last executing test programs: 3m41.789408292s ago: executing program 3 (id=991): unshare$auto(0x40000080) r0 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(0xffffffffffffffff, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) socket(0x2c, 0x1, 0x0) listen$auto(0x3, 0x81) r1 = socket(0x10, 0x2, 0x0) fcntl$auto_F_NOTIFY(r1, 0x402, 0x9000) ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) mremap$auto(0x1ff000, 0x100005, 0x843, 0x3, 0x2) r2 = fsopen$auto(0x0, 0x1) shutdown$auto(0x200000003, 0x2) recvfrom$auto(0x4, 0x0, 0x101d0, 0x3ffffd, 0x0, 0x0) madvise$auto(0x0, 0x2003f2, 0x15) sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000003c0)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16, @ANYBLOB="2f212cbd7000fcdbdf252100000008000300", @ANYRES32=0xffffffffffffffff, @ANYBLOB="10002c8008004b0020f598629c"], 0x2c}}, 0x4000000) sendmsg$auto_NL80211_CMD_SET_COALESCE(r0, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000500)=ANY=[@ANYBLOB="24000095b74433aa998d17771d74a1148cf0bf8a914513ebe6e243d96591e20eb925907647b95060b8aade3e7042b8ef21e45a650795138064080400f12e7cc1627f05c33dbe94089aadef40543db4b1360bf569e13729819616d964c2a33a45da030cbfbd2e", @ANYBLOB="000125bd7000ffdbdf25650000000600ed000700000008000c0104000000", @ANYRES64=r3, @ANYRES32], 0x24}, 0x1, 0x0, 0x0, 0x80}, 0x80) openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000001c80)='/dev/fb0\x00', 0x20401, 0x0) mmap$auto(0x0, 0x810004, 0x400000000ffb, 0x8000000008011, 0x3, 0x8000) openat$auto_mon_fops_text_t_mon_text(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/usb/usbmon/2t\x00', 0xa00, 0x0) openat$auto_mon_fops_text_t_mon_text(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/usb/usbmon/36u\x00', 0x26040, 0x0) close_range$auto(0x2, 0x8, 0x0) ioctl$auto_USBDEVFS_CLAIMINTERFACE(r2, 0x8004550f, &(0x7f0000000080)=0x5) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup.cpu/memory.limit_in_bytes\x00', 0x182b02, 0x0) sendfile$auto(r4, r4, 0x0, 0x3) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0xa, 0x0) socket(0x10, 0x2, 0xc) close_range$auto(0x2, 0x8, 0x0) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) fanotify_init$auto(0x65, 0x2) 3m40.518397841s ago: executing program 3 (id=996): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ovs_packet(0x0, 0xffffffffffffffff) (async, rerun: 64) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)=ANY=[], 0x44}, 0x1, 0x0, 0x0, 0x50}, 0xc800) (async, rerun: 64) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) (async) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000440)='/sys/devices/platform/vhci_hcd.8/usb26/power/wakeup_expire_count\x00', 0x2982, 0x0) r1 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mq_timedsend$auto(r1, 0x0, 0x2, 0x9, 0x0) open_tree$auto(r1, &(0x7f0000000140)='./file0\x00', 0x6) (async) getsockopt$auto_SO_REUSEPORT(r1, 0x5b, 0xf, &(0x7f0000000080)='\\\x00', 0x0) open_tree$auto(r1, &(0x7f00000000c0)='./file0\x00', 0x200) r2 = socket(0x2c, 0x3, 0x0) bind$auto(r2, &(0x7f0000000380)=@nfc={0x27, 0x0, 0xffffffff, 0x1}, 0x6c) (async) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x100480, 0x0) (async, rerun: 32) personality$auto(0x40004010410ffc) (async, rerun: 32) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) lsm_list_modules$auto(0x0, &(0x7f0000000100)=0xbefc, 0x0) (async) ioctl$auto(0x3, 0x5404, 0x38) bind$auto(0x3, 0x0, 0x6a) (async) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x50) readv$auto(0x3, &(0x7f00000001c0)={0x0, 0x7fffffffefff}, 0x7) (async, rerun: 32) write$auto(0xffffffffffffffff, &(0x7f0000000040)='\x00', 0x5) (async, rerun: 32) bpf$auto(0x0, 0x0, 0xa3) (async, rerun: 64) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x9, 0x1f, 0x940, 0x1ffde, 0x3, 0x6, 0x8000004, 0xb, 0x5, 0x0, 0x4, 0xb0, 0x7, 0x200, 0x3, 0x205, 0x7, 0x0, 0x3ffff, 0x0, 0x3, 0x7069, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, [0x0, 0x0, 0x0, 0x8, 0x5, 0x8000004, 0x0, 0x100000000000000, 0xfffffffffffffffb, 0x0, 0x0, 0x0, 0x1, 0x0, 0x3, 0x0, 0x0, 0x2f, 0x1, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000, 0x0, 0x100000000, 0x0, 0x8000000000000001, 0x0, 0x1, 0x0, 0x0, 0xfff, 0x4, 0x0, 0x0, 0x2000000000000000]}, 0x4b9, 0x7d) (async, rerun: 64) prctl$auto(0x23, 0xe, 0x0, 0xada5, 0x0) (async, rerun: 64) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) (rerun: 64) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) r3 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r3, &(0x7f0000000200)={{0x0, 0x60000000, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x4008) 3m39.485545213s ago: executing program 3 (id=1000): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/irq/2/name\x00', 0x800, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) bpf$auto(0x0, 0x0, 0xa3) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x9, 0x1f, 0x940, 0x1ffde, 0x3, 0x6, 0x8000004, 0x9, 0x5, 0x0, 0x4, 0xb0, 0x7, 0x200, 0x3, 0x205, 0x7, 0x0, 0x3ffff, 0x0, 0x3, 0x7069, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, [0x0, 0x0, 0x0, 0x8, 0x5, 0x8000004, 0x0, 0x100000000000000, 0xfffffffffffffffb, 0x0, 0x0, 0x0, 0x1, 0x0, 0x3, 0x0, 0x0, 0x0, 0x1, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000, 0x0, 0x100000000, 0x0, 0x8000000000000001, 0x0, 0x1, 0x0, 0x0, 0xfff, 0x4, 0x0, 0x0, 0x2000000000000000]}, 0x4b9, 0x7d) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) r0 = socket(0x10, 0x2, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x3fd, 0x8000) r1 = socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/sda\x00', 0x8001, 0x0) ioctl$auto(r2, 0x2282, r1) socket(0x28, 0x2, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r3 = socket(0x2b, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @remote}, 0x6a) sendmmsg$auto(r3, &(0x7f0000000000)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xfffffffd}, 0x10001}, 0x5, 0x20000000) setsockopt$auto(0x3, 0x1, 0x20, 0x0, 0x9) recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd) pidfd_send_signal$auto_PIDFD_SELF_THREAD_GROUP(0xffffffffffffd8ef, 0x2b3d, 0x0, 0x8f) write$auto(0x3, 0x0, 0x7fffffff) sendmsg$auto_ETHTOOL_MSG_MODULE_FW_FLASH_ACT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={0x0, 0x14}, 0x1, 0x0, 0x0, 0x8000}, 0x11) sendmsg$auto_OVS_VPORT_CMD_DEL(r3, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000480)={0x14, 0x0, 0x100, 0x70bd28, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x220040c0}, 0x81) sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0x60000000, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x4008) 3m39.017175737s ago: executing program 3 (id=1002): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) r0 = socket(0x2, 0x1, 0x0) (async) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000140)='/proc/self/net/softnet_stat\x00', 0x0, 0x0) (async, rerun: 32) r1 = socket(0xa, 0x1, 0x84) (rerun: 32) r2 = getsockopt$auto(r1, 0x0, 0x485, 0x0, &(0x7f0000000040)=0x4) (async, rerun: 64) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) (async, rerun: 64) connect$auto(0x3, &(0x7f00000000c0)=@in={0x2, 0x3}, 0x55) (async, rerun: 32) sendmsg$auto_NFC_CMD_SE_IO(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x14}, 0x1, 0x0, 0x0, 0x408d4}, 0x0) (rerun: 32) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/dummy_hcd.7/usb8/configuration\x00', 0x10b800, 0x0) openat2$auto(r2, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)={0x7c, 0x10eb4000000, 0x7}, 0xfffffffffffffff9) (async) readv$auto(r3, &(0x7f0000000080)={0x0, 0x5}, 0x2) (async) getsockopt$auto(r0, 0x6, 0x23, 0x0, &(0x7f0000000100)=0x18) 3m38.580954656s ago: executing program 3 (id=1003): r0 = socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) pread64$auto(0xffffffffffffffff, 0x0, 0xd, 0x6e9) close_range$auto(0x2, 0x8, 0x0) openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f0000000340), 0x189400, 0x0) pwrite64$auto(r0, &(0x7f0000000000)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x88\xa8s\x1c\b\x06\x8a>)\x14\r>\x94\x1a\xd3\xd3\x1d\xf8\xbebZ\xddL\'\x03\xf1`\x9f\x1e\xf9\xa4\xf8\x15\x02l@\x18*\xc0\xc1\xf2\x14^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x0e\xa4\xdf\xdav\x1cC\x8a\xeeq\xf0\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2', 0x4e, 0x3) sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x7fff) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) r1 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/domain_policy\x00', 0x40802, 0x0) read$auto(r1, &(0x7f00000002c0)='N\xd5\f\xb9GC*(,\x00\xc4bAL\xa3`\xb1\xf2\xe7\xc04b$\x99.\xb4\xcc\xc0%\xaa\xd3\xd5\xef\xa4\xd35u\xc0\xa6\r\xcaJ\x11\xaf\x93\xde\xc3|\x17\x96\xd1\x15g\x10\x1ai1(=!\xf1\xe8\xe4\xcdm\xedKW\xe7\xfbL\\\xf2sj(\v\xcd\xe5\x02B\x81ss\xdd\x8199\xa5\x1e\xb0A\xa3\xcbj7\xe9\xc9L\xcc\xc6\xa4\xaf%\xba\xda\xee\xd8%:bXj\xd5[UG\x8a\x8ab\x9a\x18\xe8K\xafU\x8d\xb1\f~\xaa\xab(\x86(\xf9\b\xf7$%\xf2\x11\xa4\x9bj\xc1)\n\x1ft\xb6\xaf\xe2\xd4\x95\xa3\xe1\x1f\xf7uw\a\xd0\x83{_>/\xff', 0x100000001) waitid$auto_P_ALL(0x0, 0x1, 0x0, 0x4005, &(0x7f0000000b40)={{0xffffffffffffffff}, {0xfffffffffffff4c5, 0x2}, 0x408, 0x8, 0x0, 0xdd0, 0x7, 0x400000000000010, 0x0, 0x4, 0x7, 0x3, 0x100000, 0x96bd, 0x7ff, 0xbf0}) write$auto(r1, &(0x7f0000000040)='S\x00\x00\x00\xfe\xff\xff\xff', 0x8587) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/cgroup.threads\x00', 0x399402, 0x0) preadv$auto(0x3, &(0x7f00000000c0)={0x0, 0x3}, 0x3, 0x2, 0xffffffffffffffff) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) close_range$auto(0x2, 0x8, 0x7) r2 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000140)='/proc/sys/net/sctp/ps_retrans\x00', 0x40000, 0x0) flock$auto(r2, 0x5adafd77) ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, 0xffffffffffffffff) r3 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/memfd_noexec\x00', 0x2, 0x0) read$auto_proc_sys_file_operations_proc_sysctl(r3, &(0x7f0000000000)=""/39, 0x27) close_range$auto(0x2, 0x8, 0x0) mremap$auto(0x4, 0x7, 0x3fd6, 0x3, 0x6) 3m36.89834272s ago: executing program 3 (id=1012): mmap$auto(0x0, 0x40009, 0x36, 0x9b72, 0x7, 0x28000) r0 = openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) move_pages$auto(0x1, 0x2000000000001, 0x0, 0x0, 0x0, 0x8000400000000000) ioctl$auto(0x3, 0x400454ca, 0x38) write$auto(0xffffffffffffffff, 0x0, 0x3) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = open(&(0x7f0000000000)='./file0\x00', 0x4242, 0xe1d2b27bdc14aabc) r2 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/snd/controlC2\x00', 0xa802, 0x0) setresuid$auto(0xffffffffffffffff, 0x8, 0x8000) setfsuid$auto(0x0) umount2$auto(&(0x7f0000000200)='.\x00', 0xd) ioctl$auto_SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r2, 0xc0045516, &(0x7f0000000080)=0x551) read$auto(r2, 0x0, 0x3) fallocate$auto(r1, 0x0, 0x7, 0x4cbd5d) rename$auto(&(0x7f0000000480)='./file0\x00', &(0x7f0000000100)='./file1\x00') write$auto(r1, &(0x7f0000000040)='\x00', 0x1) mmap$auto(0x0, 0x128009, 0xdf, 0xeb1, 0x401, 0x8000) r3 = openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000140), 0x8000, 0x0) ioctl$auto_dvb_demux_fops_dmxdev(r3, 0x40026f33, 0x0) r4 = open(&(0x7f0000000100)='.\x00', 0x0, 0x0) getdents$auto(r4, 0x0, 0x62d4) mmap$auto(0x0, 0x20009, 0x10000000000df, 0xeb2, 0x401, 0x8000) write$auto(r0, 0x0, 0x1) io_uring_setup$auto(0x54, 0x0) r5 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/tty17\x00', 0x1, 0x0) write$auto_tty_fops_tty_io(r5, &(0x7f00000001c0)="352c8efa618c0bcf83a4ebdb27ec25906b0e1015b18c429fc1d7c523728754e15f334a572cad539da201096bbbc2ce7db19c429b3c", 0x35) r6 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dsp\x00', 0x20b42, 0x0) ioctl$auto_SNDCTL_DSP_SETFMT(r6, 0xc0045005, 0x0) write$auto(r6, 0x0, 0x7) 3m21.753345507s ago: executing program 32 (id=1012): mmap$auto(0x0, 0x40009, 0x36, 0x9b72, 0x7, 0x28000) r0 = openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) move_pages$auto(0x1, 0x2000000000001, 0x0, 0x0, 0x0, 0x8000400000000000) ioctl$auto(0x3, 0x400454ca, 0x38) write$auto(0xffffffffffffffff, 0x0, 0x3) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = open(&(0x7f0000000000)='./file0\x00', 0x4242, 0xe1d2b27bdc14aabc) r2 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/snd/controlC2\x00', 0xa802, 0x0) setresuid$auto(0xffffffffffffffff, 0x8, 0x8000) setfsuid$auto(0x0) umount2$auto(&(0x7f0000000200)='.\x00', 0xd) ioctl$auto_SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r2, 0xc0045516, &(0x7f0000000080)=0x551) read$auto(r2, 0x0, 0x3) fallocate$auto(r1, 0x0, 0x7, 0x4cbd5d) rename$auto(&(0x7f0000000480)='./file0\x00', &(0x7f0000000100)='./file1\x00') write$auto(r1, &(0x7f0000000040)='\x00', 0x1) mmap$auto(0x0, 0x128009, 0xdf, 0xeb1, 0x401, 0x8000) r3 = openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000140), 0x8000, 0x0) ioctl$auto_dvb_demux_fops_dmxdev(r3, 0x40026f33, 0x0) r4 = open(&(0x7f0000000100)='.\x00', 0x0, 0x0) getdents$auto(r4, 0x0, 0x62d4) mmap$auto(0x0, 0x20009, 0x10000000000df, 0xeb2, 0x401, 0x8000) write$auto(r0, 0x0, 0x1) io_uring_setup$auto(0x54, 0x0) r5 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/tty17\x00', 0x1, 0x0) write$auto_tty_fops_tty_io(r5, &(0x7f00000001c0)="352c8efa618c0bcf83a4ebdb27ec25906b0e1015b18c429fc1d7c523728754e15f334a572cad539da201096bbbc2ce7db19c429b3c", 0x35) r6 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dsp\x00', 0x20b42, 0x0) ioctl$auto_SNDCTL_DSP_SETFMT(r6, 0xc0045005, 0x0) write$auto(r6, 0x0, 0x7) 9.2366183s ago: executing program 4 (id=1923): mkdir$auto(&(0x7f0000000040)='./file0\x00', 0x2) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0xa, 0x801, 0x84) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) socket(0xa, 0x3, 0x3b) socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x2, 0xa) openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000000), 0x8001, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000440)='/sys/devices/platform/dummy_hcd.0/usb1/bConfigurationValue\x00', 0x63102, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000000c0), 0x101100, 0x0) mknodat$auto(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0xfff, 0xfffffff8) r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/fs/cifs/cifsFYI\x00', 0x40c01, 0x0) write$auto_proc_reg_file_ops_compat_inode(r0, 0x0, 0x0) 8.145488237s ago: executing program 4 (id=1926): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f00000000c0)=@generic={0x26, "f5ffe0000000ecffffffffffffff"}, 0x5) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) ioctl$auto_USB_RAW_IOCTL_EVENT_FETCH(r1, 0x80085502, &(0x7f0000000200)=ANY=[@ANYBLOB="7f000000ff010000fa5ce79ac1b11bc02d09bf64c0f369dfc82d5b4b88fe58580eff9fa5c9daad26e9bf4b72713053203ffb121641a3893a1dc95c1642f8f85d898bc87a3fe4a873c3cff8b12e1337c6ab5a68e60435f8fe77752e22e73e2ffc1071cc7279b423059ca518025a47f78c10302d381d1a9e495afb35cad948ce7d634766f2093cc59dc38dd7dc4b342dabbcd4fecae93f8beb4af66f610568ef3369574d0ba70b1d510eee9049700b8de68ef4a77a54a816bb7821e495cee0894e58fed1ecb16435f7c13af38f3d2dba0c9302486ca159f1d78fcb84b645ca8edc2f95bd0b634c88b19781491236e9"]) mmap$auto(0xa, 0x3ff, 0x100000000001, 0xffffffffffffffff, r0, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) close_range$auto(0x2, 0x8, 0x0) openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f0000000340), 0x189400, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/cgroup.threads\x00', 0x80302, 0x0) preadv$auto(0x3, &(0x7f0000000040)={0x0, 0x5}, 0x3, 0xf8, 0xffffffffffffffff) mmap$auto(0x0, 0x20009, 0xde, 0xeb1, r2, 0x8000) close_range$auto(r2, r0, 0x0) socket(0xf, 0x4, 0xc) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x103080, 0x0) close_range$auto(0x2, 0x8, 0x0) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) r4 = ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$auto_KVM_GET_MSRS(r4, 0x4008ae89, &(0x7f0000000180)={0x3, 0x0, [{0x400, 0x4, 0xfffffffffffffffb}, {0xa1f, 0x2, 0x8}, {0x7f, 0x4, 0x7fffffff}, {0x80000000, 0x7, 0x2ce}, {0x2, 0x6, 0x1c00000}, {0x40, 0x7ff, 0x5}, {0x1ff, 0x8, 0x10000}]}) close_range$auto(0x2, 0x8, 0x0) r5 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000140), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r5) ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae80, 0x0) close_range$auto(0x2, 0x8, 0x0) io_uring_register$auto(0x2, 0x1d, 0x0, 0xd3) mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x40eb2, 0xd, 0x300000000000) 6.487117957s ago: executing program 4 (id=1932): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) sysfs$auto(0xffffff70, 0x1, 0x0) r0 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r1 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$auto_PPPIOCSMRU(r1, 0xc004743e, 0x0) ioctl$auto_PPPIOCSMRRU(r1, 0x4004743b, 0x0) mlock$auto(0xfff, 0xde7f) mmap$auto(0x0, 0x20009, 0x10000000000df, 0xeb2, 0x8000000401, 0x8000) io_uring_setup$auto(0x1, 0x0) mmap$auto(0x0, 0x672e, 0x10df, 0xeb1, r0, 0x3) getsockopt$auto(0xffffffffffffffff, 0x0, 0x32, 0x0, 0x0) futex$auto(0x0, 0x6, 0x8, 0x0, 0x0, 0x80000001) close_range$auto(0x2, 0x8, 0x0) sendmmsg$auto(0xffffffffffffffff, 0x0, 0x1ff, 0x20000000) mmap$auto(0x0, 0x2020009, 0x6, 0xeb1, 0xfffffffffffffffa, 0x8000) write$auto(0x3, 0x0, 0x100082) rseq$auto(0x0, 0x8000, 0x0, 0x6) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/i8042/serio0/scroll\x00', 0x2062, 0x0) write$auto(r2, &(0x7f00000001c0)='1\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, r2, 0x8000) io_uring_setup$auto(0x6, 0x0) close_range$auto(0x2, 0xa, 0x0) r3 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x40e00, 0x0) pread64$auto(r3, 0x0, 0x3, 0x5ef6) msync$auto(0x1ffff000, 0x180000000000101, 0x400000004) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="232954cc", @ANYRES16=r5, @ANYBLOB="01002abd7000fbdbdf25040000002d0011002f50136a450cf972f5a3d28479f92a9b221ca46c2d19fda4f47902c296fa844c12cd83f712d3c41e5d00000008001a8004000480"], 0x4c}, 0x1, 0x0, 0x0, 0x4008040}, 0x40800) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x15f443, 0x0) 5.92124556s ago: executing program 1 (id=1934): mkdir$auto(&(0x7f0000000040)='./file0\x00', 0x2) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0xa, 0x801, 0x84) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) socket(0xa, 0x3, 0x3b) socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x2, 0xa) openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000000), 0x8001, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000440)='/sys/devices/platform/dummy_hcd.0/usb1/bConfigurationValue\x00', 0x63102, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000000c0), 0x101100, 0x0) mknodat$auto(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0xfff, 0xfffffff8) r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/fs/cifs/cifsFYI\x00', 0x40c01, 0x0) write$auto_proc_reg_file_ops_compat_inode(r0, 0x0, 0x0) 5.717573002s ago: executing program 1 (id=1935): socket(0x1e, 0x1, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0x6, 0x0) listen$auto(0x3, 0x81) accept$auto(0x3, 0xffffffffffffffff, 0xffffffffffffffff) close_range$auto(0x0, 0x5, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/module/overlay/parameters/check_copy_up\x00', 0x129882, 0x0) sendfile$auto(r0, r0, 0x0, 0x8) r1 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/controlC2\x00', 0x60800, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_WRITE(r1, 0xc4c85513, &(0x7f0000000840)={{@raw=0x8, 0x7, 0xba28, 0x0, "708c58271a7985a7704331f78af8d149fc53d81fd4a7553c2ff48b48a8a57689adcc1ca6d2cbfa93b50590c9", @raw=0x6}, 0x0, @bytes=@data_ptr=0x0, "fa491e08108961dd5708680f1134935851612a52d629535f54f3832490fc4e7f79daef312b3df3307044713a4801d409aefe3f932f78fc311771094e769c0095f94ee6d74f2517f34a0bbbf502bf3392ac4d93bde5f733ba936c0890312cf035bc44117db9b683eedc5e02a703fc82750d8d6ebac0c3019ef8e6c1eecea33a59"}) 5.394704207s ago: executing program 1 (id=1936): r0 = openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f0000000000)='/dev/usbmon33\x00', 0x121200, 0x0) mmap$auto(0x0, 0x4000002, 0x6, 0x8051, r0, 0x0) syz_clone(0x5004000, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x2000000000000, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8001) openat$auto_drm_debugfs_entry_fops_drm_debugfs(0xffffffffffffff9c, 0x0, 0x503083, 0x0) syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000080), 0xffffffffffffffff) unshare$auto(0x40000080) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x300c00, 0x0) ioctl$auto_TIOCGDEV2(r3, 0x80045432, &(0x7f0000000040)=0xddc) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0xa, 0x3, 0x3b) connect$auto(r1, &(0x7f0000000000)=@generic={0xa}, 0x58) r4 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdc, 0xeb1, r4, 0x8000) recvmmsg$auto(r2, 0x0, 0x418010, 0x80, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) mmap$auto(0x0, 0x4, 0x4000000000df, 0x6b7, 0x401, 0x300000000000) process_vm_readv$auto(0x0, 0x0, 0x1, 0x0, 0x6, 0x4a7) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$auto_nlctrl(&(0x7f0000000140), r5) sendmsg$auto_CTRL_CMD_GETPOLICY(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000580)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r6, @ANYBLOB="010306b57000fbdbdf250a0000000600010018200000"], 0x1c}, 0x1, 0x0, 0x0, 0x400c01d}, 0x0) migrate_pages$auto(0x0, 0xa, &(0x7f0000000100)=0x5, &(0x7f0000000140)=0x2) move_pages$auto(0x0, 0x1002, 0x0, 0x0, 0x0, 0x2) close_range$auto(0x2, 0x8, 0x0) setsockopt$auto(0x3, 0x10000000084, 0xa, 0x0, 0x20) getpgid(0xffffffffffffffff) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_ADD(r4, 0xc1105517, 0x0) 4.881920744s ago: executing program 4 (id=1938): mkdir$auto(&(0x7f0000000040)='./file0\x00', 0x2) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0xa, 0x801, 0x84) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) socket(0xa, 0x3, 0x3b) socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x2, 0xa) openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000000), 0x8001, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000440)='/sys/devices/platform/dummy_hcd.0/usb1/bConfigurationValue\x00', 0x63102, 0x0) openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/set_event\x00', 0x20201, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/tty12\x00', 0x101840, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000000c0), 0x101100, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/pts/ptmx\x00', 0x40001, 0x0) fcntl$auto(0x0, 0x407, 0x1) r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/fs/cifs/cifsFYI\x00', 0x40c01, 0x0) write$auto_proc_reg_file_ops_compat_inode(r0, 0x0, 0x0) 4.428875103s ago: executing program 1 (id=1941): unshare$auto(0x40000080) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) socket(0x27, 0x4, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) keyctl$auto(0x1f, 0x1, 0x6, 0x0, 0x3ff) r1 = prctl$auto(0x1000000003b, 0x800000000001, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f2, 0x15) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_ETHTOOL_MSG_FEATURES_SET(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000040)=ANY=[], 0x14}}, 0x24048004) madvise$auto(0x0, 0x200007, 0x19) openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/pagemap\x00', 0x0, 0x0) r3 = getpid() io_getevents$auto(0x24, 0xffffffff, 0x4, 0x0, 0xfffffffffffffffd) ioctl$auto_SNDCTL_DSP_SPEED(r1, 