last executing test programs: 10.325153136s ago: executing program 0 (id=2625): unshare$auto(0x40000080) r0 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/bus/usb/037/001\x00', 0x20882, 0x0) ioctl$auto_USBDEVFS_CONTROL(r0, 0xc0185500, &(0x7f0000000240)={0x23, 0x3, 0x18, 0x2006, 0x7fa, 0x7fb, &(0x7f0000000280)}) clock_nanosleep$auto(0x1, 0x6, 0x0, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x2) r1 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x0, 0xfffffffffffff000, 0x2) landlock_create_ruleset$auto(&(0x7f0000000000)={0x81, 0x8000000000001, 0xa}, 0xb, 0x0) landlock_restrict_self$auto(r1, 0x8) capset$auto(0x0, 0x0) write$auto(0x1, 0x0, 0x80000000) r2 = socket(0xa, 0x5, 0x84) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/bus/most/drivers/most_core/components\x00', 0x100, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r3, &(0x7f00000020c0)=""/4109, 0x100d) connect$auto(r2, &(0x7f0000000080)=@in={0x2, 0x3, @loopback}, 0x74) 9.813161278s ago: executing program 0 (id=2627): mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) socket(0xa, 0x3, 0x3b) semctl$auto_SEM_STAT(0x0, 0x80000000, 0x12, 0x0) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) r0 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) sendmsg$auto_NL802154_CMD_DEL_INTERFACE(r0, &(0x7f0000000380)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='4\x00\b\x00', @ANYRES16=0x0, @ANYBLOB="00042abd7000fddbdf250800000014000400767863616e31000000000000000000000c0006000400000000000000"], 0x34}, 0x1, 0x0, 0x0, 0x4000000}, 0x4) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) ioctl$auto_BTRFS_IOC_SCRUB_PROGRESS(r0, 0xc400941d, &(0x7f0000000500)={0x40a, 0x3, 0x3ac, 0x8, {0x1, 0x4, 0xb, 0x3, 0x9, 0x4, 0x9, 0x2, 0xe, 0xa5, 0x1, 0x4, 0x0, 0xf, 0xff}}) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = socket(0x2, 0x1, 0x0) bpf$auto_BPF_OBJ_GET_INFO_BY_FD(0xf, &(0x7f00000002c0)=@test={r1, 0x0, 0x856, 0x189, 0x8, 0x7fff, 0x7fff, 0x10000, 0xc91a, 0x7, 0x5, 0x3, 0x3, 0x3, 0x6}, 0x1) pipe2$auto(&(0x7f00000000c0)=r0, 0xfffffff7) mmap$auto(0x0, 0xa00006, 0x400002, 0x40ebe, 0xffffffffffffffff, 0x300000000000) io_uring_setup$auto(0x6, 0x0) close_range$auto(0x2, 0xa, 0x0) openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000200), 0x400, 0x3f) sendmsg$auto_ETHTOOL_MSG_PSE_SET(0xffffffffffffffff, 0x0, 0x0) r3 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000140)='/dev/sequencer\x00', 0x42, 0x0) write$auto(r3, &(0x7f0000000200)='/de\xef\xe7audio1\x00', 0xa3d9) r4 = socket$nl_generic(0x10, 0x3, 0x10) set_tid_address$auto(0x0) r5 = syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000900)=ANY=[@ANYBLOB="a000", @ANYRES16=r5, @ANYBLOB="080226bd7000fedbdf2503000000040008000400038012000100898771f1c19f1779048590822ad9000070000380640044000552f6d3eda20877eaa488f35e11ba8a0f282980dbe3cbbc3ae8626202b952013306406fc8c07e75e2b9543cce22842b00bc15baf98d303611387eb632a3fd2a64bdcca4801999fa43f4b8b79a7274f6140a32756d90a14516d25c0cdc12a78308004900", @ANYRES32=0x0, @ANYBLOB="a48b741db3990256cc19e991767f5af75d26f798cef6613353fa225ab2b7c8193928ad6119"], 0xa0}, 0x1, 0x0, 0x0, 0x4040001}, 0x4800) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7fffffe) write$auto_proc_mem_operations_base(0xffffffffffffffff, &(0x7f0000001680)="a7", 0x80000) close_range$auto(0x2, 0x8, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r2, &(0x7f0000000040)=""/105, 0x69) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0xa40, 0x0) 7.620251044s ago: executing program 0 (id=2632): close_range$auto(0x2, 0x8, 0x0) r0 = socket(0x11, 0x3, 0xfffff958) r1 = open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x0) fallocate$auto(0x8000000000000003, 0x0, 0x9, 0x4cbd5d) r2 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000780), r0) sendmsg$auto_NL80211_CMD_CONNECT(r1, &(0x7f0000000840)={&(0x7f0000000740)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000800)={&(0x7f00000007c0)={0x34, r2, 0x6, 0x70bd25, 0x25dfdbff, {}, [@NL80211_ATTR_MAX_HW_TIMESTAMP_PEERS={0x6, 0x143, 0x5}, @NL80211_ATTR_FILS_KEK={0x10, 0xf2, "93f5f521d0bc4f46fdbe423b"}, @NL80211_ATTR_PEER_AID={0x6, 0xb5, 0x4}]}, 0x34}, 0x1, 0x0, 0x0, 0x4000}, 0x4000000) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r3 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/audit\x00', 0x40802, 0x0) read$auto(r3, 0x0, 0xb4d3) close_range$auto(0x0, 0xfffffffffffff000, 0x2) r4 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0xe0301, 0x0) r5 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) ioctl$auto(r4, 0x4b72, r5) fremovexattr$auto(r1, &(0x7f0000000040)='s}stem.\xa5\x1aE\x8d\x9e\xb9\x81\xf0\x01\xc2\xa9\xe9\x8d\x87/\xe7') r6 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000100), r0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) read$auto_drm_connector_fops_drm_debugfs(r1, &(0x7f0000000880)=""/109, 0x6d) getsockopt$auto(0x3, 0x200000000001, 0x42, 0x0, 0x0) sendmsg$auto_NL80211_CMD_UPDATE_FT_IES(r0, &(0x7f0000000700)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000006c0)={&(0x7f0000000900)=ANY=[@ANYBLOB="0000000093a1d52d27162d11465a20a2cf48152483a7a81a475713ba343cceeec62b2339113ede0a95300b9c4b579d8014ec739ba9345eab59cac3bd9ece77a9a536c67864544514f6adbf7c3388daa74390b4418025064e5bef971be50fddf7d8", @ANYRES16=r6, @ANYBLOB="040026bd7000fcdbdf25600000003c012680760003009be1d58896d86ec3902a93216f2f9f8f9d86eb8f70e9d95fb9a5972e77f9ab8564a949658736d31a991f8852328a53c779968cb2a08938b3943a156fe9b4a8393336c0dd33947dd480fbce77386a8489e1aaf50acf008a3352ce9933334a47a6361436e3bb16ea90efbe204426157ba9bfc8000008000100080000008d00030078e6be1547364ab5eeb060be0caf1b662b5987a34fb8ad41bc2e85ea542e0d8c5ff9d05c36855af752f3a869bc2711003b738cd1c73675ac7d35e1975d369a290190a4a36938bf0f7c4e021d2bb2b0c81a4f3b423558acb0e508fbf01a0cf60771130390227f1d043eee0cf7352ae652d217914127628f01868eadf4ad93916ec4079defe416ea331d00000008000100fbffffff100003002f2afa52d5a7e0794ea1b2a908000200050000000800020001000000ee00e800e972953aa65b3b26fe3113db6c480ee6baba281ed3cad8acaaf5a94177c3302da3a6fde3b692e48f52aeeaa4a208012c02d553ec2a2960b8c9109529eabae2b588250b39f3f7205ef0ec65c6909b3161ef0dccf5dd5e653379d63c61d5412a1c5054494d324340840233021083d15a20b714117b7506d071a8ebeafa4e0455537a9e12279ba221ac2ff144bff0283168fb5966549c2fa5733a570946bb3702370ea93062ee3f36ee6f4875a8796643c2467be6beb576b3da17be3a447753205f035df371ee29e2b4347a30e70e5065d0bb8775f7a6c4b4b8f92e059800a2bc7380ca82076e911455a6fa00004f000600e3605afa1fa52beb37478831708bb6e1c6e6f97c97f3596df987bec11bc3321a27f1b77e8cb4f004108e683584e6b7c9b02d5509f45b61b01b6e85d4d4983260cc334484cf4502cd68b268000500ee00000000000500d20000000000e401f080a2c6a597aa97a4819fdc0084e50a284103b6ba92fab14e57382f4d7a94a0da35f3433c13400f3685d0a9b705a5685d4a26b259c2e65b38dba81b922b6bce235eda5f04a9a5e5ccbd71d1271596c185d24d12b277dbbeef45baa67944b15374d58ae9928fee9bb005a32d63bb72cfd2dae08f11ac38340f102eece1104871049866fec0f0182ae0f865c9a5ae9c6be489069c4a2ded7708ab549b1dcd6f2442b1c66d0257e0ece791e7b641ead26dfeb0c7aa083c86773e68c0e0c819b8100dd81abbfcfa0e4d6e0f71c6ab96b5be1b7b9906ee44ac776e43271e8da4499fc67e286c1a289eb0ce276ed9404681e536793df1b200b58e262efffca42f35d4ba6ea5dd9ad2fe90e9c628d6de9f8a45fe01cb96dbab7feee7ebe63fa0324614ce8e673def5b8fcefb607b1d3b9ebeec8627cc66effada28d9abe4087abb49754f12118bf6f061c663fd47b390da5d51d17f6399924a934d0c028904a38e7bb0ab77e6f0b2fb501bfbd19694059cc207cd2a6e008e804fe65f8254241e095e3242348ae6832b3308206c1f096e9fe98efa0daaf6d138253641be6844804e678b9d55dc1955abd312789f36b577ff59522b542d3128a987e4b18ade684381fdcb5ec7c43d1400a700fe8000000000000000000000000000bb040088800400598000000600140106000000c800268008000200563a000018000300db9e64599319541ce050c8961d16f9ee06dc24449a0003006df63c3a702f3f83ab743064672dc147507f228d3288f53518578a16f959a7bc90b5b87f05ffaa9d6ea0a51403506a50032f7d23f6692afb3d13ea704d91e8942ce592316b3e72973e093380697565376f3a900544e06a26c8a76e6a407b2cecd0d20800a9a845de8c00c725f15eae03ad445e8b38b1c552ecc7e07011a490cf30c81f4bd7ad1c7c588a3bf5e1cf4ea951eedf9565a1000008000100070000000500ee0009000000"], 0x55c}, 0x1, 0x0, 0x0, 0x50}, 0x40080c0) truncate$auto(&(0x7f00000000c0)='./file0\x00', 0x6) setresuid$auto(0xffffffffffffffff, 0x0, 0x0) 6.629421096s ago: executing program 0 (id=2637): r0 = socket(0xa, 0x2, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/dummy_udc.5/udc/dummy_udc.5/srp\x00', 0x60301, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x14f602, 0x0) r2 = socket(0x2, 0x5, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r3 = socket(0x2, 0x3, 0x6) lsm_list_modules$auto(0x0, 0x0, 0x0) close_range$auto(r1, r2, 0xfb) socket(0xa, 0x5, 0x0) memfd_create$auto(0x0, 0x2) ioctl$sock_SIOCGIFINDEX(r3, 0x401c5820, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) write$auto_kernfs_file_fops_kernfs_internal(r1, &(0x7f0000000040)='\n', 0x1) setsockopt$auto(r0, 0x29, 0x30, 0x0, 0x56b) r4 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x9, 0x7) bpf$auto_BPF_ENABLE_STATS(0x20, &(0x7f0000000040)=@token_create={0x5, r4}, 0x9) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) listmount$auto(0x0, 0x0, 0x0, 0x1) socket(0x2, 0x3, 0x100) socket(0x23, 0x2, 0x806) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000226bd7000fedbdf250300000008000300dd83313dc71f6a65db029d6400021000", @ANYRES32=0x0, @ANYBLOB="0a00050000000000000000000a000100aaaaaaaaaaaa00000a000500ffffffffffff0000060006004600000006000700070000000800040073090000"], 0x68}, 0x1, 0x0, 0x0, 0x18a64d47ddeca1f0}, 0x4040090) socket(0x2, 0x3, 0x100) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="13"], 0x1ac}}, 0x4004) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x8) 6.07039941s ago: executing program 2 (id=2640): bpf$auto(0x0, &(0x7f0000000100)=@task_fd_query={0xe, 0x4, 0x4, 0x10001, 0x8, 0xc, 0xffffffffffffffff, 0x9, 0x7ff}, 0xee) openat$auto_generic(0xffffffffffffff9c, 0x0, 0x301483, 0x0) close_range$auto(0x2, 0x8, 0x0) unshare$auto(0x40000080) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r2 = prctl$auto(0x3, 0x1, r0, 0x1, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) socket(0x2b, 0x5, 0xfffffffd) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) fcntl$auto_F_NOTIFY(0xffffffffffffffff, 0x402, 0x9000) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000140), 0x8f00, 0x0) mremap$auto(0xfffffffffffffe01, 0x40000000100005, 0x843, 0x3, 0x2) fsopen$auto(0x0, 0x1) prctl$auto(0x38, 0x3, r0, 0x0, 0x3) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) shutdown$auto(0x200000003, 0x2) madvise$auto(0x0, 0x2003f2, 0x15) syz_genetlink_get_family_id$auto_ethtool(0x0, r2) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x3fd, 0x8000) close_range$auto(0x2, 0xffffffffffffffff, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000080), 0xe0180, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000200)='/sys/bus/usb/drivers/gnss-usb/new_id\x00', 0x100, 0x0) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/net/sit0/statistics/tx_compressed\x00', 0x80000, 0x0) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) r4 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x8c00, 0x0) ioctl$auto_KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$auto(0x3, 0xc048aec8, r3) setsockopt$auto(0xffffffffffffffff, 0x100, 0x5, &(0x7f0000000040)='#)@$$:]+)]\x00', 0x8001) 5.522806564s ago: executing program 3 (id=2642): r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) set_mempolicy$auto(0x2, &(0x7f0000000080)=0x7e, 0x4) mmap$auto(0x0, 0xd561, 0x10000000000df, 0xeb2, 0xffffffffffffffff, 0x8000) timer_create$auto(0x2, 0x0, 0x0) timer_settime$auto(0x0, 0x3, &(0x7f00000000c0)={{0x26b, 0x4}, {0x0, 0x83}}, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) memfd_create$auto(0x0, 0xe) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r1 = socket(0x2, 0x1, 0x0) setsockopt$auto(0x3, 0x1, 0x21, 0x0, 0x9) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4ea2, @remote}, 0x6a) sendmmsg$auto(r1, &(0x7f0000000140)={{&(0x7f0000000040), 0x19, 0x0, 0x9, 0x0, 0x1f, 0x3}, 0x4}, 0x7, 0x20020004) sendmsg$auto_ETHTOOL_MSG_LINKINFO_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}, 0x1, 0x0, 0x0, 0x4000840}, 0x2000c840) write$auto(0x3, 0x0, 0x7fffffff) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/block/nullb0/queue/zone_append_max_bytes\x00', 0x48500, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x60742, 0x0) mmap$auto(0x0, 0x810006, 0xffb, 0x8000000008011, 0x3, 0x0) open(0x0, 0x22240, 0x154) 5.046892551s ago: executing program 1 (id=2644): mmap$auto(0x0, 0xe983, 0x3, 0xeb1, 0xffffffffffffffff, 0x20000008000) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8000}, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) ioctl$auto_MON_IOCX_MFETCH(0xffffffffffffffff, 0xc0109207, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_tracing_entries_fops_trace(0xffffffffffffff9c, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) r1 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$auto_VHOST_SET_FEATURES(r1, 0x4008af00, &(0x7f0000000000)=0x100000200000000) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/system/node/node1/compact\x00', 0xc2481, 0x0) writev$auto(r2, &(0x7f0000000080)={0x0, 0x1000}, 0x3) syz_genetlink_get_family_id$auto_smbd_genl(0x0, 0xffffffffffffffff) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000240)='/sys/module/libceph/parameters/supported_features\x00', 0x40000, 0x0) open(&(0x7f0000000040)='./file0\x00', 0x149443, 0x0) mount$auto(0x0, 0x0, &(0x7f0000000240)='hfs\x00\x81\xe2\xde\xa8\xb7\xc4G[*}\xaa{\xf1\x86\xf7d@\xe8Y\xea\xb1H\x01\xff\"^\'6\xba\xa9s\x1d\xf4\xe1i\xc5\xb6_B\xa7KFS\xc1\xa7\x8e*h\xe3\x8b\x7f\xca\xfcNEi\x84?\x82\xff\xf2\xac\xd1\xee\xf4\x9a?\xac\x11\x88\aO\x84\xe6k\a\x9bY\xddx\xb8\xdf\vHv\xb5\f\xbc\b\xc0\xfa\xc0\xfe\xa6\xce\xbd\x03\x00\x93\xdc4\x97\xce\xd5&\x93\xae\x05q\xe9\xa8?\x00\xbdi\x88q\xd0w\xfd@\r\xce\xe4\xadrt`\xf8`b\xbf\xeci\x93a\xc6o\x9ej\xe4\xa3\x9d\xaa\xe1\xe1N\n\xbcq\n[\"5\xd4\xa6\x96#).\xbd\x8aD\x88>8J\v\xb5\x99H\xc5\a\xc9\xcf\xbc\x85\xbf\x85\x81\x0f\x7f8\x11\xdbK\xf3\xc2#\x18 \xdf\x05\xcd\xbb\xc03_\xb7Q@\xf2G', 0x7, 0x0) sendmsg$auto_KSMBD_EVENT_LOGIN_RESPONSE(0xffffffffffffffff, 0x0, 0x30004850) keyctl$auto(0x1ff, 0x0, 0x0, 0x0, 0x6) msync$auto(0x1ffff000, 0x1800000000000fe, 0x400000004) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/devices/virtual/net/nr7/statistics/rx_nohandler\x00', 0x40042, 0x0) openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, 0x0, 0x40802, 0x0) 4.065596203s ago: executing program 3 (id=2645): socket(0x2, 0x3, 0x100) socket(0x10, 0x2, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/workqueue/writeback/max_active\x00', 0x1a2b02, 0x0) sendfile$auto(r0, r0, 0x0, 0x3) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) prctl$auto(0x1000000003b, 0x5, 0x4, 0x8, 0xfffffffffffffffd) mmap$auto(0x0, 0x4000002, 0xfffffffffffffe01, 0x8051, 0x3, 0x0) syz_clone(0x5004000, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/usbmon0\x00', 0x0, 0x0) ioctl$auto_MON_IOCX_MFETCH(r1, 0xc0109207, 0x0) ioctl$auto_MON_IOCX_MFETCH(r1, 0xc0109207, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/irq.pressure\x00', 0x101102, 0x0) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000340)='/dev/bus/usb/025/001\x00', 0x201, 0x0) 3.922833874s ago: executing program 1 (id=2646): r0 = socket(0x18, 0x4, 0x1) ioctl$sock_SIOCGIFINDEX(r0, 0x400448dd, 0x0) 3.772696273s ago: executing program 1 (id=2647): ioctl$auto_SNDCTL_DSP_SPEED(0xffffffffffffffff, 0xc0045002, 0x0) writev$auto(0x3, 0x0, 0x8) write$auto(0xffffffffffffffff, 0x0, 0x8587) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="10002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) r0 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x4008) r1 = socket(0x10, 0x2, 0x0) r2 = syz_genetlink_get_family_id$auto_ipvs(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$auto_IPVS_CMD_DEL_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000004f40)={&(0x7f00000002c0)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r2, @ANYBLOB="a95f28bd7000fcdbdf25070000000c00028008008f00", @ANYRES32=0x0, @ANYBLOB="f3d2733cbba0b4774fa6eac4a87419cbe232838657bbe5a4f75d92a2cd8f85f2a2a2659cfd094633d1537c7f37cfa9d4bb9c88a11e0fe3f96b00e951e6f6603b6cf3f9dbbdc6ef09c1248c84da6dde182889e949585e8af51203ebb8517c3c4e546db95848c5f568b50715bfe451a1df53e0bf5aca5c5ed2b483964e00"/148], 0x20}, 0x1, 0x0, 0x0, 0x20008801}, 0x14) sendmsg$auto_IPVS_CMD_SET_SERVICE(r0, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x10}, 0x4000000) 3.679615266s ago: executing program 2 (id=2648): mmap$auto(0x0, 0x2020009, 0x3, 0x800000000000eb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0xa, 0x0) socket(0xa, 0x1, 0x84) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/block/nbd15/queue/scheduler\x00', 0x103a42, 0x0) write$auto(0x3, 0x0, 0x7fffffff) (fail_nth: 1) 3.631879716s ago: executing program 1 (id=2649): bpf$auto(0x0, &(0x7f0000000100)=@task_fd_query={0xe, 0x4, 0x4, 0x10001, 0x8, 0xc, 0xffffffffffffffff, 0x9, 0x7ff}, 0xee) openat$auto_generic(0xffffffffffffff9c, 0x0, 0x301483, 0x0) close_range$auto(0x2, 0x8, 0x0) unshare$auto(0x40000080) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r2 = prctl$auto(0x3, 0x1, r0, 0x1, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) socket(0x2b, 0x5, 0xfffffffd) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) fcntl$auto_F_NOTIFY(0xffffffffffffffff, 0x402, 0x9000) ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) mremap$auto(0xfffffffffffffe01, 0x40000000100005, 0x843, 0x3, 0x2) fsopen$auto(0x0, 0x1) prctl$auto(0x38, 0x3, r0, 0x0, 0x3) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) shutdown$auto(0x200000003, 0x2) madvise$auto(0x0, 0x2003f2, 0x15) syz_genetlink_get_family_id$auto_ethtool(0x0, r2) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x3fd, 0x8000) close_range$auto(0x2, 0xffffffffffffffff, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000080), 0xe0180, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000200)='/sys/bus/usb/drivers/gnss-usb/new_id\x00', 0x100, 0x0) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/net/sit0/statistics/tx_compressed\x00', 0x80000, 0x0) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) r4 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x8c00, 0x0) ioctl$auto_KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$auto(0x3, 0xc048aec8, r3) setsockopt$auto(0xffffffffffffffff, 0x100, 0x5, &(0x7f0000000040)='#)@$$:]+)]\x00', 0x8001) 3.293259529s ago: executing program 2 (id=2650): r0 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ptrace$auto(0x4206, 0x1, 0x100000000, 0xe855) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'wlan1\x00', 0x0}) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) r5 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'wlan1\x00', 0x0}) sendmsg$auto_NL80211_CMD_SET_CQM(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYBLOB="1c000000", @ANYRESDEC=r4, @ANYBLOB="010026bd7000fddbdf253700000008000300", @ANYRES32=r3], 0x1c}, 0x1, 0x0, 0x0, 0x20000481}, 0x40800) sendmsg$auto_NL80211_CMD_SET_WIPHY(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="13006f0aa90ad739bf0300000079d8ee972cbd7400dddbdf250100000008010300", @ANYRES32=r2, @ANYBLOB="0000819df7734ccfc406dd00b462c3ea9d8d49fcbf4991c081dcf6a89c4add4ec9eed89b38068b", @ANYRESDEC=r6, @ANYRESHEX=r0], 0x2c}, 0x1, 0x0, 0x0, 0x24004080}, 0x20040894) r7 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000100), r7) r8 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000100)='/proc/mdstat\x00', 0x0, 0x0) pread64$auto(r8, 0x0, 0x10001, 0x830) r9 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp1\x00', 0x20b42, 0x0) ioctl$auto_SNDCTL_DSP_SETFMT(r9, 0xc0045005, &(0x7f0000000140)="0400") r10 = socket(0x15, 0x5, 0x0) r11 = signalfd4$auto(r9, &(0x7f0000000280)={0x7}, 0x3, 0x1) r12 = socket$nl_generic(0x10, 0x3, 0x10) r13 = syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$auto_OVS_DP_CMD_GET(r12, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="0000f432e0d1d92119cd9f4b09b5d0cec624d7dab688099c4e52df5e166de8421ae08cb971381e0cbb1950baa1e534b1d40490e3c19024b13b120b450fcb09fa6307f6fc75e20ae77977aa356558a2012d27650827b57b7170252f51c5a26f95904df1560bc47ff4a76097747f8b965952952bf9430e242df65fb6c0213805c69274092720dc31885fe97b189f8859a4355d0d647770f86751aa5fa8f15bcc", @ANYRES16=r13, @ANYBLOB="131729bd7000fedbdf25030000f00e0001002f6465762f63656334000000"], 0x24}, 0x1, 0x0, 0x0, 0x20044011}, 0x20000008) ioctl$auto_NS_GET_TGID_IN_PIDNS(r11, 0x8004b709, &(0x7f0000000200)) ioctl$auto_BLKTRACESETUP2(r9, 0xc0481273, &(0x7f0000000340)={"617e7e8e75f4d109324e3ab7b11f2ddf5ae22ba2ad2db9d837e5366fa4b3828f", 0xf7, 0x445, 0xff9, 0x6, 0x5b53}) getpid() openat$auto_btrfs_ctl_fops_super(0xffffffffffffff9c, &(0x7f00000004c0), 0x84000, 0x0) setsockopt$auto(r10, 0x114, 0x8, 0x0, 0x4) socket(0x22, 0x2, 0x24) mmap$auto(0x5, 0x0, 0xdf, 0xeb1, r3, 0x7) socket$nl_generic(0x10, 0x3, 0x10) 3.292967629s ago: executing program 0 (id=2651): mmap$auto(0x0, 0x2020009, 0x3, 0x800000000000eb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) set_mempolicy$auto(0x2, &(0x7f0000000080)=0x7e, 0x4) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) r1 = socket(0x15, 0x5, 0x0) bind$auto(0x3, 0x0, 0x6e) ustat$auto(0x801, 0x0) sendmsg$auto(r1, &(0x7f0000000180)={&(0x7f0000000040), 0x7fc, 0x0, 0x8, 0x0, 0x1, 0x4}, 0x0) mmap$auto(0x0, 0xd561, 0x10000000000df, 0xeb2, 0xffffffffffffffff, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) memfd_create$auto(0x0, 0xe) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) setsockopt$auto(0x3, 0x1, 0x21, 0x0, 0x9) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4ea2, @remote}, 0x6a) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000140)={{&(0x7f0000000040), 0x19, 0x0, 0x9, 0x0, 0x1f, 0x3}, 0x4}, 0x7, 0x20020004) syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_LINKINFO_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}, 0x1, 0x0, 0x0, 0x4000840}, 0x2000c840) close_range$auto(0x2, 0xa, 0x0) socket(0xa, 0x1, 0x84) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x103a42, 0x0) sendfile$auto(0x1, 0x3, 0x0, 0x40000000c07) write$auto(0x3, 0x0, 0x7fffffff) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/block/nullb0/queue/zone_append_max_bytes\x00', 0x48500, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r2, &(0x7f00000010c0)=""/4090, 0xffa) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) 3.082312585s ago: executing program 3 (id=2652): socket(0x2, 0x3, 0xa) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x9, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0x6, 0xeb1, 0xffffffffffffffff, 0x8000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0x6ab82, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) kexec_load$auto(0x200000000007, 