last executing test programs: 6.024869853s ago: executing program 2 (id=1392): mmap$auto(0x0, 0x402000b, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket(0x2, 0x3, 0xa) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x30b140, 0x0) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe2180, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r2) r3 = ioctl$auto_KVM_CREATE_VM(r1, 0x4048aecb, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) keyctl$auto(0x1f, 0x1, 0x6, 0x3, 0x3ff) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, r0, 0x8000) close_range$auto(0x2, 0x8000, 0x0) io_uring_setup$auto(0x6, 0x0) r4 = socket(0xa, 0x801, 0x84) mmap$auto(0x0, 0x5, 0x2, 0x40eb2, 0x401, 0x300000000000) lsm_list_modules$auto(0x0, 0x0, 0x0) getsockopt$auto(r4, 0x84, 0x71, 0x0, 0x0) io_uring_register$auto(0x2, 0xd, 0x0, 0x20) openat$auto_nodes_fops_netdebug(0xffffffffffffff9c, &(0x7f0000004240), 0x81, 0x0) r5 = socket(0x2b, 0x1, 0x0) setsockopt$auto(r5, 0x29, 0x2f, 0x0, 0x22) mlock$auto(0x1004, 0x6) r6 = syz_genetlink_get_family_id$auto_nl80211(0x0, r5) sendmsg$auto_NL80211_CMD_SET_WOWLAN(r3, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x38, r6, 0x8, 0x70bd2b, 0x25dfdbfd, {}, [@NL80211_ATTR_HE_CAPABILITY={0x1a, 0x10d, "e96cae9123f80b33e8ab20387468da18fb9782cc7fbd"}, @NL80211_ATTR_SAE_PWE={0x5, 0x12a, 0x9}]}, 0x38}, 0x1, 0x0, 0x0, 0x8814}, 0x8001) mlockall$auto(0x800000000000005) madvise$auto(0x0, 0x200007, 0x19) mmap$auto(0x9, 0x2000d, 0x7, 0xeb0, 0x404, 0x10008000) 5.684838396s ago: executing program 2 (id=1395): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) writev$auto(0x3, 0x0, 0x8009) r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$auto_OVS_FLOW_CMD_DEL(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x18}, 0x1, 0x0, 0x0, 0x40}, 0x800) mmap$auto(0x5, 0x4020009, 0xdf, 0xeb1, r0, 0x8000) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x4, 0x300000000000) mmap$auto(0x3, 0x402000b, 0x2000006, 0xeb1, 0x401, 0xfff) mmap$auto(0x1, 0x20009, 0x8, 0xeb1, 0x7f, 0x8000) mmap$auto(0x1, 0x4, 0x7ff, 0x8000012, 0xffffffffffffffff, 0x4006) openat$auto_tun_fops_tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sg0\x00', 0x8001, 0x0) bpf$auto(0x9, &(0x7f00000000c0)=@link_update={r1, @new_prog_fd, 0x6}, 0x800003) ioctl$auto_SCSI_IOCTL_SEND_COMMAND2(r1, 0x1, 0x0) open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x110) io_uring_setup$auto(0x1, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) unshare$auto(0x40000080) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x0, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000200)='/dev/tty53\x00', 0x200, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snd/midiC2D0\x00', 0x109302, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r3 = socket(0x2b, 0x1, 0x1) setsockopt$auto(r3, 0x0, 0x1, 0x0, 0x1e) write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f0000000140)={[0x1ff, 0xb, 0xc45d, 0xb, 0x6, 0x3, 0x2, 0x3, 0x3, 0x62, 0x80000022, 0x7, 0x6d3e, 0x2000000004000009, 0x2, 0x6]}, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0xa901, 0x0) 5.125604596s ago: executing program 1 (id=1400): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0x29, 0x2, 0x0) ioctl$auto(0x3, 0x89e0, 0x91) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event2\x00', 0x20881, 0x0) 4.951670077s ago: executing program 1 (id=1402): mmap$auto(0x0, 0x2020005, 0xfffffffffff7ff81, 0x7e, 0xfffffffffffffffa, 0xfffffffffffffffa) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0001, 0x15) r0 = prctl$auto(0x1000000003b, 0x101, 0x4, 0x5, 0x7) r1 = open(&(0x7f0000000000)='./file0\x00', 0x4242, 0xe1d2b27bdc14aabc) write$auto_full_fops_mem(r0, &(0x7f00000000c0)="cbfd0923ca5aafb99bc6c68e4479f3988b55cbc919a6ac81b7e2ad66d22ad26eec670424a70f98ba78fe3b8a790725a461dcfa7304ff9317490f84aa145f48f7be7b15390995afbe274b46e74c09fe239bc49688c86aa44daf6546dfe3e735c41c47b38de5aa792c1ae8878f55c64cdf8497a8103025a5c1b18e49", 0x7b) fallocate$auto(r1, 0x0, 0x7, 0x4cbd5d) openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sg0\x00', 0x8402, 0x0) ioctl$auto_SG_SET_RESERVED_SIZE2(r1, 0x2275, &(0x7f0000000bc0)="2a48eeb240d3783717aa683263c5764193ad") mmap$auto(0x0, 0x5810, 0xffb, 0x8000000008011, 0x3, 0x0) mmap$auto(0x0, 0x7ff, 0x3, 0x9b72, 0xffffffffffffffff, 0xffffffffffffffff) write$auto(0x3, 0x0, 0x20000) r2 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000080), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/platform/dummy_hcd.5/usb6/configuration\x00', 0x0, 0x0) read$auto(r4, 0x0, 0x20) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'wlan1\x00', 0x0}) sendmsg$auto_NL80211_CMD_SET_WIPHY(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="13002ebd7000dddbdf250200000008000300", @ANYRES32=r5, @ANYBLOB="0800610001000000"], 0x24}, 0x1, 0x0, 0x0, 0x24004080}, 0x20040894) r6 = getsid$auto(0xffffffffffffffff) r7 = semctl$auto_GETPID(0x1, 0x9, 0xb, 0x0) r8 = ioctl$auto_NS_GET_TGID_IN_PIDNS(r0, 0x8004b709, &(0x7f0000000140)) ioctl$auto_BLKTRACESETUP32(r0, 0xc0401273, &(0x7f0000000180)={"fa56a74a073dfee9e51b5fc939b6fb67df95f972ac8c0aa70a367118bf2833b0", 0x5, 0x100, 0xfffffc00, 0x3, 0xffffffffffffffff, 0xffffffffffffffff}) msgctl$auto_IPC_INFO(0x2, 0x3, &(0x7f0000000280)={{0x9, 0xffffffffffffffff, 0xee00, 0xee2c, 0x6, 0x5, 0x6}, &(0x7f0000000200)=0x9, &(0x7f0000000240)=0x7f, 0x1, 0x6b4, 0x9, 0x3, 0x4, 0x0, 0x4, 0x1, @inferred, @inferred=0xffffffffffffffff}) sendmsg$auto_NL80211_CMD_SET_BEACON(r1, &(0x7f0000000b80)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000b40)={&(0x7f0000000c00)={0x908, r2, 0x800, 0x70bd27, 0x25dfdbfd, {}, [@NL80211_ATTR_HT_CAPABILITY_MASK={0x1e, 0x94, "8436ec4037fbf7dd2266f5fed07f2633c8296b4e9f1efc481ca5"}, @NL80211_ATTR_STATUS_CODE={0x6, 0x48, 0x5}, @NL80211_ATTR_REG_INDOOR={0x4}, @NL80211_ATTR_STA_FLAGS={0x22c, 0x11, 0x0, 0x1, [@nested={0xdd, 0xf2, 0x0, 0x1, [@typed={0x2f, 0x120, 0x0, 0x0, @binary="c0165c0693fd4289bdca9b94ffef9b3b5c54d9b47eae0aa9e4378f9f45198bc56d5a65fe2253f8d76c2adc"}, @nested={0x4, 0x7e}, @typed={0x8, 0xd5, 0x0, 0x0, @pid=r6}, @generic="b0", @generic="fecca36f5fa50cd8303aa8f70b3771c7bf7e483ed96eb043e0f673f8c932a23126dc1888653bfab146df020dc920d02f87836606472387caca6c1b75736f45cae05bb64d3a1d0475f80b591e0327a4bbc477404146bc87b1ffbae30a2ebc9789517ee5e966fd9a17e921ee771c32b3a082a46408f3bae847bd0452296a24ae81477d3c07890933287e71686c01b3e680bf5a0d053c7c47b8", @nested={0x4, 0x5}]}, @nested={0xd1, 0xf0, 0x0, 0x1, [@typed={0x8, 0x129, 0x0, 0x0, @pid=r7}, @nested={0x4, 0x148}, @nested={0x4, 0xae}, @nested={0x4, 0xf8}, @generic="251c556fbd0be27701dac13285536c6e9e59cb352e8ef15642dc402b5d57b27d224511c6f826d2683c53eda563d03f0072061612b90cd9c914b21fddfff2047f83c68b88829c05198557d77e886815b4e00a90716f12da1172da4c805727eb6411ff8d608f3e2d6627b42f457742533b763da8b9056e00447fab9b5da235c6315441e932fb3a4bcf4714d61d12a5c506ddc7df059dc2044241d93b6ddc5bf237e9ed7453a72990e34692674cde", @typed={0x8, 0x9e, 0x0, 0x0, @u32=0x7}, @nested={0x4, 0xf8}]}, @generic="6335079570392c9e0c8c36fc8e3c578dbae742a92824958fff943f74adce7afb0c0b2588c637df8965b90b57e964cfb7ee0a6be5832be7cc9fe0378743f75aaa3c763e11b3462b730d371736c7c58395f52c69f45f351d292cb396b6f4a90c615c625ad4", @typed={0x8, 0xd5, 0x0, 0x0, @pid=r8}, @typed={0x8, 0x82, 0x0, 0x0, @ipv4=@initdev={0xac, 0x1e, 0x1, 0x0}}]}, @NL80211_ATTR_TXQ_QUANTUM={0x8, 0x10c, 0x10000}, @NL80211_ATTR_STA_TX_POWER_SETTING={0x5, 0x113, 0x8}, @NL80211_ATTR_PMKR0_NAME={0xfa, 0x102, "04f58a9115e5eeec9afbe2f90db14dcd847f4e4e96903b9b79da3d599967e505a5960ccb4e014fa9d009dd79b5b01e054d3712407206f2e94cb383afe66d372210556272972e5db27025f6d453ce82bf67b2abf04ffd9a6339e23ea336c1f6ef1ca78b6d56f0efdd2e3d7fc877b0e57dd6b9939444f175d2a695fefb014826f56d28880048886d41674ae07b00bd67030643248b25389a517672f7a874c971217a9741592cd4f208651280ad12e832275f819a577920c56184e6134aa418488be2c2238378a07c25110f566cff125e061392080207044b05a74b1e900d3dd843918f277a72f24f5f1551f975ca0b69a0125d292ae4db"}, @NL80211_ATTR_MLO_LINK_DISABLED={0x4}, @NL80211_ATTR_SCHED_SCAN_MATCH={0x58a, 0x84, 0x0, 0x1, [@generic="d57c038c633223795f0489c644f6fc982cf7a7f873c4f6ac2c8e4cbf88ffd1142218be387ef4c2b171e66e6dba4aecd5de72bfbbaa1a50530131762d389b233f006681277919aa6316b3af646491d8b040e862207169757fee2c25f42de3ff313930959d85b185b70cdf0995e2ae683535f68d9f327fc0a1b31dc1d9c8f17c82b8441dfb3778448e689404179e79f9d64af9d854316ff26635d29ac90d2d24", @generic="5aa1a38c86ebc3647547dffb7760c2442c35031f0ce40e766f7eec3c82992249e9f713e5a88a19c61705ddce2ea80166b4049b74107756fbc2d6cb81126dec8877ed73eaffc89481cf9d3bcc9db984a5958a895e308c01d32e24a7525594d83b5ffecd3ce4256ef688b59d8e0448748588163ffc08ba324bcc40905b63997cf294d031c7403f96c0", @nested={0x101, 0x7a, 0x0, 0x1, [@nested={0x4, 0xcc}, @generic="990985dc049fe5b09bf99360da4b66f74b0e9f8b09890cb7a4eff5a7be9f2d825d026b7726cdbbb0a4437c7a906dd5a970dadf4bed9c12849fa2adfc6984dfc6967dab3571c0b96bf9ec09648375a291d17fe65fb2c58aa55a7911112733fd6afe4b06c2c0e8f43a4d74fe7d2225d5c23ddf46c348e1b3811dd24c516750a0726ab4cb96bdc98c4c28128181730ff4ef7f", @typed={0x8, 0xd6, 0x0, 0x0, @pid=r9}, @typed={0x8, 0x13b, 0x0, 0x0, @fd=r1}, @typed={0x4e, 0x1, 0x0, 0x0, @binary="636d4334522428360a6898a1c9983ddee24820e33de73235564ff35a7e3218eb0d13d3fc9bec8ed3b54626f522f918a4b51a7b39a414919ca92c0d28659d90bcd40b7f3eea8f83dbdc43"}, @typed={0x5, 0x40, 0x0, 0x0, @str='\x00'}]}, @nested={0x1d2, 0x121, 0x0, 0x1, [@generic="1edc68c086b1ec0de968307430b652bb7348ee65fdd027eb4963cb3b82875edd3fa4ea756d4ada8b65151a8f033ab82df026f73a9c4e85b425d2b987b562b0ed96006ed77ca9a0792310331fe119d362dea1766c07222daefdda6256f5bbb7d8c20ec7161a808e2ea71fec4199eebf4331d22ab9a2fac385ffb61a07c8080b799e320b7c225116db0f2ae15aff4ef05c6f0dcaee8a69", @typed={0x8, 0xbc, 0x0, 0x0, @uid=r10}, @generic="1d19de009310617f92f42147dfe7536d9db22ce4aa049d8bfc2c4e2739529ae3ab8beb10c7a506662474bd501fe62e034684511e7f1278dd49fe6f0d56ed62d92a0f9fe3cbafe95f1aece2073198659edac6970eb04106ee969fbee83ab4e8d6aecbd027b4be455b2a4276d95dd3e40cdb57b9a16eb4a8e3afc227e111aa5308f7", @generic="31bddd4ada788349804a01ab19e1098088a5078cee46552829b7c320fb4e56224bfef4623f3ea902a9826d63514251ea531d123b30af787fbfaa2ca5aeb6d6de78e6f5405276d2dd52a20682963a9cf6ba676b8d6029071992e25188b631cf1e69d0c65c0c0aa6dbcfeffacb30e0869dac7b7b74680fa73c346db4e63d360fc7692a40e4be3cc10bc26241e65519b5ca8e67c6a7a5", @generic="5f839d6ee8d657417547adc9992491ebb8f627a562ea757a94a3"]}, @generic="50568865eaea196167e4fc6fa754e99957cb52d6c834fbf1a51dbe7f7df654a28de384738842f70b3e6693c261de8e23e60bdcd42011970ca93b1c239bcf2ceb46a7ae6f72f07248a4a86cd6d4d6b9617d602f082ec97f144a936dcbe1dbe75bc52aea7acf29142862a1796a6b90bdc22f4ce4721dd5b0ad1807b5cc244d05c01d29119b0b712e928342dd", @typed={0xf9, 0xcb, 0x0, 0x0, @binary="19065fef7029c45d59752c46336d2ec9437132898dbc60eec378f3fa9155a1a2112c41026cc83209cc0ffb648d196ce6f87d5da8b6138874474b59dfbd0d5b929f4118e4d9a28f5203e4ae02093400ed48c85307fba21df030b93aa20f67ba2874c976f02d0f1b2fb81f65cfc40dab9db737aa47dabcc364f88b297f0d750d63107c0653d4bc3bc0857a55e09d0abb3c69026c8a94a3a382b92044231a60513b3f2229387e821a0969471d0e79e6b1e240216bfb56e19e226ce01d36bc18923366a79522777cc977647c6b335215278406e8e3e214dd4c78bbb13cf4472e6580de132b6ce5008f4ffb97e22d0dc5bda58568c7a5a4"}]}]}, 0x908}, 0x1, 0x0, 0x0, 0x8c0}, 0x4000084) lchown$auto(&(0x7f0000000080)='./file0\x00', 0xee01, 0xee00) 4.838998929s ago: executing program 0 (id=1403): mmap$auto(0x0, 0x402000b, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket(0x2, 0x3, 0xa) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x30b140, 0x0) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe2180, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r2) r3 = ioctl$auto_KVM_CREATE_VM(r1, 0x4048aecb, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) keyctl$auto(0x1f, 0x1, 0x6, 0x3, 0x3ff) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, r0, 0x8000) close_range$auto(0x2, 0x8000, 0x0) io_uring_setup$auto(0x6, 0x0) r4 = socket(0xa, 0x801, 0x84) mmap$auto(0x0, 0x5, 0x2, 0x40eb2, 0x401, 0x300000000000) lsm_list_modules$auto(0x0, 0x0, 0x0) getsockopt$auto(r4, 0x84, 0x71, 0x0, 0x0) io_uring_register$auto(0x2, 0xd, 0x0, 0x20) openat$auto_nodes_fops_netdebug(0xffffffffffffff9c, &(0x7f0000004240), 0x81, 0x0) r5 = socket(0x2b, 0x1, 0x0) setsockopt$auto(r5, 0x29, 0x2f, 0x0, 0x22) mlock$auto(0x1004, 0x6) r6 = syz_genetlink_get_family_id$auto_nl80211(0x0, r5) sendmsg$auto_NL80211_CMD_SET_WOWLAN(r3, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x38, r6, 0x8, 0x70bd2b, 0x25dfdbfd, {}, [@NL80211_ATTR_HE_CAPABILITY={0x1a, 0x10d, "e96cae9123f80b33e8ab20387468da18fb9782cc7fbd"}, @NL80211_ATTR_SAE_PWE={0x5, 0x12a, 0x9}]}, 0x38}, 0x1, 0x0, 0x0, 0x8814}, 0x8001) mlockall$auto(0x800000000000005) madvise$auto(0x0, 0x200007, 0x19) mmap$auto(0x9, 0x2000d, 0x7, 0xeb0, 0x404, 0x10008000) 4.445242798s ago: executing program 0 (id=1405): r0 = waitid$auto_P_ALL(0x0, 0x3, &(0x7f0000000000)={@_si_pad}, 0x7, &(0x7f0000000080)={{0x3, 0x200}, {0x3, 0x1}, 0x8, 0x7, 0x9, 0x9, 0x491, 0x100, 0xf, 0xfffffffffffff873, 0x4f, 0xd4, 0x6, 0xffffffffffffffff, 0x1f0d00, 0x4}) prctl$auto(0x7fffffff, 0x6, r0, 0xf, 0x4) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_ioam6(&(0x7f0000001180), 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_IOAM6_CMD_ADD_NAMESPACE(r1, &(0x7f0000001280)={0x0, 0x0, &(0x7f0000001240)={&(0x7f00000011c0)={0x14, r2, 0x1, 0x70bd25, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x4}, 0x4008000) 4.34765903s ago: executing program 1 (id=1407): close_range$auto(0x0, 0xfffffffffffff000, 0x2) bpf$auto(0x0, &(0x7f0000000100)=@task_fd_query={0x2, 0x4, 0x8201, 0x2, 0x8, 0xc, 0xe3, 0x4000000002, 0x3}, 0x6f4) mmap$auto(0x0, 0x101, 0x4000000000df, 0xeb1, 0x401, 0x8000) socket(0xa, 0x1, 0x84) connect$auto(0x3, &(0x7f00000001c0)=@in={0x2, 0x4e21, @rand_addr=0xfffffffe}, 0x55) mmap$auto(0x0, 0xa00006, 0x2, 0x40eb1, 0x602, 0x300000000000) openat$auto_evm_xattr_ops_evm_secfs(0xffffffffffffff9c, &(0x7f0000000000), 0x40400, 0x0) sysfs$auto(0x2, 0x2b, 0x0) r0 = fsopen$auto(0x0, 0x1) close_range$auto(0x2, 0x8, 0x0) openat$auto_trace_options_core_fops_trace(0xffffffffffffff9c, &(0x7f00000003c0)='/sys/kernel/tracing/options/trace_printk_dest\x00', 0x101000, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000540)='/dev/sequencer\x00', 0x1c8300, 0x0) r1 = openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000001cc0), 0x101440, 0x0) ioctl$auto_SNDRV_TIMER_IOCTL_SELECT(r1, 0x40345410, &(0x7f0000000140)={{0x0, 0x2, 0x200800, 0xffffffff, 0xfffffffb}, "0dd7fd004929347eeeccdf0732f77b1f6de0d6d51768a257a97ca5e9ca6310ea"}) ioctl$auto_SNDRV_TIMER_IOCTL_PARAMS(r0, 0x40505412, 0x0) listen$auto(0x3, 0x83) accept$auto(0x3, 0xffffffffffffffff, 0xfffffffffffffffd) mmap$auto(0x0, 0x5, 0x6, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x7, 0x140000000000011, 0x4, 0x1000003, 0x2000000000007) r2 = openat$auto_drm_debugfs_entry_fops_drm_debugfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/dri/vkms/vkms_config\x00', 0x40002, 0x0) read$auto_drm_debugfs_entry_fops_drm_debugfs(r2, &(0x7f0000000100)=""/127, 0x7f) fallocate$auto(0x3, 0x0, 0xe, 0x8ec5) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) r3 = socket(0xa, 0x5, 0x0) r4 = setfsuid$auto(0xee00) setreuid$auto(r4, 0x0) msgctl$auto_MSG_INFO(0x875, 0xc, &(0x7f0000000180)={{0x2, 0xee00, 0x0, 0x9, 0x401, 0x0, 0x1}, 0x0, 0x0, 0x9, 0x7, 0x4, 0x5, 0x9, 0x200, 0x8, 0x5, @inferred=0xffffffffffffffff, @raw=0xcb}) fchown$auto(r3, r4, r5) stat$auto(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000200)={0xd3b, 0x5, 0xb4, 0x8001, 0xee01, 0x0, 0x0, 0x80000000, 0x4, 0x7, 0xc9e3, 0xfffffffffffffff7, 0x1, 0x4, 0x6, 0x6, 0x80}) 4.190363512s ago: executing program 0 (id=1408): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x0) r0 = socket(0x2, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @local}, 0x6) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) io_uring_setup$auto(0x5d, &(0x7f0000000080)={0x7fffffff, 0xd, 0x2000, 0x6, 0x7, 0x8, 0xffffffffffffffff, [0x0, 0x0, 0x9], {0x6, 0x6, 0x8c48, 0x29f, 0x100, 0x7f, 0x101, 0x6, 0x2}, {0x100, 0x1, 0x498de616, 0x5, 0x1, 0x0, 0x76c5, 0x7e7, 0x100000000}}) r1 = openat$auto_buffer_percent_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/tracing/buffer_percent\x00', 0x80000, 0x0) readv$auto(r1, &(0x7f0000000040)={0x0, 0x2}, 0x5) setsockopt$auto(0x3, 0x1, 0x20, 0x0, 0x9) connect$auto(0x3, &(0x7f00000000c0)=@in={0x2, 0x3, @empty}, 0x51) r2 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000080), r0) r3 = openat$auto_snd_pcm_f_ops_pcm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/pcmC1D1p\x00', 0x80, 0x0) mmap$auto(0x800000, 0x9, 0x100000001, 0x8000000008011, r3, 0x80000000) sendmsg$auto_NL80211_CMD_GET_MPATH(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x2c, r2, 0x400, 0x70bd2a, 0x25dfdbfb, {}, [@NL80211_ATTR_NAN_MASTER_PREF={0x5, 0xee, 0xf}, @NL80211_ATTR_ADMITTED_TIME={0x6, 0xd4, 0x6}, @NL80211_ATTR_MAX_HW_TIMESTAMP_PEERS={0x6, 0x143, 0xf18}]}, 0x2c}, 0x1, 0x0, 0x0, 0x10}, 0x20000080) 4.037030152s ago: executing program 2 (id=1409): syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000001540), 0xffffffffffffffff) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000001180)='/sys/devices/virtual/block/zram0/compact\x00', 0x20001, 0x0) write$auto_kernfs_file_fops_kernfs_internal(r1, &(0x7f0000000000)="b2", 0x1) write$auto_proc_loginuid_operations_base(0xffffffffffffffff, 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_netdev(&(0x7f00000000c0), r2) sendmsg$auto_NETDEV_CMD_PAGE_POOL_GET(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010026bd7000ffdbdf25050000000c00010007000000000000002c00010004000000000000000c00010040000000000000000a"], 0x50}, 0x1, 0x0, 0x0, 0x4048000}, 0x0) r4 = socket(0x10, 0x2, 0x6) sendmmsg$auto(r4, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f0000000040), 0x7, 0xa505}, 0x800}, 0x5, 0x400a) syz_genetlink_get_family_id$auto_wireguard(&(0x7f0000000080), r0) r5 = socket$nl_generic(0x10, 0x3, 0x10) mknod$auto(&(0x7f00000003c0)='./file0\x00', 0x9, 0x9) mount$auto(&(0x7f0000000000)='veth0_macvtap\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, 0x0) r6 = syz_genetlink_get_family_id$auto_ovs_meter(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_OVS_METER_CMD_SET(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x1c, r6, 0x1, 0x70bd27, 0x25dfdbff, {}, [@OVS_METER_ATTR_ID={0x8, 0x1, 0xfffffffe}]}, 0x1c}, 0x1, 0x0, 0x0, 0x83b5a3da03b67f5b}, 0x404c040) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000140), r7) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)={0x14, r8, 0x1, 0x70bd25, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x41}, 0x4004040) openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x82000, 0x0) r9 = socket(0x10, 0x2, 0xc) r10 = syz_genetlink_get_family_id$auto_nlctrl(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$auto_CTRL_CMD_GETPOLICY(r9, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB='q\x00\x00\x00', @ANYRES16=r10, @ANYBLOB="4cb245184f86db27df250a000a"], 0xf8}}, 0x10044010) 3.993863487s ago: executing program 1 (id=1410): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) capget$auto(0x0, 0xfffffffffffffffe) close_range$auto(0x2, 0x8000, 0x0) socket(0x3, 0x1, 0xf755) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) (async) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x2000009) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r1) (async) ioctl$auto(0x3, 0xae41, r1) ioctl$auto_KVM_CREATE_VM(r0, 0x4048ae9b, 0x0) (async) ioctl$auto_KVM_CREATE_VM(r0, 0x4048ae9b, 0x0) 3.9591997s ago: executing program 0 (id=1411): socket(0x2, 0x800, 0x9) mmap$auto(0x3, 0x2020009, 0x8, 0xe72, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x4000000, 0xffffffffffff0085, 0x1004) openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000002340)='/dev/binderfs/binder1\x00', 0x0, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x6, 0x8000) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f0000000080)='/dev/audio1\x00', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x958b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x40008000001f, 0x7, 0x6d3e, 0x9, 0x2, 0x10000]}, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) openat$auto_proc_pid_attr_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/attr/fscreate\x00', 0x1, 0x0) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000002c00)='/dev/cec29\x00', 0x900, 0x0) sysfs$auto(0x2, 0x23, 0x0) r3 = openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/set_event\x00', 0x20201, 0x0) write$auto(r3, 0x0, 0x4) r4 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) close_range$auto(r4, r2, 0x0) r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/power/pm_trace_dev_match\x00', 0x20080, 0x0) r6 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000200)={'ip6_vti0\x00', 0x0}) sendmsg$auto_NL802154_CMD_SET_MAX_FRAME_RETRIES(r1, &(0x7f0000000500)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="68010000", @ANYRES16=r6, @ANYBLOB="02002cbd7000fddbdf250f00000020012b80fa00b700b4cdc3586e6b54cc30f89885c921b3b29337cc012556890c01b9d4ca818ae75f12ecf3e8ab07405342ff017d622b15945e1491ddcffee4b572d6064f976a89ffb54fd8cc236834aea9f7457838fcf79776d934b9f81310d7f4278c4666fd2ed9ae8b90419ea360c0335895f7261d5f9c8bc491e35834021d738de357fc391522a79cf75e0f31d66568f004df517681dd0f6ceab191613b48a8ee4e61d4c08bb62750084a63243fcbb7f442af2889f74ee24d30c635e7a31e0c5125f45dffe5b5f11721d4fbc2a815e2aa1b4c802a787535b7d1488e17bea0222d0cdffc15baf19d8385c6db2fdb55c4d16711ef8b357789a94fcc395b00000400748008004600", @ANYRES32=r3, @ANYBLOB="14002f8004002d8004004b800500d3000000000008000c000000000014000400776732000000000000000000000000000800030024ca7742d46b3cafe9225cc99aadd0511c93d5535990281898ee69bf0756c549eb35570ac1a576b46c9ffd300dc36d7f7f", @ANYRES32=r7, @ANYBLOB="050026000000000005001f0001000000"], 0x168}, 0x1, 0x0, 0x0, 0x800}, 0x4000) r8 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x2101, 0x0) write$auto(r8, &(0x7f0000000240)='802.15.4 MAC\x00', 0x3) read$auto_kernfs_file_fops_kernfs_internal(r5, &(0x7f0000000280)=""/175, 0xaf) r9 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/platform/mac802154_hwsim/ieee802154/phy0/net/wpan0/queues/tx-0/tx_maxrate\x00', 0x10b142, 0x0) read$auto(r9, &(0x7f0000000000)='/sys/devices/platform/mac802154_hwsim/ieee802154/phy0/net/wpan0/queues/tx-0/tx_maxrate\x00', 0x3) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) 3.655684062s ago: executing program 1 (id=1412): mmap$auto(0x0, 0x400005, 0xe1, 0x10, 0x2, 0x8000) r0 = getpgrp(0xffffffffffffffff) prctl$auto(0x1000000003b, 0x1, r0, 0x3, 0x2a) madvise$auto(0x0, 0xffffffffffff0001, 0x15) (async) madvise$auto(0x0, 0xffffffffffff0001, 0x15) mlockall$auto(0x7) (async) mlockall$auto(0x7) mmap$auto(0x0, 0x9, 0x3ff57696, 0x9b72, 0x2, 0x0) statx$auto(0xffffff9c, 0x0, 0x1000, 0x803, 0x0) mmap$auto(0x0, 0x4, 0x4000000000e3, 0x10000040eb2, 0xffffffffffffffff, 0x300000000000) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptyq1\x00', 0x600100, 0x0) io_uring_setup$auto(0x7, 0x0) (async) io_uring_setup$auto(0x7, 0x0) socket(0x25, 0x5, 0x0) (async) socket(0x25, 0x5, 0x0) socket$nl_generic(0x10, 0x3, 0x10) (async) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) (async) socket$nl_generic(0x10, 0x3, 0x10) io_uring_setup$auto(0x7e1b, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptyv6\x00', 0x800, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x11, 0x2, 0x14) socketpair$auto(0x20000d, 0x7, 0x4, 0x0) (async) socketpair$auto(0x20000d, 0x7, 0x4, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptya7\x00', 0x101e81, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptyde\x00', 0xa0102, 0x0) (async) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptyde\x00', 0xa0102, 0x0) ioctl$auto_TIOCSETD2(r1, 0x5423, 0x0) poll$auto(&(0x7f0000000040)={0x3, 0x1, 0xa}, 0x5, 0x108) write$auto(r1, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) (async) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_net_shaper(&(0x7f0000000000), r2) 3.382647933s ago: executing program 3 (id=1413): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4ea2, @remote}, 0x6a) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0x101}, 0x8}, 0x7, 0x20020000) r1 = openat$auto_iommufd_fops_main(0xffffffffffffff9c, &(0x7f0000000000), 0x4c0000, 0x0) r2 = openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f00000001c0), 0x2e000, 0x0) close_range$auto(r1, r2, 0x7f) recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0xa001, 0x0) openat$auto_ima_ascii_measurements_ops_ima_fs(0xffffffffffffff9c, 0x0, 0x80, 0x0) r3 = ioctl$auto_SIOCSIFHWADDR2(0xffffffffffffffff, 0x8924, &(0x7f0000000540)="6873f28e14dfbd5616a3d126887f5894aa1c6dff67184932d248c953838c4fef7d3c1492fdfb55f3734a") ioctl$auto_AUTOFS_IOC_PROTOSUBVER(r3, 0x80049367, 0x0) r4 = socket(0xb, 0x4, 0x6) syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_TSINFO_GET(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}, 0x1, 0x0, 0x0, 0x20048810}, 0x4804) write$auto(0x3, 0x0, 0x7fffffff) syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) ustat$auto(0x801, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) setsockopt$auto(0x3, 0x1, 0x21, 0x0, 0x9) sendmsg$auto_NL80211_CMD_PROBE_MESH_LINK(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="140000007ea4b46f01ec4bc7334208de26cbe38cb6db4940875c63f639625f09c4d820e7b46a995c8c341b9f31acbbdaf42a39"], 0x14}, 0x1, 0x0, 0x0, 0x24000000}, 0x400c080) write$auto(0x3, 0x0, 0xfffffdef) connect$auto(0x3, 0x0, 0x55) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x14f602, 0x0) openat$auto_mgts_fops_(0xffffffffffffff9c, &(0x7f0000000040), 0xa001, 0x0) sendmsg$auto_NL80211_CMD_DISASSOCIATE(r0, &(0x7f0000000380)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f00000002c0)={&(0x7f0000000440)=ANY=[], 0xf8}, 0x1, 0x0, 0x0, 0x4010}, 0x804) openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000200), 0x400480, 0x0) openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000000180)='/dev/fb0\x00', 0x2, 0x0) 3.308808906s ago: executing program 2 (id=1414): socket(0x1b, 0x3, 0x1) madvise$auto(0x0, 0x2000040080000004, 0xe) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) write$auto(r0, &(0x7f0000000040)='//\xf2\x00', 0x80000000) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000002f00), 0xffffffffffffffff) r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, 0x0, 0x0) r3 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$auto_ila(&(0x7f0000000440), 0xffffffffffffffff) r6 = syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000640), 0xffffffffffffffff) sendmsg$auto_L2TP_CMD_TUNNEL_CREATE(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)={0x5c, r6, 0x1, 0x70bd2d, 0x25dfdbf9, {0x1, 0x0, 0xff0f}, [@L2TP_ATTR_ENCAP_TYPE={0x6, 0x2, 0x3f}, @L2TP_ATTR_PROTO_VERSION={0x5, 0x7, 0x58}, @L2TP_ATTR_CONN_ID={0x8, 0x9, 0x2}, @L2TP_ATTR_PEER_CONN_ID={0x8, 0xa, 0xc}, @L2TP_ATTR_IP6_SADDR={0x14, 0x1f, @local}, @L2TP_ATTR_IP6_DADDR={0x14, 0x20, @private0={0xfc, 0x0, '\x00', 0x1}}]}, 0x5c}, 0x1, 0x0, 0x0, 0x40000}, 0x8000) sendmsg$auto_ILA_CMD_ADD(r4, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)={0x20, r5, 0x1, 0x470bd26, 0x25dfdbfe, {}, [@ILA_ATTR_LOCATOR_MATCH={0xc, 0x3, 0x6}]}, 0x20}, 0x1, 0x0, 0x0, 0x20040880}, 0x4) syz_clone(0x4040400, 0x0, 0x0, 0x0, 0x0, 0x0) readv$auto(0x3, 0x0, 0x1) mmap$auto(0xf728, 0x8000000000000, 0xfffffffffffffffe, 0x11, r3, 0x1) socket(0x5, 0xa, 0x2000) close_range$auto(0x2, 0x8, 0x0) openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) r7 = openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/tracing/per_cpu/cpu1/trace_pipe_raw\x00', 0x1000, 0x0) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) sendmmsg$auto(r7, &(0x7f00000002c0)={{&(0x7f0000000380)="0bcb441f2d0327db00c21e477f97a72d44774fc33b92a92d25b5e0180257727b7ad1aa476b793bb961565c7cac80c7ffebc87c8a5d5d6797512791fb544f3170922f9324760a4359bee08b355959272e13", 0x1, &(0x7f0000000180)={&(0x7f0000000480)="2401cb47a247d723ce76c557a793d8752e5ff933cf27dffeedde4508999c70683e56b1e9403103f69074dbf17fd13a55751246b2eafe00ec4d432e9d35aaeca4b5dcf5186da25400f9bbb8709f2a944db7c61083a6a50194dc3bb746dc9b602c36dafc796ebad561f53049ce75c73ad62de6b8dcd573c42b8b3c83788816043ba5163ecc7aba34e26c43401cc7187b24a81693ffbec8068ea82b94705b331df8089f08f1da4eff21b80bd834fe9c0a2be9c93074c78c0c1417feaa85a036b722afcd7d5ca32dae57b540e06136", 0x8}, 0x295, &(0x7f0000000580)="db78bb1ee76c3a02dd383301a8133a7367d96073e08b1cabb333e4632221810075178dd76d6a4c2a349fec4c76d42abc4740a0edce09ac0a99d86fa6dc5ca5a6c8ebf94a63280d051b6319459a9a9b55aecc92b52ae4dc68076f087012550127980db1331f15665d7a2425f74d6d8cd70f08f6b367a5fdddf40f62779c31cfa9dd6bb491eb86c7662a16d3efd3724b2ab69d6e23d0a577d59dc9db56fa0f58d9a49f1ac40a3b7958f38b9db68ca018694398113be56c30", 0x8000000000000000, 0x1ff}, 0x3}, 0x6, 0x6) sendfile$auto(0x1, 0x3, 0x0, 0xd551) socket(0x2c, 0x6, 0x2) write$auto_rfkill_fops_core(r2, &(0x7f0000000200)="9dea31913cb498217735bbce17f68148281da8acc8b124f8dc04f11f1fa2a9ae7463c4f77ee1feaf711d833ea95c4f433afc6d44d6e591370504369fcc8b786d2db722ab2d5d80df1c7d2ae6eeb0b7cd11d603918ac22abe77711c05c1c11d59bb7c542b966790f31b3d100e436e619db789dd3ae1413d0d9bf34731f5e94f49f389f79f3a3ed9d518bee3c6545f096462d8dad84732e9300a0b987bcc66f7d9fbaa7bb75b353885b325e4707d", 0xad) 2.983124044s ago: executing program 0 (id=1415): socket(0x1b, 0x3, 0x1) madvise$auto(0x0, 0x2000040080000004, 0xe) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) write$auto(r0, &(0x7f0000000040)='//\xf2\x00', 0x80000000) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000002f00), 0xffffffffffffffff) r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, 0x0, 0x0) r3 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$auto_ila(&(0x7f0000000440), 0xffffffffffffffff) r6 = syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000640), 0xffffffffffffffff) sendmsg$auto_L2TP_CMD_TUNNEL_CREATE(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)={0x5c, r6, 0x1, 0x70bd2d, 0x25dfdbf9, {0x1, 0x0, 0xff0f}, [@L2TP_ATTR_ENCAP_TYPE={0x6, 0x2, 0x3f}, @L2TP_ATTR_PROTO_VERSION={0x5, 0x7, 0x58}, @L2TP_ATTR_CONN_ID={0x8, 0x9, 0x2}, @L2TP_ATTR_PEER_CONN_ID={0x8, 0xa, 0xc}, @L2TP_ATTR_IP6_SADDR={0x14, 0x1f, @local}, @L2TP_ATTR_IP6_DADDR={0x14, 0x20, @private0={0xfc, 0x0, '\x00', 0x1}}]}, 0x5c}, 0x1, 0x0, 0x0, 0x40000}, 0x8000) sendmsg$auto_ILA_CMD_ADD(r4, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)={0x20, r5, 0x1, 0x470bd26, 0x25dfdbfe, {}, [@ILA_ATTR_LOCATOR_MATCH={0xc, 0x3, 0x6}]}, 0x20}, 0x1, 0x0, 0x0, 0x20040880}, 0x4) syz_clone(0x4040400, 0x0, 0x0, 0x0, 0x0, 0x0) readv$auto(0x3, 0x0, 0x1) mmap$auto(0xf728, 0x8000000000000, 0xfffffffffffffffe, 0x11, r3, 0x1) socket(0x5, 0xa, 0x2000) close_range$auto(0x2, 0x8, 0x0) openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) r7 = openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/tracing/per_cpu/cpu1/trace_pipe_raw\x00', 0x1000, 0x0) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) sendmmsg$auto(r7, &(0x7f00000002c0)={{&(0x7f0000000380)="0bcb441f2d0327db00c21e477f97a72d44774fc33b92a92d25b5e0180257727b7ad1aa476b793bb961565c7cac80c7ffebc87c8a5d5d6797512791fb544f3170922f9324760a4359bee08b355959272e13", 0x1, &(0x7f0000000180)={&(0x7f0000000480)="2401cb47a247d723ce76c557a793d8752e5ff933cf27dffeedde4508999c70683e56b1e9403103f69074dbf17fd13a55751246b2eafe00ec4d432e9d35aaeca4b5dcf5186da25400f9bbb8709f2a944db7c61083a6a50194dc3bb746dc9b602c36dafc796ebad561f53049ce75c73ad62de6b8dcd573c42b8b3c83788816043ba5163ecc7aba34e26c43401cc7187b24a81693ffbec8068ea82b94705b331df8089f08f1da4eff21b80bd834fe9c0a2be9c93074c78c0c1417feaa85a036b722afcd7d5ca32dae57b540e06136", 0x8}, 0x295, &(0x7f0000000580)="db78bb1ee76c3a02dd383301a8133a7367d96073e08b1cabb333e4632221810075178dd76d6a4c2a349fec4c76d42abc4740a0edce09ac0a99d86fa6dc5ca5a6c8ebf94a63280d051b6319459a9a9b55aecc92b52ae4dc68076f087012550127980db1331f15665d7a2425f74d6d8cd70f08f6b367a5fdddf40f62779c31cfa9dd6bb491eb86c7662a16d3efd3724b2ab69d6e23d0a577d59dc9db56fa0f58d9a49f1ac40a3b7958f38b9db68ca018694398113be56c30", 0x8000000000000000, 0x1ff}, 0x3}, 0x6, 0x6) sendfile$auto(0x1, 0x3, 0x0, 0xd551) socket(0x2c, 0x6, 0x2) write$auto_rfkill_fops_core(r2, &(0x7f0000000200)="9dea31913cb498217735bbce17f68148281da8acc8b124f8dc04f11f1fa2a9ae7463c4f77ee1feaf711d833ea95c4f433afc6d44d6e591370504369fcc8b786d2db722ab2d5d80df1c7d2ae6eeb0b7cd11d603918ac22abe77711c05c1c11d59bb7c542b966790f31b3d100e436e619db789dd3ae1413d0d9bf34731f5e94f49f389f79f3a3ed9d518bee3c6545f096462d8dad84732e9300a0b987bcc66f7d9fbaa7bb75b353885b325e4707d", 0xad) 1.89576899s ago: executing program 3 (id=1416): r0 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xa3, 0xeb1, r0, 0x8000) r1 = socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) openat$auto_fake_panic_fops_(0xffffffffffffff9c, &(0x7f0000000140), 0x101880, 0x0) recvmmsg$auto(0x3, 0x0, 0xfffd, 0x8000, 0x0) sendmmsg$auto(0x3, 0x0, 0x7878, 0x7000000) mmap$auto(0x0, 0x20009, 0x0, 0x40000000000eb1, r1, 0x8003) r2 = fsopen$auto(0x0, 