last executing test programs: 5.337304247s ago: executing program 0 (id=822): unlink$auto(0x0) close_range$auto(0x2, 0xa, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x100) socket(0xa, 0x3, 0x3a) setsockopt$auto(0x400000000000003, 0x29, 0xd2, 0x0, 0x567) fanotify_init$auto(0x65, 0x2) r0 = pipe$auto(0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/ptp/ptp0/n_alarms\x00', 0x42080, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r1, &(0x7f0000000240)=""/217, 0x115) dup2$auto(0x5, 0x4) splice$auto(0x4, 0x0, 0x2, 0x0, 0x80000001, 0x9) write$auto(0x6, 0x0, 0x100000001) ioctl$auto_NS_GET_PID_IN_PIDNS(r0, 0x8004b708, &(0x7f0000000040)=0x10000) kexec_load$auto(0x2, 0x2, 0x0, 0x80000005) 4.232398605s ago: executing program 0 (id=825): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_console_fops_tty_io(0xffffffffffffff9c, 0x0, 0x102, 0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x103e81, 0x0) io_uring_setup$auto(0x1, 0x0) close_range$auto(r0, 0xa, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) ioctl$auto_TCFLSH2(r1, 0x545c, 0x0) 3.928414183s ago: executing program 3 (id=828): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/module/zswap/parameters/compressor\x00', 0xc0002, 0x0) write$auto_ocfs2_control_fops_stack_user(r0, &(0x7f0000003900)='\t', 0x1) mmap$auto(0x0, 0x2020005, 0x3, 0xeb1, 0xfffffffffffffffa, 0x0) connect$auto(0x3, 0x0, 0x58) sendmsg$auto_ETHTOOL_MSG_LINKMODES_SET(0xffffffffffffffff, 0x0, 0x800) mmap$auto(0x0, 0x2a, 0xdf, 0x9b72, 0x1000, 0x28000) setrlimit$auto(0xb, 0x0) r1 = getpid() r2 = gettid() rt_tgsigqueueinfo$auto(r1, r2, 0x21, 0x0) bpf$auto(0x0, &(0x7f0000000380)=@task_fd_query={0x12, 0x3, 0x4, 0xae30, 0x8, 0xfff, 0xffffffffffffffff, 0x4, 0x7ff}, 0x6f4) syz_genetlink_get_family_id$auto_taskstats(&(0x7f0000000040), r3) r4 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000001b80), r4) write$auto(0xffffffffffffffff, 0x0, 0xb8c5) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r4, &(0x7f0000001e00)={0x0, 0x0, &(0x7f0000001dc0)={&(0x7f0000001e40)=ANY=[@ANYBLOB], 0x18}, 0x1, 0x0, 0x0, 0x220000c1}, 0xc0) 3.160265249s ago: executing program 3 (id=831): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x1e, 0x1, 0x0) sendto$auto(0x3, 0x0, 0x13, 0x7, &(0x7f0000000440)=@tipc=@name={0x1e, 0x2, 0x3, {{0x1, 0x1}}}, 0x20) read$auto(0x3, 0x0, 0x80) 3.143005787s ago: executing program 0 (id=832): openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/nullb0\x00', 0x14fa02, 0x0) r0 = fcntl$auto(0x8000000000000001, 0x26, 0x8) setsockopt$auto(r0, 0x94f3, 0x6, &(0x7f00000000c0)='/proc/thread-self/fail-nth\x00', 0x2) syz_genetlink_get_family_id$auto_smc_gen_netlink(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$auto_SMC_NETLINK_ENABLE_SEID(r0, 0x0, 0x2000c000) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ram5\x00', 0x14fa02, 0x0) setreuid$auto(0xffffffffffffffff, 0x8) prctl$auto_PR_SET_VMA_ANON_NAME(0x401, 0x0, 0x0, 0x30000001, 0x3) mmap$auto(0x0, 0x810004, 0x400000000ffb, 0x8000000008011, 0x3, 0x8000) openat$auto_snd_pcm_f_ops_pcm1(0xffffffffffffff9c, 0x0, 0x0, 0x0) setresuid$auto(0x0, 0x0, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x181500, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/cgroup.stat\x00', 0x280, 0x0) r3 = openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f0000006900)='/sys/kernel/config/target/dbroot\x00', 0x189002, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) getcwd$auto(0x0, 0xffffffffffffffff) write$auto(r3, 0x0, 0x7) read$auto_kernfs_file_fops_kernfs_internal(r2, &(0x7f00000003c0)=""/20, 0xfffffcc4) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/pts/ptmx\x00', 0x20540, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) mknod$auto(&(0x7f0000000040)='\xfd\x90\x8f2\x14\x92\x00\xbf\xdf\xcf\x9a\xae}\xd9\xf95\xc5gV\x82\f\xe5h\xfe\x83\xe4\xbe\x8c\x1f\xa5\xf1_T\xde\xf7\xd4\x83D\x9eXS\xd6\x90T\xc1v\xad#\xc4q\x8b\xed2\xadW:0\xef\x9c.=\xba\x0fy\x8f\xcd\xd6\xde\xa9i\xec\xe8\xca\x9f\xf3\x82b\xa2y\xa87J\xfc \xc5\xd8\x80\xba\xaaV\x8f{\x1f\x1b\xb0\n\x97\\\xa7\xe3\xdf\xc29-*;#r\xc8\xd1\x14RcF\x87\xe4\x1c\x1fGL\xa5\x19\x90\xd6\x8d*\xe6\b(\x1a\xea\x95\xdc\xa6)5\xae&yAl\x1e\xe3j Lp\x91\r\xed%\xafZ\xf8w\xf2}\xcdGS\xce\xb9\xdck\x86\x00.6\xe6{\xc1\x00\x1bW5\x81\xda!\xcb.O\xa9\xf3\xa7\x88+\xb9\xf3\x9a7\xa4\xe6)<\xa79\xa4\x87\\\xb4\xbf\v\x03\x87\xac\x87r\x02\x05\xdb\xe4\xde,V\xb6G\xba.WR\xe2<~\xdd\xb2\xe53hj_;\xa5qm\x92\xc7P\xc9.\x82w8\x1f\xfcX\xe4\x14\xc72cC\xd3\x00'/263, 0x1, 0x4) lstat$auto(&(0x7f0000000200)='\xfd\x90\x8f2\x14\x92\x00\xbf\xdf\xcf\x9a\xae}\xd9\xf95\xc5gV\x82\f\xe5h\xfe\x83\xe4\xbe\x8c\x1f\xa5\xf1_T\xde\xf7\xd4\x83D\x9eXS\xd6\x90T\xc1v\xad#\xc4q\x8b\xed2\xadW:0\xef\x9c.=\xba\x0fy\x8f\xcd\xd6\xde\xa9i\xec\xe8\xca\x9f\xf3\x82b\xa2y\xa87J\xfc \xc5\xd8\x80\xba\xaaV\x8f{\x1f\x1b\xb0\n\x97\\\xa7\xe3\xdf\xc29-*;#r\xc8\xd1\x14RcF\x87\xe4\x1c\x1fGL\xa5\x19\x90\xd6\x8d*\xe6\b(\x1a\xea\x95\xdc\xa6)5\xae&yAl\x1e\xe3j Lp\x91\r\xed%\xafZ\xf8w\xf2}\xcdGS\xce\xb9\xdck\x86\x00.6\xe6{\xc1\x00\x1bW5\x81\xda!\xcb.O\xa9\xf3\xa7\x88+\xb9\xf3\x9a7\xa4\xe6)<\xa79\xa4\x87\\\xb4\xbf\v\x03\x87\xac\x87r\x02\x05\xdb\xe4\xde,V\xb6G\xba.WR\xe2<~\xdd\xb2\xe53hj_;\xa5qm\x92\xc7P\xc9.\x82w8\x1f\xfcX\xe4\x14\xc72cC\xd3\x00', 0x0) ioctl$auto(0x3, 0x5420, 0x38) move_pages$auto(0x0, 0x1002, 0x0, 0x0, 0x0, 0x2) ioctl$auto(0x3, 0x402c542c, 0x38) ioctl$auto(0x3, 0x402c542b, 0x38) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) 2.684976166s ago: executing program 1 (id=834): openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f0000000000)='/dev/usbmon33\x00', 0x121200, 0x0) mmap$auto(0x0, 0x4000002, 0xfffffffffffffe01, 0x8051, 0x3, 0x0) close_range$auto(0x2, 0x8, 0x0) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xc0380, 0x0) ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$auto(0x3, 0xae60, 0x10000000000402) ioctl$auto(0x3, 0xc008ae67, 0x38) 2.684822829s ago: executing program 3 (id=835): unlink$auto(0x0) close_range$auto(0x2, 0xa, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x100) socket(0xa, 0x3, 0x3a) setsockopt$auto(0x400000000000003, 0x29, 0xd2, 0x0, 0x567) fanotify_init$auto(0x65, 0x2) r0 = pipe$auto(0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/ptp/ptp0/n_alarms\x00', 0x42080, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r1, &(0x7f0000000240)=""/217, 0x115) dup2$auto(0x5, 0x4) splice$auto(0x4, 0x0, 0x2, 0x0, 0x80000001, 0x9) write$auto(0x6, 0x0, 0x100000001) ioctl$auto_NS_GET_PID_IN_PIDNS(r0, 0x8004b708, &(0x7f0000000040)=0x10000) kexec_load$auto(0x2, 0x2, 0x0, 0x80000005) 2.440524209s ago: executing program 2 (id=836): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x0) write$auto(0xca, &(0x7f0000000140)='\x04\x0e\x06\xd5\x89|d\v\x00\x00@\x00\x81\x00\x00\x00\xf6\xf5\x00\xdf\xff\x00', 0x10) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x14, 0x0, 0x10, 0x70bd2c, 0x25dfdbfd, {0xa, 0x0, 0xa00}}, 0x14}, 0x1, 0x0, 0x0, 0x20008000}, 0x10004010) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB='!\x00\''], 0x1ac}, 0x1, 0x0, 0x0, 0x44}, 0x40090) r0 = socket(0x10, 0x2, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/ram10/queue/max_sectors_kb\x00', 0xe3102, 0x0) sendfile$auto(r1, r1, 0x0, 0x3) unshare$auto(0x40000080) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) openat$auto_cpuid_fops_cpuid(0xffffffffffffff9c, &(0x7f0000000500)='/dev/cpu/0/cpuid\x00', 0xad00, 0x0) mount_setattr$auto(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000640)={0x8, 0x100009}, 0x283) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000100)='/dev/pts/ptmx\x00', 0xa0540, 0x0) lstat$auto(0x0, 0x0) ioctl$auto(r2, 0x5419, 0x38) openat$auto_snd_pcm_f_ops_pcm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snd/pcmC1D0p\x00', 0x4000, 0x0) ioctl$auto_FBIO_CURSOR(0xffffffffffffffff, 0xc0684608, &(0x7f00000001c0)={0x6, 0x1, 0x600, &(0x7f0000000240)='!\x00', {0x1003, 0x9b72}, {0x5, 0x3, 0x2, 0x9, 0x4, 0x7f, 0x9, 0x0, {0x1fe, 0xffffff81, 0x0, 0x0, 0x0, 0x0}}}) write$auto(0xca, &(0x7f0000000040)='\x04>\x01\r\xfb\xff\xf6OL\xc8\xbe\x94\xf2\xa2\x00\x00', 0x2d9) sendmmsg$auto(r0, &(0x7f0000000080)={{0x0, 0x8002, &(0x7f00000002c0)={0x0, 0xc4}, 0x2, 0x0, 0x0, 0x1}, 0x5}, 0x3, 0x0) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/platform/serial8250/driver_override\x00', 0x22b42, 0x0) mmap$auto(0x80, 0x5, 0x1, 0x14, r2, 0xe) sendfile$auto(r3, r3, 0x0, 0x4f64a1d2) r4 = socket(0x2a, 0x2, 0x0) r5 = socket(0x2c, 0x80003, 0x0) r6 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/kernel/watchdog\x00', 0x2002, 0x0) sendfile$auto(r6, r6, 0x0, 0x80000000003) sendmsg$auto_NL802154_CMD_SET_SEC_PARAMS(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x44040}, 0x4000) ioctl$auto(r4, 0x8912, 0x38) 2.187342914s ago: executing program 1 (id=837): mmap$auto(0x0, 0x2020009, 0x8000000000000003, 0x40000000000eb1, 0xffffffffffffffff, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) eventfd$auto(0x4) r0 = openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000240)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x1000, 0x0) r1 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$auto_VHOST_SET_OWNER(r1, 0xaf01, 0x5) ioctl$auto(r1, 0x4008af20, r0) 2.088226916s ago: executing program 1 (id=838): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r0 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'wlan0\x00', 0x0}) sendmsg$auto_NL80211_CMD_SET_WIPHY(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010029bd693840f03c423aa0000008000300", @ANYRES32=r2], 0x24}, 0x1, 0x0, 0x0, 0x404c050}, 0x80) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 2.046773095s ago: executing program 0 (id=839): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x0) write$auto(0xca, &(0x7f0000000140)='\x04\x0e\x06\xd5\x89|d\v\x00\x00@\x00\x81\x00\x00\x00\xf6\xf5\x00\xdf\xff\x00', 0x10) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x14, 0x0, 0x10, 0x70bd2c, 0x25dfdbfd, {0xa, 0x0, 0xa00}}, 0x14}, 0x1, 0x0, 0x0, 0x20008000}, 0x10004010) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB='!\x00\''], 0x1ac}, 0x1, 0x0, 0x0, 0x44}, 0x40090) r0 = socket(0x10, 0x2, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/ram10/queue/max_sectors_kb\x00', 0xe3102, 0x0) sendfile$auto(r1, r1, 0x0, 0x3) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) openat$auto_cpuid_fops_cpuid(0xffffffffffffff9c, &(0x7f0000000500)='/dev/cpu/0/cpuid\x00', 0xad00, 0x0) mount_setattr$auto(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000640)={0x8, 0x100009}, 0x283) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000100)='/dev/pts/ptmx\x00', 0xa0540, 0x0) lstat$auto(0x0, 0x0) ioctl$auto(r2, 0x5419, 0x38) openat$auto_snd_pcm_f_ops_pcm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snd/pcmC1D0p\x00', 0x4000, 0x0) ioctl$auto_FBIO_CURSOR(0xffffffffffffffff, 0xc0684608, &(0x7f00000001c0)={0x6, 0x1, 0x600, &(0x7f0000000240)='!\x00', {0x1003, 0x9b72}, {0x5, 0x3, 0x2, 0x9, 0x4, 0x7f, 0x9, 0x0, {0x1fe, 0xffffff81, 0x0, 0x0, 0x0, 0x0}}}) write$auto(0xca, &(0x7f0000000040)='\x04>\x01\r\xfb\xff\xf6OL\xc8\xbe\x94\xf2\xa2\x00\x00', 0x2d9) sendmmsg$auto(r0, &(0x7f0000000080)={{0x0, 0x8002, &(0x7f00000002c0)={0x0, 0xc4}, 0x2, 0x0, 0x0, 0x1}, 0x5}, 0x3, 0x0) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/platform/serial8250/driver_override\x00', 0x22b42, 0x0) mmap$auto(0x80, 0x5, 0x1, 0x14, r2, 0xe) sendfile$auto(r3, r3, 0x0, 0x4f64a1d2) r4 = socket(0x2a, 0x2, 0x0) r5 = socket(0x2c, 0x80003, 0x0) r6 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/kernel/watchdog\x00', 0x2002, 0x0) sendfile$auto(r6, r6, 0x0, 0x80000000003) sendmsg$auto_NL802154_CMD_SET_SEC_PARAMS(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x44040}, 0x4000) ioctl$auto(r4, 0x8912, 0x38) 1.963512019s ago: executing program 2 (id=840): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x0) write$auto(0xca, &(0x7f0000000140)='\x04\x0e\x06\xd5\x89|d\v\x00\x00@\x00\x81\x00\x00\x00\xf6\xf5\x00\xdf\xff\x00', 0x10) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x14, 0x0, 0x10, 0x70bd2c, 0x25dfdbfd, {0xa, 0x0, 0xa00}}, 0x14}, 0x1, 0x0, 0x0, 0x20008000}, 0x10004010) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB='!\x00\''], 0x1ac}, 0x1, 0x0, 0x0, 0x44}, 0x40090) r0 = socket(0x10, 0x2, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/ram10/queue/max_sectors_kb\x00', 0xe3102, 0x0) sendfile$auto(r1, r1, 0x0, 0x3) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) unshare$auto(0x40000080) openat$auto_cpuid_fops_cpuid(0xffffffffffffff9c, &(0x7f0000000500)='/dev/cpu/0/cpuid\x00', 0xad00, 0x0) mount_setattr$auto(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000640)={0x8, 0x100009}, 0x283) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000100)='/dev/pts/ptmx\x00', 0xa0540, 0x0) lstat$auto(0x0, 0x0) ioctl$auto(r2, 0x5419, 0x38) openat$auto_snd_pcm_f_ops_pcm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snd/pcmC1D0p\x00', 0x4000, 0x0) ioctl$auto_FBIO_CURSOR(0xffffffffffffffff, 0xc0684608, &(0x7f00000001c0)={0x6, 0x1, 0x600, &(0x7f0000000240)='!\x00', {0x1003, 0x9b72}, {0x5, 0x3, 0x2, 0x9, 0x4, 0x7f, 0x9, 0x0, {0x1fe, 0xffffff81, 0x0, 0x0, 0x0, 0x0}}}) write$auto(0xca, &(0x7f0000000040)='\x04>\x01\r\xfb\xff\xf6OL\xc8\xbe\x94\xf2\xa2\x00\x00', 0x2d9) sendmmsg$auto(r0, &(0x7f0000000080)={{0x0, 0x8002, &(0x7f00000002c0)={0x0, 0xc4}, 0x2, 0x0, 0x0, 0x1}, 0x5}, 0x3, 0x0) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/platform/serial8250/driver_override\x00', 0x22b42, 0x0) mmap$auto(0x80, 0x5, 0x1, 0x14, r2, 0xe) sendfile$auto(r3, r3, 0x0, 0x4f64a1d2) r4 = socket(0x2a, 0x2, 0x0) r5 = socket(0x2c, 0x80003, 0x0) r6 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/kernel/watchdog\x00', 0x2002, 0x0) sendfile$auto(r6, r6, 0x0, 0x80000000003) sendmsg$auto_NL802154_CMD_SET_SEC_PARAMS(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x44040}, 0x4000) ioctl$auto(r4, 0x8912, 0x38) 1.710621083s ago: executing program 3 (id=841): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_console_fops_tty_io(0xffffffffffffff9c, 0x0, 0x102, 0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x103e81, 0x0) io_uring_setup$auto(0x1, 0x0) close_range$auto(r0, 0xa, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) ioctl$auto_TCFLSH2(r1, 0x545c, 0x0) 1.649327301s ago: executing program 0 (id=842): openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/nullb0\x00', 0x14fa02, 0x0) r0 = fcntl$auto(0x8000000000000001, 0x26, 0x8) setsockopt$auto(r0, 0x94f3, 0x6, &(0x7f00000000c0)='/proc/thread-self/fail-nth\x00', 0x2) syz_genetlink_get_family_id$auto_smc_gen_netlink(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$auto_SMC_NETLINK_ENABLE_SEID(r0, 0x0, 0x2000c000) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ram5\x00', 0x14fa02, 0x0) setreuid$auto(0xffffffffffffffff, 0x8) prctl$auto_PR_SET_VMA_ANON_NAME(0x401, 0x0, 0x0, 0x30000001, 0x3) mmap$auto(0x0, 0x810004, 0x400000000ffb, 0x8000000008011, 0x3, 0x8000) openat$auto_snd_pcm_f_ops_pcm1(0xffffffffffffff9c, 0x0, 0x0, 0x0) setresuid$auto(0x0, 0x0, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x181500, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/cgroup.stat\x00', 0x280, 0x0) r3 = openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f0000006900)='/sys/kernel/config/target/dbroot\x00', 0x189002, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) getcwd$auto(0x0, 0xffffffffffffffff) write$auto(r3, 0x0, 0x7) read$auto_kernfs_file_fops_kernfs_internal(r2, &(0x7f00000003c0)=""/20, 0xfffffcc4) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/pts/ptmx\x00', 0x20540, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) mknod$auto(&(0x7f0000000040)='\xfd\x90\x8f2\x14\x92\x00\xbf\xdf\xcf\x9a\xae}\xd9\xf95\xc5gV\x82\f\xe5h\xfe\x83\xe4\xbe\x8c\x1f\xa5\xf1_T\xde\xf7\xd4\x83D\x9eXS\xd6\x90T\xc1v\xad#\xc4q\x8b\xed2\xadW:0\xef\x9c.=\xba\x0fy\x8f\xcd\xd6\xde\xa9i\xec\xe8\xca\x9f\xf3\x82b\xa2y\xa87J\xfc \xc5\xd8\x80\xba\xaaV\x8f{\x1f\x1b\xb0\n\x97\\\xa7\xe3\xdf\xc29-*;#r\xc8\xd1\x14RcF\x87\xe4\x1c\x1fGL\xa5\x19\x90\xd6\x8d*\xe6\b(\x1a\xea\x95\xdc\xa6)5\xae&yAl\x1e\xe3j Lp\x91\r\xed%\xafZ\xf8w\xf2}\xcdGS\xce\xb9\xdck\x86\x00.6\xe6{\xc1\x00\x1bW5\x81\xda!\xcb.O\xa9\xf3\xa7\x88+\xb9\xf3\x9a7\xa4\xe6)<\xa79\xa4\x87\\\xb4\xbf\v\x03\x87\xac\x87r\x02\x05\xdb\xe4\xde,V\xb6G\xba.WR\xe2<~\xdd\xb2\xe53hj_;\xa5qm\x92\xc7P\xc9.\x82w8\x1f\xfcX\xe4\x14\xc72cC\xd3\x00'/263, 0x1, 0x4) lstat$auto(&(0x7f0000000200)='\xfd\x90\x8f2\x14\x92\x00\xbf\xdf\xcf\x9a\xae}\xd9\xf95\xc5gV\x82\f\xe5h\xfe\x83\xe4\xbe\x8c\x1f\xa5\xf1_T\xde\xf7\xd4\x83D\x9eXS\xd6\x90T\xc1v\xad#\xc4q\x8b\xed2\xadW:0\xef\x9c.=\xba\x0fy\x8f\xcd\xd6\xde\xa9i\xec\xe8\xca\x9f\xf3\x82b\xa2y\xa87J\xfc \xc5\xd8\x80\xba\xaaV\x8f{\x1f\x1b\xb0\n\x97\\\xa7\xe3\xdf\xc29-*;#r\xc8\xd1\x14RcF\x87\xe4\x1c\x1fGL\xa5\x19\x90\xd6\x8d*\xe6\b(\x1a\xea\x95\xdc\xa6)5\xae&yAl\x1e\xe3j Lp\x91\r\xed%\xafZ\xf8w\xf2}\xcdGS\xce\xb9\xdck\x86\x00.6\xe6{\xc1\x00\x1bW5\x81\xda!\xcb.O\xa9\xf3\xa7\x88+\xb9\xf3\x9a7\xa4\xe6)<\xa79\xa4\x87\\\xb4\xbf\v\x03\x87\xac\x87r\x02\x05\xdb\xe4\xde,V\xb6G\xba.WR\xe2<~\xdd\xb2\xe53hj_;\xa5qm\x92\xc7P\xc9.\x82w8\x1f\xfcX\xe4\x14\xc72cC\xd3\x00', 0x0) ioctl$auto(0x3, 0x5420, 0x38) move_pages$auto(0x0, 0x1002, 0x0, 0x0, 0x0, 0x2) ioctl$auto(0x3, 0x402c542c, 0x38) ioctl$auto(0x3, 0x402c542b, 0x38) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) 1.560994921s ago: executing program 1 (id=843): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x0) write$auto(0xca, &(0x7f0000000140)='\x04\x0e\x06\xd5\x89|d\v\x00\x00@\x00\x81\x00\x00\x00\xf6\xf5\x00\xdf\xff\x00', 0x10) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x14, 0x0, 0x10, 0x70bd2c, 0x25dfdbfd, {0xa, 0x0, 0xa00}}, 0x14}, 0x1, 0x0, 0x0, 0x20008000}, 0x10004010) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB='!\x00\''], 0x1ac}, 0x1, 0x0, 0x0, 0x44}, 0x40090) r0 = socket(0x10, 0x2, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/ram10/queue/max_sectors_kb\x00', 0xe3102, 0x0) sendfile$auto(r1, r1, 0x0, 0x3) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) openat$auto_cpuid_fops_cpuid(0xffffffffffffff9c, &(0x7f0000000500)='/dev/cpu/0/cpuid\x00', 0xad00, 0x0) mount_setattr$auto(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000640)={0x8, 0x100009}, 0x283) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000100)='/dev/pts/ptmx\x00', 0xa0540, 0x0) lstat$auto(0x0, 0x0) ioctl$auto(r2, 0x5419, 0x38) openat$auto_snd_pcm_f_ops_pcm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snd/pcmC1D0p\x00', 0x4000, 0x0) ioctl$auto_FBIO_CURSOR(0xffffffffffffffff, 0xc0684608, &(0x7f00000001c0)={0x6, 0x1, 0x600, &(0x7f0000000240)='!