last executing test programs: 12.813765547s ago: executing program 1 (id=3713): mmap$auto(0x0, 0x2020009, 0x3, 0x9000000eb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) write$auto(r0, &(0x7f0000000040)='//\xf2\x00', 0x80000000) getrlimit$auto(0x3, 0x0) fdatasync$auto(r0) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) ioctl$auto_BLKZEROOUT(r1, 0x127f, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/035/001\x00', 0x1102, 0x0) write$auto(0xffffffffffffffff, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xc8d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\xc6\x00\x89\te\x8d\a\xfb\\n\x89C:\x84D\x10u\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k', 0x100000a3d9) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x8ea182, 0x0) sendfile$auto(0x3, 0x3, 0x0, 0x400000000006) openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, 0x0, 0x1000, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) init_module$auto(0x0, 0xffff9, 0x0) madvise$auto(0x0, 0x8000000000000000, 0x15) madvise$auto(0x0, 0x2000000080000001, 0x3) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$auto_dma_heap_fops_dma_heap(r2, 0xffffffffffdffe00, 0x0) pselect6$auto(0x9, &(0x7f0000000300)={[0x9, 0x4, 0x9, 0x6, 0x8001, 0x4000000000002bc8, 0xffd, 0x9, 0x3, 0xffffffff, 0x8000000000000001, 0x0, 0x2f, 0x2, 0x8, 0xfffffffffffffffe]}, 0x0, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) capget$auto(0x0, 0xfffffffffffffffe) 11.24712576s ago: executing program 1 (id=3721): close_range$auto(0x2, 0x8, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/net/nr14/proto_down\x00', 0x82942, 0x0) sendmsg$auto_MACSEC_CMD_ADD_RXSA(r0, &(0x7f00000008c0)={0x0, 0x0, &(0x7f0000000880)={&(0x7f0000000140)={0x34, 0x0, 0x400, 0x70bd2c, 0x25dfdbfb, {}, [@MACSEC_ATTR_OFFLOAD={0x1f, 0x9, 0x0, 0x1, [@generic="49676b779b2a77a76a060bcd388839c7617a6c0e91505ef4d22e19"]}]}, 0x34}, 0x1, 0x0, 0x0, 0x40014}, 0x48845) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0x189401, 0x0) close_range$auto(0x2, 0x8, 0x0) r2 = socketcall$auto(0x8000, 0x0) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$auto(0x3, 0xae60, 0x10000000000402) ioctl$auto(0x3, 0xae41, r2) ioctl$auto_KVM_GET_MSRS(r1, 0x4400ae8f, &(0x7f00000000c0)={0xdd}) 11.057026033s ago: executing program 1 (id=3722): unshare$auto(0x40000080) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000540), 0xffffffffffffffff) sendmsg$auto_HWSIM_CMD_GET_RADIO(r0, &(0x7f0000001900)={0x0, 0x0, &(0x7f00000018c0)={&(0x7f0000000280)={0x14, r1, 0xf3e97f51700e57cf, 0x70bd28, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x884}, 0x8020) read$auto(0xffffffffffffffff, 0x0, 0x7f) mprotect$auto(0x8000, 0x8, 0x8) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, 0x0, 0x121000, 0x0) mmap$auto(0x0, 0x8, 0x2, 0x9b72, 0x5, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/module/zswap/parameters/compressor\x00', 0xc0002, 0x0) write$auto_ocfs2_control_fops_stack_user(r2, &(0x7f0000003900)='\t', 0x1) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/module/memory_hotplug/parameters/online_policy\x00', 0x2, 0x0) read$auto(r3, 0x0, 0x800) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000001340), 0xffffffffffffffff) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r4, &(0x7f0000001400)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r5, @ANYBLOB="01002bbd7000fcdbdf2504"], 0x20}, 0x1, 0x0, 0x0, 0x24040000}, 0x18800) mmap$auto(0x0, 0x3, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) mmap$auto(0x0, 0x400008, 0x9beb, 0x9b72, 0x2, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) syz_clone(0x4001000, 0x0, 0x0, 0x0, 0x0, 0x0) process_vm_readv$auto(0x0, 0x0, 0x800000001, 0x0, 0x6, 0x0) openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f0000000180), 0x1541, 0x0) r6 = syz_clone(0x200000, &(0x7f0000000080), 0x0, &(0x7f00000000c0), &(0x7f0000000100), &(0x7f00000003c0)) wait4$auto(r6, 0x0, 0xeae66e9c, 0x0) msgctl$auto_IPC_STAT(0x1ff, 0x2, &(0x7f0000000340)={{0xd, 0xee01, 0xffffffffffffffff, 0xf, 0x1ff, 0x3, 0x2}, 0x0, 0x0, 0x4, 0x5, 0x7, 0x5, 0x91d, 0x3, 0x1000, 0x39a, @raw=0xfff, @raw=0x2}) 9.634574282s ago: executing program 3 (id=3726): mmap$auto(0x0, 0x2020009, 0x3, 0x9000000eb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) write$auto(r0, &(0x7f0000000040)='//\xf2\x00', 0x80000000) getrlimit$auto(0x3, 0x0) fdatasync$auto(r0) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) ioctl$auto_BLKZEROOUT(r1, 0x127f, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/035/001\x00', 0x1102, 0x0) write$auto(0xffffffffffffffff, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xc8d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\xc6\x00\x89\te\x8d\a\xfb\\n\x89C:\x84D\x10u\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k', 0x100000a3d9) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x8ea182, 0x0) sendfile$auto(0x3, 0x3, 0x0, 0x400000000006) openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, 0x0, 0x1000, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) init_module$auto(0x0, 0xffff9, 0x0) madvise$auto(0x0, 0x8000000000000000, 0x15) madvise$auto(0x0, 0x2000000080000001, 0x3) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$auto_dma_heap_fops_dma_heap(r2, 0xffffffffffdffe00, 0x0) pselect6$auto(0x9, &(0x7f0000000300)={[0x9, 0x4, 0x9, 0x6, 0x8001, 0x4000000000002bc8, 0xffd, 0x9, 0x3, 0xffffffff, 0x8000000000000001, 0x0, 0x2f, 0x2, 0x8, 0xfffffffffffffffe]}, 0x0, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) capget$auto(0x0, 0xfffffffffffffffe) 8.869237981s ago: executing program 1 (id=3728): mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) r0 = socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) socket(0xa, 0x2, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) clone$auto(0x6, 0x8000000000000001, &(0x7f0000000080)=0xcf, &(0x7f00000000c0)=0xffff7fff, 0x1000) socket(0x2, 0x1, 0x106) socket(0x2, 0x3, 0xa) r1 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000400), 0x189002, 0x0) ioctl$auto_PPPIOCSPASS(0xffffffffffffffff, 0x40107447, &(0x7f0000000040)={0x6, 0x0}) ioctl$auto_PPPIOCSPASS(r1, 0x40107447, &(0x7f00000000c0)={0x9, &(0x7f0000000000)={0x28, 0xf4, 0xb0, @raw=0xfffff03c}}) setsockopt$auto(0x4, 0x0, 0x3, &(0x7f0000000000)='!/*:(*\'\x00', 0x800000e) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sda\x00', 0x8001, 0x0) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, 0x0, 0xc02, 0x0) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, r0, 0x300000000000) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000100)='/dev/radio6\x00', 0x8a240, 0x0) statmount$auto(&(0x7f0000000040)={0xffff, @raw=0xb8, 0x7, 0x4, 0xfffffffffffffff8}, &(0x7f0000000340)={0x3ff, 0x1, 0x7fff, 0x8, 0x6, 0x3, 0x0, 0x5, 0x8, 0x8, 0x3, 0x690, 0x1604000000000, 0x2, 0x100, 0xfff, 0x2, 0x9, 0xfffff1a0, 0x8, 0xc, 0xfff, 0x3, 0x9503, 0x0, 0x9, 0xeb, 0x5c1f, 0x1, 0x9, 0x20000000, [0x9, 0x1ff, 0x8, 0x2, 0x0, 0x2, 0x2, 0x7, 0x6, 0x7f, 0x100, 0x2, 0x9, 0x1, 0x4, 0x3, 0x0, 0x10001, 0x9, 0x5148d73f, 0x7, 0xa5, 0xc, 0x1, 0x8000000000000000, 0x100000000, 0x3, 0x80000001, 0x2, 0x2, 0x0, 0x9, 0xe23f, 0x7fff, 0x3, 0x0, 0x9, 0x4, 0x6, 0x0, 0x7, 0xfff, 0xffffffff], "0d4da07757fc0a8e5de18bd363ce4cd41558fdae0643974f4f329960f2cb8c8e546a2541ef8227735f9d60e3cb50f6712c580dab3d8d18"}, 0x6, 0x7) select$auto(0x11, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x6, 0x8d, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x1000, 0x63, 0x4000008000001f, 0x7, 0x6d3e, 0x20000009, 0x2, 0x6]}, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) mmap$auto(0x0, 0x40009, 0xe2, 0x9b72, 0x7, 0x28000) ioctl$auto_USBDEVFS_CONTROL(0xffffffffffffffff, 0xc0185500, 0x0) r2 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmstat\x00', 0x20000, 0x0) pread64$auto(r2, &(0x7f00000002c0)='\x04\xefr\tbgc/\xd0\xe1\xf7$/tg/,s\b\xf5\xf7\x0f\x03\xd5\xef\xbf\xf6j\xe2\xed\x7f0\b\xff^\xe3th\xd2\x1bA\xba&\xba\xd0\xbb\xca\xb0\xa1\t\x00\x00\r(\xccF\xeeg\n\x00\x00\xa9l\x9cd\xcf\xff\x97=\xf4\xa1\xca\x82j\xf2\x17\t\x00\x00\x00\x00\x00\x00\x000\xf76\xb96\xd1\xb9\xde\xe2\x167\xc5\x94\x00A[B\xd9\x82\xaa\xc5\xfcoB\xfe\'\xfbI\xc9\xcb\xc3\xc1\x1e6~\x81\xb9\x0ff\x8e\xd3\x06\xba;yX\x966\x97#\xfb\x8d!F\xfc\x99\x86\x1d\xbb\xaf(\x92\x887\x01Z\xa7\xe3Y\x17\xd2#\x8aO\xef\r\xfa\xe0\x18IiI\xaek\xa9R\x02N;+@\x12>\'\x1a\xa6i\x93\x8c\x16BO@ \xb5\xd9\xd0\xb6S\xfc\x17\x11\x04\x8b?$\xean\xa1|D\xbbV%\xde\x87\xd1@\x00\x8cM\xfdr\xc9\x86\xbaq', 0x100003ffd, 0x6) 7.500896427s ago: executing program 3 (id=3732): memfd_secret$auto(0x0) openat$auto_tap_fops_tap(0xffffffffffffff9c, 0x0, 0x1, 0x0) socket(0x1a, 0x1, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0x40001, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) writev$auto(0xffffffffffffffff, 0x0, 0x3) listmount$auto(&(0x7f0000000100)={0x1f, @raw, 0x80000002, 0xfffffffffffffff7, 0x2}, 0x0, 0xf4240, 0x1) socket(0x2b, 0x1, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) mlock$auto(0x112, 0x80006) mlockall$auto(0x800000000000005) madvise$auto(0x500, 0x200007, 0x19) write$auto_console_fops_tty_io(0xffffffffffffffff, &(0x7f0000000000)="4c91f2c388274610e12c861bb2bfd9800e9b394b", 0x14) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) r2 = socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(r2, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) write$auto(0xca, &(0x7f0000000000)='\x04>\x01\x01\x00\x00\x00\x00\x01_\x9e\x99:R\xcc\x96\b\'\x02\xb0\x93l\xeb\x87\r\b\x87\x14\xf8e6\x9c%\xb6\x9a\\S\xa2(Q\xcc', 0x7f) 6.417076103s ago: executing program 1 (id=3733): socket(0x11, 0x80003, 0x300) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0xa, 0x1, 0x84) pipe2$auto(0x0, 0x80) keyctl$auto(0x200000000000020, 0xffffffffffffffff, 0x5, 0x5, 0x8) keyctl$auto(0x200000000000020, 0xffffffffffffffff, 0x5, 0x5, 0x8) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) mmap$auto(0x0, 0x9, 0x3ff57697, 0x9b72, 0x2, 0x8000000000008000) io_uring_setup$auto(0x6, 0x0) io_uring_enter$auto(0xffffffffffffffff, 0x7, 0x2, 0x10, 0x0, 0xf2a7214) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) mmap$auto(0x0, 0x40009, 0xe2, 0x9b72, 0x7, 0x28000) sendfile$auto(0x1, 0xffffffffffffffff, 0x0, 0x8fb5) fcntl$auto(0x0, 0x408, 0x100000) setsockopt$auto_SO_OOBINLINE(0xffffffffffffffff, 0x3, 0xa, &(0x7f0000000080)='nlctrl\x00', 0x2) close_range$auto(0x2, 0xa, 0x0) socket(0x18, 0xa, 0x1) socket(0xa, 0x2, 0x0) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "ab06fdffff00fff500"}, 0x55) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/kernel/hung_task_check_interval_secs\x00', 0x88542, 0x0) 6.306021575s ago: executing program 3 (id=3734): r0 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, r0, 0x0) r1 = openat$auto_tk_debug_sleep_time_fops_(0xffffffffffffff9c, &(0x7f0000000040), 0x2400, 0x0) writev$auto(r1, &(0x7f00000001c0)={&(0x7f0000000140)="6f0652c6086ae0a2fe7ab4fa6240270adb45e1a618e291796886fc09ad6a0f5e589370cb94080bbef19b1e212655c621c94ee58d38b93391ee04cf580d3228d761076197a69792f3c9d55ba8aa142016aa036adb69e8f87b", 0x7}, 0x3) r2 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000240)='/proc/filesystems\x00', 0x2, 0x0) read$auto_proc_iter_file_ops_compat_inode(r2, &(0x7f0000000280)=""/144, 0x90) r3 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/sequencer2\x00', 0x2, 0x0) openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, &(0x7f00000011c0), 0xa2741, 0x0) r4 = eventfd2$auto(0x7f, 0x0) r5 = ioctl$auto_SW_SYNC_IOC_CREATE_FENCE(0xffffffffffffffff, 0xc0285700, &(0x7f0000000200)={0xd, "74a517f574545f6e56dd0a76e95f7ebe732ad2c90cf711c0bb363ed3997e3e14", @inferred=r4}) ioctl$auto(r3, 0x9, r5) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/irq.pressure\x00', 0x101102, 0x0) read$auto_tracing_fops_trace(0xffffffffffffffff, &(0x7f0000001580)=""/4077, 0xfed) mmap$auto(0x4, 0x1, 0xdf, 0x9b72, 0x2, 0x40008000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socketpair$auto(0xfffffffd, 0x5, 0xffffffff, 0x0) unshare$auto(0x40000080) statmount$auto(0x0, &(0x7f0000000180)={0x3, 0xb9, 0x44f, 0xa, 0x1, 0x1007181, 0x8a0d, 0x4, 0x10007, 0x7, 0x89, 0x29, 0x4, 0x200000000000, 0xfffffffffffff340, 0xfffffffffffffffa, 0xffffffffffffffff, 0x0, 0x0, 0xfffffffffffffffb, 0x6, 0x401, 0x22002, 0x9, 0xfffffffd, 0x84, 0x0, 0x0, 0x0, 0x0, 0x0, [0x70e2, 0x0, 0xe573, 0xb7, 0x0, 0x0, 0x8, 0x0, 0x9, 0x100000, 0x10000, 0x15b, 0x7, 0x1fc, 0x0, 0x10000000000002, 0x0, 0x0, 0x48, 0x0, 0x3a, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x400000000, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x3, 0xe, 0x0, 0x0, 0x0, 0xa53, 0xfffffffffffffffd, 0xfffffffffffffffd]}, 0x7, 0xd) r6 = openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f0000000180), 0x1541, 0x0) ioctl$auto__ctl_fops_dm_ioctl(r6, 0xfffffff7effffd04, &(0x7f00000001c0)) 5.865383489s ago: executing program 2 (id=3737): add_key$auto_KEY_SPEC_REQKEY_AUTH_KEY(0x0, 0x0, 0x0, 0x8, 0xfffffffffffffff9) r0 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) write$auto_console_fops_tty_io(r0, &(0x7f0000000000)="c80d1b5d399b4b", 0xfdef) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, r1, 0x8000) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) msgctl$auto_MSG_INFO(0x5, 0xc, &(0x7f0000000280)={{0x9, 0xffffffffffffffff, 0xffffffffffffffff, 0x6, 0x287f, 0x2, 0x3}, 0x0, 0x0, 0x7fffffff, 0x9, 0xb, 0xffffffff, 0xfffffffffffffffe, 0x1, 0xfc2, 0x26f, @inferred, @raw=0x9}) setresgid$auto(0x0, 0xffffffffffffffff, r2) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0x1d, 0x3000, 0x6, 0x7, 0x400a, 0xffffffffffffffff, [], {0x6, 0x6, 0x8c48, 0x29b, 0x3, 0x7f, 0x0, 0x6}, {0x100, 0x1, 0x52, 0x85, 0x2, 0x1a7b870a, 0x76c5, 0x8, 0x100000000}}) io_uring_register$auto(0x2, 0x9, 0x0, 0x0) socket(0x1d, 0x2, 0x6) r3 = socket(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'vcan0\x00', 0x0}) bind$auto(0x3, &(0x7f0000000040)=@can={0x1d, r4, 0xfd}, 0x6a) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0xa, 0x3, 0xe, 0x940, 0xfffffff8, 0x3, 0x1004, 0x1, 0x9, 0x5, 0x6, 0x7, 0x1001000, 0x8, 0x2, 0x3, 0x5, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xfffffffffffffffe, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x9]}, 0x4, 0x40000081) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) r5 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r5, &(0x7f0000000240)={0x0, 0x52, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x8044) mmap$auto(0x0, 0xeb80, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x288202, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) close_range$auto(0x2, 0xa, 0x0) 5.233023264s ago: executing program 3 (id=3738): mmap$auto(0x0, 0x2020009, 0x3, 0x9000000eb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) write$auto(r0, &(0x7f0000000040)='//\xf2\x00', 0x80000000) getrlimit$auto(0x3, 0x0) fdatasync$auto(r0) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) ioctl$auto_BLKZEROOUT(r1, 0x127f, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/035/001\x00', 0x1102, 0x0) write$auto(0xffffffffffffffff, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xc8d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\xc6\x00\x89\te\x8d\a\xfb\\n\x89C:\x84D\x10u\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k', 0x100000a3d9) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x8ea182, 0x0) sendfile$auto(0x3, 0x3, 0x0, 0x400000000006) openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, 0x0, 0x1000, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) init_module$auto(0x0, 0xffff9, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2000000080000001, 0x3) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$auto_dma_heap_fops_dma_heap(r2, 0xffffffffffdffe00, 0x0) pselect6$auto(0x9, &(0x7f0000000300)={[0x9, 0x4, 0x9, 0x6, 0x8001, 0x4000000000002bc8, 0xffd, 0x9, 0x3, 0xffffffff, 0x8000000000000001, 0x0, 0x2f, 0x2, 0x8, 0xfffffffffffffffe]}, 0x0, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) capget$auto(0x0, 0xfffffffffffffffe) 4.988202836s ago: executing program 2 (id=3739): write$auto(0xffffffffffffffff, 0x0, 0x4) mount$auto(0x0, 0x0, 0x0, 0x7, 0x0) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) write$auto(0xffffffffffffffff, 0x0, 0x0) mprotect$auto(0x110c230000, 0x1, 0x2) msync$auto(0x1ffff000, 0x1800000000000fe, 0x400000004) openat$auto_hsr_node_table_fops_(0xffffffffffffff9c, 0x0, 0x101000, 0x0) socketpair$auto(0x3, 0x5, 0x7, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/maps\x00', 0x1a1000, 0x0) ioctl$auto_PROCMAP_QUERY(r0, 0xc0686611, &(0x7f0000000080)={0x67, 0x0, 0x7fff, 0x5, 0x80000000007, 0x1, 0x80000001, 0xff, 0x5, 0x7, 0xfbfffffe, 0x5, 0x7fb, 0x7, 0x9}) close_range$auto(0x0, 0xfffffffffffff000, 0x2) r1 = socket(0x1e, 0x1, 0x0) syncfs$auto(r1) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mtdblock0\x00', 0x14f602, 0x0) r2 = openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x22c02, 0x0) sendmsg$auto_NL80211_CMD_SET_POWER_SAVE(0xffffffffffffffff, 0x0, 0x40004) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) r3 = openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0) ioctl$auto_VHOST_VSOCK_SET_GUEST_CID(r2, 0x4008af60, &(0x7f0000000180)=0x5) ioctl$auto_VHOST_VSOCK_SET_GUEST_CID(r3, 0x4008af60, &(0x7f0000000000)=0x5) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000480)='/sys/module/zswap/parameters/compressor\x00', 0x82002, 0x0) 4.420416557s ago: executing program 2 (id=3741): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) unshare$auto(0x40000080) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x745100, 0x0) openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000000200), 0x101802, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/midiC2D0\x00', 0x0, 0x0) openat$auto_mousedev_fops_mousedev(0xffffffffffffff9c, &(0x7f0000001140)='/dev/psaux\x00', 0x42000, 0x0) r2 = io_uring_setup$auto(0x8000, 0x0) openat$auto_vhci_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000d00), 0x0, 0x0) shmctl$auto_IPC_SET(0x8, 0x1, 0x0) sendmsg$auto_OVS_CT_LIMIT_CMD_GET(r1, &(0x7f0000000700)={&(0x7f0000000240), 0xc, &(0x7f00000006c0)={&(0x7f0000001180)={0x14, 0x0, 0x400, 0x70bd25, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x24008140}, 0x2404c044) select$auto(0xe, 0x0, 0x0, &(0x7f0000000580)={[0x1ff, 0x8000, 0xd, 0x1, 0x948d, 0x3, 0x10015f4da0a, 0xd, 0x7, 0x64c1, 0x8000001f, 0x400000000, 0x6d3e, 0xc, 0x2, 0x2]}, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xfc\x04\x00\x00)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) socket(0x2b, 0x1, 0x0) ioctl$auto(0x3, 0x8905, 0x38) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f2, 0x15) fallocate$auto(r2, 0x80, 0xf, 0x6ad5) madvise$auto(0x0, 0x200007, 0x19) madvise$auto(0x0, 0xffffffffffff0004, 0x14) pread64$auto(0xffffffffffffffff, &(0x7f0000000080)='\xd5u+~\xa7x\xe0VQ\x1a6\xcf\xce\xfa\xfbN\x19\b\xf64\r\x122i\xd6\x0e\xfa\x96\x9aV:\xe1G\x14\xb2\xd4N\x0e#jX:\xd0\xd0\xa9\xda\xaf\x98\x94G\xa8\xb4\xa7uPc\x1ang\xdb\xb4\xa7\xad\x1b\xcbonh\xd8\x99\x03\x10\xb0\xa5\xfey\xd5F,70\xecG\x8a\fz\x95\x7f\xb0Y{\xdd\xa1\xa3E\x03\xd4\xc67U\x93\n\xfc\xa4\x0e_\xf8\x94\xc3a\x00\xe6\xea4\xa2\x7ft\xeb\x8b$\x16\x0e\xe8j\xcaI\xe0c\x05\x12(\v\xef\xc5Z\xfb\xed\xa3\x01\x001\xa5\x18%\xae/\x1b6\xaa\xf5ysD\xa6\xee\xbf\xc0v\"\x93\x96\"\xcak.\x0e_\xb3\xf7\xac\x9e\xbd/w\xdf\xfc\xe24z\x0f\x8f\b\xbe\xda\xfb\xd0Jj\x97\xfa{\x9d\xfd\xfb\x14\x1f\b#\xb9\x01\xf7\xf5\x1c1\xfbNX\xd9\xf0\x97@\xff(\x99\x13M\xadM\b\xa7\xf3u\xa8ak\xff\x7f\x00\x00\x12\x85\x85\x14\b\x9c\x15\xc10\xb3\xd5.