last executing test programs: 7.969435874s ago: executing program 2 (id=2330): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x0) write$auto(0xca, &(0x7f0000000140)='\x04\x0e\x06\xd5\x89|d\v\x00\x00@\x00\x81\x00\x00\x00\xf6\xf5\x00\xdf\xff\x00', 0x10) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x14, 0x0, 0x10, 0x70bd2c, 0x25dfdbfd, {0xa, 0x0, 0xa00}}, 0x14}, 0x1, 0x0, 0x0, 0x20008000}, 0x10004010) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB='!\x00\''], 0x1ac}, 0x1, 0x0, 0x0, 0x44}, 0x40090) r0 = socket(0x10, 0x2, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/ram10/queue/max_sectors_kb\x00', 0xe3102, 0x0) sendfile$auto(r1, r1, 0x0, 0x3) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) openat$auto_cpuid_fops_cpuid(0xffffffffffffff9c, &(0x7f0000000500)='/dev/cpu/0/cpuid\x00', 0xad00, 0x0) mount_setattr$auto(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000640)={0x8, 0x100009}, 0x283) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000100)='/dev/pts/ptmx\x00', 0xa0540, 0x0) lstat$auto(0x0, 0x0) ioctl$auto(r2, 0x5419, 0x38) openat$auto_snd_pcm_f_ops_pcm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snd/pcmC1D0p\x00', 0x4000, 0x0) ioctl$auto_FBIO_CURSOR(0xffffffffffffffff, 0xc0684608, &(0x7f00000001c0)={0x6, 0x1, 0x600, &(0x7f0000000240)='!\x00', {0x1003, 0x9b72}, {0x5, 0x3, 0x2, 0x9, 0x4, 0x7f, 0x9, 0x0, {0x1fe, 0xffffff81, 0x0, 0x0, 0x0, 0x0}}}) write$auto(0xca, &(0x7f0000000040)='\x04>\x01\r\xfb\xff\xf6OL\xc8\xbe\x94\xf2\xa2\x00\x00', 0x2d9) sendmmsg$auto(r0, &(0x7f0000000080)={{0x0, 0x8002, &(0x7f00000002c0)={0x0, 0xc4}, 0x2, 0x0, 0x0, 0x1}, 0x5}, 0x3, 0x0) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/platform/serial8250/driver_override\x00', 0x22b42, 0x0) mmap$auto(0x80, 0x5, 0x1, 0x14, r2, 0xe) sendfile$auto(r3, r3, 0x0, 0x4f64a1d2) r4 = socket(0x2a, 0x2, 0x0) r5 = socket(0x2c, 0x80003, 0x0) r6 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/kernel/watchdog\x00', 0x2002, 0x0) sendfile$auto(r6, r6, 0x0, 0x80000000003) sendmsg$auto_NL802154_CMD_SET_SEC_PARAMS(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x44040}, 0x4000) ioctl$auto(r4, 0x8912, 0x38) 7.595078995s ago: executing program 2 (id=2332): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x0) write$auto(0xca, &(0x7f0000000140)='\x04\x0e\x06\xd5\x89|d\v\x00\x00@\x00\x81\x00\x00\x00\xf6\xf5\x00\xdf\xff\x00', 0x10) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x14, 0x0, 0x10, 0x70bd2c, 0x25dfdbfd, {0xa, 0x0, 0xa00}}, 0x14}, 0x1, 0x0, 0x0, 0x20008000}, 0x10004010) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB='!\x00\''], 0x1ac}, 0x1, 0x0, 0x0, 0x44}, 0x40090) r0 = socket(0x10, 0x2, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/ram10/queue/max_sectors_kb\x00', 0xe3102, 0x0) sendfile$auto(r1, r1, 0x0, 0x3) unshare$auto(0x40000080) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) openat$auto_cpuid_fops_cpuid(0xffffffffffffff9c, &(0x7f0000000500)='/dev/cpu/0/cpuid\x00', 0xad00, 0x0) mount_setattr$auto(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000640)={0x8, 0x100009}, 0x283) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000100)='/dev/pts/ptmx\x00', 0xa0540, 0x0) lstat$auto(0x0, 0x0) ioctl$auto(r2, 0x5419, 0x38) openat$auto_snd_pcm_f_ops_pcm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snd/pcmC1D0p\x00', 0x4000, 0x0) ioctl$auto_FBIO_CURSOR(0xffffffffffffffff, 0xc0684608, &(0x7f00000001c0)={0x6, 0x1, 0x600, &(0x7f0000000240)='!\x00', {0x1003, 0x9b72}, {0x5, 0x3, 0x2, 0x9, 0x4, 0x7f, 0x9, 0x0, {0x1fe, 0xffffff81, 0x0, 0x0, 0x0, 0x0}}}) write$auto(0xca, &(0x7f0000000040)='\x04>\x01\r\xfb\xff\xf6OL\xc8\xbe\x94\xf2\xa2\x00\x00', 0x2d9) sendmmsg$auto(r0, &(0x7f0000000080)={{0x0, 0x8002, &(0x7f00000002c0)={0x0, 0xc4}, 0x2, 0x0, 0x0, 0x1}, 0x5}, 0x3, 0x0) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/platform/serial8250/driver_override\x00', 0x22b42, 0x0) mmap$auto(0x80, 0x5, 0x1, 0x14, r2, 0xe) sendfile$auto(r3, r3, 0x0, 0x4f64a1d2) r4 = socket(0x2a, 0x2, 0x0) r5 = socket(0x2c, 0x80003, 0x0) r6 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/kernel/watchdog\x00', 0x2002, 0x0) sendfile$auto(r6, r6, 0x0, 0x80000000003) sendmsg$auto_NL802154_CMD_SET_SEC_PARAMS(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x44040}, 0x4000) ioctl$auto(r4, 0x8912, 0x38) 6.961643536s ago: executing program 2 (id=2334): mmap$auto(0x0, 0x4, 0x4000000000df, 0x78, 0xffffffffffffffff, 0x300000000000) r0 = socketcall$auto(0xffe, 0x0) close_range$auto(0x2, 0xa, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000000c0), 0xe0300, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xae60, 0x10000000000402) io_uring_setup$auto(0x6, 0x0) ioctl$auto(0x3, 0x4008ae61, r0) 4.915153973s ago: executing program 2 (id=2346): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0001, 0x15) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x0, 0x2020009, 0x100003, 0x9000000eb1, 0xfffffffffffffffa, 0x0) clock_gettime$auto(0xfffffffffffffff0, 0x0) 3.173546542s ago: executing program 2 (id=2355): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x0) write$auto(0xca, &(0x7f0000000140)='\x04\x0e\x06\xd5\x89|d\v\x00\x00@\x00\x81\x00\x00\x00\xf6\xf5\x00\xdf\xff\x00', 0x10) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x14, 0x0, 0x10, 0x70bd2c, 0x25dfdbfd, {0xa, 0x0, 0xa00}}, 0x14}, 0x1, 0x0, 0x0, 0x20008000}, 0x10004010) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB='!\x00\''], 0x1ac}, 0x1, 0x0, 0x0, 0x44}, 0x40090) r0 = socket(0x10, 0x2, 0x0) sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x3) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) unshare$auto(0x40000080) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) openat$auto_cpuid_fops_cpuid(0xffffffffffffff9c, &(0x7f0000000500)='/dev/cpu/0/cpuid\x00', 0xad00, 0x0) mount_setattr$auto(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000640)={0x8, 0x100009}, 0x283) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000100)='/dev/pts/ptmx\x00', 0xa0540, 0x0) lstat$auto(0x0, 0x0) ioctl$auto(r1, 0x5419, 0x38) openat$auto_snd_pcm_f_ops_pcm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snd/pcmC1D0p\x00', 0x4000, 0x0) ioctl$auto_FBIO_CURSOR(0xffffffffffffffff, 0xc0684608, &(0x7f00000001c0)={0x6, 0x1, 0x600, &(0x7f0000000240)='!\x00', {0x1003, 0x9b72}, {0x5, 0x3, 0x2, 0x9, 0x4, 0x7f, 0x9, 0x0, {0x1fe, 0xffffff81, 0x0, 0x0, 0x0, 0x0}}}) write$auto(0xca, &(0x7f0000000040)='\x04>\x01\r\xfb\xff\xf6OL\xc8\xbe\x94\xf2\xa2\x00\x00', 0x2d9) sendmmsg$auto(r0, &(0x7f0000000080)={{0x0, 0x8002, &(0x7f00000002c0)={0x0, 0xc4}, 0x2, 0x0, 0x0, 0x1}, 0x5}, 0x3, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/platform/serial8250/driver_override\x00', 0x22b42, 0x0) mmap$auto(0x80, 0x5, 0x1, 0x14, r1, 0xe) sendfile$auto(r2, r2, 0x0, 0x4f64a1d2) r3 = socket(0x2a, 0x2, 0x0) r4 = socket(0x2c, 0x80003, 0x0) r5 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/kernel/watchdog\x00', 0x2002, 0x0) sendfile$auto(r5, r5, 0x0, 0x80000000003) sendmsg$auto_NL802154_CMD_SET_SEC_PARAMS(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x44040}, 0x4000) ioctl$auto(r3, 0x8912, 0x38) 2.498731118s ago: executing program 3 (id=2356): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x0) write$auto(0xca, &(0x7f0000000140)='\x04\x0e\x06\xd5\x89|d\v\x00\x00@\x00\x81\x00\x00\x00\xf6\xf5\x00\xdf\xff\x00', 0x10) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x14, 0x0, 0x10, 0x70bd2c, 0x25dfdbfd, {0xa, 0x0, 0xa00}}, 0x14}, 0x1, 0x0, 0x0, 0x20008000}, 0x10004010) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB='!\x00\''], 0x1ac}, 0x1, 0x0, 0x0, 0x44}, 0x40090) r0 = socket(0x10, 0x2, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/ram10/queue/max_sectors_kb\x00', 0xe3102, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) unshare$auto(0x40000080) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) openat$auto_cpuid_fops_cpuid(0xffffffffffffff9c, &(0x7f0000000500)='/dev/cpu/0/cpuid\x00', 0xad00, 0x0) mount_setattr$auto(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000640)={0x8, 0x100009}, 0x283) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000100)='/dev/pts/ptmx\x00', 0xa0540, 0x0) lstat$auto(0x0, 0x0) ioctl$auto(r1, 0x5419, 0x38) openat$auto_snd_pcm_f_ops_pcm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snd/pcmC1D0p\x00', 0x4000, 0x0) ioctl$auto_FBIO_CURSOR(0xffffffffffffffff, 0xc0684608, &(0x7f00000001c0)={0x6, 0x1, 0x600, &(0x7f0000000240)='!\x00', {0x1003, 0x9b72}, {0x5, 0x3, 0x2, 0x9, 0x4, 0x7f, 0x9, 0x0, {0x1fe, 0xffffff81, 0x0, 0x0, 0x0, 0x0}}}) write$auto(0xca, &(0x7f0000000040)='\x04>\x01\r\xfb\xff\xf6OL\xc8\xbe\x94\xf2\xa2\x00\x00', 0x2d9) sendmmsg$auto(r0, &(0x7f0000000080)={{0x0, 0x8002, &(0x7f00000002c0)={0x0, 0xc4}, 0x2, 0x0, 0x0, 0x1}, 0x5}, 0x3, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/platform/serial8250/driver_override\x00', 0x22b42, 0x0) mmap$auto(0x80, 0x5, 0x1, 0x14, r1, 0xe) sendfile$auto(r2, r2, 0x0, 0x4f64a1d2) r3 = socket(0x2a, 0x2, 0x0) r4 = socket(0x2c, 0x80003, 0x0) r5 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/kernel/watchdog\x00', 0x2002, 0x0) sendfile$auto(r5, r5, 0x0, 0x80000000003) sendmsg$auto_NL802154_CMD_SET_SEC_PARAMS(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x44040}, 0x4000) ioctl$auto(r3, 0x8912, 0x38) 2.175257095s ago: executing program 1 (id=2358): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x0) write$auto(0xca, &(0x7f0000000140)='\x04\x0e\x06\xd5\x89|d\v\x00\x00@\x00\x81\x00\x00\x00\xf6\xf5\x00\xdf\xff\x00', 0x10) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x14, 0x0, 0x10, 0x70bd2c, 0x25dfdbfd, {0xa, 0x0, 0xa00}}, 0x14}, 0x1, 0x0, 0x0, 0x20008000}, 0x10004010) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB='!\x00\''], 0x1ac}, 0x1, 0x0, 0x0, 0x44}, 0x40090) r0 = socket(0x10, 0x2, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/ram10/queue/max_sectors_kb\x00', 0xe3102, 0x0) sendfile$auto(r1, r1, 0x0, 0x3) unshare$auto(0x40000080) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) openat$auto_cpuid_fops_cpuid(0xffffffffffffff9c, &(0x7f0000000500)='/dev/cpu/0/cpuid\x00', 0xad00, 0x0) mount_setattr$auto(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000640)={0x8, 0x100009}, 0x283) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000100)='/dev/pts/ptmx\x00', 0xa0540, 0x0) lstat$auto(0x0, 0x0) ioctl$auto(r2, 0x5419, 0x38) openat$auto_snd_pcm_f_ops_pcm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snd/pcmC1D0p\x00', 0x4000, 0x0) ioctl$auto_FBIO_CURSOR(0xffffffffffffffff, 0xc0684608, &(0x7f00000001c0)={0x6, 0x1, 0x600, &(0x7f0000000240)='!\x00', {0x1003, 0x9b72}, {0x5, 0x3, 0x2, 0x9, 0x4, 0x7f, 0x9, 0x0, {0x1fe, 0xffffff81, 0x0, 0x0, 0x0, 0x0}}}) write$auto(0xca, &(0x7f0000000040)='\x04>\x01\r\xfb\xff\xf6OL\xc8\xbe\x94\xf2\xa2\x00\x00', 0x2d9) sendmmsg$auto(r0, &(0x7f0000000080)={{0x0, 0x8002, &(0x7f00000002c0)={0x0, 0xc4}, 0x2, 0x0, 0x0, 0x1}, 0x5}, 0x3, 0x0) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/platform/serial8250/driver_override\x00', 0x22b42, 0x0) mmap$auto(0x80, 0x5, 0x1, 0x14, r2, 0xe) sendfile$auto(r3, r3, 0x0, 0x4f64a1d2) r4 = socket(0x2a, 0x2, 0x0) r5 = socket(0x2c, 0x80003, 0x0) r6 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/kernel/watchdog\x00', 0x2002, 0x0) sendfile$auto(r6, r6, 0x0, 0x80000000003) sendmsg$auto_NL802154_CMD_SET_SEC_PARAMS(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x44040}, 0x4000) ioctl$auto(r4, 0x8912, 0x38) 1.864904217s ago: executing program 2 (id=2359): close_range$auto(0x2, 0x8, 0x0) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto(0x3, 0xae41, r1) openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000040), 0x60640, 0x0) 1.864157259s ago: executing program 0 (id=2368): openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/nullb0\x00', 0x14fa02, 0x0) r0 = fcntl$auto(0x8000000000000001, 0x26, 0x8) setsockopt$auto(r0, 0x94f3, 0x6, &(0x7f00000000c0)='/proc/thread-self/fail-nth\x00', 0x2) syz_genetlink_get_family_id$auto_smc_gen_netlink(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$auto_SMC_NETLINK_ENABLE_SEID(r0, 0x0, 0x2000c000) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ram5\x00', 0x14fa02, 0x0) setreuid$auto(0xffffffffffffffff, 0x8) prctl$auto_PR_SET_VMA_ANON_NAME(0x401, 0x0, 0x0, 0x30000001, 0x3) mmap$auto(0x0, 0x810004, 0x400000000ffb, 0x8000000008011, 0x3, 0x8000) openat$auto_snd_pcm_f_ops_pcm1(0xffffffffffffff9c, 0x0, 0x0, 0x0) setresuid$auto(0x0, 0x0, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x181500, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/cgroup.stat\x00', 0x280, 0x0) r3 = openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f0000006900)='/sys/kernel/config/target/dbroot\x00', 0x189002, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) getcwd$auto(0x0, 0xffffffffffffffff) write$auto(r3, 0x0, 0x7) read$auto_kernfs_file_fops_kernfs_internal(r2, &(0x7f00000003c0)=""/20, 0xfffffcc4) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/pts/ptmx\x00', 0x20540, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) mknod$auto(&(0x7f0000000040)='\xfd\x90\x8f2\x14\x92\x00\xbf\xdf\xcf\x9a\xae}\xd9\xf95\xc5gV\x82\f\xe5h\xfe\x83\xe4\xbe\x8c\x1f\xa5\xf1_T\xde\xf7\xd4\x83D\x9eXS\xd6\x90T\xc1v\xad#\xc4q\x8b\xed2\xadW:0\xef\x9c.=\xba\x0fy\x8f\xcd\xd6\xde\xa9i\xec\xe8\xca\x9f\xf3\x82b\xa2y\xa87J\xfc \xc5\xd8\x80\xba\xaaV\x8f{\x1f\x1b\xb0\n\x97\\\xa7\xe3\xdf\xc29-*;#r\xc8\xd1\x14RcF\x87\xe4\x1c\x1fGL\xa5\x19\x90\xd6\x8d*\xe6\b(\x1a\xea\x95\xdc\xa6)5\xae&yAl\x1e\xe3j Lp\x91\r\xed%\xafZ\xf8w\xf2}\xcdGS\xce\xb9\xdck\x86\x00.6\xe6{\xc1\x00\x1bW5\x81\xda!\xcb.O\xa9\xf3\xa7\x88+\xb9\xf3\x9a7\xa4\xe6)<\xa79\xa4\x87\\\xb4\xbf\v\x03\x87\xac\x87r\x02\x05\xdb\xe4\xde,V\xb6G\xba.WR\xe2<~\xdd\xb2\xe53hj_;\xa5qm\x92\xc7P\xc9.\x82w8\x1f\xfcX\xe4\x14\xc72cC\xd3\x00'/263, 0x1, 0x4) lstat$auto(&(0x7f0000000200)='\xfd\x90\x8f2\x14\x92\x00\xbf\xdf\xcf\x9a\xae}\xd9\xf95\xc5gV\x82\f\xe5h\xfe\x83\xe4\xbe\x8c\x1f\xa5\xf1_T\xde\xf7\xd4\x83D\x9eXS\xd6\x90T\xc1v\xad#\xc4q\x8b\xed2\xadW:0\xef\x9c.=\xba\x0fy\x8f\xcd\xd6\xde\xa9i\xec\xe8\xca\x9f\xf3\x82b\xa2y\xa87J\xfc \xc5\xd8\x80\xba\xaaV\x8f{\x1f\x1b\xb0\n\x97\\\xa7\xe3\xdf\xc29-*;#r\xc8\xd1\x14RcF\x87\xe4\x1c\x1fGL\xa5\x19\x90\xd6\x8d*\xe6\b(\x1a\xea\x95\xdc\xa6)5\xae&yAl\x1e\xe3j Lp\x91\r\xed%\xafZ\xf8w\xf2}\xcdGS\xce\xb9\xdck\x86\x00.6\xe6{\xc1\x00\x1bW5\x81\xda!\xcb.O\xa9\xf3\xa7\x88+\xb9\xf3\x9a7\xa4\xe6)<\xa79\xa4\x87\\\xb4\xbf\v\x03\x87\xac\x87r\x02\x05\xdb\xe4\xde,V\xb6G\xba.WR\xe2<~\xdd\xb2\xe53hj_;\xa5qm\x92\xc7P\xc9.\x82w8\x1f\xfcX\xe4\x14\xc72cC\xd3\x00', 0x0) ioctl$auto(0x3, 0x5420, 0x38) move_pages$auto(0x0, 0x1002, 0x0, 0x0, 0x0, 0x2) ioctl$auto(0x3, 0x402c542c, 0x38) ioctl$auto(0x3, 0x402c542b, 0x38) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) 1.805872959s ago: executing program 1 (id=2360): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x103e81, 0x0) write$auto(0x3, 0x0, 0xfffffdef) ioctl$auto_TCSBRKP2(r0, 0x5425, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) ioctl$auto_TCFLSH2(r1, 0x5408, 0x0) 1.801535578s ago: executing program 3 (id=2362): openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/nullb0\x00', 0x14fa02, 0x0) r0 = fcntl$auto(0x8000000000000001, 0x26, 0x8) setsockopt$auto(r0, 0x94f3, 0x6, &(0x7f00000000c0)='/proc/thread-self/fail-nth\x00', 0x2) syz_genetlink_get_family_id$auto_smc_gen_netlink(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$auto_SMC_NETLINK_ENABLE_SEID(r0, &(0x7f0000000300)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000002c0)={0x0}, 0x1, 0x0, 0x0, 0x80}, 0x2000c000) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ram5\x00', 0x14fa02, 0x0) setreuid$auto(0xffffffffffffffff, 0x8) prctl$auto_PR_SET_VMA_ANON_NAME(0x401, 0x0, 0x0, 0x30000001, 0x3) mmap$auto(0x0, 0x810004, 0x400000000ffb, 0x8000000008011, 0x3, 0x8000) openat$auto_snd_pcm_f_ops_pcm1(0xffffffffffffff9c, 0x0, 0x0, 0x0) setresuid$auto(0x0, 0x0, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x181500, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/cgroup.stat\x00', 0x280, 0x0) r3 = openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f0000006900)='/sys/kernel/config/target/dbroot\x00', 0x189002, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) getcwd$auto(0x0, 0xffffffffffffffff) write$auto(r3, 0x0, 0x7) read$auto_kernfs_file_fops_kernfs_internal(r2, &(0x7f00000003c0)=""/20, 0xfffffcc4) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/pts/ptmx\x00', 0x20540, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) mknod$auto(&(0x7f0000000040)='\xfd\x90\x8f2\x14\x92\x00\xbf\xdf\xcf\x9a\xae}\xd9\xf95\xc5gV\x82\f\xe5h\xfe\x83\xe4\xbe\x8c\x1f\xa5\xf1_T\xde\xf7\xd4\x83D\x9eXS\xd6\x90T\xc1v\xad#\xc4q\x8b\xed2\xadW:0\xef\x9c.=\xba\x0fy\x8f\xcd\xd6\xde\xa9i\xec\xe8\xca\x9f\xf3\x82b\xa2y\xa87J\xfc \xc5\xd8\x80\xba\xaaV\x8f{\x1f\x1b\xb0\n\x97\\\xa7\xe3\xdf\xc29-*;#r\xc8\xd1\x14RcF\x87\xe4\x1c\x1fGL\xa5\x19\x90\xd6\x8d*\xe6\b(\x1a\xea\x95\xdc\xa6)5\xae&yAl\x1e\xe3j Lp\x91\r\xed%\xafZ\xf8w\xf2}\xcdGS\xce\xb9\xdck\x86\x00.6\xe6{\xc1\x00\x1bW5\x81\xda!\xcb.O\xa9\xf3\xa7\x88+\xb9\xf3\x9a7\xa4\xe6)<\xa79\xa4\x87\\\xb4\xbf\v\x03\x87\xac\x87r\x02\x05\xdb\xe4\xde,V\xb6G\xba.WR\xe2<~\xdd\xb2\xe53hj_;\xa5qm\x92\xc7P\xc9.\x82w8\x1f\xfcX\xe4\x14\xc72cC\xd3\x00'/263, 0x1, 0x4) lstat$auto(&(0x7f0000000200)='\xfd\x90\x8f2\x14\x92\x00\xbf\xdf\xcf\x9a\xae}\xd9\xf95\xc5gV\x82\f\xe5h\xfe\x83\xe4\xbe\x8c\x1f\xa5\xf1_T\xde\xf7\xd4\x83D\x9eXS\xd6\x90T\xc1v\xad#\xc4q\x8b\xed2\xadW:0\xef\x9c.=\xba\x0fy\x8f\xcd\xd6\xde\xa9i\xec\xe8\xca\x9f\xf3\x82b\xa2y\xa87J\xfc \xc5\xd8\x80\xba\xaaV\x8f{\x1f\x1b\xb0\n\x97\\\xa7\xe3\xdf\xc29-*;#r\xc8\xd1\x14RcF\x87\xe4\x1c\x1fGL\xa5\x19\x90\xd6\x8d*\xe6\b(\x1a\xea\x95\xdc\xa6)5\xae&yAl\x1e\xe3j Lp\x91\r\xed%\xafZ\xf8w\xf2}\xcdGS\xce\xb9\xdck\x86\x00.6\xe6{\xc1\x00\x1bW5\x81\xda!\xcb.O\xa9\xf3\xa7\x88+\xb9\xf3\x9a7\xa4\xe6)<\xa79\xa4\x87\\\xb4\xbf\v\x03\x87\xac\x87r\x02\x05\xdb\xe4\xde,V\xb6G\xba.WR\xe2<~\xdd\xb2\xe53hj_;\xa5qm\x92\xc7P\xc9.\x82w8\x1f\xfcX\xe4\x14\xc72cC\xd3\x00', 0x0) ioctl$auto(0x3, 0x5420, 0x38) move_pages$auto(0x0, 0x1002, 0x0, 0x0, 0x0, 0x2) ioctl$auto(0x3, 0x402c542c, 0x38) ioctl$auto(0x3, 0x402c542b, 0x38) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) 1.485966703s ago: executing program 0 (id=2363): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x0) write$auto(0xca, &(0x7f0000000140)='\x04\x0e\x06\xd5\x89|d\v\x00\x00@\x00\x81\x00\x00\x00\xf6\xf5\x00\xdf\xff\x00', 0x10) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x14, 0x0, 0x10, 0x70bd2c, 0x25dfdbfd, {0xa, 0x0, 0xa00}}, 0x14}, 0x1, 0x0, 0x0, 0x20008000}, 0x10004010) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB='!\x00\''], 0x1ac}, 0x1, 0x0, 0x0, 0x44}, 0x40090) r0 = socket(0x10, 0x2, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/ram10/queue/max_sectors_kb\x00', 0xe3102, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) unshare$auto(0x40000080) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) openat$auto_cpuid_fops_cpuid(0xffffffffffffff9c, &(0x7f0000000500)='/dev/cpu/0/cpuid\x00', 0xad00, 0x0) mount_setattr$auto(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000640)={0x8, 0x100009}, 0x283) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000100)='/dev/pts/ptmx\x00', 0xa0540, 0x0) lstat$auto(0x0, 0x0) ioctl$auto(r1, 0x5419, 0x38) openat$auto_snd_pcm_f_ops_pcm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snd/pcmC1D0p\x00', 0x4000, 0x0) ioctl$auto_FBIO_CURSOR(0xffffffffffffffff, 0xc0684608, &(0x7f00000001c0)={0x6, 0x1, 0x600, &(0x7f0000000240)='!