last executing test programs: 8m12.005966201s ago: executing program 3 (id=426): unshare$auto(0x40000080) mmap$auto(0x0, 0x20009, 0x4000000000db, 0x12, 0x400, 0x18002) mmap$auto(0x0, 0x2000d, 0x7, 0xeb1, 0x404, 0x10008000) openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, 0x0, 0x40040, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) mmap$auto(0xfffffffffffffffd, 0x40009, 0xdf, 0x18, 0x7, 0x28000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttyprintk\x00', 0x40001, 0x0) write$auto(0x3, 0x0, 0xfdef) ioctl$auto(0x3, 0x541a, 0xffffffffffffffff) 8m11.523539645s ago: executing program 3 (id=428): mmap$auto(0x0, 0x400008, 0xdf, 0x17, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) (async) mlockall$auto(0x7) (async) mremap$auto(0x0, 0x4, 0x4, 0x7, 0x100000000) (async) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) r0 = bpf$auto(0x24, 0x0, 0x8) (async) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003ec, 0x14) (async) mmap$auto(0x0, 0x202000d, 0x8000000002, 0x12, r0, 0x8004) 8m11.36782014s ago: executing program 3 (id=429): syz_genetlink_get_family_id$auto_macsec(0x0, 0xffffffffffffffff) r0 = set_tid_address$auto(0x0) ioprio_get$auto_IOPRIO_WHO_PROCESS(0x1, r0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(0xffffffffffffffff, &(0x7f0000000180)='/:$]\x00', 0x0) socket$nl_generic(0x11, 0x3, 0x10) mmap$auto(0x0, 0x20004, 0x1ff, 0xeb1, 0x8000000000000024, 0x8000) r2 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/audio1\x00', 0xc0502, 0x0) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x82800, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0x8000d, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x5, 0x6d3f, 0x5, 0x2, 0xfffffffffffffffe]}, 0x0) ioctl$auto_SNDCTL_DSP_SPEED(r2, 0xc0045002, &(0x7f0000000280)="e90500") prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x7, 0xd, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) pivot_root$auto(&(0x7f0000000080)='..\x00', 0x0) open(0x0, 0x7ffd, 0x12) kexec_load$auto(0x9, 0x0, 0x0, 0x1003e0000) mmap$auto(0x0, 0x40009, 0x3, 0x19, 0xffffffffffffffff, 0x28000) madvise$auto(0x0, 0x2003f0, 0x15) write$auto(0x3, 0x0, 0x100082) mmap$auto(0x0, 0x2a, 0xdf, 0x9b72, 0x1000, 0x28000) getpid() mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/net/afs/rootcell\x00', 0x1cb842, 0x0) socket$nl_generic(0x10, 0x3, 0x10) 8m9.273535414s ago: executing program 3 (id=434): mmap$auto(0x0, 0x202000d, 0x8000000002, 0xeb1, 0xffffffffffffffff, 0x8000) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) r0 = open(0x0, 0x261c2, 0x84) io_uring_setup$auto(0x6, 0x0) close_range$auto(0x2, 0x8000, 0x0) r1 = socket(0xa, 0x2, 0x88) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) arch_prctl$auto_ARCH_GET_XCOMP_GUEST_PERM(0x1024, 0x5) socket$nl_generic(0x10, 0x3, 0x10) r2 = bpf$auto(0x0, &(0x7f0000000000)=@link_update={0xa, @new_prog_fd=0x77, 0xa, @old_map_fd=r1}, 0x10) setsockopt$auto_SO_PREFER_BUSY_POLL(r2, 0x706, 0x45, &(0x7f00000000c0)='-./&.),:\xd6)\\}{\x00', 0x5) bpf$auto(0x2, &(0x7f00000001c0)=@raw_tracepoint={0x5, r0, 0x0, 0x3}, 0xc) bpf$auto(0x4, &(0x7f00000001c0)=@raw_tracepoint={0x5, 0xffff, 0x0, 0x3}, 0xf) socket(0xa, 0x2, 0x0) sendmsg$auto_GTP_CMD_GETPDP(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="01002d0008000700"/18, @ANYRES32, @ANYBLOB="0800080004"], 0x24}, 0x1, 0x0, 0x0, 0x20000801}, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1e00df45"], 0x1ac}}, 0x0) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x8) 8m9.212165902s ago: executing program 3 (id=435): socket(0x10, 0x2, 0x0) socket(0x2, 0x2, 0x88) setsockopt$auto(0x4, 0xdb, 0xb3, &(0x7f0000000040)='0\xa5\x00\x00\x00\xec\x00\x00\x1f\xdb\xf2\x1f\xe6\xf0\xf0\xdf;\x98\'R\x06\xceD{s#\xd7t$I\xedh?\xe6S\xd5\xd8\x83\x9a2HUB\x19\x8e\r\xa9\xd5\x92\x82', 0x80000b) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000001040)='/sys/bus/pci/drivers/pch_udc/uevent\x00', 0x202741, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x101000, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/fs/ocfs2/cluster_stack\x00', 0x88282, 0x0) mmap$auto(0x0, 0x400009, 0xdf, 0x9b72, 0x8000000000000003, 0x8000) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/kernel/mm/transparent_hugepage/hugepages-2048kB/enabled\x00', 0x0, 0x0) openat$auto_nst_seq_fops_netdebug(0xffffffffffffff9c, 0x0, 0x2f43, 0x0) syz_open_procfs$namespace(0x0, &(0x7f0000000080)='ns/net\x00') openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x280, 0x0) socket(0x10, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0xc6, 0x3, 0xfff, &(0x7f0000000000)=0x1) close_range$auto(0x2, 0x8, 0x0) r0 = socket(0x11, 0x3, 0x9) close_range$auto(0x2, r0, 0x0) r1 = socket(0x11, 0x80003, 0x300) setsockopt$auto(r1, 0x107, 0x14, 0x0, 0x4) sendmmsg$auto(r0, &(0x7f0000000400)={{&(0x7f0000000000), 0x205aa, &(0x7f0000000100)={0x0, 0x4b}, 0x1, 0x0, 0x5, 0x1000}, 0x5}, 0x2, 0x100) 8m8.404035129s ago: executing program 3 (id=438): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sendmmsg$auto(0x3, 0x0, 0x3, 0x1) r0 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x0, 0x400004, 0x2, 0x9b72, 0x2, 0x8002) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x10, 0x940, 0x1ffe0, 0x3, 0x6, 0x2, 0x9, 0x5, 0x2, 0x7, 0xb0, 0x9, 0x5, 0x3, 0x5, 0x7, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}, 0x1fe, 0x81) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="10002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) r1 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r1, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x4008) mmap$auto(0x1101, 0x7fffffff, 0x14000000000df, 0x40eb2, r0, 0x300000000000) io_uring_register$auto_IORING_REGISTER_PBUF_RING(0xffffffffffffffff, 0x16, 0x0, 0x6) 7m53.096797724s ago: executing program 32 (id=438): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sendmmsg$auto(0x3, 0x0, 0x3, 0x1) r0 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x0, 0x400004, 0x2, 0x9b72, 0x2, 0x8002) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x10, 0x940, 0x1ffe0, 0x3, 0x6, 0x2, 0x9, 0x5, 0x2, 0x7, 0xb0, 0x9, 0x5, 0x3, 0x5, 0x7, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}, 0x1fe, 0x81) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="10002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) r1 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r1, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x4008) mmap$auto(0x1101, 0x7fffffff, 0x14000000000df, 0x40eb2, r0, 0x300000000000) io_uring_register$auto_IORING_REGISTER_PBUF_RING(0xffffffffffffffff, 0x16, 0x0, 0x6) 7.270453066s ago: executing program 1 (id=1995): lseek$auto(0xffffffffffffffff, 0x8001, 0x4) socket(0xf, 0x3, 0x2) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) socket(0x2, 0x2, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r2 = openat$auto_rfkill_fops_core(0xffffffffffffff9c, &(0x7f00000000c0), 0xa480, 0x0) r3 = openat$auto_udmabuf_fops_udmabuf(0xffffffffffffff9c, &(0x7f0000000080), 0x102, 0x0) ioctl$auto_UDMABUF_CREATE_LIST(r3, 0x40087543, &(0x7f0000000100)={0x95ca, 0xfffffffd}) ioctl$auto_TUNSETFILTEREBPF(r1, 0x800454e1, &(0x7f00000001c0)=0x5) readv$auto(r2, &(0x7f0000000280)={0x0, 0xf7}, 0x87) openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/tracing/trace_pipe\x00', 0x20c01, 0x0) ioctl$auto_posix_clock_file_operations_posix_clock(0xffffffffffffffff, 0x2, 0x0) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) ppoll$auto(&(0x7f0000000180)={0xffffffffffffffff, 0x4, 0x8}, 0x6, 0x0, 0x0, 0x8) r4 = open(&(0x7f0000000800)='./file0\x00', 0x183242, 0x154) unshare$auto(0x40000080) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_GET_INTERFACE(r5, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000001}, 0x4000084) socket(0xa, 0x5, 0x4) sendmsg$auto_NL80211_CMD_ADD_LINK_STA(r4, &(0x7f0000000140)={&(0x7f0000000040), 0xc, &(0x7f0000000100)={&(0x7f00000002c0)={0xcc, r6, 0x200, 0x70bd2b, 0x25dfdbff, {}, [@NL80211_ATTR_WIPHY_TX_POWER_LEVEL={0x8, 0x62, 0x8}, @NL80211_ATTR_CRIT_PROT_ID={0x6, 0xb3, 0x2}, @NL80211_ATTR_MEASUREMENT_DURATION_MANDATORY={0x4}, @NL80211_ATTR_COLOR_CHANGE_COLOR={0x5}, @NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM={0x6, 0xfb, 0x6}, @NL80211_ATTR_STA_SUPPORTED_CHANNELS={0x81, 0xbd, "fc027137890543918a1d40d09fd51f29aa79fdc0b0ab418a678309e23179f50e95669d00d50815bc549ee4801c692f04c8de5b8baaa7ae97230259a317a60c735a8b8952ce66dbd235ac46288d9c1ee07bc6bdf99c2bb2212e260eb7d7571775da5bc2c8d3e55be78da8d0afe93ba0a28d03cd69e33f961a35d98a6181"}, @NL80211_ATTR_FILS_DISCOVERY={0xc, 0x126, 0x0, 0x1, [@NL80211_FILS_DISCOVERY_ATTR_INT_MAX={0x8, 0x2, 0x8}]}, @NL80211_ATTR_SCHED_SCAN_MULTI={0x4}]}, 0xcc}, 0x1, 0x0, 0x0, 0x894}, 0x84) close_range$auto(0x2, 0x8, 0x0) openat$auto_proc_pid_numa_maps_operations_internal(0xffffffffffffff9c, 0x0, 0x305080, 0x0) mmap$auto(0x2000000, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xfffffffffffeffff, 0x15) setreuid$auto(0x4, 0x8) mlockall$auto(0x8000000000000001) unshare$auto(0x40000080) 6.839201899s ago: executing program 2 (id=1999): r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) (async) mmap$auto(0x4, 0x20006, 0x4000000000df, 0xeb5, r0, 0x4) (async) close_range$auto(0x2, 0x8, 0x0) (async) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, 0x0, 0x40090) mmap$auto(0x800, 0x1, 0x8000000000000001, 0x111, 0xffffffffffffffff, 0x1) (async) msgctl$auto_IPC_INFO(0x1, 0x3, &(0x7f0000000440)={{0x9, 0xee01, 0x0, 0x98ae, 0x2, 0x6, 0x5}, &(0x7f0000000080)=0x81, &(0x7f0000000200)=0x3, 0x7e, 0x3, 0x0, 0xde, 0x6, 0x10, 0x8, 0x2}) mmap$auto(0x8000000000000, 0x20009, 0xe2, 0x11, 0x401, 0x8000) (async) socket(0x15, 0x5, 0x0) socket(0x2, 0x1, 0x106) (async) r2 = getsockopt$auto(0x4, 0x6, 0x17, 0xfffffffffffffffc, 0x0) msgctl$auto_IPC_RMID(0x4, 0x0, &(0x7f0000000240)={{0x6, 0xffffffffffffffff, r1, 0x9, 0x12, 0x8000000c, 0x48}, &(0x7f00000001c0)=0x7, 0x0, 0x1, 0x7, 0x0, 0xd, 0x4, 0x3, 0x54c8, 0xd, @inferred, @raw=0xbc9}) ioctl$auto_KVM_HAS_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee3, &(0x7f00000002c0)={0x8, r3, 0x800000000001, 0x33}) (async) r4 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) (async) writev$auto(0xffffffffffffffff, 0x0, 0x8) (async) write$auto(0xffffffffffffffff, &(0x7f0000000300)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) (async) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttyprintk\x00', 0x109401, 0x0) (async) close_range$auto(0x2, 0x8, 0x0) (async) msgrcv$auto(0xb, 0x0, 0x0, 0x6e2d, 0xfffffffb) (async) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) (async) madvise$auto(0x0, 0x2003f0, 0x15) (async) mmap$auto(0x5, 0xff, 0x2, 0x15, r2, 0x28000) madvise$auto(0x2, 0x5c61fa2c, 0xf) (async) syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000180), r4) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) sendmsg$auto_OVS_FLOW_CMD_GET(0xffffffffffffffff, 0x0, 0x800) r5 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/security/tomoyo/profile\x00', 0x842, 0x0) write$auto(0x3, 0x0, 0xfdef) (async) lseek$auto(0x3, 0x2, 0x4) (async) read$auto(r5, 0x0, 0xb4d3) 6.634213379s ago: executing program 2 (id=2000): openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mtdblock0\x00', 0x14f602, 0x0) capget$auto(&(0x7f0000000000)={0x19980330}, 0x0) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) (async) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) (async) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/loop2\x00', 0x82, 0x0) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/loop6\x00', 0x18dd01, 0x0) ioctl$auto_SG_GET_RESERVED_SIZE(r0, 0x4c0a, 0x0) socket$nl_generic(0x10, 0x3, 0x10) (async) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ovs_datapath(0x0, 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000000040), 0xffffffffffffffff) (async) r2 = syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000000040), 0xffffffffffffffff) msgget$auto(0x0, 0x77d9) sendmsg$auto_OVS_DP_CMD_NEW(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000840)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010026bd7020f8dbdf250100000008000200", @ANYRES32=0x4, @ANYBLOB="0800010eb38032c8145248b0004884f01b8e467fa4b030df599907545bd64e11d1c87628d40b18776b45a329b66d37e822debec3ff6fd795576810eb3fa805a55dbfc2d2a1ef8aa7f73344c0bab87bec27be1290cee869ec0b6d4b5f270f9a1ded00e714f633e6fb482beeb0ec0bb4370fe18e57d44330b03c57b6765aa72db96ee1fa4d7a8ec1b3b5aa6d0b1c0c8f6fb23165f89e4364277408996903babb110b2842ac8db12763e7cf08df38944ce5559e33a850afaa738250128c0de1a18e6d", @ANYRES32=0x9, @ANYBLOB="20b4a8d9ed2e08c99c0200105c647663056035fdc6c22f7f8d1f653dcda1b0f8d36c832e0577277e5e66b1c601c45cfcd584280b3f5ac69dfe61ed395e112e0de63b8c1ac8720aeadf4401d4acf66d3c312de7d5ac7797e4b4cf4fafebfca6777dfddfab0897932aa12a726e2037c344196e63dd37ae4fb887673a176052428da45e0c3167788ab5305545f5415bc48beb972749e460eb911dd1cd7e6d3c19baacd67fca5b54c6f371edd14ef686dfdda7d840a85fe7029409bc8a1ed781b879cb67bae06b5ac561c22f10c54b6203c1f6c20fef2c0c4e78fda6d277f8633f40b83cd76c5fcc58baa32f8f2a3fc43a54574d8519717dee1e6c"], 0x2c}, 0x1, 0x0, 0x0, 0x801}, 0x80) (async) sendmsg$auto_OVS_DP_CMD_NEW(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000840)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010026bd7020f8dbdf250100000008000200", @ANYRES32=0x4, @ANYBLOB="0800010eb38032c8145248b0004884f01b8e467fa4b030df599907545bd64e11d1c87628d40b18776b45a329b66d37e822debec3ff6fd795576810eb3fa805a55dbfc2d2a1ef8aa7f73344c0bab87bec27be1290cee869ec0b6d4b5f270f9a1ded00e714f633e6fb482beeb0ec0bb4370fe18e57d44330b03c57b6765aa72db96ee1fa4d7a8ec1b3b5aa6d0b1c0c8f6fb23165f89e4364277408996903babb110b2842ac8db12763e7cf08df38944ce5559e33a850afaa738250128c0de1a18e6d", @ANYRES32=0x9, @ANYBLOB="20b4a8d9ed2e08c99c0200105c647663056035fdc6c22f7f8d1f653dcda1b0f8d36c832e0577277e5e66b1c601c45cfcd584280b3f5ac69dfe61ed395e112e0de63b8c1ac8720aeadf4401d4acf66d3c312de7d5ac7797e4b4cf4fafebfca6777dfddfab0897932aa12a726e2037c344196e63dd37ae4fb887673a176052428da45e0c3167788ab5305545f5415bc48beb972749e460eb911dd1cd7e6d3c19baacd67fca5b54c6f371edd14ef686dfdda7d840a85fe7029409bc8a1ed781b879cb67bae06b5ac561c22f10c54b6203c1f6c20fef2c0c4e78fda6d277f8633f40b83cd76c5fcc58baa32f8f2a3fc43a54574d8519717dee1e6c"], 0x2c}, 0x1, 0x0, 0x0, 0x801}, 0x80) socket$nl_generic(0x10, 0x3, 0x10) (async) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_OVS_DP_CMD_DEL(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000200)=ANY=[], 0x38}, 0x1, 0x0, 0x0, 0x20040011}, 0x20000000) socket$nl_generic(0x10, 0x3, 0x10) (async) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000500)={'gretap0\x00'}) socket(0xa, 0x23af690fef30229, 0x9) sendmsg$auto_BATADV_CMD_SET_MESH(0xffffffffffffffff, 0x0, 0x140080e4) (async) sendmsg$auto_BATADV_CMD_SET_MESH(0xffffffffffffffff, 0x0, 0x140080e4) ioctl$auto_PPPIOCSMRU(0xffffffffffffffff, 0xc004743e, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0xa, 0x1, 0x44f, 0x807, 0x5, 0x7181, 0x1ffde, 0x7, 0x3, 0x8, 0x9, 0x80003, 0x4, 0x200000000001, 0x384, 0x9, 0x8, 0x10006, 0x400007f, 0x5, 0x0, 0xe, 0x22000, 0x200, 0x0, 0x84, 0x0, 0x1, 0xffffffff, 0x4, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0xfffffffffffffffe, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x6, 0x1, 0x4, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0xffffffffffffffff]}, 0x1fa, 0xd) r5 = openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f00000000c0), 0x2802, 0x0) ioctl$auto__ctl_fops_dm_ioctl(r5, 0x2, &(0x7f0000000380)="dcbb5fd7054bed139fb7f9fb1dca8fe1d88f65ee057c0e6faac40d106e4f0d52edf6e31c48e8d983ae3431fa707225c2c387e1a200b38759ba8e9187200e6d044ef46a534de751b1436f20ed7071b254509700aa726ea003a1b7b9ce2313756dc84bc4556ddac694c4553d72ed13a885176712c9cff968f74bd1d14ff734ad08e60cf7e7a7dd07d2b6ca9cb21ddaae68d2969afcf6c734f6ee1c63b1c93abf32264f9ec022b64c903276298739ee8ae7ac1fe14534ad54004f39ea1b99964702554c1494e1742baeae527cf3007d50fc92e924f73b6288e5d9fd071d2fba76b2fabd3faf5229f4c3168226346e3087026d3d2c8aed398d4988971e05ff0ab9f5f2328e7f51d5061584b44581a4c83e413718d3a82f87daf87d1d5a2c32fbaa58f095fbf34ccc603b632155c27289cb5598049a7c9160dfe8a01d5a1983408082941eb39db2a09c5a34dc876dfa58a589687aa0cf6be7b5b084a8f753758332896ec3adad7a79b751908ee2b3d25131f44185a0ed8d20e9b6b8a1ed11402b02e544b67caf3177eda039e64aaf295eca7953c165fa73afca96d7750663711101c6e14e44817c6ad4b1474132dd441ca5c9d7776c871ffacb") ioctl$auto__ctl_fops_dm_ioctl(r5, 0xfffffff7effffd05, &(0x7f00000001c0)) (async) ioctl$auto__ctl_fops_dm_ioctl(r5, 0xfffffff7effffd05, &(0x7f00000001c0)) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x7f, 0x8000) mknod$auto(&(0x7f0000000180)=':,\x00', 0xcb, 0xfffffffa) (async) mknod$auto(&(0x7f0000000180)=':,\x00', 0xcb, 0xfffffffa) execve$auto(&(0x7f0000000000)=':,\x00', 0x0, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/bus/usb-serial/drivers/kobil/new_id\x00', 0x10400, 0x0) 6.18212198s ago: executing program 2 (id=2003): r0 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/exception_policy\x00', 0xc0080, 0x0) read$auto_tomoyo_operations_securityfs_if(r0, 0x0, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000280)='/sys/power/pm_freeze_timeout\x00', 0x80002, 0x0) read$auto(r1, &(0x7f0000000000)='/sys/power/pm_freeze_timeout\x00', 0xe0f) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000280)='/dev/snd/controlC2\x00', 0x80, 0x0) set_tid_address$auto(&(0x7f00000000c0)=0x2) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nl80211(&(0x7f00000001c0), r2) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'wlan1\x00'}) syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000040), 0xffffffffffffffff) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) preadv$auto(0x40000000000003, &(0x7f0000000080)={0x0, 0xfffffffd}, 0x6, 0x8, 0x5) 5.83823826s ago: executing program 2 (id=2005): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) write$auto(0x3, 0x0, 0x7fffffff) write$auto(0x1, 0x0, 0x80000000) openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000000), 0x200, 0x0) preadv$auto(0x40000000000003, &(0x7f0000000080)={0x0, 0xfffffffd}, 0x6, 0x8, 0x5) r0 = socket(0x2b, 0x1, 0xf6ba) openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x80080, 0x0) sendmsg$auto_NFC_CMD_DEP_LINK_DOWN(r0, 0x0, 0x20000001) madvise$auto(0x192ad524, 0x1, 0x19) kill$auto(0x0, 0x21) madvise$auto(0x0, 0x200007, 0x8) madvise$auto(0x0, 0x2003f0, 0x15) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000300)='/sys/devices/LNXSYSTM:00/LNXPWRBN:00/power/wakeup_total_time_ms\x00', 