0x1, &(0x7f0000000040)={@kbuf=0x0, 0x2aaa, 0x6c0000c000, 0xc000}, 0x4) openat$auto_tracing_saved_tgids_fops_trace(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/debug/tracing/saved_tgids\x00', 0x109100, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttynull\x00', 0x201, 0x0) memfd_secret$auto(0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x48f41, 0x0) write$auto(0x3, 0x0, 0xfffffdef) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) r0 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000280)='/proc/thread-self/fail-nth\x00', 0x20282, 0x0) write$auto(r0, &(0x7f00000000c0)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x2) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0x11, 0x80003, 0x300) 3.048054016s ago: executing program 2 (id=2653): r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) set_mempolicy$auto(0x2, &(0x7f0000000080)=0x7e, 0x4) mmap$auto(0x0, 0xd561, 0x10000000000df, 0xeb2, 0xffffffffffffffff, 0x8000) timer_create$auto(0x2, 0x0, 0x0) timer_settime$auto(0x0, 0x3, &(0x7f00000000c0)={{0x26b, 0x4}, {0x0, 0x83}}, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) memfd_create$auto(0x0, 0xe) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r1 = socket(0x2, 0x1, 0x0) setsockopt$auto(0x3, 0x1, 0x21, 0x0, 0x9) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4ea2, @remote}, 0x6a) sendmmsg$auto(r1, &(0x7f0000000140)={{&(0x7f0000000040), 0x19, 0x0, 0x9, 0x0, 0x1f, 0x3}, 0x4}, 0x7, 0x20020004) sendmsg$auto_ETHTOOL_MSG_LINKINFO_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}, 0x1, 0x0, 0x0, 0x4000840}, 0x2000c840) write$auto(0x3, 0x0, 0x7fffffff) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/block/nullb0/queue/zone_append_max_bytes\x00', 0x48500, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x60742, 0x0) mmap$auto(0x0, 0x810006, 0xffb, 0x8000000008011, 0x3, 0x0) open(0x0, 0x22240, 0x154) 1.825185045s ago: executing program 3 (id=2654): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ipvs(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_IPVS_CMD_SET_CONFIG(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)=ANY=[@ANYBLOB="240000009d0dcb4bb756f7ed2d68310e4fb5fd15dc9a9d34dec012832a3c5b2aa0f21bdd551bf2b20df4958960de8949eb6c86fcad92c6df113e2aebdd3943f89dc8c7bff1736bff57d79c3927762dcce7b2d5ef064b35168e41a8d240b2f9c1902a3d66291a183313b793f8dc63ebdd89e9eea25eca29f9ca4d5bfc0baf407b11e524db702fee50cfa726518c8404553b6494a1602e80c5005efa6cb461372c298d44879f59cb1cbfafb7bc0b9be6d03008ae8c7da04806d97d3a0df2dbb7417247db650e9787ab8e2ca7e914", @ANYRES16=r1, @ANYBLOB="01002abd7000fbdbdf250c000000080005009be300000800040000000000"], 0x24}, 0x1, 0x0, 0x0, 0x20000000}, 0x44) wait4$auto(0x0, 0x0, 0xf, &(0x7f0000000140)={{0x2599}, {0xffffffffffffffff, 0x1000000009}, 0x2, 0x800080000001, 0x1, 0x1000, 0x5, 0x7, 0x5, 0x5, 0xb11c, 0x8, 0xfffffffffffffffd, 0xfffffffffffffeff, 0xffff, 0x801c0000003}) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES16=0x0, @ANYRESOCT=r0, @ANYRES32, @ANYBLOB="0a0005000180c200000e00000a07000000000000000e00000a0001"], 0x68}, 0x1, 0x0, 0x0, 0x40080}, 0x40) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket(0x10, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000003b40)={'veth0_to_hsr\x00', 0x0}) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYRES16=r4], 0x1ac}, 0x1, 0x0, 0x0, 0x8000}, 0x40001) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x40}, 0x40000) sendmmsg$auto(r3, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x4008) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) r5 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000180)='/proc/thread-self/oom_adj\x00', 0x49402, 0x0) openat$auto_mgts_fops_(0xffffffffffffff9c, &(0x7f0000000100), 0x10080, 0x0) read$auto(r5, 0x0, 0x9a28) openat$auto_rfcomm_dlc_debugfs_fops_(0xffffffffffffff9c, &(0x7f0000000040), 0x101201, 0x0) close_range$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_PAUSE_SET(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)={0x3c, r7, 0x1, 0x70bd2b, 0x25dfdbfe, {}, [@ETHTOOL_A_PAUSE_RX={0x5, 0x3, 0x3}, @ETHTOOL_A_PAUSE_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netdevsim0\x00'}]}, @ETHTOOL_A_PAUSE_TX={0x5, 0x4, 0x2}]}, 0x3c}, 0x1, 0x0, 0x0, 0x10}, 0x4044000) mmap$auto(0x0, 0x400008, 0xdf, 0xf1, 0x2, 0x8000) ioctl$auto_BLKTRACESETUP2(0xffffffffffffffff, 0xc0481273, &(0x7f0000000080)={"b2def0b7086a436eea40295edb4a863a38efbcbd21177d76db93d17ad27d9bbc", 0x1, 0x3e7, 0xfffffffc, 0x7fffffffffffffff, 0x3, 0xffffffffffffffff}) close_range$auto(0x2, 0x8, 0x0) openat$auto_proc_loginuid_operations_base(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/thread-self/loginuid\x00', 0x3c8082, 0x0) r8 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/net/bond0/bonding/updelay\x00', 0x8242, 0x0) read$auto(r8, 0x0, 0xa) write$auto(0x3, 0x0, 0xfdef) finit_module$auto(0x3, 0xfffffffffffffffe, 0x400000000004) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/mm/hugepages/hugepages-2048kB/nr_hugepages_mempolicy\x00', 0xa001, 0x0) 1.240934231s ago: executing program 3 (id=2655): r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x8102, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r1, &(0x7f00000001c0)=""/238, 0xee) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)={0x40, 0x0, 0x1b, 0x70bd26, 0x25dfdbfe, {}, [@OVS_PACKET_ATTR_PROBE={0x4}, @OVS_PACKET_ATTR_ACTIONS={0x10, 0x3, 0x0, 0x1, [@nested={0xc, 0x2, 0x0, 0x1, [@typed={0x8, 0x1, 0x0, 0x0, @fd=r2}]}]}, @OVS_PACKET_ATTR_PACKET={0x12, 0x1, "898771f1c19f1779048590822ad9"}, @OVS_PACKET_ATTR_KEY={0x4}]}, 0x40}, 0x1, 0x0, 0x0, 0x4004040}, 0x4800) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) mmap$auto(0x0, 0x20008, 0x4000400000df, 0xeb1, 0x401, 0x8000) socket(0x28, 0x1, 0x0) io_uring_setup$auto(0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, 0x0, 0x0) select$auto(0x9, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0x0, 0x1, 0x948b, 0x9, 0x15f4da07, 0x6, 0x10, 0x64, 0x80000020, 0x1000, 0xb, 0x9, 0x2, 0xd8]}, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x8000000000001fd, 0x20000000007, 0x4, 0x1000000000000bc3, 0x800, 0x3, 0xff, 0x10001, 0x400000000003, 0x3, 0xfffffffffffffffc, 0xfffffffffffffffe, 0x80000000, 0x9, 0xffffdfffffffff81, 0x4]}, 0x0) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/virtual/block/nbd14/queue/iosched/prio_aging_expire\x00', 0x207a1, 0x0) openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000000), 0x200, 0x0) read$auto(0x3, 0x0, 0x7) write$auto_kernfs_file_fops_kernfs_internal(r3, &(0x7f00000000c0)='-7', 0x2) socket(0x2, 0x802, 0x1) io_uring_setup$auto(0x6, 0x0) bind$auto(0x3, &(0x7f0000000000)=@in={0x2, 0x0, @rand_addr=0x2000000}, 0x68) 1.132355144s ago: executing program 2 (id=2656): unlink$auto(&(0x7f0000000080)='./cgroup.cpu/cgroup.procs\x00') ioctl$auto_VHOST_SET_VRING_CALL2(0xffffffffffffffff, 0x4008af21, &(0x7f0000000000)={0x80, 0xffffffffffffffff}) r1 = openat$auto_raw_fops_raw_gadget(0xffffffffffffff9c, &(0x7f0000000000), 0x123000, 0x0) ioctl$auto_USB_RAW_IOCTL_EVENT_FETCH(r1, 0x80085502, &(0x7f00000001c0)={0x10, 0x1000}) setsockopt$auto_SO_TIMESTAMPING_OLD(0xffffffffffffffff, 0x8, 0x25, &(0x7f00000000c0)='-*},\x00', 0xfffffffa) r2 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$auto_TIPC_NL_BEARER_ADD(r0, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x30, r2, 0x20, 0x70bd26, 0x25dfdbfd, {}, [@TIPC_NLA_SOCK={0x1c, 0x2, 0x0, 0x1, [@nested={0x16, 0xe1, 0x0, 0x1, [@generic="f51942a58afb8845670cf25c842226fe5e3d"]}]}]}, 0x30}, 0x1, 0x0, 0x0, 0x840}, 0x2004c000) 1.004601542s ago: executing program 1 (id=2657): ioctl$auto_SNDCTL_DSP_SPEED(0xffffffffffffffff, 0xc0045002, 0x0) writev$auto(0x3, 0x0, 0x8) write$auto(0xffffffffffffffff, 0x0, 0x8587) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="10002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) r0 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x4008) r1 = socket(0x10, 0x2, 0x0) r2 = syz_genetlink_get_family_id$auto_ipvs(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$auto_IPVS_CMD_DEL_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000004f40)={&(0x7f00000002c0)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r2, @ANYBLOB="a95f28bd7000fcdbdf25070000000c00028008008f00", @ANYRES32=0x0, @ANYBLOB="f3d2733cbba0b4774fa6eac4a87419cbe232838657bbe5a4f75d92a2cd8f85f2a2a2659cfd094633d1537c7f37cfa9d4bb9c88a11e0fe3f96b00e951e6f6603b6cf3f9dbbdc6ef09c1248c84da6dde182889e949585e8af51203ebb8517c3c4e546db95848c5f568b50715bfe451a1df53e0bf5aca5c5ed2b483964e00"/148], 0x20}, 0x1, 0x0, 0x0, 0x20008801}, 0x14) sendmsg$auto_IPVS_CMD_SET_SERVICE(r0, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f00000000c0)={0x0}, 0x1, 0x0, 0x0, 0x10}, 0x4000000) 797.324806ms ago: executing program 2 (id=2658): r0 = socket(0xa, 0x2, 0x0) mmap$auto(0x0, 0xe983, 0x3, 0xeb1, 0xffffffffffffffff, 0x20000008000) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8000}, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0xfffffff6, 0xfffffffffffffffd, 0x0, 0x10000000000001, 0x401) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) r2 = openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000040), 0x200, 0x0) ioctl$auto_IOCTL_VMCI_VERSION2(r2, 0x7a7, 0x0) ioctl$auto_IOCTL_VMCI_INIT_CONTEXT(r2, 0x7a0, 0x6) adjtimex$auto(0x0) ioctl$auto_IOCTL_VMCI_QUEUEPAIR_ALLOC(r2, 0x7a8, 0x0) landlock_create_ruleset$auto(0x0, 0x0, 0x2) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) syz_genetlink_get_family_id$auto_smc_gen_netlink(&(0x7f0000000040), r0) bpf$auto_BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, 0xfffffffffffffffd, 0xff) r3 = gettid() kill$auto(r3, 0x11) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/timer_list\x00', 0x1c9802, 0x0) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000140)='/dev/sequencer\x00', 0x42, 0x0) close_range$auto(0x2, 0x8, 0x0) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/system/node/node1/compact\x00', 0xc2481, 0x0) writev$auto(r4, &(0x7f0000000080)={0x0, 0x1000}, 0x3) 797.046735ms ago: executing program 0 (id=2659): r0 = openat$auto_proc_mountinfo_operations_mnt_namespace(0xffffffffffffff9c, &(0x7f0000000080)='/proc/softirqs\x00', 0x682, 0x0) (async, rerun: 32) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) (async, rerun: 32) r1 = bpf$auto(0x11, &(0x7f0000000000)=@batch={0xfffffffffffffffb, 0x44, 0x2, 0x9, 0x1, 0xffffffffffffffff, 0xa, 0x6}, 0xcf) (async) r2 = open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x147) (async) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) (async) move_pages$auto(0x1, 0x20007, 0x0, 0x0, 0x0, 0x8000000000000000) sendmmsg$auto(r2, &(0x7f0000000180)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0x4}, 0x1000000000028, 0x0, 0xc4, 0x7f}, 0x800}, 0x4, 0x4008) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) (async) execve$auto(&(0x7f00000001c0)='./file0\x00', 0x0, &(0x7f0000000100)=&(0x7f0000000600)='#\xdc\xfe\xd8E\xc8\x8bu4\xd9n\xcb\xca\xc7zw \x96\x9ejh\xad\x9eEc\xae\x1e\x89\x92\x9a\xbbP[B\xae\x9cf)\x15\\\x90)l\x06\xf0\t\x12\x05zz\xa6\xb3\xce=\x00\x00\x00\x00\x00/\xc4T\x1f\xe5P\xff\xb4\xb7s0\x02\xc5\x81\x93\xc6\xc8\xb6Sp\x1a{8\xfc\xe0,X\xc7BU\xd0\x97\x7f1\x16\x99\x04\xabu/a(\x02\x7f\xbb\xbd\x906\xa8\xce\xee\xcd\xd7\t\x00\xfb\x83\xc8\x8aO\xe9\xbe=\xf7\xf4\x84,\x06\xd3j\x99b\xe6\xf6Y3A\xbb\xa4\xb2\f\x1b\xc3\x8a,g\xc6\xe8[\xdf\x88\x01\x9f7\xb5\x19m\xd8L\x84j\x8c\xec\xdf\x1a\xbd\xc5\x94\xb9\xb7\xd5\xa4\xc0\f-6\xfe\xa8\xed/u\x81_G\xfeR\xbb\x12\x16\xb8*\xa9\xc9\xe81\x9d\x06\xbbC\x17\xbb\xe6|\x97\xabB4J\xed+-\xf8u0/n\xcf\x8b\x95\x9d\xab\xa8\xc47\xa6\x0e\xdeOq\\\xc3\'{\b\xd3m\x94\xc2\xdd{\xeaO\x0e\xe4\xe0\xb9N:\xd60\x17,\x06\xc7B#Y0\x99\xeb\x874\xab?\xc8\x82\xe5\x8f\xb7\x91\xc2\xbe\xb2\x02\xfe\xd3k\xd5\xdcZ\xdcP\x8e+\xd8\xc7C\xcb\x15\x13c\xbf\xe8\xbd\"\x8f3\"\x14\xf8(\xda\x19\xcd\xec\x03.\xd9^\xc3A\xda\r[\x1a\xda\\#/\xd4\xaf\xd0\xe8\xa2\xdd\xc5{\xfa\xe0\x90\x8f\x99lQ\xec\x84h^\x11+\x93\b\xe0c\xe6\xd22\xf9\xa5') r3 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200"], 0x1ac}}, 0x40000) recvmmsg$auto(r1, &(0x7f0000000040)={{0x0, 0x5, 0x0, 0x5, 0x0, 0x10200002, 0x13}, 0x2}, 0xfffffff9, 0x10, 0x0) r4 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/tty0\x00', 0x102, 0x0) syz_genetlink_get_family_id$auto_nl80211(&(0x7f00000012c0), r1) (async) sendmsg$auto_NL80211_CMD_GET_REG(r3, &(0x7f0000001380)={&(0x7f0000001280)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000001340)={&(0x7f0000001440)=ANY=[@ANYBLOB="00b4190600000000000000000000534dedbb55bb1f723b848037add0e0f5479882ede712132767752d6cd7c4949e041ffa272a6671cff0caf87d88d62dd2e2b811604855ec6e915909", @ANYRES16=r0, @ANYBLOB="000129bd7000fbdbdf251f0000000b000a0075025c6ffa086c00"], 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x8000) write$auto_console_fops_tty_io(r4, &(0x7f0000000000)="c80d1b5d399b39", 0xfdef) (async) sendmsg$auto(r0, &(0x7f0000001240)={&(0x7f00000000c0)="5c45f83b508d31dfa3c9eae08e5013fabd7ad5102189b983c530a203930dde218ffc14c5585491431fb5514e1c1f82e36fb37ef2355baf6dc557d46b7a17b37de206e43ef30c432772a6581200c030ae9560fb6eff8d4536c21aa16c16f1affacd973baf6fdcd0366a5012c6b5ee95a9619fb7c8aecd0d97dfb9777eecf1985004fb9c", 0xfffffff7, &(0x7f0000001180)={&(0x7f0000000180)="ea04fb546e6fac75babcd7f204dfea746c969622e9a5c325df52b0c01bb5ffe030ee4e779953b48e29203aff5bb48b9820ba55b286a145a9d97b13980905192739891b02736028fe460355d8f921adf0099fce4b10832bcc32bb29bc07322208b420e5b1654d54604ce3984572d6e935dd1b4cf2ac396693d49e0f53046ee4dce4485e9e2b5d9cca948c1d72a200aedcad34fd2e322385e430df3ae692b33c8deb2a3bdc55a818af45e051bfadcadb975d0a0e653eb679c1e463ddbefc661c4a60093b6da423d92f557db3ae557302b6b2f748e2b5cd153743cd22d168c5ba148cb7b71ddc0bbafea6be31557eca87242cc4497d583423d76f77d74294b3b1fba7a3222665b218312471d3047fc49e8492cb737b9d6e4ff0ec87cf04af81fd3153ac64341da8ee01e481b4634856dc2c837bdc825a4a0e7ab5421e80728f6d586f4aa93b4b7bcd03f4a9622828d3d0cd8a3cdf05a410cc4adecebb6e9877e3d41def3c9f10963d2c04c19a6c1598c0fbd9681fa73a7886bec0695f13752271228a6e8b927e5e75605f499f8f30f14cbbc5ec78beeec688c3df5fb10068fe243891a716928162b377fd095eabf23cd39810bf91f6b324a3b3b6dc05a398de60685b3fc5b5cca49f51df6f342df5e9642898578d98b39c5f2abd875d57783f549107c6f1055c8bdd37c1fd51e8010ac94e216ad8461af1d012523701500acf19a343afa8b830d72758321ee49d99691e2b135b20042d49f10c3e689946abd8d69f44c27908dc98dc4f7e32be921e51ee132302a732cc59585eddb4b81fb45a1d911a18243d221213bc47c2d9fe39e90e5a49089aae36e7da0fce322b646a2dacbbd186904e7451868607b6c0bf4d83ec4f6ab3112544d4bc1c7eb581b6221579f0e927e0b8faee07b0defb69bac700bb91dcdf201233c3084edc72e2a9954a188545e1eeeb1e16c4cec73538ab2116ee2dd85ff22615ac2ee53326c665de144587b9f571f7440885ef964f21777a82133d84a73172ee323873efeec2389cd9c64971f6f5b8f55067f3b6dbfaff57271c01c504f52328e1700e17fbe3e39b3e97b4785d462eee32a015f3a3f6ae1be66777ad5115e76eaa980bbc10dde104b6b37f354ec9c4280679478af217eeb9ae8f89968da42fd5f2d0201ca0032658d9657acbdb20843d8657fe1c0f0a36e93c7f495663967d7246e983331f046eb2ebe5b5fd6b2f00604f19fe81a237ab2809b13f8644022ebcc442730ed7ba70414ab43ffccfe82fcd32d5a09e3319c90cfe41fc6bc6aa3a020869bcf2fd7bdb4934582adc861a6b8d01c6fcf73e9b0a7d6517a3c224e693fcea61a39c83a3d12205ea0c1c14fe03bd53d933a6cd92dbfd9f0f1ef0d89dab70cbc64658f5629699eba49eab0f3aafd0649397bd8f7ef32ae8958c35e9b4e37e7d14475368db62fd7b60ada8dc977786db596d1775a7d6206ed7a7740a54fa5291e656f2f9478f8d7b4fc2b67307e18c0efb787bf03dd2ca69de4bd6c3e67c61873136cfe7498f2e0d3f9650879201bab32a911d6d880530222787e4a3213b750d99aa351d5f150503dfc2f9ff1bc6559a9f1ca218bd9ed7d117f9111e705c49525b57671ae8e383ffa8f601004ddfc79913c0a5cd6ad8c12f5ed842a301b4882590b3555652cd2429905b159003cd4d16c5b17eccfbb5c5578fa233763451536711952f23a305372a20e92a53725be4827168595d43f0540f5454c02e3a43d77a6f58e82883b4f1778ff946d0909799777ca541c1b02997547d817dcc216d73d8b36f0a9f39133d426eda6d24d5d3fa434cdb7c8c14fd78eca9380c9b03ad24b5c18c93deda86ea65f6909de5019902d7817ca51470c211a1b9d36ae8e5f614c482eb673e29daac91b25041cc7bdcccc97be811c9e6a0b74a0f059b45abbbe32ac1418d01512443c8d6a0e42bd1106e15238d4e2ccc7afc6d7a8d140ee68a70eda65b2c7ff9c1548a504c47dae39963c29ae64a7e08a29112893f83a62f23d297b93061a9f3c2b127a929b363273e3ae024adc2608c3c09a373e7beab0e76133799f8d0823aaea0ab0d8d0d627795a16d66923866cfcb0fe969a72e2c812f2027f57f3f13cd843b094f5023a85d0776ac1a0d8b02f290b33274fbbff00a93a002336fa2bd9df95eef7f59079838af6f3ad4abaea5aab67955e630ff54b7d2bd5be7e85e205d360263f8c64c0b9fc000fde8685925b9d825fa84e6683a907264c91ed97207ab09adb63f65e3a497b65aa75c3f7be53153c3421de839f6b0fa5ae010cf51ed2ce41c17f7b8e132bc32973c97d9b735d772931a6f4aaa382624a2556c168696bb59f64b2f30011cef73986c66214c6a52c42a33d627102e57442094f969cd930e37b0d1a8d9c616a7e9d6fc29d79deaae24e4d8ae8ecdd59f9c4cd38b59cb2275923fe9656ce6da716311b2533b118d21127fb8a41fab7ebec0e8fdc5cdac214a52cbb7df6aa77b0c49c834e79b4da9eb8fb39ae191f4245de62d07607063ddcf16ba448e898cc3be58a965b4b23b9e736251ee92b3d03cea8b1780cf03ce51abe1e19a3e108472b09c542fc44146a211b24657b7b9f5864e763a6f56d190dddaaa50b5f4cab6f9d22ae9e16e5f9b2231425e2a37bd3105120b8e0e1767dfb5f96e96311d8b0c0fc9ab3ea6bc8d5b65eaa5d1c64f0453e4e0e0e758c82bb791bcc2d78aab0c30acd128fc23d2112af658cdfbb01f9918e71204381a58cd5f7545ff55dd8318f38b0b230e9c7d0b33b434c581bfd6441e72d18a14983eb7d8ef0ff2ecbb7893b99ee60eb26f61d986979d71ffba777a7acd64e251b70d80bb0b4f759ccf05ecf98e17228382e30f4bb5c3dc6554f66311d79edee182644944406c9db65dc495f51b6397c752b422d0f01ad9b92e2b4d349a3ad18f435e8534764c140e5f7b9f1547d18bf87d12086a9e1dbacb4a416c3d06a1d0c34aaf035513264cbb95a8db62528ec523557de1d3826e8eddc4b1b4bbc18d722c1d50111d391c9032de843f5569b4814563b9c50c896c72c37d621ddfc3e18706268f1badb89ced08c98c9c10f2a5e0decfc02250716ae2bd5c701447c01e36f21afd4419d50005833a15033eb09d6cab955ad4b291c9084173c5bd0ea48665041e6bcef8609850dd7878b776dba468c6ac72f5edb061a20d5b0623ccdfc388631f86e76f41f193bd2feb78966a41fd4fb7d95aeb0dcf79a872f7151b50d338b67decb0a25aec73ad0e2dbd7ab8c075da0a590233f365517565eb916a94b8af6b52ac7f44468259c31f9a1227a6fd4b84e37f6f125689ccccb27e261ed408ba88bd4bbf29b5f0e871abb5e9e84a4f6904abe6fcad40a3dae69d279c00bf39bccc83c6e1bfa39928d26b4e3d78791a37d7e1cf8cb0909b6d7fc491547c40f5cb0115668817b76b4d0d028de68f906036b7cb67d5bdbe6ae244c08381235f69df5034a151002b1cba97b227270d19ea0817607a99674b185e30bbf8460850bc2c7ac3fc3989ac00603a5efed1ccd84fc50cc0acc634e30569172d7dcc9c57bb8bc18ed72a87a973392cb86836cf9e08bfac3530b0ddc70eec43ddc90460a86e7917a78439cf310d25562b8beba12674e1d434881f64d61f6e3384524c304c42d50d18c232f142e5510ceef9a43050a36b1fcc2b3217e1b782133a9a15e08c894e0391643a7b62cb259bd19e77b535f68c3c6ccd9775ec91563d680fc6c0862830eb68f42b3c19de5a37ab321cb86356000e80a696d1d97d5256fdb882d7b24ba97a36660402fda4aaccfa64a79c4ecbee49141dd126347237974e6ecbec3160238166cebce9e40b2678ed9ce5d4b2248d35cd1574d46eb9fa7f4866e3e99b8b1725677297d284dc4a3db4fb4eb0bcd2028f348908c3f51ec4dd9c7bde95ae6056eb9bdc597fd1d10e33a3c98dbe4137995b82b1289bf18b30959dcdb0f6edd4fadaaa7a4a86decd922759e007b4fe151a0e727c37ca99394e981ce9998f278c78003f03817ffd27fce6ab3cc927d4b409817f0eb0e353e5f3ad1311c584f3d9068aa5b49b74097575b1feb330802189d806ddec4f484adb749892e6b9c8886dad09281c6ff162603f646b25897e81fb033b456b281ea26b53c0223c9db17113c252bb00ebdd54334071f110e029d5fecf8cf9a6795a8bc9705c4b21827ba40854ab94d44786171de4e24c3857153c9b64cf68627cfd8cbef2c39f899ca40d6ef010fbafd5186d978b65cd85de5d03d263f8f4f322276ef15b0fce09778ea588d317f5bca0c02f422bc66b830b6ef6e5172152709a18eab316cfb625edec282187cdfcd4b153b8ac23e2bdc5dac9e1f6ec5b5443e1969e3dfe4d1fa0e858712a90dd0aac05e3caf973ad97edb672deec9839ac05376485673e2a6377d820e260769859a99559568c11ab1649e0638db3863bbb56926382f5b9527a0314d9ee9aa1808a16bb805570329f237d87e03c6941e19148814611d093c3b7b756d5c157091cfe785d6b04f37742b9c76cee54dc328f7eed18cd94d7477b0b07f06cb2240261f03421db25b16441fbc2d6b8723045c0792c4933186d5b4cf113f9dd3e6c87cdc3939f96dbe7f69df6bc4200fb0d7d71b79281ae95bfee891e505d91a8ad4c995ef8f61fcb18be557475a5c55a93d1e835c7e2d53266d97a35376f3dcf19677ef00f5a7e23102c036b9cfa9f10b55655e371a8200db22c6b49a0af7655f81b54ceec166572e97ab3496d50a52a73b9c567136ffa028fd71029758364d234d8341506850836939be2f3f13619587cbbf849814587e58622af79c640ce38888e30b506dc7030151d123282b712ef09a913fcc2e155baa4084f89bd0daf6db56981e513c77f6d0db73eff81df2b8acad8892aae5bb050f7a18a537e4c5fc85a67d7441a6121420989462f3c8711f68b2adf4d407d6cb6994af727b58b5e251f3a6ddde81dab9357d2c6727a917bd941a8cc38ecb141012fa719d9946db313be603972a26fd6e2d631df9afe7932907739463fd75382e93b750976f6f14aceae3f66bc7d4dfaf3164826b38c4cabd833e9cfe16c0ce63d16d4cb8d0740080e01c65204b98915b79918f9f127fdb348b8f10f48f0138457cef949bcc0fcf62dfe8baf8107d39f3d2e55429335e4794aea562ba5b01e6fbc4c625208e1dd5e3ae04ab8ccfbd4fd340869df75549021c424e3e274979c7bad2e633db31bda293c80e7b3c002a5ac4f2e519f3c3f30ec9c05ef15871d784ce6ac371bb5d7a1c28b00633132c008b13c62a3b7d433e2d9134e96222dd67de417fc5c0449441676ac970cb4f609c1d2dce9396e75af95c7c76701cbb55f2e2f7c271a8a7ec85053d2e35da6449557b635797160e04582c28f454ddf268a7004ad29523de68a6b2c5792d92a7b60b279344e7d70cc4cae637a136fb89305b165674e633a39ac6a8b185f01ad628002e8cd33b3cb88cf073c168c727ee485671fd5a52336494fb9a56095524f083e10df9d16236dbf6286568affe6c17664dd060517a98a790272b393b268463aff2e427fe84fceee0280ed1490352e29751be2b06074b28024cae519df79b1cf8afc0f6427e1acaa03c1059cf5454ec630fca83b263e7b15c0a40221743a051c0c26aee0828e2b0cecf1fa3e47f9acb37847ed385f111c7e14021a61a17e4c290a46adf9340f8f860156067f55ab0876d75e7b77e538c32c835e027d31e8e6df7ddf9c3c3365190b5df3da1eab6c8854a045a7add603c4df2da54a1df61d92f987abb20e366f817a6d9c", 0x2}, 0x6, &(0x7f00000011c0)="45a52558abd483b4814da1b1b145bd3a15d5b4cb2744cdc02c3a9914c20417754c8c5ff6821afa76c5e421545b4af50784bd35c382491d9adb91275cc1f91b12209a63b0ac5405ca66a23ec45ed01c4e3e5c17c6ae4ae77c814ab246e56b5854b4dcd52f0b8feedbe33ae7b38bd27bc85a66da7dd7129d0aefc1a2e20f54", 0x2, 0x6}, 0x1d60c144) (async) preadv$auto(r0, &(0x7f0000009180)={&(0x7f0000008180), 0x7}, 0x26, 0x80, 0x5) 745.547465ms ago: executing program 1 (id=2660): mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) socket(0xa, 0x3, 0x3b) semctl$auto_SEM_STAT(0x0, 0x80000000, 0x12, 0x0) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) r0 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) sendmsg$auto_NL802154_CMD_DEL_INTERFACE(r0, &(0x7f0000000380)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='4\x00\b\x00', @ANYRES16=0x0, @ANYBLOB="00042abd7000fddbdf250800000014000400767863616e31000000000000000000000c0006000400000000000000"], 0x34}, 0x1, 0x0, 0x0, 0x4000000}, 0x4) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) ioctl$auto_BTRFS_IOC_SCRUB_PROGRESS(r0, 0xc400941d, &(0x7f0000000500)={0x40a, 0x3, 0x3ac, 0x8, {0x1, 0x4, 0xb, 0x3, 0x9, 0x4, 0x9, 0x2, 0xe, 0xa5, 0x1, 0x4, 0x0, 0xf, 0xff}}) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = socket(0x2, 