last executing test programs: 3.805524658s ago: executing program 1 (id=2): ioctl$auto_USB_RAW_IOCTL_EVENT_FETCH(0xffffffffffffffff, 0x80085502, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) r0 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) write$auto(0xffffffffffffffff, 0x0, 0xa) mmap$auto(0x0, 0x2020009, 0x203, 0xeb1, 0xfffffffffffffffa, 0x8000) unshare$auto(0x40000080) dup2$auto(r0, r0) 3.21087136s ago: executing program 3 (id=4): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_NL802154_CMD_SET_PAN_ID(0xffffffffffffffff, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000000)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16, @ANYBLOB="010027bd7000fddbdf250a"], 0x24}, 0x1, 0x0, 0x0, 0x4088}, 0x20000010) r0 = socket(0x29, 0x2, 0x0) r1 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200", @ANYBLOB="5de1"], 0x1ac}}, 0x40000) recvmmsg$auto(r1, &(0x7f0000000040)={{0x0, 0x5, 0x0, 0x5, 0x0, 0x200002, 0x13}, 0x6}, 0xfffffff9, 0x10, 0x0) ioctl$auto(r0, 0x8922, 0x24) 3.200858414s ago: executing program 2 (id=12): openat$auto_msr_fops_msr(0xffffffffffffff9c, 0x0, 0x8142, 0x0) mmap$auto(0x0, 0xfb1, 0xffffffff, 0x9b72, 0x2, 0x8000) io_uring_setup$auto(0x3, 0x0) close_range$auto(0x2, 0xffffffffffffffff, 0x0) open(0x0, 0x22240, 0x55) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0xc8e03, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$auto(0x3, 0x80026f48, r0) 2.855744702s ago: executing program 1 (id=5): socket(0x28, 0x80000, 0x0) semctl$auto_GETPID(0xfffffffc, 0x1, 0xb, 0x6) unshare$auto(0x40000080) fchown$auto(0xffffffffffffffff, 0x0, 0xffffffffffffffff) r0 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) write$auto(r0, &(0x7f0000000180)='7\x00\\\xa0\x04|4\x00\x00\x03\x00\x00\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\x00rRVr\xc4O\xdc1\x9b%\x10Z\'\xb9\'\xa3stC=\x85\xc6\xf6\x13 \xeb\xff%\x11\x82\x05\xdfV\x02\xca&\xd8$<\xab&\xc8B-\xcc\x15\x04&\x13;\xfe\xbdQ\xaa\x16o\x1f\xc7\x94\xa3\xc9\x9a\xe1d\xf5\n\xe2\x88\x84\vT?\x98\xa2\x00'/206, 0x5) mount$auto(&(0x7f0000000080)='pim6reg\x00', 0x0, &(0x7f0000000140)=':\x00', 0x5, &(0x7f00000002c0)) 2.855030382s ago: executing program 0 (id=14): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0x8000000000000001, 0x15) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) socket(0x10, 0x2, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r0 = open(&(0x7f0000000100)='.\x00', 0x595002, 0x408) unshare$auto(0x40000080) linkat$auto(r0, 0x0, 0xffffffffffffff9c, &(0x7f0000000080)='&&\x00', 0x1000) 2.854192939s ago: executing program 2 (id=15): mmap$auto(0x0, 0x3, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_ftrace_subsystem_filter_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/tracing/events/vmalloc/filter\x00', 0x2000, 0x0) io_uring_setup$auto(0x6, 0x0) io_uring_setup$auto(0x40, &(0x7f00000001c0)={0x4001, 0xff, 0x10000, 0xfffffffb, 0x0, 0x0, 0xffffffffffffffff, [0x0, 0xf491, 0x3], {0x3, 0x1000, 0x1000004, 0x1, 0x4, 0x3, 0x100003ff, 0x200003, 0xffff}, {0x4, 0x9, 0x7, 0x2, 0x2, 0xffff13a7, 0xd, 0x449e, 0x8000000}}) r0 = socket(0x11, 0x80003, 0x300) setsockopt$auto(r0, 0x107, 0xf, 0x0, 0x6) capset$auto(0x0, &(0x7f0000000000)={0x2, 0xc, 0x5a}) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000000), 0x205ac, &(0x7f0000000100)={&(0x7f0000000200), 0x1f}, 0x5, 0x0, 0x5, 0x4}, 0x20000005}, 0x5, 0xcae) 2.242274657s ago: executing program 3 (id=6): mmap$auto(0x0, 0x1ff, 0xa, 0x1000000000000eb1, 0xfffffffffffffffa, 0x8000) ftruncate$auto(0x3, 0x700) rename$auto(0x0, 0x0) r0 = openat$auto_nsim_pp_hold_fops_netdev(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/kernel/debug/netdevsim/netdevsim1/ports/1/pp_hold\x00', 0x2, 0x0) sendto$auto(0xffffffffffffffff, 0xfffffffffffffffe, 0x1, 0xffffdace, 0x0, 0x81) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r1, 0x0, 0x20) write$auto(r0, 0x0, 0xff) 2.241387166s ago: executing program 2 (id=17): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) ioctl$auto_BLKALIGNOFF(0xffffffffffffffff, 0x127a, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x2) r0 = eventfd$auto(0x1004) r1 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$auto_VHOST_SET_OWNER(r1, 0xaf01, 0x5) ioctl$auto(r1, 0x4004af07, r0) close_range$auto(0x0, 0xffffffffffffffff, 0x2) 2.133590889s ago: executing program 1 (id=7): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000200)='/sys/devices/platform/i8042/serio0/extra\x00', 