\x13\xc6\xb6\xbak:\xbf\x8f\xcd\x7f\a\xb8\x00'/272, 0x202, 0x7) 3.758981042s ago: executing program 3 (id=3745): socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff) r0 = openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f0000000000), 0xa00, 0x0) ioctl$auto_RTC_UIE_ON(r0, 0x7003, 0x4) setsockopt$auto(0x3, 0x29, 0x46, 0x0, 0x808) prctl$auto_PR_GET_TID_ADDRESS(0x28, 0x8000000000002, 0x0, 0x10000000, 0x3) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) write$auto(r1, &(0x7f0000000040)='//\xf2?', 0x80000000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x800008000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) socket(0x7, 0x3, 0x2) read$auto(0xffffffffffffffff, 0x0, 0x20) set_mempolicy$auto(0x6, 0x0, 0x21) unshare$auto(0x40000080) chdir$auto(&(0x7f0000000340)='./file1\x00') prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000200), 0xffffffffffffffff) waitid$auto_P_PID(0x1, 0x0, 0x0, 0xf, &(0x7f0000000440)={{0x7, 0x24}, {0x929a, 0x1ff}, 0x9, 0x3, 0x4032, 0xfffffffffffffff4, 0x4df, 0x0, 0x8, 0x8fb000, 0x0, 0x100, 0x4, 0x3, 0xd, 0x1}) write$auto(0xffffffffffffffff, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) ioctl$auto_SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, &(0x7f0000000040)=0x5) socket(0x1d, 0x4, 0x3) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/net/rpc/auth.rpcsec.context/channel\x00', 0x101002, 0x0) ioctl$auto_RTC_SET_TIME(r0, 0x4024700a, &(0x7f0000000180)={0x9, 0x7, 0x8, 0x4, 0x9, 0x100, 0x1ff, 0xfffffffc, 0xfffffffe}) 3.450564804s ago: executing program 1 (id=3747): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) unshare$auto(0x40000080) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) socket(0x5, 0x4, 0x7) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_rng_chrdev_ops_core(0xffffffffffffff9c, &(0x7f0000000000), 0x42800, 0x0) r0 = openat$auto_proc_mem_operations_base(0xffffffffffffff9c, 0x0, 0x200, 0x0) read$auto_proc_mem_operations_base(r0, &(0x7f0000000200)=""/81, 0x51) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) socket(0x2, 0x5, 0x0) r1 = io_uring_setup$auto(0x406, 0x0) mmap$auto(0x0, 0x9, 0xffb, 0x8000000008011, 0x3, 0x0) sendmsg$auto_NL80211_CMD_SET_WIPHY(0xffffffffffffffff, 0x0, 0x80) getrandom$auto(0x0, 0x6000000, 0x3) io_uring_enter$auto(0x3, 0xa84, 0x80000001, 0xa, 0x0, 0x46) io_uring_enter$auto(r1, 0x7, 0x7ffffffb, 0x3, 0x0, 0x3) move_pages$auto(0x0, 0xa, 0x0, 0x0, 0x0, 0x2) writev$auto(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000040), 0xfff}, 0x3) r2 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x101c82, 0x0) write$auto(r2, &(0x7f0000000080)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) io_setup$auto(0xe, &(0x7f0000000080)) 2.544690974s ago: executing program 0 (id=3750): write$auto(0xffffffffffffffff, 0x0, 0x4) mount$auto(0x0, 0x0, 0x0, 0x7, 0x0) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) write$auto(0xffffffffffffffff, 0x0, 0x0) mprotect$auto(0x110c230000, 0x1, 0x2) msync$auto(0x1ffff000, 0x1800000000000fe, 0x400000004) openat$auto_hsr_node_table_fops_(0xffffffffffffff9c, &(0x7f0000000100), 0x101000, 0x0) socketpair$auto(0x3, 0x5, 0x7, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, 0x0, 0x1a1000, 0x0) ioctl$auto_PROCMAP_QUERY(r0, 0xc0686611, &(0x7f0000000080)={0x67, 0x0, 0x7fff, 0x5, 0x80000000007, 0x1, 0x80000001, 0xff, 0x5, 0x7, 0xfbfffffe, 0x5, 0x7fb, 0x7, 0x9}) close_range$auto(0x0, 0xfffffffffffff000, 0x2) r1 = socket(0x1e, 0x1, 0x0) syncfs$auto(r1) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mtdblock0\x00', 0x14f602, 0x0) r2 = openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x22c02, 0x0) sendmsg$auto_NL80211_CMD_SET_POWER_SAVE(0xffffffffffffffff, 0x0, 0x40004) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) r3 = openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0) ioctl$auto_VHOST_VSOCK_SET_GUEST_CID(r2, 0x4008af60, &(0x7f0000000180)=0x5) ioctl$auto_VHOST_VSOCK_SET_GUEST_CID(r3, 0x4008af60, &(0x7f0000000000)=0x5) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000480)='/sys/module/zswap/parameters/compressor\x00', 0x82002, 0x0) 2.243261728s ago: executing program 0 (id=3751): close_range$auto(0x2, 0x8, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/net/nr14/proto_down\x00', 0x82942, 0x0) sendmsg$auto_MACSEC_CMD_ADD_RXSA(r0, &(0x7f00000008c0)={0x0, 0x0, &(0x7f0000000880)={&(0x7f0000000140)={0x34, 0x0, 0x400, 0x70bd2c, 0x25dfdbfb, {}, [@MACSEC_ATTR_OFFLOAD={0x1f, 0x9, 0x0, 0x1, [@generic="49676b779b2a77a76a060bcd388839c7617a6c0e91505ef4d22e19"]}]}, 0x34}, 0x1, 0x0, 0x0, 0x40014}, 0x48845) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x189401, 0x0) close_range$auto(0x2, 0x8, 0x0) r2 = socketcall$auto(0x8000, 0x0) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$auto(0x3, 0xae60, 0x10000000000402) ioctl$auto(0x3, 0xae41, r2) ioctl$auto_KVM_GET_MSRS(r1, 0x4400ae8f, &(0x7f00000000c0)={0xdd}) 2.079413788s ago: executing program 0 (id=3752): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x840, 0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x103e81, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff) r3 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f00000004c0), 0xffffffffffffffff) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_TIPC_NL_LINK_GET(r4, &(0x7f0000003e80)={0x0, 0x0, &(0x7f0000003e40)={&(0x7f0000003300)={0x14, r3, 0x1, 0x70bd28, 0x25dfdbfb}, 0x14}}, 0x8040) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000280)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="1b0026bd7400fddbdf250300000004000800100003800c000980080001808847338012000100898771f1c19f17790485908286cd0000040002"], 0x40}, 0x1, 0x0, 0x0, 0x4004040}, 0xc800) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) r5 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000540)='/dev/tty45\x00', 0x201, 0x0) sendmsg$auto_ETHTOOL_MSG_WOL_SET(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000280)={0x14, 0x0, 0x1, 0x70bd2b, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x4000000}, 0x4004044) ioctl$auto_TIOCSTI2(r5, 0x5412, 0x0) r6 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000540)='/dev/tty45\x00', 0x201, 0x0) ioctl$auto_TIOCSTI2(r5, 0x5412, &(0x7f0000000140)) ioctl$auto_TIOCSTI2(r6, 0x5412, &(0x7f0000000100)="15") openat$auto_buffer_subbuf_size_fops_trace(0xffffffffffffff9c, 0x0, 0x2401, 0x0) ioctl$auto_TCSBRKP2(r0, 0x5425, 0x0) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000100), 0xffffffffffffffff) close_range$auto(0x2, 0xa, 0x0) openat$auto_tap_fops_tap(0xffffffffffffff9c, 0x0, 0x40, 0x0) r7 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) ioctl$auto_TCFLSH2(r7, 0x5408, 0x0) 1.874303566s ago: executing program 0 (id=3753): socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff) r0 = openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f0000000000), 0xa00, 0x0) ioctl$auto_RTC_UIE_ON(r0, 0x7003, 0x4) setsockopt$auto(0x3, 0x29, 0x46, 0x0, 0x808) prctl$auto_PR_GET_TID_ADDRESS(0x28, 0x8000000000002, 0x0, 0x10000000, 0x3) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) write$auto(r1, &(0x7f0000000040)='//\xf2?', 0x80000000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x800008000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) shmdt$auto(0x0) read$auto(0xffffffffffffffff, 0x0, 0x20) set_mempolicy$auto(0x6, 0x0, 0x21) unshare$auto(0x40000080) chdir$auto(&(0x7f0000000340)='./file1\x00') prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000200), 0xffffffffffffffff) waitid$auto_P_PID(0x1, 0x0, 0x0, 0xf, &(0x7f0000000440)={{0x7, 0x24}, {0x929a, 0x1ff}, 0x9, 0x3, 0x4032, 0xfffffffffffffff4, 0x4df, 0x0, 0x8, 0x8fb000, 0x0, 0x100, 0x4, 0x3, 0xd, 0x1}) write$auto(0xffffffffffffffff, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) ioctl$auto_SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, &(0x7f0000000040)=0x5) socket(0x1d, 0x4, 0x3) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/net/rpc/auth.rpcsec.context/channel\x00', 0x101002, 0x0) ioctl$auto_RTC_SET_TIME(r0, 0x4024700a, &(0x7f0000000180)={0x9, 0x7, 0x8, 0x4, 0x9, 0x100, 0x1ff, 0xfffffffc, 0xfffffffe}) 987.91778ms ago: executing program 0 (id=3754): unshare$auto(0x40000080) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) socket(0x2b, 0x1, 0x0) listen$auto(0x3, 0x81) ioctl$auto(0x3, 0x8905, 0x38) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) keyctl$auto(0x1f, 0x1, 0x6, 0x3, 0x3ff) madvise$auto(0x0, 0x240007, 0x19) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f2, 0x15) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_FEATURES_SET(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={0x0}}, 0x24048084) madvise$auto(0x0, 0x200007, 0x19) userfaultfd$auto(0x1) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video1\x00', 0xc0400, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f0000000340), 0x189400, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/cgroup.threads\x00', 0x80302, 0x0) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) 819.445517ms ago: executing program 2 (id=3755): add_key$auto_KEY_SPEC_REQKEY_AUTH_KEY(0x0, 0x0, 0x0, 0x8, 0xfffffffffffffff9) r0 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) write$auto_console_fops_tty_io(r0, &(0x7f0000000000)="c80d1b5d399b4b", 0xfdef) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, r1, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) setresgid$auto(0x0, 0xffffffffffffffff, 0x0) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0x1d, 0x3000, 0x6, 0x7, 0x400a, 0xffffffffffffffff, [], {0x6, 0x6, 0x8c48, 0x29b, 0x3, 0x7f, 0x0, 0x6}, {0x100, 0x1, 0x52, 0x85, 0x2, 0x1a7b870a, 0x76c5, 0x8, 0x100000000}}) io_uring_register$auto(0x2, 0x9, 0x0, 0x0) socket(0x1d, 0x2, 0x6) r2 = socket(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'vcan0\x00', 0x0}) bind$auto(0x3, &(0x7f0000000040)=@can={0x1d, r3, 0xfd}, 0x6a) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0xa, 0x3, 0xe, 0x940, 0xfffffff8, 0x3, 0x1004, 0x1, 0x9, 0x5, 0x6, 0x7, 0x1001000, 0x8, 0x2, 0x3, 0x5, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xfffffffffffffffe, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x9]}, 0x4, 0x40000081) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) r4 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r4, &(0x7f0000000240)={0x0, 0x52, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x8044) mmap$auto(0x0, 0xeb80, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x288202, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) close_range$auto(0x2, 0xa, 0x0) 316.135156ms ago: executing program 2 (id=3756): r0 = socket(0x27, 0x2, 0x1fbffffe) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) r1 = socket(0xa, 0x801, 0x84) fcntl$auto_F_GETFD(r1, 0x1, 0xffffffff) io_uring_setup$auto(0x4, 0x0) r2 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x2, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS1\x00', 0x101e81, 0x0) epoll_create$auto(0x4) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r3 = getpid() r4 = openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000000000), 0x8802, 0x0) ioctl$auto_SNDRV_TIMER_IOCTL_NEXT_DEVICE(r4, 0xc0145401, &(0x7f0000000080)={0x1, 0x7, 0x9, 0x4, 0x1}) process_vm_readv$auto(r3, &(0x7f00000001c0)={0x0, 0xfff}, 0x3, &(0x7f0000000280)={&(0x7f0000000100)="6c4bc022f1a924305022a30137693a982a453ee9ff2946c55588f6e6", 0xffffffff}, 0x6, 0x0) bpf$auto(0x5, &(0x7f0000000000)=@bpf_attr_0={0x5, 0x105, 0xc, 0xb, 0x800, 0xffffffffffffffff, 0x5, "d81ddef9d4e6d312212bab98f4060bd8", 0x0, 0xffffffffffffffff, 0x7fffffff, 0xa991, 0x7, 0x8001}, 0x7) epoll_create$auto(0x3e) r5 = epoll_create$auto(0x8800001) epoll_ctl$auto(r5, 0x1, r2, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) memfd_create$auto(&(0x7f0000000000)='^[#@-\x00', 0x3) r6 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000002280)='/sys/devices/platform/dummy_hcd.6/usb7/7-0:1.0/ep_81/bmAttributes\x00', 0x0, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r6, &(0x7f0000002140)=""/64, 0x40) epoll_ctl$auto_EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f00000000c0)={0x5, 0x100000000}) mmap$auto(0x7ffffdfde000, 0x2020006, 0xa, 0x11, 0x8000000000000000, 0x8000) 154.338679ms ago: executing program 3 (id=3757): mmap$auto(0x0, 0x4, 0x4000000000df, 0x78, 0xffffffffffffffff, 0x300000000000) r0 = socket(0x2, 0x3, 0xa) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x3b}}, 0x54) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) close_range$auto(0x2, 0x8, 0x0) read$auto(r0, &(0x7f0000000000)='&-', 0x0) io_uring_setup$auto(0x6, 0x0) socket(0x2, 0x1, 0x0) socket(0xa, 0x3, 0x3a) r1 = epoll_create$auto(0x2) mmap$auto(0x0, 0x2020009, 0x8000000000000003, 0x40000000000eb1, 0xffffffffffffffff, 0x8000) ioctl$auto_posix_clock_file_operations_posix_clock(0xffffffffffffffff, 0x40103d0b, 0x0) epoll_pwait2$auto(r1, 0x0, 0x8, 0x0, 0x0, 0x8) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r2 = openat$auto_debugfs_full_proxy_file_operations_internal(0xffffffffffffff9c, &(0x7f0000000240)='/sys/kernel/debug/netdevsim/netdevsim3/hwstats/l3/disable_ifindex\x00', 0x1242, 0x0) r3 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv4/neigh/batadv0/mcast_solicit\x00', 0x2000, 0x0) read$auto(r3, 0x0, 0x3ff) write$auto(r2, 0x0, 0x9) sysfs$auto(0x2, 0x0, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) setsockopt$auto(0x3, 0x1, 0x3c, 0x0, 0x1) epoll_ctl$auto(0x5, 0x1, r4, 0x0) 120.964006ms ago: executing program 0 (id=3758): unshare$auto(0x40000080) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) listen$auto(0x3, 0x81) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) keyctl$auto(0x1f, 0x1, 0x6, 0x3, 0x3ff) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f2, 0x15) syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) r1 = openat$auto_dynamic_events_ops_trace_dynevent(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/tracing/dynamic_events\x00', 0x181, 0x0) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000680)='/sys/devices/virtual/net/nr14/proto_down\x00', 0x82902, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x189401, 0x0) close_range$auto(0x2, 0x8, 0x0) r3 = socketcall$auto(0xa, 0x0) r4 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$auto(0x3, 0xae60, 0x10000000000402) sendmmsg$auto(r1, &(0x7f00000002c0)={{0x0, 0x9, &(0x7f0000000080)={&(0x7f0000000180)="cb7978ababe605edf078e6f2726ae03e663c080c0d6c169eec931ca2ea579299bf44495b1fe078f2e9c5586ae69caa8135493b25428718974a", 0x1}, 0xfffffffffffffff7, 0x0, 0x5, 0x24b}, 0x800}, 0x8, 0xff) ioctl$auto(0x3, 0xae41, r3) ioctl$auto_KVM_GET_MSRS(r2, 0x4400ae8f, &(0x7f00000000c0)={0xdd}) ioctl$auto_KVM_CREATE_VM(r2, 0xae80, 0x0) 0s ago: executing program 2 (id=3759): socket(0x6, 0x3, 0x37) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) r0 = socket(0x26, 0x5, 0x8c68) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/midi2\x00', 0x101e41, 0x0) ioperm$auto(0x4, 0x100000001, 0x4000005) futex_waitv$auto(0x0, 0x7ff, 0x8, &(0x7f00000000c0)={0x1000000004, 0x10}, 0x4) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x74c40, 0x0) openat$auto_uinput_fops_uinput(0xffffffffffffff9c, 0x0, 0x40, 0x0) mmap$auto(0x800, 0x8000009, 0x1, 0x19, 0xffffffffffffffff, 0x100000000000008) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r2, 0x0, 0x20) r3 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x140082, 0x0) writev$auto(r3, &(0x7f0000000200)={0x0, 0x7}, 0x3) close_range$auto(0x2, 0x8, 0x0) close_range$auto(0x2, 0x8, 0x0) sysfs$auto(0x2, 0x7, 0x0) lsm_list_modules$auto(0x0, 0x0, 0x0) r4 = ioctl$auto_TUNATTACHFILTER(r0, 0x401054d5, 0x0) ioctl$auto_virtual_ncidev_fops_virtual_ncidev(r4, 0x6, 0x0) r5 = openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000280), 0x141182, 0x0) ioctl$auto_dvb_demux_fops_dmxdev(r5, 0x40146f2c, 0x0) openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, &(0x7f0000000100), 0x101000, 0x0) openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, 0x0, 0x50ba82, 0x0) unshare$auto(0x40000080) setsockopt$auto(r1, 0xd0, 0x800000e4, 0x0, 0x569) kernel console output (not intermixed with test programs): [U] [ 159.915530][ T7333] [U] [ 159.941168][ T7333] [U] [ 159.943881][ T7333] [U] [ 159.946576][ T7333] [U] [ 159.949263][ T7333] [U] [ 160.068758][ T7333] [U] [ 160.653544][ T5831] Bluetooth: hci3: unexpected event 0x3e length: 508 > 260 [ 160.653568][ T5831] Bluetooth: hci3: unexpected subevent 0x02 length: 507 > 260 [ 160.669887][ T5831] Bluetooth: hci3: Dropping invalid advertising data [ 160.676621][ T5831] Bluetooth: hci3: unknown advertising packet type: 0xe9 [ 160.848545][ T7363] netlink: 25 bytes leftover after parsing attributes in process `syz.1.380'. [ 161.057855][ T7369] netlink: 186 bytes leftover after parsing attributes in process `syz.2.382'. [ 162.990084][ T7399] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input8 [ 163.446700][ T7405] netlink: 86 bytes leftover after parsing attributes in process `syz.3.392'. [ 163.889799][ T7412] netlink: 4 bytes leftover after parsing attributes in process `syz.1.394'. [ 163.968898][ T7415] netlink: 25 bytes leftover after parsing attributes in process `syz.2.395'. [ 163.978812][ T7412] netlink: 'syz.1.394': attribute type 1 has an invalid length. [ 163.986498][ T7412] netlink: 'syz.1.394': attribute type 6 has an invalid length. [ 165.360816][ T7428] cougar: G6 mapped to space [ 166.915851][ T7454] FAULT_INJECTION: forcing a failure. [ 166.915851][ T7454] name failslab, interval 1, probability 0, space 0, times 0 [ 167.002339][ T7454] CPU: 0 UID: 0 PID: 7454 Comm: syz.0.404 Not tainted syzkaller #0 PREEMPT(full) [ 167.002361][ T7454] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 167.002371][ T7454] Call Trace: [ 167.002376][ T7454] [ 167.002382][ T7454] dump_stack_lvl+0x100/0x190 [ 167.002410][ T7454] should_fail_ex.cold+0x5/0xa [ 167.002428][ T7454] should_failslab+0xc2/0x120 [ 167.002446][ T7454] __kmalloc_cache_noprof+0x7a/0x6f0 [ 167.002465][ T7454] ? copy_net_ns+0x135/0x7c0 [ 167.002489][ T7454] copy_net_ns+0x135/0x7c0 [ 167.002507][ T7454] ? copy_cgroup_ns+0x71/0x970 [ 167.002525][ T7454] create_new_namespaces+0x3ea/0xac0 [ 167.002545][ T7454] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 167.002562][ T7454] ksys_unshare+0x473/0xad0 [ 167.002582][ T7454] ? __pfx_ksys_unshare+0x10/0x10 [ 167.002607][ T7454] __x64_sys_unshare+0x31/0x40 [ 167.002624][ T7454] do_syscall_64+0x106/0xf80 [ 167.002641][ T7454] ? clear_bhb_loop+0x40/0x90 [ 167.002659][ T7454] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 167.002674][ T7454] RIP: 0033:0x7faaa239c799 [ 167.002687][ T7454] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 167.002701][ T7454] RSP: 002b:00007faaa324c028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 167.002715][ T7454] RAX: ffffffffffffffda RBX: 00007faaa2615fa0 RCX: 00007faaa239c799 [ 167.002724][ T7454] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 167.002733][ T7454] RBP: 00007faaa2432bd9 R08: 0000000000000000 R09: 0000000000000000 [ 167.002741][ T7454] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 167.002749][ T7454] R13: 00007faaa2616038 R14: 00007faaa2615fa0 R15: 00007fffbe4c3508 [ 167.002768][ T7454] [ 168.446298][ T7477] netlink: 246 bytes leftover after parsing attributes in process `syz.2.412'. [ 169.134570][ T7483] FAULT_INJECTION: forcing a failure. [ 169.134570][ T7483] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 169.267195][ T7483] CPU: 0 UID: 0 PID: 7483 Comm: syz.3.413 Not tainted syzkaller #0 PREEMPT(full) [ 169.267217][ T7483] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 169.267226][ T7483] Call Trace: [ 169.267232][ T7483] [ 169.267238][ T7483] dump_stack_lvl+0x100/0x190 [ 169.267265][ T7483] should_fail_ex.cold+0x5/0xa [ 169.267281][ T7483] ? prepare_alloc_pages+0x16d/0x5f0 [ 169.267300][ T7483] should_fail_alloc_page+0xeb/0x140 [ 169.267318][ T7483] prepare_alloc_pages+0x1f0/0x5f0 [ 169.267338][ T7483] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 169.267360][ T7483] ? rcu_is_watching+0x12/0xc0 [ 169.267388][ T7483] ? trace_mm_page_alloc+0x17a/0x1d0 [ 169.267406][ T7483] ? __alloc_frozen_pages_noprof+0x2b1/0x2ba0 [ 169.267428][ T7483] ? vhost_dev_set_owner+0x190/0xa30 [ 169.267447][ T7483] ? stack_trace_save+0x8e/0xc0 [ 169.267461][ T7483] ? __pfx_stack_trace_save+0x10/0x10 [ 169.267475][ T7483] ? stack_depot_save_flags+0x27/0x9d0 [ 169.267492][ T7483] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 169.267517][ T7483] ? vhost_dev_set_owner+0x190/0xa30 [ 169.267534][ T7483] ? kasan_save_stack+0x3f/0x50 [ 169.267559][ T7483] ? kasan_save_stack+0x30/0x50 [ 169.267579][ T7483] ? kasan_save_track+0x14/0x30 [ 169.267600][ T7483] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 169.267624][ T7483] ? __lock_acquire+0x4a5/0x2630 [ 169.267646][ T7483] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 169.267671][ T7483] ? policy_nodemask+0xed/0x4f0 [ 169.267688][ T7483] alloc_pages_mpol+0x1fb/0x550 [ 169.267704][ T7483] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 169.267724][ T7483] ? vhost_dev_set_owner+0x3b2/0xa30 [ 169.267741][ T7483] ___kmalloc_large_node+0x104/0x150 [ 169.267759][ T7483] __kmalloc_large_node_noprof+0x1c/0x70 [ 169.267778][ T7483] __kmalloc_noprof+0x5be/0x850 [ 169.267803][ T7483] vhost_dev_set_owner+0x3b2/0xa30 [ 169.267827][ T7483] vhost_net_ioctl+0xfa3/0x1910 [ 169.267845][ T7483] ? do_vfs_ioctl+0x226/0x13e0 [ 169.267866][ T7483] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 169.267886][ T7483] ? __pfx_vhost_net_ioctl+0x10/0x10 [ 169.267908][ T7483] ? find_held_lock+0x2b/0x80 [ 169.267921][ T7483] ? __fget_files+0x215/0x3d0 [ 169.267934][ T7483] ? hook_file_ioctl_common+0x146/0x410 [ 169.267962][ T7483] ? __fget_files+0x21f/0x3d0 [ 169.267978][ T7483] ? __pfx_vhost_net_ioctl+0x10/0x10 [ 169.267997][ T7483] __x64_sys_ioctl+0x18e/0x210 [ 169.268019][ T7483] do_syscall_64+0x106/0xf80 [ 169.268037][ T7483] ? clear_bhb_loop+0x40/0x90 [ 169.268054][ T7483] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 169.268069][ T7483] RIP: 0033:0x7f89c359c799 [ 169.268084][ T7483] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 169.268098][ T7483] RSP: 002b:00007f89c44a6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 169.268112][ T7483] RAX: ffffffffffffffda RBX: 00007f89c3816090 RCX: 00007f89c359c799 [ 169.268123][ T7483] RDX: 0000000000000005 RSI: 000000000000af01 RDI: 0000000000000008 [ 169.268132][ T7483] RBP: 00007f89c3632bd9 R08: 0000000000000000 R09: 0000000000000000 [ 169.268141][ T7483] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 169.268150][ T7483] R13: 00007f89c3816128 R14: 00007f89c3816090 R15: 00007ffefc25af68 [ 169.268170][ T7483] [ 173.120236][ T7560] FAULT_INJECTION: forcing a failure. [ 173.120236][ T7560] name failslab, interval 1, probability 0, space 0, times 0 [ 173.187042][ T7560] CPU: 0 UID: 0 PID: 7560 Comm: syz.2.438 Not tainted syzkaller #0 PREEMPT(full) [ 173.187064][ T7560] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 173.187074][ T7560] Call Trace: [ 173.187079][ T7560] [ 173.187085][ T7560] dump_stack_lvl+0x100/0x190 [ 173.187113][ T7560] should_fail_ex.cold+0x5/0xa [ 173.187132][ T7560] should_failslab+0xc2/0x120 [ 173.187148][ T7560] __kmalloc_node_track_caller_noprof+0xe3/0x850 [ 173.187171][ T7560] ? kasprintf+0xc7/0x100 [ 173.187189][ T7560] kvasprintf+0xbc/0x150 [ 173.187204][ T7560] ? __pfx_kvasprintf+0x10/0x10 [ 173.187219][ T7560] ? __pfx_vsnprintf+0x10/0x10 [ 173.187241][ T7560] kasprintf+0xc7/0x100 [ 173.187255][ T7560] ? __pfx_kasprintf+0x10/0x10 [ 173.187270][ T7560] ? __pfx_add_uevent_var+0x10/0x10 [ 173.187293][ T7560] ? __pfx_vsnprintf+0x10/0x10 [ 173.187311][ T7560] ? __pfx_drm_devnode+0x10/0x10 [ 173.187327][ T7560] device_get_devnode+0x166/0x2c0 [ 173.187344][ T7560] dev_uevent+0x4c6/0x8a0 [ 173.187360][ T7560] ? __pfx_dev_uevent+0x10/0x10 [ 173.187377][ T7560] ? __asan_memcpy+0x3c/0x60 [ 173.187397][ T7560] ? kobject_get_path+0x8d/0x2c0 [ 173.187417][ T7560] ? __pfx_dev_uevent+0x10/0x10 [ 173.187431][ T7560] kobject_uevent_env+0x6eb/0x18b0 [ 173.187461][ T7560] drm_sysfs_lease_event+0x108/0x160 [ 173.187479][ T7560] ? __pfx_drm_sysfs_lease_event+0x10/0x10 [ 173.187501][ T7560] drm_lease_destroy+0x377/0x530 [ 173.187519][ T7560] drm_master_destroy+0xcc/0x160 [ 173.187536][ T7560] drm_master_release+0x26b/0x610 [ 173.187563][ T7560] drm_file_free.part.0+0x9c5/0xcc0 [ 173.187581][ T7560] ? __pfx___fsnotify_parent+0x10/0x10 [ 173.187600][ T7560] drm_close_helper.isra.0+0x186/0x200 [ 173.187619][ T7560] drm_release+0x1ab/0x360 [ 173.187636][ T7560] ? __pfx_drm_release+0x10/0x10 [ 173.187651][ T7560] __fput+0x3ff/0xb40 [ 173.187672][ T7560] task_work_run+0x150/0x240 [ 173.187694][ T7560] ? __pfx_task_work_run+0x10/0x10 [ 173.187719][ T7560] exit_to_user_mode_loop+0x100/0x4a0 [ 173.187740][ T7560] do_syscall_64+0x668/0xf80 [ 173.187757][ T7560] ? clear_bhb_loop+0x40/0x90 [ 173.187775][ T7560] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 173.187790][ T7560] RIP: 0033:0x7efcdbb9c799 [ 173.187803][ T7560] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 173.187816][ T7560] RSP: 002b:00007efcdcb0f028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 173.187831][ T7560] RAX: 0000000000000000 RBX: 00007efcdbe15fa0 RCX: 00007efcdbb9c799 [ 173.187840][ T7560] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 173.187848][ T7560] RBP: 00007efcdbc32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 173.187856][ T7560] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 173.187865][ T7560] R13: 00007efcdbe16038 R14: 00007efcdbe15fa0 R15: 00007fff401a9bf8 [ 173.187884][ T7560] [ 173.485399][ T7563] netlink: 16 bytes leftover after parsing attributes in process `syz.3.440'. [ 174.776474][ T7587] netlink: 4 bytes leftover after parsing attributes in process `syz.1.445'. [ 174.841107][ T7587] netlink: 25 bytes leftover after parsing attributes in process `syz.1.445'. [ 175.249104][ T7589] netlink: 12 bytes leftover after parsing attributes in process `syz.1.446'. [ 175.359142][ T7594] netlink: 8 bytes leftover after parsing attributes in process `syz.1.446'. [ 175.411353][ T7595] netlink: 25 bytes leftover after parsing attributes in process `syz.0.447'. [ 176.155289][ T7606] netlink: 62 bytes leftover after parsing attributes in process `syz.3.454'. [ 176.265899][ T7611] netlink: 62 bytes leftover after parsing attributes in process `syz.3.454'. [ 176.340546][ T7611] netlink: 62 bytes leftover after parsing attributes in process `syz.3.454'. [ 176.340719][ T7611] netlink: 62 bytes leftover after parsing attributes in process `syz.3.454'. [ 177.828794][ T7640] random: crng reseeded on system resumption [ 177.914087][ T5831] Bluetooth: hci3: SCO packet for unknown connection handle 0 [ 179.352452][ T7650] __nla_validate_parse: 22 callbacks suppressed [ 179.352470][ T7650] netlink: 29 bytes leftover after parsing attributes in process `syz.0.467'. [ 179.506237][ T5831] Bluetooth: hci0: unexpected event 0x02 length: 726 > 260 [ 179.793832][ T7658] FAULT_INJECTION: forcing a failure. [ 179.793832][ T7658] name failslab, interval 1, probability 0, space 0, times 0 [ 179.978142][ T7658] CPU: 0 UID: 0 PID: 7658 Comm: syz.0.470 Not tainted syzkaller #0 PREEMPT(full) [ 179.978164][ T7658] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 179.978173][ T7658] Call Trace: [ 179.978180][ T7658] [ 179.978187][ T7658] dump_stack_lvl+0x100/0x190 [ 179.978215][ T7658] should_fail_ex.cold+0x5/0xa [ 179.978233][ T7658] should_failslab+0xc2/0x120 [ 179.978248][ T7658] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 179.978270][ T7658] ? alloc_inode+0x183/0x250 [ 179.978294][ T7658] alloc_inode+0x183/0x250 [ 179.978313][ T7658] new_inode+0x22/0x1c0 [ 179.978330][ T7658] ? dput.part.0+0xdd/0x570 [ 179.978349][ T7658] simple_fill_super+0x2d9/0x680 [ 179.978366][ T7658] ? __pfx_nfsd_fill_super+0x10/0x10 [ 179.978382][ T7658] nfsd_fill_super+0x98/0x560 [ 179.978395][ T7658] ? __pfx_set_anon_super_fc+0x10/0x10 [ 179.978416][ T7658] ? __pfx_nfsd_fill_super+0x10/0x10 [ 179.978430][ T7658] get_tree_keyed+0x10e/0x1d0 [ 179.978453][ T7658] vfs_get_tree+0x92/0x320 [ 179.978474][ T7658] path_mount+0x7d0/0x23d0 [ 179.978494][ T7658] ? __pfx_path_mount+0x10/0x10 [ 179.978509][ T7658] ? lockdep_hardirqs_on+0x78/0x100 [ 179.978529][ T7658] ? putname+0xb1/0x110 [ 179.978542][ T7658] ? kmem_cache_free+0x124/0x6a0 [ 179.978568][ T7658] ? __x64_sys_mount+0x293/0x310 [ 179.978583][ T7658] __x64_sys_mount+0x293/0x310 [ 179.978609][ T7658] ? __pfx___x64_sys_mount+0x10/0x10 [ 179.978632][ T7658] do_syscall_64+0x106/0xf80 [ 179.978649][ T7658] ? clear_bhb_loop+0x40/0x90 [ 179.978668][ T7658] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 179.978683][ T7658] RIP: 0033:0x7faaa239c799 [ 179.978696][ T7658] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 179.978711][ T7658] RSP: 002b:00007faaa324c028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 179.978725][ T7658] RAX: ffffffffffffffda RBX: 00007faaa2615fa0 RCX: 00007faaa239c799 [ 179.978735][ T7658] RDX: 0000200000000140 RSI: 0000200000000440 RDI: 0000000000000000 [ 179.978743][ T7658] RBP: 00007faaa2432bd9 R08: 0000000000000000 R09: 0000000000000000 [ 179.978752][ T7658] R10: 0000000001010000 R11: 0000000000000246 R12: 0000000000000000 [ 179.978760][ T7658] R13: 00007faaa2616038 R14: 00007faaa2615fa0 R15: 00007fffbe4c3508 [ 179.978780][ T7658] [ 180.594813][ T7669] netlink: 330 bytes leftover after parsing attributes in process `syz.0.473'. [ 180.664438][ T7669] : renamed from bond_slave_0 (while UP) [ 180.754109][ T7664] syz.2.472 (7664) used greatest stack depth: 19672 bytes left [ 181.847580][ T7685] netlink: 354 bytes leftover after parsing attributes in process `syz.2.478'. [ 181.863421][ T7688] netlink: 4 bytes leftover after parsing attributes in process `syz.3.479'. [ 182.168042][ T7692] netlink: 'syz.2.481': attribute type 10 has an invalid length. [ 182.175779][ T7692] netlink: 330 bytes leftover after parsing attributes in process `syz.2.481'. [ 182.480048][ T7669] netlink: 330 bytes leftover after parsing attributes in process `syz.0.473'. [ 182.734611][ T7699] netlink: 4 bytes leftover after parsing attributes in process `syz.2.483'. [ 182.781922][ T7699] netlink: 354 bytes leftover after parsing attributes in process `syz.2.483'. [ 183.226088][ T7708] netlink: 28 bytes leftover after parsing attributes in process `syz.0.485'. [ 184.082316][ T7718] netlink: 12 bytes leftover after parsing attributes in process `syz.2.490'. [ 184.142305][ T7718] i: entered promiscuous mode [ 184.180458][ T7718] HfR: entered promiscuous mode [ 185.338387][ T7752] netlink: 28 bytes leftover after parsing attributes in process `syz.1.500'. [ 185.446968][ T7752] veth0_macvtap: left promiscuous mode [ 185.472912][ T7752] macvtap0: entered promiscuous mode [ 185.507617][ T7752] macvtap0: entered allmulticast mode [ 187.040979][ T7769] netlink: 350 bytes leftover after parsing attributes in process `syz.2.506'. [ 188.302160][ T1333] netdevsim netdevsim1335 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 188.403028][ T7801] netlink: 4 bytes leftover after parsing attributes in process `syz.1.515'. [ 188.425279][ T7801] netlink: 'syz.1.515': attribute type 1 has an invalid length. [ 188.456248][ T7801] netlink: 'syz.1.515': attribute type 6 has an invalid length. [ 191.004623][ T7845] FAULT_INJECTION: forcing a failure. [ 191.004623][ T7845] name fail_futex, interval 1, probability 0, space 0, times 1 [ 191.066111][ T7845] CPU: 0 UID: 0 PID: 7845 Comm: syz.2.527 Not tainted syzkaller #0 PREEMPT(full) [ 191.066133][ T7845] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 191.066145][ T7845] Call Trace: [ 191.066150][ T7845] [ 191.066159][ T7845] dump_stack_lvl+0x100/0x190 [ 191.066186][ T7845] should_fail_ex.cold+0x5/0xa [ 191.066204][ T7845] get_futex_key+0x1d2/0x1620 [ 191.066225][ T7845] ? __pfx_get_futex_key+0x10/0x10 [ 191.066250][ T7845] ? update_se+0x94/0x760 [ 191.066272][ T7845] futex_wait_setup+0x83/0x510 [ 191.066299][ T7845] __futex_wait+0x19f/0x300 [ 191.066322][ T7845] ? __pfx___futex_wait+0x10/0x10 [ 191.066342][ T7845] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 191.066358][ T7845] ? lockdep_hardirqs_on+0x78/0x100 [ 191.066378][ T7845] ? __pfx_futex_wake_mark+0x10/0x10 [ 191.066402][ T7845] ? find_held_lock+0x2b/0x80 [ 191.066415][ T7845] ? futex_wake+0x456/0x530 [ 191.066440][ T7845] futex_wait+0xed/0x380 [ 191.066462][ T7845] ? __pfx_futex_wait+0x10/0x10 [ 191.066489][ T7845] ? vhost_net_ioctl+0x23f/0x1910 [ 191.066507][ T7845] ? do_vfs_ioctl+0x226/0x13e0 [ 191.066530][ T7845] do_futex+0x1ef/0x350 [ 191.066548][ T7845] ? __pfx_do_futex+0x10/0x10 [ 191.066568][ T7845] ? find_held_lock+0x2b/0x80 [ 191.066584][ T7845] __x64_sys_futex+0x34f/0x4d0 [ 191.066604][ T7845] ? __fget_files+0x21f/0x3d0 [ 191.066618][ T7845] ? __pfx___x64_sys_futex+0x10/0x10 [ 191.066644][ T7845] do_syscall_64+0x106/0xf80 [ 191.066661][ T7845] ? clear_bhb_loop+0x40/0x90 [ 191.066679][ T7845] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 191.066694][ T7845] RIP: 0033:0x7efcdbb9c799 [ 191.066707][ T7845] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 191.066721][ T7845] RSP: 002b:00007efcdcaee0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 191.066735][ T7845] RAX: ffffffffffffffda RBX: 00007efcdbe16098 RCX: 00007efcdbb9c799 [ 191.066745][ T7845] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007efcdbe16098 [ 191.066753][ T7845] RBP: 00007efcdbe16090 R08: 0000000000000000 R09: 0000000000000000 [ 191.066762][ T7845] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 191.066770][ T7845] R13: 00007efcdbe16128 R14: 00007fff401a9b10 R15: 00007fff401a9bf8 [ 191.066789][ T7845] [ 192.982452][ T7873] netlink: 28 bytes leftover after parsing attributes in process `syz.0.535'. [ 193.183583][ T7873] bond0: (slave ): Releasing backup interface [ 193.255950][ T7880] netlink: 'syz.2.537': attribute type 2 has an invalid length. [ 193.290046][ T7880] netlink: 'syz.2.537': attribute type 3 has an invalid length. [ 193.324085][ T7880] netlink: 158 bytes leftover after parsing attributes in process `syz.2.537'. [ 193.369220][ T7880] netlink: 4 bytes leftover after parsing attributes in process `syz.2.537'. [ 194.335837][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.343803][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 195.018335][ T7898] netlink: 4 bytes leftover after parsing attributes in process `syz.3.542'. [ 195.117147][ T7900] netlink: 25 bytes leftover after parsing attributes in process `syz.3.542'. [ 195.295694][ T7906] netlink: 28 bytes leftover after parsing attributes in process `syz.1.544'. [ 195.491919][ T7906] bond0: (slave bond_slave_1): Releasing backup interface [ 195.981678][ T7918] netlink: 4 bytes leftover after parsing attributes in process `syz.1.549'. [ 196.037145][ T7918] netlink: 354 bytes leftover after parsing attributes in process `syz.1.549'. [ 197.536804][ T7938] netlink: 25 bytes leftover after parsing attributes in process `syz.1.555'. [ 199.901742][ T7985] FAULT_INJECTION: forcing a failure. [ 199.901742][ T7985] name failslab, interval 1, probability 0, space 0, times 0 [ 199.967162][ T7985] CPU: 0 UID: 0 PID: 7985 Comm: syz.1.568 Not tainted syzkaller #0 PREEMPT(full) [ 199.967185][ T7985] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 199.967195][ T7985] Call Trace: [ 199.967200][ T7985] [ 199.967207][ T7985] dump_stack_lvl+0x100/0x190 [ 199.967235][ T7985] should_fail_ex.cold+0x5/0xa [ 199.967253][ T7985] should_failslab+0xc2/0x120 [ 199.967269][ T7985] kmem_cache_alloc_node_noprof+0x81/0x6f0 [ 199.967292][ T7985] ? __alloc_skb+0x140/0x710 [ 199.967313][ T7985] __alloc_skb+0x140/0x710 [ 199.967328][ T7985] ? __alloc_skb+0x5b7/0x710 [ 199.967343][ T7985] ? __pfx___alloc_skb+0x10/0x10 [ 199.967360][ T7985] ? netlink_has_listeners+0x20f/0x430 [ 199.967378][ T7985] ? netlink_has_listeners+0x20f/0x430 [ 199.967399][ T7985] alloc_uevent_skb+0x7d/0x210 [ 199.967423][ T7985] kobject_uevent_env+0xd2d/0x18b0 [ 199.967452][ T7985] drm_sysfs_lease_event+0x108/0x160 [ 199.967471][ T7985] ? __pfx_drm_sysfs_lease_event+0x10/0x10 [ 199.967493][ T7985] drm_lease_destroy+0x377/0x530 [ 199.967511][ T7985] drm_master_destroy+0xcc/0x160 [ 199.967530][ T7985] drm_master_release+0x26b/0x610 [ 199.967556][ T7985] drm_file_free.part.0+0x9c5/0xcc0 [ 199.967581][ T7985] ? __pfx___fsnotify_parent+0x10/0x10 [ 199.967600][ T7985] drm_close_helper.isra.0+0x186/0x200 [ 199.967619][ T7985] drm_release+0x1ab/0x360 [ 199.967635][ T7985] ? __pfx_drm_release+0x10/0x10 [ 199.967650][ T7985] __fput+0x3ff/0xb40 [ 199.967672][ T7985] task_work_run+0x150/0x240 [ 199.967693][ T7985] ? __pfx_task_work_run+0x10/0x10 [ 199.967719][ T7985] exit_to_user_mode_loop+0x100/0x4a0 [ 199.967740][ T7985] do_syscall_64+0x668/0xf80 [ 199.967757][ T7985] ? clear_bhb_loop+0x40/0x90 [ 199.967775][ T7985] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 199.967790][ T7985] RIP: 0033:0x7f61b3b9c799 [ 199.967804][ T7985] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 199.967817][ T7985] RSP: 002b:00007f61b4990028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 199.967832][ T7985] RAX: 0000000000000000 RBX: 00007f61b3e15fa0 RCX: 00007f61b3b9c799 [ 199.967841][ T7985] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 199.967849][ T7985] RBP: 00007f61b3c32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 199.967858][ T7985] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 199.967866][ T7985] R13: 00007f61b3e16038 R14: 00007f61b3e15fa0 R15: 00007ffe4caf3598 [ 199.967886][ T7985] [ 201.529836][ T5144] Bluetooth: hci0: command 0x0406 tx timeout [ 201.535883][ T5144] Bluetooth: hci3: command 0x0406 tx timeout [ 201.543702][ T5832] Bluetooth: hci1: command 0x0406 tx timeout [ 201.549819][ T5834] Bluetooth: hci2: command 0x0406 tx timeout [ 203.170013][ T8020] FAULT_INJECTION: forcing a failure. [ 203.170013][ T8020] name failslab, interval 1, probability 0, space 0, times 0 [ 203.222125][ T8020] CPU: 0 UID: 0 PID: 8020 Comm: syz.3.578 Not tainted syzkaller #0 PREEMPT(full) [ 203.222148][ T8020] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 203.222157][ T8020] Call Trace: [ 203.222162][ T8020] [ 203.222168][ T8020] dump_stack_lvl+0x100/0x190 [ 203.222196][ T8020] should_fail_ex.cold+0x5/0xa [ 203.222214][ T8020] should_failslab+0xc2/0x120 [ 203.222230][ T8020] __kmalloc_node_track_caller_noprof+0xe3/0x850 [ 203.222254][ T8020] ? kasprintf+0xc7/0x100 [ 203.222273][ T8020] kvasprintf+0xbc/0x150 [ 203.222287][ T8020] ? __pfx_kvasprintf+0x10/0x10 [ 203.222303][ T8020] ? __pfx_vsnprintf+0x10/0x10 [ 203.222331][ T8020] kasprintf+0xc7/0x100 [ 203.222346][ T8020] ? __pfx_kasprintf+0x10/0x10 [ 203.222362][ T8020] ? __pfx_add_uevent_var+0x10/0x10 [ 203.222387][ T8020] ? __pfx_vsnprintf+0x10/0x10 [ 203.222405][ T8020] ? __pfx_drm_devnode+0x10/0x10 [ 203.222421][ T8020] device_get_devnode+0x166/0x2c0 [ 203.222439][ T8020] dev_uevent+0x4c6/0x8a0 [ 203.222454][ T8020] ? __pfx_dev_uevent+0x10/0x10 [ 203.222472][ T8020] ? __asan_memcpy+0x3c/0x60 [ 203.222492][ T8020] ? kobject_get_path+0x8d/0x2c0 [ 203.222512][ T8020] ? __pfx_dev_uevent+0x10/0x10 [ 203.222527][ T8020] kobject_uevent_env+0x6eb/0x18b0 [ 203.222556][ T8020] drm_sysfs_lease_event+0x108/0x160 [ 203.222574][ T8020] ? __pfx_drm_sysfs_lease_event+0x10/0x10 [ 203.222596][ T8020] drm_lease_destroy+0x377/0x530 [ 203.222614][ T8020] drm_master_destroy+0xcc/0x160 [ 203.222631][ T8020] drm_master_release+0x26b/0x610 [ 203.222651][ T8020] drm_file_free.part.0+0x9c5/0xcc0 [ 203.222669][ T8020] ? __pfx___fsnotify_parent+0x10/0x10 [ 203.222687][ T8020] drm_close_helper.isra.0+0x186/0x200 [ 203.222705][ T8020] drm_release+0x1ab/0x360 [ 203.222720][ T8020] ? __pfx_drm_release+0x10/0x10 [ 203.222736][ T8020] __fput+0x3ff/0xb40 [ 203.222757][ T8020] task_work_run+0x150/0x240 [ 203.222778][ T8020] ? __pfx_task_work_run+0x10/0x10 [ 203.222803][ T8020] exit_to_user_mode_loop+0x100/0x4a0 [ 203.222824][ T8020] do_syscall_64+0x668/0xf80 [ 203.222841][ T8020] ? clear_bhb_loop+0x40/0x90 [ 203.222859][ T8020] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 203.222874][ T8020] RIP: 0033:0x7f89c359c799 [ 203.222887][ T8020] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 203.222901][ T8020] RSP: 002b:00007f89c44c7028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 203.222916][ T8020] RAX: 0000000000000000 RBX: 00007f89c3815fa0 RCX: 00007f89c359c799 [ 203.222925][ T8020] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 203.222934][ T8020] RBP: 00007f89c3632bd9 R08: 0000000000000000 R09: 0000000000000000 [ 203.222943][ T8020] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 203.222951][ T8020] R13: 00007f89c3816038 R14: 00007f89c3815fa0 R15: 00007ffefc25af68 [ 203.222972][ T8020] [ 204.011750][ T8032] netlink: 9 bytes leftover after parsing attributes in process `syz.3.580'. [ 204.242126][ T8038] netlink: 330 bytes leftover after parsing attributes in process `syz.1.581'. [ 205.957656][ T8062] futex_wake_op: syz.1.588 tries to shift op by -2048; fix this program [ 206.010799][ T8062] futex_wake_op: syz.1.588 tries to shift op by -2048; fix this program [ 206.094443][ T8064] HfR: entered promiscuous mode [ 212.090132][ T8155] FAULT_INJECTION: forcing a failure. [ 212.090132][ T8155] name fail_futex, interval 1, probability 0, space 0, times 0 [ 212.186655][ T8155] CPU: 0 UID: 0 PID: 8155 Comm: syz.2.611 Not tainted syzkaller #0 PREEMPT(full) [ 212.186679][ T8155] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 212.186689][ T8155] Call Trace: [ 212.186694][ T8155] [ 212.186700][ T8155] dump_stack_lvl+0x100/0x190 [ 212.186727][ T8155] should_fail_ex.cold+0x5/0xa [ 212.186745][ T8155] get_futex_key+0x1d2/0x1620 [ 212.186765][ T8155] ? __pfx_get_futex_key+0x10/0x10 [ 212.186791][ T8155] futex_wake+0xea/0x530 [ 212.186815][ T8155] ? __pfx_futex_wake+0x10/0x10 [ 212.186836][ T8155] ? __call_rcu_common.constprop.0+0x3f0/0x9b0 [ 212.186862][ T8155] do_futex+0x32b/0x350 [ 212.186881][ T8155] ? __pfx_do_futex+0x10/0x10 [ 212.186899][ T8155] ? __pfx___might_resched+0x10/0x10 [ 212.186919][ T8155] ? blkcg_maybe_throttle_current+0x5df/0xeb0 [ 212.186941][ T8155] __x64_sys_futex+0x34f/0x4d0 [ 212.186961][ T8155] ? __pfx_task_work_run+0x10/0x10 [ 212.186981][ T8155] ? __pfx___x64_sys_futex+0x10/0x10 [ 212.186999][ T8155] ? exit_to_user_mode_loop+0xdd/0x4a0 [ 212.187030][ T8155] do_syscall_64+0x106/0xf80 [ 212.187049][ T8155] ? clear_bhb_loop+0x40/0x90 [ 212.187067][ T8155] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 212.187084][ T8155] RIP: 0033:0x7efcdbb9c799 [ 212.187097][ T8155] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 212.187111][ T8155] RSP: 002b:00007efcdcaee0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 212.187125][ T8155] RAX: ffffffffffffffda RBX: 00007efcdbe16098 RCX: 00007efcdbb9c799 [ 212.187135][ T8155] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007efcdbe1609c [ 212.187143][ T8155] RBP: 00007efcdbe16090 R08: 0000000000000000 R09: 0000000000000000 [ 212.187152][ T8155] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 212.187160][ T8155] R13: 00007efcdbe16128 R14: 00007fff401a9b10 R15: 00007fff401a9bf8 [ 212.187179][ T8155] [ 219.037564][ T8257] netlink: 4 bytes leftover after parsing attributes in process `syz.2.635'. [ 222.406968][ T5831] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 236.860236][ T8554] netlink: 28 bytes leftover after parsing attributes in process `syz.1.721'. [ 238.584886][ T8589] bridge0: port 3(team0) entered blocking state [ 238.665001][ T8589] bridge0: port 3(team0) entered disabled state [ 238.735393][ T8589] team0: entered allmulticast mode [ 238.783467][ T8589] team_slave_0: entered allmulticast mode [ 238.824859][ T8589] team_slave_1: entered allmulticast mode [ 238.870670][ T8589] team0: entered promiscuous mode [ 238.908077][ T8589] team_slave_0: entered promiscuous mode [ 238.950089][ T8589] team_slave_1: entered promiscuous mode [ 238.988708][ T8589] bridge0: port 3(team0) entered blocking state [ 238.995092][ T8589] bridge0: port 3(team0) entered forwarding state [ 244.792120][ T8686] bridge0: port 3(team0) entered blocking state [ 244.832116][ T8686] bridge0: port 3(team0) entered disabled state [ 244.895452][ T8686] team0: entered allmulticast mode [ 244.939447][ T8686] team_slave_0: entered allmulticast mode [ 244.966500][ T8686] team_slave_1: entered allmulticast mode [ 245.001540][ T8686] team0: entered promiscuous mode [ 245.026408][ T8686] team_slave_0: entered promiscuous mode [ 245.053407][ T8686] team_slave_1: entered promiscuous mode [ 245.083710][ T8686] bridge0: port 3(team0) entered blocking state [ 245.090159][ T8686] bridge0: port 3(team0) entered forwarding state [ 245.561748][ T8705] netlink: 12 bytes leftover after parsing attributes in process `syz.0.760'. [ 245.635320][ T8705] netlink: 8 bytes leftover after parsing attributes in process `syz.0.760'. [ 248.713540][ T8757] bridge0: port 3(team0) entered blocking state [ 248.788886][ T8757] bridge0: port 3(team0) entered disabled state [ 248.849768][ T8757] team0: entered allmulticast mode [ 248.897637][ T8757] team_slave_0: entered allmulticast mode [ 248.939466][ T8757] team_slave_1: entered allmulticast mode [ 248.982599][ T8757] team0: entered promiscuous mode [ 249.016032][ T8757] team_slave_0: entered promiscuous mode [ 249.057118][ T8757] team_slave_1: entered promiscuous mode [ 249.098594][ T8757] bridge0: port 3(team0) entered blocking state [ 249.105104][ T8757] bridge0: port 3(team0) entered forwarding state [ 249.194166][ T8759] netlink: 62 bytes leftover after parsing attributes in process `syz.1.771'. [ 249.227961][ T8761] netlink: 62 bytes leftover after parsing attributes in process `syz.1.771'. [ 249.274724][ T8761] netlink: 62 bytes leftover after parsing attributes in process `syz.1.771'. [ 249.322455][ T8761] netlink: 62 bytes leftover after parsing attributes in process `syz.1.771'. [ 249.362577][ T8761] netlink: 62 bytes leftover after parsing attributes in process `syz.1.771'. [ 249.405834][ T8761] netlink: 62 bytes leftover after parsing attributes in process `syz.1.771'. [ 249.443721][ T8761] netlink: 62 bytes leftover after parsing attributes in process `syz.1.771'. [ 249.491408][ T8761] netlink: 62 bytes leftover after parsing attributes in process `syz.1.771'. [ 255.771746][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.778997][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 257.851736][ T8881] __nla_validate_parse: 10 callbacks suppressed [ 257.851751][ T8881] netlink: 4 bytes leftover after parsing attributes in process `syz.1.809'. [ 258.623977][ T8898] netlink: 62 bytes leftover after parsing attributes in process `syz.0.804'. [ 258.648999][ T8898] netlink: 62 bytes leftover after parsing attributes in process `syz.0.804'. [ 258.688084][ T8898] netlink: 62 bytes leftover after parsing attributes in process `syz.0.804'. [ 258.716606][ T8898] netlink: 62 bytes leftover after parsing attributes in process `syz.0.804'. [ 258.749365][ T8898] netlink: 62 bytes leftover after parsing attributes in process `syz.0.804'. [ 258.786022][ T8898] netlink: 62 bytes leftover after parsing attributes in process `syz.0.804'. [ 258.817552][ T8898] netlink: 62 bytes leftover after parsing attributes in process `syz.0.804'. [ 258.843434][ T8898] netlink: 62 bytes leftover after parsing attributes in process `syz.0.804'. [ 258.863401][ T8898] netlink: 62 bytes leftover after parsing attributes in process `syz.0.804'. [ 264.044533][ T8998] netlink: 'syz.3.836': attribute type 10 has an invalid length. [ 264.100624][ T8998] __nla_validate_parse: 13 callbacks suppressed [ 264.100640][ T8998] netlink: 330 bytes leftover after parsing attributes in process `syz.3.836'. [ 267.894014][ T9068] netlink: 'syz.0.854': attribute type 4 has an invalid length. [ 267.923643][ T9068] netlink: 'syz.0.854': attribute type 5 has an invalid length. [ 267.962222][ T9068] netlink: 10 bytes leftover after parsing attributes in process `syz.0.854'. [ 269.011221][ T9092] netlink: 62 bytes leftover after parsing attributes in process `syz.2.858'. [ 269.062738][ T9092] netlink: 62 bytes leftover after parsing attributes in process `syz.2.858'. [ 269.101501][ T9092] netlink: 62 bytes leftover after parsing attributes in process `syz.2.858'. [ 269.149381][ T9092] netlink: 62 bytes leftover after parsing attributes in process `syz.2.858'. [ 269.203662][ T9092] netlink: 62 bytes leftover after parsing attributes in process `syz.2.858'. [ 269.243112][ T9092] netlink: 62 bytes leftover after parsing attributes in process `syz.2.858'. [ 269.298664][ T9092] netlink: 62 bytes leftover after parsing attributes in process `syz.2.858'. [ 269.307959][ T9101] ======================================================= [ 269.307959][ T9101] WARNING: The mand mount option has been deprecated and [ 269.307959][ T9101] and is ignored by this kernel. Remove the mand [ 269.307959][ T9101] option from the mount to silence this warning. [ 269.307959][ T9101] ======================================================= [ 269.352660][ T9092] netlink: 62 bytes leftover after parsing attributes in process `syz.2.858'. [ 269.382597][ T9092] netlink: 62 bytes leftover after parsing attributes in process `syz.2.858'. [ 269.402994][ T9092] netlink: 62 bytes leftover after parsing attributes in process `syz.2.858'. [ 269.437439][ T9092] netlink: 62 bytes leftover after parsing attributes in process `syz.2.858'. [ 269.474002][ T9092] netlink: 62 bytes leftover after parsing attributes in process `syz.2.858'. [ 269.520539][ T9092] netlink: 62 bytes leftover after parsing attributes in process `syz.2.858'. [ 274.227370][ T9180] netlink: 'syz.3.886': attribute type 4 has an invalid length. [ 274.235069][ T9180] netlink: 'syz.3.886': attribute type 5 has an invalid length. [ 274.367661][ T9180] __nla_validate_parse: 21 callbacks suppressed [ 274.367675][ T9180] netlink: 10 bytes leftover after parsing attributes in process `syz.3.886'. [ 274.831100][ T9195] netlink: 504 bytes leftover after parsing attributes in process `syz.3.890'. [ 274.882104][ T9197] netlink: 28 bytes leftover after parsing attributes in process `syz.1.891'. [ 274.939497][ T9198] netlink: 350 bytes leftover after parsing attributes in process `syz.3.890'. [ 274.960965][ T9197] veth1_macvtap: left promiscuous mode [ 280.650654][ T9282] netlink: 28 bytes leftover after parsing attributes in process `syz.1.913'. [ 281.816719][ T9306] netlink: 25 bytes leftover after parsing attributes in process `syz.2.918'. [ 284.663134][ T9353] netlink: 28 bytes leftover after parsing attributes in process `syz.1.932'. [ 284.787477][ T9353] team0: left allmulticast mode [ 284.813841][ T9353] team_slave_0: left allmulticast mode [ 284.852175][ T9353] team_slave_1: left allmulticast mode [ 284.876964][ T9353] team0: left promiscuous mode [ 284.897976][ T9353] team_slave_0: left promiscuous mode [ 284.932206][ T9353] team_slave_1: left promiscuous mode [ 284.967293][ T9353] bridge0: port 3(team0) entered disabled state [ 285.016266][ T9353] bridge_slave_1: left allmulticast mode [ 285.038742][ T9353] bridge_slave_1: left promiscuous mode [ 285.063843][ T9353] bridge0: port 2(bridge_slave_1) entered disabled state [ 285.133099][ T9353] bridge_slave_0: left allmulticast mode [ 285.151034][ T9353] bridge_slave_0: left promiscuous mode [ 285.183800][ T9353] bridge0: port 1(bridge_slave_0) entered disabled state [ 289.917195][ T9434] netlink: 186 bytes leftover after parsing attributes in process `syz.2.953'. [ 290.297673][ T30] audit: type=1804 audit(2147483652.190:5): pid=9430 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.952" name="file0" dev="tmpfs" ino=1263 res=1 errno=0 [ 290.349432][ T30] audit: type=1804 audit(2147483652.230:6): pid=9438 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.952" name="file0" dev="tmpfs" ino=1263 res=1 errno=0 [ 293.183981][ T9481] netlink: 25 bytes leftover after parsing attributes in process `syz.1.963'. [ 293.480603][ T9485] netlink: 'syz.2.965': attribute type 2 has an invalid length. [ 293.522560][ T9485] netlink: 'syz.2.965': attribute type 3 has an invalid length. [ 293.546632][ T9485] netlink: 'syz.2.965': attribute type 2 has an invalid length. [ 293.571728][ T9485] netlink: 'syz.2.965': attribute type 3 has an invalid length. [ 293.597391][ T9485] netlink: 30 bytes leftover after parsing attributes in process `syz.2.965'. [ 296.506087][ T9521] netlink: 28 bytes leftover after parsing attributes in process `syz.0.974'. [ 296.892205][ T9528] netlink: 25 bytes leftover after parsing attributes in process `syz.3.975'. [ 299.829666][ T9598] netlink: 25 bytes leftover after parsing attributes in process `syz.1.995'. [ 300.594018][ T9612] vcan0: tx drop: invalid sa for name 0x00000000000000fd [ 300.664804][ T9616] netlink: 354 bytes leftover after parsing attributes in process `syz.0.1002'. [ 301.575351][ T9639] capability: warning: `syz.1.1009' uses 32-bit capabilities (legacy support in use) [ 303.729341][ T9691] syz.2.1026 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 304.010966][ T9699] netlink: 'syz.1.1028': attribute type 9 has an invalid length. [ 304.044205][ T9699] netlink: zone id is out of range [ 304.062390][ T9699] netlink: zone id is out of range [ 304.080497][ T9699] netlink: zone id is out of range [ 304.113561][ T9703] netlink: zone id is out of range [ 304.130240][ T9699] netlink: zone id is out of range [ 304.150205][ T9703] netlink: zone id is out of range [ 304.173728][ T9699] netlink: zone id is out of range [ 304.192147][ T9703] netlink: zone id is out of range [ 304.209937][ T9699] netlink: zone id is out of range [ 304.236448][ T9703] netlink: zone id is out of range [ 304.543582][ T9712] process 'syz.2.1033' launched ':,' with NULL argv: empty string added [ 307.441274][ T9704] delete_channel: no stack [ 310.360309][ T9810] net_ratelimit: 694 callbacks suppressed [ 310.360325][ T9810] netlink: zone id is out of range [ 310.416403][ T9809] netlink: 'syz.2.1056': attribute type 9 has an invalid length. [ 310.434850][ T9810] netlink: zone id is out of range [ 310.449240][ T9810] netlink: zone id is out of range [ 310.454639][ T9810] netlink: zone id is out of range [ 310.502381][ T9809] netlink: zone id is out of range [ 310.535809][ T9810] netlink: zone id is out of range [ 310.580585][ T9809] netlink: zone id is out of range [ 310.595091][ T9810] netlink: zone id is out of range [ 310.609918][ T9809] netlink: zone id is out of range [ 310.634316][ T9809] netlink: zone id is out of range [ 312.850021][ T9834] delete_channel: no stack [ 317.214084][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.221371][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 318.160239][ T9924] netlink: 5 bytes leftover after parsing attributes in process `syz.1.1085'. [ 318.687458][ T9935] netlink: 'syz.0.1090': attribute type 9 has an invalid length. [ 318.709423][ T9935] net_ratelimit: 694 callbacks suppressed [ 318.709439][ T9935] netlink: zone id is out of range [ 318.751915][ T9935] netlink: zone id is out of range [ 318.792093][ T9935] netlink: zone id is out of range [ 318.833218][ T9938] netlink: zone id is out of range [ 318.860082][ T9935] netlink: zone id is out of range [ 318.883123][ T9938] netlink: zone id is out of range [ 318.925817][ T9935] netlink: zone id is out of range [ 318.949645][ T9938] netlink: zone id is out of range [ 318.972904][ T9935] netlink: zone id is out of range [ 318.991855][ T9938] netlink: zone id is out of range [ 319.508526][ T9954] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1096'. [ 319.563908][ T9954] netlink: 354 bytes leftover after parsing attributes in process `syz.0.1096'. [ 319.905548][ T9960] [U] [ 319.908269][ T9960] [U] [ 319.910980][ T9960] [U] [ 319.913677][ T9960] [U] [ 319.966743][ T9960] [U] [ 319.969460][ T9960] [U] [ 319.972158][ T9960] [U] [ 319.974845][ T9960] [U] [ 320.003057][ T9960] [U] [ 320.005766][ T9960] [U] [ 320.008437][ T9960] [U] [ 320.011134][ T9960] [U] [ 320.053922][ T9960] [U] [ 320.056670][ T9960] [U] [ 320.059372][ T9960] [U] [ 320.062049][ T9960] [U] [ 320.108378][ T9960] [U] [ 320.111101][ T9960] [U] [ 320.113871][ T9960] [U] [ 320.116547][ T9960] [U] [ 320.161323][ T9960] [U] [ 320.164038][ T9960] [U] [ 320.166712][ T9960] [U] [ 320.169379][ T9960] [U] [ 320.236433][ T9960] [U] [ 320.239167][ T9960] [U] [ 320.241871][ T9960] [U] [ 320.244553][ T9960] [U] [ 320.287199][ T9960] [U] [ 320.289918][ T9960] [U] [ 320.292599][ T9960] [U] [ 320.295269][ T9960] [U] [ 320.336032][ T9960] [U] [ 320.338765][ T9960] [U] [ 320.341449][ T9960] [U] [ 320.344121][ T9960] [U] [ 320.395741][ T9960] [U] [ 320.398453][ T9960] [U] [ 320.401127][ T9960] [U] [ 320.403804][ T9960] [U] [ 320.447240][ T9960] [U] [ 320.449973][ T9960] [U] [ 320.452647][ T9960] [U] [ 320.455325][ T9960] [U] [ 320.507334][ T9960] [U] [ 320.510049][ T9960] [U] [ 320.512755][ T9960] [U] [ 320.515447][ T9960] [U] [ 320.558004][ T9960] [U] [ 320.560796][ T9960] [U] [ 320.563465][ T9960] [U] [ 320.566137][ T9960] [U] [ 320.610601][ T9960] [U] [ 320.613385][ T9960] [U] [ 320.616086][ T9960] [U] [ 320.618770][ T9960] [U] [ 320.719129][ T9960] [U] [ 320.721844][ T9960] [U] [ 320.724601][ T9960] [U] [ 320.727269][ T9960] [U] [ 320.817709][ T9960] [U] [ 320.820432][ T9960] [U] [ 320.823112][ T9960] [U] [ 320.825798][ T9960] [U] [ 320.881833][ T9960] [U] [ 321.669324][ T9991] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1106'. [ 324.484394][T10038] netlink: 13 bytes leftover after parsing attributes in process `syz.3.1117'. [ 325.344649][T10047] HSR: entered promiscuous mode [ 327.133029][T10083] netlink: 'syz.3.1130': attribute type 9 has an invalid length. [ 327.178508][T10083] net_ratelimit: 695 callbacks suppressed [ 327.178522][T10083] netlink: zone id is out of range [ 327.226782][T10083] netlink: zone id is out of range [ 327.256388][T10083] netlink: zone id is out of range [ 327.301850][T10087] netlink: zone id is out of range [ 327.322145][T10083] netlink: zone id is out of range [ 327.341655][T10087] netlink: zone id is out of range [ 327.361850][T10083] netlink: zone id is out of range [ 327.381145][T10087] netlink: zone id is out of range [ 327.400188][T10083] netlink: zone id is out of range [ 327.418884][T10087] netlink: zone id is out of range [ 329.406503][T10131] netlink: 50 bytes leftover after parsing attributes in process `syz.1.1143'. [ 334.188564][T10212] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1165'. [ 334.288784][T10212] netlink: 354 bytes leftover after parsing attributes in process `syz.1.1165'. [ 334.502784][T10216] RDS: rds_bind could not find a transport for ::ffff:100.1.1.2, load rds_tcp or rds_rdma? [ 338.791159][T10286] net_ratelimit: 694 callbacks suppressed [ 338.791188][T10286] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 339.537984][T10302] hub 1-0:1.0: USB hub found [ 339.570911][T10302] hub 1-0:1.0: 1 port detected [ 340.946555][T10329] netlink: 'syz.2.1197': attribute type 3 has an invalid length. [ 340.997334][T10329] netlink: 306 bytes leftover after parsing attributes in process `syz.2.1197'. [ 342.018777][T10359] netlink: 334 bytes leftover after parsing attributes in process `syz.0.1204'. [ 344.804863][T10416] netlink: 342 bytes leftover after parsing attributes in process `syz.1.1221'. [ 346.049895][ T5831] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 348.073266][T10478] binder: 10477:10478 ioctl c0306201 0 returned -14 [ 349.169058][T10500] netlink: 9 bytes leftover after parsing attributes in process `syz.2.1243'. [ 350.602228][T10522] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1251'. [ 350.630608][T10522] netlink: 25 bytes leftover after parsing attributes in process `syz.2.1251'. [ 351.074475][ T30] audit: type=1800 audit(4294967307.830:7): pid=10530 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.1252" name="SYSV00000008" dev="tmpfs" ino=0 res=0 errno=0 [ 353.071774][T10576] netlink: 25 bytes leftover after parsing attributes in process `syz.2.1266'. [ 353.394228][T10581] nbd: must specify at least one socket [ 353.731935][T10591] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1272'. [ 353.819229][T10591] team_slave_1 (unregistering): left promiscuous mode [ 353.858235][T10591] team_slave_1 (unregistering): left allmulticast mode [ 353.911537][T10591] team0: Port device team_slave_1 removed [ 355.638279][ C0] vcan0: j1939_tp_rxtimer: 0xffff88807cc50c00: rx timeout, send abort [ 356.147530][ C0] vcan0: j1939_tp_rxtimer: 0xffff88807cc50c00: abort rx timeout. Force session deactivation [ 359.711784][T10712] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1309'. [ 362.417292][T10762] Invalid ELF header magic: != ELF [ 366.101306][T10836] FAULT_INJECTION: forcing a failure. [ 366.101306][T10836] name failslab, interval 1, probability 0, space 0, times 0 [ 366.284951][T10836] CPU: 0 UID: 0 PID: 10836 Comm: syz.2.1341 Not tainted syzkaller #0 PREEMPT(full) [ 366.284975][T10836] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 366.284990][T10836] Call Trace: [ 366.284997][T10836] [ 