last executing test programs: 5m39.693076426s ago: executing program 0 (id=535): mmap$auto(0x0, 0x38f, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, &(0x7f0000000000), 0x40000, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/asound/seq/clients\x00', 0x280, 0x0) socket(0xf, 0x3, 0x2) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) socket(0x2, 0x2, 0x0) socket(0x1a, 0x5, 0xfffffffd) r1 = openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/tracing/trace_pipe\x00', 0x20c01, 0x0) bind$auto(r1, 0x0, 0x67) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) r2 = openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000005280), 0x0, 0x0) ioctl$auto_posix_clock_file_operations_posix_clock(r2, 0x2, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd3e, 0x1, 0x948b, 0x3, 0x95f4da0a, 0xffffffffffffffff, 0x3, 0x62, 0x80000001, 0x7, 0x6d3f, 0x9, 0x2, 0xfffffffffffffffe]}, 0x0) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0x90, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x3, 0x8000001f, 0x2, 0x6d3c, 0x9, 0x2, 0x6]}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nl80211(0x0, r3) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000640)={'wlan1\x00'}) sendmsg$auto_NL80211_CMD_DEL_PMK(r3, 0x0, 0x8000) socket(0xa, 0x5, 0x8) close_range$auto(0x2, 0x8, 0x0) unshare$auto(0x40000080) socket(0xa, 0x1, 0x100) ioctl$auto_SOUND_MIXER_READ_DEVMASK2(0xffffffffffffffff, 0x80044dfe, &(0x7f0000000040)) unshare$auto(0x40000080) madvise$auto(0x0, 0xffffffffffff0005, 0x19) openat$auto_proc_clear_refs_operations_internal(0xffffffffffffff9c, &(0x7f0000000600)='/proc/self/clear_refs\x00', 0x2, 0x0) 5m36.212029922s ago: executing program 0 (id=545): r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ttyS2\x00', 0x3, 0x0) ioctl$auto_TCSBRKP2(r0, 0x5425, 0x0) mmap$auto(0xfffffffffffffffe, 0x20009, 0x4000000000df, 0xeb1, r0, 0x9ddb) close_range$auto(0x2, 0x8, 0x0) socket(0x6, 0x2, 0x10) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x147602, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) r1 = fanotify_init$auto(0xba, 0x0) write$auto_ima_measure_policy_ops_ima_fs(r1, 0x0, 0x0) r2 = openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) poll$auto(&(0x7f0000000180)={r2, 0xfff7, 0x9816}, 0x7f, 0x9) ioctl$auto_VHOST_SET_OWNER(r3, 0xaf01, 0x0) ioctl$auto_VHOST_SET_LOG_FD2(r2, 0x4004af07, &(0x7f00000003c0)) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, 0x0) mbind$auto(0x8000, 0xfa9d, 0x2, 0x0, 0x3, 0x1) socket(0xa, 0x1, 0x84) io_uring_setup$auto(0x4, 0x0) socket(0x10, 0x2, 0x0) r5 = io_uring_setup$auto(0x4, 0x0) read$auto_proc_iter_file_ops_compat_inode(r5, 0x0, 0x0) openat$auto_ftrace_enable_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/tracing/events/vmalloc/free_vmap_area_noflush/enable\x00', 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_lowpan_enable_fops_(0xffffffffffffff9c, &(0x7f0000000000), 0x109500, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) io_uring_setup$auto(0x85, 0x0) socket(0x1d, 0xa, 0xa) socketpair$auto(0x4004, 0x7, 0x4, 0x0) 5m35.570992518s ago: executing program 0 (id=548): r0 = openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/limits\x00', 0x541440, 0x0) pread64$auto(r0, &(0x7f0000001800)='#\\h,\x00', 0x3, 0x8) unshare$auto(0x40000080) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r1, &(0x7f00000005c0)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000580)={&(0x7f0000000280)=ANY=[@ANYBLOB="08010000", @ANYRES16=0x0, @ANYBLOB="01002dbd7000fcdbdf251100000038000180080003005100000008000100", @ANYRES32=0x0, @ANYBLOB="08000100", @ANYRES32=0x0, @ANYBLOB="08000100", @ANYRES32=0x0, @ANYBLOB="14000200776c616e3100000000000000000000002c00018008000100", @ANYRES32=0x0, @ANYBLOB="08000100", @ANYRES32=0x0, @ANYBLOB="080003000c00000008000100", @ANYRES32=0x0, @ANYBLOB="08000100", @ANYRES32=0x0, @ANYBLOB="7000018008000100", @ANYRES32=0x0, @ANYBLOB="9b7c01002348f5fae706810cf1df9bc02888", @ANYRES32=0x0, @ANYBLOB="140002006e723000000000000000000000000000080003005b000000080003000600000008000100", @ANYRES32=0x0, @ANYBLOB="08000100", @ANYRES32=0x0, @ANYBLOB="140002006e657464657673696d30000000000000140002006261746164765f736c6176655f310000200001800800030081400000140002006272696467655f736c6176655f300000"], 0x108}, 0x1, 0x0, 0x0, 0x8081}, 0x4) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r2 = socket(0x2, 0x1, 0x0) openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, 0x0, 0x92000, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) r3 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000d40), 0xffffffffffffffff) sendmsg$auto_NFSD_CMD_LISTENER_SET(0xffffffffffffffff, &(0x7f00000020c0)={0x0, 0x0, &(0x7f0000002080)={&(0x7f00000003c0)=ANY=[@ANYBLOB="14000000", @ANYRES16=r3, @ANYBLOB="01173fc4beda4428a06729eb0900000000000000e1da68040000002506000000"], 0x14}, 0x1, 0x0, 0x0, 0x40}, 0x4000) sendmsg$auto_NFSD_CMD_LISTENER_GET(r2, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r3, 0x20, 0x70bd29, 0x25dfdbfd, {}, ["", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x64004090}, 0x24000005) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D3\x00', 0x280881, 0x0) prctl$auto(0x3f, 0xfffffffffefff801, 0x0, 0x8ace, 0xfffffffffffffffe) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) r4 = openat$auto_full_fops_mem(0xffffffffffffff9c, &(0x7f0000000000), 0x103700, 0x0) read$auto(r4, 0x0, 0x4000000081) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x37}}, 0x6e) sendmmsg$auto(r2, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x9, 0x20000000) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) r5 = syz_genetlink_get_family_id$auto_nl80211(0x0, r2) sendmsg$auto_NL80211_CMD_GET_REG(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r5, @ANYBLOB], 0x1c}, 0x1, 0x0, 0x0, 0x8000}, 0x8) unshare$auto(0x40000080) mmap$auto(0x0, 0x2020009, 0x3, 0x9000000eb1, 0xfffffffffffffffa, 0x8000) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) sendto$auto(0x3, 0x0, 0x100000000, 0x8, 0x0, 0x1c) 5m33.50050067s ago: executing program 0 (id=551): mmap$auto(0x0, 0x400007, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) shmctl$auto_SHM_UNLOCK(0x7f, 0xc, &(0x7f0000000440)={{0x1ff, 0x0, 0xffffffffffffffff, 0x402, 0x1, 0x0, 0x6}, 0x8, 0x8, 0x100000000, 0x2, @raw=0x7, @inferred, 0x1, 0x0, 0x0, 0x0}) r0 = openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/pagemap\x00', 0x0, 0x0) readv$auto(r0, &(0x7f0000000400)={0x0, 0x40}, 0x6) openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, 0x0, 0x80000, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x4000000000eb1, 0x6, 0x8000) move_pages$auto(0x1, 0xf54, 0x0, 0x0, 0x0, 0x8000000000000000) mmap$auto(0x8, 0x3a02, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000180)={{0x0, 0x0, 0x0, 0x9, 0x0, 0x4000000000007, 0xa505}, 0x800}, 0x4, 0x4008) r1 = socket(0x1f, 0x3, 0x400003) sendmsg$auto_NL80211_CMD_GET_REG(r1, 0x0, 0x4c041) r2 = socket(0xf, 0x5, 0xf) setsockopt$auto(r2, 0x6, 0xc, 0x0, 0x7fffffff) mmap$auto(0x0, 0x20009, 0xdf, 0xebf, 0x401, 0x5) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000140)='/dev/snd/midiC2D0\x00', 0x1, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) fcntl$auto(r3, 0x5, 0x8) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(0x2, 0x13, &(0x7f0000000000), 0x2) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/015/001\x00', 0xa901, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) mmap$auto(0x0, 0x101, 0x7ffd, 0xeb2, r1, 0x908) mmap$auto(0x0, 0x8, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x3e, 0x1, 0x0, 0x7, 0x100000005) 5m32.099874121s ago: executing program 0 (id=554): openat$auto_nvram_misc_fops_nvram(0xffffffffffffff9c, &(0x7f0000000800), 0x40, 0x0) ioctl$auto(0x3, 0x80000541b, 0x38) r0 = socket(0xa, 0x1, 0x84) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, r0, 0x7ffc) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) setsockopt$auto(0x3, 0x10000000084, 0xd, 0x0, 0x8) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0x2, 0x1, 0x106) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/power/pm_trace_dev_match\x00', 0x20080, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r1, &(0x7f0000000280)=""/175, 0xaf) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000240)='/sys/devices/virtual/net/ifb1/statistics/collisions\x00', 0x5898c2, 0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x0, 0x0) mremap$auto(0x1ff, 0xe5, 0x6, 0x4, 0x1) adjtimex$auto(&(0x7f00000004c0)={0xf332b6e, 0x0, 0x0, 0x2, 0xd4, 0x3, 0x7ff, 0x0, 0x200000000000001, 0x368e, 0x2, {0x100000000, 0x4}, 0xff, 0x6, 0x4, 0x1008000, 0x0, 0x8000000c, 0x80, 0xffffffffffff6291, 0xa747, 0xdeb1, 0x804}) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000200)='/dev/sequencer2\x00', 0x80283, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dmmidi2\x00', 0x1, 0x0) socket(0x15, 0x5, 0x0) ustat$auto(0x801, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.net/blkio.bfq.weight\x00', 0x8001, 0x0) write$auto(r2, &(0x7f0000000000)='0\x00d1L\xff\x15\xba\xa17=(\xc1\xf8\xff\xff\v\xb5^\xa1/[', 0x8) sysfs$auto(0x2, 0x23, 0x0) socket(0x11, 0xa, 0x300) listmount$auto(&(0x7f0000000040)={0x200, @raw=0x80, 0x7f, 0x81, 0x400}, &(0x7f0000000140)=0x10000, 0xf, 0x5) 5m31.253031241s ago: executing program 0 (id=557): mmap$auto(0x0, 0x2000000004, 0x4000000000df, 0x40eb4, 0x401, 0x300000000000) r0 = socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0x10, "0000e100"}, 0xfffffffc) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) nanosleep$auto(&(0x7f0000000180)={0x0, 0x44d4}, 0x0) getpid() clock_nanosleep$auto(0x9, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x4020009, 0x3, 0xeb1, 0x401, 0x8000) r1 = socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000140)='/dev/snd/midiC2D0\x00', 0x1, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd3e, 0x1, 0x948b, 0x3, 0x95f4da0a, 0x10001, 0x3, 0x62, 0x80000001, 0x7, 0x6d3f, 0x9, 0x2, 0xfffffffffffffffe]}, 0x0) write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) select$auto(0x11, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x1000, 0x62, 0x4000008000001f, 0x7, 0x6d3e, 0x5, 0x2, 0x2]}, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) socket(0xa, 0x2, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7fffffe) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) open(0x0, 0x26a40, 0x167) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ioam6(&(0x7f0000000000), r3) sendmsg$auto_IOAM6_CMD_ADD_SCHEMA(r3, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000008c0)={&(0x7f00000001c0)=ANY=[@ANYRES64=r1, @ANYRES8=r3, @ANYBLOB="040000090800040009000000"], 0x1c}, 0x1, 0x3000000, 0x0, 0x1}, 0x8010) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'team_slave_1\x00', 0x0}) r5 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer\x00', 0xa000, 0x0) write$auto_seq_oss_f_ops_seq_oss(r5, &(0x7f0000000440)="f6e68108000000f7e88f819e30236ce79200d01532f2ed0d66b2e48f4ebfe17055031090f5ad65228111049aaed5c905176e00007cee59f69e635e4214111367901ed8a2e3517685dcaae2254df4957d673b2d54ac199d57c4fb5f3d8af12591081027a7638502712c6742a1a138078a7ef0e2ac0aeb6c7c4321165f5eb8b8d615849397c27ae4539e4e8f3ba3bf6768842e16f84a85ee4acb4f5ca30f8313cf7f6ff70246147aaaedff00779f053bc32bc622f0ba9fbc0a96203a991a605f3c2dc1de859d44f8982f517a87fec09f7a448f23ad1a9f6377915f457cbc43e9418e19fcd053071656ad5c6cdefc97bf5c2e47510e2b97d3c78872977413e435ff3e0569", 0x103) bpf$auto_BPF_PROG_BIND_MAP(0x23, &(0x7f0000000080)=@bpf_attr_0={0x2, 0x2, 0x7, 0x4, 0x200, r0, 0x5, "f17270c1635fb15a30d05f8574c31c59", r4, r2, 0x81, 0x7, 0x5, 0x2, 0xffffffffffffffff, r5}, 0x3f5141fa) 5m15.255633547s ago: executing program 32 (id=557): mmap$auto(0x0, 0x2000000004, 0x4000000000df, 0x40eb4, 0x401, 0x300000000000) r0 = socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0x10, "0000e100"}, 0xfffffffc) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) nanosleep$auto(&(0x7f0000000180)={0x0, 0x44d4}, 0x0) getpid() clock_nanosleep$auto(0x9, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x4020009, 0x3, 0xeb1, 0x401, 0x8000) r1 = socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000140)='/dev/snd/midiC2D0\x00', 0x1, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd3e, 0x1, 0x948b, 0x3, 0x95f4da0a, 0x10001, 0x3, 0x62, 0x80000001, 0x7, 0x6d3f, 0x9, 0x2, 0xfffffffffffffffe]}, 0x0) write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) select$auto(0x11, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x1000, 0x62, 0x4000008000001f, 0x7, 0x6d3e, 0x5, 0x2, 0x2]}, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) socket(0xa, 0x2, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7fffffe) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) open(0x0, 0x26a40, 0x167) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ioam6(&(0x7f0000000000), r3) sendmsg$auto_IOAM6_CMD_ADD_SCHEMA(r3, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000008c0)={&(0x7f00000001c0)=ANY=[@ANYRES64=r1, @ANYRES8=r3, @ANYBLOB="040000090800040009000000"], 0x1c}, 0x1, 0x3000000, 0x0, 0x1}, 0x8010) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'team_slave_1\x00', 0x0}) r5 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer\x00', 0xa000, 0x0) write$auto_seq_oss_f_ops_seq_oss(r5, &(0x7f0000000440)="f6e68108000000f7e88f819e30236ce79200d01532f2ed0d66b2e48f4ebfe17055031090f5ad65228111049aaed5c905176e00007cee59f69e635e4214111367901ed8a2e3517685dcaae2254df4957d673b2d54ac199d57c4fb5f3d8af12591081027a7638502712c6742a1a138078a7ef0e2ac0aeb6c7c4321165f5eb8b8d615849397c27ae4539e4e8f3ba3bf6768842e16f84a85ee4acb4f5ca30f8313cf7f6ff70246147aaaedff00779f053bc32bc622f0ba9fbc0a96203a991a605f3c2dc1de859d44f8982f517a87fec09f7a448f23ad1a9f6377915f457cbc43e9418e19fcd053071656ad5c6cdefc97bf5c2e47510e2b97d3c78872977413e435ff3e0569", 0x103) bpf$auto_BPF_PROG_BIND_MAP(0x23, &(0x7f0000000080)=@bpf_attr_0={0x2, 0x2, 0x7, 0x4, 0x200, r0, 0x5, "f17270c1635fb15a30d05f8574c31c59", r4, r2, 0x81, 0x7, 0x5, 0x2, 0xffffffffffffffff, r5}, 0x3f5141fa) 12.171177341s ago: executing program 1 (id=1266): r0 = openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x82802, 0x0) write$auto(r0, &(0x7f0000000040)='S\x00\x00\x00\xfe\xff\xff\xff', 0x8587) socket(0x10, 0x2, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) socket(0x2, 0x1, 0x0) (async) openat$auto_cachefiles_daemon_fops_internal(0xffffffffffffff9c, &(0x7f0000000240), 0x8000, 0x0) (async) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x20000000001fd, 0x3, 0x200d, 0x10001, 0x8000000000000000, 0x6, 0x15f4da0a, 0x1000000001, 0x9, 0x62, 0x80080000020, 0x7, 0x6d3e, 0x9, 0x0, 0x200]}, 0x0) (async) close_range$auto(0x2, 0x8, 0x0) 11.869082261s ago: executing program 1 (id=1267): r0 = openat$auto_nvmf_dev_fops_fabrics(0xffffffffffffff9c, &(0x7f0000000000), 0x101200, 0x0) getsockopt$auto_SO_BINDTOIFINDEX(r0, 0x1, 0x3e, &(0x7f0000000040)='\x00', &(0x7f0000000080)=0x4) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = socket(0x2, 0x801, 0x106) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) keyctl$auto_KEYCTL_CLEAR(0x7, 0x7f, 0x101, 0x3, 0x9) setsockopt$auto(r1, 0x0, 0x13, 0x0, 0x8009) 11.733527281s ago: executing program 1 (id=1269): mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) r1 = epoll_create$auto(0x3e) epoll_ctl$auto(r1, 0x1, 