last executing test programs: 13.804538948s ago: executing program 2 (id=430): socket(0x2, 0x80802, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_smc_gen_netlink(0x0, 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/v4l-subdev6\x00', 0x103281, 0x0) mmap$auto(0x0, 0x20009, 0x4000000001df, 0xeb1, 0x401, 0x8000) openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000140), 0x8040, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/platform/dummy_hcd.7/usb8/authorized_default\x00', 0x20582, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup.cpu/hugetlb.2MB.rsvd.limit_in_bytes\x00', 0x0, 0x0) read$auto(r0, 0x0, 0x20) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ram5\x00', 0x14fa02, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000001a80)='/dev/bus/usb/001/001\x00', 0x29202, 0x0) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/controlC2\x00', 0x2000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) open(0x0, 0x261c2, 0x84) socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) r1 = openat$auto_ucma_fops_ucma(0xffffffffffffff9c, &(0x7f0000000180), 0x101002, 0x0) write$auto(r1, 0x0, 0xc3) 13.395864331s ago: executing program 2 (id=432): socket(0x10, 0x2, 0xc) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000006c0)='/sys/devices/platform/dummy_hcd.5/usb6/bMaxPower\x00', 0x80, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000002c40)=""/25, 0x19) bind$auto(0x3, &(0x7f0000000000)=@generic={0x10, "a500acb75c9cedd1b5e9a0d76293"}, 0x68) bind$auto(0x3, &(0x7f0000000000)=@generic={0x10, "a500acb75c9cedd1b5e9a0d76293"}, 0x68) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r1 = openat$auto_nsim_pp_hold_fops_netdev(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/netdevsim/netdevsim6/ports/1/pp_hold\x00', 0x2000, 0x0) write$auto_nsim_pp_hold_fops_netdev(r1, &(0x7f00000000c0)="cc0c9ae8652b1a159f7ffcd7ae5d11bf858129267bdf58e5034394e79bbeab4e2088c234b7a8fbe359a89fbafe4309a96bcbc762144516e279602b1724128b563fa7a6dd54e13b16c511805410033d6e50e2e0cfbcc8f455fb2e6e6625b0f665e69251e1304150c174baee450bc2800293aa79ac1203f6a1b91c8307c4a40ba9539a14b7cbb7", 0x86) sysfs$auto(0x2, 0x5, 0x0) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) timerfd_create$auto(0x9, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) recvmmsg$auto(0xffffffffffffffff, 0x0, 0x80000401, 0x7fe, 0x0) r2 = openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000140)='/dev/binderfs/binder1\x00', 0x0, 0x0) ioctl$auto_BINDER_SET_MAX_THREADS(r2, 0x40046205, 0x0) ioctl$auto_BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000000)="fc06c1f730b9d2867a8ba29f242cf38f59f712fcd917fee796") close_range$auto(0x0, 0xfffffffffffff000, 0x2) openat$auto_tracing_fops_trace(0xffffffffffffff9c, 0x0, 0x82000, 0x0) ioctl$auto_LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xfffffffffffffffd) poll$auto(&(0x7f0000000d40)={0x3, 0x1, 0xa}, 0x5, 0x400) ioctl$auto(0x3, 0x40085400, 0x5) 12.064297297s ago: executing program 2 (id=434): syz_genetlink_get_family_id$auto_net_shaper(0x0, 0xffffffffffffffff) mmap$auto(0x0, 0x20006, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x15, 0x5, 0x7) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) madvise$auto(0x110c230000, 0x1, 0x9) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0xc0002, 0x0) getrandom$auto(0x0, 0x3, 0x80000001) statmount$auto(0x0, &(0x7f0000000180)={0x9, 0xfffffffe, 0x44f, 0xa, 0x10, 0x1007181, 0x0, 0x62, 0x7, 0x800, 0x0, 0x26, 0x4, 0x200003fffffe, 0xfffffffffffffff5, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x862, 0xf, 0x22002, 0x200, 0x0, 0x62f, 0x6, 0x0, 0x0, 0x0, 0xb626, [0xfffffffffffffffe, 0xffffffffffff04ef, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9e, 0x0, 0xa7, 0xfffffffffffffffd, 0x0, 0xffffffffffffffff, 0x0, 0xfffffffffffffffd, 0x40, 0x81, 0x8a0, 0xb, 0x81, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x1000, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100002, 0x0, 0x3ff, 0x6, 0x0, 0x0, 0x0, 0x0, 0x4000000000000]}, 0x800000000000b, 0xbc) r0 = openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f0000000180), 0x1541, 0x0) ioctl$auto__ctl_fops_dm_ioctl(r0, 0xfffffff7effffd0c, &(0x7f00000001c0)) remap_file_pages$auto(0x6a27, 0x1000, 0x0, 0xb74, 0x66a) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @loopback}, 0x54) setsockopt$auto(0x3, 0x0, 0x4, 0x0, 0x28) madvise$auto(0x0, 0xffffffffffff0001, 0x15) msync$auto(0x110c230000, 0x200001, 0x6) 11.892143473s ago: executing program 1 (id=435): io_uring_setup$auto(0x1d48, &(0x7f0000000340)={0x7fffffff, 0x10, 0x2, 0x6, 0x7, 0x8, 0xffffffffffffffff, [], {0x6, 0x88, 0x1, 0x80000000, 0x10000100, 0x83, 0x101, 0x6, 0x8000000000000001}, {0x100, 0x1, 0x10000052, 0x5, 0x11, 0x101, 0x876c5, 0xc9, 0x3}}) r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nfsd(0x0, 0xffffffffffffffff) sendmsg$auto_NFSD_CMD_THREADS_SET(r0, &(0x7f0000000480)={0x0, 0x0, 0x0}, 0x4000) r1 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$auto_VHOST_SET_OWNER(r1, 0xaf01, 0x5) mmap$auto(0x6, 0x4, 0x4000000000dd, 0x40eb1, 0xffffffffffffffff, 0x300000000000) mmap$auto(0x0, 0x2020006, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) socket$nl_generic(0x10, 0x3, 0x10) unshare$auto(0x40000080) r2 = openat$auto_sw_sync_debugfs_fops_sync_debug(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) close_range$auto(0x2, 0x8, 0x0) clone$auto(0x3fff, 0xad3, 0x0, 0x0, 0x8000002) mmap$auto(0xfffffffffffffffb, 0x400008, 0x400df, 0x19, r2, 0x2a7d) close_range$auto(0x2, 0x8, 0x0) close_range$auto(0x2, 0x8, 0x0) acct$auto(&(0x7f0000000100)='./cgroup/cgroup.subtree_control\x00') acct$auto(0x0) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) mlock$auto(0xfbea, 0x7fffffffffffffff) 8.17242947s ago: executing program 1 (id=440): mmap$auto(0x0, 0x9bc, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) r0 = socket(0xa, 0x1, 0x84) socket(0x23, 0x80805, 0x0) fanotify_init$auto(0x5, 0x2000000000002) io_uring_setup$auto(0x3, 0x0) pipe$auto(0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x48140, 0x0) socket(0x2, 0x3, 0xa) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x3, 0xa) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_vhci_fops_hci_vhci(0xffffffffffffff9c, 0x0, 0x0, 0x0) socket(0x2, 0x801, 0x106) socket(0x15, 0x5, 0x0) socket(0x10, 0x2, 0x0) r2 = socket(0x10, 0x2, 0xc) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="18000000", @ANYRES8=r2, @ANYRES8=r1, @ANYRES64=r0], 0x18}, 0x1, 0x2000, 0x0, 0x40000}, 0x80) 7.630795064s ago: executing program 1 (id=441): r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/audio\x00', 0x20342, 0x0) ioctl$auto_SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000000)) mmap$auto(0x0, 0x400007, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) write$auto(0x3, 0x0, 0xffd8) r1 = socket(0x11, 0xa, 0x9) unshare$auto(0x40000080) write$auto(0x3, 0x0, 0x8) openat$auto_proc_setgroups_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/setgroups\x00', 0x7f835763b555bbe0, 0x0) write$auto(0xffffffffffffffff, 0x0, 0xa) unshare$auto(0x40000080) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0xe187) write$auto(r1, &(0x7f0000000480)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\x0f\x97\xa1\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd3lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\xfa\v?\\#\xfc\x15-\xbc\xcd$\x83\xcf\xc5D\xcc', 0xc8) socket(0x1f, 0x1, 0x8) keyctl$auto(0x23, 0x1, 0x6, 0x3, 0x9) prctl$auto(0x1000000003b, 0x80001, 0x0, 0x200000005, 0x100000000000007) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f2, 0x15) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x101001, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000001c0), 0x101000, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) mmap$auto(0x0, 0xa00006, 0x400002, 0x40eb1, 0x602, 0x300000000000) mremap$auto(0x0, 0x7, 0x3fd6, 0x3, 0x200000) 6.170180164s ago: executing program 3 (id=443): r0 = socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) r1 = socket(0xa, 0x3, 0x3b) getsockopt$auto(r1, 0x29, 0x20, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) close_range$auto(0x2, 0x8, 0x0) openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f0000000340), 0x189400, 0x0) pwrite64$auto(r0, 0x0, 0x4e, 0x3) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/cgroup.threads\x00', 0x80302, 0x0) preadv$auto(0x3, &(0x7f0000000040)={0x0, 0x5}, 0x3, 0xf8, 0xffffffffffffffff) readv$auto(0x3, 0x0, 0x1) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r3) ioctl$auto_KVM_CREATE_VM(r2, 0xae80, 0x0) close_range$auto(0x2, 0x8, 0x0) 5.946783782s ago: executing program 0 (id=444): r0 = socket(0x2a, 0x2, 0xffffffff) openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, &(0x7f0000000000), 0x40000, 0x0) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0x8}, 0x1) openat$auto_tun_fops_tun(0xffffffffffffff9c, 0x0, 0x4a083, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(r1, 0xfffffffffffff000, 0x864b) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000400)='/sys/devices/platform/vivid.0/cec28/power/runtime_suspended_time\x00', 0x22040, 0x0) symlink$auto(0x0, 0x0) socket(0x2, 0x3, 0xa) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) setsockopt$auto(0x3, 0x0, 0x4, 0x0, 0x28) write$auto(0x3, 0x0, 0xffd8) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/zram0/disksize\x00', 0x2202, 0x0) write$auto(r4, &(0x7f00000001c0)='7K\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x3dec) r5 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000e40), 0xffffffffffffffff) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r3, &(0x7f0000001100)={0x0, 0x0, &(0x7f00000010c0)={&(0x7f0000000e80)={0x1c, r5, 0x1, 0x70bd2a, 0x25dfdbfd, {}, [@HWSIM_ATTR_RADIO_NAME={0x5, 0x11, '\x00'}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000084}, 0x10) sendmsg$auto_HWSIM_CMD_GET_RADIO(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x20, r5, 0x100, 0x70bd25, 0x25dfdbfc, {}, [@HWSIM_ATTR_RADIO_ID={0x8, 0xa, 0x36}, @HWSIM_ATTR_DESTROY_RADIO_ON_CLOSE={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x20000880) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) read$auto(r2, 0x0, 0x20) statmount$auto(0x0, 0x0, 0x1fe, 0x1) 5.049751102s ago: executing program 0 (id=445): mmap$auto(0x0, 0x70, 0x4000000000df, 0xeb1, 0x401, 0x8000) r0 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000200)='/proc/bus/pci/devices\x00', 0x10b402, 0x0) pread64$auto(r0, 0x0, 0x8100000041, 0x413e) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x7, 0xc, 0x940, 0x1ffde, 0x7, 0x6, 0x3ff, 0x3, 0x1, 0x2, 0x7, 0x9, 0x8, 0x8, 0x3, 0x5, 0x5, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x10001, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x800, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x25, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x4, 0x0, 0x0, 0xe3a, 0x0, 0x1]}, 0x400, 0x44) socket(0xa, 0x3, 0x3914) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/bus/scsi/drivers_autoprobe\x00', 0x141000, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r1, &(0x7f0000000500)=""/4096, 0x1000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/bdi/43:480/min_ratio_fine\x00', 0x2062, 0x0) openat$auto_snd_mixer_oss_f_ops_mixer_oss(0xffffffffffffff9c, &(0x7f0000000180)='/dev/mixer\x00', 0x2, 0x0) socket(0xa, 0x1, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x14f602, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x40000008000) ioctl$auto_SNDCTL_SEQ_GETOUTCOUNT(0xffffffffffffffff, 0x80045104, 0x0) close_range$auto(0x0, 0xffffffffffffffff, 0x4000000000002) mmap$auto(0x0, 0x4, 0x4000000000e3, 0x40eb1, 0x401, 0x300000000000) syz_open_procfs$namespace(0x0, &(0x7f0000000080)='ns/uts\x00') socket(0x2, 0xa, 0x1) ioctl$auto_TUNGETVNETBE2(0xffffffffffffffff, 0x800454df, &(0x7f0000000100)=0x400) ioctl$auto(0x1, 0x890b, 0x8) r2 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f00000010c0)='/dev/snd/controlC1\x00', 0x80000, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_ADD(r2, 0xc1105517, &(0x7f0000000140)={{@raw=0x80000000, 0x304, 0x1, 0x8, "3112d598004a614d19e22af9ffb683dbede3d0bf828bbfba40f035f4be6b7fe000900000000000755015e48d", @raw=0xffffffff}, 0x3, 0x3, 0x4, @inferred, @integer={0x10000, 0xfffffffffffffff9, 0x8}, "7a9fc199a16a2311eacf2fc7ae1da978dc3e8090334fdd7327b386425608af790ada71bdd70925450e24e87212f0bcab84a16f7ce8cbce0bb32777702b8d7c2d"}) 4.794012168s ago: executing program 1 (id=446): close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) fanotify_init$auto(0x602, 0x1) socket(0x2, 0x80802, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_smc_gen_netlink(0x0, 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/v4l-subdev6\x00', 0x103281, 0x0) mmap$auto(0x0, 0x20009, 0x4000000001df, 0xeb1, 0x401, 0x8000) openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000140), 0x8040, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/platform/dummy_hcd.7/usb8/authorized_default\x00', 0x20582, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup.cpu/hugetlb.2MB.rsvd.limit_in_bytes\x00', 0x0, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ram5\x00', 0x14fa02, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000001a80)='/dev/bus/usb/001/001\x00', 0x29202, 0x0) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/controlC2\x00', 0x2000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) open(0x0, 0x261c2, 0x84) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) r0 = openat$auto_ucma_fops_ucma(0xffffffffffffff9c, &(0x7f0000000180), 0x101002, 0x0) write$auto(r0, 0x0, 0xc3) 4.601530919s