last executing test programs:

3m3.726158481s ago: executing program 3 (id=4023):
mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x40eb2, 0xd, 0x300000000000)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
madvise$auto(0x0, 0xffffffffffff0005, 0x19) (fail_nth: 3)
r0 = openat$auto_proc_clear_refs_operations_internal(0xffffffffffffff9c, &(0x7f0000000600)='/proc/thread-self/clear_refs\x00', 0x2, 0x0)
r1 = socket(0x10, 0x2, 0x0)
r2 = socket(0x10, 0x2, 0x6)
r3 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$auto_NL802154_CMD_SET_MAX_CSMA_BACKOFFS(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)={0x30, r3, 0x1, 0x70bd28, 0x25dfdbfc, {}, [@NL802154_ATTR_COORDINATOR={0x1c, 0x1e, 0x0, 0x1, [@nested={0x18, 0x122, 0x0, 0x1, [@nested={0x8, 0x46, 0x0, 0x1, [@nested={0x4, 0xf7}]}, @nested={0xa, 0x10, 0x0, 0x1, [@generic='\x00\x00\x00*O{']}]}]}]}, 0x30}, 0x1, 0x0, 0x0, 0x20008000}, 0x8044)
sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200", @ANYBLOB=']'], 0x1ac}}, 0x40000)
recvmmsg$auto(r1, &(0x7f0000000140)={{0x0, 0x1, &(0x7f0000000080)={0x0, 0x400}, 0x5, 0x0, 0x200002, 0x5}, 0x803}, 0xfffffff9, 0x10, 0x0)
write$auto_proc_clear_refs_operations_internal(r0, 0x0, 0xffffff4b)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
move_pages$auto(0x1, 0x2000000000003, 0x0, 0x0, 0x0, 0x8000400000000000)
setresuid$auto(0x2, 0x7, 0x8080)
ioctl$auto(0x3, 0x400454ca, 0x38)

2m59.374573568s ago: executing program 3 (id=4030):
socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x1, 0x20009, 0x4000000000df, 0xeb0, 0xd4, 0x3)
close_range$auto(0x2, 0x8, 0x0)
statmount$auto(0x0, &(0x7f0000000500)={0x8, 0xfffffffd, 0x401bf, 0x7, 0x3c, 0x65f, 0x1ffde, 0x5, 0x7, 0x2, 0x9, 0x3, 0x6, 0x4, 0xb2, 0x80000000009, 0x6, 0x100dec3, 0xb, 0x4, 0x0, 0x7, 0x2000, 0x203, 0x0, 0x84, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xbb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0xb, 0xfffffffffffffffd, 0x3, 0x0, 0x0, 0x185c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4], "dac2080a5b73ab5a5214206fb00e0072cccd8ce1e62973803b089a8b13b713be80a8d4"}, 0x1fe, 0xd)
sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='l\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000826bd7000fedbdf2503000000060007000800000006000700008000000800", @ANYRES32=0x0, @ANYBLOB="0a00050000000000000000000a00010000004500000000000a000100000000000600070000000a0010"], 0x6c}, 0x1, 0x0, 0x0, 0x40080}, 0x0)
close_range$auto(0x2, 0x8, 0x0)
socket(0x2, 0x3, 0x100)
socket(0x10, 0x2, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}}, 0x44801)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/security/tomoyo/manager\x00', 0x40040, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r0 = openat$auto_tun_fops_tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, 0x0, 0x101441, 0x0)
r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9)
ioctl$auto_TIOCSETD2(r2, 0x5423, &(0x7f00000002c0)="ee1322b7eb0a7fe69c58fcc1b99bf0845fbcf2a9b55b43e21c8f1f7605441eea9324a4977f0d1d4fc72c9f3a1a109aefeada72344fe0d7f693c8a0a1790067d86c1519cf86a70b05482cc2bf3beec0101191b4eaaccc1a76f2a34405944370affc67344cbc701d285671b55becdf23703759706a56444d7a0603bee96a721dcc470195dafd7f7aed48e7939e8c3061")
recvfrom$auto(r1, &(0x7f0000000740)="fb14500936043b01fbab95d09b54f3681d630da50b51687ab87b8e9b5abc2f7caedf7a6cf2a0c4ef8edaa9595397fcb34ec1d46a93b778f96717c7f1325a0b2744e2059b32a4c9be6d0852d25a9aaad3ca8f244506fd4e575d31e9e263ad40293baedee529c8a54e8349b58dd5cfdebc113fb494778f0bb13bbf18d5a3c2a30098decae4c394", 0x5, 0x0, &(0x7f0000000040)=@in={0x2, 0x4e20, @multicast2}, &(0x7f00000000c0)=0x100c0)
fallocate$auto(r0, 0x7, 0x80000000000011, 0x6)
lsm_set_self_attr$auto(0x3, 0xfffffffffffffffc, 0x1f, 0x8000000000000000)
write$auto(0xffffffffffffffff, &(0x7f0000000900)='j\xa2\xb1\n\xb4\xd3\x00\x00\x00\x00\x8e\xc4\x97\x8a\x10\xd5<\xa7J\xb1\x00$\xd6\xfd\xca}\xa3\v\xfc7\x93S8\x02\x88pmh\x14\x86p\x04\\8\xe1|\xa8s\xa7\xdbLq\x0e\xdb\xa7\xb3\x94R\xb3D0\xf1Uf\a\x9f4\xb0\x957\xa6\xcd\xeb\x87^I\xf4\x0f\x18\x80h\xaau\x94\x1c\xd1\xb1c\xafZ\xb1\xf3\v\xd5\x1f\x14\x8c\x1bi\x90\xc8[\xecE\xfdwm\xb6\xf1Wj\xab\xfcIU\xce9\b\xcc\xfc&G*\xe5\x96\x91x\x93}$\x813*\xd4\x16\'w\xad<\xf6\xb1\xd2\xe5\xc3\x19\xfb\x15\xd5U\x80BL\xd8\x19\'\x19\b8\x96\xfb\x9f\xf9y\xf0:\xa18\xd8s\xf6~\x86\x84\xd6\xc1\xdaGo\xcc\xe1\xedq\x06\xb8\xb5\xaf4\xa3\xf5\xf0\xd1\xc13F\xfa.\xf0\"\x12\xe4\x1a\xed\xb7\xaeC\xceDwn\xc5C3v&%\xe0\xe7\xc6\x89\xbb\nH\x0fF\xdc\x03\xba\x18Y\x9d\x7f\xc8B\xfai\x8f]\xcf\x11F\xcb4\x90\x84\n\xea\xd0\x1d0\xb5\xcc\x1f\xf8\xf7\xbb\xf6\xb0\xc3D\xffb\xdchM\xeaq`\xc3\x9bfw\x9d|m0:\xd3\xb3$\xabJ\x84b\x1d\x12\xd0\xf7{\x19\x1cu\x94\x85\xd7\xf7\x88\x8a\xb1\x1c\xc3\x8d\x85.\xb3\xebE\xc2\xa5\r\xf7l\xdd~\xfe\a\xd5K\xb0\v}_\x92s\x9a\x06\x06\xa9I\x86\xc4\xdc\x83\x03\r\x93HXz4\xed\xa5\xd2f3E\xc6\xb7)\x1d\xb2^\x8a\x0e\x1bv\x10\xeffv\x95|\xfb+|\b\xf5\xf4\"t\xd5\xf3%\xb0\x12Y\xa4\xbf\xf8\xb8\xeaF\x91\x96\x9dO`\xf0Pv\xb9\xeb\xf7\xc6\xd7\n\x90B\xe9\f\x8c)\x83iYy\xf3\n\xd7\xbb\x19\xe9~\xbc\x8f\xf4\xda\xcc\xfe6nu\xb8\x82l\x1djc\xe9\xce\"\x1a\x19:G\xa3\xb5\xd34\xe3\xf9>\x91*\xb4\xd7M\xa7\xd3\x19\xed\xf3\xbb\xd8\xb6_\xdb\xec\xacM\xb1\xfc\xcd^\xd1\x18\xf6\t\x12\xdd\n\x16VT\xedT\xa2J\xa4\xe4{\x12\x8df\xed\xd9Q.\xd7\x03+?\r\x98J\x9a\x13\x17\x9c1\xe6\xf7\xaf\x99k&\x96w\xa5\x0e \x01\xe5\xeb\x92\xe2\xd5\xc0\x88D\x06tE\xeb~q>T\x0f\xfa\x1e\xea\xb9H\x1a\xf9VHW;D\xc0\x98\ncs\xbf\xe48*\x8b\ry\x9di\xb2=\xeaI\xd6\xec\xd9\xf6\x15\xf9\x02R\xd0\xaeb\xe0\xab\x01\xb6R\xbc\x88\x13r:\x9a\x99\xc0\x81\x01\xd7\xe2\xcd\xe5\x1f9+\xd2hOp\x95\xf0\x18x\xda{\xbe\x82\xa7\xc1\xbdZ\xc1\xa2o\xae\x13w\xd6\xe3\xfe\x91\x81\x9c\xbb\x9d\x9a\x10\xf9\xd7\xcc\'\xdc\xbf\x1b\xd0\x14F\x19\x86\x9b\xeb\xce\xba\xe4*\x8a\x11\x1b=\xa6\x89Y\x1b\xa2\xde\xac\x0e[N\xb4\xd7x!\x95\xbb%\xb3o\x00\xc3\x9f\xaa(\xac\xf7\xcc\xe6\xeb\x97\xab\xabz\xd5\xe8\x15:\xd8Ck\xed.\x81\xa0I:Vs0\xe6\xf5jE\xff\xd1\xd8\x1bHQXd-ifA\xdcO\xfb\xe4\xca\xcb\xc0\xd8~\xf1\xb2u\xb1B-\x90\xfe\xd5\xe7\x85\xea /\xa0\r|\x04\x8fG\x8e\x8e\x8d{\xbd\x9bb\x02\x96d\'\xc7\"_\b\xae\xef\xdb\xa8dqY\xaa\x13]H\xe0\xf9\x8a\xa2\xec\xb0eI\x9f\xc9\x8bhw\xcfTG\xdf\x19\x83\x04\xe7\xa4\xa21\xbd\"\x89\xb9\xc2\xe8\xad\x1aR-\x95\x10\xde(\x01\xbf\xe0\x04b\x84S\au\r\x1d\x8c\x19\x81\xb8\xf2\xcd\a\xe3-\xc6\x82O0\x14\v}^\x00\x00\xca\x1f\x83\x85z\x81\xd9\xa3\xbc\xac\x1e\xf4\xfb\xef9t\')\xe1Q\x03\x80\xcc\x13\xd5\x16\x03\xe7\xab\xf2a\x9a}4]\xbd\xb6\x98\x02\xa2\"$\xb9\x9cb\xfc<\x99\xd1S\x9e=\xd7w66\xf4\x86\v\x00`\x95\x1bT\x0f\"\xe9P\x85UR\xbc\xda\x1fH\x9c\x00\x00\x00\x00\x00\x00\x00\b-LW\xc4\x91\x17\xc5\x86,N6\x9e\xa6\xeb@VA\xf6\xd0\x14\xcc{:', 0x8)
sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x0)
r3 = socket(0x10, 0x2, 0x0)
sendmmsg$auto(r3, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x4008)

2m58.669279674s ago: executing program 3 (id=4031):
r0 = openat$auto_fops_atomic_t_(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/fail_make_request/space\x00', 0x48981, 0x0)
mmap$auto(0x0, 0x420009, 0xdf, 0xeb1, 0x401, 0x8000)
move_pages$auto(0x1, 0xf54, 0x0, 0x0, 0x0, 0x8000000000000000)
r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty49\x00', 0x800, 0x0)
pidfd_send_signal$auto_PIDFD_SIGNAL_PROCESS_GROUP(r0, 0xc37c, &(0x7f0000000040)={@_si_pad}, 0x4)
ioctl$auto(r1, 0x4b4c, 0x9)
mmap$auto(0x0, 0x400008, 0xdf, 0xf1, 0x2, 0x8000)
r2 = openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
poll$auto(&(0x7f0000000180)={<r3=>r2, 0xfff7, 0x9816}, 0x7f, 0x9)
ioctl$auto_VHOST_SET_OWNER(r3, 0xaf01, 0x0)
ioctl$auto(0x3, 0x4008af03, 0x0)
capset$auto(0x0, 0x0)
ioctl$auto_VHOST_VSOCK_SET_RUNNING(r2, 0x4004af61, 0x0)
write$auto(r0, &(0x7f0000000200)='0\x00\xa6C\x1b\xad\xb1\x9e\xc8Tt\xa8\x87\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\xaf\x14\x8a\xcf\xe8\xe8,-d\x17\xe4\xcbA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL\xf6\xf1\xe9\x17\xb3\xc1\x13\x00\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3Ch\x03&\x1c\r&\xf9i\xa8\x01\xdbBr\'\x83\'d`\x05\x10\x9d\x8f*E\xfb\x9c\rTD\xa3\xc5\x1bWZ\xb8Q7]E\x84v\x17M\xd3\xf3\x1c\xd4.\vA\xad\x88\x85\xe3vi\xd6', 0x4)

2m58.374967161s ago: executing program 3 (id=4032):
socket(0x10, 0x2, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x4004}, 0x4840)
sendmsg$auto_NETDEV_CMD_QUEUE_GET(0xffffffffffffffff, &(0x7f0000003040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40000}, 0x20008810)
sendmmsg$auto(0x3, 0x0, 0x3, 0x0)
openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000240)='/proc/sys/kernel/auto_msgmni\x00', 0x101000, 0x0)
mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x3)
write$auto(0xca, 0x0, 0x1ff)
r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000340), 0x108800, 0x0)
ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x2, 0x2)
openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x80102, 0x0)
close_range$auto(0x2, 0x8, 0x0)
madvise$auto(0x0, 0xffffffffffff0004, 0x19)
madvise$auto(0x0, 0x200007, 0x8)
io_uring_setup$auto(0x4, 0x0) (fail_nth: 3)
move_pages$auto(0x0, 0x1002, 0x0, 0x0, 0x0, 0x2)
socketpair$auto(0x8ff, 0x5, 0x8000000000000000, 0x0)
io_uring_enter$auto(r0, 0x11, 0x2688, 0x5, 0x0, 0x7)
semctl$auto_IPC_STAT(0x100, 0xf60, 0x2, 0x1000)
semget$auto(0x0, 0x13c, 0x1ff)
openat$auto_drm_debugfs_entry_fops_drm_debugfs(0xffffffffffffff9c, 0x0, 0x53b080, 0x0)

2m57.71155985s ago: executing program 3 (id=4034):
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000)
socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0)
recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0)
sendmmsg$auto(0x3, 0x0, 0x787b, 0x7000000)
epoll_ctl$auto(0x5, 0x1, 0xffffffffffffffff, 0x0)
sched_get_priority_min$auto(0x40)
openat$auto_proc_projid_map_operations_base(0xffffffffffffff9c, 0x0, 0x981082, 0x0)
sendmsg$auto_OVS_DP_CMD_DEL(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20040c04}, 0xc0804)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800)
sendmmsg$auto(0x3, 0x0, 0x2, 0x0)
sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6)
close_range$auto(0x2, 0x8, 0x0)
socket(0xa, 0x5, 0x0)
fstatfs$auto(0x3, 0xfffffffffffffffd)
r0 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0)
write$auto_console_fops_tty_io(r0, &(0x7f0000000440)="671d2647dd69b6440843b6e6688a2b5ad9df2669e6f9cd2365", 0x19)
r1 = openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x101001, 0x0)
write$auto(r1, &(0x7f00000000c0)=')]..$(\xbc:\x00\x0f\b!\x9b\xe3\a1\xac\xb9Mm\x04\xb7\x88\'\xae\x05\xf3\xeb\xf5\x0fkl\x81\x8bpLY\x80\x17\xa6|x\xbb\x0fy\xb5\x80\x10z\xea\xff\x10\xf5\xa0V\x7f\r\x16\x1dz\xd5\xbd\x81\xceSRY\x98\xf0\xd7a\xf0\xce\xe7\x82\x8b\xaaP/\x11\t-W\xae\b\xe5\x1b\xea\x04\xe1\xce\xbf|', 0x45c)
socket(0x10, 0x2, 0x0)
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dri/card1\x00', 0x18, 0x0)
bpf$auto(0x7f, 0x0, 0x171)
ppoll$auto(0x0, 0xd6, &(0x7f0000003640)={0x7fffffffffffffff, 0x489}, 0x0, 0x8)
r2 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000140)='/dev/bus/usb/032/001\x00', 0x80202, 0x0)
ioctl$auto_USBDEVFS_CONTROL(r2, 0xc0185500, &(0x7f0000000000)={0x0, 0x3, 0x1, 0x8c53, 0x0, 0x1, 0x0})

2m56.905228638s ago: executing program 3 (id=4036):
mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x40eb2, 0xd, 0x300000000000)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
r0 = openat$auto_proc_clear_refs_operations_internal(0xffffffffffffff9c, &(0x7f0000000600)='/proc/thread-self/clear_refs\x00', 0x2, 0x0)
r1 = socket(0x29, 0x80000, 0x2)
r2 = socket(0x10, 0x2, 0x6)
r3 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$auto_NL802154_CMD_SET_MAX_CSMA_BACKOFFS(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="500bd63d0cd71719df25110000001c001e8018002280080046800400f7800a0010800000004f7b0000"], 0x30}}, 0x8044)
sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200", @ANYBLOB=']'], 0x1ac}}, 0x40000)
mmap$auto(0x0, 0x4020009, 0xdb, 0xeb1, 0x401, 0x8000)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
set_mempolicy$auto(0x6, &(0x7f0000000000)=0x7e, 0x4)
mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x6, 0x2)
recvmmsg$auto(r1, &(0x7f0000000140)={{0x0, 0x1, &(0x7f0000000080)={0x0, 0x400}, 0x5, 0x0, 0x200002, 0x5}, 0x803}, 0xfffffff9, 0x10, 0x0)
write$auto_proc_clear_refs_operations_internal(r0, 0x0, 0xffffff4b)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x61f1, 0xe2, 0xeb1, 0x40000000000a5, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
close_range$auto(0x2, 0x8000, 0x0)
sysfs$auto(0x2, 0x100000000000037, 0x0)
fsopen$auto(0x0, 0x1)
fsconfig$auto(r4, 0x1, &(0x7f00000001c0)='+\x00', &(0x7f0000000280), 0x0)
openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
move_pages$auto(0x1, 0x2000000000003, 0x0, 0x0, 0x0, 0x8000400000000000)
setresuid$auto(0x2, 0x7, 0x8080)
r5 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0)
ioctl$auto(r5, 0x4bfa, 0xffffffffffffffff)
ioctl$auto(0x3, 0x400454ca, 0x38)

2m41.778388257s ago: executing program 32 (id=4036):
mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x40eb2, 0xd, 0x300000000000)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
r0 = openat$auto_proc_clear_refs_operations_internal(0xffffffffffffff9c, &(0x7f0000000600)='/proc/thread-self/clear_refs\x00', 0x2, 0x0)
r1 = socket(0x29, 0x80000, 0x2)
r2 = socket(0x10, 0x2, 0x6)
r3 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$auto_NL802154_CMD_SET_MAX_CSMA_BACKOFFS(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="500bd63d0cd71719df25110000001c001e8018002280080046800400f7800a0010800000004f7b0000"], 0x30}}, 0x8044)
sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200", @ANYBLOB=']'], 0x1ac}}, 0x40000)
mmap$auto(0x0, 0x4020009, 0xdb, 0xeb1, 0x401, 0x8000)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
set_mempolicy$auto(0x6, &(0x7f0000000000)=0x7e, 0x4)
mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x6, 0x2)
recvmmsg$auto(r1, &(0x7f0000000140)={{0x0, 0x1, &(0x7f0000000080)={0x0, 0x400}, 0x5, 0x0, 0x200002, 0x5}, 0x803}, 0xfffffff9, 0x10, 0x0)
write$auto_proc_clear_refs_operations_internal(r0, 0x0, 0xffffff4b)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x61f1, 0xe2, 0xeb1, 0x40000000000a5, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
close_range$auto(0x2, 0x8000, 0x0)
sysfs$auto(0x2, 0x100000000000037, 0x0)
fsopen$auto(0x0, 0x1)
fsconfig$auto(r4, 0x1, &(0x7f00000001c0)='+\x00', &(0x7f0000000280), 0x0)
openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
move_pages$auto(0x1, 0x2000000000003, 0x0, 0x0, 0x0, 0x8000400000000000)
setresuid$auto(0x2, 0x7, 0x8080)
r5 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0)
ioctl$auto(r5, 0x4bfa, 0xffffffffffffffff)
ioctl$auto(0x3, 0x400454ca, 0x38)

9.626673245s ago: executing program 4 (id=4483):
mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000)
r0 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000240)='/sys/devices/virtual/block/ram9/diskseq\x00', 0x0, 0x0)
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000)
syz_genetlink_get_family_id$auto_net_shaper(&(0x7f0000000540), 0xffffffffffffffff)
read$auto(r1, 0x0, 0x20)
writev$auto(r0, &(0x7f0000000200)={0x0, 0x7}, 0x3)
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dri/renderD128\x00', 0x80002, 0x0)

9.160378227s ago: executing program 4 (id=4486):
r0 = socket(0x2, 0x801, 0x100)
listen$auto(0x3, 0x81)
poll$auto(&(0x7f0000000180)={<r1=>r0, 0x6, 0x6}, 0x6, 0x8)
sendmsg$auto_BATADV_CMD_TP_METER(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={0x0, 0x24}, 0x1, 0x0, 0x0, 0x4c894}, 0x20008800)
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002)
pipe2$auto(0x0, 0x80)
socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket(0x28, 0x5, 0x0)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0xffffffff, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
bind$auto(r2, &(0x7f0000000080)=@in={0x28, 0x0, @rand_addr=0xffffffff}, 0x68)
listen$auto(0x3, 0x81)
ppoll$auto(&(0x7f0000000140)={0xffffffffffffffff, 0x3ff, 0x4}, 0x7f, 0x0, &(0x7f00000001c0)={0x3}, 0x8)
listen$auto(r1, 0x1004)

8.879218134s ago: executing program 4 (id=4487):
r0 = socket(0x26, 0x5, 0x0)
bind$auto(r0, &(0x7f0000000280)=@in={0x28, 0xffff, @rand_addr=0xffffdfff}, 0x8)
socket(0x2c, 0x80003, 0x0)
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dri/card1\x00', 0x2000, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r1 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x48402, 0x0)
mmap$auto(0x0, 0x2000d, 0x4000000200df, 0xeb1, 0x404, 0x8000)
sendmsg$auto_HWSIM_CMD_NEW_RADIO(0xffffffffffffffff, 0x0, 0x4000884)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="12"], 0x1ac}}, 0x40000)
r2 = getpid()
r3 = pipe2$auto(&(0x7f00000000c0)=<r4=>0xffffffffffffffff, 0x0)
sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x4000084}, 0x800)
process_vm_readv$auto(r2, &(0x7f0000000000)={0x0, 0xfff}, 0x1, &(0x7f0000000280)={&(0x7f0000000080), 0xffffffff}, 0x6, 0x0)
r5 = openat$auto_i2cdev_fops_i2c_dev(0xffffffffffffff9c, &(0x7f0000000200), 0xe0080, 0x0)
ioctl$auto_I2C_RDWR(r5, 0x707, 0x0)
r6 = socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0)
read$auto(r1, 0x0, 0x1f40)
r7 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f00000006c0)={'nicvf0\x00', <r8=>0x0})
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000700)={'netdevsim0\x00', <r9=>0x0})
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000740)={'xfrm0\x00', <r10=>0x0})
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000780)={'veth0_to_hsr\x00', <r11=>0x0})
r12 = socket(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r12, 0x8933, &(0x7f0000000080)={'vcan0\x00', <r13=>0x0})
bind$auto(0x3, &(0x7f0000000040)=@can={0x1d, r13}, 0x6a)
sendmsg$auto_ETHTOOL_MSG_PHY_GET(r3, &(0x7f0000000b80)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000b40)={&(0x7f00000007c0)=ANY=[@ANYBLOB="64030000", @ANYRES16=0x0, @ANYBLOB="0a0525bd7000fcdbdf252d0000007000018008000300030000000800030001000000080003000800000008000100", @ANYRES32=0x0, @ANYBLOB="140002007465616d5f736c6176655f30000000001400020068737230000000000000000000000000140002007465616d300000000000000000000000080003000000000008000100", @ANYRES32=0x0, @ANYBLOB="4800018008000100", @ANYRES32=0x0, @ANYBLOB="080003000600000008000100", @ANYRES32=0x0, @ANYBLOB="08000100", @ANYBLOB="1400020069705f7674693000000000000000", @ANYRES32=0x0, @ANYBLOB="08000300020000004000018008000100", @ANYRES32=0x0, @ANYBLOB="08000100", @ANYRES32=0x0, @ANYBLOB="140002007663616e52000000000000000000000008000100", @ANYRES32=0x0, @ANYBLOB="0800030002000000840001800800030009000000140002007665746831000000000000000000000014000200626f6e64300000000000000000000000080003000500000008000100", @ANYRES32=0x0, @ANYBLOB="08000100", @ANYRES32=0x0, @ANYBLOB="08000100", @ANYRES32=0x0, @ANYBLOB="1400020067656e6576653000000000000000000008000100", @ANYRES32=0x0, @ANYBLOB="1400020070696d726567310000000000000000004000018008000100", @ANYRES32=0x0, @ANYBLOB="08000100", @ANYRES32=0x0, @ANYBLOB="08000100", @ANYRES32=0x0, @ANYBLOB='\b\x00', @ANYRES32=0x0, @ANYBLOB="08000100", @ANYRES32=0x0, @ANYBLOB="1400020076657468305f766c616e000000000000500001800800030000000000140002006970766c616e300000000000000000001400020069705f767469300000000000000000001400020076657468315f746f5f7465616d00000008000100", @ANYRES32=0x0, @ANYBLOB="0c00018008000100", @ANYRES32=0x0, @ANYBLOB, @ANYRES32=0x0, @ANYBLOB="08000100", @ANYRES32=r8, @ANYBLOB="1400020076657468305f766c616e000000000000140002006e657464657673696d3000000000000014000200626f6e645f736c6176655f30000000001400020076657468305f746f5f626f6e6400000008000100", @ANYRES32=r9, @ANYBLOB="1400020070696d3672656700000000000000000090000180140002006261746164765f736c6176655f3100001400020065727370616e3000000000000000000014000200766c616e30000000000000000000000008000100", @ANYRES32=r10, @ANYBLOB="1400020076657468315f746f5f626f6e6400000008000100", @ANYRES32=r11, @ANYBLOB="08000300d10c000008000100", @ANYRES32=r13, @ANYBLOB="08000300e3000000140002006d6163766c616e310000000000000000"], 0x364}, 0x1, 0x0, 0x0, 0x8010}, 0x4)
writev$auto(r7, &(0x7f00000000c0)={0x0, 0xffffffff}, 0x6)
recvfrom$auto(0x3, 0x0, 0x800000000e, 0xfd, 0x0, 0xfffffffffffffffd)
clone$auto(0x749f, 0x78, &(0x7f0000000080)=0x40000000, &(0x7f0000000100)=0x5, 0x1)
setsockopt$auto(0x3, 0x11b, 0x2, 0xffffffffffffffff, 0x9)

7.579272309s ago: executing program 4 (id=4492):
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000)
madvise$auto(0x0, 0xffffffffffff0005, 0x17)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
mremap$auto(0x4000, 0xb8, 0x13fd4, 0x3, 0xfffff000)
io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0xd, 0x4002, 0x6, 0x7, 0x8, 0xffffffffffffffff, [], {0xa, 0x6, 0xf, 0x29f, 0x100, 0x7f, 0x101, 0x6, 0x2000}, {0x100, 0x1, 0x52, 0x5, 0x1, 0x40, 0x76c5, 0x8, 0x100000000}})
open(0x0, 0x22240, 0x154)
connect$auto(0x3, 0x0, 0x55)
mmap$auto(0x0, 0x400008, 0xdc, 0x9b72, 0x2, 0x8000)
r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/net/tcp\x00', 0x181800, 0x0)
pread64$auto(r0, &(0x7f0000000000)='/proc/thread-self/net/tcp6\x00\xd2)\x8e\x892\x82\x19\xfd\x03\xc3\x8d\xd7D\bz\xde5u4\xddS\xe6\x1a\x8a`\xad0\x98|\xbc\x00\x98\b\x0ey\xcb`\x9b\x91r\xd5\x13\x9e\xdd4\xe7\xb7\x94P\x8fBlm\x04eAW\xbc0\x9b\xbd\x8f\xf5];\x94\x18\xf0\v\xd7\xf4P\xd3\x9e,Q\xd8\x16\x989l\x03\a\xcc\x1e\xb9\xe9{\xeeS\xa9\xc60\x00\xb5&\x9e\xdbk{F\x18\xa8\xba*G\xd3\x80\xb1G.\xec1\x96uP\x97\x8co\xf1\xa6\xd5\xea\xc8L3|a\xb3\xaa\x90~Y\xb19\xad\xdc\x05o\x98g\xd4\x10]5\x95\xd0\xabJC\x06\xd0c\xd1Ra\xf7\xc4n\xdf\xe4\xc7\x03\x19x\xbb\v\x00\t\xde\xf5\x93\xfb\xfb#\xbd\xc0S\f57\x83\xdd\xaa\xf0\x9c\xd3G\xe1\x00'/232, 0x3ef, 0x9)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x800008000)
close_range$auto(0x2, 0x8, 0x0)
r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000040), 0x101000, 0x0)
r2 = openat$auto_debugfs_full_proxy_file_operations_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/ieee80211/phy1/netdev:wlan1/uapsd_max_sp_len\x00', 0x82, 0x0)
write$auto_debugfs_full_proxy_file_operations_internal(r2, 0x0, 0x20)
ioctl$auto_UDMABUF_CREATE_LIST(0xffffffffffffffff, 0x40087543, &(0x7f0000000100)={0x5eea, 0x7, [{r1, 0x0, 0x4, 0x6}]})
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
mremap$auto(0x0, 0xffffffffffffffff, 0x3fd6, 0x3, 0x7fffffffb000)
prctl$auto(0x23, 0x20000000000000b, 0x7fffffffefff, 0x0, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$auto_HWSIM_CMD_NEW_RADIO(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)={0x1c, r4, 0x1, 0x70bd2c, 0x25dfdbfe, {}, [@HWSIM_ATTR_MULTI_RADIO={0x4}, @HWSIM_ATTR_SUPPORT_P2P_DEVICE={0x4}]}, 0x1c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000)
r5 = socket(0xa, 0x801, 0x84)
clock_nanosleep$auto(0x5, 0x1ff, &(0x7f0000000000)={0x7, 0x8}, &(0x7f0000000040)={0x7, 0x7})
getsockopt$auto(r5, 0x84, 0x6f, 0x0, 0x0)
syz_genetlink_get_family_id$auto_ioam6(0x0, 0xffffffffffffffff)
ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0)
getsockopt$auto_SO_INCOMING_NAPI_ID(r1, 0x1, 0x38, &(0x7f0000000000)='/dev/kvm\x00', 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000)