0x0, 0x0) read$auto(r1, 0x0, 0x20) sendmsg$auto_NL80211_CMD_GET_MPP(r0, 0x0, 0x880) munmap$auto(0x8000, 0xffffffff) syz_genetlink_get_family_id$auto_nfc(&(0x7f00000000c0), r0) remap_file_pages$auto(0x6a27, 0x1000, 0x0, 0x3, 0x4) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/thread-self/net/rpc/use-gss-proxy\x00', 0x48041, 0x0) r2 = openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dri/renderD128\x00', 0x40, 0x0) ioctl$auto(r2, 0x9000643f, 0xc35) sysfs$auto(0x5, 0x7fff, 0x2) mmap$auto(0x4, 0x400007, 0xdf, 0x9b7e, 0x2, 0x8000) fsopen$auto(0x0, 0x1) 5.744333134s ago: executing program 0 (id=2006): syz_genetlink_get_family_id$auto_macsec(0x0, 0xffffffffffffffff) r0 = set_tid_address$auto(0x0) ioprio_get$auto_IOPRIO_WHO_PROCESS(0x1, r0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(0xffffffffffffffff, &(0x7f0000000180)='/:$]\x00', 0x0) mmap$auto(0x0, 0x20004, 0x1ff, 0xeb1, 0x8000000000000024, 0x8000) r2 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/audio1\x00', 0xc0502, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x82800, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0x8000d, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x5, 0x6d3f, 0x5, 0x2, 0xfffffffffffffffe]}, 0x0) ioctl$auto_SNDCTL_DSP_SPEED(r2, 0xc0045002, &(0x7f0000000280)="e90500") prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x7, 0xd, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0x200007, 0x19) madvise$auto(0x0, 0x2003f0, 0x15) write$auto(0x3, 0x0, 0x100082) mmap$auto(0x0, 0x2a, 0xdf, 0x9b72, 0x1000, 0x28000) getpid() mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/net/afs/rootcell\x00', 0x1cb842, 0x0) socket$nl_generic(0x10, 0x3, 0x10) 5.657102153s ago: executing program 4 (id=2007): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) settimeofday$auto(0x0, &(0x7f00000003c0)={0x3, 0x80000001}) openat$auto_proc_sessionid_operations_base(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/sessionid\x00', 0x40c1, 0x0) r0 = setfsgid$auto(0xee00) ioperm$auto(0x80, 0x4, 0x800) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0xd, 0x3000, 0x6, 0x7, 0xa, 0xffffffffffffffff, [], {0x6, 0x6, 0x8c48, 0x29b, 0x8, 0x7f, 0x101, 0x6, 0x3}, {0x100, 0x1, 0x52, 0x5, 0x2, 0x1a7b870a, 0x76c5, 0x8, 0x100000000}}) select$auto(0xe, 0x0, 0x0, &(0x7f0000000200)={[0x8, 0xffffffffffffff49, 0x5, 0x1823, 0x800000000004, 0x1, 0x5, 0x19, 0x10, 0x5, 0x2dde, 0x8, 0xfffffffffffffffa, 0xab, 0x0, 0x1]}, &(0x7f0000000040)={0x0, 0x7}) fchown$auto(0xffffffffffffffff, 0xee00, r0) fsconfig$auto(0xffffffffffffffff, 0x6, 0x0, 0x0, r0) r1 = getpgid$auto(0xffffffffffffffff) r2 = getpgrp(0x0) mmap$auto(0x0, 0x9, 0xc00000072, 0x8b72, 0x1000000002, 0x8000) r3 = io_uring_setup$auto(0x86, 0x0) close_range$auto(0x2, 0x8000, 0x0) socket(0x2, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r4 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) write$auto_ftrace_set_event_pid_fops_trace_events(r3, &(0x7f0000000040)="70a53433aa0c4380d66b4598bc1d81a94a2dec", 0x13) r5 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r5) ioctl$auto_KVM_CREATE_VM(r4, 0x4080aebf, 0x0) shmctl$auto_SHM_LOCK(0x4, 0xb, &(0x7f0000000140)={{0x7, 0xee00, r0, 0xfffffff9, 0x5, 0x7ab6, 0x87}, 0xd153, 0x3, 0x7, 0x40, @inferred=r1, @inferred=r2, 0xb, 0x0, &(0x7f0000000000)="2ee7bcf8e4f78642470ef05fe303fda91bffa59954554caf8ebe2fc9c9d1fac3cae2b55b3a7716ec867a7b58a7129d49ba6e4714329f77064ff307de9d5fe156725bcdee2c31f1e45e5927f103af008dd002584763dd1045c18c2b338771948a4d744b8aa51a710bd4c92fcc843b1f497ed27dddce6d20d5c6582389bb9f92d3328151fb2f435a3f56f94808ab412f6031cca244d685adfd234f60bb50012820bea9fb50a3f7372f8fdd163be50a", &(0x7f00000000c0)}) socket(0x2, 0x1, 0x0) setsockopt$auto(0x3, 0x0, 0x60, 0x0, 0x0) socket(0x1d, 0x2, 0x6) 4.926919427s ago: executing program 1 (id=2008): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) r0 = prctl$auto_PR_SCHED_CORE_SHARE_FROM(0x8, 0x3, 0x0, 0x0, 0x6) syz_genetlink_get_family_id$auto_macsec(0x0, 0xffffffffffffffff) socket(0x10, 0x3, 0xffffffbe) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x7, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9a\xae\v\x00\x00U\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\x9f%\xae\xc1-\x80\x82\xdc5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4\xfaK\xdf>f\xb8&\x95\x8e2\n\xccWw\xe2\x9cK\fE\a\xca\xd3R\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc\x86 \x13GCr *2\x96Q\xa2\xbavH8n\"j', 0x108000a3d9) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x120e2, 0x0) write$auto(r2, &(0x7f00000001c0)='1\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_nlctrl(&(0x7f00000001c0), 0xffffffffffffffff) sendmsg$auto_CTRL_CMD_GETPOLICY(r3, &(0x7f00000011c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010325bd7040ffdbdf25ea1300000c0002006e6c38303231310008000a00ef010000"], 0x28}, 0x1, 0x0, 0x0, 0x30000881}, 0xc040810) write$auto(r2, &(0x7f0000000440)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b\v\x82\rd\xd2\xaa\v!\xb1}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb', 0x98c7) mmap$auto(0xfffffffffffffff8, 0x3, 0x5, 0x10, 0xffffffffffffffff, 0x280007ffd) madvise$auto(0x0, 0xffffffffffff0001, 0x15) prctl$auto(0x3e, 0x1, 0xffffffffffffffff, 0x3, 0xfffffffffffffff0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) r5 = syz_genetlink_get_family_id$auto_batadv(0x0, 0xffffffffffffffff) madvise$auto(0x0, 0xffffffffffff0004, 0x1a) setgroups$auto(0xe32, 0x0) madvise$auto(0x0, 0x200007, 0x19) r6 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000300)='/proc/self/smaps_rollup\x00', 0x40000, 0x0) madvise$auto(0x0, 0xffffffffffff0001, 0x15) read$auto_proc_pid_maps_operations_internal(r6, &(0x7f00000010c0)=""/4082, 0xff2) setgroups$auto(0x1e9, &(0x7f0000000180)=0x400000) madvise$auto(0x8, 0xc89, 0xffffff33) close_range$auto(0x2, 0x8, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x12080, 0x0) sendmsg$auto_THERMAL_GENL_CMD_THRESHOLD_FLUSH(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000005c0)=ANY=[@ANYBLOB="042b0000", @ANYBLOB="000227bd7000fbdbdf250a0000000800100002000000700115806901bc8019535fe2d9b96eca9b3542e751bb7513af45c70eb79549e6621db9d4719a1be79c25d8a5befafcb9da455471a285295c1d48fe8658f957f31839d4f7dc45de7105b8c541accdada32002aba7e2d8e2a79cc88f5fbe0339e2b98002f61b1c93bcc5934cbbd2ebc6ab91944c51e3aceb9a0f4aac244560bfdf5b289225f77f1c154b56e0a4009c2348a2381b30e0c5929de547e132356e56207edc6008912adf6b527a5581afe70ef1dbac0753a0deac37fc4e3e4f5411eca88b3e084fdd36803a1f25337e1db441919c0ca0ed6d78f688ca2b5ad4fa9323428049fab03be0b8f0b2444f3e9aabc7dbf5af8f91f01a213d6da45a0701f50a0cedc857c1e046f817aeb3aaffd0754ff0d930c02f6f00d9ef09ed1389094b31ba09ace7a769b6063c53955a79e447c05ae4a85f35f9ba3edae6e0a666475ca5a3c6215a5c28527cf60ed9d5ac970400128008009000", @ANYRES32, @ANYBLOB="040011800800b20010000000040006800400c58000000028040580af00dc80040056004f51569fdf6032876a3785b1794ce570446bbc540979f9b302debc3d2de2c10c694d41eb5fb432e53daad8608cc6b32de50a266e340ea052675aaba2f1aa4fd70e9424813f9a900dd3da41422675d94abd65c57993bdad7647bc0f6652581bb568112a803ddf4899cdff7dce6050fe5949ee5b08001600", @ANYRES32, @ANYRESDEC=r5, @ANYRES32, @ANYRES16=r0, @ANYRES32, @ANYBLOB="04005280246b7a"], 0x2b04}, 0x1, 0x0, 0x0, 0x45051}, 0x44844) 4.756977091s ago: executing program 4 (id=2009): symlink$auto(&(0x7f0000000040)='./file1\x00', &(0x7f0000000080)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) sysfs$auto(0x2, 0x4, 0x0) utimes$auto(0x0, 0x0) prctl$auto(0x27, 0x0, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$auto_ipvs(&(0x7f0000002680), 0xffffffffffffffff) sendmsg$auto_IPVS_CMD_DEL_DAEMON(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40014}, 0x24008040) openat$auto_objects_fops_(0xffffffffffffff9c, 0x0, 0x202200, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) sendmsg$auto_ETHTOOL_MSG_TSINFO_GET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="14000000", @ANYRES16=0x0, @ANYBLOB="e3b725bd7000fdbb632559ecae2dcf7c86"], 0x14}, 0x1, 0x0, 0x0, 0x10}, 0x48000) write$auto_console_fops_tty_io(0xffffffffffffffff, 0x0, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r1 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000140)='/proc/kcore\x00', 0x10b402, 0x0) pread64$auto(r1, 0x0, 0x800003, 0x800000000000e2a) socket(0x2c, 0x80003, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x80040, 0x0) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x55) socket(0x2, 0x3, 0xa) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x8) select$auto(0x981, 0x0, &(0x7f0000000980)={[0x5, 0x40, 0xffffffff, 0x72634de1, 0x4000000000, 0x9, 0x0, 0x4, 0x1, 0xd0d, 0xc76a, 0x5, 0xffffffffffffffff, 0x2, 0x7, 0x9]}, &(0x7f0000000a00)={[0x4, 0xd, 0x5, 0x6e, 0x1, 0x8, 0x6, 0xfffffffffffff800, 0xfffffffffffffffc, 0x200, 0x9, 0x8, 0x2, 0x6, 0x9, 0x9]}, &(0x7f0000000a80)={0x100000000, 0x2}) connect$auto(0x3, &(0x7f00000018c0)=@l2tp={0x2, 0x0, @multicast1}, 0x55) sendmmsg$auto(0x3, 0x0, 0x9a6, 0xe000) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) move_pages$auto(0x0, 0x1002, 0x0, &(0x7f0000001140), 0x0, 0x2) 4.169136978s ago: executing program 0 (id=2010): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x6, 0x8000) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) move_pages$auto(0x1, 0xf54, 0x0, 0x0, 0x0, 0x8000000000000000) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0xc2481, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) syz_genetlink_get_family_id$auto_batadv(0x0, 0xffffffffffffffff) epoll_create$auto(0x4) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) mmap$auto(0x0, 0x40009, 0xe2, 0x9b72, 0x7, 0x28000) bpf$auto(0x0, &(0x7f00000001c0)=@task_fd_query={0x9, 0x21eb, 0x7ff, 0x3ff, 0x0, 0x3, 0x5f, 0x0, 0x3}, 0x6f3) mmap$auto(0x3ff, 0x3, 0xffffffff, 0x100000eb1, 0x40000000000a1, 0x4000008000) setsockopt$auto_SO_OOBINLINE(r0, 0x3, 0xa, &(0x7f0000000080)='nlctrl\x00', 0x8) close_range$auto(0x2, 0xa, 0x0) socket(0x18, 0xa, 0x1) socket(0xa, 0x2, 0x0) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "ab06fdffff00fff500"}, 0x55) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) r1 = socket(0x2, 0x1, 0x0) fcntl$auto(0x3, 0x4, 0xa553) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0xffff, @dev={0xac, 0x14, 0x14, 0xd}}, 0x6a) sendmmsg$auto(r1, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x101, 0x0, 0x5, 0x9ad}, 0x5}, 0x5, 0x20000000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) prctl$auto(0x43, 0x17, 0x0, 0x0, 0x0) mmap$auto(0x0, 0xa, 0xdb, 0x9b72, 0x5, 0x8000) 4.000455545s ago: executing program 2 (id=2011): openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event1\x00', 0x34d802, 0x0) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) (async) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) (async) socketcall$auto(0x8000, 0x0) (async, rerun: 32) close_range$auto(0x2, 0x8, 0x0) (async, rerun: 32) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) r3 = ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) (async, rerun: 32) ioctl$auto(0x3, 0xae60, 0x10000000000402) (rerun: 32) r4 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000100)='/proc/fs/ext4/sda1/fc_info\x00', 0x10b402, 0x0) pread64$auto(r4, &(0x7f0000000340)='/proc/Nes\x00'/22, 0x100000001, 0x100) (async) ioctl$auto_KVM_GET_MSRS(r3, 0xc008ae88, &(0x7f0000000040)={0xe180, 0x0, [{0x5, 0x80, 0x9e4}, {0x0, 0x6, 0x7}, {0x3, 0x3800, 0x7}, {0x401, 0x9, 0x10}]}) ioctl$auto(r4, 0xffffffaf, 0xffffffffffffffff) (async) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) (async, rerun: 32) statmount$auto(0x0, 0x0, 0xe, 0xfffffff8) (rerun: 32) r5 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000400), 0x189002, 0x0) ioctl$auto_PPPIOCSPASS(r5, 0x40107447, &(0x7f0000000040)={0x6, 0x0}) ioctl$auto_PPPIOCSPASS(r5, 0x40107447, &(0x7f00000000c0)={0x9, &(0x7f0000000000)={0x28, 0xf3, 0xb0, @raw=0xfffff01c}}) inotify_init1$auto(0xf189) (async) ioctl$auto(0x3, 0xae41, r1) (async) ioctl$auto_KVM_CREATE_VM(r0, 0xae80, 0x0) 3.164886247s ago: executing program 1 (id=2012): r0 = openat$auto_cpuid_fops_cpuid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/cpu/1/cpuid\x00', 0x400002, 0x0) mmap$auto(0x0, 0x400008, 0xfffffffffffffffe, 0x9b72, r0, 0x8000) msync$auto(0xf89, 0x8, 0x401) socket(0x2, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@sco, 0x1) io_uring_setup$auto(0x1, 0x0) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) r1 = openat$auto_snd_pcm_f_ops_pcm1(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$auto_SNDRV_PCM_IOCTL_STATUS322(r1, 0x806c4120, &(0x7f0000000100)={0x0, 0x6, 0x95d7, 0x7f, 0x3, 0x1, 0x9, 0x2, 0x2, 0x7, 0xb, 0x8, 0x100, 0x2, 0x40000003, 0x3ff, 0x400, 0x80000000, "0c1056e3480805f935e214e44f620fa9eba8238cacc3d9e6fc45cf541e509fc2457ae4ae"}) mmap$auto(0x0, 0x88b, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/platform/dummy_hcd.4/usb5/power/wakeup_max_time_ms\x00', 0x80080, 0x0) read$auto(r2, 0x0, 0x20) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) write$auto(0x3, 0x0, 0xfffffdef) unshare$auto(0x40000080) openat$dir(0xffffffffffffff9c, 0x0, 0x381000, 0x100) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/system/node/node1/compact\x00', 0xc2481, 0x0) writev$auto(r3, &(0x7f0000000080)={&(0x7f0000000040), 0x1000}, 0x3) close_range$auto(0x2, 0x8, 0x40000000) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/v4l-subdev3\x00', 0x169000, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r4 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="72010000", @ANYBLOB="120027", @ANYBLOB="5de1523353782950330a"], 0x1ac}}, 0x4) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB='J'], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000180)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x1, 0x0) recvmmsg$auto(r4, &(0x7f0000000100)={{0x0, 0x4, &(0x7f0000000080)={&(0x7f0000000040), 0xcb}, 0x3, 0x0, 0x80000000, 0x6}, 0x9}, 0x7, 0x6, 0x0) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYBLOB="000229bd0000fbdbdf35020000000800fbffffffffff0737010005"], 0x24}, 0x1, 0x0, 0x0, 0x20000010}, 0xc0) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="00211459a600fbdbdf250200000008000300000000001b"], 0x24}, 0x1, 0x0, 0x0, 0x20000010}, 0xc0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) 2.204961106s ago: executing program 0 (id=2013): openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) r0 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, 0x0, 0x40040, 0x0) ioctl$auto_PPPIOCSNPMODE(r0, 0x4008744b, &(0x7f00000000c0)={0xf, 0x3}) mmap$auto(0x0, 0x8, 0x1000000004, 0x9b72, 0x2, 0x8000) socket(0xa, 0x801, 0x84) fcntl$auto(0xffffffffffffffff, 0x7, 0xa553) socket(0xa, 0x1, 0x84) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) io_uring_setup$auto(0x1, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x83, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) ioperm$auto(0x7, 0x5ad2, 0x8) modify_ldt$auto(0xc, 0x0, 0x7) setsockopt$auto(0xffffffffffffffff, 0x2b, 0x43b696d3, 0x0, 0x56b) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptyd1\x00', 0x40, 0x0) mmap$auto(0xffffffff80000001, 0x20009, 0x5, 0xa32, 0x405, 0x8000) openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, 0x0, 0x2e2003, 0x0) write$auto(0x3, 0x0, 0xffd8) rseq$auto(&(0x7f0000000300)={0xe, 0x401, 0x0, 0x6, 0xffffffff, 0x2}, 0x8000, 0x0, 0x6) process_mrelease$auto(0xffffffffffffffff, 0xa) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x7ffc) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) mincore$auto(0x1000, 0x8001, 0x0) fcntl$auto(0x8000000000000001, 0x7, 0x8) madvise$auto(0x8, 0x7ffffffffffbfffb, 0xfffff7fd) fcntl$auto(0x8000000000000001, 0x26, 0x8) mincore$auto(0x4, 0x5, &(0x7f0000000000)='/dev/ptyd1\x00') 2.162832711s ago: executing program 4 (id=2014): r0 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/exception_policy\x00', 0xc0080, 0x0) read$auto_tomoyo_operations_securityfs_if(r0, 0x0, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000280)='/sys/power/pm_freeze_timeout\x00', 0x80002, 0x0) read$auto(r1, &(0x7f0000000000)='/sys/power/pm_freeze_timeout\x00', 0xe0f) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000280)='/dev/snd/controlC2\x00', 0x80, 0x0) set_tid_address$auto(&(0x7f00000000c0)=0x2) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nl80211(&(0x7f00000001c0), r2) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000040), 0xffffffffffffffff) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) preadv$auto(0x40000000000003, &(0x7f0000000080)={0x0, 0xfffffffd}, 0x6, 0x8, 0x5) 2.086372365s ago: executing program 1 (id=2015): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) close_range$auto(0x0, 0x5, 0x0) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) openat$auto_proc_clear_refs_operations_internal(0xffffffffffffff9c, &(0x7f0000000600)='/proc/thread-self/clear_refs\x00', 0x2, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000300)='/sys/devices/virtual/block/loop14/queue/stable_writes\x00', 0x182b02, 0x0) sendfile$auto(0x1, 0x3, 0x0, 0xc01) madvise$auto(0x0, 0x5, 0xe) 1.773850265s ago: executing program 4 (id=2016): unshare$auto(0x40000080) mmap$auto(0x0, 0x20009, 0x4000000000db, 0x12, 0x400, 0x18002) mmap$auto(0x0, 0x2000d, 0x7, 0xeb1, 0x404, 0x10008000) openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, 0x0, 0x40040, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) mmap$auto(0xfffffffffffffffd, 0x40009, 0xdf, 0x18, 0x7, 0x28000) r0 = open(&(0x7f0000000040)='./file0\x00', 0x22240, 0x154) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/tracing/per_cpu/cpu1/trace_pipe_raw\x00', 0x701080, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttyprintk\x00', 0x40001, 0x0) write$auto(0x3, 0x0, 0xfdef) ioctl$auto(0x3, 0x541a, r0) 1.703341262s ago: executing program 1 (id=2017): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) settimeofday$auto(0x0, &(0x7f00000003c0)={0x3, 0x80000001}) openat$auto_proc_sessionid_operations_base(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/sessionid\x00', 0x40c1, 0x0) r0 = setfsgid$auto(0xee00) ioperm$auto(0x80, 0x4, 0x800) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0xd, 0x3000, 0x6, 0x7, 0xa, 0xffffffffffffffff, [], {0x6, 0x6, 0x8c48, 0x29b, 0x8, 0x7f, 0x101, 0x6, 0x3}, {0x100, 0x1, 0x52, 0x5, 0x2, 0x1a7b870a, 0x76c5, 0x8, 0x100000000}}) select$auto(0xe, 0x0, 0x0, &(0x7f0000000200)={[0x8, 0xffffffffffffff49, 0x5, 0x1823, 0x800000000004, 0x1, 0x5, 