last executing test programs: 1m27.912903172s ago: executing program 2 (id=2272): r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/adsp1\x00', 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) unshare$auto(0x40000080) mmap$auto(0x0, 0x2000d, 0x7, 0x8eb1, r0, 0x8000000000000001) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(0xffffffffffffffff, 0x0, 0xfff) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x9, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_safesetid_uid_file_fops_securityfs(0xffffffffffffff9c, &(0x7f0000000000), 0x4002, 0x0) mmap$auto(0x5ab, 0x6f, 0x4000000000e0, 0x2eb1, 0x401, 0x0) socket(0x21, 0x2, 0x2) r2 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, 0x0, 0x802, 0x0) read$auto(0xffffffffffffffff, 0x0, 0x20) writev$auto(r2, &(0x7f0000000200)={0x0, 0x7}, 0x3) sendmmsg$auto(0xffffffffffffffff, 0x0, 0x6, 0x8) sendmsg$auto_HWSIM_CMD_NEW_RADIO(0xffffffffffffffff, 0x0, 0x4008011) write$auto(0x3, 0x0, 0x7fffffff) socket(0xa, 0x2, 0x0) ioctl$auto(0x3, 0x5411, 0x38) r3 = socket(0x6, 0x1, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYBLOB='&\x00', @ANYBLOB="5de1"], 0x1ac}, 0x1, 0x0, 0x0, 0x8000}, 0x40000) mmap$auto(0x5, 0x1, 0xdd, 0x38, 0x1, 0x8000000000000000) close_range$auto(0x0, 0x5, 0x0) fanotify_init$auto(0x5, 0x2000000000002) inotify_init1$auto(0x3000000000000) socket(0x15, 0x5, 0x0) 1m25.960511993s ago: executing program 2 (id=2278): mmap$auto(0x0, 0x12020009, 0x4, 0xf8, 0xfffffffffffffffa, 0x3) socket(0xa, 0x4, 0x3) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r0, 0x0, 0x20) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x400000003) getpid() ioctl$auto(0x3, 0x400454ca, 0x38) openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, &(0x7f00000006c0), 0x0, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x5, 0x0) sysfs$auto(0x2, 0x4a, 0x0) r2 = fsopen$auto(0x0, 0x1) fsconfig$auto(r2, 0x6, 0x0, 0x0, 0x0) socket(0x2b, 0x1, 0x1) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) syz_genetlink_get_family_id$auto_l2tp(0x0, 0xffffffffffffffff) mmap$auto(0x0, 0x61, 0x100001000000004, 0xfa31, 0x400, 0x8000) mmap$auto(0x0, 0x2000a, 0x10000000000df, 0xeb2, 0x401, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) r3 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) openat$auto_trace_clock_fops_trace(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/kernel/debug/tracing/trace_clock\x00', 0x80000, 0x0) r4 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) ioctl$auto(r3, 0x4b72, r4) r5 = openat$auto_cpu_latency_qos_fops_qos(0xffffffffffffff9c, &(0x7f0000000000), 0x800, 0x0) readv$auto(r5, &(0x7f0000000580)={0x0, 0x1}, 0x1) 1m24.994534907s ago: executing program 2 (id=2282): sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40}, 0x40000) mmap$auto(0x6, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8003) r0 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vbi15\x00', 0x802, 0x0) ppoll$auto(&(0x7f0000000040)={r0, 0x5, 0xf}, 0x4, 0x0, 0x0, 0x8) unshare$auto(0x40000080) getpeername$auto(r0, 0x0, 0x0) pipe$auto(&(0x7f0000000040)=0xffffffffffffffff) read$auto_kernfs_file_fops_kernfs_internal(r1, &(0x7f00000000c0)=""/4096, 0x1000) 1m23.984185598s ago: executing program 2 (id=2286): prctl$auto_PR_SCHED_CORE_SHARE_FROM(0x8, 0x3, 0x0, 0x0, 0x2) socket(0x10, 0x4, 0xffffffc0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x406, 0x0, 0x8fd6, 0x948b, 0x3, 0x15f4da0a, 0x4000000000005, 0x6, 0x62, 0x8, 0x7, 0x1, 0xb, 0x100, 0x18]}, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d7) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/i8042/serio0/scroll\x00', 0x2062, 0x0) r2 = socket(0x10, 0x2, 0xc) r3 = syz_genetlink_get_family_id$auto_nlctrl(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$auto_CTRL_CMD_GETPOLICY(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="10002cbd7000fadbdf250a00000a00000200252f00e2a85c41e75a02715b2d0000005cdcdf28fffe65c31770799fdab838aaf6712a82e628c9e6429a4a38320b2d692863927bd744b4f7b409b29862d3257675d4fd09d74a831929b1005bdd28ef3fc5ae2884ef6a78fedbebbc656141771e57124268c37932c90ec99923926a97bb444f6903a41102463c79baf78c35827f46efb37be97277d81130bd43e31c60347610f3e65f3d60d3d1e231c0cc23ad56ff23565d95cfafc7a92a64da18c0c01c0600010006000000"], 0x51}, 0x1, 0x0, 0x0, 0x24050803}, 0x10004010) write$auto(r1, &(0x7f00000001c0)='1\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) write$auto(r0, &(0x7f00000006c0)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b\v\x82\rd\xd2\xaa\v!\xb1}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbbw\x8dSN\xb2#\xde\xf6\xfe\n_\x86\xccI{0 \xdb8Mh\x16 `\xc7\xe3\xf1\x9f-\xdd\x9a\xd2f\xca\xb3\x99\x81\xb0\xebt\xbc\xde\x0eH\x8db', 0x52) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x60301, 0x0) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000140)={{0x0, 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x5, 0x20000000) rseq$auto(&(0x7f0000000300)={0xe, 0x401, 0x0, 0x6, 0xffffffff, 0x2}, 0x8000, 0x0, 0x6) mmap$auto(0x0, 0x10000, 0x8000, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x8, 0x2, 0x9b72, 0x5, 0x0) futex_wait$auto(0x0, 0x0, 0x7f, 0x2, 0x0, 0x1) futex_wake$auto(0x0, 0x7, 0xfffffffb, 0x2) mmap$auto(0x0, 0xfff, 0xdf, 0x9b72, 0x400, 0x28000) socket(0xa, 0x1, 0x0) ioctl$auto(0x3, 0x894b, 0x38) semget$auto(0x0, 0x13c, 0x1ff) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_SMC_PNETID_ADD(r4, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)={&(0x7f00000006c0)={0x2c, 0x0, 0x1, 0x70bd2c, 0x25dfdc01, {}, [@SMC_PNETID_ETHNAME={0xc, 0x2, '+o*#\x90\x80\x8b\x00'}, @SMC_PNETID_NAME={0xb, 0x1, 'netdev\x00'}]}, 0x2c}, 0x1, 0x0, 0x0, 0x840}, 0x40d0) semtimedop$auto(0x0, &(0x7f00000000c0)={0xa, 0x81, 0x70}, 0x1f4, 0x0) semtimedop$auto(0x0, &(0x7f0000000000)={0x7, 0x8000, 0x36ec}, 0x1, 0x0) semctl$auto(0x0, 0x9, 0x0, 0x2) socket$nl_generic(0x10, 0x3, 0x10) 1m22.838177548s ago: executing program 0 (id=2289): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram11\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) preadv2$auto(r0, &(0x7f0000000080)={0x0, 0x80000000}, 0x6, 0xffffffffffffffff, 0x4, 0x2e) ioctl$auto_BLKFLSBUF(r0, 0x1261, 0x0) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x2020009, 0xc, 0xeb1, 0xfffffffffffffffa, 0x8000) rseq$auto(0x0, 0xfffffff4, 0x0, 0x5) semget$auto(0xb, 0xe, 0xe0000) r1 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$auto_VHOST_SET_BACKEND_FEATURES(r1, 0x4008af25, &(0x7f0000000000)=0x7) mmap$auto(0x0, 0x9, 0x8000, 0xe238, 0x602, 0x5) openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, 0x0, 0x62040, 0x0) rseq$auto(0x0, 0x6, 0x3, 0xff) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) r3 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYRESDEC=r0, @ANYBLOB='^\x00', @ANYRES32, @ANYRES64, @ANYRES32], 0x1ac}, 0x1, 0x0, 0x0, 0x8000}, 0x40) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r4, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000000)={0x1c, r5, 0x27c9d9d5b13b6c03, 0x70bd25, 0x25dfdbfd, {}, [@HWSIM_ATTR_IFTYPE_SUPPORT={0x8, 0x17, 0x2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x404c884}, 0x64004890) recvmmsg$auto(r3, &(0x7f0000000180)={{0x0, 0x1, 0x0, 0x4, 0x0, 0x8, 0x7}, 0x7}, 0x5, 0x66a6, 0x0) mmap$auto(0x1, 0x40009, 0xdf, 0x13, r2, 0x10001) msync$auto(0x1ffff000, 0x1800000ff000dff, 0x400000004) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) r6 = openat$auto_proc_page_owner_threshold_(0xffffffffffffff9c, &(0x7f0000000000), 0x109280, 0x0) read$auto(r6, &(0x7f0000000100)='\xcb%)\x00', 0x7) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, 0x0, 0x0) close_range$auto(r0, r2, 0x0) 1m22.523074427s ago: executing program 2 (id=2290): r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x948f, 0x803, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x7, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) openat$auto_mon_fops_text_t_mon_text(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/usb/usbmon/9t\x00', 0xa00, 0x0) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000004400)='/dev/dsp1\x00', 0x1, 0x0) ioctl$auto_SNDCTL_DSP_GETTRIGGER(r2, 0x80045010, &(0x7f0000004440)) ioctl$auto_VHOST_SET_LOG_FD2(0xffffffffffffffff, 0x4004af07, &(0x7f00000001c0)=0xffffffffffffffff) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, r3, 0x8000) r4 = open_by_handle_at$auto(r1, &(0x7f00000002c0)={0x1a, 0x136a, "8f42b1077e737d4629d7867bca48102625b1c2c21fa15504a19b"}, 0x7d) mmap$auto(0x0, 0x400008, 0x3, 0x9b72, 0x2, 0x8000) lstat$auto(0x0, &(0x7f0000000180)={0x4, 0x1c, 0x63af, 0x63, 0x0, 0x0, 0x0, 0x0, 0x8, 0x80000008000000a, 0x40000402, 0x6, 0x7, 0xffffffff80000004, 0x8000000002009, 0x6, 0x2400001000ff}) sendmsg$auto_OVS_DP_CMD_NEW(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="0f"], 0x24}, 0x1, 0x0, 0x0, 0x20000800}, 0x4) r6 = socket(0x10, 0x2, 0x6) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="13"], 0x1ac}}, 0x4004) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) setsockopt$auto(r4, 0x1, 0x1021, 0x0, 0xd) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) geteuid() sendmsg$auto_OVS_CT_LIMIT_CMD_GET(0xffffffffffffffff, &(0x7f0000001ac0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000680)=ANY=[@ANYRESDEC=0x0, @ANYRES16=r3, @ANYRESOCT, @ANYRESDEC=r3, @ANYRESDEC=r4, @ANYRESHEX=r5, @ANYRESOCT=r5, @ANYRESOCT=r0, @ANYRESDEC=r6, @ANYRESOCT=r2, @ANYRESDEC=r2], 0x14}, 0x1, 0x0, 0x0, 0x4040840}, 0x240c8045) mmap$auto(0x100000000, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0xa, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000340)='/sys/devices/platform/vhci_hcd.0/usbip_debug\x00', 0x8002, 0x0) r7 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/domain_policy\x00', 0x40802, 0x0) r8 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), 0xffffffffffffffff) r9 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NL80211_CMD_RELOAD_REGDB(r9, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000001b00)=ANY=[@ANYBLOB="20010000", @ANYRES16=r8, @ANYBLOB="010025bd7000fedbdf257e000000000066004e21000000002680000002000400000000000200000000000000010009000000000001000400000000000200070000000000980006000000000014010f000000000007001f5198dea666bad033b7aea5d7529adf1ae5607ef3d022c60a57cd1649952c00000080004dec6ee46088e64587adba9ba7537f79f056fbd60490f11a3498560bfa783badf6fa39e3aa9815705e629beb9573271a53f5c4ee3859bf0313d7dad665a019c4e908768bb5b896533bbd3b39e4768150289646864a302e8ded90a5b83ada85575e6657023fb727d3723ff97af53540e2fbc15e85a0c6a5644432b997ba3bdc423b0be181bf0d501cf098551e7b2ce99ac721bf9145ebc91fe7c9230b30f9b88ac5b2c404ddfac531ea9fcaf6d514daf8c13a9f382059488c3280a13754303b49d3eddff53520086a38cbb1075e09f556c208c26f727717e52ad91b929b37df820ffca5a077087bc540d3c30fa84b5986b17605e72c7af63bd4264355ec1e043e6ae397fd5b925bc6ee277f7e42b305fbe861e8e9974efb062206bd7fef4b13f19f926c090b1367e4599ea549d1e97c1c2b214d06c5de3e7dc0bae99b9030f72ae011f303fa7ea798a612fd252f9e9c238f07ccc755d8c4aff22798a08e567e0b8f3975fc1b30522f1b82ed37fecc8927a2f8265cb2423f4272359a5b097f54bdb65f51f0911ca880641493cce6f3f00edfefe3d7f007bc5c57214dde959740b9e0a70b28d191e10eb5c3eccfdf045407c80e026f4e9fe766eca822b77df002210db69f60480ae2e21fced2bf22dde077e0ccbe2e05f58ba0db3d9f6469382574a23009202a928c2e7a67623eeeb3976036936871d6056bca11541ed5d795853e233149c9ea3e3d478b5e35cf5e551002a79ac8a33d81b60fde70ccbf125c4b4243160db218068b7a2db851b3dfad23f584b6db1b9ec1428635f27d4bb08cb9b0d4d9c725595fbd59622038dc6cb2f70282ae273c9927dfc884b8e99578c897e90ffeec2c4f3b1e4c5cadc23ff40dd06e618b0f798c0d4a87c7728de7b03a7a8021dcdbd1f4c8b29ea50d2130cf3099a8b37a4d894a5020bc583feaf86c00b8d917567b988f875af819935a325517e76850262d5558ff1fcf9f5b7b26a9645bb26d20104227757359a6e52317edbdd2fde26c3b3f26ee6e2714d9668cfafe1f1c83c24d7e3b55127b38315b1b9053d3ed9561c14e0cf3b173f89e739337a63e5d13fb97466b9b36556adb4af4e9b18d4778c369692333cb70c72d968aff999fe3f08690fdc345eceedb90782bc907b20d4a06867f2930ebb553494aeceabf2f33f1295753241986835af90226970a126a27d9c1f3a04f9b917fa57524fb70f161e619ab83cff4edceef04362c497dc4804af7e7837a4b4241521a2cb28a08fe7001ce941a8cf3f2a4266dbc5fd02c56a5a16fe2a0af334673588ea9b161c65b7ab9a67e4808f1e8c6cf55641a97082348e1e31ed07154364d1fb134e988d32277a2c5224985ab2e3b518c927af3338cfeab947dc38466b8e58f40402d97417a895d335dcd5ccf6ed33ba8a54c80ea0cfe0c66993e86f8b2699d860ff1b2d00db394a18a92e0ed026737e46d52978bae076c156be5e6530222fe8c93c8e4ecd29bfd1823b2730515eb3e99ecb867e0117fafafb495f34fe5c82c7af4e163ef7c543d5327b011b65e661db58838a0821f66c65a9b2d598fe497d778ced9bb1c48369c70a3ab32dd9626f0b575d47a0b7398fcaebce8048504cc3ebcc4498894bf079758aa008906c570f9a4ce0c5faefd8326dde933dccf7a2896a3b86ceb8add2b7f69943b006c8ca893916b156458c9dd28e1e21770e7ba6d7fb8ebdde22ff23346cd0f6d0c90a093fae2f128f759418402b13fae56d033f6adde7442b46db3aedb8665718b37055df3b0710f5e31ea2e04abbca71d7c8cc71325a1124d38c4245587ff29c5e0f1cbfdf7b865099a395dd9c2f7e29200bda2c2b20b17b7f33e1c277c57925b59aca80821a48085b7eab507385849a0e22c2ac4a526e7b786fd9442fd2df0eb05cb1df98795853536dc12b6fea234a4c32a57059049c0dedee032615da106c88fe54e73226cb88b4863c1f905dac6dffd4e5e53873f746e19ee631e8cab802ef174df5cb6e88e513aa10a0e1dd7d43075bc19b94491b9cb8fe1efac7d300e4c6253d42198c94f76fef50405405c348b9bfe0c4e09b6668655baaff6d464b20c5db5aa72b6e5345aa6af3c2b2e508ab94ed2f3ae27947c30f6c9435396cccca249745963693d456f0b13551ebd2714a5d2aa5eec9d61d2d6b9aba3d482f4c49906435b1d783f381a7180a5077358717dfc2e117d31e141382b11db23fb0c7d8ec13b0e2e542cfe4b44f2e9b0a440dcf9143f3be9494f3bc2004047e86405b4190fb667d269f2a7d1c48509fbdc3bb3e99d6f68a309ffff000006007347b9c70c7a48913b05957bbb9826fc681df1b98ace4a88eebe405b8400e41aa87a86c1aca27323448d0dfed2b28ecfa7d65c7264311080712e8fa3874f7ee38b02120b885602b84d954479702f51ac45a331dfe2ef76c45014c84415189885b9c9613c2acb7a41c6ace876ee5af4fc50407fc3361a128a2e59e60f11b47277c9a5f3cbe0424d3886a3a3a0f40c5ef46d2b331ca3d83f2f444bc6998d06926c6a1cb162ef14fb7ab2ee731fdc7f0fc553a3c07226a2160d350ed7f30000360103e17d2b53cce133a6674f5b8600a49a8403c6bdfd3e0c464ed8a2fe254a5939fb09cb1dc350c9230c189febda65557207893e11deb595e622008d945c914692afa24b99bf04b003881b9fc35a628e8a1f7dd36490920c7ce2dbffcf61124f39b5329db3d8f56f48af0b3b31b588771b14d045e0ea69404cf54596db22abd3d35b4f3d484faa4ac1eca1bbbe82ed861aee4715f465c010e98899929b521dea88b03c97f8d005000000987004d3b262d91b7e4b6d005ebb201517953c89225c186080b4836ccb358d624f4b134a11c7ec39e49d80d2c40312c250508a0e8c0969f1fe6830e50c3f2623b31882a5409300737b3fe096e8da90fa050194db696c605c6f82e18f9fc334aa232483df49ed13478a9bd48a"], 0x120}, 0x1, 0x68, 0x0, 0x24000000}, 0x140) sendmsg$auto_NL80211_CMD_GET_KEY(r3, &(0x7f0000000240)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000280)={&(0x7f00000004c0)=ANY=[@ANYBLOB="1c000000", @ANYRESDEC=r2, @ANYRESOCT=r7], 0x1c}, 0x1, 0x0, 0x0, 0x21}, 0x51) 1m21.556038967s ago: executing program 0 (id=2293): r0 = openat$auto_debugfs_full_proxy_file_operations_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/ieee80211/phy1/aql_enable\x00', 0x40000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) ioctl$auto_KVM_GET_MSRS(0xffffffffffffffff, 0x4400ae8f, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/net/ip_vs_stats_percpu\x00', 0x110102, 0x0) madvise$auto(0x0, 0x8000000000000000, 0x15) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) fallocate$auto(0xffffffffffffffff, 0x3, 0x3, 0x0) fcntl$auto_F_SETOWN_EX(r0, 0xf, 0x8) 1m21.287385174s ago: executing program 0 (id=2295): r0 = socket(0x10, 0x3, 0x6) r1 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_GET_MESH_CONFIG(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)=ANY=[@ANYBLOB='(\x00\a\x00', @ANYRES16=r1, @ANYBLOB="01002cbd7000fedbdf251c08000014000400bd"], 0x28}, 0x1, 0x0, 0x0, 0x20004000}, 0x48d0) 1m21.156623755s ago: executing program 0 (id=2296): openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000140), 0x2002, 0x0) socket(0x29, 0x2, 0x0) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0x8, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x2, 0x948b, 0x3, 0x15f4da0a, 0x1, 0x3, 0x62, 0x80000001, 0x7, 0x6d3f, 0x9, 0x2, 0xfffffffffffffffe]}, 0x0) write$auto(r0, &(0x7f0000000400)='\x00\x00\x00\x00', 0x100000a3d9) r1 = getpid() mremap$auto(0x0, 0x4000007, 0x3fd7, 0x0, 0x20000020000000) openat$auto_drm_crtc_crc_data_fops_drm_debugfs_crc(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0x6ae}, 0x7) process_vm_readv$auto(r1, &(0x7f0000000000)={0x0, 0xf2ef}, 0x40000000001, &(0x7f0000000180)={&(0x7f0000000140), 0x40000000001249}, 0xa, 0x4) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/asound/card1/pcm1p/sub2/status\x00', 0x100, 0x0) lseek$auto(0x3, 0x8, 0x1) socket$nl_generic(0x10, 0x3, 0x10) select$auto(0xd, 0x0, 0x0, &(0x7f0000000200)={[0x8001ff, 0x7, 0xd, 0x300000000000000, 0x948d, 0x3, 0x80, 0x3, 0x6, 0x8000000000000001, 0x7, 0x100000000000007, 0xd, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0) openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/kernel/config/nullb/features\x00', 0x80280, 0x0) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) sendmsg$auto_TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x28000}, 0x4) setfsuid$auto(0xffffffffffffffff) msgctl$auto_IPC_INFO(0xfffffff8, 0x3, &(0x7f0000000500)={{0x8, 0xee01, 0xee00, 0x7f, 0x7, 0x48, 0x3}, 0x0, &(0x7f00000004c0)=0x9, 0x1, 0x0, 0x2, 0x2, 0x7, 0x7d, 0xae8, 0x6, @raw=0x2, @raw=0x6}) r2 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x40000, 0x0) io_uring_register$auto(r2, 0x9, &(0x7f0000000580)="c690148d9b26f31a27df5e8b98268719c3c8bd21fb84dee1d647f363b2a908749407db5711209cd4861f9c7ac7bb9f01dac17d8db1346a412353467243003174fb63ce2e70e5c51a4eef808ff3fffb5c60e4bbee82597c8139c44501f6eab048dee5aabff7fc2b42fe5385f8d5dc429e1dc4c9d82cb8f1fda288f94a2643e0d2c8dee72744b672d0f90b50c49a3d350587644fdf55a7cb6f115274a49c582be7383a1a03377ad7071cd360e6938bbe931813c73ce19c91e6244a664c6924225b6641acac9a786547cc70ae12ca4b39e8fa920c70d4c6ff125482e5fed0921dacfc8ead8946b8a33e", 0xa82e) shmctl$auto_IPC_STAT(0x9, 0x2, 0x0) write$auto(0x3, 0x0, 0xffd8) capset$auto(0x0, &(0x7f00000000c0)={0x1, 0x2, 0x8}) socket(0x15, 0x5, 0x0) 1m21.060086165s ago: executing program 2 (id=2297): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = pipe$auto(0x0) r1 = socket(0x2000000000000021, 0x2, 0x10000000000002) write$auto_proc_reg_file_ops_compat_inode(r0, &(0x7f0000000000)="5ceba844841ed969fd87a03d210bf37849dde6d5f6db836765f5a806000615ecf22f39e8b182e8f281d8b1014f122eaab55e057586039838b4c3", 0x3a) setsockopt$auto(r1, 0x80000001, 0x6, 0x0, 0x6) set_mempolicy$auto(0x2, &(0x7f0000000200)=0x3, 0x21) r2 = openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f00000022c0)='/dev/mtd0\x00', 0x80000, 0x0) ioctl$auto_MEMREADOOB64(r2, 0xc0184d16, &(0x7f0000002300)={0xffffffffffffff5c, 0x0, 0x309, 0x7}) mmap$auto(0x0, 0x2000d, 0x7, 0xeb1, 0x404, 0x10008000) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r4 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r3, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) r5 = openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dri/card1\x00', 0x0, 0x0) ioctl$auto(r5, 0x800064b9, 0x1e6) r6 = io_uring_setup$auto(0x6, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) bpf$auto(0x0, &(0x7f0000000100)=@bpf_attr_3={0x2, 0xa, 0xc108, 0x6, 0xa, 0xffff, 0x2, 0x800, 0x7, "769e45acc9b90eb81f9cd97bb8b4b403", 0x0, 0x6, r6, 0xc, 0xffffffff, 0xf09, 0x1, 0x8, 0x0, 0x400, @attach_prog_fd=r6, 0x80000001, 0x401, 0x2d1230fd, 0x8, 0x7}, 0xa3) close_range$auto(0x2, 0x8, 0x0) syz_genetlink_get_family_id$auto_seg6(0x0, 0xffffffffffffffff) openat$auto_mousedev_fops_mousedev(0xffffffffffffff9c, &(0x7f0000000080)='/dev/psaux\x00', 0x2, 0x0) writev$auto(r4, &(0x7f00000000c0)={0x0, 0x7111}, 0x200000008) openat$auto_debugfs_full_proxy_file_operations_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/kernel/debug/ieee80211/phy0/power\x00', 0x88000, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/mtrr\x00', 0xc0000, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/020/001\x00', 0x80000, 0x0) r7 = openat$auto_mISDN_fops_timerdev(0xffffffffffffff9c, &(0x7f0000000080), 0x18b803, 0x0) ioctl$auto_IMADDTIMER(r7, 0x80044940, &(0x7f0000000000)=0x1) ioctl$auto_IMADDTIMER(r7, 0x80044940, &(0x7f00000000c0)=0x1) close_range$auto(0x2, 0x8, 0x0) 1m20.060114888s ago: executing program 0 (id=2300): mmap$auto(0x0, 0x0, 0x7, 0xeb1, 0xffffffffffffffff, 0x100) socket(0x18, 0x5, 0x5) connect$auto(0xffffffffffffffff, &(0x7f00000000c0)=@nfc={0x27, 0x0, 0x0, 0x6}, 0x800000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x402e00, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) ioctl$auto_SNDCTL_DSP_CHANNELS(0xffffffffffffffff, 0xc0045006, &(0x7f00000001c0)) read$auto(0xffffffffffffffff, 0x0, 0x1000) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) socket(0x11, 0x3, 0x4007) r1 = socket(0x2, 0x1, 0x0) mmap$auto(0xfffffffffffffffd, 0x9, 0xdf, 0x88000010, 0x2, 0x8000) close_range$auto(0x2, r1, 0x2) socket(0x80000000000000a, 0x2, 0x0) r2 = socket(0xa, 0x801, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) getsockopt$auto(r2, 0x84, 0x6d, 0x0, &(0x7f0000000280)=0x1000c0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/net/ip_vs\x00', 0x100, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r3 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000180)='/dev/dsp1\x00', 0x0, 0x0) ioctl$auto_SNDCTL_DSP_CHANNELS(r3, 0xc0045006, 0x0) mmap$auto(0x0, 0x2020009, 0x2, 0xeb1, 0xfffffffffffffffa, 0x8000) rseq$auto(&(0x7f0000000300)={0xe, 0x3fe, 0x0, 0x6, 0xffffffff, 0x2}, 0x8000, 0x0, 0xbffffffb) prctl$auto(0x1000000003b, 0x1, 0x0, 0x5, 0x7) madvise$auto(0x1, 0xffffffffffff0005, 0x18) madvise$auto(0x0, 0x2003f0, 0x15) madvise$auto(0x0, 0x200007, 0x19) pselect6$auto(0x9, &(0x7f0000000180)={[0x8, 0x4, 0x0, 0x6, 0x8001, 0x4000000000002bc8, 0xfff, 0x1, 0xfffffffffffffffe, 0xffffffff, 0x8000000000000001, 0xfffffffffffffffd, 0x211, 0x40000000, 0x8, 0x1]}, 0x0, 0x0, 0x0, 0x0) getsockopt$auto(0x3, 0x6, 0xb, 0x0, 0x0) 1m18.970701962s ago: executing program 0 (id=2305): mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/net/eql/ifalias\x00', 0xb02, 0x0) mmap$auto(0x0, 0x240009, 0xdf, 0x9b72, 0x7, 0x28000) execve$auto(0x0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_ftrace_subsystem_filter_fops_trace_events(0xffffffffffffff9c, &(0x7f00000006c0)='/sys/kernel/debug/tracing/events/vmalloc/filter\x00', 0x40480, 0x0) r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000180)='/proc/sys/net/ipv6/conf/bridge_slave_0/mldv2_unsolicited_report_interval\x00', 0x40001, 0x0) ftruncate$auto(0x3, 0x400180200000) mmap$auto(0xa, 0x40009, 0xfffffffffffff227, 0x9b72, 0xffffffffffffffff, 0x28000) write$auto(0xffffffffffffffff, &(0x7f0000000300)='.o\xd3\xa49\xaf\xa9\xe4\xe17\x12\xb3Z\x17I\x82\xdc\xbeiw\xc1\xd1\x8d\x9b\r\x9aR\xe7\x9f\xd8\xab\x16`f\nT\xaa\xfap \xe6\xdaV\xdeD\x8dR5\xd2\xe58\n\xff\x19+\xeb\xb3+\xf6\xc6\a\x00\x00\x00\xf1A\xa5\x95\x1fk\x1f\xff\x99gP\x9e\x88\x97]\x93\xf4\xdd<\xe7p\x0e\xd4C\xdc\x84\v\xafz\xfd\x81\xa3\xb2\xbb\xa4\xd9\xf2P\xa8\xe9\x8f\x13\xa7\x98\x85\xf8\v\aB\xfc\xfa\x14E\xb8y\x884<\xa7\xffyb\x8a\b\xbb\x1b\x13W\xe3\xf7\xd8\x83\xc9\xd7\x8c', 0x6) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x2deb43, 0x0) faccessat2$auto(0xffffffffffffffff, 0x0, 0x0, 0x7) read$auto(r1, 0x0, 0x20) r2 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, 0x0, 0x802, 0x0) writev$auto(r2, &(0x7f0000000200)={0x0, 0x7}, 0x3) mmap$auto(0x2, 0x401, 0x1000, 0x8000000000000011, 0xffffffffffffffff, 0x5) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0xc40, 