7.057295618s ago: executing program 2 (id=4494):
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/system/cpu/cpuidle/current_driver\x00', 0x8000, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
msgrcv$auto(0x9, 0x0, 0xfffffffffffffffc, 0x7, 0x80008)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = open(&(0x7f0000000200)='./file0\x00', 0x8600, 0x1b)
r3 = syz_genetlink_get_family_id$auto_cifs(&(0x7f00000002c0), r1)
sendmsg$auto_CIFS_GENL_CMD_SWN_NOTIFY(r2, &(0x7f0000000400)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000300)={0xa8, r3, 0x800, 0x70bd28, 0x25dfdbfc, {}, [@CIFS_GENL_ATTR_SWN_PASSWORD={0xc, 0xa, 'nl80211\x00'}, @CIFS_GENL_ATTR_SWN_PASSWORD={0x8, 0xa, 'wg0\x00'}, @CIFS_GENL_ATTR_SWN_RESOURCE_STATE={0x8, 0xd, 0x3}, @CIFS_GENL_ATTR_SWN_NET_NAME_NOTIFY={0x4}, @CIFS_GENL_ATTR_SWN_RESOURCE_NAME={0x33, 0xe, '/sys/devices/system/cpu/cpuidle/current_driver\x00'}, @CIFS_GENL_ATTR_SWN_NOTIFICATION_TYPE={0x8, 0xc, 0x6}, @CIFS_GENL_ATTR_SWN_SHARE_NAME_NOTIFY={0x4}, @CIFS_GENL_ATTR_SWN_USER_NAME={0x33, 0x9, '/sys/devices/system/cpu/cpuidle/current_driver\x00'}]}, 0xa8}, 0x1, 0x0, 0x0, 0x8000}, 0x40000)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000280)={'wg0\x00'})
r4 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'wlan1\x00', <r6=>0x0})
sendmsg$auto_NL80211_CMD_SET_WIPHY(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)={0x20, r4, 0x13, 0x70bd2e, 0x25dfdbdd, {}, [@NL80211_ATTR_IFINDEX={0x8, 0x3, r6}, @NL80211_ATTR_WIPHY_DYN_ACK={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x4c0d4}, 0x20040894)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000)
sysfs$auto(0x2, 0x46, 0x0)
fsopen$auto(0x0, 0x1)
sendmsg$auto_NL80211_CMD_GET_WIPHY(r1, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x2c, r4, 0x400, 0x70bd27, 0x25dfdbfb, {}, [@NL80211_ATTR_PUNCT_BITMAP={0x8, 0x142, 0x5}, @NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED={0x4}, @NL80211_ATTR_WDEV={0xc, 0x99, 0x3}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000}, 0x4008043)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
r7 = socketpair$auto(0x6, 0x5, 0x8000000000000000, 0x0)
clock_nanosleep$auto(0xfffffff2, 0x5, 0x0, 0x0)
read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000000040)=""/77, 0x4d)
read$auto_v4l2_fops_v4l2_dev(r7, &(0x7f00000000c0)=""/20, 0x14)

5.468210842s ago: executing program 2 (id=4498):
socket(0x10, 0x2, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x4004}, 0x4840)
sendmsg$auto_NETDEV_CMD_QUEUE_GET(0xffffffffffffffff, &(0x7f0000003040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40000}, 0x20008810)
sendmmsg$auto(0x3, 0x0, 0x3, 0x0)
openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000240)='/proc/sys/kernel/auto_msgmni\x00', 0x101000, 0x0)
mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x3)
write$auto(0xca, 0x0, 0x1ff)
r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000340), 0x108800, 0x0)
ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x2, 0x2)
openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x80102, 0x0)
close_range$auto(0x2, 0x8, 0x0)
madvise$auto(0x0, 0xffffffffffff0004, 0x19)
madvise$auto(0x0, 0x200007, 0x8)
mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000)
uname$auto(0x0)
move_pages$auto(0x0, 0x1002, 0x0, 0x0, 0x0, 0x2)

5.103953062s ago: executing program 0 (id=4500):
socket(0x28, 0x1, 0x0)
r0 = openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$auto_MON_IOCX_MFETCH(r0, 0xc0109207, 0x0)
mmap$auto(0x0, 0x40006, 0xdf, 0x9b72, 0x7, 0x28000)
mmap$auto(0x4, 0x0, 0x4, 0xeb1, r0, 0x7ff7)
r1 = gettid()
lsm_list_modules$auto(0x0, 0x0, 0x0)
close_range$auto(0x2, 0x8, 0x0)
ioctl$auto_BLKOPENZONE(0xffffffffffffffff, 0x40101286, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
socketpair$auto(0x1e, 0x5, 0x3, 0x0)
close_range$auto(0x2, 0x8, 0x0)
open(0x0, 0x22240, 0x115)
socket(0x11, 0x2, 0x0)
r2 = socket(0x2, 0x5, 0x0)
close_range$auto(0x2, 0x8, 0x0)
open(0x0, 0x22240, 0x155)
socket(0x2, 0x1, 0x100)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0xffff, @remote}, 0x6a)
socket(0x2, 0x1, 0x106)
listen$auto(0x3, 0x81)
sendmmsg$auto(r2, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x5, 0x20000000)
close_range$auto(0x2, 0x8, 0x0)
socket(0xa, 0x0, 0x0)
r3 = openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f0000000000), 0x1896c2, 0x0)
ioctl$auto_RTC_IRQP_READ(r3, 0x8008700b, 0x0)
readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1)
tkill$auto(r1, 0x7)
socketpair$auto(0x1, 0x1, 0x3, 0x0)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/thread-self/net/unix\x00', 0x200, 0x0)

3.924831609s ago: executing program 0 (id=4501):
bpf$auto(0x0, &(0x7f0000000100)=@task_fd_query={0xe, 0x4, 0x4, 0x80000009, 0x8, 0xc, 0xffffffffffffffff, 0x4, 0x7ff}, 0xee)

3.856530316s ago: executing program 2 (id=4502):
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000)
socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0)
recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0)
sendmmsg$auto(0x3, 0x0, 0x787b, 0x7000000)
epoll_ctl$auto(0x5, 0x1, 0xffffffffffffffff, 0x0)
sched_get_priority_min$auto(0x40)
openat$auto_proc_projid_map_operations_base(0xffffffffffffff9c, 0x0, 0x981082, 0x0)
sendmsg$auto_OVS_DP_CMD_DEL(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20040c04}, 0xc0804)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800)
sendmmsg$auto(0x3, 0x0, 0x2, 0x0)
sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6)
close_range$auto(0x2, 0x8, 0x0)
socket(0xa, 0x5, 0x0)
fstatfs$auto(0x3, 0xfffffffffffffffd)
r0 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0)
write$auto_console_fops_tty_io(r0, &(0x7f0000000440)="671d2647dd69b6440843b6e6688a2b5ad9df2669e6f9cd2365", 0x19)
r1 = openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x101001, 0x0)
write$auto(r1, &(0x7f00000000c0)=')]..$(\xbc:\x00\x0f\b!\x9b\xe3\a1\xac\xb9Mm\x04\xb7\x88\'\xae\x05\xf3\xeb\xf5\x0fkl\x81\x8bpLY\x80\x17\xa6|x\xbb\x0fy\xb5\x80\x10z\xea\xff\x10\xf5\xa0V\x7f\r\x16\x1dz\xd5\xbd\x81\xceSRY\x98\xf0\xd7a\xf0\xce\xe7\x82\x8b\xaaP/\x11\t-W\xae\b\xe5\x1b\xea\x04\xe1\xce\xbf|', 0x45c)
socket(0x10, 0x2, 0x0)
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, 0x0, 0x18, 0x0)
bpf$auto(0x7f, 0x0, 0x171)
ppoll$auto(&(0x7f0000003600)={0x8, 0x800, 0x1}, 0xd6, &(0x7f0000003640)={0x7fffffffffffffff, 0x489}, 0x0, 0x8)
r2 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000140)='/dev/bus/usb/032/001\x00', 0x80202, 0x0)
ioctl$auto_USBDEVFS_CONTROL(r2, 0xc0185500, &(0x7f0000000000)={0x0, 0x3, 0x1, 0x8c53, 0x0, 0x1, 0x0})

3.76127712s ago: executing program 0 (id=4503):
select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x8000001f, 0x7, 0x6d3e, 0xc, 0x2, 0x6]}, 0x0)

3.50654345s ago: executing program 0 (id=4504):
socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x1, 0x20009, 0x4000000000df, 0xeb0, 0xd4, 0x3)
close_range$auto(0x2, 0x8, 0x0)
statmount$auto(0x0, &(0x7f0000000500)={0x8, 0xfffffffd, 0x401bf, 0x7, 0x3c, 0x65f, 0x1ffde, 0x5, 0x7, 0x2, 0x9, 0x3, 0x6, 0x4, 0xb2, 0x80000000009, 0x6, 0x100dec3, 0xb, 0x4, 0x0, 0x7, 0x2000, 0x203, 0x0, 0x84, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xbb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0xb, 0xfffffffffffffffd, 0x3, 0x0, 0x0, 0x185c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4], "dac2080a5b73ab5a5214206fb00e0072cccd8ce1e62973803b089a8b13b713be80a8d4"}, 0x1fe, 0xd)
sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='l\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000826bd7000fedbdf250300000006000700080000000600070000800000", @ANYRES32=0x0, @ANYBLOB="0a00050000000000000000000a00010000004500000000000a000100000000000600070000000a0010"], 0x6c}, 0x1, 0x0, 0x0, 0x40080}, 0x0)
close_range$auto(0x2, 0x8, 0x0)
socket(0x2, 0x3, 0x100)
socket(0x10, 0x2, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}}, 0x44801)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/security/tomoyo/manager\x00', 0x40040, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r0 = openat$auto_tun_fops_tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, 0x0, 0x101441, 0x0)
r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9)
ioctl$auto_TIOCSETD2(r2, 0x5423, &(0x7f00000002c0)="ee1322b7eb0a7fe69c58fcc1b99bf0845fbcf2a9b55b43e21c8f1f7605441eea9324a4977f0d1d4fc72c9f3a1a109aefeada72344fe0d7f693c8a0a1790067d86c1519cf86a70b05482cc2bf3beec0101191b4eaaccc1a76f2a34405944370affc67344cbc701d285671b55becdf23703759706a56444d7a0603bee96a721dcc470195dafd7f7aed48e7939e8c3061")
recvfrom$auto(r1, &(0x7f0000000740)="fb14500936043b01fbab95d09b54f3681d630da50b51687ab87b8e9b5abc2f7caedf7a6cf2a0c4ef8edaa9595397fcb34ec1d46a93b778f96717c7f1325a0b2744e2059b32a4c9be6d0852d25a9aaad3ca8f244506fd4e575d31e9e263ad40293baedee529c8a54e8349b58dd5cfdebc113fb494778f0bb13bbf18d5a3c2a30098decae4c394", 0x5, 0x0, &(0x7f0000000040)=@in={0x2, 0x4e20, @multicast2}, &(0x7f00000000c0)=0x100c0)
fallocate$auto(r0, 0x7, 0x80000000000011, 0x6)
lsm_set_self_attr$auto(0x3, 0xfffffffffffffffc, 0x1f, 0x8000000000000000)
write$auto(0xffffffffffffffff, &(0x7f0000000900)='j\xa2\xb1\n\xb4\xd3\x00\x00\x00\x00\x8e\xc4\x97\x8a\x10\xd5<\xa7J\xb1\x00$\xd6\xfd\xca}\xa3\v\xfc7\x93S8\x02\x88pmh\x14\x86p\x04\\8\xe1|\xa8s\xa7\xdbLq\x0e\xdb\xa7\xb3\x94R\xb3D0\xf1Uf\a\x9f4\xb0\x957\xa6\xcd\xeb\x87^I\xf4\x0f\x18\x80h\xaau\x94\x1c\xd1\xb1c\xafZ\xb1\xf3\v\xd5\x1f\x14\x8c\x1bi\x90\xc8[\xecE\xfdwm\xb6\xf1Wj\xab\xfcIU\xce9\b\xcc\xfc&G*\xe5\x96\x91x\x93}$\x813*\xd4\x16\'w\xad<\xf6\xb1\xd2\xe5\xc3\x19\xfb\x15\xd5U\x80BL\xd8\x19\'\x19\b8\x96\xfb\x9f\xf9y\xf0:\xa18\xd8s\xf6~\x86\x84\xd6\xc1\xdaGo\xcc\xe1\xedq\x06\xb8\xb5\xaf4\xa3\xf5\xf0\xd1\xc13F\xfa.\xf0\"\x12\xe4\x1a\xed\xb7\xaeC\xceDwn\xc5C3v&%\xe0\xe7\xc6\x89\xbb\nH\x0fF\xdc\x03\xba\x18Y\x9d\x7f\xc8B\xfai\x8f]\xcf\x11F\xcb4\x90\x84\n\xea\xd0\x1d0\xb5\xcc\x1f\xf8\xf7\xbb\xf6\xb0\xc3D\xffb\xdchM\xeaq`\xc3\x9bfw\x9d|m0:\xd3\xb3$\xabJ\x84b\x1d\x12\xd0\xf7{\x19\x1cu\x94\x85\xd7\xf7\x88\x8a\xb1\x1c\xc3\x8d\x85.\xb3\xebE\xc2\xa5\r\xf7l\xdd~\xfe\a\xd5K\xb0\v}_\x92s\x9a\x06\x06\xa9I\x86\xc4\xdc\x83\x03\r\x93HXz4\xed\xa5\xd2f3E\xc6\xb7)\x1d\xb2^\x8a\x0e\x1bv\x10\xeffv\x95|\xfb+|\b\xf5\xf4\"t\xd5\xf3%\xb0\x12Y\xa4\xbf\xf8\xb8\xeaF\x91\x96\x9dO`\xf0Pv\xb9\xeb\xf7\xc6\xd7\n\x90B\xe9\f\x8c)\x83iYy\xf3\n\xd7\xbb\x19\xe9~\xbc\x8f\xf4\xda\xcc\xfe6nu\xb8\x82l\x1djc\xe9\xce\"\x1a\x19:G\xa3\xb5\xd34\xe3\xf9>\x91*\xb4\xd7M\xa7\xd3\x19\xed\xf3\xbb\xd8\xb6_\xdb\xec\xacM\xb1\xfc\xcd^\xd1\x18\xf6\t\x12\xdd\n\x16VT\xedT\xa2J\xa4\xe4{\x12\x8df\xed\xd9Q.\xd7\x03+?\r\x98J\x9a\x13\x17\x9c1\xe6\xf7\xaf\x99k&\x96w\xa5\x0e \x01\xe5\xeb\x92\xe2\xd5\xc0\x88D\x06tE\xeb~q>T\x0f\xfa\x1e\xea\xb9H\x1a\xf9VHW;D\xc0\x98\ncs\xbf\xe48*\x8b\ry\x9di\xb2=\xeaI\xd6\xec\xd9\xf6\x15\xf9\x02R\xd0\xaeb\xe0\xab\x01\xb6R\xbc\x88\x13r:\x9a\x99\xc0\x81\x01\xd7\xe2\xcd\xe5\x1f9+\xd2hOp\x95\xf0\x18x\xda{\xbe\x82\xa7\xc1\xbdZ\xc1\xa2o\xae\x13w\xd6\xe3\xfe\x91\x81\x9c\xbb\x9d\x9a\x10\xf9\xd7\xcc\'\xdc\xbf\x1b\xd0\x14F\x19\x86\x9b\xeb\xce\xba\xe4*\x8a\x11\x1b=\xa6\x89Y\x1b\xa2\xde\xac\x0e[N\xb4\xd7x!\x95\xbb%\xb3o\x00\xc3\x9f\xaa(\xac\xf7\xcc\xe6\xeb\x97\xab\xabz\xd5\xe8\x15:\xd8Ck\xed.\x81\xa0I:Vs0\xe6\xf5jE\xff\xd1\xd8\x1bHQXd-ifA\xdcO\xfb\xe4\xca\xcb\xc0\xd8~\xf1\xb2u\xb1B-\x90\xfe\xd5\xe7\x85\xea /\xa0\r|\x04\x8fG\x8e\x8e\x8d{\xbd\x9bb\x02\x96d\'\xc7\"_\b\xae\xef\xdb\xa8dqY\xaa\x13]H\xe0\xf9\x8a\xa2\xec\xb0eI\x9f\xc9\x8bhw\xcfTG\xdf\x19\x83\x04\xe7\xa4\xa21\xbd\"\x89\xb9\xc2\xe8\xad\x1aR-\x95\x10\xde(\x01\xbf\xe0\x04b\x84S\au\r\x1d\x8c\x19\x81\xb8\xf2\xcd\a\xe3-\xc6\x82O0\x14\v}^\x00\x00\xca\x1f\x83\x85z\x81\xd9\xa3\xbc\xac\x1e\xf4\xfb\xef9t\')\xe1Q\x03\x80\xcc\x13\xd5\x16\x03\xe7\xab\xf2a\x9a}4]\xbd\xb6\x98\x02\xa2\"$\xb9\x9cb\xfc<\x99\xd1S\x9e=\xd7w66\xf4\x86\v\x00`\x95\x1bT\x0f\"\xe9P\x85UR\xbc\xda\x1fH\x9c\x00\x00\x00\x00\x00\x00\x00\b-LW\xc4\x91\x17\xc5\x86,N6\x9e\xa6\xeb@VA\xf6\xd0\x14\xcc{:', 0x8)
sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x0)
r3 = socket(0x10, 0x2, 0x0)
sendmmsg$auto(r3, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x4008)

2.972284162s ago: executing program 4 (id=4505):
prctl$auto_PR_SCHED_CORE_SHARE_FROM(0x8, 0x3, 0x0, 0x0, 0x2)
syz_genetlink_get_family_id$auto_macsec(0x0, 0xffffffffffffffff)
socket(0x3, 0x3, 0x0)
r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x7, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0)
write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9)
openat$auto_mon_fops_text_t_mon_text(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/usb/usbmon/9t\x00', 0xa00, 0x0)
openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000180)='/dev/sg0\x00', 0x40200, 0x0)
close_range$auto(0x2, 0x8, 0x0)
openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/usbmon0\x00', 0x400, 0x0)
openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000140)='/dev/bus/usb/037/001\x00', 0x630001, 0x0)
openat$auto_ftrace_set_event_notrace_pid_fops_trace_events(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/kernel/tracing/set_event_notrace_pid\x00', 0x100242, 0x0)
openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000004400)='/dev/dsp1\x00', 0x1, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/controlC1\x00', 0x60800, 0x0)
readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1)
setsockopt$auto(0xffffffffffffffff, 0x1, 0x1021, 0x0, 0xd)
close_range$auto(0x2, 0xa, 0x0)
sendmsg$auto_NL80211_CMD_CONNECT(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x1c, 0x0, 0x8, 0x70bd2d, 0x25dfdbff, {}, [@NL80211_ATTR_MAX_HW_TIMESTAMP_PEERS={0x6, 0x143, 0x8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40040d0}, 0x80)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800)
sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x14, 0x0, 0x10, 0x70bd2c, 0x25dfdbfd, {0xa, 0x0, 0xa00}}, 0x14}, 0x1, 0x0, 0x0, 0x20008000}, 0x10004010)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB='!\x00\''], 0x1ac}, 0x1, 0x0, 0x0, 0x44}, 0x40090)
r1 = socket(0x10, 0x2, 0x0)
sendmmsg$auto(r1, &(0x7f0000000080)={{0x0, 0x8002, &(0x7f00000002c0)={0x0, 0xc4}, 0x2, 0x0, 0x0, 0x1}, 0x5}, 0x3, 0x0)
openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/domain_policy\x00', 0x40802, 0x0)
r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x60742, 0x0)
r3 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv6/conf/all/forwarding\x00', 0x42a81, 0x0)
sendfile$auto(r3, r2, 0x0, 0x1000202)

2.970827797s ago: executing program 1 (id=4513):
r0 = socket(0xa, 0x3, 0x3c)
connect$auto(0x3, 0x0, 0x55)
msgctl$auto_IPC_INFO(0x3beee3b7, 0x3, &(0x7f0000000180)={{0x2, 0xffffffffffffffff, 0xffffffffffffffff, 0x1000, 0x80000000, 0xffff}, &(0x7f0000000100)=0x4, &(0x7f0000000140)=0x83, 0x700, 0x5, 0x4, 0x3, 0x7fffffffffffffff, 0x1, 0x7fff, 0x0, @raw=0x9})
write$auto(r0, &(0x7f0000000080)='+&\x00I\xaar\x1c\xbb\xde\ah\x15,\xeb|\x85\xe8\x97Z\xc30\xae}\xa1\x17K(\x80]]\x8d\xb5\xeb-\x9d\xc1\xceU\xbb_\xcf\xe8#U\xd0_|\x15f\x92\xaa\x9f\xa0l}7z#u\xf6\xd1\xe1\x8d\x05=w\xf1\xb9K\xf4\\\a\xdf\x87\xbb\x03d6\xe1\x14\xb1|\x98\x82$\xf3\xb2\xcf\xb7\x7f\xf8f*/\xc2\x82\x8c2\x8d^\x10\xc6\x1cs', 0x263f)

2.96436229s ago: executing program 2 (id=4506):
socket(0x10, 0x2, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x4004}, 0x4840)
sendmsg$auto_NETDEV_CMD_QUEUE_GET(0xffffffffffffffff, &(0x7f0000003040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40000}, 0x20008810)
sendmmsg$auto(0x3, 0x0, 0x3, 0x0)
openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000240)='/proc/sys/kernel/auto_msgmni\x00', 0x101000, 0x0)
mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x3)
write$auto(0xca, 0x0, 0x1ff)
r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000340), 0x108800, 0x0)
ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x2, 0x2)
openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x80102, 0x0)
close_range$auto(0x2, 0x8, 0x0)
madvise$auto(0x0, 0xffffffffffff0004, 0x19)
madvise$auto(0x0, 0x200007, 0x8)
mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000)
uname$auto(0x0)
move_pages$auto(0x0, 0x1002, 0x0, 0x0, 0x0, 0x2)

1.075417747s ago: executing program 4 (id=4507):
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/system/cpu/cpuidle/current_driver\x00', 0x8000, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
msgrcv$auto(0x9, 0x0, 0xfffffffffffffffc, 0x7, 0x80008)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = open(&(0x7f0000000200)='./file0\x00', 0x8600, 0x1b)
r3 = syz_genetlink_get_family_id$auto_cifs(&(0x7f00000002c0), r1)
sendmsg$auto_CIFS_GENL_CMD_SWN_NOTIFY(r2, &(0x7f0000000400)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000300)={0xa8, r3, 0x800, 0x70bd28, 0x25dfdbfc, {}, [@CIFS_GENL_ATTR_SWN_PASSWORD={0xc, 0xa, 'nl80211\x00'}, @CIFS_GENL_ATTR_SWN_PASSWORD={0x8, 0xa, 'wg0\x00'}, @CIFS_GENL_ATTR_SWN_RESOURCE_STATE={0x8, 0xd, 0x3}, @CIFS_GENL_ATTR_SWN_NET_NAME_NOTIFY={0x4}, @CIFS_GENL_ATTR_SWN_RESOURCE_NAME={0x33, 0xe, '/sys/devices/system/cpu/cpuidle/current_driver\x00'}, @CIFS_GENL_ATTR_SWN_NOTIFICATION_TYPE={0x8, 0xc, 0x6}, @CIFS_GENL_ATTR_SWN_SHARE_NAME_NOTIFY={0x4}, @CIFS_GENL_ATTR_SWN_USER_NAME={0x33, 0x9, '/sys/devices/system/cpu/cpuidle/current_driver\x00'}]}, 0xa8}, 0x1, 0x0, 0x0, 0x8000}, 0x40000)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000280)={'wg0\x00'})
r4 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'wlan1\x00', <r6=>0x0})
sendmsg$auto_NL80211_CMD_SET_WIPHY(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)={0x20, r4, 0x13, 0x70bd2e, 0x25dfdbdd, {}, [@NL80211_ATTR_IFINDEX={0x8, 0x3, r6}, @NL80211_ATTR_WIPHY_DYN_ACK={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x4c0d4}, 0x20040894)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000)
sysfs$auto(0x2, 0x46, 0x0)
fsopen$auto(0x0, 0x1)
sendmsg$auto_NL80211_CMD_GET_WIPHY(r1, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x2c, r4, 0x400, 0x70bd27, 0x25dfdbfb, {}, [@NL80211_ATTR_PUNCT_BITMAP={0x8, 0x142, 0x5}, @NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED={0x4}, @NL80211_ATTR_WDEV={0xc, 0x99, 0x3}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000}, 0x4008043)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
r7 = socketpair$auto(0x6, 0x5, 0x8000000000000000, 0x0)
clock_nanosleep$auto(0xfffffff2, 0x5, 0x0, 0x0)
read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000000040)=""/77, 0x4d)
read$auto_v4l2_fops_v4l2_dev(r7, &(0x7f00000000c0)=""/20, 0x14)

1.070133277s ago: executing program 0 (id=4516):
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dri/card1\x00', 0x129800, 0x0)
r0 = openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000002340)='/dev/binderfs/binder0\x00', 0x0, 0x0)
ioctl$auto_BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000002380))
sendmsg$auto_IOAM6_CMD_ADD_NAMESPACE(0xffffffffffffffff, &(0x7f0000001c00)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xc4}, 0x24004054)
r1 = socketpair$auto(0x0, 0x200, 0xc7, &(0x7f00000000c0)=0xff)
mmap$auto(0x0, 0xb991, 0x5, 0x19, 0xffffffffffffffff, 0x2)
r2 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000200), 0xffffffffffffffff)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$auto_HWSIM_CMD_DEL_RADIO(r3, &(0x7f0000003bc0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000003c00)={0x14, r2, 0x5, 0x74bd26, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/fs/jfs/loglevel\x00', 0x1a9701, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r4 = openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x60042, 0x0)
ioctl$auto_SG_SET_RESERVED_SIZE2(r4, 0x2275, &(0x7f0000000040)="d93ca7")
write$auto(r0, &(0x7f0000001100)='\'.@o\xcf::}%/.&+-\x00', 0x1)
write$auto(r4, 0x0, 0xffd8)
r5 = openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f0000000140)='/dev/cuse\x00', 0x1c1041, 0x0)
write$auto_fuse_dev_operations_fuse_i(r5, &(0x7f0000000000)="1100000000000000001000000000000000", 0x11)
ioctl$auto_VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000001040)={0x4, r5})
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000840)='/dev/ttyS1\x00', 0x0, 0x0)
r6 = openat$auto_rng_chrdev_ops_core(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0)
io_uring_register$auto_IORING_REGISTER_CLOCK(r5, 0x1d, &(0x7f0000001080)="bfa36e8a41cf4a7903cd8cb5b232fe00841813bdac397709c98c858a36824b499bd91ed2fb094224b4f80eef4dbc1522fe9c114d15b2391e0535863affdb008b44b155ff98e570af60350fbefccfadf72297b2b9018e53dcbe6caf1b6bb5b9c48275", 0x9)
read$auto_rng_chrdev_ops_core(r6, &(0x7f0000000040)=""/4096, 0xfffffe82)
r7 = setfsuid$auto(0x0)
setuid$auto(r7)
readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1)

1.069622839s ago: executing program 1 (id=4508):
r0 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/002/001\x00', 0xa901, 0x0)
ioctl$auto_USBDEVFS_CONTROL(r0, 0xc0185500, &(0x7f0000001040)={0x1, 0xa, 0x400, 0x1, 0x9, 0xff, 0x0})

1.069533294s ago: executing program 2 (id=4509):
r0 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vbi12\x00', 0x80, 0x0)
preadv$auto(r0, &(0x7f0000001540)={&(0x7f0000000040), 0x5}, 0x2, 0x2f, 0xff)

