last executing test programs: 3.208711478s ago: executing program 3 (id=160): r0 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video36\x00', 0x8a603, 0x0) select$auto(0x7, 0x0, &(0x7f0000000080)={[0x8, 0xc0b, 0x8, 0x5, 0x1001, 0xffffffffffffffff, 0xf, 0x1000, 0xb, 0x1, 0xced80000000000, 0x749e, 0x6, 0x0, 0x1, 0x7fffffff]}, 0x0, 0x0) ioctl$auto(r0, 0x5646, r0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/fs/ext4/sda1/last_error_block\x00', 0x20880, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r2, &(0x7f00000000c0)=""/17, 0x11) capset$auto(&(0x7f0000000100)={0x20080522}, 0x0) r3 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sda\x00', 0x40000, 0x0) ioctl$auto_IOC_PR_RESERVE(r3, 0x401070c9, 0x0) r4 = syz_genetlink_get_family_id$auto_macsec(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$auto_MACSEC_CMD_UPD_RXSC(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)={0x1c, r4, 0x201, 0x70bd2a, 0x25dfdbfe, {}, [@MACSEC_ATTR_RXSC_CONFIG={0x4}, @MACSEC_ATTR_OFFLOAD={0x4}]}, 0x1c}}, 0x48010) 2.85772822s ago: executing program 2 (id=162): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x800008000) bpf$auto(0xfffffffe, &(0x7f00000001c0)=@query={@target_fd, 0x8, 0x3, 0x6, 0xff, @count=0xe35c, 0x0, 0x5, 0x6, 0x6, 0xffffffff}, 0x6f2) sendmsg$auto_ETHTOOL_MSG_EEE_SET(0xffffffffffffffff, &(0x7f0000001700)={0x0, 0x0, &(0x7f00000016c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="d4000000", @ANYRES16=0x0, @ANYBLOB="100027bd7000fbdbdf2518000000200001800247eea41fac000014000200766574683100000000000000000000000800070063fbffff0500060001000000840002803d00488013b37090badc49d6dc93876646d25a4d297d01cd3b7da38d12889cc50d505f353dc42d0a3c0a14c7b46428910708003600", @ANYRES32=0x0, @ANYBLOB="0400b3800000003d003b800400a4800c009a00008000000000000004008680c16ab1b1b39dcaa14b6af7dcc011b43cf706e562811c62b28a702b72e0a87126700294f2350000000c000180080003"], 0xd4}, 0x1, 0x0, 0x0, 0x20000010}, 0x20008000) sendmsg$auto_OVS_DP_CMD_DEL(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB="14000000", @ANYRES16=0x0, @ANYBLOB="01"], 0x14}, 0x1, 0x0, 0x0, 0x8044}, 0x4001090) sysfs$auto(0x2, 0x23, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22040, 0x75) r0 = socket(0x10, 0x2, 0x4) sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="12"], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 2.618457199s ago: executing program 1 (id=163): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x40000008000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) socket(0x2, 0x1, 0x0) socket(0xa, 0x3, 0x3a) r0 = epoll_create$auto(0x2) epoll_pwait2$auto(r0, 0x0, 0x9, 0x0, 0x0, 0x8) r1 = socket$nl_generic(0x10, 0x3, 0x10) epoll_ctl$auto(0x5, 0x1, r1, 0x0) epoll_ctl$auto_EPOLL_CTL_MOD(r0, 0x3, r1, &(0x7f0000000000)={0x7cc4, 0x7f}) r2 = socket(0x2, 0x2, 0x88) setsockopt$auto(r2, 0x0, 0x20, 0x0, 0x8) 2.561846423s ago: executing program 0 (id=164): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/module/ceph/parameters/disable_send_metrics\x00', 0xc0202, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) openat$auto_wakeup_sources_stats_fops_wakeup(0xffffffffffffff9c, &(0x7f0000000180), 0x2000, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000380)='/proc/thread-self/net/sockstat6\x00', 0x8002, 0x0) socket$nl_generic(0x10, 0x3, 0x10) open(&(0x7f0000000100)='.\x00', 0x0, 0x408) socket(0x10, 0x2, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = socket(0x10, 0x2, 0xf) r1 = bpf$auto(0x0, &(0x7f0000000080)=@bpf_attr_4={0x1e, r0, 0xffffffff}, 0xd) bpf$auto(0x2, &(0x7f0000000080)=@iter_create={r1, 0x98}, 0x5) 2.398978914s ago: executing program 1 (id=165): socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event1\x00', 0x34d802, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000080), 0x88000, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r0) ioctl$auto_KVM_GET_MSRS(r1, 0xc008ae88, &(0x7f0000000040)={0x2, 0x0, [{0x8b, 0x400, 0x9}]}) 2.39695998s ago: executing program 3 (id=166): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x80200000008000) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[], 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x400c000) close_range$auto(0x2, 0x8, 0x0) getsockname$auto(0xffffffffffffffff, &(0x7f0000000000)=@tipc=@id={0x1e, 0x3, 0x0, {0x4e20}}, 0x0) sysfs$auto(0x2, 0x1f, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x1e, 0x4, 0x0) r0 = socket(0x1e, 0x4, 0x0) setsockopt$auto(r0, 0x10f, 0x87, 0x0, 0x14) setsockopt$auto(0x3, 0x10f, 0x87, 0x0, 0x14) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x101d0, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 2.283740759s ago: executing program 0 (id=167): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0x11, 0x80000, 0x300) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_ila(&(0x7f0000000440), 0xffffffffffffffff) sendmsg$auto_ILA_CMD_ADD(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="14000000", @ANYRES16=r2, @ANYBLOB="01002bbd7000fbdbdf250100000031208be8a5b4f52d83483e5c2d79da46e337d98473588f99774c7eb4868b973c1cef8187525db7b5b4e78678eb59512dbc7b11f4e29c29e3273c870a9555cf469e67e8886341e84d38edd658cf267f92e1e785a50fe500fbc125a65f8a4e5aa458a90f3d87fc71eca6309fc0ee1724cea121a7c96dbba43270448ec20cd22915c1cfa658b316e773d1eff747e371aace10d66450a3666b7be9754bde44d1"], 0x14}, 0x1, 0x0, 0x0, 0x4014}, 0x0) sendmsg$auto_ILA_CMD_FLUSH(r0, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x1c, r2, 0x1, 0x70bd2c, 0x25dfdbfd, {}, [@ILA_ATTR_CSUM_MODE={0x5, 0x7, 0x3}]}, 0x1c}, 0x1, 0x0, 0x0, 0x5}, 0x40008c4) semctl$auto(0x7, 0x2, 0x13, 0x1) rseq$auto(&(0x7f0000000300)={0xe, 0x401, 0x0, 0x6, 0xffffffff, 0x2}, 0x8002, 0x0, 0x6) rseq$auto(&(0x7f0000000300)={0x9, 0x401, 0x0, 0x20000006, 0xe}, 0x8002, 0x1, 0x7fffffff) mmap$auto(0x0, 0x20004, 0x1ff, 0xeb1, 0x8000000000000024, 0x8000) syz_genetlink_get_family_id$auto_nl80211(&(0x7f00000002c0), 0xffffffffffffffff) 2.197325799s ago: executing program 3 (id=168): openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/loop5\x00', 0x52be82, 0x0) unshare$auto(0x40000080) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) madvise$auto(0x7fffffffffffffff, 0xfffffffffffffffe, 0x0) keyctl$auto(0x1f, 0x1, 0x6, 0x0, 0x3ff) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000200)='/dev/input/event0\x00', 0x60000, 0x0) mmap$auto(0x0, 0x2020007, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0x7, 0x0) readv$auto(0x3, &(0x7f0000001100)={0x0, 0xffff}, 0x1) close_range$auto(0x2, 0x8, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000001a80)='/dev/bus/usb/031/001\x00', 0x208000, 0x0) openat$auto_proc_page_owner_operations_page_owner(0xffffffffffffff9c, &(0x7f00000010c0), 0x0, 0x0) 2.147471643s ago: executing program 2 (id=169): close_range$auto(0x0, 0x1c94, 0x2) socket(0x2, 0x5, 0x0) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) r0 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000280), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x0, 0x0) sendmsg$auto_NL80211_CMD_STOP_P2P_DEVICE(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r0, @ANYBLOB="01002b9b617ff7bc552f4b00000008000300", @ANYRES32=r2], 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x4040004) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[], 0x1ac}}, 0x801) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 2.056708522s ago: executing program 0 (id=170): openat$auto_rfkill_fops_core(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x208840, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = socketcall$auto(0x8000, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x60980, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r1) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto(0x3, 0xae41, r3) ioctl$auto_KVM_GET_MSRS(r0, 0x4008ae89, &(0x7f00000003c0)={0x2, 0x0, [{0xce, 0xe3, 0xe}]}) 2.018405354s ago: executing program 1 (id=171): close_range$auto(0x0, 0xfffffffffffff000, 0x2) r0 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x0, 0xfffffffffffff000, 0x2) r1 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x0, 0xfffffffffffff000, 0x2) landlock_create_ruleset$auto(&(0x7f0000000000)={0x6, 0x400, 0x7}, 0x9, 0x0) landlock_restrict_self$auto(r1, 0x0) landlock_restrict_self$auto(r0, 0x0) socket(0x1, 0x2, 0x1) mmap$auto(0x0, 0x9, 0xdf, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) sendmmsg$auto(0x3, 0x0, 0x3, 0x0) 1.903806855s ago: executing program 1 (id=172): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) capset$auto(0x0, 0x0) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000140)={{0x0, 0x805aa, 0x0, 0x2e, 0x0, 0x7, 0x80001083}, 0x5}, 0xaf2, 