\x00', {0x1003, 0x9b72}, {0x5, 0x3, 0x2, 0x9, 0x4, 0x7f, 0x9, 0x0, {0x1fe, 0xffffff81, 0x0, 0x0, 0x0, 0x0}}}) write$auto(0xca, &(0x7f0000000040)='\x04>\x01\r\xfb\xff\xf6OL\xc8\xbe\x94\xf2\xa2\x00\x00', 0x2d9) sendmmsg$auto(r0, &(0x7f0000000080)={{0x0, 0x8002, &(0x7f00000002c0)={0x0, 0xc4}, 0x2, 0x0, 0x0, 0x1}, 0x5}, 0x3, 0x0) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/platform/serial8250/driver_override\x00', 0x22b42, 0x0) mmap$auto(0x80, 0x5, 0x1, 0x14, r2, 0xe) sendfile$auto(r3, r3, 0x0, 0x4f64a1d2) r4 = socket(0x2a, 0x2, 0x0) r5 = socket(0x2c, 0x80003, 0x0) r6 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/kernel/watchdog\x00', 0x2002, 0x0) sendfile$auto(r6, r6, 0x0, 0x80000000003) sendmsg$auto_NL802154_CMD_SET_SEC_PARAMS(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x44040}, 0x4000) ioctl$auto(r4, 0x8912, 0x38) 1.386647906s ago: executing program 2 (id=844): close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0xa, 0x1, 0x84) openat$auto_proc_mountinfo_operations_mnt_namespace(0xffffffffffffff9c, &(0x7f0000000000)='/proc/cpuinfo\x00', 0x8800, 0x0) socket(0xa, 0x2, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x100842, 0x0) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sequencer\x00', 0x787806, 0x0) close_range$auto(0x2, 0x8, 0x0) r2 = socket(0x10, 0x2, 0x4) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0xc) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYRES32=0x0, @ANYRES8=r1, @ANYRES8=r1], 0x18}, 0x1, 0x0, 0x0, 0x40000}, 0x2000c082) write$auto(r2, &(0x7f0000000000)='-\x00', 0xfdef) 823.985523ms ago: executing program 2 (id=845): mmap$auto(0x0, 0x400008, 0x3, 0x9b72, 0x2, 0x8000) io_uring_setup$auto(0x6, 0x0) io_uring_setup$auto(0x40, &(0x7f00000001c0)={0x1200, 0x5, 0x10000, 0x9, 0x5b77b906, 0x0, 0xffffffffffffffff, [0xcfa, 0xe5d, 0x5], {0x8001, 0x38, 0x9, 0x4, 0x4, 0x3, 0x3ff, 0x3, 0xffff}, {0x20000000, 0x9, 0x7, 0x2, 0x2, 0xffff13a7, 0x0, 0x449e, 0x1}}) r0 = socket(0x11, 0x80003, 0x300) setsockopt$auto(r0, 0x107, 0xf, 0x0, 0x6) capset$auto(0x0, &(0x7f0000000000)={0x400, 0xc, 0x5a}) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000000), 0x5ac, &(0x7f0000000100)={&(0x7f0000000200), 0x1f}, 0x5, 0x0, 0x5, 0x1}, 0x5}, 0x4, 0x100) 820.677971ms ago: executing program 1 (id=853): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0x2, 0x2, 0x88) io_uring_setup$auto(0x6, 0x0) setsockopt$auto(0x3, 0x1, 0x2e, 0x0, 0x9) syz_clone3(&(0x7f00000004c0)={0x2000000, 0x0, 0x0, 0x0, {0x21}, 0x0, 0x0, 0x0, 0x0}, 0x58) readv$auto(0x3, &(0x7f0000000040)={0x0, 0x36a}, 0x3) bind$auto(0x3, &(0x7f0000000040)=@can, 0x6a) 735.545326ms ago: executing program 3 (id=846): r0 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/controlC1\x00', 0xc00, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_LIST(r0, 0xc0505510, &(0x7f00000001c0)={0xa, 0xffff4e31, 0x8, @inferred, &(0x7f0000000180)={@raw=0x10001, 0xc55, 0x1, 0x9, "c6748c4b2e608a932fc1397851147ff7061797e8272d3a5557b5f87c7e8f2aba3518525a24cfb7fccd710536", @inferred=0xffffffffffffffff}, "b7e1ffdbf3bee034affd69a9fd3ee63cb2ebdb0e9c80178f679ed7d5cb320be4084bcac9f967e9ad782296c9d369e3a70244"}) syz_genetlink_get_family_id$auto_nl802154(0x0, 0xffffffffffffffff) sendmsg$auto_NL802154_CMD_TRIGGER_SCAN(0xffffffffffffffff, 0x0, 0x4000041) setsockopt$auto(0xffffffffffffffff, 0x7fff, 0xfff, 0x0, 0x8) write$auto(0x3, 0x0, 0xfdef) sendmmsg$auto(0xffffffffffffffff, 0x0, 0x5, 0x1997b23d) r1 = timerfd_create$auto_CLOCK_BOOTTIME(0x7, 0x0) close_range$auto(0xffffffffffffffff, r1, 0x8000) ioctl$auto__ctl_fops_dm_ioctl(r1, 0x1ff, 0x0) syz_genetlink_get_family_id$auto_nfc(0x0, 0xffffffffffffffff) sendmsg$auto_NFC_CMD_STOP_POLL(r1, 0x0, 0x20000080) sendmsg$auto_NFC_CMD_DEP_LINK_UP(0xffffffffffffffff, 0x0, 0x4008000) io_uring_setup$auto(0xb, 0x0) r2 = socket(0x2, 0x802, 0x1) setsockopt$auto_SO_WIFI_STATUS(r2, 0x0, 0x30, &(0x7f00000005c0)='\xef', 0x1bb) 614.973081ms ago: executing program 0 (id=847): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x100) r0 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000200)='/proc/self/maps\x00', 0x40302, 0x0) ioctl$auto_PROCMAP_QUERY(r0, 0xc0686611, &(0x7f0000000080)={0x101, 0x34, 0x7fff, 0x5, 0x80000000009, 0x1, 0x800, 0x101, 0x5, 0x207f93, 0xfffffffe, 0x7ffffffd, 0x3, 0x7, 0x5}) clone$auto(0x2000020003b4a, 0x6, 0x0, 0x0, 0x103) 577.355055ms ago: executing program 2 (id=848): mmap$auto(0x0, 0xa020009, 0x8000000003, 0xeb1, 0xfffffffffffffffa, 0x8000) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000200)={{0x0, 0x0, 0x0, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x4008) r0 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x8842, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/block/ram9/diskseq\x00', 0x20000, 0x0) read$auto(r1, 0x0, 0x20) writev$auto(r0, &(0x7f0000000200)={0x0, 0x3}, 0x3) unshare$auto(0x20000080) 570.067423ms ago: executing program 3 (id=849): mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) ioctl$auto(0x3, 0x80108907, 0x38) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) 144.886165ms ago: executing program 2 (id=850): mmap$auto(0x0, 0x2020009, 0x8000000000000003, 0x40000000000eb1, 0xffffffffffffffff, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) eventfd$auto(0x4) r0 = openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000240)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x1000, 0x0) r1 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$auto_VHOST_SET_OWNER(r1, 0xaf01, 0x5) ioctl$auto(r1, 0x4008af20, r0) 0s ago: executing program 1 (id=851): write$auto(0x3, 0x0, 0x100082) openat$auto_ubi_ctrl_cdev_operations_ubi(0xffffffffffffff9c, 0x0, 0x40900, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/module/nfs/parameters/nfs_mountpoint_expiry_timeout\x00', 0x80040, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000480)='/sys/module/zswap/parameters/compressor\x00', 0x80002, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000440)='/sys/devices/platform/dummy_hcd.0/usb1/1-0:1.0/usb1-port1/quirks\x00', 0x103a42, 0x0) sendfile$auto(r1, r2, 0x0, 0x3) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000001080)=""/4143, 0x102f) kernel console output (not intermixed with test programs): T5826] Bluetooth: hci0: unexpected event for opcode 0x7c89 [ 143.528496][ T5826] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 143.528530][ T5826] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 143.543592][ T5826] Bluetooth: hci0: Unknown advertising packet type: 0x7f [ 143.543649][ T5826] Bluetooth: hci0: Malformed LE Event: 0x0d [ 143.785817][ T6985] FAULT_INJECTION: forcing a failure. [ 143.785817][ T6985] name failslab, interval 1, probability 0, space 0, times 0 [ 143.833792][ T6985] CPU: 1 UID: 0 PID: 6985 Comm: syz.0.322 Not tainted syzkaller #0 PREEMPT(full) [ 143.833814][ T6985] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 143.833823][ T6985] Call Trace: [ 143.833828][ T6985] [ 143.833834][ T6985] dump_stack_lvl+0x100/0x190 [ 143.833859][ T6985] should_fail_ex.cold+0x5/0xa [ 143.833876][ T6985] should_failslab+0xc2/0x120 [ 143.833894][ T6985] __kmalloc_cache_noprof+0x80/0x810 [ 143.833916][ T6985] ? mtdchar_open+0x1e5/0x340 [ 143.833933][ T6985] ? kobject_get_unless_zero+0x156/0x200 [ 143.833953][ T6985] ? mtdchar_open+0x1e5/0x340 [ 143.833971][ T6985] mtdchar_open+0x1e5/0x340 [ 143.833990][ T6985] ? __pfx_mtdchar_open+0x10/0x10 [ 143.834008][ T6985] chrdev_open+0x234/0x6a0 [ 143.834023][ T6985] ? __pfx_apparmor_file_open+0x10/0x10 [ 143.834045][ T6985] ? __pfx_chrdev_open+0x10/0x10 [ 143.834062][ T6985] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 143.834082][ T6985] do_dentry_open+0x6d8/0x1660 [ 143.834098][ T6985] ? __pfx_chrdev_open+0x10/0x10 [ 143.834118][ T6985] vfs_open+0x82/0x3f0 [ 143.834140][ T6985] path_openat+0x208c/0x31a0 [ 143.834162][ T6985] ? __pfx_path_openat+0x10/0x10 [ 143.834184][ T6985] do_file_open+0x20e/0x430 [ 143.834201][ T6985] ? __pfx_do_file_open+0x10/0x10 [ 143.834230][ T6985] ? alloc_fd+0x476/0x790 [ 143.834256][ T6985] ? do_getname+0x191/0x390 [ 143.834294][ T6985] do_sys_openat2+0x10d/0x1e0 [ 143.834330][ T6985] ? __pfx_do_sys_openat2+0x10/0x10 [ 143.834360][ T6985] ? __fget_files+0x21f/0x3d0 [ 143.834378][ T6985] __x64_sys_openat+0x12d/0x210 [ 143.834398][ T6985] ? __pfx___x64_sys_openat+0x10/0x10 [ 143.834417][ T6985] ? xfd_validate_state+0x129/0x190 [ 143.834441][ T6985] do_syscall_64+0x106/0xf80 [ 143.834455][ T6985] ? clear_bhb_loop+0x40/0x90 [ 143.834472][ T6985] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 143.834486][ T6985] RIP: 0033:0x7f809059bf79 [ 143.834499][ T6985] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 143.834512][ T6985] RSP: 002b:00007f808e7ee028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 143.834527][ T6985] RAX: ffffffffffffffda RBX: 00007f8090815fa0 RCX: 00007f809059bf79 [ 143.834537][ T6985] RDX: 0000000000028082 RSI: 0000200000000400 RDI: ffffffffffffff9c [ 143.834553][ T6985] RBP: 00007f80906327e0 R08: 0000000000000000 R09: 0000000000000000 [ 143.834562][ T6985] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 143.834571][ T6985] R13: 00007f8090816038 R14: 00007f8090815fa0 R15: 00007ffeeb852498 [ 143.834590][ T6985] [ 144.094312][ T5826] Bluetooth: hci1: unexpected event for opcode 0x7c89 [ 144.266439][ T5826] Bluetooth: hci1: unexpected event 0x3e length: 726 > 260 [ 144.266462][ T5826] Bluetooth: hci1: unexpected subevent 0x0d length: 725 > 260 [ 144.281251][ T5826] Bluetooth: hci1: Malformed LE Event: 0x0d [ 145.643558][ T6979] Bluetooth: hci1: Opcode 0x0c1a failed: -110 [ 145.829938][ T5826] Bluetooth: hci1: unexpected event for opcode 0x7c89 [ 145.938774][ T5826] Bluetooth: hci1: unexpected event 0x3e length: 726 > 260 [ 145.938811][ T5826] Bluetooth: hci1: unexpected subevent 0x0d length: 725 > 260 [ 145.954233][ T5826] Bluetooth: hci1: Malformed LE Event: 0x0d [ 146.332393][ T6979] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 146.342321][ T6979] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 146.349193][ T6979] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 146.969259][ T30] audit: type=1800 audit(4294967323.963:15): pid=7041 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.340" name="dbroot" dev="configfs" ino=13033 res=0 errno=0 [ 147.061497][ T5826] Bluetooth: hci2: unexpected event for opcode 0x7c89 [ 147.201207][ T5826] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 147.201241][ T5826] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 147.201250][ T5835] Bluetooth: hci1: unexpected event for opcode 0x7c89 [ 147.223023][ T5826] bt_err_ratelimited: 8 callbacks suppressed [ 147.223041][ T5826] Bluetooth: hci2: Unknown advertising packet type: 0x7f [ 147.229042][ T5826] Bluetooth: hci2: adv larger than maximum supported [ 147.236153][ T5826] Bluetooth: hci2: Unknown advertising packet type: 0x5f [ 147.242997][ T5826] Bluetooth: hci2: Malformed LE Event: 0x0d [ 147.379359][ T5826] Bluetooth: hci1: unexpected event 0x3e length: 726 > 260 [ 147.379395][ T5826] Bluetooth: hci1: unexpected subevent 0x0d length: 725 > 260 [ 147.396477][ T5826] Bluetooth: hci1: Unknown advertising packet type: 0x7f [ 147.396507][ T5826] Bluetooth: hci1: adv larger than maximum supported [ 147.403623][ T5826] Bluetooth: hci1: Unknown advertising packet type: 0x5f [ 147.410339][ T5826] Bluetooth: hci1: Malformed LE Event: 0x0d [ 147.573400][ T7053] FAULT_INJECTION: forcing a failure. [ 147.573400][ T7053] name failslab, interval 1, probability 0, space 0, times 0 [ 147.640406][ T7053] CPU: 1 UID: 0 PID: 7053 Comm: syz.3.343 Not tainted syzkaller #0 PREEMPT(full) [ 147.640447][ T7053] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 147.640464][ T7053] Call Trace: [ 147.640473][ T7053] [ 147.640483][ T7053] dump_stack_lvl+0x100/0x190 [ 147.640531][ T7053] should_fail_ex.cold+0x5/0xa [ 147.640564][ T7053] should_failslab+0xc2/0x120 [ 147.640599][ T7053] kmem_cache_alloc_noprof+0x83/0x780 [ 147.640633][ T7053] ? __kernfs_new_node+0xd2/0x960 [ 147.640675][ T7053] ? __kernfs_new_node+0xd2/0x960 [ 147.640708][ T7053] __kernfs_new_node+0xd2/0x960 [ 147.640748][ T7053] ? lockdep_unlock+0x5a/0xc0 [ 147.640786][ T7053] ? __pfx___kernfs_new_node+0x10/0x10 [ 147.640833][ T7053] ? find_held_lock+0x2b/0x80 [ 147.640868][ T7053] ? kernfs_root+0xee/0x2a0 [ 147.640902][ T7053] ? kernfs_root+0xee/0x2a0 [ 147.640947][ T7053] kernfs_new_node+0x11b/0x1a0 [ 147.641002][ T7053] __kernfs_create_file+0x53/0x350 [ 147.641036][ T7053] sysfs_add_file_mode_ns+0x207/0x3c0 [ 147.641079][ T7053] sysfs_merge_group+0x194/0x340 [ 147.641118][ T7053] ? __pfx_sysfs_merge_group+0x10/0x10 [ 147.641162][ T7053] ? __pfx_dev_add_physical_location+0x10/0x10 [ 147.641205][ T7053] ? bus_to_subsys+0x114/0x150 [ 147.641242][ T7053] dpm_sysfs_add+0x237/0x280 [ 147.641282][ T7053] device_add+0x9ef/0x1950 [ 147.641332][ T7053] ? __pfx_device_add+0x10/0x10 [ 147.641375][ T7053] ? lockdep_init_map_type+0x5c/0x250 [ 147.641406][ T7053] ? __init_waitqueue_head+0xca/0x150 [ 147.641452][ T7053] rfkill_register+0x1ad/0xb30 [ 147.641497][ T7053] nfc_register_device+0x11f/0x3e0 [ 147.641530][ T7053] nci_register_device+0x7f1/0xb80 [ 147.641573][ T7053] ? __pfx_nci_register_device+0x10/0x10 [ 147.641620][ T7053] ? lockdep_init_map_type+0x5c/0x250 [ 147.641657][ T7053] virtual_ncidev_open+0x141/0x220 [ 147.641687][ T7053] ? __pfx_virtual_ncidev_open+0x10/0x10 [ 147.641714][ T7053] misc_open+0x26d/0x450 [ 147.641755][ T7053] ? __pfx_misc_open+0x10/0x10 [ 147.641795][ T7053] chrdev_open+0x234/0x6a0 [ 147.641827][ T7053] ? __pfx_chrdev_open+0x10/0x10 [ 147.641860][ T7053] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 147.641900][ T7053] do_dentry_open+0x6d8/0x1660 [ 147.641929][ T7053] ? __pfx_chrdev_open+0x10/0x10 [ 147.641970][ T7053] vfs_open+0x82/0x3f0 [ 147.642013][ T7053] path_openat+0x208c/0x31a0 [ 147.642056][ T7053] ? __pfx_path_openat+0x10/0x10 [ 147.642110][ T7053] do_file_open+0x20e/0x430 [ 147.642146][ T7053] ? __pfx_do_file_open+0x10/0x10 [ 147.642207][ T7053] ? alloc_fd+0x476/0x790 [ 147.642242][ T7053] ? do_getname+0x191/0x390 [ 147.642282][ T7053] do_sys_openat2+0x10d/0x1e0 [ 147.642325][ T7053] ? __pfx_do_sys_openat2+0x10/0x10 [ 147.642363][ T7053] ? __fget_files+0x21f/0x3d0 [ 147.642396][ T7053] __x64_sys_openat+0x12d/0x210 [ 147.642433][ T7053] ? __pfx___x64_sys_openat+0x10/0x10 [ 147.642468][ T7053] ? xfd_validate_state+0x129/0x190 [ 147.642514][ T7053] do_syscall_64+0x106/0xf80 [ 147.642540][ T7053] ? clear_bhb_loop+0x40/0x90 [ 147.642575][ T7053] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 147.642602][ T7053] RIP: 0033:0x7fae69f9bf79 [ 147.642625][ T7053] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 147.642651][ T7053] RSP: 002b:00007fae6af2c028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 147.642678][ T7053] RAX: ffffffffffffffda RBX: 00007fae6a215fa0 RCX: 00007fae69f9bf79 [ 147.642697][ T7053] RDX: 0000000000000002 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 147.642715][ T7053] RBP: 00007fae6a0327e0 R08: 0000000000000000 R09: 0000000000000000 [ 147.642732][ T7053] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 147.642749][ T7053] R13: 00007fae6a216038 R14: 00007fae6a215fa0 R15: 00007ffc0e6b7b58 [ 147.642788][ T7053] [ 148.072352][ T5826] Bluetooth: hci0: command 0x0c1a tx timeout [ 148.364544][ T5826] Bluetooth: hci3: command 0x0c1a tx timeout [ 148.589768][ T7066] FAULT_INJECTION: forcing a failure. [ 148.589768][ T7066] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 148.603493][ T7066] CPU: 0 UID: 0 PID: 7066 Comm: syz.0.346 Not tainted syzkaller #0 PREEMPT(full) [ 148.603528][ T7066] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 148.603543][ T7066] Call Trace: [ 148.603551][ T7066] [ 148.603562][ T7066] dump_stack_lvl+0x100/0x190 [ 148.603606][ T7066] should_fail_ex.cold+0x5/0xa [ 148.603632][ T7066] ? prepare_alloc_pages+0x16d/0x5f0 [ 148.603671][ T7066] should_fail_alloc_page+0xeb/0x140 [ 148.603706][ T7066] prepare_alloc_pages+0x1f0/0x5f0 [ 148.603747][ T7066] __alloc_frozen_pages_noprof+0x193/0x2410 [ 148.603777][ T7066] ? stack_trace_save+0x8e/0xc0 [ 148.603813][ T7066] ? __pfx_stack_trace_save+0x10/0x10 [ 148.603854][ T7066] ? stack_depot_save_flags+0x27/0x9d0 [ 148.603884][ T7066] ? find_held_lock+0x2b/0x80 [ 148.603920][ T7066] ? put_cpu_partial+0xfc/0x310 [ 148.603962][ T7066] ? kasan_save_stack+0x3f/0x50 [ 148.603988][ T7066] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 148.604016][ T7066] ? copy_time_ns+0xf6/0x800 [ 148.604052][ T7066] ? unshare_nsproxy_namespaces+0xc3/0x1f0 [ 148.604091][ T7066] ? __x64_sys_unshare+0x31/0x40 [ 148.604118][ T7066] ? do_syscall_64+0x106/0xf80 [ 148.604143][ T7066] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 148.604188][ T7066] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 148.604234][ T7066] ? policy_nodemask+0xed/0x4f0 [ 148.604270][ T7066] alloc_pages_mpol+0x1fb/0x550 [ 148.604305][ T7066] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 148.604349][ T7066] alloc_pages_noprof+0x131/0x390 [ 148.604385][ T7066] copy_time_ns+0x11a/0x800 [ 148.604420][ T7066] ? copy_cgroup_ns+0x71/0x970 [ 148.604464][ T7066] create_new_namespaces+0x48a/0xac0 [ 148.604511][ T7066] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 148.604553][ T7066] ksys_unshare+0x455/0xab0 [ 148.604583][ T7066] ? __pfx_ksys_unshare+0x10/0x10 [ 148.604612][ T7066] ? xfd_validate_state+0x129/0x190 [ 148.604658][ T7066] __x64_sys_unshare+0x31/0x40 [ 148.604687][ T7066] do_syscall_64+0x106/0xf80 [ 148.604712][ T7066] ? clear_bhb_loop+0x40/0x90 [ 148.604745][ T7066] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 148.604773][ T7066] RIP: 0033:0x7f809059bf79 [ 148.604795][ T7066] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 148.604821][ T7066] RSP: 002b:00007f808e7ee028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 148.604847][ T7066] RAX: ffffffffffffffda RBX: 00007f8090815fa0 RCX: 00007f809059bf79 [ 148.604866][ T7066] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000080 [ 148.604882][ T7066] RBP: 00007f80906327e0 R08: 0000000000000000 R09: 0000000000000000 [ 148.604898][ T7066] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 148.604914][ T7066] R13: 00007f8090816038 R14: 00007f8090815fa0 R15: 00007ffeeb852498 [ 148.604949][ T7066] [ 149.177421][ T7082] netlink: 8 bytes leftover after parsing attributes in process `syz.1.352'. [ 149.240260][ T7072] zswap: compressor 000 not available [ 149.266884][ T7085] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 149.302464][ T7088] i2c i2c-0: new_device: Extra parameters [ 149.471250][ T7095] netlink: 4 bytes leftover after parsing attributes in process `syz.3.357'. [ 