0x1) sendmmsg$auto(0x3, 0x0, 0x2, 0x0) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) close_range$auto(0x2, 0x8, 0x0) getpriority$auto_PRIO_PGRP(0x1, 0x0) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) io_uring_setup$auto(0x1, 0x0) r3 = socket(0x1a, 0x80003, 0x300) setsockopt$auto(r3, 0x107, 0x1, 0x0, 0x8004) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4004040}, 0xc800) r4 = socket(0xa, 0x5, 0x84) sendto$auto(r4, 0x0, 0x401, 0x7f, &(0x7f0000000000)=@generic={0xa, "e2e18340cba8fe80fffe040100"}, 0x1c) sendmsg$auto_NL80211_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f00000000c0)={&(0x7f0000000240)={0x768, 0x0, 0x8, 0x70bd2c, 0x25dfdbfc, {}, [@NL80211_ATTR_STA_SUPPORT_P2P_PS={0x5, 0xe4, 0x7}, @NL80211_ATTR_MPATH_NEXT_HOP={0x11, 0x1a, "254f046efd6a9727589dcbd8d1"}, @NL80211_ATTR_IE_RIC={0x722, 0xb2, "1e4803d52c1743194ccde92f6dcbabe1822566cb5210ef93e3a00db22b4a5cb03f100e99e1eef0d9cb59b8915ff314e5b6d7b57f8e024c3a7e532bd054c9a271e54f0e106f7839e6e3165c4ae1145f7d535b6a5af5e2cf1b91c6acc5a9e8beadfa25b9987fb42b8cc2bb91a9ab76528af01e363e3006a3b14db4f7ac20ce90ad23929770d41721b57bf696354c2490a02066125a4a308162b6383811426b981e36b03339a21e3d9e5e91ed8951d085ad335ef39c87292f1bd103bbf35bf1177cccc34d0de22ab51d24783c44eda947c6c28648aaecfe1681fb5d500539e1134c9b769bb85caa1e1f7624c05845d62e35f261a7a11dd1e7bf68de3c7abeca29acfd1a32fae0245be4a04a643ff10b7fd89d73a1376e186ce7ea3a4d3f88a187685e7e38727e97ccce629eb580fa07a643576a3e6948f775709bb40ae857077da18e6a071a9dfda0a0ff767a71f4779852bbd013a215a3ee9d3a36c12e365d27fad27704360518ed1ea8151b56c63de845b857c8b085078c0e2ef682431dc62a2d1b485b5be5055761135bdc53eef0c65320cb98881dd12c2edacafa0533b7bbb7f8bd32eb2c7709a89690c9731498ebdc5b4504db9c8785075cb668c11967dbe3e207ba472e233e847b74932333a9bd2c620dc5adf0b4d9c4ad2188b8d6e2d42b63a0f68a6cd78f152d2ec02d126189c15d053e61212a579b8cfe5a28cb416a7507d21ec7b5b053a8d4efab4084b532e5078851267fdbd3b24916b93777cefc8a08c10e9e4f9556313b1eb6bdf1e58482accc7efd6bbcaac9107b50a1b8453fee6b84ea47685e8446e2ce261843737e71ba3488dc9b0da950e7c461ca2dd650b79bbea53fb958bc3b6a23662ffae23fa92038425647f5abd1bfb5c846a023ed2756c7f1aa9f75e05867e788e13631abe105d0c8e95d323fd5b43e2c311c9162aba32fdb080056b810453615db1a92350e12621728cdfb939a6e4356735cd345e60114de8490c81348c3ee5f13376bf1cc011845eb4ed2d58c387320b3f2c456e0bff97e99c5116954ba4457d4dd6683f49276fb40bbed39454e66400299ab7fc072913fe0805ec8b62d7988acf850ef9ed3fa6fa5f0e4cc24ab90e206329b31ffa85495335134f9f72b855ba7e0bf95bf11506bfa9d6617518e8b24f09f05311ff84884dba789dc21edd0d49577e77a314f12260818501dec241e49e4e36c1f7c8bed2f6900f7f1499a4b0453d5acafed2a3cf514582540a775b863efd0814b9d2858aac0ee13c30e6f7536c24d46664592943039a115e67c0c72cfdfe8b4d23a4c0ceb66e6fed23f4c2eb020a8b5e31d7cb6d1f1aceff4f24707654c39418d078517991d41bb1a3cb089991db04419fe3ecac5638b1dd6423f45327cda62990d145c742bf0a533e8e815c60fa4b81877ab57819b6af240441fb54a8a8b981e7cb2c46128b7c495d0d618d9559b8587da06766cdc670665256c963ba113d434d1a58e429ec92e6847993fb316afefc7940c6d0186e82af9a719b43e3189b5ebf86007dbd8d22c7c44804eb9365129c68f2536a9a505ff25682048f99fd7e15d81046edadbb86cf8f2dbd05ecd9a15522704dd13af44d3aa3a6054837c21d237b7af38db45aaae567cc62b7655d45403f76aa755167d99ddd48ac016ef088d35d2c97ddc9998265bc84b328a135367258d6fd4e98673904eba04adf9ddf7f86c7fdc22f68a4a692a5e16ae365f2e78eaad3fc86ee012ed8cdaf278d039409e6c6fc52f7464d86c753d29c72668ae86439edddc46d15d307be7271447e3a00764bba6876082f22203867b3491641cc1a730dec9ed2e244b5f04132c8b3529e16b89efe4fafda47b4e2914cca9730c05a036e9eb7990709ebba1bbb9f3a6da06d0878d8a07c798527fb4eb71891b980caa7d6e5b4896c50b72caaac15152e1d1e9392064162a04ceb553e2a8f5f1f0c680307c7413cac08591a482bed69168cc14fb7b9a1164e43ecbd6c0bbfb643cb69149081b3378abc100e508ea1c155a0674fc40ef82fda059bbcaa45e568dd782bf85e5ef85f4e9b51280e694176e7f73e3b17b9e3ee97e64dae8050801cf8aa6e696bcd1374eb08b119f17799d06e079161306ea895df4d6fbfc4f283b1e80a7e3fe04f6691579bee882aff9a70f1c80c08fabc8422dcf306fc716d735ef988424e17277780c71e6154a8de080caa5a9c82d4878e72ee93e870f8ead4a3c7a42e0aa53b447851b7bbe8e6e464984d6a612b5925e166936a387a3b781c8985ef37d7bdf0f2672b9d8969e6936fb15b4b7885c42cf84005b5bdb48e38416edd868acf0af8d417e306af422e91e4a08c6259825bebf12dcf928cd2ae335d48680306021697d20fa8fdde5e48afeed851927aff150e4f405a527068033c1206e3f21959932ea9588fcc5c1dc139dfe2d6f3404c3f3bfcb3e61e2a7ee504561b183d19ae88e8e4d82bd289f3a3d888522a1c25e96cf9717e2fd0707d7cb8dcf715be47181ba5b0006f7d2aa85bc651843abb57aad7ce090013bd58633b53a0cfb76410e2f64944fb6bd1dea747510b52ce705"}, @NL80211_ATTR_DISABLE_HE={0x14}, @NL80211_ATTR_WIPHY_TX_POWER_LEVEL={0x8, 0x62, 0x7}, @NL80211_ATTR_TDLS_OPERATION={0x40, 0x8a, 0x81}]}, 0x768}, 0x1, 0x0, 0x0, 0x2000c814}, 0x20810) mmap$auto(0x83, 0x2020009, 0x8, 0xebf, 0xfffffffffffffffa, 0x2) mmap$auto(0x0, 0x9, 0x3ff57696, 0x10009b72, 0x2, 0x80000) close_range$auto(0x2, r2, 0x0) r5 = eventfd$auto(0x3) socketpair$auto(0x9, 0x2, 0x4b3, 0x0) ioctl$auto_TIOCSETD2(0xffffffffffffffff, 0x5423, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000540)='/dev/ttyS2\x00', 0x201, 0x0) clock_nanosleep$auto(0x400000, 0x1, 0x0, &(0x7f0000000040)={0x7fff, 0x2}) ioctl$auto(0x3, 0x540b, r5) mkdir$auto(&(0x7f00000000c0)='./cgroup.cpu/cpuset.cpus/file0\x00', 0x2) 783.209866ms ago: executing program 3 (id=1417): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) semctl$auto(0x1ff, 0x4, 0x13, 0x1) clone3$auto(&(0x7f0000000000)={0x400000000200, 0x5, 0x7, 0x2, 0x0, 0x1ff, 0x8, 0xb, 0x6, 0x2, 0xeb6}, 0x1fe) 655.64639ms ago: executing program 1 (id=1418): openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000240)='/dev/video37\x00', 0x8a240, 0x0) mmap$auto(0x0, 0x40000c, 0x45bd, 0x9b72, 0x2, 0x8000) r0 = epoll_create$auto(0x4) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2200, 0x0) socket(0x2, 0x1, 0x106) getsockopt$auto(r0, 0xfffffff4, 0x100004, 0xfffffffffffffffe, 0xfffffffffffffffd) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000140)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdc, 0xeb5, 0x401, 0x41) read$auto_kernfs_file_fops_kernfs_internal(r2, &(0x7f0000000180)=""/68, 0x44) syz_genetlink_get_family_id$auto_nlbl_unlbl(0x0, r2) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/module/snd_hda_intel/parameters/power_save\x00', 0x80002, 0x0) sendfile$auto(0x3, 0x3, 0x0, 0x400000000006) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd3e, 0x1, 0x948b, 0x3, 0x95f4da0a, 0xffffffffffffffff, 0x3, 0x62, 0x80000001, 0x7, 0x6d3f, 0x9, 0x8, 0xfffffffffffffffe]}, 0x0) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x10000000001ff, 0x4, 0x1, 0x1, 0x3, 0x3, 0x15f4da07, 0xffffffffffffffff, 0x3, 0x62, 0x80000023, 0x2, 0xc678, 0xd, 0xd, 0x1]}, 0x0) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) r3 = getpid() r4 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000100)='/dev/video15\x00', 0x180, 0x0) read$auto_v4l2_fops_v4l2_dev(r4, &(0x7f0000000000)=""/194, 0xc2) select$auto(0x5, &(0x7f0000000080)={[0x400020000008, 0xfffffffffffffffc, 0x7, 0x6, 0xc, 0x3, 0x3, 0x1ffe000, 0xcad, 0x2, 0x9, 0xf, 0xa657, 0x202, 0xd3, 0x1]}, 0x0, 0x0, 0x0) openat$auto_mousedev_fops_mousedev(0xffffffffffffff9c, &(0x7f0000000080)='/dev/psaux\x00', 0x2, 0x0) process_vm_readv$auto(r3, &(0x7f0000000000)={0x0, 0xfff}, 0x1, &(0x7f0000000280)={&(0x7f0000000080), 0xffffffff}, 0x6, 0x0) close_range$auto(0x2, 0xa, 0x0) 650.690815ms ago: executing program 3 (id=1419): fsconfig$auto_JFFS2_COMPR_MODE_NONE(0xffffffffffffffff, 0x7, &(0x7f0000000000)='\x00', &(0x7f0000000100)="8db2062bf3cd7d0ff1478a3a7d02bca727e468f943aa5c86a2087a2ab74ccf8b2b1e8b39425e0e12dba83c16540b808c550d512efc9bc24a50976efc71780af498374d5ec65e4137833914", 0x0) r0 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/net/dev_snmp6/nlmon0\x00', 0x1, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x1) mmap$auto(0x0, 0xe983, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) socketpair$auto(0x1e, 0x7, 0x3, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x155) r2 = socket(0x2, 0x2, 0x0) r3 = socket(0x2, 0x5, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x155) socket(0x2, 0x1, 0x100) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0xffff, @remote}, 0x6a) socket(0x2, 0x1, 0x106) listen$auto(0x3, 0x81) sendmmsg$auto(r3, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x5, 0x20000000) accept$auto(r2, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) statmount$auto(0x0, 0x0, 0x1fe, 0x81) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, 0x0, 0x8000) ioctl$auto_BLKTRACESETUP32(0xffffffffffffffff, 0xc0401273, 0x0) msgsnd$auto(0x5, 0x0, 0x8000000000000006, 0x8) r4 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000180)='/proc/sys/net/netfilter/nf_log/3\x00', 0xa2202, 0x0) sendfile$auto(r4, r4, 0x0, 0xd) madvise$auto(0x0, 0x200007, 0x19) sendmsg$auto_ETHTOOL_MSG_MODULE_EEPROM_GET(r1, &(0x7f0000000e80)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000080)={0x4c, r0, 0x1, 0x70bd29, 0x25dfdc02, {}, [@ETHTOOL_A_MODULE_EEPROM_I2C_ADDRESS={0x5, 0x6, 0x9}, @ETHTOOL_A_MODULE_EEPROM_LENGTH={0x8, 0x3, 0x4}, @ETHTOOL_A_MODULE_EEPROM_PAGE={0x5, 0x4, 0xe9}, @ETHTOOL_A_MODULE_EEPROM_OFFSET={0x8, 0x2, 0xf7}, @ETHTOOL_A_MODULE_EEPROM_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_virt_wifi\x00'}]}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4004084}, 0x82) 492.179591ms ago: executing program 2 (id=1420): mmap$auto(0x0, 0x40009, 0xa, 0x9b72, 0x2, 0x28000) sysfs$auto(0x2, 0x10, 0x0) (async) sysfs$auto(0x2, 0x10, 0x0) writev$auto(0xffffffffffffffff, 0x0, 0x9) (async) writev$auto(0xffffffffffffffff, 0x0, 0x9) socket$nl_generic(0x10, 0x3, 0x10) (async) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) (async) r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000140), 0xffffffffffffffff) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/mpls/platform_labels\x00', 0x202, 0x0) (async) r1 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/mpls/platform_labels\x00', 0x202, 0x0) pwrite64$auto(r1, &(0x7f0000000180)='/proc/sys/user/mw\xe0\xe5 w\fy\x10\xbd\xc6\xacax_fanotify_g\b\x00\x00\x00s@?{2O\x98\xb5Fi\xd07\xe3\x8e\xf1u\xd6\xd8Hf\xde\'OT\xef\xbc\x1f\x12\x81\xbc\x8c\xef\xd0~:\xe9\x81\xef1\xf0\xa2;\xf5\xc0\n\xf2\xb4?J\xd7\xc2k%\xd3\xb7$t\xcb]\x87~\xbe:\x93\x8d<\x1bZx\xad\xf5\xeb\xd7CCkWi\xa7\xbc\xf1\xaa\xbe\xa8\xea\xbc\x93\xe8K\xe0jd\x85)\t\x12\xb7\xb7l\xee:\xda\xd6\x06\xf3z\r\xf6\xa8\xf94\xa3\x96', 0x7, 0x7) mmap$auto(0x0, 0x0, 0x10df, 0xeb1, 0x401, 0x8000) mmap$auto(0x4, 0x4, 0x4000000000df, 0x13, 0x4, 0x400b) mmap$auto(0x1, 0x402000b, 0x2000006, 0xeb1, 0x401, 0xfff) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x48000}, 0x40084) io_uring_setup$auto(0x6, 0x0) socket(0x18, 0xa, 0x1) socket(0xa, 0x2, 0x0) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa}, 0x55) bind$auto(0x3, &(0x7f0000000040)=@generic={0xa, "02d0ac0c00e435826339c7328903"}, 0x6a) io_uring_register$auto(r0, 0x0, &(0x7f0000000240)="c571c0a9c13c38bb986f44133fea548d6e9836d8d6b14e8d05e4db3f14499c8113e3ddf8e3d3080dde3e7a50af1a323f8810b7fa", 0x3) mbind$auto(0x2000, 0x100000004, 0x3, 0x0, 0x6, 0x2) mmap$auto(0x0, 0x200006, 0x2, 0x40eb1, 0x602, 0x300000000000) move_pages$auto(0x1, 0xf54, 0x0, 0x0, 0x0, 0x8000000000000000) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x101840, 0x0) (async) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x101840, 0x0) openat$auto_bch_chardev_fops_chardev(0xffffffffffffff9c, &(0x7f00000000c0), 0x2042, 0x0) (async) r2 = openat$auto_bch_chardev_fops_chardev(0xffffffffffffff9c, &(0x7f00000000c0), 0x2042, 0x0) ioctl$auto_BCH_IOCTL_FSCK_OFFLINE(r2, 0x4018bc13, &(0x7f0000000100)={0x0, 0x9d}) unshare$auto(0x40000080) socket(0x1d, 0x3, 0x1) bind$auto(0x3, &(0x7f0000000000)=@generic={0x10, "a500acb75c9cedd1b5e9a0d76293"}, 0x68) (async) bind$auto(0x3, &(0x7f0000000000)=@generic={0x10, "a500acb75c9cedd1b5e9a0d76293"}, 0x68) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/net/bond0/bonding/all_slaves_active\x00', 0xb02, 0x0) (async) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/net/bond0/bonding/all_slaves_active\x00', 0xb02, 0x0) 396.803832ms ago: executing program 3 (id=1421): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x48000}, 0x0) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(0x2, 0x0, &(0x7f0000000000), 0x3) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/devices/platform/i8042/serio1/rate\x00', 0x2, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/mm/transparent_hugepage/khugepaged/max_ptes_none\x00', 0x183042, 0x0) read$auto(r0, 0x0, 0x9) write$auto(0x3, 0x0, 0xfdef) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) ioperm$auto(0x3, 0xe, 0x2000000000000149) 221.569099ms ago: executing program 3 (id=1422): r0 = socket(0x10, 0x2, 0x0) sendmsg$auto_THERMAL_GENL_CMD_TZ_GET_TEMP(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000300)=ANY=[@ANYRESHEX=r0, @ANYRES16=r0, @ANYBLOB="080028bd7000fddbdf250300000008000600020000000c00149d8bed6a02c8440930"], 0x28}, 0x1, 0x0, 0x0, 0x24000004}, 0x405b) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) sendmsg$auto_WG_CMD_GET_DEVICE(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x400c810}, 0x200448c0) writev$auto(0xca, &(0x7f0000000080)={&(0x7f0000000040), 0x1}, 0x7e) sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB="0700000000000000df250a"], 0x14}, 0x1, 0x0, 0x0, 0x20008000}, 0x10004010) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x155) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) r1 = socket(0x2b, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @remote}, 0x6a) sendmmsg$auto(r1, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x5, 0x20000000) setsockopt$auto(0xffffffffffffffff, 0x80000000, 0x41, 0x0, 0x7) sendto$auto(0x3, 0x0, 0xfdef, 0x101, 0x0, 0x1c) fsopen$auto(0x0, 0x1) openat$auto_tap_fops_tap(0xffffffffffffff9c, 0x0, 0x1, 0x0) socket(0xa, 0x1, 0x100) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, 0x0, 0xc0000, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) select$auto(0xe, 0x0, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x4, 0xffd, 0x12, 0x3, 0x0) read$auto(0x3, 0x0, 0x7fffffff) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, 0x0, 0xc0502, 0x0) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000000200)='/dev/fb0\x00', 0x0, 0x0) select$auto(0x3, 0x0, 0x0, &(0x7f0000000280)={[0x1ff, 0x800000000800, 0x5, 0x1, 0x948b, 0x0, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x2, 0x185, 0x3, 0x8000, 0xfffffffffffffffe]}, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1a00"], 0x1ac}}, 0x40000) mmap$auto(0x0, 0x2020009, 0x3, 0x9000000eb1, 0xfffffffffffffffa, 0x8000) 4.175221ms ago: executing program 2 (id=1423): openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x1000, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) mmap$auto(0x0, 0x810004, 0xfff, 0x8000000008012, 0x3, 0x8000) mmap$auto(0x0, 0xe983, 0x3, 0xeb1, 0x401, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/system/cpu/cpu0/cache/index3/type\x00', 0x103000, 0x0) read$auto(r0, 0x0, 0x3fffffffffff) madvise$auto(0x0, 0x2000040080000000, 0x2) listen$auto(0x3, 0x81) close_range$auto(0x2, 0x8, 0x0) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) lseek$auto(0xffffffffffffffff, 0x7ff, 0x1) sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x3) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x8000000000000000, 0x15) ioctl$auto_SNDCTL_DSP_SETFRAGMENT(0xffffffffffffffff, 0xc004500a, &(0x7f0000000000)="3e1bf9d25b6ec2048b25a41c560216188124b23dd0b9858346d893b70392778824baaebc0d936c0131650ae21f3428e9f870b28b9a1384f12fce5ce8") mmap$auto(0x0, 0x10000002020009, 0x1003, 0xeb1, 0xfffffffffffffffa, 0x8000) move_mount$auto(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x91e4) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) msgsnd$auto(0x0, &(0x7f0000000040)={0x5}, 0x1000, 0x4) msgctl$auto(0x0, 0x1, 0x0) 0s ago: executing program 0 (id=1424): mmap$auto(0x0, 0x402000b, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket(0x2, 0x3, 0xa) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x30b140, 0x0) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe2180, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r2) r3 = ioctl$auto_KVM_CREATE_VM(r1, 0x4048aecb, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) keyctl$auto(0x1f, 0x1, 0x6, 0x3, 0x3ff) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, r0, 0x8000) close_range$auto(0x2, 0x8000, 0x0) io_uring_setup$auto(0x6, 0x0) r4 = socket(0xa, 0x801, 0x84) mmap$auto(0x0, 0x5, 0x2, 0x40eb2, 0x401, 