last executing test programs: 2m35.585348826s ago: executing program 2 (id=4649): sendmsg$auto_NL802154_CMD_SET_WPAN_PHY_NETNS(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x80}, 0x0) process_madvise$auto_PIDFD_SELF_THREAD(0xffffffffffffd8f0, &(0x7f0000000140)={&(0x7f0000000280)="7f8443", 0x55}, 0x6, 0x2, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x61, 0x100001000000003, 0x9b72, 0x2, 0x8) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/fs/ext4/sda1/last_trim_minblks\x00', 0x2400, 0x0) mmap$auto(0x0, 0x2020009, 0x6, 0x800000000000eb1, 0xffffffffffffffff, 0x8000) close_range$auto(0x2, 0xa, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x1, 0x4, 0x7b) get_robust_list$auto(0x0, 0x0, 0x0) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000100)='/proc/thread-self/fail-nth\x00', 0x181400, 0x0) write$auto(r1, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) setsockopt$auto(0x3, 0x10f, 0x87, 0x0, 0x14) close_range$auto(0x2, 0x8000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'lo\x00'}) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/block/zram0/algorithm_params\x00', 0xa001, 0x0) write$auto(r4, &(0x7f0000000000)='\"\x81=\xe2\xad\xff\xf1y\xb3\x1d]\n\xcf\xfa\xee@\"', 0x81) bpf$auto(0x100000, &(0x7f0000000040)=@bpf_attr_5={@target_fd, 0x7f, 0x99, 0x8, 0x1, @relative_id=0x8, 0x8}, 0x92) bpf$auto(0x4, &(0x7f00000001c0)=@bpf_attr_3={0x5, 0x6, 0x272, 0x7, 0x3, 0x0, 0x5, 0x31, 0xd, "6326bcc7c57ffed984639b375ee8d538", 0x0, 0x3, r2, 0x0, 0x6, 0xd, 0x3ffffffc, 0x9, 0x2, 0x7f, @attach_prog_fd, 0xce51, 0x8, 0x209, 0x92c, 0x1}, 0xc) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0xffff, 0x3, 0x401) madvise$auto(0x0, 0xffffffffffff0001, 0x15) gettimeofday$auto(&(0x7f00000000c0)={0x0, 0x4c}, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f00000000c0)=""/7, 0x7) io_uring_setup$auto(0x1, 0x0) sendmmsg$auto(r5, &(0x7f0000000080)={{0x0, 0x9, 0x0, 0x1, 0x0, 0x2, 0x8}, 0xacc}, 0x0, 0x10000) close_range$auto(0x2, 0xa, 0x0) 2m35.076212665s ago: executing program 2 (id=4651): r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) r2 = openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000002940)='/dev/fb0\x00', 0x841, 0x0) openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, &(0x7f0000000000), 0x40000, 0x0) openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, 0x0, 0x191000, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/tracing/trace_pipe\x00', 0x20c01, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D3\x00', 0x1, 0x0) select$auto(0x9, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x0, 0x15f4da07, 0x6, 0x10, 0x64, 0x80000020, 0x1000, 0xb, 0x9, 0x2, 0x8]}, 0x0) pwrite64$auto(r2, 0x0, 0x8, 0x400000000000000) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) getpid() openat$auto_drm_debugfs_entry_fops_drm_debugfs(0xffffffffffffff9c, 0x0, 0x503083, 0x0) syz_genetlink_get_family_id$auto_mac80211_hwsim(0x0, 0xffffffffffffffff) unshare$auto(0x40000080) r3 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/driver/nvram\x00', 0xa502, 0x0) read$auto_proc_iter_file_ops_compat_inode(r3, &(0x7f00000001c0)=""/213, 0xd5) (fail_nth: 1) r4 = socket(0x10, 0x2, 0x0) r5 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1e00df45"], 0x1ac}}, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r5, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x8001}, 0x40000) recvmmsg$auto(r5, &(0x7f0000000100)={{0x0, 0x3, &(0x7f0000000080)={&(0x7f0000000040), 0xcb}, 0x3, 0x0, 0x80000002, 0x6}, 0x9}, 0x7, 0x6, 0x0) bind$auto(r1, &(0x7f0000000140)=@in={0x2, 0x4e24, @rand_addr=0x64010100}, 0x40000c) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYRES64=r3, @ANYBLOB="1c001b"], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x24004010}, 0x0) sendmmsg$auto(r4, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000380), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x8) openat$auto_mousedev_fops_mousedev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/input/mouse0\x00', 0x2000, 0x0) 2m33.472415676s ago: executing program 2 (id=4656): openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) unshare$auto(0x40000080) listen$auto(0x3, 0x81) mmap$auto(0x0, 0x2020009, 0xffffffffffffffff, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) statx$auto(0x2, 0x0, 0x1000, 0x8, 0x0) open(&(0x7f0000000140)='./file0\x00', 0x4000, 0x124) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) madvise$auto(0x0, 0x2003f2, 0x15) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ovs_meter(&(0x7f0000003040), 0xffffffffffffffff) sendmsg$auto_OVS_METER_CMD_SET(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003200)={&(0x7f0000000480)={0x20, r1, 0x159198c6007aa95d, 0x70bd29, 0x25dfdbfc, {}, [@OVS_METER_ATTR_KBPS={0x4}, @OVS_METER_ATTR_ID={0x8, 0x1, 0x5}]}, 0x20}, 0x1, 0x0, 0x0, 0xc0}, 0x40) openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000180), 0x4000, 0x0) syz_genetlink_get_family_id$auto_smbd_genl(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$auto_KSMBD_EVENT_SPNEGO_AUTHEN_REQUEST(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/net/sit0/ifindex\x00', 0x80000, 0x0) read$auto(r2, 0x0, 0x20) r3 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x202, 0x0) writev$auto(r3, &(0x7f0000000200)={0x0, 0x7}, 0x2) mmap$auto(0x0, 0x8000, 0x3, 0xeb1, 0xfffffffffffffffa, 0x10000000008000) r4 = openat$auto_ftrace_subsystem_filter_fops_trace_events(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/kernel/tracing/events/vmalloc/filter\x00', 0x400, 0x0) setsockopt$auto_SO_PREFER_BUSY_POLL(r4, 0x182, 0x45, 0x0, 0x5) r5 = openat$auto_userio_fops_userio(0xffffffffffffff9c, 0x0, 0x102001, 0x0) pwrite64$auto(r5, 0x0, 0x2, 0x0) 2m31.809192668s ago: executing program 2 (id=4660): r0 = socket(0x2, 0x1, 0x106) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'netdevsim0\x00', 0x0}) (async) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = landlock_create_ruleset$auto(&(0x7f0000000140)={0xdaa0, 0x1, 0x9}, 0x9, 0x0) r4 = syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f00000000c0), r2) sendmsg$auto_OVS_FLOW_CMD_DEL(r3, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10008080}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)={0x28, r4, 0x300, 0x70bd29, 0x25dfdbfe, {}, [@OVS_FLOW_ATTR_MASK={0x4}, @OVS_FLOW_ATTR_MASK={0xc, 0x7, 0x0, 0x1, [@typed={0x8, 0x15, 0x0, 0x0, @ipv4=@broadcast}]}, @OVS_FLOW_ATTR_CLEAR={0x4}]}, 0x28}, 0x1, 0x0, 0x0, 0x4c850}, 0x4000010) landlock_restrict_self$auto(r3, 0x3) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/pci0000:00/0000:00:04.0/numa_node\x00', 0x1a3b02, 0x0) (async) r5 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_FEC_SET(r2, &(0x7f00000008c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000003d40)={0x28, r5, 0x1, 0x70bd2d, 0x25dfdbfb, {}, [@ETHTOOL_A_FEC_AUTO={0x5, 0x3, 0x1}, @ETHTOOL_A_FEC_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r1}]}]}, 0x28}, 0x1, 0x0, 0x0, 0x80}, 0xac8fe2812c65ec00) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) (async) close_range$auto(0x2, 0x8, 0x0) (async) socket(0x2, 0x80002, 0x73) (async) socket(0xa, 0x1, 0x84) (async) setsockopt$auto(0x3, 0x10000000084, 0x79, 0x0, 0x90) 2m31.700790054s ago: executing program 2 (id=4661): mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) close_range$auto(0x2, 0x8, 0x0) openat$auto_uprobe_events_ops_trace_uprobe(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/tracing/uprobe_events\x00', 0x2102, 0x0) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/controlC2\x00', 0x2584, 0x0) ioctl$auto(0x3, 0x40045542, 0xb551) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x80102, 0x0) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) 2m30.828708693s ago: executing program 2 (id=4665): r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) r2 = openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000002940)='/dev/fb0\x00', 0x841, 0x0) openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, &(0x7f0000000000), 0x40000, 0x0) openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, 0x0, 0x191000, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/tracing/trace_pipe\x00', 0x20c01, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D3\x00', 0x1, 0x0) select$auto(0x9, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x0, 0x15f4da07, 0x6, 0x10, 0x64, 0x80000020, 0x1000, 0xb, 0x9, 0x2, 0x8]}, 0x0) pwrite64$auto(r2, 0x0, 0x8, 0x400000000000000) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) getpid() openat$auto_drm_debugfs_entry_fops_drm_debugfs(0xffffffffffffff9c, 0x0, 0x503083, 0x0) syz_genetlink_get_family_id$auto_mac80211_hwsim(0x0, 0xffffffffffffffff) unshare$auto(0x40000080) r3 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/driver/nvram\x00', 0xa502, 0x0) read$auto_proc_iter_file_ops_compat_inode(r3, &(0x7f00000001c0)=""/213, 0xd5) r4 = socket(0x10, 0x2, 0x0) r5 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1e00df45"], 0x1ac}}, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r5, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x8001}, 0x40000) recvmmsg$auto(r5, &(0x7f0000000100)={{0x0, 0x3, &(0x7f0000000080)={&(0x7f0000000040), 0xcb}, 0x3, 0x0, 0x80000002, 0x6}, 0x9}, 0x7, 0x6, 0x0) bind$auto(r1, &(0x7f0000000140)=@in={0x2, 0x4e24, @rand_addr=0x64010100}, 0x40000c) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYRES64=r3, @ANYBLOB="1c001b"], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x24004010}, 0x0) sendmmsg$auto(r4, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000380), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x8) openat$auto_mousedev_fops_mousedev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/input/mouse0\x00', 0x2000, 0x0) 2m30.325851414s ago: executing program 0 (id=4669): socket(0x26, 0x80805, 0x0) semctl$auto_IPC_INFO(0x80000000, 0xd, 0x3, 0x7fffffffffffffff) dup2$auto(0x0, 0x3) 2m30.212345259s ago: executing program 0 (id=4671): r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) socket(0xa, 0x801, 0x84) openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, 0x0, 0x1c1041, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000002940)='/dev/fb0\x00', 0x841, 0x0) openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, &(0x7f0000000000), 0x40000, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D3\x00', 0x1, 0x0) select$auto(0x9, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x0, 0x15f4da07, 0x6, 0x10, 0x64, 0x80000020, 0x1000, 0xb, 0x9, 0x2, 0x8]}, 0x0) sysfs$auto(0x2, 0x3d, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x8000000000001fd, 0x20000000007, 0x1, 0xbc3, 0x0, 0x3, 0x5, 0x10001, 0x400000000003, 0x5, 0xffffffffffffffff, 0xfffffffffffffffe, 0x6, 0x9, 0xffffffffffffff81, 0x4]}, 0x0) 2m29.333016445s ago: executing program 0 (id=4676): openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0xa2102, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NL80211_CMD_GET_REG(r0, 0x0, 0x14) io_uring_setup$auto(0xe, 0x0) r1 = bpf$auto(0x12, 0x0, 0x26) mmap$auto(0x0, 0x400005, 0xe2, 0x9b72, 0x2, 0x8000) io_uring_setup$auto(0x999, 0x0) ustat$auto(0x801, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x155) socket(0x2, 0x2, 0x0) r2 = socket(0x2, 0x1, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x155) socket(0x2, 0x1, 0x106) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0xffff, @remote}, 0x6a) r3 = socket(0x2, 0x1, 0x106) listen$auto(0x3, 0x81) sendmmsg$auto(r2, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x5, 0x20000000) sendmsg$auto_NETDEV_CMD_DEV_GET(r3, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20004091}, 0x800) read$auto(r1, 0x0, 0x9) writev$auto(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x7}, 0x3) unshare$auto(0x40000080) openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, 0x0, 0x8202, 0x0) mlock2$auto(0x1, 0x8001, 0x0) 2m28.333120208s ago: executing program 0 (id=4678): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/conf/veth1_to_team/rp_filter\x00', 0x141241, 0x0) r2 = open(&(0x7f0000000140)='./cgroup.cpu/cgroup.procs\x00', 0x80400, 0xb5d1af1605322ddc) r3 = open_by_handle_at$auto(r2, &(0x7f0000001280)={0x8, 0x2, "0200000000000000"}, 0x6) read$auto_ctl_device_fops_user(r3, &(0x7f0000000000)=""/53, 0x35) mmap$auto(0x0, 0x7, 0x871, 0x15, r0, 0x1) mmap$auto(0x2d, 0x4020009, 0xdf, 0xeb3, 0x401, 0x8000) statmount$auto(0x0, &(0x7f0000000180)={0x28, 0x1, 0x9, 0x3, 0x7f, 0x93e, 0x1fee1, 0x3, 0x6, 0xfffffffffffffffe, 0x9, 0x5, 0x8005, 0x7, 0x400000b0, 0x9, 0x5, 0x13, 0x8, 0x4, 0x10, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, [0x2, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x5, 0x1, 0x0, 0x0, 0xfffffffffffffffb, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x60b7, 0x7fffffff, 0x0, 0x0, 0xfffffffffffe, 0xffffeffffffffffc, 0x0, 0x7fffffffffff, 0x0, 0x3, 0x23c, 0x200, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1]}, 0x1fe, 0x82) close_range$auto(0x2, 0x8, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x4800, 0x0) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, 0x0, 0x1, 0x0) socket(0xa, 0x2, 0x73) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000480)='/sys/module/zswap/parameters/compressor\x00', 0x80002, 0x0) write$auto_ocfs2_control_fops_stack_user(r4, 0x0, 0x0) r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/module/kvm/parameters/nx_huge_pages\x00', 0x80302, 0x0) sendfile$auto(r5, r5, 0x0, 0x400000000004) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dsp1\x00', 0x682, 0x0) ioctl$auto_SOUND_MIXER_READ_STEREODEVS2(r7, 0x80044dfb, 0x0) syz_genetlink_get_family_id$auto_l2tp(0x0, 0xffffffffffffffff) sendmsg$auto_L2TP_CMD_TUNNEL_CREATE(r6, 0x0, 0x0) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) r8 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x0) sendmmsg$auto(r8, &(0x7f0000000200)={{0x0, 0x2000000, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x4008) write$auto_proc_sys_file_operations_proc_sysctl(r1, 0x0, 0x0) openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f0000000000)='/dev/usbmon30\x00', 0x20880, 0x0) socket(0x2b, 0x1, 0x0) select$auto(0x804, 0x0, &(0x7f0000000100)={[0x9, 0x4, 0x2, 0x80000300, 0x2, 0x40000000ffffffd, 0x2, 0x8, 0x81, 0x10000005e58296b, 0x1e, 0x9, 0x7ff, 0x7, 0x20000000008, 0x4000000000007]}, 0x0, 0x0) 2m28.049737323s ago: executing program 0 (id=4681): openat$auto_proc_page_owner_threshold_(0xffffffffffffff9c, &(0x7f0000000000), 0x5eb080, 0x0) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) r0 = socket(0x10, 0x2, 0x0) sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB="0700000000000000df250a"], 0x14}, 0x1, 0x0, 0x0, 0x20008000}, 0x10004010) syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB, @ANYBLOB="1a00"], 0x1ac}}, 0x40000) sendmsg$auto_NL802154_CMD_GET_WPAN_PHY(0xffffffffffffffff, 0x0, 0x64810) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x20000800) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0x1}, 0x1, 0x0, 0x2, 0x9}, 0x7}, 0x3, 0x0) recvmmsg$auto(r0, &(0x7f0000000100)={{0x0, 0x4, &(0x7f0000000080)={&(0x7f0000000040), 0xcb}, 0x3, 0x0, 0x80000000, 0x6}, 0x9}, 0x7, 0x6, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB='\a'], 0x14}, 0x1, 0x0, 0x0, 0x20008000}, 0x10004010) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1a00"], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="19"], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c03, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 2m27.794777485s ago: executing program 0 (id=4683): mmap$auto(0x0, 0x20009, 0x4000000000e0, 0xeb1, 0xffffffffffffffff, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) bind$auto(0x3, &(0x7f0000000000)=@generic={0x10, "a500acb75c9cedd1b5e9a0d76293"}, 0x68) r0 = openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim2/health/break_health\x00', 0x48081, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000480)='/sys/devices/virtual/net/bond0/bonding/arp_ip_target\x00', 0xa0002, 0x0) write$auto_ocfs2_control_fops_stack_user(r1, &(0x7f0000003900)='\t', 0x1) write$auto(r0, &(0x7f0000000080)=')@-!\x00', 0x1e1) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) socket(0x2b, 0x1, 0x1) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x3ff, 0x9, 0x5, 0x14, 0x944, 0x1ffe4, 0x3, 0x6, 0x4, 0x9, 0x400005, 0x4000fff, 0x8000007, 0x8001, 0xd, 0x5, 0x3, 0x4, 0x7, 0x20, 0x309, 0x8, 0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x78, 0x0, 0x0, [0x0, 0x0, 0x0, 0x200, 0x9, 0x0, 0x0, 0x4, 0xffffffffffffffff, 0x0, 0x0, 0x4000000000000, 0x2000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x82, 0x800000000002, 0x9, 0x0, 0xbec, 0x0, 0x0, 0xe, 0x0, 0x0, 0xf16, 0x0, 0x2, 0x0, 0x10, 0xfffffffffffffffe, 0xffffffffffffd059, 0x0, 0x0, 0x0, 0x2961, 0x0, 0x2]}, 0x2001fb, 0x7f) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x24000840}, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r2, &(0x7f0000000200)={{0x0, 0x1f00, &(0x7f0000000100)={0x0, 0xfdef}, 0x2, 0x0, 0x7, 0xa505}, 0x700}, 0x7, 0x4008) ioctl$auto_SW_SYNC_IOC_CREATE_FENCE(0xffffffffffffffff, 0xc0285700, &(0x7f0000000040)={0x2, "f74d086d6600f5daa47fca1f1a0730a2f629350000000000000008600418af10"}) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r3 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/net/ipv4/neigh/vlan1/base_reachable_time\x00', 0x40400, 0x0) read$auto(r3, 0x0, 0x1ff) writev$auto(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x7}, 0x3) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000340), 0xffffffffffffffff) sendmsg$auto_NFSD_CMD_THREADS_SET(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000200)={0x24, r5, 0x1, 0x70bd2c, 0x25dfdbfd, {}, [@NFSD_A_SERVER_LEASETIME={0x8, 0x3, 0x85}, @NFSD_A_SERVER_THREADS={0x8, 0x1, 0x2}]}, 0x24}}, 0x4000) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000140)='/dev/v4l-subdev5\x00', 0x280600, 0x0) sendmsg$auto_NL80211_CMD_NOTIFY_RADAR(0xffffffffffffffff, 0x0, 0x4) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x4, 0x0) seccomp$auto(0x1, 0x0, &(0x7f0000000100)="740fb5dc698e7ba7e41f") r6 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r6, 0x0, 0x20) 2m26.022121683s ago: executing program 3 (id=4691): r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) socket(0xa, 0x801, 0x84) bind$auto(r0, &(0x7f0000000040)=@can, 0x81) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) setsockopt$auto(0x3, 0x10000000084, 0xd, 0x0, 0x8) r1 = openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f0000000140)='/dev/cuse\x00', 0x1c1041, 0x0) write$auto_fuse_dev_operations_fuse_i(r1, &(0x7f0000000440)="11000000020000000000000000", 0xd) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000002940)='/dev/fb0\x00', 0x841, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x2242, 0x0) openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, &(0x7f0000000000), 0x40000, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/tracing/trace_pipe\x00', 0x20c01, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D3\x00', 0x1, 0x0) select$auto(0x9, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x0, 0x15f4da07, 0x6, 0x10, 0x64, 0x80000020, 0x1000, 0xb, 0x9, 0x2, 0x8]}, 0x0) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) sysfs$auto(0x2, 0x3d, 0x0) r3 = fsopen$auto(0x0, 0x1) fsconfig$auto(r3, 0x8, 0x0, 0x0, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x8000000000001fd, 0x20000000007, 0x1, 0xbc3, 0x0, 0x3, 0x5, 0x10001, 0x400000000003, 0x5, 0xffffffffffffffff, 0xfffffffffffffffe, 0x6, 0x9, 0xffffffffffffff81, 0x4]}, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x7, 0xc, 0x940, 0x1ffde, 0x7, 0x6, 0x3ff, 0x9, 0x1, 0x2, 0x7, 0x9, 0x8, 0x8, 0x407, 0x5, 0x7, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xe3a]}, 0x400, 0x81) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="f2000000", @ANYBLOB='p\x00', @ANYRES16], 0x1ac}, 0x1, 0x0, 0x0, 0x24040840}, 0x0) ioctl$auto_SNDRV_RAWMIDI_IOCTL_DRAIN(r2, 0x40045731, &(0x7f0000000040)=0x3) 2m24.82383774s ago: executing program 3 (id=4693): openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f0000000000)='/dev/usbmon33\x00', 0x121200, 0x0) set_mempolicy$auto(0x2, &(0x7f0000000080)=0x7e, 0x4) mmap$auto(0x0, 0xa00006, 0x2, 0x40eb1, 0x602, 0x300000000000) mmap$auto(0x0, 0x4000002, 0xfffffffffffffe01, 0x8051, 0x3, 0x0) r0 = syz_clone(0x5004000, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) openat$auto_drm_debugfs_entry_fops_drm_debugfs(0xffffffffffffff9c, 0x0, 0x503083, 0x0) syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$auto_HWSIM_CMD_NEW_RADIO(0xffffffffffffffff, 0x0, 0x40800) getcwd$auto(&(0x7f0000000000)='\x00', 0xc0000000000000) unshare$auto(0x40000080) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/usbmon0\x00', 0x0, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000640), r3) sendmsg$auto_NL80211_CMD_RELOAD_REGDB(r3, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f00000000c0)={&(0x7f0000001300)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="05082dbd7000fbdbdf257e0000000800db00ab29dc931f0e02b7745be74fb8e8255f614f85f94bc5ef8facda4b1cb3e135ef23203752a9a06f5adc02fe10fd6059eb5ec860fbb39453d7ba92bd5a73e0e45ce2d585cccf203901d41ed36536bffcadc5fa27dbe72d209b4c922ee03aba35fb65731b21d405c9def0", @ANYRES32, @ANYBLOB], 0x1c}, 0x1, 0x0, 0x0, 0x4004044}, 0x8000) sendmsg$auto_NL80211_CMD_ADD_TX_TS(0xffffffffffffffff, &(0x7f00000012c0)={&(0x7f0000001100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000001280)={&(0x7f0000001140)={0x108, r4, 0x8, 0x70bd27, 0x25dfdbfd, {}, [@NL80211_ATTR_FRAME_TYPE={0x6, 0x65, 0x9}, @NL80211_ATTR_MLO_RECONF_REM_LINKS={0x6, 0x14f, 0x9}, @NL80211_ATTR_STA_SUPPORTED_RATES={0x17, 0x13, "13c366f9244357d432f6e44cc4bf4e5878fe5d"}, @NL80211_ATTR_WIPHY_NAME={0x8, 0x2, '/${\x00'}, @NL80211_ATTR_AP_ISOLATE={0x5, 0x60, 0x8}, @NL80211_ATTR_P2P_OPPPS={0x5, 0xa3, 0x2}, @NL80211_ATTR_HT_CAPABILITY={0x45, 0x1f, "ff8ddbe0dca3a0c40b31575a0fc89a052ad1070f85525f215dde201061c7ecbce4e876ab8d9dd571ee3b51789e3654f47243f6e34471afffdadef51ab57ef583e9"}, @NL80211_ATTR_WOWLAN_TRIGGERS={0x5c, 0x75, 0x0, 0x1, [@generic="ba6aeb15a3f761572ca4eb336e5dfaa39a4e112524144c26d5a6468d0f3a3919ee7a2bf863f683c121bc3b2170c49b100b274baaf7e35af6d0f2356f99129b14dfb3c040f557f81b", @typed={0x8, 0x138, 0x0, 0x0, @u32=0x400}, @typed={0x8, 0xe6, 0x0, 0x0, @fd=r1}]}, @NL80211_ATTR_TDLS_OPERATION={0x5, 0x8a, 0x8}, @NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI={0x5, 0xf6, 0x7}]}, 0x108}, 0x1, 0x0, 0x0, 0x91}, 0x10) ioctl$auto_MON_IOCX_MFETCH(r2, 0xc0109207, 0x0) ioctl$auto_MON_IOCX_MFETCH(r2, 0xc0109207, 0x0) mlockall$auto(0x7) mprotect$auto(0x0, 0x806121, 0x6) bpf$auto(0x5, &(0x7f0000000080)=@bpf_attr_7={@prog_id=0xc, 0x92f1, 0x4}, 0xa) ptrace$auto(0x10, r0, 0x2, 0x1007ff) ptrace$auto_PTRACE_SETREGSET(0x4205, r0, 0x2, 0x9193) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) flock$auto(0xffffffffffffffff, 0x1) 2m23.708121656s ago: executing program 3 (id=4696): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0x8, 0x8000) unshare$auto(0x40000080) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event1\x00', 0x34d802, 0x0) getsockopt$auto_SO_BROADCAST(r0, 0x3, 0x6, &(0x7f0000000040)='/dev/kvm\x00', 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) mmap$auto(0x1, 0xe983, 0xdf, 0xeb1, 0x401, 0x5000) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r1, 0x0, 0x20) r2 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, 0x0, 0x802, 0x0) writev$auto(r2, &(0x7f0000000200)={0x0, 0x7}, 0x3) socket$nl_generic(0x10, 0x3, 0x10) bpf$auto(0xa69, 0x0, 0x4) socket(0x2c, 0x1, 0x100) unshare$auto(0x40000080) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/virtual/graphics/fbcon/cursor_blink\x00', 