ T9440] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 258.925649][ T9440] CPU: 1 UID: 0 PID: 9440 Comm: syz.2.894 Tainted: G U L syzkaller #0 PREEMPT(full) [ 258.925694][ T9440] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 258.925703][ T9440] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 258.925719][ T9440] Call Trace: [ 258.925728][ T9440] [ 258.925738][ T9440] dump_stack_lvl+0x100/0x190 [ 258.925774][ T9440] should_fail_ex.cold+0x5/0xa [ 258.925808][ T9440] _copy_from_user+0x2e/0xd0 [ 258.925838][ T9440] memdup_user+0x6b/0xe0 [ 258.925869][ T9440] msr_io+0xea/0x480 [ 258.925903][ T9440] ? __pfx_do_set_msr+0x10/0x10 [ 258.925946][ T9440] ? __pfx_msr_io+0x10/0x10 [ 258.926010][ T9440] ? __pfx_widen_string+0x10/0x10 [ 258.926040][ T9440] ? __kernel_text_address+0xd/0x30 [ 258.926076][ T9440] kvm_arch_vcpu_ioctl+0xd1a/0x5730 [ 258.926113][ T9440] ? kvm_arch_vcpu_ioctl+0xcfc/0x5730 [ 258.926161][ T9440] ? __pfx_kvm_arch_vcpu_ioctl+0x10/0x10 [ 258.926198][ T9440] ? __pfx_stack_trace_save+0x10/0x10 [ 258.926236][ T9440] ? stack_depot_save_flags+0x27/0x9d0 [ 258.926268][ T9440] ? __lock_acquire+0x4a5/0x2630 [ 258.926295][ T9440] ? tomoyo_path_number_perm+0x46d/0x580 [ 258.926331][ T9440] ? __lock_acquire+0x4a5/0x2630 [ 258.926354][ T9440] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 258.926394][ T9440] ? lock_acquire+0x1b1/0x370 [ 258.926422][ T9440] ? rcu_is_watching+0x12/0xc0 [ 258.926452][ T9440] ? trace_contention_end+0x122/0x170 [ 258.926482][ T9440] ? __mutex_lock+0x26d/0x1b10 [ 258.926522][ T9440] ? kvm_vcpu_ioctl+0x322/0x1720 [ 258.926556][ T9440] ? __pfx___mutex_lock+0x10/0x10 [ 258.926595][ T9440] ? kasan_quarantine_put+0x104/0x240 [ 258.926628][ T9440] ? tomoyo_path_number_perm+0x28f/0x580 [ 258.926666][ T9440] ? tomoyo_path_number_perm+0x188/0x580 [ 258.926700][ T9440] ? kvm_vcpu_ioctl+0x8a0/0x1720 [ 258.926725][ T9440] kvm_vcpu_ioctl+0x8a0/0x1720 [ 258.926756][ T9440] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 258.926784][ T9440] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 258.926826][ T9440] ? do_vfs_ioctl+0x226/0x13e0 [ 258.926855][ T9440] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 258.926893][ T9440] ? find_held_lock+0x2b/0x80 [ 258.926926][ T9440] ? __fget_files+0x215/0x3d0 [ 258.926962][ T9440] ? hook_file_ioctl_common+0x149/0x410 [ 258.927000][ T9440] ? __fget_files+0x21f/0x3d0 [ 258.927037][ T9440] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 258.927066][ T9440] __x64_sys_ioctl+0x18e/0x210 [ 258.927097][ T9440] do_syscall_64+0x10b/0xf80 [ 258.927135][ T9440] ? clear_bhb_loop+0x40/0x90 [ 258.927168][ T9440] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 258.927196][ T9440] RIP: 0033:0x7f530219ce59 [ 258.927219][ T9440] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 258.927246][ T9440] RSP: 002b:00007f5302fc4028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 258.927272][ T9440] RAX: ffffffffffffffda RBX: 00007f5302415fa0 RCX: 00007f530219ce59 [ 258.927290][ T9440] RDX: 00002000000000c0 RSI: 000000004008ae89 RDI: 0000000000000004 [ 258.927307][ T9440] RBP: 00007f5302fc4090 R08: 0000000000000000 R09: 0000000000000000 [ 258.927324][ T9440] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 258.927340][ T9440] R13: 00007f5302416038 R14: 00007f5302415fa0 R15: 00007ffd5fa8f878 [ 258.927378][ T9440] [ 259.440959][ T9442] Process accounting paused [ 260.186496][ T5640] Bluetooth: hci3: command 0x2016 tx timeout [ 261.013910][ T9483] random: crng reseeded on system resumption [ 261.143787][ T9483] hub 1-0:1.0: USB hub found [ 261.158704][ T9483] hub 1-0:1.0: 1 port detected [ 261.697518][ T9492] hub 1-0:1.0: USB hub found [ 261.735505][ T9492] hub 1-0:1.0: 1 port detected [ 263.406008][ T9539] random: crng reseeded on system resumption [ 263.433547][ T9539] hub 1-0:1.0: USB hub found [ 263.441195][ T9539] hub 1-0:1.0: 1 port detected [ 263.651055][ T9542] netlink: 342 bytes leftover after parsing attributes in process `syz.0.920'. [ 264.177399][ T9556] FAULT_INJECTION: forcing a failure. [ 264.177399][ T9556] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 264.212813][ T9556] CPU: 1 UID: 0 PID: 9556 Comm: syz.3.925 Tainted: G U L syzkaller #0 PREEMPT(full) [ 264.212860][ T9556] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 264.212870][ T9556] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 264.212889][ T9556] Call Trace: [ 264.212900][ T9556] [ 264.212910][ T9556] dump_stack_lvl+0x100/0x190 [ 264.212946][ T9556] should_fail_ex.cold+0x5/0xa [ 264.212981][ T9556] _copy_to_user+0x32/0xd0 [ 264.213011][ T9556] simple_read_from_buffer+0xcb/0x170 [ 264.213045][ T9556] proc_fail_nth_read+0x1af/0x230 [ 264.213089][ T9556] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 264.213134][ T9556] ? rw_verify_area+0xce/0x6d0 [ 264.213160][ T9556] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 264.213201][ T9556] vfs_read+0x1e4/0xb30 [ 264.213236][ T9556] ? __pfx_vfs_read+0x10/0x10 [ 264.213265][ T9556] ? __fget_files+0x215/0x3d0 [ 264.213305][ T9556] ? __fget_files+0x21f/0x3d0 [ 264.213347][ T9556] ksys_read+0x12a/0x250 [ 264.213378][ T9556] ? __pfx_ksys_read+0x10/0x10 [ 264.213411][ T9556] ? rcu_is_watching+0x12/0xc0 [ 264.213456][ T9556] do_syscall_64+0x10b/0xf80 [ 264.213495][ T9556] ? clear_bhb_loop+0x40/0x90 [ 264.213527][ T9556] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 264.213556][ T9556] RIP: 0033:0x7f0fb955d68e [ 264.213579][ T9556] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 264.213605][ T9556] RSP: 002b:00007f0fba538fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 264.213631][ T9556] RAX: ffffffffffffffda RBX: 00007f0fba5396c0 RCX: 00007f0fb955d68e [ 264.213649][ T9556] RDX: 000000000000000f RSI: 00007f0fba5390a0 RDI: 0000000000000005 [ 264.213665][ T9556] RBP: 00007f0fba539090 R08: 0000000000000000 R09: 0000000000000000 [ 264.213682][ T9556] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 264.213698][ T9556] R13: 00007f0fb9816038 R14: 00007f0fb9815fa0 R15: 00007fff308bfb48 [ 264.213734][ T9556] [ 264.522284][ T9564] FAULT_INJECTION: forcing a failure. [ 264.522284][ T9564] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 264.646510][ T9564] CPU: 1 UID: 0 PID: 9564 Comm: syz.4.926 Tainted: G U L syzkaller #0 PREEMPT(full) [ 264.646556][ T9564] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 264.646566][ T9564] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 264.646581][ T9564] Call Trace: [ 264.646589][ T9564] [ 264.646599][ T9564] dump_stack_lvl+0x100/0x190 [ 264.646634][ T9564] should_fail_ex.cold+0x5/0xa [ 264.646667][ T9564] _copy_from_user+0x2e/0xd0 [ 264.646693][ T9564] copy_msghdr_from_user+0x9f/0x4f0 [ 264.646732][ T9564] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 264.646776][ T9564] ? rcu_is_watching+0x12/0xc0 [ 264.646807][ T9564] ? ___sys_recvmsg+0x177/0x1a0 [ 264.646846][ T9564] ? kfree+0x1dd/0x6c0 [ 264.646887][ T9564] ___sys_recvmsg+0xdd/0x1a0 [ 264.646926][ T9564] ? __pfx____sys_recvmsg+0x10/0x10 [ 264.646983][ T9564] ? __pfx___might_resched+0x10/0x10 [ 264.647021][ T9564] do_recvmmsg+0x301/0x760 [ 264.647064][ T9564] ? __pfx_do_recvmmsg+0x10/0x10 [ 264.647101][ T9564] ? ksys_write+0x190/0x250 [ 264.647137][ T9564] ? __mutex_unlock_slowpath+0x15d/0x8a0 [ 264.647186][ T9564] ? kernel_write+0x5e3/0x6c0 [ 264.647225][ T9564] ? __fget_files+0x21f/0x3d0 [ 264.647265][ T9564] __x64_sys_recvmmsg+0x22a/0x280 [ 264.647300][ T9564] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 264.647335][ T9564] ? rcu_is_watching+0x12/0xc0 [ 264.647371][ T9564] do_syscall_64+0x10b/0xf80 [ 264.647416][ T9564] ? clear_bhb_loop+0x40/0x90 [ 264.647448][ T9564] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 264.647476][ T9564] RIP: 0033:0x7f009d99ce59 [ 264.647499][ T9564] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 264.647525][ T9564] RSP: 002b:00007f009e7b6028 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 