0x0) syz_genetlink_get_family_id$auto_seg6(&(0x7f0000000100), 0xffffffffffffffff) r3 = openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim2/health/break_health\x00', 0x48081, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000280)=ANY=[@ANYRES64, @ANYRES64=r0, @ANYRES64=r2, @ANYBLOB="894f844ea904ebea19000000120001640043005af77d2e758fa4192512ca5b0000"], 0x4c}, 0x1, 0x0, 0x0, 0x4004040}, 0x4844) write$auto(r3, 0x0, 0x1ff) prctl$auto_PR_SCHED_CORE_GET(0x9, 0x0, 0x0, 0x0, 0x26fa) r5 = openat$auto_loop_ctl_fops_loop(0xffffffffffffff9c, &(0x7f0000000040), 0x40, 0x0) r6 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) write$auto(r6, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) ioctl$auto_LOOP_CTL_ADD(r5, 0x4c80, 0xfffffffffffffffd) socket(0xa, 0x5, 0x84) 1m14.892312494s ago: executing program 3 (id=2317): openat$auto_nsim_dev_trap_fa_cookie_fops_dev(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/netdevsim/netdevsim3/trap_flow_action_cookie\x00', 0x2002, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) set_mempolicy$auto(0x6, &(0x7f0000000080)=0x3, 0x21) unshare$auto(0x40000080) socket(0xa, 0x5, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) msgctl$auto_IPC_RMID(0x4, 0x0, 0x0) ioctl$auto_KVM_HAS_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee3, &(0x7f00000002c0)={0x8, 0x0, 0x0, 0x33}) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) writev$auto(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x40}, 0x8) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x109401, 0x0) ioctl$auto(r1, 0x540a, 0x0) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0xf4ffffff, 0x2003f0, 0x15) socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/domain_policy\x00', 0x40802, 0x0) read$auto(r2, 0x0, 0xb4d3) write$auto(0x3, 0x0, 0xffd8) 1m14.177102678s ago: executing program 3 (id=2318): mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) socketpair$auto(0x1e, 0x5, 0x4000000, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0xa) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x810008, 0xffb, 0x8000000008011, 0x3, 0x8000) preadv2$auto(r0, &(0x7f0000000040)={0x0, 0x80000000}, 0x6, 0xffffffffffffffff, 0x4, 0x2e) ioctl$auto_BLKFLSBUF(r0, 0x1261, 0x800d00) 1m13.778262814s ago: executing program 3 (id=2319): migrate_pages$auto(0x0, 0x99, 0x0, &(0x7f00000001c0)=0x7b) r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/audio1\x00', 0x80e42, 0x0) ioctl$auto_SNDCTL_DSP_CHANNELS(r0, 0xc0045006, &(0x7f00000001c0)) r1 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/adsp1\x00', 0x20342, 0x0) ioctl$auto_SNDCTL_DSP_SYNC(r1, 0x5001, 0x0) read$auto(r0, 0x0, 0x1000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) write$auto(0x3, 0x0, 0x100082) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r2 = prctl$auto(0x4, 0x7, 0x0, 0x80000000001, 0x0) socket$nl_generic(0x10, 0x3, 0x10) ioctl$auto_SNDCTL_SEQ_NRSYNTHS(r2, 0x8004510a, &(0x7f0000000040)="4be9c34cb53cb9ff3db5c7716bd8") r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/tracing/trace_pipe\x00', 0x20c01, 0x0) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x10000000000001ff, 0x7, 0xd3e, 0x1, 0x9687, 0x100000000000003, 0x95f4da0a, 0x6, 0x3, 0x62, 0x8, 0x7, 0x6d3f, 0x9, 0x6, 0xfffffffffffffffe]}, 0x0) write$auto(r3, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_TIPC_NL_NET_SET(r4, &(0x7f00000079c0)={0x0, 0x0, &(0x7f0000007980)={&(0x7f0000000200)=ANY=[@ANYBLOB, @ANYRES16, @ANYBLOB="01002cbd7000ffdbdf250f0000000c0007800800020012545e047cbf7caee591ff7b3caf77776860d1492ea0a50f5ab32ed2d578be98e47c9cd26d50b79ff6bfe6129305ad86c9db00245d5353e35b30399c2fc46da54396b36ea766cc", @ANYRES32=0xee00], 0x20}, 0x1, 0x0, 0x0, 0x40010}, 0x2) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x4, 0x3, 0x3, 0x3, 0x3, 0x3, 0x8000000000000000, 0x2, 0x6d3c, 0x3, 0x2, 0x8000000000000006]}, 0x0) r5 = openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, &(0x7f00000011c0), 0xa2741, 0x0) write$auto_snd_seq_f_ops_seq_clientmgr(r5, &(0x7f00000001c0)="624d1bfe595046ab5c98199adf260600de16baef6176e6021e1dce210500e8fdffff0000000000fffffffe00a7ed73de11691c13403c82be", 0x7b) getpgrp(0xffffffffffffffff) getpid() ioctl$auto(0x3, 0x400454ca, 0x38) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/keys\x00', 0x1c9802, 0x0) 1m12.696330681s ago: executing program 3 (id=2324): close_range$auto(0x2, 0x8, 0x0) socket(0x80000000000000a, 0x2, 0x0) socket(0x2d, 0x2, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) ioctl$auto(0x3, 0x89e0, 0x91) ioctl$auto(0x3, 0x89e1, 0x91) madvise$auto(0x0, 0x2000040080000004, 0xe) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000180)='/dev/snd/controlC0\x00', 0x0, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) madvise$auto_MADV_DODUMP(0x8, 0x5, 0x11) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/net/igmp\x00', 0x100, 0x0) pread64$auto(r1, 0x0, 0x40000000f42c, 0x80002) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f2, 0x15) madvise$auto(0x0, 0x200007, 0x19) poll$auto(0x0, 0x7f, 0x9) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x155) socket(0xa, 0x2, 0x73) recvmmsg$auto(0x3, 0x0, 0x10000, 0x6, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) 1m11.682000877s ago: executing program 3 (id=2326): mmap$auto(0x0, 0x2000a, 0x10000000000df, 0xeb2, 0x401, 0x8000) r0 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/oom_adj\x00', 0x300, 0x0) read$auto(r0, 0x0, 0x3f40) syz_genetlink_get_family_id$auto_seg6(&(0x7f0000000040), 0xffffffffffffffff) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/020/001\x00', 0x80000, 0x0) socket(0x25, 0x1, 0x3) setsockopt$auto(0x3, 0x10000000084, 0x14, 0x0, 0x8) mknod$auto(&(0x7f00000000c0)='./file0\x00', 0x1001, 0x804) openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, 0x0, 0xa8200, 0x0) mmap$auto(0x0, 0x400, 0xdf, 0xeb1, 0x1272, 0x8000) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'vcan0\x00'}) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0x4) r1 = socket(0x1d, 0x2, 0x7) r2 = socket(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'vcan0\x00', 0x0}) r4 = openat$auto_sw_sync_debugfs_fops_sync_debug(0xffffffffffffff9c, &(0x7f0000000100), 0x200000, 0x0) ioctl$auto_SW_SYNC_IOC_INC(r4, 0x40045701, &(0x7f0000000140)=0x100) bind$auto(r1, &(0x7f0000000000)=@can={0x1d, r3}, 0x6a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000180)={'vcan0\x00', 0x0}) connect$auto(0x3, &(0x7f00000018c0)=@can={0x1d, r5}, 0x18) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x687ca0b, &(0x7f00000002c0)={0x0, 0xffcc}, 0x1, 0x0, 0x0, 0xb}, 0x7}, 0x3, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0xe, 0x940, 0x801ffde, 0x3, 0x2000000000000006, 0x3, 0x8, 0x5, 0x6, 0x7, 0x1, 0x9, 0x2, 0x3, 0x5, 0xfffffffffffffffa, 0x0, 0x0, 0x0, 0x0, 0x3bc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [0xffffffff00000000, 0x0, 0x200, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x7, 0x2, 0xf, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x2]}, 0x5, 0x2000002) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) r6 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}, 0x1, 0xffffff9e}, 0x40000) r7 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/thread-self/fail-nth\x00', 0x8002, 0x0) writev$auto(r7, &(0x7f0000000200)={0x0, 0x7}, 0x3) socket(0x2, 0x3, 0xa) 1m10.540646705s ago: executing program 3 (id=2328): r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x400004, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000640), r1) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sda\x00', 0x8001, 0x0) ioctl$auto_HDIO_GETGEO(r2, 0x301, &(0x7f00000001c0)) sendmsg$auto_NL80211_CMD_GET_WIPHY(r1, &(0x7f0000001180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20000000}, 0xc004) recvmmsg$auto(r1, &(0x7f0000000180)={{0x0, 0x5, 0x0, 0x0, 0x0, 0x5, 0x6}, 0x803}, 0x10a, 0x6, 0x0) mmap$auto(0x200000000000000, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) r3 = openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/pagemap\x00', 0x201, 0x0) ioctl$auto_PAGEMAP_SCAN(r3, 0xc0606610, &(0x7f000000c380)={0x60, 0x0, 0x100000, 0x7fffffffefff, 0xfffffffffffffffe, 0x1, 0x8, 0xbff, 0x2c, 0x2c, 0x3, 0x2}) openat$auto_aoe_fops_aoechr(0xffffffffffffff9c, 0x0, 0x1, 0x0) openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/netdevsim/netdevsim2/health/break_health\x00', 0x101000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) syz_genetlink_get_family_id$auto_macsec(0x0, 0xffffffffffffffff) r4 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) read$auto(0xffffffffffffffff, 0x0, 0x20) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000005, 0x7, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0) write$auto(r4, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) openat$auto_sg_fops_sg(0xffffffffffffff9c, 0x0, 0x40200, 0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000004400)='/dev/dsp1\x00', 0x1, 0x0) 1m3.578546018s ago: executing program 32 (id=2305): mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/net/eql/ifalias\x00', 0xb02, 0x0) mmap$auto(0x0, 0x240009, 0xdf, 0x9b72, 0x7, 0x28000) execve$auto(0x0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_ftrace_subsystem_filter_fops_trace_events(0xffffffffffffff9c, &(0x7f00000006c0)='/sys/kernel/debug/tracing/events/vmalloc/filter\x00', 0x40480, 0x0) r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000180)='/proc/sys/net/ipv6/conf/bridge_slave_0/mldv2_unsolicited_report_interval\x00', 0x40001, 0x0) ftruncate$auto(0x3, 0x400180200000) mmap$auto(0xa, 0x40009, 0xfffffffffffff227, 0x9b72, 0xffffffffffffffff, 0x28000) write$auto(0xffffffffffffffff, &(0x7f0000000300)='.o\xd3\xa49\xaf\xa9\xe4\xe17\x12\xb3Z\x17I\x82\xdc\xbeiw\xc1\xd1\x8d\x9b\r\x9aR\xe7\x9f\xd8\xab\x16`f\nT\xaa\xfap \xe6\xdaV\xdeD\x8dR5\xd2\xe58\n\xff\x19+\xeb\xb3+\xf6\xc6\a\x00\x00\x00\xf1A\xa5\x95\x1fk\x1f\xff\x99gP\x9e\x88\x97]\x93\xf4\xdd<\xe7p\x0e\xd4C\xdc\x84\v\xafz\xfd\x81\xa3\xb2\xbb\xa4\xd9\xf2P\xa8\xe9\x8f\x13\xa7\x98\x85\xf8\v\aB\xfc\xfa\x14E\xb8y\x884<\xa7\xffyb\x8a\b\xbb\x1b\x13W\xe3\xf7\xd8\x83\xc9\xd7\x8c', 0x6) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x2deb43, 0x0) faccessat2$auto(0xffffffffffffffff, 0x0, 0x0, 0x7) read$auto(r1, 0x0, 0x20) r2 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, 0x0, 0x802, 0x0) writev$auto(r2, &(0x7f0000000200)={0x0, 0x7}, 0x3) mmap$auto(0x2, 0x401, 0x1000, 0x8000000000000011, 0xffffffffffffffff, 0x5) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0xc40, 0x0) syz_genetlink_get_family_id$auto_seg6(&(0x7f0000000100), 0xffffffffffffffff) r3 = openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim2/health/break_health\x00', 0x48081, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000280)=ANY=[@ANYRES64, @ANYRES64=r0, @ANYRES64=r2, @ANYBLOB="894f844ea904ebea19000000120001640043005af77d2e758fa4192512ca5b0000"], 0x4c}, 0x1, 0x0, 0x0, 0x4004040}, 0x4844) write$auto(r3, 0x0, 0x1ff) prctl$auto_PR_SCHED_CORE_GET(0x9, 0x0, 0x0, 0x0, 0x26fa) r5 = openat$auto_loop_ctl_fops_loop(0xffffffffffffff9c, &(0x7f0000000040), 0x40, 0x0) r6 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) write$auto(r6, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) ioctl$auto_LOOP_CTL_ADD(r5, 0x4c80, 0xfffffffffffffffd) socket(0xa, 0x5, 0x84) 55.067236804s ago: executing program 33 (id=2328): r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x400004, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000640), r1) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sda\x00', 0x8001, 0x0) ioctl$auto_HDIO_GETGEO(r2, 0x301, &(0x7f00000001c0)) sendmsg$auto_NL80211_CMD_GET_WIPHY(r1, &(0x7f0000001180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20000000}, 0xc004) recvmmsg$auto(r1, &(0x7f0000000180)={{0x0, 0x5, 0x0, 0x0, 0x0, 0x5, 0x6}, 0x803}, 0x10a, 0x6, 0x0) mmap$auto(0x200000000000000, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) r3 = openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/pagemap\x00', 0x201, 0x0) ioctl$auto_PAGEMAP_SCAN(r3, 0xc0606610, &(0x7f000000c380)={0x60, 0x0, 0x100000, 0x7fffffffefff, 0xfffffffffffffffe, 0x1, 0x8, 0xbff, 0x2c, 0x2c, 0x3, 0x2}) openat$auto_aoe_fops_aoechr(0xffffffffffffff9c, 0x0, 0x1, 0x0) openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/netdevsim/netdevsim2/health/break_health\x00', 0x101000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) syz_genetlink_get_family_id$auto_macsec(0x0, 0xffffffffffffffff) r4 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) read$auto(0xffffffffffffffff, 0x0, 0x20) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000005, 0x7, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0) write$auto(r4, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) openat$auto_sg_fops_sg(0xffffffffffffff9c, 0x0, 0x40200, 0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000004400)='/dev/dsp1\x00', 0x1, 0x0) 18.652547273s ago: executing program 1 (id=2397): mmap$auto(0x0, 0x2020009, 0x3, 0x1000000000eb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x20007, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) r0 = syz_genetlink_get_family_id$auto_netdev(&(0x7f0000000140), 0xffffffffffffffff) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x100000000, 0xd77, 0x6, 0x7181, 0x81, 0x2000007, 0x3, 0x9a89, 0x5, 0x80005, 0x800, 0x1fffffffffff, 0xb4, 0x3, 0x2, 0x10007, 0x80, 0x0, 0x0, 0xa, 0x22004, 0x200, 0x4, 0x84, 0x0, 0x0, 0x0, 0x0, 0x1, [0x0, 0x0, 0xea4, 0x4, 0x200000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000, 0x0, 0x0, 0x5, 0x0, 0x0, 0x100000002, 0x0, 0x3, 0x4, 0x5, 0x1000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xcc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x100000000]}, 0x1fe, 0xd) sendmsg$auto_NETDEV_CMD_QUEUE_GET(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r0, @ANYBLOB="010025bd7000fbdbdf0002"], 0x1c}, 0x1, 0x0, 0x0, 0x40801}, 0x4000000) socket(0x10, 0x2, 0x0) socket(0x22, 0x2, 0x4) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x40000008000) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) select$auto(0xd, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x2, 0x62, 0x80000000, 0x9, 0x6d3f, 0x9, 0x2, 0xfffffffffffffffe]}, 0x0) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0) read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, 0x0, 0x0) sendmmsg$auto(0x4, 0x0, 0x400, 0x7) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) 18.44459207s ago: executing program 1 (id=2398): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000340)='/dev/snd/controlC0\x00', 0x1000, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_TLV_READ(r0, 0xc008551a, 0x0) ioctl$auto_SNDCTL_SYNTH_INFO(0xffffffffffffffff, 0xc08c5102, 0x0) open_by_handle_at$auto(0xffffffffffffffff, 0x0, 0xffffffff) r1 = open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154) fcntl$auto(r1, 0x400, 0x0) mmap$auto(0x8000, 0x0, 0x9, 0x1d, r1, 0x7) read$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffffff, 0x0, 0x0) mmap$auto(0x0, 0x20009, 0x3, 0xeb1, 0x40000000000a5, 0x8000) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) close_range$auto(0x2, 0x8000, 0x0) open(&(0x7f0000000000)='./file0\x00', 0x26dc2, 0x84) close_range$auto(0x2, 0x8000, 0x0) socketpair$auto(0x2, 0x8b4, 0x0, 0x0) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptya9\x00', 0xc7f16bff2a10ba01, 0x0) ioctl$auto_TIOCSETD2(r2, 0x5423, 0x0) r3 = openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f0000000800)='/sys/kernel/config/target/dbroot\x00', 0x40180, 0x0) setfsuid$auto(0xee00) keyctl$auto(0x8, 0x0, 0x0, 0x0, 0x2) fchmod$auto(r3, 0x0) socketpair$auto(0x20004, 0x7, 0x7fff, 0x0) ioctl$auto_TIOCSETD2(r2, 0x5423, 0x0) ioctl$auto_TIOCVHANGUP2(r2, 0x5437, 0x0) 18.141850267s ago: executing program 1 (id=2399): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = pipe$auto(0x0) r1 = socket(0x2000000000000021, 0x2, 0x10000000000002) write$auto_proc_reg_file_ops_compat_inode(r0, &(0x7f0000000000)="5ceba844841ed969fd87a03d210bf37849dde6d5f6db836765f5a806000615ecf22f39e8b182e8f281d8b1014f122eaab55e057586039838b4c3", 0x3a) setsockopt$auto(r1, 0x80000001, 0x6, 0x0, 0x6) set_mempolicy$auto(0x2, &(0x7f0000000200)=0x3, 0x21) r2 = openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f00000022c0)='/dev/mtd0\x00', 0x80000, 0x0) ioctl$auto_MEMREADOOB64(r2, 0xc0184d16, &(0x7f0000002300)={0xffffffffffffff5c, 0x0, 0x309, 0x7}) mmap$auto(0x0, 0x2000d, 0x7, 0xeb1, 0x404, 0x10008000) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r4 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r3, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) r5 = openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dri/card1\x00', 0x0, 0x0) ioctl$auto(r5, 0x800064b9, 0x1e6) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) bpf$auto(0x0, &(0x7f0000000100)=@bpf_attr_3={0x2, 0xa, 0xc108, 0x6, 0xa, 0xffff, 0x2, 0x800, 0x7, "769e45acc9b90eb81f9cd97bb8b4b403", 0x0, 0x6, 0xffffffffffffffff, 0xc, 0xffffffff, 0xf09, 0x1, 0x8, 0x0, 0x400, @attach_prog_fd, 0x80000001, 0x401, 0x2d1230fd, 0x8, 0x7}, 0xa3) close_range$auto(0x2, 0x8, 0x0) syz_genetlink_get_family_id$auto_seg6(0x0, 0xffffffffffffffff) openat$auto_proc_clear_refs_operations_internal(0xffffffffffffff9c, &(0x7f0000000600)='/proc/thread-self/clear_refs\x00', 0x2, 0x0) openat$auto_mousedev_fops_mousedev(0xffffffffffffff9c, &(0x7f0000000080)='/dev/psaux\x00', 0x2, 0x0) writev$auto(r4, &(0x7f00000000c0)={0x0, 0x7111}, 0x200000008) openat$auto_debugfs_full_proxy_file_operations_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/kernel/debug/ieee80211/phy0/power\x00', 0x88000, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/mtrr\x00', 0xc0000, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/020/001\x00', 0x80000, 0x0) r6 = openat$auto_mISDN_fops_timerdev(0xffffffffffffff9c, &(0x7f0000000080), 0x18b803, 0x0) ioctl$auto_IMADDTIMER(r6, 0x80044940, &(0x7f0000000000)=0x1) ioctl$auto_IMADDTIMER(r6, 0x80044940, &(0x7f00000000c0)=0x1) close_range$auto(0x2, 0x8, 0x0) 17.067621599s ago: executing program 1 (id=2400): close_range$auto(0x2, 0x8, 0x0) socket(0x80000000000000a, 0x2, 0x0) socket(0x2d, 0x2, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) ioctl$auto(0x3, 0x89e0, 0x91) ioctl$auto(0x3, 0x89e1, 0x91) madvise$auto(0x0, 0x2000040080000004, 0xe) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000180)='/dev/snd/controlC0\x00', 0x0, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) madvise$auto_MADV_DODUMP(0x8, 0x5, 0x11) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/net/igmp\x00', 0x100, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f2, 0x15) madvise$auto(0x0, 0x200007, 0x19) syslog$auto(0x3, 0x0, 0x5) poll$auto(0x0, 0x7f, 0x9) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x155) socket(0xa, 0x2, 0x73) recvmmsg$auto(0x3, 0x0, 0x10000, 0x6, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) 16.138919776s ago: executing program 1 (id=2401): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x4, 0x7) r0 = socket(0x2, 0x80002, 0x73) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/netdevsim3/sriov_numvfs\x00', 0x10b142, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000005c0)='/sys/devices/virtual/mac80211_hwsim/hwsim1/ieee80211/phy1/rfkill3/state\x00', 0x102, 0x0) sendfile$auto(r2, r1, 0x0, 0x7) mmap$auto(0x0, 0x48de6aa000, 0xdf, 0xeb1, 0x401, 0x8000) sendmsg$auto_CGROUPSTATS_CMD_GET(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="13000000", @ANYRES16=0x0, @ANYBLOB="2586f2bd7000fedbdf2504000000080001"], 0x1c}, 0x1, 0x0, 0x0, 0x400c9d0}, 0x4080) r3 = socket(0x10, 0x2, 0x14) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r3, &(0x7f0000000400)={0x0, 0xfd89, &(0x7f0000002fc0)={&(0x7f0000000040)=ANY=[@ANYBLOB="140000000a14"], 0x14}, 0x1, 0x0, 0x0, 0x80c3}, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000007c0)=ANY=[@ANYBLOB="32d80145a1ee8d68ff18bffcd93cdf046b19add3ad1addda72955c787aea4a5440a51c2763d84385af53d4f836eb8224b5d2c139b45227e84b3f641c8b0da3510ab2fe9373fc058b7467df1ad5941e3dfa0392998da79d16ab6384a051e7092f97647704a9c1f932bf4b4af954621f37fcd3c30b5e55e6bf47a60412ff1e87294e237149770b35c6022d14011642e904f71b0d234bfcc40d004652812affc885ca50fa71f9ecb8a9d744e9c05b1971a534ea231f7e66842aba0476a6df0897c985cb08fdc0c1b804acdc62"], 0x1ac}, 0x1, 0x0, 0x0, 0xc0}, 0x440c0) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000300)={{&(0x7f0000000640)="4023323b52a998fc53754442197547d986396e4ac2f991ce93879e2fbeea07fa975eb48bee358e775e6a6cb2e54acee2ef0183bef6b6e7f1890e3a4c066c8369918de3254172611a83c7b6aeb53a3539abee4c2ad6f12b337831bbbaf52c5983650e5bacaa342a99a42abaacfdb9f4d6a04de3be3a512d187885106cdfcc4c1689a559dc49bd0400000053eb770a52e744ce4a91dcc003a9223d9747abc414590b71854d97f54ae2c7bb520a969491a5b1f005c566eac9d76e18d704e44e4c9fdffc06ca1b360105327259906d669347745a04d428b2a5c2da5e23f85ef2d02da6792bf9bbb4292b4b82bcb077f2378073eb3b128f0a1db4da455d3c3fdd19b975be796383bc0038a387bf13401d0ea53c75ae071b032d667e22cbb85a4654a71fd32c151767965751bbd5655948c7230e457bfa4ad78b65f5305c6623b4aa44c56e9376db3e4e0e220dddc832ba3cec1c87055ba06a5a4cbc", 0xffffffff, 0x0, 0x21, &(0x7f00000003c0)="36d426922608a1214940a348067f49ef5a4d2096455f61a11dd81b0c0527ec1674ba4f30dbe32e7da22234e8cb9c6fe2169af82540e2e52f7391e8cc3662de9bd60f64967569142153cfe766dfc79b00e70cbf2ced9db314dd2c7ccb9c52d29ada52e587c23b324fb9a0939378550faad663c872f3cf571cf7e1a437eea1d673edc290a12a2d941d2e6e9b26840bf8423611d93270b74696a8d31d18442926c0be6dd278204adc60c01f", 0x1, 0x19}, 0x8}, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000004440), r0) sendmsg$auto_ETHTOOL_MSG_EEE_SET(0xffffffffffffffff, &(0x7f0000001700)={0x0, 0x0, &(0x7f00000016c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="d4000000", @ANYRES16=0x0, @ANYBLOB="100027bd7000fbdbdf2518000000200001800247eea41fac000014000200766574683100000000000000000000000800070063fbffff0500060001000000840002803d00488013b37090badc49d6dc93876646d25a4d297d01cd3b7da38d12889cc50d505f353dc42d0a3c0a14c7b46428910708", @ANYRES32=0x0, @ANYBLOB="0400b3800000003d003b800400a4800c009a00008000000000000004008680c16ab1b1b39dcaa14b6af7dcc011b43cf706e562811c62b28a702b72e0a87126700294f2350000000c"], 0xd4}, 0x1, 0x0, 0x0, 0x20000010}, 0x20008000) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000480)=ANY=[@ANYBLOB="14000000", @ANYRES16=0x0, @ANYBLOB="01032dbd7000ffdbdf2ca900fffcdeae7729308a7e09ea3775d7050931fda4b39a63ea5df83cef29f26340de073d1cbbb67621ad3ae7005e928f5b8077824b9b517db548e9dcfb507b38f8410d4b81b5f8f550cd6f4c0033c1a12cb110770aef7c53b542bf27f77a7af194eb13cc883edd140bb190895a26d0de1c15f9893615c6c75f0970b3b5ef5be560a8a3f2bed8bf664fb8beeaa66ffc5dd6e3985fd579b6f723158d14b1e44684c0defbba040ba4309b7890c33c96f0c03308f975299da2872aeae21506bf31"], 0x14}}, 0x400c0) r4 = socket(0x10, 0x2, 0x4) sendmsg$auto_NL80211_CMD_GET_REG(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="12"], 0x1ac}}, 0x40000) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) sendmmsg$auto(0x3, 0x0, 0x9a4, 0xffff) pkey_free$auto(0x17) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r5 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/audio1\x00', 0x80e42, 0x0) ioctl$auto_SNDCTL_DSP_CHANNELS(r5, 0xc0045006, &(0x7f00000001c0)) r6 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r6, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) 15.465389445s ago: executing program 1 (id=2402): r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x2, 