790.689253ms ago: executing program 2 (id=4510):
socket(0x28, 0x1, 0x0)
r0 = openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$auto_MON_IOCX_MFETCH(r0, 0xc0109207, 0x0)
mmap$auto(0x0, 0x40006, 0xdf, 0x9b72, 0x7, 0x28000)
mmap$auto(0x4, 0x0, 0x4, 0xeb1, r0, 0x7ff7)
r1 = gettid()
lsm_list_modules$auto(0x0, 0x0, 0x0)
close_range$auto(0x2, 0x8, 0x0)
ioctl$auto_BLKOPENZONE(0xffffffffffffffff, 0x40101286, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
socketpair$auto(0x1e, 0x5, 0x3, 0x0)
close_range$auto(0x2, 0x8, 0x0)
open(0x0, 0x22240, 0x115)
socket(0x11, 0x2, 0x0)
r2 = socket(0x2, 0x5, 0x0)
close_range$auto(0x2, 0x8, 0x0)
open(0x0, 0x22240, 0x155)
socket(0x2, 0x1, 0x100)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0xffff, @remote}, 0x6a)
socket(0x2, 0x1, 0x106)
listen$auto(0x3, 0x81)
sendmmsg$auto(r2, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x5, 0x20000000)
close_range$auto(0x2, 0x8, 0x0)
socket(0xa, 0x0, 0x0)
r3 = openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f0000000000), 0x1896c2, 0x0)
ioctl$auto_RTC_IRQP_READ(r3, 0x8008700b, 0x0)
readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1)
tkill$auto(r1, 0x7)
socketpair$auto(0x1, 0x1, 0x3, 0x0)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/thread-self/net/unix\x00', 0x200, 0x0)

789.850184ms ago: executing program 1 (id=4520):
preadv$auto(0xffffffffffffffff, &(0x7f0000001540)={&(0x7f0000000040), 0x5}, 0x2, 0x2f, 0xff)

630.285786ms ago: executing program 1 (id=4511):
bpf$auto(0x0, 0x0, 0xee)

436.008156ms ago: executing program 1 (id=4512):
select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x8000001f, 0x7, 0x6d3e, 0xc, 0x2, 0x6]}, 0x0)

184.46495ms ago: executing program 1 (id=4514):
semctl$auto_SETVAL(0x0, 0x10000, 0x10, 0xc2c)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/vtconsole/vtcon1/bind\x00', 0x182b02, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000)
writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0x8)
r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0)
r2 = timerfd_create$auto_CLOCK_MONOTONIC(0x1, 0x40)
sendmsg$auto_CGROUPSTATS_CMD_GET(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x2c, 0x0, 0x100, 0x70bd29, 0x2, {}, [@CGROUPSTATS_CMD_ATTR_FD={0x8}, @CGROUPSTATS_CMD_ATTR_FD={0x8, 0x1, r2}, @CGROUPSTATS_CMD_ATTR_FD={0x8, 0x1, r1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x10008010}, 0x8000)
read$auto(r1, 0x0, 0x20)
write$auto(0x3, 0x0, 0xfffffdef)
open(0x0, 0xd02, 0xc3)
r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/fs/o2cb/logmask/HB_BIO\x00', 0x102, 0x0)
sendfile$auto(r3, r3, 0x0, 0x7)
writev$auto(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000140)="7b15bf9ea2e8f1fc713c80f716c37940751170f972aefde789ae9d643e43244b9992ef82701704ffb41af633c0ac35775e9b470be329b432c5d99e264fb9ee440c4c79d5b3e08839ce4f8a7c10c336ba337a74db27a0c0b79af830b4f81e56ed8d043e163d11d6fc3289c674698d8f510fbbeb2bea809b584152501e88e36d36db80504676b6f44f8a6319b7a0fe24afbb1b891210f66e647d1a46e4a438ec14ce0832d671a47f9bf4d9d99656376f8973e1bfafbb0d39e1116c2901c0b31056ad775b99913f0645556460f8696fc13f873df03211684c1984a9c62dffc6962f003c45898faa81ef94fe27d08f771b971cd5dfee3f2db9cdb3b0aa57", 0x5}, 0x2)
unshare$auto(0x40000080)
mmap$auto(0x0, 0x4005, 0x2, 0x40eb2, 0x401, 0x300000000000)
r4 = socket(0x2, 0x1, 0x106)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @loopback}, 0x6a)
sendmsg$auto_NFC_CMD_GET_SE(r4, 0x0, 0x24044001)
mbind$auto(0x7, 0x800606, 0x8006, &(0x7f00000002c0)=0x8000ffff, 0x8, 0x3)
r5 = socket(0x2, 0x2, 0x0)
bind$auto(r5, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a)
connect$auto(0x3, 0x0, 0x40e7)
recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0)
socket(0x1e, 0x1, 0x0)
openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/event0\x00', 0x2000, 0x0)
select$auto(0x11, 0x0, 0x0, 0x0, 0x0)
openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dmmidi2\x00', 0x181440, 0x0)
r6 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv6/conf/ip6_vti0/stable_secret\x00', 0x2, 0x0)
epoll_ctl$auto_EPOLL_CTL_ADD(r0, 0x1, 0xffffffffffffffff, &(0x7f00000003c0)={0x4, 0x8})
pwrite64$auto(r6, &(0x7f0000000040)='.\'*&\x04!\x00', 0x1, 0x8)

0s ago: executing program 0 (id=4515):
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000)
madvise$auto(0x0, 0xffffffffffff0005, 0x17)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
mremap$auto(0x4000, 0xb8, 0x13fd4, 0x3, 0xfffff000)
io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0xd, 0x4002, 0x6, 0x7, 0x8, 0xffffffffffffffff, [], {0xa, 0x6, 0xf, 0x29f, 0x100, 0x7f, 0x101, 0x6, 0x2000}, {0x100, 0x1, 0x52, 0x5, 0x1, 0x40, 0x76c5, 0x8, 0x100000000}})
open(0x0, 0x22240, 0x154)
connect$auto(0x3, 0x0, 0x55)
mmap$auto(0x0, 0x400008, 0xdc, 0x9b72, 0x2, 0x8000)
r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/net/tcp\x00', 0x181800, 0x0)
pread64$auto(r0, &(0x7f0000000000)='/proc/thread-self/net/tcp6\x00\xd2)\x8e\x892\x82\x19\xfd\x03\xc3\x8d\xd7D\bz\xde5u4\xddS\xe6\x1a\x8a`\xad0\x98|\xbc\x00\x98\b\x0ey\xcb`\x9b\x91r\xd5\x13\x9e\xdd4\xe7\xb7\x94P\x8fBlm\x04eAW\xbc0\x9b\xbd\x8f\xf5];\x94\x18\xf0\v\xd7\xf4P\xd3\x9e,Q\xd8\x16\x989l\x03\a\xcc\x1e\xb9\xe9{\xeeS\xa9\xc60\x00\xb5&\x9e\xdbk{F\x18\xa8\xba*G\xd3\x80\xb1G.\xec1\x96uP\x97\x8co\xf1\xa6\xd5\xea\xc8L3|a\xb3\xaa\x90~Y\xb19\xad\xdc\x05o\x98g\xd4\x10]5\x95\xd0\xabJC\x06\xd0c\xd1Ra\xf7\xc4n\xdf\xe4\xc7\x03\x19x\xbb\v\x00\t\xde\xf5\x93\xfb\xfb#\xbd\xc0S\f57\x83\xdd\xaa\xf0\x9c\xd3G\xe1\x00'/232, 0x3ef, 0x9)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x800008000)
close_range$auto(0x2, 0x8, 0x0)
r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000040), 0x101000, 0x0)
r2 = openat$auto_debugfs_full_proxy_file_operations_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/ieee80211/phy1/netdev:wlan1/uapsd_max_sp_len\x00', 0x82, 0x0)
write$auto_debugfs_full_proxy_file_operations_internal(r2, 0x0, 0x20)
ioctl$auto_UDMABUF_CREATE_LIST(0xffffffffffffffff, 0x40087543, &(0x7f0000000100)={0x5eea, 0x7, [{r1, 0x0, 0x4, 0x6}]})
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
mremap$auto(0x0, 0xffffffffffffffff, 0x3fd6, 0x3, 0x7fffffffb000)
prctl$auto(0x23, 0x20000000000000b, 0x7fffffffefff, 0x0, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$auto_HWSIM_CMD_NEW_RADIO(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)={0x1c, r4, 0x1, 0x70bd2c, 0x25dfdbfe, {}, [@HWSIM_ATTR_MULTI_RADIO={0x4}, @HWSIM_ATTR_SUPPORT_P2P_DEVICE={0x4}]}, 0x1c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000)
r5 = socket(0xa, 0x801, 0x84)
clock_nanosleep$auto(0x5, 0x1ff, &(0x7f0000000000)={0x7, 0x8}, &(0x7f0000000040)={0x7, 0x7})
getsockopt$auto(r5, 0x84, 0x6f, 0x0, 0x0)
syz_genetlink_get_family_id$auto_ioam6(0x0, 0xffffffffffffffff)
ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0)
getsockopt$auto_SO_INCOMING_NAPI_ID(r1, 0x1, 0x38, &(0x7f0000000000)='/dev/kvm\x00', 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000)

kernel console output (not intermixed with test programs):