0x100) close_range$auto(0x2, 0x8, 0x0) socket(0xa, 0x2, 0x0) r0 = socket(0x2, 0x3, 0x9) close_range$auto(0x2, 0x8000, 0x0) open(0x0, 0xa22c0, 0x155) r1 = socket(0x11, 0x80003, 0x3ff) setsockopt$auto(r1, 0x107, 0xf, 0x0, 0x6) capset$auto(0x0, &(0x7f0000000000)={0x1, 0x6, 0x48}) sendmmsg$auto(r0, &(0x7f00000006c0)={{&(0x7f0000000000), 0x5ac, &(0x7f0000000100)={0x0, 0x49}, 0x5, 0x0, 0x5, 0x1}, 0x5}, 0x2, 0x3) 1.872315534s ago: executing program 2 (id=173): socket(0xa, 0x5, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/loop13\x00', 0x60742, 0x0) rt_sigprocmask$auto_SIG_UNBLOCK(0x1, &(0x7f0000000080)={0x7}, &(0x7f00000000c0)={0x9}, 0x8) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) io_uring_register$auto(0x2, 0x11, 0x0, 0x83) socket(0x15, 0x5, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r0 = openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f0000000380)='/dev/cuse\x00', 0x0, 0x0) read$auto(r0, 0x0, 0x7fff) setsockopt$auto(0x3, 0x114, 0x3f, 0x0, 0x4) close_range$auto(0x2, 0xa, 0x0) 1.707794461s ago: executing program 0 (id=174): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x8, 0x80000000000000df, 0x10004000eb1, 0x8, 0x8000008000) close_range$auto(0x2, 0x8, 0x0) sysfs$auto(0x2, 0x100000000000027, 0x0) fsopen$auto(0x0, 0x1) socket(0x10, 0x2, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x8, 0x1, 0x8, 0xd, 0xe13, 0x81, 0xe, 0x2000000000000002, 0x0, 0x9, 0x1, 0x2, 0x80000001, 0x8627, 0x9, 0x20000800001, 0x3, 0x5, 0x7, 0x6, 0x6, 0x0, 0x4, 0x2a17, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, [0x18, 0xfffffffffffffffc, 0x0, 0x0, 0x33e, 0x0, 0x0, 0x100000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x4, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x27, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x2]}, 0x9, 0x81) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0xc090) ioctl$auto_CEC_ADAP_S_LOG_ADDRS(0xffffffffffffffff, 0xc05c6104, &(0x7f0000000100)={'\x00', 0xffff, 0x6, 0x2, 0x9b4, 0x2, "7cbc697000", "05db3d47", "01030100", "2ff43123", ["f5404de9641f8bf1bad22a9f", "a1679d340ad98fad2453f86d", "b06f8ca10c66eebcbd6f17c8", "5fe10eedab2c4b353c392a92"]}) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x4044810}, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4000010}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 1.669427475s ago: executing program 2 (id=175): mmap$auto(0x0, 0x4020009, 0xdb, 0xeb1, 0x401, 0x8000) recvmmsg$auto(0x3, &(0x7f0000000100)={{0x0, 0x9, &(0x7f0000000080)={0x0, 0x9}, 0x8, 0x0, 0x1, 0x4}, 0x4}, 0x10000, 0x300, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'veth0\x00'}) close_range$auto(0x0, 0xffffffffffffffff, 0x2) socket(0xa, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x801, 0x84) r1 = socket(0x18, 0x5, 0x1) connect$auto(r1, &(0x7f0000000000)=@in={0x2, 0x100}, 0x3a) write$auto(0xffffffffffffffff, &(0x7f0000000080)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 1.513562077s ago: executing program 3 (id=176): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket$nl_generic(0x10, 0x3, 0x10) pidfd_open$auto(0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket(0x1e, 0x4, 0x0) r1 = socket(0x1e, 0x4, 0x0) get_robust_list$auto(0x0, 0x0, 0x0) setsockopt$auto(r1, 0x10f, 0x87, 0x0, 0x14) ioctl$auto(r0, 0x2, 0x4) setsockopt$auto(0x3, 0x10f, 0x87, 0x0, 0x14) sendmmsg$auto(0x3, 0x0, 0x7, 0x0) 1.46514479s ago: executing program 2 (id=177): socket(0x10, 0x2, 0x4) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_nsim_pp_hold_fops_netdev(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/netdevsim/netdevsim1/ports/1/pp_hold\x00', 0x101001, 0x0) ppoll$auto(0x0, 0x1c, 0x0, 0x0, 0x8) fanotify_init$auto(0x602, 0x1) open(0x0, 0x1652c2, 0xe1d2b27bdc14aa98) open$dir(0x0, 0x42, 0x20) socket(0x10, 0x2, 0x4) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x4004881}, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1200"], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x7fff, &(0x7f0000000000)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x40007}, 0x3, 0x0) 1.292577675s ago: executing program 3 (id=178): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2, 0x1, 0x106) bind$auto(r0, &(0x7f0000000040)=@in={0x2, 0x3, @multicast2}, 0x6a) r1 = getsockopt$auto_SO_PEERPIDFD(r0, 0x10000, 0x4d, &(0x7f0000000000)='TIPCv2\x00', &(0x7f00000000c0)=0x5) read$auto_mtd_fops_mtdchar(r1, &(0x7f0000000100)=""/61, 0x3d) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) writev$auto(0x3, &(0x7f0000000080)={0x0, 0x1}, 0x3) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_TIPC_NL_KEY_SET(r2, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000640)=ANY=[@ANYBLOB="1c000000", @ANYRES16, @ANYBLOB="01002abd7000fcdbdf2517000000080006"], 0x1c}, 0x1, 0x0, 0x0, 0x20000090}, 0x4000) writev$auto(0x3, &(0x7f0000000080)={0x0, 0x1}, 0x3) close_range$auto(0x2, 0x8, 0x0) 1.221633552s ago: executing program 1 (id=179): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x8ea182, 0x0) close_range$auto(0x2, 0x8, 0xffffffff) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x581402, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000840)='/dev/ttyS1\x00', 0x0, 0x0) r0 = openat$auto_rng_chrdev_ops_core(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0) read$auto_rng_chrdev_ops_core(r0, &(0x7f0000000040)=""/4096, 0xfffffe82) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) close_range$auto(0x0, 0xfffffffffffff001, 0x836) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x0, 0x0) 1.090565041s ago: executing program 0 (id=180): mmap$auto(0x0, 0x9, 0xc00000072, 0x8b72, 0x1000000002, 0x8000) close_range$auto(0x2, 0xa, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x1e, 0x4, 0x0) r0 = socket(0x1e, 0x4, 0x0) get_robust_list$auto(0x0, 0x0, 0x0) setsockopt$auto(r0, 0x10f, 0x87, 0x0, 0x14) recvfrom$auto(r0, 0x0, 0xc, 0xb21, 0x0, 0x0) get_robust_list$auto(0x0, 0x0, 0x0) setsockopt$auto(0x3, 0x10f, 0x87, 0x0, 0x14) bind$auto(0x3, 0xfffffffffffffffd, 0x0) close_range$auto(0x2, 0x8, 0x0) 958.325224ms ago: executing program 3 (id=181): r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) unshare$auto(0x8) write$auto(r0, 0x0, 0x100000a3d9) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0001, 0x15) r1 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) finit_module$auto(r1, 0x0, 0x3) madvise$auto(0x0, 0xffffffffffff0005, 0x19) ptrace$auto(0x10, 0x0, 0x9, 0x7ff) mmap$auto(0x0, 0x2020009, 0x3, 0xf8, 0xfffffffffffffffa, 0x8000) 521.653443ms ago: executing program 2 (id=182): mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) r0 = io_uring_setup$auto(0x5, 0x0) close_range$auto(0x2, r0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2b, 0x1, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0xffff, @remote}, 0x6d) listen$auto(0x3, 0x81) r1 = socket(0x2b, 0x1, 0x0) sendmmsg$auto(r1, &(0x7f0000000000)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x24, 0xfffffffd}, 0x10001}, 0x5, 0x20000000) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x101e81, 0x0) poll$auto(&(0x7f0000000080)={0x3, 0x1, 0xa}, 0x5, 0x108) 149.625117ms ago: executing program 0 (id=183): mmap$auto(0x0, 0x4020009, 0xdb, 0xeb1, 0x401, 0x8000) r0 = socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) mmap$auto(0x0, 0xe983, 0x3, 0x14, 0xffffffffffffffff, 0x8000) fcntl$auto(0x3, 0x4, 0xa553) swapon$auto(0x0, 0x4) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) ioctl$auto_TIOCSETD2(r0, 0x5423, 0x0) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x24) 0s ago: executing program 1 (id=184): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_SMC_NETLINK_GET_DEV_SMCD(r0, &(0x7f0000004380)={0x0, 0x0, &(0x7f0000004340)={&(0x7f0000004300)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB='\v'], 0x14}, 0x1, 0x0, 0x0, 0x8010}, 0x810) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), r0) read$auto(r0, &(0x7f0000000000)='\x00', 0x91e2) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x100) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="13"], 0x1ac}}, 0x4004) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.135' (ED25519) to the list of known hosts. [ 83.716462][ T5808] cgroup: Unknown subsys name 'net' [ 83.814406][ T5808] cgroup: Unknown subsys name 'cpuset' [ 83.824408][ T5808] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 85.611074][ T5808] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 87.807421][ T5833] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 87.807545][ T5831] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 87.822185][ T5833] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 87.823922][ T5831] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 87.833489][ T5836] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 87.838635][ T5831] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 87.851194][ T5833] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 87.859845][ T5831] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 87.867179][ T5833] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 87.871604][ T5836] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 87.876112][ T5831] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 87.883360][ T5836] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 87.890791][ T5833] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 87.897237][ T5836] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 87.910441][ T5831] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 87.910451][ T5836] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 87.927409][ T5831] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 87.935141][ T5144] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 87.943442][ T5144] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 87.951174][ T5831] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 88.492214][ T5821] chnl_net:caif_netlink_parms(): no params data found [ 88.562046][ T5820] chnl_net:caif_netlink_parms(): no params data found [ 88.669149][ T5823] chnl_net:caif_netlink_parms(): no params data found [ 88.709143][ T5822] chnl_net:caif_netlink_parms(): no params data found [ 88.835212][ T5820] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.842978][ T5820] bridge0: port 1(bridge_slave_0) entered disabled state [ 88.850890][ T5820] bridge_slave_0: entered allmulticast mode [ 88.858113][ T5820] bridge_slave_0: entered promiscuous mode [ 88.867006][ T5821] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.874219][ T5821] bridge0: port 1(bridge_slave_0) entered disabled state [ 88.881515][ T5821] bridge_slave_0: entered allmulticast mode [ 88.888678][ T5821] bridge_slave_0: entered promiscuous mode [ 88.908801][ T5820] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.916034][ T5820] bridge0: port 2(bridge_slave_1) entered disabled state [ 88.923654][ T5820] bridge_slave_1: entered allmulticast mode [ 88.930975][ T5820] bridge_slave_1: entered promiscuous mode [ 88.938582][ T5821] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.945822][ T5821] bridge0: port 2(bridge_slave_1) entered disabled state [ 88.953384][ T5821] bridge_slave_1: entered allmulticast mode [ 88.960816][ T5821] bridge_slave_1: entered promiscuous mode [ 89.066750][ T5820] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 89.080035][ T5821] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 89.090909][ T5823] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.098190][ T5823] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.105714][ T5823] bridge_slave_0: entered allmulticast mode [ 89.113620][ T5823] bridge_slave_0: entered promiscuous mode [ 89.135176][ T5820] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 89.146826][ T5821] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 89.156265][ T5823] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.164563][ T5823] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.172399][ T5823] bridge_slave_1: entered allmulticast mode [ 89.179532][ T5823] bridge_slave_1: entered promiscuous mode [ 89.186784][ T5822] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.194222][ T5822] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.201797][ T5822] bridge_slave_0: entered allmulticast mode [ 89.209379][ T5822] bridge_slave_0: entered promiscuous mode [ 89.252062][ T5822] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.259267][ T5822] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.266871][ T5822] bridge_slave_1: entered allmulticast mode [ 89.274087][ T5822] bridge_slave_1: entered promiscuous mode [ 89.328689][ T5820] team0: Port device team_slave_0 added [ 89.336478][ T5821] team0: Port device team_slave_0 added [ 89.345283][ T5823] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 89.368411][ T5820] team0: Port device team_slave_1 added [ 89.375839][ T5821] team0: Port device team_slave_1 added [ 89.384155][ T5823] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 89.396444][ T5822] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 89.445692][ T5822] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 89.497851][ T5820] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 89.504973][ T5820] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 89.531136][ T5820] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 89.543786][ T5821] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 89.550790][ T5821] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 89.577105][ T5821] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 89.589895][ T5823] team0: Port device team_slave_0 added [ 89.607361][ T5820] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 89.614480][ T5820] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 89.640679][ T5820] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 89.652513][ T5821] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 89.659488][ T5821] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 89.686572][ T5821] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 89.699734][ T5823] team0: Port device team_slave_1 added [ 89.707974][ T5822] team0: Port device team_slave_0 added [ 89.769178][ T5822] team0: Port device team_slave_1 added [ 89.793862][ T5820] hsr_slave_0: entered promiscuous mode [ 89.800499][ T5820] hsr_slave_1: entered promiscuous mode [ 89.809401][ T5823] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 89.817010][ T5823] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 89.843149][ T5823] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 89.878504][ T5823] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 89.885796][ T5823] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 89.912390][ T5823] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 89.956683][ T5822] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 89.964765][ T5822] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 89.964789][ T5836] Bluetooth: hci1: command tx timeout [ 89.991734][ T5822] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 90.020993][ T5821] hsr_slave_0: entered promiscuous mode [ 90.027330][ T5821] hsr_slave_1: entered promiscuous mode [ 90.034430][ T5821] debugfs: 'hsr0' already exists in 'hsr' [ 90.040341][ T5836] Bluetooth: hci0: command tx timeout [ 90.040380][ T5821] Cannot create hsr debugfs directory [ 90.050507][ T5828] Bluetooth: hci2: command tx timeout [ 90.057082][ T5836] Bluetooth: hci3: command tx timeout [ 90.064354][ T5822] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 90.071823][ T5822] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 90.098381][ T5822] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 90.253187][ T5823] hsr_slave_0: entered promiscuous mode [ 90.259592][ T5823] hsr_slave_1: entered promiscuous mode [ 90.266563][ T5823] debugfs: 'hsr0' already exists in 'hsr' [ 90.272414][ T5823] Cannot create hsr debugfs directory [ 90.290412][ T5822] hsr_slave_0: entered promiscuous mode [ 90.296715][ T5822] hsr_slave_1: entered promiscuous mode [ 90.303116][ T5822] debugfs: 'hsr0' already exists in 'hsr' [ 90.308865][ T5822] Cannot create hsr debugfs directory [ 90.714934][ T5821] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 90.728122][ T5821] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 90.740138][ T5821] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 90.764615][ T5821] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 90.824718][ T5820] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 90.862819][ T5820] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 90.874501][ T5820] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 90.907197][ T5820] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 90.973927][ T5822] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 91.006909][ T5822] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 91.017781][ T5822] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 91.029076][ T5822] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 91.094895][ T5823] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 91.106082][ T5823] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 91.116898][ T5823] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 91.127958][ T5823] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 