\x00', {0x1003, 0x9b72}, {0x5, 0x3, 0x2, 0x9, 0x4, 0x7f, 0x9, 0x0, {0x1fe, 0xffffff81, 0x0, 0x0, 0x0, 0x0}}}) write$auto(0xca, &(0x7f0000000040)='\x04>\x01\r\xfb\xff\xf6OL\xc8\xbe\x94\xf2\xa2\x00\x00', 0x2d9) sendmmsg$auto(r0, &(0x7f0000000080)={{0x0, 0x8002, &(0x7f00000002c0)={0x0, 0xc4}, 0x2, 0x0, 0x0, 0x1}, 0x5}, 0x3, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/platform/serial8250/driver_override\x00', 0x22b42, 0x0) mmap$auto(0x80, 0x5, 0x1, 0x14, r1, 0xe) sendfile$auto(r2, r2, 0x0, 0x4f64a1d2) r3 = socket(0x2a, 0x2, 0x0) r4 = socket(0x2c, 0x80003, 0x0) r5 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/kernel/watchdog\x00', 0x2002, 0x0) sendfile$auto(r5, r5, 0x0, 0x80000000003) sendmsg$auto_NL802154_CMD_SET_SEC_PARAMS(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x44040}, 0x4000) ioctl$auto(r3, 0x8912, 0x38) 1.023986975s ago: executing program 1 (id=2364): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x0) write$auto(0xca, &(0x7f0000000140)='\x04\x0e\x06\xd5\x89|d\v\x00\x00@\x00\x81\x00\x00\x00\xf6\xf5\x00\xdf\xff\x00', 0x10) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x14, 0x0, 0x10, 0x70bd2c, 0x25dfdbfd, {0xa, 0x0, 0xa00}}, 0x14}, 0x1, 0x0, 0x0, 0x20008000}, 0x10004010) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB='!\x00\''], 0x1ac}, 0x1, 0x0, 0x0, 0x44}, 0x40090) r0 = socket(0x10, 0x2, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/ram10/queue/max_sectors_kb\x00', 0xe3102, 0x0) sendfile$auto(r1, r1, 0x0, 0x3) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) unshare$auto(0x40000080) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) openat$auto_cpuid_fops_cpuid(0xffffffffffffff9c, &(0x7f0000000500)='/dev/cpu/0/cpuid\x00', 0xad00, 0x0) mount_setattr$auto(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000640)={0x8, 0x100009}, 0x283) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000100)='/dev/pts/ptmx\x00', 0xa0540, 0x0) lstat$auto(0x0, 0x0) ioctl$auto(r2, 0x5419, 0x38) openat$auto_snd_pcm_f_ops_pcm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snd/pcmC1D0p\x00', 0x4000, 0x0) ioctl$auto_FBIO_CURSOR(0xffffffffffffffff, 0xc0684608, &(0x7f00000001c0)={0x6, 0x1, 0x600, &(0x7f0000000240)='!\x00', {0x1003, 0x9b72}, {0x5, 0x3, 0x2, 0x9, 0x4, 0x7f, 0x9, 0x0, {0x1fe, 0xffffff81, 0x0, 0x0, 0x0, 0x0}}}) write$auto(0xca, &(0x7f0000000040)='\x04>\x01\r\xfb\xff\xf6OL\xc8\xbe\x94\xf2\xa2\x00\x00', 0x2d9) sendmmsg$auto(r0, &(0x7f0000000080)={{0x0, 0x8002, &(0x7f00000002c0)={0x0, 0xc4}, 0x2, 0x0, 0x0, 0x1}, 0x5}, 0x3, 0x0) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/platform/serial8250/driver_override\x00', 0x22b42, 0x0) mmap$auto(0x80, 0x5, 0x1, 0x14, r2, 0xe) sendfile$auto(r3, r3, 0x0, 0x4f64a1d2) 862.435573ms ago: executing program 3 (id=2365): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/devices/platform/vidtv.0/i2c-0/new_device\x00', 0x2001, 0x0) r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000140)='/proc/thread-self/net/netfilter/nf_log\x00', 0xa000, 0x0) read$auto(r0, 0x0, 0x100000000) write$auto(0x3, 0x0, 0x4000fdef) 647.283855ms ago: executing program 3 (id=2366): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4ea2, @remote}, 0x6a) socket(0xa, 0x2, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x0, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x6, 0x0) shutdown$auto(0x200000003, 0x2) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0x80}, 0x8}, 0x7, 0x20020000) 644.939577ms ago: executing program 0 (id=2367): write$auto(0x3, 0x0, 0x100082) openat$auto_ubi_ctrl_cdev_operations_ubi(0xffffffffffffff9c, 0x0, 0x40900, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/module/nfs/parameters/nfs_mountpoint_expiry_timeout\x00', 0x80040, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000480)='/sys/module/zswap/parameters/compressor\x00', 0x80002, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000440)='/sys/devices/platform/dummy_hcd.0/usb1/1-0:1.0/usb1-port1/quirks\x00', 0x103a42, 0x0) sendfile$auto(r1, r2, 0x0, 0x3) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000001080)=""/4143, 0x102f) 526.673813ms ago: executing program 0 (id=2369): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) r0 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x48402, 0x0) read$auto(r0, 0x0, 0x4) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r1, &(0x7f0000000240)={0x0, 0x7}, 0x100000000003) sysfs$auto(0x40, 0x2, 0x8) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ram3\x00', 0x44000, 0x0) ioctl$auto_BLKBSZSET(r2, 0x40081271, &(0x7f00000000c0)=0x1000) 498.976288ms ago: executing program 3 (id=2370): mmap$auto(0x0, 0x100, 0x4000000000df, 0x80000000eb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socketpair$auto(0xf03, 0x5, 0x2e, 0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptyt2\x00', 0x101e81, 0x0) ioctl$auto_TIOCSETD2(r0, 0x5423, 0x0) socketpair$auto(0x5b, 0x2, 0x420000, 0x0) ioctl$auto_TIOCSETD2(r0, 0x5423, 0x0) ioctl$auto_TIOCVHANGUP2(r0, 0x5437, 0x0) 423.671109ms ago: executing program 1 (id=2371): openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f0000000000)='/dev/usbmon7\x00', 0x40080, 0x0) select$auto(0x5, 0x0, &(0x7f0000000140)={[0x9, 0x8, 0x3, 0x10, 0x3, 0x9, 0x9, 0xff, 0x3, 0x2, 0x2, 0x7, 0x100000001, 0x8000000000000001, 0x4, 0x9]}, 0x0, 0x0) mmap$auto(0x0, 0x2000a, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) close_range$auto(0x2, 0x8, 0x0) openat$auto_proc_loginuid_operations_base(0xffffffffffffff9c, &(0x7f0000000340)='/proc/thread-self/loginuid\x00', 0x109000, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/irq/11/smp_affinity_list\x00', 0x129542, 0x0) read$auto(0x3, 0x0, 0xf34) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0x8) 330.135ms ago: executing program 3 (id=2372): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x100) r0 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000200)='/proc/self/maps\x00', 0x40302, 0x0) ioctl$auto_PROCMAP_QUERY(r0, 0xc0686611, &(0x7f0000000080)={0x101, 0x34, 0x7fff, 0x5, 0x80000000009, 0x1, 0x800, 0x101, 0x5, 0x207f93, 0xfffffffe, 0x7ffffffd, 0x3, 0x7, 0x5}) clone$auto(0x2000020003b4a, 0x6, 0x0, 0x0, 0x103) 258.160578ms ago: executing program 1 (id=2373): stat$auto(0x0, &(0x7f0000000140)={0x8, 0x0, 0x80, 0x7, 0xffffffffffffffff, 0xee00, 0x0, 0x10d3, 0x6, 0x7fffffff, 0x0, 0xa82, 0x0, 0x8, 0x1, 0x200, 0x7}) r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card1/pcm0p/sub2/xrun_injection\x00', 0x0, 0x0) read$auto_proc_reg_file_ops_compat_inode(r0, 0x0, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x0, 0x5, 0x0) socket(0xa, 0x801, 0x6) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000440)='/sys/devices/platform/dummy_hcd.0/usb1/1-0:1.0/usb1-port1/quirks\x00', 0x103a42, 0x0) sendfile$auto(0x1, 0x3, 0x0, 0x40000000c07) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = timerfd_create$auto(0x9, 0x0) timerfd_settime$auto(r1, 0x0, &(0x7f0000000000)={{0x10, 0x3ff}, {0x10, 0x9}}, 0x0) r2 = open(&(0x7f0000000000)='./file0\x00', 0x222c0, 0x0) close_range$auto(0x2, 0x8, 0x3) write$auto(0x3, 0x0, 0xfdef) ioctl$auto(0x3, 0x541a, r2) 257.599913ms ago: executing program 0 (id=2381): mmap$auto(0x0, 0x2020009, 0x8000000000000003, 0x40000000000eb1, 0xffffffffffffffff, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) eventfd$auto(0x4) r0 = openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000240)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x1000, 0x0) r1 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$auto_VHOST_SET_OWNER(r1, 0xaf01, 0x5) ioctl$auto(r1, 0x4008af20, r0) 21.16307ms ago: executing program 1 (id=2374): mmap$auto(0x0, 0xa020009, 0x8000000003, 0xeb1, 0xfffffffffffffffa, 0x8000) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000200)={{0x0, 0x0, 0x0, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x4008) r0 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x8842, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/block/ram9/diskseq\x00', 0x20000, 0x0) read$auto(r1, 0x0, 0x20) writev$auto(r0, &(0x7f0000000200)={0x0, 0x3}, 0x3) unshare$auto(0x20000080) 0s ago: executing program 0 (id=2383): openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/nullb0\x00', 0x14fa02, 0x0) r0 = fcntl$auto(0x8000000000000001, 0x26, 0x8) setsockopt$auto(r0, 0x94f3, 0x6, &(0x7f00000000c0)='/proc/thread-self/fail-nth\x00', 0x2) syz_genetlink_get_family_id$auto_smc_gen_netlink(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$auto_SMC_NETLINK_ENABLE_SEID(r0, 0x0, 0x2000c000) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ram5\x00', 0x14fa02, 0x0) setreuid$auto(0xffffffffffffffff, 0x8) prctl$auto_PR_SET_VMA_ANON_NAME(0x401, 0x0, 0x0, 0x30000001, 0x3) mmap$auto(0x0, 0x810004, 0x400000000ffb, 0x8000000008011, 0x3, 0x8000) openat$auto_snd_pcm_f_ops_pcm1(0xffffffffffffff9c, 0x0, 0x0, 0x0) setresuid$auto(0x0, 0x0, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x181500, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/cgroup.stat\x00', 0x280, 0x0) r3 = openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f0000006900)='/sys/kernel/config/target/dbroot\x00', 0x189002, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) getcwd$auto(0x0, 0xffffffffffffffff) write$auto(r3, 0x0, 0x7) read$auto_kernfs_file_fops_kernfs_internal(r2, &(0x7f00000003c0)=""/20, 0xfffffcc4) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/pts/ptmx\x00', 0x20540, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) mknod$auto(&(0x7f0000000040)='\xfd\x90\x8f2\x14\x92\x00\xbf\xdf\xcf\x9a\xae}\xd9\xf95\xc5gV\x82\f\xe5h\xfe\x83\xe4\xbe\x8c\x1f\xa5\xf1_T\xde\xf7\xd4\x83D\x9eXS\xd6\x90T\xc1v\xad#\xc4q\x8b\xed2\xadW:0\xef\x9c.=\xba\x0fy\x8f\xcd\xd6\xde\xa9i\xec\xe8\xca\x9f\xf3\x82b\xa2y\xa87J\xfc \xc5\xd8\x80\xba\xaaV\x8f{\x1f\x1b\xb0\n\x97\\\xa7\xe3\xdf\xc29-*;#r\xc8\xd1\x14RcF\x87\xe4\x1c\x1fGL\xa5\x19\x90\xd6\x8d*\xe6\b(\x1a\xea\x95\xdc\xa6)5\xae&yAl\x1e\xe3j Lp\x91\r\xed%\xafZ\xf8w\xf2}\xcdGS\xce\xb9\xdck\x86\x00.6\xe6{\xc1\x00\x1bW5\x81\xda!\xcb.O\xa9\xf3\xa7\x88+\xb9\xf3\x9a7\xa4\xe6)<\xa79\xa4\x87\\\xb4\xbf\v\x03\x87\xac\x87r\x02\x05\xdb\xe4\xde,V\xb6G\xba.WR\xe2<~\xdd\xb2\xe53hj_;\xa5qm\x92\xc7P\xc9.\x82w8\x1f\xfcX\xe4\x14\xc72cC\xd3\x00'/263, 0x1, 0x4) lstat$auto(&(0x7f0000000200)='\xfd\x90\x8f2\x14\x92\x00\xbf\xdf\xcf\x9a\xae}\xd9\xf95\xc5gV\x82\f\xe5h\xfe\x83\xe4\xbe\x8c\x1f\xa5\xf1_T\xde\xf7\xd4\x83D\x9eXS\xd6\x90T\xc1v\xad#\xc4q\x8b\xed2\xadW:0\xef\x9c.=\xba\x0fy\x8f\xcd\xd6\xde\xa9i\xec\xe8\xca\x9f\xf3\x82b\xa2y\xa87J\xfc \xc5\xd8\x80\xba\xaaV\x8f{\x1f\x1b\xb0\n\x97\\\xa7\xe3\xdf\xc29-*;#r\xc8\xd1\x14RcF\x87\xe4\x1c\x1fGL\xa5\x19\x90\xd6\x8d*\xe6\b(\x1a\xea\x95\xdc\xa6)5\xae&yAl\x1e\xe3j Lp\x91\r\xed%\xafZ\xf8w\xf2}\xcdGS\xce\xb9\xdck\x86\x00.6\xe6{\xc1\x00\x1bW5\x81\xda!\xcb.O\xa9\xf3\xa7\x88+\xb9\xf3\x9a7\xa4\xe6)<\xa79\xa4\x87\\\xb4\xbf\v\x03\x87\xac\x87r\x02\x05\xdb\xe4\xde,V\xb6G\xba.WR\xe2<~\xdd\xb2\xe53hj_;\xa5qm\x92\xc7P\xc9.\x82w8\x1f\xfcX\xe4\x14\xc72cC\xd3\x00', 0x0) ioctl$auto(0x3, 0x5420, 0x38) move_pages$auto(0x0, 0x1002, 0x0, 0x0, 0x0, 0x2) ioctl$auto(0x3, 0x402c542c, 0x38) ioctl$auto(0x3, 0x402c542b, 0x38) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) kernel console output (not intermixed with test programs): event 0x0d length: 725 > 260 [ 613.362357][ T9097] Bluetooth: hci3: Unknown advertising packet type: 0x7f [ 613.362393][ T9097] Bluetooth: hci3: adv larger than maximum supported [ 613.372569][ T9097] Bluetooth: hci3: Unknown advertising packet type: 0x5f [ 613.379395][ T9097] Bluetooth: hci3: Malformed LE Event: 0x0d [ 614.269321][ T9097] Bluetooth: hci2: unexpected event for opcode 0x7c89 [ 614.417596][T14694] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 614.444708][ T9097] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 614.444744][ T9097] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 614.460214][ T9097] Bluetooth: hci2: Unknown advertising packet type: 0x7f [ 614.460248][ T9097] Bluetooth: hci2: adv larger than maximum supported [ 614.469115][ T9097] Bluetooth: hci2: Unknown advertising packet type: 0x5f [ 614.476667][ T9097] Bluetooth: hci2: Malformed LE Event: 0x0d [ 614.525579][ T9097] Bluetooth: hci1: command 0x0c1a tx timeout [ 614.561794][T14701] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1799'. [ 614.587111][T14701] netlink: 354 bytes leftover after parsing attributes in process `syz.1.1799'. [ 614.643471][ T9097] Bluetooth: hci0: unexpected event for opcode 0x7c89 [ 614.719627][ T9097] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 614.719664][ T9097] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 614.735053][ T9097] Bluetooth: hci0: Unknown advertising packet type: 0x7f [ 614.735112][ T9097] Bluetooth: hci0: Malformed LE Event: 0x0d [ 614.756204][T14708] FAULT_INJECTION: forcing a failure. [ 614.756204][T14708] name failslab, interval 1, probability 0, space 0, times 0 [ 614.775763][T14709] FAULT_INJECTION: forcing a failure. [ 614.775763][T14709] name failslab, interval 1, probability 0, space 0, times 0 [ 614.789710][T14709] CPU: 1 UID: 0 PID: 14709 Comm: syz.1.1802 Not tainted syzkaller #0 PREEMPT(full) [ 614.789750][T14709] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 614.789767][T14709] Call Trace: [ 614.789776][T14709] [ 614.789787][T14709] dump_stack_lvl+0x100/0x190 [ 614.789833][T14709] should_fail_ex.cold+0x5/0xa [ 614.789863][T14709] should_failslab+0xc2/0x120 [ 614.789897][T14709] kmem_cache_alloc_node_noprof+0x8c/0x880 [ 614.789930][T14709] ? percpu_ref_put_many.constprop.0+0xc4/0x2a0 [ 614.789972][T14709] ? zswap_store+0xc42/0x29d0 [ 614.790027][T14709] ? zswap_store+0xc42/0x29d0 [ 614.790065][T14709] zswap_store+0xc42/0x29d0 [ 614.790104][T14709] ? rcu_is_cpu_rrupt_from_idle+0x1d1/0x270 [ 614.790161][T14709] ? __pfx_zswap_store+0x10/0x10 [ 614.790201][T14709] ? folio_free_swap+0x277/0x850 [ 614.790229][T14709] ? folio_free_swap+0x277/0x850 [ 614.790259][T14709] ? do_raw_spin_unlock+0x145/0x1e0 [ 614.790293][T14709] ? _raw_spin_unlock+0x28/0x50 [ 614.790332][T14709] ? folio_free_swap+0x39/0x850 [ 614.790361][T14709] ? rcu_is_watching+0x12/0xc0 [ 614.790399][T14709] swap_writeout+0x49d/0x12b0 [ 614.790442][T14709] ? _raw_spin_unlock_irq+0x23/0x50 [ 614.790485][T14709] shmem_writeout+0xe12/0x1520 [ 614.790520][T14709] ? __pfx_shmem_writeout+0x10/0x10 [ 614.790553][T14709] ? inode_to_bdi+0x9e/0x160 [ 614.790586][T14709] ? folio_clear_dirty_for_io+0x178/0x820 [ 614.790629][T14709] shrink_folio_list+0x3b72/0x6000 [ 614.790689][T14709] ? __pfx_shrink_folio_list+0x10/0x10 [ 614.790734][T14709] ? __lock_acquire+0x3c0/0x2630 [ 614.790762][T14709] ? stack_trace_save+0x8e/0xc0 [ 614.790801][T14709] ? __pfx_stack_trace_save+0x10/0x10 [ 614.790854][T14709] ? __lock_acquire+0x4a5/0x2630 [ 614.790910][T14709] ? __lock_acquire+0x4a5/0x2630 [ 614.790942][T14709] reclaim_folio_list+0xdc/0x5a0 [ 614.790991][T14709] ? __lock_acquire+0x4a5/0x2630 [ 614.791022][T14709] ? __pfx_reclaim_folio_list+0x10/0x10 [ 614.791082][T14709] ? css_rstat_updated+0x1ce/0x5a0 [ 614.791133][T14709] ? do_raw_spin_lock+0x128/0x260 [ 614.791166][T14709] ? lru_gen_del_folio+0x382/0x5f0 [ 614.791209][T14709] reclaim_pages+0x428/0x5e0 [ 614.791238][T14709] ? __pfx_reclaim_pages+0x10/0x10 [ 614.791261][T14709] ? find_held_lock+0x2b/0x80 [ 614.791298][T14709] ? madvise_cold_or_pageout_pte_range+0xb49/0x2710 [ 614.791340][T14709] madvise_cold_or_pageout_pte_range+0x1635/0x2710 [ 614.791388][T14709] ? __pfx_madvise_cold_or_pageout_pte_range+0x10/0x10 [ 614.791426][T14709] ? __pfx_stack_trace_save+0x10/0x10 [ 614.791468][T14709] ? look_up_lock_class+0x55/0x120 [ 614.791497][T14709] ? __pfx_madvise_cold_or_pageout_pte_range+0x10/0x10 [ 614.791536][T14709] walk_pgd_range+0xc04/0x1eb0 [ 614.791590][T14709] ? __pfx_walk_pgd_range+0x10/0x10 [ 614.791622][T14709] ? folios_put_refs+0x66d/0x840 [ 614.791657][T14709] __walk_page_range+0x163/0x820 [ 614.791704][T14709] walk_page_range_vma_unsafe+0x23f/0x960 [ 614.791741][T14709] ? __pfx_walk_page_range_vma_unsafe+0x10/0x10 [ 614.791778][T14709] ? find_held_lock+0x2b/0x80 [ 614.791808][T14709] ? mlock_drain_local+0x254/0x4e0 [ 614.791834][T14709] ? mlock_drain_local+0x254/0x4e0 [ 614.791866][T14709] walk_page_range_vma+0x63/0x90 [ 614.791900][T14709] madvise_pageout+0x259/0x540 [ 614.791937][T14709] ? __pfx_madvise_pageout+0x10/0x10 [ 614.791981][T14709] ? finish_task_switch.isra.0+0x200/0xb80 [ 614.792041][T14709] ? mtree_range_walk+0x6ce/0xcd0 [ 614.792087][T14709] madvise_vma_behavior+0x3d8/0x2a40 [ 614.792127][T14709] ? mas_prev_setup.constprop.0+0xb6/0x9c0 [ 614.792156][T14709] ? __pfx_madvise_vma_behavior+0x10/0x10 [ 614.792194][T14709] ? mas_prev+0x9b/0xf0 [ 614.792222][T14709] ? __pfx_mas_prev+0x10/0x10 [ 614.792258][T14709] ? find_vma_prev+0xd8/0x150 [ 614.792289][T14709] ? futex_unqueue+0x133/0x2c0 [ 614.792330][T14709] ? __pfx_find_vma_prev+0x10/0x10 [ 614.792370][T14709] ? __futex_wait+0x256/0x300 [ 614.792411][T14709] madvise_walk_vmas+0x2fe/0xa90 [ 614.792455][T14709] ? __pfx_madvise_walk_vmas+0x10/0x10 [ 614.792504][T14709] madvise_do_behavior+0x1ea/0x510 [ 614.792544][T14709] ? __pfx_madvise_do_behavior+0x10/0x10 [ 614.792583][T14709] ? down_read+0x13b/0x460 [ 614.792634][T14709] do_madvise+0x195/0x240 [ 614.792670][T14709] ? __pfx_do_madvise+0x10/0x10 [ 614.792707][T14709] ? do_futex+0x192/0x350 [ 614.792739][T14709] ? find_held_lock+0x2b/0x80 [ 614.792790][T14709] ? xfd_validate_state+0x129/0x190 [ 614.792824][T14709] ? pipe_ioctl+0x226/0x2c0 [ 614.792857][T14709] __x64_sys_madvise+0xa9/0x110 [ 614.792893][T14709] ? lockdep_hardirqs_on+0x78/0x100 [ 614.792919][T14709] do_syscall_64+0x106/0xf80 [ 614.792945][T14709] ? clear_bhb_loop+0x40/0x90 [ 614.792986][T14709] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 614.793015][T14709] RIP: 0033:0x7fe6c879bf79 [ 614.793039][T14709] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 614.793066][T14709] RSP: 002b:00007fe6c9680028 EFLAGS: 00000246 ORIG_RAX: 000000000000001c [ 614.793093][T14709] RAX: ffffffffffffffda RBX: 00007fe6c8a15fa0 RCX: 00007fe6c879bf79 [ 614.793112][T14709] RDX: 0000000000000015 RSI: 00000000002003f0 RDI: 0000000000000000 [ 614.793130][T14709] RBP: 00007fe6c88327e0 R08: 0000000000000000 R09: 0000000000000000 [ 614.793148][T14709] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 614.793165][T14709] R13: 00007fe6c8a16038 R14: 00007fe6c8a15fa0 R15: 00007ffd180b7628 [ 614.793204][T14709] [ 614.811744][T14708] CPU: 0 UID: 0 PID: 14708 Comm: syz.2.1801 Not tainted syzkaller #0 PREEMPT(full) [ 614.811782][T14708] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 614.811799][T14708] Call Trace: [ 614.811808][T14708] [ 614.811819][T14708] dump_stack_lvl+0x100/0x190 [ 614.811863][T14708] should_fail_ex.cold+0x5/0xa [ 614.811894][T14708] should_failslab+0xc2/0x120 [ 614.811927][T14708] __kmalloc_cache_noprof+0x80/0x810 [ 614.811968][T14708] ? alloc_pipe_info+0x10e/0x590 [ 614.811998][T14708] ? security_inode_alloc+0xcf/0x2c0 [ 614.812045][T14708] ? alloc_pipe_info+0x10e/0x590 [ 614.812073][T14708] alloc_pipe_info+0x10e/0x590 [ 614.812106][T14708] create_pipe_files+0x8c/0x970 [ 614.812139][T14708] do_pipe2+0xbd/0x1e0 [ 614.812168][T14708] ? __pfx_do_pipe2+0x10/0x10 [ 614.812197][T14708] ? xfd_validate_state+0x129/0x190 [ 614.812240][T14708] __x64_sys_pipe+0x33/0x50 [ 614.812269][T14708] do_syscall_64+0x106/0xf80 [ 614.812294][T14708] ? clear_bhb_loop+0x40/0x90 [ 