last executing test programs: 5.526890227s ago: executing program 3 (id=472): r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x0, 0x100000000008000) write$auto(r0, &(0x7f0000000180)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8\xa6\xb6\xaa\x96/OX\xba\x02\xc5\xc6B\x1d}Y\xbc@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf\xd6f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8', 0x100000a3d6) r1 = openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x60042, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/adsp1\x00', 0x20342, 0x0) ioctl$auto_SNDCTL_DSP_SYNC(r2, 0x5001, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000100)='/dev/bus/usb/017/001\x00', 0x802, 0x0) r3 = socket(0x2, 0x1, 0x106) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto_sg_fops_sg(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r1, 0x1) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x10000000000001ff, 0x7, 0xd3e, 0x20, 0x9687, 0x100000000000003, 0x95f4da0a, 0x6, 0x3, 0x62, 0x8, 0x7, 0x6d3f, 0x9, 0x6, 0xfffffffffffffffe]}, 0x0) sendmsg$auto_L2TP_CMD_TUNNEL_MODIFY(r3, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000240)={&(0x7f0000000140)={0x34, 0x0, 0xe, 0x70bd2d, 0x25dfdbfc, {}, [@L2TP_ATTR_UDP_DPORT={0x6, 0x1b, 0x4e23}, @L2TP_ATTR_DEBUG={0x8, 0x11, 0x5}, @L2TP_ATTR_MTU={0x6, 0x1c, 0x5}, @L2TP_ATTR_DATA_SEQ={0x5, 0x4, 0x40}]}, 0x34}}, 0x810) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xfffffffffffffffb, 0x1, 0x4, 0x3, 0x3, 0x3, 0xffffffffffffffff, 0x3, 0x8000000000400000, 0x2, 0x6d3c, 0x3, 0x2, 0x8000000000000006]}, 0x0) ioctl$auto_FS_IOC_GETFSUUID(r3, 0x80111500, 0x8) fsopen$auto(0x0, 0x1) close_range$auto(0x2, 0x8, 0x0) 5.444552175s ago: executing program 2 (id=473): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2, 0x1, 0x0) setsockopt$auto(0x3, 0x1, 0x21, 0x0, 0x9) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4ea2, @remote}, 0x6a) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0x101}, 0x8}, 0x7, 0x20020000) write$auto(0x3, 0x0, 0x7fffffff) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r1 = socket(0x2, 0x1, 0x106) bind$auto(r1, &(0x7f0000000040)=@in={0x2, 0x3, @multicast2}, 0x6a) write$auto(0x3, 0x0, 0xfffffdef) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) close_range$auto(0x2, 0x8, 0x0) ioctl$auto_NS_GET_OWNER_UID(0xffffffffffffffff, 0xb704, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0xa, 0x801, 0x84) r2 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, 0x0, 0x802, 0x0) writev$auto(r2, &(0x7f0000000200)={0x0, 0x7}, 0x3) 5.023153944s ago: executing program 1 (id=475): r0 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmstat\x00', 0x20000, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) socket(0x15, 0x5, 0x0) socket(0x2, 0x1, 0x106) getsockopt$auto(0x4, 0x6, 0x17, 0xfffffffffffffffc, 0x0) openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f000000c340)='/proc/self/pagemap\x00', 0x0, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000640)='/sys/firmware/acpi/tables/APIC\x00', 0x0, 0x0) write$auto_tty_fops_tty_io(0xffffffffffffffff, 0x0, 0x0) write$auto(0xffffffffffffffff, 0x0, 0x100000a3d9) io_uring_setup$auto(0x1, 0x0) r2 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/domain_policy\x00', 0x40802, 0x0) mmap$auto(0x0, 0x4020009, 0xe2, 0x4000000eb1, 0x401, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mremap$auto(0x4000, 0xb8, 0x13fd4, 0x3, 0xfffff000) madvise$auto(0x0, 0x400053, 0x9) read$auto(r2, 0x0, 0xb4d3) read$auto(r1, 0x0, 0x7) pread64$auto(r0, &(0x7f00000002c0)='\x04\xefr\tbgc/\xd0\xe1\xf7$/tg/,s\b\xf5\xf7\x0f\x03\xd5\xef\xbf\xf6j\xe2\xed\x7f0\b\xff^\xe3th\xd2\x1bA\xba&\xba\xd0\xbb\xca\xb0\xa1\t\x00\x00\r(\xccF\xeeg\n\x00\x00\xa9l\x9cd\xcf\xff\x97=\xf4\xa1\xca\x82j\xf2\x17\t\x00\x00\x00\x00\x00\x00\x000\xf76\xb96\xd1\xb9\xde\xe2\x167\xc5\x94\x00A[B\xd9\x82\xaa\xc5\xfcoB\xfe\'\xfbI\xc9\xcb\xc3\xc1\x1e6~\x81\xb9\x0ff\x8e\xd3\x06\xba;yX\x966\x97#\xfb\x8d!F\xfc\x99\x86\x1d\xbb\xaf(\x92\x887\x01Z\xa7\xe3Y\x17\xd2#\x8aO\xef\r\xfa\xe0\x18IiI\xaek\xa9R\x02N;+@\x12>\'\x1a\xa6i\x93\x8c\x16BO@ \xb5\xd9\xd0\xb6S\xfc\x17\x11\x04\x8b?$\xean\xa1|D\xbbV%\xde\x87\xd1@\x00\x8cM\xfdr\xc9\x86\xbaq', 0x100003ffd, 0x6) 4.748255112s ago: executing program 1 (id=476): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mincore$auto(0x1000, 0x8001, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000040), 0x94000, 0x0) socket(0xa, 0x801, 0x84) setsockopt$auto(0x3, 0x10000000084, 0x75, 0x0, 0xb) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/thread-self/net/sctp/assocs\x00', 0x80, 0x0) socket(0x2, 0x1, 0x106) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) sendmmsg$auto(0x3, &(0x7f0000000000)={{0x0, 0x2506, &(0x7f00000002c0)={0x0, 0xac}, 0x5, 0x0, 0x1, 0x3a32182}, 0xed7138b}, 0x2, 0x9) recvmmsg$auto(0x4, 0x0, 0x7, 0xe, 0x0) recvfrom$auto(0x4, 0x0, 0x101d0, 0x3ffffd, 0x0, 0x0) 4.350210411s ago: executing program 2 (id=477): mmap$auto(0x0, 0xa00006, 0x400002, 0x40eb1, 0x602, 0x300000000000) socket(0x2, 0x1, 0x106) connect$auto(0x3, 0x0, 0x54) ioprio_set$auto(0x3, 0x0, 0x4b34) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) copy_file_range$auto(0xffffffffffffffff, 0x0, 0xffffffffffffffff, &(0x7f00000001c0)=0x7f, 0x2, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) syz_clone(0x4100000, 0x0, 0x0, 0x0, 0x0, 0x0) futex$auto(0x0, 0x86, 0x8, 0x0, 0x0, 0x7) mbind$auto(0x0, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) madvise$auto(0x1000000, 0xffffffffffff0006, 0x17) mmap$auto(0x0, 0x40009, 0xe2, 0x9b72, 0x7, 0x28000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x1000, 0x2) clone$auto(0x0, 0x5, 0xffffffffffffffff, 0xfffffffffffffffc, 0x6) recvfrom$auto(0x3, 0x0, 0x800000000e, 0x13f, 0x0, 0xfffffffffffffffd) adjtimex$auto(&(0x7f0000000000)={0x1, 0x0, 0x7fffffff, 0x8, 0x8000, 0x8, 0x4, 0x0, 0x4, 0xfffffffffffffff3, 0x7, {0x1, 0x6}, 0xb, 0x2400000, 0x6, 0x9, 0x0, 0x6, 0x8, 0x10000, 0x7fffffff, 0x913, 0x6}) 3.743997979s ago: executing program 0 (id=478): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0xb, 0x0) r0 = socket(0x2, 0x5, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0x2, 0x1, 0x84) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) sendmmsg$auto(r0, &(0x7f0000000100)={{&(0x7f0000000040), 0x10, &(0x7f00000000c0)={0x0, 0x1a000}, 0x7, 0x0, 0x2, 0xb}, 0xfff}, 0x5, 0x311) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c03, &(0x7f0000000000)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x200009}, 0x1}, 0x2, 0x0) close_range$auto(0x0, 0xffffeffe, 0x2) openat$auto_stats_seq_fops_netdebug(0xffffffffffffff9c, &(0x7f0000000140), 0x101081, 0x0) pipe$auto(0x0) unshare$auto(0x40000080) setsockopt$auto(0x3, 0x10000000084, 0x7b, 0x0, 0xd) close_range$auto(0x2, 0x8, 0x0) 3.708199298s ago: executing program 1 (id=479): close_range$auto(0x2, 0x8, 0x0) openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dri/card1\x00', 0x80802, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x9, 0xdf, 0x1000000eb1, 0x401, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/fs/cifs/SecurityFlags\x00', 0x48041, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/net/bond0/bonding/miimon\x00', 0x143b42, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) io_uring_setup$auto(0x2, 0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) ioctl$auto_TIOCSETD2(r0, 0x5423, 0x0) socketpair$auto(0x5b, 0x1, 0x420000, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ttyS2\x00', 0x101f81, 0x0) ioctl$auto_TIOCSETD2(r1, 0x5423, 0x0) ioctl$auto_TIOCVHANGUP2(r0, 0x5437, 0x0) 3.296876937s ago: executing program 1 (id=480): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) ioctl$auto(r1, 0x4b4a, 0x9) r2 = socket(0x11, 0x3, 0x9) r3 = open_by_handle_at$auto(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x42}, 0x4) sendmmsg$auto(r2, &(0x7f00000001c0)={{&(0x7f0000000000), 0x5ac, &(0x7f0000000100)={&(0x7f0000000200), 0x11}, 0x5, &(0x7f0000000180), 0x5, 0xe}, 0x5}, 0x2, 0x100) r4 = syz_genetlink_get_family_id$auto_nlctrl(&(0x7f0000001100), r0) futex$auto(&(0x7f0000000080)=0x2948, 0x9, 0x2948, 0x0, 0x0, 0x5) futex$auto(&(0x7f0000000080)=0x2948, 0x0, 0x2948, 0x0, 0x0, 0x5) futex$auto(&(0x7f0000000080)=0x3, 0x3, 0x1f, 0x0, &(0x7f0000000100)=0x4, 0x440a48d3) sendmsg$auto_CTRL_CMD_GETFAMILY(r0, &(0x7f00000011c0)={0x0, 0x0, &(0x7f0000001180)={&(0x7f0000001140)={0x14, r4, 0x1, 0x70bd2d, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x4}, 0x20000044) r5 = syz_genetlink_get_family_id$auto_psample(&(0x7f0000000400), r3) sendmsg$auto_PSAMPLE_CMD_GET_GROUP(r2, &(0x7f00000004c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000480)={&(0x7f0000000440)={0x14, r5, 0x200, 0x70bd29, 0x25dfdbfc, {}, ["", "", "", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) symlink$auto(&(0x7f0000000080)='.\x00', &(0x7f0000000040)='./file0\x00') openat2$dir(0xffffffffffffff9c, &(0x7f0000000340)='./file0/../file0\x00', &(0x7f00000002c0)={0x553c81, 0x10, 0x13}, 0x18) write$auto_fuse_conn_congestion_threshold_ops_control(0xffffffffffffffff, &(0x7f0000000100)="6e656c00813e8817517d381e8e2b7d03d9d63394815b3a0d31f4a2cc6f8c461f3cb94f4c7e2d8151e38fb861bfdac9494e7a5d3baae7500346b98e817bf2b03278ae2ec8a74f27ab72eff287ce9106d2882ffbb1287188cb55cf26e820fc4cbc79270b334a9139512b201aed734b4f2fd43aa7efbe138c473abd174394d8bb09ce50f264", 0x84) 3.263126219s ago: executing program 0 (id=481): r0 = socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r1 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f00000010c0)='/dev/snd/controlC1\x00', 0x802, 0x0) r2 = io_uring_setup$auto(0x6, 0x0) ioctl$auto(r1, 0xc1205531, r2) bpf$auto(0x0, &(0x7f0000000100)=@task_fd_query={0x5, 0x1ff, 0x7fa, 0x22104, 0x9, 0x7, 0x7ff, 0x20010180, 0x4000000f}, 0x198) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nfc(&(0x7f00000000c0), r0) sendmsg$auto_NFC_CMD_DEP_LINK_DOWN(r3, &(0x7f0000000340)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000000}, 0xc, 0x0}, 0x40010) socketpair$auto(0xd4, 0x7, 0x2, &(0x7f0000000380)=0x8) r4 = syz_genetlink_get_family_id$auto_macsec(&(0x7f0000000080), r0) ioctl$auto_IOCTL_VMCI_QUEUEPAIR_SETPAGEFILE(r2, 0x7a9, 0x0) r5 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/controlC1\x00', 0xa02, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_ADD(r5, 0xc1105517, &(0x7f00000001c0)={{@inferred, 0x100110d, 0x10003, 0x6, "e927783f468fa2e92fe8ec7a46cbb766439daa1ee1aa00000000e1800000000000000000040000660e070100", @raw=0x7}, 0x6, 0x0, 0x4, @raw=0x404, @integer64={0x20006, 0x8, 0x6}, "a4699d30a05edbe0d28473c399a7dc920b153e9b1675451d7de94b4123f970bedd3460c667373fcc59b584d81592f6ab606c276852295e00af49e6de6e768034"}) openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, 0x0, 0x40000, 0x0) read$auto(0x3, 0x0, 0x8) sendmsg$auto_MACSEC_CMD_UPD_TXSA(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000002ec0)={0x14, r4, 0x1, 0x70bd2d, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x4008000}, 0x400c8d4) 2.477561897s ago: executing program 2 (id=482): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) r0 = socket(0x2b, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @remote}, 0x6a) sendmmsg$auto(r0, &(0x7f0000000000)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x9, 0xfffffffd}, 0x1}, 0x5, 0x20000000) io_uring_setup$auto(0x1, 0x0) close_range$auto(0x2, r0, 0x5) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000002f00), 0xffffffffffffffff) sendmsg$auto_NFSD_CMD_VERSION_GET(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x14, r3, 0x1, 0x70bd27, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x2000c014}, 0x20008040) syz_genetlink_get_family_id$auto_nbd(&(0x7f0000001800), 0xffffffffffffffff) write$auto(r1, &(0x7f0000000180)='7\x00\\\xa0\x04|4\x00\x00\x03\x00\x00\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\x00rRVr\xc4O\xdc1\x9b%\x10Z\'\xb9\'\xa3stC=\x85\xc6\xf6\x13 \xeb\xff%\x11\x82\x05\xdfV\x02\xca&\xd8$<\xab&\xc8B-\xcc\x15\x04&\x13;\xfe\xbdQ\xaa\x16o\x1f\xc7\x94\xa3\xc9\x9a\xe1d\xf5\n\xe2\x88\x84\vT?