0x300000000000) lsm_list_modules$auto(0x0, 0x0, 0x0) getsockopt$auto(r4, 0x84, 0x71, 0x0, 0x0) io_uring_register$auto(0x2, 0xd, 0x0, 0x20) openat$auto_nodes_fops_netdebug(0xffffffffffffff9c, &(0x7f0000004240), 0x81, 0x0) r5 = socket(0x2b, 0x1, 0x0) setsockopt$auto(r5, 0x29, 0x2f, 0x0, 0x22) mlock$auto(0x1004, 0x6) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000080), r5) sendmsg$auto_NL80211_CMD_SET_WOWLAN(r3, 0x0, 0x8001) mlockall$auto(0x800000000000005) madvise$auto(0x0, 0x200007, 0x19) mmap$auto(0x9, 0x2000d, 0x7, 0xeb0, 0x404, 0x10008000) kernel console output (not intermixed with test programs): Engine, BIOS Google 08/18/2025 [ 269.577402][ T9176] Call Trace: [ 269.577411][ T9176] [ 269.577421][ T9176] dump_stack_lvl+0x16c/0x1f0 [ 269.577463][ T9176] dump_header+0x101/0x930 [ 269.577499][ T9176] oom_kill_process+0x272/0xa40 [ 269.577535][ T9176] out_of_memory+0x350/0x1700 [ 269.577574][ T9176] ? __pfx_out_of_memory+0x10/0x10 [ 269.577615][ T9176] mem_cgroup_out_of_memory+0x118/0x130 [ 269.577653][ T9176] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 269.577698][ T9176] ? do_raw_spin_unlock+0x172/0x230 [ 269.577742][ T9176] try_charge_memcg+0x72b/0xd50 [ 269.577779][ T9176] ? __pfx_try_charge_memcg+0x10/0x10 [ 269.577810][ T9176] ? peak_open+0x41/0x50 [ 269.577847][ T9176] ? get_mem_cgroup_from_objcg+0xd3/0x330 [ 269.577878][ T9176] obj_cgroup_charge_pages+0x22/0x1f0 [ 269.577912][ T9176] __memcg_kmem_charge_page+0xc2/0x2e0 [ 269.577948][ T9176] memcg_charge_kernel_stack+0xc3/0x1f0 [ 269.577983][ T9176] copy_process+0x2ca3/0x7690 [ 269.578030][ T9176] ? __pfx_copy_process+0x10/0x10 [ 269.578087][ T9176] ? _copy_from_user+0x59/0xd0 [ 269.578119][ T9176] kernel_clone+0xfc/0x930 [ 269.578154][ T9176] ? __pfx_kernel_clone+0x10/0x10 [ 269.578195][ T9176] ? __lock_acquire+0xb97/0x1ce0 [ 269.578235][ T9176] __do_sys_clone3+0x212/0x290 [ 269.578266][ T9176] ? __pfx___do_sys_clone3+0x10/0x10 [ 269.578348][ T9176] do_syscall_64+0xcd/0x4c0 [ 269.578387][ T9176] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 269.578412][ T9176] RIP: 0033:0x7feb831c3609 [ 269.578431][ T9176] Code: d7 08 00 48 8d 3d 9c d7 08 00 e8 e2 28 f6 ff 66 90 b8 ea ff ff ff 48 85 ff 74 2c 48 85 d2 74 27 49 89 c8 b8 b3 01 00 00 0f 05 <48> 85 c0 7c 18 74 01 c3 31 ed 48 83 e4 f0 4c 89 c7 ff d2 48 89 c7 [ 269.578453][ T9176] RSP: 002b:00007fffa480ac38 EFLAGS: 00000206 ORIG_RAX: 00000000000001b3 [ 269.578477][ T9176] RAX: ffffffffffffffda RBX: 00007feb831459f0 RCX: 00007feb831c3609 [ 269.578493][ T9176] RDX: 00007feb831459f0 RSI: 0000000000000058 RDI: 00007fffa480ac80 [ 269.578508][ T9176] RBP: 00007feb83f4b6c0 R08: 00007feb83f4b6c0 R09: 00007fffa480ad67 [ 269.578523][ T9176] R10: 0000000000000008 R11: 0000000000000206 R12: ffffffffffffffa8 [ 269.578538][ T9176] R13: 000000000000000b R14: 00007fffa480ac80 R15: 00007fffa480ad68 [ 269.578572][ T9176] [ 269.578581][ T9176] memory: usage 307200kB, limit 307200kB, failcnt 38939 [ 270.171964][ T9176] memory+swap: usage 431860kB, limit 9007199254740988kB, failcnt 0 [ 270.209624][ T9176] kmem: usage 3424kB, limit 9007199254740988kB, failcnt 0 [ 270.301300][ T9176] Memory cgroup stats for /syz3: [ 270.301574][ T9176] cache 310935552 [ 270.474350][ T9176] rss 102400 [ 270.604895][ T9176] rss_huge 0 [ 270.608198][ T9176] shmem 309948416 [ 270.697757][ T9176] mapped_file 4096 [ 270.967252][ T9176] dirty 0 [ 271.504620][ T9176] writeback 0 [ 271.507950][ T9176] workingset_refault_anon 247 [ 271.613799][ T9176] workingset_refault_file 16684 [ 271.618696][ T9176] swap 127692800 [ 271.804035][ T9176] swapcached 28672 [ 271.880366][ T9176] pgpgin 356764 [ 272.084408][ T9176] pgpgout 281424 [ 272.320853][ T9176] pgfault 183800 [ 272.394243][ T9176] pgmajfault 312 [ 272.414784][ T9176] inactive_anon 5402624 [ 272.536271][ T9176] active_anon 304676864 [ 272.554665][ T30] audit: type=1800 audit(1758614564.128:4): pid=9213 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.615" name="dbroot" dev="configfs" ino=22924 res=0 errno=0 [ 272.837261][ T9176] inactive_file 475136 [ 272.896647][ T9176] active_file 0 [ 272.962871][ T9176] unevictable 0 [ 273.102129][ T9176] hierarchical_memory_limit 314572800 [ 273.326592][ T9176] hierarchical_memsw_limit 9223372036854771712 [ 273.567528][ T9176] total_cache 310935552 [ 273.807425][ T9176] total_rss 102400 [ 273.851546][ T9176] total_rss_huge 0 [ 274.055343][ T9176] total_shmem 309948416 [ 274.059542][ T9176] total_mapped_file 4096 [ 274.507935][ T9176] total_dirty 0 [ 274.594883][ T9255] Invalid ELF header magic: != ELF [ 274.712766][ T9176] total_writeback 0 [ 274.799751][ T9176] total_workingset_refault_anon 247 [ 274.954397][ T9176] total_workingset_refault_file 16684 [ 274.959790][ T9176] total_swap 127692800 [ 275.171376][ T9176] total_swapcached 28672 [ 275.371428][ T9176] total_pgpgin 356764 [ 275.375453][ T9176] total_pgpgout 281424 [ 275.420922][ T9176] total_pgfault 183800 [ 275.441442][ T9176] total_pgmajfault 312 [ 275.445529][ T9176] total_inactive_anon 5402624 [ 275.450206][ T9176] total_active_anon 304676864 [ 275.491419][ T9176] total_inactive_file 475136 [ 275.496047][ T9176] total_active_file 0 [ 275.510498][ T9176] total_unevictable 0 [ 275.520578][ T9176] anon_cost 0 [ 275.530464][ T9176] file_cost 0 [ 275.540815][ T9176] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz.3.515,pid=8690,uid=0 [ 275.582699][ T9176] Memory cgroup out of memory: Killed process 8690 (syz.3.515) total-vm:102412kB, anon-rss:1372kB, file-rss:25796kB, shmem-rss:0kB, UID:0 pgtables:192kB oom_score_adj:0 [ 277.731861][ T32] oom_reaper: reaped process 8690 (syz.3.515), now anon-rss:120kB, file-rss:24752kB, shmem-rss:0kB [ 280.949425][ T8690] syz.3.515 (8690) used greatest stack depth: 17960 bytes left [ 281.789714][ T9299] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7fe06 [ 281.809876][ T9299] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 281.820835][ T9299] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 281.833004][ T9299] page_type: f5(slab) [ 281.838244][ T9299] raw: 00fff00000000040 ffff88801b841b40 dead000000000100 dead000000000122 [ 281.849578][ T9299] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 281.858747][ T9299] head: 00fff00000000040 ffff88801b841b40 dead000000000100 dead000000000122 [ 281.868980][ T9299] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 281.879052][ T9299] head: 00fff00000000001 ffffea0001ff8181 00000000ffffffff 00000000ffffffff [ 281.888142][ T9299] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 281.897065][ T9299] page dumped because: unmovable page [ 281.904388][ T9299] page_owner tracks the page as allocated [ 281.913133][ T9299] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5863, tgid 5863 (syz-executor), ts 86973542387, free_ts 86911608572 [ 281.935443][ T9299] post_alloc_hook+0x1c0/0x230 [ 281.940361][ T9299] get_page_from_freelist+0x132b/0x38e0 [ 281.946472][ T9299] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 281.952989][ T9299] alloc_pages_mpol+0x1fb/0x550 [ 281.957978][ T9299] new_slab+0x247/0x330 [ 281.962673][ T9299] ___slab_alloc+0xcf2/0x1750 [ 281.967461][ T9299] __slab_alloc.constprop.0+0x56/0xb0 [ 281.975294][ T9299] __kmalloc_noprof+0x2f2/0x510 [ 281.981419][ T9299] fib_create_info+0x53f/0x46b0 [ 281.986392][ T9299] fib_table_insert+0x177/0x1c40 [ 281.991899][ T9299] fib_magic+0x4d4/0x5c0 [ 281.996262][ T9299] fib_add_ifaddr+0x16d/0x580 [ 282.007858][ T9299] fib_inetaddr_event+0x147/0x270 [ 282.020780][ T9299] notifier_call_chain+0xb9/0x410 [ 282.026070][ T9299] blocking_notifier_call_chain+0x69/0xa0 [ 282.034262][ T9299] __inet_insert_ifa+0x925/0xcd0 [ 282.039339][ T9299] page last free pid 92 tgid 92 stack trace: [ 282.046587][ T9299] __free_frozen_pages+0x7d5/0x10f0 [ 282.060107][ T9299] qlist_free_all+0x4d/0x120 [ 282.072056][ T9299] kasan_quarantine_reduce+0x195/0x1e0 [ 282.091591][ T9299] __kasan_slab_alloc+0x69/0x90 [ 282.108891][ T9299] __kmalloc_cache_noprof+0x1f1/0x3e0 [ 282.134685][ T9299] nsim_fib_event_work+0x17f5/0x2e80 [ 282.140054][ T9299] process_one_work+0x9cf/0x1b70 [ 282.149725][ T9299] worker_thread+0x6c8/0xf10 [ 282.154799][ T9299] kthread+0x3c5/0x780 [ 282.158903][ T9299] ret_from_fork+0x56d/0x730 [ 282.163898][ T9299] ret_from_fork_asm+0x1a/0x30 [ 282.250363][ T9332] random: crng reseeded on system resumption [ 283.040881][ T9358] program syz.2.640 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 283.898700][ T9389] ptm ptm4: ldisc open failed (-12), clearing slot 4 [ 288.294054][ T9480] vivid-007: ================= START STATUS ================= [ 288.308816][ T9480] vivid-007: Enable Output Cropping: true [ 288.329537][ T9480] vivid-007: Enable Output Composing: true [ 288.368286][ T9480] vivid-007: Enable Output Scaler: true [ 288.453180][ T9480] vivid-007: Tx RGB Quantization Range: Automatic [ 288.529348][ T9480] vivid-007: Transmit Mode: HDMI [ 288.559812][ T9480] vivid-007: Hotplug Present: 0x00000000 [ 288.576496][ T9480] vivid-007: RxSense Present: 0x00000000 [ 288.620893][ T9480] vivid-007: EDID Present: 0x00000000 [ 288.626459][ T9480] vivid-007: ================== END STATUS ================== [ 289.202960][ T9510] random: crng reseeded on system resumption [ 289.922474][ T9530] snd_aloop snd_aloop.0: control 7:257:7::0 is already present [ 292.681655][ T9581] FAULT_INJECTION: forcing a failure. [ 292.681655][ T9581] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 292.746944][ T9581] CPU: 0 UID: 0 PID: 9581 Comm: syz.0.681 Not tainted syzkaller #0 PREEMPT(full) [ 292.746981][ T9581] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 292.746996][ T9581] Call Trace: [ 292.747006][ T9581] [ 292.747017][ T9581] dump_stack_lvl+0x16c/0x1f0 [ 292.747060][ T9581] should_fail_ex+0x512/0x640 [ 292.747104][ T9581] core_sys_select+0x4c5/0xc10 [ 292.747142][ T9581] ? __pfx_core_sys_select+0x10/0x10 [ 292.747209][ T9581] ? read_tsc+0x9/0x20 [ 292.747244][ T9581] ? ktime_get_ts64+0x256/0x400 [ 292.747286][ T9581] kern_select+0x15d/0x1e0 [ 292.747314][ T9581] ? __pfx_kern_select+0x10/0x10 [ 292.747347][ T9581] ? xfd_validate_state+0x61/0x180 [ 292.747381][ T9581] ? __pfx_ksys_write+0x10/0x10 [ 292.747417][ T9581] __x64_sys_select+0xbd/0x160 [ 292.747442][ T9581] ? do_syscall_64+0x91/0x4c0 [ 292.747479][ T9581] ? lockdep_hardirqs_on+0x7c/0x110 [ 292.747524][ T9581] do_syscall_64+0xcd/0x4c0 [ 292.747566][ T9581] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 292.747592][ T9581] RIP: 0033:0x7f658b98eec9 [ 292.747613][ T9581] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 292.747637][ T9581] RSP: 002b:00007f658c7da038 EFLAGS: 00000246 ORIG_RAX: 0000000000000017 [ 292.747661][ T9581] RAX: ffffffffffffffda RBX: 00007f658bbe5fa0 RCX: 00007f658b98eec9 [ 292.747679][ T9581] RDX: 00002000000005c0 RSI: 0000000000000000 RDI: 0000000000000005 [ 292.747694][ T9581] RBP: 00007f658ba11f91 R08: 00002000000001c0 R09: 0000000000000000 [ 292.747710][ T9581] R10: 00002000000006c0 R11: 0000000000000246 R12: 0000000000000000 [ 292.747726][ T9581] R13: 00007f658bbe6038 R14: 00007f658bbe5fa0 R15: 00007ffe9469c8e8 [ 292.747761][ T9581] [ 294.693745][ T9623] netlink: 28 bytes leftover after parsing attributes in process `syz.3.690'. [ 295.706274][ T9652] random: crng reseeded on system resumption [ 296.293190][ T9664] FAULT_INJECTION: forcing a failure. [ 296.293190][ T9664] name failslab, interval 1, probability 0, space 0, times 0 [ 296.370832][ T9664] CPU: 0 UID: 0 PID: 9664 Comm: syz.0.697 Not tainted syzkaller #0 PREEMPT(full) [ 296.370862][ T9664] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 296.370874][ T9664] Call Trace: [ 296.370882][ T9664] [ 296.370890][ T9664] dump_stack_lvl+0x16c/0x1f0 [ 296.370926][ T9664] should_fail_ex+0x512/0x640 [ 296.370957][ T9664] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 296.370986][ T9664] should_failslab+0xc2/0x120 [ 296.371013][ T9664] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 296.371040][ T9664] ? __ksm_enter+0x3c/0x620 [ 296.371066][ T9664] __ksm_enter+0x3c/0x620 [ 296.371094][ T9664] ksm_enable_merge_any+0xb1/0x110 [ 296.371118][ T9664] __do_sys_prctl+0x948/0x20e0 [ 296.371153][ T9664] ? __pfx___do_sys_prctl+0x10/0x10 [ 296.371194][ T9664] do_syscall_64+0xcd/0x4c0 [ 296.371228][ T9664] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 296.371250][ T9664] RIP: 0033:0x7f658b98eec9 [ 296.371266][ T9664] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 296.371286][ T9664] RSP: 002b:00007f658c777038 EFLAGS: 00000246 ORIG_RAX: 000000000000009d [ 296.371306][ T9664] RAX: ffffffffffffffda RBX: 00007f658bbe6270 RCX: 00007f658b98eec9 [ 296.371321][ T9664] RDX: 0000000000000000 RSI: 0000000000000017 RDI: 0000000000000043 [ 296.371333][ T9664] RBP: 00007f658c777090 R08: 0000000000000000 R09: 0000000000000000 [ 296.371346][ T9664] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 296.371359][ T9664] R13: 00007f658bbe6308 R14: 00007f658bbe6270 R15: 00007ffe9469c8e8 [ 296.371389][ T9664] [ 297.456660][ T5184] Bluetooth: hci2: unexpected event 0x3d length: 726 > 14 [ 298.106282][ T9717] random: crng reseeded on system resumption [ 298.497860][ T9726] random: crng reseeded on system resumption [ 298.950204][ T9733] FAULT_INJECTION: forcing a failure. [ 298.950204][ T9733] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 298.978721][ T9733] CPU: 1 UID: 0 PID: 9733 Comm: syz.2.713 Not tainted syzkaller #0 PREEMPT(full) [ 298.978753][ T9733] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 298.978764][ T9733] Call Trace: [ 298.978771][ T9733] [ 298.978779][ T9733] dump_stack_lvl+0x16c/0x1f0 [ 298.978815][ T9733] should_fail_ex+0x512/0x640 [ 298.978854][ T9733] _copy_to_user+0x32/0xd0 [ 298.978882][ T9733] simple_read_from_buffer+0xcb/0x170 [ 298.978909][ T9733] proc_fail_nth_read+0x197/0x240 [ 298.978936][ T9733] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 298.978961][ T9733] ? rw_verify_area+0xcf/0x6c0 [ 298.978984][ T9733] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 298.979011][ T9733] vfs_read+0x1e1/0xcf0 [ 298.979041][ T9733] ? __pfx___mutex_lock+0x10/0x10 [ 298.979076][ T9733] ? __pfx_vfs_read+0x10/0x10 [ 298.979113][ T9733] ? __fget_files+0x20e/0x3c0 [ 298.979151][ T9733] ksys_read+0x12a/0x250 [ 298.979179][ T9733] ? __pfx_ksys_read+0x10/0x10 [ 298.979217][ T9733] do_syscall_64+0xcd/0x4c0 [ 298.979255][ T9733] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 298.979279][ T9733] RIP: 0033:0x7f676558d8dc [ 298.979299][ T9733] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 298.979323][ T9733] RSP: 002b:00007f676633e030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 298.979343][ T9733] RAX: ffffffffffffffda RBX: 00007f67657e6270 RCX: 00007f676558d8dc [ 298.979358][ T9733] RDX: 000000000000000f RSI: 00007f676633e0a0 RDI: 0000000000000003 [ 298.979372][ T9733] RBP: 00007f676633e090 R08: 0000000000000000 R09: 0000000000000000 [ 298.979385][ T9733] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 298.979399][ T9733] R13: 00007f67657e6308 R14: 00007f67657e6270 R15: 00007ffd8640a338 [ 298.979431][ T9733] [ 299.460315][ T9746] random: crng reseeded on system resumption [ 300.443892][ T9764] netlink: 28 bytes leftover after parsing attributes in process `syz.2.721'. [ 302.647683][ T5184] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 303.688265][ T9838] netlink: 28 bytes leftover after parsing attributes in process `syz.1.740'. [ 304.678027][ T5184] Bluetooth: hci0: command 0x0c1a tx timeout [ 305.774384][ T5184] Bluetooth: hci3: unexpected event 0x04 length: 64 > 10 [ 305.774720][ T5184] Bluetooth: hci3: connection err: -111 [ 306.584890][ T9910] random: crng reseeded on system resumption [ 306.696782][ T5184] Bluetooth: hci3: unexpected event 0x3d length: 726 > 14 [ 306.698780][ T9912] blktrace: Concurrent blktraces are not allowed on loop12 [ 307.543105][ T9939] zswap: compressor not available [ 307.993056][ T9952] syz.2.764 (9952): /proc/9948/oom_adj is deprecated, please use /proc/9948/oom_score_adj instead. [ 312.590706][T10031] ICMPv6: process `syz.1.779' is using deprecated sysctl (syscall) net.ipv6.neigh.ipvlan1.retrans_time - use net.ipv6.neigh.ipvlan1.retrans_time_ms instead [ 314.839324][ T5184] Bluetooth: hci2: unexpected event 0x3d length: 726 > 14 [ 315.936607][T10088] FAULT_INJECTION: forcing a failure. [ 315.936607][T10088] name failslab, interval 1, probability 0, space 0, times 0 [ 315.978504][T10090] binder: 10089:10090 ioctl 400c620e 0 returned -22 [ 