last executing test programs: 4m26.511880439s ago: executing program 0 (id=4474): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2, 0x1, 0x0) r1 = openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) ioctl$auto_RTC_IRQP_READ(r1, 0x8008700b, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4ea2, @remote}, 0x6a) getsockopt$auto_SO_RCVTIMEO_OLD(r0, 0xffffffff, 0x14, &(0x7f00000003c0)='\x00\x00+\xa2\xc7\x92\x00\x00\x00\x00\x00\x00\x03\x90\xf9\xe8\x11\x80\a :w\xac[\xbb\xac\xe3\xe0\xff8g:\x04\x00\x00\x00\x00\x00\x00\x00=r\x03\x95\x87\xbaM\xd80=\x81\x8ez\xab\xc3^\xb0\x03Ijj\xc4\xf9\xe6\x84P\x15q\xaa\xc8\x03\xba\x8c\xe3\xc3r\xb8\x1b\x98\xe8\xbc\x11.\xd9A\xb3P\xfa\x04\x95\xfc*\v\xb8\xc5\x16Z\xb7\x82\xbc\x96o\xd2G\xf8\x0f`\xa1\x1f\xc6\xd6\xc5\xdcM\x17\x11\xd2\x12\x988\xa3`\xad[UI\xf7\xc7\xcc\x13XH\xc1\x02\x84$\x97;\xebM`\x7f\xe4\x8dbe\xd8\x901\x8e\'\x10\xf6`^\xd28Xk\x03\x8d\b\xbd\xe2d\\\x11w(\xc7D!,6\x01\x00\x9f\x8bxg\xe2\xfc~\x006\x17\x9b9?,\xd8\n\x82r\x12\xa9\xfd@\x90&\xd3l\xa7[\x9bx\xf7\xb9[m\x9a\xee\"\x9e\x81|\xa4\x8f5\xea\t\x02Axu\xe9io`\x81\xb5\x89\x01\xa0\xa8~]\xd8]\x14}\x8c\xacRc\r\xb7.\x7f\xb3\x85\xff\xf5\xb0\x11/\x80{\xab)\x05\xb3HHU\xcb\x00', 0x0) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0x101}, 0x8}, 0x7, 0x20020000) recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd) fadvise64$auto_POSIX_FADV_NORMAL(0xffffffffffffffff, 0x7, 0xd, 0x0) write$auto(0x3, 0x0, 0x7fffffff) syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) sendmsg$auto_IEEE802154_LLSEC_LIST_SECLEVEL(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[], 0x2c}, 0x1, 0x0, 0x0, 0x4000001}, 0x400c1) read$auto(0x3, 0x0, 0x80) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) sendmmsg$auto(0xffffffffffffffff, 0x0, 0x7, 0x20020000) recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd) write$auto(0x3, 0x0, 0x100000000) socket(0x2, 0x1, 0x106) openat$auto_tracing_cpumask_fops_trace(0xffffffffffffff9c, 0x0, 0xa901, 0x0) openat$auto_o2hb_debug_fops_heartbeat(0xffffffffffffff9c, 0x0, 0xa040, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) mmap$auto(0x0, 0xa00006, 0x400002, 0x40eb1, 0x602, 0x300000000000) r2 = socket(0x2, 0x1, 0x106) bind$auto(r2, &(0x7f0000000040)=@in={0x2, 0x3, @multicast2}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/net/tunl0/napi_defer_hard_irqs\x00', 0x28b42, 0x0) mremap$auto(0xfffff000, 0x4, 0x4, 0x7, 0x1001ff000) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D2\x00', 0x1, 0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) 4m25.221364027s ago: executing program 0 (id=4471): mmap$auto(0x0, 0x400008, 0xdf, 0x38, 0xffffffffffffffff, 0x8000) (async, rerun: 64) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000226bd7000fedbdf2503000000080003000402000006000bc002a67b34ce8502ea", @ANYRES32=0x0, @ANYRESHEX, @ANYRES32, @ANYBLOB="0c001a"], 0x68}, 0x1, 0x0, 0x0, 0x4044080}, 0x40090) (async, rerun: 64) sendmsg$auto_OVS_DP_CMD_NEW(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="0f0026bd7000fcdbdf9907"], 0x24}, 0x1, 0x0, 0x0, 0x20000800}, 0x4) (async) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) (async, rerun: 32) r0 = socket(0x10, 0x2, 0x0) (rerun: 32) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) (async) sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x4008) close_range$auto(0x2, 0x8, 0x0) (async) r1 = open(&(0x7f0000001080)='./file0\x00', 0x4003, 0x1) getdents$auto(r1, 0x0, 0x40001a) (async) ioctl$auto_SNDRV_PCM_IOCTL_CHANNEL_INFO2(r1, 0x80184132, &(0x7f0000000000)={0x6, 0x3, 0x5, 0x3}) (async) mmap$auto(0x0, 0x809bc49, 0x0, 0x1a, 0xffffffffffffffff, 0x456a) (async) socketpair$auto(0x1, 0x5, 0x0, 0x0) (async) ioctl$auto_UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, &(0x7f0000000040)={{0x0, 0xf2cf, 0x1ff, 0x4}, "6a034a07c7b82d90b69a39e32576f893fba86c9dd051a0094a3836d61c9100fefbbabea6ef9368c7996e841f3f1561d4992f726b0a6c36b0b2fd1678e816201cf562367fe6596824588a2e3d84ba165f", 0x8}) socket(0x6, 0x80000, 0x1000) (async, rerun: 64) io_uring_setup$auto(0xa, 0x0) (async, rerun: 64) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, r0, 0x8000) (async) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'syz_tun\x00', 0x0}) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) (async, rerun: 32) fanotify_init$auto(0x5, 0x2000000000002) (rerun: 32) socket$nl_generic(0x10, 0x3, 0x10) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) socket(0x23, 0x80805, 0x2) (async, rerun: 64) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) (rerun: 64) bpf$auto(0x0, &(0x7f0000000040)=@bpf_attr_5={@target_ifindex=r3, 0x7f, 0x99, 0x8, 0x1, @relative_id=0x8, 0x5}, 0x92) (async) bpf$auto(0x2, &(0x7f00000001c0)=@raw_tracepoint={0x5, 0xffff, 0x0, 0x3}, 0xc) (async) bpf$auto(0x4, &(0x7f00000001c0)=@raw_tracepoint={0x0, 0xffffffffffffffff, 0x0, 0x401}, 0x5) (async, rerun: 64) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x80000, 0x0) (async, rerun: 64) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) 4m23.619628463s ago: executing program 0 (id=4476): sendmsg$auto_IPVS_CMD_GET_SERVICE(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="80060008", @ANYRES16=0x0, @ANYBLOB="040026bd7000fcdbdf2504000000b1000180f5c53c7461b64f8c60fb90f69a1d13d52d6da3527ec7b5be48e686e7364c12793198cdcb6a78253c3bdd7916ced602b5b19762a916baa53c0411bfbf1477407c42963b5791e719e91567d82c697af89370f6f7872979c6713c9b4265a481e529d40b485bc24dac0ed112ebaf8e0f59b20e48f9cffcaa0bed04dad70c00c2d584eb40a6d01a4f463f88d47ae307e73bfd4123c7765a43faedde7088214666ba0cf2c894acec08005c00", @ANYRES32, @ANYBLOB="0000000800040003000000b0050280ac05da8004009f0005e969299377c515fba1ec068cf4bc524696ccfa31f0636e86e9ead7a57c5dbae9d25916617bca2061dd5109486efe289114244d0c6b80caaf44760684e204b8876de8a0be5b0e17915bb9319b3c9b0ea637785ac9c473387c78951f2e5681ea6de1c41585d4670ddf860bee32d836b7c722958b98d3c6ca547a8d2a99f065c895a7a693ce1c31ee96b46349a872953f95a123cdd6b248acb46bfdee74435ae6960a7f9110d0ea3cea56807ee682aa3818fef4060a827c6c620eab5f613a328e5b19470fa68d3e826521934812845d14a26c47162bcf977874cd87d5daf11c6ddff26a7c90d36a2d49505279443e865f2beec2a52ff4647a39e8a9095099451761676eeef529b758e77058e60eee85cc1a11b8173bdc6390f34fe4b2d2b6aa970a1f910e17f15b76f23cebd2db9a666baa88a0af389db9d878b62228aabdb38027a0099eb28639daf5bd097fcb651bd20c6285ef1132bcd652c10d1a82e509664187f88d18fb34fece5cd402d2d44de461c8e4e245904bd84a5b84536f98bc99656e175bc70d347c1ae0db88bb8f8a83dc6ad41337219bf9a455fd49d08fa9e1510fd2bc9aa21cc0d2f0a7da678b1131e84cbb17f4bae6a4e1275a923da597227894408b42621463854c2413378da3ac87ee8a3e062eb7b848d75e2f8b7829def9cb40535f8692e425829e9ac0897f2bc69101b37560cf143836552c50503f4935b0da024cff0eb4c078717e8333a12d535fa892b66b83fb53d54fc86f2f35ec87270380abe8c87cacf9b19aec7ea950bd374ecefa9c64c1d9e607a6fd71a4192aa1ab0e56d7cf158926d30423efc5d623475976b104306eef14bde160ce0921bb758c1967d648b8783fc7990e3f3850fd0d81297d7b69bbe8b9337a7e308e36b7bade455e0fb1adb59c65ccc16ec14eae89bb24c748d7e4c191e75f6bbf4712f0c40a926f46382c545d8798866b9e5019ca6a9c810eda98396710d530e9767e13ac6140eb5bc7c62aed158d6b745d5f450e1fd95e082c68de1376bd039d5638542e82595b381c4d6cac2006a120b7be7f1d991705a7334750227013dd1b6f163545231183609cba6bb9b53baffb8957472ab6e485c86c71c26bd8d2b8b5c2fc479a6e4f1ff5eee91ce71d624ccc44d758ce3d2f5043603d4933cf8b8b09eb894227b4dea165c9ad122b5f4ce583d1cf08ed47da02bb5108fe332f239e6906273d91354e9f695d18df47fbcbd0e59a2432748dc7f5ca673b085cf19a4fb9d642708e1c991bd8f25cf7d48c0e14e59b39be576916e317e72a64d8c40f8a75eee9efb7276dab0122cda1ca10b2c48692537475b41bc52c1c8bee6278097e8fd1dfd711578397b50ca9f50d6ae3a97eced747f78fa7d137331221af418526280ec2cd5c69e7e793854749b99b314c8e2132a32841ba7af631c0a26af6f1954b0209ce52d933ba21680638f7fcd89eee4c5862f15d17cb6a047ee1c64cf2e1461d01eb88b5f847992cf1bde67e105f5b624aebd2d9757dd6ad37c07b16a9db75ab3ea399219cb5e32785bfe8cd8f150b35b21b44db2a3f707a02e46858b09d24cc077fe2f093da116f11816fb1b2573f975986e624ecba2365b0ed2f0f6afb05d1214b36f539afbe471335b9f7de18f909937abe5c17357f9acb42ff7b8980b8ffc6da6a65c0edb22d715137dce8fe4f4b1230482ed972db6f11e15fac7080cea74ec9008f1cf20de595cab5fb8649b6e0cfed593bd4ff0170f5622888e91338b48592253cedb683e4e9ae867c03f3e776bc4b8981312fbe7846d8301906f194a011f7aebbb100b222861e29027c5c349b1bd338ee5b4294baa16e49cd2dc2146d5f05c431487293312f6cf653b7673ea562100b61140074020b0533a382adb694b6786d2b34ae9a241ae3e181b8c992342a5b3cb02744e92a78a730fbaaab85216af83e555f8adb2ae5bb99a307ac267b133236c7755b4682327c59426a681a3cdef4f53643e1a90d82980b925c3740dd29f08965457c10fb9147044583e704834cbb2e9dfd"], 0x680}, 0x1, 0x0, 0x0, 0x4004080}, 0x0) bind$auto(0xffffffffffffffff, 0x0, 0x66) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) bpf$auto(0x11, &(0x7f0000000000)=@batch={0xfffffffffffffffb, 0x44, 0x2, 0x9, 0x1, 0xffffffffffffffff, 0xa, 0x6}, 0xcf) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000080)={{0x0, 0xfffffffd, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x4000000000007, 0xa505}, 0x800}, 0x4, 0x4008) r0 = socket(0x29, 0x2, 0x0) r1 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200"], 0x1ac}}, 0x40000) keyctl$auto(0x200000000000020, 0xffffffffffffffff, 0x5, 0x5, 0x8) setfsuid$auto(0xee00) r2 = setfsuid$auto(0xee01) keyctl$auto(0xb, 0xffffffffffffffff, r2, 0x4, 0x7a) r3 = clone$auto(0x6fc, 0x4dbb2, 0x0, 0x0, 0x4000c1a) tkill$auto(r3, 0x9) recvmmsg$auto(r1, &(0x7f0000000040)={{0x0, 0x5, 0x0, 0x5, 0x0, 0x200002, 0x13}, 0x803}, 0xfffffff9, 0x10, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r4 = socketcall$auto(0xffe, 0x0) close_range$auto(0x2, 0xa, 0x0) r5 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000000c0), 0xe0300, 0x0) ioctl$auto_KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$auto(0x3, 0xae60, 0x10000000000402) io_uring_setup$auto(0x6, 0x0) ioctl$auto(0x3, 0xc008ae67, r4) ioctl$auto(r0, 0x89f0, 0x24) r6 = socket(0x29, 0x2, 0x0) ioctl$auto(r6, 0x89f3, 0x24) write$auto_bm_entry_operations_binfmt_misc(0xffffffffffffffff, &(0x7f0000000500)="b72202b15a374a58daee3b243a7e0bae10e3a251bf530b0f7d3d97432fabaa1964ca4124758436a74012b4c39224c9308cd167d9bf66d83453de0d374120d3b4c2697202461da20ce5048bbdf2ab6b6d614a076a10dfaee4f406fcfcc53b369234cc4a91c521f74351a4322cb986fa92daf918199aa48b5868d4226c6890f5bde000662c5dcbd13106b879f29eadf442d7a6c9b66650386fbaae4d3e4e44fe5143c1bda89bb099ae5696b2587863e54dd4d941cf09f9b785a3d104341ea4a0fffe109263c05a617687d8f8941cdc273e1231c8d207db65dddc38ba3f8c9a7145b107db5331d0ce7535a4b86406bac9264efd44753bab020633b90779ce0916cebabb1e9b1884ec5853b69b57f22cc95059541d31369561b93e3177f1b8a21594159d3e55ae955b8ded9c54aa0c0d91a97fa15621045c426f1b515e9d2e86a5f3fc146e6540ab441419d35d252ca8ddc94992a53f80b75ac112a79db837bc90d5c2230b710cf37451baf26f7afaf7f02c0a9e2c035fe29218fc39e87263482cefe8a6f4a18348c872396a3172096bf6138c1ea262020d6519b7d28d48517b66bfbceed515f62a98593e8a3d509b7fb9841d8ccc4ec466ebdfe4bc9b58794bbb4ad2b284b531a849a4b1af99d390b29fe698776ceab6d62557d7334b0f13e5dbe7d28000b4d2a33de873f57c89b13518296c16a8e580f6e3bcf11ba3fd30de19b351b538d31067503ba8eda3867000133df97fe2adde19b88da4777a23bc821c765d4d2aa47df24962e1b682030c1a51e3299a735ec2b00d8cb2ba0c94f984eb6581b8c50177f145dc0aab114da4a8401f3250d10cea972c20737e75f593239f94eb4b43ff77cb0f34b04ecbd737436ba1b96574cbc41703f28f52369f25a41154f74cc3a2889689d22ab1fc7b962c78b8c04f80b3085b7d1c5147a17292dc20b87dfe20e97fa41a4b1d428f7ff4bde9c70ac458e6f4a40f8c603a86028bd112ee50681d926fbcaa3d8416e855de74de9544eacb1f59bc00b179d41c0263856f7fe6ffa4cab588072c0f5126e9bd0827b28d9b3667050a12f797c033cbcdaf865bea2abf43961aa43952a4731c60152cee8d928541cdc7ecf40cad21c12a11ff124e8ce2a308409040669c0b9700e4c02fa8261f3180e2cf259b9cf50e9d7d5f02eb04eda42e912542306a1f134ec2aa3a63c52d00ad7af778961124e056ba77fadb51ecea91d6ef80d70fd668225c73f9e8087d7a94d8844e65283f837a4cd7813ef8bb22601fa5f08ee4fd43acb74d90f64d6dc8ffca05a424884e2a023c2075cd2eb5c05f4c7097f0af6dcd1b6fa6694a223ea1a1d9662df2bafac63c8592aceb163564da69f6c97fcfb580fa7bfe1d8d7d6b7d7402d4a6766c884c9d0b63c63c388c4f68212f3a1baa46256d5999fc9d8961a6d81ba1beff9d99786423c7e4a163b02d929d645181d410cf4a8733a4e7b77883aa82fa89f6edfced671b60ffa01147b6e9166b9ea3a581b174caf7988abb7699792e986874b1ab1f7cdbcc92afa8daf2d5bdca431b1826a644b5a6cc1994ea6e9b114d175ed4684ff16876fbef9b993d68feb5a065399795e06af87179beffcb044a6493f7513292ea3fd2d14613adfa6cde3b6604e82b4b9ecb30001bb1567ed36dac57ab9a78f7c7981dcf48bb4fe5b944a6104f35d5f2d3425b53c69e3b9f578b6de41665a500f1ba04", 0x4bf) pwrite64$auto(0xc8, &(0x7f0000000340)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x86\xdds\x1cJ\x99\x00:+\x14\r>\x94\x1a\xd3\xd3\x1d\xf8\xbebZ\xddL\'\x03\xf1`\x9f\x1e\xf9\xa4\xf8\x15\xadCl\x9e\xeb\xcd\vp\x99\x00\xc8\x06\xa5\xdc3\x02l@\x18*\xc0\xc1\xf2\x14^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x0e\xa4\xdf\xdav\x1cC\x8a\xeeq\xf0A\x94\xa3\xaef\x87\xd8\x95I\xfd\xa8\t\xac\x87\xb7\x1d\xd5\x83\xdcyu]\xde\xbe\xbf$<.}\x8b`\x04\xfc\xa2\xab\xb5]\x80\x00\xb9D\xc5\xbc\xf2a\xd66\xa5\xd3\xc1r\x96\x1e\x8db\x05=`\x01\x11\x04Tz\x87A$\x115\x95PUf\xa7\xfe\x19\x00\x82go}@W\xd5\xaej\x01\xbf>5n\x17S\xc0\x8a\xaf%O\xd1W\xa3ua+sUJ\xea\xf9\xb7p-\x128\x9d\xbaM_\xff\x1c\xc3sG\x04\xf2\xd3\xf3{;\xd4\xd7\x1c\x1dZ\xe9\xe9\xc9\x9cu5\xe9\xa2\xb3N\xd2\xc1\xc8\xa5\xadt\xd5BKD\x86\xeb%\a*\x06\xbb\x1e\xfb\x11U\f&\xcbP\xf1\xcf\xccb\xe8Wb\xc5ae\xe3\xf9l\xa9vK\xed\x8cL\xfb%g\x83;\xe1\xe2w\xd6\xaa6\x16\x8fx\x1a\xd7\xc8\xf4[\xbc\b\xe1Z\x92\x14Q\xdef\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\xd7\x9f\xed\x95k8\x83\xcf\xc5D\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xec\xe0#\x98AB\xbc\r\xed\xa5.\xec\xc1\x9a\xad\xb8:a\xd7\xfc\x92\x82\x9d\x04t\x9as\xb5\x18f|^\xa3\x1b\x10mf\x04]\xaaH\x0e\xd9D\x97\x86\x9f\x1a\xf5\xb4\xd0[w/\xcc:%\'\x99\xaa\xbe\xf3\xcb1\x7f.\xc4\x00\x00\x00\x00\x00\x00\xd8G\xfc\xbb&\x96\x18\x84\x1a\xc2\xac\x81\xad9\xbc=)\x84\f_F\x13\x18:\xf4.~\xdb\xa1\xea\xe2\x1d$E\xe9\x91DT0\xbd\xc2$\b\xa2q\xfd\xddc\x98.\xd5\xe8\xbc\x16\xc8VA\xf9&}\xbd\xefDm\x11Cr@9\b)l\xb5\xceo<\f\xfb&\x1c\x935\x8b\"\x00\xcb\xd7m\xeb\xb82\x90\xbad\xda\x8d\xe2\xa0\"\xd9lhQ\x83f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\xd7\x9f\xed\x95k8\x83\xcf\xc5D\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xec\xe0#\x98AB\xbc\r\xed\xa5.\xec\xc1\x9a\xad\xb8:a\xd7\xfc\x92\x82\x9d\x04t\x9as\xb5\x18f|^\xa3\x1b\x10mf\x04]\xaaH\x0e\xd9D\x97\x86\x9f\x1a\xf5\xb4\xd0[w/\xcc:%\'\x99\xaa\xbe\xf3\xcb1\x7f.\xc4\x00\x00\x00\x00\x00\x00\xd8G\xfc\xbb&\x96\x18\x84\x1a\xc2\xac\x81\xad9\xbc=)\x84\f_F\x13\x18:\xf4.~\xdb\xa1\xea\xe2\x1d$E\xe9\x91DT0\xbd\xc2$\b\xa2q\xfd\xddc\x98.\xd5\xe8\xbc\x16\xc8VA\xf9&}\xbd\xefDm\x11Cr@9\b)l\xb5\xceo<\f\xfb&\x1c\x935\x8b\"\x00\xcb\xd7m\xeb\xb82\x90\xbad\xda\x8d\xe2\xa0\"\xd9lhQ\x83\xe7\x9e\xdb\xb5yO\xa3*\xb8\x9fH\xc0K0\x87\xc3N~2\xb1\xc4\xc7y9u\xa6\x89\xa9@\xf1\x92M(\x9e\xf9\x8e\xbf\x86\xfav7t\x14\xde\xd9Wd1G\x97\x13\x84\xff\x99\xdf\xd2\xa2\xf5l\xd6\xcf\x04\f^@r\xe9!\xb1X\xf19$\xf0h\v\r\xd0\xd9\xefm[l\xa4\xc7\x0e+H\xed\xf8\x82Wh%\x1f\x99\xaa\xf2\xb3\xb3Nr\xb0\x9a\xd2\xb67\xca\xdar\xa6\xe07\x061\xb7\xa6\xa9\x1b?>\x03\xad^\xd7\xbb-\'}\xc7\x82\xaa\n\xac\xa3\x15\x82\xc0\x02\x18\x1f\xb1cX\xc9\xcaGf((p<\x17|\x03\x00\x00\x00Qop^Y\xf4\xeccl\xa0$\xe0\'\xf8\x83\x8c\x7fW!p^=\x12\xbf$\xae7\xa2,\xce\xd1\xb0\xbd\x01\xf0z\x97\x0f\x94\xb5\x10&@\xaeF\xb8\x92\xd5\x15E\xf8\\ =SMH6\xd6\xd2\xa2~\x0e\x87\f\x0e\xe2\xd7\xfc\xed9\xaa\x81Qdw\xa0\xe7;D\xfa\xd3+\x93<\xce\xf16%\xc1s\b\xb0\xfe\xcd\xaf\x1a\xed\xf9\xd3HD\x82\xb5d\x9e\x91\xa1\x04\xe0\x86\xd94\x06O2\xc4O\xffm\xc3O\xe89\xbe\x03B\x0f6\xbe\xaf\xaa=[7\xd9\xca\xd2\xa0&\xc4(=%\xda\rM(&\xe4\x12S\nm\xd8\xb4\x8a\x1f\x00', 0x7e) mmap$auto(0x0, 0x400004, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) socket(0x10, 0x2, 0xc) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sysfs$auto(0x2, 0x100000000000039, 0x0) fsconfig$auto(0xffffffffffffffff, 0x1, &(0x7f0000000000)='4\x93\x03\x00\x04\x00\x00', &(0x7f00000001c0), 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fuse\x00', 0x22181, 0x0) close_range$auto(0x2, 0xa, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x103080, 0x0) close_range$auto(0x2, 0x8, 0x0) ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r0 = openat$auto_stat_fops_per_vm_kvm_main(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/kvm/max_mmu_rmap_size\x00', 0xa2500, 0x0) read$auto_stat_fops_per_vm_kvm_main(r0, 0x0, 0x0) 9.8712092s ago: executing program 1 (id=5192): mmap$auto(0x0, 0x2020009, 0x3, 0x9000000eb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) write$auto(r0, &(0x7f0000000040)='//\xf2\x00', 0x80000000) write$auto(r0, 0x0, 0x2) getrlimit$auto(0x3, 0x0) mmap$auto(0x0, 0x5, 0x3, 0x9000000eb1, 0xfffffffffffffffa, 0x8000) capset$auto(&(0x7f0000000200)={0x20080522}, 0x0) r1 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/self/oom_adj\x00', 0x142, 0x0) write$auto(r1, &(0x7f0000000080)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94&\x81\xe2\x13\x8f\xea#\xf8F\xbbOO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\b\xc1\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xcbA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(', 0xa) fdatasync$auto(r0) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) ioctl$auto_BLKZEROOUT(r2, 0x127f, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/035/001\x00', 0x1102, 0x0) write$auto(0xffffffffffffffff, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xc8d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\xc6\x00\x89\te\x8d\a\xfb\\n\x89C:\x84D\x10u\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k', 0x100000a3d9) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x8ea182, 0x0) sendfile$auto(0x3, 0x3, 0x0, 0x400000000006) r3 = openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x1000, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) init_module$auto(0x0, 0xffff9, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x19) lseek$auto(r3, 0x7, 0x319) madvise$auto(0x0, 0x8000000000000000, 0x15) madvise$auto(0x0, 0x2000000080000001, 0x3) close_range$auto(0x2, 0x8, 0x0) r4 = openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$auto_dma_heap_fops_dma_heap(r4, 0xffffffffffdffe00, &(0x7f0000000140)) r5 = openat$auto_lowpan_enable_fops_(0xffffffffffffff9c, &(0x7f0000000000), 0x8a141, 0x0) write$auto_lowpan_enable_fops_(r5, &(0x7f00000000c0)='3', 0x1) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) 7.48787891s ago: executing program 3 (id=5195): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), r0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'wlan0\x00', 0x0}) mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000) socket(0x2, 0x1, 0x0) listen$auto(0x3, 0x81) mmap$auto(0x5, 0x88b, 0xdf, 0x9b72, 0xffffffffffffffff, 0x10008000) io_uring_setup$auto(0x9, 0x0) close_range$auto(0x0, 0x5, 0x0) r3 = pipe$auto(0x0) pipe$auto(0x0) tee$auto(0x2000000000000, 0x3, 0x402, 0xd) write$auto(0x1, 0x0, 0x100) r4 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000040), r3) sendmsg$auto_NL802154_CMD_SET_SEC_PARAMS(r3, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x38, r4, 0x4, 0x70bd26, 0x25dfdbfd, {}, [@NL802154_ATTR_WPAN_PHY={0x8, 0x1, 0x1}, @NL802154_ATTR_MAX_BE={0x5, 0x10, 0x7}, @NL802154_ATTR_IFNAME={0x14, 0x4, 'batadv_slave_0\x00'}]}, 0x38}, 0x1, 0x0, 0x0, 0x40000}, 0x4008010) sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000001f80)=ANY=[@ANYRES8=r1, @ANYRES16=r1, @ANYBLOB="2f212c7000c9edd8fa6574a1a393cf73d5", @ANYRES32=r2], 0x2c}, 0x1, 0x0, 0x0, 0x20000000}, 0x4000000) socket$nl_generic(0x10, 0x3, 0x10) (async) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), r0) (async) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'wlan0\x00'}) (async) mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000) (async) socket(0x2, 0x1, 0x0) (async) listen$auto(0x3, 0x81) (async) mmap$auto(0x5, 0x88b, 0xdf, 0x9b72, 0xffffffffffffffff, 0x10008000) (async) io_uring_setup$auto(0x9, 0x0) (async) close_range$auto(0x0, 0x5, 0x0) (async) pipe$auto(0x0) (async) pipe$auto(0x0) (async) tee$auto(0x2000000000000, 0x3, 0x402, 0xd) (async) write$auto(0x1, 0x0, 0x100) (async) syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000040), r3) (async) sendmsg$auto_NL802154_CMD_SET_SEC_PARAMS(r3, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x38, r4, 0x4, 0x70bd26, 0x25dfdbfd, {}, [@NL802154_ATTR_WPAN_PHY={0x8, 0x1, 0x1}, @NL802154_ATTR_MAX_BE={0x5, 0x10, 0x7}, @NL802154_ATTR_IFNAME={0x14, 0x4, 'batadv_slave_0\x00'}]}, 0x38}, 0x1, 0x0, 0x0, 0x40000}, 0x4008010) (async) sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000001f80)=ANY=[@ANYRES8=r1, @ANYRES16=r1, @ANYBLOB="2f212c7000c9edd8fa6574a1a393cf73d5", @ANYRES32=r2], 0x2c}, 0x1, 0x0, 0x0, 0x20000000}, 0x4000000) (async) 6.887022682s ago: executing program 3 (id=5197): keyctl$auto(0x200000000000020, 0xffffffffffffffff, 0x5, 0x5, 0x7a7) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000240)='/sys/devices/platform/dummy_hcd.0/usb1/power/wakeup_active_count\x00', 0x0, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000001100)=""/4106, 0x100a) shmctl$auto_IPC_SET(0x3, 0x1, &(0x7f0000000240)={{0xff6e, 0x0, 0x0, 0x5, 0x3, 0x8, 0x7}, 0x80, 0x7, 0x5, 0x7, @inferred, @raw, 0xff7f, 0x0, &(0x7f0000000140)="0313d666924c3d63a0289947ec754e2f135933d65fdb0a01ffffff8d80a7da8f3ddb5df3060e0667904a7d534795b08b3d3acd0620e731966c34b030306f44a22d3d856576c2c503000000000000005e13fce22d4ff7526bc97a085620240b3c22c9fcc90a1c467980928c8b3dcb1d0512e97a05caaced014ddca2f3627160876fbad77aea83674c343c409a4a22a6c38d1095dfb14ddcd860eab67e2caf0008d9354fa15c2d8c864c5fc08fbb3939e84ff2f08132b532ccc0474cb1919c13d4ad8927be2767f73327169b5878e530de8f1a149ac153e8358ff8", &(0x7f0000000980)="65241ec2a60793e07a1dd2cfebb43389dea64dfbe3a183d7575002509df0c82e91dced19e65b663cd7e512d768605bd40eff4acd5b83342d9547fc8e39c3ffac77e742749bf48c5d6e097b188aab3eea149d8503c8a89a033c08b19bc8bfefab811b9008653c56024baef07b9a50992718632c18f11e2fcfc647dd9092eaac0c9ff17c3483fc46c9d18b7937b64a2c8c765af7b738eaf17cff6d389da5a1a16664856f96cf8b99cc56375b06a1b69fb6dc8851e01eb100696715b0a54e81ff66844524960827ddfd73a229270bc377277e2219e560a8da0afa501613677173415d19"}) keyctl$auto(0x4, 0xffffffffffffffff, r1, 0xffffffffffffffff, 0x8) r2 = socket(0xa, 0x801, 0x84) mmap$auto(0x0, 0x5, 0x2, 0x40eb2, 0x401, 0x300000000000) sendmsg$auto_IPVS_CMD_GET_DAEMON(r2, &(0x7f0000000c80)={&(0x7f0000000840)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000c40)={&(0x7f0000000cc0)=ANY=[@ANYBLOB="944a1e3d97813541f700", @ANYRES16=0x0, @ANYBLOB="04002cbd7000fedbdf250b000000f40003802900a7006b5bdac27a88355d9999c6808e3d95b33b8fde6a5d8d7bcc63d8d06ea32529961c784825fd00000014004d00fe880000000000000000000000000001af0052809e12d43409c34708a1c68450c6bba12f0065e104c21c2fcd62732946c1e3280c9c91b4916c2c88ba49fa40febc8870200556ff50cd1bbe9d78b9064023f648024598f7c5c3da4b680df0d4df2ca442474a64842492b42eef25178a0f04bba8ba391ab54c6a6f2a5905a07fabad4b1f6dd399d5711ec4ce75e633871b040017800400278004000c80deed75335a9232dfbfef810a9b5168c3dacd023dcb8f9be091b32502f8449e60b5900300940203806753755b2df1667892ed596c997aef4388fc3f4d4286e536e08980b444556ef28660c0ca80859444c89ee263b16c19e8340d4e848e81659d54c5d4e81df61ec8708bc9f55f90f798f6bd8f923f6107dfb7b53aaf2f3f17bcf31d5915196599a663527b3f40ef0a4c22ba03a1c47c7b70f05aa5a13ebdc9f32c4ad1d68fb79143b390196dfebe7df72eb2afcebd8994df79e494f98eafee3a481b5b19fda9a5d96c4049fda22f8e6dc2782e27b0010cc464ca10514b7bd01ff26f2b8f2bed0efe6110776c829ccb7064b40d7448b7c46b03c4cd537a3b1fed6de780bf90888af5f2d3e48d3ef22329f87e853aae876d227a2867e25a58af20e41bcbec302a0a4e4bd57f5a44fdb82078c6091e9e660092a581db08000500ff03000014001700fc020000000000000000000000000001ced3cf12cc1719d9e3a43e45aa72eb2b485c389985ba8eb46f05b58f9848d586141173a2c1fe5ae9c21f14bd9b1a75268df9badd1f2dbb6c18adf9529df3e5db4c0a3e09494baa6dca5da50b987ad84b54569ebdc4791f266eb16d3275ccfe8aec0809bfa578229a4c7fefda8888a2b7f3a0196bfcd16dc334e46d13454ae64d79c5069a4ec06916b73206da94faffd3413d1bafcae730f48846c2a237dcdbf512c989fb357439a2b951f0e9ea8d2a749d8030adabc6bdfe6a9c4a09246ea0b8a02beffe4a7f1208f3e91bc6c268c4515aaf984aa554a46e7975ec405e58b4ae8fbd90fd5f45a95521aeed98b251a144fd8a6d7fa65d298fce5f01891a4e1cf9ea899d3e9942d69da7d67e40d7375ed71ab72c9ab581aefaea0a33d93fa1a48a2900fe4c7b0edc9f2f7edbd1d2c56254f987f7dee46977646a2c8ea0d6e757793f7164f5594f7b5e666c8628f22ad099c06fe6a06f41b37a9b2960eb64144ab62f0800040009000000"], 0x3a4}, 0x1, 0x0, 0x0, 0x20000000}, 0x408c5) connect$auto(0x3, &(0x7f0000000140)=@in={0x2, 0x7, @local}, 0x55) capget$auto(0x0, 0xfffffffffffffffe) open(&(0x7f0000000040)='./file0\x00', 0x881c0, 0x0) mount$auto(&(0x7f0000000000)='netdevsim0\x00', &(0x7f0000000080)='./file0\x00', &(0x7f0000000880)='nfs\x00\x96\x11\x1cW=\xef\x98\x97;!SC\xa0_q\xa7\xed\xcc\x1e:}\xf7\xf9\x9ea\xd01\x17\x8e\xaf\xed\x85b\xbe\xb3\x1f\xf0y\xdf\xecY\xab\xa4\xd8\xfcY!