0000000000000004
[ 1538.520517][T28467] RBP: 00007f089e2dd090 R08: 0000000000000000 R09: 0000000000000000
[ 1538.520536][T28467] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1538.520553][T28467] R13: 0000000000000000 R14: 00007f089d5b5fa0 R15: 00007fffeb0479c8
[ 1538.520594][T28467]  </TASK>
[ 1538.924662][T28462] FAULT_INJECTION: forcing a failure.
[ 1538.924662][T28462] name failslab, interval 1, probability 0, space 0, times 0
[ 1539.185547][T28462] CPU: 1 UID: 0 PID: 28462 Comm: syz.0.4097 Tainted: G     U              6.15.0-rc7-syzkaller-00175-g0f8c0258bf04 #0 PREEMPT(full) 
[ 1539.185608][T28462] Tainted: [U]=USER
[ 1539.185619][T28462] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1539.185635][T28462] Call Trace:
[ 1539.185646][T28462]  <TASK>
[ 1539.185657][T28462]  dump_stack_lvl+0x16c/0x1f0
[ 1539.185704][T28462]  should_fail_ex+0x512/0x640
[ 1539.185764][T28462]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[ 1539.185804][T28462]  should_failslab+0xc2/0x120
[ 1539.185844][T28462]  kmem_cache_alloc_noprof+0x6d/0x3b0
[ 1539.185881][T28462]  ? audit_log_start+0x2c5/0x7f0
[ 1539.185923][T28462]  audit_log_start+0x2c5/0x7f0
[ 1539.185963][T28462]  ? __pfx_audit_log_start+0x10/0x10
[ 1539.186024][T28462]  integrity_audit_message+0x10c/0x580
[ 1539.186071][T28462]  ? take_dentry_name_snapshot+0x314/0x7d0
[ 1539.186114][T28462]  ? __pfx_integrity_audit_message+0x10/0x10
[ 1539.186163][T28462]  ? take_dentry_name_snapshot+0x319/0x7d0
[ 1539.186210][T28462]  integrity_audit_msg+0x41/0x60
[ 1539.186259][T28462]  ima_collect_measurement+0x784/0xa40
[ 1539.186308][T28462]  ? __pfx_ima_collect_measurement+0x10/0x10
[ 1539.186373][T28462]  ? do_raw_read_unlock+0x44/0xe0
[ 1539.186439][T28462]  ? vfs_getxattr_alloc+0xec/0x340
[ 1539.186477][T28462]  ? ima_get_hash_algo+0x27c/0x400
[ 1539.186524][T28462]  ? __pfx_ima_get_hash_algo+0x10/0x10
[ 1539.186577][T28462]  ? process_measurement+0x11fa/0x23e0
[ 1539.186627][T28462]  process_measurement+0x11fa/0x23e0
[ 1539.186690][T28462]  ? __pfx_process_measurement+0x10/0x10
[ 1539.186740][T28462]  ? __lock_acquire+0x5ca/0x1ba0
[ 1539.186849][T28462]  ? get_pid_task+0x106/0x250
[ 1539.186896][T28462]  ima_file_mmap+0x1b1/0x1d0
[ 1539.186941][T28462]  ? __pfx_ima_file_mmap+0x10/0x10
[ 1539.186995][T28462]  security_mmap_file+0x88c/0x990
[ 1539.187039][T28462]  vm_mmap_pgoff+0xec/0x450
[ 1539.187083][T28462]  ? find_held_lock+0x2b/0x80
[ 1539.187112][T28462]  ? __pfx_vm_mmap_pgoff+0x10/0x10
[ 1539.187163][T28462]  ? __fget_files+0x20e/0x3c0
[ 1539.187198][T28462]  ksys_mmap_pgoff+0x32c/0x5c0
[ 1539.187239][T28462]  ? __pfx_ksys_write+0x10/0x10
[ 1539.187265][T28462]  ? rcu_is_watching+0x12/0xc0
[ 1539.187298][T28462]  __x64_sys_mmap+0x125/0x190
[ 1539.187332][T28462]  do_syscall_64+0xcd/0x230
[ 1539.187397][T28462]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1539.187436][T28462] RIP: 0033:0x7f0f15f8e969
[ 1539.187461][T28462] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1539.187502][T28462] RSP: 002b:00007f0f16edf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[ 1539.187530][T28462] RAX: ffffffffffffffda RBX: 00007f0f161b5fa0 RCX: 00007f0f15f8e969
[ 1539.187566][T28462] RDX: 00000000000000df RSI: 0000000000040006 RDI: 0000000000000000
[ 1539.187583][T28462] RBP: 00007f0f16edf090 R08: 0000000000000007 R09: 0000000000028000
[ 1539.187615][T28462] R10: 0000000000000019 R11: 0000000000000246 R12: 0000000000000001
[ 1539.187632][T28462] R13: 0000000000000000 R14: 00007f0f161b5fa0 R15: 00007fff471ab4b8
[ 1539.187671][T28462]  </TASK>
[ 1539.187684][T28462] audit: audit_lost=1 audit_rate_limit=0 audit_backlog_limit=64
[ 1539.527288][T28476] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4102'.
[ 1539.625072][T28462] audit: out of memory in audit_log_start
[ 1541.297604][T28504] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4109'.
[ 1543.733080][T28519] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1543.866239][T28540] FAULT_INJECTION: forcing a failure.
[ 1543.866239][T28540] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1543.920677][T28540] CPU: 0 UID: 0 PID: 28540 Comm: syz.4.4115 Tainted: G     U              6.15.0-rc7-syzkaller-00175-g0f8c0258bf04 #0 PREEMPT(full) 
[ 1543.920729][T28540] Tainted: [U]=USER
[ 1543.920741][T28540] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1543.920758][T28540] Call Trace:
[ 1543.920769][T28540]  <TASK>
[ 1543.920781][T28540]  dump_stack_lvl+0x16c/0x1f0
[ 1543.920833][T28540]  should_fail_ex+0x512/0x640
[ 1543.920890][T28540]  _copy_from_user+0x2e/0xd0
[ 1543.920917][T28540]  kvm_arch_vcpu_ioctl+0x3b8/0x4f00
[ 1543.920956][T28540]  ? stack_trace_save+0x8e/0xc0
[ 1543.920986][T28540]  ? stack_depot_save_flags+0x28/0xa50
[ 1543.921028][T28540]  ? __pfx_kvm_arch_vcpu_ioctl+0x10/0x10
[ 1543.921061][T28540]  ? __lock_acquire+0xaa4/0x1ba0
[ 1543.921102][T28540]  ? kasan_save_stack+0x42/0x60
[ 1543.921134][T28540]  ? kasan_save_stack+0x33/0x60
[ 1543.921165][T28540]  ? kasan_save_track+0x14/0x30
[ 1543.921195][T28540]  ? kasan_save_free_info+0x3b/0x60
[ 1543.921238][T28540]  ? __kasan_slab_free+0x51/0x70
[ 1543.921271][T28540]  ? kfree+0x2b6/0x4d0
[ 1543.921295][T28540]  ? tomoyo_path_number_perm+0x470/0x580
[ 1543.921334][T28540]  ? security_file_ioctl+0x9b/0x240
[ 1543.921374][T28540]  ? __x64_sys_ioctl+0xb7/0x200
[ 1543.921418][T28540]  ? __lock_acquire+0xaa4/0x1ba0
[ 1543.921473][T28540]  ? __mutex_trylock_common+0xe9/0x250
[ 1543.921524][T28540]  ? __pfx___might_resched+0x10/0x10
[ 1543.921562][T28540]  ? rcu_is_watching+0x12/0xc0
[ 1543.921592][T28540]  ? trace_contention_end+0xdd/0x130
[ 1543.921641][T28540]  ? __mutex_lock+0x1ca/0xb90
[ 1543.921692][T28540]  ? kvm_vcpu_ioctl+0x27e/0x1680
[ 1543.921742][T28540]  ? __pfx___mutex_lock+0x10/0x10
[ 1543.921805][T28540]  ? tomoyo_path_number_perm+0x18d/0x580
[ 1543.921857][T28540]  ? kvm_vcpu_ioctl+0x1232/0x1680
[ 1543.921918][T28540]  kvm_vcpu_ioctl+0x1232/0x1680
[ 1543.921972][T28540]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[ 1543.922052][T28540]  ? find_held_lock+0x2b/0x80
[ 1543.922082][T28540]  ? hook_file_ioctl_common+0x145/0x410
[ 1543.922131][T28540]  ? __fget_files+0x20e/0x3c0
[ 1543.922169][T28540]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[ 1543.922219][T28540]  __x64_sys_ioctl+0x193/0x200
[ 1543.922267][T28540]  do_syscall_64+0xcd/0x230
[ 1543.922321][T28540]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1543.922354][T28540] RIP: 0033:0x7f089d38e969
[ 1543.922381][T28540] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1543.922414][T28540] RSP: 002b:00007f089e2bc038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1543.922444][T28540] RAX: ffffffffffffffda RBX: 00007f089d5b6080 RCX: 00007f089d38e969
[ 1543.922464][T28540] RDX: 0000000000000000 RSI: 000000004048aecb RDI: 0000000000000004
[ 1543.922482][T28540] RBP: 00007f089e2bc090 R08: 0000000000000000 R09: 0000000000000000
[ 1543.922501][T28540] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1543.922519][T28540] R13: 0000000000000000 R14: 00007f089d5b6080 R15: 00007fffeb0479c8
[ 1543.922561][T28540]  </TASK>
[ 1544.216336][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1545.057037][T28545] FAULT_INJECTION: forcing a failure.
[ 1545.057037][T28545] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1545.140153][T28545] CPU: 0 UID: 0 PID: 28545 Comm: syz.4.4118 Tainted: G     U              6.15.0-rc7-syzkaller-00175-g0f8c0258bf04 #0 PREEMPT(full) 
[ 1545.140201][T28545] Tainted: [U]=USER
[ 1545.140211][T28545] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1545.140228][T28545] Call Trace:
[ 1545.140238][T28545]  <TASK>
[ 1545.140249][T28545]  dump_stack_lvl+0x16c/0x1f0
[ 1545.140298][T28545]  should_fail_ex+0x512/0x640
[ 1545.140353][T28545]  _copy_from_user+0x2e/0xd0
[ 1545.140383][T28545]  kvm_arch_vcpu_ioctl+0x3b8/0x4f00
[ 1545.140426][T28545]  ? stack_trace_save+0x8e/0xc0
[ 1545.140458][T28545]  ? stack_depot_save_flags+0x28/0xa50
[ 1545.140505][T28545]  ? __pfx_kvm_arch_vcpu_ioctl+0x10/0x10
[ 1545.140543][T28545]  ? __lock_acquire+0xaa4/0x1ba0
[ 1545.140586][T28545]  ? kasan_save_stack+0x42/0x60
[ 1545.140615][T28545]  ? kasan_save_stack+0x33/0x60
[ 1545.140643][T28545]  ? kasan_save_track+0x14/0x30
[ 1545.140674][T28545]  ? kasan_save_free_info+0x3b/0x60
[ 1545.140714][T28545]  ? __kasan_slab_free+0x51/0x70
[ 1545.140745][T28545]  ? kfree+0x2b6/0x4d0
[ 1545.140775][T28545]  ? tomoyo_path_number_perm+0x470/0x580
[ 1545.140812][T28545]  ? security_file_ioctl+0x9b/0x240
[ 1545.140848][T28545]  ? __x64_sys_ioctl+0xb7/0x200
[ 1545.140894][T28545]  ? __lock_acquire+0xaa4/0x1ba0
[ 1545.140945][T28545]  ? __mutex_trylock_common+0xe9/0x250
[ 1545.140990][T28545]  ? __pfx___might_resched+0x10/0x10
[ 1545.141024][T28545]  ? rcu_is_watching+0x12/0xc0
[ 1545.141052][T28545]  ? trace_contention_end+0xdd/0x130
[ 1545.141093][T28545]  ? __mutex_lock+0x1ca/0xb90
[ 1545.141141][T28545]  ? kvm_vcpu_ioctl+0x27e/0x1680
[ 1545.141193][T28545]  ? __pfx___mutex_lock+0x10/0x10
[ 1545.141253][T28545]  ? tomoyo_path_number_perm+0x18d/0x580
[ 1545.141299][T28545]  ? kvm_vcpu_ioctl+0x1232/0x1680
[ 1545.141340][T28545]  kvm_vcpu_ioctl+0x1232/0x1680
[ 1545.141409][T28545]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[ 1545.141484][T28545]  ? find_held_lock+0x2b/0x80
[ 1545.141514][T28545]  ? hook_file_ioctl_common+0x145/0x410
[ 1545.141561][T28545]  ? __fget_files+0x20e/0x3c0
[ 1545.141597][T28545]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[ 1545.141647][T28545]  __x64_sys_ioctl+0x193/0x200
[ 1545.141693][T28545]  do_syscall_64+0xcd/0x230
[ 1545.141745][T28545]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1545.141782][T28545] RIP: 0033:0x7f089d38e969
[ 1545.141808][T28545] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1545.141842][T28545] RSP: 002b:00007f089e2dd038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1545.141890][T28545] RAX: ffffffffffffffda RBX: 00007f089d5b5fa0 RCX: 00007f089d38e969
[ 1545.141912][T28545] RDX: 0000000000000000 RSI: 000000004048aecb RDI: 0000000000000004
[ 1545.141932][T28545] RBP: 00007f089e2dd090 R08: 0000000000000000 R09: 0000000000000000
[ 1545.141952][T28545] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1545.141972][T28545] R13: 0000000000000000 R14: 00007f089d5b5fa0 R15: 00007fffeb0479c8
[ 1545.142014][T28545]  </TASK>
[ 1545.436093][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1546.586672][T28581] FAULT_INJECTION: forcing a failure.
[ 1546.586672][T28581] name failslab, interval 1, probability 0, space 0, times 0
[ 1546.730615][T28581] CPU: 1 UID: 0 PID: 28581 Comm: syz.2.4124 Tainted: G     U              6.15.0-rc7-syzkaller-00175-g0f8c0258bf04 #0 PREEMPT(full) 
[ 1546.730680][T28581] Tainted: [U]=USER
[ 1546.730690][T28581] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1546.730710][T28581] Call Trace:
[ 1546.730720][T28581]  <TASK>
[ 1546.730733][T28581]  dump_stack_lvl+0x16c/0x1f0
[ 1546.730786][T28581]  should_fail_ex+0x512/0x640
[ 1546.730834][T28581]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[ 1546.730876][T28581]  should_failslab+0xc2/0x120
[ 1546.730915][T28581]  kmem_cache_alloc_noprof+0x6d/0x3b0
[ 1546.730950][T28581]  ? __might_fault+0xe3/0x190
[ 1546.730986][T28581]  ? __might_fault+0x13b/0x190
[ 1546.731021][T28581]  ? getname_flags.part.0+0x4c/0x550
[ 1546.731070][T28581]  getname_flags.part.0+0x4c/0x550
[ 1546.731119][T28581]  getname_flags+0x93/0xf0
[ 1546.731168][T28581]  user_path_at+0x24/0x60
[ 1546.731200][T28581]  __x64_sys_mount+0x1fc/0x310
[ 1546.731238][T28581]  ? __pfx___x64_sys_mount+0x10/0x10
[ 1546.731275][T28581]  ? rcu_is_watching+0x12/0xc0
[ 1546.731318][T28581]  do_syscall_64+0xcd/0x230
[ 1546.731370][T28581]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1546.731403][T28581] RIP: 0033:0x7fe5e158e969
[ 1546.731428][T28581] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1546.731460][T28581] RSP: 002b:00007fe5e249d038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 1546.731491][T28581] RAX: ffffffffffffffda RBX: 00007fe5e17b6080 RCX: 00007fe5e158e969
[ 1546.731512][T28581] RDX: 0000200000000140 RSI: 0000200000000040 RDI: 0000000000000000
[ 1546.731531][T28581] RBP: 00007fe5e249d090 R08: 0000000000000000 R09: 0000000000000000
[ 1546.731549][T28581] R10: 0000000000010000 R11: 0000000000000246 R12: 0000000000000001
[ 1546.731567][T28581] R13: 0000000000000000 R14: 00007fe5e17b6080 R15: 00007fff0d487788
[ 1546.731607][T28581]  </TASK>
[ 1549.088986][T28605] FAULT_INJECTION: forcing a failure.
[ 1549.088986][T28605] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1549.102536][T28605] CPU: 0 UID: 0 PID: 28605 Comm: syz.2.4129 Tainted: G     U              6.15.0-rc7-syzkaller-00175-g0f8c0258bf04 #0 PREEMPT(full) 
[ 1549.102577][T28605] Tainted: [U]=USER
[ 1549.102585][T28605] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1549.102601][T28605] Call Trace:
[ 1549.102609][T28605]  <TASK>
[ 1549.102619][T28605]  dump_stack_lvl+0x16c/0x1f0
[ 1549.102661][T28605]  should_fail_ex+0x512/0x640
[ 1549.102699][T28605]  ? page_copy_sane+0xcd/0x2d0
[ 1549.102743][T28605]  copy_page_from_iter_atomic+0x3ad/0x1950
[ 1549.102781][T28605]  ? __pfx_copy_page_from_iter_atomic+0x10/0x10
[ 1549.102806][T28605]  ? shmem_write_begin+0x176/0x300
[ 1549.102837][T28605]  ? __pfx_shmem_write_begin+0x10/0x10
[ 1549.102869][T28605]  ? balance_dirty_pages_ratelimited_flags+0x92/0x1260
[ 1549.102916][T28605]  generic_perform_write+0x22c/0x930
[ 1549.102955][T28605]  ? __pfx_generic_perform_write+0x10/0x10
[ 1549.102985][T28605]  ? inode_needs_update_time.part.0+0x191/0x270
[ 1549.103022][T28605]  shmem_file_write_iter+0x10e/0x140
[ 1549.103071][T28605]  vfs_write+0x5bd/0x1180
[ 1549.103094][T28605]  ? __pfx_shmem_file_write_iter+0x10/0x10
[ 1549.103129][T28605]  ? __pfx___mutex_lock+0x10/0x10
[ 1549.103164][T28605]  ? __pfx_vfs_write+0x10/0x10
[ 1549.103205][T28605]  ksys_write+0x12a/0x240
[ 1549.103227][T28605]  ? __pfx_ksys_write+0x10/0x10
[ 1549.103248][T28605]  ? rcu_is_watching+0x12/0xc0
[ 1549.103278][T28605]  do_syscall_64+0xcd/0x230
[ 1549.103315][T28605]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1549.103370][T28605] RIP: 0033:0x7fe5e158e969
[ 1549.103390][T28605] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1549.103435][T28605] RSP: 002b:00007fe5e24be038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 1549.103458][T28605] RAX: ffffffffffffffda RBX: 00007fe5e17b5fa0 RCX: 00007fe5e158e969
[ 1549.103482][T28605] RDX: 000000000000b8c5 RSI: 0000200000000280 RDI: 0000000000000008
[ 1549.103498][T28605] RBP: 00007fe5e1610ab1 R08: 0000000000000000 R09: 0000000000000000
[ 1549.103514][T28605] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1549.103529][T28605] R13: 0000000000000000 R14: 00007fe5e17b5fa0 R15: 00007fff0d487788
[ 1549.103561][T28605]  </TASK>
[ 1549.325427][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1550.526362][T11606] Bluetooth: hci3: unexpected subevent 0x03 length: 253 > 9
[ 1550.849791][T28634] FAULT_INJECTION: forcing a failure.
[ 1550.849791][T28634] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1550.895681][T28634] CPU: 1 UID: 0 PID: 28634 Comm: syz.4.4134 Tainted: G     U              6.15.0-rc7-syzkaller-00175-g0f8c0258bf04 #0 PREEMPT(full) 
[ 1550.895731][T28634] Tainted: [U]=USER
[ 1550.895743][T28634] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1550.895761][T28634] Call Trace:
[ 1550.895771][T28634]  <TASK>
[ 1550.895783][T28634]  dump_stack_lvl+0x16c/0x1f0
[ 1550.895835][T28634]  should_fail_ex+0x512/0x640
[ 1550.895888][T28634]  should_fail_alloc_page+0xe7/0x130
[ 1550.895932][T28634]  prepare_alloc_pages+0x3c2/0x610
[ 1550.895987][T28634]  __alloc_frozen_pages_noprof+0x18b/0x23f0
[ 1550.896029][T28634]  ? find_held_lock+0x2b/0x80
[ 1550.896061][T28634]  ? is_bpf_text_address+0x8a/0x1a0
[ 1550.896102][T28634]  ? bpf_ksym_find+0x124/0x1c0
[ 1550.896153][T28634]  ? __asan_memcpy+0x3c/0x60
[ 1550.896185][T28634]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[ 1550.896227][T28634]  ? desc_read_finalized_seq+0x131/0x1d0
[ 1550.896277][T28634]  ? desc_read+0x2ae/0x370
[ 1550.896318][T28634]  ? this_cpu_in_panic+0x5c/0x80
[ 1550.896363][T28634]  ? _prb_read_valid+0x73c/0x890
[ 1550.896407][T28634]  ? __sanitizer_cov_trace_switch+0x54/0x90
[ 1550.896453][T28634]  ? policy_nodemask+0xea/0x4e0
[ 1550.896497][T28634]  alloc_pages_mpol+0x1fb/0x550
[ 1550.896539][T28634]  ? __pfx_alloc_pages_mpol+0x10/0x10
[ 1550.896591][T28634]  alloc_pages_noprof+0x131/0x390
[ 1550.896640][T28634]  __pmd_alloc+0x3f/0x870
[ 1550.896685][T28634]  ? find_held_lock+0x2b/0x80
[ 1550.896719][T28634]  __handle_mm_fault+0x948/0x2a40
[ 1550.896765][T28634]  ? __pfx___handle_mm_fault+0x10/0x10
[ 1550.896822][T28634]  ? find_vma+0xbf/0x140
[ 1550.896864][T28634]  ? __pfx_find_vma+0x10/0x10
[ 1550.896913][T28634]  handle_mm_fault+0x3fe/0xad0
[ 1550.896954][T28634]  do_user_addr_fault+0x7a6/0x1370
[ 1550.896991][T28634]  ? rcu_is_watching+0x12/0xc0
[ 1550.897024][T28634]  exc_page_fault+0x5c/0xc0
[ 1550.897070][T28634]  asm_exc_page_fault+0x26/0x30
[ 1550.897099][T28634] RIP: 0010:rep_movs_alternative+0x4a/0x90
[ 1550.897137][T28634] Code: cc cc cc 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 73 e8 eb c5 <f3> a4 e9 7f 09 04 00 48 8b 06 48 89 07 48 8d 47 08 48 83 e0 f8 48
[ 1550.897167][T28634] RSP: 0018:ffffc9000484f978 EFLAGS: 00050206
[ 1550.897193][T28634] RAX: 0000000000000001 RBX: 0000000000000100 RCX: 0000000000000100
[ 1550.897212][T28634] RDX: fffff52000909f5f RSI: ffffc9000484f9f8 RDI: 0000000000000007
[ 1550.897232][T28634] RBP: 0000000000000007 R08: 0000000000000000 R09: fffff52000909f5e
[ 1550.897251][T28634] R10: ffffc9000484faf7 R11: 0000000000000000 R12: ffffc9000484f9f8
[ 1550.897272][T28634] R13: 0000000000000107 R14: 00007ffffffff000 R15: 0000000000000000
[ 1550.897314][T28634]  _copy_to_user+0xbb/0xd0
[ 1550.897347][T28634]  con_get_trans_old+0x1e9/0x2b0
[ 1550.897398][T28634]  ? __pfx_con_get_trans_old+0x10/0x10
[ 1550.897479][T28634]  ? apparmor_capable+0x114/0x1d0
[ 1550.897516][T28634]  ? bpf_lsm_capable+0x9/0x10
[ 1550.897550][T28634]  ? security_capable+0x7e/0x260
[ 1550.897587][T28634]  vt_ioctl+0x585/0x2f50
[ 1550.897621][T28634]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1550.897672][T28634]  ? __pfx_vt_ioctl+0x10/0x10
[ 1550.897702][T28634]  ? tomoyo_path_number_perm+0x295/0x580
[ 1550.897749][T28634]  ? tomoyo_path_number_perm+0x18d/0x580
[ 1550.897793][T28634]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1550.897834][T28634]  ? __sanitizer_cov_trace_switch+0x54/0x90
[ 1550.897890][T28634]  ? do_vfs_ioctl+0x512/0x1990
[ 1550.897929][T28634]  ? __sanitizer_cov_trace_switch+0x54/0x90
[ 1550.897971][T28634]  ? tty_jobctrl_ioctl+0x152/0xe00
[ 1550.898001][T28634]  ? __pfx_vt_ioctl+0x10/0x10
[ 1550.898025][T28634]  tty_ioctl+0x65a/0x1610
[ 1550.898064][T28634]  ? __pfx_tty_ioctl+0x10/0x10
[ 1550.898112][T28634]  ? find_held_lock+0x2b/0x80
[ 1550.898136][T28634]  ? hook_file_ioctl_common+0x145/0x410
[ 1550.898201][T28634]  ? __fget_files+0x20e/0x3c0
[ 1550.898249][T28634]  ? __pfx_tty_ioctl+0x10/0x10
[ 1550.898287][T28634]  __x64_sys_ioctl+0x193/0x200
[ 1550.898331][T28634]  do_syscall_64+0xcd/0x230
[ 1550.898378][T28634]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1550.898406][T28634] RIP: 0033:0x7f089d38e969
[ 1550.898428][T28634] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1550.898455][T28634] RSP: 002b:00007f089e2dd038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1550.898482][T28634] RAX: ffffffffffffffda RBX: 00007f089d5b5fa0 RCX: 00007f089d38e969
[ 1550.898501][T28634] RDX: 0000000000000007 RSI: 0000000000004b40 RDI: 0000000000000003
[ 1550.898518][T28634] RBP: 00007f089e2dd090 R08: 0000000000000000 R09: 0000000000000000
[ 1550.898553][T28634] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1550.898572][T28634] R13: 0000000000000000 R14: 00007f089d5b5fa0 R15: 00007fffeb0479c8
[ 1550.898620][T28634]  </TASK>
[ 1550.977165][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[ 1551.381321][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[ 1551.420772][T28636] syz.1.4135 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[ 1552.858815][T28661] deleting an unspecified loop device is not supported.
[ 1553.836104][T28668] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4140'.
[ 1556.747043][T28701] capability: warning: `syz.4.4148' uses 32-bit capabilities (legacy support in use)
[ 1557.018586][T28701] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4148'.
[ 1557.868375][T11606] Bluetooth: hci0: Unable to find connection for big 0xd2
[ 1557.938251][T28718] netlink: 'syz.1.4149': attribute type 11 has an invalid length.
[ 1557.946354][T28718] netlink: 'syz.1.4149': attribute type 11 has an invalid length.
[ 1558.003634][T28720] FAULT_INJECTION: forcing a failure.
[ 1558.003634][T28720] name failslab, interval 1, probability 0, space 0, times 0
[ 1558.016979][T28720] CPU: 1 UID: 0 PID: 28720 Comm: syz.2.4154 Tainted: G     U              6.15.0-rc7-syzkaller-00175-g0f8c0258bf04 #0 PREEMPT(full) 
[ 1558.017024][T28720] Tainted: [U]=USER
[ 1558.017035][T28720] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1558.017052][T28720] Call Trace:
[ 1558.017062][T28720]  <TASK>
[ 1558.017072][T28720]  dump_stack_lvl+0x16c/0x1f0
[ 1558.017119][T28720]  should_fail_ex+0x512/0x640
[ 1558.017164][T28720]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[ 1558.017202][T28720]  should_failslab+0xc2/0x120
[ 1558.017239][T28720]  kmem_cache_alloc_noprof+0x6d/0x3b0
[ 1558.017274][T28720]  ? security_file_alloc+0x34/0x2b0
[ 1558.017319][T28720]  security_file_alloc+0x34/0x2b0
[ 1558.017363][T28720]  init_file+0x93/0x4c0
[ 1558.017401][T28720]  alloc_empty_file+0x73/0x1e0
[ 1558.017461][T28720]  alloc_file_pseudo+0x13a/0x230
[ 1558.017505][T28720]  ? __pfx_alloc_file_pseudo+0x10/0x10
[ 1558.017548][T28720]  ? do_raw_spin_unlock+0x172/0x230
[ 1558.017606][T28720]  __anon_inode_getfile+0xf7/0x370
[ 1558.017663][T28720]  do_epoll_create+0x31b/0x470
[ 1558.017703][T28720]  __x64_sys_epoll_create+0x45/0x70
[ 1558.017741][T28720]  do_syscall_64+0xcd/0x230
[ 1558.017784][T28720]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1558.017811][T28720] RIP: 0033:0x7fe5e158e969
[ 1558.017837][T28720] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1558.017863][T28720] RSP: 002b:00007fe5e24be038 EFLAGS: 00000246 ORIG_RAX: 00000000000000d5
[ 1558.017899][T28720] RAX: ffffffffffffffda RBX: 00007fe5e17b5fa0 RCX: 00007fe5e158e969
[ 1558.017921][T28720] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004
[ 1558.017937][T28720] RBP: 00007fe5e24be090 R08: 0000000000000000 R09: 0000000000000000
[ 1558.017953][T28720] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1558.017968][T28720] R13: 0000000000000000 R14: 00007fe5e17b5fa0 R15: 00007fff0d487788
[ 1558.018001][T28720]  </TASK>
[ 1558.672538][T28718] page: refcount:4 mapcount:3 mapping:0000000000000000 index:0xffff888078800dc0 pfn:0x78800
[ 1558.875012][T28718] flags: 0xfff18000000214(referenced|dirty|workingset|node=0|zone=1|lastcpupid=0x7ff)
[ 1558.885897][T28718] raw: 00fff18000000214 0000000000000000 dead000000000122 0000000000000000
[ 1558.895561][T28718] raw: ffff888078800dc0 0000000000000000 0000000400000002 0000000000000000
[ 1558.905924][T28718] page dumped because: unmovable page
[ 1558.915546][T28718] page_owner tracks the page as allocated
[ 1558.929839][T28718] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), pid 18771, tgid 18771 (syz-executor), ts 1008729841633, free_ts 1008426028033
[ 1558.980545][T28718]  post_alloc_hook+0x181/0x1b0
[ 1558.994920][T28718]  get_page_from_freelist+0x135c/0x3920
[ 1559.013594][T28718]  __alloc_frozen_pages_noprof+0x261/0x23f0
[ 1559.014977][T28713] could not allocate digest TFM handle binfmt_misc
[ 1559.027271][T28718]  alloc_pages_mpol+0x1fb/0x550
[ 1559.032186][T28718]  alloc_pages_noprof+0x131/0x390
[ 1559.045553][T28718]  __vmalloc_node_range_noprof+0x732/0x1540
[ 1559.051511][T28718]  vmalloc_user_noprof+0x6b/0x90
[ 1559.110898][T28718]  kcov_ioctl+0x4c/0x730
[ 1559.115204][T28718]  __x64_sys_ioctl+0x193/0x200
[ 1559.126037][T28718]  do_syscall_64+0xcd/0x230
[ 1559.130701][T28718]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1559.136743][T28718] page last free pid 974 tgid 974 stack trace:
[ 1559.145643][T28718]  __free_frozen_pages+0x69d/0xff0
[ 1559.150842][T28718]  vfree+0x176/0x960
[ 1559.161471][T28718]  delayed_vfree_work+0x56/0x70
[ 1559.176169][T28718]  process_one_work+0x9cf/0x1b70
[ 1559.181152][T28718]  worker_thread+0x6c8/0xf10
[ 1559.232252][T28718]  kthread+0x3c2/0x780
[ 1559.249420][T28718]  ret_from_fork+0x48/0x80
[ 1559.265774][T28718]  ret_from_fork_asm+0x1a/0x30
[ 1559.583611][T28751] FAULT_INJECTION: forcing a failure.
[ 1559.583611][T28751] name failslab, interval 1, probability 0, space 0, times 0
[ 1559.627115][T28751] CPU: 0 UID: 0 PID: 28751 Comm: syz.2.4157 Tainted: G     U              6.15.0-rc7-syzkaller-00175-g0f8c0258bf04 #0 PREEMPT(full) 
[ 1559.627175][T28751] Tainted: [U]=USER
[ 1559.627187][T28751] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1559.627205][T28751] Call Trace:
[ 1559.627216][T28751]  <TASK>
[ 1559.627228][T28751]  dump_stack_lvl+0x16c/0x1f0
[ 1559.627280][T28751]  should_fail_ex+0x512/0x640
[ 1559.627327][T28751]  ? fs_reclaim_acquire+0xae/0x150
[ 1559.627381][T28751]  should_failslab+0xc2/0x120
[ 1559.627421][T28751]  kmem_cache_alloc_noprof+0x6d/0x3b0
[ 1559.627458][T28751]  ? security_inode_alloc+0x3b/0x2b0
[ 1559.627500][T28751]  security_inode_alloc+0x3b/0x2b0
[ 1559.627539][T28751]  inode_init_always_gfp+0xce4/0x1030
[ 1559.627576][T28751]  alloc_inode+0x86/0x240
[ 1559.627614][T28751]  new_inode+0x22/0x1c0
[ 1559.627658][T28751]  hugetlbfs_get_inode+0x354/0x730
[ 1559.627695][T28751]  ? __fget_files+0x20e/0x3c0
[ 1559.627729][T28751]  hugetlb_file_setup+0x15b/0x620
[ 1559.627787][T28751]  ksys_mmap_pgoff+0x189/0x5c0
[ 1559.627839][T28751]  __x64_sys_mmap+0x125/0x190
[ 1559.627875][T28751]  do_syscall_64+0xcd/0x230
[ 1559.627927][T28751]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1559.627959][T28751] RIP: 0033:0x7fe5e158e969
[ 1559.627983][T28751] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1559.628014][T28751] RSP: 002b:00007fe5e247c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[ 1559.628044][T28751] RAX: ffffffffffffffda RBX: 00007fe5e17b6160 RCX: 00007fe5e158e969
[ 1559.628064][T28751] RDX: 0000000000009c0f RSI: 000000000000000c RDI: 0000000000000000