366.285003][T10836] dump_stack_lvl+0x100/0x190 [ 366.285076][T10836] should_fail_ex.cold+0x5/0xa [ 366.285107][T10836] should_failslab+0xc2/0x120 [ 366.285141][T10836] __kmalloc_cache_noprof+0x7a/0x6f0 [ 366.285171][T10836] ? vhost_task_create+0xee/0x370 [ 366.285205][T10836] ? __kasan_kmalloc+0xaa/0xb0 [ 366.285226][T10836] ? __pfx_vhost_worker_killed+0x10/0x10 [ 366.285300][T10836] ? __pfx_vhost_run_work_list+0x10/0x10 [ 366.285319][T10836] vhost_task_create+0xee/0x370 [ 366.285341][T10836] ? __pfx_vhost_task_create+0x10/0x10 [ 366.285369][T10836] ? __pfx_vhost_task_fn+0x10/0x10 [ 366.285396][T10836] ? snprintf+0xc7/0x100 [ 366.285487][T10836] vhost_task_worker_create+0x8d/0x260 [ 366.285508][T10836] ? __pfx_vhost_task_worker_create+0x10/0x10 [ 366.285526][T10836] ? lockdep_init_map_type+0x5c/0x250 [ 366.285551][T10836] ? lockdep_init_map_type+0x5c/0x250 [ 366.285573][T10836] vhost_worker_create+0x243/0x310 [ 366.285590][T10836] ? __pfx_vhost_worker_create+0x10/0x10 [ 366.285620][T10836] vhost_dev_set_owner+0x719/0xa30 [ 366.285646][T10836] vhost_net_ioctl+0xfa3/0x1910 [ 366.285685][T10836] ? do_vfs_ioctl+0x226/0x13e0 [ 366.285712][T10836] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 366.285733][T10836] ? __pfx_vhost_net_ioctl+0x10/0x10 [ 366.285756][T10836] ? find_held_lock+0x2b/0x80 [ 366.285769][T10836] ? __fget_files+0x215/0x3d0 [ 366.285789][T10836] ? hook_file_ioctl_common+0x146/0x410 [ 366.285877][T10836] ? __fget_files+0x21f/0x3d0 [ 366.285894][T10836] ? __pfx_vhost_net_ioctl+0x10/0x10 [ 366.285914][T10836] __x64_sys_ioctl+0x18e/0x210 [ 366.285937][T10836] do_syscall_64+0x106/0xf80 [ 366.285954][T10836] ? clear_bhb_loop+0x40/0x90 [ 366.285980][T10836] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 366.285995][T10836] RIP: 0033:0x7efcdbb9c799 [ 366.286011][T10836] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 366.286025][T10836] RSP: 002b:00007efcdcaee028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 366.286045][T10836] RAX: ffffffffffffffda RBX: 00007efcdbe16090 RCX: 00007efcdbb9c799 [ 366.286056][T10836] RDX: 0000000000000005 RSI: 000000000000af01 RDI: 0000000000000007 [ 366.286064][T10836] RBP: 00007efcdbc32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 366.286073][T10836] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 366.286081][T10836] R13: 00007efcdbe16128 R14: 00007efcdbe16090 R15: 00007fff401a9bf8 [ 366.286101][T10836] [ 372.125438][ T30] audit: type=1800 audit(4294967328.883:8): pid=10931 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.1363" name="SYSV00000008" dev="tmpfs" ino=0 res=0 errno=0 [ 372.222387][T10924] tipc: Started in network mode [ 372.268185][T10924] tipc: Node identity ee00, cluster identity 4711 [ 372.312188][T10924] tipc: Node number set to 60928 [ 372.788886][T10947] netlink: 17 bytes leftover after parsing attributes in process `syz.1.1368'. [ 374.561262][T10967] netlink: 354 bytes leftover after parsing attributes in process `syz.1.1374'. [ 374.765461][T10975] input: jJǸ-9%vJ86 as /devices/virtual/input/input9 [ 375.951574][T11003] FAULT_INJECTION: forcing a failure. [ 375.951574][T11003] name failslab, interval 1, probability 0, space 0, times 0 [ 376.088615][T11003] CPU: 0 UID: 0 PID: 11003 Comm: syz.2.1381 Not tainted syzkaller #0 PREEMPT(full) [ 376.088639][T11003] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 376.088649][T11003] Call Trace: [ 376.088654][T11003] [ 376.088660][T11003] dump_stack_lvl+0x100/0x190 [ 376.088688][T11003] should_fail_ex.cold+0x5/0xa [ 376.088706][T11003] should_failslab+0xc2/0x120 [ 376.088723][T11003] __kmalloc_cache_noprof+0x7a/0x6f0 [ 376.088742][T11003] ? refill_pi_state_cache+0x91/0x260 [ 376.088800][T11003] refill_pi_state_cache+0x91/0x260 [ 376.088822][T11003] futex_lock_pi+0x177/0x7b0 [ 376.088847][T11003] ? __pfx_futex_lock_pi+0x10/0x10 [ 376.088869][T11003] ? __pfx___futex_wait+0x10/0x10 [ 376.088890][T11003] ? lockdep_hardirqs_on+0x78/0x100 [ 376.088976][T11003] ? __pfx_futex_wake_mark+0x10/0x10 [ 376.089003][T11003] ? __get_user_nocheck_8+0x20/0x20 [ 376.089019][T11003] ? do_vfs_ioctl+0x226/0x13e0 [ 376.089042][T11003] do_futex+0x18a/0x350 [ 376.089062][T11003] ? __pfx_do_futex+0x10/0x10 [ 376.089082][T11003] ? find_held_lock+0x2b/0x80 [ 376.089099][T11003] __x64_sys_futex+0x34f/0x4d0 [ 376.089120][T11003] ? __pfx___x64_sys_futex+0x10/0x10 [ 376.089146][T11003] do_syscall_64+0x106/0xf80 [ 376.089162][T11003] ? clear_bhb_loop+0x40/0x90 [ 376.089180][T11003] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 376.089195][T11003] RIP: 0033:0x7efcdbb9c799 [ 376.089209][T11003] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 376.089223][T11003] RSP: 002b:00007efcdcaee028 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 376.089238][T11003] RAX: ffffffffffffffda RBX: 00007efcdbe16090 RCX: 00007efcdbb9c799 [ 376.089248][T11003] RDX: 0000000000000008 RSI: 0000000000000006 RDI: 0000000000000000 [ 376.089256][T11003] RBP: 00007efcdbc32bd9 R08: 0000000000000000 R09: 000000008000fff5 [ 376.089266][T11003] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 376.089274][T11003] R13: 00007efcdbe16128 R14: 00007efcdbe16090 R15: 00007fff401a9bf8 [ 376.089294][T11003] [ 377.825815][T11014] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1384'. [ 378.658861][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.666469][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 379.186292][T11043] netlink: 25 bytes leftover after parsing attributes in process `syz.3.1390'. [ 381.731335][T11082] netlink: 25 bytes leftover after parsing attributes in process `syz.3.1407'. [ 383.679917][T11121] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1412'. [ 383.714972][T11121] netlink: 354 bytes leftover after parsing attributes in process `syz.2.1412'. [ 393.406251][T11277] netlink: 9 bytes leftover after parsing attributes in process `syz.1.1451'. [ 395.098206][T11301] Invalid ELF header magic: != ELF [ 395.289476][T11304] ptrace attach of "./syz-executor exec"[5821] was attempted by "X_f 4/ZKd>KnXe\x0c\x0bg\x0cְc-}ׯAC>\x07]+DҐgۏ@43@__ZV.H])|\x07bKr܊롩+?C8*xjx-}ZMrNbك.UM#ugyf J~ߺqm^4x^Dm!uĕI\x0ael8^8!jEeŁo9:VC(D9ߜRlv,>17K9U?\x0dY!NAƲw:/t9\x5cvꇞK,ƴfTŠ>=sjQ47|M\x0aڴnr\x0c#%3V\x5c4 %G9TG֞vOb&K+nmbt{\x0b \x0d\x0cN4\x09H|a4\x1bNϜ\x09c?/l't6!'w&y,v`jQ\x1b/|P(\x0bu7e\x09$Krc=\x0bIުaakcTj3Q+=;tV5^R;<.u.<\x22l( /UjImLޯS_t\x0ai:&LܬZ<|3IXLg!\x22չ7;]Q!X\x09`Ef&\x226^x)/ [ 395.579819][T11311] netlink: 17 bytes leftover after parsing attributes in process `syz.0.1465'. [ 395.858480][T11317] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1468'. [ 395.887040][T11317] macsec0: entered promiscuous mode [ 395.905616][T11317] macsec0: entered allmulticast mode [ 395.946401][T11317] veth1_macvtap: entered allmulticast mode [ 405.859509][ T5825] Bluetooth: hci0: ACL packet for unknown connection handle 0 [ 407.818105][T11548] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1537'. [ 408.203724][T11548] macsec0: entered promiscuous mode [ 408.230782][T11548] macsec0: entered allmulticast mode [ 408.272039][T11548] veth1_macvtap: entered allmulticast mode [ 409.115472][T11575] netlink: 25 bytes leftover after parsing attributes in process `syz.1.1546'. [ 409.131425][T11573] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1545'. [ 409.169135][T11573] netlink: 'syz.2.1545': attribute type 1 has an invalid length. [ 409.206582][T11573] netlink: 5 bytes leftover after parsing attributes in process `syz.2.1545'. [ 409.415538][T11582] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1548'. [ 410.394044][T11608] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1558'. [ 411.885035][T11653] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1570'. [ 411.991937][T11653] macsec0: entered promiscuous mode [ 412.017706][T11653] macsec0: entered allmulticast mode [ 412.064006][T11653] veth1_macvtap: entered allmulticast mode [ 412.358512][T11662] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1579'. [ 413.527150][ T5825] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 417.391562][T11717] netlink: 326 bytes leftover after parsing attributes in process `syz.3.1586'. [ 417.677480][T11727] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1591'. [ 418.242793][T11741] netlink: 25 bytes leftover after parsing attributes in process `syz.3.1594'. [ 418.484102][T11747] random: crng reseeded on system resumption [ 419.510584][T11775] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1603'. [ 419.968016][T11788] netlink: 'syz.2.1605': attribute type 2 has an invalid length. [ 420.040497][T11784] can: request_module (can-proto-5) failed. [ 420.595131][T11784] netlink: 186 bytes leftover after parsing attributes in process `syz.1.1604'. [ 421.147715][T11817] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1611'. [ 421.736815][T11834] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1614'. [ 423.417295][T11863] netlink: 25 bytes leftover after parsing attributes in process `syz.3.1618'. [ 425.470101][T11890] netlink: 25 bytes leftover after parsing attributes in process `syz.3.1626'. [ 425.843164][T11898] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1629'. [ 426.952941][T11921] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1638'. [ 427.071309][T11921] netlink: 354 bytes leftover after parsing attributes in process `syz.2.1638'. [ 427.110068][ T5825] Bluetooth: hci0: ACL packet for unknown connection handle 0 [ 427.392076][T11931] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1641'. [ 428.037672][T11945] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1644'. [ 429.898559][T11965] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1649'. [ 430.604767][T11980] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1652'. [ 434.472816][T12028] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1665'. [ 434.553658][T12035] netlink: 'syz.3.1665': attribute type 1 has an invalid length. [ 434.711074][T12035] netlink: 'syz.3.1665': attribute type 6 has an invalid length. [ 435.650934][T12051] netlink: 'syz.0.1681': attribute type 2 has an invalid length. [ 436.560582][T12062] can: request_module (can-proto-5) failed. [ 437.164469][T12070] netlink: 186 bytes leftover after parsing attributes in process `syz.3.1673'. [ 440.093238][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.102830][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 440.517676][T12108] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1684'. [ 442.060188][T12130] netlink: 'syz.3.1686': attribute type 2 has an invalid length. [ 443.075838][T12146] can: request_module (can-proto-5) failed. [ 443.218609][T12146] netlink: 186 bytes leftover after parsing attributes in process `syz.2.1696'. [ 445.016040][T12183] input: jJǸ-9%vJ86 as /devices/virtual/input/input10 [ 448.197360][T12223] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1716'. [ 448.244340][T11932] syz.3.1640 (11932) used greatest stack depth: 19552 bytes left [ 449.316222][T12241] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1722'. [ 456.924771][T12311] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1742'. [ 458.951414][T12328] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1746'. [ 459.015535][T12329] netlink: 13 bytes leftover after parsing attributes in process `syz.2.1746'. [ 461.639671][T12371] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1760'. [ 461.833397][T12371] team0: left allmulticast mode [ 461.897330][T12371] team_slave_0: left allmulticast mode [ 461.955930][T12371] team_slave_1: left allmulticast mode [ 462.002982][T12371] team0: left promiscuous mode [ 462.072484][T12371] team_slave_0: left promiscuous mode [ 462.118305][T12371] team_slave_1: left promiscuous mode [ 462.175215][T12371] bridge0: port 3(team0) entered disabled state [ 462.311095][T12371] bridge_slave_1: left allmulticast mode [ 462.349774][T12371] bridge_slave_1: left promiscuous mode [ 462.417072][T12371] bridge0: port 2(bridge_slave_1) entered disabled state [ 462.586279][T12371] bridge_slave_0: left allmulticast mode [ 462.637376][T12371] bridge_slave_0: left promiscuous mode [ 462.643088][T12371] bridge0: port 1(bridge_slave_0) entered disabled state [ 465.408617][T12408] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1768'. [ 467.176427][T12433] futex_wake_op: syz.0.1774 tries to shift op by -2048; fix this program [ 467.327657][T12433] futex_wake_op: syz.0.1774 tries to shift op by -2048; fix this program [ 467.518010][T12438] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1777'. [ 467.690416][T12438] team0 (unregistering): Port device team_slave_0 removed [ 467.788398][T12438] team0 (unregistering): Port device team_slave_1 removed [ 468.088895][T12446] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1779'. [ 468.738624][T12456] FAULT_INJECTION: forcing a failure. [ 468.738624][T12456] name failslab, interval 1, probability 0, space 0, times 0 [ 468.947613][T12456] CPU: 0 UID: 0 PID: 12456 Comm: syz.2.1781 Tainted: G L syzkaller #0 PREEMPT(full) [ 468.947640][T12456] Tainted: [L]=SOFTLOCKUP [ 468.947645][T12456] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 468.947655][T12456] Call Trace: [ 468.947660][T12456] [ 468.947666][T12456] dump_stack_lvl+0x100/0x190 [ 468.947696][T12456] should_fail_ex.cold+0x5/0xa [ 468.947716][T12456] should_failslab+0xc2/0x120 [ 468.947734][T12456] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 468.947763][T12456] ? __proc_create+0x2cb/0x8c0 [ 468.947826][T12456] __proc_create+0x2cb/0x8c0 [ 468.947850][T12456] ? __pfx___proc_create+0x10/0x10 [ 468.947881][T12456] proc_mkdir+0x81/0x170 [ 468.947895][T12456] ? __pfx_proc_mkdir+0x10/0x10 [ 468.947910][T12456] ? mark_held_locks+0x40/0x70 [ 468.947929][T12456] ? _raw_spin_unlock_irq+0x23/0x50 [ 468.947995][T12456] register_handler_proc+0x36c/0x4c0 [ 468.948026][T12456] ? __pfx_register_handler_proc+0x10/0x10 [ 468.948056][T12456] ? mark_held_locks+0x40/0x70 [ 468.948073][T12456] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 468.948092][T12456] __setup_irq+0x11ee/0x2020 [ 468.948114][T12456] ? kasan_save_track+0x14/0x30 [ 468.948138][T12456] request_threaded_irq+0x261/0x3e0 [ 468.948159][T12456] univ8250_setup_irq+0x5ba/0x750 [ 468.948243][T12456] ? io_serial_out+0x65/0xb0 [ 468.948258][T12456] ? io_serial_in+0x60/0xb0 [ 468.948276][T12456] serial8250_do_startup+0xac8/0x3260 [ 468.948301][T12456] ? mark_held_locks+0x40/0x70 [ 468.948321][T12456] serial8250_startup+0x62/0x80 [ 468.948342][T12456] uart_startup+0x50f/0x1330 [ 468.948366][T12456] uart_port_activate+0xe8/0x190 [ 468.948385][T12456] ? __pfx_uart_port_activate+0x10/0x10 [ 468.948403][T12456] tty_port_open+0x1de/0x270 [ 468.948449][T12456] ? __pfx_uart_open+0x10/0x10 [ 468.948464][T12456] uart_open+0x41/0x60 [ 468.948478][T12456] tty_open+0x3dd/0xfa0 [ 468.948525][T12456] ? __pfx_tty_open+0x10/0x10 [ 468.948545][T12456] ? chrdev_open+0x10b/0x6a0 [ 468.948559][T12456] ? chrdev_open+0x10b/0x6a0 [ 468.948577][T12456] ? __pfx_tty_open+0x10/0x10 [ 468.948597][T12456] chrdev_open+0x234/0x6a0 [ 468.948612][T12456] ? __pfx_apparmor_file_open+0x10/0x10 [ 468.948664][T12456] ? __pfx_chrdev_open+0x10/0x10 [ 468.948681][T12456] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 468.948707][T12456] do_dentry_open+0x6d8/0x1660 [ 468.948721][T12456] ? __pfx_chrdev_open+0x10/0x10 [ 468.948741][T12456] vfs_open+0x82/0x3f0 [ 468.948770][T12456] path_openat+0x208c/0x31a0 [ 468.948794][T12456] ? __pfx_path_openat+0x10/0x10 [ 468.948817][T12456] do_file_open+0x20e/0x430 [ 468.948834][T12456] ? __pfx_do_file_open+0x10/0x10 [ 468.948864][T12456] ? alloc_fd+0x476/0x790 [ 468.948882][T12456] ? do_getname+0x191/0x390 [ 468.948901][T12456] do_sys_openat2+0x10d/0x1e0 [ 468.948920][T12456] ? __pfx_do_sys_openat2+0x10/0x10 [ 468.948941][T12456] ? __fget_files+0x21f/0x3d0 [ 468.948958][T12456] __x64_sys_openat+0x12d/0x210 [ 468.948977][T12456] ? __pfx___x64_sys_openat+0x10/0x10 [ 468.949004][T12456] do_syscall_64+0x106/0xf80 [ 468.949021][T12456] ? clear_bhb_loop+0x40/0x90 [ 468.949040][T12456] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 468.949055][T12456] RIP: 0033:0x7efcdbb9c799 [ 468.949069][T12456] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 468.949084][T12456] RSP: 002b:00007efcdcb0f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 468.949100][T12456] RAX: ffffffffffffffda RBX: 00007efcdbe15fa0 RCX: 00007efcdbb9c799 [ 468.949110][T12456] RDX: 0000000000101e81 RSI: 0000200000000400 RDI: ffffffffffffff9c [ 468.949119][T12456] RBP: 00007efcdbc32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 468.949128][T12456] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 468.949138][T12456] R13: 00007efcdbe16038 R14: 00007efcdbe15fa0 R15: 00007fff401a9bf8 [ 468.949158][T12456] [ 470.117330][T12467] Falling back ldisc for pty155. [ 470.244168][T12469] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1786'. [ 471.838322][T12501] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1791'. [ 472.372669][T12509] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1793'. [ 472.439454][T12509] netlink: 354 bytes leftover after parsing attributes in process `syz.3.1793'. [ 475.641714][T12564] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1813'. [ 480.353141][T12632] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1836'. [ 480.381221][T12630] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1835'. [ 481.323345][T12657] futex_wake_op: syz.1.1843 tries to shift op by -2048; fix this program [ 481.442146][T12657] futex_wake_op: syz.1.1843 tries to shift op by -2048; fix this program [ 488.803973][T12770] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1872'. [ 495.992245][ T30] audit: type=1804 audit(4294985796.738:9): pid=12892 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.1904" name="file0" dev="tmpfs" ino=2440 res=1 errno=0 [ 496.136921][ T30] audit: type=1804 audit(4294985796.778:10): pid=12893 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.1904" name="file0" dev="tmpfs" ino=2440 res=1 errno=0 [ 500.928555][T12978] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1927'. [ 500.963883][T12978] netlink: 354 bytes leftover after parsing attributes in process `syz.2.1927'. [ 501.538673][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.548223][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 502.418265][T13009] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1937'. [ 503.543990][T12514] syz.0.1794 (12514) used greatest stack depth: 17496 bytes left [ 503.672639][T13033] FAULT_INJECTION: forcing a failure. [ 503.672639][T13033] name failslab, interval 1, probability 0, space 0, times 0 [ 503.838755][T13033] CPU: 0 UID: 0 PID: 13033 Comm: syz.2.1942 Tainted: G L syzkaller #0 PREEMPT(full) [ 503.838782][T13033] Tainted: [L]=SOFTLOCKUP [ 503.838788][T13033] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 503.838797][T13033] Call Trace: [ 503.838803][T13033] [ 503.838810][T13033] dump_stack_lvl+0x100/0x190 [ 503.838837][T13033] should_fail_ex.cold+0x5/0xa [ 503.838856][T13033] should_failslab+0xc2/0x120 [ 503.838871][T13033] __kmalloc_cache_noprof+0x7a/0x6f0 [ 503.838890][T13033] ? do_signalfd4+0x14e/0x480 [ 503.838912][T13033] do_signalfd4+0x14e/0x480 [ 503.838932][T13033] __x64_sys_signalfd+0x120/0x1a0 [ 503.838949][T13033] ? __pfx___x64_sys_signalfd+0x10/0x10 [ 503.838972][T13033] do_syscall_64+0x106/0xf80 [ 503.838991][T13033] ? clear_bhb_loop+0x40/0x90 [ 503.839009][T13033] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 503.839024][T13033] RIP: 0033:0x7efcdbb9c799 [ 503.839037][T13033] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 503.839052][T13033] RSP: 002b:00007efcdcaee028 EFLAGS: 00000246 ORIG_RAX: 000000000000011a [ 503.839067][T13033] RAX: ffffffffffffffda RBX: 00007efcdbe16090 RCX: 00007efcdbb9c799 [ 503.839076][T13033] RDX: 0000000000000008 RSI: 00002000000000c0 RDI: ffffffffffffffff [ 503.839085][T13033] RBP: 00007efcdbc32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 503.839094][T13033] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 503.839102][T13033] R13: 00007efcdbe16128 R14: 00007efcdbe16090 R15: 