last executing test programs: 1m24.735442373s ago: executing program 1 (id=2329): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) (async) io_uring_setup$auto(0x6, 0x0) r0 = socket(0x2, 0x80002, 0x73) socket(0x2, 0x1, 0x84) bind$auto(0x3, 0x0, 0x6a) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x7ffff004) newfstatat$auto(0xffffffffffffffff, 0x0, 0x0, 0xe78) (async) newfstatat$auto(0xffffffffffffffff, 0x0, 0x0, 0xe78) sendmsg$auto_ETHTOOL_MSG_PRIVFLAGS_SET(r0, 0x0, 0x10) (async) sendmsg$auto_ETHTOOL_MSG_PRIVFLAGS_SET(r0, 0x0, 0x10) madvise$auto(0x0, 0xfffffffffffefffd, 0x17) madvise$auto(0x0, 0xffffffffffff0005, 0x19) bind$auto(0x3, 0x0, 0x6a) (async) bind$auto(0x3, 0x0, 0x6a) shutdown$auto(0x200000003, 0x2) pipe$auto(0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_ovs_meter(&(0x7f0000003040), 0xffffffffffffffff) sendmsg$auto_OVS_METER_CMD_SET(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000004c0)={0x28, r2, 0x82652360e804c8d3, 0x9, 0x25dfdbfe, {}, [@OVS_METER_ATTR_KBPS={0x4}, @OVS_METER_ATTR_BANDS={0x4}, @OVS_METER_ATTR_ID={0x8, 0x1, 0xfffffff8}, @OVS_METER_ATTR_CLEAR={0x4}]}, 0x28}}, 0x8080) shutdown$auto(0x200000003, 0x2) (async) shutdown$auto(0x200000003, 0x2) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) (async) r3 = socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) close_range$auto(r3, r3, 0x0) (async) close_range$auto(r3, r3, 0x0) r4 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video3\x00', 0x2aa01, 0x0) ioctl$auto(r4, 0xc0585611, r4) 1m24.566576158s ago: executing program 0 (id=2330): socket(0x28, 0x1, 0x0) r0 = open(&(0x7f0000000100)='.\x00', 0x591002, 0x408) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r1) ioctl$auto_KVM_GET_MSRS(r0, 0x4008ae89, &(0x7f0000001380)={0x2, 0x0, [{0x47f, 0xe00, 0xffffffffffffffff}]}) 1m24.343679s ago: executing program 0 (id=2331): r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/adsp1\x00', 0x20b42, 0x0) r1 = fsopen$auto(0x0, 0x1) ioctl$auto(0x3, 0xc00caee0, r1) ioctl$auto_SOUND_PCM_READ_RATE(r1, 0x80045002, &(0x7f0000000080)="086e315fa33e484900aeec42125ae0b0dd451da915310719e8a3d3cbe06c22ff2facbe7793d90d26197d320a417724d00ab500abb47211a7a486ac82b62d70e89b265cac87ad451fa9503fbe923d96b01a09f89ac0c8a2787a34dc3b25e2d13196bf4ce5a67c4b36f6149f76c75ecfdd01450970e535b8c01c54") openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) r3 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sysvipc/sem\x00', 0x0, 0x0) lseek$auto(r3, 0x7fd, 0x1) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/pci0000:00/waiting_for_supplier\x00', 0x80800, 0x0) sendfile$auto(0x1, r4, 0x0, 0x400007ffff000) bpf$auto(0x0, &(0x7f0000000780)=@link_update={0xa, @new_map_fd=0x5, 0x4007, @old_prog_fd=0x13b}, 0xa3) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) r5 = fsopen$auto(0x0, 0x1) fsconfig$auto(r5, 0x6, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) mmap$auto(0x3, 0x4020009, 0xdf, 0x17, r2, 0x800000000008000) socket(0x2, 0x3, 0xa) close_range$auto(0x0, 0xfffffffffffff000, 0x0) bpf$auto(0x0, &(0x7f0000000280)=@bpf_attr_0={0xa, 0x200000b8, 0x10, 0x4, 0x4, 0xffffffffffffffff, 0xa, "2a3ce63f0000f8ffffff00", 0x0, 0xffffffffffffffff, 0x5, 0x7, 0x7, 0x6}, 0xf) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r6 = socket(0x11, 0x3, 0x2) getsockopt$auto(r6, 0x107, 0xf, 0x0, 0x0) socket(0x11, 0x3, 0x2) getpeername$auto(0x3, 0x0, 0x0) write$auto(r0, &(0x7f0000000040)='7\x00\\\x80\x04|\x03\xcb\x12\xfa\b\x1c\xc7k\x00\x0e\v9\xb5j\x00\x04\xc8\x1fa\x1c\x1a\x05 \xfdr/D\xbf\x98\x06\xe5\xf6\x8d\x1fX\xe5\xbc\xbc\"}$', 0x7fffffff) ioctl$auto_SNDCTL_DSP_SPEED(r0, 0xc0045002, &(0x7f0000000180)="f121fdfc4775e1") 1m23.740084884s ago: executing program 0 (id=2333): r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x948f, 0x803, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x7, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) openat$auto_mon_fops_text_t_mon_text(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/usb/usbmon/9t\x00', 0xa00, 0x0) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000004400)='/dev/dsp1\x00', 0x1, 0x0) ioctl$auto_SNDCTL_DSP_GETTRIGGER(r2, 0x80045010, &(0x7f0000004440)) ioctl$auto_VHOST_SET_LOG_FD2(0xffffffffffffffff, 0x4004af07, &(0x7f00000001c0)) mmap$auto(0x0, 0x9, 0xdf, 0x9b75, r1, 0x8000) r3 = open_by_handle_at$auto(r1, &(0x7f00000002c0)={0x1a, 0x136a, "8f42b1077e737d4629d7867bca48102625b1c2c21fa15504a19b"}, 0x7d) setsockopt$auto(r3, 0x1, 0x1021, 0x0, 0xd) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) sendmsg$auto_OVS_CT_LIMIT_CMD_GET(0xffffffffffffffff, &(0x7f0000001ac0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000001a80)={&(0x7f0000000500)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x4040840}, 0x200000c0) mmap$auto(0x100000000, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$auto_netdev(&(0x7f0000000440), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f00000002c0)={'dummy0\x00', 0x0}) sendmsg$auto_NETDEV_CMD_QUEUE_GET(r4, &(0x7f0000001640)={0x0, 0x0, &(0x7f0000001600)={&(0x7f00000015c0)={0x2c, r5, 0x1, 0x70bd26, 0x25dfdbfe, {}, [@NETDEV_A_QUEUE_TYPE={0x8}, @NETDEV_A_QUEUE_IFINDEX={0x8, 0x2, r6}, @NETDEV_A_QUEUE_ID={0x8, 0x1, 0x300}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000}, 0x810) close_range$auto(0x2, 0xa, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mremap$auto(0x1ff000, 0x100008, 0x843, 0x3, 0xfffff000) msgctl$auto(0x7, 0xa3, &(0x7f0000000240)={{0x8, 0xee00, 0xee01, 0x5, 0xa, 0x6, 0xfe01}, 0x0, 0x0, 0x1, 0xa, 0x400000000006, 0x31f4, 0x51c, 0x3, 0xfffd, 0x3, @inferred=0xffffffffffffffff, @raw=0x8}) r7 = getpid() process_vm_readv$auto(r7, &(0x7f0000000000)={0x0, 0x1002}, 0x1, &(0x7f0000000280)={0x0, 0x401}, 0x6, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000340)='/sys/devices/platform/vhci_hcd.0/usbip_debug\x00', 0x8002, 0x0) openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/domain_policy\x00', 0x40802, 0x0) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/mm/transparent_hugepage/hugepages-2048kB/enabled\x00', 0x22b42, 0x0) 1m23.475783564s ago: executing program 1 (id=2335): r0 = socket(0x2, 0x801, 0x106) mmap$auto(0x0, 0x2000d, 0x7, 0xeb1, 0x404, 0x10008000) prctl$auto(0x3e, 0x5, 0x0, 0x1, 0x0) write$auto(0xffffffffffffffff, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) socket(0xa, 0x3, 0x3b) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(r0, 0x5, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/tty12\x00', 0x101840, 0x0) r2 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) ioctl$auto(r1, 0x541c, r2) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) clock_nanosleep$auto(0x8000a, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x4020009, 0xdb, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) select$auto(0x2, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd3e, 0x1, 0x209488, 0x4, 0x95f4da0a, 0x10004, 0x3, 0x62, 0x8, 0x7, 0x94, 0x9, 0x3ffffffffffffe, 0xfffffffffffffffe]}, 0x0) write$auto(r3, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000680), 0xffffffffffffffff) select$auto(0x11, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x1000, 0x62, 0x4000008000001f, 0x7, 0x6d3e, 0x9, 0x2, 0x2]}, 0x0) read$auto_check_wx_fops_(0xffffffffffffffff, &(0x7f0000000140)=""/154, 0x9a) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) madvise$auto(0x0, 0xffffffffffff0004, 0x19) madvise$auto(0x0, 0x200007, 0x8) madvise$auto(0x0, 0xf663, 0x15) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/module/hid_magicmouse/parameters/emulate_3button\x00', 0x393142, 0x0) sendfile$auto(r4, r4, 0x0, 0x1000200) 1m22.626826643s ago: executing program 0 (id=2338): mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x2000c, 0xdf, 0x20eb1, 0x40000000000a5, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) getcwd$auto(0x0, 0xffffffffffffffff) r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/net/ip6_mr_vif\x00', 0x0, 0x0) read$auto_proc_reg_file_ops_compat_inode(r0, &(0x7f00000010c0)=""/4076, 0xfec) renameat$auto(0x6, 0x0, 0x5, 0x0) mremap$auto(0x0, 0x4, 0x4, 0x7, 0x100000000) 1m21.675703272s ago: executing program 3 (id=2341): mmap$auto(0x0, 0x4005, 0x2, 0x40eb2, 0x401, 0x300000000000) close_range$auto(0x0, 0xfffff004, 0x2) socket(0xa, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket(0xa, 0x2, 0x88) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'bond0\x00', 0x0}) bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_5={@target_ifindex=r3, r2, 0x8, 0xff, r0, @relative_fd, 0xe600}, 0xf) bpf$auto(0x2, &(0x7f00000001c0)=@raw_tracepoint={0x5, 0xffffffffffffffff, 0x0, 0x1}, 0x4) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.cpu/hugetlb.1GB.rsvd.limit_in_bytes\x00', 0xc2481, 0x0) write$auto(r4, &(0x7f0000000040)='P\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x8) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) 1m21.627582855s ago: executing program 0 (id=2342): sendmsg$auto_GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000003040)={&(0x7f0000000280)={0x24, 0x0, 0x5, 0x70bd29, 0x25dfdbfd, {}, [@GTPA_LINK={0x8, 0x1, 0x5}, @GTPA_VERSION={0x8, 0x2, 0x1}]}, 0x24}, 0x1, 0x0, 0x0, 0x4c000}, 0x80) 1m21.61525137s ago: executing program 3 (id=2343): mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) (async) ioctl$auto(0x4000000000000c8, 0x800454cf, 0x3) (async, rerun: 32) r0 = socket(0x11, 0x80003, 0x300) (rerun: 32) setsockopt$auto(r0, 0x107, 0x12, 0x0, 0x4) (async) r1 = syz_genetlink_get_family_id$auto_nbd(&(0x7f0000000000), 0xffffffffffffffff) (async) r2 = socket(0x10, 0x2, 0x0) sendmsg$auto_NBD_CMD_DISCONNECT(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000013c0)={&(0x7f00000002c0)={0x28, r1, 0x1, 0x70bd27, 0x25dfdbfe, {}, [@NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x1}, @NBD_ATTR_BACKEND_IDENTIFIER={0x5, 0xa, '\xef'}]}, 0x28}, 0x1, 0x0, 0x0, 0x4c0d4}, 0xc800) socket(0x11, 0x80003, 0x300) (async, rerun: 32) openat$auto_evm_xattr_ops_evm_secfs(0xffffffffffffff9c, 0x0, 0x2, 0x0) (rerun: 32) close_range$auto(0x2, 0x8, 0x0) (async) socket(0x2, 0x80002, 0x73) (async) io_uring_setup$auto(0x406, 0x0) mmap$auto(0x0, 0x9, 0xffb, 0x8000000008011, 0x3, 0x0) (async) getrandom$auto(0x0, 0x6000000, 0x3) (async) kexec_load$auto(0x5, 0x2, &(0x7f0000000040)={@kbuf=0x0, 0x2aa7, 0x6c0000c000, 0xc000}, 0x4) (async) io_uring_enter$auto(0x3, 0xa84, 0x80000001, 0xa, 0x0, 0x46) (async) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) close_range$auto(0x2, 0x8, 0x0) (async) sysfs$auto(0x2, 0x2, 0x9) (async) close_range$auto(0x2, 0x8000, 0x0) (async) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0xe, 0x2, 0x6, 0x5, 0x8, 0xffffffffffffffff, [], {0xd74c, 0x6, 0x2, 0x29f, 0x100, 0x7f, 0x101, 0x6, 0x2}, {0xff, 0x1, 0x10001, 0x7, 0x1, 0x40, 0x76c5, 0x400008, 0x100000005}}) (async) io_uring_enter$auto(0xffffffffffffffff, 0x9, 0x820e, 0x9, 0x0, 0x18) (async) pwritev$auto(0x3, &(0x7f0000001000)={0x0, 0x8}, 0x5, 0x3, 0x9) (async) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video48\x00', 0x18a041, 0x0) (async, rerun: 64) socket(0x11, 0x3, 0x300) (rerun: 64) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) (async) socket(0x2, 0x1, 0x0) bind$auto(0x3, 0x0, 0x5) 1m21.531947148s ago: executing program 0 (id=2344): sendmsg$auto_OVS_PACKET_CMD_EXECUTE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4004040}, 0xc800) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0001, 0x15) r0 = bpf$auto(0x0, &(0x7f0000000780)=@link_update={0xa, @new_map_fd=0x5, 0x4007, @old_prog_fd=0x13b}, 0xa3) sendmsg$auto_GTP_CMD_NEWPDP(0xffffffffffffffff, 0x0, 0x4000804) lstat$auto(0x0, 0x0) unshare$auto(0x40000080) write$auto(0x3, 0x0, 0x7fffffff) r1 = socket(0x11, 0x3, 0x9) write$auto(0xffffffffffffffff, &(0x7f0000000080)='/dev/audio1\x00', 0x100000a3d9) syz_genetlink_get_family_id$auto_tcp_metrics(&(0x7f0000000ac0), 0xffffffffffffffff) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, 0x0, 0x801, 0x0) setns(r0, 0x10020000) unshare$auto(0x40000080) futex$auto(&(0x7f00000019c0), 0x0, 0xfffff8be, 0x0, 0x0, 0x4) capset$auto(0x0, &(0x7f0000000000)={0x1, 0x6, 0x48}) sendmmsg$auto(r1, &(0x7f00000001c0)={{&(0x7f0000000000), 0x5ac, &(0x7f0000000480)={&(0x7f0000000240)="4c0c580000000000090000000000000007a4bac08307", 0x49}, 0x4, &(0x7f0000000340)="135ceb6b32d8742187e9504d3cdc32a8c0d7c589c6d891424c8c408dae72631fd1f46b00fbfb3d0af69556a9eb122e9b7eadff77d756c49bc404d5143c385f176bd03bff7af659d6d172f2c62587aa0136fdda0aab15247c9d4fb287594f383df10be87eeee4bdabc55f95e3d0300e52f7ca7113b01f367b5e375f885d8c71baf6ce0faae6c6d7baa09657eed0d407a5d70d6b1ae9b1baddc2b37eb2d58653f6292e16c1ba1a5e6e59e8e228f41d84b67bd78b47c1eb24acf552602d29250f72a212", 0x5, 0x7}, 0x5}, 0x2, 0x100) mmap$auto(0x0, 0x400009, 0xdf, 0x9b72, 0x8000000000000003, 0x8000) socket(0x2, 0x2, 0x88) setsockopt$auto(0xffffffffffffffff, 0xfffffffd, 0x7f, 0x0, 0x10000008) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2020009, 0x3, 0x9000000eb1, 0xfffffffffffffffa, 0x8000) timer_create$auto(0x2, 0x0, &(0x7f0000000140)=0x6) clock_nanosleep$auto(0x2, 0x200, &(0x7f0000000480)={0x8, 0x7}, 0x0) timer_settime$auto(0x0, 0x6, &(0x7f0000000000)={{0x100000001, 0x3ff}, {0x5a, 0x2}}, 0x0) timer_delete$auto(0x0) syz_genetlink_get_family_id$auto_mac80211_hwsim(0x0, 0xffffffffffffffff) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) settimeofday$auto(&(0x7f0000000180)={0x100000001, 0x1}, 0x0) 1m21.227103462s ago: executing program 2 (id=2346): sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c000000", @ANYBLOB='_\x00\''], 0x1ac}, 0x1, 0x0, 0x0, 0x40}, 0x40000) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000240)='/sys/devices/virtual/net/bond0/queues/tx-13/xps_cpus\x00', 0x2, 0x0) setfsuid$auto(0xee00) (async) r0 = setfsuid$auto(0xee00) r1 = setfsuid$auto(0xee01) setresuid$auto(r0, r1, r0) write$auto(0x3, 0x0, 0xfffffdef) r2 = socket(0x10, 0x2, 0x0) sendmsg$auto_SMC_PNETID_ADD(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="f311a45eaa6a73f22cd3cded9da2be92a93a26c78a4eb18c8520244cf99323f2382a", @ANYRES16, @ANYBLOB="638429bd"], 0x20}, 0x1, 0x0, 0x0, 0x20000001}, 0x1c054) (async) sendmsg$auto_SMC_PNETID_ADD(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="f311a45eaa6a73f22cd3cded9da2be92a93a26c78a4eb18c8520244cf99323f2382a", @ANYRES16, @ANYBLOB="638429bd"], 0x20}, 0x1, 0x0, 0x0, 0x20000001}, 0x1c054) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000026bd7000fedbdf250300000006000600810000000600070000800000060006000e0000000a000500000000000000000800000000aaaaaaaaaaaa00000a000500aaaaaaaaaa4000000800030040000000f8ff0100", @ANYRES32, @ANYBLOB="08000400"], 0x68}, 0x1, 0x0, 0x0, 0x20000084}, 0x44098) (async) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000026bd7000fedbdf250300000006000600810000000600070000800000060006000e0000000a000500000000000000000800000000aaaaaaaaaaaa00000a000500aaaaaaaaaa4000000800030040000000f8ff0100", @ANYRES32, @ANYBLOB="08000400"], 0x68}, 0x1, 0x0, 0x0, 0x20000084}, 0x44098) socket(0x2, 0x3, 0x100) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="13"], 0x1ac}}, 0x4004) (async) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="13"], 0x1ac}}, 0x4004) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x400002, &(0x7f00000002c0)={0x0, 0xc7}, 0x6, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x40000000) (async) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x400002, &(0x7f00000002c0)={0x0, 0xc7}, 0x6, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x40000000) socketcall$auto_SYS_SOCKET(0x1, &(0x7f0000000000)=0x8) sendmmsg$auto(r2, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x8) (async) sendmmsg$auto(r2, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x8) 1m21.17336798s ago: executing program 3 (id=2347): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/platform/vhci_hcd.8/usb26/26-0:1.0/usb26-port7/state\x00', 0x456b42, 0x0) sendfile$auto(r0, r0, 0x0, 0x3) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/platform/vhci_hcd.8/usb26/26-0:1.0/usb26-port7/state\x00', 0x456b42, 0x0) (async) sendfile$auto(r0, r0, 0x0, 0x3) (async) 1m21.066599117s ago: executing program 2 (id=2348): r0 = openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000001c80)='/dev/fb0\x00', 0x20401, 0x0) socket(0x1e, 0x805, 0x2) fsopen$auto(0x0, 0x1) open(0x0, 0x0, 0x10a) fsconfig$auto(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) write$auto(0xca, &(0x7f0000000000)='\x04\x1d\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa4Cn\xb2./jn>9\xd2\xdb\x88\xf4\x1aVj\x13j\xe1\x96\xf7\xc2\xd3qm\xe6q\xf9\xa6u\x8eZ\x00\xf8*C]\xfd)/\xf3\xa1\x92|\x06|\xd0\x82\x93\xa5\x9a5if\xd0\x8e%g,\xc5\xec\xef\x87\x19\x17\xb0\xe1s\xf6U\xc0\x90r\xc5\xc8H\xa3\x9d\xce\x98\xe7\xb1B:\x179\xdc8\xa8) \x15\xce\xd8\x86\xff-\x80\xf5jMj\xda\x8f\x03EO\xe6\xa4Q\x81+v\xc9\xb8\x00\xcf\x94_\xa7\xadV\xc9\x7f;1R\xa0\x7f\xbe\x1e\x83\an/w[i\th\x9c\xb8\xd1\xed\xba\\\v\xe1\v\x81\xcc\xba\x03-N@ \x14\x1e\n\xe9g\x9fF\x05\xc8\x9f\xe5[\xba\xd2V\x9b\xc1\x9f\xf1%\x9c\xba\xf9\xb4\xa8\xd4\x05G\xf6\x82\xf3m\xe6V\xba\xa0\xf9K\x15\xcc_H\xce\xfd\xe2\x88\"\xe0\xd5Ld\x7f\x1c\x90^\x8d%\xb4', 0x9) ioctl$auto(r0, 0x4611, r0) 1m20.994542677s ago: executing program 1 (id=2349): mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) socket(0x15, 0x80000, 0x85) r0 = socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) setsockopt$auto(r0, 0x9, 0x1d, 0x0, 0x9) mmap$auto(0x0, 0x20009, 0x10000000000df, 0xeb2, 0x8000000401, 0x8000) close_range$auto(0x2, 0x8, 0x0) r1 = io_uring_setup$auto(0x6, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/system/node/node0/hugepages/hugepages-1048576kB/demote\x00', 0x1, 0x0) write$auto(r2, &(0x7f0000000000)='9\x00d1L\xff\x15\xba\xa17=(\xc1\xf8\xff\xff\v\xb5^\xa1/[', 0x8) socket(0xa, 0x1, 0x84) r3 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/038/001\x00', 0x40001, 0x0) ioctl$auto_USBDEVFS_CONTROL(r3, 0xc0185500, &(0x7f0000001040)={0xa0, 0x6, 0x2a00, 0x17, 0x5, 0x80000, 0x0}) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) r4 = openat$auto_sw_sync_debugfs_fops_sync_debug(0xffffffffffffff9c, &(0x7f0000000080), 0x440, 0x0) shutdown$auto(r4, 0x20000000) write$auto_proc_loginuid_operations_base(r1, &(0x7f0000000100)="130b6752e59a96d5fe55c6951fb0ad9391c9fb69ffeb8427fbd2cbacc578933dc1490bce764cbd4991a6d6023b5ee5ffe440b99b3b10ea0f8e808b6a0bc653", 0x3f) ioctl$auto(0x3, 0x89a0, 0x38) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) (async) socket(0x15, 0x80000, 0x85) (async) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) (async) setsockopt$auto(r0, 0x9, 0x1d, 0x0, 0x9) (async) mmap$auto(0x0, 0x20009, 0x10000000000df, 0xeb2, 0x8000000401, 0x8000) (async) close_range$auto(0x2, 0x8, 0x0) (async) io_uring_setup$auto(0x6, 0x0) (async) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/system/node/node0/hugepages/hugepages-1048576kB/demote\x00', 0x1, 0x0) (async) write$auto(r2, &(0x7f0000000000)='9\x00d1L\xff\x15\xba\xa17=(\xc1\xf8\xff\xff\v\xb5^\xa1/[', 0x8) (async) socket(0xa, 0x1, 0x84) (async) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/038/001\x00', 0x40001, 0x0) (async) ioctl$auto_USBDEVFS_CONTROL(r3, 0xc0185500, &(0x7f0000001040)={0xa0, 0x6, 0x2a00, 0x17, 0x5, 0x80000, 0x0}) (async) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) (async) openat$auto_sw_sync_debugfs_fops_sync_debug(0xffffffffffffff9c, &(0x7f0000000080), 0x440, 0x0) (async) shutdown$auto(r4, 0x20000000) (async) write$auto_proc_loginuid_operations_base(r1, &(0x7f0000000100)="130b6752e59a96d5fe55c6951fb0ad9391c9fb69ffeb8427fbd2cbacc578933dc1490bce764cbd4991a6d6023b5ee5ffe440b99b3b10ea0f8e808b6a0bc653", 0x3f) (async) ioctl$auto(0x3, 0x89a0, 0x38) (async) 1m20.993621517s ago: executing program 3 (id=2350): openat$auto_trace_options_fops_trace(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/tracing/options/test_nop_refuse\x00', 0x800, 0x0) mknod$auto(&(0x7f0000000180)=':,\x00', 0xcb, 0xfffffffa) execve$auto(&(0x7f0000000000)=':,\x00', 0x0, 0x0) mknod$auto(&(0x7f0000000040)='\xfd\x90\x8f2\x14\x92\x00\xbf\xdf\xcf\x9a\xae}\xd9\xf95\xc5gV\x82\f\xe5h\xfe\x83\xe4\xbe\x8c\x1f\xa5\xf1_T\xde\xf7\xd4\x83D\x9eXS\xd6\x90T\xc1v\xad#\xc4q\x8b\xed2\xadW:0\xef\x9c.=\xba\x0fy\x8f\xcd\xd6\xde\xa9i\xec\xe8\xca\x9f\xf3\x82b\xa2y\xa87J\xfc \xc5\xd8\x80\xba\xaaV\x8f{\x1f\x1b\xb0\n\x97\\\xa7\xe3\xdf\xc29-*;#r\xc8\xd1\x14RcF\x87\xe4\x1c\x1fGL\xa5\x19\x90\xd6\x8d*\xe6\b(\x1a\xea\x95\xdc\xa6)5\xae&yAl\x1e\xe3j Lp\x91\r\xed%\xafZ\xf8w\xf2}\xcdGS\xce\xb9\xdck\x86\x00.6\xe6{\xc1\x00\x1bW5\x81\xda!\xcb.O\xa9\xf3\xa7\x88+\xb9\xf3\x9a7\xa4\xe6)<\xa79\xa4\x87\\\xb4\xbf\v\x03\x87\xac\x87r\x02\x05\xdb\xe4\xde,V\xb6G\xba.WR\xe2<~\xdd\xb2\xe53hj_;\xa5qm\x92\xc7P\xc9.