ago: executing program 2 (id=447): mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) socket(0x10, 0x2, 0x14) socket(0x11, 0x80003, 0x300) socket(0x1d, 0x2, 0x7) socket(0x2, 0x1, 0x0) socket(0x1d, 0x2, 0x7) socket(0xa, 0x2, 0x73) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x1, 0x0) socket(0x10, 0x2, 0x14) socket(0x11, 0x80003, 0x300) socket(0x1d, 0x2, 0x7) socket(0x2, 0x1, 0x0) socket(0x10, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x1, 0x0) socket(0xa, 0x5, 0x0) r0 = socket(0x10, 0x2, 0x14) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r0, &(0x7f0000003000)={0x0, 0x0, &(0x7f0000002fc0)={&(0x7f0000000040)=ANY=[@ANYBLOB="140000000a14af"], 0x14}, 0x1, 0x0, 0x0, 0x80c3}, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYRES8=r0], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4c084}, 0x51) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c03, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x2}, 0x3, 0x0) 4.487673433s ago: executing program 3 (id=448): r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv6/conf/all/forwarding\x00', 0x42a81, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) r1 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, 0x0, 0x80e42, 0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/adsp1\x00', 0x20342, 0x0) read$auto(r1, 0x0, 0x8000) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/bdi/43:288/max_ratio_fine\x00', 0x10b142, 0x0) socket(0x22, 0x3, 0x0) bind$auto(0x3, &(0x7f0000000080)=@isdn={0x22, 0x3d, 0x7, 0x64, 0x7}, 0x6b) sendfile$auto(r0, r2, 0x0, 0x1000200) mmap$auto(0x0, 0x5, 0x4000, 0xeb1, r2, 0x8001) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f0000000b00)='/dev/cuse\x00', 0x0, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) io_uring_setup$auto(0x6, 0x0) socket(0x2, 0x801, 0x106) select$auto(0x5, 0x0, &(0x7f0000000140)={[0x9, 0x8, 0x3, 0x10, 0x3, 0x9, 0x9, 0xff, 0x3, 0x2, 0x2, 0x7, 0x100000001, 0x8000000000000001, 0x4, 0x9]}, 0x0, 0x0) r3 = socket(0x2, 0x1, 0x84) setsockopt$auto(r3, 0x84, 0x15, 0x0, 0x1) write$auto_console_fops_tty_io(0xffffffffffffffff, &(0x7f0000000000)="c80d1b5d399b3f", 0xfdef) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/devices/pci0000:00/0000:00:00.0/msi_bus\x00', 0x149b01, 0x0) writev$auto(0x3, &(0x7f0000000100)={&(0x7f0000000140), 0x7111}, 0x8) 4.424717878s ago: executing program 1 (id=449): r0 = open(&(0x7f0000000000)='./file0\x00', 0x4242, 0xe1d2b27bdc14aabc) r1 = openat$auto_rng_chrdev_ops_core(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0) read$auto_rng_chrdev_ops_core(r1, &(0x7f0000000040)=""/4096, 0xfffffe82) write$auto(0xca, &(0x7f0000000040)='\x04>\x01\r\xfb\xff\xf6OL\xc8\xbe\x94\xf2\xa2\x00\x00', 0x2d9) fallocate$auto(r0, 0x0, 0x7, 0x4cbd5d) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) madvise$auto_MADV_GUARD_INSTALL(0x0, 0x2021000, 0x66) mremap$auto(0x1ff000, 0xff, 0x843, 0x3, 0xfffff000) ioctl$auto_TUNGETIFF2(0xffffffffffffffff, 0x800454d2, &(0x7f0000000040)=0x8) rseq$auto(0x0, 0x8000, 0x0, 0x6) bind$auto(0xffffffffffffffff, 0x0, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) recvfrom$auto(0x3, 0x0, 0x800000000e, 0xa00, 0x0, 0xfffffffffffffffd) write$auto(0x3, 0x0, 0xfffffdef) landlock_restrict_self$auto(0xffffffffffffffff, 0x7) write$auto(0x1, 0x0, 0x80000000) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) vmsplice$auto(0x2, &(0x7f00000000c0)={0x0, 0x7ff}, 0x8000000000000001, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mremap$auto(0xfffff000, 0x4, 0x1, 0x7, 0x1ff000) r2 = openat$auto_qrtr_tun_ops_tun(0xffffffffffffff9c, &(0x7f0000000040), 0x481, 0x0) pwrite64$auto(r2, 0x0, 0x400000, 0xc) 4.100287743s ago: executing program 0 (id=450): mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) r0 = socket(0x15, 0x5, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) recvmmsg$auto(0x3, 0x0, 0x10000, 0x6, 0x0) recvmmsg$auto(r0, &(0x7f00000000c0)={{&(0x7f00000001c0)="3584df3619212a7c67b8cfd38dfe0cfd33ea9d6f805b15afef3c9d6ad7e9f861eced5d8257ab6a722ba9d844eb3083b557eba63fd890a3faabad4b2f516133b6793542b4426c409a4be312165aeb5ff331127980621d58b6b7c891bcb5d9d8e0072ba2b097635b8ef1b3003601c23899eb0f7721a2ab92be17c447f4bbb38c5f477947d168e1cb147ab08d02a8a55170a35081869c23b8448ef400204d881599b583df", 0x7, &(0x7f0000000080)={&(0x7f0000000000)="b912174eaebb8e605169d386bf3a4ee25976e58dfcb02889e8e7dcdbd018aa23f51b3e81104581608dfc5bbb22f6110b3af7dc", 0x3}, 0x0, &(0x7f0000000280)="9a0256ed9a83991e08b790deabe1ae3bebda4e2c9f38e8946cdd53db267a1be31e5353ffd9ede87b782e7f15c6964b6b993b95bdac78b2351ddf29d69ce63169311ddf48d8a273bb6277d35e97c91b259a57512bfdf257a18f02332c20ca4a345e35388f3a51608879d2ac7240535c4765ef18f378fe081385a35c54055637caf0a5db81e109e7780348bfaf098affb7def1b699d6b60fa3cc21ca1c92f771a18f0f5fc910927c7feee626cf597d77411ff71eaf605e868364444a7a33a3b779d646c0c405", 0x6, 0xa01}, 0x6}, 0x400, 0x200, &(0x7f0000000380)={0x3, 0x3}) sendmsg$auto(r0, &(0x7f0000000180)={&(0x7f0000000040), 0x7fc, 0x0, 0x8, 0x0, 0x1, 0x4}, 0x0) openat$auto_tracing_mark_raw_fops_trace(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/trace_marker_raw\x00', 0x40, 0x0) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ram5\x00', 0x1eba02, 0x0) setresuid$auto(0x0, 0x0, 0x0) ioctl$auto_BLKALIGNOFF(r1, 0x127a, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) r3 = syz_genetlink_get_family_id$auto_ipvs(&(0x7f0000002680), 0xffffffffffffffff) sendmsg$auto_IPVS_CMD_DEL_DAEMON(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000006c0)=ANY=[@ANYRES32=r3, @ANYRES32=r1, @ANYRESDEC=r2, @ANYRESDEC=0x0, @ANYRES16], 0x24}, 0x1, 0x0, 0x0, 0x4040000}, 0xc000) syz_clone(0x80010000, &(0x7f00000008c0)="65b2b2b17639fd35b174c4bd101de0bde7ec8f938a472dc95cbd1742b6f9ac69fb811acd734aa1427b726d1207670b4ecd6aaf9cf7fbf22e4c7b074cd87bb9a12584889f566e8ac2d282b1e93d719504acaeef9b46b7c67f06809092a6ad84e799d7f3b823c1d1b863b15dc8839aea525000906600bf43e12d82bf863d16c0ca5b473d1c633391a841def9bf81259bb592e50e", 0x93, 0x0, &(0x7f00000002c0), &(0x7f0000000b00)="2918758169251555183442853a27ba37074b62633f338d1a7b74c6ff4c91676d9a5e0078ab1db0f30dc404f23fd5820a80ed88704e71ac2c5f3169cb36f22141f45b35a2e04fe71b8618ec46671bf5d28d8d26ce4970c811a8b669c7011c3e9ff8b2109640c07450f5b7b624fde03bb975adc229120a3b8750efcf8a4846f0a7ac6a36f60f348190044854f04b55f429540f9fc390d24df293299b9c4395aed65212fdd9a1597ffcfaf9b3008f77bcc5a393486eb62527560aa974af592514e14d7d34584ee8665cdecbd991fe575d59a4f9c6583a485022f9791b0532d16ecdffdabc91e082640c04c5382fe1aae6484683b91366aafa6e876fbbc7042060bfa86af873f56443d67db514c1cdb4d8b14f96b22dd4683ce4877dc06173474376e79a7b81c20901e86f322be0d272e66e16c14c948266dbaa0e9cba48631863c7aa8e8f797217b42a3d9c019f3a919db8f140bab26c00b5d05032aa38b396305fbfeaa1f6368e7d8c542f4f46ed117c5398e7d5c4b1ac78bfe39181ba7e8114cdf7d9fd3c2f253fa6fd7dc96061eb3d92b8d560c2f203f2e913ef3cdc817974d742e6f19b3f6e0af687d28d8c59c85d12ebe29ed46e1dcc8c02e9fa76d7ab2e9627412426522d9d8272a063ee286dfcb0cae11fca488b386c12b99fa3453b8c62d320e67ca146be") waitid$auto_P_PID(0x1, 0xffffffffffffffff, &(0x7f00000003c0)={@_si_pad}, 0x1ecc, &(0x7f0000000440)={{0xffffffff, 0x2}, {0x7, 0x19}, 0x9, 0x80000000, 0x4, 0x5, 0x8000000000000001, 0x6, 0x6, 0x0, 0x9, 0x0, 0x0, 0x1000, 0x0, 0x4}) getpgid$auto(0x0) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000080), 0x8203, 0x0) 3.335137136s ago: executing program 3 (id=451): socket(0x2, 0x80802, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000001a80)='/dev/bus/usb/001/001\x00', 0x29202, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_smc_gen_netlink(0x0, 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/v4l-subdev6\x00', 0x103281, 0x0) openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f00000000c0), 0x204900, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptyyc\x00', 0x800, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ram5\x00', 0x14fa02, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000001a80)='/dev/bus/usb/001/001\x00', 0x29202, 0x0) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/controlC2\x00', 0x2000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) msgctl$auto_IPC_INFO(0x6, 0x3, 0x0) socket(0x2, 0x1, 0x0) openat$auto_dfs_cpu_ops_debugfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/x86/topo/cpus/1\x00', 0x200, 0x0) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) open(0x0, 0x261c2, 0x84) socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) r0 = openat$auto_ucma_fops_ucma(0xffffffffffffff9c, &(0x7f0000000180), 0x101002, 0x0) write$auto(r0, 0x0, 0x1000000000c4) 2.871911721s ago: executing program 2 (id=452): close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0xa, 0x801, 0x100) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0x2, 0x1, 0x106) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0xffffffffffffffff, 0x8000) socket(0x2, 0x2, 0x0) bind$auto(0x3, 0x0, 0x6a) connect$auto(0x3, 0x0, 0x50) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x700, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) pwrite64$auto(0xc8, 0x0, 0xfdf0, 0x39) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) getsockopt$auto_SO_RCVMARK(0xffffffffffffffff, 0x0, 0x4b, 0x0, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x6, 0x0) shutdown$auto(0x200000003, 0x400002) madvise$auto(0x0, 0xfffffffffffeffff, 0x15) prctl$auto(0x43, 0xe, 0x0, 0x0, 0x0) prctl$auto(0x43, 0x0, 0x0, 0x0, 0x0) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) 2.788860447s ago: executing program 3 (id=453): socket(0x2, 0x80802, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_smc_gen_netlink(0x0, 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/v4l-subdev6\x00', 0x103281, 0x0) mmap$auto(0x0, 0x20009, 0x4000000001df, 0xeb1, 0x401, 0x8000) openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000140), 0x8040, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/platform/dummy_hcd.7/usb8/authorized_default\x00', 0x20582, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup.cpu/hugetlb.2MB.rsvd.limit_in_bytes\x00', 0x0, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ram5\x00', 0x14fa02, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000001a80)='/dev/bus/usb/001/001\x00', 0x29202, 0x0) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/controlC2\x00', 0x2000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) open(0x0, 0x261c2, 0x84) socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) r0 = openat$auto_ucma_fops_ucma(0xffffffffffffff9c, &(0x7f0000000180), 0x101002, 0x0) write$auto(r0, 0x0, 0xc3) 2.628767755s ago: executing program 0 (id=454): mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) socket(0xa, 0x1, 0x84) io_uring_setup$auto(0x6, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) connect$auto(0x3, &(0x7f00000018c0)=@in={0x2, 0x300, @loopback=0xac14140a}, 0x55) connect$auto(0x3, 0x0, 0x54) setsockopt$auto(0x3, 0x1, 0x20, 0x0, 0x9) pwrite64$auto(0xc8, &(0x7f0000000040)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x86\xdde\x1cJ\x99\x00\x00\x00\x00\x00\x00\xfd\xfd\xd3\xd3\x1d\xf8\xbe\x01\x00\x00\x00\'\x03\x00\x00\x9f\x1e\xf9\xa4*\x01\x00\x00\x00^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x0e#\xae\xa9i8W\xe5Iq\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2E\xd8?\'\x8dg\x81K*&\xab\xaf\x94\x90\xd7\xa6+,\xc3\xc2g\x01JZ\xbb*\xb5\xa1;0\x81\x11\x9a?g`sFh\x00\x00,,\x93\xba\x88\x93\xc6#\xe5\xaae\x9d\xb6\x1a\x7f\xc0%\xb0\rfOJ+\x02\x9b#)\x9b\x17\x82\xd7\xee\xd1\xbf2[\xd0\xbdn\x1d\x00\xeb]B\xa0\x99\xb0R\xb4J}\xa8\xa1\x84]F\xe0\x83/\xc0\xd8\x05f_\xfa\x19\a\x00\xf1\x12lwU&[\xde?\xde8\xf7\xc1\xa6\xf2\xc1\"\xact\xee\xc9\x00'/231, 0xfdf2, 0x3a) mmap$auto(0x0, 0x4020009, 0xdb, 0x2000000000eb1, 0x401, 0x8000) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000540)='/dev/tty45\x00', 0x201, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x1e, 0x4, 0x0) r0 = socket(0x1e, 0x4, 0x0) setsockopt$auto(r0, 0x10f, 0x87, 0x0, 0x14) setsockopt$auto(0x3, 0x10f, 0x87, 0x0, 0x14) r1 = socket(0x1e, 0x4, 0x0) setsockopt$auto(r1, 0x10f, 0x87, 0x0, 0x14) r2 = socket(0x1e, 0x4, 0x0) setsockopt$auto(r2, 0x10f, 0x87, 0x0, 0x14) statx$auto(0xffffffffffffffff, 0x0, 0x401006, 0x4015, 0x0) 2.263238079s ago: executing program 3 (id=455): mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) r0 = socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) io_uring_setup$auto(0xf0, &(0x7f0000000180)={0x6, 0x18, 0xd64, 0xc852, 0x6, 0x7, r0, [0x1, 0x401, 0x1000], {0x7, 0x5, 0x1, 0x4, 0x95, 0xf4c, 0x7fff, 0xfffffffb, 0x65f29f6d}, {0x3, 0xadc, 0x10000, 0x0, 0x5, 0xffffffff, 0x1000, 0x54f, 0x5}}) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) close_range$auto(0x2, 0xa, 0x0) socket(0xa, 0x2, 0x0) connect$auto(0xffffffffffffffff, &(0x7f00000018c0)=@generic={0xa}, 0x55) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7fffffe) write$auto_proc_mem_operations_base(0xffffffffffffffff, 0x0, 0x0) syz_clone3(0x0, 0x0) madvise$auto(0x1ffff000, 0x7, 0x100000000) mmap$auto(0x0, 0x400008, 0xb, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) mremap$auto(0x0, 0x4, 0x4, 0x7, 0x100000000) io_uring_setup$auto(0x2, &(0x7f0000000080)={0x80000003, 0x9, 0x4002, 0x6, 0x4, 0x8, 0xffffffffffffffff, [], {0x9, 0x6, 0xf, 0x29f, 0x100, 0x7f, 0x101, 0x4000006, 0x2000}, {0x100, 0x1, 0x52, 0x5, 0x1, 0x40, 0x104, 0x8, 0x100000000}}) syz_clone(0x1002000, 0x0, 0x0, 0x0, 0x0, 0x0) futex_wake$auto(0x0, 0x5, 0x4, 0xa) futex_wake$auto(&(0x7f0000000000)="facff2b53ab3522cb329b5a87bdbc091f5a6ad597f2789e870d64db4cf6503135f5a750abc973b65703b664991ab45d13445d9c4df1d25210345f44468854c9689b943d1c65073bf11fd0c98fb48f9f4d67c0908e7470167", 