264.647551][ T9564] RAX: ffffffffffffffda RBX: 00007f009dc16090 RCX: 00007f009d99ce59 [ 264.647569][ T9564] RDX: 0000000000010000 RSI: 0000000000000000 RDI: 0000000000000003 [ 264.647591][ T9564] RBP: 00007f009e7b6090 R08: 0000000000000000 R09: 0000000000000000 [ 264.647607][ T9564] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 264.647623][ T9564] R13: 00007f009dc16128 R14: 00007f009dc16090 R15: 00007fff86afe9b8 [ 264.647657][ T9564] [ 265.316101][ T9569] netlink: 346 bytes leftover after parsing attributes in process `syz.2.928'. [ 265.691199][ T9592] random: crng reseeded on system resumption [ 265.765008][ T9592] hub 1-0:1.0: USB hub found [ 265.780781][ T9592] hub 1-0:1.0: 1 port detected [ 267.460419][ T5638] Bluetooth: hci3: unexpected subevent 0x01 length: 125 > 18 [ 267.626098][ T9644] random: crng reseeded on system resumption [ 267.675405][ T9644] hub 1-0:1.0: USB hub found [ 267.679200][ T9645] FAULT_INJECTION: forcing a failure. [ 267.679200][ T9645] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 267.694396][ T9644] hub 1-0:1.0: 1 port detected [ 267.727541][ T9645] CPU: 1 UID: 0 PID: 9645 Comm: syz.4.947 Tainted: G U L syzkaller #0 PREEMPT(full) [ 267.727584][ T9645] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 267.727594][ T9645] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 267.727609][ T9645] Call Trace: [ 267.727617][ T9645] [ 267.727628][ T9645] dump_stack_lvl+0x100/0x190 [ 267.727661][ T9645] should_fail_ex.cold+0x5/0xa [ 267.727694][ T9645] _copy_from_user+0x2e/0xd0 [ 267.727741][ T9645] copy_msghdr_from_user+0x9f/0x4f0 [ 267.727778][ T9645] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 267.727818][ T9645] ? rcu_is_watching+0x12/0xc0 [ 267.727855][ T9645] ? ___sys_recvmsg+0x177/0x1a0 [ 267.727892][ T9645] ? kfree+0x1dd/0x6c0 [ 267.727926][ T9645] ___sys_recvmsg+0xdd/0x1a0 [ 267.727958][ T9645] ? __pfx____sys_recvmsg+0x10/0x10 [ 267.728015][ T9645] ? __pfx___might_resched+0x10/0x10 [ 267.728051][ T9645] do_recvmmsg+0x301/0x760 [ 267.728096][ T9645] ? __pfx_do_recvmmsg+0x10/0x10 [ 267.728132][ T9645] ? ksys_write+0x190/0x250 [ 267.728204][ T9645] ? __mutex_unlock_slowpath+0x15d/0x8a0 [ 267.728243][ T9645] ? kernel_write+0x5e3/0x6c0 [ 267.728281][ T9645] ? __fget_files+0x21f/0x3d0 [ 267.728322][ T9645] __x64_sys_recvmmsg+0x22a/0x280 [ 267.728354][ T9645] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 267.728388][ T9645] ? rcu_is_watching+0x12/0xc0 [ 267.728422][ T9645] do_syscall_64+0x10b/0xf80 [ 267.728456][ T9645] ? clear_bhb_loop+0x40/0x90 [ 267.728487][ T9645] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 267.728530][ T9645] RIP: 0033:0x7f009d99ce59 [ 267.728553][ T9645] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 267.728577][ T9645] RSP: 002b:00007f009e7b6028 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 267.728602][ T9645] RAX: ffffffffffffffda RBX: 00007f009dc16090 RCX: 00007f009d99ce59 [ 267.728619][ T9645] RDX: 0000000000010000 RSI: 0000000000000000 RDI: 0000000000000003 [ 267.728639][ T9645] RBP: 00007f009e7b6090 R08: 0000000000000000 R09: 0000000000000000 [ 267.728655][ T9645] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 267.728671][ T9645] R13: 00007f009dc16128 R14: 00007f009dc16090 R15: 00007fff86afe9b8 [ 267.728706][ T9645] [ 268.966485][ T9679] random: crng reseeded on system resumption [ 269.050847][ T9680] hub 1-0:1.0: USB hub found [ 269.073213][ T9680] hub 1-0:1.0: 1 port detected [ 269.129691][ T9684] hub 1-0:1.0: USB hub found [ 269.140956][ T9684] hub 1-0:1.0: 1 port detected [ 269.558438][ T5638] Bluetooth: hci3: command 0x2016 tx timeout [ 270.785245][ T9726] smpboot: CPU 1 is now offline [ 271.332215][ T9730] warning: `syz.2.967' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 271.630105][ T5640] Bluetooth: hci3: command 0x2016 tx timeout [ 271.794987][ T5640] Bluetooth: hci1: unexpected subevent 0x01 length: 125 > 18 [ 272.887997][ T9776] random: crng reseeded on system resumption [ 273.691583][ T5640] Bluetooth: hci2: unexpected subevent 0x01 length: 125 > 18 [ 273.870755][ T5638] Bluetooth: hci1: command 0x2016 tx timeout [ 274.432737][ T9815] netlink: 342 bytes leftover after parsing attributes in process `syz.2.990'. [ 274.645573][ T9819] random: crng reseeded on system resumption [ 274.814082][ T9822] hub 1-0:1.0: USB hub found [ 274.920541][ T9822] hub 1-0:1.0: 1 port detected [ 275.003944][ T5638] Bluetooth: hci1: unexpected subevent 0x01 length: 125 > 18 [ 275.012160][ T5638] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci1/hci1:0' [ 275.021586][ T5638] CPU: 0 UID: 0 PID: 5638 Comm: kworker/u9:5 Tainted: G U L syzkaller #0 PREEMPT(full) [ 275.021613][ T5638] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 275.021619][ T5638] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 275.021630][ T5638] Workqueue: hci1 hci_rx_work [ 275.021654][ T5638] Call Trace: [ 275.021660][ T5638] [ 275.021666][ T5638] dump_stack_lvl+0x100/0x190 [ 275.021686][ T5638] sysfs_warn_dup.cold+0x1c/0x28 [ 275.021708][ T5638] sysfs_create_dir_ns+0x24b/0x2b0 [ 275.021725][ T5638] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 275.021740][ T5638] ? find_held_lock+0x2b/0x80 [ 275.021759][ T5638] ? kobject_add_internal+0x25f/0x930 [ 275.021775][ T5638] ? kobject_add_internal+0x25f/0x930 [ 275.021792][ T5638] ? do_raw_spin_unlock+0x145/0x1e0 [ 275.021811][ T5638] kobject_add_internal+0x2c8/0x930 [ 275.021830][ T5638] kobject_add+0x16a/0x1e0 [ 275.021845][ T5638] ? __pfx_kobject_add+0x10/0x10 [ 275.021859][ T5638] ? class_to_subsys+0x10f/0x150 [ 275.021882][ T5638] ? kobject_put+0xb9/0x640 [ 275.021895][ T5638] ? _raw_spin_unlock+0x28/0x50 [ 275.021919][ T5638] device_add+0x294/0x1950 [ 275.021939][ T5638] ? __pfx_dev_set_name+0x10/0x10 [ 275.021960][ T5638] ? __pfx_device_add+0x10/0x10 [ 275.021978][ T5638] ? mgmt_send_event_skb+0x2fb/0x460 [ 275.022003][ T5638] hci_conn_add_sysfs+0x1a3/0x260 [ 275.022027][ T5638] le_conn_complete_evt+0x11eb/0x1f60 [ 275.022052][ T5638] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 275.022070][ T5638] ? __pfx_bt_warn+0x10/0x10 [ 275.022097][ T5638] hci_le_conn_complete_evt+0x23c/0x3a0 [ 275.022117][ T5638] ? skb_pull_data+0x15f/0x1e0 [ 275.022140][ T5638] hci_le_meta_evt+0x34a/0x5f0 [ 275.022161][ T5638] ? __pfx_hci_le_conn_complete_evt+0x10/0x10 [ 275.022183][ T5638] hci_event_packet+0x51c/0xcd0 [ 275.022203][ T5638] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 275.022224][ T5638] ? __pfx_hci_event_packet+0x10/0x10 [ 275.022245][ T5638] ? kcov_remote_start+0x374/0x660 [ 275.022266][ T5638] ? lockdep_hardirqs_on+0x78/0x100 [ 275.022291][ T5638] hci_rx_work+0x451/0xfc0 [ 275.022314][ T5638] process_one_work+0xa0e/0x1980 [ 275.022337][ T5638] ? __pfx_process_one_work+0x10/0x10 [ 275.022358][ T5638] ? __pfx_hci_rx_work+0x10/0x10 [ 275.022379][ T5638] worker_thread+0x5ef/0xe50 [ 275.022401][ T5638] ? kthread+0x13a/0x450 [ 275.022413][ T5638] ? __pfx_worker_thread+0x10/0x10 [ 275.022427][ T5638] kthread+0x370/0x450 [ 275.022440][ T5638] ? __pfx_kthread+0x10/0x10 [ 275.022455][ T5638] ret_from_fork+0x72b/0xd50 [ 275.022472][ T5638] ? __pfx_ret_from_fork+0x10/0x10 [ 275.022488][ T5638] ? rcu_is_watching+0x12/0xc0 [ 275.022513][ T5638] ? __switch_to+0x800/0x1100 [ 275.022534][ T5638] ? __switch_to_asm+0x39/0x70 [ 275.022554][ T5638] ? __pfx_kthread+0x10/0x10 [ 275.022569][ T5638] ret_from_fork_asm+0x1a/0x30 [ 275.022599][ T5638] [ 275.022633][ T5638] kobject: kobject_add_internal failed for hci1:0 with -EEXIST, don't try to register things with the same name in the same directory. [ 275.345407][ T5638] Bluetooth: hci1: failed to register connection device [ 275.711999][ T5633] Bluetooth: hci2: command 0x2016 tx timeout [ 275.952206][ T5638] Bluetooth: hci1: command 0x2016 tx timeout [ 275.967655][ T9776] Process accounting paused [ 277.157006][ T9861] random: crng reseeded on system resumption [ 