149.625026][ T5826] Bluetooth: hci2: unexpected event for opcode 0x7c89 [ 149.756129][ T5826] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 149.756165][ T5826] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 149.772656][ T5826] Bluetooth: hci2: Unknown advertising packet type: 0x7f [ 149.772686][ T5826] Bluetooth: hci2: adv larger than maximum supported [ 149.779748][ T5826] Bluetooth: hci2: Unknown advertising packet type: 0x5f [ 149.786526][ T5826] Bluetooth: hci2: Malformed LE Event: 0x0d [ 150.159285][ T7124] netlink: 334 bytes leftover after parsing attributes in process `syz.0.366'. [ 150.333825][ T5826] Bluetooth: hci3: unexpected event for opcode 0x7c89 [ 150.459308][ T5826] Bluetooth: hci3: unexpected event 0x3e length: 726 > 260 [ 150.459343][ T5826] Bluetooth: hci3: unexpected subevent 0x0d length: 725 > 260 [ 150.474433][ T5826] Bluetooth: hci3: Unknown advertising packet type: 0x7f [ 150.474490][ T5826] Bluetooth: hci3: Malformed LE Event: 0x0d [ 150.623814][ T5826] Bluetooth: hci0: unexpected event for opcode 0x7c89 [ 150.740419][ T5826] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 150.740453][ T5826] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 150.751059][ T5835] Bluetooth: hci1: unexpected event for opcode 0x7c89 [ 150.755251][ T5826] Bluetooth: hci0: Malformed LE Event: 0x0d [ 150.792918][ T30] audit: type=1800 audit(4294967327.795:16): pid=7140 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.372" name="dbroot" dev="configfs" ino=13883 res=0 errno=0 [ 150.919706][ T5826] Bluetooth: hci1: unexpected event 0x3e length: 726 > 260 [ 150.919729][ T5826] Bluetooth: hci1: unexpected subevent 0x0d length: 725 > 260 [ 150.936011][ T5826] Bluetooth: hci1: Malformed LE Event: 0x0d [ 151.423509][ T7161] FAULT_INJECTION: forcing a failure. [ 151.423509][ T7161] name failslab, interval 1, probability 0, space 0, times 0 [ 151.504630][ T30] audit: type=1800 audit(4294967328.505:17): pid=7164 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.378" name="dbroot" dev="configfs" ino=13280 res=0 errno=0 [ 151.524817][ T7161] CPU: 0 UID: 0 PID: 7161 Comm: syz.0.379 Not tainted syzkaller #0 PREEMPT(full) [ 151.524851][ T7161] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 151.524867][ T7161] Call Trace: [ 151.524876][ T7161] [ 151.524885][ T7161] dump_stack_lvl+0x100/0x190 [ 151.524930][ T7161] should_fail_ex.cold+0x5/0xa [ 151.524962][ T7161] should_failslab+0xc2/0x120 [ 151.524996][ T7161] kmem_cache_alloc_noprof+0x83/0x780 [ 151.525034][ T7161] ? d_instantiate+0x90/0xb0 [ 151.525066][ T7161] ? alloc_empty_file_noaccount+0x23/0xd0 [ 151.525110][ T7161] ? alloc_empty_file_noaccount+0x23/0xd0 [ 151.525146][ T7161] ? d_instantiate+0x95/0xb0 [ 151.525177][ T7161] alloc_empty_file_noaccount+0x23/0xd0 [ 151.525217][ T7161] alloc_file_pseudo_noaccount+0x13a/0x230 [ 151.525259][ T7161] ? __pfx_alloc_file_pseudo_noaccount+0x10/0x10 [ 151.525302][ T7161] ? iput+0x3a/0x40 [ 151.525341][ T7161] bdev_file_open_by_dev+0x13a/0x210 [ 151.525379][ T7161] blkdev_bszset+0x170/0x240 [ 151.525415][ T7161] ? __pfx_blkdev_bszset+0x10/0x10 [ 151.525450][ T7161] ? find_held_lock+0x2b/0x80 [ 151.525486][ T7161] ? __fget_files+0x215/0x3d0 [ 151.525511][ T7161] ? hook_file_ioctl_common+0x146/0x410 [ 151.525545][ T7161] blkdev_ioctl+0x513/0x6f0 [ 151.525580][ T7161] ? __pfx_blkdev_ioctl+0x10/0x10 [ 151.525620][ T7161] ? __pfx_blkdev_ioctl+0x10/0x10 [ 151.525658][ T7161] __x64_sys_ioctl+0x18e/0x210 [ 151.525703][ T7161] do_syscall_64+0x106/0xf80 [ 151.525729][ T7161] ? clear_bhb_loop+0x40/0x90 [ 151.525763][ T7161] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 151.525789][ T7161] RIP: 0033:0x7f809059bf79 [ 151.525811][ T7161] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 151.525841][ T7161] RSP: 002b:00007f808e7ee028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 151.525867][ T7161] RAX: ffffffffffffffda RBX: 00007f8090815fa0 RCX: 00007f809059bf79 [ 151.525886][ T7161] RDX: 00002000000000c0 RSI: 0000000040081271 RDI: 0000000000000005 [ 151.525903][ T7161] RBP: 00007f80906327e0 R08: 0000000000000000 R09: 0000000000000000 [ 151.525920][ T7161] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 151.525937][ T7161] R13: 00007f8090816038 R14: 00007f8090815fa0 R15: 00007ffeeb852498 [ 151.525974][ T7161] [ 151.814810][ T5826] Bluetooth: hci3: unexpected event for opcode 0x7c89 [ 151.995499][ T5826] Bluetooth: hci3: unexpected event 0x3e length: 726 > 260 [ 151.995524][ T5826] Bluetooth: hci3: unexpected subevent 0x0d length: 725 > 260 [ 152.010407][ T5826] Bluetooth: hci3: Malformed LE Event: 0x0d [ 152.334546][ T7178] FAULT_INJECTION: forcing a failure. [ 152.334546][ T7178] name failslab, interval 1, probability 0, space 0, times 0 [ 152.334614][ T7178] CPU: 1 UID: 0 PID: 7178 Comm: syz.0.384 Not tainted syzkaller #0 PREEMPT(full) [ 152.334648][ T7178] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 152.334664][ T7178] Call Trace: [ 152.334672][ T7178] [ 152.334682][ T7178] dump_stack_lvl+0x100/0x190 [ 152.334724][ T7178] should_fail_ex.cold+0x5/0xa [ 152.334756][ T7178] should_failslab+0xc2/0x120 [ 152.334789][ T7178] ? kvm_io_bus_register_dev+0x1d2/0x710 [ 152.334818][ T7178] __kmalloc_noprof+0xf6/0x9c0 [ 152.334869][ T7178] ? kvm_io_bus_register_dev+0x1d2/0x710 [ 152.334898][ T7178] kvm_io_bus_register_dev+0x1d2/0x710 [ 152.334940][ T7178] kvm_pic_init+0x22f/0x380 [ 152.334989][ T7178] kvm_arch_vm_ioctl+0xec4/0x18d0 [ 152.335024][ T7178] ? __lock_acquire+0x4a5/0x2630 [ 152.335052][ T7178] ? __pfx_kvm_arch_vm_ioctl+0x10/0x10 [ 152.335089][ T7178] ? __lock_acquire+0x4a5/0x2630 [ 152.335124][ T7178] ? __lock_acquire+0x4a5/0x2630 [ 152.335157][ T7178] ? __lock_acquire+0x4a5/0x2630 [ 152.335193][ T7178] ? __lock_acquire+0x4a5/0x2630 [ 152.335249][ T7178] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 152.335290][ T7178] ? is_bpf_text_address+0x94/0x1a0 [ 152.335323][ T7178] ? kernel_text_address+0x8d/0x100 [ 152.335352][ T7178] ? widen_string+0xdb/0x2f0 [ 152.335384][ T7178] ? __kernel_text_address+0xd/0x30 [ 152.335418][ T7178] ? unwind_get_return_address+0x59/0xa0 [ 152.335462][ T7178] ? arch_stack_walk+0xa6/0xf0 [ 152.335515][ T7178] ? stack_trace_save+0x8e/0xc0 [ 152.335553][ T7178] ? __pfx_stack_trace_save+0x10/0x10 [ 152.335592][ T7178] ? stack_depot_save_flags+0x27/0x9d0 [ 152.335622][ T7178] ? __lock_acquire+0x4a5/0x2630 [ 152.335653][ T7178] ? kasan_save_stack+0x3f/0x50 [ 152.335680][ T7178] ? kasan_save_stack+0x30/0x50 [ 152.335708][ T7178] ? kasan_save_track+0x14/0x30 [ 152.335733][ T7178] ? kasan_save_free_info+0x3b/0x70 [ 152.335770][ T7178] ? __kasan_slab_free+0x5f/0x80 [ 152.335798][ T7178] ? kfree+0x1c7/0x690 [ 152.335832][ T7178] ? tomoyo_path_number_perm+0x46d/0x580 [ 152.335860][ T7178] ? security_file_ioctl+0xd3/0x230 [ 152.335886][ T7178] ? __x64_sys_ioctl+0xb7/0x210 [ 152.335924][ T7178] ? do_syscall_64+0x106/0xf80 [ 152.335954][ T7178] kvm_vm_ioctl+0x1564/0x4020 [ 152.336004][ T7178] ? __pfx_kvm_vm_ioctl+0x10/0x10 [ 152.336054][ T7178] ? kasan_quarantine_put+0x104/0x240 [ 152.336083][ T7178] ? lockdep_hardirqs_on+0x78/0x100 [ 152.336114][ T7178] ? kfree+0x1c7/0x690 [ 152.336150][ T7178] ? find_held_lock+0x2b/0x80 [ 152.336185][ T7178] ? tomoyo_path_number_perm+0x28f/0x580 [ 152.336213][ T7178] ? tomoyo_path_number_perm+0x28f/0x580 [ 152.336249][ T7178] ? tomoyo_path_number_perm+0x188/0x580 [ 152.336279][ T7178] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 152.336305][ T7178] ? futex_wake+0x1ad/0x530 [ 152.336348][ T7178] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 152.336386][ T7178] ? do_vfs_ioctl+0x226/0x13e0 [ 152.336427][ T7178] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 152.336480][ T7178] ? find_held_lock+0x2b/0x80 [ 152.336515][ T7178] ? __fget_files+0x215/0x3d0 [ 152.336540][ T7178] ? hook_file_ioctl_common+0x146/0x410 [ 152.336578][ T7178] ? __fget_files+0x21f/0x3d0 [ 152.336610][ T7178] ? __pfx_kvm_vm_ioctl+0x10/0x10 [ 152.336639][ T7178] __x64_sys_ioctl+0x18e/0x210 [ 152.336681][ T7178] do_syscall_64+0x106/0xf80 [ 152.336706][ T7178] ? clear_bhb_loop+0x40/0x90 [ 152.336738][ T7178] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 152.336764][ T7178] RIP: 0033:0x7f809059bf79 [ 152.336786][ T7178] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 152.336814][ T7178] RSP: 002b:00007f808e7ee028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 152.336841][ T7178] RAX: ffffffffffffffda RBX: 00007f8090815fa0 RCX: 00007f809059bf79 [ 152.336860][ T7178] RDX: 0010000000000402 RSI: 000000000000ae60 RDI: 0000000000000003 [ 152.336877][ T7178] RBP: 00007f80906327e0 R08: 0000000000000000 R09: 0000000000000000 [ 152.336894][ T7178] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 152.336910][ T7178] R13: 00007f8090816038 R14: 00007f8090815fa0 R15: 00007ffeeb852498 [ 152.336948][ T7178] [ 152.402217][ T5826] Bluetooth: hci2: unexpected event for opcode 0x7c89 [ 152.528832][ T5826] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 152.658099][ T7185] zswap: compressor not available [ 152.660081][ T5826] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 152.660112][ T5826] bt_err_ratelimited: 11 callbacks suppressed [ 152.660126][ T5826] Bluetooth: hci2: Unknown advertising packet type: 0x7f [ 152.660155][ T5826] Bluetooth: hci2: adv larger than maximum supported [ 152.660177][ T5826] Bluetooth: hci2: Unknown advertising packet type: 0x5f [ 152.927795][ T5826] Bluetooth: hci2: Malformed LE Event: 0x0d [ 153.133298][ T7197] netlink: 4 bytes leftover after parsing attributes in process `syz.2.391'. [ 153.151454][ T5826] Bluetooth: hci2: unexpected event for opcode 0x7c89 [ 153.163378][ T7197] netlink: 354 bytes leftover after parsing attributes in process `syz.2.391'. [ 153.173968][ T5826] Bluetooth: hci0: unexpected event for opcode 0x7c89 [ 153.309234][ T5826] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 153.309268][ T5826] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 153.324532][ T5826] Bluetooth: hci0: Unknown advertising packet type: 0x7f [ 153.324561][ T5826] Bluetooth: hci0: adv larger than maximum supported [ 153.328040][ T5835] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 153.332057][ T5826] Bluetooth: hci0: Unknown advertising packet type: 0x5f [ 153.338886][ T5835] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 153.345643][ T5826] Bluetooth: hci0: Malformed LE Event: 0x0d [ 153.352871][ T5835] Bluetooth: hci2: Unknown advertising packet type: 0x7f [ 153.366059][ T5835] Bluetooth: hci2: adv larger than maximum supported [ 153.374603][ T5835] Bluetooth: hci2: Unknown advertising packet type: 0x5f [ 153.386930][ T5835] Bluetooth: hci2: Malformed LE Event: 0x0d [ 153.608155][ T30] audit: type=1800 audit(4294967330.596:18): pid=7212 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.395" name="dbroot" dev="configfs" ino=14459 res=0 errno=0 [ 153.952743][ T7219] bridge0: port 3(hsr0) entered blocking state [ 153.983917][ T7219] bridge0: port 3(hsr0) entered disabled state [ 153.998239][ T7219] hsr0: entered allmulticast mode [ 154.008926][ T7219] hsr_slave_0: entered allmulticast mode [ 154.023357][ T7219] hsr_slave_1: entered allmulticast mode [ 154.046163][ T7219] hsr0: entered promiscuous mode [ 154.064674][ T7219] bridge0: port 3(hsr0) entered blocking state [ 154.071122][ T7219] bridge0: port 3(hsr0) entered forwarding state [ 154.613077][ T5835] Bluetooth: hci3: unexpected event for opcode 0x7c89 [ 154.648001][ T7236] netlink: 290 bytes leftover after parsing attributes in process `syz.0.403'. [ 154.706821][ T5835] Bluetooth: hci3: unexpected event 0x3e length: 726 > 260 [ 154.706864][ T5835] Bluetooth: hci3: unexpected subevent 0x0d length: 725 > 260 [ 154.721672][ T5835] Bluetooth: hci3: Unknown advertising packet type: 0x7f [ 154.721730][ T5835] Bluetooth: hci3: Malformed LE Event: 0x0d [ 154.928523][ T5835] Bluetooth: hci3: unexpected event for opcode 0x7c89 [ 155.052524][ T5835] Bluetooth: hci3: unexpected event 0x3e length: 726 > 260 [ 155.052559][ T5835] Bluetooth: hci3: unexpected subevent 0x0d length: 725 > 260 [ 155.072374][ T5835] Bluetooth: hci3: Malformed LE Event: 0x0d [ 155.374789][ T30] audit: type=1800 audit(4294967332.367:19): pid=7256 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.409" name="dbroot" dev="configfs" ino=14534 res=0 errno=0 [ 155.500697][ T7260] FAULT_INJECTION: forcing a failure. [ 155.500697][ T7260] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 155.525127][ T7260] CPU: 1 UID: 0 PID: 7260 Comm: syz.3.411 Not tainted syzkaller #0 PREEMPT(full) [ 155.525164][ T7260] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 155.525176][ T7260] Call Trace: [ 155.525181][ T7260] [ 155.525188][ T7260] dump_stack_lvl+0x100/0x190 [ 155.525213][ T7260] should_fail_ex.cold+0x5/0xa [ 155.525231][ T7260] _copy_from_user+0x2e/0xd0 [ 155.525248][ T7260] copy_mount_options+0x76/0x190 [ 155.525270][ T7260] __x64_sys_mount+0x1ab/0x310 [ 155.525290][ T7260] ? __pfx___x64_sys_mount+0x10/0x10 [ 155.525314][ T7260] do_syscall_64+0x106/0xf80 [ 155.525327][ T7260] ? clear_bhb_loop+0x40/0x90 [ 155.525345][ T7260] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 155.525360][ T7260] RIP: 0033:0x7fae69f9bf79 [ 155.525373][ T7260] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 155.525386][ T7260] RSP: 002b:00007fae6af2c028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 155.525400][ T7260] RAX: ffffffffffffffda RBX: 00007fae6a215fa0 RCX: 00007fae69f9bf79 [ 155.525410][ T7260] RDX: 0000200000000240 RSI: 0000000000000000 RDI: 0000200000000180 [ 155.525418][ T7260] RBP: 00007fae6a0327e0 R08: 0000200000000280 R09: 0000000000000000 [ 155.525427][ T7260] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000000000 [ 155.525436][ T7260] R13: 00007fae6a216038 R14: 00007fae6a215fa0 R15: 00007ffc0e6b7b58 [ 155.525454][ T7260] [ 155.826028][ T5835] Bluetooth: hci0: unexpected event for opcode 0x7c89 [ 155.979081][ T5835] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 155.979105][ T5835] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 155.995925][ T5835] Bluetooth: hci0: Malformed LE Event: 0x0d [ 156.239433][ T5835] Bluetooth: hci3: unexpected event for opcode 0x7c89 [ 156.355822][ T30] audit: type=1800 audit(4294967333.348:20): pid=7281 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.417" name="dbroot" dev="configfs" ino=15476 res=0 errno=0 [ 156.428110][ T5835] Bluetooth: hci3: unexpected event 0x3e length: 726 > 260 [ 156.428133][ T5835] Bluetooth: hci3: unexpected subevent 0x0d length: 725 > 260 [ 156.443817][ T5835] Bluetooth: hci3: Malformed LE Event: 0x0d [ 156.766110][ T7289] FAULT_INJECTION: forcing a failure. [ 156.766110][ T7289] name failslab, interval 1, probability 0, space 0, times 0 [ 156.847233][ T7289] CPU: 0 UID: 0 PID: 7289 Comm: syz.2.420 Not tainted syzkaller #0 PREEMPT(full) [ 156.847254][ T7289] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 156.847263][ T7289] Call Trace: [ 156.847269][ T7289] [ 156.847275][ T7289] dump_stack_lvl+0x100/0x190 [ 156.847301][ T7289] should_fail_ex.cold+0x5/0xa [ 156.847318][ T7289] should_failslab+0xc2/0x120 [ 156.847337][ T7289] __kmalloc_cache_noprof+0x80/0x810 [ 156.847359][ T7289] ? snd_seq_prioq_new+0x3f/0x110 [ 156.847380][ T7289] ? snd_seq_prioq_new+0x3f/0x110 [ 156.847397][ T7289] snd_seq_prioq_new+0x3f/0x110 [ 156.847420][ T7289] snd_seq_queue_alloc+0x153/0x590 [ 156.847439][ T7289] snd_seq_ioctl_create_queue+0xa9/0x370 [ 156.847461][ T7289] call_seq_client_ctl+0xa3/0x130 [ 156.847484][ T7289] snd_seq_kernel_client_ctl+0x77/0xd0 [ 156.847506][ T7289] alloc_seq_queue+0xdb/0x180 [ 156.847527][ T7289] ? __pfx_alloc_seq_queue+0x10/0x10 [ 156.847558][ T7289] ? mark_held_locks+0x40/0x70 [ 156.847573][ T7289] ? _raw_spin_unlock_irq+0x23/0x50 [ 156.847594][ T7289] ? lockdep_hardirqs_on+0x78/0x100 [ 156.847610][ T7289] snd_seq_oss_open+0x2b2/0xa10 [ 156.847635][ T7289] odev_open+0x79/0xc0 [ 156.847654][ T7289] ? __pfx_odev_open+0x10/0x10 [ 156.847676][ T7289] soundcore_open+0x2e3/0x5a0 [ 156.847699][ T7289] ? __pfx_soundcore_open+0x10/0x10 [ 156.847719][ T7289] chrdev_open+0x234/0x6a0 [ 156.847749][ T7289] ? __pfx_apparmor_file_open+0x10/0x10 [ 156.847789][ T7289] ? __pfx_chrdev_open+0x10/0x10 [ 156.847807][ T7289] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 156.847827][ T7289] do_dentry_open+0x6d8/0x1660 [ 156.847842][ T7289] ? __pfx_chrdev_open+0x10/0x10 [ 156.847862][ T7289] vfs_open+0x82/0x3f0 [ 156.847883][ T7289] path_openat+0x208c/0x31a0 [ 156.847906][ T7289] ? __pfx_path_openat+0x10/0x10 [ 156.847928][ T7289] do_file_open+0x20e/0x430 [ 156.847945][ T7289] ? __pfx_do_file_open+0x10/0x10 [ 156.847974][ T7289] ? alloc_fd+0x476/0x790 [ 156.847991][ T7289] ? do_getname+0x191/0x390 [ 156.848011][ T7289] do_sys_openat2+0x10d/0x1e0 [ 156.848030][ T7289] ? __pfx_do_sys_openat2+0x10/0x10 [ 156.848051][ T7289] ? __fget_files+0x21f/0x3d0 [ 156.848069][ T7289] __x64_sys_openat+0x12d/0x210 [ 156.848089][ T7289] ? __pfx___x64_sys_openat+0x10/0x10 [ 156.848108][ T7289] ? xfd_validate_state+0x129/0x190 [ 156.848132][ T7289] do_syscall_64+0x106/0xf80 [ 156.848146][ T7289] ? clear_bhb_loop+0x40/0x90 [ 156.848163][ T7289] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 156.848178][ T7289] RIP: 0033:0x7fd439d9bf79 [ 156.848191][ T7289] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 156.848205][ T7289] RSP: 002b:00007fd43ab79028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 156.848219][ T7289] RAX: ffffffffffffffda RBX: 00007fd43a015fa0 RCX: 00007fd439d9bf79 [ 156.848228][ T7289] RDX: 0000000000000002 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 156.848237][ T7289] RBP: 00007fd439e327e0 R08: 0000000000000000 R09: 0000000000000000 [ 156.848246][ T7289] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 156.848254][ T7289] R13: 00007fd43a016038 R14: 00007fd43a015fa0 R15: 00007ffd9b46a648 [ 156.848275][ T7289] [ 157.806511][ T30] audit: type=1800 audit(4294967334.798:21): pid=7304 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.425" name="dbroot" dev="configfs" ino=14597 res=0 errno=0 [ 157.865132][ T5835] Bluetooth: hci2: unexpected event for opcode 0x7c89 [ 158.059063][ T5835] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 158.059098][ T5835] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 158.073860][ T5835] bt_err_ratelimited: 11 callbacks suppressed [ 158.073879][ T5835] Bluetooth: hci2: Unknown advertising packet type: 0x7f [ 158.080431][ T5835] Bluetooth: hci2: adv larger than maximum supported [ 158.087549][ T5835] Bluetooth: hci2: Unknown advertising packet type: 