last executing test programs: 1.549364299s ago: executing program 2 (id=3): r0 = openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x8000, 0x0) ioctl$auto_VHOST_SET_VRING_BASE2(r0, 0x4008af12, &(0x7f0000000040)={0xa, 0x4}) pwrite64$auto(0xffffffffffffffff, 0x0, 0x6bc, 0x5) socket(0x10, 0x2, 0x4) close_range$auto(0x2, 0x8, 0x0) write$auto(0xca, &(0x7f0000000000)='\x04>\x01\x01\x00\x00\x00\x00\x01_\x9e\x99:R\xcc\x96\b\'\x02\xb0\x93l\xeb\x87\r\b\x87\x14\xf8e6\x9c%\xb6\x9a\\S\xa2(Q\xcc', 0x7f) socket$nl_generic(0x10, 0x3, 0x10) r1 = socket(0x2, 0x801, 0x6) mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0xc76, 0x8000) socket(0xa, 0x2, 0x73) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x28, 0x1, 0x0) connect$auto(0x3, &(0x7f00000000c0)=@vsock={0x28, 0x0, 0x2710, @hyper}, 0x55) setsockopt$auto(r1, 0x1, 0x12, 0x0, 0xa4) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socketpair$auto(0xfffffffe, 0x802, 0x8000000000000000, 0x0) socket(0xa, 0x5, 0x84) socket(0x10, 0x2, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c03, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) bpf$auto(0x4, &(0x7f0000000000)=@test={0xffffffffffffffff, 0x8000, 0xf9c, 0x468, 0x9, 0x3, 0x4, 0x2, 0x4, 0x200, 0x1fd, 0xb6, 0x4, 0x6, 0x3}, 0xa3) writev$auto(0xca, &(0x7f0000000080)={&(0x7f0000000040), 0x1}, 0x7e) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x2062, 0x0) write$auto(r2, &(0x7f00000001c0)='\x80\xfb\xd8o`AG,>^\xd6e\xe1[\x8d\xb4\xfeQ\x06\x9b\x12\x90B\x1c\xeb/Y\xd1\xbc\x16v\t\xb4^\x9a\xa4z\xbb\xdd\n\xdbB\x1d\xbc\x06\x94\xaf\x91\x111\xf2\n\x84\xed\xab\x93~,\xd4\xfc\x97(\xa8\x1d\xdfb\xc2\xa2\x8aocpIr>\v\xeep,CfM\xf7\xee\x893&\xba^>,\xbc\x1a2\x91\x88\t\x18\a\xd6\x18\xbefW\xc0y\x8c\xc13W\xb1\xa9\xe1\'WS\xad0\x1e:\x1f\xa4X\x99\x94_\xb4=\x04C\xe5\x86l\x13\x88\x01\x9e\xad6 \xd2|\x88L\xde\x9dA\xcfL\xc5E\x1cz\xdc\x86\xc8\xff\xeb{\x1a\xaa\xad{\xdf.\x9b\xbd\a\xb6$\x82\xcc\x12\xac\xe2\xe4C\xa7\xdd\x82;\xa0\xc8Yw\x0f=', 0x100081) signalfd$auto(0xffffffffffffffff, 0x0, 0x8) madvise$auto(0x0, 0xffffffffffff0005, 0x17) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x20f01, 0x0) 1.333195346s ago: executing program 1 (id=2): r0 = openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x8000, 0x0) ioctl$auto_VHOST_SET_VRING_BASE2(r0, 0x4008af12, &(0x7f0000000040)={0xa, 0x4}) sendmsg$auto_NL802154_CMD_SET_CCA_MODE(0xffffffffffffffff, 0x0, 0x800) pwrite64$auto(0xffffffffffffffff, 0x0, 0x6bc, 0x5) socket(0x10, 0x2, 0x4) close_range$auto(0x2, 0x8, 0x0) write$auto(0xca, &(0x7f0000000000)='\x04>\x01\x01\x00\x00\x00\x00\x01_\x9e\x99:R\xcc\x96\b\'\x02\xb0\x93l\xeb\x87\r\b\x87\x14\xf8e6\x9c%\xb6\x9a\\S\xa2(Q\xcc', 0x7f) socket$nl_generic(0x10, 0x3, 0x10) r1 = socket(0x2, 0x801, 0x6) mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0xc76, 0x8000) socket(0xa, 0x2, 0x73) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x28, 0x1, 0x0) connect$auto(0x3, &(0x7f00000000c0)=@vsock={0x28, 0x0, 0x2710, @hyper}, 0x55) setsockopt$auto(r1, 0x1, 0x12, 0x0, 0xa4) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socketpair$auto(0xfffffffe, 0x802, 0x8000000000000000, 0x0) socket(0xa, 0x5, 0x84) socket(0x10, 0x2, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c03, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) bpf$auto(0x4, &(0x7f0000000000)=@test={0xffffffffffffffff, 0x8000, 0xf9c, 0x468, 0x9, 0x3, 0x4, 0x2, 0x4, 0x200, 0x1fd, 0xb6, 0x4, 0x6, 0x3}, 0xa3) writev$auto(0xca, &(0x7f0000000080)={&(0x7f0000000040), 0x1}, 0x7e) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x2062, 0x0) write$auto(r2, &(0x7f00000001c0)='\x80\xfb\xd8o`AG,>^\xd6e\xe1[\x8d\xb4\xfeQ\x06\x9b\x12\x90B\x1c\xeb/Y\xd1\xbc\x16v\t\xb4^\x9a\xa4z\xbb\xdd\n\xdbB\x1d\xbc\x06\x94\xaf\x91\x111\xf2\n\x84\xed\xab\x93~,\xd4\xfc\x97(\xa8\x1d\xdfb\xc2\xa2\x8aocpIr>\v\xeep,CfM\xf7\xee\x893&\xba^>,\xbc\x1a2\x91\x88\t\x18\a\xd6\x18\xbefW\xc0y\x8c\xc13W\xb1\xa9\xe1\'WS\xad0\x1e:\x1f\xa4X\x99\x94_\xb4=\x04C\xe5\x86l\x13\x88\x01\x9e\xad6 \xd2|\x88L\xde\x9dA\xcfL\xc5E\x1cz\xdc\x86\xc8\xff\xeb{\x1a\xaa\xad{\xdf.\x9b\xbd\a\xb6$\x82\xcc\x12\xac\xe2\xe4C\xa7\xdd\x82;\xa0\xc8Yw\x0f=', 0x100081) signalfd$auto(0xffffffffffffffff, 0x0, 0x8) madvise$auto(0x0, 0xffffffffffff0005, 0x17) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x20f01, 0x0) 616.664388ms ago: executing program 0 (id=1): close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NL80211_CMD_PROBE_MESH_LINK(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYRES16=0x0, @ANYBLOB="200025bd7000fddbdf258800000008003500080000004500c500a1fb9356a71c7bc0d4d5ac6eaf23282130a440987aaad936d54064fcc04ca9148cf6dc60b133d7ecfc3667bbc498fccb499f74bcb01add59604e5718adb8c374d60000000800b70005"], 0x6c}, 0x1, 0x0, 0x0, 0x2}, 0xc000) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) socket(0x10, 0x2, 0x0) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000226bd7000fedbdf25030000000800030004020000060007000080000008000200", @ANYRES32=0x0, @ANYBLOB="0a00050000000000000000000a00010000000000000000000a0001000000000000000000060007000100000008000200", @ANYRES32=0x0, @ANYBLOB='\b\x00\n'], 0x68}, 0x1, 0x0, 0x0, 0x40080}, 0x40090) r0 = openat$auto_tracing_total_entries_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/tracing/buffer_total_size_kb\x00', 0x20000, 