last executing test programs: 9.850670198s ago: executing program 1 (id=288): write$auto(0xffffffffffffffff, 0x0, 0x100000a3d9) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) r0 = socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) io_uring_setup$auto(0xf0, &(0x7f0000000180)={0x6, 0x18, 0xd64, 0xc852, 0x6, 0x7, r0, [0x1, 0x401, 0x1000], {0x7, 0x5, 0x1, 0x4, 0x95, 0xf4c, 0x7fff, 0xfffffffb, 0x65f29f6d}, {0x3, 0xadc, 0x10000, 0x0, 0x5, 0xffffffff, 0x1000, 0x54f, 0x5}}) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) close_range$auto(0x2, 0xa, 0x0) socket(0xa, 0x2, 0x0) r1 = socket(0xa, 0x3, 0xff) connect$auto(r1, &(0x7f00000018c0)=@generic={0xa}, 0x55) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7fffffe) write$auto_proc_mem_operations_base(0xffffffffffffffff, &(0x7f0000001680), 0x0) syz_clone3(0x0, 0x0) madvise$auto(0x1ffff000, 0x7, 0x100000000) mmap$auto(0x0, 0x400008, 0xb, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) mremap$auto(0x0, 0x4, 0x4, 0x7, 0x100000000) io_uring_setup$auto(0x2, &(0x7f0000000080)={0x80000003, 0x9, 0x4002, 0x6, 0x4, 0x8, 0xffffffffffffffff, [], {0x9, 0x6, 0xf, 0x29f, 0x100, 0x7f, 0x101, 0x4000006, 0x2000}, {0x100, 0x1, 0x52, 0x5, 0x1, 0x40, 0x104, 0x8, 0x100000000}}) syz_clone(0x1002000, 0x0, 0x0, 0x0, 0x0, 0x0) futex_wake$auto(0x0, 0x5, 0x4, 0xa) futex_wake$auto(&(0x7f0000000000)="facff2b53ab3522cb329b5a87bdbc091f5a6ad597f2789e870d64db4cf6503135f5a750abc973b65703b664991ab45d13445d9c4df1d25210345f44468854c9689b943d1c65073bf11fd0c98fb48f9f4d67c0908e7470167", 0xfffffffffffffff8, 0xfff, 0x7f) sysfs$auto(0x2, 0x20, 0x0) shmget$auto(0x8, 0x10563, 0x568d1af2) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/event2\x00', 0x20081, 0x0) mmap$auto(0x0, 0x2000a, 0x10000000000e1, 0xeb2, 0x401, 0x8000) 9.850530835s ago: executing program 2 (id=289): socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/platform/vidtv.0/i2c-0/dvb/dvb0.dvr0/uevent\x00', 0x183800, 0x0) r0 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, r0, 0x8000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x2020009, 0x4, 0x200000ffff, 0xfffffffffffffffa, 0x8000) r1 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/pagetypeinfo\x00', 0x43102, 0x0) read$auto_proc_iter_file_ops_compat_inode(r1, &(0x7f0000000180)=""/178, 0xb2) io_uring_setup$auto(0x59, 0x0) ioctl$auto_RTC_UIE_ON(0xffffffffffffffff, 0x7003, 0x4) socket(0x15, 0x5, 0x0) syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000040), 0xffffffffffffffff) r2 = pidfd_open$auto(0x1, 0x5) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) syz_clone3(&(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, {0x27}, 0x0, 0x0, 0x0, 0x0, 0x0, {r2}}, 0x58) clone$auto(0x9001, 0x5, 0xffffffffffffffff, 0xfffffffffffffffc, 0x5) r3 = socket(0xa, 0x5, 0x0) getsockopt$auto(r3, 0x84, 0x24, 0x0, 0x0) syz_genetlink_get_family_id$auto_seg6(&(0x7f0000000040), r3) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0x80000, 0x0) ioctl$auto_USB_RAW_IOCTL_RUN(r2, 0x5501, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nbd12\x00', 0x6600, 0x0) 9.655226585s ago: executing program 3 (id=291): openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/loop0\x00', 0x6c602, 0x0) openat$auto_debugfs_full_proxy_file_operations_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/ieee80211/phy1/netdev:wlan1/hw_queues\x00', 0x80800, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sda\x00', 0x8001, 0x0) ioctl$auto(r0, 0x1263, r0) r1 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/domain_policy\x00', 0x40802, 0x0) read$auto(r1, &(0x7f00000000c0)='N\xd5\f\xb9GC*(,\x80\xc4bAL\xa3`\xb1\xf2\xe7\xc0/\xff', 0x100000001) write$auto(r1, &(0x7f0000000040)='S\x00\x00\x00\xfe\xff\xff\xff', 0x8587) mmap$auto(0x0, 0x400007, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) r2 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x80080, 0x0) mmap$auto(0x0, 0x420009, 0xdf, 0xeb1, 0x401, 0x8000) prctl$auto_PR_SET_VMA(0x53564d41, 0x0, 0x0, 0x8002, 0x2) prctl$auto_PR_SET_VMA(0x53564d41, 0x0, 0x0, 0x5, 0x0) fcntl$auto_F_WRLCK(r2, 0x3ff, 0x1) r3 = openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dri/card1\x00', 0x0, 0x0) ioctl$auto(r3, 0x64c6, 0xffffffffffffffff) close_range$auto(0x2, 0x8, 0x0) r4 = gettid() kill$auto(r4, 0x11) mmap$auto(0x0, 0x20008, 0xdf, 0x80eb1, 0x401, 0x9) close_range$auto(0x2, 0x8, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) mmap$auto_tracing_buffers_fops_trace(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x2000005, 0x8e051, 0xffffffffffffffff, 0x9) init_module$auto(0x0, 0xffff9, 0x0) r5 = openat$auto_buffer_subbuf_size_fops_trace(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/tracing/buffer_subbuf_size_kb\x00', 0x2401, 0x0) write$auto(r5, &(0x7f0000000280)='9\x00d1L\xf0\x15\xba\xa17=(\x18\xdd\xff\xec\v\xb5^\xa1/[vv\x19\x00\x7f0\xa30\xc7\x9d\x1f]\xf8\xe04\xe7s\x9a\xd3H\xd3F\x819+\x90S\x10\xb2\b\xf8)\xe4IU\t\xb8\r\x9a\x8e\'Q\xfb\xb5I\x0f\x96;\xc7\\2V\x01g\xf8\xce\xbb\x9d\xa2c2\x00\x7f\xa1:\ax\xbc\x17\xde\x0e<\x00\x00\x00\x00\x00\x00\x00\x06\xc8\xf4\xdf\xcc\x9b\xd7D\xd7ARq', 0x40) 8.231436378s ago: executing program 2 (id=293): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mtdblock0\x00', 0x14f602, 0x0) r1 = openat$auto_buffer_subbuf_size_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/tracing/buffer_subbuf_size_kb\x00', 0x2, 0x0) read$auto_buffer_subbuf_size_fops_trace(r1, 0x0, 0x0) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x0) madvise$auto(0x0, 0xffffffffffff0001, 0x15) madvise$auto(0x0, 0x2000040080000004, 0xe) write$auto(r0, 0x0, 0x10007c) syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) setsockopt$auto(0xffffffffffffffff, 0x114, 0x8, 0x0, 0x4) r2 = gettid() mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) socket(0xa, 0x1, 0x84) io_uring_setup$auto(0x6, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x1, 0x84) sendto$auto(0x3, 0x0, 0x2000f, 0x101, &(0x7f0000000000)=@in={0x2, 0x4e22, @rand_addr=0x64010100}, 0x1c) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) connect$auto(0x3, &(0x7f00000018c0)=@in={0x2, 0x300, @loopback=0xac14140a}, 0x55) setsockopt$auto(0x3, 0x1, 0x20, 0x0, 0x9) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) getrlimit$auto(0x8, 0x0) r3 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) ioctl$auto_BLKZEROOUT(r3, 0x127f, 0x0) kill$auto(r2, 0x7) syz_clone3(&(0x7f0000000380)={0x4081080, 0x0, 0x0, 0x0, {0x37}, 0x0, 0x0, 0x0, 0x0}, 0x58) socket$nl_generic(0x10, 0x3, 0x10) 7.717151225s ago: executing program 0 (id=294): syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = socket(0xa, 0x2, 0x3a) r1 = socket(0xa, 0x3, 0x3a) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/007/001\x00', 0xa901, 0x0) ioctl$auto(r0, 0x40045527, 0xffffffffffffffff) r2 = socket(0x15, 0x5, 0x0) bind$auto(r2, &(0x7f0000000100)=@in={0x2, 0x3, @remote}, 0x68) sendmsg$auto(r2, 0x0, 0x0) r3 = socket(0x15, 0x5, 0x0) getsockopt$auto(r3, 0x114, 0x2715, 0xfffffffffffffffc, 0x0) write$auto(0x3, 0x0, 0xfffffdef) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r4 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/loop6\x00', 0x0, 0x0) ioctl$auto_SG_GET_RESERVED_SIZE(r4, 0x4c03, 0x0) openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000000000), 0xc0402, 0x0) socket(0x1e, 0x1, 0x0) openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f00000000c0), 0x82080, 0x0) r5 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) pidfd_open$auto(0x1, 0x80) openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/tracing/trace_pipe\x00', 0x20c01, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0xa, 0xd3e, 0x1, 0x7, 0x4, 0x95f4da0a, 0xfffd, 0x1, 0x6, 0x80000001, 0x7, 0x8006d3f, 0x1, 0x6, 0xfffffffffffffffe]}, 0x0) write$auto(r5, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) r6 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), r3) sendmsg$auto_NL80211_CMD_SET_POWER_SAVE(r1, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x38, r6, 0x200, 0x70bd2c, 0x25dfdbfe, {}, [@NL80211_ATTR_SSID={0x24, 0x34, "29c75929b8c85fe20e98c03d55e99f6343a1a56d8ea3bd504ac49eb007286bb7"}]}, 0x38}}, 0x20000091) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x8000000000001ff, 0x20000000007, 0x41, 0xbc3, 0x800, 0x3, 0x510, 0xc, 0x400000000003, 0x8, 0x0, 0x6fba, 0x6, 0x8000, 0xffffffffffffff81, 0x6]}, 0x0) 7.703666057s ago: executing program 3 (id=295): syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) r0 = socket(0x25, 0x1, 0x0) sendto$auto(r0, 0x0, 0x0, 0x0, 0x0, 0x3) r1 = openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000140), 0x180b03, 0x0) mmap$auto(0x20000, 0x400008, 0x3, 0x9b72, 0xffffffffffffffff, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) fallocate$auto(r1, 0x1, 0x2, 0x6657) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0x1, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x5, 0xd, 0x8fd6, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x9, 0x9, 0x80000001, 0x7, 0x1, 0x9, 0x1000000000000001, 0x1]}, 0x0) socket(0xa, 0x4, 0x0) mmap$auto(0x0, 0x9, 0x3ff57696, 0x9b72, 0x2, 0x0) sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x14}, 0x1, 0x0, 0x0, 0x20008000}, 0x10004010) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4004810}, 0x20000800) sendmmsg$auto(0x3, 0x0, 0x3, 0x0) write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) msync$auto(0x1ffff000, 0x1800000000000fe, 0x400000004) ioctl$auto(0x3, 0x2287, 0xffffffffffffffff) close_range$auto(0x2, 0x8, 0x0) openat$auto_proc_mem_operations_base(0xffffffffffffff9c, 0x0, 0x401, 0x0) msync$auto(0x1, 0x9, 0xfffffff7) madvise$auto(0x0, 0x20200, 0x15) prctl$auto(0x43, 0x17, 0x0, 0x0, 0x0) prctl$auto(0x43, 0x0, 0x0, 0x0, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'virt_wifi0\x00'}) socket(0x10, 0x2, 0x4) 7.377757369s ago: executing program 1 (id=296): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/module/zswap/parameters/compressor\x00', 0xc0002, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0x9000000eb1, 0xfffffffffffffffa, 0x8000) getrlimit$auto(0x3, 0x0) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/ram1\x00', 0x6281, 0x0) ioctl$auto_BLKZEROOUT(r1, 0x127f, 0x0) r2 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) ioctl$auto_SNDCTL_DSP_SPEED(r2, 0xc0045002, 0x0) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x40009, 0xe2, 0x9b72, 0x7, 0x28000) openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, &(0x7f00000011c0), 0xa2741, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/vtconsole/vtcon1/bind\x00', 0x182b02, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) r3 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda1\x00', 0xe6e43, 0x0) ioctl$auto_BLKFLSBUF(r3, 0x1261, 0x0) lseek$auto(0x3, 0xffffffffff800002, 0x10) ioctl$auto_BLKFLSBUF(r3, 0x1261, 0x0) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x9}, 0x8) unshare$auto(0x40000080) write$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, &(0x7f0000000000)="b2", 0x1) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv6/neigh/bond_slave_1/ucast_solicit\x00', 0x101202, 0x0) write$auto_ocfs2_control_fops_stack_user(r0, &(0x7f0000003900)='\t', 0x1) r4 = openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000001c80)='/dev/fb0\x00', 0x20401, 0x0) ioctl$auto(r4, 0x40044620, 0xffffffffffffffff) r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/module/apparmor/parameters/lock_policy\x00', 0x82, 0x0) sendfile$auto(r5, r5, 0x0, 0x5) getsockopt$auto_SO_MAX_PACING_RATE(r4, 0x87, 0x2f, &(0x7f0000000040)='&-\x00', &(0x7f0000000080)=0x1c) 6.96958891s ago: executing program 2 (id=297): waitid$auto(0x8, 0xffffffffffffffff, &(0x7f0000000100)={@siginfo_0_0={0x5, 0x98, 0x10, @_timer={0x0, 0x40002, @sival_int=0xa, 0x2}}}, 0x3, 0x0) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) preadv2$auto(r0, &(0x7f0000000280)={0x0, 0x80000000}, 0x6, 0x3, 0x4, 0x2e) ioctl$auto_BLKFLSBUF(r0, 0x1261, 0x0) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, 0x0, 0x42, 0x0) mmap$auto(0x0, 0x202000a, 0x5, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$auto_VHOST_SET_BACKEND_FEATURES(r1, 0x4008af25, 0x0) mmap$auto(0x4, 0xa00006, 0x2, 0x100000000040eb1, 0x602, 0x300000000000) rseq$auto(&(0x7f0000000580)={0x5, 0x85, 0x9416, 0x1, 0x7, 