0x5f [ 158.094265][ T5835] Bluetooth: hci2: Malformed LE Event: 0x0d [ 158.326426][ T7312] FAULT_INJECTION: forcing a failure. [ 158.326426][ T7312] name failslab, interval 1, probability 0, space 0, times 0 [ 158.397078][ T7312] CPU: 1 UID: 0 PID: 7312 Comm: syz.1.428 Not tainted syzkaller #0 PREEMPT(full) [ 158.397101][ T7312] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 158.397110][ T7312] Call Trace: [ 158.397116][ T7312] [ 158.397122][ T7312] dump_stack_lvl+0x100/0x190 [ 158.397147][ T7312] should_fail_ex.cold+0x5/0xa [ 158.397164][ T7312] should_failslab+0xc2/0x120 [ 158.397181][ T7312] __kmalloc_node_track_caller_noprof+0xf9/0x9d0 [ 158.397200][ T7312] ? v9fs_init_fs_context+0xf1/0x590 [ 158.397219][ T7312] ? kstrdup+0x51/0xe0 [ 158.397232][ T7312] kstrdup+0x51/0xe0 [ 158.397248][ T7312] v9fs_init_fs_context+0xf1/0x590 [ 158.397265][ T7312] alloc_fs_context+0x60c/0xf40 [ 158.397286][ T7312] __x64_sys_fsopen+0xed/0x220 [ 158.397314][ T7312] do_syscall_64+0x106/0xf80 [ 158.397329][ T7312] ? clear_bhb_loop+0x40/0x90 [ 158.397347][ T7312] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 158.397361][ T7312] RIP: 0033:0x7fb396f9bf79 [ 158.397379][ T7312] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 158.397393][ T7312] RSP: 002b:00007fb397e62028 EFLAGS: 00000246 ORIG_RAX: 00000000000001ae [ 158.397408][ T7312] RAX: ffffffffffffffda RBX: 00007fb397215fa0 RCX: 00007fb396f9bf79 [ 158.397417][ T7312] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 158.397426][ T7312] RBP: 00007fb3970327e0 R08: 0000000000000000 R09: 0000000000000000 [ 158.397435][ T7312] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 158.397443][ T7312] R13: 00007fb397216038 R14: 00007fb397215fa0 R15: 00007ffe11dd8788 [ 158.397462][ T7312] [ 158.852709][ T30] audit: type=1800 audit(4294967335.839:22): pid=7326 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.435" name="features" dev="configfs" ino=14630 res=0 errno=0 [ 159.049248][ T5835] Bluetooth: hci2: unexpected event for opcode 0x7c89 [ 159.196944][ T5835] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 159.196981][ T5835] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 159.211885][ T5835] Bluetooth: hci2: Unknown advertising packet type: 0x7f [ 159.211915][ T5835] Bluetooth: hci2: adv larger than maximum supported [ 159.221564][ T5835] Bluetooth: hci2: Unknown advertising packet type: 0x5f [ 159.228730][ T5835] Bluetooth: hci2: Malformed LE Event: 0x0d [ 159.734647][ T30] audit: type=1800 audit(4294967336.729:23): pid=7343 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.438" name="dbroot" dev="configfs" ino=15652 res=0 errno=0 [ 160.649155][ T7357] sd 0:0:1:0: device reset [ 160.924898][ T5835] Bluetooth: hci0: unexpected event for opcode 0x7c89 [ 161.106131][ T5835] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 161.106162][ T5835] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 161.120956][ T5835] Bluetooth: hci0: Unknown advertising packet type: 0x7f [ 161.120978][ T5835] Bluetooth: hci0: adv larger than maximum supported [ 161.128061][ T5835] Bluetooth: hci0: Unknown advertising packet type: 0x5f [ 161.134777][ T5835] Bluetooth: hci0: Malformed LE Event: 0x0d [ 161.415845][ T5835] Bluetooth: hci0: unexpected event for opcode 0x7c89 [ 161.479787][ T5835] Bluetooth: hci1: unexpected event for opcode 0x7c89 [ 161.679508][ T5835] Bluetooth: hci1: unexpected event 0x3e length: 726 > 260 [ 161.679545][ T5835] Bluetooth: hci1: unexpected subevent 0x0d length: 725 > 260 [ 161.695184][ T5835] Bluetooth: hci1: Unknown advertising packet type: 0x7f [ 161.695243][ T5835] Bluetooth: hci1: Malformed LE Event: 0x0d [ 161.855746][ T7383] smpboot: CPU 1 is now offline [ 162.013391][ T7385] smpboot: Booting Node 0 Processor 1 APIC 0x1 [ 162.436460][ T5835] Bluetooth: hci1: unexpected event for opcode 0x7c89 [ 162.575202][ T5835] Bluetooth: hci1: unexpected event 0x3e length: 726 > 260 [ 162.575288][ T5835] Bluetooth: hci1: unexpected subevent 0x0d length: 725 > 260 [ 162.590204][ T5835] Bluetooth: hci1: Malformed LE Event: 0x0d [ 162.736055][ T5835] Bluetooth: hci0: unexpected event for opcode 0x7c89 [ 162.847612][ T7415] zswap: compressor not available [ 162.877595][ T5835] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 162.877630][ T5835] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 162.892532][ T5835] Bluetooth: hci0: Malformed LE Event: 0x0d [ 163.259774][ T7439] syz.2.467 uses obsolete (PF_INET,SOCK_PACKET) [ 163.617419][ T7453] [U] [ 163.728825][ T5835] Bluetooth: hci0: unexpected event for opcode 0x7c89 [ 163.810497][ T5835] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 163.810533][ T5835] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 163.826666][ T5835] bt_err_ratelimited: 8 callbacks suppressed [ 163.826686][ T5835] Bluetooth: hci0: Unknown advertising packet type: 0x7f [ 163.832686][ T5835] Bluetooth: hci0: adv larger than maximum supported [ 163.839865][ T5835] Bluetooth: hci0: Unknown advertising packet type: 0x5f [ 163.847416][ T5835] Bluetooth: hci0: Malformed LE Event: 0x0d [ 164.078753][ T5835] Bluetooth: hci0: unexpected event for opcode 0x7c89 [ 164.253683][ T5835] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 164.253719][ T5835] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 164.268611][ T5835] Bluetooth: hci0: Unknown advertising packet type: 0x7f [ 164.268645][ T5835] Bluetooth: hci0: adv larger than maximum supported [ 164.277104][ T5835] Bluetooth: hci0: Unknown advertising packet type: 0x5f [ 164.283897][ T5835] Bluetooth: hci0: Malformed LE Event: 0x0d [ 164.628582][ T7477] FAULT_INJECTION: forcing a failure. [ 164.628582][ T7477] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 164.661992][ T7477] CPU: 1 UID: 0 PID: 7477 Comm: syz.3.481 Not tainted syzkaller #0 PREEMPT(full) [ 164.662031][ T7477] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 164.662047][ T7477] Call Trace: [ 164.662056][ T7477] [ 164.662065][ T7477] dump_stack_lvl+0x100/0x190 [ 164.662108][ T7477] should_fail_ex.cold+0x5/0xa [ 164.662137][ T7477] strncpy_from_user+0x3b/0x2d0 [ 164.662166][ T7477] do_getname+0x78/0x390 [ 164.662201][ T7477] do_sys_openat2+0xc5/0x1e0 [ 164.662237][ T7477] ? __pfx_do_sys_openat2+0x10/0x10 [ 164.662283][ T7477] __x64_sys_openat+0x12d/0x210 [ 164.662319][ T7477] ? __pfx___x64_sys_openat+0x10/0x10 [ 164.662352][ T7477] ? xfd_validate_state+0x129/0x190 [ 164.662392][ T7477] do_syscall_64+0x106/0xf80 [ 164.662415][ T7477] ? clear_bhb_loop+0x40/0x90 [ 164.662444][ T7477] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 164.662468][ T7477] RIP: 0033:0x7fae69f5c84e [ 164.662488][ T7477] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 164.662511][ T7477] RSP: 002b:00007fae6af2bec8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 164.662535][ T7477] RAX: ffffffffffffffda RBX: 00007fae6af2c6c0 RCX: 00007fae69f5c84e [ 164.662551][ T7477] RDX: 0000000000000002 RSI: 00007fae6af2bf90 RDI: ffffffffffffff9c [ 164.662567][ T7477] RBP: 00007fae6a0327e0 R08: 0000000000000000 R09: 0000000000000000 [ 164.662581][ T7477] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 164.662595][ T7477] R13: 00007fae6a216038 R14: 00007fae6a215fa0 R15: 00007ffc0e6b7b58 [ 164.662627][ T7477] [ 165.019298][ T30] audit: type=1800 audit(4294967341.892:24): pid=7481 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.480" name="dbroot" dev="configfs" ino=15947 res=0 errno=0 [ 165.211277][ T5835] Bluetooth: hci1: unexpected event for opcode 0x7c89 [ 165.386951][ T5835] Bluetooth: hci1: unexpected event 0x3e length: 726 > 260 [ 165.386992][ T5835] Bluetooth: hci1: unexpected subevent 0x0d length: 725 > 260 [ 165.401860][ T5835] Bluetooth: hci1: Unknown advertising packet type: 0x7f [ 165.401888][ T5835] Bluetooth: hci1: adv larger than maximum supported [ 165.409030][ T5835] Bluetooth: hci1: Unknown advertising packet type: 0x5f [ 165.415912][ T5835] Bluetooth: hci1: Malformed LE Event: 0x0d [ 165.448118][ T7493] sp0: Synchronizing with TNC [ 165.691444][ T5835] Bluetooth: hci3: unexpected event for opcode 0x7c89 [ 165.709206][ T5835] Bluetooth: hci0: unexpected event for opcode 0x7c89 [ 165.823135][ T5835] Bluetooth: hci3: unexpected event 0x3e length: 726 > 260 [ 165.823171][ T5835] Bluetooth: hci3: unexpected subevent 0x0d length: 725 > 260 [ 165.837957][ T5835] Bluetooth: hci3: Unknown advertising packet type: 0x7f [ 165.838013][ T5835] Bluetooth: hci3: Malformed LE Event: 0x0d [ 165.943888][ T5835] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 165.943925][ T5835] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 165.958939][ T5835] Bluetooth: hci0: Malformed LE Event: 0x0d [ 166.487559][ T5835] Bluetooth: hci3: unexpected event for opcode 0x7c89 [ 166.506243][ T7514] sp0: Synchronizing with TNC [ 166.646115][ T7520] sp0: Synchronizing with TNC [ 166.695969][ T5835] Bluetooth: hci3: unexpected event 0x3e length: 726 > 260 [ 166.696004][ T5835] Bluetooth: hci3: unexpected subevent 0x0d length: 725 > 260 [ 166.711310][ T5835] Bluetooth: hci3: Malformed LE Event: 0x0d [ 166.971501][ T7526] loop6: detected capacity change from 0 to 4194304 [ 167.048165][ T30] audit: type=1800 audit(4294967344.053:25): pid=7528 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.496" name="dbroot" dev="configfs" ino=15234 res=0 errno=0 [ 168.048018][ T7552] FAULT_INJECTION: forcing a failure. [ 168.048018][ T7552] name failslab, interval 1, probability 0, space 0, times 0 [ 168.070400][ T7552] CPU: 1 UID: 0 PID: 7552 Comm: syz.3.506 Not tainted syzkaller #0 PREEMPT(full) [ 168.070440][ T7552] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 168.070456][ T7552] Call Trace: [ 168.070465][ T7552] [ 168.070476][ T7552] dump_stack_lvl+0x100/0x190 [ 168.070534][ T7552] should_fail_ex.cold+0x5/0xa [ 168.070567][ T7552] should_failslab+0xc2/0x120 [ 168.070601][ T7552] __kmalloc_cache_noprof+0x80/0x810 [ 168.070641][ T7552] ? vhost_net_open+0x2d/0x8b0 [ 168.070683][ T7552] ? vhost_net_open+0x73/0x8b0 [ 168.070727][ T7552] ? __pfx_vhost_net_open+0x10/0x10 [ 168.070762][ T7552] ? vhost_net_open+0x73/0x8b0 [ 168.070796][ T7552] vhost_net_open+0x73/0x8b0 [ 168.070831][ T7552] ? __pfx_vhost_net_open+0x10/0x10 [ 168.070869][ T7552] misc_open+0x26d/0x450 [ 168.070911][ T7552] ? __pfx_misc_open+0x10/0x10 [ 168.070951][ T7552] chrdev_open+0x234/0x6a0 [ 168.070981][ T7552] ? __pfx_apparmor_file_open+0x10/0x10 [ 168.071023][ T7552] ? __pfx_chrdev_open+0x10/0x10 [ 168.071056][ T7552] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 168.071096][ T7552] do_dentry_open+0x6d8/0x1660 [ 168.071125][ T7552] ? __pfx_chrdev_open+0x10/0x10 [ 168.071166][ T7552] vfs_open+0x82/0x3f0 [ 168.071206][ T7552] path_openat+0x208c/0x31a0 [ 168.071251][ T7552] ? __pfx_path_openat+0x10/0x10 [ 168.071296][ T7552] do_file_open+0x20e/0x430 [ 168.071330][ T7552] ? __pfx_do_file_open+0x10/0x10 [ 168.071390][ T7552] ? alloc_fd+0x476/0x790 [ 168.071423][ T7552] ? do_getname+0x191/0x390 [ 168.071463][ T7552] do_sys_openat2+0x10d/0x1e0 [ 168.071503][ T7552] ? __pfx_do_sys_openat2+0x10/0x10 [ 168.071546][ T7552] ? __fget_files+0x21f/0x3d0 [ 168.071583][ T7552] __x64_sys_openat+0x12d/0x210 [ 168.071622][ T7552] ? __pfx___x64_sys_openat+0x10/0x10 [ 168.071665][ T7552] ? xfd_validate_state+0x129/0x190 [ 168.071712][ T7552] do_syscall_64+0x106/0xf80 [ 168.071738][ T7552] ? clear_bhb_loop+0x40/0x90 [ 168.071771][ T7552] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 168.071800][ T7552] RIP: 0033:0x7fae69f9bf79 [ 168.071823][ T7552] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 168.071849][ T7552] RSP: 002b:00007fae6af2c028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 168.071877][ T7552] RAX: ffffffffffffffda RBX: 00007fae6a215fa0 RCX: 00007fae69f9bf79 [ 168.071896][ T7552] RDX: 0000000000000000 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 168.071913][ T7552] RBP: 00007fae6a0327e0 R08: 0000000000000000 R09: 0000000000000000 [ 168.071929][ T7552] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 168.071944][ T7552] R13: 00007fae6a216038 R14: 00007fae6a215fa0 R15: 00007ffc0e6b7b58 [ 168.071981][ T7552] [ 168.467974][ T5835] Bluetooth: hci2: unexpected event for opcode 0x7c89 [ 168.604835][ T5835] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 168.604879][ T5835] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 168.619681][ T5835] Bluetooth: hci2: Malformed LE Event: 0x0d [ 168.675181][ T7565] hub 1-0:1.0: USB hub found [ 168.693976][ T7565] hub 1-0:1.0: 1 port detected [ 168.987186][ T30] audit: type=1800 audit(4294967345.994:26): pid=7576 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.512" name="dbroot" dev="configfs" ino=17474 res=0 errno=0 [ 169.070457][ T7578] Falling back ldisc for pty66. [ 170.443932][ T5835] Bluetooth: hci2: unexpected event for opcode 0x7c89 [ 170.503398][ T30] audit: type=1800 audit(4294967347.495:27): pid=7613 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.528" name="dbroot" dev="configfs" ino=17848 res=0 errno=0 [ 170.607268][ T5835] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 170.607290][ T5835] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 170.624276][ T5835] bt_err_ratelimited: 11 callbacks suppressed [ 170.624286][ T5835] Bluetooth: hci2: Unknown advertising packet type: 0x7f [ 170.630422][ T5835] Bluetooth: hci2: adv larger than maximum supported [ 170.637761][ T5835] Bluetooth: hci2: Malformed LE Event: 0x0d [ 171.628828][ T5835] Bluetooth: hci1: unexpected event for opcode 0x7c89 [ 171.703794][ T5835] Bluetooth: hci3: unexpected event for opcode 0x7c89 [ 171.774182][ T5835] Bluetooth: hci1: unexpected event 0x3e length: 726 > 260 [ 171.774204][ T5835] Bluetooth: hci1: unexpected subevent 0x0d length: 725 > 260 [ 171.789002][ T5835] Bluetooth: hci1: Unknown advertising packet type: 0x7f [ 171.789020][ T5835] Bluetooth: hci1: adv larger than maximum supported [ 171.797275][ T5835] Bluetooth: hci1: Unknown advertising packet type: 0x5f [ 171.804184][ T5835] Bluetooth: hci1: Malformed LE Event: 0x0d [ 172.053193][ T30] audit: type=1800 audit(4294967349.066:28): pid=7642 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.536" name="dbroot" dev="configfs" ino=16720 res=0 errno=0 [ 173.083789][ T7662] FAULT_INJECTION: forcing a failure. [ 173.083789][ T7662] name failslab, interval 1, probability 0, space 0, times 0 [ 173.097062][ T7662] CPU: 1 UID: 0 PID: 7662 Comm: syz.3.543 Tainted: G L syzkaller #0 PREEMPT(full) [ 173.097102][ T7662] Tainted: [L]=SOFTLOCKUP [ 173.097111][ T7662] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 173.097125][ T7662] Call Trace: [ 173.097133][ T7662] [ 173.097143][ T7662] dump_stack_lvl+0x100/0x190 [ 173.097186][ T7662] should_fail_ex.cold+0x5/0xa [ 173.097213][ T7662] should_failslab+0xc2/0x120 [ 173.097244][ T7662] __kmalloc_cache_noprof+0x80/0x810 [ 173.097281][ T7662] ? usb_control_msg+0xbc/0x4a0 [ 173.097331][ T7662] ? disable_store+0x21a/0x450 [ 173.097360][ T7662] ? usb_control_msg+0xbc/0x4a0 [ 173.097392][ T7662] ? __pfx___mutex_lock+0x10/0x10 [ 173.097417][ T7662] usb_control_msg+0xbc/0x4a0 [ 173.097452][ T7662] ? __pfx_usb_control_msg+0x10/0x10 [ 173.097484][ T7662] ? __pfx___up_read+0x10/0x10 [ 173.097509][ T7662] ? kernfs_find_and_get_ns+0x5f/0x70 [ 173.097557][ T7662] usb_hub_set_port_power+0x125/0x180 [ 173.097612][ T7662] disable_store+0x2eb/0x450 [ 173.097642][ T7662] ? __pfx_disable_store+0x10/0x10 [ 173.097669][ T7662] ? find_held_lock+0x2b/0x80 [ 173.097705][ T7662] ? sysfs_file_kobj+0xe4/0x290 [ 173.097732][ T7662] ? sysfs_file_kobj+0xe4/0x290 [ 173.097764][ T7662] ? __pfx_disable_store+0x10/0x10 [ 173.097789][ T7662] dev_attr_store+0x58/0x80 [ 173.097830][ T7662] ? __pfx_dev_attr_store+0x10/0x10 [ 173.097867][ T7662] sysfs_kf_write+0xf2/0x150 [ 173.097897][ T7662] kernfs_fop_write_iter+0x3e0/0x5f0 [ 173.097922][ T7662] ? __pfx_sysfs_kf_write+0x10/0x10 [ 173.097957][ T7662] vfs_write+0x6ac/0x1070 [ 173.097990][ T7662] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 173.098041][ T7662] ? __pfx_vfs_write+0x10/0x10 [ 173.098095][ T7662] ksys_write+0x12a/0x250 [ 173.098124][ T7662] ? __pfx_ksys_write+0x10/0x10 [ 173.098165][ T7662] do_syscall_64+0x106/0xf80 [ 173.098192][ T7662] ? clear_bhb_loop+0x40/0x90 [ 173.098225][ T7662] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 173.098249][ T7662] RIP: 0033:0x7fae69f9bf79 [ 173.098267][ T7662] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 173.098289][ T7662] RSP: 002b:00007fae6af2c028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 173.098319][ T7662] RAX: ffffffffffffffda RBX: 00007fae6a215fa0 RCX: 00007fae69f9bf79 [ 173.098335][ T7662] RDX: 00000000000005c8 RSI: 0000000000000000 RDI: 0000000000000003 [ 173.098349][ T7662] RBP: 00007fae6a0327e0 R08: 0000000000000000 R09: 0000000000000000 [ 173.098364][ T7662] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 173.098379][ T7662] R13: 00007fae6a216038 R14: 00007fae6a215fa0 R15: 00007ffc0e6b7b58 [ 173.098412][ T7662] [ 173.483373][ T5835] Bluetooth: hci1: unexpected event for opcode 0x7c89 [ 173.498816][ T5835] Bluetooth: hci0: unexpected event for opcode 0x7c89 [ 173.641656][ T5835] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 173.641694][ T5835] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 173.656701][ T5835] Bluetooth: hci0: Unknown advertising packet type: 0x7f [ 173.656719][ T5835] Bluetooth: hci0: adv larger than maximum supported [ 173.664008][ T5835] Bluetooth: hci0: Unknown advertising packet type: 0x5f [ 173.670926][ T5835] Bluetooth: hci0: Malformed LE Event: 0x0d [ 173.686413][ T5835] Bluetooth: hci1: unexpected event 0x3e length: 726 > 260 [ 173.686432][ T5835] Bluetooth: hci1: unexpected subevent 0x0d length: 725 > 260 [ 173.707983][ T5835] Bluetooth: hci1: Unknown advertising packet type: 0x7f [ 173.708021][ T5835] Bluetooth: hci1: adv larger than maximum supported [ 173.716185][ T5835] Bluetooth: hci1: Malformed LE Event: 0x0d [ 173.805036][ T30] audit: type=1800 audit(4294967350.806:29): pid=7671 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.545" name="dbroot" dev="configfs" ino=16873 res=0 errno=0 [ 175.104708][ T5835] Bluetooth: hci3: unexpected event for opcode 0x7c89 [ 175.171397][ T5835] Bluetooth: hci1: unexpected event for opcode 0x7c89 [ 175.250610][ T5835] Bluetooth: hci3: unexpected event 0x3e length: 726 > 260 [ 175.250644][ T5835] Bluetooth: hci3: unexpected subevent 0x0d length: 725 > 260 [ 175.265544][ T5835] Bluetooth: hci3: Malformed LE Event: 0x0d [ 175.302920][ T5835] Bluetooth: hci1: unexpected event 0x3e length: 726 > 260 [ 175.302955][ T5835] Bluetooth: hci1: unexpected subevent 0x0d length: 725 > 260 [ 175.317834][ T5835] Bluetooth: hci1: Malformed LE Event: 0x0d [ 175.366611][ T7705] smpboot: CPU 1 is now offline [ 175.805994][ T30] audit: type=1800 audit(4294967352.797:30): pid=7719 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.560" name="dbroot" dev="configfs" ino=18212 res=0 errno=0 [ 175.875960][ T5835] Bluetooth: hci0: unexpected event for opcode 0x7c89 [ 176.051112][ T7726] netlink: 4 bytes leftover after parsing attributes in process `syz.1.563'. [ 176.117391][ T5835] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 176.117413][ T5835] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 176.133137][ T5835] bt_err_ratelimited: 6 callbacks suppressed [ 176.133148][ T5835] Bluetooth: hci0: Unknown advertising packet type: 0x7f [ 176.139195][ T5835] Bluetooth: hci0: adv larger than maximum supported [ 176.147514][ T5835] Bluetooth: hci0: Unknown advertising packet type: 0x5f [ 176.154667][ T5835] Bluetooth: hci0: Malformed LE Event: 0x0d [ 176.366027][ T7730] ubi0: attaching mtd0 [ 176.420168][ T7730] ubi0: scanning is finished [ 176.456120][ T7730] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 176.743996][ T7730] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 177.079330][ T5835] Bluetooth: hci3: unexpected event for opcode 0x7c89 [ 177.140690][ T5835] Bluetooth: hci2: unexpected event for opcode 0x7c89 [ 177.214192][ T5835] Bluetooth: hci3: unexpected event 0x3e length: 726 > 260 [ 177.214216][ T5835] Bluetooth: hci3: unexpected subevent 0x0d length: 725 > 260 [ 177.229346][ T5835] Bluetooth: hci3: Unknown advertising packet type: 0x7f [ 177.229362][ T5835] Bluetooth: hci3: adv larger than maximum supported [ 177.236390][ T5835] Bluetooth: hci3: Unknown advertising packet type: 0x5f [ 177.243194][ T5835] Bluetooth: hci3: Malformed LE Event: 0x0d [ 177.278907][ T5835] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 177.278929][ T5835] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 177.293664][ T5835] Bluetooth: hci2: Unknown advertising packet type: 0x7f [ 177.293681][ T5835] Bluetooth: hci2: adv larger than maximum supported [ 177.301354][ T5835] Bluetooth: hci2: Unknown advertising packet type: 0x5f [ 177.308071][ T5835] Bluetooth: hci2: Malformed LE Event: 0x0d [ 177.333470][ T5835] Bluetooth: hci0: unexpected event for opcode 0x7c89 [ 177.494948][ T5835] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 177.494971][ T5835] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 177.509831][ T5835] Bluetooth: hci0: Unknown advertising packet type: 0x7f [ 177.509877][ T5835] Bluetooth: hci0: Malformed LE Event: 0x0d [ 177.668097][ T5835] Bluetooth: hci1: unexpected event for opcode 0x7c89 [ 177.771323][ T7759] __vm_enough_memory: pid: 7759, comm: syz.2.572, bytes: 4398046511104 not enough memory for the allocation [ 177.802570][ T5835] Bluetooth: hci1: unexpected event 0x3e length: 726 > 260 [ 177.802593][ T5835] Bluetooth: hci1: unexpected subevent 0x0d length: 725 > 260 [ 177.817705][ T5835] Bluetooth: hci1: Malformed LE Event: 0x0d [ 178.708995][ T5835] Bluetooth: hci2: unexpected event for opcode 0x7c89 [ 178.834494][ T5835] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 178.834518][ T5835] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 178.850064][ T5835] Bluetooth: hci2: Malformed LE Event: 0x0d [ 178.890378][ T30] audit: type=1800 audit(4294967355.899:31): pid=7782 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.579" name="dbroot" dev="configfs" ino=18813 res=0 errno=0 [ 179.725190][ T5835] Bluetooth: hci3: unexpected event for opcode 0x7c89 [ 180.683797][ T5835] Bluetooth: hci3: unexpected event 0x3e length: 726 > 260 [ 180.683821][ T5835] Bluetooth: hci3: unexpected subevent 0x0d length: 725 > 260 [ 180.698640][ T5835] Bluetooth: hci3: Malformed LE Event: 0x0d [ 180.945781][ T5835] Bluetooth: hci1: unexpected event for opcode 0x7c89 [ 181.034488][ T7807] FAULT_INJECTION: forcing a failure. [ 181.034488][ T7807] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 181.072042][ T5835] Bluetooth: hci1: unexpected event 0x3e length: 726 > 260 [ 181.072065][ T5835] Bluetooth: hci1: unexpected subevent 0x0d length: 725 > 260 [ 181.089042][ T5835] Bluetooth: hci1: Malformed LE Event: 0x0d [ 181.110668][ T7807] CPU: 0 UID: 0 PID: 7807 Comm: syz.3.587 Tainted: G L syzkaller #0 PREEMPT(full) [ 181.110693][ T7807] Tainted: [L]=SOFTLOCKUP [ 181.110699][ T7807] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 181.110719][ T7807] Call Trace: [ 181.110725][ T7807] [ 181.110731][ T7807] dump_stack_lvl+0x100/0x190 [ 181.110763][ T7807] should_fail_ex.cold+0x5/0xa [ 181.110780][ T7807] core_sys_select+0x9b9/0xbb0 [ 181.110799][ T7807] ? __pfx_core_sys_select+0x10/0x10 [ 181.110833][ T7807] ? ktime_get_ts64+0x2d2/0x3f0 [ 181.110856][ T7807] ? read_tsc+0x9/0x20 [ 181.110868][ T7807] ? ktime_get_ts64+0x256/0x3f0 [ 181.110891][ T7807] kern_select+0x20c/0x270 [ 181.110907][ T7807] ? __pfx_kern_select+0x10/0x10 [ 181.110927][ T7807] __x64_sys_select+0xbd/0x160 [ 181.110941][ T7807] ? do_syscall_64+0x95/0xf80 [ 181.110955][ T7807] ? lockdep_hardirqs_on+0x78/0x100 [ 181.110973][ T7807] do_syscall_64+0x106/0xf80 [ 181.110986][ T7807] ? clear_bhb_loop+0x40/0x90 [ 181.111004][ T7807] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 181.111019][ T7807] RIP: 0033:0x7fae69f9bf79 [ 181.111031][ T7807] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 181.111045][ T7807] RSP: 002b:00007fae6af2c028 EFLAGS: 00000246 ORIG_RAX: 0000000000000017 [ 181.111060][ T7807] RAX: ffffffffffffffda RBX: 00007fae6a215fa0 RCX: 00007fae69f9bf79 [ 181.111070][ T7807] RDX: 0000200000000400 RSI: 0000200000000380 RDI: 0000000000000006 [ 181.111079][ T7807] RBP: 00007fae6a0327e0 R08: 0000200000000540 R09: 0000000000000000 [ 181.111088][ T7807] R10: 0000200000000480 R11: 0000000000000246 R12: 0000000000000000 [ 181.111097][ T7807] R13: 00007fae6a216038 R14: 00007fae6a215fa0 R15: 00007ffc0e6b7b58 [ 181.111116][ T7807] [ 181.395031][ T5835] Bluetooth: hci2: unexpected event for opcode 0x7c89 [ 181.509067][ T5835] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 181.509091][ T5835] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 181.524039][ T5835] bt_err_ratelimited: 13 callbacks suppressed [ 181.524050][ T5835] Bluetooth: hci2: Unknown advertising packet type: 0x7f [ 181.530255][ T5835] Bluetooth: hci2: adv larger than maximum supported [ 181.537462][ T5835] Bluetooth: hci2: Malformed LE Event: 0x0d [ 181.681191][ T30] audit: type=1800 audit(4294967358.690:32): pid=7818 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.590" name="dbroot" dev="configfs" ino=19178 res=0 errno=0 [ 182.119150][ T30] audit: type=1800 audit(4294967359.121:33): pid=7822 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.591" name="dbroot" dev="configfs" ino=19187 res=0 errno=0 [ 182.636404][ T7830] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 183.064959][ T5835] Bluetooth: hci1: unexpected event for opcode 0x7c89 [ 183.084775][ T5835] Bluetooth: hci1: unexpected event 0x3e length: 726 > 260 [ 183.084797][ T5835] Bluetooth: hci1: unexpected subevent 0x0d length: 725 > 260 [ 183.099715][ T5835] Bluetooth: hci1: Unknown advertising packet type: 0x7f [ 183.099773][ T5835] Bluetooth: hci1: adv larger than maximum supported [ 183.107508][ T5835] Bluetooth: hci1: Unknown advertising packet type: 0x5f [ 183.114178][ T5835] Bluetooth: hci1: Malformed LE Event: 0x0d [ 183.453473][ T5835] Bluetooth: hci3: unexpected event for opcode 0x7c89 [ 183.582051][ T5835] Bluetooth: hci3: unexpected event 0x3e length: 726 > 260 [ 183.582074][ T5835] Bluetooth: hci3: unexpected subevent 0x0d length: 725 > 260 [ 183.596934][ T5835] Bluetooth: hci3: Unknown advertising packet type: 0x7f [ 183.596955][ T5835] Bluetooth: hci3: adv larger than maximum supported [ 183.603969][ T5835] Bluetooth: hci3: Malformed LE Event: 0x0d [ 183.820485][ T30] audit: type=1800 audit(4294967360.831:34): pid=7863 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.606" name="dbroot" dev="configfs" ino=19530 res=0 errno=0 [ 184.114544][ T5835] Bluetooth: hci3: unexpected event for opcode 0x7c89 [ 184.213214][ T7864] ima: policy update failed [ 184.243199][ T5835] Bluetooth: hci3: unexpected event 0x3e length: 726 > 260 [ 184.243222][ T5835] Bluetooth: hci3: unexpected subevent 0x0d length: 725 > 260 [ 184.257991][ T5835] Bluetooth: hci3: Unknown advertising packet type: 0x7f [ 184.258009][ T5835] Bluetooth: hci3: adv larger than maximum supported [ 184.265067][ T5835] Bluetooth: hci3: Unknown advertising packet type: 0x5f [ 184.271732][ T5835] Bluetooth: hci3: Malformed LE Event: 0x0d [ 184.288345][ T30] audit: type=1802 audit(4294967361.302:35): pid=7864 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.1.607" res=0 errno=0 [ 184.851031][ T30] audit: type=1800 audit(4294967361.862:36): pid=7889 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.613" name="dbroot" dev="configfs" ino=19634 res=0 errno=0 [ 185.397446][ T5835] Bluetooth: hci2: unexpected event for opcode 0x7c89 [ 185.405637][ T5835] Bluetooth: hci1: unexpected event for opcode 0x7c89 [ 185.503137][ T5835] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 185.503161][ T5835] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 185.518306][ T5835] Bluetooth: hci2: Malformed LE Event: 0x0d [ 185.551623][ T5835] Bluetooth: hci1: unexpected event 0x3e length: 726 > 260 [ 185.551647][ T5835] Bluetooth: hci1: unexpected subevent 0x0d length: 725 > 260 [ 185.568877][ T5835] Bluetooth: hci1: Malformed LE Event: 0x0d [ 185.810725][ T5835] Bluetooth: hci2: unexpected event for opcode 0x7c89 [ 185.836801][ T5835] Bluetooth: hci1: unexpected event for opcode 0x7c89 [ 185.936125][ T5835] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 185.936150][ T5835] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 185.951099][ T5835] Bluetooth: hci2: Malformed LE Event: 0x0d [ 185.979981][ T5835] Bluetooth: hci1: unexpected event 0x3e length: 726 > 260 [ 185.980003][ T5835] Bluetooth: hci1: unexpected subevent 0x0d length: 725 > 260 [ 185.996616][ T5835] Bluetooth: hci1: Malformed LE Event: 0x0d [ 186.612656][ T5835] Bluetooth: hci1: unexpected event for opcode 0x7c89 [ 186.742503][ T5835] Bluetooth: hci1: unexpected event 0x3e length: 726 > 260 [ 186.742528][ T5835] Bluetooth: hci1: unexpected subevent 0x0d length: 725 > 260 [ 186.757832][ T5835] bt_err_ratelimited: 12 callbacks suppressed [ 186.757843][ T5835] Bluetooth: hci1: Unknown advertising packet type: 0x7f [ 186.764204][ T5835] Bluetooth: hci1: adv larger than maximum supported [ 186.771767][ T5835] Bluetooth: hci1: Unknown advertising packet type: 0x5f [ 186.781139][ T5835] Bluetooth: hci1: Malformed LE Event: 0x0d [ 186.913023][ T30] audit: type=1800 audit(4294967363.923:37): pid=7936 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.630" name="dbroot" dev="configfs" ino=20024 res=0 errno=0 [ 186.953922][ T7927] FAULT_INJECTION: forcing a failure. [ 186.953922][ T7927] name failslab, interval 1, probability 0, space 0, times 0 [ 187.024027][ T7927] CPU: 0 UID: 0 PID: 7927 Comm: syz.2.627 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 187.024066][ T7927] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 187.024075][ T7927] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 187.024084][ T7927] Call Trace: [ 187.024089][ T7927] [ 187.024095][ T7927] dump_stack_lvl+0x100/0x190 [ 187.024121][ T7927] should_fail_ex.cold+0x5/0xa [ 187.024138][ T7927] should_failslab+0xc2/0x120 [ 187.024156][ T7927] __kmalloc_cache_noprof+0x80/0x810 [ 187.024180][ T7927] ? vkms_atomic_crtc_duplicate_state+0x7a/0x1e0 [ 187.024204][ T7927] ? ww_mutex_lock+0x37/0x160 [ 187.024223][ T7927] ? vkms_atomic_crtc_duplicate_state+0x7a/0x1e0 [ 187.024247][ T7927] vkms_atomic_crtc_duplicate_state+0x7a/0x1e0 [ 187.024271][ T7927] drm_atomic_get_crtc_state+0x1de/0x620 [ 187.024297][ T7927] drm_atomic_get_plane_state+0x4a3/0x760 [ 187.024335][ T7927] drm_client_modeset_commit_atomic+0x237/0x7e0 [ 187.024353][ T7927] ? rcu_is_watching+0x12/0xc0 [ 187.024383][ T7927] ? __mutex_lock+0x26a/0x1b90 [ 187.024398][ T7927] ? __pfx_drm_client_modeset_commit_atomic+0x10/0x10 [ 187.024415][ T7927] ? trace_contention_end+0xd6/0x110 [ 187.024435][ T7927] ? drm_master_internal_acquire+0x21/0x80 [ 187.024469][ T7927] drm_client_modeset_commit_locked+0x14d/0x580 [ 187.024488][ T7927] drm_client_modeset_commit+0x4f/0x80 [ 187.024505][ T7927] __drm_fb_helper_restore_fbdev_mode_unlocked.part.0+0x137/0x160 [ 187.024524][ T7927] drm_fb_helper_restore_fbdev_mode_unlocked+0x93/0xc0 [ 187.024548][ T7927] drm_fbdev_client_restore+0x1b/0x30 [ 187.024569][ T7927] ? __pfx_drm_fbdev_client_restore+0x10/0x10 [ 187.024590][ T7927] drm_client_dev_restore+0x205/0x2a0 [ 187.024610][ T7927] drm_release+0x2c6/0x360 [ 187.024625][ T7927] ? __pfx_drm_release+0x10/0x10 [ 187.024639][ T7927] __fput+0x3ff/0xb40 [ 187.024661][ T7927] task_work_run+0x150/0x240 [ 187.024679][ T7927] ? __pfx_task_work_run+0x10/0x10 [ 187.024701][ T7927] exit_to_user_mode_loop+0x100/0x4a0 [ 187.024715][ T7927] ? rcu_is_watching+0x12/0xc0 [ 187.024734][ T7927] do_syscall_64+0x668/0xf80 [ 187.024747][ T7927] ? clear_bhb_loop+0x40/0x90 [ 187.024765][ T7927] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 187.024779][ T7927] RIP: 0033:0x7fd439d9bf79 [ 187.024791][ T7927] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 187.024805][ T7927] RSP: 002b:00007fd43ab79028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 187.024820][ T7927] RAX: 0000000000000000 RBX: 00007fd43a015fa0 RCX: 00007fd439d9bf79 [ 187.024830][ T7927] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 187.024839][ T7927] RBP: 00007fd439e327e0 R08: 0000000000000000 R09: 0000000000000000 [ 187.024848][ T7927] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 187.024856][ T7927] R13: 00007fd43a016038 R14: 00007fd43a015fa0 R15: 00007ffd9b46a648 [ 187.024878][ T7927] [ 187.409646][ T7942] FAULT_INJECTION: forcing a failure. [ 187.409646][ T7942] name failslab, interval 1, probability 0, space 0, times 0 [ 187.422301][ T7942] CPU: 0 UID: 0 PID: 7942 Comm: syz.2.632 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 187.422335][ T7942] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 187.422344][ T7942] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 187.422358][ T7942] Call Trace: [ 187.422364][ T7942] [ 187.422370][ T7942] dump_stack_lvl+0x100/0x190 [ 187.422395][ T7942] should_fail_ex.cold+0x5/0xa [ 187.422413][ T7942] should_failslab+0xc2/0x120 [ 187.422434][ T7942] __kmalloc_cache_noprof+0x80/0x810 [ 187.422456][ T7942] ? __might_fault+0xc5/0x140 [ 187.422470][ T7942] ? do_signalfd4+0x14e/0x480 [ 187.422491][ T7942] ? do_signalfd4+0x14e/0x480 [ 187.422508][ T7942] do_signalfd4+0x14e/0x480 [ 187.422527][ T7942] __x64_sys_signalfd+0x120/0x1a0 [ 187.422546][ T7942] ? __pfx___x64_sys_signalfd+0x10/0x10 [ 187.422570][ T7942] do_syscall_64+0x106/0xf80 [ 187.422583][ T7942] ? clear_bhb_loop+0x40/0x90 [ 187.422601][ T7942] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 187.422616][ T7942] RIP: 0033:0x7fd439d9bf79 [ 187.422628][ T7942] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 187.422643][ T7942] RSP: 002b:00007fd43ab79028 EFLAGS: 00000246 ORIG_RAX: 000000000000011a [ 187.422658][ T7942] RAX: ffffffffffffffda RBX: 00007fd43a015fa0 RCX: 00007fd439d9bf79 [ 187.422667][ T7942] RDX: 0000000000000008 RSI: 0000000000000000 RDI: 00000000ffffffff [ 187.422676][ T7942] RBP: 00007fd439e327e0 R08: 0000000000000000 R09: 0000000000000000 [ 187.422685][ T7942] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 187.422694][ T7942] R13: 00007fd43a016038 R14: 00007fd43a015fa0 R15: 00007ffd9b46a648 [ 187.422713][ T7942] [ 187.704770][ T5835] Bluetooth: hci2: unexpected event for opcode 0x7c89 [ 187.712866][ T5835] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 187.712885][ T5835] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 187.727925][ T5835] Bluetooth: hci2: Unknown advertising packet type: 0x7f [ 187.727943][ T5835] Bluetooth: hci2: adv larger than maximum supported [ 187.734993][ T5835] Bluetooth: hci2: Unknown advertising packet type: 0x5f [ 187.741670][ T5835] Bluetooth: hci2: Malformed LE Event: 0x0d [ 187.775426][ T30] audit: type=1800 audit(4294967364.773:38): pid=7949 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.634" name="dbroot" dev="configfs" ino=20114 res=0 errno=0 [ 188.060307][ T7956] futex_wake_op: syz.0.637 tries to shift op by -2048; fix this program [ 188.101628][ T7956] futex_wake_op: syz.0.637 tries to shift op by -2048; fix this program [ 188.251429][ T5826] Bluetooth: hci2: unexpected event for opcode 0x7c89 [ 188.307463][ T7960] sp0: Synchronizing with TNC [ 188.376263][ T5826] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 188.376287][ T5826] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 188.393044][ T5826] Bluetooth: hci2: Unknown advertising packet type: 0x7f [ 188.393063][ T5826] Bluetooth: hci2: adv larger than maximum supported [ 188.400103][ T5826] Bluetooth: hci2: Unknown advertising packet type: 0x5f [ 188.408011][ T5826] Bluetooth: hci2: Malformed LE Event: 0x0d [ 188.719621][ T7971] smpboot: Booting Node 0 Processor 1 APIC 0x1 [ 188.733546][ T5826] Bluetooth: hci3: unexpected event for opcode 0x7c89 [ 188.814730][ T5826] Bluetooth: hci3: unexpected event 0x3e length: 726 > 260 [ 188.814764][ T5826] Bluetooth: hci3: unexpected subevent 0x0d length: 725 > 260 [ 188.830833][ T5826] Bluetooth: hci3: Unknown advertising packet type: 0x7f [ 188.830897][ T5826] Bluetooth: hci3: Malformed LE Event: 0x0d [ 188.874887][ T7975] netlink: 330 bytes leftover after parsing attributes in process `syz.1.645'. [ 189.040630][ T5826] Bluetooth: hci0: unexpected event for opcode 0x7c89 [ 189.139934][ T5826] Bluetooth: hci2: unexpected event for opcode 0x7c89 [ 189.248286][ T5826] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 189.248320][ T5826] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 189.263459][ T5826] Bluetooth: hci0: Malformed LE Event: 0x0d [ 189.423163][ T5826] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 189.423199][ T5826] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 189.438542][ T5826] Bluetooth: hci2: Malformed LE Event: 0x0d [ 189.481763][ T30] audit: type=1800 audit(4294967366.504:39): pid=8000 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.651" name="dbroot" dev="configfs" ino=17105 res=0 errno=0 [ 189.577832][ T8002] netlink: 25 bytes leftover after parsing attributes in process `syz.0.652'. [ 189.614496][ T5826] Bluetooth: hci3: unexpected event for opcode 0x7c89 [ 189.734174][ T8006] netlink: 338 bytes leftover after parsing attributes in process `syz.0.654'. [ 189.751809][ T5826] Bluetooth: hci3: unexpected event 0x3e length: 726 > 260 [ 189.751843][ T5826] Bluetooth: hci3: unexpected subevent 0x0d length: 725 > 260 [ 189.769129][ T5826] Bluetooth: hci3: Malformed LE Event: 0x0d [ 189.806408][ T8008] netlink: 338 bytes leftover after parsing attributes in process `syz.0.654'. [ 189.873616][ T8006] netlink: 290 bytes leftover after parsing attributes in process `syz.0.654'. [ 190.087344][ T8014] netlink: 338 bytes leftover after parsing attributes in process `syz.0.656'. [ 190.134891][ T8014] bridge0: port 2(bridge_slave_1) entered disabled state [ 190.142792][ T8014] bridge0: port 1(bridge_slave_0) entered disabled state [ 190.227245][ T5826] Bluetooth: hci2: unexpected event for opcode 0x7c89 [ 190.340181][ T5826] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 190.340218][ T5826] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 190.355331][ T5826] Bluetooth: hci2: Malformed LE Event: 0x0d [ 190.437611][ T30] audit: type=1800 audit(4294967367.455:40): pid=8028 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.660" name="dbroot" dev="configfs" ino=17196 res=0 errno=0 [ 190.909543][ T8035] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 191.366669][ T30] audit: type=1800 audit(4294967368.385:41): pid=8055 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.666" name="dbroot" dev="configfs" ino=17342 res=0 errno=0 [ 191.559142][ T5826] Bluetooth: hci2: unexpected event for opcode 0x7c89 [ 191.712744][ T5826] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 191.712769][ T5826] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 191.728347][ T5826] Bluetooth: hci2: Malformed LE Event: 0x0d [ 192.362380][ T8081] vhci_hcd vhci_hcd.2: invalid port number 16 [ 192.369411][ T5826] Bluetooth: hci1: unexpected event for opcode 0x7c89 [ 192.380721][ T8081] vhci_hcd vhci_hcd.2: invalid port number 16 [ 192.459869][ T30] audit: type=1800 audit(4294967369.476:42): pid=8088 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.674" name="dbroot" dev="configfs" ino=21594 res=0 errno=0 [ 192.495951][ T5826] Bluetooth: hci1: unexpected event 0x3e length: 726 > 260 [ 192.496024][ T5826] Bluetooth: hci1: unexpected subevent 0x0d length: 725 > 260 [ 192.514507][ T5826] bt_err_ratelimited: 17 callbacks suppressed [ 192.514528][ T5826] Bluetooth: hci1: Unknown advertising packet type: 0x7f [ 192.520667][ T5826] Bluetooth: hci1: adv larger than maximum supported [ 192.528973][ T5826] Bluetooth: hci1: Unknown advertising packet type: 0x5f [ 192.535702][ T5826] Bluetooth: hci1: Malformed LE Event: 0x0d [ 192.719518][ T8095] FAULT_INJECTION: forcing a failure. [ 192.719518][ T8095] name failslab, interval 1, probability 0, space 0, times 0 [ 192.773264][ T8095] CPU: 0 UID: 0 PID: 8095 Comm: syz.0.676 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 192.773325][ T8095] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 192.773341][ T8095] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 192.773357][ T8095] Call Trace: [ 192.773366][ T8095] [ 192.773377][ T8095] dump_stack_lvl+0x100/0x190 [ 192.773424][ T8095] should_fail_ex.cold+0x5/0xa [ 192.773454][ T8095] should_failslab+0xc2/0x120 [ 192.773490][ T8095] kmem_cache_alloc_node_noprof+0x8c/0x880 [ 192.773524][ T8095] ? bpf_ksym_find+0x124/0x1c0 [ 192.773566][ T8095] ? __alloc_skb+0x156/0x410 [ 192.773605][ T8095] ? __alloc_skb+0x156/0x410 [ 192.773635][ T8095] __alloc_skb+0x156/0x410 [ 192.773667][ T8095] ? __pfx___alloc_skb+0x10/0x10 [ 192.773713][ T8095] tipc_buf_acquire+0x26/0xe0 [ 192.773756][ T8095] tipc_msg_create+0x39/0x1d0 [ 192.773804][ T8095] tipc_group_proto_xmit+0x150/0x7c0 [ 192.773841][ T8095] tipc_group_delete+0xf8/0x4a0 [ 192.773869][ T8095] ? task_work_run+0x150/0x240 [ 192.773900][ T8095] ? exit_to_user_mode_loop+0x100/0x4a0 [ 192.773927][ T8095] ? do_syscall_64+0x668/0xf80 [ 192.773957][ T8095] ? __pfx_tipc_group_delete+0x10/0x10 [ 192.773996][ T8095] ? __tipc_shutdown+0x855/0xed0 [ 192.774033][ T8095] ? __lock_acquire+0x3c5/0x2630 [ 192.774070][ T8095] tipc_sk_leave+0x10e/0x1c0 [ 192.774104][ T8095] ? __pfx_tipc_sk_leave+0x10/0x10 [ 192.774137][ T8095] ? __pfx_woken_wake_function+0x10/0x10 [ 192.774175][ T8095] ? tipc_sk_filtering+0x47d/0x590 [ 192.774228][ T8095] tipc_release+0x11f/0x1640 [ 192.774269][ T8095] ? down_write+0x146/0x1f0 [ 192.774300][ T8095] ? __pfx_down_write+0x10/0x10 [ 192.774334][ T8095] ? __pfx_locks_remove_file+0x10/0x10 [ 192.774368][ T8095] __sock_release+0xb3/0x260 [ 192.774405][ T8095] ? __pfx_sock_close+0x10/0x10 [ 192.774442][ T8095] sock_close+0x1c/0x30 [ 192.774477][ T8095] __fput+0x3ff/0xb40 [ 192.774514][ T8095] ? _raw_spin_unlock_irq+0x23/0x50 [ 192.774559][ T8095] task_work_run+0x150/0x240 [ 192.774593][ T8095] ? __pfx_task_work_run+0x10/0x10 [ 192.774637][ T8095] exit_to_user_mode_loop+0x100/0x4a0 [ 192.774666][ T8095] ? rcu_is_watching+0x12/0xc0 [ 192.774703][ T8095] do_syscall_64+0x668/0xf80 [ 192.774729][ T8095] ? clear_bhb_loop+0x40/0x90 [ 192.774764][ T8095] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 192.774792][ T8095] RIP: 0033:0x7f809059bf79 [ 192.774815][ T8095] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 192.774843][ T8095] RSP: 002b:00007f808e7ee028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 192.774871][ T8095] RAX: 0000000000000000 RBX: 00007f8090815fa0 RCX: 00007f809059bf79 [ 192.774889][ T8095] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 192.774906][ T8095] RBP: 00007f80906327e0 R08: 0000000000000000 R09: 0000000000000000 [ 192.774923][ T8095] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 192.774940][ T8095] R13: 00007f8090816038 R14: 00007f8090815fa0 R15: 00007ffeeb852498 [ 192.774976][ T8095] [ 193.496811][ T8110] FAULT_INJECTION: forcing a failure. [ 193.496811][ T8110] name failslab, interval 1, probability 0, space 0, times 0 [ 193.517600][ T8110] CPU: 1 UID: 0 PID: 8110 Comm: syz.3.680 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 193.517663][ T8110] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 193.517679][ T8110] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 193.517695][ T8110] Call Trace: [ 193.517704][ T8110] [ 193.517715][ T8110] dump_stack_lvl+0x100/0x190 [ 193.517759][ T8110] should_fail_ex.cold+0x5/0xa [ 193.517790][ T8110] should_failslab+0xc2/0x120 [ 193.517823][ T8110] __kmalloc_cache_node_noprof+0x83/0x840 [ 193.517855][ T8110] ? __alloc_workqueue+0xbc0/0x1880 [ 193.517901][ T8110] ? init_rescuer+0x19f/0x540 [ 193.517935][ T8110] ? init_rescuer+0x19f/0x540 [ 193.517964][ T8110] init_rescuer+0x19f/0x540 [ 193.517993][ T8110] ? __pfx_init_rescuer+0x10/0x10 [ 193.518031][ T8110] ? wq_adjust_max_active+0x352/0x4a0 [ 193.518069][ T8110] __alloc_workqueue+0xc90/0x1880 [ 193.518118][ T8110] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 193.518174][ T8110] alloc_workqueue_noprof+0xd2/0x200 [ 193.518221][ T8110] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 193.518276][ T8110] ? __pfx___debug_object_init+0x10/0x10 [ 193.518327][ T8110] nci_register_device+0x394/0xb80 [ 193.518372][ T8110] ? __pfx_nci_register_device+0x10/0x10 [ 193.518418][ T8110] ? lockdep_init_map_type+0x5c/0x250 [ 193.518456][ T8110] virtual_ncidev_open+0x141/0x220 [ 193.518486][ T8110] ? __pfx_virtual_ncidev_open+0x10/0x10 [ 193.518515][ T8110] misc_open+0x26d/0x450 [ 193.518558][ T8110] ? __pfx_misc_open+0x10/0x10 [ 193.518597][ T8110] chrdev_open+0x234/0x6a0 [ 193.518627][ T8110] ? __pfx_apparmor_file_open+0x10/0x10 [ 193.518671][ T8110] ? __pfx_chrdev_open+0x10/0x10 [ 193.518703][ T8110] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 193.518744][ T8110] do_dentry_open+0x6d8/0x1660 [ 193.518773][ T8110] ? __pfx_chrdev_open+0x10/0x10 [ 193.518812][ T8110] vfs_open+0x82/0x3f0 [ 193.518854][ T8110] path_openat+0x208c/0x31a0 [ 193.518897][ T8110] ? __pfx_path_openat+0x10/0x10 [ 193.518942][ T8110] do_file_open+0x20e/0x430 [ 193.518976][ T8110] ? __pfx_do_file_open+0x10/0x10 [ 193.519035][ T8110] ? alloc_fd+0x476/0x790 [ 193.519069][ T8110] ? do_getname+0x191/0x390 [ 193.519109][ T8110] do_sys_openat2+0x10d/0x1e0 [ 193.519147][ T8110] ? __pfx_do_sys_openat2+0x10/0x10 [ 193.519209][ T8110] __x64_sys_openat+0x12d/0x210 [ 193.519251][ T8110] ? __pfx___x64_sys_openat+0x10/0x10 [ 193.519285][ T8110] ? xfd_validate_state+0x129/0x190 [ 193.519333][ T8110] do_syscall_64+0x106/0xf80 [ 193.519358][ T8110] ? clear_bhb_loop+0x40/0x90 [ 193.519396][ T8110] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 193.519423][ T8110] RIP: 0033:0x7fae69f9bf79 [ 193.519443][ T8110] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 193.519470][ T8110] RSP: 002b:00007fae6af2c028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 193.519496][ T8110] RAX: ffffffffffffffda RBX: 00007fae6a215fa0 RCX: 00007fae69f9bf79 [ 193.519515][ T8110] RDX: 0000000000000002 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 193.519532][ T8110] RBP: 00007fae6a0327e0 R08: 0000000000000000 R09: 0000000000000000 [ 193.519547][ T8110] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 193.519562][ T8110] R13: 00007fae6a216038 R14: 00007fae6a215fa0 R15: 00007ffc0e6b7b58 [ 193.519601][ T8110] [ 193.850808][ T5826] Bluetooth: hci3: unexpected event for opcode 0x7c89 [ 193.919402][ T8110] workqueue: Failed to allocate a rescuer for wq "nfc2_nci_rx_wq" [ 193.937130][ T8117] FAULT_INJECTION: forcing a failure. [ 193.937130][ T8117] name failslab, interval 1, probability 0, space 0, times 0 [ 194.011901][ T8117] CPU: 0 UID: 0 PID: 8117 Comm: syz.1.682 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 194.011961][ T8117] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 194.011978][ T8117] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 194.011993][ T8117] Call Trace: [ 194.012003][ T8117] [ 194.012014][ T8117] dump_stack_lvl+0x100/0x190 [ 194.012056][ T8117] should_fail_ex.cold+0x5/0xa [ 194.012085][ T8117] should_failslab+0xc2/0x120 [ 194.012120][ T8117] kmem_cache_alloc_noprof+0x83/0x780 [ 194.012146][ T8117] ? __pfx_acpi_ut_track_stack_ptr+0x10/0x10 [ 194.012170][ T8117] ? acpi_ps_alloc_op+0x29d/0x360 [ 194.012198][ T8117] ? acpi_ps_alloc_op+0x29d/0x360 [ 194.012216][ T8117] acpi_ps_alloc_op+0x29d/0x360 [ 194.012236][ T8117] ? acpi_ut_status_exit+0x111/0x1c0 [ 194.012259][ T8117] acpi_ps_create_op+0x4b3/0xd10 [ 194.012294][ T8117] ? __pfx_acpi_ps_create_op+0x10/0x10 [ 194.012329][ T8117] ? __pfx_acpi_ut_trace_ptr+0x10/0x10 [ 194.012351][ T8117] ? acpi_ut_value_exit+0x10d/0x190 [ 194.012379][ T8117] acpi_ps_parse_loop+0xa65/0x24a0 [ 194.012422][ T8117] ? __pfx_acpi_ps_parse_loop+0x10/0x10 [ 194.012454][ T8117] ? acpi_ut_status_exit+0x111/0x1c0 [ 194.012478][ T8117] ? acpi_ds_call_control_method+0x435/0xab0 [ 194.012513][ T8117] acpi_ps_parse_aml+0x81e/0x1120 [ 194.012541][ T8117] acpi_ps_execute_method+0x5c4/0xe90 [ 194.012576][ T8117] acpi_ns_evaluate+0x640/0x1670 [ 194.012616][ T8117] acpi_evaluate_object+0x420/0xe00 [ 194.012656][ T8117] ? seq_read_iter+0x819/0x1270 [ 194.012680][ T8117] ? kernfs_fop_read_iter+0x46c/0x610 [ 194.012711][ T8117] ? __pfx_acpi_evaluate_object+0x10/0x10 [ 194.012751][ T8117] ? __pfx___might_resched+0x10/0x10 [ 194.012787][ T8117] acpi_evaluate_integer+0xdf/0x220 [ 194.012821][ T8117] ? __pfx_acpi_evaluate_integer+0x10/0x10 [ 194.012881][ T8117] ? __pfx_status_show+0x10/0x10 [ 194.012909][ T8117] status_show+0xa0/0x120 [ 194.012929][ T8117] ? __pfx_status_show+0x10/0x10 [ 194.012955][ T8117] dev_attr_show+0x52/0xa0 [ 194.012978][ T8117] ? __pfx_dev_attr_show+0x10/0x10 [ 194.012998][ T8117] sysfs_kf_seq_show+0x217/0x3a0 [ 194.013018][ T8117] seq_read_iter+0x32f/0x1270 [ 194.013041][ T8117] kernfs_fop_read_iter+0x46c/0x610 [ 194.013056][ T8117] ? rw_verify_area+0xce/0x6d0 [ 194.013077][ T8117] ? __pfx_kernfs_fop_read_iter+0x10/0x10 [ 194.013093][ T8117] vfs_read+0x825/0xb30 [ 194.013109][ T8117] ? __pfx_vfs_read+0x10/0x10 [ 194.013136][ T8117] ksys_read+0x12a/0x250 [ 194.013150][ T8117] ? __pfx_ksys_read+0x10/0x10 [ 194.013170][ T8117] do_syscall_64+0x106/0xf80 [ 194.013184][ T8117] ? clear_bhb_loop+0x40/0x90 [ 194.013202][ T8117] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 194.013217][ T8117] RIP: 0033:0x7fb396f9bf79 [ 194.013230][ T8117] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 194.013245][ T8117] RSP: 002b:00007fb397e62028 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 194.013260][ T8117] RAX: ffffffffffffffda RBX: 00007fb397215fa0 RCX: 00007fb396f9bf79 [ 194.013270][ T8117] RDX: 000000000000007a RSI: 0000200000000140 RDI: 0000000000000005 [ 194.013279][ T8117] RBP: 00007fb3970327e0 R08: 0000000000000000 R09: 0000000000000000 [ 194.013288][ T8117] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 194.013297][ T8117] R13: 00007fb397216038 R14: 00007fb397215fa0 R15: 00007ffe11dd8788 [ 194.013319][ T8117] [ 194.013334][ T8117] ACPI Error: [ 194.411528][ T8117] Aborting method \_SB.IQST due to previous error (AE_NO_MEMORY) (20251212/psparse-529) [ 194.443800][ T8117] ACPI Error: Aborting method \_SB.LNKA._STA due to previous error (AE_NO_MEMORY) (20251212/psparse-529) [ 194.542914][ T5826] Bluetooth: hci3: unexpected event 0x3e length: 726 > 260 [ 194.542955][ T5826] Bluetooth: hci3: unexpected subevent 0x0d length: 725 > 260 [ 194.559221][ T5826] Bluetooth: hci3: Unknown advertising packet type: 0x7f [ 194.559252][ T5826] Bluetooth: hci3: adv larger than maximum supported [ 194.566309][ T5826] Bluetooth: hci3: Unknown advertising packet type: 0x5f [ 194.573399][ T5826] Bluetooth: hci3: Malformed LE Event: 0x0d [ 194.777832][ T30] audit: type=1800 audit(4294967371.767:43): pid=8130 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.684" name="dbroot" dev="configfs" ino=20762 res=0 errno=0 [ 194.904935][ T5826] Bluetooth: hci3: unexpected event for opcode 0x7c89 [ 195.016223][ T5826] Bluetooth: hci3: unexpected event 0x3e length: 726 > 260 [ 195.016247][ T5826] Bluetooth: hci3: unexpected subevent 0x0d length: 725 > 260 [ 195.031238][ T5826] Bluetooth: hci3: Unknown advertising packet type: 0x7f [ 195.031269][ T5826] Bluetooth: hci3: adv larger than maximum supported [ 195.038398][ T5826] Bluetooth: hci3: Unknown advertising packet type: 0x5f [ 195.045348][ T5826] Bluetooth: hci3: Malformed LE Event: 0x0d [ 195.253693][ T8139] ptp ptp0: new virtual clock ptp1 [ 195.291263][ T8139] ptp ptp0: guarantee physical clock free running [ 195.452847][ T5826] Bluetooth: hci3: unexpected event 0x07 length: 43 < 255 [ 195.586784][ T3496] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 195.650966][ T8151] netlink: 338 bytes leftover after parsing attributes in process `syz.0.691'. [ 195.703800][ T8151] netlink: 338 bytes leftover after parsing attributes in process `syz.0.691'. [ 195.749000][ T8151] netlink: 338 bytes leftover after parsing attributes in process `syz.0.691'. [ 195.774328][ T8151] netlink: 338 bytes leftover after parsing attributes in process `syz.0.691'. [ 195.836077][ T8159] netlink: 306 bytes leftover after parsing attributes in process `syz.0.691'. [ 195.990364][ T8151] netlink: 338 bytes leftover after parsing attributes in process `syz.0.691'. [ 196.009826][ T8151] netlink: 338 bytes leftover after parsing attributes in process `syz.0.691'. [ 196.037783][ T8151] netlink: 338 bytes leftover after parsing attributes in process `syz.0.691'. [ 196.072355][ T8151] netlink: 338 bytes leftover after parsing attributes in process `syz.0.691'. [ 196.087231][ T5826] Bluetooth: hci1: unexpected event for opcode 0x7c89 [ 196.216654][ T5826] Bluetooth: hci1: unexpected event 0x3e length: 726 > 260 [ 196.216693][ T5826] Bluetooth: hci1: unexpected subevent 0x0d length: 725 > 260 [ 196.231739][ T5826] Bluetooth: hci1: Unknown advertising packet type: 0x7f [ 196.231797][ T5826] Bluetooth: hci1: Malformed LE Event: 0x0d [ 196.536032][ T5826] Bluetooth: hci2: unexpected event for opcode 0x7c89 [ 196.628596][ T30] audit: type=1800 audit(4294967373.638:44): pid=8178 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.700" name="dbroot" dev="configfs" ino=21990 res=0 errno=0 [ 196.681031][ T5826] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 196.681054][ T5826] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 196.695787][ T5826] Bluetooth: hci2: Malformed LE Event: 0x0d [ 196.740358][ T5826] Bluetooth: hci1: unexpected event for opcode 0x7c89 [ 196.853348][ T5826] Bluetooth: hci1: unexpected event 0x3e length: 726 > 260 [ 196.853385][ T5826] Bluetooth: hci1: unexpected subevent 0x0d length: 725 > 260 [ 196.868433][ T5826] Bluetooth: hci1: Malformed LE Event: 0x0d [ 197.521027][ T8191] zswap: compressor not available [ 197.677225][ T30] audit: type=1800 audit(4294967374.688:45): pid=8200 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.705" name="dbroot" dev="configfs" ino=20973 res=0 errno=0 [ 198.309636][ T5826] Bluetooth: hci3: unexpected event for opcode 0x7c89 [ 198.323165][ T8213] netlink: 16 bytes leftover after parsing attributes in process `syz.3.710'. [ 198.379533][ T8213] bridge0: entered promiscuous mode [ 198.412359][ T8213] bridge0: entered allmulticast mode [ 198.542018][ T5826] Bluetooth: hci3: unexpected event 0x3e length: 726 > 260 [ 198.542056][ T5826] Bluetooth: hci3: unexpected subevent 0x0d length: 725 > 260 [ 198.556792][ T5826] bt_err_ratelimited: 8 callbacks suppressed [ 198.556819][ T5826] Bluetooth: hci3: Unknown advertising packet type: 0x7f [ 198.563629][ T5826] Bluetooth: hci3: adv larger than maximum supported [ 198.570830][ T5826] Bluetooth: hci3: Unknown advertising packet type: 0x5f [ 198.577595][ T5826] Bluetooth: hci3: Malformed LE Event: 0x0d [ 198.631793][ T5826] Bluetooth: hci1: unexpected event for opcode 0x7c89 [ 198.699508][ T8223] sd 0:0:1:0: PR command failed: 1026 [ 198.719338][ T8223] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 198.726160][ T8223] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 198.745199][ T5826] Bluetooth: hci1: unexpected event 0x3e length: 726 > 260 [ 198.745232][ T5826] Bluetooth: hci1: unexpected subevent 0x0d length: 725 > 260 [ 198.760062][ T5826] Bluetooth: hci1: Unknown advertising packet type: 0x7f [ 198.760092][ T5826] Bluetooth: hci1: adv larger than maximum supported [ 198.767187][ T5826] Bluetooth: hci1: Unknown advertising packet type: 0x5f [ 198.773899][ T5826] Bluetooth: hci1: Malformed LE Event: 0x0d [ 199.304872][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 199.311306][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 