0x400004, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000000000000001) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000640), r1) r3 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sda\x00', 0x8001, 0x0) ioctl$auto_HDIO_GETGEO(r3, 0x301, &(0x7f00000001c0)) sendmsg$auto_NL80211_CMD_GET_WIPHY(r1, &(0x7f0000001180)={0x0, 0x0, &(0x7f0000000680)={&(0x7f00000001c0)=ANY=[@ANYBLOB="18000000", @ANYRES16=r2, @ANYBLOB="810b070000000f3dd0a087262667940b000000000140"], 0x18}, 0x1, 0x0, 0x0, 0x20000000}, 0xc004) recvmmsg$auto(r1, &(0x7f0000000180)={{0x0, 0x5, 0x0, 0x0, 0x0, 0x5, 0x6}, 0x803}, 0x10a, 0x6, 0x0) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) r4 = openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/pagemap\x00', 0x201, 0x0) ioctl$auto_PAGEMAP_SCAN(r4, 0xc0606610, &(0x7f000000c380)={0x60, 0x0, 0x100000, 0x7fffffffefff, 0xfffffffffffffffe, 0x1, 0x8, 0xbff, 0x2c, 0x2c, 0x3, 0x2}) openat$auto_aoe_fops_aoechr(0xffffffffffffff9c, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xb099, 0x7ff, 0x20eb5, 0xffffffffffffffff, 0x8000) r5 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/pts/ptmx\x00', 0x40001, 0x0) r6 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/tty38\x00', 0x9a9c2, 0x0) ioctl$auto_TCFLSH2(r6, 0x80045439, 0x0) ioctl$auto_TIOCSETD2(r5, 0x5423, 0x0) r7 = prctl$auto(0x8, 0x1, 0x0, 0x1, 0x72c7) ioctl$auto_SNDCTL_DSP_SPEED(r7, 0xc0045002, 0x0) ioctl$auto_UDMABUF_CREATE(r7, 0x40187542, &(0x7f0000000040)={r6, 0x0, 0x8d, 0x7}) ioctl$auto(r5, 0x5401, r6) openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/netdevsim/netdevsim2/health/break_health\x00', 0x101000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x74dd6d23, 0xdf, 0xeb1, r7, 0x8000) syz_genetlink_get_family_id$auto_macsec(0x0, 0xffffffffffffffff) read$auto(0xffffffffffffffff, 0x0, 0x20) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) 0s ago: executing program 34 (id=2402): r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x2, 0x400004, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000000000000001) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000640), r1) r3 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sda\x00', 0x8001, 0x0) ioctl$auto_HDIO_GETGEO(r3, 0x301, &(0x7f00000001c0)) sendmsg$auto_NL80211_CMD_GET_WIPHY(r1, &(0x7f0000001180)={0x0, 0x0, &(0x7f0000000680)={&(0x7f00000001c0)=ANY=[@ANYBLOB="18000000", @ANYRES16=r2, @ANYBLOB="810b070000000f3dd0a087262667940b000000000140"], 0x18}, 0x1, 0x0, 0x0, 0x20000000}, 0xc004) recvmmsg$auto(r1, &(0x7f0000000180)={{0x0, 0x5, 0x0, 0x0, 0x0, 0x5, 0x6}, 0x803}, 0x10a, 0x6, 0x0) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) r4 = openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/pagemap\x00', 0x201, 0x0) ioctl$auto_PAGEMAP_SCAN(r4, 0xc0606610, &(0x7f000000c380)={0x60, 0x0, 0x100000, 0x7fffffffefff, 0xfffffffffffffffe, 0x1, 0x8, 0xbff, 0x2c, 0x2c, 0x3, 0x2}) openat$auto_aoe_fops_aoechr(0xffffffffffffff9c, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xb099, 0x7ff, 0x20eb5, 0xffffffffffffffff, 0x8000) r5 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/pts/ptmx\x00', 0x40001, 0x0) r6 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/tty38\x00', 0x9a9c2, 0x0) ioctl$auto_TCFLSH2(r6, 0x80045439, 0x0) ioctl$auto_TIOCSETD2(r5, 0x5423, 0x0) r7 = prctl$auto(0x8, 0x1, 0x0, 0x1, 0x72c7) ioctl$auto_SNDCTL_DSP_SPEED(r7, 0xc0045002, 0x0) ioctl$auto_UDMABUF_CREATE(r7, 0x40187542, &(0x7f0000000040)={r6, 0x0, 0x8d, 0x7}) ioctl$auto(r5, 0x5401, r6) openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/netdevsim/netdevsim2/health/break_health\x00', 0x101000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x74dd6d23, 0xdf, 0xeb1, r7, 0x8000) syz_genetlink_get_family_id$auto_macsec(0x0, 0xffffffffffffffff) read$auto(0xffffffffffffffff, 0x0, 0x20) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) kernel console output (not intermixed with test programs): 415195][T15473] [U] [ 662.417908][T15473] [U] [ 662.421039][T15473] [U] [ 662.423770][T15473] [U] [ 662.426490][T15473] [U] [ 662.429212][T15473] [U] [ 662.432598][T15473] [U] [ 662.435313][T15473] [U] [ 662.438010][T15473] [U] [ 662.440751][T15473] [U] [ 662.453376][T15473] [U] [ 662.456100][T15473] [U] [ 662.458790][T15473] [U] [ 662.461473][T15473] [U] [ 662.528501][T15489] netlink: 186 bytes leftover after parsing attributes in process `syz.0.2062'. [ 662.538428][T15489] netlink: 186 bytes leftover after parsing attributes in process `syz.0.2062'. [ 662.561877][T15473] [U] [ 662.564623][T15473] [U] [ 662.567339][T15473] [U] [ 662.570047][T15473] [U] [ 662.573389][T15473] [U] [ 662.576107][T15473] [U] [ 662.578819][T15473] [U] [ 662.581532][T15473] [U] [ 662.607650][T15473] [U] [ 662.610403][T15473] [U] [ 662.613131][T15473] [U] [ 662.615830][T15473] [U] [ 662.664962][T15473] [U] [ 662.667875][T15473] [U] [ 662.670597][T15473] [U] [ 662.673312][T15473] [U] [ 662.718115][T15473] [U] [ 662.720873][T15473] [U] [ 662.723597][T15473] [U] [ 662.726311][T15473] [U] [ 662.729943][T15473] [U] [ 662.732671][T15473] [U] [ 662.735389][T15473] [U] [ 662.738101][T15473] [U] [ 662.805849][T15473] [U] [ 662.808599][T15473] [U] [ 662.811324][T15473] [U] [ 662.814031][T15473] [U] [ 662.823732][T15473] [U] [ 662.989200][T15489] netlink: 268 bytes leftover after parsing attributes in process `syz.0.2062'. [ 664.330015][ T30] audit: type=1800 audit(4295000259.571:19): pid=15520 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.2068" name="features" dev="configfs" ino=57673 res=0 errno=0 [ 664.973000][T15521] FAULT_INJECTION: forcing a failure. [ 664.973000][T15521] name failslab, interval 1, probability 0, space 0, times 0 [ 665.048339][T15521] CPU: 0 UID: 0 PID: 15521 Comm: syz.0.2069 Tainted: G U syzkaller #0 PREEMPT(full) [ 665.048382][T15521] Tainted: [U]=USER [ 665.048391][T15521] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 665.048405][T15521] Call Trace: [ 665.048414][T15521] [ 665.048424][T15521] dump_stack_lvl+0x16c/0x1f0 [ 665.048468][T15521] should_fail_ex+0x512/0x640 [ 665.048502][T15521] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 665.048536][T15521] should_failslab+0xc2/0x120 [ 665.048568][T15521] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 665.048598][T15521] ? __pfx___might_resched+0x10/0x10 [ 665.048625][T15521] ? pidfs_register_pid+0x97/0x1f0 [ 665.048658][T15521] pidfs_register_pid+0x97/0x1f0 [ 665.048686][T15521] unix_socketpair+0x126/0x860 [ 665.048725][T15521] ? unix_connect_peers+0x345/0x500 [ 665.048743][T15521] ? __pfx_unix_socketpair+0x10/0x10 [ 665.048763][T15521] ? apparmor_socket_socketpair+0x49b/0x700 [ 665.048787][T15521] __sys_socketpair+0x2ef/0x5a0 [ 665.048806][T15521] ? __pfx___sys_socketpair+0x10/0x10 [ 665.048825][T15521] ? xfd_validate_state+0x61/0x180 [ 665.048851][T15521] __x64_sys_socketpair+0x96/0x100 [ 665.048871][T15521] ? lockdep_hardirqs_on+0x7c/0x110 [ 665.048891][T15521] do_syscall_64+0xcd/0x4c0 [ 665.048914][T15521] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 665.048928][T15521] RIP: 0033:0x7fe9a778eec9 [ 665.048941][T15521] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 665.048955][T15521] RSP: 002b:00007fe9a869e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000035 [ 665.048969][T15521] RAX: ffffffffffffffda RBX: 00007fe9a79e6090 RCX: 00007fe9a778eec9 [ 665.048979][T15521] RDX: 8000000000000000 RSI: 0000000000000005 RDI: 0000000000000001 [ 665.048988][T15521] RBP: 00007fe9a7811f91 R08: 0000000000000000 R09: 0000000000000000 [ 665.048996][T15521] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 665.049005][T15521] R13: 00007fe9a79e6128 R14: 00007fe9a79e6090 R15: 00007ffed535fec8 [ 665.049023][T15521] [ 665.388445][T15514] openvswitch: HfR: Dropping previously announced user features [ 668.087755][T15570] openvswitch: HfR: Dropping previously announced user features [ 668.718287][T15579] FAULT_INJECTION: forcing a failure. [ 668.718287][T15579] name failslab, interval 1, probability 0, space 0, times 0 [ 668.734521][T15579] CPU: 0 UID: 0 PID: 15579 Comm: syz.2.2083 Tainted: G U syzkaller #0 PREEMPT(full) [ 668.734569][T15579] Tainted: [U]=USER [ 668.734580][T15579] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 668.734601][T15579] Call Trace: [ 668.734611][T15579] [ 668.734617][T15579] dump_stack_lvl+0x16c/0x1f0 [ 668.734644][T15579] should_fail_ex+0x512/0x640 [ 668.734666][T15579] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 668.734686][T15579] should_failslab+0xc2/0x120 [ 668.734713][T15579] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 668.734731][T15579] ? mpol_new+0x11b/0x2d0 [ 668.734756][T15579] mpol_new+0x11b/0x2d0 [ 668.734774][T15579] do_set_mempolicy+0x83/0x480 [ 668.734792][T15579] ? __pfx_do_set_mempolicy+0x10/0x10 [ 668.734880][T15579] ? __x64_sys_futex+0x1e0/0x4c0 [ 668.734911][T15579] kernel_set_mempolicy+0x1c4/0x1e0 [ 668.734937][T15579] ? __pfx_kernel_set_mempolicy+0x10/0x10 [ 668.734961][T15579] do_syscall_64+0xcd/0x4c0 [ 668.734986][T15579] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 668.735001][T15579] RIP: 0033:0x7f58e6d8eec9 [ 668.735014][T15579] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 668.735029][T15579] RSP: 002b:00007f58e7ce3038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ee [ 668.735044][T15579] RAX: ffffffffffffffda RBX: 00007f58e6fe5fa0 RCX: 00007f58e6d8eec9 [ 668.735054][T15579] RDX: 0000000000000009 RSI: 0000000000000000 RDI: 0000000000000004 [ 668.735063][T15579] RBP: 00007f58e6e11f91 R08: 0000000000000000 R09: 0000000000000000 [ 668.735072][T15579] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 668.735081][T15579] R13: 00007f58e6fe6038 R14: 00007f58e6fe5fa0 R15: 00007ffd95b3f528 [ 668.735108][T15579] [ 669.551448][T15589] FAULT_INJECTION: forcing a failure. [ 669.551448][T15589] name failslab, interval 1, probability 0, space 0, times 0 [ 669.574470][T15589] CPU: 1 UID: 0 PID: 15589 Comm: syz.3.2085 Tainted: G U syzkaller #0 PREEMPT(full) [ 669.574496][T15589] Tainted: [U]=USER [ 669.574500][T15589] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 669.574509][T15589] Call Trace: [ 669.574514][T15589] [ 669.574521][T15589] dump_stack_lvl+0x16c/0x1f0 [ 669.574547][T15589] should_fail_ex+0x512/0x640 [ 669.574575][T15589] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 669.574592][T15589] should_failslab+0xc2/0x120 [ 669.574611][T15589] __kmalloc_cache_noprof+0x6a/0x3e0 [ 669.574627][T15589] ? snd_seq_port_connect+0x61/0x580 [ 669.574644][T15589] snd_seq_port_connect+0x61/0x580 [ 669.574657][T15589] ? _raw_read_unlock+0x28/0x50 [ 669.574676][T15589] ? check_subscription_permission.isra.0+0xf5/0x240 [ 669.574694][T15589] snd_seq_ioctl_subscribe_port+0x211/0x450 [ 669.574712][T15589] ? __pfx_snd_seq_ioctl_subscribe_port+0x10/0x10 [ 669.574736][T15589] snd_seq_kernel_client_ctl+0x10a/0x1c0 [ 669.574753][T15589] snd_seq_oss_midi_open+0x442/0x660 [ 669.574773][T15589] ? __pfx_snd_seq_oss_midi_open+0x10/0x10 [ 669.574802][T15589] snd_seq_oss_midi_open_all+0x91/0xe0 [ 669.574823][T15589] snd_seq_oss_open+0x810/0xa20 [ 669.574842][T15589] odev_open+0x6f/0x90 [ 669.574854][T15589] ? __pfx_odev_open+0x10/0x10 [ 669.574866][T15589] soundcore_open+0x40c/0x580 [ 669.574890][T15589] ? __pfx_soundcore_open+0x10/0x10 [ 669.574910][T15589] chrdev_open+0x234/0x6a0 [ 669.574929][T15589] ? __pfx_apparmor_file_open+0x10/0x10 [ 669.574945][T15589] ? __pfx_chrdev_open+0x10/0x10 [ 669.574964][T15589] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 669.574985][T15589] do_dentry_open+0x982/0x1530 [ 669.575003][T15589] ? __pfx_chrdev_open+0x10/0x10 [ 669.575024][T15589] vfs_open+0x82/0x3f0 [ 669.575047][T15589] path_openat+0x1de4/0x2cb0 [ 669.575071][T15589] ? __pfx_path_openat+0x10/0x10 [ 669.575093][T15589] do_filp_open+0x20b/0x470 [ 669.575110][T15589] ? __pfx_do_filp_open+0x10/0x10 [ 669.575140][T15589] ? alloc_fd+0x471/0x7d0 [ 669.575161][T15589] do_sys_openat2+0x11b/0x1d0 [ 669.575182][T15589] ? __pfx_do_sys_openat2+0x10/0x10 [ 669.575204][T15589] ? __fget_files+0x20e/0x3c0 [ 669.575223][T15589] __x64_sys_openat+0x174/0x210 [ 669.575236][T15589] ? __pfx___x64_sys_openat+0x10/0x10 [ 669.575249][T15589] ? ksys_write+0x1ac/0x250 [ 669.575272][T15589] do_syscall_64+0xcd/0x4c0 [ 669.575295][T15589] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 669.575310][T15589] RIP: 0033:0x7f16e298eec9 [ 669.575322][T15589] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 669.575336][T15589] RSP: 002b:00007f16e3777038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 669.575350][T15589] RAX: ffffffffffffffda RBX: 00007f16e2be5fa0 RCX: 00007f16e298eec9 [ 669.575360][T15589] RDX: 0000000000000042 RSI: 0000200000000140 RDI: ffffffffffffff9c [ 669.575369][T15589] RBP: 00007f16e3777090 R08: 0000000000000000 R09: 0000000000000000 [ 669.575377][T15589] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 669.575386][T15589] R13: 00007f16e2be6038 R14: 00007f16e2be5fa0 R15: 00007ffffb8c6f08 [ 669.575405][T15589] [ 669.885953][ C1] vkms_vblank_simulate: vblank timer overrun [ 670.188054][T15592] i2c i2c-0: Frontend requested software zigzag, but didn't set the frequency step size [ 670.843180][T15609] FAULT_INJECTION: forcing a failure. [ 670.843180][T15609] name failslab, interval 1, probability 0, space 0, times 0 [ 670.878075][T15609] CPU: 1 UID: 0 PID: 15609 Comm: syz.3.2092 Tainted: G U syzkaller #0 PREEMPT(full) [ 670.878119][T15609] Tainted: [U]=USER [ 670.878129][T15609] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 670.878144][T15609] Call Trace: [ 670.878153][T15609] [ 670.878164][T15609] dump_stack_lvl+0x16c/0x1f0 [ 670.878210][T15609] should_fail_ex+0x512/0x640 [ 670.878250][T15609] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 670.878282][T15609] should_failslab+0xc2/0x120 [ 670.878322][T15609] __kmalloc_cache_noprof+0x6a/0x3e0 [ 670.878353][T15609] ? __vb2_init_fileio+0x253/0x1100 [ 670.878392][T15609] __vb2_init_fileio+0x253/0x1100 [ 670.878422][T15609] ? lockdep_hardirqs_on+0x7c/0x110 [ 670.878472][T15609] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 670.878511][T15609] ? __pollwait+0x271/0x490 [ 670.878543][T15609] vb2_core_poll+0x5ec/0x700 [ 670.878575][T15609] vb2_poll+0x33/0x150 [ 670.878604][T15609] vb2_fop_poll+0x10f/0x2c0 [ 670.878634][T15609] ? __pfx_vb2_fop_poll+0x10/0x10 [ 670.878661][T15609] v4l2_poll+0x160/0x320 [ 670.878696][T15609] ? __pfx_v4l2_poll+0x10/0x10 [ 670.878728][T15609] do_sys_poll+0x559/0xdf0 [ 670.878770][T15609] ? __pfx_do_sys_poll+0x10/0x10 [ 670.878801][T15609] ? __pfx___schedule+0x10/0x10 [ 670.878870][T15609] ? __futex_wait+0x24c/0x2f0 [ 670.878913][T15609] ? __pfx___pollwait+0x10/0x10 [ 670.878944][T15609] ? __pfx_pollwake+0x10/0x10 [ 670.879022][T15609] ? __pfx_timespec64_add_safe+0x10/0x10 [ 670.879060][T15609] ? ktime_get_ts64+0x2d2/0x400 [ 670.879089][T15609] ? read_tsc+0x9/0x20 [ 670.879115][T15609] ? ktime_get_ts64+0x256/0x400 [ 670.879149][T15609] __x64_sys_poll+0x1a6/0x450 [ 670.879174][T15609] ? __pfx___x64_sys_poll+0x10/0x10 [ 670.879208][T15609] do_syscall_64+0xcd/0x4c0 [ 670.879245][T15609] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 670.879268][T15609] RIP: 0033:0x7f16e298eec9 [ 670.879287][T15609] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 670.879309][T15609] RSP: 002b:00007f16e3777038 EFLAGS: 00000246 ORIG_RAX: 0000000000000007 [ 670.879331][T15609] RAX: ffffffffffffffda RBX: 00007f16e2be5fa0 RCX: 00007f16e298eec9 [ 670.879348][T15609] RDX: 0000000000000008 RSI: 0000000000000003 RDI: 0000200000000480 [ 670.879364][T15609] RBP: 00007f16e2a11f91 R08: 0000000000000000 R09: 0000000000000000 [ 670.879378][T15609] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 670.879391][T15609] R13: 00007f16e2be6038 R14: 00007f16e2be5fa0 R15: 00007ffffb8c6f08 [ 670.879421][T15609] [ 672.318975][T15632] snd_virmidi snd_virmidi.0: control 5:9:56511:IAªƒ>/Æ[k<÷ÎÇmgx­Ž¬<Ú5ºœ+-Cî°ÜYÈÝ5:0 is already present [ 673.606763][T15663] FAULT_INJECTION: forcing a failure. [ 673.606763][T15663] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 673.620142][T15663] CPU: 0 UID: 0 PID: 15663 Comm: syz.0.2101 Tainted: G U syzkaller #0 PREEMPT(full) [ 673.620182][T15663] Tainted: [U]=USER [ 673.620190][T15663] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 673.620204][T15663] Call Trace: [ 673.620213][T15663] [ 673.620222][T15663] dump_stack_lvl+0x16c/0x1f0 [ 673.620250][T15663] should_fail_ex+0x512/0x640 [ 673.620280][T15663] _copy_from_user+0x2e/0xd0 [ 673.620297][T15663] copy_msghdr_from_user+0x98/0x160 [ 673.620319][T15663] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 673.620342][T15663] ? kfree+0x24f/0x4d0 [ 673.620356][T15663] ? __lock_acquire+0x62e/0x1ce0 [ 673.620388][T15663] ___sys_recvmsg+0xdb/0x1a0 [ 673.620423][T15663] ? __pfx____sys_recvmsg+0x10/0x10 [ 673.620475][T15663] ? __pfx___might_resched+0x10/0x10 [ 673.620502][T15663] do_recvmmsg+0x2fe/0x750 [ 673.620527][T15663] ? __pfx_do_recvmmsg+0x10/0x10 [ 673.620551][T15663] ? __mutex_unlock_slowpath+0x161/0x7b0 [ 673.620579][T15663] ? __fget_files+0x20e/0x3c0 [ 673.620599][T15663] __x64_sys_recvmmsg+0x22a/0x280 [ 673.620621][T15663] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 673.620648][T15663] do_syscall_64+0xcd/0x4c0 [ 673.620670][T15663] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 673.620685][T15663] RIP: 0033:0x7fe9a778eec9 [ 673.620697][T15663] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 673.620710][T15663] RSP: 002b:00007fe9a867d038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 673.620724][T15663] RAX: ffffffffffffffda RBX: 00007fe9a79e6180 RCX: 00007fe9a778eec9 [ 673.620734][T15663] RDX: 000000000000fffe RSI: 0000000000000000 RDI: 0000000000000003 [ 673.620742][T15663] RBP: 00007fe9a867d090 R08: 0000000000000000 R09: 0000000000000000 [ 673.620751][T15663] R10: 0000000000000006 R11: 0000000000000246 R12: 0000000000000002 [ 673.620759][T15663] R13: 00007fe9a79e6218 R14: 00007fe9a79e6180 R15: 00007ffed535fec8 [ 673.620777][T15663] [ 673.823235][ C0] vkms_vblank_simulate: vblank timer overrun [ 674.380886][T15664] zswap: compressor not available [ 674.508286][T15684] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2106'. [ 676.366142][T15725] snd_virmidi snd_virmidi.0: control 5:9:56511:IAªƒ>/Æ[k<÷ÎÇmgx­Ž¬<Ú5ºœ+-Cî°ÜYÈÝ5:0 is already present [ 677.666766][T15738] netlink: 186 bytes leftover after parsing attributes in process `syz.3.2112'. [ 677.741006][T15718] kexec: Could not allocate control_code_buffer [ 678.074773][T15737] netlink: 268 bytes leftover after parsing attributes in process `syz.3.2112'. [ 678.222424][T15740] vivid-003: ================= START STATUS ================= [ 678.237932][T15740] vivid-003: Radio HW Seek Mode: Bounded [ 678.243650][T15740] vivid-003: Radio Programmable HW Seek: false [ 678.297774][T15740] vivid-003: RDS Rx I/O Mode: Block I/O [ 678.318305][T15740] vivid-003: Generate RBDS Instead of RDS: false [ 678.324699][T15740] vivid-003: RDS Reception: true [ 678.358344][T15740] vivid-003: RDS Program Type: 0 inactive [ 678.365473][T15740] vivid-003: RDS PS Name: inactive [ 678.397405][T15740] vivid-003: RDS Radio Text: inactive [ 678.405992][T15740] vivid-003: RDS Traffic Announcement: false inactive [ 678.408999][T15752] netlink: 'syz.0.2116': attribute type 5 has an invalid length. [ 678.413222][T15740] vivid-003: RDS Traffic Program: false inactive [ 678.440720][T15740] vivid-003: RDS Music: false inactive [ 678.451889][T15740] vivid-003: ================== END STATUS ================== [ 678.468170][T15752] netlink: 'syz.0.2116': attribute type 1 has an invalid length. [ 678.477025][T15752] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2116'. [ 679.892430][T15778] snd_virmidi snd_virmidi.0: control 5:9:56511:IAªƒ>/Æ[k<÷ÎÇmgx­Ž¬<Ú5ºœ+-Cî°ÜYÈÝ5:0 is already present [ 680.333656][T15786] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 680.356105][T15786] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 680.703260][T15785] FAULT_INJECTION: forcing a failure. [ 680.703260][T15785] name failslab, interval 1, probability 0, space 0, times 0 [ 680.744282][T15785] CPU: 0 UID: 0 PID: 15785 Comm: syz.0.2122 Tainted: G U syzkaller #0 PREEMPT(full) [ 680.744328][T15785] Tainted: [U]=USER [ 680.744338][T15785] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 680.744351][T15785] Call Trace: [ 680.744359][T15785] [ 680.744366][T15785] dump_stack_lvl+0x16c/0x1f0 [ 680.744395][T15785] should_fail_ex+0x512/0x640 [ 680.744418][T15785] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 680.744438][T15785] should_failslab+0xc2/0x120 [ 680.744458][T15785] __kmalloc_cache_noprof+0x6a/0x3e0 [ 680.744475][T15785] ? alloc_netdev_mqs+0xec4/0x1530 [ 680.744507][T15785] alloc_netdev_mqs+0xec4/0x1530 [ 680.744533][T15785] internal_dev_create+0x8a/0x520 [ 680.744551][T15785] ovs_vport_add+0x144/0x4d0 [ 680.744575][T15785] new_vport+0x16/0x1d0 [ 680.744593][T15785] ovs_dp_cmd_new+0x6ba/0xe60 [ 680.744617][T15785] ? __pfx_ovs_dp_cmd_new+0x10/0x10 [ 680.744640][T15785] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 680.744657][T15785] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 680.744678][T15785] genl_family_rcv_msg_doit+0x206/0x2f0 [ 680.744695][T15785] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 680.744717][T15785] ? bpf_lsm_capable+0x9/0x10 [ 680.744731][T15785] ? security_capable+0x7e/0x260 [ 680.744749][T15785] ? ns_capable+0xd7/0x110 [ 680.744767][T15785] genl_rcv_msg+0x55c/0x800 [ 680.744785][T15785] ? __pfx_genl_rcv_msg+0x10/0x10 [ 680.744800][T15785] ? __pfx_ovs_dp_cmd_new+0x10/0x10 [ 680.744828][T15785] ? __lock_acquire+0x62e/0x1ce0 [ 680.744864][T15785] netlink_rcv_skb+0x158/0x420 [ 680.744901][T15785] ? __pfx_genl_rcv_msg+0x10/0x10 [ 680.744929][T15785] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 680.744981][T15785] ? netlink_deliver_tap+0x1ae/0xd30 [ 680.745017][T15785] ? is_vmalloc_addr+0x86/0xa0 [ 680.745051][T15785] genl_rcv+0x28/0x40 [ 680.745075][T15785] netlink_unicast+0x5a7/0x870 [ 680.745120][T15785] ? __pfx_netlink_unicast+0x10/0x10 [ 680.745160][T15785] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 680.745197][T15785] ? __lock_acquire+0xb97/0x1ce0 [ 680.745241][T15785] netlink_sendmsg+0x8d1/0xdd0 [ 680.745287][T15785] ? __pfx_netlink_sendmsg+0x10/0x10 [ 680.745329][T15785] ? aa_sock_msg_perm.constprop.0+0x100/0x1d0 [ 680.745362][T15785] ____sys_sendmsg+0xa98/0xc70 [ 680.745394][T15785] ? copy_msghdr_from_user+0x10a/0x160 [ 680.745433][T15785] ? __pfx_____sys_sendmsg+0x10/0x10 [ 680.745473][T15785] ? __pfx_futex_wake_mark+0x10/0x10 [ 680.745530][T15785] ___sys_sendmsg+0x134/0x1d0 [ 680.745575][T15785] ? __pfx____sys_sendmsg+0x10/0x10 [ 680.745662][T15785] __sys_sendmsg+0x16d/0x220 [ 680.745702][T15785] ? __pfx___sys_sendmsg+0x10/0x10 [ 680.745738][T15785] ? __x64_sys_futex+0x1e0/0x4c0 [ 680.745795][T15785] do_syscall_64+0xcd/0x4c0 [ 680.745836][T15785] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 680.745864][T15785] RIP: 0033:0x7fe9a778eec9 [ 680.745887][T15785] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 680.745914][T15785] RSP: 002b:00007fe9a86bf038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 680.745940][T15785] RAX: ffffffffffffffda RBX: 00007fe9a79e5fa0 RCX: 00007fe9a778eec9 [ 680.745957][T15785] RDX: 0000000000000080 RSI: 0000200000000140 RDI: 000000000000000a [ 680.745972][T15785] RBP: 00007fe9a7811f91 R08: 0000000000000000 R09: 0000000000000000 [ 