0x0, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r3, &(0x7f0000000100)=""/186, 0xba) r4 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) syz_open_procfs$namespace(r4, &(0x7f0000000340)='ns/ipc\x00') timer_settime$auto(0x0, 0xb746, &(0x7f0000000000)={{0x4d4, 0x2}, {0xfe, 0x4}}, 0x0) r5 = socket(0xa, 0x5, 0x84) r6 = syz_genetlink_get_family_id$auto_smc_gen_netlink(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_SMC_NETLINK_DISABLE_SEID(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB="14000000", @ANYRES16=r6, @ANYBLOB="013b"], 0x14}, 0x1, 0x0, 0x0, 0x880}, 0x810) sendmsg$auto_SMC_NETLINK_ADD_UEID(r5, &(0x7f00000000c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000080)={0x0, 0x138}, 0x1, 0x0, 0x0, 0x4040001}, 0x81) setsockopt$auto(0x400000000000003, 0x29, 0x6, 0x0, 0x3) sendto$auto(r5, 0x0, 0x401, 0x101, &(0x7f0000000000)=@generic={0xa, "1990b5fffff400"}, 0x1f) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) 2m23.514565502s ago: executing program 3 (id=4697): syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000600), 0xffffffffffffffff) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) r0 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x48402, 0x0) read$auto(r0, 0x0, 0x7) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_ftrace_set_event_notrace_pid_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/tracing/set_event_notrace_pid\x00', 0x102, 0x0) openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dri/card0\x00', 0x843, 0x0) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000100)='/proc/thread-self/fail-nth\x00', 0x38b780, 0x0) write$auto(r1, 0x0, 0x8000000000000001) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sendmsg$auto_GTP_CMD_ECHOREQ(0xffffffffffffffff, 0x0, 0x8840) r2 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x48402, 0x0) read$auto(r2, 0x0, 0x7) openat$auto_ftrace_set_event_notrace_pid_fops_trace_events(0xffffffffffffff9c, 0x0, 0x102, 0x0) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup/cpu.max.burst\x00', 0x22001, 0x0) 2m23.47826968s ago: executing program 3 (id=4698): sendmsg$auto_HWSIM_CMD_NEW_RADIO(0xffffffffffffffff, &(0x7f0000002780)={0x0, 0x0, &(0x7f0000002740)={&(0x7f0000000000)=ANY=[@ANYRESOCT], 0x44}}, 0x4044000) mmap$auto(0xffffffffffffffff, 0x400008, 0xdf, 0x9b73, 0xffffffffffffffff, 0x457) r0 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000400), 0x189002, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$auto_PPPIOCSMRU(r0, 0xc004743e, 0x0) ioctl$auto_PPPIOCSPASS(r0, 0x40107447, &(0x7f0000000040)={0x6, 0x0}) ioctl$auto_PPPIOCSPASS(r0, 0x40107447, &(0x7f00000000c0)={0x9, &(0x7f0000000000)={0x28, 0xf3, 0xb0, @raw=0xfffff038}}) write$auto(0xffffffffffffffff, 0x0, 0xa) mmap$auto(0x1, 0x2020009, 0x3, 0xeb1, r1, 0x8000) r2 = socket(0x10, 0x2, 0x0) sendmsg$auto_ETHTOOL_MSG_DEBUG_SET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}, 0x1, 0x0, 0x0, 0x2000000}, 0x4) sendmsg$auto_NL80211_CMD_GET_REG(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200", @ANYBLOB="5de1"], 0x1ac}}, 0x40000) recvmmsg$auto(r2, &(0x7f0000000140)={{0x0, 0xfffffffe, 0x0, 0x5, 0x0, 0x200002, 0x8}, 0x801}, 0xfffffff9, 0x10, 0x0) quotactl$auto(0x1, &(0x7f0000000a80)='net-shaper\x00', 0xee00, 0x0) ioctl$auto(r2, 0x8946, 0x24) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r3 = openat2$auto(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)={0x5, 0x4b, 0x4}, 0x8) mmap$auto(0x0, 0xaaf, 0x4000000000df, 0x40000000000eb1, r3, 0x8000) socket(0x2, 0x2, 0x0) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x70007fc) close_range$auto(0x2, 0x8, 0x0) openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000000)='/proc/slabinfo\x00', 0x88880, 0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) mmap$auto(0x0, 0x810006, 0xffb, 0x8000000008011, 0x3, 0x0) write$auto(r0, 0x0, 0x6) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/net/ifb0/flags\x00', 0xb02, 0x0) sendfile$auto(r4, r4, 0x0, 0x3) 2m23.431153056s ago: executing program 3 (id=4699): mmap$auto(0x0, 0x20009, 0x4000000000e0, 0xeb1, 0xffffffffffffffff, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) bind$auto(0x3, &(0x7f0000000000)=@generic={0x10, "a500acb75c9cedd1b5e9a0d76293"}, 0x68) r0 = openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim2/health/break_health\x00', 0x48081, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000480)='/sys/devices/virtual/net/bond0/bonding/arp_ip_target\x00', 0xa0002, 0x0) write$auto_ocfs2_control_fops_stack_user(r1, &(0x7f0000003900)='\t', 0x1) write$auto(r0, &(0x7f0000000080)=')@-!\x00', 0x1e1) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) socket(0x2b, 0x1, 0x1) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x3ff, 0x9, 0x5, 0x14, 0x944, 0x1ffe4, 0x3, 0x6, 0x4, 0x9, 0x400005, 0x4000fff, 0x8000007, 0x8001, 0xd, 0x5, 0x3, 0x4, 0x7, 0x20, 0x309, 0x8, 0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x78, 0x0, 0x0, [0x0, 0x0, 0x0, 0x200, 0x9, 0x0, 0x0, 0x4, 0xffffffffffffffff, 0x0, 0x0, 0x4000000000000, 0x2000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x82, 0x800000000002, 0x9, 0x0, 0xbec, 0x0, 0x0, 0xe, 0x0, 0x0, 0xf16, 0x0, 0x2, 0x0, 0x10, 0xfffffffffffffffe, 0xffffffffffffd059, 0x0, 0x0, 0x0, 0x2961, 0x0, 0x2]}, 0x2001fb, 0x7f) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x24000840}, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r2, &(0x7f0000000200)={{0x0, 0x1f00, &(0x7f0000000100)={0x0, 0xfdef}, 0x2, 0x0, 0x7, 0xa505}, 0x700}, 0x7, 0x4008) ioctl$auto_SW_SYNC_IOC_CREATE_FENCE(0xffffffffffffffff, 0xc0285700, &(0x7f0000000040)={0x2, "f74d086d6600f5daa47fca1f1a0730a2f629350000000000000008600418af10"}) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r3 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/net/ipv4/neigh/vlan1/base_reachable_time\x00', 0x40400, 0x0) read$auto(r3, 0x0, 0x1ff) writev$auto(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x7}, 0x3) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000340), 0xffffffffffffffff) sendmsg$auto_NFSD_CMD_THREADS_SET(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000200)={0x24, r5, 0x1, 0x70bd2c, 0x25dfdbfd, {}, [@NFSD_A_SERVER_LEASETIME={0x8, 0x3, 0x85}, @NFSD_A_SERVER_THREADS={0x8, 0x1, 0x2}]}, 0x24}}, 0x4000) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000140)='/dev/v4l-subdev5\x00', 0x280600, 0x0) sendmsg$auto_NL80211_CMD_NOTIFY_RADAR(0xffffffffffffffff, 0x0, 0x4) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x4, 0x0) seccomp$auto(0x1, 0x0, &(0x7f0000000100)="740fb5dc698e7ba7e41f") r6 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r6, 0x0, 0x20) 2m12.799900725s ago: executing program 32 (id=4683): mmap$auto(0x0, 0x20009, 0x4000000000e0, 0xeb1, 0xffffffffffffffff, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) bind$auto(0x3, &(0x7f0000000000)=@generic={0x10, "a500acb75c9cedd1b5e9a0d76293"}, 0x68) r0 = openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim2/health/break_health\x00', 0x48081, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000480)='/sys/devices/virtual/net/bond0/bonding/arp_ip_target\x00', 0xa0002, 0x0) write$auto_ocfs2_control_fops_stack_user(r1, &(0x7f0000003900)='\t', 0x1) write$auto(r0, &(0x7f0000000080)=')@-!\x00', 0x1e1) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) socket(0x2b, 0x1, 0x1) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x3ff, 0x9, 0x5, 0x14, 0x944, 0x1ffe4, 0x3, 0x6, 0x4, 0x9, 0x400005, 0x4000fff, 0x8000007, 0x8001, 0xd, 0x5, 0x3, 0x4, 0x7, 0x20, 0x309, 0x8, 0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x78, 0x0, 0x0, [0x0, 0x0, 0x0, 0x200, 0x9, 0x0, 0x0, 0x4, 0xffffffffffffffff, 0x0, 0x0, 0x4000000000000, 0x2000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x82, 0x800000000002, 0x9, 0x0, 0xbec, 0x0, 0x0, 0xe, 0x0, 0x0, 0xf16, 0x0, 0x2, 0x0, 0x10, 0xfffffffffffffffe, 0xffffffffffffd059, 0x0, 0x0, 0x0, 0x2961, 0x0, 0x2]}, 0x2001fb, 0x7f) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x24000840}, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r2, &(0x7f0000000200)={{0x0, 0x1f00, &(0x7f0000000100)={0x0, 0xfdef}, 0x2, 0x0, 0x7, 0xa505}, 0x700}, 0x7, 0x4008) ioctl$auto_SW_SYNC_IOC_CREATE_FENCE(0xffffffffffffffff, 0xc0285700, &(0x7f0000000040)={0x2, "f74d086d6600f5daa47fca1f1a0730a2f629350000000000000008600418af10"}) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r3 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/net/ipv4/neigh/vlan1/base_reachable_time\x00', 0x40400, 0x0) read$auto(r3, 0x0, 0x1ff) writev$auto(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x7}, 0x3) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000340), 0xffffffffffffffff) sendmsg$auto_NFSD_CMD_THREADS_SET(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000200)={0x24, r5, 0x1, 0x70bd2c, 0x25dfdbfd, {}, [@NFSD_A_SERVER_LEASETIME={0x8, 0x3, 0x85}, @NFSD_A_SERVER_THREADS={0x8, 0x1, 0x2}]}, 0x24}}, 0x4000) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000140)='/dev/v4l-subdev5\x00', 0x280600, 0x0) sendmsg$auto_NL80211_CMD_NOTIFY_RADAR(0xffffffffffffffff, 0x0, 0x4) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x4, 0x0) seccomp$auto(0x1, 0x0, &(0x7f0000000100)="740fb5dc698e7ba7e41f") r6 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r6, 0x0, 0x20) 2m8.312038665s ago: executing program 33 (id=4699): mmap$auto(0x0, 0x20009, 0x4000000000e0, 0xeb1, 0xffffffffffffffff, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) bind$auto(0x3, &(0x7f0000000000)=@generic={0x10, "a500acb75c9cedd1b5e9a0d76293"}, 0x68) r0 = openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim2/health/break_health\x00', 0x48081, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000480)='/sys/devices/virtual/net/bond0/bonding/arp_ip_target\x00', 0xa0002, 0x0) write$auto_ocfs2_control_fops_stack_user(r1, &(0x7f0000003900)='\t', 0x1) write$auto(r0, &(0x7f0000000080)=')@-!\x00', 0x1e1) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) socket(0x2b, 0x1, 0x1) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x3ff, 0x9, 0x5, 0x14, 0x944, 0x1ffe4, 0x3, 0x6, 0x4, 0x9, 0x400005, 0x4000fff, 0x8000007, 0x8001, 0xd, 0x5, 0x3, 0x4, 0x7, 0x20, 0x309, 0x8, 0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x78, 0x0, 0x0, [0x0, 0x0, 0x0, 0x200, 0x9, 0x0, 0x0, 0x4, 0xffffffffffffffff, 0x0, 0x0, 0x4000000000000, 0x2000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x82, 0x800000000002, 0x9, 0x0, 0xbec, 0x0, 0x0, 0xe, 0x0, 0x0, 0xf16, 0x0, 0x2, 0x0, 0x10, 0xfffffffffffffffe, 0xffffffffffffd059, 0x0, 0x0, 0x0, 0x2961, 0x0, 0x2]}, 0x2001fb, 0x7f) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x24000840}, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r2, &(0x7f0000000200)={{0x0, 0x1f00, &(0x7f0000000100)={0x0, 0xfdef}, 0x2, 0x0, 0x7, 0xa505}, 0x700}, 0x7, 0x4008) ioctl$auto_SW_SYNC_IOC_CREATE_FENCE(0xffffffffffffffff, 0xc0285700, &(0x7f0000000040)={0x2, "f74d086d6600f5daa47fca1f1a0730a2f629350000000000000008600418af10"}) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r3 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/net/ipv4/neigh/vlan1/base_reachable_time\x00', 0x40400, 0x0) read$auto(r3, 0x0, 0x1ff) writev$auto(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x7}, 0x3) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000340), 0xffffffffffffffff) sendmsg$auto_NFSD_CMD_THREADS_SET(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000200)={0x24, r5, 0x1, 0x70bd2c, 0x25dfdbfd, {}, [@NFSD_A_SERVER_LEASETIME={0x8, 0x3, 0x85}, @NFSD_A_SERVER_THREADS={0x8, 0x1, 0x2}]}, 0x24}}, 0x4000) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000140)='/dev/v4l-subdev5\x00', 0x280600, 0x0) sendmsg$auto_NL80211_CMD_NOTIFY_RADAR(0xffffffffffffffff, 0x0, 0x4) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x4, 0x0) seccomp$auto(0x1, 0x0, &(0x7f0000000100)="740fb5dc698e7ba7e41f") r6 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r6, 0x0, 0x20) 3.09014388s ago: executing program 1 (id=5098): mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) r0 = socket(0xa, 0x3, 0x3b) mmap$auto(0x0, 0x200009, 0x2, 0x48eb1, 0xffffffffffffffff, 0x300000000000) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) madvise$auto(0x0, 0x6, 0x66) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0x1, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) ioctl$auto_TIOCSETD2(r1, 0x5423, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) mmap$auto(0x6, 0x7fffffffffffffff, 0xffffffffffffb582, 0x66af1514, r0, 0x7) 2.1709387s ago: executing program 1 (id=5099): mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000) r0 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154) socket(0xa, 0x5, 0x0) lsm_list_modules$auto(0x0, 0x0, 0x0) r1 = socket(0x28, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c000000", @ANYBLOB='^\x00\'a'], 0x1ac}, 0x1, 0x0, 0x0, 0x40}, 0x40000) sendmmsg$auto(r1, &(0x7f0000000200)={{0x0, 0xffc3, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f0000000340)="6065535431129d4c20323f68d176fd8d3805776f0df093be8ad70f43950c0bee2d5c3645fa24bcbaeb7b2dab3df389b45247f788a789e94b244b4e4744be3f93f42aa6b3008f3e43b8a025f22fee881b75446e6bd026fd56314c3d80d61d2b3be78f74d4d9cbfd6a420bce1fc16d739951d86d2147264af208f56522d56d38ca2a7f018cff1bc46758ab4b85a771330bd3acb9d25e303f089f98f1c68973b94432beffb4f577d56c5cc764526b44090e032d278e7fee3786e8ddfcf2506a16e1691a13974b4f11d000"/214, 0x7, 0x3}, 0x800}, 0x7, 0x4008) mmap$auto(0x0, 0x2020009, 0xfffffffffffffffe, 0xeb1, 0xfffffffffffffffa, 0x8000) writev$auto(0x1, &(0x7f0000000100)={0x0, 0x400000000000fdef}, 0x1) pread64$auto(0xffffffffffffffff, 0x0, 0x7fc, 0x400) sendmsg$auto_NL80211_CMD_DEL_KEY(r0, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000140)={&(0x7f0000000440)={0x220, 0x0, 0x100, 0x70bd25, 0x25dfdbfc, {}, [@NL80211_ATTR_STA_EXT_CAPABILITY={0xe0, 0xac, "fa126e26cd8d3e7592d7509e33b478888a79c97e5b8b2aec1a41b712c9de045001cdbd5822bfe5cb9e5b4378a7cde09d9c786c0158f56cf80a8010aaa594bb708b718d84d547385c195e420abd48965da2cc60451eace99f4a20479ba984d4a94c91f23065f2a362848b80dc093d9358e731cdfab0b3907eb05069698671ddbeaeb49ceb225f6a2b60460ad4582b3127b5c5c3195c1e5fa9b2d0e061c108615b2e7534001723edac4525e3512f999b6382e3497816e16178b520396ae05cf6b0adc98ee19b6fa32d25c0a889dbc5b5752fee255639c811da1774169c"}, @NL80211_ATTR_INACTIVITY_TIMEOUT={0x6, 0x96, 0x200}, @NL80211_ATTR_KEY_IDX={0x5, 0x8, 0xb}, @NL80211_ATTR_BSS_CTS_PROT={0x5, 0x1c, 0xff}, @NL80211_ATTR_ROAM_SUPPORT={0x4}, @NL80211_ATTR_WPA_VERSIONS={0x8, 0x4b, 0x7}, @NL80211_ATTR_ROAM_SUPPORT={0x4}, @NL80211_ATTR_WIPHY_RETRY_LONG={0x5, 0x3e, 0x4}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}, @NL80211_ATTR_PREV_BSSID={0xf3, 0x4f, "a1b920020817b89db02dd7c8793a84b013b6eb114762814ba11d3c3ea0e77e655a9e008f1d095709117ccb39b112462e8a523fad5d7612ffa1f158327d6a26cf4a1d30e79e25d6fcea705dada07c1d81cbdc6c672773da775d0753eda58c9561ccd5447dc398aa822ec4f5a1dbfe8a1f51cc6f6add20155d51d588a32717f617503033dfd86ac26f98a38f43c1856d5f61ce7d84172857741b291ade1530b54da5f3ea30ea50ee45355e033a60c62f7a35669d203da1f2da78e979fc85b11333e0e393a7747e7b7abc92bc603813e5e6b40f3f858a61c28cd66917b8847b5688f58e496f41bcc203bb2727c9b0c7ef"}]}, 0x220}, 0x1, 0x0, 0x0, 0x10c1}, 0x4) openat$auto_tracing_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/tracing/per_cpu/cpu1/trace\x00', 0x600, 0x0) sendfile$auto(0x1, 0x3, 0x0, 0x74c) unshare$auto(0x40000080) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) r2 = socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa}, 0x58) getsockopt$auto(r2, 0x29, 0x10, 0x0, 0x0) mmap$auto(0x0, 0x400008, 0xe4, 0x9b72, 0x2, 0x400) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) getxattrat$auto(0xffffffffffffffff, 0x0, 0x1, 0x0, 0x0, 0xb91) madvise$auto(0x2, 0x3, 0x20006) r3 = socket(0xa, 0x2, 0x88) capset$auto(0x0, 0x0) sendmmsg$auto(0xffffffffffffffff, 0x0, 0x800, 0x100) setsockopt$auto(r3, 0x29, 0x10, 0x0, 0x1) bind$auto(0xffffffffffffffff, 0x0, 0xffffffe6) 1.187649811s ago: executing program 1 (id=5100): r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r1 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000140)='/proc/diskstats\x00', 0x1c9802, 0x0) pread64$auto(r1, 0x0, 0x100000000, 0x2000002) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x2000c, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0xe0180, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x101e81, 0x0) socket(0x15, 0x5, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) socket$nl_generic(0x10, 0x3, 0x10) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000300)='/dev/snd/controlC2\x00', 0x8100, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r2, 0xc0045516, &(0x7f0000000040)=0x5) r3 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000300)='/dev/snd/controlC2\x00', 0x8100, 0x0) r4 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000280)='/dev/snd/controlC2\x00', 0x80, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_ADD(r4, 0xc1105517, &(0x7f0000000580)={{@raw=0x7fffffff, 0xf0ee, 0x20009, 0x3, "790eaa00ffff8eac2cdafc1f64010043eeb0b053030001ffff000e00", @raw=0x1}, 0x4, 0x966, 0x3, @raw=0x404, @reserved="adcc3c913e4647395aa4516b647fd577e2f0f2b824fc48eee0a1b68dc58080c8545f9b780a400555501a3f7454f5b74db861fef3d8db03f7cabaa93a4b279812faa2821769e48f92dbc01adc525eb0a1e47b1883a0ddfb818f021b7254ea470e90613006a1bf970da2ce0e6b379879546ecabc71b1833900ba5eab2858413768", "6cc1294d63a4f1b4285854c5368de438f8cc142ef6df12bf3373a1183bedbd31b642b4051b078fa1c1c61c329794e5311121c760cb9611c78e6947a99807bcc1"}) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_LIST(r3, 0xc0505510, &(0x7f00000001c0)={0x0, 0x8, 0x5, @inferred=0xffffffffffffffff, 0x0, "5059d005d689f01a18c00f29b5fa49429146f0fced3c14fab52cc63a1547e39e1154bf627c7fd574bccc61a93bf6de84233c"}) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0xa, 0x801, 0x84) openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f0000000140)='/dev/cuse\x00', 0x1c1041, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000002940)='/dev/fb0\x00', 0x2841, 0x0) openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, &(0x7f0000000000), 0x40000, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D3\x00', 0x1, 0x0) select$auto(0x9, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x0, 0x15f4da07, 0x6, 0x10, 0x64, 0x80000020, 0x1000, 0xb, 0x9, 0x2, 0x8]}, 0x0) sysfs$auto(0x2, 0x3d, 0x0) 1.102132228s ago: executing program 1 (id=5101): openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f0000000000)='/dev/usbmon33\x00', 0x121200, 0x0) set_mempolicy$auto(0x2, &(0x7f0000000080)=0x7e, 0x4) mmap$auto(0x0, 0xa00006, 0x2, 0x40eb1, 0x602, 0x300000000000) mmap$auto(0x0, 0x4000002, 0xfffffffffffffe01, 0x8051, 0x3, 0x0) r0 = syz_clone(0x5004000, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) sendmsg$auto_HWSIM_CMD_NEW_RADIO(0xffffffffffffffff, 0x0, 0x40800) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/usbmon0\x00', 0x0, 0x0) r3 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000640), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_ADD_TX_TS(0xffffffffffffffff, &(0x7f00000012c0)={&(0x7f0000001100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000001280)={&(0x7f0000001140)={0x108, r3, 0x8, 0x70bd27, 0x25dfdbfd, {}, [@NL80211_ATTR_FRAME_TYPE={0x6, 0x65, 0x9}, @NL80211_ATTR_MLO_RECONF_REM_LINKS={0x6, 0x14f, 0x9}, @NL80211_ATTR_STA_SUPPORTED_RATES={0x17, 0x13, "13c366f9244357d432f6e44cc4bf4e5878fe5d"}, @NL80211_ATTR_WIPHY_NAME={0x8, 0x2, '/${\x00'}, @NL80211_ATTR_AP_ISOLATE={0x5, 0x60, 0x8}, @NL80211_ATTR_P2P_OPPPS={0x5, 0xa3, 0x2}, @NL80211_ATTR_HT_CAPABILITY={0x45, 0x1f, "ff8ddbe0dca3a0c40b31575a0fc89a052ad1070f85525f215dde201061c7ecbce4e876ab8d9dd571ee3b51789e3654f47243f6e34471afffdadef51ab57ef583e9"}, @NL80211_ATTR_WOWLAN_TRIGGERS={0x5c, 0x75, 0x0, 0x1, [@generic="ba6aeb15a3f761572ca4eb336e5dfaa39a4e112524144c26d5a6468d0f3a3919ee7a2bf863f683c121bc3b2170c49b100b274baaf7e35af6d0f2356f99129b14dfb3c040f557f81b", @typed={0x8, 0x138, 0x0, 0x0, @u32=0x400}, @typed={0x8, 0xe6, 0x0, 0x0, @fd=r1}]}, @NL80211_ATTR_TDLS_OPERATION={0x5, 0x8a, 0x8}, @NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI={0x5, 0xf6, 0x7}]}, 0x108}, 0x1, 0x0, 0x0, 0x91}, 0x10) ioctl$auto_MON_IOCX_MFETCH(r2, 0xc0109207, 0x0) mlockall$auto(0x7) bpf$auto(0x5, &(0x7f0000000080)=@bpf_attr_7={@prog_id=0xc, 0x92f1, 0x4}, 0xa) ptrace$auto(0x10, r0, 0x2, 0x1007ff) r4 = open(&(0x7f0000000000)='./file0\x00', 0x4242, 0xe1d2b27bdc14aab4) flock$auto(r4, 0x1) 222.364414ms ago: executing program 1 (id=5102): mmap$auto(0x0, 0x20009, 0x4000000000cf, 0xeb1, 0xffffffffffffffff, 0x8000) timerfd_settime$auto(0xffffffffffffffff, 0x0, &(0x7f0000000000)={{0x10, 0x3ff}, {0x10, 0x9}}, 0x0) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = socket(0xa, 0x5, 0x84) sendto$auto(r0, 0x0, 0x401, 0x101, &(0x7f0000000000)=@generic={0xa, "000000000000fe8000000000002c"}, 0x1f) 0s ago: executing program 1 (id=5103): socket(0x2, 0x5, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) r0 = socket(0x2, 0x80002, 0x73) r1 = io_uring_setup$auto(0x406, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r2 = socket(0x11, 0x2, 0x0) rt_sigqueueinfo$auto(0x0, 0x4004, &(0x7f0000000000)={@siginfo_0_0={0xf9, 0x14, 0x7e73, @_timer={0x0, 0x80000001, @sival_ptr=0x0, 0x5}}}) r4 = socket(0x11, 0x3, 0x9) sendmmsg$auto(r4, &(0x7f00000001c0)={{&(0x7f0000000000), 0x5b0, &(0x7f0000000100)={0x0, 0xf}, 0x7, 0x0, 0x3, 0x1000000e}, 0x45}, 0x1, 0xfd) r5 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f0000000000)='/dev/usbmon7\x00', 0x40080, 0x0) select$auto(0x5, 0x0, &(0x7f0000000140)={[0x9, 0x8, 0x3, 0x10, 0x3, 0x9, 0x9, 0xff, 0x3, 0x2, 0x2, 0x7, 0x100000001, 0x8000000000000001, 0x4, 0x9]}, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_proc_loginuid_operations_base(0xffffffffffffff9c, &(0x7f0000000340)='/proc/thread-self/loginuid\x00', 0x109000, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/irq/11/smp_affinity_list\x00', 0x129542, 0x0) read$auto(0x3, 0x0, 0xf34) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0x8) r6 = syz_genetlink_get_family_id$auto_ovs_ct_limit(&(0x7f00000010c0), 0xffffffffffffffff) sendmsg$auto_OVS_CT_LIMIT_CMD_GET(r5, &(0x7f0000002580)={&(0x7f0000001080)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000002540)={&(0x7f0000001100)={0x18, r6, 0x1, 0x70bd25, 0x25dfdbfd, {}, [@OVS_CT_LIMIT_ATTR_ZONE_LIMIT={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x810}, 0x8000) shmctl$auto_IPC_SET(0x3, 0x1, &(0x7f0000000440)={{0x5, 0x0, 0xee01, 0x7, 0x6, 0xf, 0x6}, 0x0, 0x5, 0x2, 0x7, @inferred=r3, @inferred=r3, 0x5, 0x0, &(0x7f0000000340)="3fc40b4160c21798", &(0x7f0000000380)="dcee8152e57ee9544604085a4c4315dc95ac7e052c"}) sendmsg$auto_OVS_CT_LIMIT_CMD_DEL(r0, &(0x7f0000000980)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000003c0)={&(0x7f00000009c0)={0x4a8, r6, 0x800, 0x70bd25, 0x25dfdbfc, {}, [@OVS_CT_LIMIT_ATTR_ZONE_LIMIT={0xc, 0x1, 0x0, 0x1, [@typed={0x5, 0x9f, 0x0, 0x0, @binary='?'