\x82w8\x1f\xfcX\xe4\x14\xc72cC\xd3\x00'/263, 0x1, 0x4) (async) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000200)='/sys/devices/platform/vhci_hcd.10/usb29/29-0:1.0/usb29-port7/power/runtime_suspended_time\x00', 0x8000, 0x0) (async) link$auto(&(0x7f0000000940)='\xfd\x90\x8f2\x14\x92\x00\xbf\xdf\xcf\x9a\xae}\xd9\xf95\xc5gV\x82\f\xe5h\xfe\x83\xe4\xbe\x8c\x1f\xa5\xf1_T\xde\xf7\xd4\x83D\x9eXS\xd6\x90T\xc1v\xad#\xc4q\x8b\xed2DW:0\xef\x9c.=\xba\x0fy\x8f\xcd\xea\xa5\xff \xec\xe8\xca\xbf\xf3\x82b\xa2y\xa87J\xfc \xc5\xd8\x80\xba\xaaV\x8f{\x1f\v\xb0\n\x97\\\xa7\xe3\xdf\xc29-*;#r\xc8\xd1\x14RcF\x87\xe4\x1c\x1fGL\xa5\x19\x90\xd6\x8d*\xe6\b(\x1a\xea\x95\xdc\xa6)5\xae&yAl\x1e\xe3j Lp\x91\r\xed%\xafZ\xf8w\xf2}\xcdGS\xce\xb9\xdck\x86\x00.6\xe6{\xc1\x00\x1bW5\x81\xda!\xcb.O\xa9\xf3\xa7\x88+\xb9\xf3\x9a7\xa4\xe6)<\xa79\xa4N\xbb\xc2\xf8\x9c\xd0+t\x87r\x02\x05\xdb\xe4\xde\xed\x02\x00\x00\xba.WR\xe2<~\xdd\xb2\xe53hj_;\xa5qm\x92\xc7P\xc9.\x82w8\x1f\xfcX\xe4\x14\xc72cC\xd3\x00M\x83\xdb\xaf\xc4\xf23l\xae\xc5\x1d\xc4\xb0\x06\xd06\x1dX\x03\xe3\x9e\xd3\xd96\xcf\xd9\xa3\xcb\xd6B\xc3\x0f#\xd2\x1a\xf9L\xf5\x87My\xce\x19*\xde\x8d+#\x13\x15\xd3Y\x98\xe1\xc3@\x0e\x9c\xc2\xf8\b\xaf\x89\xe5\x00\x89-pWD\xb5&\xc9\x8e\x8d,\xb7}1\x84U\x18y\xa90\xf5\x80\x981U\x17\x14]\xc56j\xe7\x0e\xecBr\xa9]\"\xd36^m\x12\xb6\xbc\x80\xa4h{\xde\xcf\xf7d\x87rl\x11\xf7\x15\xcb~\xb9\x01\x0e\xd7O_\x91\xe1\xead\xee\xed]/p\xd6\xff\x17\xe4\aV\"I\xca\x90\xc7i\'\xa3R\x81\xf1}4\xbeU\x00\xa4\x1d\xea!Z\xd4|\xbe\x987\n!\x9b?\xb9l_\xd8$av\xfe%\xa2\xda\x82\x14\xc311;\xa4ob\x87\xdbY\xe2\x00', &(0x7f0000000b40)='./file0\x00') socket$nl_generic(0x10, 0x3, 0x10) (async) socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 64) socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 64) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x800008000) (async) close_range$auto(0x2, 0x8, 0x0) (async) socket(0x10, 0x2, 0x4) (async) socket(0x10, 0x3, 0x6) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004c18}, 0x810) (async) sendmsg$auto_NETDEV_CMD_QUEUE_GET(0xffffffffffffffff, &(0x7f0000003040)={0x0, 0x0, &(0x7f0000003000)={&(0x7f0000000040)={0x14, 0x0, 0x1, 0x70bd2c, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x40000}, 0x20008810) (async) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB=' '], 0x1ac}}, 0x40000) (async, rerun: 64) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) (async, rerun: 64) socket(0x10, 0x3, 0x6) (async, rerun: 64) socket$nl_generic(0x10, 0x3, 0x10) (rerun: 64) socket(0x10, 0x2, 0xc) (async) socket(0x2, 0x1, 0x0) (async) setsockopt$auto(0x6, 0x8000000000000006, 0x10, 0x0, 0x7ffffc) rename$auto(&(0x7f00000002c0)='\xfd\x90\x8f2\x14\x92\x00\xbf\xdf\xcf\x9a\xae}\xd9\xf95\xc5gV\x82\f\xe5h\xfe\x83\xe4\xbe\x8c\x1f\xa5\xf1_T\xde\xf7\xd4\x83D\x9eXS\xd6\x90T\xc1v\xad#\xc4q\x8b\xed2\xadW:0\xef\x9c.=\xba\x0fy\x8f\xcd\xd6\xde\xa9i\xec\xe8\xca\x9f\xf3\x82b\xa2y\xa87J\xfc \xc5\xd8\x80\xba\xaaV\x8f{\x1f\x1b\xb0\n\x97\\\xa7\xe3\xdf\xc29-*;#r\xc8\xd1\x14RcF\x87\xe4\x1c\x1fGL\xa5\x19\x90\xd6\x8d*\xe6\b(\x1a\xea\x95\xdc\xa6)5\xae&yAl\x1e\xe3j Lp\x91\r\xed%\xafZ\xf8w\xf2}\xcdGS\xce\xb9\xdck\x86\x00.6\xe6{\xc1\x00\x1bW5\x81\xda!\xcb.O\xa9\xf3\xa7\x88+\xb9\xf3\x9a7\xa4\xe6)<\xa79\xa4\x87\\\xb4\xbf\v\x03\x87\xac\x87r\x02\x05\xdb\xe4\xde,V\xb6G\xba.WR\xe2<~\xdd\xb2\xe53hj_;\xa5qm\x92\xc7P\xc9.\x82w8\x1f\xfcX\xe4\x14\xc72cC\xd3\x00', &(0x7f0000000280)='./file0\x00') 1m20.840678593s ago: executing program 3 (id=2351): mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0x2, 0x8000) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000500)='/dev/bus/usb/023/001\x00', 0x201, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0xb02, 0x0) sendfile$auto(r0, r0, 0x0, 0x3) r1 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/controlC1\x00', 0x0, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_INFO(r1, 0xc1105511, &(0x7f0000000080)={{@raw=0x6, 0x5, 0xfffff7bb, 0x2f, "984e784f697ebcc30053822c357eb55df43e9e037b650dfc7a3df9aa20e32749384f515111de5da4403cab68", @raw=0x7}, 0x200000, 0x1, 0x4, @raw=0x3, @integer64={0x9, 0xec, 0x340}, "b210e8ae72f3052d09004297cc39fbd4fe51f972eb62ed41cec2ea5c1e45264907d818e9711e2b57cd159b796ab9e6c81a2f47680e3d2a7f677dccfd260d82fe"}) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) r2 = socket(0xa, 0x2, 0x3a) bind$auto(r2, &(0x7f0000000040)=@generic={0xa}, 0x66) r3 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyu7\x00', 0x200001, 0x0) ioctl$auto_TCSBRKP(r3, 0x5425, &(0x7f0000000340)="d3f0530f462d0172b2993bb007a0fa07c0f442b291729ce4ac0778264e206c0ffa9fe8f202354cb79f4ad1f3684ba18c0e1663b34dfa13b8bab821fa1d04b46c60111c4c4d19c471fa1ab0461e49a15d768418feb77b7df16430494cd033a00d89a0d1ec6443779206c9e59f3c651c5e5f47c31f3f905b32e51fc153f132fe702644e7bb6d82eb272f405d651c5732f1d7f924788a98ec65b128295e15a97548d2f09474b73202a2e92a85215b00fb0f8fc3dd665c242ffac4e01cd2748f4879f2367435af9f50b91b0daa2f7448fab27faa8868c26dd5afc4d6f1a0a09aeaa8a9eeba37aefd1ad3a30c458feb32a06b442796de12e9") sysfs$auto(0x3, 0x7, 0x3) r4 = socket(0x10, 0x2, 0x0) sendmsg$auto_IPVS_CMD_GET_SERVICE(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000016c0)={0x11b4, 0x0, 0x4, 0x70bd26, 0x25dfdbfc, {}, [@IPVS_CMD_ATTR_SERVICE={0xe5, 0x1, 0x0, 0x1, [@generic="8b2bf9d9d3b8aeb445e886dbc09b8f37e4fda48dc564fc3b1eea671ee272c9ec68bd02f2ffaa5b8f4be1c7652c6921c62e31700c1f5ece41169aafd93f581b83c2848928438a468cc8d69686513ad5096e684d5559ae98e9007cc7c0ee275da016ce9e1003a34152ef5f7ee01afb63dc4fb3fb418b6cb96ad005a980077324cd692780baca0994f8216792642ddf11e7bda20469f9126b49ce1c3e74be37f47bafc1550ace94bee65ba0373721b76af6c0059ee43d825f00c7deecffa14550506a3febb7b5030a5474615d4ef14a28838786797398397be888", @typed={0x8, 0x5c, 0x0, 0x0, @fd=r4}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x9}, @IPVS_CMD_ATTR_DEST={0x10b0, 0x2, 0x0, 0x1, [@nested={0x10a9, 0xda, 0x0, 0x1, [@generic="35b6c1b0e9a1e183c53317cf33f9da66ccd47b5d0e496c6b8d6b055f06855ac1b87c86eee4b44ec42c3f599d9d21318bcb9d4dec079d7bcf08ea694b79573e532d393b0414bdaa9cec109964788b878a8da94ea4f28116f8f5b2f016bec61d3b0ac4d147687587dab498d07f7bb31d72f07bc2464f6c7020679dda63", @generic="05e969299377c515fba1ec068cf4bc524696ccfa31f0636e86e9ead7a57c5dbae9d25916617bca2061dd5109486efe289114244d0c6b80caaf44760684e204b8876de8a0be5b0e17915bb9319b3c9b0ea637785ac9c473387c78951f2e5681ea6de1c41585d4670ddf860bee32d836b7c722958b98d3c6ca547a8d2a99f065c895a7a693ce1c31ee96b46349a872953f95a123cdd6b248acb46bfdee74435ae6960a7f9110d0ea3cea56807ee682aa3818fef4060a827c6c620eab5f613a328e5b19470fa68d3e826521934812845d14a26c47162bcf977874cd87d5daf11c6ddff26a7c90d36a2d49505279443e865f2beec2a52ff4647a39e8a9095099451761676eeef529b758e77058e60eee85cc1a11b8173bdc6390f34fe4b2d2b6aa970a1f910e17f15b76f23cebd2db9a666baa88a0af389db9d878b62228aabdb38027a0099eb28639daf5bd097fcb651bd20c6285ef1132bcd652c10d1a82e509664187f88d18fb34fece5cd402d2d44de461c8e4e245904bd84a5b84536f98bc99656e175bc70d347c1ae0db88bb8f8a83dc6ad41337219bf9a455fd49d08fa9e1510fd2bc9aa21cc0d2f0a7da678b1131e84cbb17f4bae6a4e1275a923da597227894408b42621463854c2413378da3ac87ee8a3e062eb7b848d75e2f8b7829def9cb40535f8692e425829e9ac0897f2bc69101b37560cf143836552c50503f4935b0da024cff0eb4c078717e8333a12d535fa892b66b83fb53d54fc86f2f35ec87270380abe8c87cacf9b19aec7ea950bd374ecefa9c64c1d9e607a6fd71a4192aa1ab0e56d7cf158926d30423efc5d623475976b104306eef14bde160ce0921bb758c1967d648b8783fc7990e3f3850fd0d81297d7b69bbe8b9337a7e308e36b7bade455e0fb1adb59c65ccc16ec14eae89bb24c748d7e4c191e75f6bbf4712f0c40a926f46382c545d8798866b9e5019ca6a9c810eda98396710d530e9767e13ac6140eb5bc7c62aed158d6b745d5f450e1fd95e082c68de1376bd039d5638542e82595b381c4d6cac2006a120b7be7f1d991705a7334750227013dd1b6f163545231183609cba6bb9b53baffb8957472ab6e485c86c71c26bd8d2b8b5c2fc479a6e4f1ff5eee91ce71d624ccc44d758ce3d2f5043603d4933cf8b8b09eb894227b4dea165c9ad122b5f4ce583d1cf08ed47da02bb5108fe332f239e6906273d91354e9f695d18df47fbcbd0e59a2432748dc7f5ca673b085cf19a4fb9d642708e1c991bd8f25cf7d48c0e14e59b39be576916e317e72a64d8c40f8a75eee9efb7276dab0122cda1ca10b2c48692537475b41bc52c1c8bee6278097e8fd1dfd711578397b50ca9f50d6ae3a97eced747f78fa7d137331221af418526280ec2cd5c69e7e793854749b99b314c8e2132a32841ba7af631c0a26af6f1954b0209ce52d933ba21680638f7fcd89eee4c5862f15d17cb6a047ee1c64cf2e1461d01eb88b5f847992cf1bde67e105f5b624aebd2d9757dd6ad37c07b16a9db75ab3ea399219cb5e32785bfe8cd8f150b35b21b44db2a3f707a02e46858b09d24cc077fe2f093da116f11816fb1b2573f975986e624ecba2365b0ed2f0f6afb05d1214b36f539afbe471335b9f7de18f909937abe5c17357f9acb42ff7b8980b8ffc6da6a65c0edb22d715137dce8fe4f4b1230482ed972db6f11e15fac7080cea74ec9008f1cf20de595cab5fb8649b6e0cfed593bd4ff0170f5622888e91338b48592253cedb683e4e9ae867c03f3e776bc4b8981312fbe7846d8301906f194a011f7aebbb100b222861e29027c5c349b1bd338ee5b4294baa16e49cd2dc2146d5f05c431487293312f6cf653b7673ea562100b61140074020b0533a382adb694b6786d2b34ae9a241ae3e181b8c992342a5b3cb02744e92a78a730fbaaab85216af83e555f8adb2ae5bb99a307ac267b133236c7755b4682327c59426a681a3cdef4f53643e1a90d82980b925c3740dd29f08965457c10fb9147044583e704834cbb2e4e3c69d1e74442e5609040be9dfd7dff2cadf6a24b600c518807b32144687c3fba2ba5805b7b51057788a46697ce43d0f34f59dd2b7d561bf2dac257c884e75a48edf1bc4f4b401ff9505d0af256adf15d68c9ee379cceae7173dcfb3c1f059eae48c172960678e2d0667473f62d32518c1911e9e2dd8d83e81587acca80dd1d3e10e89633800c2e13732d2bbb86104e3eafafd82c77ab90ecb456956b037fa6a553dead7c79e0750172bf7af249a785bb4cc4a065f010cee838deb927a52ae05ac784d9d21703cc9b027d35706a48acef6370a4089a99f7dd845b555621ca8e590cab078b854dc927679be72e0e0f88383f19fb69a2c5ca6427b1cd6bb41a8fe0cdfdaeb46dd2e27e80c212261b29a495bb7914955a8e1cb69e909758dc6ef70110154f53e884d85908eaa3b51e79ec503c9b5733b2bbe95ffd6ec85352f1a881e17e68482682273d3d11b79078422f6e7ea6e99a684549b3730eb92128d648bca0684577b755ce744cdd42bc2ad13210ff7f9e5a9456c3f401aea24c6908a2636e78bd5a63ab34d1b21517c8bc8ec3b208c6e41c7c37ecfd00cc6900ba878144a0d837c13faf60157ed992822286638f53da5ab06f6156324cfb41ab21071fcb937ddea75684b0e0e0e69a6b28584d6778f087562f4b9ee86f3b6c90b2ff034e5eac3dd2cbae0657e3488d9ec9b4fbbec603ffbff3c4f32c3773fdfc2e8212933d73bd7d17585a80dc95dc021a4e3eaac4ae7e667e00070dd9bc73396a05541c3deb75bf3fe0b087aedde6f6e3b799ddbda9b956ff0f00ec8b3fb1191065fb1ecd95dec19bcdf7c853f2a40b34fbfe2a19ec10c47f6760512ec777fd0c883ec0b582ec6c826cc9956fa2abb79e2703f5b342b3a58409ded5286e22aa38698c5eb67fda19ac9acd4c99674570903afcf1bc4ba33ab07e9e0f9409de9bb017d7b0a4c515305c9c303c5b0abfc0aeace5ea0d8f0fd490ee21d4f27a15b287c135ac50c57061285131bda6bff26ede739439dc7d5fbb34da6dc6688cb11b4946965e500e2408625d5e12169bf6f2a1013db2fd36d9b47e5b9bbaad78b4911d6f594e9c737f789f69c565ebb26546a3b43e5e58ded9ad8ee641935f96bd822cfaa8052e9d80966a4a9c098a0f2dde8217f5b78ce2f30f5937bd34e3043307c07111a589c5353fa4c9366888736dc028989d3a37c8ff808765311f79215e5826c4dccc28c7a07e9761e5e01440ed9326b01ef93aca1746fa9f22672606fb88259628140b03969c2a5d63e7bfcc23402325b9c8f90db38dd595f9cbba61ba986239bbdd6f2593cabdd7bcdc214b9957dedf8555578d5f7d76a64fa34b142ce797f66885525307c7295e636db234373f83bad1342bef2005b7ec46336b490b5c7780d702b29ad7c36769ac1fdc7f546da90cf89f24342ba13f4f5b5fde7f9bb17a2345de8b35f71864df71199440fbd61881ffad29f724eed9f69b11612c5d874ec380d2db36852f323fc6217af901e5da7a6221f6b6f4afe109330b45f6a0dfde85655364cab4bebe5f8ea17c71a2fcbcbc2fd8a98884280397f56edb866f9c433b2cdaaef44616d9e2e60eb4562478a6646ea07aa62e1e7e9e6fbf9d877a58987bcc5ce4b08a5626aa27d1440cfcde40bf73e5bec45996ab2b49ee2671e533a51f43865ed8ce4e5acc5d4dbe5f6def946163d5ca80ea13321d28eaa39849a5df1c9f3bd843fae2ea3f3cbf45f7cccb0f9aec1cc805f98bd107348bdcd4df6fa8101888b40509cc9f8538df9bb1ba9c967371944e56d5874205794028ba1b058580bc9d643a65883d6f8bb66a9d3f495d5f0d536e9a09880785b36394aaf282984d2d507299594c400bb342d1549b3bfbe3fc5d4f3bf1ba0a9f052fad2b154b2b70d8b2301abe560d401b49a73be841e01c3862893d7f331a591a3c1a3102c06c160bcc4b28012491c9fce12040cd1350819a84b987a2d4fc1a7545a471d851734f6a9d3efb3c98691aa8f9cfca66fd6f8d32593ed8bfe38de4df0bd67814bd4f5265fcaaf304fd5fe293d26293310ecc435a7b4f5d5856b48cebd76f1cb893b4702d8c9d6afe817417fe3d2b912b6f55fe16da06ef8af4820ca663c5407ff26138aef71f5ea224e934eff457ff15039562d912956792de629950f34056491dd55151e1bae121935ffee29a8bc111fae40bd5142bc4b8db2e8d12d7cb9685d640c6e45fa6756233e66bf36598cbea763c6981593f929f1139873e1f8cdcb012bbd3e5aff727ff5924b6bfe1af0299be572410fce75bbbfda569a0f9c842ed636526fbc3988156e3128b73af7c15071a426bc334c46f17da1b2ddb5e0e7ec81bd6d15375ba3eb7d513c33bef3fa657b2cbd571605332aa1ea19c26edef6faa4583d4e19624f3977e431c865b7c7875d1797f2a0e852f1c079455516e58d2307449f91e0870957432389a9a9f2d93945ff82210a832cb897d20e3d79cc5a6e9c4ea225bfa8a9045b19fa9deeb6fc21ebfb1d51d6cbc79f44e4f332315653d33bb22d8e937ea64b6edaac0e60e53ae46de7e39271b61a4f453b188e98532d466f1178446ad5825a7a21b6b4c58ce976194712ce3ac659f01333b1af7cf39773b928755f1355e485f3f967266dad1477947852d673305cdae415f9df6e79cca071e3f14c274364de4f96c311f0a97088c4ac27279695ea1095d69c6ee07596f97a0676fbb35cd1dbc57e6cf70acb2a9bac3fed32ea3b1acf9c17519f3e81a54f18223a388a17b1189b85ebce5cd29d8b18b61bc376ad4a326b1d75d58a08d7e39e1e7844c75368654aed1913672af26e581f6e37dd78f126a714caddf3f1105e408af62c04fa36f64f397c8dda6662ba358521d7c99d34a73d3967eb4b46484806e1216d1c860c0765430e30585a9974b00fe7c54389543ba6a799697552b0b41fa4eacc5c4866026696bafc514165e44bcf02d5e4c9de21a29afc2ce12994e89c3cc2023030b07c4ea682a0e4fce4f7ad0f56067879df126c1d8e765a7301b644e99d70e211526600e40413782a8aec4eb291528ee38ee2813867f09eba11ddfcc11a6d120dec1d5efc95d2b87d243e6d409e9c8fbc86d2ef6df25effc8963bb7696e48225cab0051d7834fba2eab31349a733a070fd360f2e21ffb6ae10163b16b15d7fcfec2a86393d4a0dd4b595997b4daab910e54d616fdcadf044f07741bc524a59371547e77e35879d1fe668b8afde20c213814e8d0690bdb6cd161071262c33b4a08c6ac8b7ef1cda312dd955f9ee3c2557f87dc80ba982515e58d90b94f91c84c4ce0975f2041336c5e9c06a391d5f54f88f0fde464d434b8abaff232fdf4b28e9dde394bad38dad3ed4b80e3b98ea8de07c0056131d8c3f748c020a9da9de9852eb53dfd181bef6b95576f9e387c0f270c60a7a119729c66a570f9fdb6f70c38113df91447ed3d8d88202b151f9f45336c0dff5100ac02c65fe0dd66d2afb1e274328acc56845ffc04302aa41a3fe1887f279f265ba6f1b976cf2d2535d6aa7d6bde2307c6041094eb79c61fe882ac6de71f588efff2c5266444d3500eb09e0872ea2a5473f4c59a3eeaa3a408f80ed0ae40f095c97286fb774d7ebdb5366c23d250a06ecc3768bdfa5c79bd3e2649e8843b31ca01547bd67b066bb3c7e3ab25bdd4d2c999de0f400843d5a027876f314d7387bc1a0e45347cbcdc8199bddaef867f403750f2beab2b65e58764d5be5fb3451b62a39", @typed={0x8, 0x146, 0x0, 0x0, @pid=0xffffffffffffffff}, @generic="3eddc99bcc9008cebd60632e0840064de571260cc6", @typed={0x14, 0xbd, 0x0, 0x0, @ipv6=@private0}]}]}]}, 0x11b4}, 0x1, 0x0, 0x0, 0x4004080}, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200", @ANYBLOB="5de1"], 0x1ac}}, 0x40000) recvmmsg$auto(r4, &(0x7f0000000140)={{0x0, 0x4, &(0x7f0000000080)={0x0, 0x844}, 0x5, 0x0, 0x2, 0x8}, 0x800}, 0x10a, 0x8, 0x0) 1m20.8395768s ago: executing program 2 (id=2352): mmap$auto(0x3, 0x4020009, 0xdd, 0xeb1, 0x401, 0x8000) kexec_load$auto(0x0, 0x4, 0x0, 0x1) 1m20.691961557s ago: executing program 2 (id=2353): setgid$auto(0x7ff) (async) keyctl$auto(0x12, 0x102000000010001, 0x7f, 0x200, 0x3) (async) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) ioctl$auto(r0, 0x1, r0) ioctl$auto_SNDRV_RAWMIDI_IOCTL_INFO(0xffffffffffffffff, 0x810c5701, &(0x7f00000024c0)={0x1, 0xf, 0x1, 0x3, 0x2c01, "34ca74e98a8b28b0ea83636a87d9be641c7553f01f8630dcee799d12f7e3c85be0ae665c02bfdf8514615339e0b84db0b1ce9f6b6360aa0d759cdfa79caaf3fb", "9cf0e44dd5455d5aa7b320139f421f47ca9c3afd3cbcc8947ce5731c0b85e88a41ea99be0e037380d62da4783537c0b6a0ac79b66128e30f1d865970629cf0213a7a331b0b7b8d9a6a8c22f7e0315d33", "ee4ac7644478dd16c2ce5f27f778c651ce8a49982701b992ee9784aeac8981d4", 0x9, 0x20002, 0x3, "1924bb38d188b3ac2343881b244065bb03578ea94da9be48931053172768fc68b40c3f8acab3f56d6e8337b5fd2521416b1bd9349977dbc021df3958"}) (async) mknod$auto(&(0x7f00000003c0)='./file0\x00', 0x9, 0x9) (async) mmap$auto(0x0, 0x2, 0xffffffffffffffff, 0x40eb1, 0x602, 0x300000000000) io_uring_setup$auto(0x1, 0x0) (async) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_BATADV_CMD_GET_NEIGHBORS(0xffffffffffffffff, 0x0, 0x0) mount$auto(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x1, 0x0) (async) unshare$auto(0x40000080) (async) r1 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, 0x0, 0x40040, 0x0) (async) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) (async) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) (async, rerun: 32) openat$auto_kmsg_fops_printk(0xffffffffffffff9c, &(0x7f0000000000), 0x40001, 0x0) (rerun: 32) write$auto(r1, 0x0, 0xfff) (async) write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) (async) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) writev$auto(0x3, 0x0, 0x8009) (async) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000140), r3) (async) mmap$auto(0x1000000003, 0x402000a, 0x2000006, 0xeb1, 0x401, 0xfff) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) (async, rerun: 64) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8400) (rerun: 64) openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) (async) select$auto(0x81, 0x0, 0x0, 0x0, 0x0) (async) r4 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/kallsyms\x00', 0x0, 0x0) pread64$auto(r4, 0x0, 0x8, 0x8000) 1m20.691200211s ago: executing program 1 (id=2354): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) sysfs$auto(0x2, 0xb, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r0 = fsopen$auto(0x0, 0x1) fsconfig$auto(r0, 0x8, 0x0, 0x0, 0x0) close_range$auto(r0, 0xfffffffffffff000, 0x2) futex_waitv$auto(&(0x7f0000000180)={0x3fb, 0x6, 0x2, 0xfff}, 0x3, 0xbffffffc, 0x0, 0x81) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) bpf$auto(0x5, &(0x7f0000000100)=@task_fd_query={0x2, 0x2, 0x4, 0x0, 0x85, 0x7, 0x9, 0x6, 0x8001}, 0x101) r1 = fsopen$auto(0x0, 0x1) fsconfig$auto(r1, 0x8, 0x0, 0x0, 0x0) 1m20.490636128s ago: executing program 2 (id=2356): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) openat$auto_cpuid_fops_cpuid(0xffffffffffffff9c, &(0x7f0000000500)='/dev/cpu/0/cpuid\x00', 0xad00, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) socket(0x2, 0x1, 0x106) accept$auto(0x3, 0xffffffffffffffff, 0xffffffffffffffff) mmap$auto(0x0, 0x40000f, 0xdf, 0x9b72, 0x8000000000000003, 0x8000) sendmsg$auto_NL80211_CMD_START_P2P_DEVICE(r1, &(0x7f0000000340)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={0x0, 0x28}, 0x1, 0x0, 0x0, 0x20000000}, 0x4010) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x82, 0x0) socket(0x2, 0x3, 0x8) r2 = epoll_create$auto(0x7) r3 = socket$nl_generic(0x10, 0x3, 0x10) epoll_ctl$auto(0x5, 0x1, r3, 0x0) bpf$auto(0x0, &(0x7f00000001c0)=@token_create, 0x6f6) capset$auto(0x0, 0x0) epoll_ctl$auto(0x5, 0x3, r3, 0x0) epoll_wait$auto(r2, 0x0, 0xe007, 0x1) r4 = openat$auto_vcs_fops_vc_screen(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcs\x00', 0x2a801, 0x0) pwrite64$auto(r4, &(0x7f0000000040)='/dev/vcsa\x00', 0x7b05, 0x4) msync$auto(0x0, 0x2000000005, 0x6) 1m20.104901857s ago: executing program 1 (id=2357): r0 = socket(0x11, 0x2, 0x200300) setsockopt$auto(r0, 0x107, 0x18, 0x0, 0x1) sendmsg$auto_HSR_C_GET_NODE_STATUS(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYRESHEX=r0, @ANYRES16=0x0, @ANYBLOB="000226bd7000fedbdf25030000000800030004020000060007000080000008000200", @ANYRES32=0x0, @ANYBLOB="336705d2c974e7b833314086c7642051d34c80550a", @ANYRES32=r0, @ANYBLOB="04001a"], 0x68}, 0x1, 0x0, 0x0, 0x4044080}, 0x40090) (async) socket(0x10, 0x2, 0x0) mmap$auto(0x0, 0x2, 0xdf, 0xeb1, 0x401, 0x8000) (async) r1 = openat$auto_tomoyo_self_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) read$auto(r1, 0x0, 0x9) (async) write$auto(r1, 0x0, 0x81) (async) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) (async) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="13"], 0x1ac}}, 0x4004) (async) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 1m17.311229171s ago: executing program 2 (id=2358): setxattr$auto(0x0, 0x0, 0x0, 0x800000, 0x0) madvise$auto(0x2, 0x8008000009000, 0xe) (async) madvise$auto(0x2, 0x8008000009000, 0xe) r0 = openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, 0x0, 0x109c01, 0x0) ioctl$auto(r0, 0x92106411, 0xffffffffffffffff) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) (async) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) socket(0xa, 0x5, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_ima_ascii_measurements_ops_ima_fs(0xffffffffffffff9c, &(0x7f00000001c0), 0x301282, 0x0) socket(0x10, 0x2, 0x0) (async) socket(0x10, 0x2, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/fs/cifs/SecurityFlags\x00', 0x48041, 0x0) (async) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/fs/cifs/SecurityFlags\x00', 