0x0) recvmmsg$auto(r0, &(0x7f0000000500)={{&(0x7f0000000300)="37c320de5521956b87494a0e5dad0551869ac2f6713f20f0d88b271dc788ec0218248b90414231911b95cfd3b79cadd5daf13810dcb2f73b1d24821ac814ea613b7df451358c2fc01250", 0x1, &(0x7f0000000440)={&(0x7f0000000380)="30c1458776c1d63f5bf04ec48a3eb625b9b0e8e9ad589c411428d30aaebced65581597a8ac6ea53970c86fb31733528666f7542013737639093d84e64278391fe0ff1e4f83de2bb79827d4ebad83d4d928db67ae451ea9cff6bd70bc81c01c9cb5df4f1e4fdecde9308152ffd34635a9fcb8c3fe27356f940e3d7b2e74b66ec2b58a371c818fd6245ffecbb23ddc0418a6", 0x3}, 0x9, &(0x7f0000000480)="56788e03ad75c2f75e31e898ab92ec02e8971b665bbf63b4548449138a14509aa49e6850dfb3e427647d7a60450f53b29b12b01ab2f82b0f720e31ba7e192d50e50ac4", 0x0, 0x9}, 0x7}, 0x0, 0x0, &(0x7f0000000540)={0x7, 0xffffffff}) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) unshare$auto(0x40000080) mmap$auto(0xffffffffffffffff, 0x2020004, 0x203, 0xeb1, 0xffffffffffffffff, 0x208000) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/system/cpu/cpu1/hotplug/target\x00', 0x2, 0x0) write$auto(r1, &(0x7f0000000380)='0\x81=\"\xad/\x8d\b\xf5\x18\xa4\xb0\xb4\xd9\x82=~\x17\xfb&L\xeb=j\a\xf1y\xb3\"\xeb\a\xdd\xf4\xf4Ry\xee\xd7\x1e\x1c\x86\x0f\xcf\x7f\xbf\xab\x12{\xc2\xc2*\xc1M+6/v8\xea\xe9\x85s4\xfe\xe5\t\x7fc\xfb7^\xb86J_\x1d1s!\x01\xff\xff\xff\xff\xff\xff\xff\x1dF\xe6\xf6\x17\x10+\xc0\xb0\xafc\x99\xd4\x150Y~\x1e\xe2\xd6x4fW\x13\xc4U`\x9e-X\xd7\xe2H^\fLS`\xfc\xbb\r\f\x00\xeaN\t\x00\x82;\x7f\xa0.\x9a\xfb\x8d\xf3l\xf2\xd3\x95\xc1M5\xcb\xa6I\x067\xe36\xea\xe9\xe3\xf44oT_`8\xb3\xef\x04 \x05K\xf9\x87pl\xac\x86\nE\xc7e\xc5Q\x89\xcd@\x1c\x92\x00\x87\x976\x9f>\xa2\xcfm\xec\r\x11\x7f\x00\x00\x00\xb1\xde@\x02\xce\x03\xb7\xb1\xfb\x9fr\v\xb2\xe3\xc7\b\x85\x00 /zm\x7f\x8fg,p\a\xc8\x7f\xa5\x87\x02\x87\xbbR=A\x00\x1f\x8a\xa7/Q\"J\xbb\xb0m\xf2SP\x84\x84S\xf0\xba\x9a\xf6\xb6`WI\xba\xba*8\x9f\xea\xe8K/\x98\xbc7~>\x12\x9buB\xcb\xe4\x8aKf\xba\x8c\x19m\xe6I\x02\xde\x80\x9d\x87}\xf4\xbd9\xaa\xd6\xdb1]\xde\xa0r\x14\xca56^\x94\xd2\xd8\xe6}9\x91\xb6\xf7\xa1=\x96\x11\xf1\\\xa91\x0e\xd1\xe4z\xc1;Pw!\x8b\xf5{\xc7Xd\xf1\xf2}\x96EVf\xc9\xa8\xcd\xe4\xc9\x8d\x1d7\xd5\x94\\\xb5\r\xd2\xaa\xe6H\xfe)\xb3a\x04\x1eRMl\xa3F\xa8W0\x90\xc9Ky#\x03\xf5~\xd2Z\xe9(\x99\b\x00\r\xde\x01]\r\xd09k\xc2\x84\xc1\xabN\x96\x8a6\x98@\xd3\xab\xa8m\xdf\x8d\x1d\b\x82\xfcP\x87\x93\x80\x97Q\x86\x8a\x9c\xf8L\x0f\xa8@VE2\x9d\x1e`#\xd8\xd7M\xd4k1\xe6\x13Y\\\x83E\xd0e\x0eM\xa9Q\xac\x0e\x1d]\a\x19H\x81\xd2\xccF\xc6\xd4\xe2R$\xfa\xd6}\xbdsN\x18\xdf\xf5\xffP\xf5\f\xccL\xef\x83\xb3$\xd4\xf4\xb5\xe6\xd0 \xb9\xa7\x8e6\t\x83q\xef\b\xd2\xdb', 0x1) bind$auto(0x3, 0x0, 0x6d) syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000000), 0xffffffffffffffff) openat$auto_tracing_free_buffer_fops_trace(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/tracing/free_buffer\x00', 0x2d04c0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000640), 0xffffffffffffffff) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0x2000040080000004, 0xe) socket(0x2, 0x801, 0x6) madvise$auto(0x0, 0xffffffffffff0005, 0x17) sendmsg$auto_NL80211_CMD_RELOAD_REGDB(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="14000000", @ANYRES16=r3, @ANYBLOB="05082dbd7000ecdbdf257e000000"], 0x14}, 0x1, 0x0, 0x0, 0x4004044}, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0x800000000000eb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) process_vm_readv$auto(0x0, 0x0, 0x1, 0x0, 0x6, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/virtual/net/bond0/bonding/arp_validate\x00', 0x2002, 0x0) sendfile$auto(0x3, 0x3, 0x0, 0x400000000006) 584.047416ms ago: executing program 3 (id=4): openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x2000, 0x0) semget$auto(0x0, 0x2e4a, 0x8000) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) r1 = fcntl$auto_F_DUPFD_CLOEXEC(r0, 0x406, r0) ioctl$auto_EVIOCGMASK(r1, 0x80104592, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000000040), 0xffffffffffffffff) mmap$auto(0x0, 0x400000008, 0x20000000000000da, 0x9b76, 0xffffffffffffffff, 0x20008000) read$auto_proc_mountinfo_operations_mnt_namespace(0xffffffffffffffff, 0x0, 0x0) r2 = openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000240)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x1000, 0x0) r3 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f00000000c0), 0x302, 0x0) ioctl$auto_VHOST_SET_OWNER(r3, 0xaf01, 0x5) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x3, 0x24, 0x1001, 0x1, 0x717e, 0x0, 0x4, 0xf6b, 0xd, 0x2, 0x4080001, 0x4, 0x1ffffffffffd, 0x224a, 0x2, 0x7, 0x6, 0x7f, 0x3ff, 0x2, 0xa, 0x1004, 0x200, 0x6, 0x84, 0x3, 0x0, 0x0, 0x4, 0xfffffffc, [0x2, 0x0, 0x10000000000200, 0x4000401, 0x0, 0x7, 0xffffffffffffff81, 0xffffffff80000000, 0x0, 0x42, 0x1, 0x3, 0x0, 0x80000000000000, 0x8, 0x4, 0x400, 0x0, 0x0, 0x2, 0xfffffffffffffffe, 0x1, 0x668, 0x0, 0x9, 0x0, 0x5, 0x14, 0x0, 0x1000000, 0x0, 0x1000000000000000, 0xfffffffffffffffc, 0x83, 0x400, 0x6, 0x0, 0x0, 0xb457195, 0x6, 0xffffffffffffffff, 0x2]}, 0x800000000001fe, 0xd) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/module/ati_remote2/parameters/mode_mask\x00', 0x0, 0x0) r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x2200, 0x0) read$auto(r5, 0x0, 0x10001) openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, 0x0, 0x4000, 0x0) close_range$auto(0x0, 0x5, 0x0) socket(0x1d, 0x2, 0x6) r6 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/tty12\x00', 0x101c40, 0x0) r7 