}]}, @OVS_CT_LIMIT_ATTR_ZONE_LIMIT={0x3c8, 0x1, 0x0, 0x1, [@generic="388c03d02eda11963a5b505e7161c7620e55465821c744d986d0d21d7240dc61b839b1d63313b2bc8bfae3c35108f756ff0a8d270120e4e6935ce6c86b75f218807cb1af1d569c2adf94a1f69d34047c68569a558e9a3c1ec63ef193458d88d161ff6de63ec2479fd4c01b2533beb42327f7cd0d3520a3eb262b21b645ccbb4d0d33d132bff9c4aac0835b27f302827a3892a0dcf2aba6539b76ed6b2f86fdfc8b5eb7a99822ffc81463786ae39b2d81da22672e7587eb0bc8fada9fc15c26c8f60b2b1eeebd8ab97bd7a1c2fce90fa2673285603fed3857", @nested={0x108, 0xaf, 0x0, 0x1, [@nested={0x4, 0x52}, @nested={0x4, 0x12d}, @typed={0x14, 0xda, 0x0, 0x0, @ipv6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}, @generic="88d92cc509cf1ed38d1e1535b8f8a6084f23c91b17de42cc6e97fa4380a8901f2d7280140ba9cb92b3619546513d6e08e5be576250854a732732e49ed41d7256d9d77d2c697ff7974fab72911da8aeee80ea98f87a3e85d080f025e93c665092f7011414386e2049f4299a69b81931e39c6ed958b850210c37104be7f245b7ac5438cf8eed8cdc7c1c82d9001d8bab4240af16b4fe4d2f3432b4a2af8b7fdaf5869b18f0cce1bf305b95da761d9b5b092cd36bae20d3e4f8409f5a904e1f485f3ac3d1b4aeedc59f085f283c7746613fadb660e27bfe1d0c275e147ff0dd2806", @nested={0x4, 0x7d}, @nested={0x4, 0x11a}]}, @typed={0x26, 0xf5, 0x0, 0x0, @binary="c39b4b3d24be6300e51f75af130012f074bd84ae3c723b6240687a463509a26715d3"}, @nested={0xaa, 0xd8, 0x0, 0x1, [@typed={0x4, 0x100}, @generic="327e872578b4b3b467c64b8e65db4e5b44918dd2aafcd1027e6f10fcd630f11941825e5750c2425c7c42b24b30b2eb474c20ddd4ee0d5ebbc01188e3a6fb015ad83407a094f614536838cf2cd0e97eac4329075bb123d09e519028aa964a6c42998a4dfa70a536f41808ac568508ff2e8f285f051bb100aadc507f3124a179e34076cf1e6bc010d61bdb966c6d940374a8b2705f8bbb4f2f7ac8dc7740563cd426a4"]}, @nested={0x110, 0x107, 0x0, 0x1, [@nested={0x4, 0x3e}, @nested={0x4, 0x95}, @nested={0x4, 0x28}, @typed={0x8, 0x12b, 0x0, 0x0, @u32=0x3}, @typed={0x7e, 0xb9, 0x0, 0x0, @binary="68fa783c0c770dfb650ff933423ba6c0809695bae22e0ce7adcaeb3e4079ac9e1b6d55c6bcfd14df1105a90f006774097f48bb2be41d7a181eace8e0b5c9a987be34c6f148cf5c0ef1f6519442ebed9b6f25cb45be9513ded33f6a355f9b29c8f6463b094c86a44b5c3a8433ca31c6bf11a7a9fd52fea3db0000"}, @generic="4c3f1012438fc4abc8690a3d1f5ae19c45abffae6b9a416e4fd81d889f856919dcbfeded0a7c59c9054caedf6953b3568dc72fce3cfc81905024cff2398bd8dbdbbc098b8ef4558a035bd725494dd7fe896c61c0ab13ac53929ed85853c77b0a924acb41c1ac5a6db2d41e6b1d4dcc4df88c2c4d0d6cb3f8"]}]}, @OVS_CT_LIMIT_ATTR_ZONE_LIMIT={0x4}, @OVS_CT_LIMIT_ATTR_ZONE_LIMIT={0xc, 0x1, 0x0, 0x1, [@typed={0x8, 0x77, 0x0, 0x0, @uid=r7}]}, @OVS_CT_LIMIT_ATTR_ZONE_LIMIT={0xc, 0x1, 0x0, 0x1, [@typed={0x8, 0x2a, 0x0, 0x0, @fd=r1}]}, @OVS_CT_LIMIT_ATTR_ZONE_LIMIT={0x31, 0x1, 0x0, 0x1, [@generic="27c05b0062b65edff8f62f6056e28d8e2dad0c96fe41292b64a393e90cd632fe0ded43d67da61b8e5df400b7ba", @generic]}, @OVS_CT_LIMIT_ATTR_ZONE_LIMIT={0x70, 0x1, 0x0, 0x1, [@generic="03679fd5fb37ee14515548ca8042f00736c3e6c8aa413c7cf1a4f40a5371585b127befe23a8f9ae482f28a2c2e23e7288ef999e211e05caa897089e6a9f667f29705335c29d57ce34c65d0b1abb6120bc801e18078193106b9434c3da6cd23b81b5170a2c00a60de746a490d"]}]}, 0x4a8}, 0x1, 0x0, 0x0, 0x48010}, 0x4811) sendmmsg$auto(r2, &(0x7f00000001c0)={{&(0x7f0000000000), 0x5aa, 0x0, 0x5, 0x0, 0x5, 0x1000}, 0x5}, 0x2, 0x100) syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) io_uring_enter$auto(0x3, 0xa84, 0x80000001, 0xa, 0x0, 0x46) r8 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) select$auto(0x3e8b, &(0x7f0000000080)={[0xd03, 0x68, 0x3, 0x7, 0x3, 0x0, 0xffff, 0x54b, 0xfd, 0x1b80, 0xffffffffffff13d3, 0x3688000000, 0x7be1, 0xfffffffff41d62ec, 0xb, 0x8]}, &(0x7f0000000200)={[0x3, 0x3, 0x9, 0x5, 0x0, 0x58f8, 0x7, 0xe04e, 0x1, 0x0, 0x6, 0xcba, 0x9, 0x10, 0x0, 0x7ff]}, &(0x7f0000000280)={[0x4, 0x5, 0x5, 0x2, 0x10000, 0xf, 0x5, 0x4, 0x8, 0x1, 0x1, 0x40, 0x800, 0x4, 0xb, 0x100]}, &(0x7f0000000180)={0x0, 0x7fffffffffffffff}) write$auto(r8, &(0x7f0000000400)='\x00\x00\x00\x00', 0x100000a3d9) close_range$auto(0x2, 0x8, 0x0) kernel console output (not intermixed with test programs): T26875] ? __pfx_do_sys_openat2+0x10/0x10 [ 1204.260559][T26875] __x64_sys_futex+0x34f/0x4d0 [ 1204.260579][T26875] ? __x64_sys_openat+0x12d/0x210 [ 1204.260596][T26875] ? __pfx___x64_sys_futex+0x10/0x10 [ 1204.260622][T26875] do_syscall_64+0x106/0xf80 [ 1204.260637][T26875] ? clear_bhb_loop+0x40/0x90 [ 1204.260655][T26875] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1204.260670][T26875] RIP: 0033:0x7f2d0ed9c629 [ 1204.260684][T26875] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1204.260699][T26875] RSP: 002b:00007f2d0fb800e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1204.260713][T26875] RAX: ffffffffffffffda RBX: 00007f2d0f016098 RCX: 00007f2d0ed9c629 [ 1204.260724][T26875] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f2d0f016098 [ 1204.260736][T26875] RBP: 00007f2d0f016090 R08: 0000000000000000 R09: 0000000000000000 [ 1204.260745][T26875] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1204.260753][T26875] R13: 00007f2d0f016128 R14: 00007ffe817574e0 R15: 00007ffe817575c8 [ 1204.260773][T26875] [ 1205.066767][T26887] FAULT_INJECTION: forcing a failure. [ 1205.066767][T26887] name failslab, interval 1, probability 0, space 0, times 0 [ 1205.089011][T26887] CPU: 0 UID: 0 PID: 26887 Comm: syz.3.4658 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1205.089038][T26887] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1205.089044][T26887] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1205.089053][T26887] Call Trace: [ 1205.089058][T26887] [ 1205.089064][T26887] dump_stack_lvl+0x100/0x190 [ 1205.089091][T26887] should_fail_ex.cold+0x5/0xa [ 1205.089117][T26887] ? tomoyo_encode2+0xfb/0x3c0 [ 1205.089132][T26887] should_failslab+0xc2/0x120 [ 1205.089147][T26887] __kmalloc_noprof+0xe0/0x850 [ 1205.089167][T26887] ? rcu_is_watching+0x12/0xc0 [ 1205.089191][T26887] tomoyo_encode2+0xfb/0x3c0 [ 1205.089208][T26887] tomoyo_encode+0x29/0x50 [ 1205.089222][T26887] tomoyo_realpath_from_path+0x18c/0x690 [ 1205.089242][T26887] tomoyo_check_open_permission+0x2af/0x3c0 [ 1205.089264][T26887] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 1205.089305][T26887] ? do_raw_spin_lock+0x128/0x260 [ 1205.089327][T26887] ? path_get+0x61/0x80 [ 1205.089344][T26887] tomoyo_file_open+0x6b/0x90 [ 1205.089362][T26887] security_file_open+0xb5/0x1e0 [ 1205.089377][T26887] do_dentry_open+0x5aa/0x1660 [ 1205.089400][T26887] ? security_inode_permission+0xbf/0x250 [ 1205.089425][T26887] vfs_open+0x82/0x3f0 [ 1205.089444][T26887] path_openat+0x208c/0x31a0 [ 1205.089464][T26887] ? __pfx_path_openat+0x10/0x10 [ 1205.089485][T26887] do_file_open+0x20e/0x430 [ 1205.089500][T26887] ? __pfx_do_file_open+0x10/0x10 [ 1205.089528][T26887] ? alloc_fd+0x476/0x790 [ 1205.089552][T26887] ? do_getname+0x191/0x390 [ 1205.089570][T26887] do_sys_openat2+0x10d/0x1e0 [ 1205.089588][T26887] ? __pfx_do_sys_openat2+0x10/0x10 [ 1205.089613][T26887] __x64_sys_openat+0x12d/0x210 [ 1205.089631][T26887] ? __pfx___x64_sys_openat+0x10/0x10 [ 1205.089656][T26887] do_syscall_64+0x106/0xf80 [ 1205.089672][T26887] ? clear_bhb_loop+0x40/0x90 [ 1205.089691][T26887] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1205.089706][T26887] RIP: 0033:0x7f02fd99c629 [ 1205.089719][T26887] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1205.089734][T26887] RSP: 002b:00007f02fe8dd028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1205.089749][T26887] RAX: ffffffffffffffda RBX: 00007f02fdc16090 RCX: 00007f02fd99c629 [ 1205.089759][T26887] RDX: 0000000000000400 RSI: 00002000000001c0 RDI: ffffffffffffff9c [ 1205.089769][T26887] RBP: 00007f02fda32b39 R08: 0000000000000000 R09: 0000000000000000 [ 1205.089778][T26887] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1205.089786][T26887] R13: 00007f02fdc16128 R14: 00007f02fdc16090 R15: 00007ffd6ad79fa8 [ 1205.089807][T26887] [ 1205.089824][T26887] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1205.553559][T26893] netlink: 342 bytes leftover after parsing attributes in process `syz.0.4659'. [ 1206.384495][T26912] netlink: 266 bytes leftover after parsing attributes in process `syz.3.4664'. [ 1206.415987][T26912] IPv6: NLM_F_CREATE should be specified when creating new route [ 1206.958427][T26923] netlink: 342 bytes leftover after parsing attributes in process `syz.2.4665'. [ 1207.267560][T26936] netlink: 342 bytes leftover after parsing attributes in process `syz.1.4670'. [ 1208.350399][T16512] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1208.360982][T16512] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1208.369023][T16512] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1208.377852][T16512] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1208.386543][T16512] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1209.113294][T22699] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1209.199332][T26958] chnl_net:caif_netlink_parms(): no params data found [ 1209.350821][T22699] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1209.434760][T26980] netlink: 342 bytes leftover after parsing attributes in process `syz.0.4681'. [ 1209.525447][T22699] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1209.691385][T16512] Bluetooth: hci1: unexpected subevent 0x01 length: 3 < 18 [ 1209.700714][T26988] dlm: non-version read from control device 255 [ 1209.710390][T22699] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1209.800256][T26985] bond0: invalid ARP target specified [ 1209.827551][T26992] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4683'. [ 1209.895467][T22699] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1209.937795][T26985] NFSD: Failed to start, no listeners configured. [ 1210.075929][T26958] bridge0: port 1(bridge_slave_0) entered blocking state [ 1210.093229][T26958] bridge0: port 1(bridge_slave_0) entered disabled state [ 1210.108225][T26958] bridge_slave_0: entered allmulticast mode [ 1210.128395][T26958] bridge_slave_0: entered promiscuous mode [ 1210.154872][T26958] bridge0: port 2(bridge_slave_1) entered blocking state [ 1210.165343][T26958] bridge0: port 2(bridge_slave_1) entered disabled state [ 1210.172569][T26958] bridge_slave_1: entered allmulticast mode [ 1210.179996][T26958] bridge_slave_1: entered promiscuous mode [ 1210.256040][T26958] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1210.280799][T26958] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1210.326003][T26958] team0: Port device team_slave_0 added [ 1210.335504][T26958] team0: Port device team_slave_1 added [ 1210.361845][T26958] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1210.370657][T26958] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1210.397119][T26958] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1210.407840][T16512] Bluetooth: hci0: command tx timeout [ 1210.434133][T26958] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1210.443726][T26958] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1210.470636][T26958] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1210.543206][T26958] hsr_slave_0: entered promiscuous mode [ 1210.549482][T26958] hsr_slave_1: entered promiscuous mode [ 1211.301846][T27017] FAULT_INJECTION: forcing a failure. [ 1211.301846][T27017] name failslab, interval 1, probability 0, space 0, times 0 [ 1211.327934][T27017] CPU: 0 UID: 0 PID: 27017 Comm: syz.1.4690 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1211.327961][T27017] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1211.327967][T27017] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1211.327976][T27017] Call Trace: [ 1211.327982][T27017] [ 1211.327988][T27017] dump_stack_lvl+0x100/0x190 [ 1211.328014][T27017] should_fail_ex.cold+0x5/0xa [ 1211.328032][T27017] ? tomoyo_encode2+0xfb/0x3c0 [ 1211.328047][T27017] should_failslab+0xc2/0x120 [ 1211.328062][T27017] __kmalloc_noprof+0xe0/0x850 [ 1211.328082][T27017] ? rcu_is_watching+0x12/0xc0 [ 1211.328107][T27017] tomoyo_encode2+0xfb/0x3c0 [ 1211.328125][T27017] tomoyo_encode+0x29/0x50 [ 1211.328138][T27017] tomoyo_realpath_from_path+0x18c/0x690 [ 1211.328159][T27017] tomoyo_check_open_permission+0x2af/0x3c0 [ 1211.328186][T27017] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 1211.328225][T27017] ? lock_acquire+0x1cf/0x380 [ 1211.328243][T27017] ? find_held_lock+0x2b/0x80 [ 1211.328261][T27017] tomoyo_file_open+0x6b/0x90 [ 1211.328280][T27017] security_file_open+0xb5/0x1e0 [ 1211.328295][T27017] do_dentry_open+0x5aa/0x1660 [ 1211.328323][T27017] vfs_open+0x82/0x3f0 [ 1211.328341][T27017] path_openat+0x208c/0x31a0 [ 1211.328362][T27017] ? __pfx_path_openat+0x10/0x10 [ 1211.328383][T27017] do_file_open+0x20e/0x430 [ 1211.328399][T27017] ? __pfx_do_file_open+0x10/0x10 [ 1211.328426][T27017] ? alloc_fd+0x476/0x790 [ 1211.328459][T27017] ? do_getname+0x191/0x390 [ 1211.328479][T27017] do_sys_openat2+0x10d/0x1e0 [ 1211.328498][T27017] ? __pfx_do_sys_openat2+0x10/0x10 [ 1211.328524][T27017] __x64_sys_openat+0x12d/0x210 [ 1211.328543][T27017] ? __pfx___x64_sys_openat+0x10/0x10 [ 1211.328569][T27017] do_syscall_64+0x106/0xf80 [ 1211.328585][T27017] ? clear_bhb_loop+0x40/0x90 [ 1211.328603][T27017] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1211.328618][T27017] RIP: 0033:0x7fc675b9c629 [ 1211.328632][T27017] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1211.328646][T27017] RSP: 002b:00007fc676a49028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1211.328661][T27017] RAX: ffffffffffffffda RBX: 00007fc675e15fa0 RCX: 00007fc675b9c629 [ 1211.328671][T27017] RDX: 0000000000002401 RSI: 0000200000000180 RDI: ffffffffffffff9c [ 1211.328681][T27017] RBP: 00007fc675c32b39 R08: 0000000000000000 R09: 0000000000000000 [ 1211.328690][T27017] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1211.328699][T27017] R13: 00007fc675e16038 R14: 00007fc675e15fa0 R15: 00007ffed8d690c8 [ 1211.328718][T27017] [ 1211.332855][T27017] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1212.472272][T16512] Bluetooth: hci0: command tx timeout [ 1213.989848][T27051] bond0: invalid ARP target specified [ 1214.000716][T27051] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4699'. [ 1214.043873][T27051] NFSD: Failed to start, no listeners configured. [ 1214.542613][T16512] Bluetooth: hci0: command tx timeout [ 1216.612830][T16512] Bluetooth: hci0: command tx timeout [ 1218.324077][T27086] netlink: 342 bytes leftover after parsing attributes in process `syz.1.4708'. [ 1222.340471][T27136] zswap: compressor  not available [ 1224.782421][T27168] netlink: 342 bytes leftover after parsing attributes in process `syz.1.4728'. [ 1224.804749][T13250] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 1224.817566][T13250] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 1224.825223][T13250] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 1224.832776][T13250] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 1224.840706][T13250] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 1225.187304][T27172] chnl_net:caif_netlink_parms(): no params data found [ 1225.325091][T27172] bridge0: port 1(bridge_slave_0) entered blocking state [ 1225.345705][T27172] bridge0: port 1(bridge_slave_0) entered disabled state [ 1225.359246][T27172] bridge_slave_0: entered allmulticast mode [ 1225.380813][T27172] bridge_slave_0: entered promiscuous mode [ 1225.400459][T27172] bridge0: port 2(bridge_slave_1) entered blocking state [ 1225.421590][T27172] bridge0: port 2(bridge_slave_1) entered disabled state [ 1225.439903][T27172] bridge_slave_1: entered allmulticast mode [ 1225.459756][T27172] bridge_slave_1: entered promiscuous mode [ 1225.533791][T27172] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1225.564665][T27172] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1225.639284][T27172] team0: Port device team_slave_0 added [ 1225.652070][T27172] team0: Port device team_slave_1 added [ 1225.702592][T27172] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1225.709963][T27172] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1225.786781][T27172] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1225.811223][T27172] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1225.818198][T27172] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1225.852897][T27172] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1225.920327][T27172] hsr_slave_0: entered promiscuous mode [ 1225.939688][T27172] hsr_slave_1: entered promiscuous mode [ 1225.956229][T27172] debugfs: 'hsr0' already exists in 'hsr' [ 1225.970225][T27172] Cannot create hsr debugfs directory [ 1226.134254][T27193] FAULT_INJECTION: forcing a failure. [ 1226.134254][T27193] name fail_futex, interval 1, probability 0, space 0, times 0 [ 1226.161680][T27193] CPU: 0 UID: 0 PID: 27193 Comm: syz.1.4733 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1226.161709][T27193] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1226.161716][T27193] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1226.161725][T27193] Call Trace: [ 1226.161731][T27193] [ 1226.161737][T27193] dump_stack_lvl+0x100/0x190 [ 1226.161763][T27193] should_fail_ex.cold+0x5/0xa [ 1226.161782][T27193] get_futex_key+0x1d2/0x1620 [ 1226.161802][T27193] ? __pfx_get_futex_key+0x10/0x10 [ 1226.161820][T27193] ? __pfx_blkdev_direct_IO+0x10/0x10 [ 1226.161837][T27193] ? __pfx___might_resched+0x10/0x10 [ 1226.161862][T27193] futex_wake+0xea/0x530 [ 1226.161885][T27193] ? __pfx_futex_wake+0x10/0x10 [ 1226.161912][T27193] ? blkdev_read_iter+0x2f0/0x4f0 [ 1226.161933][T27193] ? vfs_read+0x243/0xb30 [ 1226.161957][T27193] do_futex+0x32b/0x350 [ 1226.161977][T27193] ? __pfx_do_futex+0x10/0x10 [ 1226.162000][T27193] __x64_sys_futex+0x34f/0x4d0 [ 1226.162019][T27193] ? fput+0x79/0x100 [ 1226.162034][T27193] ? __pfx___x64_sys_futex+0x10/0x10 [ 1226.162053][T27193] ? __pfx___x64_sys_pread64+0x10/0x10 [ 1226.162081][T27193] do_syscall_64+0x106/0xf80 [ 1226.162097][T27193] ? clear_bhb_loop+0x40/0x90 [ 1226.162115][T27193] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1226.162130][T27193] RIP: 0033:0x7fc675b9c629 [ 1226.162144][T27193] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1226.162158][T27193] RSP: 002b:00007fc676a280e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1226.162173][T27193] RAX: ffffffffffffffda RBX: 00007fc675e16098 RCX: 00007fc675b9c629 [ 1226.162183][T27193] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fc675e1609c [ 1226.162192][T27193] RBP: 00007fc675e16090 R08: 0000000000000000 R09: 0000000000000000 [ 1226.162201][T27193] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000 [ 1226.162210][T27193] R13: 00007fc675e16128 R14: 00007ffed8d68fe0 R15: 00007ffed8d690c8 [ 1226.162230][T27193] [ 1226.886606][T16512] Bluetooth: hci3: command tx timeout [ 1227.707053][T27217] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4739'. [ 1227.720450][T27217] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1227.733304][T27217] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1227.743294][T27217] bond0 (unregistering): Released all slaves [ 1227.767623][T27218] uvcvideo: [Deprecated]: nodrop parameter will be eventually removed. [ 1228.102278][T27225] zswap: compressor  not available [ 1228.173454][T27230] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4742'. [ 1228.182974][T27230] veth0_macvtap: entered promiscuous mode [ 1228.189132][T27230] veth0_macvtap: entered allmulticast mode [ 1228.954809][T16512] Bluetooth: hci3: command tx timeout [ 1229.275148][T13250] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 1229.285402][T13250] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 1229.295184][T13250] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 1229.302786][T13250] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 1229.310734][T13250] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 1229.594457][T27237] chnl_net:caif_netlink_parms(): no params data found [ 1229.668507][T27237] bridge0: port 1(bridge_slave_0) entered blocking state [ 1229.677703][T27251] netlink: 342 bytes leftover after parsing attributes in process `syz.1.4747'. [ 1229.686981][T27237] bridge0: port 1(bridge_slave_0) entered disabled state [ 1229.706120][T27237] bridge_slave_0: entered allmulticast mode [ 1229.721283][T27237] bridge_slave_0: entered promiscuous mode [ 1229.740721][T27237] bridge0: port 2(bridge_slave_1) entered blocking state [ 1229.751405][T27237] bridge0: port 2(bridge_slave_1) entered disabled state [ 1229.758522][T27237] bridge_slave_1: entered allmulticast mode [ 1229.791181][T27237] bridge_slave_1: entered promiscuous mode [ 1229.827174][T27237] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1229.838760][T27237] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1229.884324][T27237] team0: Port device team_slave_0 added [ 1229.902716][T27237] team0: Port device team_slave_1 added [ 1229.949619][T27237] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1229.956686][T27237] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1229.986044][T27237] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1230.008015][T27237] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1230.015671][T27237] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1230.042065][T27237] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1230.130407][T27237] hsr_slave_0: entered promiscuous mode [ 1230.140011][T27237] hsr_slave_1: entered promiscuous mode [ 1230.154778][T27237] debugfs: 'hsr0' already exists in 'hsr' [ 1230.160808][T27237] Cannot create hsr debugfs directory [ 1231.025161][T13250] Bluetooth: hci3: command tx timeout [ 1231.343715][T13250] Bluetooth: hci4: command tx timeout [ 1231.541791][T13250] Bluetooth: hci1: unexpected event 0x09 length: 435 > 3 [ 1231.860663][T27273] netlink: 'syz.1.4752': attribute type 10 has an invalid length. [ 1231.875715][T27273] netlink: 330 bytes leftover after parsing attributes in process `syz.1.4752'. [ 1231.886523][T27273] netlink: 330 bytes leftover after parsing attributes in process `syz.1.4752'. [ 1232.453602][T27283] netlink: 16 bytes leftover after parsing attributes in process `syz.1.4755'. [ 1233.095375][T13250] Bluetooth: hci3: command tx timeout [ 1233.413810][T13250] Bluetooth: hci4: command tx timeout [ 1233.798525][T27301] perf: Dynamic interrupt throttling disabled, can hang your system! [ 1233.897788][T27303] zswap: compressor  not available [ 1234.067777][T27311] nbd: couldn't find a device at index 35644 [ 1234.223250][T27313] program syz.1.4764 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1234.588173][T27318] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount. [ 1234.630331][T27318] CIFS mount error: No usable UNC path provided in device string! [ 1234.630331][T27318] [ 1234.648199][T27318] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 1235.172344][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 1235.180347][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 1235.484462][T13250] Bluetooth: hci4: command tx timeout [ 1237.002920][T27332] zswap: compressor  not available [ 1237.554387][T13250] Bluetooth: hci4: command tx timeout [ 1238.320587][T27355] netlink: 342 bytes leftover after parsing attributes in process `syz.1.4773'. [ 1239.224655][T27364] netlink: 342 bytes leftover after parsing attributes in process `syz.1.4774'. [ 1239.973603][T27370] bridge0: port 4(team0) entered blocking state [ 1239.979961][T27370] bridge0: port 4(team0) entered disabled state [ 1239.993007][T27370] team0: entered allmulticast mode [ 1240.003000][T27370] team_slave_1: entered allmulticast mode [ 1240.024444][T27370] team0: entered promiscuous mode [ 1240.029941][T27370] team_slave_0: entered promiscuous mode [ 1240.040132][T27370] team_slave_1: entered promiscuous mode [ 1240.055254][T27370] bridge0: port 4(team0) entered blocking state [ 1240.061568][T27370] bridge0: port 4(team0) entered forwarding state [ 1240.367584][T27375] random: crng reseeded on system resumption [ 1242.909915][T27407] netlink: 'syz.1.4787': attribute type 10 has an invalid length. [ 1242.917813][T27407] netlink: 330 bytes leftover after parsing attributes in process `syz.1.4787'. [ 1242.929935][T27407] netlink: 330 bytes leftover after parsing attributes in process `syz.1.4787'. [ 1244.689243][T27428] perf: Dynamic interrupt throttling disabled, can hang your system! [ 1245.587406][T27431] netlink: 342 bytes leftover after parsing attributes in process `syz.1.4795'. [ 1246.775225][T27444] FAULT_INJECTION: forcing a failure. [ 1246.775225][T27444] name failslab, interval 1, probability 0, space 0, times 0 [ 1246.788279][T27444] CPU: 0 UID: 0 PID: 27444 Comm: syz.1.4800 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1246.788305][T27444] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1246.788311][T27444] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1246.788321][T27444] Call Trace: [ 1246.788327][T27444] [ 1246.788333][T27444] dump_stack_lvl+0x100/0x190 [ 1246.788361][T27444] should_fail_ex.cold+0x5/0xa [ 1246.788379][T27444] ? tomoyo_encode2+0xfb/0x3c0 [ 1246.788394][T27444] should_failslab+0xc2/0x120 [ 1246.788409][T27444] __kmalloc_noprof+0xe0/0x850 [ 1246.788431][T27444] ? rcu_is_watching+0x12/0xc0 [ 1246.788455][T27444] tomoyo_encode2+0xfb/0x3c0 [ 1246.788473][T27444] tomoyo_encode+0x29/0x50 [ 1246.788487][T27444] tomoyo_realpath_from_path+0x18c/0x690 [ 1246.788507][T27444] tomoyo_check_open_permission+0x2af/0x3c0 [ 1246.788530][T27444] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 1246.788569][T27444] ? lock_acquire+0x1cf/0x380 [ 1246.788587][T27444] ? find_held_lock+0x2b/0x80 [ 1246.788605][T27444] tomoyo_file_open+0x6b/0x90 [ 1246.788623][T27444] security_file_open+0xb5/0x1e0 [ 1246.788638][T27444] do_dentry_open+0x5aa/0x1660 [ 1246.788666][T27444] vfs_open+0x82/0x3f0 [ 1246.788685][T27444] path_openat+0x208c/0x31a0 [ 1246.788705][T27444] ? __pfx_path_openat+0x10/0x10 [ 1246.788726][T27444] do_file_open+0x20e/0x430 [ 1246.788751][T27444] ? __pfx_do_file_open+0x10/0x10 [ 1246.788780][T27444] ? alloc_fd+0x476/0x790 [ 1246.788805][T27444] ? do_getname+0x191/0x390 [ 1246.788824][T27444] do_sys_openat2+0x10d/0x1e0 [ 1246.788843][T27444] ? __pfx_do_sys_openat2+0x10/0x10 [ 1246.788868][T27444] __x64_sys_openat+0x12d/0x210 [ 1246.788886][T27444] ? __pfx___x64_sys_openat+0x10/0x10 [ 1246.788912][T27444] do_syscall_64+0x106/0xf80 [ 1246.788928][T27444] ? clear_bhb_loop+0x40/0x90 [ 1246.788946][T27444] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1246.788962][T27444] RIP: 0033:0x7fc675b9c629 [ 1246.788975][T27444] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1246.788990][T27444] RSP: 002b:00007fc676a49028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1246.789005][T27444] RAX: ffffffffffffffda RBX: 00007fc675e15fa0 RCX: 00007fc675b9c629 [ 1246.789014][T27444] RDX: 0000000000002401 RSI: 0000200000000180 RDI: ffffffffffffff9c [ 1246.789024][T27444] RBP: 00007fc675c32b39 R08: 0000000000000000 R09: 0000000000000000 [ 1246.789033][T27444] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1246.789041][T27444] R13: 00007fc675e16038 R14: 00007fc675e15fa0 R15: 00007ffed8d690c8 [ 1246.789061][T27444] [ 1246.789079][T27444] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1247.265427][T27453] netlink: 342 bytes leftover after parsing attributes in process `syz.1.4802'. [ 1249.055088][T27462] netlink: 'syz.1.4805': attribute type 1 has an invalid length. [ 1249.101432][T13250] Bluetooth: hci1: unknown advertising packet type: 0xea [ 1249.108255][T27465] futex_wake_op: syz.1.4806 tries to shift op by -2048; fix this program [ 1249.124823][T27465] futex_wake_op: syz.1.4806 tries to shift op by -2048; fix this program [ 1250.189570][T27476] zswap: compressor  not available [ 1251.281650][T27483] pci 0000:00:01.0: [8086:7110] type 00 class 0x060100 conventional PCI endpoint [ 1251.311313][T27483] PCI: Can't parse resource_alignment parameter: /d [ 1251.410655][T27483] can: request_module (can-proto-4) failed. [ 1251.467913][T27488] netlink: 'syz.1.4813': attribute type 10 has an invalid length. [ 1251.476056][T27488] netlink: 330 bytes leftover after parsing attributes in process `syz.1.4813'. [ 1251.488157][T27488] netlink: 330 bytes leftover after parsing attributes in process `syz.1.4813'. [ 1252.502090][T27495] FAULT_INJECTION: forcing a failure. [ 1252.502090][T27495] name failslab, interval 1, probability 0, space 0, times 0 [ 1252.515024][T27495] CPU: 0 UID: 0 PID: 27495 Comm: syz.1.4815 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1252.515049][T27495] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1252.515055][T27495] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1252.515064][T27495] Call Trace: [ 1252.515069][T27495] [ 1252.515075][T27495] dump_stack_lvl+0x100/0x190 [ 1252.515100][T27495] should_fail_ex.cold+0x5/0xa [ 1252.515117][T27495] ? tomoyo_encode2+0xfb/0x3c0 [ 1252.515131][T27495] should_failslab+0xc2/0x120 [ 1252.515152][T27495] __kmalloc_noprof+0xe0/0x850 [ 1252.515172][T27495] ? rcu_is_watching+0x12/0xc0 [ 1252.515196][T27495] tomoyo_encode2+0xfb/0x3c0 [ 1252.515213][T27495] tomoyo_encode+0x29/0x50 [ 1252.515226][T27495] tomoyo_realpath_from_path+0x18c/0x690 [ 1252.515245][T27495] tomoyo_check_open_permission+0x2af/0x3c0 [ 1252.515267][T27495] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 1252.515307][T27495] ? do_raw_spin_lock+0x128/0x260 [ 1252.515328][T27495] ? path_get+0x61/0x80 [ 1252.515345][T27495] tomoyo_file_open+0x6b/0x90 [ 1252.515363][T27495] security_file_open+0xb5/0x1e0 [ 1252.515377][T27495] do_dentry_open+0x5aa/0x1660 [ 1252.515400][T27495] ? security_inode_permission+0xbf/0x250 [ 1252.515424][T27495] vfs_open+0x82/0x3f0 [ 1252.515442][T27495] path_openat+0x208c/0x31a0 [ 1252.515463][T27495] ? __pfx_path_openat+0x10/0x10 [ 1252.515483][T27495] do_file_open+0x20e/0x430 [ 1252.515498][T27495] ? __pfx_do_file_open+0x10/0x10 [ 1252.515524][T27495] ? alloc_fd+0x476/0x790 [ 1252.515548][T27495] ? do_getname+0x191/0x390 [ 1252.515566][T27495] do_sys_openat2+0x10d/0x1e0 [ 1252.515583][T27495] ? __pfx_do_sys_openat2+0x10/0x10 [ 1252.515607][T27495] __x64_sys_openat+0x12d/0x210 [ 1252.515625][T27495] ? __pfx___x64_sys_openat+0x10/0x10 [ 1252.515650][T27495] do_syscall_64+0x106/0xf80 [ 1252.515665][T27495] ? clear_bhb_loop+0x40/0x90 [ 1252.515683][T27495] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1252.515698][T27495] RIP: 0033:0x7fc675b9c629 [ 1252.515711][T27495] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1252.515726][T27495] RSP: 002b:00007fc676a49028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1252.515740][T27495] RAX: ffffffffffffffda RBX: 00007fc675e15fa0 RCX: 00007fc675b9c629 [ 1252.515750][T27495] RDX: 0000000000000400 RSI: 00002000000001c0 RDI: ffffffffffffff9c [ 1252.515759][T27495] RBP: 00007fc675c32b39 R08: 0000000000000000 R09: 0000000000000000 [ 1252.515768][T27495] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1252.515776][T27495] R13: 00007fc675e16038 R14: 00007fc675e15fa0 R15: 00007ffed8d690c8 [ 1252.515795][T27495] [ 1252.515813][T27495] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1255.244487][T27516] netlink: 342 bytes leftover after parsing attributes in process `syz.1.4819'. [ 1256.798604][T27528] FAULT_INJECTION: forcing a failure. [ 1256.798604][T27528] name failslab, interval 1, probability 0, space 0, times 0 [ 1256.836161][T27528] CPU: 0 UID: 0 PID: 27528 Comm: syz.1.4821 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1256.836187][T27528] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1256.836193][T27528] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1256.836203][T27528] Call Trace: [ 1256.836208][T27528] [ 1256.836215][T27528] dump_stack_lvl+0x100/0x190 [ 1256.836241][T27528] should_fail_ex.cold+0x5/0xa [ 1256.836259][T27528] should_failslab+0xc2/0x120 [ 1256.836274][T27528] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 1256.836295][T27528] ? taskstats_exit+0x650/0xbd0 [ 1256.836321][T27528] taskstats_exit+0x650/0xbd0 [ 1256.836343][T27528] ? __pfx_acct_update_integrals+0x10/0x10 [ 1256.836367][T27528] ? __pfx_taskstats_exit+0x10/0x10 [ 1256.836391][T27528] ? rcu_read_lock_any_held+0x6a/0xa0 [ 1256.836414][T27528] ? exit_signals+0x395/0xaf0 [ 1256.836432][T27528] do_exit+0x5ca/0x2aa0 [ 1256.836454][T27528] ? __pfx_do_exit+0x10/0x10 [ 1256.836473][T27528] ? do_raw_spin_lock+0x128/0x260 [ 1256.836494][T27528] ? find_held_lock+0x2b/0x80 [ 1256.836507][T27528] ? get_signal+0x7e0/0x21e0 [ 1256.836523][T27528] do_group_exit+0xd5/0x2a0 [ 1256.836544][T27528] get_signal+0x1ec7/0x21e0 [ 1256.836565][T27528] ? __pfx_get_signal+0x10/0x10 [ 1256.836581][T27528] ? do_futex+0x192/0x350 [ 1256.836602][T27528] arch_do_signal_or_restart+0x91/0x770 [ 1256.836622][T27528] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 1256.836645][T27528] ? __pfx___x64_sys_futex+0x10/0x10 [ 1256.836668][T27528] exit_to_user_mode_loop+0x86/0x4a0 [ 1256.836695][T27528] do_syscall_64+0x668/0xf80 [ 1256.836711][T27528] ? clear_bhb_loop+0x40/0x90 [ 1256.836729][T27528] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1256.836745][T27528] RIP: 0033:0x7fc675b9c629 [ 1256.836758][T27528] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1256.836773][T27528] RSP: 002b:00007fc676a490e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1256.836788][T27528] RAX: fffffffffffffe00 RBX: 00007fc675e15fa8 RCX: 00007fc675b9c629 [ 1256.836798][T27528] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fc675e15fa8 [ 1256.836807][T27528] RBP: 00007fc675e15fa0 R08: 0000000000000000 R09: 0000000000000000 [ 1256.836816][T27528] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1256.836825][T27528] R13: 00007fc675e16038 R14: 00007ffed8d68fe0 R15: 00007ffed8d690c8 [ 1256.836844][T27528] [ 1258.028907][T27538] FAULT_INJECTION: forcing a failure. [ 1258.028907][T27538] name failslab, interval 1, probability 0, space 0, times 0 [ 1258.058070][T27538] CPU: 0 UID: 0 PID: 27538 Comm: syz.1.4824 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1258.058098][T27538] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1258.058104][T27538] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1258.058114][T27538] Call Trace: [ 1258.058120][T27538] [ 1258.058126][T27538] dump_stack_lvl+0x100/0x190 [ 1258.058153][T27538] should_fail_ex.cold+0x5/0xa [ 1258.058172][T27538] should_failslab+0xc2/0x120 [ 1258.058187][T27538] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1258.058204][T27538] ? trace_pid_list_alloc+0x232/0x480 [ 1258.058230][T27538] trace_pid_list_alloc+0x232/0x480 [ 1258.058254][T27538] trace_pid_write+0x110/0x460 [ 1258.058277][T27538] ? __pfx_trace_pid_write+0x10/0x10 [ 1258.058310][T27538] event_pid_write.isra.0+0x1e4/0x800 [ 1258.058335][T27538] ? __pfx_event_pid_write.isra.0+0x10/0x10 [ 1258.058364][T27538] vfs_write+0x2aa/0x1070 [ 1258.058386][T27538] ? __pfx_ftrace_event_npid_write+0x10/0x10 [ 1258.058415][T27538] ? __pfx_vfs_write+0x10/0x10 [ 1258.058435][T27538] ? __fget_files+0x215/0x3d0 [ 1258.058463][T27538] ? __fget_files+0x21f/0x3d0 [ 1258.058490][T27538] ksys_write+0x12a/0x250 [ 1258.058511][T27538] ? __pfx_ksys_write+0x10/0x10 [ 1258.058539][T27538] do_syscall_64+0x106/0xf80 [ 1258.058555][T27538] ? clear_bhb_loop+0x40/0x90 [ 1258.058581][T27538] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1258.058597][T27538] RIP: 0033:0x7fc675b9c629 [ 1258.058611][T27538] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1258.058626][T27538] RSP: 002b:00007fc676a49028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1258.058641][T27538] RAX: ffffffffffffffda RBX: 00007fc675e15fa0 RCX: 00007fc675b9c629 [ 1258.058651][T27538] RDX: 00000000fffffdef RSI: 0000000000000000 RDI: 0000000000000003 [ 1258.058660][T27538] RBP: 00007fc675c32b39 R08: 0000000000000000 R09: 0000000000000000 [ 1258.058670][T27538] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1258.058679][T27538] R13: 00007fc675e16038 R14: 00007fc675e15fa0 R15: 00007ffed8d690c8 [ 1258.058700][T27538] [ 1258.708161][T27540] FAULT_INJECTION: forcing a failure. [ 1258.708161][T27540] name failslab, interval 1, probability 0, space 0, times 0 [ 1258.721595][T27540] CPU: 0 UID: 0 PID: 27540 Comm: syz.1.4825 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1258.721620][T27540] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1258.721626][T27540] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1258.721635][T27540] Call Trace: [ 1258.721640][T27540] [ 1258.721646][T27540] dump_stack_lvl+0x100/0x190 [ 1258.721673][T27540] should_fail_ex.cold+0x5/0xa [ 1258.721691][T27540] should_failslab+0xc2/0x120 [ 1258.721706][T27540] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 1258.721727][T27540] ? taskstats_exit+0x650/0xbd0 [ 1258.721753][T27540] taskstats_exit+0x650/0xbd0 [ 1258.721775][T27540] ? __pfx_acct_update_integrals+0x10/0x10 [ 1258.721799][T27540] ? __pfx_taskstats_exit+0x10/0x10 [ 1258.721822][T27540] ? rcu_read_lock_any_held+0x6a/0xa0 [ 1258.721846][T27540] ? exit_signals+0x395/0xaf0 [ 1258.721863][T27540] do_exit+0x5ca/0x2aa0 [ 1258.721884][T27540] ? __pfx_do_exit+0x10/0x10 [ 1258.721907][T27540] ? do_raw_spin_lock+0x128/0x260 [ 1258.721927][T27540] ? find_held_lock+0x2b/0x80 [ 1258.721940][T27540] ? get_signal+0x7e0/0x21e0 [ 1258.721957][T27540] do_group_exit+0xd5/0x2a0 [ 1258.721977][T27540] get_signal+0x1ec7/0x21e0 [ 1258.721999][T27540] ? __pfx_get_signal+0x10/0x10 [ 1258.722014][T27540] ? do_futex+0x192/0x350 [ 1258.722035][T27540] arch_do_signal_or_restart+0x91/0x770 [ 1258.722055][T27540] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 1258.722078][T27540] ? __pfx___x64_sys_futex+0x10/0x10 [ 1258.722101][T27540] exit_to_user_mode_loop+0x86/0x4a0 [ 1258.722121][T27540] do_syscall_64+0x668/0xf80 [ 1258.722138][T27540] ? clear_bhb_loop+0x40/0x90 [ 1258.722156][T27540] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1258.722171][T27540] RIP: 0033:0x7fc675b9c629 [ 1258.722184][T27540] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1258.722198][T27540] RSP: 002b:00007fc676a490e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1258.722213][T27540] RAX: fffffffffffffe00 RBX: 00007fc675e15fa8 RCX: 00007fc675b9c629 [ 1258.722223][T27540] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fc675e15fa8 [ 1258.722233][T27540] RBP: 00007fc675e15fa0 R08: 0000000000000000 R09: 0000000000000000 [ 1258.722242][T27540] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1258.722250][T27540] R13: 00007fc675e16038 R14: 00007ffed8d68fe0 R15: 00007ffed8d690c8 [ 1258.722270][T27540] [ 1261.260524][T27557] FAULT_INJECTION: forcing a failure. [ 1261.260524][T27557] name fail_futex, interval 1, probability 0, space 0, times 0 [ 1261.274266][T27557] CPU: 0 UID: 0 PID: 27557 Comm: syz.1.4829 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1261.274292][T27557] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1261.274299][T27557] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1261.274308][T27557] Call Trace: [ 1261.274314][T27557] [ 1261.274320][T27557] dump_stack_lvl+0x100/0x190 [ 1261.274346][T27557] should_fail_ex.cold+0x5/0xa [ 1261.274365][T27557] get_futex_key+0x1d2/0x1620 [ 1261.274385][T27557] ? __pfx_get_futex_key+0x10/0x10 [ 1261.274408][T27557] futex_wait_setup+0x81/0x500 [ 1261.274435][T27557] __futex_wait+0x19f/0x300 [ 1261.274457][T27557] ? __pfx___futex_wait+0x10/0x10 [ 1261.274482][T27557] ? __pfx_futex_wake_mark+0x10/0x10 [ 1261.274506][T27557] ? futex_hash+0x2c5/0x380 [ 1261.274528][T27557] futex_wait+0xed/0x380 [ 1261.274549][T27557] ? __pfx_futex_wait+0x10/0x10 [ 1261.274574][T27557] ? ksys_write+0x190/0x250 [ 1261.274600][T27557] do_futex+0x1ef/0x350 [ 1261.274619][T27557] ? __pfx_do_futex+0x10/0x10 [ 1261.274642][T27557] __x64_sys_futex+0x34f/0x4d0 [ 1261.274662][T27557] ? __pfx___x64_sys_futex+0x10/0x10 [ 1261.274688][T27557] do_syscall_64+0x106/0xf80 [ 1261.274704][T27557] ? clear_bhb_loop+0x40/0x90 [ 1261.274722][T27557] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1261.274738][T27557] RIP: 0033:0x7fc675b9c629 [ 1261.274751][T27557] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1261.274766][T27557] RSP: 002b:00007fc676a490e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1261.274781][T27557] RAX: ffffffffffffffda RBX: 00007fc675e15fa8 RCX: 00007fc675b9c629 [ 1261.274791][T27557] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fc675e15fa8 [ 1261.274800][T27557] RBP: 00007fc675e15fa0 R08: 0000000000000000 R09: 0000000000000000 [ 1261.274809][T27557] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1261.274818][T27557] R13: 00007fc675e16038 R14: 00007ffed8d68fe0 R15: 00007ffed8d690c8 [ 1261.274838][T27557] [ 1261.542605][T27559] netlink: 'syz.1.4830': attribute type 10 has an invalid length. [ 1261.550466][T27559] netlink: 330 bytes leftover after parsing attributes in process `syz.1.4830'. [ 1261.561226][T27559] netlink: 330 bytes leftover after parsing attributes in process `syz.1.4830'. [ 1262.916051][T27571] net_ratelimit: 8 callbacks suppressed [ 1262.916075][T27571] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 1264.597103][T27590] FAULT_INJECTION: forcing a failure. [ 1264.597103][T27590] name failslab, interval 1, probability 0, space 0, times 0 [ 1264.610019][T27590] CPU: 0 UID: 0 PID: 27590 Comm: syz.1.4839 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1264.610045][T27590] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1264.610051][T27590] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1264.610061][T27590] Call Trace: [ 1264.610066][T27590] [ 1264.610073][T27590] dump_stack_lvl+0x100/0x190 [ 1264.610100][T27590] should_fail_ex.cold+0x5/0xa [ 1264.610118][T27590] should_failslab+0xc2/0x120 [ 1264.610132][T27590] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1264.610150][T27590] ? trace_pid_list_alloc+0x232/0x480 [ 1264.610178][T27590] trace_pid_list_alloc+0x232/0x480 [ 1264.610202][T27590] trace_pid_write+0x110/0x460 [ 1264.610225][T27590] ? __pfx_trace_pid_write+0x10/0x10 [ 1264.610258][T27590] event_pid_write.isra.0+0x1e4/0x800 [ 1264.610282][T27590] ? __pfx_event_pid_write.isra.0+0x10/0x10 [ 1264.610311][T27590] vfs_write+0x2aa/0x1070 [ 1264.610333][T27590] ? __pfx_ftrace_event_npid_write+0x10/0x10 [ 1264.610358][T27590] ? __pfx_vfs_write+0x10/0x10 [ 1264.610378][T27590] ? __fget_files+0x215/0x3d0 [ 1264.610404][T27590] ? __fget_files+0x21f/0x3d0 [ 1264.610431][T27590] ksys_write+0x12a/0x250 [ 1264.610452][T27590] ? __pfx_ksys_write+0x10/0x10 [ 1264.610479][T27590] do_syscall_64+0x106/0xf80 [ 1264.610495][T27590] ? clear_bhb_loop+0x40/0x90 [ 1264.610517][T27590] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1264.610533][T27590] RIP: 0033:0x7fc675b9c629 [ 1264.610546][T27590] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1264.610561][T27590] RSP: 002b:00007fc676a49028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1264.610576][T27590] RAX: ffffffffffffffda RBX: 00007fc675e15fa0 RCX: 00007fc675b9c629 [ 1264.610586][T27590] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000003 [ 1264.610594][T27590] RBP: 00007fc675c32b39 R08: 0000000000000000 R09: 0000000000000000 [ 1264.610603][T27590] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1264.610613][T27590] R13: 00007fc675e16038 R14: 00007fc675e15fa0 R15: 00007ffed8d690c8 [ 1264.610634][T27590] [ 1265.091204][T27596] netlink: 342 bytes leftover after parsing attributes in process `syz.1.4840'. [ 1265.134310][T27596] netlink: 342 bytes leftover after parsing attributes in process `syz.1.4840'. [ 1265.169206][T27596] netlink: 342 bytes leftover after parsing attributes in process `syz.1.4840'. [ 1265.789316][T27599] FAULT_INJECTION: forcing a failure. [ 1265.789316][T27599] name failslab, interval 1, probability 0, space 0, times 0 [ 1265.802812][T27599] CPU: 0 UID: 0 PID: 27599 Comm: syz.1.4841 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1265.802838][T27599] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1265.802843][T27599] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1265.802853][T27599] Call Trace: [ 1265.802859][T27599] [ 1265.802865][T27599] dump_stack_lvl+0x100/0x190 [ 1265.802891][T27599] should_fail_ex.cold+0x5/0xa [ 1265.802909][T27599] should_failslab+0xc2/0x120 [ 1265.802923][T27599] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 1265.802944][T27599] ? taskstats_exit+0x650/0xbd0 [ 1265.802970][T27599] taskstats_exit+0x650/0xbd0 [ 1265.802992][T27599] ? __pfx_acct_update_integrals+0x10/0x10 [ 1265.803016][T27599] ? __pfx_taskstats_exit+0x10/0x10 [ 1265.803040][T27599] ? rcu_read_lock_any_held+0x6a/0xa0 [ 1265.803063][T27599] ? exit_signals+0x395/0xaf0 [ 1265.803081][T27599] do_exit+0x5ca/0x2aa0 [ 1265.803102][T27599] ? __pfx_do_exit+0x10/0x10 [ 1265.803121][T27599] ? do_raw_spin_lock+0x128/0x260 [ 1265.803141][T27599] ? find_held_lock+0x2b/0x80 [ 1265.803154][T27599] ? get_signal+0x7e0/0x21e0 [ 1265.803170][T27599] do_group_exit+0xd5/0x2a0 [ 1265.803190][T27599] get_signal+0x1ec7/0x21e0 [ 1265.803212][T27599] ? __pfx_get_signal+0x10/0x10 [ 1265.803228][T27599] ? do_futex+0x192/0x350 [ 1265.803248][T27599] arch_do_signal_or_restart+0x91/0x770 [ 1265.803267][T27599] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 1265.803290][T27599] ? __pfx___x64_sys_futex+0x10/0x10 [ 1265.803313][T27599] exit_to_user_mode_loop+0x86/0x4a0 [ 1265.803333][T27599] do_syscall_64+0x668/0xf80 [ 1265.803350][T27599] ? clear_bhb_loop+0x40/0x90 [ 1265.803368][T27599] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1265.803383][T27599] RIP: 0033:0x7fc675b9c629 [ 1265.803396][T27599] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1265.803411][T27599] RSP: 002b:00007fc676a490e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1265.803425][T27599] RAX: fffffffffffffe00 RBX: 00007fc675e15fa8 RCX: 00007fc675b9c629 [ 1265.803435][T27599] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fc675e15fa8 [ 1265.803444][T27599] RBP: 00007fc675e15fa0 R08: 0000000000000000 R09: 0000000000000000 [ 1265.803453][T27599] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1265.803461][T27599] R13: 00007fc675e16038 R14: 00007ffed8d68fe0 R15: 00007ffed8d690c8 [ 1265.803480][T27599] [ 1267.675907][T16512] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 1267.686951][T16512] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 1267.694910][T16512] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 1267.702785][T16512] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 1267.710148][T16512] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 1267.868321][T27615] chnl_net:caif_netlink_parms(): no params data found [ 1267.975055][T27615] bridge0: port 1(bridge_slave_0) entered blocking state [ 1267.989602][T27615] bridge0: port 1(bridge_slave_0) entered disabled state [ 1268.002930][T27615] bridge_slave_0: entered allmulticast mode [ 1268.022752][T27615] bridge_slave_0: entered promiscuous mode [ 1268.041885][T27615] bridge0: port 2(bridge_slave_1) entered blocking state [ 1268.050108][T27615] bridge0: port 2(bridge_slave_1) entered disabled state [ 1268.069812][T27615] bridge_slave_1: entered allmulticast mode [ 1268.088260][T27615] bridge_slave_1: entered promiscuous mode [ 1268.168676][T27615] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1268.198649][T27615] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1268.273258][T27615] team0: Port device team_slave_0 added [ 1268.292823][T27615] team0: Port device team_slave_1 added [ 1268.338131][T27615] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1268.356282][T27615] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1268.422444][T27615] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1268.455580][T27615] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1268.473654][T27615] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1268.505970][T27615] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1268.552710][T27615] hsr_slave_0: entered promiscuous mode [ 1268.559817][T27615] hsr_slave_1: entered promiscuous mode [ 1268.565944][T27615] debugfs: 'hsr0' already exists in 'hsr' [ 1268.572063][T27615] Cannot