0x19, 0x10, 0x5, 0x2dde, 0x8, 0xfffffffffffffffa, 0xab, 0x0, 0x1]}, &(0x7f0000000040)={0x0, 0x7}) fchown$auto(0xffffffffffffffff, 0xee00, r0) fsconfig$auto(0xffffffffffffffff, 0x6, 0x0, 0x0, r0) r1 = getpgid$auto(0xffffffffffffffff) r2 = getpgrp(0x0) mmap$auto(0x0, 0x9, 0xc00000072, 0x8b72, 0x1000000002, 0x8000) r3 = io_uring_setup$auto(0x86, 0x0) close_range$auto(0x2, 0x8000, 0x0) socket(0x2, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r4 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) write$auto_ftrace_set_event_pid_fops_trace_events(r3, &(0x7f0000000040)="70a53433aa0c4380d66b4598bc1d81a94a2dec", 0x13) r5 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r5) ioctl$auto_KVM_CREATE_VM(r4, 0x4080aebf, 0x0) shmctl$auto_SHM_LOCK(0x4, 0xb, &(0x7f0000000140)={{0x7, 0xee00, r0, 0xfffffff9, 0x5, 0x7ab6, 0x87}, 0xd153, 0x3, 0x7, 0x40, @inferred=r1, @inferred=r2, 0xb, 0x0, &(0x7f0000000000)="2ee7bcf8e4f78642470ef05fe303fda91bffa59954554caf8ebe2fc9c9d1fac3cae2b55b3a7716ec867a7b58a7129d49ba6e4714329f77064ff307de9d5fe156725bcdee2c31f1e45e5927f103af008dd002584763dd1045c18c2b338771948a4d744b8aa51a710bd4c92fcc843b1f497ed27dddce6d20d5c6582389bb9f92d3328151fb2f435a3f56f94808ab412f6031cca244d685adfd234f60bb50012820bea9fb50a3f7372f8fdd163be50a", &(0x7f00000000c0)}) socket(0x2, 0x1, 0x0) setsockopt$auto(0x3, 0x0, 0x60, 0x0, 0x0) socket(0x1d, 0x2, 0x6) 1.407212161s ago: executing program 0 (id=2018): ioperm$auto(0x7, 0x6, 0x2) socket$nl_generic(0x10, 0x3, 0x10) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) getrandom$auto(0x0, 0x6000000, 0x3) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty32\x00', 0x800, 0x0) ioctl$auto(r0, 0x4b47, 0x1) clone$auto(0x9001, 0x5, 0xffffffffffffffff, 0xfffffffffffffffc, 0x6) 1.36808366s ago: executing program 4 (id=2019): syz_genetlink_get_family_id$auto_macsec(0x0, 0xffffffffffffffff) r0 = set_tid_address$auto(0x0) ioprio_get$auto_IOPRIO_WHO_PROCESS(0x1, r0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(0xffffffffffffffff, &(0x7f0000000180)='/:$]\x00', 0x0) mmap$auto(0x0, 0x20004, 0x1ff, 0xeb1, 0x8000000000000024, 0x8000) r2 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/audio1\x00', 0xc0502, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x82800, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0x8000d, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x5, 0x6d3f, 0x5, 0x2, 0xfffffffffffffffe]}, 0x0) ioctl$auto_SNDCTL_DSP_SPEED(r2, 0xc0045002, &(0x7f0000000280)="e90500") prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x7, 0xd, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0x200007, 0x19) madvise$auto(0x0, 0x2003f0, 0x15) write$auto(0x3, 0x0, 0x100082) mmap$auto(0x0, 0x2a, 0xdf, 0x9b72, 0x1000, 0x28000) getpid() mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/net/afs/rootcell\x00', 0x1cb842, 0x0) socket$nl_generic(0x10, 0x3, 0x10) 1.19939601s ago: executing program 1 (id=2020): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x6, 0x8000) move_pages$auto(0x1, 0xf54, 0x0, 0x0, 0x0, 0x8000000000000000) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000180)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfca}, 0x9, 0x0, 0x7, 0xa505}, 0x800}, 0x4, 0x4008) madvise$auto(0x0, 0xffffffffffff0001, 0x15) open(&(0x7f0000000140)='./file0\x00', 0xaa4c0, 0x40) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) open(0x0, 0x149443, 0x0) socket(0x22, 0x2, 0x1) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x400c000) bpf$auto(0x5, &(0x7f0000000100)=@task_fd_query={0x2, 0x2, 0x4, 0x0, 0x85, 0x7, 0x9, 0x6, 0x8001}, 0x101) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x7fffffff, 0x300000000000) socket(0xa, 0x2, 0x0) socket(0xa, 0x3, 0xff) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "0000c11effffff00"}, 0x55) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) sysfs$auto(0x2, 0x100000000000033, 0x0) vmsplice$auto(r0, &(0x7f0000000040)={&(0x7f00000001c0)="00b87b5fcd37273bd65158d8c1ff205d6007ae356d68a7e65fdabafc142ebc7cf3137e6faa59b96296dee73fe31f595900bc631a160a6c6af4608acc926b17ed203e464c98f48e1daadd78aced23977d1eb06a8c0bb7979943988852457bc576b9ef8a3fea34c7168e4212554a149542d72faffde3e513fc4e5aa8f7e3370c0147acd72d37f81956525d53983cc5db426f336986c43b2aa7d8019e50f4ebcb8e231e4379c7065426c6bf154ef64436ec55ad67e8d79bda72649a75e5edb6f666471e4f3ad3177600fe964d48827133dbb7ebab4a4bf8dd4cc499c0", 0x1}, 0x1, 0x6) r1 = fsopen$auto(0x0, 0x1) fsconfig$auto(r1, 0x8, 0x0, 0x0, 0x0) execve$auto(&(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000100)=&(0x7f0000000300)='#\xdc\xfe\xd8E\xc8\x8bu4\xd9n\xcb\xca\xc7zw \x96\x9ejh\xad\x9eEc\xae\x1e\x89\x92\x9a\xbbP[B\xae\x9cf)\x15\xac\x90)l\x06\xf0\t\x12\x05zz\xa6\xb3\xce=\x00\x00\x00\xf20/\xc4T\x1f\xe5P\xff\xb4\xb7s0\x02\xc5\x81\x93\xc6\xc8\xb6Sp\x1a{8\xfc\xe0,X\xc7BU\xd0\x97\x7f1\x16\x99\x04\xabu/a0\x02\x7f\xbb\xbd\x906\xa8\xce\xee\xcd\xd7\t\x00\xfb\x83\xc8\x8aO\xe9\xbe=\xf7\xf4\x84,\x06\xd3j\x99b\xe6\xf6Y3A\xbb\xa4\xb2\f\x1b\xc3\x8a,g\xc6\xe8[\xdf\x88\x01\x9f7\xb5\x19m\xd8\xc0\f-6\xfe\xa8\xed/u\x81_G\xfeR\xbb\x12|\x97\xabB4J\xed+-\xf8u0/n\xcf\x8b\x95\x9d\xab\xa8\xc47\xa6\x0e\xdeOq\\\xc3\'{\b\xd3m\x94\xc2\xdd{\xeaO\x0e\xe4\xe0\xb9N:\xd60\x17,\x06\xc7B#Y0\x99\xeb\x02\xfe\xd3k\xd5\xdcZ\xdcP\x8e+\xd8\xc7C\xcb\x15\x13c\xbf\xe8\xbd\"\x8f3\"\x14\xf8(\xda\x19\xcd\xec\x03.\xd9^\xc3A\xda\r[\x1a\xda\\#/\xd4\xaf\xd0\xe8\xa2\xdd\xc5{\xfa\xe0\x90\x8f\x99lQ\xec\x84h^\x11+\x93\b\xe0c\xe6\xd22\xf9\xa5\x94\xd0\xf5\xe7\xca\x00\x00\x00\x00\x00\x00\x00\x00\x00') 858.81312ms ago: executing program 0 (id=2021): openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event1\x00', 0x34d802, 0x0) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x0) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x801, 0x106) ioctl$auto(0x3, 0x800005411, 0x38) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/block/loop3/size\x00', 0x3371c1, 0x0) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) ioctl$auto(0x3, 0xae41, r1) ioctl$auto_KVM_GET_MSRS(r0, 0x4008ae89, &(0x7f0000000040)={0x2, 0x0, [{0x40000020, 0x400, 0x9}]}) 558.093455ms ago: executing program 2 (id=2022): mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0xffffffffffffffff, 0x8000) (async) mmap$auto(0x0, 0x2020009, 0x2bb9, 0x90, 0xffffffffffffffff, 0x1) (async) r0 = socket(0x10, 0x2, 0x0) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0xc, 0x0, 0x13c, 0x0, 0x0, 0xd}, 0x5af}, 0x40, 0x100) (async) r1 = socket$nl_generic(0x10, 0x3, 0x10) fchown$auto(r1, 0xee00, 0x0) recvmmsg$auto(r0, &(0x7f0000000140)={{0x0, 0x4, &(0x7f0000000080)={0x0, 0x803}, 0x5, 0x0, 0x2, 0x8}, 0x7fb}, 0x10b, 0x800008, 0x0) r2 = socket(0x10, 0x2, 0x0) (async) statmount$auto(0x0, &(0x7f00000005c0)={0x8, 0x1, 0x1, 0x7352, 0x3b, 0x65f, 0x1ffde, 0x7, 0x3, 0x2, 0xfffffffe, 0x3, 0x6, 0x4, 0xc10, 0x9, 0x6, 0x10003, 0x80, 0x4, 0x1a60, 0x7, 0x2080, 0x203, 0x0, 0x84, 0x0, 0x0, 0x0, 0x400000, 0x0, [0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0xfffffffffffff801, 0x0, 0x0, 0x0, 0xcb, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000], "315ad4"}, 0x1fe, 0xd) sendmsg$auto_OVS_VPORT_CMD_DEL(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c000000027fa55c6f00090000b4cb8b0837a871a67e0001", @ANYRES64=r2], 0x3c}, 0x1, 0x0, 0x0, 0x20008081}, 0x40) (async) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) (async) sendmmsg$auto(r2, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x4008) (async) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) (async) r4 = io_uring_setup$auto(0xfff, 0x0) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="020026bd70005732bb3860e8fedbdf25030000000800030004020000060007000080000008000200", @ANYRESHEX=r3, @ANYBLOB="0a00050000000000000000000a00010000000000000000000a0001000000000000000000060007000100000006000700060000000800040003000000"], 0x68}, 0x1, 0x0, 0x0, 0x40080}, 0x40090) (async) r5 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000680)=ANY=[@ANYBLOB="1c000000", @ANYBLOB='*\x00%'], 0x1ac}, 0x1, 0x0, 0x0, 0x40814}, 0x2004c0c4) (async) sendmmsg$auto(r5, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x4008) r6 = socket(0x10, 0x2, 0x0) (async) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000400)=ANY=[@ANYRESOCT=r4, @ANYBLOB="13"], 0x1ac}, 0x1, 0x0, 0x0, 0x40000}, 0x4004) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0x6}, 0x3, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x5) (async) ppoll$auto(&(0x7f0000000040)={r2, 0x803, 0xb}, 0x200, &(0x7f0000000540)={0x101, 0x210}, 0x0, 0x8) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYRES8=r6, @ANYBLOB="110008dff981d096f50ff84f02b3d454e5a0662c2523433e5c18ae00d1625077651f1df4b9992113438b1f99a670134aeacead9f3c3c7ef07a0542ea9dc76811a04b2beb29a8e80c5c396cdc7197db934ff070602c097600", @ANYRESOCT=r7], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x0) migrate_pages$auto(0x0, 0x8, 0x0, &(0x7f00000001c0)=0x7b) r8 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/dsp\x00', 0x200, 0x0) ioctl$auto_SNDCTL_DSP_CHANNELS(r8, 0xc0045006, &(0x7f00000001c0)) r9 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r9, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x4008) 459.228739ms ago: executing program 0 (id=2023): openat$auto_nvmf_dev_fops_fabrics(0xffffffffffffff9c, 0x0, 0x90203, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) socket(0x6, 0x800, 0x8) (async) getsockopt$auto(0xffffffffffffffff, 0x11c, 0xfffffffe, 0x0, 0x0) openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/set_event\x00', 0x20201, 0x0) (async) r0 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) (async) mmap$auto(0x0, 0xffff, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) (async) io_uring_setup$auto(0x87, 0x0) clone$auto(0x1ff00, 0x0, 0x0, 0x0, 0x9) (async) exit$auto(0x7) (async) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_OVS_FLOW_CMD_GET(r1, 0x0, 0x800) (async) getsockopt$auto(0xffffffffffffffff, 0x84, 0x6f, 0x0, 0x0) (async) openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, 0x0, 0xa2741, 0x0) (async) adjtimex$auto(&(0x7f00000004c0)={0x23, 0x0, 0x0, 0xfffffffffffffffd, 0x3, 0x3, 0x2, 0x0, 0x3, 0x8, 0x2, {0x2100000000, 0x1000010000}, 0xfffffffffffffffc, 0x73d, 0xffffffffffffffdd, 0x1008001, 0x0, 0x6, 0x21b, 0xffffffff, 0xa745, 0x6, 0x1000}) (async) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sequencer2\x00', 0xa2100, 0x0) (async) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) socket(0x18, 0x5, 0x2) (async) set_mempolicy$auto(0x8003, &(0x7f0000000280)=0x7b, 0x3) gettid() kexec_load$auto(0x7, 0x2, &(0x7f0000000040)={@buf=&(0x7f0000000140)="5bafd56c2c122bc0003f91ad0e2963b1259c512c75114cd1bf833777c5f1aa905ac6eaa258e2aca172f1b2fb7932baaa9e6bdd5d4c193da127fe2ae6116f2ad909a5ee204ca4094f82cb444aed85374298875fd1e2c861610242a6b8c01c0e2bb8d7896b6d6286d95dcd06fbd7120d0e562fe7fb9f334d7067ea429bd6914891fa48b2bea45968c3fe24052221cec0fd646ebea2baa46ac5f8e8af6bdfaa451cd4e6da", 0x2aa7, 0x6c0000c000, 0xc000}, 0x4) write$auto_console_fops_tty_io(r0, &(0x7f0000000440)="671d264add69b6440843b6e6688a2b5ad9df2669e6f9cd236532b20ed763ac8caf4bde4c30b530ac6ebbff950e1a647d6a08a1b55dde5a409b4d", 0x3a) (async) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/pci0000:00/0000:00:04.0/numa_node\x00', 0x1a3b02, 0x0) (async) sendfile$auto(0x3, 0x3, 0x0, 0x400000000006) 0s ago: executing program 4 (id=2024): r0 = openat$auto_cpuid_fops_cpuid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/cpu/1/cpuid\x00', 0x400002, 0x0) mmap$auto(0x0, 0x400008, 0xfffffffffffffffe, 0x9b72, r0, 0x8000) msync$auto(0xf89, 0x8, 0x401) socket(0x2, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@sco, 0x1) io_uring_setup$auto(0x1, 0x0) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) r1 = openat$auto_snd_pcm_f_ops_pcm1(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$auto_SNDRV_PCM_IOCTL_STATUS322(r1, 0x806c4120, &(0x7f0000000100)={0x0, 0x6, 0x95d7, 0x7f, 0x3, 0x1, 0x9, 0x2, 0x2, 0x7, 0xb, 0x8, 0x100, 0x2, 0x40000003, 0x3ff, 0x400, 0x80000000, "0c1056e3480805f935e214e44f620fa9eba8238cacc3d9e6fc45cf541e509fc2457ae4ae"}) mmap$auto(0x0, 0x88b, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/platform/dummy_hcd.4/usb5/power/wakeup_max_time_ms\x00', 0x80080, 0x0) read$auto(r2, 0x0, 0x20) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) write$auto(0x3, 0x0, 0xfffffdef) unshare$auto(0x40000080) openat$dir(0xffffffffffffff9c, 0x0, 0x381000, 0x100) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/system/node/node1/compact\x00', 0xc2481, 0x0) writev$auto(r3, &(0x7f0000000080)={&(0x7f0000000040), 0x1000}, 0x3) close_range$auto(0x2, 0x8, 0x40000000) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/v4l-subdev3\x00', 0x169000, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r4 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x4) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB='J'], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000180)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x1, 0x0) recvmmsg$auto(r4, &(0x7f0000000100)={{0x0, 0x4, &(0x7f0000000080)={&(0x7f0000000040), 0xcb}, 0x3, 0x0, 0x80000000, 0x6}, 0x9}, 0x7, 0x6, 0x0) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYBLOB="000229bd0000fbdbdf35020000000800fbffffffffff0737010005"], 0x24}, 0x1, 0x0, 0x0, 0x20000010}, 0xc0) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="00211459a600fbdbdf250200000008000300000000001b"], 0x24}, 0x1, 0x0, 0x0, 0x20000010}, 0xc0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) kernel console output (not intermixed with test programs): c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 375.802264][T10964] RSP: 002b:00007f7b81e0f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 375.802278][T10964] RAX: ffffffffffffffda RBX: 00007f7b811b5fa0 RCX: 00007f7b80f8e929 [ 375.802288][T10964] RDX: 0000000000040302 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 375.802298][T10964] RBP: 00007f7b81010b39 R08: 0000000000000000 R09: 0000000000000000 [ 375.802307][T10964] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 375.802316][T10964] R13: 0000000000000000 R14: 00007f7b811b5fa0 R15: 00007ffe7dd1ed28 [ 375.802335][T10964] [ 376.352877][ T5837] Bluetooth: hci1: unexpected event 0x3d length: 726 > 14 [ 377.394955][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 377.418016][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 377.486969][T11013] nbd: socks must be embedded in a SOCK_ITEM attr [ 377.527163][T11013] block nbd0: shutting down sockets [ 378.669900][T11021] sd 0:0:1:0: PR command failed: 1026 [ 378.678018][T11021] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 378.718078][T11021] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 381.233609][T11058] kexec: Could not allocate control_code_buffer [ 382.284209][T11074] FAULT_INJECTION: forcing a failure. [ 382.284209][T11074] name failslab, interval 1, probability 0, space 0, times 0 [ 382.350785][T11074] CPU: 0 UID: 0 PID: 11074 Comm: syz.1.1077 Not tainted 6.16.0-rc3-syzkaller-00306-gaaf724ed6926 #0 PREEMPT(full) [ 382.350830][T11074] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 382.350839][T11074] Call Trace: [ 382.350845][T11074] [ 382.350851][T11074] dump_stack_lvl+0x16c/0x1f0 [ 382.350877][T11074] should_fail_ex+0x512/0x640 [ 382.350896][T11074] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 382.350917][T11074] should_failslab+0xc2/0x120 [ 382.350932][T11074] __kmalloc_cache_noprof+0x6a/0x3e0 [ 382.350950][T11074] ? resv_map_alloc+0x7e/0x400 [ 382.350963][T11074] ? kasan_save_track+0x14/0x30 [ 382.350983][T11074] resv_map_alloc+0x7e/0x400 [ 382.350997][T11074] hugetlb_reserve_pages+0x799/0xe10 [ 382.351017][T11074] ? __pfx_hugetlb_reserve_pages+0x10/0x10 [ 382.351033][T11074] ? atime_needs_update+0x8b/0x710 [ 382.351054][T11074] hugetlbfs_file_mmap+0x4a1/0x730 [ 382.351079][T11074] __mmap_region+0x128b/0x25e0 [ 382.351101][T11074] ? __pfx___mmap_region+0x10/0x10 [ 382.351125][T11074] ? is_bpf_text_address+0x94/0x1a0 [ 382.351144][T11074] ? kernel_text_address+0x8d/0x100 [ 382.351163][T11074] ? __kernel_text_address+0xd/0x40 [ 382.351182][T11074] ? unwind_get_return_address+0x59/0xa0 [ 382.351203][T11074] ? arch_stack_walk+0xa6/0x100 [ 382.351231][T11074] ? __pfx_stack_trace_save+0x10/0x10 [ 382.351246][T11074] ? stack_depot_save_flags+0x28/0xa40 [ 382.351286][T11074] ? trace_cap_capable+0x18d/0x200 [ 382.351306][T11074] mmap_region+0x1ab/0x3f0 [ 382.351325][T11074] ? __get_unmapped_area+0x267/0x440 [ 382.351342][T11074] do_mmap+0xa3e/0x1210 [ 382.351360][T11074] ? __pfx_do_mmap+0x10/0x10 [ 382.351375][T11074] ? __pfx_down_write_killable+0x10/0x10 [ 382.351393][T11074] vm_mmap_pgoff+0x281/0x450 [ 382.351411][T11074] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 382.351422][T11074] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 382.351438][T11074] ? hugetlbfs_get_inode+0x31f/0x730 [ 382.351458][T11074] ksys_mmap_pgoff+0x1c8/0x5c0 [ 382.351475][T11074] __x64_sys_mmap+0x125/0x190 [ 382.351495][T11074] do_syscall_64+0xcd/0x490 [ 382.351517][T11074] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 382.351531][T11074] RIP: 0033:0x7f927898e929 [ 382.351544][T11074] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 382.351557][T11074] RSP: 002b:00007f927983c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 382.351571][T11074] RAX: ffffffffffffffda RBX: 00007f9278bb5fa0 RCX: 00007f927898e929 [ 382.351580][T11074] RDX: 0000000000000002 RSI: 0000000000000009 RDI: 0000000000000000 [ 382.351588][T11074] RBP: 00007f9278a10b39 R08: 0000000000000401 R09: 0000300000000000 [ 382.351597][T11074] R10: 0000000000040eb2 R11: 0000000000000246 R12: 0000000000000000 [ 382.351606][T11074] R13: 0000000000000000 R14: 00007f9278bb5fa0 R15: 00007ffc150adef8 [ 382.351624][T11074] [ 384.508048][T11100] sd 0:0:1:0: PR command failed: 1026 [ 384.578818][T11100] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 384.620788][T11100] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 386.341292][T11133] netlink: 338 bytes leftover after parsing attributes in process `syz.1.1091'. [ 387.364843][T11146] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 387.373382][T11146] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 387.379919][T11146] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 387.386157][T11146] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 387.911109][T11162] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888078002000 