0x6, "551e7285968d8e86bd4794a0e875ee9f7b35db28d0a7e72b7a19039c336389cb57a05ba0582cc612c6c0be4beb4cc54d8337d40c93638ba34c4a0435c32a206e808194584d8c359d418662d18943a5e3c6234e712a096205457b56f0a1e5d4d19835696295a54f38117d9d751e23b5fb61daa5a6b2c75148106dc167a20061e3fe55cc53ffadf62b0945da4b27515a0102a8d2d002a842362b4744b8972a5e11e8a6aab89c7b85947f3901d696d459641aa7e6b89b73387ec5fa2d2af6c992213d82c5774c4bcd4187585bcf652af094e988e75002e01f607abf5e25ae0f5548fd13175b681fc059c1f9160aef893bae78cf6cf62c30fa3f0c5c60cbe383a9c0cc1289519b0c7cff81cc3b4fec739fad19c662b0f98d607b61d825d10e2dd3b27b0f7a6b1adc5a452f344c39da5f086ea7c5d99674ca69c4f5635776e67c151bad72f906cd65231da3a55d6056e23b00686723714fabd752f3e2c86dafdee9d379230c0abeabfde9cf88cae099f3ccc76ea7e64a3734ced5ffe749a8012db53ad4d6a5e347bdd83bb409c1bdb762f4aba145df74833d73ccd583797d4fb4ed3e0c7c29d502aacaef02e114d9e60ca6b0bcb28f825f5d49e94ccd2f830933c39a3ba3782505453e3de872ad8da84a6a22aaa62970428bb9a95d1817dbeeded1c53c5d508dea6cc53d80153b05f954c263278bb9c8bc02f3b1805dd9299dc8b97ebff0165d615ba7bf5ce8c490f4dd273642a18267b0a61a594cb1d608f3dffb292991ea32bb647a6f9b951f283e118dc73b45843b5aa883410e402e3bec9ba889ec237462042cedaed761cca0c3b7058d3ffc276c9a75e18b79804f4e21650d911edbedb9fedd31959a8783b1e39d7d6408554bddb2a5d67703d225fe4422bf2367ca483e77fe479495be3235f4c77b3872a9e33946d2602486b83e84e7d8d1742d369e2d00b9dbb552385502c0f597b3615bed54de65af106b58d2b6bebbdd3fe625152527af965b67e9424da7be2e2574e1492aed568d4faaa9da508e0a2e687876fa291e38b7c3ef38643e2c49e0d46d0f2d53352da2f184c4ced2305865ab0ad1435644419773ea82336ffdf62dd325a6a8b2d199d96dba8a13bb5a86ff65b80818ceb37ee8a2b2a8813b33e474e5b110e1ed13dbc4f52efabbce38935a8ada53a0ed5a1a01453a254a1dc528492159591aa192ff6cfa0b372caf236c78d1a0c94dc37916746358b4cf3cc1c0132657818ce6465e58936dbf5991dfb74ff97382c066ba0ceb06ac4f0c005e4c9166e94161bc08e1c23df7ed3419b10ae229aa6bafb19e6af003c9e319956723d839dc50a7edd8d80bce971ba504e0aac811d76e65acffdc4f7e9836396ba98b824be6cc704c59f5849642b191437a5cf902fc1ac491e8c59241586c6791b282b5cfae57eb7e6792048c4769b5b3f21987ec5097e530fd001da5d2999db4ded708225e9a53a2b48d2be3401a063da3c19168769eccaef710d7c2e06818bb05c4a9aa0ce2785a5a6d2846bac9836f1905a9b042029dcc59d918450b6affb522fbf78116941c5cef4ecb82a2134ee8e67ea6091170b67bfc3abec9e2cfc8208d4ba3bb732230fe6a9470c1152ebdc31bbce93cb742b4484bc1cef4298ce897a36c7e8b3ef8bd1b0e3d4dfa46da8bf89b06d67d8a5da465e8f68f999ec38ef8d1b7972125d2d8492680f6698419313afb74b5f715c90aa5ca0a6ea5561acd89a25d0fd066234b1752d6535251be347d8e69afea162f0ae84aa08a1a5475e6860af5956babe0530b6349e918fa97f14e6a83f7e2054c85ec37424757c49c6b76a889cde8473eebc495ac1088fda54f5c70bb17ef4873bf7b524ae892cd8267adfcd1e7054ac0c8b904855f816cbab8a6c5332d2221060b97931130187e1f07b0b9fad917c06f56d3f9fbca9d0ad93c300d88a6025359eb609e86c2b604d6834cde1351ccb0ba238715d6a77953f58b23a78db05bc38cf1e47d5336226a966af0a88fa19b4d"}, 0x6, 0x3, 0xff) socket(0x2c, 0x80003, 0x0) unshare$auto(0x40000080) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r2, 0x0, 0x100000a3d9) socket(0x2b, 0x1, 0x0) ioctl$auto(0x3, 0x8905, 0x38) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) io_uring_setup$auto(0x1, 0x0) close_range$auto(0x2, 0xa, 0x0) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000240)='/sys/kernel/mm/mempolicy/weighted_interleave/node0\x00', 0xa001, 0x0) write$auto(r3, &(0x7f0000000180)='1\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0xfdf1) lstat$auto(0x0, 0x0) mmap$auto(0x0, 0x2020009, 0x6, 0xeb1, 0xfffffffffffffffa, 0x8000) 6.404240405s ago: executing program 0 (id=298): mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) madvise$auto(0x110c230000, 0x1, 0x9) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) process_vm_readv$auto(0x0, 0x0, 0x1, 0x0, 0x6, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f2, 0x15) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0x23, 0x4, 0xfffffffe) socket(0xa, 0x3, 0x84) r0 = openat$auto_stat_fops_per_vm_kvm_main(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/kvm/halt_poll_fail_hist\x00', 0xa2500, 0x0) read$auto_stat_fops_per_vm_kvm_main(r0, 0x0, 0x0) r1 = openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000001a00)='/dev/binderfs/binder0\x00', 0x0, 0x0) ioctl$auto_BINDER_GET_NODE_INFO_FOR_REF(r1, 0xc018620c, 0x0) mmap$auto(0x0, 0x20009, 0xfffffffffffffffd, 0xeb1, 0x6, 0x8000) move_pages$auto(0x1, 0x20007, 0x0, 0x0, 0x0, 0x8000000000000000) socket(0x1d, 0x1, 0x7fff) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_tracing_entries_fops_trace(0xffffffffffffff9c, 0x0, 0x1, 0x0) write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/system/node/node1/compact\x00', 0xc2481, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) io_uring_setup$auto(0x9e6, 0x0) r4 = socket(0x1d, 0x2, 0x6) setsockopt$auto(r4, 0x6a, 0x5, 0x0, 0x3) writev$auto(r3, &(0x7f0000000080)={&(0x7f0000000040), 0x1000}, 0x3) 6.039423589s ago: executing program 3 (id=299): openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/event2\x00', 0x40040, 0x0) mmap$auto(0x0, 0x2020009, 0x100003, 0x9000000eb1, 0xfffffffffffffffa, 0x0) socket(0xf, 0x9, 0x4002) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'veth1_to_bridge\x00'}) fsconfig$auto(0xffffffffffffffff, 0x3, &(0x7f0000000000)='Q**\x00', &(0x7f0000000040), 0x0) ioctl$auto_USBDEVFS_BULK(0xffffffffffffffff, 0xc0185502, &(0x7f0000000040)={0xff, 0x0, 0x4, &(0x7f0000000240)="0b8f0e0cf70208832a5a133cfd711cd05cd3502af0e1c9850b4a5db894e644a4c0d958456d5541730f5279158d68ad030056e353784094bb0e571ccaede4a4aeab78082f70605b76ed6f9436cb432ec8d9fca2116cb74315abbcf1a23f05bb28dbe14475916ac2d6fb0f065d48fd1a83ca0ce97422e897a5ca187f13e7bde31988b4045c69179d8cc1bd668f287ea2f8ac77c2699313cd7c288940f47882f40f6810c0b277bf9648cd6286b58907b5731a0dfccadc4890fb699dcb3bfe7442655ac4f0fc7813578d"}) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4}, 0x400c000) write$auto(0xffffffffffffffff, 0x0, 0x2fb) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) r1 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, 0x0, 0x0, 0x0) lseek$auto(r1, 0x7fd, 0x1) sendfile$auto(0x1, 0xffffffffffffffff, 0x0, 0x400007ffff000) bpf$auto(0x7, &(0x7f0000000780)=@link_update={0xa, @new_map_fd=0x5, 0x4007, @old_prog_fd=r1}, 0xa3) set_mempolicy$auto(0x6, 0x0, 0x21) pidfd_open$auto(0x1, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) setfsuid$auto(0xee00) write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) r3 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/domain_policy\x00', 0x40802, 0x0) read$auto(r3, 0x0, 0xb4d3) write$auto(0x3, 0x0, 0x8) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) 5.086172304s ago: executing program 1 (id=300): mmap$auto(0x0, 0x400004, 0x9, 0x9b72, 0xffffffffffffffff, 0x8000) r0 = openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000000000), 0x100, 0x0) ioctl$auto_SNDRV_TIMER_IOCTL_PVERSION(r0, 0x80045400, &(0x7f0000000040)=0x10) close_range$auto(0x2, 0x8, 0x0) fcntl$getown(0xffffffffffffffff, 0x9) socket$nl_generic(0x10, 0x3, 0x10) ioctl$auto(0xffffffffffffffff, 0x8004b70b, 0x1) mmap$auto(0x0, 0x2020009, 0x3, 0xf8, 0xfffffffffffffffa, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) r1 = socket(0x11, 0x3, 0x9) syslog$auto(0x9, &(0x7f0000000080)='..\x00k\xac\x8c\x1d\x0e\x98\x80\xd2\xaf\xa1\xf2\x1e\xe1R1\xa2\x8e\xce\xa0\x17\bI3\'\xc5tw\xd7\x1d\xa6\xf4#+\xfa\xd7\x01\xb9j<\v\xf47\n\xa7\xd2\x8b\x11e1\xb3\xfdd\x04\xa9 1q\x97\xc4,\xa9^\xc1\xb6\xa1q\x0f\xd1\x013\x87l\xb9\x1e\x05\x90\xa2', 0x7) r2 = syz_open_procfs$namespace(0x0, &(0x7f0000000080)) getdents64$auto(r2, 0x0, 0x18) r3 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$auto_VHOST_SET_OWNER(r3, 0xaf01, 0x5) ioctl$auto(r3, 0x4008af03, 0x0) ioctl$auto_VHOST_NET_SET_BACKEND(r3, 0x4008af30, 0x0) close_range$auto(r1, 0xffffffffffffffff, 0x0) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/v4l-subdev0\x00', 0x0, 0x0) ioctl$auto(0x3, 0xc0585605, 0xffffffffffffffff) r4 = openat$auto_proc_mem_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/mem\x00', 0x10000, 0x0) write$auto_proc_mem_operations_base(r4, &(0x7f0000001680)="a7", 0xfffffc96) r5 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/audio\x00', 0x123002, 0x0) write$auto(r5, &(0x7f0000000080)='/dev/audio\x00', 0x7ff) r6 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup.cpu/memory.limit_in_bytes\x00', 0x182b02, 0x0) sendfile$auto(r6, r6, 0x0, 0x3) select$auto(0x5, 0x0, &(0x7f0000000100)={[0x8, 0x6, 0x7, 0x8000, 0x5, 0x4000000, 0x5, 0x25991f93, 0xd, 0x1000, 0xfb, 0x1, 0x8, 0x4f, 0x96, 0x100]}, 0x0, 0x0) 5.06939135s ago: executing program 0 (id=308): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) unshare$auto(0x40000080) syz_genetlink_get_family_id$auto_l2tp(0x0, 0xffffffffffffffff) mbind$auto(0x0, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) madvise$auto(0x0, 0x20499d, 0x9) syz_genetlink_get_family_id$auto_nfsd(0x0, 0xffffffffffffffff) mmap$auto(0x470000000, 0xd, 0x4000000000000df, 0x109b72, 0xffffffffffffffff, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket$nl_generic(0x10, 0x3, 0x10) rseq$auto(&(0x7f0000000040)={0x5, 0x8, 0x80000001, 0x1000, 0x4, 0x2}, 0x8001, 0x0, 0x7) pread64$auto(0xffffffffffffffff, 0x0, 0x3ef, 0x8009) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x6, 0x7) openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000002940)='/dev/fb0\x00', 0x841, 0x0) openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, &(0x7f0000000000), 0x40000, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) openat$auto_ecryptfs_miscdev_fops_miscdev(0xffffffffffffff9c, &(0x7f0000000140), 0x84000, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D3\x00', 0x1, 0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) select$auto(0x9, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0xffffffffffffffff, 0x15f4da07, 0x6, 0x10, 0x64, 0x80000020, 0x1000, 0xb, 0x9, 0x2, 0x8]}, 0x0) ioctl$auto_SNDRV_TIMER_IOCTL_NEXT_DEVICE(r0, 0xc0145401, &(0x7f0000000080)={0x9, 0x3, 0x0, 0x2, 0x4}) openat$auto_ftrace_set_event_notrace_pid_fops_trace_events(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/tracing/set_event_notrace_pid\x00', 0x10000, 0x0) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) madvise$auto(0x0, 0x2003f2, 0x15) madvise$auto(0x0, 0x1010001, 0x100000003) 3.727484161s ago: executing program 1 (id=301): r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/audio\x00', 0x20342, 0x0) ioctl$auto_SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000000)) mmap$auto(0x0, 0x400007, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x1a9402, 0x0) sendmsg$auto_ETHTOOL_MSG_CABLE_TEST_TDR_ACT(0xffffffffffffffff, 0x0, 0x800) timer_create$auto(0x9, 0x0, 0x0) read$auto(0x3, 0x0, 0x8080) socket(0xa, 0x1, 0x100) write$auto(0x3, 0x0, 0xffd8) unshare$auto(0x40000080) shmctl$auto_IPC_SET(0x4, 0x1, &(0x7f0000000280)={{0x80, 0xee00, 0xee00, 0xca6d, 0x8, 0x4bd6, 0x5}, 0xd21, 0x5, 0x8000000000000000, 0x1, @inferred=0xffffffffffffffff, @inferred=0xffffffffffffffff, 0x9, 0x0, &(0x7f0000000140)="4f0d6995e943b6bc1919e836e1a6e889b4881e233d3b51e066bb0a054c9e474be535fd29da", &(0x7f0000000200)="e3ac9b01ee8d985b677531eeeee5cb5bf774d2df4d9ae6dccbc98def20b72c7c2826a585ba3a8d67815abade214708a4ade77c6faa2f2889ca3e7989f32645dd597a3ae1b46e8d8c7e03ae6b8a"}) fsconfig$auto(r0, 0x800, &(0x7f0000000040)='/sys/devices/LNXSYSTM:00/LNXPWRBN:00/power/wakeup_abort_count\x00', 0x0, r1) process_mrelease$auto(0xffffffffffffffff, 0xa) mmap$auto(0x0, 0x40000b, 0xde, 0x9b72, 0xffffffffffffffff, 0x8000) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r3 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mount$auto(0x0, 0xfffffffffffffffe, 0x0, 0x80, 0xfffffffffffffffe) write$auto(r2, &(0x7f0000000180)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8\xa6\xb6\xaa\x96/OX\xba\x02\xc5\xc6B\x1d}Y\xbc@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf\xd6f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8', 0x100000a3d6) openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x60042, 0x0) mkdir$auto(&(0x7f0000000100)='./file0\x00', 0xff) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/adsp1\x00', 0x20342, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/037/001\x00', 0x802, 0x0) socket(0x2, 0x1, 0x106) mmap$auto(0x1000000000, 0x100000400008, 0x1000000000000df, 0x4000009b73, r3, 0x8000) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/admmidi2\x00', 0x40080, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x10000000000001ff, 0x7, 0xd3e, 0x20, 0x9687, 0x100000000000003, 0x3c2a19d5, 0x6, 0x3, 0x62, 0x8, 0x7, 0x6d3f, 0x6, 0xa, 0xfffffffffffffffe]}, 0x0) close_range$auto(0x2, 0x8, 0x0) 3.726879522s ago: executing program 2 (id=302): ioctl$auto_TUNDETACHFILTER(0xffffffffffffffff, 0x401054d6, &(0x7f00000000c0)={0x4, &(0x7f0000000080)={0x4, 0x9, 0x1, @raw=0x2}}) write$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, &(0x7f0000000100)="da518ed75fcc9f1a8be03501757c05ab6f5a5b36148695b3115a77b09872bf8a5e4c18ed50fc7653bb12525189093819ba59de56fb2504684cfb4f2a2fd2f9f6e2b9418bd2758adb0f57e8ddd982db4206c2b33c55455cfc5dfe1ddc725fd46849d1dcb59678cc1f78ecec38868c1f514ed226e66821923de93165e2805e2e89f8c1d14629e9cea74e8bb76297e617accc6b9d824259b5bd3f6c8068692e8580b1ad399ee8818c436111bd3f", 0xac) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) r0 = openat$auto_i2cdev_fops_i2c_dev(0xffffffffffffff9c, &(0x7f0000000600), 0x142, 0x0) writev$auto(r0, &(0x7f0000000c00)={&(0x7f0000000180), 0x7}, 0x4) mmap$auto(0x0, 0x6, 0x1ff, 0x14, 0x401, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0x4) r1 = socket(0x1d, 0x2, 0x7) r2 = socket(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'vcan0\x00', 0x0}) bind$auto(r1, &(0x7f0000000000)=@can={0x1d, r3}, 0x67) connect$auto(0x3, &(0x7f00000018c0)=@can={0x1d, r4}, 0x18) unshare$auto(0x40000080) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$auto_gtp(&(0x7f0000000b00), 0xffffffffffffffff) sendmsg$auto_GTP_CMD_NEWPDP(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x38, r6, 0xc1b, 0x70bd2b, 0x25dfdbfd, {0x0, 0x0, 0x7a5}, [@GTPA_VERSION={0x8}, @GTPA_FLOW={0x6, 0x6, 0x7}, @GTPA_LINK={0x8, 0x1, 0xfffffff8}, @GTPA_TID={0xc, 0x3, 0x8000000000000000}]}, 0x38}, 0x1, 0x0, 0x0, 0x4080}, 0x800) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x3f0000f5) write$auto(0x3, 0x0, 0xffd8) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x4020009, 0xdb, 0xeb1, 0x401, 0x8000) sendmsg$auto_GTP_CMD_ECHOREQ(0xffffffffffffffff, &(0x7f0000000c40)={0x0, 0x0, &(0x7f0000000c00)={&(0x7f0000000300)=ANY=[], 0x2c}, 0x1, 0x0, 0x0, 0x90}, 0x80) mq_timedsend$auto(0xffffffffffffffff, &(0x7f0000000040)='@*!:}\xc1-.!