0x8000000000000000, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000380)='/sys/devices/system/cpu/cpu1/hotplug/target\x00', 0x800, 0x0) read$auto(r2, 0x0, 0x7) r3 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r3, &(0x7f0000000200)={0x0, 0x7}, 0x3) writev$auto(r0, &(0x7f0000000200)={0x0, 0x100000ff}, 0x2) shmctl$auto(0x6, 0x3, 0x0) mmap$auto(0x0, 0x2000a, 0x10000000000df, 0xeb2, 0x401, 0x8000) close_range$auto(0xffffffffffffffff, 0x8, 0x0) socket(0x2, 0x3, 0x100) openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) syz_open_procfs$namespace(0x0, &(0x7f0000000040)) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffff7, 0x8000) socket(0x11, 0x2, 0x73) pipe2$auto(0x0, 0x0) io_uring_setup$auto(0x7e1b, 0x0) socket(0x2, 0x5, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x11, 0x2, 0x14) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) r4 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptyde\x00', 0xa0102, 0x0) ioctl$auto_TIOCSETD2(r4, 0x5423, 0x0) read$auto(r4, 0x0, 0x2) socket(0x1d, 0x2, 0x7) 10.197726739s ago: executing program 1 (id=1270): openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000100)='/proc/irq/9/smp_affinity_list\x00', 0x1c1282, 0x0) r0 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x101c82, 0x0) readv$auto(0x3, &(0x7f0000000280)={0x0, 0xf7}, 0x87) openat$auto_vga_arb_device_fops_vgaarb(0xffffffffffffff9c, &(0x7f00000002c0), 0x8040, 0x0) mmap$auto(0x0, 0x5, 0x2, 0x40eb2, 0x401, 0x300000000000) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) unshare$auto(0x4) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000340), r1) sendmsg$auto_TIPC_NL_NET_SET(r1, &(0x7f00000079c0)={0x0, 0x0, &(0x7f0000007980)={&(0x7f0000000000)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01002cbd7000ffdbdf250f0000000c00078008000200", @ANYRES32=0xee00, @ANYBLOB="d56e417a"], 0x20}, 0x1, 0x0, 0x0, 0x40010}, 0x2) r3 = setfsuid$auto(0xee01) keyctl$auto(0x1d, 0xffffffffffffffff, r3, 0x0, 0x6) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/i8042/serio0/softrepeat\x00', 0xc2481, 0x0) write$auto(r4, 0x0, 0x81) msgctl$auto_IPC_RMID(0xdda7, 0x0, 0x0) sendmsg$auto_TIPC_NL_UDP_GET_REMOTEIP(0xffffffffffffffff, 0x0, 0x10) r5 = openat$auto_uinput_fops_uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$auto(r5, 0x4004556e, 0x1f) unshare$auto(0x40000080) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) setsockopt$auto(0x3, 0x1, 0x4c, 0x0, 0x9) mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) bpf$auto(0x4, &(0x7f0000000380)=@task_fd_query={0x12, r0, 0x4, 0x88, 0x8, 0xae05, 0x66b, 0x2, 0x7ff}, 0x6f8) r6 = open(&(0x7f00000000c0)='./cgroup\x00', 0x200102, 0xb5d1af1605322df2) execve$auto(&(0x7f0000000080)='./cgroup\x00', &(0x7f0000000180)=&(0x7f0000000100)='/sys/devices/platform/vhci_hcd.15/usb40/40-0:1.0/usb40-port3/power/autosuspend_delay_ms\x00', &(0x7f0000000240)=&(0x7f00000001c0)='/sys/devices/platform/vhci_hcd.15/usb40/40-0:1.0/usb40-port3/power/autosuspend_delay_ms\x00') fcntl$auto_F_SETPIPE_SZ(r6, 0x407, 0x772be235) socket(0x28, 0x5, 0x0) mmap$auto(0x0, 0x20009, 0xe3, 0x100000eb1, 0x40000000000a1, 0x8000) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000100)='/proc/sys/net/ipv6/conf/default/ioam6_id_wide\x00', 0x40100, 0x0) 9.424702762s ago: executing program 4 (id=1271): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x80, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0x2, 0x1, 0x0) setsockopt$auto(0x3, 0x1, 0x21, 0x0, 0x9) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @multicast2}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @empty}, 0x51) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) write$auto(0x3, 0x0, 0x7fffffff) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) madvise$auto(0x0, 0x2003f0, 0x15) write$auto(0xffffffffffffffff, 0x0, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) read$auto_uprobe_profile_ops_trace_uprobe(0xffffffffffffffff, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x80000, 0x0) prctl$auto(0x35, 0x8, 0x0, 0xdc3, 0x3) getsockopt$auto(0x100000006, 0x1, 0x28, 0xfffffffffffffffc, 0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttyprintk\x00', 0x40001, 0x0) ioctl$auto_TCFLSH2(r0, 0x8924, 0x0) socket(0x2, 0x1, 0x0) socket(0x10, 0x2, 0x0) memfd_create$auto(&(0x7f00000000c0)='\xc4--:\xdd:,./-${\x00', 0x5) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x3, 0x100) socket(0x2c, 0x3, 0x0) open(&(0x7f0000000000)='./file1\x00', 0x22240, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) 8.164172334s ago: executing program 3 (id=1272): r0 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$auto(r2, 0xffffff41, 0xffffffffffffffff) r3 = openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dri/card1\x00', 0x100, 0x0) mmap$auto(0x2, 0x5, 0x1, 0xfd4, r3, 0x3) ioctl$auto(r3, 0x901064aa, 0xffeffffffffffdff) (async) r4 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$auto_TIPC_NL_NET_GET(r1, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x14, r4, 0xb20, 0x70bd29, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x4c081}, 0x4008000) (async) r5 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$auto_NL80211_CMD_SET_WIPHY(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)={0x24, r0, 0x1, 0x70bd2b, 0x25dfdbfb, {}, [@NL80211_ATTR_IFINDEX={0x8, 0x3, r6}, @NL80211_ATTR_WIPHY_FRAG_THRESHOLD={0x8, 0x3f, 0x3}]}, 0x24}, 0x1, 0x0, 0x0, 0x20040810}, 0x0) 7.977463246s ago: executing program 4 (id=1273): r0 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x101c82, 0x0) unshare$auto(0x40000080) mmap$auto(0x2, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x140000000) unshare$auto(0x40000080) r1 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/core/rps_default_mask\x00', 0x82, 0x0) write$auto_proc_sys_file_operations_proc_sysctl(r1, 0x0, 0x0) write$auto(r0, &(0x7f0000000080)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) r2 = gettid() r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/loop13/queue/wbt_lat_usec\x00', 0x206a1, 0x0) write$auto_kernfs_file_fops_kernfs_internal(r3, &(0x7f00000000c0)='-7', 0x2) kexec_load$auto(0x5, 0x2, &(0x7f0000000040)={@kbuf=0x0, 0x2aa7, 0x6c0000c000, 0xc000}, 0x4) sched_setscheduler$auto(r2, 0xff, &(0x7f0000000100)={0x3}) r4 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, r4, 0x8000) 7.816973464s ago: executing program 3 (id=1274): r0 = openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x1000, 0x0) mmap$auto(0x0, 0x4, 0xffffffffffffffff, 0x400eb1, 0xfffffffffffffffa, 0x8000) sysfs$auto(0x2, 0xe, 0xffffffffffffffff) getcwd$auto(0x0, 0xfffffffffffdffff) r1 = openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f00000001c0), 0x80100, 0x0) ioctl$auto_dvb_demux_fops_dmxdev(r1, 0x40146f2c, 0x0) mmap$auto_tracing_buffers_fops_trace(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1, 0x8e051, r0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000000040), 0xffffffffffffffff) r4 = gettid() sendmsg$auto_OVS_DP_CMD_NEW(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r3, @ANYRES64=r4, @ANYRESOCT=0x0, @ANYBLOB="080001000000000800070004000008000024007b7b25212f3a29270000000000000000", @ANYRESHEX=0x0], 0x34}, 0x1, 0x0, 0x0, 0x24000800}, 0x80) bpf$auto(0xd, 0x0, 0x6f5) mmap$auto(0x0, 0x0, 0x4000000000e3, 0x40eb2, 0xffffffffffffffff, 0x300000000000) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x480, 0x0) mprotect$auto(0x0, 0x806121, 0x6) r5 = openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f000000c340)='/proc/thread-self/pagemap\x00', 0x3c001, 0x0) ioctl$auto_PAGEMAP_SCAN(r5, 0xc0606610, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r6 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/devices/platform/dummy_hcd.0/usb1/power/autosuspend_delay_ms\x00', 0x20461, 0x0) write$auto_kernfs_file_fops_kernfs_internal(r6, &(0x7f0000000000)='-7', 0x3a) init_module$auto(0x0, 0xffff9, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x8000000000000000, 0x15) madvise$auto(0x0, 0x2000000080000001, 0x3) close_range$auto(r0, r0, 0xc0) mmap$auto(0xffff, 0x100, 0x98c, 0x9fd, r2, 0x8000) capset$auto(0x0, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) keyctl$auto(0x2000000000000017, 0x3ff, 0x2a, 0x0, 0x4) keyctl$auto(0x2000000000000017, 0x3ff, 0x0, 0x0, 0x40) 7.22266975s ago: executing program 1 (id=1276): prctl$auto_PR_SCHED_CORE_SHARE_FROM(0x8, 0x3, 0x0, 0x0, 0x2) socket(0x10, 0x4, 0xffffffc0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x6, 0x0, 0x8fd6, 0x948b, 0x3, 0x15f4da0a, 0x4000000000005, 0x6, 0x62, 0x8, 0x7, 0x1, 0xb, 0x100, 0x18]}, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) write$auto(0x3, 0x0, 0x7fffffff) write$auto(0x1, 0x0, 0x80000000) openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000000), 0x200, 0x0) preadv$auto(0x40000000000003, &(0x7f0000000080)={0x0, 0xfffffffd}, 0x6, 0x8, 0x5) r0 = socket(0x2b, 0x1, 0x1) openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x80080, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x2) sendmsg$auto_NFC_CMD_DEP_LINK_DOWN(r0, 0x0, 0x20000001) madvise$auto(0x0, 0xffffffffffff0004, 0x19) kill$auto(0x0, 0x21) madvise$auto(0x0, 0x200007, 0x8) madvise$auto(0x0, 0x2003f0, 0x15) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_GET_MPP(r0, 0x0, 0x880) syz_genetlink_get_family_id$auto_nfc(&(0x7f00000000c0), r0) sendmsg$auto_NFC_CMD_STOP_POLL(r0, 0x0, 0x44084) remap_file_pages$auto(0x6a27, 0x1000, 0x0, 0x3, 0x4) mmap$auto(0x0, 0x2020009, 0x3, 0x400000eb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x40000c, 0xdf, 0x9b72, 0x2, 0x5) r1 = socket(0x15, 0x5, 0x0) getsockopt$auto(r1, 0x114, 0x2712, 0xfffffffffffffffc, 0x0) 5.943076038s ago: executing program 2 (id=1277): lseek$auto(0x3, 0x7ffffffffffffffd, 0x2) mmap$auto(0x0, 0x20009, 0x7fffffff, 0xeb1, 0x401, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/ptp/ptp0/n_alarms\x00', 0x42080, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_psample(&(0x7f0000007a40), 0xffffffffffffffff) sendmsg$auto_PSAMPLE_CMD_GET_GROUP(r1, &(0x7f0000007b00)={0x0, 0x0, &(0x7f0000007ac0)={&(0x7f0000007a80)={0x14, r2, 0x311, 0x70bd29, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0xf0}, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000000240)=""/217, 0x115) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/block/nbd6/uevent\x00', 0x103142, 0x0) sendfile$auto(r3, r3, 0x0, 0x1000200) mknod$auto(&(0x7f0000000180)=':,\x00', 0xcb, 0xfffffffa) execve$auto(&(0x7f0000000000)=':,\x00', 0x0, 0x0) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r4, 0x0, 0x20) r5 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r5, &(0x7f0000000200)={0x0, 0x7}, 0x3) openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) rename$auto(&(0x7f00000000c0)=':,\x00', &(0x7f0000000100)=':,\x00') ioctl$auto(r4, 0x4146, 0x1f) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f00000001c0), r6) sendmsg$auto_OVS_DP_CMD_NEW(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)={0x34, r7, 0x1, 0x2070bd26, 0x25dfdbf8, {}, [@OVS_DP_ATTR_UPCALL_PID={0x8, 0x2, 0x4}, @OVS_DP_ATTR_NAME={0x8, 0x1, 'HfR\x00'}, @OVS_DP_ATTR_UPCALL_PID={0x8, 0x2, 0x9}, @OVS_DP_ATTR_MASKS_CACHE_SIZE={0x8, 0x7, 0x100}]}, 0x34}, 0x1, 0x0, 0x0, 0x801}, 0x80) 4.300818781s ago: executing program 2 (id=1278): openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000340)='/dev/video44\x00', 0x8a240, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x13, 0x940, 0x1ffe0, 0x3, 0x6, 0x2, 0x9, 0x5, 0x2, 0x2, 0xb0, 0x9, 0x8, 0x3, 0x5, 0x7}, 0x1fe, 0x81) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x40000008000) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) setsockopt$auto(0x3, 0x6, 0x100000000, 0xfffffffffffffffc, 0xa) mmap$auto(0x1ffffffffffffff, 0x40000a, 0x2bb, 0x13, 0x2, 0x7) r2 = openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/self/status\x00', 0x40000, 0x0) read$auto_proc_single_file_operations_base(r2, 0x0, 0x0) sendmsg$auto_NLBL_MGMT_C_REMOVE(r0, 0x0, 0x4000) close_range$auto(0x2, 0x8, 0x0) r3 = io_uring_setup$auto(0x10000, 0x0) r4 = socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0) socket(0x11, 0xa, 0x300) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/nbd8/queue/iosched/async_depth\x00', 0x40800, 0x0) sendmmsg$auto(0x4, 0x0, 0xffffff01, 0xa) sendmmsg$auto(0x3, 0x0, 0x9a6, 0xa00) close_range$auto(r3, r4, 0x4) ioctl$auto(0xffffffffffffffff, 0x400454c9, 0xffffffffffffffff) mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x40eb2, 0xd, 0x300000000000) sysfs$auto(0x2, 0x7, 0x0) r5 = fsopen$auto(0x0, 0x1) fsconfig$auto(r5, 0x6, 0x0, 0x0, 0x0) ppoll$auto(&(0x7f0000000140)={0xffffffffffffffff, 0x3fc, 0x4}, 0xf3, 0x0, 0x0, 0x8) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv6/conf/all/disable_ipv6\x00', 0x1401, 0x0) openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dri/card0\x00', 0x129800, 0x0) 4.298166816s ago: executing program 3 (id=1279): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) munmap$auto(0xfffffffffffff34b, 0x8592) mkdir$auto(0x0, 0x9) socket(0x18, 0x1, 0x3) r0 = openat$auto_sw_sync_debugfs_fops_sync_debug(0xffffffffffffff9c, &(0x7f0000000080), 0x2000, 0x0) r1 = ioctl$auto_SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptyw5\x00', 0x1f1900, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r3 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_snd_pcm_f_ops_pcm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/pcmC0D0p\x00', 0x0, 0x0) ioctl$auto_PPPIOCSPASS(r3, 0x40107447, 0x0) mmap$auto(0x0, 0x3, 0x3, 0xeb1, 0x7, 0x8000) select$auto(0x6eb7, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0xfffffffffffffff7, 0xd3e, 0x1, 0x948b, 0x3, 0x95f4da0a, 0xffffffffffffffff, 0x7, 0x62, 0x80000001, 0x4, 0x6d40, 0x3, 0x2, 0xfffffffffffffffe]}, 0x0) ioctl$auto_UDMABUF_CREATE(r1, 0x40187542, &(0x7f00000000c0)={r3, 0x7, 0x7, 0x8}) write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0xe0, 0x968b, 0x100, 0x15f4da07, 0x3, 0x3, 0x200000000fff, 0x8002001f, 0x1, 0x80080000002, 0x7, 0x2, 0x8]}, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$auto_tipcv2(0x0, 0xffffffffffffffff) sendmsg$auto_TIPC_NL_MON_GET(r4, &(0x7f00000083c0)={0x0, 0x0, &(0x7f0000008380)={&(0x7f0000003680)={0x14, r5, 0x32f, 0x70bd2a, 0x25dfdbff, {0x12, 0x0, 0xf0}}, 0x14}, 0x1, 0x0, 0x0, 0x4801}, 0x8080) mmap$auto(0x773d, 0x3ff, 0x1, 0x19, r4, 0x5) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$auto_nbd(&(0x7f0000000140), r3) sendmsg$auto_NBD_CMD_CONNECT(r6, &(0x7f0000001e00)={0x0, 0x0, &(0x7f0000001dc0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="18000000", @ANYRES16=r7, @ANYBLOB="b80c253d7000fddbdf25010000000400ca80"], 0x18}, 0x1, 0x0, 0x0, 0x4}, 0x8880) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) 3.998884112s ago: executing program 4 (id=1280): openat$auto_nst_seq_fops_netdebug(0xffffffffffffff9c, &(0x7f0000000000), 0x80900, 0x0) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0xffffffffffffffff, 0x8000) io_uring_setup$auto(0x85, 0x0) close_range$auto(0x0, 0xfffff004, 0x2) socket(0xa, 0x2, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket(0xa, 0x2, 0x88) socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'batadv0\x00', 0x0}) bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_5={@target_ifindex=r3, r2, 0x4, 0xf, r1, @relative_fd, 0xe600}, 0xf) bpf$auto(0x2, &(0x7f00000001c0)=@raw_tracepoint={0x5, 0xffffffffffffffff, 0x0, 0x3}, 0x4) close_range$auto(0x2, 0xa, 0x3) 3.357014771s ago: executing program 4 (id=1281): openat$auto_percpu_stats_fops_(0xffffffffffffff9c, &(0x7f0000000000), 0x20000, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) keyctl$auto_KEYCTL_CAPABILITIES(0x1f, 0xee01, 0xffffffffffffffff, 0x0, 0x8000000000000000) r1 = openat$auto_tracing_iter_fops_trace(0xffffffffffffff9c, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, r1, 0x8400) ioperm$auto(0x7, 0x5ad2, 0x8) modify_ldt$auto(0x1, 0x0, 0x10) r2 = openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, 0x0, 0x2c6880, 0x0) pread64$auto(r2, &(0x7f0000000040)='\x00\x00\x00\x88\xde\x90\a\'\x9bM\xa0\x848\xbbz(\xe9\x05<\x82\xfe\xe2\xf6 \x0f8\xfb\xa7\xb4\xa0\x9e\xcb\xec\x9e{W\xed>\xe7l\xcb\x90\\/\x84\x99!