\x98\xa2\x00'/206, 0x5) getsockopt$auto_SO_SNDTIMEO_NEW(r1, 0x8, 0x43, 0x0, 0x0) keyctl$auto(0x12, 0xfffffffffffffffc, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x1) 2.476853339s ago: executing program 3 (id=483): ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x89fc, 0x0) mmap$auto(0x0, 0x40006, 0xdf, 0x200009b72, 0x7, 0x28000) io_uring_setup$auto(0x6, 0x0) ustat$auto(0x801, 0x0) openat$auto_bm_entry_operations_binfmt_misc(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/fs/binfmt_misc/syz1\x00', 0x440202, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x155) socket(0x2, 0x2, 0x0) r0 = socket(0x2, 0x1, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x26241, 0x20) socket(0x2, 0x1, 0x106) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0xffff, @remote}, 0x6a) socket(0x2, 0x1, 0x106) listen$auto(0x3, 0x81) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x5, 0x20000000) truncate$auto(0x0, 0x7) accept$auto(0x3, 0xffffffffffffffff, 0xfffffffffffffffd) 2.319001253s ago: executing program 3 (id=484): socket$nl_generic(0x10, 0x3, 0x10) socket(0x15, 0x5, 0x0) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) userfaultfd$auto(0x1) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) socket(0xa, 0x801, 0x84) socket$nl_generic(0x10, 0x3, 0x10) socket(0x1, 0x1, 0x1) timerfd_create$auto(0x0, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x801, 0x84) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) socket(0xa, 0x2, 0x3a) r1 = io_uring_setup$auto(0x6, 0x0) r2 = socket(0xa, 0x2, 0x88) close_range$auto(0x0, 0xfffffffffffff000, 0x2) bpf$auto(0x0, &(0x7f0000000000)=@link_update={r2, @new_prog_fd=r0, 0x4, @old_map_fd=r1}, 0xa3) bpf$auto(0x3, &(0x7f0000000040)=@query={@target_ifindex, 0x4, 0x7, 0x9, 0x7f, @prog_cnt=0x4, 0x0, 0x80000000, 0xc, 0xb, 0x5}, 0x7) 2.15836828s ago: executing program 3 (id=485): close_range$auto(0x2, 0x8, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) mmap$auto(0x0, 0x7, 0xdf, 0x9b72, 0x7, 0x28000) close_range$auto(0x2, 0x8, 0x0) socket(0xa, 0x1, 0x84) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video1\x00', 0xc0400, 0x0) ioctl$auto(0x3, 0x4020565b, 0x38) r0 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, 0x0, 0xca600, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) fsconfig$auto_JFFS2_COMPR_MODE_NONE(r0, 0x9, &(0x7f00000000c0)='\x00', &(0x7f0000000100)="7c24e9aa1262df1b6e0d3654234c501719246b311d28be79f69fbfb894a6052977feadf76c77ebc25989f14109e43e14915a1bf0365ad9fd", 0x0) mmap$auto_vmwgfx_driver_fops_vmwgfx_drv(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x100000c, 0x11, 0xffffffffffffffff, 0x100040000) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) select$auto(0x11, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948e, 0xffffffffffffffff, 0x15f4da0a, 0x3, 0x1000, 0x62, 0x4000008000001f, 0x7, 0x6d3e, 0x6, 0x2, 0x6]}, 0x0) 2.151041188s ago: executing program 1 (id=493): ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x89fc, 0x0) mmap$auto(0x0, 0x40006, 0xdf, 0x200009b72, 0x7, 0x28000) io_uring_setup$auto(0x6, 0x0) ustat$auto(0x801, 0x0) openat$auto_bm_entry_operations_binfmt_misc(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/fs/binfmt_misc/syz1\x00', 0x440202, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x155) socket(0x2, 0x2, 0x0) r0 = socket(0x2, 0x1, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x26241, 0x20) socket(0x2, 0x1, 0x106) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0xffff, @remote}, 0x6a) socket(0x2, 0x1, 0x106) listen$auto(0x3, 0x81) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x5, 0x20000000) truncate$auto(0x0, 0x7) accept$auto(0x3, 0xffffffffffffffff, 0xfffffffffffffffd) 1.965321752s ago: executing program 0 (id=486): openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) mmap$auto(0x0, 0x2a, 0xdf, 0x9b72, 0x1000, 0x28000) r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000100)='/proc/asound/oss/devices\x00', 0x0, 0x0) read$auto_proc_reg_file_ops_compat_inode(r0, &(0x7f0000000000)=""/65, 0x41) semctl$auto(0x201, 0xfffffffffffffffa, 0x3, 0x0) ioctl$auto(0x3, 0xc0104d03, 0x5) r1 = openat$auto_raw_fops_raw_gadget(0xffffffffffffff9c, &(0x7f0000001100), 0xa8000, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_GET_MPP(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000140)={0x2c, r3, 0x1, 0x70bd2a, 0x25dfdbfc, {}, [@NL80211_ATTR_HE_CAPABILITY={0x15, 0x10d, "8223d208b7dd3463a3a936688073d724bb"}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40000}, 0x10) r4 = open(&(0x7f0000000480)='./cgroup.cpu/cgroup.procs\x00', 0x80842, 0x91) read$auto(r4, 0x0, 0x1) r5 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv6/conf/default/forwarding\x00', 0x141241, 0x0) r6 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup.cpu/tasks\x00', 0x63102, 0x0) sendfile$auto(r5, r6, 0x0, 0x2) sendmsg$auto_NL80211_CMD_SET_STATION(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x3c, r3, 0x100, 0x70bd27, 0x25dfdbfc, {}, [@NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x6}, @NL80211_ATTR_FILS_ERP_USERNAME={0x6, 0xf9, "fb7d"}, @NL80211_ATTR_CRIT_PROT_ID={0x6, 0xb3, 0x1}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x2}, @NL80211_ATTR_CIPHER_SUITE_GROUP={0x8, 0x4a, 0x4}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20000041}, 0x4040004) ioctl$auto_USB_RAW_IOCTL_EP0_READ(r1, 0xc0085504, &(0x7f0000000040)={0x9, 0x1, 0x5}) ioctl$auto_HPET_DPI(0xffffffffffffffff, 0x6805, 0x0) 1.49026241s ago: executing program 1 (id=487): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x40000008000) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000180)='/proc/asound/card1/cable#1\x00', 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket(0x25, 0x1, 0x3) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) eventfd$auto(0x3) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video1\x00', 0xc0400, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000100), 0x7c3142, 0x0) socketpair$auto(0x1a, 0x1, 0x8000000000000000, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ptye5\x00', 0x0, 0x0) ioctl$auto_TIOCSETD2(r1, 0x5423, 0x0) ioctl$auto(r1, 0x400455c8, r0) 1.490068579s ago: executing program 2 (id=488): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x60742, 0x0) fadvise64$auto(r0, 0x7fff, 0x6, 0x1) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) r1 = fanotify_init$auto(0x1, 0x2) fanotify_mark$auto(r1, 0x205, 0x100002, 0x4, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/fs/cifs/LookupCacheEnabled\x00', 0x48041, 0x0) setrlimit$auto(0x7, &(0x7f0000001380)={0x5, 0x6}) socket(0x22, 0x1, 0x0) socketpair$auto(0x3, 0x5, 0x7, 0x0) socket(0xa, 0x3, 0x3a) setsockopt$auto(0x400000000000003, 0x8029, 0xca, 0x0, 0x567) mmap$auto(0x0, 0x200006, 0x2, 0x40eb1, 0x602, 0x300000000000) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0) openat$auto_iommufd_fops_main(0xffffffffffffff9c, &(0x7f0000000000), 0x80001, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0x8138ae83, 0x0) 1.098691358s ago: executing program 0 (id=489): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/i8042/serio0/scroll\x00', 0x2062, 0x0) write$auto(r0, &(0x7f00000001c0)='1\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) write$auto(r0, &(0x7f0000000440)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b\v\x82\rd\xd2\xaa\v!\xb1}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb', 0x98c7) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, r0, 0x8000) syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) close_range$auto(0x2, 0xa, 0x0) socket(0x18, 0xa, 0x1) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'wlan0\x00', 0x0}) sendmsg$auto_NL80211_CMD_GET_INTERFACE(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000700)={0x1c, r2, 0x1, 0x70bd27, 0x25dfdbfc, {}, [@NL80211_ATTR_IFINDEX={0x8, 0x3, r4}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000801}, 0x4000084) socket(0xa, 0x2, 0x0) ioctl$auto_KVM_GET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000040)={0x2, 0x0, [{0x491, 0x400, 0x9}]}) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r6, @ANYBLOB="01002bbd7000fcdbdf2504"], 0x1c}}, 0x4044820) 913.073433ms ago: executing program 3 (id=490): close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x1, 0x0) io_uring_setup$auto(0x1, 0x0) open_by_handle_at$auto(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x7}, 0x3) r0 = socket(0x11, 0x3, 0x9) sendmmsg$auto(r0, &(0x7f0000000400)={{&(0x7f0000000000), 0x5aa, &(0x7f0000000100)={&(0x7f0000000440)="661b0cbd4aeb2ca218", 0x49}, 0x1, &(0x7f0000000200), 0x5, 0x3}, 0x5}, 0x2, 0x100) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "abe6de3d6468fe8000"}, 0x1b) close_range$auto(0x2, 0xa, 0x0) socket(0xa, 0x2, 0x0) r1 = socket(0xa, 0x3, 0xff) connect$auto(r1, &(0x7f00000018c0)=@generic={0xa}, 0x55) r2 = openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/stat\x00', 0x8c40, 0x0) r3 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nbd8\x00', 0x0, 0x0) ioctl$auto(r3, 0xc0c0128e, r3) read$auto_proc_single_file_operations_base(r2, &(0x7f0000000080)=""/119, 0x77) 766.696512ms ago: executing program 2 (id=491): mmap$auto(0x0, 0x2020409, 0xa, 0xeb1, 0xffffffffffffffff, 0x8000) r0 = socket(0xa, 0x1, 0x84) socket(0x23, 0x80805, 0x0) fanotify_init$auto(0x5, 0x2000000000002) io_uring_setup$auto(0x3, 0x0) pipe$auto(0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x48140, 0x0) socket(0x2, 0x3, 0xa) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x801, 0x106) socket(0x10, 0x2, 0x0) r2 = socket(0x10, 0x2, 0xc) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="18000000", @ANYRES8=r2, @ANYRES8=r1, @ANYRES64=r0], 0x18}, 0x1, 0x2000, 0x0, 0x40000}, 0x80) 487.159748ms ago: executing program 3 (id=492): socket(0x10, 0x2, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2000c000}, 0x0) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x1e, 0x4, 0x0) r1 = socket(0x1e, 0x4, 0x0) get_robust_list$auto(0x0, 0x0, 0x0) setsockopt$auto(r1, 0x10f, 0x87, 0x0, 0x14) setsockopt$auto(0x3, 0x10f, 0x87, 0x0, 0x14) recvmmsg$auto(r1, &(0x7f0000000200)={{0x0, 0x2, &(0x7f0000000140)={0x0, 0x4da}, 0x6, 0x0, 0x8, 0x7ff}, 0x1000}, 0xffffffff, 0x4, 0x0) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/pts/ptmx\x00', 0x40001, 0x0) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$auto(0x1f, 0x5, 0x8000000000000000, 0x0) ioctl$auto_TCFLSH2(r2, 0x80045439, 0x0) 339.570355ms ago: executing program 0 (id=494): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/platform/dummy_hcd.5/usb6/6-0:1.0/usb6-port1/connect_type\x00', 0x103280, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x2) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv6/conf/veth0/accept_ra_pinfo\x00', 0x2000, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$auto_NL802154_CMD_GET_WPAN_PHY(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000140)=ANY=[@ANYBLOB='(\x00', @ANYRES16=r1, @ANYBLOB="01002abd7000fedbdf27010000000c000600100000000000000400000000000a00ff"], 0x28}, 0x1, 0x0, 0x0, 0x51}, 0x0) arch_prctl$auto_ARCH_SET_FS(0x1001, 0x1) r2 = socket(0xa, 0x5, 0x0) r3 = setfsuid$auto(0xee00) setreuid$auto(r3, 0x0) msgctl$auto_MSG_INFO(0x875, 0xc, &(0x7f0000000180)={{0x6, 0xee00, 0x0, 0x9, 0x401, 0x0, 0x1}, 0x0, 0x0, 0x9, 0x7, 0x4, 0x5, 0x9, 0x200, 0x8, 0x5, @inferred=0xffffffffffffffff, @raw=0xcb}) fchown$auto(r2, r3, r4) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x200, 0x3, 0xf8, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x6, 0x2, 0x40eb2, 0xffffffffffffffff, 0x308000000000) remap_file_pages$auto(0x6, 0x19, 0x2fe, 0x5, 0x1) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) move_pages$auto(0x0, 0x1002, 0x0, 0x0, 0x0, 0x2) 324.945022ms ago: executing program 2 (id=495): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x40000008000) open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x130) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) socket(0x25, 0x5, 0x2) openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/tracing/per_cpu/cpu1/trace_pipe_raw\x00', 