\\u\x95E\x97\',-\x00', 0x2, 0x4, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1800"], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc8}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x1f00) 3.726235888s ago: executing program 3 (id=310): r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) bpf$auto(0x8000000, &(0x7f0000000000)=@test={0xffffffffffffffff, 0x5, 0x9, 0x3, 0x80, 0x8, 0x4, 0x1, 0x200, 0x8, 0x401, 0x2, 0xe2, 0x4, 0xc28}, 0x0) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d7) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/i8042/serio0/scroll\x00', 0x2062, 0x0) sendmsg$auto_ETHTOOL_MSG_PAUSE_SET(r1, 0x0, 0x24000000) write$auto(r2, &(0x7f00000001c0)='1\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) write$auto(r2, 0x0, 0x98c7) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) unshare$auto(0x40000080) mmap$auto(0x0, 0x2020005, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) r3 = syz_clone(0x4001000, 0x0, 0x0, 0x0, 0x0, 0x0) socket(0xa, 0x3, 0x3b) socket(0xa, 0x3, 0x3b) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, 0x0, 0x8a240, 0x0) socketpair$auto(0x1, 0x5, 0x2a340, 0x0) select$auto(0x11, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x1ff, 0x3, 0x1, 0x7, 0xfffffffffffffffb, 0x15f4da05, 0x10, 0x1000, 0x3, 0x4000008000001f, 0x6, 0x6d3e, 0x8cfb7, 0x9, 0x6]}, 0x0) wait4$auto(r3, 0x0, 0x80000001, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv6/conf/all/forwarding\x00', 0x42a81, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup.cpu/hugetlb.1GB.limit_in_bytes\x00', 0x10b142, 0x0) r4 = open(&(0x7f0000000000)='./file0\x00', 0x4242, 0xe1d2b27bdc14abfd) lstat$auto(0x0, &(0x7f0000000180)={0x12, 0xd, 0x4, 0x0, 0x0, 0x0, 0x0, 0x1000000006, 0x7, 0x8, 0x5, 0x1000, 0x42, 0x8001, 0x1, 0x60, 0x40000102}) r5 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r5, 0x89fc, &(0x7f0000000040)={'bridge0\x00'}) fcntl$auto(r4, 0x400, 0x1) close_range$auto(0x2, 0x8, 0x0) 2.721805338s ago: executing program 0 (id=303): r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/midiC2D2\x00', 0x20200, 0x0) setsockopt$auto_SO_WIFI_STATUS(r0, 0x4, 0x29, &(0x7f0000000300)='\x05\a\x89\xaa([\xa8\x92\x0e=\xc0\xacJ\x9b\xd9u;\x87\x12eDg[\x11\xfed\x03\x9c\xa8oB\xa62\xec\xb7-cs\x03\xd9\xbc\x7f+\xdb\xc02\xf5;\xb1e\x05\xbd#\xf0\xbbf\xd4\xfe\x99\x7f\xc6j\xb3|\x87\x99\xca\x9b\xa4\x02J\xc6\xfb\x04\x95\x94\xa9\xd1\xa7\t\xe7\xb5\xd1\xf8`\xc1\xb8\x13\xfd;\xc3\xb5\xfeC\x01\xe5G(\xc2\xc7r\x90\xd3Op\x95\x925CZa\xcd*J*1ueJ\x9b\x97\x9e\x04\xa6\t\xa0X\x18\x8fl\xd7c\xf9!\xc3+dW\xf4>\xd8\xa4$\xc7\xa1y\xfc\x9b;r\xc7\xbf\xfdg\xc3\xee\x1a\xe3\xb1\xc3o\xb1\x84y\x93\x7f/ngp\xa1\x92\x88H\xfa\xa8\xb1r\xee\x00'/195, 0x40) mmap$auto(0x100000000009, 0x20009, 0x4000000000df, 0xebd, 0x401, 0x0) mmap$auto(0x0, 0x20009, 0xe3, 0x100000eb1, 0x40000000000a1, 0x8000) r1 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) setsockopt$auto(0xffffffffffffffff, 0x29, 0x43, &(0x7f0000000040)='\xa1\x00', 0x4) openat$auto_sco_debugfs_fops_(0xffffffffffffff9c, 0x0, 0x242, 0x0) r2 = openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000000040), 0x800, 0x0) ioctl$auto_SNDRV_TIMER_IOCTL_TREAD64(r2, 0x400454a4, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x9f, 0x6, 0xf8, 0xfffffffffffffffa, 0x8000) r3 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ram0\x00', 0x67f00, 0x0) preadv2$auto(r3, &(0x7f0000000080)={0x0, 0x80000003}, 0x6, 0xffffffffffffffff, 0x400, 0x2f) mmap$auto(0x0, 0x4120008, 0x46, 0xeb1, 0x401, 0x8000) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) pread64$auto(r1, &(0x7f0000000240)='/3Cocw\x00\x03\x00\x00\x00\x17\x00\x00\x00ipt3\x00\xc3\xa9[/\xd4>p\xaeL@N&-\x1d\xb7\x86\xdc\xa8_3.\xa1\\\xee\xc7\xb4*8\xd6\xc04KDh\xc9\xce\xbe\x16\xca\xaaO\'\xfb\v\b\vM\x00e\xd6\xb9z\xdc\x12\x8f\x9d\x88\xad\xaav1\v\x06\xe79\xb9C\f\x875j\x00\x14\xa7\x7f\x1d\xf0\xf5\xc4\xe4nLc%\x80\xa95\xc3\xc2\xf0}\x05A\xa7\\\x9fC1\x9ci\x13\xbeq\xc8\'\xb8\x8amW\xf9\xe5\xf1\x1a\xe1\x8eTS\x97\xfbx\xb9#\xd9\x03\xcbz\x11\xb2\x04\\\xc0w\xeaS\xad8I$\xa0\x8c\xc4[\x04\xa4\x9a\x8b\xf5og\xee', 0x34b, 0xffff) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) socket(0x2a, 0x2, 0x1) getsockopt$auto(0x3, 0x200000000001, 0x1c, 0x0, 0x0) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) mmap$auto(0x100000, 0x2, 0x4000000000e1, 0x40000000000eb1, 0x401, 0x3) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) 1.996696749s ago: executing program 3 (id=304): mmap$auto(0x0, 0x4020009, 0xdb, 0xeb1, 0x401, 0x8000) r0 = socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) mmap$auto(0x0, 0xe983, 0x3, 0x14, 0xffffffffffffffff, 0x8000) fcntl$auto(0x3, 0x4, 0xa553) swapon$auto(0x0, 0x4) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) ioctl$auto_TIOCSETD2(r0, 0x5423, 0x0) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x129102, 0x0) adjtimex$auto(&(0x7f0000000000)={0xffff92b5, 0x0, 0x9, 0x3, 0x0, 0x80000000000000, 0x80000000, 0x0, 0x4513, 0x9, 0xffffffffffffffff, {0x7, 0x6}, 0xfffffffc, 0xbfa, 0x9, 0x10, 0x0, 0x2, 0x8, 0xff, 0x10000, 0x100000001, 0x4}) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x24) close_range$auto(0x2, 0x8, 0x0) close_range$auto(r0, 0x8, 0xfffffe02) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) r1 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dsp\x00', 0x20002, 0x0) ioctl$auto_SNDCTL_DSP_SPEED(r1, 0xc0045002, 0x0) ioctl$auto_SNDCTL_DSP_SPEED(r1, 0xc0045002, &(0x7f0000000000)="7f07d3") ioctl$auto_SNDCTL_DSP_SETFMT(r1, 0xc0045005, 0x0) socketcall$auto(0x8000, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x60980, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$auto(0x3, 0xae60, 0x10000000000402) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto(0x3, 0xae41, r3) 1.99560435s ago: executing program 2 (id=314): mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) madvise$auto(0x110c230000, 0x1, 0x9) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) process_vm_readv$auto(0x0, 0x0, 0x1, 0x0, 0x6, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f2, 0x15) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0x23, 0x4, 0xfffffffe) socket(0xa, 0x3, 0x84) r0 = openat$auto_stat_fops_per_vm_kvm_main(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/kvm/halt_poll_fail_hist\x00', 0xa2500, 0x0) read$auto_stat_fops_per_vm_kvm_main(r0, 0x0, 0x0) r1 = openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000001a00)='/dev/binderfs/binder0\x00', 0x0, 0x0) ioctl$auto_BINDER_GET_NODE_INFO_FOR_REF(r1, 0xc018620c, 0x0) mmap$auto(0x0, 0x20009, 0xfffffffffffffffd, 0xeb1, 0x6, 0x8000) move_pages$auto(0x1, 0x20007, 0x0, 0x0, 0x0, 0x8000000000000000) socket(0x1d, 0x1, 0x7fff) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_tracing_entries_fops_trace(0xffffffffffffff9c, 0x0, 0x1, 0x0) write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/system/node/node1/compact\x00', 0xc2481, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) io_uring_setup$auto(0x9e6, 0x0) r4 = socket(0x1d, 0x2, 0x6) setsockopt$auto(r4, 0x6a, 0x5, 0x0, 0x3) writev$auto(r3, &(0x7f0000000080)={&(0x7f0000000040), 0x1000}, 0x3) 1.746873139s ago: executing program 0 (id=305): write$auto(0xffffffffffffffff, 0x0, 0x100000a3d9) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) r0 = socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) io_uring_setup$auto(0xf0, &(0x7f0000000180)={0x6, 0x18, 0xd64, 0xc852, 0x6, 0x7, r0, [0x1, 0x401, 0x1000], {0x7, 0x5, 0x1, 0x4, 0x95, 0xf4c, 0x7fff, 0xfffffffb, 0x65f29f6d}, {0x3, 0xadc, 0x10000, 0x0, 0x5, 0xffffffff, 0x1000, 0x54f, 0x5}}) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) close_range$auto(0x2, 0xa, 0x0) socket(0xa, 0x2, 0x0) r1 = socket(0xa, 0x3, 0xff) connect$auto(r1, &(0x7f00000018c0)=@generic={0xa}, 0x55) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7fffffe) write$auto_proc_mem_operations_base(0xffffffffffffffff, &(0x7f0000001680), 0x0) syz_clone3(0x0, 0x0) madvise$auto(0x1ffff000, 0x7, 0x100000000) mmap$auto(0x0, 0x400008, 0xb, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) mremap$auto(0x0, 0x4, 0x4, 0x7, 0x100000000) io_uring_setup$auto(0x2, &(0x7f0000000080)={0x80000003, 0x9, 0x4002, 0x6, 0x4, 0x8, 0xffffffffffffffff, [], {0x9, 0x6, 0xf, 0x29f, 0x100, 0x7f, 0x101, 0x4000006, 0x2000}, {0x100, 0x1, 0x52, 0x5, 0x1, 0x40, 0x104, 0x8, 0x100000000}}) syz_clone(0x1002000, 0x0, 0x0, 0x0, 0x0, 0x0) futex_wake$auto(0x0, 0x5, 0x4, 0xa) futex_wake$auto(&(0x7f0000000000)="facff2b53ab3522cb329b5a87bdbc091f5a6ad597f2789e870d64db4cf6503135f5a750abc973b65703b664991ab45d13445d9c4df1d25210345f44468854c9689b943d1c65073bf11fd0c98fb48f9f4d67c0908e7470167", 0xfffffffffffffff8, 0xfff, 0x7f) sysfs$auto(0x2, 0x20, 0x0) shmget$auto(0x8, 0x10563, 0x568d1af2) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/event2\x00', 0x20081, 0x0) mmap$auto(0x0, 0x2000a, 0x10000000000e1, 0xeb2, 0x401, 0x8000) 1.456847491s ago: executing program 1 (id=306): setresuid$auto(0x8, 0x8, 0x0) setreuid$auto(0x0, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_net_shaper(&(0x7f0000000540), r0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'netdevsim0\x00'}) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000140)='/proc/self/net/rt_acct\x00', 0x840, 0x0) lseek$auto(0x3, 0x7fffffffffffffff, 0x1) fsconfig$auto(r0, 0x2, &(0x7f0000000180)='\x00', &(0x7f0000000580)="10ab6b39a25e5d9c4947936e05c1ebf9895356b0a5fc915241b26bebe1bf3648ecb6260c4d40bcaaf9620450e0f236d9cf2e9bfa15663032904f14a0bfebeb6f41d8f77bd0bca982dfe6b49e308e606721133b53711ed21bb9e1e32f4be7a7c60b1e11a84523b8f0f030b169292f0b65a26107a850d0b970a474f1e71b47e5ca3b8343ea7d7b90f3557fd5f312dc8058", 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) syz_genetlink_get_family_id$auto_tipcv2(&(0x7f000000c180), 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) pipe2$auto(&(0x7f0000000140)=0x2, 0x800) read$auto(0x4, 0x0, 0x80) syz_genetlink_get_family_id$auto_macsec(&(0x7f0000000080), r0) sendmsg$auto_TIPC_NL_NAME_TABLE_GET(0xffffffffffffffff, 0x0, 0x4) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) fsconfig$auto(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, 0x0, 0x802, 0x0) waitid$auto_P_PGID(0x2, 0x0, 0x0, 0x3, &(0x7f0000000440)={{0x8, 0x6}, {0x8, 0xc5e}, 0x100000011, 0x3, 0x5, 0xf9, 0xfffffffffffffffc, 0x5, 0x6274, 0x9, 0x0, 0xb, 0x360, 0x439c, 0x9, 0x7}) mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x40eb2, 0xd, 0x300000000000) close_range$auto(0x0, 0xfffffffffffff000, 0x0) bpf$auto(0x0, &(0x7f00000001c0)=@bpf_attr_0={0xa, 0xb8, 0x10, 0x4, 0x4, 0xffffffffffffffff, 0xa, "2af051b26b658a20d8dc6b36c83ce63f", 0x0, 0xffffffffffffffff, 0x5, 0x7, 0x7, 0x6}, 0xf) bpf$auto(0x1a, &(0x7f0000000380)=@link_create={@prog_fd, @target_ifindex=r2, 0x3, 0x81, @uprobe_multi={0x3, 0x1ff, 0x3d7e, 0x0, 0x1, 0x4}}, 0x96) 842.140601ms ago: executing program 3 (id=307): setresuid$auto(0x8, 0x8, 0x0) setfsuid$auto(0xee00) r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_net_shaper(&(0x7f0000000540), r0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'netdevsim0\x00'}) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000140)='/proc/self/net/rt_acct\x00', 0x840, 0x0) lseek$auto(0x3, 0x7fffffffffffffff, 0x1) fsconfig$auto(r0, 0x2, &(0x7f0000000180)='\x00', &(0x7f0000000580)="10ab6b39a25e5d9c4947936e05c1ebf9895356b0a5fc915241b26bebe1bf3648ecb6260c4d40bcaaf9620450e0f236d9cf2e9bfa15663032904f14a0bfebeb6f41d8f77bd0bca982dfe6b49e308e606721133b53711ed21bb9e1e32f4be7a7c60b1e11a84523b8f0f030b169292f0b65a26107a850d0b970a474f1e71b47e5ca3b8343ea7d7b90f3557fd5f312dc8058", 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) syz_genetlink_get_family_id$auto_tipcv2(&(0x7f000000c180), 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) pipe2$auto(&(0x7f0000000140)=0x2, 0x800) read$auto(0x4, 0x0, 0x80) syz_genetlink_get_family_id$auto_macsec(&(0x7f0000000080), r0) sendmsg$auto_TIPC_NL_NAME_TABLE_GET(0xffffffffffffffff, 