[ 1559.628081][T28751] RBP: 00007fe5e247c090 R08: 0000000000010006 R09: 0000300000000000
[ 1559.628100][T28751] R10: 0000000000044eb2 R11: 0000000000000246 R12: 0000000000000001
[ 1559.628118][T28751] R13: 0000000000000001 R14: 00007fe5e17b6160 R15: 00007fff0d487788
[ 1559.628158][T28751]  </TASK>
[ 1559.828493][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1560.606634][T28764] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4162'.
[ 1560.821123][T28760] netdevsim netdevsim15 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1563.566630][T28802] FAULT_INJECTION: forcing a failure.
[ 1563.566630][T28802] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1563.636991][T28802] CPU: 0 UID: 0 PID: 28802 Comm: syz.2.4172 Tainted: G     U              6.15.0-rc7-syzkaller-00175-g0f8c0258bf04 #0 PREEMPT(full) 
[ 1563.637039][T28802] Tainted: [U]=USER
[ 1563.637050][T28802] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1563.637067][T28802] Call Trace:
[ 1563.637076][T28802]  <TASK>
[ 1563.637088][T28802]  dump_stack_lvl+0x16c/0x1f0
[ 1563.637137][T28802]  should_fail_ex+0x512/0x640
[ 1563.637186][T28802]  _copy_to_user+0x32/0xd0
[ 1563.637216][T28802]  simple_read_from_buffer+0xcb/0x170
[ 1563.637263][T28802]  proc_fail_nth_read+0x197/0x270
[ 1563.637305][T28802]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1563.637349][T28802]  ? rw_verify_area+0xcf/0x680
[ 1563.637390][T28802]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1563.637432][T28802]  vfs_read+0x1de/0xc70
[ 1563.637467][T28802]  ? __pfx___mutex_lock+0x10/0x10
[ 1563.637514][T28802]  ? __pfx_vfs_read+0x10/0x10
[ 1563.637552][T28802]  ? __fget_files+0x20e/0x3c0
[ 1563.637577][T28802]  ? rcu_watching_snap_stopped_since+0x60/0x110
[ 1563.637619][T28802]  ksys_read+0x12a/0x240
[ 1563.637647][T28802]  ? __pfx_ksys_read+0x10/0x10
[ 1563.637673][T28802]  ? rcu_is_watching+0x12/0xc0
[ 1563.637713][T28802]  do_syscall_64+0xcd/0x230
[ 1563.637767][T28802]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1563.637796][T28802] RIP: 0033:0x7fe5e158d37c
[ 1563.637820][T28802] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[ 1563.637849][T28802] RSP: 002b:00007fe5e249d030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1563.637877][T28802] RAX: ffffffffffffffda RBX: 00007fe5e17b6080 RCX: 00007fe5e158d37c
[ 1563.637897][T28802] RDX: 000000000000000f RSI: 00007fe5e249d0a0 RDI: 0000000000000003
[ 1563.637914][T28802] RBP: 00007fe5e249d090 R08: 0000000000000000 R09: 0000000000000000
[ 1563.637932][T28802] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1563.637950][T28802] R13: 0000000000000001 R14: 00007fe5e17b6080 R15: 00007fff0d487788
[ 1563.637989][T28802]  </TASK>
[ 1563.843330][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1564.645127][T28817] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4175'.
[ 1567.855239][T28077] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1568.032324][T28077] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1568.196201][T28842] FAULT_INJECTION: forcing a failure.
[ 1568.196201][T28842] name failslab, interval 1, probability 0, space 0, times 0
[ 1568.253840][T28842] CPU: 1 UID: 0 PID: 28842 Comm: syz.4.4179 Tainted: G     U              6.15.0-rc7-syzkaller-00175-g0f8c0258bf04 #0 PREEMPT(full) 
[ 1568.253890][T28842] Tainted: [U]=USER
[ 1568.253901][T28842] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1568.253918][T28842] Call Trace:
[ 1568.253929][T28842]  <TASK>
[ 1568.253940][T28842]  dump_stack_lvl+0x16c/0x1f0
[ 1568.253992][T28842]  should_fail_ex+0x512/0x640
[ 1568.254048][T28842]  ? __kmalloc_cache_noprof+0x57/0x3e0
[ 1568.254081][T28842]  should_failslab+0xc2/0x120
[ 1568.254117][T28842]  __kmalloc_cache_noprof+0x6a/0x3e0
[ 1568.254146][T28842]  ? percpu_ref_init+0xec/0x410
[ 1568.254188][T28842]  ? __pfx_io_ring_ctx_ref_free+0x10/0x10
[ 1568.254234][T28842]  percpu_ref_init+0xec/0x410
[ 1568.254276][T28842]  io_uring_setup+0x453/0x1ff0
[ 1568.254318][T28842]  ? __pfx_io_uring_setup+0x10/0x10
[ 1568.254356][T28842]  ? __mutex_unlock_slowpath+0x161/0x6a0
[ 1568.254412][T28842]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 1568.254463][T28842]  ? __fget_files+0x20e/0x3c0
[ 1568.254501][T28842]  ? ksys_write+0x1b9/0x240
[ 1568.254529][T28842]  ? __pfx_ksys_write+0x10/0x10
[ 1568.254555][T28842]  ? rcu_is_watching+0x12/0xc0
[ 1568.254590][T28842]  __x64_sys_io_uring_setup+0xc2/0x170
[ 1568.254634][T28842]  do_syscall_64+0xcd/0x230
[ 1568.254681][T28842]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1568.254710][T28842] RIP: 0033:0x7f089d38e969
[ 1568.254734][T28842] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1568.254763][T28842] RSP: 002b:00007f089e29b038 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9
[ 1568.254790][T28842] RAX: ffffffffffffffda RBX: 00007f089d5b6160 RCX: 00007f089d38e969
[ 1568.254810][T28842] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004
[ 1568.254827][T28842] RBP: 00007f089e29b090 R08: 0000000000000000 R09: 0000000000000000
[ 1568.254846][T28842] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1568.254864][T28842] R13: 0000000000000000 R14: 00007f089d5b6160 R15: 00007fffeb0479c8
[ 1568.254903][T28842]  </TASK>
[ 1568.688591][T28077] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1568.847698][T28847] FAULT_INJECTION: forcing a failure.
[ 1568.847698][T28847] name failslab, interval 1, probability 0, space 0, times 0
[ 1568.939423][T28847] CPU: 0 UID: 0 PID: 28847 Comm: syz.2.4182 Tainted: G     U              6.15.0-rc7-syzkaller-00175-g0f8c0258bf04 #0 PREEMPT(full) 
[ 1568.939475][T28847] Tainted: [U]=USER
[ 1568.939486][T28847] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1568.939506][T28847] Call Trace:
[ 1568.939517][T28847]  <TASK>
[ 1568.939529][T28847]  dump_stack_lvl+0x16c/0x1f0
[ 1568.939580][T28847]  should_fail_ex+0x512/0x640
[ 1568.939624][T28847]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[ 1568.939665][T28847]  should_failslab+0xc2/0x120
[ 1568.939706][T28847]  kmem_cache_alloc_noprof+0x6d/0x3b0
[ 1568.939744][T28847]  ? __pmd_alloc+0xc3/0x870
[ 1568.939799][T28847]  __pmd_alloc+0xc3/0x870
[ 1568.939851][T28847]  __handle_mm_fault+0x948/0x2a40
[ 1568.939897][T28847]  ? __pfx___handle_mm_fault+0x10/0x10
[ 1568.939969][T28847]  handle_mm_fault+0x3fe/0xad0
[ 1568.940010][T28847]  __get_user_pages+0x771/0x36f0
[ 1568.940073][T28847]  ? __pfx_mt_find+0x10/0x10
[ 1568.940104][T28847]  ? __pfx___get_user_pages+0x10/0x10
[ 1568.940180][T28847]  populate_vma_page_range+0x278/0x3a0
[ 1568.940216][T28847]  ? __pfx_populate_vma_page_range+0x10/0x10
[ 1568.940247][T28847]  ? __pfx_find_vma_intersection+0x10/0x10
[ 1568.940314][T28847]  ? do_mmap+0x69c/0x11b0
[ 1568.940366][T28847]  __mm_populate+0x1d8/0x380
[ 1568.940399][T28847]  ? __pfx___mm_populate+0x10/0x10
[ 1568.940433][T28847]  ? up_write+0x1b2/0x520
[ 1568.940495][T28847]  vm_mmap_pgoff+0x362/0x450
[ 1568.940541][T28847]  ? __pfx_vm_mmap_pgoff+0x10/0x10
[ 1568.940588][T28847]  ? __fget_files+0x20e/0x3c0
[ 1568.940627][T28847]  ksys_mmap_pgoff+0x7d/0x5c0
[ 1568.940670][T28847]  ? __pfx_ksys_write+0x10/0x10
[ 1568.940697][T28847]  ? rcu_is_watching+0x12/0xc0
[ 1568.940728][T28847]  __x64_sys_mmap+0x125/0x190
[ 1568.940761][T28847]  do_syscall_64+0xcd/0x230
[ 1568.940808][T28847]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1568.940838][T28847] RIP: 0033:0x7fe5e158e969
[ 1568.940860][T28847] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1568.940889][T28847] RSP: 002b:00007fe5e24be038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[ 1568.940917][T28847] RAX: ffffffffffffffda RBX: 00007fe5e17b5fa0 RCX: 00007fe5e158e969
[ 1568.940936][T28847] RDX: 00000000000000df RSI: 0000000000400008 RDI: 0000000000000000
[ 1568.940954][T28847] RBP: 00007fe5e24be090 R08: 0000000000000002 R09: 0000000000008000
[ 1568.940973][T28847] R10: 0000000000009b72 R11: 0000000000000246 R12: 0000000000000001
[ 1568.940991][T28847] R13: 0000000000000000 R14: 00007fe5e17b5fa0 R15: 00007fff0d487788
[ 1568.941030][T28847]  </TASK>
[ 1569.202818][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1569.503056][T28077] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1569.878767][T28855] FAULT_INJECTION: forcing a failure.
[ 1569.878767][T28855] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1569.892943][T28855] CPU: 0 UID: 0 PID: 28855 Comm: syz.4.4183 Tainted: G     U              6.15.0-rc7-syzkaller-00175-g0f8c0258bf04 #0 PREEMPT(full) 
[ 1569.892994][T28855] Tainted: [U]=USER
[ 1569.893005][T28855] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1569.893024][T28855] Call Trace:
[ 1569.893035][T28855]  <TASK>
[ 1569.893094][T28855]  dump_stack_lvl+0x16c/0x1f0
[ 1569.893144][T28855]  should_fail_ex+0x512/0x640
[ 1569.893193][T28855]  _copy_from_iter+0x2a4/0x15b0
[ 1569.893248][T28855]  ? __alloc_skb+0x200/0x380
[ 1569.893284][T28855]  ? __pfx__copy_from_iter+0x10/0x10
[ 1569.893335][T28855]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[ 1569.893373][T28855]  ? __lock_acquire+0xaa4/0x1ba0
[ 1569.893425][T28855]  netlink_sendmsg+0x829/0xdd0
[ 1569.893474][T28855]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1569.893530][T28855]  ____sys_sendmsg+0xa95/0xc70
[ 1569.893601][T28855]  ? copy_msghdr_from_user+0x10a/0x160
[ 1569.893635][T28855]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1569.893693][T28855]  ___sys_sendmsg+0x134/0x1d0
[ 1569.893729][T28855]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1569.893826][T28855]  __sys_sendmsg+0x16d/0x220
[ 1569.893863][T28855]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1569.893909][T28855]  ? rcu_is_watching+0x12/0xc0
[ 1569.893948][T28855]  do_syscall_64+0xcd/0x230
[ 1569.893994][T28855]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1569.894023][T28855] RIP: 0033:0x7f089d38e969
[ 1569.894053][T28855] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1569.894079][T28855] RSP: 002b:00007f089e2dd038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1569.894105][T28855] RAX: ffffffffffffffda RBX: 00007f089d5b5fa0 RCX: 00007f089d38e969
[ 1569.894124][T28855] RDX: 0000000000008044 RSI: 0000200000000100 RDI: 0000000000000005
[ 1569.894143][T28855] RBP: 00007f089e2dd090 R08: 0000000000000000 R09: 0000000000000000
[ 1569.894162][T28855] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1569.894179][T28855] R13: 0000000000000000 R14: 00007f089d5b5fa0 R15: 00007fffeb0479c8
[ 1569.894217][T28855]  </TASK>
[ 1570.099765][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1570.319321][T28077] bridge_slave_1: left allmulticast mode
[ 1570.325187][T28077] bridge_slave_1: left promiscuous mode
[ 1570.337413][T28077] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1570.400427][T28077] bridge_slave_0: left allmulticast mode
[ 1570.425560][T28077] bridge_slave_0: left promiscuous mode
[ 1570.442768][T28077] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1570.628579][T28875] netlink: 'syz.0.4185': attribute type 11 has an invalid length.
[ 1570.697108][T28875] netlink: 'syz.0.4185': attribute type 11 has an invalid length.
[ 1571.074960][T28876] page: refcount:4 mapcount:3 mapping:0000000000000000 index:0xffff888078800dc0 pfn:0x78800
[ 1571.105920][T28876] flags: 0xfff18000000214(referenced|dirty|workingset|node=0|zone=1|lastcpupid=0x7ff)
[ 1571.155160][T28876] raw: 00fff18000000214 0000000000000000 dead000000000122 0000000000000000
[ 1571.164336][T28876] raw: ffff888078800dc0 0000000000000000 0000000400000002 0000000000000000
[ 1571.177733][T28876] page dumped because: unmovable page
[ 1571.183181][T28876] page_owner tracks the page as allocated
[ 1571.261574][T28876] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), pid 18771, tgid 18771 (syz-executor), ts 1008729841633, free_ts 1008426028033
[ 1571.287375][T28876]  post_alloc_hook+0x181/0x1b0
[ 1571.292209][T28876]  get_page_from_freelist+0x135c/0x3920
[ 1571.325564][T28876]  __alloc_frozen_pages_noprof+0x261/0x23f0
[ 1571.331673][T28876]  alloc_pages_mpol+0x1fb/0x550
[ 1571.352013][T28876]  alloc_pages_noprof+0x131/0x390
[ 1571.375007][T28876]  __vmalloc_node_range_noprof+0x732/0x1540
[ 1571.387807][T28876]  vmalloc_user_noprof+0x6b/0x90
[ 1571.414222][T28876]  kcov_ioctl+0x4c/0x730
[ 1571.424973][T28876]  __x64_sys_ioctl+0x193/0x200
[ 1571.430192][T28876]  do_syscall_64+0xcd/0x230
[ 1571.434782][T28876]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1571.441101][T28876] page last free pid 974 tgid 974 stack trace:
[ 1571.515750][T28876]  __free_frozen_pages+0x69d/0xff0
[ 1571.593103][T28876]  vfree+0x176/0x960
[ 1571.602726][T28876]  delayed_vfree_work+0x56/0x70
[ 1571.612350][T28876]  process_one_work+0x9cf/0x1b70
[ 1571.622115][T28876]  worker_thread+0x6c8/0xf10
[ 1571.628186][T28875] could not allocate digest TFM handle binfmt_misc
[ 1571.780363][T28876]  kthread+0x3c2/0x780
[ 1571.807416][T28876]  ret_from_fork+0x48/0x80
[ 1571.812044][T28876]  ret_from_fork_asm+0x1a/0x30
[ 1572.606510][T28077] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1572.631684][T28077] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1572.650175][T28077] bond0 (unregistering): Released all slaves
[ 1573.631821][T28077] hsr_slave_0: left promiscuous mode
[ 1573.649251][T28077] hsr_slave_1: left promiscuous mode
[ 1573.670825][T28077] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1573.692162][T28077] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1573.750347][T28077] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1573.796443][T28077] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1573.891795][T28077] veth1_macvtap: left promiscuous mode
[ 1573.905349][T28077] veth0_macvtap: left promiscuous mode
[ 1575.327292][T28939] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input657
[ 1576.922833][T11606] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18
[ 1578.002168][T28956] Invalid ELF header magic: != ELF
[ 1578.955581][T28297] Bluetooth: hci2: Unable to find connection for big 0xd2
[ 1580.061096][T29009] 
[ 1581.471830][T29034] can: request_module (can-proto-0) failed.
[ 1582.873097][T29059] FAULT_INJECTION: forcing a failure.
[ 1582.873097][T29059] name failslab, interval 1, probability 0, space 0, times 0
[ 1582.951970][T29059] CPU: 0 UID: 0 PID: 29059 Comm: syz.4.4208 Tainted: G     U              6.15.0-rc7-syzkaller-00175-g0f8c0258bf04 #0 PREEMPT(full) 
[ 1582.952023][T29059] Tainted: [U]=USER
[ 1582.952034][T29059] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1582.952055][T29059] Call Trace:
[ 1582.952066][T29059]  <TASK>
[ 1582.952079][T29059]  dump_stack_lvl+0x16c/0x1f0
[ 1582.952141][T29059]  should_fail_ex+0x512/0x640
[ 1582.952190][T29059]  ? __kmalloc_noprof+0xbf/0x510
[ 1582.952231][T29059]  ? lsm_blob_alloc+0x68/0x90
[ 1582.952260][T29059]  should_failslab+0xc2/0x120
[ 1582.952300][T29059]  __kmalloc_noprof+0xd2/0x510
[ 1582.952347][T29059]  lsm_blob_alloc+0x68/0x90
[ 1582.952380][T29059]  security_prepare_creds+0x30/0x270
[ 1582.952433][T29059]  prepare_creds+0x56f/0x7d0
[ 1582.952485][T29059]  copy_creds+0xa7/0xa50
[ 1582.952538][T29059]  copy_process+0x10b1/0x91b0
[ 1582.952581][T29059]  ? __lock_acquire+0x5ca/0x1ba0
[ 1582.952650][T29059]  ? __pfx_copy_process+0x10/0x10
[ 1582.952697][T29059]  ? find_held_lock+0x2b/0x80
[ 1582.952728][T29059]  ? __might_fault+0xe3/0x190
[ 1582.952768][T29059]  ? __might_fault+0xe3/0x190
[ 1582.952803][T29059]  ? __might_fault+0x13b/0x190
[ 1582.952862][T29059]  ? _copy_from_user+0x59/0xd0
[ 1582.952898][T29059]  kernel_clone+0xfc/0x960
[ 1582.952938][T29059]  ? get_pid_task+0xfc/0x250
[ 1582.952989][T29059]  ? __pfx_kernel_clone+0x10/0x10
[ 1582.953057][T29059]  __do_sys_clone3+0x212/0x290
[ 1582.953111][T29059]  ? __pfx___do_sys_clone3+0x10/0x10
[ 1582.953191][T29059]  ? __fget_files+0x20e/0x3c0
[ 1582.953251][T29059]  do_syscall_64+0xcd/0x230
[ 1582.953305][T29059]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1582.953337][T29059] RIP: 0033:0x7f089d38e969
[ 1582.953362][T29059] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1582.953391][T29059] RSP: 002b:00007f089e2bbf08 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3
[ 1582.953421][T29059] RAX: ffffffffffffffda RBX: 0000000000000058 RCX: 00007f089d38e969
[ 1582.953440][T29059] RDX: 00007f089e2bbf20 RSI: 0000000000000058 RDI: 00007f089e2bbf20
[ 1582.953459][T29059] RBP: 00007f089e2bc090 R08: 0000000000000000 R09: 0000000000000058
[ 1582.953477][T29059] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1582.953495][T29059] R13: 0000000000000000 R14: 00007f089d5b6080 R15: 00007fffeb0479c8
[ 1582.953534][T29059]  </TASK>
[ 1583.189271][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1583.338012][T29072] netlink: 'syz.2.4211': attribute type 11 has an invalid length.
[ 1583.345976][T29072] netlink: 'syz.2.4211': attribute type 11 has an invalid length.
[ 1583.984028][T29073] Invalid ELF header magic: != ELF
[ 1584.160478][T29088] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4214'.
[ 1584.271712][T29065] page: refcount:4 mapcount:3 mapping:0000000000000000 index:0xffff888078800dc0 pfn:0x78800
[ 1584.283695][T29065] flags: 0xfff18000000214(referenced|dirty|workingset|node=0|zone=1|lastcpupid=0x7ff)
[ 1584.293749][T29065] raw: 00fff18000000214 0000000000000000 dead000000000122 0000000000000000
[ 1584.353737][T29065] raw: ffff888078800dc0 0000000000000000 0000000400000002 0000000000000000
[ 1584.410516][T29065] page dumped because: unmovable page
[ 1584.417356][T29065] page_owner tracks the page as allocated
[ 1584.423229][T29065] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), pid 18771, tgid 18771 (syz-executor), ts 1008729841633, free_ts 1008426028033
[ 1584.443360][T29065]  post_alloc_hook+0x181/0x1b0
[ 1584.448271][T29065]  get_page_from_freelist+0x135c/0x3920
[ 1584.454053][T29065]  __alloc_frozen_pages_noprof+0x261/0x23f0
[ 1584.460134][T29065]  alloc_pages_mpol+0x1fb/0x550
[ 1584.465149][T29065]  alloc_pages_noprof+0x131/0x390
[ 1584.470316][T29065]  __vmalloc_node_range_noprof+0x732/0x1540
[ 1584.629640][T29065]  vmalloc_user_noprof+0x6b/0x90
[ 1584.669143][T29065]  kcov_ioctl+0x4c/0x730
[ 1584.719036][T29065]  __x64_sys_ioctl+0x193/0x200
[ 1584.890405][T29080] could not allocate digest TFM handle binfmt_misc
[ 1584.905614][T29065]  do_syscall_64+0xcd/0x230
[ 1585.031671][T29065]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1585.058317][T29065] page last free pid 974 tgid 974 stack trace:
[ 1585.123435][T29065]  __free_frozen_pages+0x69d/0xff0
[ 1585.159698][T29065]  vfree+0x176/0x960
[ 1585.163734][T29065]  delayed_vfree_work+0x56/0x70
[ 1585.184303][T29065]  process_one_work+0x9cf/0x1b70
[ 1585.255596][T29065]  worker_thread+0x6c8/0xf10
[ 1585.264052][T29065]  kthread+0x3c2/0x780
[ 1585.272520][T29065]  ret_from_fork+0x48/0x80
[ 1585.281159][T29065]  ret_from_fork_asm+0x1a/0x30
[ 1589.252611][T29181] 
[ 1589.618283][T29180] FAULT_INJECTION: forcing a failure.
[ 1589.618283][T29180] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1589.703655][T29180] CPU: 1 UID: 0 PID: 29180 Comm: syz.0.4225 Tainted: G     U              6.15.0-rc7-syzkaller-00175-g0f8c0258bf04 #0 PREEMPT(full) 
[ 1589.703708][T29180] Tainted: [U]=USER
[ 1589.703717][T29180] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1589.703733][T29180] Call Trace:
[ 1589.703743][T29180]  <TASK>
[ 1589.703753][T29180]  dump_stack_lvl+0x16c/0x1f0
[ 1589.703798][T29180]  should_fail_ex+0x512/0x640
[ 1589.703845][T29180]  should_fail_alloc_page+0xe7/0x130
[ 1589.703883][T29180]  prepare_alloc_pages+0x3c2/0x610
[ 1589.703931][T29180]  __alloc_frozen_pages_noprof+0x18b/0x23f0
[ 1589.703961][T29180]  ? __pfx_get_page_from_freelist+0x10/0x10
[ 1589.703997][T29180]  ? rcu_is_watching+0x12/0xc0
[ 1589.704023][T29180]  ? trace_mm_page_alloc+0x11f/0x1a0
[ 1589.704064][T29180]  ? __alloc_frozen_pages_noprof+0x294/0x23f0
[ 1589.704116][T29180]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[ 1589.704155][T29180]  ? is_bpf_text_address+0x8a/0x1a0
[ 1589.704201][T29180]  ? bpf_ksym_find+0x124/0x1c0
[ 1589.704246][T29180]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[ 1589.704280][T29180]  ? kernel_text_address+0x8d/0x100
[ 1589.704304][T29180]  ? __kernel_text_address+0xd/0x40
[ 1589.704329][T29180]  ? unwind_get_return_address+0x59/0xa0
[ 1589.704361][T29180]  ? arch_stack_walk+0xa6/0x100
[ 1589.704404][T29180]  alloc_pages_bulk_noprof+0x701/0x13b0
[ 1589.704438][T29180]  ? __sanitizer_cov_trace_switch+0x54/0x90
[ 1589.704478][T29180]  ? policy_nodemask+0xea/0x4e0
[ 1589.704516][T29180]  ? __pfx_alloc_pages_bulk_noprof+0x10/0x10
[ 1589.704551][T29180]  ? kasan_save_track+0x14/0x30
[ 1589.704596][T29180]  kasan_populate_vmalloc+0xf1/0x1f0
[ 1589.704650][T29180]  alloc_vmap_area+0x919/0x2970
[ 1589.704719][T29180]  ? __pfx_alloc_vmap_area+0x10/0x10
[ 1589.704772][T29180]  __get_vm_area_node+0x1ca/0x330
[ 1589.704824][T29180]  __vmalloc_node_range_noprof+0x277/0x1540
[ 1589.704872][T29180]  ? kernel_clone+0xfc/0x960
[ 1589.704908][T29180]  ? __mod_memcg_lruvec_state+0x533/0x760
[ 1589.704956][T29180]  ? find_held_lock+0x2b/0x80
[ 1589.704989][T29180]  ? rcu_is_watching+0x12/0xc0
[ 1589.705018][T29180]  ? kernel_clone+0xfc/0x960
[ 1589.705063][T29180]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[ 1589.705110][T29180]  ? __memcg_slab_post_alloc_hook+0x4d0/0x940
[ 1589.705158][T29180]  ? rcu_is_watching+0x12/0xc0
[ 1589.705188][T29180]  ? kernel_clone+0xfc/0x960
[ 1589.705223][T29180]  __vmalloc_node_noprof+0x74/0xa0
[ 1589.705252][T29180]  ? kernel_clone+0xfc/0x960
[ 1589.705292][T29180]  copy_process+0x2ead/0x91b0
[ 1589.705360][T29180]  ? _kstrtoull+0x145/0x200
[ 1589.705394][T29180]  ? __pfx__kstrtoull+0x10/0x10
[ 1589.705436][T29180]  ? find_held_lock+0x2b/0x80
[ 1589.705475][T29180]  ? __pfx_copy_process+0x10/0x10
[ 1589.705547][T29180]  ? find_held_lock+0x2b/0x80
[ 1589.705596][T29180]  kernel_clone+0xfc/0x960
[ 1589.705641][T29180]  ? __pfx_kernel_clone+0x10/0x10
[ 1589.705704][T29180]  ? __mutex_unlock_slowpath+0x161/0x6a0
[ 1589.705756][T29180]  __do_sys_clone+0xce/0x120
[ 1589.705798][T29180]  ? __pfx___do_sys_clone+0x10/0x10
[ 1589.705866][T29180]  ? ksys_write+0x1b9/0x240
[ 1589.705895][T29180]  ? __pfx_ksys_write+0x10/0x10
[ 1589.705922][T29180]  ? rcu_is_watching+0x12/0xc0
[ 1589.705960][T29180]  do_syscall_64+0xcd/0x230
[ 1589.706007][T29180]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1589.706035][T29180] RIP: 0033:0x7f0f15f8e969
[ 1589.706059][T29180] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1589.706086][T29180] RSP: 002b:00007f0f16ebdfe8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[ 1589.706113][T29180] RAX: ffffffffffffffda RBX: 00007f0f161b6080 RCX: 00007f0f15f8e969
[ 1589.706131][T29180] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000011
[ 1589.706147][T29180] RBP: 00007f0f16ebe090 R08: 0000000000000000 R09: 0000000000000000
[ 1589.706163][T29180] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000001
[ 1589.706178][T29180] R13: 0000000000000000 R14: 00007f0f161b6080 R15: 00007fff471ab4b8
[ 1589.706215][T29180]  </TASK>
[ 1590.208536][T29180] syz.0.4225: vmalloc error: size 32768, vm_struct allocation failed, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[ 1590.228555][T29180] CPU: 1 UID: 0 PID: 29180 Comm: syz.0.4225 Tainted: G     U              6.15.0-rc7-syzkaller-00175-g0f8c0258bf04 #0 PREEMPT(full) 
[ 1590.228602][T29180] Tainted: [U]=USER
[ 1590.228610][T29180] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1590.228622][T29180] Call Trace:
[ 1590.228630][T29180]  <TASK>
[ 1590.228639][T29180]  dump_stack_lvl+0x16c/0x1f0
[ 1590.228675][T29180]  warn_alloc+0x248/0x3a0
[ 1590.228700][T29180]  ? __pfx_warn_alloc+0x10/0x10
[ 1590.228724][T29180]  ? kfree+0x2b6/0x4d0
[ 1590.228747][T29180]  ? __get_vm_area_node+0x208/0x330
[ 1590.228783][T29180]  __vmalloc_node_range_noprof+0xd31/0x1540
[ 1590.228816][T29180]  ? __mod_memcg_lruvec_state+0x533/0x760
[ 1590.228848][T29180]  ? find_held_lock+0x2b/0x80
[ 1590.228871][T29180]  ? rcu_is_watching+0x12/0xc0
[ 1590.228899][T29180]  ? kernel_clone+0xfc/0x960
[ 1590.228933][T29180]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[ 1590.228970][T29180]  ? __memcg_slab_post_alloc_hook+0x4d0/0x940
[ 1590.229006][T29180]  ? rcu_is_watching+0x12/0xc0
[ 1590.229028][T29180]  ? kernel_clone+0xfc/0x960
[ 1590.229055][T29180]  __vmalloc_node_noprof+0x74/0xa0
[ 1590.229077][T29180]  ? kernel_clone+0xfc/0x960
[ 1590.229106][T29180]  copy_process+0x2ead/0x91b0
[ 1590.229135][T29180]  ? _kstrtoull+0x145/0x200
[ 1590.229180][T29180]  ? __pfx__kstrtoull+0x10/0x10
[ 1590.229215][T29180]  ? find_held_lock+0x2b/0x80
[ 1590.229245][T29180]  ? __pfx_copy_process+0x10/0x10
[ 1590.229285][T29180]  ? find_held_lock+0x2b/0x80
[ 1590.229320][T29180]  kernel_clone+0xfc/0x960
[ 1590.229353][T29180]  ? __pfx_kernel_clone+0x10/0x10
[ 1590.229394][T29180]  ? __mutex_unlock_slowpath+0x161/0x6a0
[ 1590.229436][T29180]  __do_sys_clone+0xce/0x120
[ 1590.229466][T29180]  ? __pfx___do_sys_clone+0x10/0x10
[ 1590.229518][T29180]  ? ksys_write+0x1b9/0x240
[ 1590.229540][T29180]  ? __pfx_ksys_write+0x10/0x10
[ 1590.229560][T29180]  ? rcu_is_watching+0x12/0xc0
[ 1590.229588][T29180]  do_syscall_64+0xcd/0x230
[ 1590.229624][T29180]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1590.229648][T29180] RIP: 0033:0x7f0f15f8e969
[ 1590.229665][T29180] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1590.229685][T29180] RSP: 002b:00007f0f16ebdfe8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[ 1590.229704][T29180] RAX: ffffffffffffffda RBX: 00007f0f161b6080 RCX: 00007f0f15f8e969
[ 1590.229719][T29180] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000011
[ 1590.229732][T29180] RBP: 00007f0f16ebe090 R08: 0000000000000000 R09: 0000000000000000
[ 1590.229744][T29180] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000001
[ 1590.229759][T29180] R13: 0000000000000000 R14: 00007f0f161b6080 R15: 00007fff471ab4b8
[ 1590.229785][T29180]  </TASK>
[ 1590.229793][T29180] Mem-Info:
[ 1590.505465][T29180] active_anon:15369 inactive_anon:3784 isolated_anon:4
[ 1590.505465][T29180]  active_file:23674 inactive_file:38653 isolated_file:0
[ 1590.505465][T29180]  unevictable:768 dirty:497 writeback:0
[ 1590.505465][T29180]  slab_reclaimable:11029 slab_unreclaimable:97032
[ 1590.505465][T29180]  mapped:28838 shmem:2470 pagetables:1022
[ 1590.505465][T29180]  sec_pagetables:0 bounce:0
[ 1590.505465][T29180]  kernel_misc_reclaimable:0
[ 1590.505465][T29180]  free:1316050 free_pcp:1270 free_cma:0
