last executing test programs: 1m47.267746338s ago: executing program 3 (id=236): socketcall$auto_SYS_LISTEN(0x4, &(0x7f0000000000)=0x10) msync$auto(0x110c230000, 0x200001, 0x6) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/zram0/disksize\x00', 0x2202, 0x0) mmap$auto(0x0, 0xa, 0xdb, 0x9b72, 0x5, 0x8000) write$auto(r0, 0x0, 0x41000008004) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) r1 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r2 = socket(0x23, 0x80805, 0x0) socket(0xa, 0x2, 0x73) socket(0x23, 0x2, 0x0) sendto$auto(0x4, 0x0, 0x8000, 0x0, &(0x7f0000000100)=@in={0x23}, 0x80) getsockopt$auto(r2, 0x40000000113, 0x4, 0xfffffffffffffffc, 0x0) syz_genetlink_get_family_id$auto_nlctrl(&(0x7f00000000c0), r1) iopl$auto(0x3) clone$auto(0x21002, 0xfffffffffffffffb, 0xfffffffffffffffe, 0xfffffffffffffffd, 0xff) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000380)='/sys/devices/system/cpu/cpu1/hotplug/target\x00', 0x800, 0x0) read$auto(r3, 0x0, 0x7) r4 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r4, &(0x7f0000000200)={0x0, 0x7}, 0x3) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$auto_ioam6(&(0x7f0000000000), r5) sendmsg$auto_IOAM6_CMD_ADD_SCHEMA(r5, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000008c0)={&(0x7f0000000480)={0x20, r6, 0x1, 0x70bd2a, 0x25dfdbfb, {0x4, 0x0, 0x900}, [@IOAM6_ATTR_SC_DATA={0x4}, @IOAM6_ATTR_SC_ID={0x8, 0x4, 0x9}]}, 0x20}, 0x1, 0x3000700, 0x0, 0x1}, 0x8010) write$auto(0x3, 0x0, 0xfffffdef) socketcall$auto_SYS_LISTEN(0x4, &(0x7f0000000080)=0x100000001) socketcall$auto_SYS_LISTEN(0x4, &(0x7f0000000040)=0x1f764000000) 1m46.916896996s ago: executing program 3 (id=237): unshare$auto(0x40000080) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) listen$auto(0x3, 0x81) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/kernel/watchdog\x00', 0x2002, 0x0) sendfile$auto(r1, r1, 0x0, 0x80000000003) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) keyctl$auto(0x1f, 0x1, 0x6, 0x3, 0x3ff) r2 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f2, 0x15) r3 = syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) mmap$auto(0x0, 0x30009, 0x4000000000df, 0x4000eb1, 0x401, 0x8000) bpf$auto(0x0, &(0x7f0000000100)=@task_fd_query={0x2, 0x4, 0x8201, 0x7, 0x0, 0xc, 0xe3, 0x4e, 0x3}, 0x6f4) sendmsg$auto_ETHTOOL_MSG_FEATURES_SET(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000040)=ANY=[@ANYBLOB="d5971bce1e56a1", @ANYRES16=r3, @ANYBLOB="010031bd7000fddbdf250c000000"], 0x14}}, 0x24048084) madvise$auto(0x2, 0x200007, 0x39) openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000300)='/proc/thread-self/pagemap\x00', 0x103003, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x101001, 0x0) ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r4 = openat$auto_zero_fops_mem(0xffffffffffffff9c, &(0x7f0000000340), 0x80200, 0x0) pread64$auto(r4, &(0x7f0000000240)='\x03W\x96l\x15\x00'/21, 0x100000002, 0x100000001) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) read$auto_tracing_iter_fops_trace(r2, &(0x7f00000001c0)=""/77, 0x4d) openat$auto_proc_mem_operations_base(0xffffffffffffff9c, 0x0, 0x401, 0x0) write$auto(0xca, &(0x7f0000000000)='\x04\x0e\x06\xd5\x89|d\v\x00\x00@\x00\x81\x00\x00\x00\xf6\xf5\x00\xdf\xff\x00', 0x6) madvise$auto(0x0, 0xffffffffffff0001, 0x15) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda1\x00', 0xe6e43, 0x0) 1m45.366344004s ago: executing program 2 (id=241): mmap$auto(0x0, 0x20007, 0x10002, 0xeb1, 0x8000000000000024, 0x8000) open(&(0x7f0000000100)='.\x00', 0x301000, 0xa4) mmap$auto(0x0, 0xb9f, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0xc2902, 0x0) read$auto(r0, 0x0, 0x20) mmap$auto(0x0, 0x2000a, 0xe2, 0xeb1, 0x405, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0xa, 0x1, 0x84) request_key$auto_KEY_SPEC_USER_KEYRING(&(0x7f0000000140)='/proc/thread-self/fail-nth\x00', 0x0, &(0x7f00000001c0)='/sys/module/nfs/paramet\x059s/nfs_idmap_cache_ti_eou4\x00', 0xfffffffffffffffc) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @loopback}, 0x54) r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/net/sctp/assocs\x00', 0x0, 0x0) read$auto_proc_reg_file_ops_compat_inode(r1, &(0x7f0000000040)=""/9, 0x9) bind$auto(0x3, 0x0, 0x6a) syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000240), 0xffffffffffffffff) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) io_uring_register$auto(r0, 0xd7f, &(0x7f00000000c0)="a0d88d12ca56dbafde5d5f138be7a5af6e931e67c597a9f96341ac498e491dc6fdb4437e78921224bcf0d8bfe0679050c6c5bc422d9df1c009ad1e92", 0x81d0) setsockopt$auto(0x3, 0x10000000084, 0x7c, 0x0, 0x8) 1m45.174550133s ago: executing program 2 (id=242): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto_PR_GET_CHILD_SUBREAPER(0x25, 0x6, 0x81, 0x10004, 0xfffffffffffff9fe) r0 = open(&(0x7f0000000000)='./file0\x00', 0x26142, 0x4b) write$auto(r0, 0x0, 0x100082) ioctl$auto_FS_IOC_SETFLAGS2(r0, 0x40086602, 0x0) openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/tracing/per_cpu/cpu1/trace_pipe_raw\x00', 0x1000, 0x0) r1 = openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/tracing/set_event\x00', 0x80, 0x0) r2 = landlock_create_ruleset$auto(&(0x7f0000000000)={0x6, 0x3, 0x3}, 0x18, 0x0) bpf$auto(0x0, &(0x7f00000003c0)=@task_fd_query={0x5, r2, 0x454f, 0x5f, 0x0, 0x0, r2, 0x80000001}, 0x6d4) r4 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/zram0\x00', 0x6e642, 0x0) r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/virtual/block/ram3/trace/enable\x00', 0x402062, 0x0) write$auto(r5, &(0x7f00000001c0)='1\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) write$auto(r5, &(0x7f0000000440)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9 \xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x11\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b\v\x82\rd\xd2\xaa\v!\xb1}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb', 0x98c7) fcntl$auto_F_SETFL(r1, 0x4, 0x4) write$auto(r4, &(0x7f0000000080)='o\x06\x00\x00\x00audio1\x00', 0x49a2) sendmsg$auto_NL80211_CMD_SET_FILS_AAD(r2, &(0x7f0000000200)={&(0x7f0000000140), 0xc, &(0x7f0000000180)={&(0x7f00000005c0)={0x478, 0x0, 0x800, 0x70bd28, 0x25dfdbfb, {}, [@NL80211_ATTR_NAN_FUNC={0x298, 0xf0, 0x0, 0x1, [@nested={0x221, 0xad, 0x0, 0x1, [@typed={0x8, 0x132, 0x0, 0x0, @ipv4=@local}, @nested={0x4, 0xb2}, @generic="aafb8239e3ce43818da736190b9737b4c3ae36017070e1d7", @typed={0x8, 0x5c, 0x0, 0x0, @pid=r3}, @nested={0x4, 0x94}, @generic="48dfdf84f208d9dd7850ba778d970126639ece26eb26083aee709435947dfcbd04ae6a4a04c70330a741d15f977ee3076087b217840166b4b098b292975618266b3aa905b942585430b8520f4eec8c9c18914738d8cb622b8393589babbb37865792ab7546376ee1362fbbaca933669d79d16699e7cb7cb6cf0e4d81f79feec951b9fb3668568a1cd3219fdbe2fa056b96421d5be724d745695307e5b4848883ea03d3d9e8fc2e6a69a3c707a80e109f7c121e030a7164faf8403b75f749c39d39ae34597d9a6832a5e4686ae944553e774ff35e8582ff3f3a52f5350496fe700a193e4b8c2a6d326826a7e2bb6eb2eb37a53583dbb397284782654baa0bd3", @generic="4dbc1750c013a597670040be75dad0e9a68ffc165efabdf0fae8fb37b993bb517cf6a95a73606f7d937da6430be3780489eb7f32b35345053735a5befc3db5a5c08eb441f794a2e2c1aaa91e8084d2a02d55c31d684a71b4e4a66f02f9dedf7b11093d87c56c3bee2b5017c594b8320bfe48cc41b42609223c0e4ac534d8bf28f56b40a8ef02225968ce14e87b5b02c89307e50f1c94e0a8061eb9d6dfd01d0333e9ee84672cb1aa6d13e7b728b5969fbd23a3144e87bf7cd5c8ab5d3cc8e1985ea77b5d4d847a68c1f6bdc9486f00ec46e53072", @generic="20cd22abae36f4bdac020bcb41010c6618c9abfbd6ffab4c89ea"]}, @generic, @nested={0x6d, 0x86, 0x0, 0x1, [@generic="29d4fbf89fc7756ca4341a03f62387cc5d0ccac5435650a3d14e0c8199efa7a711e133a1bf3d6a88dff0adc6e9b4ab6d08aa62e0ed75552cba0fcd6d1be036823ed947277bd01d9d294f5a1fd657bb85389541e93e0b997e1dc964b2241f5d9dfae09a2c2b", @nested={0x4, 0xad}]}]}, @NL80211_ATTR_VENDOR_SUBCMD={0x8, 0xc4, 0x5}, @NL80211_ATTR_HE_OBSS_PD={0x194, 0x117, 0x0, 0x1, [@NL80211_HE_OBSS_PD_ATTR_NON_SRG_MAX_OFFSET={0x5, 0x3, 0x8}, @NL80211_HE_OBSS_PD_ATTR_BSS_COLOR_BITMAP={0x99, 0x4, "5f72407a6ca75da09bd5ec00252d0fe695abce4c4a3e634c4c33b7550a4572f862653b0cb550afebbf094618cf1e3d80474215035a12f685b77a297efc12fab69a48324572f7141d92c8eab996ab929929fb23af3bba8e57e8b9fcaf1cb11acc37da08ea30a3866b606efe7d2f845ae9af1f63d295a4371ed9dc75e78eda8d03886f94a74c8b602114376d9711380adee34e5d73bd"}, @NL80211_HE_OBSS_PD_ATTR_SR_CTRL={0x5, 0x6, 0x4}, @NL80211_HE_OBSS_PD_ATTR_PARTIAL_BSSID_BITMAP={0xe3, 0x5, "1e72a6e74b3328d6c4d368f8e909eb1275de189f71d00ac2a9e30817f1b503f0f693cdab865cad7325dcf10e9423a7dceda87b98de2da9e97eca0e58eeb20a412136bc97b8d1941526a9f705e3aef9a44b57a2a73231714ecb04daf8fc9df087d536c424b7609e102692886a813b2000f4bb643b00825c80951ea5b1e187c3019169b288d50130d9275703245273736e79947bbcebd9eb5a5dde64d7708b468ae2450e39ffa8f389734431eabade90b473ee62f93777fb96fea112079462bc0308be574e6e00efd8b586fb8138d06ac4f66e98cf3815cd82e6355839f0896c"}]}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x8}, @NL80211_ATTR_REASON_CODE={0x6, 0x36, 0xf17}, @NL80211_ATTR_KEY_SEQ={0xd, 0xa, "0bca2a338de541b719"}, @NL80211_ATTR_PEER_AID={0x6, 0xb5, 0x3}, @NL80211_ATTR_DURATION={0x8, 0x57, 0x4}]}, 0x478}}, 0x24044055) 1m44.49895733s ago: executing program 2 (id=244): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000004440), 0xffffffffffffffff) sendmsg$auto_OVS_DP_CMD_NEW(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000004540)={&(0x7f00000000c0)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01009b64c23ef155546b0104000008000900", @ANYBLOB="0800050006000000080002", @ANYRES32=0x0, @ANYBLOB="0c00010069"], 0x8d}, 0x1, 0x0, 0x0, 0x10}, 0x2000000) 1m44.151183859s ago: executing program 2 (id=245): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r0 = socket(0x10, 0x2, 0x0) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x24, 0x0, 0x200, 0x70bd2a, 0x25dfdbfb, {}, [@NFSD_A_SERVER_LEASETIME={0x8}, @NFSD_A_SERVER_SCOPE={0x5, 0x4, '\x00'}]}, 0x24}, 0x1, 0x0, 0x0, 0x20000010}, 0xc0) sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="14000000", @ANYRES16=0x0, @ANYBLOB="10002cbd7000fddbdf251c"], 0x14}, 0x1, 0x0, 0x0, 0x20008000}, 0x10004010) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1a0027"], 0x1ac}}, 0x40000) openat$auto_blk_mq_debugfs_fops_blk_mq_debugfs(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/debug/block/loop2/hctx0/cpu1/read_rq_list\x00', 0x40000, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000001a80)='/dev/bus/usb/008/001\x00', 0x204080, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/irq/default_smp_affinity\x00', 0x40000, 0x0) preadv$auto(0x3, &(0x7f00000004c0)={0x0, 0x7fffffe}, 0x3, 0x3, 0x10) sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x2000800) r1 = pidfd_open$auto(0x1, 0x0) setns(r1, 0x60020000) umount2$auto(&(0x7f0000000000)='.\x00', 0x1) r2 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snd/controlC2\x00', 0x101680, 0x0) r3 = openat$auto_nsim_pp_hold_fops_netdev(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/netdevsim/netdevsim1/ports/1/pp_hold\x00', 0x101001, 0x0) r4 = openat$auto_iommufd_fops_main(0xffffffffffffff9c, &(0x7f0000000400), 0x80001, 0x0) mremap$auto(0x110c230000, 0x0, 0x101, 0x3, 0x0) ioctl$auto(r4, 0x3b8e, r3) r5 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/v4l-subdev5\x00', 0x280, 0x0) mmap$auto(0x0, 0x3fffff, 0x7, 0x11, 0xdd, 0x0) ioctl$auto(r5, 0xc040563d, r2) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) process_madvise$auto_MADV_DOFORK(r1, &(0x7f0000000280)={&(0x7f0000000300)="3d4c9458f982aa92a9ba6e1edaaf09c3e0701f168bb43591e6c71757c8958644c00103fbf87aabb38be1253b63139ceeeca60ca1d07d74d9f24a044ca13d448bf8ebe768b6e5f51ce368e8a79cdb90d2d44366c54c667c2084a02e4737159fcb5800230b903b0e5aa1efdb15908a1599d354962dfb27535a112f16bdfccc0177824fd745debd28f072140ded44d2ce41a18e9b97e034c37941b7e86652d1130e13014809a52891517d1e5b29919dfb3a2350065a1f0122ff06638218bf52", 0x2}, 0x6, 0xb, 0x3) 1m43.752908359s ago: executing program 3 (id=247): mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/mm/transparent_hugepage/khugepaged/max_ptes_swap\x00', 0x100042, 0x0) landlock_restrict_self$auto(0xffffffffffffffff, 0x7) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000440)='/sys/devices/platform/vhci_hcd.9/usb27/27-0:1.0/usb27-port5/power/runtime_status\x00', 0x40500, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r2, &(0x7f0000000080)=""/162, 0xa2) openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg1\x00', 0x86002, 0x0) ioctl$auto(r1, 0x2271, 0x38) r3 = openat$auto_nsim_psample_enable_fops_psample(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/netdevsim/netdevsim0/psample/enable\x00', 0x202003, 0x0) readv$auto(r3, &(0x7f00000000c0)={0x0, 0x6}, 0x804) syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000140), r0) ioctl$auto_XFS_IOC_SWAPEXT(r0, 0xc0c0586d, &(0x7f0000000180)={0x2, @raw=0x8, @raw=0x969c, 0xe1, 0x3, '\x00', {0x4, 0x7fff, 0xd, 0xee01, 0xee00, 0x0, 0x8000, 0xec, {0xd88, 0x3}, {0x6, 0x4}, {0xfffffffffffffffd, 0x1}, 0x6, 0x5, 0x182a, 0xf79, 0x3, 0x100, 0x9, 0x1ff, 0xd, 0xc, '\x00', 0x1cbe23f2, 0x8, 0x5, 0x8}}) r4 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace$auto(0x10, r4, 0x4, 0x7) ptrace$auto_PTRACE_SETREGSET(0x4205, r4, 0x1, 0x7ffffffff000) r5 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f00000004c0)='/proc/thread-self/fail-nth\x00', 0x8a680, 0x0) write$auto(r5, &(0x7f00000003c0)='7\x00\\\xa8\x04zNb/|\x03\xcb\x12\xfa)\x1c\xc7m\x8f\xd4\x87\x9e\xe6\xb1\xd3`\xd0Y\xf8k\x99\x0fDG=\x03`\x06\x87\x9bk=d\xb3@\x19E\xb1\xf7\x18\xdb\x01\x00=\xe4\xed\xac{\xe9\xbe0\xbf\x86\xa6\xb4\xd3[k\x11\xc8:>\x9c\x1a/\xeae\x0e\xdb\x00\xaa\xb4\xbd{\xb5x\x8d\x9d\xc3%\xafc\x898\xed\n\n@\xb7\xe7l\xab]\xbeJ\xa0?\xb7\xa9\xaa\xb2\xe79\xd0\xf1. :6\x97\xc5\xd0\xfa<\xcb\\', 0x81) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/version\x00', 0x20002, 0x0) write$auto_tomoyo_operations_securityfs_if(r7, 0x0, 0x0) r8 = openat$auto_blk_mq_debugfs_fops_blk_mq_debugfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/block/loop9/hctx0/active\x00', 0x800, 0x0) read$auto_blk_mq_debugfs_fops_blk_mq_debugfs(r8, &(0x7f0000000800)=""/259, 0x103) r9 = socket$nl_generic(0x10, 0x3, 0x10) r10 = syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000680), r9) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f00000006c0)={'batadv0\x00', 0x0}) sendmsg$auto_BATADV_CMD_GET_NEIGHBORS(r6, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000280)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r10, @ANYRESOCT=r11, @ANYRES32=r11, @ANYRES64=r10, @ANYRES32=r11, @ANYBLOB], 0x24}, 0x1, 0x0, 0x0, 0x4001}, 0x1880) bpf$auto(0x0, &(0x7f00000001c0)=@link_update={0xffffffffffffffff, @new_map_fd, 0x0, @old_prog_fd=r6}, 0xf) 1m43.704692842s ago: executing program 2 (id=248): r0 = socket(0xa, 0x3, 0x5) mmap$auto(0x0, 0x402000a, 0xc00000000000, 0xeb1, 0xffffffffffffffff, 0x8000) r1 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/sys/kernel/perf_event_max_stack\x00', 0x143402, 0x0) write$auto(r1, &(0x7f0000000000)='[-%\x00', 0x200000000000003) r2 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xf8, 0xfffffffffffffffa, 0x8000) r3 = getpid() bpf$auto_BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, 0x0, 0x800) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv6/conf/veth0/accept_ra_pinfo\x00', 0x404002, 0x0) process_vm_readv$auto(r3, &(0x7f0000000040)={0x0, 0x20000001002}, 0x1, &(0x7f0000000140)={&(0x7f0000000200)="d19f14b1b0bad2f97ad96e466319d1e33057ece348fc57442ec7ce357cdedcc944a498431fb80876ddeba69ea28d09b27ace30c26a9d74530c9fa9fceeaf96f30d38620000622e53bc109e07ae", 0xbb9b}, 0x4, 0x7fff) rename$auto(0x0, 0x0) ioctl$auto(0xffffffffffffffff, 0x4b49, 0x9) r4 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS0\x00', 0x48140, 0x0) ioctl$auto_TIOCVHANGUP2(r4, 0x5437, 0x0) read$auto(0x3, 0x0, 0xfdef) madvise$auto(0x2000, 0x20499d, 0x9) sendmmsg$auto(r0, &(0x7f0000000180)={{&(0x7f0000000040), 0xb5, 0x0, 0x0, &(0x7f0000000140), 0x8, 0x80000000}, 0x5}, 0x1, 0x2) mmap$auto(0x0, 0x40009, 0xe2, 0x9b72, 0x7, 0x28000) close_range$auto(0x0, 0x5, 0x0) inotify_init1$auto(0x800) io_uring_setup$auto(0x4, 0x0) open(0x0, 0x22240, 0x55) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) ioctl$auto(0x3, 0x6f41, 0xffffffffffffffff) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) madvise$auto_MADV_GUARD_INSTALL(0x0, 0x100000000, 0x66) prctl$auto(0x43, 0x17, 0x0, 0x0, 0x0) getsockopt$auto_SO_PEERSEC(r2, 0x3, 0x1f, &(0x7f00000000c0)='*\x00', &(0x7f0000000100)=0x3) prctl$auto(0x43, 0x0, 0x0, 0x0, 0x0) 1m43.449764345s ago: executing program 3 (id=249): syslog$auto(0x3, &(0x7f0000000080)='..\x00k\xac\x8c\x1d\x0e\x98\x80\xd2\xaf\xa1\xf2\x1e\xe1R1\xa2\x8e\xce\xa0\x17\bI3\'\xc5tw\xd7\x1d\xa6\xf4#+\xfa\xd7\x01\xb9j<\v\xf47\n\xa7\xd2\x8b\x11e1\xb3\xfdd\x04\xa9 1q\x97\xc4,\xa9^\xc1\xb6\xa1q\x0f\xd1\x013\x87l\xb9\x1e\x05\x90\xa2', 0x5) 1m43.124054114s ago: executing program 2 (id=252): unshare$auto(0x8000000) semget$auto(0x0, 0x2e4a, 0x8000) r0 = socket(0x11, 0x80003, 0x300) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) write$auto(r1, 0x0, 0x100000a3d9) r2 = syz_genetlink_get_family_id$auto_tcp_metrics(&(0x7f0000000ac0), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_TCP_METRICS_CMD_GET(r3, &(0x7f0000000c00)={0x0, 0x0, &(0x7f0000000bc0)={&(0x7f0000000040)={0x14, r2, 0x89c1beb01534ff9b, 0x70bd29, 0x25dfd3f9}, 0x14}, 0x1, 0x0, 0x0, 0x4}, 0x0) setsockopt$auto(r0, 0x107, 0x5, 0x0, 0x8004) r4 = openat$auto_drm_edid_fops_drm_debugfs(0xffffffffffffff9c, 0x0, 0x2082, 0x0) write$auto_drm_edid_fops_drm_debugfs(r4, &(0x7f00000003c0), 0x0) sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x5) syz_genetlink_get_family_id$auto_tcp_metrics(&(0x7f0000000c00), 0xffffffffffffffff) semtimedop$auto(0x0, &(0x7f0000000000)={0x7, 0x9, 0x36ec}, 0x1f4, 0x0) mkdir$auto(&(0x7f0000000000)='./cgroup.cpu/cpuset.cpus\x00', 0x8cd) r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/devices/virtual/block/loop1/stat\x00', 0xf6fe80, 0x0) sendfile$auto(r5, r5, 0x0, 0x200) bpf$auto_BPF_OBJ_GET_INFO_BY_FD(0xf, &(0x7f00000002c0)=@test={0xffffffffffffffff, 0x0, 0x856, 0x189, 0x8, 0x7fff, 0x7fff, 0x10000, 0xc91a, 0x7, 0x5, 0x3, 0x3, 0x3, 0x6}, 0x1) unshare$auto(0x40000080) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x24}, 0x1, 0x0, 0x0, 0x20000010}, 0xc0) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x6) r6 = socket(0x2, 0x1, 0x0) bind$auto(r6, &(0x7f0000000040)=@in={0x2, 0x4e24, @remote}, 0x6a) sendmmsg$auto(r6, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800008}, 0x5, 0x20000000) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) 1m42.704802206s ago: executing program 3 (id=255): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000004440), 0xffffffffffffffff) sendmsg$auto_OVS_DP_CMD_NEW(r0, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x10}, 0x2000000) 1m42.457566166s ago: executing program 3 (id=256): socket$nl_generic(0x10, 0x3, 0x10) bind$auto(0x3, &(0x7f0000000000)=@ax25={0x3, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0x1}, 0x68) r0 = openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim2/health/break_health\x00', 0x48081, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000480)='/sys/devices/virtual/net/bond0/bonding/arp_ip_target\x00', 0xa0002, 0x0) write$auto_ocfs2_control_fops_stack_user(r1, &(0x7f0000003900)='\t', 0x1) write$auto(r0, &(0x7f0000000080)=')@-!