pfn:0x78000 [ 387.966431][T11162] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 388.216433][T11162] memcg:ffff88807ccdde81 [ 388.247222][T11162] flags: 0xfff00000000240(workingset|head|node=0|zone=1|lastcpupid=0x7ff) [ 388.337212][T11162] page_type: f5(slab) [ 388.356606][T11162] raw: 00fff00000000240 ffff88801b84b500 ffffea00015bf610 ffffea000089ce10 [ 388.600665][T11162] raw: ffff888078002000 0000000000040003 00000000f5000000 ffff88807ccdde81 [ 388.628777][T11162] head: 00fff00000000240 ffff88801b84b500 ffffea00015bf610 ffffea000089ce10 [ 388.663111][T11162] head: ffff888078002000 0000000000040003 00000000f5000000 ffff88807ccdde81 [ 388.695439][T11162] head: 00fff00000000003 ffffea0001e00001 00000000ffffffff 00000000ffffffff [ 388.835517][ T51] Bluetooth: hci0: command 0x0c1a tx timeout [ 388.875351][T11162] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 389.178677][T11162] page dumped because: unmovable page [ 389.184089][T11162] page_owner tracks the page as allocated [ 389.388646][ T51] Bluetooth: hci4: command 0x0406 tx timeout [ 389.394766][ T51] Bluetooth: hci2: command 0x0c1a tx timeout [ 389.401224][ T5837] Bluetooth: hci1: command 0x0c1a tx timeout [ 389.435156][T11162] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 6996, tgid 6990 (syz.2.237), ts 147560276847, free_ts 147522140740 [ 389.533394][T11162] post_alloc_hook+0x1c0/0x230 [ 389.538203][T11162] get_page_from_freelist+0x1321/0x3890 [ 389.571510][T11162] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 389.594838][T11162] alloc_pages_mpol+0x1fb/0x550 [ 389.608859][T11162] new_slab+0x23b/0x330 [ 389.620116][T11162] ___slab_alloc+0xd9c/0x1940 [ 389.645162][T11162] __slab_alloc.constprop.0+0x56/0xb0 [ 389.655288][T11162] __kmalloc_noprof+0x2f2/0x510 [ 389.668656][T11162] __register_sysctl_table+0xb3/0x1900 [ 389.698382][T11162] __addrconf_sysctl_register+0x1a2/0x360 [ 389.708174][T11162] addrconf_sysctl_register+0x15f/0x1f0 [ 389.739710][T11162] ipv6_add_dev+0xb39/0x15f0 [ 389.753488][T11162] addrconf_notify+0x53e/0x19e0 [ 389.766413][T11162] notifier_call_chain+0xb9/0x410 [ 389.777758][T11162] call_netdevice_notifiers_info+0xbe/0x140 [ 389.795094][T11162] register_netdevice+0x182e/0x2270 [ 389.806525][T11162] page last free pid 5839 tgid 5839 stack trace: [ 389.815401][T11162] __free_frozen_pages+0x7fe/0x1180 [ 389.821710][T11162] __put_partials+0x16d/0x1c0 [ 389.826533][T11162] qlist_free_all+0x4d/0x120 [ 389.832360][T11162] kasan_quarantine_reduce+0x195/0x1e0 [ 389.837981][T11162] __kasan_slab_alloc+0x69/0x90 [ 389.844069][T11162] kmem_cache_alloc_noprof+0x1cb/0x3b0 [ 389.850301][T11162] mas_alloc_nodes+0x18b/0x8b0 [ 389.855154][T11162] mas_node_count_gfp+0x105/0x130 [ 389.861363][T11162] mas_preallocate+0x7e0/0xde0 [ 389.866416][T11162] __split_vma+0x34a/0x1070 [ 389.871902][T11162] vms_gather_munmap_vmas+0x1c2/0x1310 [ 389.877446][T11162] do_vmi_align_munmap+0x27c/0x7d0 [ 389.884083][T11162] do_vmi_munmap+0x204/0x3e0 [ 389.889379][T11162] __vm_munmap+0x19a/0x390 [ 389.893950][T11162] __x64_sys_munmap+0x59/0x80 [ 389.903674][T11162] do_syscall_64+0xcd/0x490 [ 390.684274][T11194] FAULT_INJECTION: forcing a failure. [ 390.684274][T11194] name failslab, interval 1, probability 0, space 0, times 0 [ 390.755317][T11194] CPU: 0 UID: 0 PID: 11194 Comm: syz.2.1107 Not tainted 6.16.0-rc3-syzkaller-00306-gaaf724ed6926 #0 PREEMPT(full) [ 390.755339][T11194] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 390.755348][T11194] Call Trace: [ 390.755353][T11194] [ 390.755359][T11194] dump_stack_lvl+0x16c/0x1f0 [ 390.755385][T11194] should_fail_ex+0x512/0x640 [ 390.755404][T11194] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 390.755426][T11194] should_failslab+0xc2/0x120 [ 390.755440][T11194] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 390.755459][T11194] ? d_instantiate+0x77/0x90 [ 390.755479][T11194] ? alloc_empty_file+0x55/0x1e0 [ 390.755496][T11194] alloc_empty_file+0x55/0x1e0 [ 390.755510][T11194] alloc_file_pseudo+0x13a/0x230 [ 390.755525][T11194] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 390.755540][T11194] ? alloc_fd+0x471/0x7d0 [ 390.755560][T11194] sock_alloc_file+0x50/0x210 [ 390.755575][T11194] __sys_socket+0x1c0/0x260 [ 390.755589][T11194] ? fput+0x70/0xf0 [ 390.755601][T11194] ? __pfx___sys_socket+0x10/0x10 [ 390.755617][T11194] ? xfd_validate_state+0x61/0x180 [ 390.755633][T11194] ? __pfx_ksys_write+0x10/0x10 [ 390.755656][T11194] __x64_sys_socket+0x72/0xb0 [ 390.755670][T11194] ? lockdep_hardirqs_on+0x7c/0x110 [ 390.755689][T11194] do_syscall_64+0xcd/0x490 [ 390.755711][T11194] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 390.755725][T11194] RIP: 0033:0x7f1df338e929 [ 390.755736][T11194] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 390.755750][T11194] RSP: 002b:00007f1df4167038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 390.755764][T11194] RAX: ffffffffffffffda RBX: 00007f1df35b6080 RCX: 00007f1df338e929 [ 390.755773][T11194] RDX: 0000000000000010 RSI: 0000000000000003 RDI: 0000000000000010 [ 390.755781][T11194] RBP: 00007f1df3410b39 R08: 0000000000000000 R09: 0000000000000000 [ 390.755790][T11194] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 390.755798][T11194] R13: 0000000000000000 R14: 00007f1df35b6080 R15: 00007ffdf85655a8 [ 390.755815][T11194] [ 391.075643][T11187] openvswitch: netlink: VXLAN extension message has 4 unknown bytes. [ 396.081120][T11266] sd 0:0:1:0: PR command failed: 1026 [ 396.117361][T11266] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 396.157894][T11266] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 400.041446][T11316] FAULT_INJECTION: forcing a failure. [ 400.041446][T11316] name failslab, interval 1, probability 0, space 0, times 0 [ 400.074824][T11316] CPU: 0 UID: 0 PID: 11316 Comm: syz.4.1131 Not tainted 6.16.0-rc3-syzkaller-00306-gaaf724ed6926 #0 PREEMPT(full) [ 400.074849][T11316] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 400.074857][T11316] Call Trace: [ 400.074862][T11316] [ 400.074868][T11316] dump_stack_lvl+0x16c/0x1f0 [ 400.074894][T11316] should_fail_ex+0x512/0x640 [ 400.074914][T11316] ? fs_reclaim_acquire+0xae/0x150 [ 400.074932][T11316] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 400.074951][T11316] should_failslab+0xc2/0x120 [ 400.074964][T11316] __kmalloc_noprof+0xd2/0x510 [ 400.074988][T11316] tomoyo_realpath_from_path+0xc2/0x6e0 [ 400.075008][T11316] ? tomoyo_profile+0x47/0x60 [ 400.075030][T11316] tomoyo_path_number_perm+0x245/0x580 [ 400.075045][T11316] ? tomoyo_path_number_perm+0x237/0x580 [ 400.075061][T11316] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 400.075085][T11316] ? find_held_lock+0x2b/0x80 [ 400.075115][T11316] ? find_held_lock+0x2b/0x80 [ 400.075128][T11316] ? hook_file_ioctl_common+0x145/0x410 [ 400.075147][T11316] ? __fget_files+0x20e/0x3c0 [ 400.075168][T11316] security_file_ioctl+0x9b/0x240 [ 400.075189][T11316] __x64_sys_ioctl+0xb7/0x210 [ 400.075207][T11316] do_syscall_64+0xcd/0x490 [ 400.075229][T11316] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 400.075244][T11316] RIP: 0033:0x7f7b80f8e929 [ 400.075256][T11316] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 400.075269][T11316] RSP: 002b:00007f7b81e0f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 400.075283][T11316] RAX: ffffffffffffffda RBX: 00007f7b811b5fa0 RCX: 00007f7b80f8e929 [ 400.075292][T11316] RDX: 0000000000000000 RSI: 000000004048aecb RDI: 0000000000000004 [ 400.075300][T11316] RBP: 00007f7b81e0f090 R08: 0000000000000000 R09: 0000000000000000 [ 400.075308][T11316] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 400.075316][T11316] R13: 0000000000000000 R14: 00007f7b811b5fa0 R15: 00007ffe7dd1ed28 [ 400.075334][T11316] [ 400.075983][T11316] ERROR: Out of memory at tomoyo_realpath_from_path. [ 400.612174][T11324] FAULT_INJECTION: forcing a failure. [ 400.612174][T11324] name failslab, interval 1, probability 0, space 0, times 0 [ 400.645229][T11324] CPU: 0 UID: 0 PID: 11324 Comm: syz.1.1134 Not tainted 6.16.0-rc3-syzkaller-00306-gaaf724ed6926 #0 PREEMPT(full) [ 400.645255][T11324] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 400.645264][T11324] Call Trace: [ 400.645270][T11324] [ 400.645276][T11324] dump_stack_lvl+0x16c/0x1f0 [ 400.645303][T11324] should_fail_ex+0x512/0x640 [ 400.645322][T11324] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 400.645345][T11324] should_failslab+0xc2/0x120 [ 400.645359][T11324] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 400.645377][T11324] ? __pfx___might_resched+0x10/0x10 [ 400.645392][T11324] ? __anon_vma_prepare+0x344/0x5e0 [ 400.645413][T11324] __anon_vma_prepare+0x344/0x5e0 [ 400.645434][T11324] madvise_vma_behavior+0x1beb/0x2420 [ 400.645448][T11324] ? mas_prev_setup.constprop.0+0x81/0x830 [ 400.645469][T11324] ? __pfx_madvise_vma_behavior+0x10/0x10 [ 400.645484][T11324] ? __pfx_mas_prev+0x10/0x10 [ 400.645507][T11324] ? find_vma_prev+0xda/0x160 [ 400.645522][T11324] ? __pfx_find_vma_prev+0x10/0x10 [ 400.645541][T11324] ? __pfx_mt_find+0x10/0x10 [ 400.645557][T11324] ? __pfx_madvise_vma_behavior+0x10/0x10 [ 400.645571][T11324] madvise_walk_vmas+0x1d1/0x2c0 [ 400.645591][T11324] ? __pfx_madvise_walk_vmas+0x10/0x10 [ 400.645609][T11324] madvise_do_behavior+0x15d/0x3f0 [ 400.645626][T11324] ? __pfx_madvise_do_behavior+0x10/0x10 [ 400.645651][T11324] do_madvise+0x161/0x230 [ 400.645666][T11324] ? __pfx_do_madvise+0x10/0x10 [ 400.645688][T11324] ? xfd_validate_state+0x61/0x180 [ 400.645709][T11324] __x64_sys_madvise+0xa9/0x110 [ 400.645723][T11324] ? lockdep_hardirqs_on+0x7c/0x110 [ 400.645742][T11324] do_syscall_64+0xcd/0x490 [ 400.645763][T11324] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 400.645778][T11324] RIP: 0033:0x7f927898e929 [ 400.645790][T11324] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 400.645802][T11324] RSP: 002b:00007f927983c038 EFLAGS: 00000246 ORIG_RAX: 000000000000001c [ 400.645816][T11324] RAX: ffffffffffffffda RBX: 00007f9278bb5fa0 RCX: 00007f927898e929 [ 400.645829][T11324] RDX: 0000000000000066 RSI: 0000000000000401 RDI: 0000000000000000 [ 400.645837][T11324] RBP: 00007f9278a10b39 R08: 0000000000000000 R09: 0000000000000000 [ 400.645845][T11324] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 400.645853][T11324] R13: 0000000000000000 R14: 00007f9278bb5fa0 R15: 00007ffc150adef8 [ 400.645872][T11324] [ 401.674024][T11332] binder: 11323:11332 ioctl c018620c 0 returned -14 [ 401.682378][ T51] Bluetooth: hci2: unexpected event for opcode 0x7c89 [ 402.165099][T11342] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1137'. [ 402.223970][T11343] random: crng reseeded on system resumption [ 402.926437][ T51] Bluetooth: hci4: unexpected event for opcode 0x7c89 [ 405.878742][T11407] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1151'. [ 407.302244][T11438] FAULT_INJECTION: forcing a failure. [ 407.302244][T11438] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 407.327644][T11434] sd 0:0:1:0: PR command failed: 1026 [ 407.343475][T11434] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 407.368811][T11434] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 407.378038][T11438] CPU: 0 UID: 0 PID: 11438 Comm: syz.1.1160 Not tainted 6.16.0-rc3-syzkaller-00306-gaaf724ed6926 #0 PREEMPT(full) [ 407.378060][T11438] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 407.378069][T11438] Call Trace: [ 407.378074][T11438] [ 407.378079][T11438] dump_stack_lvl+0x16c/0x1f0 [ 407.378105][T11438] should_fail_ex+0x512/0x640 [ 407.378128][T11438] _copy_from_user+0x2e/0xd0 [ 407.378149][T11438] move_addr_to_kernel+0x65/0x170 [ 407.378168][T11438] __copy_msghdr+0x386/0x470 [ 407.378188][T11438] copy_msghdr_from_user+0xc1/0x160 [ 407.378208][T11438] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 407.378231][T11438] ? __pfx__kstrtoull+0x10/0x10 [ 407.378251][T11438] ___sys_sendmsg+0xfe/0x1d0 [ 407.378271][T11438] ? __pfx____sys_sendmsg+0x10/0x10 [ 407.378299][T11438] ? find_held_lock+0x2b/0x80 [ 407.378324][T11438] __sys_sendmmsg+0x200/0x420 [ 407.378347][T11438] ? __pfx___sys_sendmmsg+0x10/0x10 [ 407.378373][T11438] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 407.378402][T11438] ? fput+0x70/0xf0 [ 407.378416][T11438] ? ksys_write+0x1ac/0x250 [ 407.378434][T11438] ? __pfx_ksys_write+0x10/0x10 [ 407.378455][T11438] __x64_sys_sendmmsg+0x9c/0x100 [ 407.378475][T11438] ? lockdep_hardirqs_on+0x7c/0x110 [ 407.378494][T11438] do_syscall_64+0xcd/0x490 [ 407.378520][T11438] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 407.378534][T11438] RIP: 0033:0x7f927898e929 [ 407.378546][T11438] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 407.378559][T11438] RSP: 002b:00007f927983c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 407.378572][T11438] RAX: ffffffffffffffda RBX: 00007f9278bb5fa0 RCX: 00007f927898e929 [ 407.378581][T11438] RDX: 0000000000000002 RSI: 0000200000000400 RDI: 0000000000000002 [ 407.378590][T11438] RBP: 00007f927983c090 R08: 0000000000000000 R09: 0000000000000000 [ 407.378598][T11438] R10: 0000000000000100 R11: 0000000000000246 R12: 0000000000000001 [ 407.378606][T11438] R13: 0000000000000000 R14: 00007f9278bb5fa0 R15: 00007ffc150adef8 [ 407.378623][T11438] [ 407.659422][T11420] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 408.851439][T11454] FAULT_INJECTION: forcing a failure. [ 408.851439][T11454] name failslab, interval 1, probability 0, space 0, times 0 [ 408.928812][T11454] CPU: 0 UID: 0 PID: 11454 Comm: syz.0.1163 Not tainted 6.16.0-rc3-syzkaller-00306-gaaf724ed6926 #0 PREEMPT(full) [ 408.928837][T11454] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 408.928845][T11454] Call Trace: [ 408.928851][T11454] [ 408.928857][T11454] dump_stack_lvl+0x16c/0x1f0 [ 408.928883][T11454] should_fail_ex+0x512/0x640 [ 408.928903][T11454] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 408.928924][T11454] should_failslab+0xc2/0x120 [ 408.928938][T11454] __kmalloc_cache_noprof+0x6a/0x3e0 [ 408.928955][T11454] ? __asan_memcpy+0x3c/0x60 [ 408.928972][T11454] ? create_filter_start.constprop.0+0x103/0x300 [ 408.928992][T11454] create_filter_start.constprop.0+0x103/0x300 [ 408.929011][T11454] apply_subsystem_event_filter+0x18d/0x17a0 [ 408.929031][T11454] ? __might_fault+0xe3/0x190 [ 408.929050][T11454] ? __might_fault+0x13b/0x190 [ 408.929068][T11454] ? __pfx_apply_subsystem_event_filter+0x10/0x10 [ 408.929089][T11454] ? _copy_from_user+0x59/0xd0 [ 408.929111][T11454] subsystem_filter_write+0x95/0x120 [ 408.929130][T11454] ? __pfx_subsystem_filter_write+0x10/0x10 [ 408.929145][T11454] vfs_write+0x29d/0x1150 [ 408.929167][T11454] ? __pfx___mutex_lock+0x10/0x10 [ 408.929187][T11454] ? __pfx_vfs_write+0x10/0x10 [ 408.929210][T11454] ? __fget_files+0x20e/0x3c0 [ 408.929244][T11454] ksys_write+0x12a/0x250 [ 408.929263][T11454] ? __pfx_ksys_write+0x10/0x10 [ 408.929288][T11454] do_syscall_64+0xcd/0x490 [ 408.929310][T11454] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 408.929325][T11454] RIP: 0033:0x7fe217f8e929 [ 408.929337][T11454] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 408.929350][T11454] RSP: 002b:00007fe218dc4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 408.929364][T11454] RAX: ffffffffffffffda RBX: 00007fe2181b6160 RCX: 00007fe217f8e929 [ 408.929373][T11454] RDX: 0000000000000040 RSI: 0000000000000000 RDI: 000000000000000a [ 408.929381][T11454] RBP: 00007fe218010b39 R08: 0000000000000000 R09: 0000000000000000 [ 408.929389][T11454] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 408.929397][T11454] R13: 0000000000000000 R14: 00007fe2181b6160 R15: 00007ffed0cf0478 [ 408.929416][T11454] [ 409.388283][T11466] syz.2.1166 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 409.732854][T11473] sd 0:0:1:0: PR command failed: 1026 [ 409.740613][T11473] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 409.760408][T11473] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 410.303304][T11482] ubi0: attaching mtd0 [ 410.337906][T11482] ubi0: scanning is finished [ 410.397340][T11482] ubi0: empty MTD device detected [ 410.790398][T11482] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 411.020363][T11482] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 411.120366][T11482] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 411.217475][T11482] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 411.290456][T11482] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 411.440093][T11482] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 411.521633][T11482] ubi0: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 1341191935 [ 411.592988][T11482] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 411.638445][T11492] ubi0: background thread "ubi_bgt0d" started, PID 11492 [ 411.645969][T11484] ubi0: detaching mtd0 [ 411.684990][T11484] ubi0: mtd0 is detached [ 415.623548][T11561] netlink: 342 bytes leftover after parsing attributes in process `syz.0.1187'. [ 415.659680][T11566] netlink: 342 bytes leftover after parsing attributes in process `syz.0.1187'. [ 420.866193][T11599] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 420.960720][T11599] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 421.069682][T11599] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 421.101687][T11599] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 421.819456][T11624] netlink: 'syz.1.1200': attribute type 1 has an invalid length. [ 421.855054][T11624] netlink: 33 bytes leftover after parsing attributes in process `syz.1.1200'. [ 422.176493][T11630] sd 0:0:1:0: PR command failed: 1026 [ 422.211016][T11630] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 422.244771][T11630] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 422.348783][ T51] Bluetooth: hci0: command 0x0c1a tx timeout [ 422.736251][T11649] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1204'. [ 422.861915][T11652] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1204'. [ 422.989402][ T51] Bluetooth: hci1: command 0x0c1a tx timeout [ 423.035597][T11649] ipvlan1: entered allmulticast mode [ 423.066847][T11649] veth0_vlan: entered allmulticast mode [ 423.148949][ T5151] Bluetooth: hci2: command 0x0c1a tx timeout [ 423.155017][ T51] Bluetooth: hci4: command 0x0406 tx timeout [ 423.250091][T11652] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1204'. [ 423.483611][T11653] Process accounting