0x1000, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) io_uring_setup$auto(0x946, 0x0) select$auto(0x10, 0x0, 0x0, &(0x7f0000000140)={[0x1ff, 0x4, 0xd3e, 0x1, 0x948b, 0x3, 0x800295f4da0a, 0x2, 0x3, 0x62, 0x80000001, 0x50a7, 0x6d3f, 0x9, 0x2, 0xfffffffffffffffe]}, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7f, 0xd, 0x1, 0x948f, 0x1005, 0x206, 0x7, 0xfffffffffffffff6, 0x7, 0x9, 0x79d, 0x6, 0x100000000000000, 0xfffffffffffffffe, 0xf]}, 0x0) open(0x0, 0x161342, 0x130) fallocate$auto(0x8000000000000003, 0x0, 0x9, 0x4cbd5d) write$auto(0x3, 0x0, 0x7fffffff) close_range$auto(0x2, 0x8, 0x0) lstat$auto(0x0, 0x0) 0s ago: executing program 0 (id=496): mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) ustat$auto(0x801, 0x0) open(0x0, 0x22240, 0x155) socket(0x2, 0x2, 0x0) r0 = socket(0x2, 0x1, 0x0) close_range$auto(0x2, 0xffffffffffffffff, 0x0) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0xd, 0x2, 0x6, 0x4, 0x8, 0xffffffffffffffff, [], {0x6, 0x6, 0x0, 0x29f, 0x100, 0x7f, 0xffffffff, 0x6, 0x2}, {0x8000100, 0x1, 0x8000052, 0x5, 0x1, 0x40, 0x76c5, 0x9a, 0x100000000}}) socket(0x2b, 0x1, 0x0) socket(0x2, 0x1, 0x106) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0xffff, @remote}, 0x6a) listen$auto(0x3, 0x81) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x5, 0x20000000) poll$auto(&(0x7f0000000d40)={0x3, 0x1, 0xa}, 0x5, 0x400) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.93' (ED25519) to the list of known hosts. [ 87.290735][ T5817] cgroup: Unknown subsys name 'net' [ 87.439966][ T5817] cgroup: Unknown subsys name 'cpuset' [ 87.450126][ T5817] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 89.171673][ T5817] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 92.056915][ T52] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 92.073123][ T5836] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 92.081300][ T5836] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 92.090451][ T5836] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 92.097796][ T5836] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 92.106197][ T5836] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 92.110278][ T5840] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 92.121352][ T5840] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 92.129781][ T5836] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 92.131680][ T5840] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 92.138457][ T5836] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 92.145433][ T5840] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 92.151626][ T5836] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 92.173046][ T5837] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 92.181574][ T5837] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 92.255899][ T52] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 92.266125][ T52] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 92.274999][ T52] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 92.282978][ T52] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 92.290945][ T52] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 92.693922][ T5834] chnl_net:caif_netlink_parms(): no params data found [ 92.874921][ T5834] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.883536][ T5834] bridge0: port 1(bridge_slave_0) entered disabled state [ 92.892222][ T5834] bridge_slave_0: entered allmulticast mode [ 92.899709][ T5834] bridge_slave_0: entered promiscuous mode [ 92.918083][ T5834] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.925208][ T5834] bridge0: port 2(bridge_slave_1) entered disabled state [ 92.933002][ T5834] bridge_slave_1: entered allmulticast mode [ 92.940323][ T5834] bridge_slave_1: entered promiscuous mode [ 92.948004][ T5830] chnl_net:caif_netlink_parms(): no params data found [ 93.003863][ T5828] chnl_net:caif_netlink_parms(): no params data found [ 93.032774][ T5834] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 93.075671][ T5834] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 93.149885][ T5834] team0: Port device team_slave_0 added [ 93.155798][ T5843] chnl_net:caif_netlink_parms(): no params data found [ 93.181205][ T5834] team0: Port device team_slave_1 added [ 93.277648][ T5830] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.284927][ T5830] bridge0: port 1(bridge_slave_0) entered disabled state [ 93.292796][ T5830] bridge_slave_0: entered allmulticast mode [ 93.299971][ T5830] bridge_slave_0: entered promiscuous mode [ 93.318770][ T5834] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 93.325725][ T5834] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 93.351870][ T5834] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 93.376156][ T5830] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.383383][ T5830] bridge0: port 2(bridge_slave_1) entered disabled state [ 93.390960][ T5830] bridge_slave_1: entered allmulticast mode [ 93.399116][ T5830] bridge_slave_1: entered promiscuous mode [ 93.406751][ T5828] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.413877][ T5828] bridge0: port 1(bridge_slave_0) entered disabled state [ 93.421349][ T5828] bridge_slave_0: entered allmulticast mode [ 93.429860][ T5828] bridge_slave_0: entered promiscuous mode [ 93.437868][ T5834] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 93.444838][ T5834] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 93.471061][ T5834] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 93.509165][ T5828] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.516493][ T5828] bridge0: port 2(bridge_slave_1) entered disabled state [ 93.523642][ T5828] bridge_slave_1: entered allmulticast mode [ 93.531157][ T5828] bridge_slave_1: entered promiscuous mode [ 93.583802][ T5843] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.591045][ T5843] bridge0: port 1(bridge_slave_0) entered disabled state [ 93.598540][ T5843] bridge_slave_0: entered allmulticast mode [ 93.605725][ T5843] bridge_slave_0: entered promiscuous mode [ 93.616346][ T5830] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 93.639463][ T5828] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 93.648849][ T5843] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.656214][ T5843] bridge0: port 2(bridge_slave_1) entered disabled state [ 93.663370][ T5843] bridge_slave_1: entered allmulticast mode [ 93.671219][ T5843] bridge_slave_1: entered promiscuous mode [ 93.679952][ T5830] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 93.701946][ T5828] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 93.744089][ T5834] hsr_slave_0: entered promiscuous mode [ 93.750609][ T5834] hsr_slave_1: entered promiscuous mode [ 93.806123][ T5843] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 93.818197][ T5828] team0: Port device team_slave_0 added [ 93.825709][ T5830] team0: Port device team_slave_0 added [ 93.833650][ T5843] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 93.855599][ T5828] team0: Port device team_slave_1 added [ 93.862930][ T5830] team0: Port device team_slave_1 added [ 93.950951][ T5843] team0: Port device team_slave_0 added [ 93.964102][ T5828] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 93.971274][ T5828] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 93.997606][ T5828] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 94.009497][ T5830] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 94.017127][ T5830] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 94.043299][ T5830] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 94.061962][ T5843] team0: Port device team_slave_1 added [ 94.068116][ T5828] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 94.075056][ T5828] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 94.101556][ T5828] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 94.113288][ T5830] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 94.120529][ T5830] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 94.146767][ T5830] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 94.221889][ T5843] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 94.229547][ T5843] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 94.255711][ T5843] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 94.267496][ T5837] Bluetooth: hci2: command tx timeout [ 94.267701][ T5837] Bluetooth: hci1: command tx timeout [ 94.278471][ T52] Bluetooth: hci0: command tx timeout [ 94.279426][ T5843] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 94.290911][ T5843] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 94.317625][ T5843] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 94.336212][ T5837] Bluetooth: hci3: command tx timeout [ 94.404169][ T5830] hsr_slave_0: entered promiscuous mode [ 94.410688][ T5830] hsr_slave_1: entered promiscuous mode [ 94.417332][ T5830] debugfs: 'hsr0' already exists in 'hsr' [ 94.423146][ T5830] Cannot create hsr debugfs directory [ 94.441707][ T5828] hsr_slave_0: entered promiscuous mode [ 94.448214][ T5828] hsr_slave_1: entered promiscuous mode [ 94.454312][ T5828] debugfs: 'hsr0' already exists in 'hsr' [ 94.460124][ T5828] Cannot create hsr debugfs directory [ 94.543345][ T5843] hsr_slave_0: entered promiscuous mode [ 94.552548][ T5843] hsr_slave_1: entered promiscuous mode [ 94.559041][ T5843] debugfs: 'hsr0' already exists in 'hsr' [ 94.564843][ T5843] Cannot create hsr debugfs directory [ 94.738736][ T5834] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 94.781268][ T5834] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 94.815321][ T5834] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 94.845656][ T5834] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 95.012609][ T5828] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 95.023279][ T5828] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 95.035137][ T5828] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 95.059702][ T5828] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 95.141992][ T5830] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 95.154320][ T5830] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 95.168413][ T5830] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 95.184778][ T5830] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 95.274340][ T5843] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 95.291672][ T5843] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 95.309676][ T5843] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 95.321347][ T5843] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 95.359809][ T5834] 8021q: adding VLAN 0 to HW filter on device bond0 [ 95.410251][ T5834] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.437991][ T3492] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.445206][ T3492] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.481228][ T3492] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.488532][ T3492] bridge0: port 2(bridge_slave_1) entered forwarding state [ 95.529001][ T5828] 8021q: adding VLAN 0 to HW filter on device bond0 [ 95.582225][ T5830] 8021q: adding VLAN 0 to HW filter on device bond0 [ 95.610059][ T5828] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.628586][ T3492] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.635711][ T3492] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.655856][ T3492] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.663025][ T3492] bridge0: port 2(bridge_slave_1) entered forwarding state [ 95.684232][ T5830] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.719299][ T3492] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.726509][ T3492] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.761442][ T3492] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.768629][ T3492] bridge0: port 2(bridge_slave_1) entered forwarding state [ 95.831030][ T5843] 8021q: adding VLAN 0 to HW filter on device bond0 [ 95.932439][ T5843] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.965730][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.972976][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.994845][ T3439] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.002025][ T3439] bridge0: port 2(bridge_slave_1) entered forwarding state [ 96.125286][ T5834] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 96.299620][ T5834] veth0_vlan: entered promiscuous mode [ 96.315828][ T5834] veth1_vlan: entered promiscuous mode [ 96.337077][ T5837] Bluetooth: hci0: command tx timeout [ 96.337104][ T5840] Bluetooth: hci1: command tx timeout [ 96.349356][ T52] Bluetooth: hci2: command tx timeout [ 96.416164][ T5840] Bluetooth: hci3: command tx timeout [ 96.427391][ T5828] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 96.448800][ T5834] veth0_macvtap: entered promiscuous mode [ 96.481992][ T5834] veth1_macvtap: entered promiscuous mode [ 96.522297][ T5830] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 96.564008][ T5834] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 96.582627][ T5843] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 96.592255][ T5834] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 96.614202][ T5828] veth0_vlan: entered promiscuous mode [ 96.632731][ T1158] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.642274][ T1158] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.659394][ T1158] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.670442][ T1158] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.697221][ T5828] veth1_vlan: entered promiscuous mode [ 96.777007][ T5830] veth0_vlan: entered promiscuous mode [ 96.811935][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.823145][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.843977][ T44] cfg80211: failed to load regulatory.db [ 96.854961][ T5830] veth1_vlan: entered promiscuous mode [ 96.891791][ T5828] veth0_macvtap: entered promiscuous mode [ 96.911099][ T5843] veth0_vlan: entered promiscuous mode [ 96.922742][ T1158] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.931256][ T1158] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.938756][ T5828] veth1_macvtap: entered promiscuous mode [ 96.961143][ T5843] veth1_vlan: entered promiscuous mode [ 96.992082][ T5828] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 97.030416][ T5834] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 97.032140][ T5828] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 97.071135][ T1037] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.089623][ T1037] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.110181][ T5830] veth0_macvtap: entered promiscuous mode [ 97.123393][ T1037] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.148935][ T1037] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.167663][ T5843] veth0_macvtap: entered promiscuous mode [ 97.181659][ T5830] veth1_macvtap: entered promiscuous mode [ 97.198196][ T5843] veth1_macvtap: entered promiscuous mode [ 97.264268][ T5830] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 97.299255][ T5843] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 97.331569][ T5843] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 97.341259][ T5830] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 97.373711][ T1158] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.399604][ T1158] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.412161][ T1158] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.434929][ T1158] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.453428][ T1158] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.463453][ T1158] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.473465][ T1158] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.489356][ T1037] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.512233][ T1037] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.522854][ T1158] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.619650][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.635015][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.739319][ T1327] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.747830][ T3439] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.768778][ T3439] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.783177][ T1327] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.882363][ T1327] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.897603][ T1327] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.000736][ T1327] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.012913][ T1327] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.417053][ T52] Bluetooth: hci0: command tx timeout [ 98.417061][ T5837] Bluetooth: hci2: command tx timeout [ 98.428581][ T5840] Bluetooth: hci1: command tx timeout [ 98.496543][ T5840] Bluetooth: hci3: command tx timeout [ 98.631546][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 98.644373][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 98.656922][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 98.749451][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 98.845999][ T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!! [ 98.863812][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 99.019418][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 99.062951][ T5942] vivid-007: ================= START STATUS ================= [ 99.076607][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 99.088340][ T5942] vivid-007: Generate PTS: true [ 99.102371][ T5942] vivid-007: Generate SCR: true [ 99.126958][ T5942] tpg source WxH: 320x240 (Y'CbCr) [ 99.132127][ T5942] tpg field: 1 [ 99.135523][ T5942] tpg crop: (0,0)/320x240 [ 99.197083][ T5942] tpg compose: (0,0)/320x240 [ 99.201749][ T5942] tpg colorspace: 8 [ 99.219334][ T5942] tpg transfer function: 0/0 [ 99.238988][ T5942] tpg Y'CbCr encoding: 0/0 [ 99.243549][ T5942] tpg quantization: 0/0 [ 99.260742][ T5942] tpg RGB range: 0/2 [ 99.265081][ T5942] vivid-007: ================== END STATUS ================== [ 99.566577][ T0] NOHZ tick-stop error: local softirq work is pending, handler #300!!! [ 99.576428][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 100.200621][ T5955] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 100.248795][ T5965] Zero length message leads to an empty skb [ 100.500590][ T52] Bluetooth: hci1: command tx timeout [ 100.500795][ T5837] Bluetooth: hci0: command tx timeout [ 100.511705][ T5840] Bluetooth: hci2: command tx timeout [ 100.576481][ T5840] Bluetooth: hci3: command tx timeout [ 101.221149][ T5840] Bluetooth: hci3: unexpected event 0x0f length: 440 > 4 [ 101.559294][ T5983] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 101.765253][ T5989] netlink: 338 bytes leftover after parsing attributes in process `syz.0.17'. [ 101.774354][ T5989] net veth1_virt_wifi virt_wifi0: entered promiscuous mode [ 101.783463][ T5989] net veth1_virt_wifi virt_wifi0: entered allmulticast mode [ 102.074330][ T5997] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 102.087913][ T5995] netlink: 13 bytes leftover after parsing attributes in process `syz.3.19'. [ 105.297232][ T5840] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0 [ 105.307223][ T5840] Bluetooth: hci3: Injecting HCI hardware error event [ 105.314884][ T5840] Bluetooth: hci3: hardware error 0x00 [ 105.911142][ T6057] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 106.796455][ T5837] Bluetooth: hci0: unexpected event 0x0e length: 440 > 260 [ 107.024348][ T6084] input: f as /devices/virtual/input/input5 [ 107.536141][ T5840] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 109.551788][ T6119] netlink: 9 bytes leftover after parsing attributes in process `syz.3.54'. [ 109.893794][ T6127] usb usb13: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 110.541684][ T6127] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 110.568586][ T6141] netlink: 338 bytes leftover after parsing attributes in process `syz.1.59'. [ 110.625059][ T6136] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 110.816019][ T5840] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0 [ 110.825062][ T5840] Bluetooth: hci0: Injecting HCI hardware error event [ 110.837401][ T5840] Bluetooth: hci0: hardware error 0x00 [ 111.003760][ T6133] zswap: compressor not available [ 112.902776][ T6179] netlink: 25 bytes leftover after parsing attributes in process `syz.3.71'. [ 113.059722][ T5840] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 113.357034][ T6186] binder: 6185:6186 ioctl c0306201 0 returned -14 [ 113.385816][ T6186] random: crng reseeded on system resumption [ 114.342628][ T6200] syz.1.78 uses obsolete (PF_INET,SOCK_PACKET) [ 117.316879][ T6223] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 117.366534][ T6223] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 117.590243][ T6229] netlink: 25 bytes leftover after parsing attributes in process `syz.0.83'. [ 118.619995][ T6240] netlink: 330 bytes leftover after parsing attributes in process `syz.1.89'. [ 118.703168][ T6240] : renamed from veth1_vlan (while UP) [ 119.155837][ T6240] : entered allmulticast mode [ 119.293000][ T5886] smpboot: CPU 1 is now offline [ 119.585127][ T6249] smpboot: Booting Node 0 Processor 1 APIC 0x1 [ 119.630214][ T6254] netlink: 28 bytes leftover after parsing attributes in process `syz.1.92'. [ 119.727034][ T6254] bridge0: port 2(bridge_slave_1) entered disabled state [ 119.983604][ T6257] netlink: 25 bytes leftover after parsing attributes in process `syz.3.95'. [ 120.028379][ T6254] bridge_slave_1 (unregistering): left allmulticast mode [ 120.075962][ T6254] bridge_slave_1 (unregistering): left promiscuous mode [ 120.083068][ T6254] bridge0: port 2(bridge_slave_1) entered disabled state [ 120.323326][ T6262] netlink: 4 bytes leftover after parsing attributes in process `syz.0.94'. [ 120.378268][ T6266] netlink: 17 bytes leftover after parsing attributes in process `syz.3.96'. [ 120.415640][ T6268] netlink: 354 bytes leftover after parsing attributes in process `syz.0.94'. [ 124.266393][ T6310] Invalid ELF header magic: != ELF [ 125.240282][ T6320] netlink: 504 bytes leftover after parsing attributes in process `syz.0.110'. [ 125.906905][ T6336] device-mapper: ioctl: Unable to rename non-existent device, to uuid [ 126.554193][ T6341] netlink: 17 bytes leftover after parsing attributes in process `syz.1.117'. [ 127.097962][ T6346] netlink: 28 bytes leftover after parsing attributes in process `syz.2.119'. [ 127.740013][ T6359] netlink: 4 bytes leftover after parsing attributes in process `syz.3.123'. [ 127.749484][ T6360] netlink: 25 bytes leftover after parsing attributes in process `syz.0.122'. [ 127.750985][ T6359] netlink: 'syz.3.123': attribute type 1 has an invalid length. [ 127.802584][ T6359] netlink: 5 bytes leftover after parsing attributes in process `syz.3.123'. [ 127.989606][ T6366] netlink: 'syz.2.125': attribute type 2 has an invalid length. [ 127.997496][ T6366] netlink: 'syz.2.125': attribute type 3 has an invalid length. [ 128.005150][ T6366] netlink: 'syz.2.125': attribute type 2 has an invalid length. [ 128.013353][ T6366] netlink: 'syz.2.125': attribute type 3 has an invalid length. [ 128.022887][ T6366] netlink: 30 bytes leftover after parsing attributes in process `syz.2.125'. [ 128.291744][ T6373] tipc: Started in network mode [ 128.296983][ T6373] tipc: Node identity ffffffff, cluster identity 4711 [ 128.314096][ T6373] tipc: Node number set to 4294967295 [ 128.327297][ T6376] process 'syz.0.126' launched '' with NULL argv: empty string added [ 128.961550][ T6387] Console: switching to colour VGA+ 80x25 [ 129.256421][ T6391] Console: switching to colour frame buffer device 128x48 [ 132.422424][ T6436] futex_wake_op: syz.3.141 tries to shift op by -2048; fix this program [ 132.466782][ T6436] futex_wake_op: syz.3.141 tries to shift op by -2048; fix this program [ 132.516458][ T6436] 0x000000000001-0x000000020000 : "" [ 132.556763][ T6436] ftl_cs: FTL header corrupt! [ 133.060945][ T6419] kexec: Could