0xfffffffffffffff8, 0xfff, 0x7f) mmap$auto(0x0, 0x2000a, 0x10000000000e1, 0xeb2, 0x401, 0x8000) 2.072294341s ago: executing program 0 (id=456): r0 = openat$auto_proc_tid_children_operations_internal(0xffffffffffffff9c, &(0x7f0000000040), 0x2400, 0x0) getsockopt$auto_SO_BUF_LOCK(r0, 0x4, 0x48, &(0x7f0000000180)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', &(0x7f0000000080)=0x2) unshare$auto(0x40000080) socket(0x23, 0x800, 0xfffff000) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) r1 = socket(0x2, 0x1, 0x0) setsockopt$auto(r1, 0x6, 0x1f, 0x0, 0x3a) sendmsg$auto_NETDEV_CMD_BIND_RX(r1, 0x0, 0x24008000) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x2, 0x0, 0x1, 0x1) write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) socket(0x2b, 0x1, 0x0) r3 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/loop2\x00', 0x24040, 0x0) ioctl$auto_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000240)={"ef65ce6c00cf81000000ffffffffffffff291d000000000700", 0x3ff, 0x408, 0xffc, 0x400004, 0x200000000040000d}) ioctl$auto_BLKTRACETEARDOWN(r3, 0x1276, 0x0) ioctl$auto_BLKTRACETEARDOWN(r3, 0x1276, 0x0) madvise$auto(0x0, 0x240007, 0x19) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x43, 0x9, 0x5) syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_FEATURES_SET(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000340)={0x0}, 0x1, 0x0, 0x0, 0x4000800}, 0x24048084) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video1\x00', 0xc0400, 0x0) 292.465166ms ago: executing program 2 (id=457): r0 = socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) r1 = socket(0xa, 0x3, 0x3b) getsockopt$auto(r1, 0x29, 0x20, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) close_range$auto(0x2, 0x8, 0x0) openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f0000000340), 0x189400, 0x0) pwrite64$auto(r0, 0x0, 0x4e, 0x3) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/cgroup.threads\x00', 0x80302, 0x0) preadv$auto(0x3, &(0x7f0000000040)={0x0, 0x5}, 0x3, 0xf8, 0xffffffffffffffff) readv$auto(0x3, 0x0, 0x1) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r3) ioctl$auto_KVM_CREATE_VM(r2, 0xae80, 0x0) close_range$auto(0x2, 0x8, 0x0) 268.506508ms ago: executing program 3 (id=458): socket(0x6, 0x3, 0x37) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) r0 = socket(0x26, 0x5, 0x8c68) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x101e41, 0x0) ioperm$auto(0x4, 0x100000001, 0x4000005) futex_waitv$auto(0x0, 0x7ff, 0x8, &(0x7f00000000c0)={0x1000000004, 0x10}, 0x4) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x74c40, 0x0) openat$auto_uinput_fops_uinput(0xffffffffffffff9c, 0x0, 0x40, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r2, 0x0, 0x20) r3 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x140082, 0x0) writev$auto(r3, &(0x7f0000000200)={0x0, 0x7}, 0x3) close_range$auto(0x2, 0x8, 0x0) close_range$auto(0x2, 0x8, 0x0) sysfs$auto(0x2, 0x7, 0x0) lsm_list_modules$auto(0x0, 0x0, 0x0) r4 = ioctl$auto_TUNATTACHFILTER(r0, 0x401054d5, 0x0) ioctl$auto_virtual_ncidev_fops_virtual_ncidev(r4, 0x6, 0x0) r5 = openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000280), 0x141182, 0x0) ioctl$auto_dvb_demux_fops_dmxdev(r5, 0x40146f2c, 0x0) unshare$auto(0x40000080) setsockopt$auto(r1, 0xd0, 0x800000e4, 0x0, 0x569) 53.803789ms ago: executing program 1 (id=459): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sg1\x00', 0x180443, 0x0) openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dri/card0\x00', 0x121d02, 0x0) socket(0x10, 0x2, 0x14) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x622340, 0x0) openat$auto_fuse_conn_congestion_threshold_ops_control(0xffffffffffffff9c, &(0x7f00000000c0), 0x20040, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) io_uring_setup$auto(0x9, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) eventfd$auto(0x3) pipe$auto(0x0) socketpair$auto(0x1e, 0x1, 0x4, 0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/pts/ptmx\x00', 0x0, 0x0) ioctl$auto_TIOCSETD2(r0, 0x5423, 0x0) ioctl$auto_TCFLSH2(r0, 0x40384708, 0x0) 0s ago: executing program 0 (id=460): mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0xffffffffffffffff, 0x8000) r0 = socket(0x2, 0x2, 0x0) bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x50) r1 = io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0xe, 0x2, 0x6, 0x5, 0x8, 0xffffffffffffffff, [], {0xd74c, 0x6, 0x2, 0x29f, 0x100, 0x7f, 0x101, 0x6, 0x2}, {0xff, 0x1, 0x10001, 0x7, 0x1, 0x40, 0x76c5, 0x400005, 0x100000005}}) io_uring_enter$auto(r1, 0x9, 0x820e, 0x6, 0x0, 0x18) ioctl$auto_EXT4_IOC_MOVE_EXT(r1, 0xc028660f, &(0x7f0000000040)={0x0, r0, 0x2, 0x2, 0x1, 0x2}) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x700, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) r3 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x801, 0x0) select$auto(0xe, 0x0, 0x0, 0x0, 0x0) ioctl$auto_RNDGETENTCNT(r2, 0x80045200, &(0x7f0000000240)=0x5) r4 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000340), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_SET_STATION(r0, &(0x7f0000000440)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x110000}, 0xc, &(0x7f0000000400)={&(0x7f0000000380)={0x48, r4, 0x10, 0x70bd26, 0x25dfdbfc, {}, [@NL80211_ATTR_PREV_BSSID={0x14, 0x4f, "83525630bf34d4ac4064fc0816a384d3"}, @NL80211_ATTR_WIPHY_FRAG_THRESHOLD={0x8, 0x3f, 0x8}, @NL80211_ATTR_AP_SETTINGS_FLAGS={0x8, 0x135, 0x3}, @NL80211_ATTR_TDLS_DIALOG_TOKEN={0x5}, @NL80211_ATTR_KEY_IDX={0x5, 0x8, 0x4}]}, 0x48}, 0x1, 0x0, 0x0, 0x8000}, 0x40080c0) pwrite64$auto(0xc8, &(0x7f0000000140)='\vX\xb5n\x91p\xe6\x1eRNM\x99\x86\xdde\x1cJ\x99\x00\x00\x00\x00,\x00\xfd\xfd\xd3\xd3\x1d\xf8\xbe\x01\x00\x00\x00\'\x03\x00\x00\x9f\x1e\xf9\xa4*\x01\x00\x00\x00^B\xb8\xe4j\t,\xe4\x90\xcc\x9d\xc5\x0fo\x84\xf4\x89\v\xea\x1b\x95\xafQ;CL\"\x01@\x00\x00\x00\x00\f\x00\xc0\x13\xc8\xe2\xae\xf5\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2E\xd8?\'\x8d\x81\x81O*&\xab\xaf\x94\x90\xd7\xa6+,\xc3\xc2g\x01JZ\xbb*\xb5\xa1;0\x81\x11\x9a?g`sFh\x00\x00,8\x93\xba\x88\x93\x9d\xb6\x1a\x7f\xc0%\xb0\x83ROJ+\x02\x9b#)\x9b\x17\x82\xd7\xee\xd1\xbf2[\xd6eWj\xdc\xac\x88\xf0\xa0\x99\xb0R\xb4J}\xa8\xa1\x84]F\xe0\x83/\xc0\xd8\x05f_\xfa\x19\a\x00\xf1\x12lwU&[\xde?\xde8\xf7\xc1\xa6\xf2\xc1\"\xact\xee\xc9\x00\x00\xff\xff\x00'/242, 0xfdf0, 0x39) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) getsockopt$auto_SO_RCVMARK(r3, 0x0, 0x4b, &(0x7f0000000000)='}\'.^\x00', 0x0) mmap$auto(0x0, 0x40009, 0x36, 0x9b72, 0x7, 0x28000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x6, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.103' (ED25519) to the list of known hosts. [ 71.636116][ T5812] cgroup: Unknown subsys name 'net' [ 71.771550][ T5812] cgroup: Unknown subsys name 'cpuset' [ 71.780109][ T5812] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 73.203971][ T5812] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 74.919989][ T5824] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 74.943185][ T5833] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 74.951971][ T5833] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 74.953032][ T5834] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 74.960773][ T5833] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 74.975636][ T5833] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 74.983303][ T5835] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 74.992068][ T5836] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 74.992560][ T5833] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 74.999206][ T5834] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 75.007170][ T5833] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 75.020913][ T5835] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 75.028138][ T5835] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 75.036587][ T5833] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 75.039011][ T5835] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 75.051535][ T5833] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 75.052728][ T5835] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 75.068423][ T5145] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 75.077737][ T5145] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 75.088479][ T5145] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 75.593798][ T5823] chnl_net:caif_netlink_parms(): no params data found [ 75.703066][ T5827] chnl_net:caif_netlink_parms(): no params data found [ 75.730256][ T5828] chnl_net:caif_netlink_parms(): no params data found [ 75.781088][ T5825] chnl_net:caif_netlink_parms(): no params data found [ 75.858446][ T5823] bridge0: port 1(bridge_slave_0) entered blocking state [ 75.866226][ T5823] bridge0: port 1(bridge_slave_0) entered disabled state [ 75.873697][ T5823] bridge_slave_0: entered allmulticast mode [ 75.881258][ T5823] bridge_slave_0: entered promiscuous mode [ 75.909729][ T5823] bridge0: port 2(bridge_slave_1) entered blocking state [ 75.916891][ T5823] bridge0: port 2(bridge_slave_1) entered disabled state [ 75.924493][ T5823] bridge_slave_1: entered allmulticast mode [ 75.931849][ T5823] bridge_slave_1: entered promiscuous mode [ 76.048394][ T5823] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 76.057821][ T5827] bridge0: port 1(bridge_slave_0) entered blocking state [ 76.065027][ T5827] bridge0: port 1(bridge_slave_0) entered disabled state [ 76.073230][ T5827] bridge_slave_0: entered allmulticast mode [ 76.080549][ T5827] bridge_slave_0: entered promiscuous mode [ 76.089322][ T5827] bridge0: port 2(bridge_slave_1) entered blocking state [ 76.096405][ T5827] bridge0: port 2(bridge_slave_1) entered disabled state [ 76.104289][ T5827] bridge_slave_1: entered allmulticast mode [ 76.111477][ T5827] bridge_slave_1: entered promiscuous mode [ 76.128770][ T5828] bridge0: port 1(bridge_slave_0) entered blocking state [ 76.135911][ T5828] bridge0: port 1(bridge_slave_0) entered disabled state [ 76.143685][ T5828] bridge_slave_0: entered allmulticast mode [ 76.151035][ T5828] bridge_slave_0: entered promiscuous mode [ 76.160865][ T5823] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 76.201319][ T5828] bridge0: port 2(bridge_slave_1) entered blocking state [ 76.208848][ T5828] bridge0: port 2(bridge_slave_1) entered disabled state [ 76.216078][ T5828] bridge_slave_1: entered allmulticast mode [ 76.223224][ T5828] bridge_slave_1: entered promiscuous mode [ 76.250682][ T5825] bridge0: port 1(bridge_slave_0) entered blocking state [ 76.258260][ T5825] bridge0: port 1(bridge_slave_0) entered disabled state [ 76.265452][ T5825] bridge_slave_0: entered allmulticast mode [ 76.273099][ T5825] bridge_slave_0: entered promiscuous mode [ 76.292611][ T5823] team0: Port device team_slave_0 added [ 76.301827][ T5827] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 76.311741][ T5825] bridge0: port 2(bridge_slave_1) entered blocking state [ 76.319433][ T5825] bridge0: port 2(bridge_slave_1) entered disabled state [ 76.327274][ T5825] bridge_slave_1: entered allmulticast mode [ 76.334713][ T5825] bridge_slave_1: entered promiscuous mode [ 76.354635][ T5827] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 76.366399][ T5823] team0: Port device team_slave_1 added [ 76.384672][ T5828] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 76.431558][ T5828] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 76.463886][ T5825] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 76.485571][ T5827] team0: Port device team_slave_0 added [ 76.492549][ T5823] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 76.499817][ T5823] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 76.525856][ T5823] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 76.540534][ T5825] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 76.562378][ T5827] team0: Port device team_slave_1 added [ 76.572036][ T5823] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 76.579310][ T5823] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 76.605849][ T5823] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 76.627467][ T5828] team0: Port device team_slave_0 added [ 76.676824][ T5828] team0: Port device team_slave_1 added [ 76.697584][ T5827] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 76.704982][ T5827] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 76.731011][ T5827] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 76.743669][ T5827] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 76.750677][ T5827] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 76.777426][ T5827] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 76.790756][ T5825] team0: Port device team_slave_0 added [ 76.840543][ T5825] team0: Port device team_slave_1 added [ 76.846847][ T5828] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 76.853897][ T5828] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 76.879867][ T5828] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 76.892627][ T5828] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 76.899860][ T5828] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 76.926224][ T5828] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 76.943770][ T5823] hsr_slave_0: entered promiscuous mode [ 76.950996][ T5823] hsr_slave_1: entered promiscuous mode [ 77.000688][ T5827] hsr_slave_0: entered promiscuous mode [ 77.007211][ T5827] hsr_slave_1: entered promiscuous mode [ 77.013758][ T5827] debugfs: 'hsr0' already exists in 'hsr' [ 77.019656][ T5827] Cannot create hsr debugfs directory [ 77.036244][ T5825] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 77.043238][ T5825] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 77.069587][ T5825] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 77.082529][ T5825] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 77.089679][ T5825] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 77.115625][ T5825] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 77.158700][ T51] Bluetooth: hci0: command tx timeout [ 77.158702][ T5830] Bluetooth: hci3: command tx timeout [ 77.158930][ T51] Bluetooth: hci1: command tx timeout [ 77.164398][ T5830] Bluetooth: hci2: command tx timeout [ 77.280198][ T5828] hsr_slave_0: entered promiscuous mode [ 77.287017][ T5828] hsr_slave_1: entered promiscuous mode [ 77.293583][ T5828] debugfs: 'hsr0' already exists in 'hsr' [ 77.299375][ T5828] Cannot create hsr debugfs directory [ 77.340344][ T5825] hsr_slave_0: entered promiscuous mode [ 77.346685][ T5825] hsr_slave_1: entered promiscuous mode [ 77.353244][ T5825] debugfs: 'hsr0' already exists in 'hsr' [ 77.359058][ T5825] Cannot create hsr debugfs directory [ 77.748380][ T5823] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 77.760798][ T5823] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 77.771128][ T5823] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 77.791472][ T5823] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 77.846128][ T5827] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 77.862067][ T5827] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 77.873354][ T5827] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 77.886175][ T5827] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 77.988774][ T5825] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 78.001827][ T5825] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 78.014456][ T5825] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 78.027310][ T5825] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 78.134758][ T5828] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 78.145403][ T5828] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 78.156260][ T5828] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 78.166822][ T5828] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 78.235588][ T5823] 8021q: adding VLAN 0 to HW filter on device bond0 [ 78.291007][ T5823] 8021q: adding VLAN 0 to HW filter on device team0 [ 78.305825][ T5827] 8021q: adding VLAN 0 to HW filter on device bond0 [ 78.321235][ T172] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.328599][ T172] bridge0: port 1(bridge_slave_0) entered forwarding state [ 78.365611][ T5827] 8021q: adding VLAN 0 to HW filter on device team0 [ 78.377012][ T106] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.384189][ T106] bridge0: port 2(bridge_slave_1) entered forwarding state [ 78.405382][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.412600][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 78.428805][ T5825] 8021q: adding VLAN 0 to HW filter on device bond0 [ 78.463367][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.470978][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 78.556178][ T5825] 8021q: adding VLAN 0 to HW filter on device team0 [ 78.593178][ T5828] 8021q: adding VLAN 0 to HW filter on device bond0 [ 78.602349][ T172] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.609556][ T172] bridge0: port 1(bridge_slave_0) entered forwarding state [ 78.649549][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.656711][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 78.686433][ T5828] 8021q: adding VLAN 0 to HW filter on device team0 [ 78.739708][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.746907][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 78.817401][ T106] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.824629][ T106] bridge0: port 2(bridge_slave_1) entered forwarding state [ 78.985022][ T5823] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 79.035503][ T5827] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 79.191820][ T5823] veth0_vlan: entered promiscuous mode [ 79.206930][ T5827] veth0_vlan: entered promiscuous mode [ 79.225219][ T5823] veth1_vlan: entered promiscuous mode [ 79.238507][ T5830] Bluetooth: hci1: command tx timeout [ 79.243952][ T5830] Bluetooth: hci3: command tx timeout [ 79.250788][ T5835] Bluetooth: hci0: command tx timeout [ 79.250942][ T51] Bluetooth: hci2: command tx timeout [ 79.271605][ T5827] veth1_vlan: entered promiscuous mode [ 79.365607][ T5827] veth0_macvtap: entered promiscuous mode [ 79.383531][ T5823] veth0_macvtap: entered promiscuous mode [ 79.398715][ T5823] veth1_macvtap: entered promiscuous mode [ 79.406167][ T5827] veth1_macvtap: entered promiscuous mode [ 79.423057][ T5825] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 79.446580][ T5828] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 79.465408][ T5823] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 79.485855][ T5823] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 79.501751][ T5827] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 79.525677][ T5827] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 79.550441][ T49] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.567199][ T106] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.578793][ T106] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.605022][ T106] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.617002][ T106] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.636846][ T106] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.647275][ T106] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.678103][ T106] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.755216][ T172] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 79.756111][ T5825] veth0_vlan: entered promiscuous mode [ 79.763799][ T172] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 79.815914][ T5825] veth1_vlan: entered promiscuous mode [ 79.823179][ T5828] veth0_vlan: entered promiscuous mode [ 79.852122][ T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 79.860233][ T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 79.863747][ T5828] veth1_vlan: entered promiscuous mode [ 79.895977][ T78] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 79.915164][ T78] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 79.918662][ T5825] veth0_macvtap: entered promiscuous mode [ 79.952170][ T5825] veth1_macvtap: entered promiscuous mode [ 80.005769][ T5823] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 80.024476][ T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 80.032954][ T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 80.056566][ T5828] veth0_macvtap: entered promiscuous mode [ 80.074432][ T5828] veth1_macvtap: entered promiscuous mode [ 80.089075][ T5825] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 80.144125][ T5825] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 80.177590][ T49] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.191708][ T49] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.212124][ T49] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.229497][ T78] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.249679][ T5828] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 80.314435][ T5828] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 80.364171][ T36] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.383530][ T36] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.403062][ T36] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.433258][ T36] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.539462][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 80.547316][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 80.682863][ T172] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 80.697882][ T172] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 80.783753][ T172] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 80.818767][ T172] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 80.952437][ T78] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 80.966720][ T78] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 81.086824][ T30] audit: type=1800 audit(1772967852.337:2): pid=5920 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.5" name="dbroot" dev="configfs" ino=7112 res=0 errno=0 [ 81.092459][ T5920] netlink: 28 bytes leftover after parsing attributes in process `syz.0.5'. [ 81.156314][ T5920] team0: Port device team_slave_1 removed [ 81.300086][ T5920] Zero length message leads to an empty skb [ 81.318988][ T51] Bluetooth: hci2: command tx timeout [ 81.319322][ T5830] Bluetooth: hci1: command tx timeout [ 81.324522][ T51] Bluetooth: hci3: command tx timeout [ 81.329986][ T5835] Bluetooth: hci0: command tx timeout [ 81.748942][ T5930] FAULT_INJECTION: forcing a failure. [ 81.748942][ T5930] name fail_futex, interval 1, probability 0, space 0, times 1 [ 81.838166][ T5930] CPU: 1 UID: 0 PID: 5930 Comm: syz.1.2 Not tainted syzkaller #0 PREEMPT(full) [ 81.838190][ T5930] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 81.838209][ T5930] Call Trace: [ 81.838215][ T5930] [ 81.838221][ T5930] dump_stack_lvl+0x100/0x190 [ 81.838253][ T5930] should_fail_ex.cold+0x5/0xa [ 81.838271][ T5930] get_futex_key+0x1d2/0x1620 [ 81.838291][ T5930] ? __pfx_get_futex_key+0x10/0x10 [ 81.838308][ T5930] ? cmp_ex_search+0x8b/0xb0 [ 81.838327][ T5930] ? bsearch+0x9e/0xd0 [ 81.838341][ T5930] ? __pfx_cmp_ex_search+0x10/0x10 [ 81.838361][ T5930] futex_wait_setup+0x83/0x510 [ 81.838388][ T5930] __futex_wait+0x19f/0x300 [ 81.838410][ T5930] ? __pfx___futex_wait+0x10/0x10 [ 81.838435][ T5930] ? __pfx_futex_wake_mark+0x10/0x10 [ 81.838458][ T5930] ? futex_hash+0x2c5/0x380 [ 81.838480][ T5930] futex_wait+0xed/0x380 [ 81.838501][ T5930] ? __pfx_futex_wait+0x10/0x10 [ 81.838526][ T5930] ? __get_user_nocheck_8+0x20/0x20 [ 81.838541][ T5930] ? do_vfs_ioctl+0x226/0x13e0 [ 81.838563][ T5930] do_futex+0x1ef/0x350 [ 81.838581][ T5930] ? __pfx_do_futex+0x10/0x10 [ 81.838601][ T5930] ? find_held_lock+0x2b/0x80 [ 81.838617][ T5930] __x64_sys_futex+0x34f/0x4d0 [ 81.838636][ T5930] ? __fget_files+0x21f/0x3d0 [ 81.838649][ T5930] ? __pfx___x64_sys_futex+0x10/0x10 [ 81.838674][ T5930] do_syscall_64+0x106/0xf80 [ 81.838691][ T5930] ? clear_bhb_loop+0x40/0x90 [ 81.838712][ T5930] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 81.838727][ T5930] RIP: 0033:0x7f140e39c799 [ 81.838741][ T5930] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 81.838757][ T5930] RSP: 002b:00007f140f2a90e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 81.838774][ T5930] RAX: ffffffffffffffda RBX: 00007f140e616098 RCX: 00007f140e39c799 [ 81.838784][ T5930] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f140e616098 [ 81.838793][ T5930] RBP: 00007f140e616090 R08: 0000000000000000 R09: 0000000000000000 [ 81.838802][ T5930] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 81.838810][ T5930] R13: 00007f140e616128 R14: 00007fff6b262650 R15: 00007fff6b262738 [ 81.838844][ T5930] [ 82.964747][ T5953] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 83.227709][ T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!! [ 83.377969][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 83.398241][ T5830] Bluetooth: hci1: command tx timeout [ 83.403730][ T5835] Bluetooth: hci0: command tx timeout [ 83.403778][ T5145] Bluetooth: hci2: command tx timeout [ 83.424886][ T51] Bluetooth: hci3: command tx timeout [ 83.457947][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 83.978014][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 83.995996][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 84.028350][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 84.306604][ T5969] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 84.401690][ T51] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 84.968910][ T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!! [ 85.145119][ T5976] process 'syz.1.16' launched './file0' with NULL argv: empty string added [ 85.321100][ T6001] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 86.402798][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 86.412877][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 86.438934][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 86.770637][ T797] cfg80211: failed to load regulatory.db [ 87.434791][ T6027] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 88.532463][ T6047] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 89.618340][ T6072] FAULT_INJECTION: forcing a failure. [ 89.618340][ T6072] name failslab, interval 1, probability 0, space 0, times 1 [ 89.697798][ T6072] CPU: 0 UID: 0 PID: 6072 Comm: syz.0.39 Not tainted syzkaller #0 PREEMPT(full) [ 89.697841][ T6072] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 89.697857][ T6072] Call Trace: [ 89.697867][ T6072] [ 89.697878][ T6072] dump_stack_lvl+0x100/0x190 [ 89.697928][ T6072] should_fail_ex.cold+0x5/0xa [ 89.697963][ T6072] should_failslab+0xc2/0x120 [ 89.697993][ T6072] __kmalloc_cache_noprof+0x7a/0x6f0 [ 89.698038][ T6072] ? call_usermodehelper_setup+0xaf/0x360 [ 89.698090][ T6072] ? __pfx_free_modprobe_argv+0x10/0x10 [ 89.698131][ T6072] call_usermodehelper_setup+0xaf/0x360 [ 89.698182][ T6072] __request_module+0x3c7/0x6c0 [ 89.698222][ T6072] ? __pfx___request_module+0x10/0x10 [ 89.698285][ T6072] ? __get_fs_type+0x12c/0x170 [ 89.698317][ T6072] ? __get_fs_type+0x12c/0x170 [ 89.698364][ T6072] get_fs_type+0xd7/0x190 [ 89.698397][ T6072] __x64_sys_fsopen+0xca/0x220 [ 89.698436][ T6072] do_syscall_64+0x106/0xf80 [ 89.698470][ T6072] ? clear_bhb_loop+0x40/0x90 [ 89.698506][ T6072] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 89.698536][ T6072] RIP: 0033:0x7f332099c799 [ 89.698560][ T6072] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 89.698589][ T6072] RSP: 002b:00007f33217a7028 EFLAGS: 00000246 ORIG_RAX: 00000000000001ae [ 89.698616][ T6072] RAX: ffffffffffffffda RBX: 00007f3320c16180 RCX: 00007f332099c799 [ 89.698636][ T6072] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 89.698652][ T6072] RBP: 00007f3320a32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 89.698669][ T6072] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 89.698686][ T6072] R13: 00007f3320c16218 R14: 00007f3320c16180 R15: 00007fff7600fa68 [ 89.698726][ T6072] [ 89.937024][ T6064] netlink: 326 bytes leftover after parsing attributes in process `syz.0.39'. [ 90.626510][ T6079] netlink: 4 bytes leftover after parsing attributes in process `syz.2.43'. [ 90.636987][ T6079] netlink: 25 bytes leftover after parsing attributes in process `syz.2.43'. [ 92.278560][ T6102] nbd: must specify at least one socket [ 92.576707][ T6110] FAULT_INJECTION: forcing a failure. [ 92.576707][ T6110] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 92.692358][ T6110] CPU: 1 UID: 0 PID: 6110 Comm: syz.3.49 Not tainted syzkaller #0 PREEMPT(full) [ 92.692389][ T6110] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 92.692399][ T6110] Call Trace: [ 92.692404][ T6110] [ 92.692410][ T6110] dump_stack_lvl+0x100/0x190 [ 92.692439][ T6110] should_fail_ex.cold+0x5/0xa [ 92.692455][ T6110] ? prepare_alloc_pages+0x16d/0x5f0 [ 92.692473][ T6110] should_fail_alloc_page+0xeb/0x140 [ 92.692491][ T6110] prepare_alloc_pages+0x1f0/0x5f0 [ 92.692508][ T6110] ? is_bpf_text_address+0x8a/0x1a0 [ 92.692528][ T6110] ? lock_release+0x263/0x320 [ 92.692548][ T6110] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 92.692569][ T6110] ? is_bpf_text_address+0x94/0x1a0 [ 92.692591][ T6110] ? kernel_text_address+0x8d/0x100 [ 92.692612][ T6110] ? __kernel_text_address+0xd/0x30 [ 92.692631][ T6110] ? unwind_get_return_address+0x59/0xa0 [ 92.692647][ T6110] ? arch_stack_walk+0xa6/0xf0 [ 92.692667][ T6110] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 92.692690][ T6110] ? __pfx_stack_trace_save+0x10/0x10 [ 92.692711][ T6110] ? add_lock_to_list+0x99/0x110 [ 92.692728][ T6110] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 92.692752][ T6110] ? policy_nodemask+0xed/0x4f0 [ 92.692769][ T6110] alloc_pages_mpol+0x1fb/0x550 [ 92.692793][ T6110] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 92.692809][ T6110] ? do_raw_spin_lock+0x128/0x260 [ 92.692829][ T6110] ? find_held_lock+0x2b/0x80 [ 92.692845][ T6110] ___kmalloc_large_node+0x104/0x150 [ 92.692866][ T6110] __kmalloc_large_noprof+0x1c/0x70 [ 92.692882][ T6110] ? get_task_mm+0xc7/0xf0 [ 92.692896][ T6110] vhost_dev_set_owner+0x2b6/0xa30 [ 92.692921][ T6110] vhost_net_ioctl+0xfa3/0x1910 [ 92.692939][ T6110] ? do_vfs_ioctl+0x226/0x13e0 [ 92.692961][ T6110] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 92.692980][ T6110] ? __pfx_vhost_net_ioctl+0x10/0x10 [ 92.693002][ T6110] ? find_held_lock+0x2b/0x80 [ 92.693015][ T6110] ? __fget_files+0x215/0x3d0 [ 92.693028][ T6110] ? hook_file_ioctl_common+0x146/0x410 [ 92.693055][ T6110] ? __fget_files+0x21f/0x3d0 [ 92.693071][ T6110] ? __pfx_vhost_net_ioctl+0x10/0x10 [ 92.693090][ T6110] __x64_sys_ioctl+0x18e/0x210 [ 92.693111][ T6110] do_syscall_64+0x106/0xf80 [ 92.693129][ T6110] ? clear_bhb_loop+0x40/0x90 [ 92.693147][ T6110] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 92.693162][ T6110] RIP: 0033:0x7f875c99c799 [ 92.693176][ T6110] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 92.693190][ T6110] RSP: 002b:00007f875abf6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 92.693204][ T6110] RAX: ffffffffffffffda RBX: 00007f875cc16090 RCX: 00007f875c99c799 [ 92.693214][ T6110] RDX: 0000000000000005 RSI: 000000000000af01 RDI: 0000000000000007 [ 92.693222][ T6110] RBP: 00007f875ca32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 92.693231][ T6110] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 92.693239][ T6110] R13: 00007f875cc16128 R14: 00007f875cc16090 R15: 00007ffe4a63c638 [ 92.693259][ T6110] [ 93.422515][ T6118] netlink: 8 bytes leftover after parsing attributes in process `syz.3.52'. [ 94.555052][ T6136] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 95.372242][ T6144] input: jJǸ-9%vJ86 as /devices/virtual/input/input6 [ 96.626972][ T6162] syz.1.62 uses obsolete (PF_INET,SOCK_PACKET) [ 97.845610][ T6178] hub 1-0:1.0: USB hub found [ 97.890935][ T6178] hub 1-0:1.0: 1 port detected [ 98.548471][ T6201] input: jJǸ-9%vJ86 as /devices/virtual/input/input7 [ 99.233134][ T6198] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input8 [ 100.040742][ T6239] syz.2.80 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 101.401978][ T6268] Invalid ELF header magic: != ELF [ 101.738460][ T6273] misc userio: Invalid payload size [ 102.725650][ T6285] serio: Serial port pty6 [ 103.003851][ T51] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 104.242751][ T6310] netlink: 334 bytes leftover after parsing attributes in process `syz.2.89'. [ 105.539004][ T6333] netlink: 28 bytes leftover after parsing attributes in process `syz.3.94'. [ 106.106270][ T6339] netlink: 4 bytes leftover after parsing attributes in process `syz.0.96'. [ 106.146261][ T6339] netlink: 354 bytes leftover after parsing attributes in process `syz.0.96'. [ 109.901606][ T6381] ======================================================= [ 109.901606][ T6381] WARNING: The mand mount option has been deprecated and [ 109.901606][ T6381] and is ignored by this kernel. Remove the mand [ 109.901606][ T6381] option from the mount to silence this warning. [ 109.901606][ T6381] ======================================================= [ 110.864690][ T6393] netlink: 'syz.2.107': attribute type 16 has an invalid length. [ 110.909828][ T6393] netlink: 294 bytes leftover after parsing attributes in process `syz.2.107'. [ 111.453576][ T6395] zswap: compressor w(<8.D z not available [ 114.189679][ T6309] Bluetooth: hci0: ACL packet for unknown connection handle 0 [ 115.222134][ T6449] netlink: 28 bytes leftover after parsing attributes in process `syz.3.119'. [ 115.254173][ T6449] bridge_slave_1: left allmulticast mode [ 115.287192][ T6449] bridge_slave_1: left promiscuous mode [ 115.331054][ T6449] bridge0: port 2(bridge_slave_1) entered disabled state [ 115.423269][ T6449] bridge_slave_0: left allmulticast mode [ 115.439491][ T6449] bridge_slave_0: left promiscuous mode [ 115.508977][ T6449] bridge0: port 1(bridge_slave_0) entered disabled state [ 115.703319][ T6428] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 115.712947][ T6428] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 115.827507][ T6428] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 115.863571][ T6428] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 115.877824][ T6428] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 115.952804][ T6428] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 116.003782][ T6428] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 116.060408][ T6428] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 116.084749][ T6428] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 116.156419][ T6428] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 116.198049][ T6309] Bluetooth: hci0: command 0x0c1a tx timeout [ 116.224331][ T6428] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 116.241484][ T6428] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 116.282953][ T6428] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 116.792886][ T6462] device-mapper: ioctl: Unable to rename non-existent device, to uuid [ 117.226761][ T6469] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 117.336082][ T6470] netlink: 4 bytes leftover after parsing attributes in process `syz.3.126'. [ 117.376749][ T6470] netlink: 'syz.3.126': attribute type 1 has an invalid length. [ 117.402932][ T6470] netlink: 5 bytes leftover after parsing attributes in process `syz.3.126'. [ 117.877831][ T6309] Bluetooth: hci1: command 0x0c1a tx timeout [ 118.118124][ T6309] Bluetooth: hci2: command 0x0c1a tx timeout [ 118.278248][ T6309] Bluetooth: hci3: command 0x0c1a tx timeout [ 118.285716][ T6309] Bluetooth: hci0: command 0x0c1a tx timeout [ 118.844961][ T30] audit: type=1800 audit(1772967890.097:3): pid=6494 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.133" name="dbroot" dev="configfs" ino=11836 res=0 errno=0 [ 119.958356][ T6309] Bluetooth: hci1: command 0x0c1a tx timeout [ 120.198666][ T6309] Bluetooth: hci2: command 0x0c1a tx timeout [ 120.359563][ T6309] Bluetooth: hci3: command 0x0c1a tx timeout [ 120.837692][ T6309] Bluetooth: hci0: command 0x0c1a tx timeout [ 120.896116][ T6491] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 121.338570][ T6491] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 121.344847][ T6491] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 121.478355][ T6491] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 122.875549][ T30] audit: type=1800 audit(1772967894.127:4): pid=6564 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.144" name="dbroot" dev="configfs" ino=11959 res=0 errno=0 [ 123.008304][ T6309] Bluetooth: hci1: command 0x0c1a tx timeout [ 123.193506][ T30] audit: type=1800 audit(1772967894.447:5): pid=6567 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.154" name="dbroot" dev="configfs" ino=11973 res=0 errno=0 [ 123.397740][ T6309] Bluetooth: hci2: command 0x0c1a tx timeout [ 123.557761][ T6309] Bluetooth: hci3: command 0x0c1a tx timeout [ 124.332249][ T6582] netlink: 28 bytes leftover after parsing attributes in process `syz.1.151'. [ 125.027925][ T30] audit: type=1800 audit(1772967896.287:6): pid=6597 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.157" name="dbroot" dev="configfs" ino=12084 res=0 errno=0 [ 125.078074][ T6309] Bluetooth: hci1: command 0x0c1a tx timeout [ 127.559912][ T30] audit: type=1800 audit(1772967898.817:7): pid=6633 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.167" name="dbroot" dev="configfs" ino=12240 res=0 errno=0 [ 127.908826][ T30] audit: type=1800 audit(1772967899.157:8): pid=6644 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.169" name="dbroot" dev="configfs" ino=12278 res=0 errno=0 [ 127.941705][ T6643] netlink: 28 bytes leftover after parsing attributes in process `syz.1.168'. [ 127.982184][ T6643] bridge_slave_1: left allmulticast mode [ 128.004130][ T6643] bridge_slave_1: left promiscuous mode [ 128.042851][ T6643] bridge0: port 2(bridge_slave_1) entered disabled state [ 128.149522][ T6643] bridge_slave_0: left allmulticast mode [ 128.155321][ T6643] bridge_slave_0: left promiscuous mode [ 128.162489][ T6643] bridge0: port 1(bridge_slave_0) entered disabled state [ 129.640708][ T6661] zswap: compressor not available [ 129.921494][ T30] audit: type=1800 audit(1772967901.177:9): pid=6672 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.177" name="dbroot" dev="configfs" ino=28832 res=0 errno=0 [ 130.177313][ T30] audit: type=1800 audit(1772967901.417:10): pid=6678 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.179" name="dbroot" dev="configfs" ino=28841 res=0 errno=0 [ 131.369465][ T6693] netlink: 28 bytes leftover after parsing attributes in process `syz.0.184'. [ 132.125173][ T30] audit: type=1800 audit(1772967903.347:11): pid=6705 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.188" name="dbroot" dev="configfs" ino=28952 res=0 errno=0 [ 132.276468][ T30] audit: type=1800 audit(1772967903.527:12): pid=6709 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.189" name="dbroot" dev="configfs" ino=28988 res=0 errno=0 [ 132.844991][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.851729][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.146057][ T6722] input: jJǸ-9%vJ86 as /devices/virtual/input/input9 [ 136.016737][ T30] audit: type=1800 audit(1772967907.267:13): pid=6743 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.197" name="dbroot" dev="configfs" ino=29135 res=0 errno=0 [ 136.181895][ T30] audit: type=1800 audit(1772967907.437:14): pid=6747 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.198" name="dbroot" dev="configfs" ino=29150 res=0 errno=0 [ 138.532410][ T6772] FAULT_INJECTION: forcing a failure. [ 138.532410][ T6772] name failslab, interval 1, probability 0, space 0, times 0 [ 138.641903][ T6772] CPU: 1 UID: 0 PID: 6772 Comm: syz.2.202 Not tainted syzkaller #0 PREEMPT(full) [ 138.641927][ T6772] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 138.641936][ T6772] Call Trace: [ 138.641942][ T6772] [ 138.641949][ T6772] dump_stack_lvl+0x100/0x190 [ 138.641976][ T6772] should_fail_ex.cold+0x5/0xa [ 138.641995][ T6772] should_failslab+0xc2/0x120 [ 138.642010][ T6772] __kvmalloc_node_noprof+0xfa/0xa00 [ 138.642032][ T6772] ? io_alloc_cache_init+0x38/0x170 [ 138.642055][ T6772] ? lockdep_init_map_type+0x5c/0x250 [ 138.642077][ T6772] io_alloc_cache_init+0x38/0x170 [ 138.642098][ T6772] io_uring_setup.cold+0x3cd/0x1d09 [ 138.642122][ T6772] ? __pfx_io_uring_setup+0x10/0x10 [ 138.642140][ T6772] ? do_futex+0x192/0x350 [ 138.642158][ T6772] ? __pfx_do_futex+0x10/0x10 [ 138.642185][ T6772] ? xfd_validate_state+0x129/0x190 [ 138.642210][ T6772] __x64_sys_io_uring_setup+0xc2/0x170 [ 138.642228][ T6772] do_syscall_64+0x106/0xf80 [ 138.642245][ T6772] ? clear_bhb_loop+0x40/0x90 [ 138.642263][ T6772] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 138.642278][ T6772] RIP: 0033:0x7f63a679c799 [ 138.642295][ T6772] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 138.642308][ T6772] RSP: 002b:00007f63a7576028 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 138.642323][ T6772] RAX: ffffffffffffffda RBX: 00007f63a6a16090 RCX: 00007f63a679c799 [ 138.642334][ T6772] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000001d48 [ 138.642342][ T6772] RBP: 00007f63a6832bd9 R08: 0000000000000000 R09: 0000000000000000 [ 138.642351][ T6772] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 138.642360][ T6772] R13: 00007f63a6a16128 R14: 00007f63a6a16090 R15: 00007fff9575df28 [ 138.642380][ T6772] [ 139.847383][ T30] audit: type=1800 audit(1772967911.097:15): pid=6788 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.208" name="dbroot" dev="configfs" ino=29308 res=0 errno=0 [ 139.890554][ T6788] netlink: 28 bytes leftover after parsing attributes in process `syz.0.208'. [ 139.944509][ T6785] netlink: 4 bytes leftover after parsing attributes in process `syz.3.205'. [ 141.378029][ T6802] mmap: syz.0.218 (6802) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 141.646892][ T6808] FAULT_INJECTION: forcing a failure. [ 141.646892][ T6808] name failslab, interval 1, probability 0, space 0, times 0 [ 141.682457][ T6810] netlink: 28 bytes leftover after parsing attributes in process `syz.2.212'. [ 141.708471][ T6808] CPU: 1 UID: 0 PID: 6808 Comm: syz.1.221 Not tainted syzkaller #0 PREEMPT(full) [ 141.708511][ T6808] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 141.708528][ T6808] Call Trace: [ 141.708538][ T6808] [ 141.708548][ T6808] dump_stack_lvl+0x100/0x190 [ 141.708597][ T6808] should_fail_ex.cold+0x5/0xa [ 141.708631][ T6808] should_failslab+0xc2/0x120 [ 141.708660][ T6808] __kmalloc_cache_noprof+0x7a/0x6f0 [ 141.708697][ T6808] ? system_heap_allocate+0xeb/0x1170 [ 141.708744][ T6808] system_heap_allocate+0xeb/0x1170 [ 141.708793][ T6808] ? __pfx_system_heap_allocate+0x10/0x10 [ 141.708833][ T6808] ? __might_fault+0xc5/0x140 [ 141.708886][ T6808] dma_heap_ioctl+0x37f/0x5e0 [ 141.708926][ T6808] ? __pfx_dma_heap_ioctl+0x10/0x10 [ 141.708960][ T6808] ? __x64_sys_close_range+0x2d9/0x5d0 [ 141.709002][ T6808] ? xfd_validate_state+0x129/0x190 [ 141.709053][ T6808] ? __pfx_dma_heap_ioctl+0x10/0x10 [ 141.709090][ T6808] __x64_sys_ioctl+0x18e/0x210 [ 141.709132][ T6808] do_syscall_64+0x106/0xf80 [ 141.709165][ T6808] ? clear_bhb_loop+0x40/0x90 [ 141.709201][ T6808] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 141.709229][ T6808] RIP: 0033:0x7f140e39c799 [ 141.709252][ T6808] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 141.709278][ T6808] RSP: 002b:00007f140f2ca028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 141.709305][ T6808] RAX: ffffffffffffffda RBX: 00007f140e615fa0 RCX: 00007f140e39c799 [ 141.709323][ T6808] RDX: 0000200000000140 RSI: ffffffffffdffe00 RDI: 0000000000000000 [ 141.709340][ T6808] RBP: 00007f140e432bd9 R08: 0000000000000000 R09: 0000000000000000 [ 141.709357][ T6808] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 141.709373][ T6808] R13: 00007f140e616038 R14: 00007f140e615fa0 R15: 00007fff6b262738 [ 141.709409][ T6808] [ 142.090182][ T6810] bridge_slave_1: left allmulticast mode [ 142.124689][ T6810] bridge_slave_1: left promiscuous mode [ 142.130664][ T6810] bridge0: port 2(bridge_slave_1) entered disabled state [ 142.228716][ T6810] bridge_slave_0: left allmulticast mode [ 142.262736][ T6810] bridge_slave_0: left promiscuous mode [ 142.298048][ T6810] bridge0: port 1(bridge_slave_0) entered disabled state [ 142.348028][ T30] audit: type=1800 audit(1772967913.597:16): pid=6817 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.214" name="dbroot" dev="configfs" ino=29414 res=0 errno=0 [ 142.694704][ T30] audit: type=1800 audit(1772967913.947:17): pid=6819 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.225" name="dbroot" dev="configfs" ino=29433 res=0 errno=0 [ 146.675417][ T6849] zswap: compressor not available [ 147.520338][ T30] audit: type=1800 audit(1772967918.762:18): pid=6873 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.228" name="dbroot" dev="configfs" ino=29639 res=0 errno=0 [ 147.716035][ T6874] can: request_module (can-proto-4) failed. [ 149.138805][ T6887] netlink: 'syz.1.234': attribute type 1 has an invalid length. [ 149.146501][ T6887] netlink: 9 bytes leftover after parsing attributes in process `syz.1.234'. [ 151.652383][ T6916] netlink: 4 bytes leftover after parsing attributes in process `syz.1.239'. [ 151.971664][ T6927] netlink: 4 bytes leftover after parsing attributes in process `syz.0.242'. [ 152.016559][ T6927] netlink: 354 bytes leftover after parsing attributes in process `syz.0.242'. [ 152.318597][ T6921] syz.2.241 (6921) used greatest stack depth: 19672 bytes left [ 157.212051][ T6972] netlink: 28 bytes leftover after parsing attributes in process `syz.2.257'. [ 157.289179][ T6973] FAULT_INJECTION: forcing a failure. [ 157.289179][ T6973] name failslab, interval 1, probability 0, space 0, times 0 [ 157.388873][ T6973] CPU: 1 UID: 0 PID: 6973 Comm: syz.0.256 Not tainted syzkaller #0 PREEMPT(full) [ 157.388911][ T6973] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 157.388927][ T6973] Call Trace: [ 157.388936][ T6973] [ 157.388945][ T6973] dump_stack_lvl+0x100/0x190 [ 157.388987][ T6973] should_fail_ex.cold+0x5/0xa [ 157.389007][ T6973] should_failslab+0xc2/0x120 [ 157.389024][ T6973] __kvmalloc_node_noprof+0xfa/0xa00 [ 157.389047][ T6973] ? io_alloc_cache_init+0x38/0x170 [ 157.389068][ T6973] ? lockdep_init_map_type+0x5c/0x250 [ 157.389093][ T6973] io_alloc_cache_init+0x38/0x170 [ 157.389114][ T6973] io_uring_setup.cold+0x3cd/0x1d09 [ 157.389138][ T6973] ? __pfx_io_uring_setup+0x10/0x10 [ 157.389157][ T6973] ? do_futex+0x192/0x350 [ 157.389175][ T6973] ? __pfx_do_futex+0x10/0x10 [ 157.389202][ T6973] ? xfd_validate_state+0x129/0x190 [ 157.389227][ T6973] __x64_sys_io_uring_setup+0xc2/0x170 [ 157.389245][ T6973] do_syscall_64+0x106/0xf80 [ 157.389263][ T6973] ? clear_bhb_loop+0x40/0x90 [ 157.389280][ T6973] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 157.389295][ T6973] RIP: 0033:0x7f332099c799 [ 157.389308][ T6973] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 157.389322][ T6973] RSP: 002b:00007f33217c8028 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 157.389336][ T6973] RAX: ffffffffffffffda RBX: 00007f3320c16090 RCX: 00007f332099c799 [ 157.389346][ T6973] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000001d48 [ 157.389354][ T6973] RBP: 00007f3320a32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 157.389362][ T6973] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 157.389370][ T6973] R13: 00007f3320c16128 R14: 00007f3320c16090 R15: 00007fff7600fa68 [ 157.389390][ T6973] [ 159.356793][ T6987] netlink: 4 bytes leftover after parsing attributes in process `syz.3.261'. [ 159.424155][ T6987] netlink: 354 bytes leftover after parsing attributes in process `syz.3.261'. [ 159.788597][ T6992] futex_wake_op: syz.3.262 tries to shift op by -2048; fix this program [ 159.937667][ T6992] futex_wake_op: syz.3.262 tries to shift op by -2048; fix this program [ 159.993586][ T6996] 0x000000000001-0x000000020000 : "" [ 160.132887][ T6996] ftl_cs: FTL header corrupt! [ 160.164502][ T6995] Console: switching to colour VGA+ 80x25 [ 160.449691][ T6995] Console: switching to colour frame buffer device 128x48 [ 160.503111][ T7001] binder: 7000:7001 ioctl c018620c 2000000000c0 returned -22 [ 160.899643][ T7010] netlink: 28 bytes leftover after parsing attributes in process `syz.3.267'. [ 163.290980][ T7027] random: crng reseeded on system resumption [ 168.221302][ T7062] netlink: 28 bytes leftover after parsing attributes in process `syz.2.277'. [ 169.496263][ T7075] FAULT_INJECTION: forcing a failure. [ 169.496263][ T7075] name fail_futex, interval 1, probability 0, space 0, times 0 [ 169.509623][ T7075] CPU: 1 UID: 0 PID: 7075 Comm: syz.3.281 Not tainted syzkaller #0 PREEMPT(full) [ 169.509659][ T7075] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 169.509676][ T7075] Call Trace: [ 169.509684][ T7075] [ 169.509694][ T7075] dump_stack_lvl+0x100/0x190 [ 169.509742][ T7075] should_fail_ex.cold+0x5/0xa [ 169.509777][ T7075] should_fail_futex+0x4c/0x60 [ 169.509810][ T7075] futex_lock_pi_atomic+0xe7/0xaf0 [ 169.509858][ T7075] futex_lock_pi+0x246/0x7b0 [ 169.509899][ T7075] ? __pfx_futex_lock_pi+0x10/0x10 [ 169.509942][ T7075] ? __pfx___futex_wait+0x10/0x10 [ 169.509983][ T7075] ? lockdep_hardirqs_on+0x78/0x100 [ 169.510050][ T7075] ? __pfx_futex_wake_mark+0x10/0x10 [ 169.510101][ T7075] ? ksys_write+0x190/0x250 [ 169.510125][ T7075] ? ksys_write+0x190/0x250 [ 169.510158][ T7075] do_futex+0x18a/0x350 [ 169.510194][ T7075] ? __pfx_do_futex+0x10/0x10 [ 169.510241][ T7075] __x64_sys_futex+0x34f/0x4d0 [ 169.510282][ T7075] ? __pfx___x64_sys_futex+0x10/0x10 [ 169.510333][ T7075] do_syscall_64+0x106/0xf80 [ 169.510365][ T7075] ? clear_bhb_loop+0x40/0x90 [ 169.510400][ T7075] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 169.510429][ T7075] RIP: 0033:0x7f875c99c799 [ 169.510453][ T7075] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 169.510479][ T7075] RSP: 002b:00007f875d78d028 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 169.510512][ T7075] RAX: ffffffffffffffda RBX: 00007f875cc15fa0 RCX: 00007f875c99c799 [ 169.510531][ T7075] RDX: 000000000000001f RSI: 0000000000000006 RDI: 0000000000000000 [ 169.510548][ T7075] RBP: 00007f875ca32bd9 R08: 0000000000000000 R09: 000000008000fff5 [ 169.510566][ T7075] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 169.510582][ T7075] R13: 00007f875cc16038 R14: 00007f875cc15fa0 R15: 00007ffe4a63c638 [ 169.510621][ T7075] [ 170.498315][ C1] process 5827 (syz-executor) no longer affine to cpu1 [ 170.501175][ T22] process 7086 (syz.0.285) no longer affine to cpu1 [ 170.501241][ T22] process 7085 (syz.0.285) no longer affine to cpu1 [ 170.708844][ T7075] smpboot: CPU 1 is now offline [ 171.067122][ T7090] Invalid ELF header magic: != ELF [ 171.263479][ T7094] random: crng reseeded on system resumption [ 171.688909][ T7098] netlink: 504 bytes leftover after parsing attributes in process `syz.1.287'. [ 172.131697][ T7100] netlink: 4 bytes leftover after parsing attributes in process `syz.1.288'. [ 172.232846][ T7101] netlink: 354 bytes leftover after parsing attributes in process `syz.1.288'. [ 172.659001][ T7107] netlink: 28 bytes leftover after parsing attributes in process `syz.1.290'. [ 173.440019][ T7114] FAULT_INJECTION: forcing a failure. [ 173.440019][ T7114] name failslab, interval 1, probability 0, space 0, times 0 [ 173.577835][ T7114] CPU: 0 UID: 0 PID: 7114 Comm: syz.1.292 Not tainted syzkaller #0 PREEMPT(full) [ 173.577859][ T7114] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 173.577868][ T7114] Call Trace: [ 173.577874][ T7114] [ 173.577881][ T7114] dump_stack_lvl+0x100/0x190 [ 173.577907][ T7114] should_fail_ex.cold+0x5/0xa [ 173.577925][ T7114] should_failslab+0xc2/0x120 [ 173.577941][ T7114] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 173.577964][ T7114] ? tracefs_alloc_inode+0x2c/0x140 [ 173.577989][ T7114] ? __pfx_tracefs_alloc_inode+0x10/0x10 [ 173.578011][ T7114] tracefs_alloc_inode+0x2c/0x140 [ 173.578031][ T7114] ? __pfx_tracefs_alloc_inode+0x10/0x10 [ 173.578054][ T7114] alloc_inode+0x68/0x250 [ 173.578073][ T7114] new_inode+0x22/0x1c0 [ 173.578093][ T7114] tracefs_get_inode+0x19/0x80 [ 173.578114][ T7114] eventfs_get_inode+0x53/0x520 [ 173.578140][ T7114] eventfs_root_lookup+0x23c/0xa50 [ 173.578156][ T7114] ? __pfx_eventfs_root_lookup+0x10/0x10 [ 173.578173][ T7114] ? lockdep_init_map_type+0x5c/0x250 [ 173.578195][ T7114] ? lockdep_init_map_type+0x5c/0x250 [ 173.578217][ T7114] __lookup_slow+0x251/0x460 [ 173.578237][ T7114] ? __pfx___lookup_slow+0x10/0x10 [ 173.578266][ T7114] ? __d_lookup+0x266/0x4a0 [ 173.578289][ T7114] lookup_slow+0x50/0x70 [ 173.578308][ T7114] link_path_walk+0x1377/0x1cc0 [ 173.578337][ T7114] path_openat+0x1be/0x31a0 [ 173.578350][ T7114] ? kasan_save_stack+0x3f/0x50 [ 173.578370][ T7114] ? kasan_save_stack+0x30/0x50 [ 173.578390][ T7114] ? kasan_save_track+0x14/0x30 [ 173.578410][ T7114] ? kmem_cache_alloc_noprof+0x241/0x6e0 [ 173.578436][ T7114] ? __pfx_path_openat+0x10/0x10 [ 173.578458][ T7114] do_file_open+0x20e/0x430 [ 173.578474][ T7114] ? __pfx_do_file_open+0x10/0x10 [ 173.578503][ T7114] ? alloc_fd+0x476/0x790 [ 173.578519][ T7114] ? do_getname+0x191/0x390 [ 173.578538][ T7114] do_sys_openat2+0x10d/0x1e0 [ 173.578557][ T7114] ? __pfx_do_sys_openat2+0x10/0x10 [ 173.578583][ T7114] __x64_sys_openat+0x12d/0x210 [ 173.578602][ T7114] ? __pfx___x64_sys_openat+0x10/0x10 [ 173.578628][ T7114] do_syscall_64+0x106/0xf80 [ 173.578645][ T7114] ? clear_bhb_loop+0x40/0x90 [ 173.578663][ T7114] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 173.578678][ T7114] RIP: 0033:0x7f140e39c799 [ 173.578692][ T7114] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 173.578708][ T7114] RSP: 002b:00007f140f2a9028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 173.578723][ T7114] RAX: ffffffffffffffda RBX: 00007f140e616090 RCX: 00007f140e39c799 [ 173.578733][ T7114] RDX: 0000000000000400 RSI: 00002000000001c0 RDI: ffffffffffffff9c [ 173.578743][ T7114] RBP: 00007f140e432bd9 R08: 0000000000000000 R09: 0000000000000000 [ 173.578752][ T7114] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 