0x10b542, 0x0) r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace$auto(0xc, r0, 0x9, 0xfffffffffffff6de) unshare$auto(0x40000080) mmap$auto(0x0, 0x2000c, 0xdf, 0x20eb1, 0x40000000000a5, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/system/cpu/cpu1/online\x00', 0x62, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x20900, 0x0) write$auto(0x3, 0x0, 0xfdef) 1.983054981s ago: executing program 0 (id=8): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0) write$auto(0x3, 0x0, 0x100082) recvfrom$auto(0x4, 0x0, 0x101d0, 0x3ffffd, 0x0, 0x0) sendmsg$auto_GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x14}, 0x1, 0x0, 0x0, 0x8010}, 0x24004141) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="1100000012"], 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x400c000) sendmmsg$auto(0x3, &(0x7f0000000000)={{0x0, 0x2, 0x0, 0x106, 0x0, 0x1, 0x3}, 0xed7138c}, 0x7, 0x3f00) write$auto(0x3, 0x0, 0x5c8) 1.934717005s ago: executing program 2 (id=9): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) connect$auto(0x4, 0x0, 0x10) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) select$auto(0x6, 0x0, &(0x7f0000000080)={[0x8, 0xc0b, 0x6, 0x16, 0x5, 0x100000003, 0xc, 0x9, 0x7, 0x1, 0x7ff, 0xd59, 0x101, 0x6, 0xfffffffffffffffe, 0x80000001]}, 0x0, 0x0) read$auto(0x4, 0x0, 0xfdef) 1.797165239s ago: executing program 3 (id=10): unshare$auto(0x40000080) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x0, 0x5, 0x5) madvise$auto(0x0, 0xffffffffffff0001, 0x15) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = open(&(0x7f0000000000)='./file0\x00', 0x4242, 0xe1d2b27bdc14aabc) fallocate$auto(r0, 0x0, 0x7, 0x4cbd5d) io_pgetevents$auto(0x8, 0xfefffffffffffffb, 0x402, 0x0, 0x0, 0x0) 1.752592996s ago: executing program 0 (id=11): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x9, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/mtdblock0\x00', 0x14f602, 0x0) mmap$auto(0x0, 0x6, 0xffe, 0x8000000008011, 0x3, 0x0) madvise$auto(0x0, 0xffffffffffff0001, 0x15) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) 1.196650201s ago: executing program 0 (id=13): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) open(0x0, 0x2a4c0, 0x20) prctl$auto(0x29, 0x17000000, 0x0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) memfd_create$auto(0x0, 0xe) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ram10\x00', 0x60742, 0x0) write$auto(r0, &(0x7f0000000000)='//\xf2\x00', 0x80000000) mmap$auto(0x0, 0x810006, 0xffb, 0x8000000008011, 0x3, 0x0) 1.114748013s ago: executing program 1 (id=16): mmap$auto(0x0, 0x2000c, 0xdf, 0x20eb1, 0x40000000000a5, 0x8000) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x400c000) socket(0x29, 0x2, 0x0) write$auto(0xca, &(0x7f0000000000)='\x04>\x01\x01\x00\x00\x00\x00\x01_\x9e\x99:R\xcc\x96\b\'\x02\xb0\x93l\xeb\x87\r\b\x87\x14\xf8e6\x9c%\xb6\x9a\\S\xa2(Q\xcc', 0x7f) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c03, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) io_uring_setup$auto(0x6, 0x0) bpf$auto(0x1, &(0x7f0000000000)=@test={0xffffffffffffffff, 0x8000, 0xf9c, 0x466, 0x9, 0x3, 0x4, 0x2, 0x4, 0x200, 0x3, 0xb6, 0x4, 0x6, 0x9}, 0xa3) writev$auto(0xca, &(0x7f0000000080)={&(0x7f0000000040), 0x1}, 0x7e) 991.10676ms ago: executing program 1 (id=18): mmap$auto(0x0, 0x402000c, 0xdd, 0xcb1, 0xffffffffffffffff, 0x8000) syz_genetlink_get_family_id$auto_l2tp(0x0, 0xffffffffffffffff) r0 = open(&(0x7f0000000100)='.\x00', 0x595002, 0x408) write$auto(r0, 0x0, 0xfffffdf1) linkat$auto(r0, 0x0, 0xffffffffffffff9c, &(0x7f0000000080)='&&\x00', 0x1000) mount$auto(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x8, 0x0) mkdir$auto(&(0x7f0000000100)='}[,&*}\x00', 0x8001) mprotect$auto(0x0, 0x8000000000000001, 0x8) 884.305365ms ago: executing program 3 (id=19): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mremap$auto(0x200000001000, 0x8, 0x37, 0x3, 0x110c230000) setsockopt$auto(0x3, 0x10000000084, 0x2, 0x0, 0x8) mlockall$auto(0x7) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) mremap$auto(0x4000, 0xfee0, 0x3fd6, 0x3, 0x0) r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dsp1\x00', 0x20b42, 0x0) write$auto(r0, 0x0, 0x800000008) 415.080236ms ago: executing program 0 (id=20): mmap$auto(0x0, 0xa00006, 0x400002, 0x40eb1, 0x602, 0x300000000000) ioctl$auto(0xffffffffffffffff, 0xc0845658, 0xffffffffffffffff) unshare$auto(0x40000080) r0 