\x00', 0x1e1) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_batadv(0x0, 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000006c0)={'geneve1\x00', 0x0}) sendmsg$auto_BATADV_CMD_GET_NEIGHBORS(r2, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000040)={0x1c, r3, 0xb11, 0x70bd27, 0x25dfdbfb, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r4}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4001}, 0x9800) r5 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x202, 0x0) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) socket(0x2b, 0x1, 0x1) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x3ff, 0x9, 0x5, 0x14, 0x944, 0x1ffe4, 0x3, 0x6, 0x4, 0x9, 0x400005, 0x4000fff, 0x8000007, 0x8001, 0xd, 0x5, 0x3, 0x4, 0x7, 0x20, 0x309, 0x8, 0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x78, 0x0, 0x0, [0x0, 0x0, 0x0, 0x200, 0x9, 0x0, 0x0, 0x4, 0xffffffffffffffff, 0x0, 0x0, 0x4000000000000, 0x2000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x82, 0x800000000002, 0x9, 0x0, 0xbec, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x10, 0xfffffffffffffffe, 0xffffffffffffd059, 0x0, 0x0, 0x0, 0x2961, 0x0, 0x2]}, 0x2001fb, 0x7f) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) r6 = socket(0x10, 0x2, 0x0) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(r0, 0xa, 0x80) socket$nl_generic(0x10, 0x3, 0x10) socket(0x1e, 0x4, 0x0) r7 = socket(0x1e, 0x4, 0x0) get_robust_list$auto(0x0, 0x0, 0x0) setsockopt$auto(r7, 0x10f, 0x87, 0x0, 0x14) setsockopt$auto(0x3, 0x10f, 0x87, 0x0, 0x14) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) sendmmsg$auto(r6, &(0x7f0000000200)={{0x0, 0x1f00, &(0x7f0000000100)={0x0, 0xfdef}, 0x2, 0x0, 0x7, 0xa505}, 0x700}, 0x7, 0x4008) ioctl$auto_SW_SYNC_IOC_CREATE_FENCE(0xffffffffffffffff, 0xc0285700, &(0x7f0000000040)={0x2, "f74d086d6600f5daa47fca1f1a0730a2f629350000000000000008600418af10", @inferred=r5}) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) 1m27.364555663s ago: executing program 32 (id=256): socket$nl_generic(0x10, 0x3, 0x10) bind$auto(0x3, &(0x7f0000000000)=@ax25={0x3, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0x1}, 0x68) r0 = openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim2/health/break_health\x00', 0x48081, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000480)='/sys/devices/virtual/net/bond0/bonding/arp_ip_target\x00', 0xa0002, 0x0) write$auto_ocfs2_control_fops_stack_user(r1, &(0x7f0000003900)='\t', 0x1) write$auto(r0, &(0x7f0000000080)=')@-!\x00', 0x1e1) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_batadv(0x0, 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000006c0)={'geneve1\x00', 0x0}) sendmsg$auto_BATADV_CMD_GET_NEIGHBORS(r2, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000040)={0x1c, r3, 0xb11, 0x70bd27, 0x25dfdbfb, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r4}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4001}, 0x9800) r5 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x202, 0x0) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) socket(0x2b, 0x1, 0x1) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x3ff, 0x9, 0x5, 0x14, 0x944, 0x1ffe4, 0x3, 0x6, 0x4, 0x9, 0x400005, 0x4000fff, 0x8000007, 0x8001, 0xd, 0x5, 0x3, 0x4, 0x7, 0x20, 0x309, 0x8, 0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x78, 0x0, 0x0, [0x0, 0x0, 0x0, 0x200, 0x9, 0x0, 0x0, 0x4, 0xffffffffffffffff, 0x0, 0x0, 0x4000000000000, 0x2000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x82, 0x800000000002, 0x9, 0x0, 0xbec, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x10, 0xfffffffffffffffe, 0xffffffffffffd059, 0x0, 0x0, 0x0, 0x2961, 0x0, 0x2]}, 0x2001fb, 0x7f) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) r6 = socket(0x10, 0x2, 0x0) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(r0, 0xa, 0x80) socket$nl_generic(0x10, 0x3, 0x10) socket(0x1e, 0x4, 0x0) r7 = socket(0x1e, 0x4, 0x0) get_robust_list$auto(0x0, 0x0, 0x0) setsockopt$auto(r7, 0x10f, 0x87, 0x0, 0x14) setsockopt$auto(0x3, 0x10f, 0x87, 0x0, 0x14) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) sendmmsg$auto(r6, &(0x7f0000000200)={{0x0, 0x1f00, &(0x7f0000000100)={0x0, 0xfdef}, 0x2, 0x0, 0x7, 0xa505}, 0x700}, 0x7, 0x4008) ioctl$auto_SW_SYNC_IOC_CREATE_FENCE(0xffffffffffffffff, 0xc0285700, &(0x7f0000000040)={0x2, "f74d086d6600f5daa47fca1f1a0730a2f629350000000000000008600418af10", @inferred=r5}) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) 48.834331119s ago: executing program 1 (id=469): r0 = openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nlctrl(0x0, 0xffffffffffffffff) mmap$auto(0x3, 0x10, 0xffffffffffffffff, 0xeb1, r0, 0x8000) r1 = openat$auto_snd_mixer_oss_f_ops_mixer_oss(0xffffffffffffff9c, &(0x7f0000000180)='/dev/mixer\x00', 0x2, 0x0) ioctl$auto(r1, 0x40106f52, 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x5, 0x0) syz_genetlink_get_family_id$auto_gtp(0x0, 0xffffffffffffffff) socket(0xa, 0x2, 0x73) setsockopt$auto(0x4, 0x29, 0x35, 0x0, 0x10000) openat$auto_ftrace_event_filter_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/tracing/events/vmalloc/alloc_vmap_area/filter\x00', 0x40041, 0x0) open(&(0x7f0000000040)='./file1\x00', 0x165840, 0x151) openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptycf\x00', 0x16c44cb329d9b2a5, 0x0) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) socket(0x1d, 0x2, 0x7) socket(0x2, 0x800, 0x1) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) open(&(0x7f00000001c0)='./file1\x00', 0x4080c0, 0x10) openat$nci(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, r2, 0x7fff) getcwd$auto(0x0, 0xffffffffffffffff) r3 = inotify_init1$auto(0x3000000000000) inotify_add_watch$auto(r3, 0x0, 0x81000002) open(0x0, 0x0, 0x0) 48.698725161s ago: executing program 1 (id=470): mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000000), r0) sendmsg$auto_ETHTOOL_MSG_LINKINFO_SET(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x3c, r1, 0x1, 0x70bd26, 0x25dfdbfb, {}, [@ETHTOOL_A_LINKINFO_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}, @ETHTOOL_A_LINKINFO_PORT={0x5}, @ETHTOOL_A_LINKINFO_TP_MDIX_CTRL={0x5, 0x5, 0xa}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40}, 0x2000c840) socket(0x28, 0x1, 0x0) socketpair$auto(0x1, 0x3, 0x0, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sendmsg$auto_NETDEV_CMD_QUEUE_GET(0xffffffffffffffff, 0x0, 0x20008810) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0001, 0x15) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) removexattr$auto(0x0, 0x0) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x22240, 0x0) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x20, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/tty4\x00', 0xc0241, 0x0) write$auto(0x3, 0x0, 0xfdef) ioctl$auto(0x3, 0x5402, r2) close_range$auto(0x2, 0x8, 0x0) r3 = openat$auto_ucma_fops_ucma(0xffffffffffffff9c, &(0x7f0000000180), 0x101002, 0x0) write$auto(r3, 0x0, 0xc3) 47.637793121s ago: executing program 1 (id=475): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0x2, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) write$auto(0xca, &(0x7f00000001c0)='\x04>V\x1b\x89\x0ek\x19&\xb4?[\x00\x00\x01\x00\xb6\x00'/31, 0x80) socket(0xa, 0x3, 0x3b) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x40000008000) socket(0x1e, 0x1, 0x0) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0) close_range$auto(0x2, 0x8000, 0x0) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(0x2, 0x23, &(0x7f0000000080), 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x0, 0xfffffffffffff000, 0x2) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) r2 = open(&(0x7f0000000100)='.\x00', 0x40000, 0x0) getdents64$auto(r2, 0x0, 0x3fc) clone$auto(0x100000020003b49, 0x80000000002, 0x0, 0x0, 0x4) r3 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(r3, 0xfffffffffffff000, 0x2) landlock_create_ruleset$auto(&(0x7f0000000000)={0x6, 0x400, 0x7}, 0x9, 0x0) landlock_add_rule$auto(r3, 0x1, 0x0, 0x0) landlock_restrict_self$auto(r1, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x60742, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0xffffffffffffffff) read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, &(0x7f0000001100)=""/4105, 0x1009) 47.520725672s ago: executing program 1 (id=476): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0x2, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) write$auto(0xca, &(0x7f00000001c0)='\x04>V\x1b\x89\x0ek\x19&\xb4?[\x00\x00\x01\x00\xb6\x00'/31, 0x80) socket(0xa, 0x3, 0x3b) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x40000008000) socket(0x1e, 0x1, 0x0) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0) close_range$auto(0x2, 0x8000, 0x0) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(0x2, 0x23, &(0x7f0000000080), 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x0, 0xfffffffffffff000, 0x2) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) r2 = open(&(0x7f0000000100)='.\x00', 0x40000, 0x0) getdents64$auto(r2, 0x0, 0x3fc) clone$auto(0x100000020003b49, 0x80000000002, 0x0, 0x0, 0x4) r3 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(r3, 0xfffffffffffff000, 0x2) landlock_create_ruleset$auto(&(0x7f0000000000)={0x6, 0x400, 0x7}, 0x9, 0x0) landlock_add_rule$auto(r3, 0x1, 0x0, 0x0) landlock_restrict_self$auto(r1, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x60742, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0xffffffffffffffff) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/mm/hugepages/hugepages-2048kB/surplus_hugepages\x00', 0x0, 0x0) 47.326143585s ago: executing program 1 (id=477): mmap$auto(0x5, 0x2020009, 0x1, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) io_uring_setup$auto(0x6, 0x0) (async) mmap$auto(0x0, 0x8, 0x1, 0x13, 0x3, 0x110000000) 47.1434402s ago: executing program 1 (id=478): r0 = openat$auto_trace_clock_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/tracing/trace_clock\x00', 0x101001, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r1 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/v4l-subdev3\x00', 0x169000, 0x0) ioctl$auto(r1, 0xc040564a, r1) mmap$auto(0x0, 0x10005, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) r2 = openat$auto_aoe_fops_aoechr(0xffffffffffffff9c, &(0x7f0000000280)='/dev/etherd/revalidate\x00', 0x541, 0x0) mmap$auto(0x0, 0x402000a, 0xffffffffffffffff, 0x400eb1, 0x401, 0x8000) io_uring_setup$auto(0xa, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) r3 = socket(0x2, 0x1, 0x84) setsockopt$auto(0x3, 0x10000000084, 0x81, 0x0, 0x8) setsockopt$auto(0x3, 0x10000000084, 0x18, 0x0, 0x8) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/zram0/disksize\x00', 0x2202, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r4 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/rpc/nfsd.fh/flush\x00', 0x4a141, 0x0) sendmsg$auto_ETHTOOL_MSG_CABLE_TEST_TDR_ACT(r3, &(0x7f0000000480)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000440)={&(0x7f0000000600)={0x1e4, 0x0, 0x100, 0x70bd25, 0x25dfdbff, {}, [@ETHTOOL_A_CABLE_TEST_TDR_HEADER={0x3c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3ff}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_macvtap\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'sit0\x00'}, @ETHTOOL_A_HEADER_PHY_INDEX={0x8, 0x4, 0x8}]}, @ETHTOOL_A_CABLE_TEST_TDR_CFG={0x170, 0x2, 0x0, 0x1, [@nested={0x161, 0x7b, 0x0, 0x1, [@generic="9d93b04941e207c7bae3670c1b3095268021ab19f0fe53ed717040c77602acb8ae2908e5", @typed={0x8, 0x20, 0x0, 0x0, @pid}, @nested={0x4, 0x90}, @generic="ff7335670ce8b176dec49e451aac1d2163563fb85023045c7870bb8203d0af69507255eeb9e86e1c57029f01734e80a3a316cade31f5cc782afa9010a2ce979552b2e701fa92b127b6a8eb45f9e2441b0cd22cdb86f992fa05ed40ae1156a14a1e2eee436589cef7194d52c0f49e84ef9d770609e75f91b07e1eb5297c72e2828eced8df95cea1a3e795e2a78a20d497423cc0a6f72389ad3bdf9a91317a99945b51d861c0edc8f398c1d5bcf3dfc36780300671b3a70c9d1f45fe2dde066a555f8c90d68a1e46aa9e71a5f768f1faf0f98d8a9ef51ad8cfdefd5b6a26", @typed={0x8, 0x146, 0x0, 0x0, @u32=0x81bb4b0e}, @typed={0x45, 0x154, 0x0, 0x0, @binary="a42fa44f429863633fceee1de4e28f7c460ead5c33c2b954b7f698dae77bd16c181bdfec5124638cb1b300d9eae87681201e1c4e13a3aec9e8ae5586517737c525"}]}, @nested={0x8, 0xef, 0x0, 0x1, [@nested={0x4, 0x7f}]}]}, @ETHTOOL_A_CABLE_TEST_TDR_HEADER={0x24, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_PHY_INDEX={0x8, 0x4, 0x3}]}]}, 0x1e4}, 0x1, 0x0, 0x0, 0x8000}, 0x2000840) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000f40)={'batadv0\x00'}) writev$auto(r4, &(0x7f0000000240)={0x0, 0x5}, 0xa) write$auto_aoe_fops_aoechr(r2, 0x0, 0x0) landlock_create_ruleset$auto(&(0x7f0000000000)={0x0, 0x421, 0x7}, 0x9, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000040), 0x6a2043, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)={0x3c, r6, 0x1b, 0x74bd26, 0x25dfdbfd, {}, [@OVS_PACKET_ATTR_PROBE={0x4}, @OVS_PACKET_ATTR_ACTIONS={0xc, 0x3, 0x0, 0x1, [@nested={0x8, 0x6, 0x0, 0x1, [@generic='\x00\x00\x00\x00']}]}, @OVS_PACKET_ATTR_PACKET={0x12, 0x1, "898771f1c19f17790485908286dd"}, @OVS_PACKET_ATTR_KEY={0x4}]}, 0x3c}, 0x1, 0x0, 0x0, 0x400c000}, 0x20004880) move_pages$auto(0x1, 0x2000000000003, 0x0, 0x0, 0x0, 0x8000400000000000) ioctl$auto(0x3, 0x400454ca, 0x38) write$auto_trace_clock_fops_trace(r0, 0x0, 0x0) 31.918585799s ago: executing program 33 (id=478): r0 = openat$auto_trace_clock_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/tracing/trace_clock\x00', 0x101001, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r1 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/v4l-subdev3\x00', 0x169000, 0x0) ioctl$auto(r1, 0xc040564a, r1) mmap$auto(0x0, 0x10005, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) r2 = openat$auto_aoe_fops_aoechr(0xffffffffffffff9c, &(0x7f0000000280)='/dev/etherd/revalidate\x00', 0x541, 0x0) mmap$auto(0x0, 0x402000a, 0xffffffffffffffff, 0x400eb1, 0x401, 0x8000) io_uring_setup$auto(0xa, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) r3 = socket(0x2, 0x1, 0x84) setsockopt$auto(0x3, 0x10000000084, 0x81, 0x0, 0x8) setsockopt$auto(0x3, 0x10000000084, 0x18, 0x0, 0x8) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/zram0/disksize\x00', 0x2202, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r4 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/rpc/nfsd.fh/flush\x00', 0x4a141, 0x0) sendmsg$auto_ETHTOOL_MSG_CABLE_TEST_TDR_ACT(r3, &(0x7f0000000480)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000440)={&(0x7f0000000600)={0x1e4, 0x0, 0x100, 0x70bd25, 0x25dfdbff, {}, [@ETHTOOL_A_CABLE_TEST_TDR_HEADER={0x3c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3ff}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_macvtap\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'sit0\x00'}, @ETHTOOL_A_HEADER_PHY_INDEX={0x8, 0x4, 0x8}]}, @ETHTOOL_A_CABLE_TEST_TDR_CFG={0x170, 0x2, 0x0, 0x1, [@nested={0x161, 0x7b, 0x0, 0x1, [@generic="9d93b04941e207c7bae3670c1b3095268021ab19f0fe53ed717040c77602acb8ae2908e5", @typed={0x8, 0x20, 0x0, 0x0, @pid}, @nested={0x4, 0x90}, @generic="ff7335670ce8b176dec49e451aac1d2163563fb85023045c7870bb8203d0af69507255eeb9e86e1c57029f01734e80a3a316cade31f5cc782afa9010a2ce979552b2e701fa92b127b6a8eb45f9e2441b0cd22cdb86f992fa05ed40ae1156a14a1e2eee436589cef7194d52c0f49e84ef9d770609e75f91b07e1eb5297c72e2828eced8df95cea1a3e795e2a78a20d497423cc0a6f72389ad3bdf9a91317a99945b51d861c0edc8f398c1d5bcf3dfc36780300671b3a70c9d1f45fe2dde066a555f8c90d68a1e46aa9e71a5f768f1faf0f98d8a9ef51ad8cfdefd5b6a26", @typed={0x8, 0x146, 0x0, 0x0, @u32=0x81bb4b0e}, @typed={0x45, 0x154, 0x0, 0x0, @binary="a42fa44f429863633fceee1de4e28f7c460ead5c33c2b954b7f698dae77bd16c181bdfec5124638cb1b300d9eae87681201e1c4e13a3aec9e8ae5586517737c525"}]}, @nested={0x8, 0xef, 0x0, 0x1, [@nested={0x4, 0x7f}]}]}, @ETHTOOL_A_CABLE_TEST_TDR_HEADER={0x24, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_PHY_INDEX={0x8, 0x4, 0x3}]}]}, 0x1e4}, 0x1, 0x0, 0x0, 0x8000}, 0x2000840) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000f40)={'batadv0\x00'}) writev$auto(r4, &(0x7f0000000240)={0x0, 0x5}, 0xa) write$auto_aoe_fops_aoechr(r2, 0x0, 0x0) landlock_create_ruleset$auto(&(0x7f0000000000)={0x0, 0x421, 0x7}, 0x9, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000040), 0x6a2043, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)={0x3c, r6, 0x1b, 0x74bd26, 0x25dfdbfd, {}, [@OVS_PACKET_ATTR_PROBE={0x4}, @OVS_PACKET_ATTR_ACTIONS={0xc, 0x3, 0x0, 0x1, [@nested={0x8, 0x6, 0x0, 0x1, [@generic='\x00\x00\x00\x00']}]}, @OVS_PACKET_ATTR_PACKET={0x12, 0x1, "898771f1c19f17790485908286dd"}, @OVS_PACKET_ATTR_KEY={0x4}]}, 0x3c}, 0x1, 0x0, 0x0, 0x400c000}, 0x20004880) move_pages$auto(0x1, 0x2000000000003, 0x0, 0x0, 0x0, 0x8000400000000000) ioctl$auto(0x3, 0x400454ca, 0x38) write$auto_trace_clock_fops_trace(r0, 0x0, 0x0) 19.068707239s ago: executing program 0 (id=510): socket(0x2, 0x3, 0xa) connect$auto(0x3, 0x0, 0x54) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) r0 = socket$nl_generic(0x10, 0x3, 0x10) fcntl$auto(r0, 0xa, 0x1) fcntl$auto(r0, 0x10, 0x2) syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000001b80), 0xffffffffffffffff) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mq_timedreceive$auto(0xffffffffffffffff, 0x0, 0x5, 0x0, 0xffffffffffffffff) migrate_pages$auto(0x0, 0x3, 0x0, &(0x7f0000000140)=0x2) mmap$auto(0x0, 0xe983, 0x6, 0xeb1, 0xffffffffffffffff, 0x8000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) mmap$auto(0x0, 0x10000000400008, 0xdf, 0x9b72, 0x2, 0x40000008000) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r1, 0x0, 0xe8) r2 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000001240)='/proc/thread-self/fail-nth\x00', 0xa0302, 0x0) writev$auto(r2, &(0x7f0000000200)={0x0, 0x7}, 0x3) capget$auto(0x0, 0xfffffffffffffffe) bpf$auto_BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000240)=@raw_tracepoint={0xd7, r2, 0x0, 0x8}, 0x0) lstat$auto(0x0, &(0x7f0000000180)={0x4, 0x4, 0x7, 0xfffffffc, 0x0, 0x0, 0x0, 0x9, 0x10001, 0x7, 0x8001, 0x7ffffff8, 0x5, 0x7, 0x5, 0x61, 0x103}) shmctl$auto_IPC_SET(0x13d00000, 0x1, &(0x7f00000003c0)={{0x2, 0xee01, 0xffffffffffffffff, 0x2, 0x8, 0x7, 0x3}, 0x7, 0x7, 0xe, 0xda, @raw=0x7fff, @inferred=0xffffffffffffffff, 0x2, 0x0, 0x0, &(0x7f0000000240)}) close_range$auto(0x2, 0x8, 0x0) openat$auto_nst_seq_fops_netdebug(0xffffffffffffff9c, &(0x7f0000001640), 0x200, 0x0) mprotect$auto(0x200000000000, 0x806121, 0x8) r3 = socket(0x2, 0x2, 0x1) copy_file_range$auto(r3, 0x0, r3, &(0x7f0000000080)=0x5, 0x9, 0x3) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/slab/kmalloc-64/cpu_partial\x00', 0x109101, 0x0) mmap$auto(0x0, 0x7, 0x1, 0xeb1, 0xffffffffffffffff, 0x8000) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0x8) 18.191923334s ago: executing program 0 (id=511): unshare$auto(0x40000080) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) socket(0x2c, 0x1, 0x0) listen$auto(0x3, 0x81) socket(0x10, 0x2, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000140), 0x8f00, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) mremap$auto(0x1ff000, 0x100005, 0x843, 0x3, 0x2) mremap$auto(0xfffff000, 0x4, 0x4, 0x7, 0x1001ff000) fsopen$auto(0x0, 0x1) prctl$auto(0x1000000003b, 0x84, 0x4, 0xd73, 0x7) madvise$auto(0xfffffffffffffffa, 0x9, 0x19) process_madvise$auto_MADV_WILLNEED(0xffffffffffffffff, &(0x7f0000007900)={0x0, 0x4}, 0x9, 0x3, 0x0) madvise$auto(0x0, 0x2003f2, 0x15) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ethtool(0x0, r1) mmap$auto(0x2, 0x1, 0x4000000000df, 0x78, r1, 0x300000000000) socket(0x1d, 0x3, 0x1) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup.cpu/memory.limit_in_bytes\x00', 0x182b02, 0x0) sendfile$auto(r3, r3, 0x0, 0x3) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x3, 0x4) bpf$auto(0x0, &(0x7f00000001c0)=@test={0xffffffffffffffff, 0xb, 0xfffff0b6, 0xffff, 0x84, 0xac1, 0x2, 0x3624239c, 0xfffff5b2, 0x3bb, 0x8000007, 0xffff, 0x6, 0x81, 0x68198}, 0x6f3) 17.227300184s ago: executing program 0 (id=512): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) modify_ldt$auto(0x1, 0x0, 0x10) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event1\x00', 0x34d802, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) socketcall$auto(0x8000, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/module/snd_hda_intel/parameters/power_save\x00', 0x80002, 0x0) sendfile$auto(0x3, 0x3, 0x0, 0x400000000006) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) r0 = socketpair$auto(0x101, 0x6, 0x1, 0x0) r1 = openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000540), 0x40, 0x0) ioctl$auto_TUNGETIFF(r1, 0x800454d2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x1, 0x0) mmap$auto(0x0, 0x9, 0xdf, 0xeb1, 0x401, 0x8000) getsockopt$auto(0x4, 0x6, 0x1b, 0xfffffffffffffffc, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) r2 = openat$auto_uprobe_events_ops_trace_uprobe(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/tracing/uprobe_events\x00', 0x2, 0x0) write$auto_uprobe_events_ops_trace_uprobe(r2, &(0x7f00000000c0)="21b191ce7e7a29762f4b6708c2675ae2564d359b6a8c5c466d3a1c5d0fe91daf6bff27b661018813d2b88afc815656a6c67ae3e723b621b5e3a01d876c2348a05b94f980d3da4261a114efa0171dd5a3af6ede7edc962985bb2bdbf4c7af833400"/109, 0x6d) read$auto(0x3, 0x0, 0x10) fsopen$auto(0x0, 0x1) syz_genetlink_get_family_id$auto_nl802154(0x0, r0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x213, 0x401, 0x8000) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r3, 0x0, 0x20) r4 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) io_uring_setup$auto(0xfffffff9, 0x0) writev$auto(r4, &(0x7f0000000200)={0x0, 0x7}, 0x3) r5 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x80080, 0x0) ioctl$auto_PPPIOCSMRU(r5, 0xc004743e, 0x0) write$auto(0x3, 0x0, 0xffd8) 16.739850869s ago: executing program 0 (id=513): syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000280), 0xffffffffffffffff) statx$auto(0xffffffffffffffff, 0x0, 0x1003, 0x4005, 0x0) syz_genetlink_get_family_id$auto_tipcv2(0x0, 0xffffffffffffffff) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) prctl$auto_PR_SET_VMA(0x53564d41, 0x0, 0x9000, 0x8002, 0x2) r0 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) write$auto(r0, &(0x7f00000000c0)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x2) mmap$auto(0x12000, 0x3fffff, 0x7, 0x11, 0xdd, 0x0) 16.107394154s ago: executing program 0 (id=514): r0 = openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0) openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) bind$auto(r0, &(0x7f0000000140)=@l2={0x1f, 0x5, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x8fa2}, 0x6) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_proc_mountinfo_operations_mnt_namespace(0xffffffffffffff9c, &(0x7f0000001080)='/proc/self/mountinfo\x00', 0x20202, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/module/block2mtd/parameters/block2mtd\x00', 0x601, 0x0) write$auto_kernfs_file_fops_kernfs_internal(r1, &(0x7f0000000000)="e7696e5891a9bccbf2a814c2b1c2da6a4642e71e423e55bb3bdfb80fb3496c6bac2c476942", 0x25) openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000000)='/dev/binderfs/binder1\x00', 0x1, 0x0) mmap$auto(0x0, 0x400008, 0x6, 0x9b72, 0x2, 0x8000) close_range$auto(0x0, 0x5, 0x0) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) fanotify_init$auto(0x5, 0x2000000000002) r2 = socket(0x2, 0x801, 0x100) write$auto(r2, &(0x7f0000000100)='\\[(.