\x9d\xf2V\xdc%\xec\x98\x97\xbc\xf1f\x13~\xd2\xef$\xe2\xdchz\x8b\x10\xd4(\xf2\x06\xd1\x0f=w\x83$.\xd1\x8di\n\xe2\xa1\xfbG\xfa{\xa2$\xa6\t\xc2:\x91\xb5\x96/\xab\xef\xbc\xd7\x01\xf3\x9d\xe36\xfc\xc4&\x01\x11a\x000p\xd8\xa8\xec\xd9\x7f! \xf0u\xa5\xc7\xda\x7f\xff\x0e\xb5\xdd\xbc\xed\xb0R\xb9s\xd7Uc@?/\xcd\xb4\x86_\x19\xea\x15&\x13\xf5N\xae\xf9\xd2\xe5oC3\xa6~\x96\xff\xa8\xb3\x90\xcfL\xcd=\x1eR\xde_\xb5\xaaC<\f\x16\xa4&\aC\xce\xe8W\xce,\xab\xdc\xbdg\x8d\xbf\x04\x98\xe9\xdf\xc0\xcd\xd64i\x94\xbc_\xac\xf7\x91', 0x1, 0x0) setsockopt$auto(0x3, 0x10000000084, 0x1e, 0x0, 0x8) r3 = socket$nl_generic(0x10, 0x3, 0x10) getpriority$auto_PRIO_USER(0x2, 0x0) r4 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_ADD_LINK(r3, &(0x7f0000000800)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0xb90e9a6a7cb7d163}, 0xc, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="020026bd7000fddbdf259400000064057f00a6d31c3a6cf69d382d063646f3db7954888a9a4890aa8c72cdda867a57af285cf1db5977c5b0f063a392811a1522556a12a676d2b0cf84d1ffde8359933778ed643a650d234f03ccc85d589c0b6752b62c2ce6b1e463fa0552071212465ebb5035587887ec9284facb2a8c454f222427b6eba044344089bca143d51106028d68497273f3698f331ab8dbc27bd0efc26542320e04cb9f3fed9d1a4a4289ca7036135f9efe851f1b1b3b7153c8e1f13e9ada9cd0ada9f4ac6c476922431bfc7bf69ced5e4383c1c891b963b670cb70efce7433601811b78a7b249cadae92055f7daa07cb8f2b050f25d32748036d37931dcd22f0800cd0d1430074341f4e422718f416ae58dd6fc511dac8a6f44ff23452ceb6b4048e05195c0f1db2eea0d0b66e53a33bab37e50f3bf9e5b9abe7ae292734de1509c145079a8cce2210d0a69c7136bcc07e34686796d1121d27400b4dc9ef9a90bf56f0b8630c2b491f991f69fa05be9fcc34f82e422c6aaadda0b559ef266d21e7dc756b9f452ae05fd6616c726e6d063793001f81432c20feed58a428ebd291f3d190276cc4f604574d3a5737366a99f90c68173d3f935388a19becd0cc8cfa1a9b63cbedfa92a7637b6495d7ad4ea1a885d5dc389ebb537a91eddee05d737add5f443e7af041cecb53c3cfb32c702f70e7d9ea0e6cf44b6112dda49b9d059b42fdb6eca005d7f8863e21d8d48958c91ea1ddb7226a8a3b83cd29aa048600fa773fed60d168b88aee33d13aeae3ce0020d10dcbe19ea814bc4a955266007b4a803a76410ca53df62a1c32316efa84aee5d72212b9459997409354edcb0f994b5cff8ff20bcfa565ff9cc3adf39d0bd4fdb6f429e66a42713cfa1274f2849f063077c16afc1cb2e5028dc9114bcb80e5e698cdd80e32c744f5822ccc7f18e440b70617d11e60c685b3356546096250dfb542d55cefc91d9310bf9ff084631d1b7d5c066e694451a69ae65deb21294513e6ac205e961787d8f6859f8c4cc34e92d5e80e927d7c74cd597c1f552753d066e46c925ff656b2bc9ebb152812e63b74fa1026c68729b637d42c8213b7fa3c04206218d12811589fd9777dbcb270590573134e49fe8c8ccd5780481f47f1e5437e39077e1a341f28565f23a0af1e43e711d85c89f07e4b56a7c2a912fd6ecb0a75854a9c1534ee406462af4ffe91ea05bab5a865122e7ab9e583bb6de1e1bef228ccc4a0ccd47599b4f2d0157caa52106302cf5038031c30120cb081c895c04b3e1586fc63e1d55ecdb1b6f04629e089a72ba06764dc54d7159b1f9d023cd96274206eaea2317deec6bf832f35a4f21036a5fb38681a123c2c2f289af54303e950758b489ad4ef2f474f404d128f4a2cf05b18bfa3c0f8e7ae58f112fab9ca8525d60890d5aa9c72bab2214741f9e4c3377493fe23ed5a0a09d8134c5f7d803480632764051b7d3ed8701853e044f4569f842d05ccbab8bc1b3e0d55690111018a48ef87e7badf065f445e297dba6bc2a2c278826f5b02ea7b192fd7cd1f4eb4ceeac26bf6e5c9ad68846645b003090e072b72eaa1ec2c747f863a84d9575b09a7976dcbcf9c69fe860f2dc0f3e1dc3531152c9508855e64cd862dbbf94baa72e271ceb1eee018d97aa75f178144df4086b55692a2a1d8007affe225ebcbd7c660c93e59acfd74956b6a89eaad9b8735620313797e47967d8a8a6c77cc4178f0c62acfe1a2aa8c4f373fa41a1e954a336011e087654dbaf2bc10618b18927430c5bd3327f16a05ed6adb24712bdff9828c3da726f09b3050a720f82ba991d99a060cd083c841806acaa9c998b07c99fe9187d191a856c11725365c397c2558db03c0e2c41d5492af41bbca5918b793e7ea99db6d035c8739837e9a867c4d20502e35216ed82217a1a6914141bd089349c4f5b14a94ac1c9ed9eb981e3f04003c000600d4000000000004008e000600f7000f070000"], 0x590}, 0x1, 0x0, 0x0, 0x4}, 0x40080) sendmsg$auto_NL80211_CMD_GET_MESH_CONFIG(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f0000000600)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000640)={&(0x7f0000002280)=ANY=[@ANYBLOB="80a918a3200000005e00000000000000008c00", @ANYRES16=r4], 0x1180}, 0x1, 0x0, 0x0, 0x8000}, 0x40000810) mmap$auto(0x0, 0x40009, 0x36, 0x9b72, 0x7, 0x28000) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_WRITE(0xffffffffffffffff, 0xc4c85513, &(0x7f0000000100)={{@raw=0x2, 0x85, 0xf67, 0x1, "669cbbd9e9756f22fdffa199e0f106000000000000000b2f4ab8633824f2d2252ca5f200", @raw=0x101}, 0x0, @integer=@value=[0x6, 0x0, 0x5, 0x80, 0xfffffffffffffffe, 0x8b0, 0x4, 0x8000000000000001, 0x100000000000004, 0x2090, 0xf7a, 0x6, 0x3, 0x1, 0x0, 0x7fffffffffffffff, 0x9, 0x3, 0x6, 0x7fffffffffffffff, 0xfffffffffffffffe, 0x6, 0x2, 0x8, 0x10, 0xfffffffffffffffe, 0x3, 0x7, 0x6d, 0x3, 0xfffffffffffffff7, 0x10000, 0x5, 0x6, 0x3ff, 0x5, 0x6, 0x7, 0x200000000a78, 0x100000000000000, 0x100000004, 0x1, 0x0, 0x29, 0x81, 0x50, 0x5, 0x6, 0x8, 0x2afb, 0x803, 0x80, 0x4, 0x7ff, 0x4572, 0x9, 0xce13, 0x0, 0x4, 0x6, 0xd, 0x0, 0xfff, 0xc, 0xfffffffffffffffb, 0x6, 0xff, 0x10001, 0x0, 0x9, 0x9, 0x3, 0xd3ad, 0x9, 0x5, 0x7, 0x100000001, 0xffffffffffffffdc, 0x5, 0x1, 0x1000, 0x100000001, 0x100, 0x80000001, 0x8, 0x7, 0x4, 0x8, 0x800000000010, 0xff, 0x6, 0xff8000000, 0x2a4c32e3, 0x800, 0x18, 0x200000000000007, 0x4, 0x57, 0x1, 0x6, 0x7fffffffffffffff, 0x119af68c, 0x3, 0x4, 0x7, 0x6, 0x0, 0x8000000000000001, 0x5, 0x8, 0xc8d, 0x7, 0x7, 0x2, 0x9, 0xfffffffffffffff8, 0x4, 0xc, 0x6, 0xa, 0x10001, 0x4bb2, 0x2, 0x400, 0x401, 0x1d, 0x7], "282f77b07e718e11749a346177741dc299a28a585e87e0d908e2c8e50de501951d8fcdc4f791a11996aad5af504c0d9927e62ef70b23a13735a4fe805c1ce1b6b1d83d21bb42794ec925b4547a3d52d4b5210392111e181719fef9d685b6534b171d76ad633f94a608b818600a6c8500"}) r5 = epoll_create$auto(0x4) r6 = socket(0x2, 0x5, 0x0) epoll_ctl$auto(r5, 0x1, r6, 0x0) r7 = epoll_create$auto(0x3e) epoll_ctl$auto(r7, 0x1, r5, 0x0) shutdown$auto(0x200000003, 0x2) keyctl$auto_KEY_REQKEY_DEFL_NO_CHANGE(0x4, 0xffffffffffffffff, 0x0, 0x0, 0xf0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000100)='/proc/self/net/rpc/use-gss-proxy\x00', 0x0, 0x0) acct$auto(&(0x7f00000000c0)='/proc/net/rpc/use-gss-\x06roxy\x00') 6.649007185s ago: executing program 4 (id=5198): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) sysfs$auto(0xffffff70, 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mlock$auto(0xfff, 0xde7f) mmap$auto(0x0, 0x20009, 0x10000000000df, 0xeb2, 0x8000000401, 0x8000) io_uring_setup$auto(0x1, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) getsockopt$auto(0xffffffffffffffff, 0x0, 0x32, 0x0, 0x0) futex$auto(0x0, 0x6, 0x8, 0x0, 0x0, 0x80000001) close_range$auto(0x2, 0x8, 0x0) openat$auto_btrfs_ctl_fops_super(0xffffffffffffff9c, &(0x7f0000000040), 0x101100, 0x0) sendmmsg$auto(0xffffffffffffffff, 0x0, 0x1ff, 0x20000000) mmap$auto(0x0, 0x2020009, 0x6, 0xeb1, 0xfffffffffffffffa, 0x8000) write$auto(0x3, 0x0, 0x100082) rseq$auto(0x0, 0x8000, 0x0, 0x6) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/i8042/serio0/scroll\x00', 0x2062, 0x0) write$auto(r0, &(0x7f00000001c0)='1\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, r0, 0x8000) io_uring_setup$auto(0x6, 0x0) close_range$auto(0x2, 0xa, 0x0) r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x40e00, 0x0) pread64$auto(r1, 0x0, 0x3, 0x5ef6) syz_genetlink_get_family_id$auto_smbd_genl(&(0x7f0000000080), 0xffffffffffffffff) msync$auto(0x1ffff000, 0x180000000000101, 0x400000004) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x14f602, 0x0) r2 = socket(0x10, 0x2, 0x0) r3 = syz_genetlink_get_family_id$auto_netdev(0x0, 0xffffffffffffffff) sendmsg$auto_NETDEV_CMD_QUEUE_GET(r2, &(0x7f0000001640)={0x0, 0x0, &(0x7f0000001600)={&(0x7f0000000200)=ANY=[@ANYBLOB="14000000fc8c4be01b21ab7c36c0ec3d463a5862956e4920af98ac72a83942f52f05c7280ff7472b236a28f8ead5c2393f9eeaf2b9bf22fe6f94774e8b38f1311bc8e2fc78051b525eb4b7a3f5f5d032e1482f", @ANYRES16=r3, @ANYBLOB="010026bd7000fdcb22ba0a00000003be703fb6d646453472f6885306e90b7fc4c84bb21fd249c908d9c79295d8eb72aa16770177fe17e491eb82d416767ee4f53225f8142060c03b12eff79f792ab75cd33f0fb7336a923a005b0ddaf840aaede6b141902dd1e8c8"], 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x810) 6.374853092s ago: executing program 2 (id=5199): mmap$auto(0x2, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) sysfs$auto(0xffffff70, 0x1, 0x7fffffff) r0 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mlock$auto(0xfff, 0xde7f) mmap$auto(0x0, 0x20009, 0x10000000000df, 0xeb2, 0x8000000401, 0x8000) io_uring_setup$auto(0x1, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) r1 = getsockopt$auto(0xffffffffffffffff, 0x0, 0x32, 0x0, 0x0) futex$auto(0x0, 0x6, 0x8, 0x0, 0x0, 0x80000001) close_range$auto(0x2, 0x8, 0x78) openat$auto_btrfs_ctl_fops_super(0xffffffffffffff9c, &(0x7f0000000040), 0x101100, 0x0) sendmmsg$auto(0xffffffffffffffff, 0x0, 0x1ff, 0x20000000) mmap$auto(0x80, 0x202000d, 0x6, 0xeb1, r0, 0x1) write$auto(0x3, 0x0, 0x100082) rseq$auto(0x0, 0x8000, 0x0, 0x6) r2 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) recvmmsg$auto(r0, &(0x7f0000000300)={{0x0, 0x5, &(0x7f0000000100)={0x0, 0x6}, 0xc, &(0x7f00000001c0), 0x40000000, 0xa}, 0x5a57}, 0xd, 0x3, 0x0) syz_genetlink_get_family_id$auto_macsec(0x0, r2) close_range$auto(0x2, 0x8, 0x0) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/tty/ttyb3/dev\x00', 0x2062, 0x0) write$auto(r3, &(0x7f00000001c0)='1\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) mmap$auto(0x0, 0x2020009, 0x9, 0xeb0, r1, 0xb) r4 = io_uring_setup$auto(0x6, 0x0) close_range$auto(0x2, 0xa, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x40e00, 0x0) pread64$auto(r4, 0x0, 0x2, 0x200000344) syz_genetlink_get_family_id$auto_smbd_genl(&(0x7f0000000080), 0xffffffffffffffff) 6.257851256s ago: executing program 3 (id=5200): sendmsg$auto_NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xc000}, 0x2404c800) mmap$auto(0x0, 0x1, 0x37eb, 0x40eb2, 0x4, 0x300000000000) write$auto(0xca, &(0x7f0000000080)='\x04 \xa1M\x11=.!\xd3\'\x8a\x00\x00\x00\x00\x00\xbd\x90q\xd0\xff\xea\xe9\x04B\x1c\x9a\x02y(\x83\xdf-g\xd7.\x83\xb2\xe4x\xdb\xfb\x18#&\x83\x17\x18\x05\x12|\x83$\xd0\x9a?\xf2W\xdd\xd3Z*\xa5\x81V\x98+q\xef(]\x81\x1c\x98B]\x9c\xd7\x05\x11\xcc\x1d\xc5\t\xe1A\fA\x8b\xd8\x8b\xb5\xa0\x9c\xab\xb6:\x18\xeaz\xc2!x0\f\xaa\xbd\xbeGh\x0f\v2\x83\x12>\xe7\x9e\xdb\xb5yO\xa3*\xb8\x9fH\xc0K0\x87\xc3N~2\xb1\xc4\xc7y9u\xa6\x89\xa9@\xf1\x92M(\x9e\xf9\x8e\xbf\x86\xfav7t\x14\xde\xd9Wd1G\x97\x13\x84\xff\x99\xdf\xd2\xa2\xf5l\xd6\xcf\x04\f^@r\xe9!\xb1X\xf19$\xf0h\v\r\xd0\xd9\xefm[l\xa4\xc7\x0e+H\xed\xf8\x82Wh%\x1f\x99\xaa\xf2\xb3\xb3Nr\xb0\x9a\xd2\xb67\xca\xdar\xa6\xe07\x061\xb7\xa6\xa9\x1b?>\x03\xad^\xd7\xbb-\'}\xc7\x82\xaa\n\xac\xa3\x15\x82\xc0\x02\x18\x1f\xb1cX\xc9\xcaGf((p<\x17|\x03\x00\x00\x00Qop^Y\xf4\xeccl\xa0$\xe0\'\xf8\x83\x8c\x7fW!p^=\x12\xbf$\xae7\xa2,\xce\xd1\xb0\xbd\x01\xf0z\x97\x0f\x94\xb5\x10&@\xaeF\xb8\x92\xd5\x15E\xf8\\ =SMH6\xd6\xd2\xa2~\x0e\x87\f\x0e\xe2\xd7\xfc\xed9\xaa\x81Qdw\xa0\xe7;D\xfa\xd3+\x93<\xce\xf16%\xc1s\b\xb0\xfe\xcd\xaf\x1a\xed\xf9\xd3HD\x82\xb5d\x9e\x91\xa1\x04\xe0\x86\xd94\x06O2\xc4O\xffm\xc3O\xe89\xbe\x03B\x0f6\xbe\xaf\xaa=[7\xd9\xca\xd2\xa0&\xc4(=%\xda\rM(&\xe4\x12S\nm\xd8\xb4\x8a\x1f\x00', 0x7e) mmap$auto(0x0, 0x400004, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) socket(0x10, 0x2, 0xc) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sysfs$auto(0x2, 0x100000000000039, 0x0) fsconfig$auto(0xffffffffffffffff, 0x1, &(0x7f0000000000)='4\x93\x03\x00\x04\x00\x00', &(0x7f00000001c0), 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fuse\x00', 0x22181, 0x0) close_range$auto(0x2, 0xa, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x103080, 0x0) close_range$auto(0x2, 0x8, 0x0) ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r0 = openat$auto_stat_fops_per_vm_kvm_main(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/kvm/max_mmu_rmap_size\x00', 0xa2500, 0x0) read$auto_stat_fops_per_vm_kvm_main(r0, 0x0, 0x0) 5.703315806s ago: executing program 2 (id=5201): r0 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x100) socket(0x10, 0x2, 0x0) r1 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000380), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_LINKINFO_GET(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000300)={0x14, r1, 0xf25, 0x70bd26, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x8000}, 0x4044054) (fail_nth: 2) 5.542393685s ago: executing program 3 (id=5202): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r0 = openat$auto_proc_gid_map_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/gid_map\x00', 0x240000, 0x0) getsockopt$auto_SO_LOCK_FILTER(r0, 0xffffffff, 0x2c, &(0x7f0000000040)='\'*(}\x00', &(0x7f0000000080)=0x8000) r1 = socket(0xa, 0x3, 0x3b) getsockopt$auto(r1, 0x29, 0x16, 0x0, 0x0) 5.48573954s ago: executing program 4 (id=5203): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = io_uring_setup$auto(0x6, 0x0) close_range$auto(0x2, 0x8, 0x0) keyctl$auto(0x2000000000000017, 0x8000, 0x0, 0x0, 0x20803) mmap$auto(0xfffffffffffffff8, 0x0, 0x4000100000003, 0xeb1, r0, 0x8000) sendmsg$auto_KSMBD_EVENT_SPNEGO_AUTHEN_REQUEST(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)={0x14, 0x0, 0x1, 0x70bd25, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/net/dummy0/tx_queue_len\x00', 0x8522, 0x0) write$auto(r1, &(0x7f0000000000)='9\x00d\t\x00\x00\x00\x00\x00\x00\x00(\xc1\xf8\xff\xff\v\xb5^\xa1/[', 0x4) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) r2 = open(0x0, 0x261c2, 0x84) close_range$auto(0x2, 0x8, 0x0) r3 = socket(0xa, 0x2, 0x88) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) bpf$auto(0x0, &(0x7f0000000280)=@bpf_attr_5={@target_ifindex=r5, r4, 0x8, 0x1, 0xffffffffffffffff, @relative_fd, 0xe600}, 0xf) r6 = getpid() process_vm_readv$auto(r6, &(0x7f0000000000)={0x0, 0xfff}, 0x1, &(0x7f0000000280)={&(0x7f0000000140)="79253887b06dcf446eb74060fca965d03245a1b87a39c14be5267e20ac8afbca6134ce5c824c", 0xffffffff}, 0x4, 0x0) bpf$auto(0x2, &(0x7f0000000340)=@raw_tracepoint={0x5, r2, 0x0, 0x2}, 0xc) 4.493356941s ago: executing program 1 (id=5204): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/zram0\x00', 0x6e642, 0x0) write$auto(r0, &(0x7f0000000400)='odev/audio1\x00', 0x100000a3d9) 4.407216633s ago: executing program 2 (id=5205): r0 = openat$auto_debugfs_full_proxy_file_operations_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/ieee80211/phy0/reset\x00', 0x2481, 0x0) r1 = open(&(0x7f0000000100)='.\x00', 0x591083, 0x408) mmap$auto(0x0, 0xfb, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) getcwd$auto(0x0, 0xffffffffffffffff) r2 = openat$auto_proc_tid_children_operations_internal(0xffffffffffffff9c, &(0x7f0000000040), 0x2400, 0x0) syz_genetlink_get_family_id$auto_ovs_ct_limit(&(0x7f00000000c0), r1) sendmsg$auto_OVS_CT_LIMIT_CMD_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2000c040}, 0x4) mmap$auto(0x0, 0x5, 0x4000000000df, 0xeb1, r0, 0x8a9f) socket(0x29, 0xa, 0x88) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) r3 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r3, &(0x7f0000000240)={0x0, 0x7}, 0x2) r4 = openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000140), 0x2002, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) move_pages$auto(0x1, 0x2000000000003, 0x0, 0x0, 0x0, 0x8000400000000000) ioctl$auto(0x3, 0x400454ca, 0x38) ioctl$auto_TUNSETVNETLE2(r4, 0x400454dc, &(0x7f0000000040)=0x2) write$auto(0x3, 0x0, 0xfdf3) r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/class/zram-control/hot_add\x00', 0x20800, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r1, &(0x7f0000001ec0)=""/4104, 0x1008) getsockopt$auto_SO_BUF_LOCK(r2, 0x4, 0x48, &(0x7f0000000180)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x96)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', &(0x7f0000000080)=0x2) unshare$auto(0x40000080) socket(0x23, 0x800, 0xfffff000) r6 = openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000040), 0x40800, 0x0) ioctl$auto_TUNGETVNETBE(r6, 0x800454df, &(0x7f0000000100)=0x4) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, r5, 0x8000) r7 = socket(0x2, 0x1, 0x0) setsockopt$auto(r7, 0x6, 0x1f, 0x0, 0x3a) sendmsg$auto_NETDEV_CMD_BIND_RX(r7, 0x0, 0x24008000) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) 3.79246105s ago: executing program 1 (id=5206): socket(0x2, 0x801, 0x106) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0xffff, @remote}, 0x6d) listen$auto(0x3, 0x81) mmap$auto(0x0, 0x2020209, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) r0 = socket(0x2b, 0x1, 0x0) unshare$auto(0x40000080) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) listen$auto(0x3, 0x81) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) keyctl$auto(0x1f, 0x1, 0x6, 0x3, 0x3ff) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) sendmsg$auto_ETHTOOL_MSG_FEATURES_SET(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000980)=ANY=[@ANYBLOB='T\x00\x00', @ANYRES16, @ANYBLOB="010031bd7000fddbdf250c000000"], 0x14}}, 0x24048084) madvise$auto(0x0, 0x200007, 0x19) openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000300)='/proc/thread-self/pagemap\x00', 0x103003, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x101001, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000001c0), 0x101000, 0x0) r2 = openat$auto_zero_fops_mem(0xffffffffffffff9c, &(0x7f0000000340), 0x80200, 0x0) pread64$auto(r2, &(0x7f0000000240)='\x03W\x96l\x15\x00'/21, 0x100000002, 0x100000001) madvise$auto(0x0, 0xffffffffffff0001, 0x15) r3 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda1\x00', 0xe6e43, 0x0) ioctl$auto_BLKFLSBUF(r3, 0x1261, 0x0) prctl$auto(0x1, 0x8, 0x0, 0x3a, 0x1) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x4, 0x0, 0x2, 0x4}, 0x8}, 0x5, 0x24000000) 3.786266095s ago: executing program 4 (id=5214): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/net/dummy0/tx_queue_len\x00', 0x8522, 0x0) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) r0 = open(0x0, 0x261c2, 0x84) close_range$auto(0x2, 0x8, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket(0xa, 0x2, 0x88) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) bpf$auto(0x0, &(0x7f0000000280)=@bpf_attr_5={@target_ifindex=r4, r3, 0x8, 0x1, 0xffffffffffffffff, @relative_fd=r1, 0xe600}, 0xf) bpf$auto(0x2, &(0x7f0000000340)=@raw_tracepoint={0x5, r0, 0x0, 0x2}, 0xc) 3.493669444s ago: executing program 4 (id=5207): mmap$auto(0x10001, 0x9, 0xdd, 0x80000000000eb1, 0x1272, 0x14000000) writev$auto(0xffffffffffffffff, 0x0, 0x3) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x147) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000140)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) execve$auto(0x0, 0x0, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x16240, 0x0) execve$auto(0x0, 0x0, 0x0) move_pages$auto(0x0, 0x5, 0x0, &(0x7f00000003c0)=0x1, 0x0, 0x2) r1 = openat$auto_proc_pid_numa_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/numa_maps\x00', 0x20000, 0x0) read$auto_proc_sessionid_operations_base(r1, &(0x7f0000001300)=""/4073, 0xfe9) (fail_nth: 1) 3.059990849s ago: executing program 3 (id=5208): keyctl$auto(0x200000000000020, 0xffffffffffffffff, 0x5, 0x5, 0x7a7) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000240)='/sys/devices/platform/dummy_hcd.0/usb1/power/wakeup_active_count\x00', 0x0, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000001100)=""/4106, 0x100a) shmctl$auto_IPC_SET(0x3, 0x1, &(0x7f0000000240)={{0xff6e, 0x0, 0x0, 0x5, 0x3, 0x8, 0x7}, 0x80, 0x7, 0x5, 0x7, @inferred, @raw, 0xff7f, 0x0, &(0x7f0000000140)="0313d666924c3d63a0289947ec754e2f135933d65fdb0a01ffffff8d80a7da8f3ddb5df3060e0667904a7d534795b08b3d3acd0620e731966c34b030306f44a22d3d856576c2c503000000000000005e13fce22d4ff7526bc97a085620240b3c22c9fcc90a1c467980928c8b3dcb1d0512e97a05caaced014ddca2f3627160876fbad77aea83674c343c409a4a22a6c38d1095dfb14ddcd860eab67e2caf0008d9354fa15c2d8c864c5fc08fbb3939e84ff2f08132b532ccc0474cb1919c13d4ad8927be2767f73327169b5878e530de8f1a149ac153e8358ff8", &(0x7f0000000980)="65241ec2a60793e07a1dd2cfebb43389dea64dfbe3a183d7575002509df0c82e91dced19e65b663cd7e512d768605bd40eff4acd5b83342d9547fc8e39c3ffac77e742749bf48c5d6e097b188aab3eea149d8503c8a89a033c08b19bc8bfefab811b9008653c56024baef07b9a50992718632c18f11e2fcfc647dd9092eaac0c9ff17c3483fc46c9d18b7937b64a2c8c765af7b738eaf17cff6d389da5a1a16664856f96cf8b99cc56375b06a1b69fb6dc8851e01eb100696715b0a54e81ff66844524960827ddfd73a229270bc377277e2219e560a8da0afa501613677173415d19"}) keyctl$auto(0x4, 0xffffffffffffffff, r1, 0xffffffffffffffff, 0x8) r2 = socket(0xa, 0x801, 0x84) mmap$auto(0x0, 0x5, 0x2, 0x40eb2, 0x401, 0x300000000000) sendmsg$auto_IPVS_CMD_GET_DAEMON(r2, &(0x7f0000000c80)={&(0x7f0000000840)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000c40)={&(0x7f0000000cc0)=ANY=[@ANYBLOB="944a1e3d97813541f700", @ANYRES16=0x0, @ANYBLOB="04002cbd7000fedbdf250b000000f40003802900a7006b5bdac27a88355d9999c6808e3d95b33b8fde6a5d8d7bcc63d8d06ea32529961c784825fd00000014004d00fe880000000000000000000000000001af0052809e12d43409c34708a1c68450c6bba12f0065e104c21c2fcd62732946c1e3280c9c91b4916c2c88ba49fa40febc8870200556ff50cd1bbe9d78b9064023f648024598f7c5c3da4b680df0d4df2ca442474a64842492b42eef25178a0f04bba8ba391ab54c6a6f2a5905a07fabad4b1f6dd399d5711ec4ce75e633871b040017800400278004000c80deed75335a9232dfbfef810a9b5168c3dacd023dcb8f9be091b32502f8449e60b5900300940203806753755b2df1667892ed596c997aef4388fc3f4d4286e536e08980b444556ef28660c0ca80859444c89ee263b16c19e8340d4e848e81659d54c5d4e81df61ec8708bc9f55f90f798f6bd8f923f6107dfb7b53aaf2f3f17bcf31d5915196599a663527b3f40ef0a4c22ba03a1c47c7b70f05aa5a13ebdc9f32c4ad1d68fb79143b390196dfebe7df72eb2afcebd8994df79e494f98eafee3a481b5b19fda9a5d96c4049fda22f8e6dc2782e27b0010cc464ca10514b7bd01ff26f2b8f2bed0efe6110776c829ccb7064b40d7448b7c46b03c4cd537a3b1fed6de780bf90888af5f2d3e48d3ef22329f87e853aae876d227a2867e25a58af20e41bcbec302a0a4e4bd57f5a44fdb82078c6091e9e660092a581db08000500ff03000014001700fc020000000000000000000000000001ced3cf12cc1719d9e3a43e45aa72eb2b485c389985ba8eb46f05b58f9848d586141173a2c1fe5ae9c21f14bd9b1a75268df9badd1f2dbb6c18adf9529df3e5db4c0a3e09494baa6dca5da50b987ad84b54569ebdc4791f266eb16d3275ccfe8aec0809bfa578229a4c7fefda8888a2b7f3a0196bfcd16dc334e46d13454ae64d79c5069a4ec06916b73206da94faffd3413d1bafcae730f48846c2a237dcdbf512c989fb357439a2b951f0e9ea8d2a749d8030adabc6bdfe6a9c4a09246ea0b8a02beffe4a7f1208f3e91bc6c268c4515aaf984aa554a46e7975ec405e58b4ae8fbd90fd5f45a95521aeed98b251a144fd8a6d7fa65d298fce5f01891a4e1cf9ea899d3e9942d69da7d67e40d7375ed71ab72c9ab581aefaea0a33d93fa1a48a2900fe4c7b0edc9f2f7edbd1d2c56254f987f7dee46977646a2c8ea0d6e757793f7164f5594f7b5e666c8628f22ad099c06fe6a06f41b37a9b2960eb64144ab62f0800040009000000"], 0x3a4}, 0x1, 0x0, 0x0, 0x20000000}, 0x408c5) connect$auto(0x3, &(0x7f0000000140)=@in={0x2, 0x7, @local}, 0x55) capget$auto(0x0, 0xfffffffffffffffe) open(&(0x7f0000000040)='./file0\x00', 0x881c0, 0x0) mount$auto(&(0x7f0000000000)='netdevsim0\x00', &(0x7f0000000080)='./file0\x00', &(0x7f0000000880)='nfs\x00\x96\x11\x1cW=\xef\x98\x97;!SC\xa0_q\xa7\xed\xcc\x1e:}\xf7\xf9\x9ea\xd01\x17\x8e\xaf\xed\x85b\xbe\xb3\x1f\xf0y\xdf\xecY\xab\xa4\xd8\xfcY!\x9d\xf2V\xdc%\xec\x98\x97\xbc\xf1f\x13~\xd2\xef$\xe2\xdchz\x8b\x10\xd4(\xf2\x06\xd1\x0f=w\x83$.\xd1\x8di\n\xe2\xa1\xfbG\xfa{\xa2$\xa6\t\xc2:\x91\xb5\x96/\xab\xef\xbc\xd7\x01\xf3\x9d\xe36\xfc\xc4&\x01\x11a\x000p\xd8\xa8\xec\xd9\x7f! \xf0u\xa5\xc7\xda\x7f\xff\x0e\xb5\xdd\xbc\xed\xb0R\xb9s\xd7Uc@?