*\xe3\x99}x\xd4\xa5D\xfa\xe5\xf9od^\xa6', 0x7ff, 0x400) socket(0x1e, 0x1, 0x0) r3 = openat$auto_proc_pid_attr_operations_base(0xffffffffffffff9c, &(0x7f0000000140)='/proc/thread-self/attr/sockcreate\x00', 0x101102, 0x0) write$auto_proc_pid_attr_operations_base(r3, 0x0, 0x0) r4 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) pwrite64$auto(0xffffffffffffffff, &(0x7f0000000180)='/sys/kernel/tracing/trace_options\x00', 0xa, 0x10000) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/024/001\x00', 0x40001, 0x0) write$auto(r4, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x7, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x8000001f, 0x7, 0x6d3e, 0x9, 0x2, 0x6]}, 0x0) r5 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000240)='/proc/self/net/ip_vs_conn\x00', 0x0, 0x0) pread64$auto(r5, 0x0, 0x8, 0xffff) unshare$auto(0x40000080) setsockopt$auto_SO_TXTIME(r2, 0x232, 0x3d, &(0x7f00000001c0)='#-\x00', 0x3) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x8800) mmap$auto(0x5, 0x400008, 0xdf, 0x9b76, 0xffffffffffffffff, 0x2) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) mincore$auto(0xcc, 0x3661, 0x0) r6 = syz_genetlink_get_family_id$auto_seg6(&(0x7f0000000040), 0xffffffffffffffff) openat$auto_ftrace_event_filter_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/tracing/events/vmalloc/free_vmap_area_noflush/filter\x00', 0x0, 0x0) sendmsg$auto_SEG6_CMD_SETHMAC(r0, &(0x7f0000001440)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000003c0)=ANY=[@ANYRESDEC=r6, @ANYRES16=r6, @ANYBLOB="a9e127bd6500ffdbdf2501003f000500060007000000080003000100010007e5fe8c5f348559d000050003000000"], 0x34}, 0x1, 0x0, 0x0, 0x24000014}, 0x400c850) mincore$auto(0x2000000000e, 0x1, &(0x7f0000000200)='/proc/self/net/ip_vs_conn\x00') 3.200380737s ago: executing program 3 (id=1282): openat$auto_proc_mountinfo_operations_mnt_namespace(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/loadavg\x00', 0x40, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x10004) msgctl$auto_MSG_STAT(0x10000000, 0xb, &(0x7f00000002c0)={{0x80000001, 0x0, 0xee00, 0x0, 0x95, 0x3, 0x8}, 0x0, 0x0, 0x4600, 0x8000, 0xfffffffffffffffc, 0x6, 0x10000, 0x567, 0x0, 0x7fff, @raw=0x7, @raw=0xc}) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0x2900, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x7fff) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x240803, 0x0) setitimer$auto(0x2, &(0x7f0000000080)={{0x2, 0x5}, {0x0, 0x8}}, 0x0) setitimer$auto_ITIMER_VIRTUAL(0x1, &(0x7f0000000000)={{0x3, 0x3}, {0x8, 0x5}}, 0x0) unshare$auto(0x40000080) setitimer$auto_ITIMER_REAL(0x0, &(0x7f0000000180)={{0x34c, 0x9}, {0xfffffffffffffffd}}, 0x0) setitimer$auto(0x5, &(0x7f0000000240)={{0xfea07d8, 0x9d}, {0xfffffffffffffffb, 0x9}}, &(0x7f0000000280)={{0x4, 0x200}, {0x2, 0x6}}) syz_genetlink_get_family_id$auto_nlctrl(&(0x7f0000000140), 0xffffffffffffffff) ioctl$auto_XFS_IOC_ERROR_CLEARALL(0xffffffffffffffff, 0x40085875, &(0x7f00000000c0)={0xffffffffffffffff, 0xf}) sendmsg$auto_CTRL_CMD_GETPOLICY(r1, 0x0, 0x30004011) mmap$auto(0x0, 0x2000c, 0xdf, 0x20eb1, 0x40000000000a5, 0x8000) ioctl$auto_SNDRV_PCM_IOCTL_CHANNEL_INFO2(0xffffffffffffffff, 0x80184132, 0x0) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/midiC2D3\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) open(0x0, 0xeee00, 0x31) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/midiC2D3\x00', 0x1, 0x0) stat$auto(0x0, &(0x7f0000000380)={0x506f, 0x7, 0x80000000000000, 0xfffffff2, 0x0, 0xee01, 0x0, 0x2, 0x101, 0x4, 0x1, 0x20fd, 0x3ff, 0x800000401, 0x5f54, 0x0, 0xfffffffeffffffff}) r2 = openat$auto_urandom_fops_random(0xffffffffffffff9c, &(0x7f00000001c0), 0x1, 0x0) writev$auto(r2, &(0x7f00000003c0)={0x0, 0x8}, 0x3) r3 = getpid() process_vm_readv$auto(r3, &(0x7f0000000000)={0x0, 0xfff}, 0x40000000001, &(0x7f0000000180)={&(0x7f0000000140), 0x40000000001243}, 0xa, 0x0) read$auto(r0, 0x0, 0x20) ioctl$auto_IOCTL_VMCI_SET_NOTIFY(0xffffffffffffffff, 0x7cb, 0x0) 3.102539783s ago: executing program 2 (id=1283): openat$auto_dai_list_fops_(0xffffffffffffff9c, &(0x7f0000000140), 0x80001, 0x0) (async) unshare$auto(0x8000400) (async, rerun: 64) openat$auto_nodes_fops_netdebug(0xffffffffffffff9c, &(0x7f00000035c0), 0x400801, 0x0) (async, rerun: 64) r0 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyra\x00', 0x20040, 0x0) write$auto_console_fops_tty_io(r0, &(0x7f0000000040)="2c21be65bcebba9d48ac2db8f84627879e0dede0e948dff736d19eec90b7733375f8bacafe87c95aeb51906db45ea4a96c3dbc663349ec5916d18b3b6c2c2cea563847f323f63077a3636f30aecdf25bf8db50a09cfd37fdf71af60ebfa488cfb8197dc76530007807e688f886380a95e099c0a646022b1de60a7ae320a6e4822aa7194bdeb434cca4d3c4f23a3f73ed01de566e727a18fb0d195765e78eccb4aa38513f5c38b7058519a9dd5823adaa308b1d1a5a55ff5e66426183fe917b41bb0fc455bedaf1b2ecaaab7790f88236787c0ce096e7dd29683616c2793d90232057906c35d0cbbd246e7c317e9d5cdd2e64600a5fbcdf37f81d3773ee01", 0xfe) 2.60510817s ago: executing program 2 (id=1284): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/tty/ttya7/power/runtime_suspended_time\x00', 0xc0680, 0x0) write$auto(r0, &(0x7f0000000400)='\xca\x00', 0x8) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) select$auto(0x6, 0x0, 0x0, &(0x7f0000000100)={[0x9, 0x7fff, 0x5, 0x0, 0xa00000000008000, 0x2, 0x6, 0x4, 0x6, 0x9, 0x7, 0xef24, 0xfff, 0x1, 0x1, 0x2]}, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/asound/card0/pcm0c/xrun_debug\x00', 0x480, 0x0) sysfs$auto(0x7fff, 0x5, 0x80) 2.338305972s ago: executing program 2 (id=1285): openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/fb0\x00', 0x0, 0x0) sendmsg$auto_NL80211_CMD_MODIFY_LINK_STA(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x800}, 0x804) (async) sendmsg$auto_NL80211_CMD_MODIFY_LINK_STA(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x800}, 0x804) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c03, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x1}, 0x2, 0x0) unshare$auto(0x40000080) mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000) (async) mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000) close_range$auto(0x2, 0x8, 0x0) socket(0x18, 0xa, 0x1) write$auto_fuse_dev_operations_fuse_i(0xffffffffffffffff, &(0x7f0000000440)="110000000500000000", 0x9) (async) write$auto_fuse_dev_operations_fuse_i(0xffffffffffffffff, &(0x7f0000000440)="110000000500000000", 0x9) ioctl$auto_TCFLSH2(0xffffffffffffffff, 0x540b, 0xfffffffffffffffd) socket(0x9, 0x6, 0x2002) (async) socket(0x9, 0x6, 0x2002) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) (async) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x8001, 0xdf, 0xeb1, 0x401, 0x8003) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) r1 = openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$auto_posix_clock_file_operations_posix_clock(r1, 0x2, 0x0) (async) ioctl$auto_posix_clock_file_operations_posix_clock(r1, 0x2, 0x0) mmap$auto(0x0, 0x1008, 0xbf8e, 0x9b72, 0x5, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) r3 = ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) pipe$auto(0x0) r4 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/controlC1\x00', 0x22082, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_READ(r4, 0xc4c85512, 0x0) socket$nl_generic(0x10, 0x3, 0x10) (async) socket$nl_generic(0x10, 0x3, 0x10) ioctl$auto(r3, 0x4010ae68, r4) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x7) (async) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x7) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x8, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x6, 0xfff, 0x3, 0x8000001f, 0x2, 0x6d3e, 0x9, 0x2, 0x8]}, 0x0) fsopen$auto(0x0, 0x1) (async) fsopen$auto(0x0, 0x1) close_range$auto(0x2, 0x8, 0x0) (async) close_range$auto(0x2, 0x8, 0x0) keyctl$auto(0x8, 0xfffffffffffffffd, 0xffffffffffffffff, 0x5092, 0x4ec) mmap$auto(0x0, 0x4, 0xdf, 0x9b72, 0x2, 0x8000) 1.259264364s ago: executing program 2 (id=1286): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sendmsg$auto_NET_SHAPER_CMD_GROUP(0xffffffffffffffff, &(0x7f0000001600)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2004c804}, 0x14) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socketpair$auto(0x1, 0x1, 0x4, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x19) timerfd_create$auto(0x9, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, &(0x7f0000000040)=""/49, 0x31) write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) ioctl$auto_SNDRV_PCM_IOCTL_HW_PARAMS_OLD2(r1, 0xc1004111, &(0x7f0000000000)={0x8000008, [0x2, 0x400, 0x80000000], [{0x80, 0x2, 0x1, 0x1, 0x1, 0x1}, {0x8000, 0x0, 0x1, 0x0, 0x1, 0x1}, {0x5, 0x6, 0x0, 0x1, 0x1}, {0xff4, 0x400, 0x1, 0x1, 0x1, 0x1}, {0x0, 0x0, 0x0, 0x0, 0x1}, {0x6, 0xffffbffe, 0x1, 0x1}, {0x1, 0xc1f, 0x1, 0x0, 0x1}, {0x2, 0xfe, 0x1, 0x0, 0x0, 0x1}, {0x400, 0xfffff87e, 0x0, 0x1, 0x1}, {0xc14, 0x5, 0x1, 0x0, 0x1}, {0x7ff, 0x4d3c, 0x0, 0x0, 0x1}, {0x2, 0x3, 0x1, 0x1, 0x1}], 0x80, 0xfff, 0x3, 0x3, 0x2, 0x7f69, 0x100000001, "64b91cc75e50f9bfb73422d302bb9262ca4383f3137e87360df62cfa69013312b39e05e3bb4c9907000000310552976c2f5b0732887c3a8873bae9024b524de3"}) timer_create$auto(0x2, 0x0, 0x0) timer_create$auto(0x9, 0x0, &(0x7f0000000000)=0x3) timer_delete$auto(0x1) statmount$auto(0x0, &(0x7f0000000180)={0xa, 0x9, 0x44f, 0x807, 0x5, 0x7181, 0x1ffde, 0x7, 0x3, 0x8, 0x9, 0x80003, 0x4, 0x100000000, 0x40, 0x9, 0x8, 0x10006, 0x400007f, 0x7, 0x0, 0xe, 0x22000, 0x200, 0x0, 0x84, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6]}, 0x1fa, 0xd) r3 = openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f00000000c0), 0x2802, 0x0) ioctl$auto__ctl_fops_dm_ioctl(r3, 0xfffffff7effffd05, &(0x7f00000001c0)) close_range$auto(0x0, 0x5, 0x0) r4 = openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dri/renderD128\x00', 0x109800, 0x0) ioctl$auto(r4, 0x900064b7, r4) getsockopt$auto_SO_DEBUG(r0, 0x9, 0x1, 0x0, &(0x7f0000000380)=0x3) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) openat$auto_generic(0xffffffffffffff9c, &(0x7f0000000180)='/sys/devices/virtual/bluetooth/hci2/rfkill29/hard\x00', 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x5, 0x0) io_uring_register$auto(0x2, 0x1e, &(0x7f0000000000), 0x1) mmap$auto(0x2, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/misc/hw_random/rng_current\x00', 0x0, 0x0) r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/system/node/node1/compact\x00', 0xc2481, 0x0) writev$auto(r5, &(0x7f0000000080)={&(0x7f0000000040), 0x1000}, 0x3) 1.18126632s ago: executing program 4 (id=1287): mmap$auto(0x0, 0x2020007, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda1\x00', 0x900, 0x0) mmap$auto(0x0, 0xd80f, 0x800000000000003, 0x8000000008011, 0x3, 0xffffffffffffa234) mmap$auto(0x0, 0x400007, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/loop15\x00', 0x10001, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x12, 0x7, 0x28000) write$auto(0x3, 0x0, 0x0) openat$auto_snd_pcm_f_ops_pcm1(0xffffffffffffff9c, &(0x7f0000000100)='/dev/snd/pcmC1D0c\x00', 0x80080, 0x0) write$auto(0x1, 0x0, 0x80000000) preadv$auto(r1, &(0x7f0000000080)={0x0, 0xfffffffd}, 0x5, 0x8, 0x9) newfstatat$auto(0xffffffffffffffff, 0x0, &(0x7f0000000380)={0x8, 0x6, 0x89, 0x0, 0x0, 0xee01, 0x0, 0x2000000006, 0x20000000000003, 0x0, 0x7, 0x8, 0x5, 0x1000000001, 0x4, 0xc11, 0x53}, 0x1) ppoll$auto(&(0x7f0000000140)={0xffffffffffffffff, 0x3ff, 0x4}, 0x7f, 0x0, 0x0, 0x8) socket(0x3, 0x80000, 0x6) prctl$auto(0x21, 0x0, 0x1, 0x0, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) socketpair$auto(0x1, 0x2164, 0x8000000000000000, 0x0) write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/loop0\x00', 0x60742, 0x0) write$auto(0x3, 0x0, 0x7fffffff) r3 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/adsp1\x00', 0x220000, 0x0) ioctl$auto_OSS_GETVERSION2(r3, 0x80044d76, &(0x7f0000000040)="8f37e44ef0e3bf9a48f0c43932d52ce468124b3bb6e6a065eaef469f87d8466f9a42439526") lseek$auto(0x3, 0x0, 0x1) munmap$auto(0x8000, 0xffffffff) pread64$auto(r0, 0x0, 0x7, 0x2000008001) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/firmware/acpi/interrupts/gpe02\x00', 0x2, 0x0) mmap$auto(0x9, 0x400008, 0xdf, 0x9b72, r4, 0x2) r5 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000002c00)='/dev/cec2\x00', 0x900, 0x0) ioctl$auto_CEC_S_MODE(r5, 0x40046109, &(0x7f0000002c40)=0x10) close_range$auto(0x2, 0xa, 0x0) 716.36423ms ago: executing program 1 (id=1288): lseek$auto(0x3, 0x7ffffffffffffffd, 0x2) mmap$auto(0x0, 0x5, 0x3, 0x7fff, 0x401, 0x8000) execve$auto(&(0x7f0000000000)=':,\x00', 0x0, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) readv$auto(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x7}, 0x8) close_range$auto(0x2, 0x8, 0x0) madvise$auto(0x0, 0xd0, 0x2) openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, 0x0, 0x4821c0, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x12bc00, 0x0) read$auto(r0, 0x0, 0x20) r1 = openat$dir(0xffffffffffffff9c, 0x0, 0x2d2802, 0x48) faccessat$auto(r1, 0x0, 0x2) r2 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r2, &(0x7f0000000200)={0x0, 0x7}, 0x3) mmap$auto(0x6, 0xe3a, 0xdb, 0xd9, 0x5, 0x11) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) pipe2$auto(0x0, 0x80) r3 = socket$nl_generic(0x10, 0x3, 0x10) setuid$auto(0xee01) connect$auto(r3, &(0x7f0000000940)=@nl=@proc={0x10, 0x0, 0x25dfdbfd}, 0x1e) ioctl$auto(0x1, 0x5760, 0x100000101) close_range$auto(0x0, 0xfffffffffffff001, 0x2) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0xc44c1, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/acpi/wakeup\x00', 0x48041, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/fs/cifs/Stats\x00', 0x28102, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_trace_options_fops_trace(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/tracing/options/test_nop_accept\x00', 0x101000, 0x0) socket(0x5, 0x800, 0x6) socket(0x10, 0x2, 0x10) 671.586417ms ago: executing program 3 (id=1289): r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/tty17\x00', 0x1, 0x0) (async, rerun: 64) lsm_get_self_attr$auto(0x2, &(0x7f00000007c0)={0x68, 0x12a3, 0x9}, &(0x7f00000008c0)=0x1ff, 0x1) (rerun: 64) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ram6\x00', 0x4040, 0x0) (async) preadv2$auto(0x3, 0x0, 0x5, 0xffffffffffffffff, 0x2000001, 0x2e) (async) write$auto_tty_fops_tty_io(r0, 0x0, 0x0) mmap$auto(0x0, 0x6, 0x2, 0x40eb2, 0xffffffffffffffff, 0x308000000000) (async) ioctl$auto(r0, 0xe, r0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xfffffffffffffffe, 0x8000) ustat$auto(0x801, 0x0) (async) openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dmmidi2\x00', 0x1501, 