resumed [ 423.867197][ T30] audit: type=1800 audit(4294967489.309:5): pid=11674 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.1210" name="lu_gp_id" dev="configfs" ino=39737 res=0 errno=0 syzkaller syzkaller login: [ 424.278283][T11678] sd 0:0:1:0: PR command failed: 1026 [ 424.299983][T11678] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 424.323975][T11678] sd 0:0:1:0: Add. Sense: Invalid command operation code                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         syzkaller syzkaller login: [ 544.559046][T13325] FAULT_INJECTION: forcing a failure. [ 544.559046][T13325] name fail_futex, interval 1, probability 0, space 0, times 0 [ 544.881005][T13325] CPU: 0 UID: 0 PID: 13325 Comm: syz.4.1543 Not tainted 6.16.0-rc3-syzkaller-00306-gaaf724ed6926 #0 PREEMPT(full) [ 544.881034][T13325] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 544.881043][T13325] Call Trace: [ 544.881049][T13325] [ 544.881055][T13325] dump_stack_lvl+0x16c/0x1f0 [ 544.881082][T13325] should_fail_ex+0x512/0x640 [ 544.881105][T13325] get_futex_key+0xf36/0x1540 [ 544.881123][T13325] ? find_held_lock+0x2b/0x80 [ 544.881136][T13325] ? __pfx_get_futex_key+0x10/0x10 [ 544.881152][T13325] ? __mutex_trylock_common+0xe9/0x250 [ 544.881175][T13325] futex_wake+0xea/0x530 [ 544.881194][T13325] ? __pfx_futex_wake+0x10/0x10 [ 544.881211][T13325] ? __lock_acquire+0xb8a/0x1c90 [ 544.881236][T13325] do_futex+0x1e3/0x350 [ 544.881252][T13325] ? __pfx_do_futex+0x10/0x10 [ 544.881266][T13325] ? __might_fault+0xe3/0x190 [ 544.881292][T13325] mm_release+0x24e/0x300 [ 544.881308][T13325] do_exit+0x68b/0x2bd0 [ 544.881329][T13325] ? __pfx_do_exit+0x10/0x10 [ 544.881346][T13325] ? do_raw_spin_lock+0x12c/0x2b0 [ 544.881364][T13325] ? find_held_lock+0x2b/0x80 [ 544.881391][T13325] do_group_exit+0xd3/0x2a0 [ 544.881410][T13325] get_signal+0x2673/0x26d0 [ 544.881431][T13325] ? __pfx_get_signal+0x10/0x10 [ 544.881446][T13325] ? do_futex+0x122/0x350 [ 544.881461][T13325] ? __pfx_do_futex+0x10/0x10 [ 544.881479][T13325] arch_do_signal_or_restart+0x8f/0x790 [ 544.881496][T13325] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 544.881515][T13325] ? ksys_mmap_pgoff+0x85/0x5c0 [ 544.881529][T13325] ? xfd_validate_state+0x61/0x180 [ 544.881551][T13325] exit_to_user_mode_loop+0x84/0x110 [ 544.881572][T13325] do_syscall_64+0x3f6/0x490 [ 544.881595][T13325] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 544.881610][T13325] RIP: 0033:0x7f7b80f8e929 [ 544.881622][T13325] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 544.881636][T13325] RSP: 002b:00007f7b81e0f0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 544.881650][T13325] RAX: fffffffffffffe00 RBX: 00007f7b811b5fa8 RCX: 00007f7b80f8e929 [ 544.881659][T13325] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f7b811b5fa8 [ 544.881667][T13325] RBP: 00007f7b811b5fa0 R08: 0000000000000000 R09: 0000000000000000 [ 544.881675][T13325] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7b811b5fac [ 544.881684][T13325] R13: 0000000000000000 R14: 00007ffe7dd1ec40 R15: 00007ffe7dd1ed28 [ 544.881701][T13325] [ 545.933685][T13357] Invalid ELF header magic: != ELF [ 546.455406][T13360] could not allocate digest TFM handle [ 547.063582][T13375] netlink: 13 bytes leftover after parsing attributes in process `syz.1.1551'. [ 548.353524][T13395] sd 0:0:1:0: PR command failed: 1026 [ 548.370549][T13395] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 548.423780][T13395] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 548.510236][T13340] Process accounting resumed [ 549.464630][T13418] random: crng reseeded on system resumption [ 549.496943][T13397] FAULT_INJECTION: forcing a failure. [ 549.496943][T13397] name failslab, interval 1, probability 0, space 0, times 0 [ 549.880144][T13397] CPU: 0 UID: 0 PID: 13397 Comm: syz.2.1554 Not tainted 6.16.0-rc3-syzkaller-00306-gaaf724ed6926 #0 PREEMPT(full) [ 549.880168][T13397] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 549.880178][T13397] Call Trace: [ 549.880183][T13397] [ 549.880189][T13397] dump_stack_lvl+0x16c/0x1f0 [ 549.880215][T13397] should_fail_ex+0x512/0x640 [ 549.880234][T13397] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 549.880255][T13397] should_failslab+0xc2/0x120 [ 549.880269][T13397] __kmalloc_cache_noprof+0x6a/0x3e0 [ 549.880300][T13397] ? resv_map_alloc+0x7e/0x400 [ 549.880314][T13397] ? kasan_save_track+0x14/0x30 [ 549.880335][T13397] resv_map_alloc+0x7e/0x400 [ 549.880350][T13397] hugetlb_reserve_pages+0x799/0xe10 [ 549.880370][T13397] ? __pfx_hugetlb_reserve_pages+0x10/0x10 [ 549.880388][T13397] ? atime_needs_update+0x8b/0x710 [ 549.880410][T13397] hugetlbfs_file_mmap+0x4a1/0x730 [ 549.880435][T13397] __mmap_region+0x128b/0x25e0 [ 549.880457][T13397] ? __pfx___mmap_region+0x10/0x10 [ 549.880481][T13397] ? is_bpf_text_address+0x94/0x1a0 [ 549.880500][T13397] ? kernel_text_address+0x8d/0x100 [ 549.880520][T13397] ? __kernel_text_address+0xd/0x40 [ 549.880539][T13397] ? unwind_get_return_address+0x59/0xa0 [ 549.880560][T13397] ? arch_stack_walk+0xa6/0x100 [ 549.880588][T13397] ? __pfx_stack_trace_save+0x10/0x10 [ 549.880608][T13397] ? stack_depot_save_flags+0x28/0xa40 [ 549.880651][T13397] ? trace_cap_capable+0x18d/0x200 [ 549.880672][T13397] mmap_region+0x1ab/0x3f0 [ 549.880691][T13397] ? __get_unmapped_area+0x267/0x440 [ 549.880709][T13397] do_mmap+0xa3e/0x1210 [ 549.880728][T13397] ? __pfx_do_mmap+0x10/0x10 [ 549.880743][T13397] ? __pfx_down_write_killable+0x10/0x10 [ 549.880765][T13397] vm_mmap_pgoff+0x281/0x450 [ 549.880783][T13397] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 549.880796][T13397] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 549.880813][T13397] ? hugetlbfs_get_inode+0x31f/0x730 [ 549.880833][T13397] ksys_mmap_pgoff+0x1c8/0x5c0 [ 549.880851][T13397] __x64_sys_mmap+0x125/0x190 [ 549.880871][T13397] do_syscall_64+0xcd/0x490 [ 549.880892][T13397] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 549.880906][T13397] RIP: 0033:0x7f1df338e929 [ 549.880964][T13397] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 549.880977][T13397] RSP: 002b:00007f1df4167038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 549.880992][T13397] RAX: ffffffffffffffda RBX: 00007f1df35b6080 RCX: 00007f1df338e929 [ 549.881002][T13397] RDX: 0000000000000002 RSI: 0000000000000009 RDI: 0000000000000000 [ 549.881010][T13397] RBP: 00007f1df3410b39 R08: 0000000000000401 R09: 0000300000000000 [ 549.881019][T13397] R10: 0000000000040eb2 R11: 0000000000000246 R12: 0000000000000000 [ 549.881028][T13397] R13: 0000000000000000 R14: 00007f1df35b6080 R15: 00007ffdf85655a8 [ 549.881047][T13397] [ 550.190329][T13410] FAULT_INJECTION: forcing a failure. [ 550.190329][T13410] name fail_futex, interval 1, probability 0, space 0, times 0 [ 550.203286][T13410] CPU: 0 UID: 0 PID: 13410 Comm: syz.0.1557 Not tainted 6.16.0-rc3-syzkaller-00306-gaaf724ed6926 #0 PREEMPT(full) [ 550.203308][T13410] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 550.203317][T13410] Call Trace: [ 550.203323][T13410] [ 550.203330][T13410] dump_stack_lvl+0x16c/0x1f0 [ 550.203356][T13410] should_fail_ex+0x512/0x640 [ 550.203378][T13410] get_futex_key+0x1d0/0x1540 [ 550.203397][T13410] ? __pfx_get_futex_key+0x10/0x10 [ 550.203415][T13410] ? mmap_region+0x1ee/0x3f0 [ 550.203435][T13410] ? __get_unmapped_area+0x267/0x440 [ 550.203452][T13410] futex_wake+0xea/0x530 [ 550.203471][T13410] ? __pfx_futex_wake+0x10/0x10 [ 550.203493][T13410] ? up_write+0x1b2/0x520 [ 550.203515][T13410] do_futex+0x1e3/0x350 [ 550.203531][T13410] ? __pfx_do_futex+0x10/0x10 [ 550.203546][T13410] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 550.203565][T13410] __x64_sys_futex+0x1e0/0x4c0 [ 550.203582][T13410] ? fput+0x70/0xf0 [ 550.203594][T13410] ? __pfx___x64_sys_futex+0x10/0x10 [ 550.203609][T13410] ? ksys_mmap_pgoff+0x85/0x5c0 [ 550.203629][T13410] do_syscall_64+0xcd/0x490 [ 550.203650][T13410] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 550.203664][T13410] RIP: 0033:0x7fe217f8e929 [ 550.203675][T13410] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 550.203688][T13410] RSP: 002b:00007fe218e060e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 550.203701][T13410] RAX: ffffffffffffffda RBX: 00007fe2181b5fa8 RCX: 00007fe217f8e929 [ 550.203710][T13410] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fe2181b5fac [ 550.203719][T13410] RBP: 00007fe2181b5fa0 R08: 00007fe218e07000 R09: 0000000000000000 [ 550.203727][T13410] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe2181b5fac [ 550.203735][T13410] R13: 0000000000000000 R14: 00007ffed0cf0390 R15: 00007ffed0cf0478 [ 550.203752][T13410] [ 553.480704][T13466] ovs_: entered promiscuous mode [ 553.682882][T13470] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1572'. [ 553.737852][T13468] sd 0:0:1:0: PR command failed: 1026 [ 553.791934][T13468] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 553.800963][T13470] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1572'. [ 553.829491][T13468] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 554.481296][T13489] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1576'. [ 557.023249][ T30] audit: type=1804 audit(4294967409.950:12): pid=13574 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.1590" name="/newroot/391/file0" dev="tmpfs" ino=2108 res=1 errno=0 [ 557.139668][T13570] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1589'. [ 557.166323][ T30] audit: type=1800 audit(4294967409.950:13): pid=13574 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1590" name="file0" dev="tmpfs" ino=2108 res=0 errno=0 [ 557.301026][ T30] audit: type=1800 audit(4294967409.990:14): pid=13572 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1590" name="file0" dev="tmpfs" ino=2108 res=0 errno=0 [ 558.291100][T13602] FAULT_INJECTION: forcing a failure. [ 558.291100][T13602] name failslab, interval 1, probability 0, space 0, times 0 [ 558.379647][T13602] CPU: 0 UID: 0 PID: 13602 Comm: syz.4.1595 Not tainted 6.16.0-rc3-syzkaller-00306-gaaf724ed6926 #0 PREEMPT(full) [ 558.379672][T13602] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 558.379681][T13602] Call Trace: [ 558.379686][T13602] [ 558.379692][T13602] dump_stack_lvl+0x16c/0x1f0 [ 558.379718][T13602] should_fail_ex+0x512/0x640 [ 558.379737][T13602] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 558.379760][T13602] should_failslab+0xc2/0x120 [ 558.379775][T13602] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 558.379795][T13602] ? unwind_get_return_address+0x59/0xa0 [ 558.379815][T13602] ? __d_alloc+0x31/0xaa0 [ 558.379838][T13602] __d_alloc+0x31/0xaa0 [ 558.379859][T13602] d_alloc+0x4a/0x1e0 [ 558.379879][T13602] d_alloc_parallel+0xe3/0x12e0 [ 558.379895][T13602] ? stack_trace_save+0x8e/0xc0 [ 558.379916][T13602] ? __pfx_d_alloc_parallel+0x10/0x10 [ 558.379932][T13602] ? lockdep_init_map_type+0x5c/0x280 [ 558.379951][T13602] ? lockdep_init_map_type+0x5c/0x280 [ 558.379972][T13602] __lookup_slow+0x193/0x460 [ 558.379987][T13602] ? __pfx___lookup_slow+0x10/0x10 [ 558.380014][T13602] ? lookup_fast+0x156/0x610 [ 558.380033][T13602] walk_component+0x353/0x5b0 [ 558.380051][T13602] link_path_walk+0x627/0xe20 [ 558.380074][T13602] path_openat+0x1b0/0x2cb0 [ 558.380091][T13602] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 558.380112][T13602] ? __pfx_path_openat+0x10/0x10 [ 558.380131][T13602] ? __lock_acquire+0xb8a/0x1c90 [ 558.380158][T13602] do_filp_open+0x20b/0x470 [ 558.380178][T13602] ? __pfx_do_filp_open+0x10/0x10 [ 558.380214][T13602] ? alloc_fd+0x471/0x7d0 [ 558.380237][T13602] do_sys_openat2+0x11b/0x1d0 [ 558.380252][T13602] ? __pfx_do_sys_openat2+0x10/0x10 [ 558.380274][T13602] __x64_sys_openat+0x174/0x210 [ 558.380291][T13602] ? __pfx___x64_sys_openat+0x10/0x10 [ 558.380314][T13602] do_syscall_64+0xcd/0x490 [ 558.380336][T13602] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 558.380349][T13602] RIP: 0033:0x7f7b80f8e929 [ 558.380362][T13602] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 558.380375][T13602] RSP: 002b:00007f7b81e0f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 558.380389][T13602] RAX: ffffffffffffffda RBX: 00007f7b811b5fa0 RCX: 00007f7b80f8e929 [ 558.380398][T13602] RDX: 0000000000086041 RSI: 00002000000001c0 RDI: ffffffffffffff9c [ 558.380407][T13602] RBP: 00007f7b81010b39 R08: 0000000000000000 R09: 0000000000000000 [ 558.380415][T13602] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 558.380424][T13602] R13: 0000000000000000 R14: 00007f7b811b5fa0 R15: 00007ffe7dd1ed28 [ 558.380443][T13602] [ 559.557478][T13625] FAULT_INJECTION: forcing a failure. [ 559.557478][T13625] name failslab, interval 1, probability 0, space 0, times 0 [ 559.603404][T13625] CPU: 0 UID: 0 PID: 13625 Comm: syz.0.1596 Not tainted 6.16.0-rc3-syzkaller-00306-gaaf724ed6926 #0 PREEMPT(full) [ 559.603429][T13625] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 559.603438][T13625] Call Trace: [ 559.603444][T13625] [ 559.603450][T13625] dump_stack_lvl+0x16c/0x1f0 [ 559.603477][T13625] should_fail_ex+0x512/0x640 [ 559.603496][T13625] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 559.603517][T13625] should_failslab+0xc2/0x120 [ 559.603531][T13625] __kmalloc_cache_noprof+0x6a/0x3e0 [ 559.603549][T13625] ? resv_map_alloc+0x7e/0x400 [ 559.603563][T13625] ? kasan_save_track+0x14/0x30 [ 559.603585][T13625] resv_map_alloc+0x7e/0x400 [ 559.603599][T13625] hugetlb_reserve_pages+0x799/0xe10 [ 559.603619][T13625] ? __pfx_hugetlb_reserve_pages+0x10/0x10 [ 559.603636][T13625] ? atime_needs_update+0x8b/0x710 [ 559.603656][T13625] hugetlbfs_file_mmap+0x4a1/0x730 [ 559.603682][T13625] __mmap_region+0x128b/0x25e0 [ 559.603704][T13625] ? __pfx___mmap_region+0x10/0x10 [ 559.603728][T13625] ? is_bpf_text_address+0x94/0x1a0 [ 559.603747][T13625] ? kernel_text_address+0x8d/0x100 [ 559.603771][T13625] ? __kernel_text_address+0xd/0x40 [ 559.603790][T13625] ? unwind_get_return_address+0x59/0xa0 [ 559.603809][T13625] ? arch_stack_walk+0xa6/0x100 [ 559.603838][T13625] ? __pfx_stack_trace_save+0x10/0x10 [ 559.603853][T13625] ? stack_depot_save_flags+0x28/0xa40 [ 559.603893][T13625] ? trace_cap_capable+0x18d/0x200 [ 559.603913][T13625] mmap_region+0x1ab/0x3f0 [ 559.603932][T13625] ? __get_unmapped_area+0x267/0x440 [ 559.603949][T13625] do_mmap+0xa3e/0x1210 [ 559.603967][T13625] ? __pfx_do_mmap+0x10/0x10 [ 559.603981][T13625] ? __pfx_down_write_killable+0x10/0x10 [ 559.604000][T13625] vm_mmap_pgoff+0x281/0x450 [ 559.604018][T13625] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 559.604030][T13625] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 559.604046][T13625] ? hugetlbfs_get_inode+0x31f/0x730 [ 559.604074][T13625] ksys_mmap_pgoff+0x1c8/0x5c0 [ 559.604093][T13625] __x64_sys_mmap+0x125/0x190 [ 559.604116][T13625] do_syscall_64+0xcd/0x490 [ 559.604138][T13625] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 559.604152][T13625] RIP: 0033:0x7fe217f8e929 [ 559.604165][T13625] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 559.604178][T13625] RSP: 002b:00007fe218da3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 559.604191][T13625] RAX: ffffffffffffffda RBX: 00007fe2181b6240 RCX: 00007fe217f8e929 [ 559.604201][T13625] RDX: 0000000000000002 RSI: 0000000000000009 RDI: 0000000000000000 [ 559.604208][T13625] RBP: 00007fe218010b39 R08: 0000000000000401 R09: 0000300000000000 [ 559.604218][T13625] R10: 0000000000040eb2 R11: 0000000000000246 R12: 0000000000000000 [ 559.604226][T13625] R13: 0000000000000000 R14: 00007fe2181b6240 R15: 00007ffed0cf0478 [ 559.604245][T13625] [ 561.807522][T13614] FAULT_INJECTION: forcing a failure. [ 561.807522][T13614] name failslab, interval 1, probability 0, space 0, times 0 [ 561.898611][T13614] CPU: 0 UID: 0 PID: 13614 Comm: syz.1.1597 Not tainted 6.16.0-rc3-syzkaller-00306-gaaf724ed6926 #0 PREEMPT(full) [ 561.898636][T13614] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 561.898667][T13614] Call Trace: [ 561.898672][T13614] [ 561.898678][T13614] dump_stack_lvl+0x16c/0x1f0 [ 561.898704][T13614] should_fail_ex+0x512/0x640 [ 561.898723][T13614] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 561.898745][T13614] should_failslab+0xc2/0x120 [ 561.898758][T13614] __kmalloc_cache_noprof+0x6a/0x3e0 [ 561.898777][T13614] ? resv_map_alloc+0x7e/0x400 [ 561.898790][T13614] ? kasan_save_track+0x14/0x30 [ 561.898811][T13614] resv_map_alloc+0x7e/0x400 [ 561.898825][T13614] hugetlb_reserve_pages+0x799/0xe10 [ 561.898852][T13614] ? __pfx_hugetlb_reserve_pages+0x10/0x10 [ 561.898869][T13614] ? atime_needs_update+0x8b/0x710 [ 561.898891][T13614] hugetlbfs_file_mmap+0x4a1/0x730 [ 561.898918][T13614] __mmap_region+0x128b/0x25e0 [ 561.898941][T13614] ? __pfx___mmap_region+0x10/0x10 [ 561.898964][T13614] ? is_bpf_text_address+0x94/0x1a0 [ 561.898983][T13614] ? kernel_text_address+0x8d/0x100 [ 561.899003][T13614] ? __kernel_text_address+0xd/0x40 [ 561.899022][T13614] ? unwind_get_return_address+0x59/0xa0 [ 561.899042][T13614] ? arch_stack_walk+0xa6/0x100 [ 561.899072][T13614] ? __pfx_stack_trace_save+0x10/0x10 [ 561.899086][T13614] ? stack_depot_save_flags+0x28/0xa40 [ 561.899127][T13614] ? trace_cap_capable+0x18d/0x200 [ 561.899147][T13614] mmap_region+0x1ab/0x3f0 [ 561.899166][T13614] ? __get_unmapped_area+0x267/0x440 [ 561.899183][T13614] do_mmap+0xa3e/0x1210 [ 561.899201][T13614] ? __pfx_do_mmap+0x10/0x10 [ 561.899215][T13614] ? __pfx_down_write_killable+0x10/0x10 [ 561.899234][T13614] vm_mmap_pgoff+0x281/0x450 [ 561.899251][T13614] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 561.899263][T13614] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 561.899279][T13614] ? hugetlbfs_get_inode+0x31f/0x730 [ 561.899298][T13614] ksys_mmap_pgoff+0x1c8/0x5c0 [ 561.899316][T13614] __x64_sys_mmap+0x125/0x190 [ 561.899336][T13614] do_syscall_64+0xcd/0x490 [ 561.899357][T13614] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 561.899372][T13614] RIP: 0033:0x7f927898e929 [ 561.899385][T13614] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 561.899398][T13614] RSP: 002b:00007f927983c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 561.899411][T13614] RAX: ffffffffffffffda RBX: 00007f9278bb5fa0 RCX: 00007f927898e929 [ 561.899421][T13614] RDX: 0000000000000002 RSI: 0000000000000009 RDI: 0000000000000000 [ 561.899430][T13614] RBP: 00007f9278a10b39 R08: 0000000000000401 R09: 