0x0, 0x4) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) fsconfig$auto(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, 0x0, 0x802, 0x0) waitid$auto_P_PGID(0x2, 0x0, 0x0, 0x3, &(0x7f0000000440)={{0x8, 0x6}, {0x8, 0xc5e}, 0x100000011, 0x3, 0x5, 0xf9, 0xfffffffffffffffc, 0x5, 0x6274, 0x9, 0x0, 0xb, 0x360, 0x439c, 0x9, 0x7}) mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x40eb2, 0xd, 0x300000000000) close_range$auto(0x0, 0xfffffffffffff000, 0x0) bpf$auto(0x0, &(0x7f00000001c0)=@bpf_attr_0={0xa, 0xb8, 0x10, 0x4, 0x4, 0xffffffffffffffff, 0xa, "2af051b26b658a20d8dc6b36c83ce63f", 0x0, 0xffffffffffffffff, 0x5, 0x7, 0x7, 0x6}, 0xf) bpf$auto(0x1a, &(0x7f0000000380)=@link_create={@prog_fd, @target_ifindex=r2, 0x3, 0x81, @uprobe_multi={0x3, 0x1ff, 0x3d7e, 0x0, 0x1, 0x4}}, 0x96) 559.314486ms ago: executing program 2 (id=309): syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) r0 = socket(0x25, 0x1, 0x0) sendto$auto(r0, 0x0, 0x0, 0x0, 0x0, 0x3) r1 = openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000140), 0x180b03, 0x0) mmap$auto(0x20000, 0x400008, 0x3, 0x9b72, 0xffffffffffffffff, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) fallocate$auto(r1, 0x1, 0x2, 0x6657) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0x1, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x5, 0xd, 0x8fd6, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x9, 0x9, 0x80000001, 0x7, 0x1, 0x9, 0x1000000000000001, 0x1]}, 0x0) socket(0xa, 0x4, 0x0) mmap$auto(0x0, 0x9, 0x3ff57696, 0x9b72, 0x2, 0x0) sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x14}, 0x1, 0x0, 0x0, 0x20008000}, 0x10004010) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4004810}, 0x20000800) sendmmsg$auto(0x3, 0x0, 0x3, 0x0) write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) msync$auto(0x1ffff000, 0x1800000000000fe, 0x400000004) ioctl$auto(0x3, 0x2287, 0xffffffffffffffff) close_range$auto(0x2, 0x8, 0x0) openat$auto_proc_mem_operations_base(0xffffffffffffff9c, 0x0, 0x401, 0x0) msync$auto(0x1, 0x9, 0xfffffff7) madvise$auto(0x0, 0x20200, 0x15) prctl$auto(0x43, 0x17, 0x0, 0x0, 0x0) prctl$auto(0x43, 0x0, 0x0, 0x0, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'virt_wifi0\x00'}) socket(0x10, 0x2, 0x4) 729.872µs ago: executing program 0 (id=311): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000600), 0xffffffffffffffff) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) r2 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x48402, 0x0) mmap$auto(0xfffffffffffffffd, 0x202000b, 0x3, 0x17, 0xfffffffffffffffa, 0x8002) r3 = open(&(0x7f00000001c0)='./file0\x00', 0x591a00, 0x154) read$auto(r2, 0x0, 0x7) close_range$auto(0x2, 0x8, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = openat$auto_ftrace_set_event_notrace_pid_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/tracing/set_event_notrace_pid\x00', 0x102, 0x0) r6 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) r7 = syz_genetlink_get_family_id$auto_ipvs(&(0x7f0000000080), r4) sendmsg$auto_IPVS_CMD_NEW_DAEMON(r3, &(0x7f0000000240)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000180)={&(0x7f00000000c0)={0x24, r7, 0x300, 0x70bd28, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x4}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x5}]}, 0x24}}, 0x40004) write$auto(r6, 0x0, 0x81) bpf$auto(0x0, 0x0, 0x6f4) arch_prctl$auto_ARCH_REQ_XCOMP_GUEST_PERM(0x1025, 0xfffffffffffffff7) sendmmsg$auto(r5, 0x0, 0x8, 0xe4) write$auto(0x3, 0x0, 0xfffffdef) mmap$auto(0x0, 0xc, 0x9c0f, 0x44eb2, 0xffffffffffffffff, 0x300000000000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) r8 = waitid$auto_P_PID(0x1, 0xffffffffffffffff, &(0x7f0000000280)={@_si_pad}, 0xfff, &(0x7f0000000300)={{0xfffffffffffffffc, 0x7}, {0x7ff, 0x401}, 0x6, 0x1, 0xe66f, 0xfff, 0xd, 0x200, 0x7, 0x1129, 0xff, 0x6, 0x3, 0x61d, 0x8, 0x1}) prctl$auto(0x0, 0x6, r8, 0x7ece, 0x80000001) socket(0x2, 0x2, 0x1) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) sendto$auto(0x3, 0x0, 0xffeb, 0xe, &(0x7f0000000100)=@in={0x2, 0x4e22, @multicast2}, 0x19) sendmsg$auto_ETHTOOL_MSG_MODULE_FW_FLASH_ACT(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)={0x2c, r1, 0x1, 0x70bd29, 0x25dfdbfc, {}, [@ETHTOOL_A_MODULE_FW_FLASH_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wlan1\x00'}]}]}, 0x2c}, 0x1, 0x1000000}, 0x8094) 0s ago: executing program 1 (id=312): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/module/zswap/parameters/compressor\x00', 0xc0002, 0x0) socket(0x6, 0x3, 0x37) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) close_range$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket(0x26, 0x5, 0x8c68) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/midi2\x00', 0x101e41, 0x0) ioperm$auto(0x84, 0x7, 0x4000008) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptyr0\x00', 0x74c40, 0x0) openat$auto_uinput_fops_uinput(0xffffffffffffff9c, 0x0, 0x40, 0x0) mmap$auto(0x802, 0x8000009, 0x1, 0x19, 0xffffffffffffffff, 0x100000000000008) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r1, 0x0, 0x20) r2 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x140082, 0x0) writev$auto(r2, &(0x7f0000000200)={0x0, 0x7}, 0x3) close_range$auto(0x2, 0x8, 0x0) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0xffffffffffffffff, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) sysfs$auto(0x2, 0x7, 0x0) lsm_list_modules$auto(0x0, 0x0, 0x0) r3 = openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000280), 0x141182, 0x0) ioctl$auto_dvb_demux_fops_dmxdev(r3, 0x40146f2c, 0x0) ioctl$auto_dvb_demux_fops_dmxdev(0xffffffffffffffff, 0x40146f2b, 0x0) r4 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/security/tomoyo/audit\x00', 0x50ba82, 0x0) read$auto(r4, 0x0, 0xb4d3) unshare$auto(0x40000080) setsockopt$auto(r0, 0xd0, 0x800000e4, 0x0, 0x569) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.225' (ED25519) to the list of known hosts. [ 81.474904][ T5816] cgroup: Unknown subsys name 'net' [ 81.609629][ T5816] cgroup: Unknown subsys name 'cpuset' [ 81.619214][ T5816] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 83.079106][ T5816] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 85.263876][ T5832] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 85.266673][ T5837] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 85.279569][ T5837] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 85.286600][ T5832] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 85.288712][ T5837] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 85.296496][ T5832] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 85.302350][ T5837] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 85.308267][ T5832] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 85.316627][ T5837] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 85.324366][ T5832] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 85.330045][ T5837] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 85.336963][ T5832] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 85.356139][ T5832] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 85.363972][ T5835] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 85.364369][ T5832] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 85.400112][ T5149] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 85.408767][ T5149] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 85.418495][ T5149] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 85.435040][ T5149] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 85.446673][ T5149] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 85.914641][ T5828] chnl_net:caif_netlink_parms(): no params data found [ 86.019106][ T5827] chnl_net:caif_netlink_parms(): no params data found [ 86.064277][ T5829] chnl_net:caif_netlink_parms(): no params data found [ 86.177304][ T5828] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.184552][ T5828] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.192605][ T5828] bridge_slave_0: entered allmulticast mode [ 86.200102][ T5828] bridge_slave_0: entered promiscuous mode [ 86.213861][ T5834] chnl_net:caif_netlink_parms(): no params data found [ 86.230459][ T5828] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.237700][ T5828] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.245286][ T5828] bridge_slave_1: entered allmulticast mode [ 86.252930][ T5828] bridge_slave_1: entered promiscuous mode [ 86.367068][ T5828] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 86.379489][ T5828] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 86.406279][ T5829] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.413549][ T5829] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.421895][ T5829] bridge_slave_0: entered allmulticast mode [ 86.429309][ T5829] bridge_slave_0: entered promiscuous mode [ 86.446129][ T5827] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.453292][ T5827] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.461474][ T5827] bridge_slave_0: entered allmulticast mode [ 86.469423][ T5827] bridge_slave_0: entered promiscuous mode [ 86.499464][ T5829] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.506962][ T5829] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.514121][ T5829] bridge_slave_1: entered allmulticast mode [ 86.521339][ T5829] bridge_slave_1: entered promiscuous mode [ 86.538100][ T5827] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.545490][ T5827] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.553112][ T5827] bridge_slave_1: entered allmulticast mode [ 86.560326][ T5827] bridge_slave_1: entered promiscuous mode [ 86.567959][ T5834] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.575225][ T5834] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.582961][ T5834] bridge_slave_0: entered allmulticast mode [ 86.590209][ T5834] bridge_slave_0: entered promiscuous mode [ 86.609124][ T5828] team0: Port device team_slave_0 added [ 86.623441][ T5834] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.630727][ T5834] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.638239][ T5834] bridge_slave_1: entered allmulticast mode [ 86.645172][ T5834] bridge_slave_1: entered promiscuous mode [ 86.664364][ T5828] team0: Port device team_slave_1 added [ 86.693772][ T5829] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 86.715670][ T5827] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 86.737809][ T5829] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 86.759613][ T5827] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 86.771492][ T5834] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 86.792515][ T5828] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 86.799614][ T5828] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 86.825827][ T5828] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 86.850174][ T5834] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 86.870398][ T5828] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 86.878062][ T5828] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 86.904176][ T5828] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 86.939406][ T5829] team0: Port device team_slave_0 added [ 86.973688][ T5827] team0: Port device team_slave_0 added [ 87.002444][ T5829] team0: Port device team_slave_1 added [ 87.045113][ T5827] team0: Port device team_slave_1 added [ 87.052857][ T5834] team0: Port device team_slave_0 added [ 87.108545][ T5834] team0: Port device team_slave_1 added [ 87.115324][ T5829] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 87.122814][ T5829] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 87.150649][ T5829] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 87.170848][ T5828] hsr_slave_0: entered promiscuous mode [ 87.177907][ T5828] hsr_slave_1: entered promiscuous mode [ 87.215760][ T5829] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 87.223148][ T5829] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 87.249515][ T5829] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 87.263576][ T5827] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 87.270823][ T5827] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 87.297086][ T5827] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 87.327269][ T5834] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 87.334252][ T5834] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 87.360972][ T5834] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 87.373258][ T5827] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 87.380451][ T5827] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 87.406969][ T5827] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 87.427387][ T5835] Bluetooth: hci0: command tx timeout [ 87.427399][ T5149] Bluetooth: hci1: command tx timeout [ 87.427585][ T5149] Bluetooth: hci2: command tx timeout [ 87.457291][ T5834] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 