0xc0045002, &(0x7f0000000180)="e26ebbdaffaaab4151d429f4758ec5fc4df994a1ac72272f6077cae808e88f7b4b66d1412063883e6e8af20634aeb48938475b1ef02979d0a9b24a0b93debd5ebee982725242939886c8fe73e245f8d2ffd43c721fa994b0d3952bed7152178ae695ebc6305e0a672b0bf9cf09a27063a7d633afed8b146af1aadb08d9406e1b2b87364ef15639173fa196d1fc0f6608558688cb0f9e17b1c4ee4e12552d2b770a2208e9355834c993ede9dfeaeaa5bf6cac28f4cb56db4cc693d63c676abe1b43fa6dc8799e24a71fbe4b2e56b6a9685d972d2669d98933b2b896f3442f7cfa3c7e189f8f") r4 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x4, 0x5, 0xebe, 0xfffffffffffffffa, 0x8000) futex_wake$auto(0x0, 0x9, 0xffffffff, 0xa) r5 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000380), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_LINKINFO_GET(r4, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000300)={0x14, r5, 0x820, 0x70bd26, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x8000}, 0x4044054) waitid$auto_P_PID(0x1, r3, 0x0, 0x1, &(0x7f0000000340)={{0x1, 0x8}, {0x8000000, 0x9}, 0x8, 0x6, 0x8, 0x1, 0x9, 0x6, 0x69, 0x3, 0x6, 0x0, 0x2, 0x37, 0x4, 0x6}) mmap$auto(0x0, 0x200006, 0x2, 0x40eb1, 0x602, 0x300000000000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) socketcall$auto(0x2, &(0x7f0000000040)=0x8) openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000300)='/proc/self/smaps_rollup\x00', 0x40000, 0x0) 4.006272802s ago: executing program 4 (id=1943): mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) r0 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0x400, 0x0) madvise$auto(0x0, 0xfffffffffffeffff, 0x15) r1 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) r2 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_GET_PROTOCOL_FEATURES(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="200026bd7000ff"], 0x14}, 0x1, 0x0, 0x0, 0x20000850}, 0xc08c) shmctl$auto_SHM_INFO(0x8, 0xe, &(0x7f0000000240)={{0x8001, 0x0, 0x0, 0xcf2, 0x4, 0x4, 0xb5}, 0x7, 0x4, 0x974, 0x6, @raw=0xab6, @raw=0x1, 0x9, 0x0, &(0x7f0000000040)="bc4ad47d9b5bbe6daeee13dbc359908eab890047c4e981d435489075a2e81fef74d9de45a427513540d8946a1a39e7fbec1be3548d1264a8cc53282a7d7defa7a6a72fe0017dffad8b0b009a7a3615f68c7ecffa2ba5bf78a52a7e7775f10c561058f699d8279aa7ba0ac13e65c32379f4c507846887ac2b3079907c5e759082dd1e63546a50dadafd7424caa138b04299a582e29c8aa13521b114b9b8b1da5bf99586f84fbc1c02702f457a896e4c96f6a3fdaf28a87bebbd59871f1105eaf68e376674cb1af0ec91e4df8304ddab5b06", &(0x7f0000000140)="930b9aa0b4a48a80965c2d35f92c5c416a912b338dc791f25dc45db505e7e49d3e5823e83d7ec1969369d075232decd1343f87a8573441a297bdfc3e8c6afd5e367d66743f24943c88401926aa09f28c1a2bffbca6222a7f8e2e7ab5eedcaac643414ce4e6ca58bd28b51de425cc2e13e570ae81acfe303f2dbc93816860c113e788cb16427a6ca0ebac26acc93ea6b983772f91716a59ffa7f1a4a8544b5b6d378159b7c27fb45857f125424cb7f49dc82acf33e09c6e64b87bc12290fd3ff1806de1fa48ac7d10198cf39ba94c2f537dc0b4c5ef094d13de343ec6aedb86afce249669ac0383"}) msgctl$auto_IPC_SET(0x9, 0x1, &(0x7f0000000340)={{0x80000001, 0xee00, 0xffffffffffffffff, 0x5, 0xf5ab, 0x9, 0x8}, &(0x7f00000002c0)=0xc2, &(0x7f0000000300)=0xe, 0x5, 0xe5, 0xfffffffffffffffd, 0x0, 0x0, 0x67, 0x8001, 0x3, @raw=0x7, @raw=0x4b5}) msgctl$auto_IPC_STAT(0xd, 0x2, &(0x7f0000000440)={{0x8, 0xee01, 0xee01, 0x4, 0x1, 0x1, 0x8}, &(0x7f00000003c0)=0xa, &(0x7f0000000400), 0x43a, 0x1, 0x6, 0x6, 0x2, 0x9, 0x3, 0x8, @inferred, @raw=0x556}) sendmsg$auto_NL80211_CMD_SET_SAR_SPECS(r1, &(0x7f00000008c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000880)={&(0x7f00000004c0)={0x3b0, r2, 0x20, 0x70bd2a, 0x25dfdbfc, {}, [@NL80211_ATTR_BANDS={0x8, 0xef, 0x5}, @NL80211_ATTR_TX_RATES={0x20, 0x5a, 0x0, 0x1, [@typed={0x14, 0x56, 0x0, 0x0, @ipv6=@private0}, @typed={0x8, 0xb2, 0x0, 0x0, @fd=r0}]}, @NL80211_ATTR_PEER_AID={0x6, 0xb5, 0xc5d}, @NL80211_ATTR_MAC_ADDRS={0x354, 0xa6, 0x0, 0x1, [@generic="3f85bde327d9df7525d20c972499411462ffca1980b6e54d756456cd197a460219e33bd2244ef536fdb9d8cccfec35ec64fca7bd959417e4934b02aa3dd041f8011c206e485564ec0492150378b91a6bb8a7ca9942cce195eb11ab76b4471a3ab47d03ebb2f1b3d529792eb747f54a1540e7809028d7f94d96b3bf7e283effd8c1a567ac33703eeb27fe62ac007b61d31c1876aa6ed1809cf4c25263f90a96adfbdd173a4ed32c61c97a8614d47f8c19482b47ad9000130f55ecf0c646b242f9c3485bef0f60577314cfec7b38cc873f26e2d0d871eb01b798a98194dd9544ec469cf1e0419e11975f535afe967a9d5f37c4", @nested={0x14, 0x56, 0x0, 0x1, [@typed={0x8, 0xa6, 0x0, 0x0, @uid=r3}, @nested={0x4, 0x7c}, @nested={0x4, 0x62}]}, @nested={0x147, 0x5a, 0x0, 0x1, [@generic="30fd7be252b522e0e9b72ccb74cabb782eeb93aeaae5ce97a0131535704f9dbe169323218b2bf0cd35c8b0eaf2ab", @typed={0x8, 0x8d, 0x0, 0x0, @ipv4=@rand_addr=0x64010100}, @typed={0x9a, 0x138, 0x0, 0x0, @binary="e2c930f77863a9b7c97c52f2cd9a15b8fc6e813b9af92e8717119aa9250b04c1e8dcaaa109e3d9711c2fd425643db2343faf424739c5308d4764443cb558533fee7d6df904c6bafacea19010941d2e2aa0125ed28ff89b141e7291d8212f679b482bdb8e780033c499e2366b68c9382d20f2fe6c8f8554ac188b4fa1ea28281c297f227f2c6a1987c489cf4195d707d22087f6be3e24"}, @nested={0x4, 0x85}, @nested={0x4, 0x14c}, @nested={0x4, 0x6e}, @generic, @generic="b9d1339c93676fdb92c4122660fac20a354bed03def05f5706ecaa0cd96effc667927fe07b134b02d21fbe3f22591f809fcc9d8dc2647298137cc956e7b936aeb7d14c008a45ebe49b8e78d5bb6f0074f4648540f59b148dd908f8b57eb2f754926a7818ba"]}, @nested={0x3d, 0x133, 0x0, 0x1, [@typed={0x5, 0x12f, 0x0, 0x0, @str='\x00'}, @typed={0x8, 0x5f, 0x0, 0x0, @uid=r4}, @typed={0x8, 0x11, 0x0, 0x0, @fd=r0}, @generic="7ec03ceaa645a41a5872eead0fc9e6a19ff7f0871d8cc5d13b", @nested={0x4, 0xfa}, @typed={0x4, 0xf7}]}, @generic="a1afe866ab33b39fb6ad25d59bc859ec9f76e72f5f88122f25c432b4a0ef3d68051c710ee8b58b0344ab92504892f9bffead5bd0d960307e2db9b2d9487b1d8471de2d9b5472b74bb2e1db6e0727ca14542da98a11f58d49deb9b6dbf0e9df1429c463f01df83ce7e16769d77db58102ae46582a5ae34114e84da2c67cd9f585fdcafb57eff7d9df983a59dd016654bf67bd5f0d9ab37aac9192bbbfc6c295c40cd38668746fa51cd3f781ac8cead13e466622f4774d7cb810d0", @typed={0x8, 0x124, 0x0, 0x0, @uid=r5}]}, @NL80211_ATTR_WIPHY_COVERAGE_CLASS={0x5, 0x59, 0x4}, @NL80211_ATTR_BSS_DUMP_INCLUDE_USE_DATA={0x4}, @NL80211_ATTR_REG_INDOOR={0x4}, @NL80211_ATTR_MAX_HW_TIMESTAMP_PEERS={0x6, 0x143, 0x6}]}, 0x3b0}, 0x1, 0x0, 0x0, 0x4008040}, 0x44) mmap$auto(0x0, 0x2020009, 0x203, 0xeb1, 0xfffffffffffffffa, 0x8003) unshare$auto(0x40000080) mq_timedsend$auto(r1, 0x0, 0x9, 0x8, 0x0) 3.2944179s ago: executing program 2 (id=1946): setfsuid$auto(0xee00) mmap$auto(0x0, 0x20007, 0x4000000000df, 0x14, 0xffffffffffffffff, 0x8000) socket(0x2, 0x2, 0x0) bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x50) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x700, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) r0 = socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0xe, 0x9, 0x2, 0xfffffffffffffffd, 0x5, 0x4, 0x15f4da0e, 0x8, 0x9, 0x100000000000000c, 0x8, 0x1, 0xfca, 0x9, 0x2, 0x4000000000000d]}, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) unshare$auto(0x40000080) ioctl$auto_NS_GET_TGID_IN_PIDNS(0xffffffffffffffff, 0x8004b709, &(0x7f0000000040)=0x5) unshare$auto(0x40000080) mmap$auto(0x0, 0x40008, 0xdb, 0x9b72, 0x7, 0x28000) io_uring_setup$auto(0xfa3, 0x0) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x28, 0x1, 0x0) connect$auto(0x3, &(0x7f00000000c0)=@vsock={0x28, 0x0, 0x2710, @host}, 0x55) listen$auto(0x3, 0x81) accept$auto(0x3, 0xffffffffffffffff, 0xffffffffffffffff) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_nlbl_cipsov4(0x0, r0) sendmsg$auto_NLBL_CIPSOV4_C_ADD(r1, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB='\x00\x00\x00\x00\b\x00D', @ANYRES16=r2, @ANYBLOB="000428bd7000ffdbdf250100000008000a007f000000"], 0x1c}, 0x1, 0x0, 0x0, 0x1602c000}, 0x4000) r3 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmstat\x00', 0x20000, 0x0) pread64$auto(r3, &(0x7f00000002c0)='\x04\xefr\tbgc/\xd0\xe1\xf7$/tg/,s\b\xf5\xf7\x0f\x03\xd5\xef\xbf\xf6j\xe2\xed\x7f0\b\xff^\xe3th\xd2\x1bA\xba&\xba\xd0\xbb\xca\xb0\xa1\t\x00\x00\r(\xccF\xeeg\n\x00\x00\xa9l\x9cd\xcf\xff\x97=\xf4\xa1\xca\x82j\xf2\x17\t\x00\x00\x00\x00\x00\x00\x000\xf76\xb96\xd1\xb9\xde\xe2\x167\xc5\x94\x00A[B\xd9\x82\xaa\xc5\xfcoB\xfe\'\xfbI\xc9\xcb\xc3\xc1\x1e6~\x81\xb9\x0ff\x8e\xd3\x06\xba;yX\x966\x97#\xfb\x8d!F\xfc\x99\x86\x1d\xbb\xaf(\x92\x887\x01Z\xa7\xe3Y\x17\xd2#\x8aO\xef\r\xfa\xe0\x18IiI\xaek\xa9R\x02N;+@\x12>\'\x1a\xa6i\x93\x8c\x16BO@ \xb5\xd9\xd0\xb6S\xfc\x17\x11\x04\x8b?$\xean\xa1|D\xbbV%\xde\x87\xd1@\x00\x8cM\xfdr\xc9\x86\xbaq', 0x100003ffd, 0x6) socket(0xa, 0x3, 0x3a) 3.037581975s ago: executing program 0 (id=1947): mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x400008, 0x36, 0x1009b72, 0x2, 0x8000) setuid$auto(0x800000000008) madvise$auto(0x0, 0x2003f2, 0x15) madvise$auto(0x0, 0x2003f2, 0x15) madvise$auto(0x100000000000000, 0x1010001, 0x100000003) 2.488128864s ago: executing program 4 (id=1948): write$auto(0xffffffffffffffff, &(0x7f0000000280)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94&\x81\xe2\x13\x8f\xea#\xf8F\xbbOO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\b\xc1\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xcbA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaaVk[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\x81\xdd\x87\xbd\xe9(S\x1c\xad\xea\x9d\xe8\xb7\xd9E\xa9HuE\xb8\xbeS\xc0\"I\x96\x9d\xcbj\x06\xac4W\x91\x83', 0xa) r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000140)='/proc/sys/net/mptcp/available_schedulers\x00', 0x0, 0x0) read$auto(r0, &(0x7f00000006c0)='(]\x00\x8cyg\xe6\x95\xb7\x93\x14j\xc0\x021\x1c\xccW:/z\xbbm9\xdf|{*:\xb8\xbe\x93\xca\x82\xd3\xcc]\x02\x00\x00\x00\x00\x00\x00\x00Q\x1bN\x99\xa4\x1d\x01\x94\xb9^u\x92\xf7\xb2E\xb2c\x8b\x87H \xb3\x11\v\xe2\xb9Q\x99\x13\xf8\x95Vq\xee\xeeP\xb6e8\xbf\xce\xd7\x17G\x02G\x80\xc6\xd2\xbd\xe1f;a\x01\xd0h\xc5\xf6\x9f\xa0\xf0t\x18\xe0\xac\xaa\xb79\xed\xce,\x1d\x12QK\xffO\xb9^\x86`Z\xffs\xd0\xa4\nt\xb1\xb6\xb9\xc6\'\xa0\n#j\xc2\xac\xff\xc4\x15O\xba\xc5\xc0\xf3Z\xb5\x18\x92,\x06\xf5\x7f\x92\xd1\xf1N\x0ev]\xa3\xbb\x12\xb9\xb8\xcb_\xa5\x0f\x1f>a\x88\xa0?\xf7\xc2\x16+\x95\x1b\x96\xbd\x15\x15\xe3\x96`\xe6\xf2\x02\xc1{8\xcd\xdbV\xc6ZH4\x03\x98V\xfd-\xa0OM\x9ex\xc5\xc2>8\xdat5=\xff\n\xddB\xee\x96\x1dx\n(\xdd\x14e\x1c\x18\x7f\xae\x8e\xebs4\xb6\x9b0\xca\"\xa2\x8b(T\x03\x81k\x91*w\xe17\x94\xfb\xf1\xbe\xfe8\xe2\xddV\x8b}\x11\xa75\xa4j\x8e\x15\x1d\xfe\x8ar\xfa\xf3%\f\xe2\x1fj\x1e\x97\xd9\x9c_l\x12_\x85\xea\xaew\x02\x8f\xf4\x90&\x99\xb1\x83\xd8he\xe2X\xc8\xcd\x90\xde=\xd2\x81\x8b\xed\xbc\x86\xdb\x8a%\x9c\x00\\\xe1\x84\x7fv!\xc2p\x00\xf1\xf8)\xd2\x97\x90\xb7\x8d\xb2:C\xfa\xa7\x1f\t\xa4Ma\xb4\xb2\x12f\xfa\xae\x8c8\xf0\x91\x9c\xeb\xeb\xc1mi\x1b\xb6\x8c\xbf\x19\xe5z\xcb$:\xe3\xa0\x8a,\xba\xe3\xb5\xd4,\xd5\x15DS\xd08x\xc0\xb9\x11\xb2@\xa2\xe1\xfd\xd4\b\x12\xa4\x90c\x8a\xac\xdc\xa3\x03\xaf\xc7\xd2\x810b\xfb\xac\xf9G\xeb\xf0\xb7\x19/\'\xc8\xb9\xa3\nX\x92\x8b\xe7\xe1\xf1\xaf\xfds\x0e\x9b9\xcc\x80T4N\xd3\x0e\x14\xc92\xde\xbb\xe5\xc2\x02\x8a\xe2(\x0f\x93@\x19?\x96I4h\xf5nXA\v\xc4\xf5\x87P\xe4\xb2\x94(\x12qo\xa9\xb9\x16}B\xbc\xe7\x10tD\x9c\xe2\"\x04-\xb01\x99C\xa8m\xb2`\x8c\x18\x9d\xb4\"\xab\xb1\x06\xa3Q{\x05\x1d\x8c4xo\xea\xd4\x99\x17$\x94\x99\x06\x96\x99\v{u\\\x84\xc0M\xd5\"\xb1\x92\a\x02\xac\t\xde\x8a\xbb\x8d\x88\xd6\xff`\x87|\xc7E\x88N\x17\x8eA\xb8\x95\xces\xba\x8a\x18d\xf9`g\n\xa0\xe4#\xfb\xf0\x84R\xc7xi\xb1\x19\xa4.\xc1\xca\x9d\xdb\x11T\xca\x93\xe3\xdfXk\'\xe2\f\xfc\x94iYt\x0e\xac`*\x1cx>\xb9\x9e\x83cf\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) listen$auto(0x3, 0x81) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f2, 0x15) msgrcv$auto(0x0, 0x0, 0xff9, 0x1, 0x3) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/workqueue/cpumask_requested\x00', 0x0, 0x0) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) msgsnd$auto(0x0, &(0x7f0000000080)={0x6, 0x2}, 0xf, 0xc45) openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/config/nullb/features\x00', 0x40240, 0x0) sendmsg$auto_ETHTOOL_MSG_FEATURES_SET(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, 0x0}, 0x24048084) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/power/state\x00', 0x20a42, 0x0) write$auto_kernfs_file_fops_kernfs_internal(r2, &(0x7f0000000100)="ba7f75", 0x3) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000040), r3) r4 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200", @ANYBLOB="5de1"], 0x1ac}}, 0x40000) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) 2.429645179s ago: executing program 0 (id=1949): r0 = syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000180), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_OVS_FLOW_CMD_GET(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010025ccbd700000000c0001800700108083090b000400"/35], 0x28}, 0x1, 0x0, 0x0, 0x24040071}, 0x800) 2.279177112s ago: executing program 2 (id=1950): mmap$auto(0x0, 0x2000c, 0xdf, 0x20eb1, 0x40000000000a5, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/nbd7/queue/max_discard_segments\x00', 0x80000, 0x0) socket(0xa, 0x801, 0x106) setsockopt$auto(0x3, 0x0, 0x1, 0x0, 0x2) read$auto(r0, 0x0, 0x9) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_trace_options_fops_trace(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/tracing/options/blk_cgroup\x00', 0x20005, 0x0) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c0000001400c7"], 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x400c000) r1 = socket(0x10, 0x2, 0x4) r2 = io_uring_setup$auto(0x6, 0x0) r3 = timerfd_create$auto(0x0, 0x0) openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000000000)='/dev/cec27\x00', 0x80200, 0x0) r4 = openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000000000), 0xc0402, 0x0) ioctl$auto_posix_clock_file_operations_posix_clock(r4, 0x40043d04, 0x0) ioctl$auto_CEC_S_MODE(r3, 0x40046109, &(0x7f0000000040)=0x33) openat$auto_hwflags_ops_debugfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/ieee80211/phy4/hwflags\x00', 0x0, 0x0) close_range$auto(0x2, 0x8000, 0x0) sysfs$auto(0x2, 0x4, 0x0) fsopen$auto(0x0, 0x1) readv$auto(0x3, 0x0, 0x1) syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) fcntl$auto_F_SETLEASE(r2, 0x400, 0x2) write$auto(r1, &(0x7f0000000000)='-\x00', 0x2fb) write$auto(0x3, 0x0, 0x100082) 2.178829258s ago: executing program 1 (id=1951): mkdir$auto(&(0x7f0000000040)='./file0\x00', 0x2) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0xa, 0x801, 0x84) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) socket(0xa, 0x3, 0x3b) socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x2, 0xa) openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000000), 0x8001, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000440)='/sys/devices/platform/dummy_hcd.0/usb1/bConfigurationValue\x00', 0x63102, 0x0) openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/set_event\x00', 0x20201, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/tty12\x00', 0x101840, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000000c0), 0x101100, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/pts/ptmx\x00', 0x40001, 0x0) fcntl$auto(0x0, 0x407, 0x1) r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/fs/cifs/cifsFYI\x00', 0x40c01, 0x0) write$auto_proc_reg_file_ops_compat_inode(r0, 0x0, 0x0) 2.133084127s ago: executing program 0 (id=1952): mmap$auto(0x0, 0x202000d, 0x4003, 0xeb1, 0xfffffffffffffffa, 0x80000000008000) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) socket(0x2, 0x80802, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_smc_gen_netlink(0x0, 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/v4l-subdev6\x00', 0x103281, 0x0) (async) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/v4l-subdev6\x00', 0x103281, 0x0) mmap$auto(0x0, 0x20009, 0x4000000001df, 0xeb1, 0x401, 0x8000) (async) mmap$auto(0x0, 0x20009, 0x4000000001df, 0xeb1, 0x401, 0x8000) openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000140), 0x8040, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/platform/dummy_hcd.7/usb8/authorized_default\x00', 0x20582, 0x0) (async) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/platform/dummy_hcd.7/usb8/authorized_default\x00', 0x20582, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup.cpu/hugetlb.2MB.rsvd.limit_in_bytes\x00', 0x0, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ram5\x00', 0x14fa02, 0x0) (async) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ram5\x00', 0x14fa02, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000001a80)='/dev/bus/usb/001/001\x00', 0x29202, 0x0) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) (async) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) r0 = openat$auto_ucma_fops_ucma(0xffffffffffffff9c, &(0x7f0000000180), 0x101002, 0x0) write$auto(r0, 0x0, 0xc3) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000440)='/sys/module/mousedev/parameters/xres\x00', 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) (async) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) (async) socket$nl_generic(0x10, 0x3, 0x10) r1 = socket(0x1d, 0x2, 0x7) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'vcan0\x00'}) socket$nl_generic(0x10, 0x3, 0x10) (async) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_taskstats(&(0x7f00000000c0), r1) (async) syz_genetlink_get_family_id$auto_taskstats(&(0x7f00000000c0), r1) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_smc_pnetid(&(0x7f0000000b40), 0xffffffffffffffff) (async) r3 = syz_genetlink_get_family_id$auto_smc_pnetid(&(0x7f0000000b40), 0xffffffffffffffff) sendmsg$auto_SMC_PNETID_GET(r2, &(0x7f0000000c40)={0x0, 0x0, &(0x7f0000000c00)={&(0x7f0000000b80)={0x20, r3, 0x1, 0x70bd29, 0x25dfdbfb, {}, [@SMC_PNETID_NAME={0x9, 0x1, '-,]\'\x00'}]}, 0x20}}, 0x20000040) ioctl$auto_XFS_IOC_FREESP64(0xffffffffffffffff, 0x40305825, &(0x7f0000000100)={0x1, 0x2, 0xffffffff80000001, 0x7}) 1.97364371s ago: executing program 2 (id=1953): openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) r0 = socket(0x11, 0x2, 0x73) r1 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000200), r0) sendmsg$auto_NL80211_CMD_GET_MESH_CONFIG(r0, &(0x7f0000000440)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000240)={0x16c, r1, 0x200, 0x70bd29, 0x25dfdbff, {}, [@NL80211_ATTR_DFS_REGION={0x5, 0x92, 0x6}, @NL80211_ATTR_HT_CAPABILITY={0x91, 0x1f, "ff371a98e4fe8b533e17075c3f1d543d101fc4a77b746725717edd62c7686a2f0d63da29587da2a5aa1925880a7b97c90a6e77941bd4fb09ada80fb7d0360a94ffb86abc0afb88ab1b1f2a1262ce3d7ec819ad95e9cef520ad0755f56b966c924e352da791952129f9a2be918df247e6117ac2709c3d15f9ae51805c821360a1b5faf8f71c7abebd7390d129bd"}, @NL80211_ATTR_FILS_CACHE_ID={0xb6, 0xfd, "00b2cd9386228a7c5b2d063c5500c74e25f28353d02a7eac637d4074ef2fdd5b702ba2489b6ae9b8d0373f4a4ccd0723d5da036a0b13e95e4a1bfdc2198ae724fe46c2184063480b2aa31360e30f5e4f611ae4a58dca499896dbaa84d852184b83cdce4ba9255077c7bc9132bf72ee44e2dbf92b3901fba7ce6b29ee0ca421e10e350144c98dd26ca7dbceebfe55789738460c8de9fe0e08e45bece44add9429fd1a2f05c2c5f35c9234988f85c6adcdd645"}, @NL80211_ATTR_HW_TIMESTAMP_ENABLED={0x4}]}, 0x16c}, 0x1, 0x0, 0x0, 0x84}, 0x20000005) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'veth0_macvtap\x00', 0x0}) sendmsg$auto_BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000140)={&(0x7f0000000480)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="020027bd7000fddbdf250e00000008000300", @ANYRES32=r2, @ANYBLOB="0800320004000000060014000400000005002e000000000008000b00050000000c000c00010001000000000005000a000900000005001900060000001ada1d21bb418967465e2cfdc3d14de474b564ab4fe700a540971fc7678a13514622d23527fae4a76a885b4c53865a868e594bc353ff096aa8b786f94999af41d79707e29d84cc0de07af0af1012bd7fa55f689729e05daf9e45c58c76bed848c3d748dcbe0d60ccdcb474d74301701867662ea25c5b40cd750b9a4f5b05b40d5296ffd77e6088ce9d666a9effa234b6747f2fa60bafd444e57b1a4e7bb615abcb66e1e0164c45"], 0x58}, 0x1, 0x0, 0x0, 0x8000}, 0x24000000) clock_gettime$auto(0x1, 0x0) r3 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x40401, 0x0) ioctl$auto_TCFLSH2(r3, 0x5411, 0x0) 1.628487541s ago: executing program 0 (id=1954): mkdir$auto(&(0x7f0000000040)='./file0\x00', 0x2) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0xa, 0x801, 0x84) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) socket(0xa, 0x3, 0x3b) socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x2, 0xa) openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000000), 0x8001, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000000c0), 0x101100, 0x0) mknodat$auto(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0xfff, 0xfffffff8) r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/fs/cifs/cifsFYI\x00', 0x40c01, 0x0) write$auto_proc_reg_file_ops_compat_inode(r0, 0x0, 0x0) 1.624114573s ago: executing program 1 (id=1955): r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r1 = openat$auto_component_list_fops_(0xffffffffffffff9c, &(0x7f0000001080), 0x0, 0x0) pread64$auto(r1, 0x0, 0x1, 0x401) prctl$auto(0x3e, 0x1, 0x0, 0x400000000000001, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0x2003f2, 0x15) madvise$auto(0x0, 0x200007, 0x19) pread64$auto(0xffffffffffffffff, 0x0, 0x100000002, 0x100000001) mmap$auto(0x0, 0x1, 0x4000000000df, 0xeb1, 0x401, 0x8000) r2 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) socketpair$auto(0x6517, 0xfc, 0x404, 0x0) ioctl$auto_SNDCTL_DSP_SPEED(r2, 0xc0045002, &(0x7f0000000140)="3318cb") ioctl$auto_SNDCTL_DSP_CHANNELS(r2, 0xc0045006, 0x0) write$auto(0x3, 0x0, 0x7fffffff) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) close_range$auto(0x2, 0x8, 0x0) r3 = io_uring_setup$auto(0x6, 0x0) socket(0x15, 0x1, 0x84) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) sendfile$auto(r0, r3, &(0x7f0000000180)=0x13, 0xc5a) openat$auto_msr_fops_msr(0xffffffffffffff9c, &(0x7f0000000000)='/dev/cpu/0/msr\x00', 0xf82, 0x0) pipe$auto(0x0) io_setup$auto(0x5, &(0x7f0000000040)=0x9) unshare$auto(0x40000080) setsockopt$auto(0x3, 0x10000000084, 0x7b, 0x0, 0xd) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x4, 0x0, 0x4, 0x0, 0x5, 0x7}, 0x8}, 0x4000000, 0x4b) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) 1.510450733s ago: executing program 2 (id=1956): mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) madvise$auto(0x110c230000, 0x1, 0x9) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x400008, 0x36, 0x1009b72, 0x2, 0x8000) mprotect$auto(0x0, 0x8000000000000001, 0x8) mmap$auto(0x0, 0xe983, 0x6, 0xeb1, 0xffffffffffffffff, 0x8000) setuid$auto(0x800000000008) madvise$auto(0x0, 0x2003f2, 0x15) madvise$auto(0x0, 0x2003f2, 0x15) madvise$auto(0x0, 0x1010001, 0x100000003) mmap$auto(0x0, 0x2020009, 0xb, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0x23, 0x4, 0xfffffffe) socket(0xa, 0x801, 0x84) ioctl$auto_BINDER_GET_NODE_INFO_FOR_REF(0xffffffffffffffff, 0xc018620c, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_tracing_entries_fops_trace(0xffffffffffffff9c, 0x0, 0x1, 0x0) 1.166752327s ago: executing program 2 (id=1957): mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) madvise$auto(0x110c230000, 0x1, 0x9) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x400008, 0x36, 0x1009b72, 0x2, 0x8000) mprotect$auto(0x0, 0x8000000000000001, 0x8) mmap$auto(0x0, 0xe983, 0x6, 0xeb1, 0xffffffffffffffff, 0x8000) setuid$auto(0x800000000008) madvise$auto(0x0, 0x2003f2, 0x15) madvise$auto(0x0, 0x2003f2, 0x15) madvise$auto(0x0, 0x1010001, 0x100000003) mmap$auto(0x0, 0x2020009, 0xb, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0x23, 0x4, 0xfffffffe) socket(0xa, 0x801, 0x84) ioctl$auto_BINDER_GET_NODE_INFO_FOR_REF(0xffffffffffffffff, 0xc018620c, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_tracing_entries_fops_trace(0xffffffffffffff9c, 