316.133649][T10088] CPU: 0 UID: 0 PID: 10088 Comm: syz.0.787 Not tainted syzkaller #0 PREEMPT(full) [ 316.133686][T10088] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 316.133702][T10088] Call Trace: [ 316.133711][T10088] [ 316.133722][T10088] dump_stack_lvl+0x16c/0x1f0 [ 316.133767][T10088] should_fail_ex+0x512/0x640 [ 316.133806][T10088] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 316.133841][T10088] should_failslab+0xc2/0x120 [ 316.133881][T10088] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 316.133915][T10088] ? sk_prot_alloc+0x60/0x2a0 [ 316.133948][T10088] sk_prot_alloc+0x60/0x2a0 [ 316.133977][T10088] sk_alloc+0x36/0xc20 [ 316.134014][T10088] unix_create1+0xa6/0x700 [ 316.134054][T10088] unix_create+0x110/0x270 [ 316.134092][T10088] __sock_create+0x338/0x8d0 [ 316.134128][T10088] __sys_socketpair+0x25c/0x5a0 [ 316.134162][T10088] ? __pfx___sys_socketpair+0x10/0x10 [ 316.134198][T10088] ? xfd_validate_state+0x61/0x180 [ 316.134242][T10088] __x64_sys_socketpair+0x96/0x100 [ 316.134272][T10088] ? lockdep_hardirqs_on+0x7c/0x110 [ 316.134309][T10088] do_syscall_64+0xcd/0x4c0 [ 316.134349][T10088] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 316.134375][T10088] RIP: 0033:0x7f658b98eec9 [ 316.134404][T10088] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 316.134430][T10088] RSP: 002b:00007f658c7b9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000035 [ 316.134456][T10088] RAX: ffffffffffffffda RBX: 00007f658bbe6090 RCX: 00007f658b98eec9 [ 316.134478][T10088] RDX: 8000000000000000 RSI: 0000000000000005 RDI: 0000000000000001 [ 316.134494][T10088] RBP: 00007f658ba11f91 R08: 0000000000000000 R09: 0000000000000000 [ 316.134515][T10088] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 316.134530][T10088] R13: 00007f658bbe6128 R14: 00007f658bbe6090 R15: 00007ffe9469c8e8 [ 316.134572][T10088] [ 316.715844][T10096] ima: policy update failed [ 316.721944][ T30] audit: type=1802 audit(41987.392:5): pid=10096 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.1.790" res=0 errno=0 [ 316.833420][T10118] FAULT_INJECTION: forcing a failure. [ 316.833420][T10118] name failslab, interval 1, probability 0, space 0, times 0 [ 316.846420][T10118] CPU: 1 UID: 0 PID: 10118 Comm: syz.2.793 Not tainted syzkaller #0 PREEMPT(full) [ 316.846448][T10118] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 316.846457][T10118] Call Trace: [ 316.846464][T10118] [ 316.846470][T10118] dump_stack_lvl+0x16c/0x1f0 [ 316.846497][T10118] should_fail_ex+0x512/0x640 [ 316.846519][T10118] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 316.846539][T10118] should_failslab+0xc2/0x120 [ 316.846566][T10118] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 316.846584][T10118] ? sock_alloc_inode+0x25/0x1c0 [ 316.846601][T10118] ? __pfx_sock_alloc_inode+0x10/0x10 [ 316.846614][T10118] sock_alloc_inode+0x25/0x1c0 [ 316.846627][T10118] alloc_inode+0x61/0x240 [ 316.846647][T10118] sock_alloc+0x40/0x280 [ 316.846661][T10118] __sock_create+0xc1/0x8d0 [ 316.846680][T10118] __sys_socket+0x14d/0x260 [ 316.846697][T10118] ? __pfx___sys_socket+0x10/0x10 [ 316.846713][T10118] ? xfd_validate_state+0x61/0x180 [ 316.846732][T10118] ? __pfx_do_writev+0x10/0x10 [ 316.846750][T10118] __x64_sys_socket+0x72/0xb0 [ 316.846766][T10118] ? lockdep_hardirqs_on+0x7c/0x110 [ 316.846786][T10118] do_syscall_64+0xcd/0x4c0 [ 316.846808][T10118] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 316.846822][T10118] RIP: 0033:0x7f676558eec9 [ 316.846834][T10118] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 316.846847][T10118] RSP: 002b:00007f67663a1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 316.846861][T10118] RAX: ffffffffffffffda RBX: 00007f67657e5fa0 RCX: 00007f676558eec9 [ 316.846870][T10118] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000002 [ 316.846878][T10118] RBP: 00007f6765611f91 R08: 0000000000000000 R09: 0000000000000000 [ 316.846886][T10118] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 316.846894][T10118] R13: 00007f67657e6038 R14: 00007f67657e5fa0 R15: 00007ffd8640a338 [ 316.846913][T10118] [ 316.846922][T10118] socket: no more sockets [ 317.143805][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.150187][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.202581][T10123] random: crng reseeded on system resumption [ 317.226343][T10123] blktrace: Concurrent blktraces are not allowed on loop12 [ 317.234806][ T5184] Bluetooth: hci1: unexpected event 0x3d length: 726 > 14 [ 319.708952][T10170] program syz.1.806 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 320.277999][T10186] sctp: [Deprecated]: syz.3.808 (pid 10186) Use of struct sctp_assoc_value in delayed_ack socket option. [ 320.277999][T10186] Use struct sctp_sack_info instead [ 323.685776][T10290] __vm_enough_memory: pid: 10290, comm: syz.0.836, bytes: 4398046511104 not enough memory for the allocation [ 324.704963][T10315] netlink: 4 bytes leftover after parsing attributes in process `syz.1.839'. [ 325.980431][T10354] random: crng reseeded on system resumption [ 326.266186][T10354] blktrace: Concurrent blktraces are not allowed on loop12 [ 326.273623][ T5184] Bluetooth: hci1: unexpected event 0x3d length: 726 > 14 [ 327.105285][T10319] FAULT_INJECTION: forcing a failure. [ 327.105285][T10319] name fail_futex, interval 1, probability 0, space 0, times 0 [ 327.164421][T10319] CPU: 0 UID: 0 PID: 10319 Comm: syz.0.840 Not tainted syzkaller #0 PREEMPT(full) [ 327.164455][T10319] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 327.164469][T10319] Call Trace: [ 327.164477][T10319] [ 327.164485][T10319] dump_stack_lvl+0x16c/0x1f0 [ 327.164524][T10319] should_fail_ex+0x512/0x640 [ 327.164564][T10319] get_futex_key+0x293/0x1560 [ 327.164598][T10319] ? __pfx_get_futex_key+0x10/0x10 [ 327.164627][T10319] ? __mutex_trylock_common+0xe9/0x250 [ 327.164669][T10319] futex_wake+0xea/0x530 [ 327.164706][T10319] ? __pfx_futex_wake+0x10/0x10 [ 327.164757][T10319] do_futex+0x1e3/0x350 [ 327.164787][T10319] ? __pfx_do_futex+0x10/0x10 [ 327.164814][T10319] ? __might_fault+0xe3/0x190 [ 327.164852][T10319] mm_release+0x24e/0x300 [ 327.164881][T10319] do_exit+0x68e/0x2bf0 [ 327.164919][T10319] ? __pfx_do_exit+0x10/0x10 [ 327.164950][T10319] ? do_raw_spin_lock+0x12c/0x2b0 [ 327.164984][T10319] ? find_held_lock+0x2b/0x80 [ 327.165014][T10319] do_group_exit+0xd3/0x2a0 [ 327.165049][T10319] get_signal+0x2673/0x26d0 [ 327.165090][T10319] ? __pfx_get_signal+0x10/0x10 [ 327.165117][T10319] ? do_futex+0x122/0x350 [ 327.165147][T10319] ? __pfx_do_futex+0x10/0x10 [ 327.165187][T10319] arch_do_signal_or_restart+0x8f/0x790 [ 327.165221][T10319] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 327.165262][T10319] ? xfd_validate_state+0x61/0x180 [ 327.165295][T10319] ? __pfx_ksys_write+0x10/0x10 [ 327.165331][T10319] exit_to_user_mode_loop+0x84/0x110 [ 327.165367][T10319] do_syscall_64+0x41c/0x4c0 [ 327.165406][T10319] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 327.165430][T10319] RIP: 0033:0x7f658b98eec9 [ 327.165450][T10319] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 327.165474][T10319] RSP: 002b:00007f658c7da0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 327.165497][T10319] RAX: fffffffffffffe00 RBX: 00007f658bbe5fa8 RCX: 00007f658b98eec9 [ 327.165514][T10319] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f658bbe5fa8 [ 327.165530][T10319] RBP: 00007f658bbe5fa0 R08: 0000000000000000 R09: 0000000000000000 [ 327.165544][T10319] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 327.165558][T10319] R13: 00007f658bbe6038 R14: 00007ffe9469c800 R15: 00007ffe9469c8e8 [ 327.165592][T10319] [ 328.554420][T10378] random: crng reseeded on system resumption [ 329.017192][T10383] netlink: 25 bytes leftover after parsing attributes in process `syz.1.857'. [ 334.278943][T10467] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 334.289958][ T30] audit: type=1800 audit(4295009300.951:6): pid=10467 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.873" name="dbroot" dev="configfs" ino=27973 res=0 errno=0 [ 335.274331][T10479] FAULT_INJECTION: forcing a failure. [ 335.274331][T10479] name failslab, interval 1, probability 0, space 0, times 0 [ 335.317109][T10479] CPU: 0 UID: 0 PID: 10479 Comm: syz.1.877 Not tainted syzkaller #0 PREEMPT(full) [ 335.317147][T10479] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 335.317164][T10479] Call Trace: [ 335.317173][T10479] [ 335.317183][T10479] dump_stack_lvl+0x16c/0x1f0 [ 335.317228][T10479] should_fail_ex+0x512/0x640 [ 335.317267][T10479] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 335.317302][T10479] should_failslab+0xc2/0x120 [ 335.317332][T10479] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 335.317360][T10479] ? mqueue_alloc_inode+0x25/0x50 [ 335.317386][T10479] ? __pfx_mqueue_alloc_inode+0x10/0x10 [ 335.317406][T10479] mqueue_alloc_inode+0x25/0x50 [ 335.317426][T10479] alloc_inode+0x61/0x240 [ 335.317457][T10479] new_inode+0x22/0x1c0 [ 335.317491][T10479] mqueue_get_inode+0x2e/0xdd0 [ 335.317520][T10479] mqueue_create_attr+0x261/0x440 [ 335.317550][T10479] vfs_mkobj+0x3db/0x620 [ 335.317573][T10479] ? __pfx_mqueue_create_attr+0x10/0x10 [ 335.317600][T10479] do_mq_open+0x71e/0x8c0 [ 335.317629][T10479] ? __pfx_do_mq_open+0x10/0x10 [ 335.317661][T10479] __x64_sys_mq_open+0x155/0x1e0 [ 335.317685][T10479] ? __pfx___x64_sys_mq_open+0x10/0x10 [ 335.317725][T10479] do_syscall_64+0xcd/0x4c0 [ 335.317763][T10479] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 335.317786][T10479] RIP: 0033:0x7fe7e298eec9 [ 335.317807][T10479] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 335.317832][T10479] RSP: 002b:00007fe7e37f6038 EFLAGS: 00000246 ORIG_RAX: 00000000000000f0 [ 335.317856][T10479] RAX: ffffffffffffffda RBX: 00007fe7e2be5fa0 RCX: 00007fe7e298eec9 [ 335.317872][T10479] RDX: 000000000000b9fb RSI: 00000000000061df RDI: 0000200000000040 [ 335.317884][T10479] RBP: 00007fe7e2a11f91 R08: 0000000000000000 R09: 0000000000000000 [ 335.317909][T10479] R10: 0000200000000080 R11: 0000000000000246 R12: 0000000000000000 [ 335.317925][T10479] R13: 00007fe7e2be6038 R14: 00007fe7e2be5fa0 R15: 00007ffe8499f908 [ 335.317962][T10479] [ 336.008050][T10504] netlink: 8 bytes leftover after parsing attributes in process `syz.1.882'. [ 337.098050][ T30] audit: type=1800 audit(4295009303.772:7): pid=10522 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.888" name="SYSV00000008" dev="tmpfs" ino=0 res=0 errno=0 [ 337.840532][T10532] sg_write: data in/out 3292/1 bytes for SCSI command 0xa3-- guessing data in; [ 337.840532][T10532] program syz.0.891 not setting count and/or reply_len properly [ 338.133793][T10534] netlink: 338 bytes leftover after parsing attributes in process `syz.0.891'. [ 338.306104][T10540] netlink: set zone limit has 8 unknown bytes [ 338.563890][T10542] netlink: 338 bytes leftover after parsing attributes in process `syz.0.891'. [ 338.579051][T10534] netlink: 290 bytes leftover after parsing attributes in process `syz.0.891'. [ 338.591901][T10535] netlink: 290 bytes leftover after parsing attributes in process `syz.0.891'. [ 338.679070][T10551] random: crng reseeded on system resumption [ 338.688802][T10545] netlink: 139 bytes leftover after parsing attributes in process `syz.3.894'. [ 339.197918][T10560] HfR: entered promiscuous mode [ 340.122740][ T5184] Bluetooth: hci2: unexpected event 0x3d length: 726 > 14 [ 340.965122][T10596] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 340.989858][T10596] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 341.003342][T10596] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 341.012480][T10596] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 341.057882][T10596] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 341.625312][T10598] FAULT_INJECTION: forcing a failure. [ 341.625312][T10598] name failslab, interval 1, probability 0, space 0, times 0 [ 341.679865][ T5184] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18 [ 341.696748][T10598] CPU: 1 UID: 0 PID: 10598 Comm: syz.0.903 Not tainted syzkaller #0 PREEMPT(full) [ 341.696783][T10598] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 341.696800][T10598] Call Trace: [ 341.696809][T10598] [ 341.696819][T10598] dump_stack_lvl+0x16c/0x1f0 [ 341.696863][T10598] should_fail_ex+0x512/0x640 [ 341.696901][T10598] ? fs_reclaim_acquire+0xae/0x150 [ 341.696942][T10598] should_failslab+0xc2/0x120 [ 341.696977][T10598] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 341.697009][T10598] ? security_inode_alloc+0x3b/0x2b0 [ 341.697045][T10598] security_inode_alloc+0x3b/0x2b0 [ 341.697080][T10598] inode_init_always_gfp+0xce4/0x1030 [ 341.697113][T10598] alloc_inode+0x86/0x240 [ 341.697192][T10598] sock_alloc+0x40/0x280 [ 341.697218][T10598] __sock_create+0xc1/0x8d0 [ 341.697251][T10598] __sys_socket+0x14d/0x260 [ 341.697281][T10598] ? __pfx___sys_socket+0x10/0x10 [ 341.697311][T10598] ? xfd_validate_state+0x61/0x180 [ 341.697345][T10598] ? __pfx_do_writev+0x10/0x10 [ 341.697379][T10598] __x64_sys_socket+0x72/0xb0 [ 341.697408][T10598] ? lockdep_hardirqs_on+0x7c/0x110 [ 341.697444][T10598] do_syscall_64+0xcd/0x4c0 [ 341.697484][T10598] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 341.697510][T10598] RIP: 0033:0x7f658b98eec9 [ 341.697532][T10598] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 341.697557][T10598] RSP: 002b:00007f658c777038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 341.697581][T10598] RAX: ffffffffffffffda RBX: 00007f658bbe6270 RCX: 00007f658b98eec9 [ 341.697599][T10598] RDX: 0000000000000010 RSI: 0000000000000003 RDI: 0000000000000010 [ 341.697615][T10598] RBP: 00007f658ba11f91 R08: 0000000000000000 R09: 0000000000000000 [ 341.697630][T10598] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 341.697646][T10598] R13: 00007f658bbe6308 R14: 00007f658bbe6270 R15: 00007ffe9469c8e8 [ 341.697681][T10598] [ 342.025973][T10598] socket: no more sockets [ 342.743633][ T5184] Bluetooth: hci2: unexpected event 0x3d length: 726 > 14 [ 343.046708][ T5184] Bluetooth: hci0: command 0x0c1a tx timeout [ 343.061940][ T5870] Bluetooth: hci2: command 0x0c1a tx timeout [ 343.061959][ T5867] Bluetooth: hci1: command 0x0c1a tx timeout [ 343.126579][ T5867] Bluetooth: hci3: command 0x0c1a tx timeout [ 345.125588][ T5867] Bluetooth: hci0: command 0x0c1a tx timeout [ 345.131696][ T5867] Bluetooth: hci2: command 0x0c1a tx timeout [ 346.404165][T10678] netlink: 12 bytes leftover after parsing attributes in process `syz.1.920'. [ 346.413941][T10678] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 348.613169][T10748] blktrace: Concurrent blktraces are not allowed on loop12 [ 348.732351][ T5867] Bluetooth: hci2: unexpected event 0x3d length: 726 > 14 [ 349.012161][T10765] random: crng reseeded on system resumption [ 349.581207][ T5867] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 351.077136][ T5867] Bluetooth: hci2: unexpected event 0x3d length: 726 > 14                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              getty: ttyS0: read error: Resource temporarily unavailable [ 402.294990][T12787] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88807fe06e00 pfn:0x7fe06 [ 402.325161][T12787] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 402.369030][T12806] netlink: 334 bytes leftover after parsing attributes in process `syz.1.1145'. [ 402.385953][T12787] flags: 0xfff00000000240(workingset|head|node=0|zone=1|lastcpupid=0x7ff) [ 402.458052][T12787] page_type: f5(slab) [ 402.462212][T12787] raw: 00fff00000000240 ffff88801b841b40 ffffea00019c0f90 ffffea0000a7ba10 [ 402.471273][T12787] raw: ffff88807fe06e00 000000000010000d 00000000f5000000 0000000000000000 [ 402.504024][T12787] head: 00fff00000000240 ffff88801b841b40 ffffea00019c0f90 ffffea0000a7ba10 [ 402.561745][T12787] head: ffff88807fe06e00 000000000010000d 00000000f5000000 0000000000000000 [ 402.624091][T12787] head: 00fff00000000001 ffffea0001ff8181 00000000ffffffff 00000000ffffffff [ 402.659089][T12787] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 402.668051][T12787] page dumped because: unmovable page [ 402.673726][T12787] page_owner tracks the page as allocated [ 402.681409][T12787] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5863, tgid 5863 (syz-executor), ts 86973542387, free_ts 86911608572 [ 402.702850][ C1] vkms_vblank_simulate: vblank timer overrun [ 402.716168][T12787] post_alloc_hook+0x1c0/0x230 [ 402.722235][T12787] get_page_from_freelist+0x132b/0x38e0 [ 402.727999][T12787] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 402.734301][T12787] alloc_pages_mpol+0x1fb/0x550 [ 402.739393][T12787] new_slab+0x247/0x330 [ 402.743770][T12787] ___slab_alloc+0xcf2/0x1750 [ 402.748689][T12787] __slab_alloc.constprop.0+0x56/0xb0 [ 402.754287][T12787] __kmalloc_noprof+0x2f2/0x510 [ 402.759332][T12787] fib_create_info+0x53f/0x46b0 [ 402.792717][T12787] fib_table_insert+0x177/0x1c40 [ 402.830288][T12787] fib_magic+0x4d4/0x5c0 [ 402.872823][T12787] fib_add_ifaddr+0x16d/0x580 [ 402.895768][T12787] fib_inetaddr_event+0x147/0x270 [ 402.900862][T12787] notifier_call_chain+0xb9/0x410 [ 402.916995][T12787] blocking_notifier_call_chain+0x69/0xa0 [ 402.949777][T12787] __inet_insert_ifa+0x925/0xcd0 [ 402.991637][T12787] page last free pid 92 tgid 92 stack trace: [ 403.079704][T12787] __free_frozen_pages+0x7d5/0x10f0 [ 403.149327][T12787] qlist_free_all+0x4d/0x120 [ 403.174639][T12787] kasan_quarantine_reduce+0x195/0x1e0 [ 403.180167][T12787] __kasan_slab_alloc+0x69/0x90 [ 403.247299][T12787] __kmalloc_cache_noprof+0x1f1/0x3e0 [ 403.275837][T12787] nsim_fib_event_work+0x17f5/0x2e80 [ 403.332143][T12787] process_one_work+0x9cf/0x1b70 [ 403.337920][T12787] worker_thread+0x6c8/0xf10 [ 403.352393][T12787] kthread+0x3c5/0x780 [ 403.356527][T12787] ret_from_fork+0x56d/0x730 [ 403.361151][T12787] ret_from_fork_asm+0x1a/0x30 [ 405.497250][T12922] can0: slcan on ttyS2. [ 405.812909][T12926] can0 (unregistered): slcan off ttyS2. [ 406.520537][T12971] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 408.017494][T13054] random: crng reseeded on system resumption [ 408.189401][ T5867] Bluetooth: hci3: unexpected event 0x3d length: 726 > 14 [ 408.298171][T13054] FAULT_INJECTION: forcing a failure. [ 408.298171][T13054] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 408.320424][T13054] CPU: 0 UID: 0 PID: 13054 Comm: syz.2.1172 Not tainted syzkaller #0 PREEMPT(full) [ 408.320458][T13054] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 408.320475][T13054] Call Trace: [ 408.320483][T13054] [ 408.320492][T13054] dump_stack_lvl+0x16c/0x1f0 [ 408.320536][T13054] should_fail_ex+0x512/0x640 [ 408.320581][T13054] should_fail_alloc_page+0xe7/0x130 [ 408.320619][T13054] prepare_alloc_pages+0x3c2/0x610 [ 408.320660][T13054] ? rcu_is_watching+0x12/0xc0 [ 408.320692][T13054] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 408.320741][T13054] ? trace_sched_exit_tp+0xd1/0x120 [ 408.320781][T13054] ? __schedule+0x11a3/0x5de0 [ 408.320821][T13054] ? __lock_acquire+0x62e/0x1ce0 [ 408.320859][T13054] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 408.320906][T13054] ? __pfx___schedule+0x10/0x10 [ 408.320953][T13054] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 408.320992][T13054] ? policy_nodemask+0xea/0x4e0 [ 408.321024][T13054] alloc_pages_mpol+0x1fb/0x550 [ 408.321057][T13054] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 408.321092][T13054] ? alloc_pages_noprof+0x9c/0x390 [ 408.321128][T13054] alloc_pages_noprof+0x131/0x390 [ 408.321162][T13054] relay_open_buf.part.0+0x25d/0xc30 [ 408.321205][T13054] relay_open+0x653/0xad0 [ 408.321236][T13054] ? debugfs_create_file_full+0x41/0x60 [ 408.321271][T13054] do_blk_trace_setup+0x4c5/0xb00 [ 408.321303][T13054] blk_trace_setup+0xed/0x1b0 [ 408.321327][T13054] ? __pfx_blk_trace_setup+0x10/0x10 [ 408.321352][T13054] ? __pfx_snprintf+0x10/0x10 [ 408.321396][T13054] ? do_vfs_ioctl+0x128/0x14f0 [ 408.321437][T13054] blk_trace_ioctl+0x146/0x280 [ 408.321466][T13054] ? __pfx_blk_trace_ioctl+0x10/0x10 [ 408.321499][T13054] ? find_held_lock+0x2b/0x80 [ 408.321524][T13054] ? hook_file_ioctl_common+0x145/0x410 [ 408.321560][T13054] blkdev_ioctl+0x108/0x6d0 [ 408.321591][T13054] ? __pfx_blkdev_ioctl+0x10/0x10 [ 408.321627][T13054] ? __pfx_blkdev_ioctl+0x10/0x10 [ 408.321661][T13054] __x64_sys_ioctl+0x18b/0x210 [ 408.321702][T13054] do_syscall_64+0xcd/0x4c0 [ 408.321743][T13054] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 408.321769][T13054] RIP: 0033:0x7f676558eec9 [ 408.321790][T13054] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 408.321813][T13054] RSP: 002b:00007f67663a1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 408.321838][T13054] RAX: ffffffffffffffda RBX: 00007f67657e5fa0 RCX: 00007f676558eec9 [ 408.321855][T13054] RDX: 0000200000000240 RSI: 00000000c0481273 RDI: 0000000000000009 [ 408.321878][T13054] RBP: 00007f6765611f91 R08: 0000000000000000 R09: 0000000000000000 [ 408.321894][T13054] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 408.321909][T13054] R13: 00007f67657e6038 R14: 00007f67657e5fa0 R15: 00007ffd8640a338 [ 408.321946][T13054] [ 408.675228][T13069] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate. [ 408.926389][T13069] ptp ptp0: only physical clock in use now [ 409.107287][T13105] random: crng reseeded on system resumption [ 409.136369][ T5867] Bluetooth: hci1: unexpected event 0x3d length: 726 > 14 [ 409.212101][T13105] FAULT_INJECTION: forcing a failure. [ 409.212101][T13105] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 409.359805][T13105] CPU: 0 UID: 0 PID: 13105 Comm: syz.1.1174 Not tainted syzkaller #0 PREEMPT(full) [ 409.359842][T13105] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 409.359858][T13105] Call Trace: [ 409.359866][T13105] [ 409.359876][T13105] dump_stack_lvl+0x16c/0x1f0 [ 409.359921][T13105] should_fail_ex+0x512/0x640 [ 409.359961][T13105] should_fail_alloc_page+0xe7/0x130 [ 409.360007][T13105] prepare_alloc_pages+0x3c2/0x610 [ 409.360043][T13105] ? rcu_is_watching+0x12/0xc0 [ 409.360072][T13105] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 409.360106][T13105] ? __pfx_stack_trace_save+0x10/0x10 [ 409.360140][T13105] ? __lock_acquire+0x62e/0x1ce0 [ 409.360177][T13105] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 409.360208][T13105] ? blk_trace_setup+0xed/0x1b0 [ 409.360246][T13105] ? rcu_read_unlock+0x17/0x60 [ 409.360282][T13105] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 409.360322][T13105] ? policy_nodemask+0xea/0x4e0 [ 409.360355][T13105] alloc_pages_mpol+0x1fb/0x550 [ 409.360384][T13105] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 409.360415][T13105] ? trace_kmalloc+0x2b/0xd0 [ 409.360446][T13105] ? __kvmalloc_node_noprof.cold+0x60/0x65 [ 409.360482][T13105] ? trace_kmalloc+0x2b/0xd0 [ 409.360512][T13105] ? __kmalloc_noprof.cold+0x5c/0x61 [ 409.360552][T13105] alloc_pages_noprof+0x131/0x390 [ 409.360586][T13105] relay_open_buf.part.0+0x25d/0xc30 [ 409.360630][T13105] relay_open+0x653/0xad0 [ 409.360664][T13105] ? debugfs_create_file_full+0x41/0x60 [ 409.360699][T13105] do_blk_trace_setup+0x4c5/0xb00 [ 409.360730][T13105] blk_trace_setup+0xed/0x1b0 [ 409.360756][T13105] ? __pfx_blk_trace_setup+0x10/0x10 [ 409.360781][T13105] ? __pfx_snprintf+0x10/0x10 [ 409.360827][T13105] ? do_vfs_ioctl+0x128/0x14f0 [ 409.360869][T13105] blk_trace_ioctl+0x146/0x280 [ 409.360898][T13105] ? __pfx_blk_trace_ioctl+0x10/0x10 [ 409.360930][T13105] ? find_held_lock+0x2b/0x80 [ 409.360951][T13105] ? hook_file_ioctl_common+0x145/0x410 [ 409.360993][T13105] blkdev_ioctl+0x108/0x6d0 [ 409.361025][T13105] ? __pfx_blkdev_ioctl+0x10/0x10 [ 409.361058][T13105] ? __pfx_blkdev_ioctl+0x10/0x10 [ 409.361090][T13105] __x64_sys_ioctl+0x18b/0x210 [ 409.361130][T13105] do_syscall_64+0xcd/0x4c0 [ 409.361170][T13105] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 409.361195][T13105] RIP: 0033:0x7fe7e298eec9 [ 409.361216][T13105] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 409.361242][T13105] RSP: 002b:00007fe7e37f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 409.361266][T13105] RAX: ffffffffffffffda RBX: 00007fe7e2be5fa0 RCX: 00007fe7e298eec9 [ 409.361283][T13105] RDX: 0000200000000240 RSI: 00000000c0481273 RDI: 0000000000000009 [ 409.361300][T13105] RBP: 00007fe7e2a11f91 R08: 0000000000000000 R09: 0000000000000000 [ 409.361315][T13105] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 409.361329][T13105] R13: 00007fe7e2be6038 R14: 00007fe7e2be5fa0 R15: 00007ffe8499f908 [ 409.361364][T13105] [ 410.670611][T13146] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1182'. [ 411.824059][T13238] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input15 syzkaller syzkaller login: [ 413.759756][T13292] sg_write: data in/out 3292/1 bytes for SCSI command 0xa3-- guessing data in; [ 413.759756][T13292] program syz.0.1194 not setting count and/or reply_len properly [ 414.500465][T13293] netlink: 338 bytes leftover after parsing attributes in process `syz.0.1194'. [ 414.584397][T13310] : entered promiscuous mode [ 414.677812][T13293] netlink: 338 bytes leftover after parsing attributes in process `syz.0.1194'. [ 414.787855][T13293] netlink: 290 bytes leftover after parsing attributes in process `syz.0.1194'. [ 414.889952][T13293] netlink: 290 bytes leftover after parsing attributes in process `syz.0.1194'. [ 416.095407][T13376] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1205'. [ 416.268284][T13373] netlink: 93 bytes leftover after parsing attributes in process `syz.2.1205'. [ 416.654227][T13392] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1207'. [ 416.786659][T13392] hsr_slave_0: left promiscuous mode [ 416.816754][T13392] hsr_slave_1: left promiscuous mode [ 416.856378][T13386] overlayfs: "check_copy_up" module option is obsolete [ 417.115480][T13403] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 417.859065][T13402] netlink: 268 bytes leftover after parsing attributes in process `syz.2.1208'. [ 419.032717][T13471] netlink: 'syz.3.1216': attribute type 1 has an invalid length. [ 419.808769][T13535] random: crng reseeded on system resumption [ 419.832698][ T5867] Bluetooth: hci3: unexpected event 0x3d length: 726 > 14 [ 419.887648][T13535] FAULT_INJECTION: forcing a failure. [ 419.887648][T13535] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 419.942231][T13535] CPU: 0 UID: 0 PID: 13535 Comm: syz.2.1221 Not tainted syzkaller #0 PREEMPT(full) [ 419.942267][T13535] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 419.942282][T13535] Call Trace: [ 419.942289][T13535] [ 419.942297][T13535] dump_stack_lvl+0x16c/0x1f0 [ 419.942340][T13535] should_fail_ex+0x512/0x640 [ 419.942381][T13535] should_fail_alloc_page+0xe7/0x130 [ 419.942418][T13535] prepare_alloc_pages+0x3c2/0x610 [ 419.942456][T13535] ? rcu_is_watching+0x12/0xc0 [ 419.942486][T13535] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 419.942521][T13535] ? __pfx_stack_trace_save+0x10/0x10 [ 419.942556][T13535] ? __lock_acquire+0x62e/0x1ce0 [ 419.942599][T13535] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 419.942633][T13535] ? blk_trace_setup+0xed/0x1b0 [ 419.942673][T13535] ? rcu_read_unlock+0x17/0x60 [ 419.942719][T13535] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 419.942761][T13535] ? policy_nodemask+0xea/0x4e0 [ 419.942798][T13535] alloc_pages_mpol+0x1fb/0x550 [ 419.942833][T13535] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 419.942865][T13535] ? trace_kmalloc+0x2b/0xd0 [ 419.942897][T13535] ? __kvmalloc_node_noprof.cold+0x60/0x65 [ 419.942934][T13535] ? trace_kmalloc+0x2b/0xd0 [ 419.942966][T13535] ? __kmalloc_noprof.cold+0x5c/0x61 [ 419.943003][T13535] alloc_pages_noprof+0x131/0x390 [ 419.943034][T13535] relay_open_buf.part.0+0x25d/0xc30 [ 419.943070][T13535] relay_open+0x653/0xad0 [ 419.943099][T13535] ? debugfs_create_file_full+0x41/0x60 [ 419.943131][T13535] do_blk_trace_setup+0x4c5/0xb00 [ 419.943163][T13535] blk_trace_setup+0xed/0x1b0 [ 419.943190][T13535] ? __pfx_blk_trace_setup+0x10/0x10 [ 419.943213][T13535] ? __pfx_snprintf+0x10/0x10 [ 419.943252][T13535] ? do_vfs_ioctl+0x128/0x14f0 [ 419.943296][T13535] blk_trace_ioctl+0x146/0x280 [ 419.943325][T13535] ? __pfx_blk_trace_ioctl+0x10/0x10 [ 419.943358][T13535] ? find_held_lock+0x2b/0x80 [ 419.943382][T13535] ? hook_file_ioctl_common+0x145/0x410 [ 419.943419][T13535] blkdev_ioctl+0x108/0x6d0 [ 419.943450][T13535] ? __pfx_blkdev_ioctl+0x10/0x10 [ 419.943485][T13535] ? __pfx_blkdev_ioctl+0x10/0x10 [ 419.943515][T13535] __x64_sys_ioctl+0x18b/0x210 [ 419.943557][T13535] do_syscall_64+0xcd/0x4c0 [ 419.943592][T13535] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 419.943617][T13535] RIP: 0033:0x7f676558eec9 [ 419.943637][T13535] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 419.943661][T13535] RSP: 002b:00007f67663a1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 419.943685][T13535] RAX: ffffffffffffffda RBX: 00007f67657e5fa0 RCX: 00007f676558eec9 [ 419.943712][T13535] RDX: 0000200000000240 RSI: 00000000c0481273 RDI: 0000000000000009 [ 419.943728][T13535] RBP: 00007f6765611f91 R08: 0000000000000000 R09: 0000000000000000 [ 419.943745][T13535] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 419.943761][T13535] R13: 00007f67657e6038 R14: 00007f67657e5fa0 R15: 00007ffd8640a338 [ 419.943797][T13535] [ 420.085028][T13538] netlink: set zone limit has 8 unknown bytes [ 420.136815][T13541] netlink: set zone limit has 8 unknown bytes [ 420.583355][T13562] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1227'. [ 420.613766][T13562] veth1_macvtap: left promiscuous mode [ 420.980838][ T5867] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18 [ 420.989323][ T5867] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:0' [ 421.000250][ T5867] CPU: 0 UID: 0 PID: 5867 Comm: kworker/u9:2 Not tainted syzkaller #0 PREEMPT(full) [ 421.000287][ T5867] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 421.000305][ T5867] Workqueue: hci2 hci_rx_work [ 421.000344][ T5867] Call Trace: [ 421.000353][ T5867] [ 421.000364][ T5867] dump_stack_lvl+0x16c/0x1f0 [ 421.000405][ T5867] sysfs_warn_dup+0x7f/0xa0 [ 421.000438][ T5867] sysfs_create_dir_ns+0x24b/0x2b0 [ 421.000470][ T5867] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 421.000501][ T5867] ? find_held_lock+0x2b/0x80 [ 421.000544][ T5867] ? do_raw_spin_unlock+0x172/0x230 [ 421.000588][ T5867] kobject_add_internal+0x2c4/0x9b0 [ 421.000621][ T5867] kobject_add+0x16e/0x240 [ 421.000648][ T5867] ? __pfx_kobject_add+0x10/0x10 [ 421.000676][ T5867] ? do_raw_spin_unlock+0x172/0x230 [ 421.000715][ T5867] ? kobject_put+0xab/0x5a0 [ 421.000750][ T5867] device_add+0x288/0x1aa0 [ 421.000779][ T5867] ? __pfx_dev_set_name+0x10/0x10 [ 421.000809][ T5867] ? __pfx_device_add+0x10/0x10 [ 421.000837][ T5867] ? mgmt_send_event_skb+0x2fb/0x460 [ 421.000880][ T5867] hci_conn_add_sysfs+0x17e/0x230 [ 421.000918][ T5867] le_conn_complete_evt+0x1075/0x1d70 [ 421.000948][ T5867] ? preempt_count_sub+0x130/0x160 [ 421.000980][ T5867] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 421.001010][ T5867] ? bt_warn+0xe4/0x120 [ 421.001036][ T5867] ? __pfx_bt_warn+0x10/0x10 [ 421.001072][ T5867] hci_le_conn_complete_evt+0x23c/0x370 [ 421.001108][ T5867] hci_le_meta_evt+0x354/0x5e0 [ 421.001141][ T5867] ? __pfx_hci_le_conn_complete_evt+0x10/0x10 [ 421.001179][ T5867] hci_event_packet+0x682/0x11c0 [ 421.001212][ T5867] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 421.001245][ T5867] ? __pfx_hci_event_packet+0x10/0x10 [ 421.001279][ T5867] ? kcov_remote_start+0x3c9/0x6d0 [ 421.001313][ T5867] ? lockdep_hardirqs_on+0x7c/0x110 [ 421.001356][ T5867] hci_rx_work+0x2c5/0x16b0 [ 421.001389][ T5867] ? rcu_is_watching+0x12/0xc0 [ 421.001419][ T5867] process_one_work+0x9cf/0x1b70 [ 421.001469][ T5867] ? __pfx_process_one_work+0x10/0x10 [ 421.001524][ T5867] ? assign_work+0x1a0/0x250 [ 421.001566][ T5867] worker_thread+0x6c8/0xf10 [ 421.001605][ T5867] ? __pfx_worker_thread+0x10/0x10 [ 421.001628][ T5867] kthread+0x3c5/0x780 [ 421.001665][ T5867] ? __pfx_kthread+0x10/0x10 [ 421.001703][ T5867] ? rcu_is_watching+0x12/0xc0 [ 421.001728][ T5867] ? __pfx_kthread+0x10/0x10 [ 421.001765][ T5867] ret_from_fork+0x56d/0x730 [ 421.001801][ T5867] ? __pfx_kthread+0x10/0x10 [ 421.001837][ T5867] ret_from_fork_asm+0x1a/0x30 [ 421.001885][ T5867] [ 421.001929][ T5867] kobject: kobject_add_internal failed for hci2:0 with -EEXIST, don't try to register things with the same name in the same directory. [ 421.264060][ T5867] Bluetooth: hci2: failed to register connection device [ 429.301275][ T30] audit: type=1804 audit(4294967370.155:11): pid=13979 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.1255" name="file0" dev="tmpfs" ino=1848 res=1 errno=0 [ 429.361555][ T30] audit: type=1804 audit(4294967370.215:12): pid=13989 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.1255" name="file0" dev="tmpfs" ino=1848 res=1 errno=0 [ 429.834900][T14022] delete_channel: no stack [ 429.849729][T14020] random: crng reseeded on system resumption [ 429.871297][ T5184] Bluetooth: hci0: unexpected event 0x3d length: 726 > 14 [ 429.903037][T14020] FAULT_INJECTION: forcing a failure. [ 429.903037][T14020] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 430.012012][T14020] CPU: 1 UID: 0 PID: 14020 Comm: syz.0.1258 Not tainted syzkaller #0 PREEMPT(full) [ 430.012046][T14020] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 430.012060][T14020] Call Trace: [ 430.012068][T14020] [ 430.012077][T14020] dump_stack_lvl+0x16c/0x1f0 [ 430.012120][T14020] should_fail_ex+0x512/0x640 [ 430.012162][T14020] should_fail_alloc_page+0xe7/0x130 [ 430.012194][T14020] prepare_alloc_pages+0x3c2/0x610 [ 430.012239][T14020] ? rcu_is_watching+0x12/0xc0 [ 430.012269][T14020] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 430.012300][T14020] ? __pfx_stack_trace_save+0x10/0x10 [ 430.012331][T14020] ? __lock_acquire+0x62e/0x1ce0 [ 430.012364][T14020] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 430.012391][T14020] ? blk_trace_setup+0xed/0x1b0 [ 430.012426][T14020] ? rcu_read_unlock+0x17/0x60 [ 430.012460][T14020] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 430.012497][T14020] ? policy_nodemask+0xea/0x4e0 [ 430.012530][T14020] alloc_pages_mpol+0x1fb/0x550 [ 430.012564][T14020] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 430.012595][T14020] ? trace_kmalloc+0x2b/0xd0 [ 430.012628][T14020] ? __kvmalloc_node_noprof.cold+0x60/0x65 [ 430.012665][T14020] ? trace_kmalloc+0x2b/0xd0 [ 430.012697][T14020] ? __kmalloc_noprof.cold+0x5c/0x61 [ 430.012736][T14020] alloc_pages_noprof+0x131/0x390 [ 430.012769][T14020] relay_open_buf.part.0+0x25d/0xc30 [ 430.012813][T14020] relay_open+0x653/0xad0 [ 430.012844][T14020] ? debugfs_create_file_full+0x41/0x60 [ 430.012878][T14020] do_blk_trace_setup+0x4c5/0xb00 [ 430.012913][T14020] blk_trace_setup+0xed/0x1b0 [ 430.012943][T14020] ? __pfx_blk_trace_setup+0x10/0x10 [ 430.012971][T14020] ? __pfx_snprintf+0x10/0x10 [ 430.013035][T14020] ? do_vfs_ioctl+0x128/0x14f0 [ 430.013083][T14020] blk_trace_ioctl+0x146/0x280 [ 430.013112][T14020] ? __pfx_blk_trace_ioctl+0x10/0x10 [ 430.013147][T14020] ? find_held_lock+0x2b/0x80 [ 430.013172][T14020] ? hook_file_ioctl_common+0x145/0x410 [ 430.013256][T14020] blkdev_ioctl+0x108/0x6d0 [ 430.013289][T14020] ? __pfx_blkdev_ioctl+0x10/0x10 [ 430.013327][T14020] ? __pfx_blkdev_ioctl+0x10/0x10 [ 430.013367][T14020] __x64_sys_ioctl+0x18b/0x210 [ 430.013410][T14020] do_syscall_64+0xcd/0x4c0 [ 430.013452][T14020] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 430.013478][T14020] RIP: 0033:0x7f658b98eec9 [ 430.013500][T14020] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 430.013526][T14020] RSP: 002b:00007f658c7da038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 430.013551][T14020] RAX: ffffffffffffffda RBX: 00007f658bbe5fa0 RCX: 00007f658b98eec9 [ 430.013570][T14020] RDX: 0000200000000240 RSI: 00000000c0481273 RDI: 0000000000000009 [ 430.013587][T14020] RBP: 00007f658ba11f91 R08: 0000000000000000 R09: 0000000000000000 [ 430.013601][T14020] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 430.013614][T14020] R13: 00007f658bbe6038 R14: 00007f658bbe5fa0 R15: 00007ffe9469c8e8 [ 430.013645][T14020] [ 430.787384][ T30] audit: type=1800 audit(4294967371.615:13): pid=14053 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.1264" name="dbroot" dev="configfs" ino=36799 res=0 errno=0 [ 431.852424][T14092] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 432.109881][T14109] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input16 [ 432.165103][T14103] FAULT_INJECTION: forcing a failure. [ 432.165103][T14103] name failslab, interval 1, probability 0, space 0, times 0 [ 432.242485][T14103] CPU: 0 UID: 0 PID: 14103 Comm: syz.1.1266 Not tainted syzkaller #0 PREEMPT(full) [ 432.242519][T14103] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 432.242534][T14103] Call Trace: [ 432.242543][T14103] [ 432.242552][T14103] dump_stack_lvl+0x16c/0x1f0 [ 432.242594][T14103] should_fail_ex+0x512/0x640 [ 432.242629][T14103] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 432.242660][T14103] should_failslab+0xc2/0x120 [ 432.242693][T14103] __kmalloc_cache_noprof+0x6a/0x3e0 [ 432.242718][T14103] ? fib6_net_init+0x1dc/0xb20 [ 432.242740][T14103] ? kasan_save_track+0x14/0x30 [ 432.242773][T14103] fib6_net_init+0x1dc/0xb20 [ 432.242803][T14103] ? __pfx_fib6_net_init+0x10/0x10 [ 432.242827][T14103] ops_init+0x1df/0x5f0 [ 432.242875][T14103] setup_net+0x10f/0x380 [ 432.242896][T14103] ? lockdep_init_map_type+0x5c/0x280 [ 432.242933][T14103] ? __pfx_setup_net+0x10/0x10 [ 432.242957][T14103] ? debug_mutex_init+0x37/0x70 [ 432.242985][T14103] copy_net_ns+0x2a6/0x5f0 [ 432.243015][T14103] create_new_namespaces+0x3ea/0xa90 [ 432.243052][T14103] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 432.243081][T14103] ksys_unshare+0x45b/0xa40 [ 432.243115][T14103] ? __pfx_ksys_unshare+0x10/0x10 [ 432.243150][T14103] ? xfd_validate_state+0x61/0x180 [ 432.243196][T14103] __x64_sys_unshare+0x31/0x40 [ 432.243226][T14103] do_syscall_64+0xcd/0x4c0 [ 432.243265][T14103] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 432.243291][T14103] RIP: 0033:0x7fe7e298eec9 [ 432.243312][T14103] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 432.243338][T14103] RSP: 002b:00007fe7e37f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 432.243362][T14103] RAX: ffffffffffffffda RBX: 00007fe7e2be5fa0 RCX: 00007fe7e298eec9 [ 432.243380][T14103] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 432.243400][T14103] RBP: 00007fe7e2a11f91 R08: 0000000000000000 R09: 0000000000000000 [ 432.243415][T14103] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 432.243430][T14103] R13: 00007fe7e2be6038 R14: 00007fe7e2be5fa0 R15: 00007ffe8499f908 [ 432.243466][T14103] [ 432.934829][T14156] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 432.997911][T14160] openvswitch: netlink: nsh attribute has 4 unknown bytes. [ 433.390266][T14121] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input17 [ 433.744028][T14214] ======================================================= [ 433.744028][T14214] WARNING: The mand mount option has been deprecated and [ 433.744028][T14214] and is ignored by this kernel. Remove the mand [ 433.744028][T14214] option from the mount to silence this warning. [ 433.744028][T14214] ======================================================= [ 434.026480][T14265] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input18 [ 434.217339][T14292] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1274'. [ 434.845232][T14274] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input19 [ 434.897963][T14294] HfR: entered promiscuous mode [ 435.015725][T14265] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1273'. [ 435.025157][T14265] HfR: left promiscuous mode [ 435.161556][T14338] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1276'. [ 435.594625][T14366] random: crng reseeded on system resumption [ 435.611102][ T5184] Bluetooth: hci3: unexpected event 0x3d length: 726 > 14 [ 435.680967][T14366] FAULT_INJECTION: forcing a failure. [ 435.680967][T14366] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 435.841225][T14366] CPU: 1 UID: 0 PID: 14366 Comm: syz.2.1278 Not tainted syzkaller #0 PREEMPT(full) [ 435.841262][T14366] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 435.841276][T14366] Call Trace: [ 435.841284][T14366] [ 435.841294][T14366] dump_stack_lvl+0x16c/0x1f0 [ 435.841337][T14366] should_fail_ex+0x512/0x640 [ 435.841381][T14366] should_fail_alloc_page+0xe7/0x130 [ 435.841426][T14366] prepare_alloc_pages+0x3c2/0x610 [ 435.841466][T14366] ? rcu_is_watching+0x12/0xc0 [ 435.841497][T14366] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 435.841532][T14366] ? __pfx_stack_trace_save+0x10/0x10 [ 435.841566][T14366] ? __lock_acquire+0x62e/0x1ce0 [ 435.841600][T14366] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 435.841631][T14366] ? blk_trace_setup+0xed/0x1b0 [ 435.841668][T14366] ? rcu_read_unlock+0x17/0x60 [ 435.841703][T14366] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 435.841738][T14366] ? policy_nodemask+0xea/0x4e0 [ 435.841772][T14366] alloc_pages_mpol+0x1fb/0x550 [ 435.841805][T14366] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 435.841835][T14366] ? trace_kmalloc+0x2b/0xd0 [ 435.841864][T14366] ? __kvmalloc_node_noprof.cold+0x60/0x65 [ 435.841898][T14366] ? trace_kmalloc+0x2b/0xd0 [ 435.841927][T14366] ? __kmalloc_noprof.cold+0x5c/0x61 [ 435.841962][T14366] alloc_pages_noprof+0x131/0x390 [ 435.841994][T14366] relay_open_buf.part.0+0x25d/0xc30 [ 435.842036][T14366] relay_open+0x653/0xad0 [ 435.842068][T14366] ? debugfs_create_file_full+0x41/0x60 [ 435.842103][T14366] do_blk_trace_setup+0x4c5/0xb00 [ 435.842136][T14366] blk_trace_setup+0xed/0x1b0 [ 435.842165][T14366] ? __pfx_blk_trace_setup+0x10/0x10 [ 435.842190][T14366] ? __pfx_snprintf+0x10/0x10 [ 435.842236][T14366] ? do_vfs_ioctl+0x128/0x14f0 [ 435.842276][T14366] blk_trace_ioctl+0x146/0x280 [ 435.842302][T14366] ? __pfx_blk_trace_ioctl+0x10/0x10 [ 435.842334][T14366] ? find_held_lock+0x2b/0x80 [ 435.842359][T14366] ? hook_file_ioctl_common+0x145/0x410 [ 435.842396][T14366] blkdev_ioctl+0x108/0x6d0 [ 435.842440][T14366] ? __pfx_blkdev_ioctl+0x10/0x10 [ 435.842477][T14366] ? __pfx_blkdev_ioctl+0x10/0x10 [ 435.842509][T14366] __x64_sys_ioctl+0x18b/0x210 [ 435.842549][T14366] do_syscall_64+0xcd/0x4c0 [ 435.842589][T14366] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 435.842614][T14366] RIP: 0033:0x7f676558eec9 [ 435.842635][T14366] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 435.842659][T14366] RSP: 002b:00007f67663a1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 435.842684][T14366] RAX: ffffffffffffffda RBX: 00007f67657e5fa0 RCX: 00007f676558eec9 [ 435.842702][T14366] RDX: 0000200000000240 RSI: 00000000c0481273 RDI: 0000000000000009 [ 435.842718][T14366] RBP: 00007f6765611f91 R08: 0000000000000000 R09: 0000000000000000 [ 435.842734][T14366] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 435.842749][T14366] R13: 00007f67657e6038 R14: 00007f67657e5fa0 R15: 00007ffd8640a338 [ 435.842784][T14366] [ 437.840254][T14436] svc: failed to register nfsdv3 RPC service (errno 111). [ 438.000272][T14436] svc: failed to register nfsaclv3 RPC service (errno 111). [ 438.458646][T14455] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 439.763514][T14551] netlink: 186 bytes leftover after parsing attributes in process `syz.0.1293'. [ 440.001919][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.008425][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 442.127165][T14645] FAULT_INJECTION: forcing a failure. [ 442.127165][T14645] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 442.176661][T14645] CPU: 0 UID: 0 PID: 14645 Comm: syz.2.1299 Not tainted syzkaller #0 PREEMPT(full) [ 442.176701][T14645] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 442.176713][T14645] Call Trace: [ 442.176721][T14645] [ 442.176729][T14645] dump_stack_lvl+0x16c/0x1f0 [ 442.176767][T14645] should_fail_ex+0x512/0x640 [ 442.176804][T14645] _copy_to_user+0x32/0xd0 [ 442.176832][T14645] do_pages_stat+0x631/0x820 [ 442.176875][T14645] ? __pfx_do_pages_stat+0x10/0x10 [ 442.176929][T14645] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 442.176958][T14645] ? lockdep_hardirqs_on+0x7c/0x110 [ 442.176987][T14645] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 442.177018][T14645] kernel_move_pages+0xfa8/0x1380 [ 442.177051][T14645] ? do_futex+0x122/0x350 [ 442.177077][T14645] ? __pfx_do_futex+0x10/0x10 [ 442.177103][T14645] ? __pfx_kernel_move_pages+0x10/0x10 [ 442.177132][T14645] ? __pfx___might_resched+0x10/0x10 [ 442.177156][T14645] ? __x64_sys_futex+0x1e0/0x4c0 [ 442.177180][T14645] ? __x64_sys_futex+0x1e9/0x4c0 [ 442.177209][T14645] ? xfd_validate_state+0x61/0x180 [ 442.177243][T14645] __x64_sys_move_pages+0xe0/0x1c0 [ 442.177272][T14645] ? do_syscall_64+0x91/0x4c0 [ 442.177301][T14645] ? lockdep_hardirqs_on+0x7c/0x110 [ 442.177329][T14645] do_syscall_64+0xcd/0x4c0 [ 442.177360][T14645] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 442.177381][T14645] RIP: 0033:0x7f676558eec9 [ 442.177397][T14645] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 442.177416][T14645] RSP: 002b:00007f6766380038 EFLAGS: 00000246 ORIG_RAX: 0000000000000117 [ 442.177435][T14645] RAX: ffffffffffffffda RBX: 00007f67657e6090 RCX: 00007f676558eec9 [ 442.177449][T14645] RDX: 0000000000000000 RSI: 0000000000000f54 RDI: 0000000000000000 [ 442.177461][T14645] RBP: 00007f6765611f91 R08: 0000000000000000 R09: 8000000000000000 [ 442.177474][T14645] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 442.177486][T14645] R13: 00007f67657e6128 R14: 00007f67657e6090 R15: 00007ffd8640a338 [ 442.177513][T14645] [ 442.505039][T14648] ecryptfs_miscdev_write: Dropping miscdev message of unrecognized type [0] [ 444.765317][T14729] can: request_module (can-proto-0) failed. [ 445.702208][T14796] delete_channel: no stack [ 446.766791][T14818] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1314'. [ 447.077177][T14830] FAULT_INJECTION: forcing a failure. [ 447.077177][T14830] name failslab, interval 1, probability 0, space 0, times 0 [ 447.092190][T14830] CPU: 0 UID: 0 PID: 14830 Comm: syz.2.1315 Not tainted syzkaller #0 PREEMPT(full) [ 447.092213][T14830] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 447.092222][T14830] Call Trace: [ 447.092229][T14830] [ 447.092235][T14830] dump_stack_lvl+0x16c/0x1f0 [ 447.092262][T14830] should_fail_ex+0x512/0x640 [ 447.092284][T14830] ? __kmalloc_noprof+0xbf/0x510 [ 447.092303][T14830] ? cache_create_net+0x9d/0x220 [ 447.092320][T14830] should_failslab+0xc2/0x120 [ 447.092338][T14830] __kmalloc_noprof+0xd2/0x510 [ 447.092359][T14830] cache_create_net+0x9d/0x220 [ 447.092379][T14830] unix_gid_cache_create+0x60/0x130 [ 447.092399][T14830] ? __pfx_sunrpc_init_net+0x10/0x10 [ 447.092414][T14830] sunrpc_init_net+0x71/0x190 [ 447.092431][T14830] ops_init+0x1df/0x5f0 [ 447.092455][T14830] setup_net+0x10f/0x380 [ 447.092466][T14830] ? lockdep_init_map_type+0x5c/0x280 [ 447.092486][T14830] ? __pfx_setup_net+0x10/0x10 [ 447.092500][T14830] ? debug_mutex_init+0x37/0x70 [ 447.092517][T14830] copy_net_ns+0x2a6/0x5f0 [ 447.092534][T14830] create_new_namespaces+0x3ea/0xa90 [ 447.092555][T14830] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 447.092572][T14830] ksys_unshare+0x45b/0xa40 [ 447.092592][T14830] ? __pfx_ksys_unshare+0x10/0x10 [ 447.092611][T14830] ? xfd_validate_state+0x61/0x180 [ 447.092637][T14830] __x64_sys_unshare+0x31/0x40 [ 447.092655][T14830] do_syscall_64+0xcd/0x4c0 [ 447.092677][T14830] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 447.092691][T14830] RIP: 0033:0x7f676558eec9 [ 447.092704][T14830] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 447.092718][T14830] RSP: 002b:00007f67663a1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 447.092732][T14830] RAX: ffffffffffffffda RBX: 00007f67657e5fa0 RCX: 00007f676558eec9 [ 447.092741][T14830] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 447.092750][T14830] RBP: 00007f6765611f91 R08: 0000000000000000 R09: 0000000000000000 [ 447.092759][T14830] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 447.092768][T14830] R13: 00007f67657e6038 R14: 00007f67657e5fa0 R15: 00007ffd8640a338 [ 447.092787][T14830] [ 447.808554][T14841] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 448.897307][T14854] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 449.729732][T14895] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1324'. [ 450.656806][ T30] audit: type=1804 audit(4294967391.524:14): pid=14937 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.1328" name="/newroot/sys/kernel/debug/tracing/available_events" dev="tracefs" ino=27 res=1 errno=0 [ 450.680415][ C1] vkms_vblank_simulate: vblank timer overrun [ 451.230342][T14933] ima: policy update failed [ 451.249429][ T30] audit: type=1802 audit(4294967392.115:15): pid=14933 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.0.1328" res=0 errno=0 [ 451.692982][T15000] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1329'. [ 454.155116][T15077] FAULT_INJECTION: forcing a failure. [ 454.155116][T15077] name failslab, interval 1, probability 0, space 0, times 0 [ 454.178930][T15077] CPU: 0 UID: 0 PID: 15077 Comm: syz.2.1334 Not tainted syzkaller #0 PREEMPT(full) [ 