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x40e00, 0x0) ioctl$auto_PPPIOCSMRU(r0, 0xc004743e, 0x0) r1 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000300), 0x60081, 0x0) ioctl$auto_PPPIOCATTACH(r1, 0x4004743d, 0x0) close_range$auto(0x2, 0x8, 0x0) 413.996321ms ago: executing program 2 (id=21): openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) mmap$auto(0x0, 0x9, 0xc00000072, 0x8b72, 0x1000000002, 0x8000) move_pages$auto(0x1, 0x2000000000003, 0x0, 0x0, 0x0, 0x8000400000000000) ioctl$auto(0x3, 0x400454ca, 0x38) mmap$auto(0x0, 0x8, 0x8, 0xeb1, 0xffffffffffffffff, 0xa800000000000000) r0 = syz_genetlink_get_family_id$auto_nfc(0x0, 0xffffffffffffffff) sendmsg$auto_NFC_CMD_DEV_UP(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x14, r0, 0x100, 0x70bd2c, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x24000010}, 0x20000804) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x6}, 0x8) 367.885628ms ago: executing program 1 (id=22): mmap$auto(0x0, 0x2020009, 0x7, 0x2000000000000eb1, 0xfffffffffffffffa, 0x8000) syz_genetlink_get_family_id$auto_l2tp(0x0, 0xffffffffffffffff) r0 = open(&(0x7f0000000100)='.\x00', 0x595002, 0x408) write$auto(r0, 0x0, 0xfffffdf1) linkat$auto(r0, 0x0, 0xffffffffffffff9c, &(0x7f0000000080)='&&\x00', 0x1000) mknod$auto(&(0x7f0000000180)=':,\x00', 0xcb, 0xfffffffa) execve$auto(&(0x7f0000000000)=':,\x00', 0x0, 0x0) mprotect$auto(0x0, 0x8000000000000001, 0x8) 135.443963ms ago: executing program 2 (id=23): close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0) write$auto(0x4, 0x0, 0x100082) mmap$auto(0x0, 0x6, 0x4000002, 0x40eb2, 0xffffffffffffffff, 0x308000000000) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) recvfrom$auto(0x4, 0x0, 0x101d0, 0x3ffffd, 0x0, 0x0) 0s ago: executing program 0 (id=24): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000200)='/sys/devices/platform/i8042/serio0/extra\x00', 0x10b542, 0x0) r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace$auto(0x10, r0, 0x1, 0x7ff) ptrace$auto(0xc, r0, 0x9, 0xfffffffffffff6de) unshare$auto(0x40000080) mmap$auto(0x0, 0x2000c, 0xdf, 0x20eb1, 0x40000000000a5, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/system/cpu/cpu1/online\x00', 0x62, 0x0) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.40' (ED25519) to the list of known hosts. [ 92.144121][ T5615] cgroup: Unknown subsys name 'net' [ 92.284481][ T5615] cgroup: Unknown subsys name 'cpuset' [ 92.293678][ T5615] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 94.071875][ T5615] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 96.052273][ T5631] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 96.071988][ T5631] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 96.079843][ T5631] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 96.090344][ T5631] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 96.110238][ T5631] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 96.157365][ T5631] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 96.195130][ T5639] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 96.203101][ T5639] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 96.215033][ T5639] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 96.223542][ T5639] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 96.231054][ T5643] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 96.239841][ T5639] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 96.240639][ T5643] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 96.257435][ T5643] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 96.268793][ T5645] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 96.272320][ T5643] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 96.279457][ T5645] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 96.284146][ T5643] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 96.300151][ T5643] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 96.308344][ T5645] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 97.204777][ T10] cfg80211: failed to load regulatory.db [ 97.946155][ T5634] bridge0: port 1(bridge_slave_0) entered blocking state [ 97.954450][ T5634] bridge0: port 1(bridge_slave_0) entered disabled state [ 97.961786][ T5634] bridge_slave_0: entered allmulticast mode [ 97.969397][ T5634] bridge_slave_0: entered promiscuous mode [ 98.008550][ T5634] bridge0: port 2(bridge_slave_1) entered