create hsr debugfs directory [ 1268.886304][T27628] FAULT_INJECTION: forcing a failure. [ 1268.886304][T27628] name failslab, interval 1, probability 0, space 0, times 0 [ 1268.899243][T27628] CPU: 0 UID: 0 PID: 27628 Comm: syz.1.4847 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1268.899270][T27628] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1268.899276][T27628] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1268.899285][T27628] Call Trace: [ 1268.899291][T27628] [ 1268.899298][T27628] dump_stack_lvl+0x100/0x190 [ 1268.899325][T27628] should_fail_ex.cold+0x5/0xa [ 1268.899344][T27628] should_failslab+0xc2/0x120 [ 1268.899359][T27628] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1268.899377][T27628] ? cgroup_file_open+0x90/0x470 [ 1268.899394][T27628] ? lockdep_init_map_type+0x5c/0x250 [ 1268.899417][T27628] cgroup_file_open+0x90/0x470 [ 1268.899439][T27628] ? __pfx_cgroup_file_open+0x10/0x10 [ 1268.899456][T27628] kernfs_fop_open+0x8b5/0xd50 [ 1268.899477][T27628] do_dentry_open+0x6d8/0x1660 [ 1268.899499][T27628] ? __pfx_kernfs_fop_open+0x10/0x10 [ 1268.899519][T27628] vfs_open+0x82/0x3f0 [ 1268.899538][T27628] path_openat+0x208c/0x31a0 [ 1268.899560][T27628] ? __pfx_path_openat+0x10/0x10 [ 1268.899581][T27628] do_file_open+0x20e/0x430 [ 1268.899597][T27628] ? __pfx_do_file_open+0x10/0x10 [ 1268.899626][T27628] ? alloc_fd+0x476/0x790 [ 1268.899649][T27628] ? do_getname+0x191/0x390 [ 1268.899669][T27628] do_sys_openat2+0x10d/0x1e0 [ 1268.899686][T27628] ? __pfx_do_sys_openat2+0x10/0x10 [ 1268.899711][T27628] __x64_sys_openat+0x12d/0x210 [ 1268.899729][T27628] ? __pfx___x64_sys_openat+0x10/0x10 [ 1268.899755][T27628] do_syscall_64+0x106/0xf80 [ 1268.899771][T27628] ? clear_bhb_loop+0x40/0x90 [ 1268.899789][T27628] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1268.899804][T27628] RIP: 0033:0x7fc675b9c629 [ 1268.899817][T27628] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1268.899832][T27628] RSP: 002b:00007fc676a49028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1268.899846][T27628] RAX: ffffffffffffffda RBX: 00007fc675e15fa0 RCX: 00007fc675b9c629 [ 1268.899856][T27628] RDX: 0000000000022001 RSI: 00002000000000c0 RDI: ffffffffffffff9c [ 1268.899866][T27628] RBP: 00007fc675c32b39 R08: 0000000000000000 R09: 0000000000000000 [ 1268.899875][T27628] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1268.899884][T27628] R13: 00007fc675e16038 R14: 00007fc675e15fa0 R15: 00007ffed8d690c8 [ 1268.899904][T27628] [ 1269.402791][T13250] Bluetooth: hci1: unknown advertising packet type: 0xea [ 1269.407669][T27639] futex_wake_op: syz.1.4852 tries to shift op by -2048; fix this program [ 1269.423336][T27639] futex_wake_op: syz.1.4852 tries to shift op by -2048; fix this program [ 1269.723653][T13250] Bluetooth: hci6: command tx timeout [ 1270.478873][T27653] netlink: 'syz.1.4856': attribute type 10 has an invalid length. [ 1270.486920][T27653] netlink: 330 bytes leftover after parsing attributes in process `syz.1.4856'. [ 1270.499061][T27653] netlink: 330 bytes leftover after parsing attributes in process `syz.1.4856'. [ 1270.546974][T27655] netlink: 342 bytes leftover after parsing attributes in process `syz.1.4857'. [ 1271.794020][T13250] Bluetooth: hci6: command tx timeout [ 1273.864579][T13250] Bluetooth: hci6: command tx timeout [ 1275.934832][T13250] Bluetooth: hci6: command tx timeout [ 1277.679186][T27707] zswap: compressor  not available [ 1278.397233][T27723] netlink: 342 bytes leftover after parsing attributes in process `syz.1.4874'. [ 1279.572004][T27740] netlink: 'syz.1.4877': attribute type 10 has an invalid length. [ 1279.579942][T27740] netlink: 330 bytes leftover after parsing attributes in process `syz.1.4877'. [ 1279.591885][T27740] netlink: 330 bytes leftover after parsing attributes in process `syz.1.4877'. [ 1279.648459][T27742] program syz.1.4878 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1279.798483][T27746] FAULT_INJECTION: forcing a failure. [ 1279.798483][T27746] name fail_futex, interval 1, probability 0, space 0, times 0 [ 1279.811853][T27746] CPU: 0 UID: 0 PID: 27746 Comm: syz.1.4880 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1279.811878][T27746] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1279.811884][T27746] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1279.811894][T27746] Call Trace: [ 1279.811899][T27746] [ 1279.811905][T27746] dump_stack_lvl+0x100/0x190 [ 1279.811932][T27746] should_fail_ex.cold+0x5/0xa [ 1279.811950][T27746] get_futex_key+0x1d2/0x1620 [ 1279.811970][T27746] ? __pfx_get_futex_key+0x10/0x10 [ 1279.811994][T27746] futex_wait_setup+0x81/0x500 [ 1279.812020][T27746] __futex_wait+0x19f/0x300 [ 1279.812043][T27746] ? __pfx___futex_wait+0x10/0x10 [ 1279.812067][T27746] ? __pfx_futex_wake_mark+0x10/0x10 [ 1279.812092][T27746] ? find_held_lock+0x2b/0x80 [ 1279.812105][T27746] ? futex_wake+0x456/0x530 [ 1279.812130][T27746] futex_wait+0xed/0x380 [ 1279.812151][T27746] ? __pfx_futex_wait+0x10/0x10 [ 1279.812176][T27746] ? putname+0xb1/0x110 [ 1279.812189][T27746] ? kmem_cache_free+0x124/0x6a0 [ 1279.812211][T27746] do_futex+0x1ef/0x350 [ 1279.812230][T27746] ? __pfx_do_futex+0x10/0x10 [ 1279.812247][T27746] ? __pfx_do_sys_openat2+0x10/0x10 [ 1279.812269][T27746] __x64_sys_futex+0x34f/0x4d0 [ 1279.812297][T27746] ? __x64_sys_openat+0x12d/0x210 [ 1279.812315][T27746] ? __pfx___x64_sys_futex+0x10/0x10 [ 1279.812341][T27746] do_syscall_64+0x106/0xf80 [ 1279.812357][T27746] ? clear_bhb_loop+0x40/0x90 [ 1279.812375][T27746] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1279.812391][T27746] RIP: 0033:0x7fc675b9c629 [ 1279.812404][T27746] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1279.812418][T27746] RSP: 002b:00007fc676a490e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1279.812433][T27746] RAX: ffffffffffffffda RBX: 00007fc675e15fa8 RCX: 00007fc675b9c629 [ 1279.812443][T27746] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fc675e15fa8 [ 1279.812452][T27746] RBP: 00007fc675e15fa0 R08: 0000000000000000 R09: 0000000000000000 [ 1279.812461][T27746] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1279.812470][T27746] R13: 00007fc675e16038 R14: 00007ffed8d68fe0 R15: 00007ffed8d690c8 [ 1279.812489][T27746] [ 1280.138664][T27750] perf: Dynamic interrupt throttling disabled, can hang your system! [ 1281.038370][T27756] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4884'. [ 1283.075366][T27781] FAULT_INJECTION: forcing a failure. [ 1283.075366][T27781] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1283.089248][T27781] CPU: 0 UID: 0 PID: 27781 Comm: syz.1.4892 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1283.089274][T27781] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1283.089280][T27781] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1283.089289][T27781] Call Trace: [ 1283.089295][T27781] [ 1283.089301][T27781] dump_stack_lvl+0x100/0x190 [ 1283.089327][T27781] should_fail_ex.cold+0x5/0xa [ 1283.089342][T27781] ? prepare_alloc_pages+0x16d/0x5f0 [ 1283.089359][T27781] should_fail_alloc_page+0xeb/0x140 [ 1283.089375][T27781] prepare_alloc_pages+0x1f0/0x5f0 [ 1283.089394][T27781] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 1283.089423][T27781] ? stack_trace_save+0x8e/0xc0 [ 1283.089438][T27781] ? __pfx_stack_trace_save+0x10/0x10 [ 1283.089452][T27781] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 1283.089472][T27781] ? stack_depot_save_flags+0x27/0x9d0 [ 1283.089499][T27781] ? kasan_save_stack+0x3f/0x50 [ 1283.089519][T27781] ? kasan_save_stack+0x30/0x50 [ 1283.089539][T27781] ? kasan_save_track+0x14/0x30 [ 1283.089558][T27781] ? __kasan_kmalloc+0xaa/0xb0 [ 1283.089579][T27781] ? do_file_open+0x20e/0x430 [ 1283.089592][T27781] ? do_sys_openat2+0x10d/0x1e0 [ 1283.089608][T27781] ? __x64_sys_openat+0x12d/0x210 [ 1283.089624][T27781] ? do_syscall_64+0x106/0xf80 [ 1283.089640][T27781] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1283.089658][T27781] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1283.089683][T27781] ? policy_nodemask+0xed/0x4f0 [ 1283.089699][T27781] alloc_pages_mpol+0x1fb/0x550 [ 1283.089714][T27781] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 1283.089734][T27781] alloc_pages_noprof+0x131/0x390 [ 1283.089749][T27781] get_zeroed_page_noprof+0x18/0xb0 [ 1283.089764][T27781] mon_alloc_buff+0xce/0x1b0 [ 1283.089784][T27781] ? kasan_save_track+0x14/0x30 [ 1283.089807][T27781] mon_bin_open+0x207/0x470 [ 1283.089828][T27781] ? __pfx_mon_bin_open+0x10/0x10 [ 1283.089848][T27781] chrdev_open+0x234/0x6a0 [ 1283.089862][T27781] ? __pfx_apparmor_file_open+0x10/0x10 [ 1283.089881][T27781] ? __pfx_chrdev_open+0x10/0x10 [ 1283.089896][T27781] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 1283.089923][T27781] do_dentry_open+0x6d8/0x1660 [ 1283.089954][T27781] ? __pfx_chrdev_open+0x10/0x10 [ 1283.089973][T27781] vfs_open+0x82/0x3f0 [ 1283.089992][T27781] path_openat+0x208c/0x31a0 [ 1283.090012][T27781] ? __pfx_path_openat+0x10/0x10 [ 1283.090033][T27781] do_file_open+0x20e/0x430 [ 1283.090049][T27781] ? __pfx_do_file_open+0x10/0x10 [ 1283.090076][T27781] ? alloc_fd+0x476/0x790 [ 1283.090100][T27781] ? do_getname+0x191/0x390 [ 1283.090119][T27781] do_sys_openat2+0x10d/0x1e0 [ 1283.090137][T27781] ? __pfx_do_sys_openat2+0x10/0x10 [ 1283.090156][T27781] ? __fget_files+0x21f/0x3d0 [ 1283.090181][T27781] __x64_sys_openat+0x12d/0x210 [ 1283.090199][T27781] ? __pfx___x64_sys_openat+0x10/0x10 [ 1283.090224][T27781] do_syscall_64+0x106/0xf80 [ 1283.090243][T27781] ? clear_bhb_loop+0x40/0x90 [ 1283.090262][T27781] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1283.090277][T27781] RIP: 0033:0x7fc675b9c629 [ 1283.090290][T27781] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1283.090305][T27781] RSP: 002b:00007fc676a49028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1283.090320][T27781] RAX: ffffffffffffffda RBX: 00007fc675e15fa0 RCX: 00007fc675b9c629 [ 1283.090331][T27781] RDX: 0000000000000400 RSI: 00002000000000c0 RDI: ffffffffffffff9c [ 1283.090340][T27781] RBP: 00007fc675c32b39 R08: 0000000000000000 R09: 0000000000000000 [ 1283.090349][T27781] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1283.090357][T27781] R13: 00007fc675e16038 R14: 00007fc675e15fa0 R15: 00007ffed8d690c8 [ 1283.090377][T27781] [ 1283.519911][T27785] FAULT_INJECTION: forcing a failure. [ 1283.519911][T27785] name fail_futex, interval 1, probability 0, space 0, times 0 [ 1283.532978][T27785] CPU: 0 UID: 0 PID: 27785 Comm: syz.1.4893 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1283.533003][T27785] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1283.533009][T27785] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1283.533018][T27785] Call Trace: [ 1283.533024][T27785] [ 1283.533030][T27785] dump_stack_lvl+0x100/0x190 [ 1283.533056][T27785] should_fail_ex.cold+0x5/0xa [ 1283.533074][T27785] get_futex_key+0x1d2/0x1620 [ 1283.533094][T27785] ? __pfx_get_futex_key+0x10/0x10 [ 1283.533113][T27785] ? trace_pid_list_is_set+0x11a/0x390 [ 1283.533133][T27785] ? trace_pid_list_is_set+0x22c/0x390 [ 1283.533157][T27785] futex_wait_setup+0x81/0x500 [ 1283.533183][T27785] __futex_wait+0x19f/0x300 [ 1283.533206][T27785] ? __pfx___futex_wait+0x10/0x10 [ 1283.533226][T27785] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 1283.533242][T27785] ? lockdep_hardirqs_on+0x78/0x100 [ 1283.533260][T27785] ? __pfx_futex_wake_mark+0x10/0x10 [ 1283.533284][T27785] ? find_held_lock+0x2b/0x80 [ 1283.533298][T27785] ? futex_wake+0x456/0x530 [ 1283.533323][T27785] futex_wait+0xed/0x380 [ 1283.533344][T27785] ? __pfx_futex_wait+0x10/0x10 [ 1283.533369][T27785] ? putname+0xb1/0x110 [ 1283.533382][T27785] ? kmem_cache_free+0x124/0x6a0 [ 1283.533404][T27785] do_futex+0x1ef/0x350 [ 1283.533423][T27785] ? __pfx_do_futex+0x10/0x10 [ 1283.533440][T27785] ? __pfx_do_sys_openat2+0x10/0x10 [ 1283.533462][T27785] __x64_sys_futex+0x34f/0x4d0 [ 1283.533482][T27785] ? __x64_sys_openat+0x12d/0x210 [ 1283.533500][T27785] ? __pfx___x64_sys_futex+0x10/0x10 [ 1283.533525][T27785] do_syscall_64+0x106/0xf80 [ 1283.533540][T27785] ? clear_bhb_loop+0x40/0x90 [ 1283.533558][T27785] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1283.533574][T27785] RIP: 0033:0x7fc675b9c629 [ 1283.533587][T27785] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1283.533602][T27785] RSP: 002b:00007fc676a490e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1283.533616][T27785] RAX: ffffffffffffffda RBX: 00007fc675e15fa8 RCX: 00007fc675b9c629 [ 1283.533626][T27785] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fc675e15fa8 [ 1283.533635][T27785] RBP: 00007fc675e15fa0 R08: 0000000000000000 R09: 0000000000000000 [ 1283.533644][T27785] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1283.533653][T27785] R13: 00007fc675e16038 R14: 00007ffed8d68fe0 R15: 00007ffed8d690c8 [ 1283.533673][T27785] [ 1284.721220][T16512] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 1284.736125][T16512] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 1284.743791][T16512] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 1284.752740][T16512] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 1284.760063][T16512] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 1285.066126][T27792] chnl_net:caif_netlink_parms(): no params data found [ 1285.281907][T27792] bridge0: port 1(bridge_slave_0) entered blocking state [ 1285.289094][T27792] bridge0: port 1(bridge_slave_0) entered disabled state [ 1285.319949][T27792] bridge_slave_0: entered allmulticast mode [ 1285.342432][T27792] bridge_slave_0: entered promiscuous mode [ 1285.372225][T27792] bridge0: port 2(bridge_slave_1) entered blocking state [ 1285.379310][T27792] bridge0: port 2(bridge_slave_1) entered disabled state [ 1285.429020][T27792] bridge_slave_1: entered allmulticast mode [ 1285.452248][T27792] bridge_slave_1: entered promiscuous mode [ 1285.544026][T27792] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1285.577585][T27792] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1285.651556][T27792] team0: Port device team_slave_0 added [ 1285.671528][T27792] team0: Port device team_slave_1 added [ 1285.727533][T27792] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1285.745402][T27792] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1285.784513][T27792] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1285.816620][T27792] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1285.826922][T27792] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1285.854922][T27792] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1285.905057][T27792] hsr_slave_0: entered promiscuous mode [ 1285.911626][T27792] hsr_slave_1: entered promiscuous mode [ 1285.918137][T27792] debugfs: 'hsr0' already exists in 'hsr' [ 1285.923916][T27792] Cannot create hsr debugfs directory [ 1286.842868][T16512] Bluetooth: hci7: command tx timeout [ 1287.044651][T27815] zswap: compressor  not available [ 1288.192879][T27828] perf: Dynamic interrupt throttling disabled, can hang your system! [ 1288.913024][T16512] Bluetooth: hci7: command tx timeout [ 1289.178107][T27832] FAULT_INJECTION: forcing a failure. [ 1289.178107][T27832] name fail_futex, interval 1, probability 0, space 0, times 0 [ 1289.217652][T27832] CPU: 0 UID: 0 PID: 27832 Comm: syz.1.4903 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1289.217678][T27832] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1289.217685][T27832] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1289.217694][T27832] Call Trace: [ 1289.217699][T27832] [ 1289.217705][T27832] dump_stack_lvl+0x100/0x190 [ 1289.217732][T27832] should_fail_ex.cold+0x5/0xa [ 1289.217750][T27832] get_futex_key+0x1d2/0x1620 [ 1289.217771][T27832] ? __pfx_get_futex_key+0x10/0x10 [ 1289.217795][T27832] futex_wake+0xea/0x530 [ 1289.217817][T27832] ? __pfx_futex_wake+0x10/0x10 [ 1289.217841][T27832] ? putname+0xb1/0x110 [ 1289.217854][T27832] ? kmem_cache_free+0x124/0x6a0 [ 1289.217877][T27832] do_futex+0x32b/0x350 [ 1289.217896][T27832] ? __pfx_do_futex+0x10/0x10 [ 1289.217912][T27832] ? __pfx_do_sys_openat2+0x10/0x10 [ 1289.217935][T27832] __x64_sys_futex+0x34f/0x4d0 [ 1289.217954][T27832] ? __x64_sys_openat+0x12d/0x210 [ 1289.217972][T27832] ? __pfx___x64_sys_futex+0x10/0x10 [ 1289.217998][T27832] do_syscall_64+0x106/0xf80 [ 1289.218014][T27832] ? clear_bhb_loop+0x40/0x90 [ 1289.218031][T27832] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1289.218047][T27832] RIP: 0033:0x7fc675b9c629 [ 1289.218060][T27832] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1289.218074][T27832] RSP: 002b:00007fc676a280e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1289.218090][T27832] RAX: ffffffffffffffda RBX: 00007fc675e16098 RCX: 00007fc675b9c629 [ 1289.218100][T27832] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fc675e1609c [ 1289.218109][T27832] RBP: 00007fc675e16090 R08: 0000000000000000 R09: 0000000000000000 [ 1289.218118][T27832] R10: 0000000000000007 R11: 0000000000000246 R12: 0000000000000000 [ 1289.218126][T27832] R13: 00007fc675e16128 R14: 00007ffed8d68fe0 R15: 00007ffed8d690c8 [ 1289.218146][T27832] [ 1289.468348][T12428] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1 [ 1289.625692][T12428] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9 [ 1289.635807][T12428] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9 [ 1289.643750][T12428] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4 [ 1289.651370][T12428] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2 [ 1289.982587][T27833] chnl_net:caif_netlink_parms(): no params data found [ 1290.153962][T27833] bridge0: port 1(bridge_slave_0) entered blocking state [ 1290.174475][T27833] bridge0: port 1(bridge_slave_0) entered disabled state [ 1290.194273][T27833] bridge_slave_0: entered allmulticast mode [ 1290.212899][T27833] bridge_slave_0: entered promiscuous mode [ 1290.230972][T27833] bridge0: port 2(bridge_slave_1) entered blocking state [ 1290.246842][T27833] bridge0: port 2(bridge_slave_1) entered disabled state [ 1290.264445][T27833] bridge_slave_1: entered allmulticast mode [ 1290.278413][T27833] bridge_slave_1: entered promiscuous mode [ 1290.335160][T27833] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1290.365963][T27833] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1290.419466][T27833] team0: Port device team_slave_0 added [ 1290.437679][T27833] team0: Port device team_slave_1 added [ 1290.499652][T27833] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1290.507187][T27833] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1290.541929][T27833] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1290.575025][T27833] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1290.582790][T27833] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1290.610063][T27833] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1290.671770][T27833] hsr_slave_0: entered promiscuous mode [ 1290.680523][T27833] hsr_slave_1: entered promiscuous mode [ 1290.687209][T27833] debugfs: 'hsr0' already exists in 'hsr' [ 1290.692997][T27833] Cannot create hsr debugfs directory [ 1290.881685][T27858] program syz.1.4908 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1290.983309][T12428] Bluetooth: hci7: command tx timeout [ 1291.700023][T12428] Bluetooth: hci8: command tx timeout [ 1291.855563][T27862] FAULT_INJECTION: forcing a failure. [ 1291.855563][T27862] name failslab, interval 1, probability 0, space 0, times 0 [ 1291.871205][T27862] CPU: 0 UID: 0 PID: 27862 Comm: syz.1.4910 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1291.871231][T27862] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1291.871237][T27862] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1291.871247][T27862] Call Trace: [ 1291.871252][T27862] [ 1291.871258][T27862] dump_stack_lvl+0x100/0x190 [ 1291.871285][T27862] should_fail_ex.cold+0x5/0xa [ 1291.871304][T27862] should_failslab+0xc2/0x120 [ 1291.871319][T27862] __kmalloc_node_noprof+0xe6/0x850 [ 1291.871339][T27862] ? alloc_slab_obj_exts+0x4e/0x190 [ 1291.871361][T27862] alloc_slab_obj_exts+0x4e/0x190 [ 1291.871380][T27862] __memcg_slab_post_alloc_hook+0x24a/0x9a0 [ 1291.871400][T27862] ? kasan_save_track+0x14/0x30 [ 1291.871423][T27862] kmem_cache_alloc_noprof+0x58a/0x6e0 [ 1291.871443][T27862] ? alloc_buffer_head+0x21/0x140 [ 1291.871462][T27862] alloc_buffer_head+0x21/0x140 [ 1291.871477][T27862] folio_alloc_buffers+0x2a0/0x8f0 [ 1291.871499][T27862] create_empty_buffers+0x3a/0x660 [ 1291.871520][T27862] folio_create_buffers+0x13b/0x1a0 [ 1291.871540][T27862] __block_write_begin_int+0x393/0x19c0 [ 1291.871559][T27862] ? filemap_add_folio+0x114/0x690 [ 1291.871581][T27862] ? __pfx_filemap_add_folio+0x10/0x10 [ 1291.871606][T27862] ? __pfx___block_write_begin_int+0x10/0x10 [ 1291.871632][T27862] iomap_write_begin+0x1664/0x2340 [ 1291.871659][T27862] ? fault_in_readable+0xde/0x190 [ 1291.871681][T27862] ? fault_in_readable+0xde/0x190 [ 1291.871702][T27862] ? __pfx_iomap_write_begin+0x10/0x10 [ 1291.871722][T27862] ? fault_in_readable+0x14c/0x190 [ 1291.871744][T27862] ? __pfx_fault_in_readable+0x10/0x10 [ 1291.871764][T27862] ? rcu_is_cpu_rrupt_from_idle+0x1b0/0x270 [ 1291.871786][T27862] ? I_BDEV+0xd/0x20 [ 1291.871806][T27862] ? inode_to_bdi+0x9e/0x160 [ 1291.871832][T27862] iomap_file_buffered_write+0x48b/0xac0 [ 1291.871862][T27862] ? __pfx_iomap_file_buffered_write+0x10/0x10 [ 1291.871889][T27862] ? inode_set_ctime_current+0x283/0x8a0 [ 1291.871916][T27862] ? __mark_inode_dirty+0x55c/0x1790 [ 1291.871935][T27862] ? __pfx_down_read+0x10/0x10 [ 1291.871953][T27862] ? preempt_count_add+0x76/0x150 [ 1291.871974][T27862] ? mnt_put_write_access_file+0x4e/0x100 [ 1291.871997][T27862] ? file_update_time_flags+0x373/0x500 [ 1291.872016][T27862] blkdev_write_iter+0x575/0xd70 [ 1291.872046][T27862] vfs_write+0x6ac/0x1070 [ 1291.872069][T27862] ? __pfx_blkdev_write_iter+0x10/0x10 [ 1291.872088][T27862] ? __pfx_vfs_write+0x10/0x10 [ 1291.872108][T27862] ? find_held_lock+0x2b/0x80 [ 1291.872134][T27862] ksys_write+0x12a/0x250 [ 1291.872155][T27862] ? __pfx_ksys_write+0x10/0x10 [ 1291.872182][T27862] do_syscall_64+0x106/0xf80 [ 1291.872198][T27862] ? clear_bhb_loop+0x40/0x90 [ 1291.872215][T27862] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1291.872231][T27862] RIP: 0033:0x7fc675b9c629 [ 1291.872245][T27862] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1291.872259][T27862] RSP: 002b:00007fc676a49028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1291.872274][T27862] RAX: ffffffffffffffda RBX: 00007fc675e15fa0 RCX: 00007fc675b9c629 [ 1291.872285][T27862] RDX: 0000000080000000 RSI: 0000200000000040 RDI: 000000000000000a [ 1291.872294][T27862] RBP: 00007fc675c32b39 R08: 0000000000000000 R09: 0000000000000000 [ 1291.872304][T27862] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1291.872313][T27862] R13: 00007fc675e16038 R14: 00007fc675e15fa0 R15: 00007ffed8d690c8 [ 1291.872333][T27862] [ 1292.724381][T27869] netlink: 342 bytes leftover after parsing attributes in process `syz.1.4911'. [ 1293.054036][T12428] Bluetooth: hci7: command tx timeout [ 1293.770379][T12428] Bluetooth: hci8: command tx timeout [ 1295.840530][T12428] Bluetooth: hci8: command tx timeout [ 1296.321365][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 1296.327691][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 1297.609012][T27907] netlink: 342 bytes leftover after parsing attributes in process `syz.1.4921'. [ 1297.799078][T27910] FAULT_INJECTION: forcing a failure. [ 1297.799078][T27910] name failslab, interval 1, probability 