0x1, 0x0) bpf$auto_BPF_OBJ_GET_INFO_BY_FD(0xf, &(0x7f00000002c0)=@test={r1, 0x0, 0x856, 0x189, 0x8, 0x7fff, 0x7fff, 0x10000, 0xc91a, 0x7, 0x5, 0x3, 0x3, 0x3, 0x6}, 0x1) pipe2$auto(&(0x7f00000000c0)=r0, 0xfffffff7) mmap$auto(0x0, 0xa00006, 0x400002, 0x40ebe, 0xffffffffffffffff, 0x300000000000) io_uring_setup$auto(0x6, 0x0) close_range$auto(0x2, 0xa, 0x0) openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000200), 0x400, 0x3f) sendmsg$auto_ETHTOOL_MSG_PSE_SET(0xffffffffffffffff, 0x0, 0x0) r3 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000140)='/dev/sequencer\x00', 0x42, 0x0) write$auto(r3, &(0x7f0000000200)='/de\xef\xe7audio1\x00', 0xa3d9) r4 = socket$nl_generic(0x10, 0x3, 0x10) set_tid_address$auto(0x0) r5 = syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000900)=ANY=[@ANYBLOB="a00000", @ANYRES16=r5, @ANYBLOB="080226bd7000fedbdf2503000000040008000400038012000100898771f1c19f1779048590822ad9000070000380640044000552f6d3eda20877eaa488f35e11ba8a0f282980dbe3cbbc3ae8626202b952013306406fc8c07e75e2b9543cce22842b00bc15baf98d303611387eb632a3fd2a64bdcca4801999fa43f4b8b79a7274f6140a32756d90a14516d25c0cdc12a78308004900", @ANYRES32=0x0, @ANYBLOB="a48b741db3990256cc19e991767f5af75d26f798cef6613353fa225ab2b7c8193928ad6119"], 0xa0}, 0x1, 0x0, 0x0, 0x4040001}, 0x4800) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7fffffe) write$auto_proc_mem_operations_base(0xffffffffffffffff, &(0x7f0000001680)="a7", 0x80000) close_range$auto(0x2, 0x8, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r2, &(0x7f0000000040)=""/105, 0x69) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0xa40, 0x0) 0s ago: executing program 3 (id=2661): r0 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ptrace$auto(0x4206, 0x1, 0x100000000, 0xe855) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'wlan1\x00', 0x0}) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) r5 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'wlan1\x00', 0x0}) sendmsg$auto_NL80211_CMD_SET_CQM(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYBLOB="1c000000", @ANYRESDEC=r4, @ANYBLOB="010026bd7000fddbdf253700000008000300", @ANYRES32=r3], 0x1c}, 0x1, 0x0, 0x0, 0x20000481}, 0x40800) sendmsg$auto_NL80211_CMD_SET_WIPHY(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="13006f0aa90ad739bf0300000079d8ee972cbd7400dddbdf250100000008010300", @ANYRES32=r2, @ANYBLOB="0000819df7734ccfc406dd00b462c3ea9d8d49fcbf4991c081dcf6a89c4add4ec9eed89b38068b", @ANYRESDEC=r6, @ANYRESHEX=r0], 0x2c}, 0x1, 0x0, 0x0, 0x24004080}, 0x20040894) r7 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000100), r7) r8 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000100)='/proc/mdstat\x00', 0x0, 0x0) pread64$auto(r8, 0x0, 0x10001, 0x830) r9 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp1\x00', 0x20b42, 0x0) ioctl$auto_SNDCTL_DSP_SETFMT(r9, 0xc0045005, &(0x7f0000000140)="0400") r10 = socket(0x15, 0x5, 0x0) r11 = signalfd4$auto(r9, &(0x7f0000000280)={0x7}, 0x3, 0x1) r12 = socket$nl_generic(0x10, 0x3, 0x10) r13 = syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$auto_OVS_DP_CMD_GET(r12, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="0000f432e0d1d92119cd9f4b09b5d0cec624d7dab688099c4e52df5e166de8421ae08cb971381e0cbb1950baa1e534b1d40490e3c19024b13b120b450fcb09fa6307f6fc75e20ae77977aa356558a2012d27650827b57b7170252f51c5a26f95904df1560bc47ff4a76097747f8b965952952bf9430e242df65fb6c0213805c69274092720dc31885fe97b189f8859a4355d0d647770f86751aa5fa8f15bcc", @ANYRES16=r13, @ANYBLOB="131729bd7000fedbdf25030000f00e0001002f6465762f63656334000000"], 0x24}, 0x1, 0x0, 0x0, 0x20044011}, 0x20000008) ioctl$auto_NS_GET_TGID_IN_PIDNS(r11, 0x8004b709, &(0x7f0000000200)) ioctl$auto_BLKTRACESETUP2(r9, 0xc0481273, &(0x7f0000000340)={"617e7e8e75f4d109324e3ab7b11f2ddf5ae22ba2ad2db9d837e5366fa4b3828f", 0xf7, 0x445, 0xff9, 0x6, 0x5b53}) getpid() openat$auto_btrfs_ctl_fops_super(0xffffffffffffff9c, &(0x7f00000004c0), 0x84000, 0x0) setsockopt$auto(r10, 0x114, 0x8, 0x0, 0x4) socket(0x22, 0x2, 0x24) mmap$auto(0x5, 0x0, 0xdf, 0xeb1, r3, 0x7) socket$nl_generic(0x10, 0x3, 0x10) kernel console output (not intermixed with test programs): 24] snd_aloop snd_aloop.0: control 7:265:7:ͺΈθ:2463 is already present [ 624.425773][ T51] Bluetooth: hci2: command 0x0c1a tx timeout [ 624.585851][ T51] Bluetooth: hci1: command 0x0c1a tx timeout [ 624.670169][ T1304] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.676656][ T1304] ieee802154 phy1 wpan1: encryption failed: -22 [ 624.707048][T14148] aoe: copy from user failed [ 624.734781][T14148] aoe: could not set interface list: too many interfaces [ 624.745994][ T51] Bluetooth: hci3: command 0x0c1a tx timeout [ 624.997253][ T51] Bluetooth: hci0: command 0x0c1a tx timeout [ 625.457596][T14160] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1937'. [ 625.484519][T14160] netlink: 25 bytes leftover after parsing attributes in process `syz.1.1937'. [ 625.963124][T14168] snd_aloop snd_aloop.0: control 7:265:7:ͺΈθ:2463 is already present [ 627.509986][T14179] Process accounting paused [ 628.107798][T14212] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 628.113960][T14212] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 628.120217][T14212] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 628.126383][T14212] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 628.784987][T14233] snd_aloop snd_aloop.0: control 7:265:7:ͺΈθ:2463 is already present [ 630.188863][T10549] Bluetooth: hci0: command 0x0c1a tx timeout [ 630.194937][T10549] Bluetooth: hci3: command 0x0c1a tx timeout [ 630.202265][ T5146] Bluetooth: hci1: command 0x0c1a tx timeout [ 630.208321][ T5146] Bluetooth: hci2: command 0x0c1a tx timeout [ 630.743955][T14272] aoe: copy from user failed [ 630.774637][T14272] aoe: could not set interface list: too many interfaces [ 631.760803][T14285] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 631.768897][T14285] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 631.847631][T14285] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 631.923289][T14285] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 632.371043][T14294] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 632.386218][T14294] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 632.477548][T14294] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 632.561600][T14294] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 632.977245][T14294] Process accounting paused [ 633.662955][T14312] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 633.676276][T14312] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 633.705718][T14312] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 633.729960][T14312] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 633.886151][T14323] aoe: copy from user failed [ 633.898158][T14323] aoe: could not set interface list: too many interfaces [ 634.416347][T14332] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1975'. [ 634.570650][T14334] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 634.609779][T14334] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 634.616666][T14334] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 634.624062][T14334] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 635.279655][T14349] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 635.291175][T14349] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 635.297855][T14349] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 635.304199][T14349] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 635.631520][T14355] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 635.638690][T14355] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 635.678680][T14355] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 635.685040][T14355] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 636.380309][T14363] aoe: copy from user failed [ 636.402367][T14363] aoe: could not set interface list: too many interfaces [ 637.355689][T14390] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 637.366038][T14390] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 637.372366][T14390] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 637.393966][T14390] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 637.990085][T14401] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 638.030499][T14401] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 638.082223][T14401] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 638.097737][T14401] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 638.552933][T14410] aoe: copy from user failed [ 638.577516][T14410] aoe: could not set interface list: too many interfaces [ 640.035065][ T5146] Bluetooth: hci1: command 0x0c1a tx timeout [ 640.036392][T10549] Bluetooth: hci2: command 0x0c1a tx timeout [ 640.113646][T10549] Bluetooth: hci0: command 0x0c1a tx timeout [ 640.117827][ T5146] Bluetooth: hci3: command 0x0c1a tx timeout [ 641.193866][T14449] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 641.223362][T14449] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 641.264640][T14449] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 641.295321][T14449] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 642.005220][T14468] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 642.055106][T14468] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 642.094171][T14468] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 642.102528][T14468] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 643.323145][T14489] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 643.334061][T14489] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 643.340938][T14489] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 643.349222][T14489] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 643.473426][T14475] Process accounting resumed [ 643.873715][T14480] Process accounting resumed [ 644.988986][T14522] aoe: copy from user failed [ 645.009639][T14522] aoe: could not set interface list: too many interfaces [ 645.426362][ T5146] Bluetooth: hci0: command 0x0c1a tx timeout [ 645.432716][T10549] Bluetooth: hci3: command 0x0c1a tx timeout [ 645.435149][ T5146] Bluetooth: hci1: command 0x0c1a tx timeout [ 645.438875][ T5829] Bluetooth: hci2: command 0x0c1a tx timeout [ 645.509178][T14530] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 645.519385][T14534] aoe: copy from user failed [ 645.524012][T14534] aoe: could not set interface list: too many interfaces [ 645.542525][T14530] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 645.562872][T14530] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 645.585490][T14530] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 646.519222][T14544] Process accounting resumed [ 647.558383][ T5146] Bluetooth: hci1: command 0x0c1a tx timeout [ 647.558394][ T51] Bluetooth: hci2: command 0x0c1a tx timeout [ 647.637433][ T5146] Bluetooth: hci0: command 0x0c1a tx timeout [ 647.637447][ T51] Bluetooth: hci3: command 0x0c1a tx timeout [ 648.219645][T14580] snd_aloop snd_aloop.0: control 7:265:7:ͺΈθ:2463 is already present [ 648.655587][T14588] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 648.688176][T14588] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 649.016310][T14588] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 649.043664][T14588] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 649.519371][T14597] aoe: copy from user failed [ 649.524080][T14597] aoe: could not set interface list: too many interfaces [ 650.419107][T14617] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 650.426110][T14617] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 650.433030][T14617] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 650.440233][T14617] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 650.611418][T14602] Process accounting resumed [ 651.259638][T14628] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 651.266313][T14628] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 651.281604][T14628] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 651.288209][T14628] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 651.428528][T14629] snd_aloop snd_aloop.0: control 7:265:7:ͺΈθ:2463 is already present [ 651.905303][T14636] aoe: copy from user failed [ 651.912098][T14636] aoe: could not set interface list: too many interfaces [ 652.032584][T14639] aoe: copy from user failed [ 652.037353][T14639] aoe: could not set interface list: too many interfaces [ 653.324388][T14662] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 653.331443][T14662] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 653.339059][ T51] Bluetooth: hci0: command 0x0c1a tx timeout [ 653.339088][ T5146] Bluetooth: hci3: command 0x0c1a tx timeout [ 653.389222][T14662] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 653.395545][T14662] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 654.101328][T14671] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 654.118331][T14671] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 654.126045][T14671] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 654.132318][T14671] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 654.195176][T14667] snd_aloop snd_aloop.0: control 7:265:7:ͺΈθ:2463 is already present [ 656.121836][T10549] Bluetooth: hci1: command 0x0c1a tx timeout [ 656.121848][ T5146] Bluetooth: hci2: command 0x0c1a tx timeout [ 656.212852][T10549] Bluetooth: hci0: command 0x0c1a tx timeout [ 656.219007][T10549] Bluetooth: hci3: command 0x0c1a tx timeout [ 658.134239][T14723] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 658.140457][T14723] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 658.148793][T14723] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 658.159027][T14723] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 658.343931][T14731] FAULT_INJECTION: forcing a failure. [ 658.343931][T14731] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 658.407263][T14731] CPU: 0 UID: 0 PID: 14731 Comm: syz.0.2057 Not tainted syzkaller #0 PREEMPT(full) [ 658.407305][T14731] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 658.407325][T14731] Call Trace: [ 658.407343][T14731] [ 658.407355][T14731] dump_stack_lvl+0x100/0x190 [ 658.407411][T14731] should_fail_ex.cold+0x5/0xa [ 658.407451][T14731] _copy_from_user+0x2e/0xd0 [ 658.407494][T14731] memdup_user+0x6b/0xe0 [ 658.407528][T14731] raw_ioctl+0x13a5/0x2b80 [ 658.407578][T14731] ? __pfx_raw_ioctl+0x10/0x10 [ 658.407625][T14731] ? __pfx_raw_ioctl+0x10/0x10 [ 658.407668][T14731] __x64_sys_ioctl+0x18e/0x210 [ 658.407721][T14731] do_syscall_64+0x106/0xf80 [ 658.407756][T14731] ? clear_bhb_loop+0x40/0x90 [ 658.407796][T14731] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 658.407830][T14731] RIP: 0033:0x7ff0e539c819 [ 658.407857][T14731] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 658.407888][T14731] RSP: 002b:00007ff0e6225028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 658.407919][T14731] RAX: ffffffffffffffda RBX: 00007ff0e5615fa0 RCX: 00007ff0e539c819 [ 658.407940][T14731] RDX: 00002000000001c0 RSI: 0000000040095505 RDI: 0000000000000003 [ 658.407959][T14731] RBP: 00007ff0e6225090 R08: 0000000000000000 R09: 0000000000000000 [ 658.407979][T14731] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 658.407998][T14731] R13: 00007ff0e5616038 R14: 00007ff0e5615fa0 R15: 00007ffc326617b8 [ 658.408041][T14731] [ 658.949086][T14739] Format for adding new device is "id port_count num_queues" (uint uint unit). [ 660.203806][T10549] Bluetooth: hci0: command 0x0c1a tx timeout [ 660.209945][T10549] Bluetooth: hci3: command 0x0c1a tx timeout [ 660.216249][ T5146] Bluetooth: hci1: command 0x0c1a tx timeout [ 660.216273][T10549] Bluetooth: hci2: command 0x0c1a tx timeout [ 660.358231][T14765] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 660.364662][T14765] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 660.398411][T14765] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 660.411735][T14765] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 660.872253][T14768] Process accounting resumed [ 662.175397][T14788] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 662.184067][T14788] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 662.196795][T14788] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 662.214772][T14788] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 663.388965][T14803] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 663.435326][T14803] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 663.454352][T14803] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 663.492307][T14803] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 664.008830][T14799] Process accounting resumed [ 665.412417][T10549] Bluetooth: hci2: command 0x0c1a tx timeout [ 665.446072][T14833] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 665.452590][T14833] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 665.463768][T14833] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 665.470473][T14833] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 666.433399][T14846] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 666.439794][T14846] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 666.505218][T14846] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 666.511641][T14846] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 667.778451][T14858] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 667.820647][T14858] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 667.877744][T14858] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 667.883904][T14858] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 669.818445][ T51] Bluetooth: hci2: command 0x0c1a tx timeout [ 669.889555][ T51] Bluetooth: hci1: command 0x0c1a tx timeout [ 669.968713][ T51] Bluetooth: hci0: command 0x0c1a tx timeout [ 669.974776][T10549] Bluetooth: hci3: command 0x0c1a tx timeout [ 671.591440][T14897] delete_channel: no stack [ 672.052264][T14906] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2098'. [ 672.070147][T14903] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 672.077559][T14903] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 672.086819][T14903] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 672.097333][T14903] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 672.735502][T14921] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2101'. [ 672.806538][ T30] audit: type=1800 audit(1775710823.337:2): pid=14921 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.2101" name="features" dev="configfs" ino=58581 res=0 errno=0 [ 673.240668][T14925] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 673.343543][T14925] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 673.349792][T14925] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 673.649761][T14925] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 674.173458][T14936] snd_aloop snd_aloop.0: control 7:265:7:ͺΈθ:2463 is already present [ 674.903448][T14947] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 674.910331][T14947] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 674.917096][T14947] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 674.923889][T14947] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 676.916461][T14980] NFSD: Failed to start, no listeners configured. [ 676.932292][ T5146] Bluetooth: hci2: command 0x0c1a tx timeout [ 676.962261][T14984] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2113'. [ 677.013197][T10549] Bluetooth: hci1: command 0x0c1a tx timeout [ 677.019367][T10549] Bluetooth: hci3: command 0x0c1a tx timeout [ 677.025956][ T5146] Bluetooth: hci0: command 0x0c1a tx timeout [ 677.855007][T14989] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 677.861112][T14989] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 677.870103][T14989] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 677.892640][T14989] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 678.176182][T15005] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 678.183887][T15005] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 678.193711][T15005] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 678.200603][T15005] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 680.043734][T15031] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 680.050986][T15031] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 680.061278][T15031] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 680.099087][T15031] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 680.496155][T15035] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 680.521547][T15035] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 680.635485][T15035] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 680.701885][T15035] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 681.626454][T15039] Process accounting paused [ 682.339596][T15064] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 682.347394][T15064] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 682.353619][T15064] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 682.360859][T15064] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 684.375927][ T5146] Bluetooth: hci0: command 0x0c1a tx timeout [ 684.382017][ T5146] Bluetooth: hci3: command 0x0c1a tx timeout [ 684.388523][T10549] Bluetooth: hci1: command 0x0c1a tx timeout [ 684.395334][ T51] Bluetooth: hci2: command 0x0c1a tx timeout [ 684.610624][T15082] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 684.659793][T15082] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 684.670030][T15082] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 684.680515][T15082] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 684.842352][T15090] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2135'. [ 685.697207][T15102] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 685.734377][T15102] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 685.919410][T15102] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 685.925809][T15102] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 686.140904][ T1304] ieee802154 phy0 wpan0: encryption failed: -22 [ 686.147429][ T1304] ieee802154 phy1 wpan1: encryption failed: -22 [ 686.966400][T15107] aoe: copy from user failed [ 686.971283][T15107] aoe: could not set interface list: too many interfaces [ 687.737995][ T51] Bluetooth: hci1: command 0x0c1a tx timeout [ 687.747540][ T5829] Bluetooth: hci2: command 0x0c1a tx timeout [ 687.977558][ T51] Bluetooth: hci3: command 0x0c1a tx timeout [ 687.983653][ T51] Bluetooth: hci0: command 0x0c1a tx timeout [ 688.389192][T15128] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 688.419032][T15128] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 688.430317][T15128] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 688.436912][T15128] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 689.007087][T15137] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2146'. [ 689.462907][T15149] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 689.483691][T15149] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 689.581634][T15149] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 689.622593][T15149] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 691.499564][ T51] Bluetooth: hci1: command 0x0c1a tx timeout [ 691.505744][ T5829] Bluetooth: hci2: command 0x0c1a tx timeout [ 691.659411][ T51] Bluetooth: hci0: command 0x0c1a tx timeout [ 691.665575][ T5829] Bluetooth: hci3: command 0x0c1a tx timeout [ 692.063181][T15192] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2157'. [ 692.173134][T15187] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 692.204366][T15187] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 692.225890][T15187] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 692.272490][T15187] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 692.769656][T15203] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(3) [ 693.325601][T15177] Process accounting paused [ 693.467831][T15209] can: request_module (can-proto-5) failed. [ 694.220808][ T51] Bluetooth: hci1: command 0x0c1a tx timeout [ 694.226938][ T5829] Bluetooth: hci2: command 0x0c1a tx timeout [ 694.300747][ T51] Bluetooth: hci0: command 0x0c1a tx timeout [ 694.301846][ T5829] Bluetooth: hci3: command 0x0c1a tx timeout [ 695.278047][T15199] Process accounting paused [ 699.317064][T15298] syz.1.2180 uses obsolete (PF_INET,SOCK_PACKET) [ 700.088754][T15306] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 700.114345][T15306] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 700.125444][T15306] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 700.209118][T15306] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 701.939816][T15338] aoe: copy from user failed [ 701.983130][T15338] aoe: could not set interface list: too many interfaces [ 702.144756][ T51] Bluetooth: hci1: command 0x0c1a tx timeout [ 702.150904][ T5146] Bluetooth: hci2: command 0x0c1a tx timeout [ 702.158009][ T5829] Bluetooth: hci3: command 0x0c1a tx timeout [ 702.224758][ T5829] Bluetooth: hci0: command 0x0c1a tx timeout [ 702.692343][T15352] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 702.721223][T15352] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 702.730533][T15352] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 702.749611][T15352] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 703.485886][T15363] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 703.492165][T15363] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 703.502415][T15363] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 703.509793][T15367] FAULT_INJECTION: forcing a failure. [ 703.509793][T15367] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 703.606154][T15363] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 703.621301][T15367] CPU: 1 UID: 0 PID: 15367 Comm: syz.3.2194 Not tainted syzkaller #0 PREEMPT(full) [ 703.621343][T15367] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 703.621362][T15367] Call Trace: [ 703.621372][T15367] [ 703.621383][T15367] dump_stack_lvl+0x100/0x190 [ 703.621439][T15367] should_fail_ex.cold+0x5/0xa [ 703.621479][T15367] _copy_to_user+0x32/0xd0 [ 703.621524][T15367] simple_read_from_buffer+0xcb/0x170 [ 703.621592][T15367] proc_fail_nth_read+0x1af/0x230 [ 703.621638][T15367] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 703.621684][T15367] ? rw_verify_area+0xce/0x6d0 [ 703.621734][T15367] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 703.621779][T15367] vfs_read+0x1e4/0xb30 [ 703.621829][T15367] ? __pfx_vfs_read+0x10/0x10 [ 703.621858][T15367] ? __fget_files+0x215/0x3d0 [ 703.621898][T15367] ? __fget_files+0x21f/0x3d0 [ 703.621940][T15367] ksys_read+0x12a/0x250 [ 703.621971][T15367] ? __pfx_ksys_read+0x10/0x10 [ 703.622013][T15367] do_syscall_64+0x106/0xf80 [ 703.622045][T15367] ? clear_bhb_loop+0x40/0x90 [ 703.622084][T15367] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 703.622116][T15367] RIP: 0033:0x7eff8475d04e [ 703.622140][T15367] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 703.622169][T15367] RSP: 002b:00007eff85631fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 703.622198][T15367] RAX: ffffffffffffffda RBX: 00007eff856326c0 RCX: 00007eff8475d04e [ 703.622219][T15367] RDX: 000000000000000f RSI: 00007eff856320a0 RDI: 0000000000000004 [ 703.622238][T15367] RBP: 00007eff85632090 R08: 0000000000000000 R09: 0000000000000000 [ 703.622257][T15367] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 703.622275][T15367] R13: 00007eff84a16128 R14: 00007eff84a16090 R15: 00007fff210de648 [ 703.622317][T15367] [ 704.602659][T15388] program syz.2.2198 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 705.512550][ T5829] Bluetooth: hci3: command 0x0c1a tx timeout [ 705.518894][ T51] Bluetooth: hci1: command 0x0c1a tx timeout [ 705.526569][ T5146] Bluetooth: hci2: command 0x0c1a tx timeout [ 705.586369][ T5829] Bluetooth: hci0: command 0x0c1a tx timeout [ 705.774859][T15407] FAULT_INJECTION: forcing a failure. [ 705.774859][T15407] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 705.837353][T15407] CPU: 0 UID: 0 PID: 15407 Comm: syz.2.2202 Not tainted syzkaller #0 PREEMPT(full) [ 705.837400][T15407] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 705.837420][T15407] Call Trace: [ 705.837431][T15407] [ 705.837444][T15407] dump_stack_lvl+0x100/0x190 [ 705.837501][T15407] should_fail_ex.cold+0x5/0xa [ 705.837536][T15407] ? prepare_alloc_pages+0x16d/0x5f0 [ 705.837583][T15407] should_fail_alloc_page+0xeb/0x140 [ 705.837627][T15407] prepare_alloc_pages+0x1f0/0x5f0 [ 705.837676][T15407] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 705.837744][T15407] ? __lock_acquire+0x4a5/0x2630 [ 705.837803][T15407] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 705.837863][T15407] ? do_raw_spin_lock+0x128/0x260 [ 705.837918][T15407] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 705.837974][T15407] ? find_held_lock+0x2b/0x80 [ 705.838021][T15407] ? __lock_acquire+0x4a5/0x2630 [ 705.838066][T15407] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 705.838105][T15407] ? policy_nodemask+0xed/0x4f0 [ 705.838147][T15407] alloc_pages_mpol+0x1fb/0x550 [ 705.838187][T15407] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 705.838226][T15407] ? __folio_batch_add_and_move+0x5e5/0xc60 [ 705.838260][T15407] ? __folio_batch_add_and_move+0x5e5/0xc60 [ 705.838309][T15407] folio_alloc_mpol_noprof+0x36/0x340 [ 705.838359][T15407] shmem_alloc_folio+0x135/0x160 [ 705.838405][T15407] shmem_alloc_and_add_folio+0x371/0xd40 [ 705.838471][T15407] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 705.838531][T15407] ? shmem_allowable_huge_orders+0x2bd/0x400 [ 705.838599][T15407] shmem_get_folio_gfp+0x6ab/0x1900 [ 705.838663][T15407] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 705.838723][T15407] ? filemap_map_pages+0xe4c/0x2010 [ 705.838791][T15407] shmem_fault+0x1f9/0xa20 [ 705.838847][T15407] ? __pfx_shmem_fault+0x10/0x10 [ 705.838912][T15407] ? __pfx_filemap_map_pages+0x10/0x10 [ 705.838980][T15407] __do_fault+0x10d/0x550 [ 705.839019][T15407] do_fault+0xabb/0x18e0 [ 705.839069][T15407] __handle_mm_fault+0x1815/0x2b60 [ 705.839126][T15407] ? mt_find+0x45e/0x8e0 [ 705.839167][T15407] ? __pfx___handle_mm_fault+0x10/0x10 [ 705.839215][T15407] ? __pfx_mt_find+0x10/0x10 [ 705.839280][T15407] ? find_vma+0xbf/0x140 [ 705.839322][T15407] ? __pfx_find_vma+0x10/0x10 [ 705.839362][T15407] handle_mm_fault+0x36d/0xa20 [ 705.839421][T15407] do_user_addr_fault+0x74c/0x12f0 [ 705.839469][T15407] exc_page_fault+0x6f/0xd0 [ 705.839505][T15407] asm_exc_page_fault+0x26/0x30 [ 705.839540][T15407] RIP: 0010:rep_movs_alternative+0x4a/0x90 [ 705.839591][T15407] Code: 93 04 00 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 73 e8 eb c5 a4 e9 cf 93 04 00 48 8b 06 48 89 07 48 8d 47 08 48 83 e0 f8 48 [ 705.839624][T15407] RSP: 0018:ffffc9000e5bf428 EFLAGS: 00050202 [ 705.839650][T15407] RAX: 0000000000000001 RBX: 000000000000ff04 RCX: 0000000000004f04 [ 705.839671][T15407] RDX: 0000000000000001 RSI: 000000000000b000 RDI: ffff88805178b010 [ 705.839692][T15407] RBP: ffffc9000e5bfb40 R08: 0000000000000001 R09: ffffed100a2f1fe2 [ 705.839714][T15407] R10: ffff88805178ff13 R11: 0000000000000000 R12: 0000000000000000 [ 705.839734][T15407] R13: 0000000000000000 R14: 000000000000ff04 R15: ffffc9000e5bfb48 [ 705.839778][T15407] _copy_from_iter+0x498/0x1690 [ 705.839837][T15407] ? __pfx__copy_from_iter+0x10/0x10 [ 705.839882][T15407] ? sctp_addto_chunk+0xfa/0x2a0 [ 705.839938][T15407] ? __asan_memcpy+0x3c/0x60 [ 705.839988][T15407] ? sctp_make_datafrag_empty+0x1a4/0x230 [ 705.840047][T15407] ? __pfx_sctp_make_datafrag_empty+0x10/0x10 [ 705.840110][T15407] sctp_user_addto_chunk+0x84/0x240 [ 705.840151][T15407] sctp_datamsg_from_user+0x60b/0x1360 [ 705.840222][T15407] sctp_sendmsg_to_asoc+0xb1c/0x1c50 [ 705.840262][T15407] ? __asan_memmove+0x30/0x60 [ 705.840321][T15407] ? sctp_assoc_set_primary+0x276/0x310 [ 705.840364][T15407] ? sctp_assoc_add_peer+0x252/0x14f0 [ 705.840416][T15407] ? __pfx_sctp_sendmsg_to_asoc+0x10/0x10 [ 705.840455][T15407] ? sctp_connect_new_asoc+0x41e/0x770 [ 705.840503][T15407] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 705.840558][T15407] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 705.840600][T15407] sctp_sendmsg+0x1185/0x22b0 [ 705.840657][T15407] ? __pfx_sctp_sendmsg+0x10/0x10 [ 705.840701][T15407] ? __lock_acquire+0x4a5/0x2630 [ 705.840753][T15407] ? aa_sk_perm+0x309/0xaa0 [ 705.840803][T15407] ? __pfx_aa_sk_perm+0x10/0x10 [ 705.840860][T15407] ? __pfx_sctp_sendmsg+0x10/0x10 [ 705.840909][T15407] inet_sendmsg+0x11c/0x140 [ 705.840957][T15407] ____sys_sendmsg+0x98d/0xb70 [ 705.841000][T15407] ? __pfx_inet_sendmsg+0x10/0x10 [ 705.841048][T15407] ? __pfx_____sys_sendmsg+0x10/0x10 [ 705.841097][T15407] ? futex_unqueue+0x133/0x2c0 [ 705.841153][T15407] ___sys_sendmsg+0x190/0x1e0 [ 705.841201][T15407] ? __pfx____sys_sendmsg+0x10/0x10 [ 705.841246][T15407] ? __pfx___futex_wait+0x10/0x10 [ 705.841307][T15407] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 705.841382][T15407] ? find_held_lock+0x2b/0x80 [ 705.841444][T15407] __sys_sendmmsg+0x205/0x430 [ 705.841484][T15407] ? __pfx___sys_sendmmsg+0x10/0x10 [ 705.841531][T15407] ? __pfx_do_futex+0x10/0x10 [ 705.841599][T15407] ? xfd_validate_state+0x129/0x190 [ 705.841661][T15407] __x64_sys_sendmmsg+0x9c/0x100 [ 705.841695][T15407] ? lockdep_hardirqs_on+0x78/0x100 [ 705.841732][T15407] do_syscall_64+0x106/0xf80 [ 705.841767][T15407] ? clear_bhb_loop+0x40/0x90 [ 705.841809][T15407] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 705.841843][T15407] RIP: 0033:0x7f3a3bb9c819 [ 705.841870][T15407] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 705.841903][T15407] RSP: 002b:00007f3a39dee028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 705.841935][T15407] RAX: ffffffffffffffda RBX: 00007f3a3be15fa0 RCX: 00007f3a3bb9c819 [ 705.841958][T15407] RDX: 0000000000000005 RSI: 0000200000000140 RDI: 0000000000000006 [ 705.841979][T15407] RBP: 00007f3a3bc32c91 R08: 0000000000000000 R09: 0000000000000000 [ 705.841999][T15407] R10: 0000000000000311 R11: 0000000000000246 R12: 0000000000000000 [ 705.842019][T15407] R13: 00007f3a3be16038 R14: 00007f3a3be15fa0 R15: 00007ffd36750008 [ 705.842064][T15407] [ 706.357487][ T0] NOHZ tick-stop error: local softirq work is pending, handler #82!!! [ 706.740918][T15414] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 706.765565][T15414] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 706.787888][T15414] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 706.794248][T15414] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 707.792859][T15432] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 707.823456][T15432] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 707.848115][T15432] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 708.088714][T15432] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 709.828717][ T5829] Bluetooth: hci1: command 0x0c1a tx timeout [ 709.836098][ T5146] Bluetooth: hci2: command 0x0c1a tx timeout [ 709.911246][ T5146] Bluetooth: hci3: command 0x0c1a tx timeout [ 710.148595][ T5146] Bluetooth: hci0: command 0x0c1a tx timeout [ 711.021242][T15475] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 711.027524][T15475] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 711.034429][T15475] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 711.101929][T15475] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 711.776025][T15482] Process accounting resumed [ 712.060766][T15480] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 712.073892][T15480] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 712.099712][T15480] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 712.126200][T15487] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2218'. [ 712.135476][T15480] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 712.159036][T15487] mac80211_hwsim hwsim8 wlan1: entered promiscuous mode [ 712.404443][T15487] mac80211_hwsim hwsim8 wlan1: entered allmulticast mode [ 713.091357][T15501] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 713.098684][T15501] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 713.105246][T15501] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 713.112154][T15501] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 713.247732][T15508] aoe: copy from user failed [ 713.254191][T15508] aoe: could not set interface list: too many interfaces [ 715.121124][ T5829] Bluetooth: hci1: command 0x0c1a tx timeout [ 715.122535][ T5146] Bluetooth: hci2: command 0x0c1a tx timeout [ 715.195352][ T5146] Bluetooth: hci0: command 0x0c1a tx timeout [ 715.197357][ T5829] Bluetooth: hci3: command 0x0c1a tx timeout [ 715.370251][T15546] aoe: copy from user failed [ 715.380934][T15546] aoe: could not set interface list: too many interfaces [ 715.977698][T15556] aoe: copy from user failed [ 716.009385][T15556] aoe: could not set interface list: too many interfaces [ 716.866201][T15568] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(3) [ 717.822772][T15586] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 717.985862][T15586] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 718.092832][T15586] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 718.140455][T15586] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 718.570791][T15600] aoe: copy from user failed [ 718.590524][T15600] aoe: could not set interface list: too many interfaces [ 719.068934][T15604] mkiss: ax0: crc mode is auto. [ 719.536224][T15611] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 719.544906][T15611] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 719.553548][T15611] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 719.559863][T15611] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 720.125156][T15626] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(3) [ 720.553506][T15636] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2253'. [ 720.610612][T15638] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2254'. [ 720.621244][T15638] capability: warning: `syz.1.2254' uses 32-bit capabilities (legacy support in use) [ 721.218748][T15643] FAULT_INJECTION: forcing a failure. [ 721.218748][T15643] name failslab, interval 1, probability 0, space 0, times 0 [ 721.231642][T15643] CPU: 1 UID: 0 PID: 15643 Comm: syz.1.2256 Not tainted syzkaller #0 PREEMPT(full) [ 721.231687][T15643] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 721.231709][T15643] Call Trace: [ 721.231721][T15643] [ 721.231733][T15643] dump_stack_lvl+0x100/0x190 [ 721.231795][T15643] should_fail_ex.cold+0x5/0xa [ 721.231837][T15643] should_failslab+0xc2/0x120 [ 721.231879][T15643] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 721.231934][T15643] ? alloc_empty_file+0x55/0x1c0 [ 721.231979][T15643] ? __pfx_stack_trace_save+0x10/0x10 [ 721.232022][T15643] alloc_empty_file+0x55/0x1c0 [ 721.232069][T15643] path_openat+0xe8/0x31a0 [ 721.232105][T15643] ? kasan_save_stack+0x3f/0x50 [ 721.232137][T15643] ? kasan_save_stack+0x30/0x50 [ 721.232167][T15643] ? kasan_save_track+0x14/0x30 [ 721.232198][T15643] ? __kasan_slab_alloc+0x89/0x90 [ 721.232231][T15643] ? kmem_cache_alloc_noprof+0x241/0x6e0 [ 721.232286][T15643] ? do_getname+0x35/0x390 [ 721.232339][T15643] ? do_sys_openat2+0xc5/0x1e0 [ 721.232386][T15643] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 721.232428][T15643] ? __pfx_path_openat+0x10/0x10 [ 721.232482][T15643] do_file_open+0x20e/0x430 [ 721.232525][T15643] ? __pfx_do_file_open+0x10/0x10 [ 721.232594][T15643] ? alloc_fd+0x476/0x790 [ 721.232635][T15643] ? do_getname+0x191/0x390 [ 721.232685][T15643] do_sys_openat2+0x10d/0x1e0 [ 721.232733][T15643] ? __pfx_do_sys_openat2+0x10/0x10 [ 721.232785][T15643] ? __fget_files+0x21f/0x3d0 [ 721.232828][T15643] __x64_sys_openat+0x12d/0x210 [ 721.232880][T15643] ? __pfx___x64_sys_openat+0x10/0x10 [ 721.232945][T15643] do_syscall_64+0x106/0xf80 [ 721.232981][T15643] ? clear_bhb_loop+0x40/0x90 [ 721.233025][T15643] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 721.233060][T15643] RIP: 0033:0x7f588db9c819 [ 721.233089][T15643] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 721.233123][T15643] RSP: 002b:00007f588eaaa028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 721.233157][T15643] RAX: ffffffffffffffda RBX: 00007f588de15fa0 RCX: 00007f588db9c819 [ 721.233180][T15643] RDX: 0000000000000001 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 721.233202][T15643] RBP: 00007f588dc32c91 R08: 0000000000000000 R09: 0000000000000000 [ 721.233223][T15643] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 721.233243][T15643] R13: 00007f588de16038 R14: 00007f588de15fa0 R15: 00007fff8df4ff18 [ 721.233287][T15643] [ 721.536574][T15648] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2258'. [ 721.767627][ T5146] Bluetooth: hci0: command 0x0c1a tx timeout [ 721.767653][ T5829] Bluetooth: hci3: command 0x0c1a tx timeout [ 721.773726][ T5146] Bluetooth: hci1: command 0x0c1a tx timeout [ 721.790519][ T51] Bluetooth: hci2: command 0x0c1a tx timeout [ 721.886848][T15651] FAULT_INJECTION: forcing a failure. [ 721.886848][T15651] name failslab, interval 1, probability 0, space 0, times 0 [ 721.924635][T15651] CPU: 0 UID: 0 PID: 15651 Comm: syz.3.2257 Not tainted syzkaller #0 PREEMPT(full) [ 721.924688][T15651] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 721.924706][T15651] Call Trace: [ 721.924716][T15651] [ 721.924728][T15651] dump_stack_lvl+0x100/0x190 [ 721.924778][T15651] should_fail_ex.cold+0x5/0xa [ 721.924836][T15651] should_failslab+0xc2/0x120 [ 721.924873][T15651] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 721.924935][T15651] ? skb_clone+0x190/0x400 [ 721.924967][T15651] skb_clone+0x190/0x400 [ 721.924994][T15651] netlink_deliver_tap+0xaed/0xcc0 [ 721.925030][T15651] netlink_unicast+0x650/0x870 [ 721.925064][T15651] ? __pfx_netlink_unicast+0x10/0x10 [ 721.925105][T15651] netlink_sendmsg+0x8b0/0xda0 [ 721.925140][T15651] ? __pfx_netlink_sendmsg+0x10/0x10 [ 721.925168][T15651] ? __import_iovec+0x1d2/0x640 [ 721.925207][T15651] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 721.925240][T15651] ____sys_sendmsg+0x9e1/0xb70 [ 721.925279][T15651] ? __pfx_netlink_sendmsg+0x10/0x10 [ 721.925311][T15651] ? __pfx_____sys_sendmsg+0x10/0x10 [ 721.925360][T15651] ___sys_sendmsg+0x190/0x1e0 [ 721.925398][T15651] ? __pfx____sys_sendmsg+0x10/0x10 [ 721.925472][T15651] __sys_sendmsg+0x170/0x220 [ 721.925499][T15651] ? __pfx___sys_sendmsg+0x10/0x10 [ 721.925546][T15651] do_syscall_64+0x106/0xf80 [ 721.925573][T15651] ? clear_bhb_loop+0x40/0x90 [ 721.925606][T15651] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 721.925633][T15651] RIP: 0033:0x7eff8479c819 [ 721.925654][T15651] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 721.925680][T15651] RSP: 002b:00007eff85632028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 721.925705][T15651] RAX: ffffffffffffffda RBX: 00007eff84a16090 RCX: 00007eff8479c819 [ 721.925723][T15651] RDX: 0000000000000000 RSI: 0000200000003a80 RDI: 0000000000000003 [ 721.925739][T15651] RBP: 00007eff85632090 R08: 0000000000000000 R09: 0000000000000000 [ 721.925754][T15651] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 721.925770][T15651] R13: 00007eff84a16128 R14: 00007eff84a16090 R15: 00007fff210de648 [ 721.925804][T15651] [ 721.925869][T15651] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2257'. [ 722.186418][T15650] FAULT_INJECTION: forcing a failure. [ 722.186418][T15650] name failslab, interval 1, probability 0, space 0, times 0 [ 722.215639][T15650] CPU: 0 UID: 0 PID: 15650 Comm: syz.2.2258 Not tainted syzkaller #0 PREEMPT(full) [ 722.215682][T15650] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 722.215702][T15650] Call Trace: [ 722.215713][T15650] [ 722.215726][T15650] dump_stack_lvl+0x100/0x190 [ 722.215790][T15650] should_fail_ex.cold+0x5/0xa [ 722.215820][T15650] should_failslab+0xc2/0x120 [ 722.215848][T15650] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 722.215886][T15650] ? vm_area_alloc+0x1f/0x160 [ 722.215919][T15650] ? vma_merge_new_range+0x38b/0xa30 [ 722.215961][T15650] vm_area_alloc+0x1f/0x160 [ 722.215995][T15650] __mmap_region+0x118c/0x2a50 [ 722.216050][T15650] ? __pfx___mmap_region+0x10/0x10 [ 722.216085][T15650] ? process_measurement+0x1f4/0x2350 [ 722.216116][T15650] ? __pfx_css_rstat_updated+0x10/0x10 [ 722.216159][T15650] ? __lock_acquire+0x4a5/0x2630 [ 722.216204][T15650] ? lock_acquire+0x1cf/0x380 [ 722.216234][T15650] ? find_held_lock+0x2b/0x80 [ 722.216274][T15650] ? trace_sched_exit_tp+0x13a/0x180 [ 722.216343][T15650] ? rcu_is_watching+0x12/0xc0 [ 722.216381][T15650] ? cap_capable+0x107/0x460 [ 722.216411][T15650] mmap_region+0x180/0x3e0 [ 722.216454][T15650] do_mmap+0xc63/0x12f0 [ 722.216488][T15650] ? __pfx_do_mmap+0x10/0x10 [ 722.216516][T15650] ? __pfx_down_write_killable+0x10/0x10 [ 722.216553][T15650] vm_mmap_pgoff+0x29e/0x470 [ 722.216588][T15650] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 722.216619][T15650] ? do_futex+0x192/0x350 [ 722.216652][T15650] ? __pfx_do_futex+0x10/0x10 [ 