blocking state [ 98.015769][ T5634] bridge0: port 2(bridge_slave_1) entered disabled state [ 98.023027][ T5634] bridge_slave_1: entered allmulticast mode [ 98.030251][ T5634] bridge_slave_1: entered promiscuous mode [ 98.066373][ T5636] bridge0: port 1(bridge_slave_0) entered blocking state [ 98.073684][ T5636] bridge0: port 1(bridge_slave_0) entered disabled state [ 98.081387][ T5636] bridge_slave_0: entered allmulticast mode [ 98.089006][ T5636] bridge_slave_0: entered promiscuous mode [ 98.121172][ T5636] bridge0: port 2(bridge_slave_1) entered blocking state [ 98.128462][ T5636] bridge0: port 2(bridge_slave_1) entered disabled state [ 98.135888][ T5636] bridge_slave_1: entered allmulticast mode [ 98.143321][ T5636] bridge_slave_1: entered promiscuous mode [ 98.169272][ T5631] Bluetooth: hci0: command tx timeout [ 98.207676][ T5634] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 98.224564][ T5630] bridge0: port 1(bridge_slave_0) entered blocking state [ 98.231786][ T5630] bridge0: port 1(bridge_slave_0) entered disabled state [ 98.239143][ T5630] bridge_slave_0: entered allmulticast mode [ 98.246543][ T5630] bridge_slave_0: entered promiscuous mode [ 98.268892][ T5634] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 98.289511][ T5630] bridge0: port 2(bridge_slave_1) entered blocking state [ 98.296711][ T5630] bridge0: port 2(bridge_slave_1) entered disabled state [ 98.305646][ T5630] bridge_slave_1: entered allmulticast mode [ 98.313353][ T5630] bridge_slave_1: entered promiscuous mode [ 98.322731][ T5636] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 98.331948][ T5631] Bluetooth: hci1: command tx timeout [ 98.373607][ T5636] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 98.393875][ T5635] bridge0: port 1(bridge_slave_0) entered blocking state [ 98.399876][ T5631] Bluetooth: hci2: command tx timeout [ 98.401691][ T5635] bridge0: port 1(bridge_slave_0) entered disabled state [ 98.408889][ T50] Bluetooth: hci3: command tx timeout [ 98.414477][ T5635] bridge_slave_0: entered allmulticast mode [ 98.426769][ T5635] bridge_slave_0: entered promiscuous mode [ 98.460093][ T5634] team0: Port device team_slave_0 added [ 98.465907][ T5635] bridge0: port 2(bridge_slave_1) entered blocking state [ 98.473190][ T5635] bridge0: port 2(bridge_slave_1) entered disabled state [ 98.481719][ T5635] bridge_slave_1: entered allmulticast mode [ 98.489381][ T5635] bridge_slave_1: entered promiscuous mode [ 98.500589][ T5630] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 98.512898][ T5630] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 98.535325][ T5634] team0: Port device team_slave_1 added [ 98.564989][ T5636] team0: Port device team_slave_0 added [ 98.608339][ T5636] team0: Port device team_slave_1 added [ 98.627073][ T5635] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 98.638891][ T5630] team0: Port device team_slave_0 added [ 98.656071][ T5634] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 98.663293][ T5634] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 98.689623][ T5634] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 98.703737][ T5635] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 98.714659][ T5630] team0: Port device team_slave_1 added [ 98.744285][ T5634] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 98.751341][ T5634] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 98.777344][ T5634] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 98.816691][ T5636] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 98.823986][ T5636] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 98.850121][ T5636] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 98.883284][ T5630] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 98.890460][ T5630] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 98.916507][ T5630] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 98.928555][ T5636] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 98.935608][ T5636] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 98.961636][ T5636] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 98.975914][ T5635] team0: Port device team_slave_0 added [ 98.982210][ T5630] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 98.989229][ T5630] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 99.015537][ T5630] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 99.047653][ T5635] team0: Port device team_slave_1 added [ 99.116526][ T5634] hsr_slave_0: entered promiscuous mode [ 99.123206][ T5634] hsr_slave_1: entered promiscuous mode [ 99.141912][ T5635] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 99.149173][ T5635] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 99.175308][ T5635] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 99.209097][ T5635] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 99.216109][ T5635] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 99.242513][ T5635] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 99.260347][ T5636] hsr_slave_0: entered promiscuous mode [ 99.266675][ T5636] hsr_slave_1: entered promiscuous mode [ 99.273011][ T5636] debugfs: 'hsr0' already exists in 'hsr' [ 99.278954][ T5636] Cannot create hsr debugfs directory [ 99.290349][ T5630] hsr_slave_0: entered promiscuous mode [ 99.297098][ T5630] hsr_slave_1: entered promiscuous mode [ 99.303602][ T5630] debugfs: 'hsr0' already exists in 'hsr' [ 99.309357][ T5630] Cannot create hsr debugfs directory [ 99.481884][ T5635] hsr_slave_0: entered promiscuous mode [ 99.488418][ T5635] hsr_slave_1: entered promiscuous mode [ 99.494654][ T5635] debugfs: 'hsr0' already exists in 'hsr' [ 99.500546][ T5635] Cannot create hsr debugfs directory [ 99.860619][ T5634] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 99.874513][ T5634] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 99.882697][ T5634] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 99.894944][ T5634] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 99.912977][ T5634] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 99.924628][ T5634] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 99.948756][ T5634] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 99.959297][ T5634] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 100.030549][ T5630] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 100.042210][ T5630] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 100.050677][ T5630] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 100.061550][ T5630] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 100.069428][ T5630] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 100.081209][ T5630] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 100.090247][ T5630] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 100.100968][ T5630] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 100.202385][ T5636] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 100.213674][ T5636] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 100.221948][ T5636] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 100.234269][ T5636] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 100.238687][ T50] Bluetooth: hci0: command tx timeout [ 100.263207][ T5636] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 100.273121][ T5636] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 100.281360][ T5636] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 100.292449][ T5636] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 100.373889][ T5635] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 100.383948][ T5635] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 100.393697][ T5635] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 100.401449][ T50] Bluetooth: hci1: command tx timeout [ 100.411685][ T5635] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 100.424758][ T5635] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 100.434670][ T5635] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 100.452912][ T5635] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 100.464181][ T5635] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 100.480332][ T50] Bluetooth: hci3: command tx timeout [ 100.481817][ T5631] Bluetooth: hci2: command tx timeout [ 100.561571][ T5634] 8021q: adding VLAN 0 to HW filter on device bond0 [ 100.604222][ T5634] 8021q: adding VLAN 0 to HW filter on device team0 [ 100.626398][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 100.633827][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 100.661289][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 100.668511][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 100.709120][ T5630] 8021q: adding VLAN 0 to HW filter on device bond0 [ 100.751015][ T5636] 8021q: adding VLAN 0 to HW filter