00007fff401a9bf8 [ 503.839122][T13033] [ 505.360581][T13050] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1947'. [ 512.432490][T13153] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1974'. [ 512.595120][T13153] veth0_macvtap: left promiscuous mode [ 512.773020][T13153] macvtap0: entered promiscuous mode [ 512.813685][T13153] macvtap0: entered allmulticast mode [ 513.192175][T13161] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1976'. [ 513.434003][T13167] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1979'. [ 513.482237][T13167] netlink: 'syz.3.1979': attribute type 1 has an invalid length. [ 513.520515][T13167] netlink: 'syz.3.1979': attribute type 6 has an invalid length. [ 513.683305][T13165] can0: slcan on ttyS2. [ 514.019289][T13169] can0 (unregistered): slcan off ttyS2. [ 517.491243][ T30] audit: type=1800 audit(4294985818.248:11): pid=13264 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.1996" name="SYSV00000008" dev="tmpfs" ino=0 res=0 errno=0 [ 521.712482][T13340] hugetlbfs: syz.1.2017 (13340): Using mlock ulimits for SHM_HUGETLB is obsolete [ 523.570292][T13373] device-mapper: ioctl: device name cannot contain '/' [ 524.206985][T13386] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2029'. [ 526.713581][T13430] Invalid ELF header magic: != ELF [ 526.832408][ T5825] Bluetooth: hci1: unexpected event 0x32 length: 727 > 9 [ 527.599070][ T5825] Bluetooth: hci2: unexpected event 0x3e length: 508 > 260 [ 527.606216][ T5825] Bluetooth: hci2: unexpected subevent 0x02 length: 507 > 260 [ 527.621921][ T5825] Bluetooth: hci2: Dropping invalid advertising data [ 527.632083][ T5825] Bluetooth: hci2: unknown advertising packet type: 0xe9 [ 527.632106][ T5825] Bluetooth: hci2: Dropping invalid advertising data [ 527.645882][ T5825] Bluetooth: hci2: Malformed LE Event: 0x02 [ 527.790234][T13456] netlink: 306 bytes leftover after parsing attributes in process `syz.1.2054'. [ 528.360981][T13479] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2063'. [ 529.072287][T13494] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2067'. [ 529.104047][T13494] netlink: 'syz.3.2067': attribute type 1 has an invalid length. [ 529.141624][T13494] netlink: 342 bytes leftover after parsing attributes in process `syz.3.2067'. [ 529.605686][T13500] netlink: 504 bytes leftover after parsing attributes in process `syz.3.2070'. [ 530.468541][T13526] netlink: 306 bytes leftover after parsing attributes in process `syz.2.2079'. [ 533.222830][T13572] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2093'. [ 533.303321][T13574] netlink: 354 bytes leftover after parsing attributes in process `syz.1.2093'. [ 536.694960][T13593] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2101'. [ 536.747403][T13593] netlink: 354 bytes leftover after parsing attributes in process `syz.2.2101'. [ 539.825687][T13632] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2108'. [ 540.340340][T13641] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2111'. [ 541.231361][T13656] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2115'. [ 544.255930][ T5825] Bluetooth: hci3: unexpected event 0x32 length: 727 > 9 [ 544.946715][T13708] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2129'. [ 545.369829][T13722] FAULT_INJECTION: forcing a failure. [ 545.369829][T13722] name failslab, interval 1, probability 0, space 0, times 0 [ 545.450999][T13722] CPU: 0 UID: 0 PID: 13722 Comm: syz.2.2135 Tainted: G L syzkaller #0 PREEMPT(full) [ 545.451027][T13722] Tainted: [L]=SOFTLOCKUP [ 545.451032][T13722] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 545.451042][T13722] Call Trace: [ 545.451048][T13722] [ 545.451054][T13722] dump_stack_lvl+0x100/0x190 [ 545.451086][T13722] should_fail_ex.cold+0x5/0xa [ 545.451105][T13722] should_failslab+0xc2/0x120 [ 545.451123][T13722] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 545.451146][T13722] ? security_inode_alloc+0x3b/0x2c0 [ 545.451251][T13722] ? lockdep_init_map_type+0x5c/0x250 [ 545.451275][T13722] security_inode_alloc+0x3b/0x2c0 [ 545.451299][T13722] inode_init_always_gfp+0xced/0x1040 [ 545.451318][T13722] alloc_inode+0x8e/0x250 [ 545.451337][T13722] iget_locked+0x1d9/0x6d0 [ 545.451356][T13722] ? __pfx_iget_locked+0x10/0x10 [ 545.451374][T13722] ? kernfs_root+0xee/0x2a0 [ 545.451394][T13722] ? kernfs_root+0xee/0x2a0 [ 545.451418][T13722] kernfs_get_inode+0x46/0x470 [ 545.451438][T13722] kernfs_iop_lookup+0x1a7/0x2d0 [ 545.451461][T13722] lookup_open.isra.0+0x631/0x11b0 [ 545.451487][T13722] ? __pfx_lookup_open.isra.0+0x10/0x10 [ 545.451512][T13722] ? __pfx___might_resched+0x10/0x10 [ 545.451533][T13722] ? mnt_get_write_access+0x52/0x2f0 [ 545.451556][T13722] ? __pfx_down_write+0x10/0x10 [ 545.451605][T13722] ? mnt_get_write_access+0x1e9/0x2f0 [ 545.451628][T13722] path_openat+0x2291/0x31a0 [ 545.451658][T13722] ? __pfx_path_openat+0x10/0x10 [ 545.451681][T13722] do_file_open+0x20e/0x430 [ 545.451699][T13722] ? __pfx_do_file_open+0x10/0x10 [ 545.451729][T13722] ? alloc_fd+0x476/0x790 [ 545.451746][T13722] ? do_getname+0x191/0x390 [ 545.451766][T13722] do_sys_openat2+0x10d/0x1e0 [ 545.451786][T13722] ? __pfx_do_sys_openat2+0x10/0x10 [ 545.451812][T13722] __x64_sys_openat+0x12d/0x210 [ 545.451832][T13722] ? __pfx___x64_sys_openat+0x10/0x10 [ 545.451858][T13722] do_syscall_64+0x106/0xf80 [ 545.451875][T13722] ? clear_bhb_loop+0x40/0x90 [ 545.451894][T13722] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 545.451909][T13722] RIP: 0033:0x7efcdbb9c799 [ 545.451923][T13722] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 545.451938][T13722] RSP: 002b:00007efcdcb0f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 545.451954][T13722] RAX: ffffffffffffffda RBX: 00007efcdbe15fa0 RCX: 00007efcdbb9c799 [ 545.451964][T13722] RDX: 0000000000183841 RSI: 0000200000000280 RDI: ffffffffffffff9c [ 545.451974][T13722] RBP: 00007efcdbc32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 545.451983][T13722] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 545.451993][T13722] R13: 00007efcdbe16038 R14: 00007efcdbe15fa0 R15: 00007fff401a9bf8 [ 545.452013][T13722] [ 547.837531][T13758] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 549.320240][ T30] audit: type=1800 audit(4294988919.081:12): pid=13795 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.2154" name="SYSV00000008" dev="tmpfs" ino=0 res=0 errno=0 [ 552.262609][T13853] netlink: 330 bytes leftover after parsing attributes in process `syz.0.2170'. [ 552.348364][T13853] mac80211_hwsim hwsim2 : renamed from wlan0 (while UP) [ 552.982563][T13868] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2175'. [ 553.031090][T13868] netlink: 25 bytes leftover after parsing attributes in process `syz.2.2175'. [ 556.803898][T13936] i2c i2c-0: DVB: adapter 0 frontend 0 frequency 0 out of range (51000000..2150000000) [ 557.580962][T13961] Invalid ELF header magic: != ELF [ 560.328112][T14006] openvswitch: netlink: Key type 261 is out of range max 32 [ 561.115077][ T5825] Bluetooth: hci1: unexpected event 0x3e length: 726 > 260 [ 561.115108][ T5825] Bluetooth: hci1: unexpected subevent 0x0d length: 725 > 260 [ 561.131044][ T5825] Bluetooth: hci1: Unknown advertising packet type: 0x7f [ 561.131107][ T5825] Bluetooth: hci1: Malformed LE Event: 0x0d [ 561.781825][T14041] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2222'. [ 561.840002][ T30] audit: type=1326 audit(4294988931.595:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14037 comm="syz.1.2223" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f61b3b9c799 code=0x0 [ 562.705078][T14059] Invalid ELF header magic: != ELF [ 562.994184][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 563.002123][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 563.341884][T14077] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2233'. [ 564.730925][T14110] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 577.177203][T14316] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2311'. [ 584.079253][T14395] bond0: option ad_actor_sys_prio: mode dependency failed, not supported in mode balance-rr(0) [ 584.327890][T14396] warning: `syz.2.2336' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 586.802833][ T30] audit: type=1326 audit(4294988956.542:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14421 comm="syz.2.2343" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7efcdbb9c799 code=0x0 [ 588.295398][T14448] Invalid ELF header magic: != ELF [ 590.218143][T14479] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2358'. [ 591.257362][T14501] FAULT_INJECTION: forcing a failure. [ 591.257362][T14501] name failslab, interval 1, probability 0, space 0, times 0 [ 591.414572][T14501] CPU: 0 UID: 0 PID: 14501 Comm: syz.2.2364 Tainted: G L syzkaller #0 PREEMPT(full) [ 591.414603][T14501] Tainted: [L]=SOFTLOCKUP [ 591.414608][T14501] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 591.414618][T14501] Call Trace: [ 591.414624][T14501] [ 591.414630][T14501] dump_stack_lvl+0x100/0x190 [ 591.414659][T14501] should_fail_ex.cold+0x5/0xa [ 591.414677][T14501] ? tomoyo_supervisor+0x65d/0x1340 [ 591.414766][T14501] should_failslab+0xc2/0x120 [ 591.414784][T14501] __kmalloc_noprof+0xe0/0x850 [ 591.414810][T14501] tomoyo_supervisor+0x65d/0x1340 [ 591.414833][T14501] ? __pfx_tomoyo_supervisor+0x10/0x10 [ 591.414855][T14501] ? tomoyo_realpath_from_path+0x19c/0x690 [ 591.414904][T14501] ? tomoyo_realpath_from_path+0x19c/0x690 [ 591.414921][T14501] ? kfree+0x1f6/0x6b0 [ 591.414941][T14501] ? tomoyo_check_path_number_acl+0x1e6/0x2f0 [ 591.414970][T14501] tomoyo_path_number_perm+0x445/0x580 [ 591.414995][T14501] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 591.415026][T14501] ? do_raw_spin_lock+0x128/0x260 [ 591.415060][T14501] ? find_held_lock+0x2b/0x80 [ 591.415074][T14501] ? __pfx_d_add+0x10/0x10 [ 591.415090][T14501] ? d_alloc+0x176/0x1e0 [ 591.415105][T14501] ? current_check_access_path+0x281/0x460 [ 591.415126][T14501] ? simple_lookup+0x105/0x1d0 [ 591.415151][T14501] tomoyo_path_mknod+0x164/0x190 [ 591.415170][T14501] ? __pfx_tomoyo_path_mknod+0x10/0x10 [ 591.415190][T14501] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 591.415230][T14501] security_path_mknod+0x161/0x300 [ 591.415249][T14501] filename_mknodat+0x241/0x7f0 [ 591.415269][T14501] ? __pfx_filename_mknodat+0x10/0x10 [ 591.415285][T14501] ? strncpy_from_user+0x19d/0x2d0 [ 591.415347][T14501] ? do_getname+0x191/0x390 [ 591.415367][T14501] __x64_sys_mknod+0x8f/0xc0 [ 591.415384][T14501] do_syscall_64+0x106/0xf80 [ 591.415402][T14501] ? clear_bhb_loop+0x40/0x90 [ 591.415421][T14501] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 591.415437][T14501] RIP: 0033:0x7efcdbb9c799 [ 591.415451][T14501] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 591.415466][T14501] RSP: 002b:00007efcdcaee028 EFLAGS: 00000246 ORIG_RAX: 0000000000000085 [ 591.415480][T14501] RAX: ffffffffffffffda RBX: 00007efcdbe16090 RCX: 00007efcdbb9c799 [ 591.415490][T14501] RDX: 0000000000000006 RSI: 0000000000000002 RDI: 0000000000000000 [ 591.415499][T14501] RBP: 00007efcdbc32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 591.415508][T14501] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 591.415517][T14501] R13: 00007efcdbe16128 R14: 00007efcdbe16090 R15: 00007fff401a9bf8 [ 591.415537][T14501] [ 593.510993][T14522] netlink: 25 bytes leftover after parsing attributes in process `syz.2.2369'. [ 595.178906][ T5825] Bluetooth: hci3: unexpected event 0x16 length: 440 > 6 [ 601.731092][T14679] Invalid ELF header magic: != ELF [ 611.370891][T14798] futex_wake_op: syz.0.2440 tries to shift op by -2048; fix this program [ 611.420195][T14798] futex_wake_op: syz.0.2440 tries to shift op by -2048; fix this program [ 614.730506][ T5825] Bluetooth: hci2: unexpected event 0x1c length: 725 > 5 [ 614.843371][T14849] openvswitch: netlink: Multiple metadata blocks provided [ 622.326458][ T5825] Bluetooth: hci3: unexpected event 0x1c length: 725 > 5 [ 622.394757][T14955] openvswitch: netlink: Multiple metadata blocks provided [ 623.736544][T14979] Invalid ELF header magic: != ELF [ 624.453353][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.459786][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 628.714936][T15074] input: jJǸ-9%vJ86 as /devices/virtual/input/input12 [ 629.801893][T15103] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(3) [ 632.994184][ T5879] Process accounting resumed [ 636.522122][T15226] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2543'. [ 636.568306][T15226] netlink: 354 bytes leftover after parsing attributes in process `syz.2.2543'. [ 638.208366][T15266] futex_wake_op: syz.0.2564 tries to shift op by -2048; fix this program [ 638.227966][T15266] futex_wake_op: syz.0.2564 tries to shift op by -2048; fix this program [ 638.550413][T15279] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2567'. [ 638.598202][T15279] netlink: 354 bytes leftover after parsing attributes in process `syz.0.2567'. [ 642.720328][T15341] batman_adv: batadv0: adding TT local entry 00:00:03:00:00:00 to non-existent VLAN 16 [ 644.003475][T15368] netlink: 93 bytes leftover after parsing attributes in process `syz.0.2577'. [ 644.072210][T15365] netlink: 93 bytes leftover after parsing attributes in process `syz.0.2577'. [ 645.047436][T15392] netlink: 'syz.1.2585': attribute type 11 has an invalid length. [ 646.054197][T15403] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2587'. [ 652.174129][ T5825] Bluetooth: hci2: unexpected event 0x23 length: 127 > 13 [ 656.015517][T15609] netlink: 'syz.0.2653': attribute type 11 has an invalid length. [ 657.626931][T15640] Invalid ELF header magic: != ELF [ 660.384224][T15687] netlink: 93 bytes leftover after parsing attributes in process `syz.2.2663'. [ 660.444895][T15690] Invalid ELF header magic: != ELF [ 660.451095][T15685] netlink: 93 bytes leftover after parsing attributes in process `syz.2.2663'. [ 666.508527][T15844] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2703'. [ 671.128791][ T5825] Bluetooth: hci1: unexpected event 0x23 length: 127 > 13 [ 671.675190][T15927] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2725'. [ 671.766721][T15927] netlink: 354 bytes leftover after parsing attributes in process `syz.3.2725'. [ 674.839365][T15992] Invalid ELF header magic: != ELF [ 675.293622][T15997] FAULT_INJECTION: forcing a failure. [ 675.293622][T15997] name failslab, interval 1, probability 0, space 0, times 0 [ 675.362029][T15997] CPU: 0 UID: 0 PID: 15997 Comm: syz.2.2741 Tainted: G L syzkaller #0 PREEMPT(full) [ 675.362056][T15997] Tainted: [L]=SOFTLOCKUP [ 675.362062][T15997] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 675.362071][T15997] Call Trace: [ 675.362077][T15997] [ 675.362084][T15997] dump_stack_lvl+0x100/0x190 [ 675.362114][T15997] should_fail_ex.cold+0x5/0xa [ 675.362133][T15997] should_failslab+0xc2/0x120 [ 675.362151][T15997] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 675.362173][T15997] ? security_inode_alloc+0x3b/0x2c0 [ 675.362207][T15997] ? lockdep_init_map_type+0x5c/0x250 [ 675.362231][T15997] security_inode_alloc+0x3b/0x2c0 [ 675.362255][T15997] inode_init_always_gfp+0xced/0x1040 [ 675.362274][T15997] alloc_inode+0x8e/0x250 [ 675.362293][T15997] path_from_stashed+0x25b/0x750 [ 675.362308][T15997] ? do_raw_spin_unlock+0x145/0x1e0 [ 675.362332][T15997] ns_get_path+0x60/0x80 [ 675.362347][T15997] proc_ns_get_link+0x121/0x230 [ 675.362369][T15997] ? __pfx_proc_ns_get_link+0x10/0x10 [ 675.362390][T15997] ? atime_needs_update+0x8b/0x6b0 [ 675.362412][T15997] pick_link+0xd17/0x13c0 [ 675.362433][T15997] ? __pfx_proc_ns_get_link+0x10/0x10 [ 675.362455][T15997] step_into_slowpath+0x9ba/0xf90 [ 675.362480][T15997] ? __pfx_step_into_slowpath+0x10/0x10 [ 675.362500][T15997] ? find_held_lock+0x2b/0x80 [ 675.362520][T15997] path_openat+0xf95/0x31a0 [ 675.362541][T15997] ? __pfx_path_openat+0x10/0x10 [ 675.362563][T15997] do_file_open+0x20e/0x430 [ 675.362579][T15997] ? __pfx_do_file_open+0x10/0x10 [ 675.362607][T15997] ? alloc_fd+0x476/0x790 [ 675.362623][T15997] ? do_getname+0x191/0x390 [ 675.362642][T15997] do_sys_openat2+0x10d/0x1e0 [ 675.362661][T15997] ? __pfx_do_sys_openat2+0x10/0x10 [ 675.362682][T15997] ? __fget_files+0x21f/0x3d0 [ 675.362699][T15997] __x64_sys_openat+0x12d/0x210 [ 675.362718][T15997] ? __pfx___x64_sys_openat+0x10/0x10 [ 675.362744][T15997] do_syscall_64+0x106/0xf80 [ 675.362763][T15997] ? clear_bhb_loop+0x40/0x90 [ 675.362782][T15997] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 675.362800][T15997] RIP: 0033:0x7efcdbb5cfce [ 675.362814][T15997] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 675.362830][T15997] RSP: 002b:00007efcdcb0eec8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 675.362844][T15997] RAX: ffffffffffffffda RBX: 00007efcdcb0f6c0 RCX: 00007efcdbb5cfce [ 675.362854][T15997] RDX: 0000000000000002 RSI: 00007efcdcb0ef90 RDI: ffffffffffffff9c [ 675.362863][T15997] RBP: 00007efcdbc32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 675.362872][T15997] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 675.362880][T15997] R13: 00007efcdbe16038 R14: 00007efcdbe15fa0 R15: 00007fff401a9bf8 [ 675.362899][T15997] [ 677.892287][T16047] Invalid ELF header magic: != ELF [ 679.077141][T16055] Invalid ELF header magic: != ELF [ 683.718159][T16159] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(12) [ 683.988921][T16165] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2780'. [ 684.916836][T16180] Invalid ELF header magic: != ELF [ 685.921869][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 685.928305][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 686.161788][T16184] can: request_module (can-proto-3) failed. [ 688.672084][T16260] bridge0: port 4(gretap0) entered blocking state [ 688.698206][T16260] bridge0: port 4(gretap0) entered disabled state [ 688.738289][T16260] gretap0: entered allmulticast mode [ 688.768710][T16260] gretap0: entered promiscuous mode [ 690.380632][ T5825] Bluetooth: hci1: hcon ffff8880328d8000 sent 0 < count 256 [ 691.347934][ T30] audit: type=1800 audit(4294990084.030:15): pid=16331 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.2821" name="file0" dev="tmpfs" ino=3767 res=0 errno=0 [ 692.324361][T16344] FAULT_INJECTION: forcing a failure. [ 692.324361][T16344] name failslab, interval 1, probability 0, space 0, times 0 [ 692.373431][T16344] CPU: 0 UID: 0 PID: 16344 Comm: syz.2.2824 Tainted: G L syzkaller #0 PREEMPT(full) [ 692.373458][T16344] Tainted: [L]=SOFTLOCKUP [ 692.373464][T16344] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 692.373473][T16344] Call Trace: [ 692.373478][T16344] [ 692.373485][T16344] dump_stack_lvl+0x100/0x190 [ 692.373512][T16344] should_fail_ex.cold+0x5/0xa [ 692.373531][T16344] should_failslab+0xc2/0x120 [ 692.373546][T16344] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 692.373567][T16344] ? security_inode_alloc+0x3b/0x2c0 [ 692.373590][T16344] ? lockdep_init_map_type+0x5c/0x250 [ 692.373612][T16344] security_inode_alloc+0x3b/0x2c0 [ 692.373633][T16344] inode_init_always_gfp+0xced/0x1040 [ 692.373652][T16344] alloc_inode+0x8e/0x250 [ 692.373670][T16344] path_from_stashed+0x25b/0x750 [ 692.373686][T16344] ? do_raw_spin_unlock+0x145/0x1e0 [ 692.373710][T16344] ns_get_path+0x60/0x80 [ 692.373725][T16344] proc_ns_get_link+0x121/0x230 [ 692.373745][T16344] ? __pfx_proc_ns_get_link+0x10/0x10 [ 692.373766][T16344] ? atime_needs_update+0x8b/0x6b0 [ 692.373788][T16344] pick_link+0xd17/0x13c0 [ 692.373809][T16344] ? __pfx_proc_ns_get_link+0x10/0x10 [ 692.373831][T16344] step_into_slowpath+0x9ba/0xf90 [ 692.373856][T16344] ? __pfx_step_into_slowpath+0x10/0x10 [ 692.373877][T16344] ? find_held_lock+0x2b/0x80 [ 692.373896][T16344] path_openat+0xf95/0x31a0 [ 692.373917][T16344] ? __pfx_path_openat+0x10/0x10 [ 692.373939][T16344] do_file_open+0x20e/0x430 [ 692.373955][T16344] ? __pfx_do_file_open+0x10/0x10 [ 692.373983][T16344] ? alloc_fd+0x476/0x790 [ 692.373999][T16344] ? do_getname+0x191/0x390 [ 692.374018][T16344] do_sys_openat2+0x10d/0x1e0 [ 692.374037][T16344] ? __pfx_do_sys_openat2+0x10/0x10 [ 