/\xcd\xb4\x86_\x19\xea\x15&\x13\xf5N\xae\xf9\xd2\xe5oC3\xa6~\x96\xff\xa8\xb3\x90\xcfL\xcd=\x1eR\xde_\xb5\xaaC<\f\x16\xa4&\aC\xce\xe8W\xce,\xab\xdc\xbdg\x8d\xbf\x04\x98\xe9\xdf\xc0\xcd\xd64i\x94\xbc_\xac\xf7\x91', 0x1, 0x0) setsockopt$auto(0x3, 0x10000000084, 0x1e, 0x0, 0x8) r3 = socket$nl_generic(0x10, 0x3, 0x10) getpriority$auto_PRIO_USER(0x2, 0x0) r4 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_ADD_LINK(r3, &(0x7f0000000800)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0xb90e9a6a7cb7d163}, 0xc, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="020026bd7000fddbdf259400000064057f00a6d31c3a6cf69d382d063646f3db7954888a9a4890aa8c72cdda867a57af285cf1db5977c5b0f063a392811a1522556a12a676d2b0cf84d1ffde8359933778ed643a650d234f03ccc85d589c0b6752b62c2ce6b1e463fa0552071212465ebb5035587887ec9284facb2a8c454f222427b6eba044344089bca143d51106028d68497273f3698f331ab8dbc27bd0efc26542320e04cb9f3fed9d1a4a4289ca7036135f9efe851f1b1b3b7153c8e1f13e9ada9cd0ada9f4ac6c476922431bfc7bf69ced5e4383c1c891b963b670cb70efce7433601811b78a7b249cadae92055f7daa07cb8f2b050f25d32748036d37931dcd22f0800cd0d1430074341f4e422718f416ae58dd6fc511dac8a6f44ff23452ceb6b4048e05195c0f1db2eea0d0b66e53a33bab37e50f3bf9e5b9abe7ae292734de1509c145079a8cce2210d0a69c7136bcc07e34686796d1121d27400b4dc9ef9a90bf56f0b8630c2b491f991f69fa05be9fcc34f82e422c6aaadda0b559ef266d21e7dc756b9f452ae05fd6616c726e6d063793001f81432c20feed58a428ebd291f3d190276cc4f604574d3a5737366a99f90c68173d3f935388a19becd0cc8cfa1a9b63cbedfa92a7637b6495d7ad4ea1a885d5dc389ebb537a91eddee05d737add5f443e7af041cecb53c3cfb32c702f70e7d9ea0e6cf44b6112dda49b9d059b42fdb6eca005d7f8863e21d8d48958c91ea1ddb7226a8a3b83cd29aa048600fa773fed60d168b88aee33d13aeae3ce0020d10dcbe19ea814bc4a955266007b4a803a76410ca53df62a1c32316efa84aee5d72212b9459997409354edcb0f994b5cff8ff20bcfa565ff9cc3adf39d0bd4fdb6f429e66a42713cfa1274f2849f063077c16afc1cb2e5028dc9114bcb80e5e698cdd80e32c744f5822ccc7f18e440b70617d11e60c685b3356546096250dfb542d55cefc91d9310bf9ff084631d1b7d5c066e694451a69ae65deb21294513e6ac205e961787d8f6859f8c4cc34e92d5e80e927d7c74cd597c1f552753d066e46c925ff656b2bc9ebb152812e63b74fa1026c68729b637d42c8213b7fa3c04206218d12811589fd9777dbcb270590573134e49fe8c8ccd5780481f47f1e5437e39077e1a341f28565f23a0af1e43e711d85c89f07e4b56a7c2a912fd6ecb0a75854a9c1534ee406462af4ffe91ea05bab5a865122e7ab9e583bb6de1e1bef228ccc4a0ccd47599b4f2d0157caa52106302cf5038031c30120cb081c895c04b3e1586fc63e1d55ecdb1b6f04629e089a72ba06764dc54d7159b1f9d023cd96274206eaea2317deec6bf832f35a4f21036a5fb38681a123c2c2f289af54303e950758b489ad4ef2f474f404d128f4a2cf05b18bfa3c0f8e7ae58f112fab9ca8525d60890d5aa9c72bab2214741f9e4c3377493fe23ed5a0a09d8134c5f7d803480632764051b7d3ed8701853e044f4569f842d05ccbab8bc1b3e0d55690111018a48ef87e7badf065f445e297dba6bc2a2c278826f5b02ea7b192fd7cd1f4eb4ceeac26bf6e5c9ad68846645b003090e072b72eaa1ec2c747f863a84d9575b09a7976dcbcf9c69fe860f2dc0f3e1dc3531152c9508855e64cd862dbbf94baa72e271ceb1eee018d97aa75f178144df4086b55692a2a1d8007affe225ebcbd7c660c93e59acfd74956b6a89eaad9b8735620313797e47967d8a8a6c77cc4178f0c62acfe1a2aa8c4f373fa41a1e954a336011e087654dbaf2bc10618b18927430c5bd3327f16a05ed6adb24712bdff9828c3da726f09b3050a720f82ba991d99a060cd083c841806acaa9c998b07c99fe9187d191a856c11725365c397c2558db03c0e2c41d5492af41bbca5918b793e7ea99db6d035c8739837e9a867c4d20502e35216ed82217a1a6914141bd089349c4f5b14a94ac1c9ed9eb981e3f04003c000600d4000000000004008e000600f7000f070000"], 0x590}, 0x1, 0x0, 0x0, 0x4}, 0x40080) sendmsg$auto_NL80211_CMD_GET_MESH_CONFIG(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f0000000600)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000640)={&(0x7f0000002280)=ANY=[@ANYBLOB="80a918a3200000005e00000000000000008c00", @ANYRES16=r4], 0x1180}, 0x1, 0x0, 0x0, 0x8000}, 0x40000810) mmap$auto(0x0, 0x40009, 0x36, 0x9b72, 0x7, 0x28000) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_WRITE(0xffffffffffffffff, 0xc4c85513, &(0x7f0000000100)={{@raw=0x2, 0x85, 0xf67, 0x1, "669cbbd9e9756f22fdffa199e0f106000000000000000b2f4ab8633824f2d2252ca5f200", @raw=0x101}, 0x0, @integer=@value=[0x6, 0x0, 0x5, 0x80, 0xfffffffffffffffe, 0x8b0, 0x4, 0x8000000000000001, 0x100000000000004, 0x2090, 0xf7a, 0x6, 0x3, 0x1, 0x0, 0x7fffffffffffffff, 0x9, 0x3, 0x6, 0x7fffffffffffffff, 0xfffffffffffffffe, 0x6, 0x2, 0x8, 0x10, 0xfffffffffffffffe, 0x3, 0x7, 0x6d, 0x3, 0xfffffffffffffff7, 0x10000, 0x5, 0x6, 0x3ff, 0x5, 0x6, 0x7, 0x200000000a78, 0x100000000000000, 0x100000004, 0x1, 0x0, 0x29, 0x81, 0x50, 0x5, 0x6, 0x8, 0x2afb, 0x803, 0x80, 0x4, 0x7ff, 0x4572, 0x9, 0xce13, 0x0, 0x4, 0x6, 0xd, 0x0, 0xfff, 0xc, 0xfffffffffffffffb, 0x6, 0xff, 0x10001, 0x0, 0x9, 0x9, 0x3, 0xd3ad, 0x9, 0x5, 0x7, 0x100000001, 0xffffffffffffffdc, 0x5, 0x1, 0x1000, 0x100000001, 0x100, 0x80000001, 0x8, 0x7, 0x4, 0x8, 0x800000000010, 0xff, 0x6, 0xff8000000, 0x2a4c32e3, 0x800, 0x18, 0x200000000000007, 0x4, 0x57, 0x1, 0x6, 0x7fffffffffffffff, 0x119af68c, 0x3, 0x4, 0x7, 0x6, 0x0, 0x8000000000000001, 0x5, 0x8, 0xc8d, 0x7, 0x7, 0x2, 0x9, 0xfffffffffffffff8, 0x4, 0xc, 0x6, 0xa, 0x10001, 0x4bb2, 0x2, 0x400, 0x401, 0x1d, 0x7], "282f77b07e718e11749a346177741dc299a28a585e87e0d908e2c8e50de501951d8fcdc4f791a11996aad5af504c0d9927e62ef70b23a13735a4fe805c1ce1b6b1d83d21bb42794ec925b4547a3d52d4b5210392111e181719fef9d685b6534b171d76ad633f94a608b818600a6c8500"}) r5 = epoll_create$auto(0x4) r6 = socket(0x2, 0x5, 0x0) epoll_ctl$auto(r5, 0x1, r6, 0x0) r7 = epoll_create$auto(0x3e) epoll_ctl$auto(r7, 0x1, r5, 0x0) shutdown$auto(0x200000003, 0x2) keyctl$auto_KEY_REQKEY_DEFL_NO_CHANGE(0x4, 0xffffffffffffffff, 0x0, 0x0, 0xf0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000100)='/proc/self/net/rpc/use-gss-proxy\x00', 0x0, 0x0) acct$auto(&(0x7f00000000c0)='/proc/net/rpc/use-gss-\x06roxy\x00') 2.243470251s ago: executing program 4 (id=5209): r0 = open(0x0, 0x0, 0x64) fchdir$auto(r0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r1 = openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x60042, 0x0) ioctl$auto_SG_SET_RESERVED_SIZE2(r1, 0x2275, &(0x7f0000000040)="d93ca7") unshare$auto(0x40000080) openat$auto_kmsg_fops_printk(0xffffffffffffff9c, 0x0, 0x40001, 0x0) r2 = socket(0x2a, 0x4, 0x82) listmount$auto(0x0, 0x0, 0x4, 0x101) close_range$auto(0x2, r2, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000840)='/dev/tty6\x00', 0x0, 0x0) openat$auto_rng_chrdev_ops_core(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) setgroups$auto(0xe32, 0x0) 1.188760378s ago: executing program 2 (id=5210): r0 = openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x82802, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket(0x10, 0x2, 0x0) r3 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_NL802154_CMD_NEW_INTERFACE(r2, &(0x7f00000001c0)={0xffffffffffffffff, 0x0, &(0x7f0000000140)={&(0x7f0000000080)={0x3c, r3, 0x1, 0x1, 0x25dfdbff, {}, [@NL802154_ATTR_WPAN_PHY_NAME={0x25, 0x2, '/proc/sys/kernel/watchdog_thresh\x00'}]}, 0x3c}, 0x1, 0x0, 0x0, 0xc810}, 0x40) sendmsg$auto_NL802154_CMD_DEL_SEC_LEVEL(r1, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="000829bd7000fedbdf252100000006000a000004000008000500d600000005000700f30000000f00b3000000d5a1770005f181760e99f175799ed585a6b0a53c16825d64408636e3ad50e56a6ec6f668d2c5f6be65c70450e5837108ac77ef7fcf4a0d3123eb005800"/114], 0x3c}, 0x1, 0x0, 0x0, 0x400c8c4}, 0x0) ioctl$auto(r0, 0x6, 0xffffffffffffffff) mmap$auto(0x10001, 0x9, 0xdd, 0x80000000000eb1, 0x1272, 0x14000000) r4 = openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f0000000000), 0x600, 0x0) ioctl$auto_RTC_PARAM_SET(r4, 0x40187014, &(0x7f0000000080)={0x1, @uvalue=0x6}) writev$auto(0xffffffffffffffff, 0x0, 0x3) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x147) r5 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snd/midiC2D3\x00', 0x450401, 0x0) write$auto(r5, &(0x7f0000000080)='/deudio1_\x93\x1cW\x9f\x1f\x8dP\xde\x9f\x01\x00\x00\x00\x00', 0x100000a3d9) execve$auto(0x0, 0x0, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x16240, 0x0) execve$auto(0x0, 0x0, 0x0) move_pages$auto(0x0, 0x5, 0x0, &(0x7f00000003c0)=0x1, 0x0, 0x2) r6 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) recvmmsg$auto(r6, &(0x7f0000000300)={{0x0, 0x6, &(0x7f0000000280)={0x0, 0x1ff}, 0xc, &(0x7f00000001c0), 0x40000000, 0xa}, 0x5a57}, 0xd, 0x3, 0x0) syz_genetlink_get_family_id$auto_macsec(0x0, r6) close_range$auto(0x2, 0x8, 0x0) r7 = openat$auto_proc_pid_numa_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/numa_maps\x00', 0x20000, 0x0) read$auto_proc_sessionid_operations_base(r7, &(0x7f0000001300)=""/4073, 0xfe9) 934.649608ms ago: executing program 1 (id=5211): sendmsg$auto_NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xc000}, 0x2404c800) mmap$auto(0x0, 0x1, 0x37eb, 0x40eb2, 0x4, 0x300000000000) write$auto(0xca, &(0x7f0000000080)='\x04 \xa1M\x11=.!\xd3\'\x8a\x00\x00\x00\x00\x00\xbd\x90q\xd0\xff\xea\xe9\x04B\x1c\x9a\x02y(\x83\xdf-g\xd7.\x83\xb2\xe4x\xdb\xfb\x18#&\x83\x17\x18\x05\x12|\x83$\xd0\x9a?\xf2W\xdd\xd3Z*\xa5\x81V\x98+q\xef(]\x81\x1c\x98B]\x9c\xd7\x05\x11\xcc\x1d\xc5\t\xe1A\fA\x8b\xd8\x8b\xb5\xa0\x9c\xab\xb6:\x18\xeaz\xc2!x0\f\xaa\xbd\xbeGh\x0f\v2\x83\x12>\xe7\x9e\xdb\xb5yO\xa3*\xb8\x9fH\xc0K0\x87\xc3N~2\xb1\xc4\xc7y9u\xa6\x89\xa9@\xf1\x92M(\x9e\xf9\x8e\xbf\x86\xfav7t\x14\xde\xd9Wd1G\x97\x13\x84\xff\x99\xdf\xd2\xa2\xf5l\xd6\xcf\x04\f^@r\xe9!\xb1X\xf19$\xf0h\v\r\xd0\xd9\xefm[l\xa4\xc7\x0e+H\xed\xf8\x82Wh%\x1f\x99\xaa\xf2\xb3\xb3Nr\xb0\x9a\xd2\xb67\xca\xdar\xa6\xe07\x061\xb7\xa6\xa9\x1b?>\x03\xad^\xd7\xbb-\'}\xc7\x82\xaa\n\xac\xa3\x15\x82\xc0\x02\x18\x1f\xb1cX\xc9\xcaGf((p<\x17|\x03\x00\x00\x00Qop^Y\xf4\xeccl\xa0$\xe0\'\xf8\x83\x8c\x7fW!p^=\x12\xbf$\xae7\xa2,\xce\xd1\xb0\xbd\x01\xf0z\x97\x0f\x94\xb5\x10&@\xaeF\xb8\x92\xd5\x15E\xf8\\ =SMH6\xd6\xd2\xa2~\x0e\x87\f\x0e\xe2\xd7\xfc\xed9\xaa\x81Qdw\xa0\xe7;D\xfa\xd3+\x93<\xce\xf16%\xc1s\b\xb0\xfe\xcd\xaf\x1a\xed\xf9\xd3HD\x82\xb5d\x9e\x91\xa1\x04\xe0\x86\xd94\x06O2\xc4O\xffm\xc3O\xe89\xbe\x03B\x0f6\xbe\xaf\xaa=[7\xd9\xca\xd2\xa0&\xc4(=%\xda\rM(&\xe4\x12S\nm\xd8\xb4\x8a\x1f\x00', 0x7e) mmap$auto(0x0, 0x400004, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) socket(0x10, 0x2, 0xc) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sysfs$auto(0x2, 0x100000000000039, 0x0) fsconfig$auto(0xffffffffffffffff, 0x1, &(0x7f0000000000)='4\x93\x03\x00\x04\x00\x00', &(0x7f00000001c0), 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fuse\x00', 0x22181, 0x0) close_range$auto(0x2, 0xa, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x103080, 0x0) close_range$auto(0x2, 0x8, 0x0) ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r0 = openat$auto_stat_fops_per_vm_kvm_main(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/kvm/max_mmu_rmap_size\x00', 0xa2500, 0x0) read$auto_stat_fops_per_vm_kvm_main(r0, 0x0, 0x0) 619.265964ms ago: executing program 3 (id=5212): mmap$auto(0x0, 0x2020009, 0x3, 0x9000000eb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) write$auto(r0, &(0x7f0000000040)='//\xf2\x00', 0x80000000) write$auto(r0, 0x0, 0x2) getrlimit$auto(0x3, 0x0) mmap$auto(0x0, 0x5, 0x3, 0x9000000eb1, 0xfffffffffffffffa, 0x8000) capset$auto(&(0x7f0000000200)={0x20080522}, 0x0) r1 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/self/oom_adj\x00', 0x142, 0x0) write$auto(r1, &(0x7f0000000080)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94&\x81\xe2\x13\x8f\xea#\xf8F\xbbOO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\b\xc1\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xcbA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(', 0xa) fdatasync$auto(r0) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) ioctl$auto_BLKZEROOUT(r2, 0x127f, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/035/001\x00', 0x1102, 0x0) write$auto(0xffffffffffffffff, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xc8d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\xc6\x00\x89\te\x8d\a\xfb\\n\x89C:\x84D\x10u\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k', 0x100000a3d9) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x8ea182, 0x0) sendfile$auto(0x3, 0x3, 0x0, 0x400000000006) r3 = openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x1000, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) init_module$auto(0x0, 0xffff9, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x19) lseek$auto(r3, 0x7, 0x319) madvise$auto(0x0, 0x8000000000000000, 0x15) madvise$auto(0x0, 0x2000000080000001, 0x3) close_range$auto(0x2, 0x8, 0x0) r4 = openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$auto_dma_heap_fops_dma_heap(r4, 0xffffffffffdffe00, &(0x7f0000000140)=';') r5 = openat$auto_lowpan_enable_fops_(0xffffffffffffff9c, 0x0, 0x8a141, 0x0) write$auto_lowpan_enable_fops_(r5, &(0x7f00000000c0)='3', 0x1) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) 206.403856ms ago: executing program 1 (id=5213): openat$auto_trace_options_core_fops_trace(0xffffffffffffff9c, 0x0, 0x5a1380, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, 0x0, 0x189002, 0x0) syslog$auto(0x3, &(0x7f0000000080)='..\x00k\xac\x8c\x1d\x0e\x98\x80\xd2\xaf\xa1\xf2\x1e\xe1R1\xa2\x8e\xce\xa0\x17\bI3\'\xc5tw\xd7\x1d\xa6\xf4#+\xfa\xd7\x01\xb9j<\v\xf47\n\xa7\xd2\x8b\x11e1\xb3\xfdd\x04\xa9 1q\x97\xc4,\xa9^\xc1\xb6\x84q\x0f\xd1\x013\x87l\xb9\x1e\x05\x90\xa24X@\xadD\xf8\x9d\xf3 \xd2]\xc4\x13G\x1d\x04!\xc1\xeb.e$\xfb\xa3KU\xcf\xc1\x7fFD\x99\xf5v\v\x9dS\xc11P\xa3\xe9\xb0SqL\x85\xea\xb2\x9cY\x83.I\xca\x92\x1c\xc4\x13CV=\x92\x17c\x87iOt\x14On\x15=\v\xf0 \xc5\x8b~\xd6\xd4\xc7\xa3a\x1c\x06\x17\xb3\x88\x8c\xf1L\xba\x89a\xfd\xa5\xc6\x7fU\x00\xe5\x9b', 0x5) r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000080)) fchdir$auto(r0) mkdir$auto(&(0x7f0000000000)='./file1\x00', 0x3) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) setsockopt$auto(0xffffffffffffffff, 0xfffffffa, 0x5, &(0x7f0000000200)='/dev/snd/controlC2\x00', 0x3) sendmmsg$auto(0xffffffffffffffff, 0x0, 0x9, 0x20000000) select$auto(0x4, 0x0, &(0x7f0000000100)={[0x5, 0x1, 0x8, 0x8, 0x6, 0x9, 0x0, 0x5, 0xf8, 0xffffffffffff402e, 0x800, 0x60000000, 0x40, 0x4, 0x87, 0x4]}, 0x0, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x8, 0x1, 0x13, 0x3, 0x110000000) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x6, 0xd, 0xfffffffe, 0x6, 0x7fff, 0x8, 0xffffffffffffffff, [], {0x6, 0x10001, 0xb, 0x2de, 0x504, 0x1, 0x101, 0x6, 0x6}, {0xfff7ffff, 0x2, 0x52, 0x5, 0x10001, 0x40, 0x76c5, 0x8, 0x8000000000000000}}) r2 = getpid() process_vm_readv$auto(r2, &(0x7f0000000000)={0x0, 0xfff}, 0x800000001, &(0x7f0000000280)={&(0x7f0000000080), 0x1ffffffff}, 0x6, 0x0) ioctl$auto_USBDEVFS_IOCTL(r1, 0xc0105512, &(0x7f0000000040)={0x80000001, 0x7d, &(0x7f0000000180)="99e4a8bf843fbab228ed87cd5771f4a252e01f348ce53324ce0f3648a683fd4672fbd0f45390d45d4d99b5295e1c37546665448091893d1b1263e32393988382a36c9a5b6b87d3c68e365483a984318137558af26a8688"}) r3 = socket(0xa, 0x2, 0x0) setsockopt$auto(r3, 0x29, 0x30, 0x0, 0x56b) openat$auto_snd_mixer_oss_f_ops_mixer_oss(0xffffffffffffff9c, 0x0, 0x11d802, 0x0) 186.64826ms ago: executing program 2 (id=5215): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/zram0\x00', 0x6e642, 0x0) write$auto(r0, &(0x7f0000000400)='odev/audio1\x00', 0x100000a3d9) 0s ago: executing program 4 (id=5216): r0 = openat$auto_raw_fops_raw_gadget(0xffffffffffffff9c, &(0x7f0000000040), 0x80040, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) r1 = io_uring_setup$auto(0x5, 0x0) close_range$auto(0x2, r1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2b, 0x1, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0xffff, @remote}, 0x6d) listen$auto(0x3, 0x81) r2 = socket(0x2b, 0x1, 0x0) sendmmsg$auto(r2, &(0x7f0000000000)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x24, 0xfffffffd}, 0x10001}, 0x5, 0x20000000) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x101e81, 0x0) poll$auto(&(0x7f0000000080)={0x3, 0x1, 0xa}, 0x5, 0x108) ioctl$auto_USB_RAW_IOCTL_CONFIGURE(r0, 0x5509, 0x1000000) kernel console output (not intermixed with test programs): 00000000008000 [ 1395.243284][T25054] R10: 0000000000009b72 R11: 0000000000000246 R12: 0000000000000000 [ 1395.243299][T25054] R13: 00007f98a0216038 R14: 00007f98a0215fa0 R15: 00007ffff3711108 [ 1395.243331][T25054] [ 1396.821578][T25078] block nbd8: Unsupported socket: should be TCP or UNIX. [ 1399.373381][T25116] nbd: must specify a device to reconfigure [ 1399.515964][T25118] misc userio: Invalid payload size [ 1400.525781][T25124] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x61e pfn:0x78001 [ 1400.596684][T25124] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 1400.731570][T25124] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000 [ 1400.787224][T25124] raw: 000000000000061e 0000000000000000 00000001ffffffff 0000000000000000 [ 1400.972543][T25124] page dumped because: unmovable page [ 1401.003638][T25124] page_owner tracks the page as allocated [ 1401.143087][T25124] page last allocated via order 0, migratetype Unmovable, gfp_mask 0xd02(GFP_NOIO|__GFP_HIGHMEM|__GFP_ZERO), pid 6808, tgid 6806 (syz.0.175), ts 176491972931, free_ts 176375213454 [ 1401.227363][T25124] post_alloc_hook+0x153/0x170 [ 1401.246332][T25124] get_page_from_freelist+0x111d/0x3140 [ 1401.273133][T25124] __alloc_frozen_pages_noprof+0x27c/0x2ba0 [ 1401.291688][T25124] alloc_pages_mpol+0x1fb/0x550 [ 1401.315646][T25124] alloc_pages_noprof+0x131/0x390 [ 1401.380310][T25124] brd_submit_bio+0x116a/0x20d0 [ 1401.408657][T25124] __submit_bio+0x419/0x6c0 [ 1401.438972][T25124] submit_bio_noacct_nocheck+0x74f/0xc10 [ 1401.481777][T25124] submit_bio_noacct+0xd17/0x2010 [ 1401.497265][T25124] submit_bh_wbc+0x59c/0x770 [ 1401.522423][T25124] __block_write_full_folio+0x77f/0xee0 [ 1401.553200][T25124] block_write_full_folio+0x3b5/0x4e0 [ 1401.558757][T25124] blkdev_writepages+0xc7/0x150 [ 1401.596530][T25124] do_writepages+0x278/0x600 [ 1401.632608][T25124] filemap_writeback+0x22d/0x2e0 [ 1401.637622][T25124] file_write_and_wait_range+0xcd/0x140 [ 1401.674467][T25124] page last free pid 6780 tgid 6778 stack trace: [ 1401.704793][T25124] free_unref_folios+0xaea/0x1790 [ 1401.709913][T25124] folios_put_refs+0x53c/0x840 [ 1401.756920][T25124] shmem_undo_range+0x5e5/0x1570 [ 1401.777549][T25124] shmem_evict_inode+0x39e/0xbd0 [ 1401.797879][T25124] evict+0x3c2/0xad0 [ 1401.816296][T25124] iput.part.0+0x605/0xf50 [ 1401.843848][T25124] iput+0x35/0x40 [ 1401.847710][T25124] dentry_unlink_inode+0x2a1/0x490 [ 1401.879294][T25124] __dentry_kill+0x1d0/0x600 [ 1401.893671][T25124] finish_dput+0x76/0x480 [ 1401.919026][T25124] dput.part.0+0x456/0x570 [ 1401.942528][T25124] dput+0x1f/0x30 [ 1401.946253][T25124] __fput+0x519/0xb40 [ 1401.981927][T25124] task_work_run+0x150/0x240 [ 1401.996249][T25144] vivid-007: ================= START STATUS ================= [ 1402.006217][T25124] do_exit+0x829/0x2aa0 [ 1402.010553][T25124] do_group_exit+0xd5/0x2a0 [ 1402.146455][T25144] vivid-007: Generate PTS: true [ 1402.180118][T25133] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x61e pfn:0x78001 [ 1402.262664][T25133] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 1402.284804][T25144] vivid-007: Generate SCR: true [ 1402.290185][T25144] tpg source WxH: 320x240 (Y'CbCr) [ 1402.321345][T25133] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000 [ 1402.391735][T25133] raw: 000000000000061e 0000000000000000 00000001ffffffff 0000000000000000 [ 1402.455575][T25133] page dumped because: unmovable page [ 1402.520025][T25144] tpg field: 1 [ 1402.548152][T25133] page_owner tracks the page as allocated [ 1402.561838][T25144] tpg crop: (0,0)/320x240 [ 1402.591835][T25133] page last allocated via order 0, migratetype Unmovable, gfp_mask 0xd02(GFP_NOIO|__GFP_HIGHMEM|__GFP_ZERO), pid 6808, tgid 6806 (syz.0.175), ts 176491972931, free_ts 176375213454 [ 1402.685698][T25144] tpg compose: (0,0)/320x240 [ 1402.690410][T25144] tpg colorspace: 8 [ 1402.781895][T25133] post_alloc_hook+0x153/0x170 [ 1402.786751][T25133] get_page_from_freelist+0x111d/0x3140 [ 1402.851689][T25133] __alloc_frozen_pages_noprof+0x27c/0x2ba0 [ 1402.857685][T25133] alloc_pages_mpol+0x1fb/0x550 [ 1402.892192][T25144] tpg transfer function: 0/0 [ 1402.896829][T25144] tpg Y'CbCr encoding: 0/0 [ 1402.901354][T25144] tpg quantization: 0/0 [ 1402.978253][T25133] alloc_pages_noprof+0x131/0x390 [ 1403.030940][T25133] brd_submit_bio+0x116a/0x20d0 [ 1403.075928][T25133] __submit_bio+0x419/0x6c0 [ 1403.111834][T25133] submit_bio_noacct_nocheck+0x74f/0xc10 [ 1403.117730][T25133] submit_bio_noacct+0xd17/0x2010 [ 1403.124178][T25144] tpg RGB range: 0/2 [ 1403.172254][T25161] FAULT_INJECTION: forcing a failure. [ 1403.172254][T25161] name fail_futex, interval 1, probability 0, space 0, times 0 [ 1403.196910][T25133] submit_bh_wbc+0x59c/0x770 [ 1403.208454][T25144] vivid-007: ================== END STATUS ================== [ 1403.219653][T25133] __block_write_full_folio+0x77f/0xee0 [ 1403.246047][T25161] CPU: 0 UID: 0 PID: 25161 Comm: syz.2.4344 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1403.246091][T25161] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1403.246101][T25161] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1403.246117][T25161] Call Trace: [ 1403.246126][T25161] [ 1403.246136][T25161] dump_stack_lvl+0x100/0x190 [ 1403.246179][T25161] should_fail_ex.cold+0x5/0xa [ 1403.246209][T25161] get_futex_key+0x1d2/0x1620 [ 1403.246242][T25161] ? __pfx_get_futex_key+0x10/0x10 [ 1403.246281][T25161] ? __lock_acquire+0x4a5/0x2630 [ 1403.246314][T25161] ? __lock_acquire+0x4a5/0x2630 [ 1403.246348][T25161] futex_wait_setup+0x83/0x510 [ 1403.246394][T25161] __futex_wait+0x19f/0x300 [ 1403.246435][T25161] ? __pfx___futex_wait+0x10/0x10 [ 1403.246477][T25161] ? __pfx_futex_wake_mark+0x10/0x10 [ 1403.246525][T25161] ? futex_hash+0x2c5/0x380 [ 1403.246565][T25161] futex_wait+0xed/0x380 [ 1403.246603][T25161] ? __pfx_futex_wait+0x10/0x10 [ 1403.246640][T25161] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 1403.246684][T25161] do_futex+0x1ef/0x350 [ 1403.246716][T25161] ? __pfx_do_futex+0x10/0x10 [ 1403.246748][T25161] ? __sys_bind+0x1c7/0x260 [ 1403.246793][T25161] __x64_sys_futex+0x34f/0x4d0 [ 1403.246829][T25161] ? __pfx___x64_sys_futex+0x10/0x10 [ 1403.246873][T25161] do_syscall_64+0x106/0xf80 [ 1403.246902][T25161] ? clear_bhb_loop+0x40/0x90 [ 1403.246932][T25161] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1403.246957][T25161] RIP: 0033:0x7f989ff9c799 [ 1403.246978][T25161] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1403.247002][T25161] RSP: 002b:00007f98a0f000e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1403.247026][T25161] RAX: ffffffffffffffda RBX: 00007f98a0215fa8 RCX: 00007f989ff9c799 [ 1403.247043][T25161] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f98a0215fa8 [ 1403.247058][T25161] RBP: 00007f98a0215fa0 R08: 0000000000000000 R09: 0000000000000000 [ 1403.247073][T25161] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1403.247089][T25161] R13: 00007f98a0216038 R14: 00007ffff3711020 R15: 00007ffff3711108 [ 1403.247119][T25161] [ 1403.249855][T25133] block_write_full_folio+0x3b5/0x4e0 [ 1404.543310][T25133] blkdev_writepages+0xc7/0x150 [ 1404.589692][T25133] do_writepages+0x278/0x600 [ 1404.625495][T25133] filemap_writeback+0x22d/0x2e0 [ 1404.653801][T25133] file_write_and_wait_range+0xcd/0x140 [ 1404.688173][T25133] page last free pid 6780 tgid 6778 stack trace: [ 1404.738676][T25133] free_unref_folios+0xaea/0x1790 [ 1404.768798][T25133] folios_put_refs+0x53c/0x840 [ 1404.824269][T25133] shmem_undo_range+0x5e5/0x1570 [ 1404.850290][T25133] shmem_evict_inode+0x39e/0xbd0 [ 1404.871601][T25133] evict+0x3c2/0xad0 [ 1404.897835][T25133] iput.part.0+0x605/0xf50 [ 1404.929780][T25133] iput+0x35/0x40 [ 1404.953769][T25133] dentry_unlink_inode+0x2a1/0x490 [ 1404.988807][T25133] __dentry_kill+0x1d0/0x600 [ 1405.025315][T25133] finish_dput+0x76/0x480 [ 1405.057645][T25133] dput.part.0+0x456/0x570 [ 1405.087526][T25133] dput+0x1f/0x30 [ 1405.119088][T25133] __fput+0x519/0xb40 [ 1405.154199][T25133] task_work_run+0x150/0x240 [ 1405.186875][T25133] do_exit+0x829/0x2aa0 [ 1405.210178][T25133] do_group_exit+0xd5/0x2a0 [ 1405.624663][T25133] Process accounting paused [ 1406.384856][T25201] deleting an unspecified loop device is not supported. [ 1408.330230][T25213] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1408.417160][T25213] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1408.511779][T25213] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1408.583122][T25213] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 1409.260618][T25247] FAULT_INJECTION: forcing a failure. [ 1409.260618][T25247] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1409.347839][T25247] CPU: 0 UID: 0 PID: 25247 Comm: syz.0.4370 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1409.347884][T25247] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1409.347894][T25247] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1409.347908][T25247] Call Trace: [ 1409.347918][T25247] [ 1409.347929][T25247] dump_stack_lvl+0x100/0x190 [ 1409.347982][T25247] should_fail_ex.cold+0x5/0xa [ 1409.348010][T25247] _copy_from_user+0x2e/0xd0 [ 1409.348052][T25247] do_handle_open+0x60e/0xce0 [ 1409.348079][T25247] ? __fget_files+0x21f/0x3d0 [ 1409.348101][T25247] ? __pfx_do_handle_open+0x10/0x10 [ 1409.348133][T25247] ? ksys_write+0x1ac/0x250 [ 1409.348171][T25247] ? arch_syscall_is_vdso_sigreturn+0xb6/0x200 [ 1409.348203][T25247] ? syscall_user_dispatch+0x76/0x130 [ 1409.348240][T25247] ? do_syscall_64+0x106/0xf80 [ 1409.348268][T25247] do_syscall_64+0x106/0xf80 [ 1409.348295][T25247] ? clear_bhb_loop+0x40/0x90 [ 1409.348325][T25247] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1409.348350][T25247] RIP: 0033:0x7f186eb9c799 [ 1409.348374][T25247] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1409.348398][T25247] RSP: 002b:00007f186f9b5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000130 [ 1409.348421][T25247] RAX: ffffffffffffffda RBX: 00007f186ee15fa0 RCX: 00007f186eb9c799 [ 1409.348437][T25247] RDX: 0000000000000006 RSI: 0000200000001280 RDI: 0000000000000003 [ 1409.348452][T25247] RBP: 