173.578760][ T7114] R13: 00007f140e616128 R14: 00007f140e616090 R15: 00007fff6b262738 [ 173.578780][ T7114] [ 184.277691][ T6309] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 184.574037][ T7217] netlink: 28 bytes leftover after parsing attributes in process `syz.0.313'. [ 185.180190][ T7226] FAULT_INJECTION: forcing a failure. [ 185.180190][ T7226] name failslab, interval 1, probability 0, space 0, times 0 [ 185.397499][ T7226] CPU: 0 UID: 0 PID: 7226 Comm: syz.0.315 Not tainted syzkaller #0 PREEMPT(full) [ 185.397522][ T7226] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 185.397544][ T7226] Call Trace: [ 185.397550][ T7226] [ 185.397556][ T7226] dump_stack_lvl+0x100/0x190 [ 185.397586][ T7226] should_fail_ex.cold+0x5/0xa [ 185.397604][ T7226] should_failslab+0xc2/0x120 [ 185.397619][ T7226] __kmalloc_cache_noprof+0x7a/0x6f0 [ 185.397638][ T7226] ? do_signalfd4+0x14e/0x480 [ 185.397659][ T7226] do_signalfd4+0x14e/0x480 [ 185.397677][ T7226] __x64_sys_signalfd+0x120/0x1a0 [ 185.397695][ T7226] ? __pfx___x64_sys_signalfd+0x10/0x10 [ 185.397718][ T7226] do_syscall_64+0x106/0xf80 [ 185.397735][ T7226] ? clear_bhb_loop+0x40/0x90 [ 185.397753][ T7226] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 185.397767][ T7226] RIP: 0033:0x7f332099c799 [ 185.397780][ T7226] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 185.397794][ T7226] RSP: 002b:00007f33217c8028 EFLAGS: 00000246 ORIG_RAX: 000000000000011a [ 185.397808][ T7226] RAX: ffffffffffffffda RBX: 00007f3320c16090 RCX: 00007f332099c799 [ 185.397817][ T7226] RDX: 0000000000000008 RSI: 00002000000000c0 RDI: ffffffffffffffff [ 185.397826][ T7226] RBP: 00007f3320a32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 185.397834][ T7226] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 185.397842][ T7226] R13: 00007f3320c16128 R14: 00007f3320c16090 R15: 00007fff7600fa68 [ 185.397862][ T7226] [ 186.082004][ T6309] Bluetooth: hci3: unexpected event 0x32 length: 727 > 9 [ 187.917946][ T7252] can0: slcan on ttyS2. [ 188.198478][ T7254] can0 (unregistered): slcan off ttyS2. [ 191.364650][ T7302] futex_wake_op: syz.3.329 tries to shift op by -2048; fix this program [ 191.455569][ T7302] futex_wake_op: syz.3.329 tries to shift op by -2048; fix this program [ 191.545374][ T7307] 0x000000000001-0x000000020000 : "" [ 191.682896][ T7307] ftl_cs: FTL header corrupt! [ 192.477479][ T7325] netlink: 4 bytes leftover after parsing attributes in process `syz.2.334'. [ 192.584875][ T7330] netlink: 'syz.2.334': attribute type 1 has an invalid length. [ 192.584906][ T7330] netlink: 342 bytes leftover after parsing attributes in process `syz.2.334'. [ 192.888883][ T7331] netlink: 28 bytes leftover after parsing attributes in process `syz.3.333'. [ 193.024409][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 193.024462][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 193.399038][ T6724] netdevsim netdevsim1335 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 194.176349][ T7345] can: request_module (can-proto-5) failed. [ 194.458603][ T7345] netlink: 186 bytes leftover after parsing attributes in process `syz.3.339'. [ 194.834213][ T7357] netlink: 306 bytes leftover after parsing attributes in process `syz.2.343'. [ 195.163394][ T7345] capability: warning: `syz.3.339' uses 32-bit capabilities (legacy support in use) [ 195.426159][ T7363] ubi0: attaching mtd0 [ 195.508666][ T7363] ubi0: scanning is finished [ 195.561730][ T7363] ubi0: empty MTD device detected [ 195.677302][ T30] audit: type=1800 audit(1772967966.922:19): pid=7371 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.348" name="dbroot" dev="configfs" ino=89132 res=0 errno=0 [ 195.729592][ T7371] netlink: 28 bytes leftover after parsing attributes in process `syz.3.348'. [ 195.925269][ T7371] team0: Port device team_slave_1 removed [ 196.137659][ T7363] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 196.248028][ T7363] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 196.255280][ T7363] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 196.367013][ T7363] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 196.434837][ T7363] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 196.518097][ T7363] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 196.590326][ T7363] ubi0: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 1719182956 [ 196.673198][ T7363] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 196.797969][ T7377] ubi0: background thread "ubi_bgt0d" started, PID 7377 [ 196.808891][ T7367] ubi0: detaching mtd0 [ 196.893403][ T7367] ubi0: mtd0 is detached [ 199.889873][ T7410] random: crng reseeded on system resumption [ 204.578174][ T7448] hugetlbfs: syz.3.365 (7448): Using mlock ulimits for SHM_HUGETLB is obsolete [ 205.646714][ T7456] FAULT_INJECTION: forcing a failure. [ 205.646714][ T7456] name failslab, interval 1, probability 0, space 0, times 0 [ 205.851037][ T7456] CPU: 0 UID: 0 PID: 7456 Comm: syz.3.367 Not tainted syzkaller #0 PREEMPT(full) [ 205.851076][ T7456] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 205.851086][ T7456] Call Trace: [ 205.851091][ T7456] [ 205.851097][ T7456] dump_stack_lvl+0x100/0x190 [ 205.851124][ T7456] should_fail_ex.cold+0x5/0xa [ 205.851143][ T7456] should_failslab+0xc2/0x120 [ 205.851162][ T7456] __kmalloc_cache_noprof+0x7a/0x6f0 [ 205.851181][ T7456] ? snd_seq_port_connect+0x61/0x560 [ 205.851201][ T7456] ? snd_seq_port_use_ptr+0x14d/0x1b0 [ 205.851221][ T7456] ? snd_seq_port_use_ptr+0x14d/0x1b0 [ 205.851243][ T7456] snd_seq_port_connect+0x61/0x560 [ 205.851263][ T7456] ? _raw_read_unlock+0x28/0x50 [ 205.851278][ T7456] ? check_subscription_permission.isra.0+0x146/0x240 [ 205.851302][ T7456] snd_seq_ioctl_subscribe_port+0x219/0x490 [ 205.851326][ T7456] ? __pfx_snd_seq_ioctl_subscribe_port+0x10/0x10 [ 205.851358][ T7456] call_seq_client_ctl+0xa3/0x130 [ 205.851380][ T7456] snd_seq_kernel_client_ctl+0x77/0xd0 [ 205.851401][ T7456] snd_seq_oss_midi_open+0x5ad/0x6b0 [ 205.851418][ T7456] ? __pfx_snd_seq_oss_midi_open+0x10/0x10 [ 205.851446][ T7456] snd_seq_oss_synth_setup_midi+0x131/0x590 [ 205.851466][ T7456] snd_seq_oss_open+0x82e/0xa10 [ 205.851491][ T7456] odev_open+0x79/0xc0 [ 205.851509][ T7456] ? __pfx_odev_open+0x10/0x10 [ 205.851527][ T7456] soundcore_open+0x2e3/0x5a0 [ 205.851550][ T7456] ? __pfx_soundcore_open+0x10/0x10 [ 205.851569][ T7456] chrdev_open+0x234/0x6a0 [ 205.851584][ T7456] ? __pfx_apparmor_file_open+0x10/0x10 [ 205.851605][ T7456] ? __pfx_chrdev_open+0x10/0x10 [ 205.851621][ T7456] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 205.851640][ T7456] do_dentry_open+0x6d8/0x1660 [ 205.851662][ T7456] ? __pfx_chrdev_open+0x10/0x10 [ 205.851682][ T7456] vfs_open+0x82/0x3f0 [ 205.851703][ T7456] path_openat+0x208c/0x31a0 [ 205.851725][ T7456] ? __pfx_path_openat+0x10/0x10 [ 205.851748][ T7456] do_file_open+0x20e/0x430 [ 205.851765][ T7456] ? __pfx_do_file_open+0x10/0x10 [ 205.851794][ T7456] ? alloc_fd+0x476/0x790 [ 205.851810][ T7456] ? do_getname+0x191/0x390 [ 205.851829][ T7456] do_sys_openat2+0x10d/0x1e0 [ 205.851847][ T7456] ? __pfx_do_sys_openat2+0x10/0x10 [ 205.851867][ T7456] ? find_held_lock+0x2b/0x80 [ 205.851885][ T7456] __x64_sys_openat+0x12d/0x210 [ 205.851905][ T7456] ? __pfx___x64_sys_openat+0x10/0x10 [ 205.851931][ T7456] do_syscall_64+0x106/0xf80 [ 205.851948][ T7456] ? clear_bhb_loop+0x40/0x90 [ 205.851966][ T7456] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 205.851981][ T7456] RIP: 0033:0x7f875c99c799 [ 205.851995][ T7456] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 205.852008][ T7456] RSP: 002b:00007f875d78d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 205.852022][ T7456] RAX: ffffffffffffffda RBX: 00007f875cc15fa0 RCX: 00007f875c99c799 [ 205.852032][ T7456] RDX: 0000000000000002 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 205.852042][ T7456] RBP: 00007f875ca32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 205.852050][ T7456] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 205.852059][ T7456] R13: 00007f875cc16038 R14: 00007f875cc15fa0 R15: 00007ffe4a63c638 [ 205.852082][ T7456] [ 208.349349][ T7467] device-mapper: ioctl: device name cannot contain '/' [ 209.438899][ T7482] netlink: 4 bytes leftover after parsing attributes in process `syz.0.376'. [ 209.488731][ T7480] can0: slcan on ttyS2. [ 209.546494][ T7482] netlink: 'syz.0.376': attribute type 1 has an invalid length. [ 209.621902][ T7482] netlink: 'syz.0.376': attribute type 6 has an invalid length. [ 209.852537][ T7478] can0 (unregistered): slcan off ttyS2. [ 212.812292][ T7530] netlink: 330 bytes leftover after parsing attributes in process `syz.1.384'. [ 212.916322][ T7530] mac80211_hwsim hwsim7 : renamed from wlan0 (while UP) [ 213.880447][ T7542] netlink: 28 bytes leftover after parsing attributes in process `syz.1.387'. [ 214.070581][ T7542] team0: Port device team_slave_1 removed [ 214.212979][ T30] audit: type=1800 audit(1772986329.468:20): pid=7551 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.388" name="SYSV00000008" dev="tmpfs" ino=0 res=0 errno=0 [ 217.970396][ T7595] netlink: 4 bytes leftover after parsing attributes in process `syz.1.399'. [ 218.067810][ T7595] netlink: 'syz.1.399': attribute type 1 has an invalid length. [ 218.145075][ T7595] netlink: 5 bytes leftover after parsing attributes in process `syz.1.399'. [ 218.668660][ T30] audit: type=1800 audit(1772986333.888:21): pid=7617 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.403" name="dbroot" dev="configfs" ino=108078 res=0 errno=0 [ 218.704430][ T7617] netlink: 28 bytes leftover after parsing attributes in process `syz.1.403'. [ 220.769834][ T7639] FAULT_INJECTION: forcing a failure. [ 220.769834][ T7639] name failslab, interval 1, probability 0, space 0, times 0 [ 220.907966][ T7639] CPU: 0 UID: 0 PID: 7639 Comm: syz.1.407 Not tainted syzkaller #0 PREEMPT(full) [ 220.907991][ T7639] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 220.908000][ T7639] Call Trace: [ 220.908005][ T7639] [ 220.908011][ T7639] dump_stack_lvl+0x100/0x190 [ 220.908038][ T7639] should_fail_ex.cold+0x5/0xa [ 220.908057][ T7639] should_failslab+0xc2/0x120 [ 220.908073][ T7639] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 220.908095][ T7639] ? alloc_inode+0x183/0x250 [ 220.908114][ T7639] ? find_inode_fast+0x1fa/0x910 [ 220.908135][ T7639] alloc_inode+0x183/0x250 [ 220.908154][ T7639] iget_locked+0x1d9/0x6d0 [ 220.908173][ T7639] ? __pfx_iget_locked+0x10/0x10 [ 220.908190][ T7639] ? kernfs_root+0xee/0x2a0 [ 220.908228][ T7639] ? kernfs_root+0xee/0x2a0 [ 220.908252][ T7639] kernfs_get_inode+0x46/0x470 [ 220.908274][ T7639] kernfs_iop_lookup+0x1a7/0x2d0 [ 220.908297][ T7639] __lookup_slow+0x251/0x460 [ 220.908317][ T7639] ? __pfx___lookup_slow+0x10/0x10 [ 220.908346][ T7639] ? __d_lookup+0x266/0x4a0 [ 220.908370][ T7639] lookup_slow+0x50/0x70 [ 220.908388][ T7639] link_path_walk+0x1377/0x1cc0 [ 220.908416][ T7639] path_openat+0x1be/0x31a0 [ 220.908430][ T7639] ? kasan_save_stack+0x3f/0x50 [ 220.908450][ T7639] ? kasan_save_stack+0x30/0x50 [ 220.908470][ T7639] ? kasan_save_track+0x14/0x30 [ 220.908498][ T7639] ? kmem_cache_alloc_noprof+0x241/0x6e0 [ 220.908525][ T7639] ? __pfx_path_openat+0x10/0x10 [ 220.908547][ T7639] do_file_open+0x20e/0x430 [ 220.908564][ T7639] ? __pfx_do_file_open+0x10/0x10 [ 220.908594][ T7639] ? alloc_fd+0x476/0x790 [ 220.908611][ T7639] ? do_getname+0x191/0x390 [ 220.908630][ T7639] do_sys_openat2+0x10d/0x1e0 [ 220.908650][ T7639] ? __pfx_do_sys_openat2+0x10/0x10 [ 220.908676][ T7639] __x64_sys_openat+0x12d/0x210 [ 220.908695][ T7639] ? __pfx___x64_sys_openat+0x10/0x10 [ 220.908721][ T7639] do_syscall_64+0x106/0xf80 [ 220.908738][ T7639] ? clear_bhb_loop+0x40/0x90 [ 220.908756][ T7639] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 220.908772][ T7639] RIP: 0033:0x7f140e39c799 [ 220.908785][ T7639] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 220.908799][ T7639] RSP: 002b:00007f140f2ca028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 220.908814][ T7639] RAX: ffffffffffffffda RBX: 00007f140e615fa0 RCX: 00007f140e39c799 [ 220.908823][ T7639] RDX: 0000000000183841 RSI: 0000200000000280 RDI: ffffffffffffff9c [ 220.908832][ T7639] RBP: 00007f140e432bd9 R08: 0000000000000000 R09: 0000000000000000 [ 220.908840][ T7639] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 220.908848][ T7639] R13: 00007f140e616038 R14: 00007f140e615fa0 R15: 00007fff6b262738 [ 220.908868][ T7639] [ 224.191689][ T7651] Invalid ELF header magic: != ELF [ 229.361011][ T7700] FAULT_INJECTION: forcing a failure. [ 229.361011][ T7700] name failslab, interval 1, probability 0, space 0, times 0 [ 229.491818][ T7700] CPU: 0 UID: 0 PID: 7700 Comm: syz.1.418 Not tainted syzkaller #0 PREEMPT(full) [ 229.491842][ T7700] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 229.491851][ T7700] Call Trace: [ 229.491857][ T7700] [ 229.491863][ T7700] dump_stack_lvl+0x100/0x190 [ 229.491891][ T7700] should_fail_ex.cold+0x5/0xa [ 229.491910][ T7700] should_failslab+0xc2/0x120 [ 229.491925][ T7700] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 229.491948][ T7700] ? __d_alloc+0x34/0xa80 [ 229.491969][ T7700] __d_alloc+0x34/0xa80 [ 229.491986][ T7700] d_alloc_pseudo+0x1c/0xc0 [ 229.492006][ T7700] alloc_file_pseudo+0xcf/0x230 [ 229.492032][ T7700] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 229.492057][ T7700] __shmem_file_setup+0x221/0x490 [ 229.492078][ T7700] ? __pfx___shmem_file_setup+0x10/0x10 [ 229.492101][ T7700] ? vm_area_alloc+0x1f/0x160 [ 229.492123][ T7700] shmem_zero_setup+0x96/0x1b0 [ 229.492146][ T7700] __mmap_region+0x2198/0x29e0 [ 229.492171][ T7700] ? __pfx___mmap_region+0x10/0x10 [ 229.492195][ T7700] ? set_next_entity+0x11e/0x9c0 [ 229.492219][ T7700] ? __lock_acquire+0x4a5/0x2630 [ 229.492237][ T7700] ? update_cfs_rq_load_avg+0x51/0x550 [ 229.492261][ T7700] ? find_held_lock+0x2b/0x80 [ 229.492273][ T7700] ? finish_task_switch.isra.0+0x200/0xb80 [ 229.492288][ T7700] ? finish_task_switch.isra.0+0x200/0xb80 [ 229.492311][ T7700] ? trace_sched_exit_tp+0x13a/0x180 [ 229.492327][ T7700] ? __schedule+0x1000/0x6120 [ 229.492367][ T7700] ? rcu_is_watching+0x12/0xc0 [ 229.492388][ T7700] ? cap_capable+0x107/0x460 [ 229.492412][ T7700] mmap_region+0x180/0x3e0 [ 229.492436][ T7700] do_mmap+0xc63/0x12f0 [ 229.492456][ T7700] ? __pfx_do_mmap+0x10/0x10 [ 229.492472][ T7700] ? __pfx_down_write_killable+0x10/0x10 [ 229.492496][ T7700] vm_mmap_pgoff+0x29e/0x470 [ 229.492516][ T7700] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 229.492533][ T7700] ? do_futex+0x192/0x350 [ 229.492551][ T7700] ? __pfx_do_futex+0x10/0x10 [ 229.492573][ T7700] ksys_mmap_pgoff+0xe1/0x650 [ 229.492588][ T7700] ? __x64_sys_futex+0x34f/0x4d0 [ 229.492605][ T7700] ? __x64_sys_futex+0x358/0x4d0 [ 229.492623][ T7700] ? __pfx_ksys_mmap_pgoff+0x10/0x10 [ 229.492638][ T7700] ? xfd_validate_state+0x129/0x190 [ 229.492663][ T7700] __x64_sys_mmap+0x125/0x190 [ 229.492686][ T7700] do_syscall_64+0x106/0xf80 [ 229.492702][ T7700] ? clear_bhb_loop+0x40/0x90 [ 229.492720][ T7700] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 229.492735][ T7700] RIP: 0033:0x7f140e39c799 [ 229.492749][ T7700] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 229.492763][ T7700] RSP: 002b:00007f140f2ca028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 229.492778][ T7700] RAX: ffffffffffffffda RBX: 00007f140e615fa0 RCX: 00007f140e39c799 [ 229.492787][ T7700] RDX: 0000000000000003 RSI: 0000000002020009 RDI: 0000000000000000 [ 229.492796][ T7700] RBP: 00007f140e432bd9 R08: fffffffffffffffa R09: 0000000000008000 [ 229.492805][ T7700] R10: 0000000000000eb1 R11: 0000000000000246 R12: 0000000000000000 [ 229.492813][ T7700] R13: 00007f140e616038 R14: 00007f140e615fa0 R15: 00007fff6b262738 [ 229.492834][ T7700] [ 229.949764][ T7705] openvswitch: netlink: Key type 261 is out of range max 32 [ 232.255721][ T7702] FAULT_INJECTION: forcing a failure. [ 232.255721][ T7702] name failslab, interval 1, probability 0, space 0, times 0 [ 232.372116][ T7702] CPU: 0 UID: 0 PID: 7702 Comm: syz.0.419 Not tainted syzkaller #0 PREEMPT(full) [ 232.372139][ T7702] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 232.372155][ T7702] Call Trace: [ 232.372161][ T7702] [ 232.372168][ T7702] dump_stack_lvl+0x100/0x190 [ 232.372197][ T7702] should_fail_ex.cold+0x5/0xa [ 232.372215][ T7702] should_failslab+0xc2/0x120 [ 232.372231][ T7702] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 232.372253][ T7702] ? __kernfs_new_node+0xd2/0x960 [ 232.372273][ T7702] ? kstrdup+0xb3/0xe0 [ 232.372296][ T7702] __kernfs_new_node+0xd2/0x960 [ 232.372318][ T7702] ? __pfx___kernfs_new_node+0x10/0x10 [ 232.372343][ T7702] ? find_held_lock+0x2b/0x80 [ 232.372356][ T7702] ? kernfs_root+0xee/0x2a0 [ 232.372374][ T7702] ? kernfs_root+0xee/0x2a0 [ 232.372399][ T7702] kernfs_new_node+0x11b/0x1a0 [ 232.372424][ T7702] __kernfs_create_file+0x53/0x350 [ 232.372443][ T7702] cgroup_addrm_files+0x4d8/0xb90 [ 232.372473][ T7702] ? __pfx_cgroup_addrm_files+0x10/0x10 [ 232.372495][ T7702] ? __pfx___xa_store+0x10/0x10 [ 232.372585][ T7702] ? do_raw_spin_unlock+0x145/0x1e0 [ 232.372610][ T7702] css_populate_dir+0x161/0x590 [ 232.372637][ T7702] cgroup_apply_control_enable+0x40a/0xbd0 [ 232.372668][ T7702] cgroup_mkdir+0x57f/0x1330 [ 232.372694][ T7702] ? __pfx_cgroup_mkdir+0x10/0x10 [ 232.372717][ T7702] kernfs_iop_mkdir+0x111/0x190 [ 232.372738][ T7702] ? bpf_lsm_inode_mkdir+0x9/0x10 [ 232.372760][ T7702] vfs_mkdir+0x361/0x850 [ 232.372782][ T7702] filename_mkdirat+0x48b/0x5e0 [ 232.372800][ T7702] ? __pfx_filename_mkdirat+0x10/0x10 [ 232.372816][ T7702] ? strncpy_from_user+0x19d/0x2d0 [ 232.372874][ T7702] ? do_getname+0x191/0x390 [ 232.372897][ T7702] __x64_sys_mkdir+0x6b/0x90 [ 232.372914][ T7702] do_syscall_64+0x106/0xf80 [ 232.372930][ T7702] ? clear_bhb_loop+0x40/0x90 [ 232.372948][ T7702] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 232.372964][ T7702] RIP: 0033:0x7f332099c799 [ 232.372977][ T7702] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 232.372991][ T7702] RSP: 002b:00007f33217e9028 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 232.373011][ T7702] RAX: ffffffffffffffda RBX: 00007f3320c15fa0 RCX: 00007f332099c799 [ 232.373021][ T7702] RDX: 0000000000000000 RSI: 00000000000008cd RDI: 0000200000000000 [ 232.373029][ T7702] RBP: 00007f3320a32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 232.373038][ T7702] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 232.373046][ T7702] R13: 00007f3320c16038 R14: 00007f3320c15fa0 R15: 00007fff7600fa68 [ 232.373065][ T7702] [ 232.637668][ T7702] cgroup: cgroup_addrm_files: failed to add soft_limit_in_bytes, err=-12 [ 232.681645][ T7727] netlink: 25 bytes leftover after parsing attributes in process `syz.2.424'. [ 233.197129][ T7731] i2c i2c-0: dvb_frontend_start: failed to start kthread (-4) [ 233.747832][ T7741] can: request_module (can-proto-4) failed. [ 237.387425][ T9] Process accounting resumed [ 240.131987][ T7806] netlink: 4 bytes leftover after parsing attributes in process `syz.1.440'. [ 242.336129][ T7828] zram0: detected capacity change from 0 to 16 [ 243.999927][ T7845] netlink: 4 bytes leftover after parsing attributes in process `syz.2.447'. [ 244.119173][ T6309] Bluetooth: hci3: unexpected event 0x3e length: 726 > 260 [ 244.119223][ T6309] Bluetooth: hci3: unexpected subevent 0x0d length: 725 > 260 [ 244.134484][ T6309] Bluetooth: hci3: Unknown advertising packet type: 0x7f [ 244.134528][ T6309] Bluetooth: hci3: adv larger than maximum supported [ 244.142067][ T6309] Bluetooth: hci3: adv larger than maximum supported [ 244.148955][ T6309] Bluetooth: hci3: Malformed LE Event: 0x0d [ 244.277761][ T7845] netlink: 354 bytes leftover after parsing attributes in process `syz.2.447'. [ 248.139835][ T7890] FAULT_INJECTION: forcing a failure. [ 248.139835][ T7890] name failslab, interval 1, probability 0, space 0, times 0 [ 248.421790][ T7890] CPU: 0 UID: 0 PID: 7890 Comm: syz.3.458 Not tainted syzkaller #0 PREEMPT(full) [ 248.421812][ T7890] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 248.421824][ T7890] Call Trace: [ 248.421831][ T7890] [ 248.421837][ T7890] dump_stack_lvl+0x100/0x190 [ 248.421863][ T7890] should_fail_ex.cold+0x5/0xa [ 248.421882][ T7890] should_failslab+0xc2/0x120 [ 248.421897][ T7890] __kmalloc_cache_noprof+0x7a/0x6f0 [ 248.421917][ T7890] ? vidtv_psi_pmt_stream_init+0x4e/0x3e0 [ 248.422003][ T7890] ? vidtv_psi_pmt_table_init+0x363/0x430 [ 248.422023][ T7890] vidtv_psi_pmt_stream_init+0x4e/0x3e0 [ 248.422041][ T7890] vidtv_channel_si_init+0x1289/0x18d0 [ 248.422096][ T7890] vidtv_mux_init+0x526/0xbf0 [ 248.422117][ T7890] vidtv_start_feed+0x33e/0x4c0 [ 248.422162][ T7890] ? __pfx_vidtv_start_feed+0x10/0x10 [ 248.422185][ T7890] ? __pfx_vidtv_bridge_on_new_pkts_avail+0x10/0x10 [ 248.422211][ T7890] ? mark_held_locks+0x40/0x70 [ 248.422234][ T7890] ? __pfx_vidtv_start_feed+0x10/0x10 [ 248.422256][ T7890] dmx_ts_feed_start_filtering+0xf6/0x220 [ 248.422298][ T7890] dvb_dmxdev_start_feed+0x273/0x3f0 [ 248.422343][ T7890] dvb_dmxdev_filter_start+0x1b6/0xdd0 [ 248.422368][ T7890] ? dvb_dmxdev_add_pid+0x2a1/0x380 [ 248.422399][ T7890] dvb_demux_do_ioctl+0xe64/0x1200 [ 248.422428][ T7890] dvb_usercopy+0x167/0x340 [ 248.422448][ T7890] ? __pfx_dvb_demux_do_ioctl+0x10/0x10 [ 248.422472][ T7890] ? __pfx_dvb_usercopy+0x10/0x10 [ 248.422500][ T7890] ? __fget_files+0x21f/0x3d0 [ 248.422518][ T7890] dvb_demux_ioctl+0x29/0x40 [ 248.422536][ T7890] ? __pfx_dvb_demux_ioctl+0x10/0x10 [ 248.422556][ T7890] __x64_sys_ioctl+0x18e/0x210 [ 248.422579][ T7890] do_syscall_64+0x106/0xf80 [ 248.422596][ T7890] ? clear_bhb_loop+0x40/0x90 [ 248.422614][ T7890] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 248.422629][ T7890] RIP: 0033:0x7f875c99c799 [ 248.422642][ T7890] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 248.422655][ T7890] RSP: 002b:00007f875d78d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 248.422674][ T7890] RAX: ffffffffffffffda RBX: 00007f875cc15fa0 RCX: 00007f875c99c799 [ 248.422684][ T7890] RDX: 0000000000000000 RSI: 0000000040146f2c RDI: 0000000000000002 [ 248.422693][ T7890] RBP: 00007f875ca32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 248.422701][ T7890] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 248.422709][ T7890] R13: 00007f875cc16038 R14: 00007f875cc15fa0 R15: 00007ffe4a63c638 [ 248.422729][ T7890] [ 248.850011][ T7890] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] SMP KASAN PTI [ 248.861942][ T7890] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] [ 248.870345][ T7890] CPU: 0 UID: 0 PID: 7890 Comm: syz.3.458 Not tainted syzkaller #0 PREEMPT(full) [ 248.879551][ T7890] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 248.889599][ T7890] RIP: 0010:vidtv_psi_desc_assign+0x24/0x90 [ 248.895490][ T7890] Code: 90 90 90 90 90 90 0f 1f 40 d6 41 54 55 48 89 f5 53 48 89 fb e8 6d 07 dc f9 48 89 da 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <80> 3c 02 00 75 4c 4c 8b 23 49 39 ec 74 36 e8 49 07 dc f9 4d 85 e4 [ 248.915095][ T7890] RSP: 0018:ffffc900033f7a10 EFLAGS: 00010247 [ 248.921155][ T7890] RAX: dffffc0000000000 RBX: 0000000000000005 RCX: ffffc90005df1000 [ 248.929112][ T7890] RDX: 0000000000000000 RSI: ffffffff882c0ed3 RDI: 0000000000000005 [ 248.937080][ T7890] RBP: ffff88807c0e7a20 R08: 0000000000000000 R09: 4453534204050000 [ 248.945043][ T7890] R10: 0000000000000005 R11: 0000000000000000 R12: 0000000000000000 [ 248.953003][ T7890] R13: ffff888036cae900 R14: ffff88813fe792e0 R15: ffff88805bbb3f80 [ 248.960978][ T7890] FS: 00007f875d78d6c0(0000) GS:ffff88812434d000(0000) knlGS:0000000000000000 [ 248.969897][ T7890] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 248.976466][ T7890] CR2: 0000001b30fdaff8 CR3: 000000007859c000 CR4: 00000000003526f0 [ 248.984426][ T7890] Call Trace: [ 248.987695][ T7890] [ 248.990610][ T7890] vidtv_channel_si_init+0x12fc/0x18d0 [ 248.996062][ T7890] vidtv_mux_init+0x526/0xbf0 [ 249.000743][ T7890] vidtv_start_feed+0x33e/0x4c0 [ 249.005612][ T7890] ? __pfx_vidtv_start_feed+0x10/0x10 [ 249.010977][ T7890] ? __pfx_vidtv_bridge_on_new_pkts_avail+0x10/0x10 [ 249.017562][ T7890] ? mark_held_locks+0x40/0x70 [ 249.022337][ T7890] ? __pfx_vidtv_start_feed+0x10/0x10 [ 249.027700][ T7890] dmx_ts_feed_start_filtering+0xf6/0x220 [ 249.033425][ T7890] dvb_dmxdev_start_feed+0x273/0x3f0 [ 249.038710][ T7890] dvb_dmxdev_filter_start+0x1b6/0xdd0 [ 249.044175][ T7890] ? dvb_dmxdev_add_pid+0x2a1/0x380 [ 249.049360][ T7890] dvb_demux_do_ioctl+0xe64/0x1200 [ 249.054462][ T7890] dvb_usercopy+0x167/0x340 [ 249.058951][ T7890] ? __pfx_dvb_demux_do_ioctl+0x10/0x10 [ 249.064497][ T7890] ? __pfx_dvb_usercopy+0x10/0x10 [ 249.069513][ T7890] ? __fget_files+0x21f/0x3d0 [ 249.074197][ T7890] dvb_demux_ioctl+0x29/0x40 [ 249.078776][ T7890] ? __pfx_dvb_demux_ioctl+0x10/0x10 [ 249.084045][ T7890] __x64_sys_ioctl+0x18e/0x210 [ 249.088796][ T7890] do_syscall_64+0x106/0xf80 [ 249.093371][ T7890] ? clear_bhb_loop+0x40/0x90 [ 249.098042][ T7890] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 249.103935][ T7890] RIP: 0033:0x7f875c99c799 [ 249.108344][ T7890] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 249.127941][ T7890] RSP: 002b:00007f875d78d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 249.136341][ T7890] RAX: ffffffffffffffda RBX: 00007f875cc15fa0 RCX: 00007f875c99c799 [ 249.144295][ T7890] RDX: 0000000000000000 RSI: 0000000040146f2c RDI: 0000000000000002 [ 249.152248][ T7890] RBP: 00007f875ca32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 249.160200][ T7890] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 249.168172][ T7890] R13: 00007f875cc16038 R14: 00007f875cc15fa0 R15: 00007ffe4a63c638 [ 249.176130][ T7890] [ 249.179199][ T7890] Modules linked in: [ 249.183906][ T7890] ---[ end trace 0000000000000000 ]--- [ 251.940685][ T7890] RIP: 0010:vidtv_psi_desc_assign+0x24/0x90 [ 252.000300][ T7890] Code: 90 90 90 90 90 90 0f 1f 40 d6 41 54 55 48 89 f5 53 48 89 fb e8 6d 07 dc f9 48 89 da 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <80> 3c 02 00 75 4c 4c 8b 23 49 39 ec 74 36 e8 49 07 dc f9 4d 85 e4 [ 252.221925][ T7890] RSP: 0018:ffffc900033f7a10 EFLAGS: 00010247 [ 252.292802][ T7890] RAX: dffffc0000000000 RBX: 0000000000000005 RCX: ffffc90005df1000 [ 252.381517][ T7890] RDX: 0000000000000000 RSI: ffffffff882c0ed3 RDI: 0000000000000005 [ 252.471955][ T7890] RBP: ffff88807c0e7a20 R08: 0000000000000000 R09: 4453534204050000 [ 252.552457][ T7890] R10: 0000000000000005 R11: 0000000000000000 R12: 0000000000000000 [ 252.635480][ T7890] R13: ffff888036cae900 R14: ffff88813fe792e0 R15: ffff88805bbb3f80 [ 252.727354][ T7890] FS: 00007f875d78d6c0(0000) GS:ffff88812434d000(0000) knlGS:0000000000000000 [ 252.823526][ T7890] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 252.898628][ T7890] CR2: 000055555807c4e8 CR3: 000000007859c000 CR4: 00000000003526f0 [ 252.988421][ T7890] Kernel panic - not syncing: Fatal exception [ 252.994564][ T7890] Kernel Offset: disabled [ 252.998976][ T7890] Rebooting in 86400 seconds..