722.216691][T15650] ksys_mmap_pgoff+0xe1/0x650 [ 722.216718][T15650] ? __x64_sys_futex+0x34f/0x4d0 [ 722.216791][T15650] ? __x64_sys_futex+0x358/0x4d0 [ 722.216839][T15650] ? __pfx_ksys_mmap_pgoff+0x10/0x10 [ 722.216884][T15650] ? xfd_validate_state+0x129/0x190 [ 722.216926][T15650] __x64_sys_mmap+0x125/0x190 [ 722.216967][T15650] do_syscall_64+0x106/0xf80 [ 722.216992][T15650] ? clear_bhb_loop+0x40/0x90 [ 722.217029][T15650] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 722.217054][T15650] RIP: 0033:0x7f3a3bb9c819 [ 722.217073][T15650] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 722.217096][T15650] RSP: 002b:00007f3a39dcd028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 722.217119][T15650] RAX: ffffffffffffffda RBX: 00007f3a3be16090 RCX: 00007f3a3bb9c819 [ 722.217135][T15650] RDX: 0000000000000003 RSI: 0000000002020009 RDI: 0000000000000000 [ 722.217149][T15650] RBP: 00007f3a3bc32c91 R08: fffffffffffffffa R09: 0000000000008000 [ 722.217164][T15650] R10: 0000000000000eb1 R11: 0000000000000246 R12: 0000000000000000 [ 722.217178][T15650] R13: 00007f3a3be16128 R14: 00007f3a3be16090 R15: 00007ffd36750008 [ 722.217209][T15650] [ 723.678689][T15667] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 723.685056][T15667] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 723.693812][T15667] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 723.746278][T15667] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 724.661936][T15677] Process accounting resumed [ 724.797739][T15683] netlink: 202 bytes leftover after parsing attributes in process `syz.2.2265'. [ 724.823751][T15688] sock: sock_timestamping_bind_phc: sock not bind to device [ 725.426389][T15700] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 725.433591][T15700] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 725.449823][T15700] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 725.456061][T15700] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 726.197486][T15708] Process accounting resumed [ 726.322902][T15718] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2272'. [ 727.056273][T15729] FAULT_INJECTION: forcing a failure. [ 727.056273][T15729] name failslab, interval 1, probability 0, space 0, times 0 [ 727.091499][T15729] CPU: 0 UID: 0 PID: 15729 Comm: syz.0.2274 Not tainted syzkaller #0 PREEMPT(full) [ 727.091530][T15729] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 727.091544][T15729] Call Trace: [ 727.091551][T15729] [ 727.091560][T15729] dump_stack_lvl+0x100/0x190 [ 727.091624][T15729] should_fail_ex.cold+0x5/0xa [ 727.091653][T15729] ? tomoyo_realpath_from_path+0xb6/0x690 [ 727.091688][T15729] should_failslab+0xc2/0x120 [ 727.091714][T15729] __kmalloc_noprof+0xe0/0x850 [ 727.091757][T15729] tomoyo_realpath_from_path+0xb6/0x690 [ 727.091797][T15729] tomoyo_path_number_perm+0x23c/0x580 [ 727.091825][T15729] ? tomoyo_path_number_perm+0x22e/0x580 [ 727.091855][T15729] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 727.091913][T15729] ? find_held_lock+0x2b/0x80 [ 727.091935][T15729] ? __fget_files+0x215/0x3d0 [ 727.091956][T15729] ? hook_file_ioctl_common+0x146/0x410 [ 727.091992][T15729] ? __fget_files+0x21f/0x3d0 [ 727.092019][T15729] security_file_ioctl+0xd3/0x230 [ 727.092051][T15729] __x64_sys_ioctl+0xb7/0x210 [ 727.092088][T15729] do_syscall_64+0x106/0xf80 [ 727.092112][T15729] ? clear_bhb_loop+0x40/0x90 [ 727.092140][T15729] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 727.092163][T15729] RIP: 0033:0x7ff0e539c819 [ 727.092181][T15729] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 727.092204][T15729] RSP: 002b:00007ff0e6204028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 727.092226][T15729] RAX: ffffffffffffffda RBX: 00007ff0e5616090 RCX: 00007ff0e539c819 [ 727.092241][T15729] RDX: 00002000000001c0 RSI: fffffff7effffd06 RDI: 0000000000000005 [ 727.092256][T15729] RBP: 00007ff0e6204090 R08: 0000000000000000 R09: 0000000000000000 [ 727.092270][T15729] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 727.092283][T15729] R13: 00007ff0e5616128 R14: 00007ff0e5616090 R15: 00007ffc326617b8 [ 727.092313][T15729] [ 727.092322][T15729] ERROR: Out of memory at tomoyo_realpath_from_path. [ 727.331097][T15733] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2276'. [ 727.517699][T10549] Bluetooth: hci3: command 0x0c1a tx timeout [ 727.517707][ T5829] Bluetooth: hci2: command 0x0c1a tx timeout [ 727.528581][T10549] Bluetooth: hci0: command 0x0c1a tx timeout [ 727.530134][ T51] Bluetooth: hci1: command 0x0c1a tx timeout [ 728.001543][T15738] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 728.028845][T15738] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 728.049178][T15738] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 728.087663][T15738] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 728.379681][T15751] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2281'. [ 729.214602][T15764] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 729.221517][T15764] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 729.229884][T15764] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 729.249646][T15764] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 729.688982][T15769] delete_channel: no stack [ 730.001483][T15774] delete_channel: no stack [ 731.279456][ T51] Bluetooth: hci0: command 0x0c1a tx timeout [ 731.285525][ T51] Bluetooth: hci3: command 0x0c1a tx timeout [ 731.291712][T10549] Bluetooth: hci1: command 0x0c1a tx timeout [ 731.297743][T10549] Bluetooth: hci2: command 0x0c1a tx timeout [ 732.567507][ T30] audit: type=1804 audit(1775710883.067:3): pid=15805 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.2292" name="/newroot/sys/kernel/tracing/set_event_pid" dev="tracefs" ino=1061 res=1 errno=0 [ 733.994911][T15833] FAULT_INJECTION: forcing a failure. [ 733.994911][T15833] name failslab, interval 1, probability 0, space 0, times 0 [ 734.038351][T15833] CPU: 0 UID: 0 PID: 15833 Comm: syz.0.2297 Not tainted syzkaller #0 PREEMPT(full) [ 734.038391][T15833] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 734.038408][T15833] Call Trace: [ 734.038418][T15833] [ 734.038429][T15833] dump_stack_lvl+0x100/0x190 [ 734.038488][T15833] should_fail_ex.cold+0x5/0xa [ 734.038525][T15833] ? tomoyo_realpath_from_path+0xb6/0x690 [ 734.038571][T15833] should_failslab+0xc2/0x120 [ 734.038606][T15833] __kmalloc_noprof+0xe0/0x850 [ 734.038665][T15833] tomoyo_realpath_from_path+0xb6/0x690 [ 734.038724][T15833] tomoyo_path_number_perm+0x23c/0x580 [ 734.038764][T15833] ? tomoyo_path_number_perm+0x22e/0x580 [ 734.038808][T15833] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 734.038887][T15833] ? find_held_lock+0x2b/0x80 [ 734.038918][T15833] ? __fget_files+0x215/0x3d0 [ 734.038948][T15833] ? hook_file_ioctl_common+0x146/0x410 [ 734.039000][T15833] ? __fget_files+0x21f/0x3d0 [ 734.039039][T15833] security_file_ioctl+0xd3/0x230 [ 734.039091][T15833] __x64_sys_ioctl+0xb7/0x210 [ 734.039145][T15833] do_syscall_64+0x106/0xf80 [ 734.039178][T15833] ? clear_bhb_loop+0x40/0x90 [ 734.039220][T15833] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 734.039254][T15833] RIP: 0033:0x7ff0e539c819 [ 734.039279][T15833] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 734.039310][T15833] RSP: 002b:00007ff0e6225028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 734.039341][T15833] RAX: ffffffffffffffda RBX: 00007ff0e5615fa0 RCX: 00007ff0e539c819 [ 734.039361][T15833] RDX: 00002000000001c0 RSI: 0000000040095505 RDI: 0000000000000003 [ 734.039382][T15833] RBP: 00007ff0e6225090 R08: 0000000000000000 R09: 0000000000000000 [ 734.039401][T15833] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 734.039419][T15833] R13: 00007ff0e5616038 R14: 00007ff0e5615fa0 R15: 00007ffc326617b8 [ 734.039462][T15833] [ 734.039474][T15833] ERROR: Out of memory at tomoyo_realpath_from_path. [ 735.736891][T15843] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 735.756855][T15843] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 735.788786][T15843] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 735.821769][T15843] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 736.559762][T15861] aoe: copy from user failed [ 736.565823][T15861] aoe: could not set interface list: too many interfaces [ 736.903038][T15858] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 736.922530][T15858] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 736.930991][T15858] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 736.938338][T15858] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 737.872587][T15874] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2306'. [ 738.966288][ T51] Bluetooth: hci1: command 0x0c1a tx timeout [ 738.972393][ T51] Bluetooth: hci2: command 0x0c1a tx timeout [ 738.973229][T10549] Bluetooth: hci0: command 0x0c1a tx timeout [ 738.980411][ T51] Bluetooth: hci3: command 0x0c1a tx timeout [ 739.145070][T15882] delete_channel: no stack [ 739.753463][ T0] NOHZ tick-stop error: local softirq work is pending, handler #42!!! [ 740.242699][T15892] FAULT_INJECTION: forcing a failure. [ 740.242699][T15892] name failslab, interval 1, probability 0, space 0, times 0 [ 740.281398][T15892] CPU: 1 UID: 0 PID: 15892 Comm: syz.2.2310 Not tainted syzkaller #0 PREEMPT(full) [ 740.281429][T15892] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 740.281443][T15892] Call Trace: [ 740.281451][T15892] [ 740.281459][T15892] dump_stack_lvl+0x100/0x190 [ 740.281500][T15892] should_fail_ex.cold+0x5/0xa [ 740.281528][T15892] should_failslab+0xc2/0x120 [ 740.281555][T15892] __kvmalloc_node_noprof+0xfa/0xa00 [ 740.281578][T15892] ? seq_read_iter+0x819/0x1270 [ 740.281606][T15892] seq_read_iter+0x819/0x1270 [ 740.281647][T15892] seq_read+0x33b/0x4c0 [ 740.281669][T15892] ? __pfx_seq_read+0x10/0x10 [ 740.281688][T15892] ? __pfx___might_resched+0x10/0x10 [ 740.281741][T15892] ? rw_verify_area+0xce/0x6d0 [ 740.281776][T15892] ? __pfx_seq_read+0x10/0x10 [ 740.281798][T15892] vfs_read+0x1e4/0xb30 [ 740.281824][T15892] ? __pfx_vfs_read+0x10/0x10 [ 740.281845][T15892] ? __fget_files+0x215/0x3d0 [ 740.281876][T15892] ? __fget_files+0x21f/0x3d0 [ 740.281909][T15892] ksys_read+0x12a/0x250 [ 740.281931][T15892] ? __pfx_ksys_read+0x10/0x10 [ 740.281962][T15892] do_syscall_64+0x106/0xf80 [ 740.281985][T15892] ? clear_bhb_loop+0x40/0x90 [ 740.282014][T15892] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 740.282037][T15892] RIP: 0033:0x7f3a3bb9c819 [ 740.282055][T15892] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 740.282078][T15892] RSP: 002b:00007f3a39dee028 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 740.282100][T15892] RAX: ffffffffffffffda RBX: 00007f3a3be15fa0 RCX: 00007f3a3bb9c819 [ 740.282116][T15892] RDX: 00000000000000e4 RSI: 0000200000000040 RDI: 0000000000000003 [ 740.282130][T15892] RBP: 00007f3a39dee090 R08: 0000000000000000 R09: 0000000000000000 [ 740.282144][T15892] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 740.282157][T15892] R13: 00007f3a3be16038 R14: 00007f3a3be15fa0 R15: 00007ffd36750008 [ 740.282187][T15892] [ 741.412137][T15906] aoe: copy from user failed [ 741.436164][T15906] aoe: could not set interface list: too many interfaces [ 741.598806][T15902] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 741.620720][T15902] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 741.798190][T15902] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 741.819041][T15902] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 742.217654][T15899] Process accounting paused [ 743.418056][T15931] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 743.486661][T15931] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 743.507260][T15931] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 743.518274][T15931] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 744.886134][T15946] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 744.904472][T15946] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 744.920804][T15946] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 744.941278][T15946] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 745.496637][T15967] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 745.502916][T15967] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 745.547500][T15967] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 745.553615][T15967] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 746.050787][T15974] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 746.073698][T15974] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 746.089234][T15974] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 746.176743][T15974] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 746.260847][T15978] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2332'. [ 747.085548][T15993] delete_channel: no stack [ 747.621197][ T1304] ieee802154 phy0 wpan0: encryption failed: -22 [ 747.631215][ T1304] ieee802154 phy1 wpan1: encryption failed: -22 [ 748.087659][T10549] Bluetooth: hci1: command 0x0c1a tx timeout [ 748.092716][ T51] Bluetooth: hci2: command 0x0c1a tx timeout [ 748.177969][ T51] Bluetooth: hci0: command 0x0c1a tx timeout [ 748.177989][T10549] Bluetooth: hci3: command 0x0c1a tx timeout [ 748.237391][T16008] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 748.484938][T16008] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 748.919099][T16008] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 748.949111][T16008] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 748.990715][T16019] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2342'. [ 750.257451][T10549] Bluetooth: hci2: command 0x0c1a tx timeout [ 750.395947][T16036] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 750.402275][T16036] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 750.418148][T16036] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 750.436507][T16036] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 751.272457][T16044] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 751.278629][T16044] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 751.359549][T16044] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 751.369932][T16044] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 751.423930][ T51] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 751.433848][ T51] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 751.442291][ T51] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 751.454477][ T51] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 751.467646][ T51] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 751.871083][ T58] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 752.050336][ T58] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 752.320296][ T58] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 752.461447][T16063] block2mtd: Using custom MTD label '' for dev [ 752.480184][T16063] block2mtd: error: cannot open device [ 752.509307][ T58] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 753.302388][ T51] Bluetooth: hci1: command 0x0c1a tx timeout [ 753.309693][T16071] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 753.350502][T16071] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 753.367978][T16071] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 753.390670][T16071] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 753.397423][T16071] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 753.457865][T16071] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 753.533451][T16047] chnl_net:caif_netlink_parms(): no params data found [ 753.652557][ T58] netdevsim netdevsim1335 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 754.064042][T16047] bridge0: port 1(bridge_slave_0) entered blocking state [ 754.098601][T16047] bridge0: port 1(bridge_slave_0) entered disabled state [ 754.122841][T16047] bridge_slave_0: entered allmulticast mode [ 754.163279][T16047] bridge_slave_0: entered promiscuous mode [ 754.176514][T16047] bridge0: port 2(bridge_slave_1) entered blocking state [ 754.183943][T16047] bridge0: port 2(bridge_slave_1) entered disabled state [ 754.191666][T16047] bridge_slave_1: entered allmulticast mode [ 754.241752][T16047] bridge_slave_1: entered promiscuous mode [ 754.551026][T16093] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 754.558218][T16093] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 754.565245][T16093] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 754.576283][T16093] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 754.617552][T16047] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 754.657448][T16047] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 754.696944][ T58] bridge_slave_1: left allmulticast mode [ 754.708599][ T58] bridge_slave_1: left promiscuous mode [ 754.736801][ T58] bridge0: port 2(bridge_slave_1) entered disabled state [ 754.770989][ T58] bridge_slave_0: left allmulticast mode [ 754.783625][ T58] bridge_slave_0: left promiscuous mode [ 754.810735][ T58] bridge0: port 1(bridge_slave_0) entered disabled state [ 755.687648][ T58] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 755.702296][ T58] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 755.718519][ T58] bond0 (unregistering): Released all slaves [ 755.897121][T16047] team0: Port device team_slave_0 added [ 755.912417][T16105] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 755.927141][T16105] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 755.930670][T16047] team0: Port device team_slave_1 added [ 755.956202][T16105] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 755.977802][T16105] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 756.219415][T16047] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 756.237155][T16047] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 756.284755][T16047] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 756.313767][T16047] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 756.328082][T16047] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 756.354888][T16047] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 756.606844][T16123] delete_channel: no stack [ 756.770654][ T58] hsr_slave_0: left promiscuous mode [ 756.791119][ T58] hsr_slave_1: left promiscuous mode [ 756.805666][ T58] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 756.821202][T16126] aoe: copy from user failed [ 756.826086][ T58] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 756.836760][T16126] aoe: could not set interface list: too many interfaces [ 756.845946][ T58] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 756.872845][ T58] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 756.921486][ T58] veth1_macvtap: left promiscuous mode [ 756.939970][ T58] veth0_macvtap: left promiscuous mode [ 756.959163][ T58] veth1_vlan: left promiscuous mode [ 756.981747][ T58] veth0_vlan: left promiscuous mode [ 757.782191][ T58] team0 (unregistering): Port device team_slave_0 removed [ 757.972688][T10549] Bluetooth: hci3: command 0x0c1a tx timeout [ 757.973282][ T51] Bluetooth: hci1: command 0x0c1a tx timeout [ 758.018420][ T51] Bluetooth: hci4: command 0x041b tx timeout [ 758.018446][T10549] Bluetooth: hci0: command 0x0c1a tx timeout [ 758.308669][T16047] hsr_slave_0: entered promiscuous mode [ 758.319287][T16047] hsr_slave_1: entered promiscuous mode [ 758.334988][T16047] debugfs: 'hsr0' already exists in 'hsr' [ 758.352822][T16047] Cannot create hsr debugfs directory [ 758.906935][T16099] Process accounting paused [ 759.758602][T16172] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 759.774921][T16172] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 759.781330][T16172] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 759.810492][T16172] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 760.486167][T16047] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 760.527732][T16047] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 760.636591][T16187] delete_channel: no stack [ 760.663611][T16047] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 760.679284][T16047] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 761.068244][T16047] 8021q: adding VLAN 0 to HW filter on device bond0 [ 761.168258][T16047] 8021q: adding VLAN 0 to HW filter on device team0 [ 761.190375][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 761.197572][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 761.220196][T15890] bridge0: port 2(bridge_slave_1) entered blocking state [ 761.227494][T15890] bridge0: port 2(bridge_slave_1) entered forwarding state [ 761.236070][T16202] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 761.242245][T16202] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 761.284276][T16202] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 761.344556][T16202] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 761.441410][T16209] aoe: copy from user failed [ 761.446846][T16209] aoe: could not set interface list: too many interfaces [ 761.514571][T16204] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 761.524513][T16204] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 761.554819][T16204] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 761.577883][T16204] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 762.159267][T16227] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 762.165697][T16227] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 762.183871][T16227] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 762.254631][T16047] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 762.371194][T16047] veth0_vlan: entered promiscuous mode [ 762.429587][T16227] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 762.436322][T16047] veth1_vlan: entered promiscuous mode [ 762.543871][T16047] veth0_macvtap: entered promiscuous mode [ 762.556753][T16222] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 762.563033][T16222] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 762.615991][T16222] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 762.624577][T16222] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 762.654382][T16047] veth1_macvtap: entered promiscuous mode [ 762.695991][T16047] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 762.760329][T16047] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 762.798616][ T48] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 762.824297][ T48] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 762.864615][ T48] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 762.899951][ T48] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 