not allocate control_code_buffer [ 133.707602][ T6464] Trying to write to read-only block-device sda1 [ 134.518695][ T30] audit: type=1800 audit(4294967301.090:2): pid=6477 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.152" name="dbroot" dev="configfs" ino=11376 res=0 errno=0 [ 134.756689][ T6481] netlink: 4 bytes leftover after parsing attributes in process `syz.2.153'. [ 134.837693][ T6482] netlink: 5 bytes leftover after parsing attributes in process `syz.2.153'. [ 135.748536][ T6491] bond0: invalid ARP target specified [ 135.923223][ T6496] mmap: syz.3.158 (6496) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 135.930259][ T6488] Invalid ELF header magic: != ELF [ 135.989256][ T6487] delete_channel: no stack [ 136.329072][ T6505] netlink: 62 bytes leftover after parsing attributes in process `syz.3.161'. [ 136.508381][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 136.524452][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 137.073070][ T6514] netlink: 4 bytes leftover after parsing attributes in process `syz.1.162'. [ 137.118899][ T6514] netlink: 25 bytes leftover after parsing attributes in process `syz.1.162'. [ 138.194170][ T6532] netlink: 16 bytes leftover after parsing attributes in process `syz.1.168'. [ 138.784964][ T6542] netlink: 28 bytes leftover after parsing attributes in process `syz.3.174'. [ 138.887856][ T6542] hsr_slave_0 (unregistering): left promiscuous mode [ 139.192643][ T6549] netlink: 13 bytes leftover after parsing attributes in process `syz.0.177'. [ 139.942415][ T6567] netlink: 16 bytes leftover after parsing attributes in process `syz.2.182'. [ 141.488289][ T6596] netlink: 28 bytes leftover after parsing attributes in process `syz.0.187'. [ 141.639973][ T6596] hsr_slave_0 (unregistering): left promiscuous mode [ 141.797222][ T6601] bond0: invalid ARP target specified [ 142.199359][ T6615] netlink: 16 bytes leftover after parsing attributes in process `syz.3.193'. [ 142.481328][ T6623] netlink: 4 bytes leftover after parsing attributes in process `syz.3.194'. [ 142.503530][ T6623] netlink: 25 bytes leftover after parsing attributes in process `syz.3.194'. [ 143.150176][ T6638] netlink: 4 bytes leftover after parsing attributes in process `syz.0.205'. [ 143.189621][ T6638] netlink: 25 bytes leftover after parsing attributes in process `syz.0.205'. [ 143.577247][ T6656] futex_wake_op: syz.0.199 tries to shift op by -2048; fix this program [ 143.652465][ T6656] futex_wake_op: syz.0.199 tries to shift op by -2048; fix this program [ 143.676905][ T6659] 0x000000000001-0x000000020000 : "" [ 143.778550][ T6659] ftl_cs: FTL header corrupt! [ 144.488558][ T6670] snd_virmidi snd_virmidi.0: control 61678:131081:32767:y>o[k<:1 is already present [ 144.750551][ T6678] netlink: 16 bytes leftover after parsing attributes in process `syz.0.204'. [ 144.779494][ T6677] Console: switching to colour VGA+ 80x25 [ 144.977787][ T6682] Console: switching to colour frame buffer device 128x48 [ 147.216326][ T6713] snd_virmidi snd_virmidi.0: control 61678:131081:32767:y>o[k<:1 is already present [ 147.284655][ T6715] netlink: 4 bytes leftover after parsing attributes in process `syz.0.222'. [ 147.295014][ T6715] netlink: 5 bytes leftover after parsing attributes in process `syz.0.222'. [ 147.489092][ T6723] netlink: 17 bytes leftover after parsing attributes in process `syz.0.217'. [ 147.618479][ T6725] Invalid ELF header magic: != ELF [ 147.874905][ T6717] delete_channel: no stack [ 150.763577][ T5886] smpboot: CPU 1 is now offline [ 150.962378][ T6772] smpboot: Booting Node 0 Processor 1 APIC 0x1 [ 151.357508][ T6778] netlink: 330 bytes leftover after parsing attributes in process `syz.3.232'. [ 151.502174][ T6778] : renamed from veth1_vlan (while UP) [ 151.515497][ T6778] : entered allmulticast mode [ 151.902439][ T6784] netlink: 25 bytes leftover after parsing attributes in process `syz.2.233'. [ 153.045466][ T6788] netlink: 28 bytes leftover after parsing attributes in process `syz.3.235'. [ 154.919273][ T6822] Console: switching to colour VGA+ 80x25 [ 155.287324][ T6824] Console: switching to colour frame buffer device 128x48 [ 157.030257][ T6837] netlink: 28 bytes leftover after parsing attributes in process `syz.1.246'. [ 158.377611][ T6863] usb usb13: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 158.867628][ T6871] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 159.396653][ T6877] Console: switching to colour VGA+ 80x25 [ 159.555055][ T6878] Console: switching to colour frame buffer device 128x48 [ 160.427037][ T6886] Console: switching to colour VGA+ 80x25 [ 160.659403][ T6892] Console: switching to colour frame buffer device 128x48 [ 162.707254][ T6903] netlink: 28 bytes leftover after parsing attributes in process `syz.0.258'. [ 164.306521][ T6932] input: f as /devices/virtual/input/input6 [ 165.019609][ T6939] input: f as /devices/virtual/input/input7 [ 168.306203][ T6960] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 174.628680][ T7036] FAULT_INJECTION: forcing a failure. [ 174.628680][ T7036] name failslab, interval 1, probability 0, space 0, times 1 [ 174.809610][ T7036] CPU: 1 UID: 0 PID: 7036 Comm: syz.1.301 Tainted: G L syzkaller #0 PREEMPT(full) [ 174.809643][ T7036] Tainted: [L]=SOFTLOCKUP [ 174.809650][ T7036] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 174.809665][ T7036] Call Trace: [ 174.809672][ T7036] [ 174.809680][ T7036] dump_stack_lvl+0x16c/0x1f0 [ 174.809707][ T7036] should_fail_ex+0x512/0x640 [ 174.809736][ T7036] ? __kmalloc_cache_noprof+0x5f/0x800 [ 174.809761][ T7036] should_failslab+0xc2/0x120 [ 174.809793][ T7036] __kmalloc_cache_noprof+0x80/0x800 [ 174.809816][ T7036] ? vkms_plane_duplicate_state+0x87/0x130 [ 174.809851][ T7036] ? vkms_plane_duplicate_state+0x87/0x130 [ 174.809880][ T7036] vkms_plane_duplicate_state+0x87/0x130 [ 174.809911][ T7036] drm_atomic_get_plane_state+0x279/0x760 [ 174.809942][ T7036] drm_client_modeset_commit_atomic+0x237/0x7e0 [ 174.809982][ T7036] ? __mutex_lock+0x27b/0x1ca0 [ 174.810005][ T7036] ? __pfx_drm_client_modeset_commit_atomic+0x10/0x10 [ 174.810037][ T7036] ? trace_contention_end+0xdd/0x110 [ 174.810088][ T7036] drm_client_modeset_commit_locked+0x14d/0x580 [ 174.810125][ T7036] drm_client_modeset_commit+0x4f/0x80 [ 174.810159][ T7036] __drm_fb_helper_restore_fbdev_mode_unlocked.part.0+0x137/0x160 [ 174.810194][ T7036] drm_fb_helper_restore_fbdev_mode_unlocked+0x93/0xc0 [ 174.810227][ T7036] drm_fbdev_client_restore+0x1b/0x30 [ 174.810252][ T7036] ? __pfx_drm_fbdev_client_restore+0x10/0x10 [ 174.810277][ T7036] drm_client_dev_restore+0x200/0x2a0 [ 174.810313][ T7036] drm_release+0x2c6/0x360 [ 174.810344][ T7036] ? __pfx_drm_release+0x10/0x10 [ 174.810378][ T7036] __fput+0x402/0xb70 [ 174.810404][ T7036] task_work_run+0x150/0x240 [ 174.810427][ T7036] ? __pfx_task_work_run+0x10/0x10 [ 174.810448][ T7036] ? __do_sys_close_range+0x278/0x730 [ 174.810486][ T7036] exit_to_user_mode_loop+0xfb/0x540 [ 174.810515][ T7036] do_syscall_64+0x4ee/0xf80 [ 174.810539][ T7036] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 174.810564][ T7036] RIP: 0033:0x7fa52118f7c9 [ 174.810584][ T7036] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 174.810603][ T7036] RSP: 002b:00007fa522066038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 174.810622][ T7036] RAX: 0000000000000000 RBX: 00007fa5213e6090 RCX: 00007fa52118f7c9 [ 174.810635][ T7036] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 174.810647][ T7036] RBP: 00007fa521213f91 R08: 0000000000000000 R09: 0000000000000000 [ 174.810659][ T7036] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 174.810671][ T7036] R13: 00007fa5213e6128 R14: 00007fa5213e6090 R15: 00007ffc0e494858 [ 174.810698][ T7036] [ 176.315660][ T7059] netlink: 28 bytes leftover after parsing attributes in process `syz.3.294'. [ 176.351237][ T7059] bridge0: port 2(bridge_slave_1) entered disabled state [ 176.570154][ T7059] bridge_slave_1 (unregistering): left allmulticast mode [ 176.617344][ T7059] bridge_slave_1 (unregistering): left promiscuous mode [ 176.643616][ T7059] bridge0: port 2(bridge_slave_1) entered disabled state [ 177.944524][ T7071] Console: switching to colour VGA+ 80x25 [ 178.207297][ T7072] Console: switching to colour frame buffer device 128x48 [ 178.343867][ T7080] FAULT_INJECTION: forcing a failure. [ 178.343867][ T7080] name failslab, interval 1, probability 0, space 0, times 0 [ 178.436790][ T7080] CPU: 1 UID: 0 PID: 7080 Comm: syz.2.304 Tainted: G L syzkaller #0 PREEMPT(full) [ 178.436839][ T7080] Tainted: [L]=SOFTLOCKUP [ 178.436849][ T7080] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 178.436867][ T7080] Call Trace: [ 178.436876][ T7080] [ 178.436888][ T7080] dump_stack_lvl+0x16c/0x1f0 [ 178.436925][ T7080] should_fail_ex+0x512/0x640 [ 178.436966][ T7080] ? __kmalloc_cache_noprof+0x5f/0x800 [ 178.437024][ T7080] should_failslab+0xc2/0x120 [ 178.437072][ T7080] __kmalloc_cache_noprof+0x80/0x800 [ 178.437108][ T7080] ? drm_atomic_helper_connector_duplicate_state+0x70/0xd0 [ 178.437181][ T7080] ? drm_atomic_helper_connector_duplicate_state+0x70/0xd0 [ 178.437242][ T7080] drm_atomic_helper_connector_duplicate_state+0x70/0xd0 [ 178.437294][ T7080] drm_atomic_get_connector_state+0x3f8/0x900 [ 178.437344][ T7080] drm_atomic_add_affected_connectors+0x2e0/0x3f0 [ 178.437390][ T7080] ? __pfx_drm_atomic_add_affected_connectors+0x10/0x10 [ 178.437431][ T7080] ? modeset_lock+0x114/0x6d0 [ 178.437473][ T7080] __drm_atomic_helper_set_config+0x5ef/0xea0 [ 178.437524][ T7080] ? __pfx___drm_atomic_helper_set_config+0x10/0x10 [ 178.437572][ T7080] ? drm_client_rotation+0x4da/0x6a0 [ 178.437623][ T7080] drm_client_modeset_commit_atomic+0x53d/0x7e0 [ 178.437682][ T7080] ? __mutex_lock+0x27b/0x1ca0 [ 178.437717][ T7080] ? __pfx_drm_client_modeset_commit_atomic+0x10/0x10 [ 178.437763][ T7080] ? trace_contention_end+0xdd/0x110 [ 178.437821][ T7080] drm_client_modeset_commit_locked+0x14d/0x580 [ 178.437869][ T7080] drm_client_modeset_commit+0x4f/0x80 [ 178.437912][ T7080] __drm_fb_helper_restore_fbdev_mode_unlocked.part.0+0x137/0x160 [ 178.437957][ T7080] drm_fb_helper_restore_fbdev_mode_unlocked+0x93/0xc0 [ 178.438002][ T7080] drm_fbdev_client_restore+0x1b/0x30 [ 178.438033][ T7080] ? __pfx_drm_fbdev_client_restore+0x10/0x10 [ 178.438064][ T7080] drm_client_dev_restore+0x200/0x2a0 [ 178.438109][ T7080] drm_release+0x2c6/0x360 [ 178.438148][ T7080] ? __pfx_drm_release+0x10/0x10 [ 178.438183][ T7080] __fput+0x402/0xb70 [ 178.438214][ T7080] task_work_run+0x150/0x240 [ 178.438251][ T7080] ? __pfx_task_work_run+0x10/0x10 [ 178.438277][ T7080] ? __do_sys_close_range+0x278/0x730 [ 178.438327][ T7080] exit_to_user_mode_loop+0xfb/0x540 [ 178.438363][ T7080] do_syscall_64+0x4ee/0xf80 [ 178.438393][ T7080] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 178.438418][ T7080] RIP: 0033:0x7f985878f7c9 [ 178.438438][ T7080] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 178.438462][ T7080] RSP: 002b:00007f98595ab038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 178.438486][ T7080] RAX: 0000000000000000 RBX: 00007f98589e6090 RCX: 00007f985878f7c9 [ 178.438502][ T7080] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 178.438516][ T7080] RBP: 00007f9858813f91 R08: 0000000000000000 R09: 0000000000000000 [ 178.438532][ T7080] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 178.438546][ T7080] R13: 00007f98589e6128 R14: 00007f98589e6090 R15: 00007fffc3a7a578 [ 178.438580][ T7080] [ 180.796405][ T7097] netlink: 28 bytes leftover after parsing attributes in process `syz.2.309'. [ 180.911752][ T7097] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 181.008732][ T7097] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 181.057872][ T7097] bond0 (unregistering): Released all slaves [ 181.369534][ T6936] syz.1.267 (6936) used greatest stack depth: 18440 bytes left [ 181.608804][ T7105] Invalid ELF header magic: != ELF [ 184.808287][ T7133] binder: 7128:7133 ioctl c0306201 200000000000 returned -11 [ 