00007f186f9b5090 R08: 0000000000000000 R09: 0000000000000000 [ 1409.348467][T25247] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1409.348482][T25247] R13: 00007f186ee16038 R14: 00007f186ee15fa0 R15: 00007ffce4d2f338 [ 1409.348513][T25247] [ 1409.773469][T23938] Bluetooth: hci4: command 0x0406 tx timeout [ 1409.973362][ T30] audit: type=1800 audit(4294987917.216:29): pid=25261 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.4364" name="SYSV00000008" dev="hugetlbfs" ino=0 res=0 errno=0 [ 1410.500039][T23572] Bluetooth: hci3: command 0x0c1a tx timeout [ 1410.573714][T23572] Bluetooth: hci2: command 0x0c1a tx timeout [ 1410.644227][T23572] Bluetooth: hci5: command 0x0c1a tx timeout [ 1412.203972][T25307] FAULT_INJECTION: forcing a failure. [ 1412.203972][T25307] name failslab, interval 1, probability 0, space 0, times 0 [ 1412.319305][T25307] CPU: 0 UID: 0 PID: 25307 Comm: syz.0.4373 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1412.319346][T25307] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1412.319355][T25307] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1412.319371][T25307] Call Trace: [ 1412.319380][T25307] [ 1412.319389][T25307] dump_stack_lvl+0x100/0x190 [ 1412.319432][T25307] should_fail_ex.cold+0x5/0xa [ 1412.319460][T25307] should_failslab+0xc2/0x120 [ 1412.319486][T25307] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 1412.319523][T25307] ? alloc_inode+0x183/0x250 [ 1412.319553][T25307] ? find_inode_fast+0x1fa/0x910 [ 1412.319587][T25307] alloc_inode+0x183/0x250 [ 1412.319625][T25307] iget_locked+0x1d9/0x6d0 [ 1412.319657][T25307] ? __pfx_iget_locked+0x10/0x10 [ 1412.319686][T25307] ? find_held_lock+0x2b/0x80 [ 1412.319707][T25307] ? kernfs_find_and_get_node_by_id+0x1be/0x3e0 [ 1412.319746][T25307] ? kernfs_find_and_get_node_by_id+0x1be/0x3e0 [ 1412.319790][T25307] kernfs_get_inode+0x46/0x470 [ 1412.319823][T25307] kernfs_fh_to_dentry+0xf3/0x250 [ 1412.319853][T25307] exportfs_decode_fh_raw+0x167/0x760 [ 1412.319880][T25307] ? __pfx_vfs_dentry_acceptable+0x10/0x10 [ 1412.319911][T25307] ? __pfx_kernfs_fh_to_dentry+0x10/0x10 [ 1412.319940][T25307] ? __pfx_exportfs_decode_fh_raw+0x10/0x10 [ 1412.320001][T25307] do_handle_open+0x744/0xce0 [ 1412.320030][T25307] ? __pfx_do_handle_open+0x10/0x10 [ 1412.320062][T25307] ? ksys_write+0x1ac/0x250 [ 1412.320101][T25307] ? arch_syscall_is_vdso_sigreturn+0xb6/0x200 [ 1412.320133][T25307] ? syscall_user_dispatch+0x76/0x130 [ 1412.320170][T25307] ? do_syscall_64+0x106/0xf80 [ 1412.320199][T25307] do_syscall_64+0x106/0xf80 [ 1412.320225][T25307] ? clear_bhb_loop+0x40/0x90 [ 1412.320255][T25307] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1412.320279][T25307] RIP: 0033:0x7f186eb9c799 [ 1412.320299][T25307] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1412.320323][T25307] RSP: 002b:00007f186f9b5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000130 [ 1412.320346][T25307] RAX: ffffffffffffffda RBX: 00007f186ee15fa0 RCX: 00007f186eb9c799 [ 1412.320362][T25307] RDX: 0000000000000006 RSI: 0000200000001280 RDI: 0000000000000003 [ 1412.320378][T25307] RBP: 00007f186f9b5090 R08: 0000000000000000 R09: 0000000000000000 [ 1412.320392][T25307] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1412.320407][T25307] R13: 00007f186ee16038 R14: 00007f186ee15fa0 R15: 00007ffce4d2f338 [ 1412.320437][T25307] [ 1413.075749][T25289] ima: policy update failed [ 1413.087861][ T30] audit: type=1802 audit(4294987920.326:30): pid=25289 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.2.4371" res=0 errno=0 [ 1413.236273][T25317] bridge0: port 4(gretap0) entered blocking state [ 1413.274762][T25317] bridge0: port 4(gretap0) entered disabled state [ 1413.293181][T25317] gretap0: entered allmulticast mode [ 1413.300111][T25317] gretap0: entered promiscuous mode [ 1413.373336][T25317] bridge0: port 4(gretap0) entered blocking state [ 1413.380077][T25317] bridge0: port 4(gretap0) entered forwarding state [ 1413.882059][T25326] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4376'. [ 1414.052735][T25325] HfR: entered promiscuous mode [ 1414.169479][T25326] HfR: left promiscuous mode [ 1414.237234][T25336] netlink: ct_mark mask cannot be 0 [ 1414.301821][T25337] netlink: ct_mark mask cannot be 0 [ 1414.930647][T25347] __vm_enough_memory: pid: 25347, comm: syz.3.4381, bytes: 4398046511104 not enough memory for the allocation [ 1415.644775][T25349] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1415.718820][T25349] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1415.791709][T25349] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1415.797985][T25349] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 1416.048017][T25368] FAULT_INJECTION: forcing a failure. [ 1416.048017][T25368] name failslab, interval 1, probability 0, space 0, times 0 [ 1416.141375][T25368] CPU: 0 UID: 0 PID: 25368 Comm: syz.3.4383 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1416.141422][T25368] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1416.141431][T25368] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1416.141446][T25368] Call Trace: [ 1416.141454][T25368] [ 1416.141464][T25368] dump_stack_lvl+0x100/0x190 [ 1416.141507][T25368] should_fail_ex.cold+0x5/0xa [ 1416.141535][T25368] should_failslab+0xc2/0x120 [ 1416.141561][T25368] __kmalloc_node_noprof+0xe6/0x850 [ 1416.141596][T25368] ? alloc_slab_obj_exts+0x4e/0x190 [ 1416.141625][T25368] ? find_held_lock+0x2b/0x80 [ 1416.141653][T25368] alloc_slab_obj_exts+0x4e/0x190 [ 1416.141685][T25368] __memcg_slab_post_alloc_hook+0x24a/0x9a0 [ 1416.141718][T25368] ? kasan_save_track+0x14/0x30 [ 1416.141758][T25368] kmem_cache_alloc_lru_noprof+0x592/0x6e0 [ 1416.141793][T25368] ? alloc_inode+0x183/0x250 [ 1416.141830][T25368] alloc_inode+0x183/0x250 [ 1416.141860][T25368] iget_locked+0x1d9/0x6d0 [ 1416.141891][T25368] ? __pfx_iget_locked+0x10/0x10 [ 1416.141921][T25368] ? find_held_lock+0x2b/0x80 [ 1416.141942][T25368] ? kernfs_find_and_get_node_by_id+0x1be/0x3e0 [ 1416.141982][T25368] ? kernfs_find_and_get_node_by_id+0x1be/0x3e0 [ 1416.142026][T25368] kernfs_get_inode+0x46/0x470 [ 1416.142060][T25368] kernfs_fh_to_dentry+0xf3/0x250 [ 1416.142090][T25368] exportfs_decode_fh_raw+0x167/0x760 [ 1416.142118][T25368] ? __pfx_vfs_dentry_acceptable+0x10/0x10 [ 1416.142148][T25368] ? __pfx_kernfs_fh_to_dentry+0x10/0x10 [ 1416.142178][T25368] ? __pfx_exportfs_decode_fh_raw+0x10/0x10 [ 1416.142239][T25368] do_handle_open+0x744/0xce0 [ 1416.142275][T25368] ? __pfx_do_handle_open+0x10/0x10 [ 1416.142307][T25368] ? ksys_write+0x1ac/0x250 [ 1416.142346][T25368] ? arch_syscall_is_vdso_sigreturn+0xb6/0x200 [ 1416.142379][T25368] ? syscall_user_dispatch+0x76/0x130 [ 1416.142416][T25368] ? do_syscall_64+0x106/0xf80 [ 1416.142444][T25368] do_syscall_64+0x106/0xf80 [ 1416.142471][T25368] ? clear_bhb_loop+0x40/0x90 [ 1416.142500][T25368] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1416.142526][T25368] RIP: 0033:0x7feec739c799 [ 1416.142546][T25368] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1416.142570][T25368] RSP: 002b:00007feec8227028 EFLAGS: 00000246 ORIG_RAX: 0000000000000130 [ 1416.142593][T25368] RAX: ffffffffffffffda RBX: 00007feec7615fa0 RCX: 00007feec739c799 [ 1416.142609][T25368] RDX: 0000000000000006 RSI: 0000200000001280 RDI: 0000000000000003 [ 1416.142624][T25368] RBP: 00007feec8227090 R08: 0000000000000000 R09: 0000000000000000 [ 1416.142638][T25368] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1416.142653][T25368] R13: 00007feec7616038 R14: 00007feec7615fa0 R15: 00007ffd251a7a18 [ 1416.142684][T25368] [ 1417.339706][T23938] Bluetooth: hci4: command 0x0406 tx timeout [ 1417.765933][T23938] Bluetooth: hci3: command 0x0c1a tx timeout [ 1417.846084][T23938] Bluetooth: hci5: command 0x0c1a tx timeout [ 1417.853150][T23572] Bluetooth: hci2: command 0x0c1a tx timeout [ 1418.043474][T25368] Process accounting paused [ 1419.510096][T25410] Invalid ELF header magic: != ELF [ 1419.610090][T25415] blktrace: Concurrent blktraces are not allowed on loop2 [ 1420.682607][T25432] FAULT_INJECTION: forcing a failure. [ 1420.682607][T25432] name failslab, interval 1, probability 0, space 0, times 0 [ 1420.767810][T25432] CPU: 0 UID: 0 PID: 25432 Comm: syz.3.4395 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1420.767850][T25432] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1420.767860][T25432] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1420.767874][T25432] Call Trace: [ 1420.767883][T25432] [ 1420.767892][T25432] dump_stack_lvl+0x100/0x190 [ 1420.767935][T25432] should_fail_ex.cold+0x5/0xa [ 1420.767964][T25432] should_failslab+0xc2/0x120 [ 1420.767990][T25432] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 1420.768026][T25432] ? __d_alloc+0x34/0xa80 [ 1420.768051][T25432] ? do_raw_spin_lock+0x128/0x260 [ 1420.768092][T25432] __d_alloc+0x34/0xa80 [ 1420.768120][T25432] __d_obtain_alias+0x119/0x6d0 [ 1420.768152][T25432] ? _raw_spin_unlock+0x28/0x50 [ 1420.768180][T25432] kernfs_fh_to_dentry+0x106/0x250 [ 1420.768212][T25432] exportfs_decode_fh_raw+0x167/0x760 [ 1420.768240][T25432] ? __pfx_vfs_dentry_acceptable+0x10/0x10 [ 1420.768270][T25432] ? __pfx_kernfs_fh_to_dentry+0x10/0x10 [ 1420.768299][T25432] ? __pfx_exportfs_decode_fh_raw+0x10/0x10 [ 1420.768367][T25432] do_handle_open+0x744/0xce0 [ 1420.768397][T25432] ? __pfx_do_handle_open+0x10/0x10 [ 1420.768428][T25432] ? ksys_write+0x1ac/0x250 [ 1420.768467][T25432] ? arch_syscall_is_vdso_sigreturn+0xb6/0x200 [ 1420.768499][T25432] ? syscall_user_dispatch+0x76/0x130 [ 1420.768537][T25432] ? do_syscall_64+0x106/0xf80 [ 1420.768564][T25432] do_syscall_64+0x106/0xf80 [ 1420.768591][T25432] ? clear_bhb_loop+0x40/0x90 [ 1420.768621][T25432] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1420.768646][T25432] RIP: 0033:0x7feec739c799 [ 1420.768666][T25432] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1420.768690][T25432] RSP: 002b:00007feec8227028 EFLAGS: 00000246 ORIG_RAX: 0000000000000130 [ 1420.768713][T25432] RAX: ffffffffffffffda RBX: 00007feec7615fa0 RCX: 00007feec739c799 [ 1420.768729][T25432] RDX: 0000000000000006 RSI: 0000200000001280 RDI: 0000000000000003 [ 1420.768743][T25432] RBP: 00007feec8227090 R08: 0000000000000000 R09: 0000000000000000 [ 1420.768758][T25432] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1420.768773][T25432] R13: 00007feec7616038 R14: 00007feec7615fa0 R15: 00007ffd251a7a18 [ 1420.768803][T25432] [ 1422.659375][T25472] block nbd8: Unsupported socket: should be TCP or UNIX. [ 1422.781946][T25475] FAULT_INJECTION: forcing a failure. [ 1422.781946][T25475] name failslab, interval 1, probability 0, space 0, times 0 [ 1422.892287][T25475] CPU: 0 UID: 0 PID: 25475 Comm: syz.2.4405 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1422.892331][T25475] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1422.892340][T25475] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1422.892356][T25475] Call Trace: [ 1422.892364][T25475] [ 1422.892374][T25475] dump_stack_lvl+0x100/0x190 [ 1422.892416][T25475] should_fail_ex.cold+0x5/0xa [ 1422.892445][T25475] should_failslab+0xc2/0x120 [ 1422.892472][T25475] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1422.892504][T25475] ? drm_atomic_state_alloc+0xb8/0x120 [ 1422.892538][T25475] drm_atomic_state_alloc+0xb8/0x120 [ 1422.892565][T25475] drm_client_modeset_commit_atomic+0xcc/0x7e0 [ 1422.892597][T25475] ? trace_contention_end+0x140/0x180 [ 1422.892633][T25475] ? __mutex_lock+0x26a/0x1b90 [ 1422.892665][T25475] ? __mutex_lock+0x26a/0x1b90 [ 1422.892696][T25475] ? __pfx_drm_client_modeset_commit_atomic+0x10/0x10 [ 1422.892728][T25475] ? drm_master_internal_acquire+0x21/0x80 [ 1422.892784][T25475] drm_client_modeset_commit_locked+0x14d/0x580 [ 1422.892819][T25475] drm_client_modeset_commit+0x4f/0x80 [ 1422.892851][T25475] __drm_fb_helper_restore_fbdev_mode_unlocked.part.0+0x137/0x160 [ 1422.892897][T25475] drm_fb_helper_restore_fbdev_mode_unlocked+0x93/0xc0 [ 1422.892932][T25475] drm_fbdev_client_restore+0x1b/0x30 [ 1422.892972][T25475] ? __pfx_drm_fbdev_client_restore+0x10/0x10 [ 1422.893012][T25475] drm_client_dev_restore+0x205/0x2a0 [ 1422.893048][T25475] drm_release+0x2c6/0x360 [ 1422.893081][T25475] ? __pfx_drm_release+0x10/0x10 [ 1422.893108][T25475] __fput+0x3ff/0xb40 [ 1422.893145][T25475] task_work_run+0x150/0x240 [ 1422.893184][T25475] ? __pfx_task_work_run+0x10/0x10 [ 1422.893230][T25475] exit_to_user_mode_loop+0x100/0x4a0 [ 1422.893266][T25475] do_syscall_64+0x668/0xf80 [ 1422.893294][T25475] ? clear_bhb_loop+0x40/0x90 [ 1422.893325][T25475] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1422.893350][T25475] RIP: 0033:0x7f989ff9c799 [ 1422.893371][T25475] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1422.893396][T25475] RSP: 002b:00007f98a0f00028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 1422.893420][T25475] RAX: 0000000000000000 RBX: 00007f98a0215fa0 RCX: 00007f989ff9c799 [ 1422.893436][T25475] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 1422.893450][T25475] RBP: 00007f98a0032bd9 R08: 0000000000000000 R09: 0000000000000000 [ 1422.893466][T25475] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1422.893481][T25475] R13: 00007f98a0216038 R14: 00007f98a0215fa0 R15: 00007ffff3711108 [ 1422.893516][T25475] [ 1423.861644][T25488] FAULT_INJECTION: forcing a failure. [ 1423.861644][T25488] name failslab, interval 1, probability 0, space 0, times 0 [ 1423.884187][T25488] CPU: 0 UID: 0 PID: 25488 Comm: syz.2.4408 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1423.884229][T25488] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1423.884238][T25488] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1423.884254][T25488] Call Trace: [ 1423.884261][T25488] [ 1423.884271][T25488] dump_stack_lvl+0x100/0x190 [ 1423.884311][T25488] should_fail_ex.cold+0x5/0xa [ 1423.884339][T25488] should_failslab+0xc2/0x120 [ 1423.884364][T25488] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 1423.884399][T25488] ? do_getname_kernel+0x5d/0x250 [ 1423.884431][T25488] ? __pfx_stack_trace_save+0x10/0x10 [ 1423.884461][T25488] do_getname_kernel+0x5d/0x250 [ 1423.884490][T25488] do_file_open_root+0x1a4/0x5a0 [ 1423.884515][T25488] ? kfree+0x1f6/0x6b0 [ 1423.884545][T25488] ? __pfx_do_file_open_root+0x10/0x10 [ 1423.884594][T25488] ? do_raw_spin_lock+0x128/0x260 [ 1423.884630][T25488] ? find_held_lock+0x2b/0x80 [ 1423.884656][T25488] file_open_root+0x19b/0x3b0 [ 1423.884681][T25488] ? __pfx_file_open_root+0x10/0x10 [ 1423.884703][T25488] ? _raw_spin_unlock+0x28/0x50 [ 1423.884737][T25488] do_handle_open+0xab0/0xce0 [ 1423.884773][T25488] ? __pfx_do_handle_open+0x10/0x10 [ 1423.884804][T25488] ? ksys_write+0x1ac/0x250 [ 1423.884843][T25488] ? arch_syscall_is_vdso_sigreturn+0xb6/0x200 [ 1423.884879][T25488] ? syscall_user_dispatch+0x76/0x130 [ 1423.884917][T25488] ? do_syscall_64+0x106/0xf80 [ 1423.884944][T25488] do_syscall_64+0x106/0xf80 [ 1423.884971][T25488] ? clear_bhb_loop+0x40/0x90 [ 1423.885000][T25488] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1423.885026][T25488] RIP: 0033:0x7f989ff9c799 [ 1423.885047][T25488] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1423.885071][T25488] RSP: 002b:00007f98a0f00028 EFLAGS: 00000246 ORIG_RAX: 0000000000000130 [ 1423.885093][T25488] RAX: ffffffffffffffda RBX: 00007f98a0215fa0 RCX: 00007f989ff9c799 [ 1423.885109][T25488] RDX: 0000000000000006 RSI: 0000200000001280 RDI: 0000000000000003 [ 1423.885124][T25488] RBP: 00007f98a0f00090 R08: 0000000000000000 R09: 0000000000000000 [ 1423.885139][T25488] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1423.885153][T25488] R13: 00007f98a0216038 R14: 00007f98a0215fa0 R15: 00007ffff3711108 [ 1423.885184][T25488] [ 1424.517248][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 1424.523878][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 1426.644017][T25522] block nbd8: Unsupported socket: should be TCP or UNIX. [ 1426.851991][T25526] FAULT_INJECTION: forcing a failure. [ 1426.851991][T25526] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1427.138285][T25526] CPU: 0 UID: 0 PID: 25526 Comm: syz.2.4423 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1427.138326][T25526] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1427.138336][T25526] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1427.138350][T25526] Call Trace: [ 1427.138358][T25526] [ 1427.138367][T25526] dump_stack_lvl+0x100/0x190 [ 1427.138408][T25526] should_fail_ex.cold+0x5/0xa [ 1427.138436][T25526] _copy_from_user+0x2e/0xd0 [ 1427.138478][T25526] do_pages_stat+0x194/0x7f0 [ 1427.138513][T25526] ? __pfx_do_pages_stat+0x10/0x10 [ 1427.138539][T25526] ? __lock_acquire+0x4a5/0x2630 [ 1427.138580][T25526] ? find_held_lock+0x2b/0x80 [ 1427.138621][T25526] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 1427.138648][T25526] ? lockdep_hardirqs_on+0x78/0x100 [ 1427.138676][T25526] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 1427.138705][T25526] kernel_move_pages+0xecf/0x13f0 [ 1427.138739][T25526] ? __fget_files+0x215/0x3d0 [ 1427.138764][T25526] ? __pfx_kernel_move_pages+0x10/0x10 [ 1427.138793][T25526] ? __fget_files+0x21f/0x3d0 [ 1427.138820][T25526] ? fput+0x79/0x100 [ 1427.138846][T25526] ? ksys_write+0x1ac/0x250 [ 1427.138883][T25526] ? __pfx_ksys_write+0x10/0x10 [ 1427.138924][T25526] __x64_sys_move_pages+0xe0/0x1c0 [ 1427.138952][T25526] ? do_syscall_64+0x95/0xf80 [ 1427.138979][T25526] ? lockdep_hardirqs_on+0x78/0x100 [ 1427.139006][T25526] do_syscall_64+0x106/0xf80 [ 1427.139032][T25526] ? clear_bhb_loop+0x40/0x90 [ 1427.139062][T25526] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1427.139086][T25526] RIP: 0033:0x7f989ff9c799 [ 1427.139106][T25526] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1427.139130][T25526] RSP: 002b:00007f98a0ebe028 EFLAGS: 00000246 ORIG_RAX: 0000000000000117 [ 1427.139153][T25526] RAX: ffffffffffffffda RBX: 00007f98a0216180 RCX: 00007f989ff9c799 [ 1427.139169][T25526] RDX: 0000000000000000 RSI: 0000000000001002 RDI: 0000000000000000 [ 1427.139184][T25526] RBP: 00007f98a0ebe090 R08: 0000000000000000 R09: 0000000000000002 [ 1427.139198][T25526] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1427.139213][T25526] R13: 00007f98a0216218 R14: 00007f98a0216180 R15: 00007ffff3711108 [ 1427.139243][T25526] [ 1428.767375][ T5822] usb usb40-port2: attempt power cycle [ 1429.284203][T25553] program syz.0.4420 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1429.377136][ T5822] usb usb40-port2: unable to enumerate USB device [ 1430.383499][T25563] block nbd8: Unsupported socket: should be TCP or UNIX. [ 1431.533543][T25577] block nbd8: Unsupported socket: should be TCP or UNIX. [ 1432.140958][ T5822] usb usb40-port2: attempt power cycle [ 1432.755318][ T5822] usb usb40-port2: unable to enumerate USB device [ 1433.803858][T25590] zswap: compressor not available [ 1434.083072][T25604] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4430'. [ 1434.369267][T25611] forcing mempool usage for bvec_alloc+0x197/0x210 [ 1435.493923][T25619] block nbd8: Unsupported socket: should be TCP or UNIX. [ 1436.664818][T25628] FAULT_INJECTION: forcing a failure. [ 1436.664818][T25628] name failslab, interval 1, probability 0, space 0, times 0 [ 1436.757440][T25624] Process accounting resumed [ 1436.762436][T25628] CPU: 0 UID: 0 PID: 25628 Comm: syz.2.4434 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1436.762478][T25628] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1436.762489][T25628] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1436.762506][T25628] Call Trace: [ 1436.762515][T25628] [ 1436.762526][T25628] dump_stack_lvl+0x100/0x190 [ 1436.762571][T25628] should_fail_ex.cold+0x5/0xa [ 1436.762602][T25628] should_failslab+0xc2/0x120 [ 1436.762629][T25628] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 1436.762667][T25628] ? security_file_alloc+0x34/0x2c0 [ 1436.762693][T25628] ? trace_kmem_cache_alloc+0xf3/0x120 [ 1436.762739][T25628] security_file_alloc+0x34/0x2c0 [ 1436.762771][T25628] init_file+0x95/0x480 [ 1436.762802][T25628] alloc_empty_file+0x73/0x1c0 [ 1436.762834][T25628] dentry_open+0x46/0xd0 [ 1436.762866][T25628] ima_calc_file_hash+0x2ad/0x480 [ 1436.762906][T25628] ima_collect_measurement+0x887/0xa40 [ 1436.762953][T25628] ? __pfx_ima_collect_measurement+0x10/0x10 [ 1436.762992][T25628] ? lock_acquire+0x1cf/0x380 [ 1436.763038][T25628] ? process_measurement+0x5ab/0x2350 [ 1436.763071][T25628] ? is_bad_inode+0xd/0x40 [ 1436.763107][T25628] ? xattr_resolve_name+0x27d/0x3f0 [ 1436.763151][T25628] ? vfs_getxattr_alloc+0xec/0x350 [ 1436.763181][T25628] ? ima_get_hash_algo+0x22d/0x400 [ 1436.763212][T25628] ? __pfx_ima_get_hash_algo+0x10/0x10 [ 1436.763249][T25628] ? process_measurement+0xdfe/0x2350 [ 1436.763281][T25628] process_measurement+0xdfe/0x2350 [ 1436.763324][T25628] ? __pfx_process_measurement+0x10/0x10 [ 1436.763395][T25628] ? mutex_init_lockep+0x110/0x150 [ 1436.763429][T25628] ? seq_open+0x116/0x170 [ 1436.763466][T25628] ? inode_to_bdi+0x9e/0x160 [ 1436.763493][T25628] ima_file_check+0xcc/0x120 [ 1436.763527][T25628] ? __pfx_ima_file_check+0x10/0x10 [ 1436.763568][T25628] security_file_post_open+0xc4/0x210 [ 1436.763612][T25628] path_openat+0x1418/0x31a0 [ 1436.763647][T25628] ? __pfx_path_openat+0x10/0x10 [ 1436.763683][T25628] do_file_open+0x20e/0x430 [ 1436.763710][T25628] ? __pfx_do_file_open+0x10/0x10 [ 1436.763760][T25628] ? alloc_fd+0x476/0x790 [ 1436.763786][T25628] ? do_getname+0x191/0x390 [ 1436.763819][T25628] do_sys_openat2+0x10d/0x1e0 [ 1436.763852][T25628] ? __pfx_do_sys_openat2+0x10/0x10 [ 1436.763895][T25628] __x64_sys_openat+0x12d/0x210 [ 1436.763930][T25628] ? __pfx___x64_sys_openat+0x10/0x10 [ 1436.763975][T25628] do_syscall_64+0x106/0xf80 [ 1436.764004][T25628] ? clear_bhb_loop+0x40/0x90 [ 1436.764035][T25628] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1436.764061][T25628] RIP: 0033:0x7f989ff9c799 [ 1436.764084][T25628] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1436.764109][T25628] RSP: 002b:00007f98a0f00028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1436.764134][T25628] RAX: ffffffffffffffda RBX: 00007f98a0215fa0 RCX: 00007f989ff9c799 [ 1436.764153][T25628] RDX: 0000000000020803 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 1436.764170][T25628] RBP: 00007f98a0032bd9 R08: 0000000000000000 R09: 0000000000000000 [ 1436.764186][T25628] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1436.764202][T25628] R13: 00007f98a0216038 R14: 00007f98a0215fa0 R15: 00007ffff3711108 [ 1436.764234][T25628] [ 1437.385305][ T30] audit: type=1800 audit(4294987944.476:31): pid=25628 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.4434" name="set_event_notrace_pid" dev="tracefs" ino=1074 res=0 errno=0 [ 1437.881312][T25648] HfR: entered promiscuous mode [ 1438.924118][T25659] zswap: compressor not available [ 1440.508771][T25703] block nbd8: Unsupported socket: should be TCP or UNIX. [ 1440.552043][T25700] openvswitch: HfR: Dropping previously announced user features [ 1440.933756][T25711] block nbd8: Unsupported socket: should be TCP or UNIX. [ 1443.909599][ T30] audit: type=1800 audit(4294988974.156:32): pid=25752 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.4465" name="dbroot" dev="configfs" ino=148698 res=0 errno=0 [ 1443.946409][T25754] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4465'. [ 1444.193401][T25754] team0: Port device team_slave_1 removed [ 1445.050698][T25766] HfR: entered promiscuous mode [ 1445.845068][T25779] ovs_: entered promiscuous mode [ 1446.003386][T25782] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4468'. [ 1446.641538][T25798] block nbd8: Unsupported socket: should be TCP or UNIX. [ 1446.728956][T25803] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4475'. [ 1448.098398][T25826] Process accounting resumed [ 1454.161679][T25867] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4488'. [ 1457.125247][T25881] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4486'. [ 1461.071391][T25888] block nbd8: Unsupported socket: should be TCP or UNIX. [ 1469.271314][T25903] Process accounting paused [ 1470.606773][T25938] FAULT_INJECTION: forcing a failure. [ 1470.606773][T25938] name failslab, interval 1, probability 0, space 0, times 0 [ 1470.725443][T25938] CPU: 0 UID: 0 PID: 25938 Comm: syz.2.4504 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1470.725489][T25938] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1470.725501][T25938] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1470.725517][T25938] Call Trace: [ 1470.725527][T25938] [ 