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) ioctl$auto(r6, 0x541c, r7) read$auto_kernfs_file_fops_kernfs_internal(r4, &(0x7f0000000100)=""/45, 0x2d) r8 = openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f00000003c0), 0x1541, 0x0) ioctl$auto__ctl_fops_dm_ioctl(r8, 0xfffffffffffffd01, &(0x7f00000001c0)) ioctl$auto(r3, 0x4008af23, r2) r9 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000140)='/proc/thread-self/smaps_rollup\x00', 0x40302, 0x0) ioctl$auto_PROCMAP_QUERY(r9, 0xc0686611, &(0x7f0000000080)={0x17, 0x34, 0x7fff, 0x5, 0x80000000009, 0x1, 0x800, 0x101, 0x5, 0x7f93, 0xfffffffe, 0x7ffffffd, 0x3, 0x7, 0x9}) r10 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000040)='ns/pid_for_children\x00') ioctl$auto(r10, 0x8004b706, 0x1) 198.750225ms ago: executing program 2 (id=5): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) unshare$auto(0x20000) syslog$auto(0x3, &(0x7f0000000080)='..\x00k\xac\x8c\x1d\x0e\x98\x80\xd2\xaf\xa1\xf2\x1e\xe1R1\xa2\x8e\xce\xa0\x17\bI3\'\xc5tw\xd7\x1d\xa6\xf4#+\xfa\xd7\x01\xb9j<\v\xf47\n\xa7\xd2\x8b\x11e1\xb3\xfdd\x04\xa9 1q\x97\xc4,\xa9^\xc1\xb6\x84q\x0f\xd1\x013\x87l\xb9\x1e\x05\x90\xa24X@\xadD\xf8\x9d\xf3 \xd2]\xc4\x13G\x1d\x04!\xc1\xeb.e$\xfb\xa3KU\xcf\xc1\x7fFD\x99\xf5v\v\x9dS\xc11P\xa3\xe9\xb0SqL\x85\xea\xb2\x9cY\x83.I\xca\x92\x1c\xc4\x13CV=\x92\x17c\x87iOt\x14On\x15=\v\xf0 \xc5\x8b~\xd6\xd4\xc7\xa3a\x1c\x06\x17\xb3\x88\x8c\xf1L\xba\x89a\xfd\xa5\xc6\x7fU\x00\xe5\x9b', 0x5) syz_open_procfs$namespace(0x0, &(0x7f0000000080)) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/asound/card1/timer_source\x00', 0x20080, 0x0) unshare$auto(0x10) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/class/zram-control/hot_remove\x00', 0x8001, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'vcan0\x00'}) r0 = openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000001c80)='/dev/fb0\x00', 0x20401, 0x0) ioctl$auto_TUNSETCARRIER(0xffffffffffffffff, 0x400454e2, &(0x7f0000000080)=0x68) ioctl$auto_FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f0000000080)) mknod$auto(&(0x7f0000000180)=':,\x00', 0xc9, 0xfffffffa) r1 = openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x2, 0x0) mmap$auto(0x0, 0x7, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) write$auto_sg_fops_sg(r1, &(0x7f0000001380)="4a0200000000040000899edb615550fd8c44924d87f0010047eb02eff5d2adc245a4e1eded0e91b86c61b6b42ed6", 0x2e) syz_genetlink_get_family_id$auto_tcp_metrics(&(0x7f0000000ac0), 0xffffffffffffffff) io_uring_setup$auto(0x8, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x2, 0x0) recvfrom$auto(0xffffffffffffffff, 0x0, 0xde, 0x8, 0x0, 0x0) timer_create$auto(0xfffffffa, &(0x7f0000000100)={@sival_int=0x9, @inferred, 0x1, @_sigev_thread={0x0, 0x0}}, &(0x7f0000000140)=0x6) timer_settime$auto(0x0, 0x2, &(0x7f00000000c0)={{0xf, 0x10007}, {0x0, 0x401}}, 0x0) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000140)='/proc/scsi/sg/debug\x00', 0x2000, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x3, 0x0) ioctl$auto_KVM_CHECK_EXTENSION(r2, 0xae03, 0x42) prctl$auto(0x43, 0x17, 0x0, 0x0, 0x0) execve$auto(&(0x7f0000000040)=':,\x00', &(0x7f00000000c0)=&(0x7f0000001340)='\x05\x00\x00\x00\x00i\x00\x00\x02\xac\xbc[:U\x8e\x03B\xfbPN\x00\x0e\x01\x00\x00\xfd7\x83\x85\x01\xd1\x86\xd5\xeb8m\xa8\xe7Z\xd0\xf1\x9e\xcc\x89\xbb\xec\x13_\xea/TK\xd9\xa8\xa5\x11\xe7\x98\xe8\x8b\xc4z\v\x85QZ\x84\xac\x00\x00\x03p\x8b\x93ix\x04\xaeK\xafr9\x8dqw\x00\"`M\x05\x9c\xadc\x11\xfa\xba#\xc8CYV\xe4@\xd1\xd8z),\x14B\x8c\xde7\xc1\xc0\x03\xd6\x1fi\x02\xeb\x1b\xac\xf4\xd5\xf6\x9d$zu\x00\xde\x8a*8\xf5iJ\xe7\x80\xb5\xfa\x97L\xd3\x05\xc2\x05B\x11\xb8\xfb\xf2\xaf\xb8\x82j\xb0j[\xe3\xb8M\xacu\x03k\x00\x00\x00\x00\x19\x19\x89\n\x92\xf4\xa8\xb7f I\x06$\xf5\xd3\xbfF\xca\x8f\x7f\xb0u?c\xea\xd3\x01\xf6\x1a\x13\xbd-\xdf\x06t\xd9\x97\x8f\x81Sd\xe5\xdc\x81\x91\x8e\xdc\xcb\xfd\xfd\x90\xf6\xcd\xca\xf6BD$\t\xfd\xbd\x058\xe7\xdb\xe0\xbda\x05+\xf0Qk<\xbfx\xf7\xacL\x9dJ\xa1E\xabZ\xba\xc5\x8e\xca\bx^fn\xd3\xc6\"\f\x90\x95~j\xb4\xdb\xf6\xe1\x01\x01\x00\x00\x00\x00\x01_\x9e\x99:R\xcc\x96\b\'\x02\xb0\x93l\xeb\x87\r\b\x87\x14\xf8e6\x9c%\xb6\x9a\\S\xa2(Q\xcc', 0x7f) socket$nl_generic(0x10, 0x3, 0x10) r1 = socket(0x2, 0x801, 0x6) socket(0xa, 0x2, 0x73) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x28, 0x1, 0x0) connect$auto(0x3, &(0x7f00000000c0)=@vsock={0x28, 0x0, 0x2710, @hyper}, 0x55) setsockopt$auto(r1, 0x1, 0x12, 0x0, 0xa4) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socketpair$auto(0xfffffffe, 0x802, 0x8000000000000000, 0x0) socket(0xa, 0x5, 0x84) socket(0x10, 0x2, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c03, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) bpf$auto(0x4, &(0x7f0000000000)=@test={0xffffffffffffffff, 0x8000, 0xf9c, 0x468, 0x9, 0x3, 0x4, 0x2, 0x4, 0x200, 0x1fd, 0xb6, 0x4, 0x6, 0x3}, 0xa3) writev$auto(0xca, &(0x7f0000000080)={&(0x7f0000000040), 0x1}, 0x7e) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x2062, 0x0) write$auto(r2, &(0x7f00000001c0)='\x80\xfb\xd8o`AG,>^\xd6e\xe1[\x8d\xb4\xfeQ\x06\x9b\x12\x90B\x1c\xeb/Y\xd1\xbc\x16v\t\xb4^\x9a\xa4z\xbb\xdd\n\xdbB\x1d\xbc\x06\x94\xaf\x91\x111\xf2\n\x84\xed\xab\x93~,\xd4\xfc\x97(\xa8\x1d\xdfb\xc2\xa2\x8aocpIr>\v\xeep,CfM\xf7\xee\x893&\xba^>,\xbc\x1a2\x91\x88\t\x18\a\xd6\x18\xbefW\xc0y\x8c\xc13W\xb1\xa9\xe1\'WS\xad0\x1e:\x1f\xa4X\x99\x94_\xb4=\x04C\xe5\x86l\x13\x88\x01\x9e\xad6 \xd2|\x88L\xde\x9dA\xcfL\xc5E\x1cz\xdc\x86\xc8\xff\xeb{\x1a\xaa\xad{\xdf.