91.204866][ T5821] 8021q: adding VLAN 0 to HW filter on device bond0 [ 91.299576][ T5821] 8021q: adding VLAN 0 to HW filter on device team0 [ 91.342506][ T58] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.349900][ T58] bridge0: port 1(bridge_slave_0) entered forwarding state [ 91.377540][ T58] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.384698][ T58] bridge0: port 2(bridge_slave_1) entered forwarding state [ 91.445926][ T5823] 8021q: adding VLAN 0 to HW filter on device bond0 [ 91.459626][ T5820] 8021q: adding VLAN 0 to HW filter on device bond0 [ 91.497225][ T5820] 8021q: adding VLAN 0 to HW filter on device team0 [ 91.529649][ T5823] 8021q: adding VLAN 0 to HW filter on device team0 [ 91.553529][ T104] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.560769][ T104] bridge0: port 1(bridge_slave_0) entered forwarding state [ 91.578505][ T5822] 8021q: adding VLAN 0 to HW filter on device bond0 [ 91.597314][ T104] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.604519][ T104] bridge0: port 2(bridge_slave_1) entered forwarding state [ 91.633737][ T104] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.640969][ T104] bridge0: port 1(bridge_slave_0) entered forwarding state [ 91.659418][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.666687][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 91.702774][ T5822] 8021q: adding VLAN 0 to HW filter on device team0 [ 91.761357][ T3509] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.768548][ T3509] bridge0: port 1(bridge_slave_0) entered forwarding state [ 91.799628][ T151] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.806910][ T151] bridge0: port 2(bridge_slave_1) entered forwarding state [ 92.041009][ T5836] Bluetooth: hci1: command tx timeout [ 92.124949][ T5836] Bluetooth: hci3: command tx timeout [ 92.130628][ T5828] Bluetooth: hci2: command tx timeout [ 92.134162][ T51] Bluetooth: hci0: command tx timeout [ 92.142469][ T9] cfg80211: failed to load regulatory.db [ 92.235489][ T5821] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 92.411203][ T5820] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 92.431167][ T5821] veth0_vlan: entered promiscuous mode [ 92.465359][ T5823] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 92.477315][ T5821] veth1_vlan: entered promiscuous mode [ 92.567170][ T5820] veth0_vlan: entered promiscuous mode [ 92.608506][ T5822] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 92.624220][ T5820] veth1_vlan: entered promiscuous mode [ 92.640163][ T5821] veth0_macvtap: entered promiscuous mode [ 92.653424][ T5823] veth0_vlan: entered promiscuous mode [ 92.667028][ T5821] veth1_macvtap: entered promiscuous mode [ 92.697225][ T5821] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 92.720472][ T5821] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 92.728286][ T5823] veth1_vlan: entered promiscuous mode [ 92.756949][ T249] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.775225][ T5820] veth0_macvtap: entered promiscuous mode [ 92.788672][ T249] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.799594][ T249] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.813516][ T5820] veth1_macvtap: entered promiscuous mode [ 92.824102][ T249] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.867274][ T5822] veth0_vlan: entered promiscuous mode [ 92.910649][ T5822] veth1_vlan: entered promiscuous mode [ 92.923546][ T5820] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 92.943876][ T5820] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 92.996905][ T5823] veth0_macvtap: entered promiscuous mode [ 93.007136][ T104] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.018095][ T104] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.041409][ T5823] veth1_macvtap: entered promiscuous mode [ 93.056495][ T104] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.065430][ T104] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.089218][ T249] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.100481][ T249] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.174779][ T5823] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 93.197360][ T104] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.205963][ T104] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.218461][ T5822] veth0_macvtap: entered promiscuous mode [ 93.230145][ T5823] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 93.245441][ T5822] veth1_macvtap: entered promiscuous mode [ 93.296025][ T151] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.324652][ T5821] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 93.327845][ T151] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.359910][ T5822] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 93.375457][ T5822] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 93.380416][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.398716][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.409524][ T151] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.435511][ T151] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.516946][ T151] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.525886][ T151] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.544234][ T13] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.553173][ T13] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.579252][ T58] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.591952][ T58] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.798865][ T58] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.833583][ T58] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.844497][ T5915] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 93.949721][ T249] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.974225][ T249] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.076879][ T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.092547][ T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.114208][ T104] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.122348][ T51] Bluetooth: hci1: command tx timeout [ 94.140707][ T104] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.201375][ T51] Bluetooth: hci0: command tx timeout [ 94.212822][ T51] Bluetooth: hci3: command tx timeout [ 94.218357][ T51] Bluetooth: hci2: command tx timeout [ 94.632201][ T5922] FAULT_INJECTION: forcing a failure. [ 94.632201][ T5922] name failslab, interval 1, probability 0, space 0, times 1 [ 94.655400][ T5922] CPU: 1 UID: 0 PID: 5922 Comm: syz.1.6 Not tainted syzkaller #0 PREEMPT(full) [ 94.655440][ T5922] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 94.655457][ T5922] Call Trace: [ 94.655468][ T5922] [ 94.655479][ T5922] dump_stack_lvl+0x100/0x190 [ 94.655530][ T5922] should_fail_ex.cold+0x5/0xa [ 94.655565][ T5922] should_failslab+0xc2/0x120 [ 94.655595][ T5922] __kvmalloc_node_noprof+0xfa/0xa00 [ 94.655640][ T5922] ? alloc_fdtable+0x110/0x2d0 [ 94.655694][ T5922] alloc_fdtable+0x110/0x2d0 [ 94.655739][ T5922] dup_fd+0x995/0xd10 [ 94.655772][ T5922] ? __fget_files+0x21f/0x3d0 [ 94.655804][ T5922] ksys_unshare+0x7ad/0xad0 [ 94.655843][ T5922] ? __pfx_ksys_unshare+0x10/0x10 [ 94.655894][ T5922] __x64_sys_unshare+0x31/0x40 [ 94.655929][ T5922] do_syscall_64+0x106/0xf80 [ 94.655962][ T5922] ? clear_bhb_loop+0x40/0x90 [ 94.655998][ T5922] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 94.656029][ T5922] RIP: 0033:0x7f101679c799 [ 94.656054][ T5922] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 94.656080][ T5922] RSP: 002b:00007f10176fa028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 94.656108][ T5922] RAX: ffffffffffffffda RBX: 00007f1016a15fa0 RCX: 00007f101679c799 [ 94.656126][ T5922] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000008000400 [ 94.656142][ T5922] RBP: 00007f1016832bd9 R08: 0000000000000000 R09: 0000000000000000 [ 94.656159][ T5922] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 94.656184][ T5922] R13: 00007f1016a16038 R14: 00007f1016a15fa0 R15: 00007ffc330f3178 [ 94.656222][ T5922] [ 94.889625][ T5932] Zero length message leads to an empty skb [ 95.701614][ T5951] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 96.202979][ T51] Bluetooth: hci1: command tx timeout [ 96.281804][ T51] Bluetooth: hci2: command tx timeout [ 96.282022][ T5836] Bluetooth: hci3: command tx timeout [ 96.287435][ T51] Bluetooth: hci0: command tx timeout [ 96.307345][ T5972] sysfs_service_op_store: Client not running :-5: [ 96.547306][ T5976] binder: 5975:5976 ioctl c0306201 200000000000 returned -11 [ 96.554925][ T51] Bluetooth: hci2: unexpected subevent 0x18 