680.745987][T15785] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 680.746001][T15785] R13: 00007fe9a79e6038 R14: 00007fe9a79e5fa0 R15: 00007ffed535fec8 [ 680.746033][T15785] [ 682.388896][T11766] Bluetooth: hci3: command 0x0c1a tx timeout [ 682.394964][T11766] Bluetooth: hci2: command 0x0c1a tx timeout [ 683.650210][T15819] FAULT_INJECTION: forcing a failure. [ 683.650210][T15819] name failslab, interval 1, probability 0, space 0, times 0 [ 683.728006][T15819] CPU: 1 UID: 0 PID: 15819 Comm: syz.3.2130 Tainted: G U syzkaller #0 PREEMPT(full) [ 683.728052][T15819] Tainted: [U]=USER [ 683.728061][T15819] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 683.728076][T15819] Call Trace: [ 683.728085][T15819] [ 683.728095][T15819] dump_stack_lvl+0x16c/0x1f0 [ 683.728141][T15819] should_fail_ex+0x512/0x640 [ 683.728180][T15819] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 683.728222][T15819] should_failslab+0xc2/0x120 [ 683.728257][T15819] __kmalloc_cache_noprof+0x6a/0x3e0 [ 683.728285][T15819] ? trace_kmalloc+0x2b/0xd0 [ 683.728319][T15819] ? __kvmalloc_node_noprof+0x298/0x620 [ 683.728352][T15819] ? single_open+0x4d/0x1f0 [ 683.728389][T15819] ? single_open_size+0x4e/0x160 [ 683.728416][T15819] ? __pfx_show_stat+0x10/0x10 [ 683.728444][T15819] single_open+0x4d/0x1f0 [ 683.728480][T15819] ? __pfx_show_stat+0x10/0x10 [ 683.728511][T15819] single_open_size+0x6d/0x160 [ 683.728534][T15819] ? __pfx_stat_open+0x10/0x10 [ 683.728565][T15819] proc_reg_open+0x137/0x5f0 [ 683.728602][T15819] do_dentry_open+0x982/0x1530 [ 683.728633][T15819] ? __pfx_proc_reg_open+0x10/0x10 [ 683.728674][T15819] vfs_open+0x82/0x3f0 [ 683.728716][T15819] path_openat+0x1de4/0x2cb0 [ 683.728760][T15819] ? __pfx_path_openat+0x10/0x10 [ 683.728802][T15819] do_filp_open+0x20b/0x470 [ 683.728834][T15819] ? __pfx_do_filp_open+0x10/0x10 [ 683.728890][T15819] ? alloc_fd+0x471/0x7d0 [ 683.728930][T15819] do_sys_openat2+0x11b/0x1d0 [ 683.728970][T15819] ? __pfx_do_sys_openat2+0x10/0x10 [ 683.729006][T15819] ? __fget_files+0x204/0x3c0 [ 683.729047][T15819] __x64_sys_openat+0x174/0x210 [ 683.729069][T15819] ? __pfx___x64_sys_openat+0x10/0x10 [ 683.729105][T15819] do_syscall_64+0xcd/0x4c0 [ 683.729147][T15819] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 683.729175][T15819] RIP: 0033:0x7f16e298eec9 [ 683.729205][T15819] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 683.729234][T15819] RSP: 002b:00007f16e3756038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 683.729261][T15819] RAX: ffffffffffffffda RBX: 00007f16e2be6090 RCX: 00007f16e298eec9 [ 683.729281][T15819] RDX: 0000000000000000 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 683.729299][T15819] RBP: 00007f16e2a11f91 R08: 0000000000000000 R09: 0000000000000000 [ 683.729315][T15819] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 683.729330][T15819] R13: 00007f16e2be6128 R14: 00007f16e2be6090 R15: 00007ffffb8c6f08 [ 683.729366][T15819] [ 685.128626][T15845] netlink: zone id is out of range [ 685.133950][T15845] netlink: del zone limit has 4 unknown bytes [ 685.140936][T15845] FAULT_INJECTION: forcing a failure. [ 685.140936][T15845] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 685.158890][T15845] CPU: 0 UID: 0 PID: 15845 Comm: syz.0.2135 Tainted: G U syzkaller #0 PREEMPT(full) [ 685.158929][T15845] Tainted: [U]=USER [ 685.158938][T15845] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 685.158953][T15845] Call Trace: [ 685.158962][T15845] [ 685.158971][T15845] dump_stack_lvl+0x16c/0x1f0 [ 685.159013][T15845] should_fail_ex+0x512/0x640 [ 685.159061][T15845] _copy_to_user+0x32/0xd0 [ 685.159091][T15845] simple_read_from_buffer+0xcb/0x170 [ 685.159121][T15845] proc_fail_nth_read+0x197/0x240 [ 685.159150][T15845] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 685.159179][T15845] ? rw_verify_area+0xcf/0x6c0 [ 685.159205][T15845] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 685.159232][T15845] vfs_read+0x1e4/0xcf0 [ 685.159267][T15845] ? __pfx_vfs_read+0x10/0x10 [ 685.159300][T15845] ? __pfx_task_mm_cid_work+0x10/0x10 [ 685.159324][T15845] ? __pfx___might_resched+0x10/0x10 [ 685.159350][T15845] ? rcu_is_watching+0x12/0xc0 [ 685.159373][T15845] ? blkcg_maybe_throttle_current+0x650/0xf30 [ 685.159415][T15845] ksys_read+0x12a/0x250 [ 685.159443][T15845] ? __pfx_ksys_read+0x10/0x10 [ 685.159481][T15845] do_syscall_64+0xcd/0x4c0 [ 685.159520][T15845] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 685.159546][T15845] RIP: 0033:0x7fe9a778d8dc [ 685.159567][T15845] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 685.159590][T15845] RSP: 002b:00007fe9a86bf030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 685.159614][T15845] RAX: ffffffffffffffda RBX: 00007fe9a79e5fa0 RCX: 00007fe9a778d8dc [ 685.159632][T15845] RDX: 000000000000000f RSI: 00007fe9a86bf0a0 RDI: 0000000000000001 [ 685.159647][T15845] RBP: 00007fe9a86bf090 R08: 0000000000000000 R09: 0000000000000000 [ 685.159663][T15845] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 685.159677][T15845] R13: 00007fe9a79e6038 R14: 00007fe9a79e5fa0 R15: 00007ffed535fec8 [ 685.159711][T15845] [ 685.363273][ C0] vkms_vblank_simulate: vblank timer overrun [ 685.991491][T15856] ubi0: attaching mtd0 [ 686.002387][T15856] ubi0: scanning is finished [ 686.007398][T15856] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 686.052039][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 686.058625][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 686.214250][T15856] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 687.302485][T15858] kexec: Could not allocate control_code_buffer [ 688.449111][T15892] FAULT_INJECTION: forcing a failure. [ 688.449111][T15892] name failslab, interval 1, probability 0, space 0, times 0 [ 688.482776][T15892] CPU: 1 UID: 0 PID: 15892 Comm: syz.2.2144 Tainted: G U syzkaller #0 PREEMPT(full) [ 688.482813][T15892] Tainted: [U]=USER [ 688.482821][T15892] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 688.482833][T15892] Call Trace: [ 688.482842][T15892] [ 688.482852][T15892] dump_stack_lvl+0x16c/0x1f0 [ 688.482892][T15892] should_fail_ex+0x512/0x640 [ 688.482919][T15892] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 688.482937][T15892] should_failslab+0xc2/0x120 [ 688.482956][T15892] __kmalloc_cache_noprof+0x6a/0x3e0 [ 688.482971][T15892] ? cgroup_show_path+0xb2/0x740 [ 688.482988][T15892] ? __pfx_cgroup_show_path+0x10/0x10 [ 688.483002][T15892] cgroup_show_path+0xb2/0x740 [ 688.483020][T15892] ? __pfx_cgroup_show_path+0x10/0x10 [ 688.483033][T15892] kernfs_sop_show_path+0xe6/0x160 [ 688.483050][T15892] ? __pfx_kernfs_sop_show_path+0x10/0x10 [ 688.483069][T15892] show_path+0x9b/0x100 [ 688.483089][T15892] show_mountinfo+0x1d8/0x820 [ 688.483104][T15892] ? __pfx_show_mountinfo+0x10/0x10 [ 688.483123][T15892] seq_read_iter+0xb1b/0x12c0 [ 688.483146][T15892] do_iter_readv_writev+0x743/0x9e0 [ 688.483164][T15892] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 688.483185][T15892] ? rw_verify_area+0xcf/0x6c0 [ 688.483201][T15892] vfs_readv+0x4cb/0x8b0 [ 688.483215][T15892] ? __pfx___might_resched+0x10/0x10 [ 688.483234][T15892] ? __pfx_vfs_readv+0x10/0x10 [ 688.483247][T15892] ? __mutex_lock+0x1c5/0x1060 [ 688.483274][T15892] ? __pfx___mutex_lock+0x10/0x10 [ 688.483301][T15892] ? __fget_files+0x20e/0x3c0 [ 688.483315][T15892] ? __fget_files+0x1b0/0x3c0 [ 688.483335][T15892] ? do_readv+0x132/0x340 [ 688.483347][T15892] do_readv+0x132/0x340 [ 688.483362][T15892] ? __pfx_do_readv+0x10/0x10 [ 688.483382][T15892] do_syscall_64+0xcd/0x4c0 [ 688.483405][T15892] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 688.483419][T15892] RIP: 0033:0x7f58e6d8eec9 [ 688.483432][T15892] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 688.483446][T15892] RSP: 002b:00007f58e7c80038 EFLAGS: 00000246 ORIG_RAX: 0000000000000013 [ 688.483460][T15892] RAX: ffffffffffffffda RBX: 00007f58e6fe6270 RCX: 00007f58e6d8eec9 [ 688.483469][T15892] RDX: 8000040000000003 RSI: 0000200000000a80 RDI: 0000000000000002 [ 688.483478][T15892] RBP: 00007f58e7c80090 R08: 0000000000000000 R09: 0000000000000000 [ 688.483487][T15892] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 688.483495][T15892] R13: 00007f58e6fe6308 R14: 00007f58e6fe6270 R15: 00007ffd95b3f528 [ 688.483514][T15892] [ 689.667659][T15915] sd 0:0:1:0: PR command failed: 1026 [ 689.679374][T15913] netlink: 330 bytes leftover after parsing attributes in process `syz.3.2151'. [ 689.715669][T15915] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 689.725208][T15915] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 689.968316][T15909] netlink: 74 bytes leftover after parsing attributes in process `syz.0.2150'. [ 690.632183][T15930] netlink: 342 bytes leftover after parsing attributes in process `syz.0.2155'. [ 690.649411][T15930] FAULT_INJECTION: forcing a failure. [ 690.649411][T15930] name failslab, interval 1, probability 0, space 0, times 0 [ 690.673609][T15930] CPU: 0 UID: 0 PID: 15930 Comm: syz.0.2155 Tainted: G U syzkaller #0 PREEMPT(full) [ 690.673646][T15930] Tainted: [U]=USER [ 690.673655][T15930] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 690.673669][T15930] Call Trace: [ 690.673677][T15930] [ 690.673687][T15930] dump_stack_lvl+0x16c/0x1f0 [ 690.673726][T15930] should_fail_ex+0x512/0x640 [ 690.673769][T15930] ? __kmalloc_noprof+0xbf/0x510 [ 690.673799][T15930] ? fib_create_info+0x53f/0x46b0 [ 690.673825][T15930] should_failslab+0xc2/0x120 [ 690.673855][T15930] __kmalloc_noprof+0xd2/0x510 [ 690.673881][T15930] ? irq_work_queue+0xce/0x100 [ 690.673923][T15930] fib_create_info+0x53f/0x46b0 [ 690.673968][T15930] ? __pfx__printk+0x10/0x10 [ 690.674001][T15930] ? __pfx_fib_create_info+0x10/0x10 [ 690.674031][T15930] ? __mutex_trylock_common+0xe9/0x250 [ 690.674071][T15930] fib_table_insert+0x177/0x1c40 [ 690.674105][T15930] ? rcu_is_watching+0x12/0xc0 [ 690.674130][T15930] ? trace_contention_end+0xdd/0x130 [ 690.674171][T15930] ? kasan_quarantine_put+0x10a/0x240 [ 690.674200][T15930] ? __pfx_fib_table_insert+0x10/0x10 [ 690.674244][T15930] ? __asan_memset+0x23/0x50 [ 690.674269][T15930] ? rtm_to_fib_config+0x895/0x1390 [ 690.674300][T15930] ? inet_rtm_newroute+0x124/0x210 [ 690.674325][T15930] inet_rtm_newroute+0x124/0x210 [ 690.674351][T15930] ? __pfx_inet_rtm_newroute+0x10/0x10 [ 690.674392][T15930] ? __pfx_inet_rtm_newroute+0x10/0x10 [ 690.674418][T15930] ? __pfx_inet_rtm_newroute+0x10/0x10 [ 690.674443][T15930] ? rtnetlink_rcv_msg+0x93a/0xe90 [ 690.674469][T15930] ? __pfx_inet_rtm_newroute+0x10/0x10 [ 690.674495][T15930] rtnetlink_rcv_msg+0x95b/0xe90 [ 690.674523][T15930] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 690.674557][T15930] ? ref_tracker_free+0x37c/0x830 [ 690.674585][T15930] netlink_rcv_skb+0x158/0x420 [ 690.674619][T15930] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 690.674644][T15930] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 690.674690][T15930] ? netlink_deliver_tap+0x1ae/0xd30 [ 690.674730][T15930] netlink_unicast+0x5a7/0x870 [ 690.674778][T15930] ? __pfx_netlink_unicast+0x10/0x10 [ 690.674813][T15930] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 690.674845][T15930] ? __lock_acquire+0xb97/0x1ce0 [ 690.674884][T15930] netlink_sendmsg+0x8d1/0xdd0 [ 690.674924][T15930] ? __pfx_netlink_sendmsg+0x10/0x10 [ 690.674962][T15930] ? aa_sock_msg_perm.constprop.0+0x100/0x1d0 [ 690.674995][T15930] ____sys_sendmsg+0xa98/0xc70 [ 690.675023][T15930] ? copy_msghdr_from_user+0x10a/0x160 [ 690.675057][T15930] ? __pfx_____sys_sendmsg+0x10/0x10 [ 690.675101][T15930] ___sys_sendmsg+0x134/0x1d0 [ 690.675138][T15930] ? __pfx____sys_sendmsg+0x10/0x10 [ 690.675217][T15930] __sys_sendmsg+0x16d/0x220 [ 690.675253][T15930] ? __pfx___sys_sendmsg+0x10/0x10 [ 690.675312][T15930] do_syscall_64+0xcd/0x4c0 [ 690.675351][T15930] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 690.675375][T15930] RIP: 0033:0x7fe9a778eec9 [ 690.675396][T15930] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 690.675420][T15930] RSP: 002b:00007fe9a86bf038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 690.675444][T15930] RAX: ffffffffffffffda RBX: 00007fe9a79e5fa0 RCX: 00007fe9a778eec9 [ 690.675461][T15930] RDX: 0000000000040000 RSI: 0000200000000240 RDI: 0000000000000003 [ 690.675476][T15930] RBP: 00007fe9a86bf090 R08: 0000000000000000 R09: 0000000000000000 [ 690.675490][T15930] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 690.675505][T15930] R13: 00007fe9a79e6038 R14: 00007fe9a79e5fa0 R15: 00007ffed535fec8 [ 690.675540][T15930] [ 690.918745][T15930] netlink: 342 bytes leftover after parsing attributes in process `syz.0.2155'. [ 691.229792][T15929] netlink: 268 bytes leftover after parsing attributes in process `syz.1.2154'. [ 692.199114][T15947] device-mapper: ioctl: dm_ctl_ioctl: unknown command 0xfffffd12 [ 692.283473][T15945] FAULT_INJECTION: forcing a failure. [ 692.283473][T15945] name failslab, interval 1, probability 0, space 0, times 0 [ 692.329851][T15945] CPU: 0 UID: 0 PID: 15945 Comm: syz.1.2158 Tainted: G U syzkaller #0 PREEMPT(full) [ 692.329894][T15945] Tainted: [U]=USER [ 692.329903][T15945] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 692.329919][T15945] Call Trace: [ 692.329929][T15945] [ 692.329940][T15945] dump_stack_lvl+0x16c/0x1f0 [ 692.329984][T15945] should_fail_ex+0x512/0x640 [ 692.330022][T15945] ? __kmalloc_noprof+0xbf/0x510 [ 692.330056][T15945] ? tbl_mask_array_alloc+0x38/0x160 [ 692.330083][T15945] should_failslab+0xc2/0x120 [ 692.330117][T15945] __kmalloc_noprof+0xd2/0x510 [ 692.330153][T15945] tbl_mask_array_alloc+0x38/0x160 [ 692.330187][T15945] ovs_flow_tbl_init+0x40/0x600 [ 692.330219][T15945] ? kasan_save_track+0x14/0x30 [ 692.330252][T15945] ovs_dp_cmd_new+0x251/0xe60 [ 692.330299][T15945] ? __pfx_ovs_dp_cmd_new+0x10/0x10 [ 692.330345][T15945] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 692.330378][T15945] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 692.330425][T15945] genl_family_rcv_msg_doit+0x206/0x2f0 [ 692.330459][T15945] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 692.330502][T15945] ? bpf_lsm_capable+0x9/0x10 [ 692.330526][T15945] ? security_capable+0x7e/0x260 [ 692.330553][T15945] ? ns_capable+0xd7/0x110 [ 692.330582][T15945] genl_rcv_msg+0x55c/0x800 [ 692.330614][T15945] ? __pfx_genl_rcv_msg+0x10/0x10 [ 692.330643][T15945] ? __pfx_ovs_dp_cmd_new+0x10/0x10 [ 692.330689][T15945] netlink_rcv_skb+0x158/0x420 [ 692.330728][T15945] ? __pfx_genl_rcv_msg+0x10/0x10 [ 692.330758][T15945] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 692.330813][T15945] ? netlink_deliver_tap+0x1ae/0xd30 [ 692.330854][T15945] genl_rcv+0x28/0x40 [ 692.330873][T15945] netlink_unicast+0x5a7/0x870 [ 692.330908][T15945] ? __pfx_netlink_unicast+0x10/0x10 [ 692.330946][T15945] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 692.330981][T15945] ? __lock_acquire+0xb97/0x1ce0 [ 692.331026][T15945] netlink_sendmsg+0x8d1/0xdd0 [ 692.331077][T15945] ? __pfx_netlink_sendmsg+0x10/0x10 [ 692.331119][T15945] ? aa_sock_msg_perm.constprop.0+0x100/0x1d0 [ 692.331154][T15945] ____sys_sendmsg+0xa98/0xc70 [ 692.331183][T15945] ? copy_msghdr_from_user+0x10a/0x160 [ 692.331221][T15945] ? __pfx_____sys_sendmsg+0x10/0x10 [ 692.331257][T15945] ? __pfx_futex_wake_mark+0x10/0x10 [ 692.331298][T15945] ___sys_sendmsg+0x134/0x1d0 [ 692.331337][T15945] ? __pfx____sys_sendmsg+0x10/0x10 [ 692.331431][T15945] __sys_sendmsg+0x16d/0x220 [ 692.331472][T15945] ? __pfx___sys_sendmsg+0x10/0x10 [ 692.331510][T15945] ? __x64_sys_futex+0x1e0/0x4c0 [ 692.331565][T15945] do_syscall_64+0xcd/0x4c0 [ 692.331607][T15945] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 692.331633][T15945] RIP: 0033:0x7f4e07b8eec9 [ 692.331653][T15945] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 692.331679][T15945] RSP: 002b:00007f4e08acd038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 692.331704][T15945] RAX: ffffffffffffffda RBX: 00007f4e07de6090 RCX: 00007f4e07b8eec9 [ 692.331721][T15945] RDX: 0000000000000080 RSI: 0000200000000140 RDI: 000000000000000a [ 692.331738][T15945] RBP: 00007f4e07c11f91 R08: 0000000000000000 R09: 0000000000000000 [ 692.331752][T15945] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 692.331765][T15945] R13: 00007f4e07de6128 R14: 00007f4e07de6090 R15: 00007fffb5663da8 [ 692.331794][T15945] [ 693.415713][T15969] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2165'. [ 693.898755][T15983] bridge0: port 3(hsr0) entered blocking state [ 693.914927][T15983] bridge0: port 3(hsr0) entered disabled state [ 693.926487][T15983] hsr0: entered allmulticast mode [ 693.936637][T15983] hsr_slave_0: entered allmulticast mode [ 693.943228][T15983] hsr_slave_1: entered allmulticast mode [ 693.953359][T15983] hsr0: entered promiscuous mode [ 693.999177][T15983] bridge0: port 3(hsr0) entered blocking state [ 694.007303][T15983] bridge0: port 3(hsr0) entered forwarding state [ 695.682892][T15988] netlink: 268 bytes leftover after parsing attributes in process `syz.0.2172'. [ 697.855089][T16061] nbd: must specify at least one socket [ 699.070033][T16090] FAULT_INJECTION: forcing a failure. [ 699.070033][T16090] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 699.099374][T16090] CPU: 0 UID: 0 PID: 16090 Comm: syz.0.2188 Tainted: G U syzkaller #0 PREEMPT(full) [ 699.099418][T16090] Tainted: [U]=USER [ 699.099428][T16090] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 699.099445][T16090] Call Trace: [ 699.099455][T16090] [ 699.099466][T16090] dump_stack_lvl+0x16c/0x1f0 [ 699.099519][T16090] should_fail_ex+0x512/0x640 [ 699.099565][T16090] should_fail_alloc_page+0xe7/0x130 [ 699.099605][T16090] prepare_alloc_pages+0x3c2/0x610 [ 699.099644][T16090] ? rcu_is_watching+0x12/0xc0 [ 699.099677][T16090] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 699.099709][T16090] ? css_rstat_updated+0x1c2/0x510 [ 699.099739][T16090] ? __pfx_css_rstat_updated+0x10/0x10 [ 699.099768][T16090] ? __lock_acquire+0x62e/0x1ce0 [ 699.099799][T16090] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 699.099843][T16090] ? __lock_acquire+0x62e/0x1ce0 [ 699.099881][T16090] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 699.099922][T16090] ? policy_nodemask+0xea/0x4e0 [ 699.099960][T16090] alloc_pages_mpol+0x1fb/0x550 [ 699.099997][T16090] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 699.100046][T16090] ? __lock_acquire+0x62e/0x1ce0 [ 699.100085][T16090] folio_alloc_mpol_noprof+0x36/0x2f0 [ 699.100129][T16090] vma_alloc_folio_noprof+0xed/0x1e0 [ 699.100169][T16090] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 699.100220][T16090] do_pte_missing+0x2230/0x3ba0 [ 699.100249][T16090] ? find_held_lock+0x2b/0x80 [ 699.100285][T16090] __handle_mm_fault+0x152a/0x2a50 [ 699.100324][T16090] ? __pfx___handle_mm_fault+0x10/0x10 [ 699.100356][T16090] ? __pte_offset_map_lock+0x174/0x310 [ 699.100392][T16090] ? find_held_lock+0x2b/0x80 [ 699.100430][T16090] ? follow_page_pte.constprop.0+0x5cf/0x1390 [ 699.100478][T16090] handle_mm_fault+0x589/0xd10 [ 699.100514][T16090] __get_user_pages+0x551/0x34a0 [ 699.100569][T16090] ? __pfx___get_user_pages+0x10/0x10 [ 699.100620][T16090] populate_vma_page_range+0x267/0x3f0 [ 699.100663][T16090] ? __pfx_populate_vma_page_range+0x10/0x10 [ 699.100702][T16090] ? __pfx_find_vma_intersection+0x10/0x10 [ 699.100741][T16090] ? do_mmap+0x69c/0x1210 [ 699.100780][T16090] __mm_populate+0x1d8/0x380 [ 699.100807][T16090] ? __pfx___mm_populate+0x10/0x10 [ 699.100835][T16090] ? up_write+0x1b2/0x520 [ 699.100876][T16090] vm_mmap_pgoff+0x37f/0x470 [ 699.100919][T16090] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 699.100964][T16090] ? __x64_sys_futex+0x1e0/0x4c0 [ 699.100996][T16090] ? __x64_sys_futex+0x1e9/0x4c0 [ 699.101042][T16090] ksys_mmap_pgoff+0x7d/0x5c0 [ 699.101080][T16090] ? xfd_validate_state+0x61/0x180 [ 699.101123][T16090] __x64_sys_mmap+0x125/0x190 [ 699.101167][T16090] do_syscall_64+0xcd/0x4c0 [ 699.101211][T16090] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 699.101239][T16090] RIP: 0033:0x7fe9a778eec9 [ 699.101262][T16090] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 699.101288][T16090] RSP: 002b:00007fe9a86bf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 699.101314][T16090] RAX: ffffffffffffffda RBX: 00007fe9a79e5fa0 RCX: 00007fe9a778eec9 [ 699.101332][T16090] RDX: 00000000000000df RSI: 0000000000400008 RDI: 0000000000000000 [ 699.101349][T16090] RBP: 00007fe9a7811f91 R08: 0000000000000002 R09: 0000000000008000 [ 699.101366][T16090] R10: 0000000000009b72 R11: 0000000000000246 R12: 0000000000000000 [ 699.101383][T16090] R13: 00007fe9a79e6038 R14: 00007fe9a79e5fa0 R15: 00007ffed535fec8 [ 699.101420][T16090] [ 699.444344][ C0] vkms_vblank_simulate: vblank timer overrun [ 700.114085][T16119] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input21 [ 703.504244][T16169] FAULT_INJECTION: forcing a failure. [ 703.504244][T16169] name failslab, interval 1, probability 0, space 0, times 0 [ 703.554592][T16169] CPU: 0 UID: 0 PID: 16169 Comm: syz.3.2201 Tainted: G U syzkaller #0 PREEMPT(full) [ 703.554635][T16169] Tainted: [U]=USER [ 703.554643][T16169] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 703.554659][T16169] Call Trace: [ 703.554669][T16169] [ 703.554680][T16169] dump_stack_lvl+0x16c/0x1f0 [ 703.554726][T16169] should_fail_ex+0x512/0x640 [ 703.554761][T16169] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 703.554798][T16169] should_failslab+0xc2/0x120 [ 703.554833][T16169] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 703.554866][T16169] ? __d_alloc+0x32/0xae0 [ 703.554902][T16169] __d_alloc+0x32/0xae0 [ 703.554936][T16169] d_alloc_pseudo+0x1c/0xc0 [ 703.554970][T16169] alloc_file_pseudo+0xcf/0x230 [ 703.555007][T16169] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 703.555044][T16169] ? _raw_spin_unlock+0x28/0x50 [ 703.555076][T16169] ? alloc_fd+0x471/0x7d0 [ 703.555100][T16169] __anon_inode_getfile+0xe8/0x280 [ 703.555133][T16169] anon_inode_getfd+0x52/0xb0 [ 703.555163][T16169] map_create+0xca1/0x1f80 [ 703.555204][T16169] ? __pfx_map_create+0x10/0x10 [ 703.555233][T16169] ? __might_fault+0xe3/0x190 [ 703.555258][T16169] ? __might_fault+0xe3/0x190 [ 703.555285][T16169] ? __might_fault+0x13b/0x190 [ 703.555336][T16169] __sys_bpf+0x44d2/0x4de0 [ 703.555373][T16169] ? __pfx_futex_wake+0x10/0x10 [ 703.555408][T16169] ? __pfx___sys_bpf+0x10/0x10 [ 703.555429][T16169] ? ksys_write+0x190/0x250 [ 703.555449][T16169] ? do_futex+0x122/0x350 [ 703.555467][T16169] ? __pfx_do_futex+0x10/0x10 [ 703.555491][T16169] ? fput+0x9b/0xd0 [ 703.555511][T16169] ? xfd_validate_state+0x61/0x180 [ 703.555531][T16169] ? __pfx_ksys_write+0x10/0x10 [ 703.555550][T16169] __x64_sys_bpf+0x78/0xc0 [ 703.555574][T16169] ? lockdep_hardirqs_on+0x7c/0x110 [ 703.555595][T16169] do_syscall_64+0xcd/0x4c0 [ 703.555617][T16169] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 703.555633][T16169] RIP: 0033:0x7f16e298eec9 [ 703.555646][T16169] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 703.555660][T16169] RSP: 002b:00007f16e3756038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 703.555674][T16169] RAX: ffffffffffffffda RBX: 00007f16e2be6090 RCX: 00007f16e298eec9 [ 703.555684][T16169] RDX: 0000000000000010 RSI: 0000200000000100 RDI: 0000000000000000 [ 703.555693][T16169] RBP: 00007f16e2a11f91 R08: 0000000000000000 R09: 0000000000000000 [ 703.555701][T16169] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 