1470.725537][T25938] dump_stack_lvl+0x100/0x190 [ 1470.725583][T25938] should_fail_ex.cold+0x5/0xa [ 1470.725614][T25938] should_failslab+0xc2/0x120 [ 1470.725641][T25938] __kmalloc_node_noprof+0xe6/0x850 [ 1470.725678][T25938] ? __blk_mq_realloc_hw_ctxs+0x579/0x820 [ 1470.725711][T25938] __blk_mq_realloc_hw_ctxs+0x579/0x820 [ 1470.725749][T25938] ? lockdep_init_map_type+0x5c/0x250 [ 1470.725789][T25938] blk_mq_init_allocated_queue+0x308/0x1440 [ 1470.725831][T25938] ? blk_alloc_queue+0x627/0x790 [ 1470.725858][T25938] ? blk_alloc_queue+0x1a3/0x790 [ 1470.725884][T25938] ? __kmalloc_node_noprof+0x324/0x850 [ 1470.725924][T25938] blk_mq_alloc_queue+0x1bd/0x290 [ 1470.725963][T25938] ? __pfx_blk_mq_alloc_queue+0x10/0x10 [ 1470.726015][T25938] ? blk_mq_alloc_tag_set+0xdc0/0x1260 [ 1470.726057][T25938] __blk_mq_alloc_disk+0x29/0x120 [ 1470.726092][T25938] loop_add+0x498/0xb60 [ 1470.726121][T25938] ? __pfx_loop_add+0x10/0x10 [ 1470.726166][T25938] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1470.726212][T25938] loop_control_ioctl+0xae/0x620 [ 1470.726244][T25938] ? __pfx_loop_control_ioctl+0x10/0x10 [ 1470.726274][T25938] ? xfd_validate_state+0x129/0x190 [ 1470.726312][T25938] ? __pfx_loop_control_ioctl+0x10/0x10 [ 1470.726342][T25938] __x64_sys_ioctl+0x18e/0x210 [ 1470.726390][T25938] do_syscall_64+0x106/0xf80 [ 1470.726421][T25938] ? clear_bhb_loop+0x40/0x90 [ 1470.726452][T25938] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1470.726478][T25938] RIP: 0033:0x7f989ff9c799 [ 1470.726500][T25938] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1470.726525][T25938] RSP: 002b:00007f98a0f00028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1470.726549][T25938] RAX: ffffffffffffffda RBX: 00007f98a0215fa0 RCX: 00007f989ff9c799 [ 1470.726566][T25938] RDX: fffffffffffffffd RSI: 0000000000004c80 RDI: 0000000000000002 [ 1470.726582][T25938] RBP: 00007f98a0032bd9 R08: 0000000000000000 R09: 0000000000000000 [ 1470.726597][T25938] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1470.726611][T25938] R13: 00007f98a0216038 R14: 00007f98a0215fa0 R15: 00007ffff3711108 [ 1470.726642][T25938] [ 1471.717391][T25941] block nbd8: Unsupported socket: should be TCP or UNIX. [ 1475.281486][T25964] block nbd8: Unsupported socket: should be TCP or UNIX. [ 1479.350384][T25946] Process accounting paused [ 1482.218314][T25820] syz.0.4471 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1482.889565][T25820] CPU: 0 UID: 0 PID: 25820 Comm: syz.0.4471 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1482.889610][T25820] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1482.889619][T25820] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1482.889634][T25820] Call Trace: [ 1482.889643][T25820] [ 1482.889654][T25820] dump_stack_lvl+0x100/0x190 [ 1482.889696][T25820] dump_header+0xfb/0x606 [ 1482.889724][T25820] oom_kill_process.cold+0xd/0x330 [ 1482.889753][T25820] out_of_memory+0x340/0x14f0 [ 1482.889795][T25820] ? __pfx_out_of_memory+0x10/0x10 [ 1482.889837][T25820] mem_cgroup_out_of_memory+0xc6/0x130 [ 1482.889871][T25820] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 1482.889901][T25820] ? find_held_lock+0x2b/0x80 [ 1482.889930][T25820] ? do_raw_spin_unlock+0x145/0x1e0 [ 1482.889966][T25820] ? _raw_spin_unlock+0x28/0x50 [ 1482.889994][T25820] try_charge_memcg+0x652/0xc90 [ 1482.890025][T25820] ? __pfx_try_charge_memcg+0x10/0x10 [ 1482.890049][T25820] ? find_held_lock+0x2b/0x80 [ 1482.890070][T25820] ? rcu_read_unlock+0x17/0x60 [ 1482.890095][T25820] ? rcu_read_unlock+0x17/0x60 [ 1482.890129][T25820] charge_memcg+0xa6/0x280 [ 1482.890153][T25820] __mem_cgroup_charge+0x2b/0x1e0 [ 1482.890183][T25820] shmem_alloc_and_add_folio+0x451/0xd40 [ 1482.890228][T25820] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 1482.890266][T25820] ? shmem_allowable_huge_orders+0x2bd/0x400 [ 1482.890309][T25820] shmem_get_folio_gfp+0x6ab/0x1900 [ 1482.890351][T25820] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 1482.890396][T25820] shmem_write_begin+0x1a4/0x420 [ 1482.890443][T25820] ? __pfx_shmem_write_begin+0x10/0x10 [ 1482.890481][T25820] ? balance_dirty_pages_ratelimited_flags+0x91/0x1170 [ 1482.890509][T25820] ? lockdep_hardirqs_on+0x78/0x100 [ 1482.890541][T25820] generic_perform_write+0x292/0xa40 [ 1482.890586][T25820] ? __pfx_generic_perform_write+0x10/0x10 [ 1482.890625][T25820] ? file_update_time_flags+0x373/0x500 [ 1482.890659][T25820] ? __pfx_shmem_file_write_iter+0x10/0x10 [ 1482.890684][T25820] shmem_file_write_iter+0x10e/0x140 [ 1482.890711][T25820] __kernel_write_iter+0x2ac/0x920 [ 1482.890753][T25820] ? __pfx___kernel_write_iter+0x10/0x10 [ 1482.890791][T25820] ? __up_read+0x2c5/0x700 [ 1482.890829][T25820] ? dump_user_range+0x73b/0xb50 [ 1482.890862][T25820] dump_user_range+0x3f9/0xb50 [ 1482.890894][T25820] ? __pfx_dump_user_range+0x10/0x10 [ 1482.890930][T25820] ? __pfx_writenote+0x10/0x10 [ 1482.890966][T25820] elf_core_dump+0x2d5f/0x3d10 [ 1482.891010][T25820] ? __pfx_elf_core_dump+0x10/0x10 [ 1482.891036][T25820] ? finish_task_switch.isra.0+0x200/0xb80 [ 1482.891066][T25820] ? finish_task_switch.isra.0+0x205/0xb80 [ 1482.891093][T25820] ? finish_task_switch.isra.0+0x2c6/0xb80 [ 1482.891120][T25820] ? 0xffffffffff600000 [ 1482.891140][T25820] ? __schedule+0x1000/0x6120 [ 1482.891163][T25820] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 1482.891188][T25820] ? lockdep_hardirqs_on+0x78/0x100 [ 1482.891262][T25820] ? vfs_coredump+0x27bc/0x5570 [ 1482.891285][T25820] vfs_coredump+0x27bc/0x5570 [ 1482.891323][T25820] ? __pfx_vfs_coredump+0x10/0x10 [ 1482.891350][T25820] ? __lock_acquire+0x4a5/0x2630 [ 1482.891391][T25820] ? lock_acquire+0x1cf/0x380 [ 1482.891437][T25820] ? is_bpf_text_address+0x8a/0x1a0 [ 1482.891474][T25820] ? bpf_ksym_find+0x124/0x1c0 [ 1482.891509][T25820] ? __kernel_text_address+0xd/0x30 [ 1482.891544][T25820] ? unwind_get_return_address+0x59/0xa0 [ 1482.891570][T25820] ? arch_stack_walk+0xa6/0xf0 [ 1482.891604][T25820] ? __sigqueue_free+0xbe/0x2a0 [ 1482.891636][T25820] ? stack_trace_save+0x8e/0xc0 [ 1482.891660][T25820] ? __pfx_stack_trace_save+0x10/0x10 [ 1482.891683][T25820] ? stack_depot_save_flags+0x27/0x9d0 [ 1482.891709][T25820] ? __lock_acquire+0x4a5/0x2630 [ 1482.891787][T25820] ? proc_coredump_connector+0x2d3/0x4f0 [ 1482.891816][T25820] ? __pfx_proc_coredump_connector+0x10/0x10 [ 1482.891851][T25820] ? rcu_is_watching+0x12/0xc0 [ 1482.891892][T25820] get_signal+0x1f2a/0x21e0 [ 1482.891928][T25820] ? __pfx_get_signal+0x10/0x10 [ 1482.891950][T25820] ? find_held_lock+0x2b/0x80 [ 1482.891971][T25820] ? bad_area_access_error+0xab/0x1d0 [ 1482.892008][T25820] ? fixup_vdso_exception+0x2d1/0x370 [ 1482.892043][T25820] arch_do_signal_or_restart+0x91/0x770 [ 1482.892075][T25820] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 1482.892113][T25820] ? do_user_addr_fault+0x8d6/0x12f0 [ 1482.892158][T25820] irqentry_exit+0x1f8/0x670 [ 1482.892189][T25820] asm_exc_page_fault+0x26/0x30 [ 1482.892213][T25820] RIP: 0033:0x200000 [ 1482.892234][T25820] Code: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 <00> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1482.892256][T25820] RSP: 002b:000000000000000a EFLAGS: 00010217 [ 1482.892276][T25820] RAX: 0000000000000000 RBX: 00007f186ee16540 RCX: 00007f186eb9c799 [ 1482.892292][T25820] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000020003b46 [ 1482.892307][T25820] RBP: 00007f186ec32bd9 R08: 0000000000000002 R09: 0000000000000000 [ 1482.892322][T25820] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1482.892336][T25820] R13: 00007f186ee165d8 R14: 00007f186ee16540 R15: 00007ffce4d2f338 [ 1482.892368][T25820] [ 1484.778537][T25820] memory: usage 307200kB, limit 307200kB, failcnt 28420 [ 1484.805696][T25820] memory+swap: usage 430704kB, limit 9007199254740988kB, failcnt 0 [ 1484.836523][T25820] kmem: usage 5588kB, limit 9007199254740988kB, failcnt 0 [ 1484.858751][T25820] Memory cgroup stats for /syz0: [ 1484.858974][T25820] cache 306257920 [ 1484.877913][T25820] rss 2494464 [ 1484.881246][T25820] rss_huge 2097152 [ 1484.898895][T25820] shmem 306253824 [ 1484.911749][T25820] mapped_file 33153024 [ 1484.923973][T25820] dirty 0 [ 1484.926961][T25820] writeback 0 [ 1484.930315][T25820] workingset_refault_anon 9370 [ 1484.961409][T25820] workingset_refault_file 6976 [ 1485.023076][T25820] swap 126468096 [ 1485.026669][T25820] swapcached 238243840 [ 1485.030748][T25820] pgpgin 1101641 [ 1485.291907][T25820] pgpgout 1147956 [ 1485.307300][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 1485.313706][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 1485.332536][T25820] pgfault 867585 [ 1485.336126][T25820] pgmajfault 2245 [ 1485.339760][T25820] inactive_anon 308121600 [ 1485.403176][T25820] active_anon 724992 [ 1485.407150][T25820] inactive_file 4096 [ 1485.411098][T25820] active_file 0 [ 1485.617708][T25820] unevictable 0 [ 1485.621255][T25820] hierarchical_memory_limit 314572800 [ 1486.028237][T25820] hierarchical_memsw_limit 9223372036854771712 [ 1486.063038][T25990] netlink: 20 bytes leftover after parsing attributes in process `syz.1.4514'. [ 1486.414275][T23938] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1486.433855][T23938] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1486.448440][T23938] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1486.457092][T23938] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1486.465080][T23938] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1486.939436][T25820] total_cache 306257920 [ 1487.255221][T25820] total_rss 2494464 [ 1487.554216][T25997] chnl_net:caif_netlink_parms(): no params data found [ 1487.588321][T25820] total_rss_huge 2097152 [ 1488.187318][T25997] bridge0: port 1(bridge_slave_0) entered blocking state [ 1488.240775][T25997] bridge0: port 1(bridge_slave_0) entered disabled state [ 1488.290258][T25997] bridge_slave_0: entered allmulticast mode [ 1488.302791][T25820] total_shmem 306253824 [ 1488.342327][T25997] bridge_slave_0: entered promiscuous mode [ 1488.393059][T25997] bridge0: port 2(bridge_slave_1) entered blocking state [ 1488.430534][T25997] bridge0: port 2(bridge_slave_1) entered disabled state [ 1488.469912][T26026] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4519'. [ 1488.485364][T25997] bridge_slave_1: entered allmulticast mode [ 1488.533836][T25997] bridge_slave_1: entered promiscuous mode [ 1488.547738][T25820] total_mapped_file 33153024 [ 1488.592191][T23572] Bluetooth: hci0: command tx timeout [ 1488.762028][T25997] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1488.899036][T25997] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1488.909121][T26028] block nbd8: Unsupported socket: should be TCP or UNIX. [ 1489.192903][T25820] total_dirty 0 [ 1489.221169][T25997] team0: Port device team_slave_0 added [ 1489.246705][T26036] netlink: 29 bytes leftover after parsing attributes in process `syz.1.4523'. [ 1489.290028][T25997] team0: Port device team_slave_1 added [ 1489.357829][T23572] Bluetooth: hci2: unexpected event 0x02 length: 726 > 260 [ 1489.458142][T25820] total_writeback 0 [ 1489.747725][T26042] block nbd8: Unsupported socket: should be TCP or UNIX. [ 1490.388763][T25820] total_workingset_refault_anon 9370 [ 1490.685339][T23572] Bluetooth: hci0: command tx timeout [ 1490.825606][T25820] total_workingset_refault_file 6976 [ 1491.080375][T25820] total_swap 126468096 [ 1491.229992][T25997] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1491.261119][T25997] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1491.365595][T25820] total_swapcached 238243840 [ 1491.387850][T25997] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1491.685793][T25820] total_pgpgin 1101641 [ 1491.689917][T25820] total_pgpgout 1147956 [ 1491.882687][T25997] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1491.949179][T25997] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1492.099439][T25997] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1492.338152][T25820] total_pgfault 867585 [ 1492.437472][T25820] total_pgmajfault 2245 [ 1492.595725][T25820] total_inactive_anon 308121600 [ 1492.756299][T23572] Bluetooth: hci0: command tx timeout [ 1493.096724][T25820] total_active_anon 724992 [ 1493.101194][T25820] total_inactive_file 4096 [ 1493.437992][T25997] hsr_slave_0: entered promiscuous mode [ 1493.468561][T25997] hsr_slave_1: entered promiscuous mode [ 1493.526902][T25997] debugfs: 'hsr0' already exists in 'hsr' [ 1493.532875][T25997] Cannot create hsr debugfs directory [ 1493.700292][T25820] total_active_file 0 [ 1493.863026][T25820] total_unevictable 0 [ 1494.162105][T25820] anon_cost 11557 [ 1494.343999][T25820] file_cost 293 [ 1494.705755][T25820] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz.0.4471,pid=25822,uid=0 [ 1494.834313][T23572] Bluetooth: hci0: command tx timeout [ 1495.366906][T25820] Memory cgroup out of memory: OOM victim 25822 (syz.0.4471) is already exiting. Skip killing the task [ 1496.707346][T25997] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 1496.864465][T25997] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 1496.999355][T26074] i2c i2c-0: delete_device: Can't parse I2C address [ 1497.042867][T25997] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 1497.072517][T26078] i2c i2c-0: delete_device: Can't parse I2C address [ 1497.125260][T25997] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 1497.401190][T26077] can: request_module (can-proto-0) failed. [ 1498.638954][T23571] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1498.779992][T25997] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1498.931976][T23571] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1499.149143][T25997] 8021q: adding VLAN 0 to HW filter on device team0 [ 1499.237501][T23571] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1499.321015][T26097] bridge0: port 1(bridge_slave_0) entered blocking state [ 1499.328210][T26097] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1499.455413][T23571] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1499.558144][T26097] bridge0: port 2(bridge_slave_1) entered blocking state [ 1499.565462][T26097] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1499.728482][T25997] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1500.403219][T23571] bridge_slave_1: left allmulticast mode [ 1500.442757][T23571] bridge_slave_1: left promiscuous mode [ 1500.495742][T23571] bridge0: port 2(bridge_slave_1) entered disabled state [ 1500.595743][T23571] bridge_slave_0: left allmulticast mode [ 1500.619403][T23571] bridge_slave_0: left promiscuous mode [ 1500.648347][T23571] bridge0: port 1(bridge_slave_0) entered disabled state [ 1501.471906][T23571] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1501.561371][T23571] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1501.594252][T23571] bond0 (unregistering): Released all slaves [ 1501.885036][T23571] HfR: left promiscuous mode [ 1502.515506][T25997] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1503.860446][T23571] hsr_slave_0: left promiscuous mode [ 1503.915452][T23571] hsr_slave_1: left promiscuous mode [ 1503.944515][T23571] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1503.981888][T23571] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1504.020185][T23571] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1504.062010][T23571] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1504.129895][T23571] veth1_macvtap: left promiscuous mode [ 1504.165243][T23571] veth0_macvtap: left promiscuous mode [ 1504.203208][T23571] veth1_vlan: left promiscuous mode [ 1504.229070][T23571] veth0_vlan: left promiscuous mode [ 1504.961373][T23571] team0 (unregistering): Port device team_slave_0 removed [ 1505.724316][T25997] veth0_vlan: entered promiscuous mode [ 1505.798281][T25997] veth1_vlan: entered promiscuous mode [ 1506.010520][T25997] veth0_macvtap: entered promiscuous mode [ 1506.079465][T25997] veth1_macvtap: entered promiscuous mode [ 1506.316652][T25997] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1506.405998][T25997] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1506.509048][T26099] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1506.553665][T26097] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1506.646906][T26097] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1506.701133][T26097] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1507.160594][T26097] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1507.243695][T26097] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1507.287664][T26231] block nbd8: Unsupported socket: should be TCP or UNIX. [ 1507.406515][T26099] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1507.446386][T26099] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1510.578573][T26257] Process accounting resumed [ 1511.994326][T26291] can: request_module (can-proto-3) failed. [ 1513.759086][T26329] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4573'. [ 1515.077486][T23572] Bluetooth: hci4: command 0x0406 tx timeout [ 1515.094830][T26311] Bluetooth: hci4: Opcode 0x0c1a failed: -110 [ 1515.404737][T26311] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1515.435010][T26311] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 1515.464475][T26311] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1515.501725][T26311] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 1515.544841][T26311] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 1515.868657][T26351] netlink: 354 bytes leftover after parsing attributes in process `syz.4.4580'. [ 1515.918879][T26352] Invalid ELF header magic: != ELF [ 1515.924977][T26351] FAULT_INJECTION: forcing a failure. [ 1515.924977][T26351] name fail_futex, interval 1, probability 0, space 0, times 0 [ 1515.990675][T26351] CPU: 0 UID: 0 PID: 26351 Comm: syz.4.4580 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1515.990721][T26351] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1515.990731][T26351] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1515.990747][T26351] Call Trace: [ 1515.990756][T26351] [ 1515.990766][T26351] dump_stack_lvl+0x100/0x190 [ 1515.990813][T26351] should_fail_ex.cold+0x5/0xa [ 1515.990843][T26351] get_futex_key+0x1d2/0x1620 [ 1515.990878][T26351] ? __pfx_get_futex_key+0x10/0x10 [ 1515.990908][T26351] ? do_mmap+0x93f/0x12f0 [ 1515.990934][T26351] ? __pfx_userfaultfd_unmap_complete+0x10/0x10 [ 1515.990982][T26351] futex_wake+0xea/0x530 [ 1515.991022][T26351] ? __pfx_futex_wake+0x10/0x10 [ 1515.991084][T26351] do_futex+0x32b/0x350 [ 1515.991118][T26351] ? __pfx_do_futex+0x10/0x10 [ 1515.991152][T26351] ? fput+0x79/0x100 [ 1515.991185][T26351] __x64_sys_futex+0x34f/0x4d0 [ 1515.991219][T26351] ? __pfx_ksys_mmap_pgoff+0x10/0x10 [ 1515.991246][T26351] ? __pfx___x64_sys_futex+0x10/0x10 [ 1515.991290][T26351] do_syscall_64+0x106/0xf80 [ 1515.991320][T26351] ? clear_bhb_loop+0x40/0x90 [ 1515.991350][T26351] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1515.991376][T26351] RIP: 0033:0x7f51a339c799 [ 1515.991396][T26351] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1515.991425][T26351] RSP: 002b:00007f51a42f60e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1515.991450][T26351] RAX: ffffffffffffffda RBX: 00007f51a3615fa8 RCX: 00007f51a339c799 [ 1515.991467][T26351] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f51a3615fac [ 1515.991483][T26351] RBP: 00007f51a3615fa0 R08: 0000000000000000 R09: 0000000000000000 [ 1515.991499][T26351] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000 [ 1515.991515][T26351] R13: 00007f51a3616038 R14: 00007fff49aaeb30 R15: 00007fff49aaec18 [ 1515.991547][T26351] [ 1517.238564][T23572] Bluetooth: hci2: command 0x0c1a tx timeout [ 1517.422045][T26358] FAULT_INJECTION: forcing a failure. [ 1517.422045][T26358] name failslab, interval 1, probability 0, space 0, times 0 [ 1517.478648][T23572] Bluetooth: hci0: command 0x0c1a tx timeout [ 1517.485471][T23938] Bluetooth: hci5: command 0x0c1a tx timeout [ 1517.610482][T26358] CPU: 0 UID: 0 PID: 26358 Comm: syz.2.4583 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1517.610526][T26358] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1517.610536][T26358] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1517.610551][T26358] Call Trace: [ 1517.610560][T26358] [ 1517.610570][T26358] dump_stack_lvl+0x100/0x190 [ 1517.610615][T26358] should_fail_ex.cold+0x5/0xa [ 1517.610645][T26358] should_failslab+0xc2/0x120 [ 1517.610671][T26358] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 1517.610708][T26358] ? security_inode_alloc+0x3b/0x2c0 [ 1517.610748][T26358] ? lockdep_init_map_type+0x5c/0x250 [ 1517.610786][T26358] security_inode_alloc+0x3b/0x2c0 [ 1517.610823][T26358] inode_init_always_gfp+0xced/0x1040 [ 1517.610853][T26358] alloc_inode+0x8e/0x250 [ 1517.610886][T26358] sock_alloc+0x44/0x280 [ 1517.610916][T26358] ? security_socket_create+0x7f/0x250 [ 1517.610959][T26358] __sock_create+0xc2/0x860 [ 1517.611001][T26358] __sys_socket+0x14d/0x260 [ 1517.611038][T26358] ? exc_page_fault+0x6f/0xd0 [ 1517.611066][T26358] ? __pfx___sys_socket+0x10/0x10 [ 1517.611108][T26358] ? do_user_addr_fault+0x8d6/0x12f0 [ 1517.611158][T26358] __x64_sys_socket+0x72/0xb0 [ 1517.611196][T26358] ? lockdep_hardirqs_on+0x78/0x100 [ 1517.611225][T26358] do_syscall_64+0x106/0xf80 [ 1517.611253][T26358] ? clear_bhb_loop+0x40/0x90 [ 1517.611284][T26358] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1517.611310][T26358] RIP: 0033:0x7f989ff9e007 [ 1517.611331][T26358] Code: f0 ff ff 77 06 c3 0f 1f 44 00 00 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 b8 29 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1517.611357][T26358] RSP: 002b:00007f98a0efef98 EFLAGS: 00000286 ORIG_RAX: 0000000000000029 [ 1517.611381][T26358] RAX: ffffffffffffffda RBX: 00007f98a0215fa0 RCX: 00007f989ff9e007 [ 1517.611398][T26358] RDX: 0000000000000010 RSI: 0000000000000003 RDI: 0000000000000010 [ 1517.611414][T26358] RBP: 00000000ffffffff R08: 0000000000000000 R09: 0000000000000000 [ 1517.611429][T26358] R10: 0000200000000300 R11: 0000000000000286 R12: 0000000000000000 [ 1517.611445][T26358] R13: 00007f98a0216038 R14: 00007f98a0215fa0 R15: 00007ffff3711108 [ 1517.611477][T26358] [ 1517.611509][T26358] socket: no more sockets [ 1518.466457][T23572] Bluetooth: hci0: unexpected event 0x20 length: 123 > 7 [ 1519.363148][T26390] netlink: 354 bytes leftover after parsing attributes in process `syz.1.4591'. [ 1519.534409][T26392] sd 0:0:1:0: PR command failed: 1026 [ 1519.558076][T26392] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 1519.566216][T23572] Bluetooth: hci0: command 0x0c1a tx timeout [ 1519.595175][T26392] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 1519.633715][T26394] netlink: 24 bytes leftover after parsing attributes in process `syz.4.4592'. [ 1521.640721][T23572] Bluetooth: hci0: command 0x0c1a tx timeout [ 1525.523924][T26479] block nbd8: Unsupported socket: should be TCP or UNIX. [ 1525.622186][T26481] FAULT_INJECTION: forcing a failure. [ 1525.622186][T26481] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1525.713974][T26481] CPU: 0 UID: 0 PID: 26481 Comm: syz.4.4610 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1525.714015][T26481] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1525.714025][T26481] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1525.714040][T26481] Call Trace: [ 1525.714048][T26481] [ 1525.714057][T26481] dump_stack_lvl+0x100/0x190 [ 1525.714098][T26481] should_fail_ex.cold+0x5/0xa [ 1525.714127][T26481] _copy_from_user+0x2e/0xd0 [ 1525.714167][T26481] kstrtouint_from_user+0xd6/0x1d0 [ 1525.714197][T26481] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 1525.714227][T26481] ? __lock_acquire+0x4a5/0x2630 [ 1525.714260][T26481] ? lock_acquire+0x1cf/0x380 [ 1525.714297][T26481] proc_fail_nth_write+0x83/0x220 [ 1525.714327][T26481] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 1525.714364][T26481] vfs_write+0x2aa/0x1070 [ 1525.714404][T26481] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 1525.714436][T26481] ? __pfx_vfs_write+0x10/0x10 [ 1525.714480][T26481] ? __fget_files+0x215/0x3d0 [ 1525.714509][T26481] ? __fget_files+0x21f/0x3d0 [ 1525.714538][T26481] ksys_write+0x12a/0x250 [ 1525.714575][T26481] ? __pfx_ksys_write+0x10/0x10 [ 1525.714621][T26481] do_syscall_64+0x106/0xf80 [ 1525.714649][T26481] ? clear_bhb_loop+0x40/0x90 [ 1525.714678][T26481] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1525.714702][T26481] RIP: 0033:0x7f51a335cfce [ 1525.714721][T26481] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 