0, space 0, times 0 [ 1297.814200][T27910] CPU: 0 UID: 0 PID: 27910 Comm: syz.1.4922 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1297.814226][T27910] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1297.814232][T27910] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1297.814242][T27910] Call Trace: [ 1297.814247][T27910] [ 1297.814253][T27910] dump_stack_lvl+0x100/0x190 [ 1297.814280][T27910] should_fail_ex.cold+0x5/0xa [ 1297.814298][T27910] should_failslab+0xc2/0x120 [ 1297.814313][T27910] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 1297.814333][T27910] ? taskstats_exit+0x650/0xbd0 [ 1297.814360][T27910] taskstats_exit+0x650/0xbd0 [ 1297.814382][T27910] ? __pfx_acct_update_integrals+0x10/0x10 [ 1297.814420][T27910] ? __pfx_taskstats_exit+0x10/0x10 [ 1297.814443][T27910] ? rcu_read_lock_any_held+0x6a/0xa0 [ 1297.814467][T27910] ? exit_signals+0x395/0xaf0 [ 1297.814484][T27910] do_exit+0x5ca/0x2aa0 [ 1297.814506][T27910] ? __pfx_do_exit+0x10/0x10 [ 1297.814524][T27910] ? do_raw_spin_lock+0x128/0x260 [ 1297.814544][T27910] ? find_held_lock+0x2b/0x80 [ 1297.814558][T27910] ? get_signal+0x7e0/0x21e0 [ 1297.814574][T27910] do_group_exit+0xd5/0x2a0 [ 1297.814594][T27910] get_signal+0x1ec7/0x21e0 [ 1297.814616][T27910] ? __pfx_get_signal+0x10/0x10 [ 1297.814631][T27910] ? do_futex+0x192/0x350 [ 1297.814653][T27910] arch_do_signal_or_restart+0x91/0x770 [ 1297.814672][T27910] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 1297.814695][T27910] ? __pfx___x64_sys_futex+0x10/0x10 [ 1297.814718][T27910] exit_to_user_mode_loop+0x86/0x4a0 [ 1297.814738][T27910] do_syscall_64+0x668/0xf80 [ 1297.814754][T27910] ? clear_bhb_loop+0x40/0x90 [ 1297.814772][T27910] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1297.814788][T27910] RIP: 0033:0x7fc675b9c629 [ 1297.814801][T27910] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1297.814816][T27910] RSP: 002b:00007fc676a490e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1297.814831][T27910] RAX: fffffffffffffe00 RBX: 00007fc675e15fa8 RCX: 00007fc675b9c629 [ 1297.814842][T27910] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fc675e15fa8 [ 1297.814851][T27910] RBP: 00007fc675e15fa0 R08: 0000000000000000 R09: 0000000000000000 [ 1297.814860][T27910] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1297.814869][T27910] R13: 00007fc675e16038 R14: 00007ffed8d68fe0 R15: 00007ffed8d690c8 [ 1297.814888][T27910] [ 1298.057959][T12428] Bluetooth: hci8: command tx timeout [ 1298.159701][T27913] FAULT_INJECTION: forcing a failure. [ 1298.159701][T27913] name failslab, interval 1, probability 0, space 0, times 0 [ 1298.172882][T27913] CPU: 0 UID: 0 PID: 27913 Comm: syz.1.4923 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1298.172909][T27913] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1298.172915][T27913] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1298.172925][T27913] Call Trace: [ 1298.172931][T27913] [ 1298.172937][T27913] dump_stack_lvl+0x100/0x190 [ 1298.172963][T27913] should_fail_ex.cold+0x5/0xa [ 1298.172982][T27913] should_failslab+0xc2/0x120 [ 1298.172997][T27913] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 1298.173019][T27913] ? security_inode_alloc+0x3b/0x2c0 [ 1298.173039][T27913] ? lockdep_init_map_type+0x5c/0x250 [ 1298.173061][T27913] security_inode_alloc+0x3b/0x2c0 [ 1298.173082][T27913] inode_init_always_gfp+0xced/0x1040 [ 1298.173107][T27913] alloc_inode+0x8e/0x250 [ 1298.173125][T27913] new_inode+0x22/0x1c0 [ 1298.173144][T27913] configfs_new_inode+0x24/0x4a0 [ 1298.173166][T27913] configfs_create+0xd9/0x370 [ 1298.173188][T27913] configfs_lookup+0x38f/0x780 [ 1298.173213][T27913] lookup_open.isra.0+0x631/0x11b0 [ 1298.173237][T27913] ? __pfx_lookup_open.isra.0+0x10/0x10 [ 1298.173268][T27913] ? mnt_get_write_access+0x1e9/0x2f0 [ 1298.173290][T27913] path_openat+0xa98/0x31a0 [ 1298.173309][T27913] ? __pfx_path_openat+0x10/0x10 [ 1298.173331][T27913] do_file_open+0x20e/0x430 [ 1298.173346][T27913] ? __pfx_do_file_open+0x10/0x10 [ 1298.173383][T27913] ? alloc_fd+0x476/0x790 [ 1298.173408][T27913] ? do_getname+0x191/0x390 [ 1298.173427][T27913] do_sys_openat2+0x10d/0x1e0 [ 1298.173447][T27913] ? __pfx_do_sys_openat2+0x10/0x10 [ 1298.173467][T27913] ? __x64_sys_close_range+0x2d9/0x5d0 [ 1298.173486][T27913] __x64_sys_openat+0x12d/0x210 [ 1298.173505][T27913] ? __pfx___x64_sys_openat+0x10/0x10 [ 1298.173530][T27913] do_syscall_64+0x106/0xf80 [ 1298.173546][T27913] ? clear_bhb_loop+0x40/0x90 [ 1298.173564][T27913] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1298.173579][T27913] RIP: 0033:0x7fc675b9c629 [ 1298.173593][T27913] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1298.173608][T27913] RSP: 002b:00007fc676a28028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1298.173624][T27913] RAX: ffffffffffffffda RBX: 00007fc675e16090 RCX: 00007fc675b9c629 [ 1298.173634][T27913] RDX: 0000000000109103 RSI: 0000200000001280 RDI: ffffffffffffff9c [ 1298.173644][T27913] RBP: 00007fc675c32b39 R08: 0000000000000000 R09: 0000000000000000 [ 1298.173653][T27913] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1298.173662][T27913] R13: 00007fc675e16128 R14: 00007fc675e16090 R15: 00007ffed8d690c8 [ 1298.173683][T27913] [ 1298.682805][T27917] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4925'. [ 1298.701781][T27917] i: entered promiscuous mode [ 1298.716670][T27917] HfR: entered promiscuous mode [ 1300.521849][T27931] FAULT_INJECTION: forcing a failure. [ 1300.521849][T27931] name failslab, interval 1, probability 0, space 0, times 0 [ 1300.536659][T27931] CPU: 0 UID: 0 PID: 27931 Comm: syz.1.4929 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1300.536685][T27931] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1300.536691][T27931] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1300.536700][T27931] Call Trace: [ 1300.536706][T27931] [ 1300.536712][T27931] dump_stack_lvl+0x100/0x190 [ 1300.536738][T27931] should_fail_ex.cold+0x5/0xa [ 1300.536756][T27931] should_failslab+0xc2/0x120 [ 1300.536771][T27931] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 1300.536792][T27931] ? taskstats_exit+0x650/0xbd0 [ 1300.536819][T27931] taskstats_exit+0x650/0xbd0 [ 1300.536841][T27931] ? __pfx_acct_update_integrals+0x10/0x10 [ 1300.536865][T27931] ? __pfx_taskstats_exit+0x10/0x10 [ 1300.536888][T27931] ? rcu_read_lock_any_held+0x6a/0xa0 [ 1300.536912][T27931] ? exit_signals+0x395/0xaf0 [ 1300.536929][T27931] do_exit+0x5ca/0x2aa0 [ 1300.536951][T27931] ? __pfx_do_exit+0x10/0x10 [ 1300.536969][T27931] ? do_raw_spin_lock+0x128/0x260 [ 1300.536990][T27931] ? find_held_lock+0x2b/0x80 [ 1300.537003][T27931] ? get_signal+0x7e0/0x21e0 [ 1300.537019][T27931] do_group_exit+0xd5/0x2a0 [ 1300.537039][T27931] get_signal+0x1ec7/0x21e0 [ 1300.537061][T27931] ? __pfx_get_signal+0x10/0x10 [ 1300.537077][T27931] ? do_futex+0x192/0x350 [ 1300.537097][T27931] arch_do_signal_or_restart+0x91/0x770 [ 1300.537124][T27931] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 1300.537147][T27931] ? __pfx___x64_sys_futex+0x10/0x10 [ 1300.537170][T27931] exit_to_user_mode_loop+0x86/0x4a0 [ 1300.537191][T27931] do_syscall_64+0x668/0xf80 [ 1300.537208][T27931] ? clear_bhb_loop+0x40/0x90 [ 1300.537226][T27931] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1300.537241][T27931] RIP: 0033:0x7fc675b9c629 [ 1300.537254][T27931] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1300.537268][T27931] RSP: 002b:00007fc676a490e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1300.537283][T27931] RAX: fffffffffffffe00 RBX: 00007fc675e15fa8 RCX: 00007fc675b9c629 [ 1300.537293][T27931] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fc675e15fa8 [ 1300.537302][T27931] RBP: 00007fc675e15fa0 R08: 0000000000000000 R09: 0000000000000000 [ 1300.537311][T27931] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1300.537320][T27931] R13: 00007fc675e16038 R14: 00007ffed8d68fe0 R15: 00007ffed8d690c8 [ 1300.537339][T27931] [ 1302.790613][T27964] netlink: 342 bytes leftover after parsing attributes in process `syz.1.4938'. [ 1304.640229][T27979] program syz.1.4942 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1305.061603][T27988] program syz.1.4945 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1309.633969][T28021] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input188 [ 1309.987243][T28025] FAULT_INJECTION: forcing a failure. [ 1309.987243][T28025] name fail_futex, interval 1, probability 0, space 0, times 0 [ 1310.002015][T28025] CPU: 0 UID: 0 PID: 28025 Comm: syz.1.4956 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1310.002041][T28025] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1310.002047][T28025] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1310.002056][T28025] Call Trace: [ 1310.002061][T28025] [ 1310.002067][T28025] dump_stack_lvl+0x100/0x190 [ 1310.002094][T28025] should_fail_ex.cold+0x5/0xa [ 1310.002112][T28025] get_futex_key+0x1d2/0x1620 [ 1310.002132][T28025] ? __pfx_get_futex_key+0x10/0x10 [ 1310.002170][T28025] futex_wake+0xea/0x530 [ 1310.002194][T28025] ? __pfx_futex_wake+0x10/0x10 [ 1310.002217][T28025] ? putname+0xb1/0x110 [ 1310.002230][T28025] ? kmem_cache_free+0x124/0x6a0 [ 1310.002252][T28025] do_futex+0x32b/0x350 [ 1310.002271][T28025] ? __pfx_do_futex+0x10/0x10 [ 1310.002288][T28025] ? __pfx_do_sys_openat2+0x10/0x10 [ 1310.002310][T28025] __x64_sys_futex+0x34f/0x4d0 [ 1310.002329][T28025] ? __x64_sys_openat+0x12d/0x210 [ 1310.002347][T28025] ? __pfx___x64_sys_futex+0x10/0x10 [ 1310.002373][T28025] do_syscall_64+0x106/0xf80 [ 1310.002389][T28025] ? clear_bhb_loop+0x40/0x90 [ 1310.002407][T28025] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1310.002423][T28025] RIP: 0033:0x7fc675b9c629 [ 1310.002436][T28025] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1310.002451][T28025] RSP: 002b:00007fc676a490e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1310.002465][T28025] RAX: ffffffffffffffda RBX: 00007fc675e15fa8 RCX: 00007fc675b9c629 [ 1310.002476][T28025] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fc675e15fac [ 1310.002485][T28025] RBP: 00007fc675e15fa0 R08: 0000000000000000 R09: 0000000000000000 [ 1310.002494][T28025] R10: 0000000000000007 R11: 0000000000000246 R12: 0000000000000000 [ 1310.002502][T28025] R13: 00007fc675e16038 R14: 00007ffed8d68fe0 R15: 00007ffed8d690c8 [ 1310.002522][T28025] [ 1311.063573][T12428] Bluetooth: hci1: unknown advertising packet type: 0xea [ 1311.389652][T28048] netlink: 342 bytes leftover after parsing attributes in process `syz.1.4963'. [ 1312.380995][T28056] perf: Dynamic interrupt throttling disabled, can hang your system! [ 1315.474303][T28086] FAULT_INJECTION: forcing a failure. [ 1315.474303][T28086] name failslab, interval 1, probability 0, space 0, times 0 [ 1315.487646][T28086] CPU: 0 UID: 0 PID: 28086 Comm: syz.1.4972 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1315.487672][T28086] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1315.487678][T28086] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1315.487687][T28086] Call Trace: [ 1315.487692][T28086] [ 1315.487698][T28086] dump_stack_lvl+0x100/0x190 [ 1315.487724][T28086] should_fail_ex.cold+0x5/0xa [ 1315.487742][T28086] should_failslab+0xc2/0x120 [ 1315.487757][T28086] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 1315.487778][T28086] ? taskstats_exit+0x650/0xbd0 [ 1315.487804][T28086] taskstats_exit+0x650/0xbd0 [ 1315.487826][T28086] ? __pfx_acct_update_integrals+0x10/0x10 [ 1315.487850][T28086] ? __pfx_taskstats_exit+0x10/0x10 [ 1315.487873][T28086] ? rcu_read_lock_any_held+0x6a/0xa0 [ 1315.487897][T28086] ? exit_signals+0x395/0xaf0 [ 1315.487914][T28086] do_exit+0x5ca/0x2aa0 [ 1315.487936][T28086] ? __pfx_do_exit+0x10/0x10 [ 1315.487954][T28086] ? do_raw_spin_lock+0x128/0x260 [ 1315.487978][T28086] ? find_held_lock+0x2b/0x80 [ 1315.487991][T28086] ? get_signal+0x7e0/0x21e0 [ 1315.488008][T28086] do_group_exit+0xd5/0x2a0 [ 1315.488028][T28086] get_signal+0x1ec7/0x21e0 [ 1315.488050][T28086] ? __pfx_get_signal+0x10/0x10 [ 1315.488066][T28086] ? do_futex+0x192/0x350 [ 1315.488087][T28086] arch_do_signal_or_restart+0x91/0x770 [ 1315.488106][T28086] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 1315.488129][T28086] ? __pfx___x64_sys_futex+0x10/0x10 [ 1315.488152][T28086] exit_to_user_mode_loop+0x86/0x4a0 [ 1315.488173][T28086] do_syscall_64+0x668/0xf80 [ 1315.488190][T28086] ? clear_bhb_loop+0x40/0x90 [ 1315.488208][T28086] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1315.488223][T28086] RIP: 0033:0x7fc675b9c629 [ 1315.488236][T28086] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1315.488251][T28086] RSP: 002b:00007fc676a490e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1315.488266][T28086] RAX: fffffffffffffe00 RBX: 00007fc675e15fa8 RCX: 00007fc675b9c629 [ 1315.488277][T28086] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fc675e15fa8 [ 1315.488286][T28086] RBP: 00007fc675e15fa0 R08: 0000000000000000 R09: 0000000000000000 [ 1315.488295][T28086] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1315.488303][T28086] R13: 00007fc675e16038 R14: 00007ffed8d68fe0 R15: 00007ffed8d690c8 [ 1315.488323][T28086] [ 1316.700872][T28093] perf: Dynamic interrupt throttling disabled, can hang your system! [ 1318.180725][T28104] netlink: 342 bytes leftover after parsing attributes in process `syz.1.4978'. [ 1320.232411][T12428] Bluetooth: hci1: unknown advertising packet type: 0xea [ 1322.194040][T28138] FAULT_INJECTION: forcing a failure. [ 1322.194040][T28138] name failslab, interval 1, probability 0, space 0, times 0 [ 1322.214198][T28138] CPU: 0 UID: 0 PID: 28138 Comm: syz.1.4988 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1322.214224][T28138] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1322.214230][T28138] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1322.214239][T28138] Call Trace: [ 1322.214245][T28138] [ 1322.214251][T28138] dump_stack_lvl+0x100/0x190 [ 1322.214277][T28138] should_fail_ex.cold+0x5/0xa [ 1322.214295][T28138] should_failslab+0xc2/0x120 [ 1322.214310][T28138] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 1322.214330][T28138] ? taskstats_exit+0x650/0xbd0 [ 1322.214356][T28138] taskstats_exit+0x650/0xbd0 [ 1322.214378][T28138] ? __pfx_acct_update_integrals+0x10/0x10 [ 1322.214402][T28138] ? __pfx_taskstats_exit+0x10/0x10 [ 1322.214425][T28138] ? rcu_read_lock_any_held+0x6a/0xa0 [ 1322.214449][T28138] ? exit_signals+0x395/0xaf0 [ 1322.214466][T28138] do_exit+0x5ca/0x2aa0 [ 1322.214487][T28138] ? __pfx_do_exit+0x10/0x10 [ 1322.214505][T28138] ? do_raw_spin_lock+0x128/0x260 [ 1322.214526][T28138] ? find_held_lock+0x2b/0x80 [ 1322.214539][T28138] ? get_signal+0x7e0/0x21e0 [ 1322.214555][T28138] do_group_exit+0xd5/0x2a0 [ 1322.214575][T28138] get_signal+0x1ec7/0x21e0 [ 1322.214597][T28138] ? __pfx_get_signal+0x10/0x10 [ 1322.214613][T28138] ? do_futex+0x192/0x350 [ 1322.214634][T28138] arch_do_signal_or_restart+0x91/0x770 [ 1322.214653][T28138] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 1322.214676][T28138] ? __pfx___x64_sys_futex+0x10/0x10 [ 1322.214699][T28138] exit_to_user_mode_loop+0x86/0x4a0 [ 1322.214720][T28138] do_syscall_64+0x668/0xf80 [ 1322.214737][T28138] ? clear_bhb_loop+0x40/0x90 [ 1322.214755][T28138] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1322.214770][T28138] RIP: 0033:0x7fc675b9c629 [ 1322.214783][T28138] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1322.214798][T28138] RSP: 002b:00007fc676a490e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1322.214813][T28138] RAX: fffffffffffffe00 RBX: 00007fc675e15fa8 RCX: 00007fc675b9c629 [ 1322.214823][T28138] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fc675e15fa8 [ 1322.214832][T28138] RBP: 00007fc675e15fa0 R08: 0000000000000000 R09: 0000000000000000 [ 1322.214841][T28138] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1322.214857][T28138] R13: 00007fc675e16038 R14: 00007ffed8d68fe0 R15: 00007ffed8d690c8 [ 1322.214877][T28138] [ 1325.162340][T28171] netlink: 'syz.1.4996': attribute type 10 has an invalid length. [ 1325.170554][T28171] netlink: 330 bytes leftover after parsing attributes in process `syz.1.4996'. [ 1325.183995][T28171] netlink: 330 bytes leftover after parsing attributes in process `syz.1.4996'. [ 1327.761799][T16512] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1 [ 1327.779121][T16512] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9 [ 1327.786853][T16512] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9 [ 1327.794783][T16512] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4 [ 1327.802243][T16512] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2 [ 1327.966092][T28194] chnl_net:caif_netlink_parms(): no params data found [ 1328.036093][T28194] bridge0: port 1(bridge_slave_0) entered blocking state [ 1328.044173][T28194] bridge0: port 1(bridge_slave_0) entered disabled state [ 1328.053993][T28194] bridge_slave_0: entered allmulticast mode [ 1328.061327][T28194] bridge_slave_0: entered promiscuous mode [ 1328.069492][T28194] bridge0: port 2(bridge_slave_1) entered blocking state [ 1328.076637][T28194] bridge0: port 2(bridge_slave_1) entered disabled state [ 1328.084406][T28194] bridge_slave_1: entered allmulticast mode [ 1328.104717][T28194] bridge_slave_1: entered promiscuous mode [ 1328.161416][T28194] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1328.188208][T28194] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1328.216884][T28194] team0: Port device team_slave_0 added [ 1328.225375][T28194] team0: Port device team_slave_1 added [ 1328.263416][T28194] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1328.278039][T28194] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1328.331851][T28194] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1328.356028][T28194] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1328.377489][T28194] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1328.438569][T28194] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1328.497762][T28194] hsr_slave_0: entered promiscuous mode [ 1328.504427][T28194] hsr_slave_1: entered promiscuous mode [ 1328.511014][T28194] debugfs: 'hsr0' already exists in 'hsr' [ 1328.516726][T28194] Cannot create hsr debugfs directory [ 1329.847255][T16512] Bluetooth: hci9: command tx timeout [ 1330.018350][T28230] FAULT_INJECTION: forcing a failure. [ 1330.018350][T28230] name failslab, interval 1, probability 0, space 0, times 0 [ 1330.031231][T28230] CPU: 0 UID: 0 PID: 28230 Comm: syz.1.5009 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1330.031257][T28230] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1330.031263][T28230] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1330.031273][T28230] Call Trace: [ 1330.031278][T28230] [ 1330.031284][T28230] dump_stack_lvl+0x100/0x190 [ 1330.031310][T28230] should_fail_ex.cold+0x5/0xa [ 1330.031329][T28230] should_failslab+0xc2/0x120 [ 1330.031344][T28230] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 1330.031365][T28230] ? __d_alloc+0x34/0xa80 [ 1330.031384][T28230] __d_alloc+0x34/0xa80 [ 1330.031401][T28230] d_alloc_parallel+0x111/0x14e0 [ 1330.031421][T28230] ? stack_trace_save+0x8e/0xc0 [ 1330.031437][T28230] ? __lock_acquire+0x4a5/0x2630 [ 1330.031458][T28230] ? __pfx_d_alloc_parallel+0x10/0x10 [ 1330.031479][T28230] ? lockdep_init_map_type+0x5c/0x250 [ 1330.031498][T28230] ? lockdep_init_map_type+0x5c/0x250 [ 1330.031520][T28230] __lookup_slow+0x193/0x460 [ 1330.031538][T28230] ? __pfx___lookup_slow+0x10/0x10 [ 1330.031565][T28230] ? __d_lookup+0x266/0x4a0 [ 1330.031588][T28230] lookup_slow+0x50/0x70 [ 1330.031606][T28230] link_path_walk+0x1377/0x1cc0 [ 1330.031633][T28230] path_openat+0x1be/0x31a0 [ 1330.031646][T28230] ? kasan_save_stack+0x3f/0x50 [ 1330.031666][T28230] ? kasan_save_stack+0x30/0x50 [ 1330.031685][T28230] ? kasan_save_track+0x14/0x30 [ 1330.031705][T28230] ? kmem_cache_alloc_noprof+0x241/0x6e0 [ 1330.031729][T28230] ? __pfx_path_openat+0x10/0x10 [ 1330.031750][T28230] do_file_open+0x20e/0x430 [ 1330.031766][T28230] ? __pfx_do_file_open+0x10/0x10 [ 1330.031793][T28230] ? alloc_fd+0x476/0x790 [ 1330.031817][T28230] ? do_getname+0x191/0x390 [ 1330.031836][T28230] do_sys_openat2+0x10d/0x1e0 [ 1330.031853][T28230] ? __pfx_do_sys_openat2+0x10/0x10 [ 1330.031878][T28230] __x64_sys_openat+0x12d/0x210 [ 1330.031897][T28230] ? __pfx___x64_sys_openat+0x10/0x10 [ 1330.031922][T28230] do_syscall_64+0x106/0xf80 [ 1330.031938][T28230] ? clear_bhb_loop+0x40/0x90 [ 1330.031956][T28230] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1330.031972][T28230] RIP: 0033:0x7fc675b9c629 [ 1330.031985][T28230] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1330.031999][T28230] RSP: 002b:00007fc676a49028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1330.032015][T28230] RAX: ffffffffffffffda RBX: 00007fc675e15fa0 RCX: 00007fc675b9c629 [ 1330.032033][T28230] RDX: 0000000000000002 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 1330.032042][T28230] RBP: 00007fc675c32b39 R08: 0000000000000000 R09: 0000000000000000 [ 1330.032051][T28230] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1330.032060][T28230] R13: 00007fc675e16038 R14: 00007fc675e15fa0 R15: 00007ffed8d690c8 [ 1330.032081][T28230] [ 1331.324629][T28250] FAULT_INJECTION: forcing a failure. [ 1331.324629][T28250] name fail_futex, interval 1, probability 0, space 0, times 0 [ 1331.337882][T28250] CPU: 0 UID: 0 PID: 28250 Comm: syz.1.5016 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1331.337908][T28250] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1331.337914][T28250] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1331.337924][T28250] Call Trace: [ 1331.337929][T28250] [ 1331.337935][T28250] dump_stack_lvl+0x100/0x190 [ 1331.337961][T28250] should_fail_ex.cold+0x5/0xa [ 1331.337980][T28250] get_futex_key+0x1d2/0x1620 [ 1331.338001][T28250] ? __pfx_get_futex_key+0x10/0x10 [ 1331.338017][T28250] ? lock_acquire+0x1cf/0x380 [ 1331.338041][T28250] futex_wake+0xea/0x530 [ 1331.338064][T28250] ? __pfx_futex_wake+0x10/0x10 [ 1331.338085][T28250] ? exit_mm_release+0x19/0x30 [ 1331.338108][T28250] do_futex+0x32b/0x350 [ 1331.338127][T28250] ? __pfx_do_futex+0x10/0x10 [ 1331.338144][T28250] ? __might_fault+0xc5/0x140 [ 1331.338175][T28250] mm_release+0x24a/0x2f0 [ 1331.338190][T28250] do_exit+0x675/0x2aa0 [ 1331.338212][T28250] ? __pfx_do_exit+0x10/0x10 [ 1331.338230][T28250] ? do_raw_spin_lock+0x128/0x260 [ 1331.338250][T28250] ? find_held_lock+0x2b/0x80 [ 1331.338263][T28250] ? get_signal+0x7e0/0x21e0 [ 1331.338280][T28250] do_group_exit+0xd5/0x2a0 [ 1331.338300][T28250] get_signal+0x1ec7/0x21e0 [ 1331.338322][T28250] ? __pfx_get_signal+0x10/0x10 [ 1331.338338][T28250] ? do_futex+0x192/0x350 [ 1331.338358][T28250] arch_do_signal_or_restart+0x91/0x770 [ 1331.338377][T28250] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 1331.338400][T28250] ? __pfx___x64_sys_futex+0x10/0x10 [ 1331.338423][T28250] exit_to_user_mode_loop+0x86/0x4a0 [ 1331.338443][T28250] do_syscall_64+0x668/0xf80 [ 1331.338459][T28250] ? clear_bhb_loop+0x40/0x90 [ 1331.338478][T28250] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1331.338493][T28250] RIP: 0033:0x7fc675b9c629 [ 1331.338506][T28250] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1331.338520][T28250] RSP: 002b:00007fc676a490e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1331.338535][T28250] RAX: fffffffffffffe00 RBX: 00007fc675e15fa8 RCX: 00007fc675b9c629 [ 1331.338545][T28250] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fc675e15fa8 [ 1331.338555][T28250] RBP: 