0x48041, 0x0) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/key-users\x00', 0x18b800, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/loop7\x00', 0x10f602, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/block/loop2/queue/discard_max_hw_bytes\x00', 0x42200, 0x0) socketpair$auto(0x3, 0x4, 0x8000000000000000, 0x0) (async) r1 = socketpair$auto(0x3, 0x4, 0x8000000000000000, 0x0) ioctl$auto_FS_IOC_REMOVE_ENCRYPTION_KEY(r1, 0xc0406618, &(0x7f0000000240)={{0x3498, 0x0, @descriptor="11d03035804fe5f8"}, 0xf3}) close_range$auto(0x2, 0xffffffffffffffff, 0x0) (async) close_range$auto(0x2, 0xffffffffffffffff, 0x0) open(0x0, 0x22240, 0x55) (async) open(0x0, 0x22240, 0x55) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$auto(0x3, 0x40106f52, r2) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) (async) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r3, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/nbd9\x00', 0x0, 0x0) (async) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/nbd9\x00', 0x0, 0x0) syz_genetlink_get_family_id$auto_nbd(&(0x7f0000000000), 0xffffffffffffffff) r4 = openat$auto_stat_fops_(0xffffffffffffff9c, &(0x7f0000000180), 0x800, 0x0) lseek$auto(r4, 0x8a05, 0x1) 1m16.463937607s ago: executing program 1 (id=2359): socket(0x2, 0x2, 0x2fc) openat$auto_suspend_stats_fops_(0xffffffffffffff9c, &(0x7f0000000080), 0x20800, 0x0) unshare$auto(0x40000080) openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/tracing/set_event\x00', 0x141901, 0x0) open(&(0x7f0000000040)='./file0\x00', 0x44, 0x1ba) read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, 0x0, 0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dsp1\x00', 0x20b42, 0x0) mmap$auto(0x0, 0x9, 0x24de, 0x16, 0x401, 0xd5be) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/v4l-subdev6\x00', 0x2381, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r0 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) ioctl$auto_IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, 0x0) write$auto(0xffffffffffffffff, &(0x7f00000001c0)='/dev/\x98&d\xf4\x03zt\xb2\x1cH\xb3i\x86\xd6\xca]\x03\xb3\xad\x7f\xec\xdf\xd6\xef(\x1a\xae\x02\xc4\xf0L\xbf\xafAdT_H\x066H\xd6 \xec', 0x100000a3d9) mmap$auto(0x0, 0x3, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0x1d, 0x3, 0x1) bind$auto(0x3, &(0x7f0000000040)=@can={0x1d, 0x0, 0xfd}, 0x6a) close_range$auto(0x2, 0x8, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_nlctrl(&(0x7f0000003fc0), 0xffffffffffffffff) sendmsg$auto_CTRL_CMD_GETFAMILY2(r1, &(0x7f00000040c0)={0x0, 0x0, &(0x7f0000004080)={&(0x7f0000004000)=ANY=[@ANYBLOB="14000000", @ANYRES16=r2, @ANYBLOB="0100030000000000003000000000"], 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x4000050) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80802, 0x0) r3 = socket(0x2b, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x11}}, 0x6a) sendmmsg$auto(r3, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x3, 0x20000000) sendfile$auto(0x1, 0x3, 0x0, 0x7ff) sendto$auto(0x3, 0x0, 0x2000f, 0x101, 0x0, 0x1c) shmctl$auto(0x0, 0xd, 0x0) socket(0x2a, 0x2, 0x0) 1m6.40227027s ago: executing program 32 (id=2344): sendmsg$auto_OVS_PACKET_CMD_EXECUTE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4004040}, 0xc800) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0001, 0x15) r0 = bpf$auto(0x0, &(0x7f0000000780)=@link_update={0xa, @new_map_fd=0x5, 0x4007, @old_prog_fd=0x13b}, 0xa3) sendmsg$auto_GTP_CMD_NEWPDP(0xffffffffffffffff, 0x0, 0x4000804) lstat$auto(0x0, 0x0) unshare$auto(0x40000080) write$auto(0x3, 0x0, 0x7fffffff) r1 = socket(0x11, 0x3, 0x9) write$auto(0xffffffffffffffff, &(0x7f0000000080)='/dev/audio1\x00', 0x100000a3d9) syz_genetlink_get_family_id$auto_tcp_metrics(&(0x7f0000000ac0), 0xffffffffffffffff) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, 0x0, 0x801, 0x0) setns(r0, 0x10020000) unshare$auto(0x40000080) futex$auto(&(0x7f00000019c0), 0x0, 0xfffff8be, 0x0, 0x0, 0x4) capset$auto(0x0, &(0x7f0000000000)={0x1, 0x6, 0x48}) sendmmsg$auto(r1, &(0x7f00000001c0)={{&(0x7f0000000000), 0x5ac, &(0x7f0000000480)={&(0x7f0000000240)="4c0c580000000000090000000000000007a4bac08307", 0x49}, 0x4, &(0x7f0000000340)="135ceb6b32d8742187e9504d3cdc32a8c0d7c589c6d891424c8c408dae72631fd1f46b00fbfb3d0af69556a9eb122e9b7eadff77d756c49bc404d5143c385f176bd03bff7af659d6d172f2c62587aa0136fdda0aab15247c9d4fb287594f383df10be87eeee4bdabc55f95e3d0300e52f7ca7113b01f367b5e375f885d8c71baf6ce0faae6c6d7baa09657eed0d407a5d70d6b1ae9b1baddc2b37eb2d58653f6292e16c1ba1a5e6e59e8e228f41d84b67bd78b47c1eb24acf552602d29250f72a212", 0x5, 0x7}, 0x5}, 0x2, 0x100) mmap$auto(0x0, 0x400009, 0xdf, 0x9b72, 0x8000000000000003, 0x8000) socket(0x2, 0x2, 0x88) setsockopt$auto(0xffffffffffffffff, 0xfffffffd, 0x7f, 0x0, 0x10000008) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2020009, 0x3, 0x9000000eb1, 0xfffffffffffffffa, 0x8000) timer_create$auto(0x2, 0x0, &(0x7f0000000140)=0x6) clock_nanosleep$auto(0x2, 0x200, &(0x7f0000000480)={0x8, 0x7}, 0x0) timer_settime$auto(0x0, 0x6, &(0x7f0000000000)={{0x100000001, 0x3ff}, {0x5a, 0x2}}, 0x0) timer_delete$auto(0x0) syz_genetlink_get_family_id$auto_mac80211_hwsim(0x0, 0xffffffffffffffff) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) settimeofday$auto(&(0x7f0000000180)={0x100000001, 0x1}, 0x0) 1m0.156331273s ago: executing program 33 (id=2359): socket(0x2, 0x2, 0x2fc) openat$auto_suspend_stats_fops_(0xffffffffffffff9c, &(0x7f0000000080), 0x20800, 0x0) unshare$auto(0x40000080) openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/tracing/set_event\x00', 0x141901, 0x0) open(&(0x7f0000000040)='./file0\x00', 0x44, 0x1ba) read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, 0x0, 0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dsp1\x00', 0x20b42, 0x0) mmap$auto(0x0, 0x9, 0x24de, 0x16, 0x401, 0xd5be) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/v4l-subdev6\x00', 0x2381, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r0 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) ioctl$auto_IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, 0x0) write$auto(0xffffffffffffffff, &(0x7f00000001c0)='/dev/\x98&d\xf4\x03zt\xb2\x1cH\xb3i\x86\xd6\xca]\x03\xb3\xad\x7f\xec\xdf\xd6\xef(\x1a\xae\x02\xc4\xf0L\xbf\xafAdT_H\x066H\xd6 \xec', 0x100000a3d9) mmap$auto(0x0, 0x3, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0x1d, 0x3, 0x1) bind$auto(0x3, &(0x7f0000000040)=@can={0x1d, 0x0, 0xfd}, 0x6a) close_range$auto(0x2, 0x8, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_nlctrl(&(0x7f0000003fc0), 0xffffffffffffffff) sendmsg$auto_CTRL_CMD_GETFAMILY2(r1, &(0x7f00000040c0)={0x0, 0x0, &(0x7f0000004080)={&(0x7f0000004000)=ANY=[@ANYBLOB="14000000", @ANYRES16=r2, @ANYBLOB="0100030000000000003000000000"], 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x4000050) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80802, 0x0) r3 = socket(0x2b, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x11}}, 0x6a) sendmmsg$auto(r3, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x3, 0x20000000) sendfile$auto(0x1, 0x3, 0x0, 0x7ff) sendto$auto(0x3, 0x0, 0x2000f, 0x101, 0x0, 0x1c) shmctl$auto(0x0, 0xd, 0x0) socket(0x2a, 0x2, 0x0) 1m0.093528783s ago: executing program 34 (id=2358): setxattr$auto(0x0, 0x0, 0x0, 0x800000, 0x0) madvise$auto(0x2, 0x8008000009000, 0xe) (async) madvise$auto(0x2, 0x8008000009000, 0xe) r0 = openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, 0x0, 0x109c01, 0x0) ioctl$auto(r0, 0x92106411, 0xffffffffffffffff) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) (async) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) socket(0xa, 0x5, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_ima_ascii_measurements_ops_ima_fs(0xffffffffffffff9c, &(0x7f00000001c0), 0x301282, 0x0) socket(0x10, 0x2, 0x0) (async) socket(0x10, 0x2, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/fs/cifs/SecurityFlags\x00', 0x48041, 0x0) (async) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/fs/cifs/SecurityFlags\x00', 0x48041, 0x0) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/key-users\x00', 0x18b800, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/loop7\x00', 0x10f602, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/block/loop2/queue/discard_max_hw_bytes\x00', 0x42200, 0x0) socketpair$auto(0x3, 0x4, 0x8000000000000000, 0x0) (async) r1 = socketpair$auto(0x3, 0x4, 0x8000000000000000, 0x0) ioctl$auto_FS_IOC_REMOVE_ENCRYPTION_KEY(r1, 0xc0406618, &(0x7f0000000240)={{0x3498, 0x0, @descriptor="11d03035804fe5f8"}, 0xf3}) close_range$auto(0x2, 0xffffffffffffffff, 0x0) (async) close_range$auto(0x2, 0xffffffffffffffff, 0x0) open(0x0, 0x22240, 0x55) (async) open(0x0, 0x22240, 0x55) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$auto(0x3, 0x40106f52, r2) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) (async) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r3, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/nbd9\x00', 0x0, 0x0) (async) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/nbd9\x00', 0x0, 0x0) syz_genetlink_get_family_id$auto_nbd(&(0x7f0000000000), 0xffffffffffffffff) r4 = openat$auto_stat_fops_(0xffffffffffffff9c, &(0x7f0000000180), 0x800, 0x0) lseek$auto(r4, 0x8a05, 0x1) 0s ago: executing program 3 (id=2355): mmap$auto(0x0, 0x4020009, 0xdf, 0x400000000e31, 0xffffffffffffffff, 0x0) (async) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) futex$auto(&(0x7f0000000080)=0x1, 0xb, 0x1, 0x0, 0x0, 0xfffffffa) (async) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) (async) close_range$auto(0x2, 0x8, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8000, 0x0) (async) sysfs$auto(0x2, 0x10000000000002c, 0x0) (async) fsopen$auto(0x0, 0x1) (async) fsconfig$auto(r0, 0x1, &(0x7f00000001c0)='+\x00', &(0x7f0000000280), 0x0) unshare$auto(0x40000080) set_mempolicy$auto(0x8006, &(0x7f0000000040)=0x4800000075, 0x4) (async) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) (async) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) (async) write$auto(0x3, 0x0, 0xfffffdef) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) close_range$auto(0x2, 0x8, 0x0) ioctl$auto(0x3, 0x89e0, 0x91) (async) io_uring_setup$auto(0x6, 0x0) (async) madvise$auto(0x0, 0x200204, 0x15) (async) io_uring_setup$auto(0x1, 0x0) futex$auto(0x0, 0x6, 0x8, 0x0, 0x0, 0x80000001) (async) uname$auto(0x0) (async) openat$auto_buffer_subbuf_size_fops_trace(0xffffffffffffff9c, 0x0, 0x40000, 0x0) kernel console output (not intermixed with test programs): ivate_hash_put+0x18a/0x300 [ 393.827344][T12303] futex_wait+0xe8/0x380 [ 393.827368][T12303] ? __pfx_futex_wait+0x10/0x10 [ 393.827427][T12303] do_futex+0x229/0x350 [ 393.827460][T12303] ? __pfx_do_futex+0x10/0x10 [ 393.827490][T12303] ? __pfx___do_sys_mremap+0x10/0x10 [ 393.827514][T12303] ? _copy_from_user+0x59/0xd0 [ 393.827553][T12303] __x64_sys_futex+0x1e0/0x4c0 [ 393.827592][T12303] ? __pfx___x64_sys_futex+0x10/0x10 [ 393.827642][T12303] do_syscall_64+0xcd/0xfa0 [ 393.827673][T12303] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 393.827699][T12303] RIP: 0033:0x7fdedbd8eec9 [ 393.827720][T12303] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 393.827744][T12303] RSP: 002b:00007fdedcc100e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 393.827770][T12303] RAX: ffffffffffffffda RBX: 00007fdedbfe5fa8 RCX: 00007fdedbd8eec9 [ 393.827788][T12303] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fdedbfe5fa8 [ 393.827804][T12303] RBP: 00007fdedbfe5fa0 R08: 0000000000000000 R09: 0000000000000000 [ 393.827820][T12303] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 393.827834][T12303] R13: 00007fdedbfe6038 R14: 00007fff88b042e0 R15: 00007fff88b043c8 [ 393.827872][T12303] [ 395.117678][T12334] netlink: 268 bytes leftover after parsing attributes in process `syz.3.1398'. [ 396.657527][T12383] netlink: 21 bytes leftover after parsing attributes in process `syz.1.1414'. [ 397.460919][T12411] FAULT_INJECTION: forcing a failure. [ 397.460919][T12411] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 397.493357][T12411] CPU: 1 UID: 0 PID: 12411 Comm: syz.3.1422 Not tainted syzkaller #0 PREEMPT(full) [ 397.493378][T12411] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 397.493387][T12411] Call Trace: [ 397.493393][T12411] [ 397.493399][T12411] dump_stack_lvl+0x16c/0x1f0 [ 397.493420][T12411] should_fail_ex+0x512/0x640 [ 397.493440][T12411] _copy_from_user+0x2e/0xd0 [ 397.493460][T12411] msr_io+0x93/0x4e0 [ 397.493483][T12411] ? __pfx_do_set_msr+0x10/0x10 [ 397.493505][T12411] ? __pfx_msr_io+0x10/0x10 [ 397.493525][T12411] ? arch_stack_walk+0xa6/0x100 [ 397.493543][T12411] kvm_arch_vcpu_ioctl+0x1469/0x5570 [ 397.493565][T12411] ? kvm_arch_vcpu_ioctl+0x1444/0x5570 [ 397.493587][T12411] ? stack_trace_save+0x8e/0xc0 [ 397.493605][T12411] ? __pfx_kvm_arch_vcpu_ioctl+0x10/0x10 [ 397.493624][T12411] ? stack_depot_save_flags+0x29/0x9c0 [ 397.493642][T12411] ? __lock_acquire+0xb97/0x1ce0 [ 397.493664][T12411] ? kasan_save_stack+0x42/0x60 [ 397.493679][T12411] ? kasan_save_stack+0x33/0x60 [ 397.493693][T12411] ? kasan_save_track+0x14/0x30 [ 397.493708][T12411] ? __kasan_save_free_info+0x3b/0x60 [ 397.493728][T12411] ? __kasan_slab_free+0x5f/0x80 [ 397.493743][T12411] ? kfree+0x2b8/0x6d0 [ 397.493762][T12411] ? tomoyo_path_number_perm+0x470/0x580 [ 397.493783][T12411] ? security_file_ioctl+0x9b/0x240 [ 397.493806][T12411] ? __lock_acquire+0xb97/0x1ce0 [ 397.493837][T12411] ? __mutex_trylock_common+0xe9/0x250 [ 397.493858][T12411] ? __pfx___mutex_trylock_common+0x10/0x10 [ 397.493879][T12411] ? __pfx___might_resched+0x10/0x10 [ 397.493896][T12411] ? rcu_is_watching+0x12/0xc0 [ 397.493911][T12411] ? trace_contention_end+0xdd/0x130 [ 397.493931][T12411] ? __mutex_lock+0x1c5/0x1060 [ 397.493950][T12411] ? kasan_quarantine_put+0x10a/0x240 [ 397.493967][T12411] ? __pfx___mutex_lock+0x10/0x10 [ 397.493990][T12411] ? tomoyo_path_number_perm+0x18d/0x580 [ 397.494014][T12411] ? kvm_vcpu_ioctl+0x1235/0x1690 [ 397.494028][T12411] kvm_vcpu_ioctl+0x1235/0x1690 [ 397.494045][T12411] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 397.494060][T12411] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 397.494085][T12411] ? do_vfs_ioctl+0x128/0x14f0 [ 397.494106][T12411] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 397.494131][T12411] ? find_held_lock+0x2b/0x80 [ 397.494145][T12411] ? hook_file_ioctl_common+0x145/0x410 [ 397.494171][T12411] ? __fget_files+0x20e/0x3c0 [ 397.494188][T12411] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 397.494204][T12411] __x64_sys_ioctl+0x18e/0x210 [ 397.494225][T12411] do_syscall_64+0xcd/0xfa0 [ 397.494242][T12411] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 397.494256][T12411] RIP: 0033:0x7efd7c78eec9 [ 397.494268][T12411] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 397.494282][T12411] RSP: 002b:00007efd7d618038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 397.494296][T12411] RAX: ffffffffffffffda RBX: 00007efd7c9e5fa0 RCX: 00007efd7c78eec9 [ 397.494306][T12411] RDX: 0000200000001380 RSI: 000000004008ae89 RDI: 0000000000000004 [ 397.494315][T12411] RBP: 00007efd7d618090 R08: 0000000000000000 R09: 0000000000000000 [ 397.494323][T12411] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 397.494332][T12411] R13: 00007efd7c9e6038 R14: 00007efd7c9e5fa0 R15: 00007ffe98fa1e78 [ 397.494352][T12411] [ 400.112073][T12417] kexec: Could not allocate control_code_buffer [ 400.209987][T12456] program syz.0.1431 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 403.531846][T12521] FAULT_INJECTION: forcing a failure. [ 403.531846][T12521] name failslab, interval 1, probability 0, space 0, times 0 [ 403.561959][T12521] CPU: 1 UID: 0 PID: 12521 Comm: syz.0.1451 Not tainted syzkaller #0 PREEMPT(full) [ 403.561993][T12521] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 403.562006][T12521] Call Trace: [ 403.562013][T12521] [ 403.562023][T12521] dump_stack_lvl+0x16c/0x1f0 [ 403.562053][T12521] should_fail_ex+0x512/0x640 [ 403.562080][T12521] ? fs_reclaim_acquire+0xae/0x150 [ 403.562114][T12521] should_failslab+0xc2/0x120 [ 403.562145][T12521] __kmalloc_noprof+0xdd/0x880 [ 403.562187][T12521] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 403.562222][T12521] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 403.562247][T12521] tomoyo_realpath_from_path+0xc2/0x6e0 [ 403.562276][T12521] ? tomoyo_profile+0x47/0x60 [ 403.562308][T12521] tomoyo_path_number_perm+0x245/0x580 [ 403.562340][T12521] ? tomoyo_path_number_perm+0x237/0x580 [ 403.562378][T12521] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 403.562414][T12521] ? find_held_lock+0x2b/0x80 [ 403.562473][T12521] ? find_held_lock+0x2b/0x80 [ 403.562497][T12521] ? hook_file_ioctl_common+0x145/0x410 [ 403.562541][T12521] ? __fget_files+0x20e/0x3c0 [ 403.562572][T12521] security_file_ioctl+0x9b/0x240 [ 403.562609][T12521] __x64_sys_ioctl+0xb7/0x210 [ 403.562646][T12521] do_syscall_64+0xcd/0xfa0 [ 403.562675][T12521] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 403.562700][T12521] RIP: 0033:0x7f6588b8eec9 [ 403.562720][T12521] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 403.562743][T12521] RSP: 002b:00007f6589a8a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 403.562767][T12521] RAX: ffffffffffffffda RBX: 00007f6588de5fa0 RCX: 00007f6588b8eec9 [ 403.562783][T12521] RDX: 0000200000001380 RSI: 000000004008ae89 RDI: 0000000000000004 [ 403.562798][T12521] RBP: 00007f6589a8a090 R08: 0000000000000000 R09: 0000000000000000 [ 403.562813][T12521] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 403.562828][T12521] R13: 00007f6588de6038 R14: 00007f6588de5fa0 R15: 00007ffcbc06c488 [ 403.562865][T12521] [ 403.564868][T12521] ERROR: Out of memory at tomoyo_realpath_from_path. [ 405.305579][T12550] netlink: 268 bytes leftover after parsing attributes in process `syz.0.1460'. [ 405.309860][T12552] openvswitch: netlink: Missing valid actions attribute. [ 406.411124][T12581] ubi0: attaching mtd2 [ 406.436053][T12581] ubi0: scanning is finished [ 406.457172][T12581] ubi0: empty MTD device detected [ 406.475096][T12581] ubi0 error: ubi_read_volume_table: LEB size too small for a volume record [ 406.544929][T12582] input: jJǸ-¶š9ã%vø“û¨lÐQ  J86Ö‘ as /devices/virtual/input/input18 [ 406.630977][T12581] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd2, error -22 [ 408.056068][T12613] netlink: 268 bytes leftover after parsing attributes in process `syz.3.1481'. [ 408.365715][T12617] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1482'. [ 412.725527][T12718] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1512'. [ 412.883316][T12717] FAULT_INJECTION: forcing a failure. [ 412.883316][T12717] name failslab, interval 1, probability 0, space 0, times 0 [ 412.938661][T12718] mac80211_hwsim hwsim3 wlan1: entered allmulticast mode [ 412.963139][T12717] CPU: 0 UID: 0 PID: 12717 Comm: syz.2.1513 Not tainted syzkaller #0 PREEMPT(full) [ 412.963165][T12717] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 412.963175][T12717] Call Trace: [ 412.963180][T12717] [ 412.963187][T12717] dump_stack_lvl+0x16c/0x1f0 [ 412.963206][T12717] should_fail_ex+0x512/0x640 [ 412.963224][T12717] ? fs_reclaim_acquire+0xae/0x150 [ 412.963244][T12717] should_failslab+0xc2/0x120 [ 412.963264][T12717] __kmalloc_noprof+0xdd/0x880 [ 412.963290][T12717] ? kfree+0x252/0x6d0 [ 412.963310][T12717] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 412.963330][T12717] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 412.963344][T12717] tomoyo_realpath_from_path+0xc2/0x6e0 [ 412.963365][T12717] tomoyo_check_open_permission+0x2ab/0x3c0 [ 412.963386][T12717] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 412.963426][T12717] ? do_raw_spin_lock+0x12c/0x2b0 [ 412.963453][T12717] tomoyo_file_open+0x6b/0x90 [ 412.963470][T12717] security_file_open+0x84/0x1e0 [ 412.963484][T12717] do_dentry_open+0x596/0x1530 [ 412.963506][T12717] vfs_open+0x82/0x3f0 [ 412.963527][T12717] path_openat+0x1de4/0x2cb0 [ 412.963548][T12717] ? __pfx_path_openat+0x10/0x10 [ 412.963569][T12717] do_filp_open+0x20b/0x470 [ 412.963584][T12717] ? __pfx_do_filp_open+0x10/0x10 [ 412.963612][T12717] ? alloc_fd+0x471/0x7d0 [ 412.963631][T12717] do_sys_openat2+0x11b/0x1d0 [ 412.963650][T12717] ? __pfx_do_sys_openat2+0x10/0x10 [ 412.963677][T12717] __x64_sys_openat+0x174/0x210 [ 412.963696][T12717] ? __pfx___x64_sys_openat+0x10/0x10 [ 412.963724][T12717] do_syscall_64+0xcd/0xfa0 [ 412.963741][T12717] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 412.963755][T12717] RIP: 0033:0x7fdedbd8eec9 [ 412.963767][T12717] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 412.963781][T12717] RSP: 002b:00007fdedcc10038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 412.963796][T12717] RAX: ffffffffffffffda RBX: 00007fdedbfe5fa0 RCX: 00007fdedbd8eec9 [ 412.963806][T12717] RDX: 0000000000000040 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 412.963815][T12717] RBP: 00007fdedbe11f91 R08: 0000000000000000 R09: 0000000000000000 [ 412.963823][T12717] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 412.963831][T12717] R13: 00007fdedbfe6038 R14: 00007fdedbfe5fa0 R15: 00007fff88b043c8 [ 412.963851][T12717] [ 412.963857][T12717] ERROR: Out of memory at tomoyo_realpath_from_path. [ 414.400576][T12775] netlink: 268 bytes leftover after parsing attributes in process `syz.2.1526'. [ 414.490114][T12754] zswap: compressor 000 not available [ 414.531586][T12777] synth uevent: /devices/software: unknown uevent action string [ 414.545336][T12777] event_source software: uevent: failed to send synthetic uevent: -22 [ 414.754905][T12783] FAULT_INJECTION: forcing a failure. [ 414.754905][T12783] name failslab, interval 1, probability 0, space 0, times 0 [ 414.785242][T12783] CPU: 0 UID: 0 PID: 12783 Comm: syz.2.1531 Not tainted syzkaller #0 PREEMPT(full) [ 414.785266][T12783] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 414.785275][T12783] Call Trace: [ 414.785280][T12783] [ 414.785286][T12783] dump_stack_lvl+0x16c/0x1f0 [ 414.785306][T12783] should_fail_ex+0x512/0x640 [ 414.785323][T12783] ? __kmalloc_noprof+0xca/0x880 [ 414.785347][T12783] should_failslab+0xc2/0x120 [ 414.785365][T12783] __kmalloc_noprof+0xdd/0x880 [ 414.785386][T12783] ? ops_init+0x77/0x5f0 [ 414.785405][T12783] ? ops_init+0x77/0x5f0 [ 414.785420][T12783] ops_init+0x77/0x5f0 [ 414.785438][T12783] setup_net+0x100/0x390 [ 414.785455][T12783] ? __pfx_setup_net+0x10/0x10 [ 414.785472][T12783] ? debug_mutex_init+0x37/0x70 [ 414.785489][T12783] copy_net_ns+0x2f8/0x690 [ 414.785509][T12783] create_new_namespaces+0x3ea/0xa90 [ 414.785530][T12783] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 414.785548][T12783] ksys_unshare+0x45b/0xa40 [ 414.785566][T12783] ? __pfx_ksys_unshare+0x10/0x10 [ 414.785584][T12783] ? ksys_write+0x1ac/0x250 [ 414.785604][T12783] __x64_sys_unshare+0x31/0x40 [ 414.785622][T12783] do_syscall_64+0xcd/0xfa0 [ 414.785639][T12783] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 414.785653][T12783] RIP: 0033:0x7fdedbd8eec9 [ 414.785665][T12783] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 414.785678][T12783] RSP: 002b:00007fdedcc10038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 414.785693][T12783] RAX: ffffffffffffffda RBX: 00007fdedbfe5fa0 RCX: 00007fdedbd8eec9 [ 414.785702][T12783] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 414.785710][T12783] RBP: 00007fdedbe11f91 R08: 0000000000000000 R09: 0000000000000000 [ 414.785719][T12783] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 414.785727][T12783] R13: 00007fdedbfe6038 R14: 00007fdedbfe5fa0 R15: 00007fff88b043c8 [ 414.785748][T12783] [ 415.496225][T12806] netlink: 268 bytes leftover after parsing attributes in process `syz.0.1538'. [ 417.399643][T12832] vhci_hcd: default hub control req: 0000 v0000 i0000 l0 [ 417.587900][T12870] netlink: 268 bytes leftover after parsing attributes in process `syz.1.1558'. [ 420.259067][T12921] FAULT_INJECTION: forcing a failure. [ 420.259067][T12921] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 420.305086][T12921] CPU: 0 UID: 0 PID: 12921 Comm: syz.0.1575 Not tainted syzkaller #0 PREEMPT(full) [ 420.305124][T12921] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 420.305140][T12921] Call Trace: [ 420.305149][T12921] [ 420.305160][T12921] dump_stack_lvl+0x16c/0x1f0 [ 420.305194][T12921] should_fail_ex+0x512/0x640 [ 420.305234][T12921] _copy_from_user+0x2e/0xd0 [ 420.305268][T12921] get_bitmap+0x6d/0x110 [ 420.305298][T12921] get_nodes+0x169/0x210 [ 420.305329][T12921] ? __pfx_get_nodes+0x10/0x10 [ 420.305369][T12921] kernel_mbind+0x139/0x1f0 [ 420.305411][T12921] ? __pfx_kernel_mbind+0x10/0x10 [ 420.305459][T12921] do_syscall_64+0xcd/0xfa0 [ 420.305490][T12921] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 420.305517][T12921] RIP: 0033:0x7f6588b8eec9 [ 420.305538][T12921] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 420.305563][T12921] RSP: 002b:00007f6589a8a038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed [ 420.305588][T12921] RAX: ffffffffffffffda RBX: 00007f6588de5fa0 RCX: 00007f6588b8eec9 [ 420.305606][T12921] RDX: 0000000000000005 RSI: 7fffffffffffffff RDI: fffffffffffffee2 [ 420.305629][T12921] RBP: 00007f6588c11f91 R08: 0000000000003441 R09: 0000000000000003 [ 420.305645][T12921] R10: 00002000000002c0 R11: 0000000000000246 R12: 0000000000000000 [ 420.305662][T12921] R13: 00007f6588de6038 R14: 00007f6588de5fa0 R15: 00007ffcbc06c488 [ 420.305701][T12921] [ 420.651066][T12937] EXT4-fs error (device sda1): ext4_validate_block_bitmap:423: comm syz.3.1578: bg 4: bad block bitmap checksum [ 420.673584][T12937] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 1 with max blocks 1 with error 74 [ 420.737778][T12937] EXT4-fs (sda1): This should not happen!! Data will be lost [ 420.737778][T12937] [ 423.161409][T12992] netlink: 342 bytes leftover after parsing attributes in process `syz.0.1592'. [ 423.933997][T13019] FAULT_INJECTION: forcing a failure. [ 423.933997][T13019] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 423.962965][T13019] CPU: 0 UID: 0 PID: 13019 Comm: syz.0.1600 Not tainted syzkaller #0 PREEMPT(full) [ 423.962997][T13019] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 423.963011][T13019] Call Trace: [ 423.963020][T13019] [ 423.963029][T13019] dump_stack_lvl+0x16c/0x1f0 [ 423.963061][T13019] should_fail_ex+0x512/0x640 [ 423.963095][T13019] _copy_from_user+0x2e/0xd0 [ 423.963127][T13019] msr_io+0x93/0x4e0 [ 423.963159][T13019] ? __pfx_do_set_msr+0x10/0x10 [ 423.963195][T13019] ? __pfx_msr_io+0x10/0x10 [ 423.963229][T13019] ? arch_stack_walk+0xa6/0x100 [ 423.963268][T13019] kvm_arch_vcpu_ioctl+0x1469/0x5570 [ 423.963300][T13019] ? kvm_arch_vcpu_ioctl+0x1444/0x5570 [ 423.963338][T13019] ? stack_trace_save+0x8e/0xc0 [ 423.963367][T13019] ? __pfx_kvm_arch_vcpu_ioctl+0x10/0x10 [ 423.963400][T13019] ? stack_depot_save_flags+0x29/0x9c0 [ 423.963429][T13019] ? __lock_acquire+0xb97/0x1ce0 [ 423.963465][T13019] ? kasan_save_stack+0x42/0x60 [ 423.963490][T13019] ? kasan_save_stack+0x33/0x60 [ 423.963515][T13019] ? kasan_save_track+0x14/0x30 [ 423.963540][T13019] ? __kasan_save_free_info+0x3b/0x60 [ 423.963574][T13019] ? __kasan_slab_free+0x5f/0x80 [ 423.963599][T13019] ? kfree+0x2b8/0x6d0 [ 423.963630][T13019] ? tomoyo_path_number_perm+0x470/0x580 [ 423.963663][T13019] ? security_file_ioctl+0x9b/0x240 [ 423.963703][T13019] ? __lock_acquire+0xb97/0x1ce0 [ 423.963749][T13019] ? __mutex_trylock_common+0xe9/0x250 [ 423.963784][T13019] ? __pfx___mutex_trylock_common+0x10/0x10 [ 423.963819][T13019] ? __pfx___might_resched+0x10/0x10 [ 423.963846][T13019] ? rcu_is_watching+0x12/0xc0 [ 423.963872][T13019] ? trace_contention_end+0xdd/0x130 [ 423.963905][T13019] ? __mutex_lock+0x1c5/0x1060 [ 423.963939][T13019] ? kasan_quarantine_put+0x10a/0x240 [ 423.963968][T13019] ? __pfx___mutex_lock+0x10/0x10 [ 423.964010][T13019] ? tomoyo_path_number_perm+0x18d/0x580 [ 423.964051][T13019] ? kvm_vcpu_ioctl+0x1235/0x1690 [ 423.964075][T13019] kvm_vcpu_ioctl+0x1235/0x1690 [ 423.964105][T13019] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 423.964133][T13019] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 423.964173][T13019] ? do_vfs_ioctl+0x128/0x14f0 [ 423.964208][T13019] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 423.964257][T13019] ? find_held_lock+0x2b/0x80 [ 423.964281][T13019] ? hook_file_ioctl_common+0x145/0x410 [ 423.964326][T13019] ? __fget_files+0x20e/0x3c0 [ 423.964356][T13019] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 423.964384][T13019] __x64_sys_ioctl+0x18e/0x210 [ 423.964420][T13019] do_syscall_64+0xcd/0xfa0 [ 423.964450][T13019] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 423.964474][T13019] RIP: 0033:0x7f6588b8eec9 [ 423.964494][T13019] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 423.964517][T13019] RSP: 002b:00007f6589a8a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 423.964541][T13019] RAX: ffffffffffffffda RBX: 00007f6588de5fa0 RCX: 00007f6588b8eec9 [ 423.964558][T13019] RDX: 0000200000001380 RSI: 000000004008ae89 RDI: 0000000000000004 [ 423.964574][T13019] RBP: 00007f6589a8a090 R08: 0000000000000000 R09: 0000000000000000 [ 423.964587][T13019] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 423.964601][T13019] R13: 00007f6588de6038 R14: 00007f6588de5fa0 R15: 00007ffcbc06c488 [ 423.964636][T13019] [ 424.724029][T13035] netlink: 268 bytes leftover after parsing attributes in process `syz.0.1606'. [ 425.301649][T13054] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1611'. [ 430.606569][T13184] tipc: Enabling of bearer <@):^\/\> rejected, media not registered [ 431.225612][T13207] EXT4-fs error (device sda1): ext4_discard_preallocations:5681: comm syz.1.1653: Error -117 reading block bitmap for 4 [ 434.086347][T13269] FAULT_INJECTION: forcing a failure. [ 434.086347][T13269] name failslab, interval 1, probability 0, space 0, times 0 [ 434.144330][T13269] CPU: 0 UID: 0 PID: 13269 Comm: syz.3.1674 Not tainted syzkaller #0 PREEMPT(full) [ 434.144363][T13269] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 434.144383][T13269] Call Trace: [ 434.144392][T13269] [ 434.144402][T13269] dump_stack_lvl+0x16c/0x1f0 [ 434.144434][T13269] should_fail_ex+0x512/0x640 [ 434.144462][T13269] ? fs_reclaim_acquire+0xae/0x150 [ 434.144495][T13269] should_failslab+0xc2/0x120 [ 434.144526][T13269] __kmalloc_noprof+0xdd/0x880 [ 434.144562][T13269] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 434.144597][T13269] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 434.144621][T13269] tomoyo_realpath_from_path+0xc2/0x6e0 [ 434.144650][T13269] ? tomoyo_profile+0x47/0x60 [ 434.144682][T13269] tomoyo_path_number_perm+0x245/0x580 [ 434.144714][T13269] ? tomoyo_path_number_perm+0x237/0x580 [ 434.144752][T13269] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 434.144789][T13269] ? find_held_lock+0x2b/0x80 [ 434.144849][T13269] ? find_held_lock+0x2b/0x80 [ 434.144873][T13269] ? hook_file_ioctl_common+0x145/0x410 [ 434.144918][T13269] ? __fget_files+0x20e/0x3c0 [ 434.144949][T13269] security_file_ioctl+0x9b/0x240 [ 434.144986][T13269] __x64_sys_ioctl+0xb7/0x210 [ 434.145025][T13269] do_syscall_64+0xcd/0xfa0 [ 434.145068][T13269] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 434.145092][T13269] RIP: 0033:0x7efd7c78eec9 [ 434.145111][T13269] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 434.145134][T13269] RSP: 002b:00007efd7d618038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 434.145158][T13269] RAX: ffffffffffffffda RBX: 00007efd7c9e5fa0 RCX: 00007efd7c78eec9 [ 434.145176][T13269] RDX: 0000200000001380 RSI: 000000004008ae89 RDI: 0000000000000004 [ 434.145191][T13269] RBP: 00007efd7d618090 R08: 0000000000000000 R09: 0000000000000000 [ 434.145206][T13269] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 434.145221][T13269] R13: 00007efd7c9e6038 R14: 00007efd7c9e5fa0 R15: 00007ffe98fa1e78 [ 434.145258][T13269] [ 434.390780][T13269] ERROR: Out of memory at tomoyo_realpath_from_path. [ 435.867130][T13309] random: crng reseeded on system resumption [ 436.126025][T12296] EXT4-fs error (device sda1): ext4_validate_block_bitmap:423: comm kworker/u10:33: bg 5: bad block bitmap checksum [ 436.155272][T12296] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 1 with max blocks 1 with error 74 [ 436.167960][T12296] EXT4-fs (sda1): This should not happen!! Data will be lost [ 436.167960][T12296] [ 436.279684][T13307] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1683'. [ 436.674038][T13281] kexec: Could not allocate control_code_buffer [ 437.598953][T13344] snd_dummy snd_dummy.0: control 16781581:4:5:é'x?F¢é/èìzFË·fCªáª:7 is already present [ 437.630978][T13344] snd_dummy snd_dummy.0: control 16781581:4:5:é'x?F¢é/èìzFË·fCªáª:7 is already present [ 437.641492][ T30] audit: type=1400 audit(4294967406.190:16): apparmor="DENIED" operation="setprocattr" info="current" error=-22 profile="unconfined" pid=13342 comm="syz.0.1696" [ 437.658078][T13344] snd_dummy snd_dummy.0: control 16781581:4:5:é'x?F¢é/èìzFË·fCªáª:7 is already present [ 437.676336][T13344] snd_dummy snd_dummy.0: control 16781581:4:5:é'x?F¢é/èìzFË·fCªáª:7 is already present [ 437.685493][ T30] audit: type=1800 audit(4294967406.200:17): pid=13345 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.1696" name="members" dev="configfs" ino=57484 res=0 errno=0 [ 437.693357][T13344] snd_dummy snd_dummy.0: control 16781581:4:5:é'x?F¢é/èìzFË·fCªáª:7 is already present [ 437.797517][T13344] snd_dummy snd_dummy.0: control 16781581:4:5:é'x?F¢é/èìzFË·fCªáª:7 is already present [ 437.817417][T13344] snd_dummy snd_dummy.0: control 16781581:4:5:é'x?F¢é/èìzFË·fCªáª:7 is already present [ 437.845347][T13344] snd_dummy snd_dummy.0: control 16781581:4:5:é'x?F¢é/èìzFË·fCªáª:7 is already present [ 437.873482][T13344] snd_dummy snd_dummy.0: control 16781581:4:5:é'x?F¢é/èìzFË·fCªáª:7 is already present [ 437.904263][T13344] snd_dummy snd_dummy.0: control 16781581:4:5:é'x?F¢é/èìzFË·fCªáª:7 is already present [ 437.924918][T13344] snd_dummy snd_dummy.0: control 16781581:4:5:é'x?F¢é/èìzFË·fCªáª:7 is already present [ 437.937280][T13344] snd_dummy snd_dummy.0: control 16781581:4:5:é'x?F¢é/èìzFË·fCªáª:7 is already present [ 437.965464][T13344] snd_dummy snd_dummy.0: control 16781581:4:5:é'x?F¢é/èìzFË·fCªáª:7 is already present [ 437.985546][T13344] snd_dummy snd_dummy.0: control 16781581:4:5:é'x?F¢é/èìzFË·fCªáª:7 is already present [ 438.012684][T13344] snd_dummy snd_dummy.0: control 16781581:4:5:é'x?F¢é/èìzFË·fCªáª:7 is already present [ 438.044673][T13344] snd_dummy snd_dummy.0: control 16781581:4:5:é'x?F¢é/èìzFË·fCªáª:7 is already present [ 438.076076][T13344] snd_dummy snd_dummy.0: control 16781581:4:5:é'x?F¢é/èìzFË·fCªáª:7 is already present [ 438.092769][T13344] snd_dummy snd_dummy.0: control 16781581:4:5:é'x?F¢é/èìzFË·fCªáª:7 is already present [ 438.135376][T13344] snd_dummy snd_dummy.0: control 16781581:4:5:é'x?F¢é/èìzFË·fCªáª:7 is already present [ 438.155579][T13344] snd_dummy snd_dummy.0: control 16781581:4:5:é'x?F¢é/èìzFË·fCªáª:7 is already present [ 438.190615][T13344] snd_dummy snd_dummy.0: control 16781581:4:5:é'x?F¢é/èìzFË·fCªáª:7 is already present [ 438.223844][T13344] snd_dummy snd_dummy.0: control 16781581:4:5:é'x?F¢é/èìzFË·fCªáª:7 is already present [ 438.263328][T13344] snd_dummy snd_dummy.0: control 16781581:4:5:é'x?F¢é/èìzFË·fCªáª:7 is already present [ 438.280437][T13344] snd_dummy snd_dummy.0: control 16781581:4:5:é'x?F¢é/èìzFË·fCªáª:7 is already present [ 438.298752][T13344] snd_dummy snd_dummy.0: control 16781581:4:5:é'x?F¢é/èìzFË·fCªáª:7 is already present [ 438.310596][T13344] snd_dummy snd_dummy.0: control 16781581:4:5:é'x?F¢é/èìzFË·fCªáª:7 is already present [ 438.321179][T13344] snd_dummy snd_dummy.0: control 16781581:4:5:é'x?F¢é/èìzFË·fCªáª:7 is already present [ 438.350383][T13344] snd_dummy snd_dummy.0: control 16781581:4:5:é'x?F¢é/èìzFË·fCªáª:7 is already present [ 438.363279][T13344] snd_dummy snd_dummy.0: control 16781581:4:5:é'x?F¢é/èìzFË·fCªáª:7 is already present [ 438.377012][T13344] snd_dummy snd_dummy.0: control 16781581:4:5:é'x?F¢é/èìzFË·fCªáª:7 is already present [ 439.135410][T13395] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 1 with max blocks 1 with error 117 [ 439.151607][T13395] EXT4-fs (sda1): This should not happen!! Data will be lost [ 439.151607][T13395] [ 440.788423][T13437] EXT4-fs error (device sda1): ext4_discard_preallocations:5681: comm syz.3.1718: Error -117 reading block bitmap for 5 [ 441.987170][T13430] kexec: Could not allocate control_code_buffer [ 442.080032][T13454] netlink: 268 bytes leftover after parsing attributes in process `syz.3.1723'. [ 443.281054][T13469] FAULT_INJECTION: forcing a failure. [ 443.281054][T13469] name failslab, interval 1, probability 0, space 0, times 0 [ 443.325473][T13469] CPU: 0 UID: 0 PID: 13469 Comm: syz.0.1727 Not tainted syzkaller #0 PREEMPT(full) [ 443.325509][T13469] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 443.325525][T13469] Call Trace: [ 443.325534][T13469] [ 443.325544][T13469] dump_stack_lvl+0x16c/0x1f0 [ 443.325579][T13469] should_fail_ex+0x512/0x640 [ 443.325610][T13469] ? __kmalloc_noprof+0xca/0x880 [ 443.325652][T13469] should_failslab+0xc2/0x120 [ 443.325686][T13469] __kmalloc_noprof+0xdd/0x880 [ 443.325726][T13469] ? __register_sysctl_table+0xb3/0x1900 [ 443.325769][T13469] ? __register_sysctl_table+0xb3/0x1900 [ 443.325804][T13469] __register_sysctl_table+0xb3/0x1900 [ 443.325840][T13469] ? is_module_address+0x5f/0xf0 [ 443.325878][T13469] ? __pfx___register_sysctl_table+0x10/0x10 [ 443.325910][T13469] ? is_module_address+0x69/0xf0 [ 443.325942][T13469] ? register_net_sysctl_sz+0x228/0x3e0 [ 443.325978][T13469] ? __asan_memcpy+0x3c/0x60 [ 443.326006][T13469] xfrm4_net_init+0xf0/0x1c0 [ 443.326045][T13469] ? __pfx_xfrm4_net_init+0x10/0x10 [ 443.326081][T13469] ops_init+0x1df/0x5f0 [ 443.326115][T13469] setup_net+0x100/0x390 [ 443.326145][T13469] ? __pfx_setup_net+0x10/0x10 [ 443.326177][T13469] ? debug_mutex_init+0x37/0x70 [ 443.326218][T13469] copy_net_ns+0x2f8/0x690 [ 443.326257][T13469] create_new_namespaces+0x3ea/0xa90 [ 443.326297][T13469] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 443.326330][T13469] ksys_unshare+0x45b/0xa40 [ 443.326364][T13469] ? __pfx_ksys_unshare+0x10/0x10 [ 443.326399][T13469] ? xfd_validate_state+0x61/0x180 [ 443.326444][T13469] __x64_sys_unshare+0x31/0x40 [ 443.326476][T13469] do_syscall_64+0xcd/0xfa0 [ 443.326506][T13469] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 443.326532][T13469] RIP: 0033:0x7f6588b8eec9 [ 443.326553][T13469] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 443.326577][T13469] RSP: 002b:00007f6589a8a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 443.326603][T13469] RAX: ffffffffffffffda RBX: 00007f6588de5fa0 RCX: 00007f6588b8eec9 [ 443.326622][T13469] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 443.326638][T13469] RBP: 00007f6588c11f91 R08: 0000000000000000 R09: 0000000000000000 [ 443.326653][T13469] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 443.326668][T13469] R13: 00007f6588de6038 R14: 00007f6588de5fa0 R15: 00007ffcbc06c488 [ 443.326705][T13469] [ 445.220603][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 445.227098][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 447.210442][T13552] random: crng reseeded on system resumption [ 447.508284][T13552] svc: failed to register nfsdv3 RPC service (errno 111). [ 447.562398][T13552] svc: failed to register nfsaclv3 RPC service (errno 111). [ 447.735443][T13563] netlink: 764 bytes leftover after parsing attributes in process `syz.3.1751'. [ 447.927426][T13555] svc: failed to register nfsdv3 RPC service (errno 111). [ 447.943140][T13555] svc: failed to register nfsaclv3 RPC service (errno 111). [ 449.419014][T13599] random: crng reseeded on system resumption [ 449.496856][T13599] svc: failed to register nfsdv3 RPC service (errno 111). [ 449.520141][T13599] svc: failed to register nfsaclv3 RPC service (errno 111). [ 449.530070][T13604] netlink: 268 bytes leftover after parsing attributes in process `syz.2.1767'. [ 449.816430][T13605] svc: failed to register nfsdv3 RPC service (errno 111). [ 449.831301][T13605] svc: failed to register nfsaclv3 RPC service (errno 111). [ 453.316100][T13683] netlink: 'syz.2.1788': attribute type 10 has an invalid length. [ 453.336208][T13683] netlink: 330 bytes leftover after parsing attributes in process `syz.2.1788'. [ 453.517548][T13688] ubi0: attaching mtd0 [ 453.524388][T13688] ubi0: scanning is finished [ 453.551765][T13688] ubi0 warning: ubi_read_volume_table: volume table copy #2 is corrupted [ 453.631607][T13688] ubi0: volume table was restored [ 453.849934][T13688] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 453.893775][T13688] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 453.935858][T13688] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 453.938164][ T5836] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:375: inode #2: comm udevd: No space for directory leaf checksum. Please run e2fsck -D. [ 