199.819982][ T5826] Bluetooth: hci0: unexpected event for opcode 0x7c89 [ 199.949008][ T5826] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 199.949044][ T5826] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 199.964033][ T5826] Bluetooth: hci0: Unknown advertising packet type: 0x7f [ 199.964064][ T5826] Bluetooth: hci0: adv larger than maximum supported [ 199.971196][ T5826] Bluetooth: hci0: Unknown advertising packet type: 0x5f [ 199.980074][ T5826] Bluetooth: hci0: Malformed LE Event: 0x0d [ 200.323973][ T8265] FAULT_INJECTION: forcing a failure. [ 200.323973][ T8265] name failslab, interval 1, probability 0, space 0, times 0 [ 200.336976][ T5826] Bluetooth: hci0: unexpected event for opcode 0x7c89 [ 200.379801][ T8265] CPU: 1 UID: 0 PID: 8265 Comm: syz.3.725 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 200.379863][ T8265] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 200.379879][ T8265] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 200.379897][ T8265] Call Trace: [ 200.379906][ T8265] [ 200.379916][ T8265] dump_stack_lvl+0x100/0x190 [ 200.379962][ T8265] should_fail_ex.cold+0x5/0xa [ 200.379993][ T8265] should_failslab+0xc2/0x120 [ 200.380027][ T8265] __kmalloc_cache_noprof+0x80/0x810 [ 200.380071][ T8265] ? v9fs_init_fs_context+0x47/0x590 [ 200.380109][ T8265] ? v9fs_init_fs_context+0x47/0x590 [ 200.380137][ T8265] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 200.380175][ T8265] v9fs_init_fs_context+0x47/0x590 [ 200.380207][ T8265] alloc_fs_context+0x60c/0xf40 [ 200.380247][ T8265] __x64_sys_fsopen+0xed/0x220 [ 200.380287][ T8265] do_syscall_64+0x106/0xf80 [ 200.380312][ T8265] ? clear_bhb_loop+0x40/0x90 [ 200.380344][ T8265] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 200.380370][ T8265] RIP: 0033:0x7fae69f9bf79 [ 200.380391][ T8265] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 200.380418][ T8265] RSP: 002b:00007fae6af0b028 EFLAGS: 00000246 ORIG_RAX: 00000000000001ae [ 200.380453][ T8265] RAX: ffffffffffffffda RBX: 00007fae6a216090 RCX: 00007fae69f9bf79 [ 200.380472][ T8265] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 200.380489][ T8265] RBP: 00007fae6a0327e0 R08: 0000000000000000 R09: 0000000000000000 [ 200.380506][ T8265] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 200.380523][ T8265] R13: 00007fae6a216128 R14: 00007fae6a216090 R15: 00007ffc0e6b7b58 [ 200.380561][ T8265] [ 200.737038][ T30] audit: type=1800 audit(4294967377.650:46): pid=8270 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.723" name="dbroot" dev="configfs" ino=22218 res=0 errno=0 [ 200.847488][ T5826] Bluetooth: hci2: unexpected event for opcode 0x7c89 [ 200.858755][ T5826] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 200.858787][ T5826] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 200.881218][ T5826] Bluetooth: hci0: Unknown advertising packet type: 0x7f [ 200.881274][ T5826] Bluetooth: hci0: Malformed LE Event: 0x0d [ 201.019704][ T5826] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 201.019740][ T5826] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 201.055869][ T5826] Bluetooth: hci2: Malformed LE Event: 0x0d [ 201.363923][ T8280] __nla_validate_parse: 1 callbacks suppressed [ 201.363938][ T8280] netlink: 28 bytes leftover after parsing attributes in process `syz.3.730'. [ 201.415653][ T8280] veth1_macvtap: entered allmulticast mode [ 201.874319][ T5826] Bluetooth: hci1: unexpected event for opcode 0x7c89 [ 201.958107][ T5826] Bluetooth: hci1: unexpected event 0x3e length: 726 > 260 [ 201.958130][ T5826] Bluetooth: hci1: unexpected subevent 0x0d length: 725 > 260 [ 201.975402][ T5826] Bluetooth: hci1: Malformed LE Event: 0x0d [ 202.597030][ T5826] Bluetooth: hci2: unexpected event for opcode 0x7c89 [ 202.753497][ T5826] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 202.753540][ T5826] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 202.770814][ T5826] Bluetooth: hci2: Malformed LE Event: 0x0d [ 203.307921][ T30] audit: type=1800 audit(4294967380.331:47): pid=8325 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.742" name="dbroot" dev="configfs" ino=21301 res=0 errno=0 [ 204.095926][ T5826] Bluetooth: hci0: unexpected event for opcode 0x7c89 [ 204.231875][ T5826] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 204.231940][ T5826] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 204.246870][ T5826] bt_err_ratelimited: 11 callbacks suppressed [ 204.246888][ T5826] Bluetooth: hci0: Unknown advertising packet type: 0x7f [ 204.252978][ T5826] Bluetooth: hci0: adv larger than maximum supported [ 204.260082][ T5826] Bluetooth: hci0: Unknown advertising packet type: 0x5f [ 204.266899][ T5826] Bluetooth: hci0: Malformed LE Event: 0x0d [ 204.368187][ T30] audit: type=1800 audit(4294967381.382:48): pid=8339 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.745" name="dbroot" dev="configfs" ino=21326 res=0 errno=0 [ 204.690785][ T8346] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 204.739233][ T8344] FAULT_INJECTION: forcing a failure. [ 204.739233][ T8344] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 204.782765][ T8344] CPU: 1 UID: 0 PID: 8344 Comm: syz.0.747 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 204.782799][ T8344] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 204.782808][ T8344] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 204.782817][ T8344] Call Trace: [ 204.782822][ T8344] [ 204.782828][ T8344] dump_stack_lvl+0x100/0x190 [ 204.782853][ T8344] should_fail_ex.cold+0x5/0xa [ 204.782867][ T8344] ? prepare_alloc_pages+0x16d/0x5f0 [ 204.782889][ T8344] should_fail_alloc_page+0xeb/0x140 [ 204.782907][ T8344] prepare_alloc_pages+0x1f0/0x5f0 [ 204.782926][ T8344] ? rcu_is_watching+0x12/0xc0 [ 204.782946][ T8344] __alloc_frozen_pages_noprof+0x193/0x2410 [ 204.782964][ T8344] ? rcu_is_watching+0x12/0xc0 [ 204.782981][ T8344] ? trace_mm_page_alloc+0x10e/0x160 [ 204.783000][ T8344] ? __alloc_frozen_pages_noprof+0x2a0/0x2410 [ 204.783016][ T8344] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 204.783033][ T8344] ? is_bpf_text_address+0x8a/0x1a0 [ 204.783049][ T8344] ? is_bpf_text_address+0x8a/0x1a0 [ 204.783066][ T8344] ? bpf_ksym_find+0x124/0x1c0 [ 204.783088][ T8344] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 204.783102][ T8344] ? is_bpf_text_address+0x94/0x1a0 [ 204.783128][ T8344] ? __kernel_text_address+0xd/0x30 [ 204.783146][ T8344] ? unwind_get_return_address+0x59/0xa0 [ 204.783174][ T8344] alloc_pages_bulk_noprof+0x777/0x1500 [ 204.783190][ T8344] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 204.783215][ T8344] ? __pfx_alloc_pages_bulk_noprof+0x10/0x10 [ 204.783230][ T8344] ? kasan_save_stack+0x30/0x50 [ 204.783244][ T8344] ? __kasan_kmalloc+0xaa/0xb0 [ 204.783263][ T8344] ? alloc_pages_noprof+0x233/0x390 [ 204.783282][ T8344] __kasan_populate_vmalloc+0xf0/0x210 [ 204.783300][ T8344] alloc_vmap_area+0x935/0x2a00 [ 204.783325][ T8344] ? __pfx_alloc_vmap_area+0x10/0x10 [ 204.783348][ T8344] __get_vm_area_node+0x1ca/0x330 [ 204.783373][ T8344] __vmalloc_node_range_noprof+0x213/0x1530 [ 204.783396][ T8344] ? kernel_clone+0xfc/0x930 [ 204.783414][ T8344] ? kernel_clone+0xfc/0x930 [ 204.783432][ T8344] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 204.783458][ T8344] ? rcu_is_watching+0x12/0xc0 [ 204.783475][ T8344] ? trace_kmem_cache_alloc+0x80/0xb0 [ 204.783494][ T8344] ? kernel_clone+0xfc/0x930 [ 204.783506][ T8344] __vmalloc_node_noprof+0xad/0xf0 [ 204.783526][ T8344] ? kernel_clone+0xfc/0x930 [ 204.783541][ T8344] copy_process+0x5ec/0x79b0 [ 204.783556][ T8344] ? __pfx___futex_wait+0x10/0x10 [ 204.783580][ T8344] ? __pfx_copy_process+0x10/0x10 [ 204.783602][ T8344] kernel_clone+0xfc/0x930 [ 204.783614][ T8344] ? __pfx_futex_wait+0x10/0x10 [ 204.783632][ T8344] ? __pfx_kernel_clone+0x10/0x10 [ 204.783656][ T8344] __do_sys_clone+0xd9/0x120 [ 204.783670][ T8344] ? __pfx___do_sys_clone+0x10/0x10 [ 204.783684][ T8344] ? __fget_files+0x21f/0x3d0 [ 204.783704][ T8344] ? xfd_validate_state+0x129/0x190 [ 204.783728][ T8344] do_syscall_64+0x106/0xf80 [ 204.783752][ T8344] ? clear_bhb_loop+0x40/0x90 [ 204.783785][ T8344] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 204.783813][ T8344] RIP: 0033:0x7f809059bf79 [ 204.783828][ T8344] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 204.783843][ T8344] RSP: 002b:00007f808e7edfd8 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 204.783858][ T8344] RAX: ffffffffffffffda RBX: 00007f8090815fa0 RCX: 00007f809059bf79 [ 204.783868][ T8344] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 204.783877][ T8344] RBP: 00007f80906327e0 R08: 0000000000000000 R09: 0000000000000000 [ 204.783886][ T8344] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 204.783895][ T8344] R13: 00007f8090816038 R14: 00007f8090815fa0 R15: 00007ffeeb852498 [ 204.783914][ T8344] [ 205.175891][ T8344] syz.0.747: vmalloc error: size 32768, vm_struct allocation failed, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 205.219812][ T8344] CPU: 0 UID: 0 PID: 8344 Comm: syz.0.747 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 205.219875][ T8344] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 205.219891][ T8344] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 205.219908][ T8344] Call Trace: [ 205.219917][ T8344] [ 205.219927][ T8344] dump_stack_lvl+0x100/0x190 [ 205.219972][ T8344] warn_alloc.cold+0x95/0x1c1 [ 205.220021][ T8344] ? __pfx_warn_alloc+0x10/0x10 [ 205.220064][ T8344] ? __get_vm_area_node+0x2c5/0x330 [ 205.220100][ T8344] ? __get_vm_area_node+0x208/0x330 [ 205.220146][ T8344] __vmalloc_node_range_noprof+0xbf4/0x1530 [ 205.220197][ T8344] ? kernel_clone+0xfc/0x930 [ 205.220235][ T8344] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 205.220287][ T8344] ? rcu_is_watching+0x12/0xc0 [ 205.220324][ T8344] ? trace_kmem_cache_alloc+0x80/0xb0 [ 205.220361][ T8344] ? kernel_clone+0xfc/0x930 [ 205.220385][ T8344] __vmalloc_node_noprof+0xad/0xf0 [ 205.220424][ T8344] ? kernel_clone+0xfc/0x930 [ 205.220461][ T8344] copy_process+0x5ec/0x79b0 [ 205.220490][ T8344] ? __pfx___futex_wait+0x10/0x10 [ 205.220538][ T8344] ? __pfx_copy_process+0x10/0x10 [ 205.220582][ T8344] kernel_clone+0xfc/0x930 [ 205.220607][ T8344] ? __pfx_futex_wait+0x10/0x10 [ 205.220641][ T8344] ? __pfx_kernel_clone+0x10/0x10 [ 205.220688][ T8344] __do_sys_clone+0xd9/0x120 [ 205.220716][ T8344] ? __pfx___do_sys_clone+0x10/0x10 [ 205.220744][ T8344] ? __fget_files+0x21f/0x3d0 [ 205.220785][ T8344] ? xfd_validate_state+0x129/0x190 [ 205.220837][ T8344] do_syscall_64+0x106/0xf80 [ 205.220865][ T8344] ? clear_bhb_loop+0x40/0x90 [ 205.220900][ T8344] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 205.220928][ T8344] RIP: 0033:0x7f809059bf79 [ 205.220951][ T8344] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 205.220983][ T8344] RSP: 002b:00007f808e7edfd8 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 205.221011][ T8344] RAX: ffffffffffffffda RBX: 00007f8090815fa0 RCX: 00007f809059bf79 [ 205.221031][ T8344] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 205.221048][ T8344] RBP: 00007f80906327e0 R08: 0000000000000000 R09: 0000000000000000 [ 205.221065][ T8344] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 205.221081][ T8344] R13: 00007f8090816038 R14: 00007f8090815fa0 R15: 00007ffeeb852498 [ 205.221119][ T8344] [ 205.221204][ T8344] Mem-Info: [ 205.594718][ T8349] netlink: 330 bytes leftover after parsing attributes in process `syz.3.749'. [ 205.676442][ T8344] active_anon:48839 inactive_anon:0 isolated_anon:0 [ 205.676442][ T8344] active_file:17538 inactive_file:40940 isolated_file:0 [ 205.676442][ T8344] unevictable:768 dirty:446 writeback:0 [ 205.676442][ T8344] slab_reclaimable:11499 slab_unreclaimable:91547 [ 205.676442][ T8344] mapped:40687 shmem:37860 pagetables:1353 [ 205.676442][ T8344] sec_pagetables:0 bounce:0 [ 205.676442][ T8344] kernel_misc_reclaimable:0 [ 205.676442][ T8344] free:1272171 free_pcp:23967 free_cma:0 [ 205.749113][ T5826] Bluetooth: hci1: unexpected event for opcode 0x7c89 [ 205.769493][ T8344] Node 0 active_anon:199444kB inactive_anon:0kB active_file:70152kB inactive_file:163556kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:163648kB dirty:1764kB writeback:0kB shmem:149504kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:26624kB kernel_stack:11892kB pagetables:5056kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 205.804943][ T8344] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:20kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:32kB pagetables:156kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 205.863352][ T8344] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 205.903260][ T8344] lowmem_reserve[]: 0 2479 2480 2480 2480 [ 205.913493][ T8344] Node 0 DMA32 free:1183172kB boost:0kB min:34316kB low:42892kB high:51468kB reserved_highatomic:0KB free_highatomic:0KB active_anon:198984kB inactive_anon:0kB active_file:70152kB inactive_file:163556kB unevictable:1536kB writepending:1820kB zspages:0kB present:3129332kB managed:2539016kB mlocked:0kB bounce:0kB free_pcp:81292kB local_pcp:30796kB free_cma:0kB [ 205.949788][ T5826] Bluetooth: hci1: unexpected event 0x3e length: 726 > 260 [ 205.949824][ T5826] Bluetooth: hci1: unexpected subevent 0x0d length: 725 > 260 [ 205.953927][ T8344] lowmem_reserve[]: [ 205.957362][ T5826] Bluetooth: hci1: Unknown advertising packet type: 0x7f [ 205.970291][ T5826] Bluetooth: hci1: adv larger than maximum supported [ 205.977596][ T5826] Bluetooth: hci1: Unknown advertising packet type: 0x5f [ 205.984407][ T5826] Bluetooth: hci1: Malformed LE Event: 0x0d [ 206.021917][ T8344] 0 0 1 1 1 [ 206.043484][ T8344] Node 0 Normal free:0kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:1368kB mlocked:0kB bounce:0kB free_pcp:4kB local_pcp:0kB free_cma:0kB [ 206.143694][ T5826] Bluetooth: hci2: unexpected event for opcode 0x7c89 [ 206.174946][ T8344] lowmem_reserve[]: 0 0 0 0 0 [ 206.179721][ T8344] Node 1 Normal free:3890108kB boost:0kB min:55564kB low:69452kB high:83340kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB writepending:20kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:11608kB local_pcp:248kB free_cma:0kB [ 206.278460][ T8344] lowmem_reserve[]: 0 0 0 0 0 [ 206.288573][ T8344] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 206.311873][ T8344] Node 0 DMA32: 4578*4kB (UM) 2218*8kB (UM) 1113*16kB (UME) 314*32kB (UM) 81*64kB (UME) 25*128kB (UME) 14*256kB (UM) 12*512kB (UME) 11*1024kB (U) 10*2048kB (UM) 264*4096kB (UM) = 1195112kB [ 206.316119][ T5826] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 206.330882][ T5826] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 206.349773][ T5826] Bluetooth: hci2: Unknown advertising packet type: 0x7f [ 206.349808][ T5826] Bluetooth: hci2: adv larger than maximum supported [ 206.356887][ T5826] Bluetooth: hci2: Unknown advertising packet type: 0x5f [ 206.363673][ T5826] Bluetooth: hci2: Malformed LE Event: 0x0d [ 206.419242][ T8344] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 206.476793][ T8344] Node 1 Normal: 62*4kB (UME) 49*8kB (UME) 58*16kB (UME) 193*32kB (UME) 80*64kB (UME) 17*128kB (UME) 4*256kB (UME) 4*512kB (UME) 3*1024kB (UME) 3*2048kB (UE) 943*4096kB (M) = 3889856kB [ 206.562785][ T8344] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 206.579637][ T8344] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 206.599202][ T8344] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 206.619292][ T8344] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 206.639051][ T8344] 90643 total pagecache pages [ 206.655441][ T8344] 0 pages in swap cache [ 206.659608][ T8344] Free swap = 124996kB [ 206.693835][ T8367] zswap: compressor not available [ 206.722978][ T8344] Total swap = 124996kB [ 206.727154][ T8344] 2097051 pages RAM [ 206.730968][ T8344] 0 pages HighMem/MovableOnly [ 206.780347][ T8344] 430340 pages reserved [ 206.799445][ T8344] 0 pages cma reserved [ 206.886370][ T5826] Bluetooth: hci2: unexpected event for opcode 0x7c89 [ 206.971124][ T8379] netlink: 4 bytes leftover after parsing attributes in process `syz.0.758'. [ 206.982074][ T8379] netlink: 25 bytes leftover after parsing attributes in process `syz.0.758'. [ 207.065589][ T5826] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 207.065625][ T5826] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 207.086667][ T5826] Bluetooth: hci2: Unknown advertising packet type: 0x7f [ 207.086727][ T5826] Bluetooth: hci2: Malformed LE Event: 0x0d [ 207.490328][ T8386] netlink: 9 bytes leftover after parsing attributes in process `syz.2.760'. [ 207.848731][ T8401] netlink: 338 bytes leftover after parsing attributes in process `syz.2.763'. [ 208.161529][ T8406] FAULT_INJECTION: forcing a failure. [ 208.161529][ T8406] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 208.183176][ T8406] CPU: 1 UID: 0 PID: 8406 Comm: syz.2.765 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 208.183241][ T8406] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 208.183257][ T8406] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 208.183274][ T8406] Call Trace: [ 208.183283][ T8406] [ 208.183293][ T8406] dump_stack_lvl+0x100/0x190 [ 208.183337][ T8406] should_fail_ex.cold+0x5/0xa [ 208.183369][ T8406] _copy_from_user+0x2e/0xd0 [ 208.183399][ T8406] btf_new_fd+0x756/0x5670 [ 208.183446][ T8406] ? __lock_acquire+0x4a5/0x2630 [ 208.183477][ T8406] ? futex_unqueue+0x13d/0x2c0 [ 208.183527][ T8406] ? __pfx_btf_new_fd+0x10/0x10 [ 208.183568][ T8406] ? apparmor_capable+0x1d7/0x4e0 [ 208.183609][ T8406] ? bpf_lsm_capable+0x9/0x10 [ 208.183641][ T8406] ? security_capable+0x80/0x260 [ 208.183680][ T8406] ? ns_capable+0xd2/0xf0 [ 208.183721][ T8406] __sys_bpf+0x1b63/0x4b90 [ 208.183764][ T8406] ? __pfx___sys_bpf+0x10/0x10 [ 208.183803][ T8406] ? __pfx_futex_wait+0x10/0x10 [ 208.183841][ T8406] ? __fget_files+0x215/0x3d0 [ 208.183878][ T8406] ? do_futex+0x192/0x350 [ 208.183927][ T8406] ? xfd_validate_state+0x129/0x190 [ 208.183970][ T8406] __x64_sys_bpf+0x7b/0xc0 [ 208.184019][ T8406] ? lockdep_hardirqs_on+0x78/0x100 [ 208.184048][ T8406] do_syscall_64+0x106/0xf80 [ 208.184074][ T8406] ? clear_bhb_loop+0x40/0x90 [ 208.184109][ T8406] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 208.184135][ T8406] RIP: 0033:0x7fd439d9bf79 [ 208.184158][ T8406] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 208.184186][ T8406] RSP: 002b:00007fd43ab79028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 208.184213][ T8406] RAX: ffffffffffffffda RBX: 00007fd43a015fa0 RCX: 00007fd439d9bf79 [ 208.184232][ T8406] RDX: 