0x0, 0x1, 0x0) 915.084151ms ago: executing program 2 (id=1958): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/nullb0\x00', 0x14fa02, 0x0) r1 = socket(0x18, 0x6, 0x6) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x12}}, 0x54) connect$auto(0x3, &(0x7f00000018c0)=@l2tp={0x2, 0x0, @multicast1}, 0x55) sendmmsg$auto(r1, 0x0, 0x9b6, 0xe000) r2 = io_uring_setup$auto(0x401, 0x0) getsockopt$auto(0xffffffffffffffff, 0x3, 0x8, 0x0, 0x0) mmap$auto(0x0, 0x810004, 0x400000000ffb, 0x8000000008011, 0x3, 0x8000) io_uring_setup$auto(0x6, 0x0) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x2082, 0x0) sendfile$auto(0x3, 0x3, 0x0, 0x400000000006) r3 = socket(0x25, 0x5, 0x3) setsockopt$auto(r3, 0x2000000000000116, 0x80, 0xfffffffffffffffd, 0x10004) preadv2$auto(r0, &(0x7f0000000080)={0x0, 0x80000000}, 0x6, 0xffffffffffffffff, 0x4, 0x2e) socket(0xa, 0x5, 0x0) io_uring_setup$auto(0x6, 0x0) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0x6, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'wlan1\x00'}) r4 = socket(0x11, 0x80003, 0x300) setsockopt$auto(r4, 0x107, 0x14, 0x0, 0x4) ioctl$auto_XFS_IOC_READLINK_BY_HANDLE(r2, 0xc038586c, &(0x7f0000000240)={r4, &(0x7f00000000c0)="fbe91af5a9e6b7a23842e927653e1f7d304b6f5825a33298e842d0629839201ae1d40f827d26abfb918fc420ac61aaf8933e", 0x5, &(0x7f0000000140)="54bf442f7ef12eb1c2efa73042ec1fa1be3836fa61855e24cd22b63c4d65351093be4741fb5ae3f9cd", 0x6, &(0x7f0000000180)="7fa5ab5362ed270ea23dfcaed3a2fcab02ccf1561da394394e157c22004854675eb824e7a29346a35b018e64b9f95c963738b5498499151127823aaffa15d819dd9ab6e4ba", &(0x7f0000000200)=0x7fff}) sendmmsg$auto(r4, &(0x7f0000000400)={{&(0x7f0000000000), 0x225aa, &(0x7f0000000100)={0x0, 0x4b}, 0x1, 0x0, 0x5, 0x1060}, 0x5}, 0x2, 0x100) ioctl$auto(0xffffffffffffffff, 0x4b4e, 0xffffffffffffffff) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/system/cpu/cpu0/cache/index2/level\x00', 0x101600, 0x0) 906.824695ms ago: executing program 0 (id=1959): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/nullb0\x00', 0x14fa02, 0x0) r1 = socket(0x2, 0x2, 0x88) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x12}}, 0x54) connect$auto(0x3, &(0x7f00000018c0)=@l2tp={0x2, 0x0, @multicast1}, 0x55) sendmmsg$auto(r1, 0x0, 0x9b6, 0xe000) write$auto(0x3, 0x0, 0x81) io_uring_setup$auto(0x401, 0x0) r2 = getsockopt$auto(0xffffffffffffffff, 0x3, 0x8, 0x0, 0x0) mmap$auto(0x0, 0x810004, 0x400000000ffb, 0x8000000008011, 0x3, 0x8000) io_uring_setup$auto(0x6, 0x0) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x2082, 0x0) sendfile$auto(0x3, 0x3, 0x0, 0x400000000006) r3 = socket(0x25, 0x5, 0x3) setsockopt$auto(r3, 0x2000000000000116, 0x80, 0xfffffffffffffffd, 0x10004) preadv2$auto(r0, &(0x7f0000000080)={0x0, 0x80000000}, 0x6, 0xffffffffffffffff, 0x4, 0x2e) socket(0xa, 0x800, 0x8) io_uring_setup$auto(0x6, 0x0) close_range$auto(0x2, 0x8, 0x0) r4 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) getsockopt$auto_SO_MARK(r2, 0x4, 0x24, &(0x7f00000000c0)='/dev/nullb0\x00', &(0x7f0000000100)=0xe6) ioctl$auto(r4, 0x4b4e, 0xffffffffffffffff) close_range$auto(0x0, 0xfffffffffffff000, 0x2) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/system/cpu/cpu0/cache/index2/level\x00', 0x101600, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r6, &(0x7f0000000200)=""/197, 0xc5) close_range$auto(0x0, 0xfffffffffffff000, 0x2) landlock_create_ruleset$auto(&(0x7f0000000140)={0x81, 0x8000000000001, 0xa}, 0xb, 0x0) landlock_restrict_self$auto(r5, 0x8) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) 0s ago: executing program 0 (id=1960): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)={0x44, r1, 0x1b, 0x74bd26, 0x25dfdbfd, {}, [@OVS_PACKET_ATTR_PROBE={0x4}, @OVS_PACKET_ATTR_ACTIONS={0x14, 0x3, 0x0, 0x1, [@nested={0x10, 0xb, 0x0, 0x1, [@nested={0xc, 0x1, 0x0, 0x1, [@typed={0x8, 0x108, 0x0, 0x0, @ipv4=@private=0xa010102}]}]}]}, @OVS_PACKET_ATTR_PACKET={0x12, 0x1, "8987714800"}, @OVS_PACKET_ATTR_KEY={0x4}]}, 0x44}, 0x1, 0x0, 0x0, 0x4004040}, 0xc800) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000080)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x4000000000007, 0xa505}, 0x800}, 0x4, 0x4008) r2 = socket(0x29, 0x2, 0x0) r3 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200", @ANYBLOB="5de1"], 0x1ac}}, 0x40000) recvmmsg$auto(r3, &(0x7f0000000040)={{0x0, 0x5, 0x0, 0x5, 0x0, 0x200002, 0x13}, 0x803}, 0xfffffff9, 0x10, 0x0) r4 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/kernel/perf_event_max_contexts_per_stack\x00', 0x202, 0x0) sendfile$auto(r4, r4, 0x0, 0x7fffe000) ioctl$auto(r2, 0x8922, 0x24) kernel console output (not intermixed with test programs): R11: 0000000000000246 R12: 0000000000000000 [ 306.781374][ T9760] R13: 00007efc2d216038 R14: 00007ffc76fcb1b0 R15: 00007ffc76fcb298 [ 306.781397][ T9760] [ 308.181561][ T9534] Bluetooth: hci0: unexpected event 0x3e length: 505 > 260 [ 308.181591][ T9534] Bluetooth: hci0: unexpected subevent 0x02 length: 504 > 260 [ 308.197292][ T9534] Bluetooth: hci0: Dropping invalid advertising data [ 308.204549][ T9534] Bluetooth: hci0: unknown advertising packet type: 0xe9 [ 309.076953][ T9809] netlink: 28 bytes leftover after parsing attributes in process `syz.3.808'. [ 310.146938][ T9534] Bluetooth: hci1: unexpected event 0x3e length: 358 > 260 [ 310.146968][ T9534] Bluetooth: hci1: unexpected subevent 0x1b length: 357 > 260 [ 311.188295][ T9870] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 311.194391][ T9870] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 311.255397][ T9870] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 311.311306][ T9870] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 311.334397][ T9870] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 311.372224][ T9870] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 311.391389][ T9870] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 312.772126][ T9916] random: crng reseeded on system resumption [ 313.217481][ T9534] Bluetooth: hci0: command 0x0c1a tx timeout [ 313.297489][ T9534] Bluetooth: hci1: command 0x0c1a tx timeout [ 313.377895][ T9534] Bluetooth: hci3: command 0x0c1a tx timeout [ 313.403585][ T9930] ksmbd: Unknown IPC event: 0, ignore. [ 313.457239][ T9534] Bluetooth: hci2: command 0x0c1a tx timeout [ 315.102376][ T9960] program syz.1.837 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 315.297228][ T9534] Bluetooth: hci0: command 0x0c1a tx timeout [ 315.457212][ T9534] Bluetooth: hci3: command 0x0c1a tx timeout [ 315.538299][ T9534] Bluetooth: hci2: command 0x0c1a tx timeout [ 317.303504][ T9534] Bluetooth: hci3: unexpected event 0x3e length: 505 > 260 [ 317.303535][ T9534] Bluetooth: hci3: unexpected subevent 0x02 length: 504 > 260 [ 317.318785][ T9534] Bluetooth: hci3: Dropping invalid advertising data [ 317.325481][ T9534] Bluetooth: hci3: unknown advertising packet type: 0xe9 [ 317.627401][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.647223][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 320.967830][T10082] [U] 0="/ [ 320.983904][T10082] [U] [ 321.000256][T10082] [U] EeQ@ [ 321.014767][T10080] [U]  [ 322.124684][T10119] input: jJǸ-9%vJ86 as /devices/virtual/input/input18 [ 322.873284][T10132] Invalid ELF header magic: != ELF [ 324.036126][T10155] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 324.059730][T10155] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 324.091836][T10155] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 324.127806][T10155] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 324.896761][T10187] FAULT_INJECTION: forcing a failure. [ 324.896761][T10187] name failslab, interval 1, probability 0, space 0, times 0 [ 324.961610][T10187] CPU: 0 UID: 0 PID: 10187 Comm: syz.1.886 Tainted: G L syzkaller #0 PREEMPT(full) [ 324.961643][T10187] Tainted: [L]=SOFTLOCKUP [ 324.961651][T10187] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 324.961663][T10187] Call Trace: [ 324.961670][T10187] [ 324.961677][T10187] dump_stack_lvl+0x100/0x190 [ 324.961710][T10187] should_fail_ex.cold+0x5/0xa [ 324.961734][T10187] should_failslab+0xc2/0x120 [ 324.961756][T10187] __kmalloc_cache_noprof+0x7a/0x6f0 [ 324.961781][T10187] ? snd_pcm_oss_change_params_locked+0x247/0x39f0 [ 324.961812][T10187] snd_pcm_oss_change_params_locked+0x247/0x39f0 [ 324.961847][T10187] ? __mutex_lock+0x26a/0x1b90 [ 324.961868][T10187] ? snd_pcm_oss_sync+0x243/0x840 [ 324.961892][T10187] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 324.961920][T10187] ? __pfx___mutex_lock+0x10/0x10 [ 324.961944][T10187] ? __fsnotify_parent+0x2b4/0xca0 [ 324.961970][T10187] snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 324.961997][T10187] snd_pcm_oss_sync+0x265/0x840 [ 324.962025][T10187] snd_pcm_oss_release+0x238/0x300 [ 324.962051][T10187] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 324.962084][T10187] __fput+0x3ff/0xb40 [ 324.962111][T10187] task_work_run+0x150/0x240 [ 324.962145][T10187] ? __pfx_task_work_run+0x10/0x10 [ 324.962183][T10187] exit_to_user_mode_loop+0x100/0x4a0 [ 324.962212][T10187] do_syscall_64+0x668/0xf80 [ 324.962229][T10187] ? clear_bhb_loop+0x40/0x90 [ 324.962252][T10187] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 324.962270][T10187] RIP: 0033:0x7efc2cf9c819 [ 324.962285][T10187] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 324.962303][T10187] RSP: 002b:00007efc2de9e028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 324.962321][T10187] RAX: 0000000000000000 RBX: 00007efc2d215fa0 RCX: 00007efc2cf9c819 [ 324.962331][T10187] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 324.962341][T10187] RBP: 00007efc2d032c91 R08: 0000000000000000 R09: 0000000000000000 [ 324.962352][T10187] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 324.962362][T10187] R13: 00007efc2d216038 R14: 00007efc2d215fa0 R15: 00007ffc76fcb298 [ 324.962385][T10187] [ 325.194105][T10210] FAULT_INJECTION: forcing a failure. [ 325.194105][T10210] name failslab, interval 1, probability 0, space 0, times 0 [ 325.207041][T10210] CPU: 0 UID: 0 PID: 10210 Comm: syz.1.886 Tainted: G L syzkaller #0 PREEMPT(full) [ 325.207071][T10210] Tainted: [L]=SOFTLOCKUP [ 325.207083][T10210] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 325.207094][T10210] Call Trace: [ 325.207101][T10210] [ 325.207108][T10210] dump_stack_lvl+0x100/0x190 [ 325.207157][T10210] should_fail_ex.cold+0x5/0xa [ 325.207180][T10210] should_failslab+0xc2/0x120 [ 325.207202][T10210] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 325.207232][T10210] ? __d_alloc+0x34/0xa80 [ 325.207259][T10210] __d_alloc+0x34/0xa80 [ 325.207283][T10210] d_alloc_parallel+0x111/0x14e0 [ 325.207318][T10210] ? find_held_lock+0x2b/0x80 [ 325.207336][T10210] ? __d_lookup+0x25c/0x4a0 [ 325.207363][T10210] ? __pfx_d_alloc_parallel+0x10/0x10 [ 325.207393][T10210] ? __d_lookup+0x266/0x4a0 [ 325.207425][T10210] lookup_open.isra.0+0x57c/0x11b0 [ 325.207458][T10210] ? __pfx_lookup_open.isra.0+0x10/0x10 [ 325.207500][T10210] ? lookup_fast+0x2da/0x600 [ 325.207530][T10210] path_openat+0xa98/0x31a0 [ 325.207557][T10210] ? __pfx_path_openat+0x10/0x10 [ 325.207586][T10210] do_file_open+0x20e/0x430 [ 325.207608][T10210] ? __pfx_do_file_open+0x10/0x10 [ 325.207645][T10210] ? alloc_fd+0x476/0x790 [ 325.207667][T10210] ? do_getname+0x191/0x390 [ 325.207694][T10210] do_sys_openat2+0x10d/0x1e0 [ 325.207720][T10210] ? __pfx_do_sys_openat2+0x10/0x10 [ 325.207754][T10210] __x64_sys_openat+0x12d/0x210 [ 325.207780][T10210] ? __pfx___x64_sys_openat+0x10/0x10 [ 325.207815][T10210] do_syscall_64+0x106/0xf80 [ 325.207833][T10210] ? clear_bhb_loop+0x40/0x90 [ 325.207855][T10210] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 325.207874][T10210] RIP: 0033:0x7efc2cf9c819 [ 325.207891][T10210] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 325.207909][T10210] RSP: 002b:00007efc2de7d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 325.207929][T10210] RAX: ffffffffffffffda RBX: 00007efc2d216090 RCX: 00007efc2cf9c819 [ 325.207941][T10210] RDX: 0000000000101000 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 325.207952][T10210] RBP: 00007efc2d032c91 R08: 0000000000000000 R09: 0000000000000000 [ 325.207963][T10210] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 325.207973][T10210] R13: 00007efc2d216128 R14: 00007efc2d216090 R15: 00007ffc76fcb298 [ 325.207997][T10210] [ 325.447537][T10175] cgroup: fork rejected by pids controller in /syz3 [ 326.099868][ T9534] Bluetooth: hci3: command 0x0c1a tx timeout [ 326.106339][ T9534] Bluetooth: hci1: command 0x0c1a tx timeout [ 326.113166][ T9534] Bluetooth: hci0: command 0x0c1a tx timeout [ 326.164265][T10262] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 326.173811][T10262] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 326.185509][ T8277] Bluetooth: hci2: command 0x0c1a tx timeout [ 326.200210][T10262] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 326.258371][T10262] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 326.815252][T10302] Setting dangerous option i915.mitigations - tainting kernel [ 326.878183][T10302] Bad "i915.mitigations=CmâUQF\ ", 'CmâUQF\' is unknown [ 327.321890][T10313] openvswitch: netlink: Key 15 has unexpected len 16 expected 4 [ 327.484585][T10316] serio: Serial port pty6 [ 328.258105][ T9534] Bluetooth: hci1: command 0x0c1a tx timeout [ 328.264429][ T9534] Bluetooth: hci0: command 0x0c1a tx timeout [ 328.270931][ T8277] Bluetooth: hci3: command 0x0c1a tx timeout [ 328.337315][T10343] Bluetooth: hci2: command 0x0c1a tx timeout [ 329.717462][T10380] netlink: 116 bytes leftover after parsing attributes in process `syz.3.913'. [ 329.870275][T10380] netlink: 8 bytes leftover after parsing attributes in process `syz.3.913'. [ 330.765065][T10365] futex_wake_op: syz.0.909 tries to shift op by -2048; fix this program [ 333.251372][T10448] bond0: invalid ARP target specified [ 333.393432][T10451] syz.2.921(10451): Attempt to set a LOCK_MAND lock via flock(2). This support has been removed and the request ignored. [ 334.668183][T10473] ICMPv6: process `syz.1.927' is using deprecated sysctl (syscall) net.ipv6.neigh.wg1.retrans_time - use net.ipv6.neigh.wg1.retrans_time_ms instead [ 337.857567][T10343] Bluetooth: hci0: command 0x0c1a tx timeout [ 337.864409][T10509] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 338.697897][T10509] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 338.731791][T10509] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 338.791282][T10509] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 338.975517][T10553] kexec: Could not allocate control_code_buffer [ 339.679454][T10587] random: crng reseeded on system resumption [ 339.940683][T10343] Bluetooth: hci1: command 0x0c1a tx timeout [ 340.339398][T10601] netlink: 28 bytes leftover after parsing attributes in process `syz.1.955'. [ 340.448535][T10601] bridge0: port 2(bridge_slave_1) entered disabled state [ 340.559035][T10601] bridge_slave_1 (unregistering): left allmulticast mode [ 340.623947][T10601] bridge_slave_1 (unregistering): left promiscuous mode [ 340.710171][T10601] bridge0: port 2(bridge_slave_1) entered disabled state [ 340.737292][T10343] Bluetooth: hci3: command 0x0c1a tx timeout [ 340.819003][T10343] Bluetooth: hci2: command 0x0c1a tx timeout [ 342.741908][T10648] No such timeout policy "" [ 342.746759][T10648] netlink: Failed to associated timeout policy '' [ 344.364921][T10685] cgroup: fork rejected by pids controller in /syz2 [ 346.107572][T10801] netlink: 28 bytes leftover after parsing attributes in process `syz.0.987'. [ 347.654073][T10832] netlink: 28 bytes leftover after parsing attributes in process `syz.1.993'. [ 347.980192][T10840] QAT: Stopping all acceleration devices. [ 348.154268][T10849] netlink: 28 bytes leftover after parsing attributes in process `syz.3.996'. [ 348.233277][T10849] bridge0: port 2(bridge_slave_1) entered disabled state [ 348.266246][T10849] bridge_slave_1 (unregistering): left allmulticast mode [ 348.298944][T10849] bridge_slave_1 (unregistering): left promiscuous mode [ 348.333379][T10849] bridge0: port 2(bridge_slave_1) entered disabled state [ 349.226609][T10875] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1000'. [ 350.705301][T10900] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 350.726488][T10900] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 350.766384][T10900] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 350.810879][T10900] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 350.929586][T10910] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1008'. [ 352.160721][ T30] audit: type=1800 audit(1775319637.330:12): pid=10943 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1017" name="file0" dev="tmpfs" ino=1451 res=0 errno=0 [ 352.651450][T10951] QAT: Stopping all acceleration devices. [ 352.737823][ T8270] Bluetooth: hci0: command 0x0c1a tx timeout [ 352.744032][T10343] Bluetooth: hci1: command 0x0c1a tx timeout [ 352.824423][T10343] Bluetooth: hci2: command 0x0c1a tx timeout [ 352.830678][ T8270] Bluetooth: hci3: command 0x0c1a tx timeout [ 353.335964][T10959] netlink: 25 bytes leftover after parsing attributes in process `syz.1.1020'. [ 356.258160][T10343] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 359.476915][T11056] FAULT_INJECTION: forcing a failure. [ 359.476915][T11056] name failslab, interval 1, probability 0, space 0, times 0 [ 359.609243][T11056] CPU: 0 UID: 0 PID: 11056 Comm: syz.2.1041 Tainted: G U L syzkaller #0 PREEMPT(full) [ 359.609278][T11056] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 359.609285][T11056] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 359.609296][T11056] Call Trace: [ 359.609302][T11056] [ 359.609310][T11056] dump_stack_lvl+0x100/0x190 [ 359.609345][T11056] should_fail_ex.cold+0x5/0xa [ 359.609374][T11056] should_failslab+0xc2/0x120 [ 359.609395][T11056] __kmalloc_node_track_caller_noprof+0xe3/0x850 [ 359.609414][T11056] ? kstrdup_const+0x63/0x80 [ 359.609436][T11056] kstrdup+0x51/0xe0 [ 359.609455][T11056] kstrdup_const+0x63/0x80 [ 359.609472][T11056] __kernfs_new_node+0x9b/0x960 [ 359.609504][T11056] ? __pfx___kernfs_new_node+0x10/0x10 [ 359.609536][T11056] ? find_held_lock+0x2b/0x80 [ 359.609554][T11056] ? kernfs_root+0xee/0x2a0 [ 359.609580][T11056] ? kernfs_root+0xee/0x2a0 [ 359.609611][T11056] kernfs_new_node+0x11b/0x1a0 [ 359.609633][T11056] __kernfs_create_file+0x53/0x350 [ 359.609659][T11056] cgroup_addrm_files+0x4d8/0xb90 [ 359.609698][T11056] ? __pfx_cgroup_addrm_files+0x10/0x10 [ 359.609728][T11056] ? __pfx___xa_store+0x10/0x10 [ 359.609757][T11056] ? do_raw_spin_unlock+0x145/0x1e0 [ 359.609789][T11056] css_populate_dir+0x161/0x590 [ 359.609815][T11056] cgroup_apply_control_enable+0x40a/0xbd0 [ 359.609853][T11056] cgroup_mkdir+0x57f/0x1330 [ 359.609874][T11056] ? __pfx_cgroup_mkdir+0x10/0x10 [ 359.609892][T11056] kernfs_iop_mkdir+0x111/0x190 [ 359.609909][T11056] ? bpf_lsm_inode_mkdir+0x9/0x10 [ 359.609938][T11056] vfs_mkdir+0x361/0x850 [ 359.609968][T11056] filename_mkdirat+0x48b/0x5e0 [ 359.609992][T11056] ? __pfx_filename_mkdirat+0x10/0x10 [ 359.610014][T11056] ? strncpy_from_user+0x19d/0x2d0 [ 359.610040][T11056] ? do_getname+0x191/0x390 [ 359.610065][T11056] __x64_sys_mkdir+0x6b/0x90 [ 359.610087][T11056] do_syscall_64+0x106/0xf80 [ 359.610105][T11056] ? clear_bhb_loop+0x40/0x90 [ 359.610127][T11056] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 359.610146][T11056] RIP: 0033:0x7ffbc2d9c819 [ 359.610162][T11056] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 359.610180][T11056] RSP: 002b:00007ffbc3c33028 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 359.610202][T11056] RAX: ffffffffffffffda RBX: 00007ffbc3016090 RCX: 00007ffbc2d9c819 [ 359.610214][T11056] RDX: 0000000000000000 RSI: 00000000000008cd RDI: 0000200000000000 [ 359.610225][T11056] RBP: 00007ffbc2e32c91 R08: 0000000000000000 R09: 0000000000000000 [ 359.610235][T11056] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 359.610246][T11056] R13: 00007ffbc3016128 R14: 00007ffbc3016090 R15: 00007ffe676948e8 [ 359.610269][T11056] [ 359.610331][T11056] cgroup: cgroup_addrm_files: failed to add cgroup.event_control, err=-12 [ 360.924171][T11113] Invalid ELF header magic: != ELF [ 362.632468][T11199] Page cache invalidation failure on direct I/O. Possible data corruption due to collision with buffered I/O! [ 362.721722][T11207] futex_wake_op: syz.0.1049 tries to shift op by -2048; fix this program [ 362.773199][T11199] File: /dev/nullb0 PID: 11199 Comm: syz.2.1047 [ 363.336460][T11213] Invalid ELF header magic: != ELF [ 365.077428][T11255] netlink: 334 bytes leftover after parsing attributes in process `syz.1.1059'. [ 367.261569][ T8270] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 367.271101][ T8270] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 367.279545][ T8270] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 367.287555][ T8270] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 367.303546][ T8270] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 367.885544][T11288] Invalid ELF header magic: != ELF [ 368.615516][T11280] chnl_net:caif_netlink_parms(): no params data found [ 368.628573][T11299] FAULT_INJECTION: forcing a failure. [ 368.628573][T11299] name failslab, interval 1, probability 0, space 0, times 0 [ 368.697225][T11299] CPU: 0 UID: 0 PID: 11299 Comm: syz.1.1068 Tainted: G U L syzkaller #0 PREEMPT(full) [ 368.697259][T11299] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 368.697266][T11299] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 368.697277][T11299] Call Trace: [ 368.697283][T11299] [ 368.697291][T11299] dump_stack_lvl+0x100/0x190 [ 368.697324][T11299] should_fail_ex.cold+0x5/0xa [ 368.697347][T11299] should_failslab+0xc2/0x120 [ 368.697369][T11299] __kmalloc_cache_noprof+0x7a/0x6f0 [ 368.697394][T11299] ? snd_timer_instance_new+0x47/0x2e0 [ 368.697423][T11299] snd_timer_instance_new+0x47/0x2e0 [ 368.697448][T11299] snd_seq_timer_open+0x1d4/0x600 [ 368.697469][T11299] ? __pfx_snd_seq_timer_open+0x10/0x10 [ 368.697493][T11299] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 368.697523][T11299] ? lockdep_hardirqs_on+0x78/0x100 [ 368.697541][T11299] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 368.697573][T11299] queue_use+0xdc/0x1f0 [ 368.697599][T11299] snd_seq_queue_alloc+0x2e5/0x590 [ 368.697628][T11299] snd_seq_ioctl_create_queue+0xa9/0x370 [ 368.697650][T11299] call_seq_client_ctl+0xa3/0x130 [ 368.697671][T11299] snd_seq_kernel_client_ctl+0x77/0xd0 [ 368.697694][T11299] alloc_seq_queue+0xdb/0x180 [ 368.697715][T11299] ? __pfx_alloc_seq_queue+0x10/0x10 [ 368.697748][T11299] ? mark_held_locks+0x40/0x70 [ 368.697772][T11299] ? _raw_spin_unlock_irq+0x23/0x50 [ 368.697799][T11299] ? lockdep_hardirqs_on+0x78/0x100 [ 368.697819][T11299] snd_seq_oss_open+0x2b2/0xa10 [ 368.697846][T11299] odev_open+0x79/0xc0 [ 368.697864][T11299] ? __pfx_odev_open+0x10/0x10 [ 368.697884][T11299] soundcore_open+0x2e3/0x5a0 [ 368.697907][T11299] ? __pfx_soundcore_open+0x10/0x10 [ 368.697928][T11299] chrdev_open+0x234/0x6a0 [ 368.697947][T11299] ? __pfx_apparmor_file_open+0x10/0x10 [ 368.697968][T11299] ? __pfx_chrdev_open+0x10/0x10 [ 368.697989][T11299] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 368.698015][T11299] do_dentry_open+0x6d8/0x1660 [ 368.698034][T11299] ? __pfx_chrdev_open+0x10/0x10 [ 368.698059][T11299] vfs_open+0x82/0x3f0 [ 368.698086][T11299] path_openat+0x208c/0x31a0 [ 368.698121][T11299] ? __pfx_path_openat+0x10/0x10 [ 368.698150][T11299] do_file_open+0x20e/0x430 [ 368.698171][T11299] ? __pfx_do_file_open+0x10/0x10 [ 368.698207][T11299] ? alloc_fd+0x476/0x790 [ 368.698228][T11299] ? do_getname+0x191/0x390 [ 368.698255][T11299] do_sys_openat2+0x10d/0x1e0 [ 368.698281][T11299] ? __pfx_do_sys_openat2+0x10/0x10 [ 368.698309][T11299] ? __fget_files+0x21f/0x3d0 [ 368.698332][T11299] __x64_sys_openat+0x12d/0x210 [ 368.698358][T11299] ? __pfx___x64_sys_openat+0x10/0x10 [ 368.698392][T11299] do_syscall_64+0x106/0xf80 [ 368.698411][T11299] ? clear_bhb_loop+0x40/0x90 [ 368.698433][T11299] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 368.698452][T11299] RIP: 0033:0x7efc2cf9c819 [ 368.698468][T11299] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 368.698485][T11299] RSP: 002b:00007efc2de9e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 368.698503][T11299] RAX: ffffffffffffffda RBX: 00007efc2d215fa0 RCX: 00007efc2cf9c819 [ 368.698515][T11299] RDX: 0000000000000001 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 368.698525][T11299] RBP: 00007efc2d032c91 R08: 0000000000000000 R09: 0000000000000000 [ 368.698535][T11299] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 368.698545][T11299] R13: 00007efc2d216038 R14: 00007efc2d215fa0 R15: 00007ffc76fcb298 [ 368.698568][T11299] [ 369.537369][ T8270] Bluetooth: hci4: command tx timeout [ 370.359143][T11304] netlink: 334 bytes leftover after parsing attributes in process `syz.2.1069'. [ 370.377931][T11280] bridge0: port 1(bridge_slave_0) entered blocking state [ 370.385141][T11280] bridge0: port 1(bridge_slave_0) entered disabled state [ 370.427566][T11280] bridge_slave_0: entered allmulticast mode [ 370.451949][T11280] bridge_slave_0: entered promiscuous mode [ 370.512914][T11280] bridge0: port 2(bridge_slave_1) entered blocking state [ 370.613502][T11280] bridge0: port 2(bridge_slave_1) entered disabled state [ 370.649991][T11280] bridge_slave_1: entered allmulticast mode [ 370.694914][T11280] bridge_slave_1: entered promiscuous mode [ 370.858086][T11280] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 370.923633][T11280] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 371.154074][T11280] team0: Port device team_slave_0 added [ 371.196169][T11280] team0: Port device team_slave_1 added [ 371.359978][T11280] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 371.383976][T11280] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 371.499568][T11280] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 371.628115][T10343] Bluetooth: hci4: command tx timeout [ 371.654687][T11280] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 371.673403][T11280] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 371.737114][T11280] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 372.236790][T11280] hsr_slave_0: entered promiscuous mode [ 372.274638][T11280] hsr_slave_1: entered promiscuous mode [ 372.302234][T11280] debugfs: 'hsr0' already exists in 'hsr' [ 372.322556][T11280] Cannot create hsr debugfs directory [ 372.426552][T11336] smpboot: Booting Node 0 Processor 1 APIC 0x1 [ 372.514673][T11338] smpboot: CPU 1 is now offline [ 373.700384][T10343] Bluetooth: hci4: command tx timeout [ 373.736398][T11357] Invalid ELF header magic: != ELF [ 373.940627][ T8266] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 374.019588][T11356] Invalid ELF header magic: != ELF [ 374.148525][ T8266] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 374.466360][ T8266] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 374.758127][ T8266] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 374.909074][T11280] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 374.984931][T11374] FAULT_INJECTION: forcing a failure. [ 374.984931][T11374] name failslab, interval 1, probability 0, space 0, times 0 [ 375.065276][T11374] CPU: 0 UID: 0 PID: 11374 Comm: syz.1.1083 Tainted: G U L syzkaller #0 PREEMPT(full) [ 375.065309][T11374] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 375.065316][T11374] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 375.065326][T11374] Call Trace: [ 375.065332][T11374] [ 375.065340][T11374] dump_stack_lvl+0x100/0x190 [ 375.065372][T11374] should_fail_ex.cold+0x5/0xa [ 375.065394][T11374] ? ima_alloc_init_template+0xb6/0x6d0 [ 375.065417][T11374] should_failslab+0xc2/0x120 [ 375.065439][T11374] __kmalloc_noprof+0xe0/0x850 [ 375.065466][T11374] ? find_held_lock+0x2b/0x80 [ 375.065485][T11374] ? take_dentry_name_snapshot+0x30b/0x7c0 [ 375.065514][T11374] ima_alloc_init_template+0xb6/0x6d0 [ 375.065537][T11374] ? take_dentry_name_snapshot+0x310/0x7c0 [ 375.065574][T11374] ima_store_measurement+0x1e3/0x5b0 [ 375.065597][T11374] ? __pfx_ima_store_measurement+0x10/0x10 [ 375.065628][T11374] ? __pfx_ima_get_hash_algo+0x10/0x10 [ 375.065663][T11374] process_measurement+0x19cc/0x2350 [ 375.065689][T11374] ? stack_trace_save+0x8e/0xc0 [ 375.065709][T11374] ? __pfx_process_measurement+0x10/0x10 [ 375.065729][T11374] ? __lock_acquire+0x4a5/0x2630 [ 375.065753][T11374] ? __kasan_slab_alloc+0x89/0x90 [ 375.065772][T11374] ? kmem_cache_alloc_noprof+0x241/0x6e0 [ 375.065800][T11374] ? init_file+0x95/0x480 [ 375.065820][T11374] ? alloc_empty_file+0x73/0x1c0 [ 375.065842][T11374] ? alloc_file_pseudo+0x13a/0x230 [ 375.065865][T11374] ? ksys_mmap_pgoff+0x232/0x650 [ 375.065883][T11374] ? __x64_sys_mmap+0x125/0x190 [ 375.065909][T11374] ? do_syscall_64+0x106/0xf80 [ 375.065948][T11374] ? __pfx_aa_file_perm+0x10/0x10 [ 375.065981][T11374] ima_file_mmap+0x1c4/0x1f0 [ 375.066000][T11374] ? __pfx_ima_file_mmap+0x10/0x10 [ 375.066032][T11374] security_mmap_file+0x278/0x9b0 [ 375.066058][T11374] vm_mmap_pgoff+0xec/0x470 [ 375.066083][T11374] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 375.066104][T11374] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 375.066130][T11374] ? hugetlbfs_get_inode+0x36e/0x750 [ 375.066159][T11374] ksys_mmap_pgoff+0x273/0x650 [ 375.066181][T11374] ? __x64_sys_futex+0x358/0x4d0 [ 375.066206][T11374] ? __pfx_ksys_mmap_pgoff+0x10/0x10 [ 375.066227][T11374] ? xfd_validate_state+0x129/0x190 [ 375.066257][T11374] __x64_sys_mmap+0x125/0x190 [ 375.066287][T11374] do_syscall_64+0x106/0xf80 [ 375.066309][T11374] ? clear_bhb_loop+0x40/0x90 [ 375.066332][T11374] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 375.066351][T11374] RIP: 0033:0x7efc2cf9c819 [ 375.066367][T11374] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 375.066384][T11374] RSP: 002b:00007efc2de9e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 375.066403][T11374] RAX: ffffffffffffffda RBX: 00007efc2d215fa0 RCX: 00007efc2cf9c819 [ 375.066414][T11374] RDX: 0000000000000fff RSI: 0000000000000005 RDI: 0000000000000000 [ 375.066425][T11374] RBP: 00007efc2d032c91 R08: 0000000000010006 R09: 0000300000000000 [ 375.066436][T11374] R10: 0000000000044eb2 R11: 0000000000000246 R12: 0000000000000000 [ 375.066446][T11374] R13: 00007efc2d216038 R14: 00007efc2d215fa0 R15: 00007ffc76fcb298 [ 375.066470][T11374] [ 375.830879][T11280] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 375.847422][T10343] Bluetooth: hci4: command tx timeout [ 375.867194][ T30] audit: type=1804 audit(1775319660.920:13): pid=11374 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=add_template_measure cause=ENOMEM comm="syz.1.1083" name="anon_hugepage" dev="hugetlbfs" ino=36151 res=0 errno=0 [ 376.368519][T11280] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 376.403488][ T8266] bridge_slave_0: left allmulticast mode [ 376.421306][ T8266] bridge_slave_0: left promiscuous mode [ 376.429170][ T8266] bridge0: port 1(bridge_slave_0) entered disabled state [ 376.804207][ T8266] bond0 (unregistering): (slave ): Releasing backup interface [ 376.822459][ T8266] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 376.844769][ T8266] bond0 (unregistering): Released all slaves [ 376.873668][T11280] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 378.030307][T11280] 8021q: adding VLAN 0 to HW filter on device bond0 [ 378.465398][T11280] 8021q: adding VLAN 0 to HW filter on device team0 [ 378.675979][ T8266] hsr_slave_0: left promiscuous mode [ 378.718929][ T8266] hsr_slave_1: left promiscuous mode [ 378.728179][ T8266] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 378.756007][ T8266] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 378.797867][ T8266] veth1_macvtap: left promiscuous mode [ 378.803556][ T8266] veth0_macvtap: left promiscuous mode [ 379.064651][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 379.071078][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 379.193539][ T8266] team0 (unregistering): Port device team_slave_1 removed [ 379.230424][ T8266] team0 (unregistering): Port device team_slave_0 removed [ 379.482799][T10282] bridge0: port 1(bridge_slave_0) entered blocking state [ 379.490015][T10282] bridge0: port 1(bridge_slave_0) entered forwarding state [ 379.562472][T10282] bridge0: port 2(bridge_slave_1) entered blocking state [ 379.569780][T10282] bridge0: port 2(bridge_slave_1) entered forwarding state [ 380.829598][T11475] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input20 [ 381.010785][T11280] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 382.318558][T11280] veth0_vlan: entered promiscuous mode [ 382.432927][T11280] veth1_vlan: entered promiscuous mode [ 382.979737][T11280] veth0_macvtap: entered promiscuous mode [ 383.017394][T11280] veth1_macvtap: entered promiscuous mode [ 383.134299][T11280] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 383.279680][T11280] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 383.327245][ T8266] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 383.336122][ T8266] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 383.399428][ T8266] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 383.484246][ T8266] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 383.689746][T11530] FAULT_INJECTION: forcing a failure. [ 383.689746][T11530] name failslab, interval 1, probability 0, space 0, times 0 [ 383.871567][T11530] CPU: 0 UID: 0 PID: 11530 Comm: syz.2.1102 Tainted: G U L syzkaller #0 PREEMPT(full) [ 383.871601][T11530] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 383.871608][T11530] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 383.871619][T11530] Call Trace: [ 383.871625][T11530] [ 383.871632][T11530] dump_stack_lvl+0x100/0x190 [ 383.871666][T11530] should_fail_ex.cold+0x5/0xa [ 383.871689][T11530] should_failslab+0xc2/0x120 [ 383.871711][T11530] __kmalloc_cache_noprof+0x7a/0x6f0 [ 383.871738][T11530] ? ima_d_path+0xc9/0x260 [ 383.871758][T11530] ? xattr_resolve_name+0x27d/0x3f0 [ 383.871780][T11530] ima_d_path+0xc9/0x260 [ 383.871802][T11530] ? __pfx_ima_d_path+0x10/0x10 [ 383.871827][T11530] ? __pfx_ima_get_hash_algo+0x10/0x10 [ 383.871862][T11530] process_measurement+0x1b25/0x2350 [ 383.871885][T11530] ? stack_trace_save+0x8e/0xc0 [ 383.871905][T11530] ? __pfx_process_measurement+0x10/0x10 [ 383.871925][T11530] ? __lock_acquire+0x4a5/0x2630 [ 383.871949][T11530] ? __kasan_slab_alloc+0x89/0x90 [ 383.871967][T11530] ? kmem_cache_alloc_noprof+0x241/0x6e0 [ 383.871995][T11530] ? init_file+0x95/0x480 [ 383.872015][T11530] ? alloc_empty_file+0x73/0x1c0 [ 383.872037][T11530] ? alloc_file_pseudo+0x13a/0x230 [ 383.872067][T11530] ? ksys_mmap_pgoff+0x232/0x650 [ 383.872086][T11530] ? __x64_sys_mmap+0x125/0x190 [ 383.872112][T11530] ? do_syscall_64+0x106/0xf80 [ 383.872151][T11530] ? __pfx_aa_file_perm+0x10/0x10 [ 383.872187][T11530] ima_file_mmap+0x1c4/0x1f0 [ 383.872208][T11530] ? __pfx_ima_file_mmap+0x10/0x10 [ 383.872233][T11530] security_mmap_file+0x278/0x9b0 [ 383.872259][T11530] vm_mmap_pgoff+0xec/0x470 [ 383.872284][T11530] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 383.872304][T11530] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 383.872329][T11530] ? hugetlbfs_get_inode+0x36e/0x750 [ 383.872357][T11530] ksys_mmap_pgoff+0x273/0x650 [ 383.872378][T11530] ? __x64_sys_futex+0x358/0x4d0 [ 383.872403][T11530] ? __pfx_ksys_mmap_pgoff+0x10/0x10 [ 383.872424][T11530] ? xfd_validate_state+0x129/0x190 [ 383.872454][T11530] __x64_sys_mmap+0x125/0x190 [ 383.872484][T11530] do_syscall_64+0x106/0xf80 [ 383.872501][T11530] ? clear_bhb_loop+0x40/0x90 [ 383.872524][T11530] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 383.872543][T11530] RIP: 0033:0x7ffbc2d9c819 [ 383.872559][T11530] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 383.872577][T11530] RSP: 002b:00007ffbc3c54028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 383.872600][T11530] RAX: ffffffffffffffda RBX: 00007ffbc3015fa0 RCX: 00007ffbc2d9c819 [ 383.872612][T11530] RDX: 0000000000000fff RSI: 0000000000000005 RDI: 0000000000000000 [ 383.872622][T11530] RBP: 00007ffbc2e32c91 R08: 0000000000010006 R09: 0000300000000000 [ 383.872633][T11530] R10: 0000000000044eb2 R11: 0000000000000246 R12: 0000000000000000 [ 383.872644][T11530] R13: 00007ffbc3016038 R14: 00007ffbc3015fa0 R15: 00007ffe676948e8 [ 383.872667][T11530] [ 385.233558][T10282] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 385.244254][T10282] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 385.438480][ T9223] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 385.460246][ T9223] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 385.878446][T11557] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 385.947205][ T30] audit: type=1804 audit(1775319671.100:14): pid=11557 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.4.1064" name="/newroot/sys/kernel/debug/tracing/events/vmalloc/alloc_vmap_area/filter" dev="tracefs" ino=19680823 res=1 errno=0 [ 386.490802][T11569] smpboot: Booting Node 0 Processor 1 APIC 0x1 [ 387.252485][T11588] delete_channel: no stack [ 387.526621][T11593] can: request_module (can-proto-0) failed. [ 387.810401][T11603] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 387.998035][T11608] FAULT_INJECTION: forcing a failure. [ 387.998035][T11608] name failslab, interval 1, probability 0, space 0, times 0 [ 388.033836][T11608] CPU: 1 UID: 0 PID: 11608 Comm: syz.1.1118 Tainted: G U L syzkaller #0 PREEMPT(full) [ 388.033892][T11608] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 388.033904][T11608] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 388.033922][T11608] Call Trace: [ 388.033933][T11608] [ 388.033945][T11608] dump_stack_lvl+0x100/0x190 [ 388.034003][T11608] should_fail_ex.cold+0x5/0xa [ 388.034041][T11608] should_failslab+0xc2/0x120 [ 388.034077][T11608] __kmalloc_cache_noprof+0x7a/0x6f0 [ 388.034120][T11608] ? tipc_sub_subscribe+0x15c/0x730 [ 388.034172][T11608] ? find_held_lock+0x2b/0x80 [ 388.034209][T11608] tipc_sub_subscribe+0x15c/0x730 [ 388.034274][T11608] tipc_conn_rcv_sub+0x21e/0x3d0 [ 388.034325][T11608] tipc_topsrv_kern_subscr+0x20b/0x3c0 [ 388.034377][T11608] ? __pfx_tipc_topsrv_kern_subscr+0x10/0x10 [ 388.034430][T11608] ? net_generic+0xea/0x2a0 [ 388.034487][T11608] tipc_group_create+0x4ab/0x660 [ 388.034544][T11608] tipc_setsockopt+0x611/0xe30 [ 388.034584][T11608] ? __pfx_tipc_setsockopt+0x10/0x10 [ 388.034638][T11608] ? __pfx_tipc_setsockopt+0x10/0x10 [ 388.034678][T11608] do_sock_setsockopt+0xf3/0x1d0 [ 388.034720][T11608] __sys_setsockopt+0x119/0x190 [ 388.034778][T11608] __x64_sys_setsockopt+0xbd/0x160 [ 388.034824][T11608] ? do_syscall_64+0x95/0xf80 [ 388.034854][T11608] ? lockdep_hardirqs_on+0x78/0x100 [ 388.034886][T11608] do_syscall_64+0x106/0xf80 [ 388.034915][T11608] ? clear_bhb_loop+0x40/0x90 [ 388.034953][T11608] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 388.034985][T11608] RIP: 0033:0x7efc2cf9c819 [ 388.035011][T11608] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 388.035041][T11608] RSP: 002b:00007efc2de9e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 388.035073][T11608] RAX: ffffffffffffffda RBX: 00007efc2d215fa0 RCX: 00007efc2cf9c819 [ 388.035094][T11608] RDX: 0000000000000087 RSI: 000000000000010f RDI: 0000000000000003 [ 388.035113][T11608] RBP: 00007efc2d032c91 R08: 0000000000000014 R09: 0000000000000000 [ 388.035132][T11608] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 388.035150][T11608] R13: 00007efc2d216038 R14: 00007efc2d215fa0 R15: 00007ffc76fcb298 [ 388.035192][T11608] [ 388.087294][T11608] tipc: Subscription rejected, no memory [ 388.289155][T11607] [U] [ 389.678519][T11630] [U] [ 389.710747][T11630] mtrr: base(0xe00000) is not aligned on a size(0x4000000000) boundary [ 389.757876][T11640] netlink: 'syz.4.1124': attribute type 2 has an invalid length. [ 390.680715][T11663] vivid-007: ================= START STATUS ================= [ 390.737760][T11663] vivid-007: Generate PTS: true [ 390.743007][T11663] vivid-007: Generate SCR: true [ 390.799608][T11663] tpg source WxH: 320x240 (Y'CbCr) [ 390.804817][T11663] tpg field: 1 [ 390.808311][T11663] tpg crop: (0,0)/320x240 [ 390.812680][T11663] tpg compose: (0,0)/320x240 [ 390.817629][T11663] tpg colorspace: 8 [ 390.821476][T11663] tpg transfer function: 0/0 [ 390.827984][T11663] tpg Y'CbCr encoding: 0/0 [ 390.832552][T11663] tpg quantization: 0/0 [ 390.836760][T11663] tpg RGB range: 0/2 [ 390.897785][T11663] vivid-007: ================== END STATUS ================== [ 393.094152][T11702] netlink: 186 bytes leftover after parsing attributes in process `syz.0.1135'. [ 394.786550][T11749] FAULT_INJECTION: forcing a failure. [ 394.786550][T11749] name fail_futex, interval 1, probability 0, space 0, times 0 [ 394.850333][T11749] CPU: 1 UID: 0 PID: 11749 Comm: syz.1.1143 Tainted: G U L syzkaller #0 PREEMPT(full) [ 394.850367][T11749] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 394.850374][T11749] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 394.850385][T11749] Call Trace: [ 394.850391][T11749] [ 394.850398][T11749] dump_stack_lvl+0x100/0x190 [ 394.850432][T11749] should_fail_ex.cold+0x5/0xa [ 394.850454][T11749] get_futex_key+0x1d2/0x1620 [ 394.850480][T11749] ? __pfx_get_futex_key+0x10/0x10 [ 394.850511][T11749] futex_wake+0xea/0x530 [ 394.850542][T11749] ? __pfx_futex_wake+0x10/0x10 [ 394.850571][T11749] ? __call_rcu_common.constprop.0+0x3f0/0x9b0 [ 394.850606][T11749] do_futex+0x32b/0x350 [ 394.850631][T11749] ? __pfx_do_futex+0x10/0x10 [ 394.850657][T11749] ? __pfx___might_resched+0x10/0x10 [ 394.850686][T11749] ? blkcg_maybe_throttle_current+0x5df/0xeb0 [ 394.850719][T11749] __x64_sys_futex+0x34f/0x4d0 [ 394.850748][T11749] ? __pfx___x64_sys_futex+0x10/0x10 [ 394.850782][T11749] do_syscall_64+0x106/0xf80 [ 394.850801][T11749] ? clear_bhb_loop+0x40/0x90 [ 394.850824][T11749] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 394.850843][T11749] RIP: 0033:0x7efc2cf9c819 [ 394.850859][T11749] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 394.850876][T11749] RSP: 002b:00007efc2de9e0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 394.850895][T11749] RAX: ffffffffffffffda RBX: 00007efc2d215fa8 RCX: 00007efc2cf9c819 [ 394.850906][T11749] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007efc2d215fac [ 394.850918][T11749] RBP: 00007efc2d215fa0 R08: 0000000000000000 R09: 0000000000000000 [ 394.850928][T11749] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 394.850939][T11749] R13: 00007efc2d216038 R14: 00007ffc76fcb1b0 R15: 00007ffc76fcb298 [ 394.850961][T11749] [ 399.634540][T11849] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1161'. [ 404.018651][T11965] sd 0:0:1:0: PR command failed: 1026 [ 404.024377][T11965] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 404.036936][T11965] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 406.656360][T12029] openvswitch: netlink: Geneve option length err (len 256, max 255). [ 407.826197][T12058] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1203'. [ 407.896830][ T8270] Bluetooth: hci2: unexpected event for opcode 0x7c89 [ 408.029275][ T8270] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18 [ 409.932812][T12110] capability: warning: `syz.0.1216' uses deprecated v2 capabilities in a way that may be insecure [ 410.818474][T12138] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1218'. [ 411.075729][T12146] bridge0: port 3(bond0) entered blocking state [ 411.090266][T12146] bridge0: port 3(bond0) entered disabled state [ 411.102690][T12146] bond0: entered allmulticast mode [ 411.147220][T12146] bond_slave_0: entered allmulticast mode [ 411.158084][T12146] bond_slave_1: entered allmulticast mode [ 411.168873][T12146] bond0: entered promiscuous mode [ 411.184651][T12146] bond_slave_0: entered promiscuous mode [ 411.206445][T12146] bond_slave_1: entered promiscuous mode [ 411.228500][T12146] bridge0: port 3(bond0) entered blocking state [ 411.234948][T12146] bridge0: port 3(bond0) entered forwarding state [ 413.303383][T12194] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1237'. [ 414.012354][T12203] FAULT_INJECTION: forcing a failure. [ 414.012354][T12203] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 414.147382][T12203] CPU: 0 UID: 0 PID: 12203 Comm: syz.2.1239 Tainted: G U L syzkaller #0 PREEMPT(full) [ 414.147416][T12203] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 414.147423][T12203] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 414.147434][T12203] Call Trace: [ 414.147440][T12203] [ 414.147447][T12203] dump_stack_lvl+0x100/0x190 [ 414.147481][T12203] should_fail_ex.cold+0x5/0xa [ 414.147503][T12203] _copy_from_user+0x2e/0xd0 [ 414.147529][T12203] kern_select+0xcf/0x270 [ 414.147550][T12203] ? __pfx_kern_select+0x10/0x10 [ 414.147575][T12203] __x64_sys_select+0xbd/0x160 [ 414.147593][T12203] ? do_syscall_64+0x95/0xf80 [ 414.147611][T12203] ? lockdep_hardirqs_on+0x78/0x100 [ 414.147630][T12203] do_syscall_64+0x106/0xf80 [ 414.147648][T12203] ? clear_bhb_loop+0x40/0x90 [ 414.147671][T12203] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 414.147695][T12203] RIP: 0033:0x7ffbc2d9c819 [ 414.147711][T12203] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 414.147729][T12203] RSP: 002b:00007ffbc3bf1028 EFLAGS: 00000246 ORIG_RAX: 0000000000000017 [ 414.147747][T12203] RAX: ffffffffffffffda RBX: 00007ffbc3016270 RCX: 00007ffbc2d9c819 [ 414.147759][T12203] RDX: 00002000000000c0 RSI: 0000200000000040 RDI: 0000000000000001 [ 414.147770][T12203] RBP: 00007ffbc2e32c91 R08: 00002000000001c0 R09: 0000000000000000 [ 414.147781][T12203] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 414.147791][T12203] R13: 00007ffbc3016308 R14: 00007ffbc3016270 R15: 00007ffe676948e8 [ 414.147814][T12203] [ 414.340186][ T0] NOHZ tick-stop error: local softirq work is pending, handler #202!!! [ 423.718253][T12376] block2mtd: error: cannot open device /sys/module/block2mtd/parameters/block2mtd [ 423.728209][T12377] block2mtd: error: cannot open device /sys/module/block2mtd/parameters/block2mtd [ 425.529548][ T30] audit: type=1800 audit(1775319710.700:15): pid=12428 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.1286" name="SYSV00000008" dev="tmpfs" ino=0 res=0 errno=0 [ 430.052439][T12542] Zero length message leads to an empty skb [ 430.064239][T12542] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 430.108080][ T30] audit: type=1800 audit(1775319715.250:16): pid=12542 