0x0) (async) r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) (async, rerun: 64) writev$auto(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x100000040}, 0x8) (rerun: 64) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d7) madvise$auto(0x0, 0x2003f0, 0x15) mmap$auto(0x0, 0x2000c, 0xdf, 0x20eb1, 0xff1, 0x8000) bpf$auto(0x5, 0x0, 0x102) (async) r3 = getpid() (async) syz_genetlink_get_family_id$auto_nlbl_cipsov4(&(0x7f0000000180), 0xffffffffffffffff) (async) close_range$auto(0x0, 0xfffffffffffff001, 0x2) (async, rerun: 32) socket(0x18, 0x4, 0x0) (async, rerun: 32) socket$nl_generic(0x10, 0x3, 0x10) (async) memfd_create$auto(&(0x7f0000000000)='\xc4--:\xdd:,./-${\x00', 0x4) (async) r4 = memfd_secret$auto(0x0) ftruncate$auto(0x3, 0x700) ftruncate$auto(r4, 0x5) (async) sendmsg$auto_NLBL_CIPSOV4_C_REMOVE(r2, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[], 0x24}, 0x1, 0x0, 0x0, 0x4000000}, 0x48800) (async) openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/domain_policy\x00', 0x40802, 0x0) (async) syz_genetlink_get_family_id$auto_nl80211(&(0x7f00000164c0), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f00000165c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)=ANY=[@ANYRES64=r3, @ANYRESHEX, @ANYBLOB="79a327bd7000fedbdf15ab0f276559418f8ce6e20bfa4f6ba76c294664c9098bfec7708accc0823065232a58f02604cfdfdb91e654646f5419cc78e52a2ae0a54a5b2fbd11e81fa4425c0c1247406cea41218e4a85f8e4e90069dc4f34534130784ec1a97c0c6bb20d2c10895555e90661223aba9b2d6e63893e776855b480bf2f0c4c65d34b2c16c42797b94d3e816b5696926b4f62c65232bfe0411632b65a27ba536b117abaf301508490340ca811054cc9667d04af6e8a103ad0ede0a8559524e8950ff1fe"], 0x14}, 0x1, 0x0, 0x0, 0x4004000}, 0x4044020) 87.297539ms ago: executing program 3 (id=1290): r0 = openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, &(0x7f0000000240), 0x10b000, 0x0) ioctl$auto_dma_heap_fops_dma_heap(r0, 0xffffffffffdffe00, &(0x7f0000000080)="f6af10") mmap$auto(0x4, 0x8, 0x7fff, 0x19, r0, 0x986) r1 = openat$auto_raw_fops_raw_gadget(0xffffffffffffff9c, &(0x7f0000000180), 0x80000, 0x0) r2 = openat$auto_sw_sync_debugfs_fops_sync_debug(0xffffffffffffff9c, &(0x7f0000000040), 0x543c00, 0x0) ioctl$auto_SW_SYNC_IOC_CREATE_FENCE(r2, 0xc0285700, &(0x7f0000000080)={0x2, "fb2704573a53cf995e9bd50d9a038ae9ba8b6bb523af71be779551bea8bb46e0", @inferred=r1}) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_netdev(&(0x7f0000000440), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f00000002c0)={'veth1_to_bond\x00'}) r4 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/net/afs/addr_prefs\x00', 0x102, 0x0) writev$auto(r4, &(0x7f0000000140)={&(0x7f0000000040), 0x6}, 0x3) r5 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x80080, 0x0) mmap$auto(0xfffffffffffffff8, 0xef3f, 0x0, 0x17, r5, 0x7) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r6 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) ioctl$auto(r6, 0x4b47, 0x1) openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/usbmon6\x00', 0x2, 0x0) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) r7 = socket(0x2, 0x5, 0x0) connect$auto(0x3, &(0x7f0000000000)=@in={0x2, 0x0, @rand_addr=0xfffffffe}, 0x55) sendto$auto(0x3, 0x0, 0x2000f, 0x13f, &(0x7f0000000000)=@in={0x2, 0x4e22, @loopback}, 0x1c) r8 = socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_genetlink_get_family_id$auto_wireguard(&(0x7f0000000700), 0xffffffffffffffff) sendmsg$auto_WG_CMD_SET_DEVICE(r8, &(0x7f0000000cc0)={0x0, 0x0, &(0x7f0000000c80)={&(0x7f0000000c40)=ANY=[@ANYBLOB, @ANYRES16=r9, @ANYBLOB="010028bd7000ffdbdf2501000000240003007729ecac5e9239d0c4058eac0405576c2cd59ffc84b3098afa677190f34d1790"], 0x38}, 0x1, 0x0, 0x0, 0x80}, 0x10) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f00000001c0)={'veth1_macvtap\x00'}) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'vlan0\x00'}) mmap$auto(0x0, 0x200006, 0x2, 0x40eb1, 0x602, 0x300000000000) r10 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/fs/ext4/sda1/mb_group_prealloc\x00', 0x8001, 0x0) write$auto(r10, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) 0s ago: executing program 4 (id=1291): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:07/wakeup/wakeup6/wakeup_count\x00', 0x800, 0x0) mmap$auto(0x0, 0x20009, 0x6, 0xfffffffffffffffe, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) writev$auto(0x8, &(0x7f0000000040)={&(0x7f0000000000), 0x2000000000001}, 0xabc) close_range$auto(0x2, 0x8, 0x0) r0 = io_uring_setup$auto(0x1, 0x0) io_uring_register$auto(0xffffffffffffffff, 0x16, &(0x7f0000000040), 0x1) ioctl$auto_UBI_IOCDET(r0, 0x40046f41, 0x0) r1 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) r2 = openat$auto_cpuid_fops_cpuid(0xffffffffffffff9c, &(0x7f0000000500)='/dev/cpu/0/cpuid\x00', 0xad00, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_seg6(&(0x7f0000002e40), 0xffffffffffffffff) readv$auto(r2, &(0x7f0000000680)={0x0, 0x40200}, 0x3) ppoll$auto(&(0x7f0000000000)={r1, 0x6d}, 0x2, 0x0, 0x0, 0x8) close_range$auto(r3, 0xfffffffffffff000, 0x8) open(&(0x7f0000000000)='./file0\x00', 0x4242, 0xe1d2b27bdc14aab4) write$auto_mousedev_fops_mousedev(0xffffffffffffffff, 0x0, 0x0) write$auto(0x3, 0x0, 0x3) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x4004) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x10b142, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x109b72, 0x2, 0x8000) write$auto(0x3, 0x0, 0xfffffdef) ioctl$auto_SNDCTL_DSP_SYNC(r1, 0x5001, 0xfffffffffffffffc) kernel console output (not intermixed with test programs): mic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 312.362985][ T8868] lowmem_reserve[]: 0 2480 2482 2482 2482 [ 312.363047][ T8868] Node 0 DMA32 free:1250976kB boost:0kB min:34076kB low:42592kB high:51108kB reserved_highatomic:0KB free_highatomic:0KB active_anon:27268kB inactive_anon:136120kB active_file:71648kB inactive_file:164676kB unevictable:1536kB writepending:1684kB present:3129332kB managed:2540344kB mlocked:0kB bounce:0kB free_pcp:1760kB local_pcp:1760kB free_cma:0kB [ 312.363118][ T8868] lowmem_reserve[]: 0 0 1 1 1 [ 312.363160][ T8868] Node 0 Normal free:12kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB free_highatomic:0KB active_anon:44kB inactive_anon:0kB active_file:1248kB inactive_file:72kB unevictable:0kB writepending:0kB present:1048580kB managed:1388kB mlocked:0kB bounce:0kB free_pcp:12kB local_pcp:12kB free_cma:0kB [ 312.363227][ T8868] lowmem_reserve[]: 0 0 0 0 0 [ 312.363269][ T8868] Node 1 Normal free:3921996kB boost:0kB min:55804kB low:69752kB high:83700kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:132kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:444kB local_pcp:444kB free_cma:0kB [ 312.363338][ T8868] lowmem_reserve[]: 0 0 0 0 0 [ 312.363381][ T8868] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 312.363530][ T8868] Node 0 DMA32: 1201*4kB (UME) 87*8kB (UE) 312*16kB (UME) 288*32kB (UE) 106*64kB (UE) 48*128kB (UE) 39*256kB (UM) 68*512kB (UME) 52*1024kB (UM) 13*2048kB (UME) 267*4096kB (UM) = 1250940kB [ 312.363731][ T8868] Node 0 Normal: 1*4kB (M) 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB [ 312.363867][ T8868] Node 1 Normal: 214*4kB (UM) 60*8kB (UME) 56*16kB (UME) 214*32kB (UME) 106*64kB (UME) 37*128kB (UME) 14*256kB (UM) 9*512kB (UME) 2*1024kB (UE) 2*2048kB (UE) 949*4096kB (M) = 3922040kB [ 312.364066][ T8868] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 312.364086][ T8868] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 312.364106][ T8868] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 312.364125][ T8868] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 312.364144][ T8868] 89732 total pagecache pages [ 312.364153][ T8868] 0 pages in swap cache [ 312.364161][ T8868] Free swap = 124996kB [ 312.364169][ T8868] Total swap = 124996kB [ 312.364178][ T8868] 2097051 pages RAM [ 312.364187][ T8868] 0 pages HighMem/MovableOnly [ 312.364195][ T8868] 429987 pages reserved [ 312.364204][ T8868] 0 pages cma reserved [ 313.097966][ T8877] FAULT_INJECTION: forcing a failure. [ 313.097966][ T8877] name failslab, interval 1, probability 0, space 0, times 0 [ 313.098025][ T8877] CPU: 0 UID: 0 PID: 8877 Comm: syz.2.566 Not tainted 6.16.0-rc4-syzkaller-00123-g4c06e63b9203 #0 PREEMPT(full) [ 313.098050][ T8877] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 313.098063][ T8877] Call Trace: [ 313.098069][ T8877] [ 313.098076][ T8877] dump_stack_lvl+0x16c/0x1f0 [ 313.098110][ T8877] should_fail_ex+0x512/0x640 [ 313.098141][ T8877] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 313.098172][ T8877] should_failslab+0xc2/0x120 [ 313.098192][ T8877] __kmalloc_cache_noprof+0x6a/0x3e0 [ 313.098221][ T8877] ? acct_on+0x57/0x870 [ 313.098253][ T8877] acct_on+0x57/0x870 [ 313.098284][ T8877] __x64_sys_acct+0xaf/0x230 [ 313.098312][ T8877] ? lockdep_hardirqs_on+0x7c/0x110 [ 313.098342][ T8877] do_syscall_64+0xcd/0x490 [ 313.098375][ T8877] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 313.098402][ T8877] RIP: 0033:0x7f001ed8e929 [ 313.098418][ T8877] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 313.098438][ T8877] RSP: 002b:00007f001fbf1038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a3 [ 313.098456][ T8877] RAX: ffffffffffffffda RBX: 00007f001efb6400 RCX: 00007f001ed8e929 [ 313.098470][ T8877] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00002000000000c0 [ 313.098483][ T8877] RBP: 00007f001ee10b39 R08: 0000000000000000 R09: 0000000000000000 [ 313.098495][ T8877] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 313.098507][ T8877] R13: 0000000000000000 R14: 00007f001efb6400 R15: 00007fff93d92178 [ 313.098532][ T8877] [ 322.207531][ T8908] tty tty17: ldisc open failed (-12), clearing slot 16 [ 322.310632][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 322.316970][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 322.388220][ T51] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 322.399455][ T51] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 322.408783][ T51] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 322.416851][ T51] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 322.424753][ T51] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 323.433419][ T8940] bond0: option packets_per_slave: invalid value ( Xnp) [ 323.485589][ T8940] bond0: option packets_per_slave: allowed values 0 - 65535 [ 323.831075][ T8917] chnl_net:caif_netlink_parms(): no params data found [ 324.522805][ T51] Bluetooth: hci4: command tx timeout [ 324.589390][ T8917] bridge0: port 1(bridge_slave_0) entered blocking state [ 324.626911][ T8917] bridge0: port 1(bridge_slave_0) entered disabled state [ 324.651585][ T8917] bridge_slave_0: entered allmulticast mode [ 324.712843][ T8917] bridge_slave_0: entered promiscuous mode [ 324.761527][ T8956] tipc: Started in network mode [ 324.813621][ T8956] tipc: Node identity ee00, cluster identity 4711 [ 324.820095][ T8956] tipc: Node number set to 60928 [ 324.957922][ T8917] bridge0: port 2(bridge_slave_1) entered blocking state [ 324.993595][ T8917] bridge0: port 2(bridge_slave_1) entered disabled state [ 325.061639][ T8917] bridge_slave_1: entered allmulticast mode [ 325.095849][ T8917] bridge_slave_1: entered promiscuous mode [ 325.329754][ T8960] page: refcount:22 mapcount:0 mapping:0000000000000000 index:0xffff888078016000 pfn:0x78010 [ 325.574504][ T8962] could not allocate digest TFM handle binfmt_misc [ 325.616798][ T8960] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 325.694291][ T8960] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 325.782991][ T8960] raw: 00fff00000000040 0000000000000000 dead000000000122 0000000000000000 [ 326.025682][ T8960] raw: ffff888078016000 0000000000000000 00000016ffffffff 0000000000000000 [ 326.114562][ T8960] head: 00fff00000000040 0000000000000000 dead000000000122 0000000000000000 [ 326.256439][ T8917] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 326.277977][ T8960] head: ffff888078016000 0000000000000000 00000016ffffffff 0000000000000000 [ 326.399251][ T8960] head: 00fff00000000003 ffffea0001e00401 00000000ffffffff 00000000ffffffff [ 326.454741][ T8917] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 326.482464][ T8960] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 326.524220][ T8970] netlink: 'syz.3.586': attribute type 1 has an invalid length. [ 326.606812][ T51] Bluetooth: hci4: command tx timeout [ 326.627864][ T8960] page dumped because: unmovable page [ 326.658311][ T8960] page_owner tracks the page as allocated [ 326.703906][ T8960] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x528c0(GFP_NOWAIT|__GFP_IO|__GFP_FS|__GFP_NORETRY|__GFP_COMP), pid 5515, tgid 5515 (dhcpcd), ts 66809364237, free_ts 63266575950 [ 326.889442][ T8960] post_alloc_hook+0x1c0/0x230 [ 326.912427][ T8960] get_page_from_freelist+0x1321/0x3890 [ 326.945465][ T8960] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 326.994169][ T8960] alloc_pages_mpol+0x1fb/0x550 [ 326.999091][ T8960] alloc_pages_noprof+0x131/0x390 [ 327.066390][ T8960] skb_page_frag_refill+0x186/0x5a0 [ 327.071665][ T8960] try_fill_recv+0x7e4/0x28a0 [ 327.137641][ T8960] virtnet_open+0x3a3/0xc10 [ 327.171505][ T8960] __dev_open+0x2e7/0x7d0 [ 327.209156][ T8960] __dev_change_flags+0x55d/0x720 [ 327.252633][ T8960] netif_change_flags+0x8d/0x160 [ 327.257638][ T8960] dev_change_flags+0xba/0x250 [ 327.365832][ T8960] devinet_ioctl+0x11d5/0x1f50 [ 327.370768][ T8960] inet_ioctl+0x3a7/0x3f0 [ 327.468138][ T8960] sock_do_ioctl+0x115/0x280 [ 327.478221][ T8960] sock_ioctl+0x227/0x6b0 [ 327.508521][ T8960] page last free pid 5509 tgid 5509 stack trace: [ 327.578907][ T8960] __free_frozen_pages+0x7fe/0x1180 [ 327.634469][ T8960] __put_partials+0x16d/0x1c0 [ 327.669366][ T8976] could not allocate digest TFM handle binfmt_misc [ 327.683636][ T8960] qlist_free_all+0x4d/0x120 [ 327.719577][ T8960] kasan_quarantine_reduce+0x195/0x1e0 [ 327.759582][ T8960] __kasan_slab_alloc+0x69/0x90 [ 327.782231][ T8960] __kmalloc_noprof+0x1d4/0x510 [ 327.801237][ T8960] tomoyo_realpath_from_path+0xc2/0x6e0 [ 327.824606][ T8960] tomoyo_path_perm+0x274/0x460 [ 327.853068][ T8960] security_inode_getattr+0x116/0x290 [ 327.875753][ T8960] vfs_fstat+0x4b/0xe0 [ 327.883046][ T8960] __do_sys_newfstat+0x87/0x100 [ 327.905925][ T8960] do_syscall_64+0xcd/0x490 [ 327.925871][ T8960] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 327.997478][ T8917] team0: Port device team_slave_0 added [ 328.146203][ T8917] team0: Port device team_slave_1 added [ 328.525772][ T8917] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 328.532789][ T8917] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 328.700053][ T51] Bluetooth: hci4: command tx timeout [ 328.743398][ T8917] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 328.825792][ T8917] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 328.832784][ T8917] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 329.040420][ T8917] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 329.705326][ T30] audit: type=1804 audit(6046597114.157:5): pid=8994 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.590" name="/newroot/163/file0" dev="tmpfs" ino=873 res=1 errno=0 [ 329.840210][ T8917] hsr_slave_0: entered promiscuous mode [ 329.892468][ T8917] hsr_slave_1: entered promiscuous mode [ 329.938797][ T8917] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 329.993953][ T8917] Cannot create hsr debugfs directory [ 330.764764][ T51] Bluetooth: hci4: command tx timeout [ 331.273711][ T8917] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 331.768581][ T8917] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 331.888710][ T8917] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 332.104572][ T8917] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 332.652817][ T8917] 8021q: adding VLAN 0 to HW filter on device bond0 [ 332.797098][ T8917] 8021q: adding VLAN 0 to HW filter on device team0 [ 332.896659][ T1161] bridge0: port 1(bridge_slave_0) entered blocking state [ 332.903854][ T1161] bridge0: port 1(bridge_slave_0) entered forwarding state [ 332.990836][ T1161] bridge0: port 2(bridge_slave_1) entered blocking state [ 332.998035][ T1161] bridge0: port 2(bridge_slave_1) entered forwarding state [ 334.242936][ T8917] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 336.065557][ T8917] veth0_vlan: entered promiscuous mode [ 336.206492][ T8917] veth1_vlan: entered promiscuous mode [ 336.682039][ T8917] veth0_macvtap: entered promiscuous mode [ 336.737174][ T8917] veth1_macvtap: entered promiscuous mode [ 337.679262][ T9077] random: crng reseeded on system resumption [ 337.860294][ T8917] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 338.165178][ T8917] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 338.323187][ T8917] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 338.392239][ T8917] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 338.478685][ T8917] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 338.487431][ T8917] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 338.545194][ T9074] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 338.689003][ T9074] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 339.452054][ T1161] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 339.511866][ T1161] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 340.326742][ T3558] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 340.367680][ T3558] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 343.902677][ T51] Bluetooth: hci4: unexpected event 0x35 length: 17 > 6 [ 345.252822][ T9156] openvswitch: netlink: Key type 257 is out of range max 32 [ 345.885538][ T9137] binder: 9131:9137 ioctl c00c620f 200000000340 returned -22 [ 345.960314][ T9159] netlink: 4 bytes leftover after parsing attributes in process `syz.1.614'. [ 349.573949][ T9218] FAULT_INJECTION: forcing a failure. [ 349.573949][ T9218] name failslab, interval 1, probability 0, space 0, times 0 [ 349.671156][ T9218] CPU: 0 UID: 0 PID: 9218 Comm: syz.1.624 Not tainted 6.16.0-rc4-syzkaller-00123-g4c06e63b9203 #0 PREEMPT(full) [ 349.671187][ T9218] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 349.671200][ T9218] Call Trace: [ 349.671206][ T9218] [ 349.671213][ T9218] dump_stack_lvl+0x16c/0x1f0 [ 349.671249][ T9218] should_fail_ex+0x512/0x640 [ 349.671280][ T9218] ? __kmalloc_node_track_caller_noprof+0xc3/0x510 [ 349.671327][ T9218] should_failslab+0xc2/0x120 [ 349.671349][ T9218] __kmalloc_node_track_caller_noprof+0xd6/0x510 [ 349.671383][ T9218] ? __pfx__proc_mkdir+0x10/0x10 [ 349.671402][ T9218] ? nf_lwtunnel_net_init+0x38/0xf0 [ 349.671426][ T9218] ? __pfx_nf_lwtunnel_net_init+0x10/0x10 [ 349.671449][ T9218] kmemdup_noprof+0x29/0x60 [ 349.671481][ T9218] nf_lwtunnel_net_init+0x38/0xf0 [ 349.671504][ T9218] ops_init+0x1df/0x5f0 [ 349.671524][ T9218] setup_net+0x1ff/0x510 [ 349.671541][ T9218] ? lockdep_init_map_type+0x5c/0x280 [ 349.671571][ T9218] ? __pfx_setup_net+0x10/0x10 [ 349.671591][ T9218] ? debug_mutex_init+0x37/0x70 [ 349.671615][ T9218] copy_net_ns+0x2a6/0x5f0 [ 349.671639][ T9218] create_new_namespaces+0x3ea/0xa90 [ 349.671668][ T9218] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 349.671693][ T9218] ksys_unshare+0x45b/0xa40 [ 349.671722][ T9218] ? __pfx_ksys_unshare+0x10/0x10 [ 349.671751][ T9218] ? xfd_validate_state+0x61/0x180 [ 349.671786][ T9218] __x64_sys_unshare+0x31/0x40 [ 349.671814][ T9218] do_syscall_64+0xcd/0x490 [ 349.671847][ T9218] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 349.671867][ T9218] RIP: 0033:0x7f758678e929 [ 349.671883][ T9218] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 349.671902][ T9218] RSP: 002b:00007f75875a1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 349.671921][ T9218] RAX: ffffffffffffffda RBX: 00007f75869b5fa0 RCX: 00007f758678e929 [ 349.671934][ T9218] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 349.671946][ T9218] RBP: 00007f7586810b39 R08: 0000000000000000 R09: 0000000000000000 [ 349.671958][ T9218] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 349.671971][ T9218] R13: 0000000000000000 R14: 00007f75869b5fa0 R15: 00007ffe4c561d28 [ 349.671995][ T9218] [ 349.992652][ T9223] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input14 [ 354.377647][ T9284] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input15 [ 355.404675][ T9299] netlink: 342 bytes leftover after parsing attributes in process `syz.4.637'. [ 355.476936][ T9299] netlink: 'syz.4.637': attribute type 1 has an invalid length. [ 355.552952][ T9299] netlink: 'syz.4.637': attribute type 2 has an invalid length. [ 355.600927][ T9299] netlink: 'syz.4.637': attribute type 7 has an invalid length. [ 355.664890][ T9299] netlink: 274 bytes leftover after parsing attributes in process `syz.4.637'. [ 356.582840][ T9326] ubi0: attaching mtd0 [ 356.608673][ T9326] ubi0: scanning is finished [ 356.613322][ T9326] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 356.882485][ T9326] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 358.225887][ T9347] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input16 [ 360.335175][ T9362] netlink: 28 bytes leftover after parsing attributes in process `syz.2.650'. [ 360.413726][ T9362] bridge0: port 2(bridge_slave_1) entered disabled state [ 360.599945][ T9362] bridge_slave_1 (unregistering): left allmulticast mode [ 360.607033][ T9362] bridge_slave_1 (unregistering): left promiscuous mode [ 360.666719][ T9362] bridge0: port 2(bridge_slave_1) entered disabled state [ 361.454261][ T9373] FAULT_INJECTION: forcing a failure. [ 361.454261][ T9373] name failslab, interval 1, probability 0, space 0, times 0 [ 361.665350][ T9373] CPU: 0 UID: 0 PID: 9373 Comm: syz.2.651 Not tainted 6.16.0-rc4-syzkaller-00123-g4c06e63b9203 #0 PREEMPT(full) [ 361.665381][ T9373] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 361.665394][ T9373] Call Trace: [ 361.665400][ T9373] [ 361.665408][ T9373] dump_stack_lvl+0x16c/0x1f0 [ 361.665445][ T9373] should_fail_ex+0x512/0x640 [ 361.665476][ T9373] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 361.665511][ T9373] should_failslab+0xc2/0x120 [ 361.665532][ T9373] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 361.665565][ T9373] ? alloc_empty_file+0x55/0x1e0 [ 361.665591][ T9373] alloc_empty_file+0x55/0x1e0 [ 361.665614][ T9373] path_openat+0xda/0x2cb0 [ 361.665643][ T9373] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 361.665673][ T9373] ? __pfx_path_openat+0x10/0x10 [ 361.665705][ T9373] ? __lock_acquire+0xb8a/0x1c90 [ 361.665737][ T9373] do_filp_open+0x20b/0x470 [ 361.665768][ T9373] ? __pfx_do_filp_open+0x10/0x10 [ 361.665816][ T9373] ? alloc_fd+0x471/0x7d0 [ 361.665852][ T9373] do_sys_openat2+0x11b/0x1d0 [ 361.665876][ T9373] ? __pfx_do_sys_openat2+0x10/0x10 [ 361.665910][ T9373] __x64_sys_openat+0x174/0x210 [ 361.665934][ T9373] ? __pfx___x64_sys_openat+0x10/0x10 [ 361.665969][ T9373] do_syscall_64+0xcd/0x490 [ 361.666002][ T9373] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 361.666040][ T9373] RIP: 0033:0x7f001ed8e929 [ 361.666056][ T9373] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 361.666077][ T9373] RSP: 002b:00007f001fc75038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 361.666097][ T9373] RAX: ffffffffffffffda RBX: 00007f001efb6080 RCX: 00007f001ed8e929 [ 361.666112][ T9373] RDX: 0000000000000000 RSI: 0000200000000300 RDI: ffffffffffffff9c [ 361.666125][ T9373] RBP: 00007f001ee10b39 R08: 0000000000000000 R09: 0000000000000000 [ 361.666138][ T9373] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 361.666150][ T9373] R13: 0000000000000000 R14: 00007f001efb6080 R15: 00007fff93d92178 [ 361.666176][ T9373] [ 363.596541][ T9382] kexec: Could not allocate control_code_buffer [ 367.086706][ T30] audit: type=1800 audit(6046597159.529:6): pid=9446 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.665" name="features" dev="configfs" ino=24173 res=0 errno=0 [ 367.326932][ T9450] netlink: 98 bytes leftover after parsing attributes in process `syz.1.668'. [ 368.851283][ T9463] FAULT_INJECTION: forcing a failure. [ 368.851283][ T9463] name failslab, interval 1, probability 0, space 0, times 0 [ 368.965717][ T9463] CPU: 0 UID: 0 PID: 9463 Comm: syz.1.672 Not tainted 6.16.0-rc4-syzkaller-00123-g4c06e63b9203 #0 PREEMPT(full) [ 368.965746][ T9463] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 368.965758][ T9463] Call Trace: [ 368.965764][ T9463] [ 368.965771][ T9463] dump_stack_lvl+0x16c/0x1f0 [ 368.965826][ T9463] should_fail_ex+0x512/0x640 [ 368.965857][ T9463] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 368.965893][ T9463] should_failslab+0xc2/0x120 [ 368.965914][ T9463] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 368.965948][ T9463] ? __d_alloc+0x31/0xaa0 [ 368.965981][ T9463] __d_alloc+0x31/0xaa0 [ 368.966002][ T9463] d_alloc_pseudo+0x1c/0xc0 [ 368.966025][ T9463] alloc_file_pseudo+0xcf/0x230 [ 368.966049][ T9463] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 368.966078][ T9463] __shmem_file_setup+0x1a3/0x330 [ 368.966108][ T9463] shmem_zero_setup+0x93/0x1a0 [ 368.966140][ T9463] __mmap_region+0x1ece/0x25e0 [ 368.966174][ T9463] ? __pfx___mmap_region+0x10/0x10 [ 368.966223][ T9463] ? rcu_is_watching+0x12/0xc0 [ 368.966251][ T9463] ? rcu_is_watching+0x12/0xc0 [ 368.966273][ T9463] ? trace_sched_exit_tp+0xde/0x130 [ 368.966299][ T9463] ? __schedule+0x1181/0x5de0 [ 368.966343][ T9463] ? __pfx___schedule+0x10/0x10 [ 368.966401][ T9463] ? trace_cap_capable+0x18d/0x200 [ 368.966432][ T9463] mmap_region+0x1ab/0x3f0 [ 368.966450][ T9463] ? __get_unmapped_area+0x267/0x440 [ 368.966499][ T9463] do_mmap+0xa3e/0x1210 [ 368.966530][ T9463] ? __pfx_do_mmap+0x10/0x10 [ 368.966556][ T9463] ? __pfx_down_write_killable+0x10/0x10 [ 368.966585][ T9463] vm_mmap_pgoff+0x281/0x450 [ 368.966614][ T9463] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 368.966645][ T9463] ? __x64_sys_futex+0x1e0/0x4c0 [ 368.966672][ T9463] ? __x64_sys_futex+0x1e9/0x4c0 [ 368.966710][ T9463] ksys_mmap_pgoff+0x7d/0x5c0 [ 368.966734][ T9463] ? xfd_validate_state+0x61/0x180 [ 368.966764][ T9463] ? __pfx_ksys_write+0x10/0x10 [ 368.966801][ T9463] __x64_sys_mmap+0x125/0x190 [ 368.966837][ T9463] do_syscall_64+0xcd/0x490 [ 368.966874][ T9463] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 368.966896][ T9463] RIP: 0033:0x7f758678e929 [ 368.966913][ T9463] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 368.966935][ T9463] RSP: 002b:00007f75875a1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 368.966955][ T9463] RAX: ffffffffffffffda RBX: 00007f75869b5fa0 RCX: 00007f758678e929 [ 368.966970][ T9463] RDX: 0000000000000003 RSI: 0000000002020009 RDI: 0000000000000000 [ 368.966983][ T9463] RBP: 00007f7586810b39 R08: fffffffffffffffa R09: 0000000000008000 [ 368.966998][ T9463] R10: 0000000000000eb1 R11: 0000000000000246 R12: 0000000000000000 [ 368.967011][ T9463] R13: 0000000000000000 R14: 00007f75869b5fa0 R15: 00007ffe4c561d28 [ 368.967039][ T9463] [ 376.443622][ T9516] could not allocate digest TFM handle binfmt_misc [ 378.964276][ T9513] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78000 [ 379.152785][ T9513] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 379.279429][ T9513] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 379.455710][ T9513] page_type: f5(slab) [ 379.459751][ T9513] raw: 00fff00000000040 ffff88801b842140 dead000000000122 0000000000000000 [ 379.618905][ T9513] raw: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000 [ 379.723483][ T9513] head: 00fff00000000040 ffff88801b842140 dead000000000122 0000000000000000 [ 379.810517][ T9513] head: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000 [ 379.960760][ T9513] head: 00fff00000000003 ffffea0001e00001 00000000ffffffff 00000000ffffffff [ 380.234179][ T9513] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 380.445601][ T9513] page dumped because: unmovable page [ 380.533149][ T9513] page_owner tracks the page as allocated [ 380.601298][ T9513] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 3558, tgid 3558 (kworker/u8:9), ts 373563835500, free_ts 373123144878 [ 380.909928][ T9513] post_alloc_hook+0x1c0/0x230 [ 380.978414][ T9513] get_page_from_freelist+0x1321/0x3890 [ 381.063888][ T9513] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 381.140983][ T9513] alloc_pages_mpol+0x1fb/0x550 [ 381.209395][ T9513] new_slab+0x23b/0x330 [ 381.274785][ T9513] ___slab_alloc+0xd9c/0x1940 [ 381.339568][ T9513] __slab_alloc.constprop.0+0x56/0xb0 [ 381.415096][ T9513] __kmalloc_node_track_caller_noprof+0x2ee/0x510 [ 381.513560][ T9513] kmalloc_reserve+0xef/0x2c0 [ 381.518304][ T9513] __alloc_skb+0x166/0x380 [ 381.599922][ T9513] nsim_dev_trap_report_work+0x2b1/0xcf0 [ 381.678847][ T9513] process_one_work+0x9cf/0x1b70 [ 381.687009][ T9513] worker_thread+0x6c8/0xf10 [ 381.742715][ T9513] kthread+0x3c5/0x780 [ 381.804563][ T9513] ret_from_fork+0x5d4/0x6f0 [ 381.839764][ T9513] ret_from_fork_asm+0x1a/0x30 [ 381.844872][ T9513] page last free pid 9488 tgid 9485 stack trace: [ 381.975964][ T9513] __free_frozen_pages+0x7fe/0x1180 [ 382.018689][ T9513] qlist_free_all+0x4d/0x120 [ 382.059050][ T9513] kasan_quarantine_reduce+0x195/0x1e0 [ 382.126272][ T9513] __kasan_slab_alloc+0x69/0x90 [ 382.169070][ T9513] kmem_cache_alloc_noprof+0x1cb/0x3b0 [ 382.245601][ T9513] getname_flags.part.0+0x4c/0x550 [ 382.290083][ T9513] getname_flags+0x93/0xf0 [ 382.330132][ T9513] do_sys_openat2+0xb8/0x1d0 [ 382.334776][ T9513] __x64_sys_openat+0x174/0x210 [ 382.422408][ T9513] do_syscall_64+0xcd/0x490 [ 382.492130][ T9513] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 383.747157][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 383.753635][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 385.979009][ T9619] netlink: 28 bytes leftover after parsing attributes in process `syz.4.696'. [ 386.101079][ T9619] veth0_macvtap: left promiscuous mode [ 387.523286][ T9635] netlink: 20 bytes leftover after parsing attributes in process `syz.1.698'. [ 388.632561][ T9651] netlink: 28 bytes leftover after parsing attributes in process `syz.4.701'. [ 389.122369][ T9651] team0: Port device team_slave_1 removed [ 390.453647][ T51] Bluetooth: hci3: unexpected event for opcode 0x0001 [ 390.778995][ T9666] netlink: 20 bytes leftover after parsing attributes in process `syz.4.705'. [ 390.896837][ T9666] netlink: 32 bytes leftover after parsing attributes in process `syz.4.705'. [ 390.989203][ T9674] netlink: 8 bytes leftover after parsing attributes in process `syz.4.705'. [ 394.029287][ T9699] random: crng reseeded on system resumption [ 394.461379][ T51] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0 [ 394.470897][ T51] Bluetooth: hci3: Injecting HCI hardware error event [ 394.479288][ T5864] Bluetooth: hci3: hardware error 0x00 [ 396.541756][ T5864] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 397.035773][ T9717] Process accounting resumed [ 397.205463][ T9717] delete_channel: no stack [ 398.287114][ T5864] Bluetooth: hci2: unexpected event for opcode 0x0001 [ 401.802847][ T9782] FAULT_INJECTION: forcing a failure. [ 401.802847][ T9782] name fail_futex, interval 1, probability 0, space 0, times 0 [ 401.989079][ T9788] bridge0: port 2(netdevsim1) entered blocking state [ 402.056036][ T9782] CPU: 0 UID: 0 PID: 9782 Comm: syz.4.730 Not tainted 6.16.0-rc4-syzkaller-00123-g4c06e63b9203 #0 PREEMPT(full) [ 402.056069][ T9782] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 402.056082][ T9782] Call Trace: [ 402.056089][ T9782] [ 402.056097][ T9782] dump_stack_lvl+0x16c/0x1f0 [ 402.056138][ T9782] should_fail_ex+0x512/0x640 [ 402.056177][ T9782] get_futex_key+0x1d0/0x1540 [ 402.056206][ T9782] ? find_held_lock+0x2b/0x80 [ 402.056229][ T9782] ? __pfx_get_futex_key+0x10/0x10 [ 402.056257][ T9782] ? __mutex_trylock_common+0xe9/0x250 [ 402.056296][ T9782] futex_wake+0xea/0x530 [ 402.056331][ T9782] ? __pfx_futex_wake+0x10/0x10 [ 402.056362][ T9782] ? __lock_acquire+0xb8a/0x1c90 [ 402.056405][ T9782] do_futex+0x1e3/0x350 [ 402.056434][ T9782] ? __pfx_do_futex+0x10/0x10 [ 402.056460][ T9782] ? __might_fault+0xe3/0x190 [ 402.056501][ T9782] mm_release+0x24e/0x300 [ 402.056528][ T9782] do_exit+0x68b/0x2bd0 [ 402.056565][ T9782] ? __pfx_do_exit+0x10/0x10 [ 402.056595][ T9782] ? do_raw_spin_lock+0x12c/0x2b0 [ 402.056630][ T9782] ? find_held_lock+0x2b/0x80 [ 402.056656][ T9782] do_group_exit+0xd3/0x2a0 [ 402.056690][ T9782] get_signal+0x2673/0x26d0 [ 402.056718][ T9782] ? kmem_cache_free+0x2d1/0x4d0 [ 402.056751][ T9782] ? fd_install+0x225/0x750 [ 402.056786][ T9782] ? __pfx_get_signal+0x10/0x10 [ 402.056812][ T9782] ? do_futex+0x122/0x350 [ 402.056840][ T9782] ? __pfx_do_futex+0x10/0x10 [ 402.056871][ T9782] arch_do_signal_or_restart+0x8f/0x790 [ 402.056900][ T9782] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 402.056935][ T9782] ? xfd_validate_state+0x61/0x180 [ 402.056979][ T9782] exit_to_user_mode_loop+0x84/0x110 [ 402.057017][ T9782] do_syscall_64+0x3f6/0x490 [ 402.057054][ T9782] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 402.057088][ T9782] RIP: 0033:0x7fb02d38e929 [ 402.057105][ T9782] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 402.057125][ T9782] RSP: 002b:00007fb02e1340e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 402.057144][ T9782] RAX: fffffffffffffe00 RBX: 00007fb02d5b6088 RCX: 00007fb02d38e929 [ 402.057158][ T9782] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fb02d5b6088 [ 402.057189][ T9782] RBP: 00007fb02d5b6080 R08: 0000000000000000 R09: 0000000000000000 [ 402.057203][ T9782] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fb02d5b608c [ 402.057216][ T9782] R13: 0000000000000000 R14: 00007ffe44c51320 R15: 00007ffe44c51408 [ 402.057244][ T9782] [ 402.585262][ T5864] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0 [ 402.599470][ T5864] Bluetooth: hci2: Injecting HCI hardware error event [ 402.607719][ T5864] Bluetooth: hci2: hardware error 0x00 [ 402.650160][ T9788] bridge0: port 2(netdevsim1) entered disabled state [ 402.657038][ T9788] netdevsim netdevsim2 netdevsim1: entered allmulticast mode [ 402.880485][ T9788] netdevsim netdevsim2 netdevsim1: entered promiscuous mode [ 403.075409][ T9788] bridge0: port 2(netdevsim1) entered blocking state [ 403.082248][ T9788] bridge0: port 2(netdevsim1) entered forwarding state [ 403.917855][ T9811] Ignoring unsupported numa_zonelist_order value: [ 403.917855][ T9811] [ 404.619878][ T5864] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 406.189593][ T9843] syz.4.740: vmalloc error: size 16384, failed to allocate pages, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 406.677566][ T9843] CPU: 0 UID: 0 PID: 9843 Comm: syz.4.740 Not tainted 6.16.0-rc4-syzkaller-00123-g4c06e63b9203 #0 PREEMPT(full) [ 406.677601][ T9843] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 406.677629][ T9843] Call Trace: [ 406.677636][ T9843] [ 406.677645][ T9843] dump_stack_lvl+0x16c/0x1f0 [ 406.677685][ T9843] warn_alloc+0x248/0x3a0 [ 406.677723][ T9843] ? __pfx_warn_alloc+0x10/0x10 [ 406.677760][ T9843] ? alloc_pages_mpol+0x25a/0x550 [ 406.677785][ T9843] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 406.677819][ T9843] __vmalloc_node_range_noprof+0x11d4/0x14b0 [ 406.677860][ T9843] ? kernel_clone+0xfc/0x960 [ 406.677897][ T9843] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 406.677939][ T9843] ? kernel_clone+0xfc/0x960 [ 406.677967][ T9843] __vmalloc_node_noprof+0xad/0xf0 [ 406.677997][ T9843] ? kernel_clone+0xfc/0x960 [ 406.678028][ T9843] copy_process+0x2c70/0x76a0 [ 406.678058][ T9843] ? __pfx___futex_wait+0x10/0x10 [ 406.678092][ T9843] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 406.678123][ T9843] ? lockdep_hardirqs_on+0x7c/0x110 [ 406.678165][ T9843] ? __pfx_copy_process+0x10/0x10 [ 406.678209][ T9843] kernel_clone+0xfc/0x960 [ 406.678241][ T9843] ? __pfx_kernel_clone+0x10/0x10 [ 406.678285][ T9843] ? 0xffffffff81000000 [ 406.678301][ T9843] __do_sys_clone+0xce/0x120 [ 406.678330][ T9843] ? __pfx___do_sys_clone+0x10/0x10 [ 406.678378][ T9843] ? __pfx_aa_get_newest_label+0x10/0x10 [ 406.678405][ T9843] ? 0xffffffff81000000 [ 406.678431][ T9843] ? xfd_validate_state+0x61/0x180 [ 406.678464][ T9843] ? bpf_lsm_capable+0x9/0x10 [ 406.678510][ T9843] do_syscall_64+0xcd/0x490 [ 406.678549][ T9843] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 406.678573][ T9843] RIP: 0033:0x7fb02d38e929 [ 406.678597][ T9843] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 406.678621][ T9843] RSP: 002b:00007fb02e113038 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 406.678644][ T9843] RAX: ffffffffffffffda RBX: 00007fb02d5b6160 RCX: 00007fb02d38e929 [ 406.678659][ T9843] RDX: 9999999999999999 RSI: 0000000000000004 RDI: 0000000000000000 [ 406.678674][ T9843] RBP: 00007fb02d410b39 R08: 0000000000000009 R09: 0000000000000000 [ 406.678689][ T9843] R10: ffffffff81000000 R11: 0000000000000246 R12: 0000000000000000 [ 406.678704][ T9843] R13: 0000000000000000 R14: 00007fb02d5b6160 R15: 00007ffe44c51408 [ 406.678725][ T9843] ? 0xffffffff81000000 [ 406.678749][ T9843] [ 406.678758][ T9843] Mem-Info: [ 407.559942][ T9847] vivid-003: ================= START STATUS ================= [ 407.642703][ T9847] vivid-003: Radio HW Seek Mode: Bounded [ 407.648655][ T9847] vivid-003: Radio Programmable HW Seek: false [ 407.761278][ T9847] vivid-003: RDS Rx I/O Mode: Block I/O [ 407.766888][ T9847] vivid-003: Generate RBDS Instead of RDS: false [ 407.928455][ T9847] vivid-003: RDS Reception: true [ 408.036049][ T9847] vivid-003: RDS Program Type: 0 inactive [ 408.180103][ T9847] vivid-003: RDS PS Name: inactive [ 408.300007][ T9847] vivid-003: RDS Radio Text: inactive [ 408.402613][ T9847] vivid-003: RDS Traffic Announcement: false inactive [ 408.559895][ T9847] vivid-003: RDS Traffic Program: false inactive [ 408.566311][ T9847] vivid-003: RDS Music: false inactive [ 408.820079][ T9847] vivid-003: ================== END STATUS ================== [ 409.879032][ T9843] active_anon:5869 inactive_anon:38075 isolated_anon:0 [ 409.879032][ T9843] active_file:20451 inactive_file:39402 isolated_file:0 [ 409.879032][ T9843] unevictable:768 dirty:698 writeback:0 [ 409.879032][ T9843] slab_reclaimable:10812 slab_unreclaimable:98013 [ 409.879032][ T9843] mapped:47480 shmem:34399 pagetables:1102 [ 409.879032][ T9843] sec_pagetables:0 bounce:0 [ 409.879032][ T9843] kernel_misc_reclaimable:0 [ 409.879032][ T9843] free:1256248 free_pcp:19693 free_cma:0 [ 410.588787][ T9843] Node 0 active_anon:23412kB inactive_anon:127236kB active_file:81840kB inactive_file:157440kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:189904kB dirty:1924kB writeback:0kB shmem:111288kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11440kB pagetables:4644kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 411.101688][ T9843] Node 1 active_anon:0kB inactive_anon:12kB active_file:0kB inactive_file:132kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:152kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 411.525624][ T9843] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 411.920457][ T9843] lowmem_reserve[]: 0 2480 2482 2482 2482 [ 412.009196][ T9843] Node 0 DMA32 free:1024812kB boost:0kB min:34076kB low:42592kB high:51108kB reserved_highatomic:0KB free_highatomic:0KB active_anon:23360kB inactive_anon:106996kB active_file:80592kB inactive_file:157368kB unevictable:1536kB writepending:2064kB present:3129332kB managed:2540344kB mlocked:0kB bounce:0kB free_pcp:72068kB local_pcp:72068kB free_cma:0kB [ 412.435549][ T9843] lowmem_reserve[]: 0 0 1 1 1 [ 412.469935][ T9843] Node 0 Normal free:12kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB free_highatomic:0KB active_anon:44kB inactive_anon:0kB active_file:1248kB inactive_file:72kB unevictable:0kB writepending:0kB present:1048580kB managed:1388kB mlocked:0kB bounce:0kB free_pcp:12kB local_pcp:12kB free_cma:0kB [ 412.645035][ T9843] lowmem_reserve[]: 0 0 0 0 0 [ 412.675741][ T9843] Node 1 Normal free:3914412kB boost:0kB min:55804kB low:69752kB high:83700kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:132kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:8060kB local_pcp:8060kB free_cma:0kB [ 412.863645][ T9843] lowmem_reserve[]: 0 0 0 0 0 [ 412.878832][ T9843] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 412.999615][ T9843] Node 0 DMA32: 3481*4kB (UME) 933*8kB (UM) 744*16kB (UME) 468*32kB (UME) 323*64kB (UME) 83*128kB (UME) 44*256kB (UM) 30*512kB (UME) 19*1024kB (UM) 7*2048kB (UE) 231*4096kB (UM) = 1086156kB [ 413.122316][ T9843] Node 0 Normal: 1*4kB (M) 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB [ 413.242963][ T9843] Node 1 Normal: 81*4kB (U) 25*8kB (UE) 54*16kB (UME) 208*32kB (UME) 103*64kB (UE) 37*128kB (UME) 13*256kB (U) 7*512kB (UME) 3*1024kB (UME) 3*2048kB (UME) 947*4096kB (M) = 3914412kB [ 413.387285][ T9843] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 413.459906][ T9843] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 413.510233][ T9843] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 413.575037][ T9843] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 413.633929][ T9843] 79529 total pagecache pages [ 413.638652][ T9843] 0 pages in swap cache [ 413.691821][ T9843] Free swap = 124996kB [ 413.749936][ T9843] Total swap = 124996kB [ 413.754230][ T9843] 2097051 pages RAM [ 413.758049][ T9843] 0 pages HighMem/MovableOnly [ 413.812510][ T9843] 429987 pages reserved [ 413.816815][ T9843] 0 pages cma reserved                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 syzkaller syzkaller login: [ 565.121756][T11589] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1109'. [ 565.270589][T11590] netlink: 25 bytes leftover after parsing attributes in process `syz.2.1109'. [ 566.781606][T11610] Invalid ELF header magic: != ELF [ 567.013734][T11610] netlink: 330 bytes leftover after parsing attributes in process `syz.3.1114'. [ 567.336727][T11620] netlink: 'syz.1.1116': attribute type 4 has an invalid length. [ 568.101189][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 568.107518][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 572.838920][T11701] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input27 [ 573.135327][T11702] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1135'. [ 573.307776][T11702] mac80211_hwsim hwsim8 wlan1: entered allmulticast mode [ 575.004496][T11728] FAULT_INJECTION: forcing a failure. [ 575.004496][T11728] name failslab, interval 1, probability 0, space 0, times 0 [ 575.079436][T11728] CPU: 0 UID: 0 PID: 11728 Comm: syz.4.1141 Not tainted 6.16.0-rc4-syzkaller-00123-g4c06e63b9203 #0 PREEMPT(full) [ 575.079466][T11728] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 575.079478][T11728] Call Trace: [ 575.079485][T11728] [ 575.079495][T11728] dump_stack_lvl+0x16c/0x1f0 [ 575.079533][T11728] should_fail_ex+0x512/0x640 [ 575.079565][T11728] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 575.079601][T11728] should_failslab+0xc2/0x120 [ 575.079621][T11728] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 575.079654][T11728] ? sock_alloc_inode+0x25/0x1c0 [ 575.079679][T11728] ? __pfx_sock_alloc_inode+0x10/0x10 [ 575.079699][T11728] sock_alloc_inode+0x25/0x1c0 [ 575.079719][T11728] alloc_inode+0x64/0x240 [ 575.079742][T11728] sock_alloc+0x40/0x280 [ 575.079762][T11728] __sock_create+0xc1/0x8d0 [ 575.079790][T11728] __sys_socket+0x14d/0x260 [ 575.079814][T11728] ? __pfx___sys_socket+0x10/0x10 [ 575.079838][T11728] ? xfd_validate_state+0x61/0x180 [ 575.079865][T11728] ? __pfx_do_writev+0x10/0x10 [ 575.079899][T11728] __x64_sys_socket+0x72/0xb0 [ 575.079922][T11728] ? lockdep_hardirqs_on+0x7c/0x110 [ 575.079952][T11728] do_syscall_64+0xcd/0x490 [ 575.079985][T11728] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 575.080006][T11728] RIP: 0033:0x7fb02d38e929 [ 575.080022][T11728] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 575.080043][T11728] RSP: 002b:00007fb02e155038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 575.080062][T11728] RAX: ffffffffffffffda RBX: 00007fb02d5b5fa0 RCX: 00007fb02d38e929 [ 575.080076][T11728] RDX: 000000000000003a RSI: 0000000000000002 RDI: 000000000000000a [ 575.080088][T11728] RBP: 00007fb02d410b39 R08: 0000000000000000 R09: 0000000000000000 [ 575.080100][T11728] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 575.080113][T11728] R13: 0000000000000000 R14: 00007fb02d5b5fa0 R15: 00007ffe44c51408 [ 575.080138][T11728] [ 576.282405][T11728] socket: no more sockets [ 576.473688][T11750] FAULT_INJECTION: forcing a failure. [ 576.473688][T11750] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 576.707113][T11750] CPU: 0 UID: 0 PID: 11750 Comm: syz.3.1144 Not tainted 6.16.0-rc4-syzkaller-00123-g4c06e63b9203 #0 PREEMPT(full) [ 576.707143][T11750] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 576.707154][T11750] Call Trace: [ 576.707161][T11750] [ 576.707168][T11750] dump_stack_lvl+0x16c/0x1f0 [ 576.707204][T11750] should_fail_ex+0x512/0x640 [ 576.707238][T11750] _copy_from_user+0x2e/0xd0 [ 576.707258][T11750] snd_pcm_oss_write2+0x1c2/0x410 [ 576.707282][T11750] ? __pfx_snd_pcm_oss_write2+0x10/0x10 [ 576.707316][T11750] snd_pcm_oss_write+0x711/0xa10 [ 576.707347][T11750] ? __pfx_snd_pcm_oss_write+0x10/0x10 [ 576.707369][T11750] vfs_write+0x29d/0x1150 [ 576.707405][T11750] ? __pfx_vfs_write+0x10/0x10 [ 576.707431][T11750] ? find_held_lock+0x2b/0x80 [ 576.707453][T11750] ? __fget_files+0x204/0x3c0 [ 576.707485][T11750] ? __fget_files+0x20e/0x3c0 [ 576.707520][T11750] ksys_write+0x12a/0x250 [ 576.707549][T11750] ? __pfx_ksys_write+0x10/0x10 [ 576.707585][T11750] do_syscall_64+0xcd/0x490 [ 576.707618][T11750] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 576.707638][T11750] RIP: 0033:0x7f401b58e929 [ 576.707654][T11750] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 576.707674][T11750] RSP: 