185.207704][ T7138] netlink: 334 bytes leftover after parsing attributes in process `syz.2.318'. [ 185.462146][ T7130] syz.3.315 (7130) used greatest stack depth: 18344 bytes left [ 186.276732][ T30] audit: type=1800 audit(4294967343.600:3): pid=7147 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.321" name="dbroot" dev="configfs" ino=15529 res=0 errno=0 [ 186.864925][ T5840] Bluetooth: hci1: unexpected subevent 0x18 length: 123 > 19 [ 186.872415][ T5840] Bluetooth: hci1: Unable to find connection for dst f9:56:cc:cc:70:a9 sid 0x00 [ 187.247623][ T7160] Console: switching to colour VGA+ 80x25 [ 187.505251][ T7161] Console: switching to colour frame buffer device 128x48 [ 188.067360][ T7171] Invalid ELF header magic: != ELF [ 188.496124][ T7149] Bluetooth: hci1: Opcode 0x0c1a failed: -110 [ 188.499446][ T5840] Bluetooth: hci1: command 0x0c1a tx timeout [ 188.508608][ T7149] Bluetooth: hci1: Opcode 0x0406 failed: -110 [ 189.851577][ T7149] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 189.880110][ T7149] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 189.916103][ T7149] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 189.992572][ T7149] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 190.575992][ T5840] Bluetooth: hci1: command 0x0c1a tx timeout [ 191.936077][ T5840] Bluetooth: hci2: command 0x0c1a tx timeout [ 192.634241][ T7188] syz.0.338 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 192.656850][ T5840] Bluetooth: hci1: command 0x0c1a tx timeout [ 192.695625][ T7188] CPU: 0 UID: 0 PID: 7188 Comm: syz.0.338 Tainted: G L syzkaller #0 PREEMPT(full) [ 192.695658][ T7188] Tainted: [L]=SOFTLOCKUP [ 192.695665][ T7188] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 192.695677][ T7188] Call Trace: [ 192.695684][ T7188] [ 192.695691][ T7188] dump_stack_lvl+0x16c/0x1f0 [ 192.695718][ T7188] dump_header+0x101/0x960 [ 192.695744][ T7188] oom_kill_process+0x176/0x910 [ 192.695770][ T7188] out_of_memory+0x350/0x1700 [ 192.695793][ T7188] ? __lock_acquire+0x436/0x2890 [ 192.695819][ T7188] ? __pfx_out_of_memory+0x10/0x10 [ 192.695870][ T7188] mem_cgroup_out_of_memory+0x118/0x130 [ 192.695914][ T7188] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 192.695957][ T7188] ? do_raw_spin_unlock+0x172/0x230 [ 192.695987][ T7188] try_charge_memcg+0x695/0xd30 [ 192.696027][ T7188] ? __pfx_try_charge_memcg+0x10/0x10 [ 192.696061][ T7188] ? __print_lock_name+0x61/0xe0 [ 192.696091][ T7188] ? rcu_read_unlock+0x17/0x60 [ 192.696134][ T7188] charge_memcg+0x8a/0x230 [ 192.696168][ T7188] __mem_cgroup_charge+0x2b/0x1e0 [ 192.696191][ T7188] do_anonymous_page+0xca9/0x2190 [ 192.696224][ T7188] __handle_mm_fault+0x1ecf/0x2bb0 [ 192.696254][ T7188] ? __pfx___handle_mm_fault+0x10/0x10 [ 192.696279][ T7188] ? __pte_offset_map_lock+0x174/0x310 [ 192.696311][ T7188] ? find_held_lock+0x2b/0x80 [ 192.696348][ T7188] ? follow_page_pte+0x5cf/0x1390 [ 192.696387][ T7188] handle_mm_fault+0x3fe/0xad0 [ 192.696414][ T7188] __get_user_pages+0x54e/0x3590 [ 192.696459][ T7188] ? __pfx___get_user_pages+0x10/0x10 [ 192.696500][ T7188] populate_vma_page_range+0x267/0x3f0 [ 192.696537][ T7188] ? __pfx_populate_vma_page_range+0x10/0x10 [ 192.696578][ T7188] ? __pfx_find_vma_intersection+0x10/0x10 [ 192.696614][ T7188] ? do_mmap+0x69c/0x1210 [ 192.696650][ T7188] __mm_populate+0x1d8/0x380 [ 192.696687][ T7188] ? __pfx___mm_populate+0x10/0x10 [ 192.696725][ T7188] ? up_write+0x282/0x4e0 [ 192.696752][ T7188] vm_mmap_pgoff+0x37f/0x470 [ 192.696788][ T7188] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 192.696820][ T7188] ? fd_install+0x223/0x570 [ 192.696857][ T7188] ? __x64_sys_futex+0x1e0/0x4c0 [ 192.696883][ T7188] ? __x64_sys_futex+0x1e9/0x4c0 [ 192.696913][ T7188] ksys_mmap_pgoff+0x7d/0x5c0 [ 192.696945][ T7188] ? __pfx___do_sys_close_range+0x10/0x10 [ 192.696984][ T7188] __x64_sys_mmap+0x125/0x190 [ 192.697011][ T7188] do_syscall_64+0xcd/0xf80 [ 192.697038][ T7188] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 192.697060][ T7188] RIP: 0033:0x7f0004f8f7c9 [ 192.697090][ T7188] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 192.697110][ T7188] RSP: 002b:00007f0005e58038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 192.697130][ T7188] RAX: ffffffffffffffda RBX: 00007f00051e6090 RCX: 00007f0004f8f7c9 [ 192.697144][ T7188] RDX: 00000000000000df RSI: 0000000000400008 RDI: 0000000000000000 [ 192.697156][ T7188] RBP: 00007f0005013f91 R08: 0000000000000002 R09: 0000000000008000 [ 192.697169][ T7188] R10: 0000000000009b72 R11: 0000000000000246 R12: 0000000000000000 [ 192.697182][ T7188] R13: 00007f00051e6128 R14: 00007f00051e6090 R15: 00007ffdb4206488 [ 192.697209][ T7188] [ 193.040974][ T7188] memory: usage 3072kB, limit 3072kB, failcnt 23168 [ 193.051160][ T7188] memory+swap: usage 59232kB, limit 9007199254740988kB, failcnt 0 [ 193.115933][ T7188] kmem: usage 1932kB, limit 9007199254740988kB, failcnt 0 [ 193.133256][ T7188] Memory cgroup stats for /syz0: [ 193.133597][ T7188] cache 593920 [ 193.165925][ T7188] rss 536576 [ 193.169162][ T7188] rss_huge 0 [ 193.172357][ T7188] shmem 589824 [ 193.175749][ T7188] mapped_file 0 [ 193.206000][ T7188] dirty 0 [ 193.208991][ T7188] writeback 0 [ 193.212291][ T7188] workingset_refault_anon 942 [ 193.250963][ T7188] workingset_refault_file 2617 [ 193.255758][ T7188] swap 57507840 [ 193.294291][ T7188] swapcached 36864 [ 193.304457][ T7188] pgpgin 124692 [ 193.318219][ T7188] pgpgout 124407 [ 193.321899][ T7188] pgfault 96648 [ 193.325352][ T7188] pgmajfault 650 [ 193.356004][ T7188] inactive_anon 425984 [ 193.360123][ T7188] active_anon 737280 [ 193.364036][ T7188] inactive_file 4096 [ 193.392057][ T7188] active_file 0 [ 193.395647][ T7188] unevictable 0 [ 193.407717][ T7188] hierarchical_memory_limit 3145728 [ 193.412928][ T7188] hierarchical_memsw_limit 9223372036854771712 [ 193.445943][ T7188] total_cache 593920 [ 193.449906][ T7188] total_rss 536576 [ 193.453652][ T7188] total_rss_huge 0 [ 193.468655][ T7188] total_shmem 589824 [ 193.476077][ T7188] total_mapped_file 0 [ 193.480089][ T7188] total_dirty 0 [ 193.483575][ T7188] total_writeback 0 [ 193.501773][ T7188] total_workingset_refault_anon 942 [ 193.522008][ T7188] total_workingset_refault_file 2617 [ 193.527476][ T7188] total_swap 57507840 [ 193.531522][ T7188] total_swapcached 36864 [ 193.535781][ T7188] total_pgpgin 124692 [ 193.554558][ T7188] total_pgpgout 124407 [ 193.565974][ T7188] total_pgfault 96648 [ 193.569991][ T7188] total_pgmajfault 650 [ 193.585924][ T7188] total_inactive_anon 425984 [ 193.590544][ T7188] total_active_anon 737280 [ 193.594973][ T7188] total_inactive_file 4096 [ 193.615929][ T7188] total_active_file 0 [ 193.619955][ T7188] total_unevictable 0 [ 193.623947][ T7188] anon_cost 0 [ 193.640908][ T7188] file_cost 0 [ 193.644226][ T7188] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz.0.285,pid=7007,uid=0 [ 193.685770][ T7188] Memory cgroup out of memory: Killed process 7007 (syz.0.285) total-vm:137112kB, anon-rss:1192kB, file-rss:42772kB, shmem-rss:128kB, UID:0 pgtables:252kB oom_score_adj:1000 [ 194.015999][ T5840] Bluetooth: hci2: command 0x0c1a tx timeout [ 196.096021][ T5840] Bluetooth: hci2: command 0x0c1a tx timeout [ 197.344277][ T7260] netlink: 28 bytes leftover after parsing attributes in process `syz.1.348'. [ 197.419854][ T7260] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 197.512393][ T7260] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 197.847603][ T7260] bond0 (unregistering): Released all slaves [ 199.220224][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 199.226965][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 200.407740][ T7295] netlink: 326 bytes leftover after parsing attributes in process `syz.0.357'. [ 201.241204][ T30] audit: type=1800 audit(4294967358.570:4): pid=7303 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.367" name="dbroot" dev="configfs" ino=15999 res=0 errno=0 [ 202.853781][ T7316] Invalid ELF header magic: != ELF [ 203.509465][ T7329] netlink: 334 bytes leftover after parsing attributes in process `syz.1.365'. [ 206.300984][ T7346] FAULT_INJECTION: forcing a failure. [ 206.300984][ T7346] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 206.349247][ T7346] CPU: 0 UID: 0 PID: 7346 Comm: syz.1.370 Tainted: G L syzkaller #0 PREEMPT(full) [ 206.349279][ T7346] Tainted: [L]=SOFTLOCKUP [ 206.349286][ T7346] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 206.349298][ T7346] Call Trace: [ 206.349305][ T7346] [ 206.349312][ T7346] dump_stack_lvl+0x16c/0x1f0 [ 206.349337][ T7346] should_fail_ex+0x512/0x640 [ 206.349370][ T7346] should_fail_alloc_page+0xe7/0x130 [ 206.349404][ T7346] prepare_alloc_pages+0x401/0x670 [ 206.349436][ T7346] ? finish_task_switch.isra.0+0x202/0xbd0 [ 206.349468][ T7346] __alloc_frozen_pages_noprof+0x18b/0x2430 [ 206.349494][ T7346] ? finish_task_switch.isra.0+0x2e0/0xbd0 [ 206.349522][ T7346] ? rcu_is_watching+0x12/0xc0 [ 206.349550][ T7346] ? trace_sched_exit_tp+0xd1/0x110 [ 206.349579][ T7346] ? __schedule+0x10b9/0x6150 [ 206.349602][ T7346] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 206.349639][ T7346] ? find_held_lock+0x2b/0x80 [ 206.349666][ T7346] ? aa_file_perm+0x29e/0x1560 [ 206.349684][ T7346] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 206.349717][ T7346] ? policy_nodemask+0xea/0x4e0 [ 206.349749][ T7346] alloc_pages_mpol+0x1fb/0x550 [ 206.349780][ T7346] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 206.349811][ T7346] ? __pfx_aa_file_perm+0x10/0x10 [ 206.349830][ T7346] ? __lock_acquire+0x436/0x2890 [ 206.349852][ T7346] ___kmalloc_large_node+0x10c/0x150 [ 206.349888][ T7346] __kmalloc_large_noprof+0x1c/0x70 [ 206.349922][ T7346] nsim_dev_take_snapshot_write+0xa6/0x1f0 [ 206.349949][ T7346] ? __debugfs_file_get+0x1fe/0x840 [ 206.349972][ T7346] ? __pfx_nsim_dev_take_snapshot_write+0x10/0x10 [ 206.350006][ T7346] full_proxy_write+0x131/0x1a0 [ 206.350031][ T7346] ? __pfx_full_proxy_write+0x10/0x10 [ 206.350053][ T7346] vfs_write+0x2a0/0x11d0 [ 206.350084][ T7346] ? __pfx___mutex_lock+0x10/0x10 [ 206.350109][ T7346] ? __pfx_vfs_write+0x10/0x10 [ 206.350144][ T7346] ? __fget_files+0x20e/0x3c0 [ 206.350179][ T7346] ksys_write+0x12a/0x250 [ 206.350214][ T7346] ? __pfx_ksys_write+0x10/0x10 [ 206.350250][ T7346] do_syscall_64+0xcd/0xf80 [ 206.350274][ T7346] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 206.350295][ T7346] RIP: 0033:0x7fa52118f7c9 [ 206.350311][ T7346] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 206.350330][ T7346] RSP: 002b:00007fa522066038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 206.350349][ T7346] RAX: ffffffffffffffda RBX: 00007fa5213e6090 RCX: 00007fa52118f7c9 [ 206.350362][ T7346] RDX: 000000000000fdef RSI: 0000000000000000 RDI: 0000000000000003 [ 206.350374][ T7346] RBP: 00007fa521213f91 R08: 0000000000000000 R09: 0000000000000000 [ 206.350387][ T7346] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 206.350398][ T7346] R13: 00007fa5213e6128 R14: 00007fa5213e6090 R15: 00007ffc0e494858 [ 206.350424][ T7346] [ 207.243240][ T7352] Console: switching to colour VGA+ 80x25 [ 207.493601][ T7354] Console: switching to colour frame buffer device 128x48 [ 209.323026][ T7372] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 212.291746][ T7405] Console: switching to colour VGA+ 80x25 [ 212.528683][ T7406] Console: switching to colour frame buffer device 128x48 [ 215.054206][ T7436] netlink: 25 bytes leftover after parsing attributes in process `syz.2.392'. [ 216.938121][ T7452] FAULT_INJECTION: forcing a failure. [ 216.938121][ T7452] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 216.961099][ T7452] CPU: 0 UID: 0 PID: 7452 Comm: syz.2.397 Tainted: G L syzkaller #0 PREEMPT(full) [ 216.961130][ T7452] Tainted: [L]=SOFTLOCKUP [ 216.961138][ T7452] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 216.961150][ T7452] Call Trace: [ 216.961156][ T7452] [ 216.961163][ T7452] dump_stack_lvl+0x16c/0x1f0 [ 216.961188][ T7452] should_fail_ex+0x512/0x640 [ 216.961220][ T7452] should_fail_alloc_page+0xe7/0x130 [ 216.961253][ T7452] prepare_alloc_pages+0x401/0x670 [ 216.961283][ T7452] ? finish_task_switch.isra.0+0x202/0xbd0 [ 216.961314][ T7452] __alloc_frozen_pages_noprof+0x18b/0x2430 [ 216.961345][ T7452] ? finish_task_switch.isra.0+0x2e0/0xbd0 [ 216.961375][ T7452] ? rcu_is_watching+0x12/0xc0 [ 216.961404][ T7452] ? trace_sched_exit_tp+0xd1/0x110 [ 216.961434][ T7452] ? __schedule+0x10b9/0x6150 [ 216.961458][ T7452] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 216.961507][ T7452] ? find_held_lock+0x2b/0x80 [ 216.961545][ T7452] ? aa_file_perm+0x29e/0x1560 [ 216.961574][ T7452] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 216.961609][ T7452] ? policy_nodemask+0xea/0x4e0 [ 216.961642][ T7452] alloc_pages_mpol+0x1fb/0x550 [ 216.961674][ T7452] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 216.961705][ T7452] ? __pfx_aa_file_perm+0x10/0x10 [ 216.961723][ T7452] ? __lock_acquire+0x436/0x2890 [ 216.961746][ T7452] ___kmalloc_large_node+0x10c/0x150 [ 216.961782][ T7452] __kmalloc_large_noprof+0x1c/0x70 [ 216.961816][ T7452] nsim_dev_take_snapshot_write+0xa6/0x1f0 [ 216.961843][ T7452] ? __debugfs_file_get+0x1fe/0x840 [ 216.961866][ T7452] ? __pfx_nsim_dev_take_snapshot_write+0x10/0x10 [ 216.961901][ T7452] full_proxy_write+0x131/0x1a0 [ 216.961925][ T7452] ? __pfx_full_proxy_write+0x10/0x10 [ 216.961947][ T7452] vfs_write+0x2a0/0x11d0 [ 216.961978][ T7452] ? __pfx___mutex_lock+0x10/0x10 [ 216.962003][ T7452] ? __pfx_vfs_write+0x10/0x10 [ 216.962038][ T7452] ? __fget_files+0x20e/0x3c0 [ 216.962085][ T7452] ksys_write+0x12a/0x250 [ 216.962132][ T7452] ? __pfx_ksys_write+0x10/0x10 [ 216.962171][ T7452] do_syscall_64+0xcd/0xf80 [ 216.962196][ T7452] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 216.962218][ T7452] RIP: 0033:0x7f985878f7c9 [ 216.962234][ T7452] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 216.962255][ T7452] RSP: 002b:00007f98595ab038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 216.962275][ T7452] RAX: ffffffffffffffda RBX: 00007f98589e6090 RCX: 00007f985878f7c9 [ 216.962290][ T7452] RDX: 000000000000fdef RSI: 0000000000000000 RDI: 0000000000000003 [ 216.962303][ T7452] RBP: 00007f9858813f91 R08: 0000000000000000 R09: 0000000000000000 [ 216.962316][ T7452] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 216.962329][ T7452] R13: 00007f98589e6128 R14: 00007f98589e6090 R15: 00007fffc3a7a578 [ 216.962366][ T7452] [ 217.650547][ T7459] netlink: 334 bytes leftover after parsing attributes in process `syz.0.400'. [ 219.392573][ T7488] netlink: 6 bytes leftover after parsing attributes in process `syz.1.408'. [ 221.028768][ T7504] netlink: 25 bytes leftover after parsing attributes in process `syz.2.414'. [ 221.958658][ T7529] FAULT_INJECTION: forcing a failure. [ 221.958658][ T7529] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 221.986439][ T7529] CPU: 1 UID: 0 PID: 7529 Comm: syz.2.424 Tainted: G L syzkaller #0 PREEMPT(full) [ 221.986486][ T7529] Tainted: [L]=SOFTLOCKUP [ 221.986496][ T7529] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 221.986514][ T7529] Call Trace: [ 221.986524][ T7529] [ 221.986535][ T7529] dump_stack_lvl+0x16c/0x1f0 [ 221.986572][ T7529] should_fail_ex+0x512/0x640 [ 221.986619][ T7529] should_fail_alloc_page+0xe7/0x130 [ 221.986668][ T7529] prepare_alloc_pages+0x401/0x670 [ 221.986713][ T7529] ? rcu_is_watching+0x12/0xc0 [ 221.986759][ T7529] __alloc_frozen_pages_noprof+0x18b/0x2430 [ 221.986800][ T7529] ? __lock_acquire+0x436/0x2890 [ 221.986852][ T7529] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 221.986890][ T7529] ? do_raw_spin_lock+0x12c/0x2b0 [ 221.986925][ T7529] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 221.986960][ T7529] ? find_held_lock+0x2b/0x80 [ 221.987027][ T7529] ? __lock_acquire+0x436/0x2890 [ 221.987057][ T7529] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 221.987118][ T7529] ? policy_nodemask+0xea/0x4e0 [ 221.987177][ T7529] alloc_pages_mpol+0x1fb/0x550 [ 221.987222][ T7529] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 221.987275][ T7529] folio_alloc_mpol_noprof+0x36/0x2f0 [ 221.987306][ T7529] shmem_alloc_folio+0x135/0x160 [ 221.987353][ T7529] shmem_alloc_and_add_folio+0x494/0xc20 [ 221.987394][ T7529] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 221.987429][ T7529] ? shmem_allowable_huge_orders+0xd4/0x3f0 [ 221.987469][ T7529] shmem_get_folio_gfp+0x67f/0x1610 [ 221.987508][ T7529] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 221.987540][ T7529] ? filemap_map_pages+0x12dd/0x1e00 [ 221.987578][ T7529] shmem_fault+0x1fe/0xa00 [ 221.987612][ T7529] ? __pfx_shmem_fault+0x10/0x10 [ 221.987649][ T7529] ? __pfx_filemap_map_pages+0x10/0x10 [ 221.987690][ T7529] ? __pfx_filemap_map_pages+0x10/0x10 [ 221.987719][ T7529] __do_fault+0x10d/0x490 [ 221.987755][ T7529] ? __pfx_filemap_map_pages+0x10/0x10 [ 221.987785][ T7529] do_fault+0xae4/0x1ad0 [ 221.987847][ T7529] ? __pfx_filemap_map_pages+0x10/0x10 [ 221.987888][ T7529] __handle_mm_fault+0x1919/0x2bb0 [ 221.987930][ T7529] ? __pfx___handle_mm_fault+0x10/0x10 [ 221.987983][ T7529] ? find_vma+0xbf/0x140 [ 221.988021][ T7529] ? __pfx_find_vma+0x10/0x10 [ 221.988067][ T7529] handle_mm_fault+0x3fe/0xad0 [ 221.988105][ T7529] do_user_addr_fault+0x7a6/0x1370 [ 221.988146][ T7529] ? rcu_is_watching+0x12/0xc0 [ 221.988191][ T7529] exc_page_fault+0x64/0xc0 [ 221.988224][ T7529] asm_exc_page_fault+0x26/0x30 [ 221.988254][ T7529] RIP: 0010:rep_movs_alternative+0x4a/0x90 [ 221.988296][ T7529] Code: 81 04 00 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 73 e8 eb c5 a4 e9 4f 81 04 00 48 8b 06 48 89 07 48 8d 47 08 48 83 e0 f8 48 [ 221.988325][ T7529] RSP: 0018:ffffc900190ff898 EFLAGS: 00050206 [ 221.988349][ T7529] RAX: 0000000000000001 RBX: 0000000000001000 RCX: 0000000000001000 [ 221.988368][ T7529] RDX: 0000000000000000 RSI: 000000000000e000 RDI: ffff888076942000 [ 221.988386][ T7529] RBP: 0000000000000000 R08: 0000000000000001 R09: ffffed100ed285ff [ 221.988405][ T7529] R10: ffff888076942fff R11: 0000000000000000 R12: 000000000000e000 [ 221.988424][ T7529] R13: ffffea0001da5080 R14: ffffc900190ffd28 R15: ffff888076942000 [ 221.988464][ T7529] _copy_from_iter+0x355/0x16c0 [ 221.988511][ T7529] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 221.988561][ T7529] ? __pfx__copy_from_iter+0x10/0x10 [ 221.988606][ T7529] ? alloc_pages_mpol+0x25a/0x550 [ 221.988652][ T7529] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 221.988725][ T7529] copy_page_from_iter+0xde/0x180 [ 221.988776][ T7529] anon_pipe_write+0xed5/0x1bd0 [ 221.988836][ T7529] ? aa_file_perm+0x1b0/0x1560 [ 221.988878][ T7529] ? __pfx_anon_pipe_write+0x10/0x10 [ 221.988925][ T7529] ? __pfx_aa_file_perm+0x10/0x10 [ 221.988958][ T7529] ? preempt_schedule_thunk+0x16/0x30 [ 221.988991][ T7529] ? preempt_schedule_common+0x44/0xc0 [ 221.989026][ T7529] ? preempt_schedule_thunk+0x16/0x30 [ 221.989062][ T7529] do_iter_readv_writev+0x662/0x9e0 [ 221.989107][ T7529] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 221.989149][ T7529] ? common_file_perm+0x1b1/0x500 [ 221.989201][ T7529] ? bpf_lsm_file_permission+0x9/0x10 [ 221.989237][ T7529] ? security_file_permission+0x71/0x210 [ 221.989289][ T7529] ? rw_verify_area+0xcf/0x6c0 [ 221.989334][ T7529] vfs_writev+0x35f/0xde0 [ 221.989381][ T7529] ? __lock_acquire+0x436/0x2890 [ 221.989413][ T7529] ? __pfx_vfs_writev+0x10/0x10 [ 221.989486][ T7529] ? __fget_files+0x20e/0x3c0 [ 221.989543][ T7529] ? do_writev+0x28c/0x340 [ 221.989583][ T7529] do_writev+0x28c/0x340 [ 221.989626][ T7529] ? __pfx_do_writev+0x10/0x10 [ 221.989680][ T7529] do_syscall_64+0xcd/0xf80 [ 221.989717][ T7529] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 221.989748][ T7529] RIP: 0033:0x7f985878f7c9 [ 221.989774][ T7529] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 221.989804][ T7529] RSP: 002b:00007f98595cc038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 221.989839][ T7529] RAX: ffffffffffffffda RBX: 00007f98589e5fa0 RCX: 00007f985878f7c9 [ 221.989861][ T7529] RDX: 0000000000000001 RSI: 0000200000000100 RDI: 0000000000000001 [ 221.989880][ T7529] RBP: 00007f9858813f91 R08: 0000000000000000 R09: 0000000000000000 [ 221.989900][ T7529] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 221.989919][ T7529] R13: 00007f98589e6038 R14: 00007f98589e5fa0 R15: 00007fffc3a7a578 [ 221.989961][ T7529] [ 222.781552][ T7536] crash hp: kexec_trylock() failed, kdump image may be inaccurate [ 223.158187][ T7542] binder: BINDER_SET_CONTEXT_MGR already set [ 223.199429][ T7542] binder: 7537:7542 ioctl 4018620d 9 returned -16 [ 223.244787][ T6992] syz.3.279 (6992) used greatest stack depth: 18024 bytes left [ 224.296468][ T7534] kexec: Could not allocate control_code_buffer [ 224.552112][ T7557] blktrace: Concurrent blktraces are not allowed on nbd8 [ 224.796877][ T7572] netlink: 338 bytes leftover after parsing attributes in process `syz.0.437'. [ 224.842723][ T7572] net veth1_virt_wifi virt_wifi0: left promiscuous mode [ 224.886021][ T7572] net veth1_virt_wifi virt_wifi0: left allmulticast mode [ 224.935465][ T7567] kvm: kvm [7566]: vcpu2, guest rIP: 0xfff0 Unhandled WRMSR(0xc1) = 0x2 [ 224.997937][ T7576] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input8 [ 225.251280][ T7577] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input9 [ 225.308275][ T7576] netlink: 8 bytes leftover after parsing attributes in process `syz.2.439'. [ 226.452491][ T7610] ima: policy update failed [ 226.461074][ T7610] netlink: 25 bytes leftover after parsing attributes in process `syz.1.447'. [ 226.471100][ T30] audit: type=1802 audit(4294967383.790:5): pid=7610 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.1.447" res=0 errno=0 [ 227.688830][ T7634] can0: slcan on ptm0. [ 227.877032][ T7632] can0 (unregistered): slcan off ptm0. [ 228.513618][ T7659] random: crng reseeded on system resumption [ 229.183474][ T7675] scsi_strcpy_devinfo: vendor string '/&c~n] | [ 229.183474][ T7675] M' is too long [ 229.222169][ T7675] scsi_strcpy_devinfo: model string 'Dd5 K2b [ 229.222169][ T7675] W ' is too long [ 229.866798][ T7695] FAULT_INJECTION: forcing a failure. [ 229.866798][ T7695] name failslab, interval 1, probability 0, space 0, times 0 [ 229.924728][ T7695] CPU: 1 UID: 0 PID: 7695 Comm: syz.1.468 Tainted: G L syzkaller #0 PREEMPT(full) [ 229.924773][ T7695] Tainted: [L]=SOFTLOCKUP [ 229.924784][ T7695] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 229.924800][ T7695] Call Trace: [ 229.924809][ T7695] [ 229.924820][ T7695] dump_stack_lvl+0x16c/0x1f0 [ 229.924856][ T7695] should_fail_ex+0x512/0x640 [ 229.924897][ T7695] ? __kmalloc_cache_noprof+0x5f/0x800 [ 229.924934][ T7695] should_failslab+0xc2/0x120 [ 229.924978][ T7695] __kmalloc_cache_noprof+0x80/0x800 [ 229.925011][ T7695] ? drm_atomic_helper_setup_commit+0x8d7/0x15d0 [ 229.925088][ T7695] ? drm_atomic_helper_setup_commit+0x8d7/0x15d0 [ 229.925132][ T7695] ? _raw_spin_unlock+0x28/0x50 [ 229.925181][ T7695] drm_atomic_helper_setup_commit+0x8d7/0x15d0 [ 229.925253][ T7695] drm_atomic_helper_commit+0xa9/0x380 [ 229.925297][ T7695] ? __pfx_drm_atomic_helper_commit+0x10/0x10 [ 229.925340][ T7695] drm_atomic_commit+0x234/0x300 [ 229.925380][ T7695] ? __pfx_drm_atomic_commit+0x10/0x10 [ 229.925418][ T7695] ? __pfx___drm_printfn_info+0x10/0x10 [ 229.925472][ T7695] ? drm_client_rotation+0x4da/0x6a0 [ 229.925536][ T7695] drm_client_modeset_commit_atomic+0x69d/0x7e0 [ 229.925591][ T7695] ? __mutex_lock+0x27b/0x1ca0 [ 229.925622][ T7695] ? __pfx_drm_client_modeset_commit_atomic+0x10/0x10 [ 229.925666][ T7695] ? trace_contention_end+0xdd/0x110 [ 229.925730][ T7695] drm_client_modeset_commit_locked+0x14d/0x580 [ 229.925782][ T7695] drm_client_modeset_commit+0x4f/0x80 [ 229.925828][ T7695] __drm_fb_helper_restore_fbdev_mode_unlocked.part.0+0x137/0x160 [ 229.925876][ T7695] drm_fb_helper_restore_fbdev_mode_unlocked+0x93/0xc0 [ 229.925928][ T7695] drm_fbdev_client_restore+0x1b/0x30 [ 229.925981][ T7695] ? __pfx_drm_fbdev_client_restore+0x10/0x10 [ 229.926030][ T7695] drm_client_dev_restore+0x200/0x2a0 [ 229.926086][ T7695] drm_release+0x2c6/0x360 [ 229.926132][ T7695] ? __pfx_drm_release+0x10/0x10 [ 229.926171][ T7695] __fput+0x402/0xb70 [ 229.926211][ T7695] task_work_run+0x150/0x240 [ 229.926246][ T7695] ? __pfx_task_work_run+0x10/0x10 [ 229.926277][ T7695] ? __do_sys_close_range+0x278/0x730 [ 229.926334][ T7695] exit_to_user_mode_loop+0xfb/0x540 [ 229.926376][ T7695] do_syscall_64+0x4ee/0xf80 [ 229.926431][ T7695] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 229.926464][ T7695] RIP: 0033:0x7fa52118f7c9 [ 229.926489][ T7695] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 229.926520][ T7695] RSP: 002b:00007fa522087038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 229.926550][ T7695] RAX: 0000000000000000 RBX: 00007fa5213e5fa0 RCX: 00007fa52118f7c9 [ 229.926570][ T7695] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 229.926589][ T7695] RBP: 00007fa521213f91 R08: 0000000000000000 R09: 0000000000000000 [ 229.926609][ T7695] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 229.926628][ T7695] R13: 00007fa5213e6038 R14: 00007fa5213e5fa0 R15: 00007ffc0e494858 [ 229.926673][ T7695] [ 230.716017][ T7690] FAULT_INJECTION: forcing a failure. [ 230.716017][ T7690] name failslab, interval 1, probability 0, space 0, times 0 [ 230.728884][ T7690] CPU: 1 UID: 0 PID: 7690 Comm: syz.3.469 Tainted: G L syzkaller #0 PREEMPT(full) [ 230.728933][ T7690] Tainted: [L]=SOFTLOCKUP [ 230.728944][ T7690] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 230.728968][ T7690] Call Trace: [ 230.728978][ T7690] [ 230.728990][ T7690] dump_stack_lvl+0x16c/0x1f0 [ 230.729027][ T7690] should_fail_ex+0x512/0x640 [ 230.729069][ T7690] ? kmem_cache_alloc_noprof+0x62/0x770 [ 230.729107][ T7690] should_failslab+0xc2/0x120 [ 230.729152][ T7690] kmem_cache_alloc_noprof+0x83/0x770 [ 230.729185][ T7690] ? cred_alloc_blank+0x1c/0xa0 [ 230.729223][ T7690] ? cred_alloc_blank+0x1c/0xa0 [ 230.729253][ T7690] cred_alloc_blank+0x1c/0xa0 [ 230.729285][ T7690] keyctl_session_to_parent+0x55/0xaf0 [ 230.729330][ T7690] __do_sys_keyctl+0x25c/0x590 [ 230.729382][ T7690] do_syscall_64+0xcd/0xf80 [ 230.729414][ T7690] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 230.729442][ T7690] RIP: 0033:0x7feba478f7c9 [ 230.729464][ T7690] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 230.729492][ T7690] RSP: 002b:00007feba560e038 EFLAGS: 00000246 ORIG_RAX: 00000000000000fa [ 230.729519][ T7690] RAX: ffffffffffffffda RBX: 00007feba49e5fa0 RCX: 00007feba478f7c9 [ 230.729537][ T7690] RDX: fffffffffffffffd RSI: fffffffffffffffc RDI: 0000000000000012 [ 230.729555][ T7690] RBP: 00007feba4813f91 R08: 0000000000000001 R09: 0000000000000000 [ 230.729573][ T7690] R10: fffffffffffffffd R11: 0000000000000246 R12: 0000000000000000 [ 230.729590][ T7690] R13: 00007feba49e6038 R14: 00007feba49e5fa0 R15: 00007fff35ae4a78 [ 230.729628][ T7690] [ 232.416008][ T5840] Bluetooth: hci4: Entering manufacturer mode failed (-110) [ 232.416218][ T5837] Bluetooth: hci4: command 0xfc11 tx timeout [ 234.601404][ T7760] FAULT_INJECTION: forcing a failure. [ 234.601404][ T7760] name fail_futex, interval 1, probability 0, space 0, times 1 [ 234.708470][ T7760] CPU: 0 UID: 0 PID: 7760 Comm: syz.2.482 Tainted: G L syzkaller #0 PREEMPT(full) [ 234.708520][ T7760] Tainted: [L]=SOFTLOCKUP [ 234.708531][ T7760] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 234.708550][ T7760] Call Trace: [ 234.708560][ T7760] [ 234.708572][ T7760] dump_stack_lvl+0x16c/0x1f0 [ 234.708612][ T7760] should_fail_ex+0x512/0x640 [ 234.708662][ T7760] get_futex_key+0x1d0/0x15f0 [ 234.708697][ T7760] ? kasan_save_stack+0x42/0x60 [ 234.708737][ T7760] ? kasan_save_stack+0x33/0x60 [ 234.708777][ T7760] ? __pfx_get_futex_key+0x10/0x10 [ 234.708805][ T7760] ? __do_sys_keyctl+0x25c/0x590 [ 234.708844][ T7760] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 234.708888][ T7760] futex_wake+0xea/0x530 [ 234.708931][ T7760] ? __pfx_futex_wake+0x10/0x10 [ 234.708988][ T7760] do_futex+0x1e3/0x350 [ 234.709021][ T7760] ? __pfx_do_futex+0x10/0x10 [ 234.709053][ T7760] ? kick_process+0xf6/0x1b0 [ 234.709094][ T7760] __x64_sys_futex+0x1e0/0x4c0 [ 234.709134][ T7760] ? __pfx___x64_sys_futex+0x10/0x10 [ 234.709170][ T7760] ? keyctl_session_to_parent+0x39a/0xaf0 [ 234.709221][ T7760] do_syscall_64+0xcd/0xf80 [ 234.709256][ T7760] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 234.709286][ T7760] RIP: 0033:0x7f985878f7c9 [ 234.709319][ T7760] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 234.709349][ T7760] RSP: 002b:00007f98595cc0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 234.709379][ T7760] RAX: ffffffffffffffda RBX: 00007f98589e5fa8 RCX: 00007f985878f7c9 [ 234.709399][ T7760] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f98589e5fac [ 234.709418][ T7760] RBP: 00007f98589e5fa0 R08: 00007f98595cd000 R09: 0000000000000000 [ 234.709436][ T7760] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 234.709454][ T7760] R13: 00007f98589e6038 R14: 00007fffc3a7a490 R15: 00007fffc3a7a578 [ 234.709499][ T7760] [ 235.537297][ T7778] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input10 [ 235.769703][ T7779] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input11 [ 235.808288][ T7778] netlink: 8 bytes leftover after parsing attributes in process `syz.0.489'. [ 235.832037][ T7787] blktrace: Concurrent blktraces are not allowed on nbd8 [ 235.963903][ T7789] netlink: 4 bytes leftover after parsing attributes in process `syz.2.491'. [ 235.983390][ T3492] Bluetooth: hci4: Frame reassembly failed (-84) [ 236.641715][ T7799] [ 236.644184][ T7799] ====================================================== [ 236.651215][ T7799] WARNING: possible circular locking dependency detected [ 236.658242][ T7799] syzkaller #0 Tainted: G L [ 236.664236][ T7799] ------------------------------------------------------ [ 236.671262][ T7799] syz.0.496/7799 is trying to acquire lock: [ 236.677170][ T7799] ffff88807a37c8d8 ((work_completion)(&new_smc->smc_listen_work)){+.+.}-{0:0}, at: __flush_work+0x4d0/0xcc0 [ 236.688720][ T7799] [ 236.688720][ T7799] but task is already holding lock: [ 236.696094][ T7799] ffff88807a37b460 (sk_lock-AF_SMC/1){+.+.}-{0:0}, at: smc_release+0x3a5/0x620 [ 236.705116][ T7799] [ 236.705116][ T7799] which lock already depends on the new lock. [ 236.705116][ T7799] [ 236.715527][ T7799] [ 236.715527][ T7799] the existing dependency chain (in reverse order) is: [ 236.724548][ T7799] [ 236.724548][ T7799] -> #1 (sk_lock-AF_SMC/1){+.+.}-{0:0}: [ 236.732318][ T7799] lock_sock_nested+0x41/0xf0 [ 236.737558][ T7799] smc_listen_out+0x202/0x4a0 [ 236.742792][ T7799] smc_listen_work+0x5a3/0x50b0 [ 236.748202][ T7799] process_one_work+0x9ba/0x1b20 [ 236.753685][ T7799] worker_thread+0x6c8/0xf10 [ 236.758824][ T7799] kthread+0x3c5/0x780 [ 236.763435][ T7799] ret_from_fork+0x983/0xb10 [ 236.768563][ T7799] ret_from_fork_asm+0x1a/0x30 [ 236.773884][ T7799] [ 236.773884][ T7799] -> #0 ((work_completion)(&new_smc->smc_listen_work)){+.+.}-{0:0}: [ 236.784079][ T7799] __lock_acquire+0x1669/0x2890 [ 236.789472][ T7799] lock_acquire+0x179/0x330 [ 236.794514][ T7799] __flush_work+0x4e4/0xcc0 [ 236.799569][ T7799] cancel_work_sync+0xd1/0xf0 [ 236.804781][ T7799] smc_clcsock_release+0x5f/0xe0 [ 236.810264][ T7799] __smc_release+0x5c2/0x880 [ 236.815411][ T7799] smc_close_non_accepted+0xda/0x200 [ 236.821252][ T7799] smc_close_active+0xc3c/0x1070 [ 236.826746][ T7799] __smc_release+0x634/0x880 [ 236.831885][ T7799] smc_release+0x1fc/0x620 [ 236.836842][ T7799] __sock_release+0xb3/0x270 [ 236.841955][ T7799] sock_close+0x1c/0x30 [ 236.846633][ T7799] __fput+0x402/0xb70 [ 236.851165][ T7799] task_work_run+0x150/0x240 [ 236.856299][ T7799] exit_to_user_mode_loop+0xfb/0x540 [ 236.862130][ T7799] do_syscall_64+0x4ee/0xf80 [ 236.867263][ T7799] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 236.873692][ T7799] [ 236.873692][ T7799] other info that might help us debug this: [ 236.873692][ T7799] [ 236.883918][ T7799] Possible unsafe locking scenario: [ 236.883918][ T7799] [ 236.891369][ T7799] CPU0 CPU1 [ 236.896734][ T7799] ---- ---- [ 236.902104][ T7799] lock(sk_lock-AF_SMC/1); [ 236.906639][ T7799] lock((work_completion)(&new_smc->smc_listen_work)); [ 236.916123][ T7799] lock(sk_lock-AF_SMC/1); [ 236.923168][ T7799] lock((work_completion)(&new_smc->smc_listen_work)); [ 236.930111][ T7799] [ 236.930111][ T7799] *** DEADLOCK *** [ 236.930111][ T7799] [ 236.938253][ T7799] 3 locks held by syz.0.496/7799: [ 236.943276][ T7799] #0: ffff88805ce3bb88 (&sb->s_type->i_mutex_key#13){+.+.}-{4:4}, at: __sock_release+0x86/0x270 [ 236.953861][ T7799] #1: ffff88807a37b460 (sk_lock-AF_SMC/1){+.+.}-{0:0}, at: smc_release+0x3a5/0x620 [ 236.963305][ T7799] #2: ffffffff8e3c94a0 (rcu_read_lock){....}-{1:3}, at: __flush_work+0xfb/0xcc0 [ 236.972472][ T7799] [ 236.972472][ T7799] stack backtrace: [ 236.978366][ T7799] CPU: 1 UID: 0 PID: 7799 Comm: syz.0.496 Tainted: G L syzkaller #0 PREEMPT(full) [ 236.978401][ T7799] Tainted: [L]=SOFTLOCKUP [ 236.978409][ T7799] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 236.978424][ T7799] Call Trace: [ 236.978432][ T7799] [ 236.978442][ T7799] dump_stack_lvl+0x116/0x1f0 [ 236.978469][ T7799] print_circular_bug+0x275/0x340 [ 236.978509][ T7799] check_noncircular+0x146/0x160 [ 236.978551][ T7799] __lock_acquire+0x1669/0x2890 [ 236.978575][ T7799] ? __debug_object_init+0x2de/0x3d0 [ 236.978605][ T7799] lock_acquire+0x179/0x330 [ 236.978625][ T7799] ? __flush_work+0x4d0/0xcc0 [ 236.978655][ T7799] ? mark_held_locks+0x49/0x80 [ 236.978676][ T7799] ? __flush_work+0x4d0/0xcc0 [ 236.978705][ T7799] __flush_work+0x4e4/0xcc0 [ 236.978742][ T7799] ? __flush_work+0x4d0/0xcc0 [ 236.978771][ T7799] ? __pfx___flush_work+0x10/0x10 [ 236.978799][ T7799] ? __pfx_wq_barrier_func+0x10/0x10 [ 236.978836][ T7799] ? do_raw_spin_lock+0x12c/0x2b0 [ 236.978862][ T7799] ? __pfx___might_resched+0x10/0x10 [ 236.978915][ T7799] cancel_work_sync+0xd1/0xf0 [ 236.978948][ T7799] smc_clcsock_release+0x5f/0xe0 [ 236.978996][ T7799] __smc_release+0x5c2/0x880 [ 236.979030][ T7799] ? __pfx_sock_def_readable+0x10/0x10 [ 236.979063][ T7799] smc_close_non_accepted+0xda/0x200 [ 236.979101][ T7799] smc_close_active+0xc3c/0x1070 [ 236.979139][ T7799] __smc_release+0x634/0x880 [ 236.979173][ T7799] smc_release+0x1fc/0x620 [ 236.979204][ T7799] ? kmem_cache_free+0x8a/0x770 [ 236.979234][ T7799] __sock_release+0xb3/0x270 [ 236.979255][ T7799] ? __pfx_sock_close+0x10/0x10 [ 236.979274][ T7799] sock_close+0x1c/0x30 [ 236.979293][ T7799] __fput+0x402/0xb70 [ 236.979314][ T7799] ? _raw_spin_unlock_irq+0x23/0x50 [ 236.979342][ T7799] task_work_run+0x150/0x240 [ 236.979367][ T7799] ? __pfx_task_work_run+0x10/0x10 [ 236.979390][ T7799] ? __do_sys_close_range+0x278/0x730 [ 236.979430][ T7799] exit_to_user_mode_loop+0xfb/0x540 [ 236.979459][ T7799] do_syscall_64+0x4ee/0xf80 [ 236.979484][ T7799] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 236.979508][ T7799] RIP: 0033:0x7f0004f8f7c9 [ 236.979526][ T7799] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 236.979548][ T7799] RSP: 002b:00007ffdb42065e8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 236.979569][ T7799] RAX: 0000000000000000 RBX: 0000000000039be7 RCX: 00007f0004f8f7c9 [ 236.979583][ T7799] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 236.979597][ T7799] RBP: 00007f00051e7da0 R08: 0000000000000001 R09: 0000000fb42068df [ 236.979611][ T7799] R10: 0000001b30020000 R11: 0000000000000246 R12: 00007f00051e5fac [ 236.979625][ T7799] R13: 00007f00051e5fa0 R14: ffffffffffffffff R15: 00007ffdb4206700 [ 236.979648][ T7799] [ 237.275962][ T7797] caif:caif_disconnect_client(): nothing to disconnect [ 238.015946][ T5840] Bluetooth: hci4: Entering manufacturer mode failed (-110) [ 238.016727][ T5837] Bluetooth: hci4: command 0xfc11 tx timeout [ 238.031221][ T7775] caif:caif_disconnect_client(): nothing to disconnect