703.555709][T16169] R13: 00007f16e2be6128 R14: 00007f16e2be6090 R15: 00007ffffb8c6f08 [ 703.555727][T16169] [ 703.815622][ C0] vkms_vblank_simulate: vblank timer overrun [ 703.983233][T16186] sd 0:0:1:0: PR command failed: 1026 [ 704.014072][T16186] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 704.131407][T16186] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 704.133667][T16192] netlink: zone id is out of range [ 704.156381][T16192] netlink: del zone limit has 4 unknown bytes [ 704.492542][T16203] FAULT_INJECTION: forcing a failure. [ 704.492542][T16203] name failslab, interval 1, probability 0, space 0, times 0 [ 704.642738][T16203] CPU: 0 UID: 0 PID: 16203 Comm: syz.1.2210 Tainted: G U syzkaller #0 PREEMPT(full) [ 704.642783][T16203] Tainted: [U]=USER [ 704.642792][T16203] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 704.642809][T16203] Call Trace: [ 704.642818][T16203] [ 704.642829][T16203] dump_stack_lvl+0x16c/0x1f0 [ 704.642878][T16203] should_fail_ex+0x512/0x640 [ 704.642918][T16203] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 704.642954][T16203] should_failslab+0xc2/0x120 [ 704.642987][T16203] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 704.643018][T16203] ? __alloc_skb+0x2b2/0x380 [ 704.643057][T16203] __alloc_skb+0x2b2/0x380 [ 704.643091][T16203] ? __pfx___alloc_skb+0x10/0x10 [ 704.643131][T16203] ? __pfx___register_sysctl_table+0x10/0x10 [ 704.643167][T16203] ? is_module_address+0x69/0xf0 [ 704.643206][T16203] inet_netconf_notify_devconf+0x8b/0x1f0 [ 704.643237][T16203] __devinet_sysctl_register+0x227/0x360 [ 704.643269][T16203] ? __pfx___devinet_sysctl_register+0x10/0x10 [ 704.643300][T16203] ? devinet_init_net+0xeb/0x910 [ 704.643328][T16203] ? __asan_memcpy+0x3c/0x60 [ 704.643358][T16203] devinet_init_net+0x347/0x910 [ 704.643387][T16203] ? __pfx_devinet_init_net+0x10/0x10 [ 704.643414][T16203] ops_init+0x1e2/0x5f0 [ 704.643455][T16203] setup_net+0x10f/0x380 [ 704.643486][T16203] ? lockdep_init_map_type+0x5c/0x280 [ 704.643524][T16203] ? __pfx_setup_net+0x10/0x10 [ 704.643550][T16203] ? debug_mutex_init+0x37/0x70 [ 704.643580][T16203] copy_net_ns+0x2a6/0x5f0 [ 704.643611][T16203] create_new_namespaces+0x3ea/0xa90 [ 704.643650][T16203] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 704.643682][T16203] ksys_unshare+0x45b/0xa40 [ 704.643717][T16203] ? __pfx_ksys_unshare+0x10/0x10 [ 704.643752][T16203] ? xfd_validate_state+0x61/0x180 [ 704.643798][T16203] __x64_sys_unshare+0x31/0x40 [ 704.643831][T16203] do_syscall_64+0xcd/0x4c0 [ 704.643871][T16203] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 704.643896][T16203] RIP: 0033:0x7f4e07b8eec9 [ 704.643917][T16203] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 704.643943][T16203] RSP: 002b:00007f4e08aee038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 704.643968][T16203] RAX: ffffffffffffffda RBX: 00007f4e07de5fa0 RCX: 00007f4e07b8eec9 [ 704.643987][T16203] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 704.644003][T16203] RBP: 00007f4e07c11f91 R08: 0000000000000000 R09: 0000000000000000 [ 704.644019][T16203] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 704.644034][T16203] R13: 00007f4e07de6038 R14: 00007f4e07de5fa0 R15: 00007fffb5663da8 [ 704.644070][T16203] [ 704.910683][ C0] vkms_vblank_simulate: vblank timer overrun [ 705.394638][T16221] random: crng reseeded on system resumption [ 705.530297][T16221] Restarting kernel threads ... [ 705.567657][T16221] Done restarting kernel threads. [ 705.699620][T16229] snd_virmidi snd_virmidi.0: control 5:9:56511:IAªƒ>/Æ[k<÷ÎÇmgx­Ž¬<Ú5ºœ+-Cî°ÜYÈÝ5:0 is already present [ 705.868229][T16229] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input22 [ 706.791153][T16249] snd_virmidi snd_virmidi.0: control 5:9:56511:IAªƒ>/Æ[k<÷ÎÇmgx­Ž¬<Ú5ºœ+-Cî°ÜYÈÝ5:0 is already present [ 709.701782][T16284] openvswitch: HfR: Dropping previously announced user features [ 710.125511][T16304] FAULT_INJECTION: forcing a failure. [ 710.125511][T16304] name failslab, interval 1, probability 0, space 0, times 0 [ 710.147252][T16304] CPU: 1 UID: 0 PID: 16304 Comm: syz.0.2229 Tainted: G U syzkaller #0 PREEMPT(full) [ 710.147284][T16304] Tainted: [U]=USER [ 710.147289][T16304] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 710.147298][T16304] Call Trace: [ 710.147304][T16304] [ 710.147310][T16304] dump_stack_lvl+0x16c/0x1f0 [ 710.147336][T16304] should_fail_ex+0x512/0x640 [ 710.147358][T16304] ? fs_reclaim_acquire+0xae/0x150 [ 710.147381][T16304] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 710.147401][T16304] should_failslab+0xc2/0x120 [ 710.147421][T16304] __kmalloc_noprof+0xd2/0x510 [ 710.147443][T16304] tomoyo_realpath_from_path+0xc2/0x6e0 [ 710.147468][T16304] tomoyo_check_open_permission+0x2ab/0x3c0 [ 710.147487][T16304] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 710.147523][T16304] ? do_raw_spin_lock+0x12c/0x2b0 [ 710.147549][T16304] tomoyo_file_open+0x6b/0x90 [ 710.147564][T16304] security_file_open+0x84/0x1e0 [ 710.147584][T16304] do_dentry_open+0x596/0x1530 [ 710.147608][T16304] vfs_open+0x82/0x3f0 [ 710.147631][T16304] path_openat+0x1de4/0x2cb0 [ 710.147659][T16304] ? __pfx_path_openat+0x10/0x10 [ 710.147681][T16304] do_filp_open+0x20b/0x470 [ 710.147698][T16304] ? __pfx_do_filp_open+0x10/0x10 [ 710.147728][T16304] ? alloc_fd+0x471/0x7d0 [ 710.147749][T16304] do_sys_openat2+0x11b/0x1d0 [ 710.147769][T16304] ? __pfx_do_sys_openat2+0x10/0x10 [ 710.147792][T16304] ? __fget_files+0x20e/0x3c0 [ 710.147811][T16304] __x64_sys_openat+0x174/0x210 [ 710.147829][T16304] ? __pfx___x64_sys_openat+0x10/0x10 [ 710.147848][T16304] ? ksys_write+0x1ac/0x250 [ 710.147881][T16304] do_syscall_64+0xcd/0x4c0 [ 710.147919][T16304] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 710.147943][T16304] RIP: 0033:0x7fe9a778eec9 [ 710.147962][T16304] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 710.147984][T16304] RSP: 002b:00007fe9a869e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 710.148007][T16304] RAX: ffffffffffffffda RBX: 00007fe9a79e6090 RCX: 00007fe9a778eec9 [ 710.148024][T16304] RDX: 0000000000000400 RSI: 0000200000000200 RDI: ffffffffffffff9c [ 710.148039][T16304] RBP: 00007fe9a869e090 R08: 0000000000000000 R09: 0000000000000000 [ 710.148055][T16304] R10: 000000000000003f R11: 0000000000000246 R12: 0000000000000001 [ 710.148070][T16304] R13: 00007fe9a79e6128 R14: 00007fe9a79e6090 R15: 00007ffed535fec8 [ 710.148104][T16304] [ 710.467987][T16304] ERROR: Out of memory at tomoyo_realpath_from_path. [ 710.507247][T16307] snd_virmidi snd_virmidi.0: control 5:9:56511:IAªƒ>/Æ[k<÷ÎÇmgx­Ž¬<Ú5ºœ+-Cî°ÜYÈÝ5:0 is already present [ 710.612792][T16308] openvswitch: HfR: Dropping previously announced user features [ 710.621429][T16304] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 710.634335][T16304] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 712.678036][T11766] Bluetooth: hci3: command 0x0c1a tx timeout [ 712.678145][T12368] Bluetooth: hci2: command 0x0c1a tx timeout [ 713.798364][T16363] snd_virmidi snd_virmidi.0: control 5:9:56511:IAªƒ>/Æ[k<÷ÎÇmgx­Ž¬<Ú5ºœ+-Cî°ÜYÈÝ5:0 is already present [ 713.846029][T16365] netlink: 252 bytes leftover after parsing attributes in process `syz.2.2241'. [ 715.811824][T16388] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 715.833642][T16388] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 716.785695][T16414] FAULT_INJECTION: forcing a failure. [ 716.785695][T16414] name failslab, interval 1, probability 0, space 0, times 0 [ 716.805536][T16414] CPU: 0 UID: 0 PID: 16414 Comm: syz.0.2250 Tainted: G U syzkaller #0 PREEMPT(full) [ 716.805576][T16414] Tainted: [U]=USER [ 716.805584][T16414] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 716.805599][T16414] Call Trace: [ 716.805609][T16414] [ 716.805619][T16414] dump_stack_lvl+0x16c/0x1f0 [ 716.805663][T16414] should_fail_ex+0x512/0x640 [ 716.805698][T16414] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 716.805733][T16414] should_failslab+0xc2/0x120 [ 716.805765][T16414] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 716.805796][T16414] ? __rtnl_unlock+0x68/0xf0 [ 716.805819][T16414] ? __alloc_skb+0x2b2/0x380 [ 716.805858][T16414] __alloc_skb+0x2b2/0x380 [ 716.805892][T16414] ? __pfx___alloc_skb+0x10/0x10 [ 716.805938][T16414] ? __asan_memcpy+0x3c/0x60 [ 716.805970][T16414] ethnl_reply_init+0x45/0x210 [ 716.806008][T16414] ethnl_default_doit+0x5af/0xed0 [ 716.806042][T16414] ? __nla_parse+0x40/0x60 [ 716.806066][T16414] ? __pfx_ethnl_default_doit+0x10/0x10 [ 716.806101][T16414] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 716.806130][T16414] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 716.806166][T16414] genl_family_rcv_msg_doit+0x206/0x2f0 [ 716.806196][T16414] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 716.806224][T16414] ? genl_get_cmd+0x194/0x580 [ 716.806261][T16414] ? genl_rcv_msg+0x5dd/0x800 [ 716.806283][T16414] ? genl_rcv_msg+0x3ba/0x800 [ 716.806312][T16414] genl_rcv_msg+0x55c/0x800 [ 716.806342][T16414] ? __pfx_genl_rcv_msg+0x10/0x10 [ 716.806370][T16414] ? __pfx_ethnl_default_doit+0x10/0x10 [ 716.806419][T16414] netlink_rcv_skb+0x158/0x420 [ 716.806455][T16414] ? __pfx_genl_rcv_msg+0x10/0x10 [ 716.806484][T16414] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 716.806542][T16414] genl_rcv+0x28/0x40 [ 716.806564][T16414] netlink_unicast+0x5a7/0x870 [ 716.806603][T16414] ? __pfx_netlink_unicast+0x10/0x10 [ 716.806637][T16414] ? __pfx___might_resched+0x10/0x10 [ 716.806662][T16414] ? __lock_acquire+0xb97/0x1ce0 [ 716.806701][T16414] netlink_sendmsg+0x8d1/0xdd0 [ 716.806743][T16414] ? __pfx_netlink_sendmsg+0x10/0x10 [ 716.806783][T16414] ? aa_sock_msg_perm.constprop.0+0x100/0x1d0 [ 716.806817][T16414] ____sys_sendmsg+0xa98/0xc70 [ 716.806847][T16414] ? copy_msghdr_from_user+0x10a/0x160 [ 716.806882][T16414] ? __pfx_____sys_sendmsg+0x10/0x10 [ 716.806934][T16414] ___sys_sendmsg+0x134/0x1d0 [ 716.806972][T16414] ? __pfx____sys_sendmsg+0x10/0x10 [ 716.807054][T16414] __sys_sendmsg+0x16d/0x220 [ 716.807091][T16414] ? __pfx___sys_sendmsg+0x10/0x10 [ 716.807151][T16414] do_syscall_64+0xcd/0x4c0 [ 716.807191][T16414] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 716.807216][T16414] RIP: 0033:0x7fe9a778eec9 [ 716.807237][T16414] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 716.807262][T16414] RSP: 002b:00007fe9a867d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 716.807286][T16414] RAX: ffffffffffffffda RBX: 00007fe9a79e6180 RCX: 00007fe9a778eec9 [ 716.807304][T16414] RDX: 0000000000000010 RSI: 0000200000000100 RDI: 0000000000000007 [ 716.807319][T16414] RBP: 00007fe9a867d090 R08: 0000000000000000 R09: 0000000000000000 [ 716.807335][T16414] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 716.807351][T16414] R13: 00007fe9a79e6218 R14: 00007fe9a79e6180 R15: 00007ffed535fec8 [ 716.807386][T16414] [ 717.318941][T11766] Bluetooth: hci2: command 0x0c1a tx timeout [ 717.888127][T12368] Bluetooth: hci3: command 0x0c1a tx timeout [ 719.884249][T16465] snd_virmidi snd_virmidi.0: control 5:9:56511:IAªƒ>/Æ[k<÷ÎÇmgx­Ž¬<Ú5ºœ+-Cî°ÜYÈÝ5:0 is already present [ 720.578496][T16477] block2mtd: parameter too long [ 721.035779][T16491] FAULT_INJECTION: forcing a failure. [ 721.035779][T16491] name fail_futex, interval 1, probability 0, space 0, times 0 [ 721.096507][T16491] CPU: 1 UID: 0 PID: 16491 Comm: syz.3.2269 Tainted: G U syzkaller #0 PREEMPT(full) [ 721.096549][T16491] Tainted: [U]=USER [ 721.096556][T16491] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 721.096572][T16491] Call Trace: [ 721.096581][T16491] [ 721.096593][T16491] dump_stack_lvl+0x16c/0x1f0 [ 721.096637][T16491] should_fail_ex+0x512/0x640 [ 721.096682][T16491] get_futex_key+0x1d0/0x1560 [ 721.096721][T16491] ? __pfx_get_futex_key+0x10/0x10 [ 721.096766][T16491] futex_wake+0xea/0x530 [ 721.096799][T16491] ? rcu_is_watching+0x12/0xc0 [ 721.096837][T16491] ? __pfx_futex_wake+0x10/0x10 [ 721.096880][T16491] ? kmem_cache_free+0x2d1/0x4d0 [ 721.096913][T16491] ? fd_install+0x225/0x750 [ 721.096939][T16491] ? putname+0x154/0x1a0 [ 721.096971][T16491] do_futex+0x1e3/0x350 [ 721.097004][T16491] ? __pfx_do_futex+0x10/0x10 [ 721.097047][T16491] __x64_sys_futex+0x1e0/0x4c0 [ 721.097080][T16491] ? __x64_sys_openat+0x174/0x210 [ 721.097102][T16491] ? __pfx___x64_sys_futex+0x10/0x10 [ 721.097153][T16491] do_syscall_64+0xcd/0x4c0 [ 721.097189][T16491] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 721.097209][T16491] RIP: 0033:0x7f16e298eec9 [ 721.097225][T16491] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 721.097248][T16491] RSP: 002b:00007f16e0bf60e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 721.097274][T16491] RAX: ffffffffffffffda RBX: 00007f16e2be6188 RCX: 00007f16e298eec9 [ 721.097290][T16491] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f16e2be618c [ 721.097304][T16491] RBP: 00007f16e2be6180 R08: 00007f16e3778000 R09: 0000000000000000 [ 721.097321][T16491] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000000 [ 721.097337][T16491] R13: 00007f16e2be6218 R14: 00007ffffb8c6e20 R15: 00007ffffb8c6f08 [ 721.097371][T16491] [ 721.284706][ C1] vkms_vblank_simulate: vblank timer overrun [ 723.434462][T16527] snd_virmidi snd_virmidi.0: control 5:9:56511:IAªƒ>/Æ[k<÷ÎÇmgx­Ž¬<Ú5ºœ+-Cî°ÜYÈÝ5:0 is already present [ 723.586412][T16531] FAULT_INJECTION: forcing a failure. [ 723.586412][T16531] name failslab, interval 1, probability 0, space 0, times 0 [ 723.648251][T16531] CPU: 1 UID: 0 PID: 16531 Comm: syz.2.2278 Tainted: G U syzkaller #0 PREEMPT(full) [ 723.648296][T16531] Tainted: [U]=USER [ 723.648305][T16531] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 723.648321][T16531] Call Trace: [ 723.648331][T16531] [ 723.648342][T16531] dump_stack_lvl+0x16c/0x1f0 [ 723.648398][T16531] should_fail_ex+0x512/0x640 [ 723.648439][T16531] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 723.648473][T16531] should_failslab+0xc2/0x120 [ 723.648509][T16531] __kmalloc_cache_noprof+0x6a/0x3e0 [ 723.648539][T16531] ? binderfs_binder_device_create.isra.0+0x189/0xb10 [ 723.648586][T16531] binderfs_binder_device_create.isra.0+0x189/0xb10 [ 723.648635][T16531] binderfs_fill_super+0x8d4/0x1360 [ 723.648680][T16531] ? __pfx_binderfs_fill_super+0x10/0x10 [ 723.648747][T16531] ? shrinker_register+0x1a8/0x260 [ 723.648782][T16531] ? sget_fc+0x808/0xc20 [ 723.648810][T16531] ? apparmor_capable+0x114/0x1d0 [ 723.648837][T16531] ? __pfx_set_anon_super_fc+0x10/0x10 [ 723.648870][T16531] ? __pfx_binderfs_fill_super+0x10/0x10 [ 723.648905][T16531] get_tree_nodev+0xdd/0x190 [ 723.648938][T16531] vfs_get_tree+0x8b/0x340 [ 723.648964][T16531] vfs_cmd_create+0xd7/0x2a0 [ 723.649003][T16531] __do_sys_fsconfig+0x7b8/0xbe0 [ 723.649041][T16531] ? __pfx___do_sys_fsconfig+0x10/0x10 [ 723.649096][T16531] do_syscall_64+0xcd/0x4c0 [ 723.649139][T16531] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 723.649165][T16531] RIP: 0033:0x7f58e6d8eec9 [ 723.649188][T16531] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 723.649213][T16531] RSP: 002b:00007f58e7cc2038 EFLAGS: 00000246 ORIG_RAX: 00000000000001af [ 723.649239][T16531] RAX: ffffffffffffffda RBX: 00007f58e6fe6090 RCX: 00007f58e6d8eec9 [ 723.649258][T16531] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000009 [ 723.649275][T16531] RBP: 00007f58e6e11f91 R08: 0000000000000000 R09: 0000000000000000 [ 723.649292][T16531] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 723.649308][T16531] R13: 00007f58e6fe6128 R14: 00007f58e6fe6090 R15: 00007ffd95b3f528 [ 723.649346][T16531] [ 723.872212][ C1] vkms_vblank_simulate: vblank timer overrun [ 727.537130][T16583] netlink: 186 bytes leftover after parsing attributes in process `syz.2.2290'. [ 727.599640][T16583] netlink: 186 bytes leftover after parsing attributes in process `syz.2.2290'. [ 727.708619][T16592] sg_read: process 2209 (syz.1.2292) changed security contexts after opening file descriptor, this is not allowed. [ 728.044580][T16583] netlink: 268 bytes leftover after parsing attributes in process `syz.2.2290'. [ 728.394344][T16590] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 728.413875][T16590] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 728.521382][ T30] audit: type=1800 audit(4295000323.761:20): pid=16607 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.2296" name="features" dev="configfs" ino=62868 res=0 errno=0 [ 729.798790][T12368] Bluetooth: hci2: command 0x0c1a tx timeout [ 730.528899][T16645] netlink: 7 bytes leftover after parsing attributes in process `syz.3.2306'. [ 730.853816][T11766] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 730.864035][T11766] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 730.874897][T11766] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 730.882849][T11766] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 730.892590][T11766] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 730.949402][T14034] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 730.980884][T16654] netlink: 2468 bytes leftover after parsing attributes in process `syz.1.2307'. [ 731.027174][T16648] FAULT_INJECTION: forcing a failure. [ 731.027174][T16648] name failslab, interval 1, probability 0, space 0, times 0 [ 731.042471][T16648] CPU: 0 UID: 0 PID: 16648 Comm: syz.0.2305 Tainted: G U syzkaller #0 PREEMPT(full) [ 731.042515][T16648] Tainted: [U]=USER [ 731.042524][T16648] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 731.042541][T16648] Call Trace: [ 731.042550][T16648] [ 731.042560][T16648] dump_stack_lvl+0x16c/0x1f0 [ 731.042614][T16648] should_fail_ex+0x512/0x640 [ 731.042655][T16648] ? __kmalloc_node_noprof+0xc5/0x500 [ 731.042692][T16648] should_failslab+0xc2/0x120 [ 731.042728][T16648] __kmalloc_node_noprof+0xd8/0x500 [ 731.042762][T16648] ? blk_mq_alloc_tag_set+0x534/0x1260 [ 731.042805][T16648] blk_mq_alloc_tag_set+0x534/0x1260 [ 731.042855][T16648] loop_add+0x3b2/0xb70 [ 731.042890][T16648] ? __pfx_loop_add+0x10/0x10 [ 731.042943][T16648] ? find_held_lock+0x2b/0x80 [ 731.042975][T16648] loop_control_ioctl+0x13e/0x630 [ 731.043009][T16648] ? __pfx_loop_control_ioctl+0x10/0x10 [ 731.043048][T16648] ? __pfx_loop_control_ioctl+0x10/0x10 [ 731.043083][T16648] __x64_sys_ioctl+0x18e/0x210 [ 731.043128][T16648] do_syscall_64+0xcd/0x4c0 [ 731.043170][T16648] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 731.043197][T16648] RIP: 0033:0x7fe9a778eec9 [ 731.043219][T16648] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 731.043244][T16648] RSP: 002b:00007fe9a869e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 731.043269][T16648] RAX: ffffffffffffffda RBX: 00007fe9a79e6090 RCX: 00007fe9a778eec9 [ 731.043288][T16648] RDX: fffffffffffffffd RSI: 0000000000004c80 RDI: 0000000000000008 [ 731.043307][T16648] RBP: 00007fe9a7811f91 R08: 0000000000000000 R09: 0000000000000000 [ 731.043324][T16648] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 731.043340][T16648] R13: 00007fe9a79e6128 R14: 00007fe9a79e6090 R15: 00007ffed535fec8 [ 731.043376][T16648] [ 731.296109][T14034] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 731.376964][T14034] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 731.581170][T14034] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 731.629044][T16660] FAULT_INJECTION: forcing a failure. [ 731.629044][T16660] name failslab, interval 1, probability 0, space 0, times 0 [ 731.643497][T16660] CPU: 0 UID: 0 PID: 16660 Comm: syz.1.2309 Tainted: G U syzkaller #0 PREEMPT(full) [ 731.643540][T16660] Tainted: [U]=USER [ 731.643546][T16660] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 731.643556][T16660] Call Trace: [ 731.643562][T16660] [ 731.643568][T16660] dump_stack_lvl+0x16c/0x1f0 [ 731.643595][T16660] should_fail_ex+0x512/0x640 [ 731.643617][T16660] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 731.643638][T16660] should_failslab+0xc2/0x120 [ 731.643657][T16660] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 731.643675][T16660] ? __alloc_skb+0x2b2/0x380 [ 731.643698][T16660] __alloc_skb+0x2b2/0x380 [ 731.643717][T16660] ? __pfx___alloc_skb+0x10/0x10 [ 731.643740][T16660] ? __pfx___register_sysctl_table+0x10/0x10 [ 731.643761][T16660] ? is_module_address+0x69/0xf0 [ 731.643784][T16660] inet_netconf_notify_devconf+0x8b/0x1f0 [ 731.643802][T16660] __devinet_sysctl_register+0x227/0x360 [ 731.643820][T16660] ? __pfx___devinet_sysctl_register+0x10/0x10 [ 731.643838][T16660] ? devinet_init_net+0xeb/0x910 [ 731.643853][T16660] ? __asan_memcpy+0x3c/0x60 [ 731.643869][T16660] devinet_init_net+0x347/0x910 [ 731.643885][T16660] ? __pfx_devinet_init_net+0x10/0x10 [ 731.643900][T16660] ops_init+0x1e2/0x5f0 [ 731.643923][T16660] setup_net+0x10f/0x380 [ 731.643934][T16660] ? lockdep_init_map_type+0x5c/0x280 [ 731.643955][T16660] ? __pfx_setup_net+0x10/0x10 [ 731.643969][T16660] ? debug_mutex_init+0x37/0x70 [ 731.643985][T16660] copy_net_ns+0x2a6/0x5f0 [ 731.644002][T16660] create_new_namespaces+0x3ea/0xa90 [ 731.644023][T16660] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 731.644041][T16660] ksys_unshare+0x45b/0xa40 [ 731.644061][T16660] ? __pfx_ksys_unshare+0x10/0x10 [ 731.644080][T16660] ? xfd_validate_state+0x61/0x180 [ 731.644106][T16660] __x64_sys_unshare+0x31/0x40 [ 731.644125][T16660] do_syscall_64+0xcd/0x4c0 [ 731.644148][T16660] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 731.644163][T16660] RIP: 0033:0x7f4e07b8eec9 [ 731.644176][T16660] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 731.644191][T16660] RSP: 002b:00007f4e08aee038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 731.644205][T16660] RAX: ffffffffffffffda RBX: 00007f4e07de5fa0 RCX: 00007f4e07b8eec9 [ 731.644216][T16660] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 731.644224][T16660] RBP: 00007f4e07c11f91 R08: 0000000000000000 R09: 0000000000000000 [ 731.644234][T16660] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 731.644243][T16660] R13: 00007f4e07de6038 R14: 00007f4e07de5fa0 R15: 00007fffb5663da8 [ 731.644262][T16660] [ 731.993162][T16650] chnl_net:caif_netlink_parms(): no params data found [ 732.364204][T16650] bridge0: port 1(bridge_slave_0) entered blocking state [ 732.385513][T16650] bridge0: port 1(bridge_slave_0) entered disabled state [ 732.398291][T16650] bridge_slave_0: entered allmulticast mode [ 732.413950][T16650] bridge_slave_0: entered promiscuous mode [ 732.463831][T16650] bridge0: port 2(bridge_slave_1) entered blocking state [ 732.473125][T16650] bridge0: port 2(bridge_slave_1) entered disabled state [ 732.482611][T16650] bridge_slave_1: entered allmulticast mode [ 732.504685][T16650] bridge_slave_1: entered promiscuous mode [ 732.698991][T16650] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 732.731430][T16650] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 732.782299][T16650] team0: Port device team_slave_0 added [ 732.795965][T16650] team0: Port device team_slave_1 added [ 732.843629][T16650] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 732.964221][T16650] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 732.990189][ C1] vkms_vblank_simulate: vblank timer overrun [ 732.996434][T16650] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 732.998138][T11766] Bluetooth: hci3: command tx timeout [ 733.010178][T16650] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 733.020559][T16650] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 