692.374057][T16344] ? __fget_files+0x21f/0x3d0 [ 692.374083][T16344] __x64_sys_openat+0x12d/0x210 [ 692.374103][T16344] ? __pfx___x64_sys_openat+0x10/0x10 [ 692.374130][T16344] do_syscall_64+0x106/0xf80 [ 692.374149][T16344] ? clear_bhb_loop+0x40/0x90 [ 692.374167][T16344] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 692.374182][T16344] RIP: 0033:0x7efcdbb5cfce [ 692.374196][T16344] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 692.374213][T16344] RSP: 002b:00007efcdcb0eec8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 692.374228][T16344] RAX: ffffffffffffffda RBX: 00007efcdcb0f6c0 RCX: 00007efcdbb5cfce [ 692.374239][T16344] RDX: 0000000000000002 RSI: 00007efcdcb0ef90 RDI: ffffffffffffff9c [ 692.374248][T16344] RBP: 00007efcdbc32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 692.374258][T16344] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 692.374266][T16344] R13: 00007efcdbe16038 R14: 00007efcdbe15fa0 R15: 00007fff401a9bf8 [ 692.374286][T16344] [ 695.094265][T16391] openvswitch: HfR: Dropping previously announced user features [ 695.164505][T16391] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2834'. [ 695.254373][T16391] HfR: left promiscuous mode [ 695.532751][ T5825] Bluetooth: hci0: Received unexpected HCI Event 0x00 [ 695.642422][T16398] netlink: 17 bytes leftover after parsing attributes in process `syz.2.2836'. [ 697.132132][T16435] Invalid ELF header magic: != ELF [ 698.239904][T16450] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2851'. [ 698.538469][T16450] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 698.569056][T16450] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 698.712523][T16450] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 698.755190][T16450] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 699.571402][T16478] FAULT_INJECTION: forcing a failure. [ 699.571402][T16478] name failslab, interval 1, probability 0, space 0, times 0 [ 699.676517][T16478] CPU: 0 UID: 0 PID: 16478 Comm: syz.2.2859 Tainted: G L syzkaller #0 PREEMPT(full) [ 699.676556][T16478] Tainted: [L]=SOFTLOCKUP [ 699.676561][T16478] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 699.676571][T16478] Call Trace: [ 699.676575][T16478] [ 699.676582][T16478] dump_stack_lvl+0x100/0x190 [ 699.676611][T16478] should_fail_ex.cold+0x5/0xa [ 699.676629][T16478] ? security_inode_init_security+0x113/0x370 [ 699.676649][T16478] should_failslab+0xc2/0x120 [ 699.676664][T16478] __kmalloc_noprof+0xe0/0x850 [ 699.676690][T16478] security_inode_init_security+0x113/0x370 [ 699.676709][T16478] ? __pfx_shmem_initxattrs+0x10/0x10 [ 699.676750][T16478] ? __pfx_security_inode_init_security+0x10/0x10 [ 699.676772][T16478] ? make_vfsgid+0xf1/0x140 [ 699.676794][T16478] shmem_mknod+0x2bf/0x470 [ 699.676815][T16478] ? __pfx_shmem_mknod+0x10/0x10 [ 699.676840][T16478] vfs_create+0x301/0x6c0 [ 699.676862][T16478] filename_mknodat+0x2de/0x7f0 [ 699.676881][T16478] ? __pfx_filename_mknodat+0x10/0x10 [ 699.676897][T16478] ? strncpy_from_user+0x19d/0x2d0 [ 699.676923][T16478] ? do_getname+0x191/0x390 [ 699.676942][T16478] __x64_sys_mknod+0x8f/0xc0 [ 699.676958][T16478] do_syscall_64+0x106/0xf80 [ 699.676976][T16478] ? clear_bhb_loop+0x40/0x90 [ 699.676994][T16478] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 699.677009][T16478] RIP: 0033:0x7efcdbb9c799 [ 699.677022][T16478] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 699.677037][T16478] RSP: 002b:00007efcdcaee028 EFLAGS: 00000246 ORIG_RAX: 0000000000000085 [ 699.677053][T16478] RAX: ffffffffffffffda RBX: 00007efcdbe16090 RCX: 00007efcdbb9c799 [ 699.677063][T16478] RDX: 0000000000000009 RSI: 0000000000000002 RDI: 0000000000000000 [ 699.677071][T16478] RBP: 00007efcdbc32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 699.677080][T16478] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 699.677088][T16478] R13: 00007efcdbe16128 R14: 00007efcdbe16090 R15: 00007fff401a9bf8 [ 699.677108][T16478] [ 700.761827][T16503] Invalid ELF header magic: != ELF [ 701.062597][T16506] netlink: 'syz.2.2866': attribute type 2 has an invalid length. [ 702.431803][ T5825] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 702.442013][ T5825] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci1/hci1:0' [ 702.453032][ T5825] CPU: 0 UID: 0 PID: 5825 Comm: kworker/u9:2 Tainted: G L syzkaller #0 PREEMPT(full) [ 702.453059][ T5825] Tainted: [L]=SOFTLOCKUP [ 702.453064][ T5825] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 702.453099][ T5825] Workqueue: hci1 hci_rx_work [ 702.453189][ T5825] Call Trace: [ 702.453195][ T5825] [ 702.453201][ T5825] dump_stack_lvl+0x100/0x190 [ 702.453226][ T5825] sysfs_warn_dup.cold+0x1c/0x28 [ 702.453252][ T5825] sysfs_create_dir_ns+0x24b/0x2b0 [ 702.453273][ T5825] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 702.453292][ T5825] ? find_held_lock+0x2b/0x80 [ 702.453307][ T5825] ? kobject_add_internal+0x25f/0x930 [ 702.453378][ T5825] ? kobject_add_internal+0x25f/0x930 [ 702.453400][ T5825] ? do_raw_spin_unlock+0x145/0x1e0 [ 702.453424][ T5825] kobject_add_internal+0x2c8/0x930 [ 702.453448][ T5825] kobject_add+0x16a/0x1e0 [ 702.453469][ T5825] ? __pfx_kobject_add+0x10/0x10 [ 702.453487][ T5825] ? class_to_subsys+0x10f/0x150 [ 702.453547][ T5825] ? kobject_put+0xb9/0x640 [ 702.453565][ T5825] ? _raw_spin_unlock+0x28/0x50 [ 702.453587][ T5825] device_add+0x294/0x1950 [ 702.453623][ T5825] ? __pfx_dev_set_name+0x10/0x10 [ 702.453672][ T5825] ? __pfx_device_add+0x10/0x10 [ 702.453686][ T5825] ? mgmt_send_event_skb+0x2fb/0x460 [ 702.453733][ T5825] hci_conn_add_sysfs+0x1a3/0x260 [ 702.453776][ T5825] le_conn_complete_evt+0x11cb/0x1f40 [ 702.453824][ T5825] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 702.453839][ T5825] ? __pfx_bt_warn+0x10/0x10 [ 702.453872][ T5825] hci_le_conn_complete_evt+0x23c/0x3a0 [ 702.453889][ T5825] ? skb_pull_data+0x15f/0x1e0 [ 702.453970][ T5825] hci_le_meta_evt+0x34a/0x5f0 [ 702.454009][ T5825] ? __pfx_hci_le_conn_complete_evt+0x10/0x10 [ 702.454028][ T5825] hci_event_packet+0x682/0x11c0 [ 702.454044][ T5825] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 702.454062][ T5825] ? __pfx_hci_event_packet+0x10/0x10 [ 702.454080][ T5825] ? kcov_remote_start+0x374/0x660 [ 702.454095][ T5825] ? lockdep_hardirqs_on+0x78/0x100 [ 702.454117][ T5825] hci_rx_work+0x451/0xfc0 [ 702.454136][ T5825] process_one_work+0x9d7/0x1920 [ 702.454172][ T5825] ? __pfx_process_one_work+0x10/0x10 [ 702.454200][ T5825] ? __pfx_hci_rx_work+0x10/0x10 [ 702.454218][ T5825] worker_thread+0x5da/0xe40 [ 702.454247][ T5825] ? __pfx_worker_thread+0x10/0x10 [ 702.454271][ T5825] ? kthread+0x13a/0x450 [ 702.454292][ T5825] ? __pfx_worker_thread+0x10/0x10 [ 702.454312][ T5825] kthread+0x370/0x450 [ 702.454330][ T5825] ? __pfx_kthread+0x10/0x10 [ 702.454349][ T5825] ret_from_fork+0x754/0xd80 [ 702.454380][ T5825] ? __pfx_ret_from_fork+0x10/0x10 [ 702.454402][ T5825] ? rcu_is_watching+0x12/0xc0 [ 702.454425][ T5825] ? __switch_to+0x7b4/0x1120 [ 702.454442][ T5825] ? __pfx_kthread+0x10/0x10 [ 702.454462][ T5825] ret_from_fork_asm+0x1a/0x30 [ 702.454488][ T5825] [ 702.454511][ T5825] kobject: kobject_add_internal failed for hci1:0 with -EEXIST, don't try to register things with the same name in the same directory. [ 702.757413][ T5825] Bluetooth: hci1: failed to register connection device [ 702.816982][T16535] Invalid ELF header magic: != ELF [ 704.006713][T16566] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2886'. [ 704.150722][T16570] Invalid ELF header magic: != ELF [ 704.551893][T16582] HfR: entered promiscuous mode [ 704.612758][T16582] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2889'. [ 704.657695][T16582] HfR: left promiscuous mode [ 704.808691][T16588] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2891'. [ 704.846580][T16588] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 704.884074][T16588] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 704.930580][T16588] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 704.965970][T16588] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 705.917670][T16608] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2896'. [ 706.406666][T16626] Invalid ELF header magic: != ELF [ 707.298330][T16636] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2903'. [ 707.345668][T16636] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 707.373674][T16636] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 707.456958][T16636] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 707.505096][T16636] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 708.622217][T16663] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2910'. [ 709.923206][T16689] netlink: 25 bytes leftover after parsing attributes in process `syz.2.2917'. [ 710.115516][T16695] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2919'. [ 710.166148][T16695] netlink: 354 bytes leftover after parsing attributes in process `syz.3.2919'. [ 710.459776][T16707] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2921'. [ 712.330165][T16741] Invalid ELF header magic: != ELF [ 712.404969][T16743] netlink: 'syz.1.2932': attribute type 1 has an invalid length. [ 714.098061][T16774] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2940'. [ 715.927734][T16808] Invalid ELF header magic: != ELF [ 716.613210][T16820] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2949'. [ 717.404871][T16835] netlink: 330 bytes leftover after parsing attributes in process `syz.1.2953'. [ 717.645812][T16835] mac80211_hwsim hwsim6 : renamed from wlan0 (while UP) [ 722.879540][T16889] can: request_module (can-proto-3) failed. [ 725.177770][T16943] netlink: 'syz.3.2980': attribute type 1 has an invalid length. [ 726.491961][T16966] futex_wake_op: syz.2.2986 tries to shift op by -2048; fix this program [ 726.548768][T16966] futex_wake_op: syz.2.2986 tries to shift op by -2048; fix this program [ 726.621657][T16966] 0x000000000001-0x000000020000 : "" [ 726.703513][T16966] ftl_cs: FTL header corrupt! [ 728.049250][T16985] can: request_module (can-proto-3) failed. [ 728.184699][T16960] can: request_module (can-proto-3) failed. [ 729.314151][T17024] random: crng reseeded on system resumption [ 729.470979][T17026] hub 1-0:1.0: USB hub found [ 729.548996][T17026] hub 1-0:1.0: 1 port detected [ 730.739036][T17042] Invalid ELF header magic: != ELF [ 731.066823][T17039] can: request_module (can-proto-3) failed. [ 732.233784][T17073] netlink: 'syz.0.3012': attribute type 1 has an invalid length. [ 732.477978][T17079] netlink: 'syz.2.3013': attribute type 64 has an invalid length. [ 732.514971][T17079] netlink: 74 bytes leftover after parsing attributes in process `syz.2.3013'. [ 733.189106][T17093] Invalid ELF header magic: != ELF [ 733.677956][T17089] can: request_module (can-proto-3) failed. [ 734.970975][T17118] bond0: no command found in slaves file - use +ifname or -ifname [ 737.610158][T16538] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 737.763638][ T5831] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18 [ 737.771187][ T5831] Bluetooth: hci2: Invalid handle: 0x3a4a > 0x0eff [ 738.978036][T17184] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3039'. [ 740.643260][T17214] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3046'. [ 742.084063][T17253] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3057'. [ 742.231973][T17262] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3058'. [ 743.156135][T17280] Invalid ELF header magic: != ELF [ 743.944655][T17301] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3070'. [ 744.241935][T17284] can: request_module (can-proto-3) failed. [ 744.323805][T17307] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3071'. [ 746.960184][T17350] can: request_module (can-proto-3) failed. [ 746.962068][T17366] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3087'. [ 747.116140][T17373] Invalid ELF header magic: != ELF [ 747.324395][T17377] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3089'. [ 747.398698][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 747.405605][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 747.731205][T17389] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3092'. [ 748.400071][T17395] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3094'. [ 750.783796][T17433] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3100'. [ 750.813216][T17432] tipc: Started in network mode [ 750.870751][T17432] tipc: Node identity ffffffff, cluster identity 4711 [ 750.904437][T17432] tipc: Node number set to 4294967295 [ 751.241732][T17442] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3103'. [ 751.747511][T17465] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3110'. [ 752.754782][T17466] tipc: can't start tipc receive workqueue [ 754.091712][T17499] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 754.099090][T17499] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 754.113533][T17499] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 754.125975][T17499] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 754.132768][T17499] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 754.145305][T17499] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 754.151372][T17499] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 754.159719][T17499] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 754.167860][T17499] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 754.174773][T17499] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 754.180786][T17499] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 754.363717][T17513] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3128'. [ 755.472954][T16538] Bluetooth: hci0: command 0x0406 tx timeout [ 755.787512][T17546] Invalid ELF header magic: != ELF [ 756.193533][T16538] Bluetooth: hci3: command 0x0406 tx timeout [ 756.199613][T16538] Bluetooth: hci1: command 0x0406 tx timeout [ 756.205672][ T5831] Bluetooth: hci2: command 0x0406 tx timeout [ 757.486398][T17572] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3134'. [ 757.562820][T16538] Bluetooth: hci0: command 0x0406 tx timeout [ 758.274591][T16538] Bluetooth: hci1: command 0x0406 tx timeout [ 758.280608][T16538] Bluetooth: hci2: command 0x0406 tx timeout [ 758.286929][ T5825] Bluetooth: hci3: command 0x0406 tx timeout [ 758.677973][T17601] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3142'. [ 759.074045][T17588] can: request_module (can-proto-3) failed. [ 759.370206][T17589] can: request_module (can-proto-3) failed. [ 759.639815][T16538] Bluetooth: hci0: command 0x0406 tx timeout [ 760.355670][T16538] Bluetooth: hci1: command 0x0406 tx timeout [ 761.181983][T17665] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3157'. [ 761.623823][T17678] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3162'. [ 762.211221][T17695] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3167'. [ 762.436491][T16538] Bluetooth: hci1: command 0x0406 tx timeout [ 763.253682][T17726] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3176'. [ 763.673773][T17740] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3179'. [ 764.234750][T17746] can: request_module (can-proto-3) failed. [ 764.772146][T17778] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3189'. [ 766.827029][T17824] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3201'. [ 767.241287][T17837] Invalid ELF header magic: != ELF [ 767.401760][T17838] Invalid ELF header magic: != ELF [ 767.829494][T17846] futex_wake_op: syz.3.3206 tries to shift op by -2048; fix this program [ 767.904953][T17846] futex_wake_op: syz.3.3206 tries to shift op by -2048; fix this program [ 768.874325][T17865] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3210'. [ 769.106450][T17871] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3212'. [ 769.752432][T17883] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3215'. [ 771.251074][T17924] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3225'. [ 771.270317][T17905] futex_wake_op: syz.3.3218 tries to shift op by -2048; fix this program [ 771.691039][T17917] can: request_module (can-proto-3) failed. [ 773.131758][T17960] can: request_module (can-proto-3) failed. [ 773.416690][T17969] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3235'. [ 773.514720][T17978] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3236'. [ 774.048012][T17994] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3242'. [ 774.700269][T17989] can: request_module (can-proto-3) failed. [ 775.635753][T18028] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3251'. [ 775.660698][T18025] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3249'. [ 776.911560][T16538] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 777.717525][T18077] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3263'. [ 778.298080][T18068] can: request_module (can-proto-3) failed. [ 778.924745][ T5831] Bluetooth: hci3: command 0x0406 tx timeout [ 779.455282][T18111] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3268'. [ 780.114272][T18128] misc userio: Invalid payload size [ 781.008315][ T5831] Bluetooth: hci3: command 0x0406 tx timeout [ 781.802693][T18165] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3283'. [ 782.767834][T18163] can: request_module (can-proto-3) failed. [ 783.635975][T18216] Invalid ELF header magic: != ELF [ 783.810640][T18221] Invalid ELF header magic: != ELF [ 786.106816][T18269] can: request_module (can-proto-3) failed. [ 786.124640][T18280] Invalid ELF header magic: != ELF [ 786.296374][T18288] Invalid ELF header magic: != ELF [ 787.618328][T18310] mkiss: ax0: crc mode is auto. [ 787.862979][ T30] audit: type=1804 audit(4294991203.492:16): pid=18322 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.3320" name="file0" dev="tmpfs" ino=4714 res=1 errno=0 [ 787.982257][ T30] audit: type=1804 audit(4294991203.532:17): pid=18326 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.3320" name="file0" dev="tmpfs" ino=4714 res=1 errno=0 [ 789.325319][T18345] Invalid ELF header magic: != ELF [ 789.914782][T18360] Invalid ELF header magic: != ELF [ 790.669421][T18371] Console: switching to colour VGA+ 80x25 [ 790.904902][T18376] Invalid ELF header magic: != ELF [ 792.140655][T18409] Invalid ELF header magic: != ELF [ 792.209809][T18416] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3340'. [ 792.478070][T18422] Invalid ELF header magic: != ELF [ 793.761595][T18460] Invalid ELF header magic: != ELF [ 793.993578][T18465] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3354'. [ 794.296940][T18471] Invalid ELF header magic: != ELF [ 794.678746][T18479] Invalid ELF header magic: != ELF [ 795.294987][T18491] Invalid ELF header magic: != ELF [ 796.242556][T18515] Invalid ELF header magic: != ELF [ 796.690514][T18526] Invalid ELF header magic: != ELF [ 796.721955][T18525] Invalid ELF header magic: != ELF [ 796.998484][T18514] can: request_module (can-proto-3) failed. [ 798.879157][T18569] FAULT_INJECTION: forcing a failure. [ 798.879157][T18569] name failslab, interval 1, probability 0, space 0, times 0 [ 799.018361][T18569] CPU: 0 UID: 0 PID: 18569 Comm: syz.2.3379 Tainted: G L syzkaller #0 PREEMPT(full) [ 799.018389][T18569] Tainted: [L]=SOFTLOCKUP [ 799.018395][T18569] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 799.018404][T18569] Call Trace: [ 799.018409][T18569] [ 799.018416][T18569] dump_stack_lvl+0x100/0x190 [ 799.018446][T18569] should_fail_ex.cold+0x5/0xa [ 799.018466][T18569] should_failslab+0xc2/0x120 [ 799.018483][T18569] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 799.018505][T18569] ? __kernfs_new_node+0xd2/0x960 [ 799.018531][T18569] __kernfs_new_node+0xd2/0x960 [ 799.018553][T18569] ? __pfx___kernfs_new_node+0x10/0x10 [ 799.018578][T18569] ? find_held_lock+0x2b/0x80 [ 799.018601][T18569] ? kernfs_root+0xee/0x2a0 [ 799.018621][T18569] ? kernfs_root+0xee/0x2a0 [ 799.018646][T18569] kernfs_new_node+0x11b/0x1a0 [ 799.018672][T18569] __kernfs_create_file+0x53/0x350 [ 799.018692][T18569] sysfs_add_file_mode_ns+0x207/0x3c0 [ 799.018717][T18569] sysfs_merge_group+0x194/0x340 [ 