762.998427][T16236] delete_channel: no stack [ 763.008185][T16238] delete_channel: no stack [ 763.151612][ T48] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 763.178834][ T48] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 763.262083][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 763.285487][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 763.595948][T16253] aoe: copy from user failed [ 763.656803][T16253] aoe: could not set interface list: too many interfaces [ 764.208367][T16247] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 764.217140][T16247] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 764.257793][T16247] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 764.286349][T16247] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 764.601452][T16272] aoe: copy from user failed [ 764.616052][T16272] aoe: could not set interface list: too many interfaces [ 765.148811][T10549] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 765.162091][T10549] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 765.180966][T10549] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 765.236856][T10549] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 765.246321][T10549] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 765.536341][ T51] Bluetooth: hci1: command 0x0c1a tx timeout [ 765.596470][T16288] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 765.654390][T16288] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 765.668427][T16288] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 765.680287][T16288] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 765.836827][T16288] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 765.892608][T16288] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 765.950703][T16288] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 766.549773][ T1163] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 766.646466][T16310] delete_channel: no stack [ 766.774958][ T1163] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 766.960497][ T1163] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 767.056215][ T1163] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 767.276359][T16282] chnl_net:caif_netlink_parms(): no params data found [ 767.700570][ T51] Bluetooth: hci4: command 0x041b tx timeout [ 767.703221][T10549] Bluetooth: hci0: command 0x0c1a tx timeout [ 767.708946][ T5146] Bluetooth: hci3: command 0x0c1a tx timeout [ 767.857970][ T51] Bluetooth: hci2: command 0x041b tx timeout [ 767.904165][ T1163] bridge_slave_1: left allmulticast mode [ 767.933985][ T1163] bridge_slave_1: left promiscuous mode [ 767.955704][ T1163] bridge0: port 2(bridge_slave_1) entered disabled state [ 767.997144][ T1163] bridge_slave_0: left allmulticast mode [ 768.005696][ T1163] bridge_slave_0: left promiscuous mode [ 768.017316][ T1163] bridge0: port 1(bridge_slave_0) entered disabled state [ 768.404048][T16355] hugetlbfs: syz.2.2390 (16355): Using mlock ulimits for SHM_HUGETLB is obsolete [ 768.653259][ T1163] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 768.735374][ T1163] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 768.789443][ T1163] bond0 (unregistering): Released all slaves [ 768.820718][T16282] bridge0: port 1(bridge_slave_0) entered blocking state [ 768.837047][T16282] bridge0: port 1(bridge_slave_0) entered disabled state [ 768.861464][T16282] bridge_slave_0: entered allmulticast mode [ 768.905124][T16282] bridge_slave_0: entered promiscuous mode [ 769.029973][T16282] bridge0: port 2(bridge_slave_1) entered blocking state [ 769.062870][T16282] bridge0: port 2(bridge_slave_1) entered disabled state [ 769.071934][T16282] bridge_slave_1: entered allmulticast mode [ 769.080969][T16282] bridge_slave_1: entered promiscuous mode [ 769.491446][T16282] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 769.600652][T16282] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 769.627899][ T1163] hsr_slave_0: left promiscuous mode [ 769.634334][ T1163] hsr_slave_1: left promiscuous mode [ 769.640889][ T1163] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 769.655006][ T1163] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 769.665389][ T1163] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 769.675237][ T1163] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 769.692912][ T1163] veth1_macvtap: left promiscuous mode [ 769.733891][ T1163] veth0_macvtap: left promiscuous mode [ 769.746636][ T1163] veth1_vlan: left promiscuous mode [ 769.756943][ T1163] veth0_vlan: left promiscuous mode [ 769.780198][ T51] Bluetooth: hci4: command 0x041b tx timeout [ 769.938496][ T51] Bluetooth: hci2: command 0x041b tx timeout [ 770.249277][ T1163] team0 (unregistering): Port device team_slave_1 removed [ 770.266143][ T1163] team0 (unregistering): Port device team_slave_0 removed [ 770.444238][T16371] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 770.465282][T16371] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 770.474982][T16282] team0: Port device team_slave_0 added [ 770.487084][T16371] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 770.506702][T16371] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 770.513301][T16282] team0: Port device team_slave_1 added [ 770.634301][T16282] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 770.655256][T16282] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 770.721659][T16282] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 770.747820][T16282] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 770.767797][T16282] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 770.829136][T16282] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 771.087468][T16282] hsr_slave_0: entered promiscuous mode [ 771.099933][T16282] hsr_slave_1: entered promiscuous mode [ 772.430047][T16408] random: crng reseeded on system resumption [ 772.504277][ T51] Bluetooth: hci4: command 0x041b tx timeout [ 772.513116][ T5146] Bluetooth: hci0: command 0x0c1a tx timeout [ 772.513134][T10549] Bluetooth: hci3: command 0x0c1a tx timeout [ 772.579766][ T5146] Bluetooth: hci2: command 0x041b tx timeout [ 772.630869][T16420] futex_wake_op: syz.1.2398 tries to shift op by -2048; fix this program [ 773.216016][T16428] Process accounting resumed [ 773.522756][T16282] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 773.605663][T16282] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 773.684104][T16282] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 773.744795][T16282] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 774.355309][T16282] 8021q: adding VLAN 0 to HW filter on device bond0 [ 774.454949][T16282] 8021q: adding VLAN 0 to HW filter on device team0 [ 774.511389][T16435] bridge0: port 1(bridge_slave_0) entered blocking state [ 774.518666][T16435] bridge0: port 1(bridge_slave_0) entered forwarding state [ 774.581197][T16437] Bluetooth: hci4: command 0x041b tx timeout [ 774.659299][T16435] bridge0: port 2(bridge_slave_1) entered blocking state [ 774.666478][T16435] bridge0: port 2(bridge_slave_1) entered forwarding state [ 774.674109][T16437] Bluetooth: hci2: command 0x041b tx timeout [ 775.188806][T16470] FAULT_INJECTION: forcing a failure. [ 775.188806][T16470] name failslab, interval 1, probability 0, space 0, times 0 [ 775.241442][T16470] CPU: 1 UID: 0 PID: 16470 Comm: syz.1.2401 Not tainted syzkaller #0 PREEMPT(full) [ 775.241487][T16470] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 775.241507][T16470] Call Trace: [ 775.241518][T16470] [ 775.241530][T16470] dump_stack_lvl+0x100/0x190 [ 775.241604][T16470] should_fail_ex.cold+0x5/0xa [ 775.241643][T16470] should_failslab+0xc2/0x120 [ 775.241681][T16470] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 775.241733][T16470] ? security_file_alloc+0x34/0x2c0 [ 775.241779][T16470] ? trace_kmem_cache_alloc+0xf3/0x120 [ 775.241836][T16470] security_file_alloc+0x34/0x2c0 [ 775.241884][T16470] init_file+0x95/0x480 [ 775.241926][T16470] alloc_empty_file+0x73/0x1c0 [ 775.241970][T16470] path_openat+0xe8/0x31a0 [ 775.242005][T16470] ? kasan_save_stack+0x3f/0x50 [ 775.242035][T16470] ? kasan_save_stack+0x30/0x50 [ 775.242064][T16470] ? kasan_save_track+0x14/0x30 [ 775.242093][T16470] ? __kasan_slab_alloc+0x89/0x90 [ 775.242125][T16470] ? kmem_cache_alloc_noprof+0x241/0x6e0 [ 775.242177][T16470] ? do_getname+0x35/0x390 [ 775.242218][T16470] ? do_sys_openat2+0xc5/0x1e0 [ 775.242262][T16470] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 775.242303][T16470] ? __pfx_path_openat+0x10/0x10 [ 775.242354][T16470] do_file_open+0x20e/0x430 [ 775.242393][T16470] ? __pfx_do_file_open+0x10/0x10 [ 775.242479][T16470] ? alloc_fd+0x476/0x790 [ 775.242520][T16470] ? do_getname+0x191/0x390 [ 775.242568][T16470] do_sys_openat2+0x10d/0x1e0 [ 775.242615][T16470] ? __pfx_do_sys_openat2+0x10/0x10 [ 775.242665][T16470] ? __sys_sendmsg+0x18f/0x220 [ 775.242707][T16470] __x64_sys_openat+0x12d/0x210 [ 775.242757][T16470] ? __pfx___x64_sys_openat+0x10/0x10 [ 775.242831][T16470] do_syscall_64+0x106/0xf80 [ 775.242866][T16470] ? clear_bhb_loop+0x40/0x90 [ 775.242909][T16470] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 775.242945][T16470] RIP: 0033:0x7f51fd19c819 [ 775.242973][T16470] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 775.243008][T16470] RSP: 002b:00007f51fe0ca028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 775.243041][T16470] RAX: ffffffffffffffda RBX: 00007f51fd415fa0 RCX: 00007f51fd19c819 [ 775.243063][T16470] RDX: 0000000000008203 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 775.243085][T16470] RBP: 00007f51fd232c91 R08: 0000000000000000 R09: 0000000000000000 [ 775.243105][T16470] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 775.243125][T16470] R13: 00007f51fd416038 R14: 00007f51fd415fa0 R15: 00007ffd5e35c898 [ 775.243170][T16470] [ 775.705070][T16282] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 776.146958][T16282] veth0_vlan: entered promiscuous mode [ 776.206128][T16282] veth1_vlan: entered promiscuous mode [ 776.384709][T16282] veth0_macvtap: entered promiscuous mode [ 776.396011][T16282] veth1_macvtap: entered promiscuous mode [ 776.426055][T16282] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 776.452015][T16282] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 776.479118][T16431] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 776.506416][T16431] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 776.538280][T16431] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 776.562426][T16431] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 776.672744][T16437] Bluetooth: hci4: command 0x041b tx timeout [ 776.753252][T16437] Bluetooth: hci2: command 0x041b tx timeout [ 777.005874][T16433] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 777.020795][T16433] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 777.226951][T16444] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 777.305161][T16444] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 778.004449][T16507] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 778.021531][T16507] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 778.030947][T16507] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 778.039286][T16507] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 778.047721][T16507] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 778.823803][T16507] Bluetooth: hci2: command 0x041b tx timeout [ 778.851719][T16506] chnl_net:caif_netlink_parms(): no params data found [ 779.217634][T16506] bridge0: port 1(bridge_slave_0) entered blocking state [ 779.230441][T16506] bridge0: port 1(bridge_slave_0) entered disabled state [ 779.237877][T16506] bridge_slave_0: entered allmulticast mode [ 779.246417][T16506] bridge_slave_0: entered promiscuous mode [ 779.268978][T16444] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 779.296097][T16506] bridge0: port 2(bridge_slave_1) entered blocking state [ 779.307332][T16506] bridge0: port 2(bridge_slave_1) entered disabled state [ 779.318244][T16506] bridge_slave_1: entered allmulticast mode [ 779.329956][T16506] bridge_slave_1: entered promiscuous mode [ 779.446670][T16444] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 779.642810][T16506] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 779.712058][T16444] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 779.798673][T16506] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 779.915973][T16506] team0: Port device team_slave_0 added [ 779.957221][T16444] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 779.990577][T16506] team0: Port device team_slave_1 added [ 780.104457][T16507] Bluetooth: hci1: command tx timeout [ 780.292331][T16444] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 780.482338][T16506] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 780.497502][T16506] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 780.524188][T16506] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 780.540330][T16506] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 780.547970][T16506] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 780.575212][T16506] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 780.757096][T16506] hsr_slave_0: entered promiscuous mode [ 780.764856][T16506] hsr_slave_1: entered promiscuous mode [ 780.771416][T16506] debugfs: 'hsr0' already exists in 'hsr' [ 780.787778][T16506] Cannot create hsr debugfs directory [ 781.303688][T16444] bridge_slave_1: left allmulticast mode [ 781.316582][T16444] bridge_slave_1: left promiscuous mode [ 781.322506][T16444] bridge0: port 2(bridge_slave_1) entered disabled state [ 781.334079][T16444] bridge_slave_0: left allmulticast mode [ 781.339893][T16444] bridge_slave_0: left promiscuous mode [ 781.346559][T16444] bridge0: port 1(bridge_slave_0) entered disabled state [ 782.185428][T16507] Bluetooth: hci1: command tx timeout [ 782.365752][T16444] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 782.419117][T16444] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 782.434135][T16444] bond0 (unregistering): Released all slaves [ 782.629678][T16556] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 782.636032][T16556] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 782.642307][T16556] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 782.655174][T16556] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 782.665533][T16556] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 782.692090][T16556] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 783.303658][T16444] hsr_slave_0: left promiscuous mode [ 783.312448][T16444] hsr_slave_1: left promiscuous mode [ 783.338665][T16444] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 783.346580][T16444] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 783.355218][T16444] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 783.375209][T16444] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 783.393713][T16444] veth1_macvtap: left promiscuous mode [ 783.403577][T16444] veth0_macvtap: left promiscuous mode [ 783.409290][T16444] veth1_vlan: left promiscuous mode [ 783.414710][T16444] veth0_vlan: left promiscuous mode [ 784.146759][T16444] team0 (unregistering): Port device team_slave_1 removed [ 784.186488][T16444] team0 (unregistering): Port device team_slave_0 removed [ 784.666892][T16507] Bluetooth: hci1: command 0x0419 tx timeout [ 784.673004][T16507] Bluetooth: hci2: command 0x041b tx timeout [ 784.681263][T16437] Bluetooth: hci4: command 0x041b tx timeout [ 784.687551][T16437] Bluetooth: hci0: command 0x0c1a tx timeout [ 784.802154][T16506] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 784.845698][T16506] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 784.888400][T16506] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 784.920965][T16506] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 785.262292][T16506] 8021q: adding VLAN 0 to HW filter on device bond0 [ 785.784780][T16506] 8021q: adding VLAN 0 to HW filter on device team0 [ 785.805963][T16465] bridge0: port 1(bridge_slave_0) entered blocking state [ 785.813202][T16465] bridge0: port 1(bridge_slave_0) entered forwarding state [ 785.876152][T16465] bridge0: port 2(bridge_slave_1) entered blocking state [ 785.883459][T16465] bridge0: port 2(bridge_slave_1) entered forwarding state [ 786.746950][T16584] Bluetooth: hci1: command 0x0419 tx timeout [ 786.858723][T16626] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 786.872402][T16626] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 786.880772][T16626] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 786.887192][T16626] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 787.168541][T16506] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 787.465405][T16506] veth0_vlan: entered promiscuous mode [ 787.495517][T16506] veth1_vlan: entered promiscuous mode [ 787.604256][T16506] veth0_macvtap: entered promiscuous mode [ 787.663091][T16506] veth1_macvtap: entered promiscuous mode [ 787.796897][T16506] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 787.850891][T16506] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 787.933634][T16444] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 787.966572][T16444] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 787.999183][T16444] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 788.015015][T16444] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 788.034132][T16645] aoe: copy from user failed [ 788.039556][T16645] aoe: could not set interface list: too many interfaces [ 788.630498][T16433] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 788.668530][T16433] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 788.708262][T16433] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 788.716147][T16433] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 788.990877][T16430] Bluetooth: hci1: command 0x0419 tx timeout [ 788.996970][T16584] Bluetooth: hci2: command 0x041b tx timeout [ 789.003084][T16507] Bluetooth: hci4: command 0x041b tx timeout [ 789.009623][T16584] Bluetooth: hci0: command 0x0c1a tx timeout [ 789.446485][T16663] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 789.463310][T16663] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 789.641505][T16663] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 789.652158][T16663] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 789.824512][T16671] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2433'. [ 790.250104][T16437] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 790.321685][T16437] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 790.332944][T16437] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 790.351871][T16437] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 790.361614][T16437] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 791.348139][T16694] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 791.431568][T16694] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 791.533378][T16694] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 791.619286][T16694] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 791.661499][T16694] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 791.773633][T16694] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 791.812794][T16677] chnl_net:caif_netlink_parms(): no params data found [ 792.006885][T16440] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 792.214794][T16440] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 792.362966][T16440] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 792.493901][T16440] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 792.801921][T16677] bridge0: port 1(bridge_slave_0) entered blocking state [ 792.815974][T16677] bridge0: port 1(bridge_slave_0) entered disabled state [ 792.825975][T16677] bridge_slave_0: entered allmulticast mode [ 792.842274][T16677] bridge_slave_0: entered promiscuous mode [ 792.861376][T16677] bridge0: port 2(bridge_slave_1) entered blocking state [ 792.868693][T16677] bridge0: port 2(bridge_slave_1) entered disabled state [ 792.890162][T16677] bridge_slave_1: entered allmulticast mode [ 792.898553][T16677] bridge_slave_1: entered promiscuous mode [ 793.113325][T16677] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 793.133534][T16677] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 793.390401][T16437] Bluetooth: hci4: command 0x041b tx timeout [ 793.471192][T16437] Bluetooth: hci2: command 0x041b tx timeout [ 793.504709][T16677] team0: Port device team_slave_0 added [ 793.525366][T16677] team0: Port device team_slave_1 added [ 793.551382][T16437] Bluetooth: hci1: command 0x0419 tx timeout [ 793.630828][T16437] Bluetooth: hci3: command 0x041b tx timeout [ 793.649895][T16677] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 793.699387][T16677] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 793.760946][T16677] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 793.779486][T16677] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 793.795180][T16677] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 793.831335][T16677] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 793.859763][T16440] bridge_slave_1: left allmulticast mode [ 793.866287][T16440] bridge_slave_1: left promiscuous mode [ 793.874814][T16440] bridge0: port 2(bridge_slave_1) entered disabled state [ 793.892789][T16440] bridge_slave_0: left allmulticast mode [ 793.898546][T16440] bridge_slave_0: left promiscuous mode [ 793.905384][T16440] bridge0: port 1(bridge_slave_0) entered disabled state [ 794.424271][T16440] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 794.436577][T16440] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 794.448249][T16440] bond0 (unregistering): Released all slaves [ 794.544085][T16741] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 794.581263][T16741] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 794.590780][T16741] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 794.598713][T16741] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 794.746596][T16677] hsr_slave_0: entered promiscuous mode [ 794.771757][T16677] hsr_slave_1: entered promiscuous mode [ 794.796811][T16677] debugfs: 'hsr0' already exists in 'hsr' [ 794.828631][T16677] Cannot create hsr debugfs directory [ 795.593663][T16440] hsr_slave_0: left promiscuous mode [ 795.625779][T16440] hsr_slave_1: left promiscuous mode [ 795.636719][T16440] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 795.667731][T16440] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 