on device bond0 [ 100.780402][ T5630] 8021q: adding VLAN 0 to HW filter on device team0 [ 100.810288][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 100.817650][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 100.854331][ T5636] 8021q: adding VLAN 0 to HW filter on device team0 [ 100.865144][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 100.872323][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 100.911996][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 100.919161][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 100.941967][ T5635] 8021q: adding VLAN 0 to HW filter on device bond0 [ 100.985503][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 100.992788][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 101.067176][ T5635] 8021q: adding VLAN 0 to HW filter on device team0 [ 101.102650][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 101.109870][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 101.143468][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 101.150696][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 102.012877][ T5634] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 102.194870][ T5630] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 102.213983][ T5634] veth0_vlan: entered promiscuous mode [ 102.266637][ T5634] veth1_vlan: entered promiscuous mode [ 102.321192][ T5631] Bluetooth: hci0: command tx timeout [ 102.426743][ T5636] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 102.439102][ T5634] veth0_macvtap: entered promiscuous mode [ 102.453992][ T5630] veth0_vlan: entered promiscuous mode [ 102.466778][ T5634] veth1_macvtap: entered promiscuous mode [ 102.488506][ T5631] Bluetooth: hci1: command tx timeout [ 102.496247][ T5635] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 102.508559][ T5630] veth1_vlan: entered promiscuous mode [ 102.530786][ T5634] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 102.554940][ T5634] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 102.562733][ T5631] Bluetooth: hci2: command tx timeout [ 102.568957][ T5631] Bluetooth: hci3: command tx timeout [ 102.598187][ T12] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.608905][ T12] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.626779][ T12] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.636758][ T12] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.672952][ T5630] veth0_macvtap: entered promiscuous mode [ 102.711127][ T5630] veth1_macvtap: entered promiscuous mode [ 102.736208][ T5636] veth0_vlan: entered promiscuous mode [ 102.763185][ T5636] veth1_vlan: entered promiscuous mode [ 102.805666][ T5630] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 102.859718][ T5630] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 102.884437][ T48] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 102.896127][ T5635] veth0_vlan: entered promiscuous mode [ 102.912418][ T48] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 102.946037][ T48] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.955651][ T48] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.969143][ T48] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.995684][ T48] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.016665][ T5635] veth1_vlan: entered promiscuous mode [ 103.032427][ T48] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 103.045275][ T5636] veth0_macvtap: entered promiscuous mode [ 103.047878][ T48] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 103.074247][ T5636] veth1_macvtap: entered promiscuous mode [ 103.168919][ T5636] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 103.182934][ T5634] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 103.213414][ T5636] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 103.236458][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 103.256249][ T5635] veth0_macvtap: entered promiscuous mode [ 103.262519][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 103.304150][ T12] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.321540][ T12] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.360707][ T12] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.374005][ T12] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.384487][ T5635] veth1_macvtap: entered promiscuous mode [ 103.412348][ T48] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 103.422305][ T48] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 103.465229][ T5635] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 103.505722][ T5635] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 103.546552][ T56] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.559990][ T56] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.607420][ T56] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.620235][ T56] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.682585][ T48] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 103.712252][ T48] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 103.813391][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 103.822438][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 103.905016][ T48] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 103.939799][ T48] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 104.024703][ T48] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 104.045089][ T48] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 104.398272][ T5631] Bluetooth: hci0: command tx timeout [ 104.558832][ T5631] Bluetooth: hci1: command tx timeout [ 104.649317][ T5631] Bluetooth: hci3: command tx timeout [ 104.649360][ T50] Bluetooth: hci2: command tx timeout [ 104.693055][ T5798] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 104.743189][ T5801] FAULT_INJECTION: forcing a failure. [ 104.743189][ T5801] name failslab, interval 1, probability 0, space 0, times 1 [ 104.777180][ T5801] CPU: 1 UID: 0 PID: 5801 Comm: syz.1.5 Not tainted syzkaller #0 PREEMPT(full) [ 104.777218][ T5801] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 104.777241][ T5801] Call Trace: [ 104.777251][ T5801] [ 104.777262][ T5801] dump_stack_lvl+0x100/0x190 [ 104.777307][ T5801] should_fail_ex.cold+0x5/0xa [ 104.777346][ T5801] should_failslab+0xc2/0x120 [ 104.777388][ T5801] __kmalloc_cache_noprof+0x91/0x6c0 [ 104.777421][ T5801] ? copy_mount_options+0x55/0x190 [ 104.777467][ T5801] copy_mount_options+0x55/0x190 [ 104.777508][ T5801] __x64_sys_mount+0x1ab/0x310 [ 104.777543][ T5801] ? __pfx___x64_sys_mount+0x10/0x10 [ 104.777585][ T5801] do_syscall_64+0x115/0x840 [ 104.777623][ T5801] ? clear_bhb_loop+0x40/0x90 [ 104.777660][ T5801] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 104.777691][ T5801] RIP: 0033:0x7fbe6879ce59 [ 104.777721][ T5801] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 104.777750][ T5801] RSP: 002b:00007fbe695ce028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 104.777783][ T5801] RAX: ffffffffffffffda RBX: 00007fbe68a16090 RCX: 00007fbe6879ce59 [ 104.777802][ T5801] RDX: 0000200000000140 RSI: 0000000000000000 RDI: 0000200000000080 [ 104.777821][ T5801] RBP: 00007fbe68832e6f R08: 00002000000002c0 R09: 0000000000000000 [ 104.777837][ T5801] R10: 0000000000000005 R11: 0000000000000246 R12: 0000000000000000 [ 104.777854][ T5801] R13: 00007fbe68a16128 R14: 00007fbe68a16090 R15: 00007fffb87d8038 [ 104.777888][ T5801] [ 106.445381][ T50] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 106.457138][ T50] Bluetooth: hci0: unexpected event 0x08 length: 44 > 4 [ 107.569640][ T5859] process 'syz.1.22' launched ':,' with NULL argv: empty string added [ 108.478203][ T5631] Bluetooth: hci0: command 0x2016 tx timeout [ 108.486291][ T5631] ------------[ cut here ]------------ [ 108.491949][ T5631] refcnt < 0 [ 108.491968][ T5631] WARNING: net/bluetooth/hci_conn.c:631 at hci_conn_timeout+0x16a/0x230, CPU#1: kworker/u9:2/5631 [ 108.506336][ T5631] Modules linked in: [ 108.510847][ T5631] CPU: 1 UID: 0 PID: 5631 Comm: kworker/u9:2 Not tainted syzkaller #0 PREEMPT(full) [ 108.520480][ T5631] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 108.530642][ T5631] Workqueue: hci0 hci_conn_timeout [ 108.535821][ T5631] RIP: 0010:hci_conn_timeout+0x16a/0x230 [ 108.541592][ T5631] Code: 44 0f b6 2d 7b ec 46 06 31 ff 41 83 e5 40 44 89 ee e8 8a 78 78 f7 45 84 ed 0f 84 02 ff ff ff e9 00 b1 e0 f6 e8 67 7e 78 f7 90 <0f> 0b 90 e8 5e 7e 78 f7 48 8d bb fd f5 ff ff 48 b8 00 00 00 00 00 [ 108.561444][ T5631] RSP: 0018:ffffc90003e17c18 EFLAGS: 00010293 [ 108.567565][ T5631] RAX: 0000000000000000 RBX: ffff88802d878a40 RCX: ffffffff8a905c5f [ 108.575655][ T5631] RDX: ffff88807bb00000 RSI: ffffffff8a905d59 RDI: ffff88807bb00000 [ 108.584375][ T5631] RBP: 00000000ffffffff R08: 0000000000000005 R09: 0000000000000000 [ 108.592419][ T5631] R10: 