length: 123 > 19 [ 96.562500][ T51] Bluetooth: hci2: Unable to find connection for dst f9:56:cc:cc:70:a9 sid 0x00 [ 96.971977][ T5983] netlink: 342 bytes leftover after parsing attributes in process `syz.3.27'. [ 97.777184][ T6000] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 98.140888][ T6001] bond0: option all_slaves_active: invalid value () [ 98.221704][ T6005] netlink: 50 bytes leftover after parsing attributes in process `syz.1.33'. [ 101.585584][ T6053] netlink: 'syz.3.47': attribute type 28 has an invalid length. [ 101.615696][ T6053] netlink: 'syz.3.47': attribute type 3 has an invalid length. [ 101.659222][ T6053] netlink: 306 bytes leftover after parsing attributes in process `syz.3.47'. [ 102.395746][ T6064] zswap: compressor not available [ 102.632614][ T6065] zswap: compressor  not available [ 102.638703][ T6073] Kernel: The 'panic_print' parameter is now deprecated. Please use 'panic_sys_info' and 'panic_console_replay' instead. [ 102.870534][ T6079] FAULT_INJECTION: forcing a failure. [ 102.870534][ T6079] name failslab, interval 1, probability 0, space 0, times 0 [ 102.904425][ T6079] CPU: 0 UID: 0 PID: 6079 Comm: syz.0.55 Not tainted syzkaller #0 PREEMPT(full) [ 102.904468][ T6079] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 102.904486][ T6079] Call Trace: [ 102.904496][ T6079] [ 102.904509][ T6079] dump_stack_lvl+0x100/0x190 [ 102.904563][ T6079] should_fail_ex.cold+0x5/0xa [ 102.904600][ T6079] should_failslab+0xc2/0x120 [ 102.904635][ T6079] __kmalloc_cache_noprof+0x7a/0x6f0 [ 102.904674][ T6079] ? cec_open+0xdb/0x690 [ 102.904708][ T6079] ? __lock_acquire+0x4a5/0x2630 [ 102.904754][ T6079] cec_open+0xdb/0x690 [ 102.904790][ T6079] ? __pfx_cec_open+0x10/0x10 [ 102.904831][ T6079] ? do_raw_spin_lock+0x128/0x260 [ 102.904875][ T6079] ? find_held_lock+0x2b/0x80 [ 102.904904][ T6079] ? chrdev_open+0x589/0x6a0 [ 102.904933][ T6079] ? chrdev_open+0x589/0x6a0 [ 102.904970][ T6079] ? __pfx_cec_open+0x10/0x10 [ 102.905004][ T6079] chrdev_open+0x234/0x6a0 [ 102.905036][ T6079] ? __pfx_chrdev_open+0x10/0x10 [ 102.905069][ T6079] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 102.905110][ T6079] do_dentry_open+0x6d8/0x1660 [ 102.905140][ T6079] ? __pfx_chrdev_open+0x10/0x10 [ 102.905181][ T6079] vfs_open+0x82/0x3f0 [ 102.905225][ T6079] path_openat+0x208c/0x31a0 [ 102.905269][ T6079] ? __pfx_path_openat+0x10/0x10 [ 102.905327][ T6079] do_file_open+0x20e/0x430 [ 102.905362][ T6079] ? __pfx_do_file_open+0x10/0x10 [ 102.905422][ T6079] ? alloc_fd+0x476/0x790 [ 102.905458][ T6079] ? do_getname+0x191/0x390 [ 102.905500][ T6079] do_sys_openat2+0x10d/0x1e0 [ 102.905540][ T6079] ? __pfx_do_sys_openat2+0x10/0x10 [ 102.905583][ T6079] ? __fget_files+0x21f/0x3d0 [ 102.905621][ T6079] __x64_sys_openat+0x12d/0x210 [ 102.905664][ T6079] ? __pfx___x64_sys_openat+0x10/0x10 [ 102.905721][ T6079] do_syscall_64+0x106/0xf80 [ 102.905757][ T6079] ? clear_bhb_loop+0x40/0x90 [ 102.905796][ T6079] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 102.905829][ T6079] RIP: 0033:0x7fbb8359c799 [ 102.905855][ T6079] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 102.905884][ T6079] RSP: 002b:00007fbb84507028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 102.905913][ T6079] RAX: ffffffffffffffda RBX: 00007fbb83815fa0 RCX: 00007fbb8359c799 [ 102.905932][ T6079] RDX: 0000000000101901 RSI: 0000200000002c00 RDI: ffffffffffffff9c [ 102.905951][ T6079] RBP: 00007fbb83632bd9 R08: 0000000000000000 R09: 0000000000000000 [ 102.905970][ T6079] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 102.905987][ T6079] R13: 00007fbb83816038 R14: 00007fbb83815fa0 R15: 00007ffc3ed1b0c8 [ 102.906028][ T6079] [ 103.732644][ T6087] netlink: 354 bytes leftover after parsing attributes in process `syz.0.57'. [ 104.153852][ T6086] vcan0: tx drop: invalid sa for name 0x00000000000000fd [ 105.634965][ T6116] netlink: 504 bytes leftover after parsing attributes in process `syz.2.68'. [ 106.193454][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 107.011757][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 107.252505][ T6126] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x79000 [ 107.262230][ T6126] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 107.279740][ T6126] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 107.316595][ T6126] page_type: f5(slab) [ 107.326691][ T6126] raw: 00fff00000000040 ffff88813fe3d280 dead000000000100 dead000000000122 [ 107.400355][ T6126] raw: 0000000000000000 0000000800020002 00000000f5000000 0000000000000000 [ 107.439352][ T6126] head: 00fff00000000040 ffff88813fe3d280 dead000000000100 dead000000000122 [ 107.464438][ T6126] head: 0000000000000000 0000000800020002 00000000f5000000 0000000000000000 [ 107.520432][ T6126] head: 00fff00000000003 ffffea0001e40001 00000000ffffffff 00000000ffffffff [ 107.551310][ T6126] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 107.601731][ T6126] page dumped because: unmovable page [ 107.607171][ T6126] page_owner tracks the page as allocated [ 107.625146][ T6138] FAULT_INJECTION: forcing a failure. [ 107.625146][ T6138] name failslab, interval 1, probability 0, space 0, times 0 [ 107.643907][ T6126] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x528c0(GFP_NOWAIT|__GFP_IO|__GFP_FS|__GFP_NORETRY|__GFP_COMP), pid 5487, tgid 5487 (dhcpcd), ts 59771575744, free_ts 29083271975 [ 107.697460][ T6138] CPU: 1 UID: 0 PID: 6138 Comm: syz.1.75 Not tainted syzkaller #0 PREEMPT(full) [ 107.697503][ T6138] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 107.697521][ T6138] Call Trace: [ 107.697531][ T6138] [ 107.697544][ T6138] dump_stack_lvl+0x100/0x190 [ 107.697595][ T6138] should_fail_ex.cold+0x5/0xa [ 107.697630][ T6138] should_failslab+0xc2/0x120 [ 107.697662][ T6138] __kmalloc_node_track_caller_noprof+0xe3/0x850 [ 107.697713][ T6138] ? kvasprintf_const+0x66/0x1a0 [ 107.697754][ T6138] kvasprintf+0xbc/0x150 [ 107.697783][ T6138] ? __pfx_kvasprintf+0x10/0x10 [ 107.697816][ T6138] ? rcu_is_watching+0x12/0xc0 [ 107.697861][ T6138] ? ida_alloc_range+0x70d/0x830 [ 107.697895][ T6138] ? kfree+0x2ec/0x6b0 [ 107.697928][ T6138] ? mark_held_locks+0x40/0x70 [ 107.697973][ T6138] kvasprintf_const+0x66/0x1a0 [ 107.698005][ T6138] kobject_set_name_vargs+0x5a/0x140 [ 107.698049][ T6138] dev_set_name+0xc7/0x100 [ 107.698084][ T6138] ? __pfx_dev_set_name+0x10/0x10 [ 107.698138][ T6138] nfc_allocate_device+0x206/0x5e0 [ 107.698180][ T6138] nci_allocate_device+0x23b/0x410 [ 107.698231][ T6138] virtual_ncidev_open+0x6f/0x220 [ 107.698274][ T6138] ? __pfx_virtual_ncidev_open+0x10/0x10 [ 107.698307][ T6138] misc_open+0x26d/0x450 [ 107.698355][ T6138] ? __pfx_misc_open+0x10/0x10 [ 107.698402][ T6138] chrdev_open+0x234/0x6a0 [ 107.698436][ T6138] ? __pfx_chrdev_open+0x10/0x10 [ 107.698470][ T6138] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 107.698510][ T6138] do_dentry_open+0x6d8/0x1660 [ 107.698540][ T6138] ? __pfx_chrdev_open+0x10/0x10 [ 107.698583][ T6138] vfs_open+0x82/0x3f0 [ 107.698627][ T6138] path_openat+0x208c/0x31a0 [ 107.698673][ T6138] ? __pfx_path_openat+0x10/0x10 [ 107.698728][ T6138] do_file_open+0x20e/0x430 [ 107.698763][ T6138] ? __pfx_do_file_open+0x10/0x10 [ 107.698827][ T6138] ? alloc_fd+0x476/0x790 [ 107.698861][ T6138] ? do_getname+0x191/0x390 [ 107.698904][ T6138] do_sys_openat2+0x10d/0x1e0 [ 107.698944][ T6138] ? __pfx_do_sys_openat2+0x10/0x10 [ 107.698998][ T6138] __x64_sys_openat+0x12d/0x210 [ 107.699038][ T6138] ? __pfx___x64_sys_openat+0x10/0x10 [ 107.699096][ T6138] do_syscall_64+0x106/0xf80 [ 107.699130][ T6138] ? clear_bhb_loop+0x40/0x90 [ 107.699169][ T6138] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 107.699201][ T6138] RIP: 0033:0x7f101679c799 [ 107.699227][ T6138] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 107.699262][ T6138] RSP: 002b:00007f10176fa028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 107.699292][ T6138] RAX: ffffffffffffffda RBX: 00007f1016a15fa0 RCX: 00007f101679c799 [ 107.699312][ T6138] RDX: 0000000000000002 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 107.699330][ T6138] RBP: 00007f1016832bd9 R08: 0000000000000000 R09: 0000000000000000 [ 107.699347][ T6138] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 107.699364][ T6138] R13: 00007f1016a16038 R14: 00007f1016a15fa0 R15: 00007ffc330f3178 [ 107.699407][ T6138] [ 107.720364][ T6126] post_alloc_hook+0x153/0x170 [ 107.998511][ T51] Bluetooth: hci0: Malformed LE Event: 0x1b [ 108.030281][ T6126] get_page_from_freelist+0x111d/0x3140 [ 108.037064][ T6126] __alloc_frozen_pages_noprof+0x27c/0x2ba0 [ 108.044304][ T6126] alloc_pages_mpol+0x1fb/0x550 [ 108.053576][ T6126] new_slab+0x43a/0x6d0 [ 108.057825][ T6126] ___slab_alloc+0x2a0/0x850 [ 108.094132][ T6126] __kvmalloc_node_noprof+0x55b/0xa00 [ 108.099618][ T6126] pfifo_fast_init+0x177/0x3b0 [ 108.140379][ T6126] qdisc_create_dflt+0x124/0x4c0 [ 108.145506][ T6126] mq_init_common+0x1f4/0x490 [ 108.170380][ T6126] mq_init+0x26/0x60 [ 108.174359][ T6126] qdisc_create_dflt+0x124/0x4c0 [ 108.179335][ T6126] dev_activate+0xaa9/0xce0 [ 108.210115][ T6126] __dev_open+0x4f1/0x960 [ 108.226240][ T6126] __dev_change_flags+0x558/0x6f0 [ 108.241936][ T6126] netif_change_flags+0x8d/0x160 [ 108.259860][ T6126] page last free pid 1 tgid 1 stack trace: [ 108.277835][ T6126] __free_frozen_pages+0x7e1/0x10d0 [ 108.290422][ T6126] free_contig_range+0xde/0x1d0 [ 108.305614][ T6126] destroy_args+0xa8/0x7a0 [ 108.310136][ T6126] debug_vm_pgtable+0x1b66/0x34c0 [ 108.330355][ T6126] do_one_initcall+0x11d/0x760 [ 108.340328][ T6126] kernel_init_freeable+0x6e5/0x7a0 [ 108.357137][ T6126] kernel_init+0x1f/0x1e0 [ 108.372027][ T6126] ret_from_fork+0x754/0xd80 [ 108.376724][ T6126] ret_from_fork_asm+0x1a/0x30 [ 108.459970][ T6149] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input6 [ 109.243884][ T6163] Â: entered promiscuous mode [ 109.522841][ T6173] netlink: 330 bytes leftover after parsing attributes in process `syz.1.84'. [ 110.508401][ T6189] netlink: 4 bytes leftover after parsing attributes in process `syz.1.91'. [ 110.522144][ T6189] netlink: 'syz.1.91': attribute type 1 has an invalid length. [ 110.529755][ T6189] netlink: 13 bytes leftover after parsing attributes in process `syz.1.91'. [ 110.830836][ T6198] random: crng reseeded on system resumption [ 111.200282][ T6206] FAULT_INJECTION: forcing a failure. [ 111.200282][ T6206] name failslab, interval 1, probability 0, space 0, times 0 [ 111.283873][ T6206] CPU: 0 UID: 0 PID: 6206 Comm: syz.1.95 Not tainted syzkaller #0 PREEMPT(full) [ 111.283919][ T6206] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 111.283935][ T6206] Call Trace: [ 111.284020][ T6206] [ 111.284031][ T6206] dump_stack_lvl+0x100/0x190 [ 111.284078][ T6206] should_fail_ex.cold+0x5/0xa [ 111.284111][ T6206] ? __alloc_empty_sheaf+0x35/0x50 [ 111.284146][ T6206] should_failslab+0xc2/0x120 [ 111.284175][ T6206] __kmalloc_noprof+0xe0/0x850 [ 111.284210][ T6206] ? __pcs_replace_empty_main+0x12d/0x600 [ 111.284247][ T6206] ? __pcs_replace_empty_main+0x12d/0x600 [ 111.284290][ T6206] __alloc_empty_sheaf+0x35/0x50 [ 111.284325][ T6206] __pcs_replace_empty_main+0x3ec/0x600 [ 111.284367][ T6206] kmem_cache_alloc_noprof+0x480/0x6e0 [ 111.284405][ T6206] ? audit_log_start+0x29d/0x930 [ 111.284449][ T6206] audit_log_start+0x29d/0x930 [ 111.284488][ T6206] ? __pfx_audit_log_start+0x10/0x10 [ 111.284526][ T6206] ? arch_do_signal_or_restart+0x1f9/0x770 [ 111.284561][ T6206] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 111.284603][ T6206] audit_seccomp+0x60/0x190 [ 111.284633][ T6206] ? exc_general_protection+0x12e/0x250 [ 111.284675][ T6206] __secure_computing+0x26d/0x2c0 [ 111.284715][ T6206] do_syscall_64+0x568/0xf80 [ 111.284746][ T6206] ? clear_bhb_loop+0x40/0x90 [ 111.284780][ T6206] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 111.284808][ T6206] RIP: 0033:0x7f101679c799 [ 111.284832][ T6206] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 111.284857][ T6206] RSP: 002b:00007f10176b7a38 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 111.284884][ T6206] RAX: ffffffffffffffda RBX: 000000000000000b RCX: 00007f101679c799 [ 111.284902][ T6206] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 000000000000000b [ 111.284918][ T6206] RBP: 00007f10176b8030 R08: 0000000000000000 R09: 000000000000000b [ 111.284934][ T6206] R10: 0000000000000009 R11: 0000000000000246 R12: 000000000000510a [ 111.284958][ T6206] R13: 00007f1016a16218 R14: 00007f1016a16180 R15: 00007ffc330f3178 [ 111.284995][ T6206] [ 111.297235][ T30] audit: type=1326 audit(4294967338.540:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6200 comm="syz.1.95" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f101679c799 code=0x0 [ 112.921640][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 113.710356][ T6227] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 113.918092][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 113.929400][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 113.940795][ T0] NOHZ tick-stop error: local softirq work is pending, handler #202!!! [ 113.950507][ T0] NOHZ tick-stop error: local softirq work is pending, handler #280!!! [ 113.964289][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 114.365416][ T6237] netlink: 186 bytes leftover after parsing attributes in process `syz.2.105'. [ 114.378736][ T6237] netlink: 186 bytes leftover after parsing attributes in process `syz.2.105'. [ 114.388297][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 115.048556][ T6241] FAULT_INJECTION: forcing a failure. [ 115.048556][ T6241] name failslab, interval 1, probability 0, space 0, times 0 [ 115.086400][ T6241] CPU: 0 UID: 0 PID: 6241 Comm: syz.1.107 Not tainted syzkaller #0 PREEMPT(full) [ 115.086428][ T6241] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 115.086438][ T6241] Call Trace: [ 115.086445][ T6241] [ 115.086452][ T6241] dump_stack_lvl+0x100/0x190 [ 115.086485][ T6241] should_fail_ex.cold+0x5/0xa [ 115.086507][ T6241] should_failslab+0xc2/0x120 [ 115.086527][ T6241] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 115.086554][ T6241] ? __kernfs_new_node+0xd2/0x960 [ 115.086584][ T6241] __kernfs_new_node+0xd2/0x960 [ 115.086612][ T6241] ? __pfx___kernfs_new_node+0x10/0x10 [ 115.086643][ T6241] ? find_held_lock+0x2b/0x80 [ 115.086660][ T6241] ? kernfs_root+0xee/0x2a0 [ 115.086682][ T6241] ? kernfs_root+0xee/0x2a0 [ 115.086717][ T6241] kernfs_new_node+0x11b/0x1a0 [ 115.086749][ T6241] __kernfs_create_file+0x53/0x350 [ 115.086782][ T6241] sysfs_add_file_mode_ns+0x207/0x3c0 [ 115.086827][ T6241] sysfs_merge_group+0x194/0x340 [ 115.086866][ T6241] ? __pfx_sysfs_merge_group+0x10/0x10 [ 115.086909][ T6241] ? __pfx_dev_add_physical_location+0x10/0x10 [ 115.086938][ T6241] ? bus_to_subsys+0x114/0x150 [ 115.086960][ T6241] dpm_sysfs_add+0x237/0x280 [ 115.086988][ T6241] device_add+0x9ef/0x1950 [ 115.087019][ T6241] ? __pfx_device_add+0x10/0x10 [ 115.087056][ T6241] nfc_register_device+0x41/0x3e0 [ 115.087081][ T6241] nci_register_device+0x7f1/0xb80 [ 115.087110][ T6241] ? __pfx_nci_register_device+0x10/0x10 [ 115.087141][ T6241] ? lockdep_init_map_type+0x5c/0x250 [ 115.087178][ T6241] virtual_ncidev_open+0x141/0x220 [ 115.087198][ T6241] ? __pfx_virtual_ncidev_open+0x10/0x10 [ 115.087217][ T6241] misc_open+0x26d/0x450 [ 115.087246][ T6241] ? __pfx_misc_open+0x10/0x10 [ 115.087273][ T6241] chrdev_open+0x234/0x6a0 [ 115.087291][ T6241] ? __pfx_apparmor_file_open+0x10/0x10 [ 115.087317][ T6241] ? __pfx_chrdev_open+0x10/0x10 [ 115.087336][ T6241] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 115.087360][ T6241] do_dentry_open+0x6d8/0x1660 [ 115.087377][ T6241] ? __pfx_chrdev_open+0x10/0x10 [ 115.087400][ T6241] vfs_open+0x82/0x3f0 [ 115.087425][ T6241] path_openat+0x208c/0x31a0 [ 115.087451][ T6241] ? __pfx_path_openat+0x10/0x10 [ 115.087477][ T6241] do_file_open+0x20e/0x430 [ 115.087497][ T6241] ? __pfx_do_file_open+0x10/0x10 [ 115.087533][ T6241] ? alloc_fd+0x476/0x790 [ 115.087553][ T6241] ? do_getname+0x191/0x390 [ 115.087578][ T6241] do_sys_openat2+0x10d/0x1e0 [ 115.087601][ T6241] ? __pfx_do_sys_openat2+0x10/0x10 [ 115.087633][ T6241] __x64_sys_openat+0x12d/0x210 [ 115.087656][ T6241] ? __pfx___x64_sys_openat+0x10/0x10 [ 115.087688][ T6241] do_syscall_64+0x106/0xf80 [ 115.087708][ T6241] ? clear_bhb_loop+0x40/0x90 [ 115.087731][ T6241] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 115.087749][ T6241] RIP: 0033:0x7f101679c799 [ 115.087765][ T6241] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 115.087781][ T6241] RSP: 002b:00007f10176fa028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 115.087799][ T6241] RAX: ffffffffffffffda RBX: 00007f1016a15fa0 RCX: 00007f101679c799 [ 115.087810][ T6241] RDX: 0000000000000002 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 115.087821][ T6241] RBP: 00007f1016832bd9 R08: 0000000000000000 R09: 0000000000000000 [ 115.087831][ T6241] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 115.087841][ T6241] R13: 00007f1016a16038 R14: 00007f1016a15fa0 R15: 00007ffc330f3178 [ 115.087865][ T6241] [ 115.511696][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 115.924161][ T6256] netlink: 13 bytes leftover after parsing