799.018738][T18569] ? __pfx_sysfs_merge_group+0x10/0x10 [ 799.018762][T18569] ? __pfx_dev_add_physical_location+0x10/0x10 [ 799.018880][T18569] ? bus_to_subsys+0x114/0x150 [ 799.018901][T18569] dpm_sysfs_add+0x237/0x280 [ 799.018966][T18569] device_add+0x9ef/0x1950 [ 799.018983][T18569] ? __pfx_device_add+0x10/0x10 [ 799.018999][T18569] ? lockdep_init_map_type+0x5c/0x250 [ 799.019018][T18569] ? __init_waitqueue_head+0xca/0x150 [ 799.019044][T18569] netdev_register_kobject+0x1a9/0x3d0 [ 799.019105][T18569] register_netdevice+0x12e0/0x2210 [ 799.019158][T18569] ? idr_alloc+0xdd/0x130 [ 799.019178][T18569] ? __pfx_register_netdevice+0x10/0x10 [ 799.019196][T18569] ? net_generic+0xea/0x2a0 [ 799.019257][T18569] ppp_dev_configure+0x986/0xcb0 [ 799.019280][T18569] ppp_ioctl+0x985/0x2800 [ 799.019297][T18569] ? irqentry_exit+0x180/0x670 [ 799.019316][T18569] ? lockdep_hardirqs_on+0x78/0x100 [ 799.019335][T18569] ? __pfx_ppp_ioctl+0x10/0x10 [ 799.019360][T18569] ? __pfx_ppp_ioctl+0x10/0x10 [ 799.019378][T18569] __x64_sys_ioctl+0x18e/0x210 [ 799.019404][T18569] do_syscall_64+0x106/0xf80 [ 799.019421][T18569] ? clear_bhb_loop+0x40/0x90 [ 799.019440][T18569] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 799.019455][T18569] RIP: 0033:0x7efcdbb9c799 [ 799.019469][T18569] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 799.019484][T18569] RSP: 002b:00007efcdcb0f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 799.019499][T18569] RAX: ffffffffffffffda RBX: 00007efcdbe15fa0 RCX: 00007efcdbb9c799 [ 799.019517][T18569] RDX: 0000000000000000 RSI: 00000000c004743e RDI: 000000000000000d [ 799.019526][T18569] RBP: 00007efcdbc32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 799.019536][T18569] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 799.019545][T18569] R13: 00007efcdbe16038 R14: 00007efcdbe15fa0 R15: 00007fff401a9bf8 [ 799.019566][T18569] [ 799.585566][T18582] Invalid ELF header magic: != ELF [ 799.685587][T18558] can: request_module (can-proto-3) failed. [ 800.622890][T18607] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3388'. [ 800.753522][T18594] can: request_module (can-proto-3) failed. [ 801.818395][T18620] can: request_module (can-proto-3) failed. [ 801.911479][T18642] tipc: Started in network mode [ 801.971661][T18642] tipc: Node identity ffffffff, cluster identity 4711 [ 802.039863][T18642] tipc: Node number set to 4294967295 [ 802.384699][T18657] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3400'. [ 802.714062][T18666] Invalid ELF header magic: != ELF [ 802.879504][T18676] Invalid ELF header magic: != ELF [ 804.459695][T18710] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3413'. [ 805.273977][T18711] can: request_module (can-proto-3) failed. [ 805.282217][T18728] Invalid ELF header magic: != ELF [ 805.919634][T18742] Invalid ELF header magic: != ELF [ 806.502363][T18760] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3423'. [ 806.605895][T18763] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3424'. [ 807.752228][T18796] Invalid ELF header magic: != ELF [ 807.792363][T18780] can: request_module (can-proto-3) failed. [ 808.769833][T18808] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3435'. [ 808.868813][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 808.879845][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 808.961286][T18814] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3436'. [ 809.012844][T18814] netlink: 354 bytes leftover after parsing attributes in process `syz.2.3436'. [ 809.190284][T18816] netlink: 186 bytes leftover after parsing attributes in process `syz.1.3437'. [ 810.234495][T18845] Invalid ELF header magic: != ELF [ 810.391869][T18850] Invalid ELF header magic: != ELF [ 811.647764][T18871] Invalid ELF header magic: != ELF [ 813.462478][T18903] Invalid ELF header magic: != ELF [ 814.397259][T18930] Invalid ELF header magic: != ELF [ 814.522056][T18935] Invalid ELF header magic: != ELF [ 816.198094][T16538] Bluetooth: hci2: unexpected event 0x13 length: 440 > 260 [ 816.446908][T18977] Invalid ELF header magic: != ELF [ 817.143580][T18990] Invalid ELF header magic: != ELF [ 818.566848][T19014] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3473'. [ 818.660850][T19019] Invalid ELF header magic: != ELF [ 819.907879][T19049] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3483'. [ 820.835935][T19064] can: request_module (can-proto-3) failed. [ 820.915860][T19082] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3490'. [ 821.283779][T19091] Invalid ELF header magic: != ELF [ 821.895705][T19099] Invalid ELF header magic: != ELF [ 822.300100][T19108] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3497'. [ 823.753069][T19141] Invalid ELF header magic: != ELF [ 824.310992][T19149] Invalid ELF header magic: != ELF [ 824.800999][T19154] Invalid ELF header magic: != ELF [ 826.042686][T19166] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3510'. [ 827.568421][T19196] Invalid ELF header magic: != ELF [ 827.691453][T19187] can: request_module (can-proto-3) failed. [ 828.267209][T19207] Invalid ELF header magic: != ELF [ 828.287023][T19209] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3520'. [ 829.120593][T19225] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3522'. [ 831.087158][T19258] Invalid ELF header magic: != ELF [ 832.170423][T19269] Invalid ELF header magic: != ELF [ 832.877141][T19282] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3534'. [ 833.304409][T19293] Invalid ELF header magic: != ELF [ 835.432326][T19332] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3546'. [ 836.016138][T19349] Invalid ELF header magic: != ELF [ 836.730733][T19360] Invalid ELF header magic: != ELF [ 838.166021][T19373] can: request_module (can-proto-3) failed. [ 839.270005][T19400] Invalid ELF header magic: != ELF [ 839.426979][T19404] Invalid ELF header magic: != ELF [ 840.621418][T19409] can: request_module (can-proto-3) failed. [ 841.743069][T19436] Invalid ELF header magic: != ELF [ 842.424419][T19435] can: request_module (can-proto-3) failed. [ 842.818334][T19448] Invalid ELF header magic: != ELF [ 844.060170][T19477] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3574'. [ 845.070614][T19495] Invalid ELF header magic: != ELF [ 846.663596][T19517] Invalid ELF header magic: != ELF [ 848.973440][T16538] block nbd0: Receive control failed (result -32) [ 849.517094][T19563] Invalid ELF header magic: != ELF [ 849.611565][T19566] Invalid ELF header magic: != ELF [ 849.648461][T19571] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3595'. [ 850.172687][T19581] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3597'. [ 851.242299][T19603] Invalid ELF header magic: != ELF [ 852.349327][T19622] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3606'. [ 852.414209][T19627] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3605'. [ 853.037631][ T30] audit: type=1800 audit(4294991268.640:18): pid=19641 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.3610" name="dbroot" dev="configfs" ino=77524 res=0 errno=0 [ 853.175216][T19644] Invalid ELF header magic: != ELF [ 853.935477][T19663] Invalid ELF header magic: != ELF [ 854.553271][T19675] Invalid ELF header magic: != ELF [ 855.208528][T19688] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3620'. [ 855.354598][T19688] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 855.424474][T19688] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 855.525039][T19688] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 855.568918][T19688] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 855.758876][T19684] bond0: invalid ARP target specified [ 855.806534][T19697] Invalid ELF header magic: != ELF [ 857.282657][T19723] Invalid ELF header magic: != ELF [ 857.356345][T19725] Invalid ELF header magic: != ELF [ 857.585600][T19731] pci 0000:00:01.0: [8086:7110] type 00 class 0x060100 conventional PCI endpoint [ 857.626956][T19734] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3629'. [ 858.630481][T19746] Invalid ELF header magic: != ELF [ 859.342767][T19744] can: request_module (can-proto-3) failed. [ 859.745465][T19772] Invalid ELF header magic: != ELF [ 859.884006][T19780] Invalid ELF header magic: != ELF [ 859.902210][T19781] Invalid ELF header magic: != ELF [ 860.109522][T19788] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3638'. [ 860.513476][T19793] dmxdev: DVB (dvb_dmxdev_filter_start): could not set feed [ 860.543704][T19793] dvb_demux: dvb_demux_feed_del: feed not in list (type=1 state=0 pid=ffff) [ 860.856088][T19799] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 860.866076][T19797] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3640'. [ 860.880182][T19799] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 860.905891][T19799] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 860.911932][T19799] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 861.309632][T19817] Invalid ELF header magic: != ELF [ 861.762807][T19825] Invalid ELF header magic: != ELF [ 862.002922][T19818] can: request_module (can-proto-3) failed. [ 862.469905][T19835] Invalid ELF header magic: != ELF [ 862.858346][T19842] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3649'. [ 862.893026][ T5831] Bluetooth: hci2: command 0x0406 tx timeout [ 862.899811][T16538] Bluetooth: hci0: command 0x0406 tx timeout [ 862.967090][ T5831] Bluetooth: hci3: command 0x0406 tx timeout [ 862.973124][ T5831] Bluetooth: hci1: command 0x0406 tx timeout [ 863.270569][T19850] Invalid ELF header magic: != ELF [ 864.071231][T19867] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3653'. [ 864.367418][T19871] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3654'. [ 865.134409][T19892] Invalid ELF header magic: != ELF [ 865.223311][T19894] Invalid ELF header magic: != ELF [ 865.374708][T19899] Invalid ELF header magic: != ELF [ 865.838717][T19905] Invalid ELF header magic: != ELF [ 866.807295][T19919] Invalid ELF header magic: != ELF [ 866.981128][T19922] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3667'. [ 867.921612][T19945] Invalid ELF header magic: != ELF [ 868.437150][T19957] Invalid ELF header magic: != ELF [ 869.152835][T19965] Invalid ELF header magic: != ELF [ 869.670964][T19977] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3680'. [ 870.333793][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 870.340173][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 871.838186][T20023] Invalid ELF header magic: != ELF [ 872.740831][T20030] can: request_module (can-proto-3) failed. [ 873.380815][T20029] can: request_module (can-proto-3) failed. [ 873.389676][T20048] Invalid ELF header magic: != ELF [ 873.628810][T20054] Invalid ELF header magic: != ELF [ 874.605859][T20074] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3702'. [ 875.209232][T20085] kvm: kvm [20083]: vcpu2, guest rIP: 0xfff0 Unhandled WRMSR(0xc1) = 0x2 [ 875.893559][T20089] can: request_module (can-proto-3) failed. [ 876.820098][T20123] Invalid ELF header magic: != ELF [ 876.880137][T20125] Invalid ELF header magic: != ELF [ 876.972123][T20129] Invalid ELF header magic: != ELF [ 877.219519][T20130] Process accounting resumed [ 878.257795][T20150] Invalid ELF header magic: != ELF [ 878.519038][T20156] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3722'. [ 879.972311][T20168] can: request_module (can-proto-3) failed. [ 880.041684][T20185] Invalid ELF header magic: != ELF [ 882.330389][T20220] can: request_module (can-proto-3) failed. [ 882.656722][ T5831] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 883.533470][T20233] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3735'. [ 883.732025][T20244] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3737'. [ 884.380648][T20251] Invalid ELF header magic: != ELF [ 884.739268][T16538] Bluetooth: hci1: command 0x0406 tx timeout [ 885.481371][T20269] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3744'. [ 886.821903][T20286] Bluetooth: hci1: command 0x0406 tx timeout [ 887.018760][T20294] can: request_module (can-proto-3) failed. [ 888.051794][T20311] can: request_module (can-proto-3) failed. [ 888.181023][ T5831] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 888.680437][T20327] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3755'. [ 889.339441][T20338] FAULT_INJECTION: forcing a failure. [ 889.339441][T20338] name failslab, interval 1, probability 0, space 0, times 0 [ 889.407837][T20338] CPU: 0 UID: 0 PID: 20338 Comm: syz.2.3759 Tainted: G L syzkaller #0 PREEMPT(full) [ 889.407863][T20338] Tainted: [L]=SOFTLOCKUP [ 889.407869][T20338] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 889.407878][T20338] Call Trace: [ 889.407884][T20338] [ 889.407890][T20338] dump_stack_lvl+0x100/0x190 [ 889.407921][T20338] should_fail_ex.cold+0x5/0xa [ 889.407941][T20338] should_failslab+0xc2/0x120 [ 889.407958][T20338] __kmalloc_cache_noprof+0x7a/0x6f0 [ 889.407979][T20338] ? vidtv_psi_pmt_stream_init+0x4e/0x3e0 [ 889.408080][T20338] ? vidtv_psi_pmt_table_init+0x363/0x430 [ 889.408099][T20338] vidtv_psi_pmt_stream_init+0x4e/0x3e0 [ 889.408118][T20338] vidtv_channel_si_init+0x1289/0x18d0 [ 889.408167][T20338] vidtv_mux_init+0x526/0xbf0 [ 889.408189][T20338] vidtv_start_feed+0x33e/0x4c0 [ 889.408235][T20338] ? __pfx_vidtv_start_feed+0x10/0x10 [ 889.408259][T20338] ? __pfx_vidtv_bridge_on_new_pkts_avail+0x10/0x10 [ 889.408287][T20338] ? mark_held_locks+0x40/0x70 [ 889.408310][T20338] ? __pfx_vidtv_start_feed+0x10/0x10 [ 889.408332][T20338] dmx_ts_feed_start_filtering+0xf6/0x220 [ 889.408390][T20338] dvb_dmxdev_start_feed+0x273/0x3f0 [ 889.408435][T20338] dvb_dmxdev_filter_start+0x1b6/0xdd0 [ 889.408460][T20338] ? dvb_dmxdev_add_pid+0x2a1/0x380 [ 889.408485][T20338] dvb_demux_do_ioctl+0xe64/0x1200 [ 889.408514][T20338] dvb_usercopy+0x167/0x340 [ 889.408533][T20338] ? __pfx_dvb_demux_do_ioctl+0x10/0x10 [ 889.408556][T20338] ? __pfx_dvb_usercopy+0x10/0x10 [ 889.408584][T20338] ? __fget_files+0x21f/0x3d0 [ 889.408602][T20338] dvb_demux_ioctl+0x29/0x40 [ 889.408622][T20338] ? __pfx_dvb_demux_ioctl+0x10/0x10 [ 889.408642][T20338] __x64_sys_ioctl+0x18e/0x210 [ 889.408672][T20338] do_syscall_64+0x106/0xf80 [ 889.408694][T20338] ? clear_bhb_loop+0x40/0x90 [ 889.408714][T20338] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 889.408730][T20338] RIP: 0033:0x7efcdbb9c799 [ 889.408744][T20338] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 889.408758][T20338] RSP: 002b:00007efcdcb0f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 889.408774][T20338] RAX: ffffffffffffffda RBX: 00007efcdbe15fa0 RCX: 00007efcdbb9c799 [ 889.408783][T20338] RDX: 0000000000000000 RSI: 0000000040146f2c RDI: 0000000000000002 [ 889.408793][T20338] RBP: 00007efcdbc32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 889.408802][T20338] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 889.408810][T20338] R13: 00007efcdbe16038 R14: 00007efcdbe15fa0 R15: 00007fff401a9bf8 [ 889.408832][T20338] [ 889.408891][T20338] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] SMP KASAN PTI [ 889.676444][T20338] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] [ 889.684842][T20338] CPU: 0 UID: 0 PID: 20338 Comm: syz.2.3759 Tainted: G L syzkaller #0 PREEMPT(full) [ 889.695761][T20338] Tainted: [L]=SOFTLOCKUP [ 889.700071][T20338] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 889.710127][T20338] RIP: 0010:vidtv_psi_desc_assign+0x24/0x90 [ 889.716023][T20338] Code: 90 90 90 90 90 90 0f 1f 40 d6 41 54 55 48 89 f5 53 48 89 fb e8 5d 0a dc f9 48 89 da 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <80> 3c 02 00 75 4c 4c 8b 23 49 39 ec 74 36 e8 39 0a dc f9 4d 85 e4 [ 889.735634][T20338] RSP: 0018:ffffc90003877a10 EFLAGS: 00010247 [ 889.741695][T20338] RAX: dffffc0000000000 RBX: 0000000000000005 RCX: ffffc9000d551000 [ 889.749649][T20338] RDX: 0000000000000000 RSI: ffffffff882c0543 RDI: 0000000000000005 [ 889.757600][T20338] RBP: ffff888037acc540 R08: 0000000000000000 R09: 4453534204050000 [ 889.765550][T20338] R10: 0000000000000005 R11: ffffffff82736854 R12: 0000000000000000 [ 889.773501][T20338] R13: ffff888034524600 R14: ffff888021359ea0 R15: ffff888029a3a100 [ 889.781474][T20338] FS: 00007efcdcb0f6c0(0000) GS:ffff88812434f000(0000) knlGS:0000000000000000 [ 889.790391][T20338] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 889.796964][T20338] CR2: 00007efcdcaedff8 CR3: 0000000064b42000 CR4: 00000000003526f0 [ 889.804940][T20338] Call Trace: [ 889.808205][T20338] [ 889.811119][T20338] vidtv_channel_si_init+0x12fc/0x18d0 [ 889.816576][T20338] vidtv_mux_init+0x526/0xbf0 [ 889.821240][T20338] vidtv_start_feed+0x33e/0x4c0 [ 889.826080][T20338] ? __pfx_vidtv_start_feed+0x10/0x10 [ 889.831446][T20338] ? __pfx_vidtv_bridge_on_new_pkts_avail+0x10/0x10 [ 889.838222][T20338] ? mark_held_locks+0x40/0x70 [ 889.842976][T20338] ? __pfx_vidtv_start_feed+0x10/0x10 [ 889.848348][T20338] dmx_ts_feed_start_filtering+0xf6/0x220 [ 889.854070][T20338] dvb_dmxdev_start_feed+0x273/0x3f0 [ 889.859365][T20338] dvb_dmxdev_filter_start+0x1b6/0xdd0 [ 889.864833][T20338] ? dvb_dmxdev_add_pid+0x2a1/0x380 [ 889.870043][T20338] dvb_demux_do_ioctl+0xe64/0x1200 [ 889.875156][T20338] dvb_usercopy+0x167/0x340 [ 889.879663][T20338] ? __pfx_dvb_demux_do_ioctl+0x10/0x10 [ 889.885245][T20338] ? __pfx_dvb_usercopy+0x10/0x10 [ 889.890279][T20338] ? __fget_files+0x21f/0x3d0 [ 889.894963][T20338] dvb_demux_ioctl+0x29/0x40 [ 889.899556][T20338] ? __pfx_dvb_demux_ioctl+0x10/0x10 [ 889.904831][T20338] __x64_sys_ioctl+0x18e/0x210 [ 889.909588][T20338] do_syscall_64+0x106/0xf80 [ 889.914168][T20338] ? clear_bhb_loop+0x40/0x90 [ 889.918835][T20338] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 889.924711][T20338] RIP: 0033:0x7efcdbb9c799 [ 889.929109][T20338] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 889.948702][T20338] RSP: 002b:00007efcdcb0f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 889.957116][T20338] RAX: ffffffffffffffda RBX: 00007efcdbe15fa0 RCX: 00007efcdbb9c799 [ 889.965082][T20338] RDX: 0000000000000000 RSI: 0000000040146f2c RDI: 0000000000000002 [ 889.973046][T20338] RBP: 00007efcdbc32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 889.981012][T20338] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 889.988975][T20338] R13: 00007efcdbe16038 R14: 00007efcdbe15fa0 R15: 00007fff401a9bf8 [ 889.997011][T20338] [ 890.000026][T20338] Modules linked in: [ 890.004629][T20338] ---[ end trace 0000000000000000 ]--- SYZFAIL: failed to send rpc fd=3 want=56 sent=0 n=-1 (errno 32: Broken pipe) [ 891.458895][T11656] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 891.516492][T20338] RIP: 0010:vidtv_psi_desc_assign+0x24/0x90 [ 891.545491][T11656] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 891.556442][T20338] Code: 90 90 90 90 90 90 0f 1f 40 d6 41 54 55 48 89 f5 53 48 89 fb e8 5d 0a dc f9 48 89 da 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <80> 3c 02 00 75 4c 4c 8b 23 49 39 ec 74 36 e8 39 0a dc f9 4d 85 e4 [ 891.621177][T20338] RSP: 0018:ffffc90003877a10 EFLAGS: 00010247 [ 891.627257][T20338] RAX: dffffc0000000000 RBX: 0000000000000005 RCX: ffffc9000d551000 [ 891.654870][T20338] RDX: 0000000000000000 RSI: ffffffff882c0543 RDI: 0000000000000005 [ 891.666575][T11656] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 891.693964][T11656] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 891.704928][T20338] RBP: ffff888037acc540 R08: 0000000000000000 R09: 4453534204050000 [ 891.721041][T20338] R10: 0000000000000005 R11: ffffffff82736854 R12: 0000000000000000 [ 891.729035][T20338] R13: ffff888034524600 R14: ffff888021359ea0 R15: ffff888029a3a100 [ 891.797857][T20338] FS: 00007efcdcb0f6c0(0000) GS:ffff88812434f000(0000) knlGS:0000000000000000 [ 891.808776][T11656] netdevsim netdevsim1335 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 891.844189][T20338] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 891.850788][T20338] CR2: 00007f9f89fcaff8 CR3: 0000000064b42000 CR4: 00000000003526f0 [ 891.923855][T20338] Kernel panic - not syncing: Fatal exception [ 891.930000][T20338] Kernel Offset: disabled [ 891.934311][T20338] Rebooting in 86400 seconds..