277.231640][ T9861] hub 1-0:1.0: USB hub found [ 277.279299][ T9861] hub 1-0:1.0: 1 port detected [ 277.793150][ T5638] Bluetooth: hci2: command 0x2016 tx timeout [ 278.032379][ T5640] Bluetooth: hci1: command 0x2016 tx timeout [ 278.877500][ T9893] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1009'. [ 278.978292][ T9895] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1009'. [ 280.113554][ T5633] Bluetooth: hci1: command 0x2016 tx timeout [ 280.392128][ T9916] netlink: 25 bytes leftover after parsing attributes in process `syz.2.1013'. [ 280.672727][ T9920] random: crng reseeded on system resumption [ 280.747075][ T9920] hub 1-0:1.0: USB hub found [ 280.769558][ T9920] hub 1-0:1.0: 1 port detected [ 281.614212][ T9945] FAULT_INJECTION: forcing a failure. [ 281.614212][ T9945] name failslab, interval 1, probability 0, space 0, times 0 [ 281.699071][ T9945] CPU: 0 UID: 0 PID: 9945 Comm: syz.2.1018 Tainted: G U L syzkaller #0 PREEMPT(full) [ 281.699099][ T9945] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 281.699105][ T9945] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 281.699114][ T9945] Call Trace: [ 281.699120][ T9945] [ 281.699126][ T9945] dump_stack_lvl+0x100/0x190 [ 281.699148][ T9945] should_fail_ex.cold+0x5/0xa [ 281.699168][ T9945] should_failslab+0xc2/0x120 [ 281.699186][ T9945] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 281.699208][ T9945] ? security_inode_alloc+0x3b/0x2c0 [ 281.699231][ T9945] ? lockdep_init_map_type+0x5c/0x250 [ 281.699249][ T9945] security_inode_alloc+0x3b/0x2c0 [ 281.699272][ T9945] inode_init_always_gfp+0xcc0/0x1000 [ 281.699294][ T9945] alloc_inode+0x8e/0x250 [ 281.699316][ T9945] new_inode+0x22/0x1c0 [ 281.699336][ T9945] ? preempt_count_add+0x9e/0x150 [ 281.699354][ T9945] shmem_get_inode+0x1e3/0xfb0 [ 281.699376][ T9945] ? __pfx_shmem_get_inode+0x10/0x10 [ 281.699400][ T9945] __shmem_file_setup+0x168/0x460 [ 281.699421][ T9945] ? __pfx___shmem_file_setup+0x10/0x10 [ 281.699446][ T9945] newseg+0x3c0/0xed0 [ 281.699470][ T9945] ? __pfx_newseg+0x10/0x10 [ 281.699487][ T9945] ? find_held_lock+0x2b/0x80 [ 281.699506][ T9945] ? ipcget+0x8aa/0xf50 [ 281.699527][ T9945] ipcget+0x909/0xf50 [ 281.699544][ T9945] ? do_futex+0x192/0x350 [ 281.699566][ T9945] ? __pfx_ipcget+0x10/0x10 [ 281.699583][ T9945] ? __x64_sys_futex+0x34f/0x4d0 [ 281.699598][ T9945] ? __x64_sys_futex+0x358/0x4d0 [ 281.699617][ T9945] __x64_sys_shmget+0x13b/0x1b0 [ 281.699635][ T9945] ? __pfx___x64_sys_shmget+0x10/0x10 [ 281.699654][ T9945] ? rcu_is_watching+0x12/0xc0 [ 281.699674][ T9945] do_syscall_64+0x10b/0xf80 [ 281.699695][ T9945] ? clear_bhb_loop+0x40/0x90 [ 281.699713][ T9945] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 281.699728][ T9945] RIP: 0033:0x7f530219ce59 [ 281.699742][ T9945] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 281.699756][ T9945] RSP: 002b:00007f5302fa3028 EFLAGS: 00000246 ORIG_RAX: 000000000000001d [ 281.699770][ T9945] RAX: ffffffffffffffda RBX: 00007f5302416090 RCX: 00007f530219ce59 [ 281.699780][ T9945] RDX: 0000000000005300 RSI: 0000000000000001 RDI: 00000000000006a2 [ 281.699789][ T9945] RBP: 00007f5302232d6f R08: 0000000000000000 R09: 0000000000000000 [ 281.699798][ T9945] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 281.699807][ T9945] R13: 00007f5302416128 R14: 00007f5302416090 R15: 00007ffd5fa8f878 [ 281.699827][ T9945] [ 282.357383][ T9952] ptrace attach of "ci-qemu-gce-upstream-auto/syz-executor exec"[5626] was attempted by ""[9952] [ 282.622673][ T9960] FAULT_INJECTION: forcing a failure. [ 282.622673][ T9960] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 282.695681][ T9960] CPU: 0 UID: 0 PID: 9960 Comm: syz.2.1021 Tainted: G U L syzkaller #0 PREEMPT(full) [ 282.695709][ T9960] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 282.695714][ T9960] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 282.695723][ T9960] Call Trace: [ 282.695729][ T9960] [ 282.695735][ T9960] dump_stack_lvl+0x100/0x190 [ 282.695755][ T9960] should_fail_ex.cold+0x5/0xa [ 282.695774][ T9960] _copy_from_user+0x2e/0xd0 [ 282.695790][ T9960] copy_msghdr_from_user+0x9f/0x4f0 [ 282.695812][ T9960] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 282.695836][ T9960] ? rcu_is_watching+0x12/0xc0 [ 282.695853][ T9960] ? ___sys_recvmsg+0x177/0x1a0 [ 282.695873][ T9960] ? kfree+0x1dd/0x6c0 [ 282.695895][ T9960] ___sys_recvmsg+0xdd/0x1a0 [ 282.695916][ T9960] ? __pfx____sys_recvmsg+0x10/0x10 [ 282.695946][ T9960] ? __pfx___might_resched+0x10/0x10 [ 282.695967][ T9960] do_recvmmsg+0x301/0x760 [ 282.695990][ T9960] ? __pfx_do_recvmmsg+0x10/0x10 [ 282.696010][ T9960] ? ksys_write+0x190/0x250 [ 282.696030][ T9960] ? __mutex_unlock_slowpath+0x15d/0x8a0 [ 282.696051][ T9960] ? kernel_write+0x5e3/0x6c0 [ 282.696072][ T9960] ? __fget_files+0x21f/0x3d0 [ 282.696093][ T9960] __x64_sys_recvmmsg+0x22a/0x280 [ 282.696111][ T9960] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 282.696130][ T9960] ? rcu_is_watching+0x12/0xc0 [ 282.696149][ T9960] do_syscall_64+0x10b/0xf80 [ 282.696169][ T9960] ? clear_bhb_loop+0x40/0x90 [ 282.696187][ T9960] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 282.696202][ T9960] RIP: 0033:0x7f530219ce59 [ 282.696219][ T9960] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 282.696233][ T9960] RSP: 002b:00007f5302fa3028 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 282.696247][ T9960] RAX: ffffffffffffffda RBX: 00007f5302416090 RCX: 00007f530219ce59 [ 282.696257][ T9960] RDX: 0000000000010000 RSI: 0000000000000000 RDI: 0000000000000003 [ 282.696266][ T9960] RBP: 00007f5302fa3090 R08: 0000000000000000 R09: 0000000000000000 [ 282.696274][ T9960] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 282.696283][ T9960] R13: 00007f5302416128 R14: 00007f5302416090 R15: 00007ffd5fa8f878 [ 282.696301][ T9960] [ 283.449695][ T9965] random: crng reseeded on system resumption [ 283.529773][ T9965] hub 1-0:1.0: USB hub found [ 283.564654][ T9965] hub 1-0:1.0: 1 port detected [ 284.373825][ T9994] netlink: 330 bytes leftover after parsing attributes in process `syz.4.1029'. [ 284.462553][ T9967] [U] ^\ [ 285.810279][T10020] FAULT_INJECTION: forcing a failure. [ 285.810279][T10020] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 286.172035][T10020] CPU: 0 UID: 0 PID: 10020 Comm: syz.0.1032 Tainted: G U L syzkaller #0 PREEMPT(full) [ 286.172063][T10020] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 286.172069][T10020] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 286.172077][T10020] Call Trace: [ 286.172082][T10020] [ 286.172088][T10020] dump_stack_lvl+0x100/0x190 [ 286.172108][T10020] should_fail_ex.cold+0x5/0xa [ 286.172127][T10020] _copy_from_user+0x2e/0xd0 [ 286.172142][T10020] copy_msghdr_from_user+0x9f/0x4f0 [ 286.172165][T10020] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 286.172196][T10020] ? rcu_is_watching+0x12/0xc0 [ 286.172214][T10020] ? ___sys_recvmsg+0x177/0x1a0 [ 286.172233][T10020] ? kfree+0x1dd/0x6c0 [ 286.172256][T10020] ___sys_recvmsg+0xdd/0x1a0 [ 286.172277][T10020] ? __pfx____sys_recvmsg+0x10/0x10 [ 286.172308][T10020] ? __pfx___might_resched+0x10/0x10 [ 286.172329][T10020] do_recvmmsg+0x301/0x760 [ 286.172351][T10020] ? __pfx_do_recvmmsg+0x10/0x10 [ 286.172371][T10020] ? ksys_write+0x190/0x250 [ 286.172391][T10020] ? __mutex_unlock_slowpath+0x15d/0x8a0 [ 286.172413][T10020] ? kernel_write+0x5e3/0x6c0 [ 286.172437][T10020] ? __fget_files+0x21f/0x3d0 [ 286.172458][T10020] __x64_sys_recvmmsg+0x22a/0x280 [ 286.172477][T10020] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 286.172496][T10020] ? rcu_is_watching+0x12/0xc0 [ 286.172515][T10020] do_syscall_64+0x10b/0xf80 [ 286.172535][T10020] ? clear_bhb_loop+0x40/0x90 [ 286.172553][T10020] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 286.172567][T10020] RIP: 0033:0x7f2171b9ce59 [ 286.172581][T10020] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 286.172595][T10020] RSP: 