733.047997][T16650] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 733.206633][T16650] hsr_slave_0: entered promiscuous mode [ 733.215350][T16650] hsr_slave_1: entered promiscuous mode [ 733.226276][T16650] debugfs: 'hsr0' already exists in 'hsr' [ 733.233329][T16650] Cannot create hsr debugfs directory [ 735.078220][T11766] Bluetooth: hci3: command tx timeout [ 737.158551][T11766] Bluetooth: hci3: command tx timeout [ 738.645276][T16736] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2326'. [ 739.238767][T11766] Bluetooth: hci3: command tx timeout [ 740.470925][T16760] vhci_hcd: not connected 4 [ 740.558480][T16760] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 740.565608][T16760] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 740.573820][T16760] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 740.585654][T16760] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 741.362307][T16764] snd_virmidi snd_virmidi.0: control 5:9:56511:IAªƒ>/Æ[k<÷ÎÇmgx­Ž¬<Ú5ºœ+-Cî°ÜYÈÝ5:0 is already present [ 742.598187][T12368] Bluetooth: hci2: command 0x0c1a tx timeout [ 742.604290][T11766] Bluetooth: hci3: command 0x0c1a tx timeout [ 744.678355][T11766] Bluetooth: hci3: command 0x0c1a tx timeout [ 746.007541][T12368] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 746.019932][T12368] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 746.029152][T12368] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 746.038620][T12368] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 746.046330][T12368] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 746.186705][T16783] FAULT_INJECTION: forcing a failure. [ 746.186705][T16783] name failslab, interval 1, probability 0, space 0, times 0 [ 746.206130][T16783] CPU: 0 UID: 0 PID: 16783 Comm: syz.1.2337 Tainted: G U syzkaller #0 PREEMPT(full) [ 746.206165][T16783] Tainted: [U]=USER [ 746.206172][T16783] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 746.206186][T16783] Call Trace: [ 746.206195][T16783] [ 746.206205][T16783] dump_stack_lvl+0x16c/0x1f0 [ 746.206246][T16783] should_fail_ex+0x512/0x640 [ 746.206282][T16783] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 746.206310][T16783] should_failslab+0xc2/0x120 [ 746.206342][T16783] __kmalloc_cache_noprof+0x6a/0x3e0 [ 746.206369][T16783] ? snd_seq_port_connect+0x61/0x580 [ 746.206407][T16783] snd_seq_port_connect+0x61/0x580 [ 746.206431][T16783] ? _raw_read_unlock+0x28/0x50 [ 746.206464][T16783] ? check_subscription_permission.isra.0+0xf5/0x240 [ 746.206495][T16783] snd_seq_ioctl_subscribe_port+0x211/0x450 [ 746.206527][T16783] ? __pfx_snd_seq_ioctl_subscribe_port+0x10/0x10 [ 746.206567][T16783] snd_seq_kernel_client_ctl+0x10a/0x1c0 [ 746.206596][T16783] snd_seq_oss_midi_open+0x442/0x660 [ 746.206630][T16783] ? __pfx_snd_seq_oss_midi_open+0x10/0x10 [ 746.206685][T16783] snd_seq_oss_midi_open_all+0x91/0xe0 [ 746.206721][T16783] snd_seq_oss_open+0x810/0xa20 [ 746.206754][T16783] odev_open+0x6f/0x90 [ 746.206774][T16783] ? __pfx_odev_open+0x10/0x10 [ 746.206797][T16783] soundcore_open+0x40c/0x580 [ 746.206838][T16783] ? __pfx_soundcore_open+0x10/0x10 [ 746.206874][T16783] chrdev_open+0x234/0x6a0 [ 746.206905][T16783] ? __pfx_apparmor_file_open+0x10/0x10 [ 746.206934][T16783] ? __pfx_chrdev_open+0x10/0x10 [ 746.206968][T16783] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 746.207005][T16783] do_dentry_open+0x982/0x1530 [ 746.207036][T16783] ? __pfx_chrdev_open+0x10/0x10 [ 746.207074][T16783] vfs_open+0x82/0x3f0 [ 746.207114][T16783] path_openat+0x1de4/0x2cb0 [ 746.207155][T16783] ? __pfx_path_openat+0x10/0x10 [ 746.207194][T16783] do_filp_open+0x20b/0x470 [ 746.207225][T16783] ? __pfx_do_filp_open+0x10/0x10 [ 746.207281][T16783] ? alloc_fd+0x471/0x7d0 [ 746.207319][T16783] do_sys_openat2+0x11b/0x1d0 [ 746.207355][T16783] ? __pfx_do_sys_openat2+0x10/0x10 [ 746.207395][T16783] ? __fget_files+0x20e/0x3c0 [ 746.207434][T16783] __x64_sys_openat+0x174/0x210 [ 746.207458][T16783] ? __pfx___x64_sys_openat+0x10/0x10 [ 746.207479][T16783] ? ksys_write+0x1ac/0x250 [ 746.207522][T16783] do_syscall_64+0xcd/0x4c0 [ 746.207561][T16783] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 746.207587][T16783] RIP: 0033:0x7f4e07b8eec9 [ 746.207608][T16783] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 746.207632][T16783] RSP: 002b:00007f4e08aee038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 746.207655][T16783] RAX: ffffffffffffffda RBX: 00007f4e07de5fa0 RCX: 00007f4e07b8eec9 [ 746.207669][T16783] RDX: 0000000000000042 RSI: 0000200000000140 RDI: ffffffffffffff9c [ 746.207681][T16783] RBP: 00007f4e08aee090 R08: 0000000000000000 R09: 0000000000000000 [ 746.207696][T16783] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 746.207711][T16783] R13: 00007f4e07de6038 R14: 00007f4e07de5fa0 R15: 00007fffb5663da8 [ 746.207747][T16783] [ 746.560466][T16779] chnl_net:caif_netlink_parms(): no params data found [ 746.680016][T16779] bridge0: port 1(bridge_slave_0) entered blocking state [ 746.687210][T16779] bridge0: port 1(bridge_slave_0) entered disabled state [ 746.699405][T16779] bridge_slave_0: entered allmulticast mode [ 746.706512][T16779] bridge_slave_0: entered promiscuous mode [ 746.717111][T16779] bridge0: port 2(bridge_slave_1) entered blocking state [ 746.725034][T16779] bridge0: port 2(bridge_slave_1) entered disabled state [ 746.733780][T16779] bridge_slave_1: entered allmulticast mode [ 746.741668][T16779] bridge_slave_1: entered promiscuous mode [ 746.758826][T12368] Bluetooth: hci3: command 0x0c1a tx timeout [ 746.791630][T16779] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 746.804522][T16779] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 746.837606][T16779] team0: Port device team_slave_0 added [ 746.853643][T16779] team0: Port device team_slave_1 added [ 746.975906][T16779] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 746.982992][T16779] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 747.010446][T16779] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 747.046762][T16779] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 747.056265][T16779] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 747.085121][T16779] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 747.229937][T16779] hsr_slave_0: entered promiscuous mode [ 747.237409][T16779] hsr_slave_1: entered promiscuous mode [ 747.243840][T16779] debugfs: 'hsr0' already exists in 'hsr' [ 747.249659][T16779] Cannot create hsr debugfs directory [ 747.482118][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 747.488529][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 747.981958][T16802] FAULT_INJECTION: forcing a failure. [ 747.981958][T16802] name failslab, interval 1, probability 0, space 0, times 0 [ 747.994689][T16802] CPU: 1 UID: 0 PID: 16802 Comm: syz.1.2340 Tainted: G U syzkaller #0 PREEMPT(full) [ 747.994726][T16802] Tainted: [U]=USER [ 747.994733][T16802] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 747.994747][T16802] Call Trace: [ 747.994758][T16802] [ 747.994766][T16802] dump_stack_lvl+0x16c/0x1f0 [ 747.994792][T16802] should_fail_ex+0x512/0x640 [ 747.994814][T16802] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 747.994834][T16802] should_failslab+0xc2/0x120 [ 747.994853][T16802] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 747.994870][T16802] ? __alloc_skb+0x2b2/0x380 [ 747.994893][T16802] __alloc_skb+0x2b2/0x380 [ 747.994911][T16802] ? __pfx___alloc_skb+0x10/0x10 [ 747.994934][T16802] ? find_held_lock+0x2b/0x80 [ 747.994950][T16802] __ip6_append_data+0x2b74/0x4750 [ 747.994982][T16802] ? __pfx_raw6_getfrag+0x10/0x10 [ 747.995007][T16802] ? __pfx___ip6_append_data+0x10/0x10 [ 747.995026][T16802] ? __pfx_ip6_mtu+0x10/0x10 [ 747.995041][T16802] ? ip6_setup_cork+0xc51/0x1530 [ 747.995066][T16802] ip6_append_data+0x1bd/0x4c0 [ 747.995085][T16802] ? __pfx_raw6_getfrag+0x10/0x10 [ 747.995104][T16802] rawv6_sendmsg+0x163d/0x4820 [ 747.995121][T16802] ? aa_label_sk_perm+0x195/0x600 [ 747.995139][T16802] ? up_write+0x1b2/0x520 [ 747.995161][T16802] ? aa_profile_af_perm+0x340/0x3a0 [ 747.995181][T16802] ? __pfx_rawv6_sendmsg+0x10/0x10 [ 747.995196][T16802] ? __lock_acquire+0x62e/0x1ce0 [ 747.995220][T16802] ? __lock_acquire+0x62e/0x1ce0 [ 747.995259][T16802] ? __pfx_rawv6_sendmsg+0x10/0x10 [ 747.995277][T16802] ? inet_sendmsg+0x11c/0x140 [ 747.995292][T16802] inet_sendmsg+0x11c/0x140 [ 747.995310][T16802] ____sys_sendmsg+0x973/0xc70 [ 747.995327][T16802] ? copy_msghdr_from_user+0x10a/0x160 [ 747.995348][T16802] ? __pfx_____sys_sendmsg+0x10/0x10 [ 747.995366][T16802] ? kfree+0x24f/0x4d0 [ 747.995378][T16802] ? __pfx__kstrtoull+0x10/0x10 [ 747.995400][T16802] ___sys_sendmsg+0x134/0x1d0 [ 747.995421][T16802] ? __pfx____sys_sendmsg+0x10/0x10 [ 747.995459][T16802] ? __pfx___might_resched+0x10/0x10 [ 747.995478][T16802] __sys_sendmmsg+0x200/0x420 [ 747.995501][T16802] ? __pfx___sys_sendmmsg+0x10/0x10 [ 747.995528][T16802] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 747.995557][T16802] ? fput+0x9b/0xd0 [ 747.995577][T16802] ? ksys_write+0x1ac/0x250 [ 747.995593][T16802] ? __pfx_ksys_write+0x10/0x10 [ 747.995612][T16802] __x64_sys_sendmmsg+0x9c/0x100 [ 747.995632][T16802] ? lockdep_hardirqs_on+0x7c/0x110 [ 747.995653][T16802] do_syscall_64+0xcd/0x4c0 [ 747.995676][T16802] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 747.995692][T16802] RIP: 0033:0x7f4e07b8eec9 [ 747.995705][T16802] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 747.995719][T16802] RSP: 002b:00007f4e08acd038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 747.995733][T16802] RAX: ffffffffffffffda RBX: 00007f4e07de6090 RCX: 00007f4e07b8eec9 [ 747.995743][T16802] RDX: 00000000000009a6 RSI: 0000000000000000 RDI: 0000000000000003 [ 747.995751][T16802] RBP: 00007f4e08acd090 R08: 0000000000000000 R09: 0000000000000000 [ 747.995760][T16802] R10: 0000000007000000 R11: 0000000000000246 R12: 0000000000000002 [ 747.995768][T16802] R13: 00007f4e07de6128 R14: 00007f4e07de6090 R15: 00007fffb5663da8 [ 747.995786][T16802] [ 748.322352][T12368] Bluetooth: hci4: command tx timeout [ 748.889196][T16806] FAULT_INJECTION: forcing a failure. [ 748.889196][T16806] name failslab, interval 1, probability 0, space 0, times 0 [ 748.902649][T16806] CPU: 1 UID: 0 PID: 16806 Comm: syz.1.2341 Tainted: G U syzkaller #0 PREEMPT(full) [ 748.902693][T16806] Tainted: [U]=USER [ 748.902702][T16806] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 748.902719][T16806] Call Trace: [ 748.902729][T16806] [ 748.902739][T16806] dump_stack_lvl+0x16c/0x1f0 [ 748.902786][T16806] should_fail_ex+0x512/0x640 [ 748.902825][T16806] ? __kmalloc_node_track_caller_noprof+0xc3/0x510 [ 748.902864][T16806] should_failslab+0xc2/0x120 [ 748.902900][T16806] __kmalloc_node_track_caller_noprof+0xd6/0x510 [ 748.902934][T16806] ? lockdep_hardirqs_on+0x7c/0x110 [ 748.902971][T16806] ? fib_notifier_ops_register+0x32/0x270 [ 748.903017][T16806] kmemdup_noprof+0x29/0x60 [ 748.903050][T16806] fib_notifier_ops_register+0x32/0x270 [ 748.903106][T16806] fib4_notifier_init+0x4f/0xd0 [ 748.903148][T16806] fib_net_init+0xbf/0x3f0 [ 748.903172][T16806] ? __pfx___register_sysctl_table+0x10/0x10 [ 748.903213][T16806] ? __pfx_fib_net_init+0x10/0x10 [ 748.903238][T16806] ? lockdep_init_map_type+0x5c/0x280 [ 748.903276][T16806] ? do_init_timer+0xc9/0x110 [ 748.903309][T16806] ? devinet_init_net+0x5c2/0x910 [ 748.903341][T16806] ? __pfx_fib_net_init+0x10/0x10 [ 748.903365][T16806] ops_init+0x1e2/0x5f0 [ 748.903409][T16806] setup_net+0x10f/0x380 [ 748.903430][T16806] ? lockdep_init_map_type+0x5c/0x280 [ 748.903467][T16806] ? __pfx_setup_net+0x10/0x10 [ 748.903493][T16806] ? debug_mutex_init+0x37/0x70 [ 748.903524][T16806] copy_net_ns+0x2a6/0x5f0 [ 748.903555][T16806] create_new_namespaces+0x3ea/0xa90 [ 748.903596][T16806] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 748.903631][T16806] ksys_unshare+0x45b/0xa40 [ 748.903669][T16806] ? __pfx_ksys_unshare+0x10/0x10 [ 748.903719][T16806] __x64_sys_unshare+0x31/0x40 [ 748.903751][T16806] do_syscall_64+0xcd/0x4c0 [ 748.903791][T16806] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 748.903817][T16806] RIP: 0033:0x7f4e07b8eec9 [ 748.903839][T16806] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 748.903863][T16806] RSP: 002b:00007f4e08aee038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 748.903888][T16806] RAX: ffffffffffffffda RBX: 00007f4e07de5fa0 RCX: 00007f4e07b8eec9 [ 748.903905][T16806] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 748.903920][T16806] RBP: 00007f4e07c11f91 R08: 0000000000000000 R09: 0000000000000000 [ 748.903936][T16806] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 748.903952][T16806] R13: 00007f4e07de6038 R14: 00007f4e07de5fa0 R15: 00007fffb5663da8 [ 748.903987][T16806] [ 750.358374][T12368] Bluetooth: hci4: command tx timeout [ 750.760212][T16812] kexec: Could not allocate control_code_buffer [ 750.944415][T16816] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2343'. [ 751.358888][T16820] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 751.365009][T16820] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 751.374207][T16820] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 751.380519][T16820] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 751.393781][T16820] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 752.998426][T16828] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 753.004540][T16828] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 753.010750][T16828] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 754.595963][T11766] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 754.616892][T11766] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 754.640125][T11766] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 754.648220][T11766] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 754.657041][T11766] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 754.975698][T16837] chnl_net:caif_netlink_parms(): no params data found [ 755.064252][T16837] bridge0: port 1(bridge_slave_0) entered blocking state [ 755.079001][T12119] Bluetooth: hci2: command 0x0c1a tx timeout [ 755.085037][T12368] Bluetooth: hci3: command 0x0c1a tx timeout [ 755.091316][T11766] Bluetooth: hci4: command 0x0419 tx timeout [ 755.110573][T16837] bridge0: port 1(bridge_slave_0) entered disabled state [ 755.117767][T16837] bridge_slave_0: entered allmulticast mode [ 755.134258][T16837] bridge_slave_0: entered promiscuous mode [ 755.158362][T16837] bridge0: port 2(bridge_slave_1) entered blocking state [ 755.165449][T16837] bridge0: port 2(bridge_slave_1) entered disabled state [ 755.192014][T16837] bridge_slave_1: entered allmulticast mode [ 755.210914][T16837] bridge_slave_1: entered promiscuous mode [ 755.256649][T16837] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 755.290314][T16837] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 755.378612][T16837] team0: Port device team_slave_0 added [ 755.390722][T16837] team0: Port device team_slave_1 added [ 755.443388][T16837] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 755.455701][T16837] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 755.698125][T16837] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 755.711339][T16837] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 755.718864][T16837] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 755.745230][T16837] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 755.900195][T16837] hsr_slave_0: entered promiscuous mode [ 755.914914][T16837] hsr_slave_1: entered promiscuous mode [ 755.922089][T16837] debugfs: 'hsr0' already exists in 'hsr' [ 755.929211][T16837] Cannot create hsr debugfs directory [ 756.758347][T12368] Bluetooth: hci5: command tx timeout [ 757.158397][T12368] Bluetooth: hci4: command 0x0419 tx timeout [ 758.359855][T16875] FAULT_INJECTION: forcing a failure. [ 758.359855][T16875] name failslab, interval 1, probability 0, space 0, times 0 [ 758.372647][T16875] CPU: 1 UID: 0 PID: 16875 Comm: syz.1.2354 Tainted: G U syzkaller #0 PREEMPT(full) [ 758.372686][T16875] Tainted: [U]=USER [ 758.372691][T16875] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 758.372701][T16875] Call Trace: [ 758.372708][T16875] [ 758.372715][T16875] dump_stack_lvl+0x16c/0x1f0 [ 758.372757][T16875] should_fail_ex+0x512/0x640 [ 758.372782][T16875] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 758.372809][T16875] should_failslab+0xc2/0x120 [ 758.372833][T16875] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 758.372852][T16875] ? sock_alloc_inode+0x25/0x1c0 [ 758.372871][T16875] ? __pfx_sock_alloc_inode+0x10/0x10 [ 758.372885][T16875] sock_alloc_inode+0x25/0x1c0 [ 758.372900][T16875] alloc_inode+0x64/0x240 [ 758.372920][T16875] sock_alloc+0x40/0x280 [ 758.372938][T16875] sock_create_lite+0x82/0x120 [ 758.372953][T16875] __netlink_kernel_create+0xbd/0x750 [ 758.372980][T16875] ? trace_kmalloc+0x2b/0xd0 [ 758.372998][T16875] ? __kvmalloc_node_noprof+0x298/0x620 [ 758.373015][T16875] ? __pfx___netlink_kernel_create+0x10/0x10 [ 758.373036][T16875] ? fib4_semantics_init+0x25/0x100 [ 758.373061][T16875] fib_net_init+0x26d/0x3f0 [ 758.373074][T16875] ? __pfx___register_sysctl_table+0x10/0x10 [ 758.373096][T16875] ? __pfx_fib_net_init+0x10/0x10 [ 758.373109][T16875] ? lockdep_init_map_type+0x5c/0x280 [ 758.373129][T16875] ? __pfx_nl_fib_input+0x10/0x10 [ 758.373145][T16875] ? devinet_init_net+0x5c2/0x910 [ 758.373163][T16875] ? __pfx_fib_net_init+0x10/0x10 [ 758.373176][T16875] ops_init+0x1e2/0x5f0 [ 758.373200][T16875] setup_net+0x10f/0x380 [ 758.373211][T16875] ? lockdep_init_map_type+0x5c/0x280 [ 758.373231][T16875] ? __pfx_setup_net+0x10/0x10 [ 758.373245][T16875] ? debug_mutex_init+0x37/0x70 [ 758.373261][T16875] copy_net_ns+0x2a6/0x5f0 [ 758.373278][T16875] create_new_namespaces+0x3ea/0xa90 [ 758.373299][T16875] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 758.373318][T16875] ksys_unshare+0x45b/0xa40 [ 758.373337][T16875] ? __pfx_ksys_unshare+0x10/0x10 [ 758.373363][T16875] __x64_sys_unshare+0x31/0x40 [ 758.373382][T16875] do_syscall_64+0xcd/0x4c0 [ 758.373405][T16875] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 758.373421][T16875] RIP: 0033:0x7f4e07b8eec9 [ 758.373435][T16875] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 758.373450][T16875] RSP: 002b:00007f4e08aee038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 758.373464][T16875] RAX: ffffffffffffffda RBX: 00007f4e07de5fa0 RCX: 00007f4e07b8eec9 [ 758.373474][T16875] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 758.373484][T16875] RBP: 00007f4e07c11f91 R08: 0000000000000000 R09: 0000000000000000 [ 758.373493][T16875] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 758.373501][T16875] R13: 00007f4e07de6038 R14: 00007f4e07de5fa0 R15: 00007fffb5663da8 [ 758.373521][T16875] [ 758.838459][T12368] Bluetooth: hci5: command tx timeout [ 759.193646][T16881] FAULT_INJECTION: forcing a failure. [ 759.193646][T16881] name failslab, interval 1, probability 0, space 0, times 0 [ 759.209657][T16881] CPU: 1 UID: 0 PID: 16881 Comm: syz.1.2356 Tainted: G U syzkaller #0 PREEMPT(full) [ 759.209700][T16881] Tainted: [U]=USER [ 759.209710][T16881] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 759.209727][T16881] Call Trace: [ 759.209737][T16881] [ 759.209748][T16881] dump_stack_lvl+0x16c/0x1f0 [ 759.209793][T16881] should_fail_ex+0x512/0x640 [ 759.209831][T16881] ? __kmalloc_noprof+0xbf/0x510 [ 759.209866][T16881] ? __register_sysctl_table+0xb3/0x1900 [ 759.209904][T16881] should_failslab+0xc2/0x120 [ 759.209938][T16881] __kmalloc_noprof+0xd2/0x510 [ 759.209976][T16881] __register_sysctl_table+0xb3/0x1900 [ 759.210015][T16881] ? is_module_address+0x5f/0xf0 [ 759.210065][T16881] ? __pfx___register_sysctl_table+0x10/0x10 [ 759.210103][T16881] ? is_module_address+0x69/0xf0 [ 759.210138][T16881] ? register_net_sysctl_sz+0x228/0x3e0 [ 759.210167][T16881] ? __asan_memcpy+0x3c/0x60 [ 759.210198][T16881] devinet_init_net+0x378/0x910 [ 759.210229][T16881] ? __pfx_devinet_init_net+0x10/0x10 [ 759.210256][T16881] ops_init+0x1e2/0x5f0 [ 759.210299][T16881] setup_net+0x10f/0x380 [ 759.210319][T16881] ? lockdep_init_map_type+0x5c/0x280 [ 759.210356][T16881] ? __pfx_setup_net+0x10/0x10 [ 759.210383][T16881] ? debug_mutex_init+0x37/0x70 [ 759.210414][T16881] copy_net_ns+0x2a6/0x5f0 [ 759.210445][T16881] create_new_namespaces+0x3ea/0xa90 [ 759.210484][T16881] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 759.210519][T16881] ksys_unshare+0x45b/0xa40 [ 759.210555][T16881] ? __pfx_ksys_unshare+0x10/0x10 [ 759.210591][T16881] ? xfd_validate_state+0x61/0x180 [ 759.210638][T16881] __x64_sys_unshare+0x31/0x40 [ 759.210673][T16881] do_syscall_64+0xcd/0x4c0 [ 759.210716][T16881] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 759.210743][T16881] RIP: 0033:0x7f4e07b8eec9 [ 759.210766][T16881] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 759.210792][T16881] RSP: 002b:00007f4e08aee038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 759.210819][T16881] RAX: ffffffffffffffda RBX: 00007f4e07de5fa0 RCX: 00007f4e07b8eec9 [ 759.210839][T16881] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 759.210856][T16881] RBP: 00007f4e07c11f91 R08: 0000000000000000 R09: 0000000000000000 [ 759.210874][T16881] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 759.210891][T16881] R13: 00007f4e07de6038 R14: 00007f4e07de5fa0 R15: 00007fffb5663da8 [ 759.210930][T16881] [ 759.240067][T12368] Bluetooth: hci4: command 0x0419 tx timeout [ 760.918409][T12368] Bluetooth: hci5: command tx timeout [ 761.558114][T12368] Bluetooth: hci4: command 0x0419 tx timeout [ 762.986289][T16905] FAULT_INJECTION: forcing a failure. [ 762.986289][T16905] name failslab, interval 1, probability 0, space 0, times 0 [ 762.998792][T12368] Bluetooth: hci5: command tx timeout [ 763.019146][T16905] CPU: 0 UID: 0 PID: 16905 Comm: syz.1.2361 Tainted: G U syzkaller #0 PREEMPT(full) [ 763.019188][T16905] Tainted: [U]=USER [ 763.019197][T16905] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 763.019214][T16905] Call Trace: [ 763.019225][T16905] [ 763.019236][T16905] dump_stack_lvl+0x16c/0x1f0 [ 763.019281][T16905] should_fail_ex+0x512/0x640 [ 763.019322][T16905] ? __kmalloc_noprof+0xbf/0x510 [ 763.019356][T16905] ? __register_sysctl_table+0xb3/0x1900 [ 763.019393][T16905] should_failslab+0xc2/0x120 [ 763.019434][T16905] __kmalloc_noprof+0xd2/0x510 [ 763.019475][T16905] __register_sysctl_table+0xb3/0x1900 [ 763.019516][T16905] ? is_module_address+0x5f/0xf0 [ 763.019559][T16905] ? __pfx___register_sysctl_table+0x10/0x10 [ 763.019596][T16905] ? is_module_address+0x69/0xf0 [ 763.019631][T16905] ? register_net_sysctl_sz+0x228/0x3e0 [ 763.019660][T16905] ? __asan_memcpy+0x3c/0x60 [ 763.019691][T16905] devinet_init_net+0x378/0x910 [ 763.019723][T16905] ? __pfx_devinet_init_net+0x10/0x10 [ 763.019751][T16905] ops_init+0x1e2/0x5f0 [ 763.019796][T16905] setup_net+0x10f/0x380 [ 763.019818][T16905] ? lockdep_init_map_type+0x5c/0x280 [ 763.019855][T16905] ? __pfx_setup_net+0x10/0x10 [ 763.019882][T16905] ? debug_mutex_init+0x37/0x70 [ 763.019914][T16905] copy_net_ns+0x2a6/0x5f0 [ 763.019946][T16905] create_new_namespaces+0x3ea/0xa90 [ 763.019986][T16905] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 763.020021][T16905] ksys_unshare+0x45b/0xa40 [ 763.020056][T16905] ? __pfx_ksys_unshare+0x10/0x10 [ 763.020106][T16905] __x64_sys_unshare+0x31/0x40 [ 763.020141][T16905] do_syscall_64+0xcd/0x4c0 [ 763.020183][T16905] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 763.020210][T16905] RIP: 0033:0x7f4e07b8eec9 [ 763.020232][T16905] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 763.020259][T16905] RSP: 002b:00007f4e08aee038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 763.020285][T16905] RAX: ffffffffffffffda RBX: 00007f4e07de5fa0 RCX: 00007f4e07b8eec9 [ 763.020304][T16905] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 763.020321][T16905] RBP: 00007f4e07c11f91 R08: 0000000000000000 R09: 0000000000000000 [ 763.020337][T16905] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 763.020355][T16905] R13: 00007f4e07de6038 R14: 00007f4e07de5fa0 R15: 00007fffb5663da8 [ 763.020392][T16905] [ 766.599026][T16917] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 766.605685][T16917] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 766.612288][T16917] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 766.618977][T16917] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 766.624969][T16917] Bluetooth: hci5: Opcode 0x0406 failed: -4 [ 766.633734][T16917] Bluetooth: hci5: Opcode 0x0406 failed: -4 [ 768.690677][T11766] Bluetooth: hci4: command 0x0419 tx timeout [ 768.697741][T12119] Bluetooth: hci3: command 0x0c1a tx timeout [ 768.703881][T12368] Bluetooth: hci5: command 0x0c1a tx timeout [ 768.712678][T11766] Bluetooth: hci2: command 0x0c1a tx timeout [ 770.813581][T11766] Bluetooth: hci5: command 0x0c1a tx timeout [ 770.957132][T16952] FAULT_INJECTION: forcing a failure. [ 770.957132][T16952] name failslab, interval 1, probability 0, space 0, times 0 [ 770.970135][T16952] CPU: 1 UID: 0 PID: 16952 Comm: syz.1.2370 Tainted: G U syzkaller #0 PREEMPT(full) [ 770.970160][T16952] Tainted: [U]=USER [ 770.970165][T16952] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 770.970175][T16952] Call Trace: [ 770.970181][T16952] [ 770.970187][T16952] dump_stack_lvl+0x16c/0x1f0 [ 770.970215][T16952] should_fail_ex+0x512/0x640 [ 770.970237][T16952] ? __kmalloc_node_track_caller_noprof+0xc3/0x510 [ 770.970260][T16952] should_failslab+0xc2/0x120 [ 770.970279][T16952] __kmalloc_node_track_caller_noprof+0xd6/0x510 [ 770.970297][T16952] ? nlmsg_notify+0xac/0x220 [ 770.970317][T16952] ? nlmsg_notify+0x11e/0x220 [ 770.970337][T16952] ? __devinet_sysctl_register+0xbc/0x360 [ 770.970356][T16952] kmemdup_noprof+0x29/0x60 [ 770.970373][T16952] __devinet_sysctl_register+0xbc/0x360 [ 770.970391][T16952] ? __pfx___devinet_sysctl_register+0x10/0x10 [ 770.970409][T16952] ? devinet_init_net+0xeb/0x910 [ 770.970423][T16952] ? __asan_memcpy+0x3c/0x60 [ 770.970440][T16952] devinet_init_net+0x347/0x910 [ 770.970455][T16952] ? __pfx_devinet_init_net+0x10/0x10 [ 770.970470][T16952] ops_init+0x1e2/0x5f0 [ 770.970494][T16952] setup_net+0x10f/0x380 [ 770.970505][T16952] ? lockdep_init_map_type+0x5c/0x280 [ 770.970525][T16952] ? __pfx_setup_net+0x10/0x10 [ 770.970539][T16952] ? debug_mutex_init+0x37/0x70 [ 770.970555][T16952] copy_net_ns+0x2a6/0x5f0 [ 770.970572][T16952] create_new_namespaces+0x3ea/0xa90 [ 770.970593][T16952] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 770.970611][T16952] ksys_unshare+0x45b/0xa40 [ 770.970631][T16952] ? __pfx_ksys_unshare+0x10/0x10 [ 770.970650][T16952] ? xfd_validate_state+0x61/0x180 [ 770.970687][T16952] __x64_sys_unshare+0x31/0x40 [ 770.970707][T16952] do_syscall_64+0xcd/0x4c0 [ 770.970731][T16952] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 770.970747][T16952] RIP: 0033:0x7f4e07b8eec9 [ 770.970760][T16952] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 770.970774][T16952] RSP: 002b:00007f4e08aee038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 770.970788][T16952] RAX: ffffffffffffffda RBX: 00007f4e07de5fa0 RCX: 00007f4e07b8eec9 [ 770.970798][T16952] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 770.970807][T16952] RBP: 00007f4e07c11f91 R08: 0000000000000000 R09: 0000000000000000 [ 770.970817][T16952] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 770.970825][T16952] R13: 00007f4e07de6038 R14: 00007f4e07de5fa0 R15: 00007fffb5663da8 [ 770.970845][T16952] [ 772.837970][T11766] Bluetooth: hci5: command 0x0c1a tx timeout [ 774.379617][T16974] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 774.386103][T16974] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 774.392319][T16974] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 774.400262][T16974] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 775.150996][T16976] FAULT_INJECTION: forcing a failure. [ 775.150996][T16976] name failslab, interval 1, probability 0, space 0, times 0 [ 775.164130][T16976] CPU: 0 UID: 0 PID: 16976 Comm: syz.1.2377 Tainted: G U syzkaller #0 PREEMPT(full) [ 775.164174][T16976] Tainted: [U]=USER [ 775.164184][T16976] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 775.164202][T16976] Call Trace: [ 775.164213][T16976] [ 775.164223][T16976] dump_stack_lvl+0x16c/0x1f0 [ 775.164271][T16976] should_fail_ex+0x512/0x640 [ 775.164310][T16976] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 775.164344][T16976] should_failslab+0xc2/0x120 [ 775.164378][T16976] __kmalloc_cache_noprof+0x6a/0x3e0 [ 775.164407][T16976] ? snd_seq_timer_new+0x44/0x1b0 [ 775.164445][T16976] ? lockdep_init_map_type+0x5c/0x280 [ 775.164495][T16976] snd_seq_timer_new+0x44/0x1b0 [ 775.164536][T16976] snd_seq_queue_alloc+0x177/0x5a0 [ 775.164576][T16976] snd_seq_ioctl_create_queue+0xa9/0x380 [ 775.164622][T16976] snd_seq_kernel_client_ctl+0x10a/0x1c0 [ 775.164656][T16976] alloc_seq_queue+0xda/0x180 [ 775.164683][T16976] ? __pfx_alloc_seq_queue+0x10/0x10 [ 775.164737][T16976] ? mark_held_locks+0x49/0x80 [ 775.164771][T16976] ? _raw_spin_unlock_irq+0x23/0x50 [ 775.164813][T16976] snd_seq_oss_open+0x38c/0xa20 [ 775.164848][T16976] odev_open+0x6f/0x90 [ 775.164872][T16976] ? __pfx_odev_open+0x10/0x10 [ 775.164896][T16976] soundcore_open+0x40c/0x580 [ 775.164939][T16976] ? __pfx_soundcore_open+0x10/0x10 [ 775.164978][T16976] chrdev_open+0x234/0x6a0 [ 775.165011][T16976] ? __pfx_apparmor_file_open+0x10/0x10 [ 775.165041][T16976] ? __pfx_chrdev_open+0x10/0x10 [ 775.165076][T16976] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 775.165114][T16976] do_dentry_open+0x982/0x1530 [ 775.165147][T16976] ? __pfx_chrdev_open+0x10/0x10 [ 775.165188][T16976] vfs_open+0x82/0x3f0 [ 775.165230][T16976] path_openat+0x1de4/0x2cb0 [ 775.165273][T16976] ? __pfx_path_openat+0x10/0x10 [ 775.165315][T16976] do_filp_open+0x20b/0x470 [ 775.165348][T16976] ? __pfx_do_filp_open+0x10/0x10 [ 775.165406][T16976] ? alloc_fd+0x471/0x7d0 [ 775.165443][T16976] do_sys_openat2+0x11b/0x1d0 [ 775.165481][T16976] ? __pfx_do_sys_openat2+0x10/0x10 [ 775.165539][T16976] __x64_sys_openat+0x174/0x210 [ 775.165566][T16976] ? __pfx___x64_sys_openat+0x10/0x10 [ 775.165608][T16976] do_syscall_64+0xcd/0x4c0 [ 775.165650][T16976] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 775.165677][T16976] RIP: 0033:0x7f4e07b8eec9 [ 775.165699][T16976] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 775.165726][T16976] RSP: 002b:00007f4e08aee038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 775.165753][T16976] RAX: ffffffffffffffda RBX: 00007f4e07de5fa0 RCX: 00007f4e07b8eec9 [ 775.165772][T16976] RDX: 0000000000000042 RSI: 0000200000000140 RDI: ffffffffffffff9c [ 775.165790][T16976] RBP: 00007f4e07c11f91 R08: 0000000000000000 R09: 0000000000000000 [ 775.165807][T16976] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 775.165824][T16976] R13: 00007f4e07de6038 R14: 00007f4e07de5fa0 R15: 00007fffb5663da8 [ 775.165860][T16976] [ 776.438051][T11766] Bluetooth: hci5: command 0x0c1a tx timeout [ 776.444138][T11766] Bluetooth: hci4: command 0x0419 tx timeout [ 776.450561][T12368] Bluetooth: hci3: command 0x0c1a tx timeout [ 776.456607][T12368] Bluetooth: hci2: command 0x0c1a tx timeout [ 782.638591][T17029] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 782.645509][T17029] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 782.652122][T17029] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 782.660134][T17029] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 784.688240][T12119] Bluetooth: hci3: command 0x0c1a tx timeout [ 784.694317][T12119] Bluetooth: hci2: command 0x0c1a tx timeout [ 784.700829][T11766] Bluetooth: hci4: command 0x0419 tx timeout [ 784.706876][T12368] Bluetooth: hci5: command 0x0c1a tx timeout [ 789.625805][T17069] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2396'. [ 790.156604][T12119] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 790.166858][T12119] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 790.175760][T12119] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 790.187182][T12119] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 790.199994][T12119] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 790.441982][T17074] chnl_net:caif_netlink_parms(): no params data found [ 790.593746][T17074] bridge0: port 1(bridge_slave_0) entered blocking state [ 790.615244][T17074] bridge0: port 1(bridge_slave_0) entered disabled state [ 790.634702][T17074] bridge_slave_0: entered allmulticast mode [ 790.645521][T17074] bridge_slave_0: entered promiscuous mode [ 790.671056][T17074] bridge0: port 2(bridge_slave_1) entered blocking state [ 790.699293][T17074] bridge0: port 2(bridge_slave_1) entered disabled state [ 790.721567][T17074] bridge_slave_1: entered allmulticast mode [ 790.732572][T17074] bridge_slave_1: entered promiscuous mode [ 790.801882][T17074] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 790.814717][T17074] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 790.862630][T17074] team0: Port device team_slave_0 added [ 790.871761][T17074] team0: Port device team_slave_1 added [ 790.913587][T17074] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 790.921048][T17074] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 790.967954][T17074] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 790.980866][T17074] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 790.989017][T17074] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 791.027444][T17074] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 791.113730][T17086] mkiss: ax0: crc mode is auto. [ 791.133612][T17074] hsr_slave_0: entered promiscuous mode [ 791.142399][T17074] hsr_slave_1: entered promiscuous mode [ 791.150231][T17074] debugfs: 'hsr0' already exists in 'hsr' [ 791.156077][T17074] Cannot create hsr debugfs directory [ 792.282064][T12119] Bluetooth: hci6: command tx timeout [ 794.358089][T12119] Bluetooth: hci6: command tx timeout [ 796.438286][T12119] Bluetooth: hci6: command tx timeout [ 798.518135][T12119] Bluetooth: hci6: command tx timeout [ 806.052084][T12368] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 806.063263][T12368] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 806.075098][T12368] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 806.083373][T12368] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 806.091168][T12368] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 806.266323][T17108] chnl_net:caif_netlink_parms(): no params data found [ 806.347785][T17108] bridge0: port 1(bridge_slave_0) entered blocking state [ 806.355064][T17108] bridge0: port 1(bridge_slave_0) entered disabled state [ 806.363487][T17108] bridge_slave_0: entered allmulticast mode [ 806.371544][T17108] bridge_slave_0: entered promiscuous mode [ 806.381293][T17108] bridge0: port 2(bridge_slave_1) entered blocking state [ 806.388952][T17108] bridge0: port 2(bridge_slave_1) entered disabled state [ 806.396166][T17108] bridge_slave_1: entered allmulticast mode [ 806.404764][T17108] bridge_slave_1: entered promiscuous mode [ 806.439643][T17108] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 806.452716][T17108] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 806.487086][T17108] team0: Port device team_slave_0 added [ 806.495014][T17108] team0: Port device team_slave_1 added [ 806.526220][T17108] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 806.533409][T17108] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 806.559396][T17108] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 806.572378][T17108] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 806.579684][T17108] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 806.606103][T17108] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 806.654239][T17108] hsr_slave_0: entered promiscuous mode [ 806.660667][T17108] hsr_slave_1: entered promiscuous mode [ 806.666779][T17108] debugfs: 'hsr0' already exists in 'hsr' [ 806.672634][T17108] Cannot create hsr debugfs directory [ 808.118225][T12368] Bluetooth: hci7: command tx timeout [ 808.934587][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 808.941181][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 809.576224][T12119] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1 [ 809.590006][T12119] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9 [ 809.599468][T12119] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9 [ 809.608588][T12119] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4 [ 809.616334][T12119] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2 [ 809.794570][T17118] chnl_net:caif_netlink_parms(): no params data found [ 809.880773][T17118] bridge0: port 1(bridge_slave_0) entered blocking state [ 809.888072][T17118] bridge0: port 1(bridge_slave_0) entered disabled state [ 809.895297][T17118] bridge_slave_0: entered allmulticast mode [ 809.903764][T17118] bridge_slave_0: entered promiscuous mode [ 809.911860][T17118] bridge0: port 2(bridge_slave_1) entered blocking state [ 809.922136][T17118] bridge0: port 2(bridge_slave_1) entered disabled state [ 809.929896][T17118] bridge_slave_1: entered allmulticast mode [ 809.937005][T17118] bridge_slave_1: entered promiscuous mode [ 809.972894][T17118] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 809.985041][T17118] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 810.023408][T17118] team0: Port device team_slave_0 added [ 810.031542][T17118] team0: Port device team_slave_1 added [ 810.067348][T17118] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 810.074754][T17118] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 810.100801][T17118] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 810.113288][T17118] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 810.121658][T17118] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 810.147993][T17118] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 810.195984][T17118] hsr_slave_0: entered promiscuous mode [ 810.198411][T12368] Bluetooth: hci7: command tx timeout [ 810.202954][T17118] hsr_slave_1: entered promiscuous mode [ 810.213644][T17118] debugfs: 'hsr0' already exists in 'hsr' [ 810.219920][T17118] Cannot create hsr debugfs directory [ 811.721742][T12368] Bluetooth: hci8: command tx timeout [ 812.278214][T12368] Bluetooth: hci7: command tx timeout [ 813.798214][T12368] Bluetooth: hci8: command tx timeout [ 814.362053][T12368] Bluetooth: hci7: command tx timeout [ 814.585190][T12119] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1 [ 814.595507][T12119] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9 [ 814.604819][T12119] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9 [ 814.614191][T12119] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4 [ 814.623152][T12119] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2 [ 814.803198][T17128] chnl_net:caif_netlink_parms(): no params data found [ 814.880436][T17128] bridge0: port 1(bridge_slave_0) entered blocking state [ 814.887606][T17128] bridge0: port 1(bridge_slave_0) entered disabled state [ 814.898242][T17128] bridge_slave_0: entered allmulticast mode [ 814.905344][T17128] bridge_slave_0: entered promiscuous mode [ 814.914672][T17128] bridge0: port 2(bridge_slave_1) entered blocking state [ 814.922247][T17128] bridge0: port 2(bridge_slave_1) entered disabled state [ 814.929620][T17128] bridge_slave_1: entered allmulticast mode [ 814.936673][T17128] bridge_slave_1: entered promiscuous mode [ 814.970231][T17128] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 814.982363][T17128] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 815.025565][T17128] team0: Port device team_slave_0 added [ 815.033518][T17128] team0: Port device team_slave_1 added [ 815.064797][T17128] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 815.072351][T17128] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 815.099115][T17128] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 815.112061][T17128] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 815.119435][T17128] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 815.145520][T17128] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 815.195394][T17128] hsr_slave_0: entered promiscuous mode [ 815.202058][T17128] hsr_slave_1: entered promiscuous mode [ 815.208468][T17128] debugfs: 'hsr0' already exists in 'hsr' [ 815.214219][T17128] Cannot create hsr debugfs directory [ 815.878106][T12119] Bluetooth: hci8: command tx timeout [ 816.678277][T12119] Bluetooth: hci9: command tx timeout [ 817.958258][T12119] Bluetooth: hci8: command tx timeout [ 818.758165][T12119] Bluetooth: hci9: command tx timeout [ 820.838277][T12119] Bluetooth: hci9: command tx timeout [ 822.918090][T12119] Bluetooth: hci9: command tx timeout [ 850.128415][T12368] Bluetooth: hci10: unexpected cc 0x0c03 length: 249 > 1 [ 850.139489][T12368] Bluetooth: hci10: unexpected cc 0x1003 length: 249 > 9 [ 850.149151][T12368] Bluetooth: hci10: unexpected cc 0x1001 length: 249 > 9 [ 850.159311][T12368] Bluetooth: hci10: unexpected cc 0x0c23 length: 249 > 4 [ 850.167056][T12368] Bluetooth: hci10: unexpected cc 0x0c38 length: 249 > 2 [ 850.357418][T17142] chnl_net:caif_netlink_parms(): no params data found [ 850.440903][T17142] bridge0: port 1(bridge_slave_0) entered blocking state [ 850.448548][T17142] bridge0: port 1(bridge_slave_0) entered disabled state [ 850.455962][T17142] bridge_slave_0: entered allmulticast mode [ 850.464479][T17142] bridge_slave_0: entered promiscuous mode [ 850.473066][T17142] bridge0: port 2(bridge_slave_1) entered blocking state [ 850.480613][T17142] bridge0: port 2(bridge_slave_1) entered disabled state [ 850.487967][T17142] bridge_slave_1: entered allmulticast mode [ 850.495030][T17142] bridge_slave_1: entered promiscuous mode [ 850.531072][T17142] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 850.544945][T17142] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 850.579813][T17142] team0: Port device team_slave_0 added [ 850.587650][T17142] team0: Port device team_slave_1 added [ 850.624025][T17142] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 850.631112][T17142] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 850.658316][T17142] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 850.671255][T17142] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 850.678420][T17142] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 850.704478][T17142] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 850.754255][T17142] hsr_slave_0: entered promiscuous mode [ 850.761104][T17142] hsr_slave_1: entered promiscuous mode [ 850.767520][T17142] debugfs: 'hsr0' already exists in 'hsr' [ 850.773539][T17142] Cannot create hsr debugfs directory [ 852.198192][T12119] Bluetooth: hci10: command tx timeout [ 854.280852][T12119] Bluetooth: hci10: command tx timeout [ 856.360058][T12119] Bluetooth: hci10: command tx timeout [ 858.439920][T12119] Bluetooth: hci10: command tx timeout [ 866.150487][T12368] Bluetooth: hci11: unexpected cc 0x0c03 length: 249 > 1 [ 866.161733][T12368] Bluetooth: hci11: unexpected cc 0x1003 length: 249 > 9 [ 866.174385][T12368] Bluetooth: hci11: unexpected cc 0x1001 length: 249 > 9 [ 866.183202][T12368] Bluetooth: hci11: unexpected cc 0x0c23 length: 249 > 4 [ 866.196239][T12368] Bluetooth: hci11: unexpected cc 0x0c38 length: 249 > 2 [ 866.418709][T17152] chnl_net:caif_netlink_parms(): no params data found [ 866.500377][T17152] bridge0: port 1(bridge_slave_0) entered blocking state [ 866.507612][T17152] bridge0: port 1(bridge_slave_0) entered disabled state [ 866.515408][T17152] bridge_slave_0: entered allmulticast mode [ 866.523718][T17152] bridge_slave_0: entered promiscuous mode [ 866.533122][T17152] bridge0: port 2(bridge_slave_1) entered blocking state [ 866.541188][T17152] bridge0: port 2(bridge_slave_1) entered disabled state [ 866.548908][T17152] bridge_slave_1: entered allmulticast mode [ 866.556080][T17152] bridge_slave_1: entered promiscuous mode [ 866.591994][T17152] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 866.605357][T17152] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 866.645655][T17152] team0: Port device team_slave_0 added [ 866.654124][T17152] team0: Port device team_slave_1 added [ 866.687610][T17152] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 866.695413][T17152] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 866.721594][T17152] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 866.733665][T17152] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 866.740798][T17152] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 866.766808][T17152] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 866.819829][T17152] hsr_slave_0: entered promiscuous mode [ 866.826746][T17152] hsr_slave_1: entered promiscuous mode [ 866.833891][T17152] debugfs: 'hsr0' already exists in 'hsr' [ 866.839804][T17152] Cannot create hsr debugfs directory [ 868.278144][T12119] Bluetooth: hci11: command tx timeout [ 869.649810][T12368] Bluetooth: hci12: unexpected cc 0x0c03 length: 249 > 1 [ 869.665226][T12368] Bluetooth: hci12: unexpected cc 0x1003 length: 249 > 9 [ 869.674330][T12368] Bluetooth: hci12: unexpected cc 0x1001 length: 249 > 9 [ 869.682769][T12368] Bluetooth: hci12: unexpected cc 0x0c23 length: 249 > 4 [ 869.692609][T12368] Bluetooth: hci12: unexpected cc 0x0c38 length: 249 > 2 [ 869.884626][T17163] chnl_net:caif_netlink_parms(): no params data found [ 869.965926][T17163] bridge0: port 1(bridge_slave_0) entered blocking state [ 869.973853][T17163] bridge0: port 1(bridge_slave_0) entered disabled state [ 869.982552][T17163] bridge_slave_0: entered allmulticast mode [ 869.990025][T17163] bridge_slave_0: entered promiscuous mode [ 870.003309][T17163] bridge0: port 2(bridge_slave_1) entered blocking state [ 870.011441][T17163] bridge0: port 2(bridge_slave_1) entered disabled state [ 870.019374][T17163] bridge_slave_1: entered allmulticast mode [ 870.027268][T17163] bridge_slave_1: entered promiscuous mode [ 870.063917][T17163] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 870.082952][T17163] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 870.117300][T17163] team0: Port device team_slave_0 added [ 870.127381][T17163] team0: Port device team_slave_1 added [ 870.164255][T17163] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 870.171993][T17163] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 870.199250][T17163] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 870.212660][T17163] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 870.220033][T17163] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 