87.464273][ T5834] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 87.490380][ T5834] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 87.506079][ T5149] Bluetooth: hci3: command tx timeout [ 87.551782][ T5829] hsr_slave_0: entered promiscuous mode [ 87.558301][ T5829] hsr_slave_1: entered promiscuous mode [ 87.564363][ T5829] debugfs: 'hsr0' already exists in 'hsr' [ 87.570433][ T5829] Cannot create hsr debugfs directory [ 87.609721][ T5827] hsr_slave_0: entered promiscuous mode [ 87.616068][ T5827] hsr_slave_1: entered promiscuous mode [ 87.622180][ T5827] debugfs: 'hsr0' already exists in 'hsr' [ 87.628300][ T5827] Cannot create hsr debugfs directory [ 87.701441][ T5834] hsr_slave_0: entered promiscuous mode [ 87.707772][ T5834] hsr_slave_1: entered promiscuous mode [ 87.713814][ T5834] debugfs: 'hsr0' already exists in 'hsr' [ 87.719990][ T5834] Cannot create hsr debugfs directory [ 88.126935][ T5828] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 88.139775][ T5828] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 88.168258][ T5828] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 88.179356][ T5828] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 88.238752][ T5834] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 88.252569][ T5834] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 88.264657][ T5834] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 88.275637][ T5834] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 88.392812][ T5829] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 88.421354][ T5829] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 88.431737][ T5829] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 88.443215][ T5829] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 88.528031][ T5827] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 88.543806][ T5827] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 88.562161][ T5827] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 88.579991][ T5828] 8021q: adding VLAN 0 to HW filter on device bond0 [ 88.589717][ T5827] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 88.649146][ T5834] 8021q: adding VLAN 0 to HW filter on device bond0 [ 88.665009][ T5828] 8021q: adding VLAN 0 to HW filter on device team0 [ 88.707323][ T3489] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.714542][ T3489] bridge0: port 1(bridge_slave_0) entered forwarding state [ 88.743729][ T3489] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.750864][ T3489] bridge0: port 2(bridge_slave_1) entered forwarding state [ 88.778049][ T5834] 8021q: adding VLAN 0 to HW filter on device team0 [ 88.807497][ T3489] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.814766][ T3489] bridge0: port 1(bridge_slave_0) entered forwarding state [ 88.861095][ T3489] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.868246][ T3489] bridge0: port 2(bridge_slave_1) entered forwarding state [ 88.918201][ T5829] 8021q: adding VLAN 0 to HW filter on device bond0 [ 88.962910][ T5829] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.021719][ T3489] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.029030][ T3489] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.041486][ T3489] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.048701][ T3489] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.066919][ T5827] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.114998][ T5827] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.200366][ T60] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.207591][ T60] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.243408][ T60] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.250736][ T60] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.275279][ T5829] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 89.419633][ T5828] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 89.481521][ T5834] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 89.512136][ T5149] Bluetooth: hci0: command tx timeout [ 89.512153][ T5837] Bluetooth: hci1: command tx timeout [ 89.512183][ T5837] Bluetooth: hci2: command tx timeout [ 89.587337][ T5837] Bluetooth: hci3: command tx timeout [ 89.618187][ T5828] veth0_vlan: entered promiscuous mode [ 89.658304][ T5828] veth1_vlan: entered promiscuous mode [ 89.676973][ T5834] veth0_vlan: entered promiscuous mode [ 89.713024][ T5834] veth1_vlan: entered promiscuous mode [ 89.787622][ T5829] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 89.809508][ T5827] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 89.817692][ T5828] veth0_macvtap: entered promiscuous mode [ 89.832740][ T5834] veth0_macvtap: entered promiscuous mode [ 89.843913][ T5834] veth1_macvtap: entered promiscuous mode [ 89.857842][ T5828] veth1_macvtap: entered promiscuous mode [ 89.880443][ T5834] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 89.910205][ T5834] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 89.941536][ T5828] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 89.964014][ T5828] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 89.971770][ T36] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.981233][ T36] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.018210][ T36] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.029170][ T36] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.056442][ T36] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.085903][ T5827] veth0_vlan: entered promiscuous mode [ 90.094074][ T5829] veth0_vlan: entered promiscuous mode [ 90.102153][ T36] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.112476][ T36] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.141033][ T36] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.178559][ T5827] veth1_vlan: entered promiscuous mode [ 90.201473][ T5829] veth1_vlan: entered promiscuous mode [ 90.256278][ T1321] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 90.274789][ T1321] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 90.321344][ T3489] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 90.329546][ T3489] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 90.340111][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 90.350507][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 90.390839][ T5829] veth0_macvtap: entered promiscuous mode [ 90.401830][ T5827] veth0_macvtap: entered promiscuous mode [ 90.415035][ T5829] veth1_macvtap: entered promiscuous mode [ 90.426589][ T3587] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 90.439135][ T5827] veth1_macvtap: entered promiscuous mode [ 90.446823][ T3587] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 90.499180][ T5827] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 90.509013][ T5834] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 90.514765][ T5829] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 90.558077][ T5829] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 90.579779][ T5827] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 90.648396][ T60] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.676806][ T60] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.685583][ T60] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.712571][ T60] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.738290][ T60] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.761835][ T60] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.783791][ T60] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.793756][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 90.802435][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 90.825827][ T60] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.295531][ T3587] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.310838][ T3587] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.424867][ T3587] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.464725][ T3587] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.505208][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.536864][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.586592][ T5837] Bluetooth: hci2: command tx timeout [ 91.596533][ T5835] Bluetooth: hci1: command tx timeout [ 91.606120][ T5837] Bluetooth: hci0: command tx timeout [ 91.666898][ T5837] Bluetooth: hci3: command tx timeout [ 91.738068][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 91.769567][ T3587] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.786114][ T3587] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.061326][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 92.094004][ T115] cfg80211: failed to load regulatory.db [ 92.231964][ T5945] FAULT_INJECTION: forcing a failure. [ 92.231964][ T5945] name failslab, interval 1, probability 0, space 0, times 1 [ 92.245582][ T5945] CPU: 0 UID: 0 PID: 5945 Comm: syz.2.3 Not tainted syzkaller #0 PREEMPT(full) [ 92.245618][ T5945] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 92.245640][ T5945] Call Trace: [ 92.245648][ T5945] [ 92.245658][ T5945] dump_stack_lvl+0x100/0x190 [ 92.245685][ T5945] should_fail_ex.cold+0x5/0xa [ 92.245755][ T5945] should_failslab+0xc2/0x120 [ 92.245776][ T5945] kmem_cache_alloc_noprof+0x83/0x780 [ 92.245795][ T5945] ? __might_fault+0xc5/0x140 [ 92.245811][ T5945] ? getname_flags.part.0+0x4c/0x540 [ 92.245835][ T5945] ? getname_flags.part.0+0x4c/0x540 [ 92.245855][ T5945] getname_flags.part.0+0x4c/0x540 [ 92.245878][ T5945] user_path_at+0x9b/0x100 [ 92.245894][ T5945] __x64_sys_mount+0x1fb/0x310 [ 92.245921][ T5945] ? __pfx___x64_sys_mount+0x10/0x10 [ 92.245965][ T5945] do_syscall_64+0xc9/0xf80 [ 92.246000][ T5945] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 92.246027][ T5945] RIP: 0033:0x7f486839aeb9 [ 92.246047][ T5945] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 92.246078][ T5945] RSP: 002b:00007f486921a028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 92.246106][ T5945] RAX: ffffffffffffffda RBX: 00007f4868616090 RCX: 00007f486839aeb9 [ 92.246124][ T5945] RDX: 0000200000000240 RSI: 0000000000000000 RDI: 0000200000000180 [ 92.246141][ T5945] RBP: 00007f4868408c1f R08: 0000200000000280 R09: 0000000000000000 [ 92.246158][ T5945] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000000000 [ 92.246173][ T5945] R13: 00007f4868616128 R14: 00007f4868616090 R15: 00007ffd7ae2ea88 [ 92.246206][ T5945] [ 92.616426][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 92.675745][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 93.558792][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 93.667400][ T5837] Bluetooth: hci1: command tx timeout [ 93.668626][ T5835] Bluetooth: hci0: command tx timeout [ 93.672831][ T5837] Bluetooth: hci2: command tx timeout [ 93.746945][ T5835] Bluetooth: hci3: command tx timeout [ 93.816937][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 93.827032][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 93.838240][ T0] NOHZ tick-stop error: local softirq work is pending, handler #202!!! [ 94.250464][ T5961] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 94.550050][ T5963] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 96.540881][ T5991] binder: 5989:5991 ioctl c018620c 0 returned -1 [ 98.007782][ T6031] Zero length message leads to an empty skb [ 98.945666][ T6043] vhci_hcd vhci_hcd.2: invalid port number 16 [ 98.951853][ T6043] vhci_hcd vhci_hcd.2: invalid port number 16 [ 100.857581][ T6088] Invalid ELF header magic: != ELF [ 102.201256][ T6114] FAULT_INJECTION: forcing a failure. [ 102.201256][ T6114] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 102.214640][ T6114] CPU: 0 UID: 0 PID: 6114 Comm: syz.3.42 Not tainted syzkaller #0 PREEMPT(full) [ 102.214675][ T6114] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 102.214690][ T6114] Call Trace: [ 102.214699][ T6114] [ 102.214708][ T6114] dump_stack_lvl+0x100/0x190 [ 102.214746][ T6114] should_fail_ex.cold+0x5/0xa [ 102.214790][ T6114] _copy_from_user+0x2e/0xd0 [ 102.214834][ T6114] copy_mount_options+0x76/0x190 [ 102.214889][ T6114] __x64_sys_mount+0x1ab/0x310 [ 102.214934][ T6114] ? __pfx___x64_sys_mount+0x10/0x10 [ 102.214982][ T6114] do_syscall_64+0xc9/0xf80 [ 102.215019][ T6114] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 102.215048][ T6114] RIP: 0033:0x7f475cd9aeb9 [ 102.215069][ T6114] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 102.215095][ T6114] RSP: 002b:00007f475dcaa028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 102.215122][ T6114] RAX: ffffffffffffffda RBX: 00007f475d016090 RCX: 00007f475cd9aeb9 [ 102.215140][ T6114] RDX: 0000200000000240 RSI: 0000000000000000 RDI: 0000200000000180 [ 102.215157][ T6114] RBP: 00007f475ce08c1f R08: 0000200000000280 R09: 0000000000000000 [ 102.215175][ T6114] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000000000 [ 102.215191][ T6114] R13: 