\\@\\)\x00', 0x2) bind$auto(0x3, 0x0, 0x67) r3 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/net/rpc/auth.unix.ip/content\x00', 0x2000, 0x0) pread64$auto(r3, 0x0, 0xf42c, 0x38) socketpair$auto(0x1e, 0x5, 0x40000, 0x0) r4 = openat$auto_debugfs_full_proxy_file_operations_internal(0xffffffffffffff9c, &(0x7f0000000300)='/sys/kernel/debug/netdevsim/netdevsim0/hwstats/l3/enable_ifindex\x00', 0x2641, 0x0) write$auto(r4, &(0x7f0000000380)='0\x81=\"\xad/\x8d\b\x00\x18\xa4\xb0\xb4\xd9\x82=~\x17\xfb&L\xeb=j\a\xf1y\xb3\"\xeb\a\xdd\xf4\xf4Ry\xee\xd7\x1e\x1c\x86\x0f\xcf\x7f\xbf\xab\x12{\xc2\xc2*\xc1M+6/v8\xea\xe9\x85s4\xfe\xe5\t\x7fc\xfb7^\xb86J_\x1d1s!\x01\xff\xff\xff\xff\xff\xff\xff\x1dF\xe6\xf6\x17\x10+\xc0\xb0\xafc\x99\xd4\x150Y~\x1e\xe2\xd6x4fW\x13\xc4U`\x9e-X\xd7\xe2H^\fLS`\xfc\xbb\r\f\x00\xeaN\xa5\xd2\x82;\x7f\xa0.\x9a\xfb\x8d\xf3l\xf2\xd3\x95\xc1M5\xcb\xa6I\x067\xe36\xea\xe9\xe3\xf44oT_`8\xb3\xef\x04 \x05K\xf9\x87pl\xac\x86\nE\xc7e\xc5Q\x89\xcd@\x1c\x92\x00\x87\x976\x9f>\xa2\xcfm\xec\r\x11\x7f\x00\x00\x00\xb1\xde@\x02\xce\x03\xb7\xb1\xfb\x9fr\v\xb2\xe3\xc7\b\x85\x00 /zm\x7f\x8fg,p\a\xc8\x7f\xa5\x87\x02\x87\xbbR=A\x00\x1f\x8a\xa7/Q\"J\xbb\xb0m\xf2SP\x84\x84S\xf0\xba\x9a\xf6\xb6`WI\xba\xba*8\x9f\xea\xe8K/\x98\xbc7~>\x12\x9buB\xcb\xe4\x8aKf\xba\x8c\x19m\xe6I\x02\xde\x80\x9d\x87}\xf4\xbd9\xaa\xd6\xdb1]\xde\xa0r\x14\xca56^\x94\xd2\xd8\xe6}9\x91\xb6\xf7\xa1=\x96\x11\xf1\\\xa91\x0e\xd1\xe4z\xc1;Pw!\x8b\xf5{\xc7Xd\xf1\xf2}\x96EVf\xc9\xa8\xcd\xe4\xc9\x8d\x1d7\xd5\x94\\\xb5\r\xd2\xaa\xe6H\xfe)\xb3a\x04\x1eRMl\xa3F\xa8W0\x90\xc9Ky#\x03\xf5~\xd2Z\xe9(\x99\b\x00M\xde\x01]\r\xd09k\xc2\x84\xc1\xabN\x96\x8a6\x98@\xd3\xab\xa8m\xdf\x8d\x1d\b\x82\xfcP\x87\x93\x80\x97Q\x86\x8a\x9c\xf8L\x0f\xa8@VE2\x9d\x1e`#\xd8\xd7M\xd4k1\xe6\x13Y\\\x83E\xd0e\x0eM\xa9Q\xac\x0e\x1d]\a\x19H\x81\xd2\xccF\xc6\xd4\xe2R$\xfa\xd6}\xbdsN\x18\xdf\xf5\xffP\xf5\f\xccL\xef\x83\xb3$\xd4\xf4\xb5\xe6\xd0 \xb9\xa7\x8e6\t\x83q\xef\b\xd2\xdb', 0x1) write$auto(0x3, 0x0, 0x800) 15.875175476s ago: executing program 0 (id=515): syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000280), 0xffffffffffffffff) statx$auto(0xffffffffffffffff, 0x0, 0x1003, 0x4005, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) bind$auto(0x3, &(0x7f0000000000)=@sco, 0x68) r1 = openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim2/health/break_health\x00', 0x48081, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000480)='/sys/devices/virtual/net/bond0/bonding/arp_ip_target\x00', 0x2a0002, 0x0) write$auto_ocfs2_control_fops_stack_user(r2, &(0x7f0000003900)='\t', 0x1) write$auto(r1, &(0x7f0000000080)=')@-!\x00', 0x1e1) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_batadv(0x0, 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000006c0)={'geneve1\x00', 0x0}) sendmsg$auto_BATADV_CMD_GET_NEIGHBORS(r3, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000040)={0x1c, r4, 0xb11, 0x70bd27, 0x25dfdbfb, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4001}, 0x9800) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x840, 0x0) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) r6 = socket(0x2b, 0x1, 0x1) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x3ff, 0x9, 0x5, 0x14, 0x944, 0x1ffe4, 0x3, 0x6, 0x4, 0x9, 0x400005, 0x4000fff, 0x8000007, 0x8001, 0xd, 0x5, 0x4003, 0x4, 0x7, 0x20, 0x309, 0x8, 0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x78, 0x0, 0x0, [0x40000, 0x0, 0x0, 0x200, 0x9, 0x0, 0x0, 0x4, 0xffffffffffffffff, 0x0, 0x0, 0x4000000000000, 0x2000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x82, 0x800000000002, 0x9, 0x0, 0xbec, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x10, 0xfffffffffffffffe, 0xffffffffffffd059, 0x0, 0x0, 0x0, 0x2961, 0x0, 0x2]}, 0x2001fb, 0x7f) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000140)=ANY=[@ANYRES16=r6, @ANYRESDEC=r1, @ANYRESOCT=r6], 0x1ac}}, 0x40000) r7 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r7, &(0x7f0000000200)={{0x0, 0x1f00, &(0x7f0000000100)={0x0, 0xfdef}, 0x2, 0x0, 0x7, 0xa505}, 0x700}, 0x7, 0x4008) ioctl$auto_SW_SYNC_IOC_CREATE_FENCE(0xffffffffffffffff, 0xc0285700, &(0x7f0000000040)={0x2, "f74d086d6600f5daa47fca1f1a0730a2f629350000000000000008600418af10", @raw=0x3eb9}) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r8 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/net/ipv4/neigh/vlan1/base_reachable_time\x00', 0x40400, 0x0) r9 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/net/psched\x00', 0x40102, 0x0) pread64$auto(r9, 0x0, 0x100000001, 0x100) read$auto(r8, 0x0, 0x1ff) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x8002, 0x0) sendmsg$auto_NL80211_CMD_NOTIFY_RADAR(0xffffffffffffffff, 0x0, 0x4) syz_genetlink_get_family_id$auto_tipcv2(0x0, 0xffffffffffffffff) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) 0s ago: executing program 34 (id=515): syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000280), 0xffffffffffffffff) statx$auto(0xffffffffffffffff, 0x0, 0x1003, 0x4005, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) bind$auto(0x3, &(0x7f0000000000)=@sco, 0x68) r1 = openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim2/health/break_health\x00', 0x48081, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000480)='/sys/devices/virtual/net/bond0/bonding/arp_ip_target\x00', 0x2a0002, 0x0) write$auto_ocfs2_control_fops_stack_user(r2, &(0x7f0000003900)='\t', 0x1) write$auto(r1, &(0x7f0000000080)=')@-!\x00', 0x1e1) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_batadv(0x0, 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000006c0)={'geneve1\x00', 0x0}) sendmsg$auto_BATADV_CMD_GET_NEIGHBORS(r3, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000040)={0x1c, r4, 0xb11, 0x70bd27, 0x25dfdbfb, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4001}, 0x9800) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x840, 0x0) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) r6 = socket(0x2b, 0x1, 0x1) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x3ff, 0x9, 0x5, 0x14, 0x944, 0x1ffe4, 0x3, 0x6, 0x4, 0x9, 0x400005, 0x4000fff, 0x8000007, 0x8001, 0xd, 0x5, 0x4003, 0x4, 0x7, 0x20, 0x309, 0x8, 0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x78, 0x0, 0x0, [0x40000, 0x0, 0x0, 0x200, 0x9, 0x0, 0x0, 0x4, 0xffffffffffffffff, 0x0, 0x0, 0x4000000000000, 0x2000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x82, 0x800000000002, 0x9, 0x0, 0xbec, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x10, 0xfffffffffffffffe, 0xffffffffffffd059, 0x0, 0x0, 0x0, 0x2961, 0x0, 0x2]}, 0x2001fb, 0x7f) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000140)=ANY=[@ANYRES16=r6, @ANYRESDEC=r1, @ANYRESOCT=r6], 0x1ac}}, 0x40000) r7 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r7, &(0x7f0000000200)={{0x0, 0x1f00, &(0x7f0000000100)={0x0, 0xfdef}, 0x2, 0x0, 0x7, 0xa505}, 0x700}, 0x7, 0x4008) ioctl$auto_SW_SYNC_IOC_CREATE_FENCE(0xffffffffffffffff, 0xc0285700, &(0x7f0000000040)={0x2, "f74d086d6600f5daa47fca1f1a0730a2f629350000000000000008600418af10", @raw=0x3eb9}) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r8 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/net/ipv4/neigh/vlan1/base_reachable_time\x00', 0x40400, 0x0) r9 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/net/psched\x00', 0x40102, 0x0) pread64$auto(r9, 0x0, 0x100000001, 0x100) read$auto(r8, 0x0, 0x1ff) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x8002, 0x0) sendmsg$auto_NL80211_CMD_NOTIFY_RADAR(0xffffffffffffffff, 0x0, 0x4) syz_genetlink_get_family_id$auto_tipcv2(0x0, 0xffffffffffffffff) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.172' (ED25519) to the list of known hosts. [ 91.540715][ T5807] cgroup: Unknown subsys name 'net' [ 91.653585][ T5807] cgroup: Unknown subsys name 'cpuset' [ 91.663908][ T5807] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 93.461590][ T5807] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 95.591988][ T51] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 95.602489][ T5821] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 95.610923][ T5821] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 95.619521][ T5823] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 95.634627][ T5826] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 95.648213][ T5826] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 95.657034][ T5826] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 95.665809][ T5826] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 95.673270][ T5826] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 95.681422][ T5823] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 95.701672][ T5826] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 95.707248][ T51] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 95.717120][ T5821] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 95.729671][ T5821] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 95.735342][ T51] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 95.745790][ T51] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 95.754244][ T51] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 95.762306][ T51] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 95.771509][ T5823] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 95.780108][ T5823] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 96.407433][ T5819] chnl_net:caif_netlink_parms(): no params data found [ 96.470418][ T5829] chnl_net:caif_netlink_parms(): no params data found [ 96.512976][ T5822] chnl_net:caif_netlink_parms(): no params data found [ 96.621717][ T5828] chnl_net:caif_netlink_parms(): no params data found [ 96.754683][ T5819] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.763583][ T5819] bridge0: port 1(bridge_slave_0) entered disabled state [ 96.771573][ T5819] bridge_slave_0: entered allmulticast mode [ 96.788834][ T5819] bridge_slave_0: entered promiscuous mode [ 96.823846][ T5819] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.832545][ T5819] bridge0: port 2(bridge_slave_1) entered disabled state [ 96.839846][ T5819] bridge_slave_1: entered allmulticast mode [ 96.847300][ T5819] bridge_slave_1: entered promiscuous mode [ 96.880070][ T5822] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.887249][ T5822] bridge0: port 1(bridge_slave_0) entered disabled state [ 96.894981][ T5822] bridge_slave_0: entered allmulticast mode [ 96.902923][ T5822] bridge_slave_0: entered promiscuous mode [ 96.946953][ T5822] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.955835][ T5822] bridge0: port 2(bridge_slave_1) entered disabled state [ 96.963197][ T5822] bridge_slave_1: entered allmulticast mode [ 96.971001][ T5822] bridge_slave_1: entered promiscuous mode [ 96.991526][ T5829] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.998881][ T5829] bridge0: port 1(bridge_slave_0) entered disabled state [ 97.006092][ T5829] bridge_slave_0: entered allmulticast mode [ 97.014128][ T5829] bridge_slave_0: entered promiscuous mode [ 97.050443][ T5819] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 97.060106][ T5829] bridge0: port 2(bridge_slave_1) entered blocking state [ 97.067951][ T5829] bridge0: port 2(bridge_slave_1) entered disabled state [ 97.075858][ T5829] bridge_slave_1: entered allmulticast mode [ 97.083444][ T5829] bridge_slave_1: entered promiscuous mode [ 97.090697][ T5828] bridge0: port 1(bridge_slave_0) entered blocking state [ 97.097858][ T5828] bridge0: port 1(bridge_slave_0) entered disabled state [ 97.105508][ T5828] bridge_slave_0: entered allmulticast mode [ 97.113330][ T5828] bridge_slave_0: entered promiscuous mode [ 97.136752][ T5819] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 97.170660][ T5828] bridge0: port 2(bridge_slave_1) entered blocking state [ 97.178078][ T5828] bridge0: port 2(bridge_slave_1) entered disabled state [ 97.185395][ T5828] bridge_slave_1: entered allmulticast mode [ 97.193010][ T5828] bridge_slave_1: entered promiscuous mode [ 97.202901][ T5822] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 97.231680][ T797] cfg80211: failed to load regulatory.db [ 97.262168][ T5822] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 97.274243][ T5819] team0: Port device team_slave_0 added [ 97.283219][ T5819] team0: Port device team_slave_1 added [ 97.297084][ T5829] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 97.368787][ T5829] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 97.381764][ T5828] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 97.393491][ T5822] team0: Port device team_slave_0 added [ 97.402117][ T5822] team0: Port device team_slave_1 added [ 97.408524][ T5819] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 97.416547][ T5819] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 97.443145][ T5819] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 97.470290][ T5828] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 97.492262][ T5819] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 97.499587][ T5819] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 97.525898][ T5819] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 97.593256][ T5829] team0: Port device team_slave_0 added [ 97.602605][ T5829] team0: Port device team_slave_1 added [ 97.626129][ T5822] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 97.633721][ T5822] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 97.663902][ T5822] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 97.689887][ T5828] team0: Port device team_slave_0 added [ 97.707755][ T5822] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 97.715305][ T5823] Bluetooth: hci0: command tx timeout [ 97.715509][ T5822] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 97.747243][ T5822] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 97.772567][ T5828] team0: Port device team_slave_1 added [ 97.789410][ T5823] Bluetooth: hci1: command tx timeout [ 97.796678][ T5829] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 97.803699][ T5829] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 97.829981][ T5829] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 97.856693][ T5819] hsr_slave_0: entered promiscuous mode [ 97.863832][ T5819] hsr_slave_1: entered promiscuous mode [ 97.869732][ T5823] Bluetooth: hci3: command tx timeout [ 97.869741][ T5141] Bluetooth: hci2: command tx timeout [ 97.891301][ T5829] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 97.898303][ T5829] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 97.925056][ T5829] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 97.976700][ T5828] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 97.983946][ T5828] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 98.010371][ T5828] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 98.058286][ T5828] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 98.065570][ T5828] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 98.091841][ T5828] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 98.121742][ T5829] hsr_slave_0: entered promiscuous mode [ 98.128292][ T5829] hsr_slave_1: entered promiscuous mode [ 98.134895][ T5829] debugfs: 'hsr0' already exists in 'hsr' [ 98.140781][ T5829] Cannot create hsr debugfs directory [ 98.169942][ T5822] hsr_slave_0: entered promiscuous mode [ 98.176447][ T5822] hsr_slave_1: entered promiscuous mode [ 98.183100][ T5822] debugfs: 'hsr0' already exists in 'hsr' [ 98.188912][ T5822] Cannot create hsr debugfs directory [ 98.354508][ T5828] hsr_slave_0: entered promiscuous mode [ 98.361150][ T5828] hsr_slave_1: entered promiscuous mode [ 98.367383][ T5828] debugfs: 'hsr0' already exists in 'hsr' [ 98.373250][ T5828] Cannot create hsr debugfs directory [ 98.756410][ T5819] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 98.774292][ T5819] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 98.785923][ T5819] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 98.808007][ T5819] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 98.881937][ T5829] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 98.892688][ T5829] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 98.906535][ T5829] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 98.918258][ T5829] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 99.014006][ T5828] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 99.026448][ T5828] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 99.060800][ T5828] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 99.072487][ T5828] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 99.141927][ T5822] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 99.155984][ T5822] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 99.167559][ T5822] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 99.190246][ T5822] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 99.286790][ T5819] 8021q: adding VLAN 0 to HW filter on device bond0 [ 99.333132][ T5819] 8021q: adding VLAN 0 to HW filter on device team0 [ 99.359776][ T35] bridge0: port 1(bridge_slave_0) entered blocking state [ 99.367108][ T35] bridge0: port 1(bridge_slave_0) entered forwarding state [ 99.410347][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 99.417553][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 99.455261][ T5829] 8021q: adding VLAN 0 to HW