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.1307" name="SYSV00000008" dev="hugetlbfs" ino=0 res=0 errno=0 [ 430.168305][T12511] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 430.206444][T12511] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 430.236741][T12511] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 430.257984][T12511] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 430.329576][T12511] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 430.335709][T12511] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 430.370203][T12533] mmap: syz.0.1305 (12533) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 430.395523][T12511] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 430.549877][T12527] NFSD: Failed to start, no listeners configured. [ 431.057432][ T8270] Bluetooth: hci0: command 0x0c1a tx timeout [ 431.788802][T12559] netlink: 93 bytes leftover after parsing attributes in process `syz.1.1311'. [ 432.257190][ T8270] Bluetooth: hci2: command 0x0c1a tx timeout [ 432.263291][T10343] Bluetooth: hci1: command 0x0c1a tx timeout [ 432.337306][ T8270] Bluetooth: hci4: command 0x0c1a tx timeout [ 432.705793][T12579] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 432.828173][T12582] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 433.166038][T12585] Page cache invalidation failure on direct I/O. Possible data corruption due to collision with buffered I/O! [ 433.221321][T12585] File: /dev/nullb0 PID: 12585 Comm: syz.1.1317 [ 434.122666][T12612] vivid-007: ================= START STATUS ================= [ 434.177092][T12612] vivid-007: Generate PTS: true [ 434.227079][T12612] vivid-007: Generate SCR: true [ 434.315181][T12612] tpg source WxH: 320x240 (Y'CbCr) [ 434.337613][ T8270] Bluetooth: hci2: command 0x0c1a tx timeout [ 434.357094][T12612] tpg field: 1 [ 434.360539][T12612] tpg crop: (0,0)/320x240 [ 434.425263][ T8270] Bluetooth: hci4: command 0x0c1a tx timeout [ 434.462595][T12612] tpg compose: (0,0)/320x240 [ 434.493936][T12612] tpg colorspace: 8 [ 434.541202][T12612] tpg transfer function: 0/0 [ 434.587692][T12612] tpg Y'CbCr encoding: 0/0 [ 434.612286][T12612] tpg quantization: 0/0 [ 434.642857][T12612] tpg RGB range: 0/2 [ 434.653982][T12612] vivid-007: ================== END STATUS ================== [ 434.782483][T12618] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1324'. [ 435.191773][ T8270] Bluetooth: hci0: unexpected event 0x06 length: 440 > 3 [ 436.498652][ T8270] Bluetooth: hci4: command 0x0c1a tx timeout [ 437.308881][T12661] FAULT_INJECTION: forcing a failure. [ 437.308881][T12661] name failslab, interval 1, probability 0, space 0, times 0 [ 437.322735][T12661] CPU: 0 UID: 0 PID: 12661 Comm: syz.2.1336 Tainted: G U L syzkaller #0 PREEMPT(full) [ 437.322768][T12661] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 437.322775][T12661] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 437.322786][T12661] Call Trace: [ 437.322792][T12661] [ 437.322800][T12661] dump_stack_lvl+0x100/0x190 [ 437.322834][T12661] should_fail_ex.cold+0x5/0xa [ 437.322856][T12661] should_failslab+0xc2/0x120 [ 437.322878][T12661] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 437.322907][T12661] ? ext4_init_io_end+0x24/0x170 [ 437.322932][T12661] ext4_init_io_end+0x24/0x170 [ 437.322952][T12661] ext4_do_writepages+0xaf9/0x3f50 [ 437.322995][T12661] ? __pfx_ext4_do_writepages+0x10/0x10 [ 437.323034][T12661] ? ext4_writepages+0x347/0x790 [ 437.323059][T12661] ext4_writepages+0x347/0x790 [ 437.323086][T12661] ? __pfx_ext4_writepages+0x10/0x10 [ 437.323119][T12661] ? do_writepages+0x4b5/0x600 [ 437.323140][T12661] ? do_writepages+0x4b5/0x600 [ 437.323164][T12661] ? __pfx_ext4_writepages+0x10/0x10 [ 437.323192][T12661] do_writepages+0x278/0x600 [ 437.323217][T12661] ? __pfx_do_writepages+0x10/0x10 [ 437.323271][T12661] ? do_raw_spin_unlock+0x145/0x1e0 [ 437.323301][T12661] ? _raw_spin_unlock+0x28/0x50 [ 437.323331][T12661] filemap_writeback+0x22d/0x2e0 [ 437.323357][T12661] ? __pfx_filemap_writeback+0x10/0x10 [ 437.323406][T12661] ? mt_find+0x45e/0x8e0 [ 437.323428][T12661] ? __pfx_mt_find+0x10/0x10 [ 437.323450][T12661] file_write_and_wait_range+0xcd/0x140 [ 437.323478][T12661] ext4_sync_file+0x358/0xbc0 [ 437.323505][T12661] ? __pfx_ext4_sync_file+0x10/0x10 [ 437.323528][T12661] ? __up_read+0x260/0x700 [ 437.323556][T12661] ? __pfx___up_read+0x10/0x10 [ 437.323587][T12661] ? __do_sys_msync+0x39b/0x590 [ 437.323616][T12661] ? __pfx_ext4_sync_file+0x10/0x10 [ 437.323646][T12661] vfs_fsync_range+0x9b/0x190 [ 437.323681][T12661] __do_sys_msync+0x3ca/0x590 [ 437.323719][T12661] do_syscall_64+0x106/0xf80 [ 437.323737][T12661] ? clear_bhb_loop+0x40/0x90 [ 437.323760][T12661] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 437.323779][T12661] RIP: 0033:0x7ffbc2d9c819 [ 437.323796][T12661] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 437.323814][T12661] RSP: 002b:00007ffbc3c54028 EFLAGS: 00000246 ORIG_RAX: 000000000000001a [ 437.323835][T12661] RAX: ffffffffffffffda RBX: 00007ffbc3015fa0 RCX: 00007ffbc2d9c819 [ 437.323846][T12661] RDX: 0000000000000006 RSI: 0000002000000005 RDI: 0000000000200000 [ 437.323857][T12661] RBP: 00007ffbc2e32c91 R08: 0000000000000000 R09: 0000000000000000 [ 437.323867][T12661] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 437.323878][T12661] R13: 00007ffbc3016038 R14: 00007ffbc3015fa0 R15: 00007ffe676948e8 [ 437.323902][T12661] [ 438.340993][T12672] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input23 [ 438.426188][T12675] process 'syz.0.1338' launched './file0' with NULL argv: empty string added [ 438.426188][T12683] process 'syz.0.1338' launched './file0' with NULL argv: empty string added [ 438.459586][T12677] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input24 [ 438.814105][T12691] FAULT_INJECTION: forcing a failure. [ 438.814105][T12691] name failslab, interval 1, probability 0, space 0, times 0 [ 438.829854][T12691] CPU: 0 UID: 0 PID: 12691 Comm: syz.4.1344 Tainted: G U L syzkaller #0 PREEMPT(full) [ 438.829889][T12691] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 438.829896][T12691] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 438.829907][T12691] Call Trace: [ 438.829913][T12691] [ 438.829920][T12691] dump_stack_lvl+0x100/0x190 [ 438.829953][T12691] should_fail_ex.cold+0x5/0xa [ 438.829975][T12691] should_failslab+0xc2/0x120 [ 438.829999][T12691] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 438.830028][T12691] ? security_inode_alloc+0x3b/0x2c0 [ 438.830051][T12691] ? lockdep_init_map_type+0x5c/0x250 [ 438.830080][T12691] security_inode_alloc+0x3b/0x2c0 [ 438.830102][T12691] inode_init_always_gfp+0xced/0x1040 [ 438.830126][T12691] alloc_inode+0x8e/0x250 [ 438.830151][T12691] iget_locked+0x1d9/0x6d0 [ 438.830178][T12691] ? __pfx_iget_locked+0x10/0x10 [ 438.830204][T12691] ? kernfs_root+0xee/0x2a0 [ 438.830230][T12691] ? kernfs_root+0xee/0x2a0 [ 438.830268][T12691] kernfs_get_inode+0x46/0x470 [ 438.830300][T12691] kernfs_iop_lookup+0x1a7/0x2d0 [ 438.830349][T12691] __lookup_slow+0x251/0x460 [ 438.830390][T12691] ? __pfx___lookup_slow+0x10/0x10 [ 438.830451][T12691] ? __d_lookup+0x266/0x4a0 [ 438.830490][T12691] lookup_slow+0x50/0x70 [ 438.830515][T12691] link_path_walk+0x1377/0x1cc0 [ 438.830552][T12691] path_openat+0x1be/0x31a0 [ 438.830570][T12691] ? kasan_save_stack+0x3f/0x50 [ 438.830587][T12691] ? kasan_save_stack+0x30/0x50 [ 438.830602][T12691] ? kasan_save_track+0x14/0x30 [ 438.830618][T12691] ? kmem_cache_alloc_noprof+0x241/0x6e0 [ 438.830653][T12691] ? __pfx_path_openat+0x10/0x10 [ 438.830681][T12691] do_file_open+0x20e/0x430 [ 438.830703][T12691] ? __pfx_do_file_open+0x10/0x10 [ 438.830739][T12691] ? alloc_fd+0x476/0x790 [ 438.830760][T12691] ? do_getname+0x191/0x390 [ 438.830786][T12691] do_sys_openat2+0x10d/0x1e0 [ 438.830812][T12691] ? __pfx_do_sys_openat2+0x10/0x10 [ 438.830839][T12691] ? __fget_files+0x21f/0x3d0 [ 438.830862][T12691] __x64_sys_openat+0x12d/0x210 [ 438.830888][T12691] ? __pfx___x64_sys_openat+0x10/0x10 [ 438.830922][T12691] do_syscall_64+0x106/0xf80 [ 438.830940][T12691] ? clear_bhb_loop+0x40/0x90 [ 438.830963][T12691] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 438.830982][T12691] RIP: 0033:0x7f2604d9c819 [ 438.831001][T12691] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 438.831019][T12691] RSP: 002b:00007f2605b83028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 438.831038][T12691] RAX: ffffffffffffffda RBX: 00007f2605015fa0 RCX: 00007f2604d9c819 [ 438.831050][T12691] RDX: 0000000000040480 RSI: 00002000000000c0 RDI: ffffffffffffff9c [ 438.831061][T12691] RBP: 00007f2604e32c91 R08: 0000000000000000 R09: 0000000000000000 [ 438.831072][T12691] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 438.831082][T12691] R13: 00007f2605016038 R14: 00007f2605015fa0 R15: 00007ffc8441a5a8 [ 438.831105][T12691] [ 439.386242][T12700] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1346'. [ 439.638776][ T8270] Bluetooth: hci0: SCO packet for unknown connection handle 0 [ 440.455923][T12727] Page cache invalidation failure on direct I/O. Possible data corruption due to collision with buffered I/O! [ 440.507833][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.514317][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 440.538362][T12727] File: /dev/nullb0 PID: 12727 Comm: syz.4.1351 [ 441.059616][T12758] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input25 [ 442.567327][T12805] netlink: 148 bytes leftover after parsing attributes in process `syz.1.1364'. [ 442.994041][T12816] NFSD: Failed to start, no listeners configured. [ 443.086413][T12810] usb usb37: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 443.094670][T12810] vhci_hcd vhci_hcd.2: invalid port number 111 [ 443.115020][T12810] vhci_hcd vhci_hcd.2: invalid port number 111 [ 443.970640][T12836] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1372'. [ 444.028393][T12838] netlink: 25 bytes leftover after parsing attributes in process `syz.0.1372'. [ 444.801237][T12819] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 444.808135][T12819] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 444.831813][T12819] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 444.848379][T12819] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 445.225115][T10343] Bluetooth: hci0: command 0x0c1a tx timeout [ 446.817511][T10343] Bluetooth: hci1: command 0x0c1a tx timeout [ 446.898940][T10343] Bluetooth: hci4: command 0x0c1a tx timeout [ 446.905853][T10343] Bluetooth: hci2: command 0x0c1a tx timeout [ 448.036695][T12938] netlink: 'syz.0.1400': attribute type 10 has an invalid length. [ 448.069745][T12938] netlink: 230 bytes leftover after parsing attributes in process `syz.0.1400'. [ 448.553131][T10280] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 451.477657][T13019] Page cache invalidation failure on direct I/O. Possible data corruption due to collision with buffered I/O! [ 451.594232][T13019] File: /dev/nullb0 PID: 13019 Comm: syz.1.1415 [ 452.206031][ T30] audit: type=1800 audit(4294967302.860:17): pid=13056 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.1424" name="dbroot" dev="configfs" ino=43792 res=0 errno=0 [ 452.212453][T13056] db_root: cannot open: /dev/audio1 [ 452.273724][T13056] db_root: not a directory: /dev/audio1 [ 453.243264][T13078] FAULT_INJECTION: forcing a failure. [ 453.243264][T13078] name failslab, interval 1, probability 0, space 0, times 0 [ 453.263908][T13078] CPU: 0 UID: 0 PID: 13078 Comm: syz.2.1430 Tainted: G U L syzkaller #0 PREEMPT(full) [ 453.263959][T13078] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 453.263969][T13078] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 453.263984][T13078] Call Trace: [ 453.263992][T13078] [ 453.264001][T13078] dump_stack_lvl+0x100/0x190 [ 453.264045][T13078] should_fail_ex.cold+0x5/0xa [ 453.264080][T13078] should_failslab+0xc2/0x120 [ 453.264116][T13078] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 453.264159][T13078] ? __d_alloc+0x34/0xa80 [ 453.264220][T13078] __d_alloc+0x34/0xa80 [ 453.264259][T13078] d_alloc_pseudo+0x1c/0xc0 [ 453.264303][T13078] alloc_file_pseudo+0xcf/0x230 [ 453.264347][T13078] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 453.264387][T13078] ? alloc_fd+0x476/0x790 [ 453.264427][T13078] sock_alloc_file+0x50/0x210 [ 453.264460][T13078] __sys_socket+0x1c0/0x260 [ 453.264500][T13078] ? __pfx___sys_socket+0x10/0x10 [ 453.264549][T13078] __x64_sys_socket+0x72/0xb0 [ 453.264587][T13078] ? lockdep_hardirqs_on+0x78/0x100 [ 453.264618][T13078] do_syscall_64+0x106/0xf80 [ 453.264646][T13078] ? clear_bhb_loop+0x40/0x90 [ 453.264681][T13078] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 453.264711][T13078] RIP: 0033:0x7ffbc2d9c819 [ 453.264737][T13078] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 453.264765][T13078] RSP: 002b:00007ffbc3c54028 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 453.264793][T13078] RAX: ffffffffffffffda RBX: 00007ffbc3015fa0 RCX: 00007ffbc2d9c819 [ 453.264812][T13078] RDX: 0000000000000002 RSI: 0000000000000002 RDI: 0000000000000021 [ 453.264828][T13078] RBP: 00007ffbc2e32c91 R08: 0000000000000000 R09: 0000000000000000 [ 453.264845][T13078] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 453.264862][T13078] R13: 00007ffbc3016038 R14: 00007ffbc3015fa0 R15: 00007ffe676948e8 [ 453.264906][T13078] [ 453.774993][T13088] netlink: 'syz.4.1433': attribute type 2 has an invalid length. [ 453.829352][T13096] netlink: 'syz.4.1433': attribute type 2 has an invalid length. [ 454.275329][T13122] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1438'. [ 454.567650][T13133] FAULT_INJECTION: forcing a failure. [ 454.567650][T13133] name failslab, interval 1, probability 0, space 0, times 0 [ 454.746131][T13133] CPU: 1 UID: 0 PID: 13133 Comm: syz.4.1441 Tainted: G U L syzkaller #0 PREEMPT(full) [ 454.746182][T13133] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 454.746194][T13133] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 454.746209][T13133] Call Trace: [ 454.746220][T13133] [ 454.746231][T13133] dump_stack_lvl+0x100/0x190 [ 454.746274][T13133] should_fail_ex.cold+0x5/0xa [ 454.746297][T13133] should_failslab+0xc2/0x120 [ 454.746317][T13133] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 454.746345][T13133] ? alloc_empty_file+0x55/0x1c0 [ 454.746374][T13133] alloc_empty_file+0x55/0x1c0 [ 454.746399][T13133] alloc_file_pseudo+0x13a/0x230 [ 454.746425][T13133] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 454.746450][T13133] ? alloc_fd+0x476/0x790 [ 454.746473][T13133] sock_alloc_file+0x50/0x210 [ 454.746494][T13133] __sys_socket+0x1c0/0x260 [ 454.746517][T13133] ? __pfx___sys_socket+0x10/0x10 [ 454.746547][T13133] __x64_sys_socket+0x72/0xb0 [ 454.746570][T13133] ? lockdep_hardirqs_on+0x78/0x100 [ 454.746589][T13133] do_syscall_64+0x106/0xf80 [ 454.746606][T13133] ? clear_bhb_loop+0x40/0x90 [ 454.746628][T13133] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 454.746648][T13133] RIP: 0033:0x7f2604d9c819 [ 454.746663][T13133] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 454.746681][T13133] RSP: 002b:00007f2605b83028 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 454.746699][T13133] RAX: ffffffffffffffda RBX: 00007f2605015fa0 RCX: 00007f2604d9c819 [ 454.746711][T13133] RDX: 0000000000000002 RSI: 0000000000000002 RDI: 0000000000000021 [ 454.746721][T13133] RBP: 00007f2604e32c91 R08: 0000000000000000 R09: 0000000000000000 [ 454.746731][T13133] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 454.746742][T13133] R13: 00007f2605016038 R14: 00007f2605015fa0 R15: 00007ffc8441a5a8 [ 454.746765][T13133] [ 458.185861][T13207] netlink: 306 bytes leftover after parsing attributes in process `syz.1.1455'. [ 458.858435][T13219] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1458'. [ 458.899513][T13214] FAULT_INJECTION: forcing a failure. [ 458.899513][T13214] name failslab, interval 1, probability 0, space 0, times 0 [ 458.948105][T13214] CPU: 1 UID: 0 PID: 13214 Comm: syz.4.1457 Tainted: G U L syzkaller #0 PREEMPT(full) [ 458.948157][T13214] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 458.948171][T13214] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 458.948189][T13214] Call Trace: [ 458.948200][T13214] [ 458.948213][T13214] dump_stack_lvl+0x100/0x190 [ 458.948266][T13214] should_fail_ex.cold+0x5/0xa [ 458.948315][T13214] should_failslab+0xc2/0x120 [ 458.948351][T13214] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 458.948400][T13214] ? mas_alloc_nodes+0x280/0x390 [ 458.948457][T13214] mas_alloc_nodes+0x280/0x390 [ 458.948509][T13214] mas_preallocate+0x39c/0xf10 [ 458.948541][T13214] ? __memcg_slab_post_alloc_hook+0x4e0/0x990 [ 458.948586][T13214] ? __pfx_mas_preallocate+0x10/0x10 [ 458.948633][T13214] ? anon_vma_name+0x5a/0x250 [ 458.948679][T13214] __split_vma+0x33d/0xd90 [ 458.948730][T13214] ? __pfx___split_vma+0x10/0x10 [ 458.948771][T13214] ? kasan_save_track+0x14/0x30 [ 458.948798][T13214] ? __kasan_slab_alloc+0x89/0x90 [ 458.948827][T13214] ? kmem_cache_alloc_noprof+0x241/0x6e0 [ 458.948883][T13214] ? __mpol_equal+0xaf/0x340 [ 458.948933][T13214] vma_modify+0x1121/0x2250 [ 458.948988][T13214] ? __pfx_vma_modify+0x10/0x10 [ 458.949042][T13214] vma_modify_policy+0x238/0x300 [ 458.949088][T13214] ? __pfx_vma_modify_policy+0x10/0x10 [ 458.949136][T13214] ? find_held_lock+0x2b/0x80 [ 458.949198][T13214] mbind_range+0x175/0x550 [ 458.949244][T13214] do_mbind+0x7dc/0xfd0 [ 458.949300][T13214] ? __might_fault+0xc5/0x140 [ 458.949347][T13214] ? __pfx_do_mbind+0x10/0x10 [ 458.949394][T13214] ? _copy_from_user+0x59/0xd0 [ 458.949444][T13214] ? __pfx_get_nodes+0x10/0x10 [ 458.949486][T13214] kernel_mbind+0x1b7/0x200 [ 458.949530][T13214] ? __pfx_kernel_mbind+0x10/0x10 [ 458.949583][T13214] do_syscall_64+0x106/0xf80 [ 458.949613][T13214] ? clear_bhb_loop+0x40/0x90 [ 458.949651][T13214] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 458.949682][T13214] RIP: 0033:0x7f2604d9c819 [ 458.949709][T13214] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 458.949739][T13214] RSP: 002b:00007f2605b83028 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed [ 458.949769][T13214] RAX: ffffffffffffffda RBX: 00007f2605015fa0 RCX: 00007f2604d9c819 [ 458.949790][T13214] RDX: 0000000000008003 RSI: 0000000000800605 RDI: 0000000000000000 [ 458.949808][T13214] RBP: 00007f2604e32c91 R08: 0000000000000003 R09: 0000000000000003 [ 458.949827][T13214] R10: 0000200000000100 R11: 0000000000000246 R12: 0000000000000000 [ 458.949845][T13214] R13: 00007f2605016038 R14: 00007f2605015fa0 R15: 00007ffc8441a5a8 [ 458.949887][T13214] [ 459.842002][T13238] GUP no longer grows the stack in syz.1.1463 (13238): 14000-401000 (4000) [ 459.851835][T13238] CPU: 1 UID: 0 PID: 13238 Comm: syz.1.1463 Tainted: G U L syzkaller #0 PREEMPT(full) [ 459.851887][T13238] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 459.851898][T13238] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 459.851915][T13238] Call Trace: [ 459.851926][T13238] [ 459.851937][T13238] dump_stack_lvl+0x100/0x190 [ 459.851990][T13238] gup_vma_lookup.cold+0x83/0x96 [ 459.852038][T13238] __get_user_pages+0x241/0x34d0 [ 459.852088][T13238] ? down_read_killable+0x30e/0x4c0 [ 459.852123][T13238] ? __lock_acquire+0x4a5/0x2630 [ 459.852167][T13238] ? __pfx___get_user_pages+0x10/0x10 [ 459.852226][T13238] __gup_longterm_locked+0x87d/0x16f0 [ 459.852278][T13238] ? __pfx___gup_longterm_locked+0x10/0x10 [ 459.852319][T13238] ? try_get_folio+0x262/0x750 [ 459.852353][T13238] ? find_held_lock+0x2b/0x80 [ 459.852385][T13238] ? sanity_check_pinned_pages+0x5f6/0x1250 [ 459.852430][T13238] gup_fast_fallback+0x18c6/0x2460 [ 459.852500][T13238] ? __pfx_gup_fast_fallback+0x10/0x10 [ 459.852541][T13238] ? __lock_acquire+0x4a5/0x2630 [ 459.852580][T13238] ? bio_associate_blkg_from_css+0xe33/0x13f0 [ 459.852624][T13238] ? bio_associate_blkg+0x10c/0x2a0 [ 459.852680][T13238] pin_user_pages_fast+0xa7/0xf0 [ 459.852718][T13238] ? __pfx_pin_user_pages_fast+0x10/0x10 [ 459.852759][T13238] ? find_held_lock+0x2b/0x80 [ 459.852788][T13238] ? __debug_object_init+0x2de/0x3d0 [ 459.852818][T13238] ? __debug_object_init+0x2de/0x3d0 [ 459.852852][T13238] iov_iter_extract_pages+0xa0d/0x1ef0 [ 459.852900][T13238] ? __lock_acquire+0x4a5/0x2630 [ 459.852941][T13238] ? __pfx_iov_iter_extract_pages+0x10/0x10 [ 459.852990][T13238] ? __lock_acquire+0x4a5/0x2630 [ 459.853037][T13238] iov_iter_extract_bvecs+0x10e/0xf40 [ 459.853090][T13238] ? find_held_lock+0x2b/0x80 [ 459.853119][T13238] ? bio_associate_blkg_from_css+0x394/0x13f0 [ 459.853169][T13238] ? __pfx_iov_iter_extract_bvecs+0x10/0x10 [ 459.853248][T13238] ? bio_associate_blkg_from_css+0x550/0x13f0 [ 459.853305][T13238] bio_iov_iter_get_pages+0x26a/0x970 [ 459.853357][T13238] __blkdev_direct_IO_simple+0x3a7/0x890 [ 459.853412][T13238] ? __pfx___blkdev_direct_IO_simple+0x10/0x10 [ 459.853492][T13238] ? ktime_get_coarse_real_ts64_mg+0x249/0x300 [ 459.853529][T13238] ? ktime_get_coarse_real_ts64_mg+0x1e0/0x300 [ 459.853578][T13238] blkdev_direct_IO+0xc76/0x1fb0 [ 459.853640][T13238] ? __pfx_blkdev_direct_IO+0x10/0x10 [ 459.853683][T13238] ? rcu_is_watching+0x12/0xc0 [ 459.853728][T13238] ? __mark_inode_dirty+0x55c/0x1790 [ 459.853774][T13238] ? filemap_check_errors+0xa9/0x150 [ 459.853821][T13238] blkdev_write_iter+0x703/0xd70 [ 459.853879][T13238] vfs_write+0x6ac/0x1070 [ 459.853910][T13238] ? __pfx_blkdev_write_iter+0x10/0x10 [ 459.853957][T13238] ? __pfx_vfs_write+0x10/0x10 [ 459.853983][T13238] ? find_held_lock+0x2b/0x80 [ 459.854038][T13238] ksys_write+0x12a/0x250 [ 459.854069][T13238] ? __pfx_ksys_write+0x10/0x10 [ 459.854108][T13238] do_syscall_64+0x106/0xf80 [ 459.854138][T13238] ? clear_bhb_loop+0x40/0x90 [ 459.854177][T13238] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 459.854216][T13238] RIP: 0033:0x7efc2cf9c819 [ 459.854244][T13238] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 459.854274][T13238] RSP: 002b:00007efc2de7d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 459.854305][T13238] RAX: ffffffffffffffda RBX: 00007efc2d216090 RCX: 00007efc2cf9c819 [ 459.854326][T13238] RDX: 000000000010007c RSI: 0000000000000000 RDI: 0000000000000004 [ 459.854343][T13238] RBP: 00007efc2d032c91 R08: 0000000000000000 R09: 0000000000000000 [ 459.854360][T13238] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 459.854377][T13238] R13: 00007efc2d216128 R14: 00007efc2d216090 R15: 00007ffc76fcb298 [ 459.854417][T13238] [ 461.959864][T13298] block2mtd: Using custom MTD label '' for dev [ 462.043632][T13298] block2mtd: error: cannot open device [ 462.059475][T13298] FAULT_INJECTION: forcing a failure. [ 462.059475][T13298] name failslab, interval 1, probability 0, space 0, times 0 [ 462.097345][T13298] CPU: 1 UID: 0 PID: 13298 Comm: syz.4.1475 Tainted: G U L syzkaller #0 PREEMPT(full) [ 462.097378][T13298] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 462.097385][T13298] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 462.097395][T13298] Call Trace: [ 462.097402][T13298] [ 462.097409][T13298] dump_stack_lvl+0x100/0x190 [ 462.097442][T13298] should_fail_ex.cold+0x5/0xa [ 462.097465][T13298] ? tomoyo_realpath_from_path+0xb6/0x690 [ 462.097492][T13298] should_failslab+0xc2/0x120 [ 