00007f475d016128 R14: 00007f475d016090 R15: 00007ffdadea5dc8 [ 102.215228][ T6114] [ 103.019266][ T6125] ecryptfs_miscdev_write: Dropping miscdev message of unrecognized type [0] [ 104.410685][ T6149] netlink: 'syz.3.51': attribute type 11 has an invalid length. [ 104.472177][ T6149] netlink: 'syz.3.51': attribute type 11 has an invalid length. [ 104.518916][ T6149] netlink: 'syz.3.51': attribute type 11 has an invalid length. [ 104.548208][ T6149] netlink: 'syz.3.51': attribute type 11 has an invalid length. [ 104.818170][ T6149] random: crng reseeded on system resumption [ 104.979752][ T6156] ecryptfs_miscdev_write: Dropping miscdev message of unrecognized type [0] [ 105.437888][ T6166] zswap: compressor @ not available [ 108.509737][ T6226] netlink: 4 bytes leftover after parsing attributes in process `syz.1.71'. [ 108.572034][ T6226] netlink: 354 bytes leftover after parsing attributes in process `syz.1.71'. [ 108.585245][ T6228] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 108.685581][ T6210] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 114.255307][ T6317] ecryptfs_miscdev_write: Dropping miscdev message of unrecognized type [0] [ 114.329286][ T6322] process 'syz.2.92' launched './file0' with NULL argv: empty string added [ 114.553719][ T6328] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input5 [ 116.457888][ T6341] FAULT_INJECTION: forcing a failure. [ 116.457888][ T6341] name failslab, interval 1, probability 0, space 0, times 0 [ 116.643254][ T6341] CPU: 1 UID: 0 PID: 6341 Comm: syz.3.96 Not tainted syzkaller #0 PREEMPT(full) [ 116.643277][ T6341] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 116.643287][ T6341] Call Trace: [ 116.643292][ T6341] [ 116.643298][ T6341] dump_stack_lvl+0x100/0x190 [ 116.643321][ T6341] should_fail_ex.cold+0x5/0xa [ 116.643346][ T6341] should_failslab+0xc2/0x120 [ 116.643367][ T6341] __kmalloc_node_track_caller_noprof+0xf9/0x9d0 [ 116.643386][ T6341] ? kasan_save_stack+0x3f/0x50 [ 116.643404][ T6341] ? kasan_save_stack+0x30/0x50 [ 116.643420][ T6341] ? kasan_save_track+0x14/0x30 [ 116.643437][ T6341] ? kstrdup_const+0x63/0x80 [ 116.643458][ T6341] ? kstrdup+0x51/0xe0 [ 116.643473][ T6341] kstrdup+0x51/0xe0 [ 116.643491][ T6341] kstrdup_const+0x63/0x80 [ 116.643509][ T6341] __kernfs_new_node+0x9b/0x960 [ 116.643531][ T6341] ? __pfx___kernfs_new_node+0x10/0x10 [ 116.643555][ T6341] ? find_held_lock+0x2b/0x80 [ 116.643569][ T6341] ? kernfs_root+0xee/0x2a0 [ 116.643586][ T6341] ? kernfs_root+0xee/0x2a0 [ 116.643609][ T6341] kernfs_new_node+0x11b/0x1a0 [ 116.643634][ T6341] kernfs_create_dir_ns+0x4c/0x1a0 [ 116.643649][ T6341] cgroup_mkdir+0x3be/0x12d0 [ 116.643668][ T6341] ? __pfx_cgroup_mkdir+0x10/0x10 [ 116.643683][ T6341] kernfs_iop_mkdir+0x111/0x190 [ 116.643703][ T6341] ? bpf_lsm_inode_mkdir+0x9/0x10 [ 116.643723][ T6341] vfs_mkdir+0x729/0xb50 [ 116.643748][ T6341] do_mkdirat+0x435/0x590 [ 116.643767][ T6341] ? __pfx_do_mkdirat+0x10/0x10 [ 116.643784][ T6341] ? strncpy_from_user+0x19d/0x2d0 [ 116.643806][ T6341] ? getname_flags.part.0+0x1c5/0x540 [ 116.643828][ T6341] __x64_sys_mkdir+0xef/0x140 [ 116.643846][ T6341] do_syscall_64+0xc9/0xf80 [ 116.643865][ T6341] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 116.643880][ T6341] RIP: 0033:0x7f475cd9aeb9 [ 116.643893][ T6341] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 116.643906][ T6341] RSP: 002b:00007f475dccb028 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 116.643922][ T6341] RAX: ffffffffffffffda RBX: 00007f475d015fa0 RCX: 00007f475cd9aeb9 [ 116.643932][ T6341] RDX: 0000000000000000 RSI: 00000000000007ff RDI: 0000200000000000 [ 116.643941][ T6341] RBP: 00007f475ce08c1f R08: 0000000000000000 R09: 0000000000000000 [ 116.643950][ T6341] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 116.643958][ T6341] R13: 00007f475d016038 R14: 00007f475d015fa0 R15: 00007ffdadea5dc8 [ 116.643979][ T6341] [ 117.563574][ T6375] ecryptfs_miscdev_write: Dropping miscdev message of unrecognized type [0] [ 119.283100][ T6405] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input6 [ 119.434464][ T6412] ecryptfs_miscdev_write: Dropping miscdev message of unrecognized type [0] [ 120.475104][ T6429] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 120.539235][ T6429] netlink: 252 bytes leftover after parsing attributes in process `syz.2.117'. [ 120.598128][ T6429] netlink: 252 bytes leftover after parsing attributes in process `syz.2.117'. [ 121.241949][ T6441] netlink: 4 bytes leftover after parsing attributes in process `syz.3.118'. [ 121.243285][ T6441] netlink: 'syz.3.118': attribute type 1 has an invalid length. [ 121.243311][ T6441] netlink: 13 bytes leftover after parsing attributes in process `syz.3.118'. [ 121.261221][ T6419] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 121.566407][ T6437] random: crng reseeded on system resumption [ 122.912209][ T6461] bridge0: port 3(team0) entered blocking state [ 122.935122][ T6461] bridge0: port 3(team0) entered disabled state [ 122.967066][ T6461] team0: entered allmulticast mode [ 122.998384][ T6461] team_slave_0: entered allmulticast mode [ 123.073432][ T6461] team_slave_1: entered allmulticast mode [ 123.251505][ T6479] zswap: compressor not available [ 123.302018][ T6461] team0: entered promiscuous mode [ 123.398243][ T6461] team_slave_0: entered promiscuous mode [ 123.457138][ T6461] team_slave_1: entered promiscuous mode [ 123.463774][ T6461] bridge0: port 3(team0) entered blocking state [ 123.470370][ T6461] bridge0: port 3(team0) entered forwarding state [ 126.232398][ T30] audit: type=1326 audit(1770580358.823:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6498 comm="syz.3.130" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f475cd9aeb9 code=0x0 [ 126.531683][ T6503] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. [ 126.531683][ T6503] The task syz.3.130 (6503) triggered the difference, watch for misbehavior. [ 127.066341][ T6517] bridge0: port 3(netdevsim0) entered blocking state [ 127.120543][ T6517] bridge0: port 3(netdevsim0) entered disabled state [ 127.169413][ T6517] netdevsim netdevsim0 netdevsim0: entered allmulticast mode [ 127.219189][ T6517] netdevsim netdevsim0 netdevsim0: entered promiscuous mode [ 127.723763][ T6517] FAULT_INJECTION: forcing a failure. [ 127.723763][ T6517] name failslab, interval 1, probability 0, space 0, times 0 [ 127.789002][ T6517] CPU: 1 UID: 0 PID: 6517 Comm: syz.0.141 Not tainted syzkaller #0 PREEMPT(full) [ 127.789041][ T6517] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 127.789054][ T6517] Call Trace: [ 127.789060][ T6517] [ 127.789066][ T6517] dump_stack_lvl+0x100/0x190 [ 127.789093][ T6517] should_fail_ex.cold+0x5/0xa [ 127.789124][ T6517] should_failslab+0xc2/0x120 [ 127.789146][ T6517] __kmalloc_cache_noprof+0x80/0x810 [ 127.789161][ T6517] ? nbp_vlan_init+0x163/0x500 [ 127.789180][ T6517] ? __pfx___alloc_skb+0x10/0x10 [ 127.789204][ T6517] ? nbp_vlan_init+0x163/0x500 [ 127.789222][ T6517] nbp_vlan_init+0x163/0x500 [ 127.789241][ T6517] ? __pfx_nbp_vlan_init+0x10/0x10 [ 127.789262][ T6517] ? __local_bh_enable_ip+0x9e/0x120 [ 127.789288][ T6517] ? lockdep_hardirqs_on+0x78/0x100 [ 127.789317][ T6517] ? br_fdb_add_local+0x43/0x60 [ 127.789345][ T6517] ? __local_bh_enable_ip+0x9e/0x120 [ 127.789381][ T6517] br_add_if+0xf79/0x1b40 [ 127.789427][ T6517] add_del_if+0x114/0x160 [ 127.789464][ T6517] br_dev_siocdevprivate+0x8ac/0x1650 [ 127.789486][ T6517] ? __lock_acquire+0x4a5/0x2630 [ 127.789505][ T6517] ? __pfx_br_dev_siocdevprivate+0x10/0x10 [ 127.789531][ T6517] ? do_raw_spin_lock+0x128/0x260 [ 127.789555][ T6517] ? mark_held_locks+0x40/0x70 [ 127.789576][ T6517] ? netdev_name_node_lookup+0x107/0x150 [ 127.789594][ T6517] ? __mutex_lock+0x26a/0x1b90 [ 127.789614][ T6517] dev_ifsioc+0xc15/0x1eb0 [ 127.789635][ T6517] ? __pfx_dev_ifsioc+0x10/0x10 [ 127.789653][ T6517] ? __pfx___mutex_lock+0x10/0x10 [ 127.789676][ T6517] ? dev_load+0x8e/0x240 [ 127.789694][ T6517] ? dev_load+0x8e/0x240 [ 127.789716][ T6517] dev_ioctl+0x70e/0x1070 [ 127.789737][ T6517] sock_ioctl+0x494/0x6b0 [ 127.789755][ T6517] ? __pfx_sock_ioctl+0x10/0x10 [ 127.789779][ T6517] ? __pfx_sock_ioctl+0x10/0x10 [ 127.789796][ T6517] __x64_sys_ioctl+0x18e/0x210 [ 127.789820][ T6517] do_syscall_64+0xc9/0xf80 [ 127.789839][ T6517] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 127.789854][ T6517] RIP: 0033:0x7f0d1f19aeb9 [ 127.789874][ T6517] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 127.789889][ T6517] RSP: 002b:00007f0d20084028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 127.789904][ T6517] RAX: ffffffffffffffda RBX: 00007f0d1f415fa0 RCX: 00007f0d1f19aeb9 [ 127.789914][ T6517] RDX: 0000200000000040 RSI: 00000000000089fc RDI: 0000000000000007 [ 127.789923][ T6517] RBP: 00007f0d1f208c1f R08: 0000000000000000 R09: 0000000000000000 [ 127.789932][ T6517] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 127.789941][ T6517] R13: 00007f0d1f416038 R14: 00007f0d1f415fa0 R15: 00007ffda4097138 [ 127.789960][ T6517] [ 127.790741][ T6517] netdevsim netdevsim0 netdevsim0: failed to initialize vlan filtering on this port [ 128.170112][ T6517] netdevsim netdevsim0 netdevsim0: left allmulticast mode [ 129.364952][ T6555] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 129.510489][ T6564] crash hp: kexec_trylock() failed, kdump image may be inaccurate [ 129.957499][ T6556] capability: warning: `syz.0.139' uses 32-bit capabilities (legacy support in use) [ 130.119672][ T6566] program syz.3.142 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 130.165142][ T30] audit: type=1807 audit(1770580362.753:3): UNKNOWN=0"û]$|Ë1jë0B|d™¹ýÓ‰OŸ¬+ö×/ÉéxÔóÈõWÓ¦–Ó^¸´gq%ḦrêOŽ res=0 [ 130.186294][ T30] audit: type=1802 audit(1770580362.773:4): pid=6566 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=update_policy cause=invalid-policy comm="syz.3.142" res=0 errno=0 [ 130.235777][ T6565] ima: policy update failed [ 130.316124][ T30] audit: type=1802 audit(1770580362.883:5): pid=6565 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.3.142" res=0 errno=0 [ 131.082039][ T6563] kexec: Could not allocate control_code_buffer [ 131.553250][ T6580] zswap: compressor not available [ 132.554870][ T6596] mmap: syz.1.149 (6596) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 133.734001][ T5149] Bluetooth: hci3: unexpected subevent 0x03 length: 253 > 9 [ 134.546091][ T5835] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 137.699015][ T6684] netlink: 16 bytes leftover after parsing attributes in process `syz.2.166'. [ 138.158600][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 138.176706][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 139.999876][ T6704] syz.0.170 (6704) used greatest stack depth: 17080 bytes left [ 141.850089][ T6746] NFSD: Failed to start, no listeners configured. [ 143.777818][ T6775] FAULT_INJECTION: forcing a failure. [ 143.777818][ T6775] name failslab, interval 1, probability 0, space 0, times 0 [ 143.860736][ T6775] CPU: 0 UID: 0 PID: 6775 Comm: syz.0.183 Tainted: G L syzkaller #0 PREEMPT(full) [ 143.860766][ T6775] Tainted: [L]=SOFTLOCKUP [ 143.860772][ T6775] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 143.860781][ T6775] Call Trace: [ 143.860786][ T6775] [ 143.860793][ T6775] dump_stack_lvl+0x100/0x190 [ 143.860816][ T6775] should_fail_ex.cold+0x5/0xa [ 143.860841][ T6775] should_failslab+0xc2/0x120 [ 143.860862][ T6775] ? nfc_llcp_build_tlv+0x105/0x250 [ 143.860879][ T6775] __kmalloc_noprof+0xf6/0x9c0 [ 143.860894][ T6775] ? do_raw_spin_lock+0x128/0x260 [ 143.860920][ T6775] ? nfc_llcp_build_tlv+0x105/0x250 [ 143.860936][ T6775] nfc_llcp_build_tlv+0x105/0x250 [ 143.860952][ T6775] ? lockdep_hardirqs_on+0x78/0x100 [ 143.860971][ T6775] nfc_llcp_build_gb.isra.0+0xed/0x3f0 [ 143.860988][ T6775] ? __pfx_nfc_llcp_build_gb.isra.0+0x10/0x10 [ 143.861010][ T6775] ? lockdep_init_map_type+0x5c/0x250 [ 143.861029][ T6775] ? lockdep_init_map_type+0x5c/0x250 [ 143.861051][ T6775] nfc_llcp_register_device+0x600/0xa60 [ 143.861071][ T6775] nfc_register_device+0x6d/0x3e0 [ 143.861091][ T6775] nci_register_device+0x7f1/0xb80 [ 143.861107][ T6775] ? __pfx_nci_register_device+0x10/0x10 [ 143.861125][ T6775] ? lockdep_init_map_type+0x5c/0x250 [ 143.861147][ T6775] virtual_ncidev_open+0x141/0x220 [ 143.861170][ T6775] ? __pfx_virtual_ncidev_open+0x10/0x10 [ 143.861191][ T6775] misc_open+0x26d/0x450 [ 143.861209][ T6775] ? __pfx_misc_open+0x10/0x10 [ 143.861225][ T6775] chrdev_open+0x234/0x6a0 [ 143.861243][ T6775] ? __pfx_apparmor_file_open+0x10/0x10 [ 143.861261][ T6775] ? __pfx_chrdev_open+0x10/0x10 [ 143.861279][ T6775] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 143.861301][ T6775] do_dentry_open+0x73e/0x1570 [ 143.861318][ T6775] ? __pfx_chrdev_open+0x10/0x10 [ 143.861336][ T6775] ? security_inode_permission+0xbf/0x250 [ 143.861360][ T6775] vfs_open+0x82/0x3f0 [ 143.861382][ T6775] path_openat+0x21dc/0x3120 [ 143.861415][ T6775] ? __pfx_path_openat+0x10/0x10 [ 143.861440][ T6775] do_filp_open+0x1f7/0x420 [ 143.861459][ T6775] ? __pfx_do_filp_open+0x10/0x10 [ 143.861490][ T6775] ? _raw_spin_unlock+0x28/0x50 [ 143.861505][ T6775] ? alloc_fd+0x476/0x790 [ 143.861526][ T6775] do_sys_openat2+0x12e/0x220 [ 143.861547][ T6775] ? __pfx_do_sys_openat2+0x10/0x10 [ 143.861569][ T6775] ? find_held_lock+0x2b/0x80 [ 143.861588][ T6775] __x64_sys_openat+0x12d/0x210 [ 143.861610][ T6775] ? __pfx___x64_sys_openat+0x10/0x10 [ 143.861630][ T6775] ? xfd_validate_state+0x129/0x190 [ 143.861671][ T6775] do_syscall_64+0xc9/0xf80 [ 143.861691][ T6775] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 143.861706][ T6775] RIP: 0033:0x7f0d1f19aeb9 [ 143.861719][ T6775] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 143.861733][ T6775] RSP: 002b:00007f0d20084028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 143.861747][ T6775] RAX: ffffffffffffffda RBX: 00007f0d1f415fa0 RCX: 00007f0d1f19aeb9 [ 143.861757][ T6775] RDX: 0000000000000002 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 143.861766][ T6775] RBP: 00007f0d1f208c1f R08: 0000000000000000 R09: 0000000000000000 [ 143.861775][ T6775] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 143.861783][ T6775] R13: 00007f0d1f416038 R14: 00007f0d1f415fa0 R15: 00007ffda4097138 [ 143.861803][ T6775] [ 148.040672][ T6839] random: crng reseeded on system resumption [ 151.511005][ T6894] zswap: compressor û not available [ 151.722064][ T6902] Console: switching to colour VGA+ 80x25 [ 152.462181][ T6916] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78000 [ 152.482147][ T6916] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 152.583065][ T6916] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000 [ 152.644546][ T6916] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 152.653603][ T6916] page dumped because: unmovable page [ 152.659433][ T6916] page_owner tracks the page as allocated [ 152.695295][ T6916] page last allocated via order 0, migratetype Unmovable, gfp_mask 0xcc0(GFP_KERNEL), pid 5823, tgid 5823 (syz-executor), ts 85133987776, free_ts 81785457432 [ 152.711553][ T6916] post_alloc_hook+0x1e1/0x250 [ 152.716858][ T6916] get_page_from_freelist+0xe3d/0x2e10 [ 152.723307][ T6916] __alloc_frozen_pages_noprof+0x26c/0x2410 [ 152.729978][ T6916] alloc_pages_bulk_noprof+0x777/0x1500 [ 152.735708][ T6916] __kasan_populate_vmalloc+0xf0/0x210 [ 152.741713][ T6916] alloc_vmap_area+0x935/0x2a00 [ 152.747137][ T6916] __get_vm_area_node+0x1ca/0x330 [ 152.760002][ T6916] __vmalloc_node_range_noprof+0x213/0x1530 [ 152.768219][ T6916] vmalloc_user_noprof+0x9e/0xe0 [ 152.773253][ T6916] kcov_ioctl+0x4c/0x720 [ 152.841837][ T6916] __x64_sys_ioctl+0x18e/0x210 [ 152.864108][ T6916] do_syscall_64+0xc9/0xf80 [ 152.894409][ T6916] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 152.910139][ T6916] page last free pid 5816 tgid 5816 stack trace: [ 152.927906][ T6916] __free_frozen_pages+0x822/0x1130 [ 152.940083][ T6916] vfree.part.0+0x12b/0x9d0 [ 152.949914][ T6916] vfree+0x55/0x80 [ 152.956185][ T6916] kcov_close+0x34/0x60 [ 152.964957][ T6916] __fput+0x3ff/0xb40 [ 152.987015][ T6916] fput_close_sync+0x118/0x250 [ 153.001859][ T6916] __x64_sys_close+0x8b/0x120 [ 153.016208][ T6916] do_syscall_64+0xc9/0xf80 [ 153.044276][ T6916] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 153.113206][ T6921] netlink: 186 bytes leftover after parsing attributes in process `syz.0.213'. [ 153.203414][ T6921] netlink: 186 bytes leftover after parsing attributes in process `syz.0.213'. [ 154.323721][ T6944] Invalid ELF header magic: != ELF [ 154.828901][ T6942] Invalid ELF header magic: != ELF [ 154.871802][ T6951] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 156.254507][ T6976] FAULT_INJECTION: forcing a failure. [ 156.254507][ T6976] name failslab, interval 1, probability 0, space 0, times 0 [ 156.334788][ T6976] CPU: 0 UID: 0 PID: 6976 Comm: syz.0.226 Tainted: G L syzkaller #0 PREEMPT(full) [ 156.334815][ T6976] Tainted: [L]=SOFTLOCKUP [ 156.334820][ T6976] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 156.334829][ T6976] Call Trace: [ 156.334835][ T6976] [ 156.334841][ T6976] dump_stack_lvl+0x100/0x190 [ 156.334865][ T6976] should_fail_ex.cold+0x5/0xa [ 156.334891][ T6976] should_failslab+0xc2/0x120 [ 156.334913][ T6976] __kmalloc_node_track_caller_noprof+0xf9/0x9d0 [ 156.334933][ T6976] ? vidtv_psi_short_event_desc_init+0x312/0x5f0 [ 156.334961][ T6976] ? kstrdup+0x51/0xe0 [ 156.334978][ T6976] kstrdup+0x51/0xe0 [ 156.334997][ T6976] vidtv_psi_short_event_desc_init+0x312/0x5f0 [ 156.335024][ T6976] vidtv_psi_desc_clone+0x33f/0x5d0 [ 156.335040][ T6976] vidtv_channel_si_init+0x764/0x18d0 [ 156.335064][ T6976] vidtv_mux_init+0x526/0xbf0 [ 156.335083][ T6976] vidtv_start_feed+0x33e/0x4c0 [ 156.335104][ T6976] ? __pfx_vidtv_start_feed+0x10/0x10 [ 156.335124][ T6976] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 156.335146][ T6976] ? __pfx_vidtv_bridge_on_new_pkts_avail+0x10/0x10 [ 156.335188][ T6976] ? mark_held_locks+0x40/0x70 [ 156.335229][ T6976] ? __pfx_vidtv_start_feed+0x10/0x10 [ 156.335266][ T6976] dmx_ts_feed_start_filtering+0xf6/0x220 [ 156.335300][ T6976] dvb_dmxdev_start_feed+0x273/0x3f0 [ 156.335322][ T6976] dvb_dmxdev_filter_start+0x1b6/0xdd0 [ 156.335345][ T6976] ? dvb_dmxdev_add_pid+0x2a1/0x380 [ 156.335367][ T6976] dvb_demux_do_ioctl+0xe64/0x1200 [ 156.335393][ T6976] dvb_usercopy+0x167/0x340 [ 156.335410][ T6976] ? __pfx_dvb_demux_do_ioctl+0x10/0x10 [ 156.335434][ T6976] ? __pfx_dvb_usercopy+0x10/0x10 [ 156.335460][ T6976] ? __fget_files+0x21f/0x3d0 [ 156.335480][ T6976] dvb_demux_ioctl+0x29/0x40 [ 156.335497][ T6976] ? __pfx_dvb_demux_ioctl+0x10/0x10 [ 156.335516][ T6976] __x64_sys_ioctl+0x18e/0x210 [ 156.335540][ T6976] do_syscall_64+0xc9/0xf80 [ 156.335560][ T6976] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 156.335575][ T6976] RIP: 0033:0x7f0d1f19aeb9 [ 156.335588][ T6976] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 156.335603][ T6976] RSP: 002b:00007f0d20084028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 156.335618][ T6976] RAX: ffffffffffffffda RBX: 00007f0d1f415fa0 RCX: 00007f0d1f19aeb9 [ 156.335627][ T6976] RDX: 0000000000000000 RSI: 0000000040146f2c RDI: 0000000000000002 [ 156.335636][ T6976] RBP: 00007f0d1f208c1f R08: 0000000000000000 R09: 0000000000000000 [ 156.335644][ T6976] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 156.335653][ T6976] R13: 00007f0d1f416038 R14: 00007f0d1f415fa0 R15: 00007ffda4097138 [ 156.335673][ T6976] [ 156.824613][ T6980] FAULT_INJECTION: forcing a failure. [ 156.824613][ T6980] name failslab, interval 1, probability 0, space 0, times 0 [ 156.837621][ T6980] CPU: 1 UID: 0 PID: 6980 Comm: syz.1.227 Tainted: G L syzkaller #0 PREEMPT(full) [ 156.837646][ T6980] Tainted: [L]=SOFTLOCKUP [ 156.837652][ T6980] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 156.837661][ T6980] Call Trace: [ 156.837668][ T6980] [ 156.837674][ T6980] dump_stack_lvl+0x100/0x190 [ 156.837697][ T6980] should_fail_ex.cold+0x5/0xa [ 156.837721][ T6980] should_failslab+0xc2/0x120 [ 156.837742][ T6980] __kmalloc_cache_noprof+0x80/0x810 [ 156.837758][ T6980] ? trace_pid_list_alloc+0x232/0x480 [ 156.837785][ T6980] ? trace_pid_list_alloc+0x232/0x480 [ 156.837806][ T6980] trace_pid_list_alloc+0x232/0x480 [ 156.837831][ T6980] trace_pid_write+0x110/0x480 [ 156.837850][ T6980] ? __pfx_trace_pid_write+0x10/0x10 [ 156.837869][ T6980] ? update_last_data+0xaa/0x510 [ 156.837896][ T6980] event_pid_write.isra.0+0x1e4/0x7f0 [ 156.837913][ T6980] ? __pfx_event_pid_write.isra.0+0x10/0x10 [ 156.837934][ T6980] vfs_write+0x2aa/0x1070 [ 156.837951][ T6980] ? __pfx_ftrace_event_npid_write+0x10/0x10 [ 156.837968][ T6980] ? __pfx_vfs_write+0x10/0x10 [ 156.837982][ T6980] ? find_held_lock+0x2b/0x80 [ 156.837997][ T6980] ? __fget_files+0x215/0x3d0 [ 156.838016][ T6980] ? __fget_files+0x21f/0x3d0 [ 156.838037][ T6980] ksys_write+0x12a/0x250 [ 156.838053][ T6980] ? __pfx_ksys_write+0x10/0x10 [ 156.838074][ T6980] do_syscall_64+0xc9/0xf80 [ 156.838094][ T6980] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 156.838109][ T6980] RIP: 0033:0x7fe4a179aeb9 [ 156.838121][ T6980] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 156.838135][ T6980] RSP: 002b:00007fe4a26ac028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 156.838150][ T6980] RAX: ffffffffffffffda RBX: 00007fe4a1a15fa0 RCX: 00007fe4a179aeb9 [ 156.838159][ T6980] RDX: 00000000fffffdef RSI: 0000000000000000 RDI: 0000000000000003 [ 156.838167][ T6980] RBP: 00007fe4a1808c1f R08: 0000000000000000 R09: 0000000000000000 [ 156.838176][ T6980] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 156.838184][ T6980] R13: 00007fe4a1a16038 R14: 00007fe4a1a15fa0 R15: 00007ffec24233c8 [ 156.838203][ T6980] [ 158.426423][ T30] audit: type=1800 audit(1770580391.013:6): pid=7001 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.232" name="dbroot" dev="configfs" ino=16138 res=0 errno=0 [ 160.380185][ T7029] binder: 7028:7029 ioctl c018620c 0 returned -1 [ 165.987487][ T7116] FAULT_INJECTION: forcing a failure. [ 165.987487][ T7116] name failslab, interval 1, probability 0, space 0, times 0 [ 166.008230][ T7116] CPU: 0 UID: 0 PID: 7116 Comm: syz.2.264 Tainted: G L syzkaller #0 PREEMPT(full) [ 166.008272][ T7116] Tainted: [L]=SOFTLOCKUP [ 166.008282][ T7116] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 166.008298][ T7116] Call Trace: [ 166.008308][ T7116] [ 166.008319][ T7116] dump_stack_lvl+0x100/0x190 [ 166.008359][ T7116] should_fail_ex.cold+0x5/0xa [ 166.008403][ T7116] should_failslab+0xc2/0x120 [ 166.008444][ T7116] kmem_cache_alloc_noprof+0x83/0x780 [ 166.008478][ T7116] ? __proc_create+0xc2/0x8c0 [ 166.008519][ T7116] ? __proc_create+0x2cb/0x8c0 [ 166.008564][ T7116] ? __proc_create+0x2cb/0x8c0 [ 166.008602][ T7116] __proc_create+0x2cb/0x8c0 [ 166.008644][ T7116] ? __pfx___proc_create+0x10/0x10 [ 166.008686][ T7116] ? _raw_write_unlock+0x28/0x50 [ 166.008713][ T7116] ? proc_register+0x559/0x8a0 [ 166.008741][ T7116] proc_create_reg+0x75/0x170 [ 166.008768][ T7116] proc_create_seq_private+0x8e/0x180 [ 166.008797][ T7116] ? __pfx_proc_create_seq_private+0x10/0x10 [ 166.008837][ T7116] xt_proto_init+0x508/0xb80 [ 166.008872][ T7116] ? __pfx_xt_proto_init+0x10/0x10 [ 166.008903][ T7116] ? kasan_save_track+0x14/0x30 [ 166.008938][ T7116] ? __kasan_kmalloc+0xaa/0xb0 [ 166.008976][ T7116] ? __pfx_arp_tables_net_init+0x10/0x10 [ 166.009014][ T7116] ops_init+0x1e2/0x5f0 [ 166.009060][ T7116] setup_net+0x118/0x3a0 [ 166.009086][ T7116] ? __pfx_setup_net+0x10/0x10 [ 166.009108][ T7116] ? lockdep_init_map_type+0x5c/0x250 [ 166.009158][ T7116] ? mutex_init_lockep+0x110/0x150 [ 166.009204][ T7116] copy_net_ns+0x46f/0x7c0 [ 166.009237][ T7116] create_new_namespaces+0x3ea/0xab0 [ 166.009278][ T7116] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 166.009311][ T7116] ksys_unshare+0x455/0xab0 [ 166.009353][ T7116] ? __pfx_ksys_unshare+0x10/0x10 [ 166.009390][ T7116] ? xfd_validate_state+0x129/0x190 [ 166.009444][ T7116] __x64_sys_unshare+0x31/0x40 [ 166.009481][ T7116] do_syscall_64+0xc9/0xf80 [ 166.009517][ T7116] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 166.009545][ T7116] RIP: 0033:0x7f486839aeb9 [ 166.009568][ T7116] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 166.009595][ T7116] RSP: 002b:00007f486923b028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 166.009622][ T7116] RAX: ffffffffffffffda RBX: 00007f4868615fa0 RCX: 00007f486839aeb9 [ 166.009640][ T7116] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 166.009657][ T7116] RBP: 00007f4868408c1f R08: 0000000000000000 R09: 0000000000000000 [ 166.009674][ T7116] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 166.009690][ T7116] R13: 00007f4868616038 R14: 00007f4868615fa0 R15: 00007ffd7ae2ea88 [ 166.009727][ T7116] [ 166.573943][ T7121] dmxdev: DVB (dvb_dmxdev_filter_start): could not set feed [ 166.685980][ T7121] dvb_demux: dvb_demux_feed_del: feed not in list (type=1 state=0 pid=ffff) [ 166.963907][ T7123] netlink: 12 bytes leftover after parsing attributes in process `syz.2.258'. [ 167.005105][ T7123] netlink: 8 bytes leftover after parsing attributes in process `syz.2.258'. [ 168.886541][ T7148] netlink: 16 bytes leftover after parsing attributes in process `syz.3.265'. [ 170.251657][ T7161] futex_wake_op: syz.3.267 tries to shift op by -2048; fix this program [ 170.286228][ T7161] futex_wake_op: syz.3.267 tries to shift op by -2048; fix this program [ 170.379433][ T7161] 0x000000000001-0x000000020000 : "" [ 170.514589][ T7161] ftl_cs: FTL header corrupt! [ 174.338248][ T7210] FAULT_INJECTION: forcing a failure. [ 174.338248][ T7210] name failslab, interval 1, probability 0, space 0, times 0 [ 174.386865][ T7210] CPU: 0 UID: 0 PID: 