614.812328][T14708] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 614.812356][T14708] RIP: 0033:0x7f859419bf79 [ 614.812377][T14708] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 614.812404][T14708] RSP: 002b:00007f859506a028 EFLAGS: 00000246 ORIG_RAX: 0000000000000016 [ 614.812430][T14708] RAX: ffffffffffffffda RBX: 00007f8594415fa0 RCX: 00007f859419bf79 [ 614.812448][T14708] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 614.812464][T14708] RBP: 00007f85942327e0 R08: 0000000000000000 R09: 0000000000000000 [ 614.812481][T14708] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 614.812496][T14708] R13: 00007f8594416038 R14: 00007f8594415fa0 R15: 00007ffdbbfe8a48 [ 614.812533][T14708] [ 615.512230][ T9097] Bluetooth: hci3: command 0x0c1a tx timeout [ 615.695721][ T30] audit: type=1800 audit(4294967331.267:52): pid=14715 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.1804" name="dbroot" dev="configfs" ino=68393 res=0 errno=0 [ 616.372732][T14728] FAULT_INJECTION: forcing a failure. [ 616.372732][T14728] name failslab, interval 1, probability 0, space 0, times 0 [ 616.461944][T14728] CPU: 0 UID: 0 PID: 14728 Comm: syz.3.1810 Not tainted syzkaller #0 PREEMPT(full) [ 616.461982][T14728] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 616.462000][T14728] Call Trace: [ 616.462009][T14728] [ 616.462019][T14728] dump_stack_lvl+0x100/0x190 [ 616.462065][T14728] should_fail_ex.cold+0x5/0xa [ 616.462093][T14728] should_failslab+0xc2/0x120 [ 616.462112][T14728] kmem_cache_alloc_lru_noprof+0x8e/0x7d0 [ 616.462129][T14728] ? find_inode_fast+0x5e3/0x910 [ 616.462151][T14728] ? __d_alloc+0x34/0xa80 [ 616.462170][T14728] ? __d_alloc+0x34/0xa80 [ 616.462186][T14728] __d_alloc+0x34/0xa80 [ 616.462204][T14728] d_alloc_pseudo+0x1c/0xc0 [ 616.462225][T14728] alloc_file_pseudo_noaccount+0xcf/0x230 [ 616.462246][T14728] ? __pfx_alloc_file_pseudo_noaccount+0x10/0x10 [ 616.462268][T14728] ? iput+0x3a/0x40 [ 616.462288][T14728] bdev_file_open_by_dev+0x13a/0x210 [ 616.462308][T14728] blkdev_bszset+0x170/0x240 [ 616.462327][T14728] ? __pfx_blkdev_bszset+0x10/0x10 [ 616.462345][T14728] ? find_held_lock+0x2b/0x80 [ 616.462363][T14728] ? __fget_files+0x215/0x3d0 [ 616.462377][T14728] ? hook_file_ioctl_common+0x146/0x410 [ 616.462394][T14728] blkdev_ioctl+0x513/0x6f0 [ 616.462412][T14728] ? __pfx_blkdev_ioctl+0x10/0x10 [ 616.462433][T14728] ? __pfx_blkdev_ioctl+0x10/0x10 [ 616.462452][T14728] __x64_sys_ioctl+0x18e/0x210 [ 616.462475][T14728] do_syscall_64+0x106/0xf80 [ 616.462489][T14728] ? clear_bhb_loop+0x40/0x90 [ 616.462506][T14728] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 616.462521][T14728] RIP: 0033:0x7f060839bf79 [ 616.462534][T14728] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 616.462548][T14728] RSP: 002b:00007f0609343028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 616.462563][T14728] RAX: ffffffffffffffda RBX: 00007f0608615fa0 RCX: 00007f060839bf79 [ 616.462572][T14728] RDX: 00002000000000c0 RSI: 0000000040081271 RDI: 0000000000000005 [ 616.462581][T14728] RBP: 00007f06084327e0 R08: 0000000000000000 R09: 0000000000000000 [ 616.462590][T14728] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 616.462599][T14728] R13: 00007f0608616038 R14: 00007f0608615fa0 R15: 00007ffee482e7a8 [ 616.462619][T14728] [ 616.900854][T14736] FAULT_INJECTION: forcing a failure. [ 616.900854][T14736] name failslab, interval 1, probability 0, space 0, times 0 [ 616.900931][T14736] CPU: 1 UID: 0 PID: 14736 Comm: syz.2.1813 Not tainted syzkaller #0 PREEMPT(full) [ 616.900965][T14736] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 616.900981][T14736] Call Trace: [ 616.900990][T14736] [ 616.901001][T14736] dump_stack_lvl+0x100/0x190 [ 616.901044][T14736] should_fail_ex.cold+0x5/0xa [ 616.901074][T14736] should_failslab+0xc2/0x120 [ 616.901107][T14736] __kmalloc_cache_noprof+0x80/0x810 [ 616.901146][T14736] ? __pfx_stack_trace_save+0x10/0x10 [ 616.901184][T14736] ? kvm_pic_init+0x4f/0x380 [ 616.901228][T14736] ? kvm_pic_init+0x4f/0x380 [ 616.901263][T14736] ? register_lock_class+0x40/0x560 [ 616.901291][T14736] kvm_pic_init+0x4f/0x380 [ 616.901328][T14736] kvm_arch_vm_ioctl+0xec4/0x18d0 [ 616.901363][T14736] ? __lock_acquire+0x4a5/0x2630 [ 616.901390][T14736] ? __pfx_kvm_arch_vm_ioctl+0x10/0x10 [ 616.901422][T14736] ? __lock_acquire+0x4a5/0x2630 [ 616.901455][T14736] ? __lock_acquire+0x4a5/0x2630 [ 616.901489][T14736] ? __lock_acquire+0x4a5/0x2630 [ 616.901524][T14736] ? __lock_acquire+0x4a5/0x2630 [ 616.901577][T14736] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 616.901620][T14736] ? is_bpf_text_address+0x94/0x1a0 [ 616.901653][T14736] ? kernel_text_address+0x8d/0x100 [ 616.901682][T14736] ? widen_string+0xdb/0x2f0 [ 616.901715][T14736] ? __kernel_text_address+0xd/0x30 [ 616.901748][T14736] ? unwind_get_return_address+0x59/0xa0 [ 616.901801][T14736] ? arch_stack_walk+0xa6/0xf0 [ 616.901855][T14736] ? stack_trace_save+0x8e/0xc0 [ 616.901893][T14736] ? __pfx_stack_trace_save+0x10/0x10 [ 616.901933][T14736] ? stack_depot_save_flags+0x27/0x9d0 [ 616.901965][T14736] ? __lock_acquire+0x4a5/0x2630 [ 616.901997][T14736] ? kasan_save_stack+0x3f/0x50 [ 616.902023][T14736] ? kasan_save_stack+0x30/0x50 [ 616.902050][T14736] ? kasan_save_track+0x14/0x30 [ 616.902077][T14736] ? kasan_save_free_info+0x3b/0x70 [ 616.902116][T14736] ? __kasan_slab_free+0x5f/0x80 [ 616.902144][T14736] ? kfree+0x1c7/0x690 [ 616.902179][T14736] ? tomoyo_path_number_perm+0x46d/0x580 [ 616.902207][T14736] ? security_file_ioctl+0xd3/0x230 [ 616.902234][T14736] ? __x64_sys_ioctl+0xb7/0x210 [ 616.902273][T14736] ? do_syscall_64+0x106/0xf80 [ 616.902305][T14736] kvm_vm_ioctl+0x1564/0x4020 [ 616.902345][T14736] ? __pfx_kvm_vm_ioctl+0x10/0x10 [ 616.902396][T14736] ? kasan_quarantine_put+0x104/0x240 [ 616.902423][T14736] ? lockdep_hardirqs_on+0x78/0x100 [ 616.902454][T14736] ? kfree+0x1c7/0x690 [ 616.902490][T14736] ? find_held_lock+0x2b/0x80 [ 616.902526][T14736] ? tomoyo_path_number_perm+0x28f/0x580 [ 616.902552][T14736] ? tomoyo_path_number_perm+0x28f/0x580 [ 616.902584][T14736] ? tomoyo_path_number_perm+0x188/0x580 [ 616.902614][T14736] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 616.902641][T14736] ? futex_wait+0x125/0x380 [ 616.902686][T14736] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 616.902725][T14736] ? do_vfs_ioctl+0x226/0x13e0 [ 616.902765][T14736] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 616.902824][T14736] ? find_held_lock+0x2b/0x80 [ 616.902858][T14736] ? __fget_files+0x215/0x3d0 [ 616.902885][T14736] ? hook_file_ioctl_common+0x146/0x410 [ 616.902921][T14736] ? __fget_files+0x21f/0x3d0 [ 616.902949][T14736] ? __pfx_kvm_vm_ioctl+0x10/0x10 [ 616.902977][T14736] __x64_sys_ioctl+0x18e/0x210 [ 616.903021][T14736] do_syscall_64+0x106/0xf80 [ 616.903044][T14736] ? clear_bhb_loop+0x40/0x90 [ 616.903077][T14736] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 616.903104][T14736] RIP: 0033:0x7f859419bf79 [ 616.903127][T14736] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 616.903153][T14736] RSP: 002b:00007f859506a028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 616.903179][T14736] RAX: ffffffffffffffda RBX: 00007f8594415fa0 RCX: 00007f859419bf79 [ 616.903198][T14736] RDX: 0010000000000402 RSI: 000000000000ae60 RDI: 0000000000000003 [ 616.903215][T14736] RBP: 00007f85942327e0 R08: 0000000000000000 R09: 0000000000000000 [ 616.903233][T14736] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 616.903249][T14736] R13: 00007f8594416038 R14: 00007f8594415fa0 R15: 00007ffdbbfe8a48 [ 616.903286][T14736] [ 617.017881][T14740] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 617.021339][T14740] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 617.151836][ T9097] Bluetooth: hci3: unexpected event for opcode 0x7c89 [ 617.164126][ T9097] Bluetooth: hci1: unexpected event for opcode 0x7c89 [ 617.282341][T14748] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 617.283551][ T9097] Bluetooth: hci3: unexpected event 0x3e length: 726 > 260 [ 617.283582][ T9097] Bluetooth: hci3: unexpected subevent 0x0d length: 725 > 260 [ 617.283645][ T9097] Bluetooth: hci3: Malformed LE Event: 0x0d [ 617.372059][T14744] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 617.377933][ T9097] Bluetooth: hci1: unexpected event 0x3e length: 726 > 260 [ 617.377965][ T9097] Bluetooth: hci1: unexpected subevent 0x0d length: 725 > 260 [ 617.378029][ T9097] Bluetooth: hci1: Malformed LE Event: 0x0d [ 618.401278][T14779] netlink: 290 bytes leftover after parsing attributes in process `syz.3.1830'. [ 618.432031][ T9086] Bluetooth: hci1: unexpected event for opcode 0x7c89 [ 618.550187][T14783] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 618.561819][ T9086] Bluetooth: hci1: unexpected event 0x3e length: 726 > 260 [ 618.561856][ T9086] Bluetooth: hci1: unexpected subevent 0x0d length: 725 > 260 [ 618.578373][ T9086] bt_err_ratelimited: 8 callbacks suppressed [ 618.578403][ T9086] Bluetooth: hci1: Unknown advertising packet type: 0x7f [ 618.584653][ T9086] Bluetooth: hci1: adv larger than maximum supported [ 618.591716][ T9086] Bluetooth: hci1: Unknown advertising packet type: 0x5f [ 618.602726][ T9086] Bluetooth: hci1: Malformed LE Event: 0x0d [ 618.798196][T14790] FAULT_INJECTION: forcing a failure. [ 618.798196][T14790] name failslab, interval 1, probability 0, space 0, times 0 [ 618.811750][T14790] CPU: 1 UID: 0 PID: 14790 Comm: syz.1.1833 Not tainted syzkaller #0 PREEMPT(full) [ 618.811791][T14790] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 618.811810][T14790] Call Trace: [ 618.811819][T14790] [ 618.811830][T14790] dump_stack_lvl+0x100/0x190 [ 618.811877][T14790] should_fail_ex.cold+0x5/0xa [ 618.811909][T14790] should_failslab+0xc2/0x120 [ 618.811941][T14790] __kmalloc_node_track_caller_noprof+0xf9/0x9d0 [ 618.811977][T14790] ? v9fs_init_fs_context+0xf1/0x590 [ 618.812015][T14790] ? kstrdup+0x51/0xe0 [ 618.812056][T14790] kstrdup+0x51/0xe0 [ 618.812093][T14790] v9fs_init_fs_context+0xf1/0x590 [ 618.812125][T14790] alloc_fs_context+0x60c/0xf40 [ 618.812168][T14790] __x64_sys_fsopen+0xed/0x220 [ 618.812208][T14790] do_syscall_64+0x106/0xf80 [ 618.812236][T14790] ? clear_bhb_loop+0x40/0x90 [ 618.812276][T14790] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 618.812305][T14790] RIP: 0033:0x7fe6c879bf79 [ 618.812328][T14790] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 618.812358][T14790] RSP: 002b:00007fe6c9680028 EFLAGS: 00000246 ORIG_RAX: 00000000000001ae [ 618.812384][T14790] RAX: ffffffffffffffda RBX: 00007fe6c8a15fa0 RCX: 00007fe6c879bf79 [ 618.812404][T14790] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 618.812421][T14790] RBP: 00007fe6c88327e0 R08: 0000000000000000 R09: 0000000000000000 [ 618.812438][T14790] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 618.812455][T14790] R13: 00007fe6c8a16038 R14: 00007fe6c8a15fa0 R15: 00007ffd180b7628 [ 618.812523][T14790] [ 619.039373][ T9086] Bluetooth: hci2: unexpected event for opcode 0x7c89 [ 619.162442][T14798] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 619.189009][ T9086] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 619.189050][ T9086] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 619.208694][ T9086] Bluetooth: hci2: Unknown advertising packet type: 0x7f [ 619.208726][ T9086] Bluetooth: hci2: adv larger than maximum supported [ 619.216224][ T9086] Bluetooth: hci2: Unknown advertising packet type: 0x5f [ 619.223318][ T9086] Bluetooth: hci2: Malformed LE Event: 0x0d [ 620.278803][ T30] audit: type=1800 audit(4294967335.859:53): pid=14815 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.1839" name="features" dev="configfs" ino=69833 res=0 errno=0 [ 620.510455][ T9086] Bluetooth: hci1: unexpected event for opcode 0x7c89 [ 620.641728][T14824] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 620.665889][T14823] nfs: Unknown parameter 'B+lY 7wPE37m]EHs[ؐu`08ciOޕ[$(uҞ%EtOugrF6ae8wi쩭#b/;PclB' [ 620.713188][ T9086] Bluetooth: hci1: unexpected event 0x3e length: 726 > 260 [ 620.713226][ T9086] Bluetooth: hci1: unexpected subevent 0x0d length: 725 > 260 [ 620.729623][ T9086] Bluetooth: hci1: Unknown advertising packet type: 0x7f [ 620.729654][ T9086] Bluetooth: hci1: adv larger than maximum supported [ 620.737857][ T9086] Bluetooth: hci1: Unknown advertising packet type: 0x5f [ 620.744762][ T9086] Bluetooth: hci1: Malformed LE Event: 0x0d [ 621.004511][ T9086] Bluetooth: hci1: unexpected event for opcode 0x7c89 [ 621.141206][T14841] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 621.193871][ T9086] Bluetooth: hci1: unexpected event 0x3e length: 726 > 260 [ 621.193906][ T9086] Bluetooth: hci1: unexpected subevent 0x0d length: 725 > 260 [ 621.208699][ T9086] Bluetooth: hci1: Unknown advertising packet type: 0x7f [ 621.208735][ T9086] Bluetooth: hci1: Malformed LE Event: 0x0d [ 621.355877][ T9086] Bluetooth: hci3: unexpected event for opcode 0x7c89 [ 621.410875][ T9086] Bluetooth: hci0: unexpected event for opcode 0x7c89 [ 621.490258][ T9086] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 621.490284][ T9086] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 621.505294][ T9086] Bluetooth: hci0: Malformed LE Event: 0x0d [ 621.584581][T14849] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 622.659817][T14878] smpboot: CPU 1 is now offline [ 622.681546][ T9086] Bluetooth: hci2: unexpected event for opcode 0x7c89 [ 622.783441][T14882] smpboot: Booting Node 0 Processor 1 APIC 0x1 [ 622.795022][T14887] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 622.837804][ T9086] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 622.837829][ T9086] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 622.853417][ T9086] Bluetooth: hci2: Malformed LE Event: 0x0d [ 623.820994][ T9086] Bluetooth: hci2: unexpected event for opcode 0x7c89 [ 623.929173][T14929] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 623.941852][ T9086] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 623.941889][ T9086] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 623.956695][ T9086] bt_err_ratelimited: 8 callbacks suppressed [ 623.956716][ T9086] Bluetooth: hci2: Unknown advertising packet type: 0x7f [ 623.973158][ T9086] Bluetooth: hci2: adv larger than maximum supported [ 623.980300][ T9086] Bluetooth: hci2: Unknown advertising packet type: 0x5f [ 623.987190][ T9086] Bluetooth: hci2: Malformed LE Event: 0x0d [ 624.097942][ T30] audit: type=1800 audit(4294967339.681:54): pid=14925 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.1876" name="dbroot" dev="configfs" ino=70151 res=0 errno=0 [ 624.795450][ T9086] Bluetooth: hci3: unexpected event for opcode 0x7c89 [ 624.911012][T14952] syz.3.1883 uses obsolete (PF_INET,SOCK_PACKET) [ 624.952221][T14953] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 624.977368][ T9086] Bluetooth: hci3: unexpected event 0x3e length: 726 > 260 [ 624.977405][ T9086] Bluetooth: hci3: unexpected subevent 0x0d length: 725 > 260 [ 624.992299][ T9086] Bluetooth: hci3: Unknown advertising packet type: 0x7f [ 624.992330][ T9086] Bluetooth: hci3: adv larger than maximum supported [ 625.000211][ T9086] Bluetooth: hci3: Unknown advertising packet type: 0x5f [ 625.008598][ T9086] Bluetooth: hci3: Malformed LE Event: 0x0d [ 625.397607][ T30] audit: type=1800 audit(4294967340.971:55): pid=14964 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.1885" name="dbroot" dev="configfs" ino=69212 res=0 errno=0 [ 625.420087][ T9086] Bluetooth: hci1: unexpected event for opcode 0x7c89 [ 625.571341][T14970] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 625.632764][ T9086] Bluetooth: hci1: unexpected event 0x3e length: 726 > 260 [ 625.632789][ T9086] Bluetooth: hci1: unexpected subevent 0x0d length: 725 > 260 [ 625.653032][ T9086] Bluetooth: hci1: Unknown advertising packet type: 0x7f [ 625.653054][ T9086] Bluetooth: hci1: adv larger than maximum supported [ 625.660216][ T9086] Bluetooth: hci1: Unknown advertising packet type: 0x5f [ 625.667656][ T9086] Bluetooth: hci1: Malformed LE Event: 0x0d [ 626.170720][ T9086] Bluetooth: hci0: unexpected event for opcode 0x7c89 [ 626.205839][ T30] audit: type=1800 audit(4294967341.782:56): pid=14978 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.1890" name="dbroot" dev="configfs" ino=70268 res=0 errno=0 [ 626.570388][ T9086] Bluetooth: hci2: unexpected event for opcode 0x7c89 [ 626.668314][T14996] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 626.705592][ T9086] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 626.705633][ T9086] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 626.720909][ T9086] Bluetooth: hci2: Unknown advertising packet type: 0x7f [ 626.720967][ T9086] Bluetooth: hci2: Malformed LE Event: 0x0d [ 626.755461][T14994] sp0: Synchronizing with TNC [ 626.991006][ T9086] Bluetooth: hci3: unexpected event for opcode 0x7c89 [ 627.145904][T15004] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 627.173808][ T9086] Bluetooth: hci3: unexpected event 0x3e length: 726 > 260 [ 627.173847][ T9086] Bluetooth: hci3: unexpected subevent 0x0d length: 725 > 260 [ 627.190452][ T9086] Bluetooth: hci3: Malformed LE Event: 0x0d [ 627.226179][T15010] sp0: Synchronizing with TNC [ 627.347837][T15014] [U] [ 627.466580][T15010] sp0: Synchronizing with TNC [ 627.538960][ T9086] Bluetooth: hci1: unexpected event for opcode 0x7c89 [ 627.660449][T15025] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 627.671461][ T9086] Bluetooth: hci1: unexpected event 0x3e length: 726 > 260 [ 627.671503][ T9086] Bluetooth: hci1: unexpected subevent 0x0d length: 725 > 260 [ 627.692519][ T9086] Bluetooth: hci1: Malformed LE Event: 0x0d [ 628.498252][ T9086] Bluetooth: hci3: unexpected event for opcode 0x7c89 [ 628.615493][T15053] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 629.039704][ T30] audit: type=1800 audit(4294967344.623:57): pid=15067 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.1920" name="dbroot" dev="configfs" ino=70669 res=0 errno=0 [ 629.402503][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 629.412450][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 629.652912][ T9086] Bluetooth: hci2: unexpected event for opcode 0x7c89 [ 629.811179][T15075] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 629.853639][ T9086] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 629.853674][ T9086] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 629.869974][ T9086] bt_err_ratelimited: 8 callbacks suppressed [ 629.869992][ T9086] Bluetooth: hci2: Unknown advertising packet type: 0x7f [ 629.875995][ T9086] Bluetooth: hci2: adv larger than maximum supported [ 629.883592][ T9086] Bluetooth: hci2: Unknown advertising packet type: 0x5f [ 629.891702][ T9086] Bluetooth: hci2: Malformed LE Event: 0x0d [ 630.002073][ T9086] Bluetooth: hci0: unexpected event for opcode 0x7c89 [ 630.190189][T15083] hub 1-0:1.0: USB hub found [ 630.234099][T15083] hub 1-0:1.0: 1 port detected [ 630.366159][ T9086] Bluetooth: hci0: unexpected event for opcode 0x7c89 [ 630.566396][ T9086] Bluetooth: hci1: unexpected event for opcode 0x7c89 [ 630.678417][T15102] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 631.371036][ T9086] Bluetooth: hci2: unexpected event for opcode 0x7c89 [ 631.399806][ T9086] Bluetooth: hci0: unexpected event for opcode 0x7c89 [ 631.465882][ T30] audit: type=1800 audit(4294967347.045:58): pid=15119 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.1936" name="dbroot" dev="configfs" ino=71758 