462.097513][T13298] __kmalloc_noprof+0xe0/0x850 [ 462.097546][T13298] tomoyo_realpath_from_path+0xb6/0x690 [ 462.097578][T13298] tomoyo_check_open_permission+0x2af/0x3c0 [ 462.097603][T13298] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 462.097645][T13298] ? lock_acquire+0x1cf/0x380 [ 462.097670][T13298] ? find_held_lock+0x2b/0x80 [ 462.097693][T13298] tomoyo_file_open+0x6b/0x90 [ 462.097712][T13298] security_file_open+0xb5/0x1e0 [ 462.097738][T13298] do_dentry_open+0x5aa/0x1660 [ 462.097764][T13298] vfs_open+0x82/0x3f0 [ 462.097790][T13298] path_openat+0x208c/0x31a0 [ 462.097818][T13298] ? __pfx_path_openat+0x10/0x10 [ 462.097846][T13298] do_file_open+0x20e/0x430 [ 462.097868][T13298] ? __pfx_do_file_open+0x10/0x10 [ 462.097903][T13298] ? alloc_fd+0x476/0x790 [ 462.097925][T13298] ? do_getname+0x191/0x390 [ 462.097961][T13298] do_sys_openat2+0x10d/0x1e0 [ 462.097990][T13298] ? __pfx_do_sys_openat2+0x10/0x10 [ 462.098024][T13298] __x64_sys_openat+0x12d/0x210 [ 462.098058][T13298] ? __pfx___x64_sys_openat+0x10/0x10 [ 462.098110][T13298] do_syscall_64+0x106/0xf80 [ 462.098140][T13298] ? clear_bhb_loop+0x40/0x90 [ 462.098176][T13298] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 462.098195][T13298] RIP: 0033:0x7f2604d9c819 [ 462.098212][T13298] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 462.098239][T13298] RSP: 002b:00007f2605b83028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 462.098257][T13298] RAX: ffffffffffffffda RBX: 00007f2605015fa0 RCX: 00007f2604d9c819 [ 462.098269][T13298] RDX: 0000000000000002 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 462.098279][T13298] RBP: 00007f2604e32c91 R08: 0000000000000000 R09: 0000000000000000 [ 462.098290][T13298] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 462.098300][T13298] R13: 00007f2605016038 R14: 00007f2605015fa0 R15: 00007ffc8441a5a8 [ 462.098325][T13298] [ 462.098341][T13298] ERROR: Out of memory at tomoyo_realpath_from_path. [ 465.224041][T13358] Process accounting resumed [ 465.240178][T13365] synth uevent: /devices/platform/dummy_hcd.3/usb4/ep_00: unknown uevent action string [ 465.280837][T13365] ep_00: uevent: failed to send synthetic uevent: -22 [ 465.464154][T13367] ubi11: attaching mtd0 [ 465.502180][T13367] ubi11: scanning is finished [ 465.554117][T13367] ubi11 error: ubi_read_volume_table: the layout volume was not found [ 465.873009][T13367] ubi11 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 466.879737][T13393] mmap: syz.2.1497 (13393): VmData 37597184 exceed data ulimit 3. Update limits or use boot option ignore_rlimit_data. [ 467.181003][T13400] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1499'. [ 467.194593][T13400] netlink: 13 bytes leftover after parsing attributes in process `syz.2.1499'. [ 467.580432][T13410] program syz.1.1501 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 467.606150][T13419] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1503'. [ 467.914840][T13427] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1505'. [ 471.422114][T13482] FAULT_INJECTION: forcing a failure. [ 471.422114][T13482] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 471.452041][T13482] CPU: 1 UID: 0 PID: 13482 Comm: syz.4.1518 Tainted: G U L syzkaller #0 PREEMPT(full) [ 471.452088][T13482] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 471.452097][T13482] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 471.452112][T13482] Call Trace: [ 471.452122][T13482] [ 471.452132][T13482] dump_stack_lvl+0x100/0x190 [ 471.452179][T13482] should_fail_ex.cold+0x5/0xa [ 471.452223][T13482] _copy_from_user+0x2e/0xd0 [ 471.452260][T13482] move_addr_to_kernel+0x65/0x170 [ 471.452294][T13482] copy_msghdr_from_user+0x417/0x4f0 [ 471.452330][T13482] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 471.452373][T13482] ? __pfx__kstrtoull+0x10/0x10 [ 471.452425][T13482] ___sys_sendmsg+0x106/0x1e0 [ 471.452463][T13482] ? __pfx____sys_sendmsg+0x10/0x10 [ 471.452518][T13482] ? find_held_lock+0x2b/0x80 [ 471.452568][T13482] __sys_sendmmsg+0x205/0x430 [ 471.452598][T13482] ? __pfx___sys_sendmmsg+0x10/0x10 [ 471.452637][T13482] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 471.452685][T13482] ? fput+0x79/0x100 [ 471.452718][T13482] ? ksys_write+0x1ac/0x250 [ 471.452744][T13482] ? __pfx_ksys_write+0x10/0x10 [ 471.452779][T13482] __x64_sys_sendmmsg+0x9c/0x100 [ 471.452807][T13482] ? lockdep_hardirqs_on+0x78/0x100 [ 471.452837][T13482] do_syscall_64+0x106/0xf80 [ 471.452865][T13482] ? clear_bhb_loop+0x40/0x90 [ 471.452899][T13482] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 471.452928][T13482] RIP: 0033:0x7f2604d9c819 [ 471.452953][T13482] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 471.452979][T13482] RSP: 002b:00007f2605b83028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 471.453005][T13482] RAX: ffffffffffffffda RBX: 00007f2605015fa0 RCX: 00007f2604d9c819 [ 471.453023][T13482] RDX: 0000000000000005 RSI: 0000200000000140 RDI: 0000000000000003 [ 471.453038][T13482] RBP: 00007f2605b83090 R08: 0000000000000000 R09: 0000000000000000 [ 471.453054][T13482] R10: 0000000000000311 R11: 0000000000000246 R12: 0000000000000001 [ 471.453070][T13482] R13: 00007f2605016038 R14: 00007f2605015fa0 R15: 00007ffc8441a5a8 [ 471.453109][T13482] [ 473.211126][T13530] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1530'. [ 474.135110][T13556] misc userio: Invalid payload size [ 476.473393][T13606] Page cache invalidation failure on direct I/O. Possible data corruption due to collision with buffered I/O! [ 476.643318][T13606] File: /dev/nullb0 PID: 13606 Comm: syz.4.1552 [ 477.121589][T13633] FAULT_INJECTION: forcing a failure. [ 477.121589][T13633] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 477.145245][T13633] CPU: 1 UID: 0 PID: 13633 Comm: syz.4.1557 Tainted: G U L syzkaller #0 PREEMPT(full) [ 477.145294][T13633] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 477.145304][T13633] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 477.145320][T13633] Call Trace: [ 477.145330][T13633] [ 477.145340][T13633] dump_stack_lvl+0x100/0x190 [ 477.145387][T13633] should_fail_ex.cold+0x5/0xa [ 477.145424][T13633] _copy_to_user+0x32/0xd0 [ 477.145462][T13633] simple_read_from_buffer+0xcb/0x170 [ 477.145511][T13633] proc_fail_nth_read+0x1af/0x230 [ 477.145550][T13633] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 477.145583][T13633] ? rw_verify_area+0xce/0x6d0 [ 477.145617][T13633] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 477.145646][T13633] vfs_read+0x1e4/0xb30 [ 477.145672][T13633] ? __pfx_vfs_read+0x10/0x10 [ 477.145693][T13633] ? __fget_files+0x215/0x3d0 [ 477.145722][T13633] ? __fget_files+0x21f/0x3d0 [ 477.145753][T13633] ksys_read+0x12a/0x250 [ 477.145775][T13633] ? __pfx_ksys_read+0x10/0x10 [ 477.145805][T13633] do_syscall_64+0x106/0xf80 [ 477.145829][T13633] ? clear_bhb_loop+0x40/0x90 [ 477.145857][T13633] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 477.145881][T13633] RIP: 0033:0x7f2604d5d04e [ 477.145900][T13633] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 477.145922][T13633] RSP: 002b:00007f2605b82fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 477.145944][T13633] RAX: ffffffffffffffda RBX: 00007f2605b836c0 RCX: 00007f2604d5d04e [ 477.145959][T13633] RDX: 000000000000000f RSI: 00007f2605b830a0 RDI: 0000000000000004 [ 477.145972][T13633] RBP: 00007f2605b83090 R08: 0000000000000000 R09: 0000000000000000 [ 477.145994][T13633] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 477.146007][T13633] R13: 00007f2605016038 R14: 00007f2605015fa0 R15: 00007ffc8441a5a8 [ 477.146038][T13633] [ 481.686208][T13730] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1583'. [ 482.122075][T13741] netlink: 186 bytes leftover after parsing attributes in process `syz.0.1586'. [ 482.135065][T13741] netlink: 186 bytes leftover after parsing attributes in process `syz.0.1586'. [ 482.529011][ T30] audit: type=1800 audit(4294968356.177:18): pid=13747 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.1588" name="features" dev="configfs" ino=48704 res=0 errno=0 [ 482.541224][T13748] i2c i2c-0: Frontend requested software zigzag, but didn't set the frequency step size [ 482.709320][T13742] ======================================================= [ 482.709320][T13742] WARNING: The mand mount option has been deprecated and [ 482.709320][T13742] and is ignored by this kernel. Remove the mand [ 482.709320][T13742] option from the mount to silence this warning. [ 482.709320][T13742] ======================================================= [ 483.394431][T13769] FAULT_INJECTION: forcing a failure. [ 483.394431][T13769] name failslab, interval 1, probability 0, space 0, times 0 [ 483.418924][T13769] CPU: 1 UID: 0 PID: 13769 Comm: syz.2.1591 Tainted: G U L syzkaller #0 PREEMPT(full) [ 483.418975][T13769] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 483.418987][T13769] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 483.419004][T13769] Call Trace: [ 483.419014][T13769] [ 483.419025][T13769] dump_stack_lvl+0x100/0x190 [ 483.419076][T13769] should_fail_ex.cold+0x5/0xa [ 483.419114][T13769] should_failslab+0xc2/0x120 [ 483.419148][T13769] __kmalloc_cache_noprof+0x7a/0x6f0 [ 483.419199][T13769] ? sctp_auth_shkey_create+0x9e/0x210 [ 483.419229][T13769] ? __genradix_ptr_alloc+0x347/0x610 [ 483.419278][T13769] sctp_auth_shkey_create+0x9e/0x210 [ 483.419313][T13769] sctp_auth_asoc_copy_shkeys+0x1f2/0x360 [ 483.419355][T13769] sctp_association_new+0x19ab/0x2990 [ 483.419404][T13769] sctp_connect_new_asoc+0x1a8/0x770 [ 483.419445][T13769] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 483.419482][T13769] ? sctp_endpoint_lookup_assoc+0x15c/0x2a0 [ 483.419516][T13769] ? sctp_endpoint_lookup_assoc+0x15c/0x2a0 [ 483.419555][T13769] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 483.419593][T13769] sctp_sendmsg+0x171a/0x22b0 [ 483.419643][T13769] ? __pfx_sctp_sendmsg+0x10/0x10 [ 483.419679][T13769] ? __lock_acquire+0x4a5/0x2630 [ 483.419724][T13769] ? aa_sk_perm+0x309/0xaa0 [ 483.419770][T13769] ? __pfx_aa_sk_perm+0x10/0x10 [ 483.419818][T13769] ? __pfx_sctp_sendmsg+0x10/0x10 [ 483.419858][T13769] inet_sendmsg+0x11c/0x140 [ 483.419897][T13769] ____sys_sendmsg+0x98d/0xb70 [ 483.419936][T13769] ? __pfx_inet_sendmsg+0x10/0x10 [ 483.419978][T13769] ? __pfx_____sys_sendmsg+0x10/0x10 [ 483.420022][T13769] ? __pfx__kstrtoull+0x10/0x10 [ 483.420076][T13769] ___sys_sendmsg+0x190/0x1e0 [ 483.420118][T13769] ? __pfx____sys_sendmsg+0x10/0x10 [ 483.420185][T13769] ? find_held_lock+0x2b/0x80 [ 483.420241][T13769] __sys_sendmmsg+0x205/0x430 [ 483.420276][T13769] ? __pfx___sys_sendmmsg+0x10/0x10 [ 483.420320][T13769] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 483.420371][T13769] ? fput+0x79/0x100 [ 483.420407][T13769] ? ksys_write+0x1ac/0x250 [ 483.420435][T13769] ? __pfx_ksys_write+0x10/0x10 [ 483.420473][T13769] __x64_sys_sendmmsg+0x9c/0x100 [ 483.420501][T13769] ? lockdep_hardirqs_on+0x78/0x100 [ 483.420533][T13769] do_syscall_64+0x106/0xf80 [ 483.420563][T13769] ? clear_bhb_loop+0x40/0x90 [ 483.420601][T13769] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 483.420629][T13769] RIP: 0033:0x7ffbc2d9c819 [ 483.420654][T13769] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 483.420678][T13769] RSP: 002b:00007ffbc3c54028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 483.420704][T13769] RAX: ffffffffffffffda RBX: 00007ffbc3015fa0 RCX: 00007ffbc2d9c819 [ 483.420722][T13769] RDX: 0000000000000005 RSI: 0000200000000140 RDI: 0000000000000003 [ 483.420738][T13769] RBP: 00007ffbc3c54090 R08: 0000000000000000 R09: 0000000000000000 [ 483.420755][T13769] R10: 0000000000000311 R11: 0000000000000246 R12: 0000000000000001 [ 483.420771][T13769] R13: 00007ffbc3016038 R14: 00007ffbc3015fa0 R15: 00007ffe676948e8 [ 483.420811][T13769] [ 484.655556][T13789] netlink: 330 bytes leftover after parsing attributes in process `syz.0.1594'. [ 487.767887][T13862] netlink: 186 bytes leftover after parsing attributes in process `syz.2.1606'. [ 490.829264][ T30] audit: type=1800 audit(4294968364.473:19): pid=13919 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.1625" name="discovery_nqn" dev="configfs" ino=48089 res=0 errno=0 [ 493.402711][ T0] NOHZ tick-stop error: local softirq work is pending, handler #82!!! [ 493.468811][T13954] random: crng reseeded on system resumption [ 494.012629][T13964] openvswitch: netlink: IP tunnel attribute has 3 unknown bytes. [ 496.470247][T13995] cifs: Unknown parameter 'no+ 1`rsFn)aHāh`9kA}1\D@.ZCg^' [ 500.037423][T14070] openvswitch: netlink: IP tunnel attribute has 3 unknown bytes. [ 501.973603][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.986006][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 503.893437][T14171] program syz.2.1678 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 505.136871][T14184] netlink: 'syz.0.1681': attribute type 2 has an invalid length. [ 505.144946][T14184] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1681'. [ 505.873739][T14196] bridge0: port 3(veth0_to_bridge) entered blocking state [ 505.893684][T14196] bridge0: port 3(veth0_to_bridge) entered disabled state [ 505.908412][T14196] veth0_to_bridge: entered allmulticast mode [ 505.936401][T14196] veth0_to_bridge: entered promiscuous mode [ 505.965305][T14196] bridge0: adding interface veth0_to_bridge with same address as a received packet (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 505.989339][T14196] bridge0: port 3(veth0_to_bridge) entered blocking state [ 505.996687][T14196] bridge0: port 3(veth0_to_bridge) entered forwarding state [ 506.795158][T14217] netlink: 202 bytes leftover after parsing attributes in process `syz.4.1691'. [ 507.653505][T14241] ubi0: attaching mtd0 [ 507.692350][T14241] ubi0: scanning is finished [ 507.705537][T14241] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 507.832061][T14249] netlink: 186 bytes leftover after parsing attributes in process `syz.2.1699'. [ 507.845837][T14249] netlink: 186 bytes leftover after parsing attributes in process `syz.2.1699'. [ 507.874031][T14241] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 509.578838][T14284] Kernel: The 'panic_print' parameter is now deprecated. Please use 'panic_sys_info' and 'panic_console_replay' instead. [ 511.564813][ T30] audit: type=1326 audit(4294968385.203:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14325 comm="syz.2.1714" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7ffbc2d9c819 code=0x0 [ 512.172284][T14340] [U] 0="/ [ 512.182780][T14340] [U] [ 512.188982][T14340] [U] EeQ@ [ 512.385727][T14336] [U]  [ 513.080095][T14368] random: crng reseeded on system resumption [ 514.494586][T14416] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x18000 [ 514.529762][T14416] flags: 0xfff00000002000(reserved|node=0|zone=1|lastcpupid=0x7ff) [ 514.549117][T14416] raw: 00fff00000002000 ffffea0000600008 ffffea0000600008 0000000000000000 [ 514.572263][T14416] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 514.602322][T14416] page dumped because: unmovable page [ 514.614050][T14424] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1740'. [ 514.622280][T14416] page_owner info is not present (never set?) [ 514.631522][ T5174] ERROR: Out of memory at tomoyo_memory_ok. [ 516.903033][ T30] audit: type=1800 audit(4294968390.530:21): pid=14462 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.1750" name="features" dev="configfs" ino=51801 res=0 errno=0 [ 517.150675][T14475] netlink: 186 bytes leftover after parsing attributes in process `syz.0.1752'. [ 517.317245][T14475] netlink: 186 bytes leftover after parsing attributes in process `syz.0.1752'. [ 519.231549][ T30] audit: type=1800 audit(4294968392.859:22): pid=14488 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.1755" name="dbroot" dev="configfs" ino=52294 res=0 errno=0 [ 519.275737][T14488] random: crng reseeded on system resumption [ 520.543910][T14503] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1759'. [ 520.589449][T14503] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 520.953297][T14503] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 521.233156][T14515] bond0: option lp_interval: invalid value () [ 521.255786][T14515] bond0: option lp_interval: allowed values 1 - 2147483647 [ 522.678894][T14542] block2mtd: error: cannot open device /sys/module/block2mtd/parameters/block2mtd [ 522.979262][T14547] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1772'. [ 523.147330][T14550] netlink: 'syz.2.1773': attribute type 10 has an invalid length. [ 523.180814][T14550] netlink: 'syz.2.1773': attribute type 13 has an invalid length. [ 523.405156][T14557] FAULT_INJECTION: forcing a failure. [ 523.405156][T14557] name failslab, interval 1, probability 0, space 0, times 0 [ 523.437777][T14557] CPU: 0 UID: 0 PID: 14557 Comm: syz.2.1775 Tainted: G U L syzkaller #0 PREEMPT(full) [ 523.437824][T14557] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 523.437835][T14557] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 523.437850][T14557] Call Trace: [ 523.437859][T14557] [ 523.437869][T14557] dump_stack_lvl+0x100/0x190 [ 523.437916][T14557] should_fail_ex.cold+0x5/0xa [ 523.437957][T14557] should_failslab+0xc2/0x120 [ 523.437985][T14557] __kmalloc_cache_noprof+0x7a/0x6f0 [ 523.438018][T14557] ? alloc_pipe_info+0x10e/0x590 [ 523.438046][T14557] ? find_held_lock+0x2b/0x80 [ 523.438075][T14557] alloc_pipe_info+0x10e/0x590 [ 523.438107][T14557] splice_direct_to_actor+0x78f/0xa30 [ 523.438137][T14557] ? __lock_acquire+0x4a5/0x2630 [ 523.438166][T14557] ? __pfx_direct_splice_actor+0x10/0x10 [ 523.438195][T14557] ? __pfx_aa_file_perm+0x10/0x10 [ 523.438234][T14557] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 523.438274][T14557] do_splice_direct+0x174/0x240 [ 523.438305][T14557] ? __pfx_do_splice_direct+0x10/0x10 [ 523.438337][T14557] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 523.438386][T14557] ? bpf_lsm_file_permission+0x9/0x10 [ 523.438414][T14557] ? security_file_permission+0x76/0x210 [ 523.438453][T14557] ? rw_verify_area+0xce/0x6d0 [ 523.438499][T14557] do_sendfile+0xadc/0xe20 [ 523.438553][T14557] ? __pfx_do_sendfile+0x10/0x10 [ 523.438599][T14557] ? __fget_files+0x21f/0x3d0 [ 523.438639][T14557] __x64_sys_sendfile64+0x1d8/0x220 [ 523.438673][T14557] ? ksys_write+0x1ac/0x250 [ 523.438701][T14557] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 523.438749][T14557] do_syscall_64+0x106/0xf80 [ 523.438778][T14557] ? clear_bhb_loop+0x40/0x90 [ 523.438814][T14557] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 523.438844][T14557] RIP: 0033:0x7ffbc2d9c819 [ 523.438875][T14557] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 523.438902][T14557] RSP: 002b:00007ffbc3c33028 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 523.438959][T14557] RAX: ffffffffffffffda RBX: 00007ffbc3016090 RCX: 00007ffbc2d9c819 [ 523.438979][T14557] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003 [ 523.438995][T14557] RBP: 00007ffbc3c33090 R08: 0000000000000000 R09: 0000000000000000 [ 523.439012][T14557] R10: 0000400000000006 R11: 0000000000000246 R12: 0000000000000001 [ 523.439029][T14557] R13: 00007ffbc3016128 R14: 00007ffbc3016090 R15: 00007ffe676948e8 [ 523.439067][T14557] [ 523.898282][ T30] audit: type=1326 audit(4294968397.527:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14564 comm="syz.0.1777" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f7a22f9c819 code=0x0 [ 524.394542][T14583] openvswitch: netlink: Message has 20 unknown bytes. [ 524.475244][T14583] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1782'. [ 525.381736][T14598] [U] 0="/ [ 525.385345][T14598] [U] [ 525.417771][T14598] [U] EeQ@ [ 525.422870][T14597] [U]  [ 525.757293][T14613] FAULT_INJECTION: forcing a failure. [ 525.757293][T14613] name failslab, interval 1, probability 0, space 0, times 0 [ 525.877141][T14613] CPU: 1 UID: 0 PID: 14613 Comm: syz.2.1788 Tainted: G U L syzkaller #0 PREEMPT(full) [ 525.877208][T14613] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 525.877219][T14613] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 525.877236][T14613] Call Trace: [ 525.877246][T14613] [ 525.877256][T14613] dump_stack_lvl+0x100/0x190 [ 525.877305][T14613] should_fail_ex.cold+0x5/0xa [ 525.877340][T14613] ? alloc_pipe_info+0x1ec/0x590 [ 525.877370][T14613] should_failslab+0xc2/0x120 [ 525.877402][T14613] __kmalloc_noprof+0xe0/0x850 [ 525.877457][T14613] alloc_pipe_info+0x1ec/0x590 [ 525.877493][T14613] splice_direct_to_actor+0x78f/0xa30 [ 525.877527][T14613] ? __lock_acquire+0x4a5/0x2630 [ 525.877560][T14613] ? __pfx_direct_splice_actor+0x10/0x10 [ 525.877592][T14613] ? __pfx_aa_file_perm+0x10/0x10 [ 525.877636][T14613] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 525.877680][T14613] do_splice_direct+0x174/0x240 [ 525.877712][T14613] ? __pfx_do_splice_direct+0x10/0x10 [ 525.877749][T14613] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 525.877797][T14613] ? bpf_lsm_file_permission+0x9/0x10 [ 525.877825][T14613] ? security_file_permission+0x76/0x210 [ 525.877865][T14613] ? rw_verify_area+0xce/0x6d0 [ 525.877911][T14613] do_sendfile+0xadc/0xe20 [ 525.877975][T14613] ? __pfx_do_sendfile+0x10/0x10 [ 525.878022][T14613] ? __fget_files+0x21f/0x3d0 [ 525.878063][T14613] __x64_sys_sendfile64+0x1d8/0x220 [ 525.878096][T14613] ? ksys_write+0x1ac/0x250 [ 525.878123][T14613] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 525.878178][T14613] do_syscall_64+0x106/0xf80 [ 525.878208][T14613] ? clear_bhb_loop+0x40/0x90 [ 525.878244][T14613] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 525.878274][T14613] RIP: 0033:0x7ffbc2d9c819 [ 525.878299][T14613] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 525.878326][T14613] RSP: 002b:00007ffbc3c33028 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 525.878353][T14613] RAX: ffffffffffffffda RBX: 00007ffbc3016090 RCX: 00007ffbc2d9c819 [ 525.878372][T14613] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003 [ 525.878389][T14613] RBP: 00007ffbc3c33090 R08: 0000000000000000 R09: 0000000000000000 [ 525.878405][T14613] R10: 0000400000000006 R11: 0000000000000246 R12: 0000000000000001 [ 525.878423][T14613] R13: 00007ffbc3016128 R14: 00007ffbc3016090 R15: 00007ffe676948e8 [ 525.878462][T14613] [ 526.925013][T14625] Page cache invalidation failure on direct I/O. Possible data corruption due to collision with buffered I/O! [ 526.930901][T14636] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1794'. [ 526.961558][T14625] File: /dev/nullb0 PID: 14625 Comm: syz.2.1791 [ 526.989035][T14633] ubi31: attaching mtd0 [ 526.995613][T14633] ubi31: scanning is finished [ 527.056861][T14633] ubi31 error: ubi_read_volume_table: the layout volume was not found [ 528.007209][T14633] ubi31 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 528.782381][T14654] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 528.816150][T14654] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 528.839981][T14654] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 528.851258][T14654] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 529.348747][T10343] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 529.528977][T14680] bond0: option lp_interval: invalid value () [ 529.545592][T14680] bond0: option lp_interval: allowed