\x9b\xbd\a\xb6$\x82\xcc\x12\xac\xe2\xe4C\xa7\xdd\x82;\xa0\xc8Yw\x0f=', 0x100081) signalfd$auto(0xffffffffffffffff, 0x0, 0x8) madvise$auto(0x0, 0xffffffffffff0005, 0x17) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x20f01, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.48' (ED25519) to the list of known hosts. [ 91.979572][ T9] cfg80211: failed to load regulatory.db [ 92.995249][ T5614] cgroup: Unknown subsys name 'net' [ 93.110175][ T5614] cgroup: Unknown subsys name 'cpuset' [ 93.119469][ T5614] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 94.952930][ T5614] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 97.531556][ T5640] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 97.538913][ T5636] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 97.540198][ T5640] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 97.554529][ T5636] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 97.561758][ T5640] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 97.565264][ T5636] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 97.571105][ T5640] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 97.580763][ T5636] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 97.589972][ T5640] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 97.593624][ T5644] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 97.602397][ T5636] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 97.613247][ T5636] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 97.620815][ T5636] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 97.628675][ T5636] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 97.638397][ T5640] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 97.643923][ T5636] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 97.648977][ T5640] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 97.657244][ T5636] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 97.666909][ T5640] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 97.674852][ T5635] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 99.380279][ T5633] bridge0: port 1(bridge_slave_0) entered blocking state [ 99.388211][ T5633] bridge0: port 1(bridge_slave_0) entered disabled state [ 99.395853][ T5633] bridge_slave_0: entered allmulticast mode [ 99.403355][ T5633] bridge_slave_0: entered promiscuous mode [ 99.439715][ T5633] bridge0: port 2(bridge_slave_1) entered blocking state [ 99.447128][ T5633] bridge0: port 2(bridge_slave_1) entered disabled state [ 99.454317][ T5633] bridge_slave_1: entered allmulticast mode [ 99.462617][ T5633] bridge_slave_1: entered promiscuous mode [ 99.552662][ T5634] bridge0: port 1(bridge_slave_0) entered blocking state [ 99.560026][ T5634] bridge0: port 1(bridge_slave_0) entered disabled state [ 99.568299][ T5634] bridge_slave_0: entered allmulticast mode [ 99.575641][ T5634] bridge_slave_0: entered promiscuous mode [ 99.595383][ T5632] bridge0: port 1(bridge_slave_0) entered blocking state [ 99.602576][ T5632] bridge0: port 1(bridge_slave_0) entered disabled state [ 99.609892][ T5632] bridge_slave_0: entered allmulticast mode [ 99.617592][ T5632] bridge_slave_0: entered promiscuous mode [ 99.629854][ T5633] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 99.639947][ T5634] bridge0: port 2(bridge_slave_1) entered blocking state [ 99.647941][ T5634] bridge0: port 2(bridge_slave_1) entered disabled state [ 99.655168][ T5634] bridge_slave_1: entered allmulticast mode [ 99.663211][ T5634] bridge_slave_1: entered promiscuous mode [ 99.681142][ T5632] bridge0: port 2(bridge_slave_1) entered blocking state [ 99.689287][ T5632] bridge0: port 2(bridge_slave_1) entered disabled state [ 99.697257][ T5632] bridge_slave_1: entered allmulticast mode [ 99.704617][ T5632] bridge_slave_1: entered promiscuous mode [ 99.714573][ T5633] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 99.736716][ T5635] Bluetooth: hci3: command tx timeout [ 99.736722][ T4943] Bluetooth: hci0: command tx timeout [ 99.737168][ T4943] Bluetooth: hci1: command tx timeout [ 99.747689][ T5631] bridge0: port 1(bridge_slave_0) entered blocking state [ 99.749669][ T5640] Bluetooth: hci2: command tx timeout [ 99.756729][ T5631] bridge0: port 1(bridge_slave_0) entered disabled state [ 99.773763][ T5631] bridge_slave_0: entered allmulticast mode [ 99.781192][ T5631] bridge_slave_0: entered promiscuous mode [ 99.823642][ T5631] bridge0: port 2(bridge_slave_1) entered blocking state [ 99.831171][ T5631] bridge0: port 2(bridge_slave_1) entered disabled state [ 99.838821][ T5631] bridge_slave_1: entered allmulticast mode [ 99.846396][ T5631] bridge_slave_1: entered promiscuous mode [ 99.878456][ T5634] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 99.903578][ T5632] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 99.915059][ T5633] team0: Port device team_slave_0 added [ 99.924294][ T5634] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 99.951829][ T5632] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 99.963341][ T5633] team0: Port device team_slave_1 added [ 99.985338][ T5631] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 100.029572][ T5631] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 100.063846][ T5634] team0: Port device team_slave_0 added [ 100.083670][ T5632] team0: Port device team_slave_0 added [ 100.090419][ T5633] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 100.097662][ T5633] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 100.123791][ T5633] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 100.138515][ T5633] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 100.145506][ T5633] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 100.171861][ T5633] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 100.184966][ T5634] team0: Port device team_slave_1 added [ 100.204731][ T5632] team0: Port device team_slave_1 added [ 100.238194][ T5631] team0: Port device team_slave_0 added [ 100.280011][ T5631] team0: Port device team_slave_1 added [ 100.299167][ T5632] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 100.306590][ T5632] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 100.332567][ T5632] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 100.344285][ T5634] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 100.351547][ T5634] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 100.377846][ T5634] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 100.413428][ T5632] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 100.420627][ T5632] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 100.447008][ T5632] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 100.458889][ T5634] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 100.466089][ T5634] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 100.492188][ T5634] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 100.515592][ T5631] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 100.522771][ T5631] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 100.548892][ T5631] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 100.584601][ T5633] hsr_slave_0: entered promiscuous mode [ 100.591695][ T5633] hsr_slave_1: entered promiscuous mode [ 100.599298][ T5631] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 100.606548][ T5631] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 100.632961][ T5631] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 100.762602][ T5634] hsr_slave_0: entered promiscuous mode [ 100.769135][ T5634] hsr_slave_1: entered promiscuous mode [ 100.775387][ T5634] debugfs: 'hsr0' already exists in 'hsr' [ 100.781647][ T5634] Cannot create hsr debugfs directory [ 100.793815][ T5631] hsr_slave_0: entered promiscuous mode [ 100.800450][ T5631] hsr_slave_1: entered promiscuous mode [ 100.806836][ T5631] debugfs: 'hsr0' already exists in 'hsr' [ 100.812586][ T5631] Cannot create hsr debugfs directory [ 100.823993][ T5632] hsr_slave_0: entered promiscuous mode [ 100.830560][ T5632] hsr_slave_1: entered promiscuous mode [ 100.837340][ T5632] debugfs: 'hsr0' already exists in 'hsr' [ 100.843109][ T5632] Cannot create hsr debugfs directory [ 101.331869][ T5633] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 101.349579][ T5633] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 101.358040][ T5633] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 101.371438][ T5633] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 101.380221][ T5633] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 101.391228][ T5633] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 101.400960][ T5633] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 101.413101][ T5633] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 101.500146][ T5631] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 101.513440][ T5631] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 101.530448][ T5631] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 101.543725][ T5631] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 101.553522][ T5631] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 101.564966][ T5631] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 101.574005][ T5631] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 101.584854][ T5631] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 101.709188][ T5634] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 101.721356][ T5634] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 101.730594][ T5634] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 101.740903][ T5634] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 101.749936][ T5634] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 101.761196][ T5634] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 101.769546][ T5634] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 101.781645][ T5634] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 101.817209][ T5640] Bluetooth: hci3: command tx timeout [ 101.819239][ T4943] Bluetooth: hci2: command tx timeout [ 101.822749][ T5635] Bluetooth: hci0: command tx timeout [ 101.828117][ T4943] Bluetooth: hci1: command tx timeout [ 101.925139][ T5633] 8021q: adding VLAN 0 to HW filter on device bond0 [ 101.933160][ T5632] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 101.944807][ T5632] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 101.953333][ T5632] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 101.963341][ T5632] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 101.972544][ T5632] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 101.982906][ T5632] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 101.992292][ T5632] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 102.002413][ T5632] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 102.069178][ T5633] 8021q: adding VLAN 0 to HW filter on device team0 [ 102.105828][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 102.113152][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 102.144058][ T5631] 8021q: adding VLAN 0 to HW filter on device bond0 [ 102.161692][ T14] bridge0: port 2(bridge_slave_1) entered blocking state [ 102.168907][ T14] bridge0: port 2(bridge_slave_1) entered forwarding state [ 102.227522][ T5631] 8021q: adding VLAN 0 to HW filter on device team0 [ 102.264227][ T14] bridge0: port 1(bridge_slave_0) entered blocking state [ 102.271475][ T14] bridge0: port 1(bridge_slave_0) entered forwarding state [ 102.297179][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 102.304393][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 102.324591][ T5634] 8021q: adding VLAN 0 to HW filter on device bond0 [ 102.409855][ T5634] 8021q: adding VLAN 0 to HW filter on device team0 [ 102.451392][ T68] bridge0: port 1(bridge_slave_0) entered blocking state [ 102.458646][ T68] bridge0: port 1(bridge_slave_0) entered forwarding state [ 102.495157][ T68] bridge0: port 2(bridge_slave_1) entered blocking state [ 102.502460][ T68] bridge0: port 2(bridge_slave_1) entered forwarding state [ 102.558321][ T5632] 8021q: adding VLAN 0 to HW filter on device bond0 [ 102.664065][ T5632] 8021q: adding VLAN 0 to HW filter on device team0 [ 102.710496][ T68] bridge0: port 1(bridge_slave_0) entered blocking state [ 102.717754][ T68] bridge0: port 1(bridge_slave_0) entered forwarding state [ 102.750114][ T68] bridge0: port 2(bridge_slave_1) entered blocking state [ 102.757356][ T68] bridge0: port 2(bridge_slave_1) entered forwarding state [ 103.573448][ T5633] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 103.679277][ T5631] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 103.725893][ T5633] veth0_vlan: entered promiscuous mode [ 103.777731][ T5633] veth1_vlan: entered promiscuous mode [ 103.808184][ T5634] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 103.895819][ T5640] Bluetooth: hci3: command tx timeout [ 103.901681][ T5636] Bluetooth: hci1: command tx timeout [ 103.901697][ T4943] Bluetooth: hci2: command tx timeout [ 103.902637][ T5631] veth0_vlan: entered promiscuous mode [ 103.909682][ T5635] Bluetooth: hci0: command tx timeout [ 103.963777][ T5631] veth1_vlan: entered promiscuous mode [ 104.000696][ T5633] veth0_macvtap: entered promiscuous mode [ 104.034544][ T5633] veth1_macvtap: entered promiscuous mode [ 104.057750][ T5634] veth0_vlan: entered promiscuous mode [ 104.082289][ T5632] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 104.109970][ T5633] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 104.127002][ T5634] veth1_vlan: entered promiscuous mode [ 104.145259][ T5631] veth0_macvtap: entered promiscuous mode [ 104.158424][ T5633] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 104.183346][ T36] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 104.193359][ T36] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 104.203298][ T5631] veth1_macvtap: entered promiscuous mode [ 104.213981][ T36] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 104.224949][ T36] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 104.318628][ T5631] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 104.345300][ T5631] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 104.399214][ T36] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 104.408308][ T36] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 104.418761][ T5634] veth0_macvtap: entered promiscuous mode [ 104.433417][ T36] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 104.443311][ T36] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 104.455480][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 104.472717][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 104.512037][ T5634] veth1_macvtap: entered promiscuous mode [ 104.540883][ T5632] veth0_vlan: entered promiscuous mode [ 104.554245][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 104.567459][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 104.619562][ T5634] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 104.650954][ T5634] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 104.658994][ T5632] veth1_vlan: entered promiscuous mode [ 104.706151][ T14] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 104.723247][ T14] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 104.746648][ T113] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 104.757249][ T113] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 104.781590][ T5633] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 104.785573][ T113] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 104.807789][ T113] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 104.880526][ T3346] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 104.911078][ T5632] veth0_macvtap: entered promiscuous mode [ 104.912868][ T3346] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 104.973057][ T5632] veth1_macvtap: entered