res=0 errno=0 [ 631.510740][T15122] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 631.528379][ T9086] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 631.528422][ T9086] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 631.545148][ T9086] Bluetooth: hci0: Unknown advertising packet type: 0x7f [ 631.545181][ T9086] Bluetooth: hci0: adv larger than maximum supported [ 631.553564][ T9086] Bluetooth: hci0: Unknown advertising packet type: 0x5f [ 631.560472][ T9086] Bluetooth: hci0: Malformed LE Event: 0x0d [ 632.240086][ T9086] Bluetooth: hci0: unexpected event for opcode 0x7c89 [ 632.375799][T15139] FAULT_INJECTION: forcing a failure. [ 632.375799][T15139] name failslab, interval 1, probability 0, space 0, times 0 [ 632.445987][T15139] CPU: 0 UID: 0 PID: 15139 Comm: syz.2.1945 Not tainted syzkaller #0 PREEMPT(full) [ 632.446027][T15139] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 632.446044][T15139] Call Trace: [ 632.446053][T15139] [ 632.446063][T15139] dump_stack_lvl+0x100/0x190 [ 632.446114][T15139] should_fail_ex.cold+0x5/0xa [ 632.446143][T15139] should_failslab+0xc2/0x120 [ 632.446184][T15139] __kmalloc_cache_noprof+0x80/0x810 [ 632.446225][T15139] ? vhost_net_open+0x2d/0x8b0 [ 632.446259][T15139] ? vhost_net_open+0x73/0x8b0 [ 632.446301][T15139] ? __pfx_vhost_net_open+0x10/0x10 [ 632.446336][T15139] ? vhost_net_open+0x73/0x8b0 [ 632.446371][T15139] vhost_net_open+0x73/0x8b0 [ 632.446405][T15139] ? __pfx_vhost_net_open+0x10/0x10 [ 632.446442][T15139] misc_open+0x26d/0x450 [ 632.446484][T15139] ? __pfx_misc_open+0x10/0x10 [ 632.446524][T15139] chrdev_open+0x234/0x6a0 [ 632.446553][T15139] ? __pfx_apparmor_file_open+0x10/0x10 [ 632.446596][T15139] ? __pfx_chrdev_open+0x10/0x10 [ 632.446628][T15139] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 632.446668][T15139] do_dentry_open+0x6d8/0x1660 [ 632.446697][T15139] ? __pfx_chrdev_open+0x10/0x10 [ 632.446734][T15139] vfs_open+0x82/0x3f0 [ 632.446776][T15139] path_openat+0x208c/0x31a0 [ 632.446820][T15139] ? __pfx_path_openat+0x10/0x10 [ 632.446864][T15139] do_file_open+0x20e/0x430 [ 632.446897][T15139] ? __pfx_do_file_open+0x10/0x10 [ 632.446951][T15139] ? alloc_fd+0x476/0x790 [ 632.446981][T15139] ? do_getname+0x191/0x390 [ 632.447018][T15139] do_sys_openat2+0x10d/0x1e0 [ 632.447054][T15139] ? __pfx_do_sys_openat2+0x10/0x10 [ 632.447094][T15139] ? __fget_files+0x21f/0x3d0 [ 632.447127][T15139] __x64_sys_openat+0x12d/0x210 [ 632.447175][T15139] ? __pfx___x64_sys_openat+0x10/0x10 [ 632.447213][T15139] ? xfd_validate_state+0x129/0x190 [ 632.447257][T15139] do_syscall_64+0x106/0xf80 [ 632.447285][T15139] ? clear_bhb_loop+0x40/0x90 [ 632.447318][T15139] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 632.447348][T15139] RIP: 0033:0x7f859419bf79 [ 632.447373][T15139] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 632.447400][T15139] RSP: 002b:00007f859506a028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 632.447426][T15139] RAX: ffffffffffffffda RBX: 00007f8594415fa0 RCX: 00007f859419bf79 [ 632.447445][T15139] RDX: 0000000000000000 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 632.447462][T15139] RBP: 00007f85942327e0 R08: 0000000000000000 R09: 0000000000000000 [ 632.447479][T15139] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 632.447495][T15139] R13: 00007f8594416038 R14: 00007f8594415fa0 R15: 00007ffdbbfe8a48 [ 632.447533][T15139] [ 632.566470][T15147] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 632.589541][ T9086] Bluetooth: hci2: unexpected event for opcode 0x7c89 [ 633.112530][ T9086] Bluetooth: hci0: unexpected event for opcode 0x7c89 [ 633.200158][ T9086] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 633.200194][ T9086] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 633.218412][ T9086] Bluetooth: hci0: Unknown advertising packet type: 0x7f [ 633.218449][ T9086] Bluetooth: hci0: adv larger than maximum supported [ 633.225509][ T9086] Bluetooth: hci0: Unknown advertising packet type: 0x5f [ 633.232815][ T9086] Bluetooth: hci0: Malformed LE Event: 0x0d [ 633.290387][ T9086] Bluetooth: hci3: unexpected event for opcode 0x7c89 [ 633.342927][T15166] Falling back ldisc for pty66. [ 633.389788][T15168] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 634.199556][T15194] FAULT_INJECTION: forcing a failure. [ 634.199556][T15194] name failslab, interval 1, probability 0, space 0, times 0 [ 634.227520][T15194] CPU: 0 UID: 0 PID: 15194 Comm: syz.3.1963 Not tainted syzkaller #0 PREEMPT(full) [ 634.227560][T15194] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 634.227576][T15194] Call Trace: [ 634.227585][T15194] [ 634.227595][T15194] dump_stack_lvl+0x100/0x190 [ 634.227640][T15194] should_fail_ex.cold+0x5/0xa [ 634.227671][T15194] should_failslab+0xc2/0x120 [ 634.227705][T15194] __kmalloc_node_track_caller_noprof+0xf9/0x9d0 [ 634.227738][T15194] ? find_held_lock+0x2b/0x80 [ 634.227774][T15194] ? drm_edid_alloc+0x4d/0x120 [ 634.227814][T15194] ? kmemdup_noprof+0x29/0x60 [ 634.227841][T15194] kmemdup_noprof+0x29/0x60 [ 634.227871][T15194] drm_edid_alloc+0x4d/0x120 [ 634.227903][T15194] drm_edid_override_set+0x27/0x2c0 [ 634.227948][T15194] edid_write+0xe3/0x180 [ 634.227986][T15194] full_proxy_write+0x135/0x1a0 [ 634.228034][T15194] vfs_write+0x2aa/0x1070 [ 634.228062][T15194] ? __pfx_full_proxy_write+0x10/0x10 [ 634.228110][T15194] ? __pfx_vfs_write+0x10/0x10 [ 634.228136][T15194] ? __fget_files+0x215/0x3d0 [ 634.228173][T15194] ? __fget_files+0x21f/0x3d0 [ 634.228210][T15194] ksys_write+0x12a/0x250 [ 634.228238][T15194] ? __pfx_ksys_write+0x10/0x10 [ 634.228285][T15194] do_syscall_64+0x106/0xf80 [ 634.228312][T15194] ? clear_bhb_loop+0x40/0x90 [ 634.228347][T15194] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 634.228374][T15194] RIP: 0033:0x7f060839bf79 [ 634.228400][T15194] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 634.228428][T15194] RSP: 002b:00007f0609343028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 634.228455][T15194] RAX: ffffffffffffffda RBX: 00007f0608615fa0 RCX: 00007f060839bf79 [ 634.228474][T15194] RDX: 00000000000005c8 RSI: 0000000000000000 RDI: 0000000000000003 [ 634.228490][T15194] RBP: 00007f06084327e0 R08: 0000000000000000 R09: 0000000000000000 [ 634.228507][T15194] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 634.228523][T15194] R13: 00007f0608616038 R14: 00007f0608615fa0 R15: 00007ffee482e7a8 [ 634.228562][T15194] [ 634.460395][ T9086] Bluetooth: hci3: unexpected event for opcode 0x7c89 [ 634.536697][ T9086] Bluetooth: hci3: unexpected event 0x3e length: 726 > 260 [ 634.536732][ T9086] Bluetooth: hci3: unexpected subevent 0x0d length: 725 > 260 [ 634.552723][ T9086] Bluetooth: hci3: Unknown advertising packet type: 0x7f [ 634.552784][ T9086] Bluetooth: hci3: Malformed LE Event: 0x0d [ 634.602167][ T9086] Bluetooth: hci2: unexpected event for opcode 0x7c89 [ 634.725495][T15207] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 634.747588][ T9086] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 634.747622][ T9086] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 634.766087][ T9086] Bluetooth: hci2: Malformed LE Event: 0x0d [ 634.923929][T15209] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 634.968031][T15209] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 635.167374][ T9086] Bluetooth: hci2: unexpected event for opcode 0x7c89 [ 635.294498][T15219] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 635.356705][ T9086] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 635.356743][ T9086] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 635.376331][ T9086] bt_err_ratelimited: 4 callbacks suppressed [ 635.376353][ T9086] Bluetooth: hci2: Unknown advertising packet type: 0x7f [ 635.384737][ T9086] Bluetooth: hci2: adv larger than maximum supported [ 635.391828][ T9086] Bluetooth: hci2: Unknown advertising packet type: 0x5f [ 635.398654][ T9086] Bluetooth: hci2: Malformed LE Event: 0x0d [ 635.829656][ T9086] Bluetooth: hci2: unexpected event for opcode 0x7c89 [ 635.973990][T15235] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 635.982771][ T9086] Bluetooth: hci0: unexpected event for opcode 0x7c89 [ 635.990148][ T9097] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 635.990183][ T9097] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 636.012905][ T9097] Bluetooth: hci2: Unknown advertising packet type: 0x7f [ 636.012937][ T9097] Bluetooth: hci2: adv larger than maximum supported [ 636.021089][ T9097] Bluetooth: hci2: Unknown advertising packet type: 0x5f [ 636.028005][ T9097] Bluetooth: hci2: Malformed LE Event: 0x0d [ 636.152686][ T9097] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 636.152729][ T9097] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 636.168026][ T9097] Bluetooth: hci0: Unknown advertising packet type: 0x7f [ 636.168061][ T9097] Bluetooth: hci0: adv larger than maximum supported [ 636.175372][ T9097] Bluetooth: hci0: Unknown advertising packet type: 0x5f [ 636.184569][ T9097] Bluetooth: hci0: Malformed LE Event: 0x0d [ 636.648190][T15250] smpboot: CPU 1 is now offline [ 636.901610][ T9097] Bluetooth: hci3: unexpected event for opcode 0x7c89 [ 637.047173][T15261] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 637.095375][ T9097] Bluetooth: hci3: unexpected event 0x3e length: 726 > 260 [ 637.095398][ T9097] Bluetooth: hci3: unexpected subevent 0x0d length: 725 > 260 [ 637.111462][ T9097] Bluetooth: hci3: Unknown advertising packet type: 0x7f [ 637.111498][ T9097] Bluetooth: hci3: Malformed LE Event: 0x0d [ 637.192651][T15265] FAULT_INJECTION: forcing a failure. [ 637.192651][T15265] name failslab, interval 1, probability 0, space 0, times 0 [ 637.262904][T15265] CPU: 0 UID: 0 PID: 15265 Comm: syz.1.1987 Not tainted syzkaller #0 PREEMPT(full) [ 637.262928][T15265] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 637.262938][T15265] Call Trace: [ 637.262943][T15265] [ 637.262949][T15265] dump_stack_lvl+0x100/0x190 [ 637.262976][T15265] should_fail_ex.cold+0x5/0xa [ 637.262994][T15265] should_failslab+0xc2/0x120 [ 637.263012][T15265] __kmalloc_cache_noprof+0x80/0x810 [ 637.263036][T15265] ? usb_control_msg+0xbc/0x4a0 [ 637.263056][T15265] ? disable_store+0x21a/0x450 [ 637.263072][T15265] ? usb_control_msg+0xbc/0x4a0 [ 637.263091][T15265] ? __pfx___mutex_lock+0x10/0x10 [ 637.263106][T15265] usb_control_msg+0xbc/0x4a0 [ 637.263127][T15265] ? __pfx_usb_control_msg+0x10/0x10 [ 637.263147][T15265] ? __pfx___up_read+0x10/0x10 [ 637.263163][T15265] ? kernfs_find_and_get_ns+0x5f/0x70 [ 637.263188][T15265] usb_hub_set_port_power+0x125/0x180 [ 637.263216][T15265] disable_store+0x2eb/0x450 [ 637.263231][T15265] ? __pfx_disable_store+0x10/0x10 [ 637.263246][T15265] ? find_held_lock+0x2b/0x80 [ 637.263265][T15265] ? sysfs_file_kobj+0xe4/0x290 [ 637.263281][T15265] ? sysfs_file_kobj+0xe4/0x290 [ 637.263297][T15265] ? __pfx_disable_store+0x10/0x10 [ 637.263310][T15265] dev_attr_store+0x58/0x80 [ 637.263332][T15265] ? __pfx_dev_attr_store+0x10/0x10 [ 637.263352][T15265] sysfs_kf_write+0xf2/0x150 [ 637.263370][T15265] kernfs_fop_write_iter+0x3e0/0x5f0 [ 637.263383][T15265] ? __pfx_sysfs_kf_write+0x10/0x10 [ 637.263401][T15265] vfs_write+0x6ac/0x1070 [ 637.263416][T15265] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 637.263441][T15265] ? __pfx_vfs_write+0x10/0x10 [ 637.263468][T15265] ksys_write+0x12a/0x250 [ 637.263482][T15265] ? __pfx_ksys_write+0x10/0x10 [ 637.263502][T15265] do_syscall_64+0x106/0xf80 [ 637.263516][T15265] ? clear_bhb_loop+0x40/0x90 [ 637.263533][T15265] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 637.263548][T15265] RIP: 0033:0x7fe6c879bf79 [ 637.263560][T15265] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 637.263574][T15265] RSP: 002b:00007fe6c9680028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 637.263589][T15265] RAX: ffffffffffffffda RBX: 00007fe6c8a15fa0 RCX: 00007fe6c879bf79 [ 637.263598][T15265] RDX: 00000000000005c8 RSI: 0000000000000000 RDI: 0000000000000003 [ 637.263607][T15265] RBP: 00007fe6c88327e0 R08: 0000000000000000 R09: 0000000000000000 [ 637.263615][T15265] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 637.263624][T15265] R13: 00007fe6c8a16038 R14: 00007fe6c8a15fa0 R15: 00007ffd180b7628 [ 637.263644][T15265] [ 637.725602][T15274] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1990'. [ 637.824550][T15278] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 637.846102][ T9097] Bluetooth: hci3: unexpected event for opcode 0x7c89 [ 637.951765][ T9086] Bluetooth: hci3: unexpected event 0x3e length: 726 > 260 [ 637.951790][ T9086] Bluetooth: hci3: unexpected subevent 0x0d length: 725 > 260 [ 637.967809][ T9086] Bluetooth: hci3: Malformed LE Event: 0x0d [ 638.147406][ T9086] Bluetooth: hci2: unexpected event for opcode 0x7c89 [ 638.213928][T15290] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 638.234643][ T30] audit: type=1800 audit(4294967353.818:59): pid=15291 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.1995" name="dbroot" dev="configfs" ino=72653 res=0 errno=0 [ 638.302791][ T9097] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 638.302816][ T9097] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 638.322025][ T9097] Bluetooth: hci2: Malformed LE Event: 0x0d [ 640.625430][T15319] FAULT_INJECTION: forcing a failure. [ 640.625430][T15319] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 640.768154][T15319] CPU: 0 UID: 0 PID: 15319 Comm: syz.2.2005 Not tainted syzkaller #0 PREEMPT(full) [ 640.768178][T15319] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 640.768188][T15319] Call Trace: [ 640.768193][T15319] [ 640.768200][T15319] dump_stack_lvl+0x100/0x190 [ 640.768226][T15319] should_fail_ex.cold+0x5/0xa [ 640.768243][T15319] core_sys_select+0x9b9/0xbb0 [ 640.768263][T15319] ? __pfx_core_sys_select+0x10/0x10 [ 640.768296][T15319] ? ktime_get_ts64+0x2d2/0x3f0 [ 640.768318][T15319] ? read_tsc+0x9/0x20 [ 640.768331][T15319] ? ktime_get_ts64+0x256/0x3f0 [ 640.768359][T15319] kern_select+0x20c/0x270 [ 640.768375][T15319] ? __pfx_kern_select+0x10/0x10 [ 640.768403][T15319] __x64_sys_select+0xbd/0x160 [ 640.768416][T15319] ? do_syscall_64+0x95/0xf80 [ 640.768431][T15319] ? lockdep_hardirqs_on+0x78/0x100 [ 640.768446][T15319] do_syscall_64+0x106/0xf80 [ 640.768459][T15319] ? clear_bhb_loop+0x40/0x90 [ 640.768477][T15319] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 640.768492][T15319] RIP: 0033:0x7f859419bf79 [ 640.768504][T15319] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 640.768518][T15319] RSP: 002b:00007f859506a028 EFLAGS: 00000246 ORIG_RAX: 0000000000000017 [ 640.768532][T15319] RAX: ffffffffffffffda RBX: 00007f8594415fa0 RCX: 00007f859419bf79 [ 640.768542][T15319] RDX: 0000200000000400 RSI: 0000200000000380 RDI: 0000000000000006 [ 640.768551][T15319] RBP: 00007f85942327e0 R08: 0000200000000540 R09: 0000000000000000 [ 640.768560][T15319] R10: 0000200000000480 R11: 0000000000000246 R12: 0000000000000000 [ 640.768569][T15319] R13: 00007f8594416038 R14: 00007f8594415fa0 R15: 00007ffdbbfe8a48 [ 640.768588][T15319] [ 641.385276][ T30] audit: type=1800 audit(4294967356.979:60): pid=15331 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.2009" name="dbroot" dev="configfs" ino=73006 res=0 errno=0 [ 641.936881][ T9097] Bluetooth: hci1: unexpected event for opcode 0x7c89 [ 642.078421][T15344] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 642.151919][ T9097] Bluetooth: hci1: unexpected event 0x3e length: 726 > 260 [ 642.151944][ T9097] Bluetooth: hci1: unexpected subevent 0x0d length: 725 > 260 [ 642.166972][ T9097] bt_err_ratelimited: 8 callbacks suppressed [ 642.166982][ T9097] Bluetooth: hci1: Unknown advertising packet type: 0x7f [ 642.173129][ T9097] Bluetooth: hci1: adv larger than maximum supported [ 642.180139][ T9097] Bluetooth: hci1: Unknown advertising packet type: 0x5f [ 642.191151][ T9097] Bluetooth: hci1: Malformed LE Event: 0x0d [ 642.691928][T15355] __vm_enough_memory: pid: 15355, comm: syz.1.2016, bytes: 4398046511104 not enough memory for the allocation [ 643.015206][T15366] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 643.228596][ T9097] Bluetooth: hci1: unexpected event for opcode 0x7c89 [ 643.327198][ T9097] Bluetooth: hci1: unexpected event 0x3e length: 726 > 260 [ 643.327222][ T9097] Bluetooth: hci1: unexpected subevent 0x0d length: 725 > 260 [ 643.343358][ T9097] Bluetooth: hci1: Unknown advertising packet type: 0x7f [ 643.343381][ T9097] Bluetooth: hci1: adv larger than maximum supported [ 643.350457][ T9097] Bluetooth: hci1: Malformed LE Event: 0x0d [ 643.854616][ T9097] Bluetooth: hci2: unexpected event for opcode 0x7c89 [ 643.903946][T15381] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 643.944055][ T9097] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 643.944081][ T9097] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 643.959538][ T9097] Bluetooth: hci2: Unknown advertising packet type: 0x7f [ 643.959558][ T9097] Bluetooth: hci2: adv larger than maximum supported [ 643.968094][ T9097] Bluetooth: hci2: Unknown advertising packet type: 0x5f [ 643.974859][ T9097] Bluetooth: hci2: Malformed LE Event: 0x0d [ 644.440821][ T9097] Bluetooth: hci3: unexpected event for opcode 0x7c89 [ 644.570928][ T9097] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 644.585785][ T9086] Bluetooth: hci3: unexpected event 0x3e length: 726 > 260 [ 644.585807][ T9086] Bluetooth: hci3: unexpected subevent 0x0d length: 725 > 260 [ 644.600736][ T9086] Bluetooth: hci3: Unknown advertising packet type: 0x7f [ 644.600758][ T9086] Bluetooth: hci3: adv larger than maximum supported [ 644.607827][ T9086] Bluetooth: hci3: Malformed LE Event: 0x0d [ 644.786684][T15407] FAULT_INJECTION: forcing a failure. [ 644.786684][T15407] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 644.832460][T15407] CPU: 0 UID: 0 PID: 15407 Comm: syz.1.2036 Not tainted syzkaller #0 PREEMPT(full) [ 644.832483][T15407] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 644.832493][T15407] Call Trace: [ 644.832498][T15407] [ 644.832504][T15407] dump_stack_lvl+0x100/0x190 [ 644.832529][T15407] should_fail_ex.cold+0x5/0xa [ 644.832543][T15407] ? prepare_alloc_pages+0x16d/0x5f0 [ 644.832564][T15407] should_fail_alloc_page+0xeb/0x140 [ 644.832583][T15407] prepare_alloc_pages+0x1f0/0x5f0 [ 644.832606][T15407] __alloc_frozen_pages_noprof+0x193/0x2410 [ 644.832625][T15407] ? rcu_is_watching+0x12/0xc0 [ 644.832643][T15407] ? trace_mm_page_alloc+0x10e/0x160 [ 644.832662][T15407] ? __alloc_frozen_pages_noprof+0x2a0/0x2410 [ 644.832678][T15407] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 644.832694][T15407] ? kasan_save_stack+0x30/0x50 [ 644.832708][T15407] ? kasan_save_track+0x14/0x30 [ 644.832721][T15407] ? __kasan_kmalloc+0xaa/0xb0 [ 644.832734][T15407] ? __kmalloc_noprof+0x347/0x9c0 [ 644.832753][T15407] ? vhost_dev_set_owner+0x287/0xa30 [ 644.832775][T15407] ? vhost_dev_ioctl+0x521/0xe20 [ 644.832787][T15407] ? vhost_vsock_dev_ioctl+0x320/0xb30 [ 644.832811][T15407] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 644.832829][T15407] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 644.832854][T15407] ? policy_nodemask+0xed/0x4f0 [ 644.832872][T15407] alloc_pages_mpol+0x1fb/0x550 [ 644.832891][T15407] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 644.832914][T15407] ___kmalloc_large_node+0x104/0x150 [ 