0000300000000000 [ 561.899439][T13614] R10: 0000000000040eb2 R11: 0000000000000246 R12: 0000000000000000 [ 561.899448][T13614] R13: 0000000000000000 R14: 00007f9278bb5fa0 R15: 00007ffc150adef8 [ 561.899466][T13614] [ 563.074552][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 563.086084][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 563.122380][T13673] sysfs_service_op_show: Client not running :-5: [ 565.094496][T13693] dmxdev: DVB (dvb_dmxdev_filter_start): could not set feed [ 565.160499][T13693] dvb_demux: dvb_demux_feed_del: feed not in list (type=1 state=0 pid=ffff) [ 565.449602][T13702] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1614'. [ 566.340914][T13714] zram: Removed device: zram0 [ 567.610782][T13741] FAULT_INJECTION: forcing a failure. [ 567.610782][T13741] name failslab, interval 1, probability 0, space 0, times 0 [ 567.869698][T13741] CPU: 0 UID: 0 PID: 13741 Comm: syz.1.1622 Not tainted 6.16.0-rc3-syzkaller-00306-gaaf724ed6926 #0 PREEMPT(full) [ 567.869723][T13741] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 567.869732][T13741] Call Trace: [ 567.869737][T13741] [ 567.869743][T13741] dump_stack_lvl+0x16c/0x1f0 [ 567.869769][T13741] should_fail_ex+0x512/0x640 [ 567.869789][T13741] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 567.869809][T13741] should_failslab+0xc2/0x120 [ 567.869824][T13741] __kmalloc_cache_noprof+0x6a/0x3e0 [ 567.869841][T13741] ? resv_map_alloc+0x7e/0x400 [ 567.869854][T13741] ? kasan_save_track+0x14/0x30 [ 567.869875][T13741] resv_map_alloc+0x7e/0x400 [ 567.869890][T13741] hugetlb_reserve_pages+0x799/0xe10 [ 567.869909][T13741] ? __pfx_hugetlb_reserve_pages+0x10/0x10 [ 567.869925][T13741] ? atime_needs_update+0x8b/0x710 [ 567.869946][T13741] hugetlbfs_file_mmap+0x4a1/0x730 [ 567.869971][T13741] __mmap_region+0x128b/0x25e0 [ 567.869993][T13741] ? __pfx___mmap_region+0x10/0x10 [ 567.870017][T13741] ? is_bpf_text_address+0x94/0x1a0 [ 567.870035][T13741] ? kernel_text_address+0x8d/0x100 [ 567.870059][T13741] ? __kernel_text_address+0xd/0x40 [ 567.870078][T13741] ? unwind_get_return_address+0x59/0xa0 [ 567.870100][T13741] ? arch_stack_walk+0xa6/0x100 [ 567.870129][T13741] ? __pfx_stack_trace_save+0x10/0x10 [ 567.870144][T13741] ? stack_depot_save_flags+0x28/0xa40 [ 567.870184][T13741] ? trace_cap_capable+0x18d/0x200 [ 567.870204][T13741] mmap_region+0x1ab/0x3f0 [ 567.870223][T13741] ? __get_unmapped_area+0x267/0x440 [ 567.870239][T13741] do_mmap+0xa3e/0x1210 [ 567.870266][T13741] ? __pfx_do_mmap+0x10/0x10 [ 567.870282][T13741] ? __pfx_down_write_killable+0x10/0x10 [ 567.870301][T13741] vm_mmap_pgoff+0x281/0x450 [ 567.870320][T13741] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 567.870332][T13741] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 567.870348][T13741] ? hugetlbfs_get_inode+0x31f/0x730 [ 567.870367][T13741] ksys_mmap_pgoff+0x1c8/0x5c0 [ 567.870385][T13741] __x64_sys_mmap+0x125/0x190 [ 567.870406][T13741] do_syscall_64+0xcd/0x490 [ 567.870427][T13741] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 567.870441][T13741] RIP: 0033:0x7f927898e929 [ 567.870453][T13741] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 567.870465][T13741] RSP: 002b:00007f927981b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 567.870479][T13741] RAX: ffffffffffffffda RBX: 00007f9278bb6080 RCX: 00007f927898e929 [ 567.870488][T13741] RDX: 0000000000000002 RSI: 0000000000000009 RDI: 0000000000000000 [ 567.870496][T13741] RBP: 00007f9278a10b39 R08: 0000000000000401 R09: 0000300000000000 [ 567.870505][T13741] R10: 0000000000040eb2 R11: 0000000000000246 R12: 0000000000000000 [ 567.870513][T13741] R13: 0000000000000000 R14: 00007f9278bb6080 R15: 00007ffc150adef8 [ 567.870532][T13741] [ 568.157852][ C0] vkms_vblank_simulate: vblank timer overrun [ 569.165818][T13755] FAULT_INJECTION: forcing a failure. [ 569.165818][T13755] name failslab, interval 1, probability 0, space 0, times 0 [ 569.259377][T13755] CPU: 0 UID: 0 PID: 13755 Comm: syz.0.1624 Not tainted 6.16.0-rc3-syzkaller-00306-gaaf724ed6926 #0 PREEMPT(full) [ 569.259401][T13755] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 569.259410][T13755] Call Trace: [ 569.259416][T13755] [ 569.259422][T13755] dump_stack_lvl+0x16c/0x1f0 [ 569.259447][T13755] should_fail_ex+0x512/0x640 [ 569.259466][T13755] ? __kmalloc_node_noprof+0xc5/0x500 [ 569.259489][T13755] should_failslab+0xc2/0x120 [ 569.259503][T13755] __kmalloc_node_noprof+0xd8/0x500 [ 569.259521][T13755] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 569.259534][T13755] ? alloc_slab_obj_exts+0x41/0xa0 [ 569.259553][T13755] alloc_slab_obj_exts+0x41/0xa0 [ 569.259570][T13755] new_slab+0x283/0x330 [ 569.259587][T13755] ___slab_alloc+0xd9c/0x1940 [ 569.259604][T13755] ? vm_area_alloc+0x1f/0x160 [ 569.259621][T13755] ? ___slab_alloc+0x41/0x1940 [ 569.259644][T13755] ? vm_area_alloc+0x1f/0x160 [ 569.259660][T13755] ? __slab_alloc.constprop.0+0x56/0xb0 [ 569.259677][T13755] __slab_alloc.constprop.0+0x56/0xb0 [ 569.259696][T13755] ? hugetlb_fix_reserve_counts+0x100/0x1c0 [ 569.259710][T13755] kmem_cache_alloc_noprof+0xef/0x3b0 [ 569.259729][T13755] ? vma_merge_new_range+0x37f/0xa00 [ 569.259746][T13755] ? vm_area_alloc+0x1f/0x160 [ 569.259764][T13755] ? __pfx_hugetlb_vm_op_close+0x10/0x10 [ 569.259778][T13755] vm_area_alloc+0x1f/0x160 [ 569.259795][T13755] __mmap_region+0xf0a/0x25e0 [ 569.259816][T13755] ? __pfx___mmap_region+0x10/0x10 [ 569.259840][T13755] ? is_bpf_text_address+0x94/0x1a0 [ 569.259859][T13755] ? kernel_text_address+0x8d/0x100 [ 569.259879][T13755] ? __kernel_text_address+0xd/0x40 [ 569.259897][T13755] ? unwind_get_return_address+0x59/0xa0 [ 569.259917][T13755] ? arch_stack_walk+0xa6/0x100 [ 569.259946][T13755] ? __pfx_stack_trace_save+0x10/0x10 [ 569.259961][T13755] ? stack_depot_save_flags+0x28/0xa40 [ 569.260001][T13755] ? trace_cap_capable+0x18d/0x200 [ 569.260021][T13755] mmap_region+0x1ab/0x3f0 [ 569.260040][T13755] ? __get_unmapped_area+0x267/0x440 [ 569.260057][T13755] do_mmap+0xa3e/0x1210 [ 569.260074][T13755] ? __pfx_do_mmap+0x10/0x10 [ 569.260089][T13755] ? __pfx_down_write_killable+0x10/0x10 [ 569.260108][T13755] vm_mmap_pgoff+0x281/0x450 [ 569.260125][T13755] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 569.260138][T13755] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 569.260153][T13755] ? hugetlbfs_get_inode+0x31f/0x730 [ 569.260174][T13755] ksys_mmap_pgoff+0x1c8/0x5c0 [ 569.260191][T13755] __x64_sys_mmap+0x125/0x190 [ 569.260211][T13755] do_syscall_64+0xcd/0x490 [ 569.260232][T13755] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 569.260246][T13755] RIP: 0033:0x7fe217f8e929 [ 569.260259][T13755] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 569.260272][T13755] RSP: 002b:00007fe218e06038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 569.260286][T13755] RAX: ffffffffffffffda RBX: 00007fe2181b5fa0 RCX: 00007fe217f8e929 [ 569.260296][T13755] RDX: 0000000000000002 RSI: 0000000000000009 RDI: 0000000000000000 [ 569.260304][T13755] RBP: 00007fe218010b39 R08: 0000000000000401 R09: 0000300000000000 [ 569.260313][T13755] R10: 0000000000040eb2 R11: 0000000000000246 R12: 0000000000000000 [ 569.260322][T13755] R13: 0000000000000000 R14: 00007fe2181b5fa0 R15: 00007ffed0cf0478 [ 569.260341][T13755] [ 569.592460][ C0] vkms_vblank_simulate: vblank timer overrun [ 570.455863][T13789] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1631'. [ 570.919565][T13789] team0: Port device team_slave_1 removed [ 574.012833][T13827] deleting an unspecified loop device is not supported. [ 574.264370][T13830] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input27 [ 574.798414][T13842] /dev/snd/midiC2D0: Can't lookup blockdev [ 578.065417][T13860] FAULT_INJECTION: forcing a failure. [ 578.065417][T13860] name failslab, interval 1, probability 0, space 0, times 0 [ 578.139027][T13860] CPU: 0 UID: 0 PID: 13860 Comm: syz.2.1644 Not tainted 6.16.0-rc3-syzkaller-00306-gaaf724ed6926 #0 PREEMPT(full) [ 578.139051][T13860] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 578.139060][T13860] Call Trace: [ 578.139066][T13860] [ 578.139072][T13860] dump_stack_lvl+0x16c/0x1f0 [ 578.139098][T13860] should_fail_ex+0x512/0x640 [ 578.139117][T13860] ? fs_reclaim_acquire+0xae/0x150 [ 578.139135][T13860] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 578.139154][T13860] should_failslab+0xc2/0x120 [ 578.139167][T13860] __kmalloc_noprof+0xd2/0x510 [ 578.139191][T13860] tomoyo_realpath_from_path+0xc2/0x6e0 [ 578.139214][T13860] tomoyo_check_open_permission+0x2ab/0x3c0 [ 578.139231][T13860] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 578.139265][T13860] ? do_raw_spin_lock+0x12c/0x2b0 [ 578.139290][T13860] tomoyo_file_open+0x6b/0x90 [ 578.139311][T13860] security_file_open+0x84/0x1e0 [ 578.139329][T13860] do_dentry_open+0x596/0x1c10 [ 578.139362][T13860] vfs_open+0x82/0x3f0 [ 578.139379][T13860] path_openat+0x1de4/0x2cb0 [ 578.139405][T13860] ? __pfx_path_openat+0x10/0x10 [ 578.139426][T13860] ? __lock_acquire+0xb8a/0x1c90 [ 578.139445][T13860] do_filp_open+0x20b/0x470 [ 578.139464][T13860] ? __pfx_do_filp_open+0x10/0x10 [ 578.139495][T13860] ? alloc_fd+0x471/0x7d0 [ 578.139518][T13860] do_sys_openat2+0x11b/0x1d0 [ 578.139533][T13860] ? __pfx_do_sys_openat2+0x10/0x10 [ 578.139554][T13860] __x64_sys_openat+0x174/0x210 [ 578.139570][T13860] ? __pfx___x64_sys_openat+0x10/0x10 [ 578.139595][T13860] do_syscall_64+0xcd/0x490 [ 578.139618][T13860] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 578.139632][T13860] RIP: 0033:0x7f1df338e929 [ 578.139644][T13860] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 578.139661][T13860] RSP: 002b:00007f1df4188038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 578.139675][T13860] RAX: ffffffffffffffda RBX: 00007f1df35b5fa0 RCX: 00007f1df338e929 [ 578.139684][T13860] RDX: 0000000000000040 RSI: 0000000000000000 RDI: ffffffffffffff9c [ 578.139693][T13860] RBP: 00007f1df3410b39 R08: 0000000000000000 R09: 0000000000000000 [ 578.139701][T13860] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 578.139710][T13860] R13: 0000000000000000 R14: 00007f1df35b5fa0 R15: 00007ffdf85655a8 [ 578.139728][T13860] [ 578.142916][T13860] ERROR: Out of memory at tomoyo_realpath_from_path. [ 579.546770][T13887] FAULT_INJECTION: forcing a failure. [ 579.546770][T13887] name fail_futex, interval 1, probability 0, space 0, times 0 [ 579.567412][T13890] Process accounting paused [ 579.602464][T13887] CPU: 0 UID: 0 PID: 13887 Comm: syz.4.1649 Not tainted 6.16.0-rc3-syzkaller-00306-gaaf724ed6926 #0 PREEMPT(full) [ 579.602487][T13887] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 579.602496][T13887] Call Trace: [ 579.602501][T13887] [ 579.602507][T13887] dump_stack_lvl+0x16c/0x1f0 [ 579.602534][T13887] should_fail_ex+0x512/0x640 [ 579.602557][T13887] get_futex_key+0x1d0/0x1540 [ 579.602576][T13887] ? __pfx_get_futex_key+0x10/0x10 [ 579.602598][T13887] futex_wake+0xea/0x530 [ 579.602616][T13887] ? rcu_is_watching+0x12/0xc0 [ 579.602630][T13887] ? __pfx_futex_wake+0x10/0x10 [ 579.602650][T13887] ? kmem_cache_free+0x2d1/0x4d0 [ 579.602668][T13887] ? fd_install+0x225/0x750 [ 579.602684][T13887] ? putname+0x154/0x1a0 [ 579.602700][T13887] do_futex+0x1e3/0x350 [ 579.602716][T13887] ? __pfx_do_futex+0x10/0x10 [ 579.602737][T13887] __x64_sys_futex+0x1e0/0x4c0 [ 579.602754][T13887] ? __x64_sys_openat+0x174/0x210 [ 579.602769][T13887] ? __pfx___x64_sys_futex+0x10/0x10 [ 579.602792][T13887] do_syscall_64+0xcd/0x490 [ 579.602813][T13887] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 579.602827][T13887] RIP: 0033:0x7f7b80f8e929 [ 579.602839][T13887] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 579.602852][T13887] RSP: 002b:00007f7b81e0f0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 579.602866][T13887] RAX: ffffffffffffffda RBX: 00007f7b811b5fa8 RCX: 00007f7b80f8e929 [ 579.602875][T13887] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f7b811b5fac [ 579.602883][T13887] RBP: 00007f7b811b5fa0 R08: 00007f7b81e10000 R09: 0000000000000000 [ 579.602891][T13887] R10: 0000000000000002 R11: 0000000000000246 R12: 00007f7b811b5fac [ 579.602899][T13887] R13: 0000000000000000 R14: 00007ffe7dd1ec40 R15: 00007ffe7dd1ed28 [ 579.602917][T13887] [ 580.015445][ T51] Bluetooth: hci0: unexpected event 0x08 length: 440 > 4 [ 582.305622][T13952] ubi: mtd0 is already attached to ubi0 [ 582.377964][T13952] ubi0: detaching mtd0 [ 582.487600][T13952] ubi0: mtd0 is detached [ 583.912277][T13997] netlink: 146 bytes leftover after parsing attributes in process `syz.2.1671'. [ 585.457047][T14022] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1676'. [ 585.526258][T14022] netlink: 13 bytes leftover after parsing attributes in process `syz.4.1676'. [ 585.568990][T14023] Invalid ELF header magic: != ELF [ 585.661315][T14020] mtrr: base(0x400000) is not aligned on a size(0x40000000) boundary [ 585.976720][T14027] ceph: Failed to parse sending metrics switch value 'P^' [ 589.752730][T14132] netlink: 'syz.1.1691': attribute type 2 has an invalid length. [ 591.076584][T14164] QAT: Stopping all acceleration devices. [ 593.588275][T14198] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1708'. [ 593.700885][T14198] nbd: must specify a size in bytes for the device [ 595.248926][T14224] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 598.991815][T14283] netlink: 146 bytes leftover after parsing attributes in process `syz.4.1724'. [ 599.085850][T14291] netlink: 146 bytes leftover after parsing attributes in process `syz.4.1724'. [ 600.995862][ T30] audit: type=1107 audit(4294967453.930:15): pid=14337 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 601.019071][T14338] mmap: syz.1.1733 (14338): VmData 45883392 exceed data ulimit 3. Update limits or use boot option ignore_rlimit_data. [ 601.069229][ T30] audit: type=1107 audit(4294967453.960:16): pid=14337 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 602.616369][T14367] FAULT_INJECTION: forcing a failure. [ 602.616369][T14367] name failslab, interval 1, probability 0, space 0, times 0 [ 602.771262][T14367] CPU: 0 UID: 0 PID: 14367 Comm: syz.0.1741 Not tainted 6.16.0-rc3-syzkaller-00306-gaaf724ed6926 #0 PREEMPT(full) [ 602.771285][T14367] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 602.771295][T14367] Call Trace: [ 602.771300][T14367] [ 602.771306][T14367] dump_stack_lvl+0x16c/0x1f0 [ 602.771331][T14367] should_fail_ex+0x512/0x640 [ 602.771351][T14367] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 602.771372][T14367] should_failslab+0xc2/0x120 [ 602.771387][T14367] __kmalloc_cache_noprof+0x6a/0x3e0 [ 602.771410][T14367] ? snd_seq_pool_new+0x44/0x230 [ 602.771427][T14367] ? __pfx_snd_seq_open+0x10/0x10 [ 602.771449][T14367] snd_seq_pool_new+0x44/0x230 [ 602.771465][T14367] seq_create_client1+0x66/0x5e0 [ 602.771488][T14367] ? __pfx_snd_seq_open+0x10/0x10 [ 602.771508][T14367] snd_seq_open+0x59/0x550 [ 602.771529][T14367] ? __pfx_snd_seq_open+0x10/0x10 [ 602.771548][T14367] snd_open+0x1fe/0x450 [ 602.771561][T14367] ? __pfx_snd_open+0x10/0x10 [ 602.771573][T14367] chrdev_open+0x231/0x6a0 [ 602.771593][T14367] ? __pfx_apparmor_file_open+0x10/0x10 [ 602.771609][T14367] ? __pfx_chrdev_open+0x10/0x10 [ 602.771630][T14367] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 602.771651][T14367] do_dentry_open+0x744/0x1c10 [ 602.771671][T14367] ? __pfx_chrdev_open+0x10/0x10 [ 602.771694][T14367] vfs_open+0x82/0x3f0 [ 602.771710][T14367] path_openat+0x1de4/0x2cb0 [ 602.771735][T14367] ? __pfx_path_openat+0x10/0x10 [ 602.771755][T14367] ? __lock_acquire+0xb8a/0x1c90 [ 602.771775][T14367] do_filp_open+0x20b/0x470 [ 602.771794][T14367] ? __pfx_do_filp_open+0x10/0x10 [ 602.771826][T14367] ? alloc_fd+0x471/0x7d0 [ 602.771848][T14367] do_sys_openat2+0x11b/0x1d0 [ 602.771863][T14367] ? __pfx_do_sys_openat2+0x10/0x10 [ 602.771885][T14367] __x64_sys_openat+0x174/0x210 [ 602.771900][T14367] ? __pfx___x64_sys_openat+0x10/0x10 [ 602.771922][T14367] do_syscall_64+0xcd/0x490 [ 602.771944][T14367] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 602.771966][T14367] RIP: 0033:0x7fe217f8e929 [ 602.771980][T14367] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 602.771993][T14367] RSP: 002b:00007fe218de5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 602.772008][T14367] RAX: ffffffffffffffda RBX: 00007fe2181b6080 RCX: 00007fe217f8e929 [ 602.772018][T14367] RDX: 0000000000040a40 RSI: 0000200000001d40 RDI: ffffffffffffff9c [ 602.772027][T14367] RBP: 00007fe218010b39 R08: 0000000000000000 R09: 0000000000000000 [ 602.772035][T14367] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 602.772044][T14367] R13: 0000000000000000 R14: 00007fe2181b6080 R15: 00007ffed0cf0478 [ 602.772063][T14367] [ 603.043435][ C0] vkms_vblank_simulate: vblank timer overrun [ 603.354082][ T51] Bluetooth: hci1: unexpected event for opcode 0x7c89 [ 603.957044][T14398] FAULT_INJECTION: forcing a failure. [ 603.957044][T14398] name failslab, interval 1, probability 0, space 0, times 0 [ 604.067763][T14398] CPU: 0 UID: 0 PID: 14398 Comm: syz.4.1747 Not tainted 6.16.0-rc3-syzkaller-00306-gaaf724ed6926 #0 PREEMPT(full) [ 604.067787][T14398] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 604.067796][T14398] Call Trace: [ 604.067801][T14398] [ 604.067808][T14398] dump_stack_lvl+0x16c/0x1f0 [ 604.067841][T14398] should_fail_ex+0x512/0x640 [ 604.067862][T14398] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 604.067882][T14398] should_failslab+0xc2/0x120 [ 604.067896][T14398] __kmalloc_cache_noprof+0x6a/0x3e0 [ 604.067913][T14398] ? alloc_super+0x52/0xbd0 [ 604.067933][T14398] alloc_super+0x52/0xbd0 [ 604.067948][T14398] ? sget_fc+0xd3/0xc20 [ 604.067968][T14398] sget_fc+0x116/0xc20 [ 604.067985][T14398] ? __pfx_set_anon_super_fc+0x10/0x10 [ 604.068002][T14398] ? __pfx_mqueue_fill_super+0x10/0x10 [ 604.068022][T14398] get_tree_nodev+0x28/0x190 [ 604.068041][T14398] mqueue_get_tree+0xf1/0x130 [ 604.068061][T14398] vfs_get_tree+0x8b/0x340 [ 604.068076][T14398] fc_mount+0x18/0x110 [ 604.068091][T14398] mq_init_ns+0x426/0x620 [ 604.068107][T14398] copy_ipcs+0x383/0x610 [ 604.068120][T14398] ? copy_utsname+0xab/0x470 [ 604.068139][T14398] create_new_namespaces+0x20a/0xa90 [ 604.068154][T14398] ? security_capable+0x7e/0x260 [ 604.068177][T14398] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 604.068193][T14398] ksys_unshare+0x45b/0xa40 [ 604.068212][T14398] ? __pfx_ksys_unshare+0x10/0x10 [ 604.068229][T14398] ? xfd_validate_state+0x61/0x180 [ 604.068251][T14398] __x64_sys_unshare+0x31/0x40 [ 604.068267][T14398] do_syscall_64+0xcd/0x490 [ 604.068289][T14398] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 604.068303][T14398] RIP: 0033:0x7f7b80f8e929 [ 604.068315][T14398] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 604.068328][T14398] RSP: 002b:00007f7b81e0f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 604.068342][T14398] RAX: ffffffffffffffda RBX: 00007f7b811b5fa0 RCX: 00007f7b80f8e929 [ 604.068351][T14398] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000008000000 [ 604.068359][T14398] RBP: 00007f7b81010b39 R08: 0000000000000000 R09: 0000000000000000 [ 604.068367][T14398] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 604.068375][T14398] R13: 0000000000000000 R14: 00007f7b811b5fa0 R15: 00007ffe7dd1ed28 [ 604.068393][T14398] [ 604.300655][ C0] vkms_vblank_simulate: vblank timer overrun [ 604.500106][T14404] netlink: 342 bytes leftover after parsing attributes in process `syz.2.1748'. [ 606.417308][T14448] random: crng reseeded on system resumption [ 606.622366][T14454] ptm ptm0: ldisc open failed (-12), clearing slot 0 [ 607.504319][T14483] random: crng reseeded on system resumption [ 610.090662][T14544] netlink: 25 bytes leftover after parsing attributes in process `syz.1.1773'. [ 610.161119][T14520] Process accounting resumed [ 610.843165][ T5151] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18 [ 617.870117][T14639] random: crng reseeded on system resumption [ 624.515692][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.522538][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 628.373426][T14846] FAULT_INJECTION: forcing a failure. [ 628.373426][T14846] name failslab, interval 1, probability 0, space 0, times 0 [ 628.449314][T14846] CPU: 0 UID: 0 PID: 14846 Comm: syz.4.1830 Not tainted 6.16.0-rc3-syzkaller-00306-gaaf724ed6926 #0 PREEMPT(full) [ 628.449339][T14846] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 628.449348][T14846] Call Trace: [ 628.449354][T14846] [ 628.449360][T14846] dump_stack_lvl+0x16c/0x1f0 [ 628.449387][T14846] should_fail_ex+0x512/0x640 [ 628.449406][T14846] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 628.449429][T14846] should_failslab+0xc2/0x120 [ 628.449443][T14846] __kmalloc_cache_noprof+0x6a/0x3e0 [ 628.449460][T14846] ? drm_atomic_helper_setup_commit+0x73c/0x15d0 [ 628.449482][T14846] ? drm_atomic_helper_setup_commit+0x8d7/0x15d0 [ 628.449507][T14846] drm_atomic_helper_setup_commit+0x8d7/0x15d0 [ 628.449541][T14846] drm_atomic_helper_commit+0xa9/0x380 [ 628.449563][T14846] ? __pfx_drm_atomic_helper_commit+0x10/0x10 [ 628.449586][T14846] drm_atomic_commit+0x234/0x300 [ 628.449603][T14846] ? __pfx_drm_atomic_commit+0x10/0x10 [ 628.449617][T14846] ? __pfx___drm_printfn_info+0x10/0x10 [ 628.449638][T14846] ? drm_client_rotation+0x4da/0x6a0 [ 628.449655][T14846] drm_client_modeset_commit_atomic+0x69d/0x7e0 [ 628.449676][T14846] ? __pfx_drm_client_modeset_commit_atomic+0x10/0x10 [ 628.449711][T14846] drm_client_modeset_commit_locked+0x14d/0x580 [ 628.449729][T14846] drm_client_modeset_commit+0x4f/0x80 [ 628.449744][T14846] __drm_fb_helper_restore_fbdev_mode_unlocked+0x19f/0x200 [ 628.449767][T14846] ? __pfx_drm_fbdev_client_restore+0x10/0x10 [ 628.449785][T14846] drm_fbdev_client_restore+0x2c/0x40 [ 628.449803][T14846] drm_client_dev_restore+0x1f6/0x2a0 [ 628.449820][T14846] drm_release+0x2c4/0x360 [ 628.449835][T14846] ? __pfx_drm_release+0x10/0x10 [ 628.449847][T14846] __fput+0x3ff/0xb70 [ 628.449866][T14846] task_work_run+0x14d/0x240 [ 628.449887][T14846] ? __pfx_task_work_run+0x10/0x10 [ 628.449906][T14846] ? __pfx___do_sys_close_range+0x10/0x10 [ 628.449931][T14846] exit_to_user_mode_loop+0xeb/0x110 [ 628.449952][T14846] do_syscall_64+0x3f6/0x490 [ 628.449975][T14846] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 628.449989][T14846] RIP: 0033:0x7f7b80f8e929 [ 628.450001][T14846] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 628.450015][T14846] RSP: 002b:00007f7b81e0f038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 628.450030][T14846] RAX: 0000000000000000 RBX: 00007f7b811b5fa0 RCX: 00007f7b80f8e929 [ 628.450040][T14846] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 628.450048][T14846] RBP: 00007f7b81010b39 R08: 0000000000000000 R09: 0000000000000000 [ 628.450057][T14846] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 628.450065][T14846] R13: 0000000000000000 R14: 00007f7b811b5fa0 R15: 00007ffe7dd1ed28 [ 628.450085][T14846] [ 631.211068][T14895] vhci_hcd: USB_PORT_FEAT_BH_PORT_RESET req not supported for USB 2.0 roothub [ 631.421870][T14890] FAULT_INJECTION: forcing a failure. [ 631.421870][T14890] name failslab, interval 1, probability 0, space 0, times 0 [ 631.557849][T14890] CPU: 0 UID: 0 PID: 14890 Comm: syz.1.1837 Not tainted 6.16.0-rc3-syzkaller-00306-gaaf724ed6926 #0 PREEMPT(full) [ 631.557874][T14890] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 631.557883][T14890] Call Trace: [ 631.557888][T14890] [ 631.557894][T14890] dump_stack_lvl+0x16c/0x1f0 [ 631.557921][T14890] should_fail_ex+0x512/0x640 [ 631.557940][T14890] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 631.557963][T14890] should_failslab+0xc2/0x120 [ 631.557977][T14890] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 631.557996][T14890] ? __d_alloc+0x31/0xaa0 [ 631.558018][T14890] __d_alloc+0x31/0xaa0 [ 631.558035][T14890] ? is_bpf_text_address+0x94/0x1a0 [ 631.558056][T14890] d_alloc+0x4a/0x1e0 [ 631.558076][T14890] d_alloc_parallel+0xe3/0x12e0 [ 631.558096][T14890] ? binder_open+0x168/0xde0 [ 631.558116][T14890] ? stack_trace_save+0x8e/0xc0 [ 631.558131][T14890] ? __pfx_d_alloc_parallel+0x10/0x10 [ 631.558145][T14890] ? put_dec_trunc8+0x28b/0x370 [ 631.558162][T14890] ? lockdep_init_map_type+0x5c/0x280 [ 631.558182][T14890] ? lockdep_init_map_type+0x5c/0x280 [ 631.558203][T14890] __lookup_slow+0x193/0x460 [ 631.558218][T14890] ? __pfx___lookup_slow+0x10/0x10 [ 631.558235][T14890] ? __pcpu_chunk_move+0x390/0x440 [ 631.558266][T14890] ? __pcpu_chunk_move+0x390/0x440 [ 631.558284][T14890] ? d_lookup+0xe7/0x190 [ 631.558303][T14890] lookup_noperm+0xe1/0x110 [ 631.558318][T14890] start_creating.part.0+0x15a/0x3e0 [ 631.558340][T14890] __debugfs_create_file+0xa7/0x6b0 [ 631.558359][T14890] debugfs_create_file_full+0x41/0x60 [ 631.558378][T14890] binder_open+0x9f1/0xde0 [ 631.558399][T14890] ? __pfx_binder_open+0x10/0x10 [ 631.558423][T14890] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 631.558444][T14890] do_dentry_open+0x744/0x1c10 [ 631.558464][T14890] ? __pfx_binder_open+0x10/0x10 [ 631.558487][T14890] vfs_open+0x82/0x3f0 [ 631.558504][T14890] path_openat+0x1de4/0x2cb0 [ 631.558528][T14890] ? __pfx_path_openat+0x10/0x10 [ 631.558547][T14890] ? __lock_acquire+0xb8a/0x1c90 [ 631.558566][T14890] do_filp_open+0x20b/0x470 [ 631.558585][T14890] ? __pfx_do_filp_open+0x10/0x10 [ 631.558617][T14890] ? alloc_fd+0x471/0x7d0 [ 631.558640][T14890] do_sys_openat2+0x11b/0x1d0 [ 631.558654][T14890] ? __pfx_do_sys_openat2+0x10/0x10 [ 631.558676][T14890] __x64_sys_openat+0x174/0x210 [ 631.558691][T14890] ? __pfx___x64_sys_openat+0x10/0x10 [ 631.558714][T14890] do_syscall_64+0xcd/0x490 [ 631.558735][T14890] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 631.558749][T14890] RIP: 0033:0x7f927898e929 [ 631.558762][T14890] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 631.558775][T14890] RSP: 002b:00007f927981b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 631.558789][T14890] RAX: ffffffffffffffda RBX: 00007f9278bb6080 RCX: 00007f927898e929 [ 631.558798][T14890] RDX: 0000000000002001 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 631.558807][T14890] RBP: 00007f9278a10b39 R08: 0000000000000000 R09: 0000000000000000 [ 631.558815][T14890] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 631.558823][T14890] R13: 0000000000000000 R14: 00007f9278bb6080 R15: 00007ffc150adef8 [ 631.558841][T14890] [ 632.542953][T14918] netlink: 25 bytes leftover after parsing attributes in process `syz.4.1844'. [ 634.114527][T14939] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 635.590262][T14970] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input30 [ 640.507874][T15004] Process accounting paused [ 640.646198][T15024] netlink: 338 bytes leftover after parsing attributes in process `syz.2.1866'. [ 644.533307][T15078] netlink: 338 bytes leftover after parsing attributes in process `syz.4.1876'. [ 644.941225][T15084] FAULT_INJECTION: forcing a failure. [ 644.941225][T15084] name failslab, interval 1, probability 0, space 0, times 0 [ 644.992424][T15084] CPU: 0 UID: 0 PID: 15084 Comm: syz.2.1878 Not tainted 6.16.0-rc3-syzkaller-00306-gaaf724ed6926 #0 PREEMPT(full) [ 644.992447][T15084] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 644.992457][T15084] Call Trace: [ 644.992462][T15084] [ 644.992467][T15084] dump_stack_lvl+0x16c/0x1f0 [ 644.992494][T15084] should_fail_ex+0x512/0x640 [ 644.992514][T15084] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 644.992537][T15084] should_failslab+0xc2/0x120 [ 644.992551][T15084] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 644.992571][T15084] ? shmem_alloc_inode+0x25/0x50 [ 644.992587][T15084] ? __pfx_shmem_alloc_inode+0x10/0x10 [ 644.992600][T15084] shmem_alloc_inode+0x25/0x50 [ 644.992613][T15084] alloc_inode+0x64/0x240 [ 644.992627][T15084] new_inode+0x22/0x1c0 [ 644.992639][T15084] ? trace_cap_capable+0x18d/0x200 [ 644.992654][T15084] shmem_get_inode+0x19a/0xfb0 [ 644.992670][T15084] ? __vm_enough_memory+0x184/0x3f0 [ 644.992685][T15084] __shmem_file_setup+0x279/0x330 [ 644.992704][T15084] shmem_zero_setup+0x93/0x1a0 [ 644.992724][T15084] __mmap_region+0x1ece/0x25e0 [ 644.992745][T15084] ? __pfx___mmap_region+0x10/0x10 [ 644.992764][T15084] ? rcu_is_watching+0x12/0xc0 [ 644.992785][T15084] ? rcu_is_watching+0x12/0xc0 [ 644.992798][T15084] ? trace_sched_exit_tp+0xde/0x130 [ 644.992815][T15084] ? __schedule+0x1181/0x5de0 [ 644.992844][T15084] ? __pfx___schedule+0x10/0x10 [ 644.992885][T15084] ? trace_cap_capable+0x18d/0x200 [ 644.992905][T15084] mmap_region+0x1ab/0x3f0 [ 644.992924][T15084] ? __get_unmapped_area+0x267/0x440 [ 644.992941][T15084] do_mmap+0xa3e/0x1210 [ 644.992959][T15084] ? __pfx_do_mmap+0x10/0x10 [ 644.992980][T15084] ? __pfx_down_write_killable+0x10/0x10 [ 644.993000][T15084] vm_mmap_pgoff+0x281/0x450 [ 644.993018][T15084] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 644.993037][T15084] ? __x64_sys_futex+0x1e0/0x4c0 [ 644.993053][T15084] ? __x64_sys_futex+0x1e9/0x4c0 [ 644.993073][T15084] ksys_mmap_pgoff+0x7d/0x5c0 [ 644.993088][T15084] ? xfd_validate_state+0x61/0x180 [ 644.993104][T15084] ? __pfx_ksys_write+0x10/0x10 [ 644.993125][T15084] __x64_sys_mmap+0x125/0x190 [ 644.993145][T15084] do_syscall_64+0xcd/0x490 [ 644.993166][T15084] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 644.993181][T15084] RIP: 0033:0x7f1df338e929 [ 644.993193][T15084] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 644.993206][T15084] RSP: 002b:00007f1df4188038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 644.993220][T15084] RAX: ffffffffffffffda RBX: 00007f1df35b5fa0 RCX: 00007f1df338e929 [ 644.993229][T15084] RDX: 00000000000000df RSI: 000000000002000a RDI: 0000000000000000 [ 644.993238][T15084] RBP: 00007f1df3410b39 R08: 00040000000000a5 R09: 0000000000008000 [ 644.993247][T15084] R10: 0000000000000eb1 R11: 0000000000000246 R12: 0000000000000000 [ 644.993256][T15084] R13: 0000000000000000 R14: 00007f1df35b5fa0 R15: 00007ffdf85655a8 [ 644.993275][T15084] [ 645.905679][T15091] ubi0: attaching mtd0 [ 645.929642][T15091] ubi0: scanning is finished [ 646.015181][T15087] could not allocate digest TFM handle [ 646.914707][T15091] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 647.010379][T15091] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 647.017606][T15091] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 647.122882][T15091] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 647.359346][T15091] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 647.458507][T15091] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 647.466777][T15091] ubi0: max/mean erase counter: 2/1, WL threshold: 4096, image sequence number: 1341191935 [ 647.592567][T15091] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 647.674253][T15093] ubi0: detaching mtd0 [ 647.704098][T15093] ubi0: mtd0 is detached [ 648.682362][T15130] netlink: 342 bytes leftover after parsing attributes in process `syz.0.1886'. [ 650.535569][T15164] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 653.203298][T15205] [U]  [ 653.206107][T15205] [U] [ 653.208781][T15205] [U] [ 653.211453][T15205] [U] [ 653.509046][T15205] [U] [ 653.511769][T15205] [U] [ 653.514450][T15205] [U] [ 653.517125][T15205] [U] [ 653.653569][T15205] [U] [ 653.656299][T15205] [U] [ 653.658975][T15205] [U] [ 653.661646][T15205] [U] [ 653.828331][T15205] [U] [ 656.028904][ T51] Bluetooth: hci5: Opcode 0x0c03 failed: -110 [ 656.035856][T15212] Bluetooth: hci8: Opcode 0x0c03 failed: -110 [ 656.042307][ T5151] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 656.050511][ T5837] Bluetooth: hci6: Opcode 0x0c03 failed: -110 [ 656.057900][T15211] Bluetooth: hci7: Opcode 0x0c03 failed: -110 [ 656.110174][T15214] Bluetooth: hci10: Opcode 0x0c03 failed: -110 [ 656.116826][T15213] Bluetooth: hci9: Opcode 0x0c03 failed: -110 [ 656.123676][T15215] Bluetooth: hci11: Opcode 0x0c03 failed: -110 [ 656.189204][T15216] Bluetooth: hci12: Opcode 0x0c03 failed: -110 [ 656.195800][T15210] Bluetooth: hci13: Opcode 0x0c03 failed: -110 [ 656.202498][T15218] Bluetooth: hci16: Opcode 0x0c03 failed: -110 [ 656.209076][T15219] Bluetooth: hci15: Opcode 0x0c03 failed: -110 [ 656.215642][T15217] Bluetooth: hci14: Opcode 0x0c03 failed: -110 [ 656.270994][T15221] Bluetooth: hci17: Opcode 0x0c03 failed: -110 [ 656.278055][T15222] Bluetooth: hci19: Opcode 0x0c03 failed: -110 [ 656.284711][T15220] Bluetooth: hci18: Opcode 0x0c03 failed: -110 [ 656.293943][T15224] Bluetooth: hci20: Opcode 0x0c03 failed: -110 [ 656.355905][T15225] Bluetooth: hci21: Opcode 0x0c03 failed: -110 [ 656.363109][T15227] Bluetooth: hci23: Opcode 0x0c03 failed: -110 [ 656.369648][T15223] Bluetooth: hci22: Opcode 0x0c03 failed: -110 [ 656.376184][T15228] Bluetooth: hci24: Opcode 0x0c03 failed: -110 [ 656.383060][T15229] Bluetooth: hci25: Opcode 0x0c03 failed: -110 [ 656.428796][T15231] Bluetooth: hci27: Opcode 0x0c03 failed: -110 [ 656.435705][T15230] Bluetooth: hci26: Opcode 0x0c03 failed: -110 [ 656.442539][T15226] Bluetooth: hci28: Opcode 0x0c03 failed: -110 [ 656.508778][T15232] Bluetooth: hci29: Opcode 0x0c03 failed: -110 [ 656.515583][T15234] Bluetooth: hci31: Opcode 0x0c03 failed: -110 [ 656.522024][T15235] Bluetooth: hci32: Opcode 0x0c03 failed: -110 [ 656.528812][T15233] Bluetooth: hci30: Opcode 0x0c03 failed: -110 [ 656.535905][T15236] Bluetooth: hci33: Opcode 0x0c03 failed: -110 [ 656.599246][T15237] Bluetooth: hci34: Opcode 0x0c03 failed: -110 [ 656.606199][T15242] Bluetooth: hci37: Opcode 0x0c03 failed: -110 [ 656.612683][T15238] Bluetooth: hci35: Opcode 0x0c03 failed: -110 [ 656.619306][T15241] Bluetooth: hci36: Opcode 0x0c03 failed: -110 [ 656.625940][T15244] Bluetooth: hci39: Opcode 0x0c03 failed: -110 [ 656.632360][T15243] Bluetooth: hci38: Opcode 0x0c03 failed: -110 [ 656.681831][T15250] Bluetooth: hci46: Opcode 0x0c03 failed: -110 [ 656.688821][T15247] Bluetooth: hci42: Opcode 0x0c03 failed: -110 [ 656.695446][T15249] Bluetooth: hci44: Opcode 0x0c03 failed: -110 [ 656.702841][T15246] Bluetooth: hci41: Opcode 0x0c03 failed: -110 [ 656.709479][T15245] Bluetooth: hci40: Opcode 0x0c03 failed: -110 [ 656.716035][T15248] Bluetooth: hci43: Opcode 0x0c03 failed: -110 [ 656.723251][T15251] Bluetooth: hci45: Opcode 0x0c03 failed: -110 [ 656.748548][T15257] Bluetooth: hci50: Opcode 0x0c03 failed: -110 [ 656.755514][T15254] Bluetooth: hci48: Opcode 0x0c03 failed: -110 [ 656.762999][T15255] Bluetooth: hci49: Opcode 0x0c03 failed: -110 [ 656.770297][T15252] Bluetooth: hci47: Opcode 0x0c03 failed: -110 [ 656.776949][T15256] Bluetooth: hci51: Opcode 0x0c03 failed: -110 [ 656.857424][T15259] Bluetooth: hci52: Opcode 0x0c03 failed: -110 [ 656.864067][T15260] Bluetooth: hci53: Opcode 0x0c03 failed: -110 [ 656.878532][T15262] Bluetooth: hci54: Opcode 0x0c03 failed: -110 [ 656.885348][T15267] Bluetooth: hci56: Opcode 0x0c03 failed: -110 [ 656.891952][T15261] Bluetooth: hci55: Opcode 0x0c03 failed: -110 [ 656.912665][T15268] Bluetooth: hci57: Opcode 0x0c03 failed: -110 [ 656.920121][T15269] Bluetooth: hci59: Opcode 0x0c03 failed: -110 [ 656.926708][T15270] Bluetooth: hci60: Opcode 0x0c03 failed: -110 [ 656.933567][T15271] Bluetooth: hci61: Opcode 0x0c03 failed: -110 [ 656.941354][T15274] Bluetooth: hci64: Opcode 0x0c03 failed: -110 [ 656.947933][T15272] Bluetooth: hci62: Opcode 0x0c03 failed: -110 [ 656.954577][T15275] Bluetooth: hci65: Opcode 0x0c03 failed: -110 [ 656.961995][T15273] Bluetooth: hci63: Opcode 0x0c03 failed: -110 [ 656.988634][T15281] Bluetooth: hci68: Opcode 0x0c03 failed: -110 [ 656.995771][T15277] Bluetooth: hci58: Opcode 0x0c03 failed: -110 [ 657.003316][T15278] Bluetooth: hci66: Opcode 0x0c03 failed: -110 [ 657.012475][T15279] Bluetooth: hci67: Opcode 0x0c03 failed: -110 [ 657.435095][T15284] kexec: Could not allocate control_code_buffer [ 659.071035][T15324] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 660.278383][T15333] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1910'. [ 660.287385][T15333] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1910'. [ 661.161134][T15346] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 662.094985][T15358] FAULT_INJECTION: forcing a failure. [ 662.094985][T15358] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 662.172591][T15358] CPU: 0 UID: 0 PID: 15358 Comm: syz.1.1915 Not tainted 6.16.0-rc3-syzkaller-00306-gaaf724ed6926 #0 PREEMPT(full) [ 662.172621][T15358] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 662.172630][T15358] Call Trace: [ 662.172635][T15358] [ 662.172640][T15358] dump_stack_lvl+0x16c/0x1f0 [ 662.172666][T15358] should_fail_ex+0x512/0x640 [ 662.172689][T15358] _copy_from_user+0x2e/0xd0 [ 662.172711][T15358] memdup_user+0x6b/0xe0 [ 