values 1 - 2147483647 [ 530.049959][ T8270] Bluetooth: hci0: command 0x0c1a tx timeout [ 530.853665][ T8270] Bluetooth: hci2: command 0x0c1a tx timeout [ 530.861350][T10343] Bluetooth: hci1: command 0x0c1a tx timeout [ 530.933342][ T8270] Bluetooth: hci4: command 0x0c1a tx timeout [ 531.171401][T14719] raw_sendmsg: syz.0.1817 forgot to set AF_INET. Fix it! [ 531.588681][ T8270] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 532.277983][T14749] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1824'. [ 532.655068][T14753] vivid-007: ================= START STATUS ================= [ 532.676785][T14753] vivid-007: Generate PTS: true [ 532.684011][T14753] vivid-007: Generate SCR: true [ 532.699290][T14753] tpg source WxH: 320x240 (Y'CbCr) [ 532.705171][T14753] tpg field: 1 [ 532.708586][T14753] tpg crop: (0,0)/320x240 [ 532.721448][T14753] tpg compose: (0,0)/320x240 [ 532.726112][T14753] tpg colorspace: 8 [ 532.741138][T14753] tpg transfer function: 0/0 [ 532.748308][T14753] tpg Y'CbCr encoding: 0/0 [ 532.753240][T14753] tpg quantization: 0/0 [ 532.757532][T14753] tpg RGB range: 0/2 [ 532.762097][T14753] vivid-007: ================== END STATUS ================== [ 533.713277][T14765] random: crng reseeded on system resumption [ 534.065256][T14767] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1828'. [ 534.718372][T14783] netlink: 'syz.2.1833': attribute type 1 has an invalid length. [ 534.762292][T14783] netlink: 9 bytes leftover after parsing attributes in process `syz.2.1833'. [ 535.300667][T14796] random: crng reseeded on system resumption [ 537.665339][T14802] program syz.2.1838 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 538.717875][T14848] ERROR: Out of memory at tomoyo_memory_ok. [ 538.734674][T14848] ERROR: Domain ' /sbin/init /etc/init.d/rcS /etc/init.d/S50sshd /sbin/start-stop-daemon /usr/sbin/sshd /usr/libexec/sshd-session /bin/sh /root/syz-executor /root/syz-executor /newroot/454/:,' not defined. [ 539.374732][T14873] futex_wake_op: syz.0.1855 tries to shift op by -2048; fix this program [ 539.435477][T14869] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1855'. [ 539.464690][T14873] futex_wake_op: syz.0.1855 tries to shift op by -2048; fix this program [ 542.406291][T14915] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 543.843819][T14930] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1869'. [ 544.007753][T14934] netlink: 334 bytes leftover after parsing attributes in process `syz.4.1871'. [ 544.187549][T14933] random: crng reseeded on system resumption [ 544.234905][ T30] audit: type=1804 audit(4294968417.846:24): pid=14937 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.1870" name="/newroot/sys/kernel/tracing/set_event" dev="tracefs" ino=41 res=1 errno=0 [ 545.732697][T14960] random: crng reseeded on system resumption [ 549.429703][T15009] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1886'. [ 550.627196][T15021] random: crng reseeded on system resumption [ 550.666387][T14996] program syz.4.1882 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 550.691674][ T30] audit: type=1804 audit(4294968424.313:25): pid=15021 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.1889" name="/newroot/sys/kernel/tracing/set_event" dev="tracefs" ino=41 res=1 errno=0 [ 552.383862][T15052] can: request_module (can-proto-0) failed. [ 552.486062][T15059] random: crng reseeded on system resumption [ 553.272473][T15074] openvswitch: netlink: Multiple metadata blocks provided [ 553.439681][T15076] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1904'. [ 557.890279][T15144] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1917'. [ 559.904675][T15175] random: crng reseeded on system resumption [ 560.667446][T15196] random: crng reseeded on system resumption [ 562.692273][T15223] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input29 [ 562.711831][T15226] random: crng reseeded on system resumption [ 562.953005][T15229] overlayfs: "check_copy_up" module option is obsolete [ 563.434075][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 563.440520][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 563.855560][T15243] random: crng reseeded on system resumption [ 563.894972][T15242] netlink: 342 bytes leftover after parsing attributes in process `syz.0.1939'. [ 564.882238][T15262] random: crng reseeded on system resumption [ 566.441338][T15289] random: crng reseeded on system resumption [ 568.550631][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 568.563343][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 568.575946][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 568.588517][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 568.601033][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 568.613386][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 568.625977][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 568.638375][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 568.650936][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 568.663252][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 573.561775][ C0] net_ratelimit: 20640 callbacks suppressed [ 573.561795][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 573.580165][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 573.592534][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 573.604833][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 573.617108][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 573.629579][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 573.641946][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 573.654311][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 573.666566][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 573.679226][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 578.574287][ C0] net_ratelimit: 20770 callbacks suppressed [ 578.574307][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 578.592698][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 578.604978][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 578.617261][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 578.629566][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 578.641899][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 578.654375][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 578.666661][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 578.678908][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 578.691225][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 583.096404][ C0] sched: DL replenish lagged too much [ 583.587213][ C0] net_ratelimit: 6289 callbacks suppressed [ 583.587234][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 583.606135][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 583.619063][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 583.632119][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 583.645183][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 583.658282][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 583.671223][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 583.684081][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 583.696979][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 583.709811][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 588.599566][ C0] net_ratelimit: 5953 callbacks suppressed [ 588.599586][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 588.618397][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 588.631329][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 588.644195][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 588.657137][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 588.669972][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 588.682963][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 588.695891][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 588.708867][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 588.721754][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 593.611813][ C0] net_ratelimit: 6082 callbacks suppressed [ 593.611834][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 593.630563][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 593.643414][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 593.656242][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 593.669078][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 593.681992][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 593.694899][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 593.707706][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 593.720560][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 593.733411][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 598.624628][ C0] net_ratelimit: 6096 callbacks suppressed [ 598.624648][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 598.643684][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 598.656856][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 598.669777][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 598.682790][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 598.695700][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 598.708573][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 598.721522][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 598.734754][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 598.748298][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 603.637363][ C0] net_ratelimit: 5949 callbacks suppressed [ 603.637382][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 603.656066][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 603.669033][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 603.682022][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 603.694892][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 603.707916][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 603.720706][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 603.733791][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 603.746876][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 603.759777][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 608.649279][ C0] net_ratelimit: 5936 callbacks suppressed [ 608.649300][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 608.668172][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 608.681213][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 608.694187][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 608.707258][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 608.720344][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 608.733356][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 608.746458][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 608.759538][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 608.772872][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 613.661693][ C0] net_ratelimit: 6130 callbacks suppressed [ 613.661713][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 613.680493][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 613.693324][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 613.706303][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 613.719130][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 613.732054][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 613.744881][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 613.757748][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 613.770579][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 613.784686][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 618.674553][ C0] net_ratelimit: 6000 callbacks suppressed [ 618.674573][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 618.693411][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 618.706227][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 618.719258][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 618.732332][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 618.745142][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 618.757959][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 618.770750][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 618.783527][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 618.796385][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 623.686915][ C0] net_ratelimit: 6009 callbacks suppressed [ 623.686935][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 623.705844][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 623.719057][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 623.732083][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 623.745017][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 623.757937][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 623.770861][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 623.783792][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 623.797012][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 623.809850][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 628.699357][ C0] net_ratelimit: 5974 callbacks suppressed [ 628.699377][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 628.718554][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 628.731403][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 628.744287][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 628.757197][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 628.770012][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 628.782991][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 628.796105][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 628.808998][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 628.821911][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 633.711770][ C0] net_ratelimit: 6002 callbacks suppressed [ 633.711792][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 633.731008][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 633.743925][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 633.756827][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 633.770075][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 633.782960][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 633.795917][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 633.808843][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 633.821865][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 633.834718][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 638.724391][ C0] net_ratelimit: 9978 callbacks suppressed [ 638.724412][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 638.742661][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 638.755583][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 638.767827][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 638.780115][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 638.794320][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 638.806653][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 638.818934][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 638.831893][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 638.844107][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 643.736740][ C0] net_ratelimit: 11533 callbacks suppressed [ 643.736761][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 643.754943][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 643.767377][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 643.780142][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 643.792326][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 643.804685][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 643.817494][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 643.829681][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 643.842026][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 643.854772][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 648.749211][ C0] net_ratelimit: 11733 callbacks suppressed [ 648.749232][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 648.767480][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 648.780496][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 648.793655][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 648.805960][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 648.818976][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 648.831367][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 648.844160][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 648.857165][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 648.869528][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 653.761727][ C0] net_ratelimit: 11209 callbacks suppressed [ 653.761748][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 653.779911][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 653.792189][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 653.805431][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 653.817627][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 653.830320][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 653.843172][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 653.855523][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 653.868018][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 653.880809][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 658.774215][ C0] net_ratelimit: 12656 callbacks suppressed [ 658.774237][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 658.792647][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 658.805139][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 658.817956][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 658.830765][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 658.843074][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 658.855400][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 658.868046][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 658.880550][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 658.892785][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 663.786673][ C0] net_ratelimit: 12802 callbacks suppressed [ 663.786700][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 663.804836][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 663.817088][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 663.829607][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 663.842068][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 663.854280][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 663.866516][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 663.879003][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 663.891407][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 663.903584][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 668.799227][ C0] net_ratelimit: 13043 callbacks suppressed [ 668.799246][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 668.817608][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 668.830190][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 668.842826][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 668.855092][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 668.867614][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 668.880267][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 668.892830][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 668.905291][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 668.917991][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 673.651601][ C1] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: [ 673.658699][ C1] rcu: Tasks blocked on level-0 rcu_node (CPUs 0-1): P15304/1:b..l P15162/1:b..l P15156/1:b..l P15323/1:b..l [ 673.670979][ C1] rcu: (detected by 1, t=10502 jiffies, g=91425, q=1422 ncpus=2) [ 673.678822][ C1] task:syz.2.1958 state:R running task stack:26984 pid:15323 tgid:15321 ppid:5829 task_flags:0x20400140 flags:0x00080000 [ 673.693777][ C1] Call Trace: [ 673.697108][ C1] [ 673.700078][ C1] __schedule+0xfee/0x6120 [ 673.704577][ C1] ? __pfx___schedule+0x10/0x10 [ 673.709482][ C1] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 673.714915][ C1] ? rcu_is_watching+0x12/0xc0 [ 673.719738][ C1] preempt_schedule_irq+0x50/0x90 [ 673.724796][ C1] irqentry_exit+0x17b/0x670 [ 673.729428][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 673.735448][ C1] RIP: 0010:write_comp_data+0x10/0x90 [ 673.740873][ C1] Code: 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 65 8b 05 39 be 05 12 49 89 f8 49 89 f1 49 89 d2 <65> 48 8b 3d 10 be 05 12 a9 00 01 ff 00 74 1b f6 c4 01 74 07 a9 00 [ 673.760520][ C1] RSP: 0000:ffffc90007756e20 EFLAGS: 00000206 [ 673.766633][ C1] RAX: 0000000080000000 RBX: ffff88802828b780 RCX: ffffffff84d3b6a8 [ 673.774638][ C1] RDX: 0000000000000800 RSI: 0000000000000000 RDI: 0000000000000005 [ 673.782735][ C1] RBP: 0000000000000900 R08: 0000000000000005 R09: 0000000000000000 [ 673.790749][ C1] R10: 0000000000000800 R11: 0000000000000000 R12: ffff88802828b79c [ 673.798755][ C1] R13: 000000845bd5fc31 R14: 0000000000000800 R15: ffffc90007757230 [ 673.806765][ C1] ? __blk_mq_end_request_acct+0x58/0x450 [ 673.812142][ C0] net_ratelimit: 12470 callbacks suppressed [ 673.812164][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 673.812536][ C1] __blk_mq_end_request_acct+0x58/0x450 [ 673.818957][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 673.830439][ C1] blk_mq_end_request+0x2fb/0x420 [ 673.830486][ C1] blk_mq_complete_request+0x8b/0xb0 [ 673.837038][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 673.848070][ C1] null_queue_rq+0xb48/0xfb0 [ 673.848113][ C1] null_queue_rqs+0xe9/0x2f0 [ 673.854092][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 673.858413][ C1] ? __pfx_null_queue_rqs+0x10/0x10 [ 673.871007][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 673.875152][ C1] __blk_mq_flush_list+0x9a/0xc0 [ 673.880298][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 673.891748][ C1] blk_mq_dispatch_queue_requests+0x184/0x7c0 [ 673.891809][ C1] blk_mq_flush_plug_list+0x1f2/0x600 [ 673.891847][ C1] ? trace_block_plug+0x6e/0x240 [ 673.898169][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 673.909101][ C1] ? blk_add_rq_to_plug+0x30a/0x540 [ 673.909153][ C1] ? __pfx_wbt_track+0x10/0x10 [ 673.915296][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 673.926091][ C1] ? __pfx_blk_mq_flush_plug_list+0x10/0x10 [ 673.926139][ C1] ? blk_mq_submit_bio+0x9aa/0x2bf0 [ 673.932886][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 673.937720][ C1] __blk_flush_plug+0x2c4/0x4b0 [ 673.943115][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 673.954629][ C1] ? __pfx___blk_flush_plug+0x10/0x10 [ 674.022061][ C1] ? __lock_acquire+0x4a5/0x2630 [ 674.027116][ C1] __submit_bio+0x584/0x6c0 [ 674.031676][ C1] ? __pfx___submit_bio+0x10/0x10 [ 674.036768][ C1] ? submit_bio_noacct_nocheck+0x562/0xc10 [ 674.042720][ C1] submit_bio_noacct_nocheck+0x562/0xc10 [ 674.048404][ C1] ? __pfx_submit_bio_noacct_nocheck+0x10/0x10 [ 674.054697][ C1] ? __pfx___might_resched+0x10/0x10 [ 674.060050][ C1] submit_bio_noacct+0xd17/0x2010 [ 674.065223][ C1] submit_bio_wait+0x110/0x250 [ 674.070056][ C1] ? __pfx_submit_bio_wait+0x10/0x10 [ 674.075388][ C1] ? ocfs2_map_and_dirty_folio+0x6f0/0x8f0 [ 674.081255][ C1] __blkdev_direct_IO_simple+0x49c/0x890 [ 674.087042][ C1] ? __pfx___blkdev_direct_IO_simple+0x10/0x10 [ 674.093267][ C1] ? __pfx_submit_bio_wait_endio+0x10/0x10 [ 674.099416][ C1] blkdev_direct_IO+0xc76/0x1fb0 [ 674.104431][ C1] ? __pfx_blkdev_direct_IO+0x10/0x10 [ 674.109870][ C1] ? filemap_check_errors+0xa9/0x150 [ 674.115210][ C1] blkdev_write_iter+0x703/0xd70 [ 674.120225][ C1] iter_file_splice_write+0x830/0x10a0 [ 674.125745][ C1] ? copy_splice_read+0x739/0xb90 [ 674.130814][ C1] ? __pfx_iter_file_splice_write+0x10/0x10 [ 674.136755][ C1] ? __pfx_copy_splice_read+0x10/0x10 [ 674.142175][ C1] ? look_up_lock_class+0x64/0x120 [ 674.147340][ C1] ? __pfx_pipe_lock_cmp_fn+0x10/0x10 [ 674.152759][ C1] ? __pfx_iter_file_splice_write+0x10/0x10 [ 674.158784][ C1] direct_splice_actor+0x192/0x6c0 [ 674.163941][ C1] splice_direct_to_actor+0x345/0xa30 [ 674.169389][ C1] ? __pfx_direct_splice_actor+0x10/0x10 [ 674.175067][ C1] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 674.181022][ C1] do_splice_direct+0x174/0x240 [ 674.185923][ C1] ? __pfx_do_splice_direct+0x10/0x10 [ 674.191337][ C1] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 674.197285][ C1] ? bpf_lsm_file_permission+0x9/0x10 [ 674.202695][ C1] ? security_file_permission+0x76/0x210 [ 674.208374][ C1] ? rw_verify_area+0xce/0x6d0 [ 674.213193][ C1] do_sendfile+0xadc/0xe20 [ 674.217684][ C1] ? __pfx_do_sendfile+0x10/0x10 [ 674.222682][ C1] ? __x64_sys_futex+0x34f/0x4d0 [ 674.227660][ C1] ? __x64_sys_futex+0x358/0x4d0 [ 674.232646][ C1] __x64_sys_sendfile64+0x1d8/0x220 [ 674.237887][ C1] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 674.243661][ C1] do_syscall_64+0x106/0xf80 [ 674.248287][ C1] ? clear_bhb_loop+0x40/0x90 [ 674.253028][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 674.258982][ C1] RIP: 0033:0x7ffbc2d9c819 [ 674.263453][ C1] RSP: 002b:00007ffbc3c33028 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 674.271903][ C1] RAX: ffffffffffffffda RBX: 00007ffbc3016090 RCX: 00007ffbc2d9c819 [ 674.279914][ C1] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003 [ 674.287944][ C1] RBP: 00007ffbc2e32c91 R08: 0000000000000000 R09: 0000000000000000 [ 674.295961][ C1] R10: 0000400000000006 R11: 0000000000000246 R12: 0000000000000000 [ 674.303972][ C1] R13: 00007ffbc3016128 R14: 00007ffbc3016090 R15: 00007ffe676948e8 [ 674.312010][ C1] [ 674.315060][ C1] task:syz.4.1919 state:R running task stack:23840 pid:15156 tgid:15156 ppid:11280 task_flags:0x40064c flags:0x00080001 [ 674.328870][ C1] Call Trace: [ 674.332190][ C1] [ 674.335242][ C1] __schedule+0xfee/0x6120 [ 674.339722][ C1] ? find_held_lock+0x2b/0x80 [ 674.344629][ C1] ? __pfx___schedule+0x10/0x10 [ 674.349550][ C1] ? preempt_schedule_notrace_thunk+0x16/0x30 [ 674.355775][ C1] preempt_schedule_notrace+0x5f/0xd0 [ 674.361189][ C1] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 674.367476][ C1] preempt_schedule_notrace_thunk+0x16/0x30 [ 674.373427][ C1] rcu_is_watching+0x8e/0xc0 [ 674.378079][ C1] unwind_next_frame+0x6fa/0x1ea0 [ 674.383148][ C1] ? folios_put_refs+0x53c/0x840 [ 674.388141][ C1] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 674.394353][ C1] arch_stack_walk+0x94/0xf0 [ 674.398990][ C1] ? folios_put_refs+0x53c/0x840 [ 674.404001][ C1] stack_trace_save+0x8e/0xc0 [ 674.408725][ C1] ? __pfx_stack_trace_save+0x10/0x10 [ 674.414198][ C1] ? __lock_acquire+0x4a5/0x2630 [ 674.419184][ C1] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 674.425049][ C1] ? lockdep_hardirqs_on+0x78/0x100 [ 674.430383][ C1] save_stack+0x162/0x1e0 [ 674.434754][ C1] ? __pfx_save_stack+0x10/0x10 [ 674.439627][ C1] ? free_unref_folios+0xaea/0x1790 [ 674.453390][ C1] ? folios_put_refs+0x53c/0x840 [ 674.458938][ C1] ? page_ext_put+0x3e/0xd0 [ 674.463496][ C1] __reset_page_owner+0x84/0x190 [ 674.468479][ C1] free_unref_folios+0xaea/0x1790 [ 674.473562][ C1] ? rcu_is_watching+0x12/0xc0 [ 674.478383][ C1] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 674.484246][ C1] folios_put_refs+0x53c/0x840 [ 674.489072][ C1] ? __pfx_folios_put_refs+0x10/0x10 [ 674.494413][ C1] ? folio_batch_remove_exceptionals+0x115/0x1a0 [ 674.500789][ C1] shmem_undo_range+0x5e5/0x1570 [ 674.505854][ C1] ? __pfx_shmem_undo_range+0x10/0x10 [ 674.511327][ C1] ? __lock_acquire+0x4a5/0x2630 [ 674.516437][ C1] shmem_evict_inode+0x39e/0xbd0 [ 674.521509][ C1] ? inode_wait_for_writeback+0x171/0x390 [ 674.527462][ C1] ? __pfx_shmem_evict_inode+0x10/0x10 [ 674.532963][ C1] ? __pfx_inode_wait_for_writeback+0x10/0x10 [ 674.539087][ C1] ? find_held_lock+0x2b/0x80 [ 674.543804][ C1] ? evict+0x37e/0xad0 [ 674.547924][ C1] ? evict+0x37e/0xad0 [ 674.552037][ C1] ? __pfx_shmem_evict_inode+0x10/0x10 [ 674.557537][ C1] evict+0x3c2/0xad0 [ 674.561481][ C1] ? find_held_lock+0x2b/0x80 [ 674.566196][ C1] ? __pfx_evict+0x10/0x10 [ 674.570664][ C1] ? iput.part.0+0x5fd/0xf50 [ 674.575400][ C1] iput.part.0+0x605/0xf50 [ 674.580036][ C1] ? __pfx_inode_just_drop+0x10/0x10 [ 674.585376][ C1] iput+0x35/0x40 [ 674.589055][ C1] dentry_unlink_inode+0x2a1/0x490 [ 674.594210][ C1] __dentry_kill+0x1d0/0x600 [ 674.598846][ C1] finish_dput+0x76/0x480 [ 674.603231][ C1] dput.part.0+0x456/0x570 [ 674.607693][ C1] dput+0x1f/0x30 [ 674.611373][ C1] __fput+0x519/0xb40 [ 674.615408][ C1] task_work_run+0x150/0x240 [ 674.620154][ C1] ? __pfx_task_work_run+0x10/0x10 [ 674.625326][ C1] do_exit+0x8b8/0x2b60 [ 674.629533][ C1] ? __pfx_do_exit+0x10/0x10 [ 674.634240][ C1] ? __pfx_proc_coredump_connector+0x10/0x10 [ 674.640452][ C1] do_group_exit+0xd5/0x2a0 [ 674.645003][ C1] get_signal+0x1ec7/0x21e0 [ 674.649564][ C1] ? __pfx_get_signal+0x10/0x10 [ 674.654547][ C1] arch_do_signal_or_restart+0x91/0x770 [ 674.660151][ C1] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 674.666362][ C1] ? do_user_addr_fault+0x8d6/0x12f0 [ 674.671698][ C1] irqentry_exit+0x1f8/0x670 [ 674.676331][ C1] asm_exc_page_fault+0x26/0x30 [ 674.681221][ C1] RIP: 0033:0x21000 [ 674.685150][ C1] RSP: 002b:000000000000000f EFLAGS: 00010257 [ 674.691249][ C1] RAX: 0000000000000003 RBX: 00007f2605015fa0 RCX: 00007f2604d9c819 [ 674.699254][ C1] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000020003b46 [ 674.707255][ C1] RBP: 00007f2604e32c91 R08: 0000000000000002 R09: 0000000000000000 [ 674.715259][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 674.723379][ C1] R13: 00007f2605016038 R14: 00007f2605015fa0 R15: 00007ffc8441a5a8 [ 674.731408][ C1] [ 674.734463][ C1] task:syz.4.1919 state:R running task stack:23688 pid:15162 tgid:15162 ppid:11280 task_flags:0x40064c flags:0x00080001 [ 674.748100][ C1] Call Trace: [ 674.751403][ C1] [ 674.754455][ C1] __schedule+0xfee/0x6120 [ 674.758931][ C1] ? __lock_acquire+0x4a5/0x2630 [ 674.763931][ C1] ? __pfx___schedule+0x10/0x10 [ 674.768835][ C1] ? rcu_is_watching+0x12/0xc0 [ 674.773664][ C1] preempt_schedule_irq+0x50/0x90 [ 674.778743][ C1] irqentry_exit+0x17b/0x670 [ 674.783379][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 674.789407][ C1] RIP: 0010:lock_acquire+0x5e/0x380 [ 674.794650][ C1] Code: 05 3b 8d 29 12 83 f8 07 0f 87 f0 00 00 00 48 0f a3 05 06 89 f5 0e 0f 82 c2 02 00 00 8b 35 ce bc f5 0e 85 f6 0f 85 dd 00 00 00 <48> 8b 44 24 30 65 48 2b 05 dd 8c 29 12 0f 85 02 03 00 00 48 83 c4 [ 674.814333][ C1] RSP: 0018:ffffc9000e356e78 EFLAGS: 00000206 [ 674.820454][ C1] RAX: 0000000000000046 RBX: 0000000000000000 RCX: 0000000000000000 [ 674.828460][ C1] RDX: 0000000000000000 RSI: ffffffff8de5cea9 RDI: ffffffff8c1b1da0 [ 674.836639][ C1] RBP: ffffffff8e7e7760 R08: 0000000086db7919 R09: 0000000000000007 [ 674.844642][ C1] R10: 0000000000000200 R11: 0000000000000000 R12: 0000000000000002 [ 674.853006][ C1] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 674.861047][ C1] unwind_next_frame+0xd1/0x1ea0 [ 674.866028][ C1] ? unwind_next_frame+0xbd/0x1ea0 [ 674.871197][ C1] ? __unwind_start+0x2fb/0x7f0 [ 674.876170][ C1] ? get_stack_info_noinstr+0x18/0x130 [ 674.881683][ C1] __unwind_start+0x3d1/0x7f0 [ 674.886404][ C1] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 674.892603][ C1] arch_stack_walk+0x73/0xf0 [ 674.897239][ C1] ? __unwind_start+0x2fb/0x7f0 [ 674.902132][ C1] stack_trace_save+0x8e/0xc0 [ 674.906845][ C1] ? __pfx_stack_trace_save+0x10/0x10 [ 674.912357][ C1] ? __lock_acquire+0x4a5/0x2630 [ 674.917337][ C1] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 674.923195][ C1] ? lockdep_hardirqs_on+0x78/0x100 [ 674.928432][ C1] save_stack+0x162/0x1e0 [ 674.932808][ C1] ? __pfx_save_stack+0x10/0x10 [ 674.937715][ C1] ? page_ext_put+0x3e/0xd0 [ 674.942263][ C1] __reset_page_owner+0x84/0x190 [ 674.947246][ C1] free_unref_folios+0xaea/0x1790 [ 674.952335][ C1] ? rcu_is_watching+0x12/0xc0 [ 674.957152][ C1] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 674.963013][ C1] folios_put_refs+0x53c/0x840 [ 674.967845][ C1] ? __pfx_folios_put_refs+0x10/0x10 [ 674.973197][ C1] ? folio_batch_remove_exceptionals+0x115/0x1a0 [ 674.979580][ C1] shmem_undo_range+0x5e5/0x1570 [ 674.984772][ C1] ? __pfx_shmem_undo_range+0x10/0x10 [ 674.990374][ C1] shmem_evict_inode+0x39e/0xbd0 [ 674.995358][ C1] ? inode_wait_for_writeback+0x171/0x390 [ 675.001132][ C1] ? __pfx_shmem_evict_inode+0x10/0x10 [ 675.006637][ C1] ? __pfx_inode_wait_for_writeback+0x10/0x10 [ 675.012874][ C1] ? find_held_lock+0x2b/0x80 [ 675.017593][ C1] ? evict+0x37e/0xad0 [ 675.021704][ C1] ? evict+0x37e/0xad0 [ 675.025824][ C1] ? __pfx_shmem_evict_inode+0x10/0x10 [ 675.031336][ C1] evict+0x3c2/0xad0 [ 675.035283][ C1] ? find_held_lock+0x2b/0x80 [ 675.040011][ C1] ? __pfx_evict+0x10/0x10 [ 675.044489][ C1] ? iput.part.0+0x5fd/0xf50 [ 675.049243][ C1] iput.part.0+0x605/0xf50 [ 675.053734][ C1] ? __pfx_inode_just_drop+0x10/0x10 [ 675.059195][ C1] iput+0x35/0x40 [ 675.062884][ C1] dentry_unlink_inode+0x2a1/0x490 [ 675.068047][ C1] __dentry_kill+0x1d0/0x600 [ 675.072688][ C1] finish_dput+0x76/0x480 [ 675.077073][ C1] dput.part.0+0x456/0x570 [ 675.081541][ C1] dput+0x1f/0x30 [ 675.085219][ C1] __fput+0x519/0xb40 [ 675.089257][ C1] task_work_run+0x150/0x240 [ 675.093900][ C1] ? __pfx_task_work_run+0x10/0x10 [ 675.099072][ C1] do_exit+0x8b8/0x2b60 [ 675.103286][ C1] ? __pfx_do_exit+0x10/0x10 [ 675.108004][ C1] ? __pfx_proc_coredump_connector+0x10/0x10 [ 675.114043][ C1] do_group_exit+0xd5/0x2a0 [ 675.118958][ C1] get_signal+0x1ec7/0x21e0 [ 675.123512][ C1] ? __pfx_get_signal+0x10/0x10 [ 675.128396][ C1] ? __pfx_force_sig_fault+0x10/0x10 [ 675.133816][ C1] arch_do_signal_or_restart+0x91/0x770 [ 675.139410][ C1] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 675.145666][ C1] ? do_user_addr_fault+0x8d6/0x12f0 [ 675.151002][ C1] irqentry_exit+0x1f8/0x670 [ 675.155636][ C1] asm_exc_page_fault+0x26/0x30 [ 675.160612][ C1] RIP: 0033:0x20fff [ 675.164456][ C1] RSP: 002b:000000000000000f EFLAGS: 00010206 [ 675.170565][ C1] RAX: 0000000000000000 RBX: 00007f2605015fa0 RCX: 00007f2604d9c819 [ 675.178578][ C1] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000020003b46 [ 675.186670][ C1] RBP: 00007f2604e32c91 R08: 0000000000000002 R09: 0000000000000000 [ 675.194676][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 675.202677][ C1] R13: 00007f2605016038 R14: 00007f2605015fa0 R15: 00007ffc8441a5a8 [ 675.210701][ C1] [ 675.213760][ C1] task:syz.0.1952 state:R running task stack:23512 pid:15304 tgid:15304 ppid:5836 task_flags:0x400640 flags:0x00080000 [ 675.227407][ C1] Call Trace: [ 675.230711][ C1] [ 675.233681][ C1] __schedule+0xfee/0x6120 [ 675.238170][ C1] ? __lock_acquire+0x4a5/0x2630 [ 675.243164][ C1] ? __pfx___schedule+0x10/0x10 [ 675.248071][ C1] ? mark_held_locks+0x40/0x70 [ 675.252989][ C1] preempt_schedule_irq+0x50/0x90 [ 675.258052][ C1] irqentry_exit+0x17b/0x670 [ 675.262684][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 675.268806][ C1] RIP: 0010:__rcu_read_unlock+0x32/0x5e0 [ 675.274490][ C1] Code: 41 55 41 54 55 53 65 48 8b 1d 72 23 20 12 48 8d bb c4 04 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 0f b6 14 02 <48> 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 0a 02 00 00 83 [ 675.294135][ C1] RSP: 0000:ffffc900077c60a8 EFLAGS: 00000a03 [ 675.300241][ C1] RAX: dffffc0000000000 RBX: ffff88802928db80 RCX: ffffc900077c60a4 [ 675.308252][ C1] RDX: 0000000000000000 RSI: ffffffff8de5cea9 RDI: ffff88802928e044 [ 675.316255][ C1] RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000007 [ 675.324261][ C1] R10: 0000000000000200 R11: 0000000000015862 R12: ffffc900077c61a0 [ 675.332263][ C1] R13: ffffc900077c6150 R14: ffffc900077c6cf0 R15: ffffc900077c6184 [ 675.340300][ C1] unwind_next_frame+0x3c8/0x1ea0 [ 675.345378][ C1] ? do_fault+0xabb/0x18e0 [ 675.349846][ C1] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 675.356042][ C1] arch_stack_walk+0x94/0xf0 [ 675.360772][ C1] ? __handle_mm_fault+0x1815/0x2b60 [ 675.366108][ C1] stack_trace_save+0x8e/0xc0 [ 675.370822][ C1] ? __pfx_stack_trace_save+0x10/0x10 [ 675.376234][ C1] ? __lock_acquire+0x4a5/0x2630 [ 675.381233][ C1] save_stack+0x162/0x1e0 [ 675.385601][ C1] ? __pfx_save_stack+0x10/0x10 [ 675.390486][ C1] ? post_alloc_hook+0x153/0x170 [ 675.395464][ C1] ? get_page_from_freelist+0x111d/0x3140 [ 675.401240][ C1] ? __alloc_frozen_pages_noprof+0x27c/0x2ba0 [ 675.407364][ C1] ? alloc_pages_mpol+0x1fb/0x550 [ 675.412433][ C1] ? folio_alloc_mpol_noprof+0x36/0x340 [ 675.418084][ C1] ? shmem_alloc_folio+0x135/0x160 [ 675.423259][ C1] ? shmem_alloc_and_add_folio+0x371/0xd40 [ 675.429230][ C1] ? shmem_get_folio_gfp+0x6ab/0x1900 [ 675.434742][ C1] ? shmem_fault+0x1f9/0xa20 [ 675.439384][ C1] ? __do_fault+0x10d/0x550 [ 675.444008][ C1] ? do_fault+0xabb/0x18e0 [ 675.448473][ C1] ? __lock_acquire+0x4a5/0x2630 [ 675.453564][ C1] __set_page_owner+0x8c/0x540 [ 675.458402][ C1] ? __pfx___set_page_owner+0x10/0x10 [ 675.463837][ C1] ? bad_range+0x261/0x400 [ 675.468319][ C1] ? lockdep_hardirqs_on+0x78/0x100 [ 675.473581][ C1] post_alloc_hook+0x153/0x170 [ 675.478423][ C1] get_page_from_freelist+0x111d/0x3140 [ 675.484040][ C1] ? __pfx___might_resched+0x10/0x10 [ 675.489379][ C1] ? prepare_alloc_pages+0x16d/0x5f0 [ 675.494724][ C1] __alloc_frozen_pages_noprof+0x27c/0x2ba0 [ 675.500718][ C1] ? find_held_lock+0x2b/0x80 [ 675.505523][ C1] ? __page_table_check_zero+0x333/0x410 [ 675.511202][ C1] ? __page_table_check_zero+0x333/0x410 [ 675.516965][ C1] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 675.523461][ C1] ? post_alloc_hook+0x140/0x170 [ 675.528468][ C1] ? __pfx___might_resched+0x10/0x10 [ 675.533938][ C1] ? prepare_alloc_pages+0x16d/0x5f0 [ 675.539295][ C1] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 675.545240][ C1] ? policy_nodemask+0xed/0x4f0 [ 675.550144][ C1] alloc_pages_mpol+0x1fb/0x550 [ 675.555044][ C1] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 675.560455][ C1] ? __alloc_frozen_pages_noprof+0x2b1/0x2ba0 [ 675.566583][ C1] ? __folio_batch_add_and_move+0x5e5/0xc60 [ 675.572562][ C1] folio_alloc_mpol_noprof+0x36/0x340 [ 675.578011][ C1] shmem_alloc_folio+0x135/0x160 [ 675.583020][ C1] shmem_alloc_and_add_folio+0x371/0xd40 [ 675.588726][ C1] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 675.594955][ C1] ? shmem_allowable_huge_orders+0x2bd/0x400 [ 675.600993][ C1] shmem_get_folio_gfp+0x6ab/0x1900 [ 675.606251][ C1] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 675.611940][ C1] ? filemap_map_pages+0xe69/0x2020 [ 675.617193][ C1] shmem_fault+0x1f9/0xa20 [ 675.621663][ C1] ? __lock_acquire+0x4a5/0x2630 [ 675.626660][ C1] ? __pfx_shmem_fault+0x10/0x10 [ 675.631668][ C1] ? __pfx_filemap_map_pages+0x10/0x10 [ 675.637292][ C1] __do_fault+0x10d/0x550 [ 675.641688][ C1] do_fault+0xabb/0x18e0 [ 675.645989][ C1] __handle_mm_fault+0x1815/0x2b60 [ 675.651165][ C1] ? __pfx___handle_mm_fault+0x10/0x10 [ 675.656777][ C1] ? pte_offset_map_lock+0x174/0x320 [ 675.662118][ C1] ? find_held_lock+0x2b/0x80 [ 675.666931][ C1] ? follow_page_pte+0x5b3/0x1400 [ 675.672006][ C1] handle_mm_fault+0x36d/0xa20 [ 675.676830][ C1] __get_user_pages+0xf9c/0x34d0 [ 675.681828][ C1] ? __pfx___get_user_pages+0x10/0x10 [ 675.687253][ C1] get_dump_page+0x27e/0x3d0 [ 675.691889][ C1] ? __pfx_get_dump_page+0x10/0x10 [ 675.697139][ C1] ? dump_user_range+0x73b/0xb50 [ 675.702130][ C1] dump_user_range+0x18d/0xb50 [ 675.706944][ C1] ? __pfx_dump_user_range+0x10/0x10 [ 675.712290][ C1] ? __pfx_writenote+0x10/0x10 [ 675.717116][ C1] elf_core_dump+0x2d5f/0x3d10 [ 675.721946][ C1] ? __pfx_elf_core_dump+0x10/0x10 [ 675.727188][ C1] ? kasan_save_stack+0x3f/0x50 [ 675.732070][ C1] ? kasan_save_stack+0x30/0x50 [ 675.736966][ C1] ? __kasan_kmalloc+0xaa/0xb0 [ 675.741767][ C1] ? __kvmalloc_node_noprof+0x360/0xa00 [ 675.747346][ C1] ? vfs_coredump+0x2105/0x5570 [ 675.752233][ C1] ? asm_exc_page_fault+0x26/0x30 [ 675.757388][ C1] ? 0xffffffffff600000 [ 675.761837][ C1] ? vfs_coredump+0x27bc/0x5570 [ 675.766727][ C1] vfs_coredump+0x27bc/0x5570 [ 675.771465][ C1] ? __pfx_vfs_coredump+0x10/0x10 [ 675.776529][ C1] ? __lock_acquire+0x4a5/0x2630 [ 675.781524][ C1] ? lock_acquire+0x1cf/0x380 [ 675.786260][ C1] ? is_bpf_text_address+0x8a/0x1a0 [ 675.791512][ C1] ? bpf_ksym_find+0x124/0x1c0 [ 675.796329][ C1] ? __kernel_text_address+0xd/0x30 [ 675.801573][ C1] ? unwind_get_return_address+0x59/0xa0 [ 675.807255][ C1] ? arch_stack_walk+0xa6/0xf0 [ 675.812069][ C1] ? __sigqueue_free+0xbe/0x2a0 [ 675.816971][ C1] ? stack_trace_save+0x8e/0xc0 [ 675.821944][ C1] ? __pfx_stack_trace_save+0x10/0x10 [ 675.827347][ C1] ? __send_signal_locked+0x155/0x12d0 [ 675.832855][ C1] ? stack_depot_save_flags+0x27/0x9d0 [ 675.838445][ C1] ? __lock_acquire+0x4a5/0x2630 [ 675.843498][ C1] ? proc_coredump_connector+0x2d3/0x4f0 [ 675.849180][ C1] ? __pfx_proc_coredump_connector+0x10/0x10 [ 675.855226][ C1] ? rcu_is_watching+0x12/0xc0 [ 675.860047][ C1] get_signal+0x1f2a/0x21e0 [ 675.864609][ C1] ? __pfx_get_signal+0x10/0x10 [ 675.869502][ C1] ? bad_area_access_error+0xab/0x1d0 [ 675.874905][ C1] ? fixup_vdso_exception+0x2d1/0x370 [ 675.880326][ C1] arch_do_signal_or_restart+0x91/0x770 [ 675.885917][ C1] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 675.892122][ C1] ? do_user_addr_fault+0x8d6/0x12f0 [ 675.897457][ C1] irqentry_exit+0x1f8/0x670 [ 675.902089][ C1] asm_exc_page_fault+0x26/0x30 [ 675.906974][ C1] RIP: 0033:0x401000 [ 675.910912][ C1] RSP: 002b:000000000000000a EFLAGS: 00010206 [ 675.917105][ C1] RAX: 0000000000000000 RBX: 00007f7a23216270 RCX: 00007f7a22f9c819 [ 675.925109][ C1] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000020003b46 [ 675.933196][ C1] RBP: 00007f7a23032c91 R08: 0000000000000002 R09: 0000000000000000 [ 675.941534][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 675.949534][ C1] R13: 00007f7a23216308 R14: 00007f7a23216270 R15: 00007ffe886d8e18 [ 675.957562][ C1] [ 675.960610][ C1] rcu: rcu_preempt kthread starved for 10154 jiffies! g91425 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1 [ 675.971838][ C1] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. [ 675.981839][ C1] rcu: RCU grace-period kthread stack dump: [ 675.987748][ C1] task:rcu_preempt state:R running task stack:27832 pid:16 tgid:16 ppid:2 task_flags:0x208040 flags:0x00080000 [ 676.001320][ C1] Call Trace: [ 676.004638][ C1] [ 676.007606][ C1] __schedule+0xfee/0x6120 [ 676.012165][ C1] ? __lock_acquire+0x4a5/0x2630 [ 676.017166][ C1] ? __pfx___schedule+0x10/0x10 [ 676.022067][ C1] ? find_held_lock+0x2b/0x80 [ 676.026789][ C1] ? schedule+0x2bf/0x390 [ 676.031213][ C1] schedule+0xdd/0x390 [ 676.035330][ C1] schedule_timeout+0x127/0x280 [ 676.040228][ C1] ? __pfx_schedule_timeout+0x10/0x10 [ 676.045652][ C1] ? __pfx_process_timeout+0x10/0x10 [ 676.051084][ C1] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 676.056973][ C1] ? prepare_to_swait_event+0xdf/0x4a0 [ 676.062567][ C1] rcu_gp_fqs_loop+0x1a9/0x900 [ 676.067380][ C1] ? __pfx_rcu_gp_fqs_loop+0x10/0x10 [ 676.072709][ C1] ? __pfx_rcu_gp_init+0x10/0x10 [ 676.077692][ C1] ? __pfx_rcu_gp_cleanup+0x10/0x10 [ 676.082933][ C1] ? rcu_is_watching+0x12/0xc0 [ 676.087746][ C1] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 676.093618][ C1] rcu_gp_kthread+0x179/0x230 [ 676.098431][ C1] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 676.103669][ C1] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 676.109623][ C1] ? __kthread_parkme+0x18c/0x230 [ 676.114692][ C1] ? kthread+0x13a/0x450 [ 676.119102][ C1] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 676.124342][ C1] kthread+0x370/0x450 [ 676.128460][ C1] ? __pfx_kthread+0x10/0x10 [ 676.133271][ C1] ret_from_fork+0x754/0xd80 [ 676.137922][ C1] ? __pfx_ret_from_fork+0x10/0x10 [ 676.143172][ C1] ? __switch_to+0x7b4/0x1120 [ 676.147889][ C1] ? __pfx_kthread+0x10/0x10 [ 676.152524][ C1] ret_from_fork_asm+0x1a/0x30 [ 676.157346][ C1] [ 676.160391][ C1] rcu: Stack dump where RCU GP kthread last ran: [ 676.166743][ C1] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Tainted: G U L syzkaller #0 PREEMPT(full) [ 676.177293][ C1] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 676.182510][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 676.192681][ C1] RIP: 0010:pv_native_safe_halt+0xf/0x20 [ 676.198365][ C1] Code: a8 84 02 c3 cc cc cc cc 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 43 00 1d 00 fb f4 fc 35 03 00 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90 [ 676.218288][ C1] RSP: 0018:ffffc90000197df0 EFLAGS: 00000242 [ 676.224403][ C1] RAX: 000000000014dcd3 RBX: ffff88801e698000 RCX: ffffffff8b8e8c75 [ 676.232496][ C1] RDX: 0000000000000000 RSI: ffffffff8de82fd4 RDI: ffffffff8c1b1da0 [ 676.240716][ C1] RBP: 0000000000000000 R08: 0000000000000001 R09: ffffed10170a679d [ 676.248744][ C1] R10: ffff8880b8533ceb R11: 0000000000000000 R12: 0000000000000001 [ 676.256771][ C1] R13: ffffed1003cd3000 R14: 0000000000000001 R15: ffffffff90d9fc10 [ 676.264787][ C1] FS: 0000000000000000(0000) GS:ffff888124440000(0000) knlGS:0000000000000000 [ 676.273980][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 676.280608][ C1] CR2: 0000564a9bf226d0 CR3: 000000000e598000 CR4: 00000000003526f0 [ 676.288627][ C1] Call Trace: [ 676.291946][ C1] [ 676.294914][ C1] default_idle+0x9/0x10 [ 676.299201][ C1] default_idle_call+0x6c/0xb0 [ 676.304005][ C1] do_idle+0x464/0x590 [ 676.308135][ C1] ? __pfx_do_idle+0x10/0x10 [ 676.312773][ C1] cpu_startup_entry+0x4f/0x60 [ 676.317570][ C1] start_secondary+0x21d/0x2d0 [ 676.322390][ C1] ? __pfx_start_secondary+0x10/0x10 [ 676.327728][ C1] common_startup_64+0x13e/0x148 [ 676.332726][ C1] [ 678.634588][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 678.655878][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 678.824301][ C0] net_ratelimit: 9130 callbacks suppressed [ 678.824328][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 678.842831][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 678.856073][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 678.869273][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 678.881974][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 678.894417][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0) [ 678.907181][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 678.919713][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 678.931928][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 678.954495][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:44:d8:55:07:52, vlan:0)