00007fc675e15fa0 R08: 0000000000000000 R09: 0000000000000000 [ 1331.338564][T28250] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1331.338572][T28250] R13: 00007fc675e16038 R14: 00007ffed8d68fe0 R15: 00007ffed8d690c8 [ 1331.338591][T28250] [ 1331.709666][T28258] netlink: 504 bytes leftover after parsing attributes in process `syz.1.5018'. [ 1331.722147][T28258] netlink: 504 bytes leftover after parsing attributes in process `syz.1.5018'. [ 1331.858270][T28262] FAULT_INJECTION: forcing a failure. [ 1331.858270][T28262] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1331.871863][T28262] CPU: 0 UID: 0 PID: 28262 Comm: syz.1.5019 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1331.871889][T28262] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1331.871896][T28262] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1331.871905][T28262] Call Trace: [ 1331.871910][T28262] [ 1331.871916][T28262] dump_stack_lvl+0x100/0x190 [ 1331.871944][T28262] should_fail_ex.cold+0x5/0xa [ 1331.871959][T28262] ? prepare_alloc_pages+0x16d/0x5f0 [ 1331.871978][T28262] should_fail_alloc_page+0xeb/0x140 [ 1331.871994][T28262] prepare_alloc_pages+0x1f0/0x5f0 [ 1331.872013][T28262] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 1331.872043][T28262] ? stack_trace_save+0x8e/0xc0 [ 1331.872058][T28262] ? __pfx_stack_trace_save+0x10/0x10 [ 1331.872072][T28262] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 1331.872092][T28262] ? stack_depot_save_flags+0x27/0x9d0 [ 1331.872119][T28262] ? kasan_save_stack+0x3f/0x50 [ 1331.872139][T28262] ? kasan_save_stack+0x30/0x50 [ 1331.872158][T28262] ? kasan_save_track+0x14/0x30 [ 1331.872178][T28262] ? __kasan_kmalloc+0xaa/0xb0 [ 1331.872200][T28262] ? do_file_open+0x20e/0x430 [ 1331.872213][T28262] ? do_sys_openat2+0x10d/0x1e0 [ 1331.872229][T28262] ? __x64_sys_openat+0x12d/0x210 [ 1331.872246][T28262] ? do_syscall_64+0x106/0xf80 [ 1331.872262][T28262] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1331.872280][T28262] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1331.872306][T28262] ? policy_nodemask+0xed/0x4f0 [ 1331.872322][T28262] alloc_pages_mpol+0x1fb/0x550 [ 1331.872338][T28262] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 1331.872357][T28262] alloc_pages_noprof+0x131/0x390 [ 1331.872373][T28262] get_zeroed_page_noprof+0x18/0xb0 [ 1331.872388][T28262] mon_alloc_buff+0xce/0x1b0 [ 1331.872408][T28262] ? kasan_save_track+0x14/0x30 [ 1331.872431][T28262] mon_bin_open+0x207/0x470 [ 1331.872453][T28262] ? __pfx_mon_bin_open+0x10/0x10 [ 1331.872474][T28262] chrdev_open+0x234/0x6a0 [ 1331.872487][T28262] ? __pfx_apparmor_file_open+0x10/0x10 [ 1331.872507][T28262] ? __pfx_chrdev_open+0x10/0x10 [ 1331.872522][T28262] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 1331.872549][T28262] do_dentry_open+0x6d8/0x1660 [ 1331.872571][T28262] ? __pfx_chrdev_open+0x10/0x10 [ 1331.872589][T28262] vfs_open+0x82/0x3f0 [ 1331.872608][T28262] path_openat+0x208c/0x31a0 [ 1331.872629][T28262] ? __pfx_path_openat+0x10/0x10 [ 1331.872649][T28262] do_file_open+0x20e/0x430 [ 1331.872665][T28262] ? __pfx_do_file_open+0x10/0x10 [ 1331.872693][T28262] ? alloc_fd+0x476/0x790 [ 1331.872717][T28262] ? do_getname+0x191/0x390 [ 1331.872735][T28262] do_sys_openat2+0x10d/0x1e0 [ 1331.872753][T28262] ? __pfx_do_sys_openat2+0x10/0x10 [ 1331.872772][T28262] ? __fget_files+0x21f/0x3d0 [ 1331.872798][T28262] __x64_sys_openat+0x12d/0x210 [ 1331.872816][T28262] ? __pfx___x64_sys_openat+0x10/0x10 [ 1331.872842][T28262] do_syscall_64+0x106/0xf80 [ 1331.872864][T28262] ? clear_bhb_loop+0x40/0x90 [ 1331.872883][T28262] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1331.872898][T28262] RIP: 0033:0x7fc675b9c629 [ 1331.872912][T28262] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1331.872927][T28262] RSP: 002b:00007fc676a49028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1331.872942][T28262] RAX: ffffffffffffffda RBX: 00007fc675e15fa0 RCX: 00007fc675b9c629 [ 1331.872953][T28262] RDX: 0000000000000400 RSI: 00002000000000c0 RDI: ffffffffffffff9c [ 1331.872963][T28262] RBP: 00007fc675c32b39 R08: 0000000000000000 R09: 0000000000000000 [ 1331.872972][T28262] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1331.872982][T28262] R13: 00007fc675e16038 R14: 00007fc675e15fa0 R15: 00007ffed8d690c8 [ 1331.873001][T28262] [ 1332.244054][T16512] Bluetooth: hci9: command tx timeout [ 1334.310576][T12428] Bluetooth: hci9: command tx timeout [ 1334.315987][T12428] Bluetooth: hci0: command 0x0406 tx timeout [ 1336.371495][T12428] Bluetooth: hci9: command tx timeout [ 1339.948637][T28341] FAULT_INJECTION: forcing a failure. [ 1339.948637][T28341] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1339.962339][T28341] CPU: 0 UID: 0 PID: 28341 Comm: syz.1.5043 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1339.962365][T28341] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1339.962371][T28341] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1339.962380][T28341] Call Trace: [ 1339.962386][T28341] [ 1339.962392][T28341] dump_stack_lvl+0x100/0x190 [ 1339.962418][T28341] should_fail_ex.cold+0x5/0xa [ 1339.962433][T28341] ? prepare_alloc_pages+0x16d/0x5f0 [ 1339.962451][T28341] should_fail_alloc_page+0xeb/0x140 [ 1339.962466][T28341] prepare_alloc_pages+0x1f0/0x5f0 [ 1339.962485][T28341] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 1339.962514][T28341] ? stack_trace_save+0x8e/0xc0 [ 1339.962529][T28341] ? __pfx_stack_trace_save+0x10/0x10 [ 1339.962543][T28341] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 1339.962563][T28341] ? stack_depot_save_flags+0x27/0x9d0 [ 1339.962589][T28341] ? kasan_save_stack+0x3f/0x50 [ 1339.962609][T28341] ? kasan_save_stack+0x30/0x50 [ 1339.962629][T28341] ? kasan_save_track+0x14/0x30 [ 1339.962648][T28341] ? __kasan_kmalloc+0xaa/0xb0 [ 1339.962669][T28341] ? do_file_open+0x20e/0x430 [ 1339.962682][T28341] ? do_sys_openat2+0x10d/0x1e0 [ 1339.962698][T28341] ? __x64_sys_openat+0x12d/0x210 [ 1339.962714][T28341] ? do_syscall_64+0x106/0xf80 [ 1339.962730][T28341] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1339.962748][T28341] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1339.962773][T28341] ? policy_nodemask+0xed/0x4f0 [ 1339.962788][T28341] alloc_pages_mpol+0x1fb/0x550 [ 1339.962803][T28341] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 1339.962823][T28341] alloc_pages_noprof+0x131/0x390 [ 1339.962839][T28341] get_zeroed_page_noprof+0x18/0xb0 [ 1339.962854][T28341] mon_alloc_buff+0xce/0x1b0 [ 1339.962887][T28341] ? kasan_save_track+0x14/0x30 [ 1339.962909][T28341] mon_bin_open+0x207/0x470 [ 1339.962933][T28341] ? __pfx_mon_bin_open+0x10/0x10 [ 1339.962953][T28341] chrdev_open+0x234/0x6a0 [ 1339.962967][T28341] ? __pfx_apparmor_file_open+0x10/0x10 [ 1339.962987][T28341] ? __pfx_chrdev_open+0x10/0x10 [ 1339.963007][T28341] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 1339.963035][T28341] do_dentry_open+0x6d8/0x1660 [ 1339.963057][T28341] ? __pfx_chrdev_open+0x10/0x10 [ 1339.963076][T28341] vfs_open+0x82/0x3f0 [ 1339.963095][T28341] path_openat+0x208c/0x31a0 [ 1339.963115][T28341] ? __pfx_path_openat+0x10/0x10 [ 1339.963136][T28341] do_file_open+0x20e/0x430 [ 1339.963151][T28341] ? __pfx_do_file_open+0x10/0x10 [ 1339.963179][T28341] ? alloc_fd+0x476/0x790 [ 1339.963203][T28341] ? do_getname+0x191/0x390 [ 1339.963221][T28341] do_sys_openat2+0x10d/0x1e0 [ 1339.963239][T28341] ? __pfx_do_sys_openat2+0x10/0x10 [ 1339.963258][T28341] ? __fget_files+0x21f/0x3d0 [ 1339.963283][T28341] __x64_sys_openat+0x12d/0x210 [ 1339.963301][T28341] ? __pfx___x64_sys_openat+0x10/0x10 [ 1339.963326][T28341] do_syscall_64+0x106/0xf80 [ 1339.963342][T28341] ? clear_bhb_loop+0x40/0x90 [ 1339.963360][T28341] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1339.963375][T28341] RIP: 0033:0x7fc675b9c629 [ 1339.963388][T28341] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1339.963403][T28341] RSP: 002b:00007fc676a49028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1339.963418][T28341] RAX: ffffffffffffffda RBX: 00007fc675e15fa0 RCX: 00007fc675b9c629 [ 1339.963428][T28341] RDX: 0000000000000400 RSI: 00002000000000c0 RDI: ffffffffffffff9c [ 1339.963438][T28341] RBP: 00007fc675c32b39 R08: 0000000000000000 R09: 0000000000000000 [ 1339.963447][T28341] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1339.963456][T28341] R13: 00007fc675e16038 R14: 00007fc675e15fa0 R15: 00007ffed8d690c8 [ 1339.963476][T28341] [ 1340.385904][T28345] block2mtd: error: cannot open device çinX‘©¼Ëò¨±ÂÚjFBçB>U»;߸³Ilk¬ [ 1340.766278][T28358] netlink: 'syz.1.5049': attribute type 10 has an invalid length. [ 1340.774275][T28358] netlink: 330 bytes leftover after parsing attributes in process `syz.1.5049'. [ 1340.784984][T28358] netlink: 330 bytes leftover after parsing attributes in process `syz.1.5049'. [ 1342.214026][T28380] netlink: 'syz.1.5056': attribute type 10 has an invalid length. [ 1342.223822][T28380] netlink: 330 bytes leftover after parsing attributes in process `syz.1.5056'. [ 1342.234370][T28380] netlink: 330 bytes leftover after parsing attributes in process `syz.1.5056'. [ 1343.389696][T28400] FAULT_INJECTION: forcing a failure. [ 1343.389696][T28400] name failslab, interval 1, probability 0, space 0, times 0 [ 1343.402600][T28400] CPU: 0 UID: 0 PID: 28400 Comm: syz.1.5061 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1343.402626][T28400] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1343.402632][T28400] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1343.402648][T28400] Call Trace: [ 1343.402654][T28400] [ 1343.402660][T28400] dump_stack_lvl+0x100/0x190 [ 1343.402686][T28400] should_fail_ex.cold+0x5/0xa [ 1343.402704][T28400] should_failslab+0xc2/0x120 [ 1343.402719][T28400] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 1343.402739][T28400] ? alloc_empty_file+0x55/0x1c0 [ 1343.402756][T28400] ? __pfx_stack_trace_save+0x10/0x10 [ 1343.402773][T28400] alloc_empty_file+0x55/0x1c0 [ 1343.402791][T28400] path_openat+0xe8/0x31a0 [ 1343.402804][T28400] ? kasan_save_stack+0x3f/0x50 [ 1343.402824][T28400] ? kasan_save_stack+0x30/0x50 [ 1343.402843][T28400] ? kasan_save_track+0x14/0x30 [ 1343.402863][T28400] ? __kasan_slab_alloc+0x89/0x90 [ 1343.402883][T28400] ? kmem_cache_alloc_noprof+0x241/0x6e0 [ 1343.402902][T28400] ? do_getname+0x35/0x390 [ 1343.402918][T28400] ? do_sys_openat2+0xc5/0x1e0 [ 1343.402935][T28400] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1343.402953][T28400] ? __pfx_path_openat+0x10/0x10 [ 1343.402973][T28400] do_file_open+0x20e/0x430 [ 1343.402988][T28400] ? __pfx_do_file_open+0x10/0x10 [ 1343.403015][T28400] ? alloc_fd+0x476/0x790 [ 1343.403040][T28400] ? do_getname+0x191/0x390 [ 1343.403058][T28400] do_sys_openat2+0x10d/0x1e0 [ 1343.403076][T28400] ? __pfx_do_sys_openat2+0x10/0x10 [ 1343.403094][T28400] ? __x64_sys_close_range+0x2d9/0x5d0 [ 1343.403113][T28400] __x64_sys_openat+0x12d/0x210 [ 1343.403131][T28400] ? __pfx___x64_sys_openat+0x10/0x10 [ 1343.403156][T28400] do_syscall_64+0x106/0xf80 [ 1343.403172][T28400] ? clear_bhb_loop+0x40/0x90 [ 1343.403189][T28400] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1343.403204][T28400] RIP: 0033:0x7fc675b9c629 [ 1343.403217][T28400] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1343.403231][T28400] RSP: 002b:00007fc676a49028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1343.403246][T28400] RAX: ffffffffffffffda RBX: 00007fc675e15fa0 RCX: 00007fc675b9c629 [ 1343.403256][T28400] RDX: 0000000000020342 RSI: 00002000000001c0 RDI: ffffffffffffff9c [ 1343.403265][T28400] RBP: 00007fc675c32b39 R08: 0000000000000000 R09: 0000000000000000 [ 1343.403274][T28400] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1343.403282][T28400] R13: 00007fc675e16038 R14: 00007fc675e15fa0 R15: 00007ffed8d690c8 [ 1343.403301][T28400] [ 1343.405647][T28400] program syz.1.5061 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1343.692427][T28400] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 1344.116403][T28409] FAULT_INJECTION: forcing a failure. [ 1344.116403][T28409] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1344.129858][T28409] CPU: 0 UID: 0 PID: 28409 Comm: syz.1.5063 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1344.129884][T28409] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1344.129890][T28409] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1344.129899][T28409] Call Trace: [ 1344.129904][T28409] [ 1344.129910][T28409] dump_stack_lvl+0x100/0x190 [ 1344.129937][T28409] should_fail_ex.cold+0x5/0xa [ 1344.129953][T28409] ? prepare_alloc_pages+0x16d/0x5f0 [ 1344.129971][T28409] should_fail_alloc_page+0xeb/0x140 [ 1344.129986][T28409] prepare_alloc_pages+0x1f0/0x5f0 [ 1344.130005][T28409] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 1344.130034][T28409] ? stack_trace_save+0x8e/0xc0 [ 1344.130049][T28409] ? __pfx_stack_trace_save+0x10/0x10 [ 1344.130063][T28409] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 1344.130083][T28409] ? stack_depot_save_flags+0x27/0x9d0 [ 1344.130110][T28409] ? kasan_save_stack+0x3f/0x50 [ 1344.130129][T28409] ? kasan_save_stack+0x30/0x50 [ 1344.130148][T28409] ? kasan_save_track+0x14/0x30 [ 1344.130168][T28409] ? __kasan_kmalloc+0xaa/0xb0 [ 1344.130189][T28409] ? do_file_open+0x20e/0x430 [ 1344.130202][T28409] ? do_sys_openat2+0x10d/0x1e0 [ 1344.130218][T28409] ? __x64_sys_openat+0x12d/0x210 [ 1344.130234][T28409] ? do_syscall_64+0x106/0xf80 [ 1344.130250][T28409] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1344.130268][T28409] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1344.130293][T28409] ? policy_nodemask+0xed/0x4f0 [ 1344.130309][T28409] alloc_pages_mpol+0x1fb/0x550 [ 1344.130324][T28409] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 1344.130343][T28409] alloc_pages_noprof+0x131/0x390 [ 1344.130359][T28409] get_zeroed_page_noprof+0x18/0xb0 [ 1344.130374][T28409] mon_alloc_buff+0xce/0x1b0 [ 1344.130394][T28409] ? kasan_save_track+0x14/0x30 [ 1344.130416][T28409] mon_bin_open+0x207/0x470 [ 1344.130437][T28409] ? __pfx_mon_bin_open+0x10/0x10 [ 1344.130457][T28409] chrdev_open+0x234/0x6a0 [ 1344.130471][T28409] ? __pfx_apparmor_file_open+0x10/0x10 [ 1344.130491][T28409] ? __pfx_chrdev_open+0x10/0x10 [ 1344.130506][T28409] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 1344.130533][T28409] do_dentry_open+0x6d8/0x1660 [ 1344.130555][T28409] ? __pfx_chrdev_open+0x10/0x10 [ 1344.130582][T28409] vfs_open+0x82/0x3f0 [ 1344.130601][T28409] path_openat+0x208c/0x31a0 [ 1344.130622][T28409] ? __pfx_path_openat+0x10/0x10 [ 1344.130643][T28409] do_file_open+0x20e/0x430 [ 1344.130658][T28409] ? __pfx_do_file_open+0x10/0x10 [ 1344.130686][T28409] ? alloc_fd+0x476/0x790 [ 1344.130710][T28409] ? do_getname+0x191/0x390 [ 1344.130728][T28409] do_sys_openat2+0x10d/0x1e0 [ 1344.130745][T28409] ? __pfx_do_sys_openat2+0x10/0x10 [ 1344.130765][T28409] ? __fget_files+0x21f/0x3d0 [ 1344.130789][T28409] __x64_sys_openat+0x12d/0x210 [ 1344.130808][T28409] ? __pfx___x64_sys_openat+0x10/0x10 [ 1344.130833][T28409] do_syscall_64+0x106/0xf80 [ 1344.130849][T28409] ? clear_bhb_loop+0x40/0x90 [ 1344.130866][T28409] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1344.130882][T28409] RIP: 0033:0x7fc675b9c629 [ 1344.130895][T28409] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1344.130911][T28409] RSP: 002b:00007fc676a49028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1344.130925][T28409] RAX: ffffffffffffffda RBX: 00007fc675e15fa0 RCX: 00007fc675b9c629 [ 1344.130936][T28409] RDX: 0000000000000400 RSI: 00002000000000c0 RDI: ffffffffffffff9c [ 1344.130945][T28409] RBP: 00007fc675c32b39 R08: 0000000000000000 R09: 0000000000000000 [ 1344.130954][T28409] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1344.130963][T28409] R13: 00007fc675e16038 R14: 00007fc675e15fa0 R15: 00007ffed8d690c8 [ 1344.130983][T28409] [ 1344.596225][T28265] Bluetooth: hci10: unexpected cc 0x0c03 length: 249 > 1 [ 1344.606267][T28265] Bluetooth: hci10: unexpected cc 0x1003 length: 249 > 9 [ 1344.616402][T28265] Bluetooth: hci10: unexpected cc 0x1001 length: 249 > 9 [ 1344.624245][T28265] Bluetooth: hci10: unexpected cc 0x0c23 length: 249 > 4 [ 1344.631907][T28265] Bluetooth: hci10: unexpected cc 0x0c38 length: 249 > 2 [ 1344.781393][T28412] chnl_net:caif_netlink_parms(): no params data found [ 1344.856464][T28412] bridge0: port 1(bridge_slave_0) entered blocking state [ 1344.866324][T28412] bridge0: port 1(bridge_slave_0) entered disabled state [ 1344.895393][T28412] bridge_slave_0: entered allmulticast mode [ 1344.909390][T28412] bridge_slave_0: entered promiscuous mode [ 1344.930187][T28412] bridge0: port 2(bridge_slave_1) entered blocking state [ 1344.937289][T28412] bridge0: port 2(bridge_slave_1) entered disabled state [ 1344.953431][T28412] bridge_slave_1: entered allmulticast mode [ 1344.968188][T28412] bridge_slave_1: entered promiscuous mode [ 1345.036346][T28412] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1345.072394][T28412] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1345.143649][T28412] team0: Port device team_slave_0 added [ 1345.163730][T28412] team0: Port device team_slave_1 added [ 1345.225105][T28412] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1345.242732][T28412] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1345.312378][T28412] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1345.342724][T28412] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1345.360590][T28412] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1345.432488][T28412] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1345.482676][T28412] hsr_slave_0: entered promiscuous mode [ 1345.489464][T28412] hsr_slave_1: entered promiscuous mode [ 1345.495727][T28412] debugfs: 'hsr0' already exists in 'hsr' [ 1345.503716][T28412] Cannot create hsr debugfs directory [ 1346.015556][T28433] netlink: 'syz.1.5067': attribute type 10 has an invalid length. [ 1346.023448][T28433] netlink: 330 bytes leftover after parsing attributes in process `syz.1.5067'. [ 1346.035953][T28433] netlink: 330 bytes leftover after parsing attributes in process `syz.1.5067'. [ 1346.464247][T28440] ima: policy update failed [ 1346.470298][ T30] audit: type=1802 audit(4294988280.783:25): pid=28440 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.1.5069" res=0 errno=0 [ 1346.498219][T28444] ima: policy update failed [ 1346.504690][ T30] audit: type=1802 audit(4294988280.823:26): pid=28444 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.1.5069" res=0 errno=0 [ 1346.642395][T28265] Bluetooth: hci10: command tx timeout [ 1347.554846][T28455] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5072'. [ 1347.685018][T28459] netlink: 28 bytes leftover after parsing attributes in process `syz.1.5073'. [ 1347.860279][T28464] input: f¬ as /devices/virtual/input/input190 [ 1348.200269][T28478] netlink: 'syz.1.5080': attribute type 10 has an invalid length. [ 1348.208325][T28478] netlink: 330 bytes leftover after parsing attributes in process `syz.1.5080'. [ 1348.218908][T28478] netlink: 330 bytes leftover after parsing attributes in process `syz.1.5080'. [ 1348.712068][T12428] Bluetooth: hci10: command tx timeout [ 1349.305086][T13250] Bluetooth: hci11: unexpected cc 0x0c03 length: 249 > 1 [ 1349.315070][T13250] Bluetooth: hci11: unexpected cc 0x1003 length: 249 > 9 [ 1349.322924][T13250] Bluetooth: hci11: unexpected cc 0x1001 length: 249 > 9 [ 1349.331209][T13250] Bluetooth: hci11: unexpected cc 0x0c23 length: 249 > 4 [ 1349.338692][T13250] Bluetooth: hci11: unexpected cc 0x0c38 length: 249 > 2 [ 1349.353799][T13250] Bluetooth: hci3: command 0x0406 tx timeout [ 1349.632777][T28488] chnl_net:caif_netlink_parms(): no params data found [ 1349.764811][T28488] bridge0: port 1(bridge_slave_0) entered blocking state [ 1349.788408][T28488] bridge0: port 1(bridge_slave_0) entered disabled state [ 1349.795590][T28488] bridge_slave_0: entered allmulticast mode [ 1349.818360][T28488] bridge_slave_0: entered promiscuous mode [ 1349.831159][T28488] bridge0: port 2(bridge_slave_1) entered blocking state [ 1349.846770][T28488] bridge0: port 2(bridge_slave_1) entered disabled state [ 1349.862896][T28488] bridge_slave_1: entered allmulticast mode [ 1349.878252][T28488] bridge_slave_1: entered promiscuous mode [ 1349.950060][T28488] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1349.980894][T28488] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1350.050741][T28488] team0: Port device team_slave_0 added [ 1350.070615][T28488] team0: Port device team_slave_1 added [ 1350.126065][T28488] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1350.143247][T28488] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1350.205152][T28488] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1350.238774][T28488] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1350.254773][T28488] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1350.314768][T28488] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1350.416029][T28488] hsr_slave_0: entered promiscuous mode [ 1350.431557][T28488] hsr_slave_1: entered promiscuous mode [ 1350.449108][T28488] debugfs: 'hsr0' already exists in 'hsr' [ 1350.462647][T28488] Cannot create hsr debugfs directory [ 1350.782769][T28265] Bluetooth: hci10: command tx timeout [ 1351.421139][T28265] Bluetooth: hci11: command tx timeout [ 1352.303554][T28517] FAULT_INJECTION: forcing a failure. [ 1352.303554][T28517] name failslab, interval 1, probability 0, space 0, times 0 [ 1352.318724][T28517] CPU: 0 UID: 0 PID: 28517 Comm: syz.1.5089 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1352.318749][T28517] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1352.318755][T28517] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1352.318764][T28517] Call Trace: [ 1352.318769][T28517] [ 1352.318775][T28517] dump_stack_lvl+0x100/0x190 [ 1352.318801][T28517] should_fail_ex.cold+0x5/0xa [ 1352.318819][T28517] should_failslab+0xc2/0x120 [ 1352.318834][T28517] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 1352.318855][T28517] ? taskstats_exit+0x650/0xbd0 [ 1352.318881][T28517] taskstats_exit+0x650/0xbd0 [ 1352.318903][T28517] ? __pfx_acct_update_integrals+0x10/0x10 [ 1352.318926][T28517] ? __pfx_taskstats_exit+0x10/0x10 [ 1352.318950][T28517] ? rcu_read_lock_any_held+0x6a/0xa0 [ 1352.318974][T28517] ? exit_signals+0x395/0xaf0 [ 1352.318992][T28517] do_exit+0x5ca/0x2aa0 [ 1352.319013][T28517] ? __pfx_do_exit+0x10/0x10 [ 1352.319032][T28517] ? do_raw_spin_lock+0x128/0x260 [ 1352.319053][T28517] ? find_held_lock+0x2b/0x80 [ 1352.319066][T28517] ? get_signal+0x7e0/0x21e0 [ 1352.319082][T28517] do_group_exit+0xd5/0x2a0 [ 1352.319103][T28517] get_signal+0x1ec7/0x21e0 [ 1352.319124][T28517] ? __pfx_get_signal+0x10/0x10 [ 1352.319140][T28517] ? do_futex+0x192/0x350 [ 1352.319161][T28517] arch_do_signal_or_restart+0x91/0x770 [ 1352.319180][T28517] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 1352.319203][T28517] ? __pfx___x64_sys_futex+0x10/0x10 [ 1352.319226][T28517] exit_to_user_mode_loop+0x86/0x4a0 [ 1352.319247][T28517] do_syscall_64+0x668/0xf80 [ 1352.319263][T28517] ? clear_bhb_loop+0x40/0x90 [ 1352.319280][T28517] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1352.319295][T28517] RIP: 0033:0x7fc675b9c629 [ 1352.319309][T28517] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1352.319323][T28517] RSP: 002b:00007fc676a490e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1352.319338][T28517] RAX: fffffffffffffe00 RBX: 00007fc675e15fa8 RCX: 00007fc675b9c629 [ 