promiscuous mode [ 105.008745][ T5635] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 105.057674][ T5632] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 105.070606][ T5632] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 105.163983][ T5635] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 105.205560][ T3346] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.244266][ T3346] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.268057][ T3346] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.281313][ T113] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 105.312162][ T3346] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.322961][ T113] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 105.370262][ T5635] Bluetooth: hci3: unexpected event 0x06 length: 6 > 3 [ 105.490797][ T3346] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 105.512843][ T3346] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 105.533515][ T5635] Bluetooth: hci0: unexpected event 0x06 length: 6 > 3 [ 105.566251][ T14] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 105.615450][ T14] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 105.690359][ T3346] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 105.705065][ T3346] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 105.976183][ T5635] Bluetooth: hci0: command tx timeout [ 105.976932][ T4943] Bluetooth: hci3: command tx timeout [ 105.981907][ T5635] Bluetooth: hci1: command tx timeout [ 105.988877][ T5642] Bluetooth: hci2: command tx timeout [ 106.139456][ T5790] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 106.206346][ T5789] smpboot: CPU 1 is now offline [ 106.399222][ T4943] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 106.668470][ T5642] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 106.668781][ T5642] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:0' [ 106.668833][ T5642] CPU: 0 UID: 0 PID: 5642 Comm: kworker/u9:5 Not tainted syzkaller #0 PREEMPT(full) [ 106.668861][ T5642] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 106.668880][ T5642] Workqueue: hci0 hci_rx_work [ 106.668923][ T5642] Call Trace: [ 106.668930][ T5642] [ 106.668939][ T5642] dump_stack_lvl+0x100/0x190 [ 106.668973][ T5642] sysfs_warn_dup.cold+0x1c/0x28 [ 106.669010][ T5642] sysfs_create_dir_ns+0x24b/0x2b0 [ 106.669043][ T5642] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 106.669073][ T5642] ? find_held_lock+0x2b/0x80 [ 106.669100][ T5642] ? kobject_add_internal+0x25f/0x930 [ 106.669126][ T5642] ? kobject_add_internal+0x25f/0x930 [ 106.669155][ T5642] ? do_raw_spin_unlock+0x145/0x1e0 [ 106.669181][ T5642] kobject_add_internal+0x2c8/0x930 [ 106.669212][ T5642] kobject_add+0x16a/0x1e0 [ 106.669238][ T5642] ? __pfx_kobject_add+0x10/0x10 [ 106.669263][ T5642] ? class_to_subsys+0x10f/0x150 [ 106.669303][ T5642] ? kobject_put+0xb9/0x640 [ 106.669325][ T5642] ? _raw_spin_unlock+0x28/0x50 [ 106.669362][ T5642] device_add+0x294/0x1970 [ 106.669395][ T5642] ? __pfx_dev_set_name+0x10/0x10 [ 106.669433][ T5642] ? __pfx_device_add+0x10/0x10 [ 106.669466][ T5642] ? mgmt_send_event_skb+0x2fb/0x460 [ 106.669510][ T5642] hci_conn_add_sysfs+0x1a3/0x260 [ 106.669551][ T5642] le_conn_complete_evt+0x11eb/0x1f60 [ 106.669595][ T5642] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 106.669635][ T5642] ? __pfx_bt_warn+0x10/0x10 [ 106.669672][ T5642] ? hci_event_packet+0x186/0xcd0 [ 106.669714][ T5642] hci_le_conn_complete_evt+0x23c/0x3a0 [ 106.669751][ T5642] ? skb_pull_data+0x15f/0x1e0 [ 106.669787][ T5642] hci_le_meta_evt+0x34a/0x5f0 [ 106.669824][ T5642] ? __pfx_hci_le_conn_complete_evt+0x10/0x10 [ 106.669864][ T5642] hci_event_packet+0x51c/0xcd0 [ 106.669900][ T5642] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 106.669939][ T5642] ? __pfx_hci_event_packet+0x10/0x10 [ 106.669977][ T5642] ? kcov_remote_start+0x384/0x670 [ 106.670008][ T5642] ? lockdep_hardirqs_on+0x78/0x100 [ 106.670050][ T5642] hci_rx_work+0x451/0xfc0 [ 106.670090][ T5642] process_one_work+0xa23/0x1940 [ 106.670134][ T5642] ? __pfx_process_one_work+0x10/0x10 [ 106.670175][ T5642] ? __pfx_hci_rx_work+0x10/0x10 [ 106.670213][ T5642] worker_thread+0x5ef/0xe50 [ 106.670256][ T5642] ? kthread+0x13a/0x450 [ 106.670283][ T5642] ? __pfx_worker_thread+0x10/0x10 [ 106.670313][ T5642] kthread+0x370/0x450 [ 106.670341][ T5642] ? __pfx_kthread+0x10/0x10 [ 106.670372][ T5642] ret_from_fork+0x72b/0xd50 [ 106.670400][ T5642] ? __pfx_ret_from_fork+0x10/0x10 [ 106.670428][ T5642] ? __switch_to+0x800/0x10f0 [ 106.670461][ T5642] ? __switch_to_asm+0x39/0x70 [ 106.670493][ T5642] ? __pfx_kthread+0x10/0x10 [ 106.670524][ T5642] ret_from_fork_asm+0x1a/0x30 [ 106.670570][ T5642] [ 106.671083][ T5642] kobject: kobject_add_internal failed for hci0:0 with -EEXIST, don't try to register things with the same name in the same directory. [ 106.671119][ T5642] Bluetooth: hci0: failed to register connection device [ 106.916242][ T5642] Bluetooth: hci1: unexpected event 0x06 length: 6 > 3 [ 107.026374][ T5642] Bluetooth: hci0: unexpected event 0x06 length: 6 > 3 [ 107.418596][ T5640] ------------[ cut here ]------------ [ 107.418640][ T5640] refcnt < 0 [ 107.418649][ T5640] WARNING: net/bluetooth/hci_conn.c:631 at hci_conn_timeout+0x16a/0x230, CPU#0: kworker/u9:4/5640 [ 107.418693][ T5640] Modules linked