attributes in process `syz.3.109'. [ 117.226517][ T6284] netlink: 226 bytes leftover after parsing attributes in process `syz.2.119'. [ 117.255577][ T6284] netlink: 4 bytes leftover after parsing attributes in process `syz.2.119'. [ 117.285332][ T6284] A link change request failed with some changes committed already. Interface wg1 may have been left with an inconsistent configuration, please check. [ 117.510265][ T6293] lo: entered allmulticast mode [ 117.521770][ T6293] lo: left allmulticast mode [ 117.788077][ T6293] zswap: compressor û not available [ 117.797022][ T6296] Setting dangerous option i915.mitigations - tainting kernel [ 117.823818][ T6297] Setting dangerous option i915.mitigations - tainting kernel [ 117.916891][ T6301] FAULT_INJECTION: forcing a failure. [ 117.916891][ T6301] name failslab, interval 1, probability 0, space 0, times 0 [ 117.959405][ T6301] CPU: 0 UID: 0 PID: 6301 Comm: syz.1.123 Tainted: G U syzkaller #0 PREEMPT(full) [ 117.959453][ T6301] Tainted: [U]=USER [ 117.959462][ T6301] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 117.959477][ T6301] Call Trace: [ 117.959488][ T6301] [ 117.959500][ T6301] dump_stack_lvl+0x100/0x190 [ 117.959550][ T6301] should_fail_ex.cold+0x5/0xa [ 117.959586][ T6301] ? vkms_crtc_atomic_check+0x38a/0x7c0 [ 117.959614][ T6301] should_failslab+0xc2/0x120 [ 117.959644][ T6301] __kmalloc_noprof+0xe0/0x850 [ 117.959683][ T6301] ? drm_atomic_add_affected_planes+0x32b/0x3f0 [ 117.959738][ T6301] vkms_crtc_atomic_check+0x38a/0x7c0 [ 117.959775][ T6301] ? __pfx_vkms_crtc_atomic_check+0x10/0x10 [ 117.959803][ T6301] drm_atomic_helper_check_planes+0x4dc/0x900 [ 117.959863][ T6301] drm_atomic_helper_check+0xae/0x190 [ 117.959897][ T6301] vkms_atomic_check+0x1d9/0x250 [ 117.959948][ T6301] ? __pfx_vkms_atomic_check+0x10/0x10 [ 117.959994][ T6301] drm_atomic_check_only+0x19ea/0x31b0 [ 117.960046][ T6301] drm_atomic_commit+0x132/0x300 [ 117.960076][ T6301] ? __pfx_drm_atomic_commit+0x10/0x10 [ 117.960099][ T6301] ? __pfx___drm_printfn_info+0x10/0x10 [ 117.960139][ T6301] ? drm_client_rotation+0x451/0x6a0 [ 117.960178][ T6301] drm_client_modeset_commit_atomic+0x6a6/0x7e0 [ 117.960224][ T6301] ? __mutex_lock+0x26a/0x1b90 [ 117.960258][ T6301] ? __pfx_drm_client_modeset_commit_atomic+0x10/0x10 [ 117.960293][ T6301] ? drm_master_internal_acquire+0x21/0x80 [ 117.960364][ T6301] drm_client_modeset_commit_locked+0x14d/0x580 [ 117.960397][ T6301] drm_client_modeset_commit+0x4f/0x80 [ 117.960420][ T6301] __drm_fb_helper_restore_fbdev_mode_unlocked.part.0+0x137/0x160 [ 117.960448][ T6301] drm_fb_helper_restore_fbdev_mode_unlocked+0x93/0xc0 [ 117.960472][ T6301] drm_fbdev_client_restore+0x1b/0x30 [ 117.960499][ T6301] ? __pfx_drm_fbdev_client_restore+0x10/0x10 [ 117.960526][ T6301] drm_client_dev_restore+0x205/0x2a0 [ 117.960552][ T6301] drm_release+0x2c6/0x360 [ 117.960571][ T6301] ? __pfx_drm_release+0x10/0x10 [ 117.960590][ T6301] __fput+0x3ff/0xb40 [ 117.960616][ T6301] task_work_run+0x150/0x240 [ 117.960643][ T6301] ? __pfx_task_work_run+0x10/0x10 [ 117.960675][ T6301] exit_to_user_mode_loop+0x100/0x4a0 [ 117.960702][ T6301] do_syscall_64+0x668/0xf80 [ 117.960737][ T6301] ? clear_bhb_loop+0x40/0x90 [ 117.960760][ T6301] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 117.960778][ T6301] RIP: 0033:0x7f101679c799 [ 117.960795][ T6301] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 117.960812][ T6301] RSP: 002b:00007f10176fa028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 117.960832][ T6301] RAX: 0000000000000000 RBX: 00007f1016a15fa0 RCX: 00007f101679c799 [ 117.960843][ T6301] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 117.960853][ T6301] RBP: 00007f1016832bd9 R08: 0000000000000000 R09: 0000000000000000 [ 117.960863][ T6301] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 117.960874][ T6301] R13: 00007f1016a16038 R14: 00007f1016a15fa0 R15: 00007ffc330f3178 [ 117.960898][ T6301] [ 119.767625][ T6316] FAULT_INJECTION: forcing a failure. [ 119.767625][ T6316] name failslab, interval 1, probability 0, space 0, times 0 [ 119.835494][ T6316] CPU: 1 UID: 0 PID: 6316 Comm: syz.3.128 Tainted: G U syzkaller #0 PREEMPT(full) [ 119.835546][ T6316] Tainted: [U]=USER [ 119.835556][ T6316] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 119.835575][ T6316] Call Trace: [ 119.835587][ T6316] [ 119.835599][ T6316] dump_stack_lvl+0x100/0x190 [ 119.835651][ T6316] should_fail_ex.cold+0x5/0xa [ 119.835687][ T6316] ? lsm_blob_alloc+0x68/0x90 [ 119.835723][ T6316] should_failslab+0xc2/0x120 [ 119.835755][ T6316] __kmalloc_noprof+0xe0/0x850 [ 119.835800][ T6316] ? trace_kmalloc+0x101/0x130 [ 119.835839][ T6316] lsm_blob_alloc+0x68/0x90 [ 119.835876][ T6316] security_sk_alloc+0x2d/0x290 [ 119.835921][ T6316] sk_prot_alloc+0x12a/0x2a0 [ 119.835961][ T6316] sk_alloc+0x36/0xe80 [ 119.835997][ T6316] __netlink_create+0x5e/0x2c0 [ 119.836034][ T6316] __netlink_kernel_create+0xed/0x750 [ 119.836074][ T6316] ? __lock_acquire+0x4a5/0x2630 [ 119.836112][ T6316] ? __pfx___netlink_kernel_create+0x10/0x10 [ 119.836166][ T6316] rtnetlink_net_init+0xb9/0x140 [ 119.836219][ T6316] ? __pfx_rtnetlink_net_init+0x10/0x10 [ 119.836250][ T6316] ? lockdep_init_map_type+0x5c/0x250 [ 119.836289][ T6316] ? __pfx_rtnetlink_rcv+0x10/0x10 [ 119.836318][ T6316] ? __pfx_rtnetlink_bind+0x10/0x10 [ 119.836350][ T6316] ? mutex_init_lockep+0x110/0x150 [ 119.836395][ T6316] ? __pfx_rtnetlink_net_init+0x10/0x10 [ 119.836425][ T6316] ops_init+0x1e2/0x5f0 [ 119.836468][ T6316] setup_net+0x118/0x3a0 [ 119.836508][ T6316] ? __pfx_setup_net+0x10/0x10 [ 119.836543][ T6316] ? lockdep_init_map_type+0x5c/0x250 [ 119.836584][ T6316] ? mutex_init_lockep+0x110/0x150 [ 119.836632][ T6316] copy_net_ns+0x46f/0x7c0 [ 119.836678][ T6316] create_new_namespaces+0x3ea/0xac0 [ 119.836721][ T6316] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 119.836759][ T6316] ksys_unshare+0x473/0xad0 [ 119.836801][ T6316] ? __pfx_ksys_unshare+0x10/0x10 [ 119.836856][ T6316] __x64_sys_unshare+0x31/0x40 [ 119.836892][ T6316] do_syscall_64+0x106/0xf80 [ 119.836925][ T6316] ? clear_bhb_loop+0x40/0x90 [ 119.836961][ T6316] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 119.836992][ T6316] RIP: 0033:0x7fe266b9c799 [ 119.837017][ T6316] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 119.837045][ T6316] RSP: 002b:00007fe267a4e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 119.837077][ T6316] RAX: ffffffffffffffda RBX: 00007fe266e15fa0 RCX: 00007fe266b9c799 [ 119.837098][ T6316] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 119.837117][ T6316] RBP: 00007fe266c32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 119.837137][ T6316] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 119.837156][ T6316] R13: 00007fe266e16038 R14: 00007fe266e15fa0 R15: 00007ffdcac170a8 [ 119.837210][ T6316] [ 120.544183][ T6338] netlink: 25 bytes leftover after parsing attributes in process `syz.2.136'. [ 122.154421][ T6368] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 123.020469][ T6375] netlink: 18 bytes leftover after parsing attributes in process `syz.3.147'. [ 125.189902][ T6405] syz.1.154 (6405) used greatest stack depth: 19672 bytes left [ 125.431877][ T6410] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 125.500765][ T6410] FAULT_INJECTION: forcing a failure. [ 125.500765][ T6410] name failslab, interval 1, probability 0, space 0, times 0 [ 125.527480][ T6410] CPU: 1 UID: 0 PID: 6410 Comm: syz.1.156 Tainted: G U syzkaller #0 PREEMPT(full) [ 125.527532][ T6410] Tainted: [U]=USER [ 125.527542][ T6410] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 125.527559][ T6410] Call Trace: [ 125.527569][ T6410] [ 125.527582][ T6410] dump_stack_lvl+0x100/0x190 [ 125.527634][ T6410] should_fail_ex.cold+0x5/0xa [ 125.527670][ T6410] should_failslab+0xc2/0x120 [ 125.527704][ T6410] __kmalloc_node_noprof+0xe6/0x850 [ 125.527751][ T6410] ? __rb_allocate_pages+0x589/0xf50 [ 125.527803][ T6410] __rb_allocate_pages+0x589/0xf50 [ 125.527868][ T6410] ring_buffer_subbuf_order_set+0x3ef/0x18c0 [ 125.527923][ T6410] ? tracing_stop_tr+0xf6/0x210 [ 125.527971][ T6410] ? __pfx_ring_buffer_subbuf_order_set+0x10/0x10 [ 125.528014][ T6410] ? __pfx___might_resched+0x10/0x10 [ 125.528059][ T6410] ? iovec_from_user+0xda/0x140 [ 125.528096][ T6410] buffer_subbuf_size_write+0x182/0x280 [ 125.528149][ T6410] ? __pfx_buffer_subbuf_size_write+0x10/0x10 [ 125.528203][ T6410] ? iov_iter_advance+0xac/0x6d0 [ 125.528256][ T6410] ? __pfx_buffer_subbuf_size_write+0x10/0x10 [ 125.528303][ T6410] vfs_writev+0x5ea/0xe10 [ 125.528347][ T6410] ? rcu_is_watching+0x12/0xc0 [ 125.528403][ T6410] ? __pfx_vfs_writev+0x10/0x10 [ 125.528444][ T6410] ? fdget_pos+0x2aa/0x380 [ 125.528514][ T6410] ? __fget_files+0x21f/0x3d0 [ 125.528553][ T6410] ? do_writev+0x13e/0x340 [ 125.528597][ T6410] do_writev+0x13e/0x340 [ 125.528643][ T6410] ? __pfx_do_writev+0x10/0x10 [ 125.528700][ T6410] do_syscall_64+0x106/0xf80 [ 125.528734][ T6410] ? clear_bhb_loop+0x40/0x90 [ 125.528773][ T6410] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 125.528803][ T6410] RIP: 0033:0x7f101679c799 [ 125.528829][ T6410] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 125.528864][ T6410] RSP: 002b:00007f10176fa028 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 125.528894][ T6410] RAX: ffffffffffffffda RBX: 00007f1016a15fa0 RCX: 00007f101679c799 [ 125.528912][ T6410] RDX: 000000000000000a RSI: 0000200000000200 RDI: 0000000000000006 [ 125.528930][ T6410] RBP: 00007f1016832bd9 R08: 0000000000000000 R09: 0000000000000000 [ 125.528947][ T6410] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 125.528963][ T6410] R13: 00007f1016a16038 R14: 00007f1016a15fa0 R15: 00007ffc330f3178 [ 125.529006][ T6410] [ 126.111792][ T6412] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 126.431626][ T6420] vivid-007: ================= START STATUS ================= [ 126.494839][ T6420] vivid-007: Enable Output Cropping: true grabbed [ 126.542886][ T6420] vivid-007: Enable Output Composing: true grabbed [ 126.575520][ T6420] vivid-007: Enable Output Scaler: true grabbed [ 126.620068][ T6420] vivid-007: Tx RGB Quantization Range: Automatic grabbed [ 126.704993][ T6420] vivid-007: Transmit Mode: HDMI grabbed [ 126.756114][ T6420] vivid-007: Hotplug Present: 0x00000000 [ 126.795135][ T6420] vivid-007: RxSense Present: 0x00000000 [ 126.811552][ T6420] vivid-007: EDID Present: 0x00000000 [ 126.833016][ T6420] vivid-007: ================== END STATUS ================== [ 127.869219][ T6458] netlink: 28 bytes leftover after parsing attributes in process `syz.0.174'. [ 127.937690][ T6458] bridge_slave_1: left allmulticast mode [ 127.964050][ T6458] bridge_slave_1: left promiscuous mode [ 127.971111][ T6458] bridge0: port 2(bridge_slave_1) entered disabled state [ 128.012179][ T6458] bridge_slave_0: left allmulticast mode [ 128.018297][ T6458] bridge_slave_0: left promiscuous mode [ 128.025427][ T6458] bridge0: port 1(bridge_slave_0) entered disabled state [ 129.536996][ T6479] [ 129.539391][ T6479] ====================================================== [ 129.546435][ T6479] WARNING: possible circular locking dependency detected [ 129.553486][ T6479] syzkaller #0 Tainted: G U [ 129.559499][ T6479] ------------------------------------------------------ [ 129.566556][ T6479] syz.2.182/6479 is trying to acquire lock: [ 129.572447][ T6479] ffff88805c637ae8 ((work_completion)(&new_smc->smc_listen_work)){+.+.}-{0:0}, at: __flush_work+0x4ca/0xcb0 [ 129.584034][ T6479] [ 129.584034][ T6479] but task is already holding lock: [ 129.591396][ T6479] ffff88802ced8ee0 (sk_lock-AF_SMC/1){+.+.}-{0:0}, at: smc_release+0x3a5/0x620 [ 129.600384][ T6479] [ 129.600384][ T6479] which lock already depends on the new lock. [ 129.600384][ T6479] [ 129.610812][ T6479] [ 129.610812][ T6479] the existing dependency chain (in reverse order) is: [ 129.619839][ T6479] [ 129.619839][ T6479] -> #1 (sk_lock-AF_SMC/1){+.+.}-{0:0}: [ 129.627597][ T6479] lock_sock_nested+0x41/0xf0 [ 129.632817][ T6479] smc_listen_out+0x1f5/0x4b0 [ 129.638029][ T6479] smc_listen_work+0x4c2/0x50e0 [ 129.643409][ T6479] process_one_work+0x9d7/0x1920 [ 129.648886][ T6479] worker_thread+0x5da/0xe40 [ 129.654016][ T6479] kthread+0x370/0x450 [ 129.658715][ T6479] ret_from_fork+0x754/0xd80 [ 129.663862][ T6479] ret_from_fork_asm+0x1a/0x30 [ 129.669245][ T6479] [ 129.669245][ T6479] -> #0 ((work_completion)(&new_smc->smc_listen_work)){+.+.}-{0:0}: [ 129.679434][ T6479] __lock_acquire+0x14b8/0x2630 [ 129.684845][ T6479] lock_acquire+0x1cf/0x380 [ 129.689885][ T6479] __flush_work+0x4de/0xcb0 [ 129.694935][ T6479] cancel_work_sync+0xd1/0xf0 [ 129.700142][ T6479] smc_clcsock_release+0x5f/0xe0 [ 129.705696][ T6479] __smc_release+0x5c2/0x880 [ 129.710839][ T6479] smc_close_non_accepted+0xda/0x200 [ 129.716649][ T6479] smc_close_active+0x4ff/0x1070 [ 129.722116][ T6479] __smc_release+0x634/0x880 [ 129.727251][ T6479] smc_release+0x1fc/0x620 [ 129.732209][ T6479] __sock_release+0xb3/0x260 [ 129.737333][ T6479] sock_close+0x1c/0x30 [ 129.742366][ T6479] __fput+0x3ff/0xb40 [ 129.746884][ T6479] task_work_run+0x150/0x240 [ 129.752014][ T6479] exit_to_user_mode_loop+0x100/0x4a0 [ 129.757921][ T6479] do_syscall_64+0x668/0xf80 [ 129.763042][ T6479] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 129.769465][ T6479] [ 129.769465][ T6479] other info that might help us debug this: [ 129.769465][ T6479] [ 129.779697][ T6479] Possible unsafe locking scenario: [ 129.779697][ T6479] [ 129.787151][ T6479] CPU0 CPU1 [ 129.792516][ T6479] ---- ---- [ 129.797888][ T6479] lock(sk_lock-AF_SMC/1); [ 129.802405][ T6479] lock((work_completion)(&new_smc->smc_listen_work)); [ 129.811868][ T6479] lock(sk_lock-AF_SMC/1); [ 129.819106][ T6479] lock((work_completion)(&new_smc->smc_listen_work)); [ 129.826074][ T6479] [ 129.826074][ T6479] *** DEADLOCK *** [ 129.826074][ T6479] [ 129.834240][ T6479] 3 locks held by syz.2.182/6479: [ 129.839280][ T6479] #0: ffff88805e719908 (&sb->s_type->i_mutex_key#14){+.+.}-{4:4}, at: __sock_release+0x86/0x260 [ 129.849945][ T6479] #1: ffff88802ced8ee0 (sk_lock-AF_SMC/1){+.+.}-{0:0}, at: smc_release+0x3a5/0x620 [ 129.859442][ T6479] #2: ffffffff8e7e9220 (rcu_read_lock){....}-{1:3}, at: __flush_work+0xfd/0xcb0 [ 129.868639][ T6479] [ 129.868639][ T6479] stack backtrace: [ 129.874554][ T6479] CPU: 1 UID: 0 PID: 6479 Comm: syz.2.182 Tainted: G U syzkaller #0 PREEMPT(full) [ 129.874594][ T6479] Tainted: [U]=USER [ 129.874601][ T6479] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 129.874614][ T6479] Call Trace: [ 129.874625][ T6479] [ 129.874634][ T6479] dump_stack_lvl+0x100/0x190 [ 129.874672][ T6479] print_circular_bug.cold+0x178/0x1c7 [ 129.874734][ T6479] check_noncircular+0x146/0x160 [ 129.874835][ T6479] __lock_acquire+0x14b8/0x2630 [ 129.874894][ T6479] lock_acquire+0x1cf/0x380 [ 129.874921][ T6479] ? __flush_work+0x4ca/0xcb0 [ 129.874955][ T6479] ? mark_held_locks+0x40/0x70 [ 129.874981][ T6479] ? __flush_work+0x4ca/0xcb0 [ 129.875013][ T6479] __flush_work+0x4de/0xcb0 [ 129.875101][ T6479] ? __flush_work+0x4ca/0xcb0 [ 129.875136][ T6479] ? __pfx___flush_work+0x10/0x10 [ 129.875182][ T6479] ? __pfx_wq_barrier_func+0x10/0x10 [ 129.875210][ T6479] ? __pfx___might_resched+0x10/0x10 [ 129.875245][ T6479] cancel_work_sync+0xd1/0xf0 [ 129.875272][ T6479] smc_clcsock_release+0x5f/0xe0 [ 129.875295][ T6479] __smc_release+0x5c2/0x880 [ 129.875330][ T6479] ? __pfx_sock_def_readable+0x10/0x10 [ 129.875353][ T6479] smc_close_non_accepted+0xda/0x200 [ 129.875375][ T6479] smc_close_active+0x4ff/0x1070 [ 129.875399][ T6479] __smc_release+0x634/0x880 [ 129.875433][ T6479] smc_release+0x1fc/0x620 [ 129.875468][ T6479] __sock_release+0xb3/0x260 [ 129.875494][ T6479] ? __pfx_sock_close+0x10/0x10 [ 129.875520][ T6479] sock_close+0x1c/0x30 [ 129.875545][ T6479] __fput+0x3ff/0xb40 [ 129.875570][ T6479] ? _raw_spin_unlock_irq+0x23/0x50 [ 129.875594][ T6479] task_work_run+0x150/0x240 [ 129.875625][ T6479] ? __pfx_task_work_run+0x10/0x10 [ 129.875659][ T6479] exit_to_user_mode_loop+0x100/0x4a0 [ 129.875688][ T6479] do_syscall_64+0x668/0xf80 [ 129.875713][ T6479] ? clear_bhb_loop+0x40/0x90 [ 129.875739][ T6479] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 129.875762][ T6479] RIP: 0033:0x7fa5dcf9c799 [ 129.875780][ T6479] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 129.875802][ T6479] RSP: 002b:00007fff673ba798 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 129.875835][ T6479] RAX: 0000000000000000 RBX: 00007fa5dd217da0 RCX: 00007fa5dcf9c799 [ 129.875850][ T6479] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 129.875863][ T6479] RBP: 00007fa5dd217da0 R08: 00007fa5dd216038 R09: 0000000000000000 [ 129.875876][ T6479] R10: 00000000005d6ecc R11: 0000000000000246 R12: 000000000001fae3 [ 129.875890][ T6479] R13: 00007fa5dd215fac R14: 000000000001f936 R15: 00007fff673ba8a0 [ 129.875910][ T6479] [ 130.330563][ T6487] netlink: 'syz.1.184': attribute type 27 has an invalid length. [ 130.338360][ T6487] netlink: 146 bytes leftover after parsing attributes in process `syz.1.184'. [ 133.082262][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.088595][ T1299] ieee802154 phy1 wpan1: encryption failed: -22