filter on device bond0 [ 99.514790][ T5828] 8021q: adding VLAN 0 to HW filter on device bond0 [ 99.528601][ T5829] 8021q: adding VLAN 0 to HW filter on device team0 [ 99.565842][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 99.573132][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 99.600906][ T5822] 8021q: adding VLAN 0 to HW filter on device bond0 [ 99.618428][ T1098] bridge0: port 2(bridge_slave_1) entered blocking state [ 99.625665][ T1098] bridge0: port 2(bridge_slave_1) entered forwarding state [ 99.670619][ T5828] 8021q: adding VLAN 0 to HW filter on device team0 [ 99.697555][ T5822] 8021q: adding VLAN 0 to HW filter on device team0 [ 99.738745][ T1098] bridge0: port 1(bridge_slave_0) entered blocking state [ 99.746033][ T1098] bridge0: port 1(bridge_slave_0) entered forwarding state [ 99.794421][ T5823] Bluetooth: hci0: command tx timeout [ 99.833336][ T1098] bridge0: port 2(bridge_slave_1) entered blocking state [ 99.840963][ T1098] bridge0: port 2(bridge_slave_1) entered forwarding state [ 99.856576][ T1098] bridge0: port 1(bridge_slave_0) entered blocking state [ 99.863849][ T1098] bridge0: port 1(bridge_slave_0) entered forwarding state [ 99.872166][ T5823] Bluetooth: hci1: command tx timeout [ 99.886975][ T1098] bridge0: port 2(bridge_slave_1) entered blocking state [ 99.894254][ T1098] bridge0: port 2(bridge_slave_1) entered forwarding state [ 99.950568][ T5823] Bluetooth: hci3: command tx timeout [ 99.960222][ T5823] Bluetooth: hci2: command tx timeout [ 100.012823][ T5819] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 100.192171][ T5819] veth0_vlan: entered promiscuous mode [ 100.242431][ T5819] veth1_vlan: entered promiscuous mode [ 100.323085][ T5819] veth0_macvtap: entered promiscuous mode [ 100.353643][ T5819] veth1_macvtap: entered promiscuous mode [ 100.420577][ T5819] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 100.444387][ T5819] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 100.503968][ T1098] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.541369][ T1098] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.581548][ T5829] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 100.595218][ T3493] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.609023][ T3493] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.631906][ T5828] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 100.733875][ T5822] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 100.826912][ T3493] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.844141][ T3493] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.885856][ T5829] veth0_vlan: entered promiscuous mode [ 100.898239][ T5828] veth0_vlan: entered promiscuous mode [ 100.943022][ T5829] veth1_vlan: entered promiscuous mode [ 100.949518][ T60] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.957373][ T60] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.974627][ T5828] veth1_vlan: entered promiscuous mode [ 100.993593][ T5822] veth0_vlan: entered promiscuous mode [ 101.034744][ T5822] veth1_vlan: entered promiscuous mode [ 101.068473][ T5819] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 101.112514][ T5829] veth0_macvtap: entered promiscuous mode [ 101.146186][ T5828] veth0_macvtap: entered promiscuous mode [ 101.185230][ T5829] veth1_macvtap: entered promiscuous mode [ 101.225507][ T5828] veth1_macvtap: entered promiscuous mode [ 101.266508][ T5829] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 101.285933][ T5822] veth0_macvtap: entered promiscuous mode [ 101.305462][ T5828] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 101.321004][ T5829] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 101.334633][ T5822] veth1_macvtap: entered promiscuous mode [ 101.355225][ T5828] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 101.400395][ T35] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.416156][ T35] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.445840][ T5822] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 101.464995][ T109] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.489168][ T109] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.514223][ T109] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.538161][ T109] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.568904][ T109] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.584944][ T5822] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 101.595539][ T109] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.639932][ T3493] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.681882][ T3493] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.712257][ T3493] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.723534][ T3493] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.832690][ T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 101.850283][ T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 101.868907][ T5823] Bluetooth: hci0: command tx timeout [ 101.950308][ T5823] Bluetooth: hci1: command tx timeout [ 102.006732][ T109] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 102.029072][ T5823] Bluetooth: hci2: command tx timeout [ 102.034544][ T5823] Bluetooth: hci3: command tx timeout [ 102.041511][ T109] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 102.113028][ T3493] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 102.132199][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 102.132802][ T3493] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 102.159778][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 102.235344][ T3493] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 102.251725][ T3493] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 102.285605][ T60] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 102.320323][ T60] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 102.556004][ T5925] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1'. [ 102.652686][ T5925] i: entered promiscuous mode [ 102.734359][ T5925] HfR: entered promiscuous mode [ 103.958906][ T5823] Bluetooth: hci0: command tx timeout [ 104.030294][ T5823] Bluetooth: hci1: command tx timeout [ 104.109163][ T5141] Bluetooth: hci2: command tx timeout [ 104.114668][ T5823] Bluetooth: hci3: command tx timeout [ 104.245893][ T5949] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 104.750126][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 104.869494][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 105.249271][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 105.389010][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 105.709190][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 105.789650][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 105.949055][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 106.970171][ T5976] zswap: compressor not available [ 108.179215][ T5999] __vm_enough_memory: pid: 5999, comm: syz.3.16, bytes: 4398046511104 not enough memory for the allocation [ 108.779250][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 108.979679][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 109.056905][ T5998] netlink: 330 bytes leftover after parsing attributes in process `syz.0.17'. [ 109.145269][ T5998] : renamed from ip6tnl0 (while UP) [ 109.589185][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 111.391115][ T6049] FAULT_INJECTION: forcing a failure. [ 111.391115][ T6049] name failslab, interval 1, probability 0, space 0, times 1 [ 111.417855][ T6049] CPU: 1 UID: 0 PID: 6049 Comm: syz.3.26 Not tainted syzkaller #0 PREEMPT(full) [ 111.417900][ T6049] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 111.417924][ T6049] Call Trace: [ 111.417935][ T6049] [ 111.417952][ T6049] dump_stack_lvl+0x100/0x190 [ 111.418017][ T6049] should_fail_ex.cold+0x5/0xa [ 111.418057][ T6049] should_failslab+0xc2/0x120 [ 111.418090][ T6049] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 111.418136][ T6049] ? __kernfs_new_node+0xd2/0x960 [ 111.418188][ T6049] __kernfs_new_node+0xd2/0x960 [ 111.418237][ T6049] ? __pfx___kernfs_new_node+0x10/0x10 [ 111.418291][ T6049] ? find_held_lock+0x2b/0x80 [ 111.418320][ T6049] ? kernfs_root+0xee/0x2a0 [ 111.418360][ T6049] ? kernfs_root+0xee/0x2a0 [ 111.418411][ T6049] kernfs_new_node+0x11b/0x1a0 [ 111.418466][ T6049] __kernfs_create_file+0x53/0x350 [ 111.418506][ T6049] sysfs_add_file_mode_ns+0x207/0x3c0 [ 111.418554][ T6049] internal_create_group+0x593/0xf40 [ 111.418603][ T6049] ? __pfx_internal_create_group+0x10/0x10 [ 111.418674][ T6049] sysfs_slab_add+0x1a4/0x1f0 [ 111.418727][ T6049] do_kmem_cache_create+0x472/0x540 [ 111.418779][ T6049] __kmem_cache_create_args+0x386/0x420 [ 111.418822][ T6049] mon_text_open+0x333/0x510 [ 111.418861][ T6049] ? __pfx_mon_text_open+0x10/0x10 [ 111.418902][ T6049] ? __pfx_mon_text_ctor+0x10/0x10 [ 111.418938][ T6049] ? find_held_lock+0x2b/0x80 [ 111.418964][ T6049] ? __pfx_apparmor_file_open+0x10/0x10 [ 111.419001][ T6049] ? lockdown_is_locked_down+0x3d/0x140 [ 111.419035][ T6049] ? bpf_lsm_locked_down+0x9/0x10 [ 111.419068][ T6049] ? __pfx_mon_text_open+0x10/0x10 [ 111.419103][ T6049] full_proxy_open_regular+0x1b6/0x370 [ 111.419144][ T6049] do_dentry_open+0x6d8/0x1660 [ 111.419188][ T6049] ? __pfx_full_proxy_open_regular+0x10/0x10 [ 111.419235][ T6049] vfs_open+0x82/0x3f0 [ 111.419272][ T6049] path_openat+0x208c/0x31a0 [ 111.419311][ T6049] ? __pfx_path_openat+0x10/0x10 [ 111.419351][ T6049] do_file_open+0x20e/0x430 [ 111.419382][ T6049] ? __pfx_do_file_open+0x10/0x10 [ 111.419435][ T6049] ? alloc_fd+0x476/0x790 [ 111.419483][ T6049] ? do_getname+0x191/0x390 [ 111.419519][ T6049] do_sys_openat2+0x10d/0x1e0 [ 111.419554][ T6049] ? __pfx_do_sys_openat2+0x10/0x10 [ 111.419592][ T6049] ? __sys_sendmsg+0x18f/0x220 [ 111.419639][ T6049] __x64_sys_openat+0x12d/0x210 [ 111.419677][ T6049] ? __pfx___x64_sys_openat+0x10/0x10 [ 111.419728][ T6049] do_syscall_64+0x106/0xf80 [ 111.419759][ T6049] ? clear_bhb_loop+0x40/0x90 [ 111.419796][ T6049] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 111.419826][ T6049] RIP: 0033:0x7f628879c629 [ 111.419861][ T6049] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 111.419894][ T6049] RSP: 002b:00007f62869ee028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 111.419926][ T6049] RAX: ffffffffffffffda RBX: 00007f6288a15fa0 RCX: 00007f628879c629 [ 111.419946][ T6049] RDX: 0000000000022202 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 111.419964][ T6049] RBP: 00007f6288832b39 R08: 0000000000000000 R09: 0000000000000000 [ 111.419981][ T6049] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 111.419998][ T6049] R13: 00007f6288a16038 R14: 00007f6288a15fa0 R15: 00007ffe3e56a038 [ 111.420042][ T6049] [ 111.900858][ T6049] SLUB: Unable to add cache mon_text_ffff8880541a7800 to sysfs [ 114.591339][ T5823] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 115.745244][ T29] audit: type=1800 audit(1771911059.548:2): pid=6081 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.31" name="dbroot" dev="configfs" ino=8611 res=0 errno=0 [ 116.349714][ T6088] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 118.922006][ T6114] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 128.816578][ T6224] Zero length message leads to an empty skb [ 128.850336][ T6224] FAULT_INJECTION: forcing a failure. [ 128.850336][ T6224] name failslab, interval 1, probability 0, space 0, times 0 [ 128.865331][ T6224] CPU: 0 UID: 0 PID: 6224 Comm: syz.2.59 Not tainted syzkaller #0 PREEMPT(full) [ 128.865363][ T6224] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 128.865378][ T6224] Call Trace: [ 128.865386][ T6224] [ 128.865394][ T6224] dump_stack_lvl+0x100/0x190 [ 128.865449][ T6224] should_fail_ex.cold+0x5/0xa [ 128.865476][ T6224] ? sk_prot_alloc+0x10b/0x2a0 [ 128.865507][ T6224] should_failslab+0xc2/0x120 [ 128.865535][ T6224] __kmalloc_noprof+0xe0/0x850 [ 128.865576][ T6224] sk_prot_alloc+0x10b/0x2a0 [ 128.865609][ T6224] sk_alloc+0x36/0xe80 [ 128.865638][ T6224] __netlink_create+0x5e/0x2c0 [ 128.865660][ T6224] ? __wake_up+0x3f/0x60 [ 128.865686][ T6224] netlink_create+0x293/0x610 [ 128.865711][ T6224] ? __pfx_genl_bind+0x10/0x10 [ 128.865740][ T6224] ? __pfx_genl_unbind+0x10/0x10 [ 128.865768][ T6224] ? __pfx_genl_release+0x10/0x10 [ 128.865803][ T6224] __sock_create+0x339/0x860 [ 128.865843][ T6224] __sys_socket+0x14d/0x260 [ 128.865878][ T6224] ? __pfx___sys_socket+0x10/0x10 [ 128.865928][ T6224] __x64_sys_socket+0x72/0xb0 [ 128.865963][ T6224] ? lockdep_hardirqs_on+0x78/0x100 [ 128.865990][ T6224] do_syscall_64+0x106/0xf80 [ 128.866015][ T6224] ? clear_bhb_loop+0x40/0x90 [ 128.866045][ T6224] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 128.866069][ T6224] RIP: 0033:0x7f244d19c629 [ 128.866093][ T6224] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 128.866116][ T6224] RSP: 002b:00007f244dfda028 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 128.866142][ T6224] RAX: ffffffffffffffda RBX: 00007f244d415fa0 RCX: 00007f244d19c629 [ 128.866160][ T6224] RDX: 0000000000000010 RSI: 0000000000000003 RDI: 0000000000000010 [ 128.866175][ T6224] RBP: 00007f244d232b39 R08: 0000000000000000 R09: 0000000000000000 [ 128.866189][ T6224] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 128.866203][ T6224] R13: 00007f244d416038 R14: 00007f244d415fa0 R15: 00007fffc99c0ea8 [ 128.866233][ T6224] [ 129.830099][ T6237] netlink: 28 bytes leftover after parsing attributes in process `syz.3.61'. [ 131.289709][ T6249] FAULT_INJECTION: forcing a failure. [ 131.289709][ T6249] name failslab, interval 1, probability 0, space 0, times 0 [ 131.289824][ T6249] CPU: 1 UID: 0 PID: 6249 Comm: syz.3.64 Not tainted syzkaller #0 PREEMPT(full) [ 131.289862][ T6249] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 131.289882][ T6249] Call Trace: [ 131.289892][ T6249] [ 131.289905][ T6249] dump_stack_lvl+0x100/0x190 [ 131.289961][ T6249] should_fail_ex.cold+0x5/0xa [ 131.290006][ T6249] should_failslab+0xc2/0x120 [ 131.290038][ T6249] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 131.290085][ T6249] ? __proc_create+0x2cb/0x8c0 [ 131.290143][ T6249] __proc_create+0x2cb/0x8c0 [ 131.290193][ T6249] ? __pfx___proc_create+0x10/0x10 [ 131.290258][ T6249] proc_create_reg+0x75/0x170 [ 131.290314][ T6249] proc_create_net_data+0x8e/0x1c0 [ 131.290366][ T6249] ? __pfx_proc_create_net_data+0x10/0x10 [ 131.290416][ T6249] ? net_generic+0xea/0x2a0 [ 131.290460][ T6249] ? __pfx_phonet_init_net+0x10/0x10 [ 131.290499][ T6249] phonet_init_net+0x66/0x120 [ 131.290536][ T6249] ops_init+0x1e2/0x5f0 [ 131.290579][ T6249] setup_net+0x118/0x3a0 [ 131.290618][ T6249] ? __pfx_setup_net+0x10/0x10 [ 131.290655][ T6249] ? lockdep_init_map_type+0x5c/0x250 [ 131.290700][ T6249] ? mutex_init_lockep+0x110/0x150 [ 131.290751][ T6249] copy_net_ns+0x46f/0x7c0 [ 131.290801][ T6249] create_new_namespaces+0x3ea/0xac0 [ 131.290843][ T6249] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 131.290878][ T6249] ksys_unshare+0x455/0xab0 [ 131.290923][ T6249] ? __pfx_ksys_unshare+0x10/0x10 [ 131.290981][ T6249] __x64_sys_unshare+0x31/0x40 [ 131.291022][ T6249] do_syscall_64+0x106/0xf80 [ 131.291058][ T6249] ? clear_bhb_loop+0x40/0x90 [ 131.291099][ T6249] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 131.291133][ T6249] RIP: 0033:0x7f628879c629 [ 131.291161][ T6249] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 131.291193][ T6249] RSP: 002b:00007f62869ee028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 131.291225][ T6249] RAX: ffffffffffffffda RBX: 00007f6288a15fa0 RCX: 00007f628879c629 [ 131.291252][ T6249] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 131.291270][ T6249] RBP: 00007f6288832b39 R08: 0000000000000000 R09: 0000000000000000 [ 131.291289][ T6249] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 131.291308][ T6249] R13: 00007f6288a16038 R14: 00007f6288a15fa0 R15: 00007ffe3e56a038 [ 131.291351][ T6249] [ 133.088134][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.094734][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.180437][ T6285] netlink: 12 bytes leftover after parsing attributes in process `syz.0.72'. [ 134.270343][ T6299] zswap: compressor not available [ 134.645910][ T6311] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 134.789965][ T6314] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 141.339060][ T6409] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(2667579016.1794154258.892620392), cmd(12) [ 141.353854][ T6410] mmap: syz.0.99 (6410) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 141.402213][ T6409] device-mapper: ioctl: Invalid data size in the ioctl structure: 3230308292 [ 141.430021][ T6409] device-mapper: ioctl: Invalid data size in the ioctl structure: 3230308292 [ 141.476037][ T6409] device-mapper: ioctl: Invalid data size in the ioctl structure: 3230308292 [ 141.511818][ T6409] device-mapper: ioctl: Invalid data size in the ioctl structure: 3230308292 [ 141.520843][ T6409] device-mapper: ioctl: Invalid data size in the ioctl structure: 3230308292 [ 141.573842][ T6409] device-mapper: ioctl: Invalid data size in the ioctl structure: 3230308292 [ 141.639055][ T6409] device-mapper: ioctl: Invalid data size in the ioctl structure: 3230308292 [ 142.050723][ T6421] kmem.tcp.limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 142.437226][ T6424] netlink: 12 bytes leftover after parsing attributes in process `syz.1.102'. [ 142.968949][ T6434] netlink: 186 bytes leftover after parsing attributes in process `syz.1.104'. [ 144.399135][ T6450] ======================================================= [ 144.399135][ T6450] WARNING: The mand mount option has been deprecated and [ 144.399135][ T6450] and is ignored by this kernel. Remove the mand [ 144.399135][ T6450] option from the mount to silence this warning. [ 144.399135][ T6450] ======================================================= [ 145.183025][ T6473] nbd: socks must be embedded in a SOCK_ITEM attr [ 145.418223][ T6480] netlink: 16 bytes leftover after parsing attributes in process `syz.2.117'. [ 146.223838][ T6496] netlink: 8 bytes leftover after parsing attributes in process `syz.0.120'. [ 146.311459][ T6492] zswap: compressor not available [ 146.400465][ T6499] netlink: 'syz.1.121': attribute type 1 has an invalid length. [ 146.591411][ T6498] [U] ^\ [ 146.653939][ T6492] zswap: compressor not available [ 149.571123][ T6569] netlink: 8 bytes leftover after parsing attributes in process `syz.0.135'. [ 149.789715][ T6573] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input5 [ 149.903903][ T5176] ERROR: Out of memory at tomoyo_memory_ok. [ 150.832894][ T6592] blktrace: Concurrent blktraces are not allowed on loop2 [ 152.122753][ T6612] QAT: failed to copy from user cfg_data. [ 152.212295][ T6609] zswap: compressor not available [ 152.910214][ T6632] netlink: 4 bytes leftover after parsing attributes in process `syz.2.150'. [ 153.591063][ T29] audit: type=1800 audit(1771911097.349:3): pid=6643 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.151" name="dbroot" dev="configfs" ino=11083 res=0 errno=0 [ 155.386028][ T6665] FAULT_INJECTION: forcing a failure. [ 155.386028][ T6665] name failslab, interval 1, probability 0, space 0, times 0 [ 155.458130][ T6665] CPU: 0 UID: 0 PID: 6665 Comm: syz.0.157 Not tainted syzkaller #0 PREEMPT(full) [ 155.458180][ T6665] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 155.458194][ T6665] Call Trace: [ 155.458202][ T6665] [ 155.458211][ T6665] dump_stack_lvl+0x100/0x190 [ 155.458252][ T6665] should_fail_ex.cold+0x5/0xa [ 155.458279][ T6665] ? tomoyo_encode2+0xfb/0x3c0 [ 155.458302][ T6665] should_failslab+0xc2/0x120 [ 155.458324][ T6665] __kmalloc_noprof+0xe0/0x850 [ 155.458357][ T6665] ? rcu_is_watching+0x12/0xc0 [ 155.458397][ T6665] tomoyo_encode2+0xfb/0x3c0 [ 155.458424][ T6665] tomoyo_encode+0x29/0x50 [ 155.458446][ T6665] tomoyo_realpath_from_path+0x18c/0x690 [ 