in: [ 107.418724][ T5640] CPU: 0 UID: 0 PID: 5640 Comm: kworker/u9:4 Not tainted syzkaller #0 PREEMPT(full) [ 107.418752][ T5640] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 107.418769][ T5640] Workqueue: hci3 hci_conn_timeout [ 107.418794][ T5640] RIP: 0010:hci_conn_timeout+0x16a/0x230 [ 107.418821][ T5640] Code: 44 0f b6 2d 5b cf 70 06 31 ff 41 83 e5 40 44 89 ee e8 ea 2e 5c f7 45 84 ed 0f 84 02 ff ff ff e9 f0 64 c4 f6 e8 c7 34 5c f7 90 <0f> 0b 90 e8 be 34 5c f7 48 8d bb fd f5 ff ff 48 b8 00 00 00 00 00 [ 107.418844][ T5640] RSP: 0000:ffffc90004387c18 EFLAGS: 00010293 [ 107.418869][ T5640] RAX: 0000000000000000 RBX: ffff88807b1e8a40 RCX: ffffffff8aacf67f [ 107.418886][ T5640] RDX: ffff88807f741f00 RSI: ffffffff8aacf779 RDI: ffff88807f741f00 [ 107.418902][ T5640] RBP: 00000000ffffffff R08: 0000000000000005 R09: 0000000000000000 [ 107.418917][ T5640] R10: 00000000ffffffff R11: 000000000000756b R12: ffff88807b1e8000 [ 107.418933][ T5640] R13: ffff88807f7423c4 R14: ffffffff91227e44 R15: 0000000000000000 [ 107.418949][ T5640] FS: 0000000000000000(0000) GS:ffff888123df5000(0000) knlGS:0000000000000000 [ 107.418972][ T5640] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 107.418988][ T5640] CR2: 00007f80d26ddf88 CR3: 0000000020f58000 CR4: 00000000003526f0 [ 107.419004][ T5640] Call Trace: [ 107.419012][ T5640] [ 107.419024][ T5640] process_one_work+0xa23/0x1940 [ 107.419070][ T5640] ? __pfx_process_one_work+0x10/0x10 [ 107.419111][ T5640] ? __pfx_hci_conn_timeout+0x10/0x10 [ 107.419140][ T5640] worker_thread+0x5ef/0xe50 [ 107.419180][ T5640] ? __pfx_worker_thread+0x10/0x10 [ 107.419213][ T5640] ? kthread+0x13a/0x450 [ 107.419241][ T5640] ? __pfx_worker_thread+0x10/0x10 [ 107.419271][ T5640] kthread+0x370/0x450 [ 107.419299][ T5640] ? __pfx_kthread+0x10/0x10 [ 107.419330][ T5640] ret_from_fork+0x72b/0xd50 [ 107.419359][ T5640] ? __pfx_ret_from_fork+0x10/0x10 [ 107.419385][ T5640] ? rcu_is_watching+0x12/0xc0 [ 107.419412][ T5640] ? __switch_to+0x800/0x10f0 [ 107.419447][ T5640] ? __switch_to_asm+0x39/0x70 [ 107.419479][ T5640] ? __pfx_kthread+0x10/0x10 [ 107.419510][ T5640] ret_from_fork_asm+0x1a/0x30 [ 107.419562][ T5640] [ 107.419577][ T5640] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 107.419591][ T5640] CPU: 0 UID: 0 PID: 5640 Comm: kworker/u9:4 Not tainted syzkaller #0 PREEMPT(full) [ 107.419617][ T5640] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 107.419632][ T5640] Workqueue: hci3 hci_conn_timeout [ 107.419658][ T5640] Call Trace: [ 107.419666][ T5640] [ 107.419674][ T5640] dump_stack_lvl+0x100/0x190 [ 107.419700][ T5640] vpanic+0x552/0x970 [ 107.419722][ T5640] ? __pfx_vpanic+0x10/0x10 [ 107.419752][ T5640] panic+0xd1/0xe0 [ 107.419773][ T5640] ? __pfx_panic+0x10/0x10 [ 107.419804][ T5640] ? check_panic_on_warn+0x1f/0x90 [ 107.419838][ T5640] check_panic_on_warn.cold+0x19/0x34 [ 107.419863][ T5640] ? hci_conn_timeout+0x16a/0x230 [ 107.419886][ T5640] __warn.cold+0x191/0x318 [ 107.419912][ T5640] __report_bug+0x30f/0x440 [ 107.419946][ T5640] ? hci_conn_timeout+0x16a/0x230 [ 107.419972][ T5640] ? __pfx___report_bug+0x10/0x10 [ 107.420010][ T5640] ? add_lock_to_list+0x99/0x110 [ 107.420043][ T5640] ? check_prev_add+0x354/0xe60 [ 107.420077][ T5640] ? hci_conn_timeout+0x16a/0x230 [ 107.420102][ T5640] report_bug+0xb2/0x220 [ 107.420135][ T5640] ? hci_conn_timeout+0x16a/0x230 [ 107.420159][ T5640] handle_bug+0x16a/0x2a0 [ 107.420181][ T5640] exc_invalid_op+0x17/0x50 [ 107.420204][ T5640] asm_exc_invalid_op+0x1a/0x20 [ 107.420226][ T5640] RIP: 0010:hci_conn_timeout+0x16a/0x230 [ 107.420251][ T5640] Code: 44 0f b6 2d 5b cf 70 06 31 ff 41 83 e5 40 44 89 ee e8 ea 2e 5c f7 45 84 ed 0f 84 02 ff ff ff e9 f0 64 c4 f6 e8 c7 34 5c f7 90 <0f> 0b 90 e8 be 34 5c f7 48 8d bb fd f5 ff ff 48 b8 00 00 00 00 00 [ 107.420272][ T5640] RSP: 0000:ffffc90004387c18 EFLAGS: 00010293 [ 107.420290][ T5640] RAX: 0000000000000000 RBX: ffff88807b1e8a40 RCX: ffffffff8aacf67f [ 107.420305][ T5640] RDX: ffff88807f741f00 RSI: ffffffff8aacf779 RDI: ffff88807f741f00 [ 107.420320][ T5640] RBP: 00000000ffffffff R08: 0000000000000005 R09: 0000000000000000 [ 107.420334][ T5640] R10: 00000000ffffffff R11: 000000000000756b R12: ffff88807b1e8000 [ 107.420349][ T5640] R13: ffff88807f7423c4 R14: ffffffff91227e44 R15: 0000000000000000 [ 107.420371][ T5640] ? hci_conn_timeout+0x6f/0x230 [ 107.420394][ T5640] ? hci_conn_timeout+0x169/0x230 [ 107.420421][ T5640] ? hci_conn_timeout+0x169/0x230 [ 107.420447][ T5640] process_one_work+0xa23/0x1940 [ 107.420489][ T5640] ? __pfx_process_one_work+0x10/0x10 [ 107.420529][ T5640] ? __pfx_hci_conn_timeout+0x10/0x10 [ 107.420564][ T5640] worker_thread+0x5ef/0xe50 [ 107.420602][ T5640] ? __pfx_worker_thread+0x10/0x10 [ 107.420635][ T5640] ? kthread+0x13a/0x450 [ 107.420661][ T5640] ? __pfx_worker_thread+0x10/0x10 [ 107.420691][ T5640] kthread+0x370/0x450 [ 107.420718][ T5640] ? __pfx_kthread+0x10/0x10 [ 107.420748][ T5640] ret_from_fork+0x72b/0xd50 [ 107.420774][ T5640] ? __pfx_ret_from_fork+0x10/0x10 [ 107.420800][ T5640] ? rcu_is_watching+0x12/0xc0 [ 107.420825][ T5640] ? __switch_to+0x800/0x10f0 [ 107.420858][ T5640] ? __switch_to_asm+0x39/0x70 [ 107.420888][ T5640] ? __pfx_kthread+0x10/0x10 [ 107.420918][ T5640] ret_from_fork_asm+0x1a/0x30 [ 107.420963][ T5640] [ 107.421033][ T5640] Kernel Offset: disabled