644.832935][T15407] __kmalloc_large_node_noprof+0x1c/0x70 [ 644.832955][T15407] ? vhost_dev_set_owner+0x191/0xa30 [ 644.832977][T15407] __kmalloc_noprof+0x6b1/0x9c0 [ 644.833003][T15407] ? vhost_dev_set_owner+0x191/0xa30 [ 644.833031][T15407] vhost_dev_set_owner+0x191/0xa30 [ 644.833061][T15407] vhost_dev_ioctl+0x521/0xe20 [ 644.833074][T15407] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 644.833096][T15407] ? __pfx_vhost_dev_ioctl+0x10/0x10 [ 644.833126][T15407] vhost_vsock_dev_ioctl+0x320/0xb30 [ 644.833146][T15407] ? __fget_files+0x215/0x3d0 [ 644.833159][T15407] ? hook_file_ioctl_common+0x146/0x410 [ 644.833175][T15407] ? __pfx_vhost_vsock_dev_ioctl+0x10/0x10 [ 644.833199][T15407] ? __fget_files+0x21f/0x3d0 [ 644.833216][T15407] ? __pfx_vhost_vsock_dev_ioctl+0x10/0x10 [ 644.833240][T15407] __x64_sys_ioctl+0x18e/0x210 [ 644.833263][T15407] do_syscall_64+0x106/0xf80 [ 644.833277][T15407] ? clear_bhb_loop+0x40/0x90 [ 644.833295][T15407] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 644.833310][T15407] RIP: 0033:0x7fe6c879bf79 [ 644.833323][T15407] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 644.833337][T15407] RSP: 002b:00007fe6c9680028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 644.833352][T15407] RAX: ffffffffffffffda RBX: 00007fe6c8a15fa0 RCX: 00007fe6c879bf79 [ 644.833362][T15407] RDX: 0000000000000000 RSI: 000000000000af01 RDI: 0000000000000003 [ 644.833371][T15407] RBP: 00007fe6c88327e0 R08: 0000000000000000 R09: 0000000000000000 [ 644.833380][T15407] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 644.833389][T15407] R13: 00007fe6c8a16038 R14: 00007fe6c8a15fa0 R15: 00007ffd180b7628 [ 644.833408][T15407] [ 645.679932][ T9097] Bluetooth: hci3: unexpected event for opcode 0x7c89 [ 645.791476][T15426] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 645.846446][ T9097] Bluetooth: hci3: unexpected event 0x3e length: 726 > 260 [ 645.846471][ T9097] Bluetooth: hci3: unexpected subevent 0x0d length: 725 > 260 [ 645.863313][ T9097] Bluetooth: hci3: Malformed LE Event: 0x0d [ 646.276837][ T9097] Bluetooth: hci2: unexpected event for opcode 0x7c89 [ 646.376889][T15442] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 646.417981][ T9097] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 646.418006][ T9097] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 646.435922][ T9097] Bluetooth: hci2: Malformed LE Event: 0x0d [ 646.652914][ T9097] Bluetooth: hci0: unexpected event for opcode 0x7c89 [ 646.752576][ T9097] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 646.752601][ T9097] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 646.768099][ T9097] Bluetooth: hci0: Malformed LE Event: 0x0d [ 646.792308][ T30] audit: type=1800 audit(4294967362.382:61): pid=15454 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.2051" name="dbroot" dev="configfs" ino=73748 res=0 errno=0 [ 646.976691][ T9097] Bluetooth: hci3: unexpected event for opcode 0x7c89 [ 647.013231][T15457] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 647.057325][ T9097] Bluetooth: hci3: unexpected event 0x3e length: 726 > 260 [ 647.057349][ T9097] Bluetooth: hci3: unexpected subevent 0x0d length: 725 > 260 [ 647.073446][ T9097] Bluetooth: hci3: Malformed LE Event: 0x0d [ 647.792358][ T9097] Bluetooth: hci2: unexpected event for opcode 0x7c89 [ 647.923568][T15486] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 647.932180][ T30] audit: type=1800 audit(4294967363.513:62): pid=15487 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.2064" name="dbroot" dev="configfs" ino=73967 res=0 errno=0 [ 648.018844][ T9097] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 648.018868][ T9097] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 648.033617][ T9097] bt_err_ratelimited: 11 callbacks suppressed [ 648.033629][ T9097] Bluetooth: hci2: Unknown advertising packet type: 0x7f [ 648.039788][ T9097] Bluetooth: hci2: adv larger than maximum supported [ 648.046816][ T9097] Bluetooth: hci2: Unknown advertising packet type: 0x5f [ 648.056536][ T9097] Bluetooth: hci2: Malformed LE Event: 0x0d [ 648.257855][T15480] ima: policy update failed [ 648.307821][ T30] audit: type=1802 audit(4294967363.893:63): pid=15480 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.1.2063" res=0 errno=0 [ 648.593223][T15498] ERROR: Out of memory at tomoyo_memory_ok. [ 648.704001][T15501] FAULT_INJECTION: forcing a failure. [ 648.704001][T15501] name failslab, interval 1, probability 0, space 0, times 0 [ 648.776492][T15501] CPU: 0 UID: 0 PID: 15501 Comm: syz.3.2070 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 648.776528][T15501] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 648.776536][T15501] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 648.776546][T15501] Call Trace: [ 648.776551][T15501] [ 648.776557][T15501] dump_stack_lvl+0x100/0x190 [ 648.776583][T15501] should_fail_ex.cold+0x5/0xa [ 648.776600][T15501] should_failslab+0xc2/0x120 [ 648.776618][T15501] __kmalloc_cache_noprof+0x80/0x810 [ 648.776640][T15501] ? __might_fault+0xc5/0x140 [ 648.776653][T15501] ? do_signalfd4+0x14e/0x480 [ 648.776674][T15501] ? do_signalfd4+0x14e/0x480 [ 648.776701][T15501] do_signalfd4+0x14e/0x480 [ 648.776721][T15501] __x64_sys_signalfd+0x120/0x1a0 [ 648.776740][T15501] ? __pfx___x64_sys_signalfd+0x10/0x10 [ 648.776769][T15501] do_syscall_64+0x106/0xf80 [ 648.776783][T15501] ? clear_bhb_loop+0x40/0x90 [ 648.776801][T15501] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 648.776816][T15501] RIP: 0033:0x7f060839bf79 [ 648.776829][T15501] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 648.776843][T15501] RSP: 002b:00007f0609343028 EFLAGS: 00000246 ORIG_RAX: 000000000000011a [ 648.776858][T15501] RAX: ffffffffffffffda RBX: 00007f0608615fa0 RCX: 00007f060839bf79 [ 648.776868][T15501] RDX: 0000000000000008 RSI: 0000000000000000 RDI: 00000000ffffffff [ 648.776876][T15501] RBP: 00007f06084327e0 R08: 0000000000000000 R09: 0000000000000000 [ 648.776885][T15501] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 648.776893][T15501] R13: 00007f0608616038 R14: 00007f0608615fa0 R15: 00007ffee482e7a8 [ 648.776912][T15501] [ 649.146917][ T9097] Bluetooth: hci1: unexpected event for opcode 0x7c89 [ 649.243325][T15514] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 649.321447][ T9097] Bluetooth: hci1: unexpected event 0x3e length: 726 > 260 [ 649.321471][ T9097] Bluetooth: hci1: unexpected subevent 0x0d length: 725 > 260 [ 649.336477][ T9097] Bluetooth: hci1: Unknown advertising packet type: 0x7f [ 649.336496][ T9097] Bluetooth: hci1: adv larger than maximum supported [ 649.343706][ T9097] Bluetooth: hci1: Unknown advertising packet type: 0x5f [ 649.350572][ T9097] Bluetooth: hci1: Malformed LE Event: 0x0d [ 649.374272][ T30] audit: type=1800 audit(4294967364.963:64): pid=15522 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.2077" name="dbroot" dev="configfs" ino=74115 res=0 errno=0 [ 649.413766][ T9097] Bluetooth: hci0: unexpected event for opcode 0x7c89 [ 649.520463][ T9097] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 649.520489][ T9097] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 649.535477][ T9097] Bluetooth: hci0: Unknown advertising packet type: 0x7f [ 649.535497][ T9097] Bluetooth: hci0: adv larger than maximum supported [ 649.542826][ T9097] Bluetooth: hci0: Unknown advertising packet type: 0x5f [ 649.550369][ T9097] Bluetooth: hci0: Malformed LE Event: 0x0d [ 650.134374][ T9097] Bluetooth: hci0: unexpected event for opcode 0x7c89 [ 650.208573][ T9097] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 650.208598][ T9097] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 650.223630][ T9097] Bluetooth: hci0: Unknown advertising packet type: 0x7f [ 650.223664][ T9097] Bluetooth: hci0: Malformed LE Event: 0x0d [ 650.414033][T15526] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 650.424995][T15526] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 650.442445][T15526] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 650.458589][T15526] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 650.472059][T15526] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 650.489162][T15543] FAULT_INJECTION: forcing a failure. [ 650.489162][T15543] name fail_futex, interval 1, probability 0, space 0, times 0 [ 650.548165][T15543] CPU: 0 UID: 0 PID: 15543 Comm: syz.3.2082 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 650.548199][T15543] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 650.548207][T15543] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 650.548216][T15543] Call Trace: [ 650.548221][T15543] [ 650.548226][T15543] dump_stack_lvl+0x100/0x190 [ 650.548250][T15543] should_fail_ex.cold+0x5/0xa [ 650.548265][T15543] get_futex_key+0x106f/0x1620 [ 650.548290][T15543] ? __pfx_get_futex_key+0x10/0x10 [ 650.548308][T15543] ? lock_acquire+0x17c/0x330 [ 650.548328][T15543] futex_wake+0xea/0x530 [ 650.548346][T15543] ? __pfx_futex_wake+0x10/0x10 [ 650.548362][T15543] ? exit_mm_release+0x19/0x30 [ 650.548381][T15543] do_futex+0x32b/0x350 [ 650.548395][T15543] ? __pfx_do_futex+0x10/0x10 [ 650.548406][T15543] ? __might_fault+0xc5/0x140 [ 650.548425][T15543] mm_release+0x24a/0x2f0 [ 650.548445][T15543] do_exit+0x675/0x2a30 [ 650.548471][T15543] ? __pfx_do_exit+0x10/0x10 [ 650.548486][T15543] ? do_raw_spin_lock+0x128/0x260 [ 650.548501][T15543] ? find_held_lock+0x2b/0x80 [ 650.548519][T15543] ? get_signal+0x7e0/0x21e0 [ 650.548540][T15543] do_group_exit+0xd5/0x2a0 [ 650.548557][T15543] get_signal+0x1ec7/0x21e0 [ 650.548582][T15543] ? __pfx_get_signal+0x10/0x10 [ 650.548602][T15543] ? do_futex+0x192/0x350 [ 650.548618][T15543] arch_do_signal_or_restart+0x91/0x770 [ 650.548632][T15543] ? find_held_lock+0x2b/0x80 [ 650.548649][T15543] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 650.548668][T15543] ? __pfx___x64_sys_futex+0x10/0x10 [ 650.548686][T15543] exit_to_user_mode_loop+0x86/0x4a0 [ 650.548700][T15543] ? rcu_is_watching+0x12/0xc0 [ 650.548718][T15543] do_syscall_64+0x668/0xf80 [ 650.548732][T15543] ? clear_bhb_loop+0x40/0x90 [ 650.548748][T15543] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 650.548762][T15543] RIP: 0033:0x7f060839bf79 [ 650.548774][T15543] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 650.548788][T15543] RSP: 002b:00007f06093010e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 650.548802][T15543] RAX: fffffffffffffe00 RBX: 00007f0608616188 RCX: 00007f060839bf79 [ 650.548811][T15543] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f0608616188 [ 650.548820][T15543] RBP: 00007f0608616180 R08: 0000000000000000 R09: 0000000000000000 [ 650.548828][T15543] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 650.548836][T15543] R13: 00007f0608616218 R14: 00007ffee482e6c0 R15: 00007ffee482e7a8 [ 650.548855][T15543] [ 650.975857][ T9097] Bluetooth: hci0: unexpected event for opcode 0x7c89 [ 650.982758][ T9097] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 650.982777][ T9097] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 650.997550][ T9097] Bluetooth: hci0: Malformed LE Event: 0x0d [ 651.105522][ T30] audit: type=1800 audit(4294967366.614:65): pid=15562 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.2091" name="dbroot" dev="configfs" ino=74342 res=0 errno=0 [ 651.156015][T15564] netlink: 25 bytes leftover after parsing attributes in process `syz.1.2092'. [ 651.336084][ T9086] Bluetooth: hci0: unexpected event for opcode 0x7c89 [ 651.465280][ T9086] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 651.465307][ T9086] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 651.481021][ T9086] Bluetooth: hci0: Malformed LE Event: 0x0d [ 652.099795][ T30] audit: type=1800 audit(4294967367.695:66): pid=15588 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.2097" name="dbroot" dev="configfs" ino=74449 res=0 errno=0 [ 652.176424][T15587] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 652.506172][ T9097] Bluetooth: hci2: command 0x0c1a tx timeout [ 652.512212][T15238] Bluetooth: hci1: command 0x0c1a tx timeout [ 652.518272][ T9086] Bluetooth: hci3: command 0x0c1a tx timeout [ 652.539378][T15598] sp0: Synchronizing with TNC [ 653.136904][T15614] netlink: 330 bytes leftover after parsing attributes in process `syz.1.2107'. [ 653.259882][ T9086] Bluetooth: hci3: unexpected event for opcode 0x7c89 [ 653.299452][ T9086] Bluetooth: hci0: unexpected event for opcode 0x7c89 [ 653.376925][T15626] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 653.408338][ T9086] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 653.408362][ T9086] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 653.423549][ T9086] bt_err_ratelimited: 8 callbacks suppressed [ 653.423561][ T9086] Bluetooth: hci0: Unknown advertising packet type: 0x7f [ 653.429598][ T9086] Bluetooth: hci0: adv larger than maximum supported [ 653.437529][ T9086] Bluetooth: hci0: Unknown advertising packet type: 0x5f [ 653.444204][ T9086] Bluetooth: hci0: Malformed LE Event: 0x0d [ 653.488633][ T9086] Bluetooth: hci3: unexpected event 0x3e length: 726 > 260 [ 653.488657][ T9086] Bluetooth: hci3: unexpected subevent 0x0d length: 725 > 260 [ 653.505381][ T9086] Bluetooth: hci3: Unknown advertising packet type: 0x7f [ 653.505402][ T9086] Bluetooth: hci3: adv larger than maximum supported [ 653.512756][ T9086] Bluetooth: hci3: Unknown advertising packet type: 0x5f [ 653.521370][ T9086] Bluetooth: hci3: Malformed LE Event: 0x0d [ 653.790629][ T9086] Bluetooth: hci2: unexpected event for opcode 0x7c89 [ 654.031954][T15645] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 654.098459][T15642] netlink: 338 bytes leftover after parsing attributes in process `syz.1.2113'. [ 654.112128][ T9086] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 654.112161][ T9086] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 654.127239][ T9086] Bluetooth: hci2: Unknown advertising packet type: 0x7f [ 654.127258][ T9086] Bluetooth: hci2: adv larger than maximum supported [ 654.134267][ T9086] Bluetooth: hci2: Unknown advertising packet type: 0x5f [ 654.141396][ T9086] Bluetooth: hci2: Malformed LE Event: 0x0d [ 654.196947][T15650] netlink: 338 bytes leftover after parsing attributes in process `syz.1.2113'. [ 654.549900][ T30] audit: type=1800 audit(4294967370.146:67): pid=15665 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.2116" name="dbroot" dev="configfs" ino=74842 res=0 errno=0 [ 655.272166][ T9086] Bluetooth: hci0: unexpected event for opcode 0x7c89 [ 655.376856][ T9086] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 655.376882][ T9086] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 655.391747][ T9086] Bluetooth: hci0: Unknown advertising packet type: 0x7f [ 655.391781][ T9086] Bluetooth: hci0: Malformed LE Event: 0x0d [ 655.537768][ T9086] Bluetooth: hci3: unexpected event for opcode 0x7c89 [ 655.639698][T15690] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 655.739782][ T9086] Bluetooth: hci3: unexpected event 0x3e length: 726 > 260 [ 655.739804][ T9086] Bluetooth: hci3: unexpected subevent 0x0d length: 725 > 260 [ 655.754620][ T9086] Bluetooth: hci3: Malformed LE Event: 0x0d [ 655.832240][T15694] netlink: 338 bytes leftover after parsing attributes in process `syz.0.2125'. [ 655.910718][T15694] netlink: 306 bytes leftover after parsing attributes in process `syz.0.2125'. [ 656.101181][T15695] netlink: 338 bytes leftover after parsing attributes in process `syz.0.2125'. [ 656.144576][T15695] netlink: 338 bytes leftover after parsing attributes in process `syz.0.2125'. [ 656.253385][T15695] netlink: 338 bytes leftover after parsing attributes in process `syz.0.2125'. [ 656.272899][T15695] netlink: 338 bytes leftover after parsing attributes in process `syz.0.2125'. [ 656.312854][T15695] netlink: 338 bytes leftover after parsing attributes in process `syz.0.2125'. [ 656.364895][T15695] netlink: 338 bytes leftover after parsing attributes in process `syz.0.2125'. [ 656.403332][T15695] netlink: 338 bytes leftover after parsing attributes in process `syz.0.2125'. [ 656.489387][T15699] FAULT_INJECTION: forcing a failure. [ 656.489387][T15699] name failslab, interval 1, probability 0, space 0, times 0 [ 656.599208][T15699] CPU: 0 UID: 0 PID: 15699 Comm: syz.1.2127 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 656.599245][T15699] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 656.599254][T15699] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 656.599263][T15699] Call Trace: [ 656.599269][T15699] [ 656.599276][T15699] dump_stack_lvl+0x100/0x190 [ 656.599301][T15699] should_fail_ex.cold+0x5/0xa [ 656.599319][T15699] should_failslab+0xc2/0x120 [ 656.599338][T15699] __kmalloc_cache_noprof+0x80/0x810 [ 656.599361][T15699] ? cuse_channel_open+0x1de/0x7f0 [ 656.599381][T15699] ? cuse_channel_open+0x1de/0x7f0 [ 656.599395][T15699] cuse_channel_open+0x1de/0x7f0 [ 656.599411][T15699] ? __pfx_cuse_channel_open+0x10/0x10 [ 656.599428][T15699] misc_open+0x26d/0x450 [ 656.599450][T15699] ? __pfx_misc_open+0x10/0x10 [ 656.599470][T15699] chrdev_open+0x234/0x6a0 [ 656.599486][T15699] ? __pfx_apparmor_file_open+0x10/0x10 [ 656.599508][T15699] ? __pfx_chrdev_open+0x10/0x10 [ 656.599525][T15699] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 656.599546][T15699] do_dentry_open+0x6d8/0x1660 [ 656.599561][T15699] ? __pfx_chrdev_open+0x10/0x10 [ 656.599582][T15699] vfs_open+0x82/0x3f0 [ 656.599605][T15699] path_openat+0x208c/0x31a0 [ 656.599628][T15699] ? __pfx_path_openat+0x10/0x10 [ 656.599650][T15699] do_file_open+0x20e/0x430 [ 656.599667][T15699] ? __pfx_do_file_open+0x10/0x10 [ 656.599697][T15699] ? alloc_fd+0x476/0x790 [ 656.599714][T15699] ? do_getname+0x191/0x390 [ 656.599734][T15699] do_sys_openat2+0x10d/0x1e0 [ 656.599754][T15699] ? __pfx_do_sys_openat2+0x10/0x10 [ 656.599775][T15699] ? __fget_files+0x21f/0x3d0 [ 656.599794][T15699] __x64_sys_openat+0x12d/0x210 [ 656.599813][T15699] ? __pfx___x64_sys_openat+0x10/0x10 [ 656.599833][T15699] ? xfd_validate_state+0x129/0x190 [ 656.599857][T15699] do_syscall_64+0x106/0xf80 [ 656.599871][T15699] ? clear_bhb_loop+0x40/0x90 [ 656.599889][T15699] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 656.599904][T15699] RIP: 0033:0x7fe6c879bf79 [ 656.599916][T15699] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 656.599930][T15699] RSP: 002b:00007fe6c9680028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 656.599952][T15699] RAX: ffffffffffffffda RBX: 00007fe6c8a15fa0 RCX: 00007fe6c879bf79 [ 656.599963][T15699] RDX: 0000000000000000 RSI: 0000200000000380 RDI: ffffffffffffff9c [ 656.599972][T15699] RBP: 00007fe6c88327e0 R08: 0000000000000000 R09: 0000000000000000 [ 656.599981][T15699] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 656.599991][T15699] R13: 00007fe6c8a16038 R14: 00007fe6c8a15fa0 R15: 00007ffd180b7628 [ 656.600011][T15699] [ 657.638361][ T9086] Bluetooth: hci0: unexpected event for opcode 0x7c89 [ 657.699388][ T9086] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 657.699414][ T9086] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 657.714577][ T9086] Bluetooth: hci0: Malformed LE Event: 0x0d [ 658.187218][ T9086] Bluetooth: hci0: unexpected event for opcode 0x7c89 [ 658.280732][T15719] vhci_hcd vhci_hcd.2: invalid port number 16 [ 658.291113][ T30] audit: type=1800 audit(4294967373.888:68): pid=15721 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.2132" name="dbroot" dev="configfs" ino=75288 res=0 errno=0 [ 