795.738324][T16440] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 795.757633][T16440] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 795.827030][T16440] veth1_macvtap: left promiscuous mode [ 795.835894][T16440] veth0_macvtap: left promiscuous mode [ 795.853336][T16440] veth1_vlan: left promiscuous mode [ 795.861989][T16440] veth0_vlan: left promiscuous mode [ 796.470689][T16440] team0 (unregistering): Port device team_slave_1 removed [ 796.510965][T16440] team0 (unregistering): Port device team_slave_0 removed [ 796.591868][T16437] Bluetooth: hci2: command 0x041b tx timeout [ 796.597919][T16437] Bluetooth: hci4: command 0x041b tx timeout [ 796.673847][T16659] Bluetooth: hci1: command 0x0419 tx timeout [ 796.680121][T16437] Bluetooth: hci3: command 0x041b tx timeout [ 796.813202][T16775] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 796.819289][T16775] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 796.876579][T16775] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 796.894279][T16775] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 797.761528][T16799] FAULT_INJECTION: forcing a failure. [ 797.761528][T16799] name failslab, interval 1, probability 0, space 0, times 0 [ 797.788617][T16799] CPU: 1 UID: 0 PID: 16799 Comm: syz.2.2449 Not tainted syzkaller #0 PREEMPT(full) [ 797.788659][T16799] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 797.788678][T16799] Call Trace: [ 797.788688][T16799] [ 797.788699][T16799] dump_stack_lvl+0x100/0x190 [ 797.788754][T16799] should_fail_ex.cold+0x5/0xa [ 797.788792][T16799] ? tomoyo_encode2+0xfb/0x3c0 [ 797.788834][T16799] should_failslab+0xc2/0x120 [ 797.788870][T16799] __kmalloc_noprof+0xe0/0x850 [ 797.788925][T16799] tomoyo_encode2+0xfb/0x3c0 [ 797.788984][T16799] tomoyo_encode+0x29/0x50 [ 797.789026][T16799] tomoyo_realpath_from_path+0x18c/0x690 [ 797.789074][T16799] tomoyo_path_number_perm+0x23c/0x580 [ 797.789108][T16799] ? tomoyo_path_number_perm+0x22e/0x580 [ 797.789148][T16799] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 797.789220][T16799] ? find_held_lock+0x2b/0x80 [ 797.789252][T16799] ? __fget_files+0x215/0x3d0 [ 797.789281][T16799] ? hook_file_ioctl_common+0x146/0x410 [ 797.789324][T16799] ? __fget_files+0x21f/0x3d0 [ 797.789356][T16799] security_file_ioctl+0xd3/0x230 [ 797.789394][T16799] __x64_sys_ioctl+0xb7/0x210 [ 797.789442][T16799] do_syscall_64+0x106/0xf80 [ 797.789472][T16799] ? clear_bhb_loop+0x40/0x90 [ 797.789505][T16799] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 797.789532][T16799] RIP: 0033:0x7f4380f9c819 [ 797.789553][T16799] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 797.789579][T16799] RSP: 002b:00007f4381f10028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 797.789605][T16799] RAX: ffffffffffffffda RBX: 00007f4381215fa0 RCX: 00007f4380f9c819 [ 797.789622][T16799] RDX: 0000000000000001 RSI: 0000000000008916 RDI: 0000000000000003 [ 797.789638][T16799] RBP: 00007f4381f10090 R08: 0000000000000000 R09: 0000000000000000 [ 797.789655][T16799] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 797.789670][T16799] R13: 00007f4381216038 R14: 00007f4381215fa0 R15: 00007fff38c38ad8 [ 797.789705][T16799] [ 797.791011][T16799] ERROR: Out of memory at tomoyo_realpath_from_path. [ 798.342778][T16805] aoe: copy from user failed [ 798.383299][T16805] aoe: could not set interface list: too many interfaces [ 798.603338][T16677] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 798.701109][T16812] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 798.710476][T16677] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 798.717675][T16812] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 798.756008][T16812] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 798.800103][T16677] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 798.839738][T16812] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 798.958422][T16677] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 799.293353][T16816] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 799.299531][T16816] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 799.323301][T16816] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 799.329572][T16816] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 799.749417][T16677] 8021q: adding VLAN 0 to HW filter on device bond0 [ 799.938822][T16677] 8021q: adding VLAN 0 to HW filter on device team0 [ 799.954884][T16845] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2455'. [ 799.987273][T16845] netlink: 'syz.0.2455': attribute type 1 has an invalid length. [ 799.996383][T16845] netlink: 51505 bytes leftover after parsing attributes in process `syz.0.2455'. [ 800.036692][T16440] bridge0: port 1(bridge_slave_0) entered blocking state [ 800.043969][T16440] bridge0: port 1(bridge_slave_0) entered forwarding state [ 800.058671][T16844] delete_channel: no stack [ 800.103205][T16440] bridge0: port 2(bridge_slave_1) entered blocking state [ 800.110453][T16440] bridge0: port 2(bridge_slave_1) entered forwarding state [ 800.546052][T16857] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 800.552604][T16857] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 800.564506][T16857] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 800.586551][T16857] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 801.019567][T16677] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 801.231370][T16677] veth0_vlan: entered promiscuous mode [ 801.286319][T16677] veth1_vlan: entered promiscuous mode [ 801.546189][T16879] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 801.553765][T16879] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 801.560672][T16879] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 801.584864][T16879] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 801.684612][T16677] veth0_macvtap: entered promiscuous mode [ 801.733393][T16677] veth1_macvtap: entered promiscuous mode [ 801.821842][T16677] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 801.908862][T16677] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 801.959350][T16433] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 801.968672][T16433] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 801.992092][T16433] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 802.209448][T16433] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 802.481538][T16895] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 802.494049][T16895] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 802.501575][T16895] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 802.681841][T16895] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 802.866773][T16435] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 802.874725][T16435] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 802.999023][T16433] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 803.017929][T16433] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 803.551117][T16910] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 803.579463][T16910] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 803.597850][T16910] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 803.616103][T16910] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 805.560068][T16659] Bluetooth: hci4: command 0x041b tx timeout [ 805.661213][T16659] Bluetooth: hci3: command 0x041b tx timeout [ 805.667366][T16430] Bluetooth: hci1: command 0x0419 tx timeout [ 805.673417][T16430] Bluetooth: hci2: command 0x041b tx timeout [ 805.927783][T16953] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 805.934036][T16953] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 805.943953][T16953] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 805.969592][T16953] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 807.225083][T16965] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 807.287893][T16965] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 807.294704][T16965] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 807.307321][T16965] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 808.498376][T16980] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 808.504685][T16980] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 808.538288][T16980] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 808.560230][T16980] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 809.083223][ T1304] ieee802154 phy0 wpan0: encryption failed: -22 [ 809.094222][ T1304] ieee802154 phy1 wpan1: encryption failed: -22 [ 810.072811][T17004] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 810.109269][T17004] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 810.237540][T17004] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 810.447312][T17004] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 811.620035][T17022] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 811.649551][T17022] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 811.666037][T17022] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 811.716628][T17022] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 812.604658][T17044] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 812.686902][T17044] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 812.777029][T17044] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 812.943543][T17044] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 813.713659][T17051] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 813.770144][T17051] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 813.783840][T17051] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 813.790148][T17051] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 815.451548][T17077] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 815.458718][T17077] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 815.465875][T17077] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 815.472880][T17077] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 817.354000][T17113] aoe: copy from user failed [ 817.363298][T17113] aoe: could not set interface list: too many interfaces [ 817.562397][T16437] Bluetooth: hci3: command 0x041b tx timeout [ 817.568721][T16430] Bluetooth: hci1: command 0x0419 tx timeout [ 817.575337][T16659] Bluetooth: hci2: command 0x041b tx timeout [ 817.581471][T16584] Bluetooth: hci4: command 0x041b tx timeout [ 818.152725][T17123] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 818.161535][T17123] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 818.171710][T17123] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 818.179002][T17123] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 818.801479][T17132] delete_channel: no stack [ 820.203881][T16430] Bluetooth: hci3: command 0x041b tx timeout [ 820.211360][T16430] Bluetooth: hci1: command 0x0419 tx timeout [ 820.223776][T16437] Bluetooth: hci2: command 0x041b tx timeout [ 820.233836][T16584] Bluetooth: hci4: command 0x041b tx timeout [ 821.734741][T17177] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 821.763156][T17177] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 821.801541][T17177] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 821.833057][T17177] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 823.129980][T17201] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 823.136758][T17201] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 823.169923][T17201] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 823.234168][T17201] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 824.586281][T17219] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 824.645953][T17219] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 824.678503][T17219] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 824.934812][T17219] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 826.190206][T17241] delete_channel: no stack [ 826.606741][T16430] Bluetooth: hci4: command 0x041b tx timeout [ 826.645169][T17254] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 826.651486][T17254] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 826.657779][T17254] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 826.666497][T17254] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 827.440892][T17259] delete_channel: no stack [ 827.788376][T17267] delete_channel: no stack [ 828.687806][T16437] Bluetooth: hci3: command 0x041b tx timeout [ 828.693897][T16437] Bluetooth: hci1: command 0x0419 tx timeout [ 828.719801][T16430] Bluetooth: hci2: command 0x041b tx timeout [ 828.725903][T16430] Bluetooth: hci4: command 0x041b tx timeout [ 829.893702][T17289] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 829.962407][T17289] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 829.977312][T17289] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 829.987340][T17289] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 830.333783][T17300] aoe: copy from user failed [ 830.397589][T17300] aoe: could not set interface list: too many interfaces [ 830.649484][T17304] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 830.722308][T17304] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 830.742707][T17304] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 830.762813][T17304] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 832.709983][T16437] Bluetooth: hci4: command 0x041b tx timeout [ 832.785935][T16437] Bluetooth: hci3: command 0x041b tx timeout [ 832.786076][T16430] Bluetooth: hci1: command 0x0419 tx timeout [ 832.798392][T16659] Bluetooth: hci2: command 0x041b tx timeout [ 832.822186][T17336] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 832.830106][T17336] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 832.836303][T17336] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 832.842688][T17336] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 833.459152][T17341] delete_channel: no stack [ 833.907531][T17350] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 833.915102][T17350] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 833.923286][T17354] aoe: copy from user failed [ 833.941966][T17350] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 833.951528][T17354] aoe: could not set interface list: too many interfaces [ 833.970081][T17350] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 835.332972][T17372] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 835.339870][T17372] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 835.372458][T17372] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 835.378645][T17372] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 836.011691][T17385] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 836.086683][T17385] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 836.107257][T17385] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 836.246173][T17385] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 837.084738][T17404] aoe: copy from user failed [ 837.093019][T17404] aoe: could not set interface list: too many interfaces [ 838.052527][T16430] Bluetooth: hci4: command 0x041b tx timeout [ 838.133392][T16430] Bluetooth: hci1: command 0x0419 tx timeout [ 838.141761][T16437] Bluetooth: hci2: command 0x041b tx timeout [ 838.296037][T16437] Bluetooth: hci3: command 0x041b tx timeout [ 839.357171][T17435] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 839.932672][T17441] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 840.225609][T17445] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 840.243842][T17445] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 840.370161][T17445] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 840.451391][T17445] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 841.217741][T17464] delete_channel: no stack [ 842.296981][T16430] Bluetooth: hci2: command 0x041b tx timeout [ 842.303081][T16430] Bluetooth: hci4: command 0x041b tx timeout [ 842.344985][T16430] Bluetooth: hci3: unexpected subevent 0x03 length: 253 > 9 [ 842.375618][T16430] Bluetooth: hci1: command 0x0419 tx timeout [ 842.695019][T16430] Bluetooth: hci3: command 0x041b tx timeout [ 845.738308][T17538] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 845.747990][T17538] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 845.787566][T17538] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 845.807843][T17538] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 845.943323][T17545] aoe: copy from user failed [ 845.959282][T17545] aoe: could not set interface list: too many interfaces [ 846.468459][T17547] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 846.517705][T17547] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 846.541100][T17547] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 846.557211][T17547] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 846.958113][T17558] NFSD: Failed to start, no listeners configured. [ 847.395234][T17561] NFSD: Failed to start, no listeners configured. [ 848.489390][T17585] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 848.495773][T17585] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 848.502130][T17585] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 848.519718][T17585] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 849.356315][T17600] FAULT_INJECTION: forcing a failure. [ 849.356315][T17600] name failslab, interval 1, probability 0, space 0, times 0 [ 849.370706][T17600] CPU: 1 UID: 0 PID: 17600 Comm: syz.3.2603 Not tainted syzkaller #0 PREEMPT(full) [ 849.370748][T17600] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 849.370766][T17600] Call Trace: [ 849.370777][T17600] [ 849.370789][T17600] dump_stack_lvl+0x100/0x190 [ 849.370847][T17600] should_fail_ex.cold+0x5/0xa [ 849.370887][T17600] should_failslab+0xc2/0x120 [ 849.370925][T17600] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 849.370989][T17600] ? __anon_vma_prepare+0xae/0x5e0 [ 849.371047][T17600] __anon_vma_prepare+0xae/0x5e0 [ 849.371092][T17600] ? __filemap_get_folio_mpol+0x3ba/0xe70 [ 849.371132][T17600] __vmf_anon_prepare+0x11f/0x250 [ 849.371175][T17600] hugetlb_no_page+0xe28/0x1970 [ 849.371234][T17600] hugetlb_fault+0x5df/0x1450 [ 849.371285][T17600] ? __pfx_hugetlb_fault+0x10/0x10 [ 849.371345][T17600] ? find_vma+0xbf/0x140 [ 849.371379][T17600] ? __pfx_find_vma+0x10/0x10 [ 849.371424][T17600] handle_mm_fault+0x5f1/0xa20 [ 849.371475][T17600] do_user_addr_fault+0x74c/0x12f0 [ 849.371513][T17600] exc_page_fault+0x6f/0xd0 [ 849.371543][T17600] asm_exc_page_fault+0x26/0x30 [ 849.371570][T17600] RIP: 0010:rep_movs_alternative+0xf/0x90 [ 849.371609][T17600] Code: c4 10 c3 cc cc cc cc 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 48 83 f9 40 73 44 83 f9 08 73 25 85 c9 74 0f <8a> 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 e9 fd 93 04 00 66 66 [ 849.371637][T17600] RSP: 0018:ffffc90003cc7ce8 EFLAGS: 00050202 [ 849.371659][T17600] RAX: 0000000000000001 RBX: 0000000000000000 RCX: 0000000000000004 [ 849.371675][T17600] RDX: 0000000000000001 RSI: 0000000000000000 RDI: ffffc90003cc7d58 [ 849.371691][T17600] RBP: 0000000000000004 R08: 0000000000000001 R09: fffff52000798fab [ 849.371707][T17600] R10: 0000000000000003 R11: 0000000000000000 R12: 0000000000000000 [ 849.371723][T17600] R13: ffffc90003cc7d58 R14: 0000000000000004 R15: ffff888033d71080 [ 849.371758][T17600] _copy_from_user+0x98/0xd0 [ 849.371797][T17600] rds_setsockopt+0xaf4/0xce0 [ 849.371840][T17600] ? __pfx_rds_setsockopt+0x10/0x10 [ 849.371881][T17600] ? find_held_lock+0x2b/0x80 [ 849.371913][T17600] ? aa_sock_opt_perm+0xfe/0x1b0 [ 849.371941][T17600] ? __pfx_rds_setsockopt+0x10/0x10 [ 849.371991][T17600] do_sock_setsockopt+0xf3/0x1d0 [ 849.372029][T17600] __sys_setsockopt+0x119/0x190 [ 849.372081][T17600] __x64_sys_setsockopt+0xbd/0x160 [ 849.372124][T17600] ? do_syscall_64+0x95/0xf80 [ 849.372152][T17600] ? lockdep_hardirqs_on+0x78/0x100 [ 849.372181][T17600] do_syscall_64+0x106/0xf80 [ 849.372208][T17600] ? clear_bhb_loop+0x40/0x90 [ 849.372243][T17600] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 849.372271][T17600] RIP: 0033:0x7fd7ba79c819 [ 849.372293][T17600] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 849.372320][T17600] RSP: 002b:00007fd7bb686028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 849.372345][T17600] RAX: ffffffffffffffda RBX: 00007fd7baa16090 RCX: 00007fd7ba79c819 [ 849.372363][T17600] RDX: 0000000000000008 RSI: 0000000000000114 RDI: 0000000000000005 [ 849.372379][T17600] RBP: 00007fd7bb686090 R08: 0000000000000004 R09: 0000000000000000 [ 849.372396][T17600] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 849.372413][T17600] R13: 00007fd7baa16128 R14: 00007fd7baa16090 R15: 00007ffc94d0e4a8 [ 849.372454][T17600] [ 849.878198][T17603] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2605'. [ 850.428701][T17624] FAULT_INJECTION: forcing a failure. [ 850.428701][T17624] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 850.507579][T17624] CPU: 1 UID: 0 PID: 17624 Comm: syz.3.2608 Not tainted syzkaller #0 PREEMPT(full) [ 850.507622][T17624] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 850.507641][T17624] Call Trace: [ 850.507652][T17624] [ 850.507664][T17624] dump_stack_lvl+0x100/0x190 [ 850.507729][T17624] should_fail_ex.cold+0x5/0xa [ 850.507763][T17624] ? prepare_alloc_pages+0x16d/0x5f0 [ 850.507808][T17624] should_fail_alloc_page+0xeb/0x140 [ 850.507858][T17624] prepare_alloc_pages+0x1f0/0x5f0 [ 850.507907][T17624] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 850.507963][T17624] ? ima_match_policy+0x8c4/0x2350 [ 850.508013][T17624] ? __lock_acquire+0x4a5/0x2630 [ 850.508069][T17624] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 850.508137][T17624] ? __pfx___might_resched+0x10/0x10 [ 850.508194][T17624] ? process_measurement+0x4c8/0x2350 [ 850.508236][T17624] ? up_write+0x290/0x4f0 [ 850.508281][T17624] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 850.508332][T17624] ? policy_nodemask+0xed/0x4f0 [ 850.508374][T17624] alloc_pages_mpol+0x1fb/0x550 [ 850.508415][T17624] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 850.508466][T17624] alloc_pages_noprof+0x136/0x390 [ 850.508506][T17624] __pmd_alloc+0x3b/0x950 [ 850.508552][T17624] __handle_mm_fault+0xa9e/0x2b60 [ 850.508608][T17624] ? mt_find+0x45e/0x8e0 [ 850.508648][T17624] ? __pfx___handle_mm_fault+0x10/0x10 [ 850.508694][T17624] ? __pfx_mt_find+0x10/0x10 [ 850.508752][T17624] ? find_vma+0xbf/0x140 [ 850.508783][T17624] ? __pfx_find_vma+0x10/0x10 [ 850.508829][T17624] handle_mm_fault+0x36d/0xa20 [ 850.508884][T17624] do_user_addr_fault+0x74c/0x12f0 [ 850.508929][T17624] exc_page_fault+0x6f/0xd0 [ 850.508965][T17624] asm_exc_page_fault+0x26/0x30 [ 850.508997][T17624] RIP: 0010:rep_movs_alternative+0x30/0x90 [ 850.509043][T17624] Code: 83 f9 08 73 25 85 c9 74 0f 8a 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 e9 fd 93 04 00 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 <48> 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 [ 850.509075][T17624] RSP: 0018:ffffc90003c57b80 EFLAGS: 00050246 [ 850.509102][T17624] RAX: 0000000000000001 RBX: 0000000000000000 RCX: 0000000000000008 [ 850.509121][T17624] RDX: 0000000000000001 RSI: 0000000000000000 RDI: ffffc90003c57bd8 [ 850.509141][T17624] RBP: 0000000000000008 R08: 0000000000000001 R09: fffff5200078af7b [ 850.509160][T17624] R10: ffffc90003c57bdf R11: 0000000000000000 R12: 0000000000000000 [ 850.509177][T17624] R13: ffffc90003c57bd8 R14: dffffc0000000000 R15: ffff8880326f0800 [ 850.509218][T17624] _copy_from_user+0x98/0xd0 [ 850.509264][T17624] ucma_write+0x128/0x330 [ 850.509315][T17624] ? __pfx_ucma_write+0x10/0x10 [ 850.509364][T17624] ? bpf_lsm_file_permission+0x9/0x10 [ 850.509395][T17624] ? security_file_permission+0x76/0x210 [ 850.509442][T17624] ? rw_verify_area+0xce/0x6d0 [ 850.509494][T17624] ? __pfx_ucma_write+0x10/0x10 [ 850.509542][T17624] vfs_writev+0x5ea/0xe10 [ 850.509584][T17624] ? __pfx_vfs_writev+0x10/0x10 [ 850.509616][T17624] ? find_held_lock+0x2b/0x80 [ 850.509675][T17624] ? __fget_files+0x21f/0x3d0 [ 850.509719][T17624] ? do_writev+0x28a/0x340 [ 850.509746][T17624] do_writev+0x28a/0x340 [ 850.509778][T17624] ? __pfx_do_writev+0x10/0x10 [ 850.509827][T17624] do_syscall_64+0x106/0xf80 [ 850.509860][T17624] ? clear_bhb_loop+0x40/0x90 [ 850.509901][T17624] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 850.509933][T17624] RIP: 0033:0x7fd7ba79c819 [ 850.509960][T17624] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 850.509992][T17624] RSP: 002b:00007fd7bb6a7028 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 850.510022][T17624] RAX: ffffffffffffffda RBX: 00007fd7baa15fa0 RCX: 00007fd7ba79c819 [ 850.510043][T17624] RDX: 0000000000000001 RSI: 0000200000001100 RDI: 0000000000000003 [ 850.510062][T17624] RBP: 00007fd7bb6a7090 R08: 0000000000000000 R09: 0000000000000000 [ 850.510082][T17624] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 850.510101][T17624] R13: 00007fd7baa16038 R14: 00007fd7baa15fa0 R15: 00007ffc94d0e4a8 [ 850.510145][T17624] [ 850.640757][ T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!! [ 850.923882][T16437] Bluetooth: hci3: command 0x041b tx timeout [ 850.930003][T16430] Bluetooth: hci1: command 0x0419 tx timeout [ 850.936025][T16430] Bluetooth: hci2: command 0x041b tx timeout [ 850.942191][T16659] Bluetooth: hci4: command 0x041b tx timeout [ 852.077715][T17636] delete_channel: no stack [ 852.500228][T17642] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 852.506467][T17642] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 852.512720][T17642] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 852.519281][T17642] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 852.881029][T17649] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 852.891566][T17649] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 852.900763][T17649] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 852.927610][T17649] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 854.842649][T17684] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2620'. [ 854.940890][T16430] Bluetooth: hci1: command 0x0419 tx timeout [ 854.947039][T16584] Bluetooth: hci2: command 0x041b tx timeout [ 854.953217][T16659] Bluetooth: hci4: command 0x041b tx timeout [ 855.021149][T16430] Bluetooth: hci3: command 0x041b tx timeout [ 855.923928][T17688] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 855.933981][T17688] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 855.940041][T17688] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 856.040059][T17688] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 856.210906][T17701] vhci_hcd vhci_hcd.2: USB_PORT_FEAT_U1/2_TIMEOUT req not supported for USB 2.0 roothub [ 857.304447][T17714] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 857.555845][T17714] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 857.563057][T17714] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 857.757668][T17714] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 858.152515][T17725] FAULT_INJECTION: forcing a failure. [ 858.152515][T17725] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 858.219325][T17726] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2630'. [ 858.277609][T17725] CPU: 0 UID: 0 PID: 17725 Comm: syz.2.2630 Not tainted syzkaller #0 PREEMPT(full) [ 858.277656][T17725] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 858.277671][T17725] Call Trace: [ 858.277678][T17725] [ 858.277687][T17725] dump_stack_lvl+0x100/0x190 [ 858.277729][T17725] should_fail_ex.cold+0x5/0xa [ 858.277757][T17725] _copy_to_user+0x32/0xd0 [ 858.277788][T17725] simple_read_from_buffer+0xcb/0x170 [ 858.277829][T17725] proc_fail_nth_read+0x1af/0x230 [ 858.277860][T17725] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 858.277892][T17725] ? rw_verify_area+0xce/0x6d0 [ 858.277926][T17725] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 858.277956][T17725] vfs_read+0x1e4/0xb30 [ 858.277982][T17725] ? __pfx_vfs_read+0x10/0x10 [ 858.278002][T17725] ? __fget_files+0x215/0x3d0 [ 858.278032][T17725] ? __fget_files+0x21f/0x3d0 [ 858.278062][T17725] ksys_read+0x12a/0x250 [ 858.278084][T17725] ? __pfx_ksys_read+0x10/0x10 [ 858.278114][T17725] do_syscall_64+0x106/0xf80 [ 858.278138][T17725] ? clear_bhb_loop+0x40/0x90 [ 858.278166][T17725] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 858.278190][T17725] RIP: 0033:0x7f4380f5d04e [ 858.278209][T17725] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 858.278232][T17725] RSP: 002b:00007f4381f0ffe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 858.278253][T17725] RAX: ffffffffffffffda RBX: 00007f4381f106c0 RCX: 00007f4380f5d04e [ 858.278268][T17725] RDX: 000000000000000f RSI: 00007f4381f100a0 RDI: 0000000000000005 [ 858.278282][T17725] RBP: 00007f4381f10090 R08: 0000000000000000 R09: 0000000000000000 [ 858.278296][T17725] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 858.278309][T17725] R13: 00007f4381216038 R14: 00007f4381215fa0 R15: 00007fff38c38ad8 [ 858.278339][T17725] [ 859.231744][T17743] FAULT_INJECTION: forcing a failure. [ 859.231744][T17743] name failslab, interval 1, probability 0, space 0, times 0 [ 859.253633][T17743] CPU: 0 UID: 0 PID: 17743 Comm: syz.1.2635 Not tainted syzkaller #0 PREEMPT(full) [ 859.253676][T17743] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 859.253696][T17743] Call Trace: [ 859.253705][T17743] [ 859.253717][T17743] dump_stack_lvl+0x100/0x190 [ 859.253773][T17743] should_fail_ex.cold+0x5/0xa [ 859.253813][T17743] should_failslab+0xc2/0x120 [ 859.253850][T17743] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 859.253903][T17743] ? alloc_empty_file+0x55/0x1c0 [ 859.253946][T17743] ? __pfx_stack_trace_save+0x10/0x10 [ 859.253987][T17743] alloc_empty_file+0x55/0x1c0 [ 859.254031][T17743] path_openat+0xe8/0x31a0 [ 859.254065][T17743] ? kasan_save_stack+0x3f/0x50 [ 859.254094][T17743] ? kasan_save_stack+0x30/0x50 [ 859.254130][T17743] ? kasan_save_track+0x14/0x30 [ 859.254160][T17743] ? __kasan_slab_alloc+0x89/0x90 [ 859.254192][T17743] ? kmem_cache_alloc_noprof+0x241/0x6e0 [ 859.254243][T17743] ? do_getname+0x35/0x390 [ 859.254284][T17743] ? do_sys_openat2+0xc5/0x1e0 [ 859.254328][T17743] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 859.254367][T17743] ? __pfx_path_openat+0x10/0x10 [ 859.254418][T17743] do_file_open+0x20e/0x430 [ 859.254458][T17743] ? __pfx_do_file_open+0x10/0x10 [ 859.254522][T17743] ? alloc_fd+0x476/0x790 [ 859.254561][T17743] ? do_getname+0x191/0x390 [ 859.254608][T17743] do_sys_openat2+0x10d/0x1e0 [ 859.254659][T17743] ? __pfx_do_sys_openat2+0x10/0x10 [ 859.254701][T17743] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 859.254743][T17743] ? __fget_files+0x21f/0x3d0 [ 859.254780][T17743] __x64_sys_openat+0x12d/0x210 [ 859.254827][T17743] ? __pfx___x64_sys_openat+0x10/0x10 [ 859.254872][T17743] ? ksys_write+0x1ac/0x250 [ 859.254918][T17743] do_syscall_64+0x106/0xf80 [ 859.254949][T17743] ? clear_bhb_loop+0x40/0x90 [ 859.254986][T17743] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 859.255019][T17743] RIP: 0033:0x7f51fd19c819 [ 859.255044][T17743] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 859.255075][T17743] RSP: 002b:00007f51fe0ca028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 859.255106][T17743] RAX: ffffffffffffffda RBX: 00007f51fd415fa0 RCX: 00007f51fd19c819 [ 859.255136][T17743] RDX: 0000000000000000 RSI: 0000200000000140 RDI: ffffffffffffff9c [ 859.255156][T17743] RBP: 00007f51fe0ca090 R08: 0000000000000000 R09: 0000000000000000 [ 859.255175][T17743] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 859.255194][T17743] R13: 00007f51fd416038 R14: 00007f51fd415fa0 R15: 00007ffd5e35c898 [ 859.255237][T17743] [ 859.588825][T16584] Bluetooth: hci4: command 0x041b tx timeout [ 859.594952][T16584] Bluetooth: hci1: command 0x0419 tx timeout [ 859.600972][T16584] Bluetooth: hci2: command 0x041b tx timeout [ 859.826894][T16430] Bluetooth: hci3: command 0x041b tx timeout [ 859.833788][T17751] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 859.840212][T17751] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 859.846818][T17751] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 859.853123][T17751] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 860.131509][T17756] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 860.653364][T17763] delete_channel: no stack [ 861.910781][T16659] Bluetooth: hci2: command 0x041b tx timeout [ 861.910869][T16437] Bluetooth: hci4: command 0x041b tx timeout [ 861.923095][T16584] Bluetooth: hci1: command 0x0419 tx timeout [ 861.929730][T16430] Bluetooth: hci3: command 0x041b tx timeout [ 862.560069][T17791] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2647'. [ 862.760216][T17793] FAULT_INJECTION: forcing a failure. [ 862.760216][T17793] name failslab, interval 1, probability 0, space 0, times 0 [ 862.776378][T17793] CPU: 0 UID: 0 PID: 17793 Comm: syz.2.2648 Not tainted syzkaller #0 PREEMPT(full) [ 862.776421][T17793] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 862.776438][T17793] Call Trace: [ 862.776449][T17793] [ 862.776460][T17793] dump_stack_lvl+0x100/0x190 [ 862.776519][T17793] should_fail_ex.cold+0x5/0xa [ 862.776559][T17793] ? kernfs_fop_write_iter+0x26a/0x5f0 [ 862.776596][T17793] should_failslab+0xc2/0x120 [ 862.776633][T17793] __kmalloc_noprof+0xe0/0x850 [ 862.776694][T17793] kernfs_fop_write_iter+0x26a/0x5f0 [ 862.776739][T17793] vfs_write+0x6ac/0x1070 [ 862.776774][T17793] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 862.776843][T17793] ? __pfx_vfs_write+0x10/0x10 [ 862.776910][T17793] ksys_write+0x12a/0x250 [ 862.776943][T17793] ? __pfx_ksys_write+0x10/0x10 [ 862.776989][T17793] do_syscall_64+0x106/0xf80 [ 862.777024][T17793] ? clear_bhb_loop+0x40/0x90 [ 862.777065][T17793] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 862.777099][T17793] RIP: 0033:0x7f4380f9c819 [ 862.777126][T17793] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 862.777158][T17793] RSP: 002b:00007f4381f10028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 862.777195][T17793] RAX: ffffffffffffffda RBX: 00007f4381215fa0 RCX: 00007f4380f9c819 [ 862.777216][T17793] RDX: 000000007fffffff RSI: 0000000000000000 RDI: 0000000000000003 [ 862.777236][T17793] RBP: 00007f4381f10090 R08: 0000000000000000 R09: 0000000000000000 [ 862.777257][T17793] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 862.777277][T17793] R13: 00007f4381216038 R14: 00007f4381215fa0 R15: 00007fff38c38ad8 [ 862.777321][T17793] [ 863.151150][T17796] delete_channel: no stack [ 863.719714][T17809] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 863.878538][T17810] FAULT_INJECTION: forcing a failure. [ 863.878538][T17810] name failslab, interval 1, probability 0, space 0, times 0 [ 863.891563][T17810] CPU: 0 UID: 0 PID: 17810 Comm: syz.3.2652 Not tainted syzkaller #0 PREEMPT(full) [ 863.891605][T17810] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 863.891627][T17810] Call Trace: [ 863.891637][T17810] [ 863.891649][T17810] dump_stack_lvl+0x100/0x190 [ 863.891705][T17810] should_fail_ex.cold+0x5/0xa [ 863.891745][T17810] should_failslab+0xc2/0x120 [ 863.891794][T17810] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 863.891850][T17810] ? security_inode_alloc+0x3b/0x2c0 [ 863.891890][T17810] ? lockdep_init_map_type+0x5c/0x250 [ 863.891936][T17810] security_inode_alloc+0x3b/0x2c0 [ 863.891971][T17810] inode_init_always_gfp+0xced/0x1040 [ 863.892008][T17810] alloc_inode+0x8e/0x250 [ 863.892049][T17810] new_inode+0x22/0x1c0 [ 863.892093][T17810] shmem_get_inode+0x212/0x1040 [ 863.892138][T17810] ? __pfx_shmem_get_inode+0x10/0x10 [ 863.892178][T17810] ? rcu_is_watching+0x12/0xc0 [ 863.892222][T17810] ? percpu_counter_add_batch+0xb9/0x230 [ 863.892271][T17810] __shmem_file_setup+0x3ac/0x490 [ 863.892314][T17810] ? __pfx___shmem_file_setup+0x10/0x10 [ 863.892363][T17810] ? vm_area_alloc+0x1f/0x160 [ 863.892408][T17810] shmem_zero_setup+0x96/0x1b0 [ 863.892438][T17810] __mmap_region+0x21f6/0x2a50 [ 863.892489][T17810] ? __pfx___mmap_region+0x10/0x10 [ 863.892553][T17810] ? __lock_acquire+0x4a5/0x2630 [ 863.892608][T17810] ? find_held_lock+0x2b/0x80 [ 863.892635][T17810] ? finish_task_switch.isra.0+0x200/0xb80 [ 863.892667][T17810] ? finish_task_switch.isra.0+0x200/0xb80 [ 863.892714][T17810] ? trace_sched_exit_tp+0x13a/0x180 [ 863.892750][T17810] ? __schedule+0x1000/0x6120 [ 863.892834][T17810] ? rcu_is_watching+0x12/0xc0 [ 863.892880][T17810] ? cap_capable+0x107/0x460 [ 863.892916][T17810] mmap_region+0x180/0x3e0 [ 863.892970][T17810] do_mmap+0xc63/0x12f0 [ 863.893011][T17810] ? __pfx_do_mmap+0x10/0x10 [ 863.893045][T17810] ? __pfx_down_write_killable+0x10/0x10 [ 863.893090][T17810] vm_mmap_pgoff+0x29e/0x470 [ 863.893131][T17810] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 863.893169][T17810] ? do_futex+0x192/0x350 [ 863.893208][T17810] ? __pfx_do_futex+0x10/0x10 [ 863.893255][T17810] ksys_mmap_pgoff+0xe1/0x650 [ 863.893287][T17810] ? __x64_sys_futex+0x34f/0x4d0 [ 863.893325][T17810] ? __x64_sys_futex+0x358/0x4d0 [ 863.893364][T17810] ? __pfx_ksys_mmap_pgoff+0x10/0x10 [ 863.893398][T17810] ? xfd_validate_state+0x129/0x190 [ 863.893448][T17810] __x64_sys_mmap+0x125/0x190 [ 863.893496][T17810] do_syscall_64+0x106/0xf80 [ 863.893525][T17810] ? clear_bhb_loop+0x40/0x90 [ 863.893561][T17810] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 863.893591][T17810] RIP: 0033:0x7fd7ba79c819 [ 863.893615][T17810] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 863.893645][T17810] RSP: 002b:00007fd7bb644028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 863.893673][T17810] RAX: ffffffffffffffda RBX: 00007fd7baa16270 RCX: 00007fd7ba79c819 [ 863.893693][T17810] RDX: 0000000000000003 RSI: 0000000002020009 RDI: 0000000000000000 [ 863.893710][T17810] RBP: 00007fd7ba832c91 R08: fffffffffffffffa R09: 0000000000008000 [ 863.893730][T17810] R10: 0000000000000eb1 R11: 0000000000000246 R12: 0000000000000000 [ 863.893747][T17810] R13: 00007fd7baa16308 R14: 00007fd7baa16270 R15: 00007ffc94d0e4a8 [ 863.893794][T17810] [ 864.829389][T17819] bond0: Unable to set up delay as MII monitoring is disabled [ 865.436480][T17827] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2657'. [ 866.385680][T17843] delete_channel: no stack [ 866.413709][T17835] ================================================================== [ 866.413738][T17835] BUG: KASAN: vmalloc-out-of-bounds in sys_fillrect+0x174a/0x1910 [ 866.413797][T17835] Write of size 8 at addr ffffc900042d9000 by task syz.0.2659/17835 [ 866.413833][T17835] [ 866.413846][T17835] CPU: 1 UID: 0 PID: 17835 Comm: syz.0.2659 Not tainted syzkaller #0 PREEMPT(full) [ 866.413883][T17835] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 866.413902][T17835] Call Trace: [ 866.413911][T17835] [ 866.413922][T17835] dump_stack_lvl+0x100/0x190 [ 866.413971][T17835] print_report+0x156/0x4c9 [ 866.414016][T17835] ? _raw_spin_lock_irqsave+0x52/0x60 [ 866.414073][T17835] ? sys_fillrect+0x174a/0x1910 [ 866.414122][T17835] kasan_report+0xdf/0x1e0 [ 866.414160][T17835] ? sys_fillrect+0x174a/0x1910 [ 866.414219][T17835] sys_fillrect+0x174a/0x1910 [ 866.414279][T17835] drm_fbdev_shmem_defio_fillrect+0x22/0x140 [ 866.414321][T17835] bit_clear+0x17d/0x220 [ 866.414363][T17835] ? __pfx_bit_clear+0x10/0x10 [ 866.414407][T17835] ? fb_get_color_depth+0x120/0x250 [ 866.414447][T17835] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 866.414485][T17835] __fbcon_clear+0x633/0x760 [ 866.414525][T17835] ? __pfx_bit_clear+0x10/0x10 [ 866.414571][T17835] fbcon_scroll+0x48b/0x650 [ 866.414609][T17835] con_scroll+0x464/0x690 [ 866.414663][T17835] do_con_write+0x6883/0x8540 [ 866.414706][T17835] ? __pfx_do_con_write+0x10/0x10 [ 866.414747][T17835] con_write+0x23/0xb0 [ 866.414776][T17835] n_tty_write+0x44f/0x12d0 [ 866.414832][T17835] ? __pfx_n_tty_write+0x10/0x10 [ 866.414872][T17835] ? __pfx_woken_wake_function+0x10/0x10 [ 866.414927][T17835] ? __pfx___might_resched+0x10/0x10 [ 866.414980][T17835] ? __pfx_n_tty_write+0x10/0x10 [ 866.415019][T17835] file_tty_write.isra.0+0x4d2/0x890 [ 866.415079][T17835] redirected_tty_write+0xd4/0x120 [ 866.415133][T17835] vfs_write+0x6ac/0x1070 [ 866.415165][T17835] ? __pfx_redirected_tty_write+0x10/0x10 [ 866.415222][T17835] ? __pfx_vfs_write+0x10/0x10 [ 866.415252][T17835] ? find_held_lock+0x2b/0x80 [ 866.415298][T17835] ksys_write+0x12a/0x250 [ 866.415335][T17835] ? __pfx_ksys_write+0x10/0x10 [ 866.415367][T17835] ? do_user_addr_fault+0x8d6/0x12f0 [ 866.415404][T17835] do_syscall_64+0x106/0xf80 [ 866.415442][T17835] ? clear_bhb_loop+0x40/0x90 [ 866.415480][T17835] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 866.415514][T17835] RIP: 0033:0x7f7bfb39c819 [ 866.415539][T17835] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 866.415572][T17835] RSP: 002b:00007f7bfc242028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 866.415606][T17835] RAX: ffffffffffffffda RBX: 00007f7bfb616270 RCX: 00007f7bfb39c819 [ 866.415628][T17835] RDX: 000000000000fdef RSI: 0000200000000000 RDI: 0000000000000026 [ 866.415647][T17835] RBP: 00007f7bfb432c91 R08: 0000000000000000 R09: 0000000000000000 [ 866.415668][T17835] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 866.415687][T17835] R13: 00007f7bfb616308 R14: 00007f7bfb616270 R15: 00007ffdc01226e8 [ 866.415721][T17835] [ 866.415732][T17835] [ 866.415740][T17835] The buggy address belongs to a vmalloc virtual mapping [ 866.415762][T17835] Memory state around the buggy address: [ 866.415778][T17835] ffffc900042d8f00: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 866.415815][T17835] ffffc900042d8f80: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 866.415838][T17835] >ffffc900042d9000: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 866.415859][T17835] ^ [ 866.415871][T17835] ffffc900042d9080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 866.415888][T17835] ffffc900042d9100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 866.415901][T17835] ================================================================== [ 866.528564][T17835] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 866.528586][T17835] CPU: 1 UID: 0 PID: 17835 Comm: syz.0.2659 Not tainted syzkaller #0 PREEMPT(full) [ 866.528615][T17835] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 866.528630][T17835] Call Trace: [ 866.528638][T17835] [ 866.528647][T17835] dump_stack_lvl+0x100/0x190 [ 866.528686][T17835] vpanic+0x552/0x970 [ 866.528708][T17835] ? __pfx_vpanic+0x10/0x10 [ 866.528734][T17835] ? sys_fillrect+0x174a/0x1910 [ 866.528770][T17835] panic+0xd1/0xe0 [ 866.528791][T17835] ? __pfx_panic+0x10/0x10 [ 866.528813][T17835] ? sys_fillrect+0x174a/0x1910 [ 866.528855][T17835] ? preempt_schedule_common+0x42/0xc0 [ 866.528880][T17835] ? check_panic_on_warn+0x1f/0x90 [ 866.528916][T17835] check_panic_on_warn.cold+0x19/0x34 [ 866.528942][T17835] end_report.part.0+0x3a/0x90 [ 866.528974][T17835] kasan_report.cold+0xe/0x18 [ 866.529008][T17835] ? sys_fillrect+0x174a/0x1910 [ 866.529047][T17835] sys_fillrect+0x174a/0x1910 [ 866.529089][T17835] drm_fbdev_shmem_defio_fillrect+0x22/0x140 [ 866.529119][T17835] bit_clear+0x17d/0x220 [ 866.529162][T17835] ? __pfx_bit_clear+0x10/0x10 [ 866.529193][T17835] ? fb_get_color_depth+0x120/0x250 [ 866.529221][T17835] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 866.529248][T17835] __fbcon_clear+0x633/0x760 [ 866.529277][T17835] ? __pfx_bit_clear+0x10/0x10 [ 866.529309][T17835] fbcon_scroll+0x48b/0x650 [ 866.529343][T17835] con_scroll+0x464/0x690 [ 866.529381][T17835] do_con_write+0x6883/0x8540 [ 866.529412][T17835] ? __pfx_do_con_write+0x10/0x10 [ 866.529441][T17835] con_write+0x23/0xb0 [ 866.529462][T17835] n_tty_write+0x44f/0x12d0 [ 866.529496][T17835] ? __pfx_n_tty_write+0x10/0x10 [ 866.529525][T17835] ? __pfx_woken_wake_function+0x10/0x10 [ 866.529564][T17835] ? __pfx___might_resched+0x10/0x10 [ 866.529601][T17835] ? __pfx_n_tty_write+0x10/0x10 [ 866.529629][T17835] file_tty_write.isra.0+0x4d2/0x890 [ 866.529672][T17835] redirected_tty_write+0xd4/0x120 [ 866.529710][T17835] vfs_write+0x6ac/0x1070 [ 866.529734][T17835] ? __pfx_redirected_tty_write+0x10/0x10 [ 866.529774][T17835] ? __pfx_vfs_write+0x10/0x10 [ 866.529796][T17835] ? find_held_lock+0x2b/0x80 [ 866.529828][T17835] ksys_write+0x12a/0x250 [ 866.529855][T17835] ? __pfx_ksys_write+0x10/0x10 [ 866.529878][T17835] ? do_user_addr_fault+0x8d6/0x12f0 [ 866.529904][T17835] do_syscall_64+0x106/0xf80 [ 866.529928][T17835] ? clear_bhb_loop+0x40/0x90 [ 866.529956][T17835] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 866.529980][T17835] RIP: 0033:0x7f7bfb39c819 [ 866.529998][T17835] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 866.530021][T17835] RSP: 002b:00007f7bfc242028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 866.530043][T17835] RAX: ffffffffffffffda RBX: 00007f7bfb616270 RCX: 00007f7bfb39c819 [ 866.530059][T17835] RDX: 000000000000fdef RSI: 0000200000000000 RDI: 0000000000000026 [ 866.530074][T17835] RBP: 00007f7bfb432c91 R08: 0000000000000000 R09: 0000000000000000 [ 866.530089][T17835] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 866.530104][T17835] R13: 00007f7bfb616308 R14: 00007f7bfb616270 R15: 00007ffdc01226e8 [ 866.530127][T17835] [ 866.530742][T17835] Kernel Offset: disabled