155.458478][ T6665] tomoyo_check_open_permission+0x2af/0x3c0 [ 155.458547][ T6665] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 155.458633][ T6665] ? lock_acquire+0x1cf/0x380 [ 155.458683][ T6665] ? find_held_lock+0x2b/0x80 [ 155.458726][ T6665] tomoyo_file_open+0x6b/0x90 [ 155.458770][ T6665] security_file_open+0xb5/0x1e0 [ 155.458803][ T6665] do_dentry_open+0x5aa/0x1660 [ 155.458862][ T6665] vfs_open+0x82/0x3f0 [ 155.458898][ T6665] path_openat+0x208c/0x31a0 [ 155.458937][ T6665] ? __pfx_path_openat+0x10/0x10 [ 155.458976][ T6665] do_file_open+0x20e/0x430 [ 155.459004][ T6665] ? __pfx_do_file_open+0x10/0x10 [ 155.459055][ T6665] ? alloc_fd+0x476/0x790 [ 155.459102][ T6665] ? do_getname+0x191/0x390 [ 155.459137][ T6665] do_sys_openat2+0x10d/0x1e0 [ 155.459171][ T6665] ? __pfx_do_sys_openat2+0x10/0x10 [ 155.459212][ T6665] ? __fget_files+0x21f/0x3d0 [ 155.459263][ T6665] __x64_sys_openat+0x12d/0x210 [ 155.459298][ T6665] ? __pfx___x64_sys_openat+0x10/0x10 [ 155.459346][ T6665] do_syscall_64+0x106/0xf80 [ 155.459376][ T6665] ? clear_bhb_loop+0x40/0x90 [ 155.459411][ T6665] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 155.459439][ T6665] RIP: 0033:0x7f292719c629 [ 155.459463][ T6665] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 155.459490][ T6665] RSP: 002b:00007f292800b028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 155.459517][ T6665] RAX: ffffffffffffffda RBX: 00007f2927415fa0 RCX: 00007f292719c629 [ 155.459535][ T6665] RDX: 0000000000000442 RSI: 0000200000000cc0 RDI: ffffffffffffff9c [ 155.459553][ T6665] RBP: 00007f2927232b39 R08: 0000000000000000 R09: 0000000000000000 [ 155.459570][ T6665] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 155.459587][ T6665] R13: 00007f2927416038 R14: 00007f2927415fa0 R15: 00007ffcf1419a38 [ 155.459623][ T6665] [ 155.752099][ T6665] ERROR: Out of memory at tomoyo_realpath_from_path. [ 155.969976][ T6667] zswap: compressor not available [ 156.670067][ T6684] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input6 [ 156.755449][ T5176] ERROR: Out of memory at tomoyo_memory_ok. [ 156.798737][ T6686] netlink: 4 bytes leftover after parsing attributes in process `syz.1.161'. [ 157.080851][ T6693] netlink: 'syz.3.165': attribute type 23 has an invalid length. [ 157.602592][ T6712] random: crng reseeded on system resumption [ 158.031480][ T6715] zswap: compressor not available [ 159.509938][ T6742] bond0: option all_slaves_active: invalid value () [ 160.206897][ T6754] i2c i2c-0: DVB: adapter 0 frontend 0 frequency 0 out of range (51000000..2150000000) [ 161.903479][ T6776] FAULT_INJECTION: forcing a failure. [ 161.903479][ T6776] name failslab, interval 1, probability 0, space 0, times 0 [ 161.944923][ T6776] CPU: 1 UID: 0 PID: 6776 Comm: syz.0.179 Tainted: G L syzkaller #0 PREEMPT(full) [ 161.944963][ T6776] Tainted: [L]=SOFTLOCKUP [ 161.944971][ T6776] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 161.944985][ T6776] Call Trace: [ 161.944994][ T6776] [ 161.945005][ T6776] dump_stack_lvl+0x100/0x190 [ 161.945047][ T6776] should_fail_ex.cold+0x5/0xa [ 161.945074][ T6776] ? memcg_list_lru_alloc+0x4ec/0x740 [ 161.945107][ T6776] should_failslab+0xc2/0x120 [ 161.945130][ T6776] __kmalloc_noprof+0xe0/0x850 [ 161.945166][ T6776] ? do_syscall_64+0x106/0xf80 [ 161.945205][ T6776] memcg_list_lru_alloc+0x4ec/0x740 [ 161.945247][ T6776] ? __pfx_memcg_list_lru_alloc+0x10/0x10 [ 161.945281][ T6776] ? rcu_read_unlock+0x17/0x60 [ 161.945312][ T6776] ? get_mem_cgroup_from_objcg+0xd3/0x330 [ 161.945349][ T6776] __memcg_slab_post_alloc_hook+0x12f/0x9a0 [ 161.945380][ T6776] ? kasan_save_track+0x14/0x30 [ 161.945430][ T6776] kmem_cache_alloc_lru_noprof+0x592/0x6e0 [ 161.945466][ T6776] ? alloc_inode+0x183/0x250 [ 161.945501][ T6776] alloc_inode+0x183/0x250 [ 161.945533][ T6776] alloc_anon_inode+0x2a/0x3e0 [ 161.945575][ T6776] dma_buf_export+0x267/0xcb0 [ 161.945611][ T6776] ? sg_alloc_table+0x4c/0x1c0 [ 161.945644][ T6776] system_heap_allocate+0xb5e/0x1170 [ 161.945688][ T6776] ? __pfx_system_heap_allocate+0x10/0x10 [ 161.945729][ T6776] ? rep_movs_alternative+0x4a/0x90 [ 161.945767][ T6776] dma_heap_ioctl+0x37f/0x5e0 [ 161.945798][ T6776] ? __pfx_dma_heap_ioctl+0x10/0x10 [ 161.945825][ T6776] ? find_held_lock+0x2b/0x80 [ 161.945861][ T6776] ? __pfx_dma_heap_ioctl+0x10/0x10 [ 161.945892][ T6776] __x64_sys_ioctl+0x18e/0x210 [ 161.945926][ T6776] do_syscall_64+0x106/0xf80 [ 161.945951][ T6776] ? clear_bhb_loop+0x40/0x90 [ 161.945980][ T6776] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 161.946005][ T6776] RIP: 0033:0x7f292719c629 [ 161.946025][ T6776] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 161.946047][ T6776] RSP: 002b:00007f2927fea028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 161.946070][ T6776] RAX: ffffffffffffffda RBX: 00007f2927416090 RCX: 00007f292719c629 [ 161.946085][ T6776] RDX: 0000200000000140 RSI: ffffffffffdffe00 RDI: 000000000000000a [ 161.946100][ T6776] RBP: 00007f2927232b39 R08: 0000000000000000 R09: 0000000000000000 [ 161.946115][ T6776] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 161.946128][ T6776] R13: 00007f2927416128 R14: 00007f2927416090 R15: 00007ffcf1419a38 [ 161.946159][ T6776] [ 162.698042][ T6782] zswap: compressor not available [ 163.290466][ T6813] netlink: 354 bytes leftover after parsing attributes in process `syz.0.187'. [ 163.982291][ T6825] netlink: 186 bytes leftover after parsing attributes in process `syz.0.189'. [ 164.005275][ T29] audit: type=1800 audit(1771911107.784:4): pid=6828 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.191" name="features" dev="configfs" ino=12604 res=0 errno=0 [ 164.031526][ T6828] vivid-001: ================= START STATUS ================= [ 164.057590][ T6828] vivid-001: Radio HW Seek Mode: Bounded [ 164.077393][ T6828] vivid-001: Radio Programmable HW Seek: false [ 164.123178][ T6828] vivid-001: RDS Rx I/O Mode: Block I/O [ 164.153134][ T6828] vivid-001: Generate RBDS Instead of RDS: false [ 164.159600][ T6828] vivid-001: RDS Reception: true [ 164.219386][ T6828] vivid-001: RDS Program Type: 0 inactive [ 164.233099][ T6828] vivid-001: RDS PS Name: inactive [ 164.263176][ T6828] vivid-001: RDS Radio Text: inactive [ 164.393208][ T6828] vivid-001: RDS Traffic Announcement: false inactive [ 164.500396][ T6828] vivid-001: RDS Traffic Program: false inactive [ 164.553526][ T6828] vivid-001: RDS Music: false inactive [ 164.628204][ T6828] vivid-001: ================== END STATUS ================== [ 165.153932][ T6839] zswap: compressor not available [ 165.260378][ T5141] Bluetooth: hci2: unexpected event 0x1d length: 6 > 5 [ 165.605743][ T6858] netlink: 342 bytes leftover after parsing attributes in process `syz.2.195'. [ 165.661874][ T6858] netlink: 134 bytes leftover after parsing attributes in process `syz.2.195'. [ 166.467688][ T6865] zswap: compressor  A.xB:(!<'8T|AnE&-n-}r_0s0ABe(ܺt[LR=t.=%2G@3a\u436N:wAm8~ά1q )1 not available [ 166.811941][ T6880] process 'syz.2.199' launched ':,' with NULL argv: empty string added [ 166.826584][ T6880] ERROR: Out of memory at tomoyo_memory_ok. [ 166.833718][ T6880] ERROR: Domain ' /sbin/init /etc/init.d/rcS /etc/init.d/S50sshd /sbin/start-stop-daemon /usr/sbin/sshd /usr/libexec/sshd-session /bin/sh /root/syz-executor /root/syz-executor /newroot/54/:,' not defined. [ 167.132916][ T6880] futex_wake_op: syz.2.199 tries to shift op by -2048; fix this program [ 167.191614][ T6883] netlink: 40 bytes leftover after parsing attributes in process `syz.1.200'. syzkaller syzkaller login: [ 169.021568][ T6930] netlink: 24 bytes leftover after parsing attributes in process `syz.2.212'. [ 169.583122][ T6947] futex_wake_op: syz.1.216 tries to shift op by -2048; fix this program [ 169.715949][ T6947] 0x000000000001-0x000000020000 : "" [ 169.734426][ T6947] ftl_cs: FTL header corrupt! [ 169.903927][ T6952] ERROR: Out of memory at tomoyo_memory_ok. [ 170.788771][ T6974] FAULT_INJECTION: forcing a failure. [ 170.788771][ T6974] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 170.816341][ T6974] CPU: 0 UID: 0 PID: 6974 Comm: syz.0.222 Tainted: G L syzkaller #0 PREEMPT(full) [ 170.816391][ T6974] Tainted: [L]=SOFTLOCKUP [ 170.816403][ T6974] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 170.816431][ T6974] Call Trace: [ 170.816441][ T6974] [ 170.816452][ T6974] dump_stack_lvl+0x100/0x190 [ 170.816512][ T6974] should_fail_ex.cold+0x5/0xa [ 170.816545][ T6974] ? prepare_alloc_pages+0x16d/0x5f0 [ 170.816584][ T6974] should_fail_alloc_page+0xeb/0x140 [ 170.816619][ T6974] prepare_alloc_pages+0x1f0/0x5f0 [ 170.816661][ T6974] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 170.816719][ T6974] ? stack_trace_save+0x8e/0xc0 [ 170.816751][ T6974] ? __pfx_stack_trace_save+0x10/0x10 [ 170.816784][ T6974] ? stack_depot_save_flags+0x27/0x9d0 [ 170.816847][ T6974] ? kasan_save_stack+0x3f/0x50 [ 170.816892][ T6974] ? kasan_save_stack+0x30/0x50 [ 170.816940][ T6974] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 170.816985][ T6974] ? __pmd_alloc+0xbf/0x9c0 [ 170.817014][ T6974] ? __handle_mm_fault+0xa99/0x2b60 [ 170.817047][ T6974] ? handle_mm_fault+0x36d/0xa20 [ 170.817086][ T6974] ? exc_page_fault+0x6f/0xd0 [ 170.817120][ T6974] ? __get_user_4+0x14/0x20 [ 170.817166][ T6974] ? do_vfs_ioctl+0xec4/0x13e0 [ 170.817208][ T6974] ? __x64_sys_ioctl+0x114/0x210 [ 170.817257][ T6974] ? do_syscall_64+0x106/0xf80 [ 170.817290][ T6974] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 170.817343][ T6974] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 170.817399][ T6974] ? policy_nodemask+0xed/0x4f0 [ 170.817442][ T6974] alloc_pages_mpol+0x1fb/0x550 [ 170.817476][ T6974] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 170.817519][ T6974] alloc_pages_noprof+0x131/0x390 [ 170.817554][ T6974] pte_alloc_one+0x1e/0x3e0 [ 170.817592][ T6974] do_fault+0x8cc/0x1950 [ 170.817626][ T6974] ? __pmd_alloc+0x6aa/0x9c0 [ 170.817666][ T6974] __handle_mm_fault+0x180f/0x2b60 [ 170.817716][ T6974] ? mt_find+0x45e/0x8e0 [ 170.817759][ T6974] ? __pfx___handle_mm_fault+0x10/0x10 [ 170.817800][ T6974] ? __pfx_mt_find+0x10/0x10 [ 170.817864][ T6974] ? find_vma+0xbf/0x140 [ 170.817915][ T6974] ? __pfx_find_vma+0x10/0x10 [ 170.817973][ T6974] handle_mm_fault+0x36d/0xa20 [ 170.818026][ T6974] do_user_addr_fault+0x74c/0x12f0 [ 170.818092][ T6974] exc_page_fault+0x6f/0xd0 [ 170.818130][ T6974] asm_exc_page_fault+0x26/0x30 [ 170.818163][ T6974] RIP: 0010:__get_user_4+0x14/0x20 [ 170.818213][ T6974] Code: 00 00 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 48 ba 00 f0 ff ff ff 7f 00 00 48 39 d0 48 0f 47 c2 0f 01 cb <8b> 10 31 c0 0f 01 ca c3 cc cc cc cc 90 90 90 90 90 90 90 90 90 90 [ 170.818245][ T6974] RSP: 0018:ffffc9000622fd20 EFLAGS: 00050287 [ 170.818272][ T6974] RAX: 0000000000000000 RBX: ffff88802c835dc0 RCX: ffffc900065d9000 [ 170.818293][ T6974] RDX: 00007ffffffff000 RSI: ffffffff8255c271 RDI: ffffffff8c1aee20 [ 170.818314][ T6974] RBP: 1ffff92000c45fa7 R08: 0000000000000001 R09: 00000000000001c9 [ 170.818334][ T6974] R10: 0000000000000200 R11: 0000000000000000 R12: 0000000000000000 [ 170.818352][ T6974] R13: ffff888059416508 R14: 0000000000005452 R15: 0000000000005452 [ 170.818392][ T6974] ? __might_fault+0x111/0x140 [ 170.818460][ T6974] do_vfs_ioctl+0xec4/0x13e0 [ 170.818506][ T6974] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 170.818565][ T6974] ? find_held_lock+0x2b/0x80 [ 170.818594][ T6974] ? __fget_files+0x215/0x3d0 [ 170.818644][ T6974] ? hook_file_ioctl_common+0x146/0x410 [ 170.818706][ T6974] ? __fget_files+0x21f/0x3d0 [ 170.818771][ T6974] __x64_sys_ioctl+0x114/0x210 [ 170.818821][ T6974] do_syscall_64+0x106/0xf80 [ 170.818857][ T6974] ? clear_bhb_loop+0x40/0x90 [ 170.818898][ T6974] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 170.818932][ T6974] RIP: 0033:0x7f292719c629 [ 170.818960][ T6974] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 170.818990][ T6974] RSP: 002b:00007f2927fea028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 170.819020][ T6974] RAX: ffffffffffffffda RBX: 00007f2927416090 RCX: 00007f292719c629 [ 170.819041][ T6974] RDX: 0000000000000000 RSI: 0000000000005452 RDI: 0000000000000008 [ 170.819060][ T6974] RBP: 00007f2927232b39 R08: 0000000000000000 R09: 0000000000000000 [ 170.819079][ T6974] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 170.819097][ T6974] R13: 00007f2927416128 R14: 00007f2927416090 R15: 00007ffcf1419a38 [ 170.819140][ T6974] [ 170.822513][ T6976] netlink: 24 bytes leftover after parsing attributes in process `syz.2.223'. [ 173.028007][ T7017] blktrace: Concurrent blktraces are not allowed on loop2 [ 173.717849][ T7031] netlink: 24 bytes leftover after parsing attributes in process `syz.3.234'. [ 174.033881][ T7036] zram0: detected capacity change from 0 to 8 [ 175.128085][ T29] audit: type=1800 audit(1771911118.889:5): pid=7055 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.239" name="dbroot" dev="configfs" ino=13046 res=0 errno=0 [ 175.366684][ T6892] Bluetooth: hci2: Unexpected cc 0x7c89 with no status [ 176.693338][ T7076] Lens A: ================= START STATUS ================= [ 176.706390][ T7076] Lens A: Focus, Absolute: 0 [ 176.739293][ T7076] Lens A: ================== END STATUS ================== [ 176.774683][ T7085] netlink: 24 bytes leftover after parsing attributes in process `syz.2.244'. [ 178.164976][ T7019] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 178.297552][ T7019] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 178.491049][ T7110] netlink: 8 bytes leftover after parsing attributes in process `syz.0.254'. [ 178.612904][ T7019] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 178.791167][ T7116] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 178.807025][ T7116] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 178.816315][ T7116] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 178.829244][ T7116] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 178.839738][ T7116] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 178.898414][ T7019] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 179.394824][ T7115] bond0: invalid ARP target specified [ 179.517126][ T7115] netlink: 28 bytes leftover after parsing attributes in process `syz.3.256'. [ 179.574554][ T7115] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 179.600662][ T7115] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 179.628439][ T7115] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 179.637308][ T7115] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 179.637491][ T7139] FAULT_INJECTION: forcing a failure. [ 179.637491][ T7139] name failslab, interval 1, probability 0, space 0, times 0 [ 179.659373][ T7139] CPU: 1 UID: 60928 PID: 7139 Comm: syz.0.261 Tainted: G L syzkaller #0 PREEMPT(full) [ 179.659426][ T7139] Tainted: [L]=SOFTLOCKUP [ 179.659437][ T7139] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 179.659454][ T7139] Call Trace: [ 179.659463][ T7139] [ 179.659474][ T7139] dump_stack_lvl+0x100/0x190 [ 179.659528][ T7139] should_fail_ex.cold+0x5/0xa [ 179.659567][ T7139] should_failslab+0xc2/0x120 [ 179.659601][ T7139] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 179.659648][ T7139] ? alloc_empty_file+0x55/0x1c0 [ 179.659686][ T7139] ? __pfx_stack_trace_save+0x10/0x10 [ 179.659732][ T7139] alloc_empty_file+0x55/0x1c0 [ 179.659771][ T7139] path_openat+0xe8/0x31a0 [ 179.659798][ T7139] ? kasan_save_stack+0x3f/0x50 [ 179.659844][ T7139] ? kasan_save_stack+0x30/0x50 [ 179.659890][ T7139] ? kasan_save_track+0x14/0x30 [ 179.659934][ T7139] ? __kasan_slab_alloc+0x89/0x90 [ 179.659984][ T7139] ? kmem_cache_alloc_noprof+0x241/0x6e0 [ 179.660027][ T7139] ? do_getname+0x35/0x390 [ 179.660061][ T7139] ? do_sys_openat2+0xc5/0x1e0 [ 179.660096][ T7139] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 179.660137][ T7139] ? __pfx_path_openat+0x10/0x10 [ 179.660178][ T7139] do_file_open+0x20e/0x430 [ 179.660209][ T7139] ? __pfx_do_file_open+0x10/0x10 [ 179.660264][ T7139] ? alloc_fd+0x476/0x790 [ 179.660316][ T7139] ? do_getname+0x191/0x390 [ 179.660356][ T7139] do_sys_openat2+0x10d/0x1e0 [ 179.660395][ T7139] ? __pfx_do_sys_openat2+0x10/0x10 [ 179.660438][ T7139] ? __sys_sendmsg+0x18f/0x220 [ 179.660483][ T7139] __x64_sys_openat+0x12d/0x210 [ 179.660526][ T7139] ? __pfx___x64_sys_openat+0x10/0x10 [ 179.660589][ T7139] do_syscall_64+0x106/0xf80 [ 179.660624][ T7139] ? clear_bhb_loop+0x40/0x90 [ 179.660664][ T7139] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 179.660697][ T7139] RIP: 0033:0x7f292719c629 [ 179.660734][ T7139] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 179.660770][ T7139] RSP: 002b:00007f292800b028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 179.660800][ T7139] RAX: ffffffffffffffda RBX: 00007f2927415fa0 RCX: 00007f292719c629 [ 179.660825][ T7139] RDX: 0000000000000200 RSI: 0000200000001640 RDI: ffffffffffffff9c [ 179.660846][ T7139] RBP: 00007f2927232b39 R08: 0000000000000000 R09: 0000000000000000 [ 179.660865][ T7139] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 179.660883][ T7139] R13: 00007f2927416038 R14: 00007f2927415fa0 R15: 00007ffcf1419a38 [ 179.660925][ T7139] [ 180.187123][ T7113] chnl_net:caif_netlink_parms(): no params data found [ 180.363921][ T7150] netlink: 'syz.0.262': attribute type 4 has an invalid length. [ 180.374173][ T7150] netlink: 123 bytes leftover after parsing attributes in process `syz.0.262'. [ 180.498763][ T7113] bridge0: port 1(bridge_slave_0) entered blocking state [ 180.510022][ T7113] bridge0: port 1(bridge_slave_0) entered disabled state [ 180.517568][ T7113] bridge_slave_0: entered allmulticast mode [ 180.525816][ T7113] bridge_slave_0: entered promiscuous mode [ 180.541276][ T7113] bridge0: port 2(bridge_slave_1) entered blocking state [ 180.548882][ T7113] bridge0: port 2(bridge_slave_1) entered disabled state [ 180.556454][ T7113] bridge_slave_1: entered allmulticast mode [ 180.564356][ T7113] bridge_slave_1: entered promiscuous mode [ 180.646557][ T7113] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 180.684576][ T7113] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 180.771526][ T7113] team0: Port device team_slave_0 added [ 180.836881][ T7113] team0: Port device team_slave_1 added [ 180.979085][ T7113] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 180.989267][ T7113] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 181.015573][ T7113] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 181.054603][ T7113] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 181.062346][ T7113] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 181.089676][ T7113] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 181.107215][ T6892] Bluetooth: hci0: command tx timeout [ 181.249218][ T7113] hsr_slave_0: entered promiscuous mode [ 181.263144][ T7113] hsr_slave_1: entered promiscuous mode [ 181.269813][ T7113] debugfs: 'hsr0' already exists in 'hsr' [ 181.276403][ T7113] Cannot create hsr debugfs directory [ 181.324113][ T7175] netlink: 28 bytes leftover after parsing attributes in process `syz.1.266'. [ 181.631411][ T7182] netlink: 24 bytes leftover after parsing attributes in process `syz.1.268'. [ 182.147540][ T29] audit: type=1800 audit(1771911125.915:6): pid=7198 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.272" name="regulatory.db" dev="sda1" ino=448 res=0 errno=0 [ 182.168311][ T7198] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -4 [ 182.197243][ T7198] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -4 [ 182.213335][ T7198] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 182.295908][ T7198] syz.0.272 (7198) used greatest stack depth: 19296 bytes left [ 183.182936][ T6892] Bluetooth: hci0: command tx timeout [ 184.346761][ T7248] netlink: 4 bytes leftover after parsing attributes in process `syz.0.285'. [ 184.358130][ T7248] netlink: 13 bytes leftover after parsing attributes in process `syz.0.285'. [ 184.632113][ T7250] netlink: 342 bytes leftover after parsing attributes in process `syz.0.286'. [ 184.866924][ T7256] FAULT_INJECTION: forcing a failure. [ 184.866924][ T7256] name failslab, interval 1, probability 0, space 0, times 0 [ 184.893543][ T7256] CPU: 0 UID: 0 PID: 7256 Comm: syz.0.288 Tainted: G L syzkaller #0 PREEMPT(full) [ 184.893602][ T7256] Tainted: [L]=SOFTLOCKUP [ 184.893615][ T7256] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 184.893635][ T7256] Call Trace: [ 184.893646][ T7256] [ 184.893659][ T7256] dump_stack_lvl+0x100/0x190 [ 184.893718][ T7256] should_fail_ex.cold+0x5/0xa [ 184.893756][ T7256] should_failslab+0xc2/0x120 [ 184.893788][ T7256] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 184.893829][ T7256] ? do_getname+0x35/0x390 [ 184.893863][ T7256] ? strncpy_from_user+0x19d/0x2d0 [ 184.893910][ T7256] do_getname+0x35/0x390 [ 184.893945][ T7256] __x64_sys_symlink+0x66/0xb0 [ 184.893977][ T7256] do_syscall_64+0x106/0xf80 [ 184.894007][ T7256] ? clear_bhb_loop+0x40/0x90 [ 184.894040][ T7256] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 184.894069][ T7256] RIP: 0033:0x7f292719c629 [ 184.894093][ T7256] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 184.894120][ T7256] RSP: 002b:00007f292800b028 EFLAGS: 00000246 ORIG_RAX: 0000000000000058 [ 184.894147][ T7256] RAX: ffffffffffffffda RBX: 00007f2927415fa0 RCX: 00007f292719c629 [ 184.894166][ T7256] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 184.894182][ T7256] RBP: 00007f2927232b39 R08: 0000000000000000 R09: 0000000000000000 [ 184.894198][ T7256] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 184.894214][ T7256] R13: 00007f2927416038 R14: 00007f2927415fa0 R15: 00007ffcf1419a38 [ 184.894249][ T7256] [ 185.263625][ T6892] Bluetooth: hci0: command tx timeout [ 185.350702][ T7260] Invalid ELF header magic: != ELF [ 185.985513][ T7266] mkiss: ax0: crc mode is auto. [ 186.731318][ T7277] netlink: 4 bytes leftover after parsing attributes in process `syz.1.294'. [ 186.741717][ T7277] netlink: 13 bytes leftover after parsing attributes in process `syz.1.294'. [ 187.134530][ T6892] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 187.142437][ T6892] Bluetooth: hci1: Invalid handle: 0x3a4a > 0x0eff [ 187.354703][ T6892] Bluetooth: hci0: command tx timeout [ 188.108678][ T7303] ERROR: Out of memory at tomoyo_memory_ok. [ 188.307213][ T7305] netlink: 4 bytes leftover after parsing attributes in process `syz.1.302'. [ 188.319723][ T7305] netlink: 13 bytes leftover after parsing attributes in process `syz.1.302'. [ 191.309093][ T7350] futex_wake_op: syz.1.313 tries to shift op by -2048; fix this program [ 191.323336][ T7350] futex_wake_op: syz.1.313 tries to shift op by -2048; fix this program [ 193.993318][ T7116] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 194.005556][ T7116] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 194.013714][ T7116] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 194.023174][ T7116] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 194.035131][ T7116] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 194.554770][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.561261][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.709033][ T7373] chnl_net:caif_netlink_parms(): no params data found [ 194.804897][ T7389] netlink: 4 bytes leftover after parsing attributes in process `syz.0.322'. [ 194.853464][ T7389] netlink: 13 bytes leftover after parsing attributes in process `syz.0.322'. [ 194.937252][ T7373] bridge0: port 1(bridge_slave_0) entered blocking state [ 194.944620][ T7373] bridge0: port 1(bridge_slave_0) entered disabled state [ 194.952411][ T7373] bridge_slave_0: entered allmulticast mode [ 194.960666][ T7373] bridge_slave_0: entered promiscuous mode [ 194.972424][ T7373] bridge0: port 2(bridge_slave_1) entered blocking state [ 194.979928][ T7394] ERROR: Out of memory at tomoyo_memory_ok. [ 194.987013][ T7373] bridge0: port 2(bridge_slave_1) entered disabled state [ 194.994585][ T7373] bridge_slave_1: entered allmulticast mode [ 195.003275][ T7373] bridge_slave_1: entered promiscuous mode [ 195.059732][ T7373] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 195.073443][ T7373] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 195.159354][ T7373] team0: Port device team_slave_0 added [ 195.171118][ T7373] team0: Port device team_slave_1 added [ 195.231697][ T7373] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 195.239335][ T7373] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 195.283658][ T7373] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 195.297621][ T7373] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 195.307241][ T7373] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 195.340074][ T7373] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 195.462780][ T7373] hsr_slave_0: entered promiscuous mode [ 195.480738][ T7373] hsr_slave_1: entered promiscuous mode [ 195.487495][ T7373] debugfs: 'hsr0' already exists in 'hsr' [ 195.508675][ T7373] Cannot create hsr debugfs directory [ 196.068891][ T6892] Bluetooth: hci4: command tx timeout [ 197.369625][ T6892] Bluetooth: hci3: unexpected event 0x05 length: 43 > 4 [ 197.372031][ T7416] netlink: 4 bytes leftover after parsing attributes in process `syz.0.328'. [ 197.401615][ T7416] netlink: 13 bytes leftover after parsing attributes in process `syz.0.328'. [ 197.616886][ T7421] ERROR: Out of memory at tomoyo_memory_ok. [ 198.154141][ T6892] Bluetooth: hci4: command tx timeout [ 198.561807][ T7432] netlink: 4 bytes leftover after parsing attributes in process `syz.1.332'. [ 198.572218][ T7432] netlink: 13 bytes leftover after parsing attributes in process `syz.1.332'. [ 198.769149][ T7427] Invalid ELF header magic: != ELF [ 200.231206][ T6892] Bluetooth: hci4: command tx timeout [ 200.875752][ T7457] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888078000000 pfn:0x78000 [ 200.886887][ T7457] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 200.904350][ T7457] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 200.931445][ T7457] page_type: f8(unknown) [ 200.936345][ T7457] raw: 00fff00000000040 0000000000000000 dead000000000122 0000000000000000 [ 200.970399][ T7457] raw: ffff888078000000 0000000000000000 00000000f8000000 0000000000000000 [ 200.991174][ T7457] head: 00fff00000000040 0000000000000000 dead000000000122 0000000000000000 [ 201.011613][ T7457] head: ffff888078000000 0000000000000000 00000000f8000000 0000000000000000 [ 201.020464][ T7457] head: 00fff00000000003 ffffea0001e00001 00000000ffffffff 00000000ffffffff [ 201.041396][ T7457] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 201.061838][ T7457] page dumped because: unmovable page [ 201.091064][ T7457] page_owner tracks the page as allocated [ 201.101212][ T5173] ERROR: Out of memory at tomoyo_memory_ok. [ 201.126886][ T7457] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x428c0(GFP_NOWAIT|__GFP_IO|__GFP_FS|__GFP_COMP), pid 5828, tgid 5828 (syz-executor), ts 96805166611, free_ts 64582125377 [ 201.166135][ T7457] post_alloc_hook+0x153/0x170 [ 201.187075][ T7457] get_page_from_freelist+0x111d/0x3140 [ 201.187146][ T7457] __alloc_frozen_pages_noprof+0x27c/0x2ba0 [ 201.187193][ T7457] alloc_pages_mpol+0x1fb/0x550 [ 201.187225][ T7457] ___kmalloc_large_node+0x104/0x150 [ 201.187260][ T7457] __kmalloc_large_node_noprof+0x1c/0x70 [ 201.187305][ T7457] __kvmalloc_node_noprof+0x66f/0xa00 [ 201.187355][ T7457] wg_pubkey_hashtable_alloc+0x28/0xd0 [ 201.187410][ T7457] wg_newlink+0x177/0x7a0 [ 201.187447][ T7457] rtnl_newlink+0x1494/0x2380 [ 201.187483][ T7457] rtnetlink_rcv_msg+0x95e/0xe90 [ 201.187530][ T7457] netlink_rcv_skb+0x159/0x420 [ 201.187571][ T7457] netlink_unicast+0x5aa/0x870 [ 201.187609][ T7457] netlink_sendmsg+0x8b0/0xda0 [ 201.187648][ T7457] __sys_sendto+0x4aa/0x520 [ 201.187679][ T7457] __x64_sys_sendto+0xe0/0x1c0 [ 201.187711][ T7457] page last free pid 5485 tgid 5485 stack trace: [ 201.187733][ T7457] __free_frozen_pages+0x7e1/0x10d0 [ 201.187771][ T7457] qlist_free_all+0x47/0xe0 [ 201.187816][ T7457] kasan_quarantine_reduce+0x1a0/0x1f0 [ 201.187866][ T7457] __kasan_slab_alloc+0x69/0x90 [ 201.187917][ T7457] kmem_cache_alloc_node_noprof+0x25a/0x6f0 [ 201.187967][ T7457] __alloc_skb+0x140/0x710 [ 201.187998][ T7457] alloc_skb_with_frags+0xe0/0x810 [ 201.188039][ T7457] sock_alloc_send_pskb+0x801/0x980 [ 201.188093][ T7457] unix_dgram_sendmsg+0x3c7/0x1820 [ 201.188140][ T7457] unix_seqpacket_sendmsg+0x12a/0x1d0 [ 201.188186][ T7457] sock_write_iter+0x566/0x610 [ 201.188231][ T7457] do_iter_readv_writev+0x6ee/0x920 [ 201.188286][ T7457] vfs_writev+0x360/0xe10 [ 201.188347][ T7457] do_writev+0x28a/0x340 [ 201.188399][ T7457] do_syscall_64+0x106/0xf80 [ 201.188433][ T7457] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 201.251677][ T7459] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888078000000 pfn:0x78000 [ 201.251767][ T7459] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 201.251797][ T7459] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 201.251828][ T7459] page_type: f8(unknown) [ 201.251857][ T7459] raw: 00fff00000000040 0000000000000000 dead000000000122 0000000000000000 [ 201.251890][ T7459] raw: ffff888078000000 0000000000000000 00000000f8000000 0000000000000000 [ 201.251913][ T7459] head: 00fff00000000040 0000000000000000 dead000000000122 0000000000000000 [ 201.251935][ T7459] head: ffff888078000000 0000000000000000 00000000f8000000 0000000000000000 [ 201.251958][ T7459] head: 00fff00000000003 ffffea0001e00001 00000000ffffffff 00000000ffffffff [ 201.251981][ T7459] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 201.251996][ T7459] page dumped because: unmovable page [ 201.252009][ T7459] page_owner tracks the page as allocated [ 201.252020][ T7459] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x428c0(GFP_NOWAIT|__GFP_IO|__GFP_FS|__GFP_COMP), pid 5828, tgid 5828 (syz-executor), ts 96805166611, free_ts 64582125377 [ 201.252061][ T7459] post_alloc_hook+0x153/0x170 [ 201.252096][ T7459] get_page_from_freelist+0x111d/0x3140 [ 201.252128][ T7459] __alloc_frozen_pages_noprof+0x27c/0x2ba0 [ 201.252162][ T7459] alloc_pages_mpol+0x1fb/0x550 [ 201.252184][ T7459] ___kmalloc_large_node+0x104/0x150 [ 201.252209][ T7459] __kmalloc_large_node_noprof+0x1c/0x70 [ 201.252234][ T7459] __kvmalloc_node_noprof+0x66f/0xa00 [ 201.252275][ T7459] wg_pubkey_hashtable_alloc+0x28/0xd0 [ 201.252314][ T7459] wg_newlink+0x177/0x7a0 [ 201.252340][ T7459] rtnl_newlink+0x1494/0x2380 [ 201.252371][ T7459] rtnetlink_rcv_msg+0x95e/0xe90 [ 201.252398][ T7459] netlink_rcv_skb+0x159/0x420 [ 201.252426][ T7459] netlink_unicast+0x5aa/0x870 [ 201.252454][ T7459] netlink_sendmsg+0x8b0/0xda0 [ 201.252481][ T7459] __sys_sendto+0x4aa/0x520 [ 201.252503][ T7459] __x64_sys_sendto+0xe0/0x1c0 [ 201.252525][ T7459] page last free pid 5485 tgid 5485 stack trace: [ 201.252539][ T7459] __free_frozen_pages+0x7e1/0x10d0 [ 201.252566][ T7459] qlist_free_all+0x47/0xe0 [ 201.252598][ T7459] kasan_quarantine_reduce+0x1a0/0x1f0 [ 201.252631][ T7459] __kasan_slab_alloc+0x69/0x90 [ 201.252667][ T7459] kmem_cache_alloc_node_noprof+0x25a/0x6f0 [ 201.252702][ T7459] __alloc_skb+0x140/0x710 [ 201.252724][ T7459] alloc_skb_with_frags+0xe0/0x810 [ 201.252752][ T7459] sock_alloc_send_pskb+0x801/0x980 [ 201.252789][ T7459] unix_dgram_sendmsg+0x3c7/0x1820 [ 201.252822][ T7459] unix_seqpacket_sendmsg+0x12a/0x1d0 [ 201.252855][ T7459] sock_write_iter+0x566/0x610 [ 201.252887][ T7459] do_iter_readv_writev+0x6ee/0x920 [ 201.252919][ T7459] vfs_writev+0x360/0xe10 [ 201.252952][ T7459] do_writev+0x28a/0x340 [ 201.252984][ T7459] do_syscall_64+0x106/0xf80 [ 201.253009][ T7459] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 202.253130][ T7465] openvswitch: netlink: VXLAN extension message has 4 unknown bytes. [ 202.272842][ T7465] input: 9%vJ,6/rk [ 202.272842][ T7465] ltx b6>94Y#z as /devices/virtual/input/input7 [ 202.311995][ T6892] Bluetooth: hci4: command tx timeout [ 202.517417][ T7469] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input8 [ 202.532621][ T5176] ERROR: Out of memory at tomoyo_memory_ok. [ 203.658011][ T6892] Bluetooth: hci3: unexpected event 0x05 length: 43 > 4 [ 203.740671][ T7486] nbd: must specify at least one socket [ 205.350625][ T7509] ERROR: Out of memory at tomoyo_memory_ok. [ 206.134144][ T7521] zswap: compressor not available [ 206.325656][ T7523] zswap: compressor not available [ 206.816481][ T7537] netlink: 4 bytes leftover after parsing attributes in process `syz.0.358'. [ 206.825987][ T7537] netlink: 4 bytes leftover after parsing attributes in process `syz.0.358'. [ 206.899596][ T7537] binder: 7536:7537 ioctl 40186210 9 returned -22 [ 206.994034][ T7542] netlink: 330 bytes leftover after parsing attributes in process `syz.1.359'. [ 207.005495][ T7542] mac80211_hwsim hwsim6 : renamed from wlan0 (while UP) [ 207.488527][ T6892] Bluetooth: hci3: unexpected event 0x05 length: 43 > 4 [ 208.624722][ T7567] netlink: 24 bytes leftover after parsing attributes in process `syz.0.365'. [ 211.282718][ T7606] netlink: 24 bytes leftover after parsing attributes in process `syz.0.373'. [ 212.755938][ T7634] netlink: 24 bytes leftover after parsing attributes in process `syz.1.381'. [ 213.911727][ T7655] : entered promiscuous mode [ 215.948467][ T7674] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input9 [ 216.079739][ T5176] ERROR: Out of memory at tomoyo_memory_ok. [ 216.307610][ T7675] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input10 [ 216.410007][ T29] audit: type=1804 audit(1771911160.158:7): pid=7677 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.392" name="file0" dev="tmpfs" ino=668 res=1 errno=0 [ 216.859435][ T7685] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 216.865842][ T7685] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 216.888081][ T7685] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 216.952100][ T7685] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 216.969828][ T7685] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 216.996336][ T7685] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 217.002426][ T7687] Invalid ELF header magic: != ELF [ 217.042581][ T7685] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 217.060105][ T7685] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 217.071397][ T7685] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 217.085655][ T7685] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 217.092860][ T7685] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 217.104746][ T7685] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 217.115928][ T7685] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 217.125307][ T7685] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 217.164055][ T7685] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 218.885541][ T7116] Bluetooth: hci1: command 0x0c1a tx timeout [ 218.960958][ T7116] Bluetooth: hci2: command 0x0c1a tx timeout [ 219.120899][ T7116] Bluetooth: hci4: command 0x0c1a tx timeout [ 219.127070][ T7116] Bluetooth: hci0: command 0x0c1a tx timeout [ 219.133189][ T6892] Bluetooth: hci3: command 0x0c1a tx timeout [ 219.422627][ T7722] futex_wake_op: syz.0.402 tries to shift op by -2048; fix this program [ 219.473991][ T7721] 0x000000000001-0x000000020000 : "" [ 219.501070][ T7721] ftl_cs: FTL header corrupt! [ 219.560682][ T7722] netlink: 4 bytes leftover after parsing attributes in process `syz.0.402'. [ 219.639779][ T7721] netlink: 5 bytes leftover after parsing attributes in process `syz.0.402'. [ 219.655766][ T7717] delete_channel: no stack [ 219.683195][ T7723] ERROR: Out of memory at tomoyo_memory_ok. [ 220.274943][ T7743] syz.1.408 uses obsolete (PF_INET,SOCK_PACKET) [ 220.634325][ T7757] netlink: 28 bytes leftover after parsing attributes in process `syz.1.411'. [ 220.961505][ T7116] Bluetooth: hci1: command 0x0c1a tx timeout [ 221.041391][ T7116] Bluetooth: hci2: command 0x0c1a tx timeout [ 221.202161][ T7116] Bluetooth: hci0: command 0x0c1a tx timeout [ 221.208369][ T6904] Bluetooth: hci3: command 0x0c1a tx timeout [ 221.214908][ T6904] Bluetooth: hci4: command 0x0c1a tx timeout [ 222.084298][ T7116] Bluetooth: hci3: unexpected event 0x05 length: 43 > 4 [ 222.405436][ T7783] netlink: 334 bytes leftover after parsing attributes in process `syz.1.418'. [ 223.042776][ T7116] Bluetooth: hci1: command 0x0c1a tx timeout [ 223.065985][ T7792] Invalid ELF header magic: != ELF [ 223.122558][ T7116] Bluetooth: hci2: command 0x0c1a tx timeout [ 223.283419][ T7116] Bluetooth: hci0: command 0x0c1a tx timeout [ 223.289542][ T7116] Bluetooth: hci4: command 0x0c1a tx timeout [ 223.296465][ T7767] Bluetooth: hci3: command 0x0c1a tx timeout [ 225.400463][ T7833] capability: warning: `syz.1.436' uses 32-bit capabilities (legacy support in use) [ 227.628754][ T7871] netlink: 40 bytes leftover after parsing attributes in process `syz.0.444'. [ 227.708453][ T7873] netlink: 40 bytes leftover after parsing attributes in process `syz.0.445'. [ 230.158274][ T7920] netlink: 222 bytes leftover after parsing attributes in process `syz.0.458'. [ 230.289342][ T7924] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 238.848007][ T7767] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 238.868279][ T7767] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 238.882621][ T7767] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 238.901742][ T7767] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 238.909692][ T7767] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 239.307662][ T8028] chnl_net:caif_netlink_parms(): no params data found [ 239.529028][ T8028] bridge0: port 1(bridge_slave_0) entered blocking state [ 239.550735][ T8028] bridge0: port 1(bridge_slave_0) entered disabled state [ 239.558092][ T8028] bridge_slave_0: entered allmulticast mode [ 239.573030][ T8028] bridge_slave_0: entered promiscuous mode [ 239.593136][ T8028] bridge0: port 2(bridge_slave_1) entered blocking state [ 239.600385][ T8028] bridge0: port 2(bridge_slave_1) entered disabled state [ 239.611103][ T8028] bridge_slave_1: entered allmulticast mode [ 239.619385][ T8028] bridge_slave_1: entered promiscuous mode [ 239.700068][ T8028] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 239.725397][ T8028] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 239.799146][ T8028] team0: Port device team_slave_0 added [ 239.808693][ T8028] team0: Port device team_slave_1 added [ 239.857114][ T8028] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 239.864419][ T8028] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 239.891202][ T8028] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 239.906339][ T8028] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 239.913650][ T8028] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 239.940569][ T8028] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 240.010297][ T8028] hsr_slave_0: entered promiscuous mode [ 240.022356][ T8028] hsr_slave_1: entered promiscuous mode [ 240.028977][ T8028] debugfs: 'hsr0' already exists in 'hsr' [ 240.040829][ T8028] Cannot create hsr debugfs directory [ 240.971564][ T7767] Bluetooth: hci5: command tx timeout [ 243.052375][ T7767] Bluetooth: hci5: command tx timeout [ 245.133968][ T7767] Bluetooth: hci5: command tx timeout [ 247.214752][ T7116] Bluetooth: hci5: command tx timeout [ 249.504165][ T7767] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 249.513977][ T7767] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 249.528680][ T7767] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 249.559256][ T7767] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 249.567656][ T7767] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 249.627703][ T8075] zswap: compressor not available [ 249.660707][ T8080] sctp: [Deprecated]: syz.0.494 (pid 8080) Use of int in max_burst