002b:00007f216fdf6028 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 286.172609][T10020] RAX: ffffffffffffffda RBX: 00007f2171e16180 RCX: 00007f2171b9ce59 [ 286.172618][T10020] RDX: 0000000000010000 RSI: 0000000000000000 RDI: 0000000000000003 [ 286.172627][T10020] RBP: 00007f216fdf6090 R08: 0000000000000000 R09: 0000000000000000 [ 286.172635][T10020] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 286.172644][T10020] R13: 00007f2171e16218 R14: 00007f2171e16180 R15: 00007ffd352b3728 [ 286.172662][T10020] [ 287.506996][T10048] EXT4-fs error (device sda1): xattr_find_entry:337: inode #1312: comm kworker/u8:33: corrupted xattr entries [ 289.312023][ T5640] Bluetooth: hci1: unexpected subevent 0x01 length: 125 > 18 [ 289.542204][T10068] Process accounting resumed [ 289.587575][T10072] FAULT_INJECTION: forcing a failure. [ 289.587575][T10072] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 289.725014][T10076] EXT4-fs error (device sda1): xattr_find_entry:337: inode #1312: comm kworker/u8:33: corrupted xattr entries [ 289.755575][T10072] CPU: 0 UID: 0 PID: 10072 Comm: syz.4.1045 Tainted: G U L syzkaller #0 PREEMPT(full) [ 289.755603][T10072] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 289.755609][T10072] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 289.755617][T10072] Call Trace: [ 289.755623][T10072] [ 289.755629][T10072] dump_stack_lvl+0x100/0x190 [ 289.755650][T10072] should_fail_ex.cold+0x5/0xa [ 289.755669][T10072] _copy_from_user+0x2e/0xd0 [ 289.755685][T10072] copy_msghdr_from_user+0x9f/0x4f0 [ 289.755708][T10072] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 289.755732][T10072] ? rcu_is_watching+0x12/0xc0 [ 289.755750][T10072] ? ___sys_recvmsg+0x177/0x1a0 [ 289.755769][T10072] ? kfree+0x1dd/0x6c0 [ 289.755791][T10072] ___sys_recvmsg+0xdd/0x1a0 [ 289.755818][T10072] ? __pfx____sys_recvmsg+0x10/0x10 [ 289.755848][T10072] ? __pfx___might_resched+0x10/0x10 [ 289.755869][T10072] do_recvmmsg+0x301/0x760 [ 289.755893][T10072] ? __pfx_do_recvmmsg+0x10/0x10 [ 289.755912][T10072] ? ksys_write+0x190/0x250 [ 289.755932][T10072] ? __mutex_unlock_slowpath+0x15d/0x8a0 [ 289.755954][T10072] ? kernel_write+0x5e3/0x6c0 [ 289.755975][T10072] ? __fget_files+0x21f/0x3d0 [ 289.755996][T10072] __x64_sys_recvmmsg+0x22a/0x280 [ 289.756015][T10072] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 289.756034][T10072] ? rcu_is_watching+0x12/0xc0 [ 289.756053][T10072] do_syscall_64+0x10b/0xf80 [ 289.756073][T10072] ? clear_bhb_loop+0x40/0x90 [ 289.756091][T10072] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 289.756106][T10072] RIP: 0033:0x7f009d99ce59 [ 289.756119][T10072] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 289.756133][T10072] RSP: 002b:00007f009e7b6028 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 289.756148][T10072] RAX: ffffffffffffffda RBX: 00007f009dc16090 RCX: 00007f009d99ce59 [ 289.756158][T10072] RDX: 0000000000010000 RSI: 0000000000000000 RDI: 0000000000000003 [ 289.756166][T10072] RBP: 00007f009e7b6090 R08: 0000000000000000 R09: 0000000000000000 [ 289.756175][T10072] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 289.756183][T10072] R13: 00007f009dc16128 R14: 00007f009dc16090 R15: 00007fff86afe9b8 [ 289.756202][T10072] [ 290.548562][T10080] random: crng reseeded on system resumption [ 290.636011][T10080] hub 1-0:1.0: USB hub found [ 290.652584][T10081] netlink: 'syz.2.1047': attribute type 1 has an invalid length. [ 290.682743][T10080] hub 1-0:1.0: 1 port detected [ 290.745077][T10081] nbd: error processing sock list [ 291.014038][T10074] hub 1-0:1.0: USB hub found [ 291.043438][T10074] hub 1-0:1.0: 1 port detected [ 291.404533][ T5640] Bluetooth: hci1: command 0x2016 tx timeout [ 292.336633][T10112] random: crng reseeded on system resumption [ 292.456982][T10112] hub 1-0:1.0: USB hub found [ 292.517046][T10112] hub 1-0:1.0: 1 port detected [ 292.821440][T10124] FAULT_INJECTION: forcing a failure. [ 292.821440][T10124] name failslab, interval 1, probability 0, space 0, times 0 [ 292.865687][T10124] CPU: 0 UID: 0 PID: 10124 Comm: syz.4.1058 Tainted: G U L syzkaller #0 PREEMPT(full) [ 292.865717][T10124] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 292.865723][T10124] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 292.865731][T10124] Call Trace: [ 292.865737][T10124] [ 292.865744][T10124] dump_stack_lvl+0x100/0x190 [ 292.865766][T10124] should_fail_ex.cold+0x5/0xa [ 292.865786][T10124] should_failslab+0xc2/0x120 [ 292.865804][T10124] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 292.865826][T10124] ? __proc_create+0x2cb/0x8c0 [ 292.865848][T10124] __proc_create+0x2cb/0x8c0 [ 292.865867][T10124] ? __pfx___proc_create+0x10/0x10 [ 292.865892][T10124] _proc_mkdir+0xb9/0x210 [ 292.865911][T10124] ? __pfx__proc_mkdir+0x10/0x10 [ 292.865929][T10124] ? kmem_cache_alloc_noprof+0x292/0x6e0 [ 292.865956][T10124] ? __pfx_netfilter_net_init+0x10/0x10 [ 292.865976][T10124] netfilter_net_init+0x37b/0x4a0 [ 292.865995][T10124] ? sysctl_net_init+0x27/0x30 [ 292.866018][T10124] ops_init+0x1e2/0x5f0 [ 292.866037][T10124] setup_net+0x118/0x3a0 [ 292.866055][T10124] ? __pfx_setup_net+0x10/0x10 [ 292.866072][T10124] ? mutex_init_lockdep+0xf1/0x120 [ 292.866091][T10124] copy_net_ns+0x46f/0x7c0 [ 292.866111][T10124] create_new_namespaces+0x3ea/0xac0 [ 292.866135][T10124] unshare_nsproxy_namespaces+0xf2/0x220 [ 292.866155][T10124] ksys_unshare+0x438/0xab0 [ 292.866178][T10124] ? __pfx_ksys_unshare+0x10/0x10 [ 292.866197][T10124] ? xfd_validate_state+0x129/0x190 [ 292.866212][T10124] ? exit_to_user_mode_loop+0xe2/0x4f0 [ 292.866233][T10124] __x64_sys_unshare+0x31/0x40 [ 292.866253][T10124] do_syscall_64+0x10b/0xf80 [ 292.866274][T10124] ? clear_bhb_loop+0x40/0x90 [ 292.866292][T10124] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 292.866306][T10124] RIP: 0033:0x7f009d99ce59 [ 292.866320][T10124] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 292.866335][T10124] RSP: 002b:00007f009e7d7028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 292.866349][T10124] RAX: ffffffffffffffda RBX: 00007f009dc15fa0 RCX: 00007f009d99ce59 [ 292.866360][T10124] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 292.866368][T10124] RBP: 00007f009da32d6f R08: 0000000000000000 R09: 0000000000000000 [ 292.866377][T10124] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 292.866386][T10124] R13: 00007f009dc16038 R14: 00007f009dc15fa0 R15: 00007fff86afe9b8 [ 292.866406][T10124] [ 292.866424][T10124] cannot create netfilter proc entry [ 293.513106][ T5633] Bluetooth: hci1: command 0x2016 tx timeout [ 293.865978][T10133] FAULT_INJECTION: forcing a failure. [ 293.865978][T10133] name failslab, interval 1, probability 0, space 0, times 0 [ 293.952813][T10133] CPU: 0 UID: 0 PID: 10133 Comm: syz.0.1060 Tainted: G U L syzkaller #0 PREEMPT(full) [ 293.952842][T10133] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 293.952848][T10133] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 293.952858][T10133] Call Trace: [ 293.952863][T10133] [ 293.952869][T10133] dump_stack_lvl+0x100/0x190 [ 293.952891][T10133] should_fail_ex.cold+0x5/0xa [ 293.952912][T10133] should_failslab+0xc2/0x120 [ 293.952929][T10133] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 293.952953][T10133] ? shmem_alloc_inode+0x25/0x50 [ 293.952973][T10133] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 293.952995][T10133] ? __pfx_shmem_alloc_inode+0x10/0x10 [ 293.953014][T10133] shmem_alloc_inode+0x25/0x50 [ 293.953031][T10133] alloc_inode+0x68/0x250 [ 293.953054][T10133] new_inode+0x22/0x1c0 [ 293.953077][T10133] shmem_get_inode+0x1e3/0xfb0 [ 293.953098][T10133] ? __pfx_shmem_get_inode+0x10/0x10 [ 293.953123][T10133] __shmem_file_setup+0x382/0x460 [ 293.953143][T10133] ? __pfx___shmem_file_setup+0x10/0x10 [ 293.953164][T10133] ? vm_area_alloc+0x1f/0x160 [ 293.953187][T10133] shmem_zero_setup+0x96/0x1b0 [ 293.953204][T10133] __mmap_region+0x24e9/0x2da0 [ 293.953230][T10133] ? __pfx___mmap_region+0x10/0x10 [ 293.953267][T10133] ? do_raw_spin_lock+0x128/0x260 [ 293.953296][T10133] ? do_raw_spin_lock+0x128/0x260 [ 293.953312][T10133] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 293.953336][T10133] ? hrtimer_start_range_ns+0x860/0x1a50 [ 293.953355][T10133] ? find_held_lock+0x2b/0x80 [ 293.953373][T10133] ? finish_task_switch.isra.0+0x2c6/0x1010 [ 293.953422][T10133] mmap_region+0x35d/0x620 [ 293.953437][T10133] ? rcu_is_watching+0x12/0xc0 [ 293.953454][T10133] ? __pfx_mmap_region+0x10/0x10 [ 293.953479][T10133] ? cap_mmap_addr+0x4b/0x120 [ 293.953502][T10133] ? bpf_lsm_mmap_addr+0x9/0x30 [ 293.953516][T10133] ? security_mmap_addr+0x71/0x1e0 [ 293.953535][T10133] ? __get_unmapped_area+0x255/0x3e0 [ 293.953556][T10133] do_mmap+0xc63/0x12f0 [ 293.953578][T10133] ? __pfx_do_mmap+0x10/0x10 [ 293.953596][T10133] ? __pfx_down_write_killable+0x10/0x10 [ 293.953614][T10133] vm_mmap_pgoff+0x29e/0x470 [ 293.953636][T10133] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 293.953656][T10133] ? do_futex+0x192/0x350 [ 293.953673][T10133] ? __pfx_do_futex+0x10/0x10 [ 293.953692][T10133] ksys_mmap_pgoff+0xe4/0x610 [ 293.953711][T10133] ? __x64_sys_futex+0x358/0x4d0 [ 293.953730][T10133] ? __pfx_ksys_mmap_pgoff+0x10/0x10 [ 293.953747][T10133] ? xfd_validate_state+0x129/0x190 [ 293.953766][T10133] __x64_sys_mmap+0x125/0x190 [ 293.953784][T10133] do_syscall_64+0x10b/0xf80 [ 293.953805][T10133] ? clear_bhb_loop+0x40/0x90 [ 293.953823][T10133] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 293.953838][T10133] RIP: 0033:0x7f2171b9ce59 [ 293.953852][T10133] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 293.953867][T10133] RSP: 002b:00007f2172981028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 293.953882][T10133] RAX: ffffffffffffffda RBX: 00007f2171e16090 RCX: 00007f2171b9ce59 [ 293.953892][T10133] RDX: 0000000000000003 RSI: 0000000002020009 RDI: 0000000000000000 [ 293.953902][T10133] RBP: 00007f2171c32d6f R08: fffffffffffffffa R09: 0000000000008000 [ 293.953912][T10133] R10: 0000000000000eb1 R11: 0000000000000246 R12: 0000000000000000 [ 293.953921][T10133] R13: 00007f2171e16128 R14: 00007f2171e16090 R15: 00007ffd352b3728 [ 293.953940][T10133] [ 296.287828][T10176] EXT4-fs error (device sda1): xattr_find_entry:337: inode #1312: comm kworker/u8:33: corrupted xattr entries [ 297.020041][T10187] EXT4-fs error (device sda1): xattr_find_entry:337: inode #1312: comm kworker/u8:33: corrupted xattr entries [ 298.047506][T10210] EXT4-fs error (device sda1): xattr_find_entry:337: inode #1312: comm kworker/u8:10: corrupted xattr entries [ 298.169841][T10214] EXT4-fs error (device sda1): xattr_find_entry:337: inode #1312: comm kworker/u8:10: corrupted xattr entries [ 298.227953][T10216] EXT4-fs error (device sda1): xattr_find_entry:337: inode #1312: comm kworker/u8:10: corrupted xattr entries [ 298.271711][T10218] EXT4-fs error (device sda1): xattr_find_entry:337: inode #1312: comm kworker/u8:10: corrupted xattr entries [ 298.330421][T10219] EXT4-fs error (device sda1): xattr_find_entry:337: inode #1312: comm kworker/u8:10: corrupted xattr entries [ 298.391358][T10220] EXT4-fs error (device sda1): xattr_find_entry:337: inode #1312: comm kworker/u8:10: corrupted xattr entries [ 298.466566][T10223] EXT4-fs error (device sda1): xattr_find_entry:337: inode #1312: comm kworker/u8:10: corrupted xattr entries [ 298.492326][T10222] netlink: 'syz.0.1083': attribute type 1 has an invalid length. [ 298.525302][T10225] EXT4-fs error (device sda1): xattr_find_entry:337: inode #1312: comm kworker/u8:10: corrupted xattr entries [ 299.283051][T10267] netlink: 330 bytes leftover after parsing attributes in process `syz.2.1086'. [ 299.580358][ T5640] Bluetooth: hci2: unexpected subevent 0x01 length: 125 > 18 [ 300.498696][T10289] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 301.590383][T10291] kexec: Could not allocate control_code_buffer [ 301.644387][ T5633] Bluetooth: hci2: command 0x2016 tx timeout [ 302.086442][T10336] EXT4-fs error: 35 callbacks suppressed [ 302.086456][T10336] EXT4-fs error (device sda1): xattr_find_entry:337: inode #1312: comm kworker/u8:10: corrupted xattr entries [ 302.153964][T10339] EXT4-fs error (device sda1): xattr_find_entry:337: inode #1312: comm kworker/u8:33: corrupted xattr entries [ 302.262246][T10341] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1103'. [ 302.691748][T10348] random: crng reseeded on system resumption [ 302.774220][T10350] hub 1-0:1.0: USB hub found [ 302.824183][T10350] hub 1-0:1.0: 1 port detected [ 303.725257][ T5640] Bluetooth: hci2: command 0x2016 tx timeout [ 305.235226][T10394] FAULT_INJECTION: forcing a failure. [ 305.235226][T10394] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 305.275309][T10400] random: crng reseeded on system resumption [ 305.303479][T10394] CPU: 0 UID: 0 PID: 10394 Comm: syz.0.1117 Tainted: G U L syzkaller #0 PREEMPT(full) [ 305.303508][T10394] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 305.303514][T10394] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 305.303529][T10394] Call Trace: [ 305.303537][T10394] [ 305.303543][T10394] dump_stack_lvl+0x100/0x190 [ 305.303566][T10394] should_fail_ex.cold+0x5/0xa [ 305.303586][T10394] _copy_from_user+0x2e/0xd0 [ 305.303602][T10394] snd_rawmidi_kernel_write1+0x390/0x7c0 [ 305.303634][T10394] snd_rawmidi_write+0x2dc/0xc60 [ 305.303654][T10394] ? __pfx_snd_rawmidi_write+0x10/0x10 [ 305.303669][T10394] ? __pfx_default_wake_function+0x10/0x10 [ 305.303691][T10394] ? bpf_lsm_file_permission+0x9/0x10 [ 305.303705][T10394] ? security_file_permission+0x76/0x210 [ 305.303723][T10394] ? rw_verify_area+0xce/0x6d0 [ 305.303740][T10394] vfs_write+0x2aa/0x1070 [ 305.303757][T10394] ? __pfx_snd_rawmidi_write+0x10/0x10 [ 305.303772][T10394] ? __pfx_vfs_write+0x10/0x10 [ 305.303787][T10394] ? find_held_lock+0x2b/0x80 [ 305.303806][T10394] ? __fget_files+0x215/0x3d0 [ 305.303822][T10394] ? __fget_files+0x215/0x3d0 [ 305.303842][T10394] ? __fget_files+0x21f/0x3d0 [ 305.303863][T10394] ksys_write+0x1f8/0x250 [ 305.303880][T10394] ? __pfx_ksys_write+0x10/0x10 [ 305.303898][T10394] ? rcu_is_watching+0x12/0xc0 [ 305.303917][T10394] do_syscall_64+0x10b/0xf80 [ 305.303941][T10394] ? clear_bhb_loop+0x40/0x90 [ 305.303959][T10394] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 305.303975][T10394] RIP: 0033:0x7f2171b9ce59 [ 305.303989][T10394] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 305.304003][T10394] RSP: 002b:00007f21729a2028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 305.304020][T10394] RAX: ffffffffffffffda RBX: 00007f2171e15fa0 RCX: 00007f2171b9ce59 [ 305.304030][T10394] RDX: 000000100000a3d9 RSI: 00002000000000c0 RDI: 0000000000000009 [ 305.304039][T10394] RBP: 00007f2171c32d6f R08: 0000000000000000 R09: 0000000000000000 [ 305.304048][T10394] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 305.304056][T10394] R13: 00007f2171e16038 R14: 00007f2171e15fa0 R15: 00007ffd352b3728 [ 305.304075][T10394] [ 305.534905][T10402] hub 1-0:1.0: USB hub found [ 305.539914][T10402] hub 1-0:1.0: 1 port detected [ 305.759767][T10403] EXT4-fs error (device sda1): xattr_find_entry:337: inode #1312: comm kworker/u8:33: corrupted xattr entries [ 305.784371][T10408] EXT4-fs error (device sda1): xattr_find_entry:337: inode #1312: comm kworker/u8:10: corrupted xattr entries [ 305.811705][T10412] EXT4-fs error (device sda1): xattr_find_entry:337: inode #1312: comm kworker/u8:33: corrupted xattr entries [ 306.540213][T10423] Line length is too long: Should be less than 4094 [ 306.591528][T10423] netlink: 'syz.4.1124': attribute type 16 has an invalid length. [ 306.619310][T10404] Process accounting resumed [ 306.637878][T10423] netlink: 330 bytes leftover after parsing attributes in process `syz.4.1124'. [ 306.925811][T10427] sd 0:0:1:0: PR command failed: 1026 [ 