453.942821][T13688] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 453.988559][ T5836] EXT4-fs error (device sda1): __ext4_find_entry:1624: inode #2: comm udevd: checksumming directory block 0 [ 454.005110][T13688] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 454.022123][T13688] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 454.036003][ T5836] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:375: inode #2: comm udevd: No space for directory leaf checksum. Please run e2fsck -D. [ 454.061014][ T5836] EXT4-fs error (device sda1): __ext4_find_entry:1624: inode #2: comm udevd: checksumming directory block 0 [ 454.072614][T13688] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 2041142272 [ 454.163890][T13688] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 454.195862][T13692] ubi0: background thread "ubi_bgt0d" started, PID 13692 [ 454.295862][T13698] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1792'. [ 454.831671][ T7679] Bluetooth: hci3: unexpected event 0x3e length: 726 > 260 [ 454.831696][ T7679] Bluetooth: hci3: unexpected subevent 0x0d length: 725 > 260 [ 454.846617][ T7679] Bluetooth: hci3: Unknown advertising packet type: 0x7f [ 454.846659][ T7679] Bluetooth: hci3: adv larger than maximum supported [ 454.854562][ T7679] Bluetooth: hci3: Malformed LE Event: 0x0d [ 455.181332][T13703] netlink: 268 bytes leftover after parsing attributes in process `syz.3.1792'. [ 461.455098][T13818] netlink: 50 bytes leftover after parsing attributes in process `syz.1.1818'. [ 461.805470][ T7679] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 462.433025][T13843] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1832'. [ 463.127383][T13857] netlink: 268 bytes leftover after parsing attributes in process `syz.0.1827'. [ 463.855266][ T9382] Bluetooth: hci1: command 0x0c1a tx timeout [ 469.575605][T13957] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 469.583095][T13957] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 469.589237][T13957] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 469.596502][T13957] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 469.603420][T13957] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 469.794815][T13978] netlink: 268 bytes leftover after parsing attributes in process `syz.1.1860'. [ 469.877948][T13982] FAULT_INJECTION: forcing a failure. [ 469.877948][T13982] name failslab, interval 1, probability 0, space 0, times 0 [ 469.915611][T13982] CPU: 1 UID: 0 PID: 13982 Comm: syz.3.1861 Not tainted syzkaller #0 PREEMPT(full) [ 469.915646][T13982] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 469.915661][T13982] Call Trace: [ 469.915670][T13982] [ 469.915680][T13982] dump_stack_lvl+0x16c/0x1f0 [ 469.915725][T13982] should_fail_ex+0x512/0x640 [ 469.915756][T13982] ? __kmalloc_cache_noprof+0x5f/0x780 [ 469.915799][T13982] should_failslab+0xc2/0x120 [ 469.915832][T13982] __kmalloc_cache_noprof+0x72/0x780 [ 469.915870][T13982] ? alloc_super+0x52/0xb60 [ 469.915900][T13982] ? alloc_super+0x52/0xb60 [ 469.915923][T13982] alloc_super+0x52/0xb60 [ 469.915944][T13982] ? sget_fc+0xd3/0xc20 [ 469.915974][T13982] sget_fc+0x116/0xc20 [ 469.915999][T13982] ? __pfx_set_anon_super_fc+0x10/0x10 [ 469.916039][T13982] ? __pfx_mqueue_fill_super+0x10/0x10 [ 469.916069][T13982] get_tree_nodev+0x28/0x190 [ 469.916098][T13982] mqueue_get_tree+0xf1/0x130 [ 469.916128][T13982] vfs_get_tree+0x8b/0x340 [ 469.916163][T13982] fc_mount_longterm+0x1a/0x270 [ 469.916199][T13982] mq_init_ns+0x426/0x620 [ 469.916237][T13982] copy_ipcs+0x2d6/0x550 [ 469.916274][T13982] create_new_namespaces+0x20a/0xa90 [ 469.916303][T13982] ? security_capable+0x7e/0x260 [ 469.916339][T13982] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 469.916371][T13982] ksys_unshare+0x45b/0xa40 [ 469.916405][T13982] ? __pfx_ksys_unshare+0x10/0x10 [ 469.916439][T13982] ? xfd_validate_state+0x61/0x180 [ 469.916484][T13982] __x64_sys_unshare+0x31/0x40 [ 469.916516][T13982] do_syscall_64+0xcd/0xfa0 [ 469.916554][T13982] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 469.916581][T13982] RIP: 0033:0x7efd7c78eec9 [ 469.916601][T13982] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 469.916626][T13982] RSP: 002b:00007efd7d618038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 469.916651][T13982] RAX: ffffffffffffffda RBX: 00007efd7c9e5fa0 RCX: 00007efd7c78eec9 [ 469.916669][T13982] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000008000000 [ 469.916684][T13982] RBP: 00007efd7c811f91 R08: 0000000000000000 R09: 0000000000000000 [ 469.916706][T13982] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 469.916722][T13982] R13: 00007efd7c9e6038 R14: 00007efd7c9e5fa0 R15: 00007ffe98fa1e78 [ 469.916760][T13982] [ 470.209688][T13985] mkiss: ax0: crc mode is auto. [ 470.302365][T13989] netlink: 62 bytes leftover after parsing attributes in process `syz.2.1862'. [ 470.895365][ T9382] Bluetooth: hci2: command 0x0c1a tx timeout [ 471.618013][ T9382] Bluetooth: hci3: command 0x0c1a tx timeout [ 471.624126][ T7679] Bluetooth: hci0: command 0x0c1a tx timeout [ 471.630287][ T7679] Bluetooth: hci1: command 0x0c1a tx timeout [ 471.857091][T14037] netlink: 268 bytes leftover after parsing attributes in process `syz.0.1874'. [ 472.202125][T14048] random: crng reseeded on system resumption [ 472.242758][T14049] netlink: 338 bytes leftover after parsing attributes in process `syz.0.1877'. [ 473.029768][T14065] input: f¬ as /devices/virtual/input/input19 [ 473.288126][T14075] netlink: 268 bytes leftover after parsing attributes in process `syz.3.1885'. [ 473.487200][T14079] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1886'. [ 473.499891][T14079] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1886'. [ 473.650761][T14084] bridge0: port 3(veth0_to_bridge) entered blocking state [ 473.660399][T14084] bridge0: port 3(veth0_to_bridge) entered disabled state [ 473.668051][T14084] veth0_to_bridge: entered allmulticast mode [ 473.675379][T14084] veth0_to_bridge: entered promiscuous mode [ 473.681383][T14084] bridge0: adding interface veth0_to_bridge with same address as a received packet (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 473.694570][T14084] bridge0: port 3(veth0_to_bridge) entered blocking state [ 473.701975][T14084] bridge0: port 3(veth0_to_bridge) entered forwarding state [ 473.710511][ T9382] Bluetooth: hci1: command 0x0c1a tx timeout [ 473.819810][T14087] ptrace attach of "./syz-executor exec"[5828] was attempted by ""[14087] [ 474.134776][T14095] sysfs: cannot create duplicate filename '/class/ieee80211/!PjE ùrõ£Ò„yù*›"¤l-ý¤ôy–ú„L̓÷ÓÄ]' [ 474.146359][T14095] CPU: 0 UID: 0 PID: 14095 Comm: syz.1.1891 Not tainted syzkaller #0 PREEMPT(full) [ 474.146394][T14095] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 474.146411][T14095] Call Trace: [ 474.146419][T14095] [ 474.146430][T14095] dump_stack_lvl+0x16c/0x1f0 [ 474.146466][T14095] sysfs_warn_dup+0x7f/0xa0 [ 474.146498][T14095] sysfs_do_create_link_sd+0x124/0x140 [ 474.146533][T14095] sysfs_create_link+0x61/0xc0 [ 474.146559][T14095] device_add+0x62c/0x1aa0 [ 474.146579][T14095] ? __pfx_device_add+0x10/0x10 [ 474.146595][T14095] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 474.146619][T14095] ? ieee80211_set_bitrate_flags+0x243/0x6b0 [ 474.146640][T14095] wiphy_register+0x1eb0/0x2b20 [ 474.146658][T14095] ? netdev_run_todo+0x864/0x1320 [ 474.146682][T14095] ? __pfx_wiphy_register+0x10/0x10 [ 474.146710][T14095] ieee80211_register_hw+0x253d/0x4120 [ 474.146736][T14095] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 474.146755][T14095] ? __pfx___debug_object_init+0x10/0x10 [ 474.146780][T14095] ? find_held_lock+0x2b/0x80 [ 474.146796][T14095] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 474.146818][T14095] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 474.146833][T14095] ? __hrtimer_setup+0x176/0x280 [ 474.146856][T14095] mac80211_hwsim_new_radio+0x32d8/0x50b0 [ 474.146887][T14095] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 474.146913][T14095] hwsim_new_radio_nl+0xba2/0x1330 [ 474.146935][T14095] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 474.146960][T14095] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 474.146981][T14095] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 474.147005][T14095] genl_family_rcv_msg_doit+0x206/0x2f0 [ 474.147026][T14095] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 474.147052][T14095] ? bpf_lsm_capable+0x9/0x10 [ 474.147070][T14095] ? security_capable+0x7e/0x260 [ 474.147089][T14095] ? ns_capable+0xd7/0x110 [ 474.147106][T14095] genl_rcv_msg+0x55c/0x800 [ 474.147127][T14095] ? __pfx_genl_rcv_msg+0x10/0x10 [ 474.147147][T14095] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 474.147173][T14095] netlink_rcv_skb+0x155/0x420 [ 474.147190][T14095] ? __pfx_genl_rcv_msg+0x10/0x10 [ 474.147210][T14095] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 474.147235][T14095] ? netlink_deliver_tap+0x1ae/0xd30 [ 474.147254][T14095] genl_rcv+0x28/0x40 [ 474.147270][T14095] netlink_unicast+0x5aa/0x870 [ 474.147294][T14095] ? __pfx_netlink_unicast+0x10/0x10 [ 474.147312][T14095] ? __pfx___might_resched+0x10/0x10 [ 474.147327][T14095] ? __lock_acquire+0xb97/0x1ce0 [ 474.147359][T14095] netlink_sendmsg+0x8c8/0xdd0 [ 474.147380][T14095] ? __pfx_netlink_sendmsg+0x10/0x10 [ 474.147400][T14095] ? aa_sock_msg_perm.constprop.0+0x100/0x1d0 [ 474.147423][T14095] ____sys_sendmsg+0xa98/0xc70 [ 474.147443][T14095] ? copy_msghdr_from_user+0x10a/0x160 [ 474.147459][T14095] ? __pfx_____sys_sendmsg+0x10/0x10 [ 474.147476][T14095] ? trace_sched_exit_tp+0xd1/0x120 [ 474.147507][T14095] ___sys_sendmsg+0x134/0x1d0 [ 474.147524][T14095] ? __pfx____sys_sendmsg+0x10/0x10 [ 474.147561][T14095] ? __sys_sendmsg+0x11d/0x220 [ 474.147579][T14095] __sys_sendmsg+0x16d/0x220 [ 474.147596][T14095] ? __pfx___sys_sendmsg+0x10/0x10 [ 474.147614][T14095] ? __x64_sys_futex+0x1e0/0x4c0 [ 474.147645][T14095] do_syscall_64+0xcd/0xfa0 [ 474.147663][T14095] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 474.147677][T14095] RIP: 0033:0x7f52fbd8eec9 [ 474.147690][T14095] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 474.147704][T14095] RSP: 002b:00007f52fcc46038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 474.147719][T14095] RAX: ffffffffffffffda RBX: 00007f52fbfe5fa0 RCX: 00007f52fbd8eec9 [ 474.147728][T14095] RDX: 0000000000040840 RSI: 00002000000000c0 RDI: 0000000000000003 [ 474.147738][T14095] RBP: 00007f52fbe11f91 R08: 0000000000000000 R09: 0000000000000000 [ 474.147747][T14095] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 474.147755][T14095] R13: 00007f52fbfe6038 R14: 00007f52fbfe5fa0 R15: 00007ffeff2414c8 [ 474.147776][T14095] [ 474.879923][T14108] FAULT_INJECTION: forcing a failure. [ 474.879923][T14108] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 474.894159][T14108] CPU: 0 UID: 0 PID: 14108 Comm: syz.3.1896 Not tainted syzkaller #0 PREEMPT(full) [ 474.894189][T14108] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 474.894203][T14108] Call Trace: [ 474.894212][T14108] [ 474.894221][T14108] dump_stack_lvl+0x16c/0x1f0 [ 474.894262][T14108] should_fail_ex+0x512/0x640 [ 474.894294][T14108] should_fail_alloc_page+0xe7/0x130 [ 474.894325][T14108] prepare_alloc_pages+0x3c2/0x610 [ 474.894360][T14108] __alloc_frozen_pages_noprof+0x18b/0x2470 [ 474.894389][T14108] ? __lock_acquire+0x62e/0x1ce0 [ 474.894434][T14108] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 474.894462][T14108] ? find_held_lock+0x2b/0x80 [ 474.894491][T14108] ? page_table_check_set+0x631/0x750 [ 474.894521][T14108] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 474.894559][T14108] ? policy_nodemask+0xea/0x4e0 [ 474.894591][T14108] alloc_pages_mpol+0x1fb/0x550 [ 474.894623][T14108] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 474.894657][T14108] ? __lock_acquire+0x62e/0x1ce0 [ 474.894691][T14108] folio_alloc_mpol_noprof+0x36/0x2f0 [ 474.894727][T14108] vma_alloc_folio_noprof+0xed/0x1e0 [ 474.894761][T14108] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 474.894807][T14108] do_pte_missing+0x2202/0x3ba0 [ 474.894843][T14108] ? find_held_lock+0x2b/0x80 [ 474.894877][T14108] __handle_mm_fault+0x1556/0x2aa0 [ 474.894923][T14108] ? __pfx___handle_mm_fault+0x10/0x10 [ 474.894963][T14108] ? lock_vma_under_rcu+0x176/0x530 [ 474.895011][T14108] ? __pfx_lock_vma_under_rcu+0x10/0x10 [ 474.895054][T14108] handle_mm_fault+0x589/0xd10 [ 474.895090][T14108] ? trace_raw_output_exceptions+0x141/0x150 [ 474.895130][T14108] do_user_addr_fault+0x60c/0x1370 [ 474.895158][T14108] ? rcu_is_watching+0x12/0xc0 [ 474.895188][T14108] exc_page_fault+0x64/0xc0 [ 474.895214][T14108] asm_exc_page_fault+0x26/0x30 [ 474.895244][T14108] RIP: 0033:0x7efd7c65a75b [ 474.895264][T14108] Code: 00 00 00 48 8d 3d dd 39 19 00 48 89 c1 31 c0 e8 fb 3a ff ff eb d2 66 0f 1f 84 00 00 00 00 00 55 31 c0 53 48 81 ec 68 10 00 00 <48> 89 7c 24 08 48 8d 3d 11 3a 19 00 48 89 34 24 48 8b 14 24 48 8b [ 474.895286][T14108] RSP: 002b:00007efd7d616fb0 EFLAGS: 00010202 [ 474.895306][T14108] RAX: 0000000000000000 RBX: 00007efd7c9e5fa0 RCX: 0000000000000000 [ 474.895322][T14108] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000000 [ 474.895336][T14108] RBP: 00007efd7d618090 R08: 0000000000000000 R09: 0000000000000000 [ 474.895351][T14108] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000001 [ 474.895365][T14108] R13: 00007efd7c9e6038 R14: 00007efd7c9e5fa0 R15: 00007ffe98fa1e78 [ 474.895401][T14108] [ 475.175396][T14108] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF [ 475.594161][T14120] sctp: [Deprecated]: syz.1.1897 (pid 14120) Use of int in max_burst socket option deprecated. [ 475.594161][T14120] Use struct sctp_assoc_value instead [ 477.552011][T14176] FAULT_INJECTION: forcing a failure. [ 477.552011][T14176] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 477.627816][T14176] CPU: 1 UID: 0 PID: 14176 Comm: syz.3.1908 Not tainted syzkaller #0 PREEMPT(full) [ 477.627849][T14176] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 477.627863][T14176] Call Trace: [ 477.627871][T14176] [ 477.627881][T14176] dump_stack_lvl+0x16c/0x1f0 [ 477.627913][T14176] should_fail_ex+0x512/0x640 [ 477.627947][T14176] _copy_from_user+0x2e/0xd0 [ 477.627978][T14176] move_addr_to_kernel+0x65/0x170 [ 477.628024][T14176] __sys_sendto+0x1be/0x520 [ 477.628049][T14176] ? __pfx___sys_sendto+0x10/0x10 [ 477.628073][T14176] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 477.628137][T14176] __x64_sys_sendto+0xe0/0x1c0 [ 477.628161][T14176] ? do_syscall_64+0x91/0xfa0 [ 477.628186][T14176] ? lockdep_hardirqs_on+0x7c/0x110 [ 477.628213][T14176] do_syscall_64+0xcd/0xfa0 [ 477.628241][T14176] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 477.628266][T14176] RIP: 0033:0x7efd7c790d5c [ 477.628285][T14176] Code: 2a 5f 02 00 44 8b 4c 24 2c 4c 8b 44 24 20 89 c5 44 8b 54 24 28 48 8b 54 24 18 b8 2c 00 00 00 48 8b 74 24 10 8b 7c 24 08 0f 05 <48> 3d 00 f0 ff ff 77 34 89 ef 48 89 44 24 08 e8 70 5f 02 00 48 8b [ 477.628307][T14176] RSP: 002b:00007efd7d616ec0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 477.628331][T14176] RAX: ffffffffffffffda RBX: 00007efd7d616fc0 RCX: 00007efd7c790d5c [ 477.628348][T14176] RDX: 000000000000001c RSI: 00007efd7d617010 RDI: 0000000000000004 [ 477.628364][T14176] RBP: 0000000000000000 R08: 00007efd7d616f14 R09: 000000000000000c [ 477.628379][T14176] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000004 [ 477.628393][T14176] R13: 00007efd7d616f68 R14: 00007efd7d617010 R15: 0000000000000000 [ 477.628429][T14176] [ 478.012523][T14185] bridge0: port 3(veth0_to_bridge) entered blocking state [ 478.123289][T14185] bridge0: port 3(veth0_to_bridge) entered disabled state [ 478.143735][T14185] veth0_to_bridge: entered allmulticast mode [ 478.174289][T14185] veth0_to_bridge: entered promiscuous mode [ 478.180678][T14185] bridge0: adding interface veth0_to_bridge with same address as a received packet (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 478.193655][T14185] bridge0: port 3(veth0_to_bridge) entered blocking state [ 478.200841][T14185] bridge0: port 3(veth0_to_bridge) entered forwarding state [ 478.277050][T14187] netlink: 268 bytes leftover after parsing attributes in process `syz.3.1911'. [ 478.277981][T14189] program syz.2.1912 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 478.318845][T14189] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 478.675933][T14197] random: crng reseeded on system resumption [ 479.860391][T14228] FAULT_INJECTION: forcing a failure. [ 479.860391][T14228] name failslab, interval 1, probability 0, space 0, times 0 [ 479.875634][T14228] CPU: 1 UID: 0 PID: 14228 Comm: syz.2.1919 Not tainted syzkaller #0 PREEMPT(full) [ 479.875667][T14228] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 479.875680][T14228] Call Trace: [ 479.875688][T14228] [ 479.875698][T14228] dump_stack_lvl+0x16c/0x1f0 [ 479.875733][T14228] should_fail_ex+0x512/0x640 [ 479.875760][T14228] ? kmem_cache_alloc_node_noprof+0x65/0x770 [ 479.875798][T14228] should_failslab+0xc2/0x120 [ 479.875828][T14228] kmem_cache_alloc_node_noprof+0x78/0x770 [ 479.875851][T14228] ? finish_fault+0xa14/0x1070 [ 479.875879][T14228] ? __alloc_skb+0x2b2/0x380 [ 479.875911][T14228] ? __alloc_skb+0x2b2/0x380 [ 479.875932][T14228] __alloc_skb+0x2b2/0x380 [ 479.875957][T14228] ? __pfx___alloc_skb+0x10/0x10 [ 479.875985][T14228] ? __pfx___might_resched+0x10/0x10 [ 479.876019][T14228] netlink_alloc_large_skb+0x69/0x140 [ 479.876051][T14228] netlink_sendmsg+0x698/0xdd0 [ 479.876086][T14228] ? __pfx_netlink_sendmsg+0x10/0x10 [ 479.876119][T14228] ? aa_sock_msg_perm.constprop.0+0x100/0x1d0 [ 479.876157][T14228] __sys_sendto+0x4a0/0x520 [ 479.876183][T14228] ? __pfx___sys_sendto+0x10/0x10 [ 479.876218][T14228] ? find_held_lock+0x2b/0x80 [ 479.876270][T14228] __x64_sys_sendto+0xe0/0x1c0 [ 479.876293][T14228] ? do_syscall_64+0x91/0xfa0 [ 479.876318][T14228] ? lockdep_hardirqs_on+0x7c/0x110 [ 479.876344][T14228] do_syscall_64+0xcd/0xfa0 [ 479.876372][T14228] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 479.876396][T14228] RIP: 0033:0x7fdedbd90d5c [ 479.876415][T14228] Code: 2a 5f 02 00 44 8b 4c 24 2c 4c 8b 44 24 20 89 c5 44 8b 54 24 28 48 8b 54 24 18 b8 2c 00 00 00 48 8b 74 24 10 8b 7c 24 08 0f 05 <48> 3d 00 f0 ff ff 77 34 89 ef 48 89 44 24 08 e8 70 5f 02 00 48 8b [ 479.876438][T14228] RSP: 002b:00007fdedcc0eec0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 479.876462][T14228] RAX: ffffffffffffffda RBX: 00007fdedcc0efc0 RCX: 00007fdedbd90d5c [ 479.876478][T14228] RDX: 000000000000001c RSI: 00007fdedcc0f010 RDI: 0000000000000004 [ 479.876493][T14228] RBP: 0000000000000000 R08: 00007fdedcc0ef14 R09: 000000000000000c [ 479.876508][T14228] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000004 [ 479.876523][T14228] R13: 00007fdedcc0ef68 R14: 00007fdedcc0f010 R15: 0000000000000000 [ 479.876558][T14228] [ 480.653202][T14232] netlink: set zone limit has 8 unknown bytes [ 480.671796][T14234] netlink: 268 bytes leftover after parsing attributes in process `syz.3.1922'. [ 480.683369][T14235] HfR: entered promiscuous mode [ 481.491759][ T30] audit: type=1800 audit(4294994621.063:18): pid=14254 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.1926" name="lu_gp_id" dev="configfs" ino=67510 res=0 errno=0 [ 481.655680][ T9382] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 483.001112][T14281] netlink: 'syz.1.1933': attribute type 2 has an invalid length. [ 483.483773][T14293] FAULT_INJECTION: forcing a failure. [ 483.483773][T14293] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 483.515095][T14293] CPU: 1 UID: 0 PID: 14293 Comm: syz.3.1938 Not tainted syzkaller #0 PREEMPT(full) [ 483.515129][T14293] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 483.515143][T14293] Call Trace: [ 483.515152][T14293] [ 483.515162][T14293] dump_stack_lvl+0x16c/0x1f0 [ 483.515194][T14293] should_fail_ex+0x512/0x640 [ 483.515229][T14293] _copy_from_iter+0x29f/0x1720 [ 483.515263][T14293] ? __alloc_skb+0x200/0x380 [ 483.515289][T14293] ? __pfx__copy_from_iter+0x10/0x10 [ 483.515321][T14293] ? __pfx___might_resched+0x10/0x10 [ 483.515359][T14293] netlink_sendmsg+0x820/0xdd0 [ 483.515394][T14293] ? __pfx_netlink_sendmsg+0x10/0x10 [ 483.515428][T14293] ? aa_sock_msg_perm.constprop.0+0x100/0x1d0 [ 483.515467][T14293] __sys_sendto+0x4a0/0x520 [ 483.515493][T14293] ? __pfx___sys_sendto+0x10/0x10 [ 483.515536][T14293] ? find_held_lock+0x2b/0x80 [ 483.515587][T14293] __x64_sys_sendto+0xe0/0x1c0 [ 483.515611][T14293] ? do_syscall_64+0x91/0xfa0 [ 483.515636][T14293] ? lockdep_hardirqs_on+0x7c/0x110 [ 483.515662][T14293] do_syscall_64+0xcd/0xfa0 [ 483.515690][T14293] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 483.515715][T14293] RIP: 0033:0x7efd7c790d5c [ 483.515735][T14293] Code: 2a 5f 02 00 44 8b 4c 24 2c 4c 8b 44 24 20 89 c5 44 8b 54 24 28 48 8b 54 24 18 b8 2c 00 00 00 48 8b 74 24 10 8b 7c 24 08 0f 05 <48> 3d 00 f0 ff ff 77 34 89 ef 48 89 44 24 08 e8 70 5f 02 00 48 8b [ 483.515757][T14293] RSP: 002b:00007efd7d616ec0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 483.515780][T14293] RAX: ffffffffffffffda RBX: 00007efd7d616fc0 RCX: 00007efd7c790d5c [ 483.515797][T14293] RDX: 000000000000001c RSI: 00007efd7d617010 RDI: 0000000000000004 [ 483.515811][T14293] RBP: 0000000000000000 R08: 00007efd7d616f14 R09: 000000000000000c [ 483.515827][T14293] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000004 [ 483.515841][T14293] R13: 00007efd7d616f68 R14: 00007efd7d617010 R15: 0000000000000000 [ 483.515876][T14293] [ 483.696983][ T9382] Bluetooth: hci0: command 0x0c1a tx timeout [ 484.185394][T14302] binder: 14301:14302 ioctl c0306201 200000000000 returned -14 [ 486.108116][T14343] netlink: 268 bytes leftover after parsing attributes in process `syz.3.1954'. [ 486.536835][T14349] netlink: zone id is out of range [ 486.547236][T14349] netlink: zone id is out of range [ 486.553773][T14349] netlink: zone id is out of range [ 486.562554][T14349] netlink: zone id is out of range [ 486.576713][T14349] netlink: zone id is out of range [ 486.585084][T14349] netlink: zone id is out of range [ 486.596242][T14349] netlink: zone id is out of range [ 486.612627][T14349] netlink: zone id is out of range [ 486.617855][T14349] netlink: zone id is out of range [ 486.623078][T14349] netlink: zone id is out of range [ 487.266150][T14371] netlink: 268 bytes leftover after parsing attributes in process `syz.2.1964'. [ 488.188554][T14392] netlink: 334 bytes leftover after parsing attributes in process `syz.3.1969'. [ 488.221727][T14393] netlink: 334 bytes leftover after parsing attributes in process `syz.3.1969'. [ 488.821612][T14418] netlink: 268 bytes leftover after parsing attributes in process `syz.1.1975'. [ 489.929856][T14454] netlink: 268 bytes leftover after parsing attributes in process `syz.2.1985'. [ 490.225827][T14467] random: crng reseeded on system resumption [ 490.901996][T14491] netlink: 330 bytes leftover after parsing attributes in process `syz.0.1993'. [ 491.452115][T14504] netlink: 268 bytes leftover after parsing attributes in process `syz.1.1997'. [ 491.533401][T14506] random: crng reseeded on system resumption [ 494.698452][T14568] ptrace attach of "./syz-executor exec"[14569] was attempted by "./syz-executor exec"[14568] [ 495.737119][T14582] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2018'. [ 496.413991][ T9382] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18 [ 498.495146][ T9382] Bluetooth: hci2: command 0x0c1a tx timeout [ 498.790198][T14649] __vm_enough_memory: pid: 14649, comm: syz.1.2037, bytes: 4398046511104 not enough memory for the allocation [ 498.872873][T14653] perf: Dynamic interrupt throttling disabled, can hang your system! [ 499.921564][T14671] FAULT_INJECTION: forcing a failure. [ 499.921564][T14671] name failslab, interval 1, probability 0, space 0, times 0 [ 499.934586][T14671] CPU: 1 UID: 0 PID: 14671 Comm: syz.2.2043 Not tainted syzkaller #0 PREEMPT(full) [ 499.934617][T14671] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 499.934631][T14671] Call Trace: [ 499.934639][T14671] [ 499.934648][T14671] dump_stack_lvl+0x116/0x1f0 [ 499.934679][T14671] should_fail_ex+0x512/0x640 [ 499.934710][T14671] should_failslab+0xc2/0x120 [ 499.934739][T14671] kmem_cache_alloc_noprof+0x75/0x6e0 [ 499.934763][T14671] ? __send_signal_locked+0x159/0x12c0 [ 499.934804][T14671] ? __send_signal_locked+0x159/0x12c0 [ 499.934837][T14671] __send_signal_locked+0x159/0x12c0 [ 499.934873][T14671] ? __lock_task_sighand+0x146/0x340 [ 499.934899][T14671] do_send_specific+0x1e8/0x370 [ 499.934926][T14671] ? __pfx_do_send_specific+0x10/0x10 [ 499.934950][T14671] ? __task_pid_nr_ns+0x1f5/0x500 [ 499.934988][T14671] do_rt_tgsigqueueinfo+0xa9/0x100 [ 499.935019][T14671] __x64_sys_rt_tgsigqueueinfo+0x17a/0x210 [ 499.935055][T14671] ? __pfx___x64_sys_rt_tgsigqueueinfo+0x10/0x10 [ 499.935112][T14671] do_syscall_64+0xcd/0xfa0 [ 499.935149][T14671] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 499.935174][T14671] RIP: 0033:0x7fdedbd8eec9 [ 499.935195][T14671] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 499.935218][T14671] RSP: 002b:00007fdedcc10038 EFLAGS: 00000246 ORIG_RAX: 0000000000000129 [ 499.935242][T14671] RAX: ffffffffffffffda RBX: 00007fdedbfe5fa0 RCX: 00007fdedbd8eec9 [ 499.935257][T14671] RDX: 0000000000000021 RSI: 000000000000073c RDI: 000000000000073b [ 499.935270][T14671] RBP: 00007fdedbe11f91 R08: 0000000000000000 R09: 0000000000000000 [ 499.935284][T14671] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 499.935296][T14671] R13: 00007fdedbfe6038 R14: 00007fdedbfe5fa0 R15: 00007fff88b043c8 [ 499.935329][T14671] [ 500.148479][T14671] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2043'. [ 501.496479][T14713] Unable to find swap-space signature [ 501.679661][T14726] random: crng reseeded on system resumption [ 502.691019][T14741] cougar: G6 mapped to space [ 502.698949][T14742] futex_wake_op: syz.2.2057 tries to shift op by -2048; fix this program [ 502.725480][T14742] futex_wake_op: syz.2.2057 tries to shift op by -2048; fix this program [ 503.441598][T14763] hub 3-0:1.0: USB hub found [ 503.504761][T14763] hub 3-0:1.0: 1 port detected [ 503.561271][T14763] usb usb3: authorized to connect [ 503.907215][T14772] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2061'. [ 504.459690][T14791] netlink: 268 bytes leftover after parsing attributes in process `syz.1.2066'. [ 505.180379][T14802] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2069'. [ 506.685222][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 506.691599][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 507.927789][T14852] netlink: 'syz.0.2084': attribute type 1 has an invalid length. [ 509.610312][T14915] input: jJǸ-¶š9ã%vø“û¨lÐQ  J86Ö‘ as /devices/virtual/input/input21 [ 509.668490][T14915] vivid-007: ================= START STATUS ================= [ 509.676335][T14915] vivid-007: Generate PTS: true [ 509.685093][T14915] vivid-007: Generate SCR: true [ 509.695148][T14915] tpg source WxH: 320x240 (Y'CbCr) [ 509.719339][T14915] tpg field: 1 [ 509.725136][T14915] tpg crop: (0,0)/320x240 [ 509.730865][T14915] tpg compose: (0,0)/320x240 [ 509.773299][T14915] tpg colorspace: 8 [ 509.782210][T14915] tpg transfer function: 0/0 [ 509.795324][T14915] tpg Y'CbCr encoding: 0/0 [ 509.799751][T14915] tpg quantization: 0/0 [ 509.835417][T14915] tpg RGB range: 0/2 [ 509.839899][T14915] vivid-007: ================== END STATUS ================== [ 510.998060][T14959] netlink: 268 bytes leftover after parsing attributes in process `syz.1.2100'. [ 511.588875][T14975] FAULT_INJECTION: forcing a failure. [ 511.588875][T14975] name failslab, interval 1, probability 0, space 0, times 0 [ 511.617038][T14975] CPU: 0 UID: 0 PID: 14975 Comm: syz.2.2105 Not tainted syzkaller #0 PREEMPT(full) [ 511.617079][T14975] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 511.617096][T14975] Call Trace: [ 511.617106][T14975] [ 511.617115][T14975] dump_stack_lvl+0x16c/0x1f0 [ 511.617149][T14975] should_fail_ex+0x512/0x640 [ 511.617181][T14975] ? __kmalloc_cache_noprof+0x5f/0x780 [ 511.617224][T14975] should_failslab+0xc2/0x120 [ 511.617259][T14975] __kmalloc_cache_noprof+0x72/0x780 [ 511.617296][T14975] ? apparmor_file_open+0x1a1/0x9c0 [ 511.617330][T14975] ? single_open+0x4d/0x1f0 [ 511.617367][T14975] ? __pfx_tracing_trace_options_show+0x10/0x10 [ 511.617401][T14975] ? single_open+0x4d/0x1f0 [ 511.617432][T14975] single_open+0x4d/0x1f0 [ 511.617465][T14975] tracing_trace_options_open+0xa7/0x100 [ 511.617508][T14975] do_dentry_open+0x97f/0x1530 [ 511.617537][T14975] ? __pfx_tracing_trace_options_open+0x10/0x10 [ 511.617582][T14975] vfs_open+0x82/0x3f0 [ 511.617618][T14975] path_openat+0x1de4/0x2cb0 [ 511.617657][T14975] ? __pfx_path_openat+0x10/0x10 [ 511.617693][T14975] do_filp_open+0x20b/0x470 [ 511.617721][T14975] ? __pfx_do_filp_open+0x10/0x10 [ 511.617774][T14975] ? alloc_fd+0x471/0x7d0 [ 511.617821][T14975] do_sys_openat2+0x11b/0x1d0 [ 511.617858][T14975] ? __pfx_do_sys_openat2+0x10/0x10 [ 511.617908][T14975] __x64_sys_openat+0x174/0x210 [ 511.617943][T14975] ? __pfx___x64_sys_openat+0x10/0x10 [ 511.617992][T14975] do_syscall_64+0xcd/0xfa0 [ 511.618023][T14975] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 511.618050][T14975] RIP: 0033:0x7fdedbd8eec9 [ 511.618076][T14975] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 511.618102][T14975] RSP: 002b:00007fdedcc10038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 511.618128][T14975] RAX: ffffffffffffffda RBX: 00007fdedbfe5fa0 RCX: 00007fdedbd8eec9 [ 511.618147][T14975] RDX: 0000000000084100 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 511.618162][T14975] RBP: 00007fdedbe11f91 R08: 0000000000000000 R09: 0000000000000000 [ 511.618176][T14975] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 511.618190][T14975] R13: 00007fdedbfe6038 R14: 00007fdedbfe5fa0 R15: 00007fff88b043c8 [ 511.618226][T14975] [ 512.128783][T14984] CIFS mount error: No usable UNC path provided in device string! [ 512.128783][T14984] [ 512.140812][T14984] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 512.151414][T14980] svc: failed to register nfsdv3 RPC service (errno 111). [ 512.168027][T14980] svc: failed to register nfsaclv3 RPC service (errno 111). [ 512.194099][T14986] can: request_module (can-proto-4) failed. [ 512.198881][T14990] input: jJǸ-¶š9ã%vø“û¨lÐQ  J86Ö‘ as /devices/virtual/input/input22 [ 512.971261][T15002] netlink: 268 bytes leftover after parsing attributes in process `syz.2.2112'. [ 513.094047][T14997] Invalid ELF header magic: != ELF [ 515.125867][T15061] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2127'. [ 515.248299][ T30] audit: type=1804 audit(4294967304.420:19): pid=15064 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.2126" name="file0" dev="tmpfs" ino=3188 res=1 errno=0 [ 515.313044][T15066] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2127'. [ 515.671753][T15080] rtc_cmos 00:00: Alarms can be up to one day in the future [ 516.341784][T15099] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2132'. [ 516.420593][T15099] bond_slave_1: entered allmulticast mode [ 516.536336][T15108] netlink: 'syz.1.2134': attribute type 10 has an invalid length. [ 516.600394][T15108] netlink: 330 bytes leftover after parsing attributes in process `syz.1.2134'. [ 516.815504][T15115] netlink: 342 bytes leftover after parsing attributes in process `syz.0.2136'. [ 517.128048][T15126] vhci_hcd: invalid port number 16 [ 517.133199][T15126] vhci_hcd: invalid port number 16 [ 517.425582][T15137] netlink: 158 bytes leftover after parsing attributes in process `syz.3.2143'. [ 517.434655][T15137] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2143'. [ 519.289716][ T9382] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 521.200785][T15224] EXT4-fs error (device sda1): ext4_validate_inode_bitmap:104: comm syz-executor: Corrupt inode bitmap - block_group = 0, inode_bitmap = 137 [ 521.261383][T15224] EXT4-fs error (device sda1): ext4_validate_inode_bitmap:104: comm syz-executor: Corrupt inode bitmap - block_group = 1, inode_bitmap = 138 [ 521.324287][T15224] EXT4-fs error (device sda1): ext4_validate_block_bitmap:423: comm syz-executor: bg 0: bad block bitmap checksum [ 521.375389][ T7679] Bluetooth: hci1: command 0x0c1a tx timeout [ 522.473789][ T9382] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 522.482532][ T9382] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 522.490769][ T9382] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 522.499005][ T9382] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 522.545695][ T9382] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 522.699219][T15248] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2164'. [ 522.723952][T15248] net_ratelimit: 365 callbacks suppressed [ 522.723970][T15248] openvswitch: netlink: Flow key attr not present in new flow. [ 522.995352][ T9488] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 523.126929][ T9488] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 523.366827][ T9488] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 523.843894][T15275] svc: failed to register nfsdv3 RPC service (errno 111). [ 523.853119][T15277] CIFS mount error: No usable UNC path provided in device string! [ 523.853119][T15277] [ 523.874212][T15277] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 523.954936][ T9488] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 523.968586][T15275] svc: failed to register nfsaclv3 RPC service (errno 111). [ 524.229054][T15281] netlink: 268 bytes leftover after parsing attributes in process `syz.3.2170'. [ 524.665171][ T9382] Bluetooth: hci4: command tx timeout [ 524.791608][T15246] chnl_net:caif_netlink_parms(): no params data found [ 525.011854][T15302] netlink: 'syz.0.2176': attribute type 10 has an invalid length. [ 525.025926][T15302] netlink: 330 bytes leftover after parsing attributes in process `syz.0.2176'. [ 525.081357][ T9488] netdevsim netdevsim15 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 525.232260][T15292] random: crng reseeded on system resumption [ 525.677398][T15246] bridge0: port 1(bridge_slave_0) entered blocking state [ 525.692662][T15246] bridge0: port 1(bridge_slave_0) entered disabled state [ 525.708717][T15246] bridge_slave_0: entered allmulticast mode [ 525.722278][T15246] bridge_slave_0: entered promiscuous mode [ 525.870008][T15246] bridge0: port 2(bridge_slave_1) entered blocking state [ 525.908913][T15246] bridge0: port 2(bridge_slave_1) entered disabled state [ 525.925990][T15246] bridge_slave_1: entered allmulticast mode [ 525.944552][T15246] bridge_slave_1: entered promiscuous mode [ 526.211102][ T9488] veth0_to_bridge: left allmulticast mode [ 526.225110][ T9488] veth0_to_bridge: left promiscuous mode [ 526.232973][ T9488] bridge0: port 3(veth0_to_bridge) entered disabled state [ 526.267312][ T9488] bridge_slave_1: left allmulticast mode [ 526.273731][ T9488] bridge_slave_1: left promiscuous mode [ 526.280016][ T9488] bridge0: port 2(bridge_slave_1) entered disabled state [ 526.320620][ T9488] bridge_slave_0: left allmulticast mode [ 526.335819][ T9488] bridge_slave_0: left promiscuous mode [ 526.347898][ T9488] bridge0: port 1(bridge_slave_0) entered disabled state [ 526.737495][ T9382] Bluetooth: hci4: command tx timeout [ 526.911268][ T9488] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 526.923993][ T9488] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 526.933884][ T9488] bond0 (unregistering): Released all slaves [ 526.988929][T15246] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 527.003554][T15246] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 527.018387][ T9488] HfR: left promiscuous mode [ 527.109226][T15333] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2178'. [ 527.157796][T15334] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2178'. [ 527.228778][T15246] team0: Port device team_slave_0 added [ 527.241618][T15246] team0: Port device team_slave_1 added [ 527.686744][T15246] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 527.746411][T15246] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 527.838800][T15246] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 527.915628][T15246] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 528.010495][T15246] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 528.343125][T15246] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 528.365314][T15355] zswap: compressor not available [ 528.815140][ T9382] Bluetooth: hci4: command tx timeout [ 529.406835][T15246] hsr_slave_0: entered promiscuous mode [ 529.515669][T15246] hsr_slave_1: entered promiscuous mode [ 529.522032][T15246] debugfs: 'hsr0' already exists in 'hsr' [ 529.537904][T15246] Cannot create hsr debugfs directory [ 530.467997][T15389] random: crng reseeded on system resumption [ 530.895254][ T9382] Bluetooth: hci4: command tx timeout [ 531.030993][T15402] netlink: 342 bytes leftover after parsing attributes in process `syz.2.2181'. [ 531.691427][T15246] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 531.702582][T15246] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 531.721880][T15246] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 531.820264][T15246] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 532.296881][ T9488] hsr_slave_0: left promiscuous mode [ 532.366947][ T9488] hsr_slave_1: left promiscuous mode [ 532.414095][ T9488] veth1_vlan: left promiscuous mode [ 532.420485][ T9488] veth0_vlan: left promiscuous mode [ 532.773053][ T9382] Bluetooth: hci1: unexpected event 0x36 length: 123 > 7 [ 533.281655][T15456] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2195'. [ 533.333147][ T9488] team0 (unregistering): Port device team_slave_1 removed [ 533.647848][T15456] bridge_slave_1: left allmulticast mode [ 533.655175][T15456] bridge_slave_1: left promiscuous mode [ 533.662101][T15456] bridge0: port 2(bridge_slave_1) entered disabled state [ 533.673915][T15456] bridge_slave_0: left allmulticast mode [ 533.680173][T15456] bridge_slave_0: left promiscuous mode [ 533.687115][T15456] bridge0: port 1(bridge_slave_0) entered disabled state [ 534.290522][ T30] audit: type=1800 audit(4294967323.470:20): pid=15467 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.2197" name="features" dev="configfs" ino=75488 res=0 errno=0 [ 534.508811][T15246] 8021q: adding VLAN 0 to HW filter on device bond0 [ 534.585853][T15246] 8021q: adding VLAN 0 to HW filter on device team0 [ 534.686317][ T8723] bridge0: port 1(bridge_slave_0) entered blocking state [ 534.693429][ T8723] bridge0: port 1(bridge_slave_0) entered forwarding state [ 534.759731][ T8723] bridge0: port 2(bridge_slave_1) entered blocking state [ 534.766853][ T8723] bridge0: port 2(bridge_slave_1) entered forwarding state [ 535.059334][T15483] vivid-007: ================= START STATUS ================= [ 535.067118][T15483] vivid-007: Generate PTS: true [ 535.071999][T15483] vivid-007: Generate SCR: true [ 535.104163][T15483] tpg source WxH: 320x240 (Y'CbCr) [ 535.169134][T15483] tpg field: 1 [ 535.172509][T15483] tpg crop: (0,0)/320x240 [ 535.179631][T15483] tpg compose: (0,0)/320x240 [ 535.184219][T15483] tpg colorspace: 8 [ 535.188383][T15483] tpg transfer function: 0/0 [ 535.192973][T15483] tpg Y'CbCr encoding: 0/0 [ 535.205099][T15483] tpg quantization: 0/0 [ 535.209516][T15483] tpg RGB range: 0/2 [ 535.213410][T15483] vivid-007: ================== END STATUS ================== [ 536.018730][T15515] netlink: 268 bytes leftover after parsing attributes in process `syz.2.2206'. [ 536.033615][T15246] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 536.310622][T15246] veth0_vlan: entered promiscuous mode [ 536.328784][T15526] sd 0:0:1:0: device reset [ 536.370762][T15246] veth1_vlan: entered promiscuous mode [ 536.434333][T15246] veth0_macvtap: entered promiscuous mode [ 536.495223][T15246] veth1_macvtap: entered promiscuous mode [ 536.599329][T15246] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 536.907339][T15533] zswap: compressor 000 not available [ 537.021838][T15246] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 537.114867][ T8756] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 537.212070][ T8756] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 537.243866][ T8756] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 537.483244][ T8756] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 537.817445][ T8756] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 537.826265][ T8756] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 537.999485][ T8723] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 538.011238][ T8723] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 538.199529][T15556] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 539.026818][T15593] could not allocate digest TFM handle [ 539.235794][T15601] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2219'. [ 539.521677][T15606] [U] [ 539.524467][T15606] [U] [ 539.527166][T15606] [U] [ 