454.178967][T15077] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 454.178983][T15077] Call Trace: [ 454.178992][T15077] [ 454.179002][T15077] dump_stack_lvl+0x16c/0x1f0 [ 454.179048][T15077] should_fail_ex+0x512/0x640 [ 454.179087][T15077] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 454.179123][T15077] should_failslab+0xc2/0x120 [ 454.179156][T15077] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 454.179189][T15077] ? __alloc_skb+0x2b2/0x380 [ 454.179238][T15077] __alloc_skb+0x2b2/0x380 [ 454.179272][T15077] ? __pfx___alloc_skb+0x10/0x10 [ 454.179314][T15077] ? lockdep_set_lock_cmp_fn+0xc2/0xe0 [ 454.179356][T15077] tipc_buf_acquire+0x26/0xe0 [ 454.179387][T15077] tipc_msg_build+0x112/0x1150 [ 454.179426][T15077] ? __pfx_tipc_msg_build+0x10/0x10 [ 454.179475][T15077] __tipc_sendstream+0x6f9/0x1170 [ 454.179519][T15077] ? __pfx___tipc_sendstream+0x10/0x10 [ 454.179553][T15077] ? do_raw_spin_lock+0x12c/0x2b0 [ 454.179591][T15077] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 454.179629][T15077] ? __pfx_woken_wake_function+0x10/0x10 [ 454.179677][T15077] ? __local_bh_enable_ip+0xa4/0x120 [ 454.179712][T15077] tipc_sendstream+0x4f/0x70 [ 454.179742][T15077] ____sys_sendmsg+0xa98/0xc70 [ 454.179772][T15077] ? copy_msghdr_from_user+0x10a/0x160 [ 454.179809][T15077] ? __pfx_____sys_sendmsg+0x10/0x10 [ 454.179843][T15077] ? kfree+0x24f/0x4d0 [ 454.179875][T15077] ___sys_sendmsg+0x134/0x1d0 [ 454.179915][T15077] ? __pfx____sys_sendmsg+0x10/0x10 [ 454.179987][T15077] ? __pfx___might_resched+0x10/0x10 [ 454.180022][T15077] __sys_sendmmsg+0x200/0x420 [ 454.180063][T15077] ? __pfx___sys_sendmmsg+0x10/0x10 [ 454.180110][T15077] ? __pfx_do_futex+0x10/0x10 [ 454.180156][T15077] ? __sys_socket+0xac/0x260 [ 454.180189][T15077] ? xfd_validate_state+0x61/0x180 [ 454.180231][T15077] ? __pfx___do_sys_close_range+0x10/0x10 [ 454.180270][T15077] __x64_sys_sendmmsg+0x9c/0x100 [ 454.180306][T15077] ? lockdep_hardirqs_on+0x7c/0x110 [ 454.180344][T15077] do_syscall_64+0xcd/0x4c0 [ 454.180385][T15077] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 454.180411][T15077] RIP: 0033:0x7f676558eec9 [ 454.180432][T15077] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 454.180458][T15077] RSP: 002b:00007f67663a1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 454.180483][T15077] RAX: ffffffffffffffda RBX: 00007f67657e5fa0 RCX: 00007f676558eec9 [ 454.180501][T15077] RDX: 0000000000000400 RSI: 0000000000000000 RDI: 0000000000000004 [ 454.180517][T15077] RBP: 00007f6765611f91 R08: 0000000000000000 R09: 0000000000000000 [ 454.180532][T15077] R10: 0000000000000007 R11: 0000000000000246 R12: 0000000000000000 [ 454.180547][T15077] R13: 00007f67657e6038 R14: 00007f67657e5fa0 R15: 00007ffd8640a338 [ 454.180584][T15077] [ 454.596726][T14913] kexec: Could not allocate control_code_buffer [ 457.916907][T15190] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1356'. [ 458.082034][T15187] netlink: 93 bytes leftover after parsing attributes in process `syz.2.1356'. [ 459.277661][T15220] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1353'. [ 460.408225][T15261] could not allocate digest TFM handle [ 460.578965][T15310] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 460.671657][T15261] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1358'. [ 464.437378][T15421] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 464.465899][T15421] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 464.515395][T15424] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7fe06 [ 464.548867][T15424] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 464.591925][T15424] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 464.629346][T15424] page_type: f5(slab) [ 464.633740][T15424] raw: 00fff00000000040 ffff88801b841b40 ffffea0000a76480 dead000000000002 [ 464.683895][T15424] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 464.709348][T15424] head: 00fff00000000040 ffff88801b841b40 ffffea0000a76480 dead000000000002 [ 464.746184][T15424] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 464.774057][T15424] head: 00fff00000000001 ffffea0001ff8181 00000000ffffffff 00000000ffffffff [ 464.802676][T15424] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 464.818798][T15424] page dumped because: unmovable page [ 464.825469][T15424] page_owner tracks the page as allocated [ 464.839764][T15424] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5863, tgid 5863 (syz-executor), ts 86973542387, free_ts 86911608572 [ 464.863077][T15424] post_alloc_hook+0x1c0/0x230 [ 464.867987][T15424] get_page_from_freelist+0x132b/0x38e0 [ 464.873702][T15424] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 464.879741][T15424] alloc_pages_mpol+0x1fb/0x550 [ 464.884757][T15424] new_slab+0x247/0x330 [ 464.889191][T15424] ___slab_alloc+0xcf2/0x1750 [ 464.893971][T15424] __slab_alloc.constprop.0+0x56/0xb0 [ 464.899544][T15424] __kmalloc_noprof+0x2f2/0x510 [ 464.904488][T15424] fib_create_info+0x53f/0x46b0 [ 464.909641][T15424] fib_table_insert+0x177/0x1c40 [ 464.916705][T15424] fib_magic+0x4d4/0x5c0 [ 464.921151][T15424] fib_add_ifaddr+0x16d/0x580 [ 464.925947][T15424] fib_inetaddr_event+0x147/0x270 [ 464.931092][T15424] notifier_call_chain+0xb9/0x410 [ 464.939443][T15392] FAULT_INJECTION: forcing a failure. [ 464.939443][T15392] name fail_futex, interval 1, probability 0, space 0, times 0 [ 464.957735][T15424] blocking_notifier_call_chain+0x69/0xa0 [ 464.963778][T15424] __inet_insert_ifa+0x925/0xcd0 [ 464.969457][T15424] page last free pid 92 tgid 92 stack trace: [ 464.978997][T15424] __free_frozen_pages+0x7d5/0x10f0 [ 464.984599][T15392] CPU: 0 UID: 0 PID: 15392 Comm: syz.0.1376 Not tainted syzkaller #0 PREEMPT(full) [ 464.984637][T15392] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 464.984651][T15392] Call Trace: [ 464.984659][T15392] [ 464.984668][T15392] dump_stack_lvl+0x16c/0x1f0 [ 464.984707][T15392] should_fail_ex+0x512/0x640 [ 464.984748][T15392] get_futex_key+0xff0/0x1560 [ 464.984782][T15392] ? __pfx_get_futex_key+0x10/0x10 [ 464.984811][T15392] ? __mutex_trylock_common+0xe9/0x250 [ 464.984916][T15392] futex_wake+0xea/0x530 [ 464.984964][T15392] ? __pfx_futex_wake+0x10/0x10 [ 464.985015][T15392] do_futex+0x1e3/0x350 [ 464.985043][T15392] ? __pfx_do_futex+0x10/0x10 [ 464.985071][T15392] ? __might_fault+0xe3/0x190 [ 464.985109][T15392] mm_release+0x24e/0x300 [ 464.985138][T15392] do_exit+0x68e/0x2bf0 [ 464.985178][T15392] ? __pfx_do_exit+0x10/0x10 [ 464.985209][T15392] ? do_raw_spin_lock+0x12c/0x2b0 [ 464.985244][T15392] ? find_held_lock+0x2b/0x80 [ 464.985274][T15392] do_group_exit+0xd3/0x2a0 [ 464.985310][T15392] get_signal+0x2673/0x26d0 [ 464.985348][T15392] ? __pfx_get_signal+0x10/0x10 [ 464.985375][T15392] ? do_futex+0x122/0x350 [ 464.985405][T15392] ? __pfx_do_futex+0x10/0x10 [ 464.985437][T15392] arch_do_signal_or_restart+0x8f/0x790 [ 464.985471][T15392] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 464.985513][T15392] ? __pfx_do_pwritev+0x10/0x10 [ 464.985547][T15392] exit_to_user_mode_loop+0x84/0x110 [ 464.985583][T15392] do_syscall_64+0x41c/0x4c0 [ 464.985627][T15392] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 464.985652][T15392] RIP: 0033:0x7f658b98eec9 [ 464.985673][T15392] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 464.985696][T15392] RSP: 002b:00007f658c7b90e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 464.985720][T15392] RAX: fffffffffffffe00 RBX: 00007f658bbe6098 RCX: 00007f658b98eec9 [ 464.985737][T15392] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f658bbe6098 [ 464.985752][T15392] RBP: 00007f658bbe6090 R08: 0000000000000000 R09: 0000000000000000 [ 464.985767][T15392] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 464.985837][T15392] R13: 00007f658bbe6128 R14: 00007ffe9469c800 R15: 00007ffe9469c8e8 [ 464.985871][T15392] [ 464.986375][T15424] qlist_free_all+0x4d/0x120 [ 465.228367][T15424] kasan_quarantine_reduce+0x195/0x1e0 [ 465.238313][T15424] __kasan_slab_alloc+0x69/0x90 [ 465.262780][T15424] __kmalloc_cache_noprof+0x1f1/0x3e0 [ 465.274716][T15424] nsim_fib_event_work+0x17f5/0x2e80 [ 465.281097][T15424] process_one_work+0x9cf/0x1b70 [ 465.289618][T15424] worker_thread+0x6c8/0xf10 [ 465.304619][T15424] kthread+0x3c5/0x780 [ 465.332969][T15424] ret_from_fork+0x56d/0x730 [ 465.339270][T15424] ret_from_fork_asm+0x1a/0x30 [ 466.203080][T15561] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1396'. [ 466.284107][T15559] program syz.2.1395 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 466.387493][T15558] netlink: 93 bytes leftover after parsing attributes in process `syz.1.1396'. [ 466.432961][T15574] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1398'. [ 467.649548][T15662] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 467.903272][T15679] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1409'. [ 471.747418][T15781] ------------[ cut here ]------------ [ 471.753005][T15781] WARNING: CPU: 0 PID: 15781 at kernel/trace/trace.c:8604 tracing_buffers_mmap_close+0xdd/0x130 [ 471.763531][T15781] Modules linked in: [ 471.767781][T15781] CPU: 0 UID: 0 PID: 15781 Comm: syz.2.1423 Not tainted syzkaller #0 PREEMPT(full) [ 471.777309][T15781] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 471.787439][T15781] RIP: 0010:tracing_buffers_mmap_close+0xdd/0x130 [ 471.794257][T15781] Code: 75 46 48 8b 7b 08 e8 02 96 ff ff 31 ff 89 c3 89 c6 e8 e7 58 fb ff 85 db 75 0a 48 83 c4 08 5b e9 99 5d fb ff e8 94 5d fb ff 90 <0f> 0b 90 48 83 c4 08 5b e9 86 5d fb ff e8 31 cd 60 00 eb 87 e8 5a [ 471.814581][T15781] RSP: 0018:ffffc900192e7818 EFLAGS: 00010283 [ 471.820689][T15781] RAX: 00000000000015da RBX: 00000000ffffffed RCX: ffffc9000c279000 [ 471.829159][T15781] RDX: 0000000000080000 RSI: ffffffff81bfac8c RDI: 0000000000000005 [ 471.837233][T15781] RBP: ffff88802959eb88 R08: 0000000000000005 R09: 0000000000000000 [ 471.845379][T15781] R10: 00000000ffffffed R11: 0000000000000000 R12: dffffc0000000000 [ 471.853433][T15781] R13: 0000000000000000 R14: 0000000000000000 R15: ffffffff81bfabb0 [ 471.861425][T15781] FS: 00007f67663a16c0(0000) GS:ffff8881246ba000(0000) knlGS:0000000000000000 [ 471.870439][T15781] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 471.877518][T15781] CR2: 0000001b3321cff8 CR3: 000000007fdc6000 CR4: 00000000003526f0 [ 471.885578][T15781] Call Trace: [ 471.888870][T15781] [ 471.891812][T15781] __mmap_region+0x6c1/0x27b0 [ 471.896880][T15781] ? finish_task_switch.isra.0+0x21c/0xc10 [ 471.902943][T15781] ? __pfx___mmap_region+0x10/0x10 [ 471.908115][T15781] ? rcu_is_watching+0x12/0xc0 [ 471.913321][T15781] ? rcu_is_watching+0x12/0xc0 [ 471.918115][T15781] ? trace_sched_exit_tp+0xd1/0x120 [ 471.923625][T15781] ? __schedule+0x11a3/0x5de0 [ 471.928426][T15781] ? __lock_acquire+0x62e/0x1ce0 [ 471.933469][T15781] ? __lock_acquire+0x62e/0x1ce0 [ 471.938445][T15781] ? __pfx___schedule+0x10/0x10 [ 471.943430][T15781] ? trace_cap_capable+0x18d/0x200 [ 471.948582][T15781] mmap_region+0x1ab/0x3f0 [ 471.953110][T15781] ? __get_unmapped_area+0x267/0x440 [ 471.958430][T15781] do_mmap+0xa3e/0x1210 [ 471.962697][T15781] ? __pfx_do_mmap+0x10/0x10 [ 471.967327][T15781] ? __pfx_down_write_killable+0x10/0x10 [ 471.973174][T15781] vm_mmap_pgoff+0x29e/0x470 [ 471.977809][T15781] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 471.983202][T15781] ? __x64_sys_futex+0x1e0/0x4c0 [ 471.988177][T15781] ? __x64_sys_futex+0x1e9/0x4c0 [ 471.993444][T15781] ksys_mmap_pgoff+0x7d/0x5c0 [ 471.998334][T15781] ? xfd_validate_state+0x61/0x180 [ 472.004576][T15781] __x64_sys_mmap+0x125/0x190 [ 472.009306][T15781] do_syscall_64+0xcd/0x4c0 [ 472.014261][T15781] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 472.020176][T15781] RIP: 0033:0x7f676558eec9 [ 472.024676][T15781] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 472.044359][T15781] RSP: 002b:00007f67663a1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 472.052841][T15781] RAX: ffffffffffffffda RBX: 00007f67657e5fa0 RCX: 00007f676558eec9 [ 472.060830][T15781] RDX: 0000000000000003 RSI: 000000000000e983 RDI: 0000000000000000 [ 472.068859][T15781] RBP: 00007f6765611f91 R08: 0000000000000401 R09: 0000000000008000 [ 472.076903][T15781] R10: 0000000000000eb1 R11: 0000000000000246 R12: 0000000000000000 [ 472.085043][T15781] R13: 00007f67657e6038 R14: 00007f67657e5fa0 R15: 00007ffd8640a338 [ 472.093212][T15781] [ 472.096249][T15781] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 472.103526][T15781] CPU: 0 UID: 0 PID: 15781 Comm: syz.2.1423 Not tainted syzkaller #0 PREEMPT(full) [ 472.112904][T15781] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 472.122956][T15781] Call Trace: [ 472.126228][T15781] [ 472.129154][T15781] dump_stack_lvl+0x3d/0x1f0 [ 472.133767][T15781] vpanic+0x6e8/0x7a0 [ 472.137765][T15781] ? __pfx_vpanic+0x10/0x10 [ 472.142267][T15781] ? tracing_buffers_mmap_close+0xdd/0x130 [ 472.148073][T15781] panic+0xca/0xd0 [ 472.151807][T15781] ? __pfx_panic+0x10/0x10 [ 472.156263][T15781] check_panic_on_warn+0xab/0xb0 [ 472.161221][T15781] __warn+0xf6/0x3c0 [ 472.165135][T15781] ? tracing_buffers_mmap_close+0xdd/0x130 [ 472.170951][T15781] report_bug+0x3c3/0x580 [ 472.175279][T15781] ? tracing_buffers_mmap_close+0xdd/0x130 [ 472.181083][T15781] handle_bug+0x184/0x210 [ 472.185516][T15781] exc_invalid_op+0x17/0x50 [ 472.190039][T15781] asm_exc_invalid_op+0x1a/0x20 [ 472.194907][T15781] RIP: 0010:tracing_buffers_mmap_close+0xdd/0x130 [ 472.201324][T15781] Code: 75 46 48 8b 7b 08 e8 02 96 ff ff 31 ff 89 c3 89 c6 e8 e7 58 fb ff 85 db 75 0a 48 83 c4 08 5b e9 99 5d fb ff e8 94 5d fb ff 90 <0f> 0b 90 48 83 c4 08 5b e9 86 5d fb ff e8 31 cd 60 00 eb 87 e8 5a [ 472.221120][T15781] RSP: 0018:ffffc900192e7818 EFLAGS: 00010283 [ 472.227187][T15781] RAX: 00000000000015da RBX: 00000000ffffffed RCX: ffffc9000c279000 [ 472.235153][T15781] RDX: 0000000000080000 RSI: ffffffff81bfac8c RDI: 0000000000000005 [ 472.243126][T15781] RBP: ffff88802959eb88 R08: 0000000000000005 R09: 0000000000000000 [ 472.251088][T15781] R10: 00000000ffffffed R11: 0000000000000000 R12: dffffc0000000000 [ 472.259054][T15781] R13: 0000000000000000 R14: 0000000000000000 R15: ffffffff81bfabb0 [ 472.267018][T15781] ? __pfx_tracing_buffers_mmap_close+0x10/0x10 [ 472.273263][T15781] ? tracing_buffers_mmap_close+0xdc/0x130 [ 472.279080][T15781] ? tracing_buffers_mmap_close+0xdc/0x130 [ 472.284920][T15781] __mmap_region+0x6c1/0x27b0 [ 472.289593][T15781] ? finish_task_switch.isra.0+0x21c/0xc10 [ 472.295402][T15781] ? __pfx___mmap_region+0x10/0x10 [ 472.300505][T15781] ? rcu_is_watching+0x12/0xc0 [ 472.305285][T15781] ? rcu_is_watching+0x12/0xc0 [ 472.310047][T15781] ? trace_sched_exit_tp+0xd1/0x120 [ 472.315251][T15781] ? __schedule+0x11a3/0x5de0 [ 472.319922][T15781] ? __lock_acquire+0x62e/0x1ce0 [ 472.324861][T15781] ? __lock_acquire+0x62e/0x1ce0 [ 472.329881][T15781] ? __pfx___schedule+0x10/0x10 [ 472.334790][T15781] ? trace_cap_capable+0x18d/0x200 [ 472.339916][T15781] mmap_region+0x1ab/0x3f0 [ 472.344323][T15781] ? __get_unmapped_area+0x267/0x440 [ 472.349600][T15781] do_mmap+0xa3e/0x1210 [ 472.353752][T15781] ? __pfx_do_mmap+0x10/0x10 [ 472.358366][T15781] ? __pfx_down_write_killable+0x10/0x10 [ 472.363991][T15781] vm_mmap_pgoff+0x29e/0x470 [ 472.368575][T15781] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 472.373687][T15781] ? __x64_sys_futex+0x1e0/0x4c0 [ 472.378635][T15781] ? __x64_sys_futex+0x1e9/0x4c0 [ 472.383564][T15781] ksys_mmap_pgoff+0x7d/0x5c0 [ 472.388237][T15781] ? xfd_validate_state+0x61/0x180 [ 472.393342][T15781] __x64_sys_mmap+0x125/0x190 [ 472.398018][T15781] do_syscall_64+0xcd/0x4c0 [ 472.402549][T15781] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 472.408455][T15781] RIP: 0033:0x7f676558eec9 [ 472.412934][T15781] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 472.432558][T15781] RSP: 002b:00007f67663a1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 472.440971][T15781] RAX: ffffffffffffffda RBX: 00007f67657e5fa0 RCX: 00007f676558eec9 [ 472.448932][T15781] RDX: 0000000000000003 RSI: 000000000000e983 RDI: 0000000000000000 [ 472.457071][T15781] RBP: 00007f6765611f91 R08: 0000000000000401 R09: 0000000000008000 [ 472.465035][T15781] R10: 0000000000000eb1 R11: 0000000000000246 R12: 0000000000000000 [ 472.472993][T15781] R13: 00007f67657e6038 R14: 00007f67657e5fa0 R15: 00007ffd8640a338 [ 472.480965][T15781] [ 472.484275][T15781] Kernel Offset: disabled [ 472.488586][T15781] Rebooting in 86400 seconds..