662.172732][T15358] strndup_user+0x78/0xe0 [ 662.172751][T15358] __do_sys_request_key+0x122/0x3d0 [ 662.172774][T15358] ? __pfx___do_sys_request_key+0x10/0x10 [ 662.172801][T15358] do_syscall_64+0xcd/0x490 [ 662.172824][T15358] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 662.172838][T15358] RIP: 0033:0x7f927898e929 [ 662.172850][T15358] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 662.172864][T15358] RSP: 002b:00007f927983c038 EFLAGS: 00000246 ORIG_RAX: 00000000000000f9 [ 662.172877][T15358] RAX: ffffffffffffffda RBX: 00007f9278bb5fa0 RCX: 00007f927898e929 [ 662.172893][T15358] RDX: 0000200000000140 RSI: 0000200000000100 RDI: 00002000000000c0 [ 662.172901][T15358] RBP: 00007f9278a10b39 R08: 0000000000000000 R09: 0000000000000000 [ 662.172910][T15358] R10: fffffffffffffffb R11: 0000000000000246 R12: 0000000000000000 [ 662.172918][T15358] R13: 0000000000000000 R14: 00007f9278bb5fa0 R15: 00007ffc150adef8 [ 662.172936][T15358] [ 662.946865][T15378] FAULT_INJECTION: forcing a failure. [ 662.946865][T15378] name failslab, interval 1, probability 0, space 0, times 0 [ 662.992571][T15378] CPU: 0 UID: 0 PID: 15378 Comm: syz.0.1919 Not tainted 6.16.0-rc3-syzkaller-00306-gaaf724ed6926 #0 PREEMPT(full) [ 662.992596][T15378] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 662.992606][T15378] Call Trace: [ 662.992611][T15378] [ 662.992617][T15378] dump_stack_lvl+0x16c/0x1f0 [ 662.992643][T15378] should_fail_ex+0x512/0x640 [ 662.992662][T15378] ? __kmalloc_noprof+0xbf/0x510 [ 662.992683][T15378] ? ops_init+0x77/0x5f0 [ 662.992694][T15378] should_failslab+0xc2/0x120 [ 662.992708][T15378] __kmalloc_noprof+0xd2/0x510 [ 662.992731][T15378] ops_init+0x77/0x5f0 [ 662.992745][T15378] setup_net+0x1ff/0x510 [ 662.992757][T15378] ? lockdep_init_map_type+0x5c/0x280 [ 662.992776][T15378] ? __pfx_setup_net+0x10/0x10 [ 662.992790][T15378] ? debug_mutex_init+0x37/0x70 [ 662.992805][T15378] copy_net_ns+0x2a6/0x5f0 [ 662.992821][T15378] create_new_namespaces+0x3ea/0xa90 [ 662.992840][T15378] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 662.992856][T15378] ksys_unshare+0x45b/0xa40 [ 662.992874][T15378] ? __pfx_ksys_unshare+0x10/0x10 [ 662.992892][T15378] ? xfd_validate_state+0x61/0x180 [ 662.992914][T15378] __x64_sys_unshare+0x31/0x40 [ 662.992930][T15378] do_syscall_64+0xcd/0x490 [ 662.992956][T15378] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 662.992971][T15378] RIP: 0033:0x7fe217f8e929 [ 662.992983][T15378] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 662.992997][T15378] RSP: 002b:00007fe218e06038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 662.993011][T15378] RAX: ffffffffffffffda RBX: 00007fe2181b5fa0 RCX: 00007fe217f8e929 [ 662.993020][T15378] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 662.993028][T15378] RBP: 00007fe218010b39 R08: 0000000000000000 R09: 0000000000000000 [ 662.993037][T15378] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 662.993044][T15378] R13: 0000000000000000 R14: 00007fe2181b5fa0 R15: 00007ffed0cf0478 [ 662.993062][T15378] [ 664.225378][T15279] Bluetooth: hci2: unexpected event for opcode 0x7c89 [ 664.349722][T15409] netlink: 342 bytes leftover after parsing attributes in process `syz.0.1927'. [ 664.579776][T15415] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 664.650517][T15417] netlink: 146 bytes leftover after parsing attributes in process `syz.0.1930'. [ 665.329573][T15432] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 665.639657][T15436] netlink: zone id is out of range [ 665.956317][T15436] netlink: zone id is out of range [ 666.171885][T15436] netlink: zone id is out of range [ 666.321714][T15436] netlink: zone id is out of range [ 666.359740][T15436] netlink: zone id is out of range [ 666.379785][T15436] netlink: zone id is out of range [ 666.411380][T15436] netlink: zone id is out of range [ 666.439089][T15445] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1935'. [ 666.452889][T15436] netlink: zone id is out of range [ 666.458037][T15436] netlink: zone id is out of range [ 666.521789][T15436] netlink: zone id is out of range [ 666.723102][T15452] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 666.826007][T15456] [U]  [ 666.828861][T15456] [U] [ 666.831541][T15456] [U] [ 666.834216][T15456] [U] [ 666.919291][T15456] [U] [ 666.922026][T15456] [U] [ 666.924704][T15456] [U] [ 666.927381][T15456] [U] [ 666.986575][T15456] [U] [ 666.989313][T15456] [U] [ 666.992083][T15456] [U] [ 666.994826][T15456] [U] [ 667.044633][T15456] [U] [ 667.047371][T15456] [U] [ 667.050231][T15456] [U] [ 667.052918][T15456] [U] [ 667.092586][T15456] [U] [ 667.095313][T15456] [U] [ 667.097995][T15456] [U] [ 667.100673][T15456] [U] [ 667.144746][T15456] [U] [ 667.147466][T15456] [U] [ 667.150152][T15456] [U] [ 667.152829][T15456] [U] [ 667.194163][T15456] [U] [ 667.196883][T15456] [U] [ 667.199558][T15456] [U] [ 667.202231][T15456] [U] [ 667.225807][T15456] [U] [ 667.228507][T15456] [U] [ 667.231185][T15456] [U] [ 667.233859][T15456] [U] [ 667.274621][T15456] [U] [ 667.277342][T15456] [U] [ 667.280028][T15456] [U] [ 667.282711][T15456] [U] [ 667.324115][T15456] [U] [ 667.326856][T15456] [U] [ 667.329547][T15456] [U] [ 667.332256][T15456] [U] [ 667.367704][T15465] netlink: 342 bytes leftover after parsing attributes in process `syz.1.1939'. [ 667.399771][T15456] [U] [ 668.377123][T15486] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 669.473651][T15503] netlink: 342 bytes leftover after parsing attributes in process `syz.2.1949'. [ 670.125175][T15511] [U]  [ 670.128001][T15511] [U] [ 670.130679][T15511] [U] [ 670.133356][T15511] [U] [ 670.269659][T15511] [U] [ 670.272383][T15511] [U] [ 670.275061][T15511] [U] [ 670.277737][T15511] [U] [ 670.358846][T15511] [U] [ 670.361573][T15511] [U] [ 670.364258][T15511] [U] [ 670.366933][T15511] [U] [ 670.407595][T15511] [U] [ 670.410316][T15511] [U] [ 670.412997][T15511] [U] [ 670.415763][T15511] [U] [ 670.516775][T15511] [U] [ 670.519499][T15511] [U] [ 670.522179][T15511] [U] [ 670.524853][T15511] [U] [ 670.592461][T15511] [U] [ 670.595188][T15511] [U] [ 670.597870][T15511] [U] [ 670.600546][T15511] [U] [ 670.666740][T15511] [U] [ 670.669466][T15511] [U] [ 670.672163][T15511] [U] [ 670.674862][T15511] [U] [ 670.711875][T15511] [U] [ 670.714604][T15511] [U] [ 670.717283][T15511] [U] [ 670.719969][T15511] [U] [ 670.761452][T15511] [U] [ 670.764176][T15511] [U] [ 670.766865][T15511] [U] [ 670.769634][T15511] [U] [ 670.799540][T15511] [U] [ 670.802266][T15511] [U] [ 670.804946][T15511] [U] [ 670.807621][T15511] [U] [ 670.889861][T15511] [U] [ 671.126915][T15526] Process accounting resumed [ 671.152014][T15537] netlink: 342 bytes leftover after parsing attributes in process `syz.2.1958'. [ 671.585816][T15546] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 671.929585][T15540] FAULT_INJECTION: forcing a failure. [ 671.929585][T15540] name fail_futex, interval 1, probability 0, space 0, times 0 [ 671.995010][T15540] CPU: 0 UID: 0 PID: 15540 Comm: syz.0.1959 Not tainted 6.16.0-rc3-syzkaller-00306-gaaf724ed6926 #0 PREEMPT(full) [ 671.995033][T15540] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 671.995041][T15540] Call Trace: [ 671.995046][T15540] [ 671.995051][T15540] dump_stack_lvl+0x16c/0x1f0 [ 671.995077][T15540] should_fail_ex+0x512/0x640 [ 671.995099][T15540] get_futex_key+0x1d0/0x1540 [ 671.995118][T15540] ? __pfx_get_futex_key+0x10/0x10 [ 671.995139][T15540] futex_wake+0xea/0x530 [ 671.995160][T15540] ? __pfx_futex_wake+0x10/0x10 [ 671.995179][T15540] ? rcu_is_watching+0x12/0xc0 [ 671.995201][T15540] do_futex+0x1e3/0x350 [ 671.995217][T15540] ? __pfx_do_futex+0x10/0x10 [ 671.995235][T15540] ? __pfx___might_resched+0x10/0x10 [ 671.995252][T15540] __x64_sys_futex+0x1e0/0x4c0 [ 671.995269][T15540] ? __pfx_blkcg_maybe_throttle_current+0x10/0x10 [ 671.995287][T15540] ? __pfx___x64_sys_futex+0x10/0x10 [ 671.995302][T15540] ? xfd_validate_state+0x61/0x180 [ 671.995319][T15540] ? __pfx___do_sys_close_range+0x10/0x10 [ 671.995344][T15540] do_syscall_64+0xcd/0x490 [ 671.995365][T15540] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 671.995380][T15540] RIP: 0033:0x7fe217f8e929 [ 671.995392][T15540] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 671.995404][T15540] RSP: 002b:00007fe218e060e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 671.995418][T15540] RAX: ffffffffffffffda RBX: 00007fe2181b5fa8 RCX: 00007fe217f8e929 [ 671.995427][T15540] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fe2181b5fac [ 671.995436][T15540] RBP: 00007fe2181b5fa0 R08: 00007fe218e07000 R09: 0000000000000000 [ 671.995446][T15540] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe2181b5fac [ 671.995454][T15540] R13: 0000000000000000 R14: 00007ffed0cf0390 R15: 00007ffed0cf0478 [ 671.995472][T15540] [ 672.186524][ C0] vkms_vblank_simulate: vblank timer overrun [ 672.975185][T15569] [U]  [ 672.978192][T15569] [U] [ 672.980874][T15569] [U] [ 672.983549][T15569] [U] [ 673.022073][T15573] netlink: 338 bytes leftover after parsing attributes in process `syz.1.1968'. [ 673.045233][T15569] [U] [ 673.048048][T15569] [U] [ 673.050919][T15569] [U] [ 673.053629][T15569] [U] [ 673.158862][T15569] [U] [ 673.161593][T15569] [U] [ 673.164276][T15569] [U] [ 673.166951][T15569] [U] [ 673.225337][T15576] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1969'. [ 673.273842][T15569] [U] [ 673.276568][T15569] [U] [ 673.279540][T15569] [U] [ 673.282215][T15569] [U] [ 673.290934][T15576] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 673.340452][T15569] [U] [ 673.343176][T15569] [U] [ 673.345938][T15569] [U] [ 673.348619][T15569] [U] [ 674.109240][T15569] [U] [ 674.333189][T15584] netlink: 342 bytes leftover after parsing attributes in process `syz.4.1970'. [ 674.867124][T15598] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1975'. [ 675.174233][T15607] netlink: 338 bytes leftover after parsing attributes in process `syz.4.1977'. [ 675.241448][T15611] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 676.078614][T15627] sd 0:0:1:0: PR command failed: 1026 [ 676.084067][T15627] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 676.108126][T15629] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 676.531416][T15627] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 677.809537][T15653] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 677.902669][T15655] netlink: 338 bytes leftover after parsing attributes in process `syz.0.1989'. [ 678.420974][T15678] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 679.504050][T15696] virtio-pci 0000:00:04.0: [Firmware Bug]: Overriding NUMA node to 0. Contact your vendor for updates. [ 680.045960][T15714] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2000'. [ 680.118131][T15718] device-mapper: ioctl: only supply one of name or uuid, cmd(5) [ 680.167229][T15722] device-mapper: ioctl: only supply one of name or uuid, cmd(5) [ 680.900810][T15743] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 685.282510][T15807] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 685.960189][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 685.966495][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 686.561282][T15826] ================================================================== [ 686.561295][T15826] BUG: KASAN: vmalloc-out-of-bounds in sys_fillrect+0x15d4/0x17b0 [ 686.561319][T15826] Write of size 8 at addr ffffc900039b9000 by task syz.0.2023/15826 [ 686.561332][T15826] [ 686.561342][T15826] CPU: 0 UID: 0 PID: 15826 Comm: syz.0.2023 Tainted: G I 6.16.0-rc3-syzkaller-00306-gaaf724ed6926 #0 PREEMPT(full) [ 686.561363][T15826] Tainted: [I]=FIRMWARE_WORKAROUND [ 686.561368][T15826] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 686.561377][T15826] Call Trace: [ 686.561381][T15826] [ 686.561387][T15826] dump_stack_lvl+0x116/0x1f0 [ 686.561409][T15826] print_report+0xcd/0x680 [ 686.561430][T15826] ? __virt_addr_valid+0x81/0x610 [ 686.561447][T15826] ? sys_fillrect+0x15d4/0x17b0 [ 686.561461][T15826] kasan_report+0xe0/0x110 [ 686.561473][T15826] ? sys_fillrect+0x15d4/0x17b0 [ 686.561490][T15826] sys_fillrect+0x15d4/0x17b0 [ 686.561506][T15826] ? __pfx_sys_fillrect+0x10/0x10 [ 686.561522][T15826] ? __pfx_bit_putcs+0x10/0x10 [ 686.561542][T15826] ? bit_cursor+0xeca/0x17e0 [ 686.561554][T15826] drm_fbdev_shmem_defio_fillrect+0x22/0x140 [ 686.561573][T15826] bit_clear+0x17d/0x220 [ 686.561592][T15826] ? __pfx_bit_clear+0x10/0x10 [ 686.561612][T15826] ? __pfx___might_resched+0x10/0x10 [ 686.561626][T15826] ? fb_get_color_depth+0x120/0x250 [ 686.561645][T15826] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 686.561666][T15826] ? __pfx_bit_clear+0x10/0x10 [ 686.561685][T15826] __fbcon_clear+0x603/0x780 [ 686.561706][T15826] fbcon_scroll+0x48b/0x690 [ 686.561725][T15826] con_scroll+0x45c/0x690 [ 686.561746][T15826] do_con_write+0x5560/0x8280 [ 686.561771][T15826] ? __pfx_do_con_write+0x10/0x10 [ 686.561794][T15826] con_write+0x23/0xb0 [ 686.561806][T15826] n_tty_write+0x412/0x1160 [ 686.561824][T15826] ? __pfx_n_tty_write+0x10/0x10 [ 686.561839][T15826] ? __pfx_woken_wake_function+0x10/0x10 [ 686.561862][T15826] ? __pfx_n_tty_write+0x10/0x10 [ 686.561876][T15826] file_tty_write.constprop.0+0x501/0x9b0 [ 686.561899][T15826] redirected_tty_write+0xd4/0x150 [ 686.561919][T15826] vfs_write+0x6c7/0x1150 [ 686.561939][T15826] ? __pfx_redirected_tty_write+0x10/0x10 [ 686.561959][T15826] ? __pfx_vfs_write+0x10/0x10 [ 686.561976][T15826] ? find_held_lock+0x2b/0x80 [ 686.561995][T15826] ksys_write+0x12a/0x250 [ 686.562012][T15826] ? __pfx_ksys_write+0x10/0x10 [ 686.562032][T15826] do_syscall_64+0xcd/0x490 [ 686.562052][T15826] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 686.562071][T15826] RIP: 0033:0x7fe217f8e929 [ 686.562082][T15826] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 686.562096][T15826] RSP: 002b:00007fe218e06038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 686.562109][T15826] RAX: ffffffffffffffda RBX: 00007fe2181b5fa0 RCX: 00007fe217f8e929 [ 686.562119][T15826] RDX: 000000000000003a RSI: 0000200000000440 RDI: 0000000000000005 [ 686.562127][T15826] RBP: 00007fe218010b39 R08: 0000000000000000 R09: 0000000000000000 [ 686.562136][T15826] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 686.562144][T15826] R13: 0000000000000000 R14: 00007fe2181b5fa0 R15: 00007ffed0cf0478 [ 686.562157][T15826] [ 686.562162][T15826] [ 686.562170][T15826] The buggy address ffffc900039b9000 belongs to a vmalloc virtual mapping [ 686.562178][T15826] Memory state around the buggy address: [ 686.562186][T15826] ffffc900039b8f00: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 686.562196][T15826] ffffc900039b8f80: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 686.562205][T15826] >ffffc900039b9000: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 686.562212][T15826] ^ [ 686.562219][T15826] ffffc900039b9080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 686.562229][T15826] ffffc900039b9100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 686.562236][T15826] ================================================================== [ 686.562244][T15826] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 686.562253][T15826] CPU: 0 UID: 0 PID: 15826 Comm: syz.0.2023 Tainted: G I 6.16.0-rc3-syzkaller-00306-gaaf724ed6926 #0 PREEMPT(full) [ 686.562274][T15826] Tainted: [I]=FIRMWARE_WORKAROUND [ 686.562279][T15826] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 686.562287][T15826] Call Trace: [ 686.562291][T15826] [ 686.562296][T15826] dump_stack_lvl+0x3d/0x1f0 [ 686.562315][T15826] panic+0x71c/0x800 [ 686.562334][T15826] ? __pfx_panic+0x10/0x10 [ 686.562353][T15826] ? __pfx__printk+0x10/0x10 [ 686.562370][T15826] ? rcu_is_watching+0x12/0xc0 [ 686.562385][T15826] ? check_panic_on_warn+0x1f/0xb0 [ 686.562404][T15826] ? sys_fillrect+0x15d4/0x17b0 [ 686.562418][T15826] check_panic_on_warn+0xab/0xb0 [ 686.562437][T15826] end_report+0x107/0x170 [ 686.562457][T15826] kasan_report+0xee/0x110 [ 686.562470][T15826] ? sys_fillrect+0x15d4/0x17b0 [ 686.562487][T15826] sys_fillrect+0x15d4/0x17b0 [ 686.562503][T15826] ? __pfx_sys_fillrect+0x10/0x10 [ 686.562520][T15826] ? __pfx_bit_putcs+0x10/0x10 [ 686.562539][T15826] ? bit_cursor+0xeca/0x17e0 [ 686.562551][T15826] drm_fbdev_shmem_defio_fillrect+0x22/0x140 [ 686.562569][T15826] bit_clear+0x17d/0x220 [ 686.562589][T15826] ? __pfx_bit_clear+0x10/0x10 [ 686.562609][T15826] ? __pfx___might_resched+0x10/0x10 [ 686.562622][T15826] ? fb_get_color_depth+0x120/0x250 [ 686.562641][T15826] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 686.562661][T15826] ? __pfx_bit_clear+0x10/0x10 [ 686.562680][T15826] __fbcon_clear+0x603/0x780 [ 686.562701][T15826] fbcon_scroll+0x48b/0x690 [ 686.562721][T15826] con_scroll+0x45c/0x690 [ 686.562740][T15826] do_con_write+0x5560/0x8280 [ 686.562766][T15826] ? __pfx_do_con_write+0x10/0x10 [ 686.562790][T15826] con_write+0x23/0xb0 [ 686.562801][T15826] n_tty_write+0x412/0x1160 [ 686.562819][T15826] ? __pfx_n_tty_write+0x10/0x10 [ 686.562834][T15826] ? __pfx_woken_wake_function+0x10/0x10 [ 686.562856][T15826] ? __pfx_n_tty_write+0x10/0x10 [ 686.562871][T15826] file_tty_write.constprop.0+0x501/0x9b0 [ 686.562893][T15826] redirected_tty_write+0xd4/0x150 [ 686.562914][T15826] vfs_write+0x6c7/0x1150 [ 686.562932][T15826] ? __pfx_redirected_tty_write+0x10/0x10 [ 686.562953][T15826] ? __pfx_vfs_write+0x10/0x10 [ 686.562970][T15826] ? find_held_lock+0x2b/0x80 [ 686.562987][T15826] ksys_write+0x12a/0x250 [ 686.563005][T15826] ? __pfx_ksys_write+0x10/0x10 [ 686.563026][T15826] do_syscall_64+0xcd/0x490 [ 686.563046][T15826] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 686.563066][T15826] RIP: 0033:0x7fe217f8e929 [ 686.563076][T15826] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 686.563089][T15826] RSP: 002b:00007fe218e06038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 686.563102][T15826] RAX: ffffffffffffffda RBX: 00007fe2181b5fa0 RCX: 00007fe217f8e929 [ 686.563111][T15826] RDX: 000000000000003a RSI: 0000200000000440 RDI: 0000000000000005 [ 686.563120][T15826] RBP: 00007fe218010b39 R08: 0000000000000000 R09: 0000000000000000 [ 686.563128][T15826] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 686.563137][T15826] R13: 0000000000000000 R14: 00007fe2181b5fa0 R15: 00007ffed0cf0478 [ 686.563149][T15826] [ 686.563210][T15826] Kernel Offset: disabled