658.330153][ T9086] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 658.330179][ T9086] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 658.347521][ T9086] Bluetooth: hci0: Malformed LE Event: 0x0d [ 658.363309][T15719] vhci_hcd vhci_hcd.2: invalid port number 16 [ 658.380473][T15713] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 658.410755][T15713] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 658.758433][T15730] FAULT_INJECTION: forcing a failure. [ 658.758433][T15730] name failslab, interval 1, probability 0, space 0, times 0 [ 658.825860][T15730] CPU: 0 UID: 0 PID: 15730 Comm: syz.3.2137 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 658.825899][T15730] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 658.825908][T15730] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 658.825917][T15730] Call Trace: [ 658.825922][T15730] [ 658.825929][T15730] dump_stack_lvl+0x100/0x190 [ 658.825954][T15730] should_fail_ex.cold+0x5/0xa [ 658.825973][T15730] should_failslab+0xc2/0x120 [ 658.825991][T15730] kmem_cache_alloc_node_noprof+0x8c/0x880 [ 658.826009][T15730] ? bpf_ksym_find+0x124/0x1c0 [ 658.826031][T15730] ? __alloc_skb+0x156/0x410 [ 658.826050][T15730] ? __alloc_skb+0x156/0x410 [ 658.826065][T15730] __alloc_skb+0x156/0x410 [ 658.826081][T15730] ? __pfx___alloc_skb+0x10/0x10 [ 658.826105][T15730] tipc_buf_acquire+0x26/0xe0 [ 658.826127][T15730] tipc_msg_create+0x39/0x1d0 [ 658.826150][T15730] tipc_group_proto_xmit+0x150/0x7c0 [ 658.826170][T15730] tipc_group_delete+0xf8/0x4a0 [ 658.826184][T15730] ? task_work_run+0x150/0x240 [ 658.826199][T15730] ? exit_to_user_mode_loop+0x100/0x4a0 [ 658.826213][T15730] ? do_syscall_64+0x668/0xf80 [ 658.826229][T15730] ? __pfx_tipc_group_delete+0x10/0x10 [ 658.826249][T15730] ? __tipc_shutdown+0x855/0xed0 [ 658.826267][T15730] ? __lock_acquire+0x3c5/0x2630 [ 658.826287][T15730] tipc_sk_leave+0x10e/0x1c0 [ 658.826303][T15730] ? __pfx_tipc_sk_leave+0x10/0x10 [ 658.826320][T15730] ? __pfx_woken_wake_function+0x10/0x10 [ 658.826341][T15730] ? tipc_sk_filtering+0x47d/0x590 [ 658.826364][T15730] tipc_release+0x11f/0x1640 [ 658.826384][T15730] ? down_write+0x146/0x1f0 [ 658.826399][T15730] ? __pfx_down_write+0x10/0x10 [ 658.826416][T15730] ? __pfx_locks_remove_file+0x10/0x10 [ 658.826433][T15730] __sock_release+0xb3/0x260 [ 658.826452][T15730] ? __pfx_sock_close+0x10/0x10 [ 658.826470][T15730] sock_close+0x1c/0x30 [ 658.826488][T15730] __fput+0x3ff/0xb40 [ 658.826510][T15730] task_work_run+0x150/0x240 [ 658.826527][T15730] ? __pfx_task_work_run+0x10/0x10 [ 658.826549][T15730] exit_to_user_mode_loop+0x100/0x4a0 [ 658.826563][T15730] ? rcu_is_watching+0x12/0xc0 [ 658.826583][T15730] do_syscall_64+0x668/0xf80 [ 658.826596][T15730] ? clear_bhb_loop+0x40/0x90 [ 658.826613][T15730] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 658.826628][T15730] RIP: 0033:0x7f060839bf79 [ 658.826641][T15730] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 658.826655][T15730] RSP: 002b:00007f0609343028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 658.826669][T15730] RAX: 0000000000000000 RBX: 00007f0608615fa0 RCX: 00007f060839bf79 [ 658.826679][T15730] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 658.826687][T15730] RBP: 00007f06084327e0 R08: 0000000000000000 R09: 0000000000000000 [ 658.826696][T15730] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 658.826704][T15730] R13: 00007f0608616038 R14: 00007f0608615fa0 R15: 00007ffee482e7a8 [ 658.826731][T15730] [ 660.026521][ T9086] Bluetooth: hci0: unexpected event for opcode 0x7c89 [ 660.128462][ T9086] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 660.128490][ T9086] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 660.146475][ T9086] bt_err_ratelimited: 11 callbacks suppressed [ 660.146488][ T9086] Bluetooth: hci0: Unknown advertising packet type: 0x7f [ 660.152806][ T9086] Bluetooth: hci0: adv larger than maximum supported [ 660.159817][ T9086] Bluetooth: hci0: Unknown advertising packet type: 0x5f [ 660.167349][ T9086] Bluetooth: hci0: Malformed LE Event: 0x0d [ 660.230037][ T9086] Bluetooth: hci2: unexpected event 0x07 length: 43 < 255 [ 660.384387][ T9182] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 660.561602][T15755] ptp ptp0: new virtual clock ptp1 [ 660.658738][T15755] ptp ptp0: guarantee physical clock free running [ 660.785347][ T9086] Bluetooth: hci2: unexpected event for opcode 0x7c89 [ 660.874892][T15766] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 660.919749][ T9086] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 660.919775][ T9086] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 660.935563][ T9086] Bluetooth: hci2: Unknown advertising packet type: 0x7f [ 660.935585][ T9086] Bluetooth: hci2: adv larger than maximum supported [ 660.942749][ T9086] Bluetooth: hci2: Unknown advertising packet type: 0x5f [ 660.950662][ T9086] Bluetooth: hci2: Malformed LE Event: 0x0d [ 661.415417][ T30] audit: type=1800 audit(4294967377.019:69): pid=15778 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.2150" name="dbroot" dev="configfs" ino=75761 res=0 errno=0 [ 661.545556][ T9086] Bluetooth: hci0: unexpected event for opcode 0x7c89 [ 661.636617][ T9086] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 661.636643][ T9086] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 661.651413][ T9086] Bluetooth: hci0: Unknown advertising packet type: 0x7f [ 661.651432][ T9086] Bluetooth: hci0: adv larger than maximum supported [ 661.658554][ T9086] Bluetooth: hci0: Unknown advertising packet type: 0x5f [ 661.666416][ T9086] Bluetooth: hci0: Malformed LE Event: 0x0d [ 662.419467][ T9086] Bluetooth: hci0: unexpected event for opcode 0x7c89 [ 662.496347][ T9086] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 662.496374][ T9086] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 662.511864][ T9086] Bluetooth: hci0: Unknown advertising packet type: 0x7f [ 662.511900][ T9086] Bluetooth: hci0: Malformed LE Event: 0x0d [ 663.112767][T15808] sd 0:0:1:0: PR command failed: 1026 [ 663.166072][T15808] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 663.243998][T15815] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2160'. [ 663.276710][T15808] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 663.358491][T15815] bridge0: entered promiscuous mode [ 663.367127][ T9086] Bluetooth: hci0: unexpected event for opcode 0x7c89 [ 663.425470][T15815] bridge0: entered allmulticast mode [ 663.464086][ T9086] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 663.464111][ T9086] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 663.478897][ T9086] Bluetooth: hci0: Malformed LE Event: 0x0d [ 663.701717][T15824] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2165'. [ 664.202221][ T9086] Bluetooth: hci0: unexpected event for opcode 0x7c89 [ 664.285234][ T9086] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 664.285260][ T9086] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 664.300056][ T9086] Bluetooth: hci0: Malformed LE Event: 0x0d [ 664.923753][ T30] audit: type=1800 audit(4294967380.521:70): pid=15858 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.2172" name="dbroot" dev="configfs" ino=76268 res=0 errno=0 [ 665.073960][T15858] netlink: 'syz.1.2172': attribute type 2 has an invalid length. [ 665.190505][T15858] netlink: 'syz.1.2172': attribute type 3 has an invalid length. [ 665.263471][T15858] netlink: 158 bytes leftover after parsing attributes in process `syz.1.2172'. [ 665.312237][ T9086] Bluetooth: hci0: unexpected event for opcode 0x7c89 [ 665.360176][T15858] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2172'. [ 665.441295][ T9086] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 665.441322][ T9086] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 665.457462][ T9086] bt_err_ratelimited: 8 callbacks suppressed [ 665.457473][ T9086] Bluetooth: hci0: Unknown advertising packet type: 0x7f [ 665.463674][ T9086] Bluetooth: hci0: adv larger than maximum supported [ 665.470715][ T9086] Bluetooth: hci0: Unknown advertising packet type: 0x5f [ 665.477382][ T9086] Bluetooth: hci0: Malformed LE Event: 0x0d [ 665.611500][ T9086] Bluetooth: hci2: unexpected event for opcode 0x7c89 [ 665.715523][T15875] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 665.792006][ T9086] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 665.792033][ T9086] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 665.806760][ T9086] Bluetooth: hci2: Unknown advertising packet type: 0x7f [ 665.806779][ T9086] Bluetooth: hci2: adv larger than maximum supported [ 665.813869][ T9086] Bluetooth: hci2: Unknown advertising packet type: 0x5f [ 665.821207][ T9086] Bluetooth: hci2: Malformed LE Event: 0x0d [ 666.090174][ T9086] Bluetooth: hci3: unexpected event for opcode 0x7c89 [ 666.198446][T15888] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 666.245942][ T9086] Bluetooth: hci3: unexpected event 0x3e length: 726 > 260 [ 666.245967][ T9086] Bluetooth: hci3: unexpected subevent 0x0d length: 725 > 260 [ 666.261334][ T9086] Bluetooth: hci3: Unknown advertising packet type: 0x7f [ 666.261354][ T9086] Bluetooth: hci3: adv larger than maximum supported [ 666.270391][ T9086] Bluetooth: hci3: Unknown advertising packet type: 0x5f [ 666.277070][ T9086] Bluetooth: hci3: Malformed LE Event: 0x0d [ 666.486727][T15887] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2179'. [ 666.538095][T15890] zswap: compressor not available [ 666.648576][T15887] veth1_macvtap: entered allmulticast mode [ 667.037558][ T9086] Bluetooth: hci0: unexpected event for opcode 0x7c89 [ 667.124160][ T9086] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 667.124186][ T9086] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 667.146043][ T9086] Bluetooth: hci0: Unknown advertising packet type: 0x7f [ 667.146094][ T9086] Bluetooth: hci0: Malformed LE Event: 0x0d [ 667.582871][T15916] netlink: 9 bytes leftover after parsing attributes in process `syz.2.2191'. [ 667.828206][T15922] FAULT_INJECTION: forcing a failure. [ 667.828206][T15922] name failslab, interval 1, probability 0, space 0, times 0 [ 667.895109][T15922] CPU: 0 UID: 0 PID: 15922 Comm: syz.3.2193 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 667.895144][T15922] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 667.895152][T15922] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 667.895162][T15922] Call Trace: [ 667.895167][T15922] [ 667.895173][T15922] dump_stack_lvl+0x100/0x190 [ 667.895199][T15922] should_fail_ex.cold+0x5/0xa [ 667.895216][T15922] should_failslab+0xc2/0x120 [ 667.895235][T15922] kmem_cache_alloc_lru_noprof+0x8e/0x7d0 [ 667.895253][T15922] ? shmem_alloc_inode+0x25/0x50 [ 667.895275][T15922] ? __pfx_shmem_alloc_inode+0x10/0x10 [ 667.895293][T15922] ? shmem_alloc_inode+0x25/0x50 [ 667.895309][T15922] shmem_alloc_inode+0x25/0x50 [ 667.895327][T15922] alloc_inode+0x68/0x250 [ 667.895347][T15922] new_inode+0x22/0x1c0 [ 667.895368][T15922] shmem_get_inode+0x197/0xf30 [ 667.895391][T15922] shmem_mknod+0x1a2/0x3b0 [ 667.895412][T15922] ? __pfx_shmem_create+0x10/0x10 [ 667.895432][T15922] lookup_open.isra.0+0xc47/0x11b0 [ 667.895458][T15922] ? __pfx_lookup_open.isra.0+0x10/0x10 [ 667.895484][T15922] ? __pfx___might_resched+0x10/0x10 [ 667.895500][T15922] ? mnt_get_write_access+0x52/0x2f0 [ 667.895524][T15922] ? __pfx_down_write+0x10/0x10 [ 667.895539][T15922] ? mnt_get_write_access+0x1e9/0x2f0 [ 667.895562][T15922] path_openat+0x2291/0x31a0 [ 667.895584][T15922] ? __pfx_path_openat+0x10/0x10 [ 667.895609][T15922] do_file_open+0x20e/0x430 [ 667.895629][T15922] ? __pfx_do_file_open+0x10/0x10 [ 667.895658][T15922] ? _raw_spin_unlock+0x28/0x50 [ 667.895678][T15922] ? alloc_fd+0x476/0x790 [ 667.895698][T15922] do_sys_openat2+0x10d/0x1e0 [ 667.895718][T15922] ? __pfx_do_sys_openat2+0x10/0x10 [ 667.895739][T15922] ? __fget_files+0x21f/0x3d0 [ 667.895757][T15922] __x64_sys_open+0xfe/0x1d0 [ 667.895777][T15922] ? __pfx___x64_sys_open+0x10/0x10 [ 667.895795][T15922] ? xfd_validate_state+0x129/0x190 [ 667.895819][T15922] do_syscall_64+0x106/0xf80 [ 667.895832][T15922] ? clear_bhb_loop+0x40/0x90 [ 667.895850][T15922] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 667.895865][T15922] RIP: 0033:0x7f060839bf79 [ 667.895877][T15922] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 667.895892][T15922] RSP: 002b:00007f0609343028 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 667.895906][T15922] RAX: ffffffffffffffda RBX: 00007f0608615fa0 RCX: 00007f060839bf79 [ 667.895916][T15922] RDX: 0000000000000110 RSI: 0000000000022240 RDI: 0000000000000000 [ 667.895924][T15922] RBP: 00007f06084327e0 R08: 0000000000000000 R09: 0000000000000000 [ 667.895933][T15922] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 667.895941][T15922] R13: 00007f0608616038 R14: 00007f0608615fa0 R15: 00007ffee482e7a8 [ 667.895969][T15922] [ 668.574466][ T30] audit: type=1800 audit(4294967383.783:71): pid=15926 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.2192" name="dbroot" dev="configfs" ino=76688 res=0 errno=0 [ 668.782814][ T30] audit: type=1800 audit(4294967384.363:72): pid=15935 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.2196" name="dbroot" dev="configfs" ino=76731 res=0 errno=0 [ 668.813817][ T9086] Bluetooth: hci0: unexpected event for opcode 0x7c89 [ 668.821369][ T9086] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 668.821387][ T9086] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 668.840476][ T9086] Bluetooth: hci0: Malformed LE Event: 0x0d [ 669.260755][ T9086] Bluetooth: hci1: unexpected event for opcode 0x7c89 [ 669.273859][T15942] netlink: 338 bytes leftover after parsing attributes in process `syz.0.2200'. [ 669.428970][T15943] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 669.509095][T15238] Bluetooth: hci1: unexpected event 0x3e length: 726 > 260 [ 669.509119][T15238] Bluetooth: hci1: unexpected subevent 0x0d length: 725 > 260 [ 669.525958][T15238] Bluetooth: hci1: Malformed LE Event: 0x0d [ 669.671395][T15949] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2202'. [ 669.718417][T15949] netlink: 25 bytes leftover after parsing attributes in process `syz.3.2202'. [ 669.774263][ T30] audit: type=1800 audit(4294967385.374:73): pid=15953 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.2204" name="dbroot" dev="configfs" ino=76835 res=0 errno=0 [ 670.248541][T15238] Bluetooth: hci1: unexpected event for opcode 0x7c89 [ 670.354734][T15238] Bluetooth: hci0: unexpected event for opcode 0x7c89 [ 670.390783][T15969] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 670.445015][T15238] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 670.445039][T15238] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 670.459919][T15238] bt_err_ratelimited: 8 callbacks suppressed [ 670.459931][T15238] Bluetooth: hci0: Unknown advertising packet type: 0x7f [ 670.466618][T15238] Bluetooth: hci0: adv larger than maximum supported [ 670.474998][T15238] Bluetooth: hci0: Unknown advertising packet type: 0x5f [ 670.482214][T15238] Bluetooth: hci0: Malformed LE Event: 0x0d [ 670.499198][T15238] Bluetooth: hci1: unexpected event 0x3e length: 726 > 260 [ 670.499219][T15238] Bluetooth: hci1: unexpected subevent 0x0d length: 725 > 260 [ 670.515836][T15238] Bluetooth: hci1: Unknown advertising packet type: 0x7f [ 670.515858][T15238] Bluetooth: hci1: adv larger than maximum supported [ 670.523117][T15238] Bluetooth: hci1: Unknown advertising packet type: 0x5f [ 670.529913][T15238] Bluetooth: hci1: Malformed LE Event: 0x0d [ 670.648798][T15238] Bluetooth: hci3: unexpected event for opcode 0x7c89 [ 670.744355][T15978] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 670.799990][T15238] Bluetooth: hci3: unexpected event 0x3e length: 726 > 260 [ 670.800015][T15238] Bluetooth: hci3: unexpected subevent 0x0d length: 725 > 260 [ 670.815091][T15238] Bluetooth: hci3: Unknown advertising packet type: 0x7f [ 670.815110][T15238] Bluetooth: hci3: adv larger than maximum supported [ 670.823024][T15238] Bluetooth: hci3: Unknown advertising packet type: 0x5f [ 670.831535][T15238] Bluetooth: hci3: Malformed LE Event: 0x0d [ 671.407655][T15238] Bluetooth: hci0: unexpected event for opcode 0x7c89 [ 671.534650][T15238] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 671.534677][T15238] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 671.550411][T15238] Bluetooth: hci0: Unknown advertising packet type: 0x7f [ 671.550445][T15238] Bluetooth: hci0: Malformed LE Event: 0x0d [ 671.690007][T16001] netlink: zone id is out of range [ 671.752119][T16000] netlink: set zone limit has 8 unknown bytes [ 671.965294][ T30] audit: type=1800 audit(4294967387.565:74): pid=16006 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.2220" name="dbroot" dev="configfs" ino=77124 res=0 errno=0 [ 672.321046][T15238] Bluetooth: hci3: unexpected event for opcode 0x7c89 [ 672.393550][T15238] Bluetooth: hci2: unexpected event for opcode 0x7c89 [ 672.447137][T16019] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 672.518479][T16020] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 672.529211][T15238] Bluetooth: hci3: unexpected event 0x3e length: 726 > 260 [ 672.529234][T15238] Bluetooth: hci3: unexpected subevent 0x0d length: 725 > 260 [ 672.544063][T15238] Bluetooth: hci3: Malformed LE Event: 0x0d [ 672.582036][T15238] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 672.582061][T15238] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 672.597207][T15238] Bluetooth: hci2: Malformed LE Event: 0x0d [ 673.173098][T15238] Bluetooth: hci3: unexpected event for opcode 0x7c89 [ 673.288731][T16038] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 673.341610][T15238] Bluetooth: hci3: unexpected event 0x3e length: 726 > 260 [ 673.341634][T15238] Bluetooth: hci3: unexpected subevent 0x0d length: 725 > 260 [ 673.356568][T15238] Bluetooth: hci3: Malformed LE Event: 0x0d [ 673.791950][T15238] Bluetooth: hci3: unexpected event for opcode 0x7c89 [ 673.962770][T16048] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 674.007931][T16051] FAULT_INJECTION: forcing a failure. [ 674.007931][T16051] name failslab, interval 1, probability 0, space 0, times 0 [ 674.027975][T15238] Bluetooth: hci3: unexpected event 0x3e length: 726 > 260 [ 674.027998][T15238] Bluetooth: hci3: unexpected subevent 0x0d length: 725 > 260 [ 674.044275][T15238] Bluetooth: hci3: Malformed LE Event: 0x0d [ 674.104980][T16051] CPU: 0 UID: 0 PID: 16051 Comm: syz.3.2242 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 674.105016][T16051] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 674.105025][T16051] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 674.105034][T16051] Call Trace: [ 674.105040][T16051] [ 674.105046][T16051] dump_stack_lvl+0x100/0x190 [ 674.105073][T16051] should_fail_ex.cold+0x5/0xa [ 674.105091][T16051] should_failslab+0xc2/0x120 [ 674.105109][T16051] __kvmalloc_node_noprof+0x101/0xac0 [ 674.105127][T16051] ? seq_read_iter+0x819/0x1270 [ 674.105145][T16051] ? seq_read_iter+0x819/0x1270 [ 674.105158][T16051] seq_read_iter+0x819/0x1270 [ 674.105172][T16051] ? __pfx_alloc_pages_bulk_noprof+0x10/0x10 [ 674.105189][T16051] ? rcu_is_watching+0x12/0xc0 [ 674.105210][T16051] kernfs_fop_read_iter+0x46c/0x610 [ 674.105229][T16051] copy_splice_read+0x4ba/0xb90 [ 674.105248][T16051] ? __pfx_copy_splice_read+0x10/0x10 [ 674.105268][T16051] ? look_up_lock_class+0x55/0x120 [ 