[ 1590.694317][T29180] Node 0 active_anon:61476kB inactive_anon:22636kB active_file:94696kB inactive_file:154476kB unevictable:1536kB isolated(anon):16kB isolated(file):0kB mapped:116252kB dirty:1988kB writeback:0kB shmem:15740kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:4096kB writeback_tmp:0kB kernel_stack:11260kB pagetables:4088kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 1590.972185][T29180] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:136kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1540kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 1591.066105][T29180] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1591.110989][T29180] lowmem_reserve[]: 0 2484 2486 2486 2486
[ 1591.172307][T29180] Node 0 DMA32 free:1328080kB boost:0kB min:34108kB low:42632kB high:51156kB reserved_highatomic:0KB active_anon:61540kB inactive_anon:23156kB active_file:92976kB inactive_file:154380kB unevictable:1536kB writepending:2064kB present:3129332kB managed:2544132kB mlocked:0kB bounce:0kB free_pcp:5908kB local_pcp:1412kB free_cma:0kB
[ 1591.289651][T29209] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4228'.
[ 1591.368753][T29180] lowmem_reserve[]: 0 0 1 1 1
[ 1591.402947][T29180] Node 0 Normal free:16kB boost:0kB min:24kB low:28kB high:32kB reserved_highatomic:0KB active_anon:48kB inactive_anon:0kB active_file:1728kB inactive_file:96kB unevictable:0kB writepending:0kB present:1048580kB managed:1900kB mlocked:0kB bounce:0kB free_pcp:12kB local_pcp:12kB free_cma:0kB
[ 1591.430773][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1591.571805][T29180] lowmem_reserve[]: 0 0 0 0 0
[ 1591.594614][T29180] Node 1 Normal free:3916416kB boost:0kB min:55768kB low:69708kB high:83648kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:136kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1591.725699][T29180] lowmem_reserve[]: 0 0 0 0 0
[ 1591.730647][T29180] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[ 1591.799859][T29180] Node 0 DMA32: 303*4kB (UME) 227*8kB (UE) 541*16kB (UME) 1189*32kB (UME) 799*64kB (UME) 414*128kB (UM) 216*256kB (UME) 106*512kB (UME) 35*1024kB (UME) 8*2048kB (UME) 241*4096kB (M) = 1302788kB
[ 1591.856489][T29180] Node 0 Normal: 0*4kB 0*8kB 1*16kB (M) 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 16kB
[ 1591.871554][T29180] Node 1 Normal: 220*4kB (UME) 38*8kB (UME) 30*16kB (UME) 236*32kB (UME) 108*64kB (UME) 33*128kB (UME) 19*256kB (UME) 8*512kB (UME) 2*1024kB (UM) 3*2048kB (UE) 947*4096kB (M) = 3916416kB
[ 1591.953959][T29180] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1592.026028][T29180] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[ 1592.084474][T29180] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1592.112292][T29180] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[ 1592.148144][T29180] 70996 total pagecache pages
[ 1592.158861][T29180] 0 pages in swap cache
[ 1592.165033][T29180] Free swap  = 124996kB
[ 1592.171994][T29180] Total swap = 124996kB
[ 1592.185525][T29180] 2097051 pages RAM
[ 1592.214775][T29180] 0 pages HighMem/MovableOnly
[ 1592.244146][T29180] 428912 pages reserved
[ 1592.270178][T29180] 0 pages cma reserved
[ 1592.825617][T29232] can: request_module (can-proto-0) failed.
[ 1595.266934][T29287] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4238'.
[ 1595.697405][T29292] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4239'.
[ 1598.261731][T28297] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18
[ 1600.723943][T29383] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4250'.
[ 1603.020221][T29417] random: crng reseeded on system resumption
[ 1606.314482][T29485] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4266'.
[ 1606.956171][T29485] team0 (unregistering): Port device team_slave_0 removed
[ 1607.011458][T29485] team0 (unregistering): Port device team_slave_1 removed
[ 1612.412390][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[ 1612.418926][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[ 1614.290103][T29607] Line length is too long: Should be less than 4094
[ 1615.012154][T29631] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4282'.
[ 1615.223516][T29631] bond0: (slave bond_slave_0): Releasing backup interface
[ 1615.425188][T29642] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4283'.
[ 1617.410450][T29678] openvswitch: netlink: Either Ethernet header or EtherType is required.
[ 1618.246621][T29702] FAULT_INJECTION: forcing a failure.
[ 1618.246621][T29702] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1618.337449][T29702] CPU: 0 UID: 0 PID: 29702 Comm: syz.1.4291 Tainted: G     U              6.15.0-rc7-syzkaller-00175-g0f8c0258bf04 #0 PREEMPT(full) 
[ 1618.337497][T29702] Tainted: [U]=USER
[ 1618.337507][T29702] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1618.337524][T29702] Call Trace:
[ 1618.337533][T29702]  <TASK>
[ 1618.337545][T29702]  dump_stack_lvl+0x16c/0x1f0
[ 1618.337592][T29702]  should_fail_ex+0x512/0x640
[ 1618.337642][T29702]  _copy_from_user+0x2e/0xd0
[ 1618.337670][T29702]  copy_msghdr_from_user+0x98/0x160
[ 1618.337708][T29702]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[ 1618.337750][T29702]  ? kfree+0x252/0x4d0
[ 1618.337775][T29702]  ? __pfx__kstrtoull+0x10/0x10
[ 1618.337820][T29702]  ___sys_sendmsg+0xfe/0x1d0
[ 1618.337859][T29702]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1618.337930][T29702]  ? __pfx___might_resched+0x10/0x10
[ 1618.337973][T29702]  __sys_sendmmsg+0x200/0x420
[ 1618.338020][T29702]  ? __pfx___sys_sendmmsg+0x10/0x10
[ 1618.338068][T29702]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 1618.338131][T29702]  ? fput+0x70/0xf0
[ 1618.338167][T29702]  ? ksys_write+0x1b9/0x240
[ 1618.338196][T29702]  ? __pfx_ksys_write+0x10/0x10
[ 1618.338224][T29702]  ? rcu_is_watching+0x12/0xc0
[ 1618.338260][T29702]  __x64_sys_sendmmsg+0x9c/0x100
[ 1618.338296][T29702]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1618.338339][T29702]  do_syscall_64+0xcd/0x230
[ 1618.338387][T29702]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1618.338416][T29702] RIP: 0033:0x7f921c78e969
[ 1618.338449][T29702] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1618.338476][T29702] RSP: 002b:00007f921d6c2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 1618.338503][T29702] RAX: ffffffffffffffda RBX: 00007f921c9b5fa0 RCX: 00007f921c78e969
[ 1618.338559][T29702] RDX: 0000000000000003 RSI: 0000200000000080 RDI: 0000000000000003
[ 1618.338577][T29702] RBP: 00007f921d6c2090 R08: 0000000000000000 R09: 0000000000000000
[ 1618.338596][T29702] R10: 0000000000000009 R11: 0000000000000246 R12: 0000000000000001
[ 1618.338631][T29702] R13: 0000000000000000 R14: 00007f921c9b5fa0 R15: 00007fffefb3a7f8
[ 1618.338672][T29702]  </TASK>
[ 1621.276543][T29738] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4299'.
[ 1622.413455][T29757] FAULT_INJECTION: forcing a failure.
[ 1622.413455][T29757] name failslab, interval 1, probability 0, space 0, times 0
[ 1622.465726][T29757] CPU: 1 UID: 0 PID: 29757 Comm: syz.1.4303 Tainted: G     U              6.15.0-rc7-syzkaller-00175-g0f8c0258bf04 #0 PREEMPT(full) 
[ 1622.465772][T29757] Tainted: [U]=USER
[ 1622.465782][T29757] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1622.465799][T29757] Call Trace:
[ 1622.465809][T29757]  <TASK>
[ 1622.465822][T29757]  dump_stack_lvl+0x16c/0x1f0
[ 1622.465870][T29757]  should_fail_ex+0x512/0x640
[ 1622.465911][T29757]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[ 1622.465948][T29757]  should_failslab+0xc2/0x120
[ 1622.465985][T29757]  kmem_cache_alloc_noprof+0x6d/0x3b0
[ 1622.466020][T29757]  ? security_file_alloc+0x34/0x2b0
[ 1622.466068][T29757]  security_file_alloc+0x34/0x2b0
[ 1622.466110][T29757]  init_file+0x93/0x4c0
[ 1622.466148][T29757]  alloc_empty_file+0x73/0x1e0
[ 1622.466189][T29757]  path_openat+0xe0/0x2d40
[ 1622.466214][T29757]  ? __x64_sys_openat+0x174/0x210
[ 1622.466255][T29757]  ? do_syscall_64+0xcd/0x230
[ 1622.466298][T29757]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1622.466341][T29757]  ? __pfx_path_openat+0x10/0x10
[ 1622.466381][T29757]  do_filp_open+0x20b/0x470
[ 1622.466418][T29757]  ? __pfx_do_filp_open+0x10/0x10
[ 1622.466475][T29757]  ? alloc_fd+0x471/0x7d0
[ 1622.466512][T29757]  do_sys_openat2+0x11b/0x1d0
[ 1622.466551][T29757]  ? __pfx_do_sys_openat2+0x10/0x10
[ 1622.466593][T29757]  ? __fget_files+0x20e/0x3c0
[ 1622.466627][T29757]  __x64_sys_openat+0x174/0x210
[ 1622.466668][T29757]  ? __pfx___x64_sys_openat+0x10/0x10
[ 1622.466713][T29757]  ? ksys_write+0x1b9/0x240
[ 1622.466743][T29757]  ? rcu_is_watching+0x12/0xc0
[ 1622.466793][T29757]  do_syscall_64+0xcd/0x230
[ 1622.466838][T29757]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1622.466865][T29757] RIP: 0033:0x7f921c78e969
[ 1622.466905][T29757] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1622.466932][T29757] RSP: 002b:00007f921d6c2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 1622.466959][T29757] RAX: ffffffffffffffda RBX: 00007f921c9b5fa0 RCX: 00007f921c78e969
[ 1622.466978][T29757] RDX: 0000000000000000 RSI: 0000200000000000 RDI: ffffffffffffff9c
[ 1622.466996][T29757] RBP: 00007f921d6c2090 R08: 0000000000000000 R09: 0000000000000000
[ 1622.467015][T29757] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1622.467032][T29757] R13: 0000000000000000 R14: 00007f921c9b5fa0 R15: 00007fffefb3a7f8
[ 1622.467070][T29757]  </TASK>
[ 1623.413711][T29765] openvswitch: netlink: Either Ethernet header or EtherType is required.
[ 1625.042190][T29789] mtrr: base(0x1010000) is not aligned on a size(0x0000) boundary
[ 1625.551573][T29792] FAULT_INJECTION: forcing a failure.
[ 1625.551573][T29792] name failslab, interval 1, probability 0, space 0, times 0
[ 1625.595560][T29792] CPU: 1 UID: 0 PID: 29792 Comm: syz.0.4310 Tainted: G     U              6.15.0-rc7-syzkaller-00175-g0f8c0258bf04 #0 PREEMPT(full) 
[ 1625.595609][T29792] Tainted: [U]=USER
[ 1625.595619][T29792] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1625.595635][T29792] Call Trace:
[ 1625.595645][T29792]  <TASK>
[ 1625.595656][T29792]  dump_stack_lvl+0x16c/0x1f0
[ 1625.595703][T29792]  should_fail_ex+0x512/0x640
[ 1625.595748][T29792]  ? __kmalloc_cache_noprof+0x57/0x3e0
[ 1625.595781][T29792]  should_failslab+0xc2/0x120
[ 1625.595818][T29792]  __kmalloc_cache_noprof+0x6a/0x3e0
[ 1625.595848][T29792]  ? snd_seq_timer_new+0x42/0x190
[ 1625.595888][T29792]  snd_seq_timer_new+0x42/0x190
[ 1625.595922][T29792]  snd_seq_queue_alloc+0x177/0x550
[ 1625.595958][T29792]  snd_seq_ioctl_create_queue+0xa9/0x380
[ 1625.596000][T29792]  snd_seq_kernel_client_ctl+0x10a/0x1c0
[ 1625.596047][T29792]  alloc_seq_queue+0xda/0x180
[ 1625.596089][T29792]  ? __pfx_alloc_seq_queue+0x10/0x10
[ 1625.596152][T29792]  ? mark_held_locks+0x49/0x80
[ 1625.596191][T29792]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1625.596234][T29792]  snd_seq_oss_open+0x38c/0xa20
[ 1625.596285][T29792]  odev_open+0x6f/0x90
[ 1625.596323][T29792]  ? __pfx_odev_open+0x10/0x10
[ 1625.596360][T29792]  soundcore_open+0x40c/0x580
[ 1625.596402][T29792]  ? __pfx_soundcore_open+0x10/0x10
[ 1625.596450][T29792]  chrdev_open+0x231/0x6a0
[ 1625.596481][T29792]  ? __pfx_apparmor_file_open+0x10/0x10
[ 1625.596522][T29792]  ? __pfx_chrdev_open+0x10/0x10
[ 1625.596557][T29792]  ? file_set_fsnotify_mode_from_watchers+0x163/0x640
[ 1625.596609][T29792]  do_dentry_open+0x741/0x1c10
[ 1625.596641][T29792]  ? __pfx_chrdev_open+0x10/0x10
[ 1625.596681][T29792]  vfs_open+0x82/0x3f0
[ 1625.596740][T29792]  path_openat+0x1e5e/0x2d40
[ 1625.596784][T29792]  ? __pfx_path_openat+0x10/0x10
[ 1625.596826][T29792]  do_filp_open+0x20b/0x470
[ 1625.596859][T29792]  ? __pfx_do_filp_open+0x10/0x10
[ 1625.596920][T29792]  ? alloc_fd+0x471/0x7d0
[ 1625.596959][T29792]  do_sys_openat2+0x11b/0x1d0
[ 1625.596999][T29792]  ? __pfx_do_sys_openat2+0x10/0x10
[ 1625.597045][T29792]  ? find_held_lock+0x2b/0x80
[ 1625.597086][T29792]  __x64_sys_openat+0x174/0x210
[ 1625.597130][T29792]  ? __pfx___x64_sys_openat+0x10/0x10
[ 1625.597173][T29792]  ? rcu_is_watching+0x12/0xc0
[ 1625.597214][T29792]  do_syscall_64+0xcd/0x230
[ 1625.597264][T29792]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1625.597294][T29792] RIP: 0033:0x7f0f15f8e969
[ 1625.597319][T29792] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1625.597349][T29792] RSP: 002b:00007f0f16edf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 1625.597377][T29792] RAX: ffffffffffffffda RBX: 00007f0f161b5fa0 RCX: 00007f0f15f8e969
[ 1625.597398][T29792] RDX: 0000000000000018 RSI: 0000200000000000 RDI: ffffffffffffff9c
[ 1625.597426][T29792] RBP: 00007f0f16010ab1 R08: 0000000000000000 R09: 0000000000000000
[ 1625.597444][T29792] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1625.597463][T29792] R13: 0000000000000000 R14: 00007f0f161b5fa0 R15: 00007fff471ab4b8
[ 1625.597503][T29792]  </TASK>
[ 1626.337579][T29806] FAULT_INJECTION: forcing a failure.
[ 1626.337579][T29806] name failslab, interval 1, probability 0, space 0, times 0
[ 1626.402780][T29806] CPU: 0 UID: 0 PID: 29806 Comm: syz.4.4311 Tainted: G     U              6.15.0-rc7-syzkaller-00175-g0f8c0258bf04 #0 PREEMPT(full) 
[ 1626.402833][T29806] Tainted: [U]=USER
[ 1626.402844][T29806] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1626.402864][T29806] Call Trace:
[ 1626.402875][T29806]  <TASK>
[ 1626.402887][T29806]  dump_stack_lvl+0x16c/0x1f0
[ 1626.402949][T29806]  should_fail_ex+0x512/0x640
[ 1626.402997][T29806]  ? __kmalloc_cache_noprof+0x57/0x3e0
[ 1626.403035][T29806]  should_failslab+0xc2/0x120
[ 1626.403079][T29806]  __kmalloc_cache_noprof+0x6a/0x3e0
[ 1626.403156][T29806]  ? drm_file_alloc+0x72/0x9a0
[ 1626.403207][T29806]  drm_file_alloc+0x72/0x9a0
[ 1626.403268][T29806]  drm_open_helper+0x204/0x550
[ 1626.403332][T29806]  drm_open+0x1a0/0x3e0
[ 1626.403374][T29806]  ? __pfx_drm_open+0x10/0x10
[ 1626.403420][T29806]  drm_stub_open+0x20f/0x380
[ 1626.403463][T29806]  ? __pfx_drm_stub_open+0x10/0x10
[ 1626.403505][T29806]  chrdev_open+0x231/0x6a0
[ 1626.403541][T29806]  ? __pfx_apparmor_file_open+0x10/0x10
[ 1626.403589][T29806]  ? __pfx_chrdev_open+0x10/0x10
[ 1626.403643][T29806]  ? file_set_fsnotify_mode_from_watchers+0x163/0x640
[ 1626.403702][T29806]  do_dentry_open+0x741/0x1c10
[ 1626.403738][T29806]  ? __pfx_chrdev_open+0x10/0x10
[ 1626.403784][T29806]  vfs_open+0x82/0x3f0
[ 1626.403832][T29806]  path_openat+0x1e5e/0x2d40
[ 1626.403880][T29806]  ? __pfx_path_openat+0x10/0x10
[ 1626.403924][T29806]  do_filp_open+0x20b/0x470
[ 1626.403957][T29806]  ? __pfx_do_filp_open+0x10/0x10
[ 1626.404021][T29806]  ? alloc_fd+0x471/0x7d0
[ 1626.404062][T29806]  do_sys_openat2+0x11b/0x1d0
[ 1626.404105][T29806]  ? __pfx_do_sys_openat2+0x10/0x10
[ 1626.404174][T29806]  __x64_sys_openat+0x174/0x210
[ 1626.404220][T29806]  ? __pfx___x64_sys_openat+0x10/0x10
[ 1626.404266][T29806]  ? rcu_is_watching+0x12/0xc0
[ 1626.404310][T29806]  do_syscall_64+0xcd/0x230
[ 1626.404363][T29806]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1626.404396][T29806] RIP: 0033:0x7f089d38e969
[ 1626.404422][T29806] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1626.404455][T29806] RSP: 002b:00007f089e2dd038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 1626.404487][T29806] RAX: ffffffffffffffda RBX: 00007f089d5b5fa0 RCX: 00007f089d38e969
[ 1626.404520][T29806] RDX: 0000000000080002 RSI: 00002000000000c0 RDI: ffffffffffffff9c
[ 1626.404540][T29806] RBP: 00007f089d410ab1 R08: 0000000000000000 R09: 0000000000000000
[ 1626.404559][T29806] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1626.404578][T29806] R13: 0000000000000000 R14: 00007f089d5b5fa0 R15: 00007fffeb0479c8
[ 1626.404618][T29806]  </TASK>
[ 1626.705336][T29804] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4312'.
[ 1629.245666][T29842] netlink: 80 bytes leftover after parsing attributes in process `syz.4.4320'.
[ 1629.495110][T29853] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4323'.
[ 1630.446925][T29870] mtrr: base(0x1010000) is not aligned on a size(0x0000) boundary
[ 1630.743557][T29882] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4331'.
[ 1631.739268][T29895] netlink: 80 bytes leftover after parsing attributes in process `syz.0.4333'.
[ 1633.207647][T29920] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4340'.
[ 1633.961066][T29924] FAULT_INJECTION: forcing a failure.
[ 1633.961066][T29924] name failslab, interval 1, probability 0, space 0, times 0
[ 1633.974654][T29924] CPU: 0 UID: 0 PID: 29924 Comm: syz.1.4351 Tainted: G     U              6.15.0-rc7-syzkaller-00175-g0f8c0258bf04 #0 PREEMPT(full) 
[ 1633.974708][T29924] Tainted: [U]=USER
[ 1633.974719][T29924] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1633.974739][T29924] Call Trace:
[ 1633.974751][T29924]  <TASK>
[ 1633.974764][T29924]  dump_stack_lvl+0x16c/0x1f0
[ 1633.974819][T29924]  should_fail_ex+0x512/0x640
[ 1633.974891][T29924]  ? __kmalloc_cache_noprof+0x57/0x3e0
[ 1633.974930][T29924]  should_failslab+0xc2/0x120
[ 1633.974973][T29924]  __kmalloc_cache_noprof+0x6a/0x3e0
[ 1633.975006][T29924]  ? kasan_save_stack+0x42/0x60
[ 1633.975041][T29924]  ? kasan_save_stack+0x33/0x60
[ 1633.975077][T29924]  ? snd_seq_queue_alloc+0x56/0x550
[ 1633.975116][T29924]  snd_seq_queue_alloc+0x56/0x550
[ 1633.975157][T29924]  snd_seq_ioctl_create_queue+0xa9/0x380
[ 1633.975205][T29924]  snd_seq_kernel_client_ctl+0x10a/0x1c0
[ 1633.975258][T29924]  alloc_seq_queue+0xda/0x180
[ 1633.975305][T29924]  ? __pfx_alloc_seq_queue+0x10/0x10
[ 1633.975383][T29924]  ? mark_held_locks+0x49/0x80
[ 1633.975425][T29924]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1633.975477][T29924]  snd_seq_oss_open+0x38c/0xa20
[ 1633.975536][T29924]  odev_open+0x6f/0x90
[ 1633.975580][T29924]  ? __pfx_odev_open+0x10/0x10
[ 1633.975625][T29924]  soundcore_open+0x40c/0x580
[ 1633.975674][T29924]  ? __pfx_soundcore_open+0x10/0x10
[ 1633.975720][T29924]  chrdev_open+0x231/0x6a0
[ 1633.975758][T29924]  ? __pfx_apparmor_file_open+0x10/0x10
[ 1633.975806][T29924]  ? __pfx_chrdev_open+0x10/0x10
[ 1633.975857][T29924]  ? file_set_fsnotify_mode_from_watchers+0x163/0x640
[ 1633.975918][T29924]  do_dentry_open+0x741/0x1c10
[ 1633.975957][T29924]  ? __pfx_chrdev_open+0x10/0x10
[ 1633.976004][T29924]  vfs_open+0x82/0x3f0
[ 1633.976055][T29924]  path_openat+0x1e5e/0x2d40
[ 1633.976105][T29924]  ? __pfx_path_openat+0x10/0x10
[ 1633.976151][T29924]  do_filp_open+0x20b/0x470
[ 1633.976185][T29924]  ? __pfx_do_filp_open+0x10/0x10
[ 1633.976252][T29924]  ? alloc_fd+0x471/0x7d0
[ 1633.976295][T29924]  do_sys_openat2+0x11b/0x1d0
[ 1633.976341][T29924]  ? __pfx_do_sys_openat2+0x10/0x10
[ 1633.976388][T29924]  ? find_held_lock+0x2b/0x80
[ 1633.976432][T29924]  __x64_sys_openat+0x174/0x210
[ 1633.976481][T29924]  ? __pfx___x64_sys_openat+0x10/0x10
[ 1633.976531][T29924]  ? rcu_is_watching+0x12/0xc0
[ 1633.976576][T29924]  do_syscall_64+0xcd/0x230
[ 1633.976633][T29924]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1633.976666][T29924] RIP: 0033:0x7f921c78e969
[ 1633.976694][T29924] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1633.976728][T29924] RSP: 002b:00007f921d6c2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 1633.976760][T29924] RAX: ffffffffffffffda RBX: 00007f921c9b5fa0 RCX: 00007f921c78e969
[ 1633.976782][T29924] RDX: 0000000000000018 RSI: 0000200000000000 RDI: ffffffffffffff9c
[ 1633.976803][T29924] RBP: 00007f921c810ab1 R08: 0000000000000000 R09: 0000000000000000
[ 1633.976824][T29924] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1633.976843][T29924] R13: 0000000000000000 R14: 00007f921c9b5fa0 R15: 00007fffefb3a7f8
[ 1633.976895][T29924]  </TASK>
[ 1634.486820][T29935] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4343'.
[ 1634.645971][   T30] audit: type=1800 audit(6043189467.749:10): pid=29938 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.4345" name=31350A dev="tmpfs" ino=2600 res=0 errno=0
[ 1635.087943][T29949] FAULT_INJECTION: forcing a failure.
[ 1635.087943][T29949] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1635.175083][T29949] CPU: 0 UID: 0 PID: 29949 Comm: syz.4.4349 Tainted: G     U              6.15.0-rc7-syzkaller-00175-g0f8c0258bf04 #0 PREEMPT(full) 
[ 1635.175128][T29949] Tainted: [U]=USER
[ 1635.175138][T29949] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1635.175154][T29949] Call Trace:
[ 1635.175164][T29949]  <TASK>
[ 1635.175174][T29949]  dump_stack_lvl+0x16c/0x1f0
[ 1635.175213][T29949]  should_fail_ex+0x512/0x640
[ 1635.175251][T29949]  _copy_from_user+0x2e/0xd0
[ 1635.175270][T29949]  binder_ioctl+0x57a/0x7300
[ 1635.175306][T29949]  ? tomoyo_path_number_perm+0x295/0x580
[ 1635.175336][T29949]  ? tomoyo_path_number_perm+0x18d/0x580
[ 1635.175388][T29949]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1635.175425][T29949]  ? __sanitizer_cov_trace_switch+0x54/0x90
[ 1635.175462][T29949]  ? __pfx_binder_ioctl+0x10/0x10
[ 1635.175497][T29949]  ? __pfx_do_vfs_ioctl+0x10/0x10
[ 1635.175548][T29949]  ? hook_file_ioctl_common+0x145/0x410
[ 1635.175581][T29949]  ? __fget_files+0x20e/0x3c0
[ 1635.175605][T29949]  ? __pfx_binder_ioctl+0x10/0x10
[ 1635.175641][T29949]  __x64_sys_ioctl+0x193/0x200
[ 1635.175675][T29949]  do_syscall_64+0xcd/0x230
[ 1635.175711][T29949]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1635.175734][T29949] RIP: 0033:0x7f089d38e969
[ 1635.175751][T29949] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1635.175773][T29949] RSP: 002b:00007f089e2dd038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1635.175793][T29949] RAX: ffffffffffffffda RBX: 00007f089d5b5fa0 RCX: 00007f089d38e969
[ 1635.175808][T29949] RDX: 0000000000000000 RSI: 00000000c0306201 RDI: 0000000000000003
[ 1635.175821][T29949] RBP: 00007f089e2dd090 R08: 0000000000000000 R09: 0000000000000000
[ 1635.175835][T29949] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1635.175848][T29949] R13: 0000000000000000 R14: 00007f089d5b5fa0 R15: 00007fffeb0479c8
[ 1635.175881][T29949]  </TASK>
[ 1635.427312][T29949] binder: 29946:29949 ioctl c0306201 0 returned -14
[ 1636.194141][T29963] FAULT_INJECTION: forcing a failure.
[ 1636.194141][T29963] name failslab, interval 1, probability 0, space 0, times 0
[ 1636.249897][T29963] CPU: 1 UID: 0 PID: 29963 Comm: syz.2.4353 Tainted: G     U              6.15.0-rc7-syzkaller-00175-g0f8c0258bf04 #0 PREEMPT(full) 
[ 1636.249948][T29963] Tainted: [U]=USER
[ 1636.249966][T29963] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1636.249984][T29963] Call Trace:
[ 1636.249995][T29963]  <TASK>
[ 1636.250007][T29963]  dump_stack_lvl+0x16c/0x1f0
[ 1636.250079][T29963]  should_fail_ex+0x512/0x640
[ 1636.250127][T29963]  ? __kmalloc_cache_noprof+0x57/0x3e0
[ 1636.250165][T29963]  should_failslab+0xc2/0x120
[ 1636.250209][T29963]  __kmalloc_cache_noprof+0x6a/0x3e0
[ 1636.250239][T29963]  ? kasan_save_stack+0x42/0x60
[ 1636.250271][T29963]  ? kasan_save_stack+0x33/0x60
[ 1636.250304][T29963]  ? snd_seq_queue_alloc+0x56/0x550
[ 1636.250359][T29963]  snd_seq_queue_alloc+0x56/0x550
[ 1636.250398][T29963]  snd_seq_ioctl_create_queue+0xa9/0x380
[ 1636.250450][T29963]  snd_seq_kernel_client_ctl+0x10a/0x1c0
[ 1636.250515][T29963]  alloc_seq_queue+0xda/0x180
[ 1636.250560][T29963]  ? __pfx_alloc_seq_queue+0x10/0x10
[ 1636.250629][T29963]  ? mark_held_locks+0x49/0x80
[ 1636.250667][T29963]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1636.250712][T29963]  snd_seq_oss_open+0x38c/0xa20
[ 1636.250766][T29963]  odev_open+0x6f/0x90
[ 1636.250805][T29963]  ? __pfx_odev_open+0x10/0x10
[ 1636.250844][T29963]  soundcore_open+0x40c/0x580
[ 1636.250888][T29963]  ? __pfx_soundcore_open+0x10/0x10
[ 1636.250932][T29963]  chrdev_open+0x231/0x6a0
[ 1636.250965][T29963]  ? __pfx_apparmor_file_open+0x10/0x10
[ 1636.251013][T29963]  ? __pfx_chrdev_open+0x10/0x10
[ 1636.251051][T29963]  ? file_set_fsnotify_mode_from_watchers+0x163/0x640
[ 1636.251106][T29963]  do_dentry_open+0x741/0x1c10
[ 1636.251138][T29963]  ? __pfx_chrdev_open+0x10/0x10
[ 1636.251180][T29963]  vfs_open+0x82/0x3f0
[ 1636.251226][T29963]  path_openat+0x1e5e/0x2d40
[ 1636.251272][T29963]  ? __pfx_path_openat+0x10/0x10
[ 1636.251313][T29963]  do_filp_open+0x20b/0x470
[ 1636.251345][T29963]  ? __pfx_do_filp_open+0x10/0x10
[ 1636.251406][T29963]  ? alloc_fd+0x471/0x7d0
[ 1636.251452][T29963]  do_sys_openat2+0x11b/0x1d0
[ 1636.251500][T29963]  ? __pfx_do_sys_openat2+0x10/0x10
[ 1636.251545][T29963]  ? find_held_lock+0x2b/0x80
[ 1636.251587][T29963]  __x64_sys_openat+0x174/0x210
[ 1636.251631][T29963]  ? __pfx___x64_sys_openat+0x10/0x10
[ 1636.251675][T29963]  ? rcu_is_watching+0x12/0xc0
[ 1636.251715][T29963]  do_syscall_64+0xcd/0x230
[ 1636.251764][T29963]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1636.251795][T29963] RIP: 0033:0x7fe5e158e969
[ 1636.251819][T29963] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1636.251850][T29963] RSP: 002b:00007fe5e24be038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 1636.251883][T29963] RAX: ffffffffffffffda RBX: 00007fe5e17b5fa0 RCX: 00007fe5e158e969
[ 1636.251904][T29963] RDX: 0000000000000000 RSI: 0000200000000000 RDI: ffffffffffffff9c
[ 1636.251924][T29963] RBP: 00007fe5e1610ab1 R08: 0000000000000000 R09: 0000000000000000
[ 1636.251943][T29963] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1636.251980][T29963] R13: 0000000000000000 R14: 00007fe5e17b5fa0 R15: 00007fff0d487788
[ 1636.252025][T29963]  </TASK>
[ 1636.562576][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1636.923278][T29977] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4356'.
[ 1637.630246][T29983] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4358'.
[ 1638.032796][T29992] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4362'.
[ 1639.508572][T30013] FAULT_INJECTION: forcing a failure.
[ 1639.508572][T30013] name failslab, interval 1, probability 0, space 0, times 0
[ 1639.614040][T30013] CPU: 0 UID: 0 PID: 30013 Comm: syz.1.4367 Tainted: G     U              6.15.0-rc7-syzkaller-00175-g0f8c0258bf04 #0 PREEMPT(full) 
[ 1639.614086][T30013] Tainted: [U]=USER
[ 1639.614095][T30013] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1639.614110][T30013] Call Trace:
[ 1639.614119][T30013]  <TASK>
[ 1639.614130][T30013]  dump_stack_lvl+0x16c/0x1f0
[ 1639.614176][T30013]  should_fail_ex+0x512/0x640
[ 1639.614221][T30013]  ? ___neigh_create+0x14e6/0x28c0
[ 1639.614263][T30013]  should_failslab+0xc2/0x120
[ 1639.614297][T30013]  __kmalloc_noprof+0xd2/0x510
[ 1639.614338][T30013]  ___neigh_create+0x14e6/0x28c0
[ 1639.614401][T30013]  ? __pfx____neigh_create+0x10/0x10
[ 1639.614459][T30013]  ip6_finish_output2+0x1299/0x2020