539.529884][T15606] [U] [ 539.596080][T15606] [U] [ 539.598825][T15606] [U] [ 539.601539][T15606] [U] [ 539.604237][T15606] [U] [ 539.646486][T15606] [U] [ 539.649214][T15606] [U] [ 539.651912][T15606] [U] [ 539.654607][T15606] [U] [ 539.665292][T15606] [U] [ 539.668021][T15606] [U] [ 539.670714][T15606] [U] [ 539.673411][T15606] [U] [ 539.685084][T15606] [U] [ 539.687774][T15606] [U] [ 539.690441][T15606] [U] [ 539.693111][T15606] [U] [ 539.696060][T15606] [U] [ 539.698780][T15606] [U] [ 539.701487][T15606] [U] [ 539.704190][T15606] [U] [ 539.706988][T15606] [U] [ 539.709699][T15606] [U] [ 539.712410][T15606] [U] [ 539.715115][T15606] [U] [ 539.718911][T15606] [U] [ 539.721634][T15606] [U] [ 539.724345][T15606] [U] [ 539.727046][T15606] [U] [ 539.779047][T15606] [U] [ 539.781785][T15606] [U] [ 539.784486][T15606] [U] [ 539.787182][T15606] [U] [ 539.822635][T15606] [U] [ 539.825350][T15606] [U] [ 539.828026][T15606] [U] [ 539.830700][T15606] [U] [ 539.838767][T15606] [U] [ 539.841470][T15606] [U] [ 539.844148][T15606] [U] [ 539.846818][T15606] [U] [ 539.862184][T15606] [U] [ 539.864917][T15606] [U] [ 539.867628][T15606] [U] [ 539.870340][T15606] [U] [ 539.876624][T15606] [U] [ 539.879317][T15606] [U] [ 539.881988][T15606] [U] [ 539.884657][T15606] [U] [ 539.892458][T15606] [U] [ 539.895199][T15606] [U] [ 539.897899][T15606] [U] [ 539.900591][T15606] [U] [ 539.903487][T15606] [U] [ 539.906208][T15606] [U] [ 539.908918][T15606] [U] [ 539.911613][T15606] [U] [ 539.921479][T15606] [U] [ 539.924216][T15606] [U] [ 539.926922][T15606] [U] [ 539.929628][T15606] [U] [ 539.942590][T15606] [U] [ 539.945286][T15606] [U] [ 539.947956][T15606] [U] [ 539.950636][T15606] [U] [ 539.972433][T15606] [U] [ 539.975137][T15606] [U] [ 539.977820][T15606] [U] [ 539.980488][T15606] [U] [ 540.175615][T15606] [U] [ 540.178364][T15606] [U] [ 540.181080][T15606] [U] [ 540.183798][T15606] [U] [ 540.204302][T15606] [U] [ 540.469842][T15621] random: crng reseeded on system resumption [ 540.958822][T15633] zswap: compressor not available [ 541.290976][T15655] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 542.194577][T15677] netlink: 'syz.1.2232': attribute type 5 has an invalid length. [ 542.226715][T15677] netlink: 1284 bytes leftover after parsing attributes in process `syz.1.2232'. [ 543.442780][T15718] netlink: 268 bytes leftover after parsing attributes in process `syz.3.2242'. [ 543.779220][T15723] ICMPv6: process `syz.3.2244' is using deprecated sysctl (syscall) net.ipv6.neigh.ipvlan1.retrans_time - use net.ipv6.neigh.ipvlan1.retrans_time_ms instead [ 544.336478][T15738] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2246'. [ 544.374049][T15738] bridge_slave_1: left allmulticast mode [ 544.386206][T15738] bridge_slave_1: left promiscuous mode [ 544.393929][T15738] bridge0: port 2(bridge_slave_1) entered disabled state [ 544.419133][T15738] bridge_slave_0: left allmulticast mode [ 544.433779][T15738] bridge_slave_0: left promiscuous mode [ 544.455501][T15738] bridge0: port 1(bridge_slave_0) entered disabled state [ 544.659597][T15753] zram: Added device: zram1 [ 544.812250][T15756] i2c i2c-0: new_device: Instantiated device card: at 0x01 [ 544.827856][T15757] CIFS mount error: No usable UNC path provided in device string! [ 544.827856][T15757] [ 544.838929][T15757] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 545.227897][T15740] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 545.234276][T15740] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 545.439233][T15740] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 545.536015][T15740] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 545.642601][T15740] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 545.656514][T15740] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 545.669160][T15740] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 545.837052][T15740] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 545.884056][T15777] netlink: 268 bytes leftover after parsing attributes in process `syz.3.2252'. [ 546.735141][ T9382] Bluetooth: hci2: command 0x0c1a tx timeout [ 547.455287][ T9382] Bluetooth: hci1: command 0x0c1a tx timeout [ 547.488477][T15811] Process accounting resumed [ 547.695142][ T9382] Bluetooth: hci4: command 0x0c1a tx timeout [ 547.701453][ T9382] Bluetooth: hci3: command 0x0c1a tx timeout [ 548.815269][ T9382] Bluetooth: hci2: command 0x0c1a tx timeout [ 549.538591][ T9382] Bluetooth: hci1: command 0x0c1a tx timeout [ 549.667486][T15868] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 549.778560][ T9382] Bluetooth: hci4: command 0x0c1a tx timeout [ 550.969510][T15883] FAULT_INJECTION: forcing a failure. [ 550.969510][T15883] name failslab, interval 1, probability 0, space 0, times 0 [ 551.086051][T15883] CPU: 0 UID: 0 PID: 15883 Comm: syz.1.2276 Not tainted syzkaller #0 PREEMPT(full) [ 551.086090][T15883] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 551.086106][T15883] Call Trace: [ 551.086121][T15883] [ 551.086132][T15883] dump_stack_lvl+0x16c/0x1f0 [ 551.086168][T15883] should_fail_ex+0x512/0x640 [ 551.086198][T15883] ? __kmalloc_cache_noprof+0x5f/0x780 [ 551.086243][T15883] should_failslab+0xc2/0x120 [ 551.086277][T15883] __kmalloc_cache_noprof+0x72/0x780 [ 551.086317][T15883] ? percpu_ref_init+0xec/0x410 [ 551.086348][T15883] ? percpu_ref_init+0xec/0x410 [ 551.086371][T15883] ? __pfx_css_release+0x10/0x10 [ 551.086404][T15883] percpu_ref_init+0xec/0x410 [ 551.086427][T15883] ? init_and_link_css+0x32c/0x700 [ 551.086460][T15883] cgroup_apply_control_enable+0x50b/0xbb0 [ 551.086514][T15883] cgroup_mkdir+0x5e0/0x12e0 [ 551.086544][T15883] ? __pfx_cgroup_mkdir+0x10/0x10 [ 551.086570][T15883] kernfs_iop_mkdir+0x111/0x190 [ 551.086603][T15883] ? bpf_lsm_inode_mkdir+0x9/0x10 [ 551.086631][T15883] vfs_mkdir+0x593/0x8c0 [ 551.086672][T15883] do_mkdirat+0x304/0x3e0 [ 551.086702][T15883] ? __pfx_do_mkdirat+0x10/0x10 [ 551.086733][T15883] ? getname_flags.part.0+0x1c5/0x550 [ 551.086772][T15883] __x64_sys_mkdir+0xef/0x140 [ 551.086800][T15883] do_syscall_64+0xcd/0xfa0 [ 551.086831][T15883] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 551.086858][T15883] RIP: 0033:0x7f50ee38eec9 [ 551.086879][T15883] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 551.086904][T15883] RSP: 002b:00007f50ef280038 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 551.086929][T15883] RAX: ffffffffffffffda RBX: 00007f50ee5e6090 RCX: 00007f50ee38eec9 [ 551.086947][T15883] RDX: 0000000000000000 RSI: 00000000000008cd RDI: 0000200000000000 [ 551.086963][T15883] RBP: 00007f50ee411f91 R08: 0000000000000000 R09: 0000000000000000 [ 551.086979][T15883] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 551.086996][T15883] R13: 00007f50ee5e6128 R14: 00007f50ee5e6090 R15: 00007ffda95b7c98 [ 551.087035][T15883] [ 551.439885][T15894] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2279'. [ 551.669501][ T30] audit: type=1400 audit(4294967340.850:21): apparmor="DENIED" operation="setprocattr" info="exec" error=-22 profile="unconfined" pid=15896 comm="syz.1.2278" [ 551.858917][T15904] i2c i2c-0: delete_device: Can't find device in list [ 551.865965][ T9382] Bluetooth: hci4: command 0x0c1a tx timeout [ 554.726985][T15956] zram: Added device: zram2 [ 555.690702][T15984] netlink: 268 bytes leftover after parsing attributes in process `syz.0.2300'. [ 556.071024][T15976] can: request_module (can-proto-0) failed. [ 557.296379][T16029] FAULT_INJECTION: forcing a failure. [ 557.296379][T16029] name failslab, interval 1, probability 0, space 0, times 0 [ 557.309032][T16029] CPU: 1 UID: 0 PID: 16029 Comm: syz.3.2310 Not tainted syzkaller #0 PREEMPT(full) [ 557.309051][T16029] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 557.309060][T16029] Call Trace: [ 557.309066][T16029] [ 557.309072][T16029] dump_stack_lvl+0x16c/0x1f0 [ 557.309093][T16029] should_fail_ex+0x512/0x640 [ 557.309111][T16029] ? kmem_cache_alloc_noprof+0x62/0x6e0 [ 557.309127][T16029] should_failslab+0xc2/0x120 [ 557.309146][T16029] kmem_cache_alloc_noprof+0x75/0x6e0 [ 557.309163][T16029] ? sk_prot_alloc+0x60/0x2a0 [ 557.309204][T16029] ? sk_prot_alloc+0x60/0x2a0 [ 557.309233][T16029] sk_prot_alloc+0x60/0x2a0 [ 557.309267][T16029] sk_alloc+0x36/0xc20 [ 557.309294][T16029] tipc_sk_create+0xce/0x22a0 [ 557.309325][T16029] ? find_held_lock+0x2b/0x80 [ 557.309341][T16029] ? __sock_create+0x2f2/0x8d0 [ 557.309363][T16029] __sock_create+0x335/0x8d0 [ 557.309385][T16029] __sys_socket+0x14d/0x260 [ 557.309406][T16029] ? __pfx___sys_socket+0x10/0x10 [ 557.309427][T16029] ? __pfx___x64_sys_clock_gettime+0x10/0x10 [ 557.309445][T16029] __x64_sys_socket+0x72/0xb0 [ 557.309464][T16029] ? lockdep_hardirqs_on+0x7c/0x110 [ 557.309479][T16029] do_syscall_64+0xcd/0xfa0 [ 557.309496][T16029] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 557.309510][T16029] RIP: 0033:0x7efd7c78eec9 [ 557.309522][T16029] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 557.309544][T16029] RSP: 002b:00007efd7d5f7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 557.309559][T16029] RAX: ffffffffffffffda RBX: 00007efd7c9e6090 RCX: 00007efd7c78eec9 [ 557.309569][T16029] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 000000000000001e [ 557.309578][T16029] RBP: 00007efd7c811f91 R08: 0000000000000000 R09: 0000000000000000 [ 557.309587][T16029] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 557.309595][T16029] R13: 00007efd7c9e6128 R14: 00007efd7c9e6090 R15: 00007ffe98fa1e78 [ 557.309615][T16029] [ 557.512347][ C1] vkms_vblank_simulate: vblank timer overrun [ 557.996784][T16041] netlink: 268 bytes leftover after parsing attributes in process `syz.1.2313'. [ 559.551292][T16058] FAULT_INJECTION: forcing a failure. [ 559.551292][T16058] name failslab, interval 1, probability 0, space 0, times 0 [ 559.585094][T16058] CPU: 1 UID: 0 PID: 16058 Comm: syz.3.2317 Not tainted syzkaller #0 PREEMPT(full) [ 559.585129][T16058] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 559.585145][T16058] Call Trace: [ 559.585154][T16058] [ 559.585163][T16058] dump_stack_lvl+0x16c/0x1f0 [ 559.585197][T16058] should_fail_ex+0x512/0x640 [ 559.585233][T16058] should_failslab+0xc2/0x120 [ 559.585266][T16058] kmem_cache_alloc_noprof+0x75/0x6e0 [ 559.585291][T16058] ? dst_alloc+0x99/0x1a0 [ 559.585323][T16058] ? dst_alloc+0x99/0x1a0 [ 559.585353][T16058] dst_alloc+0x99/0x1a0 [ 559.585382][T16058] rt_dst_alloc+0x35/0x3a0 [ 559.585418][T16058] ip_route_output_key_hash_rcu+0x87a/0x28e0 [ 559.585453][T16058] ip_route_output_key_hash+0x10f/0x2b0 [ 559.585477][T16058] ? __pfx_ip_route_output_key_hash+0x10/0x10 [ 559.585510][T16058] ? find_held_lock+0x2b/0x80 [ 559.585539][T16058] ip_route_output_flow+0x27/0x150 [ 559.585565][T16058] udp_sendmsg+0x1af9/0x2870 [ 559.585603][T16058] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 559.585638][T16058] ? __pfx_udp_sendmsg+0x10/0x10 [ 559.585690][T16058] ? __lock_acquire+0xb97/0x1ce0 [ 559.585728][T16058] ? aa_sk_perm+0x2f4/0xb10 [ 559.585785][T16058] ? __pfx_udp_sendmsg+0x10/0x10 [ 559.585819][T16058] inet_sendmsg+0x105/0x140 [ 559.585844][T16058] ____sys_sendmsg+0x973/0xc70 [ 559.585879][T16058] ? copy_msghdr_from_user+0x10a/0x160 [ 559.585907][T16058] ? __pfx_____sys_sendmsg+0x10/0x10 [ 559.585947][T16058] ? kfree+0x252/0x6d0 [ 559.585989][T16058] ___sys_sendmsg+0x134/0x1d0 [ 559.586018][T16058] ? __pfx____sys_sendmsg+0x10/0x10 [ 559.586079][T16058] ? __pfx___might_resched+0x10/0x10 [ 559.586113][T16058] __sys_sendmmsg+0x200/0x420 [ 559.586148][T16058] ? __pfx___sys_sendmmsg+0x10/0x10 [ 559.586174][T16058] ? udp_connect+0x4a/0x70 [ 559.586214][T16058] ? __pfx_do_futex+0x10/0x10 [ 559.586270][T16058] ? xfd_validate_state+0x61/0x180 [ 559.586302][T16058] ? __sys_setsockopt+0x140/0x1a0 [ 559.586342][T16058] __x64_sys_sendmmsg+0x9c/0x100 [ 559.586371][T16058] ? lockdep_hardirqs_on+0x7c/0x110 [ 559.586398][T16058] do_syscall_64+0xcd/0xfa0 [ 559.586429][T16058] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 559.586455][T16058] RIP: 0033:0x7efd7c78eec9 [ 559.586476][T16058] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 559.586500][T16058] RSP: 002b:00007efd7d5f7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 559.586525][T16058] RAX: ffffffffffffffda RBX: 00007efd7c9e6090 RCX: 00007efd7c78eec9 [ 559.586541][T16058] RDX: 00000000000009a6 RSI: 0000000000000000 RDI: 0000000000000003 [ 559.586556][T16058] RBP: 00007efd7c811f91 R08: 0000000000000000 R09: 0000000000000000 [ 559.586572][T16058] R10: 0000000007fffffe R11: 0000000000000246 R12: 0000000000000000 [ 559.586586][T16058] R13: 00007efd7c9e6128 R14: 00007efd7c9e6090 R15: 00007ffe98fa1e78 [ 559.586624][T16058] [ 563.486608][T16095] tipc: Started in network mode [ 563.491584][T16095] tipc: Node identity ee00, cluster identity 4711 [ 563.498497][T16095] tipc: Node number set to 60928 [ 564.751375][T16126] FAULT_INJECTION: forcing a failure. [ 564.751375][T16126] name failslab, interval 1, probability 0, space 0, times 0 [ 564.764277][T16126] CPU: 1 UID: 0 PID: 16126 Comm: syz.2.2334 Not tainted syzkaller #0 PREEMPT(full) [ 564.764303][T16126] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 564.764312][T16126] Call Trace: [ 564.764317][T16126] [ 564.764323][T16126] dump_stack_lvl+0x16c/0x1f0 [ 564.764343][T16126] should_fail_ex+0x512/0x640 [ 564.764360][T16126] ? kmem_cache_alloc_noprof+0x62/0x6e0 [ 564.764376][T16126] should_failslab+0xc2/0x120 [ 564.764394][T16126] kmem_cache_alloc_noprof+0x75/0x6e0 [ 564.764408][T16126] ? security_file_alloc+0x34/0x2b0 [ 564.764426][T16126] ? security_file_alloc+0x34/0x2b0 [ 564.764438][T16126] security_file_alloc+0x34/0x2b0 [ 564.764451][T16126] init_file+0x93/0x4c0 [ 564.764471][T16126] alloc_empty_file+0x73/0x1e0 [ 564.764490][T16126] alloc_file_pseudo+0x13a/0x230 [ 564.764510][T16126] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 564.764530][T16126] ? _raw_spin_unlock+0x28/0x50 [ 564.764543][T16126] ? alloc_fd+0x471/0x7d0 [ 564.764558][T16126] __anon_inode_getfile+0xe8/0x280 [ 564.764574][T16126] ? __init_waitqueue_head+0xca/0x150 [ 564.764600][T16126] do_epoll_create+0x329/0x480 [ 564.764614][T16126] __x64_sys_epoll_create+0x45/0x70 [ 564.764629][T16126] do_syscall_64+0xcd/0xfa0 [ 564.764646][T16126] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 564.764662][T16126] RIP: 0033:0x7fdedbd8eec9 [ 564.764673][T16126] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 564.764687][T16126] RSP: 002b:00007fdedcbef038 EFLAGS: 00000246 ORIG_RAX: 00000000000000d5 [ 564.764701][T16126] RAX: ffffffffffffffda RBX: 00007fdedbfe6090 RCX: 00007fdedbd8eec9 [ 564.764711][T16126] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 564.764719][T16126] RBP: 00007fdedbe11f91 R08: 0000000000000000 R09: 0000000000000000 [ 564.764728][T16126] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 564.764736][T16126] R13: 00007fdedbfe6128 R14: 00007fdedbfe6090 R15: 00007fff88b043c8 [ 564.764755][T16126] [ 564.964931][ C1] vkms_vblank_simulate: vblank timer overrun [ 567.146482][ T9382] Bluetooth: hci3: unexpected event 0x1d length: 6 > 5 [ 567.237651][T16193] vhci_hcd: invalid port number 23 [ 567.255173][T16193] vhci_hcd: Wrong hub descriptor type for USB 3.0 roothub. [ 568.100688][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 568.107140][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 573.273426][ T7679] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 573.348516][ T7679] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 573.414047][ T7679] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 573.533115][ T7679] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 573.597894][ T7679] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 586.950849][ T9382] Bluetooth: hci0: command tx timeout [ 587.267679][ T9382] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 587.293757][ T9382] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 587.492433][ T9382] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 588.605051][ C0] sched: DL replenish lagged too much [ 589.262106][ T7723] Bluetooth: hci0: command tx timeout [ 589.301886][ T7723] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 589.649049][ T7723] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 589.669334][ T7723] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 589.689098][T16255] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 589.706501][T16255] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 589.931564][ T7723] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 589.950161][ T7723] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 589.970093][ T7723] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 589.988215][T16255] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 590.248757][T16255] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 590.723385][ T7723] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 590.742309][ T7723] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 592.112762][T16255] Bluetooth: hci0: command tx timeout [ 592.361706][T16255] Bluetooth: hci2: command tx timeout [ 594.875755][ T9382] Bluetooth: hci0: command tx timeout [ 594.881176][ T9382] Bluetooth: hci2: command tx timeout [ 594.903606][T14031] Bluetooth: hci5: command tx timeout [ 594.927935][T16255] Bluetooth: hci6: command tx timeout [ 597.432152][T16255] Bluetooth: hci2: command tx timeout [ 597.446777][T16255] Bluetooth: hci5: command tx timeout [ 597.452167][T16255] Bluetooth: hci6: command tx timeout [ 603.672827][T16255] Bluetooth: hci6: command tx timeout [ 603.693799][T16255] Bluetooth: hci5: command tx timeout [ 603.716531][ T9382] Bluetooth: hci2: command tx timeout [ 609.056891][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 609.069037][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 609.082261][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 609.094658][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 609.107941][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 609.120326][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 609.133615][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 609.146018][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 609.159288][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 609.171670][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 611.138192][ T9382] Bluetooth: hci5: command tx timeout [ 611.143598][ T9382] Bluetooth: hci6: command tx timeout [ 614.065359][ C0] net_ratelimit: 10422 callbacks suppressed [ 614.065376][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 614.083696][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 614.097043][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 614.109495][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 614.122862][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 614.135340][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 614.148709][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 614.161134][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 614.174478][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 614.186884][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 619.075129][ C0] net_ratelimit: 10595 callbacks suppressed [ 619.075146][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 619.094412][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 619.106857][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 619.120172][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 619.132582][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 619.145926][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 619.158338][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 619.171629][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 619.184037][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 619.197333][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 624.085201][ C0] net_ratelimit: 10299 callbacks suppressed [ 624.085218][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 624.103555][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 624.116890][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 624.129325][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 624.142635][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 624.155080][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 624.168408][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 624.180829][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 624.194149][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 