674.105283][T16051] ? alloc_pipe_info+0x1ec/0x590 [ 674.105303][T16051] ? lockdep_init_map_type+0x5c/0x250 [ 674.105319][T16051] ? __pfx_pipe_lock_cmp_fn+0x10/0x10 [ 674.105336][T16051] ? __pfx_copy_splice_read+0x10/0x10 [ 674.105350][T16051] do_splice_read+0x285/0x370 [ 674.105367][T16051] splice_direct_to_actor+0x2a1/0xa30 [ 674.105384][T16051] ? __pfx_direct_splice_actor+0x10/0x10 [ 674.105409][T16051] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 674.105432][T16051] do_splice_direct+0x174/0x240 [ 674.105448][T16051] ? __pfx_do_splice_direct+0x10/0x10 [ 674.105461][T16051] ? common_file_perm+0x1ab/0x4f0 [ 674.105477][T16051] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 674.105495][T16051] ? rw_verify_area+0xce/0x6d0 [ 674.105518][T16051] do_sendfile+0xadc/0xe20 [ 674.105536][T16051] ? __pfx_do_sendfile+0x10/0x10 [ 674.105552][T16051] ? __x64_sys_futex+0x34f/0x4d0 [ 674.105567][T16051] ? __x64_sys_futex+0x358/0x4d0 [ 674.105583][T16051] __x64_sys_sendfile64+0x1d8/0x220 [ 674.105600][T16051] ? xfd_validate_state+0x129/0x190 [ 674.105622][T16051] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 674.105645][T16051] do_syscall_64+0x106/0xf80 [ 674.105659][T16051] ? clear_bhb_loop+0x40/0x90 [ 674.105676][T16051] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 674.105691][T16051] RIP: 0033:0x7f060839bf79 [ 674.105704][T16051] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 674.105718][T16051] RSP: 002b:00007f0609343028 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 674.105732][T16051] RAX: ffffffffffffffda RBX: 00007f0608615fa0 RCX: 00007f060839bf79 [ 674.105742][T16051] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003 [ 674.105750][T16051] RBP: 00007f06084327e0 R08: 0000000000000000 R09: 0000000000000000 [ 674.105759][T16051] R10: 0000000002400000 R11: 0000000000000246 R12: 0000000000000000 [ 674.105768][T16051] R13: 00007f0608616038 R14: 00007f0608615fa0 R15: 00007ffee482e7a8 [ 674.105787][T16051] [ 674.426908][T16055] netlink: set zone limit has 8 unknown bytes [ 674.439138][T16055] netlink: zone id is out of range [ 675.072116][T15238] Bluetooth: hci1: unexpected event for opcode 0x7c89 [ 675.195418][T16060] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 675.229576][T15238] Bluetooth: hci0: unexpected event for opcode 0x7c89 [ 675.249576][T15238] Bluetooth: hci1: unexpected event 0x3e length: 726 > 260 [ 675.249600][T15238] Bluetooth: hci1: unexpected subevent 0x0d length: 725 > 260 [ 675.266972][T15238] Bluetooth: hci1: Malformed LE Event: 0x0d [ 675.298344][T15238] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 675.298367][T15238] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 675.313422][T15238] Bluetooth: hci0: Malformed LE Event: 0x0d [ 675.566913][T16069] FAULT_INJECTION: forcing a failure. [ 675.566913][T16069] name fail_futex, interval 1, probability 0, space 0, times 0 [ 675.629232][T16069] CPU: 0 UID: 0 PID: 16069 Comm: syz.3.2240 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 675.629269][T16069] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 675.629277][T16069] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 675.629286][T16069] Call Trace: [ 675.629291][T16069] [ 675.629297][T16069] dump_stack_lvl+0x100/0x190 [ 675.629322][T16069] should_fail_ex.cold+0x5/0xa [ 675.629340][T16069] get_futex_key+0x1d2/0x1620 [ 675.629364][T16069] ? __pfx_get_futex_key+0x10/0x10 [ 675.629388][T16069] ? find_held_lock+0x2b/0x80 [ 675.629408][T16069] ? shmem_file_write_iter+0xcf/0x140 [ 675.629428][T16069] futex_wake+0xea/0x530 [ 675.629445][T16069] ? find_held_lock+0x2b/0x80 [ 675.629464][T16069] ? __pfx_futex_wake+0x10/0x10 [ 675.629482][T16069] ? ksys_write+0x190/0x250 [ 675.629496][T16069] ? ksys_write+0x190/0x250 [ 675.629514][T16069] do_futex+0x32b/0x350 [ 675.629528][T16069] ? __pfx_do_futex+0x10/0x10 [ 675.629547][T16069] __x64_sys_futex+0x34f/0x4d0 [ 675.629562][T16069] ? fput+0x79/0x100 [ 675.629578][T16069] ? __pfx___x64_sys_futex+0x10/0x10 [ 675.629591][T16069] ? ksys_write+0x1ac/0x250 [ 675.629605][T16069] ? __pfx_ksys_write+0x10/0x10 [ 675.629624][T16069] do_syscall_64+0x106/0xf80 [ 675.629638][T16069] ? clear_bhb_loop+0x40/0x90 [ 675.629655][T16069] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 675.629669][T16069] RIP: 0033:0x7f060839bf79 [ 675.629682][T16069] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 675.629696][T16069] RSP: 002b:00007f06093430e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 675.629710][T16069] RAX: ffffffffffffffda RBX: 00007f0608615fa8 RCX: 00007f060839bf79 [ 675.629720][T16069] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f0608615fac [ 675.629728][T16069] RBP: 00007f0608615fa0 R08: 0000000000000000 R09: 0000000000000000 [ 675.629738][T16069] R10: 00000000000098c7 R11: 0000000000000246 R12: 0000000000000000 [ 675.629746][T16069] R13: 00007f0608616038 R14: 00007ffee482e6c0 R15: 00007ffee482e7a8 [ 675.629765][T16069] [ 676.181535][T16085] FAULT_INJECTION: forcing a failure. [ 676.181535][T16085] name failslab, interval 1, probability 0, space 0, times 0 [ 676.236415][T15238] Bluetooth: hci0: unexpected event for opcode 0x7c89 [ 676.262144][T16085] CPU: 0 UID: 0 PID: 16085 Comm: syz.3.2246 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 676.262187][T16085] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 676.262196][T16085] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 676.262205][T16085] Call Trace: [ 676.262210][T16085] [ 676.262217][T16085] dump_stack_lvl+0x100/0x190 [ 676.262242][T16085] should_fail_ex.cold+0x5/0xa [ 676.262259][T16085] should_failslab+0xc2/0x120 [ 676.262277][T16085] __kmalloc_cache_noprof+0x80/0x810 [ 676.262301][T16085] ? mtdchar_open+0x1e5/0x340 [ 676.262318][T16085] ? kobject_get_unless_zero+0x156/0x200 [ 676.262339][T16085] ? mtdchar_open+0x1e5/0x340 [ 676.262356][T16085] mtdchar_open+0x1e5/0x340 [ 676.262375][T16085] ? __pfx_mtdchar_open+0x10/0x10 [ 676.262393][T16085] chrdev_open+0x234/0x6a0 [ 676.262409][T16085] ? __pfx_apparmor_file_open+0x10/0x10 [ 676.262432][T16085] ? __pfx_chrdev_open+0x10/0x10 [ 676.262449][T16085] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 676.262470][T16085] do_dentry_open+0x6d8/0x1660 [ 676.262486][T16085] ? __pfx_chrdev_open+0x10/0x10 [ 676.262506][T16085] vfs_open+0x82/0x3f0 [ 676.262527][T16085] path_openat+0x208c/0x31a0 [ 676.262549][T16085] ? __pfx_path_openat+0x10/0x10 [ 676.262572][T16085] do_file_open+0x20e/0x430 [ 676.262589][T16085] ? __pfx_do_file_open+0x10/0x10 [ 676.262617][T16085] ? alloc_fd+0x476/0x790 [ 676.262634][T16085] ? do_getname+0x191/0x390 [ 676.262654][T16085] do_sys_openat2+0x10d/0x1e0 [ 676.262674][T16085] ? __pfx_do_sys_openat2+0x10/0x10 [ 676.262695][T16085] ? __fget_files+0x21f/0x3d0 [ 676.262713][T16085] __x64_sys_openat+0x12d/0x210 [ 676.262733][T16085] ? __pfx___x64_sys_openat+0x10/0x10 [ 676.262752][T16085] ? xfd_validate_state+0x129/0x190 [ 676.262776][T16085] do_syscall_64+0x106/0xf80 [ 676.262789][T16085] ? clear_bhb_loop+0x40/0x90 [ 676.262807][T16085] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 676.262822][T16085] RIP: 0033:0x7f060839bf79 [ 676.262834][T16085] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 676.262849][T16085] RSP: 002b:00007f0609343028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 676.262863][T16085] RAX: ffffffffffffffda RBX: 00007f0608615fa0 RCX: 00007f060839bf79 [ 676.262873][T16085] RDX: 0000000000028082 RSI: 0000200000000400 RDI: ffffffffffffff9c [ 676.262882][T16085] RBP: 00007f06084327e0 R08: 0000000000000000 R09: 0000000000000000 [ 676.262891][T16085] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 676.262900][T16085] R13: 00007f0608616038 R14: 00007f0608615fa0 R15: 00007ffee482e7a8 [ 676.262919][T16085] [ 676.806736][T15238] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 676.806769][T15238] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 676.829275][T15238] bt_err_ratelimited: 20 callbacks suppressed [ 676.829290][T15238] Bluetooth: hci0: Unknown advertising packet type: 0x7f [ 676.835771][T15238] Bluetooth: hci0: adv larger than maximum supported [ 676.843710][T15238] Bluetooth: hci0: Unknown advertising packet type: 0x5f [ 676.850575][T15238] Bluetooth: hci0: Malformed LE Event: 0x0d [ 677.177319][T16101] netlink: set zone limit has 8 unknown bytes [ 677.212929][T16104] netlink: zone id is out of range [ 677.476570][ T30] audit: type=1800 audit(4294967393.088:75): pid=16111 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.2247" name="dbroot" dev="configfs" ino=77745 res=0 errno=0 [ 677.910943][T15238] Bluetooth: hci2: unexpected event for opcode 0x7c89 [ 678.058268][T16124] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 678.132952][T15238] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 678.132998][T15238] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 678.150755][T15238] Bluetooth: hci2: Unknown advertising packet type: 0x7f [ 678.150775][T15238] Bluetooth: hci2: adv larger than maximum supported [ 678.160037][T15238] Bluetooth: hci2: Unknown advertising packet type: 0x5f [ 678.167336][T15238] Bluetooth: hci2: Malformed LE Event: 0x0d [ 678.678170][T15238] Bluetooth: hci1: unexpected event for opcode 0x7c89 [ 678.804467][ T30] audit: type=1800 audit(4294967394.408:76): pid=16145 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.2269" name="dbroot" dev="configfs" ino=77881 res=0 errno=0 [ 678.870445][T16140] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 679.008075][T15238] Bluetooth: hci1: unexpected event 0x3e length: 726 > 260 [ 679.008100][T15238] Bluetooth: hci1: unexpected subevent 0x0d length: 725 > 260 [ 679.022925][T15238] Bluetooth: hci1: Unknown advertising packet type: 0x7f [ 679.022945][T15238] Bluetooth: hci1: adv larger than maximum supported [ 679.029961][T15238] Bluetooth: hci1: Unknown advertising packet type: 0x5f [ 679.036673][T15238] Bluetooth: hci1: Malformed LE Event: 0x0d [ 679.668196][ T30] audit: type=1800 audit(4294967395.279:77): pid=16166 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.2283" name="dbroot" dev="configfs" ino=77978 res=0 errno=0 [ 680.562343][T16174] netlink: 25 bytes leftover after parsing attributes in process `syz.1.2276'. [ 681.024599][T15238] Bluetooth: hci3: unexpected event for opcode 0x7c89 [ 681.173713][T16190] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 681.280260][T15238] Bluetooth: hci3: unexpected event 0x3e length: 726 > 260 [ 681.280285][T15238] Bluetooth: hci3: unexpected subevent 0x0d length: 725 > 260 [ 681.295483][T15238] Bluetooth: hci3: Unknown advertising packet type: 0x7f [ 681.295516][T15238] Bluetooth: hci3: Malformed LE Event: 0x0d [ 682.149570][ T30] audit: type=1800 audit(4294967397.750:78): pid=16219 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.2292" name="dbroot" dev="configfs" ino=78255 res=0 errno=0 [ 682.494172][T15238] Bluetooth: hci1: unexpected event for opcode 0x7c89 [ 682.583376][T15238] Bluetooth: hci3: unexpected event for opcode 0x7c89 [ 682.663928][T16228] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 682.724601][T15238] Bluetooth: hci1: unexpected event 0x3e length: 726 > 260 [ 682.724625][T15238] Bluetooth: hci1: unexpected subevent 0x0d length: 725 > 260 [ 682.741243][T15238] bt_err_ratelimited: 2 callbacks suppressed [ 682.741256][T15238] Bluetooth: hci1: Unknown advertising packet type: 0x7f [ 682.749180][T15238] Bluetooth: hci1: adv larger than maximum supported [ 682.756276][T15238] Bluetooth: hci1: Unknown advertising packet type: 0x5f [ 682.763047][T15238] Bluetooth: hci1: Malformed LE Event: 0x0d [ 682.817207][T16232] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 682.871089][T15238] Bluetooth: hci3: unexpected event 0x3e length: 726 > 260 [ 682.871114][T15238] Bluetooth: hci3: unexpected subevent 0x0d length: 725 > 260 [ 682.886092][T15238] Bluetooth: hci3: Unknown advertising packet type: 0x7f [ 682.886111][T15238] Bluetooth: hci3: adv larger than maximum supported [ 682.893289][T15238] Bluetooth: hci3: Unknown advertising packet type: 0x5f [ 682.899978][T15238] Bluetooth: hci3: Malformed LE Event: 0x0d [ 683.169196][T15238] Bluetooth: hci0: unexpected event for opcode 0x7c89 [ 683.183749][T15238] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 683.183773][T15238] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 683.198817][T15238] Bluetooth: hci0: Unknown advertising packet type: 0x7f [ 683.198836][T15238] Bluetooth: hci0: adv larger than maximum supported [ 683.206051][T15238] Bluetooth: hci0: Unknown advertising packet type: 0x5f [ 683.212799][T15238] Bluetooth: hci0: Malformed LE Event: 0x0d [ 683.250108][T16237] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2298'. [ 683.501838][T15238] Bluetooth: hci0: unexpected event for opcode 0x7c89 [ 683.517132][T15238] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 683.517156][T15238] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 683.532507][T15238] Bluetooth: hci0: Unknown advertising packet type: 0x7f [ 683.532541][T15238] Bluetooth: hci0: Malformed LE Event: 0x0d [ 683.787225][T15238] Bluetooth: hci3: unexpected event for opcode 0x7c89 [ 683.834316][T15238] Bluetooth: hci2: unexpected event for opcode 0x7c89 [ 683.939710][T16254] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 684.006210][T15238] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 684.006235][T15238] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 684.023957][T15238] Bluetooth: hci2: Malformed LE Event: 0x0d [ 684.034115][T15238] Bluetooth: hci3: unexpected event 0x3e length: 726 > 260 [ 684.034136][T15238] Bluetooth: hci3: unexpected subevent 0x0d length: 725 > 260 [ 684.049367][T15238] Bluetooth: hci3: Malformed LE Event: 0x0d [ 684.123221][T16255] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 684.373542][ T30] audit: type=1800 audit(4294967399.981:79): pid=16263 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.2307" name="dbroot" dev="configfs" ino=78461 res=0 errno=0 [ 684.892497][T15238] Bluetooth: hci2: unexpected event for opcode 0x7c89 [ 685.009464][T16270] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 685.145792][T15238] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 685.145815][T15238] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 685.162887][T15238] Bluetooth: hci2: Malformed LE Event: 0x0d [ 685.169981][T15238] Bluetooth: hci0: unexpected event for opcode 0x7c89 [ 685.243692][T15238] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 685.243717][T15238] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 685.258501][T15238] Bluetooth: hci0: Malformed LE Event: 0x0d [ 685.377530][T15238] Bluetooth: hci1: unexpected event for opcode 0x7c89 [ 685.560269][T16280] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 685.670071][T15238] Bluetooth: hci1: unexpected event 0x3e length: 726 > 260 [ 685.670096][T15238] Bluetooth: hci1: unexpected subevent 0x0d length: 725 > 260 [ 685.685193][T15238] Bluetooth: hci1: Malformed LE Event: 0x0d [ 685.752213][T16284] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2314'. [ 686.177229][ T30] audit: type=1800 audit(4294967401.782:80): pid=16296 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.2317" name="dbroot" dev="configfs" ino=78683 res=0 errno=0 [ 686.284510][T15238] Bluetooth: hci1: unexpected event for opcode 0x7c89 [ 686.382525][T15238] Bluetooth: hci0: unexpected event for opcode 0x7c89 [ 686.397544][T16303] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 686.436128][T15238] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 686.436154][T15238] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 686.451664][T15238] Bluetooth: hci0: Malformed LE Event: 0x0d [ 686.487649][T15238] Bluetooth: hci1: unexpected subevent 0x0d length: 725 > 260 [ 686.495665][T15238] Bluetooth: hci1: Malformed LE Event: 0x0d [ 687.192583][T15238] Bluetooth: hci3: unexpected event for opcode 0x7c89 [ 687.222358][T15238] Bluetooth: hci2: unexpected event for opcode 0x7c89 [ 687.240802][T15238] Bluetooth: hci0: unexpected event for opcode 0x7c89 [ 687.333290][T16319] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 687.346822][T15238] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 687.356458][T15238] Bluetooth: hci0: Malformed LE Event: 0x0d [ 687.422897][T15238] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 687.430481][T15238] Bluetooth: hci2: Malformed LE Event: 0x0d [ 687.437454][T15238] Bluetooth: hci3: unexpected subevent 0x0d length: 725 > 260 [ 687.445095][T15238] Bluetooth: hci3: Malformed LE Event: 0x0d [ 687.507407][T16318] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 688.406331][T15238] Bluetooth: hci3: unexpected event for opcode 0x7c89 [ 688.459176][T16339] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 688.513732][T15238] bt_warn_ratelimited: 4 callbacks suppressed [ 688.513746][T15238] Bluetooth: hci3: unexpected event 0x3e length: 726 > 260 [ 688.519891][T15238] Bluetooth: hci3: unexpected subevent 0x0d length: 725 > 260 [ 688.534690][T15238] bt_err_ratelimited: 32 callbacks suppressed [ 688.534703][T15238] Bluetooth: hci3: Unknown advertising packet type: 0x7f [ 688.541057][T15238] Bluetooth: hci3: adv larger than maximum supported [ 688.548731][T15238] Bluetooth: hci3: Unknown advertising packet type: 0x5f [ 688.555430][T15238] Bluetooth: hci3: Malformed LE Event: 0x0d [ 688.763691][T15238] Bluetooth: hci3: unexpected event for opcode 0x7c89 [ 688.861567][T16345] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 688.914586][T15238] Bluetooth: hci3: unexpected event 0x3e length: 726 > 260 [ 688.914611][T15238] Bluetooth: hci3: unexpected subevent 0x0d length: 725 > 260 [ 688.929652][T15238] Bluetooth: hci3: Unknown advertising packet type: 0x7f [ 688.929671][T15238] Bluetooth: hci3: adv larger than maximum supported [ 688.936678][T15238] Bluetooth: hci3: Unknown advertising packet type: 0x5f [ 688.943387][T15238] Bluetooth: hci3: Malformed LE Event: 0x0d [ 689.613489][ T30] audit: type=1800 audit(4294967405.224:81): pid=16359 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.2336" name="dbroot" dev="configfs" ino=79069 res=0 errno=0 [ 689.733184][T15238] Bluetooth: hci0: unexpected event for opcode 0x7c89 [ 689.819757][T15238] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 689.819782][T15238] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 689.834597][T15238] Bluetooth: hci0: Unknown advertising packet type: 0x7f [ 689.834616][T15238] Bluetooth: hci0: adv larger than maximum supported [ 689.841718][T15238] Bluetooth: hci0: Unknown advertising packet type: 0x5f [ 689.848477][T15238] Bluetooth: hci0: Malformed LE Event: 0x0d [ 690.213336][T15238] Bluetooth: hci0: unexpected event for opcode 0x7c89 [ 690.287109][T15238] Bluetooth: hci1: unexpected event for opcode 0x7c89 [ 690.325197][T15238] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 690.325222][T15238] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 690.341164][T15238] Bluetooth: hci0: Unknown advertising packet type: 0x7f [ 690.341200][T15238] Bluetooth: hci0: Malformed LE Event: 0x0d [ 690.377943][T16369] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 690.416797][T15238] Bluetooth: hci1: unexpected event 0x3e length: 726 > 260 [ 690.416821][T15238] Bluetooth: hci1: unexpected subevent 0x0d length: 725 > 260 [ 690.433061][T15238] Bluetooth: hci1: Malformed LE Event: 0x0d [ 690.488305][T16336] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 