[ 1639.614502][T30013]  ? ip6_mtu+0x1a3/0x4a0
[ 1639.614559][T30013]  ip6_finish_output+0x3f9/0x1360
[ 1639.614607][T30013]  ip6_output+0x1f9/0x540
[ 1639.614647][T30013]  ? __pfx_ip6_output+0x10/0x10
[ 1639.614690][T30013]  ip6_local_out+0xcd/0x4a0
[ 1639.614724][T30013]  ip6_send_skb+0x112/0x460
[ 1639.614768][T30013]  udp_v6_send_skb+0x96f/0x1910
[ 1639.614812][T30013]  udpv6_sendmsg+0x254a/0x3070
[ 1639.614842][T30013]  ? __pfx_ip_generic_getfrag+0x10/0x10
[ 1639.614895][T30013]  ? __pfx_udpv6_sendmsg+0x10/0x10
[ 1639.614921][T30013]  ? __pfx_aa_label_sk_perm+0x10/0x10
[ 1639.614959][T30013]  ? __lock_acquire+0x5ca/0x1ba0
[ 1639.615026][T30013]  ? __lock_acquire+0xaa4/0x1ba0
[ 1639.615081][T30013]  ? iovec_from_user+0xbb/0x140
[ 1639.615112][T30013]  ? __pfx_aa_sk_perm+0x10/0x10
[ 1639.615149][T30013]  ? __import_iovec+0x1c8/0x660
[ 1639.615176][T30013]  ? __might_fault+0xe3/0x190
[ 1639.615209][T30013]  ? __might_fault+0x13b/0x190
[ 1639.615243][T30013]  ? __pfx_udpv6_sendmsg+0x10/0x10
[ 1639.615276][T30013]  ? inet6_sendmsg+0x105/0x140
[ 1639.615305][T30013]  inet6_sendmsg+0x105/0x140
[ 1639.615339][T30013]  ____sys_sendmsg+0x705/0xc70
[ 1639.615395][T30013]  ? copy_msghdr_from_user+0x10a/0x160
[ 1639.615429][T30013]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1639.615485][T30013]  ? __pfx__kstrtoull+0x10/0x10
[ 1639.615527][T30013]  ___sys_sendmsg+0x134/0x1d0
[ 1639.615565][T30013]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1639.615619][T30013]  ? find_held_lock+0x2b/0x80
[ 1639.615671][T30013]  __sys_sendmmsg+0x200/0x420
[ 1639.615711][T30013]  ? __pfx___sys_sendmmsg+0x10/0x10
[ 1639.615758][T30013]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 1639.615817][T30013]  ? fput+0x70/0xf0
[ 1639.615851][T30013]  ? ksys_write+0x1b9/0x240
[ 1639.615879][T30013]  ? __pfx_ksys_write+0x10/0x10
[ 1639.615904][T30013]  ? rcu_is_watching+0x12/0xc0
[ 1639.615936][T30013]  __x64_sys_sendmmsg+0x9c/0x100
[ 1639.615968][T30013]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1639.616008][T30013]  do_syscall_64+0xcd/0x230
[ 1639.616053][T30013]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1639.616081][T30013] RIP: 0033:0x7f921c78e969
[ 1639.616104][T30013] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1639.616132][T30013] RSP: 002b:00007f921d6a1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 1639.616176][T30013] RAX: ffffffffffffffda RBX: 00007f921c9b6080 RCX: 00007f921c78e969
[ 1639.616194][T30013] RDX: 00000000000009a6 RSI: 0000000000000000 RDI: 0000000000000003
[ 1639.616211][T30013] RBP: 00007f921d6a1090 R08: 0000000000000000 R09: 0000000000000000
[ 1639.616228][T30013] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1639.616244][T30013] R13: 0000000000000000 R14: 00007f921c9b6080 R15: 00007fffefb3a7f8
[ 1639.616283][T30013]  </TASK>
[ 1640.748500][T30036] Format for linking two devices is "netnsfd_a:ifidx_a netnsfd_b:ifidx_b" (int uint int uint).
[ 1641.335524][T30048] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4373'.
[ 1644.691053][T30095] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4385'.
[ 1646.576836][T30114] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4390'.
[ 1647.079584][T30125] ima: policy update failed
[ 1647.117353][   T30] audit: type=1802 audit(6043189480.269:11): pid=30125 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.2.4391" res=0 errno=0
[ 1647.781416][T30137] FAULT_INJECTION: forcing a failure.
[ 1647.781416][T30137] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1647.796281][T30137] CPU: 1 UID: 0 PID: 30137 Comm: syz.4.4394 Tainted: G     U              6.15.0-rc7-syzkaller-00175-g0f8c0258bf04 #0 PREEMPT(full) 
[ 1647.796326][T30137] Tainted: [U]=USER
[ 1647.796337][T30137] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1647.796354][T30137] Call Trace:
[ 1647.796364][T30137]  <TASK>
[ 1647.796375][T30137]  dump_stack_lvl+0x16c/0x1f0
[ 1647.796421][T30137]  should_fail_ex+0x512/0x640
[ 1647.796491][T30137]  _copy_to_user+0x32/0xd0
[ 1647.796537][T30137]  simple_read_from_buffer+0xcb/0x170
[ 1647.796587][T30137]  proc_fail_nth_read+0x197/0x270
[ 1647.796655][T30137]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1647.796706][T30137]  ? rw_verify_area+0xcf/0x680
[ 1647.796755][T30137]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1647.796803][T30137]  vfs_read+0x1de/0xc70
[ 1647.796840][T30137]  ? __pfx___mutex_lock+0x10/0x10
[ 1647.796889][T30137]  ? __pfx_vfs_read+0x10/0x10
[ 1647.796942][T30137]  ? __fget_files+0x20e/0x3c0
[ 1647.796986][T30137]  ksys_read+0x12a/0x240
[ 1647.797019][T30137]  ? __pfx_ksys_read+0x10/0x10
[ 1647.797066][T30137]  do_syscall_64+0xcd/0x230
[ 1647.797120][T30137]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1647.797153][T30137] RIP: 0033:0x7f089d38d37c
[ 1647.797179][T30137] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[ 1647.797212][T30137] RSP: 002b:00007f089e2dd030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1647.797244][T30137] RAX: ffffffffffffffda RBX: 00007f089d5b5fa0 RCX: 00007f089d38d37c
[ 1647.797265][T30137] RDX: 000000000000000f RSI: 00007f089e2dd0a0 RDI: 0000000000000005
[ 1647.797284][T30137] RBP: 00007f089e2dd090 R08: 0000000000000000 R09: 0000000000000000
[ 1647.797303][T30137] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1647.797321][T30137] R13: 0000000000000000 R14: 00007f089d5b5fa0 R15: 00007fffeb0479c8
[ 1647.797362][T30137]  </TASK>
[ 1647.992030][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1648.631520][T30150] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4397'.
[ 1650.146180][T30172] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4401'.
[ 1650.327282][T28297] Bluetooth: hci0: command 0x0406 tx timeout
[ 1650.700794][T30189] FAULT_INJECTION: forcing a failure.
[ 1650.700794][T30189] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1650.724335][T30189] CPU: 0 UID: 0 PID: 30189 Comm: syz.1.4406 Tainted: G     U              6.15.0-rc7-syzkaller-00175-g0f8c0258bf04 #0 PREEMPT(full) 
[ 1650.724383][T30189] Tainted: [U]=USER
[ 1650.724394][T30189] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1650.724413][T30189] Call Trace:
[ 1650.724423][T30189]  <TASK>
[ 1650.724435][T30189]  dump_stack_lvl+0x16c/0x1f0
[ 1650.724486][T30189]  should_fail_ex+0x512/0x640
[ 1650.724525][T30189]  strncpy_from_user+0x3b/0x2e0
[ 1650.724562][T30189]  getname_flags.part.0+0x8f/0x550
[ 1650.724599][T30189]  getname_flags+0x93/0xf0
[ 1650.724637][T30189]  user_path_at+0x24/0x60
[ 1650.724659][T30189]  __x64_sys_mount+0x1fc/0x310
[ 1650.724686][T30189]  ? __pfx___x64_sys_mount+0x10/0x10
[ 1650.724724][T30189]  ? rcu_is_watching+0x12/0xc0
[ 1650.724751][T30189]  do_syscall_64+0xcd/0x230
[ 1650.724785][T30189]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1650.724807][T30189] RIP: 0033:0x7f921c78e969
[ 1650.724824][T30189] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1650.724845][T30189] RSP: 002b:00007f921d6a1038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 1650.724865][T30189] RAX: ffffffffffffffda RBX: 00007f921c9b6080 RCX: 00007f921c78e969
[ 1650.724880][T30189] RDX: 0000200000000140 RSI: 0000200000000040 RDI: 0000000000000000
[ 1650.724893][T30189] RBP: 00007f921d6a1090 R08: 0000000000000000 R09: 0000000000000000
[ 1650.724906][T30189] R10: 0000000000010000 R11: 0000000000000246 R12: 0000000000000001
[ 1650.724919][T30189] R13: 0000000000000000 R14: 00007f921c9b6080 R15: 00007fffefb3a7f8
[ 1650.724964][T30189]  </TASK>
[ 1651.850326][T30204] usb usb2: usbfs: process 30204 (syz.1.4410) did not claim interface 1 before use
[ 1652.546097][T30208] FAULT_INJECTION: forcing a failure.
[ 1652.546097][T30208] name failslab, interval 1, probability 0, space 0, times 0
[ 1652.582263][T30208] CPU: 1 UID: 0 PID: 30208 Comm: syz.4.4411 Tainted: G     U              6.15.0-rc7-syzkaller-00175-g0f8c0258bf04 #0 PREEMPT(full) 
[ 1652.582320][T30208] Tainted: [U]=USER
[ 1652.582329][T30208] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1652.582344][T30208] Call Trace:
[ 1652.582353][T30208]  <TASK>
[ 1652.582362][T30208]  dump_stack_lvl+0x16c/0x1f0
[ 1652.582407][T30208]  should_fail_ex+0x512/0x640
[ 1652.582445][T30208]  ? __kmalloc_noprof+0xbf/0x510
[ 1652.582479][T30208]  ? xfrm_hash_alloc+0xd1/0x100
[ 1652.582516][T30208]  should_failslab+0xc2/0x120
[ 1652.582555][T30208]  __kmalloc_noprof+0xd2/0x510
[ 1652.582582][T30208]  ? proc_create_reg+0xe3/0x180
[ 1652.582618][T30208]  ? __pfx_xfrm_net_init+0x10/0x10
[ 1652.582642][T30208]  xfrm_hash_alloc+0xd1/0x100
[ 1652.582683][T30208]  xfrm_state_init+0xdd/0x630
[ 1652.582727][T30208]  ? __pfx_xfrm_net_init+0x10/0x10
[ 1652.582750][T30208]  xfrm_net_init+0x210/0xcc0
[ 1652.582778][T30208]  ? __pfx_xfrm_net_init+0x10/0x10
[ 1652.582803][T30208]  ops_init+0x1e2/0x5f0
[ 1652.582839][T30208]  setup_net+0x21e/0x850
[ 1652.582877][T30208]  ? __pfx_setup_net+0x10/0x10
[ 1652.582909][T30208]  ? lockdep_init_map_type+0x5c/0x280
[ 1652.582946][T30208]  ? __pfx_down_read_killable+0x10/0x10
[ 1652.582976][T30208]  ? debug_mutex_init+0x37/0x70
[ 1652.583004][T30208]  copy_net_ns+0x2a6/0x5f0
[ 1652.583044][T30208]  create_new_namespaces+0x3ea/0xad0
[ 1652.583095][T30208]  unshare_nsproxy_namespaces+0xc0/0x1f0
[ 1652.583138][T30208]  ksys_unshare+0x45b/0xa40
[ 1652.583169][T30208]  ? __pfx_ksys_unshare+0x10/0x10
[ 1652.583201][T30208]  ? xfd_validate_state+0x5d/0x180
[ 1652.583225][T30208]  ? rcu_is_watching+0x12/0xc0
[ 1652.583253][T30208]  __x64_sys_unshare+0x31/0x40
[ 1652.583285][T30208]  do_syscall_64+0xcd/0x230
[ 1652.583325][T30208]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1652.583355][T30208] RIP: 0033:0x7f089d38e969
[ 1652.583380][T30208] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1652.583412][T30208] RSP: 002b:00007f089e2dd038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110
[ 1652.583440][T30208] RAX: ffffffffffffffda RBX: 00007f089d5b5fa0 RCX: 00007f089d38e969
[ 1652.583456][T30208] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080
[ 1652.583470][T30208] RBP: 00007f089d410ab1 R08: 0000000000000000 R09: 0000000000000000
[ 1652.583484][T30208] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1652.583497][T30208] R13: 0000000000000000 R14: 00007f089d5b5fa0 R15: 00007fffeb0479c8
[ 1652.583526][T30208]  </TASK>
[ 1652.835878][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1653.884926][T30196] kexec: Could not allocate control_code_buffer
[ 1656.586100][T30277] FAULT_INJECTION: forcing a failure.
[ 1656.586100][T30277] name failslab, interval 1, probability 0, space 0, times 0
[ 1656.603573][T30277] CPU: 0 UID: 0 PID: 30277 Comm: syz.2.4426 Tainted: G     U              6.15.0-rc7-syzkaller-00175-g0f8c0258bf04 #0 PREEMPT(full) 
[ 1656.603621][T30277] Tainted: [U]=USER
[ 1656.603632][T30277] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1656.603650][T30277] Call Trace:
[ 1656.603660][T30277]  <TASK>
[ 1656.603672][T30277]  dump_stack_lvl+0x16c/0x1f0
[ 1656.603724][T30277]  should_fail_ex+0x512/0x640
[ 1656.603768][T30277]  ? __kmalloc_cache_noprof+0x57/0x3e0
[ 1656.603805][T30277]  should_failslab+0xc2/0x120
[ 1656.603844][T30277]  __kmalloc_cache_noprof+0x6a/0x3e0
[ 1656.603875][T30277]  ? vgem_open+0x43/0xe0
[ 1656.603922][T30277]  vgem_open+0x43/0xe0
[ 1656.603965][T30277]  ? __pfx_vgem_open+0x10/0x10
[ 1656.604004][T30277]  drm_file_alloc+0x57d/0x9a0
[ 1656.604049][T30277]  drm_open_helper+0x204/0x550
[ 1656.604093][T30277]  drm_open+0x1a0/0x3e0
[ 1656.604126][T30277]  ? __pfx_drm_open+0x10/0x10
[ 1656.604160][T30277]  drm_stub_open+0x20f/0x380
[ 1656.604200][T30277]  ? __pfx_drm_stub_open+0x10/0x10
[ 1656.604236][T30277]  chrdev_open+0x231/0x6a0
[ 1656.604268][T30277]  ? __pfx_apparmor_file_open+0x10/0x10
[ 1656.604320][T30277]  ? __pfx_chrdev_open+0x10/0x10
[ 1656.604357][T30277]  ? file_set_fsnotify_mode_from_watchers+0x163/0x640
[ 1656.604411][T30277]  do_dentry_open+0x741/0x1c10
[ 1656.604463][T30277]  ? __pfx_chrdev_open+0x10/0x10
[ 1656.604505][T30277]  vfs_open+0x82/0x3f0
[ 1656.604556][T30277]  path_openat+0x1e5e/0x2d40
[ 1656.604607][T30277]  ? __pfx_path_openat+0x10/0x10
[ 1656.604649][T30277]  do_filp_open+0x20b/0x470
[ 1656.604683][T30277]  ? __pfx_do_filp_open+0x10/0x10
[ 1656.604746][T30277]  ? alloc_fd+0x471/0x7d0
[ 1656.604788][T30277]  do_sys_openat2+0x11b/0x1d0
[ 1656.604832][T30277]  ? __pfx_do_sys_openat2+0x10/0x10
[ 1656.604891][T30277]  __x64_sys_openat+0x174/0x210
[ 1656.604937][T30277]  ? __pfx___x64_sys_openat+0x10/0x10
[ 1656.604984][T30277]  ? rcu_is_watching+0x12/0xc0
[ 1656.605038][T30277]  do_syscall_64+0xcd/0x230
[ 1656.605090][T30277]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1656.605139][T30277] RIP: 0033:0x7fe5e158e969
[ 1656.605165][T30277] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1656.605198][T30277] RSP: 002b:00007fe5e24be038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 1656.605230][T30277] RAX: ffffffffffffffda RBX: 00007fe5e17b5fa0 RCX: 00007fe5e158e969
[ 1656.605263][T30277] RDX: 0000000000080002 RSI: 00002000000000c0 RDI: ffffffffffffff9c
[ 1656.605283][T30277] RBP: 00007fe5e1610ab1 R08: 0000000000000000 R09: 0000000000000000
[ 1656.605308][T30277] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1656.605327][T30277] R13: 0000000000000000 R14: 00007fe5e17b5fa0 R15: 00007fff0d487788
[ 1656.605385][T30277]  </TASK>
[ 1656.875142][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1657.175498][T30290] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4438'.
[ 1659.386272][T30326] FAULT_INJECTION: forcing a failure.
[ 1659.386272][T30326] name failslab, interval 1, probability 0, space 0, times 0
[ 1659.409721][T30326] CPU: 1 UID: 0 PID: 30326 Comm: syz.4.4439 Tainted: G     U              6.15.0-rc7-syzkaller-00175-g0f8c0258bf04 #0 PREEMPT(full) 
[ 1659.409779][T30326] Tainted: [U]=USER
[ 1659.409789][T30326] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1659.409807][T30326] Call Trace:
[ 1659.409825][T30326]  <TASK>
[ 1659.409838][T30326]  dump_stack_lvl+0x16c/0x1f0
[ 1659.409895][T30326]  should_fail_ex+0x512/0x640
[ 1659.409941][T30326]  ? __kmalloc_cache_noprof+0x57/0x3e0
[ 1659.409976][T30326]  should_failslab+0xc2/0x120
[ 1659.410015][T30326]  __kmalloc_cache_noprof+0x6a/0x3e0
[ 1659.410053][T30326]  ? vgem_open+0x43/0xe0
[ 1659.410102][T30326]  vgem_open+0x43/0xe0
[ 1659.410142][T30326]  ? __pfx_vgem_open+0x10/0x10
[ 1659.410183][T30326]  drm_file_alloc+0x57d/0x9a0
[ 1659.410227][T30326]  drm_open_helper+0x204/0x550
[ 1659.410272][T30326]  drm_open+0x1a0/0x3e0
[ 1659.410309][T30326]  ? __pfx_drm_open+0x10/0x10
[ 1659.410360][T30326]  drm_stub_open+0x20f/0x380
[ 1659.410405][T30326]  ? __pfx_drm_stub_open+0x10/0x10
[ 1659.410454][T30326]  chrdev_open+0x231/0x6a0
[ 1659.410506][T30326]  ? __pfx_apparmor_file_open+0x10/0x10
[ 1659.410552][T30326]  ? __pfx_chrdev_open+0x10/0x10
[ 1659.410595][T30326]  ? file_set_fsnotify_mode_from_watchers+0x163/0x640
[ 1659.410655][T30326]  do_dentry_open+0x741/0x1c10
[ 1659.410694][T30326]  ? __pfx_chrdev_open+0x10/0x10
[ 1659.410740][T30326]  vfs_open+0x82/0x3f0
[ 1659.410787][T30326]  path_openat+0x1e5e/0x2d40
[ 1659.410848][T30326]  ? __pfx_path_openat+0x10/0x10
[ 1659.410895][T30326]  do_filp_open+0x20b/0x470
[ 1659.410941][T30326]  ? __pfx_do_filp_open+0x10/0x10
[ 1659.411004][T30326]  ? alloc_fd+0x471/0x7d0
[ 1659.411049][T30326]  do_sys_openat2+0x11b/0x1d0
[ 1659.411098][T30326]  ? __pfx_do_sys_openat2+0x10/0x10
[ 1659.411159][T30326]  __x64_sys_openat+0x174/0x210
[ 1659.411205][T30326]  ? __pfx___x64_sys_openat+0x10/0x10
[ 1659.411252][T30326]  ? rcu_is_watching+0x12/0xc0
[ 1659.411295][T30326]  do_syscall_64+0xcd/0x230
[ 1659.411349][T30326]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1659.411382][T30326] RIP: 0033:0x7f089d38e969
[ 1659.411408][T30326] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1659.411440][T30326] RSP: 002b:00007f089e2dd038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 1659.411476][T30326] RAX: ffffffffffffffda RBX: 00007f089d5b5fa0 RCX: 00007f089d38e969
[ 1659.411498][T30326] RDX: 0000000000080002 RSI: 00002000000000c0 RDI: ffffffffffffff9c
[ 1659.411520][T30326] RBP: 00007f089d410ab1 R08: 0000000000000000 R09: 0000000000000000
[ 1659.411540][T30326] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1659.411564][T30326] R13: 0000000000000000 R14: 00007f089d5b5fa0 R15: 00007fffeb0479c8
[ 1659.411606][T30326]  </TASK>
[ 1660.073951][T30342] netlink: zone id is out of range
[ 1660.116216][T30344] netlink: zone id is out of range
[ 1660.666327][T30335] netlink: 342 bytes leftover after parsing attributes in process `syz.1.4440'.
[ 1661.873563][T30356] usb usb2: usbfs: process 30356 (syz.4.4443) did not claim interface 1 before use
[ 1662.495284][T30371] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4444'.
[ 1663.754128][T30398] FAULT_INJECTION: forcing a failure.
[ 1663.754128][T30398] name failslab, interval 1, probability 0, space 0, times 0
[ 1663.767267][T30398] CPU: 1 UID: 0 PID: 30398 Comm: syz.0.4448 Tainted: G     U              6.15.0-rc7-syzkaller-00175-g0f8c0258bf04 #0 PREEMPT(full) 
[ 1663.767313][T30398] Tainted: [U]=USER
[ 1663.767324][T30398] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1663.767342][T30398] Call Trace:
[ 1663.767353][T30398]  <TASK>
[ 1663.767365][T30398]  dump_stack_lvl+0x16c/0x1f0
[ 1663.767416][T30398]  should_fail_ex+0x512/0x640
[ 1663.767462][T30398]  ? __kvmalloc_node_noprof+0x122/0x600
[ 1663.767501][T30398]  should_failslab+0xc2/0x120
[ 1663.767540][T30398]  __kvmalloc_node_noprof+0x135/0x600
[ 1663.767585][T30398]  ? file_tty_write.constprop.0+0x6ed/0x9b0
[ 1663.767634][T30398]  ? file_tty_write.constprop.0+0x6ed/0x9b0
[ 1663.767674][T30398]  file_tty_write.constprop.0+0x6ed/0x9b0
[ 1663.767726][T30398]  redirected_tty_write+0xd4/0x150
[ 1663.767769][T30398]  vfs_write+0x5bd/0x1180
[ 1663.767801][T30398]  ? __pfx_redirected_tty_write+0x10/0x10
[ 1663.767847][T30398]  ? __pfx_vfs_write+0x10/0x10
[ 1663.767877][T30398]  ? find_held_lock+0x2b/0x80
[ 1663.767937][T30398]  ksys_write+0x12a/0x240
[ 1663.767970][T30398]  ? __pfx_ksys_write+0x10/0x10
[ 1663.767999][T30398]  ? rcu_is_watching+0x12/0xc0
[ 1663.768041][T30398]  do_syscall_64+0xcd/0x230
[ 1663.768095][T30398]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1663.768128][T30398] RIP: 0033:0x7f0f15f8e969
[ 1663.768152][T30398] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1663.768184][T30398] RSP: 002b:00007f0f16e5b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 1663.768212][T30398] RAX: ffffffffffffffda RBX: 00007f0f161b6320 RCX: 00007f0f15f8e969
[ 1663.768233][T30398] RDX: 0000000000000019 RSI: 0000200000000440 RDI: 0000000000000003
[ 1663.768253][T30398] RBP: 00007f0f16e5b090 R08: 0000000000000000 R09: 0000000000000000
[ 1663.768273][T30398] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1663.768292][T30398] R13: 0000000000000000 R14: 00007f0f161b6320 R15: 00007fff471ab4b8
[ 1663.768336][T30398]  </TASK>
[ 1666.033561][T30441] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4456'.
[ 1666.055122][T30442] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4458'.
[ 1667.212403][T30452] openvswitch: netlink: Port -2134900732 exceeds max allowable 65535
[ 1668.435917][T30473] FAULT_INJECTION: forcing a failure.
[ 1668.435917][T30473] name failslab, interval 1, probability 0, space 0, times 0
[ 1668.471673][T30473] CPU: 1 UID: 0 PID: 30473 Comm: syz.4.4465 Tainted: G     U              6.15.0-rc7-syzkaller-00175-g0f8c0258bf04 #0 PREEMPT(full) 
[ 1668.471726][T30473] Tainted: [U]=USER
[ 1668.471737][T30473] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1668.471754][T30473] Call Trace:
[ 1668.471765][T30473]  <TASK>
[ 1668.471776][T30473]  dump_stack_lvl+0x16c/0x1f0
[ 1668.471825][T30473]  should_fail_ex+0x512/0x640
[ 1668.471871][T30473]  ? __kmalloc_node_track_caller_noprof+0xc3/0x510
[ 1668.471915][T30473]  should_failslab+0xc2/0x120
[ 1668.471976][T30473]  __kmalloc_node_track_caller_noprof+0xd6/0x510
[ 1668.472017][T30473]  ? mark_held_locks+0x49/0x80
[ 1668.472062][T30473]  ? kstrdup_const+0x63/0x80
[ 1668.472110][T30473]  kstrdup+0x53/0x100
[ 1668.472154][T30473]  kstrdup_const+0x63/0x80
[ 1668.472195][T30473]  kvasprintf_const+0x10f/0x1a0
[ 1668.472232][T30473]  kobject_set_name_vargs+0x5a/0x140
[ 1668.472267][T30473]  dev_set_name+0xc7/0x100
[ 1668.472320][T30473]  ? __pfx_dev_set_name+0x10/0x10
[ 1668.472378][T30473]  ? lockdep_init_map_type+0x5c/0x280
[ 1668.472427][T30473]  ? __init_waitqueue_head+0xca/0x150
[ 1668.472495][T30473]  netdev_register_kobject+0xc5/0x3a0
[ 1668.472551][T30473]  register_netdevice+0x13dc/0x2270
[ 1668.472605][T30473]  ? __pfx_register_netdevice+0x10/0x10
[ 1668.472653][T30473]  ? alloc_netdev_mqs+0xe7e/0x1570
[ 1668.472701][T30473]  ? __pfx_loopback_net_init+0x10/0x10
[ 1668.472748][T30473]  register_netdev+0x34/0x50
[ 1668.472793][T30473]  loopback_net_init+0x7a/0x170
[ 1668.472839][T30473]  ? __pfx_loopback_net_init+0x10/0x10
[ 1668.472881][T30473]  ops_init+0x1e2/0x5f0
[ 1668.472930][T30473]  setup_net+0x21e/0x850
[ 1668.472978][T30473]  ? __pfx_setup_net+0x10/0x10
[ 1668.473020][T30473]  ? lockdep_init_map_type+0x5c/0x280
[ 1668.473067][T30473]  ? __pfx_down_read_killable+0x10/0x10
[ 1668.473118][T30473]  ? debug_mutex_init+0x37/0x70
[ 1668.473163][T30473]  copy_net_ns+0x2a6/0x5f0
[ 1668.473207][T30473]  create_new_namespaces+0x3ea/0xad0
[ 1668.473249][T30473]  unshare_nsproxy_namespaces+0xc0/0x1f0
[ 1668.473285][T30473]  ksys_unshare+0x45b/0xa40
[ 1668.473325][T30473]  ? __pfx_ksys_unshare+0x10/0x10
[ 1668.473362][T30473]  ? xfd_validate_state+0x5d/0x180
[ 1668.473393][T30473]  ? rcu_is_watching+0x12/0xc0
[ 1668.473430][T30473]  __x64_sys_unshare+0x31/0x40
[ 1668.473472][T30473]  do_syscall_64+0xcd/0x230
[ 1668.473514][T30473]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1668.473539][T30473] RIP: 0033:0x7f089d38e969
[ 1668.473559][T30473] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1668.473584][T30473] RSP: 002b:00007f089e2dd038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110
[ 1668.473608][T30473] RAX: ffffffffffffffda RBX: 00007f089d5b5fa0 RCX: 00007f089d38e969
[ 1668.473625][T30473] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080
[ 1668.473640][T30473] RBP: 00007f089d410ab1 R08: 0000000000000000 R09: 0000000000000000
[ 1668.473654][T30473] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1668.473668][T30473] R13: 0000000000000000 R14: 00007f089d5b5fa0 R15: 00007fffeb0479c8
[ 1668.473699][T30473]  </TASK>
[ 1669.276344][T30488] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4468'.
[ 1671.010624][T30502] netlink: 342 bytes leftover after parsing attributes in process `syz.2.4471'.
[ 1671.696538][T30493] kexec: Could not allocate control_code_buffer
[ 1673.469807][T30536] FAULT_INJECTION: forcing a failure.
[ 1673.469807][T30536] name failslab, interval 1, probability 0, space 0, times 0
[ 1673.614622][T30536] CPU: 0 UID: 0 PID: 30536 Comm: syz.4.4477 Tainted: G     U              6.15.0-rc7-syzkaller-00175-g0f8c0258bf04 #0 PREEMPT(full) 
[ 1673.614663][T30536] Tainted: [U]=USER
[ 1673.614671][T30536] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1673.614684][T30536] Call Trace:
[ 1673.614692][T30536]  <TASK>
[ 1673.614716][T30536]  dump_stack_lvl+0x16c/0x1f0
[ 1673.614775][T30536]  should_fail_ex+0x512/0x640
[ 1673.614810][T30536]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[ 1673.614843][T30536]  should_failslab+0xc2/0x120
[ 1673.614874][T30536]  kmem_cache_alloc_noprof+0x6d/0x3b0
[ 1673.614901][T30536]  ? __pmd_alloc+0xc3/0x870
[ 1673.614940][T30536]  __pmd_alloc+0xc3/0x870
[ 1673.614973][T30536]  ? find_held_lock+0x2b/0x80
[ 1673.614999][T30536]  __handle_mm_fault+0x948/0x2a40
[ 1673.615032][T30536]  ? __pfx___handle_mm_fault+0x10/0x10
[ 1673.615073][T30536]  ? find_vma+0xbf/0x140
[ 1673.615112][T30536]  ? __pfx_find_vma+0x10/0x10
[ 1673.615151][T30536]  handle_mm_fault+0x3fe/0xad0
[ 1673.615182][T30536]  do_user_addr_fault+0x7a6/0x1370
[ 1673.615212][T30536]  ? rcu_is_watching+0x12/0xc0
[ 1673.615237][T30536]  exc_page_fault+0x5c/0xc0
[ 1673.615271][T30536]  asm_exc_page_fault+0x26/0x30
[ 1673.615293][T30536] RIP: 0010:rep_movs_alternative+0x4a/0x90
[ 1673.615322][T30536] Code: cc cc cc 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 73 e8 eb c5 <f3> a4 e9 7f 09 04 00 48 8b 06 48 89 07 48 8d 47 08 48 83 e0 f8 48
[ 1673.615350][T30536] RSP: 0018:ffffc90004bbf978 EFLAGS: 00050206
[ 1673.615375][T30536] RAX: 0000000000000001 RBX: 0000000000000100 RCX: 0000000000000100
[ 1673.615397][T30536] RDX: fffff52000977f5f RSI: ffffc90004bbf9f8 RDI: 0000000000000007
[ 1673.615413][T30536] RBP: 0000000000000007 R08: 0000000000000000 R09: fffff52000977f5e
[ 1673.615427][T30536] R10: ffffc90004bbfaf7 R11: 0000000000000000 R12: ffffc90004bbf9f8
[ 1673.615443][T30536] R13: 0000000000000107 R14: 00007ffffffff000 R15: 0000000000000000
[ 1673.615473][T30536]  _copy_to_user+0xbb/0xd0
[ 1673.615498][T30536]  con_get_trans_old+0x1e9/0x2b0
[ 1673.615538][T30536]  ? __pfx_con_get_trans_old+0x10/0x10
[ 1673.615607][T30536]  ? apparmor_capable+0x114/0x1d0
[ 1673.615649][T30536]  ? bpf_lsm_capable+0x9/0x10
[ 1673.615685][T30536]  ? security_capable+0x7e/0x260
[ 1673.615715][T30536]  vt_ioctl+0x585/0x2f50
[ 1673.615735][T30536]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1673.615774][T30536]  ? __pfx_vt_ioctl+0x10/0x10
[ 1673.615797][T30536]  ? tomoyo_path_number_perm+0x295/0x580
[ 1673.615835][T30536]  ? tomoyo_path_number_perm+0x18d/0x580
[ 1673.615880][T30536]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1673.615920][T30536]  ? __sanitizer_cov_trace_switch+0x54/0x90
[ 1673.615952][T30536]  ? do_vfs_ioctl+0x512/0x1990
[ 1673.615983][T30536]  ? __sanitizer_cov_trace_switch+0x54/0x90
[ 1673.616015][T30536]  ? tty_jobctrl_ioctl+0x152/0xe00
[ 1673.616037][T30536]  ? __pfx_vt_ioctl+0x10/0x10
[ 1673.616054][T30536]  tty_ioctl+0x65a/0x1610
[ 1673.616094][T30536]  ? __pfx_tty_ioctl+0x10/0x10
[ 1673.616130][T30536]  ? find_held_lock+0x2b/0x80
[ 1673.616151][T30536]  ? hook_file_ioctl_common+0x145/0x410
[ 1673.616184][T30536]  ? __fget_files+0x20e/0x3c0
[ 1673.616208][T30536]  ? __pfx_tty_ioctl+0x10/0x10
[ 1673.616237][T30536]  __x64_sys_ioctl+0x193/0x200
[ 1673.616271][T30536]  do_syscall_64+0xcd/0x230
[ 1673.616307][T30536]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1673.616329][T30536] RIP: 0033:0x7f089d38e969
[ 1673.616346][T30536] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1673.616367][T30536] RSP: 002b:00007f089e2dd038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1673.616387][T30536] RAX: ffffffffffffffda RBX: 00007f089d5b5fa0 RCX: 00007f089d38e969