306.955740][T10427] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 306.984396][T10427] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 307.202155][T10434] EXT4-fs error (device sda1): xattr_find_entry:337: inode #1257: comm udevd: corrupted xattr entries [ 307.246161][T10440] EXT4-fs error (device sda1): xattr_find_entry:337: inode #1312: comm kworker/u8:10: corrupted xattr entries [ 307.290489][T10434] udevd[10434]: failed to execute '/lib/udev/scsi_id' 'scsi_id --export --whitelisted -d /dev/sda': Structure needs cleaning [ 307.386487][T10438] netlink: 'syz.3.1127': attribute type 1 has an invalid length. [ 307.472070][T10444] EXT4-fs error (device sda1): xattr_find_entry:337: inode #1312: comm kworker/u8:31: corrupted xattr entries [ 308.198930][T10456] EXT4-fs error (device sda1): xattr_find_entry:337: inode #1257: comm udevd: corrupted xattr entries [ 308.261851][T10456] udevd[10456]: failed to execute '/lib/udev/scsi_id' 'scsi_id --export --whitelisted -d /dev/sda': Structure needs cleaning [ 310.757258][T10527] netlink: 202 bytes leftover after parsing attributes in process `syz.2.1147'. [ 311.391586][T10540] EXT4-fs error (device sda1): xattr_find_entry:337: inode #1312: comm kworker/u8:31: corrupted xattr entries [ 312.094860][T10547] EXT4-fs error (device sda1): xattr_find_entry:337: inode #1312: comm kworker/u8:33: corrupted xattr entries [ 312.524262][T10556] EXT4-fs error (device sda1): xattr_find_entry:337: inode #1312: comm kworker/u8:0: corrupted xattr entries [ 314.597403][T10588] random: crng reseeded on system resumption [ 315.054969][ T30] audit: type=1800 audit(1843107807.919:6): pid=10599 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.1165" name="dbroot" dev="configfs" ino=39860 res=0 errno=0 [ 315.106780][T10599] db_root: cannot open: /sy] [ 315.320761][T10605] EXT4-fs error (device sda1): xattr_find_entry:337: inode #1312: comm kworker/u8:10: corrupted xattr entries [ 315.502153][T10614] EXT4-fs error (device sda1): xattr_find_entry:337: inode #1312: comm kworker/u8:10: corrupted xattr entries [ 316.821549][ T5633] Bluetooth: hci1: unexpected subevent 0x01 length: 125 > 18 [ 317.316107][ T1315] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.329090][ T1315] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.566880][T10654] EXT4-fs error (device sda1): xattr_find_entry:337: inode #1312: comm kworker/u8:32: corrupted xattr entries [ 317.580451][T10653] EXT4-fs error (device sda1): xattr_find_entry:337: inode #1312: comm kworker/u8:33: corrupted xattr entries [ 317.772030][T10660] EXT4-fs error (device sda1): xattr_find_entry:337: inode #1312: comm kworker/u8:33: corrupted xattr entries [ 317.951013][T10651] random: crng reseeded on system resumption [ 318.787282][T10681] netlink: 'syz.2.1186': attribute type 1 has an invalid length. [ 318.900162][ T5640] Bluetooth: hci1: command 0x2016 tx timeout [ 319.722541][T10703] random: crng reseeded on system resumption [ 319.857659][T10706] hub 1-0:1.0: USB hub found [ 319.886151][T10671] Process accounting paused [ 319.920288][T10707] [U] [ 319.925639][T10706] hub 1-0:1.0: 1 port detected [ 319.952780][T10704] ovs_: entered promiscuous mode [ 320.970445][ T5640] Bluetooth: hci1: command 0x2016 tx timeout [ 321.316577][T10727] EXT4-fs error (device sda1): xattr_find_entry:337: inode #1312: comm kworker/u8:33: corrupted xattr entries [ 321.358852][T10729] EXT4-fs error (device sda1): xattr_find_entry:337: inode #1312: comm kworker/u8:31: corrupted xattr entries [ 321.679236][T10733] random: crng reseeded on system resumption [ 321.747976][T10733] hub 1-0:1.0: USB hub found [ 321.795779][T10733] hub 1-0:1.0: 1 port detected [ 322.866644][T10747] FAULT_INJECTION: forcing a failure. [ 322.866644][T10747] name failslab, interval 1, probability 0, space 0, times 0 [ 322.927962][T10747] CPU: 0 UID: 0 PID: 10747 Comm: syz.3.1202 Tainted: G U L syzkaller #0 PREEMPT(full) [ 322.927993][T10747] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 322.927999][T10747] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 322.928008][T10747] Call Trace: [ 322.928013][T10747] [ 322.928025][T10747] dump_stack_lvl+0x100/0x190 [ 322.928047][T10747] should_fail_ex.cold+0x5/0xa [ 322.928067][T10747] ? asymmetric_key_generate_id+0x7e/0x180 [ 322.928090][T10747] should_failslab+0xc2/0x120 [ 322.928110][T10747] __kmalloc_noprof+0xe0/0x850 [ 322.928123][T10747] ? trace_kmalloc+0xe3/0x110 [ 322.928146][T10747] ? __kasan_kmalloc+0xaa/0xb0 [ 322.928164][T10747] asymmetric_key_generate_id+0x7e/0x180 [ 322.928189][T10747] pkcs7_note_signed_info+0x18f/0x5c0 [ 322.928209][T10747] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 322.928232][T10747] asn1_ber_decoder+0x14cf/0x2170 [ 322.928259][T10747] ? __pfx_asn1_ber_decoder+0x10/0x10 [ 322.928291][T10747] pkcs7_parse_message+0x289/0x870 [ 322.928311][T10747] verify_pkcs7_signature+0x30/0xa0 [ 322.928329][T10747] valid_regdb+0x211/0x590 [ 322.928348][T10747] ? __pfx_valid_regdb+0x10/0x10 [ 322.928369][T10747] reg_reload_regdb+0x11a/0x460 [ 322.928389][T10747] ? __pfx_reg_reload_regdb+0x10/0x10 [ 322.928408][T10747] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 322.928423][T10747] ? nl80211_pre_doit+0x19a/0xae0 [ 322.928440][T10747] genl_family_rcv_msg_doit+0x214/0x300 [ 322.928465][T10747] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 322.928492][T10747] ? genl_get_cmd+0x3e7/0x760 [ 322.928518][T10747] ? bpf_lsm_capable+0x9/0x10 [ 322.928534][T10747] ? security_capable+0x80/0x260 [ 322.928559][T10747] genl_rcv_msg+0x560/0x800 [ 322.928584][T10747] ? __pfx_genl_rcv_msg+0x10/0x10 [ 322.928607][T10747] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 322.928620][T10747] ? __pfx_nl80211_reload_regdb+0x10/0x10 [ 322.928637][T10747] ? __pfx_nl80211_post_doit+0x10/0x10 [ 322.928662][T10747] netlink_rcv_skb+0x159/0x420 [ 322.928682][T10747] ? __pfx_genl_rcv_msg+0x10/0x10 [ 322.928704][T10747] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 322.928732][T10747] ? netlink_deliver_tap+0x1ae/0xcc0 [ 322.928754][T10747] genl_rcv+0x28/0x40 [ 322.928775][T10747] netlink_unicast+0x585/0x850 [ 322.928799][T10747] ? __pfx_netlink_unicast+0x10/0x10 [ 322.928824][T10747] netlink_sendmsg+0x8b0/0xda0 [ 322.928846][T10747] ? __pfx_netlink_sendmsg+0x10/0x10 [ 322.928865][T10747] ? __import_iovec+0x1d2/0x640 [ 322.928883][T10747] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 322.928909][T10747] ____sys_sendmsg+0x9e1/0xb70 [ 322.928928][T10747] ? __pfx_netlink_sendmsg+0x10/0x10 [ 322.928950][T10747] ? __pfx_____sys_sendmsg+0x10/0x10 [ 322.928973][T10747] ? __pfx_futex_wake_mark+0x10/0x10 [ 322.928996][T10747] ___sys_sendmsg+0x190/0x1e0 [ 322.929018][T10747] ? __pfx____sys_sendmsg+0x10/0x10 [ 322.929069][T10747] __sys_sendmsg+0x170/0x220 [ 322.929086][T10747] ? __pfx___sys_sendmsg+0x10/0x10 [ 322.929104][T10747] ? __x64_sys_futex+0x34f/0x4d0 [ 322.929128][T10747] ? rcu_is_watching+0x12/0xc0 [ 322.929148][T10747] do_syscall_64+0x10b/0xf80 [ 322.929168][T10747] ? clear_bhb_loop+0x40/0x90 [ 322.929186][T10747] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 322.929201][T10747] RIP: 0033:0x7f0fb959ce59 [ 322.929214][T10747] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 322.929228][T10747] RSP: 002b:00007f0fba539028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 322.929243][T10747] RAX: ffffffffffffffda RBX: 00007f0fb9815fa0 RCX: 00007f0fb959ce59 [ 322.929253][T10747] RDX: 0000000000008000 RSI: 0000200000000200 RDI: 0000000000000005 [ 322.929262][T10747] RBP: 00007f0fb9632d6f R08: 0000000000000000 R09: 0000000000000000 [ 322.929270][T10747] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 322.929279][T10747] R13: 00007f0fb9816038 R14: 00007f0fb9815fa0 R15: 00007fff308bfb48 [ 322.929299][T10747] [ 324.102873][T10766] EXT4-fs error (device sda1): xattr_find_entry:337: inode #1312: comm kworker/u8:10: corrupted xattr entries [ 324.406027][T10775] EXT4-fs error (device sda1): xattr_find_entry:337: inode #1312: comm kworker/u8:10: corrupted xattr entries [ 325.188450][ T5633] Bluetooth: hci3: unexpected subevent 0x01 length: 125 > 18 [ 325.915664][T10795] vivid-013: ================= START STATUS ================= [ 325.949030][T10795] vivid-013: ================== END STATUS ================== [ 326.388804][T10805] EXT4-fs error (device sda1): xattr_find_entry:337: inode #1312: comm kworker/u8:31: corrupted xattr entries [ 326.570425][ T5640] Bluetooth: hci4: unexpected subevent 0x01 length: 125 > 18 [ 326.605335][T10808] EXT4-fs error (device sda1): xattr_find_entry:337: inode #1312: comm kworker/u8:10: corrupted xattr entries [ 326.665213][T10811] EXT4-fs error (device sda1): xattr_find_entry:337: inode #1312: comm kworker/u8:10: corrupted xattr entries [ 326.683130][T10810] random: crng reseeded on system resumption [ 326.758813][T10810] hub 1-0:1.0: USB hub found [ 326.765127][T10801] zswap: compressor 000 not available [ 326.784577][T10810] hub 1-0:1.0: 1 port detected [ 327.262132][ T5633] Bluetooth: hci3: command 0x2016 tx timeout [ 327.397902][ T5638] Bluetooth: hci4: unexpected subevent 0x01 length: 125 > 18 [ 327.408011][ T5638] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci4/hci4:0' [ 327.419592][ T5638] CPU: 0 UID: 0 PID: 5638 Comm: kworker/u9:5 Tainted: G U L syzkaller #0 PREEMPT(full) [ 327.419622][ T5638] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 327.419628][ T5638] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 327.419648][ T5638] Workqueue: hci4 hci_rx_work [ 327.419674][ T5638] Call Trace: [ 327.419680][ T5638] [ 327.419687][ T5638] dump_stack_lvl+0x100/0x190 [ 327.419707][ T5638] sysfs_warn_dup.cold+0x1c/0x28 [ 327.419730][ T5638] sysfs_create_dir_ns+0x24b/0x2b0 [ 327.419747][ T5638] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 327.419763][ T5638] ? find_held_lock+0x2b/0x80 [ 327.419782][ T5638] ? kobject_add_internal+0x25f/0x930 [ 327.419798][ T5638] ? kobject_add_internal+0x25f/0x930 [ 327.419815][ T5638] ? do_raw_spin_unlock+0x145/0x1e0 [ 327.419835][ T5638] kobject_add_internal+0x2c8/0x930 [ 327.419857][ T5638] kobject_add+0x16a/0x1e0 [ 327.419872][ T5638] ? __pfx_kobject_add+0x10/0x10 [ 327.419886][ T5638] ? class_to_subsys+0x10f/0x150 [ 327.419918][ T5638] ? kobject_put+0xb9/0x640 [ 327.419931][ T5638] ? _raw_spin_unlock+0x28/0x50 [ 327.419957][ T5638] device_add+0x294/0x1950 [ 327.419977][ T5638] ? __pfx_dev_set_name+0x10/0x10 [ 327.419998][ T5638] ? __pfx_device_add+0x10/0x10 [ 327.420017][ T5638] ? mgmt_send_event_skb+0x2fb/0x460 [ 327.420042][ T5638] hci_conn_add_sysfs+0x1a3/0x260 [ 327.420066][ T5638] le_conn_complete_evt+0x11eb/0x1f60 [ 327.420091][ T5638] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 327.420115][ T5638] ? __pfx_bt_warn+0x10/0x10 [ 327.420143][ T5638] hci_le_conn_complete_evt+0x23c/0x3a0 [ 327.420165][ T5638] ? skb_pull_data+0x15f/0x1e0 [ 327.420187][ T5638] hci_le_meta_evt+0x34a/0x5f0 [ 327.420208][ T5638] ? __pfx_hci_le_conn_complete_evt+0x10/0x10 [ 327.420230][ T5638] hci_event_packet+0x51c/0xcd0 [ 327.420250][ T5638] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 327.420272][ T5638] ? __pfx_hci_event_packet+0x10/0x10 [ 327.420294][ T5638] ? kcov_remote_start+0x374/0x660 [ 327.420321][ T5638] ? lockdep_hardirqs_on+0x78/0x100 [ 327.420349][ T5638] hci_rx_work+0x451/0xfc0 [ 327.420373][ T5638] process_one_work+0xa0e/0x1980 [ 327.420398][ T5638] ? __pfx_process_one_work+0x10/0x10 [ 327.420419][ T5638] ? __pfx_hci_rx_work+0x10/0x10 [ 327.420439][ T5638] worker_thread+0x5ef/0xe50 [ 327.420461][ T5638] ? kthread+0x13a/0x450 [ 327.420474][ T5638] ? __pfx_worker_thread+0x10/0x10 [ 327.420489][ T5638] kthread+0x370/0x450 [ 327.420502][ T5638] ? __pfx_kthread+0x10/0x10 [ 327.420517][ T5638] ret_from_fork+0x72b/0xd50 [ 327.420534][ T5638] ? __pfx_ret_from_fork+0x10/0x10 [ 327.420550][ T5638] ? rcu_is_watching+0x12/0xc0 [ 327.420567][ T5638] ? __switch_to+0x800/0x1100 [ 327.420586][ T5638] ? __switch_to_asm+0x39/0x70 [ 327.420605][ T5638] ? __pfx_kthread+0x10/0x10 [ 327.420619][ T5638] ret_from_fork_asm+0x1a/0x30 [ 327.420648][ T5638] [ 327.799277][T10825] i2c i2c-0: dvb_frontend_start: failed to start kthread (-4) [ 328.009216][T10831] i2c i2c-0: dvb_frontend_start: failed to start kthread (-4) [ 328.021943][ T5638] kobject: kobject_add_internal failed for hci4:0 with -EEXIST, don't try to register things with the same name in the same directory. [ 328.035892][ T5638] Bluetooth: hci4: failed to register connection device [ 328.059965][T10837] vivid-013: ================= START STATUS ================= [ 328.085922][T10831] ================================================================== [ 328.094010][T10831] BUG: KASAN: slab-use-after-free in dvb_device_put.part.0+0x22/0x90 [ 328.102071][T10831] Write of size 4 at addr ffff88802d0ae010 by task syz.2.1234/10831 [ 328.110037][T10831] [ 328.112358][T10831] CPU: 0 UID: 0 PID: 10831 Comm: syz.2.1234 Tainted: G U L syzkaller #0 PREEMPT(full) [ 328.112382][T10831] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 328.112388][T10831] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 328.112398][T10831] Call Trace: [ 328.112405][T10831] [ 328.112412][T10831] dump_stack_lvl+0x100/0x190 [ 328.112431][T10831] print_report+0x13d/0x4b0 [ 328.112453][T10831] ? __virt_addr_valid+0x239/0x430 [ 328.112476][T10831] ? dvb_device_put.part.0+0x22/0x90 [ 328.112490][T10831] kasan_report+0xdf/0x1d0 [ 328.112508][T10831] ? dvb_device_put.part.0+0x22/0x90 [ 328.112523][T10831] kasan_check_range+0x10f/0x1e0 [ 328.112542][T10831] dvb_device_put.part.0+0x22/0x90 [ 328.112562][T10831] dvb_device_open+0x2ba/0x3b0 [ 328.112576][T10831] ? __pfx_dvb_device_open+0x10/0x10 [ 328.112590][T10831] chrdev_open+0x234/0x6a0 [ 328.112607][T10831] ? __pfx_apparmor_file_open+0x10/0x10 [ 328.112631][T10831] ? __pfx_chrdev_open+0x10/0x10 [ 328.112648][T10831] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 328.112670][T10831] do_dentry_open+0x6d8/0x1660 [ 328.112688][T10831] ? __pfx_chrdev_open+0x10/0x10 [ 328.112707][T10831] vfs_open+0x82/0x3f0 [ 328.112728][T10831] path_openat+0x208c/0x31a0 [ 328.112748][T10831] ? __pfx_path_openat+0x10/0x10 [ 328.112768][T10831] do_file_open+0x20e/0x430 [ 328.112786][T10831] ? __pfx_do_file_open+0x10/0x10 [ 328.112809][T10831] ? alloc_fd+0x476/0x790 [ 328.112827][T10831] ? do_getname+0x191/0x390 [ 328.112847][T10831] do_sys_openat2+0x10d/0x1e0 [ 328.112868][T10831] ? __pfx_do_sys_openat2+0x10/0x10 [ 328.112892][T10831] __x64_sys_openat+0x12d/0x210 [ 328.112913][T10831] ? __pfx___x64_sys_openat+0x10/0x10 [ 328.112934][T10831] ? exit_to_user_mode_loop+0xe2/0x4f0 [ 328.112950][T10831] ? rcu_is_watching+0x12/0xc0 [ 328.112967][T10831] do_syscall_64+0x10b/0xf80 [ 328.112988][T10831] ? clear_bhb_loop+0x40/0x90 [ 328.113004][T10831] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 328.113019][T10831] RIP: 0033:0x7f530219ce59 [ 328.113033][T10831] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 328.113048][T10831] RSP: 002b:00007f5302fc4028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 328.113063][T10831] RAX: ffffffffffffffda RBX: 00007f5302415fa0 RCX: 00007f530219ce59 [ 328.113073][T10831] RDX: 00000000000c8e03 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 328.113083][T10831] RBP: 00007f5302232d6f R08: 0000000000000000 R09: 0000000000000000 [ 328.113093][T10831] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 328.113102][T10831] R13: 00007f5302416038 R14: 00007f5302415fa0 R15: 00007ffd5fa8f878 [ 328.113116][T10831] [ 328.113122][T10831] [ 328.380059][T10831] Allocated by task 1: [ 328.384116][T10831] kasan_save_stack+0x30/0x50 [ 328.388779][T10831] kasan_save_track+0x14/0x30 [ 328.393442][T10831] __kasan_kmalloc+0xaa/0xb0 [ 328.398010][T10831] dvb_register_device+0x1d6/0x1e20 [ 328.403211][T10831] dvb_register_frontend+0x552/0x820 [ 328.408510][T10831] vidtv_bridge_probe+0x44b/0xa30 [ 328.413533][T10831] platform_probe+0x106/0x1d0 [ 328.418210][T10831] really_probe+0x241/0xa60 [ 328.422708][T10831] __driver_probe_device+0x22e/0x480 [ 328.427991][T10831] driver_probe_device+0x4c/0x1b0 [ 328.433010][T10831] __driver_attach+0x21f/0x5d0 [ 328.437779][T10831] bus_for_each_dev+0x13e/0x1d0 [ 328.442630][T10831] bus_add_driver+0x305/0x5b0 [ 328.447297][T10831] driver_register+0x1e2/0x360 [ 328.452102][T10831] vidtv_bridge_init+0x38/0x70 [ 328.456869][T10831] do_one_initcall+0x121/0x750 [ 328.461717][T10831] kernel_init_freeable+0x6ea/0x7b0 [ 328.466903][T10831] kernel_init+0x1f/0x1e0 [ 328.471215][T10831] ret_from_fork+0x72b/0xd50 [ 328.475785][T10831] ret_from_fork_asm+0x1a/0x30 [ 328.480533][T10831] [ 328.482836][T10831] Freed by task 10833: [ 328.486888][T10831] kasan_save_stack+0x30/0x50 [ 328.491548][T10831] kasan_save_track+0x14/0x30 [ 328.496256][T10831] kasan_save_free_info+0x3b/0x70 [ 328.501285][T10831] __kasan_slab_free+0x5f/0x80 [ 328.506061][T10831] kfree+0x223/0x6c0 [ 328.509951][T10831] dvb_device_put.part.0+0x57/0x90 [ 328.515056][T10831] dvb_device_open+0x2ba/0x3b0 [ 328.519856][T10831] chrdev_open+0x234/0x6a0 [ 328.524274][T10831] do_dentry_open+0x6d8/0x1660 [ 328.529129][T10831] vfs_open+0x82/0x3f0 [ 328.533187][T10831] path_openat+0x208c/0x31a0 [ 328.537763][T10831] do_file_open+0x20e/0x430 [ 328.542256][T10831] do_sys_openat2+0x10d/0x1e0 [ 328.546921][T10831] __x64_sys_openat+0x12d/0x210 [ 328.551760][T10831] do_syscall_64+0x10b/0xf80 [ 328.556340][T10831] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 328.562247][T10831] [ 328.564558][T10831] The buggy address belongs to the object at ffff88802d0ae000 [ 328.564558][T10831] which belongs to the cache kmalloc-256 of size 256 [ 328.578593][T10831] The buggy address is located 16 bytes inside of [ 328.578593][T10831] freed 256-byte region [ffff88802d0ae000, ffff88802d0ae100) [ 328.592367][T10831] [ 328.594715][T10831] The buggy address belongs to the physical page: [ 328.601103][T10831] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2d0ae [ 328.609860][T10831] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 328.618342][T10831] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 328.625881][T10831] page_type: f5(slab) [ 328.629866][T10831] raw: 00fff00000000040 ffff88813fe2eb40 dead000000000100 dead000000000122 [ 328.638448][T10831] raw: 0000000000000000 0000000800100010 00000000f5000000 0000000000000000 [ 328.647025][T10831] head: 00fff00000000040 ffff88813fe2eb40 dead000000000100 dead000000000122 [ 328.655681][T10831] head: 0000000000000000 0000000800100010 00000000f5000000 0000000000000000 [ 328.664335][T10831] head: 00fff00000000001 ffffffffffffff81 00000000ffffffff 00000000ffffffff [ 328.672987][T10831] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 328.681817][T10831] page dumped because: kasan: bad access detected [ 328.688218][T10831] page_owner tracks the page as allocated [ 328.693911][T10831] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 18673502553, free_ts 0 [ 328.713609][T10831] post_alloc_hook+0x153/0x170 [ 328.718451][T10831] get_page_from_freelist+0x11a6/0x33b0 [ 328.723987][T10831] __alloc_frozen_pages_noprof+0x27c/0x2bc0 [ 328.729870][T10831] new_slab+0xa6/0x6c0 [ 328.733925][T10831] refill_objects+0x277/0x420 [ 328.738592][T10831] __pcs_replace_empty_main+0x375/0x650 [ 328.744146][T10831] __kmalloc_cache_noprof+0x493/0x6f0 [ 328.749523][T10831] bus_add_driver+0x92/0x5b0 [ 328.754094][T10831] driver_register+0x1e2/0x360 [ 328.758858][T10831] usb_register_driver+0x21c/0x3e0 [ 328.763953][T10831] do_one_initcall+0x121/0x750 [ 328.768703][T10831] kernel_init_freeable+0x6ea/0x7b0 [ 328.773888][T10831] kernel_init+0x1f/0x1e0 [ 328.778201][T10831] ret_from_fork+0x72b/0xd50 [ 328.782774][T10831] ret_from_fork_asm+0x1a/0x30 [ 328.787527][T10831] page_owner free stack trace missing [ 328.792894][T10831] [ 328.795199][T10831] Memory state around the buggy address: [ 328.800808][T10831] ffff88802d0adf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 328.808851][T10831] ffff88802d0adf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 328.816894][T10831] >ffff88802d0ae000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 328.824934][T10831] ^ [ 328.829502][T10831] ffff88802d0ae080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 328.837548][T10831] ffff88802d0ae100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 328.845591][T10831] ================================================================== [ 328.876041][T10837] vivid-013: ================== END STATUS ================== [ 329.035908][ T5638] Bluetooth: hci4: command 0x0c1a tx timeout [ 329.365503][ T5638] Bluetooth: hci3: command 0x2016 tx timeout [ 329.839586][T10831] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 329.846813][T10831] CPU: 0 UID: 0 PID: 10831 Comm: syz.2.1234 Tainted: G U L syzkaller #0 PREEMPT(full) [ 329.857744][T10831] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 329.862918][T10831] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 329.872972][T10831] Call Trace: [ 329.876236][T10831] [ 329.879164][T10831] dump_stack_lvl+0x100/0x190 [ 329.883828][T10831] vpanic+0x552/0x970 [ 329.887908][T10831] ? __pfx_vpanic+0x10/0x10 [ 329.892506][T10831] ? rcu_is_watching+0x12/0xc0 [ 329.897257][T10831] ? dvb_device_put.part.0+0x22/0x90 [ 329.902547][T10831] panic+0xd1/0xe0 [ 329.906262][T10831] ? __pfx_panic+0x10/0x10 [ 329.910661][T10831] ? dvb_device_put.part.0+0x22/0x90 [ 329.915928][T10831] ? preempt_schedule_common+0x42/0xc0 [ 329.921380][T10831] check_panic_on_warn.cold+0x19/0x34 [ 329.926739][T10831] end_report.part.0+0x3a/0x90 [ 329.931490][T10831] kasan_report.cold+0xe/0x18 [ 329.936174][T10831] ? dvb_device_put.part.0+0x22/0x90 [ 329.941446][T10831] kasan_check_range+0x10f/0x1e0 [ 329.946391][T10831] dvb_device_put.part.0+0x22/0x90 [ 329.951527][T10831] dvb_device_open+0x2ba/0x3b0 [ 329.956363][T10831] ? __pfx_dvb_device_open+0x10/0x10 [ 329.961635][T10831] chrdev_open+0x234/0x6a0 [ 329.966038][T10831] ? __pfx_apparmor_file_open+0x10/0x10 [ 329.971575][T10831] ? __pfx_chrdev_open+0x10/0x10 [ 329.976499][T10831] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 329.982814][T10831] do_dentry_open+0x6d8/0x1660 [ 329.987564][T10831] ? __pfx_chrdev_open+0x10/0x10 [ 329.992536][T10831] vfs_open+0x82/0x3f0 [ 329.996621][T10831] path_openat+0x208c/0x31a0 [ 330.001203][T10831] ? __pfx_path_openat+0x10/0x10 [ 330.006130][T10831] do_file_open+0x20e/0x430 [ 330.010643][T10831] ? __pfx_do_file_open+0x10/0x10 [ 330.015663][T10831] ? alloc_fd+0x476/0x790 [ 330.019980][T10831] ? do_getname+0x191/0x390 [ 330.024489][T10831] do_sys_openat2+0x10d/0x1e0 [ 330.029274][T10831] ? __pfx_do_sys_openat2+0x10/0x10 [ 330.034505][T10831] __x64_sys_openat+0x12d/0x210 [ 330.039362][T10831] ? __pfx___x64_sys_openat+0x10/0x10 [ 330.044731][T10831] ? exit_to_user_mode_loop+0xe2/0x4f0 [ 330.050189][T10831] ? rcu_is_watching+0x12/0xc0 [ 330.054954][T10831] do_syscall_64+0x10b/0xf80 [ 330.059574][T10831] ? clear_bhb_loop+0x40/0x90 [ 330.064282][T10831] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 330.070167][T10831] RIP: 0033:0x7f530219ce59 [ 330.074579][T10831] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 330.094186][T10831] RSP: 002b:00007f5302fc4028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 330.102619][T10831] RAX: ffffffffffffffda RBX: 00007f5302415fa0 RCX: 00007f530219ce59 [ 330.110679][T10831] RDX: 00000000000c8e03 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 330.118638][T10831] RBP: 00007f5302232d6f R08: 0000000000000000 R09: 0000000000000000 [ 330.126595][T10831] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 330.134564][T10831] R13: 00007f5302416038 R14: 00007f5302415fa0 R15: 00007ffd5fa8f878 [ 330.142527][T10831] [ 330.145599][T10831] Kernel Offset: disabled [ 330.149905][T10831] Rebooting in 86400 seconds..