0000000000000026 RSI: 0000200000000040 RDI: 0000000000000012 [ 208.184249][ T8406] RBP: 00007fd439e327e0 R08: 0000000000000000 R09: 0000000000000000 [ 208.184265][ T8406] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 208.184282][ T8406] R13: 00007fd43a016038 R14: 00007fd43a015fa0 R15: 00007ffd9b46a648 [ 208.184319][ T8406] [ 208.733995][ T5826] Bluetooth: hci0: unexpected event for opcode 0x7c89 [ 208.847373][ T5826] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 208.847412][ T5826] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 208.863478][ T5826] Bluetooth: hci0: Malformed LE Event: 0x0d [ 208.924988][ T30] audit: type=1800 audit(4294967385.954:49): pid=8417 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.770" name="dbroot" dev="configfs" ino=23583 res=0 errno=0 [ 209.410290][ T5826] Bluetooth: hci0: unexpected event for opcode 0x7c89 [ 209.585879][ T5826] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 209.585910][ T5826] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 209.601263][ T5826] bt_err_ratelimited: 5 callbacks suppressed [ 209.601280][ T5826] Bluetooth: hci0: Unknown advertising packet type: 0x7f [ 209.607531][ T5826] Bluetooth: hci0: adv larger than maximum supported [ 209.614910][ T5826] Bluetooth: hci0: Unknown advertising packet type: 0x5f [ 209.624663][ T5826] Bluetooth: hci0: Malformed LE Event: 0x0d [ 210.015236][ T30] audit: type=1800 audit(4294967387.034:50): pid=8440 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.783" name="dbroot" dev="configfs" ino=23606 res=0 errno=0 [ 211.114997][ T5826] Bluetooth: hci1: unexpected event for opcode 0x7c89 [ 211.191484][ T5826] Bluetooth: hci1: unexpected event 0x3e length: 726 > 260 [ 211.191521][ T5826] Bluetooth: hci1: unexpected subevent 0x0d length: 725 > 260 [ 211.206355][ T5826] Bluetooth: hci1: Unknown advertising packet type: 0x7f [ 211.206382][ T5826] Bluetooth: hci1: adv larger than maximum supported [ 211.213474][ T5826] Bluetooth: hci1: Unknown advertising packet type: 0x5f [ 211.220187][ T5826] Bluetooth: hci1: Malformed LE Event: 0x0d [ 211.493293][ T30] audit: type=1800 audit(4294967388.525:51): pid=8477 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.789" name="dbroot" dev="configfs" ino=22890 res=0 errno=0 [ 211.722658][ T5826] Bluetooth: hci3: unexpected event for opcode 0x7c89 [ 211.845569][ T5826] Bluetooth: hci3: unexpected event 0x3e length: 726 > 260 [ 211.845605][ T5826] Bluetooth: hci3: unexpected subevent 0x0d length: 725 > 260 [ 211.860406][ T5826] Bluetooth: hci3: Unknown advertising packet type: 0x7f [ 211.860435][ T5826] Bluetooth: hci3: adv larger than maximum supported [ 211.867471][ T5826] Bluetooth: hci3: Unknown advertising packet type: 0x5f [ 211.874245][ T5826] Bluetooth: hci3: Malformed LE Event: 0x0d [ 212.390551][ T5826] Bluetooth: hci0: unexpected event for opcode 0x7c89 [ 212.462109][ T5826] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 212.462147][ T5826] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 212.477467][ T5826] Bluetooth: hci0: Unknown advertising packet type: 0x7f [ 212.477530][ T5826] Bluetooth: hci0: Malformed LE Event: 0x0d [ 212.834983][ T5826] Bluetooth: hci0: unexpected event for opcode 0x7c89 [ 212.851813][ T8509] netlink: set zone limit has 8 unknown bytes [ 212.866309][ T8509] netlink: zone id is out of range [ 212.934604][ T8516] FAULT_INJECTION: forcing a failure. [ 212.934604][ T8516] name fail_futex, interval 1, probability 0, space 0, times 1 [ 212.969284][ T5826] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 212.969319][ T5826] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 212.969925][ T8516] CPU: 0 UID: 0 PID: 8516 Comm: syz.2.806 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 212.969982][ T8516] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 212.969998][ T8516] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 212.970014][ T8516] Call Trace: [ 212.970023][ T8516] [ 212.970033][ T8516] dump_stack_lvl+0x100/0x190 [ 212.970076][ T8516] should_fail_ex.cold+0x5/0xa [ 212.970107][ T8516] get_futex_key+0x1d2/0x1620 [ 212.970154][ T8516] ? __pfx_get_futex_key+0x10/0x10 [ 212.970194][ T8516] ? find_held_lock+0x2b/0x80 [ 212.970229][ T8516] ? futex_wake+0x456/0x530 [ 212.970268][ T8516] futex_wake+0xea/0x530 [ 212.970302][ T8516] ? __pfx_futex_wake+0x10/0x10 [ 212.970337][ T8516] ? rcu_is_watching+0x12/0xc0 [ 212.970379][ T8516] do_futex+0x32b/0x350 [ 212.970405][ T8516] ? __pfx_do_futex+0x10/0x10 [ 212.970441][ T8516] __x64_sys_futex+0x34f/0x4d0 [ 212.970470][ T8516] ? fdget_pos+0x2c0/0x380 [ 212.970500][ T8516] ? __pfx___x64_sys_futex+0x10/0x10 [ 212.970526][ T8516] ? ksys_write+0x1ac/0x250 [ 212.970552][ T8516] ? __pfx_ksys_write+0x10/0x10 [ 212.970588][ T8516] do_syscall_64+0x106/0xf80 [ 212.970614][ T8516] ? clear_bhb_loop+0x40/0x90 [ 212.970646][ T8516] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 212.970673][ T8516] RIP: 0033:0x7fd439d9bf79 [ 212.970694][ T8516] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 212.970721][ T8516] RSP: 002b:00007fd43ab790e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 212.970747][ T8516] RAX: ffffffffffffffda RBX: 00007fd43a015fa8 RCX: 00007fd439d9bf79 [ 212.970765][ T8516] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fd43a015fac [ 212.970782][ T8516] RBP: 00007fd43a015fa0 R08: 0000000000000000 R09: 0000000000000000 [ 212.970799][ T8516] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000 [ 212.970821][ T8516] R13: 00007fd43a016038 R14: 00007ffd9b46a560 R15: 00007ffd9b46a648 [ 212.970859][ T8516] [ 213.187240][ T5826] Bluetooth: hci0: Malformed LE Event: 0x0d [ 213.280312][ T30] audit: type=1800 audit(4294967390.296:52): pid=8522 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.807" name="dbroot" dev="configfs" ino=22977 res=0 errno=0 [ 214.427257][ T5826] Bluetooth: hci0: unexpected event for opcode 0x7c89 [ 214.553655][ T5826] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 214.553678][ T5826] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 214.568432][ T5826] Bluetooth: hci0: Malformed LE Event: 0x0d [ 215.254128][ T5826] Bluetooth: hci1: unexpected event for opcode 0x7c89 [ 215.365823][ T5826] Bluetooth: hci1: unexpected event 0x3e length: 726 > 260 [ 215.365859][ T5826] Bluetooth: hci1: unexpected subevent 0x0d length: 725 > 260 [ 215.380702][ T5826] bt_err_ratelimited: 8 callbacks suppressed [ 215.380722][ T5826] Bluetooth: hci1: Unknown advertising packet type: 0x7f [ 215.386725][ T5826] Bluetooth: hci1: adv larger than maximum supported [ 215.393808][ T5826] Bluetooth: hci1: Unknown advertising packet type: 0x5f [ 215.404368][ T5826] Bluetooth: hci1: Malformed LE Event: 0x0d [ 215.696666][ T5826] Bluetooth: hci2: unexpected event for opcode 0x7c89 [ 215.813873][ T5826] Bluetooth: hci1: unexpected event for opcode 0x7c89 [ 215.848528][ T5826] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 215.848588][ T5826] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 215.863780][ T5826] Bluetooth: hci2: Unknown advertising packet type: 0x7f [ 215.863812][ T5826] Bluetooth: hci2: adv larger than maximum supported [ 215.871112][ T5826] Bluetooth: hci2: Unknown advertising packet type: 0x5f [ 215.877933][ T5826] Bluetooth: hci2: Malformed LE Event: 0x0d [ 216.021954][ T5826] Bluetooth: hci1: unexpected event 0x3e length: 726 > 260 [ 216.021993][ T5826] Bluetooth: hci1: unexpected subevent 0x0d length: 725 > 260 [ 216.036811][ T5826] Bluetooth: hci1: Unknown advertising packet type: 0x7f [ 216.036844][ T5826] Bluetooth: hci1: adv larger than maximum supported [ 216.045079][ T5826] Bluetooth: hci1: Unknown advertising packet type: 0x5f [ 216.052257][ T5826] Bluetooth: hci1: Malformed LE Event: 0x0d [ 216.395210][ T5826] Bluetooth: hci3: unexpected event for opcode 0x7c89 [ 216.536021][ T5826] Bluetooth: hci3: unexpected event 0x3e length: 726 > 260 [ 216.536060][ T5826] Bluetooth: hci3: unexpected subevent 0x0d length: 725 > 260 [ 216.553124][ T5826] Bluetooth: hci3: Unknown advertising packet type: 0x7f [ 216.553189][ T5826] Bluetooth: hci3: Malformed LE Event: 0x0d [ 216.889748][ T8586] zswap: compressor not available [ 217.298556][ T30] audit: type=1800 audit(4294967298.530:53): pid=8596 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.830" name="dbroot" dev="configfs" ino=23964 res=0 errno=0 [ 217.590366][ T5826] Bluetooth: hci1: unexpected event for opcode 0x7c89 [ 217.716350][ T5826] Bluetooth: hci1: unexpected event 0x3e length: 726 > 260 [ 217.716393][ T5826] Bluetooth: hci1: unexpected subevent 0x0d length: 725 > 260 [ 217.731182][ T5826] Bluetooth: hci1: Malformed LE Event: 0x0d [ 218.174129][ T5826] Bluetooth: hci3: unexpected event for opcode 0x7c89 [ 218.307687][ T5826] Bluetooth: hci3: unexpected event 0x3e length: 726 > 260 [ 218.307721][ T5826] Bluetooth: hci3: unexpected subevent 0x0d length: 725 > 260 [ 218.322518][ T5826] Bluetooth: hci3: Malformed LE Event: 0x0d [ 218.597665][ T5826] Bluetooth: hci0: unexpected event for opcode 0x7c89 [ 218.614945][ T8618] netlink: 8 bytes leftover after parsing attributes in process `syz.1.838'. [ 218.645444][ T5826] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 218.645482][ T5826] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 218.659497][ T5835] Bluetooth: hci3: unexpected event for opcode 0x7c89 [ 218.667305][ T5826] Bluetooth: hci0: Malformed LE Event: 0x0d [ 218.700556][ T8618] netlink: 8 bytes leftover after parsing attributes in process `syz.1.838'. [ 218.822141][ T5826] Bluetooth: hci3: unexpected event 0x3e length: 726 > 260 [ 218.822186][ T5826] Bluetooth: hci3: unexpected subevent 0x0d length: 725 > 260 [ 218.837044][ T5826] Bluetooth: hci3: Malformed LE Event: 0x0d [ 219.033187][ T5826] Bluetooth: hci1: unexpected event for opcode 0x7c89 [ 219.143172][ T30] audit: type=1800 audit(4294967300.330:54): pid=8630 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.842" name="dbroot" dev="configfs" ino=24128 res=0 errno=0 [ 219.172147][ T5826] Bluetooth: hci1: unexpected event 0x3e length: 726 > 260 [ 219.172211][ T5826] Bluetooth: hci1: unexpected subevent 0x0d length: 725 > 260 [ 219.187126][ T5826] Bluetooth: hci1: Malformed LE Event: 0x0d [ 219.537096][ T8633] netlink: 25 bytes leftover after parsing attributes in process `syz.2.844'. [ 220.001206][ T8642] FAULT_INJECTION: forcing a failure. [ 220.001206][ T8642] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 220.049446][ T8642] CPU: 0 UID: 0 PID: 8642 Comm: syz.2.848 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 220.049507][ T8642] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 220.049523][ T8642] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 220.049539][ T8642] Call Trace: [ 220.049548][ T8642] [ 220.049559][ T8642] dump_stack_lvl+0x100/0x190 [ 220.049603][ T8642] should_fail_ex.cold+0x5/0xa [ 220.049628][ T8642] ? prepare_alloc_pages+0x16d/0x5f0 [ 220.049668][ T8642] should_fail_alloc_page+0xeb/0x140 [ 220.049704][ T8642] prepare_alloc_pages+0x1f0/0x5f0 [ 220.049747][ T8642] __alloc_frozen_pages_noprof+0x193/0x2410 [ 220.049777][ T8642] ? stack_trace_save+0x8e/0xc0 [ 220.049816][ T8642] ? __pfx_stack_trace_save+0x10/0x10 [ 220.049856][ T8642] ? stack_depot_save_flags+0x27/0x9d0 [ 220.049888][ T8642] ? __lock_acquire+0x4a5/0x2630 [ 220.049918][ T8642] ? kasan_save_stack+0x3f/0x50 [ 220.049946][ T8642] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 220.049973][ T8642] ? copy_time_ns+0xf6/0x800 [ 220.050009][ T8642] ? unshare_nsproxy_namespaces+0xc3/0x1f0 [ 220.050050][ T8642] ? __x64_sys_unshare+0x31/0x40 [ 220.050078][ T8642] ? do_syscall_64+0x106/0xf80 [ 220.050104][ T8642] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 220.050149][ T8642] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 220.050187][ T8642] ? policy_nodemask+0xed/0x4f0 [ 220.050223][ T8642] alloc_pages_mpol+0x1fb/0x550 [ 220.050259][ T8642] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 220.050302][ T8642] alloc_pages_noprof+0x131/0x390 [ 220.050339][ T8642] copy_time_ns+0x11a/0x800 [ 220.050373][ T8642] ? copy_cgroup_ns+0x71/0x970 [ 220.050422][ T8642] create_new_namespaces+0x48a/0xac0 [ 220.050474][ T8642] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 220.050518][ T8642] ksys_unshare+0x455/0xab0 [ 220.050549][ T8642] ? __pfx_ksys_unshare+0x10/0x10 [ 220.050578][ T8642] ? xfd_validate_state+0x129/0x190 [ 220.050623][ T8642] __x64_sys_unshare+0x31/0x40 [ 220.050651][ T8642] do_syscall_64+0x106/0xf80 [ 220.050677][ T8642] ? clear_bhb_loop+0x40/0x90 [ 220.050710][ T8642] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 220.050737][ T8642] RIP: 0033:0x7fd439d9bf79 [ 220.050759][ T8642] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 220.050786][ T8642] RSP: 002b:00007fd43ab79028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 220.050812][ T8642] RAX: ffffffffffffffda RBX: 00007fd43a015fa0 RCX: 00007fd439d9bf79 [ 220.050831][ T8642] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000080 [ 220.050848][ T8642] RBP: 00007fd439e327e0 R08: 0000000000000000 R09: 0000000000000000 [ 220.050865][ T8642] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 220.050882][ T8642] R13: 00007fd43a016038 R14: 00007fd43a015fa0 R15: 00007ffd9b46a648 [ 220.050919][ T8642] [ 220.549660][ T8650] mm ffff888031e54980 task_size 140737488351232 [ 220.549660][ T8650] mmap_base 140190168731648 mmap_legacy_base 47442626437120 [ 220.549660][ T8650] pgd ffff8880299d2000 mm_users 0 mm_count 2 pgtables_bytes 147456 map_count 32 [ 220.549660][ T8650] hiwater_rss 1533 hiwater_vm 5ff2 total_vm 69d4 locked_vm 0 [ 220.549660][ T8650] pinned_vm 0 data_vm 23ba exec_vm 1bd stack_vm 422 [ 220.549660][ T8650] start_code 7f809044b000 end_code 7f8090605101 start_data 7f80907f0000 end_data 7f80907f0000 [ 220.549660][ T8650] start_brk 55556d531000 brk 55556d565000 start_stack 7ffeeb852c30 [ 220.549660][ T8650] arg_start 7ffeeb853f6d arg_end 7ffeeb853f81 env_start 7ffeeb853f81 env_end 7ffeeb853fe9 [ 220.549660][ T8650] binfmt ffffffff8e867080 flags 00000000,840007fd [ 220.549660][ T8650] ioctx_table 0000000000000000 [ 220.549660][ T8650] owner 0000000000000000 exe_file ffff888033488000 [ 220.549660][ T8650] notifier_subscriptions 0000000000000000 [ 220.549660][ T8650] numa_next_scan 4294959279 numa_scan_offset 0 numa_scan_seq 0 [ 220.549660][ T8650] tlb_flush_pending 1 [ 220.549660][ T8650] def_flags: 0x0() [ 220.702124][ T8650] ------------[ cut here ]------------ [ 220.707660][ T8650] kernel BUG at mm/khugepaged.c:438! [ 220.742946][ T8650] Oops: invalid opcode: 0000 [#1] SMP KASAN PTI [ 220.749235][ T8650] CPU: 0 UID: 0 PID: 8650 Comm: syz.0.847 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 220.760034][ T8650] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 220.770096][ T8650] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 220.780159][ T8650] RIP: 0010:__khugepaged_enter+0x30a/0x380 [ 220.785987][ T8650] Code: 64 7e 8e e8 a8 dc 66 ff e8 93 e6 8d ff 5b 5d 41 5c 41 5d 41 5e 41 5f e9 04 6c 04 09 e8 7f e6 8d ff 48 89 df e8 17 33 d9 ff 90 <0f> 0b 48 89 ef e8 dc 51 f8 ff e9 3b fd ff ff e8 f2 52 f8 ff e9 e1 [ 220.805602][ T8650] RSP: 0018:ffffc9001869fba8 EFLAGS: 00010292 [ 220.811669][ T8650] RAX: 000000000000031f RBX: ffff888031e54980 RCX: 0000000000000000 [ 220.819634][ T8650] RDX: 000000000000031f RSI: ffffffff81e5b2c9 RDI: fffff520030d3f1c [ 220.827596][ T8650] RBP: 0000000000000000 R08: 0000000000000005 R09: 0000000000000000 [ 220.835558][ T8650] R10: 0000000080000000 R11: 0000000000000001 R12: 0000000008100177 [ 220.843520][ T8650] R13: ffff888075a9ab50 R14: 0000000000000000 R15: 0000000000000000 [ 220.851483][ T8650] FS: 00007f808e7ee6c0(0000) GS:ffff8881245b1000(0000) knlGS:0000000000000000 [ 220.860411][ T8650] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 220.866992][ T8650] CR2: 00007fb3971eb5a0 CR3: 00000000299d2000 CR4: 00000000003526f0 [ 220.874960][ T8650] Call Trace: [ 220.878230][ T8650] [ 220.881162][ T8650] khugepaged_enter_vma+0x137/0x2c0 [ 220.886368][ T8650] do_huge_pmd_anonymous_page+0x1c8/0x1c00 [ 220.892184][ T8650] ? __pfx_pgd_none+0x10/0x10 [ 220.896861][ T8650] ? __lock_acquire+0x4a5/0x2630 [ 220.901794][ T8650] __handle_mm_fault+0x1e96/0x2b50 [ 220.906934][ T8650] ? reacquire_held_locks+0xce/0x1e0 [ 220.912215][ T8650] ? __pfx___handle_mm_fault+0x10/0x10 [ 220.917686][ T8650] ? lock_vma_under_rcu+0x17c/0x5a0 [ 220.922906][ T8650] handle_mm_fault+0x36d/0xa20 [ 220.927689][ T8650] do_user_addr_fault+0x5a3/0x12f0 [ 220.932815][ T8650] exc_page_fault+0x6f/0xd0 [ 220.937314][ T8650] asm_exc_page_fault+0x26/0x30 [ 220.942170][ T8650] RIP: 0033:0x7f809059bf81 [ 220.946593][ T8650] Code: Unable to access opcode bytes at 0x7f809059bf57. [ 220.953599][ T8650] RSP: 002b:0000000000000006 EFLAGS: 00010217 [ 220.959663][ T8650] RAX: 0000000000000000 RBX: 00007f8090815fa0 RCX: 00007f809059bf79 [ 220.967627][ T8650] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0002000020003b4a [ 220.975589][ T8650] RBP: 00007f80906327e0 R08: 0000000000000103 R09: 0000000000000000 [ 220.983553][ T8650] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 220.991528][ T8650] R13: 00007f8090816038 R14: 00007f8090815fa0 R15: 00007ffeeb852498 [ 220.999514][ T8650] [ 221.002540][ T8650] Modules linked in: [ 221.007908][ T8650] ---[ end trace 0000000000000000 ]--- [ 221.021917][ T8650] RIP: 0010:__khugepaged_enter+0x30a/0x380 [ 221.027920][ T8650] Code: 64 7e 8e e8 a8 dc 66 ff e8 93 e6 8d ff 5b 5d 41 5c 41 5d 41 5e 41 5f e9 04 6c 04 09 e8 7f e6 8d ff 48 89 df e8 17 33 d9 ff 90 <0f> 0b 48 89 ef e8 dc 51 f8 ff e9 3b fd ff ff e8 f2 52 f8 ff e9 e1 [ 221.098917][ T8650] RSP: 0018:ffffc9001869fba8 EFLAGS: 00010292 [ 221.134660][ T8650] RAX: 000000000000031f RBX: ffff888031e54980 RCX: 0000000000000000 [ 221.170633][ T8650] RDX: 000000000000031f RSI: ffffffff81e5b2c9 RDI: fffff520030d3f1c [ 221.217870][ T8654] zswap: compressor 000 not available [ 221.223345][ T8650] RBP: 0000000000000000 R08: 0000000000000005 R09: 0000000000000000 [ 221.239550][ T8650] R10: 0000000080000000 R11: 0000000000000001 R12: 0000000008100177 [ 221.265888][ T8650] R13: ffff888075a9ab50 R14: 0000000000000000 R15: 0000000000000000 [ 221.285312][ T8650] FS: 00007f808e7ee6c0(0000) GS:ffff8881245b1000(0000) knlGS:0000000000000000 [ 221.302252][ T8650] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 221.328285][ T8650] CR2: 0000001b30c0eff8 CR3: 00000000299d2000 CR4: 00000000003526f0 [ 221.336293][ T8650] Kernel panic - not syncing: Fatal exception [ 221.342690][ T8650] Kernel Offset: disabled [ 221.347004][ T8650] Rebooting in 86400 seconds..