[ 1673.616401][T30536] RDX: 0000000000000007 RSI: 0000000000004b40 RDI: 0000000000000003
[ 1673.616414][T30536] RBP: 00007f089e2dd090 R08: 0000000000000000 R09: 0000000000000000
[ 1673.616428][T30536] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1673.616441][T30536] R13: 0000000000000000 R14: 00007f089d5b5fa0 R15: 00007fffeb0479c8
[ 1673.616468][T30536]  </TASK>
[ 1674.009512][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1674.041540][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[ 1674.051397][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[ 1674.637274][T30556] FAULT_INJECTION: forcing a failure.
[ 1674.637274][T30556] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1674.651987][T30556] CPU: 1 UID: 0 PID: 30556 Comm: syz.4.4478 Tainted: G     U              6.15.0-rc7-syzkaller-00175-g0f8c0258bf04 #0 PREEMPT(full) 
[ 1674.652038][T30556] Tainted: [U]=USER
[ 1674.652049][T30556] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1674.652068][T30556] Call Trace:
[ 1674.652079][T30556]  <TASK>
[ 1674.652092][T30556]  dump_stack_lvl+0x16c/0x1f0
[ 1674.652144][T30556]  should_fail_ex+0x512/0x640
[ 1674.652199][T30556]  _copy_from_user+0x2e/0xd0
[ 1674.652231][T30556]  do_sys_poll+0x1d5/0xe00
[ 1674.652283][T30556]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 1674.652323][T30556]  ? kernel_text_address+0x8d/0x100
[ 1674.652355][T30556]  ? __kernel_text_address+0xd/0x40
[ 1674.652388][T30556]  ? __pfx_do_sys_poll+0x10/0x10
[ 1674.652480][T30556]  ? find_held_lock+0x2b/0x80
[ 1674.652592][T30556]  ? __pfx_timespec64_add_safe+0x10/0x10
[ 1674.652641][T30556]  ? ktime_get_ts64+0x2d2/0x400
[ 1674.652678][T30556]  ? set_user_sigmask+0x21b/0x2b0
[ 1674.652713][T30556]  ? __pfx_set_user_sigmask+0x10/0x10
[ 1674.652758][T30556]  __x64_sys_ppoll+0x254/0x2d0
[ 1674.652801][T30556]  ? __pfx___x64_sys_ppoll+0x10/0x10
[ 1674.652831][T30556]  ? ksys_write+0x1b9/0x240
[ 1674.652863][T30556]  ? __pfx_ksys_write+0x10/0x10
[ 1674.652894][T30556]  ? rcu_is_watching+0x12/0xc0
[ 1674.652939][T30556]  do_syscall_64+0xcd/0x230
[ 1674.652993][T30556]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1674.653025][T30556] RIP: 0033:0x7f089d38e969
[ 1674.653051][T30556] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1674.653095][T30556] RSP: 002b:00007f089e217038 EFLAGS: 00000246 ORIG_RAX: 000000000000010f
[ 1674.653134][T30556] RAX: ffffffffffffffda RBX: 00007f089d5b64e0 RCX: 00007f089d38e969
[ 1674.653152][T30556] RDX: 0000200000003640 RSI: 00000000000000d6 RDI: 0000200000003600
[ 1674.653169][T30556] RBP: 00007f089e217090 R08: 0000000000000008 R09: 0000000000000000
[ 1674.653185][T30556] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1674.653200][T30556] R13: 0000000000000000 R14: 00007f089d5b64e0 R15: 00007fffeb0479c8
[ 1674.653235][T30556]  </TASK>
[ 1675.254326][T30563] page: refcount:4 mapcount:3 mapping:0000000000000000 index:0xffff888078800dc0 pfn:0x78800
[ 1675.266871][T30563] flags: 0xfff18000000214(referenced|dirty|workingset|node=0|zone=1|lastcpupid=0x7ff)
[ 1675.306026][T30563] raw: 00fff18000000214 0000000000000000 dead000000000122 0000000000000000
[ 1675.365723][T30563] raw: ffff888078800dc0 0000000000000000 0000000400000002 0000000000000000
[ 1675.374367][T30563] page dumped because: unmovable page
[ 1675.426555][T30566] FAULT_INJECTION: forcing a failure.
[ 1675.426555][T30566] name failslab, interval 1, probability 0, space 0, times 0
[ 1675.472141][T30563] page_owner tracks the page as allocated
[ 1675.478943][T30566] CPU: 0 UID: 0 PID: 30566 Comm: syz.4.4483 Tainted: G     U              6.15.0-rc7-syzkaller-00175-g0f8c0258bf04 #0 PREEMPT(full) 
[ 1675.478992][T30566] Tainted: [U]=USER
[ 1675.479002][T30566] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1675.479018][T30566] Call Trace:
[ 1675.479029][T30566]  <TASK>
[ 1675.479040][T30566]  dump_stack_lvl+0x16c/0x1f0
[ 1675.479090][T30566]  should_fail_ex+0x512/0x640
[ 1675.479132][T30566]  ? __kmalloc_cache_noprof+0x57/0x3e0
[ 1675.479183][T30566]  should_failslab+0xc2/0x120
[ 1675.479223][T30566]  __kmalloc_cache_noprof+0x6a/0x3e0
[ 1675.479262][T30566]  ? vgem_open+0x43/0xe0
[ 1675.479318][T30566]  vgem_open+0x43/0xe0
[ 1675.479359][T30566]  ? __pfx_vgem_open+0x10/0x10
[ 1675.479399][T30566]  drm_file_alloc+0x57d/0x9a0
[ 1675.479440][T30566]  drm_open_helper+0x204/0x550
[ 1675.479481][T30566]  drm_open+0x1a0/0x3e0
[ 1675.479537][T30566]  ? __pfx_drm_open+0x10/0x10
[ 1675.479575][T30566]  drm_stub_open+0x20f/0x380
[ 1675.479616][T30566]  ? __pfx_drm_stub_open+0x10/0x10
[ 1675.479654][T30566]  chrdev_open+0x231/0x6a0
[ 1675.479688][T30566]  ? __pfx_apparmor_file_open+0x10/0x10
[ 1675.479777][T30566]  ? __pfx_chrdev_open+0x10/0x10
[ 1675.479816][T30566]  ? file_set_fsnotify_mode_from_watchers+0x163/0x640
[ 1675.479872][T30566]  do_dentry_open+0x741/0x1c10
[ 1675.479907][T30566]  ? __pfx_chrdev_open+0x10/0x10
[ 1675.479949][T30566]  vfs_open+0x82/0x3f0
[ 1675.479996][T30566]  path_openat+0x1e5e/0x2d40
[ 1675.480043][T30566]  ? __pfx_path_openat+0x10/0x10
[ 1675.480084][T30566]  do_filp_open+0x20b/0x470
[ 1675.480117][T30566]  ? __pfx_do_filp_open+0x10/0x10
[ 1675.480178][T30566]  ? alloc_fd+0x471/0x7d0
[ 1675.480217][T30566]  do_sys_openat2+0x11b/0x1d0
[ 1675.480259][T30566]  ? __pfx_do_sys_openat2+0x10/0x10
[ 1675.480316][T30566]  __x64_sys_openat+0x174/0x210
[ 1675.480361][T30566]  ? __pfx___x64_sys_openat+0x10/0x10
[ 1675.480409][T30566]  ? rcu_is_watching+0x12/0xc0
[ 1675.480450][T30566]  do_syscall_64+0xcd/0x230
[ 1675.480501][T30566]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1675.480532][T30566] RIP: 0033:0x7f089d38e969
[ 1675.480556][T30566] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1675.480587][T30566] RSP: 002b:00007f089e2dd038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 1675.480617][T30566] RAX: ffffffffffffffda RBX: 00007f089d5b5fa0 RCX: 00007f089d38e969
[ 1675.480639][T30566] RDX: 0000000000080002 RSI: 00002000000000c0 RDI: ffffffffffffff9c
[ 1675.480661][T30566] RBP: 00007f089d410ab1 R08: 0000000000000000 R09: 0000000000000000
[ 1675.480679][T30566] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1675.480697][T30566] R13: 0000000000000000 R14: 00007f089d5b5fa0 R15: 00007fffeb0479c8
[ 1675.480744][T30566]  </TASK>
[ 1675.518191][T30563] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), pid 18771, tgid 18771 (syz-executor), ts 1008729841633, free_ts 1008426028033
[ 1675.519180][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1675.524067][T30563]  post_alloc_hook+0x181/0x1b0
[ 1675.885573][T30563]  get_page_from_freelist+0x135c/0x3920
[ 1675.985818][T30563]  __alloc_frozen_pages_noprof+0x261/0x23f0
[ 1675.991902][T30563]  alloc_pages_mpol+0x1fb/0x550
[ 1676.045902][T30563]  alloc_pages_noprof+0x131/0x390
[ 1676.051021][T30563]  __vmalloc_node_range_noprof+0x732/0x1540
[ 1676.093523][T30563]  vmalloc_user_noprof+0x6b/0x90
[ 1676.152019][T30563]  kcov_ioctl+0x4c/0x730
[ 1676.205401][T30563]  __x64_sys_ioctl+0x193/0x200
[ 1676.225436][T30563]  do_syscall_64+0xcd/0x230
[ 1676.252637][T30563]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1676.326998][T30563] page last free pid 974 tgid 974 stack trace:
[ 1676.333252][T30563]  __free_frozen_pages+0x69d/0xff0
[ 1676.389703][T30563]  vfree+0x176/0x960
[ 1676.393751][T30563]  delayed_vfree_work+0x56/0x70
[ 1676.444956][T30563]  process_one_work+0x9cf/0x1b70
[ 1676.485421][T30563]  worker_thread+0x6c8/0xf10
[ 1676.525463][T30563]  kthread+0x3c2/0x780
[ 1676.529654][T30563]  ret_from_fork+0x48/0x80
[ 1676.543704][T30563]  ret_from_fork_asm+0x1a/0x30
[ 1678.447410][T30624] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4495'.
[ 1678.617115][T30626] FAULT_INJECTION: forcing a failure.
[ 1678.617115][T30626] name failslab, interval 1, probability 0, space 0, times 0
[ 1678.631299][T30626] CPU: 1 UID: 0 PID: 30626 Comm: syz.1.4496 Tainted: G     U              6.15.0-rc7-syzkaller-00175-g0f8c0258bf04 #0 PREEMPT(full) 
[ 1678.631342][T30626] Tainted: [U]=USER
[ 1678.631350][T30626] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1678.631364][T30626] Call Trace:
[ 1678.631371][T30626]  <TASK>
[ 1678.631380][T30626]  dump_stack_lvl+0x16c/0x1f0
[ 1678.631418][T30626]  should_fail_ex+0x512/0x640
[ 1678.631452][T30626]  ? __kmalloc_cache_noprof+0x57/0x3e0
[ 1678.631478][T30626]  should_failslab+0xc2/0x120
[ 1678.631507][T30626]  __kmalloc_cache_noprof+0x6a/0x3e0
[ 1678.631530][T30626]  ? vgem_open+0x43/0xe0
[ 1678.631572][T30626]  vgem_open+0x43/0xe0
[ 1678.631604][T30626]  ? __pfx_vgem_open+0x10/0x10
[ 1678.631635][T30626]  drm_file_alloc+0x57d/0x9a0
[ 1678.631668][T30626]  drm_open_helper+0x204/0x550
[ 1678.631700][T30626]  drm_open+0x1a0/0x3e0
[ 1678.631728][T30626]  ? __pfx_drm_open+0x10/0x10
[ 1678.631756][T30626]  drm_stub_open+0x20f/0x380
[ 1678.631785][T30626]  ? __pfx_drm_stub_open+0x10/0x10
[ 1678.631813][T30626]  chrdev_open+0x231/0x6a0
[ 1678.631839][T30626]  ? __pfx_apparmor_file_open+0x10/0x10
[ 1678.631871][T30626]  ? __pfx_chrdev_open+0x10/0x10
[ 1678.631900][T30626]  ? file_set_fsnotify_mode_from_watchers+0x163/0x640
[ 1678.631940][T30626]  do_dentry_open+0x741/0x1c10
[ 1678.631984][T30626]  ? __pfx_chrdev_open+0x10/0x10
[ 1678.632018][T30626]  vfs_open+0x82/0x3f0
[ 1678.632055][T30626]  path_openat+0x1e5e/0x2d40
[ 1678.632091][T30626]  ? __pfx_path_openat+0x10/0x10
[ 1678.632124][T30626]  do_filp_open+0x20b/0x470
[ 1678.632150][T30626]  ? __pfx_do_filp_open+0x10/0x10
[ 1678.632196][T30626]  ? alloc_fd+0x471/0x7d0
[ 1678.632226][T30626]  do_sys_openat2+0x11b/0x1d0
[ 1678.632260][T30626]  ? __pfx_do_sys_openat2+0x10/0x10
[ 1678.632307][T30626]  __x64_sys_openat+0x174/0x210
[ 1678.632343][T30626]  ? __pfx___x64_sys_openat+0x10/0x10
[ 1678.632380][T30626]  ? rcu_is_watching+0x12/0xc0
[ 1678.632412][T30626]  do_syscall_64+0xcd/0x230
[ 1678.632454][T30626]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1678.632478][T30626] RIP: 0033:0x7f921c78e969
[ 1678.632498][T30626] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1678.632522][T30626] RSP: 002b:00007f921d6c2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 1678.632545][T30626] RAX: ffffffffffffffda RBX: 00007f921c9b5fa0 RCX: 00007f921c78e969
[ 1678.632562][T30626] RDX: 0000000000080002 RSI: 00002000000000c0 RDI: ffffffffffffff9c
[ 1678.632585][T30626] RBP: 00007f921c810ab1 R08: 0000000000000000 R09: 0000000000000000
[ 1678.632600][T30626] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1678.632616][T30626] R13: 0000000000000000 R14: 00007f921c9b5fa0 R15: 00007fffefb3a7f8
[ 1678.632646][T30626]  </TASK>
[ 1678.989555][T11606] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18
[ 1678.997457][T11606] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:0'
[ 1679.010573][T11606] CPU: 0 UID: 0 PID: 11606 Comm: kworker/u9:0 Tainted: G     U              6.15.0-rc7-syzkaller-00175-g0f8c0258bf04 #0 PREEMPT(full) 
[ 1679.010613][T11606] Tainted: [U]=USER
[ 1679.010621][T11606] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1679.010637][T11606] Workqueue: hci3 hci_rx_work
[ 1679.010662][T11606] Call Trace:
[ 1679.010670][T11606]  <TASK>
[ 1679.010678][T11606]  dump_stack_lvl+0x16c/0x1f0
[ 1679.010734][T11606]  sysfs_warn_dup+0x7f/0xa0
[ 1679.010774][T11606]  sysfs_create_dir_ns+0x24b/0x2b0
[ 1679.010819][T11606]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[ 1679.010857][T11606]  ? find_held_lock+0x2b/0x80
[ 1679.010897][T11606]  ? do_raw_spin_unlock+0x172/0x230
[ 1679.010933][T11606]  kobject_add_internal+0x2c4/0x9b0
[ 1679.010959][T11606]  kobject_add+0x16e/0x240
[ 1679.010980][T11606]  ? __pfx_kobject_add+0x10/0x10
[ 1679.011003][T11606]  ? do_raw_spin_unlock+0x172/0x230
[ 1679.011037][T11606]  ? kobject_put+0xab/0x5a0
[ 1679.011065][T11606]  device_add+0x288/0x1a70
[ 1679.011096][T11606]  ? __pfx_dev_set_name+0x10/0x10
[ 1679.011131][T11606]  ? __pfx_device_add+0x10/0x10
[ 1679.011163][T11606]  ? mgmt_send_event_skb+0x2fb/0x460
[ 1679.011206][T11606]  hci_conn_add_sysfs+0x17e/0x230
[ 1679.011232][T11606]  le_conn_complete_evt+0x1075/0x1d70
[ 1679.011275][T11606]  ? __pfx_le_conn_complete_evt+0x10/0x10
[ 1679.011309][T11606]  ? bt_warn+0xe4/0x120
[ 1679.011383][T11606]  ? __pfx_bt_warn+0x10/0x10
[ 1679.011473][T11606]  hci_le_conn_complete_evt+0x23c/0x370
[ 1679.011560][T11606]  hci_le_meta_evt+0x2f6/0x5e0
[ 1679.011610][T11606]  ? __pfx_hci_le_conn_complete_evt+0x10/0x10
[ 1679.011697][T11606]  hci_event_packet+0x66c/0x1190
[ 1679.011775][T11606]  ? __pfx_hci_le_meta_evt+0x10/0x10
[ 1679.011906][T11606]  ? __pfx_hci_event_packet+0x10/0x10
[ 1679.012001][T11606]  ? kcov_remote_start+0x3c9/0x6d0
[ 1679.012058][T11606]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1679.012148][T11606]  hci_rx_work+0x2c5/0x16b0
[ 1679.012194][T11606]  ? rcu_is_watching+0x12/0xc0
[ 1679.012243][T11606]  process_one_work+0x9cf/0x1b70
[ 1679.012331][T11606]  ? __pfx_process_one_work+0x10/0x10
[ 1679.012414][T11606]  ? assign_work+0x1a0/0x250
[ 1679.012489][T11606]  worker_thread+0x6c8/0xf10
[ 1679.012572][T11606]  ? __kthread_parkme+0x19e/0x250
[ 1679.012627][T11606]  ? __pfx_worker_thread+0x10/0x10
[ 1679.012707][T11606]  kthread+0x3c2/0x780
[ 1679.012776][T11606]  ? __pfx_kthread+0x10/0x10
[ 1679.012839][T11606]  ? __pfx_kthread+0x10/0x10
[ 1679.012901][T11606]  ? __pfx_kthread+0x10/0x10
[ 1679.012965][T11606]  ? __pfx_kthread+0x10/0x10
[ 1679.013028][T11606]  ? rcu_is_watching+0x12/0xc0
[ 1679.013083][T11606]  ? __pfx_kthread+0x10/0x10
[ 1679.013157][T11606]  ret_from_fork+0x48/0x80
[ 1679.013191][T11606]  ? __pfx_kthread+0x10/0x10
[ 1679.013245][T11606]  ret_from_fork_asm+0x1a/0x30
[ 1679.013319][T11606]  </TASK>
[ 1679.013523][T11606] kobject: kobject_add_internal failed for hci3:0 with -EEXIST, don't try to register things with the same name in the same directory.
[ 1679.303600][T11606] Bluetooth: hci3: failed to register connection device
[ 1679.400922][T30628] usb usb2: usbfs: process 30628 (syz.1.4497) did not claim interface 1 before use
[ 1679.776539][T30633] page: refcount:4 mapcount:3 mapping:0000000000000000 index:0xffff888078800dc0 pfn:0x78800
[ 1679.857363][T30633] flags: 0xfff18000000214(referenced|dirty|workingset|node=0|zone=1|lastcpupid=0x7ff)
[ 1679.895766][T30633] raw: 00fff18000000214 0000000000000000 dead000000000122 0000000000000000
[ 1679.915854][T30633] raw: ffff888078800dc0 0000000000000000 0000000400000002 0000000000000000
[ 1679.924596][T30633] page dumped because: unmovable page
[ 1679.988285][T30633] page_owner tracks the page as allocated
[ 1679.994152][T30633] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), pid 18771, tgid 18771 (syz-executor), ts 1008729841633, free_ts 1008426028033
[ 1680.013908][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1680.114829][T30633]  post_alloc_hook+0x181/0x1b0
[ 1680.193614][T30633]  get_page_from_freelist+0x135c/0x3920
[ 1680.215815][T30633]  __alloc_frozen_pages_noprof+0x261/0x23f0
[ 1680.233982][T30633]  alloc_pages_mpol+0x1fb/0x550
[ 1680.239127][T30633]  alloc_pages_noprof+0x131/0x390
[ 1680.259363][T30633]  __vmalloc_node_range_noprof+0x732/0x1540
[ 1680.311972][T30633]  vmalloc_user_noprof+0x6b/0x90
[ 1680.335087][T30633]  kcov_ioctl+0x4c/0x730
[ 1680.381812][T30633]  __x64_sys_ioctl+0x193/0x200
[ 1680.456561][T30633]  do_syscall_64+0xcd/0x230
[ 1680.474545][T30633]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1680.521176][T30633] page last free pid 974 tgid 974 stack trace:
[ 1680.591238][T30633]  __free_frozen_pages+0x69d/0xff0
[ 1680.658347][T30633]  vfree+0x176/0x960
[ 1680.683485][T30633]  delayed_vfree_work+0x56/0x70
[ 1680.702984][T30633]  process_one_work+0x9cf/0x1b70
[ 1680.755597][T30633]  worker_thread+0x6c8/0xf10
[ 1680.760325][T30633]  kthread+0x3c2/0x780
[ 1680.801308][T30633]  ret_from_fork+0x48/0x80
[ 1680.823699][T30633]  ret_from_fork_asm+0x1a/0x30
[ 1681.559985][T30662] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4504'.
[ 1683.303687][T30671] netlink: 342 bytes leftover after parsing attributes in process `syz.4.4505'.
[ 1683.869178][T30677] usb usb2: usbfs: process 30677 (syz.1.4508) did not claim interface 1 before use
[ 1684.864453][T30699] Console: switching to colour VGA+ 80x25
[ 1684.929252][T30701] ==================================================================
[ 1684.929276][T30701] BUG: KASAN: slab-out-of-bounds in fbcon_prepare_logo+0xa03/0xc70
[ 1684.929342][T30701] Read of size 2 at addr ffff888028e21892 by task syz.1.4514/30701
[ 1684.929367][T30701] 
[ 1684.929402][T30701] CPU: 0 UID: 0 PID: 30701 Comm: syz.1.4514 Tainted: G     U              6.15.0-rc7-syzkaller-00175-g0f8c0258bf04 #0 PREEMPT(full) 
[ 1684.929464][T30701] Tainted: [U]=USER
[ 1684.929475][T30701] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1684.929495][T30701] Call Trace:
[ 1684.929504][T30701]  <TASK>
[ 1684.929516][T30701]  dump_stack_lvl+0x116/0x1f0
[ 1684.929564][T30701]  print_report+0xc3/0x670
[ 1684.929600][T30701]  ? __virt_addr_valid+0x5e/0x590
[ 1684.929639][T30701]  ? __phys_addr+0xc6/0x150
[ 1684.929679][T30701]  ? fbcon_prepare_logo+0xa03/0xc70
[ 1684.929715][T30701]  kasan_report+0xe0/0x110
[ 1684.929772][T30701]  ? fbcon_prepare_logo+0xa03/0xc70
[ 1684.929818][T30701]  kasan_check_range+0xef/0x1a0
[ 1684.929866][T30701]  __asan_memcpy+0x23/0x60
[ 1684.929896][T30701]  fbcon_prepare_logo+0xa03/0xc70
[ 1684.929947][T30701]  fbcon_init+0xd77/0x1900
[ 1684.929989][T30701]  ? __pfx_drm_fb_helper_set_par+0x10/0x10
[ 1684.930029][T30701]  visual_init+0x31d/0x620
[ 1684.930076][T30701]  do_bind_con_driver.isra.0+0x57a/0xbf0
[ 1684.930121][T30701]  store_bind+0x61d/0x760
[ 1684.930161][T30701]  ? sysfs_file_kobj+0xe4/0x290
[ 1684.930209][T30701]  ? __pfx_store_bind+0x10/0x10
[ 1684.930244][T30701]  dev_attr_store+0x55/0x80
[ 1684.930285][T30701]  ? __pfx_dev_attr_store+0x10/0x10
[ 1684.930327][T30701]  sysfs_kf_write+0xef/0x150
[ 1684.930387][T30701]  kernfs_fop_write_iter+0x354/0x510
[ 1684.930425][T30701]  ? __pfx_sysfs_kf_write+0x10/0x10
[ 1684.930470][T30701]  vfs_write+0x5bd/0x1180
[ 1684.930500][T30701]  ? __pfx_kernfs_fop_write_iter+0x10/0x10
[ 1684.930539][T30701]  ? __pfx___mutex_lock+0x10/0x10
[ 1684.930585][T30701]  ? __pfx_vfs_write+0x10/0x10
[ 1684.930628][T30701]  ksys_write+0x12a/0x240
[ 1684.930659][T30701]  ? __pfx_ksys_write+0x10/0x10
[ 1684.930688][T30701]  ? rcu_is_watching+0x12/0xc0
[ 1684.930722][T30701]  do_syscall_64+0xcd/0x230
[ 1684.930770][T30701]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1684.930802][T30701] RIP: 0033:0x7f921c78e969
[ 1684.930825][T30701] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1684.930857][T30701] RSP: 002b:00007f921d6a1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 1684.930886][T30701] RAX: ffffffffffffffda RBX: 00007f921c9b6080 RCX: 00007f921c78e969
[ 1684.930907][T30701] RDX: 00000000fffffdef RSI: 0000000000000000 RDI: 0000000000000003
[ 1684.930926][T30701] RBP: 00007f921c810ab1 R08: 0000000000000000 R09: 0000000000000000
[ 1684.930946][T30701] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1684.930966][T30701] R13: 0000000000000000 R14: 00007f921c9b6080 R15: 00007fffefb3a7f8
[ 1684.930997][T30701]  </TASK>
[ 1684.931008][T30701] 
[ 1684.931016][T30701] Allocated by task 12:
[ 1684.931030][T30701]  kasan_save_stack+0x33/0x60
[ 1684.931069][T30701]  kasan_save_track+0x14/0x30
[ 1684.931100][T30701]  __kasan_kmalloc+0xaa/0xb0
[ 1684.931130][T30701]  __kmalloc_node_track_caller_noprof+0x221/0x510
[ 1684.931169][T30701]  kstrdup+0x53/0x100
[ 1684.931203][T30701]  kstrdup_const+0x63/0x80
[ 1684.931238][T30701]  __kernfs_new_node+0x9b/0x8a0
[ 1684.931264][T30701]  kernfs_new_node+0x13c/0x1e0
[ 1684.931294][T30701]  kernfs_create_dir_ns+0x4c/0x1a0
[ 1684.931326][T30701]  sysfs_create_dir_ns+0x13a/0x2b0
[ 1684.931371][T30701]  kobject_add_internal+0x2c4/0x9b0
[ 1684.931399][T30701]  kobject_add+0x16e/0x240
[ 1684.931425][T30701]  device_add+0x288/0x1a70
[ 1684.931464][T30701]  cdev_device_add+0xc2/0x1e0
[ 1684.931496][T30701]  bsg_register_queue+0x269/0x410
[ 1684.931541][T30701]  scsi_sysfs_add_sdev+0x295/0x540
[ 1684.931585][T30701]  do_scan_async+0x21d/0x540
[ 1684.931612][T30701]  async_run_entry_fn+0x9c/0x530
[ 1684.931644][T30701]  process_one_work+0x9cf/0x1b70
[ 1684.931706][T30701]  worker_thread+0x6c8/0xf10
[ 1684.931754][T30701]  kthread+0x3c2/0x780
[ 1684.931796][T30701]  ret_from_fork+0x48/0x80
[ 1684.931822][T30701]  ret_from_fork_asm+0x1a/0x30
[ 1684.931866][T30701] 
[ 1684.931875][T30701] The buggy address belongs to the object at ffff888028e21880
[ 1684.931875][T30701]  which belongs to the cache kmalloc-8 of size 8
[ 1684.931906][T30701] The buggy address is located 10 bytes to the right of
[ 1684.931906][T30701]  allocated 8-byte region [ffff888028e21880, ffff888028e21888)
[ 1684.931958][T30701] 
[ 1684.931968][T30701] The buggy address belongs to the physical page:
[ 1684.931982][T30701] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x28e21
[ 1684.932012][T30701] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 1684.932038][T30701] page_type: f5(slab)
[ 1684.932075][T30701] raw: 00fff00000000000 ffff88801b441500 ffffea0000a69600 dead000000000002
[ 1684.932106][T30701] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000
[ 1684.932127][T30701] page dumped because: kasan: bad access detected
[ 1684.932144][T30701] page_owner tracks the page as allocated
[ 1684.932156][T30701] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52c00(GFP_NOIO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 1, tgid 1 (swapper/0), ts 17670567609, free_ts 17317804863
[ 1684.932210][T30701]  post_alloc_hook+0x181/0x1b0
[ 1684.932244][T30701]  get_page_from_freelist+0x135c/0x3920
[ 1684.932281][T30701]  __alloc_frozen_pages_noprof+0x261/0x23f0
[ 1684.932320][T30701]  alloc_pages_mpol+0x1fb/0x550
[ 1684.932360][T30701]  new_slab+0x244/0x340
[ 1684.932387][T30701]  ___slab_alloc+0xd9c/0x1940
[ 1684.932415][T30701]  __slab_alloc.constprop.0+0x56/0xb0
[ 1684.932446][T30701]  __kmalloc_cache_noprof+0xfb/0x3e0
[ 1684.932477][T30701]  usb_control_msg+0xbc/0x4a0
[ 1684.932513][T30701]  usb_control_msg_send+0xca/0x130
[ 1684.932552][T30701]  usb_set_configuration+0xf17/0x1e20
[ 1684.932596][T30701]  usb_generic_driver_probe+0xb1/0x110
[ 1684.932634][T30701]  usb_probe_device+0xef/0x3e0
[ 1684.932679][T30701]  really_probe+0x23e/0xa90
[ 1684.932715][T30701]  __driver_probe_device+0x1de/0x440
[ 1684.932754][T30701]  driver_probe_device+0x4c/0x1b0
[ 1684.932792][T30701] page last free pid 9 tgid 9 stack trace:
[ 1684.932808][T30701]  __free_frozen_pages+0x69d/0xff0
[ 1684.932838][T30701]  vfree+0x176/0x960
[ 1684.932886][T30701]  delayed_vfree_work+0x56/0x70
[ 1684.932938][T30701]  process_one_work+0x9cf/0x1b70
[ 1684.932989][T30701]  worker_thread+0x6c8/0xf10
[ 1684.933038][T30701]  kthread+0x3c2/0x780
[ 1684.933087][T30701]  ret_from_fork+0x48/0x80
[ 1684.933116][T30701]  ret_from_fork_asm+0x1a/0x30
[ 1684.933173][T30701] 
[ 1684.933181][T30701] Memory state around the buggy address:
[ 1684.933198][T30701]  ffff888028e21780: 00 fc fc fc 00 fc fc fc 00 fc fc fc 04 fc fc fc
[ 1684.933222][T30701]  ffff888028e21800: 04 fc fc fc 04 fc fc fc 05 fc fc fc 00 fc fc fc
[ 1684.933246][T30701] >ffff888028e21880: 00 fc fc fc 00 fc fc fc 06 fc fc fc 05 fc fc fc
[ 1684.933265][T30701]                          ^
[ 1684.933282][T30701]  ffff888028e21900: 04 fc fc fc 00 fc fc fc fa fc fc fc fa fc fc fc
[ 1684.933306][T30701]  ffff888028e21980: 04 fc fc fc fa fc fc fc fa fc fc fc 05 fc fc fc
[ 1684.933324][T30701] ==================================================================
[ 1684.933343][T30701] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 1684.933366][T30701] CPU: 0 UID: 0 PID: 30701 Comm: syz.1.4514 Tainted: G     U              6.15.0-rc7-syzkaller-00175-g0f8c0258bf04 #0 PREEMPT(full) 
[ 1684.933416][T30701] Tainted: [U]=USER
[ 1684.933428][T30701] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1684.933449][T30701] Call Trace:
[ 1684.933460][T30701]  <TASK>
[ 1684.933474][T30701]  dump_stack_lvl+0x3d/0x1f0
[ 1684.933524][T30701]  panic+0x71c/0x800
[ 1684.933570][T30701]  ? __pfx_panic+0x10/0x10
[ 1684.933621][T30701]  ? __pfx__printk+0x10/0x10
[ 1684.933672][T30701]  ? fbcon_prepare_logo+0xa03/0xc70
[ 1684.933715][T30701]  check_panic_on_warn+0xab/0xb0
[ 1684.933767][T30701]  end_report+0x107/0x170
[ 1684.933804][T30701]  kasan_report+0xee/0x110
[ 1684.933846][T30701]  ? fbcon_prepare_logo+0xa03/0xc70
[ 1684.933896][T30701]  kasan_check_range+0xef/0x1a0
[ 1684.933968][T30701]  __asan_memcpy+0x23/0x60
[ 1684.934016][T30701]  fbcon_prepare_logo+0xa03/0xc70
[ 1684.934079][T30701]  fbcon_init+0xd77/0x1900
[ 1684.934122][T30701]  ? __pfx_drm_fb_helper_set_par+0x10/0x10
[ 1684.934163][T30701]  visual_init+0x31d/0x620
[ 1684.934197][T30701]  do_bind_con_driver.isra.0+0x57a/0xbf0
[ 1684.934244][T30701]  store_bind+0x61d/0x760
[ 1684.934283][T30701]  ? sysfs_file_kobj+0xe4/0x290
[ 1684.934332][T30701]  ? __pfx_store_bind+0x10/0x10
[ 1684.934369][T30701]  dev_attr_store+0x55/0x80
[ 1684.934412][T30701]  ? __pfx_dev_attr_store+0x10/0x10
[ 1684.934456][T30701]  sysfs_kf_write+0xef/0x150
[ 1684.934505][T30701]  kernfs_fop_write_iter+0x354/0x510
[ 1684.934547][T30701]  ? __pfx_sysfs_kf_write+0x10/0x10
[ 1684.934595][T30701]  vfs_write+0x5bd/0x1180
[ 1684.934626][T30701]  ? __pfx_kernfs_fop_write_iter+0x10/0x10
[ 1684.934672][T30701]  ? __pfx___mutex_lock+0x10/0x10
[ 1684.934722][T30701]  ? __pfx_vfs_write+0x10/0x10
[ 1684.934767][T30701]  ksys_write+0x12a/0x240
[ 1684.934798][T30701]  ? __pfx_ksys_write+0x10/0x10
[ 1684.934829][T30701]  ? rcu_is_watching+0x12/0xc0
[ 1684.934867][T30701]  do_syscall_64+0xcd/0x230
[ 1684.934918][T30701]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1684.934952][T30701] RIP: 0033:0x7f921c78e969
[ 1684.934977][T30701] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1684.935009][T30701] RSP: 002b:00007f921d6a1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 1684.935041][T30701] RAX: ffffffffffffffda RBX: 00007f921c9b6080 RCX: 00007f921c78e969
[ 1684.935071][T30701] RDX: 00000000fffffdef RSI: 0000000000000000 RDI: 0000000000000003
[ 1684.935092][T30701] RBP: 00007f921c810ab1 R08: 0000000000000000 R09: 0000000000000000
[ 1684.935124][T30701] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1684.935144][T30701] R13: 0000000000000000 R14: 00007f921c9b6080 R15: 00007fffefb3a7f8
[ 1684.935174][T30701]  </TASK>
[ 1684.935558][T30701] Kernel Offset: disabled