00000000ffffffff R11: 000000000000751b R12: ffff88802d878000 [ 108.600493][ T5631] R13: ffff88807bb004c4 R14: ffffffff90dbe344 R15: 0000000000000000 [ 108.608970][ T5631] FS: 0000000000000000(0000) GS:ffff8881243f0000(0000) knlGS:0000000000000000 [ 108.617947][ T5631] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 108.625063][ T5631] CR2: 00007f6a29dea2f8 CR3: 000000005edea000 CR4: 00000000003526f0 [ 108.633142][ T5631] Call Trace: [ 108.636433][ T5631] [ 108.639571][ T5631] process_one_work+0xa23/0x1940 [ 108.644591][ T5631] ? __pfx_process_one_work+0x10/0x10 [ 108.650067][ T5631] ? __pfx_hci_conn_timeout+0x10/0x10 [ 108.655508][ T5631] worker_thread+0x5ef/0xe50 [ 108.660232][ T5631] ? __pfx_worker_thread+0x10/0x10 [ 108.665414][ T5631] ? kthread+0x13a/0x450 [ 108.669745][ T5631] ? __pfx_worker_thread+0x10/0x10 [ 108.674928][ T5631] kthread+0x370/0x450 [ 108.679086][ T5631] ? __pfx_kthread+0x10/0x10 [ 108.683741][ T5631] ret_from_fork+0x72b/0xd50 [ 108.688454][ T5631] ? __pfx_ret_from_fork+0x10/0x10 [ 108.693623][ T5631] ? __switch_to+0x800/0x10f0 [ 108.698386][ T5631] ? __switch_to_asm+0x39/0x70 [ 108.703220][ T5631] ? __pfx_kthread+0x10/0x10 [ 108.708411][ T5631] ret_from_fork_asm+0x1a/0x30 [ 108.713262][ T5631] [ 108.716340][ T5631] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 108.723655][ T5631] CPU: 1 UID: 0 PID: 5631 Comm: kworker/u9:2 Not tainted syzkaller #0 PREEMPT(full) [ 108.733150][ T5631] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 108.743245][ T5631] Workqueue: hci0 hci_conn_timeout [ 108.748387][ T5631] Call Trace: [ 108.751672][ T5631] [ 108.754644][ T5631] dump_stack_lvl+0x100/0x190 [ 108.759395][ T5631] vpanic+0x552/0x970 [ 108.763458][ T5631] ? __pfx_vpanic+0x10/0x10 [ 108.768010][ T5631] panic+0xd1/0xe0 [ 108.771754][ T5631] ? __pfx_panic+0x10/0x10 [ 108.776234][ T5631] ? check_panic_on_warn+0x1f/0x90 [ 108.781383][ T5631] check_panic_on_warn.cold+0x19/0x34 [ 108.786772][ T5631] ? hci_conn_timeout+0x16a/0x230 [ 108.791829][ T5631] __warn.cold+0x191/0x318 [ 108.796282][ T5631] __report_bug+0x30f/0x440 [ 108.800814][ T5631] ? hci_conn_timeout+0x16a/0x230 [ 108.805867][ T5631] ? __pfx___report_bug+0x10/0x10 [ 108.810933][ T5631] ? add_lock_to_list+0x99/0x110 [ 108.815920][ T5631] ? check_prev_add+0x354/0xe60 [ 108.820819][ T5631] ? hci_conn_timeout+0x16a/0x230 [ 108.825869][ T5631] report_bug+0xb2/0x220 [ 108.830182][ T5631] ? hci_conn_timeout+0x16a/0x230 [ 108.835242][ T5631] handle_bug+0x16a/0x2a0 [ 108.839634][ T5631] exc_invalid_op+0x17/0x50 [ 108.844181][ T5631] asm_exc_invalid_op+0x1a/0x20 [ 108.849059][ T5631] RIP: 0010:hci_conn_timeout+0x16a/0x230 [ 108.854748][ T5631] Code: 44 0f b6 2d 7b ec 46 06 31 ff 41 83 e5 40 44 89 ee e8 8a 78 78 f7 45 84 ed 0f 84 02 ff ff ff e9 00 b1 e0 f6 e8 67 7e 78 f7 90 <0f> 0b 90 e8 5e 7e 78 f7 48 8d bb fd f5 ff ff 48 b8 00 00 00 00 00 [ 108.874392][ T5631] RSP: 0018:ffffc90003e17c18 EFLAGS: 00010293 [ 108.880501][ T5631] RAX: 0000000000000000 RBX: ffff88802d878a40 RCX: ffffffff8a905c5f [ 108.888722][ T5631] RDX: ffff88807bb00000 RSI: ffffffff8a905d59 RDI: ffff88807bb00000 [ 108.896722][ T5631] RBP: 00000000ffffffff R08: 0000000000000005 R09: 0000000000000000 [ 108.904736][ T5631] R10: 00000000ffffffff R11: 000000000000751b R12: ffff88802d878000 [ 108.912737][ T5631] R13: ffff88807bb004c4 R14: ffffffff90dbe344 R15: 0000000000000000 [ 108.920745][ T5631] ? hci_conn_timeout+0x6f/0x230 [ 108.925719][ T5631] ? hci_conn_timeout+0x169/0x230 [ 108.930786][ T5631] ? hci_conn_timeout+0x169/0x230 [ 108.935846][ T5631] process_one_work+0xa23/0x1940 [ 108.940866][ T5631] ? __pfx_process_one_work+0x10/0x10 [ 108.946302][ T5631] ? __pfx_hci_conn_timeout+0x10/0x10 [ 108.951723][ T5631] worker_thread+0x5ef/0xe50 [ 108.956403][ T5631] ? __pfx_worker_thread+0x10/0x10 [ 108.961569][ T5631] ? kthread+0x13a/0x450 [ 108.965848][ T5631] ? __pfx_worker_thread+0x10/0x10 [ 108.971003][ T5631] kthread+0x370/0x450 [ 108.975120][ T5631] ? __pfx_kthread+0x10/0x10 [ 108.979756][ T5631] ret_from_fork+0x72b/0xd50 [ 108.984460][ T5631] ? __pfx_ret_from_fork+0x10/0x10 [ 108.989614][ T5631] ? __switch_to+0x800/0x10f0 [ 108.994321][ T5631] ? __switch_to_asm+0x39/0x70 [ 108.999138][ T5631] ? __pfx_kthread+0x10/0x10 [ 109.003773][ T5631] ret_from_fork_asm+0x1a/0x30 [ 109.008609][ T5631] [ 109.012274][ T5631] Kernel Offset: disabled [ 109.016618][ T5631] Rebooting in 86400 seconds..