002b:00007f401c35f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 576.707692][T11750] RAX: ffffffffffffffda RBX: 00007f401b7b6080 RCX: 00007f401b58e929 [ 576.707706][T11750] RDX: 00000000fffffdef RSI: 0000000000000000 RDI: 0000000000000003 [ 576.707718][T11750] RBP: 00007f401c35f090 R08: 0000000000000000 R09: 0000000000000000 [ 576.707730][T11750] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 576.707741][T11750] R13: 0000000000000000 R14: 00007f401b7b6080 R15: 00007ffefb9ff8b8 [ 576.707766][T11750] [ 577.893404][T11766] vhci_hcd: invalid port number 16 [ 578.051747][T11766] vhci_hcd: USB_PORT_FEAT_U1/2_TIMEOUT req not supported for USB 2.0 roothub [ 580.244679][T11811] input: jJǸ;9%vlQ J86 as /devices/virtual/input/input28 [ 580.426270][T11800] can: request_module (can-proto-0) failed. [ 582.794111][T11827] Process accounting resumed [ 585.709723][T11890] input: jJǸ;9%vlQ J86 as /devices/virtual/input/input29 [ 587.551200][T11902] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1174'. [ 588.819306][T11927] netlink: 338 bytes leftover after parsing attributes in process `syz.2.1181'. [ 588.870799][T11928] netlink: 338 bytes leftover after parsing attributes in process `syz.2.1181'. [ 589.063011][T11927] netlink: 290 bytes leftover after parsing attributes in process `syz.2.1181'. [ 589.081914][T11931] ubi0: attaching mtd0 [ 589.116927][T11931] ubi0: scanning is finished [ 589.182398][T11931] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 590.616370][T11931] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 592.741752][T11919] kexec: Could not allocate control_code_buffer [ 594.021219][T11976] kafs: addr_prefs: Invalid Command [ 594.382057][T11982] netlink: 6 bytes leftover after parsing attributes in process `syz.1.1189'. [ 596.611263][T11991] kexec: Could not allocate control_code_buffer [ 599.350617][T12050] netlink: 206 bytes leftover after parsing attributes in process `syz.3.1203'. [ 599.415268][T12050] bridge0: entered allmulticast mode [ 602.131908][T12077] ubi0: attaching mtd0 [ 602.168333][T12077] ubi0: scanning is finished [ 602.229830][T12077] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 602.855139][T12077] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 603.474239][ T30] audit: type=1800 audit(6046597524.904:10): pid=12094 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.1211" name="features" dev="configfs" ino=36307 res=0 errno=0 [ 605.953768][T12124] netlink: 186 bytes leftover after parsing attributes in process `syz.3.1218'. [ 606.527336][T12124] random: crng reseeded on system resumption [ 609.510793][T12164] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1228'. [ 613.558004][T12215] unchecked MSR access error: WRMSR to 0x418 (tried to write 0x0000000000000322) at rIP: 0xffffffff8163eaa9 (__mcheck_cpu_init_clear_banks+0x109/0x1f0) [ 613.573539][T12215] Call Trace: [ 613.576920][T12215] [ 613.579870][T12215] ? __pfx_mce_cpu_restart+0x10/0x10 [ 613.585197][T12215] mce_cpu_restart+0x98/0xb0 [ 613.589815][T12215] smp_call_function_many_cond+0xef9/0x1510 [ 613.595748][T12215] ? __pfx_mce_cpu_restart+0x10/0x10 [ 613.601086][T12215] ? _raw_spin_unlock_irqrestore+0x61/0x80 [ 613.606944][T12215] ? __pfx_smp_call_function_many_cond+0x10/0x10 [ 613.613307][T12215] ? __pfx___try_to_del_timer_sync+0x10/0x10 [ 613.619329][T12215] ? __pfx_mce_cpu_restart+0x10/0x10 [ 613.624650][T12215] on_each_cpu_cond_mask+0x40/0x90 [ 613.629791][T12215] set_bank+0x240/0x3a0 [ 613.633976][T12215] ? __pfx_set_bank+0x10/0x10 [ 613.638699][T12215] ? find_held_lock+0x2b/0x80 [ 613.643415][T12215] ? __pfx_set_bank+0x10/0x10 [ 613.648169][T12215] dev_attr_store+0x58/0x80 [ 613.652698][T12215] ? __pfx_dev_attr_store+0x10/0x10 [ 613.657921][T12215] sysfs_kf_write+0xf2/0x150 [ 613.662543][T12215] kernfs_fop_write_iter+0x351/0x510 [ 613.667846][T12215] ? __pfx_sysfs_kf_write+0x10/0x10 [ 613.673070][T12215] vfs_write+0x6c4/0x1150 [ 613.677448][T12215] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 613.683283][T12215] ? __pfx___mutex_lock+0x10/0x10 [ 613.688340][T12215] ? __pfx_vfs_write+0x10/0x10 [ 613.693246][T12215] ksys_write+0x12a/0x250 [ 613.697611][T12215] ? __pfx_ksys_write+0x10/0x10 [ 613.702509][T12215] do_syscall_64+0xcd/0x490 [ 613.707049][T12215] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 613.712961][T12215] RIP: 0033:0x7f758678e929 [ 613.717392][T12215] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 613.737018][T12215] RSP: 002b:00007f758753e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 613.745449][T12215] RAX: ffffffffffffffda RBX: 00007f75869b6240 RCX: 00007f758678e929 [ 613.753431][T12215] RDX: 0000000000000003 RSI: 0000200000000240 RDI: 000000000000000b [ 613.761412][T12215] RBP: 00007f7586810b39 R08: 0000000000000000 R09: 0000000000000000 [ 613.769405][T12215] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 613.777391][T12215] R13: 0000000000000000 R14: 00007f75869b6240 R15: 00007ffe4c561d28 [ 613.785390][T12215] [ 613.788544][ C0] vkms_vblank_simulate: vblank timer overrun [ 613.854350][T12197] Process accounting paused [ 614.389646][T12206] netlink: 334 bytes leftover after parsing attributes in process `syz.2.1238'. [ 615.485900][T12210] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 615.525084][T12210] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 615.656572][T12210] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 616.695378][T12256] netlink: 338 bytes leftover after parsing attributes in process `syz.2.1248'. [ 616.809104][T12237] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1244'. [ 617.521938][ T51] Bluetooth: hci1: command 0x0406 tx timeout [ 617.599588][ T51] Bluetooth: hci4: command 0x0406 tx timeout [ 618.638165][T12283] tipc: Started in network mode [ 618.688256][T12283] tipc: Node identity ee00, cluster identity 4711 [ 618.755791][T12283] tipc: Node number set to 60928 [ 619.681272][ T51] Bluetooth: hci4: command 0x0406 tx timeout [ 619.708123][T12303] netlink: zone id is out of range [ 619.758182][T12303] netlink: zone id is out of range [ 619.839076][T12303] netlink: zone id is out of range [ 619.930705][T12303] netlink: zone id is out of range [ 619.966035][T12303] netlink: zone id is out of range [ 620.011905][T12303] netlink: zone id is out of range [ 620.017060][T12303] netlink: zone id is out of range [ 620.132676][T12303] netlink: zone id is out of range [ 620.199418][T12303] netlink: zone id is out of range [ 620.237925][T12303] netlink: zone id is out of range [ 620.728690][T12318] FAULT_INJECTION: forcing a failure. [ 620.728690][T12318] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 620.929891][T12323] sysfs_service_op_store: Client not running :-5: [ 621.021027][T12318] CPU: 0 UID: 0 PID: 12318 Comm: syz.3.1258 Not tainted 6.16.0-rc4-syzkaller-00123-g4c06e63b9203 #0 PREEMPT(full) [ 621.021061][T12318] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 621.021075][T12318] Call Trace: [ 621.021082][T12318] [ 621.021091][T12318] dump_stack_lvl+0x16c/0x1f0 [ 621.021133][T12318] should_fail_ex+0x512/0x640 [ 621.021174][T12318] should_fail_alloc_page+0xe7/0x130 [ 621.021201][T12318] prepare_alloc_pages+0x3c2/0x610 [ 621.021235][T12318] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 621.021278][T12318] ? mas_next_slot+0x12d3/0x21b0 [ 621.021301][T12318] ? __up_read+0x1f8/0x750 [ 621.021342][T12318] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 621.021382][T12318] ? mas_find+0x2f6/0x530 [ 621.021404][T12318] ? validate_mm+0x40a/0x570 [ 621.021441][T12318] ? __pfx_validate_mm+0x10/0x10 [ 621.021479][T12318] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 621.021519][T12318] ? policy_nodemask+0xea/0x4e0 [ 621.021545][T12318] alloc_pages_mpol+0x1fb/0x550 [ 621.021575][T12318] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 621.021607][T12318] alloc_pages_noprof+0x131/0x390 [ 621.021652][T12318] __pud_alloc+0x3b/0x750 [ 621.021683][T12318] alloc_new_pud+0x267/0x320 [ 621.021722][T12318] move_page_tables+0x6b6/0x4070 [ 621.021764][T12318] ? __pfx_copy_vma+0x10/0x10 [ 621.021800][T12318] ? lockdep_hardirqs_on+0x7c/0x110 [ 621.021844][T12318] ? __pfx_move_page_tables+0x10/0x10 [ 621.021881][T12318] ? register_lock_class+0x41/0x4c0 [ 621.021913][T12318] ? __schedule+0x1181/0x5de0 [ 621.021956][T12318] ? __lock_acquire+0x622/0x1c90 [ 621.021995][T12318] copy_vma_and_data+0x216/0x750 [ 621.022035][T12318] ? __pfx_copy_vma_and_data+0x10/0x10 [ 621.022080][T12318] ? __vma_enter_locked+0x163/0x3f0 [ 621.022116][T12318] ? find_held_lock+0x2b/0x80 [ 621.022141][T12318] ? move_vma+0x536/0x1740 [ 621.022183][T12318] move_vma+0x548/0x1740 [ 621.022224][T12318] ? __pfx_move_vma+0x10/0x10 [ 621.022259][T12318] ? mm_get_unmapped_area+0x95/0xe0 [ 621.022288][T12318] ? shmem_get_unmapped_area+0x170/0xa00 [ 621.022321][T12318] ? cap_mmap_addr+0x4b/0x120 [ 621.022345][T12318] ? bpf_lsm_mmap_addr+0x9/0x10 [ 621.022370][T12318] ? security_mmap_addr+0x6c/0x1e0 [ 621.022403][T12318] ? __get_unmapped_area+0x267/0x440 [ 621.022434][T12318] ? vrm_set_new_addr+0x208/0x290 [ 621.022486][T12318] __do_sys_mremap+0xe07/0x1590 [ 621.022526][T12318] ? __pfx___do_sys_mremap+0x10/0x10 [ 621.022574][T12318] ? __fget_files+0x204/0x3c0 [ 621.022627][T12318] ? __x64_sys_futex+0x1e0/0x4c0 [ 621.022672][T12318] do_syscall_64+0xcd/0x490 [ 621.022708][T12318] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 621.022731][T12318] RIP: 0033:0x7f401b58e929 [ 621.022748][T12318] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 621.022769][T12318] RSP: 002b:00007f4018bf2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 621.022789][T12318] RAX: ffffffffffffffda RBX: 00007f401b7b6320 RCX: 00007f401b58e929 [ 621.022803][T12318] RDX: 0000000000000008 RSI: 0000000000000002 RDI: 0000000000000000 [ 621.022816][T12318] RBP: 00007f401b610b39 R08: 00007effffffb000 R09: 0000000000000000 [ 621.022830][T12318] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000000 [ 621.022843][T12318] R13: 0000000000000000 R14: 00007f401b7b6320 R15: 00007ffefb9ff8b8 [ 621.022871][T12318] [ 622.591062][T12327] ptrace attach of "./syz-executor exec"[5855] was attempted by "./syz-executor exec"[12327] [ 629.279928][T12383] Invalid ELF header magic: != ELF [ 629.381455][T12381] FAULT_INJECTION: forcing a failure. [ 629.381455][T12381] name failslab, interval 1, probability 0, space 0, times 0 [ 629.541462][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 629.547817][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 629.679335][T12393] netlink: 186 bytes leftover after parsing attributes in process `syz.2.1275'. [ 629.710738][T12381] CPU: 0 UID: 0 PID: 12381 Comm: syz.4.1273 Not tainted 6.16.0-rc4-syzkaller-00123-g4c06e63b9203 #0 PREEMPT(full) [ 629.710771][T12381] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 629.710784][T12381] Call Trace: [ 629.710791][T12381] [ 629.710799][T12381] dump_stack_lvl+0x16c/0x1f0 [ 629.710837][T12381] should_fail_ex+0x512/0x640 [ 629.710879][T12381] ? __kvmalloc_node_noprof+0x124/0x620 [ 629.710917][T12381] should_failslab+0xc2/0x120 [ 629.710939][T12381] __kvmalloc_node_noprof+0x137/0x620 [ 629.710972][T12381] ? alloc_netdev_mqs+0xfbe/0x1570 [ 629.711012][T12381] ? alloc_netdev_mqs+0xfbe/0x1570 [ 629.711045][T12381] alloc_netdev_mqs+0xfbe/0x1570 [ 629.711085][T12381] __ip_tunnel_create+0x3ad/0x6e0 [ 629.711111][T12381] ? __pfx___ip_tunnel_create+0x10/0x10 [ 629.711144][T12381] ip_tunnel_init_net+0x22f/0x7d0 [ 629.711174][T12381] ? __pfx_ip_tunnel_init_net+0x10/0x10 [ 629.711205][T12381] ? trace_kmalloc+0x2b/0xd0 [ 629.711227][T12381] ? __kmalloc_noprof+0x242/0x510 [ 629.711265][T12381] ? __pfx_ipip_init_net+0x10/0x10 [ 629.711292][T12381] ops_init+0x1df/0x5f0 [ 629.711314][T12381] setup_net+0x1ff/0x510 [ 629.711332][T12381] ? lockdep_init_map_type+0x5c/0x280 [ 629.711365][T12381] ? __pfx_setup_net+0x10/0x10 [ 629.711387][T12381] ? debug_mutex_init+0x37/0x70 [ 629.711412][T12381] copy_net_ns+0x2a6/0x5f0 [ 629.711438][T12381] create_new_namespaces+0x3ea/0xa90 [ 629.711469][T12381] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 629.711497][T12381] ksys_unshare+0x45b/0xa40 [ 629.711528][T12381] ? __pfx_ksys_unshare+0x10/0x10 [ 629.711560][T12381] ? xfd_validate_state+0x61/0x180 [ 629.711599][T12381] __x64_sys_unshare+0x31/0x40 [ 629.711629][T12381] do_syscall_64+0xcd/0x490 [ 629.711665][T12381] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 629.711687][T12381] RIP: 0033:0x7fb02d38e929 [ 629.711704][T12381] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 629.711725][T12381] RSP: 002b:00007fb02e155038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 629.711744][T12381] RAX: ffffffffffffffda RBX: 00007fb02d5b5fa0 RCX: 00007fb02d38e929 [ 629.711758][T12381] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 629.711776][T12381] RBP: 00007fb02d410b39 R08: 0000000000000000 R09: 0000000000000000 [ 629.711789][T12381] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 629.711802][T12381] R13: 0000000000000000 R14: 00007fb02d5b5fa0 R15: 00007ffe44c51408 [ 629.711828][T12381] [ 629.967435][ C0] vkms_vblank_simulate: vblank timer overrun [ 630.901256][T12400] synth uevent: /devices/virtual/block/nbd6: unknown uevent action string [ 630.971560][T12400] block nbd6: uevent: failed to send synthetic uevent: -22 [ 631.089223][T12402] FAULT_INJECTION: forcing a failure. [ 631.089223][T12402] name failslab, interval 1, probability 0, space 0, times 0 [ 631.159735][T12402] CPU: 0 UID: 0 PID: 12402 Comm: syz.2.1277 Not tainted 6.16.0-rc4-syzkaller-00123-g4c06e63b9203 #0 PREEMPT(full) [ 631.159770][T12402] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 631.159785][T12402] Call Trace: [ 631.159792][T12402] [ 631.159801][T12402] dump_stack_lvl+0x16c/0x1f0 [ 631.159844][T12402] should_fail_ex+0x512/0x640 [ 631.159881][T12402] ? __kmalloc_node_track_caller_noprof+0xc3/0x510 [ 631.159927][T12402] should_failslab+0xc2/0x120 [ 631.159951][T12402] __kmalloc_node_track_caller_noprof+0xd6/0x510 [ 631.160000][T12402] ? find_held_lock+0x2b/0x80 [ 631.160020][T12402] ? kstrdup_const+0x63/0x80 [ 631.160057][T12402] kstrdup+0x53/0x100 [ 631.160099][T12402] kstrdup_const+0x63/0x80 [ 631.160131][T12402] __kernfs_new_node+0x9b/0x8e0 [ 631.160164][T12402] ? __pfx___kernfs_new_node+0x10/0x10 [ 631.160200][T12402] ? find_held_lock+0x2b/0x80 [ 631.160222][T12402] ? kernfs_root+0xee/0x2a0 [ 631.160256][T12402] kernfs_new_node+0x13c/0x1e0 [ 631.160275][T12402] ? net_ns_get_ownership+0xf8/0x1b0 [ 631.160311][T12402] kernfs_create_dir_ns+0x4c/0x1a0 [ 631.160333][T12402] sysfs_create_dir_ns+0x13a/0x2b0 [ 631.160362][T12402] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 631.160390][T12402] ? find_held_lock+0x2b/0x80 [ 631.160413][T12402] ? net_namespace+0x12/0x50 [ 631.160449][T12402] ? device_namespace+0x76/0xa0 [ 631.160491][T12402] kobject_add_internal+0x2c4/0x9b0 [ 631.160519][T12402] kobject_add+0x16e/0x240 [ 631.160541][T12402] ? __pfx_kobject_add+0x10/0x10 [ 631.160565][T12402] ? get_device_parent+0x1c5/0x4e0 [ 631.160587][T12402] ? kobject_put+0xab/0x5a0 [ 631.160615][T12402] device_add+0x288/0x1a70 [ 631.160640][T12402] ? __pfx_dev_set_name+0x10/0x10 [ 631.160669][T12402] ? __pfx_device_add+0x10/0x10 [ 631.160732][T12402] ? lockdep_init_map_type+0x5c/0x280 [ 631.160770][T12402] ? __init_waitqueue_head+0xca/0x150 [ 631.160799][T12402] netdev_register_kobject+0x182/0x3a0 [ 631.160829][T12402] register_netdevice+0x13dc/0x2270 [ 631.160857][T12402] ? __pfx_register_netdevice+0x10/0x10 [ 631.160888][T12402] internal_dev_create+0x2d3/0x520 [ 631.160914][T12402] ovs_vport_add+0x147/0x4d0 [ 631.160936][T12402] new_vport+0x16/0x1d0 [ 631.160967][T12402] ovs_dp_cmd_new+0x6ba/0xe60 [ 631.161007][T12402] ? __pfx_ovs_dp_cmd_new+0x10/0x10 [ 631.161046][T12402] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 631.161077][T12402] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 631.161115][T12402] genl_family_rcv_msg_doit+0x209/0x2f0 [ 631.161146][T12402] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 631.161175][T12402] ? trace_cap_capable+0x18d/0x200 [ 631.161205][T12402] ? bpf_lsm_capable+0x9/0x10 [ 631.161235][T12402] ? security_capable+0x7e/0x260 [ 631.161259][T12402] ? ns_capable+0xd7/0x110 [ 631.161286][T12402] genl_rcv_msg+0x55c/0x800 [ 631.161317][T12402] ? __pfx_genl_rcv_msg+0x10/0x10 [ 631.161347][T12402] ? __pfx_ovs_dp_cmd_new+0x10/0x10 [ 631.161390][T12402] netlink_rcv_skb+0x158/0x420 [ 631.161414][T12402] ? __pfx_genl_rcv_msg+0x10/0x10 [ 631.161444][T12402] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 631.161481][T12402] ? netlink_deliver_tap+0x1ae/0xd30 [ 631.161508][T12402] genl_rcv+0x28/0x40 [ 631.161531][T12402] netlink_unicast+0x53a/0x7f0 [ 631.161559][T12402] ? __pfx_netlink_unicast+0x10/0x10 [ 631.161592][T12402] netlink_sendmsg+0x8d1/0xdd0 [ 631.161621][T12402] ? __pfx_netlink_sendmsg+0x10/0x10 [ 631.161656][T12402] ____sys_sendmsg+0xa98/0xc70 [ 631.161689][T12402] ? copy_msghdr_from_user+0x10a/0x160 [ 631.161724][T12402] ? __pfx_____sys_sendmsg+0x10/0x10 [ 631.161766][T12402] ? __pfx_futex_wake_mark+0x10/0x10 [ 631.161801][T12402] ___sys_sendmsg+0x134/0x1d0 [ 631.161834][T12402] ? __pfx____sys_sendmsg+0x10/0x10 [ 631.161862][T12402] ? __lock_acquire+0x622/0x1c90 [ 631.161921][T12402] __sys_sendmsg+0x16d/0x220 [ 631.161952][T12402] ? __pfx___sys_sendmsg+0x10/0x10 [ 631.161983][T12402] ? __x64_sys_futex+0x1e0/0x4c0 [ 631.162024][T12402] do_syscall_64+0xcd/0x490 [ 631.162058][T12402] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 631.162078][T12402] RIP: 0033:0x7f001ed8e929 [ 631.162095][T12402] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 631.162115][T12402] RSP: 002b:00007f001fc75038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 631.162134][T12402] RAX: ffffffffffffffda RBX: 00007f001efb6080 RCX: 00007f001ed8e929 [ 631.162148][T12402] RDX: 0000000000000080 RSI: 0000200000000140 RDI: 0000000000000009 [ 631.162161][T12402] RBP: 00007f001ee10b39 R08: 0000000000000000 R09: 0000000000000000 [ 631.162174][T12402] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 631.162186][T12402] R13: 0000000000000000 R14: 00007f001efb6080 R15: 00007fff93d92178 [ 631.162212][T12402] [ 631.630877][ C0] vkms_vblank_simulate: vblank timer overrun [ 631.641185][T12402] kobject: kobject_add_internal failed for HfR (error: -12 parent: net) [ 631.659672][T12389] kexec: Could not allocate control_code_buffer [ 635.880050][T12451] device-mapper: ioctl: Invalid data size in the ioctl structure: 1 [ 636.615301][T12454] FAULT_INJECTION: forcing a failure. [ 636.615301][T12454] name fail_futex, interval 1, probability 0, space 0, times 0 [ 636.718021][T12454] CPU: 0 UID: 60929 PID: 12454 Comm: syz.1.1288 Not tainted 6.16.0-rc4-syzkaller-00123-g4c06e63b9203 #0 PREEMPT(full) [ 636.718054][T12454] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 636.718068][T12454] Call Trace: [ 636.718075][T12454] [ 636.718083][T12454] dump_stack_lvl+0x16c/0x1f0 [ 636.718126][T12454] should_fail_ex+0x512/0x640 [ 636.718164][T12454] get_futex_key+0x1d0/0x1540 [ 636.718194][T12454] ? find_held_lock+0x2b/0x80 [ 636.718239][T12454] ? __pfx_get_futex_key+0x10/0x10 [ 636.718273][T12454] ? __mutex_trylock_common+0xe9/0x250 [ 636.718312][T12454] futex_wake+0xea/0x530 [ 636.718348][T12454] ? __pfx_futex_wake+0x10/0x10 [ 636.718379][T12454] ? __lock_acquire+0xb8a/0x1c90 [ 636.718422][T12454] do_futex+0x1e3/0x350 [ 636.718452][T12454] ? __pfx_do_futex+0x10/0x10 [ 636.718478][T12454] ? __might_fault+0xe3/0x190 [ 636.718520][T12454] mm_release+0x24e/0x300 [ 636.718547][T12454] do_exit+0x68b/0x2bd0 [ 636.718584][T12454] ? __pfx_do_exit+0x10/0x10 [ 636.718614][T12454] ? do_raw_spin_lock+0x12c/0x2b0 [ 636.718649][T12454] ? find_held_lock+0x2b/0x80 [ 636.718676][T12454] do_group_exit+0xd3/0x2a0 [ 636.718709][T12454] get_signal+0x2673/0x26d0 [ 636.718737][T12454] ? iput+0x519/0x880 [ 636.718764][T12454] ? __pfx_get_signal+0x10/0x10 [ 636.718789][T12454] ? do_futex+0x122/0x350 [ 636.718817][T12454] ? __pfx_do_futex+0x10/0x10 [ 636.718848][T12454] arch_do_signal_or_restart+0x8f/0x790 [ 636.718877][T12454] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 636.718912][T12454] ? xfd_validate_state+0x61/0x180 [ 636.718949][T12454] exit_to_user_mode_loop+0x84/0x110 [ 636.718986][T12454] do_syscall_64+0x3f6/0x490 [ 636.719023][T12454] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 636.719045][T12454] RIP: 0033:0x7f758678e929 [ 636.719063][T12454] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 636.719086][T12454] RSP: 002b:00007f75875a10e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 636.719107][T12454] RAX: fffffffffffffe00 RBX: 00007f75869b5fa8 RCX: 00007f758678e929 [ 636.719123][T12454] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f75869b5fa8 [ 636.719138][T12454] RBP: 00007f75869b5fa0 R08: 0000000000000000 R09: 0000000000000000 [ 636.719152][T12454] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f75869b5fac [ 636.719167][T12454] R13: 0000000000000000 R14: 00007ffe4c561c40 R15: 00007ffe4c561d28 [ 636.719196][T12454] [ 637.045101][T12466] ================================================================== [ 637.053309][T12466] BUG: KASAN: slab-out-of-bounds in afs_proc_addr_prefs_write+0x13a9/0x15f0 [ 637.062010][T12466] Read of size 1 at addr ffff8880222d34e7 by task syz.3.1290/12466 [ 637.069924][T12466] [ 637.072265][T12466] CPU: 0 UID: 0 PID: 12466 Comm: syz.3.1290 Not tainted 6.16.0-rc4-syzkaller-00123-g4c06e63b9203 #0 PREEMPT(full) [ 637.072296][T12466] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 637.072310][T12466] Call Trace: [ 637.072318][T12466] [ 637.072327][T12466] dump_stack_lvl+0x116/0x1f0 [ 637.072364][T12466] print_report+0xcd/0x680 [ 637.072386][T12466] ? __virt_addr_valid+0x81/0x610 [ 637.072412][T12466] ? __phys_addr+0xe8/0x180 [ 637.072437][T12466] ? afs_proc_addr_prefs_write+0x13a9/0x15f0 [ 637.072463][T12466] kasan_report+0xe0/0x110 [ 637.072486][T12466] ? afs_proc_addr_prefs_write+0x13a9/0x15f0 [ 637.072518][T12466] afs_proc_addr_prefs_write+0x13a9/0x15f0 [ 637.072545][T12466] ? __lock_acquire+0xb8a/0x1c90 [ 637.072580][T12466] ? __pfx_afs_proc_addr_prefs_write+0x10/0x10 [ 637.072610][T12466] ? find_held_lock+0x2b/0x80 [ 637.072632][T12466] ? __might_fault+0xe3/0x190 [ 637.072666][T12466] ? __might_fault+0xe3/0x190 [ 637.072700][T12466] ? __might_fault+0x13b/0x190 [ 637.072741][T12466] ? proc_simple_write+0x117/0x1b0 [ 637.072765][T12466] proc_simple_write+0x117/0x1b0 [ 637.072789][T12466] ? __pfx_proc_simple_write+0x10/0x10 [ 637.072814][T12466] proc_reg_write+0x23d/0x330 [ 637.072851][T12466] ? __pfx_proc_reg_write+0x10/0x10 [ 637.072885][T12466] vfs_writev+0x5dc/0xde0 [ 637.072917][T12466] ? __pfx___mutex_trylock_common+0x10/0x10 [ 637.072955][T12466] ? __pfx_vfs_writev+0x10/0x10 [ 637.072988][T12466] ? __mutex_lock+0x1ca/0xb90 [ 637.073023][T12466] ? kmem_cache_free+0x2d1/0x4d0 [ 637.073060][T12466] ? __pfx___mutex_lock+0x10/0x10 [ 637.073100][T12466] ? __fget_files+0x20e/0x3c0 [ 637.073140][T12466] ? do_writev+0x132/0x340 [ 637.073188][T12466] do_writev+0x132/0x340 [ 637.073231][T12466] ? __pfx_do_writev+0x10/0x10 [ 637.073268][T12466] do_syscall_64+0xcd/0x490 [ 637.073307][T12466] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 637.073333][T12466] RIP: 0033:0x7f401b58e929 [ 637.073352][T12466] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 637.073375][T12466] RSP: 002b:00007f401c380038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 637.073397][T12466] RAX: ffffffffffffffda RBX: 00007f401b7b5fa0 RCX: 00007f401b58e929 [ 637.073414][T12466] RDX: 0000000000000003 RSI: 0000200000000140 RDI: 0000000000000007 [ 637.073430][T12466] RBP: 00007f401b610b39 R08: 0000000000000000 R09: 0000000000000000 [ 637.073445][T12466] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 637.073460][T12466] R13: 0000000000000000 R14: 00007f401b7b5fa0 R15: 00007ffefb9ff8b8 [ 637.073483][T12466] [ 637.073492][T12466] [ 637.333242][T12466] Allocated by task 12466: [ 637.337669][T12466] kasan_save_stack+0x33/0x60 [ 637.342371][T12466] kasan_save_track+0x14/0x30 [ 637.347068][T12466] __kasan_kmalloc+0xaa/0xb0 [ 637.351679][T12466] __kmalloc_node_track_caller_noprof+0x221/0x510 [ 637.358124][T12466] memdup_user_nul+0x2b/0x120 [ 637.362823][T12466] proc_simple_write+0xc7/0x1b0 [ 637.367698][T12466] proc_reg_write+0x23d/0x330 [ 637.372395][T12466] vfs_writev+0x5dc/0xde0 [ 637.376745][T12466] do_writev+0x132/0x340 [ 637.381006][T12466] do_syscall_64+0xcd/0x490 [ 637.385552][T12466] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 637.391460][T12466] [ 637.393787][T12466] The buggy address belongs to the object at ffff8880222d34e0 [ 637.393787][T12466] which belongs to the cache kmalloc-8 of size 8 [ 637.407501][T12466] The buggy address is located 0 bytes to the right of [ 637.407501][T12466] allocated 7-byte region [ffff8880222d34e0, ffff8880222d34e7) [ 637.421827][T12466] [ 637.424156][T12466] The buggy address belongs to the physical page: [ 637.430570][T12466] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x222d3 [ 637.439339][T12466] anon flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 637.446893][T12466] page_type: f5(slab) [ 637.450883][T12466] raw: 00fff00000000000 ffff88801b841500 0000000000000000 dead000000000001 [ 637.459476][T12466] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 637.468061][T12466] page dumped because: kasan: bad access detected [ 637.474474][T12466] page_owner tracks the page as allocated [ 637.480187][T12466] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 1, tgid 1 (swapper/0), ts 3242626168, free_ts 3139254394 [ 637.498530][T12466] post_alloc_hook+0x1c0/0x230 [ 637.503319][T12466] get_page_from_freelist+0x1321/0x3890 [ 637.508892][T12466] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 637.514811][T12466] alloc_pages_mpol+0x1fb/0x550 [ 637.519673][T12466] new_slab+0x23b/0x330 [ 637.523844][T12466] ___slab_alloc+0xd9c/0x1940 [ 637.528541][T12466] __slab_alloc.constprop.0+0x56/0xb0 [ 637.533932][T12466] __kmalloc_noprof+0x2f2/0x510 [ 637.538809][T12466] acpi_ns_internalize_name+0x144/0x220 [ 637.544377][T12466] acpi_ns_get_node_unlocked+0x163/0x310 [ 637.550027][T12466] acpi_ns_get_node+0x4c/0x70 [ 637.554724][T12466] acpi_get_handle+0x105/0x270 [ 637.559507][T12466] acpi_has_method+0x7a/0xc0 [ 637.564110][T12466] acpi_is_video_device+0x76/0x210 [ 637.569263][T12466] acpi_init_device_object+0x115d/0x1970 [ 637.574910][T12466] acpi_add_single_object+0xea/0x1b80 [ 637.580295][T12466] page last free pid 24 tgid 24 stack trace: [ 637.586276][T12466] __free_frozen_pages+0x7fe/0x1180 [ 637.591494][T12466] __put_partials+0x16d/0x1c0 [ 637.596193][T12466] process_one_work+0x9cf/0x1b70 [ 637.601169][T12466] worker_thread+0x6c8/0xf10 [ 637.605789][T12466] kthread+0x3c5/0x780 [ 637.609875][T12466] ret_from_fork+0x5d4/0x6f0 [ 637.614486][T12466] ret_from_fork_asm+0x1a/0x30 [ 637.619279][T12466] [ 637.621606][T12466] Memory state around the buggy address: [ 637.627243][T12466] ffff8880222d3380: 05 fc fc fc fa fc fc fc fa fc fc fc fa fc fc fc [ 637.635306][T12466] ffff8880222d3400: 05 fc fc fc 04 fc fc fc fa fc fc fc fa fc fc fc [ 637.643373][T12466] >ffff8880222d3480: fa fc fc fc 05 fc fc fc 00 fc fc fc 07 fc fc fc [ 637.651434][T12466] ^ [ 637.658631][T12466] ffff8880222d3500: fa fc fc fc fa fc fc fc fa fc fc fc 00 fc fc fc [ 637.666708][T12466] ffff8880222d3580: 00 fc fc fc fa fc fc fc fa fc fc fc 05 fc fc fc [ 637.674769][T12466] ================================================================== [ 638.575237][T12466] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 638.582484][T12466] CPU: 0 UID: 0 PID: 12466 Comm: syz.3.1290 Not tainted 6.16.0-rc4-syzkaller-00123-g4c06e63b9203 #0 PREEMPT(full) [ 638.594555][T12466] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 638.604614][T12466] Call Trace: [ 638.607906][T12466] [ 638.610845][T12466] dump_stack_lvl+0x3d/0x1f0 [ 638.615461][T12466] panic+0x71c/0x800 [ 638.619379][T12466] ? __pfx_panic+0x10/0x10 [ 638.623918][T12466] ? mark_held_locks+0x49/0x80 [ 638.628708][T12466] ? preempt_schedule_thunk+0x16/0x30 [ 638.634103][T12466] ? afs_proc_addr_prefs_write+0x13a9/0x15f0 [ 638.640113][T12466] ? preempt_schedule_common+0x44/0xc0 [ 638.645592][T12466] ? afs_proc_addr_prefs_write+0x13a9/0x15f0 [ 638.651582][T12466] check_panic_on_warn+0xab/0xb0 [ 638.656543][T12466] end_report+0x107/0x170 [ 638.660885][T12466] kasan_report+0xee/0x110 [ 638.665312][T12466] ? afs_proc_addr_prefs_write+0x13a9/0x15f0 [ 638.671305][T12466] afs_proc_addr_prefs_write+0x13a9/0x15f0 [ 638.677134][T12466] ? __lock_acquire+0xb8a/0x1c90 [ 638.682083][T12466] ? __pfx_afs_proc_addr_prefs_write+0x10/0x10 [ 638.688251][T12466] ? find_held_lock+0x2b/0x80 [ 638.692941][T12466] ? __might_fault+0xe3/0x190 [ 638.697640][T12466] ? __might_fault+0xe3/0x190 [ 638.702335][T12466] ? __might_fault+0x13b/0x190 [ 638.707128][T12466] ? proc_simple_write+0x117/0x1b0 [ 638.712264][T12466] proc_simple_write+0x117/0x1b0 [ 638.717233][T12466] ? __pfx_proc_simple_write+0x10/0x10 [ 638.722700][T12466] proc_reg_write+0x23d/0x330 [ 638.727395][T12466] ? __pfx_proc_reg_write+0x10/0x10 [ 638.732617][T12466] vfs_writev+0x5dc/0xde0 [ 638.736970][T12466] ? __pfx___mutex_trylock_common+0x10/0x10 [ 638.742902][T12466] ? __pfx_vfs_writev+0x10/0x10 [ 638.747767][T12466] ? __mutex_lock+0x1ca/0xb90 [ 638.752480][T12466] ? kmem_cache_free+0x2d1/0x4d0 [ 638.757440][T12466] ? __pfx___mutex_lock+0x10/0x10 [ 638.762495][T12466] ? __fget_files+0x20e/0x3c0 [ 638.767198][T12466] ? do_writev+0x132/0x340 [ 638.771628][T12466] do_writev+0x132/0x340 [ 638.775908][T12466] ? __pfx_do_writev+0x10/0x10 [ 638.780698][T12466] do_syscall_64+0xcd/0x490 [ 638.785228][T12466] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 638.791135][T12466] RIP: 0033:0x7f401b58e929 [ 638.795559][T12466] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 638.815181][T12466] RSP: 002b:00007f401c380038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 638.823605][T12466] RAX: ffffffffffffffda RBX: 00007f401b7b5fa0 RCX: 00007f401b58e929 [ 638.831585][T12466] RDX: 0000000000000003 RSI: 0000200000000140 RDI: 0000000000000007 [ 638.839564][T12466] RBP: 00007f401b610b39 R08: 0000000000000000 R09: 0000000000000000 [ 638.847545][T12466] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 638.855533][T12466] R13: 0000000000000000 R14: 00007f401b7b5fa0 R15: 00007ffefb9ff8b8 [ 638.863520][T12466] [ 638.866614][T12466] Kernel Offset: disabled [ 638.870954][T12466] Rebooting in 86400 seconds..