624.206747][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 628.604807][ T9382] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 628.624634][ T9382] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 628.641100][ T9382] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 629.095149][ C0] net_ratelimit: 9648 callbacks suppressed [ 629.095165][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 629.113343][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 629.126087][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 629.138373][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 629.151053][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 629.163384][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 629.176062][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 629.188385][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 629.201059][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 629.213429][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 629.226853][ T9382] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 629.539741][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 629.546126][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 634.105447][ C0] net_ratelimit: 10248 callbacks suppressed [ 634.105464][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 634.123731][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 634.137018][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 634.149436][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 634.162193][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 634.174344][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 634.187206][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 634.199363][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 634.212452][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 634.224609][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 639.115192][ C0] net_ratelimit: 10610 callbacks suppressed [ 639.115208][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 639.133468][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 639.146792][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 639.159200][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 639.172525][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 639.184936][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 639.198290][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 639.210703][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 639.224123][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 639.236543][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 644.125244][ C0] net_ratelimit: 10210 callbacks suppressed [ 644.125260][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 644.143528][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 644.156839][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 644.169270][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 644.182593][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 644.194993][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 644.208331][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 644.220739][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 644.234061][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 644.246469][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 645.007473][ T9382] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 647.536203][T16264] Bluetooth: hci3: Opcode 0x0c1a failed: -110 [ 647.614053][T16255] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 647.939620][T16255] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 647.971524][T16255] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 649.136211][ C0] net_ratelimit: 8442 callbacks suppressed [ 649.136246][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 649.154539][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 649.167308][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 649.179684][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 649.192467][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 649.204815][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 649.217599][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 649.229946][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 649.242944][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 649.255369][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 649.700355][T16257] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 649.716730][T16255] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1 [ 649.743776][T16257] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 649.759965][ T7679] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1 [ 649.776910][T16257] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 649.801156][T16286] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 649.819117][T16255] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9 [ 649.852471][T16257] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9 [ 649.868554][ T7679] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 649.900240][T16255] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 649.916522][T16257] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9 [ 649.923911][T16287] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9 [ 650.043198][T14031] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 650.061035][T16287] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4 [ 650.077027][T14031] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4 [ 650.102317][T16257] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2 [ 650.226737][ T7723] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2 [ 652.979906][ T7723] Bluetooth: hci7: command tx timeout [ 653.002415][ T7723] Bluetooth: hci3: command tx timeout [ 653.024193][T14031] Bluetooth: hci9: command tx timeout [ 653.626002][ T7723] Bluetooth: hci8: command tx timeout [ 654.145187][ C0] net_ratelimit: 9557 callbacks suppressed [ 654.145204][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 654.164441][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 654.176905][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 654.189694][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 654.201988][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 654.214745][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 654.227214][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 654.239916][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 654.252241][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 654.264943][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 656.403639][ T7723] Bluetooth: hci3: command tx timeout [ 656.431879][T16256] Bluetooth: hci9: command tx timeout [ 656.445468][T16256] Bluetooth: hci7: command tx timeout [ 656.463562][T14031] Bluetooth: hci8: command tx timeout [ 658.711951][T14031] Bluetooth: hci3: command tx timeout [ 658.725584][T14031] Bluetooth: hci7: command tx timeout [ 658.730963][T14031] Bluetooth: hci9: command tx timeout [ 658.752468][ T7723] Bluetooth: hci8: command tx timeout [ 659.155401][ C0] net_ratelimit: 9405 callbacks suppressed [ 659.155417][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 659.173557][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 659.186280][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 659.198626][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 659.211316][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 659.223674][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 659.236393][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 659.248753][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 659.261507][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 659.273851][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 661.587081][T14031] Bluetooth: hci8: command tx timeout [ 661.592524][T14031] Bluetooth: hci7: command tx timeout [ 661.613453][T14031] Bluetooth: hci3: command tx timeout [ 661.634490][T14031] Bluetooth: hci9: command tx timeout [ 664.165240][ C1] net_ratelimit: 16594 callbacks suppressed [ 664.165264][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 664.165452][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 664.171542][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 664.184303][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 664.195426][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 664.207393][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 664.219221][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 664.231951][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 664.245254][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 664.255079][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 669.175179][ C0] net_ratelimit: 18085 callbacks suppressed [ 669.175205][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 669.175273][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 669.182330][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 669.193465][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 669.205488][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 669.217269][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 669.230007][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 669.241126][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 669.253083][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 669.264912][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 674.185117][ C1] net_ratelimit: 17544 callbacks suppressed [ 674.185142][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 674.185940][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 674.191466][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 674.203397][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 674.215266][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 674.227968][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 674.239094][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 674.251027][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 674.262869][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 674.276063][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 679.195294][ C1] net_ratelimit: 17348 callbacks suppressed [ 679.195319][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:b2:80:bf:1d:51:6e, vlan:0) [ 679.196000][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 679.201539][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 679.213690][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 679.225563][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:b2:80:bf:1d:51:6e, vlan:0) [ 679.238214][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 679.249283][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 679.261423][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 679.273250][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:b2:80:bf:1d:51:6e, vlan:0) [ 679.285955][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 684.205231][ C0] net_ratelimit: 18483 callbacks suppressed [ 684.205256][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 684.205301][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 684.211633][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 684.223486][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:b2:80:bf:1d:51:6e, vlan:0) [ 684.236222][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 684.247272][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 684.259409][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 684.271257][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:b2:80:bf:1d:51:6e, vlan:0) [ 684.283903][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 684.294977][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 689.215054][ C1] net_ratelimit: 17199 callbacks suppressed [ 689.215080][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:b2:80:bf:1d:51:6e, vlan:0) [ 689.215277][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 689.221326][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 689.233462][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 689.245353][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:b2:80:bf:1d:51:6e, vlan:0) [ 689.258074][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 689.269126][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 689.281219][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 689.293060][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:b2:80:bf:1d:51:6e, vlan:0) [ 689.305807][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 691.176197][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 691.194649][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 694.225056][ C0] net_ratelimit: 16523 callbacks suppressed [ 694.225081][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 694.228707][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:b2:80:bf:1d:51:6e, vlan:0) [ 694.232338][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 694.243419][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 694.255509][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 694.267385][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:b2:80:bf:1d:51:6e, vlan:0) [ 694.280058][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 694.291128][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 694.303225][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 694.315124][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:b2:80:bf:1d:51:6e, vlan:0) [ 699.235295][ C1] net_ratelimit: 16293 callbacks suppressed [ 699.235320][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:b2:80:bf:1d:51:6e, vlan:0) [ 699.235513][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 699.241620][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 699.253703][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 699.265609][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:b2:80:bf:1d:51:6e, vlan:0) [ 699.278233][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 699.289347][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 699.301957][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 699.313315][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:b2:80:bf:1d:51:6e, vlan:0) [ 699.325971][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 700.851958][T16256] Bluetooth: hci0: command 0x0406 tx timeout [ 704.245350][ C1] net_ratelimit: 16328 callbacks suppressed [ 704.245374][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:b2:80:bf:1d:51:6e, vlan:0) [ 704.245514][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 704.251584][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 704.263731][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 704.275578][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:b2:80:bf:1d:51:6e, vlan:0) [ 704.288283][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 704.299320][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 704.311451][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 704.323325][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:b2:80:bf:1d:51:6e, vlan:0) [ 704.336029][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 709.255107][ C0] net_ratelimit: 17982 callbacks suppressed [ 709.255133][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 709.255203][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:b2:80:bf:1d:51:6e, vlan:0) [ 709.261544][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 709.273349][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 709.286159][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 709.297418][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:b2:80:bf:1d:51:6e, vlan:0) [ 709.309215][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 709.321042][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 709.333823][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 709.345138][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:b2:80:bf:1d:51:6e, vlan:0) [ 714.250135][ T7723] Bluetooth: hci2: command 0x0406 tx timeout [ 714.265161][ C1] net_ratelimit: 14686 callbacks suppressed [ 714.265182][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:b2:80:bf:1d:51:6e, vlan:0) [ 714.265609][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 714.266172][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:b2:80:bf:1d:51:6e, vlan:0) [ 714.266206][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 714.266586][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 714.266739][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 714.267148][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:b2:80:bf:1d:51:6e, vlan:0) [ 714.267566][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 714.268127][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:b2:80:bf:1d:51:6e, vlan:0) [ 714.268196][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 714.737268][ T9382] Bluetooth: hci10: unexpected cc 0x0c03 length: 249 > 1 [ 715.967390][ T31] INFO: task kworker/u10:26:9496 blocked for more than 143 seconds. [ 715.988400][ T31] Not tainted syzkaller #0 [ 715.993353][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 717.124852][ T31] task:kworker/u10:26 state:D stack:23528 pid:9496 tgid:9496 ppid:2 task_flags:0x4208160 flags:0x00080000 [ 717.549797][ T31] Workqueue: events_unbound linkwatch_event [ 717.800588][ T31] Call Trace: [ 717.803915][ T31] [ 718.149547][ T31] __schedule+0x1190/0x5de0 [ 718.154126][ T31] ? __lock_acquire+0x62e/0x1ce0 [ 718.546660][T16287] Bluetooth: hci10: Opcode 0x1003 failed: -110 [ 718.623413][ T9382] Bluetooth: hci10: unexpected cc 0x1003 length: 249 > 9 [ 719.022605][ T31] ? __pfx___schedule+0x10/0x10 [ 719.040896][ T31] ? find_held_lock+0x2b/0x80 [ 719.190484][ T31] ? schedule+0x2d7/0x3a0 [ 719.194872][ T31] ? linkwatch_event+0x51/0xc0 [ 719.275195][ C0] net_ratelimit: 15673 callbacks suppressed [ 719.275218][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 719.275241][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:b2:80:bf:1d:51:6e, vlan:0) [ 719.282489][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 719.293511][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 719.305592][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 719.317566][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:b2:80:bf:1d:51:6e, vlan:0) [ 719.330314][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 719.341276][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 719.353347][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 719.365268][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:b2:80:bf:1d:51:6e, vlan:0) [ 720.035699][ T31] schedule+0xe7/0x3a0 [ 720.039827][ T31] schedule_preempt_disabled+0x13/0x30 [ 720.110707][ T31] __mutex_lock+0x818/0x1060 [ 720.439837][ T31] ? register_lock_class+0x41/0x4c0 [ 720.722036][ T31] ? linkwatch_event+0x51/0xc0 [ 720.759290][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 720.764392][ T31] ? linkwatch_event+0x51/0xc0 [ 721.594742][T16300] Bluetooth: hci10: Opcode 0x0c03 failed: -110 [ 721.780746][T16287] Bluetooth: hci5: command 0x0406 tx timeout [ 721.804609][ T9382] Bluetooth: hci6: command 0x0406 tx timeout [ 722.719208][ T31] linkwatch_event+0x51/0xc0 [ 722.723873][ T31] ? __pfx_linkwatch_event+0x10/0x10 [ 722.759330][ T31] ? rcu_is_watching+0x12/0xc0 [ 722.764135][ T31] process_one_work+0x9cf/0x1b70 [ 723.730644][ T31] ? __pfx_toggle_allocation_gate+0x10/0x10 [ 723.916273][ T31] ? __pfx_process_one_work+0x10/0x10 [ 723.921721][ T31] ? assign_work+0x1a0/0x250 [ 724.285288][ C0] net_ratelimit: 15174 callbacks suppressed [ 724.285313][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 724.285377][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 724.291680][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 724.303568][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:b2:80:bf:1d:51:6e, vlan:0) [ 724.316248][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 724.327314][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 724.339394][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 724.351259][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:b2:80:bf:1d:51:6e, vlan:0) [ 724.364061][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 724.374985][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 724.972208][ T31] worker_thread+0x6c8/0xf10 [ 725.079338][ T31] ? __kthread_parkme+0x19e/0x250 [ 725.084422][ T31] ? __pfx_worker_thread+0x10/0x10