870.246216][T17163] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 870.299538][T17163] hsr_slave_0: entered promiscuous mode [ 870.306055][T17163] hsr_slave_1: entered promiscuous mode [ 870.312944][T17163] debugfs: 'hsr0' already exists in 'hsr' [ 870.318832][T17163] Cannot create hsr debugfs directory [ 870.358730][T12119] Bluetooth: hci11: command tx timeout [ 870.363369][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 870.370686][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 871.720302][T12368] Bluetooth: hci12: command tx timeout [ 872.438252][T12368] Bluetooth: hci11: command tx timeout [ 873.798231][T12368] Bluetooth: hci12: command tx timeout [ 874.518253][T12368] Bluetooth: hci11: command tx timeout [ 874.659736][T12119] Bluetooth: hci13: unexpected cc 0x0c03 length: 249 > 1 [ 874.669618][T12119] Bluetooth: hci13: unexpected cc 0x1003 length: 249 > 9 [ 874.679308][T12119] Bluetooth: hci13: unexpected cc 0x1001 length: 249 > 9 [ 874.688988][T12119] Bluetooth: hci13: unexpected cc 0x0c23 length: 249 > 4 [ 874.697504][T12119] Bluetooth: hci13: unexpected cc 0x0c38 length: 249 > 2 [ 874.892166][T17173] chnl_net:caif_netlink_parms(): no params data found [ 874.973940][T17173] bridge0: port 1(bridge_slave_0) entered blocking state [ 874.981647][T17173] bridge0: port 1(bridge_slave_0) entered disabled state [ 874.989855][T17173] bridge_slave_0: entered allmulticast mode [ 874.996989][T17173] bridge_slave_0: entered promiscuous mode [ 875.006097][T17173] bridge0: port 2(bridge_slave_1) entered blocking state [ 875.013669][T17173] bridge0: port 2(bridge_slave_1) entered disabled state [ 875.021183][T17173] bridge_slave_1: entered allmulticast mode [ 875.028502][T17173] bridge_slave_1: entered promiscuous mode [ 875.064842][T17173] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 875.077050][T17173] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 875.119009][T17173] team0: Port device team_slave_0 added [ 875.126883][T17173] team0: Port device team_slave_1 added [ 875.162218][T17173] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 875.169339][T17173] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 875.196327][T17173] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 875.208675][T17173] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 875.215650][T17173] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 875.241717][T17173] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 875.294606][T17173] hsr_slave_0: entered promiscuous mode [ 875.301997][T17173] hsr_slave_1: entered promiscuous mode [ 875.308339][T17173] debugfs: 'hsr0' already exists in 'hsr' [ 875.314076][T17173] Cannot create hsr debugfs directory [ 875.878186][T12119] Bluetooth: hci12: command tx timeout [ 876.758372][T12119] Bluetooth: hci13: command tx timeout [ 877.958070][T12119] Bluetooth: hci12: command tx timeout [ 878.838139][T12119] Bluetooth: hci13: command tx timeout [ 880.598169][ T31] INFO: task kworker/u10:9:14034 blocked for more than 143 seconds. [ 880.606206][ T31] Tainted: G U syzkaller #0 [ 880.613926][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 880.623020][ T31] task:kworker/u10:9 state:D stack:23560 pid:14034 tgid:14034 ppid:2 task_flags:0x4208060 flags:0x00004000 [ 880.635153][ T31] Workqueue: netns cleanup_net [ 880.640021][ T31] Call Trace: [ 880.643303][ T31] SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 880.646224][ T31] __schedule+0x1190/0x5de0 [ 880.650864][ T31] ? __pfx___schedule+0x10/0x10 [ 880.655750][ T31] ? find_held_lock+0x2b/0x80 [ 880.660504][ T31] ? schedule+0x2d7/0x3a0 [ 880.664878][ T31] schedule+0xe7/0x3a0 [ 880.669448][ T31] schedule_timeout+0x257/0x290 [ 880.674326][ T31] ? __pfx_schedule_timeout+0x10/0x10 [ 880.680191][ T31] ? mark_held_locks+0x49/0x80 [ 880.684984][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 880.690777][ T31] __wait_for_common+0x2fc/0x4e0 [ 880.695744][ T31] ? __pfx_schedule_timeout+0x10/0x10 [ 880.701577][ T31] ? __pfx___wait_for_common+0x10/0x10 [ 880.707082][ T31] remove_one+0x312/0x420 [ 880.711934][ T31] ? find_next_child+0x18f/0x280 [ 880.716995][ T31] __simple_recursive_removal+0x15b/0x610 [ 880.723453][ T31] ? __pfx_remove_one+0x10/0x10 [ 880.728870][ T31] debugfs_remove+0x5d/0x80 [ 880.733423][ T31] nsim_dev_health_exit+0x3b/0xe0 [ 880.738896][ T31] nsim_dev_reload_destroy+0x144/0x4d0 [ 880.744410][ T31] nsim_dev_reload_down+0x6e/0xd0 [ 880.750038][ T31] devlink_reload+0x1a1/0x7c0 [ 880.754750][ T31] ? __pfx_devlink_reload+0x10/0x10 [ 880.760464][ T31] devlink_pernet_pre_exit+0x1a0/0x2b0 [ 880.765952][ T31] ? __pfx_devlink_pernet_pre_exit+0x10/0x10 [ 880.772432][ T31] ? up_write+0x1b2/0x520 [ 880.776804][ T31] ? kobject_put+0xab/0x5a0 [ 880.781777][ T31] ? __pfx_devlink_pernet_pre_exit+0x10/0x10 [ 880.787786][ T31] ops_undo_list+0x184/0xab0 [ 880.792950][ T31] ? __pfx_ops_undo_list+0x10/0x10 [ 880.798363][ T31] ? cleanup_net+0x334/0x890 [ 880.802975][ T31] ? idr_destroy+0x62/0x2e0 [ 880.807505][ T31] cleanup_net+0x408/0x890 [ 880.812599][ T31] ? __pfx_cleanup_net+0x10/0x10 [ 880.817574][ T31] ? rcu_is_watching+0x12/0xc0 [ 880.823246][ T31] process_one_work+0x9cf/0x1b70 [ 880.828543][ T31] ? __pfx_batadv_nc_worker+0x10/0x10 [ 880.833944][ T31] ? __pfx_process_one_work+0x10/0x10 [ 880.839818][ T31] ? assign_work+0x1a0/0x250 [ 880.844540][ T31] worker_thread+0x6c8/0xf10 [ 880.849802][ T31] ? __kthread_parkme+0x19e/0x250 [ 880.854963][ T31] ? __pfx_worker_thread+0x10/0x10 [ 880.860547][ T31] kthread+0x3c5/0x780 [ 880.864755][ T31] ? __pfx_kthread+0x10/0x10 [ 880.869997][ T31] ? rcu_is_watching+0x12/0xc0 [ 880.874792][ T31] ? __pfx_kthread+0x10/0x10 [ 880.879857][ T31] ret_from_fork+0x56d/0x730 [ 880.884477][ T31] ? __pfx_kthread+0x10/0x10 [ 880.889570][ T31] ret_from_fork_asm+0x1a/0x30 [ 880.894377][ T31] [ 880.897798][ T31] INFO: task syz.0.2305:16646 blocked for more than 143 seconds. [ 880.905597][ T31] Tainted: G U syzkaller #0 [ 880.912537][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 880.919444][T12119] Bluetooth: hci13: command tx timeout [ 880.922060][ T31] task:syz.0.2305 state:D stack:26904 pid:16646 tgid:16643 ppid:5863 task_flags:0x400140 flags:0x00004004 [ 880.939607][ T31] Call Trace: [ 880.942903][ T31] [ 880.945936][ T31] __schedule+0x1190/0x5de0 [ 880.951037][ T31] ? __lock_acquire+0x62e/0x1ce0 [ 880.956015][ T31] ? __pfx___schedule+0x10/0x10 [ 880.961458][ T31] ? find_held_lock+0x2b/0x80 [ 880.966170][ T31] ? schedule+0x2d7/0x3a0 [ 880.970955][ T31] ? devlink_health_report+0x3ba/0x9c0 [ 880.976437][ T31] schedule+0xe7/0x3a0 [ 880.981057][ T31] schedule_preempt_disabled+0x13/0x30 [ 880.986546][ T31] __mutex_lock+0x81b/0x1060 [ 880.991645][ T31] ? devlink_health_report+0x3ba/0x9c0 [ 880.997226][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 881.002811][ T31] ? devlink_health_report+0x3ba/0x9c0 [ 881.008567][ T31] devlink_health_report+0x3ba/0x9c0 [ 881.013879][ T31] ? __pfx_devlink_health_report+0x10/0x10 [ 881.020149][ T31] ? _copy_from_user+0x59/0xd0 [ 881.024945][ T31] nsim_dev_health_break_write+0x166/0x210 [ 881.031684][ T31] ? __pfx_nsim_dev_health_break_write+0x10/0x10 [ 881.038452][ T31] full_proxy_write+0x131/0x1a0 [ 881.043351][ T31] ? __pfx_full_proxy_write+0x10/0x10 [ 881.049200][ T31] vfs_write+0x2a0/0x11d0 [ 881.053563][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 881.059095][ T31] ? __pfx_vfs_write+0x10/0x10 [ 881.063900][ T31] ? __fget_files+0x20e/0x3c0 [ 881.069026][ T31] ksys_write+0x12a/0x250 [ 881.073378][ T31] ? __pfx_ksys_write+0x10/0x10 [ 881.078808][ T31] do_syscall_64+0xcd/0x4c0 [ 881.083352][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 881.089683][ T31] RIP: 0033:0x7fe9a778eec9 [ 881.094115][ T31] RSP: 002b:00007fe9a86bf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 881.103021][ T31] RAX: ffffffffffffffda RBX: 00007fe9a79e5fa0 RCX: 00007fe9a778eec9 [ 881.111336][ T31] RDX: 00000000000001ff RSI: 0000000000000000 RDI: 0000000000000006 [ 881.119693][ T31] RBP: 00007fe9a7811f91 R08: 0000000000000000 R09: 0000000000000000 [ 881.127719][ T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 881.136729][ T31] R13: 00007fe9a79e6038 R14: 00007fe9a79e5fa0 R15: 00007ffed535fec8 [ 881.145101][ T31] [ 881.148375][ T31] INFO: task syz-executor:16650 blocked for more than 143 seconds. [ 881.156366][ T31] Tainted: G U syzkaller #0 [ 881.163512][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 881.172508][ T31] task:syz-executor state:D stack:24248 pid:16650 tgid:16650 ppid:1 task_flags:0x400140 flags:0x00004004 [ 881.184906][ T31] Call Trace: [ 881.188611][ T31] [ 881.191568][ T31] __schedule+0x1190/0x5de0 [ 881.196124][ T31] ? __lock_acquire+0x62e/0x1ce0 [ 881.202312][ T31] ? __pfx___schedule+0x10/0x10 [ 881.207207][ T31] ? find_held_lock+0x2b/0x80 [ 881.212587][ T31] ? schedule+0x2d7/0x3a0 [ 881.216947][ T31] ? device_del+0xa0/0x9f0 [ 881.221826][ T31] schedule+0xe7/0x3a0 [ 881.225932][ T31] schedule_preempt_disabled+0x13/0x30 [ 881.232294][ T31] __mutex_lock+0x81b/0x1060 [ 881.236925][ T31] ? device_del+0xa0/0x9f0 [ 881.241864][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 881.246952][ T31] ? mark_held_locks+0x49/0x80 [ 881.252240][ T31] ? device_del+0xa0/0x9f0 [ 881.256687][ T31] device_del+0xa0/0x9f0 [ 881.261381][ T31] ? __pfx_ida_free+0x10/0x10 [ 881.266096][ T31] ? __pfx_device_del+0x10/0x10 [ 881.271488][ T31] device_unregister+0x1d/0xc0 [ 881.276297][ T31] del_device_store+0x355/0x4a0 [ 881.307495][ T31] ? __pfx_del_device_store+0x10/0x10 [ 881.347935][ T31] ? find_held_lock+0x2b/0x80 [ 881.352692][ T31] ? sysfs_file_kobj+0xe4/0x290 [ 881.357565][ T31] ? __pfx_del_device_store+0x10/0x10 [ 881.384959][ T31] bus_attr_store+0x71/0xb0 [ 881.390777][ T31] ? __pfx_bus_attr_store+0x10/0x10 [ 881.396006][ T31] sysfs_kf_write+0xf2/0x150 [ 881.401117][ T31] kernfs_fop_write_iter+0x3af/0x570 [ 881.406443][ T31] ? __pfx_sysfs_kf_write+0x10/0x10 [ 881.412088][ T31] vfs_write+0x7d0/0x11d0 [ 881.416462][ T31] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 881.423580][ T31] ? __pfx_vfs_write+0x10/0x10 [ 881.428687][ T31] ? __pfx_do_sys_openat2+0x10/0x10 [ 881.433947][ T31] ksys_write+0x12a/0x250 [ 881.439250][ T31] ? __pfx_ksys_write+0x10/0x10 [ 881.444139][ T31] do_syscall_64+0xcd/0x4c0 [ 881.449092][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 881.455000][ T31] RIP: 0033:0x7f9d10b8d97f [ 881.459871][ T31] RSP: 002b:00007ffdf9074bf0 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 881.468593][ T31] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00007f9d10b8d97f [ 881.476574][ T31] RDX: 0000000000000001 RSI: 00007ffdf9074c40 RDI: 0000000000000005 [ 881.485047][ T31] RBP: 00007f9d10c13239 R08: 0000000000000000 R09: 00007ffdf9074a47 [ 881.493384][ T31] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001 [ 881.501740][ T31] R13: 00007ffdf9074c40 R14: 00007f9d11914620 R15: 0000000000000003 [ 881.510047][ T31] [ 881.513123][ T31] [ 881.513123][ T31] Showing all locks held in the system: [ 881.521482][ T31] 1 lock held by ksoftirqd/0/15: [ 881.526435][ T31] #0: ffff8880b843a458 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x7e/0x130 [ 881.536634][ T31] 1 lock held by khungtaskd/31: [ 881.542313][ T31] #0: ffffffff8e5c1420 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x36/0x1c0 [ 881.552610][ T31] 1 lock held by klogd/5224: [ 881.557220][ T31] 2 locks held by getty/9729: [ 881.562719][ T31] #0: ffff8880353860a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80 [ 881.573124][ T31] #1: ffffc900032c42f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x41b/0x14f0 [ 881.583373][ T31] 6 locks held by kworker/u10:9/14034: [ 881.589024][ T31] #0: ffff88801c6fe948 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70 [ 881.599527][ T31] #1: ffffc90019837d10 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70 [ 881.609702][ T31] #2: ffffffff90372a90 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xad/0x890 [ 881.619147][ T31] #3: ffff8880128830e8 (&dev->mutex){....}-{4:4}, at: devlink_pernet_pre_exit+0x12c/0x2b0 [ 881.629305][ T31] #4: ffff888012884250 (&devlink->lock_key){+.+.}-{4:4}, at: devlink_pernet_pre_exit+0x136/0x2b0 [ 881.640523][ T31] #5: ffff88805ace55a8 (&sb->s_type->i_mutex_key#3/2){+.+.}-{4:4}, at: __simple_recursive_removal+0x354/0x610 [ 881.653848][ T31] 3 locks held by syz.0.2305/16646: [ 881.659368][ T31] #0: ffff888025aa95f8 (&f->f_pos_lock){+.+.}-{4:4}, at: fdget_pos+0x2a2/0x370 [ 881.668907][ T31] #1: ffff888141688428 (sb_writers#8){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 [ 881.678015][ T31] #2: ffff888012884250 (&devlink->lock_key){+.+.}-{4:4}, at: devlink_health_report+0x3ba/0x9c0 [ 881.688612][ T31] 5 locks held by syz-executor/16650: [ 881.693999][ T31] #0: ffff888035736428 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 [ 881.703064][ T31] #1: ffff88805a46d888 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x570 [ 881.712973][ T31] #2: ffff88802827d2d8 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2ff/0x570 [ 881.723142][ T31] #3: ffffffff8f8f78c8 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x4a0 [ 881.733621][ T31] #4: ffff8880128830e8 (&dev->mutex){....}-{4:4}, at: device_del+0xa0/0x9f0 [ 881.742910][ T31] 1 lock held by syz.3.2328/16745: [ 881.748067][ T31] #0: ffff88805ace55a8 (&sb->s_type->i_mutex_key#3){++++}-{4:4}, at: path_openat+0x818/0x2cb0 [ 881.758586][ T31] 4 locks held by syz-executor/16779: [ 881.763968][ T31] #0: ffff888035736428 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 [ 881.773321][ T31] #1: ffff88807ac3f888 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x570 [ 881.783186][ T31] #2: ffff88802827d2d8 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2ff/0x570 [ 881.793328][ T31] #3: ffffffff8f8f78c8 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x4a0 [ 881.803714][ T31] 4 locks held by syz-executor/16837: [ 881.809126][ T31] #0: ffff888035736428 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 [ 881.818215][ T31] #1: ffff888034ab8488 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x570 [ 881.828205][ T31] #2: ffff88802827d2d8 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2ff/0x570 [ 881.838379][ T31] #3: ffffffff8f8f78c8 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x4a0 [ 881.849221][ T31] 4 locks held by syz-executor/17074: [ 881.854608][ T31] #0: ffff888035736428 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 [ 881.863708][ T31] #1: ffff88804eec6888 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x570 [ 881.873579][ T31] #2: ffff88802827d2d8 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2ff/0x570 [ 881.883996][ T31] #3: ffffffff8f8f78c8 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x4a0 [ 881.894399][ T31] 1 lock held by syz.1.2402/17103: [ 881.899812][ T31] #0: ffff88805ace55a8 (&sb->s_type->i_mutex_key#3){++++}-{4:4}, at: path_openat+0x818/0x2cb0 [ 881.910604][ T31] 4 locks held by syz-executor/17108: [ 881.916066][ T31] #0: ffff888035736428 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 [ 881.925186][ T31] #1: ffff888089333c88 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x570 [ 881.935013][ T31] #2: ffff88802827d2d8 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2ff/0x570 [ 881.945202][ T31] #3: ffffffff8f8f78c8 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x4a0 [ 881.955812][ T31] 4 locks held by syz-executor/17118: [ 881.961291][ T31] #0: ffff888035736428 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 [ 881.970363][ T31] #1: ffff88808d532c88 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x570 [ 881.980248][ T31] #2: ffff88802827d2d8 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2ff/0x570 [ 881.990368][ T31] #3: ffffffff8f8f78c8 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x4a0 [ 882.000794][ T31] 4 locks held by syz-executor/17128: [ 882.006182][ T31] #0: ffff888035736428 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 [ 882.015292][ T31] #1: ffff88803240b088 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x570 [ 882.025143][ T31] #2: ffff88802827d2d8 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2ff/0x570 [ 882.035474][ T31] #3: ffffffff8f8f78c8 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x4a0 [ 882.046030][ T31] 4 locks held by syz-executor/17142: [ 882.052141][ T31] #0: ffff888035736428 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 [ 882.061513][ T31] #1: ffff888063ea8888 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x570 [ 882.071750][ T31] #2: ffff88802827d2d8 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2ff/0x570 [ 882.082939][ T31] #3: ffffffff8f8f78c8 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x4a0 [ 882.093595][ T31] 4 locks held by syz-executor/17152: [ 882.099323][ T31] #0: ffff888035736428 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 [ 882.108661][ T31] #1: ffff88808d4aac88 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x570 [ 882.118921][ T31] #2: ffff88802827d2d8 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2ff/0x570 [ 882.129253][ T31] #3: ffffffff8f8f78c8 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x4a0 [ 882.139933][ T31] 4 locks held by syz-executor/17163: [ 882.145290][ T31] #0: ffff888035736428 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 [ 882.157983][ T31] #1: ffff88809adec488 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x570 [ 882.167805][ T31] #2: ffff88802827d2d8 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2ff/0x570 [ 882.178263][ T31] #3: ffffffff8f8f78c8 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x4a0 [ 882.188676][ T31] 4 locks held by syz-executor/17173: [ 882.194064][ T31] #0: ffff888035736428 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 [ 882.203521][ T31] #1: ffff888031a66488 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x570 [ 882.213435][ T31] #2: ffff88802827d2d8 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2ff/0x570 [ 882.223670][ T31] #3: ffffffff8f8f78c8 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x4a0 [ 882.234120][ T31] [ 882.236449][ T31] ============================================= [ 882.236449][ T31] [ 882.250836][ T31] NMI backtrace for cpu 1 [ 882.250865][ T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Tainted: G U syzkaller #0 PREEMPT(full) [ 882.250900][ T31] Tainted: [U]=USER [ 882.250909][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 882.250925][ T31] Call Trace: [ 882.250933][ T31] [ 882.250943][ T31] dump_stack_lvl+0x116/0x1f0 [ 882.250984][ T31] nmi_cpu_backtrace+0x27b/0x390 [ 882.251016][ T31] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 882.251052][ T31] nmi_trigger_cpumask_backtrace+0x29c/0x300 [ 882.251085][ T31] watchdog+0xf0e/0x1260 [ 882.251126][ T31] ? __pfx_watchdog+0x10/0x10 [ 882.251157][ T31] ? lockdep_hardirqs_on+0x7c/0x110 [ 882.251195][ T31] ? __kthread_parkme+0x19e/0x250 [ 882.251227][ T31] ? __pfx_watchdog+0x10/0x10 [ 882.251261][ T31] kthread+0x3c5/0x780 [ 882.251295][ T31] ? __pfx_kthread+0x10/0x10 [ 882.251333][ T31] ? rcu_is_watching+0x12/0xc0 [ 882.251359][ T31] ? __pfx_kthread+0x10/0x10 [ 882.251395][ T31] ret_from_fork+0x56d/0x730 [ 882.251429][ T31] ? __pfx_kthread+0x10/0x10 [ 882.251464][ T31] ret_from_fork_asm+0x1a/0x30 [ 882.251509][ T31] [ 882.251518][ T31] Sending NMI from CPU 1 to CPUs 0: [ 882.373804][ C0] NMI backtrace for cpu 0 [ 882.373829][ C0] CPU: 0 UID: 0 PID: 11774 Comm: kworker/u10:3 Tainted: G U syzkaller #0 PREEMPT(full) [ 882.373865][ C0] Tainted: [U]=USER [ 882.373873][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 882.373889][ C0] Workqueue: bat_events batadv_nc_worker [ 882.373924][ C0] RIP: 0010:kasan_byte_accessible+0x18/0x30 [ 882.373967][ C0] Code: 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 0f 1f 00 48 b8 00 00 00 00 00 fc ff df 48 c1 ef 03 48 01 c7 0f b6 07 <3c> 07 0f 96 c0 e9 fe 3b 74 09 66 66 2e 0f 1f 84 00 00 00 00 00 0f [ 882.373992][ C0] RSP: 0018:ffffc90019f17a00 EFLAGS: 00000286 [ 882.374010][ C0] RAX: 0000000000000000 RBX: ffff888029eac018 RCX: 0000000000000000 [ 882.374026][ C0] RDX: 0000000000000000 RSI: ffffffff8b945fc3 RDI: ffffed10053d5803 [ 882.374042][ C0] RBP: ffff888029eac018 R08: 0000000000000001 R09: 0000000000000000 [ 882.374059][ C0] R10: 0000000000000001 R11: 0000000000000000 R12: ffffffff8b945fc3 [ 882.374074][ C0] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 882.374099][ C0] FS: 0000000000000000(0000) GS:ffff8881246ba000(0000) knlGS:0000000000000000 [ 882.374127][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 882.374149][ C0] CR2: 000055f4a842bfb0 CR3: 00000000347a6000 CR4: 00000000003526f0 [ 882.374166][ C0] Call Trace: [ 882.374174][ C0] [ 882.374183][ C0] __kasan_check_byte+0x13/0x50 [ 882.374217][ C0] lock_acquire+0xfc/0x350 [ 882.374253][ C0] ? __pfx_batadv_nc_to_purge_nc_path_decoding+0x10/0x10 [ 882.374288][ C0] _raw_spin_lock_bh+0x33/0x40 [ 882.374320][ C0] ? batadv_nc_purge_paths+0xd9/0x3a0 [ 882.374351][ C0] batadv_nc_purge_paths+0xd9/0x3a0 [ 882.374388][ C0] batadv_nc_worker+0x958/0x1030 [ 882.374421][ C0] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 882.374459][ C0] ? __pfx_batadv_nc_worker+0x10/0x10 [ 882.374496][ C0] ? rcu_is_watching+0x12/0xc0 [ 882.374524][ C0] process_one_work+0x9cf/0x1b70 [ 882.374567][ C0] ? __pfx_batadv_nc_worker+0x10/0x10 [ 882.374599][ C0] ? __pfx_process_one_work+0x10/0x10 [ 882.374643][ C0] ? assign_work+0x1a0/0x250 [ 882.374680][ C0] worker_thread+0x6c8/0xf10 [ 882.374709][ C0] ? __pfx_worker_thread+0x10/0x10 [ 882.374731][ C0] kthread+0x3c5/0x780 [ 882.374767][ C0] ? __pfx_kthread+0x10/0x10 [ 882.374804][ C0] ? rcu_is_watching+0x12/0xc0 [ 882.374828][ C0] ? __pfx_kthread+0x10/0x10 [ 882.374863][ C0] ret_from_fork+0x56d/0x730 [ 882.374902][ C0] ? __pfx_kthread+0x10/0x10 [ 882.374938][ C0] ret_from_fork_asm+0x1a/0x30 [ 882.374977][ C0] [ 882.375918][ T31] Kernel panic - not syncing: hung_task: blocked tasks [ 882.636022][ T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Tainted: G U syzkaller #0 PREEMPT(full) [ 882.646700][ T31] Tainted: [U]=USER [ 882.650494][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 882.660546][ T31] Call Trace: [ 882.663916][ T31] [ 882.666847][ T31] dump_stack_lvl+0x3d/0x1f0 [ 882.671452][ T31] vpanic+0x6e8/0x7a0 [ 882.675441][ T31] ? __pfx_vpanic+0x10/0x10 [ 882.679951][ T31] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 882.685947][ T31] panic+0xca/0xd0 [ 882.689674][ T31] ? __pfx_panic+0x10/0x10 [ 882.694094][ T31] ? preempt_schedule_thunk+0x16/0x30 [ 882.699500][ T31] ? nmi_trigger_cpumask_backtrace+0x1b1/0x300 [ 882.705672][ T31] ? watchdog+0xd78/0x1260 [ 882.710093][ T31] ? watchdog+0xd6b/0x1260 [ 882.714512][ T31] watchdog+0xd89/0x1260 [ 882.718769][ T31] ? __pfx_watchdog+0x10/0x10 [ 882.723456][ T31] ? lockdep_hardirqs_on+0x7c/0x110 [ 882.728675][ T31] ? __kthread_parkme+0x19e/0x250 [ 882.733703][ T31] ? __pfx_watchdog+0x10/0x10 [ 882.738402][ T31] kthread+0x3c5/0x780 [ 882.742499][ T31] ? __pfx_kthread+0x10/0x10 [ 882.747117][ T31] ? rcu_is_watching+0x12/0xc0 [ 882.751900][ T31] ? __pfx_kthread+0x10/0x10 [ 882.756506][ T31] ret_from_fork+0x56d/0x730 [ 882.761302][ T31] ? __pfx_kthread+0x10/0x10 [ 882.765909][ T31] ret_from_fork_asm+0x1a/0x30 [ 882.770691][ T31] [ 882.773982][ T31] Kernel Offset: disabled [ 882.778294][ T31] Rebooting in 86400 seconds..