1352.319348][T28517] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fc675e15fa8 [ 1352.319357][T28517] RBP: 00007fc675e15fa0 R08: 0000000000000000 R09: 0000000000000000 [ 1352.319366][T28517] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1352.319375][T28517] R13: 00007fc675e16038 R14: 00007ffed8d68fe0 R15: 00007ffed8d690c8 [ 1352.319398][T28517] [ 1352.765609][T28521] zswap: compressor  not available [ 1352.852841][T13250] Bluetooth: hci10: command tx timeout [ 1353.096269][T28534] FAULT_INJECTION: forcing a failure. [ 1353.096269][T28534] name failslab, interval 1, probability 0, space 0, times 0 [ 1353.109461][T28534] CPU: 0 UID: 0 PID: 28534 Comm: syz.1.5095 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1353.109486][T28534] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1353.109492][T28534] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1353.109501][T28534] Call Trace: [ 1353.109506][T28534] [ 1353.109512][T28534] dump_stack_lvl+0x100/0x190 [ 1353.109539][T28534] should_fail_ex.cold+0x5/0xa [ 1353.109557][T28534] should_failslab+0xc2/0x120 [ 1353.109571][T28534] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 1353.109592][T28534] ? taskstats_exit+0x650/0xbd0 [ 1353.109626][T28534] taskstats_exit+0x650/0xbd0 [ 1353.109649][T28534] ? __pfx_acct_update_integrals+0x10/0x10 [ 1353.109673][T28534] ? __pfx_taskstats_exit+0x10/0x10 [ 1353.109696][T28534] ? rcu_read_lock_any_held+0x6a/0xa0 [ 1353.109720][T28534] ? exit_signals+0x395/0xaf0 [ 1353.109737][T28534] do_exit+0x5ca/0x2aa0 [ 1353.109759][T28534] ? __pfx_do_exit+0x10/0x10 [ 1353.109777][T28534] ? do_raw_spin_lock+0x128/0x260 [ 1353.109798][T28534] ? find_held_lock+0x2b/0x80 [ 1353.109811][T28534] ? get_signal+0x7e0/0x21e0 [ 1353.109828][T28534] do_group_exit+0xd5/0x2a0 [ 1353.109848][T28534] get_signal+0x1ec7/0x21e0 [ 1353.109870][T28534] ? __pfx_get_signal+0x10/0x10 [ 1353.109886][T28534] ? do_futex+0x192/0x350 [ 1353.109907][T28534] arch_do_signal_or_restart+0x91/0x770 [ 1353.109926][T28534] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 1353.109949][T28534] ? __pfx___x64_sys_futex+0x10/0x10 [ 1353.109972][T28534] exit_to_user_mode_loop+0x86/0x4a0 [ 1353.109993][T28534] do_syscall_64+0x668/0xf80 [ 1353.110010][T28534] ? clear_bhb_loop+0x40/0x90 [ 1353.110028][T28534] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1353.110043][T28534] RIP: 0033:0x7fc675b9c629 [ 1353.110056][T28534] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1353.110071][T28534] RSP: 002b:00007fc676a490e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1353.110086][T28534] RAX: fffffffffffffe00 RBX: 00007fc675e15fa8 RCX: 00007fc675b9c629 [ 1353.110097][T28534] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fc675e15fa8 [ 1353.110105][T28534] RBP: 00007fc675e15fa0 R08: 0000000000000000 R09: 0000000000000000 [ 1353.110114][T28534] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1353.110123][T28534] R13: 00007fc675e16038 R14: 00007ffed8d68fe0 R15: 00007ffed8d690c8 [ 1353.110142][T28534] [ 1353.491049][T13250] Bluetooth: hci11: command tx timeout [ 1354.607008][T13250] Bluetooth: hci4: command 0x0406 tx timeout [ 1355.562856][T28265] Bluetooth: hci11: command tx timeout [ 1357.474035][ T31] INFO: task kworker/u10:31:22699 blocked for more than 143 seconds. [ 1357.482241][ T31] Tainted: G U L syzkaller #0 [ 1357.488738][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1357.498115][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 1357.504996][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 1357.539807][ T31] task:kworker/u10:31 state:D stack:23704 pid:22699 tgid:22699 ppid:2 task_flags:0x4208160 flags:0x00080000 [ 1357.589077][ T31] Workqueue: netns cleanup_net [ 1357.607413][ T31] Call Trace: [ 1357.618728][ T31] [ 1357.631776][T28265] Bluetooth: hci11: command tx timeout [ 1357.638118][ T31] __schedule+0xfee/0x60e0 [ 1357.653631][ T31] ? __lock_acquire+0x4a5/0x2630 [ 1357.677936][ T31] ? __pfx___schedule+0x10/0x10 [ 1357.695712][ T31] ? find_held_lock+0x2b/0x80 [ 1357.708382][ T31] ? schedule+0x2bf/0x390 [ 1357.724108][ T31] schedule+0xdd/0x390 [ 1357.728182][ T31] schedule_timeout+0x1b2/0x280 [ 1357.799247][ T31] ? __pfx_schedule_timeout+0x10/0x10 [ 1357.804653][ T31] ? mark_held_locks+0x40/0x70 [ 1357.832164][ T31] __wait_for_common+0x2e7/0x4c0 [ 1357.837124][ T31] ? __pfx_schedule_timeout+0x10/0x10 [ 1357.859277][ T31] ? __pfx___wait_for_common+0x10/0x10 [ 1357.864744][ T31] remove_one+0x312/0x420 [ 1357.877968][ T31] ? find_next_child+0x18f/0x280 [ 1357.888934][ T31] __simple_recursive_removal+0x148/0x5c0 [ 1357.894662][ T31] ? __pfx_remove_one+0x10/0x10 [ 1357.903827][ T31] debugfs_remove+0x5d/0x80 [ 1357.908331][ T31] nsim_dev_health_exit+0x3b/0xe0 [ 1357.915408][ T31] nsim_dev_reload_destroy+0x144/0x4a0 [ 1357.921351][ T31] nsim_dev_reload_down+0x66/0xd0 [ 1357.926371][ T31] devlink_reload+0x173/0x790 [ 1357.931323][ T31] ? __pfx_devlink_reload+0x10/0x10 [ 1357.936541][ T31] devlink_pernet_pre_exit+0x222/0x330 [ 1357.942290][ T31] ? __pfx_devlink_pernet_pre_exit+0x10/0x10 [ 1357.948265][ T31] ? kobject_put+0xb9/0x640 [ 1357.953270][ T31] ? __pfx_devlink_pernet_pre_exit+0x10/0x10 [ 1357.961277][ T31] ops_undo_list+0x187/0xab0 [ 1357.965919][ T31] ? __pfx_ops_undo_list+0x10/0x10 [ 1357.971315][ T31] ? cleanup_net+0x332/0x920 [ 1357.975899][ T31] ? cleanup_net+0x332/0x920 [ 1357.980753][ T31] ? idr_destroy+0x62/0x2e0 [ 1357.985270][ T31] cleanup_net+0x499/0x920 [ 1357.989963][ T31] ? __pfx_cleanup_net+0x10/0x10 [ 1357.994894][ T31] ? rcu_is_watching+0x12/0xc0 [ 1357.999925][ T31] process_one_work+0x9d7/0x1920 [ 1358.004867][ T31] ? __pfx_process_one_work+0x10/0x10 [ 1358.010525][ T31] ? __pfx_cleanup_net+0x10/0x10 [ 1358.017232][ T31] worker_thread+0x5da/0xe40 [ 1358.022386][ T31] ? __pfx_worker_thread+0x10/0x10 [ 1358.027499][ T31] ? kthread+0x13a/0x450 [ 1358.032142][ T31] ? __pfx_worker_thread+0x10/0x10 [ 1358.037255][ T31] kthread+0x370/0x450 [ 1358.041599][ T31] ? __pfx_kthread+0x10/0x10 [ 1358.046187][ T31] ret_from_fork+0x754/0xd80 [ 1358.051067][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 1358.056179][ T31] ? __switch_to+0x7b4/0x1120 [ 1358.061118][ T31] ? __pfx_kthread+0x10/0x10 [ 1358.065716][ T31] ret_from_fork_asm+0x1a/0x30 [ 1358.072611][ T31] [ 1358.100466][ T31] INFO: task syz-executor:26958 blocked for more than 143 seconds. [ 1358.127730][ T31] Tainted: G U L syzkaller #0 [ 1358.134237][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1358.164868][ T31] task:syz-executor state:D stack:23752 pid:26958 tgid:26958 ppid:1 task_flags:0x400140 flags:0x00080002 [ 1358.207270][ T31] Call Trace: [ 1358.210546][ T31] [ 1358.213460][ T31] __schedule+0xfee/0x60e0 [ 1358.227181][ T31] ? __lock_acquire+0x4a5/0x2630 [ 1358.232141][ T31] ? __pfx___schedule+0x10/0x10 [ 1358.236972][ T31] ? find_held_lock+0x2b/0x80 [ 1358.257061][ T31] ? schedule+0x2bf/0x390 [ 1358.261394][ T31] schedule+0xdd/0x390 [ 1358.265459][ T31] schedule_preempt_disabled+0x13/0x30 [ 1358.297033][ T31] __mutex_lock+0xc9a/0x1b90 [ 1358.301642][ T31] ? device_del+0xa0/0x9b0 [ 1358.306051][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 1358.345462][ T31] ? mark_held_locks+0x40/0x70 [ 1358.351326][ T31] ? device_del+0xa0/0x9b0 [ 1358.355734][ T31] device_del+0xa0/0x9b0 [ 1358.377572][ T31] ? __pfx_ida_free+0x10/0x10 [ 1358.382310][ T31] ? __pfx_device_del+0x10/0x10 [ 1358.387468][ T31] ? __lock_acquire+0x4a5/0x2630 [ 1358.392404][ T31] device_unregister+0x1d/0xe0 [ 1358.399206][ T31] del_device_store+0x346/0x480 [ 1358.404064][ T31] ? __pfx_del_device_store+0x10/0x10 [ 1358.409826][ T31] ? find_held_lock+0x2b/0x80 [ 1358.414506][ T31] ? sysfs_file_kobj+0xe4/0x290 [ 1358.419694][ T31] ? sysfs_file_kobj+0xe4/0x290 [ 1358.426975][ T31] ? __pfx_del_device_store+0x10/0x10 [ 1358.432368][ T31] bus_attr_store+0x74/0xb0 [ 1358.437133][ T31] ? __pfx_bus_attr_store+0x10/0x10 [ 1358.442320][ T31] sysfs_kf_write+0xf2/0x150 [ 1358.447241][ T31] kernfs_fop_write_iter+0x3e0/0x5f0 [ 1358.452516][ T31] ? __pfx_sysfs_kf_write+0x10/0x10 [ 1358.457989][ T31] vfs_write+0x6ac/0x1070 [ 1358.462317][ T31] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 1358.468399][ T31] ? __pfx_vfs_write+0x10/0x10 [ 1358.473159][ T31] ? __pfx_do_sys_openat2+0x10/0x10 [ 1358.478626][ T31] ksys_write+0x12a/0x250 [ 1358.482964][ T31] ? __pfx_ksys_write+0x10/0x10 [ 1358.488102][ T31] do_syscall_64+0x106/0xf80 [ 1358.492680][ T31] ? clear_bhb_loop+0x40/0x90 [ 1358.497524][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1358.503404][ T31] RIP: 0033:0x7f77cdb5cece [ 1358.510973][ T31] RSP: 002b:00007ffc5dba0628 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1358.520028][ T31] RAX: ffffffffffffffda RBX: 000055555f414500 RCX: 00007f77cdb5cece [ 1358.529883][ T31] RDX: 0000000000000001 RSI: 00007ffc5dba06b0 RDI: 0000000000000005 [ 1358.538053][ T31] RBP: 00007f77cdc3343f R08: 0000000000000000 R09: 0000000000000000 [ 1358.546220][ T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1358.554192][ T31] R13: 00007ffc5dba06b0 R14: 00007f77ce944620 R15: 0000000000000003 [ 1358.562437][ T31] [ 1358.587443][ T31] INFO: task syz.0.4683:26990 blocked for more than 144 seconds. [ 1358.595153][ T31] Tainted: G U L syzkaller #0 [ 1358.617507][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1358.635782][ T31] task:syz.0.4683 state:D stack:29000 pid:26990 tgid:26983 ppid:16510 task_flags:0x400040 flags:0x00080002 [ 1358.659475][ T31] Call Trace: [ 1358.662769][ T31] [ 1358.666083][ T31] __schedule+0xfee/0x60e0 [ 1358.670496][ T31] ? __lock_acquire+0x4a5/0x2630 [ 1358.675719][ T31] ? __pfx___schedule+0x10/0x10 [ 1358.680573][ T31] ? find_held_lock+0x2b/0x80 [ 1358.685491][ T31] ? schedule+0x2bf/0x390 [ 1358.689811][ T31] schedule+0xdd/0x390 [ 1358.693861][ T31] schedule_preempt_disabled+0x13/0x30 [ 1358.699543][ T31] __mutex_lock+0xc9a/0x1b90 [ 1358.704127][ T31] ? __pfx___alloc_skb+0x10/0x10 [ 1358.710041][ T31] ? devlink_health_report+0x681/0xb50 [ 1358.715681][T20355] EXT4-fs error (device sda1): ext4_validate_block_bitmap:423: comm syz.1.3238: bg 1: bad block bitmap checksum [ 1358.731408][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 1358.741037][ T31] ? devlink_recover_notify.constprop.0+0x4d7/0x670 [ 1358.749819][T20355] EXT4-fs error (device sda1) in ext4_mb_clear_bb:6685: Filesystem failed CRC [ 1358.758735][ T31] ? devlink_recover_notify.constprop.0+0x200/0x670 [ 1358.771120][T20355] EXT4-fs error (device sda1): ext4_validate_block_bitmap:423: comm syz.1.3238: bg 2: bad block bitmap checksum [ 1358.785167][ T31] ? devlink_health_report+0x681/0xb50 [ 1358.790625][ T31] devlink_health_report+0x681/0xb50 [ 1358.798327][T20355] EXT4-fs error (device sda1): ext4_discard_preallocations:5702: comm syz.1.3238: Error -74 reading block bitmap for 2 [ 1358.811297][ T31] ? __pfx_devlink_health_report+0x10/0x10 [ 1358.817439][ T31] ? _copy_from_user+0x59/0xd0 [ 1358.822204][ T31] nsim_dev_health_break_write+0x166/0x210 [ 1358.844620][ T31] ? __pfx_nsim_dev_health_break_write+0x10/0x10 [ 1358.850977][ T31] full_proxy_write+0x135/0x1a0 [ 1358.865636][ T31] vfs_write+0x2aa/0x1070 [ 1358.869979][ T31] ? __pfx_full_proxy_write+0x10/0x10 [ 1358.875626][ T31] ? __pfx_vfs_write+0x10/0x10 [ 1358.880400][ T31] ? __fget_files+0x215/0x3d0 [ 1358.885392][ T31] ? __fget_files+0x21f/0x3d0 [ 1358.890070][ T31] ksys_write+0x12a/0x250 [ 1358.894622][ T31] ? __pfx_ksys_write+0x10/0x10 [ 1358.899488][ T31] ? kcov_ioctl+0x16a/0x720 [ 1358.905320][ T31] do_syscall_64+0x106/0xf80 [ 1358.909905][ T31] ? clear_bhb_loop+0x40/0x90 [ 1358.914818][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1358.920700][ T31] RIP: 0033:0x7f6444d9c629 [ 1358.925517][ T31] RSP: 002b:00007f6445b9c028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1358.936056][ T31] RAX: ffffffffffffffda RBX: 00007f6445016090 RCX: 00007f6444d9c629 [ 1358.945709][ T31] RDX: 00000000000001e1 RSI: 0000200000000080 RDI: 0000000000000004 [ 1358.953674][ T31] RBP: 00007f6444e32b39 R08: 0000000000000000 R09: 0000000000000000 [ 1358.962018][ T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1358.970488][ T31] R13: 00007f6445016128 R14: 00007f6445016090 R15: 00007ffc14d95218 [ 1358.978634][ T31] [ 1358.981727][ T31] INFO: task syz.3.4699:27050 blocked for more than 144 seconds. [ 1358.994312][ T31] Tainted: G U L syzkaller #0 [ 1359.000800][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1359.009701][ T31] task:syz.3.4699 state:D stack:28008 pid:27050 tgid:27049 ppid:16939 task_flags:0x400140 flags:0x00080002 [ 1359.021866][ T31] Call Trace: [ 1359.025303][ T31] [ 1359.028236][ T31] __schedule+0xfee/0x60e0 [ 1359.034702][ T31] ? __lock_acquire+0x4a5/0x2630 [ 1359.039649][ T31] ? __pfx___schedule+0x10/0x10 [ 1359.044763][ T31] ? find_held_lock+0x2b/0x80 [ 1359.049430][ T31] ? schedule+0x2bf/0x390 [ 1359.055860][ T31] schedule+0xdd/0x390 [ 1359.059925][ T31] schedule_preempt_disabled+0x13/0x30 [ 1359.066049][ T31] rwsem_down_read_slowpath+0x5dc/0xb30 [ 1359.071595][ T31] ? __pfx_rwsem_down_read_slowpath+0x10/0x10 [ 1359.078273][ T31] ? __pfx___might_resched+0x10/0x10 [ 1359.083765][ T31] down_read+0xed/0x460 [ 1359.087912][ T31] ? __pfx_down_read+0x10/0x10 [ 1359.092663][ T31] ? mnt_get_write_access+0x1e9/0x2f0 [ 1359.098396][ T31] path_openat+0xa16/0x31a0 [ 1359.102898][ T31] ? __pfx_path_openat+0x10/0x10 [ 1359.108055][ T31] do_file_open+0x20e/0x430 [ 1359.112565][ T31] ? __pfx_do_file_open+0x10/0x10 [ 1359.117905][ T31] ? alloc_fd+0x476/0x790 [ 1359.122235][ T31] ? do_getname+0x191/0x390 [ 1359.126999][ T31] do_sys_openat2+0x10d/0x1e0 [ 1359.131668][ T31] ? __pfx_do_sys_openat2+0x10/0x10 [ 1359.138805][ T31] __x64_sys_openat+0x12d/0x210 [ 1359.144043][ T31] ? __pfx___x64_sys_openat+0x10/0x10 [ 1359.149419][ T31] do_syscall_64+0x106/0xf80 [ 1359.154301][ T31] ? clear_bhb_loop+0x40/0x90 [ 1359.158973][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1359.166528][ T31] RIP: 0033:0x7f02fd99c629 [ 1359.170932][ T31] RSP: 002b:00007f02fe8fe028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1359.179813][ T31] RAX: ffffffffffffffda RBX: 00007f02fdc15fa0 RCX: 00007f02fd99c629 [ 1359.188252][ T31] RDX: 0000000000048081 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 1359.196485][ T31] RBP: 00007f02fda32b39 R08: 0000000000000000 R09: 0000000000000000 [ 1359.204747][ T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1359.212969][ T31] R13: 00007f02fdc16038 R14: 00007f02fdc15fa0 R15: 00007ffd6ad79fa8 [ 1359.220945][ T31] [ 1359.231618][ T31] [ 1359.231618][ T31] Showing all locks held in the system: [ 1359.242088][ T31] 1 lock held by khungtaskd/31: [ 1359.247141][ T31] #0: ffffffff8e7e9220 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x3d/0x184 [ 1359.257215][ T31] 6 locks held by kworker/u10:31/22699: [ 1359.262962][ T31] #0: ffff88801c6ae948 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x1287/0x1920 [ 1359.274927][ T31] #1: ffffc900052f7d08 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x93c/0x1920 [ 1359.285187][ T31] #2: ffffffff905f95d0 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xb8/0x920 [ 1359.295134][ T31] #3: ffff88804a1ea0e8 (&dev->mutex){....}-{4:4}, at: devlink_pernet_pre_exit+0x185/0x330 [ 1359.305921][ T31] #4: ffff88804a1e9250 (&devlink->lock_key#5){+.+.}-{4:4}, at: devlink_pernet_pre_exit+0x18f/0x330 [ 1359.316954][ T31] #5: ffff888081a51a70 (&sb->s_type->i_mutex_key#10/2){+.+.}-{4:4}, at: __simple_recursive_removal+0xe0/0x5c0 [ 1359.328902][ T31] 2 locks held by getty/23723: [ 1359.333844][ T31] #0: ffff8880380ba0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80 [ 1359.345455][ T31] #1: ffffc900041cb2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x419/0x1500 [ 1359.355773][ T31] 5 locks held by syz-executor/26958: [ 1359.361142][ T31] #0: ffff888037202420 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 [ 1359.370398][ T31] #1: ffff888037843888 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x2c2/0x5f0 [ 1359.380359][ T31] #2: ffff88802a25d3c8 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x332/0x5f0 [ 1359.394301][ T31] #3: ffffffff8fb6a748 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x480 [ 1359.405079][ T31] #4: ffff88804a1ea0e8 (&dev->mutex){....}-{4:4}, at: device_del+0xa0/0x9b0 [ 1359.414187][ T31] 3 locks held by syz.0.4683/26990: [ 1359.419365][ T31] #0: ffff8880345242b8 (&f->f_pos_lock){+.+.}-{4:4}, at: fdget_pos+0x2aa/0x380 [ 1359.428699][ T31] #1: ffff88802028c420 (sb_writers#8){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 [ 1359.437958][ T31] #2: ffff88804a1e9250 (&devlink->lock_key#5){+.+.}-{4:4}, at: devlink_health_report+0x681/0xb50 [ 1359.450710][ T31] 2 locks held by syz.3.4699/27050: [ 1359.456244][ T31] #0: ffff88802028c420 (sb_writers#8){.+.+}-{0:0}, at: path_openat+0x9b1/0x31a0 [ 1359.465911][ T31] #1: ffff888081a51a70 (&sb->s_type->i_mutex_key#18){++++}-{4:4}, at: path_openat+0xa16/0x31a0 [ 1359.476595][ T31] 4 locks held by syz-executor/27172: [ 1359.482474][ T31] #0: ffff888037202420 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 [ 1359.491651][ T31] #1: ffff888032c8f888 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x2c2/0x5f0 [ 1359.503139][ T31] #2: ffff88802a25d3c8 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x332/0x5f0 [ 1359.513636][ T31] #3: ffffffff8fb6a748 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x480 [ 1359.524107][ T31] 4 locks held by syz-executor/27237: [ 1359.529472][ T31] #0: ffff888037202420 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 [ 1359.538729][ T31] #1: ffff88805bb5bc88 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x2c2/0x5f0 [ 1359.551434][ T31] #2: ffff88802a25d3c8 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x332/0x5f0 [ 1359.561641][ T31] #3: ffffffff8fb6a748 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x480 [ 1359.572103][ T31] 4 locks held by syz-executor/27615: [ 1359.577467][ T31] #0: ffff888037202420 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 [ 1359.586674][ T31] #1: ffff88804c1be088 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x2c2/0x5f0 [ 1359.596632][ T31] #2: ffff88802a25d3c8 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x332/0x5f0 [ 1359.606813][ T31] #3: ffffffff8fb6a748 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x480 [ 1359.618886][ T31] 4 locks held by syz-executor/27792: [ 1359.628092][ T31] #0: ffff888037202420 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 [ 1359.637262][ T31] #1: ffff888029db2c88 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x2c2/0x5f0 [ 1359.648887][ T31] #2: ffff88802a25d3c8 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x332/0x5f0 [ 1359.659131][ T31] #3: ffffffff8fb6a748 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x480 [ 1359.669574][ T31] 4 locks held by syz-executor/27833: [ 1359.675141][ T31] #0: ffff888037202420 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 [ 1359.684344][ T31] #1: ffff888035ae9c88 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x2c2/0x5f0 [ 1359.694273][ T31] #2: ffff88802a25d3c8 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x332/0x5f0 [ 1359.706454][ T31] #3: ffffffff8fb6a748 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x480 [ 1359.716963][ T31] 4 locks held by syz-executor/28194: [ 1359.724475][ T31] #0: ffff888037202420 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 [ 1359.733942][ T31] #1: ffff888033da0888 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x2c2/0x5f0 [ 1359.743878][ T31] #2: ffff88802a25d3c8 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x332/0x5f0 [ 1359.755727][ T31] #3: ffffffff8fb6a748 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x480 [ 1359.766202][ T31] 4 locks held by syz-executor/28412: [ 1359.771764][ T31] #0: ffff888037202420 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 [ 1359.781788][ T31] #1: ffff88808719bc88 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x2c2/0x5f0 [ 1359.791745][ T31] #2: ffff88802a25d3c8 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x332/0x5f0 [ 1359.801939][ T31] #3: ffffffff8fb6a748 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x480 [ 1359.812413][ T31] 4 locks held by syz-executor/28488: [ 1359.817765][ T31] #0: ffff888037202420 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 [ 1359.827004][ T31] #1: ffff88803eb9f088 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x2c2/0x5f0 [ 1359.838549][ T31] #2: ffff88802a25d3c8 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x332/0x5f0 [ 1359.850741][ T31] #3: ffffffff8fb6a748 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x480 [ 1359.862633][ T31] [ 1359.864946][ T31] ============================================= [ 1359.864946][ T31] [ 1359.874955][ T31] NMI backtrace for cpu 0 [ 1359.874969][ T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Tainted: G U L syzkaller #0 PREEMPT(full) [ 1359.874991][ T31] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1359.874996][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1359.875006][ T31] Call Trace: [ 1359.875011][ T31] [ 1359.875017][ T31] dump_stack_lvl+0x100/0x190 [ 1359.875040][ T31] nmi_cpu_backtrace.cold+0x12d/0x151 [ 1359.875064][ T31] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 1359.875086][ T31] nmi_trigger_cpumask_backtrace+0x1d7/0x230 [ 1359.875110][ T31] sys_info+0x141/0x190 [ 1359.875128][ T31] watchdog+0xd25/0x1050 [ 1359.875147][ T31] ? __pfx_watchdog+0x10/0x10 [ 1359.875161][ T31] ? __kthread_parkme+0x18c/0x230 [ 1359.875179][ T31] ? kthread+0x13a/0x450 [ 1359.875197][ T31] ? __pfx_watchdog+0x10/0x10 [ 1359.875209][ T31] kthread+0x370/0x450 [ 1359.875227][ T31] ? __pfx_kthread+0x10/0x10 [ 1359.875246][ T31] ret_from_fork+0x754/0xd80 [ 1359.875269][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 1359.875291][ T31] ? __switch_to+0x7b4/0x1120 [ 1359.875307][ T31] ? __pfx_kthread+0x10/0x10 [ 1359.875327][ T31] ret_from_fork_asm+0x1a/0x30 [ 1359.875351][ T31] [ 1360.002027][ T31] Kernel panic - not syncing: hung_task: blocked tasks [ 1360.008868][ T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Tainted: G U L syzkaller #0 PREEMPT(full) [ 1360.019526][ T31] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1360.024692][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1360.034725][ T31] Call Trace: [ 1360.037984][ T31] [ 1360.040896][ T31] dump_stack_lvl+0x100/0x190 [ 1360.045561][ T31] vpanic+0x552/0x970 [ 1360.049525][ T31] ? __pfx_vpanic+0x10/0x10 [ 1360.054007][ T31] ? nmi_trigger_cpumask_backtrace+0x182/0x230 [ 1360.060152][ T31] panic+0xd1/0xe0 [ 1360.063852][ T31] ? __pfx_panic+0x10/0x10 [ 1360.068250][ T31] ? nmi_trigger_cpumask_backtrace+0x1b5/0x230 [ 1360.074388][ T31] ? nmi_trigger_cpumask_backtrace+0x1f6/0x230 [ 1360.080525][ T31] ? nmi_trigger_cpumask_backtrace+0x200/0x230 [ 1360.086663][ T31] ? watchdog.cold+0x198/0x1ca [ 1360.091410][ T31] ? watchdog+0xd35/0x1050 [ 1360.095808][ T31] watchdog.cold+0x1a9/0x1ca [ 1360.100383][ T31] ? __pfx_watchdog+0x10/0x10 [ 1360.105038][ T31] ? __kthread_parkme+0x18c/0x230 [ 1360.110044][ T31] ? kthread+0x13a/0x450 [ 1360.114267][ T31] ? __pfx_watchdog+0x10/0x10 [ 1360.118922][ T31] kthread+0x370/0x450 [ 1360.122972][ T31] ? __pfx_kthread+0x10/0x10 [ 1360.127547][ T31] ret_from_fork+0x754/0xd80 [ 1360.132124][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 1360.137221][ T31] ? __switch_to+0x7b4/0x1120 [ 1360.141877][ T31] ? __pfx_kthread+0x10/0x10 [ 1360.146453][ T31] ret_from_fork_asm+0x1a/0x30 [ 1360.151207][ T31] [ 1360.154257][ T31] Kernel Offset: disabled [ 1360.158566][ T31] Rebooting in 86400 seconds..