690.599346][T15238] Bluetooth: hci0: unexpected event for opcode 0x7c89 [ 690.619295][T15238] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 690.619320][T15238] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 690.636269][T15238] Bluetooth: hci0: Malformed LE Event: 0x0d [ 690.803711][T15238] Bluetooth: hci0: unexpected event for opcode 0x7c89 [ 690.819983][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 690.832433][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 690.928907][T15238] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 690.928934][T15238] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 690.945755][T15238] Bluetooth: hci0: Malformed LE Event: 0x0d [ 691.224457][T16336] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 691.238495][T16336] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 691.255571][T16336] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 691.426165][T15238] Bluetooth: hci0: unexpected event for opcode 0x7c89 [ 691.526801][T15238] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 691.526829][T15238] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 691.542049][T15238] Bluetooth: hci0: Malformed LE Event: 0x0d [ 692.046740][T15238] Bluetooth: hci0: unexpected event for opcode 0x7c89 [ 692.089579][ T30] audit: type=1800 audit(4294967407.705:82): pid=16401 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.2348" name="dbroot" dev="configfs" ino=79339 res=0 errno=0 [ 692.138835][T15238] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 692.138861][T15238] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 692.153680][T15238] Bluetooth: hci0: Malformed LE Event: 0x0d [ 692.566309][T15238] Bluetooth: hci1: command 0x0c1a tx timeout [ 692.675331][T15238] Bluetooth: hci0: unexpected event for opcode 0x7c89 [ 692.764428][T15238] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 692.764455][T15238] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 692.781876][T15238] Bluetooth: hci0: Malformed LE Event: 0x0d [ 693.044711][T16412] FAULT_INJECTION: forcing a failure. [ 693.044711][T16412] name failslab, interval 1, probability 0, space 0, times 0 [ 693.097259][ T30] audit: type=1800 audit(4294967408.715:83): pid=16413 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.2361" name="dbroot" dev="configfs" ino=79431 res=0 errno=0 [ 693.159298][T16412] CPU: 0 UID: 0 PID: 16412 Comm: syz.3.2353 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 693.159334][T16412] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 693.159342][T16412] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 693.159352][T16412] Call Trace: [ 693.159357][T16412] [ 693.159363][T16412] dump_stack_lvl+0x100/0x190 [ 693.159389][T16412] should_fail_ex.cold+0x5/0xa [ 693.159406][T16412] should_failslab+0xc2/0x120 [ 693.159425][T16412] kmem_cache_alloc_node_noprof+0x8c/0x880 [ 693.159442][T16412] ? percpu_ref_put_many.constprop.0+0xc4/0x2a0 [ 693.159463][T16412] ? zswap_store+0xc42/0x29d0 [ 693.159486][T16412] ? zswap_store+0xc42/0x29d0 [ 693.159504][T16412] zswap_store+0xc42/0x29d0 [ 693.159523][T16412] ? rcu_is_cpu_rrupt_from_idle+0x1d1/0x270 [ 693.159550][T16412] ? __pfx_zswap_store+0x10/0x10 [ 693.159570][T16412] ? folio_free_swap+0x277/0x850 [ 693.159586][T16412] ? folio_free_swap+0x277/0x850 [ 693.159605][T16412] ? do_raw_spin_unlock+0x145/0x1e0 [ 693.159624][T16412] ? _raw_spin_unlock+0x28/0x50 [ 693.159645][T16412] ? folio_free_swap+0x39/0x850 [ 693.159661][T16412] ? rcu_is_watching+0x12/0xc0 [ 693.159691][T16412] swap_writeout+0x49d/0x12b0 [ 693.159714][T16412] ? _raw_spin_unlock_irq+0x23/0x50 [ 693.159737][T16412] shmem_writeout+0xe12/0x1520 [ 693.159757][T16412] ? __pfx_shmem_writeout+0x10/0x10 [ 693.159774][T16412] ? inode_to_bdi+0x9e/0x160 [ 693.159791][T16412] ? folio_clear_dirty_for_io+0x178/0x820 [ 693.159813][T16412] shrink_folio_list+0x3b72/0x6000 [ 693.159843][T16412] ? __pfx_shrink_folio_list+0x10/0x10 [ 693.159865][T16412] ? find_held_lock+0x2b/0x80 [ 693.159883][T16412] ? unwind_next_frame+0x3be/0x1ea0 [ 693.159904][T16412] ? unwind_next_frame+0x3be/0x1ea0 [ 693.159930][T16412] ? exc_page_fault+0x6f/0xd0 [ 693.159944][T16412] ? asm_exc_page_fault+0x26/0x30 [ 693.159957][T16412] ? __kernel_text_address+0xd/0x30 [ 693.159980][T16412] ? unwind_get_return_address+0x59/0xa0 [ 693.160002][T16412] ? arch_stack_walk+0x88/0xf0 [ 693.160042][T16412] ? __lock_acquire+0x4a5/0x2630 [ 693.160060][T16412] reclaim_folio_list+0xdc/0x5a0 [ 693.160082][T16412] ? __lock_acquire+0x4a5/0x2630 [ 693.160098][T16412] ? __pfx_reclaim_folio_list+0x10/0x10 [ 693.160127][T16412] ? css_rstat_updated+0x1ce/0x5a0 [ 693.160152][T16412] ? do_raw_spin_lock+0x128/0x260 [ 693.160168][T16412] ? lru_gen_del_folio+0x382/0x5f0 [ 693.160191][T16412] reclaim_pages+0x428/0x5e0 [ 693.160206][T16412] ? __pfx_reclaim_pages+0x10/0x10 [ 693.160219][T16412] ? find_held_lock+0x2b/0x80 [ 693.160238][T16412] ? madvise_cold_or_pageout_pte_range+0xb49/0x2710 [ 693.160262][T16412] madvise_cold_or_pageout_pte_range+0x1635/0x2710 [ 693.160290][T16412] ? __pfx_madvise_cold_or_pageout_pte_range+0x10/0x10 [ 693.160312][T16412] ? __pfx_stack_trace_save+0x10/0x10 [ 693.160334][T16412] ? look_up_lock_class+0x55/0x120 [ 693.160349][T16412] ? __pfx_madvise_cold_or_pageout_pte_range+0x10/0x10 [ 693.160370][T16412] walk_pgd_range+0xc04/0x1eb0 [ 693.160399][T16412] ? __pfx_walk_pgd_range+0x10/0x10 [ 693.160413][T16412] ? __lock_acquire+0x4a5/0x2630 [ 693.160432][T16412] __walk_page_range+0x163/0x820 [ 693.160456][T16412] walk_page_range_vma_unsafe+0x23f/0x960 [ 693.160475][T16412] ? __pfx_walk_page_range_vma_unsafe+0x10/0x10 [ 693.160495][T16412] ? find_held_lock+0x2b/0x80 [ 693.160513][T16412] ? mlock_drain_local+0x254/0x4e0 [ 693.160527][T16412] ? mlock_drain_local+0x254/0x4e0 [ 693.160545][T16412] walk_page_range_vma+0x63/0x90 [ 693.160563][T16412] madvise_pageout+0x259/0x540 [ 693.160581][T16412] ? __pfx_madvise_pageout+0x10/0x10 [ 693.160600][T16412] ? finish_task_switch.isra.0+0x200/0xb80 [ 693.160630][T16412] ? mtree_range_walk+0x6ce/0xcd0 [ 693.160652][T16412] madvise_vma_behavior+0x3d8/0x2a40 [ 693.160680][T16412] ? mas_prev_setup.constprop.0+0xb6/0x9c0 [ 693.160696][T16412] ? __pfx_madvise_vma_behavior+0x10/0x10 [ 693.160716][T16412] ? mas_prev+0x9b/0xf0 [ 693.160731][T16412] ? __pfx_mas_prev+0x10/0x10 [ 693.160752][T16412] ? find_vma_prev+0xd8/0x150 [ 693.160770][T16412] ? futex_unqueue+0x133/0x2c0 [ 693.160793][T16412] ? __pfx_find_vma_prev+0x10/0x10 [ 693.160817][T16412] ? __futex_wait+0x256/0x300 [ 693.160838][T16412] madvise_walk_vmas+0x2fe/0xa90 [ 693.160860][T16412] ? __pfx_madvise_walk_vmas+0x10/0x10 [ 693.160885][T16412] madvise_do_behavior+0x1ea/0x510 [ 693.160906][T16412] ? __pfx_madvise_do_behavior+0x10/0x10 [ 693.160926][T16412] ? down_read+0x13b/0x460 [ 693.160951][T16412] do_madvise+0x195/0x240 [ 693.160969][T16412] ? __pfx_do_madvise+0x10/0x10 [ 693.160987][T16412] ? do_futex+0x192/0x350 [ 693.161004][T16412] ? find_held_lock+0x2b/0x80 [ 693.161030][T16412] ? xfd_validate_state+0x129/0x190 [ 693.161047][T16412] ? pipe_ioctl+0x226/0x2c0 [ 693.161064][T16412] __x64_sys_madvise+0xa9/0x110 [ 693.161083][T16412] ? lockdep_hardirqs_on+0x78/0x100 [ 693.161097][T16412] do_syscall_64+0x106/0xf80 [ 693.161110][T16412] ? clear_bhb_loop+0x40/0x90 [ 693.161127][T16412] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 693.161142][T16412] RIP: 0033:0x7f060839bf79 [ 693.161155][T16412] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 693.161169][T16412] RSP: 002b:00007f0609343028 EFLAGS: 00000246 ORIG_RAX: 000000000000001c [ 693.161184][T16412] RAX: ffffffffffffffda RBX: 00007f0608615fa0 RCX: 00007f060839bf79 [ 693.161194][T16412] RDX: 0000000000000015 RSI: 00000000002003f0 RDI: 0000000000000000 [ 693.161203][T16412] RBP: 00007f06084327e0 R08: 0000000000000000 R09: 0000000000000000 [ 693.161212][T16412] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 693.161221][T16412] R13: 00007f0608616038 R14: 00007f0608615fa0 R15: 00007ffee482e7a8 [ 693.161241][T16412] [ 693.788104][T15238] Bluetooth: hci3: command 0x0c1a tx timeout [ 693.794143][T15238] Bluetooth: hci2: command 0x0c1a tx timeout [ 693.801395][T15238] Bluetooth: hci3: unexpected event for opcode 0x7c89 [ 693.808302][T15238] Bluetooth: hci2: unexpected event for opcode 0x7c89 [ 693.819205][T16420] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 693.841576][ T9086] Bluetooth: hci3: unexpected event 0x3e length: 726 > 260 [ 693.841597][ T9086] Bluetooth: hci3: unexpected subevent 0x0d length: 725 > 260 [ 693.856366][ T9086] bt_err_ratelimited: 20 callbacks suppressed [ 693.856379][ T9086] Bluetooth: hci3: Unknown advertising packet type: 0x7f [ 693.862428][ T9086] Bluetooth: hci3: adv larger than maximum supported [ 693.869463][ T9086] Bluetooth: hci3: Unknown advertising packet type: 0x5f [ 693.876163][ T9086] Bluetooth: hci3: Malformed LE Event: 0x0d [ 693.896016][T16423] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 693.910511][T15238] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 693.910535][T15238] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 693.925276][T15238] Bluetooth: hci2: Unknown advertising packet type: 0x7f [ 693.925294][T15238] Bluetooth: hci2: adv larger than maximum supported [ 693.932397][T15238] Bluetooth: hci2: Unknown advertising packet type: 0x5f [ 693.939238][T15238] Bluetooth: hci2: Malformed LE Event: 0x0d [ 694.201641][ T9086] Bluetooth: hci1: unexpected event for opcode 0x7c89 [ 694.214789][T16430] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 694.226264][ T9086] Bluetooth: hci1: unexpected event 0x3e length: 726 > 260 [ 694.226286][ T9086] Bluetooth: hci1: unexpected subevent 0x0d length: 725 > 260 [ 694.241059][ T9086] Bluetooth: hci1: Unknown advertising packet type: 0x7f [ 694.241077][ T9086] Bluetooth: hci1: adv larger than maximum supported [ 694.248216][ T9086] Bluetooth: hci1: Unknown advertising packet type: 0x5f [ 694.254902][ T9086] Bluetooth: hci1: Malformed LE Event: 0x0d [ 694.284002][T16432] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2357'. [ 694.294365][T16432] netlink: 354 bytes leftover after parsing attributes in process `syz.0.2357'. [ 694.680926][ T30] audit: type=1800 audit(4294967410.296:84): pid=16443 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.2362" name="dbroot" dev="configfs" ino=79670 res=0 errno=0 [ 694.908720][T15238] Bluetooth: hci0: unexpected event for opcode 0x7c89 [ 694.980489][T15238] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 694.980516][T15238] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 694.995780][T15238] Bluetooth: hci0: Unknown advertising packet type: 0x7f [ 694.995816][T15238] Bluetooth: hci0: Malformed LE Event: 0x0d [ 695.371832][T15238] Bluetooth: hci1: unexpected event for opcode 0x7c89 [ 695.484304][T16453] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 695.529299][T16454] i2c i2c-0: new_device: Extra parameters [ 695.541128][T15238] Bluetooth: hci1: unexpected event 0x3e length: 726 > 260 [ 695.541152][T15238] Bluetooth: hci1: unexpected subevent 0x0d length: 725 > 260 [ 695.556388][T15238] Bluetooth: hci1: Malformed LE Event: 0x0d [ 696.104336][T16472] mm ffff888079b24980 task_size 140737488351232 [ 696.104336][T16472] mmap_base 139663900983296 mmap_legacy_base 47968894185472 [ 696.104336][T16472] pgd ffff8880319b0000 mm_users 0 mm_count 2 pgtables_bytes 155648 map_count 32 [ 696.104336][T16472] hiwater_rss 1514 hiwater_vm 5ff2 total_vm 69d4 locked_vm 0 [ 696.104336][T16472] pinned_vm 0 data_vm 23ba exec_vm 1bd stack_vm 422 [ 696.104336][T16472] start_code 7f060824b000 end_code 7f0608405101 start_data 7f06085f0000 end_data 7f06085f0000 [ 696.104336][T16472] start_brk 5555892d5000 brk 555589309000 start_stack 7ffee482ef40 [ 696.104336][T16472] arg_start 7ffee4830f6d arg_end 7ffee4830f81 env_start 7ffee4830f81 env_end 7ffee4830fe9 [ 696.104336][T16472] binfmt ffffffff8e867080 flags 00000000,840007fd [ 696.104336][T16472] ioctx_table 0000000000000000 [ 696.104336][T16472] owner 0000000000000000 exe_file ffff888031b64380 [ 696.104336][T16472] notifier_subscriptions 0000000000000000 [ 696.104336][T16472] numa_next_scan 4295006837 numa_scan_offset 0 numa_scan_seq 0 [ 696.104336][T16472] tlb_flush_pending 1 [ 696.104336][T16472] def_flags: 0x0() [ 696.293779][T16475] FAULT_INJECTION: forcing a failure. [ 696.293779][T16475] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 696.332074][T16475] CPU: 0 UID: 0 PID: 16475 Comm: syz.1.2374 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 696.332110][T16475] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 696.332118][T16475] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 696.332128][T16475] Call Trace: [ 696.332133][T16475] [ 696.332139][T16475] dump_stack_lvl+0x100/0x190 [ 696.332164][T16475] should_fail_ex.cold+0x5/0xa [ 696.332178][T16475] ? prepare_alloc_pages+0x16d/0x5f0 [ 696.332200][T16475] should_fail_alloc_page+0xeb/0x140 [ 696.332219][T16475] prepare_alloc_pages+0x1f0/0x5f0 [ 696.332241][T16475] __alloc_frozen_pages_noprof+0x193/0x2410 [ 696.332258][T16475] ? stack_trace_save+0x8e/0xc0 [ 696.332277][T16475] ? __pfx_stack_trace_save+0x10/0x10 [ 696.332297][T16475] ? stack_depot_save_flags+0x27/0x9d0 [ 696.332315][T16475] ? __lock_acquire+0x4a5/0x2630 [ 696.332331][T16475] ? kasan_save_stack+0x3f/0x50 [ 696.332346][T16475] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 696.332360][T16475] ? copy_time_ns+0xf6/0x800 [ 696.332379][T16475] ? unshare_nsproxy_namespaces+0xc3/0x1f0 [ 696.332408][T16475] ? __x64_sys_unshare+0x31/0x40 [ 696.332423][T16475] ? do_syscall_64+0x106/0xf80 [ 696.332437][T16475] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 696.332460][T16475] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 696.332480][T16475] ? policy_nodemask+0xed/0x4f0 [ 696.332500][T16475] alloc_pages_mpol+0x1fb/0x550 [ 696.332519][T16475] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 696.332542][T16475] alloc_pages_noprof+0x131/0x390 [ 696.332560][T16475] copy_time_ns+0x11a/0x800 [ 696.332578][T16475] ? copy_cgroup_ns+0x71/0x970 [ 696.332601][T16475] create_new_namespaces+0x48a/0xac0 [ 696.332626][T16475] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 696.332648][T16475] ksys_unshare+0x455/0xab0 [ 696.332664][T16475] ? __pfx_ksys_unshare+0x10/0x10 [ 696.332679][T16475] ? xfd_validate_state+0x129/0x190 [ 696.332702][T16475] __x64_sys_unshare+0x31/0x40 [ 696.332717][T16475] do_syscall_64+0x106/0xf80 [ 696.332730][T16475] ? clear_bhb_loop+0x40/0x90 [ 696.332747][T16475] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 696.332762][T16475] RIP: 0033:0x7fe6c879bf79 [ 696.332775][T16475] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 696.332790][T16475] RSP: 002b:00007fe6c9680028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 696.332805][T16475] RAX: ffffffffffffffda RBX: 00007fe6c8a15fa0 RCX: 00007fe6c879bf79 [ 696.332814][T16475] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000080 [ 696.332822][T16475] RBP: 00007fe6c88327e0 R08: 0000000000000000 R09: 0000000000000000 [ 696.332831][T16475] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 696.332840][T16475] R13: 00007fe6c8a16038 R14: 00007fe6c8a15fa0 R15: 00007ffd180b7628 [ 696.332860][T16475] [ 696.633963][T16472] ------------[ cut here ]------------ [ 696.639662][T16472] kernel BUG at mm/khugepaged.c:438! [ 696.645041][T16472] Oops: invalid opcode: 0000 [#1] SMP KASAN PTI [ 696.651269][T16472] CPU: 0 UID: 0 PID: 16472 Comm: syz.3.2372 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 696.662205][T16472] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 696.672239][T16472] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 696.682274][T16472] RIP: 0010:__khugepaged_enter+0x30a/0x380 [ 696.688071][T16472] Code: 64 7e 8e e8 a8 dc 66 ff e8 93 e6 8d ff 5b 5d 41 5c 41 5d 41 5e 41 5f e9 04 6c 04 09 e8 7f e6 8d ff 48 89 df e8 17 33 d9 ff 90 <0f> 0b 48 89 ef e8 dc 51 f8 ff e9 3b fd ff ff e8 f2 52 f8 ff e9 e1 [ 696.707659][T16472] RSP: 0018:ffffc9000e98fba8 EFLAGS: 00010292 [ 696.713707][T16472] RAX: 000000000000031f RBX: ffff888079b24980 RCX: 0000000000000000 [ 696.721657][T16472] RDX: 000000000000031f RSI: ffffffff81e5b2c9 RDI: fffff52001d31f1c [ 696.729608][T16472] RBP: 0000000000000000 R08: 0000000000000005 R09: 0000000000000000 [ 696.737584][T16472] R10: 0000000080000000 R11: 0000000000000001 R12: 0000000008100177 [ 696.745537][T16472] R13: ffff88804adf9510 R14: 0000000000000000 R15: 0000000000000000 [ 696.753506][T16472] FS: 00007f06093436c0(0000) GS:ffff8881245b1000(0000) knlGS:0000000000000000 [ 696.762420][T16472] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 696.768986][T16472] CR2: 00007fff341d3f52 CR3: 00000000319b0000 CR4: 00000000003526f0 [ 696.776943][T16472] Call Trace: [ 696.780208][T16472] [ 696.783123][T16472] khugepaged_enter_vma+0x137/0x2c0 [ 696.788310][T16472] do_huge_pmd_anonymous_page+0x1c8/0x1c00 [ 696.794108][T16472] ? __pfx_pgd_none+0x10/0x10 [ 696.798768][T16472] ? __lock_acquire+0x4a5/0x2630 [ 696.803690][T16472] __handle_mm_fault+0x1e96/0x2b50 [ 696.808791][T16472] ? reacquire_held_locks+0xce/0x1e0 [ 696.814057][T16472] ? __pfx___handle_mm_fault+0x10/0x10 [ 696.819504][T16472] ? lock_vma_under_rcu+0x17c/0x5a0 [ 696.824696][T16472] handle_mm_fault+0x36d/0xa20 [ 696.829454][T16472] do_user_addr_fault+0x5a3/0x12f0 [ 696.834556][T16472] exc_page_fault+0x6f/0xd0 [ 696.839042][T16472] asm_exc_page_fault+0x26/0x30 [ 696.843889][T16472] RIP: 0033:0x87560 [ 696.847713][T16472] Code: Unable to access opcode bytes at 0x87536. [ 696.854101][T16472] RSP: 002b:000000000000000e EFLAGS: 00010202 [ 696.860146][T16472] RAX: 0000000000000000 RBX: 00007f0608615fa0 RCX: 00007f060839bf79 [ 696.868101][T16472] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0002000020003b4a [ 696.876054][T16472] RBP: 00007f06084327e0 R08: 0000000000000103 R09: 0000000000000000 [ 696.884004][T16472] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 696.891954][T16472] R13: 00007f0608616038 R14: 00007f0608615fa0 R15: 00007ffee482e7a8 [ 696.899912][T16472] [ 696.902912][T16472] Modules linked in: [ 696.907566][T16472] ---[ end trace 0000000000000000 ]--- [ 696.915197][T16472] RIP: 0010:__khugepaged_enter+0x30a/0x380 [ 696.921019][T16472] Code: 64 7e 8e e8 a8 dc 66 ff e8 93 e6 8d ff 5b 5d 41 5c 41 5d 41 5e 41 5f e9 04 6c 04 09 e8 7f e6 8d ff 48 89 df e8 17 33 d9 ff 90 <0f> 0b 48 89 ef e8 dc 51 f8 ff e9 3b fd ff ff e8 f2 52 f8 ff e9 e1 [ 696.942674][T16472] RSP: 0018:ffffc9000e98fba8 EFLAGS: 00010292 [ 696.949792][T16472] RAX: 000000000000031f RBX: ffff888079b24980 RCX: 0000000000000000 [ 696.966051][T16472] RDX: 000000000000031f RSI: ffffffff81e5b2c9 RDI: fffff52001d31f1c [ 696.976264][T16472] RBP: 0000000000000000 R08: 0000000000000005 R09: 0000000000000000 [ 696.984436][T16472] R10: 0000000080000000 R11: 0000000000000001 R12: 0000000008100177 [ 696.992458][T16472] R13: ffff88804adf9510 R14: 0000000000000000 R15: 0000000000000000 [ 697.000462][T16472] FS: 00007f06093436c0(0000) GS:ffff8881245b1000(0000) knlGS:0000000000000000 [ 697.009455][T16472] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 697.016069][T16472] CR2: 000055906703f168 CR3: 00000000319b0000 CR4: 00000000003526f0 [ 697.024152][T16472] Kernel panic - not syncing: Fatal exception [ 697.030248][T16472] Kernel Offset: disabled [ 697.034571][T16472] Rebooting in 86400 seconds..