socket option deprecated. [ 249.660707][ T8080] Use struct sctp_assoc_value instead [ 250.124443][ T8077] chnl_net:caif_netlink_parms(): no params data found [ 250.764652][ T8077] bridge0: port 1(bridge_slave_0) entered blocking state [ 250.796375][ T8077] bridge0: port 1(bridge_slave_0) entered disabled state [ 250.803795][ T8077] bridge_slave_0: entered allmulticast mode [ 250.829139][ T8077] bridge_slave_0: entered promiscuous mode [ 250.965941][ T8077] bridge0: port 2(bridge_slave_1) entered blocking state [ 250.977172][ T8077] bridge0: port 2(bridge_slave_1) entered disabled state [ 250.984635][ T8077] bridge_slave_1: entered allmulticast mode [ 251.008618][ T8077] bridge_slave_1: entered promiscuous mode [ 251.254263][ T8077] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 251.291575][ T8077] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 251.424029][ T8077] team0: Port device team_slave_0 added [ 251.469108][ T8077] team0: Port device team_slave_1 added [ 251.540172][ T8077] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 251.552108][ T8077] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 251.586657][ T8077] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 251.600212][ T8077] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 251.616972][ T7767] Bluetooth: hci6: command tx timeout [ 251.620549][ T8077] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 251.678032][ T8077] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 251.841886][ T8077] hsr_slave_0: entered promiscuous mode [ 251.868392][ T8077] hsr_slave_1: entered promiscuous mode [ 251.876089][ T8077] debugfs: 'hsr0' already exists in 'hsr' [ 251.896759][ T8077] Cannot create hsr debugfs directory [ 253.701478][ T7767] Bluetooth: hci6: command tx timeout [ 253.780980][ T8102] netlink: 28 bytes leftover after parsing attributes in process `syz.0.498'. [ 254.203740][ T7116] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 254.212806][ T7116] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 254.220868][ T7116] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 254.229579][ T7116] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 254.239867][ T7116] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 254.574802][ T8114] netlink: 32 bytes leftover after parsing attributes in process `syz.0.500'. [ 254.696443][ T8108] chnl_net:caif_netlink_parms(): no params data found [ 254.863500][ T8108] bridge0: port 1(bridge_slave_0) entered blocking state [ 254.871248][ T8108] bridge0: port 1(bridge_slave_0) entered disabled state [ 254.879935][ T8108] bridge_slave_0: entered allmulticast mode [ 254.888376][ T8108] bridge_slave_0: entered promiscuous mode [ 254.897611][ T8108] bridge0: port 2(bridge_slave_1) entered blocking state [ 254.905544][ T8108] bridge0: port 2(bridge_slave_1) entered disabled state [ 254.913077][ T8108] bridge_slave_1: entered allmulticast mode [ 254.921269][ T8108] bridge_slave_1: entered promiscuous mode [ 254.979932][ T8108] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 254.993882][ T8108] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 255.113611][ T8108] team0: Port device team_slave_0 added [ 255.145852][ T8108] team0: Port device team_slave_1 added [ 255.207615][ T8108] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 255.214728][ T8108] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 255.247719][ T8108] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 255.289777][ T8108] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 255.296797][ T8108] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 255.338637][ T8108] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 255.500919][ T8108] hsr_slave_0: entered promiscuous mode [ 255.508111][ T8108] hsr_slave_1: entered promiscuous mode [ 255.529928][ T8108] debugfs: 'hsr0' already exists in 'hsr' [ 255.549043][ T8108] Cannot create hsr debugfs directory [ 255.778892][ T7116] Bluetooth: hci6: command tx timeout [ 256.024132][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 256.030564][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.339244][ T7116] Bluetooth: hci7: command tx timeout [ 257.859892][ T7116] Bluetooth: hci6: command tx timeout [ 258.420076][ T7116] Bluetooth: hci7: command tx timeout [ 259.252972][ T7116] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 259.264614][ T7116] Bluetooth: hci3: Invalid handle: 0x3a4a > 0x0eff [ 260.501229][ T7767] Bluetooth: hci7: command tx timeout [ 262.582343][ T7116] Bluetooth: hci7: command tx timeout [ 263.909533][ T8185] Line length is too long: Should be less than 4094 [ 264.001344][ T8185] FAULT_INJECTION: forcing a failure. [ 264.001344][ T8185] name failslab, interval 1, probability 0, space 0, times 0 [ 264.014504][ T8185] CPU: 1 UID: 0 PID: 8185 Comm: syz.0.512 Tainted: G L syzkaller #0 PREEMPT(full) [ 264.014541][ T8185] Tainted: [L]=SOFTLOCKUP [ 264.014549][ T8185] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 264.014569][ T8185] Call Trace: [ 264.014577][ T8185] [ 264.014588][ T8185] dump_stack_lvl+0x100/0x190 [ 264.014631][ T8185] should_fail_ex.cold+0x5/0xa [ 264.014659][ T8185] should_failslab+0xc2/0x120 [ 264.014681][ T8185] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 264.014716][ T8185] ? __kernfs_new_node+0xd2/0x960 [ 264.014753][ T8185] __kernfs_new_node+0xd2/0x960 [ 264.014788][ T8185] ? __pfx___kernfs_new_node+0x10/0x10 [ 264.014829][ T8185] ? find_held_lock+0x2b/0x80 [ 264.014850][ T8185] ? kernfs_root+0xee/0x2a0 [ 264.014879][ T8185] ? kernfs_root+0xee/0x2a0 [ 264.014917][ T8185] kernfs_new_node+0x11b/0x1a0 [ 264.014957][ T8185] __kernfs_create_file+0x53/0x350 [ 264.014986][ T8185] sysfs_add_file_mode_ns+0x207/0x3c0 [ 264.015022][ T8185] internal_create_group+0x593/0xf40 [ 264.015062][ T8185] ? __pfx_internal_create_group+0x10/0x10 [ 264.015108][ T8185] ? kernfs_create_link+0x1bd/0x240 [ 264.015137][ T8185] internal_create_groups+0x9d/0x150 [ 264.015173][ T8185] device_add+0x7c8/0x1950 [ 264.015215][ T8185] ? __pfx_device_add+0x10/0x10 [ 264.015251][ T8185] ? lockdep_init_map_type+0x5c/0x250 [ 264.015283][ T8185] ? __init_waitqueue_head+0xca/0x150 [ 264.015325][ T8185] netdev_register_kobject+0x1a9/0x3d0 [ 264.015362][ T8185] register_netdevice+0x12e0/0x2210 [ 264.015396][ T8185] ? idr_alloc+0xdd/0x130 [ 264.015420][ T8185] ? __pfx_register_netdevice+0x10/0x10 [ 264.015448][ T8185] ? net_generic+0xea/0x2a0 [ 264.015478][ T8185] ppp_dev_configure+0x986/0xcb0 [ 264.015509][ T8185] ppp_ioctl+0x985/0x2800 [ 264.015537][ T8185] ? find_held_lock+0x2b/0x80 [ 264.015558][ T8185] ? __pfx_ppp_ioctl+0x10/0x10 [ 264.015589][ T8185] ? __fget_files+0x21f/0x3d0 [ 264.015630][ T8185] ? __pfx_ppp_ioctl+0x10/0x10 [ 264.015657][ T8185] __x64_sys_ioctl+0x18e/0x210 [ 264.015692][ T8185] do_syscall_64+0x106/0xf80 [ 264.015717][ T8185] ? clear_bhb_loop+0x40/0x90 [ 264.015746][ T8185] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 264.015771][ T8185] RIP: 0033:0x7f292719c629 [ 264.015791][ T8185] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 264.015814][ T8185] RSP: 002b:00007f292800b028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 264.015844][ T8185] RAX: ffffffffffffffda RBX: 00007f2927415fa0 RCX: 00007f292719c629 [ 264.015860][ T8185] RDX: 0000000000000000 RSI: 00000000c004743e RDI: 000000000000000e [ 264.015874][ T8185] RBP: 00007f2927232b39 R08: 0000000000000000 R09: 0000000000000000 [ 264.015888][ T8185] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 264.015902][ T8185] R13: 00007f2927416038 R14: 00007f2927415fa0 R15: 00007ffcf1419a38 [ 264.015933][ T8185] [ 264.504468][ T8189] FAULT_INJECTION: forcing a failure. [ 264.504468][ T8189] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 264.517834][ T8189] CPU: 0 UID: 0 PID: 8189 Comm: syz.0.513 Tainted: G L syzkaller #0 PREEMPT(full) [ 264.517871][ T8189] Tainted: [L]=SOFTLOCKUP [ 264.517879][ T8189] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 264.517893][ T8189] Call Trace: [ 264.517901][ T8189] [ 264.517910][ T8189] dump_stack_lvl+0x100/0x190 [ 264.517958][ T8189] should_fail_ex.cold+0x5/0xa [ 264.517983][ T8189] ? prepare_alloc_pages+0x16d/0x5f0 [ 264.518010][ T8189] should_fail_alloc_page+0xeb/0x140 [ 264.518036][ T8189] prepare_alloc_pages+0x1f0/0x5f0 [ 264.518066][ T8189] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 264.518102][ T8189] ? set_next_entity+0x11b/0x9c0 [ 264.518142][ T8189] ? __lock_acquire+0x4a5/0x2630 [ 264.518176][ T8189] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 264.518212][ T8189] ? __lock_acquire+0x4a5/0x2630 [ 264.518244][ T8189] ? __lock_acquire+0x4a5/0x2630 [ 264.518279][ T8189] ? lock_acquire+0x1cf/0x380 [ 264.518308][ T8189] ? find_held_lock+0x2b/0x80 [ 264.518329][ T8189] ? page_table_check_set+0x49a/0xa10 [ 264.518365][ T8189] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 264.518406][ T8189] ? policy_nodemask+0xed/0x4f0 [ 264.518431][ T8189] alloc_pages_mpol+0x1fb/0x550 [ 264.518455][ T8189] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 264.518479][ T8189] ? __pfx___page_table_check_ptes_set+0x10/0x10 [ 264.518523][ T8189] alloc_pages_noprof+0x131/0x390 [ 264.518547][ T8189] pte_alloc_one+0x1e/0x3e0 [ 264.518574][ T8189] __pte_alloc+0x6d/0x3f0 [ 264.518595][ T8189] ? __pfx___pte_alloc+0x10/0x10 [ 264.518616][ T8189] ? find_held_lock+0x2b/0x80 [ 264.518636][ T8189] ? find_held_lock+0x2b/0x80 [ 264.518656][ T8189] ? walk_to_pmd+0x302/0x4c0 [ 264.518683][ T8189] get_locked_pte+0xa1/0xc0 [ 264.518710][ T8189] insert_page+0xcc/0x220 [ 264.518736][ T8189] ? __pfx_insert_page+0x10/0x10 [ 264.518760][ T8189] ? __pfx_down_read_trylock+0x10/0x10 [ 264.518813][ T8189] vm_insert_page+0x2c0/0x400 [ 264.518847][ T8189] kcov_mmap+0xca/0x130 [ 264.518891][ T8189] __mmap_region+0x1443/0x29e0 [ 264.518925][ T8189] ? lock_acquire+0x1cf/0x380 [ 264.518956][ T8189] ? __pfx___mmap_region+0x10/0x10 [ 264.518993][ T8189] ? ima_match_policy+0x8c4/0x2350 [ 264.519056][ T8189] ? find_held_lock+0x2b/0x80 [ 264.519076][ T8189] ? process_measurement+0x4c8/0x2350 [ 264.519105][ T8189] ? process_measurement+0x4c8/0x2350 [ 264.519146][ T8189] ? process_measurement+0x1f4/0x2350 [ 264.519224][ T8189] mmap_region+0x30a/0x3e0 [ 264.519262][ T8189] do_mmap+0xc63/0x12f0 [ 264.519291][ T8189] ? __pfx_do_mmap+0x10/0x10 [ 264.519315][ T8189] ? __pfx_down_write_killable+0x10/0x10 [ 264.519352][ T8189] vm_mmap_pgoff+0x29e/0x470 [ 264.519382][ T8189] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 264.519404][ T8189] ? __fget_files+0x215/0x3d0 [ 264.519446][ T8189] ? __fget_files+0x21f/0x3d0 [ 264.519488][ T8189] ksys_mmap_pgoff+0x3c8/0x650 [ 264.519510][ T8189] ? __x64_sys_futex+0x34f/0x4d0 [ 264.519539][ T8189] ? __x64_sys_futex+0x358/0x4d0 [ 264.519569][ T8189] ? __pfx_ksys_mmap_pgoff+0x10/0x10 [ 264.519591][ T8189] ? xfd_validate_state+0x129/0x190 [ 264.519629][ T8189] __x64_sys_mmap+0x125/0x190 [ 264.519666][ T8189] do_syscall_64+0x106/0xf80 [ 264.519691][ T8189] ? clear_bhb_loop+0x40/0x90 [ 264.519719][ T8189] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 264.519743][ T8189] RIP: 0033:0x7f292719c629 [ 264.519763][ T8189] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 264.519785][ T8189] RSP: 002b:00007f292800b028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 264.519812][ T8189] RAX: ffffffffffffffda RBX: 00007f2927415fa0 RCX: 00007f292719c629 [ 264.519827][ T8189] RDX: 0000000000000007 RSI: 00000000003fffff RDI: 0000000000012000 [ 264.519840][ T8189] RBP: 00007f2927232b39 R08: 00000000000000dd R09: 0000000000000000 [ 264.519854][ T8189] R10: 0000000000000011 R11: 0000000000000246 R12: 0000000000000000 [ 264.519867][ T8189] R13: 00007f2927416038 R14: 00007f2927415fa0 R15: 00007ffcf1419a38 [ 264.519897][ T8189] [ 264.519918][ T8189] kcov: kcov: vm_insert_page() failed [ 265.076377][ T8192] block2mtd: error: cannot open device inX±jFBB>U;߸Ilk [ 281.203358][ T7767] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 281.218125][ T7767] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 281.228458][ T7767] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 281.237194][ T7767] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 281.245089][ T7767] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 281.428712][ T8203] chnl_net:caif_netlink_parms(): no params data found [ 281.515481][ T8203] bridge0: port 1(bridge_slave_0) entered blocking state [ 281.522895][ T8203] bridge0: port 1(bridge_slave_0) entered disabled state [ 281.530162][ T8203] bridge_slave_0: entered allmulticast mode [ 281.538281][ T8203] bridge_slave_0: entered promiscuous mode [ 281.549550][ T8203] bridge0: port 2(bridge_slave_1) entered blocking state [ 281.561455][ T8203] bridge0: port 2(bridge_slave_1) entered disabled state [ 281.568932][ T8203] bridge_slave_1: entered allmulticast mode [ 281.576851][ T8203] bridge_slave_1: entered promiscuous mode [ 281.612983][ T8203] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 281.625601][ T8203] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 281.661305][ T8203] team0: Port device team_slave_0 added [ 281.669934][ T8203] team0: Port device team_slave_1 added [ 281.701182][ T8203] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 281.708233][ T8203] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 281.734429][ T8203] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 281.746966][ T8203] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 281.754031][ T8203] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 281.780438][ T8203] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 281.831904][ T8203] hsr_slave_0: entered promiscuous mode [ 281.838567][ T8203] hsr_slave_1: entered promiscuous mode [ 281.845091][ T8203] debugfs: 'hsr0' already exists in 'hsr' [ 281.850839][ T8203] Cannot create hsr debugfs directory [ 283.312600][ T7116] Bluetooth: hci1: command tx timeout [ 285.393650][ T7116] Bluetooth: hci1: command tx timeout [ 287.474751][ T7116] Bluetooth: hci1: command tx timeout [ 289.555747][ T7116] Bluetooth: hci1: command tx timeout [ 299.201726][ T7767] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1 [ 299.211139][ T7767] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9 [ 299.224487][ T7767] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9 [ 299.232568][ T7767] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4 [ 299.240242][ T7767] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2 [ 299.423632][ T8213] chnl_net:caif_netlink_parms(): no params data found [ 299.509238][ T8213] bridge0: port 1(bridge_slave_0) entered blocking state [ 299.516661][ T8213] bridge0: port 1(bridge_slave_0) entered disabled state [ 299.525687][ T8213] bridge_slave_0: entered allmulticast mode [ 299.533504][ T8213] bridge_slave_0: entered promiscuous mode [ 299.542288][ T8213] bridge0: port 2(bridge_slave_1) entered blocking state [ 299.549467][ T8213] bridge0: port 2(bridge_slave_1) entered disabled state [ 299.560254][ T8213] bridge_slave_1: entered allmulticast mode [ 299.571474][ T8213] bridge_slave_1: entered promiscuous mode [ 299.606590][ T8213] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 299.619631][ T8213] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 299.656582][ T8213] team0: Port device team_slave_0 added [ 299.667994][ T8213] team0: Port device team_slave_1 added [ 299.697766][ T8213] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 299.704915][ T8213] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 299.733537][ T8213] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 299.746993][ T8213] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 299.754356][ T8213] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 299.783357][ T8213] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 299.835449][ T8213] hsr_slave_0: entered promiscuous mode [ 299.842283][ T8213] hsr_slave_1: entered promiscuous mode [ 299.848583][ T8213] debugfs: 'hsr0' already exists in 'hsr' [ 299.854444][ T8213] Cannot create hsr debugfs directory [ 301.321871][ T7767] Bluetooth: hci8: command tx timeout [ 303.402860][ T7767] Bluetooth: hci8: command tx timeout [ 305.483915][ T7767] Bluetooth: hci8: command tx timeout [ 307.564933][ T7767] Bluetooth: hci8: command tx timeout [ 309.710613][ T7116] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1 [ 309.729979][ T7116] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9 [ 309.739734][ T7116] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9 [ 309.747998][ T7116] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4 [ 309.757235][ T7116] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2 [ 309.942780][ T8223] chnl_net:caif_netlink_parms(): no params data found [ 310.030765][ T8223] bridge0: port 1(bridge_slave_0) entered blocking state [ 310.038141][ T8223] bridge0: port 1(bridge_slave_0) entered disabled state [ 310.045678][ T8223] bridge_slave_0: entered allmulticast mode [ 310.053414][ T8223] bridge_slave_0: entered promiscuous mode [ 310.062327][ T8223] bridge0: port 2(bridge_slave_1) entered blocking state [ 310.069676][ T8223] bridge0: port 2(bridge_slave_1) entered disabled state [ 310.078228][ T8223] bridge_slave_1: entered allmulticast mode [ 310.086033][ T8223] bridge_slave_1: entered promiscuous mode [ 310.120390][ T8223] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 310.134230][ T8223] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 310.170643][ T8223] team0: Port device team_slave_0 added [ 310.180719][ T8223] team0: Port device team_slave_1 added [ 310.211619][ T8223] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 310.218703][ T8223] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 310.245351][ T8223] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 310.258158][ T8223] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 310.265126][ T8223] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 310.292788][ T8223] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 310.342845][ T8223] hsr_slave_0: entered promiscuous mode [ 310.350533][ T8223] hsr_slave_1: entered promiscuous mode [ 310.357624][ T8223] debugfs: 'hsr0' already exists in 'hsr' [ 310.363473][ T8223] Cannot create hsr debugfs directory [ 311.807171][ T7116] Bluetooth: hci9: command tx timeout [ 313.888160][ T7116] Bluetooth: hci9: command tx timeout [ 314.216184][ T7767] Bluetooth: hci10: unexpected cc 0x0c03 length: 249 > 1 [ 314.225749][ T7767] Bluetooth: hci10: unexpected cc 0x1003 length: 249 > 9 [ 314.234461][ T7767] Bluetooth: hci10: unexpected cc 0x1001 length: 249 > 9 [ 314.243144][ T7767] Bluetooth: hci10: unexpected cc 0x0c23 length: 249 > 4 [ 314.250966][ T7767] Bluetooth: hci10: unexpected cc 0x0c38 length: 249 > 2 [ 314.440302][ T8233] chnl_net:caif_netlink_parms(): no params data found [ 314.528971][ T8233] bridge0: port 1(bridge_slave_0) entered blocking state [ 314.536152][ T8233] bridge0: port 1(bridge_slave_0) entered disabled state [ 314.543657][ T8233] bridge_slave_0: entered allmulticast mode [ 314.551340][ T8233] bridge_slave_0: entered promiscuous mode [ 314.560191][ T8233] bridge0: port 2(bridge_slave_1) entered blocking state [ 314.567348][ T8233] bridge0: port 2(bridge_slave_1) entered disabled state [ 314.575147][ T8233] bridge_slave_1: entered allmulticast mode [ 314.584374][ T8233] bridge_slave_1: entered promiscuous mode [ 314.620240][ T8233] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 314.633087][ T8233] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 314.667240][ T8233] team0: Port device team_slave_0 added [ 314.675888][ T8233] team0: Port device team_slave_1 added [ 314.707579][ T8233] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 314.714656][ T8233] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 314.741804][ T8233] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 314.754589][ T8233] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 