1525.714746][T26481] RSP: 002b:00007f51a42f5fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1525.714769][T26481] RAX: ffffffffffffffda RBX: 00007f51a42f66c0 RCX: 00007f51a335cfce [ 1525.714785][T26481] RDX: 0000000000000001 RSI: 00007f51a42f60a0 RDI: 0000000000000004 [ 1525.714801][T26481] RBP: 00007f51a42f6090 R08: 0000000000000000 R09: 0000000000000000 [ 1525.714816][T26481] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1525.714830][T26481] R13: 00007f51a3616038 R14: 00007f51a3615fa0 R15: 00007fff49aaec18 [ 1525.714860][T26481] [ 1527.239658][T26507] Invalid ELF header magic: != ELF [ 1527.643823][T23572] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 1529.118362][T26535] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4619'. [ 1530.171613][T26556] block nbd8: Unsupported socket: should be TCP or UNIX. [ 1531.528760][T26582] FAULT_INJECTION: forcing a failure. [ 1531.528760][T26582] name failslab, interval 1, probability 0, space 0, times 0 [ 1531.641381][T26582] CPU: 0 UID: 0 PID: 26582 Comm: syz.4.4629 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1531.641422][T26582] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1531.641432][T26582] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1531.641446][T26582] Call Trace: [ 1531.641455][T26582] [ 1531.641465][T26582] dump_stack_lvl+0x100/0x190 [ 1531.641505][T26582] should_fail_ex.cold+0x5/0xa [ 1531.641533][T26582] should_failslab+0xc2/0x120 [ 1531.641558][T26582] __kvmalloc_node_noprof+0xfa/0xa00 [ 1531.641594][T26582] ? seq_read_iter+0x819/0x1270 [ 1531.641639][T26582] seq_read_iter+0x819/0x1270 [ 1531.641686][T26582] kernfs_fop_read_iter+0x46c/0x610 [ 1531.641714][T26582] ? rw_verify_area+0xce/0x6d0 [ 1531.641747][T26582] ? __pfx_kernfs_fop_read_iter+0x10/0x10 [ 1531.641776][T26582] vfs_read+0x825/0xb30 [ 1531.641816][T26582] ? __pfx_vfs_read+0x10/0x10 [ 1531.641870][T26582] ksys_read+0x12a/0x250 [ 1531.641907][T26582] ? __pfx_ksys_read+0x10/0x10 [ 1531.641952][T26582] do_syscall_64+0x106/0xf80 [ 1531.641980][T26582] ? clear_bhb_loop+0x40/0x90 [ 1531.642016][T26582] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1531.642041][T26582] RIP: 0033:0x7f51a339c799 [ 1531.642061][T26582] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1531.642085][T26582] RSP: 002b:00007f51a42f6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1531.642108][T26582] RAX: ffffffffffffffda RBX: 00007f51a3615fa0 RCX: 00007f51a339c799 [ 1531.642124][T26582] RDX: 000000000000009c RSI: 0000200000003f40 RDI: 0000000000000003 [ 1531.642140][T26582] RBP: 00007f51a42f6090 R08: 0000000000000000 R09: 0000000000000000 [ 1531.642154][T26582] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1531.642169][T26582] R13: 00007f51a3616038 R14: 00007f51a3615fa0 R15: 00007fff49aaec18 [ 1531.642201][T26582] [ 1532.720737][T26581] netlink: 338 bytes leftover after parsing attributes in process `syz.3.4628'. [ 1535.009116][T26626] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4636'. [ 1536.923523][T23572] Bluetooth: hci0: unexpected event 0x20 length: 123 > 7 [ 1537.501454][T26672] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4646'. [ 1539.165939][T26709] FAULT_INJECTION: forcing a failure. [ 1539.165939][T26709] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1539.231359][T26709] CPU: 0 UID: 0 PID: 26709 Comm: syz.4.4657 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1539.231401][T26709] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1539.231411][T26709] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1539.231426][T26709] Call Trace: [ 1539.231435][T26709] [ 1539.231446][T26709] dump_stack_lvl+0x100/0x190 [ 1539.231488][T26709] should_fail_ex.cold+0x5/0xa [ 1539.231517][T26709] strncpy_from_user+0x3b/0x2d0 [ 1539.231569][T26709] do_getname+0x78/0x390 [ 1539.231604][T26709] do_sys_openat2+0xc5/0x1e0 [ 1539.231637][T26709] ? __pfx_do_sys_openat2+0x10/0x10 [ 1539.231681][T26709] __x64_sys_openat+0x12d/0x210 [ 1539.231714][T26709] ? __pfx___x64_sys_openat+0x10/0x10 [ 1539.231758][T26709] do_syscall_64+0x106/0xf80 [ 1539.231787][T26709] ? clear_bhb_loop+0x40/0x90 [ 1539.231818][T26709] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1539.231844][T26709] RIP: 0033:0x7f51a339c799 [ 1539.231864][T26709] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1539.231889][T26709] RSP: 002b:00007f51a42f6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1539.231912][T26709] RAX: ffffffffffffffda RBX: 00007f51a3615fa0 RCX: 00007f51a339c799 [ 1539.231929][T26709] RDX: 0000000000000002 RSI: 0000200000000100 RDI: ffffffffffffff9c [ 1539.231945][T26709] RBP: 00007f51a3432bd9 R08: 0000000000000000 R09: 0000000000000000 [ 1539.231961][T26709] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1539.231976][T26709] R13: 00007f51a3616038 R14: 00007f51a3615fa0 R15: 00007fff49aaec18 [ 1539.232007][T26709] [ 1539.497396][T26713] block nbd8: Unsupported socket: should be TCP or UNIX. [ 1540.996224][T26718] Process accounting paused [ 1541.471978][T23938] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1541.494157][T23938] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1541.502751][T23938] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1541.511215][T23938] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1541.519546][T23938] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1542.322688][T26744] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 1542.476739][T23577] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1542.916098][T26757] netlink: 'syz.3.4670': attribute type 4 has an invalid length. [ 1542.943167][T23577] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1543.280033][T23577] bridge0: port 3(netdevsim1) entered disabled state [ 1543.442096][T23577] netdevsim netdevsim1 netdevsim1 (unregistering): left allmulticast mode [ 1543.497030][T23577] netdevsim netdevsim1 netdevsim1 (unregistering): left promiscuous mode [ 1543.543543][T23577] bridge0: port 3(netdevsim1) entered disabled state [ 1543.580079][T23572] Bluetooth: hci1: command tx timeout [ 1543.620653][T23577] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1543.721006][T26734] chnl_net:caif_netlink_parms(): no params data found [ 1543.811748][T23577] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1544.313516][T26778] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4676'. [ 1544.492285][T26734] bridge0: port 1(bridge_slave_0) entered blocking state [ 1544.523166][T26734] bridge0: port 1(bridge_slave_0) entered disabled state [ 1544.560819][T26734] bridge_slave_0: entered allmulticast mode [ 1544.613618][T26734] bridge_slave_0: entered promiscuous mode [ 1544.647704][T26734] bridge0: port 2(bridge_slave_1) entered blocking state [ 1544.685235][T26734] bridge0: port 2(bridge_slave_1) entered disabled state [ 1544.714750][T26734] bridge_slave_1: entered allmulticast mode [ 1544.747964][T26734] bridge_slave_1: entered promiscuous mode [ 1545.200321][T23577] gretap0: left allmulticast mode [ 1545.207110][T23577] gretap0: left promiscuous mode [ 1545.212476][T23577] bridge0: port 4(gretap0) entered disabled state [ 1545.225665][T23577] bridge_slave_1: left allmulticast mode [ 1545.231479][T23577] bridge_slave_1: left promiscuous mode [ 1545.240524][T23577] bridge0: port 2(bridge_slave_1) entered disabled state [ 1545.256406][T23577] bridge_slave_0: left allmulticast mode [ 1545.262328][T23577] bridge_slave_0: left promiscuous mode [ 1545.269183][T23577] bridge0: port 1(bridge_slave_0) entered disabled state [ 1545.491318][T23577] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1545.502645][T23577] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1545.515264][T23577] bond0 (unregistering): Released all slaves [ 1545.552918][T26734] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1545.595312][T26734] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1545.613543][T23577] ovs_: left promiscuous mode [ 1545.646436][T23572] Bluetooth: hci1: command tx timeout [ 1545.807199][T26734] team0: Port device team_slave_0 added [ 1545.830595][T26734] team0: Port device team_slave_1 added [ 1545.989484][T26734] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1546.064209][T26734] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1546.231572][T26734] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1546.349619][T26734] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1546.391744][T26734] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1546.546539][T26734] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1546.767565][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 1546.778227][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 1546.941630][T26734] hsr_slave_0: entered promiscuous mode [ 1546.980518][T26734] hsr_slave_1: entered promiscuous mode [ 1547.022158][T26817] block nbd8: Unsupported socket: should be TCP or UNIX. [ 1547.496025][T23577] hsr_slave_0: left promiscuous mode [ 1547.524971][T23577] hsr_slave_1: left promiscuous mode [ 1547.547949][T23577] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1547.572723][T23577] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1547.606975][T23577] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1547.635664][T23577] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1547.680350][T23577] veth1_vlan: left promiscuous mode [ 1547.703422][T23577] veth0_vlan: left promiscuous mode [ 1547.723825][T23572] Bluetooth: hci1: command tx timeout [ 1548.068423][T23577] team0 (unregistering): Port device team_slave_1 removed [ 1548.089519][T23577] team0 (unregistering): Port device team_slave_0 removed [ 1548.767721][T26835] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4689'. [ 1549.803629][T23572] Bluetooth: hci1: command tx timeout [ 1550.366551][T26734] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 1550.414266][T26734] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 1550.488985][T26734] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 1550.597496][T26734] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 1551.035345][T26734] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1551.136350][T26734] 8021q: adding VLAN 0 to HW filter on device team0 [ 1551.233521][T23681] bridge0: port 1(bridge_slave_0) entered blocking state [ 1551.240725][T23681] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1551.374253][T26886] block nbd8: Unsupported socket: should be TCP or UNIX. [ 1551.411616][T23681] bridge0: port 2(bridge_slave_1) entered blocking state [ 1551.418816][T23681] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1552.770713][T26734] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1552.942891][T26734] veth0_vlan: entered promiscuous mode [ 1553.016047][T26734] veth1_vlan: entered promiscuous mode [ 1553.205006][T26734] veth0_macvtap: entered promiscuous mode [ 1553.256540][T26916] block nbd8: Unsupported socket: should be TCP or UNIX. [ 1553.276538][T26734] veth1_macvtap: entered promiscuous mode [ 1553.406676][T26734] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1553.619729][T26734] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1553.669482][T26921] could not allocate digest TFM handle  [ 1553.979278][T23681] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1554.031270][T23681] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1554.375857][T23681] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1554.411984][T23681] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1555.095335][T23577] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1555.168490][T23577] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1555.518549][T26102] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1555.592436][T26102] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1556.050860][T26974] FAULT_INJECTION: forcing a failure. [ 1556.050860][T26974] name failslab, interval 1, probability 0, space 0, times 0 [ 1556.130799][T26974] CPU: 0 UID: 0 PID: 26974 Comm: syz.1.4664 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1556.130850][T26974] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1556.130861][T26974] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1556.130880][T26974] Call Trace: [ 1556.130890][T26974] [ 1556.130902][T26974] dump_stack_lvl+0x100/0x190 [ 1556.130954][T26974] should_fail_ex.cold+0x5/0xa [ 1556.130989][T26974] ? tomoyo_realpath_from_path+0xb6/0x690 [ 1556.131018][T26974] should_failslab+0xc2/0x120 [ 1556.131044][T26974] __kmalloc_noprof+0xe0/0x850 [ 1556.131086][T26974] tomoyo_realpath_from_path+0xb6/0x690 [ 1556.131121][T26974] tomoyo_path_number_perm+0x23c/0x580 [ 1556.131166][T26974] ? tomoyo_path_number_perm+0x22e/0x580 [ 1556.131205][T26974] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1556.131273][T26974] ? find_held_lock+0x2b/0x80 [ 1556.131294][T26974] ? __fget_files+0x215/0x3d0 [ 1556.131315][T26974] ? hook_file_ioctl_common+0x146/0x410 [ 1556.131359][T26974] ? __fget_files+0x21f/0x3d0 [ 1556.131385][T26974] security_file_ioctl+0xd3/0x230 [ 1556.131426][T26974] __x64_sys_ioctl+0xb7/0x210 [ 1556.131462][T26974] do_syscall_64+0x106/0xf80 [ 1556.131490][T26974] ? clear_bhb_loop+0x40/0x90 [ 1556.131520][T26974] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1556.131545][T26974] RIP: 0033:0x7eff36f9c799 [ 1556.131565][T26974] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1556.131589][T26974] RSP: 002b:00007eff37d81028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1556.131613][T26974] RAX: ffffffffffffffda RBX: 00007eff37215fa0 RCX: 00007eff36f9c799 [ 1556.131629][T26974] RDX: ffffffffffffffff RSI: 0000000000004c81 RDI: 0000000000000003 [ 1556.131648][T26974] RBP: 00007eff37d81090 R08: 0000000000000000 R09: 0000000000000000 [ 1556.131663][T26974] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1556.131677][T26974] R13: 00007eff37216038 R14: 00007eff37215fa0 R15: 00007ffc03bfd308 [ 1556.131708][T26974] [ 1556.553848][T26974] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1556.879680][T26982] zram: Cannot change disksize for initialized device [ 1556.920383][T26982] snd_virmidi snd_virmidi.0: control 61678:131081:3:yªƒ>oÆ[k<÷:1 is already present [ 1557.151009][T26967] could not allocate digest TFM handle  [ 1558.102923][T27002] block nbd8: Unsupported socket: should be TCP or UNIX. [ 1558.576732][T27013] block nbd8: Unsupported socket: should be TCP or UNIX. [ 1558.992400][T27016] could not allocate digest TFM handle  [ 1559.834811][T23938] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 1559.849102][T23938] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 1559.859611][T23938] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 1559.868968][T23938] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 1559.876697][T23938] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 1560.471395][T27042] FAULT_INJECTION: forcing a failure. [ 1560.471395][T27042] name failslab, interval 1, probability 0, space 0, times 0 [ 1560.556158][T27042] CPU: 0 UID: 0 PID: 27042 Comm: syz.3.4729 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1560.556202][T27042] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1560.556212][T27042] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1560.556227][T27042] Call Trace: [ 1560.556236][T27042] [ 1560.556245][T27042] dump_stack_lvl+0x100/0x190 [ 1560.556290][T27042] should_fail_ex.cold+0x5/0xa [ 1560.556319][T27042] ? tomoyo_encode2+0xfb/0x3c0 [ 1560.556344][T27042] should_failslab+0xc2/0x120 [ 1560.556369][T27042] __kmalloc_noprof+0xe0/0x850 [ 1560.556405][T27042] ? d_absolute_path+0x136/0x1b0 [ 1560.556442][T27042] tomoyo_encode2+0xfb/0x3c0 [ 1560.556472][T27042] tomoyo_encode+0x29/0x50 [ 1560.556496][T27042] tomoyo_realpath_from_path+0x18c/0x690 [ 1560.556529][T27042] tomoyo_path_number_perm+0x23c/0x580 [ 1560.556566][T27042] ? tomoyo_path_number_perm+0x22e/0x580 [ 1560.556605][T27042] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1560.556670][T27042] ? find_held_lock+0x2b/0x80 [ 1560.556692][T27042] ? __fget_files+0x215/0x3d0 [ 1560.556712][T27042] ? hook_file_ioctl_common+0x146/0x410 [ 1560.556756][T27042] ? __fget_files+0x21f/0x3d0 [ 1560.556782][T27042] security_file_ioctl+0xd3/0x230 [ 1560.556832][T27042] __x64_sys_ioctl+0xb7/0x210 [ 1560.556869][T27042] do_syscall_64+0x106/0xf80 [ 1560.556897][T27042] ? clear_bhb_loop+0x40/0x90 [ 1560.556927][T27042] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1560.556952][T27042] RIP: 0033:0x7feec739c799 [ 1560.556972][T27042] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1560.556995][T27042] RSP: 002b:00007feec8227028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1560.557020][T27042] RAX: ffffffffffffffda RBX: 00007feec7615fa0 RCX: 00007feec739c799 [ 1560.557036][T27042] RDX: ffffffffffffffff RSI: 0000000000004c81 RDI: 0000000000000003 [ 1560.557052][T27042] RBP: 00007feec8227090 R08: 0000000000000000 R09: 0000000000000000 [ 1560.557067][T27042] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1560.557082][T27042] R13: 00007feec7616038 R14: 00007feec7615fa0 R15: 00007ffd251a7a18 [ 1560.557112][T27042] [ 1560.557134][T27042] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1561.330307][T23571] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1561.507698][T23571] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1561.600784][T23571] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1561.730348][T23571] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1561.964898][T23572] Bluetooth: hci2: command tx timeout [ 1561.996060][T27034] chnl_net:caif_netlink_parms(): no params data found [ 1562.244913][T23571] gretap0: left allmulticast mode [ 1562.250012][T23571] gretap0: left promiscuous mode [ 1562.274641][T23571] bridge0: port 3(gretap0) entered disabled state [ 1562.286115][T23571] bridge_slave_1: left allmulticast mode [ 1562.291807][T23571] bridge_slave_1: left promiscuous mode [ 1562.332297][T23571] bridge0: port 2(bridge_slave_1) entered disabled state [ 1562.363102][T23571] bridge_slave_0: left allmulticast mode [ 1562.396786][T23571] bridge_slave_0: left promiscuous mode [ 1562.402714][T23571] bridge0: port 1(bridge_slave_0) entered disabled state [ 1563.346815][T23571] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1563.412219][T23571] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1563.446316][T27074] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4733'. [ 1563.468636][T23571] bond0 (unregistering): Released all slaves [ 1563.864004][T27079] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(2) [ 1563.900862][T23571] HfR: left promiscuous mode [ 1563.991657][T27034] bridge0: port 1(bridge_slave_0) entered blocking state [ 1564.020801][T27034] bridge0: port 1(bridge_slave_0) entered disabled state [ 1564.031170][T27034] bridge_slave_0: entered allmulticast mode [ 1564.058328][T23572] Bluetooth: hci2: command tx timeout [ 1564.070163][T27034] bridge_slave_0: entered promiscuous mode [ 1564.253405][T27034] bridge0: port 2(bridge_slave_1) entered blocking state [ 1564.260683][T27034] bridge0: port 2(bridge_slave_1) entered disabled state [ 1564.301934][T27034] bridge_slave_1: entered allmulticast mode [ 1564.331953][T27034] bridge_slave_1: entered promiscuous mode [ 1564.566091][T27034] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1564.709087][T27034] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1564.734668][T27092] Invalid ELF header magic: != ELF [ 1565.668012][T27034] team0: Port device team_slave_0 added [ 1565.784345][T27034] team0: Port device team_slave_1 added [ 1565.918540][T27034] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1565.943288][T27034] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1566.124740][T23938] Bluetooth: hci2: command tx timeout [ 1566.132479][T27034] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1566.408070][T27034] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1566.448002][T27034] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1566.537265][T27034] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1566.831509][T27034] hsr_slave_0: entered promiscuous mode [ 1566.874371][T27034] hsr_slave_1: entered promiscuous mode [ 1566.898449][T27034] debugfs: 'hsr0' already exists in 'hsr' [ 1566.917845][T27034] Cannot create hsr debugfs directory [ 1568.070059][T23571] hsr_slave_0: left promiscuous mode [ 1568.141370][T27140] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4746'. [ 1568.153616][T23571] hsr_slave_1: left promiscuous mode [ 1568.212036][T23938] Bluetooth: hci2: command tx timeout [ 1568.262893][T23571] veth1_macvtap: left promiscuous mode [ 1568.297891][T23571] veth0_macvtap: left promiscuous mode [ 1568.341798][T23571] veth1_vlan: left promiscuous mode [ 1568.396391][T23571] veth0_vlan: left promiscuous mode [ 1568.768078][T27144] could not allocate digest TFM handle  [ 1569.602172][T23571] team0 (unregistering): Port device team_slave_1 removed [ 1569.668009][T23571] team0 (unregistering): Port device team_slave_0 removed [ 1571.825159][T27034] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 1571.868555][T27034] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 1571.920985][T27034] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 1572.015830][T27034] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 1572.030130][T27184] Process accounting resumed [ 1572.499037][T27034] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1572.644244][T27034] 8021q: adding VLAN 0 to HW filter on device team0 [ 1572.732096][T23577] bridge0: port 1(bridge_slave_0) entered blocking state [ 1572.739347][T23577] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1572.845061][T23577] bridge0: port 2(bridge_slave_1) entered blocking state [ 1572.852268][T23577] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1573.115715][T27034] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1574.202461][T27034] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1574.305088][T27242] zswap: compressor not available [ 1574.509789][T27034] veth0_vlan: entered promiscuous mode [ 1574.589518][T27034] veth1_vlan: entered promiscuous mode [ 1575.189327][T27261] could not allocate digest TFM handle  [ 1575.740618][T27034] veth0_macvtap: entered promiscuous mode [ 1575.985341][T27281] Invalid ELF header magic: != ELF [ 1576.090240][T27034] veth1_macvtap: entered promiscuous mode [ 1576.190980][T27034] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1576.420181][T27034] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1576.541929][T26099] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1576.599848][T26099] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1576.779473][T26099] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1576.881712][T26099] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1577.309869][T23681] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1577.356301][T23681] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1577.720190][T26102] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1577.773396][T26102] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1580.330547][T27349] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4778'. [ 1580.846552][T27355] Invalid ELF header magic: != ELF [ 1581.524498][T23938] Bluetooth: hci2: unexpected event 0x20 length: 123 > 7 [ 1583.471931][T27403] vhci_hcd vhci_hcd.2: vhci_device speed not set [ 1583.931503][T23938] Bluetooth: hci2: unexpected event 0x20 length: 123 > 7 [ 1584.014545][T27407] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4789'. [ 1584.061105][T27411] block nbd8: Unsupported socket: should be TCP or UNIX. [ 1585.904155][T27431] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 1585.940966][T27431] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1585.976418][T27431] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1586.013198][T27431] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 1586.062368][T27431] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 1586.128466][T27431] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1586.158563][T27431] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 1586.218611][T27431] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 1587.103518][T27456] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4801'. [ 1587.483890][T23938] Bluetooth: hci5: command 0x0c1a tx timeout [ 1587.582312][T27454] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(2) [ 1587.805323][T23938] Bluetooth: hci5: unexpected event 0x20 length: 123 > 7 [ 1587.967009][T23938] Bluetooth: hci0: command 0x0c1a tx timeout [ 1588.049264][T23938] Bluetooth: hci1: command 0x0c1a tx timeout [ 1588.179024][T27468] block nbd8: Unsupported socket: should be TCP or UNIX. [ 1588.206270][T23938] Bluetooth: hci2: command 0x0c1a tx timeout [ 1589.517071][T27491] could not allocate digest TFM handle  [ 1589.799182][T27501] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4814'. [ 1590.124533][T23938] Bluetooth: hci1: command 0x0c1a tx timeout [ 1590.285244][T23938] Bluetooth: hci2: command 0x0c1a tx timeout [ 1591.245198][T27500] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(2) [ 1591.264277][T27515] Invalid ELF header magic: != ELF [ 1591.295183][T27518] zswap: compressor not available [ 1592.203572][T23938] Bluetooth: hci1: command 0x0c1a tx timeout [ 1592.363349][T23938] Bluetooth: hci2: command 0x0c1a tx timeout [ 1594.044700][T23938] Bluetooth: hci1: unexpected event 0x20 length: 123 > 7 [ 1594.096906][T27541] could not allocate digest TFM handle  [ 1594.875338][T27555] could not allocate digest TFM handle  [ 1595.882228][T23938] Bluetooth: hci0: unexpected event 0x20 length: 123 > 7 [ 1596.008890][T27576] Invalid ELF header magic: != ELF [ 1596.788037][T27586] could not allocate digest TFM handle  [ 1597.499593][T27612] FAULT_INJECTION: forcing a failure. [ 1597.499593][T27612] name fail_futex, interval 1, probability 0, space 0, times 0 [ 1597.576924][T27612] CPU: 0 UID: 0 PID: 27612 Comm: syz.1.4843 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1597.576967][T27612] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1597.576977][T27612] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1597.576993][T27612] Call Trace: [ 1597.577002][T27612] [ 1597.577011][T27612] dump_stack_lvl+0x100/0x190 [ 1597.577056][T27612] should_fail_ex.cold+0x5/0xa [ 1597.577087][T27612] get_futex_key+0x1d2/0x1620 [ 1597.577120][T27612] ? __pfx_get_futex_key+0x10/0x10 [ 1597.577148][T27612] ? find_held_lock+0x2b/0x80 [ 1597.577171][T27612] ? proc_sys_call_handler+0x2a5/0x5a0 [ 1597.577211][T27612] ? proc_sys_call_handler+0x2a5/0x5a0 [ 1597.577252][T27612] ? do_raw_spin_unlock+0x145/0x1e0 [ 1597.577292][T27612] futex_wake+0xea/0x530 [ 1597.577330][T27612] ? find_held_lock+0x2b/0x80 [ 1597.577353][T27612] ? __pfx_futex_wake+0x10/0x10 [ 1597.577403][T27612] ? ksys_write+0x190/0x250 [ 1597.577442][T27612] ? ksys_write+0x190/0x250 [ 1597.577486][T27612] do_futex+0x32b/0x350 [ 1597.577518][T27612] ? __pfx_do_futex+0x10/0x10 [ 1597.577558][T27612] __x64_sys_futex+0x34f/0x4d0 [ 1597.577592][T27612] ? fput+0x79/0x100 [ 1597.577619][T27612] ? __pfx___x64_sys_futex+0x10/0x10 [ 1597.577649][T27612] ? ksys_write+0x1ac/0x250 [ 1597.577688][T27612] ? __pfx_ksys_write+0x10/0x10 [ 1597.577734][T27612] do_syscall_64+0x106/0xf80 [ 1597.577765][T27612] ? clear_bhb_loop+0x40/0x90 [ 1597.577796][T27612] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1597.577822][T27612] RIP: 0033:0x7eff36f9c799 [ 1597.577842][T27612] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1597.577866][T27612] RSP: 002b:00007eff351f60e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1597.577889][T27612] RAX: ffffffffffffffda RBX: 00007eff37216098 RCX: 00007eff36f9c799 [ 1597.577905][T27612] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007eff3721609c [ 1597.577922][T27612] RBP: 00007eff37216090 R08: 0000000000000000 R09: 0000000000000000 [ 1597.577937][T27612] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000 [ 1597.577952][T27612] R13: 00007eff37216128 R14: 00007ffc03bfd220 R15: 00007ffc03bfd308 [ 1597.577983][T27612] [ 1598.460730][T23938] Bluetooth: hci1: unexpected event 0x20 length: 123 > 7 [ 1599.220712][T27632] could not allocate digest TFM handle  [ 1599.732300][T23938] Bluetooth: hci1: unexpected event 0x20 length: 123 > 7 [ 1599.766921][T27651] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4855'. [ 1602.149074][T27685] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4862'. [ 1602.416597][T27683] could not allocate digest TFM handle  [ 1602.790563][T27656] Process accounting paused [ 1603.806223][T27715] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4869'. [ 1604.204744][T23572] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 1604.219394][T23572] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 1604.227981][T23572] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 1604.253540][T23572] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 1604.262558][T23572] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 1605.206374][T26100] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1605.549935][T26100] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1605.850179][T26100] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1605.878267][T27725] could not allocate digest TFM handle  [ 1605.993677][T27719] chnl_net:caif_netlink_parms(): no params data found [ 1606.166625][T26100] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1606.363830][T23938] Bluetooth: hci3: command tx timeout [ 1607.258029][T27719] bridge0: port 1(bridge_slave_0) entered blocking state [ 1607.283710][T27719] bridge0: port 1(bridge_slave_0) entered disabled state [ 1607.310468][T27719] bridge_slave_0: entered allmulticast mode [ 1607.339651][T27719] bridge_slave_0: entered promiscuous mode [ 1607.504496][T27719] bridge0: port 2(bridge_slave_1) entered blocking state [ 1607.527299][T27719] bridge0: port 2(bridge_slave_1) entered disabled state [ 1607.556195][T27719] bridge_slave_1: entered allmulticast mode [ 1607.584395][T27719] bridge_slave_1: entered promiscuous mode [ 1607.905779][T26100] bridge_slave_0: left allmulticast mode [ 1607.933969][T26100] bridge_slave_0: left promiscuous mode [ 1607.960342][T26100] bridge0: port 1(bridge_slave_0) entered disabled state [ 1608.224002][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 1608.231051][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 1608.443764][T23938] Bluetooth: hci3: command tx timeout [ 1608.807010][T26100] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1608.911017][T26100] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1608.975346][T27765] FAULT_INJECTION: forcing a failure. [ 1608.975346][T27765] name fail_futex, interval 1, probability 0, space 0, times 0 [ 1609.000279][T26100] bond0 (unregistering): Released all slaves [ 1609.059423][T27765] CPU: 0 UID: 0 PID: 27765 Comm: syz.4.4875 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1609.059468][T27765] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1609.059479][T27765] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1609.059495][T27765] Call Trace: [ 1609.059503][T27765] [ 1609.059514][T27765] dump_stack_lvl+0x100/0x190 [ 1609.059560][T27765] should_fail_ex.cold+0x5/0xa [ 1609.059591][T27765] get_futex_key+0x1d2/0x1620 [ 1609.059625][T27765] ? __pfx_get_futex_key+0x10/0x10 [ 1609.059653][T27765] ? find_held_lock+0x2b/0x80 [ 1609.059677][T27765] ? proc_sys_call_handler+0x2a5/0x5a0 [ 1609.059716][T27765] ? proc_sys_call_handler+0x2a5/0x5a0 [ 1609.059757][T27765] ? do_raw_spin_unlock+0x145/0x1e0 [ 1609.059798][T27765] futex_wake+0xea/0x530 [ 1609.059835][T27765] ? find_held_lock+0x2b/0x80 [ 1609.059859][T27765] ? __pfx_futex_wake+0x10/0x10 [ 1609.059912][T27765] ? ksys_write+0x190/0x250 [ 1609.059951][T27765] ? ksys_write+0x190/0x250 [ 1609.059996][T27765] do_futex+0x32b/0x350 [ 1609.060029][T27765] ? __pfx_do_futex+0x10/0x10 [ 1609.060071][T27765] __x64_sys_futex+0x34f/0x4d0 [ 1609.060106][T27765] ? fput+0x79/0x100 [ 1609.060133][T27765] ? __pfx___x64_sys_futex+0x10/0x10 [ 1609.060164][T27765] ? ksys_write+0x1ac/0x250 [ 1609.060203][T27765] ? __pfx_ksys_write+0x10/0x10 [ 1609.060249][T27765] do_syscall_64+0x106/0xf80 [ 1609.060279][T27765] ? clear_bhb_loop+0x40/0x90 [ 1609.060309][T27765] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1609.060335][T27765] RIP: 0033:0x7f51a339c799 [ 1609.060356][T27765] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1609.060380][T27765] RSP: 002b:00007f51a42d50e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1609.060411][T27765] RAX: ffffffffffffffda RBX: 00007f51a3616098 RCX: 00007f51a339c799 [ 1609.060428][T27765] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f51a361609c [ 1609.060444][T27765] RBP: 00007f51a3616090 R08: 0000000000000000 R09: 0000000000000000 [ 1609.060460][T27765] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000 [ 1609.060477][T27765] R13: 00007f51a3616128 R14: 00007fff49aaeb30 R15: 00007fff49aaec18 [ 1609.060509][T27765] [ 1609.910487][T27774] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4877'. [ 1609.947423][T27719] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1610.008098][T27719] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1610.060258][T26100] HfR: left promiscuous mode [ 1610.448801][T27719] team0: Port device team_slave_0 added [ 1610.487148][T27719] team0: Port device team_slave_1 added [ 1610.523376][T23938] Bluetooth: hci3: command tx timeout [ 1610.783454][T27719] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1610.810622][T27719] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1610.924387][T27719] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1611.059587][T27719] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1611.100334][T27719] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1611.164697][T27787] could not allocate digest TFM handle  [ 1611.242832][T27719] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1611.595144][T27719] hsr_slave_0: entered promiscuous mode [ 1611.645842][T27719] hsr_slave_1: entered promiscuous mode [ 1611.672578][T27719] debugfs: 'hsr0' already exists in 'hsr' [ 1611.696404][T27719] Cannot create hsr debugfs directory [ 1611.781994][T27802] Invalid ELF header magic: != ELF [ 1612.603335][T23938] Bluetooth: hci3: command tx timeout [ 1614.342784][T27837] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4891'. [ 1614.468228][T27837] bridge_slave_1: left allmulticast mode [ 1614.508903][T27837] bridge_slave_1: left promiscuous mode [ 1614.537929][T27837] bridge0: port 2(bridge_slave_1) entered disabled state [ 1614.561758][T27837] bridge_slave_0: left allmulticast mode [ 1614.605781][T27837] bridge_slave_0: left promiscuous mode [ 1614.632162][T27837] bridge0: port 1(bridge_slave_0) entered disabled state [ 1614.813337][T26100] hsr_slave_0: left promiscuous mode [ 1614.837778][T26100] hsr_slave_1: left promiscuous mode [ 1614.917546][T26100] veth1_macvtap: left promiscuous mode [ 1614.923157][T26100] veth0_macvtap: left promiscuous mode [ 1614.986886][T26100] veth1_vlan: left promiscuous mode [ 1615.019477][T26100] veth0_vlan: left promiscuous mode [ 1616.208671][T27863] Invalid ELF header magic: != ELF [ 1616.339037][T26100] team0 (unregistering): Port device team_slave_1 removed [ 1616.405092][T26100] team0 (unregistering): Port device team_slave_0 removed [ 1617.644385][T27869] netlink: 342 bytes leftover after parsing attributes in process `syz.1.4896'. [ 1617.848377][T27868] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x61e pfn:0x78001 [ 1617.881721][T27868] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 1617.917613][T27868] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000 [ 1617.951623][T27868] raw: 000000000000061e 0000000000000000 00000001ffffffff 0000000000000000 [ 1617.993403][T27868] page dumped because: unmovable page [ 1618.018239][T27868] page_owner tracks the page as allocated [ 1618.041210][T27868] page last allocated via order 0, migratetype Unmovable, gfp_mask 0xd02(GFP_NOIO|__GFP_HIGHMEM|__GFP_ZERO), pid 6808, tgid 6806 (syz.0.175), ts 176491972931, free_ts 176375213454 [ 1618.107684][T27868] post_alloc_hook+0x153/0x170 [ 1618.124145][T27868] get_page_from_freelist+0x111d/0x3140 [ 1618.141722][T27868] __alloc_frozen_pages_noprof+0x27c/0x2ba0 [ 1618.164416][T27868] alloc_pages_mpol+0x1fb/0x550 [ 1618.181758][T27868] alloc_pages_noprof+0x131/0x390 [ 1618.213484][T27868] brd_submit_bio+0x116a/0x20d0 [ 1618.218630][T27868] __submit_bio+0x419/0x6c0 [ 1618.246471][T27868] submit_bio_noacct_nocheck+0x74f/0xc10 [ 1618.252282][T27868] submit_bio_noacct+0xd17/0x2010 [ 1618.281087][T27868] submit_bh_wbc+0x59c/0x770 [ 1618.298725][T27868] __block_write_full_folio+0x77f/0xee0 [ 1618.319046][T27868] block_write_full_folio+0x3b5/0x4e0 [ 1618.335112][T27868] blkdev_writepages+0xc7/0x150 [ 1618.340062][T27868] do_writepages+0x278/0x600 [ 1618.373487][T27868] filemap_writeback+0x22d/0x2e0 [ 1618.378577][T27868] file_write_and_wait_range+0xcd/0x140 [ 1618.413479][T27868] page last free pid 6780 tgid 6778 stack trace: [ 1618.419880][T27868] free_unref_folios+0xaea/0x1790 [ 1618.441556][T27868] folios_put_refs+0x53c/0x840 [ 1618.482881][T27868] shmem_undo_range+0x5e5/0x1570 [ 1618.519419][T27868] shmem_evict_inode+0x39e/0xbd0 [ 1618.529702][T27868] evict+0x3c2/0xad0 [ 1618.543331][T27868] iput.part.0+0x605/0xf50 [ 1618.547896][T27868] iput+0x35/0x40 [ 1618.551572][T27868] dentry_unlink_inode+0x2a1/0x490 [ 1618.592373][T27868] __dentry_kill+0x1d0/0x600 [ 1618.612871][T27868] finish_dput+0x76/0x480 [ 1618.645055][T27868] dput.part.0+0x456/0x570 [ 1618.649569][T27868] dput+0x1f/0x30 [ 1618.673478][T27868] __fput+0x519/0xb40 [ 1618.677551][T27868] task_work_run+0x150/0x240 [ 1618.703378][T27868] do_exit+0x829/0x2aa0 [ 1618.723631][T27868] do_group_exit+0xd5/0x2a0 [ 1619.046256][T27886] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4898'. [ 1620.186193][T27905] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4903'. [ 1620.660926][T27719] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 1620.768456][T27719] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 1620.839888][T27719] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 1621.044647][T27719] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 1621.505060][T23938] Bluetooth: hci0: unexpected event 0x20 length: 123 > 7 [ 1621.776725][T27936] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4907'. [ 1622.349055][T27719] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1622.364974][T27936] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(2) [ 1622.688792][T27942] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(2) [ 1622.737011][T27719] 8021q: adding VLAN 0 to HW filter on device team0 [ 1622.821273][T26100] bridge0: port 1(bridge_slave_0) entered blocking state [ 1622.828592][T26100] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1622.954838][T26100] bridge0: port 2(bridge_slave_1) entered blocking state [ 1622.962076][T26100] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1624.144680][T27982] Invalid ELF header magic: != ELF [ 1625.126147][T27719] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1625.152194][T23938] Bluetooth: hci1: unexpected event 0x20 length: 123 > 7 [ 1625.501313][T27719] veth0_vlan: entered promiscuous mode [ 1626.077062][T27719] veth1_vlan: entered promiscuous mode [ 1626.208528][T28014] Invalid ELF header magic: != ELF [ 1626.243358][T27719] veth0_macvtap: entered promiscuous mode [ 1626.278459][T27719] veth1_macvtap: entered promiscuous mode [ 1626.298380][T28021] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4921'. [ 1626.416638][T27719] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1626.485559][T27719] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1626.626192][T26102] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1626.660412][T26102] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1626.859723][T26102] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1626.873681][T28021] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(2) [ 1626.895076][T26102] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1627.776944][T26102] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1627.829708][T26102] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1627.940251][T26102] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1627.962100][T26102] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1628.552582][T28038] could not allocate digest TFM handle  [ 1628.887800][T23938] Bluetooth: hci1: unexpected event 0x20 length: 123 > 7 [ 1630.104549][T28069] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4931'. [ 1631.364213][T28080] block nbd8: Unsupported socket: should be TCP or UNIX. [ 1632.710734][T23938] Bluetooth: hci2: unexpected event 0x20 length: 123 > 7 [ 1633.476890][T28097] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4939'. [ 1633.564492][T28097] bridge_slave_1: left allmulticast mode [ 1633.570275][T28097] bridge_slave_1: left promiscuous mode [ 1633.613507][T28097] bridge0: port 2(bridge_slave_1) entered disabled state [ 1633.710556][T28097] bridge_slave_0: left allmulticast mode [ 1633.727743][T28097] bridge_slave_0: left promiscuous mode [ 1633.742243][T28097] bridge0: port 1(bridge_slave_0) entered disabled state [ 1633.801631][T28108] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4941'. [ 1634.214153][T28117] netlink: 21 bytes leftover after parsing attributes in process `syz.3.4943'. [ 1635.625378][T23938] Bluetooth: hci2: unexpected event 0x20 length: 123 > 7 [ 1635.858908][T28129] zswap: compressor not available [ 1636.424998][T28140] could not allocate digest TFM handle  [ 1638.111253][T23938] Bluetooth: hci0: unexpected event 0x20 length: 123 > 7 [ 1638.595440][T28180] Invalid ELF header magic: != ELF [ 1638.745409][T28191] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4964'. [ 1641.061558][T28206] zswap: compressor not available [ 1643.383048][T28239] could not allocate digest TFM handle  [ 1644.537289][T28250] could not allocate digest TFM handle  [ 1644.904182][T28257] could not allocate digest TFM handle  [ 1644.947662][T28260] zswap: compressor not available [ 1645.135436][T28271] Invalid ELF header magic: != ELF [ 1645.251025][T23938] Bluetooth: hci2: unexpected event 0x20 length: 123 > 7 [ 1647.176530][T28297] Invalid ELF header magic: != ELF [ 1648.330190][T28306] zswap: compressor not available [ 1648.674281][T28311] zswap: compressor not available [ 1649.410041][T28328] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4997'. [ 1652.098848][T28351] could not allocate digest TFM handle  [ 1652.273685][T28357] zswap: compressor not available [ 1652.756297][T28368] zswap: compressor not available [ 1652.843816][T23938] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 1653.440380][T28381] could not allocate digest TFM handle  [ 1654.243468][T28396] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5013'. [ 1654.926502][T23938] Bluetooth: hci3: command 0x2016 tx timeout [ 1656.089739][T28422] could not allocate digest TFM handle  [ 1656.899583][T28441] could not allocate digest TFM handle  [ 1657.003377][T28377] Bluetooth: hci3: command 0x2016 tx timeout [ 1657.188834][T28455] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5023'. [ 1657.203913][T28458] random: crng reseeded on system resumption [ 1657.296733][T28449] could not allocate digest TFM handle  [ 1657.541937][T23938] Bluetooth: hci1: unexpected event 0x20 length: 123 > 7 [ 1657.854154][T28475] netlink: 12 bytes leftover after parsing attributes in process `syz.1.5031'. [ 1660.262765][T28499] zswap: compressor not available [ 1660.577167][T28512] Invalid ELF header magic: != ELF [ 1660.716720][T28522] FAULT_INJECTION: forcing a failure. [ 1660.716720][T28522] name failslab, interval 1, probability 0, space 0, times 0 [ 1660.807113][T28502] zswap: compressor not available [ 1660.824436][T28522] CPU: 0 UID: 0 PID: 28522 Comm: syz.1.5037 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1660.824480][T28522] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1660.824489][T28522] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1660.824505][T28522] Call Trace: [ 1660.824514][T28522] [ 1660.824524][T28522] dump_stack_lvl+0x100/0x190 [ 1660.824570][T28522] should_fail_ex.cold+0x5/0xa [ 1660.824599][T28522] should_failslab+0xc2/0x120 [ 1660.824625][T28522] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 1660.824661][T28522] ? do_getname+0x35/0x390 [ 1660.824689][T28522] ? fput+0x79/0x100 [ 1660.824719][T28522] do_getname+0x35/0x390 [ 1660.824751][T28522] __x64_sys_mknod+0x78/0xc0 [ 1660.824777][T28522] do_syscall_64+0x106/0xf80 [ 1660.824806][T28522] ? clear_bhb_loop+0x40/0x90 [ 1660.824835][T28522] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1660.824860][T28522] RIP: 0033:0x7eff36f9c799 [ 1660.824879][T28522] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1660.824909][T28522] RSP: 002b:00007eff35193028 EFLAGS: 00000246 ORIG_RAX: 0000000000000085 [ 1660.824932][T28522] RAX: ffffffffffffffda RBX: 00007eff37216360 RCX: 00007eff36f9c799 [ 1660.824948][T28522] RDX: 0000000000000004 RSI: 0000000000001001 RDI: 0000000000000000 [ 1660.824963][T28522] RBP: 00007eff35193090 R08: 0000000000000000 R09: 0000000000000000 [ 1660.824978][T28522] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1660.824993][T28522] R13: 00007eff372163f8 R14: 00007eff37216360 R15: 00007ffc03bfd308 [ 1660.825023][T28522] [ 1661.223794][T28517] could not allocate digest TFM handle  [ 1663.240807][T28544] netlink: 'syz.1.5046': attribute type 11 has an invalid length. [ 1663.798970][T28556] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5049'. [ 1663.948599][T23938] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18 [ 1666.043388][T23938] Bluetooth: hci2: command 0x0c1a tx timeout [ 1666.807439][T28608] netlink: NAT attribute has 4 unknown bytes [ 1667.080254][T28602] could not allocate digest TFM handle  [ 1668.123422][T28377] Bluetooth: hci2: command 0x0c1a tx timeout [ 1668.647568][T28632] Invalid ELF header magic: != ELF [ 1669.667416][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 1669.677781][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 1669.951431][T28644] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5075'. [ 1670.871105][T28649] could not allocate digest TFM handle  [ 1671.447376][T28655] could not allocate digest TFM handle  [ 1671.671002][T28659] zswap: compressor not available [ 1672.919644][T28679] Invalid ELF header magic: != ELF [ 1673.943102][T28696] FAULT_INJECTION: forcing a failure. [ 1673.943102][T28696] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1674.011299][T28696] CPU: 0 UID: 0 PID: 28696 Comm: syz.3.5087 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1674.011340][T28696] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1674.011350][T28696] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1674.011365][T28696] Call Trace: [ 1674.011374][T28696] [ 1674.011384][T28696] dump_stack_lvl+0x100/0x190 [ 1674.011426][T28696] should_fail_ex.cold+0x5/0xa [ 1674.011451][T28696] ? prepare_alloc_pages+0x16d/0x5f0 [ 1674.011482][T28696] should_fail_alloc_page+0xeb/0x140 [ 1674.011509][T28696] prepare_alloc_pages+0x1f0/0x5f0 [ 1674.011540][T28696] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 1674.011594][T28696] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 1674.011651][T28696] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1674.011694][T28696] ? policy_nodemask+0xed/0x4f0 [ 1674.011721][T28696] alloc_pages_mpol+0x1fb/0x550 [ 1674.011747][T28696] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 1674.011779][T28696] alloc_pages_noprof+0x131/0x390 [ 1674.011806][T28696] pte_alloc_one+0x1e/0x3e0 [ 1674.011834][T28696] do_huge_pmd_anonymous_page+0x835/0x1a60 [ 1674.011883][T28696] __handle_mm_fault+0x1e9e/0x2b60 [ 1674.011921][T28696] ? mt_find+0x45e/0x8e0 [ 1674.011954][T28696] ? __pfx___handle_mm_fault+0x10/0x10 [ 1674.011985][T28696] ? __pfx_mt_find+0x10/0x10 [ 1674.012038][T28696] handle_mm_fault+0x36d/0xa20 [ 1674.012076][T28696] __get_user_pages+0xf9c/0x34d0 [ 1674.012111][T28696] ? down_read_killable+0x30e/0x4c0 [ 1674.012144][T28696] ? __lock_acquire+0x4a5/0x2630 [ 1674.012175][T28696] ? __pfx___get_user_pages+0x10/0x10 [ 1674.012200][T28696] ? __lock_acquire+0x4a5/0x2630 [ 1674.012236][T28696] __gup_longterm_locked+0x87d/0x16f0 [ 1674.012272][T28696] ? __pfx___gup_longterm_locked+0x10/0x10 [ 1674.012301][T28696] ? try_get_folio+0x262/0x750 [ 1674.012322][T28696] ? pmd_write+0xd3/0x150 [ 1674.012360][T28696] ? sanity_check_pinned_pages+0x5f6/0x1250 [ 1674.012391][T28696] gup_fast_fallback+0x18c6/0x2460 [ 1674.012438][T28696] ? __pfx_gup_fast_fallback+0x10/0x10 [ 1674.012464][T28696] ? kasan_save_stack+0x30/0x50 [ 1674.012500][T28696] ? kasan_save_track+0x14/0x30 [ 1674.012534][T28696] ? __kasan_slab_alloc+0x89/0x90 [ 1674.012554][T28696] ? mempool_alloc_noprof+0x1b7/0x310 [ 1674.012578][T28696] ? bvec_alloc+0x197/0x210 [ 1674.012614][T28696] ? bio_alloc_bioset+0x59e/0x850 [ 1674.012647][T28696] ? blkdev_direct_IO+0xeae/0x1fb0 [ 1674.012674][T28696] ? blkdev_write_iter+0x703/0xd70 [ 1674.012700][T28696] ? vfs_write+0x6ac/0x1070 [ 1674.012736][T28696] ? ksys_write+0x12a/0x250 [ 1674.012770][T28696] ? do_syscall_64+0x106/0xf80 [ 1674.012797][T28696] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1674.012827][T28696] pin_user_pages_fast+0xa7/0xf0 [ 1674.012854][T28696] ? __pfx_pin_user_pages_fast+0x10/0x10 [ 1674.012890][T28696] ? iov_iter_advance+0xac/0x6d0 [ 1674.012932][T28696] iov_iter_extract_pages+0xa0d/0x1ef0 [ 1674.012982][T28696] ? __pfx_iov_iter_extract_pages+0x10/0x10 [ 1674.013034][T28696] ? iov_iter_revert+0x252/0x5b0 [ 1674.013070][T28696] ? bio_associate_blkg_from_css+0x394/0x13f0 [ 1674.013103][T28696] iov_iter_extract_bvecs+0x10e/0xf40 [ 1674.013153][T28696] ? __pfx_iov_iter_extract_bvecs+0x10/0x10 [ 1674.013200][T28696] ? bio_init+0x404/0x610 [ 1674.013235][T28696] bio_iov_iter_get_pages+0x26a/0x970 [ 1674.013282][T28696] blkdev_direct_IO+0x1302/0x1fb0 [ 1674.013324][T28696] ? __pfx_blkdev_direct_IO+0x10/0x10 [ 1674.013366][T28696] blkdev_write_iter+0x703/0xd70 [ 1674.013401][T28696] vfs_write+0x6ac/0x1070 [ 1674.013439][T28696] ? __pfx_blkdev_write_iter+0x10/0x10 [ 1674.013470][T28696] ? __pfx_vfs_write+0x10/0x10 [ 1674.013506][T28696] ? find_held_lock+0x2b/0x80 [ 1674.013546][T28696] ksys_write+0x12a/0x250 [ 1674.013583][T28696] ? __pfx_ksys_write+0x10/0x10 [ 1674.013629][T28696] do_syscall_64+0x106/0xf80 [ 1674.013655][T28696] ? clear_bhb_loop+0x40/0x90 [ 1674.013684][T28696] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1674.013708][T28696] RIP: 0033:0x7f59f759c799 [ 1674.013728][T28696] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1674.013752][T28696] RSP: 002b:00007f59f84bd028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1674.013775][T28696] RAX: ffffffffffffffda RBX: 00007f59f7815fa0 RCX: 00007f59f759c799 [ 1674.013791][T28696] RDX: 000000100000a3d9 RSI: 0000200000000400 RDI: 0000000000000004 [ 1674.013806][T28696] RBP: 00007f59f84bd090 R08: 0000000000000000 R09: 0000000000000000 [ 1674.013820][T28696] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1674.013835][T28696] R13: 00007f59f7816038 R14: 00007f59f7815fa0 R15: 00007ffd723eb2f8 [ 1674.013865][T28696] [ 1675.140168][T28698] could not allocate digest TFM handle  [ 1676.077717][T28718] could not allocate digest TFM handle  [ 1676.942008][T28737] netlink: 12 bytes leftover after parsing attributes in process `syz.1.5100'. [ 1677.338033][T28750] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5102'. [ 1677.351008][T28741] could not allocate digest TFM handle  [ 1679.178343][T28377] Bluetooth: hci0: unexpected event 0x20 length: 123 > 7 [ 1679.808198][T28787] could not allocate digest TFM handle  [ 1680.779435][T28811] Invalid ELF header magic: != ELF [ 1680.948385][T28377] Bluetooth: hci2: unexpected event 0x20 length: 123 > 7 [ 1680.984938][T28814] could not allocate digest TFM handle  [ 1681.346414][T28825] netlink: 342 bytes leftover after parsing attributes in process `syz.2.5123'. [ 1682.568157][ C0] vcan0: j1939_tp_rxtimer: 0xffff88802cdbb000: rx timeout, send abort [ 1682.576820][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff88802cdbb000: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 1682.998830][T28838] could not allocate digest TFM handle  [ 1683.438660][T28853] FAULT_INJECTION: forcing a failure. [ 1683.438660][T28853] name failslab, interval 1, probability 0, space 0, times 0 [ 1683.526481][T28853] CPU: 0 UID: 0 PID: 28853 Comm: syz.4.5131 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1683.526523][T28853] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1683.526533][T28853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1683.526549][T28853] Call Trace: [ 1683.526558][T28853] [ 1683.526568][T28853] dump_stack_lvl+0x100/0x190 [ 1683.526611][T28853] should_fail_ex.cold+0x5/0xa [ 1683.526640][T28853] should_failslab+0xc2/0x120 [ 1683.526666][T28853] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 1683.526704][T28853] ? security_inode_alloc+0x3b/0x2c0 [ 1683.526742][T28853] ? lockdep_init_map_type+0x5c/0x250 [ 1683.526779][T28853] security_inode_alloc+0x3b/0x2c0 [ 1683.526817][T28853] inode_init_always_gfp+0xced/0x1040 [ 1683.526847][T28853] alloc_inode+0x8e/0x250 [ 1683.526879][T28853] create_pipe_files+0x4c/0x970 [ 1683.526909][T28853] do_pipe2+0xbd/0x1e0 [ 1683.526933][T28853] ? __pfx_do_pipe2+0x10/0x10 [ 1683.526968][T28853] __x64_sys_pipe+0x33/0x50 [ 1683.526992][T28853] do_syscall_64+0x106/0xf80 [ 1683.527020][T28853] ? clear_bhb_loop+0x40/0x90 [ 1683.527051][T28853] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1683.527077][T28853] RIP: 0033:0x7f51a339c799 [ 1683.527097][T28853] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1683.527121][T28853] RSP: 002b:00007f51a42f6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000016 [ 1683.527145][T28853] RAX: ffffffffffffffda RBX: 00007f51a3615fa0 RCX: 00007f51a339c799 [ 1683.527162][T28853] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1683.527177][T28853] RBP: 00007f51a3432bd9 R08: 0000000000000000 R09: 0000000000000000 [ 1683.527195][T28853] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1683.527211][T28853] R13: 00007f51a3616038 R14: 00007f51a3615fa0 R15: 00007fff49aaec18 [ 1683.527242][T28853] [ 1683.812686][T28377] Bluetooth: hci2: unexpected event 0x20 length: 123 > 7 [ 1684.244869][T28864] zswap: compressor not available [ 1684.576772][T28879] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5138'. [ 1685.210125][T28886] could not allocate digest TFM handle  [ 1686.025788][T28377] Bluetooth: hci1: unexpected event 0x20 length: 123 > 7 [ 1686.406277][T28901] zswap: compressor not available [ 1686.427964][T28904] overlayfs: "check_copy_up" module option is obsolete [ 1686.828455][T28920] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5148'. [ 1687.672164][T28935] could not allocate digest TFM handle  [ 1689.781349][T28973] could not allocate digest TFM handle  [ 1690.654127][T28991] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5166'. [ 1690.980133][T28984] zswap: compressor not available [ 1691.030457][T28987] Invalid ELF header magic: != ELF [ 1691.451004][T28997] could not allocate digest TFM handle  [ 1695.385403][T29016] Device name cannot be null; rc = [-22] [ 1696.401155][T29022] could not allocate digest TFM handle  [ 1698.128644][T29052] zram: Cannot change disksize for initialized device [ 1698.786591][T29062] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5184'. [ 1699.927679][T29069] zswap: compressor not available [ 1700.938713][T28377] Bluetooth: hci1: unexpected event 0x20 length: 123 > 7 [ 1701.370504][T29087] Invalid ELF header magic: != ELF [ 1702.170568][T29097] Invalid ELF header magic: != ELF [ 1705.361510][T28377] Bluetooth: hci3: unexpected event 0x20 length: 123 > 7 [ 1705.806345][T29130] FAULT_INJECTION: forcing a failure. [ 1705.806345][T29130] name failslab, interval 1, probability 0, space 0, times 0 [ 1705.981204][T29130] CPU: 0 UID: 0 PID: 29130 Comm: syz.2.5201 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1705.981248][T29130] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1705.981258][T29130] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1705.981272][T29130] Call Trace: [ 1705.981281][T29130] [ 1705.981291][T29130] dump_stack_lvl+0x100/0x190 [ 1705.981334][T29130] should_fail_ex.cold+0x5/0xa [ 1705.981363][T29130] should_failslab+0xc2/0x120 [ 1705.981388][T29130] kmem_cache_alloc_node_noprof+0x81/0x6f0 [ 1705.981432][T29130] ? __alloc_skb+0x140/0x710 [ 1705.981463][T29130] __alloc_skb+0x140/0x710 [ 1705.981487][T29130] ? __alloc_skb+0x5b7/0x710 [ 1705.981513][T29130] ? __pfx___alloc_skb+0x10/0x10 [ 1705.981547][T29130] netlink_alloc_large_skb+0x69/0x150 [ 1705.981581][T29130] netlink_sendmsg+0x680/0xda0 [ 1705.981617][T29130] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1705.981647][T29130] ? __import_iovec+0x1d2/0x640 [ 1705.981674][T29130] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 1705.981712][T29130] ____sys_sendmsg+0xa54/0xc30 [ 1705.981751][T29130] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1705.981799][T29130] ___sys_sendmsg+0x190/0x1e0 [ 1705.981837][T29130] ? __pfx____sys_sendmsg+0x10/0x10 [ 1705.981908][T29130] __sys_sendmsg+0x170/0x220 [ 1705.981937][T29130] ? __pfx___sys_sendmsg+0x10/0x10 [ 1705.981983][T29130] do_syscall_64+0x106/0xf80 [ 1705.982011][T29130] ? clear_bhb_loop+0x40/0x90 [ 1705.982040][T29130] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1705.982065][T29130] RIP: 0033:0x7f4b37b9c799 [ 1705.982085][T29130] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1705.982109][T29130] RSP: 002b:00007f4b38abc028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1705.982132][T29130] RAX: ffffffffffffffda RBX: 00007f4b37e15fa0 RCX: 00007f4b37b9c799 [ 1705.982148][T29130] RDX: 0000000004044054 RSI: 0000200000000600 RDI: 0000000000000003 [ 1705.982164][T29130] RBP: 00007f4b38abc090 R08: 0000000000000000 R09: 0000000000000000 [ 1705.982179][T29130] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1705.982193][T29130] R13: 00007f4b37e16038 R14: 00007f4b37e15fa0 R15: 00007ffc4f5edda8 [ 1705.982231][T29130] [ 1706.875397][T29134] could not allocate digest TFM handle  [ 1708.121023][T29156] FAULT_INJECTION: forcing a failure. [ 1708.121023][T29156] name failslab, interval 1, probability 0, space 0, times 0 [ 1708.256741][T29156] CPU: 0 UID: 0 PID: 29156 Comm: syz.4.5207 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1708.256786][T29156] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1708.256795][T29156] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1708.256811][T29156] Call Trace: [ 1708.256819][T29156] [ 1708.256829][T29156] dump_stack_lvl+0x100/0x190 [ 1708.256873][T29156] should_fail_ex.cold+0x5/0xa [ 1708.256902][T29156] should_failslab+0xc2/0x120 [ 1708.256928][T29156] __kvmalloc_node_noprof+0xfa/0xa00 [ 1708.256964][T29156] ? seq_read_iter+0x819/0x1270 [ 1708.257007][T29156] seq_read_iter+0x819/0x1270 [ 1708.257054][T29156] seq_read+0x33b/0x4c0 [ 1708.257090][T29156] ? __pfx_seq_read+0x10/0x10 [ 1708.257123][T29156] ? __pfx___might_resched+0x10/0x10 [ 1708.257173][T29156] ? rw_verify_area+0xce/0x6d0 [ 1708.257207][T29156] ? __pfx_seq_read+0x10/0x10 [ 1708.257242][T29156] vfs_read+0x1e4/0xb30 [ 1708.257283][T29156] ? __pfx_vfs_read+0x10/0x10 [ 1708.257318][T29156] ? __fget_files+0x215/0x3d0 [ 1708.257346][T29156] ? __fget_files+0x21f/0x3d0 [ 1708.257375][T29156] ksys_read+0x12a/0x250 [ 1708.257410][T29156] ? __pfx_ksys_read+0x10/0x10 [ 1708.257455][T29156] do_syscall_64+0x106/0xf80 [ 1708.257483][T29156] ? clear_bhb_loop+0x40/0x90 [ 1708.257512][T29156] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1708.257542][T29156] RIP: 0033:0x7f51a339c799 [ 1708.257563][T29156] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1708.257585][T29156] RSP: 002b:00007f51a42d5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1708.257608][T29156] RAX: ffffffffffffffda RBX: 00007f51a3616090 RCX: 00007f51a339c799 [ 1708.257625][T29156] RDX: 0000000000000fe9 RSI: 0000200000001300 RDI: 0000000000000005 [ 1708.257640][T29156] RBP: 00007f51a42d5090 R08: 0000000000000000 R09: 0000000000000000 [ 1708.257655][T29156] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1708.257670][T29156] R13: 00007f51a3616128 R14: 00007f51a3616090 R15: 00007fff49aaec18 [ 1708.257700][T29156] [ 1710.478061][T29169] program syz.2.5210 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1710.563734][T29169] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 1710.661854][T28377] Bluetooth: hci1: unexpected event 0x20 length: 123 > 7 [ 1711.847619][T29184] [ 1711.857109][T29184] ====================================================== [ 1711.864242][T29184] WARNING: possible circular locking dependency detected [ 1711.871388][T29184] syzkaller #0 Tainted: G U L [ 1711.877387][T29184] ------------------------------------------------------ [ 1711.884521][T29184] syz.4.5216/29184 is trying to acquire lock: [ 1711.890630][T29184] ffff888069bc48e8 ((work_completion)(&new_smc->smc_listen_work)){+.+.}-{0:0}, at: __flush_work+0x4ca/0xcb0 [ 1711.902201][T29184] [ 1711.902201][T29184] but task is already holding lock: [ 1711.909598][T29184] ffff888069bc6660 (sk_lock-AF_SMC/1){+.+.}-{0:0}, at: smc_release+0x3a5/0x620 [ 1711.918701][T29184] [ 1711.918701][T29184] which lock already depends on the new lock. [ 1711.918701][T29184] [ 1711.929368][T29184] [ 1711.929368][T29184] the existing dependency chain (in reverse order) is: [ 1711.938396][T29184] [ 1711.938396][T29184] -> #1 (sk_lock-AF_SMC/1){+.+.}-{0:0}: [ 1711.946268][T29184] lock_sock_nested+0x41/0xf0 [ 1711.951536][T29184] smc_listen_out+0x1f5/0x4b0 [ 1711.956773][T29184] smc_listen_work+0x4c2/0x50e0 [ 1711.962198][T29184] process_one_work+0x9d7/0x1920 [ 1711.967780][T29184] worker_thread+0x5da/0xe40 [ 1711.972942][T29184] kthread+0x370/0x450 [ 1711.977671][T29184] ret_from_fork+0x754/0xd80 [ 1711.982902][T29184] ret_from_fork_asm+0x1a/0x30 [ 1711.988249][T29184] [ 1711.988249][T29184] -> #0 ((work_completion)(&new_smc->smc_listen_work)){+.+.}-{0:0}: [ 1711.998531][T29184] __lock_acquire+0x14b8/0x2630 [ 1712.003932][T29184] lock_acquire+0x1cf/0x380 [ 1712.008989][T29184] __flush_work+0x4de/0xcb0 [ 1712.014050][T29184] cancel_work_sync+0xd1/0xf0 [ 1712.019293][T29184] smc_clcsock_release+0x5f/0xe0 [ 1712.024776][T29184] __smc_release+0x5c2/0x880 [ 1712.029921][T29184] smc_close_non_accepted+0xda/0x200 [ 1712.035756][T29184] smc_close_active+0x4ff/0x1070 [ 1712.041313][T29184] __smc_release+0x634/0x880 [ 1712.046443][T29184] smc_release+0x1fc/0x620 [ 1712.051404][T29184] __sock_release+0xb3/0x260 [ 1712.056610][T29184] sock_close+0x1c/0x30 [ 1712.061319][T29184] __fput+0x3ff/0xb40 [ 1712.065896][T29184] task_work_run+0x150/0x240 [ 1712.071055][T29184] exit_to_user_mode_loop+0x100/0x4a0 [ 1712.076986][T29184] do_syscall_64+0x668/0xf80 [ 1712.082161][T29184] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1712.088868][T29184] [ 1712.088868][T29184] other info that might help us debug this: [ 1712.088868][T29184] [ 1712.099395][T29184] Possible unsafe locking scenario: [ 1712.099395][T29184] [ 1712.107125][T29184] CPU0 CPU1 [ 1712.112598][T29184] ---- ---- [ 1712.118100][T29184] lock(sk_lock-AF_SMC/1); [ 1712.122664][T29184] lock((work_completion)(&new_smc->smc_listen_work)); [ 1712.132137][T29184] lock(sk_lock-AF_SMC/1); [ 1712.139274][T29184] lock((work_completion)(&new_smc->smc_listen_work)); [ 1712.146323][T29184] [ 1712.146323][T29184] *** DEADLOCK *** [ 1712.146323][T29184] [ 1712.154513][T29184] 3 locks held by syz.4.5216/29184: [ 1712.159723][T29184] #0: ffff888047b60d88 (&sb->s_type->i_mutex_key#14){+.+.}-{4:4}, at: __sock_release+0x86/0x260 [ 1712.170312][T29184] #1: ffff888069bc6660 (sk_lock-AF_SMC/1){+.+.}-{0:0}, at: smc_release+0x3a5/0x620 [ 1712.179767][T29184] #2: ffffffff8e7e9220 (rcu_read_lock){....}-{1:3}, at: __flush_work+0xfd/0xcb0 [ 1712.188948][T29184] [ 1712.188948][T29184] stack backtrace: [ 1712.194951][T29184] CPU: 0 UID: 0 PID: 29184 Comm: syz.4.5216 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1712.195023][T29184] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1712.195034][T29184] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1712.195049][T29184] Call Trace: [ 1712.195061][T29184] [ 1712.195071][T29184] dump_stack_lvl+0x100/0x190 [ 1712.195109][T29184] print_circular_bug.cold+0x178/0x1c7 [ 1712.195149][T29184] check_noncircular+0x146/0x160 [ 1712.195183][T29184] __lock_acquire+0x14b8/0x2630 [ 1712.195219][T29184] lock_acquire+0x1cf/0x380 [ 1712.195247][T29184] ? __flush_work+0x4ca/0xcb0 [ 1712.195284][T29184] ? mark_held_locks+0x40/0x70 [ 1712.195312][T29184] ? __flush_work+0x4ca/0xcb0 [ 1712.195350][T29184] __flush_work+0x4de/0xcb0 [ 1712.195383][T29184] ? __flush_work+0x4ca/0xcb0 [ 1712.195419][T29184] ? __pfx___flush_work+0x10/0x10 [ 1712.195459][T29184] ? __pfx_wq_barrier_func+0x10/0x10 [ 1712.195490][T29184] ? __pfx___might_resched+0x10/0x10 [ 1712.195528][T29184] cancel_work_sync+0xd1/0xf0 [ 1712.195551][T29184] smc_clcsock_release+0x5f/0xe0 [ 1712.195576][T29184] __smc_release+0x5c2/0x880 [ 1712.195615][T29184] ? __pfx_sock_def_readable+0x10/0x10 [ 1712.195640][T29184] smc_close_non_accepted+0xda/0x200 [ 1712.195664][T29184] smc_close_active+0x4ff/0x1070 [ 1712.195689][T29184] __smc_release+0x634/0x880 [ 1712.195726][T29184] smc_release+0x1fc/0x620 [ 1712.195762][T29184] __sock_release+0xb3/0x260 [ 1712.195791][T29184] ? __pfx_sock_close+0x10/0x10 [ 1712.195818][T29184] sock_close+0x1c/0x30 [ 1712.195845][T29184] __fput+0x3ff/0xb40 [ 1712.195876][T29184] task_work_run+0x150/0x240 [ 1712.195910][T29184] ? __pfx_task_work_run+0x10/0x10 [ 1712.195946][T29184] exit_to_user_mode_loop+0x100/0x4a0 [ 1712.195986][T29184] do_syscall_64+0x668/0xf80 [ 1712.196014][T29184] ? clear_bhb_loop+0x40/0x90 [ 1712.196044][T29184] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1712.196069][T29184] RIP: 0033:0x7f51a339c799 [ 1712.196090][T29184] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1712.196115][T29184] RSP: 002b:00007fff49aaed78 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 1712.196138][T29184] RAX: 0000000000000000 RBX: 00007f51a3617da0 RCX: 00007f51a339c799 [ 1712.196153][T29184] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 1712.196168][T29184] RBP: 00007f51a3617da0 R08: 00007f51a3616038 R09: 0000000000000000 [ 1712.196183][T29184] R10: 00000000003e7c48 R11: 0000000000000246 R12: 00000000001a1ff8 [ 1712.196198][T29184] R13: 00007f51a361609c R14: 00000000001a1de1 R15: 00007f51a3616090 [ 1712.196223][T29184] [ 1712.526235][T29183] Invalid ELF header magic: != ELF SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 1714.043352][T27029] EXT4-fs error (device sda1) in ext4_free_inode:361: Corrupt filesystem [ 1714.108394][T27029] EXT4-fs error (device sda1) in ext4_free_inode:361: Corrupt filesystem [ 1714.116948][T26730] EXT4-fs error (device sda1) in ext4_free_inode:361: Corrupt filesystem [ 1714.205602][T26730] EXT4-fs error (device sda1) in ext4_free_inode:361: Corrupt filesystem [ 1715.645469][T26102] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1715.877216][T26102] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1716.038986][T26102] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1716.121276][T26102] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1716.398627][T29175] EXT4-fs error (device sda1) in ext4_free_inode:361: Corrupt filesystem [ 1716.425193][T26102] bridge_slave_1: left allmulticast mode [ 1716.431013][T26102] bridge_slave_1: left promiscuous mode [ 1716.438229][T29184] EXT4-fs error (device sda1) in ext4_free_inode:361: Corrupt filesystem [ 1716.461831][T29175] EXT4-fs error (device sda1) in ext4_free_inode:361: Corrupt filesystem [ 1716.470944][T26102] bridge0: port 2(bridge_slave_1) entered disabled state [ 1716.488259][T29184] EXT4-fs error (device sda1) in ext4_free_inode:361: Corrupt filesystem [ 1716.506610][T26102] bridge_slave_0: left allmulticast mode [ 1716.512381][T26102] bridge_slave_0: left promiscuous mode [ 1716.553326][T26102] bridge0: port 1(bridge_slave_0) entered disabled state [ 1716.775793][T26102] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1716.815212][T26102] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1716.858486][T26102] bond0 (unregistering): Released all slaves [ 1717.117049][T29184] EXT4-fs error (device sda1) in ext4_free_inode:361: Corrupt filesystem [ 1717.187206][T26102] hsr_slave_0: left promiscuous mode [ 1717.194411][T26102] hsr_slave_1: left promiscuous mode [ 1717.213565][T26102] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1717.221100][T26102] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1717.246038][T26102] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1717.266459][T26102] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1717.286575][T26102] veth1_macvtap: left promiscuous mode [ 1717.292115][T26102] veth0_macvtap: left promiscuous mode [ 1717.307380][T26102] veth1_vlan: left promiscuous mode [ 1717.312748][T26102] veth0_vlan: left promiscuous mode [ 1717.445370][T26102] team0 (unregistering): Port device team_slave_1 removed [ 1717.460271][T26102] team0 (unregistering): Port device team_slave_0 removed [ 1717.999519][T26102] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1718.050447][T26102] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1718.099030][T26102] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1718.149376][T26102] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1718.275435][T26102] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1718.330422][T26102] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1718.378989][T26102] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1718.428649][T26102] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1718.556609][T26102] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1718.611751][T26102] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1718.658555][T26102] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1718.708805][T26102] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1718.825911][T26102] bridge_slave_1: left allmulticast mode [ 1718.831616][T26102] bridge_slave_1: left promiscuous mode [ 1718.854436][T26102] bridge0: port 2(bridge_slave_1) entered disabled state [ 1718.874031][T26102] bridge_slave_0: left allmulticast mode [ 1718.879753][T26102] bridge_slave_0: left promiscuous mode [ 1718.893838][T26102] bridge0: port 1(bridge_slave_0) entered disabled state [ 1719.082694][T26102] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1719.100342][T26102] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1719.110930][T26102] bond0 (unregistering): Released all slaves [ 1719.152355][T26102] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1719.170153][T26102] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1719.180447][T26102] bond0 (unregistering): Released all slaves [ 1719.229824][T26102] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1719.240237][T26102] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1719.252696][T26102] bond0 (unregistering): Released all slaves [ 1720.306278][T26102] hsr_slave_0: left promiscuous mode [ 1720.312011][T26102] hsr_slave_1: left promiscuous mode [ 1720.324061][T26102] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1720.331479][T26102] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1720.353893][T26102] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1720.361315][T26102] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1720.387791][T26102] hsr_slave_0: left promiscuous mode [ 1720.404770][T26102] hsr_slave_1: left promiscuous mode [ 1720.414420][T26102] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1720.422081][T26102] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1720.466709][T26102] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1720.483378][T26102] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1720.496848][T26102] hsr_slave_0: left promiscuous mode [ 1720.511493][T26102] hsr_slave_1: left promiscuous mode [ 1720.533529][T26102] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1720.541134][T26102] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1720.564321][T26102] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1720.571757][T26102] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1720.602277][T26102] veth1_macvtap: left promiscuous mode [ 1720.623420][T26102] veth0_macvtap: left promiscuous mode [ 1720.628982][T26102] veth1_vlan: left promiscuous mode [ 1720.644066][T26102] veth0_vlan: left promiscuous mode [ 1720.652796][T26102] veth1_macvtap: left promiscuous mode [ 1720.660181][T26102] veth0_macvtap: left promiscuous mode [ 1720.667433][T26102] veth1_vlan: left promiscuous mode [ 1720.672732][T26102] veth0_vlan: left promiscuous mode [ 1720.679282][T26102] veth1_macvtap: left promiscuous mode [ 1720.685045][T26102] veth0_macvtap: left promiscuous mode [ 1720.690626][T26102] veth1_vlan: left promiscuous mode [ 1720.696558][T26102] veth0_vlan: left promiscuous mode [ 1720.928523][T26102] team0 (unregistering): Port device team_slave_1 removed [ 1720.947236][T26102] team0 (unregistering): Port device team_slave_0 removed [ 1721.079725][T26102] team0 (unregistering): Port device team_slave_1 removed [ 1721.096703][T26102] team0 (unregistering): Port device team_slave_0 removed [ 1721.220347][T26102] team0 (unregistering): Port device team_slave_1 removed [ 1721.238306][T26102] team0 (unregistering): Port device team_slave_0 removed