7210 Comm: syz.2.277 Tainted: G L syzkaller #0 PREEMPT(full) [ 174.386910][ T7210] Tainted: [L]=SOFTLOCKUP [ 174.386916][ T7210] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 174.386925][ T7210] Call Trace: [ 174.386932][ T7210] [ 174.386938][ T7210] dump_stack_lvl+0x100/0x190 [ 174.386961][ T7210] should_fail_ex.cold+0x5/0xa [ 174.386987][ T7210] should_failslab+0xc2/0x120 [ 174.387008][ T7210] __kmalloc_cache_noprof+0x80/0x810 [ 174.387023][ T7210] ? snd_seq_oss_open+0x54/0xa10 [ 174.387044][ T7210] ? snd_seq_oss_open+0x54/0xa10 [ 174.387059][ T7210] snd_seq_oss_open+0x54/0xa10 [ 174.387078][ T7210] odev_open+0x79/0xc0 [ 174.387091][ T7210] ? __pfx_odev_open+0x10/0x10 [ 174.387105][ T7210] soundcore_open+0x2e3/0x5a0 [ 174.387124][ T7210] ? __pfx_soundcore_open+0x10/0x10 [ 174.387149][ T7210] chrdev_open+0x234/0x6a0 [ 174.387167][ T7210] ? __pfx_apparmor_file_open+0x10/0x10 [ 174.387186][ T7210] ? __pfx_chrdev_open+0x10/0x10 [ 174.387205][ T7210] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 174.387226][ T7210] do_dentry_open+0x73e/0x1570 [ 174.387243][ T7210] ? __pfx_chrdev_open+0x10/0x10 [ 174.387261][ T7210] ? security_inode_permission+0xbf/0x250 [ 174.387295][ T7210] vfs_open+0x82/0x3f0 [ 174.387318][ T7210] path_openat+0x21dc/0x3120 [ 174.387342][ T7210] ? __pfx_path_openat+0x10/0x10 [ 174.387366][ T7210] do_filp_open+0x1f7/0x420 [ 174.387385][ T7210] ? __pfx_do_filp_open+0x10/0x10 [ 174.387414][ T7210] ? _raw_spin_unlock+0x28/0x50 [ 174.387429][ T7210] ? alloc_fd+0x476/0x790 [ 174.387450][ T7210] do_sys_openat2+0x12e/0x220 [ 174.387472][ T7210] ? __pfx_do_sys_openat2+0x10/0x10 [ 174.387495][ T7210] ? blkcg_maybe_throttle_current+0x5df/0xeb0 [ 174.387520][ T7210] __x64_sys_openat+0x12d/0x210 [ 174.387542][ T7210] ? __pfx___x64_sys_openat+0x10/0x10 [ 174.387562][ T7210] ? xfd_validate_state+0x129/0x190 [ 174.387591][ T7210] do_syscall_64+0xc9/0xf80 [ 174.387609][ T7210] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 174.387624][ T7210] RIP: 0033:0x7f486839aeb9 [ 174.387637][ T7210] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 174.387651][ T7210] RSP: 002b:00007f486923b028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 174.387665][ T7210] RAX: ffffffffffffffda RBX: 00007f4868615fa0 RCX: 00007f486839aeb9 [ 174.387675][ T7210] RDX: 0000000000000001 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 174.387684][ T7210] RBP: 00007f4868408c1f R08: 0000000000000000 R09: 0000000000000000 [ 174.387693][ T7210] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 174.387702][ T7210] R13: 00007f4868616038 R14: 00007f4868615fa0 R15: 00007ffd7ae2ea88 [ 174.387722][ T7210] [ 180.278875][ T7269] Invalid ELF header magic: != ELF [ 180.774218][ T7305] random: crng reseeded on system resumption [ 182.507481][ T7325] binder: 7324:7325 ioctl c018620c 0 returned -1 [ 184.887108][ T7357] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input7 [ 187.330136][ T7382] binder: 7381:7382 ioctl c018620c 0 returned -1 [ 187.913528][ T7405] random: crng reseeded on system resumption [ 188.424014][ T7413] FAULT_INJECTION: forcing a failure. [ 188.424014][ T7413] name failslab, interval 1, probability 0, space 0, times 0 [ 188.425757][ T7415] FAULT_INJECTION: forcing a failure. [ 188.425757][ T7415] name failslab, interval 1, probability 0, space 0, times 0 [ 188.471657][ T7413] CPU: 1 UID: 0 PID: 7413 Comm: syz.1.312 Tainted: G L syzkaller #0 PREEMPT(full) [ 188.471685][ T7413] Tainted: [L]=SOFTLOCKUP [ 188.471690][ T7413] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 188.471700][ T7413] Call Trace: [ 188.471706][ T7413] [ 188.471712][ T7413] dump_stack_lvl+0x100/0x190 [ 188.471736][ T7413] should_fail_ex.cold+0x5/0xa [ 188.471761][ T7413] should_failslab+0xc2/0x120 [ 188.471783][ T7413] __kmalloc_cache_noprof+0x80/0x810 [ 188.471798][ T7413] ? vidtv_psi_set_sec_len+0xa5/0x160 [ 188.471819][ T7413] ? vidtv_psi_pmt_stream_init+0x4e/0x3e0 [ 188.471838][ T7413] ? vidtv_psi_pmt_stream_init+0x4e/0x3e0 [ 188.471859][ T7413] vidtv_psi_pmt_stream_init+0x4e/0x3e0 [ 188.471877][ T7413] vidtv_channel_si_init+0x1289/0x18d0 [ 188.471901][ T7413] vidtv_mux_init+0x526/0xbf0 [ 188.471922][ T7413] vidtv_start_feed+0x33e/0x4c0 [ 188.471945][ T7413] ? __pfx_vidtv_start_feed+0x10/0x10 [ 188.471965][ T7413] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 188.471988][ T7413] ? __pfx_vidtv_bridge_on_new_pkts_avail+0x10/0x10 [ 188.472013][ T7413] ? mark_held_locks+0x40/0x70 [ 188.472034][ T7413] ? __pfx_vidtv_start_feed+0x10/0x10 [ 188.472054][ T7413] dmx_ts_feed_start_filtering+0xf6/0x220 [ 188.472080][ T7413] dvb_dmxdev_start_feed+0x273/0x3f0 [ 188.472102][ T7413] dvb_dmxdev_filter_start+0x1b6/0xdd0 [ 188.472127][ T7413] ? dvb_dmxdev_add_pid+0x2a1/0x380 [ 188.472149][ T7413] dvb_demux_do_ioctl+0xe64/0x1200 [ 188.472175][ T7413] dvb_usercopy+0x167/0x340 [ 188.472192][ T7413] ? __pfx_dvb_demux_do_ioctl+0x10/0x10 [ 188.472219][ T7413] ? __pfx_dvb_usercopy+0x10/0x10 [ 188.472245][ T7413] ? __fget_files+0x21f/0x3d0 [ 188.472265][ T7413] dvb_demux_ioctl+0x29/0x40 [ 188.472284][ T7413] ? __pfx_dvb_demux_ioctl+0x10/0x10 [ 188.472303][ T7413] __x64_sys_ioctl+0x18e/0x210 [ 188.472327][ T7413] do_syscall_64+0xc9/0xf80 [ 188.472347][ T7413] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 188.472362][ T7413] RIP: 0033:0x7fe4a179aeb9 [ 188.472376][ T7413] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 188.472389][ T7413] RSP: 002b:00007fe4a26ac028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 188.472404][ T7413] RAX: ffffffffffffffda RBX: 00007fe4a1a15fa0 RCX: 00007fe4a179aeb9 [ 188.472414][ T7413] RDX: 0000000000000000 RSI: 0000000040146f2c RDI: 0000000000000002 [ 188.472422][ T7413] RBP: 00007fe4a1808c1f R08: 0000000000000000 R09: 0000000000000000 [ 188.472431][ T7413] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 188.472440][ T7413] R13: 00007fe4a1a16038 R14: 00007fe4a1a15fa0 R15: 00007ffec24233c8 [ 188.472460][ T7413] [ 188.472513][ T7413] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] SMP KASAN PTI [ 188.746947][ T7413] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] [ 188.755627][ T7413] CPU: 1 UID: 0 PID: 7413 Comm: syz.1.312 Tainted: G L syzkaller #0 PREEMPT(full) [ 188.767006][ T7413] Tainted: [L]=SOFTLOCKUP [ 188.771368][ T7413] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 188.781629][ T7413] RIP: 0010:vidtv_psi_desc_assign+0x24/0x90 [ 188.787635][ T7413] Code: 90 90 90 90 90 90 0f 1f 40 d6 41 54 55 48 89 f5 53 48 89 fb e8 2d ab ed f9 48 89 da 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <80> 3c 02 00 75 4c 4c 8b 23 49 39 ec 74 36 e8 09 ab ed f9 4d 85 e4 [ 188.807345][ T7413] RSP: 0018:ffffc9000bda7a18 EFLAGS: 00010247 [ 188.813415][ T7413] RAX: dffffc0000000000 RBX: 0000000000000005 RCX: ffffc9000c6ea000 [ 188.821383][ T7413] RDX: 0000000000000000 RSI: ffffffff8818a333 RDI: 0000000000000005 [ 188.829362][ T7413] RBP: ffff88806fa58860 R08: 0000000000000000 R09: 4453534204050000 [ 188.837606][ T7413] R10: 0000000000000005 R11: 0000000000000000 R12: 0000000000000000 [ 188.845610][ T7413] R13: ffff8880797fb180 R14: ffff88814336d800 R15: ffff88802810be40 [ 188.853592][ T7413] FS: 00007fe4a26ac6c0(0000) GS:ffff8881246e2000(0000) knlGS:0000000000000000 [ 188.862703][ T7413] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 188.869308][ T7413] CR2: 00007fe4a268bd58 CR3: 00000000223da000 CR4: 00000000003526f0 [ 188.877299][ T7413] Call Trace: [ 188.880588][ T7413] [ 188.883542][ T7413] vidtv_channel_si_init+0x12fc/0x18d0 [ 188.889041][ T7413] vidtv_mux_init+0x526/0xbf0 [ 188.893744][ T7413] vidtv_start_feed+0x33e/0x4c0 [ 188.898627][ T7413] ? __pfx_vidtv_start_feed+0x10/0x10 [ 188.904012][ T7413] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 188.909426][ T7413] ? __pfx_vidtv_bridge_on_new_pkts_avail+0x10/0x10 [ 188.916033][ T7413] ? mark_held_locks+0x40/0x70 [ 188.921076][ T7413] ? __pfx_vidtv_start_feed+0x10/0x10 [ 188.926548][ T7413] dmx_ts_feed_start_filtering+0xf6/0x220 [ 188.932399][ T7413] dvb_dmxdev_start_feed+0x273/0x3f0 [ 188.937695][ T7413] dvb_dmxdev_filter_start+0x1b6/0xdd0 [ 188.943173][ T7413] ? dvb_dmxdev_add_pid+0x2a1/0x380 [ 188.948469][ T7413] dvb_demux_do_ioctl+0xe64/0x1200 [ 188.953738][ T7413] dvb_usercopy+0x167/0x340 [ 188.958508][ T7413] ? __pfx_dvb_demux_do_ioctl+0x10/0x10 [ 188.964088][ T7413] ? __pfx_dvb_usercopy+0x10/0x10 [ 188.969174][ T7413] ? __fget_files+0x21f/0x3d0 [ 188.973900][ T7413] dvb_demux_ioctl+0x29/0x40 [ 188.978522][ T7413] ? __pfx_dvb_demux_ioctl+0x10/0x10 [ 188.983832][ T7413] __x64_sys_ioctl+0x18e/0x210 [ 188.988652][ T7413] do_syscall_64+0xc9/0xf80 [ 188.993268][ T7413] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 188.999182][ T7413] RIP: 0033:0x7fe4a179aeb9 [ 189.003694][ T7413] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 189.023397][ T7413] RSP: 002b:00007fe4a26ac028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 189.031821][ T7413] RAX: ffffffffffffffda RBX: 00007fe4a1a15fa0 RCX: 00007fe4a179aeb9 [ 189.039882][ T7413] RDX: 0000000000000000 RSI: 0000000040146f2c RDI: 0000000000000002 [ 189.048040][ T7413] RBP: 00007fe4a1808c1f R08: 0000000000000000 R09: 0000000000000000 [ 189.056023][ T7413] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 189.063992][ T7413] R13: 00007fe4a1a16038 R14: 00007fe4a1a15fa0 R15: 00007ffec24233c8 [ 189.071971][ T7413] [ 189.075112][ T7413] Modules linked in: [ 189.079949][ T7413] ---[ end trace 0000000000000000 ]--- [ 189.105249][ T7413] RIP: 0010:vidtv_psi_desc_assign+0x24/0x90 [ 189.115940][ T7415] CPU: 0 UID: 0 PID: 7415 Comm: syz.0.311 Tainted: G D L syzkaller #0 PREEMPT(full) [ 189.115994][ T7415] Tainted: [D]=DIE, [L]=SOFTLOCKUP [ 189.116004][ T7415] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 189.116018][ T7415] Call Trace: [ 189.116026][ T7415] [ 189.116038][ T7415] dump_stack_lvl+0x100/0x190 [ 189.116072][ T7415] should_fail_ex.cold+0x5/0xa [ 189.116112][ T7415] should_failslab+0xc2/0x120 [ 189.116134][ T7415] __kmalloc_cache_noprof+0x80/0x810 [ 189.116149][ T7415] ? trace_pid_list_alloc+0x232/0x480 [ 189.116173][ T7415] ? trace_pid_list_alloc+0x232/0x480 [ 189.116193][ T7415] trace_pid_list_alloc+0x232/0x480 [ 189.116216][ T7415] trace_pid_write+0x110/0x480 [ 189.116233][ T7415] ? __pfx_trace_pid_write+0x10/0x10 [ 189.116249][ T7415] ? update_last_data+0xaa/0x510 [ 189.116270][ T7415] event_pid_write.isra.0+0x1e4/0x7f0 [ 189.116285][ T7415] ? __pfx_event_pid_write.isra.0+0x10/0x10 [ 189.116302][ T7415] vfs_write+0x2aa/0x1070 [ 189.116318][ T7415] ? __pfx_ftrace_event_npid_write+0x10/0x10 [ 189.116334][ T7415] ? __pfx_vfs_write+0x10/0x10 [ 189.116348][ T7415] ? find_held_lock+0x2b/0x80 [ 189.116362][ T7415] ? __fget_files+0x215/0x3d0 [ 189.116379][ T7415] ? __fget_files+0x21f/0x3d0 [ 189.116395][ T7415] ksys_write+0x12a/0x250 [ 189.116411][ T7415] ? __pfx_ksys_write+0x10/0x10 [ 189.116428][ T7415] do_syscall_64+0xc9/0xf80 [ 189.116446][ T7415] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 189.116461][ T7415] RIP: 0033:0x7f0d1f19aeb9 [ 189.116473][ T7415] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 189.116487][ T7415] RSP: 002b:00007f0d20084028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 189.116502][ T7415] RAX: ffffffffffffffda RBX: 00007f0d1f415fa0 RCX: 00007f0d1f19aeb9 [ 189.116512][ T7415] RDX: 00000000fffffdef RSI: 0000000000000000 RDI: 0000000000000003 [ 189.116520][ T7415] RBP: 00007f0d1f208c1f R08: 0000000000000000 R09: 0000000000000000 [ 189.116529][ T7415] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 189.116537][ T7415] R13: 00007f0d1f416038 R14: 00007f0d1f415fa0 R15: 00007ffda4097138 [ 189.116551][ T7415] [ 189.345674][ T7413] Code: 90 90 90 90 90 90 0f 1f 40 d6 41 54 55 48 89 f5 53 48 89 fb e8 2d ab ed f9 48 89 da 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <80> 3c 02 00 75 4c 4c 8b 23 49 39 ec 74 36 e8 09 ab ed f9 4d 85 e4 [ 189.365969][ T7413] RSP: 0018:ffffc9000bda7a18 EFLAGS: 00010247 [ 189.372130][ T7413] RAX: dffffc0000000000 RBX: 0000000000000005 RCX: ffffc9000c6ea000 [ 189.380477][ T7413] RDX: 0000000000000000 RSI: ffffffff8818a333 RDI: 0000000000000005 [ 189.447324][ T7413] RBP: ffff88806fa58860 R08: 0000000000000000 R09: 4453534204050000 [ 189.455423][ T7413] R10: 0000000000000005 R11: 0000000000000000 R12: 0000000000000000 [ 189.463799][ T7413] R13: ffff8880797fb180 R14: ffff88814336d800 R15: ffff88802810be40 [ 189.472026][ T7413] FS: 00007fe4a26ac6c0(0000) GS:ffff8881245e2000(0000) knlGS:0000000000000000 [ 189.476013][ T7408] PM: hibernation: Basic memory bitmaps freed [ 189.481089][ T7413] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 189.493888][ T7413] CR2: 0000200000160000 CR3: 00000000223da000 CR4: 00000000003526f0 [ 189.501952][ T7413] Kernel panic - not syncing: Fatal exception [ 189.508567][ T7413] Kernel Offset: disabled [ 189.512885][ T7413] Rebooting in 86400 seconds..