314.761719][ T8233] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 314.789367][ T8233] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 314.840685][ T8233] hsr_slave_0: entered promiscuous mode [ 314.847388][ T8233] hsr_slave_1: entered promiscuous mode [ 314.854634][ T8233] debugfs: 'hsr0' already exists in 'hsr' [ 314.860532][ T8233] Cannot create hsr debugfs directory [ 315.969060][ T7767] Bluetooth: hci9: command tx timeout [ 316.289084][ T7767] Bluetooth: hci10: command tx timeout [ 317.493298][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.499862][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 318.051849][ T7767] Bluetooth: hci9: command tx timeout [ 318.370118][ T7767] Bluetooth: hci10: command tx timeout [ 320.451211][ T7767] Bluetooth: hci10: command tx timeout [ 322.532210][ T7767] Bluetooth: hci10: command tx timeout [ 337.339807][ T30] INFO: task kworker/u10:5:7019 blocked for more than 143 seconds. [ 337.348249][ T30] Tainted: G L syzkaller #0 [ 337.354916][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 337.363681][ T30] task:kworker/u10:5 state:D stack:24888 pid:7019 tgid:7019 ppid:2 task_flags:0x4208060 flags:0x00080000 [ 337.375899][ T30] Workqueue: netns cleanup_net [ 337.380830][ T30] Call Trace: [ 337.384128][ T30] SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 337.387076][ T30] __schedule+0xfee/0x60e0 [ 337.391613][ T30] ? __lock_acquire+0x4a5/0x2630 [ 337.396644][ T30] ? __pfx___schedule+0x10/0x10 [ 337.401735][ T30] ? find_held_lock+0x2b/0x80 [ 337.406461][ T30] ? schedule+0x2bf/0x390 [ 337.410975][ T30] schedule+0xdd/0x390 [ 337.415102][ T30] schedule_timeout+0x1b2/0x280 [ 337.420189][ T30] ? __pfx_schedule_timeout+0x10/0x10 [ 337.425643][ T30] ? mark_held_locks+0x40/0x70 [ 337.431503][ T30] __wait_for_common+0x2e7/0x4c0 [ 337.436531][ T30] ? __pfx_schedule_timeout+0x10/0x10 [ 337.442327][ T30] ? __pfx___wait_for_common+0x10/0x10 [ 337.447859][ T30] remove_one+0x312/0x420 [ 337.452734][ T30] ? find_next_child+0x18f/0x280 [ 337.457747][ T30] __simple_recursive_removal+0x148/0x5c0 [ 337.463973][ T30] ? __pfx_remove_one+0x10/0x10 [ 337.468909][ T30] debugfs_remove+0x5d/0x80 [ 337.473976][ T30] nsim_dev_health_exit+0x3b/0xe0 [ 337.479078][ T30] nsim_dev_reload_destroy+0x144/0x4a0 [ 337.485013][ T30] nsim_dev_reload_down+0x66/0xd0 [ 337.490434][ T30] devlink_reload+0x173/0x790 [ 337.495190][ T30] ? __pfx_devlink_reload+0x10/0x10 [ 337.500930][ T30] devlink_pernet_pre_exit+0x222/0x330 [ 337.506467][ T30] ? __pfx_devlink_pernet_pre_exit+0x10/0x10 [ 337.513041][ T30] ? kobject_put+0xb9/0x640 [ 337.517638][ T30] ? __pfx_devlink_pernet_pre_exit+0x10/0x10 [ 337.524137][ T30] ops_undo_list+0x187/0xab0 [ 337.528799][ T30] ? __pfx_ops_undo_list+0x10/0x10 [ 337.535317][ T30] ? cleanup_net+0x332/0x920 [ 337.540355][ T30] ? cleanup_net+0x332/0x920 [ 337.545011][ T30] ? idr_destroy+0x62/0x2e0 [ 337.549941][ T30] cleanup_net+0x499/0x920 [ 337.554446][ T30] ? __pfx_cleanup_net+0x10/0x10 [ 337.560054][ T30] ? rcu_is_watching+0x12/0xc0 [ 337.564901][ T30] process_one_work+0x9d7/0x1920 [ 337.570512][ T30] ? __pfx_process_one_work+0x10/0x10 [ 337.575979][ T30] ? __pfx_cleanup_net+0x10/0x10 [ 337.581797][ T30] worker_thread+0x5da/0xe40 [ 337.586474][ T30] ? __pfx_worker_thread+0x10/0x10 [ 337.592166][ T30] ? kthread+0x13a/0x450 [ 337.596479][ T30] ? __pfx_worker_thread+0x10/0x10 [ 337.602146][ T30] kthread+0x370/0x450 [ 337.606276][ T30] ? __pfx_kthread+0x10/0x10 [ 337.611396][ T30] ret_from_fork+0x754/0xd80 [ 337.616070][ T30] ? __pfx_ret_from_fork+0x10/0x10 [ 337.621696][ T30] ? __switch_to+0x7b4/0x1120 [ 337.626487][ T30] ? __pfx_kthread+0x10/0x10 [ 337.631713][ T30] ret_from_fork_asm+0x1a/0x30 [ 337.637464][ T30] [ 337.641109][ T30] INFO: task syz-executor:7113 blocked for more than 143 seconds. [ 337.648975][ T30] Tainted: G L syzkaller #0 [ 337.655991][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 337.665187][ T30] task:syz-executor state:D stack:24024 pid:7113 tgid:7113 ppid:1 task_flags:0x400140 flags:0x00080002 [ 337.677615][ T30] Call Trace: [ 337.681255][ T30] [ 337.684233][ T30] __schedule+0xfee/0x60e0 [ 337.688721][ T30] ? __lock_acquire+0x4a5/0x2630 [ 337.694418][ T30] ? __pfx___schedule+0x10/0x10 [ 337.699323][ T30] ? find_held_lock+0x2b/0x80 [ 337.704540][ T30] ? schedule+0x2bf/0x390 [ 337.708943][ T30] schedule+0xdd/0x390 [ 337.739899][ T30] schedule_preempt_disabled+0x13/0x30 [ 337.745467][ T30] __mutex_lock+0xc9a/0x1b90 [ 337.769678][ T30] ? device_del+0xa0/0x9b0 [ 337.774212][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 337.779316][ T30] ? mark_held_locks+0x40/0x70 [ 337.801888][ T30] ? device_del+0xa0/0x9b0 [ 337.806423][ T30] device_del+0xa0/0x9b0 [ 337.811246][ T30] ? __pfx_ida_free+0x10/0x10 [ 337.815994][ T30] ? __pfx_device_del+0x10/0x10 [ 337.821945][ T30] ? __lock_acquire+0x4a5/0x2630 [ 337.826997][ T30] device_unregister+0x1d/0xe0 [ 337.832377][ T30] del_device_store+0x346/0x480 [ 337.838226][ T30] ? __pfx_del_device_store+0x10/0x10 [ 337.844028][ T30] ? find_held_lock+0x2b/0x80 [ 337.848769][ T30] ? sysfs_file_kobj+0xe4/0x290 [ 337.854245][ T30] ? sysfs_file_kobj+0xe4/0x290 [ 337.859158][ T30] ? __pfx_del_device_store+0x10/0x10 [ 337.865095][ T30] bus_attr_store+0x74/0xb0 [ 337.871178][ T30] ? __pfx_bus_attr_store+0x10/0x10 [ 337.876442][ T30] sysfs_kf_write+0xf2/0x150 [ 337.881159][ T30] kernfs_fop_write_iter+0x3e0/0x5f0 [ 337.886500][ T30] ? __pfx_sysfs_kf_write+0x10/0x10 [ 337.891852][ T30] vfs_write+0x6ac/0x1070 [ 337.896250][ T30] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 337.902293][ T30] ? __pfx_vfs_write+0x10/0x10 [ 337.907150][ T30] ? __pfx_do_sys_openat2+0x10/0x10 [ 337.912537][ T30] ksys_write+0x12a/0x250 [ 337.916937][ T30] ? __pfx_ksys_write+0x10/0x10 [ 337.921946][ T30] do_syscall_64+0x106/0xf80 [ 337.926585][ T30] ? clear_bhb_loop+0x40/0x90 [ 337.931409][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 337.937364][ T30] RIP: 0033:0x7f48acf5cece [ 337.942948][ T30] RSP: 002b:00007ffd4f10fbe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 337.951599][ T30] RAX: ffffffffffffffda RBX: 0000555562ad5500 RCX: 00007f48acf5cece [ 337.959618][ T30] RDX: 0000000000000001 RSI: 00007ffd4f10fc70 RDI: 0000000000000005 [ 337.967735][ T30] RBP: 00007f48ad03343f R08: 0000000000000000 R09: 0000000000000000 [ 337.975816][ T30] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 337.985264][ T30] R13: 00007ffd4f10fc70 R14: 00007f48add44620 R15: 0000000000000003 [ 337.993392][ T30] [ 337.996486][ T30] INFO: task syz.3.256:7119 blocked for more than 144 seconds. [ 338.004147][ T30] Tainted: G L syzkaller #0 [ 338.010795][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 338.021964][ T30] task:syz.3.256 state:D stack:29000 pid:7119 tgid:7114 ppid:5828 task_flags:0x400040 flags:0x00080002 [ 338.034185][ T30] Call Trace: [ 338.037539][ T30] [ 338.040595][ T30] __schedule+0xfee/0x60e0 [ 338.045969][ T30] ? __lock_acquire+0x4a5/0x2630 [ 338.051141][ T30] ? __pfx___schedule+0x10/0x10 [ 338.056051][ T30] ? find_held_lock+0x2b/0x80 [ 338.060865][ T30] ? schedule+0x2bf/0x390 [ 338.065261][ T30] schedule+0xdd/0x390 [ 338.069472][ T30] schedule_preempt_disabled+0x13/0x30 [ 338.075094][ T30] __mutex_lock+0xc9a/0x1b90 [ 338.079833][ T30] ? netlink_has_listeners+0x20f/0x430 [ 338.085348][ T30] ? devlink_health_report+0x681/0xb50 [ 338.090950][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 338.096024][ T30] ? devlink_recover_notify.constprop.0+0x200/0x670 [ 338.102733][ T30] ? __lock_acquire+0xcc1/0x2630 [ 338.107750][ T30] ? devlink_health_report+0x681/0xb50 [ 338.113329][ T30] devlink_health_report+0x681/0xb50 [ 338.118677][ T30] ? __pfx_devlink_health_report+0x10/0x10 [ 338.124626][ T30] ? _copy_from_user+0x59/0xd0 [ 338.129470][ T30] nsim_dev_health_break_write+0x166/0x210 [ 338.135464][ T30] ? __pfx_nsim_dev_health_break_write+0x10/0x10 [ 338.141909][ T30] ? lock_acquire+0x5e/0x380 [ 338.147361][ T30] full_proxy_write+0x135/0x1a0 [ 338.152416][ T30] vfs_write+0x2aa/0x1070 [ 338.156807][ T30] ? __pfx_full_proxy_write+0x10/0x10 [ 338.162291][ T30] ? __pfx_vfs_write+0x10/0x10 [ 338.167121][ T30] ? __fget_files+0x215/0x3d0 [ 338.171944][ T30] ? __fget_files+0x21f/0x3d0 [ 338.176692][ T30] ksys_write+0x12a/0x250 [ 338.181154][ T30] ? __pfx_ksys_write+0x10/0x10 [ 338.186143][ T30] do_syscall_64+0x106/0xf80 [ 338.190887][ T30] ? clear_bhb_loop+0x40/0x90 [ 338.195637][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 338.201642][ T30] RIP: 0033:0x7f628879c629 [ 338.206099][ T30] RSP: 002b:00007f62869cd028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 338.214641][ T30] RAX: ffffffffffffffda RBX: 00007f6288a16090 RCX: 00007f628879c629 [ 338.223151][ T30] RDX: 00000000000001e1 RSI: 0000200000000080 RDI: 0000000000000004 [ 338.231260][ T30] RBP: 00007f6288832b39 R08: 0000000000000000 R09: 0000000000000000 [ 338.239301][ T30] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 338.248528][ T30] R13: 00007f6288a16128 R14: 00007f6288a16090 R15: 00007ffe3e56a038 [ 338.256614][ T30] [ 338.259744][ T30] [ 338.259744][ T30] Showing all locks held in the system: [ 338.267630][ T30] 1 lock held by ksoftirqd/0/15: [ 338.272661][ T30] 1 lock held by khungtaskd/30: [ 338.277553][ T30] #0: ffffffff8e7e9220 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x3d/0x184 [ 338.287589][ T30] 2 locks held by klogd/5180: [ 338.292387][ T30] 2 locks held by getty/6912: [ 338.297105][ T30] #0: ffff888029f150a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80 [ 338.307010][ T30] #1: ffffc90004c472f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x419/0x1500 [ 338.317260][ T30] 6 locks held by kworker/u10:5/7019: [ 338.322754][ T30] #0: ffff88801c6ae948 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x1287/0x1920 [ 338.333282][ T30] #1: ffffc900042c7d08 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x93c/0x1920 [ 338.343360][ T30] #2: ffffffff905f95d0 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xb8/0x920 [ 338.353683][ T30] #3: ffff88805c0e20e8 (&dev->mutex){....}-{4:4}, at: devlink_pernet_pre_exit+0x185/0x330 [ 338.363944][ T30] #4: ffff88805c0e1250 (&devlink->lock_key){+.+.}-{4:4}, at: devlink_pernet_pre_exit+0x18f/0x330 [ 338.374756][ T30] #5: ffff888077baf8a0 (&sb->s_type->i_mutex_key#10/2){+.+.}-{4:4}, at: __simple_recursive_removal+0xe0/0x5c0 [ 338.388917][ T30] 5 locks held by syz-executor/7113: [ 338.395926][ T30] #0: ffff88803728c420 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 [ 338.405043][ T30] #1: ffff88802b1e7888 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x2c2/0x5f0 [ 338.414948][ T30] #2: ffff88802a0f34b8 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x332/0x5f0 [ 338.425145][ T30] #3: ffffffff8fb6a748 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x480 [ 338.435562][ T30] #4: ffff88805c0e20e8 (&dev->mutex){....}-{4:4}, at: device_del+0xa0/0x9b0 [ 338.444508][ T30] 3 locks held by syz.3.256/7119: [ 338.449573][ T30] #0: ffff88802c1ea638 (&f->f_pos_lock){+.+.}-{4:4}, at: fdget_pos+0x2aa/0x380 [ 338.459601][ T30] #1: ffff8880202ca420 (sb_writers#8){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 [ 338.468949][ T30] #2: ffff88805c0e1250 (&devlink->lock_key){+.+.}-{4:4}, at: devlink_health_report+0x681/0xb50 [ 338.479592][ T30] 4 locks held by syz-executor/7373: [ 338.484975][ T30] #0: ffff88803728c420 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 [ 338.494163][ T30] #1: ffff88805ba45c88 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x2c2/0x5f0 [ 338.504077][ T30] #2: ffff88802a0f34b8 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x332/0x5f0 [ 338.514239][ T30] #3: ffffffff8fb6a748 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x480 [ 338.524661][ T30] 4 locks held by syz-executor/8028: [ 338.530078][ T30] #0: ffff88803728c420 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 [ 338.539167][ T30] #1: ffff888029677088 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x2c2/0x5f0 [ 338.549186][ T30] #2: ffff88802a0f34b8 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x332/0x5f0 [ 338.560187][ T30] #3: ffffffff8fb6a748 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x480 [ 338.570695][ T30] 4 locks held by syz-executor/8077: [ 338.576018][ T30] #0: ffff88803728c420 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 [ 338.585139][ T30] #1: ffff88805755c888 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x2c2/0x5f0 [ 338.595090][ T30] #2: ffff88802a0f34b8 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x332/0x5f0 [ 338.605272][ T30] #3: ffffffff8fb6a748 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x480 [ 338.615739][ T30] 4 locks held by syz-executor/8108: [ 338.621169][ T30] #0: ffff88803728c420 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 [ 338.630306][ T30] #1: ffff88805874d888 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x2c2/0x5f0 [ 338.640229][ T30] #2: ffff88802a0f34b8 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x332/0x5f0 [ 338.650385][ T30] #3: ffffffff8fb6a748 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x480 [ 338.661649][ T30] 2 locks held by syz.0.515/8198: [ 338.666720][ T30] #0: ffff8880202ca420 (sb_writers#8){.+.+}-{0:0}, at: path_openat+0x9b1/0x31a0 [ 338.676020][ T30] #1: ffff888077baf8a0 (&sb->s_type->i_mutex_key#18){++++}-{4:4}, at: path_openat+0xa16/0x31a0 [ 338.686610][ T30] 4 locks held by syz-executor/8203: [ 338.692107][ T30] #0: ffff88803728c420 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 [ 338.701328][ T30] #1: ffff88807b901488 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x2c2/0x5f0 [ 338.711226][ T30] #2: ffff88802a0f34b8 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x332/0x5f0 [ 338.721374][ T30] #3: ffffffff8fb6a748 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x480 [ 338.731787][ T30] 4 locks held by syz-executor/8213: [ 338.737100][ T30] #0: ffff88803728c420 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 [ 338.746216][ T30] #1: ffff8880371e8488 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x2c2/0x5f0 [ 338.756096][ T30] #2: ffff88802a0f34b8 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x332/0x5f0 [ 338.767133][ T30] #3: ffffffff8fb6a748 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x480 [ 338.777619][ T30] 4 locks held by syz-executor/8223: [ 338.783010][ T30] #0: ffff88803728c420 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 [ 338.792484][ T30] #1: ffff888030dff488 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x2c2/0x5f0 [ 338.804760][ T30] #2: ffff88802a0f34b8 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x332/0x5f0 [ 338.814978][ T30] #3: ffffffff8fb6a748 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x480 [ 338.825421][ T30] 4 locks held by syz-executor/8233: [ 338.830821][ T30] #0: ffff88803728c420 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 [ 338.839904][ T30] #1: ffff88807de9f088 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x2c2/0x5f0 [ 338.849776][ T30] #2: ffff88802a0f34b8 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x332/0x5f0 [ 338.859948][ T30] #3: ffffffff8fb6a748 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x480 [ 338.871568][ T30] [ 338.873954][ T30] ============================================= [ 338.873954][ T30] [ 338.887404][ T30] NMI backtrace for cpu 1 [ 338.887433][ T30] CPU: 1 UID: 0 PID: 30 Comm: khungtaskd Tainted: G L syzkaller #0 PREEMPT(full) [ 338.887475][ T30] Tainted: [L]=SOFTLOCKUP [ 338.887486][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 338.887503][ T30] Call Trace: [ 338.887513][ T30] [ 338.887524][ T30] dump_stack_lvl+0x100/0x190 [ 338.887575][ T30] nmi_cpu_backtrace.cold+0x12d/0x151 [ 338.887628][ T30] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 338.887675][ T30] nmi_trigger_cpumask_backtrace+0x1d7/0x230 [ 338.887727][ T30] sys_info+0x141/0x190 [ 338.887764][ T30] watchdog+0xd25/0x1050 [ 338.887793][ T30] ? __pfx_watchdog+0x10/0x10 [ 338.887814][ T30] ? __kthread_parkme+0x18c/0x230 [ 338.887842][ T30] ? kthread+0x13a/0x450 [ 338.887875][ T30] ? __pfx_watchdog+0x10/0x10 [ 338.887894][ T30] kthread+0x370/0x450 [ 338.887922][ T30] ? __pfx_kthread+0x10/0x10 [ 338.887954][ T30] ret_from_fork+0x754/0xd80 [ 338.887988][ T30] ? __pfx_ret_from_fork+0x10/0x10 [ 338.888024][ T30] ? __switch_to+0x7b4/0x1120 [ 338.888048][ T30] ? __pfx_kthread+0x10/0x10 [ 338.888079][ T30] ret_from_fork_asm+0x1a/0x30 [ 338.888115][ T30] [ 338.888123][ T30] Sending NMI from CPU 1 to CPUs 0: [ 339.016155][ C0] NMI backtrace for cpu 0 [ 339.016179][ C0] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Tainted: G L syzkaller #0 PREEMPT(full) [ 339.016214][ C0] Tainted: [L]=SOFTLOCKUP [ 339.016223][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 339.016238][ C0] RIP: 0010:pv_native_safe_halt+0xf/0x20 [ 339.016270][ C0] Code: d8 85 02 c3 cc cc cc cc 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d e3 ba 1e 00 fb f4 bc 35 03 00 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90 [ 339.016295][ C0] RSP: 0018:ffffffff8e407e00 EFLAGS: 00000246 [ 339.016315][ C0] RAX: 00000000001e21eb RBX: ffffffff8e4975c0 RCX: ffffffff8b8ccc75 [ 339.016331][ C0] RDX: 0000000000000000 RSI: ffffffff8de7a785 RDI: ffffffff8c1aee20 [ 339.016347][ C0] RBP: 0000000000000000 R08: 0000000000000001 R09: ffffed1017086795 [ 339.016362][ C0] R10: ffff8880b8433cab R11: 0000000000000000 R12: fffffbfff1c92eb8 [ 339.016377][ C0] R13: 0000000000000000 R14: ffffffff90d98f10 R15: 0000000000000000 [ 339.016393][ C0] FS: 0000000000000000(0000) GS:ffff888124351000(0000) knlGS:0000000000000000 [ 339.016416][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 339.016432][ C0] CR2: 000056029b1b1ee8 CR3: 000000000e598000 CR4: 00000000003526f0 [ 339.016448][ C0] Call Trace: [ 339.016456][ C0] [ 339.016464][ C0] default_idle+0x9/0x10 [ 339.016495][ C0] default_idle_call+0x6c/0xb0 [ 339.016526][ C0] do_idle+0x35b/0x4b0 [ 339.016550][ C0] ? __pfx_do_idle+0x10/0x10 [ 339.016576][ C0] cpu_startup_entry+0x4f/0x60 [ 339.016599][ C0] rest_init+0x251/0x260 [ 339.016640][ C0] ? __pfx_x86_late_time_init+0x10/0x10 [ 339.016675][ C0] start_kernel+0x47f/0x480 [ 339.016706][ C0] x86_64_start_reservations+0x24/0x30 [ 339.016737][ C0] x86_64_start_kernel+0x12b/0x130 [ 339.016769][ C0] common_startup_64+0x13e/0x148 [ 339.016804][ C0] [ 339.205803][ T30] Kernel panic - not syncing: hung_task: blocked tasks [ 339.212696][ T30] CPU: 0 UID: 0 PID: 30 Comm: khungtaskd Tainted: G L syzkaller #0 PREEMPT(full) [ 339.223402][ T30] Tainted: [L]=SOFTLOCKUP [ 339.227731][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 339.237798][ T30] Call Trace: [ 339.241107][ T30] [ 339.244048][ T30] dump_stack_lvl+0x100/0x190 [ 339.248752][ T30] vpanic+0x552/0x970 [ 339.252770][ T30] ? __pfx_vpanic+0x10/0x10 [ 339.257315][ T30] ? nmi_trigger_cpumask_backtrace+0x182/0x230 [ 339.263514][ T30] panic+0xd1/0xe0 [ 339.267292][ T30] ? __pfx_panic+0x10/0x10 [ 339.271737][ T30] ? nmi_trigger_cpumask_backtrace+0x1b5/0x230 [ 339.277952][ T30] ? nmi_trigger_cpumask_backtrace+0x1f6/0x230 [ 339.284157][ T30] ? nmi_trigger_cpumask_backtrace+0x200/0x230 [ 339.290350][ T30] ? watchdog.cold+0x198/0x1ca [ 339.295153][ T30] ? watchdog+0xd35/0x1050 [ 339.299586][ T30] watchdog.cold+0x1a9/0x1ca [ 339.304203][ T30] ? __pfx_watchdog+0x10/0x10 [ 339.308889][ T30] ? __kthread_parkme+0x18c/0x230 [ 339.313945][ T30] ? kthread+0x13a/0x450 [ 339.318212][ T30] ? __pfx_watchdog+0x10/0x10 [ 339.322897][ T30] kthread+0x370/0x450 [ 339.327008][ T30] ? __pfx_kthread+0x10/0x10 [ 339.331633][ T30] ret_from_fork+0x754/0xd80 [ 339.336250][ T30] ? __pfx_ret_from_fork+0x10/0x10 [ 339.341389][ T30] ? __switch_to+0x7b4/0x1120 [ 339.346083][ T30] ? __pfx_kthread+0x10/0x10 [ 339.350711][ T30] ret_from_fork_asm+0x1a/0x30 [ 339.355515][ T30] [ 339.359162][ T30] Kernel Offset: disabled [ 339.363535][ T30] Rebooting in 86400 seconds..